20 Feb, 2010
3 commits
-
To see the effect make sure you have an empty SAD.
On window1 "ip xfrm mon" and on window2 issue "ip xfrm state flush"
You get prompt back in window2 and you see the flush event on window1.
With this fix, you still get prompt on window1 but no event on window2.Thanks to Alexey Dobriyan for finding a bug in earlier version
when using pfkey to do the flushing.Signed-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller -
RFC 2367 says flushing behavior should be:
1) user space -> kernel: flush
2) kernel: flush
3) kernel -> user space: flush event to ALL listenersThis is not realistic today in the presence of selinux policies
which may reject the flush etc. So we make the sequence become:
1) user space -> kernel: flush
2) kernel: flush
3) kernel -> user space: flush response to originater from #1
4) if there were no errors then:
kernel -> user space: flush event to ALL listenersSigned-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller
19 Feb, 2010
29 commits
-
commit 3bc38712e3a6e059 (handle NF_STOP and unknown verdicts in
nf_reinject) was a partial fix to packet leaks.If user asks NF_STOLEN status, we must free the skb as well.
Reported-by: Afi Gjermund
Signed-off-by: Eric DUmazet
Signed-off-by: Patrick McHardy -
This patch fixes a bug that triggers an assertion if you create
a conntrack entry with a helper and netfilter debugging is enabled.
Basically, we hit the assertion because the confirmation flag is
set before the conntrack extensions are added. To fix this, we
move the extension addition before the aforementioned flag is
set.This patch also removes the possibility of setting a helper for
existing conntracks. This operation would also trigger the
assertion since we are not allowed to add new extensions for
existing conntracks. We know noone that could benefit from
this operation sanely.Thanks to Eric Dumazet for initial posting a preliminary patch
to address this issue.Reported-by: David Ramblewski
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Eric Dumazet
Signed-off-by: Patrick McHardy -
Reported by Stephen Rothwell.
Signed-off-by: David S. Miller
-
Commit 2249065 ("netfilter: get rid of the grossness in netfilter.h")
inverted the logic for conditional hook invocation, breaking the
POST_ROUTING hook invoked by ip_output().Correct the logic and remove an unnecessary initialization.
Reported-by: Stephen Hemminger
Signed-off-by: Patrick McHardy -
Add #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
Remove #define PFX
Use pr_
Use netdev_
Use netif_ and netif_msg_
Remove local #define net_ macros
Remove periods from formatsSigned-off-by: Joe Perches
Signed-off-by: David S. Miller -
Add #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
Remove #define PFX
Use pr_
Use netdev_
Remove periods from most formats
Coalesce long formats
Use printk_onceSigned-off-by: Joe Perches
Signed-off-by: David S. Miller -
Due to lack of time, space, motivation, hardware and probably expertise,
I have reluctantly decided to orphan the DECnet code in the kernel.Judging by the deafening silence on the linux-decnet mailing list I
suspect it's either not being used anyway, or the few people that are
using it are happy with their older kernels.Signed-Off-By: Christine Caulfield
Signed-off-by: David S. Miller
-
be2net: free tx buffers when completions never arrive
In cases like when a pci device is disconnected on an error,
pending tx completions will never arrive. Unmap and free such
buffers in the tx cleanup path.Signed-off-by: Sathya Perla
Signed-off-by: David S. Miller -
XFRMINHDRERROR counter is ambigous when validating forwarding
path. It makes it tricky to debug when you have both in and fwd
validation.Signed-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller -
This patch enables fast retransmissions after one dupACK for
TCP if the stream is identified as thin. This will reduce
latencies for thin streams that are not able to trigger fast
retransmissions due to high packet interarrival time. This
mechanism is only active if enabled by iocontrol or syscontrol
and the stream is identified as thin.Signed-off-by: Andreas Petlund
Signed-off-by: David S. Miller -
This patch will make TCP use only linear timeouts if the
stream is thin. This will help to avoid the very high latencies
that thin stream suffer because of exponential backoff. This
mechanism is only active if enabled by iocontrol or syscontrol
and the stream is identified as thin. A maximum of 6 linear
timeouts is tried before exponential backoff is resumed.Signed-off-by: Andreas Petlund
Signed-off-by: David S. Miller -
Inline function to dynamically detect thin streams based on
the number of packets in flight. Used to dynamically trigger
thin-stream mechanisms if enabled by ioctl or sysctl.Signed-off-by: Andreas Petlund
Signed-off-by: David S. Miller -
Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller -
removed needless checks in arlan-main.c and slicoss.c
fixed bug in et131x_netdev.c to actually fill addresses in.Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller -
also removed needless checks in smsc95xx
Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller -
also bug in de2104x.c was corrected:
for (i = 0; i < 32; i++) loop should be outside mc_list iteration.Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller -
Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller -
also removed unnecessary checks
Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller -
Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller -
Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller -
Make remaining netlink policies as const.
Fixup coding style where needed.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Dunno, what was the idea, it wasn't used for a long time.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
ICMP6 MIB statistics was per-netns for quite a time.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
The lock used in unix_state_lock() is a spin_lock not reader-writer.
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Added flags field to macvtap_queue to enable/disable processing of
virtio_net_hdr via IFF_VNET_HDR. This flag is checked to prepend virtio_net_hdr
in the receive path and process/skip virtio_net_hdr in the send path.Original patch by Sridhar, further changes by Arnd.
Signed-off-by: Sridhar Samudrala
Signed-off-by: Arnd Bergmann
Signed-off-by: David S. Miller -
This adds support for passing a macvtap file descriptor into
vhost-net, much like we already do for tun/tap.Most of the new code is taken from the respective patch
in the tun driver and may get consolidated in the future.Signed-off-by: Arnd Bergmann
Acked-by: Sridhar Samudrala
Signed-off-by: David S. Miller -
This reworks the change done by the previous patch
in a more complete way.The original macvtap code has a number of problems
resulting from the use of RCU for protecting the
access to struct macvtap_queue from open files.This includes
- need for GFP_ATOMIC allocations for skbs
- potential deadlocks when copy_*_user sleeps
- inability to work with vhost-netChanging the lifetime of macvtap_queue to always
depend on the open file solves all these. The
RCU reference simply moves one step down to
the reference on the macvlan_dev, which we
only need for nonblocking operations.Signed-off-by: Arnd Bergmann
Acked-by: Sridhar Samudrala
Signed-off-by: David S. Miller -
As reported by Randy Dunlap , compilation
of nf_defrag_ipv4 fails with:include/net/netfilter/nf_conntrack.h:94: error: field 'ct_general' has incomplete type
include/net/netfilter/nf_conntrack.h:178: error: 'const struct sk_buff' has no member named 'nfct'
include/net/netfilter/nf_conntrack.h:185: error: implicit declaration of function 'nf_conntrack_put'
include/net/netfilter/nf_conntrack.h:294: error: 'const struct sk_buff' has no member named 'nfct'
net/ipv4/netfilter/nf_defrag_ipv4.c:45: error: 'struct sk_buff' has no member named 'nfct'
net/ipv4/netfilter/nf_defrag_ipv4.c:46: error: 'struct sk_buff' has no member named 'nfct'net/nf_conntrack.h must not be included with NF_CONNTRACK=n, add a
few #ifdefs. Long term the header file should be fixed to be usable
even with NF_CONNTRACK=n.Tested-by: Randy Dunlap
Signed-off-by: Patrick McHardy
18 Feb, 2010
8 commits
-
Enhance IPVS to load balance SCTP transport protocol packets. This is done
based on the SCTP rfc 4960. All possible control chunks have been taken
care. The state machine used in this code looks some what lengthy. I tried
to make the state machine easy to understand.Signed-off-by: Venkata Mohan Reddy Koppula
Signed-off-by: Simon Horman
Signed-off-by: Patrick McHardy -
Only used for writing, so convert to spinlock
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Commit 865a21a5e3d1b384c559a44c898fcad93e187b82 overwrote
commit a3aa18842a5303fc28fcc4d57dbd16618bd830a0Fix it.
Signed-off-by: Joe Perches
Signed-off-by: David S. Miller -
Add #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
Remove #define PFX
Use pr_
Use netdev_
Convert formats like %8.8 to %08
Remove periods from formats
Coalesce long formatsSigned-off-by: Joe Perches
Signed-off-by: David S. Miller -
Add #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
Remove #define PFX
Use pr_
Use netdev_Signed-off-by: Joe Perches
Signed-off-by: David S. Miller -
Add #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
Remove #define PFX
Use pr_
Use netdev_
Checkpatch cleaningSigned-off-by: Joe Perches
Signed-off-by: David S. Miller -
Add #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
Remove #define PFX
Use pr_
Use netdev_Signed-off-by: Joe Perches
Signed-off-by: David S. Miller