Eric Lee / smarc-fsl-linux-kernel

20 Jun, 2017

1 commit

  • d53e3fc39   netfilter: use nf_conntrack_helpers_register when possible ... Browse Code »

    amanda_helper, nf_conntrack_helper_ras and nf_conntrack_helper_q931 are
    all arrays, so we can use nf_conntrack_helpers_register to register
    the ct helper, this will help us to eliminate some "goto errX"
    statements.

    Also introduce h323_helper_init/exit helper function to register the ct
    helpers, this is prepared for the followup patch, which will add net
    namespace support for ct helper.

    Signed-off-by: Liping Zhang
    Acked-by: Florian Westphal
    Signed-off-by: Pablo Neira Ayuso

    Liping Zhang
     

19 Apr, 2017

2 commits

  • 9f0f3ebed   netfilter: helpers: remove data_len usage for inkernel helpers ... Browse Code »

    No need to track this for inkernel helpers anymore as
    NF_CT_HELPER_BUILD_BUG_ON checks do this now.

    All inkernel helpers know what kind of structure they
    stored in helper->data.

    Signed-off-by: Florian Westphal
    Signed-off-by: Pablo Neira Ayuso

    Florian Westphal
     
  • dcf67740f   netfilter: helper: add build-time asserts for helper data size ... Browse Code »

    add a 32 byte scratch area in the helper struct instead of relying
    on variable sized helpers plus compile-time asserts to let us know
    if 32 bytes aren't enough anymore.

    Not having variable sized helpers will later allow to add BUILD_BUG_ON
    for the total size of conntrack extensions -- the helper extension is
    the only one that doesn't have a fixed size.

    The (useless!) NF_CT_HELPER_BUILD_BUG_ON(0); are added so that in case
    someone adds a new helper and copy-pastes from one that doesn't store
    private data at least some indication that this macro should be used
    somehow is there...

    Signed-off-by: Florian Westphal
    Signed-off-by: Pablo Neira Ayuso

    Florian Westphal
     

25 Sep, 2016

1 commit

08 Aug, 2016

1 commit

  • 707e6835f   netfilter: nf_ct_h323: do not re-activate already expired timer ... Browse Code »

    Commit 96d1327ac2e3 ("netfilter: h323: Use mod_timer instead of
    set_expect_timeout") just simplify the source codes
    if (!del_timer(&exp->timeout))
    return 0;
    add_timer(&exp->timeout);
    to mod_timer(&exp->timeout, jiffies + info->timeout * HZ);

    This is not correct, and introduce a race codition:
    CPU0 CPU1
    - timer expire
    process_rcf expectation_timed_out
    lock(exp_lock) -
    find_exp waiting exp_lock...
    re-activate timer!! waiting exp_lock...
    unlock(exp_lock) lock(exp_lock)
    - unlink expect
    - free(expect)
    - unlock(exp_lock)
    So when the timer expires again, we will access the memory that
    was already freed.

    Replace mod_timer with mod_timer_pending here to fix this problem.

    Fixes: 96d1327ac2e3 ("netfilter: h323: Use mod_timer instead of set_expect_timeout")
    Cc: Gao Feng
    Signed-off-by: Liping Zhang
    Signed-off-by: Pablo Neira Ayuso

    Liping Zhang
     

23 Jul, 2016

1 commit

26 May, 2015

1 commit

  • 2647a9b07   ipv6: Remove external dependency on rt6i_gateway and RTF_ANYCAST ... Browse Code »

    When creating a RTF_CACHE route, RTF_ANYCAST is set based on rt6i_dst.
    Also, rt6i_gateway is always set to the nexthop while the nexthop
    could be a gateway or the rt6i_dst.addr.

    After removing the rt6i_dst and rt6i_src dependency in the last patch,
    we also need to stop the caller from depending on rt6i_gateway and
    RTF_ANYCAST.

    Signed-off-by: Martin KaFai Lau
    Cc: Hannes Frederic Sowa
    Cc: Steffen Klassert
    Cc: Julian Anastasov
    Signed-off-by: David S. Miller

    Martin KaFai Lau
     

17 Nov, 2014

1 commit

07 Mar, 2014

1 commit

22 Oct, 2013

1 commit

19 Apr, 2013

1 commit

  • f229f6ce4   netfilter: add my copyright statements ... Browse Code »

    Add copyright statements to all netfilter files which have had significant
    changes done by myself in the past.

    Some notes:

    - nf_conntrack_ecache.c was incorrectly attributed to Rusty and Netfilter
    Core Team when it got split out of nf_conntrack_core.c. The copyrights
    even state a date which lies six years before it was written. It was
    written in 2005 by Harald and myself.

    - net/ipv{4,6}/netfilter.c, net/netfitler/nf_queue.c were missing copyright
    statements. I've added the copyright statement from net/netfilter/core.c,
    where this code originated

    - for nf_conntrack_proto_tcp.c I've also added Jozsef, since I didn't want
    it to give the wrong impression

    Signed-off-by: Patrick McHardy
    Signed-off-by: Pablo Neira Ayuso

    Patrick McHardy
     

19 Feb, 2013

1 commit

  • b20ab9cc6   netfilter: nf_ct_helper: better logging for dropped packets ... Browse Code »

    Connection tracking helpers have to drop packets under exceptional
    situations. Currently, the user gets the following logging message
    in case that happens:

    nf_ct_%s: dropping packet ...

    However, depending on the helper, there are different reasons why a
    packet can be dropped.

    This patch modifies the existing code to provide more specific
    error message in the scope of each helper to help users to debug
    the reason why the packet has been dropped, ie:

    nf_ct_%s: dropping packet: reason ...

    Thanks to Joe Perches for many formatting suggestions.

    Signed-off-by: Pablo Neira Ayuso

    Pablo Neira Ayuso
     

22 Oct, 2012

1 commit

  • bbb5823cf   netfilter: nf_conntrack: fix rt_gateway checks for H.323 helper ... Browse Code »

    After the change "Adjust semantics of rt->rt_gateway"
    (commit f8126f1d51) we should properly match the nexthop when
    destinations are directly connected because rt_gateway can be 0.

    The rt_gateway checks in H.323 helper try to avoid the creation
    of an unnecessary expectation in this call-forwarding case:

    http://people.netfilter.org/zhaojingmin/h323_conntrack_nat_helper/#_Toc133598073

    However, the existing code fails to avoid that in many cases,
    see this thread:

    http://marc.info/?l=linux-netdev&m=135043175028620&w=2

    It seems it is not trivial to know from the kernel if two hosts
    have to go through the firewall to communicate each other, which
    is the main point of the call-forwarding filter code to avoid
    creating unnecessary expectations.

    So this patch just gets things the way they were as before
    commit f8126f1d51.

    Signed-off-by: Julian Anastasov
    Signed-off-by: Pablo Neira Ayuso

    Julian Anastasov
     

30 Aug, 2012

2 commits

17 Jun, 2012

1 commit

  • 82f437b95   Merge branch 'master' of git://1984.lsi.us.es/nf-next ... Browse Code »

    Pablo says:

    ====================
    This is the second batch of Netfilter updates for net-next. It contains the
    kernel changes for the new user-space connection tracking helper
    infrastructure.

    More details on this infrastructure are provides here:
    http://lwn.net/Articles/500196/

    Still, I plan to provide some official documentation through the
    conntrack-tools user manual on how to setup user-space utilities for this.
    So far, it provides two helper in user-space, one for NFSv3 and another for
    Oracle/SQLnet/TNS. Yet in my TODO list.
    ====================

    Signed-off-by: David S. Miller

    David S. Miller
     

16 Jun, 2012

1 commit

  • 1afc56794   netfilter: nf_ct_helper: implement variable length helper private data ... Browse Code »
    43

    This patch uses the new variable length conntrack extensions.

    Instead of using union nf_conntrack_help that contain all the
    helper private data information, we allocate variable length
    area to store the private helper data.

    This patch includes the modification of all existing helpers.
    It also includes a couple of include header to avoid compilation
    warnings.

    Signed-off-by: Pablo Neira Ayuso

    Pablo Neira Ayuso
     

07 Jun, 2012

1 commit

  • d109e9af6   netfilter: nf_ct_h323: fix bug in rtcp natting ... Browse Code »

    The nat_rtp_rtcp hook takes two separate parameters port and rtp_port.

    port is expected to be the real h245 address (found inside the packet).
    rtp_port is the even number closest to port (RTP ports are even and
    RTCP ports are odd).

    However currently, both port and rtp_port are having same value (both are
    rounded to nearest even numbers).

    This works well in case of openlogicalchannel with media (RTP/even) port.

    But in case of openlogicalchannel for media control (RTCP/odd) port,
    h245 address in the packet is wrongly modified to have an even port.

    I am attaching a pcap demonstrating the problem, for any further analysis.

    This behavior was introduced around v2.6.19 while rewriting the helper.

    Signed-off-by: Jagdish Motwani
    Signed-off-by: Sanket Shah
    Signed-off-by: Pablo Neira Ayuso

    Pablo Neira Ayuso
     

17 May, 2012

1 commit

16 May, 2012

1 commit

16 Apr, 2012

1 commit

20 Dec, 2011

1 commit

  • eb9399220   module_param: make bool parameters really bool (net & drivers/net) ... Browse Code »

    module_param(bool) used to counter-intuitively take an int. In
    fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy
    trick.

    It's time to remove the int/unsigned int option. For this version
    it'll simply give a warning, but it'll break next kernel version.

    (Thanks to Joe Perches for suggesting coccinelle for 0/1 -> true/false).

    Cc: "David S. Miller"
    Cc: netdev@vger.kernel.org
    Signed-off-by: Rusty Russell
    Signed-off-by: David S. Miller

    Rusty Russell
     

17 Dec, 2011

1 commit

23 Nov, 2011

1 commit

06 Jun, 2011

1 commit

  • fb0488337   netfilter: add more values to enum ip_conntrack_info ... Browse Code »

    Following error is raised (and other similar ones) :

    net/ipv4/netfilter/nf_nat_standalone.c: In function ‘nf_nat_fn’:
    net/ipv4/netfilter/nf_nat_standalone.c:119:2: warning: case value ‘4’
    not in enumerated type ‘enum ip_conntrack_info’

    gcc barfs on adding two enum values and getting a not enumerated
    result :

    case IP_CT_RELATED+IP_CT_IS_REPLY:

    Add missing enum values

    Signed-off-by: Eric Dumazet
    CC: David Miller
    Signed-off-by: Pablo Neira Ayuso

    Eric Dumazet
     

04 Apr, 2011

2 commits

  • 0fae2e774   netfilter: af_info: add 'strict' parameter to limit lookup to .oif ... Browse Code »

    ipv6 fib lookup can set RT6_LOOKUP_F_IFACE flag to restrict search
    to an interface, but this flag cannot be set via struct flowi.

    Also, it cannot be set via ip6_route_output: this function uses the
    passed sock struct to determine if this flag is required
    (by testing for nonzero sk_bound_dev_if).

    Work around this by passing in an artificial struct sk in case
    'strict' argument is true.

    This is required to replace the rt6_lookup call in xt_addrtype.c with
    nf_afinfo->route().

    Signed-off-by: Florian Westphal
    Acked-by: David S. Miller
    Signed-off-by: Patrick McHardy

    Florian Westphal
     
  • 31ad3dd64   netfilter: af_info: add network namespace parameter to route hook ... Browse Code »

    This is required to eventually replace the rt6_lookup call in
    xt_addrtype.c with nf_afinfo->route().

    Signed-off-by: Florian Westphal
    Acked-by: David S. Miller
    Signed-off-by: Patrick McHardy

    Florian Westphal
     

13 Mar, 2011

1 commit

11 Jun, 2010

1 commit

13 May, 2010

1 commit

02 May, 2010

1 commit

30 Mar, 2010

1 commit

  • 5a0e3ad6a   include cleanup: Update gfp.h and slab.h includes to prepare for breaking implic… ... Browse Code »

    …it slab.h inclusion from percpu.h

    percpu.h is included by sched.h and module.h and thus ends up being
    included when building most .c files. percpu.h includes slab.h which
    in turn includes gfp.h making everything defined by the two files
    universally available and complicating inclusion dependencies.

    percpu.h -> slab.h dependency is about to be removed. Prepare for
    this change by updating users of gfp and slab facilities include those
    headers directly instead of assuming availability. As this conversion
    needs to touch large number of source files, the following script is
    used as the basis of conversion.

    http://userweb.kernel.org/~tj/misc/slabh-sweep.py

    The script does the followings.

    * Scan files for gfp and slab usages and update includes such that
    only the necessary includes are there. ie. if only gfp is used,
    gfp.h, if slab is used, slab.h.

    * When the script inserts a new include, it looks at the include
    blocks and try to put the new include such that its order conforms
    to its surrounding. It's put in the include block which contains
    core kernel includes, in the same order that the rest are ordered -
    alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
    doesn't seem to be any matching order.

    * If the script can't find a place to put a new include (mostly
    because the file doesn't have fitting include block), it prints out
    an error message indicating which .h file needs to be added to the
    file.

    The conversion was done in the following steps.

    1. The initial automatic conversion of all .c files updated slightly
    over 4000 files, deleting around 700 includes and adding ~480 gfp.h
    and ~3000 slab.h inclusions. The script emitted errors for ~400
    files.

    2. Each error was manually checked. Some didn't need the inclusion,
    some needed manual addition while adding it to implementation .h or
    embedding .c file was more appropriate for others. This step added
    inclusions to around 150 files.

    3. The script was run again and the output was compared to the edits
    from #2 to make sure no file was left behind.

    4. Several build tests were done and a couple of problems were fixed.
    e.g. lib/decompress_*.c used malloc/free() wrappers around slab
    APIs requiring slab.h to be added manually.

    5. The script was run on all .h files but without automatically
    editing them as sprinkling gfp.h and slab.h inclusions around .h
    files could easily lead to inclusion dependency hell. Most gfp.h
    inclusion directives were ignored as stuff from gfp.h was usually
    wildly available and often used in preprocessor macros. Each
    slab.h inclusion directive was examined and added manually as
    necessary.

    6. percpu.h was updated not to include slab.h.

    7. Build test were done on the following configurations and failures
    were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
    distributed build env didn't work with gcov compiles) and a few
    more options had to be turned off depending on archs to make things
    build (like ipr on powerpc/64 which failed due to missing writeq).

    * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
    * powerpc and powerpc64 SMP allmodconfig
    * sparc and sparc64 SMP allmodconfig
    * ia64 SMP allmodconfig
    * s390 SMP allmodconfig
    * alpha SMP allmodconfig
    * um on x86_64 SMP allmodconfig

    8. percpu.h modifications were reverted so that it could be applied as
    a separate patch and serve as bisection point.

    Given the fact that I had only a couple of failures from tests on step
    6, I'm fairly confident about the coverage of this conversion patch.
    If there is a breakage, it's likely to be something in one of the arch
    headers which should be easily discoverable easily on most builds of
    the specific arch.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>

    Tejun Heo
     

16 Feb, 2010

1 commit

01 Feb, 2009

1 commit

17 Nov, 2008

1 commit

30 Oct, 2008

1 commit

29 Oct, 2008

1 commit

08 Oct, 2008

3 commits