- 08 3月, 2012 7 次提交
-
-
由 Richard Weinberger 提交于
ipt_LOG and ip6_LOG have a lot of common code, merge them to reduce duplicate code. Signed-off-by: NRichard Weinberger <richard@nod.at> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
This patch allows you to set expectfn which is specifically used by the NAT side of most of the existing conntrack helpers. I have added a symbol map that uses a string as key to look up for the function that is attached to the expectation object. This is the best solution I came out with to solve this issue. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
This patch adds the missing bits to create expectations that are created in NAT setups.
-
由 Pablo Neira Ayuso 提交于
This patch allows you to set the expectation class. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
This patch allow you to set the helper for newly created expectations based of the CTA_EXPECT_HELP_NAME attribute. Before this, the helper set was NULL. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jozsef Kadlecsik 提交于
The "nomatch" keyword and option is added to the hash:*net* types, by which one can add exception entries to sets. Example: ipset create test hash:net ipset add test 192.168.0/24 ipset add test 192.168.0/30 nomatch In this case the IP addresses from 192.168.0/24 except 192.168.0/30 match the elements of the set. Signed-off-by: NJozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jan Engelhardt 提交于
ipset is actually using NFPROTO values rather than AF (xt_set passes that along). Signed-off-by: NJan Engelhardt <jengelh@medozas.de> Signed-off-by: NJozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
- 07 3月, 2012 1 次提交
-
-
由 David S. Miller 提交于
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 06 3月, 2012 2 次提交
-
-
由 Ulrich Weber 提交于
otherwise source IPv6 address of ICMPV6_MGM_QUERY packet might be random junk if IPv6 is disabled on interface or link-local address is not yet ready (DAD). Signed-off-by: NUlrich Weber <ulrich.weber@sophos.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
Some drivers use internal netdev stats member to store part of their stats, yet advertize ndo_get_stats64() to implement some 64bit fields. Allow them to use netdev_stats_to_stats64() helper to make the copy of netdev stats before they compute their 64bit counters. Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 05 3月, 2012 4 次提交
-
-
由 Eric Dumazet 提交于
nlmsg_parse() might return an error, so test its return value before potential random memory accesses. Errors introduced in commit 115c9b81 (rtnetlink: Fix problem with buffer allocation) Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Cc: Greg Rose <gregory.v.rose@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Joakim Tjernlund 提交于
commit bridge: send proper message_age in config BPDU added this gem: bpdu.message_age = (jiffies - root->designated_age) p->designated_age = jiffies + bpdu->message_age; Notice how bpdu->message_age is negated when reassigned to bpdu.message_age. This causes message age to decrease breaking the STP protocol. Signed-off-by: NJoakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Joakim Tjernlund 提交于
min age increment needs to round up its min age tick for all HZ values to guarantee message age is increasing. Signed-off-by: NJoakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Paul Mackerras 提交于
Since all that include/linux/if_ppp.h does is #include <linux/ppp-ioctl.h>, this replaces the occurrences of #include <linux/if_ppp.h> with #include <linux/ppp-ioctl.h>. It also corrects an error in Documentation/networking/l2tp.txt, where it referenced include/linux/if_ppp.h as the source of some definitions that are actually now defined in include/linux/if_pppol2tp.h. Signed-off-by: NPaul Mackerras <paulus@samba.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 04 3月, 2012 3 次提交
-
-
由 Neal Cardwell 提交于
In tcp_mark_head_lost() we should not attempt to fragment a SACKed skb to mark the first portion as lost. This is for two primary reasons: (1) tcp_shifted_skb() coalesces adjacent regions of SACKed skbs. When doing this, it preserves the sum of their packet counts in order to reflect the real-world dynamics on the wire. But given that skbs can have remainders that do not align to MSS boundaries, this packet count preservation means that for SACKed skbs there is not necessarily a direct linear relationship between tcp_skb_pcount(skb) and skb->len. Thus tcp_mark_head_lost()'s previous attempts to fragment off and mark as lost a prefix of length (packets - oldcnt)*mss from SACKed skbs were leading to occasional failures of the WARN_ON(len > skb->len) in tcp_fragment() (which used to be a BUG_ON(); see the recent "crash in tcp_fragment" thread on netdev). (2) there is no real point in fragmenting off part of a SACKed skb and calling tcp_skb_mark_lost() on it, since tcp_skb_mark_lost() is a NOP for SACKed skbs. Signed-off-by: NNeal Cardwell <ncardwell@google.com> Acked-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi> Acked-by: NYuchung Cheng <ycheng@google.com> Acked-by: NNandita Dukkipati <nanditad@google.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Samuel Jero 提交于
This fixes a bug in the sequence number validation during the initial handshake. The code did not treat the initial sequence numbers ISS and ISR as read-only and did not keep state for GSR and GSS as required by the specification. This causes problems with retransmissions during the initial handshake, causing the budding connection to be reset. This patch now treats ISS/ISR as read-only and tracks GSS/GSR as required. Signed-off-by: NSamuel Jero <sj323707@ohio.edu> Signed-off-by: NGerrit Renker <gerrit@erg.abdn.ac.uk>
-
由 Gerrit Renker 提交于
This replaces an unjustified BUG_ON(), which could get triggered under normal conditions: X_calc can be 0 when p > 0. X would in this case be set to the minimum, s/t_mbi. Its replacement avoids t_ipi = 0 (unbounded sending rate). Thanks to Jordi, Victor and Xavier who reported this. Signed-off-by: NGerrit Renker <gerrit@erg.abdn.ac.uk> Acked-by: NIan McDonald <ian.mcdonald@jandi.co.uk>
-
- 01 3月, 2012 9 次提交
-
-
由 Greg Rose 提交于
Add VF spoof check to IFLA policy. The original patch I submitted to add the spoof checking feature to rtnl failed to add the proper policy rule that identifies the data type and len. This patch corrects that oversight. No bugs have been reported against this but it may cause some problem for the netlink message parsing that uses the policy table. CC: stable@vger.kernel.org Signed-off-by: NGreg Rose <gregory.v.rose@intel.com> Tested-by: NSibai Li <sibai.li@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
-
由 Johannes Berg 提交于
This renames the IEEE80211_TX_CTL_POLL_RESPONSE TX flag to IEEE80211_TX_CTL_NO_PS_BUFFER and also uses it for non-bufferable MMPDUs (all MMPDUs but deauth, disassoc and action frames.) Previously, mac80211 would let the MMPDU through but not set the flag so drivers supporting some hardware aids for avoiding the PS races would then reject the frame. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
The association sequence looks (roughly) like this now: * set BSSID * set station to EXIST state * send auth * set station to AUTH state * send assoc * set station to ASSOC state * set BSS info to associated In contrast, the deauth/disassoc sequence is the other way around: * clear BSSID/BSS info state * remove station * send deauth/disassoc (in some cases the last two steps are reversed.) This patch encodes the entire sequence in the ieee80211_set_disassoc() function and changes it to be like this, for good measure with an explicit flush: * send deauth/disassoc * flush * remove station * clear BSSID/BSS info state At least iwlwifi gets confused with the other sequence in P2P mode and complains that it wasn't able to flush the queues. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
When ieee80211_set_disassoc() is called with the tx argument set to true, it will send DelBA out to the peer. This isn't useful or necessary in a few cases where we do it today, those being when we lost the connection or when the supplicant explicitly asked us to not tell the AP. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
Instead of calling cfg80211 in ieee80211_send_deauth_disassoc() pass out the frame and call it from the caller. That saves the SKB allocation if we don't actually want to send the frame and enables us to make the ordering smarter in the future. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
In "cfg80211: no cookies in cfg80211_send_XXX()" Holger Schurig removed the cookies in the calls from mac80211 to cfg80211, but the ones in the other direction were left in. Remove them now. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Allan Stephens 提交于
Optimizes routines that send payload messages so that they no longer update the "originating node" and "originating port" fields of the outgoing message header template, since these fields are initialized when the sending port is created and never change thereafter. Also optimizes the routine which updates the message header template when a connection to a port is established, for the same reason. Signed-off-by: NAllan Stephens <allan.stephens@windriver.com> Signed-off-by: NPaul Gortmaker <paul.gortmaker@windriver.com>
-
由 Allan Stephens 提交于
Removes code that updated the "previous node" field of an out-going message over TIPC's links. Such updating is unnecessary since the removal of the prototype multi-cluster capability means that all outgoing messages are generated locally and already have this field populated correctly. Signed-off-by: NAllan Stephens <allan.stephens@windriver.com> Signed-off-by: NPaul Gortmaker <paul.gortmaker@windriver.com>
-
由 Allan Stephens 提交于
Converts a non-trivial routine from inline to non-inline form to avoid bloating the TIPC code base with 6 copies of its body. This change is essentially cosmetic, and doesn't change existing TIPC behavior. Signed-off-by: NAllan Stephens <allan.stephens@windriver.com> Signed-off-by: NPaul Gortmaker <paul.gortmaker@windriver.com>
-
- 29 2月, 2012 1 次提交
-
-
由 Neal Cardwell 提交于
When tcp_shifted_skb() shifts bytes from the skb that is currently pointed to by 'highest_sack' then the increment of TCP_SKB_CB(skb)->seq implicitly advances tcp_highest_sack_seq(). This implicit advancement, combined with the recent fix to pass the correct SACKed range into tcp_sacktag_one(), caused tcp_sacktag_one() to think that the newly SACKed range was before the tcp_highest_sack_seq(), leading to a call to tcp_update_reordering() with a degree of reordering matching the size of the newly SACKed range (typically just 1 packet, which is a NOP, but potentially larger). This commit fixes this by simply calling tcp_sacktag_one() before the TCP_SKB_CB(skb)->seq advancement that can advance our notion of the highest SACKed sequence. Correspondingly, we can simplify the code a little now that tcp_shifted_skb() should update the lost_cnt_hint in all cases where skb == tp->lost_skb_hint. Signed-off-by: NNeal Cardwell <ncardwell@google.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 28 2月, 2012 9 次提交
-
-
由 Sven Eckelmann 提交于
Signed-off-by: NSven Eckelmann <sven@narfation.org> Signed-off-by: NMarek Lindner <lindner_marek@yahoo.de>
-
由 Johannes Berg 提交于
That's a lot longer than open-coding it and doesn't really add value, so just remove it. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
The comment for sta_info_flush() states "Returns the number of removed STA entries" but that isn't actually true. Consequently, the warning when a station is still around on interface removal can never trigger and this delayed finding the timer issue the previous patch fixed. Fix the return value here to make that warning useful again. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
When removing an interface while it is in the process of authenticating or associating, we leak the auth_data or assoc_data, and leave the timer pending. The timer then crashes the system when it fires as its data is gone. Fix this by explicitly deleting all the data when the interface is removed. This uncovered another bug -- this problem should have been detected by the sta_info_flush() warning but that function doesn't ever return non-zero, I'll fix that in a separate patch. Reported-by: NHieu Nguyen <hieux.c.nguyen@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Jakub Kicinski 提交于
Use interface data from sta instead of invalid pointer to list head in calls to drv_sta_state. Signed-off-by: NJakub Kicinski <kubakici@wp.pl> Reviewed-by: NJohannes Berg <johannes@sipsolutions.net> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
Eliad reports that if a scan finishes in the middle of processing associated (however it happens), the interface can go idle. This is because we set assoc_data to NULL before we set associated. Change the order so any idle check will find either one of them. Doing this requires duplicating the TX sync processing, but I already have a patch to delete that completely and will submit that as soon as my driver changes to no longer require it are submitted. Reported-by: NEliad Peller <eliad@wizery.com> Tested-by: NEliad Peller <eliad@wizery.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
Some files implicitly get this via mesh.h which itself doesn't need it, so move the inclusion into the right files. Some other files don't need it at all but include it, so remove it from there. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Eliad Peller 提交于
ieee80211_restart_sta_timer() takes care for enqueueing monitor_work if needed, so no need to do it again. Signed-off-by: NEliad Peller <eliad@wizery.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Eliad Peller 提交于
Devices that monitor the connection in the hw don't need the monitor work in the driver. Signed-off-by: NEliad Peller <eliad@wizery.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 27 2月, 2012 3 次提交
-
-
由 Pablo Neira Ayuso 提交于
This patch adds CTA_MARK_MASK which, together with CTA_MARK, allows you to selectively send conntrack entries to user-space by returning those that match mark & mask. With this, we can save cycles in the building and the parsing of the entries that may be later on filtered out in user-space by using the ctmark & mask. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Pablo Neira Ayuso 提交于
This patch allows you to pass a data pointer that can be accessed from the dump callback. Netfilter is going to use this patch to provide filtered dumps to user-space. This is specifically interesting in ctnetlink that may handle lots of conntrack entries. We can save precious cycles by skipping the conversion to TLV format of conntrack entries that are not interesting for user-space. More specifically, ctnetlink will include one operation to allow to filter the dumping of conntrack entries by ctmark values. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Pablo Neira Ayuso 提交于
Davem considers that the argument list of this interface is getting out of control. This patch tries to address this issue following his proposal: struct netlink_dump_control c = { .dump = dump, .done = done, ... }; netlink_dump_start(..., &c); Suggested by David S. Miller. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 25 2月, 2012 1 次提交
-
-
由 Florian Westphal 提交于
We expected 0 if module doesn't exist, which is no longer the case (42046e2e, netfilter: x_tables: return -ENOENT for non-existant matches/targets). Signed-off-by: NFlorian Westphal <fw@strlen.de> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-