21 Mar, 2006
19 commits
-
Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller -
The bridge code can use existing LLC output code when building
spanning tree protocol packets.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Bridge's communicate with each other using Spanning Tree Protocol
over a standard multicast address. There are times when testing or
layering bridges over existing topologies or tunnels, when it is
useful to use alternative multicast addresses for STP packets.The 802.1d standard has some unused addresses, that can be used for this.
This patch is restrictive in that it only allows one of the possible
addresses in the standard.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Use LLC for the receive path of Spanning Tree Protocol packets.
This allows link local multicast packets to be received by
other protocols (if they care), and uses the existing LLC
code to get STP packets back into bridge code.The bridge multicast address is also checked, so bridges using
other link local multicast addresses are ignored. This allows
for use of different multicast addresses to define separate STP
domains.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Cleanup the get/set of bridge timer value in the packets.
It is clearer not to bury the conversion in macro.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Optimize the forwarding and transmit paths. Both places are
called with bottom half/no preempt so there is no need to use
spin_lock_bh or rcu_read_lock.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Move nf_bridge_alloc from header file to the one place it is
used and optimize it.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Fix the VLAN macros in bridge netfilter code. Macros should
not depend on magic variables.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Only use__constant_htons() for initializers and switch cases.
For other uses, it is just as efficient and clearer to use htonsSigned-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Run br_netfilter through Lindent to fix whitespace.
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
The netfilter hook that is used to receive frames doesn't need to be a
stub. It is only called in two ways, both of which ignore the return
value.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Use kzalloc versus kmalloc+memset. Also don't need to do
memset() of bridge address since it is in netdev private data
that is already zero'd in alloc_netdev.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Use kcalloc rather than kmalloc + memset.
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Use the now standard setup_timer function.
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
The STP timers run off softirq (kernel timers), so there is no need to
disable bottom half in the spin locks.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
net/bridge/br_netfilter.c: In function `br_nf_pre_routing':
net/bridge/br_netfilter.c:427: warning: unused variable `vhdr'
net/bridge/br_netfilter.c:445: warning: unused variable `vhdr'Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller -
net/bridge/netfilter/ebtables.c:1481: warning: initialization makes pointer from integer without a cast
Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller -
We're now starting to have quite a number of places that do skb_pull
followed immediately by an skb_postpull_rcsum. We can merge these two
operations into one function with skb_pull_rcsum. This makes sense
since most pull operations on receive skb's need to update the
checksum.I've decided to make this out-of-line since it is fairly big and the
fast path where hardware checksums are enabled need to call
csum_partial anyway.Since this is a brand new function we get to add an extra check on the
len argument. As it is most callers of skb_pull ignore its return
value which essentially means that there is no check on the len
argument.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
Semaphore to mutex conversion.
The conversion was generated via scripts, and the result was validated
automatically via a script as well.Signed-off-by: Ingo Molnar
Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller
12 Mar, 2006
1 commit
-
Signed-off-by: Gregor Maier
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
05 Mar, 2006
3 commits
-
The earlier round of kobject/sysfs changes to bridge caused
it not to generate a uevent on removal. Don't think any application
cares (not sure about Xen) but since it generates add uevent
it should generate remove as well.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Initialize the STP timers for a port when it is created,
rather than when it is enabled. This will prevent future race conditions
where timer gets started before port is enabled.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Bridge would crash because of uninitailized timer if STP is used and
device was inserted into a bridge before bridge was up. This got
introduced when the delayed port checking was added. Fix is to not
enable STP on port unless bridge is up.Bugzilla: http://bugzilla.kernel.org/show_bug.cgi?id=6140
Dup: http://bugzilla.kernel.org/show_bug.cgi?id=6156Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
28 Feb, 2006
1 commit
-
The nfnetlink_log infrastructure changes broke compatiblity of the LOG
targets. They currently use whatever log backend was registered first,
which means that if ipt_ULOG was loaded first, no messages will be printed
to the ring buffer anymore.Restore compatiblity by using the old log functions by default and only use
the nf_log backend if the user explicitly said so.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
24 Feb, 2006
1 commit
-
The bridge-netfilter code attaches a fake dst_entry with dst->ops == NULL
to purely bridged packets. When these packets are SNATed and a policy
lookup is done, xfrm_lookup crashes because it tries to dereference
dst->ops.Change xfrm_lookup not to dereference dst->ops before checking for the
DST_NOXFRM flag and set this flag in the fake dst_entry.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
15 Feb, 2006
1 commit
-
Looks like somebody forgot to use the _bh spin_lock variant. We ran into a
deadlock where br->hello_timer expired while br_stp_disable_br() walked
br->port_list.Signed-off-by: Adrian Drzewiecki
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
14 Feb, 2006
1 commit
-
Horms patch was the best of the three fixes. Dave, already applied
Harald's version, so this patch converts that to the better one.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
13 Feb, 2006
1 commit
-
net/bridge/br_netfilter.c: In function `br_nf_post_routing':
net/bridge/br_netfilter.c:808: warning: implicit declaration of function `has_bridge_parent'Signed-off-by: Jesper Juhl
Cc: Harald Welte
Cc: "David S. Miller"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
10 Feb, 2006
3 commits
-
Refactor how the bridge code interacts with kobject system.
It should still use kobjects even if not using sysfs.
Fix the error unwind handling in br_add_if.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Bridge netfilter code needs to handle the case where device is
removed from bridge while packet in process. In these cases the
bridge_parent can become null while processing.This should fix: http://bugzilla.kernel.org/show_bug.cgi?id=5803
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Change Bridge receive path to correctly handle RCU removal of device
from bridge. Also fixes deadlock between carrier_check and del_nbp.
This replaces the previous deleted flag fix.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
05 Feb, 2006
3 commits
-
netfilter's do_replace() can overflow on addition within SMP_ALIGN()
and/or on multiplication by NR_CPUS, resulting in a buffer overflow on
the copy_from_user(). In practice, the overflow on addition is
triggerable on all systems, whereas the multiplication one might require
much physical memory to be present due to the check above. Either is
sufficient to overwrite arbitrary amounts of kernel memory.I really hate adding the same check to all 4 versions of do_replace(),
but the code is duplicate...Found by Solar Designer during security audit of OpenVZ.org
Signed-Off-By: Kirill Korotaev
Signed-Off-By: Solar Designer
Signed-off-by: Patrck McHardy
Signed-off-by: David S. Miller -
The skb allocated is always of size nlbufsize, even if that is smaller than
the size needed for the current packet.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Performance tests showed that ULOG may fail on heavy loaded systems
because of failed order-N allocations (N >= 1).The default value of 4096 is not optimal in the sense that it actually
allocates _two_ contigous physical pages. Reasoning: ULOG uses
alloc_skb(), which adds another ~300 bytes for skb_shared_info.This patch sets the default value to NLMSG_GOODSIZE and adds some
documentation at the top.Signed-off-by: Holger Eitzenberger
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
01 Feb, 2006
1 commit
-
This is a simpler fix for the two races in bridge device removal.
The Xen race of delif and notify is managed now by a new deleted flag.
No need for barriers or other locking because of rtnl mutex.The del_timer_sync()'s are unnecessary, because br_stp_disable_port
delete's the timers, and they will finish running before RCU callback.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
18 Jan, 2006
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
13 Jan, 2006
1 commit
-
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headersBased on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.Signed-off-by: Harald Welte
Signed-off-by: David S. Miller
12 Jan, 2006
3 commits
-
net: Use where capable() is used.
Signed-off-by: Randy Dunlap
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This removes more unneeded casts on the return value for kmalloc(),
sock_kmalloc(), and vmalloc().Signed-off-by: Kris Katterjohn
Acked-by: James Morris
Signed-off-by: David S. Miller -
For compare_ether_addr()
Signed-off-by: David S. Miller
