| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This patch is from Nigel's swsusp2, it kills ugly #include <suspend.h> from
all over the tree, and makes code slightly nicer. I only left those parts
that do not change any code.
From: Nigel Cunningham <ncunningham@linuxmail.org>
Signed-off-by: Pavel Machek <pavel@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
The caller does not necessarily have the socket locked
(udpv6sendmsg() is one such case) so we have to use
sk_dst_check() instead of __sk_dst_check().
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
We need to do the proper checks before we try to
pull space out of it, just like sendmsg() does.
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6
|
|
- make some needlessly global code static
- remove the following unused functions:
- exthdrs.c: ipv6_build_rthdr
- exthdrs.c: ipv6_build_exthdr
- exthdrs.c: ipv6_build_nfrag_opts
- exthdrs.c: ipv6_build_frag_opts
- remove the following write-only global variables:
- addrconf.c: inet6_dev_count
- addrconf.c: inet6_ifa_count
- #if 0 the following unused global variable:
- addrconf.c: in6addr_any
- remove the following unneeded EXPORT_SYMBOL's:
- ipv6_syms.c: in6addr_any
- ipv6_syms.c: in6addr_loopback
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6
|
|
No need for two structs, follow the new inet_sock layout
style.
Signed-off-by: Arnaldo Carvalho de Melo <acme@conectiva.com.br>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Neil Horman <nhorman@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
- make needlessly global code static
- dn_fib.c: remove the write-only global variable dn_fib_info_cnt
- dn_fib.c: remove the unused global function dn_fib_rt_message
- dn_neigh.c: remove the unused global function dn_neigh_pointopoint_notify
- dn_timer.c: remove the fast timer code that isn't used
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6
|
|
Use the new lock initializers DEFINE_SPIN_LOCk and DEFINE_RW_LOCK
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6
|
|
Signed-off-by: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
into nuts.davemloft.net:/disk1/BK/tgraf-2.6
|
|
The netlink_post stuff Arjan removed was the only
user of this array.
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
do_tcp_sendpages() needs to do skb->truesize et al.
accounting just like tcp_sendmsg() does.
tcp_sendmsg() works by gradually adjusting these
accounting knobs as user data is copied into the
packet.
do_tcp_sendpages() works differently, when it allocates
a new SKB it optimistically adds in tp->mss_cache to
these values and then makes no adjustments at all as
pages are tacked onto the packet.
This does not work at all if tcp_sendmsg() queues a
packet onto the send queue, and then do_tcp_sendpages()
attaches pages onto the end of that SKB. We are left
with a very inaccurate skb->truesize in that case.
Consequently, if we were building a TSO frame and it
gets partially ACK'd, then since skb->truesize is too
small tcp_trim_skb() will potentially underflow it's
value and all the accounting becomes corrupted.
This is usually seen as sk->sk_forward_alloc being
negative at socket destroy time, which triggers an
assertion check.
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6
|
|
Use the new lock initializers DEFINE_SPIN_LOCK and DEFINE_RW_LOCK.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
init, destroy, dump etc. should be performed through Thomas's tcf_exts,
don't export the act_api.c functions to modules. tcf_action_dump_1
will follow once tcf_dump_walker is converted to callbacks.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
Also silence an unused-variable warning when CONFIG_CLS_U32_MARK is not set.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
Instead of just removing the (correct) __initdata as introduced by
http://linux.bkbits.net:8080/linux-2.5/cset@1.2055.4.50
we rework the code in order to not trigger some misinterpretation by
static code checkers.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@eurodev.net>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
ip6tables version of Rusty's iptables fix.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
There are some string tables only used for debugging printk()'s in IRDA
that trip warnings when CONFIG_IRDA_DEBUG is not set.
This patch makes them conditional on CONFIG_IRDA_DEBUG to silence warnings.
Signed-off-by: William Irwin <wli@holomorphy.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
No need for two structs, follow the new inet_sock layout
style.
Signed-off-by: Arnaldo Carvalho de Melo <acme@conectiva.com.br>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Sync tcf_action_init and tca_action_gd. Rename a few variables
to make the code more easily understandable and rename the
rtattr_failure/nlmsg_failure labels. These are usually called
from the netlink macros, it is misleading to use them in a
larger function without actually using netlink macros.
Multi action orders were processed differently before,
tcf_action_init skipped empty ones while tca_action_gd stopped
at the first empty one. This patch makes both stop at the first
empty one.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
If get/delete can't find the action we can assume there is nothing
to get/delete.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
tcf_ipt_cleanup
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
refcnt/bindcnt are only used in user context under the rtnl, no additional
locking is necessary. Besides it was only done in some places, so kill it.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Simply kill the pskb_expand_head, iptables targets already take care
of cloned packets.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
- Return proper error codes
- Some attribute sizes are not checked
- rta may by NULL
- multiple leaks
- possible unbalanced unlock
- used action is freed after if an error happens while trying to replace
- estimator can't be replaced
This patch makes replacement atomic, so the old action is either
replaced entirely or not touched at all.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
- Return proper error codes
- Attribute sizes are not checked
- rta may by NULL
- The action is inserted into the hash before its parameters are set
- replacement happens without locking
- no reallocation on replacement for possibly changed numbers of keys
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
- Return proper error codes
- Attribute sizes are not checked
- rta may by NULL
- The action is inserted into the hash before its parameters are set
- action in hash is freed on error path
- action is modified outside of the locked section
This patch makes replacement atomic, so the old action is either
replaced entirely or not touched at all.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
- Return proper error codes
- Attribute sizes are not checked
- rta may be NULL
- Several leaks and locking errors
- When replacement fails the old action is freed while in use
This patch makes replacement atomic, so the old action is either
replaced entirely or not touched at all.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
- rta can be NULL
- Attribute sizes are not checked
- No locking when replacing an action
- The action is inserted into the hash before its parameters are set
Also return proper error codes.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Add rtattr_strlcpy to handle unterminated strings. The destination
is nulled out entirely to avoid possible leaks when dumping. The
return value can be checked for >= size to detect truncated strings.
Currently strings equal to the size of the destination are accepted
everywhere even if not null-terminated. Sometimes they are silently
truncated, sometimes the unterminated string is used.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Thomas Graf points out that I broke net/sched/ipt.c when I removed
__ipt_find_target_lock. In fact, those routines don't need to keep
the lock held, so we can simplify them, and expose an interface
(ipt_find_target) which does module loading correctly for
net/sched/ipt.c.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Kconfig dependencies
Removes outdated comment and make action and old compat policer
mutually exclusive to reflect the code. Noted by Jamal Hadi Salim.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Transforms tcindex to use tcf_exts API and thus adds support for
actions. Needs more work to allow changing parameters for
existing filters.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
tcf_exts API
Transforms tcindex to use tcf_exts API and thus adds support for
actions. Replaces the existing change implementation with a new one
supporting changes for existing filters which allows to change a
classifier without letting a single packet pass by unclassified.
Fixes various cases where a error is returned but the filter was
changed already.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
tcf_exts API
Transforms route to use tcf_exts API and thus adds support for
actions. Replaces the existing change implementation with a new one
supporting changes for existing filters which allows to change a
classifier without letting a single packet pass by unclassified.
Fixes various cases where a error is returned but the filter was
changed already.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Transforms fw to use tcf_exts API. Makes the fw changing
procedure consistent upon failures except for indev failures but
indev will be removed very soon.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Transforms u32 to use tcf_exts API. Makes the u32 changing
procedure consistent upon failures except for indev failures but
indev will be removed very soon.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The tcf_exts API abstracts extensions such as actions/policers
into a generic layer and reduces the knowledge inside classifiers
to the minimum required. It isolates the validation code into
its own function to allow classifiers to validate all input
data before making changes and thus avoids the need to undo changes
if a extension configuration request cannot be fullfilled.
Adds missing locking when adding a action/police extension to an
already existing filter. Acquiring dev->queue_lock makes sure we
don't change the action/police in the middle of a classification.
Noted by Patrick McHardy.
As a nice side effect, using this API removes the existing
ifdef clutter.
Usage:
The classifier holds struct tcf_exts which may be empty if no
extensions are compiled in. It then calls tcf_exts_validate
when a new change request was received and provides a temporary
tcf_exts copy to store the change requests. Given it succeeded
the classifier may change its own parameters and at the end
call tcf_exts_change to commit the changes and replace the
existing extension configuration with the new one. The classifier
is responsible to destroy his temporary copy if any of its own
validation checks fail.
The classifier specific TLV types must be exported to the extensions
API via tcf_ext_map.
Destroying the extensions is as easy as calling tcf_exts_destroy.
The extensions are executed by the classifier by calling tcf_exts_exec
which must be done as the last thing after making sure the
filter matches. Note: A classifier might take further actions after
the execution to tcf_exts_exec such as correcting its own cache to
avoid caching results which could have been influenced by the extensions.
tcf_exts_exec returns a negative error code if the filter must be
considered unmatched, 0 on normal execution or a positive classifier
return code (TC_ACT_*) which must be returned to the underlying layer
as-is.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Need to check against struct compat_cmsghdr
not struct cmsghdr.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The patch below contains the following cleanups:
- make needlessly global code static
- remove the following unused global functions:
- datagram.c: skb_copy_datagram
- iovec.c: memcpy_tokerneliovec
- remove the following unneeded EXPORT_SYMBOL's:
- datagram.c: skb_copy_datagram
- dev.c: ing_filter
- iovec.c: memcpy_tokerneliovec
- netpoll.c: netpoll_send_skb
- rtnetlink.c: rtnetlink_dump_ifinfo
- sock.c: sock_alloc_send_pskb
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6
|
|
Signed-off-by: Bart De Schuymer <bdschuym@telenet.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
I suspect given that someone made the change for a reason that there
should probably be a sysctl to switch between AX.25 (as 2.6.9) and "kind
of routed AX.25-ish" (as 2.6.10).
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6
|
|
The attached patch fixes long scheduling latencies caused by backlog
triggered by __release_sock(). That code only executes in process context,
and we've made the backlog queue private already at this point so it is
safe to do a cond_resched_softirq().
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
The attached patch fixes long scheduling latencies caused by access to the
/proc/net/tcp file. The seqfile functions keep softirqs disabled for a
very long time (i've seen reports of 20+ msecs, if there are enough sockets
in the system). With the attached patch it's below 100 usecs.
The cond_resched_softirq() relies on the implicit knowledge that this code
executes in process context and runs with softirqs disabled.
Potentially enabling softirqs means that the socket list might change
between buckets - but this is not an issue since seqfiles have a 4K
iteration granularity anyway and /proc/net/tcp is often (much) larger than
that.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6
|
|
Just noticed while fixing some other sparse-related stuff.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Call a helper function from svcauth_unix_accept() and svcauth_null_accept()
instead of duplicating code.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Fix some discrepencies between the server-side auth_null and auth_unix rpc
code: in particular, make sure we return an auth error in the auth_null case
instead of dropping when we fail to match an export entry, and make sure such
responses are encoded correctly.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
This patch corrects a problem that was originally added with the nanosecond
timestamps in stat patch. The problem is that some file systems don't have
enough space in their on disk inode to save nanosecond timestamps, so they
truncate the c/a/mtime to seconds when flushing an dirty node. In core the
inode would have full jiffies granuality.
This can be observed by programs as a timestamp that jumps backwards under
specific loads when an inode is flushed and then reloaded from disk.
The problem was already known when the original patch went in, but it
wasn't deemed important enough at that time. So far there has been only
one report of it causing problems. Now Tridge is worried that it will
break running Excel over samba4 because Excel seems to do very anal
timestamp checking and samba4 will supply 100ns timestamps over the
network.
This patch solves it by putting the time resolution into the superblock of
a fs and always rounding the in core timestamps to that granuality.
This also supercedes some previous ext2/3 hacks to flush the inode less
often when only the subsecond timestamp changes.
I tried to keep the overhead low, in particular it tries to keep divisions
out of fast paths as far as possible.
The patch is quite big but 99% of it is just relatively straight forward
search'n'replace in a lot of fs. Unconverted filesystems will default to a
1ns granuality, but may still show the problem if they continue to use
CURRENT_TIME. I converted all in tree fs.
One possible future extension of this would be to have two time
granualities per superblock - one that specifies the visible resolution,
and the other to specify how often timestamps should be flushed to disk,
which could be tuned with a mount option per fs (e.g. often m/atimes don't
need to be flushed every second). Would be easy to do as an addon if
someone is interested.
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Patrick McHardy spotted this, on top of previous fix. I neatened it.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
FTP connection tracking assumes it can just dereference tcphdr; not
neccessarily true now we don't linearize in ftp conntrack helper or
tcp connection tracking. Also found by nfsim.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
The nat core calls skb_ip_make_writable() with a length too short.
Found by nfsim.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
UDP and TCP refer to potentially stale pointers after calling
skb_ip_make_writable(), and UDP calls it with the wrong len argument.
All found by nfsim.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Here is a patch that just makes it use get_free_pages to test the TLB
theory. Another obvious improvement would be to not use list_heads for
the hash table buckets - a single pointer would likely suffice and it
would cut the hash table in half, saving cache, TLB and memory.
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
The multiport match doesn't support ranges of ports, so a new match
called "mport" was written. Now we have versioning of matches and
targets, we can simply put this extension in multiport revision 1.
Also, removes gratuitous checking in match: we basically trust
iptables userspace these days.
Signed-off-by: Pablo Neira Ayuso <pablo@eurodev.net>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (modified)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Anders Fugmann <afu@fugmann.dhs.org> wrote a patch to add bitops to
ipt_MARK. I made a version based on the revision patch.
Bart De Schuymer <bdschuym@pandora.be> provided the idea of overriding
the target type.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
This adds a new getsockopt to iptables, which allows userspace to
query the revision number of extensions. iptables 1.3.0 (to be
released soon) already has support for this.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Pablo Neira <pablo@eurodev.net> came up with the idea of stealing the
last byte in the (already nul-terminated) name of a target/match to
create a version.
That patch motivated me to clean up the match and target searching in
ip_tables, which makes this patch more trivial. I also renamed
"version" to "revision" since the word "version" was used for iptables
itself.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
We now have a convenient kmod macro try_then_request_module().
1) Split our current "generic" function into separate
find_target_lock(), find_table_lock() and find_match_lock()
functions explicitly.
2) Have those functions do try_module_get() for us, and fix up the one
caller who didn't do that anyway.
3) Have the caller use try_then_request_module().
4) Remove __ipt_mutex_up() and __ipt_find_target_lock() which weren't
used (even in patch-o-matic AFAICT).
This cleanup takes us closer to using standard list macros everywhere,
and makes the version patch simpler.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
We currently choose a "random" IP address to NAT to, where we have a
range. Martin Josefsson pointed out that he uses the SAME target in
iptables because changing IP addresses breaks Internet banking sites
(among others) which assume the customer will be coming from a
consistent IP address.
In fact, we spend a fair bit of effort trying to balance the number of
connections we NAT to each IP address. We can come pretty damn close
just hashing the source and destination IP addresses, and it has the
consistency property which is so desirable, as well as being faster.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Now we no longer do extra mangling, warn in that case.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
On NF_IP_LOCAL_OUT, when destination NAT changes the destination
interface, we also change the source address, so the packet is the
same as if it were generated to go that way in the first place. This
is not strictly necessary, I believe.
This patch rips that code out to see what breaks.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
On NF_IP_LOCAL_OUT or NF_IP_PRE_ROUTING, if destination NAT is not
sufficient to create a unique tuple, we try changing the source port
as well. However, this is also not strictly necessary: if the tuple
is not unique, we will also try to change the source on the
NF_IP_POST_ROUTING hook.
When we finally confirm the connection, if the tuple is still not
unique the packet will be dropped (this is required anyway as we could
race: the conntrack is not placed in the hash until the packet is
about to leave the box anyway).
In fact, we only need best effort *everywhere*.
This patch rips that code out to see what breaks.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
ip_conntrack_alter_reply checks that the reply isn't already taken,
but there's little point, since there's *still* a race after it is
called (which we handle at confirm time anyway).
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
The NAT code has the concept of multiple ranges: you can say "map this
connection onto IP 192.168.1.2 - 192.168.1.4, 192.168.1.7 ports
1024-65535, and 192.168.1.10". I implemented this because we could.
But it's not actually *used* by many (any?) people, and you can
approximate this by a random match (from patch-o-matic) if you really
want to. It adds complexity to the code.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Writing the nfsim testcase for the ECN target revealed a hole in the
rule checking: when checking whether the rule specified TCP, you need
to check it isn't inverted.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
nfsim now generates non-linear packets: when run under valgrind it
finds linear assumptions very nicely. This is the second thing I
tried, and it found a real bug.
In this case, checking the UDP checksum is correct, but overkill, and
like the ICMP header handling, does not handle non-linear packets. Remove UDP
checksum, fix ICMP error.
Signed-off-by: Rusty Russell
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Don't label all retries as "server seeing garbage".
Report correct error for buffer overflows.
Fix incorrect buffer overflow test that was masking
AUTH_REJECTEDCRED, AUTH_REJECTEDVERF,... errors.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
Description:
Ethereal and other tools display RPC XIDs in host order. This patch
changes the RPC trace messages that display XIDs to print them in host
order so they can be easily matched to XIDs that appear in Ethereal.
Signed-off-by: Chuck Lever <cel@netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
know there are no pending timers.
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
as a void * when we know perfectly well what it is. And we're passing
some arguments that we don't actually use.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
unwisely revived it for use with the gss code. Having removed that use
from the gss code, it's time to remove all references to it.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
indicate failure of an upcall to get a gss context for that cred,
set the status of waiting tasks to indicate failure.
This solves problems e.g. with creds with the CRED_DEAD flag set
never being refreshed, which caused krb5 mounts to fail after the
context used to do RENEWS expired.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
the cred containing the context non-uptodate, triggering creation of
a new context.
Note that on the send-side operations (get_mic, wrap), we mark the
cred as not uptodate, but continue trying to use it; the server can
complain if it wants to, and the next time through we'll refresh it.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
People are worrying about spinlock deadlocks in the debugging code, without
actually worrying about the bugs that triggered the debugging code in the
first place.
Convert to BUG_ON() in order to ensure that bugs are reported.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
Shirly Ma reported seeing problems with rpc_killall_tasks() causing
the task->tk_magic debugging test to trigger. It turns out we may be
killing tasks that are not yet running or even initialized.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
spinlocks.
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
Here's a patch that fixes a pretty serious bug introduced by a recent
"bugfix". The problem is that RST packets are ignored if they follow an
ACK packet, this means that the timeout of the connection isn't decreased,
so we get lots of old connections lingering around until the timeout
expires, the default timeout for state ESTABLISHED is 5 days.
This needs to go into -bk as soon as possible. The bug is present in
2.6.10 as well.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
When ipt_registrater_match() fails, ipt_recent doesn't remove its proc
entry. Found by nfsim.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
After changing firewall rules, we try to return the counters to userspace. We
didn't fail at that point if the copy failed, but it doesn't really matter.
Someone added a warn_unused_result attribute to copy_to_user, so we get bogus
warnings.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
We've been threatening to do this for ages: remove the backwards compatibility
code. We can now combine ip_conntrack_core.c and ip_conntrack_standalone.c,
likewise for the NAT code, but that will come later.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
I removed this code in a previous patch, and Patrick McHardy explained
what was wrong. Add a comment.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
ip_ct_iterate_cleanup()
Several places use ip_ct_selective_cleanup() as a general iterator, which it
was not intended for (it takes a const ip_conntrack *). So rename it, and
make it take a non-const argument.
Also, it missed unconfirmed connections, which aren't in the hash table. This
introduces a potential problem for users which expect to iterate all
connections (such as the helper deletion code). So keep a linked list of
unconfirmed connections as well.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
On failure from register_sysctl_table, we return with exit 0. Oops. init and
fini should also be static. nfsim found these.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Peejix's nfsim test for ipt_recent, written two days ago, revealed this bugs
with ipt_recent: checkentry() returns true or false, not an error. (Maybe it
should, but that's a much larger change). Also, make hash_func() static.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Modifies the TCP ehash and TCP bhash to enable the use of vmalloc to
alleviate boottime memory allocation imbalances on NUMA systems, utilizing
flags to the alloc_large_system_hash routine in order to centralize the
enabling of this behavior.
Signed-off-by: Brent Casavant <bcasavan@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
People love to do comparisons with highmem_start_page. However, where
CONFIG_HIGHMEM=y and there is no actual highmem, there's no real page at
*highmem_start_page.
That's usually not a problem, but CONFIG_NONLINEAR is a bit more strict and
catches the bogus address tranlations.
There are about a gillion different ways to find out of a 'struct page' is
highmem or not. Why not just check page_flags? Just use PageHighMem()
wherever there used to be a highmem_start_page comparison. Then, kill off
highmem_start_page.
This removes more code than it adds, and gets rid of some nasty
#ifdefs in .c files.
Signed-off-by: Dave Hansen <haveblue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
nfsim gains sysctl support, and sure enough, --failtest uncovered an
unregister when the registration had failed.
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Someone thought it would be clever if proc code ignores removal of
non-existent entries. Hence, we missed that /proc/net/stat/ip_conntrack
is never removed on module removal or init failure.
Found by nfsim.
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Nasty bug, caught while writing the ECN target test. Corrupts
checksums of packets when target is used on them.
Let this be a warning on the evils of casts.
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
that is bound to INADDR_ANY or inaddr6_any.
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
|
|
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
|
|
No need for two structs, follow the new inet_sock layout
style.
Signed-off-by: Arnaldo Carvalho de Melo <acme@conectiva.com.br>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
|
|
Signed-off-by: Vladislav Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
|
|
This code checks that the verification tag, source port and
destination port in the SCTP header matches the information
contained in the state cookie.
Signed-off-by: Vladislav Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
|
|
Signed-off-by: Vladislav Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
|
|
With this we can remove all the cut'n'pasted layouts in all inet_sock
derived classes, such as tcp_sock, udp_sock, sctp_sock, etc.
Signed-off-by: Arnaldo Carvalho de Melo <acme@conectiva.com.br>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6
|
|
Add ipv6_ib_mc_map() to convert IPv6 multicast addresses to IPoIB
hardware addresses, and add support for autoconfiguration for devices
with type ARPHRD_INFINIBAND.
The mapping for multicast addresses is described in
http://www.ietf.org/internet-drafts/draft-ietf-ipoib-ip-over-infiniband-08.txt
Signed-off-by: Nitin Hande <Nitin.Hande@Sun.Com>
Signed-off-by: Roland Dreier <roland@topspin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Add ip_ib_mc_map() to convert IPv4 multicast addresses to IPoIB
hardware addresses. Also add <linux/if_infiniband.h> so INFINIBAND_ALEN
has a home.
The mapping for multicast addresses is described in
http://www.ietf.org/internet-drafts/draft-ietf-ipoib-ip-over-infiniband-08.txt
Signed-off-by: Roland Dreier <roland@topspin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6
|
|
Taking ECN bits into account doesn't make sense. The two bits were
still unused at the time the code was written so this brings back the
old behaviour.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
For the case where CONFIG_LLC2 is modular and thus
llc_proc.c needs to get at this symbol.
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The patch below contans the following possible cleanups:
- make some needlessly global code static
- sch_htb.c: #undef HTB_DEBUG
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The patch below contains the following possible cleanups:
- make some needlessly global code static
- remove the following unused global function:
- transport.c: rxrpc_clear_transport
- remove the following unneeded EXPORT_SYMBOL:
- rxrpc_syms.c: rxrpc_call_flush
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The patch below contains the following possible cleanups:
- make some needlessly global code static
- remove the following unused global functions:
- lc_c_ac.c: llc_conn_ac_report_status
- lc_c_ac.c: llc_conn_ac_send_dm_rsp_f_set_f_flag
- lc_c_ac.c: llc_conn_ac_resend_i_cmd_p_set_1
- lc_c_ac.c: llc_conn_ac_resend_i_cmd_p_set_1_or_send_rr
- lc_c_ac.c: llc_conn_ac_send_ack_cmd_p_set_1
- lc_c_ac.c: llc_conn_ac_send_ua_rsp_f_set_f_flag
- lc_c_ac.c: llc_conn_ac_set_f_flag_p
- llc_c_ev.c: llc_conn_ev_conn_resp
- llc_c_ev.c: llc_conn_ev_rst_resp
- llc_c_ev.c: llc_conn_ev_rx_xxx_cmd_pbit_set_0
- llc_c_ev.c: llc_conn_ev_rx_xxx_yyy
- llc_c_ev.c: llc_conn_ev_any_tmr_exp
- llc_c_ev.c: llc_conn_ev_qlfy_init_p_f_cycle
- llc_c_ev.c: llc_conn_ev_qlfy_set_status_impossible
- llc_c_ev.c: llc_conn_ev_qlfy_set_status_received
- llc_if.c: llc_build_and_send_reset_pkt
- llc_pdu.c: llc_pdu_decode_cr_bit
- remove the following unneeded EXPORT_SYMBOL:
- llc_core.c: llc_sap_list_lock
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The patch below contains the following possible cleanups:
- make some needlessly global code static
- remove the following unused global functions:
- discovery.c: irlmp_find_device
- ircomm/ircomm_param.c: ircomm_param_flush
- irda_device.c: irda_device_set_dtr_rts
- irda_device.c: irda_device_change_speed
- irda_device.c: irda_device_set_mode
- iriap.c: iriap_getinfobasedetails_request
- iriap.c: iriap_getinfobasedetails_confirm
- iriap.c: iriap_getobjects_request
- iriap.c: iriap_getobjects_confirm
- iriap.c: iriap_getvalue
- irlan_client.c: irlan_client_reconnect_data_channel
- irlap_frame.c: irlap_send_frmr_frame
- irlmp.c: irlmp_status_request
- remove the follwong unused global variables:
- irnet/irnet_ppp.c: irnet_ppp_ops
- irsysctl.c: sysctl_compression
- qos.c: #ifndef CONFIG_IRDA_DYNAMIC_WINDOW irlap_requested_line_capacity
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The patch below contains the following possible cleanups:
- make some needlessly global code static
- remove the following unused global functions:
- fib_rules.c: fib_rules_map_destination
- xfrm4_policy.: xfrm4_fini
- remove the following unneeded EXPORT_SYMBOL:
- tcp_timer.c: tcp_timer_bug_msg
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
ABORTs.
Signed-off-by: Jerome Forissier <jerome.forissier@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
|
|
Signed-off-by: Adrian Bunk <bunk@stutsa.de>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
|
|
This patch introduces changes to incoming packet processing and
parsing structure for recieved messages.
Signed-off-by: Matthew Grant <grantma@anathoth.gen.nz>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
This patch unifies the socket option handling across the L2CAP,
SCO and RFCOMM socket layers.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
This patch makes more needlessly global code static.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
This patch makes a needlessly global function static.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
This patch makes some needlessly global code static.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6
|
|
Signed-off-by: Vladislav Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
|
|
This should go in before 2.6.10. It fixes a forgotten case to provide
police backward compatibility statistics for old iproute2 versions
running on a new kernel with actions enabled. Should make distributions
happy with older iproute2 versions and all-included kernel configs
since they probably favour actions over plain policer.
Testing results:
iproute2-2.4.7 on 2.6.10-rc3-bk8:
cls-police: police creation succeeded
cls-police: Sending 10 ICMP echo requests
cls-police: police dumping succeeded with output:
filter protocol ip pref 10 u32
filter protocol ip pref 10 u32 fh 800: ht divisor 1
filter protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 10:12
police 3 action drop rate 2Kbit burst 10Kb mtu 2Kb
match 00010000/00ff0000 at 8
Sent 420 bytes 10 pkts (dropped 0, overlimits 0) <-- This would have been missing
cls-police: police deletion succeeded
iproute2-2.6.9 on 2.6.10-rc3-bk8:
...
filter protocol ip pref 10 u32
filter protocol ip pref 10 u32 fh 800: ht divisor 1
filter protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 10:12 (rule hit 10 success 10)
match 00010000/00ff0000 at 8 (success 10 )
police 0x4 rate 2000bit burst 10Kb mtu 2Kb action drop
ref 1 bind 1
Sent 420 bytes 10 pkts (dropped 0, overlimits 0)
...
(Same results for fw classifier)
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
okay, here is the revised version. Testing shows that it
is more consistent, and just as fast as existing code,
probably because of the getting rid of portalloc_lock and
better distribution.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
tcindex's destroy uses its own delete functions to destroy its
configuration. The delete function (correctly) takes the qdisc_tree_lock
to prevent list walkings from happening while removing from the list.
The qdisc_tree_lock is already held if we're comming via the destroy
path and thus a double locking takes place.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6.11
|
|
We notiecd proc_net_fops_create() failing, and cleaned up, but returned
0 anyway.
Found by the --failtest flag to nfsim-testsuite. --failtest rocks my
world.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Found by nfsim (-Wmissing-prototypes is your friend).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
When adding or deleting from the source list make sure to find matches
by comparing against the new source address, not the group address.
Also, check each addr in the list rather than just the first one.
And, finally, only delete from list when there's a match rather than
vice-versa. Drop the effort to keep list sorted, since it's not done
on full-state api and can create an sl_addr entry that the delta api
won't be able to delete. Without these fixes sl_count can be corrupted
which can allow for kernel memory corruption.
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
1) Name IP_CT_TCP_STATE_FLAG_WINDOW_SCALE more consistently.
2) Client sends SYN, server responds with SYN/ACK. However
the SYN/ACK is lost in transit and the client keeps
sending the SYNs. The server times out, restarts, and
sends SYN/ACK with new sequence numbers. Those packets
were however erroneously dropped by the window tracking code.
3) NFS client and server, client crashes and connects to the
server from the same port as before the crash. Server
thinks the connection is still alove and sends an ACK,
client responds with a RST and tears down the connection
so that it can start a new one. That was not handled by
the previous code.
4) Occasionally the window tracking code logged BUG lines due
to a leftover ack instead of sack in the logging part.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The patch is from Horms <horms@vergenet.net>
Signed-off-by: Horms <horms@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
into nuts.davemloft.net:/disk1/BK/net-2.6
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The version of netem in 2.6.10 moves packets from the delayed queue
to the qdisc in a timer interrupt. But it forgot to force the device to
pick them up.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
This patch fixes an oops when the ipt action is used with a
non-existant iptables target. It tries to log
t->u.kernel.target->name, u.kernel.target is part of a union
and as long as the target wasn't successfully loaded contains
the name of the target, using it as a pointer results in a
crash.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Noticed by Georgi Guninski.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
If the user makes ip_cmsg_send call ip_options_get
multiple times, we leak kmalloced IP options data.
Noticed by Georgi Guninski.
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Mitchell Blank Jr <mitch@sfgoth.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The class of device is only available from an inquiry response or
from the connection request. In the case of an incoming connection
the value can be taken from the request and stored in the hci_conn
structure. For an outgoing connection the value from the inquiry
cache is used or it is set to zero.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
The inquiry results can return different fields and so create one
data structure that has place for every of these. Missing fields
are filled with default values.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
