27 Oct, 2011
1 commit
-
commit 66b13d99d96a (ipv4: tcp: fix TOS value in ACK messages sent from
TIME_WAIT) fixed IPv4 only.This part is for the IPv6 side, adding a tclass param to ip6_xmit()
We alias tw_tclass and tw_tos, if socket family is INET6.
[ if sockets is ipv4-mapped, only IP_TOS socket option is used to fill
TOS field, TCLASS is not taken into account ]Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
22 Jul, 2011
1 commit
-
IPv6 fragment identification generation is way beyond what we use for
IPv4 : It uses a single generator. Its not scalable and allows DOS
attacks.Now inetpeer is IPv6 aware, we can use it to provide a more secure and
scalable frag ident generator (per destination, instead of system wide)This patch :
1) defines a new secure_ipv6_id() helper
2) extends inet_getid() to provide 32bit results
3) extends ipv6_select_ident() with a new dest parameterReported-by: Fernando Gont
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
20 May, 2011
1 commit
-
ipv6 has per device ICMP SNMP counters, taking too much space because
they use percpu storage.needed size per device is :
(512+4)*sizeof(long)*number_of_possible_cpus*2On a 32bit kernel, 16 possible cpus, this wastes more than 64kbytes of
memory per ipv6 enabled network device, taken in vmalloc pool.Since ICMP messages are rare, just use shared counters (atomic_long_t)
Per network space ICMP counters are still using percpu memory, we might
also convert them to shared counters in a future patch.Signed-off-by: Eric Dumazet
CC: Denys Fedoryshchenko
Signed-off-by: David S. Miller
25 Apr, 2011
1 commit
-
These header files are never installed to user consumption, so any
__KERNEL__ cpp checks are superfluous.Projects should also not copy these files into their userland utility
sources and try to use them there. If they insist on doing so, the
onus is on them to sanitize the headers as needed.Signed-off-by: David S. Miller
23 Apr, 2011
1 commit
-
Add const qualifiers to structs iphdr, ipv6hdr and in6_addr pointers
where possible, to make code intention more obvious.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
13 Mar, 2011
1 commit
-
Signed-off-by: David S. Miller
04 Mar, 2011
1 commit
-
Conflicts:
drivers/net/bnx2x/bnx2x.h
02 Mar, 2011
4 commits
-
That way we don't have to potentially do this in every xfrm_lookup()
caller.Signed-off-by: David S. Miller
-
Return a dst pointer which is potentitally error encoded.
Don't pass original dst pointer by reference, pass a struct net
instead of a socket, and elide the flow argument since it is
unnecessary.Signed-off-by: David S. Miller
-
Since it indicates whether we are invoked from a sleepable
context or not.Signed-off-by: David S. Miller
-
Route lookups follow a general pattern in the ipv6 code wherein
we first find the non-IPSEC route, potentially override the
flow destination address due to ipv6 options settings, and then
finally make an IPSEC search using either xfrm_lookup() or
__xfrm_lookup().__xfrm_lookup() is used when we want to generate a blackhole route
if the key manager needs to resolve the IPSEC rules (in this case
-EREMOTE is returned and the original 'dst' is left unchanged).Otherwise plain xfrm_lookup() is used and when asynchronous IPSEC
resolution is necessary, we simply fail the lookup completely.All of these cases are encapsulated into two routines,
ip6_dst_lookup_flow and ip6_sk_dst_lookup_flow. The latter of which
handles unconnected UDP datagram sockets.Signed-off-by: David S. Miller
23 Feb, 2011
1 commit
-
This commit adds the missing IPv6 multicast address flag defines to
complement the already existing multicast address scope defines and to
be able to check these flags nicely in the future.Signed-off-by: Linus Lüssing
Signed-off-by: David S. Miller
24 Sep, 2010
1 commit
-
Change "return (EXPR);" to "return EXPR;"
return is not a function, parentheses are not required.
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
01 Jul, 2010
1 commit
-
/proc/net/snmp and /proc/net/netstat expose SNMP counters.
Width of these counters is either 32 or 64 bits, depending on the size
of "unsigned long" in kernel.This means user program parsing these files must already be prepared to
deal with 64bit values, regardless of user program being 32 or 64 bit.This patch introduces 64bit snmp values for IPSTAT mib, where some
counters can wrap pretty fast if they are 32bit wide.# netstat -s|egrep "InOctets|OutOctets"
InOctets: 244068329096
OutOctets: 244069348848Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
02 Jun, 2010
1 commit
-
There are more than a dozen occurrences of following code in the
IPv6 stack:if (opt && opt->srcrt) {
struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
ipv6_addr_copy(&final, &fl.fl6_dst);
ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
final_p = &final;
}Replace those with a helper. Note that the helper overrides final_p
in all cases. This is ok as final_p was previously initialized to
NULL when declared.Signed-off-by: Arnaud Ebalard
Signed-off-by: David S. Miller
25 May, 2010
1 commit
-
- C99 knows about USHRT_MAX/SHRT_MAX/SHRT_MIN, not
USHORT_MAX/SHORT_MAX/SHORT_MIN.- Make SHRT_MIN of type s16, not int, for consistency.
[akpm@linux-foundation.org: fix drivers/dma/timb_dma.c]
[akpm@linux-foundation.org: fix security/keys/keyring.c]
Signed-off-by: Alexey Dobriyan
Acked-by: WANG Cong
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
24 Apr, 2010
2 commits
-
Finally add support to detect a local IPV6_DONTFRAG event
and return the relevant data to the user if they've enabled
IPV6_RECVPATHMTU on the socket. The next recvmsg() will
return no data, but have an IPV6_PATHMTU as ancillary data.Signed-off-by: Brian Haley
Signed-off-by: David S. Miller -
Add dontfrag argument to relevant functions for
IPV6_DONTFRAG support, as well as allowing the value
to be passed-in via ancillary cmsg data.Signed-off-by: Brian Haley
Signed-off-by: David S. Miller
16 Apr, 2010
1 commit
-
As Herbert Xu said: we should be able to simply replace ipfragok
with skb->local_df. commit f88037(sctp: Drop ipfargok in sctp_xmit function)
has droped ipfragok and set local_df value properly.The patch kills the ipfragok parameter of .queue_xmit().
Signed-off-by: Shan Wei
Signed-off-by: David S. Miller
31 Mar, 2010
1 commit
-
Because we have ensured that the argument is non-zero,
it is better to use __fls() and generate better code.Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
26 Feb, 2010
1 commit
-
RFC 4291 section 2.4 states that all uncategorized addresses
should be considered as Global Unicast.This will remove IPV6_ADDR_RESERVED completely
and return IPV6_ADDR_UNICAST in ipv6_addr_type() instead.Signed-off-by: Ulrich Weber
Signed-off-by: David S. Miller
17 Feb, 2010
1 commit
-
On Tue, 2010-02-16 at 16:47 +0100, Patrick McHardy wrote:
> Joe Perches wrote:
> >> @@ -246,6 +246,8 @@ extern int ipv6_opt_accepted(struct sock *sk, struct sk_buff *skb);
> >> int ip6_frag_nqueues(struct net *net);
> >> int ip6_frag_mem(struct net *net);
> >>
> >> +#define IPV6_FRAG_HIGH_THRESH 262144 /* == 256*1024 */
> >> +#define IPV6_FRAG_LOW_THRESH 196608 /* == 192*1024 */
> >> #define IPV6_FRAG_TIMEOUT (60*HZ) /* 60 seconds */
> >
> > 196608 isn't a number I want to remember.
> > Is this better as:
> >
> > #define IPV6_FRAG_HIGH_THRESH (256 * 1024) /* 262144 */
> > #define IPV6_FRAG_LOW_THRESH (192 * 1024) /* 196608 */
>
> Please send a patch, I'll apply it once these patches are in Dave's
> tree.Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
16 Feb, 2010
1 commit
-
Normally, each connection needs a unique identity. Conntrack zones allow
to specify a numerical zone using the CT target, connections in different
zones can use the same identity.Example:
iptables -t raw -A PREROUTING -i veth0 -j CT --zone 1
iptables -t raw -A OUTPUT -o veth1 -j CT --zone 1Signed-off-by: Patrick McHardy
20 Jan, 2010
1 commit
-
Use macro to define high/low thresh value, refer to IPV6_FRAG_TIMEOUT.
Signed-off-by: Shan Wei
Acked-by: David S. Miller
Signed-off-by: Patrick McHardy
15 Dec, 2009
2 commits
-
When fragments from bridge netfilter are passed to IPv4 or IPv6 conntrack
and a reassembly queue with the same fragment key already exists from
reassembling a similar packet received on a different device (f.i. with
multicasted fragments), the reassembled packet might continue on a different
codepath than where the head fragment originated. This can cause crashes
in bridge netfilter when a fragment received on a non-bridge device (and
thus with skb->nf_bridge == NULL) continues through the bridge netfilter
code.Add a new reassembly identifier for packets originating from bridge
netfilter and use it to put those packets in insolated queues.Fixes http://bugzilla.kernel.org/show_bug.cgi?id=14805
Reported-and-Tested-by: Chong Qiao
Signed-off-by: Patrick McHardy -
Currently the same reassembly queue might be used for packets reassembled
by conntrack in different positions in the stack (PREROUTING/LOCAL_OUT),
as well as local delivery. This can cause "packet jumps" when the fragment
completing a reassembled packet is queued from a different position in the
stack than the previous ones.Add a "user" identifier to the reassembly queue key to seperate the queues
of each caller, similar to what we do for IPv4.Signed-off-by: Patrick McHardy
04 Nov, 2009
1 commit
-
This cleanup patch puts struct/union/enum opening braces,
in first line to ease grep games.struct something
{becomes :
struct something {
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
01 Oct, 2009
1 commit
-
This provides safety against negative optlen at the type
level instead of depending upon (sometimes non-trivial)
checks against this sprinkled all over the the place, in
each and every implementation.Based upon work done by Arjan van de Ven and feedback
from Linus Torvalds.Signed-off-by: David S. Miller
13 Jul, 2009
1 commit
-
- move ipv6_select_ident() inline function to ipv6.h and remove the unused
skb argumentSigned-off-by: Sridhar Samudrala
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
27 Apr, 2009
1 commit
-
The IP MIB (RFC 4293) defines stats for InOctets, OutOctets, InMcastOctets and
OutMcastOctets:
http://tools.ietf.org/html/rfc4293
But it seems we don't track those in any way that easy to separate from other
protocols. This patch adds those missing counters to the stats file. Tested
successfully by meWith help from Eric Dumazet.
Signed-off-by: Neil Horman
Signed-off-by: David S. Miller
15 Feb, 2009
1 commit
-
Base versions handle constant folding now. For headers exposed to
userspace, we must only expose the __ prefixed versions.Signed-off-by: Harvey Harrison
Signed-off-by: David S. Miller
09 Oct, 2008
9 commits
-
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Removed.
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller
