- 30 3月, 2009 1 次提交
-
-
由 Matt LaPlante 提交于
Signed-off-by: NMatt LaPlante <kernel1@cyberdogtech.com> Acked-by: NRandy Dunlap <randy.dunlap@oracle.com> Signed-off-by: NJiri Kosina <jkosina@suse.cz>
-
- 27 3月, 2009 1 次提交
-
-
由 Jesper Nilsson 提交于
Commit 778d80be (ipv6: Add disable_ipv6 sysctl to disable IPv6 operaion on specific interface) seems to have introduced a leak of sk_buff's for ipv6 traffic, at least in some configurations where idev is NULL, or when ipv6 is disabled via sysctl. The problem is that if the first condition of the if-statement returns non-NULL, it returns an skb with only one reference, and when the other conditions apply, execution jumps to the "out" label, which does not call kfree_skb for it. To plug this leak, change to use the "drop" label instead. (this relies on it being ok to call kfree_skb on NULL) This also allows us to avoid calling rcu_read_unlock here, and removes the only user of the "out" label. Signed-off-by: NJesper Nilsson <jesper.nilsson@axis.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 26 3月, 2009 3 次提交
-
-
由 Holger Eitzenberger 提交于
Signed-off-by: NHolger Eitzenberger <holger@eitzenberger.org> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Commit e1b4b9f3 ([NETFILTER]: {ip,ip6,arp}_tables: fix exponential worst-case search for loops) introduced a regression in the loop detection algorithm, causing sporadic incorrectly detected loops. When a chain has already been visited during the check, it is treated as having a standard target containing a RETURN verdict directly at the beginning in order to not check it again. The real target of the first rule is then incorrectly treated as STANDARD target and checked not to contain invalid verdicts. Fix by making sure the rule does actually contain a standard target. Based on patch by Francis Dupont <Francis_Dupont@isc.org> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Eric Dumazet 提交于
We use same not trivial helper function in four places. We can factorize it. Signed-off-by: NEric Dumazet <dada1@cosmosbay.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
- 25 3月, 2009 5 次提交
-
-
由 Vlad Yasevich 提交于
The ipv6 version of bind_conflict code calls ipv6_rcv_saddr_equal() which at times wrongly identified intersections between addresses. It particularly broke down under a few instances and caused erroneous bind conflicts. Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Vlad Yasevich 提交于
Binding to a v4-mapped address on an AF_INET6 socket should produce the same result as binding to an IPv4 address on AF_INET socket. The two are interchangable as v4-mapped address is really a portability aid. Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Vlad Yasevich 提交于
The IPv4 wildcard (0.0.0.0) address does not intersect in any way with explicit IPv6 addresses. These two should be permitted, but the IPv4 conflict code checks the ipv6only bit as part of the test. Since binding to an explicit IPv6 address restricts the socket to only that IPv6 address, the side-effect is that the socket behaves as v6-only. By explicitely setting ipv6only in this case, allows the 2 binds to succeed. Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Vlad Yasevich 提交于
A socket marked v6-only, can not receive or send traffic to v4-mapped addresses. Thus allowing binding to v4-mapped address on such a socket makes no sense. Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jan Engelhardt 提交于
Supplements commit 67c0d579. Signed-off-by: NJan Engelhardt <jengelh@medozas.de> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 22 3月, 2009 1 次提交
-
-
由 Ilpo Järvinen 提交于
tcp_sack_swap seems unnecessary so I pushed swap to the caller. Also removed comment that seemed then pointless, and added include when not already there. Compile tested. Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 19 3月, 2009 3 次提交
-
-
由 Jorge Boncompte [DTI2] 提交于
dev can be NULL in ip[6]_frag_reasm for skb's coming from RAW sockets. Quagga's OSPFD sends fragmented packets on a RAW socket, when netfilter conntrack reassembles them on the OUTPUT path you hit this code path. You can test it with something like "hping2 -0 -d 2000 -f AA.BB.CC.DD" With help from Jarek Poplawski. Signed-off-by: NJorge Boncompte [DTI2] <jorge@dti2.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Bjørn Mork 提交于
This fixes the regressions cause by commit 1326c3d5 (v2.6.28-rc6-461-g23a12b14) broke the display of local and remote addresses of an SIT tunnel in iproute2. nt->parms is used by ipip6_tunnel_init() and therefore need to be initialized first. Tracked as http://bugzilla.kernel.org/show_bug.cgi?id=12868Reported-by: NJan Engelhardt <jengelh@medozas.de> Signed-off-by: NBjørn Mork <bjorn@mork.no> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Brian Haley 提交于
Fix the behavior of allowing both sysctl and addrconf_dad_failure() to set the disable_ipv6 parameter without any bad side-effects. If DAD fails and accept_dad > 1, we will still set disable_ipv6=1, but then instead of allowing an RA to add an address then immediately fail DAD, we simply don't allow the address to be added in the first place. This also lets the user set this flag and disable all IPv6 addresses on the interface, or on the entire system. Signed-off-by: NBrian Haley <brian.haley@hp.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 16 3月, 2009 4 次提交
-
-
由 Christoph Paasch 提交于
NEXTHDR_NONE doesn't has an IPv6 option header, so the first check for the length will always fail and results in a confusing message "too short" if debugging enabled. With this patch, we check for NEXTHDR_NONE before length sanity checkings are done. Signed-off-by: NChristoph Paasch <christoph.paasch@gmail.com> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Scott James Remnant 提交于
The ip6_queue module is missing the net-pf-16-proto-13 alias that would cause it to be auto-loaded when a socket of that type is opened. This patch adds the alias. Signed-off-by: NScott James Remnant <scott@canonical.com> Signed-off-by: NTim Gardner <tim.gardner@canonical.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Christoph Paasch 提交于
Moving the structure definitions to the corresponding IPvX specific header files. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Eric Leblond 提交于
This patch modifies nf_log to use a linked list of loggers for each protocol. This list of loggers is read and write protected with a mutex. This patch separates registration and binding. To be used as logging module, a module has to register calling nf_log_register() and to bind to a protocol it has to call nf_log_bind_pf(). This patch also converts the logging modules to the new API. For nfnetlink_log, it simply switchs call to register functions to call to bind function and adds a call to nf_log_register() during init. For other modules, it just remove a const flag from the logger structure and replace it with a __read_mostly. Signed-off-by: NEric Leblond <eric@inl.fr> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
- 12 3月, 2009 1 次提交
-
-
由 John Dykstra 提交于
Do not try to "uninitialize" ipv6 if its initialization had been skipped because module parameter disable=1 had been specified. Reported-by: NThomas Backlund <tmb@mandriva.org> Signed-off-by: NJohn Dykstra <john.dykstra1@gmail.com> Acked-by: NBrian Haley <brian.haley@hp.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 10 3月, 2009 1 次提交
-
-
由 Stephen Hemminger 提交于
Protocols that use packet_type can be __read_mostly section for better locality. Elminate any unnecessary initializations of NULL. Signed-off-by: NStephen Hemminger <shemminger@vyatta.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 04 3月, 2009 1 次提交
-
-
由 Brian Haley 提交于
Add "disable" module parameter support to ipv6.ko by specifying "disable=1" on module load. We just do the minimum of initializing inetsw6[] so calls from other modules to inet6_register_protosw() won't OOPs, then bail out. No IPv6 addresses or sockets can be created as a result, and a reboot is required to enable IPv6. Signed-off-by: NBrian Haley <brian.haley@hp.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 03 3月, 2009 2 次提交
-
-
由 Daniel Lezcano 提交于
When a network namespace is destroyed the network interfaces are all unregistered, making addrconf_ifdown called by the netdevice notifier. In the other hand, the addrconf exit method does a loop on the network devices and does addrconf_ifdown on each of them. But the ordering of the netns subsystem is not right because it uses the register_pernet_device instead of register_pernet_subsys. If we handle the loopback as any network device, we can safely use register_pernet_subsys. But if we use register_pernet_subsys, the addrconf exit method will do exactly what was already done with the unregistering of the network devices. So in definitive, this code is pointless. I removed the netns addrconf exit method and moved the code to the addrconf cleanup function. Signed-off-by: NDaniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Stephen Hemminger 提交于
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 26 2月, 2009 1 次提交
-
-
由 Pavel Emelyanov 提交于
We already have a valid net in that place, but this is not just a cleanup - the tw pointer can be NULL there sometimes, thus causing an oops in NET_NS=y case. The same place in ipv4 code already works correctly using existing net, rather than tw's one. The bug exists since 2.6.27. Signed-off-by: NPavel Emelyanov <xemul@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 25 2月, 2009 3 次提交
-
-
由 Wei Yongjun 提交于
The functions time_before is more robust for comparing jiffies against other values. Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Wei Yongjun 提交于
Remove some pointless conditionals before kfree_skb(). The semantic match that finds the problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @@ expression E; @@ - if (E) - kfree_skb(E); + kfree_skb(E); // </smpl> Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Pablo Neira Ayuso 提交于
This patch changes the return value of nlmsg_notify() as follows: If NETLINK_BROADCAST_ERROR is set by any of the listeners and an error in the delivery happened, return the broadcast error; else if there are no listeners apart from the socket that requested a change with the echo flag, return the result of the unicast notification. Thus, with this patch, the unicast notification is handled in the same way of a broadcast listener that has set the NETLINK_BROADCAST_ERROR socket flag. This patch is useful in case that the caller of nlmsg_notify() wants to know the result of the delivery of a netlink notification (including the broadcast delivery) and take any action in case that the delivery failed. For example, ctnetlink can drop packets if the event delivery failed to provide reliable logging and state-synchronization at the cost of dropping packets. This patch also modifies the rtnetlink code to ignore the return value of rtnl_notify() in all callers. The function rtnl_notify() (before this patch) returned the error of the unicast notification which makes rtnl_set_sk_err() reports errors to all listeners. This is not of any help since the origin of the change (the socket that requested the echoing) notices the ENOBUFS error if the notification fails and should resync itself. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Acked-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 22 2月, 2009 1 次提交
-
-
由 Hannes Eder 提交于
Fix this sparse warning: net/ipv6/xfrm6_state.c:72:26: warning: Using plain integer as NULL pointer Signed-off-by: NHannes Eder <hannes@hanneseder.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 20 2月, 2009 1 次提交
-
-
由 Stephen Hemminger 提交于
The reader/writer lock in ip_tables is acquired in the critical path of processing packets and is one of the reasons just loading iptables can cause a 20% performance loss. The rwlock serves two functions: 1) it prevents changes to table state (xt_replace) while table is in use. This is now handled by doing rcu on the xt_table. When table is replaced, the new table(s) are put in and the old one table(s) are freed after RCU period. 2) it provides synchronization when accesing the counter values. This is now handled by swapping in new table_info entries for each cpu then summing the old values, and putting the result back onto one cpu. On a busy system it may cause sampling to occur at different times on each cpu, but no packet/byte counts are lost in the process. Signed-off-by: NStephen Hemminger <shemminger@vyatta.com> Sucessfully tested on my dual quad core machine too, but iptables only (no ipv6 here) BTW, my new "tbench 8" result is 2450 MB/s, (it was 2150 MB/s not so long ago) Acked-by: NEric Dumazet <dada1@cosmosbay.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
- 19 2月, 2009 4 次提交
-
-
由 Eric Dumazet 提交于
ip6_tables netfilter module can use an ifname_compare() helper so that two loops are unfolded. Signed-off-by: NEric Dumazet <dada1@cosmosbay.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
Concern has been expressed about the changing Kconfig options. Provide the old options that forward-select. Signed-off-by: NJan Engelhardt <jengelh@medozas.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
Signed-off-by: NJan Engelhardt <jengelh@medozas.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
Suggested by: James King <t.james.king@gmail.com> Similarly to commit c9fd4968, merge TTL and HL. Since HL does not depend on any IPv6-specific function, no new module dependencies would arise. With slight adjustments to the Kconfig help text. Signed-off-by: NJan Engelhardt <jengelh@medozas.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
- 18 2月, 2009 3 次提交
-
-
由 Eric Leblond 提交于
This patch adds a logging message for invalid new icmpv6 packet. Signed-off-by: NEric Leblond <eric@inl.fr> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Stephen Hemminger 提交于
Later patches change the locking on xt_table and the initialization of the lock element is not needed since the lock is always initialized in xt_table_register anyway. Signed-off-by: NStephen Hemminger <shemminger@vyatta.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Eric Leblond 提交于
This patch fixes a trivial typo that was adding a new line at end of the nf_log_packet() prefix. It also make the logging conditionnal by adding a LOG_INVALID test. Signed-off-by: NEric Leblond <eric@inl.fr> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
- 10 2月, 2009 3 次提交
-
-
由 Noriaki TAKAMIYA 提交于
When the user creates IPv6 over IPv6 tunnel, the device name created by the kernel isn't set to t->parm.name, which is referred as the result of ioctl(). Signed-off-by: NNoriaki TAKAMIYA <takamiya@po.ntts.co.jp> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Leblond 提交于
This patch removes connection tracking handling for ICMPv6 messages related to Stateless Address Autoconfiguration, MLD, and MLDv2. They can not be tracked because they are massively using multicast (on pre-defined address). But they are not invalid and should not be detected as such. Signed-off-by: NEric Leblond <eric@inl.fr> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Leblond 提交于
The patch fixes a typo in the inverse mapping of Node Information request. Following draft-ietf-ipngwg-icmp-name-lookups-09, "Querier" sends a type 139 (ICMPV6_NI_QUERY) packet to "Responder" which answer with a type 140 (ICMPV6_NI_REPLY) packet. Signed-off-by: NEric Leblond <eric@inl.fr> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 07 2月, 2009 1 次提交
-
-
由 Ilpo Järvinen 提交于
$ codiff net/ipv6/addrconf.o net/ipv6/addrconf.o.new net/ipv6/addrconf.c: addrconf_notify | -267 1 function changed, 267 bytes removed net/ipv6/addrconf.c: add_addr | +86 1 function changed, 86 bytes added net/ipv6/addrconf.o.new: 2 functions changed, 86 bytes added, 267 bytes removed, diff: -181 Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-