- 22 6月, 2015 18 次提交
-
-
由 Ivan Vecera 提交于
Signed-off-by: NIvan Vecera <ivecera@redhat.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ivan Vecera 提交于
Signed-off-by: NIvan Vecera <ivecera@redhat.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ivan Vecera 提交于
BIT value is already unsigned so casting is not necessary. Signed-off-by: NIvan Vecera <ivecera@redhat.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Roopa Prabhu 提交于
This patch adds NLM_F_APPEND flag to struct nlmsg_hdr->nlmsg_flags in newroute notifications if the route add was an append. (This is similar to how NLM_F_REPLACE is already part of new route replace notifications today) This helps userspace determine if the route add operation was an append. Signed-off-by: NRoopa Prabhu <roopa@cumulusnetworks.com> Acked-by: NScott Feldman <sfeldma@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David Herrmann 提交于
This patch adds getsockopt(SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS) to retrieve all groups a socket is a member of. Currently, we have to use getsockname() and look at the nl.nl_groups bitmask. However, this mask is limited to 32 groups. Hence, similar to NETLINK_ADD_MEMBERSHIP and NETLINK_DROP_MEMBERSHIP, this adds a separate sockopt to manager higher groups IDs than 32. This new NETLINK_LIST_MEMBERSHIPS option takes a pointer to __u32 and the size of the array. The array is filled with the full membership-set of the socket, and the required array size is returned in optlen. Hence, user-space can retry with a properly sized array in case it was too small. Signed-off-by: NDavid Herrmann <dh.herrmann@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Craig Gallek 提交于
When an inet_sock is destroyed, its source port (sk_num) is set to zero as part of the unhash procedure. In order to supply a source port as part of the NETLINK_SOCK_DIAG socket destruction broadcasts, the source port number must be read from inet_sport instead. Tested: ss -E Signed-off-by: NCraig Gallek <kraig@google.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Antonio Borneo 提交于
USE_OF is used as intermediate Kconfig option by few arch's (ARM, MIPS, Xtensa). Replace instances of USE_OF outside of arch folders with proper OF_???. Signed-off-by: NAntonio Borneo <borneo.antonio@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Antonio Borneo 提交于
Signed-off-by: NAntonio Borneo <borneo.antonio@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Zhaowei Yuan 提交于
Struct inet_proto no longer exists, so update the comment which is out of date. Signed-off-by: NZhaowei Yuan <zhaowei.yuan@samsung.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Hariprasad Shenai 提交于
Signed-off-by: NHariprasad Shenai <hariprasad@chelsio.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Raghu Vatsavayi 提交于
Following patch contains changes in liquidio Kconfig for selecting LIBCRC32C. Signed-off-by: NDerek Chickles <derek.chickles@caviumnetworks.com> Signed-off-by: NSatanand Burla <satananda.burla@caviumnetworks.com> Signed-off-by: NFelix Manlunas <felix.manlunas@caviumnetworks.com> Signed-off-by: NRaghu Vatsavayi <raghu.vatsavayi@caviumnetworks.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Kees Cook 提交于
There's no reason to perform a buffer copy for the firmware name. This also avoids a (currently impossible with current callers) NULL dereference if there was no matching firmware. Signed-off-by: NKees Cook <keescook@chromium.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Andrea Parri 提交于
The control !hlist_unhashed() in qfq_destroy_agg() is unnecessary because already performed in hlist_del_init(), so remove it. Signed-off-by: NAndrea Parri <parri.andrea@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Julien Grall 提交于
Append 0x to all %x in order to avoid while reading when there is other decimal value in the log. Also replace some of the hexadecimal print to decimal to uniformize the format with netfront. Signed-off-by: NJulien Grall <julien.grall@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: netdev@vger.kernel.org Acked-by: NIan Campbell <ian.campbell@citrix.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Julien Grall 提交于
The variables old_req_cons and ring_slots_used are assigned but never used since commit 1650d545 "xen-netback: always fully coalesce guest Rx packets". Signed-off-by: NJulien Grall <julien.grall@citrix.com> Acked-by: NWei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: netdev@vger.kernel.org Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Julien Grall 提交于
rx->status is an int16_t, print it using %d rather than %u in order to have a meaningful value when the field is negative. Also use %u rather than %x for rx->offset. Signed-off-by: NJulien Grall <julien.grall@citrix.com> Reviewed-by: NDavid Vrabel <david.vrabel@citrix.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: netdev@vger.kernel.org Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Fabian Frederick 提交于
This patch also renames sg to sglist and aligns function parameters. See Documentation/DMA-API.txt - Part Id for scatterlist details Signed-off-by: NFabian Frederick <fabf@skynet.be> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Willem de Bruijn 提交于
Destruction of the po->rollover must be delayed until there are no more packets in flight that can access it. The field is destroyed in packet_release, before synchronize_net. Delay using rcu. Fixes: 0648ab70 ("packet: rollover prepare: per-socket state") Suggested-by: NEric Dumazet <edumazet@google.com> Signed-off-by: NWillem de Bruijn <willemb@google.com> Acked-by: NEric Dumazet <edumazet@google.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 21 6月, 2015 1 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next由 David S. Miller 提交于
Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following patchset contains a final Netfilter pull request for net-next 4.2. This mostly addresses some fallout from the previous pull request, small netns updates and a couple of new features for nfnetlink_log and the socket match that didn't get in time for the previous pull request. More specifically they are: 1) Add security context information to nfnetlink_queue, from Roman Kubiak. 2) Add support to restore the sk_mark into skb->mark through xt_socket, from Harout Hedeshian. 3) Force alignment of 16 bytes of per cpu xt_counters, from Eric Dumazet. 4) Rename br_netfilter.c to br_netfilter_hooks.c to prepare split of IPv6 code into a separated file. 5) Move the IPv6 code in br_netfilter into a separated file. 6) Remove unused RCV_SKB_FAIL() in nfnetlink_queue and nfetlink_log, from Eric Biederman. 7) Two liner to simplify netns logic in em_ipset_match(). 8) Add missing includes to net/net_namespace.h to avoid compilation problems that result from not including linux/netfilter.h in netns headers. 9) Use a forward declaration instead of including linux/proc_fs.h from netns/netfilter.h 10) Add a new linux/netfilter_defs.h to replace the linux/netfilter.h inclusion in netns headers. 11) Remove spurious netfilter.h file included in the net tree, also from Eric Biederman. 12) Fix x_tables compilation warnings on 32 bits platforms that resulted from recent changes in x_tables counters, from Florian Westphal. ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 19 6月, 2015 8 次提交
-
-
由 Florian Westphal 提交于
On 32bit archs gcc complains due to cast from void* to u64. Add intermediate casts to long to silence these warnings. include/linux/netfilter/x_tables.h:376:10: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] include/linux/netfilter/x_tables.h:384:15: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] include/linux/netfilter/x_tables.h:391:23: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] include/linux/netfilter/x_tables.h:400:22: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] Fixes: 71ae0dff ("netfilter: xtables: use percpu rule counters") Reported-by: Nkbuild test robot <fengguang.wu@intel.com> Signed-off-by: NFlorian Westphal <fw@strlen.de> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Eric W Biederman 提交于
While testing my netfilter changes I noticed several files where recompiling unncessarily because they unncessarily included netfilter.h. Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
This pulls the full hook netfilter definitions from all those that include net_namespace.h. Instead let's just include the bare minimum required in the new linux/netfilter_defs.h file, and use it from the netfilter netns header files. I also needed to include in.h and in6.h from linux/netfilter.h otherwise we hit this compilation error: In file included from include/linux/netfilter_defs.h:4:0, from include/net/netns/netfilter.h:4, from include/net/net_namespace.h:22, from include/linux/netdevice.h:43, from net/netfilter/nfnetlink_queue_core.c:23: include/uapi/linux/netfilter.h:76:17: error: field ‘in’ has incomplete type struct in_addr in; And also explicit include linux/netfilter.h in several spots. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
-
由 Pablo Neira Ayuso 提交于
We don't need to pull the full definitions in that file, a simple forward declaration is enough. Moreover, include linux/procfs.h from nf_synproxy_core, otherwise this hits a compilation error due to missing declarations, ie. net/netfilter/nf_synproxy_core.c: In function ‘synproxy_proc_init’: net/netfilter/nf_synproxy_core.c:326:2: error: implicit declaration of function ‘proc_create’ [-Werror=implicit-function-declaration] if (!proc_create("synproxy", S_IRUGO, net->proc_net_stat, ^ Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
-
由 Pablo Neira Ayuso 提交于
Include linux/idr.h and linux/skbuff.h since they are required by objects that are declared in the net structure. struct net { ... struct idr netns_ids; ... struct sk_buff_head wext_nlevents; ... Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
-
由 Eric W. Biederman 提交于
em->net is always set and always available, use it in preference to dev_net(skb->dev). Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Eric W. Biederman 提交于
This appears to have been a dead macro in both nfnetlink_log.c and nfnetlink_queue_core.c since these pieces of code were added in 2005. Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
Resolve compilation breakage when CONFIG_IPV6 is not set by moving the IPv6 code into a separated br_netfilter_ipv6.c file. Fixes: efb6de9b ("netfilter: bridge: forward IPv6 fragmented packets") Reported-by: Nkbuild test robot <fengguang.wu@intel.com> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
- 18 6月, 2015 13 次提交
-
-
由 Pablo Neira Ayuso 提交于
To prepare separation of the IPv6 code into different file. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Eric Dumazet 提交于
Let's force a 16 bytes alignment on xt_counter percpu allocations, so that bytes and packets sit in same cache line. xt_counter being exported to user space, we cannot add __align(16) on the structure itself. Signed-off-by: NEric Dumazet <edumazet@google.com> Cc: Florian Westphal <fw@strlen.de> Acked-by: NFlorian Westphal <fw@strlen.de> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Harout Hedeshian 提交于
xt_socket is useful for matching sockets with IP_TRANSPARENT and taking some action on the matching packets. However, it lacks the ability to match only a small subset of transparent sockets. Suppose there are 2 applications, each with its own set of transparent sockets. The first application wants all matching packets dropped, while the second application wants them forwarded somewhere else. Add the ability to retore the skb->mark from the sk_mark. The mark is only restored if a matching socket is found and the transparent / nowildcard conditions are satisfied. Now the 2 hypothetical applications can differentiate their sockets based on a mark value set with SO_MARK. iptables -t mangle -I PREROUTING -m socket --transparent \ --restore-skmark -j action iptables -t mangle -A action -m mark --mark 10 -j action2 iptables -t mangle -A action -m mark --mark 11 -j action3 Signed-off-by: NHarout Hedeshian <harouth@codeaurora.org> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Roman Kubiak 提交于
This patch adds an additional attribute when sending packet information via netlink in netfilter_queue module. It will send additional security context data, so that userspace applications can verify this context against their own security databases. Signed-off-by: NRoman Kubiak <r.kubiak@samsung.com> Acked-by: NFlorian Westphal <fw@strlen.de> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue由 David S. Miller 提交于
Jeff Kirsher says: ==================== This series contains updates to fm10k only. Alex provides two fixes for the fm10k, first folds the fm10k_pull_tail() call into fm10k_add_rx_frag(), this way the fragment does not have to be modified after it is added to the skb. The second fixes missing braces to an if statement. The remaining patches are from Jacob which contain improvements and fixes for fm10k. First fix makes it so that invalid address will simply be skipped and allows synchronizing the full list to proceed with using iproute2 tool. Fixed a possible kernel panic by using the correct transmit timestamp function. Simplified the code flow for setting the IN_PROGRESS bit of the shinfo for an skb that we will be timestamping. Fix a bug in the timestamping transmit enqueue code responsible for a NULL pointer dereference and invalid access of the skb list by freeing the clone in the cases where we did not add it to the queue. Update the PF code so that it resets the empty TQMAP/RQMAP regirsters post-VFLR to prevent innocent VF drivers from triggering malicious driver events. The SYSTIME_CFG.Adjust direction bit is actually supposed to indicate that the adjustment is positive, so fix the code to align correctly with the hardware and documentation. Cleanup local variable that is no longer used after a previous refactor of the code. Fix the code flow so that we actually clear the enabled flag as part of our removal of the LPORT. v2: - updated patch 07 description based on feedback from Sergei Shtylyov - updated patch 09 & 10 to use %d in error message based on feedback from Sergei Shtylyov ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Romain Perier 提交于
These kind of informations are only useful for debugging and should not be displayed in normal modules message. Signed-off-by: NRomain Perier <romain.perier@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Alexander Duyck 提交于
While reviewing the code I noticed that one of the commits added an if statement followed by a for loop, but the if statement was missing the braces around the loop. This change corrects the coding style error. Signed-off-by: NAlexander Duyck <alexander.h.duyck@redhat.com> Acked-by: NJacob Keller <jacob.e.keller@intel.com> Tested-by: NKrishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
-
由 Jacob Keller 提交于
When a VF issues an LPORT_STATE request to enable a port that is already enabled, the PF will first disable the VF LPORT. Then it should re-enable the VF again with the new requested settings. This ensures that any switch rules are cleared by deleting the LPORT on the switch. However, the flow is bugged because we actually check if the VF is enabled at the end, and thus don't re-enable it. Fix the flow so that we actually clear the enabled flags as part of our removal of the LPORT. Signed-off-by: NJacob Keller <jacob.e.keller@intel.com> Tested-by: NKrishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
-
由 Jacob Keller 提交于
The reference to err_no was left around after a previous code refactor. We never use the value, and it doesn't seem to be used in side a hidden macro reference. Discovered via cppcheck. Signed-off-by: NJacob Keller <jacob.e.keller@intel.com> Tested-by: NKrishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
-
由 Jacob Keller 提交于
The SYSTIME_CFG.Adjust Direction bit is actually supposed to indicate that the adjustment is positive. Fix the code to align correctly with hardware and documentation. Signed-off-by: NJacob Keller <jacob.e.keller@intel.com> Tested-by: NKrishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
-
由 Jacob Keller 提交于
This patch adds the __attribute__((packed)) indicator to some structures which are overlayed onto a TLV message. These structures must be packed as small as possible in order to correctly align when copied into the mailbox buffer. Without doing so, the receiving mailbox code incorrectly parses the values and we get invalid message responses from the switch manager software. Signed-off-by: NJacob Keller <jacob.e.keller@intel.com> Tested-by: NKrishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
-
由 Jacob Keller 提交于
During initialization, the VF counts its rings by walking the TQDLOC registers. This works only if the TQMAP/RQMAP registers are set to map all of the out-of-bound rings back to the first one. This allows the VF to cleanly detect when it has run out of queues. Update the PF code so that it resets the empty TQMAP/RQMAP registers post-VFLR to prevent innocent VF drivers from triggering malicious driver events. Signed-off-by: NMatthew Vick <matthew.vick@intel.com> Signed-off-by: NJacob Keller <jacob.e.keller@intel.com> Tested-by: NKrishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
-
由 Jacob Keller 提交于
Currently, we don't notify the switch at all when the PF administratively sets a new VLAN or MAC address. This causes the old addresses to remain valid on the switch table. Since the PF is overriding any configuration done directly by the VF, we choose to simply re-create the LPORT for the VF. This does mean that all rules for the VF will be dropped when we set something directly via the PF, but it prevents some weird issues where the MAC/VLAN table retains some stale configuration. Signed-off-by: NJacob Keller <jacob.e.keller@intel.com> Tested-by: NKrishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
-