Eric Lee / smarc-ti-linux-kernel

16 Apr, 2014

1 commit

  • aad88724c   ipv4: add a sock pointer to dst->output() path. ... Browse Code »
    5

    In the dst->output() path for ipv4, the code assumes the skb it has to
    transmit is attached to an inet socket, specifically via
    ip_mc_output() : The sk_mc_loop() test triggers a WARN_ON() when the
    provider of the packet is an AF_PACKET socket.

    The dst->output() method gets an additional 'struct sock *sk'
    parameter. This needs a cascade of changes so that this parameter can
    be propagated from vxlan to final consumer.

    Fixes: 8f646c922d55 ("vxlan: keep original skb ownership")
    Reported-by: lucien xin
    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

26 Aug, 2013

1 commit

  • 5a25cf1e3   xfrm: revert ipv4 mtu determination to dst_mtu ... Browse Code »

    In commit 0ea9d5e3e0e03a63b11392f5613378977dae7eca ("xfrm: introduce
    helper for safe determination of mtu") I switched the determination of
    ipv4 mtus from dst_mtu to ip_skb_dst_mtu. This was an error because in
    case of IP_PMTUDISC_PROBE we fall back to the interface mtu, which is
    never correct for ipv4 ipsec.

    This patch partly reverts 0ea9d5e3e0e03a63b11392f5613378977dae7eca
    ("xfrm: introduce helper for safe determination of mtu").

    Cc: Steffen Klassert
    Signed-off-by: Hannes Frederic Sowa
    Signed-off-by: Steffen Klassert

    Hannes Frederic Sowa
     

19 Aug, 2013

1 commit

14 Aug, 2013

2 commits

  • 0ea9d5e3e   xfrm: introduce helper for safe determination of mtu ... Browse Code »

    skb->sk socket can be of AF_INET or AF_INET6 address family. Thus we
    always have to make sure we a referring to the correct interpretation
    of skb->sk.

    We only depend on header defines to query the mtu, so we don't introduce
    a new dependency to ipv6 by this change.

    Cc: Steffen Klassert
    Signed-off-by: Hannes Frederic Sowa
    Signed-off-by: Steffen Klassert

    Hannes Frederic Sowa
     
  • 628e341f3   xfrm: make local error reporting more robust ... Browse Code »

    In xfrm4 and xfrm6 we need to take care about sockets of the other
    address family. This could happen because a 6in4 or 4in6 tunnel could
    get protected by ipsec.

    Because we don't want to have a run-time dependency on ipv6 when only
    using ipv4 xfrm we have to embed a pointer to the correct local_error
    function in xfrm_state_afinet and look it up when returning an error
    depending on the socket address family.

    Thanks to vi0ss for the great bug report:

    v2:
    a) fix two more unsafe interpretations of skb->sk as ipv6 socket
    (xfrm6_local_dontfrag and __xfrm6_output)
    v3:
    a) add an EXPORT_SYMBOL_GPL(xfrm_local_error) to fix a link error when
    building ipv6 as a module (thanks to Steffen Klassert)

    Reported-by:
    Cc: Steffen Klassert
    Signed-off-by: Hannes Frederic Sowa
    Signed-off-by: Steffen Klassert

    Hannes Frederic Sowa
     

01 Feb, 2012

1 commit

  • 5b11b2e4b   xfrm6: remove unneeded NULL check in __xfrm6_output() ... Browse Code »

    We don't check for NULL consistently in __xfrm6_output(). If "x" were
    NULL here it would lead to an OOPs later. I asked Steffen Klassert
    about this and he suggested that we remove the NULL check.

    On 10/29/11, Steffen Klassert wrote:
    >> net/ipv6/xfrm6_output.c
    >> 148
    >> 149 if ((x && x->props.mode == XFRM_MODE_TUNNEL) &&
    >> ^
    >
    > x can't be null here. It would be a bug if __xfrm6_output() is called
    > without a xfrm_state attached to the skb. I think we can just remove
    > this null check.

    Cc: Steffen Klassert
    Signed-off-by: Dan Carpenter
    Signed-off-by: David S. Miller

    Dan Carpenter
     

23 Nov, 2011

1 commit

19 Oct, 2011

1 commit

  • dd767856a   xfrm6: Don't call icmpv6_send on local error ... Browse Code »
    5

    Calling icmpv6_send() on a local message size error leads to
    an incorrect update of the path mtu. So use xfrm6_local_rxpmtu()
    to notify about the pmtu if the IPV6_DONTFRAG socket option is
    set on an udp or raw socket, according RFC 3542 and use
    ipv6_local_error() otherwise.

    Signed-off-by: Steffen Klassert
    Signed-off-by: David S. Miller

    Steffen Klassert
     

11 May, 2011

1 commit

  • 43a4dea4c   xfrm: Assign the inner mode output function to the dst entry ... Browse Code »

    As it is, we assign the outer modes output function to the dst entry
    when we create the xfrm bundle. This leads to two problems on interfamily
    scenarios. We might insert ipv4 packets into ip6_fragment when called
    from xfrm6_output. The system crashes if we try to fragment an ipv4
    packet with ip6_fragment. This issue was introduced with git commit
    ad0081e4 (ipv6: Fragment locally generated tunnel-mode IPSec6 packets
    as needed). The second issue is, that we might insert ipv4 packets in
    netfilter6 and vice versa on interfamily scenarios.

    With this patch we assign the inner mode output function to the dst entry
    when we create the xfrm bundle. So xfrm4_output/xfrm6_output from the inner
    mode is used and the right fragmentation and netfilter functions are called.
    We switch then to outer mode with the output_finish functions.

    Signed-off-by: Steffen Klassert
    Signed-off-by: David S. Miller

    Steffen Klassert
     

20 Dec, 2010

1 commit

25 Mar, 2010

1 commit

19 Feb, 2010

1 commit

03 Jun, 2009

1 commit

  • adf30907d   net: skb->dst accessors ... Browse Code »

    Define three accessors to get/set dst attached to a skb

    struct dst_entry *skb_dst(const struct sk_buff *skb)

    void skb_dst_set(struct sk_buff *skb, struct dst_entry *dst)

    void skb_dst_drop(struct sk_buff *skb)
    This one should replace occurrences of :
    dst_release(skb->dst)
    skb->dst = NULL;

    Delete skb->dst field

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

07 Apr, 2009

1 commit

  • d1d88e5de   xfrm: fix fragmentation on inter family tunnels ... Browse Code »

    If an ipv4 packet (not locally generated with IP_DF flag not set) bigger
    than mtu size is supposed to go via a xfrm ipv6 tunnel, the packetsize
    check in xfrm4_tunnel_check_size() is omited and ipv6 drops the packet
    without sending a notice to the original sender of the ipv4 packet.

    Another issue is that ipv4 connection tracking does reassembling of
    incomming fragmented packets. If such a reassembled packet is supposed to
    go via a xfrm ipv6 tunnel it will be droped, even if the original sender
    did proper fragmentation.

    According to RFC 2473 (section 7) tunnel ipv6 packets resulting from the
    encapsulation of an original packet are considered as locally generated
    packets. If such a packet passed the checks in xfrm{4,6}_tunnel_check_size()
    fragmentation is allowed according to RFC 2473 (section 7.1/7.2).

    This patch sets skb->local_df in xfrm6_prepare_output() to achieve
    fragmentation in this case.

    Signed-off-by: Steffen Klassert
    Signed-off-by: David S. Miller

    Steffen Klassert
     

25 Mar, 2008

1 commit

13 Feb, 2008

1 commit

  • 28a89453b   [IPV6]: Fix IPsec datagram fragmentation ... Browse Code »

    This is a long-standing bug in the IPsec IPv6 code that breaks
    when we emit a IPsec tunnel-mode datagram packet. The problem
    is that the code the emits the packet assumes the IPv6 stack
    will fragment it later, but the IPv6 stack assumes that whoever
    is emitting the packet is going to pre-fragment the packet.

    In the long term we need to fix both sides, e.g., to get the
    datagram code to pre-fragment as well as to get the IPv6 stack
    to fragment locally generated tunnel-mode packet.

    For now this patch does the second part which should make it
    work for the IPsec host case.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

29 Jan, 2008

6 commits

  • 6e23ae2a4   [NETFILTER]: Introduce NF_INET_ hook values ... Browse Code »

    The IPv4 and IPv6 hook values are identical, yet some code tries to figure
    out the "correct" value by looking at the address family. Introduce NF_INET_*
    values for both IPv4 and IPv6. The old values are kept in a #ifndef __KERNEL__
    section for userspace compatibility.

    Signed-off-by: Patrick McHardy
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Patrick McHardy
     
  • 60d5fcfb1   [IPSEC]: Remove nhoff from xfrm_input ... Browse Code »

    The nhoff field isn't actually necessary in xfrm_input. For tunnel
    mode transforms we now throw away the output IP header so it makes no
    sense to fill in the nexthdr field. For transport mode we can now let
    the function transport_finish do the setting and it knows where the
    nexthdr field is.

    The only other thing that needs the nexthdr field to be set is the
    header extraction code. However, we can simply move the protocol
    extraction out of the generic header extraction.

    We want to minimise the amount of info we have to carry around between
    transforms as this simplifies the resumption process for async crypto.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 862b82c6f   [IPSEC]: Merge most of the output path ... Browse Code »

    As part of the work on asynchrnous cryptographic operations, we need
    to be able to resume from the spot where they occur. As such, it
    helps if we isolate them to one spot.

    This patch moves most of the remaining family-specific processing into
    the common output code.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • ef76bc23e   [IPV6]: Add ip6_local_out ... Browse Code »

    Most callers of the LOCAL_OUT chain will set the IP packet length
    before doing so. They also share the same output function dst_output.

    This patch creates a new function called ip6_local_out which does all
    of that and converts the appropriate users over to it.

    Apart from removing duplicate code, it will also help in merging the
    IPsec output path.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 227620e29   [IPSEC]: Separate inner/outer mode processing on input ... Browse Code »

    With inter-family transforms the inner mode differs from the outer
    mode. Attempting to handle both sides from the same function means
    that it needs to handle both IPv4 and IPv6 which creates duplication
    and confusion.

    This patch separates the two parts on the input path so that each
    function deals with one family only.

    In particular, the functions xfrm4_extract_inut/xfrm6_extract_inut
    moves the pertinent fields from the IPv4/IPv6 IP headers into a
    neutral format stored in skb->cb. This is then used by the inner mode
    input functions to modify the inner IP header. In this way the input
    function no longer has to know about the outer address family.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 36cf9acf9   [IPSEC]: Separate inner/outer mode processing on output ... Browse Code »

    With inter-family transforms the inner mode differs from the outer
    mode. Attempting to handle both sides from the same function means
    that it needs to handle both IPv4 and IPv6 which creates duplication
    and confusion.

    This patch separates the two parts on the output path so that each
    function deals with one family only.

    In particular, the functions xfrm4_extract_output/xfrm6_extract_output
    moves the pertinent fields from the IPv4/IPv6 IP headers into a
    neutral format stored in skb->cb. This is then used by the outer mode
    output functions to write the outer IP header. In this way the output
    function no longer has to know about the inner address family.

    Since the extract functions are only called by tunnel modes (the only
    modes that can support inter-family transforms), I've also moved the
    xfrm*_tunnel_check_size calls into them. This allows the correct ICMP
    message to be sent as opposed to now where you might call icmp_send
    with an IPv6 packet and vice versa.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

18 Oct, 2007

2 commits

  • 13996378e   [IPSEC]: Rename mode to outer_mode and add inner_mode ... Browse Code »

    This patch adds a new field to xfrm states called inner_mode. The existing
    mode object is renamed to outer_mode.

    This is the first part of an attempt to fix inter-family transforms. As it
    is we always use the outer family when determining which mode to use. As a
    result we may end up shoving IPv4 packets into netfilter6 and vice versa.

    What we really want is to use the inner family for the first part of outbound
    processing and the outer family for the second part. For inbound processing
    we'd use the opposite pairing.

    I've also added a check to prevent silly combinations such as transport mode
    with inter-family transforms.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 1bfcb10f6   [IPSEC]: Add missing BEET checks ... Browse Code »

    Currently BEET mode does not reinject the packet back into the stack
    like tunnel mode does. Since BEET should behave just like tunnel mode
    this is incorrect.

    This patch fixes this by introducing a flags field to xfrm_mode that
    tells the IPsec code whether it should terminate and reinject the packet
    back into the stack.

    It then sets the flag for BEET and tunnel mode.

    I've also added a number of missing BEET checks elsewhere where we check
    whether a given mode is a tunnel or not.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

16 Oct, 2007

1 commit

11 Oct, 2007

2 commits

  • ceb1eec82   [IPSEC]: Move IP length/checksum setting out of transforms ... Browse Code »

    This patch moves the setting of the IP length and checksum fields out of
    the transforms and into the xfrmX_output functions. This would help future
    efforts in merging the transforms themselves.

    It also adds an optimisation to ipcomp due to the fact that the transport
    offset is guaranteed to be zero.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 406ef77c8   [IPSEC]: Move common output code to xfrm_output ... Browse Code »

    Most of the code in xfrm4_output_one and xfrm6_output_one are identical so
    this patch moves them into a common xfrm_output function which will live
    in net/xfrm.

    In fact this would seem to fix a bug as on IPv4 we never reset the network
    header after a transform which may upset netfilter later on.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

26 Apr, 2007

3 commits

11 Feb, 2007

1 commit

23 Sep, 2006

5 commits

  • eb878e845   [IPSEC]: output mode to take an xfrm state as input param ... Browse Code »

    Expose IPSEC modes output path to take an xfrm state as input param.
    This makes it consistent with the input mode processing (which already
    takes the xfrm state as a param).

    Signed-off-by: Jamal Hadi Salim
    Signed-off-by: David S. Miller

    Jamal Hadi Salim
     
  • 9afaca057   [XFRM] IPV6: Update outbound state timestamp for each sending. ... Browse Code »

    With this patch transformation state is updated last used time
    for each sending. Xtime is used for it like other state lifetime
    expiration.
    Mobile IPv6 enabled nodes will want to know traffic status of each
    binding (e.g. judgement to request binding refresh by correspondent node,
    or to keep home/care-of nonce alive by mobile node).
    The last used timestamp is an important hint about it.
    Based on MIPL2 kernel patch.

    This patch was also written by: Henrik Petander

    Signed-off-by: Masahide NAKAMURA
    Signed-off-by: YOSHIFUJI Hideaki
    Signed-off-by: David S. Miller

    Masahide NAKAMURA
     
  • aee5adb43   [XFRM] STATE: Add a hook to find offset to be inserted header in outbound. ... Browse Code »

    On current kernel, ip6_find_1stfragopt() is used by IPv6 IPsec to find
    offset to be inserted header in outbound for transport mode. (BTW, no
    usage may be needed for IPv4 case.) Mobile IPv6 requires another
    logic for routing header and destination options header
    respectively. This patch is common platform for the offset and adopts
    it to IPsec.

    Based on MIPL2 kernel patch.

    Signed-off-by: Masahide NAKAMURA
    Signed-off-by: YOSHIFUJI Hideaki
    Signed-off-by: David S. Miller

    Masahide NAKAMURA
     
  • 7e49e6de3   [XFRM]: Add XFRM_MODE_xxx for future use. ... Browse Code »

    Transformation mode is used as either IPsec transport or tunnel.
    It is required to add two more items, route optimization and inbound trigger
    for Mobile IPv6.
    Based on MIPL2 kernel patch.

    This patch was also written by: Ville Nuorvala

    Signed-off-by: Masahide NAKAMURA
    Signed-off-by: YOSHIFUJI Hideaki
    Signed-off-by: David S. Miller

    Masahide NAKAMURA
     
  • 84fa7933a   [NET]: Replace CHECKSUM_HW by CHECKSUM_PARTIAL/CHECKSUM_COMPLETE ... Browse Code »

    Replace CHECKSUM_HW by CHECKSUM_PARTIAL (for outgoing packets, whose
    checksum still needs to be completed) and CHECKSUM_COMPLETE (for
    incoming packets, device supplied full checksum).

    Patch originally from Herbert Xu, updated by myself for 2.6.18-rc3.

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     

03 Aug, 2006

1 commit

09 Jul, 2006

1 commit

  • 89114afd4   [NET] gso: Add skb_is_gso ... Browse Code »

    This patch adds the wrapper function skb_is_gso which can be used instead
    of directly testing skb_shinfo(skb)->gso_size. This makes things a little
    nicer and allows us to change the primary key for indicating whether an skb
    is GSO (if we ever want to do that).

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

23 Jun, 2006

1 commit

  • 09b8f7a93   [IPSEC]: Handle GSO packets ... Browse Code »

    This patch segments GSO packets received by the IPsec stack. This can
    happen when a NIC driver injects GSO packets into the stack which are
    then forwarded to another host.

    The primary application of this is going to be Xen where its backend
    driver may inject GSO packets into dom0.

    Of course this also can be used by other virtualisation schemes such as
    VMWare or UML since the tap device could be modified to inject GSO packets
    received through splice.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

18 Jun, 2006

1 commit

  • b59f45d0b   [IPSEC] xfrm: Abstract out encapsulation modes ... Browse Code »

    This patch adds the structure xfrm_mode. It is meant to represent
    the operations carried out by transport/tunnel modes.

    By doing this we allow additional encapsulation modes to be added
    without clogging up the xfrm_input/xfrm_output paths.

    Candidate modes include 4-to-6 tunnel mode, 6-to-4 tunnel mode, and
    BEET modes.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu