提交 bf603625 编写于 作者: L Linus Torvalds

Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [ATM]: [lec] use refcnt to protect lec_arp_entries outside lock
  [ATM]: [lec] add reference counting to lec_arp entries
  [ATM]: [lec] use work queue instead of timer for lec arp expiry
  [ATM]: [lec] old_close is no longer used
  [ATM]: [lec] convert lec_arp_table to hlist
  [ATM]: [lec] header indent, comment and whitespace cleanup
  [ATM]: [lec] indent, comment and whitespace cleanup [continued]
  [ATM]: [lec] indent, comment and whitespace cleanup
  [SCTP]: Do not timestamp every SCTP packet.
  [SCTP]: Use correct mask when disabling PMTUD.
  [SCTP]: Include sk_buff overhead while updating the peer's receive window.
  [SCTP]: Enable Nagle algorithm by default.
  [BNX2]: Disable MSI on 5706 if AMD 8132 bridge is present.
  [NetLabel]: audit fixups due to delayed feedback
......@@ -56,8 +56,8 @@
#define DRV_MODULE_NAME "bnx2"
#define PFX DRV_MODULE_NAME ": "
#define DRV_MODULE_VERSION "1.4.44"
#define DRV_MODULE_RELDATE "August 10, 2006"
#define DRV_MODULE_VERSION "1.4.45"
#define DRV_MODULE_RELDATE "September 29, 2006"
#define RUN_AT(x) (jiffies + (x))
......@@ -5805,6 +5805,34 @@ bnx2_init_board(struct pci_dev *pdev, struct net_device *dev)
bp->cmd_ticks_int = bp->cmd_ticks;
}
/* Disable MSI on 5706 if AMD 8132 bridge is found.
*
* MSI is defined to be 32-bit write. The 5706 does 64-bit MSI writes
* with byte enables disabled on the unused 32-bit word. This is legal
* but causes problems on the AMD 8132 which will eventually stop
* responding after a while.
*
* AMD believes this incompatibility is unique to the 5706, and
* prefers to locally disable MSI rather than globally disabling it
* using pci_msi_quirk.
*/
if (CHIP_NUM(bp) == CHIP_NUM_5706 && disable_msi == 0) {
struct pci_dev *amd_8132 = NULL;
while ((amd_8132 = pci_get_device(PCI_VENDOR_ID_AMD,
PCI_DEVICE_ID_AMD_8132_BRIDGE,
amd_8132))) {
u8 rev;
pci_read_config_byte(amd_8132, PCI_REVISION_ID, &rev);
if (rev >= 0x10 && rev <= 0x13) {
disable_msi = 1;
pci_dev_put(amd_8132);
break;
}
}
}
bp->autoneg = AUTONEG_SPEED | AUTONEG_FLOW_CTRL;
bp->req_line_speed = 0;
if (bp->phy_flags & PHY_SERDES_FLAG) {
......
/*
*
* ATM Lan Emulation Daemon vs. driver interface
*
* mkiiskila@yahoo.com
* ATM Lan Emulation Daemon driver interface
*
* Marko Kiiskila <mkiiskila@yahoo.com>
*/
#ifndef _ATMLEC_H_
......@@ -13,76 +11,87 @@
#include <linux/atmioc.h>
#include <linux/atm.h>
#include <linux/if_ether.h>
/* ATM lec daemon control socket */
#define ATMLEC_CTRL _IO('a',ATMIOC_LANE)
#define ATMLEC_DATA _IO('a',ATMIOC_LANE+1)
#define ATMLEC_MCAST _IO('a',ATMIOC_LANE+2)
#define ATMLEC_CTRL _IO('a', ATMIOC_LANE)
#define ATMLEC_DATA _IO('a', ATMIOC_LANE+1)
#define ATMLEC_MCAST _IO('a', ATMIOC_LANE+2)
/* Maximum number of LEC interfaces (tweakable) */
#define MAX_LEC_ITF 48
/* From the total of MAX_LEC_ITF, last NUM_TR_DEVS are reserved for Token Ring.
/*
* From the total of MAX_LEC_ITF, last NUM_TR_DEVS are reserved for Token Ring.
* E.g. if MAX_LEC_ITF = 48 and NUM_TR_DEVS = 8, then lec0-lec39 are for
* Ethernet ELANs and lec40-lec47 are for Token Ring ELANS.
*/
#define NUM_TR_DEVS 8
typedef enum {
l_set_mac_addr, l_del_mac_addr,
l_svc_setup,
l_addr_delete, l_topology_change,
l_flush_complete, l_arp_update,
l_narp_req, /* LANE2 mandates the use of this */
l_config, l_flush_tran_id,
l_set_lecid, l_arp_xmt,
l_rdesc_arp_xmt,
l_associate_req,
l_should_bridge /* should we bridge this MAC? */
typedef enum {
l_set_mac_addr,
l_del_mac_addr,
l_svc_setup,
l_addr_delete,
l_topology_change,
l_flush_complete,
l_arp_update,
l_narp_req, /* LANE2 mandates the use of this */
l_config,
l_flush_tran_id,
l_set_lecid,
l_arp_xmt,
l_rdesc_arp_xmt,
l_associate_req,
l_should_bridge /* should we bridge this MAC? */
} atmlec_msg_type;
#define ATMLEC_MSG_TYPE_MAX l_should_bridge
struct atmlec_config_msg {
unsigned int maximum_unknown_frame_count;
unsigned int max_unknown_frame_time;
unsigned short max_retry_count;
unsigned int aging_time;
unsigned int forward_delay_time;
unsigned int arp_response_time;
unsigned int flush_timeout;
unsigned int path_switching_delay;
unsigned int lane_version; /* LANE2: 1 for LANEv1, 2 for LANEv2 */
int mtu;
int is_proxy;
unsigned int maximum_unknown_frame_count;
unsigned int max_unknown_frame_time;
unsigned short max_retry_count;
unsigned int aging_time;
unsigned int forward_delay_time;
unsigned int arp_response_time;
unsigned int flush_timeout;
unsigned int path_switching_delay;
unsigned int lane_version; /* LANE2: 1 for LANEv1, 2 for LANEv2 */
int mtu;
int is_proxy;
};
struct atmlec_msg {
atmlec_msg_type type;
int sizeoftlvs; /* LANE2: if != 0, tlvs follow */
union {
struct {
unsigned char mac_addr[ETH_ALEN];
unsigned char atm_addr[ATM_ESA_LEN];
unsigned int flag;/* Topology_change flag,
remoteflag, permanent flag,
lecid, transaction id */
unsigned int targetless_le_arp; /* LANE2 */
unsigned int no_source_le_narp; /* LANE2 */
} normal;
struct atmlec_config_msg config;
struct {
uint16_t lec_id; /* requestor lec_id */
uint32_t tran_id; /* transaction id */
unsigned char mac_addr[ETH_ALEN]; /* dst mac addr */
unsigned char atm_addr[ATM_ESA_LEN]; /* reqestor ATM addr */
} proxy;
/* For mapping LE_ARP requests to responses. Filled by */
} content; /* zeppelin, returned by kernel. Used only when proxying */
atmlec_msg_type type;
int sizeoftlvs; /* LANE2: if != 0, tlvs follow */
union {
struct {
unsigned char mac_addr[ETH_ALEN];
unsigned char atm_addr[ATM_ESA_LEN];
unsigned int flag; /*
* Topology_change flag,
* remoteflag, permanent flag,
* lecid, transaction id
*/
unsigned int targetless_le_arp; /* LANE2 */
unsigned int no_source_le_narp; /* LANE2 */
} normal;
struct atmlec_config_msg config;
struct {
uint16_t lec_id; /* requestor lec_id */
uint32_t tran_id; /* transaction id */
unsigned char mac_addr[ETH_ALEN]; /* dst mac addr */
unsigned char atm_addr[ATM_ESA_LEN]; /* reqestor ATM addr */
} proxy; /*
* For mapping LE_ARP requests to responses. Filled by
* zeppelin, returned by kernel. Used only when proxying
*/
} content;
} __ATM_API_ALIGN;
struct atmlec_ioc {
int dev_num;
unsigned char atm_addr[ATM_ESA_LEN];
unsigned char receive; /* 1= receive vcc, 0 = send vcc */
int dev_num;
unsigned char atm_addr[ATM_ESA_LEN];
unsigned char receive; /* 1= receive vcc, 0 = send vcc */
};
#endif /* _ATMLEC_H_ */
......@@ -95,12 +95,11 @@
#define AUDIT_MAC_POLICY_LOAD 1403 /* Policy file load */
#define AUDIT_MAC_STATUS 1404 /* Changed enforcing,permissive,off */
#define AUDIT_MAC_CONFIG_CHANGE 1405 /* Changes to booleans */
#define AUDIT_MAC_UNLBL_ACCEPT 1406 /* NetLabel: allow unlabeled traffic */
#define AUDIT_MAC_UNLBL_DENY 1407 /* NetLabel: deny unlabeled traffic */
#define AUDIT_MAC_CIPSOV4_ADD 1408 /* NetLabel: add CIPSOv4 DOI entry */
#define AUDIT_MAC_CIPSOV4_DEL 1409 /* NetLabel: del CIPSOv4 DOI entry */
#define AUDIT_MAC_MAP_ADD 1410 /* NetLabel: add LSM domain mapping */
#define AUDIT_MAC_MAP_DEL 1411 /* NetLabel: del LSM domain mapping */
#define AUDIT_MAC_UNLBL_ALLOW 1406 /* NetLabel: allow unlabeled traffic */
#define AUDIT_MAC_CIPSOV4_ADD 1407 /* NetLabel: add CIPSOv4 DOI entry */
#define AUDIT_MAC_CIPSOV4_DEL 1408 /* NetLabel: del CIPSOv4 DOI entry */
#define AUDIT_MAC_MAP_ADD 1409 /* NetLabel: add LSM domain mapping */
#define AUDIT_MAC_MAP_DEL 1410 /* NetLabel: del LSM domain mapping */
#define AUDIT_FIRST_KERN_ANOM_MSG 1700
#define AUDIT_LAST_KERN_ANOM_MSG 1799
......
......@@ -507,6 +507,7 @@
#define PCI_DEVICE_ID_AMD_8151_0 0x7454
#define PCI_DEVICE_ID_AMD_8131_BRIDGE 0x7450
#define PCI_DEVICE_ID_AMD_8131_APIC 0x7451
#define PCI_DEVICE_ID_AMD_8132_BRIDGE 0x7458
#define PCI_DEVICE_ID_AMD_CS5536_ISA 0x2090
#define PCI_DEVICE_ID_AMD_CS5536_FLASH 0x2091
#define PCI_DEVICE_ID_AMD_CS5536_AUDIO 0x2093
......
......@@ -129,7 +129,7 @@ extern int cipso_v4_rbm_strictvalid;
#ifdef CONFIG_NETLABEL
int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);
int cipso_v4_doi_remove(u32 doi,
u32 audit_secid,
struct netlbl_audit *audit_info,
void (*callback) (struct rcu_head * head));
struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
int cipso_v4_doi_walk(u32 *skip_cnt,
......@@ -145,7 +145,7 @@ static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
}
static inline int cipso_v4_doi_remove(u32 doi,
u32 audit_secid,
struct netlbl_audit *audit_info,
void (*callback) (struct rcu_head * head))
{
return 0;
......
......@@ -92,11 +92,17 @@
*
*/
/* NetLabel audit information */
struct netlbl_audit {
u32 secid;
uid_t loginuid;
};
/* Domain mapping definition struct */
struct netlbl_dom_map;
/* Domain mapping operations */
int netlbl_domhsh_remove(const char *domain, u32 audit_secid);
int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info);
/* LSM security attributes */
struct netlbl_lsm_cache {
......
此差异已折叠。
/*
*
* Lan Emulation client header file
*
* Marko Kiiskila mkiiskila@yahoo.com
*
* Marko Kiiskila <mkiiskila@yahoo.com>
*/
#ifndef _LEC_H_
#define _LEC_H_
#include <linux/config.h>
#include <linux/atmdev.h>
#include <linux/netdevice.h>
#include <linux/atmlec.h>
......@@ -16,18 +15,18 @@
#define LEC_HEADER_LEN 16
struct lecdatahdr_8023 {
unsigned short le_header;
unsigned char h_dest[ETH_ALEN];
unsigned char h_source[ETH_ALEN];
unsigned short h_type;
unsigned short le_header;
unsigned char h_dest[ETH_ALEN];
unsigned char h_source[ETH_ALEN];
unsigned short h_type;
};
struct lecdatahdr_8025 {
unsigned short le_header;
unsigned char ac_pad;
unsigned char fc;
unsigned char h_dest[ETH_ALEN];
unsigned char h_source[ETH_ALEN];
unsigned short le_header;
unsigned char ac_pad;
unsigned char fc;
unsigned char h_dest[ETH_ALEN];
unsigned char h_source[ETH_ALEN];
};
#define LEC_MINIMUM_8023_SIZE 62
......@@ -44,17 +43,18 @@ struct lecdatahdr_8025 {
*
*/
struct lane2_ops {
int (*resolve)(struct net_device *dev, u8 *dst_mac, int force,
u8 **tlvs, u32 *sizeoftlvs);
int (*associate_req)(struct net_device *dev, u8 *lan_dst,
u8 *tlvs, u32 sizeoftlvs);
void (*associate_indicator)(struct net_device *dev, u8 *mac_addr,
u8 *tlvs, u32 sizeoftlvs);
int (*resolve) (struct net_device *dev, u8 *dst_mac, int force,
u8 **tlvs, u32 *sizeoftlvs);
int (*associate_req) (struct net_device *dev, u8 *lan_dst,
u8 *tlvs, u32 sizeoftlvs);
void (*associate_indicator) (struct net_device *dev, u8 *mac_addr,
u8 *tlvs, u32 sizeoftlvs);
};
/*
* ATM LAN Emulation supports both LLC & Dix Ethernet EtherType
* frames.
*
* 1. Dix Ethernet EtherType frames encoded by placing EtherType
* field in h_type field. Data follows immediatelly after header.
* 2. LLC Data frames whose total length, including LLC field and data,
......@@ -70,72 +70,88 @@ struct lane2_ops {
#define LEC_ARP_TABLE_SIZE 16
struct lec_priv {
struct net_device_stats stats;
unsigned short lecid; /* Lecid of this client */
struct lec_arp_table *lec_arp_empty_ones;
/* Used for storing VCC's that don't have a MAC address attached yet */
struct lec_arp_table *lec_arp_tables[LEC_ARP_TABLE_SIZE];
/* Actual LE ARP table */
struct lec_arp_table *lec_no_forward;
/* Used for storing VCC's (and forward packets from) which are to
age out by not using them to forward packets.
This is because to some LE clients there will be 2 VCCs. Only
one of them gets used. */
struct lec_arp_table *mcast_fwds;
/* With LANEv2 it is possible that BUS (or a special multicast server)
establishes multiple Multicast Forward VCCs to us. This list
collects all those VCCs. LANEv1 client has only one item in this
list. These entries are not aged out. */
spinlock_t lec_arp_lock;
struct atm_vcc *mcast_vcc; /* Default Multicast Send VCC */
struct atm_vcc *lecd;
struct timer_list lec_arp_timer;
/* C10 */
unsigned int maximum_unknown_frame_count;
/* Within the period of time defined by this variable, the client will send
no more than C10 frames to BUS for a given unicast destination. (C11) */
unsigned long max_unknown_frame_time;
/* If no traffic has been sent in this vcc for this period of time,
vcc will be torn down (C12)*/
unsigned long vcc_timeout_period;
/* An LE Client MUST not retry an LE_ARP_REQUEST for a
given frame's LAN Destination more than maximum retry count times,
after the first LEC_ARP_REQUEST (C13)*/
unsigned short max_retry_count;
/* Max time the client will maintain an entry in its arp cache in
absence of a verification of that relationship (C17)*/
unsigned long aging_time;
/* Max time the client will maintain an entry in cache when
topology change flag is true (C18) */
unsigned long forward_delay_time;
/* Topology change flag (C19)*/
int topology_change;
/* Max time the client expects an LE_ARP_REQUEST/LE_ARP_RESPONSE
cycle to take (C20)*/
unsigned long arp_response_time;
/* Time limit ot wait to receive an LE_FLUSH_RESPONSE after the
LE_FLUSH_REQUEST has been sent before taking recover action. (C21)*/
unsigned long flush_timeout;
/* The time since sending a frame to the bus after which the
LE Client may assume that the frame has been either discarded or
delivered to the recipient (C22) */
unsigned long path_switching_delay;
struct net_device_stats stats;
unsigned short lecid; /* Lecid of this client */
struct hlist_head lec_arp_empty_ones;
/* Used for storing VCC's that don't have a MAC address attached yet */
struct hlist_head lec_arp_tables[LEC_ARP_TABLE_SIZE];
/* Actual LE ARP table */
struct hlist_head lec_no_forward;
/*
* Used for storing VCC's (and forward packets from) which are to
* age out by not using them to forward packets.
* This is because to some LE clients there will be 2 VCCs. Only
* one of them gets used.
*/
struct hlist_head mcast_fwds;
/*
* With LANEv2 it is possible that BUS (or a special multicast server)
* establishes multiple Multicast Forward VCCs to us. This list
* collects all those VCCs. LANEv1 client has only one item in this
* list. These entries are not aged out.
*/
spinlock_t lec_arp_lock;
struct atm_vcc *mcast_vcc; /* Default Multicast Send VCC */
struct atm_vcc *lecd;
struct work_struct lec_arp_work; /* C10 */
unsigned int maximum_unknown_frame_count;
/*
* Within the period of time defined by this variable, the client will send
* no more than C10 frames to BUS for a given unicast destination. (C11)
*/
unsigned long max_unknown_frame_time;
/*
* If no traffic has been sent in this vcc for this period of time,
* vcc will be torn down (C12)
*/
unsigned long vcc_timeout_period;
/*
* An LE Client MUST not retry an LE_ARP_REQUEST for a
* given frame's LAN Destination more than maximum retry count times,
* after the first LEC_ARP_REQUEST (C13)
*/
unsigned short max_retry_count;
/*
* Max time the client will maintain an entry in its arp cache in
* absence of a verification of that relationship (C17)
*/
unsigned long aging_time;
/*
* Max time the client will maintain an entry in cache when
* topology change flag is true (C18)
*/
unsigned long forward_delay_time; /* Topology change flag (C19) */
int topology_change;
/*
* Max time the client expects an LE_ARP_REQUEST/LE_ARP_RESPONSE
* cycle to take (C20)
*/
unsigned long arp_response_time;
/*
* Time limit ot wait to receive an LE_FLUSH_RESPONSE after the
* LE_FLUSH_REQUEST has been sent before taking recover action. (C21)
*/
unsigned long flush_timeout;
/* The time since sending a frame to the bus after which the
* LE Client may assume that the frame has been either discarded or
* delivered to the recipient (C22)
*/
unsigned long path_switching_delay;
u8 *tlvs; /* LANE2: TLVs are new */
u32 sizeoftlvs; /* The size of the tlv array in bytes */
int lane_version; /* LANE2 */
int itfnum; /* e.g. 2 for lec2, 5 for lec5 */
struct lane2_ops *lane2_ops; /* can be NULL for LANE v1 */
int is_proxy; /* bridge between ATM and Ethernet */
int is_trdev; /* Device type, 0 = Ethernet, 1 = TokenRing */
u8 *tlvs; /* LANE2: TLVs are new */
u32 sizeoftlvs; /* The size of the tlv array in bytes */
int lane_version; /* LANE2 */
int itfnum; /* e.g. 2 for lec2, 5 for lec5 */
struct lane2_ops *lane2_ops; /* can be NULL for LANE v1 */
int is_proxy; /* bridge between ATM and Ethernet */
int is_trdev; /* Device type, 0 = Ethernet, 1 = TokenRing */
};
struct lec_vcc_priv {
void (*old_pop)(struct atm_vcc *vcc, struct sk_buff *skb);
void (*old_pop) (struct atm_vcc *vcc, struct sk_buff *skb);
int xoff;
};
#define LEC_VCC_PRIV(vcc) ((struct lec_vcc_priv *)((vcc)->user_back))
#endif /* _LEC_H_ */
#endif /* _LEC_H_ */
/*
* Lec arp cache
* Marko Kiiskila mkiiskila@yahoo.com
*
* Marko Kiiskila <mkiiskila@yahoo.com>
*/
#ifndef _LEC_ARP_H
#define _LEC_ARP_H
#ifndef _LEC_ARP_H_
#define _LEC_ARP_H_
#include <linux/atm.h>
#include <linux/atmdev.h>
#include <linux/if_ether.h>
#include <linux/atmlec.h>
struct lec_arp_table {
struct lec_arp_table *next; /* Linked entry list */
unsigned char atm_addr[ATM_ESA_LEN]; /* Atm address */
unsigned char mac_addr[ETH_ALEN]; /* Mac address */
int is_rdesc; /* Mac address is a route descriptor */
struct atm_vcc *vcc; /* Vcc this entry is attached */
struct atm_vcc *recv_vcc; /* Vcc we receive data from */
void (*old_push)(struct atm_vcc *vcc,struct sk_buff *skb);
/* Push that leads to daemon */
void (*old_recv_push)(struct atm_vcc *vcc, struct sk_buff *skb);
/* Push that leads to daemon */
void (*old_close)(struct atm_vcc *vcc);
/* We want to see when this
* vcc gets closed */
unsigned long last_used; /* For expiry */
unsigned long timestamp; /* Used for various timestamping
* things:
* 1. FLUSH started
* (status=ESI_FLUSH_PENDING)
* 2. Counting to
* max_unknown_frame_time
* (status=ESI_ARP_PENDING||
* status=ESI_VC_PENDING)
*/
unsigned char no_tries; /* No of times arp retry has been
tried */
unsigned char status; /* Status of this entry */
unsigned short flags; /* Flags for this entry */
unsigned short packets_flooded; /* Data packets flooded */
unsigned long flush_tran_id; /* Transaction id in flush protocol */
struct timer_list timer; /* Arping timer */
struct lec_priv *priv; /* Pointer back */
struct hlist_node next; /* Linked entry list */
unsigned char atm_addr[ATM_ESA_LEN]; /* Atm address */
unsigned char mac_addr[ETH_ALEN]; /* Mac address */
int is_rdesc; /* Mac address is a route descriptor */
struct atm_vcc *vcc; /* Vcc this entry is attached */
struct atm_vcc *recv_vcc; /* Vcc we receive data from */
u8 *tlvs; /* LANE2: Each MAC address can have TLVs */
u32 sizeoftlvs; /* associated with it. sizeoftlvs tells the */
/* the length of the tlvs array */
struct sk_buff_head tx_wait; /* wait queue for outgoing packets */
void (*old_push) (struct atm_vcc *vcc, struct sk_buff *skb);
/* Push that leads to daemon */
void (*old_recv_push) (struct atm_vcc *vcc, struct sk_buff *skb);
/* Push that leads to daemon */
unsigned long last_used; /* For expiry */
unsigned long timestamp; /* Used for various timestamping things:
* 1. FLUSH started
* (status=ESI_FLUSH_PENDING)
* 2. Counting to
* max_unknown_frame_time
* (status=ESI_ARP_PENDING||
* status=ESI_VC_PENDING)
*/
unsigned char no_tries; /* No of times arp retry has been tried */
unsigned char status; /* Status of this entry */
unsigned short flags; /* Flags for this entry */
unsigned short packets_flooded; /* Data packets flooded */
unsigned long flush_tran_id; /* Transaction id in flush protocol */
struct timer_list timer; /* Arping timer */
struct lec_priv *priv; /* Pointer back */
u8 *tlvs;
u32 sizeoftlvs; /*
* LANE2: Each MAC address can have TLVs
* associated with it. sizeoftlvs tells the
* the length of the tlvs array
*/
struct sk_buff_head tx_wait; /* wait queue for outgoing packets */
atomic_t usage; /* usage count */
};
struct tlv { /* LANE2: Template tlv struct for accessing */
/* the tlvs in the lec_arp_table->tlvs array*/
u32 type;
u8 length;
u8 value[255];
/*
* LANE2: Template tlv struct for accessing
* the tlvs in the lec_arp_table->tlvs array
*/
struct tlv {
u32 type;
u8 length;
u8 value[255];
};
/* Status fields */
#define ESI_UNKNOWN 0 /*
* Next packet sent to this mac address
* causes ARP-request to be sent
*/
#define ESI_ARP_PENDING 1 /*
* There is no ATM address associated with this
* 48-bit address. The LE-ARP protocol is in
* progress.
*/
#define ESI_VC_PENDING 2 /*
* There is a valid ATM address associated with
* this 48-bit address but there is no VC set
* up to that ATM address. The signaling
* protocol is in process.
*/
#define ESI_FLUSH_PENDING 4 /*
* The LEC has been notified of the FLUSH_START
* status and it is assumed that the flush
* protocol is in process.
*/
#define ESI_FORWARD_DIRECT 5 /*
* Either the Path Switching Delay (C22) has
* elapsed or the LEC has notified the Mapping
* that the flush protocol has completed. In
* either case, it is safe to forward packets
* to this address via the data direct VC.
*/
#define ESI_UNKNOWN 0 /*
* Next packet sent to this mac address
* causes ARP-request to be sent
*/
#define ESI_ARP_PENDING 1 /*
* There is no ATM address associated with this
* 48-bit address. The LE-ARP protocol is in
* progress.
*/
#define ESI_VC_PENDING 2 /*
* There is a valid ATM address associated with
* this 48-bit address but there is no VC set
* up to that ATM address. The signaling
* protocol is in process.
*/
#define ESI_FLUSH_PENDING 4 /*
* The LEC has been notified of the FLUSH_START
* status and it is assumed that the flush
* protocol is in process.
*/
#define ESI_FORWARD_DIRECT 5 /*
* Either the Path Switching Delay (C22) has
* elapsed or the LEC has notified the Mapping
* that the flush protocol has completed. In
* either case, it is safe to forward packets
* to this address via the data direct VC.
*/
/* Flag values */
#define LEC_REMOTE_FLAG 0x0001
#define LEC_PERMANENT_FLAG 0x0002
#endif
#endif /* _LEC_ARP_H_ */
......@@ -485,7 +485,7 @@ int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
*
*/
int cipso_v4_doi_remove(u32 doi,
u32 audit_secid,
struct netlbl_audit *audit_info,
void (*callback) (struct rcu_head * head))
{
struct cipso_v4_doi *doi_def;
......@@ -506,7 +506,7 @@ int cipso_v4_doi_remove(u32 doi,
list_for_each_entry_rcu(dom_iter, &doi_def->dom_list, list)
if (dom_iter->valid)
netlbl_domhsh_remove(dom_iter->domain,
audit_secid);
audit_info);
cipso_v4_cache_invalidate();
rcu_read_unlock();
......
......@@ -384,11 +384,15 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
u32 doi;
const char *type_str = "(unknown)";
struct audit_buffer *audit_buf;
struct netlbl_audit audit_info;
if (!info->attrs[NLBL_CIPSOV4_A_DOI] ||
!info->attrs[NLBL_CIPSOV4_A_MTYPE])
return -EINVAL;
doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
netlbl_netlink_auditinfo(skb, &audit_info);
type = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE]);
switch (type) {
case CIPSO_V4_MAP_STD:
......@@ -401,13 +405,14 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
break;
}
if (ret_val == 0) {
doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
NETLINK_CB(skb).sid);
audit_log_format(audit_buf, " doi=%u type=%s", doi, type_str);
audit_log_end(audit_buf);
}
audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
&audit_info);
audit_log_format(audit_buf,
" cipso_doi=%u cipso_type=%s res=%u",
doi,
type_str,
ret_val == 0 ? 1 : 0);
audit_log_end(audit_buf);
return ret_val;
}
......@@ -668,20 +673,25 @@ static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info)
int ret_val = -EINVAL;
u32 doi = 0;
struct audit_buffer *audit_buf;
struct netlbl_audit audit_info;
if (info->attrs[NLBL_CIPSOV4_A_DOI]) {
doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
ret_val = cipso_v4_doi_remove(doi,
NETLINK_CB(skb).sid,
netlbl_cipsov4_doi_free);
}
if (!info->attrs[NLBL_CIPSOV4_A_DOI])
return -EINVAL;
if (ret_val == 0) {
audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,
NETLINK_CB(skb).sid);
audit_log_format(audit_buf, " doi=%u", doi);
audit_log_end(audit_buf);
}
doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
netlbl_netlink_auditinfo(skb, &audit_info);
ret_val = cipso_v4_doi_remove(doi,
&audit_info,
netlbl_cipsov4_doi_free);
audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,
&audit_info);
audit_log_format(audit_buf,
" cipso_doi=%u res=%u",
doi,
ret_val == 0 ? 1 : 0);
audit_log_end(audit_buf);
return ret_val;
}
......
......@@ -188,7 +188,7 @@ int netlbl_domhsh_init(u32 size)
/**
* netlbl_domhsh_add - Adds a entry to the domain hash table
* @entry: the entry to add
* @audit_secid: the LSM secid to use in the audit message
* @audit_info: NetLabel audit information
*
* Description:
* Adds a new entry to the domain hash table and handles any updates to the
......@@ -196,7 +196,8 @@ int netlbl_domhsh_init(u32 size)
* negative on failure.
*
*/
int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
int netlbl_domhsh_add(struct netlbl_dom_map *entry,
struct netlbl_audit *audit_info)
{
int ret_val;
u32 bkt;
......@@ -241,26 +242,26 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
spin_unlock(&netlbl_domhsh_def_lock);
} else
ret_val = -EINVAL;
if (ret_val == 0) {
if (entry->domain != NULL)
audit_domain = entry->domain;
else
audit_domain = "(default)";
audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD,
audit_secid);
audit_log_format(audit_buf, " domain=%s", audit_domain);
switch (entry->type) {
case NETLBL_NLTYPE_UNLABELED:
audit_log_format(audit_buf, " protocol=unlbl");
break;
case NETLBL_NLTYPE_CIPSOV4:
audit_log_format(audit_buf,
" protocol=cipsov4 doi=%u",
entry->type_def.cipsov4->doi);
break;
}
audit_log_end(audit_buf);
if (entry->domain != NULL)
audit_domain = entry->domain;
else
audit_domain = "(default)";
audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD, audit_info);
audit_log_format(audit_buf, " nlbl_domain=%s", audit_domain);
switch (entry->type) {
case NETLBL_NLTYPE_UNLABELED:
audit_log_format(audit_buf, " nlbl_protocol=unlbl");
break;
case NETLBL_NLTYPE_CIPSOV4:
audit_log_format(audit_buf,
" nlbl_protocol=cipsov4 cipso_doi=%u",
entry->type_def.cipsov4->doi);
break;
}
audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
audit_log_end(audit_buf);
rcu_read_unlock();
if (ret_val != 0) {
......@@ -279,7 +280,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
/**
* netlbl_domhsh_add_default - Adds the default entry to the domain hash table
* @entry: the entry to add
* @audit_secid: the LSM secid to use in the audit message
* @audit_info: NetLabel audit information
*
* Description:
* Adds a new default entry to the domain hash table and handles any updates
......@@ -287,15 +288,16 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
* negative on failure.
*
*/
int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, u32 audit_secid)
int netlbl_domhsh_add_default(struct netlbl_dom_map *entry,
struct netlbl_audit *audit_info)
{
return netlbl_domhsh_add(entry, audit_secid);
return netlbl_domhsh_add(entry, audit_info);
}
/**
* netlbl_domhsh_remove - Removes an entry from the domain hash table
* @domain: the domain to remove
* @audit_secid: the LSM secid to use in the audit message
* @audit_info: NetLabel audit information
*
* Description:
* Removes an entry from the domain hash table and handles any updates to the
......@@ -303,7 +305,7 @@ int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, u32 audit_secid)
* negative on failure.
*
*/
int netlbl_domhsh_remove(const char *domain, u32 audit_secid)
int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info)
{
int ret_val = -ENOENT;
struct netlbl_dom_map *entry;
......@@ -345,18 +347,20 @@ int netlbl_domhsh_remove(const char *domain, u32 audit_secid)
ret_val = -ENOENT;
spin_unlock(&netlbl_domhsh_def_lock);
}
if (ret_val == 0) {
if (entry->domain != NULL)
audit_domain = entry->domain;
else
audit_domain = "(default)";
audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL,
audit_secid);
audit_log_format(audit_buf, " domain=%s", audit_domain);
audit_log_end(audit_buf);
if (entry->domain != NULL)
audit_domain = entry->domain;
else
audit_domain = "(default)";
audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info);
audit_log_format(audit_buf,
" nlbl_domain=%s res=%u",
audit_domain,
ret_val == 0 ? 1 : 0);
audit_log_end(audit_buf);
if (ret_val == 0)
call_rcu(&entry->rcu, netlbl_domhsh_free_entry);
}
remove_return:
rcu_read_unlock();
......@@ -365,7 +369,7 @@ int netlbl_domhsh_remove(const char *domain, u32 audit_secid)
/**
* netlbl_domhsh_remove_default - Removes the default entry from the table
* @audit_secid: the LSM secid to use in the audit message
* @audit_info: NetLabel audit information
*
* Description:
* Removes/resets the default entry for the domain hash table and handles any
......@@ -373,9 +377,9 @@ int netlbl_domhsh_remove(const char *domain, u32 audit_secid)
* success, non-zero on failure.
*
*/
int netlbl_domhsh_remove_default(u32 audit_secid)
int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info)
{
return netlbl_domhsh_remove(NULL, audit_secid);
return netlbl_domhsh_remove(NULL, audit_info);
}
/**
......
......@@ -57,9 +57,11 @@ struct netlbl_dom_map {
int netlbl_domhsh_init(u32 size);
/* Manipulate the domain hash table */
int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid);
int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, u32 audit_secid);
int netlbl_domhsh_remove_default(u32 audit_secid);
int netlbl_domhsh_add(struct netlbl_dom_map *entry,
struct netlbl_audit *audit_info);
int netlbl_domhsh_add_default(struct netlbl_dom_map *entry,
struct netlbl_audit *audit_info);
int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info);
struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain);
int netlbl_domhsh_walk(u32 *skip_bkt,
u32 *skip_chain,
......
......@@ -87,11 +87,14 @@ static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info)
struct netlbl_dom_map *entry = NULL;
size_t tmp_size;
u32 tmp_val;
struct netlbl_audit audit_info;
if (!info->attrs[NLBL_MGMT_A_DOMAIN] ||
!info->attrs[NLBL_MGMT_A_PROTOCOL])
goto add_failure;
netlbl_netlink_auditinfo(skb, &audit_info);
entry = kzalloc(sizeof(*entry), GFP_KERNEL);
if (entry == NULL) {
ret_val = -ENOMEM;
......@@ -108,7 +111,7 @@ static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info)
switch (entry->type) {
case NETLBL_NLTYPE_UNLABELED:
ret_val = netlbl_domhsh_add(entry, NETLINK_CB(skb).sid);
ret_val = netlbl_domhsh_add(entry, &audit_info);
break;
case NETLBL_NLTYPE_CIPSOV4:
if (!info->attrs[NLBL_MGMT_A_CV4DOI])
......@@ -125,7 +128,7 @@ static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info)
rcu_read_unlock();
goto add_failure;
}
ret_val = netlbl_domhsh_add(entry, NETLINK_CB(skb).sid);
ret_val = netlbl_domhsh_add(entry, &audit_info);
rcu_read_unlock();
break;
default:
......@@ -156,12 +159,15 @@ static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info)
static int netlbl_mgmt_remove(struct sk_buff *skb, struct genl_info *info)
{
char *domain;
struct netlbl_audit audit_info;
if (!info->attrs[NLBL_MGMT_A_DOMAIN])
return -EINVAL;
netlbl_netlink_auditinfo(skb, &audit_info);
domain = nla_data(info->attrs[NLBL_MGMT_A_DOMAIN]);
return netlbl_domhsh_remove(domain, NETLINK_CB(skb).sid);
return netlbl_domhsh_remove(domain, &audit_info);
}
/**
......@@ -264,10 +270,13 @@ static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info)
int ret_val = -EINVAL;
struct netlbl_dom_map *entry = NULL;
u32 tmp_val;
struct netlbl_audit audit_info;
if (!info->attrs[NLBL_MGMT_A_PROTOCOL])
goto adddef_failure;
netlbl_netlink_auditinfo(skb, &audit_info);
entry = kzalloc(sizeof(*entry), GFP_KERNEL);
if (entry == NULL) {
ret_val = -ENOMEM;
......@@ -277,8 +286,7 @@ static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info)
switch (entry->type) {
case NETLBL_NLTYPE_UNLABELED:
ret_val = netlbl_domhsh_add_default(entry,
NETLINK_CB(skb).sid);
ret_val = netlbl_domhsh_add_default(entry, &audit_info);
break;
case NETLBL_NLTYPE_CIPSOV4:
if (!info->attrs[NLBL_MGMT_A_CV4DOI])
......@@ -295,8 +303,7 @@ static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info)
rcu_read_unlock();
goto adddef_failure;
}
ret_val = netlbl_domhsh_add_default(entry,
NETLINK_CB(skb).sid);
ret_val = netlbl_domhsh_add_default(entry, &audit_info);
rcu_read_unlock();
break;
default:
......@@ -324,7 +331,11 @@ static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info)
*/
static int netlbl_mgmt_removedef(struct sk_buff *skb, struct genl_info *info)
{
return netlbl_domhsh_remove_default(NETLINK_CB(skb).sid);
struct netlbl_audit audit_info;
netlbl_netlink_auditinfo(skb, &audit_info);
return netlbl_domhsh_remove_default(&audit_info);
}
/**
......
......@@ -70,18 +70,25 @@ static struct nla_policy netlbl_unlabel_genl_policy[NLBL_UNLABEL_A_MAX + 1] = {
/**
* netlbl_unlabel_acceptflg_set - Set the unlabeled accept flag
* @value: desired value
* @audit_secid: the LSM secid to use in the audit message
* @audit_info: NetLabel audit information
*
* Description:
* Set the value of the unlabeled accept flag to @value.
*
*/
static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid)
static void netlbl_unlabel_acceptflg_set(u8 value,
struct netlbl_audit *audit_info)
{
struct audit_buffer *audit_buf;
u8 old_val;
old_val = atomic_read(&netlabel_unlabel_accept_flg);
atomic_set(&netlabel_unlabel_accept_flg, value);
netlbl_audit_nomsg((value ?
AUDIT_MAC_UNLBL_ACCEPT : AUDIT_MAC_UNLBL_DENY),
audit_secid);
audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_ALLOW,
audit_info);
audit_log_format(audit_buf, " unlbl_accept=%u old=%u", value, old_val);
audit_log_end(audit_buf);
}
/*
......@@ -101,12 +108,13 @@ static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid)
static int netlbl_unlabel_accept(struct sk_buff *skb, struct genl_info *info)
{
u8 value;
struct netlbl_audit audit_info;
if (info->attrs[NLBL_UNLABEL_A_ACPTFLG]) {
value = nla_get_u8(info->attrs[NLBL_UNLABEL_A_ACPTFLG]);
if (value == 1 || value == 0) {
netlbl_unlabel_acceptflg_set(value,
NETLINK_CB(skb).sid);
netlbl_netlink_auditinfo(skb, &audit_info);
netlbl_unlabel_acceptflg_set(value, &audit_info);
return 0;
}
}
......@@ -250,19 +258,23 @@ int netlbl_unlabel_defconf(void)
{
int ret_val;
struct netlbl_dom_map *entry;
u32 secid;
struct netlbl_audit audit_info;
security_task_getsecid(current, &secid);
/* Only the kernel is allowed to call this function and the only time
* it is called is at bootup before the audit subsystem is reporting
* messages so don't worry to much about these values. */
security_task_getsecid(current, &audit_info.secid);
audit_info.loginuid = 0;
entry = kzalloc(sizeof(*entry), GFP_KERNEL);
if (entry == NULL)
return -ENOMEM;
entry->type = NETLBL_NLTYPE_UNLABELED;
ret_val = netlbl_domhsh_add_default(entry, secid);
ret_val = netlbl_domhsh_add_default(entry, &audit_info);
if (ret_val != 0)
return ret_val;
netlbl_unlabel_acceptflg_set(1, secid);
netlbl_unlabel_acceptflg_set(1, &audit_info);
return 0;
}
......@@ -85,7 +85,7 @@ int netlbl_netlink_init(void)
/**
* netlbl_audit_start_common - Start an audit message
* @type: audit message type
* @secid: LSM context ID
* @audit_info: NetLabel audit information
*
* Description:
* Start an audit message using the type specified in @type and fill the audit
......@@ -93,14 +93,11 @@ int netlbl_netlink_init(void)
* a pointer to the audit buffer on success, NULL on failure.
*
*/
struct audit_buffer *netlbl_audit_start_common(int type, u32 secid)
struct audit_buffer *netlbl_audit_start_common(int type,
struct netlbl_audit *audit_info)
{
struct audit_context *audit_ctx = current->audit_context;
struct audit_buffer *audit_buf;
uid_t audit_loginuid;
const char *audit_tty;
char audit_comm[sizeof(current->comm)];
struct vm_area_struct *vma;
char *secctx;
u32 secctx_len;
......@@ -108,60 +105,13 @@ struct audit_buffer *netlbl_audit_start_common(int type, u32 secid)
if (audit_buf == NULL)
return NULL;
audit_loginuid = audit_get_loginuid(audit_ctx);
if (current->signal &&
current->signal->tty &&
current->signal->tty->name)
audit_tty = current->signal->tty->name;
else
audit_tty = "(none)";
get_task_comm(audit_comm, current);
audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid);
audit_log_format(audit_buf,
"netlabel: auid=%u uid=%u tty=%s pid=%d",
audit_loginuid,
current->uid,
audit_tty,
current->pid);
audit_log_format(audit_buf, " comm=");
audit_log_untrustedstring(audit_buf, audit_comm);
if (current->mm) {
down_read(&current->mm->mmap_sem);
vma = current->mm->mmap;
while (vma) {
if ((vma->vm_flags & VM_EXECUTABLE) &&
vma->vm_file) {
audit_log_d_path(audit_buf,
" exe=",
vma->vm_file->f_dentry,
vma->vm_file->f_vfsmnt);
break;
}
vma = vma->vm_next;
}
up_read(&current->mm->mmap_sem);
}
if (secid != 0 &&
security_secid_to_secctx(secid, &secctx, &secctx_len) == 0)
if (audit_info->secid != 0 &&
security_secid_to_secctx(audit_info->secid,
&secctx,
&secctx_len) == 0)
audit_log_format(audit_buf, " subj=%s", secctx);
return audit_buf;
}
/**
* netlbl_audit_nomsg - Send an audit message without additional text
* @type: audit message type
* @secid: LSM context ID
*
* Description:
* Send an audit message with only the common NetLabel audit fields.
*
*/
void netlbl_audit_nomsg(int type, u32 secid)
{
struct audit_buffer *audit_buf;
audit_buf = netlbl_audit_start_common(type, secid);
audit_log_end(audit_buf);
}
此差异已折叠。
此差异已折叠。
此差异已折叠。
......@@ -416,7 +416,8 @@ void sctp_retransmit_mark(struct sctp_outq *q,
* (Section 7.2.4)), add the data size of those
* chunks to the rwnd.
*/
q->asoc->peer.rwnd += sctp_data_size(chunk);
q->asoc->peer.rwnd += (sctp_data_size(chunk) +
sizeof(struct sk_buff));
q->outstanding_bytes -= sctp_data_size(chunk);
transport->flight_size -= sctp_data_size(chunk);
......
此差异已折叠。
此差异已折叠。
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册