- 29 1月, 2008 40 次提交
-
-
由 Jan Engelhardt 提交于
Introduces the xt_CONNMARK target revision 1. It uses fixed types, and also uses the more expressive XOR logic. Futhermore, it allows to selectively pick bits from both the ctmark and the nfmark in the SAVE and RESTORE operations. Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jan Engelhardt 提交于
Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jan Engelhardt 提交于
Fix incorrect mask value passed to ipv4_change_dsfield/ipv6_change_dsfield. Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jan Engelhardt 提交于
This patch changes the behavior of xt_TOS v1 so that the mask value the user supplies means "zero out these bits" rather than "keep these bits". This is more easy on the user, as (I would assume) people keep more bits than zeroing, so, an example: Action: Set bit 0x01. before (&): iptables -j TOS --set-tos 0x01/0xFE after (&~): iptables -j TOS --set-tos 0x01/0x01 This is not too "tragic" with xt_TOS, but where larger fields are used (e.g. proposed xt_MARK v2), `--set-xmar 0x01/0x01` vs. `--set-xmark 0x01/0xFFFFFFFE` really makes a difference. Other target(!) modules, such as xt_TPROXY also use &~ rather than &, so let's get to a common ground. (Since xt_TOS has not yet left the development tree en direction to mainline, the semantic can be changed as proposed without breaking iptables.) Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jan Engelhardt 提交于
Commit 88c85d81f74f92371745158aebc5cbf490412002 forgot to remove the old ipt_TOS file (whose code has been merged into xt_DSCP). Remove it now. Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Patrick McHardy 提交于
Most of the netfilter modules are not considered experimental anymore, the only ones I want to keep marked as EXPERIMENTAL are: - TCPOPTSTRIP target, which is brand new. - SANE helper, which is quite new. - CLUSTERIP target, which I believe hasn't had much testing despite being in the kernel for quite a long time. - SCTP match and conntrack protocol, which are a mess and need to be reviewed and cleaned up before I would trust them. Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Patrick McHardy 提交于
Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Stephen Hemminger 提交于
Initialization of the slab cache's should be done when IP is initialized to make sure of available memory, and that code can be marked __init. Signed-off-by: NStephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Stephen Hemminger 提交于
Show number of entries in trie, the size field was being set but never used, but it only counted leaves, not all entries. Refactor the two cases in fib_triestat_seq_show into a single routine. Note: the stat structure was being malloc'd but the stack usage isn't so high (288 bytes) that it is worth the additional complexity. Signed-off-by: NStephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
fib_trie_seq_show() uses two helper functions, rtn_scope() and rtn_type() that can write to static storage without locking. Just pass to them a temporary buffer to avoid potential corruption (probably not triggerable but still...) Signed-off-by: NEric Dumazet <dada1@cosmosbay.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Denis V. Lunev 提交于
inet_confirm_addr can be called with NULL in_dev from arp_ignore iff scope is RT_SCOPE_LINK. Lets always pass the device and check for RT_SCOPE_LINK scope inside inet_confirm_addr. This let us take network namespace from in_device a need for an additional argument. Signed-off-by: NDenis V. Lunev <den@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Denis V. Lunev 提交于
arp_ignore has two arguments: dev & in_dev. dev is used for inet_confirm_addr calling only. inet_confirm_addr, in turn, either gets in_dev from the device passed or iterates over all network devices if the device passed is NULL. It seems logical to directly pass in_dev into inet_confirm_addr. Signed-off-by: NDenis V. Lunev <den@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Denis V. Lunev 提交于
Make them static. [ Moved the inline before, instead of after, call sites. -DaveM ] Signed-off-by: NDenis V. Lunev <den@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Denis V. Lunev 提交于
No need for this. It is declared in the neighbour.h Signed-off-by: NDenis V. Lunev <den@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Denis V. Lunev 提交于
Valid network device is always passed into neigh_param_alloc, so remove extra checking for dev == NULL. Additionally, cleanup bogus netns assignment. Signed-off-by: NDenis V. Lunev <den@openvz.org> Signed-off-by: NPavel Emelyanov <xemul@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Denis V. Lunev 提交于
fib_rules_unregister is called only after successful register and the return code is never checked. Signed-off-by: NDenis V. Lunev <den@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Denis V. Lunev 提交于
Some calls in the arp.c have network namespace as an argument. Getting init_net inside these functions is simply inconsistent. Fix this. Signed-off-by: NDenis V. Lunev <den@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Denis V. Lunev 提交于
The neighbour entry will be destroyed in the case of error, so it is pointless to perform constly routing table lookup in this case. Signed-off-by: NDenis V. Lunev <den@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Pavel Emelyanov 提交于
To do so, just register the proper subsystem and create files in ->init callbacks. No other special per-namespace handling for raw sockets is required. Signed-off-by: NPavel Emelyanov <xemul@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Pavel Emelyanov 提交于
Happily, in all the rest places (->bind callbacks only), that require the struct net, we have a socket, so get the net from it. Signed-off-by: NPavel Emelyanov <xemul@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Pavel Emelyanov 提交于
Pull the struct net pointer up to the showing functions to filter the sockets depending on their namespaces. Signed-off-by: NPavel Emelyanov <xemul@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Pavel Emelyanov 提交于
This requires just to pass the appropriate struct net pointer into __raw_v[46]_lookup and skip sockets that do not belong to a needed namespace. The proper net is get from skb->dev in all the cases. Signed-off-by: NPavel Emelyanov <xemul@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
If declared as unsigned short, these fields can overflow, and whole trie logic is broken. I could not make the machine crash, but some tnode can never be freed. Note for 64 bit arches : By reordering t_key and parent in [node, leaf, tnode] structures, we can use 32 bits hole after t_key so that sizeof(struct tnode) doesnt change after this patch. Signed-off-by: NEric Dumazet <dada1@cosmosbay.com> Signed-off-by: NRobert Olsson <robert.olsson@its.uu.se> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
net/ax25/ax25_route.c:251:13: warning: context imbalance in 'ax25_rt_seq_start' - wrong count at exit net/ax25/ax25_route.c:276:13: warning: context imbalance in 'ax25_rt_seq_stop' - unexpected unlock net/ax25/ax25_std_timer.c:65:25: warning: expensive signed divide net/ax25/ax25_uid.c:46:1: warning: symbol 'ax25_uid_list' was not declared. Should it be static? net/ax25/ax25_uid.c:146:13: warning: context imbalance in 'ax25_uid_seq_start' - wrong count at exit net/ax25/ax25_uid.c:169:13: warning: context imbalance in 'ax25_uid_seq_stop' - unexpected unlock net/ax25/af_ax25.c:573:28: warning: expensive signed divide net/ax25/af_ax25.c:1865:13: warning: context imbalance in 'ax25_info_start' - wrong count at exit net/ax25/af_ax25.c:1888:13: warning: context imbalance in 'ax25_info_stop' - unexpected unlock net/ax25/ax25_ds_timer.c:133:25: warning: expensive signed divide Signed-off-by: NEric Dumazet <dada1@cosmosbay.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
CHECK net/x25/af_x25.c net/x25/af_x25.c:117:46: warning: expensive signed divide CHECK net/x25/x25_facilities.c net/x25/x25_facilities.c:209:30: warning: expensive signed divide CHECK net/x25/x25_in.c net/x25/x25_in.c:250:26: warning: expensive signed divide CHECK net/x25/x25_proc.c net/x25/x25_proc.c:48:11: warning: context imbalance in 'x25_seq_route_start' - wrong count at exit net/x25/x25_proc.c:72:13: warning: context imbalance in 'x25_seq_route_stop' - unexpected unlock net/x25/x25_proc.c:112:11: warning: context imbalance in 'x25_seq_socket_start' - wrong count at exit net/x25/x25_proc.c:129:13: warning: context imbalance in 'x25_seq_socket_stop' - unexpected unlock net/x25/x25_proc.c:190:11: warning: context imbalance in 'x25_seq_forward_start' - wrong count at exit net/x25/x25_proc.c:215:13: warning: context imbalance in 'x25_seq_forward_stop' - unexpected unlock CHECK net/x25/x25_subr.c net/x25/x25_subr.c:362:57: warning: expensive signed divide Signed-off-by: NEric Dumazet <dada1@cosmosbay.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
tnode_alloc() already clears allocated memory, using kcalloc() or alloc_pages(GFP_KERNEL|__GFP_ZERO, ...) Signed-off-by: NEric Dumazet <dada1@cosmosbay.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
Realign struct members. Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
alg_key_len is currently defined as 'signed int'. This unfortunatly leads to integer divides in several paths. Converting it to unsigned is safe and saves 208 bytes of text on i386. Signed-off-by: NEric Dumazet <dada1@cosmosbay.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ilpo Järvinen 提交于
Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ilpo Järvinen 提交于
Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
In struct tnode, we use two fields of 5 bits for 'pos' and 'bits'. Switching to plain 'unsigned char' (8 bits) take the same space because of compiler alignments, and reduce text size by 435 bytes on i386. On i386 : $ size net/ipv4/fib_trie.o.before_patch net/ipv4/fib_trie.o text data bss dec hex filename 13714 4 64 13782 35d6 net/ipv4/fib_trie.o.before 13279 4 64 13347 3423 net/ipv4/fib_trie.o Signed-off-by: NEric Dumazet <dada1@cosmosbay.com> Acked-by: NStephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ilpo Järvinen 提交于
net/netfilter/xt_policy.c: policy_mt | -906 1 function changed, 906 bytes removed, diff: -906 net/netfilter/xt_policy.c: match_xfrm_state | +427 1 function changed, 427 bytes added, diff: +427 net/netfilter/xt_policy.o: 2 functions changed, 427 bytes added, 906 bytes removed, diff: -479 Alternatively, this could be done by combining identical parts of the match_policy_in/out() Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Stephen Hemminger 提交于
Make FIB TRIE go through sparse checker without warnings. Signed-off-by: NStephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Stephen Hemminger 提交于
The FIB TRIE code has a bunch of statistics, but the code is hidden behind an ifdef that was never implemented. Since it was dead code, it was broken as well. This patch fixes that by making it a config option. Signed-off-by: NStephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Stephen Hemminger 提交于
printk related cleanups: * Get rid of unused printk wrappers. * Make bug checks into KERN_WARNING because KERN_DEBUG gets ignored * Turn one cryptic old message into something real * Make sure all messages have KERN_XXX Signed-off-by: NStephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Stephen Hemminger 提交于
The only error from fib_insert_node is if memory allocation fails, so instead of passing by reference, just use the convention of returning NULL. Signed-off-by: NStephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Stephen Hemminger 提交于
Use %u instead of %d when printing unsigned values. Signed-off-by: NStephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Stephen Hemminger 提交于
The revision element must of been part of an earlier design, because currently it is set but never used. Signed-off-by: NStephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Stephen Hemminger 提交于
trie_init is worthless it is just zeroing stuff that is already zero! Move the memset() down to make it obvious. Signed-off-by: NStephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-