1. 01 8月, 2014 14 次提交
    • D
      net: fix the counter ICMP_MIB_INERRORS/ICMP6_MIB_INERRORS · 7304fe46
      Duan Jiong 提交于
      When dealing with ICMPv[46] Error Message, function icmp_socket_deliver()
      and icmpv6_notify() do some valid checks on packet's length, but then some
      protocols check packet's length redaudantly. So remove those duplicated
      statements, and increase counter ICMP_MIB_INERRORS/ICMP6_MIB_INERRORS in
      function icmp_socket_deliver() and icmpv6_notify() respectively.
      
      In addition, add missed counter in udp6/udplite6 when socket is NULL.
      Signed-off-by: NDuan Jiong <duanj.fnst@cn.fujitsu.com>
      Acked-by: NHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7304fe46
    • J
      sctp: Fixup v4mapped behaviour to comply with Sock API · 299ee123
      Jason Gunthorpe 提交于
      The SCTP socket extensions API document describes the v4mapping option as
      follows:
      
      8.1.15.  Set/Clear IPv4 Mapped Addresses (SCTP_I_WANT_MAPPED_V4_ADDR)
      
         This socket option is a Boolean flag which turns on or off the
         mapping of IPv4 addresses.  If this option is turned on, then IPv4
         addresses will be mapped to V6 representation.  If this option is
         turned off, then no mapping will be done of V4 addresses and a user
         will receive both PF_INET6 and PF_INET type addresses on the socket.
         See [RFC3542] for more details on mapped V6 addresses.
      
      This description isn't really in line with what the code does though.
      
      Introduce addr_to_user (renamed addr_v4map), which should be called
      before any sockaddr is passed back to user space. The new function
      places the sockaddr into the correct format depending on the
      SCTP_I_WANT_MAPPED_V4_ADDR option.
      
      Audit all places that touched v4mapped and either sanely construct
      a v4 or v6 address then call addr_to_user, or drop the
      unnecessary v4mapped check entirely.
      
      Audit all places that call addr_to_user and verify they are on a sycall
      return path.
      
      Add a custom getname that formats the address properly.
      
      Several bugs are addressed:
       - SCTP_I_WANT_MAPPED_V4_ADDR=0 often returned garbage for
         addresses to user space
       - The addr_len returned from recvmsg was not correct when
         returning AF_INET on a v6 socket
       - flowlabel and scope_id were not zerod when promoting
         a v4 to v6
       - Some syscalls like bind and connect behaved differently
         depending on v4mapped
      
      Tested bind, getpeername, getsockname, connect, and recvmsg for proper
      behaviour in v4mapped = 1 and 0 cases.
      Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
      Tested-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com>
      Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      299ee123
    • K
      net: kernel-doc compliant documentation for net_device · 536721b1
      Karoly Kemeny 提交于
      Net_device is a vast and important structure, but it has no kernel-doc
      compliant documentation. This patch extracts the comments from the structure
      to clean it up, and let the scripts extract documentation from it. I know that
      the patch is big, but it's just reordering of comments into the appropriate
      form, and adding a few more, for the missing members.
      Signed-off-by: NKaroly Kemeny <karoly.kemeny@gmail.com>
      Acked-by: NRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      536721b1
    • D
      Merge branch 'stmmac-next' · 8e97b85a
      David S. Miller 提交于
      Vince Bridgers says:
      
      ====================
      net: stmmac: Improve mcast/ucast filter for snps
      
      This patch series adds Synopsys specific bindings for the Synopsys EMAC
      filter characteristics since those are implementation dependent. The
      multicast and unicast filtering code was improved to handle different
      configuration variations based on device tree settings.
      
      I verified the operation of the multicast and unicast filters through
      Synopsys support as requested during the V1 review, and tested the GMAC
      configuration on an Altera Cyclone 5 SOC (which supports 256 multicast
      bins and 128 Unicast addresses). The 10/100 variant of this driver
      modification was not tested, although it was compile tested. I shared
      the email thread results of the investigation through Synopsys with the
      stmmac maintainer.
      
      V4: Remove patch from series that addressed a sparse issue from a
          down rev'd version of sparse that does not show up in the
          latest version of sparse.
      V3: Break up the patch into interface and functional change patches
          per review comments
      V2: Confirm with Synopsys methods to determine number of Multicast bins
          and Unicast address filter entries per first round review comments.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8e97b85a
    • V
      net: stmmac: Support devicetree configs for mcast and ucast filter entries · 3b57de95
      Vince Bridgers 提交于
      This patch adds and modifies code to support multiple Multicast and Unicast
      Synopsys MAC filter configurations. The default configuration is defined to
      support legacy driver behavior, which is 64 Multicast bins. The Unicast
      filter code previously assumed all controllers support 32 or 16 Unicast
      addresses based on controller version number, but this has been corrected
      to support a default of 1 Unicast address. The filter configuration may
      be specified through the devicetree using a Synopsys specific device tree
      entry. This information was verified with Synopsys through
      Synopsys Support Case #8000684337 and shared with the maintainer.
      Signed-off-by: NVince Bridgers <vbridgers2013@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3b57de95
    • V
      ARM: socfpga: Add socfpga Ethernet filter attributes entries · ea6856e3
      Vince Bridgers 提交于
      This patch adds socfpga Ethernet filter attributes for multicast
      and unicast filters per Synopsys Ethernet IP configuration chosen
      by Altera for the Cyclone 5 and Arria SOC FPGAs.
      Signed-off-by: NVince Bridgers <vbridgers2013@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ea6856e3
    • V
      dts: Add bindings for multicast hash bins and perfect filter entries · 94ceaa26
      Vince Bridgers 提交于
      This change adds bindings for the number of multicast hash bins and perfect
      filter entries supported by the Synopsys EMAC. The Synopsys EMAC core is
      configurable at device creation time, and can be configured for a different
      number of multicast hash bins and a different number of perfect filter
      entries. The device does not provide a way to query these parameters,
      therefore parameters are required. The Altera Cyclone V SOC has support for
      256 multicast hash bins and 128 perfect filter entries, and is different
      than what's currently provided in the stmmac driver.
      Signed-off-by: NVince Bridgers <vbridgers2013@gmail.com>
      Acked-by: NRob Herring <robh@kernel.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      94ceaa26
    • V
      net: stmmac: Correct set_filter for multicast and unicast cases · aefef4c1
      Vince Bridgers 提交于
      This patch removes the check for the number of mulitcast addresses
      when using hash based filtering since it's not necessary. If the number
      of multicast addresses in the list exceeds the number of multicast hash
      bins, the bins will "fold" over into one of the bins configured and
      enabled for the particular component instance.
      
      The default number of maximum unicast addresses was changed from 32 to 1
      since this number is not dependent on the component revision. The maximum
      number of multicast and unicast addresses is dependent on the configuration
      of the Synopsys EMAC configured by the SOC architect at the time the
      features were selected and configured for a particular component. Sadly,
      Synopsys does not provide a way to query the precise number supported
      by a particular component, so we must fall back on a devicetree entry.
      This configuration could vary from vendor to vendor (such as STMicro,
      Altera, etc).
      
      The multicast bins are set for every possible filtering case (including
      no entries) - previously the bits were set only if multicast filter entries
      were present.
      Signed-off-by: NVince Bridgers <vbridgers2013@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      aefef4c1
    • V
      net: stmmac: Change MAC interface to support multiple filter configurations · 7ed24bbe
      Vince Bridgers 提交于
      The synopsys EMAC can be configured for different numbers of multicast hash
      bins and perfect filter entries at device creation time and there's no way
      to query this configuration information at runtime. As a result, a devicetree
      parameter is required in order for the driver to program these filters
      correctly for a particular device instance. This patch modifies the
      10/100/1000 MAC software interface such that these configuration parameters
      can be set at initialization time.
      Signed-off-by: NVince Bridgers <vbridgers2013@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7ed24bbe
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · a173e550
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter updates for net-next
      
      The following patchset contains netfilter updates for net-next, they are:
      
      1) Add the reject expression for the nf_tables bridge family, this
         allows us to send explicit reject (TCP RST / ICMP dest unrech) to
         the packets matching a rule.
      
      2) Simplify and consolidate the nf_tables set dumping logic. This uses
         netlink control->data to filter out depending on the request.
      
      3) Perform garbage collection in xt_hashlimit using a workqueue instead
         of a timer, which is problematic when many entries are in place in
         the tables, from Eric Dumazet.
      
      4) Remove leftover code from the removed ulog target support, from
         Paul Bolle.
      
      5) Dump unmodified flags in the netfilter packet accounting when resetting
         counters, so userspace knows that a counter was in overquota situation,
         from Alexey Perevalov.
      
      6) Fix wrong usage of the bitwise functions in nfnetlink_acct, also from
         Alexey.
      
      7) Fix a crash when adding new set element with an empty NFTA_SET_ELEM_LIST
         attribute.
      
      This patchset also includes a couple of cleanups for xt_LED from
      Duan Jiong and for nf_conntrack_ipv4 (using coccinelle) from
      Himangi Saraogi.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a173e550
    • B
      tcp: don't require root to read tcp_metrics · 388070fa
      Banerjee, Debabrata 提交于
      commit d23ff701 (tcp: add generic netlink support for tcp_metrics) introduced
      netlink support for the new tcp_metrics, however it restricted getting of
      tcp_metrics to root user only. This is a change from how these values could
      have been fetched when in the old route cache. Unless there's a legitimate
      reason to restrict the reading of these values it would be better if normal
      users could fetch them.
      
      Cc: Julian Anastasov <ja@ssi.bg>
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NDebabrata Banerjee <dbanerje@akamai.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      388070fa
    • D
      team: fix releasing uninitialized pointer to BPF prog · 2b391ee2
      Daniel Borkmann 提交于
      Commit 34c5bd66 introduced the possibility that an
      uninitialized pointer on the stack (orig_fp) can call into
      sk_unattached_filter_destroy() when its value is non NULL.
      
      Before that commit orig_fp was only destroyed in the same
      block where it was assigned a valid BPF prog before. Fix it
      up by initializing it to NULL.
      
      Fixes: 34c5bd66 ("net: filter: don't release unattached filter through call_rcu()")
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Cc: Pablo Neira <pablo@netfilter.org>
      Cc: Alexei Starovoitov <ast@plumgrid.com>
      Cc: Jiri Pirko <jiri@resnulli.us>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2b391ee2
    • P
      netfilter: nf_tables: check for unset NFTA_SET_ELEM_LIST_ELEMENTS attribute · 7d5570ca
      Pablo Neira Ayuso 提交于
      Otherwise, the kernel oopses in nla_for_each_nested when iterating over
      the unset attribute NFTA_SET_ELEM_LIST_ELEMENTS in the
      nf_tables_{new,del}setelem() path.
      
      netlink: 65524 bytes leftover after parsing attributes in process `nft'.
      [...]
      Oops: 0000 [#1] SMP
      [...]
      CPU: 2 PID: 6287 Comm: nft Not tainted 3.16.0-rc2+ #169
      RIP: 0010:[<ffffffffa0526e61>]  [<ffffffffa0526e61>] nf_tables_newsetelem+0x82/0xec [nf_tables]
      [...]
      Call Trace:
       [<ffffffffa05178c4>] nfnetlink_rcv+0x2e7/0x3d7 [nfnetlink]
       [<ffffffffa0517939>] ? nfnetlink_rcv+0x35c/0x3d7 [nfnetlink]
       [<ffffffff8137d300>] netlink_unicast+0xf8/0x17a
       [<ffffffff8137d6a5>] netlink_sendmsg+0x323/0x351
      [...]
      
      Fix this by returning -EINVAL if this attribute is not set, which
      doesn't make sense at all since those commands are there to add and to
      delete elements from the set.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      7d5570ca
    • A
      netfilter: nfnetlink_acct: avoid using NFACCT_F_OVERQUOTA with bit helper functions · b6d04688
      Alexey Perevalov 提交于
      Bit helper functions were used for manipulation with NFACCT_F_OVERQUOTA,
      but they are accepting pit position, but not a bit mask. As a result
      not a third bit for NFACCT_F_OVERQUOTA was set, but forth. Such
      behaviour was dangarous and could lead to unexpected overquota report
      result.
      Signed-off-by: NAlexey Perevalov <a.perevalov@samsung.com>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      b6d04688
  2. 31 7月, 2014 26 次提交