1. 23 12月, 2011 1 次提交
  2. 22 12月, 2011 1 次提交
  3. 06 12月, 2011 1 次提交
  4. 03 12月, 2011 1 次提交
  5. 02 12月, 2011 1 次提交
  6. 01 12月, 2011 1 次提交
  7. 27 11月, 2011 5 次提交
  8. 19 11月, 2011 1 次提交
    • E
      ipv4: fix redirect handling · 9cc20b26
      Eric Dumazet 提交于
      commit f39925db (ipv4: Cache learned redirect information in
      inetpeer.) introduced a regression in ICMP redirect handling.
      
      It assumed ipv4_dst_check() would be called because all possible routes
      were attached to the inetpeer we modify in ip_rt_redirect(), but thats
      not true.
      
      commit 7cc9150e (route: fix ICMP redirect validation) tried to fix
      this but solution was not complete. (It fixed only one route)
      
      So we must lookup existing routes (including different TOS values) and
      call check_peer_redir() on them.
      Reported-by: NIvan Zahariev <famzah@icdsoft.com>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      CC: Flavio Leitner <fbl@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9cc20b26
  9. 09 11月, 2011 1 次提交
  10. 25 10月, 2011 1 次提交
  11. 24 10月, 2011 1 次提交
    • F
      route: fix ICMP redirect validation · 7cc9150e
      Flavio Leitner 提交于
      The commit f39925db
      (ipv4: Cache learned redirect information in inetpeer.)
      removed some ICMP packet validations which are required by
      RFC 1122, section 3.2.2.2:
      ...
        A Redirect message SHOULD be silently discarded if the new
        gateway address it specifies is not on the same connected
        (sub-) net through which the Redirect arrived [INTRO:2,
        Appendix A], or if the source of the Redirect is not the
        current first-hop gateway for the specified destination (see
        Section 3.3.1).
      Signed-off-by: NFlavio Leitner <fbl@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7cc9150e
  12. 04 10月, 2011 1 次提交
  13. 12 8月, 2011 1 次提交
  14. 11 8月, 2011 1 次提交
    • J
      ipv4: some rt_iif -> rt_route_iif conversions · 97a80410
      Julian Anastasov 提交于
      As rt_iif represents input device even for packets
      coming from loopback with output route, it is not an unique
      key specific to input routes. Now rt_route_iif has such role,
      it was fl.iif in 2.6.38, so better to change the checks at
      some places to save CPU cycles and to restore 2.6.38 semantics.
      
      compare_keys:
      	- input routes: only rt_route_iif matters, rt_iif is same
      	- output routes: only rt_oif matters, rt_iif is not
      		used for matching in __ip_route_output_key
      	- now we are back to 2.6.38 state
      
      ip_route_input_common:
      	- matching rt_route_iif implies input route
      	- compared to 2.6.38 we eliminated one rth->fl.oif check
      	because it was not needed even for 2.6.38
      
      compare_hash_inputs:
      	Only the change here is not an optimization, it has
      	effect only for output routes. I assume I'm restoring
      	the original intention to ignore oif, it was using fl.iif
      	- now we are back to 2.6.38 state
      Signed-off-by: NJulian Anastasov <ja@ssi.bg>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      97a80410
  15. 08 8月, 2011 1 次提交
    • J
      ipv4: fix the reusing of routing cache entries · d547f727
      Julian Anastasov 提交于
      	compare_keys and ip_route_input_common rely on
      rt_oif for distinguishing of input and output routes
      with same keys values. But sometimes the input route has
      also same hash chain (keyed by iif != 0) with the output
      routes (keyed by orig_oif=0). Problem visible if running
      with small number of rhash_entries.
      
      	Fix them to use rt_route_iif instead. By this way
      input route can not be returned to users that request
      output route.
      
      	The patch fixes the ip_rt_bug errors that were
      reported in ip_local_out context, mostly for 255.255.255.255
      destinations.
      Signed-off-by: NJulian Anastasov <ja@ssi.bg>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d547f727
  16. 07 8月, 2011 1 次提交
    • D
      net: Compute protocol sequence numbers and fragment IDs using MD5. · 6e5714ea
      David S. Miller 提交于
      Computers have become a lot faster since we compromised on the
      partial MD4 hash which we use currently for performance reasons.
      
      MD5 is a much safer choice, and is inline with both RFC1948 and
      other ISS generators (OpenBSD, Solaris, etc.)
      
      Furthermore, only having 24-bits of the sequence number be truly
      unpredictable is a very serious limitation.  So the periodic
      regeneration and 8-bit counter have been removed.  We compute and
      use a full 32-bit sequence number.
      
      For ipv6, DCCP was found to use a 32-bit truncated initial sequence
      number (it needs 43-bits) and that is fixed here as well.
      Reported-by: NDan Kaminsky <dan@doxpara.com>
      Tested-by: NWilly Tarreau <w@1wt.eu>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6e5714ea
  17. 03 8月, 2011 1 次提交
  18. 24 7月, 2011 1 次提交
  19. 18 7月, 2011 2 次提交
  20. 17 7月, 2011 1 次提交
  21. 14 7月, 2011 1 次提交
    • D
      net: Embed hh_cache inside of struct neighbour. · f6b72b62
      David S. Miller 提交于
      Now that there is a one-to-one correspondance between neighbour
      and hh_cache entries, we no longer need:
      
      1) dynamic allocation
      2) attachment to dst->hh
      3) refcounting
      
      Initialization of the hh_cache entry is indicated by hh_len
      being non-zero, and such initialization is always done with
      the neighbour's lock held as a writer.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f6b72b62
  22. 13 7月, 2011 1 次提交
    • D
      ipv4: Inline neigh binding. · 3769cffb
      David Miller 提交于
      Get rid of all of the useless and costly indirection
      by doing the neigh hash table lookup directly inside
      of the neighbour binding.
      
      Rename from arp_bind_neighbour to rt_bind_neighbour.
      
      Use new helpers {__,}ipv4_neigh_lookup()
      
      In rt_bind_neighbour() get rid of useless tests which
      are never true in the context this function is called,
      namely dev is never NULL and the dst->neighbour is
      always NULL.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3769cffb
  23. 02 7月, 2011 1 次提交
  24. 19 6月, 2011 1 次提交
  25. 10 6月, 2011 1 次提交
    • G
      rtnetlink: Compute and store minimum ifinfo dump size · c7ac8679
      Greg Rose 提交于
      The message size allocated for rtnl ifinfo dumps was limited to
      a single page.  This is not enough for additional interface info
      available with devices that support SR-IOV and caused a bug in
      which VF info would not be displayed if more than approximately
      40 VFs were created per interface.
      
      Implement a new function pointer for the rtnl_register service that will
      calculate the amount of data required for the ifinfo dump and allocate
      enough data to satisfy the request.
      Signed-off-by: NGreg Rose <gregory.v.rose@intel.com>
      Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
      c7ac8679
  26. 09 6月, 2011 1 次提交
  27. 23 5月, 2011 1 次提交
  28. 19 5月, 2011 2 次提交
  29. 17 5月, 2011 1 次提交
  30. 14 5月, 2011 1 次提交
  31. 05 5月, 2011 1 次提交
  32. 04 5月, 2011 1 次提交
  33. 03 5月, 2011 1 次提交
    • D
      ipv4: Make sure flowi4->{saddr,daddr} are always set. · 56157872
      David S. Miller 提交于
      Slow path output route resolution always makes sure that
      ->{saddr,daddr} are set, and also if we trigger into IPSEC resolution
      we initialize them as well, because xfrm_lookup() expects them to be
      fully resolved.
      
      But if we hit the fast path and flowi4->flowi4_proto is zero, we won't
      do this initialization.
      
      Therefore, move the IPSEC path initialization to the route cache
      lookup fast path to make sure these are always set.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      56157872
  34. 29 4月, 2011 1 次提交