aboutsummaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAge
* [IPSEC]: Remove bogus ref count in xfrm_secpath_rejectHerbert Xu2007-10-10
| | | | | | | | | | | | | | | | | | Constructs of the form xfrm_state_hold(x); foo(x); xfrm_state_put(x); tend to be broken because foo is either synchronous where this is totally unnecessary or if foo is asynchronous then the reference count is in the wrong spot. In the case of xfrm_secpath_reject, the function is synchronous and therefore we should just kill the reference count. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: Don't memset() netns to zero manuallyPavel Emelyanov2007-10-10
| | | | | | | | | | | | The newly created net namespace is set to 0 with memset() in setup_net(). The setup_net() is also called for the init_net_ns(), which is zeroed naturally as a global var. So remove this memset and allocate new nets with the kmem_cache_zalloc(). Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPv6]: use container_of() macro in fib6_clean_node()Benjamin Thery2007-10-10
| | | | | | | | | | | | | In ip6_fib.c, fib6_clean_node() casts a fib6_walker_t pointer to a fib6_cleaner_t pointer assuming a struct fib6_walker_t (field 'w') is the first field in struct fib6_walker_t. To prevent any future problems that may occur if one day a field is inadvertently inserted before the 'w' field in struct fib6_cleaner_t, (and to improve readability), this patch uses the container_of() macro. Signed-off-by: Benjamin Thery <benjamin.thery@bull.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: Move some code into __init section when CONFIG_NET_NS=nPavel Emelyanov2007-10-10
| | | | | | | | | | | | | | | | | | | | | | | | | | With the net namespaces many code leaved the __init section, thus making the kernel occupy more memory than it did before. Since we have a config option that prohibits the namespace creation, the functions that initialize/finalize some netns stuff are simply not needed and can be freed after the boot. Currently, this is almost not noticeable, since few calls are no longer in __init, but when the namespaces will be merged it will be possible to free more code. I propose to use the __net_init, __net_exit and __net_initdata "attributes" for functions/variables that are not used if the CONFIG_NET_NS is not set to save more space in memory. The exiting functions cannot just reside in the __exit section, as noticed by David, since the init section will have references on it and the compilation will fail due to modpost checks. These references can exist, since the init namespace never dies and the exit callbacks are never called. So I introduce the __exit_refok attribute just like it is already done with the __init_refok. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [8021Q]: transfer dev_id from real deviceUrsula Braun2007-10-10
| | | | | | | | | | | A net_device struct provides field dev_id. It is used for unique ipv6 generation in case of shared network cards (as for the OSA network cards of IBM System z). If VLAN devices are built on top of such shared network cards, this dev_id information needs to be transferred to the VLAN device. Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC]: Move RO-specific output code into xfrm6_mode_ro.cHerbert Xu2007-10-10
| | | | | | | | The lastused update check in xfrm_output can be done just as well in the mode output function which is specific to RO. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC]: Unexport xfrm_replay_notifyHerbert Xu2007-10-10
| | | | | | | | | | | Now that the only callers of xfrm_replay_notify are in xfrm, we can remove the export. This patch also removes xfrm_aevent_doreplay since it's now called in just one spot. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC]: Move output replay code into xfrm_outputHerbert Xu2007-10-10
| | | | | | | | | | The replay counter is one of only two remaining things in the output code that requires a lock on the xfrm state (the other being the crypto). This patch moves it into the generic xfrm_output so we can remove the lock from the transforms themselves. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC]: Move xfrm_state_check into xfrm_output.cHerbert Xu2007-10-10
| | | | | | | | The functions xfrm_state_check and xfrm_state_check_space are only used by the output code in xfrm_output.c so we can move them over. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC]: Move common output code to xfrm_outputHerbert Xu2007-10-10
| | | | | | | | | | | | Most of the code in xfrm4_output_one and xfrm6_output_one are identical so this patch moves them into a common xfrm_output function which will live in net/xfrm. In fact this would seem to fix a bug as on IPv4 we never reset the network header after a transform which may upset netfilter later on. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC] ah: Remove keys from ah_data structureHerbert Xu2007-10-10
| | | | | | | | | The keys are only used during initialisation so we don't need to carry them in esp_data. Since we don't have to allocate them again, there is no need to place a limit on the authentication key length anymore. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC] esp: Remove keys from esp_data structureHerbert Xu2007-10-10
| | | | | | | | | | | The keys are only used during initialisation so we don't need to carry them in esp_data. Since we don't have to allocate them again, there is no need to place a limit on the authentication key length anymore. This patch also kills the unused auth.icv member. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [AF_IUCV]: postpone receival of iucv-packetsUrsula Braun2007-10-10
| | | | | | | | | | | | | | | AF_IUCV socket programs may waste Linux storage, because af_iucv allocates an skb whenever posted by the receive callback routine and receives the message immediately. Message receival is now postponed if data from previous callbacks has not yet been transferred to the receiving socket program. Instead a message handle is saved in a message queue as a reminder. Once messages could be given to the receiving socket program, there is an additional checking for entries in the message queue, followed by skb allocation and message receival if applicable. Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [AF_IUCV]: remove static declarations from header file.Heiko Carstens2007-10-10
| | | | | | Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: split dev_ifsioc() according to lockingJeff Garzik2007-10-10
| | | | | | | | | | | | | This always bugged me: dev_ioctl() called dev_ifsioc() either inside read_lock(dev_base_lock) or rtnl_lock(), depending on the ioctl being executed. This change moves the ioctls executed inside dev_base_lock to a new function, dev_ifsioc_locked(). Now the locking context is completely clear to the reader. Signed-off-by: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: sparse warning fixesStephen Hemminger2007-10-10
| | | | | | | | | Fix a bunch of sparse warnings. Mostly about 0 used as NULL pointer, and shadowed variable declarations. One notable case was that hash size should have been unsigned. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: "Annotate" another fackets_out state resetIlpo Järvinen2007-10-10
| | | | | | | | This should no longer be necessary because fackets_out is accurate. It indicates bugs elsewhere, thus report it. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Fix two off-by-one errors in fackets_out adjusting logicIlpo Järvinen2007-10-10
| | | | | | | | | | | | | | | | 1) Passing wrong skb to tcp_adjust_fackets_out could corrupt fastpath_cnt_hint as tcp_skb_pcount(next_skb) is not included to it if hint points exactly to the next_skb (it's lagging behind, see sacktag). 2) When fastpath_skb_hint is put backwards to avoid dangling skb reference, the skb's pcount must also be removed from count (not included like above). Reported by Cedric Le Goater <legoater@free.fr> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: Twice the wrong reset code in receiving connection-RequestsGerrit Renker2007-10-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes two bugs in processing of connection-Requests in v{4,6}_conn_request: 1. Due to using the variable `reset_code', the Reset code generated internally by dccp_parse_options() is overwritten with the initialised value ("Too Busy") of reset_code, which is not what is intended. 2. When receiving a connection-Request on a multicast or broadcast address, no Reset should be generated, to avoid storms of such packets. Instead of jumping to the `drop' label, the v{4,6}_conn_request functions now return 0. Below is why in my understanding this is correct: When the conn_request function returns < 0, then the caller, dccp_rcv_state_process(), returns 1. In all instances where dccp_rcv_state_process is called (dccp_v4_do_rcv, dccp_v6_do_rcv, and dccp_child_process), a return value of != 0 from dccp_rcv_state_process() means that a Reset is generated. If on the other hand the conn_request function returns 0, the packet is discarded and no Reset is generated. Note: There may be a related problem when sending the Response, due to the following. if (dccp_v6_send_response(sk, req, NULL)) goto drop_and_free; /* ... */ drop_and_free: return -1; In this case, if send_response fails due to transmission errors, the next thing that is generated is a Reset with a code "Too Busy". I haven't been able to conjure up such a condition, but it might be good to change the behaviour here also (not done by this patch). Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: Wrong format in printkGerrit Renker2007-10-10
| | | | | | | | The elapsed time uses u32, but printk was using %d, not %u. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
* [DCCP]: Tidy-up -- minisock initialisationGerrit Renker2007-10-10
| | | | | | | | | | | | | | | | This * removes a declaration of a non-existent function __dccp_minisock_init; * shifts the initialisation function dccp_minisock_init() from options.c to minisocks.c, where it is more naturally expected to be. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [CCID2]: Sequence number wraparound issuesGerrit Renker2007-10-10
| | | | | | | | | | | | | | | | | | | | | | | | | | This replaces several uses of standard arithmetic with the DCCP sequence number arithmetic functions. The problem here is that the sequence number wrap-around was not taken into consideration. * Condition "seqp->ccid2s_seq <= prev->ccid2s_seq" has been replaced by dccp_delta_seqno(seqp->ccid2s_seq, prev->ccid2s_seq) >= 0 since if seqp is `before' prev, then the delta_seqno() is positive. * The test whether sequence numbers `a' and `b' are consecutive has the form dccp_delta_seqno(a, b) == 1 * Increment of ccid2hctx_rpseq could be done using dccp_inc_seqno(), but since here the incremented ccid2hctx_rpseq == seqno, used assignment instead. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [CCID2]: Remove redundant case blockGerrit Renker2007-10-10
| | | | | | | | | | skb's passed to ccid2_hc_tx_send_packet() are headerless, the packet type is decided later, in dccp_write_xmit(). Therefore the first test of the switch/case block is always true, the others are never reached. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [CCID2]: Remove redundant BUG_ONGerrit Renker2007-10-10
| | | | | | | | | | This removes a test for `val < 1' which would only have been triggered when val < 0, due to a preceding test for 0. Fixed by using an unsigned type for cwnd (as in TCP) instead. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [CCID2]: Remove ugly BUG_ONGerrit Renker2007-10-10
| | | | | | | | | | | | | | | | This removes an ugly BUG_ON which has been pointed out by Arnaldo. Instead of freezing up the machine, a `critical' message is now issued to the system log. There is potential of doing this more gracefully (eg. there are a few internal variables which could be updated despite the lack of memory), but that requires more complicated changes to the algorithm; thus a `FIXME' has been added. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [CCID2]: Simplify interfaceGerrit Renker2007-10-10
| | | | | | | | | | | | | | | | | | This patch simplifies the interface of ccid2_hc_tx_alloc_seq(): * ccid2_hc_tx_alloc_seq() is always called with an argument of CCID2_SEQBUF_LEN; * other code - ccid2_hc_tx_check_sanity() - even depends on the assumption that ccid2_hc_tx_alloc_seq() has been called with this particular size; * passing the `gfp_t' argument to ccid2_hc_tx_alloc_seq() is redundant with gfp_any(). Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: Make all `debug' parameters boolGerrit Renker2007-10-10
| | | | | | | | | | This just sets the parameter to bool, since debugging messages are either on or off. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: Add socket option to query the current MPSGerrit Renker2007-10-10
| | | | | | | | | | | | | | | | | | | | | | | This enables applications to query the current value of the Maximum Packet Size via a socket option, suggested as a SHOULD in (RFC 4340, p. 102). This socket option is useful to avoid the annoying bail-out via `-EMSGSIZE'. In particular, as fragmentation is not currently supported (and its use is partly discouraged in RFC 4340). With this option, it is possible to size buffers accordingly, e.g. int buflen = dccp_get_cur_mps(sockfd); /* or */ if (msgsize > dccp_get_cur_mps(sockfd)) die("message is too large for this path"); Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: Wait for CCIDGerrit Renker2007-10-10
| | | | | | | | | | | | | | | | This performs a minor optimisation: when ccid_hc_tx_send_packet returns a value greater zero, then the same call previously was done again at the begin of the while loop in dccp_wait_for_ccid. This patch exploits the available information and schedule-timeouts directly instead. Documentation also added. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [MAC80211]: add sta_notify callbackTomas Winkler2007-10-10
| | | | | | | | | | | | | | | | This patch adds sta_notify callback and removes sta_table_notification which was not used by any driver. sta_notify() is essential for drivers that keeps notion of station internally and need to be notified about removal or addition of a station to the (I)BSS or assocation to an AP. This version adds interface id to the parameter list as suggested by Johannes Berg Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [MAC80211]: implement cfg80211's change_interface hookJohannes Berg2007-10-10
| | | | | | | | | This implements the cfg80211 change_interface hook that changes the type of an interface and cleans up the code a bit. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [MAC80211]: Add association LED triggerMichael Buesch2007-10-10
| | | | | | | | | Many devices have LEDs to indicate the link status. Export this functionality to drivers. Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [MAC80211]: make userspace-mlme a per-interface settingJohannes Berg2007-10-10
| | | | | | Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [MAC80211]: improve radiotap injectionJohannes Berg2007-10-10
| | | | | | | | | | | | This improves radiotap injection by removing the shortcut over TX handlers that led to BUGS when injecting frames without setting a rate and also resulted in various other quirks. Now, TX handlers are run but some information that was present in the radiotap header is used instead of automatic settings. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Cc: Andy Green <andy@warmcat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [MAC80211]: remove ALG_NONEJohannes Berg2007-10-10
| | | | | | | | | | This "algorithm" is used only internally and is not useful. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Cc: Michael Buesch <mb@bu3sch.de> Acked-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [MAC80211]: use RX_FLAG_DECRYPTED for sw decrypted as wellJohannes Berg2007-10-10
| | | | | | | | | | This makes mac80211 set the RX_FLAG_DECRYPTED flag for frames decrypted in software allowing us to handle some things more uniformly. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [MAC80211]: consolidate decryption moreJohannes Berg2007-10-10
| | | | | | | | | | | | | Currently, we have three RX handlers doing the decryption. This patch changes it to have only one handler doing everything, thereby getting rid of many duplicate checks. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net> -- net/mac80211/rx.c | 46 ++++++++++++---------------------------------- 1 files changed, 12 insertions(+), 34 deletions(-)
* [MAC80211]: move sta_process rx handler laterJohannes Berg2007-10-10
| | | | | | | | | | | This moves the sta_process RX handler to after decryption so that frames that cannot be decrypted don't influence statistics, it is likely that they were injected or something else is totally wrong. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [MAC80211]: remove management interfaceJohannes Berg2007-10-10
| | | | | | | | | | | Removes the management interface since it is only required for hostapd/userspace MLME, will not be in the final tree at least in this form and hostapd/userspace MLME currently do not work against this tree anyway. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [MAC80211]: add "invalid" interface typeJohannes Berg2007-10-10
| | | | | | | | | | | Since I cannot convince the lazy driver authors (hello Michael) to stop (ab)using the MGMT interface type internally in their drivers, this patch introduces a new _INVALID type especially for their use and changes all affected drivers to use it. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [MAC80211]: Check open_count before calling config callback.Michael Buesch2007-10-10
| | | | | | | | Also remove the check for ops->config!=NULL, as it can never be NULL. Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [RFKILL]: Add support for hardware-only rfkill buttonsMichael Buesch2007-10-10
| | | | | | | | | | | | Buttons that work directly on hardware cannot support the "user_claim" functionality. Add a flag to signal this and return -EOPNOTSUPP in this case. b43 is such a device. Signed-off-by: Michael Buesch <mb@bu3sch.de> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [RFKILL]: Add support for an rfkill LED.Michael Buesch2007-10-10
| | | | | | | | | This adds a LED trigger. Signed-off-by: Michael Buesch <mb@bu3sch.de> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Wrap-safed reordering detection FRTO checkIlpo Järvinen2007-10-10
| | | | | | | | | In case somebody has a suggestion about a better place for this check, which must guarantee execution "early enough" (i.e, before the wrap can occur), I'm very open to them. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Update comment of SACK block validatorIlpo Järvinen2007-10-10
| | | | | | | | | | | | | Just came across what RFC2018 states about generation of valid SACK blocks in case of reneging. Alter comment a bit to point out clearly. IMHO, there isn't any reason to change code because the validation is there for a purpose (counters will inform user about decision TCP made if this case ever surfaces). Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: fix comments that got messed up during code moveIlpo Järvinen2007-10-10
| | | | | Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: No fackets_out/highest_sack tuning when SACK isn't enabledIlpo Järvinen2007-10-10
| | | | | | | | This was found due to bug report from Cedric Le Goater though it turned this turned out to be unrelated bug. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: bridge: remove broken netfilter binary sysctlsJoseph Fannin2007-10-10
| | | | | | | | | | | | | | | | | | | The netfilter sysctls in the bridging code don't set strategy routines: sysctl table check failed: /net/bridge/bridge-nf-call-arptables .3.10.1 Missing strategy sysctl table check failed: /net/bridge/bridge-nf-call-iptables .3.10.2 Missing strategy sysctl table check failed: /net/bridge/bridge-nf-call-ip6tables .3.10.3 Missing strategy sysctl table check failed: /net/bridge/bridge-nf-filter-vlan-tagged .3.10.4 Missing strategy sysctl table check failed: /net/bridge/bridge-nf-filter-pppoe-tagged .3.10.5 Missing strategy These binary sysctls can't work. The binary sysctl numbers of other netfilter sysctls with this problem are being removed. These need to go as well. Signed-off-by: Joseph Fannin <jfannin@gmail.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: x_tables: add xt_time matchJan Engelhardt2007-10-10
| | | | | | | | | | | | | This is ipt_time from POM-ng enhanced by the following: * xtables/ipv6 support * second granularity for daytime * day-of-month support (for example "match on the 15th of each month") * match against UTC or local timezone Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nfnetlink_log: fix some constantsMichal Miroslaw2007-10-10
| | | | | | | | | Fix timeout (one second is 1 * HZ) and convert max packet copy length to #defined constant. Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>