firefly-linux-kernel-4.4.55.git
12 years agoinet: Sanitize inet{,6} protocol demux.
David S. Miller [Wed, 20 Jun 2012 01:56:21 +0000 (18:56 -0700)]
inet: Sanitize inet{,6} protocol demux.

Don't pretend that inet_protos[] and inet6_protos[] are hashes, thay
are just a straight arrays.  Remove all unnecessary hash masking.

Document MAX_INET_PROTOS.

Use RAW_HTABLE_SIZE when appropriate.

Reported-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: qmi_wwan: use module_usb_driver macro
Bjørn Mork [Tue, 19 Jun 2012 00:42:03 +0000 (00:42 +0000)]
net: qmi_wwan: use module_usb_driver macro

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: qmi_wwan: shorten driver description
Bjørn Mork [Tue, 19 Jun 2012 00:42:02 +0000 (00:42 +0000)]
net: qmi_wwan: shorten driver description

The description is used in ethtool fixed length fields.  Make
it shorter to avoid truncation.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: qmi_wwan: bind to both control and data interface
Bjørn Mork [Tue, 19 Jun 2012 00:42:01 +0000 (00:42 +0000)]
net: qmi_wwan: bind to both control and data interface

Always bind to control interface regardless of whether
it is a shared interface or not.

A QMI/wwan function is required to provide both a control
interface (QMI) and a data interface (wwan).  All devices
supported by this driver do so.  But the vendors may
choose to use different USB descriptor layouts, and some
vendors even allow the same device to present different
layouts.

Most of these devices use a USB descriptor layout with a
single USB interface for both control and data.  But some
split control and data into two interfaces, bound together
by a CDC Union descriptor on the control interface. Before
the cdc-wdm subdriver support was added, this split was
used to let cdc-wdm drive the QMI control interface and
qmi_wwan drive the wwna data interface.

This split driver model has a number of issues:
 - qmi_wwan must match on the data interface descriptor,
   which often are indistiguishable from data interfaces
   belonging to other CDC (like) functions like ACM
 - supporting a single QMI/wwan function requires adding
   the device to two drivers
 - syncronizing the probes among a number of drivers, to
   ensure selecting the correct driver, is difficult unless
   all drivers match on the same interface

This patch resolves these problems by using the same
probing mechanism as cdc-ether for devices with a two-
interface USB descriptor layout.  This makes the driver
behave consistently, supporting both the control and data
part of the QMI/wwan function, regardless of the USB
descriptors.

Cc: Thomas Schäfer <tschaefer@t-online.de>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: qmi_wwan: rearranging to prepare for code sharing
Bjørn Mork [Tue, 19 Jun 2012 00:42:00 +0000 (00:42 +0000)]
net: qmi_wwan: rearranging to prepare for code sharing

Most of the subdriver registration code can be reused for devices
with separate control and data interfaces.  Move the code a bit
around to prepare for such reuse.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: qmi_wwan: define a structure for driver specific state
Bjørn Mork [Tue, 19 Jun 2012 00:41:59 +0000 (00:41 +0000)]
net: qmi_wwan: define a structure for driver specific state

usbnet allocates a fixed size array for minidriver specific
state.  Naming the fields and taking advantage of type checking
is a bit more failsafe than casting array elements each time
they are referenced.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: use rcu_dereference_bh() in tx path
Jiri Pirko [Tue, 19 Jun 2012 05:54:21 +0000 (05:54 +0000)]
team: use rcu_dereference_bh() in tx path

Should be used instead of rcu_dereference, since rcu_read_lock_bh is
held.

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: allow to send multiple set events in one message
Jiri Pirko [Tue, 19 Jun 2012 05:54:20 +0000 (05:54 +0000)]
team: allow to send multiple set events in one message

When multiple sets are done, event message is generated for each. This
patch accumulates these messages into one.

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: ensure correct order of netlink messages delivery
Jiri Pirko [Tue, 19 Jun 2012 05:54:19 +0000 (05:54 +0000)]
team: ensure correct order of netlink messages delivery

currently, when port is created and per-port options are present, there
options are sent to userspace with ifindex of port which userspace does
not know about. Port add message goes right after.

This patch corrects message ordering so userspace would not be confused.

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: implement multipart netlink messages for options transfers
Jiri Pirko [Tue, 19 Jun 2012 05:54:18 +0000 (05:54 +0000)]
team: implement multipart netlink messages for options transfers

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: lb: introduce infrastructure for userspace driven tx loadbalancing
Jiri Pirko [Tue, 19 Jun 2012 05:54:17 +0000 (05:54 +0000)]
team: lb: introduce infrastructure for userspace driven tx loadbalancing

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: add port_[enabled/disabled] mode callbacks
Jiri Pirko [Tue, 19 Jun 2012 05:54:16 +0000 (05:54 +0000)]
team: add port_[enabled/disabled] mode callbacks

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: pass NULL to __team_option_inst_add() instead of 0
Jiri Pirko [Tue, 19 Jun 2012 05:54:15 +0000 (05:54 +0000)]
team: pass NULL to __team_option_inst_add() instead of 0

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: allow to specify one option instance to be send to userspace
Jiri Pirko [Tue, 19 Jun 2012 05:54:14 +0000 (05:54 +0000)]
team: allow to specify one option instance to be send to userspace

No need to walk through option instance list and look for ->changed ==
true when called knows exactly what one option instance changed.

Also use lists to pass option instances needed to be present in netlink
message.

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: fix error path in team_nl_fill_port_list_get()
Jiri Pirko [Tue, 19 Jun 2012 05:54:13 +0000 (05:54 +0000)]
team: fix error path in team_nl_fill_port_list_get()

genlmsg_cancel() needs to be called in case nest fails

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: fix error path in team_nl_fill_options_get()
Jiri Pirko [Tue, 19 Jun 2012 05:54:12 +0000 (05:54 +0000)]
team: fix error path in team_nl_fill_options_get()

genlmsg_cancel() needs to be called in case nest fails

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: allow async option changes
Jiri Pirko [Tue, 19 Jun 2012 05:54:11 +0000 (05:54 +0000)]
team: allow async option changes

This patch adds two exported functions. One allows to mark option
instance as changed and the second processes change check and does
transfer of changed options to userspace.

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: push array_index and port into separate structure
Jiri Pirko [Tue, 19 Jun 2012 05:54:10 +0000 (05:54 +0000)]
team: push array_index and port into separate structure

Introduce struct team_option_inst_info and push option instance info
there. It can be then easily passed to gsetter context and used for
feature async option changes.

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: comments: s/net\/drivers\/team/drivers\/net\/team/
Jiri Pirko [Tue, 19 Jun 2012 05:54:09 +0000 (05:54 +0000)]
team: comments: s/net\/drivers\/team/drivers\/net\/team/

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: introduce array options
Jiri Pirko [Tue, 19 Jun 2012 05:54:08 +0000 (05:54 +0000)]
team: introduce array options

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: allow read/write-only options
Jiri Pirko [Tue, 19 Jun 2012 05:54:07 +0000 (05:54 +0000)]
team: allow read/write-only options

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: lb: push hash counting into separate function
Jiri Pirko [Tue, 19 Jun 2012 05:54:06 +0000 (05:54 +0000)]
team: lb: push hash counting into separate function

Also squash hash into one byte

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: add mode priv to port
Jiri Pirko [Tue, 19 Jun 2012 05:54:05 +0000 (05:54 +0000)]
team: add mode priv to port

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: for nomode use dummy struct team_mode
Jiri Pirko [Tue, 19 Jun 2012 05:54:04 +0000 (05:54 +0000)]
team: for nomode use dummy struct team_mode

That leaves team->mode and all its values valid so no checks would be
needed (for example in team_mode_option_get()).

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoteam: make team_mode struct const
Jiri Pirko [Tue, 19 Jun 2012 05:54:03 +0000 (05:54 +0000)]
team: make team_mode struct const

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'master' of git://gitorious.org/linux-can/linux-can-next
David S. Miller [Tue, 19 Jun 2012 21:47:13 +0000 (14:47 -0700)]
Merge branch 'master' of git://gitorious.org/linux-can/linux-can-next

Marc Kleine-Budde says:

====================
here is our second pull request for net-next. In this series Federico
Vaga adds a pci driver for c_can/d_can hardware using the existing
generic c_can driver. The remaining 6 patches are by Oliver Hartkopp.
He adds CANFD support to the CAN stack while keeping binary
compatibility for existing applications. CANFD is an extension to the
existing CAN standard, it allows longer CAN frames and/or higher data
rates. There's no real hardware available yet, but this series adds
CANFD support to the vcan driver.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville...
David S. Miller [Tue, 19 Jun 2012 21:37:15 +0000 (14:37 -0700)]
Merge branch 'for-davem' of git://git./linux/kernel/git/linville/wireless-next

John Linville says:

====================
This is a sizeable batch of updates intended for 3.6...

The bulk of the changes here are Bluetooth.  Gustavo says:

Here goes the first Bluetooth pull request for 3.6, we have
queued quite a lot of work. Andrei Emeltchenko added the AMP
Manager code, a lot of work is needed, but the first bit are
already there. This code is disabled by default.  Mat Martineau
changed the whole L2CAP ERTM state machine code, replacing
the old one with a new implementation. Besides that we had
lot of coding style fixes (to follow net rules), more l2cap
core separation from socket and many clean ups and fixed all
over the tree.

Along with the above, there is a healthy dose of ath9k, iwlwifi,
and other driver updates.  There is also another pull from the
wireless tree to resolve some merge issues.  I also fixed-up some
merge discrepencies between net-next and wireless-next.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Change date and version to 1.72.51-0
Merav Sicron [Tue, 19 Jun 2012 07:48:32 +0000 (07:48 +0000)]
bnx2x: Change date and version to 1.72.51-0

This change updates the date and version of the bnx2x driver.

Signed-off-by: Merav Sicron <meravs@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Support DCBX for all functions
Barak Witkowski [Tue, 19 Jun 2012 07:48:31 +0000 (07:48 +0000)]
bnx2x: Support DCBX for all functions

In multi-function device, allow configuring dcbx admin params from all drivers
on a single physical port.

Signed-off-by: Barak Witkowski <barak@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Add support for ethtool -L
Merav Sicron [Tue, 19 Jun 2012 07:48:30 +0000 (07:48 +0000)]
bnx2x: Add support for ethtool -L

Add support for ethtool -L/-l for setting and getting the number of RSS queues.
The 'combined' field is used as we don't support separate IRQ for Rx and Tx.

Signed-off-by: Merav Sicron <meravs@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Allow up to 63 RSS queues
Merav Sicron [Tue, 19 Jun 2012 07:48:29 +0000 (07:48 +0000)]
bnx2x: Allow up to 63 RSS queues

This patch removed the limitation in the code for 16 RSS queues.

Signed-off-by: Merav Sicron <meravs@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Split the FP structure
Barak Witkowski [Tue, 19 Jun 2012 07:48:28 +0000 (07:48 +0000)]
bnx2x: Split the FP structure

This patch moves some fields out of the FP structure to different structures, in
order to minimize size of contigiuous memory allocated.

Signed-off-by: Barak Witkowski <barak@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Move the CNIC L2 CIDs to be right after the RSS CIDs
Merav Sicron [Tue, 19 Jun 2012 07:48:27 +0000 (07:48 +0000)]
bnx2x: Move the CNIC L2 CIDs to be right after the RSS CIDs

Currently the CNIC-related L2 CIDs (for sending control FCoE / iSCSI packets)
were at fixed position, according to the maximal number of RSS queues multiplied
by the number of traffic-classes. This change makes the CIDs dynamic, as they
are defined to be right after the highest RSS CID. This decreases the memory
allocated for the context.

Signed-off-by: Merav Sicron <meravs@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Make the transmission queues adjacent
Merav Sicron [Tue, 19 Jun 2012 07:48:26 +0000 (07:48 +0000)]
bnx2x: Make the transmission queues adjacent

In the current scheme the transmission queues of traffic-class 0 were 0-15, the
transmission queues of traffic-class 1 were 16-31 and so on. If the number of
RSS queues was smaller than 16, there were gaps in transmission queues
numbering, as well as in CIDs numbering. This is both a waste (especially when
16 is increased to 64), and may causes problems with flushing queues when
reducing the number of RSS queues (using ethtool -L). The new scheme eliminates
the gaps.

Signed-off-by: Merav Sicron <meravs@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Allow more than 64 L2 CIDs
Merav Sicron [Tue, 19 Jun 2012 07:48:25 +0000 (07:48 +0000)]
bnx2x: Allow more than 64 L2 CIDs

With increased number of RSS queues, each multiplied by the number of traffic-
classes, we may have up to 64*3=192 CIDs. The current driver scheme with regard
to context allocation supports only 64 CIDs. The new scheme enables scatter-
gatehr list of pages for the context.

Signed-off-by: Merav Sicron <meravs@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Add support for 4-tupple UDP RSS
Merav Sicron [Tue, 19 Jun 2012 07:48:24 +0000 (07:48 +0000)]
bnx2x: Add support for 4-tupple UDP RSS

This change enables to control via ethtool whether to do UDP RSS on 2-tupple
(IP source / destination only) or on 4-tupple (include UDP source / destination
port). It also enables to read back the RSS configuration.

Signed-off-by: Merav Sicron <meravs@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Return only online tests for MF
Merav Sicron [Tue, 19 Jun 2012 07:48:23 +0000 (07:48 +0000)]
bnx2x: Return only online tests for MF

1. In multi-function device, show only the online tests in self-test results as
   only these test are performed (offline tests cannot be performed as they may
   corrupt the traffic of other functions on the same physical port). Note that
   multi-function mode cannot change while the driver is up.
2. Check result code in NIC load and act accordingly.

Signed-off-by: Merav Sicron <meravs@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Add support for external LB
Merav Sicron [Tue, 19 Jun 2012 07:48:22 +0000 (07:48 +0000)]
bnx2x: Add support for external LB

This change enables to do self-test with external loopback via ethtool.

Signed-off-by: Merav Sicron <meravs@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agocanfd: update documentation according to CAN FD extensions
Oliver Hartkopp [Sat, 16 Jun 2012 10:01:58 +0000 (12:01 +0200)]
canfd: update documentation according to CAN FD extensions

Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
12 years agovcan: add CAN FD support
Oliver Hartkopp [Wed, 13 Jun 2012 18:56:59 +0000 (20:56 +0200)]
vcan: add CAN FD support

- move the length calculation from dlc to real length (using canfd_frame)
- allow to switch the driver between CAN and CAN FD (change of MTU)

Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
12 years agocandev: add/update helpers for CAN FD
Oliver Hartkopp [Wed, 13 Jun 2012 18:48:21 +0000 (20:48 +0200)]
candev: add/update helpers for CAN FD

- update sanity checks
- add DLC to length conversion helpers
  - can_dlc2len() - get data length from can_dlc with sanitized can_dlc
  - can_len2dlc() - map the sanitized data length to an appropriate DLC

Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
12 years agocanfd: add support for CAN FD in CAN_RAW sockets
Oliver Hartkopp [Wed, 13 Jun 2012 18:41:31 +0000 (20:41 +0200)]
canfd: add support for CAN FD in CAN_RAW sockets

- introduce a new sockopt CAN_RAW_FD_FRAMES to allow CAN FD frames
- handle CAN frames and CAN FD frames simultaneously when enabled

Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
12 years agocanfd: add support for CAN FD in PF_CAN core
Oliver Hartkopp [Wed, 13 Jun 2012 18:33:02 +0000 (20:33 +0200)]
canfd: add support for CAN FD in PF_CAN core

- handle ETH_P_CAN and ETH_P_CANFD skbuffs
- update sanity checks for CAN and CAN FD
- make sure the CAN frame can pass the selected CAN netdevice on send
- bump core version and abi version to indicate the new CAN FD support

Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
12 years agocanfd: add new data structures and constants
Oliver Hartkopp [Wed, 13 Jun 2012 18:04:33 +0000 (20:04 +0200)]
canfd: add new data structures and constants

- add new struct canfd_frame
- check identical element offsets in struct can_frame and struct canfd_frame
- new ETH_P_CANFD definition to tag CAN FD skbs correctly
- add CAN_MTU and CANFD_MTU definitions for easy frame and mode detection
- add CAN[FD]_MAX_[DLC|DLEN] helper constants to remove hard coded values
- update existing struct can_frame with helper constants and comments

Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
12 years agoc_can_pci: generic module for C_CAN/D_CAN on PCI
Federico Vaga [Thu, 14 Jun 2012 11:43:42 +0000 (13:43 +0200)]
c_can_pci: generic module for C_CAN/D_CAN on PCI

Signed-off-by: Federico Vaga <federico.vaga@gmail.com>
Acked-by: Giancarlo Asnaghi <giancarlo.asnaghi@st.com>
Cc: Alan Cox <alan@linux.intel.com>
Acked-by: Wolfgang Grandegger <wg@grandegger.com>
Acked-by: Bhupesh Sharma <bhupesh.sharma@st.com>
[mkl: fix call to pci_iounmap]
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
12 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
John W. Linville [Tue, 19 Jun 2012 18:41:22 +0000 (14:41 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-next into for-davem

Conflicts:
drivers/net/wireless/iwlwifi/dvm/testmode.c
drivers/net/wireless/iwlwifi/pcie/trans.c

12 years agonet: lpc_eth: Driver cleanup
stigge@antcom.de [Mon, 18 Jun 2012 10:14:42 +0000 (10:14 +0000)]
net: lpc_eth: Driver cleanup

This patch removes some nowadays superfluous definitions (one unused define and
an obsolete function forward declaration) and corrects a netdev_err() to
netdev_dbg().

Signed-off-by: Roland Stigge <stigge@antcom.de>
Signed-off-by: Alexandre Pereira da Silva <aletes.xgr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonetfilter: fix missing symbols if CONFIG_NETFILTER_NETLINK_QUEUE_CT unset
Pablo Neira Ayuso [Tue, 19 Jun 2012 03:25:46 +0000 (05:25 +0200)]
netfilter: fix missing symbols if CONFIG_NETFILTER_NETLINK_QUEUE_CT unset

ERROR: "nfqnl_ct_parse" [net/netfilter/nfnetlink_queue.ko] undefined!
ERROR: "nfqnl_ct_seq_adjust" [net/netfilter/nfnetlink_queue.ko] undefined!
ERROR: "nfqnl_ct_put" [net/netfilter/nfnetlink_queue.ko] undefined!
ERROR: "nfqnl_ct_get" [net/netfilter/nfnetlink_queue.ko] undefined!

We have to use CONFIG_NETFILTER_NETLINK_QUEUE_CT in
include/net/netfilter/nfnetlink_queue.h, not CONFIG_NF_CONNTRACK.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'master' of git://1984.lsi.us.es/nf-next
David S. Miller [Tue, 19 Jun 2012 03:26:06 +0000 (20:26 -0700)]
Merge branch 'master' of git://1984.lsi.us.es/nf-next

Pablo says:

====================
The following patchset provides fixes for issues that were recently introduced
by my new cthelper infrastructure. They have been spotted by Randy Dunlap,
Andrew Morton and Dan Carpenter.

The patches provide:

* compilation fixes if CONFIG_NF_CONNTRACK is disabled: I moved all the
  conntrack code from nfnetlink_queue.c to nfnetlink_queue_ct.c to avoid
  peppering the entire code with lots of ifdefs. I needed to rename
  nfnetlink_queue.c to nfnetlink_queue_core.c to get it working with the
  Makefile tweaks I've added.

* fix NULL pointer dereference via ctnetlink while trying to change the helper
  for an existing conntrack entry. I don't find any reasonable use case for
  changing the helper from one to another in run-time. Thus, now ctnetlink
  returns -EOPNOTSUPP for this operation.

* fix possible out-of-bound zeroing of the conntrack extension area due to
  the helper automatic assignation routine.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge tag 'batman-adv-for-davem' of git://git.open-mesh.org/linux-merge
David S. Miller [Tue, 19 Jun 2012 03:23:55 +0000 (20:23 -0700)]
Merge tag 'batman-adv-for-davem' of git://git.open-mesh.org/linux-merge

Included changes:

* major skb->data pointer usage fix
* interval version update
* added get_ethtool_stats() support
* endianess clean up
* routing protocol API improvement wrt TT commit code
* fix locking in hash table code
* minor cleanups and fixes

12 years agonetfilter: nfnetlink_queue: fix compilation with NF_CONNTRACK disabled
Pablo Neira Ayuso [Tue, 19 Jun 2012 00:10:57 +0000 (02:10 +0200)]
netfilter: nfnetlink_queue: fix compilation with NF_CONNTRACK disabled

In "9cb0176 netfilter: add glue code to integrate nfnetlink_queue and ctnetlink"
the compilation with NF_CONNTRACK disabled is broken. This patch fixes this
issue.

I have moved the conntrack part into nfnetlink_queue_ct.c to avoid
peppering the entire nfnetlink_queue.c code with ifdefs.

I also needed to rename nfnetlink_queue.c to nfnetlink_queue_pkt.c
to update the net/netfilter/Makefile to support conditional compilation
of the conntrack integration.

This patch also adds CONFIG_NETFILTER_QUEUE_CT in case you want to explicitly
disable the integration between nf_conntrack and nfnetlink_queue.

Reported-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: fix compilation of the nfnl_cthelper if NF_CONNTRACK is unset
Pablo Neira Ayuso [Mon, 18 Jun 2012 19:14:30 +0000 (21:14 +0200)]
netfilter: fix compilation of the nfnl_cthelper if NF_CONNTRACK is unset

This patch fixes the compilation of net/netfilter/nfnetlink_cthelper.c
if CONFIG_NF_CONNTRACK is not set.

This patch also moves the definition of the cthelper infrastructure to
the scope of NF_CONNTRACK things.

I have also renamed NETFILTER_NETLINK_CTHELPER by NF_CT_NETLINK_HELPER,
to use similar names to other nf_conntrack_netlink extensions. Better now
that this has been only for two days in David's tree.

Two new dependencies have been added:

* NF_CT_NETLINK
* NETFILTER_NETLINK_QUEUE

Since these infrastructure requires both ctnetlink and nfqueue.

Reported-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: nf_ct_helper: disable automatic helper re-assignment of different type
Pablo Neira Ayuso [Mon, 18 Jun 2012 15:29:53 +0000 (17:29 +0200)]
netfilter: nf_ct_helper: disable automatic helper re-assignment of different type

This patch modifies __nf_ct_try_assign_helper in a way that invalidates support
for the following scenario:

1) attach the helper A for first time when the conntrack is created
2) attach new (different) helper B due to changes the reply tuple caused by NAT

eg. port redirection from TCP/21 to TCP/5060 with both FTP and SIP helpers
loaded, which seems to be a quite unorthodox scenario.

I can provide a more elaborated patch to support this scenario but explicit
helper attachment provides a better solution for this since now the use can
attach the helpers consistently, without relying on the automatic helper
lookup magic.

This patch fixes a possible out of bound zeroing of the conntrack helper
extension if the helper B uses more memory for its private data than
helper A.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: ctnetlink: fix NULL dereference while trying to change helper
Pablo Neira Ayuso [Mon, 18 Jun 2012 15:29:53 +0000 (17:29 +0200)]
netfilter: ctnetlink: fix NULL dereference while trying to change helper

The patch 1afc56794e03: "netfilter: nf_ct_helper: implement variable
length helper private data" from Jun 7, 2012, leads to the following
Smatch complaint:

net/netfilter/nf_conntrack_netlink.c:1231 ctnetlink_change_helper()
         error: we previously assumed 'help->helper' could be null (see line 1228)

This NULL dereference can be triggered with the following sequence:

1) attach the helper for first time when the conntrack is created.
2) remove the helper module or detach the helper from the conntrack
   via ctnetlink.
3) attach helper again (the same or different one, no matter) to the
   that existing conntrack again via ctnetlink.

This patch fixes the problem by removing the use case that allows you
to re-assign again a helper for one conntrack entry via ctnetlink since
I cannot find any practical use for it.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agobatman-adv: only store changed gw_bandwidth values
Marek Lindner [Fri, 11 May 2012 08:10:50 +0000 (16:10 +0800)]
batman-adv: only store changed gw_bandwidth values

Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: fix locking in hash_add()
Matthias Schiffer [Tue, 8 May 2012 20:31:57 +0000 (22:31 +0200)]
batman-adv: fix locking in hash_add()

To ensure an entry isn't added twice all comparisons have to be protected by the
hash line write spinlock. This doesn't really hurt as the case that it is tried
to add an element already present to the hash shouldn't occur very often, so in
most cases the lock would have have to be taken anyways.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: use DBG_ALL in log_level sysfs definition
Antonio Quartulli [Wed, 9 May 2012 07:50:45 +0000 (09:50 +0200)]
batman-adv: use DBG_ALL in log_level sysfs definition

Each time a new log level is added the developer must change either the DBG_ALL
enum definition and the hard coded value in the bat_sysfs.c for the log_level
attribute max value. This is extremely error prone.
With this patch the code directly uses DBG_ALL in the sysfs definition

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: turn tt commit code into routing protocol agnostic API
Marek Lindner [Sun, 6 May 2012 20:22:05 +0000 (04:22 +0800)]
batman-adv: turn tt commit code into routing protocol agnostic API

Prior to this patch the translation table code made assumptions about how
the routing protocol works and where its buffers are stored (to directly
modify them).
Each protocol now calls the tt code with the relevant pointers, thereby
abstracting the code.

Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Acked-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: fix visualization output without neighbors on the primary interface
Matthias Schiffer [Sat, 5 May 2012 15:51:53 +0000 (17:51 +0200)]
batman-adv: fix visualization output without neighbors on the primary interface

The primary entry and the corresponding secondary entries are missing when there
are no neighbors on the primary interface. This also causes the TT entries to
miss and makes nodes with multiply secondary interface fall apart since there
is no way to see they are related without a primary entry.

Fix this by always emitting a primary entry.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: don't bother flipping ->tt_crc
Al Viro [Sun, 22 Apr 2012 06:45:29 +0000 (07:45 +0100)]
batman-adv: don't bother flipping ->tt_crc

Keep it net-endian

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: don't bother flipping ->tt_data
Al Viro [Sun, 22 Apr 2012 06:44:27 +0000 (07:44 +0100)]
batman-adv: don't bother flipping ->tt_data

just keep it net-endian all along

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[lindner_marek@yahoo.de: fix checkpatch warnings]
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: Return error codes instead of -1 on failures
Sven Eckelmann [Sat, 5 May 2012 11:27:28 +0000 (13:27 +0200)]
batman-adv: Return error codes instead of -1 on failures

Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: keep batman_ogm_packet ->seqno net-endian all along
Al Viro [Sun, 22 Apr 2012 06:46:29 +0000 (07:46 +0100)]
batman-adv: keep batman_ogm_packet ->seqno net-endian all along

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: trivial endianness annotations
Al Viro [Sun, 22 Apr 2012 06:47:50 +0000 (07:47 +0100)]
batman-adv: trivial endianness annotations

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: get rid of pointless cast in memcpy()
Al Viro [Sun, 22 Apr 2012 06:50:29 +0000 (07:50 +0100)]
batman-adv: get rid of pointless cast in memcpy()

memcpy() arguments are void *, precisely to avoid that kind of pointless
casts.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: return added entries instead of number of possibly added entries
Marek Lindner [Mon, 23 Apr 2012 08:32:55 +0000 (16:32 +0800)]
batman-adv: return added entries instead of number of possibly added entries

Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Acked-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: ignore trailing CR when comparing protocol names
Marek Lindner [Wed, 18 Apr 2012 09:16:39 +0000 (17:16 +0800)]
batman-adv: ignore trailing CR when comparing protocol names

Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: avoid characters requiring shell escapes in protocol names
Marek Lindner [Wed, 18 Apr 2012 09:15:57 +0000 (17:15 +0800)]
batman-adv: avoid characters requiring shell escapes in protocol names

Reported-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: Add get_ethtool_stats() support
Martin Hundebøll [Fri, 20 Apr 2012 15:02:45 +0000 (17:02 +0200)]
batman-adv: Add get_ethtool_stats() support

Added additional counters in a bat_stats structure, which are exported
through the ethtool api. The counters are specific to batman-adv and
includes:
 forwarded packets and bytes
 management packets and bytes (aggregated OGMs at this point)
 translation table packets

New counters are added by extending "enum bat_counters" in types.h and
adding corresponding  descriptive string(s) to bat_counters_strings in
soft-iface.c.

Counters are increased by calling batadv_add_counter() and incremented
by one by calling batadv_inc_counter().

Signed-off-by: Martin Hundebøll <martin@hundeboll.net>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: convert bat_priv->tt_crc from atomic_t to uint16_t
Antonio Quartulli [Sat, 14 Apr 2012 11:15:26 +0000 (13:15 +0200)]
batman-adv: convert bat_priv->tt_crc from atomic_t to uint16_t

In the code we neever need to atomically check and set the bat_priv->tt_crc
field value. It is simply set and read once in different pieces of the code.
Therefore this field can be safely be converted from atomic_t to uint16_t.

Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: Initialize lockdep class keys for hashes
Sven Eckelmann [Thu, 29 Mar 2012 10:38:20 +0000 (12:38 +0200)]
batman-adv: Initialize lockdep class keys for hashes

The hash for claim and backbone hash in the bridge loop avoidance code receive
the same key because they are getting initialized by hash_new with the same
key. Lockdep will create a backtrace when they are used recursively. This can
be avoided by reinitializing the key directly after the hash_new.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: fix skb->data assignment
Antonio Quartulli [Thu, 14 Jun 2012 20:21:28 +0000 (22:21 +0200)]
batman-adv: fix skb->data assignment

skb_linearize(skb) possibly rearranges the skb internal data and then changes
the skb->data pointer value. For this reason any other pointer in the code that
was assigned skb->data before invoking skb_linearise(skb) must be re-assigned.

In the current tt_query message handling code this is not done and therefore, in
case of skb linearization, the pointer used to handle the packet header ends up
in pointing to poisoned memory. The packet is then dropped but the
translation-table mechanism is corrupted.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agobatman-adv: update internal version number
Sven Eckelmann [Sun, 17 Jun 2012 11:26:37 +0000 (13:26 +0200)]
batman-adv: update internal version number

Signed-off-by: Sven Eckelmann <sven@narfation.org>
12 years agoipv4: Cap ADVMSS metric in the FIB rather than the routing cache.
David S. Miller [Mon, 18 Jun 2012 02:47:34 +0000 (19:47 -0700)]
ipv4: Cap ADVMSS metric in the FIB rather than the routing cache.

It makes no sense to execute this limit test every time we create a
routing cache entry.

We can't simply error out on these things since we've silently
accepted and truncated them forever.

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: lpc_eth: free skbs in start_xmit
Eric Dumazet [Tue, 12 Jun 2012 23:58:16 +0000 (23:58 +0000)]
net: lpc_eth: free skbs in start_xmit

Transmitted skbs can be freed immediately in lpc_eth_hard_start_xmit()
instead of at TX completion, since driver copies the frames in DMA area.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Roland Stigge <stigge@antcom.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: correct LPI pass-through configuration
Yuval Mintz [Sun, 17 Jun 2012 02:04:50 +0000 (02:04 +0000)]
bnx2x: correct LPI pass-through configuration

Commit c8c60d88c59cbb48737732ba948663a3efe882aa contained
an incorrect logic which enabled a buffer overflow when accessing
an array during LPI pass-through configuration.
This patch fixes this issue by removing that logic altogether.

Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Yaniv Rosner <yaniv.rosner@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2: Update version 2.2.2
Michael Chan [Sat, 16 Jun 2012 15:45:44 +0000 (15:45 +0000)]
bnx2: Update version 2.2.2

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2: Read PCI function number from internal register
Michael Chan [Sat, 16 Jun 2012 15:45:43 +0000 (15:45 +0000)]
bnx2: Read PCI function number from internal register

so that it will work on any hypervisor.

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2: Dump additional BC_STATE during firmware sync timeout.
Michael Chan [Sat, 16 Jun 2012 15:45:42 +0000 (15:45 +0000)]
bnx2: Dump additional BC_STATE during firmware sync timeout.

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2: Dump all FTQ_CTL registers during tx_timeout
Michael Chan [Sat, 16 Jun 2012 15:45:41 +0000 (15:45 +0000)]
bnx2: Dump all FTQ_CTL registers during tx_timeout

to help debug tx timeouts reported in the field.

Reviewed-by Benjamin Li <benli@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'master' of git://1984.lsi.us.es/nf-next
David S. Miller [Sat, 16 Jun 2012 22:23:35 +0000 (15:23 -0700)]
Merge branch 'master' of git://1984.lsi.us.es/nf-next

Pablo says:

====================
This is the second batch of Netfilter updates for net-next. It contains the
kernel changes for the new user-space connection tracking helper
infrastructure.

More details on this infrastructure are provides here:
http://lwn.net/Articles/500196/

Still, I plan to provide some official documentation through the
conntrack-tools user manual on how to setup user-space utilities for this.
So far, it provides two helper in user-space, one for NFSv3 and another for
Oracle/SQLnet/TNS. Yet in my TODO list.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoinclude/net/dst.h: neaten asterisk placement
Eldad Zack [Sat, 16 Jun 2012 13:14:49 +0000 (15:14 +0200)]
include/net/dst.h: neaten asterisk placement

Fix code style - place the asterisk where it belongs.

Signed-off-by: Eldad Zack <eldad@fogrefinery.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonetfilter: add user-space connection tracking helper infrastructure
Pablo Neira Ayuso [Sun, 13 May 2012 19:44:54 +0000 (21:44 +0200)]
netfilter: add user-space connection tracking helper infrastructure

There are good reasons to supports helpers in user-space instead:

* Rapid connection tracking helper development, as developing code
  in user-space is usually faster.

* Reliability: A buggy helper does not crash the kernel. Moreover,
  we can monitor the helper process and restart it in case of problems.

* Security: Avoid complex string matching and mangling in kernel-space
  running in privileged mode. Going further, we can even think about
  running user-space helpers as a non-root process.

* Extensibility: It allows the development of very specific helpers (most
  likely non-standard proprietary protocols) that are very likely not to be
  accepted for mainline inclusion in the form of kernel-space connection
  tracking helpers.

This patch adds the infrastructure to allow the implementation of
user-space conntrack helpers by means of the new nfnetlink subsystem
`nfnetlink_cthelper' and the existing queueing infrastructure
(nfnetlink_queue).

I had to add the new hook NF_IP6_PRI_CONNTRACK_HELPER to register
ipv[4|6]_helper which results from splitting ipv[4|6]_confirm into
two pieces. This change is required not to break NAT sequence
adjustment and conntrack confirmation for traffic that is enqueued
to our user-space conntrack helpers.

Basic operation, in a few steps:

1) Register user-space helper by means of `nfct':

 nfct helper add ftp inet tcp

 [ It must be a valid existing helper supported by conntrack-tools ]

2) Add rules to enable the FTP user-space helper which is
   used to track traffic going to TCP port 21.

For locally generated packets:

 iptables -I OUTPUT -t raw -p tcp --dport 21 -j CT --helper ftp

For non-locally generated packets:

 iptables -I PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp

3) Run the test conntrackd in helper mode (see example files under
   doc/helper/conntrackd.conf

 conntrackd

4) Generate FTP traffic going, if everything is OK, then conntrackd
   should create expectations (you can check that with `conntrack':

 conntrack -E expect

    [NEW] 301 proto=6 src=192.168.1.136 dst=130.89.148.12 sport=0 dport=54037 mask-src=255.255.255.255 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=192.168.1.136 master-dst=130.89.148.12 sport=57127 dport=21 class=0 helper=ftp
[DESTROY] 301 proto=6 src=192.168.1.136 dst=130.89.148.12 sport=0 dport=54037 mask-src=255.255.255.255 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=192.168.1.136 master-dst=130.89.148.12 sport=57127 dport=21 class=0 helper=ftp

This confirms that our test helper is receiving packets including the
conntrack information, and adding expectations in kernel-space.

The user-space helper can also store its private tracking information
in the conntrack structure in the kernel via the CTA_HELP_INFO. The
kernel will consider this a binary blob whose layout is unknown. This
information will be included in the information that is transfered
to user-space via glue code that integrates nfnetlink_queue and
ctnetlink.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: ctnetlink: add CTA_HELP_INFO attribute
Pablo Neira Ayuso [Thu, 7 Jun 2012 12:19:42 +0000 (14:19 +0200)]
netfilter: ctnetlink: add CTA_HELP_INFO attribute

This attribute can be used to modify and to dump the internal
protocol information.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: nfnetlink_queue: add NAT TCP sequence adjustment if packet mangled
Pablo Neira Ayuso [Thu, 7 Jun 2012 11:31:25 +0000 (13:31 +0200)]
netfilter: nfnetlink_queue: add NAT TCP sequence adjustment if packet mangled

User-space programs that receive traffic via NFQUEUE may mangle packets.
If NAT is enabled, this usually puzzles sequence tracking, leading to
traffic disruptions.

With this patch, nfnl_queue will make the corresponding NAT TCP sequence
adjustment if:

1) The packet has been mangled,
2) the NFQA_CFG_F_CONNTRACK flag has been set, and
3) NAT is detected.

There are some records on the Internet complaning about this issue:
http://stackoverflow.com/questions/260757/packet-mangling-utilities-besides-iptables

By now, we only support TCP since we have no helpers for DCCP or SCTP.
Better to add this if we ever have some helper over those layer 4 protocols.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: add glue code to integrate nfnetlink_queue and ctnetlink
Pablo Neira Ayuso [Thu, 7 Jun 2012 10:13:39 +0000 (12:13 +0200)]
netfilter: add glue code to integrate nfnetlink_queue and ctnetlink

This patch allows you to include the conntrack information together
with the packet that is sent to user-space via NFQUEUE.

Previously, there was no integration between ctnetlink and
nfnetlink_queue. If you wanted to access conntrack information
from your libnetfilter_queue program, you required to query
ctnetlink from user-space to obtain it. Thus, delaying the packet
processing even more.

Including the conntrack information is optional, you can set it
via NFQA_CFG_F_CONNTRACK flag with the new NFQA_CFG_FLAGS attribute.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: nf_ct_helper: implement variable length helper private data
Pablo Neira Ayuso [Thu, 7 Jun 2012 10:11:50 +0000 (12:11 +0200)]
netfilter: nf_ct_helper: implement variable length helper private data

This patch uses the new variable length conntrack extensions.

Instead of using union nf_conntrack_help that contain all the
helper private data information, we allocate variable length
area to store the private helper data.

This patch includes the modification of all existing helpers.
It also includes a couple of include header to avoid compilation
warnings.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: nf_ct_ext: support variable length extensions
Pablo Neira Ayuso [Wed, 1 Feb 2012 15:18:31 +0000 (16:18 +0100)]
netfilter: nf_ct_ext: support variable length extensions

We can now define conntrack extensions of variable size. This
patch is useful to get rid of these unions:

union nf_conntrack_help
union nf_conntrack_proto
union nf_conntrack_nat_help

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: nf_ct_helper: allocate 16 bytes for the helper and policy names
Pablo Neira Ayuso [Sun, 15 Jan 2012 15:34:08 +0000 (16:34 +0100)]
netfilter: nf_ct_helper: allocate 16 bytes for the helper and policy names

This patch modifies the struct nf_conntrack_helper to allocate
the room for the helper name. The maximum length is 16 bytes
(this was already introduced in 2.6.24).

For the maximum length for expectation policy names, I have
also selected 16 bytes.

This patch is required by the follow-up patch to support
user-space connection tracking helpers.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
David S. Miller [Sat, 16 Jun 2012 08:23:04 +0000 (01:23 -0700)]
Merge git://git./linux/kernel/git/davem/net

Conflicts:
net/ipv6/route.c

Pull in 'net' again to get the revert of Thomas's change
which introduced regressions.

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoRevert "ipv6: Prevent access to uninitialized fib_table_hash via /proc/net/ipv6_route"
David S. Miller [Sat, 16 Jun 2012 08:12:19 +0000 (01:12 -0700)]
Revert "ipv6: Prevent access to uninitialized fib_table_hash via /proc/net/ipv6_route"

This reverts commit 2a0c451ade8e1783c5d453948289e4a978d417c9.

It causes crashes, because now ip6_null_entry is used before
it is initialized.

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoipv6: Fix types of ip6_update_pmtu().
David S. Miller [Sat, 16 Jun 2012 03:01:57 +0000 (20:01 -0700)]
ipv6: Fix types of ip6_update_pmtu().

The mtu should be a __be32, not the mark.

Reported-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
David S. Miller [Fri, 15 Jun 2012 22:51:55 +0000 (15:51 -0700)]
Merge git://git./linux/kernel/git/davem/net

Conflicts:
net/ipv6/route.c

This deals with a merge conflict between the net-next addition of the
inetpeer network namespace ops, and Thomas Graf's bug fix in
2a0c451ade8e1783c5d453948289e4a978d417c9 which makes sure we don't
register /proc/net/ipv6_route before it is actually safe to do so.

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net...
David S. Miller [Fri, 15 Jun 2012 22:37:05 +0000 (15:37 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/jkirsher/net-next

12 years agoipv6: Prevent access to uninitialized fib_table_hash via /proc/net/ipv6_route
Thomas Graf [Thu, 14 Jun 2012 23:00:17 +0000 (23:00 +0000)]
ipv6: Prevent access to uninitialized fib_table_hash via /proc/net/ipv6_route

/proc/net/ipv6_route reflects the contents of fib_table_hash. The proc
handler is installed in ip6_route_net_init() whereas fib_table_hash is
allocated in fib6_net_init() _after_ the proc handler has been installed.

This opens up a short time frame to access fib_table_hash with its pants
down.

fib6_init() as a whole can't be moved to an earlier position as it also
registers the rtnetlink message handlers which should be registered at
the end. Therefore split it into fib6_init() which is run early and
fib6_init_late() to register the rtnetlink message handlers.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Reviewed-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoqlcnic: off by one in qlcnic_init_pci_info()
Dan Carpenter [Thu, 14 Jun 2012 08:34:24 +0000 (08:34 +0000)]
qlcnic: off by one in qlcnic_init_pci_info()

The adapter->npars[] array has QLCNIC_MAX_PCI_FUNC elements.  We
allocate it that way a few lines earlier in the function.  So this test
is off by one.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Anirban Chakraborty <anirban.chakraborty@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: remove skb_orphan_try()
Eric Dumazet [Thu, 14 Jun 2012 06:42:44 +0000 (06:42 +0000)]
net: remove skb_orphan_try()

Orphaning skb in dev_hard_start_xmit() makes bonding behavior
unfriendly for applications sending big UDP bursts : Once packets
pass the bonding device and come to real device, they might hit a full
qdisc and be dropped. Without orphaning, the sender is automatically
throttled because sk->sk_wmemalloc reaches sk->sk_sndbuf (assuming
sk_sndbuf is not too big)

We could try to defer the orphaning adding another test in
dev_hard_start_xmit(), but all this seems of little gain,
now that BQL tends to make packets more likely to be parked
in Qdisc queues instead of NIC TX ring, in cases where performance
matters.

Reverts commits :
fc6055a5ba31 net: Introduce skb_orphan_try()
87fd308cfc6b net: skb_tx_hash() fix relative to skb_orphan_try()
and removes SKBTX_DRV_NEEDS_SK_REF flag

Reported-and-bisected-by: Jean-Michel Hautbois <jhautbois@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Oliver Hartkopp <socketcan@hartkopp.net>
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: fix panic when TX ring is full
Eric Dumazet [Wed, 13 Jun 2012 09:45:16 +0000 (09:45 +0000)]
bnx2x: fix panic when TX ring is full

There is a off by one error in the minimal number of BD in
bnx2x_start_xmit() and bnx2x_tx_int() before stopping/resuming tx queue.

A full size GSO packet, with data included in skb->head really needs
(MAX_SKB_FRAGS + 4) BDs, because of bnx2x_tx_split()

This error triggers if BQL is disabled and heavy TCP transmit traffic
occurs.

bnx2x_tx_split() definitely can be called, remove a wrong comment.

Reported-by: Tomas Hruby <thruby@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Eilon Greenstein <eilong@broadcom.com>
Cc: Yaniv Rosner <yanivr@broadcom.com>
Cc: Merav Sicron <meravs@broadcom.com>
Cc: Tom Herbert <therbert@google.com>
Cc: Robert Evans <evansr@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agocan: c_can: precedence error in c_can_chip_config()
Dan Carpenter [Fri, 15 Jun 2012 00:20:44 +0000 (00:20 +0000)]
can: c_can: precedence error in c_can_chip_config()

(CAN_CTRLMODE_LISTENONLY & CAN_CTRLMODE_LOOPBACK) is (0x02 & 0x01) which
is zero so the condition is never true.  The intent here was to test
that both flags were set.

Cc: <stable@kernel.org> # 2.6.39+
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoipv6: Handle PMTU in ICMP error handlers.
David S. Miller [Fri, 15 Jun 2012 21:54:11 +0000 (14:54 -0700)]
ipv6: Handle PMTU in ICMP error handlers.

One tricky issue on the ipv6 side vs. ipv4 is that the ICMP callouts
to handle the error pass the 32-bit info cookie in network byte order
whereas ipv4 passes it around in host byte order.

Like the ipv4 side, we have two helper functions.  One for when we
have a socket context and one for when we do not.

ip6ip6 tunnels are not handled here, because they handle PMTU events
by essentially relaying another ICMP packet-too-big message back to
the original sender.

This patch allows us to get rid of rt6_do_pmtu_disc().  It handles all
kinds of situations that simply cannot happen when we do the PMTU
update directly using a fully resolved route.

In fact, the "plen == 128" check in ip6_rt_update_pmtu() can very
likely be removed or changed into a BUG_ON() check.  We should never
have a prefixed ipv6 route when we get there.

Another piece of strange history here is that TCP and DCCP, unlike in
ipv4, never invoke the update_pmtu() method from their ICMP error
handlers.  This is incredibly astonishing since this is the context
where we have the most accurate context in which to make a PMTU
update, namely we have a fully connected socket and associated cached
socket route.

Signed-off-by: David S. Miller <davem@davemloft.net>