- Feb 13, 2007
-
-
Kazunori MIYAZAWA authored
This patch makes sit use xfrm4_tunnel_register instead of inet_add_protocol. It solves conflict of sit device with inter address family IPsec tunnel. Signed-off-by:
Kazunori MIYAZAWA <miyazawa@linux-ipv6.org> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Kazunori MIYAZAWA authored
This patch changes xfrm4_tunnel register and deregister interface to prepare for solving the conflict of device tunnels with inter address family IPsec tunnel. Signed-off-by:
-
Ilpo Järvinen authored
TCP may advertize up to 16-bits window in SYN packets (no window scaling allowed). At the same time, TCP may have rcv_wnd (32-bits) that does not fit to 16-bits without window scaling resulting in pseudo garbage into advertized window from the low-order bits of rcv_wnd. This can happen at least when mss <= (1<<wscale) (see tcp_select_initial_window). This patch fixes the handling of SYN advertized windows (compile tested only). In worst case (which is unlikely to occur though), the receiver advertized window could be just couple of bytes. I'm not sure that such situation would be handled very well at all by the receiver!? Fortunately, the situation normalizes after the first non-SYN ACK is received because it has the correct, scaled window. Alternatively, tcp_select_initial_window could be changed to prevent too large rcv_wnd in the first place. [ tcp_make_synack() has the same bug, and I've added a fix for that to this patch -DaveM ] Signed-off-by:
Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
Jarek Poplawski authored
Signed-off-by:
Jarek Poplawski <jarkao2@o2.pl> Acked-by:
Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by:
-
Herbert Xu authored
The TCP reset packet is copied from the original. This includes all the GSO bits which do not apply to the new packet. So we should clear those bits. Spotted by Patrick McHardy. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Patrick McHardy authored
Add missing break when CONFIG_IPV6=n. Signed-off-by:
-
YOSHIFUJI Hideaki authored
Tetsuo Handa <handat@pm.nttdata.co.jp> told me that connect(2) with TCPv6 socket almost always took a few minutes to return when we did not have any ports available in the range of net.ipv4.ip_local_port_range. The reason was that we used incorrect seed for calculating index of hash when we check established sockets in __inet6_check_established(). Signed-off-by:
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by:
-
- Feb 12, 2007
-
-
David S. Miller authored
Make sure that this function is called correctly, and add BUG() checking to ensure the arguments are sane. Based upon a patch by Joy Latten. Signed-off-by: -
Stephen Hemminger authored
Minor non-invasive cleanups: * white space around operators and line wrapping * use const * use __read_mostly Signed-off-by:
-
Stephen Hemminger authored
These module parameters should be in the read mostly area to avoid cache pollution. Signed-off-by:
-
Patrick McHardy authored
sysctls are registered by the protocol module itself since 2.6.19, no need to have them visible to others. Signed-off-by:
-
Masahide NAKAMURA authored
Regarding RFC3775, MH payload proto field should be IPPROTO_NONE. Otherwise it must be discarded (and the receiver should send ICMP error). We assume filter should drop such piggyback everytime to disallow slipping through firewall rules, even the final receiver will discard it. Signed-off-by:
Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by:
-
YOSHIFUJI Hideaki authored
Signed-off-by:
-
Patrick McHardy authored
Instead of depending on internally needed options and letting users figure out what is needed, select them when needed: - IP_NF_IPTABLES, IP_NF_ARPTABLES and IP6_NF_IPTABLES select NETFILTER_XTABLES - NETFILTER_XT_TARGET_CONNMARK, NETFILTER_XT_MATCH_CONNMARK and IP_NF_TARGET_CLUSTERIP select NF_CONNTRACK_MARK - NETFILTER_XT_MATCH_CONNBYTES selects NF_CT_ACCT Signed-off-by:
-
Patrick McHardy authored
Use NF_IP6_ instead of NF_IP_. The values are identical, this is merely cleanup. Signed-off-by:
-
Patrick McHardy authored
No caller checks the return value, and since its usually called within the module unload path there's nothing a module could do about errors anyway, so BUG on invalid conditions and return void. Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
NF_CT_STAT_INC assumes rcu_read_lock in nf_hook_slow disables preemption as well, making it legal to use __get_cpu_var without disabling preemption manually. The assumption is not correct anymore with preemptable RCU, additionally we need to protect against softirqs when not holding nf_conntrack_lock. Add NF_CT_STAT_INC_ATOMIC macro, which disables local softirqs, and use where necessary. Signed-off-by:
-
Patrick McHardy authored
CONNTRACK_STAT_INC assumes rcu_read_lock in nf_hook_slow disables preemption as well, making it legal to use __get_cpu_var without disabling preemption manually. The assumption is not correct anymore with preemptable RCU, additionally we need to protect against softirqs when not holding ip_conntrack_lock. Add CONNTRACK_STAT_INC_ATOMIC macro, which disables local softirqs, and use where necessary. Signed-off-by:
-
Patrick McHardy authored
Replace preempt_{enable,disable} based RCU by proper use of the RCU API and add missing rcu_read_lock/rcu_read_unlock calls in all paths not obviously only used within packet process context (nfnetlink_conntrack). Signed-off-by: -
Patrick McHardy authored
Replace preempt_{enable,disable} based RCU by proper use of the RCU API and add missing rcu_read_lock/rcu_read_unlock calls in all paths not obviously only used within packet process context (nfnetlink_conntrack). Signed-off-by: -
Patrick McHardy authored
Replace preempt_{enable,disable} based RCU by proper use of the RCU API and add missing rcu_read_lock/rcu_read_unlock calls in paths used outside of packet processing context (nfnetlink_conntrack). Signed-off-by: -
Patrick McHardy authored
Replace preempt_{enable,disable} based RCU by proper use of the RCU API and add missing rcu_read_lock/rcu_read_unlock calls in paths used outside of packet processing context (nfnetlink_conntrack). Signed-off-by: -
Patrick McHardy authored
- rename nf_logging to nf_loggers since its an array of registered loggers - rename nf_log_unregister_logger() to nf_log_unregister() to make it symetrical to nf_log_register() and convert all users Signed-off-by:
-
Patrick McHardy authored
The spinlock is only used in process context (register/unregister), switch to a mutex. Signed-off-by:
-
Patrick McHardy authored
Since the only user of nf_log_unregister_pf (nfnetlink_log) doesn't check the return value, change it to void and bail out silently when a non-existant address family is supplied. Signed-off-by:
-
Patrick McHardy authored
Also replace synchronize_net() calls by synchronize_rcu() since the RCU protected data is also used for sysfs. Signed-off-by:
-
Patrick McHardy authored
The spinlock is only used in process context (register/unregister) since RCU is used for the nf_hook lists, switch to a mutex. Signed-off-by:
-
Patrick McHardy authored
The spinlock is only used in process context (register/unregister), switch to a mutex. Signed-off-by:
-
Patrick McHardy authored
We're only adding to the list, no need to synchronize. Signed-off-by:
-
Patrick McHardy authored
Use rcu_assign_pointer/rcu_dereference for ip_ct_attach pointer instead of self-made RCU and use rcu_read_lock to make sure the conntrack module doesn't disappear below us while calling it, since this function can be called from outside the netfilter hooks. Signed-off-by:
-
Arjan van de Ven authored
Many struct file_operations in the kernel can be "const". Marking them const moves these to the .rodata section, which avoids false sharing with potential dirty data. In addition it'll catch accidental writes at compile time to these shared resources. Signed-off-by:
Arjan van de Ven <arjan@linux.intel.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Arjan van de Ven authored
Many struct file_operations in the kernel can be "const". Marking them const moves these to the .rodata section, which avoids false sharing with potential dirty data. In addition it'll catch accidental writes at compile time to these shared resources. Signed-off-by:
-
Chuck Lever authored
Replace existing svc_create_socket() API to allow callers to pass addresses larger than a sockaddr_in. Signed-off-by:
Chuck Lever <chuck.lever@oracle.com> Cc: Aurelien Charbon <aurelien.charbon@ext.bull.net> Signed-off-by:
Neil Brown <neilb@suse.de> Signed-off-by:
-
Chuck Lever authored
Add support for IPv6 addresses in the RPC server's UDP receive path. [akpm@linux-foundation.org: cleanups] Signed-off-by:
-
Andrew Morton authored
Modify svc_tcp_accept to support connecting on IPv6 sockets. Signed-off-by:
-
Chuck Lever authored
The only reason svcsock.c looks at a sockaddr's port is to check whether the remote peer is connecting from a privileged port. Refactor this check to hide processing that is specific to address format. Signed-off-by:
-
Chuck Lever authored
CMSG_DATA comes in different sizes, depending on address family. [akpm@linux-foundation.org: remove unneeded do/while (0)] Signed-off-by:
-
