15 Feb, 2007
3 commits
-
It isn't needed anymore, all of the users are gone, and all of the ctl_table
initializers have been converted to use explicit names of the fields they are
initializing.[akpm@osdl.org: NTFS fix]
Signed-off-by: Eric W. Biederman
Acked-by: Stephen Smalley
Cc: James Morris
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The semantic effect of insert_at_head is that it would allow new registered
sysctl entries to override existing sysctl entries of the same name. Which is
pain for caching and the proc interface never implemented.I have done an audit and discovered that none of the current users of
register_sysctl care as (excpet for directories) they do not register
duplicate sysctl entries.So this patch simply removes the support for overriding existing entries in
the sys_sysctl interface since no one uses it or cares and it makes future
enhancments harder.Signed-off-by: Eric W. Biederman
Acked-by: Ralf Baechle
Acked-by: Martin Schwidefsky
Cc: Russell King
Cc: David Howells
Cc: "Luck, Tony"
Cc: Ralf Baechle
Cc: Paul Mackerras
Cc: Martin Schwidefsky
Cc: Andi Kleen
Cc: Jens Axboe
Cc: Corey Minyard
Cc: Neil Brown
Cc: "John W. Linville"
Cc: James Bottomley
Cc: Jan Kara
Cc: Trond Myklebust
Cc: Mark Fasheh
Cc: David Chinner
Cc: "David S. Miller"
Cc: Patrick McHardy
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
After Al Viro (finally) succeeded in removing the sched.h #include in module.h
recently, it makes sense again to remove other superfluous sched.h includes.
There are quite a lot of files which include it but don't actually need
anything defined in there. Presumably these includes were once needed for
macros that used to live in sched.h, but moved to other header files in the
course of cleaning it up.To ease the pain, this time I did not fiddle with any header files and only
removed #includes from .c-files, which tend to cause less trouble.Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha,
arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig,
allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all
configs in arch/arm/configs on arm. I also checked that no new warnings were
introduced by the patch (actually, some warnings are removed that were emitted
by unnecessarily included header files).Signed-off-by: Tim Schmielau
Acked-by: Russell King
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
14 Feb, 2007
2 commits
-
This patch changes xfrm6_tunnel register and deregister
interface to prepare for solving the conflict of device
tunnels with inter address family IPsec tunnel.
There is no device which conflicts with IPv4 over IPv6
IPsec tunnel.Signed-off-by: Kazunori MIYAZAWA
Signed-off-by: David S. Miller -
This patch makes sit use xfrm4_tunnel_register instead of
inet_add_protocol. It solves conflict of sit device with
inter address family IPsec tunnel.Signed-off-by: Kazunori MIYAZAWA
Signed-off-by: David S. Miller
13 Feb, 2007
7 commits
-
Tetsuo Handa told me that connect(2) with TCPv6
socket almost always took a few minutes to return when we did not have any
ports available in the range of net.ipv4.ip_local_port_range.The reason was that we used incorrect seed for calculating index of
hash when we check established sockets in __inet6_check_established().Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
Regarding RFC3775, MH payload proto field should be IPPROTO_NONE. Otherwise
it must be discarded (and the receiver should send ICMP error).We assume filter should drop such piggyback everytime to disallow slipping
through firewall rules, even the final receiver will discard it.Signed-off-by: Masahide NAKAMURA
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Instead of depending on internally needed options and letting users
figure out what is needed, select them when needed:- IP_NF_IPTABLES, IP_NF_ARPTABLES and IP6_NF_IPTABLES select
NETFILTER_XTABLES- NETFILTER_XT_TARGET_CONNMARK, NETFILTER_XT_MATCH_CONNMARK and
IP_NF_TARGET_CLUSTERIP select NF_CONNTRACK_MARK- NETFILTER_XT_MATCH_CONNBYTES selects NF_CT_ACCT
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
NF_CT_STAT_INC assumes rcu_read_lock in nf_hook_slow disables
preemption as well, making it legal to use __get_cpu_var without
disabling preemption manually. The assumption is not correct anymore
with preemptable RCU, additionally we need to protect against softirqs
when not holding nf_conntrack_lock.Add NF_CT_STAT_INC_ATOMIC macro, which disables local softirqs,
and use where necessary.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Replace preempt_{enable,disable} based RCU by proper use of the
RCU API and add missing rcu_read_lock/rcu_read_unlock calls in
all paths not obviously only used within packet process context
(nfnetlink_conntrack).Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
- rename nf_logging to nf_loggers since its an array of registered loggers
- rename nf_log_unregister_logger() to nf_log_unregister() to make it
symetrical to nf_log_register() and convert all usersSigned-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Many struct file_operations in the kernel can be "const". Marking them const
moves these to the .rodata section, which avoids false sharing with potential
dirty data. In addition it'll catch accidental writes at compile time to
these shared resources.Signed-off-by: Arjan van de Ven
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
12 Feb, 2007
2 commits
-
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (45 commits)
[IPV4]: Restore multipath routing after rt_next changes.
[XFRM] IPV6: Fix outbound RO transformation which is broken by IPsec tunnel patch.
[NET]: Reorder fields of struct dst_entry
[DECNET]: Convert decnet route to use the new dst_entry 'next' pointer
[IPV6]: Convert ipv6 route to use the new dst_entry 'next' pointer
[IPV4]: Convert ipv4 route to use the new dst_entry 'next' pointer
[NET]: Introduce union in struct dst_entry to hold 'next' pointer
[DECNET]: fix misannotation of linkinfo_dn
[DECNET]: FRA_{DST,SRC} are le16 for decnet
[UDP]: UDP can use sk_hash to speedup lookups
[NET]: Fix whitespace errors.
[NET] XFRM: Fix whitespace errors.
[NET] X25: Fix whitespace errors.
[NET] WANROUTER: Fix whitespace errors.
[NET] UNIX: Fix whitespace errors.
[NET] TIPC: Fix whitespace errors.
[NET] SUNRPC: Fix whitespace errors.
[NET] SCTP: Fix whitespace errors.
[NET] SCHED: Fix whitespace errors.
[NET] RXRPC: Fix whitespace errors.
... -
Replace appropriate pairs of "kmem_cache_alloc()" + "memset(0)" with the
corresponding "kmem_cache_zalloc()" call.Signed-off-by: Robert P. J. Day
Cc: "Luck, Tony"
Cc: Andi Kleen
Cc: Roland McGrath
Cc: James Bottomley
Cc: Greg KH
Acked-by: Joel Becker
Cc: Steven Whitehouse
Cc: Jan Kara
Cc: Michael Halcrow
Cc: "David S. Miller"
Cc: Stephen Smalley
Cc: James Morris
Cc: Chris Wright
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
11 Feb, 2007
4 commits
-
It seems to miss RO mode path by IPv6 over IPv4 IPsec tunnel patch
when it changed semantics to check the mode from
"xfrm[i]->props.mode != XFRM_MODE_TRANSPORT" to
"xfrm[i]->props.mode == XFRM_MODE_TUNNEL" before changing address.
It also makes two incline functions __xfrm6_bundle_addr_{remote,local}
are used by nobody.This patch fixes it.
Signed-off-by: Masahide NAKAMURA
Signed-off-by: David S. Miller -
This patch removes the next pointer from 'struct rt6_info.u' union,
and renames u.next to u.dst.rt6_next.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
In a prior patch, I introduced a sk_hash field (__sk_common.skc_hash) to let
tcp lookups use one cache line per unmatched entry instead of two.We can also use sk_hash to speedup UDP part as well. We store in sk_hash the
hnum value, and use sk->sk_hash (same cache line than 'next' pointer),
instead of inet->num (different cache line)Note : We still have a false sharing problem for SMP machines, because
sock_hold(sock) dirties the cache line containing the 'next' pointer. Not
counting the udp_hash_lock rwlock. (did someone mentioned RCU ? :) )Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
09 Feb, 2007
16 commits
-
ehash table layout is currently this one :
First half of this table is used by sockets not in TIME_WAIT state
Second half of it is used by sockets in TIME_WAIT state.This is non optimal because of for a given hash or socket, the two chain heads
are located in separate cache lines.
Moreover the locks of the second half are never used.If instead of this halving, we use two list heads in inet_ehash_bucket instead
of only one, we probably can avoid one cache miss, and reduce ram usage,
particularly if sizeof(rwlock_t) is big (various CONFIG_DEBUG_SPINLOCK,
CONFIG_DEBUG_LOCK_ALLOC settings). So we still halves the table but we keep
together related chains to speedup lookups and socket state change.In this patch I did not try to align struct inet_ehash_bucket, but a future
patch could try to make this structure have a convenient size (a power of two
or a multiple of L1_CACHE_SIZE).
I guess rwlock will just vanish as soon as RCU is plugged into ehash :) , so
maybe we dont need to scratch our heads to align the bucket...Note : In case struct inet_ehash_bucket is not a power of two, we could
probably change alloc_large_system_hash() (in case it use __get_free_pages())
to free the unused space. It currently allocates a big zone, but the last
quarter of it could be freed. Again, this should be a temporary 'problem'.Patch tested on ipv4 tcp only, but should be OK for IPV6 and DCCP.
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
Move ip6t_standard/ip6t_error_target/ip6t_error definitions to ip6_tables.h
instead of defining them in each table individually.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This introduces match for Mobility Header (MH) described by Mobile IPv6
specification (RFC3775). User can specify the MH type or its range to be
matched.Signed-off-by: Masahide NAKAMURA
Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Use the x_tables functions directly to make it better visible which
parts are shared between ip_tables and ip6_tables.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Remove unnecessary if() constructs before assignment.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
There was no real useful information from the unregister_netdevice() return
code, the only error occurred in a situation that was a driver bug. So
change it to a void function.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Add checksum default defines for mobility header(MH) which
goes through raw socket. As the result kernel's behavior is
to handle MH checksum as default.This patch also removes verifying inbound MH checksum at
mip6_mh_filter() since it did not consider user specified
checksum offset and was redundant check with raw socket code.Signed-off-by: Masahide NAKAMURA
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
add_grhead() allocates memory with GFP_ATOMIC and in at least two places skb
from it passed to skb_put() without checking.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
This is the patch to support IPv4 over IPv6 IPsec.
Signed-off-by: Miika Komu
Signed-off-by: Diego Beltrami
Signed-off-by: Kazunori Miyazawa
Signed-off-by: David S. Miller -
This is the patch to support IPv6 over IPv4 IPsec
Signed-off-by: Miika Komu
Signed-off-by: Diego Beltrami
Signed-off-by: Kazunori Miyazawa
Signed-off-by: David S. Miller -
This patch exports xfrm_state_afinfo.
Signed-off-by: Miika Komu
Signed-off-by: Diego Beltrami
Signed-off-by: Kazunori Miyazawa
Signed-off-by: David S. Miller -
Do this even for non-blocking sockets. This avoids the silly -EAGAIN
that applications can see now, even for non-blocking sockets in some
cases (f.e. connect()).With help from Venkat Tekkirala.
Signed-off-by: David S. Miller
-
With help from Wei Dong .
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
Currently netlink users BUG when the allocated skb for an event
notification is undersized. While this is certainly a kernel bug,
its not critical and crashing the kernel is too drastic, especially
when considering that these errors have appeared multiple times in
the past and it BUGs even if no listeners are present.This patch replaces BUG by WARN_ON and changes the notification
functions to inform potential listeners of undersized allocations
using a unique error code (EMSGSIZE).Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
31 Jan, 2007
2 commits
-
When I tested IPv6 redirect function about kernel 2.6.19.1, and found
that the kernel can send redirect packets whose target address is global
address, and the target is not the actual endpoint of communication.But the criteria conform to RFC2461, the target address defines as
following:Target Address An IP address that is a better first hop to use for
he ICMP Destination Address. When the target is
the actual endpoint of communication, i.e., the
destination is a neighbor, the Target Address field
MUST contain the same value as the ICMP Destination
Address field. Otherwise the target is a better
first-hop router and the Target Address MUST be the
router's link-local address so that hosts can
uniquely identify routers.According to this definition, when a router redirect to a host, the
target address either the better first-hop router's link-local address
or the same as the ICMP destination address field. But the function of
ndisc_send_redirect() in net/ipv6/ndisc.c, does not check the target
address correctly.There is another definition about receive Redirect message in RFC2461:
8.1. Validation of Redirect Messages
A host MUST silently discard any received Redirect message that does
not satisfy all of the following validity checks:
......
- The ICMP Target Address is either a link-local address (when
redirected to a router) or the same as the ICMP Destination
Address (when redirected to the on-link destination).
......And the receive redirect function of ndisc_redirect_rcv() implemented
this definition, checks the target address correctly.
if (ipv6_addr_equal(dest, target)) {
on_link = 1;
} else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
ND_PRINTK2(KERN_WARNING
"ICMPv6 Redirect: target address is not link-local.\n");
return;
}So, I think the send redirect function must check the target address
also.Signed-off-by: Li Yewang
Acked-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
Signed-off-by: Neil Horman
Signed-off-by: David S. Miller
26 Jan, 2007
1 commit
-
Revert 931731123a103cfb3f70ac4b7abfc71d94ba1f03
We can't elide the skb_set_owner_w() here because things like certain
netfilter targets (such as owner MATCH) need a socket to be set on the
SKB for correct operation.Thanks to Jan Engelhardt and other netfilter list members for
pointing this out.Signed-off-by: David S. Miller
24 Jan, 2007
2 commits
-
I think the return value of rt6_nlmsg_size() should includes the
amount of RTA_METRICS.Signed-off-by: Noriaki TAKAMIYA
Acked-by: Thomas Graf
Signed-off-by: David S. Miller -
Join all-node multicast group after assignment of dev->ip6_ptr
because it must be assigned when ipv6_dev_mc_inc() is called.
This fixes Bug#7817, reported by .Closes: 7817
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
10 Jan, 2007
1 commit
-
A quick patch to change the inet_sock->is_icsk assignment to better fit with
existing kernel coding style.Signed-off-by: Paul Moore
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller
