Eric Lee / smarc-fsl-linux-kernel

22 Nov, 2011

1 commit

  • 5e2afba4e   netfilter: possible unaligned packet header in ip_route_me_harder ... Browse Code »

    This patch tries to fix the following issue in netfilter:
    In ip_route_me_harder(), we invoke pskb_expand_head() that
    rellocates new header with additional head room which can break
    the alignment of the original packet header.

    In one of my NAT test case, the NIC port for internal hosts is
    configured with vlan and the port for external hosts is with
    general configuration. If we ping an external "unknown" hosts from an
    internal host, an icmp packet will be sent. We find that in
    icmp_send()->...->ip_route_me_harder()->pskb_expand_head(), hh_len=18
    and current headroom (skb_headroom(skb)) of the packet is 16. After
    calling pskb_expand_head() the packet header becomes to be unaligned
    and then our system (arch/tile) panics immediately.

    Signed-off-by: Paul Guo
    Acked-by: Eric Dumazet
    Signed-off-by: Pablo Neira Ayuso

    Paul Guo
     

01 Nov, 2011

1 commit

08 Aug, 2011

1 commit

  • 797fd3913   netfilter: TCP and raw fix for ip_route_me_harder ... Browse Code »
    1

    TCP in some cases uses different global (raw) socket
    to send RST and ACK. The transparent flag is not set there.
    Currently, it is a problem for rerouting after the previous
    change.

    Fix it by simplifying the checks in ip_route_me_harder
    and use FLOWI_FLAG_ANYSRC even for sockets. It looks safe
    because the initial routing allowed this source address to
    be used and now we just have to make sure the packet is rerouted.

    As a side effect this also allows rerouting for normal
    raw sockets that use spoofed source addresses which was not possible
    even before we eliminated the ip_route_input call.

    Signed-off-by: Julian Anastasov
    Signed-off-by: David S. Miller

    Julian Anastasov
     

29 Jun, 2011

1 commit

  • ed6e4ef83   netfilter: Fix ip_route_me_harder triggering ip_rt_bug ... Browse Code »

    Avoid creating input routes with ip_route_me_harder.
    It does not work for locally generated packets. Instead,
    restrict sockets to provide valid saddr for output route (or
    unicast saddr for transparent proxy). For other traffic
    allow saddr to be unicast or local but if callers forget
    to check saddr type use 0 for the output route.

    The resulting handling should be:

    - REJECT TCP:
    - in INPUT we can provide addr_type = RTN_LOCAL but
    better allow rejecting traffic delivered with
    local route (no IP address => use RTN_UNSPEC to
    allow also RTN_UNICAST).
    - FORWARD: RTN_UNSPEC => allow RTN_LOCAL/RTN_UNICAST
    saddr, add fix to ignore RTN_BROADCAST and RTN_MULTICAST
    - OUTPUT: RTN_UNSPEC

    - NAT, mangle, ip_queue, nf_ip_reroute: RTN_UNSPEC in LOCAL_OUT

    - IPVS:
    - use RTN_LOCAL in LOCAL_OUT and FORWARD after SNAT
    to restrict saddr to be local

    Signed-off-by: Julian Anastasov
    Signed-off-by: David S. Miller

    Julian Anastasov
     

04 Apr, 2011

2 commits

  • 0fae2e774   netfilter: af_info: add 'strict' parameter to limit lookup to .oif ... Browse Code »

    ipv6 fib lookup can set RT6_LOOKUP_F_IFACE flag to restrict search
    to an interface, but this flag cannot be set via struct flowi.

    Also, it cannot be set via ip6_route_output: this function uses the
    passed sock struct to determine if this flag is required
    (by testing for nonzero sk_bound_dev_if).

    Work around this by passing in an artificial struct sk in case
    'strict' argument is true.

    This is required to replace the rt6_lookup call in xt_addrtype.c with
    nf_afinfo->route().

    Signed-off-by: Florian Westphal
    Acked-by: David S. Miller
    Signed-off-by: Patrick McHardy

    Florian Westphal
     
  • 31ad3dd64   netfilter: af_info: add network namespace parameter to route hook ... Browse Code »

    This is required to eventually replace the rt6_lookup call in
    xt_addrtype.c with nf_afinfo->route().

    Signed-off-by: Florian Westphal
    Acked-by: David S. Miller
    Signed-off-by: Patrick McHardy

    Florian Westphal
     

13 Mar, 2011

2 commits

03 Mar, 2011

2 commits

18 Nov, 2010

1 commit

15 Jun, 2010

1 commit

14 Jun, 2010

1 commit

11 Jun, 2010

1 commit

18 May, 2010

1 commit

  • 7fee226ad   net: add a noref bit on skb dst ... Browse Code »

    Use low order bit of skb->_skb_dst to tell dst is not refcounted.

    Change _skb_dst to _skb_refdst to make sure all uses are catched.

    skb_dst() returns the dst, regardless of noref bit set or not, but
    with a lockdep check to make sure a noref dst is not given if current
    user is not rcu protected.

    New skb_dst_set_noref() helper to set an notrefcounted dst on a skb.
    (with lockdep check)

    skb_dst_drop() drops a reference only if skb dst was refcounted.

    skb_dst_force() helper is used to force a refcount on dst, when skb
    is queued and not anymore RCU protected.

    Use skb_dst_force() in __sk_add_backlog(), __dev_xmit_skb() if
    !IFF_XMIT_DST_RELEASE or skb enqueued on qdisc queue, in
    sock_queue_rcv_skb(), in __nf_queue().

    Use skb_dst_force() in dev_requeue_skb().

    Note: dst_use_noref() still dirties dst, we might transform it
    later to do one dirtying per jiffies.

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

30 Mar, 2010

1 commit

  • 5a0e3ad6a   include cleanup: Update gfp.h and slab.h includes to prepare for breaking implic… ... Browse Code »

    …it slab.h inclusion from percpu.h

    percpu.h is included by sched.h and module.h and thus ends up being
    included when building most .c files. percpu.h includes slab.h which
    in turn includes gfp.h making everything defined by the two files
    universally available and complicating inclusion dependencies.

    percpu.h -> slab.h dependency is about to be removed. Prepare for
    this change by updating users of gfp and slab facilities include those
    headers directly instead of assuming availability. As this conversion
    needs to touch large number of source files, the following script is
    used as the basis of conversion.

    http://userweb.kernel.org/~tj/misc/slabh-sweep.py

    The script does the followings.

    * Scan files for gfp and slab usages and update includes such that
    only the necessary includes are there. ie. if only gfp is used,
    gfp.h, if slab is used, slab.h.

    * When the script inserts a new include, it looks at the include
    blocks and try to put the new include such that its order conforms
    to its surrounding. It's put in the include block which contains
    core kernel includes, in the same order that the rest are ordered -
    alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
    doesn't seem to be any matching order.

    * If the script can't find a place to put a new include (mostly
    because the file doesn't have fitting include block), it prints out
    an error message indicating which .h file needs to be added to the
    file.

    The conversion was done in the following steps.

    1. The initial automatic conversion of all .c files updated slightly
    over 4000 files, deleting around 700 includes and adding ~480 gfp.h
    and ~3000 slab.h inclusions. The script emitted errors for ~400
    files.

    2. Each error was manually checked. Some didn't need the inclusion,
    some needed manual addition while adding it to implementation .h or
    embedding .c file was more appropriate for others. This step added
    inclusions to around 150 files.

    3. The script was run again and the output was compared to the edits
    from #2 to make sure no file was left behind.

    4. Several build tests were done and a couple of problems were fixed.
    e.g. lib/decompress_*.c used malloc/free() wrappers around slab
    APIs requiring slab.h to be added manually.

    5. The script was run on all .h files but without automatically
    editing them as sprinkling gfp.h and slab.h inclusions around .h
    files could easily lead to inclusion dependency hell. Most gfp.h
    inclusion directives were ignored as stuff from gfp.h was usually
    wildly available and often used in preprocessor macros. Each
    slab.h inclusion directive was examined and added manually as
    necessary.

    6. percpu.h was updated not to include slab.h.

    7. Build test were done on the following configurations and failures
    were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
    distributed build env didn't work with gcov compiles) and a few
    more options had to be turned off depending on archs to make things
    build (like ipr on powerpc/64 which failed due to missing writeq).

    * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
    * powerpc and powerpc64 SMP allmodconfig
    * sparc and sparc64 SMP allmodconfig
    * ia64 SMP allmodconfig
    * s390 SMP allmodconfig
    * alpha SMP allmodconfig
    * um on x86_64 SMP allmodconfig

    8. percpu.h modifications were reverted so that it could be applied as
    a separate patch and serve as bisection point.

    Given the fact that I had only a couple of failures from tests on step
    6, I'm fairly confident about the coverage of this conversion patch.
    If there is a breakage, it's likely to be something in one of the arch
    headers which should be easily discoverable easily on most builds of
    the specific arch.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>

    Tejun Heo
     

08 Dec, 2009

1 commit

  • d7fc02c7b   Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 ... Browse Code »

    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1815 commits)
    mac80211: fix reorder buffer release
    iwmc3200wifi: Enable wimax core through module parameter
    iwmc3200wifi: Add wifi-wimax coexistence mode as a module parameter
    iwmc3200wifi: Coex table command does not expect a response
    iwmc3200wifi: Update wiwi priority table
    iwlwifi: driver version track kernel version
    iwlwifi: indicate uCode type when fail dump error/event log
    iwl3945: remove duplicated event logging code
    b43: fix two warnings
    ipw2100: fix rebooting hang with driver loaded
    cfg80211: indent regulatory messages with spaces
    iwmc3200wifi: fix NULL pointer dereference in pmkid update
    mac80211: Fix TX status reporting for injected data frames
    ath9k: enable 2GHz band only if the device supports it
    airo: Fix integer overflow warning
    rt2x00: Fix padding bug on L2PAD devices.
    WE: Fix set events not propagated
    b43legacy: avoid PPC fault during resume
    b43: avoid PPC fault during resume
    tcp: fix a timewait refcnt race
    ...

    Fix up conflicts due to sysctl cleanups (dead sysctl_check code and
    CTL_UNNUMBERED removed) in
    kernel/sysctl_check.c
    net/ipv4/sysctl_net_ipv4.c
    net/ipv6/addrconf.c
    net/sctp/sysctl.c

    Linus Torvalds
     

30 Nov, 2009

1 commit

12 Nov, 2009

1 commit

  • f8572d8f2   sysctl net: Remove unused binary sysctl code ... Browse Code »

    Now that sys_sysctl is a compatiblity wrapper around /proc/sys
    all sysctl strategy routines, and all ctl_name and strategy
    entries in the sysctl tables are unused, and can be
    revmoed.

    In addition neigh_sysctl_register has been modified to no longer
    take a strategy argument and it's callers have been modified not
    to pass one.

    Cc: "David Miller"
    Cc: Hideaki YOSHIFUJI
    Cc: netdev@vger.kernel.org
    Signed-off-by: Eric W. Biederman

    Eric W. Biederman
     

03 Jun, 2009

1 commit

  • adf30907d   net: skb->dst accessors ... Browse Code »

    Define three accessors to get/set dst attached to a skb

    struct dst_entry *skb_dst(const struct sk_buff *skb)

    void skb_dst_set(struct sk_buff *skb, struct dst_entry *dst)

    void skb_dst_drop(struct sk_buff *skb)
    This one should replace occurrences of :
    dst_release(skb->dst)
    skb->dst = NULL;

    Delete skb->dst field

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

28 Nov, 2008

1 commit

26 Nov, 2008

1 commit

  • 52479b623   netns xfrm: lookup in netns ... Browse Code »

    Pass netns to xfrm_lookup()/__xfrm_lookup(). For that pass netns
    to flow_cache_lookup() and resolver callback.

    Take it from socket or netdevice. Stub DECnet to init_net.

    Signed-off-by: Alexey Dobriyan
    Signed-off-by: David S. Miller

    Alexey Dobriyan
     

25 Nov, 2008

1 commit

  • 5f145e44a   netfilter: nfmark routing in OUTPUT, mangle, NFQUEUE ... Browse Code »

    This patch let nfmark to be evaluated for routing decision for OUTPUT
    packet, in mangle table, when process paquet in NFQUEUE
    Until now, only change (in NFQUEUE process) on fields src_addr,
    dest_addr and tos could make netfilter to reevalute the routing.

    From: Laurent Licour
    Signed-off-by: Eric Leblond
    Signed-off-by: Patrick McHardy

    Eric Leblond
     

08 Oct, 2008

1 commit

  • b21f89019   netfilter: netns: fix {ip,6}_route_me_harder() in netns ... Browse Code »

    Take netns from skb->dst->dev. It should be safe because, they are called
    from LOCAL_OUT hook where dst is valid (though, I'm not exactly sure about
    IPVS and queueing packets to userspace).

    [Patrick: its safe everywhere since they already expect skb->dst to be set]

    Signed-off-by: Alexey Dobriyan
    Signed-off-by: Patrick McHardy

    Alexey Dobriyan
     

01 Oct, 2008

1 commit

14 Apr, 2008

1 commit

  • d63a65073   [NETFILTER]: Add partial checksum validation helper ... Browse Code »

    Move the UDP-Lite conntrack checksum validation to a generic helper
    similar to nf_checksum() and make it fall back to nf_checksum()
    in case the full packet is to be checksummed and hardware checksums
    are available. This is to be used by DCCP conntrack, which also
    needs to verify partial checksums.

    Signed-off-by: Patrick McHardy

    Patrick McHardy
     

29 Jan, 2008

8 commits

16 Oct, 2007

2 commits

26 Apr, 2007

1 commit

11 Feb, 2007

1 commit

05 Jan, 2007

1 commit

03 Dec, 2006

1 commit