- Jul 18, 2012
-
-
Saurabh authored
Incorporated David and Steffen's comments. Add hook for rx-path xfmr4_mode_tunnel for VTI tunnel module. Signed-off-by:
Saurabh Mohan <saurabh.mohan@vyatta.com> Reviewed-by:
Stephen Hemminger <shemminger@vyatta.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
Followup of commit 0c24604b (tcp: implement RFC 5961 4.2) As reported by Vijay Subramanian, we should send a challenge ACK instead of a dup ack if a SYN flag is set on a packet received out of window. This permits the ratelimiting to work as intended, and to increase correct SNMP counters. Suggested-by:
Vijay Subramanian <subramanian.vijay@gmail.com> Signed-off-by:
Eric Dumazet <edumazet@google.com> Acked-by:
-
Eric Dumazet authored
We should provide to inet6_csk_route_socket a struct flowi6 pointer, so that net6_csk_xmit() works correctly instead of sending garbage. Also add some consts Signed-off-by:
Yuchung Cheng <ycheng@google.com> Cc: Neal Cardwell <ncardwell@google.com> Signed-off-by:
-
- Jul 17, 2012
-
-
Eric Dumazet authored
free_nh_exceptions() should use rcu_dereference_protected(..., 1) since its called after one RCU grace period. Also add some const-ification in recent code. Signed-off-by:
-
David S. Miller authored
Need to mask it with (FNHE_HASH_SIZE - 1). Signed-off-by: -
Jiri Pirko authored
Signed-off-by:
Jiri Pirko <jiri@resnulli.us> Signed-off-by:
-
David S. Miller authored
In a regime where we have subnetted route entries, we need a way to store persistent storage about destination specific learned values such as redirects and PMTU values. This is implemented here via nexthop exceptions. The initial implementation is a 2048 entry hash table with relaiming starting at chain length 5. A more sophisticated scheme can be devised if that proves necessary. Signed-off-by: -
Eric Dumazet authored
Implement the RFC 5691 mitigation against Blind Reset attack using SYN bit. Section 4.2 of RFC 5961 advises to send a Challenge ACK and drop incoming packet, instead of resetting the session. Add a new SNMP counter to count number of challenge acks sent in response to SYN packets. (netstat -s | grep TCPSYNChallenge) Remove obsolete TCPAbortOnSyn, since we no longer abort a TCP session because of a SYN flag. Signed-off-by:
-
David S. Miller authored
This will be used so that we can compose a full flow key. Even though we have a route in this context, we need more. In the future the routes will be without destination address, source address, etc. keying. One ipv4 route will cover entire subnets, etc. In this environment we have to have a way to possess persistent storage for redirects and PMTU information. This persistent storage will exist in the FIB tables, and that's why we'll need to be able to rebuild a full lookup flow key here. Using that flow key will do a fib_lookup() and create/update the persistent entry. Signed-off-by: -
Eric Dumazet authored
Implement the RFC 5691 mitigation against Blind Reset attack using RST bit. Idea is to validate incoming RST sequence, to match RCV.NXT value, instead of previouly accepted window : (RCV.NXT <= SEG.SEQ < RCV.NXT+RCV.WND) If sequence is in window but not an exact match, send a "challenge ACK", so that the other part can resend an RST with the appropriate sequence. Add a new sysctl, tcp_challenge_ack_limit, to limit number of challenge ACK sent per second. Add a new SNMP counter to count number of challenge acks sent. (netstat -s | grep TCPChallengeACK) Signed-off-by:
-
Li Wei authored
We need to check the passed in multicast address and return appropriate errno(EINVAL) if it is not valid. And it's no need to walk through the ipv6_mc_list in this situation. Signed-off-by:
Li Wei <lw@cn.fujitsu.com> Signed-off-by:
-
Masanari Iida authored
Correct spelling typo in irda. Signed-off-by:
Masanari Iida <standby24x7@gmail.com> Signed-off-by:
-
Ioan Orghici authored
Fix the following sparse warning: * symbol 'sctp_init_cause_fixed' was not declared. Should it be static? Signed-off-by:
Ioan Orghici <ioanorghici@gmail.com> Acked-by:
Vlad Yasevich <vyasevich@gmail.com> Signed-off-by:
-
Eric Dumazet authored
netem does an early orphaning of skbs. Doing so breaks TCP Small Queue or any mechanism relying on socket sk_wmem_alloc feedback. Ideally, we should perform this orphaning after the rate module and before the delay module, to mimic what happens on a real link : skb orphaning is indeed normally done at TX completion, before the transit on the link. +-------+ +--------+ +---------------+ +-----------------+ + Qdisc +---> Device +--> TX completion +--> links / hops +-> + + + xmit + + skb orphaning + + propagation + +-------+ +--------+ +---------------+ +-----------------+ < rate limiting > < delay, drops, reorders > If netem is used without delay feature (drops, reorders, rate limiting), then we should avoid early skb orphaning, to keep pressure on sockets as long as packets are still in qdisc queue. Ideally, netem should be refactored to implement delay module as the last stage. Current algorithm merges the two phases (rate limiting + delay) so its not correct. Signed-off-by: -
Thomas Graf authored
The hash size is doubled when it needs to grow and compared against hash_max. The >= comparison will limit the hash table size to half of what is expected i.e. the default 512 hash_max will not allow the hash table to grow larger than 256. Also print the hash table limit instead of the desirable size when the limit is reached. Signed-off-by:
Thomas Graf <tgraf@suug.ch> Signed-off-by:
-
Denis Ovsienko authored
Userspace implementations of network routing protocols sometimes need to tell RA-originated IPv6 routes from other kernel routes to make proper routing decisions. This makes most sense for RA routes with nexthops, namely, default routes and Route Information routes. The intended mean of preserving RA route origin in a netlink message is through indicating RTPROT_RA as protocol code. Function rt6_fill_node() tried to do that for default routes, but its test condition was taken wrong. This change is modeled after the original mailing list posting by Jeff Haran. It fixes the test condition for default route case and sets the same behaviour for Route Information case (both types use nexthops). Handling of the 3rd RA route type, Prefix Information, is left unchanged, as it stands for interface connected routes (without nexthops). Signed-off-by:
Denis Ovsienko <infrastation@yandex.ru> Signed-off-by:
-
Tony Cheneau authored
Lenght field should be encoded using big endian byte order, such as intend in the specs. As it is currently written, the len field would not be decoded properly on an implementation using the correct byte ordering. Hence, it could lead to interroperability issues. Also, I rewrote the code so that iphc0 argument of lowpan_alloc_new_frame could be removed. Signed-off-by:
Tony Cheneau <tony.cheneau@amnesiak.org> Signed-off-by:
-
Tony Cheneau authored
The tag field should be stored and accessed using big endian byte order (as intended in the specs). Or else, when displayed with a trafic analyser, such a Wireshark, the field not properly displayed (e.g. 0x01 00 instead of 0x00 01, and so on). Signed-off-by:
-
Tony Cheneau authored
When a UDP packet gets fragmented, a crash will occur at reassembly time. This is because skb->transport_header is not set during earlier period of fragment reassembly. As a consequence, call to udp_hdr() return NULL and uh (which is NULL) gets dereferenced without much test. Signed-off-by:
-
Andrey Vagin authored
Before this patch sock_diag works for init_net only and dumps information about sockets from all namespaces. This patch expands sock_diag for all name-spaces. It creates a netlink kernel socket for each netns and filters data during dumping. v2: filter accoding with netns in all places remove an unused variable. Cc: "David S. Miller" <davem@davemloft.net> Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Cc: James Morris <jmorris@namei.org> Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org> Cc: Patrick McHardy <kaber@trash.net> Cc: Pavel Emelyanov <xemul@parallels.com> CC: Eric Dumazet <eric.dumazet@gmail.com> Cc: linux-kernel@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by:Andrew Vagin <avagin@openvz.org> Acked-by:
Pavel Emelyanov <xemul@parallels.com> Signed-off-by:
-
Eric Dumazet authored
Add three SNMP TCP counters, to better track TCP behavior at global stage (netstat -s), when packets are received Out Of Order (OFO) TCPOFOQueue : Number of packets queued in OFO queue TCPOFODrop : Number of packets meant to be queued in OFO but dropped because socket rcvbuf limit hit. TCPOFOMerge : Number of packets in OFO that were merged with other packets. Signed-off-by:
-
- Jul 16, 2012
-
-
David S. Miller authored
This adjusts the call to dst_ops->update_pmtu() so that we can transparently handle the fact that, in the future, the dst itself can be invalidated by the PMTU update (when we have non-host routes cached in sockets). Signed-off-by: -
David S. Miller authored
This is the ipv6 version of inet_csk_update_pmtu(). Signed-off-by: -
David S. Miller authored
This abstracts away the call to dst_ops->update_pmtu() so that we can transparently handle the fact that, in the future, the dst itself can be invalidated by the PMTU update (when we have non-host routes cached in sockets). So we try to rebuild the socket cached route after the method invocation if necessary. This isn't used by SCTP because it needs to cache dsts per-transport, and thus will need it's own local version of this helper. Signed-off-by:
-
- Jul 14, 2012
-
-
Steffen Klassert authored
We start initializing the struct xfrm_dst at the first field behind the struct dst_enty. This is error prone because it might leave a new field uninitialized. So start initializing the struct xfrm_dst right behind the dst_entry. Suggested-by:
Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by:
Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by:
-
Steffen Klassert authored
We start initializing the struct rt6_info at the first field behind the struct dst_enty. This is error prone because it might leave a new field uninitialized. So start initializing the struct rt6_info right behind the dst_entry. Suggested-by:
-
- Jul 13, 2012
-
-
Erik Hugne authored
The internal log buffer handling functions can now safely be removed since there is no code using it anymore. Requests to interact with the internal tipc log buffer over netlink (in config.c) will report 'obsolete command'. This represents the final removal of any references to a struct print_buf, and the removal of the struct itself. We also get rid of a TIPC specific Kconfig in the process. Finally, log.h is removed since it is not needed anymore. Signed-off-by:
Erik Hugne <erik.hugne@ericsson.com> Signed-off-by:
Jon Maloy <jon.maloy@ericsson.com> Signed-off-by:
Paul Gortmaker <paul.gortmaker@windriver.com>
-
Erik Hugne authored
The tipc_printf is renamed to tipc_snprintf, as the new name describes more what the function actually does. It is also changed to take a buffer and length parameter and return number of characters written to the buffer. All callers of this function that used to pass a print_buf are updated. Final removal of the struct print_buf itself will be done synchronously with the pending removal of the deprecated logging code that also was using it. Functions that build up a response message with a list of ports, nametable contents etc. are changed to return the number of characters written to the output buffer. This information was previously hidden in a field of the print_buf struct, and the number of chars written was fetched with a call to tipc_printbuf_validate. This function is removed since it is no longer referenced nor needed. A generic max size ULTRA_STRING_MAX_LEN is defined, named in keeping with the existing TIPC_TLV_ULTRA_STRING, and the various definitions in port, link and nametable code that largely duplicated this information are removed. This means that amount of link statistics that can be returned is now increased from 2k to 32k. The buffer overflow check is now done just before the reply message is passed over netlink or TIPC to a remote node and the message indicating a truncated buffer is changed to a less dramatic one (less CAPS), placed at the end of the message. Signed-off-by:
-
Erik Hugne authored
tipc_printf was previously used both to construct debug traces and to append data to buffers that should be sent over netlink to the tipc-config application. A global print_buffer was used to format the string before it was copied to the actual output buffer. This could lead to concurrent access of the global print_buffer, which then had to be lock protected. This is simplified by changing tipc_printf to append data directly to the output buffer using vscnprintf. With the new implementation of tipc_printf, there is no longer any risk of concurrent access to the internal log buffer, so the lock (and the comments describing it) are no longer strictly necessary. However, there are still a few functions that do grab this lock before resizing/dumping the log buffer. We leave the lock, and these functions untouched since they will be removed with a subsequent commit that drops the deprecated log buffer handling code Signed-off-by:
-
Paul Gortmaker authored
To pave the way for a pending cleanup of tipc_printf, and removal of struct print_buf entirely, we make that task simpler by converting link_print to issue its messages with standard printk infrastructure. [Original idea separated from a larger patch from Erik Hugne <erik.hugne@ericsson.com>] Cc: Erik Hugne <erik.hugne@ericsson.com> Signed-off-by: -
Erik Hugne authored
The link queue traces and packet level debug functions served a purpose during early development, but are now redundant since there are other, more capable tools available for debugging at the packet level. The TIPC_DEBUG Kconfig option is removed since it does not provide any extra debugging features anymore. This gets rid of a lot of tipc_printf usages, which will make the pending cleanup work of that function easier. Signed-off-by:
-
Erik Hugne authored
All messages should go directly to the kernel log. The TIPC specific error, warning, info and debug trace macro's are removed and all references replaced with pr_err, pr_warn, pr_info and pr_debug. Commonly used sub-strings are explicitly declared as a const char to reduce .text size. Note that this means the debug messages (changed to pr_debug), are now enabled through dynamic debugging, instead of a TIPC specific Kconfig option (TIPC_DEBUG). The latter will be phased out completely Signed-off-by:
-
David S. Miller authored
We only use it to fetch the rule's tclassid, so just store the tclassid there instead. This also decreases the size of fib_result by a full 8 bytes on 64-bit. On 32-bits it's a wash. Signed-off-by: -
Eric Dumazet authored
Socket state LAST_ACK should allow TSQ to send additional frames, or else we rely on incoming ACKS or timers to send them. Reported-by:
-
Alexander Duyck authored
This patch is meant to help improve performance by reducing the number of locked operations required to allocate a frag on x86 and other platforms. This is accomplished by using atomic_set operations on the page count instead of calling get_page and put_page. It is based on work originally provided by Eric Dumazet. In addition it also helps to reduce memory overhead when using TCP. This is done by recycling the page if the only holder of the frame is the netdev_alloc_frag call itself. This can occur when skb heads are stolen by either GRO or TCP and the driver providing the packets is using paged frags to store all of the data for the packets. Cc: Eric Dumazet <edumazet@google.com> Signed-off-by:
Alexander Duyck <alexander.h.duyck@intel.com> Signed-off-by:
-
- Jul 12, 2012
-
-
David S. Miller authored
No longer used. Signed-off-by: -
David S. Miller authored
All handler->err() routines expect that we've done a pskb_may_pull() test to make sure that IP header length + 8 bytes can be safely pulled. Reported-by:
Hiroaki SHIMODA <shimoda.hiroaki@gmail.com> Signed-off-by:
-
Florian Westphal authored
Can be used to match packets against netfilter ip sets created via ipset(8). skb->sk_iif is used as 'incoming interface', skb->dev is 'outgoing interface'. Since ipset is usually called from netfilter, the ematch initializes a fake xt_action_param, pulls the ip header into the linear area and also sets skb->data to the IP header (otherwise matching Layer 4 set types doesn't work). Tested-by:
Mr Dash Four <mr.dash.four@googlemail.com> Signed-off-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
-
alex.bluesman.smirnov@gmail.com authored
6lowpan module starts collecting incomming frames and fragments right after lowpan_module_init() therefor it will be better to clean unfinished fragments in lowpan_cleanup_module() function instead of doing it when link goes down. Changed spinlocks type to prevent deadlock with expired timer event and removed unused one. Signed-off-by:
Alexander Smirnov <alex.bluesman.smirnov@gmail.com> Signed-off-by:
-
alex.bluesman.smirnov@gmail.com authored
Function lowpan_alloc_new_frame() takes u8 tag as an argument. However, its only caller, lowpan_process_data() passes down a u16. Hence, the tag value can get corrupted. This prevent 6lowpan fragment reassembly of a message when the fragment tag value is over 256. Signed-off-by:
-
