1. 22 8月, 2011 3 次提交
  2. 07 8月, 2011 1 次提交
    • D
      net: Compute protocol sequence numbers and fragment IDs using MD5. · 6e5714ea
      David S. Miller 提交于
      Computers have become a lot faster since we compromised on the
      partial MD4 hash which we use currently for performance reasons.
      
      MD5 is a much safer choice, and is inline with both RFC1948 and
      other ISS generators (OpenBSD, Solaris, etc.)
      
      Furthermore, only having 24-bits of the sequence number be truly
      unpredictable is a very serious limitation.  So the periodic
      regeneration and 8-bit counter have been removed.  We compute and
      use a full 32-bit sequence number.
      
      For ipv6, DCCP was found to use a 32-bit truncated initial sequence
      number (it needs 43-bits) and that is fixed here as well.
      Reported-by: NDan Kaminsky <dan@doxpara.com>
      Tested-by: NWilly Tarreau <w@1wt.eu>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6e5714ea
  3. 05 8月, 2011 4 次提交
    • M
      ipv6: check for IPv4 mapped addresses when connecting IPv6 sockets · c15fea2d
      Max Matveev 提交于
      When support for binding to 'mapped INADDR_ANY (::ffff.0.0.0.0)' was added
      in 0f8d3c7a the rest of the code
      wasn't told so now it's possible to bind IPv6 datagram socket to
      ::ffff.0.0.0.0, connect it to another IPv4 address and it will all
      work except for getsockhame() which does not return the local address
      as expected.
      
      To give getsockname() something to work with check for 'mapped INADDR_ANY'
      when connecting and update the in-core source addresses appropriately.
      Signed-off-by: NMax Matveev <makc@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c15fea2d
    • T
      net: Fix security_socket_sendmsg() bypass problem. · c71d8ebe
      Tetsuo Handa 提交于
      The sendmmsg() introduced by commit 228e548e "net: Add sendmmsg socket system
      call" is capable of sending to multiple different destination addresses.
      
      SMACK is using destination's address for checking sendmsg() permission.
      However, security_socket_sendmsg() is called for only once even if multiple
      different destination addresses are passed to sendmmsg().
      
      Therefore, we need to call security_socket_sendmsg() for each destination
      address rather than only the first destination address.
      
      Since calling security_socket_sendmsg() every time when only single destination
      address was passed to sendmmsg() is a waste of time, omit calling
      security_socket_sendmsg() unless destination address of previous datagram and
      that of current datagram differs.
      Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Acked-by: NAnton Blanchard <anton@samba.org>
      Cc: stable <stable@kernel.org> [3.0+]
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c71d8ebe
    • A
      net: Cap number of elements for sendmmsg · 98382f41
      Anton Blanchard 提交于
      To limit the amount of time we can spend in sendmmsg, cap the
      number of elements to UIO_MAXIOV (currently 1024).
      
      For error handling an application using sendmmsg needs to retry at
      the first unsent message, so capping is simpler and requires less
      application logic than returning EINVAL.
      Signed-off-by: NAnton Blanchard <anton@samba.org>
      Cc: stable <stable@kernel.org> [3.0+]
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      98382f41
    • A
      net: sendmmsg should only return an error if no messages were sent · 728ffb86
      Anton Blanchard 提交于
      sendmmsg uses a similar error return strategy as recvmmsg but it
      turns out to be a confusing way to communicate errors.
      
      The current code stores the error code away and returns it on the next
      sendmmsg call. This means a call with completely valid arguments could
      get an error from a previous call.
      
      Change things so we only return an error if no datagrams could be sent.
      If less than the requested number of messages were sent, the application
      must retry starting at the first failed one and if the problem is
      persistent the error will be returned.
      
      This matches the behaviour of other syscalls like read/write - it
      is not an error if less than the requested number of elements are sent.
      Signed-off-by: NAnton Blanchard <anton@samba.org>
      Cc: stable <stable@kernel.org> [3.0+]
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      728ffb86
  4. 03 8月, 2011 1 次提交
  5. 02 8月, 2011 4 次提交
  6. 01 8月, 2011 2 次提交
  7. 29 7月, 2011 2 次提交
  8. 28 7月, 2011 3 次提交
    • N
      net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared · 550fd08c
      Neil Horman 提交于
      After the last patch, We are left in a state in which only drivers calling
      ether_setup have IFF_TX_SKB_SHARING set (we assume that drivers touching real
      hardware call ether_setup for their net_devices and don't hold any state in
      their skbs.  There are a handful of drivers that violate this assumption of
      course, and need to be fixed up.  This patch identifies those drivers, and marks
      them as not being able to support the safe transmission of skbs by clearning the
      IFF_TX_SKB_SHARING flag in priv_flags
      Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
      CC: Karsten Keil <isdn@linux-pingi.de>
      CC: "David S. Miller" <davem@davemloft.net>
      CC: Jay Vosburgh <fubar@us.ibm.com>
      CC: Andy Gospodarek <andy@greyhouse.net>
      CC: Patrick McHardy <kaber@trash.net>
      CC: Krzysztof Halasa <khc@pm.waw.pl>
      CC: "John W. Linville" <linville@tuxdriver.com>
      CC: Greg Kroah-Hartman <gregkh@suse.de>
      CC: Marcel Holtmann <marcel@holtmann.org>
      CC: Johannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      550fd08c
    • N
      net: add IFF_SKB_TX_SHARED flag to priv_flags · d8873315
      Neil Horman 提交于
      Pktgen attempts to transmit shared skbs to net devices, which can't be used by
      some drivers as they keep state information in skbs.  This patch adds a flag
      marking drivers as being able to handle shared skbs in their tx path.  Drivers
      are defaulted to being unable to do so, but calling ether_setup enables this
      flag, as 90% of the drivers calling ether_setup touch real hardware and can
      handle shared skbs.  A subsequent patch will audit drivers to ensure that the
      flag is set properly
      Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
      Reported-by: NJiri Pirko <jpirko@redhat.com>
      CC: Robert Olsson <robert.olsson@its.uu.se>
      CC: Eric Dumazet <eric.dumazet@gmail.com>
      CC: Alexey Dobriyan <adobriyan@gmail.com>
      CC: David S. Miller <davem@davemloft.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d8873315
    • E
      net: sock_sendmsg_nosec() is static · 894dc24c
      Eric Dumazet 提交于
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      CC: Anton Blanchard <anton@samba.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      894dc24c
  9. 27 7月, 2011 5 次提交
  10. 26 7月, 2011 6 次提交
  11. 24 7月, 2011 3 次提交
  12. 23 7月, 2011 6 次提交