- 09 3月, 2012 1 次提交
-
-
由 Benjamin Poirier 提交于
lookup sctp_association within sctp_do_peeloff() to enable its use outside of the sctp code with minimal knowledge of the former. Signed-off-by: NBenjamin Poirier <bpoirier@suse.de> Acked-by: NVlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 08 3月, 2012 39 次提交
-
-
由 Roopa Prabhu 提交于
zero mac address is a valid address for VIC dynamic vnic and sriov Vf's. Fix the check in enic_set_vf_mac appropriately Signed-off-by: NRoopa Prabhu <roprabhu@cisco.com> Signed-off-by: NChristian Benvenuti <benve@cisco.com> Signed-off-by: NSujith Sankar <ssujith@cisco.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Klaus-Dieter Wacker 提交于
A return code of non-zero of the devs ccwgroup set_offline function leaves the dev in online state. Having done a partly offlining may leave the dev in unusable state. To make sure the dev is set to offline, zero is returned. A setup trace entry is written in case the offlining steps encountered some trouble. Signed-off-by: NKlaus-Dieter Wacker <kdwacker@de.ibm.com> Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ursula Braun 提交于
Setting an invalid mac-address for a qeth layer2 device returns with a strange error code: # ip link set hsi1 address 00:00:00:00:00:01 RTNETLINK answers: Unknown error 18446744073709486085 Problem is caused by wrong usage of the return_code field within structure qeth_ipa_cmd. With this patch the ip command above returns SIOCSIFHWADDR: Invalid argument Signed-off-by: NUrsula Braun <ursula.braun@de.ibm.com> Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Belinda Thompson 提交于
Communication Server Linux uses the ctcmpc code of the ctcm driver. Sending problems have shown up caused by a wrong idal word list for the first ccw. Function ctcmpc_chx_txdone() invokes the function to prepare the idal word list without setting an appropriate length for the first ccw, which may lead to an incomplete idal word list. This patch sets the maximum buffer size as data length of the first ccw. Thus correct idal word lists are guaranteed in all cases. Signed-off-by: NBelinda Thompson <belindat@us.ibm.com> Reviewed-by: NUrsula Braun <ursula.braun@de.ibm.com> Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ursula Braun 提交于
ctcmpc debugging can be activated defining constant DEBUGCCW. The debugging part contains wrong checks for 64 bit addresses. Thus the debugging version does not compile. This patch corrects the 64-bit address checks to make it compilable. Signed-off-by: NUrsula Braun <ursula.braun@de.ibm.com> Reviewed-by: NBelinda Thompson <belindat@us.ibm.com> Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Frank Blaschka 提交于
During system startup udev may try to configure devices in parallel so we have to synchronize discipline module loading. Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ursula Braun 提交于
AF_IUCV sockets offer a shutdown function. This patch makes sure shutdown works for HS transport as well. Signed-off-by: NUrsula Braun <ursula.braun@de.ibm.com> Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ursula Braun 提交于
In case of transport through HiperSockets the underlying network interface may switch to DOWN state or the underlying network device may recover. In both cases the socket must change to IUCV_DISCONN state. If the interface goes down, af_iucv has a chance to notify its connection peer in addition. Signed-off-by: NUrsula Braun <ursula.braun@de.ibm.com> Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
-
由 Ido Yariv 提交于
If a master would like to raise the security level, it will send a pairing request. While the pending security level is set on an incoming security request (from a slave), it is not set on a pairing request. As a result, the security level would not be raised on the slave in such case. Fix this by setting the pending security when receiving pairing requests according to the requested authorization. Signed-off-by: NIdo Yariv <ido@wizery.com> Acked-by: NVinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Ido Yariv 提交于
The major index of the table is actually the remote I/O capabilities, not the local ones. As a result, devices with different I/O capabilities could have used wrong or even unsupported generation methods. Signed-off-by: NIdo Yariv <ido@wizery.com> CC: Brian Gix <bgix@codeaurora.org> Acked-by: NVinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Luiz Augusto von Dentz 提交于
+ src/net/bluetooth/rfcomm/tty.c: warning: 'p' is used uninitialized in this function: => 218 + src/net/bluetooth/rfcomm/tty.c: warning: 'p' may be used uninitialized in this function: => 218 Signed-off-by: NLuiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Eran 提交于
The bluetooth module in the Asus UX31/UX21 is based on Atheros AR3012 and requires a firmware to be uploaded before it's usable. output of usb-devices for this module: T: Bus=01 Lev=02 Prnt=02 Port=07 Cnt=03 Dev#= 6 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3375 Rev=00.02 S: Manufacturer=Atheros Communications S: Product=Bluetooth USB Host Controller S: SerialNumber=Alaska Day 2006 C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb Signed-off-by: NEran <eran@over-here.org> Tested-by: NMichal Labedzki <michal.labedzki@tieto.com> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Gustavo F. Padovan 提交于
Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Eric Dumazet 提交于
commit a8afca03 (tcp: md5: protects md5sig_info with RCU) added a lockdep splat in tcp_md5_do_lookup() in case a timer fires a tcp retransmit. At this point, socket lock is owned by the sofirq handler, not the user, so we should adjust a bit the lockdep condition, as we dont hold rcu_read_lock(). Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Reported-by: NValdis Kletnieks <valdis.kletnieks@vt.edu> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
Helps to find format mismatches at compile time Suggested-by: NDavid Laight <David.Laight@ACULAB.COM> Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
-
由 Pablo Neira Ayuso 提交于
This patch allows you to attach the timeout policy via the CT target, it adds a new revision of the target to ensure backward compatibility. Moreover, it also contains the glue code to stick the timeout object defined via nfnetlink_cttimeout to the given flow. Example usage (it requires installing the nfct tool and libnetfilter_cttimeout): 1) create the timeout policy: nfct timeout add tcp-policy0 inet tcp \ established 1000 close 10 time_wait 10 last_ack 10 2) attach the timeout policy to the packet: iptables -I PREROUTING -t raw -p tcp -j CT --timeout tcp-policy0 You have to install the following user-space software: a) libnetfilter_cttimeout: git://git.netfilter.org/libnetfilter_cttimeout b) nfct: git://git.netfilter.org/nfct You also have to get iptables with -j CT --timeout support. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
This patch adds the timeout extension, which allows you to attach specific timeout policies to flows. This extension is only used by the template conntrack. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
This patch adds the infrastructure to add fine timeout tuning over nfnetlink. Now you can use the NFNL_SUBSYS_CTNETLINK_TIMEOUT subsystem to create/delete/dump timeout objects that contain some specific timeout policy for one flow. The follow up patches will allow you attach timeout policy object to conntrack via the CT target and the conntrack extension infrastructure. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
This patch defines a new interface for l4 protocol trackers: unsigned int *(*get_timeouts)(struct net *net); that is used to return the array of unsigned int that contains the timeouts that will be applied for this flow. This is passed to the l4proto->new(...) and l4proto->packet(...) functions to specify the timeout policy. This interface allows per-net global timeout configuration (although only DCCP supports this by now) and it will allow custom custom timeout configuration by means of follow-up patches. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
This patch adds an array to define the default GRE timeouts. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
This patch moves the retransmission and unacknowledged timeouts to the tcp_timeouts array. This change is required by follow-up patches. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
Use one array to store the UDP timeouts instead of two variables. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Hans Schillstrom 提交于
net/netfilter/nf_conntrack_proto.c:70 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 3 locks held by conntrack/3235: nfnl_lock+0x17/0x20 netlink_dump+0x32/0x240 ctnetlink_dump_table+0x3e/0x170 [nf_conntrack_netlink] stack backtrace: Pid: 3235, comm: conntrack Tainted: G W 3.2.0+ #511 Call Trace: [<ffffffff8108ce45>] lockdep_rcu_suspicious+0xe5/0x100 [<ffffffffa00ec6e1>] __nf_ct_l4proto_find+0x81/0xb0 [nf_conntrack] [<ffffffffa0115675>] ctnetlink_fill_info+0x215/0x5f0 [nf_conntrack_netlink] [<ffffffffa0115dc1>] ctnetlink_dump_table+0xd1/0x170 [nf_conntrack_netlink] [<ffffffff815fbdbf>] netlink_dump+0x7f/0x240 [<ffffffff81090f9d>] ? trace_hardirqs_on+0xd/0x10 [<ffffffff815fd34f>] netlink_dump_start+0xdf/0x190 [<ffffffffa0111490>] ? ctnetlink_change_nat_seq_adj+0x160/0x160 [nf_conntrack_netlink] [<ffffffffa0115cf0>] ? ctnetlink_get_conntrack+0x2a0/0x2a0 [nf_conntrack_netlink] [<ffffffffa0115ad9>] ctnetlink_get_conntrack+0x89/0x2a0 [nf_conntrack_netlink] [<ffffffff81603a47>] nfnetlink_rcv_msg+0x467/0x5f0 [<ffffffff81603a7c>] ? nfnetlink_rcv_msg+0x49c/0x5f0 [<ffffffff81603922>] ? nfnetlink_rcv_msg+0x342/0x5f0 [<ffffffff81071b21>] ? get_parent_ip+0x11/0x50 [<ffffffff816035e0>] ? nfnetlink_subsys_register+0x60/0x60 [<ffffffff815fed49>] netlink_rcv_skb+0xa9/0xd0 [<ffffffff81603475>] nfnetlink_rcv+0x15/0x20 [<ffffffff815fe70e>] netlink_unicast+0x1ae/0x1f0 [<ffffffff815fea16>] netlink_sendmsg+0x2c6/0x320 [<ffffffff815b2a87>] sock_sendmsg+0x117/0x130 [<ffffffff81125093>] ? might_fault+0x53/0xb0 [<ffffffff811250dc>] ? might_fault+0x9c/0xb0 [<ffffffff81125093>] ? might_fault+0x53/0xb0 [<ffffffff815b5991>] ? move_addr_to_kernel+0x71/0x80 [<ffffffff815b644e>] sys_sendto+0xfe/0x130 [<ffffffff815b5c94>] ? sys_bind+0xb4/0xd0 [<ffffffff817a8a0e>] ? retint_swapgs+0xe/0x13 [<ffffffff817afcd2>] system_call_fastpath+0x16/0x1b Reported-by: NHans Schillstrom <hans.schillstrom@ericsson.com> Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NHans Schillstrom <hans.schillstrom@ericsson.com>
-
由 Richard Weinberger 提交于
In 16059b5 netfilter: merge ipt_LOG and ip6_LOG into xt_LOG, we have merged ipt_LOG and ip6t_LOG. However: IN=wlan0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=213.150.61.61 DST=192.168.1.133 LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=10539 DF PROTO=TCP SPT=80 DPT=49013 WINDOW=0 RES=0x00 ACK RST URGP=0 PROTO=UDPLITE SPT=80 DPT=49013 LEN=45843 PROTO=ICMP TYPE=0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Several missing break in the code led to including bogus layer-4 information. This patch fixes this problem. Signed-off-by: NRichard Weinberger <richard@nod.at> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 WANG Cong 提交于
These two headers are not required anymore, they have been replaced by xt_SAME.h and xt_realm.h. Florian Westphal pointed out this. Cc: "David S. Miller" <davem@davemloft.net> Cc: Florian Westphal <fw@strlen.de> Signed-off-by: WANG Cong <xiyou.wangcong@gmail. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Tony Zelenoff 提交于
* identation lowered * some CPU cycles saved at delayed item variable initialization Signed-off-by: NTony Zelenoff <antonz@parallels.com> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Tony Zelenoff 提交于
Signed-off-by: NTony Zelenoff <antonz@parallels.com> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Richard Weinberger 提交于
ipt_LOG and ip6_LOG have a lot of common code, merge them to reduce duplicate code. Signed-off-by: NRichard Weinberger <richard@nod.at> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
This patch allows you to set expectfn which is specifically used by the NAT side of most of the existing conntrack helpers. I have added a symbol map that uses a string as key to look up for the function that is attached to the expectation object. This is the best solution I came out with to solve this issue. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
This patch adds the missing bits to create expectations that are created in NAT setups.
-
由 Pablo Neira Ayuso 提交于
This patch allows you to set the expectation class. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Pablo Neira Ayuso 提交于
This patch allow you to set the helper for newly created expectations based of the CTA_EXPECT_HELP_NAME attribute. Before this, the helper set was NULL. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jozsef Kadlecsik 提交于
Timed out entries were still matched till the garbage collector purged them out. The fix is verified in the testsuite. Signed-off-by: NJozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jozsef Kadlecsik 提交于
The "nomatch" keyword and option is added to the hash:*net* types, by which one can add exception entries to sets. Example: ipset create test hash:net ipset add test 192.168.0/24 ipset add test 192.168.0/30 nomatch In this case the IP addresses from 192.168.0/24 except 192.168.0/30 match the elements of the set. Signed-off-by: NJozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jozsef Kadlecsik 提交于
If the set is full, the SET target cannot add more elements. Log warning so that the admin got notified about it. Signed-off-by: NJozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jan Engelhardt 提交于
iptables's libxt_SET.c depends on these. Signed-off-by: NJan Engelhardt <jengelh@medozas.de> Signed-off-by: NJozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jan Engelhardt 提交于
ipset is actually using NFPROTO values rather than AF (xt_set passes that along). Signed-off-by: NJan Engelhardt <jengelh@medozas.de> Signed-off-by: NJozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-