02 Mar, 2010
1 commit
-
Fix the following build error when IGMP_SNOOPING is not enabled.
In file included from net/bridge/br.c:24:
net/bridge/br_private.h: In function 'br_multicast_is_router':
net/bridge/br_private.h:361: error: 'struct net_bridge' has no member named 'multicast_router'
net/bridge/br_private.h:362: error: 'struct net_bridge' has no member named 'multicast_router'
net/bridge/br_private.h:363: error: 'struct net_bridge' has no member named 'multicast_router_timer'Signed-off-by: Sridhar Samudrala
Acked-by: Randy Dunlap
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
28 Feb, 2010
14 commits
-
Signed-off-by: David S. Miller
-
This patch allows the user to the IGMP parameters related to the
snooping function of the bridge. This includes various time
values and retransmission limits.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch allows the user to control the hash elasticity/max
parameters. The elasticity setting does not take effect until
the next new multicast group is added. At which point it is
checked and if after rehashing it still can't be satisfied then
snooping will be disabled.The max setting on the other hand takes effect immediately. It
must be a power of two and cannot be set to a value less than the
current number of multicast group entries. This is the only way
to shrink the multicast hash.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch allows the user to disable IGMP snooping completely
through a sysfs toggle. It also allows the user to reenable
snooping when it has been automatically disabled due to hash
collisions. If the collisions have not been resolved however
the system will refuse to reenable snooping.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch allows the user to forcibly enable/disable ports as
having multicast routers attached. A port with a multicast router
will receive all multicast traffic.The value 0 disables it completely. The default is 1 which lets
the system automatically detect the presence of routers (currently
this is limited to picking up queries), and 2 means that the port
will always receive all multicast traffic.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch finally hooks up the multicast snooping module to the
data path. In particular, all multicast packets passing through
the bridge are fed into the module and switched by it.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch hooks up the bridge start/stop and add/delete/disable
port functions to the new multicast module.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch adds code to perform selective multicast forwarding.
We forward multicast traffic to a set of ports plus all multicast
router ports. In order to avoid duplications among these two
sets of ports, we order all ports by the numeric value of their
pointers. The two lists are then walked in lock-step to eliminate
duplicates.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch adds the core functionality of IGMP snooping support
without actually hooking it up. So this patch should be a no-op
as far as the bridge's external behaviour is concerned.All the new code and data is controlled by the Kconfig option
BRIDGE_IGMP_SNOOPING. A run-time toggle is also available.The multicast switching is done using an hash table that is
lockless on the read-side through RCU. On the write-side the
new multicast_lock is used for all operations. The hash table
supports dynamic growth/rehashing.The hash table will be rehashed if any chain length exceeds a
preset limit. If rehashing does not reduce the maximum chain
length then snooping will be disabled.These features may be added in future (in no particular order):
* IGMPv3 source support
* Non-querier router detection
* IPv6Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch moves the main loop body in br_flood into the function
may_deliver. The code that clones an skb and delivers it is moved
into the deliver_clone function.This allows this to be reused by the future multicast forward
function.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
this patch makes BR_INPUT_SKB_CB available on the xmit path so
that we could avoid passing the br pointer around for the purpose
of collecting device statistics.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
When the packet is delivered to the local bridge device we may
end up cloning it unnecessarily if no bridge port can receive
the packet in br_flood.This patch avoids this by moving the skb_clone into br_flood.
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch allows tail-call on the call to br_pass_frame_up
in br_handle_frame_finish. This is now possible because of the
previous patch to call br_pass_frame_up last.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
At the moment we deliver to the local bridge port via the function
br_pass_frame_up before all other ports. There is no requirement
for this.For the purpose of IGMP snooping, it would be more convenient if
we did the local port last. Therefore this patch rearranges the
bridge input processing so that the local bridge port gets to see
the packet last (if at all).Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
17 Feb, 2010
7 commits
-
Add the required handlers to convert 32 bit
ebtables mark match and match target structs to 64bit layout.Signed-off-by: Florian Westphal
-
ebt_limit structure is larger on 64 bit systems due
to "long" type used in the (kernel-only) data section.Setting .compatsize is enough in this case, these values
have no meaning in userspace.Signed-off-by: Florian Westphal
-
ebtables can be compiled to perform userspace-side padding of
structures. In that case, all the structures are already in the
'native' format expected by the kernel.This tries to determine what format the userspace program is
using.For most set/getsockopts, this can be done by checking
the len argument for sizeof(compat_ebt_replace) and
re-trying the native handler on error.In case of EBT_SO_GET_ENTRIES, the native handler is tried first,
it will error out early when checking the *len argument
(the compat version has to defer this check until after
iterating over the kernel data set once, to adjust for all
the structure size differences).As this would cause error printks, remove those as well, as
recommended by Bart de Schuymer.Signed-off-by: Florian Westphal
-
Main code for 32 bit userland ebtables binary with 64 bit kernels
support.Tested on x86_64 kernel only, using 64bit ebtables binary
for output comparision.At least ebt_mark, m_mark and ebt_limit need CONFIG_COMPAT hooks, too.
remaining problem:
The ebtables userland makefile has:
ifeq ($(shell uname -m),sparc64)
CFLAGS+=-DEBT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32
endifstruct ebt_replace, ebt_entry_match etc. then contain userland-side
padding, i.e. even if we are called from a 32 bit userland, the
structures may already be in the right format.This problem is addressed in a follow-up patch.
Signed-off-by: Florian Westphal
-
allows to call do_update_counters() from upcoming CONFIG_COMPAT
code instead of copy&pasting the same code.Signed-off-by: Florian Westphal
-
once CONFIG_COMPAT support is added to ebtables, the new
copy_counters_to_user function can be called instead of duplicating
code.Also remove last use of MEMPRINT, as requested by Bart De Schuymer.
Signed-off-by: Florian Westphal
-
once CONFIG_COMPAT support is merged this allows
to call do_replace_finish() after doing the CONFIG_COMPAT conversion
instead of copy & pasting this.Signed-off-by: Florian Westphal
16 Feb, 2010
2 commits
-
This will cause trouble once CONFIG_COMPAT support is added to ebtables.
xt_compat_*_offset() calculate the kernel/userland structure size delta
using:XT_ALIGN(size) - COMPAT_XT_ALIGN(size)
If the match/target sizes are aligned at registration time,
delta is always zero.Should have zero effect for existing systems: xtables uses
XT_ALIGN() whenever it deals with match/target sizes.Signed-off-by: Florian Westphal
Signed-off-by: Patrick McHardy -
next_offset must be > 0, otherwise this loops forever.
The offset also contains the size of the ebt_entry structure
itself, so anything smaller is invalid.Signed-off-by: Florian Westphal
Signed-off-by: Patrick McHardy
15 Feb, 2010
1 commit
-
This should make it easier to remove redundant arguments later.
Signed-off-by: Jan Engelhardt
10 Feb, 2010
1 commit
-
Signed-off-by: Patrick McHardy
05 Feb, 2010
1 commit
-
This patch removes the unused age_list member from the net_bridge
structure.Signed-off-by: Herbert Xu
Acked-by: Stephen Hemminger
Signed-off-by: David S. Miller
03 Feb, 2010
1 commit
-
Signed-off-by: Patrick McHardy
18 Jan, 2010
3 commits
-
Add ->net to match destructor list like ->net in constructor list.
Make sure it's set in ebtables/iptables/ip6tables, this requires to
propagate netns up to *_unregister_table().Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Some complex match modules (like xt_hashlimit/xt_recent) want netns
information at constructor and destructor time. We propably can play
games at match destruction time, because netns can be passed in object,
but I think it's cleaner to explicitly pass netns.Add ->net, make sure it's set from ebtables/iptables/ip6tables code.
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
__net_init/__net_exit are apparently not going away, so use them
to full extent.In some cases __net_init was removed, because it was called from
__net_exit code.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
09 Jan, 2010
1 commit
-
normal users are currently allowed to set/modify ebtables rules.
Restrict it to processes with CAP_NET_ADMIN.Note that this cannot be reproduced with unmodified ebtables binary
because it uses SOCK_RAW.Signed-off-by: Florian Westphal
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy
08 Dec, 2009
1 commit
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1815 commits)
mac80211: fix reorder buffer release
iwmc3200wifi: Enable wimax core through module parameter
iwmc3200wifi: Add wifi-wimax coexistence mode as a module parameter
iwmc3200wifi: Coex table command does not expect a response
iwmc3200wifi: Update wiwi priority table
iwlwifi: driver version track kernel version
iwlwifi: indicate uCode type when fail dump error/event log
iwl3945: remove duplicated event logging code
b43: fix two warnings
ipw2100: fix rebooting hang with driver loaded
cfg80211: indent regulatory messages with spaces
iwmc3200wifi: fix NULL pointer dereference in pmkid update
mac80211: Fix TX status reporting for injected data frames
ath9k: enable 2GHz band only if the device supports it
airo: Fix integer overflow warning
rt2x00: Fix padding bug on L2PAD devices.
WE: Fix set events not propagated
b43legacy: avoid PPC fault during resume
b43: avoid PPC fault during resume
tcp: fix a timewait refcnt race
...Fix up conflicts due to sysctl cleanups (dead sysctl_check code and
CTL_UNNUMBERED removed) in
kernel/sysctl_check.c
net/ipv4/sysctl_net_ipv4.c
net/ipv6/addrconf.c
net/sctp/sysctl.c
30 Nov, 2009
1 commit
-
Not including net/atm/
Compiled tested x86 allyesconfig only
Added a > 80 column line or two, which I ignored.
Existing checkpatch plaints willfully, cheerfully ignored.Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
20 Nov, 2009
1 commit
-
A number of people have tried to add a wireless interface
(in managed mode) to a bridge and then complained that it
doesn't work. It cannot work, however, because in 802.11
networks all packets need to be acknowledged and as such
need to be sent to the right address. Promiscuous doesn't
help here. The wireless address format used for these
links has only space for three addresses, the
* transmitter, which must be equal to the sender (origin)
* receiver (on the wireless medium), which is the AP in
the case of managed mode
* the recipient (destination), which is on the APs local
network segmentIn an IBSS, it is similar, but the receiver and recipient
must match and the third address is used as the BSSID.To avoid such mistakes in the future, disallow adding a
wireless interface to a bridge.Felix has recently added a four-address mode to the AP
and client side that can be used (after negotiating that
it is possible, which must happen out-of-band by setting
up both sides) for bridging, so allow that case.Signed-off-by: Johannes Berg
Acked-by: Stephen Hemminger
Signed-off-by: John W. Linville
17 Nov, 2009
1 commit
-
Resolve the conflict between v2.6.32-rc7 where dn_def_dev_handler
gets a small bug fix and the sysctl tree where I am removing all
sysctl strategy routines.
12 Nov, 2009
1 commit
-
Now that sys_sysctl is a compatiblity wrapper around /proc/sys
all sysctl strategy routines, and all ctl_name and strategy
entries in the sysctl tables are unused, and can be
revmoed.In addition neigh_sysctl_register has been modified to no longer
take a strategy argument and it's callers have been modified not
to pass one.Cc: "David Miller"
Cc: Hideaki YOSHIFUJI
Cc: netdev@vger.kernel.org
Signed-off-by: Eric W. Biederman
06 Nov, 2009
3 commits
-
Conflicts:
drivers/net/usb/cdc_ether.cAll CDC ethernet devices of type USB_CLASS_COMM need to use
'&mbm_info'.Signed-off-by: David S. Miller
-
add_del_if() is called with RTNL, we can use __dev_get_by_index()
instead of [dev_get_by_index() + dev_put()]Signed-off-by: Eric Dumazet
Acked-by: Stephen Hemminger
Signed-off-by: David S. Miller -
The bridge code assumes ethernet addressing, so be more strict in
the what is allowed. This showed up when GRE had a bug and was not
using correct address format.Add some more comments for increased clarity.
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
