1. 06 7月, 2009 1 次提交
  2. 04 7月, 2009 3 次提交
    • B
      IPv6: preferred lifetime of address not getting updated · a1ed0526
      Brian Haley 提交于
      There's a bug in addrconf_prefix_rcv() where it won't update the
      preferred lifetime of an IPv6 address if the current valid lifetime
      of the address is less than 2 hours (the minimum value in the RA).
      
      For example, If I send a router advertisement with a prefix that
      has valid lifetime = preferred lifetime = 2 hours we'll build
      this address:
      
      3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
          inet6 2001:1890:1109:a20:217:8ff:fe7d:4718/64 scope global dynamic
             valid_lft 7175sec preferred_lft 7175sec
      
      If I then send the same prefix with valid lifetime = preferred
      lifetime = 0 it will be ignored since the minimum valid lifetime
      is 2 hours:
      
      3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
          inet6 2001:1890:1109:a20:217:8ff:fe7d:4718/64 scope global dynamic
             valid_lft 7161sec preferred_lft 7161sec
      
      But according to RFC 4862 we should always reset the preferred lifetime
      even if the valid lifetime is invalid, which would cause the address
      to immediately get deprecated.  So with this patch we'd see this:
      
      5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
          inet6 2001:1890:1109:a20:21f:29ff:fe5a:ef04/64 scope global deprecated dynamic
             valid_lft 7163sec preferred_lft 0sec
      
      The comment winds-up being 5x the size of the code to fix the problem.
      
      Update the preferred lifetime of IPv6 addresses derived from a prefix
      info option in a router advertisement even if the valid lifetime in
      the option is invalid, as specified in RFC 4862 Section 5.5.3e.  Fixes
      an issue where an address will not immediately become deprecated.
      Reported by Jens Rosenboom.
      Signed-off-by: NBrian Haley <brian.haley@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a1ed0526
    • W
      xfrm6: fix the proto and ports decode of sctp protocol · 59cae009
      Wei Yongjun 提交于
      The SCTP pushed the skb above the sctp chunk header, so the
      check of pskb_may_pull(skb, nh + offset + 1 - skb->data) in
      _decode_session6() will never return 0 and the ports decode
      of sctp will always fail. (nh + offset + 1 - skb->data < 0)
      Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com>
      Acked-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      59cae009
    • W
      xfrm4: fix the ports decode of sctp protocol · c615c9f3
      Wei Yongjun 提交于
      The SCTP pushed the skb data above the sctp chunk header, so the check
      of pskb_may_pull(skb, xprth + 4 - skb->data) in _decode_session4() will
      never return 0 because xprth + 4 - skb->data < 0, the ports decode of
      sctp will always fail.
      Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com>
      Acked-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c615c9f3
  3. 03 7月, 2009 1 次提交
  4. 01 7月, 2009 2 次提交
  5. 30 6月, 2009 4 次提交
  6. 29 6月, 2009 4 次提交
  7. 27 6月, 2009 7 次提交
  8. 26 6月, 2009 2 次提交
  9. 25 6月, 2009 4 次提交
  10. 24 6月, 2009 2 次提交
    • N
      ipv4 routing: Ensure that route cache entries are usable and reclaimable with caching is off · b6280b47
      Neil Horman 提交于
      When route caching is disabled (rt_caching returns false), We still use route
      cache entries that are created and passed into rt_intern_hash once.  These
      routes need to be made usable for the one call path that holds a reference to
      them, and they need to be reclaimed when they're finished with their use.  To be
      made usable, they need to be associated with a neighbor table entry (which they
      currently are not), otherwise iproute_finish2 just discards the packet, since we
      don't know which L2 peer to send the packet to.  To do this binding, we need to
      follow the path a bit higher up in rt_intern_hash, which calls
      arp_bind_neighbour, but not assign the route entry to the hash table.
      Currently, if caching is off, we simply assign the route to the rp pointer and
      are reutrn success.  This patch associates us with a neighbor entry first.
      
      Secondly, we need to make sure that any single use routes like this are known to
      the garbage collector when caching is off.  If caching is off, and we try to
      hash in a route, it will leak when its refcount reaches zero.  To avoid this,
      this patch calls rt_free on the route cache entry passed into rt_intern_hash.
      This places us on the gc list for the route cache garbage collector, so that
      when its refcount reaches zero, it will be reclaimed (Thanks to Alexey for this
      suggestion).
      
      I've tested this on a local system here, and with these patches in place, I'm
      able to maintain routed connectivity to remote systems, even if I set
      /proc/sys/net/ipv4/rt_cache_rebuild_count to -1, which forces rt_caching to
      return false.
      Signed-off-by: NNeil Horman <nhorman@redhat.com>
      Reported-by: NJarek Poplawski <jarkao2@gmail.com>
      Reported-by: NMaxime Bizon <mbizon@freebox.fr>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b6280b47
    • H
      net: Move rx skb_orphan call to where needed · d55d87fd
      Herbert Xu 提交于
      In order to get the tun driver to account packets, we need to be
      able to receive packets with destructors set.  To be on the safe
      side, I added an skb_orphan call for all protocols by default since
      some of them (IP in particular) cannot handle receiving packets
      destructors properly.
      
      Now it seems that at least one protocol (CAN) expects to be able
      to pass skb->sk through the rx path without getting clobbered.
      
      So this patch attempts to fix this properly by moving the skb_orphan
      call to where it's actually needed.  In particular, I've added it
      to skb_set_owner_[rw] which is what most users of skb->destructor
      call.
      
      This is actually an improvement for tun too since it means that
      we only give back the amount charged to the socket when the skb
      is passed to another socket that will also be charged accordingly.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Tested-by: NOliver Hartkopp <olver@hartkopp.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d55d87fd
  11. 23 6月, 2009 1 次提交
  12. 22 6月, 2009 7 次提交
    • P
      netfilter: xt_rateest: fix comparison with self · 4d900f9d
      Patrick McHardy 提交于
      As noticed by Trk Edwin <edwintorok@gmail.com>:
      
      Compiling the kernel with clang has shown this warning:
      
      net/netfilter/xt_rateest.c:69:16: warning: self-comparison always results in a
      constant value
                              ret &= pps2 == pps2;
                                          ^
      Looking at the code:
      if (info->flags & XT_RATEEST_MATCH_BPS)
                  ret &= bps1 == bps2;
              if (info->flags & XT_RATEEST_MATCH_PPS)
                  ret &= pps2 == pps2;
      
      Judging from the MATCH_BPS case it seems to be a typo, with the intention of
      comparing pps1 with pps2.
      
      http://bugzilla.kernel.org/show_bug.cgi?id=13535Signed-off-by: NPatrick McHardy <kaber@trash.net>
      4d900f9d
    • J
      netfilter: xt_quota: fix incomplete initialization · 6d62182f
      Jan Engelhardt 提交于
      Commit v2.6.29-rc5-872-gacc738fe ("xtables: avoid pointer to self")
      forgot to copy the initial quota value supplied by iptables into the
      private structure, thus counting from whatever was in the memory
      kmalloc returned.
      Signed-off-by: NJan Engelhardt <jengelh@medozas.de>
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      6d62182f
    • P
    • P
      netfilter: fix some sparse endianess warnings · f9ffc312
      Patrick McHardy 提交于
      net/netfilter/xt_NFQUEUE.c:46:9: warning: incorrect type in assignment (different base types)
      net/netfilter/xt_NFQUEUE.c:46:9:    expected unsigned int [unsigned] [usertype] ipaddr
      net/netfilter/xt_NFQUEUE.c:46:9:    got restricted unsigned int
      net/netfilter/xt_NFQUEUE.c:68:10: warning: incorrect type in assignment (different base types)
      net/netfilter/xt_NFQUEUE.c:68:10:    expected unsigned int [unsigned] <noident>
      net/netfilter/xt_NFQUEUE.c:68:10:    got restricted unsigned int
      net/netfilter/xt_NFQUEUE.c:69:10: warning: incorrect type in assignment (different base types)
      net/netfilter/xt_NFQUEUE.c:69:10:    expected unsigned int [unsigned] <noident>
      net/netfilter/xt_NFQUEUE.c:69:10:    got restricted unsigned int
      net/netfilter/xt_NFQUEUE.c:70:10: warning: incorrect type in assignment (different base types)
      net/netfilter/xt_NFQUEUE.c:70:10:    expected unsigned int [unsigned] <noident>
      net/netfilter/xt_NFQUEUE.c:70:10:    got restricted unsigned int
      net/netfilter/xt_NFQUEUE.c:71:10: warning: incorrect type in assignment (different base types)
      net/netfilter/xt_NFQUEUE.c:71:10:    expected unsigned int [unsigned] <noident>
      net/netfilter/xt_NFQUEUE.c:71:10:    got restricted unsigned int
      
      net/netfilter/xt_cluster.c:20:55: warning: incorrect type in return expression (different base types)
      net/netfilter/xt_cluster.c:20:55:    expected unsigned int
      net/netfilter/xt_cluster.c:20:55:    got restricted unsigned int const [usertype] ip
      net/netfilter/xt_cluster.c:20:55: warning: incorrect type in return expression (different base types)
      net/netfilter/xt_cluster.c:20:55:    expected unsigned int
      net/netfilter/xt_cluster.c:20:55:    got restricted unsigned int const [usertype] ip
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      f9ffc312
    • P
      netfilter: nf_conntrack: fix conntrack lookup race · 8d8890b7
      Patrick McHardy 提交于
      The RCU protected conntrack hash lookup only checks whether the entry
      has a refcount of zero to decide whether it is stale. This is not
      sufficient, entries are explicitly removed while there is at least
      one reference left, possibly more. Explicitly check whether the entry
      has been marked as dying to fix this.
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      8d8890b7
    • P
      netfilter: nf_conntrack: fix confirmation race condition · 5c8ec910
      Patrick McHardy 提交于
      New connection tracking entries are inserted into the hash before they
      are fully set up, namely the CONFIRMED bit is not set and the timer not
      started yet. This can theoretically lead to a race with timer, which
      would set the timeout value to a relative value, most likely already in
      the past.
      
      Perform hash insertion as the final step to fix this.
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      5c8ec910
    • E
      netfilter: nf_conntrack: death_by_timeout() fix · 8cc20198
      Eric Dumazet 提交于
      death_by_timeout() might delete a conntrack from hash list
      and insert it in dying list.
      
       nf_ct_delete_from_lists(ct);
       nf_ct_insert_dying_list(ct);
      
      I believe a (lockless) reader could *catch* ct while doing a lookup
      and miss the end of its chain.
      (nulls lookup algo must check the null value at the end of lookup and
      should restart if the null value is not the expected one.
      cf Documentation/RCU/rculist_nulls.txt for details)
      
      We need to change nf_conntrack_init_net() and use a different "null" value,
      guaranteed not being used in regular lists. Choose very large values, since
      hash table uses [0..size-1] null values.
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Acked-by: NPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      8cc20198
  13. 21 6月, 2009 1 次提交
  14. 20 6月, 2009 1 次提交
    • N
      ipv4: fix NULL pointer + success return in route lookup path · 73e42897
      Neil Horman 提交于
      Don't drop route if we're not caching	
      
      	I recently got a report of an oops on a route lookup.  Maxime was
      testing what would happen if route caching was turned off (doing so by setting
      making rt_caching always return 0), and found that it triggered an oops.  I
      looked at it and found that the problem stemmed from the fact that the route
      lookup routines were returning success from their lookup paths (which is good),
      but never set the **rp pointer to anything (which is bad).  This happens because
      in rt_intern_hash, if rt_caching returns false, we call rt_drop and return 0.
      This almost emulates slient success.  What we should be doing is assigning *rp =
      rt and _not_ dropping the route.  This way, during slow path lookups, when we
      create a new route cache entry, we don't immediately discard it, rather we just
      don't add it into the cache hash table, but we let this one lookup use it for
      the purpose of this route request.  Maxime has tested and reports it prevents
      the oops.  There is still a subsequent routing issue that I'm looking into
      further, but I'm confident that, even if its related to this same path, this
      patch makes sense to take.
      Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      73e42897