- 15 4月, 2008 3 次提交
-
-
由 Allan Stephens 提交于
This patch allows a stream socket to receive data from multiple TIPC messages in its receive queue, without requiring the use of the MSG_WAITALL flag. Acknowledgements to Florian Westphal <fw-tipc@strlen.de> for identifying this issue and suggesting how to correct it. Signed-off-by: NAllan Stephens <allan.stephens@windriver.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Allan Stephens 提交于
This patch optimizes the receive path for SOCK_DGRAM and SOCK_RDM messages by skipping over code that handles connection-based flow control. Signed-off-by: NAllan Stephens <allan.stephens@windriver.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Denis V. Lunev 提交于
When CONFIG_SECURITY_NETWORK_XFRM is undefined the following warnings appears: net/xfrm/xfrm_user.c: In function 'xfrm_add_pol_expire': net/xfrm/xfrm_user.c:1576: warning: 'ctx' may be used uninitialized in this function net/xfrm/xfrm_user.c: In function 'xfrm_get_policy': net/xfrm/xfrm_user.c:1340: warning: 'ctx' may be used uninitialized in this function (security_xfrm_policy_alloc is noop for the case). It seems that they are result of the commit 03e1ad7b ("LSM: Make the Labeled IPsec hooks more stack friendly") Signed-off-by: NDenis V. Lunev <den@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 14 4月, 2008 37 次提交
-
-
由 YOSHIFUJI Hideaki 提交于
Signed-off-by: NYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 YOSHIFUJI Hideaki 提交于
And use %u to format port. Signed-off-by: NYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Pavel Emelyanov 提交于
I was asked about "why don't we perform a sk_net filtering in bind_conflict calls, like we do in other sock lookup places" for a couple of times. Can we please add a comment about why we do not need one? Signed-off-by: NPavel Emelyanov <xemul@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Pavel Emelyanov 提交于
These sockets now have a bit other names and are no longer global. Shame on me, I haven't provided a good comment for this when sending DCCP netnsization patches. Signed-off-by: NPavel Emelyanov <xemul@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
Conflicts: drivers/net/ehea/ehea_main.c drivers/net/wireless/iwlwifi/Kconfig drivers/net/wireless/rt2x00/rt61pci.c net/ipv4/inet_timewait_sock.c net/ipv6/raw.c net/mac80211/ieee80211_sta.c
-
由 Patrick McHardy 提交于
The expectation classes changed help->expectations to an array, fix use as scalar value. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Peter Warasin 提交于
This patch adds the ebtables nflog watcher to the kernel in order to allow ebtables log through the nfnetlink_log backend. Signed-off-by: NPeter Warasin <peter@endian.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
Directly call IPv4 and IPv6 variants where the address family is easily known. Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
These functions are never called. Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Add accessors for l3num and protonum and get rid of some overly long expressions. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Invalid states can cause out-of-bound memory accesses of the state table. Also don't insist on having a new state contained in the netlink message. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Connection tracking helpers (specifically FTP) need to be called before NAT sequence numbers adjustments are performed to be able to compare them against previously seen ones. We've introduced two new hooks around 2.6.11 to maintain this ordering when NAT modules were changed to get called from conntrack helpers directly. The cost of netfilter hooks is quite high and sequence number adjustments are only rarely needed however. Add a RCU-protected sequence number adjustment function pointer and call it from IPv4 conntrack after calling the helper. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
New extensions may only be added to unconfirmed conntracks to avoid races when reallocating the storage. Also change NF_CT_ASSERT to use WARN_ON to get backtraces. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Adding extensions to confirmed conntracks is not allowed to avoid races on reallocation. Don't setup NAT for confirmed conntracks in case NAT module is loaded late. The has one side-effect, the connections existing before the NAT module was loaded won't enter the bysource hash. The only case where this actually makes a difference is in case of SNAT to a multirange where the IP before NAT is also part of the range. Since old connections don't enter the bysource hash the first new connection from the IP will have a new address selected. This shouldn't matter at all. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Locally generated ICMP packets have a reference to the conntrack entry of the original packet manually attached by icmp_send(). Therefore the check for locally originated untracked ICMP redirects can never be true. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Add DCCP conntrack helper. Thanks to Gerrit Renker <gerrit@erg.abdn.ac.uk> for review and testing. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Move the UDP-Lite conntrack checksum validation to a generic helper similar to nf_checksum() and make it fall back to nf_checksum() in case the full packet is to be checksummed and hardware checksums are available. This is to be used by DCCP conntrack, which also needs to verify partial checksums. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Move responsibility for setting the IP_NAT_RANGE_PROTO_SPECIFIED flag to the NAT protocol, properly propagate errors and get rid of ugly return value convention. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Move to nf_nat_proto_common and rename to nf_nat_proto_... since they're also used by protocols that don't have port numbers. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
The port rover should not get overwritten when using random mode, otherwise other rules will also use more or less random ports. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Add generic ->in_range and ->unique_tuple ops to avoid duplicating them again and again for future NAT modules and save a few bytes of text: net/ipv4/netfilter/nf_nat_proto_tcp.c: tcp_in_range | -62 (removed) tcp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0 2 functions changed, 321 bytes removed net/ipv4/netfilter/nf_nat_proto_udp.c: udp_in_range | -62 (removed) udp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0 2 functions changed, 321 bytes removed net/ipv4/netfilter/nf_nat_proto_gre.c: gre_in_range | -62 (removed) 1 function changed, 62 bytes removed vmlinux: 5 functions changed, 704 bytes removed Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Rule dumping is performed in two steps: first userspace gets the ruleset size using getsockopt(SO_GET_INFO) and allocates memory, then it calls getsockopt(SO_GET_ENTRIES) to actually dump the ruleset. When another process changes the ruleset in between the sizes from the first getsockopt call doesn't match anymore and the kernel aborts. Unfortunately it returns EAGAIN, as for multiple other possible errors, so userspace can't distinguish this case from real errors. Return EAGAIN so userspace can retry the operation. Fixes (with current iptables SVN version) netfilter bugzilla #104. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Patrick McHardy 提交于
Some callers pass uninitialized structures, clear the address to make sure later comparisions work properly. Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Jan Engelhardt 提交于
Signed-off-by: NJan Engelhardt <jengelh@computergmbh.de> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-