Eric Lee / smarc-fsl-linux-kernel

19 Apr, 2013

1 commit

  • f229f6ce4   netfilter: add my copyright statements ... Browse Code »

    Add copyright statements to all netfilter files which have had significant
    changes done by myself in the past.

    Some notes:

    - nf_conntrack_ecache.c was incorrectly attributed to Rusty and Netfilter
    Core Team when it got split out of nf_conntrack_core.c. The copyrights
    even state a date which lies six years before it was written. It was
    written in 2005 by Harald and myself.

    - net/ipv{4,6}/netfilter.c, net/netfitler/nf_queue.c were missing copyright
    statements. I've added the copyright statement from net/netfilter/core.c,
    where this code originated

    - for nf_conntrack_proto_tcp.c I've also added Jozsef, since I didn't want
    it to give the wrong impression

    Signed-off-by: Patrick McHardy
    Signed-off-by: Pablo Neira Ayuso

    Patrick McHardy
     

19 Feb, 2013

1 commit

  • b20ab9cc6   netfilter: nf_ct_helper: better logging for dropped packets ... Browse Code »

    Connection tracking helpers have to drop packets under exceptional
    situations. Currently, the user gets the following logging message
    in case that happens:

    nf_ct_%s: dropping packet ...

    However, depending on the helper, there are different reasons why a
    packet can be dropped.

    This patch modifies the existing code to provide more specific
    error message in the scope of each helper to help users to debug
    the reason why the packet has been dropped, ie:

    nf_ct_%s: dropping packet: reason ...

    Thanks to Joe Perches for many formatting suggestions.

    Signed-off-by: Pablo Neira Ayuso

    Pablo Neira Ayuso
     

22 Oct, 2012

1 commit

  • bbb5823cf   netfilter: nf_conntrack: fix rt_gateway checks for H.323 helper ... Browse Code »

    After the change "Adjust semantics of rt->rt_gateway"
    (commit f8126f1d51) we should properly match the nexthop when
    destinations are directly connected because rt_gateway can be 0.

    The rt_gateway checks in H.323 helper try to avoid the creation
    of an unnecessary expectation in this call-forwarding case:

    http://people.netfilter.org/zhaojingmin/h323_conntrack_nat_helper/#_Toc133598073

    However, the existing code fails to avoid that in many cases,
    see this thread:

    http://marc.info/?l=linux-netdev&m=135043175028620&w=2

    It seems it is not trivial to know from the kernel if two hosts
    have to go through the firewall to communicate each other, which
    is the main point of the call-forwarding filter code to avoid
    creating unnecessary expectations.

    So this patch just gets things the way they were as before
    commit f8126f1d51.

    Signed-off-by: Julian Anastasov
    Signed-off-by: Pablo Neira Ayuso

    Julian Anastasov
     

30 Aug, 2012

2 commits

17 Jun, 2012

1 commit

  • 82f437b95   Merge branch 'master' of git://1984.lsi.us.es/nf-next ... Browse Code »

    Pablo says:

    ====================
    This is the second batch of Netfilter updates for net-next. It contains the
    kernel changes for the new user-space connection tracking helper
    infrastructure.

    More details on this infrastructure are provides here:
    http://lwn.net/Articles/500196/

    Still, I plan to provide some official documentation through the
    conntrack-tools user manual on how to setup user-space utilities for this.
    So far, it provides two helper in user-space, one for NFSv3 and another for
    Oracle/SQLnet/TNS. Yet in my TODO list.
    ====================

    Signed-off-by: David S. Miller

    David S. Miller
     

16 Jun, 2012

1 commit

  • 1afc56794   netfilter: nf_ct_helper: implement variable length helper private data ... Browse Code »
    43

    This patch uses the new variable length conntrack extensions.

    Instead of using union nf_conntrack_help that contain all the
    helper private data information, we allocate variable length
    area to store the private helper data.

    This patch includes the modification of all existing helpers.
    It also includes a couple of include header to avoid compilation
    warnings.

    Signed-off-by: Pablo Neira Ayuso

    Pablo Neira Ayuso
     

07 Jun, 2012

1 commit

  • d109e9af6   netfilter: nf_ct_h323: fix bug in rtcp natting ... Browse Code »

    The nat_rtp_rtcp hook takes two separate parameters port and rtp_port.

    port is expected to be the real h245 address (found inside the packet).
    rtp_port is the even number closest to port (RTP ports are even and
    RTCP ports are odd).

    However currently, both port and rtp_port are having same value (both are
    rounded to nearest even numbers).

    This works well in case of openlogicalchannel with media (RTP/even) port.

    But in case of openlogicalchannel for media control (RTCP/odd) port,
    h245 address in the packet is wrongly modified to have an even port.

    I am attaching a pcap demonstrating the problem, for any further analysis.

    This behavior was introduced around v2.6.19 while rewriting the helper.

    Signed-off-by: Jagdish Motwani
    Signed-off-by: Sanket Shah
    Signed-off-by: Pablo Neira Ayuso

    Pablo Neira Ayuso
     

17 May, 2012

1 commit

16 May, 2012

1 commit

16 Apr, 2012

1 commit

20 Dec, 2011

1 commit

  • eb9399220   module_param: make bool parameters really bool (net & drivers/net) ... Browse Code »

    module_param(bool) used to counter-intuitively take an int. In
    fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy
    trick.

    It's time to remove the int/unsigned int option. For this version
    it'll simply give a warning, but it'll break next kernel version.

    (Thanks to Joe Perches for suggesting coccinelle for 0/1 -> true/false).

    Cc: "David S. Miller"
    Cc: netdev@vger.kernel.org
    Signed-off-by: Rusty Russell
    Signed-off-by: David S. Miller

    Rusty Russell
     

17 Dec, 2011

1 commit

23 Nov, 2011

1 commit

06 Jun, 2011

1 commit

  • fb0488337   netfilter: add more values to enum ip_conntrack_info ... Browse Code »

    Following error is raised (and other similar ones) :

    net/ipv4/netfilter/nf_nat_standalone.c: In function ‘nf_nat_fn’:
    net/ipv4/netfilter/nf_nat_standalone.c:119:2: warning: case value ‘4’
    not in enumerated type ‘enum ip_conntrack_info’

    gcc barfs on adding two enum values and getting a not enumerated
    result :

    case IP_CT_RELATED+IP_CT_IS_REPLY:

    Add missing enum values

    Signed-off-by: Eric Dumazet
    CC: David Miller
    Signed-off-by: Pablo Neira Ayuso

    Eric Dumazet
     

04 Apr, 2011

2 commits

  • 0fae2e774   netfilter: af_info: add 'strict' parameter to limit lookup to .oif ... Browse Code »

    ipv6 fib lookup can set RT6_LOOKUP_F_IFACE flag to restrict search
    to an interface, but this flag cannot be set via struct flowi.

    Also, it cannot be set via ip6_route_output: this function uses the
    passed sock struct to determine if this flag is required
    (by testing for nonzero sk_bound_dev_if).

    Work around this by passing in an artificial struct sk in case
    'strict' argument is true.

    This is required to replace the rt6_lookup call in xt_addrtype.c with
    nf_afinfo->route().

    Signed-off-by: Florian Westphal
    Acked-by: David S. Miller
    Signed-off-by: Patrick McHardy

    Florian Westphal
     
  • 31ad3dd64   netfilter: af_info: add network namespace parameter to route hook ... Browse Code »

    This is required to eventually replace the rt6_lookup call in
    xt_addrtype.c with nf_afinfo->route().

    Signed-off-by: Florian Westphal
    Acked-by: David S. Miller
    Signed-off-by: Patrick McHardy

    Florian Westphal
     

13 Mar, 2011

1 commit

11 Jun, 2010

1 commit

13 May, 2010

1 commit

02 May, 2010

1 commit

30 Mar, 2010

1 commit

  • 5a0e3ad6a   include cleanup: Update gfp.h and slab.h includes to prepare for breaking implic… ... Browse Code »

    …it slab.h inclusion from percpu.h

    percpu.h is included by sched.h and module.h and thus ends up being
    included when building most .c files. percpu.h includes slab.h which
    in turn includes gfp.h making everything defined by the two files
    universally available and complicating inclusion dependencies.

    percpu.h -> slab.h dependency is about to be removed. Prepare for
    this change by updating users of gfp and slab facilities include those
    headers directly instead of assuming availability. As this conversion
    needs to touch large number of source files, the following script is
    used as the basis of conversion.

    http://userweb.kernel.org/~tj/misc/slabh-sweep.py

    The script does the followings.

    * Scan files for gfp and slab usages and update includes such that
    only the necessary includes are there. ie. if only gfp is used,
    gfp.h, if slab is used, slab.h.

    * When the script inserts a new include, it looks at the include
    blocks and try to put the new include such that its order conforms
    to its surrounding. It's put in the include block which contains
    core kernel includes, in the same order that the rest are ordered -
    alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
    doesn't seem to be any matching order.

    * If the script can't find a place to put a new include (mostly
    because the file doesn't have fitting include block), it prints out
    an error message indicating which .h file needs to be added to the
    file.

    The conversion was done in the following steps.

    1. The initial automatic conversion of all .c files updated slightly
    over 4000 files, deleting around 700 includes and adding ~480 gfp.h
    and ~3000 slab.h inclusions. The script emitted errors for ~400
    files.

    2. Each error was manually checked. Some didn't need the inclusion,
    some needed manual addition while adding it to implementation .h or
    embedding .c file was more appropriate for others. This step added
    inclusions to around 150 files.

    3. The script was run again and the output was compared to the edits
    from #2 to make sure no file was left behind.

    4. Several build tests were done and a couple of problems were fixed.
    e.g. lib/decompress_*.c used malloc/free() wrappers around slab
    APIs requiring slab.h to be added manually.

    5. The script was run on all .h files but without automatically
    editing them as sprinkling gfp.h and slab.h inclusions around .h
    files could easily lead to inclusion dependency hell. Most gfp.h
    inclusion directives were ignored as stuff from gfp.h was usually
    wildly available and often used in preprocessor macros. Each
    slab.h inclusion directive was examined and added manually as
    necessary.

    6. percpu.h was updated not to include slab.h.

    7. Build test were done on the following configurations and failures
    were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
    distributed build env didn't work with gcov compiles) and a few
    more options had to be turned off depending on archs to make things
    build (like ipr on powerpc/64 which failed due to missing writeq).

    * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
    * powerpc and powerpc64 SMP allmodconfig
    * sparc and sparc64 SMP allmodconfig
    * ia64 SMP allmodconfig
    * s390 SMP allmodconfig
    * alpha SMP allmodconfig
    * um on x86_64 SMP allmodconfig

    8. percpu.h modifications were reverted so that it could be applied as
    a separate patch and serve as bisection point.

    Given the fact that I had only a couple of failures from tests on step
    6, I'm fairly confident about the coverage of this conversion patch.
    If there is a breakage, it's likely to be something in one of the arch
    headers which should be easily discoverable easily on most builds of
    the specific arch.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>

    Tejun Heo
     

16 Feb, 2010

1 commit

01 Feb, 2009

1 commit

17 Nov, 2008

1 commit

30 Oct, 2008

1 commit

29 Oct, 2008

1 commit

08 Oct, 2008

3 commits

18 Jun, 2008

2 commits

  • a56b8f815   netfilter: nf_conntrack_h323: fix module unload crash ... Browse Code »

    The H.245 helper is not registered/unregistered, but assigned to
    connections manually from the Q.931 helper. This means on unload
    existing expectations and connections using the helper are not
    cleaned up, leading to the following oops on module unload:

    CPU 0 Unable to handle kernel paging request at virtual address c00a6828, epc == 802224dc, ra == 801d4e7c
    Oops[#1]:
    Cpu 0
    $ 0 : 00000000 00000000 00000004 c00a67f0
    $ 4 : 802a5ad0 81657e00 00000000 00000000
    $ 8 : 00000008 801461c8 00000000 80570050
    $12 : 819b0280 819b04b0 00000006 00000000
    $16 : 802a5a60 80000000 80b46000 80321010
    $20 : 00000000 00000004 802a5ad0 00000001
    $24 : 00000000 802257a8
    $28 : 802a4000 802a59e8 00000004 801d4e7c
    Hi : 0000000b
    Lo : 00506320
    epc : 802224dc ip_conntrack_help+0x38/0x74 Tainted: P
    ra : 801d4e7c nf_iterate+0xbc/0x130
    Status: 1000f403 KERNEL EXL IE
    Cause : 00800008
    BadVA : c00a6828
    PrId : 00019374
    Modules linked in: ip_nat_pptp ip_conntrack_pptp ath_pktlog wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_xauth ath_pci ath_dev ath_dfs ath_rate_atheros wlan ath_hal ip_nat_tftp ip_conntrack_tftp ip_nat_ftp ip_conntrack_ftp pppoe ppp_async ppp_deflate ppp_mppe pppox ppp_generic slhc
    Process swapper (pid: 0, threadinfo=802a4000, task=802a6000)
    Stack : 801e7d98 00000004 802a5a60 80000000 801d4e7c 801d4e7c 802a5ad0 00000004
    00000000 00000000 801e7d98 00000000 00000004 802a5ad0 00000000 00000010
    801e7d98 80b46000 802a5a60 80320000 80000000 801d4f8c 802a5b00 00000002
    80063834 00000000 80b46000 802a5a60 801e7d98 80000000 802ba854 00000000
    81a02180 80b7e260 81a021b0 819b0000 819b0000 80570056 00000000 00000001
    ...
    Call Trace:
    [] ip_finish_output+0x0/0x23c
    [] nf_iterate+0xbc/0x130
    [] nf_iterate+0xbc/0x130
    [] ip_finish_output+0x0/0x23c
    [] ip_finish_output+0x0/0x23c
    [] nf_hook_slow+0x9c/0x1a4

    One way to fix this would be to split helper cleanup from the unregistration
    function and invoke it for the H.245 helper, but since ctnetlink needs to be
    able to find the helper for synchonization purposes, a better fix is to
    register it normally and make sure its not assigned to connections during
    helper lookup. The missing l3num initialization is enough for this, this
    patch changes it to use AF_UNSPEC to make it more explicit though.

    Reported-by: liannan
    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     
  • 8a548868d   netfilter: nf_conntrack_h323: fix memory leak in module initialization error path ... Browse Code »

    Properly free h323_buffer when helper registration fails.

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     

14 Apr, 2008

2 commits

26 Mar, 2008

1 commit

  • 6002f266b   [NETFILTER]: nf_conntrack: introduce expectation classes and policies ... Browse Code »

    Introduce expectation classes and policies. An expectation class
    is used to distinguish different types of expectations by the
    same helper (for example audio/video/t.120). The expectation
    policy is used to hold the maximum number of expectations and
    the initial timeout for each class.

    The individual classes are isolated from each other, which means
    that for example an audio expectation will only evict other audio
    expectations.

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     

21 Mar, 2008

1 commit

01 Feb, 2008

2 commits

29 Jan, 2008

2 commits