summaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAgeFilesLines
* [NETFILTER]: ip_conntrack_proto_sctp.c needs linux/interrupt.hJoe Kappus2006-01-071-0/+1
| | | | | Signed-off-by: Joe Kappus <joecool1029@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Add ipt_policy/ip6t_policy matchesPatrick McHardy2006-01-076-0/+367
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Handle NAT in IPsec policy checksPatrick McHardy2006-01-074-3/+54
| | | | | | | | | Handle NAT of decapsulated IPsec packets by reconstructing the struct flowi of the original packet from the conntrack information for IPsec policy checks. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Keep conntrack reference until IPsec policy checks are donePatrick McHardy2006-01-076-9/+12
| | | | | | | | | Keep the conntrack reference until policy checks have been performed for IPsec NAT support. The reference needs to be dropped before a packet is queued to avoid having the conntrack module unloadable. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Redo policy lookups after NAT when neccessaryPatrick McHardy2006-01-073-3/+31
| | | | | | | | | | When NAT changes the key used for the xfrm lookup it needs to be done again. If a new policy is returned in POST_ROUTING the packet needs to be passed to xfrm4_output_one manually after all hooks were called because POST_ROUTING is called with fixed okfn (ip_finish_output). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Use conntrack information to determine if packet was NATedPatrick McHardy2006-01-071-15/+19
| | | | | | | | | | Preparation for IPsec support for NAT: Use conntrack information instead of saving the saving and comparing the addresses to determine if a packet was NATed and needs to be rerouted to make it easier to extend the key. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harderPatrick McHardy2006-01-077-9/+27
| | | | | | | | | | | | | | | | | ip_route_me_harder doesn't use the port numbers of the xfrm lookup and uses ip_route_input for non-local addresses which doesn't do a xfrm lookup, ip6_route_me_harder doesn't do a xfrm lookup at all. Use xfrm_decode_session and do the lookup manually, make sure both only do the lookup if the packet hasn't been transformed already. Makeing sure the lookup only happens once needs a new field in the IP6CB, which exceeds the size of skb->cb. The size of skb->cb is increased to 48b. Apparently the IPv6 mobile extensions need some more room anyway. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: reset IPCB flags when neccessaryPatrick McHardy2006-01-073-0/+4
| | | | | | | | | | | | Reset IPSKB_XFRM_TUNNEL_SIZE flags in ipip and ip_gre hard_start_xmit function before the packet reenters IP. This is neccessary so the encapsulated packets are checked not to be oversized in xfrm4_output.c again. Reset all flags in sit when a packet changes its address family. Also remove some obsolete IPSKB flags. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4/6]: Netfilter IPsec input hooksPatrick McHardy2006-01-073-1/+45
| | | | | | | | | | When the innermost transform uses transport mode the decapsulated packet is not visible to netfilter. Pass the packet through the PRE_ROUTING and LOCAL_IN hooks again before handing it to upper layer protocols to make netfilter-visibility symetrical to the output path. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Move nextheader offset to the IP6CBPatrick McHardy2006-01-0711-42/+37
| | | | | | | | | | Move nextheader offset to the IP6CB to make it possible to pass a packet to ip6_input_finish multiple times and have it skip already parsed headers. As a nice side effect this gets rid of the manual hopopts skipping in ip6_input_finish. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Netfilter IPsec output hooksPatrick McHardy2006-01-072-36/+110
| | | | | | | | | | | | | | | | | | | | Call netfilter hooks before IPsec transforms. Packets visit the FORWARD/LOCAL_OUT and POST_ROUTING hook before the first encapsulation and the LOCAL_OUT and POST_ROUTING hook before each following tunnel mode transform. Patch from Herbert Xu <herbert@gondor.apana.org.au>: Move the loop from dst_output into xfrm4_output/xfrm6_output since they're the only ones who need to it. xfrm{4,6}_output_one() processes the first SA all subsequent transport mode SAs and is called in a loop that calls the netfilter hooks between each two calls. In order to avoid the tail call issue, I've added the inline function nf_hook which is nf_hook_slow plus the empty list check. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: ipv6.c needs net/ip6_checksum.cDavid S. Miller2006-01-071-0/+1
| | | | | | Reported by Dave Jones. Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds2006-01-0613-24/+25
|\
| * [NET]: Endian-annotate in_aton()Alexey Dobriyan2006-01-061-1/+1
| | | | | | | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NET]: Endian-annotate struct iphdrAlexey Dobriyan2006-01-063-4/+4
| | | | | | | | | | | | | | And fix trivial warnings that emerged. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [LSM-IPSec]: Corrections to LSM-IPSec NethooksTrent Jaeger2006-01-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch contains two corrections to the LSM-IPsec Nethooks patches previously applied. (1) free a security context on a failed insert via xfrm_user interface in xfrm_add_policy. Memory leak. (2) change the authorization of the allocation of a security context in a xfrm_policy or xfrm_state from both relabelfrom and relabelto to setcontext. Signed-off-by: Trent Jaeger <tjaeger@cse.psu.edu> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [PKTGEN]: Adds missing __init.Luiz Capitulino2006-01-061-3/+2
| | | | | | | | | | | | | | | | pktgen_find_thread() and pktgen_create_thread() are only called at initialization time. Signed-off-by: Luiz Capitulino <lcapitulino@mandriva.com.br> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER]: ipt_helper.c needs linux/interrupt.hJoe2006-01-061-0/+1
| | | | | | | | | | | | From: Joe <joecool1029@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [BRIDGE] netfilter: vlan + hw checksum = bug?Stephen Hemminger2006-01-061-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | It looks like the bridge netfilter code does not correctly update the hardware checksum after popping off the VLAN header. This is by inspection, I have *not* tested this. To test you would need to set up a filtering bridge with vlans and a device the does hardware receive checksum (skge, or sungem) Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [X25]: Fix for broken x25 module.Shaun Pereira2006-01-061-6/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a user-space server application calls bind on a socket, then in kernel space this bound socket is considered 'x25-linked' and the SOCK_ZAPPED flag is unset.(As in x25_bind()/af_x25.c). Now when a user-space client application attempts to connect to the server on the listening socket, if the kernel accepts this in-coming call, then it returns a new socket to userland and attempts to reply to the caller. The reply/x25_sendmsg() will fail, because the new socket created on call-accept has its SOCK_ZAPPED flag set by x25_make_new(). (sock_init_data() called by x25_alloc_socket() called by x25_make_new() sets the flag to SOCK_ZAPPED)). Fix: Using the sock_copy_flag() routine available in sock.h fixes this. Tested on 32 and 64 bit kernels with x25 over tcp. Signed-off-by: Shaun Pereira <pereira.shaun@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NET]: Change sk_run_filter()'s return type in net/core/filter.cKris Katterjohn2006-01-061-3/+3
| | | | | | | | | | | | | | It should return an unsigned value, and fix sk_filter() as well. Signed-off-by: Kris Katterjohn <kjak@ispwest.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NET]: Use newer is_multicast_ether_addr() in some filesKris Katterjohn2006-01-063-3/+3
| | | | | | | | | | | | | | | | This uses is_multicast_ether_addr() because it has recently been changed to do the same thing these seperate tests are doing. Signed-off-by: Kris Katterjohn <kjak@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuildLinus Torvalds2006-01-062-2/+2
|\ \
| * | kbuild: un-stringnify KBUILD_MODNAMESam Ravnborg2006-01-062-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now when kbuild passes KBUILD_MODNAME with "" do not __stringify it when used. Remove __stringnify for all users. This also fixes the output of: $ ls -l /sys/module/ drwxr-xr-x 4 root root 0 2006-01-05 14:24 pcmcia drwxr-xr-x 4 root root 0 2006-01-05 14:24 pcmcia_core drwxr-xr-x 3 root root 0 2006-01-05 14:24 "processor" drwxr-xr-x 3 root root 0 2006-01-05 14:24 "psmouse" The quoting of the module names will be gone again. Thanks to GregKH + Kay Sievers for reproting this. Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
* | | SUNRPC: Make krb5 report unsupported encryption typesJ. Bruce Fields2006-01-061-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | Print messages when an unsupported encrytion algorthm is requested or there is an error locating a supported algorthm. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: Make spkm3 report unsupported encryption typesJ. Bruce Fields2006-01-061-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | Print messages when an unsupported encrytion algorthm is requested or there is an error locating a supported algorthm. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: Update the spkm3 code to use the make_checksum interfaceJ. Bruce Fields2006-01-063-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | Also update the tokenlen calculations to accomodate g_token_size(). Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: Clean up xprt_destroy()Trond Myklebust2006-01-061-24/+6
| | | | | | | | | | | | | | | | | | | | | We ought never to be calling xprt_destroy() if there are still active rpc_tasks. Optimise away the broken code that attempts to "fix" that case. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: Ensure client closes the socket when server initiates a closeTrond Myklebust2006-01-062-19/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the server decides to close the RPC socket, we currently don't actually respond until either another RPC call is scheduled, or until xprt_autoclose() gets called by the socket expiry timer (which may be up to 5 minutes later). This patch ensures that xprt_autoclose() is called much sooner if the server closes the socket. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: get rid of cl_chattyChuck Lever2006-01-062-7/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clean up: Every ULP that uses the in-kernel RPC client, except the NLM client, sets cl_chatty. There's no reason why NLM shouldn't set it, so just get rid of cl_chatty and always be verbose. Test-plan: Compile with CONFIG_NFS enabled. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: transport switch API for setting port numberChuck Lever2006-01-062-3/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At some point, transport endpoint addresses will no longer be IPv4. To hide the structure of the rpc_xprt's address field from ULPs and port mappers, add an API for setting the port number during an RPC bind operation. Test-plan: Destructive testing (unplugging the network temporarily). Connectathon with UDP and TCP. NFSv2/3 and NFSv4 mounting should be carefully checked. Probably need to rig a server where certain services aren't running, or that returns an error for some typical operation. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: new interface to force an RPC rebindChuck Lever2006-01-061-6/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We'd like to hide fields in rpc_xprt and rpc_clnt from upper layer protocols. Start by creating an API to force RPC rebind, replacing logic that simply sets cl_port to zero. Test-plan: Destructive testing (unplugging the network temporarily). Connectathon with UDP and TCP. NFSv2/3 and NFSv4 mounting should be carefully checked. Probably need to rig a server where certain services aren't running, or that returns an error for some typical operation. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: switchable buffer allocationChuck Lever2006-01-064-29/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add RPC client transport switch support for replacing buffer management on a per-transport basis. In the current IPv4 socket transport implementation, RPC buffers are allocated as needed for each RPC message that is sent. Some transport implementations may choose to use pre-allocated buffers for encoding, sending, receiving, and unmarshalling RPC messages, however. For transports capable of direct data placement, the buffers can be carved out of a pre-registered area of memory rather than from a slab cache. Test-plan: Millions of fsx operations. Performance characterization with "sio" and "iozone". Use oprofile and other tools to look for significant regression in CPU utilization. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: net/sunrpc/xdr.c: remove xdr_decode_string()Adrian Bunk2006-01-061-21/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes ths unused function xdr_decode_string(). Signed-off-by: Adrian Bunk <bunk@stusta.de> Acked-by: Neil Brown <neilb@suse.de> Acked-by: Charles Lever <Charles.Lever@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: Fix a potential race in rpc_pipefs.Trond Myklebust2006-01-061-3/+6
| | | | | | | | | | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: Ensure that SIGKILL will always terminate a synchronous RPC call.Trond Myklebust2006-01-061-2/+2
| | | | | | | | | | | | | | | | | | | | | ...and make sure that the "intr" flag also enables SIGHUP and SIGTERM to interrupt RPC calls too (as per the Solaris implementation). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: rpc_execute should not return task->tk_status;Trond Myklebust2006-01-062-8/+7
| | | | | | | | | | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: Get rid of some unused exportsTrond Myklebust2006-01-061-4/+0
| | | | | | | | | | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | NFSv4: stateful NFSv4 RPC call interfaceTrond Myklebust2006-01-061-19/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The NFSv4 model requires us to complete all RPC calls that might establish state on the server whether or not the user wants to interrupt it. We may also need to schedule new work (including new RPC calls) in order to cancel the new state. The asynchronous RPC model will allow us to ensure that RPC calls always complete, but in order to allow for "synchronous" RPC, we want to add the ability to wait for completion. The waits are, of course, interruptible. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: Further cleanupsTrond Myklebust2006-01-061-0/+10
| | | | | | | | | | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | RPC: Clean up RPC task structureTrond Myklebust2006-01-062-32/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Shrink the RPC task structure. Instead of storing separate pointers for task->tk_exit and task->tk_release, put them in a structure. Also pass the user data pointer as a parameter instead of passing it via task->tk_calldata. This enables us to nest callbacks. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: Yet more RPC cleanupsTrond Myklebust2006-01-063-39/+32
| |/ |/| | | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | [PATCH] Keep nfsd from exiting when seeing recv() errorsOlaf Kirch2006-01-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I submitted this one previously - svc_tcp_recvfrom currently returns any errors to the caller, including ECONNRESET and the like. This is something svc_recv isn't able to deal with: len = svsk->sk_recvfrom(rqstp); [...] if (len == 0 || len == -EAGAIN) { [...] return -EAGAIN; } [...] return len; The nfsd main loop will exit when it sees an error code other than EAGAIN. The following patch fixes this problem svc_recv is not equipped to deal with error codes other than EAGAIN, and will propagate anything else (such as ECONNRESET) up to nfsd, causing it to exit. Signed-off-by: Olaf Kirch <okir@suse.de> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* | [PATCH] knfsd: fix hash function for IP addresses on 64bit little-endian ↵NeilBrown2006-01-061-1/+13
|/ | | | | | | | | | | | | | | | | | | | | | | | machines. The hash.h hash_long function, when used on a 64 bit machine, ignores many of the middle-order bits. (The prime chosen it too bit-sparse). IP addresses for clients of an NFS server are very likely to differ only in the low-order bits. As addresses are stored in network-byte-order, these bits become middle-order bits in a little-endian 64bit 'long', and so do not contribute to the hash. Thus you can have the situation where all clients appear on one hash chain. So, until hash_long is fixed (or maybe forever), us a hash function that works well on IP addresses - xor the bytes together. Thanks to "Iozone" <capps@iozone.org> for identifying this problem. Cc: "Iozone" <capps@iozone.org> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [NET]: Change 1500 to ETH_DATA_LEN in some filesKris Katterjohn2006-01-056-9/+15
| | | | | | | | These patches add the header linux/if_ether.h and change 1500 to ETH_DATA_LEN in some files. Signed-off-by: Kris Katterjohn <kjak@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPVS]: Another file needs linux/interrupt.hAndrew Morton2006-01-051-0/+1
| | | | | Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Use HOPLIMIT metric as TTL of TCP reset sent by REJECTYasuyuki Kozakai2006-01-051-1/+1
| | | | | | | | HOPLIMIT metric is appropriate to TCP reset sent by REJECT target than hard-coded max TTL. Thanks to David S. Miller for hint. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_conntrack_l3proto_ipv4.c needs net/route.hPatrick McHardy2006-01-051-0/+1
| | | | | | | | | | CC [M] net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.o net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c: In function 'ipv4_refrag': net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c:198: error: dereferencing pointer to incomplete type make[3]: *** [net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.o] Error 1 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stackPatrick McHardy2006-01-051-8/+10
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: make ipv6_find_hdr() find transport protocol headerPatrick McHardy2006-01-057-74/+48
| | | | | | | | | The original ipv6_find_hdr() finds the specified header in IPv6 packets. This makes it possible to get transport header so that we can kill similar loop in ip6_match_packet(). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
OpenPOWER on IntegriCloud