- 16 3月, 2011 5 次提交
-
-
由 David S. Miller 提交于
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6
-
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6由 David S. Miller 提交于
Conflicts: Documentation/feature-removal-schedule.txt
-
由 Florian Westphal 提交于
The kernel will refuse certain types that do not work in ipv6 mode. We can then add these features incrementally without risk of userspace breakage. Signed-off-by: NFlorian Westphal <fwestphal@astaro.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Florian Westphal 提交于
Followup patch will add ipv6 support. ipt_addrtype.h is retained for compatibility reasons, but no longer used by the kernel. Signed-off-by: NFlorian Westphal <fwestphal@astaro.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 John W. Linville 提交于
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem
-
- 15 3月, 2011 35 次提交
-
-
由 Vasiliy Kulikov 提交于
Structures ip6t_replace, compat_ip6t_replace, and xt_get_revision are copied from userspace. Fields of these structs that are zero-terminated strings are not checked. When they are used as argument to a format string containing "%s" in request_module(), some sensitive information is leaked to userspace via argument of spawned modprobe process. The first bug was introduced before the git epoch; the second was introduced in 3bc3fe5e (v2.6.25-rc1); the third is introduced by 6b7d31fc (v2.6.15-rc1). To trigger the bug one should have CAP_NET_ADMIN. Signed-off-by: NVasiliy Kulikov <segoon@openwall.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Vasiliy Kulikov 提交于
Structures ipt_replace, compat_ipt_replace, and xt_get_revision are copied from userspace. Fields of these structs that are zero-terminated strings are not checked. When they are used as argument to a format string containing "%s" in request_module(), some sensitive information is leaked to userspace via argument of spawned modprobe process. The first and the third bugs were introduced before the git epoch; the second was introduced in 2722971c (v2.6.17-rc1). To trigger the bug one should have CAP_NET_ADMIN. Signed-off-by: NVasiliy Kulikov <segoon@openwall.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Vasiliy Kulikov 提交于
Structures ipt_replace, compat_ipt_replace, and xt_get_revision are copied from userspace. Fields of these structs that are zero-terminated strings are not checked. When they are used as argument to a format string containing "%s" in request_module(), some sensitive information is leaked to userspace via argument of spawned modprobe process. The first bug was introduced before the git epoch; the second is introduced by 6b7d31fc (v2.6.15-rc1); the third is introduced by 6b7d31fc (v2.6.15-rc1). To trigger the bug one should have CAP_NET_ADMIN. Signed-off-by: NVasiliy Kulikov <segoon@openwall.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Changli Gao 提交于
A potential race condition when generating connlimit_rnd is also fixed. Signed-off-by: NChangli Gao <xiaosuo@gmail.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Changli Gao 提交于
The header of hlist is smaller than list. Signed-off-by: NChangli Gao <xiaosuo@gmail.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Changli Gao 提交于
All the members are initialized after kzalloc(). Signed-off-by: NChangli Gao <xiaosuo@gmail.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Changli Gao 提交于
We use the reply tuples when limiting the connections by the destination addresses, however, in SNAT scenario, the final reply tuples won't be ready until SNAT is done in POSTROUING or INPUT chain, and the following nf_conntrack_find_get() in count_tem() will get nothing, so connlimit can't work as expected. In this patch, the original tuples are always used, and an additional member addr is appended to save the address in either end. Signed-off-by: NChangli Gao <xiaosuo@gmail.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Simon Horman 提交于
There is now no need to include sysctl members of struct netns_ipvs unless CONFIG_SYSCTL is defined. Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Simon Horman 提交于
Break out the portions of __ip_vs_control_init() and __ip_vs_control_cleanup() where aren't necessary when CONFIG_SYSCTL is undefined. Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Simon Horman 提交于
ip_vs_lblc_table and ip_vs_lblcr_table, and code that uses them are unnecessary when CONFIG_SYSCTL is undefined. Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Simon Horman 提交于
Much of ip_vs_leave() is unnecessary if CONFIG_SYSCTL is undefined. I tried an approach of breaking the now #ifdef'ed portions out into a separate function. However this appeared to grow the compiled code on x86_64 by about 200 bytes in the case where CONFIG_SYSCTL is defined. So I have gone with the simpler though less elegant #ifdef'ed solution for now. Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Simon Horman 提交于
ip_vs_conntrack_enabled() becomes a noop when CONFIG_SYSCTL is undefined. In preparation for not including sysctl_conntrack in struct netns_ipvs when CONFIG_SYCTL is not defined. Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Simon Horman 提交于
Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Simon Horman 提交于
In preparation for not including sysctl_lblc{r}_expiration in struct netns_ipvs when CONFIG_SYCTL is not defined. Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Simon Horman 提交于
In preparation for not including sysctl_expire_quiescent_template in struct netns_ipvs when CONFIG_SYCTL is not defined. Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Simon Horman 提交于
In preparation for not including sysctl_expire_nodest_conn in struct netns_ipvs when CONFIG_SYCTL is not defined. Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Simon Horman 提交于
In preparation for not including sysctl_sync_ver in struct netns_ipvs when CONFIG_SYCTL is not defined. Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Simon Horman 提交于
In preparation for not including sysctl_sync_threshold in struct netns_ipvs when CONFIG_SYCTL is not defined. Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Simon Horman 提交于
In preparation for not including sysctl_nat_icmp_send in struct netns_ipvs when CONFIG_SYCTL is not defined. Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Simon Horman 提交于
In preparation for not including sysctl_snat_reroute in struct netns_ipvs when CONFIG_SYCTL is not defined. Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Simon Horman 提交于
Add ip_vs_route_me_harder() to avoid repeating the same code twice. Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Julian Anastasov 提交于
Rename ip_vs_new_estimator to ip_vs_start_estimator and ip_vs_kill_estimator to ip_vs_stop_estimator to better match their logic. Signed-off-by: NJulian Anastasov <ja@ssi.bg> Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Julian Anastasov 提交于
Move the estimator reading from estimation_timer to user context. ip_vs_read_estimator() will be used to decode the rate values. As the decoded rates are not set by estimation timer there is no need to reset them in ip_vs_zero_stats. There is no need ip_vs_new_estimator() to encode stats to rates, if the destination is in trash both the stats and the rates are inactive. Signed-off-by: NJulian Anastasov <ja@ssi.bg> Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Julian Anastasov 提交于
Remove ustats_seq, IPVS_STAT_INC and IPVS_STAT_ADD because they are not used. They were replaced with u64_stats. Signed-off-by: NJulian Anastasov <ja@ssi.bg> Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Julian Anastasov 提交于
Currently, the new percpu counters are not zeroed and the zero commands do not work as expected, we still show the old sum of percpu values. OTOH, we can not reset the percpu counters from user context without causing the incrementing to use old and bogus values. So, as Eric Dumazet suggested fix that by moving all overhead to stats reading in user context. Do not introduce overhead in timer context (estimator) and incrementing (packet handling in softirqs). The new ustats0 field holds the zero point for all counter values, the rates always use 0 as base value as before. When showing the values to user space just give the difference between counters and the base values. The only drawback is that percpu stats are not zeroed, they are accessible only from /proc and are new interface, so it should not be a compatibility problem as long as the sum stats are correct after zeroing. Signed-off-by: NJulian Anastasov <ja@ssi.bg> Acked-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Julian Anastasov 提交于
The global tot_stats contains cpustats field just like the stats for dest and svc, so better use it to simplify the usage in estimation_timer. As tot_stats is registered as estimator we can remove the special ip_vs_read_cpu_stats call for tot_stats. Fix ip_vs_read_cpu_stats to be called under stats lock because it is still used as synchronization between estimation timer and user context (the stats readers). Also, make sure ip_vs_stats_percpu_show reads properly the u64 stats from user context. Signed-off-by: NJulian Anastasov <ja@ssi.bg> Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Julian Anastasov 提交于
Remove include/net/netns/ip_vs.h because it depends on structures from include/net/ip_vs.h. As ipvs is pointer in struct net it is better to move struct netns_ipvs into include/net/ip_vs.h, so that we can easily use other structures in struct netns_ipvs. Signed-off-by: NJulian Anastasov <ja@ssi.bg> Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Jesper Juhl 提交于
There's no sense to 'ct = ct = ' in ip_vs_notrack(). Just assign nf_ct_get()'s return value directly to the pointer variable 'ct' once. Signed-off-by: NJesper Juhl <jj@chaosbits.net> Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Shan Wei 提交于
The semantic patch that makes this output is available in scripts/coccinelle/api/memdup.cocci. More information about semantic patching is available at http://coccinelle.lip6.fr/Signed-off-by: NShan Wei <shanwei@cn.fujitsu.com> Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Julian Anastasov 提交于
ip_vs_read_cpu_stats is called only from timer, so no need for _bh locks. Signed-off-by: NJulian Anastasov <ja@ssi.bg> Signed-off-by: NHans Schillstrom <hans@schillstrom.com> Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Julian Anastasov 提交于
Restore the previous behaviour to lookup for fwmark service only when fwmark is non-null. This saves only CPU. Signed-off-by: NJulian Anastasov <ja@ssi.bg> Signed-off-by: NHans Schillstrom <hans@schillstrom.com> Signed-off-by: NSimon Horman <horms@verge.net.au>
-
由 Mark Rustad 提交于
This adds defines for the app selector values currently defined in the IEEE 802.1Qaz specification. Signed-off-by: NMark Rustad <mark.d.rustad@intel.com> Signed-off-by: NJohn Fastabend <john.r.fastabend@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Mark Rustad 提交于
Fix a few spelling errors in dcbnl.h. Signed-off-by: NMark Rustad <mark.d.rustad@intel.com> Signed-off-by: NJohn Fastabend <john.r.fastabend@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Mark Rustad 提交于
Signed-off-by: NMark Rustad <mark.d.rustad@intel.com> Signed-off-by: NJohn Fastabend <john.r.fastabend@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jiri Pirko 提交于
Check for bonding master and refuse to use that. Signed-off-by: NJiri Pirko <jpirko@redhat.com> Acked-by: NRobert Love <robert.w.love@intel.com> Acked-by: NJames Bottomley <James.Bottomley@suse.de> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-