From ba7808eac17360dda459f82222859b0e3879854b Mon Sep 17 00:00:00 2001 From: Frederik Deweerdt Date: Sun, 4 Feb 2007 20:15:27 -0800 Subject: [TCP]: remove tcp header from tcp_v4_check (take #2) The tcphdr struct passed to tcp_v4_check is not used, the following patch removes it from the parameter list. This adds the netfilter modifications missing in the patch I sent for rc3-mm1. Signed-off-by: Frederik Deweerdt Signed-off-by: David S. Miller --- include/net/tcp.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'include/net') diff --git a/include/net/tcp.h b/include/net/tcp.h index cd8fa0c858ae..5c472f255b77 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -802,9 +802,8 @@ static inline void tcp_update_wl(struct tcp_sock *tp, u32 ack, u32 seq) /* * Calculate(/check) TCP checksum */ -static inline __sum16 tcp_v4_check(struct tcphdr *th, int len, - __be32 saddr, __be32 daddr, - __wsum base) +static inline __sum16 tcp_v4_check(int len, __be32 saddr, + __be32 daddr, __wsum base) { return csum_tcpudp_magic(saddr,daddr,len,IPPROTO_TCP,base); } -- cgit v1.2.2 From 8eb9086f21c73b38b5ca27558db4c91d62d0e70b Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Thu, 8 Feb 2007 02:09:21 -0800 Subject: [IPV4/IPV6]: Always wait for IPSEC SA resolution in socket contexts. Do this even for non-blocking sockets. This avoids the silly -EAGAIN that applications can see now, even for non-blocking sockets in some cases (f.e. connect()). With help from Venkat Tekkirala. Signed-off-by: David S. Miller --- include/net/route.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'include/net') diff --git a/include/net/route.h b/include/net/route.h index 486e37aff06c..1440bdb5a27d 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -146,7 +146,8 @@ static inline char rt_tos2priority(u8 tos) static inline int ip_route_connect(struct rtable **rp, __be32 dst, __be32 src, u32 tos, int oif, u8 protocol, - __be16 sport, __be16 dport, struct sock *sk) + __be16 sport, __be16 dport, struct sock *sk, + int flags) { struct flowi fl = { .oif = oif, .nl_u = { .ip4_u = { .daddr = dst, @@ -168,7 +169,7 @@ static inline int ip_route_connect(struct rtable **rp, __be32 dst, *rp = NULL; } security_sk_classify_flow(sk, &fl); - return ip_route_output_flow(rp, &fl, sk, 0); + return ip_route_output_flow(rp, &fl, sk, flags); } static inline int ip_route_newports(struct rtable **rp, u8 protocol, -- cgit v1.2.2 From cdca72652adf597f7fef821a27595fd0dd5eea19 Mon Sep 17 00:00:00 2001 From: Miika Komu Date: Tue, 6 Feb 2007 14:24:56 -0800 Subject: [IPSEC]: exporting xfrm_state_afinfo This patch exports xfrm_state_afinfo. Signed-off-by: Miika Komu Signed-off-by: Diego Beltrami Signed-off-by: Kazunori Miyazawa Signed-off-by: David S. Miller --- include/net/xfrm.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include/net') diff --git a/include/net/xfrm.h b/include/net/xfrm.h index e4765413cf80..bf91d632901d 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -252,10 +252,13 @@ struct xfrm_state_afinfo { xfrm_address_t *daddr, xfrm_address_t *saddr); int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n); int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n); + int (*output)(struct sk_buff *skb); }; extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo); extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo); +extern struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family); +extern void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo); extern void xfrm_state_delete_tunnel(struct xfrm_state *x); -- cgit v1.2.2 From 6fecd1985116fb08bdee3b9db6719e159fe5e43d Mon Sep 17 00:00:00 2001 From: Michal Schmidt Date: Wed, 7 Feb 2007 15:05:12 -0800 Subject: [NETFILTER]: Add SANE connection tracking helper This is nf_conntrack_sane, a netfilter connection tracking helper module for the SANE protocol used by the 'saned' daemon to make scanners available via network. The SANE protocol uses separate control & data connections, similar to passive FTP. The helper module is needed to recognize the data connection as RELATED to the control one. Signed-off-by: Michal Schmidt Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- include/net/netfilter/nf_conntrack.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include/net') diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index bd01b4633ee2..68ec27490c20 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -45,6 +45,7 @@ union nf_conntrack_expect_proto { #include #include #include +#include /* per conntrack: application helper private data */ union nf_conntrack_help { @@ -52,6 +53,7 @@ union nf_conntrack_help { struct nf_ct_ftp_master ct_ftp_info; struct nf_ct_pptp_master ct_pptp_info; struct nf_ct_h323_master ct_h323_info; + struct nf_ct_sane_master ct_sane_info; }; #include -- cgit v1.2.2 From 41f4689a7c8cd76b77864461b3c58fde8f322b2c Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Wed, 7 Feb 2007 15:10:09 -0800 Subject: [NETFILTER]: NAT: optional source port randomization support This patch adds support to NAT to randomize source ports. Signed-off-by: Eric Leblond Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- include/net/netfilter/nf_nat.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include/net') diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h index 61c62068ca6b..bc57dd7b9b5c 100644 --- a/include/net/netfilter/nf_nat.h +++ b/include/net/netfilter/nf_nat.h @@ -16,6 +16,7 @@ enum nf_nat_manip_type #define IP_NAT_RANGE_MAP_IPS 1 #define IP_NAT_RANGE_PROTO_SPECIFIED 2 +#define IP_NAT_RANGE_PROTO_RANDOM 4 /* NAT sequence number modifications */ struct nf_nat_seq { -- cgit v1.2.2 From 80c9abaabf4283f7cf4a0b3597cd302506635b7f Mon Sep 17 00:00:00 2001 From: Shinta Sugimoto Date: Thu, 8 Feb 2007 13:11:42 -0800 Subject: [XFRM]: Extension for dynamic update of endpoint address(es) Extend the XFRM framework so that endpoint address(es) in the XFRM databases could be dynamically updated according to a request (MIGRATE message) from user application. Target XFRM policy is first identified by the selector in the MIGRATE message. Next, the endpoint addresses of the matching templates and XFRM states are updated according to the MIGRATE message. Signed-off-by: Shinta Sugimoto Signed-off-by: Masahide NAKAMURA Signed-off-by: YOSHIFUJI Hideaki Signed-off-by: David S. Miller --- include/net/xfrm.h | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'include/net') diff --git a/include/net/xfrm.h b/include/net/xfrm.h index bf91d632901d..16924cb772c9 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -362,6 +362,19 @@ struct xfrm_policy struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; }; +struct xfrm_migrate { + xfrm_address_t old_daddr; + xfrm_address_t old_saddr; + xfrm_address_t new_daddr; + xfrm_address_t new_saddr; + u8 proto; + u8 mode; + u16 reserved; + u32 reqid; + u16 old_family; + u16 new_family; +}; + #define XFRM_KM_TIMEOUT 30 /* which seqno */ #define XFRM_REPLAY_SEQ 1 @@ -388,6 +401,7 @@ struct xfrm_mgr int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport); int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c); int (*report)(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr); + int (*migrate)(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles); }; extern int xfrm_register_km(struct xfrm_mgr *km); @@ -988,6 +1002,16 @@ extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst, struct flowi *fl, int family, int strict); extern void xfrm_init_pmtu(struct dst_entry *dst); +#ifdef CONFIG_XFRM_MIGRATE +extern int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type, + struct xfrm_migrate *m, int num_bundles); +extern struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m); +extern struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x, + struct xfrm_migrate *m); +extern int xfrm_migrate(struct xfrm_selector *sel, u8 dir, u8 type, + struct xfrm_migrate *m, int num_bundles); +#endif + extern wait_queue_head_t km_waitq; extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport); extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid); @@ -1053,5 +1077,25 @@ static inline void xfrm_aevent_doreplay(struct xfrm_state *x) xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); } +#ifdef CONFIG_XFRM_MIGRATE +static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig) +{ + return (struct xfrm_algo *)kmemdup(orig, sizeof(*orig) + orig->alg_key_len, GFP_KERNEL); +} + +static inline void xfrm_states_put(struct xfrm_state **states, int n) +{ + int i; + for (i = 0; i < n; i++) + xfrm_state_put(*(states + i)); +} + +static inline void xfrm_states_delete(struct xfrm_state **states, int n) +{ + int i; + for (i = 0; i < n; i++) + xfrm_state_delete(*(states + i)); +} +#endif #endif /* _NET_XFRM_H */ -- cgit v1.2.2 From 95a9dc4390c8215d922e0ca2ebb95279261fe795 Mon Sep 17 00:00:00 2001 From: Andrew Hendry Date: Thu, 8 Feb 2007 13:34:02 -0800 Subject: [X.25]: Add call forwarding Adds call forwarding to X.25, allowing it to operate like an X.25 router. Useful if one needs to manipulate X.25 traffic with tools like tc. This is an update/cleanup based off a patch submitted by Daniel Ferenci a few years ago. Thanks Alan for the feedback. Added the null check to the clones. Moved the skb_clone's into the forwarding functions. Worked ok with Cisco XoT, linux X.25 back to back, and some old NTUs/PADs. Signed-off-by: Andrew Hendry Signed-off-by: David S. Miller --- include/net/x25.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'include/net') diff --git a/include/net/x25.h b/include/net/x25.h index e47fe440d9d7..3b1190514d92 100644 --- a/include/net/x25.h +++ b/include/net/x25.h @@ -161,6 +161,14 @@ struct x25_sock { unsigned long vc_facil_mask; /* inc_call facilities mask */ }; +struct x25_forward { + struct list_head node; + unsigned int lci; + struct net_device *dev1; + struct net_device *dev2; + atomic_t refcnt; +}; + static inline struct x25_sock *x25_sk(const struct sock *sk) { return (struct x25_sock *)sk; @@ -198,6 +206,13 @@ extern int x25_negotiate_facilities(struct sk_buff *, struct sock *, struct x25_dte_facilities *); extern void x25_limit_facilities(struct x25_facilities *, struct x25_neigh *); +/* x25_forward.c */ +extern void x25_clear_forward_by_lci(unsigned int lci); +extern void x25_clear_forward_by_dev(struct net_device *); +extern int x25_forward_data(int, struct x25_neigh *, struct sk_buff *); +extern int x25_forward_call(struct x25_address *, struct x25_neigh *, + struct sk_buff *, int); + /* x25_in.c */ extern int x25_process_rx_frame(struct sock *, struct sk_buff *); extern int x25_backlog_rcv(struct sock *, struct sk_buff *); @@ -282,6 +297,8 @@ extern struct hlist_head x25_list; extern rwlock_t x25_list_lock; extern struct list_head x25_route_list; extern rwlock_t x25_route_list_lock; +extern struct list_head x25_forward_list; +extern rwlock_t x25_forward_list_lock; extern int x25_proc_init(void); extern void x25_proc_exit(void); -- cgit v1.2.2 From 39e21c0d34fe769d06839679fa920217359a58b0 Mon Sep 17 00:00:00 2001 From: Andrew Hendry Date: Thu, 8 Feb 2007 13:34:36 -0800 Subject: [X.25]: Adds /proc/sys/net/x25/x25_forward to control forwarding. echo "1" > /proc/sys/net/x25/x25_forward To turn on x25_forwarding, defaults to off Requires the previous patch. Signed-off-by: Andrew Hendry Signed-off-by: David S. Miller --- include/net/x25.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include/net') diff --git a/include/net/x25.h b/include/net/x25.h index 3b1190514d92..fc3f03d976f8 100644 --- a/include/net/x25.h +++ b/include/net/x25.h @@ -180,6 +180,7 @@ extern int sysctl_x25_call_request_timeout; extern int sysctl_x25_reset_request_timeout; extern int sysctl_x25_clear_request_timeout; extern int sysctl_x25_ack_holdback_timeout; +extern int sysctl_x25_forward; extern int x25_addr_ntoa(unsigned char *, struct x25_address *, struct x25_address *); -- cgit v1.2.2 From 2356f4cb191100a5e92d537f13e5efdbc697e9cb Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky Date: Thu, 8 Feb 2007 13:37:42 -0800 Subject: [S390]: Rewrite of the IUCV base code, part 2 Add rewritten IUCV base code to net/iucv. Signed-off-by: Frank Pavlic Signed-off-by: Martin Schwidefsky Signed-off-by: David S. Miller --- include/net/iucv/iucv.h | 415 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 415 insertions(+) create mode 100644 include/net/iucv/iucv.h (limited to 'include/net') diff --git a/include/net/iucv/iucv.h b/include/net/iucv/iucv.h new file mode 100644 index 000000000000..746e7416261e --- /dev/null +++ b/include/net/iucv/iucv.h @@ -0,0 +1,415 @@ +/* + * drivers/s390/net/iucv.h + * IUCV base support. + * + * S390 version + * Copyright 2000, 2006 IBM Corporation + * Author(s):Alan Altmark (Alan_Altmark@us.ibm.com) + * Xenia Tkatschow (xenia@us.ibm.com) + * Rewritten for af_iucv: + * Martin Schwidefsky + * + * + * Functionality: + * To explore any of the IUCV functions, one must first register their + * program using iucv_register(). Once your program has successfully + * completed a register, it can exploit the other functions. + * For furthur reference on all IUCV functionality, refer to the + * CP Programming Services book, also available on the web thru + * www.ibm.com/s390/vm/pubs, manual # SC24-5760 + * + * Definition of Return Codes + * - All positive return codes including zero are reflected back + * from CP. The definition of each return code can be found in + * CP Programming Services book. + * - Return Code of: + * -EINVAL: Invalid value + * -ENOMEM: storage allocation failed + */ + +#include +#include + +/* + * IUCV option flags usable by device drivers: + * + * IUCV_IPRMDATA Indicates that your program can handle a message in the + * parameter list / a message is sent in the parameter list. + * Used for iucv_path_accept, iucv_path_connect, + * iucv_message_reply, iucv_message_send, iucv_message_send2way. + * IUCV_IPQUSCE Indicates that you do not want to receive messages on this + * path until an iucv_path_resume is issued. + * Used for iucv_path_accept, iucv_path_connect. + * IUCV_IPBUFLST Indicates that an address list is used for the message data. + * Used for iucv_message_receive, iucv_message_send, + * iucv_message_send2way. + * IUCV_IPPRTY Specifies that you want to send priority messages. + * Used for iucv_path_accept, iucv_path_connect, + * iucv_message_reply, iucv_message_send, iucv_message_send2way. + * IUCV_IPSYNC Indicates a synchronous send request. + * Used for iucv_message_send, iucv_message_send2way. + * IUCV_IPANSLST Indicates that an address list is used for the reply data. + * Used for iucv_message_reply, iucv_message_send2way. + * IUCV_IPLOCAL Specifies that the communication partner has to be on the + * local system. If local is specified no target class can be + * specified. + * Used for iucv_path_connect. + * + * All flags are defined in the input field IPFLAGS1 of each function + * and can be found in CP Programming Services. + */ +#define IUCV_IPRMDATA 0x80 +#define IUCV_IPQUSCE 0x40 +#define IUCV_IPBUFLST 0x40 +#define IUCV_IPPRTY 0x20 +#define IUCV_IPANSLST 0x08 +#define IUCV_IPSYNC 0x04 +#define IUCV_IPLOCAL 0x01 + +/* + * iucv_array : Defines buffer array. + * Inside the array may be 31- bit addresses and 31-bit lengths. + * Use a pointer to an iucv_array as the buffer, reply or answer + * parameter on iucv_message_send, iucv_message_send2way, iucv_message_receive + * and iucv_message_reply if IUCV_IPBUFLST or IUCV_IPANSLST are used. + */ +struct iucv_array { + u32 address; + u32 length; +} __attribute__ ((aligned (8))); + +extern struct bus_type iucv_bus; +extern struct device *iucv_root; + +/* + * struct iucv_path + * pathid: 16 bit path identification + * msglim: 16 bit message limit + * flags: properties of the path: IPRMDATA, IPQUSCE, IPPRTY + * handler: address of iucv handler structure + * private: private information of the handler associated with the path + * list: list_head for the iucv_handler path list. + */ +struct iucv_path { + u16 pathid; + u16 msglim; + u8 flags; + void *private; + struct iucv_handler *handler; + struct list_head list; +}; + +/* + * struct iucv_message + * id: 32 bit message id + * audit: 32 bit error information of purged or replied messages + * class: 32 bit target class of a message (source class for replies) + * tag: 32 bit tag to be associated with the message + * length: 32 bit length of the message / reply + * reply_size: 32 bit maximum allowed length of the reply + * rmmsg: 8 byte inline message + * flags: message properties (IUCV_IPPRTY) + */ +struct iucv_message { + u32 id; + u32 audit; + u32 class; + u32 tag; + u32 length; + u32 reply_size; + u8 rmmsg[8]; + u8 flags; +}; + +/* + * struct iucv_handler + * + * A vector of functions that handle IUCV interrupts. Each functions gets + * a parameter area as defined by the CP Programming Services and private + * pointer that is provided by the user of the interface. + */ +struct iucv_handler { + /* + * The path_pending function is called after an iucv interrupt + * type 0x01 has been received. The base code allocates a path + * structure and "asks" the handler if this path belongs to the + * handler. To accept the path the path_pending function needs + * to call iucv_path_accept and return 0. If the callback returns + * a value != 0 the iucv base code will continue with the next + * handler. The order in which the path_pending functions are + * called is the order of the registration of the iucv handlers + * to the base code. + */ + int (*path_pending)(struct iucv_path *, u8 ipvmid[8], u8 ipuser[16]); + /* + * The path_complete function is called after an iucv interrupt + * type 0x02 has been received for a path that has been established + * for this handler with iucv_path_connect and got accepted by the + * peer with iucv_path_accept. + */ + void (*path_complete)(struct iucv_path *, u8 ipuser[16]); + /* + * The path_severed function is called after an iucv interrupt + * type 0x03 has been received. The communication peer shutdown + * his end of the communication path. The path still exists and + * remaining messages can be received until a iucv_path_sever + * shuts down the other end of the path as well. + */ + void (*path_severed)(struct iucv_path *, u8 ipuser[16]); + /* + * The path_quiesced function is called after an icuv interrupt + * type 0x04 has been received. The communication peer has quiesced + * the path. Delivery of messages is stopped until iucv_path_resume + * has been called. + */ + void (*path_quiesced)(struct iucv_path *, u8 ipuser[16]); + /* + * The path_resumed function is called after an icuv interrupt + * type 0x05 has been received. The communication peer has resumed + * the path. + */ + void (*path_resumed)(struct iucv_path *, u8 ipuser[16]); + /* + * The message_pending function is called after an icuv interrupt + * type 0x06 or type 0x07 has been received. A new message is + * availabe and can be received with iucv_message_receive. + */ + void (*message_pending)(struct iucv_path *, struct iucv_message *); + /* + * The message_complete function is called after an icuv interrupt + * type 0x08 or type 0x09 has been received. A message send with + * iucv_message_send2way has been replied to. The reply can be + * received with iucv_message_receive. + */ + void (*message_complete)(struct iucv_path *, struct iucv_message *); + + struct list_head list; + struct list_head paths; +}; + +/** + * iucv_register: + * @handler: address of iucv handler structure + * @smp: != 0 indicates that the handler can deal with out of order messages + * + * Registers a driver with IUCV. + * + * Returns 0 on success, -ENOMEM if the memory allocation for the pathid + * table failed, or -EIO if IUCV_DECLARE_BUFFER failed on all cpus. + */ +int iucv_register(struct iucv_handler *handler, int smp); + +/** + * iucv_unregister + * @handler: address of iucv handler structure + * @smp: != 0 indicates that the handler can deal with out of order messages + * + * Unregister driver from IUCV. + */ +void iucv_unregister(struct iucv_handler *handle, int smp); + +/** + * iucv_path_alloc + * @msglim: initial message limit + * @flags: initial flags + * @gfp: kmalloc allocation flag + * + * Allocate a new path structure for use with iucv_connect. + * + * Returns NULL if the memory allocation failed or a pointer to the + * path structure. + */ +static inline struct iucv_path *iucv_path_alloc(u16 msglim, u8 flags, gfp_t gfp) +{ + struct iucv_path *path; + + path = kzalloc(sizeof(struct iucv_path), gfp); + if (path) { + path->msglim = msglim; + path->flags = flags; + } + return path; +} + +/** + * iucv_path_free + * @path: address of iucv path structure + * + * Frees a path structure. + */ +static inline void iucv_path_free(struct iucv_path *path) +{ + kfree(path); +} + +/** + * iucv_path_accept + * @path: address of iucv path structure + * @handler: address of iucv handler structure + * @userdata: 16 bytes of data reflected to the communication partner + * @private: private data passed to interrupt handlers for this path + * + * This function is issued after the user received a connection pending + * external interrupt and now wishes to complete the IUCV communication path. + * + * Returns the result of the CP IUCV call. + */ +int iucv_path_accept(struct iucv_path *path, struct iucv_handler *handler, + u8 userdata[16], void *private); + +/** + * iucv_path_connect + * @path: address of iucv path structure + * @handler: address of iucv handler structure + * @userid: 8-byte user identification + * @system: 8-byte target system identification + * @userdata: 16 bytes of data reflected to the communication partner + * @private: private data passed to interrupt handlers for this path + * + * This function establishes an IUCV path. Although the connect may complete + * successfully, you are not able to use the path until you receive an IUCV + * Connection Complete external interrupt. + * + * Returns the result of the CP IUCV call. + */ +int iucv_path_connect(struct iucv_path *path, struct iucv_handler *handler, + u8 userid[8], u8 system[8], u8 userdata[16], + void *private); + +/** + * iucv_path_quiesce: + * @path: address of iucv path structure + * @userdata: 16 bytes of data reflected to the communication partner + * + * This function temporarily suspends incoming messages on an IUCV path. + * You can later reactivate the path by invoking the iucv_resume function. + * + * Returns the result from the CP IUCV call. + */ +int iucv_path_quiesce(struct iucv_path *path, u8 userdata[16]); + +/** + * iucv_path_resume: + * @path: address of iucv path structure + * @userdata: 16 bytes of data reflected to the communication partner + * + * This function resumes incoming messages on an IUCV path that has + * been stopped with iucv_path_quiesce. + * + * Returns the result from the CP IUCV call. + */ +int iucv_path_resume(struct iucv_path *path, u8 userdata[16]); + +/** + * iucv_path_sever + * @path: address of iucv path structure + * @userdata: 16 bytes of data reflected to the communication partner + * + * This function terminates an IUCV path. + * + * Returns the result from the CP IUCV call. + */ +int iucv_path_sever(struct iucv_path *path, u8 userdata[16]); + +/** + * iucv_message_purge + * @path: address of iucv path structure + * @msg: address of iucv msg structure + * @srccls: source class of message + * + * Cancels a message you have sent. + * + * Returns the result from the CP IUCV call. + */ +int iucv_message_purge(struct iucv_path *path, struct iucv_message *msg, + u32 srccls); + +/** + * iucv_message_receive + * @path: address of iucv path structure + * @msg: address of iucv msg structure + * @flags: flags that affect how the message is received (IUCV_IPBUFLST) + * @buffer: address of data buffer or address of struct iucv_array + * @size: length of data buffer + * @residual: + * + * This function receives messages that are being sent to you over + * established paths. This function will deal with RMDATA messages + * embedded in struct iucv_message as well. + * + * Returns the result from the CP IUCV call. + */ +int iucv_message_receive(struct iucv_path *path, struct iucv_message *msg, + u8 flags, void *buffer, size_t size, size_t *residual); + +/** + * iucv_message_reject + * @path: address of iucv path structure + * @msg: address of iucv msg structure + * + * The reject function refuses a specified message. Between the time you + * are notified of a message and the time that you complete the message, + * the message may be rejected. + * + * Returns the result from the CP IUCV call. + */ +int iucv_message_reject(struct iucv_path *path, struct iucv_message *msg); + +/** + * iucv_message_reply + * @path: address of iucv path structure + * @msg: address of iucv msg structure + * @flags: how the reply is sent (IUCV_IPRMDATA, IUCV_IPPRTY, IUCV_IPBUFLST) + * @reply: address of data buffer or address of struct iucv_array + * @size: length of reply data buffer + * + * This function responds to the two-way messages that you receive. You + * must identify completely the message to which you wish to reply. ie, + * pathid, msgid, and trgcls. Prmmsg signifies the data is moved into + * the parameter list. + * + * Returns the result from the CP IUCV call. + */ +int iucv_message_reply(struct iucv_path *path, struct iucv_message *msg, + u8 flags, void *reply, size_t size); + +/** + * iucv_message_send + * @path: address of iucv path structure + * @msg: address of iucv msg structure + * @flags: how the message is sent (IUCV_IPRMDATA, IUCV_IPPRTY, IUCV_IPBUFLST) + * @srccls: source class of message + * @buffer: address of data buffer or address of struct iucv_array + * @size: length of send buffer + * + * This function transmits data to another application. Data to be + * transmitted is in a buffer and this is a one-way message and the + * receiver will not reply to the message. + * + * Returns the result from the CP IUCV call. + */ +int iucv_message_send(struct iucv_path *path, struct iucv_message *msg, + u8 flags, u32 srccls, void *buffer, size_t size); + +/** + * iucv_message_send2way + * @path: address of iucv path structure + * @msg: address of iucv msg structure + * @flags: how the message is sent and the reply is received + * (IUCV_IPRMDATA, IUCV_IPBUFLST, IUCV_IPPRTY, IUCV_ANSLST) + * @srccls: source class of message + * @buffer: address of data buffer or address of struct iucv_array + * @size: length of send buffer + * @ansbuf: address of answer buffer or address of struct iucv_array + * @asize: size of reply buffer + * + * This function transmits data to another application. Data to be + * transmitted is in a buffer. The receiver of the send is expected to + * reply to the message and a buffer is provided into which IUCV moves + * the reply to this message. + * + * Returns the result from the CP IUCV call. + */ +int iucv_message_send2way(struct iucv_path *path, struct iucv_message *msg, + u8 flags, u32 srccls, void *buffer, size_t size, + void *answer, size_t asize, size_t *residual); -- cgit v1.2.2 From eac3731bd04c7131478722a3c148b78774553116 Mon Sep 17 00:00:00 2001 From: Jennifer Hunt Date: Thu, 8 Feb 2007 13:51:54 -0800 Subject: [S390]: Add AF_IUCV socket support From: Jennifer Hunt This patch adds AF_IUCV socket support. Signed-off-by: Frank Pavlic Signed-off-by: Martin Schwidefsky Signed-off-by: David S. Miller --- include/net/iucv/af_iucv.h | 106 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 include/net/iucv/af_iucv.h (limited to 'include/net') diff --git a/include/net/iucv/af_iucv.h b/include/net/iucv/af_iucv.h new file mode 100644 index 000000000000..04d1abb72d25 --- /dev/null +++ b/include/net/iucv/af_iucv.h @@ -0,0 +1,106 @@ +/* + * Copyright 2006 IBM Corporation + * IUCV protocol stack for Linux on zSeries + * Version 1.0 + * Author(s): Jennifer Hunt + * + */ + +#ifndef __AFIUCV_H +#define __AFIUCV_H + +#include +#include +#include +#include +#include + +#ifndef AF_IUCV +#define AF_IUCV 32 +#define PF_IUCV AF_IUCV +#endif + +/* Connection and socket states */ +enum { + IUCV_CONNECTED = 1, + IUCV_OPEN, + IUCV_BOUND, + IUCV_LISTEN, + IUCV_SEVERED, + IUCV_DISCONN, + IUCV_CLOSED +}; + +#define IUCV_QUEUELEN_DEFAULT 65535 +#define IUCV_CONN_TIMEOUT (HZ * 40) +#define IUCV_DISCONN_TIMEOUT (HZ * 2) +#define IUCV_CONN_IDLE_TIMEOUT (HZ * 60) +#define IUCV_BUFSIZE_DEFAULT 32768 + +/* IUCV socket address */ +struct sockaddr_iucv { + sa_family_t siucv_family; + unsigned short siucv_port; /* Reserved */ + unsigned int siucv_addr; /* Reserved */ + char siucv_nodeid[8]; /* Reserved */ + char siucv_user_id[8]; /* Guest User Id */ + char siucv_name[8]; /* Application Name */ +}; + + +/* Common socket structures and functions */ + +#define iucv_sk(__sk) ((struct iucv_sock *) __sk) + +struct iucv_sock { + struct sock sk; + char src_user_id[8]; + char src_name[8]; + char dst_user_id[8]; + char dst_name[8]; + struct list_head accept_q; + struct sock *parent; + struct iucv_path *path; + struct sk_buff_head send_skb_q; + unsigned int send_tag; +}; + +struct iucv_sock_list { + struct hlist_head head; + rwlock_t lock; + atomic_t autobind_name; +}; + +static void iucv_sock_destruct(struct sock *sk); +static void iucv_sock_cleanup_listen(struct sock *parent); +static void iucv_sock_kill(struct sock *sk); +static void iucv_sock_close(struct sock *sk); +static int iucv_sock_create(struct socket *sock, int proto); +static int iucv_sock_bind(struct socket *sock, struct sockaddr *addr, + int addr_len); +static int iucv_sock_connect(struct socket *sock, struct sockaddr *addr, + int alen, int flags); +static int iucv_sock_listen(struct socket *sock, int backlog); +static int iucv_sock_accept(struct socket *sock, struct socket *newsock, + int flags); +static int iucv_sock_getname(struct socket *sock, struct sockaddr *addr, + int *len, int peer); +static int iucv_sock_sendmsg(struct kiocb *iocb, struct socket *sock, + struct msghdr *msg, size_t len); +static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, + struct msghdr *msg, size_t len, int flags); +unsigned int iucv_sock_poll(struct file *file, struct socket *sock, + poll_table *wait); +static int iucv_sock_release(struct socket *sock); +static int iucv_sock_shutdown(struct socket *sock, int how); + +void iucv_sock_link(struct iucv_sock_list *l, struct sock *s); +void iucv_sock_unlink(struct iucv_sock_list *l, struct sock *s); +int iucv_sock_wait_state(struct sock *sk, int state, int state2, + unsigned long timeo); +int iucv_sock_wait_cnt(struct sock *sk, unsigned long timeo); +void iucv_accept_enqueue(struct sock *parent, struct sock *sk); +void iucv_accept_unlink(struct sock *sk); +struct sock *iucv_accept_dequeue(struct sock *parent, struct socket *newsock); + +#endif /* __IUCV_H */ -- cgit v1.2.2 From dbca9b2750e3b1ee6f56a616160ccfc12e8b161f Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Thu, 8 Feb 2007 14:16:46 -0800 Subject: [NET]: change layout of ehash table ehash table layout is currently this one : First half of this table is used by sockets not in TIME_WAIT state Second half of it is used by sockets in TIME_WAIT state. This is non optimal because of for a given hash or socket, the two chain heads are located in separate cache lines. Moreover the locks of the second half are never used. If instead of this halving, we use two list heads in inet_ehash_bucket instead of only one, we probably can avoid one cache miss, and reduce ram usage, particularly if sizeof(rwlock_t) is big (various CONFIG_DEBUG_SPINLOCK, CONFIG_DEBUG_LOCK_ALLOC settings). So we still halves the table but we keep together related chains to speedup lookups and socket state change. In this patch I did not try to align struct inet_ehash_bucket, but a future patch could try to make this structure have a convenient size (a power of two or a multiple of L1_CACHE_SIZE). I guess rwlock will just vanish as soon as RCU is plugged into ehash :) , so maybe we dont need to scratch our heads to align the bucket... Note : In case struct inet_ehash_bucket is not a power of two, we could probably change alloc_large_system_hash() (in case it use __get_free_pages()) to free the unused space. It currently allocates a big zone, but the last quarter of it could be freed. Again, this should be a temporary 'problem'. Patch tested on ipv4 tcp only, but should be OK for IPV6 and DCCP. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller --- include/net/inet_hashtables.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'include/net') diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h index 34cc76e3ddb4..d27ee8c0da3f 100644 --- a/include/net/inet_hashtables.h +++ b/include/net/inet_hashtables.h @@ -34,12 +34,13 @@ #include /* This is for all connections with a full identity, no wildcards. - * New scheme, half the table is for TIME_WAIT, the other half is - * for the rest. I'll experiment with dynamic table growth later. + * One chain is dedicated to TIME_WAIT sockets. + * I'll experiment with dynamic table growth later. */ struct inet_ehash_bucket { rwlock_t lock; struct hlist_head chain; + struct hlist_head twchain; }; /* There are a few simple rules, which allow for local port reuse by @@ -97,8 +98,7 @@ struct inet_hashinfo { * * TCP_ESTABLISHED <= sk->sk_state < TCP_CLOSE * - * First half of the table is for sockets not in TIME_WAIT, second half - * is for TIME_WAIT sockets only. + * TIME_WAIT sockets use a separate chain (twchain). */ struct inet_ehash_bucket *ehash; @@ -369,7 +369,7 @@ static inline struct sock * } /* Must check for a TIME_WAIT'er before going to listener hash. */ - sk_for_each(sk, node, &(head + hashinfo->ehash_size)->chain) { + sk_for_each(sk, node, &head->twchain) { if (INET_TW_MATCH(sk, hash, acookie, saddr, daddr, ports, dif)) goto hit; } -- cgit v1.2.2 From 75ce7ceaa1221858c0163e75d19eb8a423a212ff Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Fri, 9 Feb 2007 16:14:24 -0800 Subject: [NET]: Introduce union in struct dst_entry to hold 'next' pointer This patch introduces an anonymous union to nicely express the fact that all objects inherited from struct dst_entry should access to the generic 'next' pointer but with appropriate type verification. This patch is a prereq before following patches. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller --- include/net/dst.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'include/net') diff --git a/include/net/dst.h b/include/net/dst.h index 62b7e7598e9a..5d62342e8bc4 100644 --- a/include/net/dst.h +++ b/include/net/dst.h @@ -37,7 +37,12 @@ struct sk_buff; struct dst_entry { - struct dst_entry *next; + union { + struct dst_entry *next; + struct rtable *rt_next; + struct rt6_info *rt6_next; + struct dn_route *dn_next; + }; atomic_t __refcnt; /* client references */ int __use; struct dst_entry *child; -- cgit v1.2.2 From 093c2ca4167cf66f69020329d14138da0da8599b Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Fri, 9 Feb 2007 16:19:26 -0800 Subject: [IPV4]: Convert ipv4 route to use the new dst_entry 'next' pointer This patch removes the rt_next pointer from 'struct rtable.u' union, and renames u.rt_next to u.dst_rt_next. It also moves 'struct flowi' right after 'struct dst_entry' to prepare the gain on lookups. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller --- include/net/route.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'include/net') diff --git a/include/net/route.h b/include/net/route.h index 1440bdb5a27d..749e4dfe5ff3 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -53,9 +53,11 @@ struct rtable union { struct dst_entry dst; - struct rtable *rt_next; } u; + /* Cache lookup keys */ + struct flowi fl; + struct in_device *idev; unsigned rt_flags; @@ -69,9 +71,6 @@ struct rtable /* Info on neighbour */ __be32 rt_gateway; - /* Cache lookup keys */ - struct flowi fl; - /* Miscellaneous cached information */ __be32 rt_spec_dst; /* RFC1122 specific destination */ struct inet_peer *peer; /* long-living peer info */ -- cgit v1.2.2 From 7cc482634f1f1e1db5401007658c8e8d6cf1617d Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Fri, 9 Feb 2007 16:22:57 -0800 Subject: [IPV6]: Convert ipv6 route to use the new dst_entry 'next' pointer This patch removes the next pointer from 'struct rt6_info.u' union, and renames u.next to u.dst.rt6_next. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller --- include/net/ip6_fib.h | 1 - 1 file changed, 1 deletion(-) (limited to 'include/net') diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h index 7be4f4e3a0f2..9eda572a2a65 100644 --- a/include/net/ip6_fib.h +++ b/include/net/ip6_fib.h @@ -83,7 +83,6 @@ struct rt6_info { union { struct dst_entry dst; - struct rt6_info *next; } u; struct inet6_dev *rt6i_idev; -- cgit v1.2.2 From 0c195c3fc4e95a06b0c0017506f074c94af99c35 Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Fri, 9 Feb 2007 16:25:52 -0800 Subject: [DECNET]: Convert decnet route to use the new dst_entry 'next' pointer This patch removes the next pointer from 'struct dn_route.u' union, and renames u.rt_next to u.dst.dn_next. It also moves 'struct flowi' right after 'struct dst_entry' to prepare speedup lookups. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller --- include/net/dn_route.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'include/net') diff --git a/include/net/dn_route.h b/include/net/dn_route.h index 76f957e258b0..a566944c4962 100644 --- a/include/net/dn_route.h +++ b/include/net/dn_route.h @@ -68,9 +68,10 @@ extern void dn_rt_cache_flush(int delay); struct dn_route { union { struct dst_entry dst; - struct dn_route *rt_next; } u; + struct flowi fl; + __le16 rt_saddr; __le16 rt_daddr; __le16 rt_gateway; @@ -80,8 +81,6 @@ struct dn_route { unsigned rt_flags; unsigned rt_type; - - struct flowi fl; }; extern void dn_route_init(void); -- cgit v1.2.2 From 1e19e02ca0c5e33ea73a25127dbe6c3b8fcaac4b Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Fri, 9 Feb 2007 16:26:55 -0800 Subject: [NET]: Reorder fields of struct dst_entry This last patch (but not least :) ) finally moves the next pointer at the end of struct dst_entry. This permits to perform route cache lookups with a minimal cost of one cache line per entry, instead of two. Both 32bits and 64bits platforms benefit from this new layout. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller --- include/net/dst.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'include/net') diff --git a/include/net/dst.h b/include/net/dst.h index 5d62342e8bc4..e12a8ce0b9b3 100644 --- a/include/net/dst.h +++ b/include/net/dst.h @@ -37,14 +37,7 @@ struct sk_buff; struct dst_entry { - union { - struct dst_entry *next; - struct rtable *rt_next; - struct rt6_info *rt6_next; - struct dn_route *dn_next; - }; - atomic_t __refcnt; /* client references */ - int __use; + struct rcu_head rcu_head; struct dst_entry *child; struct net_device *dev; short error; @@ -55,7 +48,6 @@ struct dst_entry #define DST_NOPOLICY 4 #define DST_NOHASH 8 #define DST_BALANCED 0x10 - unsigned long lastuse; unsigned long expires; unsigned short header_len; /* more space at head required */ @@ -80,8 +72,16 @@ struct dst_entry #endif struct dst_ops *ops; - struct rcu_head rcu_head; + unsigned long lastuse; + atomic_t __refcnt; /* client references */ + int __use; + union { + struct dst_entry *next; + struct rtable *rt_next; + struct rt6_info *rt6_next; + struct dn_route *dn_next; + }; char info[0]; }; -- cgit v1.2.2 From 540473208f8ac71c25a87e1a2670c3c18dd4d6db Mon Sep 17 00:00:00 2001 From: Arjan van de Ven Date: Mon, 12 Feb 2007 00:55:28 -0800 Subject: [PATCH] mark struct file_operations const 1 Many struct file_operations in the kernel can be "const". Marking them const moves these to the .rodata section, which avoids false sharing with potential dirty data. In addition it'll catch accidental writes at compile time to these shared resources. Signed-off-by: Arjan van de Ven Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- include/net/ax25.h | 4 ++-- include/net/netfilter/nf_conntrack_expect.h | 2 +- include/net/netrom.h | 4 ++-- include/net/rose.h | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) (limited to 'include/net') diff --git a/include/net/ax25.h b/include/net/ax25.h index 5ae10dd2e32e..47ff2f46e908 100644 --- a/include/net/ax25.h +++ b/include/net/ax25.h @@ -377,7 +377,7 @@ extern int ax25_check_iframes_acked(ax25_cb *, unsigned short); /* ax25_route.c */ extern void ax25_rt_device_down(struct net_device *); extern int ax25_rt_ioctl(unsigned int, void __user *); -extern struct file_operations ax25_route_fops; +extern const struct file_operations ax25_route_fops; extern ax25_route *ax25_get_route(ax25_address *addr, struct net_device *dev); extern int ax25_rt_autobind(ax25_cb *, ax25_address *); extern struct sk_buff *ax25_rt_build_path(struct sk_buff *, ax25_address *, ax25_address *, ax25_digi *); @@ -430,7 +430,7 @@ extern unsigned long ax25_display_timer(struct timer_list *); extern int ax25_uid_policy; extern ax25_uid_assoc *ax25_findbyuid(uid_t); extern int __must_check ax25_uid_ioctl(int, struct sockaddr_ax25 *); -extern struct file_operations ax25_uid_fops; +extern const struct file_operations ax25_uid_fops; extern void ax25_uid_free(void); /* sysctl_net_ax25.c */ diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h index 41bcc9eb4206..173c7c1eff23 100644 --- a/include/net/netfilter/nf_conntrack_expect.h +++ b/include/net/netfilter/nf_conntrack_expect.h @@ -8,7 +8,7 @@ extern struct list_head nf_conntrack_expect_list; extern struct kmem_cache *nf_conntrack_expect_cachep; -extern struct file_operations exp_file_ops; +extern const struct file_operations exp_file_ops; struct nf_conntrack_expect { diff --git a/include/net/netrom.h b/include/net/netrom.h index e0ca112024a3..f06852bba62a 100644 --- a/include/net/netrom.h +++ b/include/net/netrom.h @@ -215,8 +215,8 @@ extern struct net_device *nr_dev_get(ax25_address *); extern int nr_rt_ioctl(unsigned int, void __user *); extern void nr_link_failed(ax25_cb *, int); extern int nr_route_frame(struct sk_buff *, ax25_cb *); -extern struct file_operations nr_nodes_fops; -extern struct file_operations nr_neigh_fops; +extern const struct file_operations nr_nodes_fops; +extern const struct file_operations nr_neigh_fops; extern void nr_rt_free(void); /* nr_subr.c */ diff --git a/include/net/rose.h b/include/net/rose.h index 4c05a88b921b..a4047d3cf5dd 100644 --- a/include/net/rose.h +++ b/include/net/rose.h @@ -189,9 +189,9 @@ extern void rose_enquiry_response(struct sock *); /* rose_route.c */ extern struct rose_neigh rose_loopback_neigh; -extern struct file_operations rose_neigh_fops; -extern struct file_operations rose_nodes_fops; -extern struct file_operations rose_routes_fops; +extern const struct file_operations rose_neigh_fops; +extern const struct file_operations rose_nodes_fops; +extern const struct file_operations rose_routes_fops; extern void rose_add_loopback_neigh(void); extern int __must_check rose_add_loopback_node(rose_address *); -- cgit v1.2.2 From 923f4902fefdf4e89b0fb32c4e069d4f57d704f5 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 12 Feb 2007 11:12:57 -0800 Subject: [NETFILTER]: nf_conntrack: properly use RCU API for nf_ct_protos/nf_ct_l3protos arrays Replace preempt_{enable,disable} based RCU by proper use of the RCU API and add missing rcu_read_lock/rcu_read_unlock calls in all paths not obviously only used within packet process context (nfnetlink_conntrack). Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- include/net/netfilter/nf_conntrack_l3proto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h index 664ddcffe00d..ba760fe09b8a 100644 --- a/include/net/netfilter/nf_conntrack_l3proto.h +++ b/include/net/netfilter/nf_conntrack_l3proto.h @@ -106,7 +106,7 @@ __nf_ct_l3proto_find(u_int16_t l3proto) { if (unlikely(l3proto >= AF_MAX)) return &nf_conntrack_l3proto_generic; - return nf_ct_l3protos[l3proto]; + return rcu_dereference(nf_ct_l3protos[l3proto]); } #endif /*_NF_CONNTRACK_L3PROTO_H*/ -- cgit v1.2.2 From c0e912d7ed8999f87fa7f084928aac1266e251f3 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 12 Feb 2007 11:13:43 -0800 Subject: [NETFILTER]: nf_conntrack: fix invalid conntrack statistics RCU assumption NF_CT_STAT_INC assumes rcu_read_lock in nf_hook_slow disables preemption as well, making it legal to use __get_cpu_var without disabling preemption manually. The assumption is not correct anymore with preemptable RCU, additionally we need to protect against softirqs when not holding nf_conntrack_lock. Add NF_CT_STAT_INC_ATOMIC macro, which disables local softirqs, and use where necessary. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- include/net/netfilter/nf_conntrack.h | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'include/net') diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 68ec27490c20..0e690e34c00b 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -257,6 +257,12 @@ extern int nf_conntrack_max; DECLARE_PER_CPU(struct ip_conntrack_stat, nf_conntrack_stat); #define NF_CT_STAT_INC(count) (__get_cpu_var(nf_conntrack_stat).count++) +#define NF_CT_STAT_INC_ATOMIC(count) \ +do { \ + local_bh_disable(); \ + __get_cpu_var(nf_conntrack_stat).count++; \ + local_bh_enable(); \ +} while (0) /* no helper, no nat */ #define NF_CT_F_BASIC 0 -- cgit v1.2.2 From fe3eb20c1ace69e42e6ebf2afd2a904b2ae85cde Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 12 Feb 2007 11:14:28 -0800 Subject: [NETFILTER]: nf_conntrack: change nf_conntrack_l[34]proto_unregister to void No caller checks the return value, and since its usually called within the module unload path there's nothing a module could do about errors anyway, so BUG on invalid conditions and return void. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- include/net/netfilter/nf_conntrack_l3proto.h | 2 +- include/net/netfilter/nf_conntrack_l4proto.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h index ba760fe09b8a..eb575cbd4c95 100644 --- a/include/net/netfilter/nf_conntrack_l3proto.h +++ b/include/net/netfilter/nf_conntrack_l3proto.h @@ -89,7 +89,7 @@ extern struct nf_conntrack_l3proto *nf_ct_l3protos[AF_MAX]; /* Protocol registration. */ extern int nf_conntrack_l3proto_register(struct nf_conntrack_l3proto *proto); -extern int nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto); +extern void nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto); extern struct nf_conntrack_l3proto * nf_ct_l3proto_find_get(u_int16_t l3proto); diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h index fc8af08ff542..8415182ec126 100644 --- a/include/net/netfilter/nf_conntrack_l4proto.h +++ b/include/net/netfilter/nf_conntrack_l4proto.h @@ -109,7 +109,7 @@ extern void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p); /* Protocol registration. */ extern int nf_conntrack_l4proto_register(struct nf_conntrack_l4proto *proto); -extern int nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *proto); +extern void nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *proto); /* Generic netlink helpers */ extern int nf_ct_port_tuple_to_nfattr(struct sk_buff *skb, -- cgit v1.2.2