31 May, 2007
5 commits
-
The function in tcp_probe is printf like, use GCC to check the args.
Sighed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Just a fix to correct the number of printl arguments. Now, srtt is
logging correctly.Signed-off-by: Sangtae Ha
Signed-off-by: David S. Miller -
tcp_out_of_resources() and tcp_close() perform the
same checking of number of orphan sockets. Move this
code into common place.Signed-off-by: Pavel Emelianov
Signed-off-by: David S. Miller -
Signed-off-by: David S. Miller
-
Signed-off-by: Kazunori MIYAZAWA
Signed-off-by: David S. Miller
25 May, 2007
5 commits
-
The current IPSEC rule resolution behavior we have does not work for a
lot of people, even though technically it's an improvement from the
-EAGAIN buisness we had before.Right now we'll block until the key manager resolves the route. That
works for simple cases, but many folks would rather packets get
silently dropped until the key manager resolves the IPSEC rules.We can't tell these folks to "set the socket non-blocking" because
they don't have control over the non-block setting of things like the
sockets used to resolve DNS deep inside of the resolver libraries in
libc.With that in mind I coded up the patch below with some help from
Herbert Xu which provides packet-drop behavior during larval state
resolution, controllable via sysctl and off by default.This lays the framework to either:
1) Make this default at some point or...
2) Move this logic into xfrm{4,6}_policy.c and implement the
ARP-like resolution queue we've all been dreaming of.
The idea would be to queue packets to the policy, then
once the larval state is resolved by the key manager we
re-resolve the route and push the packets out. The
packets would timeout if the rule didn't get resolved
in a certain amount of time.Signed-off-by: David S. Miller
-
They're the same.
Signed-off-by: Jing Min Zhao
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
When the packet size is changed by the FTP NAT helper, the connection
tracking helper adjusts the sequence number of the newline character
by the size difference. This is wrong because NAT sequence number
adjustment happens after helpers are called, so the unadjusted number
is compared to the already adjusted one.Based on report by YU, Haitao
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
When you replace route via ip r r command the netlink multicast message is
not send. This patch corrects it. NL message is sent with NLM_F_REPLACE
flag.Addresses http://bugzilla.kernel.org/show_bug.cgi?id=8320
Signed-off-by: Milan Kocian
Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller -
Use menuconfigs instead of menus, so the whole menu can be disabled at once
instead of going through all options.Signed-off-by: Jan Engelhardt
Acked-by: Simon Horman
Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller
20 May, 2007
4 commits
-
When icmp_send is called on the local output path before the
packet hits ip_output, skb->dev is not set, causing a crash
when sysctl_icmp_errors_use_inbound_ifaddr is set. This can
happen with the netfilter REJECT target or IPsec tunnels.Let routing decide the ICMP source address in that case, since the
packet is locally generated there is no inbound interface and
the sysctl should not apply.The option actually seems to be unfixable broken, on the path
after ip_output() skb->dev points to the outgoing device and
we don't know the incoming device anymore, so its going to do
the absolute wrong thing and pick the address of the outgoing
interface. Add a comment about this.Reported by Curtis Doty .
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The option is named CONFIG_NF_NAT not CONFIG_IP_NF_NAT. Remove the ifdef
completely since helpers also expect defragmented packet even without
NAT.Noticed by Robert P. J. Day
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
State could become inconsistent in two cases:
1) Userspace disabled FRTO by tuning sysctl when one of the TCP
flows was in the middle of FRTO algorithm (and then RTO is
again triggered)2) SACK reneging occurs during FRTO algorithm
A simple solution is just to abort the previous FRTO when such
obscure condition occurs...Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller -
The conservative spurious RTO response did not queue CWR even
though the sending rate was lowered. Whenever reduction happens
regardless of reason, CWR should be sent (forgetting to send it
is not very fatal though).A better approach would be to queue CWR when one of the sending
rate reducing responses (rate-halving one or this conservative
response) is used already at RTO. Doing that would allow CWR to
be sent along with the two new data segments that are sent
during FRTO. However, it's a bit "racy" because userland could
tune the response sysctl to a more aggressive one in between.Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller
18 May, 2007
4 commits
-
Revert: 2d771cd86d4c3af26f34a7bcdc1b87696824cad9
This is dangerous if enabled and a better solution to the
problem is being worked on.Signed-off-by: David S. Miller
-
As mentioned in http://bugzilla.kernel.org/show_bug.cgi?id=5015
The helptext implies that this is on by default.
This may be true on some distros (Fedora/RHEL have it enabled
in /etc/sysctl.conf), but the kernel defaults to it off.Signed-off-by: Dave Jones
Signed-off-by: David S. Miller -
These two congestion control modules share code.
Signed-off-by: David S. Miller
-
Add more comments to describe our version of tcp_slow_start().
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
14 May, 2007
1 commit
-
This displays the statistics specified in the updated IP-MIB RFC
(RFC4293) in /proc/net/netstat. The reason why these are not displayed
in /proc/net/snmp is that some existing utilities are developed under
the assumption which ipstat items in /proc/net/snmp is unchanged.Signed-off-by: Mitsuru Chinen
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
11 May, 2007
5 commits
-
iptables matches and targets expect packets to have at least a full
IP header and a valid header length. Ignore packets sent through
raw sockets for which this isn't true as in the other tables.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
nf_nat_rule_find, alloc_null_binding and alloc_null_binding_confirmed
do not use the argument 'info', which is actually ct->nat.info.
If they are necessary to access it again, we can use the argument 'ct'
instead.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
- move arp_tables initial table structure definitions to arp_tables.h
similar to ip_tables and ip6_tables- use C99 initializers
- use initializer macros where possible
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
__udp_lib_port_inuse() cannot make direct references to
inet_sk(sk)->rcv_saddr as that is ipv4 specific state and
this code is used by ipv6 too.Use an operations vector to solve this, and this also paves
the way for ipv6 support for non-wild saddr hashing in UDP.Signed-off-by: David S. Miller
10 May, 2007
3 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial: (25 commits)
sound: convert "sound" subdirectory to UTF-8
MAINTAINERS: Add cxacru website/mailing list
include files: convert "include" subdirectory to UTF-8
general: convert "kernel" subdirectory to UTF-8
documentation: convert the Documentation directory to UTF-8
Convert the toplevel files CREDITS and MAINTAINERS to UTF-8.
remove broken URLs from net drivers' output
Magic number prefix consistency change to Documentation/magic-number.txt
trivial: s/i_sem /i_mutex/
fix file specification in comments
drivers/base/platform.c: fix small typo in doc
misc doc and kconfig typos
Remove obsolete fat_cvf help text
Fix occurrences of "the the "
Fix minor typoes in kernel/module.c
Kconfig: Remove reference to external mqueue library
Kconfig: A couple of grammatical fixes in arch/i386/Kconfig
Correct comments in genrtc.c to refer to correct /proc file.
Fix more "deprecated" spellos.
Fix "deprecated" typoes.
...Fix trivial comment conflict in kernel/relay.c.
-
flush_work(wq, work) doesn't need the first parameter, we can use cwq->wq
(this was possible from the very beginnig, I missed this). So we can unify
flush_work_keventd and flush_work.Also, rename flush_work() to cancel_work_sync() and fix all callers.
Perhaps this is not the best name, but "flush_work" is really bad.(akpm: this is why the earlier patches bypassed maintainers)
Signed-off-by: Oleg Nesterov
Cc: Jeff Garzik
Cc: "David S. Miller"
Cc: Jens Axboe
Cc: Tejun Heo
Cc: Auke Kok ,
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
net/ipv4/ipvs/ip_vs_core.c
module_exit
ip_vs_cleanup
ip_vs_control_cleanup
cancel_rearming_delayed_work
// doneThis is unsafe. The module may be unloaded and the memory may be freed
while defense_work's handler is still running/preempted.Do flush_work(&defense_work.work) after cancel_rearming_delayed_work().
Alternatively, we could add flush_work() to cancel_rearming_delayed_work(),
but note that we can't change cancel_delayed_work() in the same manner
because it may be called from atomic context.Signed-off-by: Oleg Nesterov
Cc: "David S. Miller"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
09 May, 2007
3 commits
-
Signed-off-by: Michael Opdenacker
Signed-off-by: Adrian Bunk -
Fix several typos in help text in Kconfig* files.
Signed-off-by: David Sterba
Signed-off-by: Adrian Bunk -
Remove includes of where it is not used/needed.
Suggested by Al Viro.Builds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc,
sparc64, and arm (all 59 defconfigs).Signed-off-by: Randy Dunlap
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
04 May, 2007
3 commits
-
When the server drops its connection, NFS client reconnects using the
same socket after disconnecting. If the new connection's SYN,ACK
doesn't contain the TCP timestamp option and the old connection's did,
tp->tcp_header_len is recomputed assuming no timestamp header but
tp->rx_opt.tstamp_ok remains set. Then tcp_build_and_update_options()
adds in a timestamp option past the end of the allocated TCP header,
overwriting TCP data, or when the data is in skb_shinfo(skb)->frags[],
overwriting skb_shinfo(skb) causing a crash soon after. (The issue was
debugged from such a crash.)Similarly, wscale_ok and sack_ok also get set based on the SYN,ACK
packet but not reset on disconnect, since they are zeroed out at
initialization. The patch zeroes out the entire tp->rx_opt struct in
tcp_disconnect() to avoid this sort of problem.Signed-off-by: Srinivas Aji
Signed-off-by: David S. Miller -
Cleanup of dev_base list use, with the aim to simplify making device
list per-namespace. In almost every occasion, use of dev_base variable
and dev->next pointer could be easily replaced by for_each_netdev
loop. A few most complicated places were converted to using
first_netdev()/next_netdev().Signed-off-by: Pavel Emelianov
Acked-by: Kirill Korotaev
Signed-off-by: David S. Miller -
Reuse limited slow-start (RFC3742) included into tcp_cong instead
of having another implementation in High Speed TCP.Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller
03 May, 2007
4 commits
-
I needed to use this recently to talk to a Cisco server. In my case
I only did SNAT while the Cisco server used a different address for
RTP traffic than the one for SIP. I discovered that nf_nat_sip NATed
the RTP address to the SIP one which was unnecessary but OK. However,
in doing so it did not DNAT the destination address on the RTP traffic
to the Cisco back to the original RTP address.This patch corrects this by noting down the RTP address and using it
when the expectation fires.Signed-off-by: Herbert Xu
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
While porting some changes of the 2.6.21-rc7 pptp/proto_gre conntrack
and nat modules to a 2.4.32 kernel I noticed that the gre_key function
returns a wrong pointer to the GRE key of a version 0 packet thus
corrupting the packet payload.The intended behaviour for GREv0 packets is to act like
nf_conntrack_proto_generic/nf_nat_proto_unknown so I have ripped the
offending functions (not used anymore) and modified the
nf_nat_proto_gre modules to not touch version 0 (non PPTP) packets.Signed-off-by: Jorge Boncompte
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Also accept the --random option for DNAT to allow randomly selecting a
destination port from the given range.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Delete the apparently unused header file net/ipv4/tcp_yeah.h.
Signed-off-by: Robert P. J. Day
Signed-off-by: David S. Miller
01 May, 2007
2 commits
-
When allocating local ports, do not allow a bind to a port
with a specific local address when a bind to that port with
a wildcard local address already exists.Noticed by Linus.
Signed-off-by: David S. Miller
-
I accidently applied an earlier version of Eric Dumazet's patch, from
March 21st. His version from March 30th didn't have these bugs, so
this just interdiffs to the correct patch.Signed-off-by: David S. Miller
30 Apr, 2007
1 commit
-
A transmitted IP multicast datagram should be counted as OutMcastPkts.
By the same token, a transmitted IP broadcast datagram should be
counted as OutBcastPkts.Signed-off-by: Mitsuru Chinen
Signed-off-by: David S. Miller