firefly-linux-kernel-4.4.55.git
16 years ago[VLAN]: Tag vlan_group_device with net device, not ifindex.
Pavel Emelyanov [Wed, 16 Apr 2008 07:48:04 +0000 (00:48 -0700)]
[VLAN]: Tag vlan_group_device with net device, not ifindex.

Currently vlan group is searched using one key - the ifindex.
We'll have to lookup the vlan_group by two keys - ifindex and
net. Turning the vlan_group lookup key to struct net_device
pointer will make this process easier.

Besides, this will eliminate one more place in the networking,
that assumes that indexes are unique in the kernel.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[RTNL]: Introduce the rtnl_kill_links helper.
Pavel Emelyanov [Wed, 16 Apr 2008 07:46:52 +0000 (00:46 -0700)]
[RTNL]: Introduce the rtnl_kill_links helper.

This one is responsible for calling ->dellink on each net
device found in net to help with vlan net_exit hook in the
nearest future.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[RTNL]: Relax for_each_netdev_safe in __rtnl_link_unregister.
Pavel Emelyanov [Wed, 16 Apr 2008 07:45:56 +0000 (00:45 -0700)]
[RTNL]: Relax for_each_netdev_safe in __rtnl_link_unregister.

Each potential list_del (happening from inside a ->dellink call)
is followed by goto restart, so there's no need in _safe iteration.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TUN]: Allow to register tun devices in namespace.
Pavel Emelyanov [Wed, 16 Apr 2008 07:41:53 +0000 (00:41 -0700)]
[TUN]: Allow to register tun devices in namespace.

This is basically means that a net is set for a new device, but
actually also involves two more steps:

1. mark the tun device as "local", i.e. do not allow for it to
   move across namespaces.

This is done so, since tun device is most often associated to some
file (and thus to some process) and moving the device alone is not
valid while keeping the file and the process outside. The need in
ability to move a detached persistent device is to be investigated
later.

2. get the tun device's net when tun becomes attached and put one
   when it becomes detached.

This is needed to handle the case when a task owning the tun dies,
but a files lives for some more time - in this case we must not
allow for net to be freed, since its exit hook will spoil that file's
private data by unregistering the tun from under tun_chr_close.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TUN]: Make the tun_dev_list per-net.
Pavel Emelyanov [Wed, 16 Apr 2008 07:41:16 +0000 (00:41 -0700)]
[TUN]: Make the tun_dev_list per-net.

Remove the static tun_dev_list and replace its occurrences in
driver with per-net one.

It is used in two places - in tun_set_iff and tun_cleanup. In
the first case it's legal to use current net_ns. In the cleanup
call - move the loop, that unregisters all devices in net exit
hook.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TUN]: Introduce the tun_net structure and init/exit net ops.
Pavel Emelyanov [Wed, 16 Apr 2008 07:40:46 +0000 (00:40 -0700)]
[TUN]: Introduce the tun_net structure and init/exit net ops.

This is the first step in making tuntap devices work in net
namespaces. The structure mentioned is pointed by generic
net pointer with tun_net_id id, and tun driver fills one on
its load. It will contain only the tun devices list.

So declare this structure and introduce net init and exit hooks.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: Remove superflushious skb == write_queue_tail() check
Ilpo Järvinen [Wed, 16 Apr 2008 03:36:55 +0000 (20:36 -0700)]
[TCP]: Remove superflushious skb == write_queue_tail() check

Needed can only be more strict than what was checked by the
earlier common case check for non-tail skbs, thus
cwnd_len <= needed will never match in that case anyway.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[ETHTOOL]: Add support for large eeproms
Mandeep Singh Baines [Wed, 16 Apr 2008 02:24:17 +0000 (19:24 -0700)]
[ETHTOOL]: Add support for large eeproms

Currently, it is not possible to read/write to an eeprom larger than
128k in size because the buffer used for temporarily storing the
eeprom contents is allocated using kmalloc. kmalloc can only allocate
a maximum of 128k depending on architecture.

Modified ethtool_get/set_eeprom to only allocate a page of memory and
then copy the eeprom a page at a time.

Updated original patch as per suggestions from Joe Perches.

Signed-off-by: Mandeep Singh Baines <msb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoCAN: use hrtimers in can-bcm protocol
Oliver Hartkopp [Wed, 16 Apr 2008 02:29:14 +0000 (19:29 -0700)]
CAN: use hrtimers in can-bcm protocol

Make use of hrtimers to support high resolution capabilities, when
provided by the system clocksource.

The conversion to hrtimers additionally discovered and solved an
unlikely race condition that has been reproduced under (unrealistic)
massive receive load, which can only be produced on vcan software devices.

[ Fix printf format warnings on 64-bit -DaveM ]

Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TIPC]: Enhance validation of format on incoming messages
Allan Stephens [Wed, 16 Apr 2008 02:04:54 +0000 (19:04 -0700)]
[TIPC]: Enhance validation of format on incoming messages

This patch ensures that TIPC properly handles incoming messages
that have incorrect or unexpected formats.  Most significantly,
it now ensures that each sl_buff has at least as much data as
the message header indicates it should, and that the entire
message header is stored contiguously; this prevents TIPC from
accidentally accessing memory that is not part of the sk_buff.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TIPC]: Force linearization of non-linear sk_buffs
Allan Stephens [Wed, 16 Apr 2008 02:03:23 +0000 (19:03 -0700)]
[TIPC]: Force linearization of non-linear sk_buffs

This patch allows TIPC to process incoming messages that are
stored in a fragmented sk_buff, by forcing the linearization
of any such messages it receives.

Note: This is an interim solution to allow TIPC to operate with
Ethernet devices that generate non-linear buffers (such as the
gianfar driver), until such time as the rest of TIPC is enhanced
to handle sk_buffs with multiple data areas.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TIPC]: Use fast buffer cloning to improve performance
Allan Stephens [Wed, 16 Apr 2008 02:02:30 +0000 (19:02 -0700)]
[TIPC]: Use fast buffer cloning to improve performance

This patch causes TIPC to allocate fast clonable sk_buffs,
rather than standard ones.  This speeds up the cloning
operation done by the link code each time a message is sent
off-node.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TIPC]: Remove redundant NULL check when discarding buffers
Allan Stephens [Wed, 16 Apr 2008 02:01:43 +0000 (19:01 -0700)]
[TIPC]: Remove redundant NULL check when discarding buffers

This patch eliminates a null pointer check when discarding a
TIPC message buffer, since kfree_skb() already handles this
situation.

Acknowledgements to Florian Westphal (fw@strlen.de> for
suggesting this enhancement.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETNS]: The generic per-net pointers.
Pavel Emelyanov [Tue, 15 Apr 2008 07:36:08 +0000 (00:36 -0700)]
[NETNS]: The generic per-net pointers.

Add the elastic array of void * pointer to the struct net.
The access rules are simple:

 1. register the ops with register_pernet_gen_device to get
    the id of your private pointer
 2. call net_assign_generic() to put the private data on the
    struct net (most preferably this should be done in the
    ->init callback of the ops registered)
 3. do not store any private reference on the net_generic array;
 4. do not change this pointer while the net is alive;
 5. use the net_generic() to get the pointer.

When adding a new pointer, I copy the old array, replace it
with a new one and schedule the old for kfree after an RCU
grace period.

Since the net_generic explores the net->gen array inside rcu
read section and once set the net->gen->ptr[x] pointer never
changes, this grants us a safe access to generic pointers.

Quoting Paul: "... RCU is protecting -only- the net_generic
structure that net_generic() is traversing, and the [pointer]
returned by net_generic() is protected by a reference counter
in the upper-level struct net."

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETNS]: The net-subsys IDs generator.
Pavel Emelyanov [Tue, 15 Apr 2008 07:35:23 +0000 (00:35 -0700)]
[NETNS]: The net-subsys IDs generator.

To make some per-net generic pointers, we need some way to address
them, i.e. - IDs. This is simple IDA-based IDs generator for pernet
subsystems.

Addressing questions about potential checkpoint/restart problems:
these IDs are "lite-offsets" within the net structure and are by no
means supposed to be exported to the userspace.

Since it will be used in the nearest future by devices only (tun,
vlan, tunnels, bridge, etc), I make it resemble the functionality
of register_pernet_device().

The new ids is stored in the *id pointer _before_ calling the init
callback to make this id available in this callback.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[ISDN] include/linux/isdn.h: remove dead code
Adrian Bunk [Tue, 15 Apr 2008 07:30:16 +0000 (00:30 -0700)]
[ISDN] include/linux/isdn.h: remove dead code

This patch remove the usage of a nonexisting kconfig variable.

Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IRDA]: Remove irlan_eth_send_gratuitous_arp()
Adrian Bunk [Tue, 15 Apr 2008 07:29:24 +0000 (00:29 -0700)]
[IRDA]: Remove irlan_eth_send_gratuitous_arp()

Even kernel 2.2.26 (sic) already contains the
  #undef CONFIG_IRLAN_SEND_GRATUITOUS_ARP
with the comment "but for some reason the machine crashes if you use DHCP".

Either someone finally looks into this or it's simply time to remove
this dead code.

Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[WANPIPE]: Forgotten bits of Sangoma drivers removal.
Adrian Bunk [Tue, 15 Apr 2008 07:27:58 +0000 (00:27 -0700)]
[WANPIPE]: Forgotten bits of Sangoma drivers removal.

Robert P. J. Day spotted that my removal of the Sangoma drivers missed
a few bits.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TIPC]: Overhaul of socket locking logic
Allan Stephens [Tue, 15 Apr 2008 07:22:02 +0000 (00:22 -0700)]
[TIPC]: Overhaul of socket locking logic

This patch modifies TIPC's socket code to follow the same approach
used by other protocols.  This change eliminates the need for a
mutex in the TIPC-specific portion of the socket protocol data
structure -- in its place, the standard Linux socket backlog queue
and associated locking routines are utilized.  These changes fix
a long-standing receive queue bug on SMP systems, and also enable
individual read and write threads to utilize a socket without
unnecessarily interfering with each other.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TIPC]: Cosmetic changes to TIPC connect() code
Allan Stephens [Tue, 15 Apr 2008 07:20:37 +0000 (00:20 -0700)]
[TIPC]: Cosmetic changes to TIPC connect() code

This patch fixes TIPC's connect routine to conform to Linux
kernel style norms of indentation, line length, etc.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TIPC]: Add error check to detect non-blocking form of connect()
Allan Stephens [Tue, 15 Apr 2008 07:16:19 +0000 (00:16 -0700)]
[TIPC]: Add error check to detect non-blocking form of connect()

This patch causes TIPC to return an error indication if the non-
blocking form of connect() is requested (which TIPC does not yet
support).

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TIPC]: Correct "off by 1" error in socket queue limit enforcement
Allan Stephens [Tue, 15 Apr 2008 07:15:50 +0000 (00:15 -0700)]
[TIPC]: Correct "off by 1" error in socket queue limit enforcement

This patch fixes a bug that allowed TIPC to queue 1 more message
than allowed by the socket receive queue threshold limits.  The
patch also improves the threshold code's logic and naming to help
prevent this sort of error from recurring in the future.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TIPC]: Ignore message padding when receiving stream data
Allan Stephens [Tue, 15 Apr 2008 07:15:15 +0000 (00:15 -0700)]
[TIPC]: Ignore message padding when receiving stream data

This patch ensures that padding bytes appearing at the end of
an incoming TIPC message are not returned as valid stream data.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TIPC]: Allow stream receive to read from multiple TIPC messages
Allan Stephens [Tue, 15 Apr 2008 07:07:15 +0000 (00:07 -0700)]
[TIPC]: Allow stream receive to read from multiple TIPC messages

This patch allows a stream socket to receive data from multiple
TIPC messages in its receive queue, without requiring the use of
the MSG_WAITALL flag.

Acknowledgements to Florian Westphal <fw-tipc@strlen.de> for
identifying this issue and suggesting how to correct it.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TIPC]: Skip connection flow control in connectionless sockets
Allan Stephens [Tue, 15 Apr 2008 07:06:12 +0000 (00:06 -0700)]
[TIPC]: Skip connection flow control in connectionless sockets

This patch optimizes the receive path for SOCK_DGRAM and SOCK_RDM
messages by skipping over code that handles connection-based flow
control.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[XFRM]: Compilation warnings in xfrm_user.c.
Denis V. Lunev [Mon, 14 Apr 2008 21:47:48 +0000 (14:47 -0700)]
[XFRM]: Compilation warnings in xfrm_user.c.

When CONFIG_SECURITY_NETWORK_XFRM is undefined the following warnings appears:
net/xfrm/xfrm_user.c: In function 'xfrm_add_pol_expire':
net/xfrm/xfrm_user.c:1576: warning: 'ctx' may be used uninitialized in this function
net/xfrm/xfrm_user.c: In function 'xfrm_get_policy':
net/xfrm/xfrm_user.c:1340: warning: 'ctx' may be used uninitialized in this function
(security_xfrm_policy_alloc is noop for the case).

It seems that they are result of the commit
03e1ad7b5d871d4189b1da3125c2f12d1b5f7d0b ("LSM: Make the Labeled IPsec
hooks more stack friendly")

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: Format addresses appropriately in debug messages.
YOSHIFUJI Hideaki [Mon, 14 Apr 2008 11:09:36 +0000 (04:09 -0700)]
[TCP]: Format addresses appropriately in debug messages.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: Use NIPQUAD_FMT to format ipv4 addresses.
YOSHIFUJI Hideaki [Mon, 14 Apr 2008 11:09:00 +0000 (04:09 -0700)]
[IPV4]: Use NIPQUAD_FMT to format ipv4 addresses.

And use %u to format port.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2...
David S. Miller [Mon, 14 Apr 2008 10:50:43 +0000 (03:50 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/kaber/nf-2.6.26

16 years ago[SOCK]: Add some notes about per-bind-bucket sock lookup.
Pavel Emelyanov [Mon, 14 Apr 2008 09:42:27 +0000 (02:42 -0700)]
[SOCK]: Add some notes about per-bind-bucket sock lookup.

I was asked about "why don't we perform a sk_net filtering in
bind_conflict calls, like we do in other sock lookup places"
for a couple of times.

Can we please add a comment about why we do not need one?

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[DCCP]: Fix comment about control sockets.
Pavel Emelyanov [Mon, 14 Apr 2008 09:38:45 +0000 (02:38 -0700)]
[DCCP]: Fix comment about control sockets.

These sockets now have a bit other names and are no longer global.

Shame on me, I haven't provided a good comment for this when
sending DCCP netnsization patches.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoMerge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
David S. Miller [Mon, 14 Apr 2008 09:30:23 +0000 (02:30 -0700)]
Merge branch 'master' of /linux/kernel/git/davem/net-2.6

Conflicts:

drivers/net/ehea/ehea_main.c
drivers/net/wireless/iwlwifi/Kconfig
drivers/net/wireless/rt2x00/rt61pci.c
net/ipv4/inet_timewait_sock.c
net/ipv6/raw.c
net/mac80211/ieee80211_sta.c

16 years ago[NETFILTER]: nf_conntrack: fix incorrect check for expectations
Patrick McHardy [Mon, 14 Apr 2008 09:21:01 +0000 (11:21 +0200)]
[NETFILTER]: nf_conntrack: fix incorrect check for expectations

The expectation classes changed help->expectations to an array,
fix use as scalar value.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: bridge: add ebt_nflog watcher
Peter Warasin [Mon, 14 Apr 2008 09:15:54 +0000 (11:15 +0200)]
[NETFILTER]: bridge: add ebt_nflog watcher

This patch adds the ebtables nflog watcher to the kernel in order to
allow ebtables log through the nfnetlink_log backend.

Signed-off-by: Peter Warasin <peter@endian.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function...
Jan Engelhardt [Mon, 14 Apr 2008 09:15:54 +0000 (11:15 +0200)]
[NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call

Directly call IPv4 and IPv6 variants where the address family is
easily known.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre
Jan Engelhardt [Mon, 14 Apr 2008 09:15:54 +0000 (11:15 +0200)]
[NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_nat: use bool type in nf_nat_proto
Jan Engelhardt [Mon, 14 Apr 2008 09:15:53 +0000 (11:15 +0200)]
[NETFILTER]: nf_nat: use bool type in nf_nat_proto

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_tuple.h
Jan Engelhardt [Mon, 14 Apr 2008 09:15:53 +0000 (11:15 +0200)]
[NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_tuple.h

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto
Jan Engelhardt [Mon, 14 Apr 2008 09:15:53 +0000 (11:15 +0200)]
[NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l3proto
Jan Engelhardt [Mon, 14 Apr 2008 09:15:52 +0000 (11:15 +0200)]
[NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l3proto

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: Remove unused callbacks in nf_conntrack_l3proto
Jan Engelhardt [Mon, 14 Apr 2008 09:15:52 +0000 (11:15 +0200)]
[NETFILTER]: Remove unused callbacks in nf_conntrack_l3proto

These functions are never called.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors
Patrick McHardy [Mon, 14 Apr 2008 09:15:52 +0000 (11:15 +0200)]
[NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors

Add accessors for l3num and protonum and get rid of some overly long
expressions.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_conntrack_tcp: catch invalid state updates over ctnetlink
Patrick McHardy [Mon, 14 Apr 2008 09:15:52 +0000 (11:15 +0200)]
[NETFILTER]: nf_conntrack_tcp: catch invalid state updates over ctnetlink

Invalid states can cause out-of-bound memory accesses of the state table.
Also don't insist on having a new state contained in the netlink message.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_nat: kill helper and seq_adjust hooks
Patrick McHardy [Mon, 14 Apr 2008 09:15:52 +0000 (11:15 +0200)]
[NETFILTER]: nf_nat: kill helper and seq_adjust hooks

Connection tracking helpers (specifically FTP) need to be called
before NAT sequence numbers adjustments are performed to be able
to compare them against previously seen ones. We've introduced
two new hooks around 2.6.11 to maintain this ordering when NAT
modules were changed to get called from conntrack helpers directly.

The cost of netfilter hooks is quite high and sequence number
adjustments are only rarely needed however. Add a RCU-protected
sequence number adjustment function pointer and call it from
IPv4 conntrack after calling the helper.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_conntrack_extend: warn on confirmed conntracks
Patrick McHardy [Mon, 14 Apr 2008 09:15:51 +0000 (11:15 +0200)]
[NETFILTER]: nf_conntrack_extend: warn on confirmed conntracks

New extensions may only be added to unconfirmed conntracks to avoid races
when reallocating the storage.

Also change NF_CT_ASSERT to use WARN_ON to get backtraces.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_nat: don't add NAT extension for confirmed conntracks
Patrick McHardy [Mon, 14 Apr 2008 09:15:51 +0000 (11:15 +0200)]
[NETFILTER]: nf_nat: don't add NAT extension for confirmed conntracks

Adding extensions to confirmed conntracks is not allowed to avoid races
on reallocation. Don't setup NAT for confirmed conntracks in case NAT
module is loaded late.

The has one side-effect, the connections existing before the NAT module
was loaded won't enter the bysource hash. The only case where this actually
makes a difference is in case of SNAT to a multirange where the IP before
NAT is also part of the range. Since old connections don't enter the
bysource hash the first new connection from the IP will have a new address
selected. This shouldn't matter at all.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_nat: remove obsolete check for ICMP redirects
Patrick McHardy [Mon, 14 Apr 2008 09:15:50 +0000 (11:15 +0200)]
[NETFILTER]: nf_nat: remove obsolete check for ICMP redirects

Locally generated ICMP packets have a reference to the conntrack entry
of the original packet manually attached by icmp_send(). Therefore the
check for locally originated untracked ICMP redirects can never be
true.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_nat: add SCTP protocol support
Patrick McHardy [Mon, 14 Apr 2008 09:15:50 +0000 (11:15 +0200)]
[NETFILTER]: nf_nat: add SCTP protocol support

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_nat: add DCCP protocol support
Patrick McHardy [Thu, 20 Mar 2008 14:15:57 +0000 (15:15 +0100)]
[NETFILTER]: nf_nat: add DCCP protocol support

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_conntrack: add DCCP protocol support
Patrick McHardy [Thu, 20 Mar 2008 14:15:55 +0000 (15:15 +0100)]
[NETFILTER]: nf_conntrack: add DCCP protocol support

Add DCCP conntrack helper. Thanks to Gerrit Renker <gerrit@erg.abdn.ac.uk>
for review and testing.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: Add partial checksum validation helper
Patrick McHardy [Thu, 20 Mar 2008 14:15:53 +0000 (15:15 +0100)]
[NETFILTER]: Add partial checksum validation helper

Move the UDP-Lite conntrack checksum validation to a generic helper
similar to nf_checksum() and make it fall back to nf_checksum()
in case the full packet is to be checksummed and hardware checksums
are available. This is to be used by DCCP conntrack, which also
needs to verify partial checksums.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_nat: add UDP-Lite support
Patrick McHardy [Thu, 20 Mar 2008 14:15:51 +0000 (15:15 +0100)]
[NETFILTER]: nf_nat: add UDP-Lite support

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_nat: remove unused name from struct nf_nat_protocol
Patrick McHardy [Thu, 20 Mar 2008 14:15:49 +0000 (15:15 +0100)]
[NETFILTER]: nf_nat: remove unused name from struct nf_nat_protocol

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_conntrack_netlink: clean up NAT protocol parsing
Patrick McHardy [Mon, 14 Apr 2008 09:15:47 +0000 (11:15 +0200)]
[NETFILTER]: nf_conntrack_netlink: clean up NAT protocol parsing

Move responsibility for setting the IP_NAT_RANGE_PROTO_SPECIFIED flag
to the NAT protocol, properly propagate errors and get rid of ugly
return value convention.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_nat: move NAT ctnetlink helpers to nf_nat_proto_common
Patrick McHardy [Mon, 14 Apr 2008 09:15:47 +0000 (11:15 +0200)]
[NETFILTER]: nf_nat: move NAT ctnetlink helpers to nf_nat_proto_common

Move to nf_nat_proto_common and rename to nf_nat_proto_... since they're
also used by protocols that don't have port numbers.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_nat: fix random mode not to overwrite port rover
Patrick McHardy [Mon, 14 Apr 2008 09:15:46 +0000 (11:15 +0200)]
[NETFILTER]: nf_nat: fix random mode not to overwrite port rover

The port rover should not get overwritten when using random mode,
otherwise other rules will also use more or less random ports.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_nat: add helpers for common NAT protocol operations
Patrick McHardy [Thu, 20 Mar 2008 14:15:47 +0000 (15:15 +0100)]
[NETFILTER]: nf_nat: add helpers for common NAT protocol operations

Add generic ->in_range and ->unique_tuple ops to avoid duplicating them
again and again for future NAT modules and save a few bytes of text:

net/ipv4/netfilter/nf_nat_proto_tcp.c:
  tcp_in_range     |  -62 (removed)
  tcp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0
 2 functions changed, 321 bytes removed

net/ipv4/netfilter/nf_nat_proto_udp.c:
  udp_in_range     |  -62 (removed)
  udp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0
 2 functions changed, 321 bytes removed

net/ipv4/netfilter/nf_nat_proto_gre.c:
  gre_in_range |  -62 (removed)
 1 function changed, 62 bytes removed

vmlinux:
 5 functions changed, 704 bytes removed

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: {ip,ip6,arp}_tables: return EAGAIN for invalid SO_GET_ENTRIES size
Patrick McHardy [Mon, 14 Apr 2008 09:15:45 +0000 (11:15 +0200)]
[NETFILTER]: {ip,ip6,arp}_tables: return EAGAIN for invalid SO_GET_ENTRIES size

Rule dumping is performed in two steps: first userspace gets the
ruleset size using getsockopt(SO_GET_INFO) and allocates memory,
then it calls getsockopt(SO_GET_ENTRIES) to actually dump the
ruleset. When another process changes the ruleset in between the
sizes from the first getsockopt call doesn't match anymore and
the kernel aborts. Unfortunately it returns EAGAIN, as for multiple
other possible errors, so userspace can't distinguish this case
from real errors.

Return EAGAIN so userspace can retry the operation.

Fixes (with current iptables SVN version) netfilter bugzilla #104.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_conntrack_sip: clear address in parse_addr()
Patrick McHardy [Mon, 14 Apr 2008 09:15:45 +0000 (11:15 +0200)]
[NETFILTER]: nf_conntrack_sip: clear address in parse_addr()

Some callers pass uninitialized structures, clear the address to make
sure later comparisions work properly.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: Explicitly initialize .priority in arptable_filter
Jan Engelhardt [Mon, 14 Apr 2008 09:15:44 +0000 (11:15 +0200)]
[NETFILTER]: Explicitly initialize .priority in arptable_filter

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: remove arpt_(un)register_target indirection macros
Jan Engelhardt [Mon, 14 Apr 2008 09:15:44 +0000 (11:15 +0200)]
[NETFILTER]: remove arpt_(un)register_target indirection macros

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: remove arpt_target indirection macro
Jan Engelhardt [Mon, 14 Apr 2008 09:15:43 +0000 (11:15 +0200)]
[NETFILTER]: remove arpt_target indirection macro

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: remove arpt_table indirection macro
Jan Engelhardt [Mon, 14 Apr 2008 09:15:43 +0000 (11:15 +0200)]
[NETFILTER]: remove arpt_table indirection macro

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: annotate rest of nf_nat_* with const
Jan Engelhardt [Mon, 14 Apr 2008 09:15:42 +0000 (11:15 +0200)]
[NETFILTER]: annotate rest of nf_nat_* with const

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: annotate rest of nf_conntrack_* with const
Jan Engelhardt [Mon, 14 Apr 2008 09:15:42 +0000 (11:15 +0200)]
[NETFILTER]: annotate rest of nf_conntrack_* with const

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: annotate {arp,ip,ip6,x}tables with const
Jan Engelhardt [Mon, 14 Apr 2008 09:15:35 +0000 (11:15 +0200)]
[NETFILTER]: annotate {arp,ip,ip6,x}tables with const

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: annotate xtables targets with const and remove casts
Jan Engelhardt [Mon, 14 Apr 2008 07:56:05 +0000 (09:56 +0200)]
[NETFILTER]: annotate xtables targets with const and remove casts

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: xt_sctp: simplify xt_sctp.h
Jan Engelhardt [Mon, 14 Apr 2008 07:56:04 +0000 (09:56 +0200)]
[NETFILTER]: xt_sctp: simplify xt_sctp.h

The use of xt_sctp.h flagged up -Wshadow warnings in userspace, which
prompted me to look at it and clean it up. Basic operations have been
directly replaced by library calls (memcpy, memset is both available
in the kernel and userspace, and usually faster than a self-made
loop). The is_set and is_clear functions now use a processing time
shortcut, too.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: Use non-deprecated __RW_LOCK_UNLOCKED macro
Robert P. J. Day [Mon, 14 Apr 2008 07:56:03 +0000 (09:56 +0200)]
[NETFILTER]: Use non-deprecated __RW_LOCK_UNLOCKED macro

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: bridge netfilter: use non-deprecated __RW_LOCK_UNLOCKED macro.
Robert P. J. Day [Mon, 14 Apr 2008 07:56:03 +0000 (09:56 +0200)]
[NETFILTER]: bridge netfilter: use non-deprecated __RW_LOCK_UNLOCKED macro.

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: ip_tables: per-netns FILTER/MANGLE/RAW tables for real
Alexey Dobriyan [Mon, 14 Apr 2008 07:56:02 +0000 (09:56 +0200)]
[NETFILTER]: ip_tables: per-netns FILTER/MANGLE/RAW tables for real

Commit 9335f047fe61587ec82ff12fbb1220bcfdd32006 aka
"[NETFILTER]: ip_tables: per-netns FILTER, MANGLE, RAW"
added per-netns _view_ of iptables rules. They were shown to user, but
ignored by filtering code. Now that it's possible to at least ping loopback,
per-netns tables can affect filtering decisions.

netns is taken in case of
PRE_ROUTING, LOCAL_IN -- from in device,
POST_ROUTING, LOCAL_OUT -- from out device,
FORWARD -- from in device which should be equal to out device's netns.
   This code is relatively new, so BUG_ON was plugged.

Wrappers were added to a) keep code the same from CONFIG_NET_NS=n users
(overwhelming majority), b) consolidate code in one place -- similar
changes will be done in ipv6 and arp netfilter code.

Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: {ip,ip6}t_LOG: print MARK value in log output
Patrick McHardy [Thu, 20 Mar 2008 14:15:45 +0000 (15:15 +0100)]
[NETFILTER]: {ip,ip6}t_LOG: print MARK value in log output

Dump the mark value in log messages similar to nfnetlink_log. This
is useful for debugging complex setups where marks are used for
routing or traffic classification.

Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[NETFILTER]: nf_conntrack: less hairy ifdefs around proc and sysctl
Alexey Dobriyan [Thu, 20 Mar 2008 14:15:43 +0000 (15:15 +0100)]
[NETFILTER]: nf_conntrack: less hairy ifdefs around proc and sysctl

Patch splits creation of /proc/net/nf_conntrack, /proc/net/stat/nf_conntrack
and net.netfilter hierarchy into their own functions with dummy ones
if PROC_FS or SYSCTL is not set. Also, remove dead "ret = 0" write
while I'm at it.

Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[BRIDGE]: Fix crash in __ip_route_output_key with bridge netfilter
Patrick McHardy [Mon, 14 Apr 2008 07:46:01 +0000 (00:46 -0700)]
[BRIDGE]: Fix crash in __ip_route_output_key with bridge netfilter

The bridge netfilter code attaches a fake dst_entry with a pointer to a
fake net_device structure to skbs it passes up to IPv4 netfilter. This
leads to crashes when the skb is passed to __ip_route_output_key when
dereferencing the namespace pointer.

Since bridging can currently only operate in the init_net namespace,
the easiest fix for now is to initialize the nd_net pointer of the
fake net_device struct to &init_net.

Should fix bugzilla 10323: http://bugzilla.kernel.org/show_bug.cgi?id=10323

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: ipt_CLUSTERIP: fix race between clusterip_config_find_get and _entry_put
Pavel Emelyanov [Mon, 14 Apr 2008 07:44:52 +0000 (00:44 -0700)]
[NETFILTER]: ipt_CLUSTERIP: fix race between clusterip_config_find_get and _entry_put

Consider we are putting a clusterip_config entry with the "entries"
count == 1, and on the other CPU there's a clusterip_config_find_get
in progress:

CPU1: CPU2:
clusterip_config_entry_put: clusterip_config_find_get:
if (atomic_dec_and_test(&c->entries)) {
/* true */
read_lock_bh(&clusterip_lock);
c = __clusterip_config_find(clusterip);
/* found - it's still in list */
...
atomic_inc(&c->entries);
read_unlock_bh(&clusterip_lock);

write_lock_bh(&clusterip_lock);
list_del(&c->list);
write_unlock_bh(&clusterip_lock);
...
dev_put(c->dev);

Oops! We have an entry returned by the clusterip_config_find_get,
which is a) not in list b) has a stale dev pointer.

The problems will happen when the CPU2 will release the entry - it
will remove it from the list for the 2nd time, thus spoiling it, and
will put a stale dev pointer.

The fix is to make atomic_dec_and_test under the clusterip_lock.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
16 years ago[SKB]: __skb_queue_tail = __skb_insert before
Gerrit Renker [Mon, 14 Apr 2008 07:05:28 +0000 (00:05 -0700)]
[SKB]: __skb_queue_tail = __skb_insert before

This expresses __skb_queue_tail() in terms of __skb_insert(),
using __skb_insert_before() as auxiliary function.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[SKB]: __skb_append = __skb_queue_after
Gerrit Renker [Mon, 14 Apr 2008 07:05:09 +0000 (00:05 -0700)]
[SKB]: __skb_append = __skb_queue_after

This expresses __skb_append in terms of __skb_queue_after, exploiting that

  __skb_append(old, new, list) = __skb_queue_after(list, old, new).

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[SKB]: __skb_queue_after(prev) = __skb_insert(prev, prev->next)
Gerrit Renker [Mon, 14 Apr 2008 07:04:51 +0000 (00:04 -0700)]
[SKB]: __skb_queue_after(prev) = __skb_insert(prev, prev->next)

By reordering, __skb_queue_after() is expressed in terms of __skb_insert().

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[SKB]: __skb_dequeue = skb_peek + __skb_unlink
Gerrit Renker [Mon, 14 Apr 2008 07:04:12 +0000 (00:04 -0700)]
[SKB]: __skb_dequeue = skb_peek + __skb_unlink

By rearranging the order of declarations, __skb_dequeue() is expressed in terms of

 * skb_peek() and
 * __skb_unlink(),

thus in effect mirroring the analogue implementation of __skb_dequeue_tail().

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6] MROUTE: Add stats in multicast routing module method ip6_mr_forward().
Rami Rosen [Mon, 14 Apr 2008 06:59:13 +0000 (23:59 -0700)]
[IPV6] MROUTE: Add stats in multicast routing module method ip6_mr_forward().

This patches adds a call to increment IPSTATS_MIB_OUTFORWDATAGRAMS
when forwarding the packet in ip6_mr_forward() in the IPv6 multicast
routing module (net/ipv6/ip6mr.c).

Signed-off-by: Rami Rosen <ramirose@gmail.com>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6] ADDRCONF: Don't generate temporary address for ip6-ip6 interface.
YOSHIFUJI Hideaki [Mon, 14 Apr 2008 06:47:11 +0000 (23:47 -0700)]
[IPV6] ADDRCONF: Don't generate temporary address for ip6-ip6 interface.

As far as I can remember, I was going to disable privacy extensions
on all "tunnel" interfaces.  Disable it on ip6-ip6 interface as well.

Also, just remove ifdefs for SIT for simplicity.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6] ADDRCONF: Ensure disabling multicast RS even if privacy extensions are disabled.
YOSHIFUJI Hideaki [Mon, 14 Apr 2008 06:42:18 +0000 (23:42 -0700)]
[IPV6] ADDRCONF: Ensure disabling multicast RS even if privacy extensions are disabled.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Use appropriate sock tclass setting for routing lookup.
YOSHIFUJI Hideaki [Mon, 14 Apr 2008 06:40:51 +0000 (23:40 -0700)]
[IPV6]: Use appropriate sock tclass setting for routing lookup.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: IPv6 extension header structures need to be packed.
YOSHIFUJI Hideaki [Mon, 14 Apr 2008 06:33:52 +0000 (23:33 -0700)]
[IPV6]: IPv6 extension header structures need to be packed.

struct ipv6_opt_hdr is the common structure for IPv6 extension
headers, and it is common to increment the pointer to get
the real content.  On the other hand, since the structure
consists only of 1-byte next-header field and 1-byte length
field, size of that structure depends on architecture; 2 or 4.
Add "packed" attribute to get 2.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Sink IPv6 menuoptions into its own submenu
Jan Engelhardt [Mon, 14 Apr 2008 06:30:47 +0000 (23:30 -0700)]
[NET]: Sink IPv6 menuoptions into its own submenu

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Share common code-paths for sticky socket options.
YOSHIFUJI Hideaki [Mon, 14 Apr 2008 06:21:52 +0000 (23:21 -0700)]
[IPV6]: Share common code-paths for sticky socket options.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6] MROUTE: Do not call ipv6_find_idev() directly.
YOSHIFUJI Hideaki [Mon, 14 Apr 2008 06:21:16 +0000 (23:21 -0700)]
[IPV6] MROUTE: Do not call ipv6_find_idev() directly.

Since NETDEV_REGISTER notifier chain is responsible for creating
inet6_dev{}, we do not need to call ipv6_find_idev() directly here.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Fix ipv6 address fetching in raw6_icmp_error().
David S. Miller [Mon, 14 Apr 2008 06:14:15 +0000 (23:14 -0700)]
[IPV6]: Fix ipv6 address fetching in raw6_icmp_error().

Fixes kernel bugzilla 10437

Based almost entirely upon a patch by Dmitry Butskoy.

When deciding what raw sockets to deliver the ICMPv6
to, we should use the addresses in the ICMPv6 quoted
IPV6 header, not the top-level one.

Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Return more appropriate error from eth_validate_addr().
Patrick McHardy [Mon, 14 Apr 2008 05:45:40 +0000 (22:45 -0700)]
[NET]: Return more appropriate error from eth_validate_addr().

Paul Bolle wrote:
> http://bugzilla.kernel.org/show_bug.cgi?id=9923 would have been much easier to
> track down if eth_validate_addr() would somehow complain aloud if an address
> is invalid. Shouldn't it make at least some noise?

I guess it should return -EADDRNOTAVAIL similar to eth_mac_addr()
when validation fails.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[ISDN]: Do not validate ISDN net device address prior to interface-up
Paul Bolle [Mon, 14 Apr 2008 05:44:20 +0000 (22:44 -0700)]
[ISDN]: Do not validate ISDN net device address prior to interface-up

Commit bada339 (Validate device addr prior to interface-up) caused a regression
in the ISDN network code, see: http://bugzilla.kernel.org/show_bug.cgi?id=9923
The trivial fix is to remove the pointer to eth_validate_addr() in the
net_device struct in isdn_net_init().

Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETNS][DCCPV6]: Make per-net socket lookup.
Pavel Emelyanov [Mon, 14 Apr 2008 05:33:06 +0000 (22:33 -0700)]
[NETNS][DCCPV6]: Make per-net socket lookup.

The inet6_lookup family of functions requires a net to lookup
a socket in, so give a proper one to them.

No more things to do for dccpv6, since routing is OK and the
ipv4-like transport layer filtering is not done for ipv6.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETNS][DCCPV6]: Actually create ctl socket on each net and use it.
Pavel Emelyanov [Mon, 14 Apr 2008 05:32:45 +0000 (22:32 -0700)]
[NETNS][DCCPV6]: Actually create ctl socket on each net and use it.

Move the call to inet_ctl_sock_create to init callback (and
inet_ctl_sock_destroy to exit one) and use proper ctl sock
in dccp_v6_ctl_send_reset.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETNS][DCCPV6]: Move the dccp_v6_ctl_sk on the struct net.
Pavel Emelyanov [Mon, 14 Apr 2008 05:32:25 +0000 (22:32 -0700)]
[NETNS][DCCPV6]: Move the dccp_v6_ctl_sk on the struct net.

And replace all its usage with init_net's socket.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETNS][DCCPV6]: Add dummy per-net operations.
Pavel Emelyanov [Mon, 14 Apr 2008 05:32:02 +0000 (22:32 -0700)]
[NETNS][DCCPV6]: Add dummy per-net operations.

They will be responsible for ctl socket initialization, but
currently they are void.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETNS][DCCPV6]: Don't pass NULL to ip6_dst_lookup.
Pavel Emelyanov [Mon, 14 Apr 2008 05:31:32 +0000 (22:31 -0700)]
[NETNS][DCCPV6]: Don't pass NULL to ip6_dst_lookup.

This call uses the sock to get the net to lookup the routing
in. With CONFIG_NET_NS this code will OOPS, since the sk ptr
is NULL.

After looking inside the ip6_dst_lookup and drawing the analogy
with respective ipv6 code, it seems, that the dccp ctl socket
is a good candidate for the first argument.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETNS][DCCPV4]: Enable DCCPv4 in net namespaces.
Pavel Emelyanov [Mon, 14 Apr 2008 05:31:05 +0000 (22:31 -0700)]
[NETNS][DCCPV4]: Enable DCCPv4 in net namespaces.

This enables sockets creation with IPPROTO_DCCP and enables
the ip level to pass DCCP packets to the DCCP level.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETNS][DCCPV4]: Make per-net socket lookup.
Pavel Emelyanov [Mon, 14 Apr 2008 05:30:43 +0000 (22:30 -0700)]
[NETNS][DCCPV4]: Make per-net socket lookup.

The inet_lookup family of functions requires a net to lookup
a socket in, so give a proper one to them.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETNS][DCCPV4]: Use proper net to route the reset packet.
Pavel Emelyanov [Mon, 14 Apr 2008 05:30:19 +0000 (22:30 -0700)]
[NETNS][DCCPV4]: Use proper net to route the reset packet.

The dccp_v4_route_skb used in dccp_v4_ctl_send_reset, currently
works with init_net's routing tables - fix it.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETNS][DCCPV4]: Actually create ctl socket on each net and use it.
Pavel Emelyanov [Mon, 14 Apr 2008 05:29:59 +0000 (22:29 -0700)]
[NETNS][DCCPV4]: Actually create ctl socket on each net and use it.

Move the call to inet_ctl_sock_create to init callback (and
inet_ctl_sock_destroy to exit one) and use proper ctl sock
in dccp_v4_ctl_send_reset.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETNS][DCCPV4]: Move the dccp_v4_ctl_sk on the struct net.
Pavel Emelyanov [Mon, 14 Apr 2008 05:29:37 +0000 (22:29 -0700)]
[NETNS][DCCPV4]: Move the dccp_v4_ctl_sk on the struct net.

And replace all its usage with init_net's socket.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>