- 14 5月, 2011 17 次提交
-
-
由 Vasiliy Kulikov 提交于
This patch adds IPPROTO_ICMP socket kind. It makes it possible to send ICMP_ECHO messages and receive the corresponding ICMP_ECHOREPLY messages without any special privileges. In other words, the patch makes it possible to implement setuid-less and CAP_NET_RAW-less /bin/ping. In order not to increase the kernel's attack surface, the new functionality is disabled by default, but is enabled at bootup by supporting Linux distributions, optionally with restriction to a group or a group range (see below). Similar functionality is implemented in Mac OS X: http://www.manpagez.com/man/4/icmp/ A new ping socket is created with socket(PF_INET, SOCK_DGRAM, PROT_ICMP) Message identifiers (octets 4-5 of ICMP header) are interpreted as local ports. Addresses are stored in struct sockaddr_in. No port numbers are reserved for privileged processes, port 0 is reserved for API ("let the kernel pick a free number"). There is no notion of remote ports, remote port numbers provided by the user (e.g. in connect()) are ignored. Data sent and received include ICMP headers. This is deliberate to: 1) Avoid the need to transport headers values like sequence numbers by other means. 2) Make it easier to port existing programs using raw sockets. ICMP headers given to send() are checked and sanitized. The type must be ICMP_ECHO and the code must be zero (future extensions might relax this, see below). The id is set to the number (local port) of the socket, the checksum is always recomputed. ICMP reply packets received from the network are demultiplexed according to their id's, and are returned by recv() without any modifications. IP header information and ICMP errors of those packets may be obtained via ancillary data (IP_RECVTTL, IP_RETOPTS, and IP_RECVERR). ICMP source quenches and redirects are reported as fake errors via the error queue (IP_RECVERR); the next hop address for redirects is saved to ee_info (in network order). socket(2) is restricted to the group range specified in "/proc/sys/net/ipv4/ping_group_range". It is "1 0" by default, meaning that nobody (not even root) may create ping sockets. Setting it to "100 100" would grant permissions to the single group (to either make /sbin/ping g+s and owned by this group or to grant permissions to the "netadmins" group), "0 4294967295" would enable it for the world, "100 4294967295" would enable it for the users, but not daemons. The existing code might be (in the unlikely case anyone needs it) extended rather easily to handle other similar pairs of ICMP messages (Timestamp/Reply, Information Request/Reply, Address Mask Request/Reply etc.). Userspace ping util & patch for it: http://openwall.info/wiki/people/segoon/ping For Openwall GNU/*/Linux it was the last step on the road to the setuid-less distro. A revision of this patch (for RHEL5/OpenVZ kernels) is in use in Owl-current, such as in the 2011/03/12 LiveCD ISOs: http://mirrors.kernel.org/openwall/Owl/current/iso/ Initially this functionality was written by Pavel Kankovsky for Linux 2.4.32, but unfortunately it was never made public. All ping options (-b, -p, -Q, -R, -s, -t, -T, -M, -I), are tested with the patch. PATCH v3: - switched to flowi4. - minor changes to be consistent with raw sockets code. PATCH v2: - changed ping_debug() to pr_debug(). - removed CONFIG_IP_PING. - removed ping_seq_fops.owner field (unused for procfs). - switched to proc_net_fops_create(). - switched to %pK in seq_printf(). PATCH v1: - fixed checksumming bug. - CAP_NET_RAW may not create icmp sockets anymore. RFC v2: - minor cleanups. - introduced sysctl'able group range to restrict socket(2). Signed-off-by: NVasiliy Kulikov <segoon@openwall.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 KOSAKI Motohiro 提交于
Adapt new API. Signed-off-by: NKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ursula Braun 提交于
-Wunused-but-set-variable generates compile warnings. The affected variables are removed. Signed-off-by: NUrsula Braun <ursula.braun@de.ibm.com> Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ursula Braun 提交于
-Wunused-but-set-variable generates a compile warning. The affected variable is removed. Signed-off-by: NUrsula Braun <ursula.braun@de.ibm.com> Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ursula Braun 提交于
-Wunused-but-set-variable generates compile warnings. The affected variables are removed. Signed-off-by: NUrsula Braun <ursula.braun@de.ibm.com> Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Heiko Carstens 提交于
-Wunused-but-set-variable generates a compile warning for lcs' tasklet function. Invoked functions contain already error handling; thus additional return code checking is not needed here. Signed-off-by: NHeiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Heiko Carstens 提交于
Remove unused return code handling. The claw driver is mostly dead, so just make sure it keeps compiling without warnings. Signed-off-by: NHeiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Sebastian Ott 提交于
Fill in the owner of qeth's ccw device driver. Signed-off-by: NSebastian Ott <sebott@linux.vnet.ibm.com> Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Frank Blaschka 提交于
This patch improves FFDC (first failure data capture) by requesting a hardware trace in case the device driver, the hardware or a user detects an error. Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Frank Blaschka 提交于
Set rx csum default to hw checksumming again. Remove sysfs interface for rx csum (checksumming) and TSO (large_send). With the new hw_features it does not work to keep the old sysfs interface in parallel. Convert options.checksum_type to new hw_features. Signed-off-by: NFrank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Anirban Chakraborty 提交于
Update driver version number Signed-off-by: NAnirban Chakraborty <anirban.chakraborty@qlogic.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Anirban Chakraborty 提交于
Driver checks if the previous dump has been cleared before taking the dump. It doesn't take the dump if it is not cleared. Changes from v2: Added lock to protect dump data structures from being mangled while dumping or setting them via ethtool. Signed-off-by: NAnirban Chakraborty <anirban.chakraborty@qlogic.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Anirban Chakraborty 提交于
Added code to take FW dump. o Driver queries FW at the init time and gets the dump template o It takes FW dump as per the dump template o Level of FW dump (and its size) is configured via dump flag Signed-off-by: NSritej Velaga <sritej.velaga@qlogic.com> Signed-off-by: NAnirban Chakraborty <anirban.chakraborty@qlogic.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Sathya Perla 提交于
Sending mbox cmds require multiple steps of writing to the DB register and polling for an ack. Gettting interrupted in the middle by a signal breaks the mbox protocol. Use msleep() to not get interrupted. Signed-off-by: NSathya Perla <sathya.perla@emulex.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Sathya Perla 提交于
If waiting on POST returns prematurely (due to a signal), abort polling and return an error. Signed-off-by: NSathya Perla <sathya.perla@emulex.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Anirban Chakraborty 提交于
Added code to take FW dump via ethtool. Dump level can be controlled via setting the dump flag. A get function is provided to query the current setting of the dump flag. Dump data is obtained from the driver via a separate get function. Changes from v3: Fixed buffer length issue in ethtool_get_dump_data function. Updated kernel doc for ethtool_dump struct and get_dump_flag function. Changes from v2: Provided separate commands for get flag and data. Check for minimum of the two buffer length obtained via ethtool and driver and use that for dump buffer Pass up the driver return error codes up to the caller. Added kernel doc comments. Signed-off-by: NAnirban Chakraborty <anirban.chakraborty@qlogic.com> Reviewed-by: NBen Hutchings <bhutchings@solarflare.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Joe Perches 提交于
Save a bit of space. Signed-off-by: NJoe Perches <joe@perches.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 13 5月, 2011 21 次提交
-
-
由 David S. Miller 提交于
I swear none of my compilers warned about this, yet it is so obvious. > net/ipv4/ip_forward.c: In function 'ip_forward': > net/ipv4/ip_forward.c:87: warning: 'iph' may be used uninitialized in this function Reported-by: NStephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
-
由 David S. Miller 提交于
No matter what kind of header mangling occurs due to IP options processing, rt->rt_dst will always equal iph->daddr in the packet. So we can safely use iph->daddr instead of rt->rt_dst here. Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
We already copy the 4-byte nexthop from the options block into local variable "nexthop" for the route lookup. Re-use that variable instead of memcpy()'ing again when assigning to iph->daddr after the route lookup succeeds. Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
All call sites conditionalize the call to ip_options_rcv_srr() with a check of opt->srr, so no need to check it again there. Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Michał Mirosław 提交于
This should also fix updating of vlan_features and propagating changes to VLAN devices on the bond. Side effect: it allows user to force-disable some offloads on the bond interface. Note: NETIF_F_VLAN_CHALLENGED is managed by bond_fix_features() now. Signed-off-by: NMichał Mirosław <mirq-linux@rere.qmqm.pl> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Michał Mirosław 提交于
It will be needed by bonding and other drivers changing vlan_features after ndo_init callback. As a bonus, this includes kernel-doc for netdev_update_features(). Signed-off-by: NMichał Mirosław <mirq-linux@rere.qmqm.pl> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Alexey Orishko 提交于
Changes: - while making NTB, driver shall check if device dwNtbOutMaxSize is higher than host value and shall add a short packet if this is the case - previous temporary patch for this issue is replaced by this one Signed-off-by: NAlexey Orishko <alexey.orishko@stericsson.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Julian Anastasov 提交于
Remove all remaining references to rt->rt_{src,dst} by using dest->dst_saddr to cache saddr (used for TUN mode). For ICMP in FORWARD hook just restrict the rt_mode for NAT to disable LOCALNODE. All other modes do not allow IP_VS_RT_MODE_RDR, so we should be safe with the ICMP forwarding. Using cp->daddr as replacement for rt_dst is safe for all modes except BYPASS, even when cp->dest is NULL because it is cp->daddr that is used to assign cp->dest for sync-ed connections. Signed-off-by: NJulian Anastasov <ja@ssi.bg> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
We can simply track what destination address is used based upon which code block is taken at the top of the function. Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
[ Add some cases I missed, from Julian Anastasov ] Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Mahesh Bandewar 提交于
This patch adds tg3_set_features() to handle loopback mode. Currently the capability is added for the devices which support internal MAC loopback mode. So when enabled, it enables internal-MAC loopback. Signed-off-by: NMahesh Bandewar <maheshb@google.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Amit Virdi 提交于
use tty_insert_flip_string and tty_flip_buffer_push to deliver incoming data packets from the IrDA device instead of delivering the packets directly to the line discipline. Following later approach resulted in warning "Sleeping function called from invalid context". Signed-off-by: NAmit Virdi <amit.virdi@st.com> Acked-by: NAlan Cox <alan@linux.intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Yi Zou 提交于
Michał Mirosław's patch (http://patchwork.ozlabs.org/patch/94421/) fixes the issue (http://patchwork.ozlabs.org/patch/94188/) about not populating FCoE related flags correctly on vlan devices. However, only NETIF_F_FCOE_CRC is part of the NETIF_F_ALL_TX_OFFLOADS right now, where weed NETIF_F_FCOE_MTU and NETIF_F_FSO as well. Therefore, add NETIF_F_ALL_FCOE to indicate feature flags used by FCoE TX offloads. These include NETIF_F_FCOE_CRC, NETIF_F_FCOE_MTU, and NETIF_F_FSO and add them to be part of NETIF_F_ALL_TX_OFFLOADS. This would eventually make sure all FCoE needed flags are populated properly to vlan devices. Signed-off-by: NYi Zou <yi.zou@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Michał Mirosław 提交于
Fix VLAN features propagation for devices which change vlan_features. For this to work, driver needs to make sure netdev_features_changed() gets called after the change (it is e.g. after ndo_set_features()). Side effect is that a user might request features that will never be enabled on a VLAN device. Signed-off-by: NMichał Mirosław <mirq-linux@rere.qmqm.pl> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Franco Fichtner 提交于
The issue was introduced in commit eed2a12f. Signed-off-by: NFranco Fichtner <franco@lastsummer.de> Acked-by: NMichał Mirosław <mirq-linux@rere.qmqm.pl> Acked-by: NBen Hutchings <bhutchings@solarflare.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
When removing last vlan from a device, garp_uninit_applicant() calls synchronize_rcu() to make sure no user can still manipulate struct garp_applicant before we free it. Use call_rcu() instead, as a step to further net_device dismantle optimizations. Add the temporary garp_cleanup_module() function to make sure no pending call_rcu() are left at module unload time [ this will be removed when kfree_rcu() is available ] Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Shreyas Bhatewara 提交于
Resending this patch with few changes. Avoid multiple queues when MSI or MSI-X not available Limit number of Tx queues to 1 if MSI/MSI-X support is not configured in the kernel. This will make number of tx and rx queues equal when MSI/X is not configured thus providing better performance. Signed-off-by: NBhavesh Davda <bhavesh@vmware.com> Signed-off-by: NShreyas N Bhatewara <sbhatewara@vmware.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Joe Perches 提交于
It's already known non-null above. Signed-off-by: NJoe Perches <joe@perches.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Joe Perches 提交于
This variable only needs initialization when cmsgs.info is NULL. Use memset to ensure padding is also zeroed so kernel doesn't leak any data. Signed-off-by: NJoe Perches <joe@perches.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
While trying to remove useless synchronize_rcu() calls, I found l2tp is indeed incorrectly using two of such calls, but also bumps tunnel refcount after list insertion. tunnel refcount must be incremented before being made publically visible by rcu readers. This fix can be applied to 2.6.35+ and might need a backport for older kernels, since things were shuffled in commit fd558d18 (l2tp: Split pppol2tp patch into separate l2tp and ppp parts) Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> CC: Paul E. McKenney <paulmck@linux.vnet.ibm.com> CC: James Chapman <jchapman@katalix.com> Reviewed-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 12 5月, 2011 2 次提交
-
-
由 Padmanabh Ratnakar 提交于
Start/stop TX queue is controlled by TX queue "used" counter. It is incremented while WRBs are posted to TX queue and decremented when TX completions are received. This counter was getting decremented before HW is informed about processing of TX completions. As used counter is decremented, transmit function posts new WRBs and creates completion queue full scenario in HW. Signed-off-by: NPadmanabh Ratnakar <padmanabh.ratnakar@emulex.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Padmanabh Ratnakar 提交于
Use OPCODE_COMMON_NTWK_RX_FILTER command for promiscous mode as OPCODE_ETH_PROMISCUOUS command is getting deprecated. Signed-off-by: NPadmanabh Ratnakar <padmanabh.ratnakar@emulex.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-