1. 21 9月, 2006 5 次提交
  2. 23 8月, 2006 1 次提交
  3. 05 8月, 2006 1 次提交
    • I
      [PKT_SCHED] RED: Fix overflow in calculation of queue average · c4c0ce5c
      Ilpo Järvinen 提交于
      Overflow can occur very easily with 32 bits, e.g., with 1 second
      us_idle is approx. 2^20, which leaves only 11-Wlog bits for queue
      length. Since the EWMA exponent is typically around 9, queue
      lengths larger than 2^2 cause overflow. Whether the affected
      branch is taken when us_idle is as high as 1 second, depends on
      Scell_log, but with rather reasonable configuration Scell_log is
      large enough to cause p->Stab to have zero index, which always
      results zero shift (typically also few other small indices result
      in zero shift).
      Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c4c0ce5c
  4. 03 8月, 2006 5 次提交
    • A
      [NET]: Fix more per-cpu typos · 29bbd72d
      Alexey Dobriyan 提交于
      Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      29bbd72d
    • C
      [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch · dc49c1f9
      Catherine Zhang 提交于
      From: Catherine Zhang <cxzhang@watson.ibm.com>
      
      This patch implements a cleaner fix for the memory leak problem of the
      original unix datagram getpeersec patch.  Instead of creating a
      security context each time a unix datagram is sent, we only create the
      security context when the receiver requests it.
      
      This new design requires modification of the current
      unix_getsecpeer_dgram LSM hook and addition of two new hooks, namely,
      secid_to_secctx and release_secctx.  The former retrieves the security
      context and the latter releases it.  A hook is required for releasing
      the security context because it is up to the security module to decide
      how that's done.  In the case of Selinux, it's a simple kfree
      operation.
      Acked-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dc49c1f9
    • T
      [NET]: Network Event Notifier Mechanism. · 792d1932
      Tom Tucker 提交于
      This patch uses notifier blocks to implement a network event
      notifier mechanism.
      
      Clients register their callback function by calling
      register_netevent_notifier() like this:
      
      static struct notifier_block nb = {
              .notifier_call = my_callback_func
      };
      
      ...
      
      register_netevent_notifier(&nb);
      Signed-off-by: NTom Tucker <tom@opengridcomputing.com>
      Signed-off-by: NSteve Wise <swise@opengridcomputing.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      792d1932
    • W
      [TCP]: SNMPv2 tcpAttemptFails counter error · 3687b1dc
      Wei Yongjun 提交于
      Refer to RFC2012, tcpAttemptFails is defined as following:
        tcpAttemptFails OBJECT-TYPE
            SYNTAX      Counter32
            MAX-ACCESS  read-only
            STATUS      current
            DESCRIPTION
                    "The number of times TCP connections have made a direct
                    transition to the CLOSED state from either the SYN-SENT
                    state or the SYN-RCVD state, plus the number of times TCP
                    connections have made a direct transition to the LISTEN
                    state from the SYN-RCVD state."
            ::= { tcp 7 }
      
      When I lookup into RFC793, I found that the state change should occured
      under following condition:
        1. SYN-SENT -> CLOSED
           a) Received ACK,RST segment when SYN-SENT state.
      
        2. SYN-RCVD -> CLOSED
           b) Received SYN segment when SYN-RCVD state(came from LISTEN).
           c) Received RST segment when SYN-RCVD state(came from SYN-SENT).
           d) Received SYN segment when SYN-RCVD state(came from SYN-SENT).
      
        3. SYN-RCVD -> LISTEN
           e) Received RST segment when SYN-RCVD state(came from LISTEN).
      
      In my test, those direct state transition can not be counted to
      tcpAttemptFails.
      Signed-off-by: NWei Yongjun <yjwei@nanjing-fnst.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3687b1dc
    • H
      [IPV6]: Audit all ip6_dst_lookup/ip6_dst_store calls · 497c615a
      Herbert Xu 提交于
      The current users of ip6_dst_lookup can be divided into two classes:
      
      1) The caller holds no locks and is in user-context (UDP).
      2) The caller does not want to lookup the dst cache at all.
      
      The second class covers everyone except UDP because most people do
      the cache lookup directly before calling ip6_dst_lookup.  This patch
      adds ip6_sk_dst_lookup for the first class.
      
      Similarly ip6_dst_store users can be divded into those that need to
      take the socket dst lock and those that don't.  This patch adds
      __ip6_dst_store for those (everyone except UDP/datagram) that don't
      need an extra lock.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      497c615a
  5. 25 7月, 2006 1 次提交
  6. 22 7月, 2006 3 次提交
  7. 15 7月, 2006 1 次提交
  8. 09 7月, 2006 1 次提交
  9. 06 7月, 2006 1 次提交
    • J
      [PATCH] SoftMAC: Prevent multiple authentication attempts on the same network · cb74c432
      Joseph Jezak 提交于
      This patch addresses the "No queue exists" messages commonly seen during
      authentication and associating.  These appear due to scheduling multiple
      authentication attempts on the same network.  To prevent this, I added a
      flag to stop multiple authentication attempts by the association layer.
      I also added a check to the wx handler to see if we're connecting to a
      different network than the one already in progress.  This scenario was
      causing multiple requests on the same network because the network BSSID
      was not being updated despite the fact that the ESSID changed.
      Signed-off-by: NJoseph Jezak <josejx@gentoo.org>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      cb74c432
  10. 04 7月, 2006 9 次提交
  11. 03 7月, 2006 1 次提交
  12. 01 7月, 2006 3 次提交
    • H
      [IPV6]: Added GSO support for TCPv6 · f83ef8c0
      Herbert Xu 提交于
      This patch adds GSO support for IPv6 and TCPv6.  This is based on a patch
      by Ananda Raju <Ananda.Raju@neterion.com>.  His original description is:
      
      	This patch enables TSO over IPv6. Currently Linux network stacks
      	restricts TSO over IPv6 by clearing of the NETIF_F_TSO bit from
      	"dev->features". This patch will remove this restriction.
      
      	This patch will introduce a new flag NETIF_F_TSO6 which will be used
      	to check whether device supports TSO over IPv6. If device support TSO
      	over IPv6 then we don't clear of NETIF_F_TSO and which will make the
      	TCP layer to create TSO packets. Any device supporting TSO over IPv6
      	will set NETIF_F_TSO6 flag in "dev->features" along with NETIF_F_TSO.
      
      	In case when user disables TSO using ethtool, NETIF_F_TSO will get
      	cleared from "dev->features". So even if we have NETIF_F_TSO6 we don't
      	get TSO packets created by TCP layer.
      
      	SKB_GSO_TCPV4 renamed to SKB_GSO_TCP to make it generic GSO packet.
      	SKB_GSO_UDPV4 renamed to SKB_GSO_UDP as UFO is not a IPv4 feature.
      	UFO is supported over IPv6 also
      
      	The following table shows there is significant improvement in
      	throughput with normal frames and CPU usage for both normal and jumbo.
      
      	--------------------------------------------------
      	|          |     1500        |      9600         |
      	|          ------------------|-------------------|
      	|          | thru     CPU    |  thru     CPU     |
      	--------------------------------------------------
      	| TSO OFF  | 2.00   5.5% id  |  5.66   20.0% id  |
      	--------------------------------------------------
      	| TSO ON   | 2.63   78.0 id  |  5.67   39.0% id  |
      	--------------------------------------------------
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f83ef8c0
    • H
      [NET]: Generalise TSO-specific bits from skb_setup_caps · bcd76111
      Herbert Xu 提交于
      This patch generalises the TSO-specific bits from sk_setup_caps by adding
      the sk_gso_type member to struct sock.  This makes sk_setup_caps generic
      so that it can be used by TCPv6 or UFO.
      
      The only catch is that whoever uses this must provide a GSO implementation
      for their protocol which I think is a fair deal :) For now UFO continues to
      live without a GSO implementation which is OK since it doesn't use the sock
      caps field at the moment.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bcd76111
    • H
      [IPV6]: Added GSO support for TCPv6 · adcfc7d0
      Herbert Xu 提交于
      This patch adds GSO support for IPv6 and TCPv6.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      adcfc7d0
  13. 30 6月, 2006 4 次提交
    • M
      [NET]: Add ECN support for TSO · b0da8537
      Michael Chan 提交于
      In the current TSO implementation, NETIF_F_TSO and ECN cannot be
      turned on together in a TCP connection.  The problem is that most
      hardware that supports TSO does not handle CWR correctly if it is set
      in the TSO packet.  Correct handling requires CWR to be set in the
      first packet only if it is set in the TSO header.
      
      This patch adds the ability to turn on NETIF_F_TSO and ECN using
      GSO if necessary to handle TSO packets with CWR set.  Hardware
      that handles CWR correctly can turn on NETIF_F_TSO_ECN in the dev->
      features flag.
      
      All TSO packets with CWR set will have the SKB_GSO_TCPV4_ECN set.  If
      the output device does not have the NETIF_F_TSO_ECN feature set, GSO
      will split the packet up correctly with CWR only set in the first
      segment.
      
      With help from Herbert Xu <herbert@gondor.apana.org.au>.
      
      Since ECN can always be enabled with TSO, the SOCK_NO_LARGESEND sock
      flag is completely removed.
      Signed-off-by: NMichael Chan <mchan@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b0da8537
    • C
      [AF_UNIX]: Datagram getpeersec · 877ce7c1
      Catherine Zhang 提交于
      This patch implements an API whereby an application can determine the
      label of its peer's Unix datagram sockets via the auxiliary data mechanism of
      recvmsg.
      
      Patch purpose:
      
      This patch enables a security-aware application to retrieve the
      security context of the peer of a Unix datagram socket.  The application
      can then use this security context to determine the security context for
      processing on behalf of the peer who sent the packet.
      
      Patch design and implementation:
      
      The design and implementation is very similar to the UDP case for INET
      sockets.  Basically we build upon the existing Unix domain socket API for
      retrieving user credentials.  Linux offers the API for obtaining user
      credentials via ancillary messages (i.e., out of band/control messages
      that are bundled together with a normal message).  To retrieve the security
      context, the application first indicates to the kernel such desire by
      setting the SO_PASSSEC option via getsockopt.  Then the application
      retrieves the security context using the auxiliary data mechanism.
      
      An example server application for Unix datagram socket should look like this:
      
      toggle = 1;
      toggle_len = sizeof(toggle);
      
      setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
      recvmsg(sockfd, &msg_hdr, 0);
      if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
          cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
          if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
              cmsg_hdr->cmsg_level == SOL_SOCKET &&
              cmsg_hdr->cmsg_type == SCM_SECURITY) {
              memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
          }
      }
      
      sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
      a server socket to receive security context of the peer.
      
      Testing:
      
      We have tested the patch by setting up Unix datagram client and server
      applications.  We verified that the server can retrieve the security context
      using the auxiliary data mechanism of recvmsg.
      Signed-off-by: NCatherine Zhang <cxzhang@watson.ibm.com>
      Acked-by: NAcked-by: James Morris <jmorris@namei.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      877ce7c1
    • S
    • H
      [NET]: Added GSO header verification · 576a30eb
      Herbert Xu 提交于
      When GSO packets come from an untrusted source (e.g., a Xen guest domain),
      we need to verify the header integrity before passing it to the hardware.
      
      Since the first step in GSO is to verify the header, we can reuse that
      code by adding a new bit to gso_type: SKB_GSO_DODGY.  Packets with this
      bit set can only be fed directly to devices with the corresponding bit
      NETIF_F_GSO_ROBUST.  If the device doesn't have that bit, then the skb
      is fed to the GSO engine which will allow the packet to be sent to the
      hardware if it passes the header check.
      
      This patch changes the sg flag to a full features flag.  The same method
      can be used to implement TSO ECN support.  We simply have to mark packets
      with CWR set with SKB_GSO_ECN so that only hardware with a corresponding
      NETIF_F_TSO_ECN can accept them.  The GSO engine can either fully segment
      the packet, or segment the first MTU and pass the rest to the hardware for
      further segmentation.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      576a30eb
  14. 26 6月, 2006 1 次提交
  15. 23 6月, 2006 3 次提交