1. 14 10月, 2008 3 次提交
  2. 13 10月, 2008 4 次提交
  3. 12 10月, 2008 2 次提交
  4. 11 10月, 2008 3 次提交
  5. 10 10月, 2008 14 次提交
    • G
      tcpv6: fix error with CONFIG_TCP_MD5SIG disabled · fa3e5b4e
      Guo-Fu Tseng 提交于
      This patch fix error with CONFIG_TCP_MD5SIG disabled.
      Signed-off-by: NGuo-Fu Tseng <cooldavid@cooldavid.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fa3e5b4e
    • E
      udp: complete port availability checking · f24d43c0
      Eric Dumazet 提交于
      While looking at UDP port randomization, I noticed it
      was litle bit pessimistic, not looking at type of sockets
      (IPV6/IPV4) and not looking at bound addresses if any.
      
      We should perform same tests than when binding to a
      specific port.
      
      This permits a cleanup of udp_lib_get_port()
      Signed-off-by: NEric Dumazet <dada1@cosmosbay.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f24d43c0
    • I
      tcpv6: combine tcp_v6_send_(reset|ack) · 626e264d
      Ilpo Järvinen 提交于
      $ codiff tcp_ipv6.o.old tcp_ipv6.o.new
      net/ipv6/tcp_ipv6.c:
        tcp_v6_md5_hash_hdr | -144
        tcp_v6_send_ack     | -585
        tcp_v6_send_reset   | -540
       3 functions changed, 1269 bytes removed, diff: -1269
      
      net/ipv6/tcp_ipv6.c:
        tcp_v6_send_response | +791
       1 function changed, 791 bytes added, diff: +791
      
      tcp_ipv6.o.new:
       4 functions changed, 791 bytes added, 1269 bytes removed, diff: -478
      
      I choose to leave the reset related netns comment in place (not
      the one that is killed) as I cannot understand its English so
      it's a bit hard for me to evaluate its usefulness :-).
      Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      626e264d
    • I
      tcpv6: convert opt[] -> topt in tcp_v6_send_reset · 81ada62d
      Ilpo Järvinen 提交于
      after this I get:
      
      $ diff-funcs tcp_v6_send_reset tcp_ipv6.c tcp_ipv6.c tcp_v6_send_ack
       --- tcp_ipv6.c:tcp_v6_send_reset()
       +++ tcp_ipv6.c:tcp_v6_send_ack()
      @@ -1,4 +1,5 @@
      -static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
      +static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
      u32 ts,
      +                           struct tcp_md5sig_key *key)
       {
              struct tcphdr *th = tcp_hdr(skb), *t1;
              struct sk_buff *buff;
      @@ -7,31 +8,14 @@
              struct sock *ctl_sk = net->ipv6.tcp_sk;
              unsigned int tot_len = sizeof(struct tcphdr);
              __be32 *topt;
      -#ifdef CONFIG_TCP_MD5SIG
      -       struct tcp_md5sig_key *key;
      -#endif
      -
      -       if (th->rst)
      -               return;
      -
      -       if (!ipv6_unicast_destination(skb))
      -               return;
      
      +       if (ts)
      +               tot_len += TCPOLEN_TSTAMP_ALIGNED;
       #ifdef CONFIG_TCP_MD5SIG
      -       if (sk)
      -               key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
      -       else
      -               key = NULL;
      -
              if (key)
                      tot_len += TCPOLEN_MD5SIG_ALIGNED;
       #endif
      
      -       /*
      -        * We need to grab some memory, and put together an RST,
      -        * and then put it into the queue to be sent.
      -        */
      -
              buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
                               GFP_ATOMIC);
              if (buff == NULL)
      @@ -46,18 +30,20 @@
              t1->dest = th->source;
              t1->source = th->dest;
              t1->doff = tot_len / 4;
      -       t1->rst = 1;
      -
      -       if(th->ack) {
      -               t1->seq = th->ack_seq;
      -       } else {
      -               t1->ack = 1;
      -               t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
      -                                   + skb->len - (th->doff<<2));
      -       }
      +       t1->seq = htonl(seq);
      +       t1->ack_seq = htonl(ack);
      +       t1->ack = 1;
      +       t1->window = htons(win);
      
              topt = (__be32 *)(t1 + 1);
      
      +       if (ts) {
      +               *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
      +                               (TCPOPT_TIMESTAMP << 8) |
      TCPOLEN_TIMESTAMP);
      +               *topt++ = htonl(tcp_time_stamp);
      +               *topt++ = htonl(ts);
      +       }
      +
       #ifdef CONFIG_TCP_MD5SIG
              if (key) {
                      *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
      @@ -84,15 +70,10 @@
              fl.fl_ip_sport = t1->source;
              security_skb_classify_flow(skb, &fl);
      
      -       /* Pass a socket to ip6_dst_lookup either it is for RST
      -        * Underlying function will use this to retrieve the network
      -        * namespace
      -        */
              if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
                      if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
                              ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
                              TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
      -                       TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
                              return;
                      }
              }
      
      
      ...which starts to be trivial to combine.
      Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      81ada62d
    • I
    • I
      tcpv[46]: fix md5 pseudoheader address field ordering · 78e645cb
      Ilpo Järvinen 提交于
      Maybe it's just me but I guess those md5 people made a mess
      out of it by having *_md5_hash_* to use daddr, saddr order
      instead of the one that is natural (and equal to what csum
      functions use). For the segment were sending, the original
      addresses are reversed so buff's saddr == skb's daddr and
      vice-versa.
      
      Maybe I can finally proceed with unification of some code
      after fixing it first... :-)
      Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      78e645cb
    • V
      sctp: update SNMP statiscts when T5 timer expired. · a1080a8b
      Vlad Yasevich 提交于
      The T5 timer is the timer for the over-all shutdown procedure.  If
      this timer expires, then shutdown procedure has not completed and we
      ABORT the association.  We should update SCTP_MIB_ABORTED and
      SCTP_MIB_CURRESTAB  when aborting.
      Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a1080a8b
    • V
      sctp: Fix SNMP number of SCTP_MIB_ABORTED during violation handling. · 56eb82bb
      Vlad Yasevich 提交于
      If ABORT chunks require authentication and a protocol violation
      is triggered, we do not tear down the association.  Subsequently,
      we should not increment SCTP_MIB_ABORTED.
      Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      56eb82bb
    • W
      sctp: Fix the SNMP number of SCTP_MIB_CURRESTAB · 3d5a019d
      Wei Yongjun 提交于
      RFC3873 defined SCTP_MIB_CURRESTAB:
        sctpCurrEstab OBJECT-TYPE
          SYNTAX         Gauge32
          MAX-ACCESS     read-only
          STATUS         current
          DESCRIPTION
               "The number of associations for which the current state is
               either ESTABLISHED, SHUTDOWN-RECEIVED or SHUTDOWN-PENDING."
          REFERENCE
               "Section 4 in RFC2960 covers the SCTP   Association state
               diagram."
      
      If the T4 RTO timer expires many times(timeout), the association will enter
      CLOSED state, so we should dec the number of SCTP_MIB_CURRESTAB, not inc the
      number of SCTP_MIB_CURRESTAB.
      Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com>
      Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3d5a019d
    • H
      inet: Make tunnel RX/TX byte counters more consistent · 64194c31
      Herbert Xu 提交于
      This patch makes the RX/TX byte counters for IPIP, GRE and SIT more
      consistent.  Previously we included the external IP headers on the
      way out but not when the packet is inbound.
      
      The new scheme is to count payload only in both directions.  For
      IPIP and SIT this simply means the exclusion of the external IP
      header.  For GRE this means that we exclude the GRE header as
      well.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      64194c31
    • H
      gre: Add Transparent Ethernet Bridging · e1a80002
      Herbert Xu 提交于
      This patch adds support for Ethernet over GRE encapsulation.
      This is exposed to user-space with a new link type of "gretap"
      instead of "gre".  It will create an ARPHRD_ETHER device in
      lieu of the usual ARPHRD_IPGRE.
      
      Note that to preserver backwards compatibility all Transparent
      Ethernet Bridging packets are passed to an ARPHRD_IPGRE tunnel
      if its key matches and there is no ARPHRD_ETHER device whose
      key matches more closely.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e1a80002
    • H
      gre: Add netlink interface · c19e654d
      Herbert Xu 提交于
      This patch adds a netlink interface that will eventually displace
      the existing ioctl interface.  It utilises the elegant rtnl_link_ops
      mechanism.
      
      This also means that user-space no longer needs to rely on the
      tunnel interface being of type GRE to identify GRE tunnels.  The
      identification can now occur using rtnl_link_ops.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c19e654d
    • H
      gre: Move MTU setting out of ipgre_tunnel_bind_dev · 42aa9162
      Herbert Xu 提交于
      This patch moves the dev->mtu setting out of ipgre_tunnel_bind_dev.
      This is in prepartion of using rtnl_link where we'll need to make
      the MTU setting conditional on whether the user has supplied an
      MTU.  This also requires the move of the ipgre_tunnel_bind_dev
      call out of the dev->init function so that we can access the user
      parameters later.
      
      This patch also adds a check to prevent setting the MTU below
      the minimum of 68.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      42aa9162
    • H
      gre: Use needed_headroom · c95b819a
      Herbert Xu 提交于
      Now that we have dev->needed_headroom, we can use it instead of
      having a bogus dev->hard_header_len.  This also allows us to
      include dev->hard_header_len in the MTU computation so that when
      we do have a meaningful hard_harder_len in future it is included
      automatically in figuring out the MTU.
      
      Incidentally, this fixes a bug where we ignored the needed_headroom
      field of the underlying device in calculating our own hard_header_len.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c95b819a
  6. 09 10月, 2008 14 次提交