10 Sep, 2008
1 commit
-
This fixes kernel bugzilla 11469: "TUN with 1024 neighbours:
ip6_dst_lookup_tail NULL crash"dst->neighbour is not necessarily hooked up at this point
in the processing path, so blindly dereferencing it is
the wrong thing to do. This NULL check exists in other
similar paths and this case was just an oversight.Also fix the completely wrong and confusing indentation
here while we're at it.Based upon a patch by Evgeniy Polyakov.
Signed-off-by: Neil Horman
Signed-off-by: David S. Miller
15 Aug, 2008
1 commit
-
ipv6_dev_get_saddr() blindly de-references dst_dev to get the network
namespace, but some callers might pass NULL. Change callers to pass a
namespace pointer instead.Signed-off-by: Brian Haley
Signed-off-by: David S. Miller
04 Aug, 2008
1 commit
-
The old code will drop IPv6 packet if ipfragok is not set, since
ipfragok is obsoleted, will be instead by used skb->local_df, so this
check must be changed to skb->local_df.This patch fix this problem and not drop packet if skb->local_df is
set to true.Signed-off-by: Wei Yongjun
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
01 Aug, 2008
1 commit
-
SCTP used ip6_xmit() to send fragments after received ICMP packet too
big message. But while send packet used ip6_xmit, the skb->local_df is
not initialized. So when skb if enter ip6_fragment(), the following
code will discard the skb.ip6_fragment(...)
{
if (!skb->local_df) {
...
return -EMSGSIZE;
}
...
}SCTP do the following step:
1. send packet ip6_xmit(skb, ipfragok=0)
2. received ICMP packet too big message
3. if PMTUD_ENABLE: ip6_xmit(skb, ipfragok=1)This patch fixed the problem by set local_df if ipfragok is true.
Signed-off-by: Wei Yongjun
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
26 Jul, 2008
1 commit
-
Removes legacy reinvent-the-wheel type thing. The generic
machinery integrates much better to automated debugging aids
such as kerneloops.org (and others), and is unambiguous due to
better naming. Non-intuively BUG_TRAP() is actually equal to
WARN_ON() rather than BUG_ON() though some might actually be
promoted to BUG_ON() but I left that to future.I could make at least one BUILD_BUG_ON conversion.
Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller
20 Jul, 2008
1 commit
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
03 Jul, 2008
2 commits
-
Signed-off-by: YOSHIFUJI Hideaki
-
RFC4291 2.5.2.
Signed-off-by: YOSHIFUJI Hideaki
20 Jun, 2008
1 commit
-
Add skb_warn_if_lro() to test whether an skb was received with LRO and
warn if so.Change br_forward(), ip_forward() and ip6_forward() to call it) and
discard the skb if it returns true.Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller
12 Jun, 2008
1 commit
-
This patch removes CVS keywords that weren't updated for a long time
from comments.Signed-off-by: Adrian Bunk
Signed-off-by: David S. Miller
13 May, 2008
1 commit
-
This patch adds needed_headroom/needed_tailroom members to struct
net_device and updates many places that allocate sbks to use them. Not
all of them can be converted though, and I'm sure I missed some (I
mostly grepped for LL_RESERVED_SPACE)Signed-off-by: Johannes Berg
Signed-off-by: David S. Miller
12 Apr, 2008
1 commit
-
- net/ipv6/addrconf.c:
ipv6_get_ifaddr(), ipv6_dev_get_saddr()
- net/ipv6/mcast.c:
ipv6_sock_mc_join(), ipv6_sock_mc_drop(),
inet6_mc_check(),
ipv6_dev_mc_inc(), __ipv6_dev_mc_dec(), ipv6_dev_mc_dec(),
ipv6_chk_mcast_addr()
- net/ipv6/route.c:
rt6_lookup(), icmp6_dst_alloc()
- net/ipv6/ip6_output.c:
ip6_nd_hdr()
- net/ipv6/ndisc.c:
ndisc_send_ns(), ndisc_send_rs(), ndisc_send_redirect(),
ndisc_get_neigh(), __ndisc_send()Signed-off-by: YOSHIFUJI Hideaki
05 Apr, 2008
1 commit
-
Based on ancient patch by Mickael Hoerdt
, which is available at
.Signed-off-by: YOSHIFUJI Hideaki
26 Mar, 2008
2 commits
-
Introduce per-sock inlines: sock_net(), sock_net_set()
and per-inet_timewait_sock inlines: twsk_net(), twsk_net_set().
Without CONFIG_NET_NS, no namespace other than &init_net exists.
Let's explicitly define them to help compiler optimizations.Signed-off-by: YOSHIFUJI Hideaki
-
Introduce per-net_device inlines: dev_net(), dev_net_set().
Without CONFIG_NET_NS, no namespace other than &init_net exists.
Let's explicitly define them to help compiler optimizations.Signed-off-by: YOSHIFUJI Hideaki
25 Mar, 2008
3 commits
-
Signed-off-by: YOSHIFUJI Hideaki
-
Last part of hop-limit determination is always:
hoplimit = dst_metric(dst, RTAX_HOPLIMIT);
if (hoplimit < 0)
hoplimit = ipv6_get_hoplimit(dst->dev).Let's consolidate it as ip6_dst_hoplimit(dst).
Signed-off-by: YOSHIFUJI Hideaki
-
Signed-off-by: YOSHIFUJI Hideaki
08 Mar, 2008
1 commit
-
This patch adds some missing namespace
Signed-off-by: Daniel Lezcano
Signed-off-by: David S. Miller
06 Mar, 2008
2 commits
-
The ip6_dst_lookup receive a socket as parameter. In some part of the code
it is called with a NULL socket parameter. We want to rely on the socket
to retrieve the network namespace, so we always pass a valid socket in all
cases.Signed-off-by: Daniel Lezcano
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller -
Add an netns parameter to ip6_route_output. That will allow to access
to the right routing table for outgoing traffic.Signed-off-by: Daniel Lezcano
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller
04 Mar, 2008
1 commit
-
Since most users of ipv6_get_saddr() pass non-NULL as
dst argument, use ipv6_dev_get_saddr() directly.Signed-off-by: YOSHIFUJI Hideaki
29 Feb, 2008
1 commit
-
This patch removes the no longer used
EXPORT_SYMBOL_GPL(ip6_find_1stfragopt).Signed-off-by: Adrian Bunk
Signed-off-by: David S. Miller
15 Feb, 2008
1 commit
-
I managed to reverse the local_df test when forward-porting this
patch so it actually makes things worse by never fragmenting at
all.Thanks to David Stevens for testing and reporting this bug.
Bill Fink pointed out that the local_df setting is also the wrong
way around.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
13 Feb, 2008
1 commit
-
This is a long-standing bug in the IPsec IPv6 code that breaks
when we emit a IPsec tunnel-mode datagram packet. The problem
is that the code the emits the packet assumes the IPv6 stack
will fragment it later, but the IPv6 stack assumes that whoever
is emitting the packet is going to pre-fragment the packet.In the long term we need to fix both sides, e.g., to get the
datagram code to pre-fragment as well as to get the IPv6 stack
to fragment locally generated tunnel-mode packet.For now this patch does the second part which should make it
work for the IPsec host case.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
01 Feb, 2008
2 commits
-
A userspace program may wish to set the mark for each packets its send
without using the netfilter MARK target. Changing the mark can be used
for mark based routing without netfilter or for packet filtering.It requires CAP_NET_ADMIN capability.
Signed-off-by: Laszlo Attila Toth
Acked-by: Patrick McHardy
Signed-off-by: David S. Miller -
When ip_fragment has to hit the slow path the value of skb->truesize
may go out of sync because we would have updated it without changing
the packet length. This violates the constraints on truesize.This patch postpones the update of skb->truesize to prevent this.
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
29 Jan, 2008
7 commits
-
The inet6_addr_lst is browsed taking into account the network
namespace specified as parameter. If an address does not belong
to the specified namespace, it is ignored.Signed-off-by: Daniel Lezcano
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller -
I'm actually surprised at how much was involved. At first glance it
appears that the neighbour table data structures are already split by
network device so all that should be needed is to modify the user
interface commands to filter the set of neighbours by the network
namespace of their devices.However a couple things turned up while I was reading through the
code. The proxy neighbour table allows entries with no network
device, and the neighbour parms are per network device (except for the
defaults) so they now need a per network namespace default.So I updated the two structures (which surprised me) with their very
own network namespace parameter. Updated the relevant lookup and
destroy routines with a network namespace parameter and modified the
code that interacts with users to filter out neighbour table entries
for devices of other namespaces.I'm a little concerned that we can modify and display the global table
configuration and from all network namespaces. But this appears good
enough for now.I keep thinking modifying the neighbour table to have per network
namespace instances of each table type would should be cleaner. The
hash table is already dynamically sized so there are it is not a
limiter. The default parameter would be straight forward to take care
of. However when I look at the how the network table is built and
used I still find some assumptions that there is only a single
neighbour table for each type of table in the kernel. The netlink
operations, neigh_seq_start, the non-core network users that call
neigh_lookup. So while it might be doable it would require more
refactoring than my current approach of just doing a little extra
filtering in the code.Signed-off-by: Eric W. Biederman
Signed-off-by: Daniel Lezcano
Signed-off-by: David S. Miller -
IPv6 specific thing is wrongly removed from transformation at net-2.6.25.
This patch recovers it with current design.o Update "path" of xfrm_dst since IPv6 transformation should
care about routing changes. It is required by MIPv6 and
off-link destined IPsec.
o Rename nfheader_len which is for non-fragment transformation used by
MIPv6 to rt6i_nfheader_len as IPv6 name space.Signed-off-by: Masahide NAKAMURA
Acked-by: Herbert Xu
Signed-off-by: David S. Miller -
The IPv4 and IPv6 hook values are identical, yet some code tries to figure
out the "correct" value by looking at the address family. Introduce NF_INET_*
values for both IPv4 and IPv6. The old values are kept in a #ifndef __KERNEL__
section for userspace compatibility.Signed-off-by: Patrick McHardy
Acked-by: Herbert Xu
Signed-off-by: David S. Miller -
Most callers of the LOCAL_OUT chain will set the IP packet length
before doing so. They also share the same output function dst_output.This patch creates a new function called ip6_local_out which does all
of that and converts the appropriate users over to it.Apart from removing duplicate code, it will also help in merging the
IPsec output path.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
The dst member nfheader_len is only used by IPv6. It's also currently
creating a rather ugly alignment hole in struct dst. Therefore this patch
moves it from there into struct rt6_info.It also reorders the fields in rt6_info to minimize holes.
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
We only need to set nfheader_len in the top xfrm dst. This is because
we only ever read the nfheader_len from the top xfrm dst.It is also easier to count nfheader_len as part of header_len which
then lets us remove the ugly wrapper functions for incrementing and
decrementing header lengths in xfrm6_policy.c.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
23 Jan, 2008
1 commit
-
As it is ip_append_data only counts page fragments to the skb that
allocated it. As such it means that the first skb gets hit with a
4K charge even though it might have only used a fraction of it while
all subsequent skb's that use the same page gets away with no charge
at all.This bug was exposed by the UDP accounting patch.
[ The wmem_alloc bumping needs to be moved with the truesize,
noticed by Takahiro Yasui. -DaveM ]Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
07 Dec, 2007
1 commit
-
IPv6 stack doesn't increment OutNoRoutes counter when IP datagrams
is being discarded because no route could be found to transmit them
to their destination. IPv6 stack should increment the counter.
Incidentally, IPv4 stack increments that counter in such situation.Signed-off-by: Mitsuru Chinen
Signed-off-by: David S. Miller
07 Nov, 2007
1 commit
-
The ip6_push_pending_frames and ip6_flush_pending_frames do the
same things to flush the sock's cork. Move this into a separate
function and save ~100 bytes from the .textSigned-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller
24 Oct, 2007
1 commit
-
In some places, the result of skb_headroom() is compared to an unsigned
integer, and in others, the result is compared to a signed integer. Make
the comparisons consistent and correct.Signed-off-by: Chuck Lever
Signed-off-by: David S. Miller
16 Oct, 2007
1 commit
-
Uninline netfilter okfns for those cases where gcc can generate tail-calls.
Before:
text data bss dec hex filename
8994153 1016524 524652 10535329 a0c1a1 vmlinuxAfter:
text data bss dec hex filename
8992761 1016524 524652 10533937 a0bc31 vmlinux
-------------------------------------------------------
-1392All cases have been verified to generate tail-calls with and without netfilter.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
11 Oct, 2007
1 commit
-
Background: RFC 4293 deprecates existing individual, named ICMP
type counters to be replaced with the ICMPMsgStatsTable. This table
includes entries for both IPv4 and IPv6, and requires counting of all
ICMP types, whether or not the machine implements the type.These patches "remove" (but not really) the existing counters, and
replace them with the ICMPMsgStats tables for v4 and v6.
It includes the named counters in the /proc places they were, but gets the
values for them from the new tables. It also counts packets generated
from raw socket output (e.g., OutEchoes, MLD queries, RA's from
radvd, etc).Changes:
1) create icmpmsg_statistics mib
2) create icmpv6msg_statistics mib
3) modify existing counters to use these
4) modify /proc/net/snmp to add "IcmpMsg" with all ICMP types
listed by number for easy SNMP parsing
5) modify /proc/net/snmp printing for "Icmp" to get the named data
from new counters.
[new to 2nd revision]
6) support per-interface ICMP stats
7) use common macro for per-device stat macrosSigned-off-by: David L Stevens
Signed-off-by: David S. Miller
