15 May, 2013
1 commit
-
Since (69b34fb netfilter: xt_LOG: add net namespace support
for xt_LOG), we hit this:[ 4224.708977] BUG: unable to handle kernel NULL pointer dereference at 0000000000000388
[ 4224.709074] IP: [] ipt_log_packet+0x29/0x270when callling log functions from conntrack both in and out
are NULL i.e. the net pointer is invalid.Adding struct net *net in call to nf_logfn() will secure that
there always is a vaild net ptr.Reported as netfilter's bugzilla bug 818:
https://bugzilla.netfilter.org/show_bug.cgi?id=818Reported-by: Ronald
Signed-off-by: Hans Schillstrom
Signed-off-by: Pablo Neira Ayuso
04 May, 2013
1 commit
-
A bridge should only send topology change notice if it is not
the root bridge. It is possible for message age timer to elect itself
as a new root bridge, and still have a topology change timer running
but waiting for bridge lock on other CPU.Solve the race by checking if we are root bridge before continuing.
This was the root cause of the cases where br_send_tcn_bpdu would OOPS.Reported-by: JerryKang
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
01 May, 2013
1 commit
-
Bridge can crash while trying to send topology change packet.
This happens if root port can't be found. This was reported by user
but currently unable to reproduce it easily. The STP conditions that cause
this are not known yet, but the problem doesn't have to be fatal.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
29 Apr, 2013
1 commit
-
Current bridge fdb update code does not seem to update the port
during fdb update. This patch adds a check for fdb dst (port)
change during fdb update. Also rearranges the call to
fdb_notify to send only one notification for create and update.Changelog:
v2 - Change notify flag to boolSigned-off-by: Roopa Prabhu
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
23 Apr, 2013
1 commit
-
Conflicts:
drivers/net/ethernet/emulex/benet/be_main.c
drivers/net/ethernet/intel/igb/igb_main.c
drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c
include/net/scm.h
net/batman-adv/routing.c
net/ipv4/tcp_input.cThe e{uid,gid} --> {uid,gid} credentials fix conflicted with the
cleanup in net-next to now pass cred structs around.The be2net driver had a bug fix in 'net' that overlapped with the VLAN
interface changes by Patrick McHardy in net-next.An IGB conflict existed because in 'net' the build_skb() support was
reverted, and in 'net-next' there was a comment style fix within that
code.Several batman-adv conflicts were resolved by making sure that all
calls to batadv_is_my_mac() are changed to have a new bat_priv first
argument.Eric Dumazet's TS ECR fix in TCP in 'net' conflicted with the F-RTO
rewrite in 'net-next', mostly overlapping changes.Thanks to Stephen Rothwell and Antonio Quartulli for help with several
of these merge resolutions.Signed-off-by: David S. Miller
20 Apr, 2013
4 commits
-
Add a protocol argument to the VLAN packet tagging functions. In case of HW
tagging, we need that protocol available in the ndo_start_xmit functions,
so it is stored in a new field in the skb. The new field fits into a hole
(on 64 bit) and doesn't increase the sks's size.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Make the encapsulation protocol value a property of VLAN devices and change
the device lookup functions to take the protocol value into account.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Change the rx_{add,kill}_vid callbacks to take a protocol argument in
preparation of 802.1ad support. The protocol argument used so far is
always htons(ETH_P_8021Q).Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Rename the hardware VLAN acceleration features to include "CTAG" to indicate
that they only support CTAGs. Follow up patches will introduce 802.1ad
server provider tagging (STAGs) and require the distinction for hardware not
supporting acclerating both.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
16 Apr, 2013
1 commit
-
Keep a STP port path cost value if it was set by a user.
Don't replace it with the link-speed based path cost
whenever the link goes down and comes back up.Reported-by: Roopa Prabhu
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
08 Apr, 2013
1 commit
-
Pablo Neira Ayuso says:
====================
The following patchset contains Netfilter and IPVS updates for
your net-next tree, most relevantly they are:* Add net namespace support to NFLOG, ULOG and ebt_ulog and NFQUEUE.
The LOG and ebt_log target has been also adapted, but they still
depend on the syslog netnamespace that seems to be missing, from
Gao Feng.* Don't lose indications of congestion in IPv6 fragmentation handling,
from Hannes Frederic Sowa.i* IPVS conversion to use RCU, including some code consolidation patches
and optimizations, also some from Julian Anastasov.* cpu fanout support for NFQUEUE, from Holger Eitzenberger.
* Better error reporting to userspace when dropping packets from
all our _*_[xfrm|route]_me_harder functions, from Patrick McHardy.
====================Signed-off-by: David S. Miller
06 Apr, 2013
3 commits
-
Add pernet support to ebt_ulog by means of the new nf_log_set
function added in (30e0c6a netfilter: nf_log: prepare net
namespace support for loggers).This patch also make ulog_buffers and netlink socket
ebtulognl per netns.Signed-off-by: Gao feng
Signed-off-by: Pablo Neira Ayuso -
Add pernet support to ebt_log by means of the new nf_log_set
function added in (30e0c6a netfilter: nf_log: prepare net
namespace support for loggers).Since syslog ns has yet not been implemented, we don't want
the containers to DDOS host's syslogd. So only enable ebt_log
only from init_net and wait for syslog ns support.Signed-off-by: Gao feng
Signed-off-by: Pablo Neira Ayuso -
This patch adds netns support to nf_log and it prepares netns
support for existing loggers. It is composed of four major
changes.1) nf_log_register has been split to two functions: nf_log_register
and nf_log_set. The new nf_log_register is used to globally
register the nf_logger and nf_log_set is used for enabling
pernet support from nf_loggers.Per netns is not yet complete after this patch, it comes in
separate follow up patches.2) Add net as a parameter of nf_log_bind_pf. Per netns is not
yet complete after this patch, it only allows to bind the
nf_logger to the protocol family from init_net and it skips
other cases.3) Adapt all nf_log_packet callers to pass netns as parameter.
After this patch, this function only works for init_net.4) Make the sysctl net/netfilter/nf_log pernet.
Signed-off-by: Gao feng
Signed-off-by: Pablo Neira Ayuso
03 Apr, 2013
1 commit
-
commit 00cfec37484761 (net: add a synchronize_net() in
netdev_rx_handler_unregister())
allows us to remove the synchronized_net() call from del_nbp()Signed-off-by: Eric Dumazet
Cc: Veaceslav Falico
Cc: Stephen Hemminger
Acked-by: Veaceslav Falico
Signed-off-by: David S. Miller
29 Mar, 2013
2 commits
-
Signed-off-by: Hong Zhiguo
Acked-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Signed-off-by: Hong Zhiguo
Signed-off-by: David S. Miller
28 Mar, 2013
2 commits
-
Add a new constant ETH_P_802_3_MIN, the minimum ethernet type for
an 802.3 frame. Frames with a lower value in the ethernet type field
are Ethernet II.Also update all the users of this value that David Miller and
I could find to use the new constant.Also correct a bug in util.c. The comparison with ETH_P_802_3_MIN
should be >= not >.As suggested by Jesse Gross.
Compile tested only.
Cc: David Miller
Cc: Jesse Gross
Cc: Karsten Keil
Cc: John W. Linville
Cc: Johannes Berg
Cc: Bart De Schuymer
Cc: Stephen Hemminger
Cc: Patrick McHardy
Cc: Marcel Holtmann
Cc: Gustavo Padovan
Cc: Johan Hedberg
Cc: linux-bluetooth@vger.kernel.org
Cc: netfilter-devel@vger.kernel.org
Cc: bridge@lists.linux-foundation.org
Cc: linux-wireless@vger.kernel.org
Cc: linux1394-devel@lists.sourceforge.net
Cc: linux-media@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: dev@openvswitch.org
Acked-by: Mauro Carvalho Chehab
Acked-by: Stefan Richter
Signed-off-by: Simon Horman
Signed-off-by: David S. Miller -
Conflicts:
include/net/ipip.hThe changes made to ipip.h in 'net' were already included
in 'net-next' before that header was moved to another location.Signed-off-by: David S. Miller
26 Mar, 2013
1 commit
-
Pablo Neira Ayuso says:
====================
The following patchset contains Netfilter/IPVS updates for
your net-next tree, they are:* Better performance in nfnetlink_queue by avoiding copy from the
packet to netlink message, from Eric Dumazet.* Remove unnecessary locking in the exit path of ebt_ulog, from Gao Feng.
* Use new function ipv6_iface_scope_id in nf_ct_ipv6, from Hannes Frederic Sowa.
* A couple of sparse fixes for IPVS, from Julian Anastasov.
* Use xor hashing in nfnetlink_queue, as suggested by Eric Dumazet, from
myself.* Allow to dump expectations per master conntrack via ctnetlink, from myself.
* A couple of cleanups to use PTR_RET in module init path, from Silviu-Mihai
Popescu.* Remove nf_conntrack module a bit faster if netns are in use, from
Vladimir Davydov.* Use checksum_partial in ip6t_NPT, from YOSHIFUJI Hideaki.
* Sparse fix for nf_conntrack, from Stephen Hemminger.
====================Signed-off-by: David S. Miller
25 Mar, 2013
2 commits
-
When I tried to set mac address of a bridge interface to a mac
address which already learned on this bridge, I got system hang.The cause is straight forward: function br_fdb_change_mac_address
calls fdb_insert with NULL source nbp. Then an fdb lookup is
performed. If an fdb entry is found and it's local, it's OK. But
if it's not local, source is dereferenced for printk without NULL
check.Signed-off-by: Hong Zhiguo
Signed-off-by: David S. Miller -
When neither IFF_BRIDGE nor IFF_BRIDGE_PORT is set,
and afspec == NULL but protinfo != NULL, we run into
"if (err == 0) br_ifinfo_notify(RTM_NEWLINK, p);" with
random value in ret.Thanks to Sergei for pointing out the error in commit comments.
Signed-off-by: Hong Zhiguo
Signed-off-by: David S. Miller
22 Mar, 2013
1 commit
-
With decnet converted, we can finally get rid of rta_buf and its
computations around it. It also gets rid of the minimal header
length verification since all message handlers do that explicitly
anyway.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller
21 Mar, 2013
1 commit
-
Pull in the 'net' tree to get Daniel Borkmann's flow dissector
infrastructure change.Signed-off-by: David S. Miller
18 Mar, 2013
1 commit
-
Most of the support was already there. The only thing that was missing
was the call to set the flag. Add this call.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller
15 Mar, 2013
2 commits
-
No need for spinlock to protect the netlink skb in the
ebt_ulog_fini path. We are sure there is noone using it
at that stage.Signed-off-by: Gao feng
Signed-off-by: Pablo Neira Ayuso -
This uses PTR_RET instead of IS_ERR and PTR_ERR in order to increase
readability.Signed-off-by: Silviu-Mihai Popescu
Signed-off-by: Pablo Neira Ayuso
12 Mar, 2013
4 commits
-
Using for_each_set_bit() to simplify the code.
Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller -
Using for_each_set_bit_from() to simplify the code.
Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller -
Conflicts:
drivers/net/ethernet/intel/e1000e/netdev.cMinor conflict in e1000e, a line that got fixed in 'net'
has been removed in 'net-next'.Signed-off-by: David S. Miller
-
The bridge multicast fast leave feature was added sufficient space
was not reserved in the netlink message. This means the flag may be
lost in netlink events and results of queries.Found by observation while looking up some netlink stuff for discussion with Vlad.
Problem introduced by commit c2d3babfafbb9f6629cfb47139758e59a5eb0d80
Author: David S. Miller
Date: Wed Dec 5 16:24:45 2012 -0500bridge: implement multicast fast leave
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
10 Mar, 2013
1 commit
-
The bridging code discloses heap and stack bytes via the RTM_GETMDB
netlink interface and via the notify messages send to group RTNLGRP_MDB
afer a successful add/del.Fix both cases by initializing all unset members/padding bytes with
memset(0).Cc: Stephen Hemminger
Signed-off-by: Mathias Krause
Signed-off-by: David S. Miller
08 Mar, 2013
2 commits
-
Obviously, vid should be considered when searching for multicast
group.Cc: Vlad Yasevich
Cc: Stephen Hemminger
Cc: "David S. Miller"
Signed-off-by: Cong Wang
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller -
Cc: Stephen Hemminger
Cc: "David S. Miller"
Signed-off-by: Cong Wang
Signed-off-by: David S. Miller
28 Feb, 2013
1 commit
-
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;type T;
expression a,c,d,e;
identifier b;
statement S;
@@-T b;
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin
Acked-by: Paul E. McKenney
Signed-off-by: Sasha Levin
Cc: Wu Fengguang
Cc: Marcelo Tosatti
Cc: Gleb Natapov
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
15 Feb, 2013
1 commit
-
They are only used within this file.
Cc: Vlad Yasevich
Cc: Stephen Hemminger
Cc: David S. Miller
Signed-off-by: Cong Wang
Signed-off-by: David S. Miller
14 Feb, 2013
4 commits
-
Add an ability to configure a separate "untagged" egress
policy to the VLAN information of the bridge. This superseeds PVID
policy and makes PVID ingress-only. The policy is configured with a
new flag and is represented as a port bitmap per vlan. Egress frames
with a VLAN id in "untagged" policy bitmap would egress
the port without VLAN header.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
When VLAN is added to the port, a local fdb entry for that port
(the entry with the mac address of the port) is added for that
VLAN. This way we can correctly determine if the traffic
is for the bridge itself. If the address of the port changes,
we try to change all the local fdb entries we have for that port.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
When a user adds bridge neighbors, allow him to specify VLAN id.
If the VLAN id is not specified, the neighbor will be added
for VLANs currently in the ports filter list. If no VLANs are
configured on the port, we use vlan 0 and only add 1 entry.Signed-off-by: Vlad Yasevich
Acked-by: Jitendra Kalsaria
Signed-off-by: David S. Miller -
Add vlan_id to multicasts groups so that we know which vlan
each group belongs to and can correctly forward to appropriate vlan.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller