1. 30 3月, 2009 1 次提交
  2. 27 3月, 2009 1 次提交
    • J
      ipv6: Plug sk_buff leak in ipv6_rcv (net/ipv6/ip6_input.c) · 71f6f6df
      Jesper Nilsson 提交于
      Commit 778d80be
      (ipv6: Add disable_ipv6 sysctl to disable IPv6 operaion on specific interface)
      seems to have introduced a leak of sk_buff's for ipv6 traffic,
      at least in some configurations where idev is NULL, or when ipv6
      is disabled via sysctl.
      
      The problem is that if the first condition of the if-statement
      returns non-NULL, it returns an skb with only one reference,
      and when the other conditions apply, execution jumps to the "out"
      label, which does not call kfree_skb for it.
      
      To plug this leak, change to use the "drop" label instead.
      (this relies on it being ok to call kfree_skb on NULL)
      This also allows us to avoid calling rcu_read_unlock here,
      and removes the only user of the "out" label.
      Signed-off-by: NJesper Nilsson <jesper.nilsson@axis.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      71f6f6df
  3. 26 3月, 2009 3 次提交
  4. 25 3月, 2009 5 次提交
  5. 22 3月, 2009 1 次提交
  6. 19 3月, 2009 3 次提交
  7. 16 3月, 2009 4 次提交
  8. 12 3月, 2009 1 次提交
  9. 10 3月, 2009 1 次提交
  10. 04 3月, 2009 1 次提交
  11. 03 3月, 2009 2 次提交
    • D
      netns: fix addrconf_ifdown kernel panic · 176c39af
      Daniel Lezcano 提交于
      When a network namespace is destroyed the network interfaces are
      all unregistered, making addrconf_ifdown called by the netdevice
      notifier. 
      In the other hand, the addrconf exit method does a loop on the network
      devices and does addrconf_ifdown on each of them. But the ordering of 
      the netns subsystem is not right because it uses the register_pernet_device
      instead of register_pernet_subsys. If we handle the loopback as
      any network device, we can safely use register_pernet_subsys.
      
      But if we use register_pernet_subsys, the addrconf exit method will do
      exactly what was already done with the unregistering of the network
      devices. So in definitive, this code is pointless.
      
      I removed the netns addrconf exit method and moved the code to the
      addrconf cleanup function.
      Signed-off-by: NDaniel Lezcano <dlezcano@fr.ibm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      176c39af
    • S
      ipv6: Fix sysctl unregistration deadlock · b325fddb
      Stephen Hemminger 提交于
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b325fddb
  12. 26 2月, 2009 1 次提交
  13. 25 2月, 2009 3 次提交
    • W
      sit: used time_before for comparing jiffies · bb80087a
      Wei Yongjun 提交于
      The functions time_before is more robust for comparing
      jiffies against other values.
      Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bb80087a
    • W
      ipv6: Remove some pointless conditionals before kfree_skb() · 800d55f1
      Wei Yongjun 提交于
      Remove some pointless conditionals before kfree_skb().
      
      The semantic match that finds the problem is as follows:
      (http://www.emn.fr/x-info/coccinelle/)
      
      // <smpl>
      @@
      expression E;
      @@
      - if (E)
      - 	kfree_skb(E);
      + kfree_skb(E);
      // </smpl>
      Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      800d55f1
    • P
      netlink: change nlmsg_notify() return value logic · 1ce85fe4
      Pablo Neira Ayuso 提交于
      This patch changes the return value of nlmsg_notify() as follows:
      
      If NETLINK_BROADCAST_ERROR is set by any of the listeners and
      an error in the delivery happened, return the broadcast error;
      else if there are no listeners apart from the socket that
      requested a change with the echo flag, return the result of the
      unicast notification. Thus, with this patch, the unicast
      notification is handled in the same way of a broadcast listener
      that has set the NETLINK_BROADCAST_ERROR socket flag.
      
      This patch is useful in case that the caller of nlmsg_notify()
      wants to know the result of the delivery of a netlink notification
      (including the broadcast delivery) and take any action in case
      that the delivery failed. For example, ctnetlink can drop packets
      if the event delivery failed to provide reliable logging and
      state-synchronization at the cost of dropping packets.
      
      This patch also modifies the rtnetlink code to ignore the return
      value of rtnl_notify() in all callers. The function rtnl_notify()
      (before this patch) returned the error of the unicast notification
      which makes rtnl_set_sk_err() reports errors to all listeners. This
      is not of any help since the origin of the change (the socket that
      requested the echoing) notices the ENOBUFS error if the notification
      fails and should resync itself.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      Acked-by: NPatrick McHardy <kaber@trash.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1ce85fe4
  14. 22 2月, 2009 1 次提交
  15. 20 2月, 2009 1 次提交
    • S
      netfilter: iptables: lock free counters · 78454473
      Stephen Hemminger 提交于
      The reader/writer lock in ip_tables is acquired in the critical path of
      processing packets and is one of the reasons just loading iptables can cause
      a 20% performance loss. The rwlock serves two functions:
      
      1) it prevents changes to table state (xt_replace) while table is in use.
         This is now handled by doing rcu on the xt_table. When table is
         replaced, the new table(s) are put in and the old one table(s) are freed
         after RCU period.
      
      2) it provides synchronization when accesing the counter values.
         This is now handled by swapping in new table_info entries for each cpu
         then summing the old values, and putting the result back onto one
         cpu.  On a busy system it may cause sampling to occur at different
         times on each cpu, but no packet/byte counts are lost in the process.
      Signed-off-by: NStephen Hemminger <shemminger@vyatta.com>
      
      Sucessfully tested on my dual quad core machine too, but iptables only (no ipv6 here)
      BTW, my new "tbench 8" result is 2450 MB/s, (it was 2150 MB/s not so long ago)
      Acked-by: NEric Dumazet <dada1@cosmosbay.com>
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      78454473
  16. 19 2月, 2009 4 次提交
  17. 18 2月, 2009 3 次提交
  18. 10 2月, 2009 3 次提交
  19. 07 2月, 2009 1 次提交