24 Dec, 2011
1 commit
-
Conflicts:
net/bluetooth/l2cap_core.cJust two overlapping changes, one added an initialization of
a local variable, and another change added a new local variable.Signed-off-by: David S. Miller
20 Dec, 2011
2 commits
-
module_param(bool) used to counter-intuitively take an int. In
fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy
trick.It's time to remove the int/unsigned int option. For this version
it'll simply give a warning, but it'll break next kernel version.(Thanks to Joe Perches for suggesting coccinelle for 0/1 -> true/false).
Cc: "David S. Miller"
Cc: netdev@vger.kernel.org
Signed-off-by: Rusty Russell
Signed-off-by: David S. Miller -
Commit 8ffd3208 voids the previous patches f6778aab and 810c0719 for
limiting the autoclose value. If userspace passes in -1 on 32-bit
platform, the overflow check didn't work and autoclose would be set
to 0xffffffff.This patch defines a max_autoclose (in seconds) for limiting the value
and exposes it through sysctl, with the following intentions.1) Avoid overflowing autoclose * HZ.
2) Keep the default autoclose bound consistent across 32- and 64-bit
platforms (INT_MAX / HZ in this patch).3) Keep the autoclose value consistent between setsockopt() and
getsockopt() calls.Suggested-by: Vlad Yasevich
Signed-off-by: Xi Wang
Signed-off-by: David S. Miller
12 Dec, 2011
1 commit
-
Instead of testing defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
09 Nov, 2011
1 commit
-
Fast retransmission after changing the last address
with ASCONF negotiationSigned-off-by: Michio Honda
Signed-off-by: David S. Miller
25 Aug, 2011
1 commit
-
With this patch a HEARTBEAT chunk is bundled into the ASCONF-ACK
for ADD IP ADDRESS, confirming the new destination as quickly as
possible.Signed-off-by: Michio Honda
Signed-off-by: David S. Miller
27 Jul, 2011
1 commit
-
This allows us to move duplicated code in
(atomic_inc_not_zero() for now) toSigned-off-by: Arun Sharma
Reviewed-by: Eric Dumazet
Cc: Ingo Molnar
Cc: David Miller
Cc: Eric Dumazet
Acked-by: Mike Frysinger
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
02 Jun, 2011
2 commits
-
In this case, the SCTP association transmits an ASCONF packet
including addition of the new IP address and deletion of the old
address. This patch implements this functionality.
In this case, the ASCONF chunk is added to the beginning of the
queue, because the other chunks cannot be transmitted in this state.Signed-off-by: Michio Honda
Signed-off-by: YOSHIFUJI Hideaki
Acked-by: Wei Yongjun
Signed-off-by: David S. Miller -
SCTP reconfigure the IP addresses in the association by using
ASCONF chunks as mentioned in RFC5061. For example, we can
start to use the newly configured IP address in the existing
association. This patch implements automatic ASCONF operation
in the SCTP stack with address events in the host computer,
which is called auto_asconf.Signed-off-by: Michio Honda
Signed-off-by: YOSHIFUJI Hideaki
Acked-by: Wei Yongjun
Signed-off-by: David S. Miller
01 Jun, 2011
1 commit
-
If the peer restart the asoc, we should not only fail any unsent/unacked
data, but also stop the T3-rtx, SACK, T4-rto timers, and teardown ASCONF
queues.Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller
09 May, 2011
1 commit
-
Several future simplifications are possible now because of this.
For example, the sctp_addr unions can simply refer directly to
the flowi information.Signed-off-by: David S. Miller
28 Apr, 2011
3 commits
-
Change the call to take the transport parameter and set the
cached 'dst' appropriately inside the get_dst() function calls.This will allow us in the future to clean up source address
storage as well.Signed-off-by: Vlad Yasevich
Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller -
There is no point in passing a destination address to
a get_saddr() call.Signed-off-by: Vlad Yasevich
Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller -
The ipv6 routing lookup does give us a source address,
but instead of filling it into the dst, it's stored in
the flowi. We can use that instead of going through the
entire source address selection again.
Also the useless ->dst_saddr member of sctp_pf is removed.
And sctp_v6_dst_saddr() is removed, instead by introduce
sctp_v6_to_addr(), which can be reused to cleanup some dup
code.Signed-off-by: Vlad Yasevich
Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller
20 Apr, 2011
1 commit
-
SCTP does not check whether the source address of COOKIE-ECHO
chunk is the original address of INIT chunk or part of the any
address parameters saved in COOKIE in CLOSED state. So even if
the COOKIE-ECHO chunk is from any address but with correct COOKIE,
the COOKIE-ECHO chunk still be accepted. If the COOKIE is not from
a valid address, the assoc should not be established.Signed-off-by: Wei Yongjun
Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller
02 Apr, 2011
1 commit
-
auth_hmacs field of struct sctp_cookie is used for store
Requested HMAC Algorithm Parameter, and each HMAC Identifier
is 2 bytes, so the length should be:
SCTP_AUTH_NUM_HMACS * sizeof(__u16) + 2Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller
30 Nov, 2010
1 commit
-
1. SCTP_CMD_NUM_VERBS,SCTP_CMD_MAX
These two macros have never been used for several years since v2.6.12-rc2.2.sctp_port_rover,sctp_port_alloc_lock
The commit 063930 abandoned global variables of port_rover and port_alloc_lock,
but still keep two macros to refer to them.
So, remove them now.commit 06393009000779b00a558fd2f280882cc7dc2008
Author: Stephen Hemminger
Date: Wed Oct 10 17:30:18 2007 -0700[SCTP]: port randomization
Signed-off-by: Shan Wei
Signed-off-by: David S. Miller
24 Sep, 2010
1 commit
-
Change "return (EXPR);" to "return EXPR;"
return is not a function, parentheses are not required.
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
03 Jun, 2010
1 commit
-
cleanup patch.
Use new __packed annotation in net/ and include/
(except netfilter)Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
26 May, 2010
1 commit
-
Sparse complains because these one-bit bitfields are signed.
include/net/sctp/structs.h:879:24: error: dubious one-bit signed bitfield
include/net/sctp/structs.h:889:31: error: dubious one-bit signed bitfield
include/net/sctp/structs.h:895:26: error: dubious one-bit signed bitfield
include/net/sctp/structs.h:898:31: error: dubious one-bit signed bitfield
include/net/sctp/structs.h:901:27: error: dubious one-bit signed bitfieldIt doesn't cause a problem in the current code, but it would be better
to clean it up. This was introduced by c0058a35aacc7: "sctp: Save some
room in the sctp_transport by using bitfields".Signed-off-by: Dan Carpenter
Signed-off-by: David S. Miller
12 May, 2010
1 commit
-
Conflicts:
Documentation/feature-removal-schedule.txt
drivers/net/wireless/ath/ar9170/usb.c
drivers/scsi/iscsi_tcp.c
net/ipv4/ipmr.c
06 May, 2010
1 commit
-
ICMP protocol unreachable handling completely disregarded
the fact that the user may have locked the socket. It proceeded
to destroy the association, even though the user may have
held the lock and had a ref on the association. This resulted
in the following:Attempt to release alive inet socket f6afcc00
=========================
[ BUG: held lock freed! ]
-------------------------
somenu/2672 is freeing memory f6afcc00-f6afcfff, with a lock still held
there!
(sk_lock-AF_INET){+.+.+.}, at: [] sctp_connect+0x13/0x4c
1 lock held by somenu/2672:
#0: (sk_lock-AF_INET){+.+.+.}, at: [] sctp_connect+0x13/0x4cstack backtrace:
Pid: 2672, comm: somenu Not tainted 2.6.32-telco #55
Call Trace:
[] ? printk+0xf/0x11
[] debug_check_no_locks_freed+0xce/0xff
[] kmem_cache_free+0x21/0x66
[] __sk_free+0x9d/0xab
[] sk_free+0x1c/0x1e
[] sctp_association_put+0x32/0x89
[] __sctp_connect+0x36d/0x3f4
[] ? sctp_connect+0x13/0x4c
[] ? autoremove_wake_function+0x0/0x33
[] sctp_connect+0x31/0x4c
[] inet_dgram_connect+0x4b/0x55
[] sys_connect+0x54/0x71
[] ? lock_release_non_nested+0x88/0x239
[] ? might_fault+0x42/0x7c
[] ? might_fault+0x42/0x7c
[] sys_socketcall+0x6d/0x178
[] ? trace_hardirqs_on_thunk+0xc/0x10
[] syscall_call+0x7/0xbThis was because the sctp_wait_for_connect() would aqcure the socket
lock and then proceed to release the last reference count on the
association, thus cause the fully destruction path to finish freeing
the socket.The simplest solution is to start a very short timer in case the socket
is owned by user. When the timer expires, we can do some verification
and be able to do the release properly.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller
04 May, 2010
1 commit
-
Add missing linux/vmalloc.h include to net/sctp/probe.c
Signed-off-by: David S. Miller
01 May, 2010
4 commits
-
When we create the sctp_datamsg and fragment the user data,
we know exactly if we are sending full segments or not and
how they might be bundled. During this time, we can mark
messages a Nagle capable or not. This makes the check at
transmit time much simpler.Signed-off-by: Vlad Yasevich
-
SCTP fast recovery algorithm really applies per association
and impacts all transports.Signed-off-by: Vlad Yasevich
-
Saves some room in the sctp_transport structure.
Signed-off-by: Vlad Yasevich
-
The 'resent' bit is used to make sure that we don't update
rto estimate based on retransmitted chunks. However, we already
have the 'rto_pending' bit that we test when need to update rto,
so 'resent' bit is just extra. Additionally, we currently have
a bug in that we always set a 'resent' bit and thus rto estimate
is only updated by Heartbeats.Signed-off-by: Vlad Yasevich
29 Apr, 2010
1 commit
-
Ok, version 4
Change Notes:
1) Minor cleanups, from Vlads notesSummary:
Hey-
Recently, it was reported to me that the kernel could oops in the
following way:kernel BUG at net/core/skbuff.c:91!
invalid operand: 0000 [#1]
Modules linked in: sctp netconsole nls_utf8 autofs4 sunrpc iptable_filter
ip_tables cpufreq_powersave parport_pc lp parport vmblock(U) vsock(U) vmci(U)
vmxnet(U) vmmemctl(U) vmhgfs(U) acpiphp dm_mirror dm_mod button battery ac md5
ipv6 uhci_hcd ehci_hcd snd_ens1371 snd_rawmidi snd_seq_device snd_pcm_oss
snd_mixer_oss snd_pcm snd_timer snd_page_alloc snd_ac97_codec snd soundcore
pcnet32 mii floppy ext3 jbd ata_piix libata mptscsih mptsas mptspi mptscsi
mptbase sd_mod scsi_mod
CPU: 0
EIP: 0060:[] Not tainted VLI
EFLAGS: 00010216 (2.6.9-89.0.25.EL)
EIP is at skb_over_panic+0x1f/0x2d
eax: 0000002c ebx: c033f461 ecx: c0357d96 edx: c040fd44
esi: c033f461 edi: df653280 ebp: 00000000 esp: c040fd40
ds: 007b es: 007b ss: 0068
Process swapper (pid: 0, threadinfo=c040f000 task=c0370be0)
Stack: c0357d96 e0c29478 00000084 00000004 c033f461 df653280 d7883180
e0c2947d
00000000 00000080 df653490 00000004 de4f1ac0 de4f1ac0 00000004
df653490
00000001 e0c2877a 08000800 de4f1ac0 df653490 00000000 e0c29d2e
00000004
Call Trace:
[] sctp_addto_chunk+0xb0/0x128 [sctp]
[] sctp_addto_chunk+0xb5/0x128 [sctp]
[] sctp_init_cause+0x3f/0x47 [sctp]
[] sctp_process_unk_param+0xac/0xb8 [sctp]
[] sctp_verify_init+0xcc/0x134 [sctp]
[] sctp_sf_do_5_1B_init+0x83/0x28e [sctp]
[] sctp_do_sm+0x41/0x77 [sctp]
[] cache_grow+0x140/0x233
[] sctp_endpoint_bh_rcv+0xc5/0x108 [sctp]
[] sctp_inq_push+0xe/0x10 [sctp]
[] sctp_rcv+0x454/0x509 [sctp]
[] ipt_hook+0x17/0x1c [iptable_filter]
[] nf_iterate+0x40/0x81
[] ip_local_deliver_finish+0x0/0x151
[] ip_local_deliver_finish+0xc6/0x151
[] nf_hook_slow+0x83/0xb5
[] ip_local_deliver+0x1a2/0x1a9
[] ip_local_deliver_finish+0x0/0x151
[] ip_rcv+0x334/0x3b4
[] netif_receive_skb+0x320/0x35b
[] init_stall_timer+0x67/0x6a [uhci_hcd]
[] process_backlog+0x6c/0xd9
[] net_rx_action+0xfe/0x1f8
[] __do_softirq+0x35/0x79
[] handle_IRQ_event+0x0/0x4f
[] do_softirq+0x46/0x4dIts an skb_over_panic BUG halt that results from processing an init chunk in
which too many of its variable length parameters are in some way malformed.The problem is in sctp_process_unk_param:
if (NULL == *errp)
*errp = sctp_make_op_error_space(asoc, chunk,
ntohs(chunk->chunk_hdr->length));if (*errp) {
sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM,
WORD_ROUND(ntohs(param.p->length)));
sctp_addto_chunk(*errp,
WORD_ROUND(ntohs(param.p->length)),
param.v);When we allocate an error chunk, we assume that the worst case scenario requires
that we have chunk_hdr->length data allocated, which would be correct nominally,
given that we call sctp_addto_chunk for the violating parameter. Unfortunately,
we also, in sctp_init_cause insert a sctp_errhdr_t structure into the error
chunk, so the worst case situation in which all parameters are in violation
requires chunk_hdr->length+(sizeof(sctp_errhdr_t)*param_count) bytes of data.The result of this error is that a deliberately malformed packet sent to a
listening host can cause a remote DOS, described in CVE-2010-1173:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1173I've tested the below fix and confirmed that it fixes the issue. We move to a
strategy whereby we allocate a fixed size error chunk and ignore errors we don't
have space to report. Tested by me successfullySigned-off-by: Neil Horman
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller
10 Dec, 2009
1 commit
-
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (42 commits)
tree-wide: fix misspelling of "definition" in comments
reiserfs: fix misspelling of "journaled"
doc: Fix a typo in slub.txt.
inotify: remove superfluous return code check
hdlc: spelling fix in find_pvc() comment
doc: fix regulator docs cut-and-pasteism
mtd: Fix comment in Kconfig
doc: Fix IRQ chip docs
tree-wide: fix assorted typos all over the place
drivers/ata/libata-sff.c: comment spelling fixes
fix typos/grammos in Documentation/edac.txt
sysctl: add missing comments
fs/debugfs/inode.c: fix comment typos
sgivwfb: Make use of ARRAY_SIZE.
sky2: fix sky2_link_down copy/paste comment error
tree-wide: fix typos "couter" -> "counter"
tree-wide: fix typos "offest" -> "offset"
fix kerneldoc for set_irq_msi()
spidev: fix double "of of" in comment
comment typo fix: sybsystem -> subsystem
...
08 Dec, 2009
1 commit
-
Conflicts:
kernel/irq/chip.c
04 Dec, 2009
1 commit
-
That is "success", "unknown", "through", "performance", "[re|un]mapping"
, "access", "default", "reasonable", "[con]currently", "temperature"
, "channel", "[un]used", "application", "example","hierarchy", "therefore"
, "[over|under]flow", "contiguous", "threshold", "enough" and others.Signed-off-by: André Goddard Rosa
Signed-off-by: Jiri Kosina
29 Nov, 2009
2 commits
-
Conflicts:
drivers/ieee802154/fakehard.c
drivers/net/e1000e/ich8lan.c
drivers/net/e1000e/phy.c
drivers/net/netxen/netxen_nic_init.c
drivers/net/wireless/ath/ath9k/main.c -
When retransmitting due to T3 timeout, retransmit all the
in-flight chunks for the corresponding transport/path, including
chunks sent less then 1 rto ago.
This is the correct behaviour according to rfc4960 section 6.3.3
E3 and
"Note: Any DATA chunks that were sent to the address for which the
T3-rtx timer expired but did not fit in one MTU (rule E3 above)
should be marked for retransmission and sent as soon as cwnd
allows (normally, when a SACK arrives). ".This fixes problems when more then one path is present and the T3
retransmission of the first chunk that timeouts stops the T3 timer
for the initial active path, leaving all the other in-flight
chunks waiting forever or until a new chunk is transmitted on the
same path and timeouts (and this will happen only if the cwnd
allows sending new chunks, but since cwnd was dropped to MTU by
the timeout => it will wait until the first heartbeat).Example: 10 packets in flight, sent at 0.1 s intervals on the
primary path. The primary path is down and the first packet
timeouts. The first packet is retransmitted on another path, the
T3 timer for the primary path is stopped and cwnd is set to MTU.
All the other 9 in-flight packets will not be retransmitted
(unless more new packets are sent on the primary path which depend
on cwnd allowing it, and even in this case the 9 packets will be
retransmitted only after a new packet timeouts which even in the
best case would be more then RTO).This commit reverts d0ce92910bc04e107b2f3f2048f07e94f570035d and
also removes the now unused transport->last_rto, introduced in
b6157d8e03e1e780660a328f7183bcbfa4a93a19.p.s The problem is not only when multiple paths are there. It
can happen in a single homed environment. If the application
stops sending data, it possible to have a hung association.Signed-off-by: Andrei Pelinescu-Onciul
Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller
24 Nov, 2009
3 commits
-
Current implementation of max.burst ends up limiting new
data during cwnd decay period. The decay is happening becuase
the connection is idle and we are allowed to fill the congestion
window. The point of max.burst is to limit micro-bursts in response
to large acks. This still happens, as max.burst is still applied
to each transmit opportunity. It will also apply if a very large
send is made (greater then allowed by burst).Tested-by: Florian Niederbacher
Signed-off-by: Vlad Yasevich -
The transport last_time_used variable is rather useless.
It was only used when determining if CWND needs to be updated
due to idle transport. However, idle transport detection was
based on a Heartbeat timer and last_time_used was not incremented
when sending Heartbeats. As a result the check for cwnd reduction
was always true. We can get rid of the variable and just base
our cwnd manipulation on the HB timer (like the code comment sais).
We also have to call into the cwnd manipulation function regardless
of whether HBs are enabled or not. That way we will detect idle
transports if the user has disabled Heartbeats.Signed-off-by: Vlad Yasevich
-
We currently send window update SACKs every time we free up 1 PMTU
worth of data. That a lot more SACKs then necessary. Instead, we'll
now send back the actuall window every time we send a sack, and do
window-update SACKs when a fraction of the receive buffer has been
opened. The fraction is controlled with a sysctl.Signed-off-by: Vlad Yasevich
14 Nov, 2009
1 commit
-
Recent commit 8da645e101a8c20c6073efda3c7cc74eec01b87f
sctp: Get rid of an extra routing lookup when adding a transport
introduced a regression in the connection setup. The behavior wasdifferent between IPv4 and IPv6. IPv4 case ended up working because the
route lookup routing returned a NULL route, which triggered another
route lookup later in the output patch that succeeded. In the IPv6 case,
a valid route was returned for first call, but we could not find a valid
source address at the time since the source addresses were not set on the
association yet. Thus resulted in a hung connection.The solution is to set the source addresses on the association prior to
adding peers.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller
01 Oct, 2009
1 commit
-
This provides safety against negative optlen at the type
level instead of depending upon (sometimes non-trivial)
checks against this sprinkled all over the the place, in
each and every implementation.Based upon work done by Arjan van de Ven and feedback
from Linus Torvalds.Signed-off-by: David S. Miller
05 Sep, 2009
2 commits
-
This shrinks the size of struct sctp_association a little.
Signed-off-by: Wei Yongjun
Signed-off-by: Vlad Yasevich -
This patch introduces a new sysctl option to make IPv4 Address Scoping
configurable .In networking environments where DNAT rules in iptables prerouting
chains convert destination IP's to link-local/private IP addresses,
SCTP connections fail to establish as the INIT chunk is dropped by the
kernel due to address scope match failure.
For example to support overlapping IP addresses (same IP address with
different vlan id) a Layer-5 application listens on link local IP's,
and there is a DNAT rule that maps the destination IP to a link local
IP. Such applications never get the SCTP INIT if the address-scoping
draft is strictly followed.This sysctl configuration allows SCTP to function in such
unconventional networking environments.Sysctl options:
0 - Disable IPv4 address scoping draft altogether
1 - Enable IPv4 address scoping (default, current behavior)
2 - Enable address scoping but allow IPv4 private addresses in init/init-ack
3 - Enable address scoping but allow IPv4 link local address in init/init-ackSigned-off-by: Bhaskar Dutta
Signed-off-by: Vlad Yasevich