summaryrefslogtreecommitdiffstats
path: root/net/ipv6
Commit message (Collapse)AuthorAgeFilesLines
* Merge tag 'split-asm_system_h-for-linus-20120328' of ↵Linus Torvalds2012-03-283-3/+0
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-asm_system Pull "Disintegrate and delete asm/system.h" from David Howells: "Here are a bunch of patches to disintegrate asm/system.h into a set of separate bits to relieve the problem of circular inclusion dependencies. I've built all the working defconfigs from all the arches that I can and made sure that they don't break. The reason for these patches is that I recently encountered a circular dependency problem that came about when I produced some patches to optimise get_order() by rewriting it to use ilog2(). This uses bitops - and on the SH arch asm/bitops.h drags in asm-generic/get_order.h by a circuituous route involving asm/system.h. The main difficulty seems to be asm/system.h. It holds a number of low level bits with no/few dependencies that are commonly used (eg. memory barriers) and a number of bits with more dependencies that aren't used in many places (eg. switch_to()). These patches break asm/system.h up into the following core pieces: (1) asm/barrier.h Move memory barriers here. This already done for MIPS and Alpha. (2) asm/switch_to.h Move switch_to() and related stuff here. (3) asm/exec.h Move arch_align_stack() here. Other process execution related bits could perhaps go here from asm/processor.h. (4) asm/cmpxchg.h Move xchg() and cmpxchg() here as they're full word atomic ops and frequently used by atomic_xchg() and atomic_cmpxchg(). (5) asm/bug.h Move die() and related bits. (6) asm/auxvec.h Move AT_VECTOR_SIZE_ARCH here. Other arch headers are created as needed on a per-arch basis." Fixed up some conflicts from other header file cleanups and moving code around that has happened in the meantime, so David's testing is somewhat weakened by that. We'll find out anything that got broken and fix it.. * tag 'split-asm_system_h-for-linus-20120328' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-asm_system: (38 commits) Delete all instances of asm/system.h Remove all #inclusions of asm/system.h Add #includes needed to permit the removal of asm/system.h Move all declarations of free_initmem() to linux/mm.h Disintegrate asm/system.h for OpenRISC Split arch_align_stack() out from asm-generic/system.h Split the switch_to() wrapper out of asm-generic/system.h Move the asm-generic/system.h xchg() implementation to asm-generic/cmpxchg.h Create asm-generic/barrier.h Make asm-generic/cmpxchg.h #include asm-generic/cmpxchg-local.h Disintegrate asm/system.h for Xtensa Disintegrate asm/system.h for Unicore32 [based on ver #3, changed by gxt] Disintegrate asm/system.h for Tile Disintegrate asm/system.h for Sparc Disintegrate asm/system.h for SH Disintegrate asm/system.h for Score Disintegrate asm/system.h for S390 Disintegrate asm/system.h for PowerPC Disintegrate asm/system.h for PA-RISC Disintegrate asm/system.h for MN10300 ...
| * Remove all #inclusions of asm/system.hDavid Howells2012-03-283-3/+0
| | | | | | | | | | | | | | | | | | Remove all #inclusions of asm/system.h preparatory to splitting and killing it. Performed with the following command: perl -p -i -e 's!^#\s*include\s*<asm/system[.]h>.*\n!!' `grep -Irl '^#\s*include\s*<asm/system[.]h>' *` Signed-off-by: David Howells <dhowells@redhat.com>
* | net: fix a potential rcu_read_lock() imbalance in rt6_fill_node()Eric Dumazet2012-03-271-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit f2c31e32b378 (net: fix NULL dereferences in check_peer_redir() ) added a regression in rt6_fill_node(), leading to rcu_read_lock() imbalance. Thats because NLA_PUT() can make a jump to nla_put_failure label. Fix this by using nla_put() Many thanks to Ben Greear for his help Reported-by: Ben Greear <greearb@candelatech.com> Reported-by: Dave Jones <davej@redhat.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Tested-by: Ben Greear <greearb@candelatech.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | netfilter: remove forward module param confusion.Rusty Russell2012-03-221-7/+2
|/ | | | | | | | | | | It used to be an int, and it got changed to a bool parameter at least 7 years ago. It happens that NF_ACCEPT and NF_DROP are 0 and 1, so this works, but it's unclear, and the check that it's in range is not required. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: fix incorrent ipv6 ipsec packet fragmentGao feng2012-03-201-5/+6
| | | | | | | | | | | | | Since commit 299b0767(ipv6: Fix IPsec slowpath fragmentation problem) In func ip6_append_data,after call skb_put(skb, fraglen + dst_exthdrlen) the skb->len contains dst_exthdrlen,and we don't reduce dst_exthdrlen at last This will make fraggap>0 in next "while cycle",and cause the size of skb incorrent Fix this by reserve headroom for dst_exthdrlen. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2012-03-182-2/+1
|\
| * ipv6: Don't dev_hold(dev) in ip6_mc_find_dev_rcu.RongQing.Li2012-03-161-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | ip6_mc_find_dev_rcu() is called with rcu_read_lock(), so don't need to dev_hold(). With dev_hold(), not corresponding dev_put(), will lead to leak. [ bug introduced in 96b52e61be1 (ipv6: mcast: RCU conversions) ] Signed-off-by: RongQing.Li <roy.qing.li@gmail.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * ipv6: fix icmp6_dst_alloc()Eric Dumazet2012-03-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | commit 87a115783 ( ipv6: Move xfrm_lookup() call down into icmp6_dst_alloc().) forgot to convert one error path, leading to crashes in mld_sendpack() Many thanks to Dave Jones for providing a very complete bug report. Reported-by: Dave Jones <davej@redhat.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: Fix Smatch warning.Li Wei2012-03-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With commit d6ddef9e641d(IPv6: Fix not join all-router mcast group when forwarding set.) I check 'dev' after it's dereference that leads to a Smatch complaint: net/ipv6/addrconf.c:438 ipv6_add_dev() warn: variable dereferenced before check 'dev' (see line 432) net/ipv6/addrconf.c 431 /* protected by rtnl_lock */ 432 rcu_assign_pointer(dev->ip6_ptr, ndev); ^^^^^^^^^^^^ Old dereference. 433 434 /* Join all-node multicast group */ 435 ipv6_dev_mc_inc(dev, &in6addr_linklocal_allnodes); 436 437 /* Join all-router multicast group if forwarding is set */ 438 if (ndev->cnf.forwarding && dev && (dev->flags & IFF_MULTICAST)) ^^^ Remove the check to avoid the complaint as 'dev' can't be NULL. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Li Wei <lw@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2012-03-091-0/+4
|\ \ | |/
| * IPv6: Fix not join all-router mcast group when forwarding set.Li Wei2012-03-061-0/+4
| | | | | | | | | | | | | | | | When forwarding was set and a new net device is register, we need add this device to the all-router mcast group. Signed-off-by: Li Wei <lw@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | netfilter: add cttimeout infrastructure for fine timeout tuningPablo Neira Ayuso2012-03-071-0/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds the infrastructure to add fine timeout tuning over nfnetlink. Now you can use the NFNL_SUBSYS_CTNETLINK_TIMEOUT subsystem to create/delete/dump timeout objects that contain some specific timeout policy for one flow. The follow up patches will allow you attach timeout policy object to conntrack via the CT target and the conntrack extension infrastructure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | netfilter: nf_conntrack: pass timeout array to l4->new and l4->packetPablo Neira Ayuso2012-03-071-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch defines a new interface for l4 protocol trackers: unsigned int *(*get_timeouts)(struct net *net); that is used to return the array of unsigned int that contains the timeouts that will be applied for this flow. This is passed to the l4proto->new(...) and l4proto->packet(...) functions to specify the timeout policy. This interface allows per-net global timeout configuration (although only DCCP supports this by now) and it will allow custom custom timeout configuration by means of follow-up patches. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | netfilter: merge ipt_LOG and ip6_LOG into xt_LOGRichard Weinberger2012-03-073-537/+0
| | | | | | | | | | | | | | | | ipt_LOG and ip6_LOG have a lot of common code, merge them to reduce duplicate code. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2012-02-264-12/+9
|\ \ | |/ | | | | | | | | | | | | | | | | | | Conflicts: drivers/net/ethernet/sfc/rx.c Overlapping changes in drivers/net/ethernet/sfc/rx.c, one to change the rx_buf->is_page boolean into a set of u16 flags, and another to adjust how ->ip_summed is initialized. Signed-off-by: David S. Miller <davem@davemloft.net>
| * ipsec: be careful of non existing mac headersEric Dumazet2012-02-232-9/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Niccolo Belli reported ipsec crashes in case we handle a frame without mac header (atm in his case) Before copying mac header, better make sure it is present. Bugzilla reference: https://bugzilla.kernel.org/show_bug.cgi?id=42809 Reported-by: Niccolò Belli <darkbasic@linuxsystems.it> Tested-by: Niccolò Belli <darkbasic@linuxsystems.it> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * ipv6: ip6_route_output() never returns NULL.RongQing.Li2012-02-222-3/+6
| | | | | | | | | | | | | | | | ip6_route_output() never returns NULL, so it is wrong to check if the return value is NULL. Signed-off-by: RongQing.Li <roy.qing.li@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | datagram: Add offset argument to __skb_recv_datagramPavel Emelyanov2012-02-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | This one is only considered for MSG_PEEK flag and the value pointed by it specifies where to start peeking bytes from. If the offset happens to point into the middle of the returned skb, the offset within this skb is put back to this very argument. Signed-off-by: Pavel Emelyanov <xemul@parallels.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | net: implement IP_RECVTOS for IP_PKTOPTIONSJiri Benc2012-02-133-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, it is not easily possible to get TOS/DSCP value of packets from an incoming TCP stream. The mechanism is there, IP_PKTOPTIONS getsockopt with IP_RECVTOS set, the same way as incoming TTL can be queried. This is not actually implemented for TOS, though. This patch adds this functionality, both for IPv4 (IP_PKTOPTIONS) and IPv6 (IPV6_2292PKTOPTIONS). For IPv4, like in the IP_RECVTTL case, the value of the TOS field is stored from the other party's ACK. This is needed for proxies which require DSCP transparency. One such example is at http://zph.bratcheda.org/. Signed-off-by: Jiri Benc <jbenc@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: helper function to get tclassJiri Benc2012-02-131-1/+1
| | | | | | | | | | | | | | Implement helper inline function to get traffic class from IPv6 header. Signed-off-by: Jiri Benc <jbenc@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: Implement IPV6_UNICAST_IF socket option.Erich E. Hoover2012-02-084-1/+42
| | | | | | | | | | | | | | | | The IPV6_UNICAST_IF feature is the IPv6 compliment to IP_UNICAST_IF. Signed-off-by: Erich E. Hoover <ehoover@mines.edu> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: Remove never used function inet6_ac_check().David S. Miller2012-02-011-29/+0
| | | | | | | | | | | | | | | | | | | | It went from unused, to commented out, and never changing after that. Just get rid of it, if someone wants it they can unearth it from the history. Signed-off-by: David S. Miller <davem@davemloft.net>
* | tcp: md5: RST: getting md5 key from listenerShawn Lu2012-02-011-2/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TCP RST mechanism is broken in TCP md5(RFC2385). When connection is gone, md5 key is lost, sending RST without md5 hash is deem to ignored by peer. This can be a problem since RST help protocal like bgp to fast recove from peer crash. In most case, users of tcp md5, such as bgp and ldp, have listener on both sides to accept connection from peer. md5 keys for peers are saved in listening socket. There are two cases in finding md5 key when connection is lost: 1.Passive receive RST: The message is send to well known port, tcp will associate it with listner. md5 key is gotten from listener. 2.Active receive RST (no sock): The message is send to ative side, there is no socket associated with the message. In this case, finding listener from source port, then find md5 key from listener. we are not loosing sercuriy here: packet is checked with md5 hash. No RST is generated if md5 hash doesn't match or no md5 key can be found. Signed-off-by: Shawn Lu <shawn.lu@ericsson.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | xfrm6: remove unneeded NULL check in __xfrm6_output()Dan Carpenter2012-02-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We don't check for NULL consistently in __xfrm6_output(). If "x" were NULL here it would lead to an OOPs later. I asked Steffen Klassert about this and he suggested that we remove the NULL check. On 10/29/11, Steffen Klassert <steffen.klassert@secunet.com> wrote: >> net/ipv6/xfrm6_output.c >> 148 >> 149 if ((x && x->props.mode == XFRM_MODE_TUNNEL) && >> ^ > > x can't be null here. It would be a bug if __xfrm6_output() is called > without a xfrm_state attached to the skb. I think we can just remove > this null check. Cc: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | tcp: md5: protects md5sig_info with RCUEric Dumazet2012-02-011-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch makes sure we use appropriate memory barriers before publishing tp->md5sig_info, allowing tcp_md5_do_lookup() being used from tcp_v4_send_reset() without holding socket lock (upcoming patch from Shawn Lu) Note we also need to respect rcu grace period before its freeing, since we can free socket without this grace period thanks to SLAB_DESTROY_BY_RCU Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Shawn Lu <shawn.lu@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | tcp: md5: rcu conversionEric Dumazet2012-01-311-161/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to be able to support proper RST messages for TCP MD5 flows, we need to allow access to MD5 keys without locking listener socket. This conversion is a nice cleanup, and shrinks size of timewait sockets by 80 bytes. IPv6 code reuses generic code found in IPv4 instead of duplicating it. Control path uses GFP_KERNEL allocations instead of GFP_ATOMIC. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Shawn Lu <shawn.lu@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | tcp: md5: remove obsolete md5_add() methodEric Dumazet2012-01-311-9/+0
| | | | | | | | | | | | | | We no longer use md5_add() method from struct tcp_sock_af_ops Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: fix RFC5722 commentEric Dumazet2012-01-301-4/+3
| | | | | | | | | | | | | | | | | | | | | | RFC5722 Section 4 was amended by Errata 3089 Our implementation did the right thing anyway... Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: Eliminate dst_get_neighbour_noref() usage in ip6_forward().David S. Miller2012-01-271-5/+3
| | | | | | | | | | | | | | It's only used to get at neigh->primary_key, which in this context is always going to be the same as rt->rt6i_gateway. Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: Remove neigh argument from ndisc_send_redirect()David S. Miller2012-01-272-3/+11
| | | | | | | | | | | | | | Instead, compute it as-needed inside of that function using dst_neigh_lookup(). Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: fib: Convert fib6_age() to dst_neigh_lookup().David S. Miller2012-01-271-5/+14
| | | | | | | | | | | | | | | | In this specific situation we know we are dealing with a gatewayed route and therefore rt6i_gateway is not going to be in6addr_any even in future interpretations. Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: ndisc: Convert to dst_neigh_lookup()David S. Miller2012-01-271-6/+12
| | | | | | | | | | | | | | | | Now all code paths grab a local reference to the neigh, so if neigh is not NULL we unconditionally release it at the end. The old logic would only release if we didn't have a non-NULL 'rt'. Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: Use ipv6_addr_any()David S. Miller2012-01-261-2/+1
| | | | | | | | | | | | Suggested by YOSHIFUJI Hideaki. Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: sit: Convert to dst_neigh_lookup()David S. Miller2012-01-261-5/+15
| | | | | | | | | | | | | | The only semantic difference is that we now hold a reference to the neighbour and thus have to release it. Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv4/ipv6: Prepare for new route gateway semantics.David S. Miller2012-01-261-1/+15
|/ | | | | | | | | | | | | | | | In the future the ipv4/ipv6 route gateway will take on two types of values: 1) INADDR_ANY/IN6ADDR_ANY, for local network routes, and in this case the neighbour must be obtained using the destination address in ipv4/ipv6 header as the lookup key. 2) Everything else, the actual nexthop route address. So if the gateway is not inaddr-any we use it, otherwise we must use the packet's destination address. Signed-off-by: David S. Miller <davem@davemloft.net>
* tcp: md5: using remote adress for md5 lookup in rst packetshawnlu2012-01-221-1/+1
| | | | | | | | | md5 key is added in socket through remote address. remote address should be used in finding md5 key when sending out reset packet. Signed-off-by: shawnlu <shawn.lu@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: race condition in ipv6 forwarding and disable_ipv6 parametersFrancesco Ruggeri2012-01-181-21/+40
| | | | | | | | | | | | | | | | | | There is a race condition in addrconf_sysctl_forward() and addrconf_sysctl_disable(). These functions change idev->cnf.forwarding (resp. idev->cnf.disable_ipv6) and then try to grab the rtnl lock before performing any actions. If that fails they restore the original value and restart the syscall. This creates race conditions if ipv6 code tries to access these parameters, or if multiple instances try to do the same operation. As an example of the former, if __ipv6_ifa_notify() finds a 0 in idev->cnf.forwarding when invoked by addrconf_ifdown() it may not free anycast addresses, ultimately resulting in the net_device not being freed. This patch reads the user parameters into a temporary location and only writes the actual parameters when the rtnl lock is acquired. Tested in 2.6.38.8. Signed-off-by: Francesco Ruggeri <fruggeri@aristanetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds2012-01-173-3/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (47 commits) tg3: Fix single-vector MSI-X code openvswitch: Fix multipart datapath dumps. ipv6: fix per device IP snmp counters inetpeer: initialize ->redirect_genid in inet_getpeer() net: fix NULL-deref in WARN() in skb_gso_segment() net: WARN if skb_checksum_help() is called on skb requiring segmentation caif: Remove bad WARN_ON in caif_dev caif: Fix typo in Vendor/Product-ID for CAIF modems bnx2x: Disable AN KR work-around for BCM57810 bnx2x: Remove AutoGrEEEn for BCM84833 bnx2x: Remove 100Mb force speed for BCM84833 bnx2x: Fix PFC setting on BCM57840 bnx2x: Fix Super-Isolate mode for BCM84833 net: fix some sparse errors net: kill duplicate included header net: sh-eth: Fix build error by the value which is not defined net: Use device model to get driver name in skb_gso_segment() bridge: BH already disabled in br_fdb_cleanup() net: move sock_update_memcg outside of CONFIG_INET mwl8k: Fixing Sparse ENDIAN CHECK warning ...
| * ipv6: fix per device IP snmp countersEric Dumazet2012-01-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | In commit 4ce3c183fca (snmp: 64bit ipstats_mib for all arches), I forgot to change the /proc/net/dev_snmp6/xxx output for IP counters. percpu array is 64bit per counter but the folding still used the 'long' variant, and output garbage on 32bit arches. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * net: fix some sparse errorsEric Dumazet2012-01-171-1/+1
| | | | | | | | | | | | | | | | | | make C=2 CF="-D__CHECK_ENDIAN__" M=net And fix flowi4_init_output() prototype for sport Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * ipv6: release idev when ip6_neigh_lookup failed in icmp6_dst_allocRongQing.Li2012-01-131-0/+1
| | | | | | | | | | | | | | | | release idev when ip6_neigh_lookup failed in icmp6_dst_alloc Signed-off-by: RongQing.Li <roy.qing.li@gmail.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-securityLinus Torvalds2012-01-141-1/+1
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 'for-linus' of git://selinuxproject.org/~jmorris/linux-security: capabilities: remove __cap_full_set definition security: remove the security_netlink_recv hook as it is equivalent to capable() ptrace: do not audit capability check when outputing /proc/pid/stat capabilities: remove task_ns_* functions capabitlies: ns_capable can use the cap helpers rather than lsm call capabilities: style only - move capable below ns_capable capabilites: introduce new has_ns_capabilities_noaudit capabilities: call has_ns_capability from has_capability capabilities: remove all _real_ interfaces capabilities: introduce security_capable_noaudit capabilities: reverse arguments to security_capable capabilities: remove the task from capable LSM hook entirely selinux: sparse fix: fix several warnings in the security server cod selinux: sparse fix: fix warnings in netlink code selinux: sparse fix: eliminate warnings for selinuxfs selinux: sparse fix: declare selinux_disable() in security.h selinux: sparse fix: move selinux_complete_init selinux: sparse fix: make selinux_secmark_refcount static SELinux: Fix RCU deref check warning in sel_netport_insert() Manually fix up a semantic mis-merge wrt security_netlink_recv(): - the interface was removed in commit fd7784615248 ("security: remove the security_netlink_recv hook as it is equivalent to capable()") - a new user of it appeared in commit a38f7907b926 ("crypto: Add userspace configuration API") causing no automatic merge conflict, but Eric Paris pointed out the issue.
| * security: remove the security_netlink_recv hook as it is equivalent to capable()Eric Paris2012-01-051-1/+1
| | | | | | | | | | | | | | | | | | | | Once upon a time netlink was not sync and we had to get the effective capabilities from the skb that was being received. Today we instead get the capabilities from the current task. This has rendered the entire purpose of the hook moot as it is now functionally equivalent to the capable() call. Signed-off-by: Eric Paris <eparis@redhat.com>
* | net: reintroduce missing rcu_assign_pointer() callsEric Dumazet2012-01-124-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | commit a9b3cd7f32 (rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER) did a lot of incorrect changes, since it did a complete conversion of rcu_assign_pointer(x, y) to RCU_INIT_POINTER(x, y). We miss needed barriers, even on x86, when y is not NULL. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Stephen Hemminger <shemminger@vyatta.com> CC: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6/addrconf: speedup /proc/net/if_inet6 fillingMihai Maruseac2012-01-041-15/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This ensures a linear behaviour when filling /proc/net/if_inet6 thus making ifconfig run really fast on IPv6 only addresses. In fact, with this patch and the IPv4 one sent a while ago, ifconfig will run in linear time regardless of address type. IPv4 related patch: f04565ddf52e401880f8ba51de0dff8ba51c99fd dev: use name hash for dev_seq_ops ... Some statistics (running ifconfig > /dev/null on a different setup): iface count / IPv6 no-patch time / IPv6 patched time / IPv4 time ---------------------------------------------------------------- 6250 | 0.23 s | 0.13 s | 0.11 s 12500 | 0.62 s | 0.28 s | 0.22 s 25000 | 2.91 s | 0.57 s | 0.46 s 50000 | 11.37 s | 1.21 s | 0.94 s 128000 | 86.78 s | 3.05 s | 2.54 s Signed-off-by: Mihai Maruseac <mmaruseac@ixiacom.com> Cc: Daniel Baluta <dbaluta@ixiacom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: Check RA for sllao when configuring optimistic ipv6 address (v2)Neil Horman2012-01-042-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Recently Dave noticed that a test we did in ipv6_add_addr to see if we next hop route for the interface we're adding an addres to was wrong (see commit 7ffbcecbeed91e5874e9a1cfc4c0cbb07dac3069). for one, it never triggers, and two, it was completely wrong to begin with. This test was meant to cover this section of RFC 4429: 3.3 Modifications to RFC 2462 Stateless Address Autoconfiguration * (modifies section 5.5) A host MAY choose to configure a new address as an Optimistic Address. A host that does not know the SLLAO of its router SHOULD NOT configure a new address as Optimistic. A router SHOULD NOT configure an Optimistic Address. This patch should bring us into proper compliance with the above clause. Since we only add a SLAAC address after we've received a RA which may or may not contain a source link layer address option, we can pass a pointer to that option to addrconf_prefix_rcv (which may be null if the option is not present), and only set the optimistic flag if the option was found in the RA. Change notes: (v2) modified the new parameter to addrconf_prefix_rcv to be a bool rather than a pointer to make its use more clear as per request from davem. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> CC: "David S. Miller" <davem@davemloft.net> CC: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | IPv6: Avoid taking write lock for /proc/net/ipv6_routeJosh Hunt2011-12-302-1/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During some debugging I needed to look into how /proc/net/ipv6_route operated and in my digging I found its calling fib6_clean_all() which uses "write_lock_bh(&table->tb6_lock)" before doing the walk of the table. I found this on 2.6.32, but reading the code I believe the same basic idea exists currently. Looking at the rtnetlink code they are only calling "read_lock_bh(&table->tb6_lock);" via fib6_dump_table(). While I realize reading from proc isn't the recommended way of fetching the ipv6 route table; taking a write lock seems unnecessary and would probably cause network performance issues. To verify this I loaded up the ipv6 route table and then ran iperf in 3 cases: * doing nothing * reading ipv6 route table via proc (while :; do cat /proc/net/ipv6_route > /dev/null; done) * reading ipv6 route table via rtnetlink (while :; do ip -6 route show table all > /dev/null; done) * Load the ipv6 route table up with: * for ((i = 0;i < 4000;i++)); do ip route add unreachable 2000::$i; done * iperf commands: * client: iperf -i 1 -V -c <ipv6 addr> * server: iperf -V -s * iperf results - 3 runs each (in Mbits/sec) * nothing: client: 927,927,927 server: 927,927,927 * proc: client: 179,97,96,113 server: 142,112,133 * iproute: client: 928,927,928 server: 927,927,927 lock_stat shows taking the write lock is causing the slowdown. Using this info I decided to write a version of fib6_clean_all() which replaces write_lock_bh(&table->tb6_lock) with read_lock_bh(&table->tb6_lock). With this new function I see the same results as with my rtnetlink iperf test. Signed-off-by: Josh Hunt <joshhunt00@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: Fix neigh lookup using NULL device.David S. Miller2011-12-291-7/+10
| | | | | | | | | | | | | | | | | | | | | | In some of the rt6_bind_neighbour() call sites, it hasn't hooked up the rt->dst.dev pointer yet, so we'd deref a NULL pointer when obtaining dev->ifindex for the neighbour hash function computation. Just pass the netdevice explicitly in to fix this problem. Reported-by: Bjarke Istrup Pedersen <gurligebis@gentoo.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: Report TCP timetstamp info in cacheinfo just like ipv4 does.David S. Miller2011-12-291-1/+10
| | | | | | | | | | | | I missed this while adding ipv6 support to inet_peer. Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv6: Kill rt6i_dev and rt6i_expires defines.David S. Miller2011-12-287-47/+47
| | | | | | | | | | | | | | | | | | It just obscures that the netdevice pointer and the expires value are implemented in the dst_entry sub-object of the ipv6 route. And it makes grepping for dst_entry member uses much harder too. Signed-off-by: David S. Miller <davem@davemloft.net>
OpenPOWER on IntegriCloud