17 Dec, 2011
1 commit
-
Use IS_ENABLED(CONFIG_FOO)
instead of defined(CONFIG_FOO) || defined (CONFIG_FOO_MODULE)Signed-off-by: Igor Maravić
Signed-off-by: David S. Miller
04 Dec, 2011
1 commit
-
While parsing through IPv6 extension headers, fragment headers are
skipped making them invisible to the caller. This reports the
fragment offset of the last header in order to make it possible to
determine whether the packet is fragmented and, if so whether it is
a first or last fragment.Signed-off-by: Jesse Gross
01 Nov, 2011
1 commit
-
Site specific OOM messages are duplications of a generic MM
out of memory message and aren't really useful, so just
delete them.Signed-off-by: Joe Perches
Signed-off-by: Patrick McHardy
Signed-off-by: Pablo Neira Ayuso
20 Aug, 2010
1 commit
-
Signed-off-by: Changli Gao
Signed-off-by: David S. Miller
12 May, 2010
3 commits
-
Since xt_action_param is writable, let's use it. The pointer to
'bool hotdrop' always worried (8 bytes (64-bit) to write 1 byte!).
Surprisingly results in a reduction in size:text data bss filename
5457066 692730 357892 vmlinux.o-prev
5456554 692730 357892 vmlinux.oSigned-off-by: Jan Engelhardt
-
In future, layer-3 matches will be an xt module of their own, and
need to set the fragoff and thoff fields. Adding more pointers would
needlessy increase memory requirements (esp. so for 64-bit, where
pointers are wider).Signed-off-by: Jan Engelhardt
-
Signed-off-by: Jan Engelhardt
20 Apr, 2010
1 commit
-
Conflicts:
Documentation/feature-removal-schedule.txt
net/ipv6/netfilter/ip6t_REJECT.c
net/netfilter/xt_limit.cSigned-off-by: Patrick McHardy
01 Apr, 2010
1 commit
-
xt_hashlimit uses a central lock per hash table and suffers from
contention on some workloads. (Multiqueue NIC or if RPS is enabled)After RCU conversion, central lock is only used when a writer wants to
add or delete an entry.For 'readers', updating an existing entry, they use an individual lock
per entry.Signed-off-by: Eric Dumazet
Signed-off-by: Patrick McHardy
26 Mar, 2010
2 commits
-
A missing break statement in hashlimit_ipv6_mask(), and masks
between /64 and /95 are not working at all...Signed-off-by: Eric Dumazet
Signed-off-by: Patrick McHardy -
Superseded by xt_hashlimit revision 1 (linux v2.6.24-6212-g09e410d,
iptables 1.4.1-rc1).Signed-off-by: Jan Engelhardt
25 Mar, 2010
4 commits
-
When extended status codes are available, such as ENOMEM on failed
allocations, or subsequent functions (e.g. nf_ct_get_l3proto), passing
them up to userspace seems like a good idea compared to just always
EINVAL.Signed-off-by: Jan Engelhardt
-
The following semantic patch does part of the transformation:
//
@ rule1 @
struct xt_match ops;
identifier check;
@@
ops.checkentry = check;@@
identifier rule1.check;
@@
check(...) { }@@
identifier rule1.check;
@@
check(...) { }
//Signed-off-by: Jan Engelhardt
-
Restore function signatures from bool to int so that we can report
memory allocation failures or similar using -ENOMEM rather than
always having to pass -EINVAL back.This semantic patch may not be too precise (checking for functions
that use xt_mtchk_param rather than functions referenced by
xt_match.checkentry), but reviewed, it produced the intended result.//
@@
type bool;
identifier check, par;
@@
-bool check
+int check
(struct xt_mtchk_param *par) { ... }
//Signed-off-by: Jan Engelhardt
-
If dl_seq_start() memory allocation fails, we crash later in
dl_seq_stop(), trying to kfree(ERR_PTR(-ENOMEM))Signed-off-by: Eric Dumazet
Signed-off-by: Patrick McHardy
18 Mar, 2010
3 commits
-
Signed-off-by: Jan Engelhardt
-
ENOMEM is a very obvious error code (cf. EINVAL), so I think we do not
really need a warning message. Not to mention that if the allocation
fails, the user is most likely going to get a stack trace from slab
already.Signed-off-by: Jan Engelhardt
-
The matches can have .family = NFPROTO_UNSPEC, and though that is not
the case for the touched modules, it seems better to just use the
nfproto from the caller.Signed-off-by: Jan Engelhardt
17 Mar, 2010
1 commit
-
Signed-off-by: Jan Engelhardt
08 Mar, 2010
1 commit
-
Conflicts:
Documentation/filesystems/proc.txt
arch/arm/mach-u300/include/mach/debug-macro.S
drivers/net/qlge/qlge_ethtool.c
drivers/net/qlge/qlge_main.c
drivers/net/typhoon.c
18 Feb, 2010
1 commit
-
Commit 2eff25c18c3d332d3c4dd98f2ac9b7114e9771b0
(netfilter: xt_hashlimit: fix race condition and simplify locking)
added a mutex deadlock :
htable_create() is called with hashlimit_mutex already lockedSigned-off-by: Eric Dumazet
Signed-off-by: David S. Miller
15 Feb, 2010
1 commit
-
Signed-off-by: Jan Engelhardt
09 Feb, 2010
1 commit
-
In particular, several occurances of funny versions of 'success',
'unknown', 'therefore', 'acknowledge', 'argument', 'achieve', 'address',
'beginning', 'desirable', 'separate' and 'necessary' are fixed.Signed-off-by: Daniel Mack
Cc: Joe Perches
Cc: Junio C Hamano
Signed-off-by: Jiri Kosina
03 Feb, 2010
1 commit
-
As noticed by Shin Hong , there is a race between
htable_find_get() and htable_put():htable_put(): htable_find_get():
spin_lock_bh(&hashlimit_lock);
atomic_dec_and_test(&hinfo->use)
atomic_inc(&hinfo->use)
spin_unlock_bh(&hashlimit_lock)
return hinfo;
spin_lock_bh(&hashlimit_lock);
hlist_del(&hinfo->node);
spin_unlock_bh(&hashlimit_lock);
htable_destroy(hinfo);The entire locking concept is overly complicated, tables are only
created/referenced and released in process context, so a single
mutex works just fine. Remove the hashinfo_spinlock and atomic
reference count and use the mutex to protect table lookups/creation
and reference count changes.Signed-off-by: Patrick McHardy
18 Jan, 2010
2 commits
-
Make hashtable per-netns.
Make proc files per-netns.Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Simply pass hashtable to seqfile iterators, proc entry itself is not needed.
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy
04 Jan, 2010
1 commit
-
Moving rnd_inited into the hole after the uint8 lets go of the uint32
rnd_inited was using, plus the padding that would follow the int group.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
22 Sep, 2009
1 commit
-
Sizing of memory allocations shouldn't depend on the number of physical
pages found in a system, as that generally includes (perhaps a huge amount
of) non-RAM pages. The amount of what actually is usable as storage
should instead be used as a basis here.Some of the calculations (i.e. those not intending to use high memory)
should likely even use (totalram_pages - totalhigh_pages).Signed-off-by: Jan Beulich
Acked-by: Rusty Russell
Acked-by: Ingo Molnar
Cc: Dave Airlie
Cc: Kyle McMartin
Cc: Jeremy Fitzhardinge
Cc: Pekka Enberg
Cc: Hugh Dickins
Cc: "David S. Miller"
Cc: Patrick McHardy
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
27 May, 2009
1 commit
-
The function dl_seq_show() returns 1 (equal to SEQ_SKIP) in case
a seq_printf() call return -1. It should return -1.This SEQ_SKIP behavior brakes processing the proc file e.g. via a
pipe or just through less.Signed-off-by: Jesper Dangaard Brouer
Signed-off-by: Patrick McHardy
24 Feb, 2009
1 commit
-
Commit 784544739a25c30637397ace5489eeb6e15d7d49
(netfilter: iptables: lock free counters) broke xt_hashlimit netfilter module :This module was storing a pointer inside its xt_hashlimit_info, and this pointer
is not relocated when we temporarly switch tables (iptables -L).This hack is not not needed at all (probably a leftover from
ancient time), as each cpu should and can access to its own copy.Signed-off-by: Eric Dumazet
Signed-off-by: Patrick McHardy
20 Feb, 2009
1 commit
-
get_random_bytes() is sometimes called with a hard coded size assumption
of an integer. This could not be true for next centuries. This patch
replace it with a compile time statement.Signed-off-by: Hagen Paul Pfeifer
Signed-off-by: Patrick McHardy
31 Oct, 2008
1 commit
-
Using NIPQUAD() with NIPQUAD_FMT, %d.%d.%d.%d or %u.%u.%u.%u
can be replaced with %pI4Signed-off-by: Harvey Harrison
Signed-off-by: David S. Miller
30 Oct, 2008
1 commit
-
Signed-off-by: Harvey Harrison
Signed-off-by: David S. Miller
29 Oct, 2008
1 commit
-
Signed-off-by: Harvey Harrison
Signed-off-by: David S. Miller
08 Oct, 2008
5 commits
-
This patch does this for match extensions' destroy functions.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
This patch does this for match extensions' checkentry functions.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
The function signatures for Xtables extensions have grown over time.
It involves a lot of typing/replication, and also a bit of stack space
even if they are not used. Realize an NFWS2008 idea and pack them into
structs. The skb remains outside of the struct so gcc can continue to
apply its optimizations.This patch does this for match extensions' match functions.
A few ambiguities have also been addressed. The "offset" parameter for
example has been renamed to "fragoff" (there are so many different
offsets already) and "protoff" to "thoff" (there is more than just one
protocol here, so clarify).Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
and (try to) consistently use u_int8_t for the L3 family.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
31 Jul, 2008
1 commit
-
Deleting a timer with del_timer doesn't guarantee, that the
timer function is not running at the moment of deletion. Thus
in the xt_hashlimit case we can get into a ticklish situation
when the htable_gc rearms the timer back and we'll actually
delete an entry with a pending timer.Fix it with using del_timer_sync().
AFAIK del_timer_sync checks for the timer to be pending by
itself, so I remove the check.Signed-off-by: Pavel Emelyanov
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
