1. 01 8月, 2014 7 次提交
    • V
      net: stmmac: Correct set_filter for multicast and unicast cases · aefef4c1
      Vince Bridgers 提交于
      This patch removes the check for the number of mulitcast addresses
      when using hash based filtering since it's not necessary. If the number
      of multicast addresses in the list exceeds the number of multicast hash
      bins, the bins will "fold" over into one of the bins configured and
      enabled for the particular component instance.
      
      The default number of maximum unicast addresses was changed from 32 to 1
      since this number is not dependent on the component revision. The maximum
      number of multicast and unicast addresses is dependent on the configuration
      of the Synopsys EMAC configured by the SOC architect at the time the
      features were selected and configured for a particular component. Sadly,
      Synopsys does not provide a way to query the precise number supported
      by a particular component, so we must fall back on a devicetree entry.
      This configuration could vary from vendor to vendor (such as STMicro,
      Altera, etc).
      
      The multicast bins are set for every possible filtering case (including
      no entries) - previously the bits were set only if multicast filter entries
      were present.
      Signed-off-by: NVince Bridgers <vbridgers2013@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      aefef4c1
    • V
      net: stmmac: Change MAC interface to support multiple filter configurations · 7ed24bbe
      Vince Bridgers 提交于
      The synopsys EMAC can be configured for different numbers of multicast hash
      bins and perfect filter entries at device creation time and there's no way
      to query this configuration information at runtime. As a result, a devicetree
      parameter is required in order for the driver to program these filters
      correctly for a particular device instance. This patch modifies the
      10/100/1000 MAC software interface such that these configuration parameters
      can be set at initialization time.
      Signed-off-by: NVince Bridgers <vbridgers2013@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7ed24bbe
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · a173e550
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter updates for net-next
      
      The following patchset contains netfilter updates for net-next, they are:
      
      1) Add the reject expression for the nf_tables bridge family, this
         allows us to send explicit reject (TCP RST / ICMP dest unrech) to
         the packets matching a rule.
      
      2) Simplify and consolidate the nf_tables set dumping logic. This uses
         netlink control->data to filter out depending on the request.
      
      3) Perform garbage collection in xt_hashlimit using a workqueue instead
         of a timer, which is problematic when many entries are in place in
         the tables, from Eric Dumazet.
      
      4) Remove leftover code from the removed ulog target support, from
         Paul Bolle.
      
      5) Dump unmodified flags in the netfilter packet accounting when resetting
         counters, so userspace knows that a counter was in overquota situation,
         from Alexey Perevalov.
      
      6) Fix wrong usage of the bitwise functions in nfnetlink_acct, also from
         Alexey.
      
      7) Fix a crash when adding new set element with an empty NFTA_SET_ELEM_LIST
         attribute.
      
      This patchset also includes a couple of cleanups for xt_LED from
      Duan Jiong and for nf_conntrack_ipv4 (using coccinelle) from
      Himangi Saraogi.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a173e550
    • B
      tcp: don't require root to read tcp_metrics · 388070fa
      Banerjee, Debabrata 提交于
      commit d23ff701 (tcp: add generic netlink support for tcp_metrics) introduced
      netlink support for the new tcp_metrics, however it restricted getting of
      tcp_metrics to root user only. This is a change from how these values could
      have been fetched when in the old route cache. Unless there's a legitimate
      reason to restrict the reading of these values it would be better if normal
      users could fetch them.
      
      Cc: Julian Anastasov <ja@ssi.bg>
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NDebabrata Banerjee <dbanerje@akamai.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      388070fa
    • D
      team: fix releasing uninitialized pointer to BPF prog · 2b391ee2
      Daniel Borkmann 提交于
      Commit 34c5bd66 introduced the possibility that an
      uninitialized pointer on the stack (orig_fp) can call into
      sk_unattached_filter_destroy() when its value is non NULL.
      
      Before that commit orig_fp was only destroyed in the same
      block where it was assigned a valid BPF prog before. Fix it
      up by initializing it to NULL.
      
      Fixes: 34c5bd66 ("net: filter: don't release unattached filter through call_rcu()")
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Cc: Pablo Neira <pablo@netfilter.org>
      Cc: Alexei Starovoitov <ast@plumgrid.com>
      Cc: Jiri Pirko <jiri@resnulli.us>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2b391ee2
    • P
      netfilter: nf_tables: check for unset NFTA_SET_ELEM_LIST_ELEMENTS attribute · 7d5570ca
      Pablo Neira Ayuso 提交于
      Otherwise, the kernel oopses in nla_for_each_nested when iterating over
      the unset attribute NFTA_SET_ELEM_LIST_ELEMENTS in the
      nf_tables_{new,del}setelem() path.
      
      netlink: 65524 bytes leftover after parsing attributes in process `nft'.
      [...]
      Oops: 0000 [#1] SMP
      [...]
      CPU: 2 PID: 6287 Comm: nft Not tainted 3.16.0-rc2+ #169
      RIP: 0010:[<ffffffffa0526e61>]  [<ffffffffa0526e61>] nf_tables_newsetelem+0x82/0xec [nf_tables]
      [...]
      Call Trace:
       [<ffffffffa05178c4>] nfnetlink_rcv+0x2e7/0x3d7 [nfnetlink]
       [<ffffffffa0517939>] ? nfnetlink_rcv+0x35c/0x3d7 [nfnetlink]
       [<ffffffff8137d300>] netlink_unicast+0xf8/0x17a
       [<ffffffff8137d6a5>] netlink_sendmsg+0x323/0x351
      [...]
      
      Fix this by returning -EINVAL if this attribute is not set, which
      doesn't make sense at all since those commands are there to add and to
      delete elements from the set.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      7d5570ca
    • A
      netfilter: nfnetlink_acct: avoid using NFACCT_F_OVERQUOTA with bit helper functions · b6d04688
      Alexey Perevalov 提交于
      Bit helper functions were used for manipulation with NFACCT_F_OVERQUOTA,
      but they are accepting pit position, but not a bit mask. As a result
      not a third bit for NFACCT_F_OVERQUOTA was set, but forth. Such
      behaviour was dangarous and could lead to unexpected overquota report
      result.
      Signed-off-by: NAlexey Perevalov <a.perevalov@samsung.com>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      b6d04688
  2. 31 7月, 2014 32 次提交
  3. 30 7月, 2014 1 次提交