When I made the inetdev_init call work on all devices I incorrectly
left in the panic call as well.  It is obviously undesirable to
panic on an allocation failure for a normal network device.  This
patch moves the panic call under the loopback if clause.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

A time_wait socket inherits sk_bound_dev_if from the original socket,
but it is not used when sending ACK packets using ip_send_reply.

Fix by passing the oif to ip_send_reply in struct ip_reply_arg and
use it for output routing.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Currently when icmp_errors_use_inbound_ifaddr is set and an ICMP error is
sent after the packet passed through ip_output(), an address from the
outgoing interface is chosen as ICMP source address since skb->dev doesn't
point to the incoming interface anymore.

Fix this by doing an interface lookup on rt->dst.iif and using that device.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NWei Dong <weidong@cn.fujitsu.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This isn't a bug just yet as only TCP uses sk_setup_caps for GSO.
However, if and when UDP or something else starts using it this is
likely to cause a problem if we forget to add software emulation
for it at the same time.

The problem is that right now we translate GSO emulation to the
bitmask NETIF_F_GSO_MASK, which includes every protocol, even
ones that we cannot emulate.

This patch makes it provide only the ones that we can emulate.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The code used to ignore GSO completely, passing either way too
small or zero pkts_acked when GSO skb or part of it got ACKed.
In addition, there is no need to calculate the value in the loop
but simple arithmetics after the loop is sufficient. There is
no need to handle SYN case specially because congestion control
modules are not yet initialized when FLAG_SYN_ACKED is set.
Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Recent gcc versions emit warnings when unsigned variables are
compared < 0 or >= 0.
Signed-off-by: NBill Nottingham <notting@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

round_jiffies for net dev watchdog timer.
Signed-off-by: NVenkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This diff changes the default port range used for outgoing connections,
from "use 32768-61000 in most cases, but use N-4999 on small boxes
(where N is a multiple of 1024, depending on just *how* small the box
is)" to just "use 32768-61000 in all cases".

I don't believe there are any drawbacks to this change, and it keeps
outgoing connection ports farther away from the mess of
IANA-registered ports.
Signed-off-by: NMark Glines <mark@glines.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Based upon an excellent bug report and initial patch by
Frederik Deweerdt.

The UNIX datagram connect code blindly dereferences other->sk_socket
via the call down to the security_unix_may_send() function.

Without locking 'other' that pointer can go NULL via unix_release_sock()
which does sock_orphan() which also marks the socket SOCK_DEAD.

So we have to lock both 'sk' and 'other' yet avoid all kinds of
potential deadlocks (connect to self is OK for datagram sockets and it
is possible for two datagram sockets to perform a simultaneous connect
to each other).  So what we do is have a "double lock" function similar
to how we handle this situation in other areas of the kernel.  We take
the lock of the socket pointer with the smallest address first in
order to avoid ABBA style deadlocks.

Once we have them both locked, we check to see if SOCK_DEAD is set
for 'other' and if so, drop everything and retry the lookup.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The unix_state_*() locking macros imply that there is some
rwlock kind of thing going on, but the implementation is
actually a spinlock which makes the code more confusing than
it needs to be.

So use plain unix_state_lock and unix_state_unlock.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The interface for network device VLAN extension was confusing.
The kill_vid function is only really useful for devices that do
hardware filtering. Devices that only do VLAN receiption without
filtering were being forced to provide the hook, and there were
bugs in those devices.

Many drivers had kill_vid routine that called vlan_group_set_device, with
NULL, but that is done already.
Signed-off-by: NStephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: NJeff Garzik <jeff@garzik.org>

Peroidic STP timers don't have to be exact.  The hold timer runs at
1HZ, and the hello timer normally runs at 2HZ; save power by aligning
it them to next second.
Signed-off-by: NStephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The bridge cleanup timer is fired 10 times a second for timers that
are at least 15 seconds ahead in time and that are not critical to be
cleaned asap.

This patch calculates the next time to run the timer as the minimum of
all timers or a minimum based on the current state.
Signed-off-by: NBaruch Even <baruch@ev-en.org>
Signed-off-by: NStephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The function in tcp_probe is printf like, use GCC to check the args.
Sighed-off-by: NStephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Just a fix to correct the number of printl arguments. Now, srtt is
logging correctly.
Signed-off-by: NSangtae Ha <sangtae.ha@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

tcp_out_of_resources() and tcp_close() perform the
same checking of number of orphan sockets. Move this
code into common place.
Signed-off-by: NPavel Emelianov <xemul@openvz.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Always set, but af_packet.c, not by the Kconfig subsystem, so
just get rid of it.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

net/ipv6/ip6_fib.c: In function ‘fib6_add_rt2node’:
net/ipv6/ip6_fib.c:661: warning: label ‘out’ defined but not used
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

It is unconditionally set by af_packet.c, not by the Kconfig
subsystem, so just kill it off.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NKazunori MIYAZAWA <kazunori@miyazawa.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

in4_pton converts a textual representation of an ip4 address
into an integer representation. However, when the textual representation
is of in the form ip:port, e.g. 192.168.1.1:5060, and 'delim' is set to
-1, the function bails out with an error when reading the colon.

It makes sense to allow the colon as a delimiting character without
explicitly having to set it through the 'delim' variable as there can be
no ambiguity in the point where the ip address is completely parsed. This
function is indeed called from nf_conntrack_sip.c in this way to parse
textual ip:port combinations which fails due to the reason stated above.
Signed-off-by: NJerome Borsboom <j.borsboom@erasmusmc.nl>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

We do not need to handle ::/0 routes specially any longer.
This should fix BUG #8349.
Signed-off-by: NYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: NYuji Sekiya <sekiya@wide.ad.jp>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NKazunori MIYAZAWA <miyazawa@linux-ipv6.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This patch adds missing NULL check and trims a line longer than 80 columns.

Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: Joe Jezak <josejx@gentoo.org>
Cc: Daniel Drake <dsd@gentoo.org>
Signed-off-by: NAkinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Fix error message:
Unable to network device. --> Unable to allocate network device.

Cc: James Ketrenos <jketreno@linux.intel.com>
Signed-off-by: NAkinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

avoid sdata null pointer dereference in ieee80211_ibss_add_sta.
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

ieee80211_open should always set the carrier status since we may have set
it to off before.
Signed-off-by: NMichael Wu <flamingice@sourmilk.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

We forget to free all the fragments when defraging them into one packet.
Signed-off-by: NHong Liu <hong.liu@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Some APs have strict checking between associate and reassociate. In
a case when an AP is restarted during a connection, it denies the
mac80211 reassoc request since this is a new association for the AP.
To fix this problem, we need to check the status code against
WLAN_STATUS_REASSOC_NO_ASSOC and clear ifsta->prev_bssid_set in
handling the association failure response.
Signed-off-by: NZhu Yi <yi.zhu@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The current IPSEC rule resolution behavior we have does not work for a
lot of people, even though technically it's an improvement from the
-EAGAIN buisness we had before.

Right now we'll block until the key manager resolves the route.  That
works for simple cases, but many folks would rather packets get
silently dropped until the key manager resolves the IPSEC rules.

We can't tell these folks to "set the socket non-blocking" because
they don't have control over the non-block setting of things like the
sockets used to resolve DNS deep inside of the resolver libraries in
libc.

With that in mind I coded up the patch below with some help from
Herbert Xu which provides packet-drop behavior during larval state
resolution, controllable via sysctl and off by default.

This lays the framework to either:

1) Make this default at some point or...

2) Move this logic into xfrm{4,6}_policy.c and implement the
   ARP-like resolution queue we've all been dreaming of.
   The idea would be to queue packets to the policy, then
   once the larval state is resolved by the key manager we
   re-resolve the route and push the packets out.  The
   packets would timeout if the rule didn't get resolved
   in a certain amount of time.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

sys_setsockopt() do not check properly timeout values for
SO_RCVTIMEO/SO_SNDTIMEO, for example it's possible to set negative timeout
values. POSIX do not defines behaviour for sys_setsockopt in case negative
timeouts, but requires that setsockopt() shall fail with -EDOM if the send and
receive timeout values are too big to fit into the timeout fields in the socket
structure.
In current implementation negative timeout can lead to error messages like
"schedule_timeout: wrong timeout value".

Proposed patch:
- checks tv_usec and returns -EDOM if it is wrong
- do not allows to set negative timeout values (sets 0 instead) and outputs
ratelimited information message about such attempts.
Signed-off-By: NVasily Averin <vvs@sw.ru>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

They're the same.
Signed-off-by: NJing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Add missing process of T.120 address in OpenLogicalChannelAck signal.
Signed-off-by: NJing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

According to the implementation of H.323, it's not necessary to check
the addresses in Information signals.
Signed-off-by: NJing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Update get_h225_addr() to meet the changes in ASN.1 types. It was using
field ip6 to access IPv6 TransportAddress, it should be ip according the
ASN.1 definition.
Signed-off-by: NJing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

1. Add support for decoding IPv6 address. I know it was manually added in
   the header file, but not in the template file. That wouldn't work.
2. Add missing support for decoding T.120 address in OLCA.
3. Remove unnecessary decoding of Information signal.
Signed-off-by: NJing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>