diff options
-rw-r--r-- | Documentation/networking/xfrm_sysctl.txt | 4 | ||||
-rw-r--r-- | drivers/net/cassini.c | 2 | ||||
-rw-r--r-- | include/linux/ipv6.h | 3 | ||||
-rw-r--r-- | include/linux/netdevice.h | 27 | ||||
-rw-r--r-- | include/net/sock.h | 2 | ||||
-rw-r--r-- | include/net/tcp.h | 6 | ||||
-rw-r--r-- | include/net/xfrm.h | 1 | ||||
-rw-r--r-- | net/bridge/br_fdb.c | 14 | ||||
-rw-r--r-- | net/bridge/br_stp.c | 3 | ||||
-rw-r--r-- | net/bridge/br_stp_timer.c | 2 | ||||
-rw-r--r-- | net/core/sysctl_net_core.c | 9 | ||||
-rw-r--r-- | net/core/utils.c | 6 | ||||
-rw-r--r-- | net/ipv4/fib_frontend.c | 11 | ||||
-rw-r--r-- | net/ipv4/tcp.c | 5 | ||||
-rw-r--r-- | net/ipv4/tcp_probe.c | 5 | ||||
-rw-r--r-- | net/ipv4/tcp_timer.c | 4 | ||||
-rw-r--r-- | net/ipv4/xfrm4_input.c | 6 | ||||
-rw-r--r-- | net/ipv4/xfrm4_mode_tunnel.c | 2 | ||||
-rw-r--r-- | net/ipv6/ah6.c | 2 | ||||
-rw-r--r-- | net/ipv6/ip6_fib.c | 9 | ||||
-rw-r--r-- | net/ipv6/xfrm6_input.c | 6 | ||||
-rw-r--r-- | net/ipv6/xfrm6_mode_tunnel.c | 1 | ||||
-rw-r--r-- | net/mac80211/ieee80211.c | 6 | ||||
-rw-r--r-- | net/mac80211/ieee80211_sta.c | 4 | ||||
-rw-r--r-- | net/packet/af_packet.c | 56 | ||||
-rw-r--r-- | net/xfrm/xfrm_policy.c | 3 | ||||
-rw-r--r-- | net/xfrm/xfrm_state.c | 15 |
27 files changed, 93 insertions, 121 deletions
diff --git a/Documentation/networking/xfrm_sysctl.txt b/Documentation/networking/xfrm_sysctl.txt new file mode 100644 index 0000000..5bbd167 --- /dev/null +++ b/Documentation/networking/xfrm_sysctl.txt @@ -0,0 +1,4 @@ +/proc/sys/net/core/xfrm_* Variables: + +xfrm_acq_expires - INTEGER + default 30 - hard timeout in seconds for acquire requests diff --git a/drivers/net/cassini.c b/drivers/net/cassini.c index 9fe3a38..59b9943 100644 --- a/drivers/net/cassini.c +++ b/drivers/net/cassini.c @@ -4920,7 +4920,7 @@ static int __devinit cas_init_one(struct pci_dev *pdev, pci_cmd |= PCI_COMMAND_PARITY; pci_write_config_word(pdev, PCI_COMMAND, pci_cmd); if (pci_set_mwi(pdev)) - printk(KERN_WARNING PFX "Could enable MWI for %s\n", + printk(KERN_WARNING PFX "Could not enable MWI for %s\n", pci_name(pdev)); /* diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h index 09ea01a..648bd1f 100644 --- a/include/linux/ipv6.h +++ b/include/linux/ipv6.h @@ -209,9 +209,8 @@ enum { DEVCONF_RTR_PROBE_INTERVAL, DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN, DEVCONF_PROXY_NDP, - __DEVCONF_OPTIMISTIC_DAD, - DEVCONF_ACCEPT_SOURCE_ROUTE, DEVCONF_OPTIMISTIC_DAD, + DEVCONF_ACCEPT_SOURCE_ROUTE, DEVCONF_MAX }; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index f671cd2..3a70f55 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -910,6 +910,17 @@ static inline int netif_rx_reschedule(struct net_device *dev, int undo) return 0; } +/* same as netif_rx_complete, except that local_irq_save(flags) + * has already been issued + */ +static inline void __netif_rx_complete(struct net_device *dev) +{ + BUG_ON(!test_bit(__LINK_STATE_RX_SCHED, &dev->state)); + list_del(&dev->poll_list); + smp_mb__before_clear_bit(); + clear_bit(__LINK_STATE_RX_SCHED, &dev->state); +} + /* Remove interface from poll list: it must be in the poll list * on current cpu. This primitive is called by dev->poll(), when * it completes the work. The device cannot be out of poll list at this @@ -920,10 +931,7 @@ static inline void netif_rx_complete(struct net_device *dev) unsigned long flags; local_irq_save(flags); - BUG_ON(!test_bit(__LINK_STATE_RX_SCHED, &dev->state)); - list_del(&dev->poll_list); - smp_mb__before_clear_bit(); - clear_bit(__LINK_STATE_RX_SCHED, &dev->state); + __netif_rx_complete(dev); local_irq_restore(flags); } @@ -940,17 +948,6 @@ static inline void netif_poll_enable(struct net_device *dev) clear_bit(__LINK_STATE_RX_SCHED, &dev->state); } -/* same as netif_rx_complete, except that local_irq_save(flags) - * has already been issued - */ -static inline void __netif_rx_complete(struct net_device *dev) -{ - BUG_ON(!test_bit(__LINK_STATE_RX_SCHED, &dev->state)); - list_del(&dev->poll_list); - smp_mb__before_clear_bit(); - clear_bit(__LINK_STATE_RX_SCHED, &dev->state); -} - static inline void netif_tx_lock(struct net_device *dev) { spin_lock(&dev->_xmit_lock); diff --git a/include/net/sock.h b/include/net/sock.h index 689b886..dfeb8b1 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -218,13 +218,13 @@ struct sock { atomic_t sk_rmem_alloc; atomic_t sk_wmem_alloc; atomic_t sk_omem_alloc; + int sk_sndbuf; struct sk_buff_head sk_receive_queue; struct sk_buff_head sk_write_queue; struct sk_buff_head sk_async_wait_queue; int sk_wmem_queued; int sk_forward_alloc; gfp_t sk_allocation; - int sk_sndbuf; int sk_route_caps; int sk_gso_type; int sk_rcvlowat; diff --git a/include/net/tcp.h b/include/net/tcp.h index e22b4f0..a8af9ae 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -254,6 +254,12 @@ static inline int between(__u32 seq1, __u32 seq2, __u32 seq3) return seq3 - seq2 >= seq1 - seq2; } +static inline int tcp_too_many_orphans(struct sock *sk, int num) +{ + return (num > sysctl_tcp_max_orphans) || + (sk->sk_wmem_queued > SOCK_MIN_SNDBUF && + atomic_read(&tcp_memory_allocated) > sysctl_tcp_mem[2]); +} extern struct proto tcp_prot; diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 39ef925..90185e8 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -237,7 +237,6 @@ extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo); extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo); extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c); extern void km_state_notify(struct xfrm_state *x, struct km_event *c); -#define XFRM_ACQ_EXPIRES 30 struct xfrm_tmpl; extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index 91b0170..3fc6972 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -121,6 +121,7 @@ void br_fdb_cleanup(unsigned long _data) { struct net_bridge *br = (struct net_bridge *)_data; unsigned long delay = hold_time(br); + unsigned long next_timer = jiffies + br->forward_delay; int i; spin_lock_bh(&br->hash_lock); @@ -129,14 +130,21 @@ void br_fdb_cleanup(unsigned long _data) struct hlist_node *h, *n; hlist_for_each_entry_safe(f, h, n, &br->hash[i], hlist) { - if (!f->is_static && - time_before_eq(f->ageing_timer + delay, jiffies)) + unsigned long this_timer; + if (f->is_static) + continue; + this_timer = f->ageing_timer + delay; + if (time_before_eq(this_timer, jiffies)) fdb_delete(f); + else if (this_timer < next_timer) + next_timer = this_timer; } } spin_unlock_bh(&br->hash_lock); - mod_timer(&br->gc_timer, jiffies + HZ/10); + /* Add HZ/4 to ensure we round the jiffies upwards to be after the next + * timer, otherwise we might round down and will have no-op run. */ + mod_timer(&br->gc_timer, round_jiffies(next_timer + HZ/4)); } /* Completely flush all dynamic entries in forwarding database.*/ diff --git a/net/bridge/br_stp.c b/net/bridge/br_stp.c index 0e035d6..e38034a 100644 --- a/net/bridge/br_stp.c +++ b/net/bridge/br_stp.c @@ -178,7 +178,8 @@ void br_transmit_config(struct net_bridge_port *p) br_send_config_bpdu(p, &bpdu); p->topology_change_ack = 0; p->config_pending = 0; - mod_timer(&p->hold_timer, jiffies + BR_HOLD_TIME); + mod_timer(&p->hold_timer, + round_jiffies(jiffies + BR_HOLD_TIME)); } } diff --git a/net/bridge/br_stp_timer.c b/net/bridge/br_stp_timer.c index 24e0ca4..77f5255 100644 --- a/net/bridge/br_stp_timer.c +++ b/net/bridge/br_stp_timer.c @@ -42,7 +42,7 @@ static void br_hello_timer_expired(unsigned long arg) if (br->dev->flags & IFF_UP) { br_config_bpdu_generation(br); - mod_timer(&br->hello_timer, jiffies + br->hello_time); + mod_timer(&br->hello_timer, round_jiffies(jiffies + br->hello_time)); } spin_unlock(&br->lock); } diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c index f34aca0..6d5ea97 100644 --- a/net/core/sysctl_net_core.c +++ b/net/core/sysctl_net_core.c @@ -25,6 +25,7 @@ extern int sysctl_core_destroy_delay; extern u32 sysctl_xfrm_aevent_etime; extern u32 sysctl_xfrm_aevent_rseqth; extern int sysctl_xfrm_larval_drop; +extern u32 sysctl_xfrm_acq_expires; #endif ctl_table core_table[] = { @@ -127,6 +128,14 @@ ctl_table core_table[] = { .mode = 0644, .proc_handler = &proc_dointvec }, + { + .ctl_name = CTL_UNNUMBERED, + .procname = "xfrm_acq_expires", + .data = &sysctl_xfrm_acq_expires, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = &proc_dointvec + }, #endif /* CONFIG_XFRM */ #endif /* CONFIG_NET */ { diff --git a/net/core/utils.c b/net/core/utils.c index adecfd2..2030bb8 100644 --- a/net/core/utils.c +++ b/net/core/utils.c @@ -139,16 +139,16 @@ int in4_pton(const char *src, int srclen, while(1) { int c; c = xdigit2bin(srclen > 0 ? *s : '\0', delim); - if (!(c & (IN6PTON_DIGIT | IN6PTON_DOT | IN6PTON_DELIM))) { + if (!(c & (IN6PTON_DIGIT | IN6PTON_DOT | IN6PTON_DELIM | IN6PTON_COLON_MASK))) { goto out; } - if (c & (IN6PTON_DOT | IN6PTON_DELIM)) { + if (c & (IN6PTON_DOT | IN6PTON_DELIM | IN6PTON_COLON_MASK)) { if (w == 0) goto out; *d++ = w & 0xff; w = 0; i++; - if (c & IN6PTON_DELIM) { + if (c & (IN6PTON_DELIM | IN6PTON_COLON_MASK)) { if (i != 4) goto out; break; diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 837f295..9ad1f62 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -250,8 +250,6 @@ e_inval: return -EINVAL; } -#ifndef CONFIG_IP_NOSIOCRT - static inline __be32 sk_extract_addr(struct sockaddr *addr) { return ((struct sockaddr_in *) addr)->sin_addr.s_addr; @@ -443,15 +441,6 @@ int ip_rt_ioctl(unsigned int cmd, void __user *arg) return -EINVAL; } -#else - -int ip_rt_ioctl(unsigned int cmd, void *arg) -{ - return -EINVAL; -} - -#endif - struct nla_policy rtm_ipv4_policy[RTA_MAX+1] __read_mostly = { [RTA_DST] = { .type = NLA_U32 }, [RTA_SRC] = { .type = NLA_U32 }, diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index bd4c295..7663145 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -1674,9 +1674,8 @@ adjudge_to_death: } if (sk->sk_state != TCP_CLOSE) { sk_stream_mem_reclaim(sk); - if (atomic_read(sk->sk_prot->orphan_count) > sysctl_tcp_max_orphans || - (sk->sk_wmem_queued > SOCK_MIN_SNDBUF && - atomic_read(&tcp_memory_allocated) > sysctl_tcp_mem[2])) { + if (tcp_too_many_orphans(sk, + atomic_read(sk->sk_prot->orphan_count))) { if (net_ratelimit()) printk(KERN_INFO "TCP: too many of orphaned " "sockets\n"); diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c index 3938d5d..760165a 100644 --- a/net/ipv4/tcp_probe.c +++ b/net/ipv4/tcp_probe.c @@ -80,7 +80,8 @@ static void printl(const char *fmt, ...) kfifo_put(tcpw.fifo, tbuf, len); wake_up(&tcpw.wait); -} +} __attribute__ ((format (printf, 1, 2))); + /* * Hook inserted to be called before each receive packet. @@ -95,7 +96,7 @@ static int jtcp_rcv_established(struct sock *sk, struct sk_buff *skb, /* Only update if port matches */ if ((port == 0 || ntohs(inet->dport) == port || ntohs(inet->sport) == port) && (full || tp->snd_cwnd != tcpw.lastcwnd)) { - printl("%d.%d.%d.%d:%u %d.%d.%d.%d:%u %d %#x %#x %u %u %u\n", + printl("%d.%d.%d.%d:%u %d.%d.%d.%d:%u %d %#x %#x %u %u %u %u\n", NIPQUAD(inet->saddr), ntohs(inet->sport), NIPQUAD(inet->daddr), ntohs(inet->dport), skb->len, tp->snd_nxt, tp->snd_una, diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c index 2ca97b2..e613401 100644 --- a/net/ipv4/tcp_timer.c +++ b/net/ipv4/tcp_timer.c @@ -78,9 +78,7 @@ static int tcp_out_of_resources(struct sock *sk, int do_reset) if (sk->sk_err_soft) orphans <<= 1; - if (orphans >= sysctl_tcp_max_orphans || - (sk->sk_wmem_queued > SOCK_MIN_SNDBUF && - atomic_read(&tcp_memory_allocated) > sysctl_tcp_mem[2])) { + if (tcp_too_many_orphans(sk, orphans)) { if (net_ratelimit()) printk(KERN_INFO "Out of socket memory\n"); diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c index 5ceca95..fa1902d 100644 --- a/net/ipv4/xfrm4_input.c +++ b/net/ipv4/xfrm4_input.c @@ -139,10 +139,8 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type) nf_reset(skb); if (decaps) { - if (!(skb->dev->flags&IFF_LOOPBACK)) { - dst_release(skb->dst); - skb->dst = NULL; - } + dst_release(skb->dst); + skb->dst = NULL; netif_rx(skb); return 0; } else { diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c index a2f2e6a..9963700 100644 --- a/net/ipv4/xfrm4_mode_tunnel.c +++ b/net/ipv4/xfrm4_mode_tunnel.c @@ -85,6 +85,8 @@ static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) top_iph->saddr = x->props.saddr.a4; top_iph->daddr = x->id.daddr.a4; + skb->protocol = htons(ETH_P_IP); + memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); return 0; } diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index b696c84..128f94c 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c @@ -247,7 +247,7 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb) memcpy(tmp_base, top_iph, sizeof(tmp_base)); tmp_ext = NULL; - extlen = skb_transport_offset(skb) + sizeof(struct ipv6hdr); + extlen = skb_transport_offset(skb) - sizeof(struct ipv6hdr); if (extlen) { extlen += sizeof(*tmp_ext); tmp_ext = kmalloc(extlen, GFP_ATOMIC); diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c index ca08ee8..662a7d9 100644 --- a/net/ipv6/ip6_fib.c +++ b/net/ipv6/ip6_fib.c @@ -619,14 +619,6 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt, ins = &fn->leaf; - if (fn->fn_flags&RTN_TL_ROOT && - fn->leaf == &ip6_null_entry && - !(rt->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF)) ){ - fn->leaf = rt; - rt->u.dst.rt6_next = NULL; - goto out; - } - for (iter = fn->leaf; iter; iter=iter->u.dst.rt6_next) { /* * Search for duplicates @@ -666,7 +658,6 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt, * insert node */ -out: rt->u.dst.rt6_next = iter; *ins = rt; rt->rt6i_node = fn; diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c index d7ed8aa..c858537 100644 --- a/net/ipv6/xfrm6_input.c +++ b/net/ipv6/xfrm6_input.c @@ -104,10 +104,8 @@ int xfrm6_rcv_spi(struct sk_buff *skb, __be32 spi) nf_reset(skb); if (decaps) { - if (!(skb->dev->flags&IFF_LOOPBACK)) { - dst_release(skb->dst); - skb->dst = NULL; - } + dst_release(skb->dst); + skb->dst = NULL; netif_rx(skb); return -1; } else { diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c index a6c0cdf..9fc95bc 100644 --- a/net/ipv6/xfrm6_mode_tunnel.c +++ b/net/ipv6/xfrm6_mode_tunnel.c @@ -80,6 +80,7 @@ static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) top_iph->hop_limit = dst_metric(dst->child, RTAX_HOPLIMIT); ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr); ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr); + skb->protocol = htons(ETH_P_IPV6); return 0; } diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c index 6e36df6..4e84f24 100644 --- a/net/mac80211/ieee80211.c +++ b/net/mac80211/ieee80211.c @@ -2474,6 +2474,8 @@ static int ieee80211_open(struct net_device *dev) if (sdata->type == IEEE80211_IF_TYPE_STA && !local->user_space_mlme) netif_carrier_off(dev); + else + netif_carrier_on(dev); netif_start_queue(dev); return 0; @@ -3278,8 +3280,10 @@ ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx) return TXRX_DROP; } } - while ((skb = __skb_dequeue(&entry->skb_list))) + while ((skb = __skb_dequeue(&entry->skb_list))) { memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len); + dev_kfree_skb(skb); + } /* Complete frame has been reassembled - process it now */ rx->fragmented = 1; diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c index 3e07e9d..9f30ae4 100644 --- a/net/mac80211/ieee80211_sta.c +++ b/net/mac80211/ieee80211_sta.c @@ -1155,6 +1155,8 @@ static void ieee80211_rx_mgmt_assoc_resp(struct net_device *dev, if (status_code != WLAN_STATUS_SUCCESS) { printk(KERN_DEBUG "%s: AP denied association (code=%d)\n", dev->name, status_code); + if (status_code == WLAN_STATUS_REASSOC_NO_ASSOC) + ifsta->prev_bssid_set = 0; return; } @@ -2995,7 +2997,7 @@ struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev, { struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); struct sta_info *sta; - struct ieee80211_sub_if_data *sdata = NULL; + struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); /* TODO: Could consider removing the least recently used entry and * allow new one to be added. */ diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 02e401c..f8b8301 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -83,22 +83,6 @@ #include <net/inet_common.h> #endif -#define CONFIG_SOCK_PACKET 1 - -/* - Proposed replacement for SIOC{ADD,DEL}MULTI and - IFF_PROMISC, IFF_ALLMULTI flags. - - It is more expensive, but I believe, - it is really correct solution: reentereble, safe and fault tolerant. - - IFF_PROMISC/IFF_ALLMULTI/SIOC{ADD/DEL}MULTI are faked by keeping - reference count and global flag, so that real status is - (gflag|(count != 0)), so that we can use obsolete faulty interface - not harming clever users. - */ -#define CONFIG_PACKET_MULTICAST 1 - /* Assumptions: - if device has no dev->hard_header routine, it adds and removes ll header @@ -159,7 +143,6 @@ static atomic_t packet_socks_nr; /* Private packet socket structures. */ -#ifdef CONFIG_PACKET_MULTICAST struct packet_mclist { struct packet_mclist *next; @@ -179,7 +162,7 @@ struct packet_mreq_max unsigned short mr_alen; unsigned char mr_address[MAX_ADDR_LEN]; }; -#endif + #ifdef CONFIG_PACKET_MMAP static int packet_set_ring(struct sock *sk, struct tpacket_req *req, int closing); #endif @@ -205,9 +188,7 @@ struct packet_sock { origdev:1; int ifindex; /* bound device */ __be16 num; -#ifdef CONFIG_PACKET_MULTICAST struct packet_mclist *mclist; -#endif #ifdef CONFIG_PACKET_MMAP atomic_t mapped; unsigned int pg_vec_order; @@ -263,7 +244,6 @@ static void packet_sock_destruct(struct sock *sk) static const struct proto_ops packet_ops; -#ifdef CONFIG_SOCK_PACKET static const struct proto_ops packet_ops_spkt; static int packet_rcv_spkt(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) @@ -435,7 +415,6 @@ out_unlock: dev_put(dev); return err; } -#endif static inline unsigned int run_filter(struct sk_buff *skb, struct sock *sk, unsigned int res) @@ -851,9 +830,7 @@ static int packet_release(struct socket *sock) __sock_put(sk); } -#ifdef CONFIG_PACKET_MULTICAST packet_flush_mclist(sk); -#endif #ifdef CONFIG_PACKET_MMAP if (po->pg_vec) { @@ -936,8 +913,6 @@ out_unlock: * Bind a packet socket to a device */ -#ifdef CONFIG_SOCK_PACKET - static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, int addr_len) { struct sock *sk=sock->sk; @@ -960,7 +935,6 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, int add } return err; } -#endif static int packet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) { @@ -1012,11 +986,8 @@ static int packet_create(struct socket *sock, int protocol) if (!capable(CAP_NET_RAW)) return -EPERM; - if (sock->type != SOCK_DGRAM && sock->type != SOCK_RAW -#ifdef CONFIG_SOCK_PACKET - && sock->type != SOCK_PACKET -#endif - ) + if (sock->type != SOCK_DGRAM && sock->type != SOCK_RAW && + sock->type != SOCK_PACKET) return -ESOCKTNOSUPPORT; sock->state = SS_UNCONNECTED; @@ -1027,10 +998,9 @@ static int packet_create(struct socket *sock, int protocol) goto out; sock->ops = &packet_ops; -#ifdef CONFIG_SOCK_PACKET if (sock->type == SOCK_PACKET) sock->ops = &packet_ops_spkt; -#endif + sock_init_data(sock, sk); po = pkt_sk(sk); @@ -1046,10 +1016,10 @@ static int packet_create(struct socket *sock, int protocol) spin_lock_init(&po->bind_lock); po->prot_hook.func = packet_rcv; -#ifdef CONFIG_SOCK_PACKET + if (sock->type == SOCK_PACKET) po->prot_hook.func = packet_rcv_spkt; -#endif + po->prot_hook.af_packet_priv = sk; if (proto) { @@ -1169,7 +1139,6 @@ out: return err; } -#ifdef CONFIG_SOCK_PACKET static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer) { @@ -1190,7 +1159,6 @@ static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr, return 0; } -#endif static int packet_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer) @@ -1221,7 +1189,6 @@ static int packet_getname(struct socket *sock, struct sockaddr *uaddr, return 0; } -#ifdef CONFIG_PACKET_MULTICAST static void packet_dev_mc(struct net_device *dev, struct packet_mclist *i, int what) { switch (i->type) { @@ -1349,7 +1316,6 @@ static void packet_flush_mclist(struct sock *sk) } rtnl_unlock(); } -#endif static int packet_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) @@ -1362,7 +1328,6 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv return -ENOPROTOOPT; switch(optname) { -#ifdef CONFIG_PACKET_MULTICAST case PACKET_ADD_MEMBERSHIP: case PACKET_DROP_MEMBERSHIP: { @@ -1383,7 +1348,7 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv ret = packet_mc_drop(sk, &mreq); return ret; } -#endif + #ifdef CONFIG_PACKET_MMAP case PACKET_RX_RING: { @@ -1506,11 +1471,10 @@ static int packet_notifier(struct notifier_block *this, unsigned long msg, void switch (msg) { case NETDEV_UNREGISTER: -#ifdef CONFIG_PACKET_MULTICAST if (po->mclist) packet_dev_mclist(dev, po->mclist, -1); - // fallthrough -#endif + /* fallthrough */ + case NETDEV_DOWN: if (dev->ifindex == po->ifindex) { spin_lock(&po->bind_lock); @@ -1856,7 +1820,6 @@ out: #endif -#ifdef CONFIG_SOCK_PACKET static const struct proto_ops packet_ops_spkt = { .family = PF_PACKET, .owner = THIS_MODULE, @@ -1877,7 +1840,6 @@ static const struct proto_ops packet_ops_spkt = { .mmap = sock_no_mmap, .sendpage = sock_no_sendpage, }; -#endif static const struct proto_ops packet_ops = { .family = PF_PACKET, diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index b8bab89..64a3751 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -26,10 +26,11 @@ #include <net/xfrm.h> #include <net/ip.h> #include <linux/audit.h> +#include <linux/cache.h> #include "xfrm_hash.h" -int sysctl_xfrm_larval_drop; +int sysctl_xfrm_larval_drop __read_mostly; DEFINE_MUTEX(xfrm_cfg_mutex); EXPORT_SYMBOL(xfrm_cfg_mutex); diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 9955ff4..372f06e 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -21,18 +21,21 @@ #include <linux/cache.h> #include <asm/uaccess.h> #include <linux/audit.h> +#include <linux/cache.h> #include "xfrm_hash.h" struct sock *xfrm_nl; EXPORT_SYMBOL(xfrm_nl); -u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME; +u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME; EXPORT_SYMBOL(sysctl_xfrm_aevent_etime); -u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE; +u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE; EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth); +u32 sysctl_xfrm_acq_expires __read_mostly = 30; + /* Each xfrm_state may be linked to two tables: 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl) @@ -622,8 +625,8 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family); hlist_add_head(&x->byspi, xfrm_state_byspi+h); } - x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES; - x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ; + x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires; + x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ; add_timer(&x->timer); xfrm_state_num++; xfrm_hash_grow_check(x->bydst.next != NULL); @@ -772,9 +775,9 @@ static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 re x->props.family = family; x->props.mode = mode; x->props.reqid = reqid; - x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES; + x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires; xfrm_state_hold(x); - x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ; + x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ; add_timer(&x->timer); hlist_add_head(&x->bydst, xfrm_state_bydst+h); h = xfrm_src_hash(daddr, saddr, family); |