1. 11 7月, 2007 2 次提交
    • M
      [IPV6] MIP6: Kill unnecessary ifdefs. · 136ebf08
      Masahide NAKAMURA 提交于
      Kill unnecessary CONFIG_IPV6_MIP6.
      
      o It is redundant for RAW socket to keep MH out with the config then
        it can handle any protocol.
      o Clean-up at AH.
      Signed-off-by: NMasahide NAKAMURA <nakam@linux-ipv6.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      136ebf08
    • J
      bonding / ipv6: no addrconf for slaves separately from master · c2edacf8
      Jay Vosburgh 提交于
      	At present, when a device is enslaved to bonding, if ipv6 is
      active then addrconf will be initated on the slave (because it is closed
      then opened during the enslavement processing).  This causes DAD and RS
      packets to be sent from the slave.  These packets in turn can confuse
      switches that perform ipv6 snooping, causing them to incorrectly update
      their forwarding tables (if, e.g., the slave being added is an inactve
      backup that won't be used right away) and direct traffic away from the
      active slave to a backup slave (where the incoming packets will be
      dropped).
      
      	This patch alters the behavior so that addrconf will only run on
      the master device itself.  I believe this is logically correct, as it
      prevents slaves from having an IPv6 identity independent from the
      master.  This is consistent with the IPv4 behavior for bonding.
      
      	This is accomplished by (a) having bonding set IFF_SLAVE sooner
      in the enslavement processing than currently occurs (before open, not
      after), and (b) having ipv6 addrconf ignore UP and CHANGE events on
      slave devices.
      
      	The eql driver also uses the IFF_SLAVE flag.  I inspected eql,
      and I believe this change is reasonable for its usage of IFF_SLAVE, but
      I did not test it.
      Signed-off-by: NJay Vosburgh <fubar@us.ibm.com>
      Signed-off-by: NJeff Garzik <jeff@garzik.org>
      c2edacf8
  2. 23 6月, 2007 1 次提交
  3. 15 6月, 2007 1 次提交
    • H
      [IPV6] addrconf: Fix IPv6 on tuntap tunnels · 74235a25
      Herbert Xu 提交于
      The recent patch that added ipv6_hwtype is broken on tuntap tunnels.
      Indeed, it's broken on any device that does not pass the ipv6_hwtype
      test.
      
      The reason is that the original test only applies to autoconfiguration,
      not IPv6 support.  IPv6 support is allowed on any device.  In fact,
      even with the ipv6_hwtype patch applied you can still add IPv6 addresses
      to any interface that doesn't pass thw ipv6_hwtype test provided that
      they have a sufficiently large MTU.  This is a serious problem because
      come deregistration time these devices won't be cleaned up properly.
      
      I've gone back and looked at the rationale for the patch.  It appears
      that the real problem is that we were creating IPv6 devices even if the
      MTU was too small.  So here's a patch which fixes that and reverts the
      ipv6_hwtype stuff.
      
      Thanks to Kanru Chen for reporting this issue.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      74235a25
  4. 13 6月, 2007 1 次提交
  5. 08 6月, 2007 3 次提交
  6. 04 6月, 2007 1 次提交
  7. 31 5月, 2007 4 次提交
  8. 25 5月, 2007 2 次提交
    • D
      [XFRM]: Allow packet drops during larval state resolution. · 14e50e57
      David S. Miller 提交于
      The current IPSEC rule resolution behavior we have does not work for a
      lot of people, even though technically it's an improvement from the
      -EAGAIN buisness we had before.
      
      Right now we'll block until the key manager resolves the route.  That
      works for simple cases, but many folks would rather packets get
      silently dropped until the key manager resolves the IPSEC rules.
      
      We can't tell these folks to "set the socket non-blocking" because
      they don't have control over the non-block setting of things like the
      sockets used to resolve DNS deep inside of the resolver libraries in
      libc.
      
      With that in mind I coded up the patch below with some help from
      Herbert Xu which provides packet-drop behavior during larval state
      resolution, controllable via sysctl and off by default.
      
      This lays the framework to either:
      
      1) Make this default at some point or...
      
      2) Move this logic into xfrm{4,6}_policy.c and implement the
         ARP-like resolution queue we've all been dreaming of.
         The idea would be to queue packets to the policy, then
         once the larval state is resolved by the key manager we
         re-resolve the route and push the packets out.  The
         packets would timeout if the rule didn't get resolved
         in a certain amount of time.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      14e50e57
    • O
  9. 14 5月, 2007 1 次提交
  10. 11 5月, 2007 5 次提交
  11. 09 5月, 2007 2 次提交
  12. 04 5月, 2007 1 次提交
  13. 03 5月, 2007 1 次提交
  14. 29 4月, 2007 2 次提交
  15. 27 4月, 2007 1 次提交
  16. 26 4月, 2007 12 次提交