16 Oct, 2007
2 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
With all the users of the double pointers removed, this patch mops up by
finally replacing all occurances of sk_buff ** in the netfilter API by
sk_buff *.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
11 Oct, 2007
1 commit
-
The netfilter sysctls in the bridging code don't set strategy routines:
sysctl table check failed: /net/bridge/bridge-nf-call-arptables .3.10.1 Missing strategy
sysctl table check failed: /net/bridge/bridge-nf-call-iptables .3.10.2 Missing strategy
sysctl table check failed: /net/bridge/bridge-nf-call-ip6tables .3.10.3 Missing strategy
sysctl table check failed: /net/bridge/bridge-nf-filter-vlan-tagged .3.10.4 Missing strategy
sysctl table check failed: /net/bridge/bridge-nf-filter-pppoe-tagged .3.10.5 Missing strategyThese binary sysctls can't work. The binary sysctl numbers of
other netfilter sysctls with this problem are being removed. These
need to go as well.Signed-off-by: Joseph Fannin
Acked-by: "Eric W. Biederman"
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
17 Sep, 2007
1 commit
-
This patch adds an optimised version of skb_cow that avoids the copy if
the header can be modified even if the rest of the payload is cloned.This can be used in encapsulating paths where we only need to modify the
header. As it is, this can be used in PPPOE and bridging.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
27 Aug, 2007
1 commit
-
I tried to preserve bridging code as it was before, but logic is quite
strange - I think we should free skb on error, since it is already
unshared and thus will just leak.Herbert Xu states:
> + if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
> + goto out;If this happens it'll be a double-free on skb since we'll
return NF_DROP which makes the caller free it too.We could return NF_STOLEN to prevent that but I'm not sure
whether that's correct netfilter semantics. Patrick, could
you please make a call on this?Patrick McHardy states:
NF_STOLEN should work fine here.
Signed-off-by: Evgeniy Polyakov
Signed-off-by: David S. Miller
03 May, 2007
1 commit
-
Consolidate the common push/pull sequences into a few helper functions.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
26 Apr, 2007
9 commits
-
The attached patch by Michael Milner adds support for using iptables and
ip6tables on bridged traffic encapsulated in ppoe frames, similar to
what's already supported for vlan.Signed-off-by: Michael Milner
Signed-off-by: Bart De Schuymer
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
To clearly state the intent of copying to linear sk_buffs, _offset being a
overly long variant but interesting for the sake of saving some bytes.Signed-off-by: Arnaldo Carvalho de Melo
-
To clearly state the intent of copying from linear sk_buffs, _offset being a
overly long variant but interesting for the sake of saving some bytes.Signed-off-by: Arnaldo Carvalho de Melo
-
Renaming skb->h to skb->transport_header, skb->nh to skb->network_header and
skb->mac to skb->mac_header, to match the names of the associated helpers
(skb[_[re]set]_{transport,network,mac}_header).Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
Now the skb->nh union has just one member, .raw, i.e. it is just like the
skb->mac union, strange, no? I'm just leaving it like that till the transport
layer is done with, when we'll rename skb->mac.raw to skb->mac_header (or
->mac_header_offset?), ditto for ->{h,nh}.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
For the places where we need a pointer to the network header, it is still legal
to touch skb->nh.raw directly if just adding to, subtracting from or setting it
to another layer header.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
For the places where we need a pointer to the mac header, it is still legal to
touch skb->mac.raw directly if just adding to, subtracting from or setting it
to another layer header.This one also converts some more cases to skb_reset_mac_header() that my
regex missed as it had no spaces before nor after '=', ugh.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller
23 Mar, 2007
1 commit
-
Turning up the warnings on gcc makes it emit warnings
about the placement of 'inline' in function declarations.
Here's everything that was under net/Signed-off-by: Dave Jones
Signed-off-by: David S. Miller
15 Feb, 2007
1 commit
-
The semantic effect of insert_at_head is that it would allow new registered
sysctl entries to override existing sysctl entries of the same name. Which is
pain for caching and the proc interface never implemented.I have done an audit and discovered that none of the current users of
register_sysctl care as (excpet for directories) they do not register
duplicate sysctl entries.So this patch simply removes the support for overriding existing entries in
the sys_sysctl interface since no one uses it or cares and it makes future
enhancments harder.Signed-off-by: Eric W. Biederman
Acked-by: Ralf Baechle
Acked-by: Martin Schwidefsky
Cc: Russell King
Cc: David Howells
Cc: "Luck, Tony"
Cc: Ralf Baechle
Cc: Paul Mackerras
Cc: Martin Schwidefsky
Cc: Andi Kleen
Cc: Jens Axboe
Cc: Corey Minyard
Cc: Neil Brown
Cc: "John W. Linville"
Cc: James Bottomley
Cc: Jan Kara
Cc: Trond Myklebust
Cc: Mark Fasheh
Cc: David Chinner
Cc: "David S. Miller"
Cc: Patrick McHardy
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
11 Feb, 2007
1 commit
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
09 Feb, 2007
1 commit
-
Additionally mark the init function __init.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
14 Dec, 2006
1 commit
-
Remove the deferred hooks and all related code as scheduled in
feature-removal-schedule.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
07 Dec, 2006
1 commit
-
The attached patch resolves an issue where a IP DNATed packet with a
martian source is forwarded while it's better to drop it. It also
resolves messages complaining about ip forwarding being disabled while
it's actually enabled. Thanks to lepton for
reporting this problem.This is probably a candidate for the -stable release.
Signed-off-by: Bart De Schuymer
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
03 Dec, 2006
2 commits
-
Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
Signed-off-by: Al Viro
Signed-off-by: David S. Miller
23 Sep, 2006
3 commits
-
Change some bridge sysctl tunables to __read_mostly.
Signed-off-by: Brian Haley
Signed-off-by: David S. Miller -
If CONFIG_NETFILTER_DEBUG is enabled, it shouldn't change the
actions of the filtering. The message about skb->dst being NULL
is commonly triggered by dhclient, so it is useless. Make sure all
messages end in newline.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Cleanup and rearrangement for better style and clarity:
Split the function nf_bridge_maybe_copy_header into two pieces
Move copy portion out of line.
Use Ethernet header size macros.
Use header file to handle CONFIG_NETFILTER_BRIDGE differencesSigned-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
25 Jul, 2006
1 commit
-
Add bridge netfilter deferred output hooks to feature-removal-schedule
and disable them by default. Until their removal they will be
activated by the physdev match when needed.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
09 Jul, 2006
1 commit
-
This patch adds the wrapper function skb_is_gso which can be used instead
of directly testing skb_shinfo(skb)->gso_size. This makes things a little
nicer and allows us to change the primary key for indicating whether an skb
is GSO (if we ever want to do that).Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
23 Jun, 2006
1 commit
-
Having separate fields in sk_buff for TSO/UFO (tso_size/ufo_size) is not
going to scale if we add any more segmentation methods (e.g., DCCP). So
let's merge them.They were used to tell the protocol of a packet. This function has been
subsumed by the new gso_type field. This is essentially a set of netdev
feature bits (shifted by 16 bits) that are required to process a specific
skb. As such it's easy to tell whether a given device can process a GSO
skb: you just have to and the gso_type field and the netdev's features
field.I've made gso_type a conjunction. The idea is that you have a base type
(e.g., SKB_GSO_TCPV4) that can be modified further to support new features.
For example, if we add a hardware TSO type that supports ECN, they would
declare NETIF_F_TSO | NETIF_F_TSO_ECN. All TSO packets with CWR set would
have a gso_type of SKB_GSO_TCPV4 | SKB_GSO_TCPV4_ECN while all other TSO
packets would be SKB_GSO_TCPV4. This means that only the CWR packets need
to be emulated in software.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
18 Jun, 2006
1 commit
-
I found a few more spots where pskb_trim_rcsum could be used but were not.
This patch changes them to use it.Also, sk_filter can get paged skb data. Therefore we must use pskb_trim
instead of skb_trim.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
10 Apr, 2006
1 commit
-
The conntrack code doesn't do re-fragmentation of defragmented packets
anymore but relies on fragmentation in the IP layer. Purely bridged
packets don't pass through the IP layer, so the bridge netfilter code
needs to take care of fragmentation itself.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
21 Mar, 2006
6 commits
-
Move nf_bridge_alloc from header file to the one place it is
used and optimize it.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Fix the VLAN macros in bridge netfilter code. Macros should
not depend on magic variables.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Only use__constant_htons() for initializers and switch cases.
For other uses, it is just as efficient and clearer to use htonsSigned-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Run br_netfilter through Lindent to fix whitespace.
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
net/bridge/br_netfilter.c: In function `br_nf_pre_routing':
net/bridge/br_netfilter.c:427: warning: unused variable `vhdr'
net/bridge/br_netfilter.c:445: warning: unused variable `vhdr'Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller -
We're now starting to have quite a number of places that do skb_pull
followed immediately by an skb_postpull_rcsum. We can merge these two
operations into one function with skb_pull_rcsum. This makes sense
since most pull operations on receive skb's need to update the
checksum.I've decided to make this out-of-line since it is fairly big and the
fast path where hardware checksums are enabled need to call
csum_partial anyway.Since this is a brand new function we get to add an extra check on the
len argument. As it is most callers of skb_pull ignore its return
value which essentially means that there is no check on the len
argument.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
24 Feb, 2006
1 commit
-
The bridge-netfilter code attaches a fake dst_entry with dst->ops == NULL
to purely bridged packets. When these packets are SNATed and a policy
lookup is done, xfrm_lookup crashes because it tries to dereference
dst->ops.Change xfrm_lookup not to dereference dst->ops before checking for the
DST_NOXFRM flag and set this flag in the fake dst_entry.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
14 Feb, 2006
1 commit
-
Horms patch was the best of the three fixes. Dave, already applied
Harald's version, so this patch converts that to the better one.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
13 Feb, 2006
1 commit
-
net/bridge/br_netfilter.c: In function `br_nf_post_routing':
net/bridge/br_netfilter.c:808: warning: implicit declaration of function `has_bridge_parent'Signed-off-by: Jesper Juhl
Cc: Harald Welte
Cc: "David S. Miller"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
