11 Oct, 2007
12 commits
-
Just switch to the consolidated calls.
ipt_recent() has to initialize the private, so use
the __seq_open_private() helper.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
Fix timeout (one second is 1 * HZ) and convert max packet copy length
to #defined constant.Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Fix memory leak on instance_create() while module is being unloaded.
Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Fix function definition style to match other functions in nfnetlink_log.c.
Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
If queue is filled to its threshold, then flush it right away instead
of waiting for timer or next packet.Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Kill some cut'n'paste effect.
Just after __nfulnl_send() returning, inst->skb is always NULL.Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Also remove unused nfula_min array.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
There is no struct nfattr anymore, rename functions to 'nlattr'.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Get rid of the duplicated rtnetlink macros and use the generic netlink
attribute functions. The old duplicated stuff is moved to a new header
file that exists just for userspace.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Wrap the hard_header_parse function to simplify next step of
header_ops conversion.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Each netlink socket will live in exactly one network namespace,
this includes the controlling kernel sockets.This patch updates all of the existing netlink protocols
to only support the initial network namespace. Request
by clients in other namespaces will get -ECONREFUSED.
As they would if the kernel did not have the support for
that netlink protocol compiled in.As each netlink protocol is updated to be multiple network
namespace safe it can register multiple kernel sockets
to acquire a presence in the rest of the network namespaces.The implementation in af_netlink is a simple filter implementation
at hash table insertion and hash table look up time.Signed-off-by: Eric W. Biederman
Signed-off-by: David S. Miller
21 Sep, 2007
1 commit
-
The following patch fixes the handling of netlink packets containing
multiple messages.As exposed during netfilter workshop, nfnetlink_log was overwritten the
message type of the last message (setting it to MSG_DONE) in a multipart
packet. The consequence was libnfnetlink to ignore the last message in the
packet.The following patch adds a supplementary message (with type MSG_DONE) af
the end of the netlink skb.Signed-off-by: Eric Leblond
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
11 Jul, 2007
1 commit
-
Make all initialized struct seq_operations in net/ const
Signed-off-by: Philippe De Muyter
Signed-off-by: David S. Miller
26 Apr, 2007
13 commits
-
Don't fallback to group 0 if no instance can be found for the given group.
This potentially confuses the listener and is not what the user configured.
Also remove the ring buffer spamming that happens when rules are set up
before the logging daemon is started.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This is gross, have the wrapper function take the lock.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
No other function calls __nfulnl_send() with inst->skb == NULL than
nfulnl_timer().Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
get_*() don't need access to seq_file - iter_state is enough for them.
Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Simple micro-optimization: Don't change any options if the instance is
being destroyed.Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Simple micro-optimization: don't call instance_put() on known NULL pointers.
Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Kill some duplicate code in nfulnl_log_packet().
Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
We don't need local nlbufsiz (skb size) as nfulnl_alloc_skb() takes
the maximum anyway.Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The error pointer argument in netlink message handlers is used
to signal the special case where processing has to be interrupted
because a dump was started but no error happened. Instead it is
simpler and more clear to return -EINTR and have netlink_run_queue()
deal with getting the queue right.nfnetlink passed on this error pointer to its subsystem handlers
but only uses it to signal the start of a netlink dump. Therefore
it can be removed there as well.This patch also cleans up the error handling in the affected
message handlers to be consistent since it had to be touched anyway.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
So that it is also an offset from skb->head, reduces its size from 8 to 4 bytes
on 64bit architectures, allowing us to combine the 4 bytes hole left by the
layer headers conversion, reducing struct sk_buff size to 256 bytes, i.e. 4
64byte cachelines, and since the sk_buff slab cache is SLAB_HWCACHE_ALIGN...
:-)Many calculations that previously required that skb->{transport,network,
mac}_header be first converted to a pointer now can be done directly, being
meaningful as offsets or pointers.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
We currently use a special structure (struct skb_timeval) and plain
'struct timeval' to store packet timestamps in sk_buffs and struct
sock.This has some drawbacks :
- Fixed resolution of micro second.
- Waste of space on 64bit platforms where sizeof(struct timeval)=16I suggest using ktime_t that is a nice abstraction of high resolution
time services, currently capable of nanosecond resolution.As sizeof(ktime_t) is 8 bytes, using ktime_t in 'struct sock' permits
a 8 byte shrink of this structure on 64bit architectures. Some other
structures also benefit from this size reduction (struct ipq in
ipv4/ip_fragment.c, struct frag_queue in ipv6/reassembly.c, ...)Once this ktime infrastructure adopted, we can more easily provide
nanosecond resolution on top of it. (ioctl SIOCGSTAMPNS and/or
SO_TIMESTAMPNS/SCM_TIMESTAMPNS)Note : this patch includes a bug correction in
compat_sock_get_timestamp() where a "err = 0;" was missing (so this
syscall returned -ENOENT instead of 0)Signed-off-by: Eric Dumazet
CC: Stephen Hemminger
CC: John find
Signed-off-by: David S. Miller
08 Mar, 2007
2 commits
-
physoutdev is only set on purely bridged packet, when nfnetlink_log is used
in the OUTPUT/FORWARD/POSTROUTING hooks on packets forwarded from or to a
bridge it crashes when trying to dereference skb->nf_bridge->physoutdev.Reported by Holger Eitzenberger
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Userspace expects a zero-terminated string, so include the trailing
zero in the netlink message.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
06 Mar, 2007
6 commits
-
Fix reference counting (memory leak) problem in __nfulnl_send() and callers
related to packet queueing.Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Count module references correctly: after instance_destroy() there
might be timer pending and holding a reference for this netlink instance.Based on patch by Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Eliminate possible NULL pointer dereference in nfulnl_recv_config().
Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Fix the nasty NULL dereference on multiple packets per netlink message.
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000004
printing eip:
f8a4b3bf
*pde = 00000000
Oops: 0002 [#1]
SMP
Modules linked in: nfnetlink_log ipt_ttl ipt_REDIRECT xt_tcpudp iptable_nat nf_nat nf_conntrack_ipv4 xt_state ipt_ipp2p xt_NFLOG xt_hashlimit ip6_tables iptable_filter xt_multiport xt_mark ipt_set iptable_raw xt_MARK iptable_mangle ip_tables cls_fw cls_u32 sch_esfq sch_htb ip_set_ipmap ip_set ipt_ULOG x_tables dm_snapshot dm_mirror loop e1000 parport_pc parport e100 floppy ide_cd cdrom
CPU: 0
EIP: 0060:[] Not tainted VLI
EFLAGS: 00010206 (2.6.20 #5)
EIP is at __nfulnl_send+0x24/0x51 [nfnetlink_log]
eax: 00000000 ebx: f2b5cbc0 ecx: c03f5f54 edx: c03f4000
esi: f2b5cbc8 edi: c03f5f54 ebp: f8a4b3ec esp: c03f5f30
ds: 007b es: 007b ss: 0068
Process swapper (pid: 0, ti=c03f4000 task=c03bece0 task.ti=c03f4000)
Stack: f2b5cbc0 f8a4b401 00000100 c0444080 c012af49 00000000 f6f19100 f6f19000
c1707800 c03f5f54 c03f5f54 00000123 00000021 c03e8d08 c0426380 00000009
c0126932 00000000 00000046 c03e9980 c03e6000 0047b007 c01269bd 00000000
Call Trace:
[] nfulnl_timer+0x15/0x25 [nfnetlink_log]
[] run_timer_softirq+0x10a/0x164
[] __do_softirq+0x60/0xba
[] do_softirq+0x31/0x35
[] do_IRQ+0x62/0x74
[] common_interrupt+0x23/0x28
[] default_idle+0x0/0x3f
[] default_idle+0x2d/0x3f
[] cpu_idle+0xa0/0xb9
[] start_kernel+0x1a8/0x1ac
[] unknown_bootoption+0x0/0x181
=======================
Code: 5e 5f 5b 5e 5f 5d c3 53 89 c3 8d 40 1c 83 7b 1c 00 74 05 e8 2c ee 6d c7 83 7b 14 00 75 04 31 c0 eb 34 83 7b 10 01 76 09 8b 43 18 c7 40 04 03 00 8b 53 34 8b 43 14 b9 40 00 00 00 e8 08 9a 84
EIP: [] __nfulnl_send+0x24/0x51 [nfnetlink_log] SS:ESP 0068:c03f5f30
Kernel panic - not syncing: Fatal exception in interrupt
Rebooting in 5 seconds..Panic no more!
Signed-off-by: Micha Mirosaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Paranoia: instance_put() might have freed the inst pointer when we
spin_unlock_bh().Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Stop reference leaking in nfulnl_log_packet(). If we start a timer we
are already taking another reference.Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
13 Feb, 2007
3 commits
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
- rename nf_logging to nf_loggers since its an array of registered loggers
- rename nf_log_unregister_logger() to nf_log_unregister() to make it
symetrical to nf_log_register() and convert all usersSigned-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Many struct file_operations in the kernel can be "const". Marking them const
moves these to the .rodata section, which avoids false sharing with potential
dirty data. In addition it'll catch accidental writes at compile time to
these shared resources.Signed-off-by: Arjan van de Ven
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
03 Dec, 2006
2 commits
-
There is no reason for limiting netlink attributes in size.
Signed-off-by: Patrick McHardy
-
nfmark is being used in various subsystems and has become
the defacto mark field for all kinds of packets. Therefore
it makes sense to rename it to `mark' and remove the
dependency on CONFIG_NETFILTER.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller