11 Oct, 2011
1 commit
-
ipv6_gro_receive() doesn't update the protocol ops after pulling
the ext headers. It looks like a typo.Signed-off-by: Zheng Yan
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller
05 Oct, 2011
1 commit
-
tcp_v4_clear_md5_list() assumes that multiple tcp md5sig peers
only hold one reference to md5sig_pool. but tcp_v4_md5_do_add()
increases use count of md5sig_pool for each peer. This patch
makes tcp_v4_md5_do_add() only increases use count for the first
tcp md5sig peer.Signed-off-by: Zheng Yan
Signed-off-by: David S. Miller
29 Sep, 2011
1 commit
-
ipv6_ac_list and ipv6_fl_list from listening socket are inadvertently
shared with new socket created for connection.Signed-off-by: Zheng Yan
Signed-off-by: David S. Miller
28 Sep, 2011
3 commits
-
If reg_vif_xmit cannot find a routing entry, be sure to
free the skb before returning the error.Signed-off-by: Ben Greear
Signed-off-by: David S. Miller -
return value of dst_alloc must be checked before use
Signed-off-by: Madalin Bucur
Signed-off-by: David S. Miller -
Have to free the skb before returning if we fail
the fib lookup.Signed-off-by: Ben Greear
Signed-off-by: David S. Miller
21 Sep, 2011
1 commit
-
When calling snmp6_alloc_dev fails, the snmp6 relevant memory
are freed by snmp6_alloc_dev. Calling in6_dev_finish_destroy
will free these memory twice.Double free will lead that undefined behavior occurs.
Signed-off-by: Roy Li
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller
17 Sep, 2011
1 commit
-
Current IPv6 implementation uses inetpeer to store metrics for
routes. The problem of inetpeer is that it doesn't take subnet
prefix length in to consideration. If two routes have the same
address but different prefix length, they share same inetpeer.
So changing metrics of one route also affects the other. The
fix is to allocate separate metrics storage for each route.Signed-off-by: Zheng Yan
Signed-off-by: David S. Miller
16 Sep, 2011
2 commits
-
"Possible SYN flooding on port xxxx " messages can fill logs on servers.
Change logic to log the message only once per listener, and add two new
SNMP counters to track :TCPReqQFullDoCookies : number of times a SYNCOOKIE was replied to client
TCPReqQFullDrop : number of times a SYN request was dropped because
syncookies were not enabled.Based on a prior patch from Tom Herbert, and suggestions from David.
Signed-off-by: Eric Dumazet
CC: Tom Herbert
Signed-off-by: David S. Miller
31 Aug, 2011
2 commits
-
Allow transparent sockets to be less restrictive about
the source ip of ipv6 udp packets being sent.Google-Bug-Id: 5018138
Signed-off-by: Maciej Żenczykowski
CC: "Erik Kline"
CC: "Lorenzo Colitti"
Signed-off-by: David S. Miller
30 Aug, 2011
1 commit
-
A userspace listener may send (bogus) NF_STOLEN verdict, which causes skb leak.
This problem was previously fixed via
64507fdbc29c3a622180378210ecea8659b14e40 (netfilter:
nf_queue: fix NF_STOLEN skb leak) but this had to be reverted because
NF_STOLEN can also be returned by a netfilter hook when iterating the
rules in nf_reinject.Reject userspace NF_STOLEN verdict, as suggested by Michal Miroslaw.
This is complementary to commit fad54440438a7c231a6ae347738423cbabc936d9
(netfilter: avoid double free in nf_reinject).Cc: Julian Anastasov
Cc: Eric Dumazet
Signed-off-by: Florian Westphal
Signed-off-by: Patrick McHardy
25 Aug, 2011
1 commit
-
Should check use count of include mode filter instead of total number
of include mode filters.Signed-off-by: Zheng Yan
Signed-off-by: David S. Miller
19 Aug, 2011
1 commit
-
IPV6_2292PKTOPTIONS is broken for 32-bit applications running
in COMPAT mode on 64-bit kernels.The same problem was fixed for IPv4 with the patch:
ipv4: Fix ip_getsockopt for IP_PKTOPTIONS,
commit dd23198e58cd35259dd09e8892bbdb90f1d57748Signed-off-by: Sorin Dumitru
Signed-off-by: Daniel Baluta
Signed-off-by: David S. Miller
17 Aug, 2011
1 commit
-
sit tunnels (IPv6 tunnel over IPv4) do not implement the "tos inherit"
case to copy the IPv6 transport class byte from the inner packet to
the IPv4 type of service byte in the outer packet. By contrast, ipip
tunnels and GRE tunnels do.This patch, adapted from the similar code in net/ipv4/ipip.c and
net/ipv4/ip_gre.c, implements that.This patch applies to 3.0.1, and has been tested on that version.
Signed-off-by: Lionel Elie Mamane
Signed-off-by: David S. Miller
11 Aug, 2011
1 commit
-
Using a gcc 4.4.3, warnings are emitted for a possibly uninitialized use
of ecn_ok.This can happen if cookie_check_timestamp() returns due to not having
seen a timestamp. Defaulting to ecn off seems like a reasonable thing
to do in this case, so initialized ecn_ok to false.Signed-off-by: Mike Waychison
Signed-off-by: David S. Miller
07 Aug, 2011
1 commit
-
Computers have become a lot faster since we compromised on the
partial MD4 hash which we use currently for performance reasons.MD5 is a much safer choice, and is inline with both RFC1948 and
other ISS generators (OpenBSD, Solaris, etc.)Furthermore, only having 24-bits of the sequence number be truly
unpredictable is a very serious limitation. So the periodic
regeneration and 8-bit counter have been removed. We compute and
use a full 32-bit sequence number.For ipv6, DCCP was found to use a 32-bit truncated initial sequence
number (it needs 43-bits) and that is fixed here as well.Reported-by: Dan Kaminsky
Tested-by: Willy Tarreau
Signed-off-by: David S. Miller
05 Aug, 2011
1 commit
-
When support for binding to 'mapped INADDR_ANY (::ffff.0.0.0.0)' was added
in 0f8d3c7ac3693d7b6c731bf2159273a59bf70e12 the rest of the code
wasn't told so now it's possible to bind IPv6 datagram socket to
::ffff.0.0.0.0, connect it to another IPv4 address and it will all
work except for getsockhame() which does not return the local address
as expected.To give getsockname() something to work with check for 'mapped INADDR_ANY'
when connecting and update the in-core source addresses appropriately.Signed-off-by: Max Matveev
Signed-off-by: David S. Miller
03 Aug, 2011
1 commit
-
Gergely Kalman reported crashes in check_peer_redir().
It appears commit f39925dbde778 (ipv4: Cache learned redirect
information in inetpeer.) added a race, leading to possible NULL ptr
dereference.Since we can now change dst neighbour, we should make sure a reader can
safely use a neighbour.Add RCU protection to dst neighbour, and make sure check_peer_redir()
can be called safely by different cpus in parallel.As neighbours are already freed after one RCU grace period, this patch
should not add typical RCU penalty (cache cold effects)Many thanks to Gergely for providing a pretty report pointing to the
bug.Reported-by: Gergely Kalman
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
29 Jul, 2011
1 commit
-
ipq_build_packet_message() in net/ipv4/netfilter/ip_queue.c and
net/ipv6/netfilter/ip6_queue.c contain a small potential mem leak as
far as I can tell.We allocate memory for 'skb' with alloc_skb() annd then call
nlh = NLMSG_PUT(skb, 0, 0, IPQM_PACKET, size - sizeof(*nlh));NLMSG_PUT is a macro
NLMSG_PUT(skb, pid, seq, type, len) \
NLMSG_NEW(skb, pid, seq, type, len, 0)that expands to NLMSG_NEW, which is also a macro which expands to:
NLMSG_NEW(skb, pid, seq, type, len, flags) \
({ if (unlikely(skb_tailroom(skb) < (int)NLMSG_SPACE(len))) \
goto nlmsg_failure; \
__nlmsg_put(skb, pid, seq, type, len, flags); })If we take the true branch of the 'if' statement and 'goto
nlmsg_failure', then we'll, at that point, return from
ipq_build_packet_message() without having assigned 'skb' to anything
and we'll leak the memory we allocated for it when it goes out of
scope.Fix this by placing a 'kfree(skb)' at 'nlmsg_failure'.
I admit that I do not know how likely this to actually happen or even
if there's something that guarantees that it will never happen - I'm
not that familiar with this code, but if that is so, I've not been
able to spot it.Signed-off-by: Jesper Juhl
Signed-off-by: Patrick McHardy
28 Jul, 2011
1 commit
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (32 commits)
tg3: Remove 5719 jumbo frames and TSO blocks
tg3: Break larger frags into 4k chunks for 5719
tg3: Add tx BD budgeting code
tg3: Consolidate code that calls tg3_tx_set_bd()
tg3: Add partial fragment unmapping code
tg3: Generalize tg3_skb_error_unmap()
tg3: Remove short DMA check for 1st fragment
tg3: Simplify tx bd assignments
tg3: Reintroduce tg3_tx_ring_info
ASIX: Use only 11 bits of header for data size
ASIX: Simplify condition in rx_fixup()
Fix cdc-phonet build
bonding: reduce noise during init
bonding: fix string comparison errors
net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared
net: add IFF_SKB_TX_SHARED flag to priv_flags
net: sock_sendmsg_nosec() is static
forcedeth: fix vlans
gianfar: fix bug caused by 87c288c6e9aa31720b72e2bc2d665e24e1653c3e
gro: Only reset frag0 when skb can be pulled
...
27 Jul, 2011
1 commit
-
This allows us to move duplicated code in
(atomic_inc_not_zero() for now) toSigned-off-by: Arun Sharma
Reviewed-by: Eric Dumazet
Cc: Ingo Molnar
Cc: David Miller
Cc: Eric Dumazet
Acked-by: Mike Frysinger
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
26 Jul, 2011
1 commit
-
Original commit 2bda8a0c8af... "Disable router anycast
address for /127 prefixes" says:| No need for matching code in addrconf_leave_anycast() as it
| will silently ignore any attempt to leave an unknown anycast
| address.After analysis, because 1) we may add two or more prefixes on the
same interface, or 2)user may have manually joined that anycast,
we may hit chances to have anycast address which as if we had
generated one by /127 prefix and we should not leave from subnet-
router anycast address unconditionally.CC: Bjørn Mork
CC: Brian Haley
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
22 Jul, 2011
2 commits
-
IPv6 fragment identification generation is way beyond what we use for
IPv4 : It uses a single generator. Its not scalable and allows DOS
attacks.Now inetpeer is IPv6 aware, we can use it to provide a more secure and
scalable frag ident generator (per destination, instead of system wide)This patch :
1) defines a new secure_ipv6_id() helper
2) extends inet_getid() to provide 32bit results
3) extends ipv6_select_ident() with a new dest parameterReported-by: Fernando Gont
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
We currently cow metrics a bit too soon in IPv6 case : All routes are
tied to a single inetpeer entry.Change ip6_rt_copy() to get destination address as second argument, so
that we fill rt6i_dst before the dst_copy_metrics() call.icmp6_dst_alloc() must set rt6i_dst before calling dst_metric_set(), or
else the cow is done while rt6i_dst is still NULL.If orig route points to readonly metrics, we can share the pointer
instead of performing the memory allocation and copy.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
18 Jul, 2011
4 commits
-
In the future dst entries will be neigh-less. In that environment we
need to have an easy transition point for current users of
dst->neighbour outside of the packet output fast path.Signed-off-by: David S. Miller
-
dst_{get,set}_neighbour()
Signed-off-by: David S. Miller
-
It just makes it harder to see 1) what the code is doing
and 2) grep for all users of dst{->,.}neighbourSigned-off-by: David S. Miller
-
This will get us closer to being able to do "neigh stuff"
completely independent of the underlying dst_entry for
protocols (ipv4/ipv6) that wish to do so.We will also be able to make dst entries neigh-less.
Signed-off-by: David S. Miller
17 Jul, 2011
4 commits
-
It is always dev_queue_xmit().
Signed-off-by: David S. Miller
-
It's always dev_queue_xmit().
Signed-off-by: David S. Miller
-
Signed-off-by: David S. Miller
-
Signed-off-by: David S. Miller
14 Jul, 2011
1 commit
-
Now that there is a one-to-one correspondance between neighbour
and hh_cache entries, we no longer need:1) dynamic allocation
2) attachment to dst->hh
3) refcountingInitialization of the hh_cache entry is indicated by hh_len
being non-zero, and such initialization is always done with
the neighbour's lock held as a writer.Signed-off-by: David S. Miller
07 Jul, 2011
1 commit
-
RFC 6164 requires that routers MUST disable Subnet-Router anycast
for the prefix when /127 prefixes are used.No need for matching code in addrconf_leave_anycast() as it
will silently ignore any attempt to leave an unknown anycast
address.Signed-off-by: Bjørn Mork
Signed-off-by: David S. Miller
06 Jul, 2011
1 commit
05 Jul, 2011
1 commit
-
Hi,
Reinhard Max also pointed out that the error should EAFNOSUPPORT according
to POSIX.The Linux manpages have it as EINVAL, some other OSes (Minix, HPUX, perhaps BSD) use
EAFNOSUPPORT. Windows uses WSAEFAULT according to MSDN.Other protocols error values in their af bind() methods in current mainline git as far
as a brief look shows:
EAFNOSUPPORT: atm, appletalk, l2tp, llc, phonet, rxrpc
EINVAL: ax25, bluetooth, decnet, econet, ieee802154, iucv, netlink, netrom, packet, rds, rose, unix, x25,
No check?: can/raw, ipv6/raw, irda, l2tp/l2tp_ipCiao, Marcus
Signed-off-by: Marcus Meissner
Cc: Reinhard Max
Signed-off-by: David S. Miller
02 Jul, 2011
2 commits
-
IPV6, unlike IPV4, doesn't have a routing cache.
Routing table entries, as well as clones made in response
to route lookup requests, all live in the same table. And
all of these things are together collected in the destination
cache table for ipv6.This means that routing table entries count against the garbage
collection limits, even though such entries cannot ever be reclaimed
and are added explicitly by the administrator (rather than being
created in response to lookups).Therefore it makes no sense to count ipv6 routing table entries
against the GC limits.Add a DST_NOCOUNT destination cache entry flag, and skip the counting
if it is set. Use this flag bit in ipv6 when adding routing table
entries.Signed-off-by: David S. Miller
-
This blows away any flags already set in the entry.
Signed-off-by: David S. Miller