1. 05 12月, 2013 4 次提交
  2. 02 12月, 2013 2 次提交
  3. 26 11月, 2013 9 次提交
    • L
      cfg80211: use enum nl80211_dfs_regions for dfs_region everywhere · 4c7d3982
      Luis R. Rodriguez 提交于
      u8 was used in some other places, just stick to the enum,
      this forces us to express the values that are expected.
      Signed-off-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      4c7d3982
    • E
      mac80211: add min required channel definition field · 21f659bf
      Eliad Peller 提交于
      Add a new field to ieee80211_chanctx_conf to indicate
      the min required channel configuration.
      
      Tuning to a narrower channel might help reducing
      the noise level and saving some power.
      
      The min required channel definition is the max of
      all min required channel definitions of the interfaces
      bound to this channel context.
      
      In AP mode, use 20MHz when there are no connected station.
      When a new station is added/removed, calculate the new max
      bandwidth supported by any of the stations (e.g. 80MHz when
      80MHz and 40MHz stations are connected).
      
      In other cases, simply use bss_conf.chandef as the
      min required chandef.
      
      Notify drivers about changes to this field by calling
      drv_change_chanctx with a new CHANGE_MIN_WIDTH notification.
      Signed-off-by: NEliad Peller <eliad@wizery.com>
      Reviewed-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      21f659bf
    • L
      cfg80211: add an option to disable processing country IEs · 2a901468
      Luis R. Rodriguez 提交于
      Certain vendors may want to disable the processing of
      country IEs so that they can continue using the regulatory
      domain the driver or user has set.  Currently there is no
      way to stop the core from processing country IEs, so add
      support to the core to ignore country IE hints.
      
      Cc: Mihir Shete <smihir@qti.qualcomm.com>
      Cc: Henri Bahini <hbahini@qca.qualcomm.com>
      Cc: Tushnim Bhattacharyya <tushnimb@qca.qualcomm.com>
      Signed-off-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      2a901468
    • L
      cfg80211: add flags to define country IE processing rules · a09a85a0
      Luis R. Rodriguez 提交于
      802.11 cards may have different country IE parsing behavioural
      preferences and vendors may want to support these. These preferences
      were managed by the REGULATORY_CUSTOM_REG and the REGULATORY_STRICT_REG
      flags and their combination. Instead of using this existing notation,
      split out the country IE behavioural preferences as a new flag. This
      will allow us to add more customizations easily and make the code more
      maintainable.
      
      Cc: Mihir Shete <smihir@qti.qualcomm.com>
      Cc: Henri Bahini <hbahini@qca.qualcomm.com>
      Cc: Tushnim Bhattacharyya <tushnimb@qca.qualcomm.com>
      Signed-off-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
      [fix up conflicts]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      a09a85a0
    • L
      cfg80211: move regulatory flags to their own variable · a2f73b6c
      Luis R. Rodriguez 提交于
      We'll expand this later, this will make it easier to
      classify and review what things are related to regulatory
      or not.
      
      Coccinelle only missed 4 hits, which I had to do manually,
      supplying the SmPL in case of merge conflicts.
      
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags |= WIPHY_FLAG_CUSTOM_REGULATORY
      +wiphy->regulatory_flags |= REGULATORY_CUSTOM_REG
      @@
      expression e;
      @@
      -e->flags |= WIPHY_FLAG_CUSTOM_REGULATORY
      +e->regulatory_flags |= REGULATORY_CUSTOM_REG
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags &= ~WIPHY_FLAG_CUSTOM_REGULATORY
      +wiphy->regulatory_flags &= ~REGULATORY_CUSTOM_REG
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags & WIPHY_FLAG_CUSTOM_REGULATORY
      +wiphy->regulatory_flags & REGULATORY_CUSTOM_REG
      
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags |= WIPHY_FLAG_STRICT_REGULATORY
      +wiphy->regulatory_flags |= REGULATORY_STRICT_REG
      @@
      expression e;
      @@
      -e->flags |= WIPHY_FLAG_STRICT_REGULATORY
      +e->regulatory_flags |= REGULATORY_STRICT_REG
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags &= ~WIPHY_FLAG_STRICT_REGULATORY
      +wiphy->regulatory_flags &= ~REGULATORY_STRICT_REG
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags & WIPHY_FLAG_STRICT_REGULATORY
      +wiphy->regulatory_flags & REGULATORY_STRICT_REG
      
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags |= WIPHY_FLAG_DISABLE_BEACON_HINTS
      +wiphy->regulatory_flags |= REGULATORY_DISABLE_BEACON_HINTS
      @@
      expression e;
      @@
      -e->flags |= WIPHY_FLAG_DISABLE_BEACON_HINTS
      +e->regulatory_flags |= REGULATORY_DISABLE_BEACON_HINTS
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags &= ~WIPHY_FLAG_DISABLE_BEACON_HINTS
      +wiphy->regulatory_flags &= ~REGULATORY_DISABLE_BEACON_HINTS
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags & WIPHY_FLAG_DISABLE_BEACON_HINTS
      +wiphy->regulatory_flags & REGULATORY_DISABLE_BEACON_HINTS
      
      Generated-by: Coccinelle SmPL
      Cc: Julia Lawall <julia.lawall@lip6.fr>
      Cc: Peter Senna Tschudin <peter.senna@gmail.com>
      Cc: Mihir Shete <smihir@qti.qualcomm.com>
      Cc: Henri Bahini <hbahini@qca.qualcomm.com>
      Cc: Tushnim Bhattacharyya <tushnimb@qca.qualcomm.com>
      Signed-off-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
      [fix up whitespace damage, overly long lines]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      a2f73b6c
    • M
      mac80211: add generic cipher scheme support · 2475b1cc
      Max Stepanov 提交于
      This adds generic cipher scheme support to mac80211, such schemes
      are fully under control by the driver. On hw registration drivers
      may specify additional HW ciphers with a scheme how these ciphers
      have to be handled by mac80211 TX/RR. A cipher scheme specifies a
      cipher suite value, a size of the security header to be added to
      or stripped from frames and how the PN is to be verified on RX.
      Signed-off-by: NMax Stepanov <Max.Stepanov@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      2475b1cc
    • J
      cfg80211/mac80211: DFS setup chandef for cac event · d2859df5
      Janusz Dziedzic 提交于
      To report channel width correctly we have
      to send correct channel parameters from
      mac80211 when calling cfg80211_cac_event().
      
      This is required in case of using channel width
      higher than 20MHz and we have to set correct
      dfs channel state after CAC (NL80211_DFS_AVAILABLE).
      Signed-off-by: NJanusz Dziedzic <janusz.dziedzic@tieto.com>
      Reviewed-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      d2859df5
    • L
      cfg80211: force WIPHY_FLAG_CUSTOM_REGULATORY on wiphy_apply_custom_regulatory() · 222ea581
      Luis R. Rodriguez 提交于
      wiphy_apply_custom_regulatory() implies WIPHY_FLAG_CUSTOM_REGULATORY
      but we never enforced it, do that now and warn if the driver
      didn't set it. All drivers should be following this today already.
      
      Having WIPHY_FLAG_CUSTOM_REGULATORY does not however mean you will
      use wiphy_apply_custom_regulatory() though, you may have your own
      _orig value set up tools / helpers. The intel drivers are examples
      of this type of driver.
      Signed-off-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      222ea581
    • L
      cfg80211: consolidate passive-scan and no-ibss flags · 8fe02e16
      Luis R. Rodriguez 提交于
      These two flags are used for the same purpose, just
      combine them into a no-ir flag to annotate no initiating
      radiation is allowed.
      
      Old userspace sending either flag will have it treated as
      the no-ir flag. To be considerate to older userspace we
      also send both the no-ir flag and the old no-ibss flags.
      Newer userspace will have to be aware of older kernels.
      
      Update all places in the tree using these flags with the
      following semantic patch:
      
      @@
      @@
      -NL80211_RRF_PASSIVE_SCAN
      +NL80211_RRF_NO_IR
      @@
      @@
      -NL80211_RRF_NO_IBSS
      +NL80211_RRF_NO_IR
      @@
      @@
      -IEEE80211_CHAN_PASSIVE_SCAN
      +IEEE80211_CHAN_NO_IR
      @@
      @@
      -IEEE80211_CHAN_NO_IBSS
      +IEEE80211_CHAN_NO_IR
      @@
      @@
      -NL80211_RRF_NO_IR | NL80211_RRF_NO_IR
      +NL80211_RRF_NO_IR
      @@
      @@
      -IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_IR
      +IEEE80211_CHAN_NO_IR
      @@
      @@
      -(NL80211_RRF_NO_IR)
      +NL80211_RRF_NO_IR
      @@
      @@
      -(IEEE80211_CHAN_NO_IR)
      +IEEE80211_CHAN_NO_IR
      
      Along with some hand-optimisations in documentation, to
      remove duplicates and to fix some indentation.
      Signed-off-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
      [do all the driver updates in one go]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      8fe02e16
  4. 22 11月, 2013 2 次提交
  5. 20 11月, 2013 6 次提交
  6. 16 11月, 2013 1 次提交
  7. 15 11月, 2013 4 次提交
  8. 11 11月, 2013 1 次提交
    • J
      netfilter: push reasm skb through instead of original frag skbs · 6aafeef0
      Jiri Pirko 提交于
      Pushing original fragments through causes several problems. For example
      for matching, frags may not be matched correctly. Take following
      example:
      
      <example>
      On HOSTA do:
      ip6tables -I INPUT -p icmpv6 -j DROP
      ip6tables -I INPUT -p icmpv6 -m icmp6 --icmpv6-type 128 -j ACCEPT
      
      and on HOSTB you do:
      ping6 HOSTA -s2000    (MTU is 1500)
      
      Incoming echo requests will be filtered out on HOSTA. This issue does
      not occur with smaller packets than MTU (where fragmentation does not happen)
      </example>
      
      As was discussed previously, the only correct solution seems to be to use
      reassembled skb instead of separete frags. Doing this has positive side
      effects in reducing sk_buff by one pointer (nfct_reasm) and also the reams
      dances in ipvs and conntrack can be removed.
      
      Future plan is to remove net/ipv6/netfilter/nf_conntrack_reasm.c
      entirely and use code in net/ipv6/reassembly.c instead.
      Signed-off-by: NJiri Pirko <jiri@resnulli.us>
      Acked-by: NJulian Anastasov <ja@ssi.bg>
      Signed-off-by: NMarcelo Ricardo Leitner <mleitner@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6aafeef0
  9. 09 11月, 2013 1 次提交
  10. 08 11月, 2013 1 次提交
  11. 07 11月, 2013 1 次提交
  12. 06 11月, 2013 1 次提交
    • H
      ipv4: introduce new IP_MTU_DISCOVER mode IP_PMTUDISC_INTERFACE · 482fc609
      Hannes Frederic Sowa 提交于
      Sockets marked with IP_PMTUDISC_INTERFACE won't do path mtu discovery,
      their sockets won't accept and install new path mtu information and they
      will always use the interface mtu for outgoing packets. It is guaranteed
      that the packet is not fragmented locally. But we won't set the DF-Flag
      on the outgoing frames.
      
      Florian Weimer had the idea to use this flag to ensure DNS servers are
      never generating outgoing fragments. They may well be fragmented on the
      path, but the server never stores or usees path mtu values, which could
      well be forged in an attack.
      
      (The root of the problem with path MTU discovery is that there is
      no reliable way to authenticate ICMP Fragmentation Needed But DF Set
      messages because they are sent from intermediate routers with their
      source addresses, and the IMCP payload will not always contain sufficient
      information to identify a flow.)
      
      Recent research in the DNS community showed that it is possible to
      implement an attack where DNS cache poisoning is feasible by spoofing
      fragments. This work was done by Amir Herzberg and Haya Shulman:
      <https://sites.google.com/site/hayashulman/files/fragmentation-poisoning.pdf>
      
      This issue was previously discussed among the DNS community, e.g.
      <http://www.ietf.org/mail-archive/web/dnsext/current/msg01204.html>,
      without leading to fixes.
      
      This patch depends on the patch "ipv4: fix DO and PROBE pmtu mode
      regarding local fragmentation with UFO/CORK" for the enforcement of the
      non-fragmentable checks. If other users than ip_append_page/data should
      use this semantic too, we have to add a new flag to IPCB(skb)->flags to
      suppress local fragmentation and check for this in ip_finish_output.
      
      Many thanks to Florian Weimer for the idea and feedback while implementing
      this patch.
      
      Cc: David S. Miller <davem@davemloft.net>
      Suggested-by: NFlorian Weimer <fweimer@redhat.com>
      Signed-off-by: NHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      482fc609
  13. 05 11月, 2013 3 次提交
  14. 04 11月, 2013 3 次提交
    • D
      net: sctp: fix and consolidate SCTP checksumming code · e6d8b64b
      Daniel Borkmann 提交于
      This fixes an outstanding bug found through IPVS, where SCTP packets
      with skb->data_len > 0 (non-linearized) and empty frag_list, but data
      accumulated in frags[] member, are forwarded with incorrect checksum
      letting SCTP initial handshake fail on some systems. Linearizing each
      SCTP skb in IPVS to prevent that would not be a good solution as
      this leads to an additional and unnecessary performance penalty on
      the load-balancer itself for no good reason (as we actually only want
      to update the checksum, and can do that in a different/better way
      presented here).
      
      The actual problem is elsewhere, namely, that SCTP's checksumming
      in sctp_compute_cksum() does not take frags[] into account like
      skb_checksum() does. So while we are fixing this up, we better reuse
      the existing code that we have anyway in __skb_checksum() and use it
      for walking through the data doing checksumming. This will not only
      fix this issue, but also consolidates some SCTP code with core
      sk_buff code, bringing it closer together and removing respectively
      avoiding reimplementation of skb_checksum() for no good reason.
      
      As crc32c() can use hardware implementation within the crypto layer,
      we leave that intact (it wraps around / falls back to e.g. slice-by-8
      algorithm in __crc32c_le() otherwise); plus use the __crc32c_le_combine()
      combinator for crc32c blocks.
      
      Also, we remove all other SCTP checksumming code, so that we only
      have to use sctp_compute_cksum() from now on; for doing that, we need
      to transform SCTP checkumming in output path slightly, and can leave
      the rest intact.
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e6d8b64b
    • D
      net: skb_checksum: allow custom update/combine for walking skb · 2817a336
      Daniel Borkmann 提交于
      Currently, skb_checksum walks over 1) linearized, 2) frags[], and
      3) frag_list data and calculats the one's complement, a 32 bit
      result suitable for feeding into itself or csum_tcpudp_magic(),
      but unsuitable for SCTP as we're calculating CRC32c there.
      
      Hence, in order to not re-implement the very same function in
      SCTP (and maybe other protocols) over and over again, use an
      update() + combine() callback internally to allow for walking
      over the skb with different algorithms.
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2817a336
    • H
      netfilter: introduce nf_conn_acct structure · f7b13e43
      Holger Eitzenberger 提交于
      Encapsulate counters for both directions into nf_conn_acct. During
      that process also consistently name pointers to the extend 'acct',
      not 'counters'. This patch is a cleanup.
      Signed-off-by: NHolger Eitzenberger <holger@eitzenberger.org>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      f7b13e43
  15. 29 10月, 2013 1 次提交