summaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAgeFilesLines
* NetLabel: correct CIPSO tag handling when adding new DOI definitionsPaul Moore2007-01-091-3/+3
| | | | | | | | | | | The current netlbl_cipsov4_add_common() function has two problems which are fixed with this patch. The first is an off-by-one bug where it is possibile to overflow the doi_def->tags[] array. The second is a bug where the same doi_def->tags[] array was not always fully initialized, which caused sporadic failures. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
* [Bluetooth] Handle device registration failuresMarcel Holtmann2007-01-091-1/+6
| | | | | | | | In the case the device registration for a new Bluetooth low-level connection fails there is no need to unregister it when the temporary data structure has been removed. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* [Bluetooth] Fix uninitialized return value for RFCOMM sendmsg()Marcel Holtmann2007-01-091-3/+6
| | | | | | | | When calling send() with a zero length parameter on a RFCOMM socket it returns a positive value. In this rare case the variable err is used uninitialized and unfortunately its value is returned. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* [Bluetooth] More checks if DLC is still attached to the TTYMarcel Holtmann2007-01-091-7/+15
| | | | | | | If the DLC device is no longer attached to the TTY device, then return errors or default values for various callbacks of the TTY layer. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* [Bluetooth] Add packet size checks for CAPI messagesMarcel Holtmann2007-01-091-6/+33
| | | | | | | | With malformed packets it might be possible to overwrite internal CMTP and CAPI data structures. This patch adds additional length checks to prevent these kinds of remote attacks. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* [X25]: Trivial, SOCK_DEBUG's in x25_facilities missing newlinesAndrew Hendry2007-01-091-6/+6
| | | | | | | | Trivial. Newlines missing on the SOCK_DEBUG's for X.25 facility negotiation. Signed-off-by: Andrew Hendry <andrew.hendry@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET]: Fix incorrect "inet_sock->is_icsk" assignment.Paul Moore2007-01-092-2/+2
| | | | | | | | | | | The inet_create() and inet6_create() functions incorrectly set the inet_sock->is_icsk field. Both functions assume that the is_icsk field is large enough to hold at least a INET_PROTOSW_ICSK value when it is actually only a single bit. This patch corrects the assignment by doing a boolean comparison whose result will safely fit into a single bit field. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4/IPV6]: Fix inet{,6} device initialization order.David L Stevens2007-01-042-4/+5
| | | | | | | | | | | It is important that we only assign dev->ip{,6}_ptr only after all portions of the inet{,6} are setup. Otherwise we can receive packets before the multicast spinlocks et al. are initialized. Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: ebtables: don't compute gap before checking struct typeChuck Ebbert2007-01-041-1/+2
| | | | | | | | | | | | We cannot compute the gap until we know we have a 'struct ebt_entry' and not 'struct ebt_entries'. Failure to check can cause crash. Tested-by: Santiago Garcia Mantinan <manty@manty.net> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_nat: fix MASQUERADE crash on device downMartin Josefsson2007-01-041-1/+4
| | | | | | | | | Check the return value of nfct_nat() in device_cmp(), we might very well have non NAT conntrack entries as well (Netfilter bugzilla #528). Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: New connection tracking is not EXPERIMENTAL anymorePatrick McHardy2007-01-042-15/+14
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Fix routing of REJECT target generated packets in output chainPatrick McHardy2007-01-041-2/+5
| | | | | | | | | Packets generated by the REJECT target in the output chain have a local destination address and a foreign source address. Make sure not to use the foreign source address for the output route lookup. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: compat offsets size changeDmitry Mishin2007-01-041-5/+5
| | | | | | | | | Used by compat code offsets of entries should be 'unsigned int' as entries array size has this dimension. Signed-off-by: Dmitry Mishin <dim@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [X25]: proper prototype for x25_init_timers()Adrian Bunk2007-01-031-2/+0
| | | | | | | | This patch adds a proper prototype for x25_init_timers() in include/net/x25.h Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* [AF_NETLINK]: module_put cleanupMariusz Kozlowski2007-01-031-2/+1
| | | | | | | This patch removes redundant argument check for module_put(). Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM_USER]: avoid pointless void ** castsChristoph Hellwig2007-01-031-31/+42
| | | | | | | | All ->doit handlers want a struct rtattr **, so pass down the right type. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER] xt_hashlimit.c: fix typoAlexey Dobriyan2007-01-031-1/+1
| | | | | Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PKTGEN]: Convert to kthread API.David S. Miller2007-01-031-108/+48
| | | | | | | | | Based upon a suggestion from Christoph Hellwig. This fixes various races in module load/unload handling too. Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Algorithm lookup using .compat nameMartin Willi2006-12-311-1/+2
| | | | | | | | | | | Installing an IPsec SA using old algorithm names (.compat) does not work if the algorithm is not already loaded. When not using the PF_KEY interface, algorithms are not preloaded in xfrm_probe_algs() and installing a IPsec SA fails. Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'upstream-fixes' of ↵Jeff Garzik2006-12-262-3/+3
|\ | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream-fixes
| * [PATCH] ieee80211softmac: Fix mutex_lock at exit of ieee80211_softmac_get_genieUlrich Kunitz2006-12-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | ieee80211softmac_wx_get_genie locks the associnfo mutex at function exit. This patch fixes it. The patch is against Linus' tree (commit af1713e0). Signed-off-by: Ulrich Kunitz <kune@deine-taler.de> Signed-off-by: Michael Buesch <mb@bu3sch.de> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * [PATCH] ieee80211softmac: Fix errors related to the work_struct changesUlrich Kunitz2006-12-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The signature of work functions changed recently from a context pointer to the work structure pointer. This caused a problem in the ieee80211softmac code, because the ieee80211softmac_assox_work function has been called directly with a parameter explicitly casted to (void*). This compiled correctly but resulted in a softlock, because mutex_lock was called with the wrong memory address. The patch fixes the problem. Another issue was a wrong call of the schedule_work function. Softmac works again and this fixes the problem I mentioned earlier in the zd1211rw rx tasklet patch. The patch is against Linus' tree (commit af1713e0). Signed-off-by: Ulrich Kunitz <kune@deine-taler.de> Acked-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | [UDP]: Fix reversed logic in udp_get_port().David S. Miller2006-12-221-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When this code was converted to use sk_for_each() the logic for the "best hash chain length" code was reversed, breaking everything. The original code was of the form: size = 0; do { if (++size >= best_size_so_far) goto next; } while ((sk = sk->next) != NULL); best_size_so_far = size; best = result; next:; and this got converted into: sk_for_each(sk2, node, head) if (++size < best_size_so_far) { best_size_so_far = size; best = result; } Which does something very very different from the original. Signed-off-by: David S. Miller <davem@davemloft.net>
* | [SCTP]: make 2 functions staticAdrian Bunk2006-12-222-4/+4
| | | | | | | | | | | | | | | | | | | | This patch makes the following needlessly global functions static: - ipv6.c: sctp_inet6addr_event() - protocol.c: sctp_inetaddr_event() Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [SCTP]: Fix typo adaption -> adaptation as per the latest API draft.Ivan Skytte Jorgensen2006-12-224-55/+55
| | | | | | | | | | | | Signed-off-by: Ivan Skytte Jorgensen <isj-sctp@i1.dk> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | NetLabel: correctly fill in unused CIPSOv4 level and category mappingsPaul Moore2006-12-221-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | Back when the original NetLabel patches were being changed to use Netlink attributes correctly some code was accidentially dropped which set all of the undefined CIPSOv4 level and category mappings to a sentinel value. The result is the mappings data in the kernel contains bogus mappings which always map to zero. This patch restores the old/correct behavior by initializing the mapping data to the correct sentinel value. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
* | NetLabel: perform input validation earlier on CIPSOv4 DOI add opsPaul Moore2006-12-221-11/+17
| | | | | | | | | | | | | | | | | | | | | | There are a couple of cases where the user input for a CIPSOv4 DOI add operation was not being done soon enough; the result was unexpected behavior which was resulting in oops/panics/lockups on some platforms. This patch moves the existing input validation code earlier in the code path to protect against bogus user input. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
* | [PATCH] gss_spkm3: fix error handling in module initAkinobu Mita2006-12-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Return error and prevent from loading module when gss_mech_register() failed. Cc: Andy Adamson <andros@citi.umich.edu> Cc: J. Bruce Fields <bfields@citi.umich.edu> Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* | [IPV4]: Fix BUG of ip_rt_send_redirect()Li Yewang2006-12-181-1/+2
| | | | | | | | | | | | | | Fix the redirect packet of the router if the jiffies wraparound. Signed-off-by: Li Yewang <lyw@nanjing-fnst.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TCP]: Trivial fix to message in tcp_v4_inbound_md5_hashLeigh Brown2006-12-171-1/+1
| | | | | | | | | | | | | | | | The message logged in tcp_v4_inbound_md5_hash when the hash was expected but not found was reversed. Signed-off-by: Leigh Brown <leigh@solinno.co.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TCP]: Fix oops caused by tcp_v4_md5_do_delLeigh Brown2006-12-171-0/+1
| | | | | | | | | | | | | | | | | | md5sig_info.alloced4 must be set to zero when freeing keys4, otherwise it will not be alloc'd again when another key is added to the same socket by tcp_v4_md5_do_add. Signed-off-by: Leigh Brown <leigh@solinno.co.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER] IPV6: Fix dependencies.David S. Miller2006-12-171-2/+3
| | | | | | | | | | | | | | | | | | | | | | Although the menu dependencies in net/ipv6/netfilter/Kconfig guard the entries in that file from the Kconfig GUI, this does not prevent them from being selected still via "make oldconfig" when IPV6 etc. is disabled. So add explicit dependencies. Signed-off-by: David S. Miller <davem@davemloft.net>
* | [AX.25]: Fix unchecked rose_add_loopback_neigh usesRalf Baechle2006-12-172-26/+24
| | | | | | | | | | | | | | | | | | rose_add_loopback_neigh uses kmalloc and the callers were ignoring the error value. Rewrite to let the caller deal with the allocation. This allows the use of static allocation of kmalloc use entirely. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [AX.25]: Fix unchecked rose_add_loopback_node usesRalf Baechle2006-12-171-4/+18
| | | | | | | | | | Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [AX.25]: Fix unchecked ax25_linkfail_register usesRalf Baechle2006-12-173-50/+21
| | | | | | | | | | | | | | | | | | ax25_linkfail_register uses kmalloc and the callers were ignoring the error value. Rewrite to let the caller deal with the allocation. This allows the use of static allocation of kmalloc use entirely. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [AX.25]: Fix unchecked nr_add_node uses.Ralf Baechle2006-12-171-3/+8
| | | | | | | | | | Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [AX.25]: Fix unchecked ax25_listen_register usesRalf Baechle2006-12-173-10/+24
| | | | | | | | | | | | | | | | Fix ax25_listen_register to return something that's a sane error code, then all callers to use it. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [AX.25]: Fix unchecked ax25_protocol_register uses.Ralf Baechle2006-12-173-31/+24
| | | | | | | | | | | | | | | | | | Replace ax25_protocol_register by ax25_register_pid which assumes the caller has done the memory allocation. This allows replacing the kmalloc allocations entirely by static allocations. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [AX.25]: Mark all kmalloc users __must_checkRalf Baechle2006-12-174-7/+9
|/ | | | | | | | | | The recent fix 0506d4068bad834aab1141b5dc5e748eb175c6b3 made obvious that error values were not being propagated through the AX.25 stack. To help with that this patch marks all kmalloc users in the AX.25, NETROM and ROSE stacks as __must_check. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: bridge-netfilter: remove deferred hooksPatrick McHardy2006-12-132-180/+20
| | | | | | | | Remove the deferred hooks and all related code as scheduled in feature-removal-schedule. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Make fib6_node subtree depend on IPV6_SUBTREESKim Nordlund2006-12-131-1/+1
| | | | | | | Make fib6_node 'subtree' depend on IPV6_SUBTREES. Signed-off-by: Kim Nordlund <kim.nordlund@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Add support for SCTP_CONTEXT socket option.Ivan Skytte Jorgensen2006-12-133-1/+88
| | | | | | Signed-off-by: Ivan Skytte Jorgensen <isj-sctp@i1.dk> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Enable auto loading of SCTP when creating an ipv6 SCTP socket.Sridhar Samudrala2006-12-131-0/+1
| | | | | Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Handle address add/delete events in a more efficient way.Sridhar Samudrala2006-12-133-62/+79
| | | | | | | | | | | | | | | | Currently in SCTP, we maintain a local address list by rebuilding the whole list from the device list whenever we get a address add/delete event. This patch fixes it by only adding/deleting the address for which we receive the event. Also removed the sctp_local_addr_lock() which is no longer needed as we now use list_for_each_safe() to traverse this list. This fixes the bugs in sctp_copy_laddrs_xxx() routines where we do copy_to_user() while holding this lock. Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Fix oops caused by __tcp_put_md5sig_pool()David S. Miller2006-12-131-2/+3
| | | | | | | It should call tcp_free_md5sig_pool() not __tcp_free_md5sig_pool() so that it does proper refcounting. Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Fix IPV6_UNICAST_HOPS getsockopt().Brian Haley2006-12-131-4/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | > Relevant standard (RFC 3493) notes: > > The IPV6_UNICAST_HOPS option may be used with getsockopt() to > determine the hop limit value that the system will use for subsequent > unicast packets sent via that socket. > > I don't reckon -1 could be the hop limit value. -1 means un-initialized. > IMHO, the value from > case 1 (if socket is connected to some destination), otherwise case 2 > (if bound to a scope interface) or ultimately the default hop limit > ought to be returned instead, as it will be most often correct, while > the current behavior is always wrong, unless setsockopt() has been used > first. I don't if some people may think doing a route lookup in > getsockopt might be overly expensive, but at least the two other cases > should be ok, particularly the last one. The following patch seems to work for me, but this code has behaved this way for a while, so don't know if it will break any existing apps. Signed-off-by: Brian Haley <brian.haley@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP] ccid3: return value in ccid3_hc_rx_calc_first_liIan McDonald2006-12-131-3/+3
| | | | | | | | | | | | In a recent patch we introduced invalid return codes which will result in the opposite of what is intended (i.e. send more packets in face of peculiar network conditions). This fixes it by returning ~0 which means not calculated as per dccp_li_hist_calc_i_mean. Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [NETFILTER]: {ip,ip6,arp}_tables: fix exponential worst-case search for loopsAl Viro2006-12-133-6/+9
| | | | | | | | | | | | | | | If we come to node we'd already marked as seen and it's not a part of path (i.e. we don't have a loop right there), we already know that it isn't a part of any loop, so we don't need to revisit it. That speeds the things up if some chain is refered to from several places and kills O(exp(table size)) worst-case behaviour (without sleeping, at that, so if you manage to self-LART that way, you are SOL for a long time)... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: ip_tables: ipt and ipt_compat checks unificationDmitry Mishin2006-12-131-97/+79
| | | | | | | | | Matches and targets verification is duplicated in normal and compat processing ways. This patch refactors code in order to remove this. Signed-off-by: Dmitry Mishin <dim@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: x_tables: add missing try to load conntrack from match/targetsYasuyuki Kozakai2006-12-134-2/+48
| | | | | | | | | CLUSTERIP, CONNMARK, CONNSECMARK, and connbytes need ip_conntrack or layer 3 protocol module of nf_conntrack. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
OpenPOWER on IntegriCloud