firefly-linux-kernel-4.4.55.git
16 years agodrivers/net/usb/Makefile - shrink logspam
David Brownell [Sat, 4 Oct 2008 22:11:12 +0000 (22:11 +0000)]
drivers/net/usb/Makefile - shrink logspam

When building with CONFIG_USB_DEBUG, don't create logspam from
the USB networking drivers.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agor8169: WoL fixes, part 2.
Bruno Prémont [Thu, 9 Oct 2008 00:06:25 +0000 (17:06 -0700)]
r8169: WoL fixes, part 2.

Since recent kernel (2.6.26 or 2.6.27) the PCI wakeup functions are
influenced by generic device ability and configuration when enabling
PCI-device triggered wake-up.

This patch causes WoL setting to enable/disable device's wish to
be permitted to wake-up the host when changing WoL options and
also during device probing.

Without this patch one has write 'enabled' to
  /sys/bus/pci/devices/0000:02:08.0/power/wakeup

Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agor8169: WoL fixes, part 1.
Bruno Prémont [Thu, 9 Oct 2008 00:05:03 +0000 (17:05 -0700)]
r8169: WoL fixes, part 1.

When probing the chip and handling it's power management settings
also remember wether WoL feature is enabled.

Without this patch one has to call ethtool to change WoL settings
for this flag to be set and any WoL being enabled on suspend to
RAM.

Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agogianfar: Create net device with carrier down
Trent Piepho [Thu, 2 Oct 2008 11:12:24 +0000 (11:12 +0000)]
gianfar: Create net device with carrier down

The device's carrier status is controlled via the functions
netif_carrier_on() and netif_carrier_off().  These set or clear a bit
indicating the carrier (aka lower level link) is down, and if the state
changed, they fire off a routing netlink event.

Add a call to netif_carrier_off() before register_netdev() so that the
newly created device will be set to carrier down.  Then when the carrier
comes up for the first time, a netlink event will be generated, as the
carrier changed from down to up.  Otherwise the initial carrier up will
appear to be changing the status from up to up, and so no event is
generated since that's not a change.

Signed-off-by: Trent Piepho <tpiepho@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomv643xx_eth: include linux/ip.h to fix build
Lennert Buytenhek [Thu, 2 Oct 2008 00:52:39 +0000 (00:52 +0000)]
mv643xx_eth: include linux/ip.h to fix build

mv643xx_eth uses ip_hdr() (defined in linux/ip.h), but relied on
another header file to include the needed header file indirectly.
In latest net-next this indirect include chain is gone, so the
driver fails to build.  Include linux/ip.h explicitly to fix this.

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agolib8390: Fix locking in ei_poll (poll controller)
Jarek Poplawski [Tue, 30 Sep 2008 20:58:25 +0000 (20:58 +0000)]
lib8390: Fix locking in ei_poll (poll controller)

This lockdep warning:
  =================================
  [ INFO: inconsistent lock state ]
  2.6.27-rc7 #3
  ---------------------------------
  inconsistent {in-softirq-W} -> {softirq-on-W} usage.
  syslogd/2474 [HC0[0]:SC0[0]:HE1:SE1] takes:
   (_xmit_ETHER#2){-+..}, at: [<c0265562>] netpoll_send_skb+0x132/0x190
  ...

is caused by unconditional local_irq_disable()/local_irq_enable() in
disable_irq_lockdep()/enable_irq_lockdep() used by __ei_poll(). Since
netconsole/netpoll always calls dev->poll_controller() with local irqs
disabled, disable_irq()/enable_irq() instead is safe and enough (like
e.g. in 3c509 or 8139xx drivers).

Reported-and-tested-by: Bernard Pidoux F6BVP <f6bvp@free.fr>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoixgb: fix bug when freeing resources
Brandeburg, Jesse [Tue, 30 Sep 2008 13:08:48 +0000 (13:08 +0000)]
ixgb: fix bug when freeing resources

It was pointed out by Breno Leitao <leitao@linux.vnet.ibm.com> that
ixgb would crash on PPC when an IOMMU was in use, if change_mtu was
called.

It appears to be a pretty simple issue in the driver that wasn't discovered
because most systems don't run with an IOMMU.  The driver needs to only unmap
buffers that are mapped (duh).

CC: Breno Leitao <leitao@linux.vnet.ibm.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoe1000e: release hw semaphore after successfully writing EEPROM
Arthur Jones [Mon, 29 Sep 2008 11:51:09 +0000 (11:51 +0000)]
e1000e: release hw semaphore after successfully writing EEPROM

Since e1000e has been existance in linux-2.6, we've
never released the hardware semaphore after a successful
write to the SPI EEPROM.  I guess we don't write to
SPI EEPROM much -- but those few of us that do appreciate
it when we can later read from the EEPROM without having
to reboot.

Found-by: Nick Van Fossen <Nick.VanFossen@riverbed.com>
Signed-off-by: Arthur Jones <ajones@riverbed.com>
Reviewed-by: Auke Kok <auke-jan.h.kok@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agonet: Add SMSC LAN9500 USB2.0 10/100 ethernet adapter driver
Steve Glendinning [Thu, 2 Oct 2008 05:27:57 +0000 (05:27 +0000)]
net: Add SMSC LAN9500 USB2.0 10/100 ethernet adapter driver

Attached is a driver for SMSC's LAN9500 USB2.0 10/100 ethernet
adapter.

Signed-off-by: Steve Glendinning <steve.glendinning@smsc.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agophylib: add mdiobus_{read,write}
Lennert Buytenhek [Mon, 29 Sep 2008 17:12:35 +0000 (17:12 +0000)]
phylib: add mdiobus_{read,write}

Add mdiobus_{read,write} routines to allow direct reading/writing
of registers on an mii bus without having to go through the PHY
abstraction, and make phy_{read,write} use these primitives.

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agophylib: give mdio buses a device tree presence
Lennert Buytenhek [Wed, 8 Oct 2008 23:33:40 +0000 (16:33 -0700)]
phylib: give mdio buses a device tree presence

Introduce the mdio_bus class, and give each 'struct mii_bus' its own
'struct device', so that mii_bus objects are represented in the device
tree and can be found by querying the device tree.

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
Acked-by: Andy Fleming <afleming@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agophylib: move to dynamic allocation of struct mii_bus
Lennert Buytenhek [Wed, 8 Oct 2008 23:29:57 +0000 (16:29 -0700)]
phylib: move to dynamic allocation of struct mii_bus

This patch introduces mdiobus_alloc() and mdiobus_free(), and
makes all mdio bus drivers use these functions to allocate their
struct mii_bus'es dynamically.

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Andy Fleming <afleming@freescale.com>
16 years agophylib: rename mii_bus::dev to mii_bus::parent
Lennert Buytenhek [Wed, 1 Oct 2008 15:41:33 +0000 (15:41 +0000)]
phylib: rename mii_bus::dev to mii_bus::parent

In preparation of giving mii_bus objects a device tree presence of
their own, rename struct mii_bus's ->dev argument to ->parent, since
having a 'struct device *dev' that points to our parent device
conflicts with introducing a 'struct device dev' representing our own
device.

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Andy Fleming <afleming@freescale.com>
16 years agomyri10ge: add multiqueue TX
Brice Goglin [Sun, 28 Sep 2008 15:34:21 +0000 (15:34 +0000)]
myri10ge: add multiqueue TX

Add multiqueue TX support to myri10ge.

[ Removed reference to deprecated CONFIG_NETDEVICES_MULTIQUEUE and
  NETIF_F_MULTI_QUEUE ]

Signed-off-by: Brice Goglin <brice@myri.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoatl1: update introductory comments
Jay Cliburn [Sat, 27 Sep 2008 04:17:23 +0000 (04:17 +0000)]
atl1: update introductory comments

Update the driver's introductory comments.

Signed-off-by: Jay Cliburn <jacliburn@bellsouth.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoatl1: remove EXPERIMENTAL label
Jay Cliburn [Sat, 27 Sep 2008 04:17:22 +0000 (04:17 +0000)]
atl1: remove EXPERIMENTAL label

Remove the EXPERIMENTAL label from the atl1 driver and change the vendor
name to include Attansic's successor, Atheros.  We'll leave Attansic in
the name since Attansic's PCI ID (1969) is encoded in the PCI config and
is what users encounter on their systems.

Signed-off-by: Jay Cliburn <jacliburn@bellsouth.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoatl1: remove LLTX
Jay Cliburn [Sat, 27 Sep 2008 04:17:21 +0000 (04:17 +0000)]
atl1: remove LLTX

NETIF_F_LLTX is deprecated. Remove private TX locking from the driver
and remove the NETIF_F_LLTX feature flag.

Signed-off-by: Jay Cliburn <jacliburn@bellsouth.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoatl1: fix transmit timeout bug
Jay Cliburn [Sat, 27 Sep 2008 04:17:20 +0000 (04:17 +0000)]
atl1: fix transmit timeout bug

See http://marc.info/?l=linux-netdev&m=121931988219314&w=2

Stop the queue and turn off carrier to prevent transmit timeouts
when the cable is unplugged/replugged.

Signed-off-by: Jay Cliburn <jacliburn@bellsouth.net>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoskge: Fix skge_set_ring_param() losing error return
Wang Chen [Fri, 26 Sep 2008 08:20:32 +0000 (16:20 +0800)]
skge: Fix skge_set_ring_param() losing error return

The error return is useful to caller, driver shouldn't miss it.

Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[10/21] driver/net/skge.c: restart the interface when it's options or
Xiaoming.Zhang [Thu, 25 Sep 2008 20:28:05 +0000 (20:28 +0000)]
[10/21] driver/net/skge.c: restart the interface when it's options or
pauseparam is set

On Wednesday 24 September 2008 07:47, Stephen Hemminger wrote:
> On Mon, 22 Sep 2008 14:52:17 -0700
>
> akpm@linux-foundation.org wrote:
> > From: "Xiaoming.Zhang" <Xiaoming.Zhang@resilience.com>
> >
> > We have an issue of the skge driver: The card won't work when it's
> > options are changed.  Here's the hardware info:
> >
> > # lspci -v
> > 05:04.0 Ethernet controller: Marvell Technology Group Ltd. 88E8001
> > Gigabit Ethernet Controller (rev 13) Subsystem: Marvell Technology Group
> > Ltd. Marvell RDK-8001 Flags: bus master, 66MHz, medium devsel, latency
> > 32, IRQ 16 Memory at d042c000 (32-bit, non-prefetchable) [size=16K] I/O
> > ports at d000 [size=256]
> >         [virtual] Expansion ROM at 20400000 [disabled] [size=128K]
> >         Capabilities: [48] Power Management version 2
> >         Capabilities: [50] Vital Product Data
> >
> > The happens in both Linux-2.6.26(skge version 1.23) and RHEL5.2(skge
> > version 1.6).
> >
> > For example, at first it is set to "speed 1000 duplex full auto-neg on"
> > and it works, then run
> >
> >        ethtool -s <ethx> autoneg off
> > or     ethtool -s <ethx> speed 100 duplex full autoneg off
> >
> > Then it will stop working. After that if we restart the interface:
> >
> >  ifconifg <ethx> down
> >  ifconfig <ethx> up
> >
> > It will work again. And `ethtool -A' has the same issue.
> >
> > So we think after setting the options, the interface should be restarted.
> >
> > Signed-off-by: Zhang Xiaoming <xiaoming.zhang@resilience.com>
> > Cc: Stephen Hemminger <shemminger@vyatta.com>
> > Cc: Jeff Garzik <jeff@garzik.org>
> > Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> > ---
> >
> >  drivers/net/skge.c |   12 ++++++++----
> >  1 file changed, 8 insertions(+), 4 deletions(-)
> >
> > diff -puN
> > drivers/net/skge.c~driver-net-skgec-restart-the-interface-when-its-option
> >s-or-pauseparam-is-set drivers/net/skge.c ---
> > a/drivers/net/skge.c~driver-net-skgec-restart-the-interface-when-its-opti
> >ons-or-pauseparam-is-set +++ a/drivers/net/skge.c
> > @@ -353,8 +353,10 @@ static int skge_set_settings(struct net_
> >   skge->autoneg = ecmd->autoneg;
> >   skge->advertising = ecmd->advertising;
> >
> > - if (netif_running(dev))
> > - skge_phy_reset(skge);
> > + if (netif_running(dev)) {
> > + skge_down(dev);
> > + skge_up(dev);
> > + }
> >
> >   return (0);
> >  }
> > @@ -595,8 +597,10 @@ static int skge_set_pauseparam(struct ne
> >   skge->flow_control = FLOW_MODE_NONE;
> >   }
> >
> > - if (netif_running(dev))
> > - skge_phy_reset(skge);
> > + if (netif_running(dev)) {
> > + skge_down(dev);
> > + skge_up(dev);
> > + }
> >
> >   return 0;
> >  }
>
> Since skge_up can fail because of out of memory, this code needs to
> check the return value. And then if it fails the "limbo state" needs
> to be handled in skge_down.

How about like this? It is tested.

Thank you.

Signed-off-by: Zhang Xiaoming <xiaoming.zhang@resilience.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[2.6.28,1/1] cxgb3 - fix race in EEH
Divy Le Ray [Thu, 25 Sep 2008 14:05:28 +0000 (14:05 +0000)]
[2.6.28,1/1] cxgb3 - fix race in EEH

A SGE queue set timer might access registers while in EEH recovery,
triggering an EEH error loop. Stop all timers early in EEH process.

Signed-off-by: Divy Le Ray <divy@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agovia-velocity: Fix warnings on sparc64.
Francois Romieu [Wed, 8 Oct 2008 22:55:15 +0000 (15:55 -0700)]
via-velocity: Fix warnings on sparc64.

As reported by Meelis Roos.

Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agonet: remove LLTX in atl2 driver
Kevin Hao [Thu, 25 Sep 2008 16:20:11 +0000 (16:20 +0000)]
net: remove LLTX in atl2 driver

When NETIF_F_LLTX is set, the atlx driver will use a private lock.
But in recent kernels this implementation seems redundant and
can cause problems where AF_PACKET sees things twice. Since
NETIF_F_LLTX is marked as deprecated and shouldn't be used in
new driver, this patch removes NETIF_F_LLTX and adds a mmiowb
before sending packet. I have tested this driver on a Eee PC.
It works well.

Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Acked-by: Jay Cliburn <jacliburn@bellsouth.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agophylib: Wake PHY state machine on interrupt
Trent Piepho [Wed, 8 Oct 2008 22:46:57 +0000 (15:46 -0700)]
phylib: Wake PHY state machine on interrupt

This way the phy layer will respond to a change in phy state immediately,
instead of up to one second later when the state machine timer runs.

Signed-off-by: Trent Piepho <tpiepho@freescale.com>
Acked-by: Andy Fleming <afleming@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoPHY: Avoid unnecessary aneg restarts
Trent Piepho [Wed, 24 Sep 2008 10:55:46 +0000 (10:55 +0000)]
PHY: Avoid unnecessary aneg restarts

The PHY's aneg is configured and restarted whenever the link is brought up,
e.g. when DHCP is started after the kernel has booted.  This can take the
link down for several seconds while auto-negotiation is redone.

If the advertised features haven't changed, then it shouldn't be necessary
to bring down the link and start auto-negotiation over again.

genphy_config_advert() is enhanced to return 0 when the advertised features
haven't been changed and >0 when they have been.

genphy_config_aneg() then uses this information to not call
genphy_restart_aneg() if there has been no change.

Signed-off-by: Trent Piepho <tpiepho@freescale.com>
Acked-by: Andy Fleming <afleming@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agor8169: read MAC address from EEPROM on init
Ivan Vecera [Tue, 23 Sep 2008 22:46:29 +0000 (22:46 +0000)]
r8169: read MAC address from EEPROM on init

Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agonet: add net poll support for atl2 driver
Kevin Hao [Fri, 19 Sep 2008 21:56:44 +0000 (21:56 +0000)]
net: add net poll support for atl2 driver

Add netconsole support for Atheros L2 10/100 network device.

Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Acked-by: Jay Cliburn <jacliburn@bellsouth.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoibm_newemac: Fix EMAC soft reset on 460EX/GT
Victor Gallardo [Thu, 18 Sep 2008 12:41:26 +0000 (12:41 +0000)]
ibm_newemac: Fix EMAC soft reset on 460EX/GT

This patch fixes EMAC soft reset on 460EX/GT when no external clock is
available.

Signed-off-by: Victor Gallardo <vgallardo@amcc.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agophylib: phy_mii_ioctl() fixes
Lennert Buytenhek [Thu, 18 Sep 2008 03:06:52 +0000 (03:06 +0000)]
phylib: phy_mii_ioctl() fixes

Make the SIOCGMIIPHY case fall through properly (it is supposed
to not only return the ID of the default PHY but also to read from
that PHY), and make phy_mii_ioctl() return the same error code as
generic_mii_ioctl() in case of an unsupported operation.

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
Acked-by: Andy Fleming <afleming@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoMerge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
David S. Miller [Wed, 8 Oct 2008 21:56:41 +0000 (14:56 -0700)]
Merge branch 'master' of /linux/kernel/git/davem/net-2.6

Conflicts:

drivers/net/e1000e/ich8lan.c
drivers/net/e1000e/netdev.c

16 years agoipvs: Remove stray file left over from ipvs move
Sven Wegener [Wed, 8 Oct 2008 21:41:35 +0000 (14:41 -0700)]
ipvs: Remove stray file left over from ipvs move

Commit cb7f6a7b716e801097b564dec3ccb58d330aef56 ("IPVS: Move IPVS to
net/netfilter/ipvs") has left a stray file in the old location of ipvs.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agotcpv6: fix option space offsets with md5
Ilpo Järvinen [Wed, 8 Oct 2008 21:36:33 +0000 (14:36 -0700)]
tcpv6: fix option space offsets with md5

More breakage :-), part of timestamps just were previously
overwritten.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoMerge branch 'lvs-next-2.6' of git://git.kernel.org/pub/scm/linux/kernel/git/horms...
David S. Miller [Wed, 8 Oct 2008 21:26:36 +0000 (14:26 -0700)]
Merge branch 'lvs-next-2.6' of git://git./linux/kernel/git/horms/lvs-2.6

Conflicts:

net/netfilter/Kconfig

16 years agosctp: shrink sctp_tsnmap some more by removing gabs array
Vlad Yasevich [Wed, 8 Oct 2008 21:19:01 +0000 (14:19 -0700)]
sctp: shrink sctp_tsnmap some more by removing gabs array

The gabs array in the sctp_tsnmap structure is only used
in one place, sctp_make_sack().  As such, carrying the
array around in the sctp_tsnmap and thus directly in
the sctp_association is rather pointless since most
of the time it's just taking up space.  Now, let
sctp_make_sack create and populate it and then throw
it away when it's done.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agosctp: Rework the tsn map to use generic bitmap.
Vlad Yasevich [Wed, 8 Oct 2008 21:18:39 +0000 (14:18 -0700)]
sctp: Rework the tsn map to use generic bitmap.

The tsn map currently use is 4K large and is stuck inside
the sctp_association structure making memory references REALLY
expensive.  What we really need is at most 4K worth of bits
so the biggest map we would have is 512 bytes.   Also, the
map is only really usefull when we have gaps to store and
report.  As such, starting with minimal map of say 32 TSNs (bits)
should be enough for normal low-loss operations.  We can grow
the map by some multiple of 32 along with some extra room any
time we receive the TSN which would put us outside of the map
boundry.  As we close gaps, we can shift the map to rebase
it on the latest TSN we've seen.  This saves 4088 bytes per
association just in the map alone along savings from the now
unnecessary structure members.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoinet: cleanup of local_port_range
Eric Dumazet [Wed, 8 Oct 2008 21:18:04 +0000 (14:18 -0700)]
inet: cleanup of local_port_range

I noticed sysctl_local_port_range[] and its associated seqlock
sysctl_local_port_range_lock were on separate cache lines.
Moreover, sysctl_local_port_range[] was close to unrelated
variables, highly modified, leading to cache misses.

Moving these two variables in a structure can help data
locality and moving this structure to read_mostly section
helps sharing of this data among cpus.

Cleanup of extern declarations (moved in include file where
they belong), and use of inet_get_local_port_range()
accessor instead of direct access to ports values.

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoudp: Improve port randomization
Eric Dumazet [Wed, 8 Oct 2008 18:44:17 +0000 (11:44 -0700)]
udp: Improve port randomization

Current UDP port allocation is suboptimal.
We select the shortest chain to chose a port (out of 512)
that will hash in this shortest chain.

First, it can lead to give not so ramdom ports and ease
give attackers more opportunities to break the system.

Second, it can consume a lot of CPU to scan all table
in order to find the shortest chain.

Third, in some pathological cases we can fail to find
a free port even if they are plenty of them.

This patch zap the search for a short chain and only
use one random seed. Problem of getting long chains
should be addressed in another way, since we can
obtain long chains with non random ports.

Based on a report and patch from Vitaly Mayatskikh

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoMerge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
Linus Torvalds [Wed, 8 Oct 2008 18:41:10 +0000 (11:41 -0700)]
Merge branch 'upstream' of git://ftp.linux-mips.org/upstream-linus

* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
  [MIPS] Sibyte: Register PIO PATA device only for Swarm and Litte Sur

16 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Wed, 8 Oct 2008 18:40:19 +0000 (11:40 -0700)]
Merge git://git./linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
  tcp: Fix tcp_hybla zero congestion window growth with small rho and large cwnd.
  net: Fix netdev_run_todo dead-lock
  tcp: Fix possible double-ack w/ user dma
  net: only invoke dev->change_rx_flags when device is UP
  netrom: Fix sock_orphan() use in nr_release
  ax25: Quick fix for making sure unaccepted sockets get destroyed.
  Revert "ax25: Fix std timer socket destroy handling."
  [Bluetooth] Add reset quirk for A-Link BlueUSB21 dongle
  [Bluetooth] Add reset quirk for new Targus and Belkin dongles
  [Bluetooth] Fix double frees on error paths of btusb and bpa10x drivers

16 years agopkt_sched: Update qdisc requeue stats in dev_requeue_skb()
Jarek Poplawski [Wed, 8 Oct 2008 18:36:22 +0000 (11:36 -0700)]
pkt_sched: Update qdisc requeue stats in dev_requeue_skb()

After the last change of requeuing there is no info about such
incidents in tc stats. This patch updates the counter, but we should
consider this should differ from previous stats because of additional
checks preventing to repeat this. On the other hand, previous stats
didn't include requeuing of gso_segmented skbs.

Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agotcp: fix length used for checksum in a reset
Ilpo Järvinen [Wed, 8 Oct 2008 18:34:06 +0000 (11:34 -0700)]
tcp: fix length used for checksum in a reset

While looking for some common code I came across difference
in checksum calculation between tcp_v6_send_(reset|ack) I
couldn't explain. I checked both v4 and v6 and found out that
both seem to have the same "feature". I couldn't find anything
in rfc nor anywhere else which would state that md5 option
should be ignored like it was in case of reset so I came to
a conclusion that this is probably a genuine bug. I suspect
that addition of md5 just was fooled by the excessive
copy-paste code in those functions and the reset part was
never tested well enough to find out the problem.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[MIPS] Sibyte: Register PIO PATA device only for Swarm and Litte Sur
Ralf Baechle [Wed, 8 Oct 2008 18:14:33 +0000 (19:14 +0100)]
[MIPS] Sibyte: Register PIO PATA device only for Swarm and Litte Sur

Symbol name spaghetti which is too complicated to cleanup on this stage
of the release cycle breaks the build on BCM1480 platforms.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
16 years agoipv6: remove unused not init_ipv6_mibs/cleanup_ipv6_mibs
Denis V. Lunev [Wed, 8 Oct 2008 17:36:24 +0000 (10:36 -0700)]
ipv6: remove unused not init_ipv6_mibs/cleanup_ipv6_mibs

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: making ip and icmp statistics per/namespace
Denis V. Lunev [Wed, 8 Oct 2008 17:36:03 +0000 (10:36 -0700)]
ipv6: making ip and icmp statistics per/namespace

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: added net argument to _DEVINC/_DEVADD
Denis V. Lunev [Wed, 8 Oct 2008 17:35:11 +0000 (10:35 -0700)]
ipv6: added net argument to _DEVINC/_DEVADD

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: added net argument to ICMP6MSGIN_INC_STATS_BH
Denis V. Lunev [Wed, 8 Oct 2008 17:34:54 +0000 (10:34 -0700)]
ipv6: added net argument to ICMP6MSGIN_INC_STATS_BH

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: ICMP6MSGIN_INC_STATS is not used
Denis V. Lunev [Wed, 8 Oct 2008 17:34:35 +0000 (10:34 -0700)]
ipv6: ICMP6MSGIN_INC_STATS is not used

Removed.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: added net argument to ICMP6MSGOUT_INC_STATS_BH
Denis V. Lunev [Wed, 8 Oct 2008 17:34:14 +0000 (10:34 -0700)]
ipv6: added net argument to ICMP6MSGOUT_INC_STATS_BH

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: added net argument to ICMP6MSGOUT_INC_STATS
Denis V. Lunev [Wed, 8 Oct 2008 17:33:50 +0000 (10:33 -0700)]
ipv6: added net argument to ICMP6MSGOUT_INC_STATS

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: added net argument to ICMP6_INC_STATS_BH
Denis V. Lunev [Wed, 8 Oct 2008 17:33:26 +0000 (10:33 -0700)]
ipv6: added net argument to ICMP6_INC_STATS_BH

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: added net argument to ICMP6_INC_STATS
Denis V. Lunev [Wed, 8 Oct 2008 17:33:06 +0000 (10:33 -0700)]
ipv6: added net argument to ICMP6_INC_STATS

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: added net argument to IP6_ADD_STATS_BH
Denis V. Lunev [Wed, 8 Oct 2008 17:32:43 +0000 (10:32 -0700)]
ipv6: added net argument to IP6_ADD_STATS_BH

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: added net argument to IP6_INC_STATS_BH
Denis V. Lunev [Wed, 8 Oct 2008 18:09:27 +0000 (11:09 -0700)]
ipv6: added net argument to IP6_INC_STATS_BH

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agonetns: add net parameter to IP6_INC_STATS
Denis V. Lunev [Wed, 8 Oct 2008 17:54:51 +0000 (10:54 -0700)]
netns: add net parameter to IP6_INC_STATS

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: consolidate error paths in ipv6_frag_rcv
Denis V. Lunev [Wed, 8 Oct 2008 17:31:44 +0000 (10:31 -0700)]
ipv6: consolidate error paths in ipv6_frag_rcv

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: local dev is actually unused in ip6_fragment
Denis V. Lunev [Wed, 8 Oct 2008 17:31:18 +0000 (10:31 -0700)]
ipv6: local dev is actually unused in ip6_fragment

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6
David S. Miller [Wed, 8 Oct 2008 16:50:38 +0000 (09:50 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/kaber/nf-next-2.6

16 years agonetfilter: xtables: remove bogus mangle table dependency of connmark
Jan Engelhardt [Wed, 8 Oct 2008 09:35:20 +0000 (11:35 +0200)]
netfilter: xtables: remove bogus mangle table dependency of connmark

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: xtables: use NFPROTO_UNSPEC in more extensions
Jan Engelhardt [Wed, 8 Oct 2008 09:35:20 +0000 (11:35 +0200)]
netfilter: xtables: use NFPROTO_UNSPEC in more extensions

Lots of extensions are completely family-independent, so squash some code.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: xtables: cut down on static data for family-independent extensions
Jan Engelhardt [Wed, 8 Oct 2008 09:35:20 +0000 (11:35 +0200)]
netfilter: xtables: cut down on static data for family-independent extensions

Using ->family in struct xt_*_param, multiple struct xt_{match,target}
can be squashed together.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: xtables: provide invoked family value to extensions
Jan Engelhardt [Wed, 8 Oct 2008 09:35:20 +0000 (11:35 +0200)]
netfilter: xtables: provide invoked family value to extensions

By passing in the family through which extensions were invoked, a bit
of data space can be reclaimed. The "family" member will be added to
the parameter structures and the check functions be adjusted.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: xtables: move extension arguments into compound structure (6/6)
Jan Engelhardt [Wed, 8 Oct 2008 09:35:19 +0000 (11:35 +0200)]
netfilter: xtables: move extension arguments into compound structure (6/6)

This patch does this for target extensions' destroy functions.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: xtables: move extension arguments into compound structure (5/6)
Jan Engelhardt [Wed, 8 Oct 2008 09:35:19 +0000 (11:35 +0200)]
netfilter: xtables: move extension arguments into compound structure (5/6)

This patch does this for target extensions' checkentry functions.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: xtables: move extension arguments into compound structure (4/6)
Jan Engelhardt [Wed, 8 Oct 2008 09:35:19 +0000 (11:35 +0200)]
netfilter: xtables: move extension arguments into compound structure (4/6)

This patch does this for target extensions' target functions.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: xtables: move extension arguments into compound structure (3/6)
Jan Engelhardt [Wed, 8 Oct 2008 09:35:19 +0000 (11:35 +0200)]
netfilter: xtables: move extension arguments into compound structure (3/6)

This patch does this for match extensions' destroy functions.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: xtables: move extension arguments into compound structure (2/6)
Jan Engelhardt [Wed, 8 Oct 2008 09:35:18 +0000 (11:35 +0200)]
netfilter: xtables: move extension arguments into compound structure (2/6)

This patch does this for match extensions' checkentry functions.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: xtables: move extension arguments into compound structure (1/6)
Jan Engelhardt [Wed, 8 Oct 2008 09:35:18 +0000 (11:35 +0200)]
netfilter: xtables: move extension arguments into compound structure (1/6)

The function signatures for Xtables extensions have grown over time.
It involves a lot of typing/replication, and also a bit of stack space
even if they are not used. Realize an NFWS2008 idea and pack them into
structs. The skb remains outside of the struct so gcc can continue to
apply its optimizations.

This patch does this for match extensions' match functions.

A few ambiguities have also been addressed. The "offset" parameter for
example has been renamed to "fragoff" (there are so many different
offsets already) and "protoff" to "thoff" (there is more than just one
protocol here, so clarify).

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: xtables: use "if" blocks in Kconfig
Jan Engelhardt [Wed, 8 Oct 2008 09:35:18 +0000 (11:35 +0200)]
netfilter: xtables: use "if" blocks in Kconfig

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: xtables: sort extensions alphabetically in Kconfig
Jan Engelhardt [Wed, 8 Oct 2008 09:35:17 +0000 (11:35 +0200)]
netfilter: xtables: sort extensions alphabetically in Kconfig

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: ebtables: make BRIDGE_NF_EBTABLES a menuconfig option
Jan Engelhardt [Wed, 8 Oct 2008 09:35:17 +0000 (11:35 +0200)]
netfilter: ebtables: make BRIDGE_NF_EBTABLES a menuconfig option

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: ip6tables: fix Kconfig entry dependency for ip6t_LOG
Jan Engelhardt [Wed, 8 Oct 2008 09:35:17 +0000 (11:35 +0200)]
netfilter: ip6tables: fix Kconfig entry dependency for ip6t_LOG

ip6t_LOG does certainly not depend on the filter table.
(Also, move it so that menuconfig still displays it correctly.)

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: ip6tables: fix name of hopbyhop in Kconfig
Jan Engelhardt [Wed, 8 Oct 2008 09:35:17 +0000 (11:35 +0200)]
netfilter: ip6tables: fix name of hopbyhop in Kconfig

The module is called hbh, not hopbyhop.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: xtables: do centralized checkentry call (1/2)
Jan Engelhardt [Wed, 8 Oct 2008 09:35:17 +0000 (11:35 +0200)]
netfilter: xtables: do centralized checkentry call (1/2)

It used to be that {ip,ip6,etc}_tables called extension->checkentry
themselves, but this can be moved into the xtables core.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: ebtables: fix one wrong return value
Jan Engelhardt [Wed, 8 Oct 2008 09:35:16 +0000 (11:35 +0200)]
netfilter: ebtables: fix one wrong return value

Usually -EINVAL is used when checkentry fails (see *_tables).

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: remove redundant casts from Ebtables
Jan Engelhardt [Wed, 8 Oct 2008 09:35:16 +0000 (11:35 +0200)]
netfilter: remove redundant casts from Ebtables

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: remove unused Ebtables functions
Jan Engelhardt [Wed, 8 Oct 2008 09:35:16 +0000 (11:35 +0200)]
netfilter: remove unused Ebtables functions

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: implement hotdrop for Ebtables
Jan Engelhardt [Wed, 8 Oct 2008 09:35:16 +0000 (11:35 +0200)]
netfilter: implement hotdrop for Ebtables

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: ebtables: use generic table checking
Jan Engelhardt [Wed, 8 Oct 2008 09:35:15 +0000 (11:35 +0200)]
netfilter: ebtables: use generic table checking

Ebtables ORs (1 << NF_BR_NUMHOOKS) into the hook mask to indicate that
the extension was called from a base chain. So this also needs to be
present in the extensions' ->hooks.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: x_tables: output bad hook mask in hexadecimal
Jan Engelhardt [Wed, 8 Oct 2008 09:35:15 +0000 (11:35 +0200)]
netfilter: x_tables: output bad hook mask in hexadecimal

It is a mask, and masks are most useful in hex.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: move Ebtables to use Xtables
Jan Engelhardt [Wed, 8 Oct 2008 09:35:15 +0000 (11:35 +0200)]
netfilter: move Ebtables to use Xtables

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: change Ebtables function signatures to match Xtables's
Jan Engelhardt [Wed, 8 Oct 2008 09:35:15 +0000 (11:35 +0200)]
netfilter: change Ebtables function signatures to match Xtables's

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: ebt_among: obtain match size through different means
Jan Engelhardt [Wed, 8 Oct 2008 09:35:14 +0000 (11:35 +0200)]
netfilter: ebt_among: obtain match size through different means

The function signatures will be changed to match those of Xtables, and
the datalen argument will be gone. ebt_among unfortunately relies on
it, so we need to obtain it somehow.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: add dummy members to Ebtables code to ease transition to Xtables
Jan Engelhardt [Wed, 8 Oct 2008 09:35:14 +0000 (11:35 +0200)]
netfilter: add dummy members to Ebtables code to ease transition to Xtables

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: Change return types of targets/watchers for Ebtables extensions
Jan Engelhardt [Wed, 8 Oct 2008 09:35:13 +0000 (11:35 +0200)]
netfilter: Change return types of targets/watchers for Ebtables extensions

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: change return types of match functions for ebtables extensions
Jan Engelhardt [Wed, 8 Oct 2008 09:35:13 +0000 (11:35 +0200)]
netfilter: change return types of match functions for ebtables extensions

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: change return types of check functions for Ebtables extensions
Jan Engelhardt [Wed, 8 Oct 2008 09:35:13 +0000 (11:35 +0200)]
netfilter: change return types of check functions for Ebtables extensions

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: ebtables: do centralized size checking
Jan Engelhardt [Wed, 8 Oct 2008 09:35:13 +0000 (11:35 +0200)]
netfilter: ebtables: do centralized size checking

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: Add documentation for tproxy
KOVACS Krisztian [Wed, 8 Oct 2008 09:35:12 +0000 (11:35 +0200)]
netfilter: Add documentation for tproxy

Add basic usage instructions to Documentation/networking.

Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: iptables TPROXY target
KOVACS Krisztian [Wed, 8 Oct 2008 09:35:12 +0000 (11:35 +0200)]
netfilter: iptables TPROXY target

The TPROXY target implements redirection of non-local TCP/UDP traffic to local
sockets. Additionally, it's possible to manipulate the packet mark if and only
if a socket has been found. (We need this because we cannot use multiple
targets in the same iptables rule.)

Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: iptables socket match
KOVACS Krisztian [Wed, 8 Oct 2008 09:35:12 +0000 (11:35 +0200)]
netfilter: iptables socket match

Add iptables 'socket' match, which matches packets for which a TCP/UDP
socket lookup succeeds.

Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: iptables tproxy core
KOVACS Krisztian [Wed, 8 Oct 2008 09:35:12 +0000 (11:35 +0200)]
netfilter: iptables tproxy core

The iptables tproxy core is a module that contains the common routines used by
various tproxy related modules (TPROXY target and socket match)

Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: split netfilter IPv4 defragmentation into a separate module
KOVACS Krisztian [Wed, 8 Oct 2008 09:35:12 +0000 (11:35 +0200)]
netfilter: split netfilter IPv4 defragmentation into a separate module

Netfilter connection tracking requires all IPv4 packets to be defragmented.
Both the socket match and the TPROXY target depend on this functionality, so
this patch separates the Netfilter IPv4 defrag hooks into a separate module.

Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: enable netfilter in netns
Alexey Dobriyan [Wed, 8 Oct 2008 09:35:11 +0000 (11:35 +0200)]
netfilter: enable netfilter in netns

From kernel perspective, allow entrance in nf_hook_slow().

Stuff which uses nf_register_hook/nf_register_hooks, but otherwise not netns-ready:

DECnet netfilter
ipt_CLUSTERIP
nf_nat_standalone.c together with XFRM (?)
IPVS
several individual match modules (like hashlimit)
ctnetlink
NOTRACK
all sorts of queueing and reporting to userspace
L3 and L4 protocol sysctls, bridge sysctls
probably something else

Anyway critical mass has been achieved, there is no reason to hide netfilter any longer.

From userspace perspective, allow to manipulate all sorts of
iptables/ip6tables/arptables rules.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: netns nat: PPTP NAT in netns
Alexey Dobriyan [Wed, 8 Oct 2008 09:35:11 +0000 (11:35 +0200)]
netfilter: netns nat: PPTP NAT in netns

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: netns nf_conntrack: fixup DNAT in netns
Alexey Dobriyan [Wed, 8 Oct 2008 09:35:11 +0000 (11:35 +0200)]
netfilter: netns nf_conntrack: fixup DNAT in netns

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: netns nat: per-netns bysource hash
Alexey Dobriyan [Wed, 8 Oct 2008 09:35:11 +0000 (11:35 +0200)]
netfilter: netns nat: per-netns bysource hash

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: netns nat: per-netns NAT table
Alexey Dobriyan [Wed, 8 Oct 2008 09:35:10 +0000 (11:35 +0200)]
netfilter: netns nat: per-netns NAT table

Same story as with iptable_filter, iptables_raw tables.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: netns nat: fix ipt_MASQUERADE in netns
Alexey Dobriyan [Wed, 8 Oct 2008 09:35:10 +0000 (11:35 +0200)]
netfilter: netns nat: fix ipt_MASQUERADE in netns

First, allow entry in notifier hook.
Second, start conntrack cleanup in netns to which netdevice belongs.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: netns nf_conntrack: PPTP conntracking in netns
Alexey Dobriyan [Wed, 8 Oct 2008 09:35:10 +0000 (11:35 +0200)]
netfilter: netns nf_conntrack: PPTP conntracking in netns

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years agonetfilter: netns nf_conntrack: GRE conntracking in netns
Alexey Dobriyan [Wed, 8 Oct 2008 09:35:10 +0000 (11:35 +0200)]
netfilter: netns nf_conntrack: GRE conntracking in netns

* make keymap list per-netns
* per-netns keymal lock (not strictly necessary)
* flush keymap at netns stop and module unload.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>