summaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAgeFilesLines
* [BLUETOOTH]: put_device before device_del fixDave Young2007-12-292-9/+2
| | | | | | | | Because of workqueue delay, the put_device could be called before device_del, so move it to del_conn. Signed-off-by: Dave Young <hidave.darkstar@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: use non-delayed ACK for congestion control RTTGavin McCullagh2007-12-291-8/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a delayed ACK representing two packets arrives, there are two RTT samples available, one for each packet. The first (in order of seq number) will be artificially long due to the delay waiting for the second packet, the second will trigger the ACK and so will not itself be delayed. According to rfc1323, the SRTT used for RTO calculation should use the first rtt, so receivers echo the timestamp from the first packet in the delayed ack. For congestion control however, it seems measuring delayed ack delay is not desirable as it varies independently of congestion. The patch below causes seq_rtt and last_ackt to be updated with any available later packet rtts which should have less (and hopefully zero) delack delay. The rtt value then gets passed to ca_ops->pkts_acked(). Where TCP_CONG_RTT_STAMP was set, effort was made to supress RTTs from within a TSO chunk (!fully_acked), using only the final ACK (which includes any TSO delay) to generate RTTs. This patch removes these checks so RTTs are passed for each ACK to ca_ops->pkts_acked(). For non-delay based congestion control (cubic, h-tcp), rtt is sometimes used for rtt-scaling. In shortening the RTT, this may make them a little less aggressive. Delay-based schemes (eg vegas, veno, illinois) should get a cleaner, more accurate congestion signal, particularly for small cwnds. The congestion control module can potentially also filter out bad RTTs due to the delayed ack alarm by looking at the associated cnt which (where delayed acking is in use) should probably be 1 if the alarm went off or greater if the ACK was triggered by a packet. Signed-off-by: Gavin McCullagh <gavin.mccullagh@nuim.ie> Acked-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4] Fix ip=dhcp regressionSimon Horman2007-12-281-0/+1
| | | | | | | | | | | | | | | | | | | David Brownell pointed out a regression in my recent "Fix ip command line processing" patch. It turns out to be a fairly blatant oversight on my part whereby ic_enable is never set, and thus autoconfiguration is never enabled. Clearly my testing was broken :-( The solution that I have is to set ic_enable to 1 if we hit ip_auto_config_setup(), which basically means that autoconfiguration is activated unless told otherwise. I then flip ic_enable to 0 if ip=off, ip=none, ip=::::::off or ip=::::::none using ic_proto_name(); The incremental patch is below, let me know if a non-incremental version is prepared, as I did as for the original patch to be reverted pending a fix. Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Fix ip command line processing.Simon Horman2007-12-261-6/+4
| | | | | | | | | | | | | | | | Recently the documentation in Documentation/nfsroot.txt was update to note that in fact ip=off and ip=::::::off as the latter is ignored and the default (on) is used. This was certainly a step in the direction of reducing confusion. But it seems to me that the code ought to be fixed up so that ip=::::::off actually turns off ip autoconfiguration. This patch also notes more specifically that ip=on (aka ip=::::::on) is the default. Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_conntrack_ipv4: fix module parameter compatibilityPatrick McHardy2007-12-262-2/+6
| | | | | | | | | | | | | | | | | Some users do "modprobe ip_conntrack hashsize=...". Since we have the module aliases this loads nf_conntrack_ipv4 and nf_conntrack, the hashsize parameter is unknown for nf_conntrack_ipv4 however and makes it fail. Allow to specify hashsize= for both nf_conntrack and nf_conntrack_ipv4. Note: the nf_conntrack message in the ringbuffer will display an incorrect hashsize since nf_conntrack is first pulled in as a dependency and calculates the size itself, then it gets changed through a call to nf_conntrack_set_hashsize(). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* mac80211: warn when receiving frames with unaligned dataJohannes Berg2007-12-261-0/+13
| | | | | | | | | | This patch makes mac80211 warn (once) when the driver passes up a frame in which the payload data is not aligned on a four-byte boundary, with a long comment for people who run into the condition and need to know what to do. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: round station cleanup timerJohannes Berg2007-12-261-2/+5
| | | | | | | | | The station cleanup timer runs every ten seconds, the exact timing is not relevant at all so it can well run together with other things to save power. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [IPV4]: OOPS with NETLINK_FIB_LOOKUP netlink socketDenis V. Lunev2007-12-211-3/+6
| | | | | | | | | | | | | | | | | | [ Regression added by changeset: cd40b7d3983c708aabe3d3008ec64ffce56d33b0 [NET]: make netlink user -> kernel interface synchronious -DaveM ] nl_fib_input re-reuses incoming skb to send the reply. This means that this packet will be freed twice, namely in: - netlink_unicast_kernel - on receive path Use clone to send as a cure, the caller is responsible for kfree_skb on error. Thanks to Alexey Dobryan, who originally found the problem. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Fix function put_cmsg() which may cause usr application memory overflowWei Yongjun2007-12-202-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When used function put_cmsg() to copy kernel information to user application memory, if the memory length given by user application is not enough, by the bad length calculate of msg.msg_controllen, put_cmsg() function may cause the msg.msg_controllen to be a large value, such as 0xFFFFFFF0, so the following put_cmsg() can also write data to usr application memory even usr has no valid memory to store this. This may cause usr application memory overflow. int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) { struct cmsghdr __user *cm = (__force struct cmsghdr __user *)msg->msg_control; struct cmsghdr cmhdr; int cmlen = CMSG_LEN(len); ~~~~~~~~~~~~~~~~~~~~~ int err; if (MSG_CMSG_COMPAT & msg->msg_flags) return put_cmsg_compat(msg, level, type, len, data); if (cm==NULL || msg->msg_controllen < sizeof(*cm)) { msg->msg_flags |= MSG_CTRUNC; return 0; /* XXX: return error? check spec. */ } if (msg->msg_controllen < cmlen) { ~~~~~~~~~~~~~~~~~~~~~~~~ msg->msg_flags |= MSG_CTRUNC; cmlen = msg->msg_controllen; } cmhdr.cmsg_level = level; cmhdr.cmsg_type = type; cmhdr.cmsg_len = cmlen; err = -EFAULT; if (copy_to_user(cm, &cmhdr, sizeof cmhdr)) goto out; if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr))) goto out; cmlen = CMSG_SPACE(len); ~~~~~~~~~~~~~~~~~~~~~~~~~~~ If MSG_CTRUNC flags is set, msg->msg_controllen is less than CMSG_SPACE(len), "msg->msg_controllen -= cmlen" will cause unsinged int type msg->msg_controllen to be a large value. ~~~~~~~~~~~~~~~~~~~~~~~~~~~ msg->msg_control += cmlen; msg->msg_controllen -= cmlen; ~~~~~~~~~~~~~~~~~~~~~ err = 0; out: return err; } The same promble exists in put_cmsg_compat(). This patch can fix this problem. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER] ipv4: Spelling fixesJoe Perches2007-12-201-1/+1
| | | | | Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Spelling fixesJoe Perches2007-12-201-2/+2
| | | | | Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Spelling fixesJoe Perches2007-12-201-4/+4
| | | | | Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETLABEL]: Spelling fixesJoe Perches2007-12-201-1/+1
| | | | | Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PKT_SCHED]: Spelling fixesJoe Perches2007-12-201-1/+1
| | | | | Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET] net/core/: Spelling fixesJoe Perches2007-12-201-1/+1
| | | | | Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Spelling fixesJoe Perches2007-12-201-1/+1
| | | | | Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IRDA]: Spelling fixesJoe Perches2007-12-205-10/+10
| | | | | Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: Spelling fixesJoe Perches2007-12-202-2/+2
| | | | | Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Correct two mistaken skb_reset_mac_header() conversions.David S. Miller2007-12-202-2/+2
| | | | | | | | | | | | | | This operation helper abstracts: skb->mac_header = skb->data; but it was done in two more places which were actually: skb->mac_header = skb->network_header; and those are corrected here. Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4] ip_gre: set mac_header correctly in receive pathTimo Teras2007-12-201-1/+1
| | | | | | | | mac_header update in ipgre_recv() was incorrectly changed to skb_reset_mac_header() when it was introduced. Signed-off-by: Timo Teras <timo.teras@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Audit function arguments misorderedPaul Moore2007-12-202-4/+4
| | | | | | | | | | In several places the arguments to the xfrm_audit_start() function are in the wrong order resulting in incorrect user information being reported. This patch corrects this by pacing the arguments in the correct order. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC]: Avoid undefined shift operation when testing algorithm IDHerbert Xu2007-12-191-2/+12
| | | | | | | | | | | | | | | | | The aalgos/ealgos fields are only 32 bits wide. However, af_key tries to test them with the expression 1 << id where id can be as large as 253. This produces different behaviour on different architectures. The following patch explicitly checks whether ID is greater than 31 and fails the check if that's the case. We cannot easily extend the mask to be longer than 32 bits due to exposure to user-space. Besides, this whole interface is obsolete anyway in favour of the xfrm_user interface which doesn't use this bit mask in templates (well not within the kernel anyway). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4] ARP: Remove not used codeMark Ryden2007-12-191-2/+1
| | | | | | | | In arp_process() (net/ipv4/arp.c), there is unused code: definition and assignment of tha (target hw address ). Signed-off-by: Mark Ryden <markryde@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* NET: mac80211: fix inappropriate memory freeingCyrill Gorcunov2007-12-191-1/+1
| | | | | | | | | | | Fix inappropriate memory freeing in case of requested rate_control_ops was not found. In this case the list head entity is going to be accidentally wasted. Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Acked-by: Michael Wu <flamingice@sourmilk.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: fix header opsJohannes Berg2007-12-191-1/+0
| | | | | | | | | | | When using recvfrom() on a SOCK_DGRAM packet socket, I noticed that the MAC address passed back for wireless frames was always completely wrong. The reason for this is that the header parse function assigned to our virtual interfaces is a function parsing an 802.11 rather than 802.3 header. This patch fixes it by keeping the default ethernet header operations assigned. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: Drop out of associated state if link is lostMichael Wu2007-12-191-6/+2
| | | | | | | | There is no point in staying in IEEE80211_ASSOCIATED if there is no sta_info entry to receive frames with. Signed-off-by: Michael Wu <flamingice@sourmilk.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Merge branch 'upstream-linus' of ↵Linus Torvalds2007-12-171-0/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/netdev-2.6 * 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/netdev-2.6: (23 commits) iwlwifi: fix rf_kill state inconsistent during suspend and resume b43: Fix rfkill radio LED bcm43xx_debugfs sscanf fix libertas: select WIRELESS_EXT iwlwifi3945/4965: fix rate control algo reference leak ieee80211_rate: missed unlock wireless/ipw2200.c: add __dev{init,exit} annotations zd1211rw: Fix alignment problems libertas: add Dan Williams as maintainer sis190 endianness ucc_geth: really fix section mismatch pcnet_cs: add new id ixgb: make sure jumbos stay enabled after reset Net: ibm_newemac, remove SPIN_LOCK_UNLOCKED net: smc911x: shut up compiler warnings ucc_geth: minor whitespace fix drivers/net/s2io.c section fixes drivers/net/sis190.c section fix hamachi endianness fixes e100: free IRQ to remove warningwhenrebooting ...
| * Merge branch 'fixes-jgarzik' of ↵Jeff Garzik2007-12-171-0/+1
| |\ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream-fixes
| | * ieee80211_rate: missed unlockCyrill Gorcunov2007-12-171-0/+1
| | | | | | | | | | | | | | | Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | Merge git://git.linux-nfs.org/pub/linux/nfs-2.6Linus Torvalds2007-12-171-8/+1
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.linux-nfs.org/pub/linux/nfs-2.6: MAINTAINERS: update the NFS CLIENT entry NFS: Fix an Oops in NFS unmount Revert "NFS: Ensure we return zero if applications attempt to write zero bytes" SUNRPC xprtrdma: fix XDR tail buf marshalling for all ops NFSv2/v3: Fix a memory leak when using -onolock NFS: Fix NFS mountpoint crossing...
| * | | SUNRPC xprtrdma: fix XDR tail buf marshalling for all opsJames Lentini2007-12-111-8/+1
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rpcrdma_convert_iovs is passed an xdr_buf representing either an RPC request or an RPC reply. In the case of a request, several calculations and tests involving pos are unnecessary. In the case of a reply, several calculations and tests involving pos are incorrect (the code tests pos against the reply xdr buf's len field, which is always 0 at the time rpcrdma_convert_iovs is executed). This change removes the incorrect/unnecessary calculations and tests involving pos. This fixes an observed problem when reading certain file sizes over NFS/RDMA. Signed-off-by: Tom Tucker <tom@opengridcomputing.com> Signed-off-by: Tom Talpey <talpey@netapp.com> Signed-off-by: James Lentini <jlentini@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | [IRDA]: irda parameters warning fixes.Richard Knutsson2007-12-161-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes: CHECK /home/kernel/src/net/irda/parameters.c /home/kernel/src/net/irda/parameters.c:466:2: warning: Using plain integer as NULL pointer /home/kernel/src/net/irda/parameters.c:520:2: warning: Using plain integer as NULL pointer /home/kernel/src/net/irda/parameters.c:573:2: warning: Using plain integer as NULL pointer Signed-off-by: Richard Knutsson <ricknu-0@student.ltu.se> Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [IRDA]: irlmp_unregister_link() needs to free lsaps.Hinko Kocevar2007-12-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While testing the mcs7780 based IrDA USB dongle I've stumbled upon memory leak in irlmp_unregister_link(). Hashbin for lsaps is created in irlmp_register_link and should probably be freed in irlmp_unregister_link(). Signed-off-by: Hinko Kocevar <hinko.kocevar@cetrtapot.si> Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [SCTP]: Flush fragment queue when exiting partial delivery.Vlad Yasevich2007-12-161-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At the end of partial delivery, we may have complete messages sitting on the fragment queue. These messages are stuck there until a new fragment arrives. This can comletely stall a given association. When clearing partial delivery state, flush any complete messages from the fragment queue and send them on their way up. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [AX25]: Locking dependencies fix in ax25_disconnect().Jarek Poplawski2007-12-161-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bernard Pidoux reported these lockdep warnings: [ INFO: possible irq lock inversion dependency detected ] 2.6.23.1 #1 --------------------------------------------------------- fpac/4933 just changed the state of lock: (slock-AF_AX25){--..}, at: [<d8be3312>] ax25_disconnect+0x46/0xaf [ax25] but this lock was taken by another, soft-irq-safe lock in the past: (ax25_list_lock){-+..} and interrupts could create inverse lock ordering between them. [...] [ INFO: inconsistent lock state ] 2.6.23.1 #1 --------------------------------- inconsistent {in-softirq-W} -> {softirq-on-W} usage. ax25_call/4005 [HC0[0]:SC0[0]:HE1:SE1] takes: (slock-AF_AX25){-+..}, at: [<d8b79312>] ax25_disconnect+0x46/0xaf [ax25] [...] This means slock-AF_AX25 could be taken both from softirq and process context with softirqs enabled, so it's endangered itself, but also makes ax25_list_lock vulnerable. It was not 100% verified if the real lockup can happen, but this fix isn't very costly and looks safe anyway. (It was tested by Bernard with 2.6.23.9 and 2.6.24-rc5 kernels.) Reported_by: Bernard Pidoux <pidoux@ccr.jussieu.fr> Tested_by: Bernard Pidoux <pidoux@ccr.jussieu.fr> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [IPV4]: Make tcp_input_metrics() get minimum RTO via tcp_rto_min()Satoru SATOH2007-12-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | tcp_input_metrics() refers to the built-time constant TCP_RTO_MIN regardless of configured minimum RTO with iproute2. Signed-off-by: Satoru SATOH <satoru.satoh@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [IPV6]: Fix the return value of ipv6_getsockoptWei Yongjun2007-12-161-7/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If CONFIG_NETFILTER if not selected when compile the kernel source code, ipv6_getsockopt will returen an EINVAL error if optname is not supported by the kernel. But if CONFIG_NETFILTER is selected, ENOPROTOOPT error will be return. This patch fix to always return ENOPROTOOPT error if optname argument of ipv6_getsockopt is not supported by the kernel. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [BRIDGE]: Assign random address.Stephen Hemminger2007-12-161-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Assigning a valid random address to bridge device solves problems when bridge device is brought up before adding real device to bridge. When the first real device is added to the bridge, it's address will overide the bridges random address. Note: any device added to a bridge must already have a valid ethernet address. br_add_if -> br_fdb_insert -> fdb_insert -> is_valid_ether_addr Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [IPV4]: Updates to nfsroot documentationAmos Waterland2007-12-141-19/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The difference between ip=off and ip=::::::off has been a cause of much confusion. Document how each behaves, and do not contradict ourselves by saying that "off" is the default when in fact "any" is the default and is descibed as being so lower in the file. Signed-off-by: Amos Waterland <apw@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [TIPC]: Fix semaphore handling.Andrew Morton2007-12-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | As noted by Kevin, tipc's release() does down_interruptible() and ignores the return value. So if signal_pending() we'll end up doing up() on a non-downed semaphore. Fix. Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [NETFILTER]: xt_hashlimit should use time_after_eq()Eric Dumazet2007-12-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to avoid jiffies wraparound and its effect, special care must be taken when doing comparisons ... Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [XFRM]: Display the audited SPI value in host byte order.Paul Moore2007-12-141-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the IPsec protocol SPI values are written to the audit log in network byte order which is different from almost all other values which are recorded in host byte order. This patch corrects this inconsistency by writing the SPI values to the audit record in host byte order. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [NETFILTER]: ip_tables: fix compat copy racePatrick McHardy2007-12-142-47/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When copying entries to user, the kernel makes two passes through the data, first copying all the entries, then fixing up names and counters. On the second pass it copies the kernel and match data from userspace to the kernel again to find the corresponding structures, expecting that kernel pointers contained in the data are still valid. This is obviously broken, fix by avoiding the second pass completely and fixing names and counters while dumping the ruleset, using the kernel-internal data structures. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [NETFILTER]: ctnetlink: set expected bit for related conntracksPablo Neira Ayuso2007-12-141-1/+3
|/ / | | | | | | | | | | | | | | This patch is a fix. It sets IPS_EXPECTED for related conntracks. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPSEC]: Fix potential dst leak in xfrm_lookupHerbert Xu2007-12-111-3/+6
| | | | | | | | | | | | | | | | | | | | | | If we get an error during the actual policy lookup we don't free the original dst while the caller expects us to always free the original dst in case of error. This patch fixes that. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [VLAN]: Fix potential race in vlan_cleanup_module vs vlan_ioctl_handler.Pavel Emelyanov2007-12-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The vlan module cleanup function starts with vlan_netlink_fini(); vlan_ioctl_set(NULL); The first call removes all the vlan devices and the second one closes the vlan ioctl. AFAIS there's a tiny race window between these two calls - after rtnl unregistered all the vlans, but the ioctl handler isn't set to NULL yet, user can manage to call this ioctl and create one vlan device, and that this function will later BUG_ON seeing non-emply hashes. I think, that we must first close the vlan ioctl and only after this remove all the vlans with the vlan_netlink_fini() call. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET]: Fix wrong comments for unregister_net*Wang Chen2007-12-111-4/+2
| | | | | | | | | | | | | | | | There are some return value comments for void functions. Fixed it. Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPv6] ESP: Discard dummy packets introduced in rfc4303Thomas Graf2007-12-111-0/+6
| | | | | | | | | | | | | | | | | | | | RFC4303 introduces dummy packets with a nexthdr value of 59 to implement traffic confidentiality. Such packets need to be dropped silently and the payload may not be attempted to be parsed as it consists of random chunk. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPv4] ESP: Discard dummy packets introduced in rfc4303Thomas Graf2007-12-111-0/+5
| | | | | | | | | | | | | | | | | | | | RFC4303 introduces dummy packets with a nexthdr value of 59 to implement traffic confidentiality. Such packets need to be dropped silently and the payload may not be attempted to be parsed as it consists of random chunk. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV4]: Swap the ifa allocation with the"ipv4_devconf_setall" callPavel Emelyanov2007-12-111-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | According to Herbert, the ipv4_devconf_setall should be called only when the ifa is added to the device. However, failed ifa allocation may bring things into inconsistent state. Move the call to ipv4_devconf_setall after the ifa allocation. Fits both net-2.6 (with offsets) and net-2.6.25 (cleanly). Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
OpenPOWER on IntegriCloud