diff options
author | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-06-08 02:08:06 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-06-08 02:08:06 +0200 |
commit | df3872a9664667edae729361c9948b652de5c6f4 (patch) | |
tree | d191c1e6413f82b7a3f074a29b2d1fb92476d30f /include | |
parent | enable interrupts in user path of page fault. (diff) | |
parent | xfrm: Add security check before flushing SAD/SPD (diff) | |
download | linux-df3872a9664667edae729361c9948b652de5c6f4.tar.xz linux-df3872a9664667edae729361c9948b652de5c6f4.zip |
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (24 commits)
xfrm: Add security check before flushing SAD/SPD
[NET_SCHED]: Fix filter double free
[NET]: Avoid duplicate netlink notification when changing link state
[UDP]: Revert 2-pass hashing changes.
[AF_UNIX]: Fix stream recvmsg() race.
[NETFILTER]: nf_conntrack_amanda: fix textsearch_prepare() error check
[NETFILTER]: ip_tables: fix compat related crash
[NETFILTER]: nf_conntrack: fix helper module unload races
[RTNETLINK]: ifindex 0 does not exist
[NETLINK]: Mark netlink policies const
[TCP] tcp_probe: Attach printf attribute properly to printl().
[TCP]: Use LIMIT_NETDEBUG in tcp_retransmit_timer().
[NET]: Merge dst_discard_in and dst_discard_out.
[RFKILL]: Make rfkill->name const
[IPV4]: Restore old behaviour of default config values
[IPV4]: Add default config support after inetdev_init
[IPV4]: Convert IPv4 devconf to an array
[IPV4]: Only panic if inetdev_init fails for loopback
[TCP]: Honour sk_bound_dev_if in tcp_v4_send_ack
[BNX2]: Update version and reldate.
...
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/inetdevice.h | 103 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ip_tables.h | 20 | ||||
-rw-r--r-- | include/linux/rfkill.h | 2 | ||||
-rw-r--r-- | include/net/fib_rules.h | 2 | ||||
-rw-r--r-- | include/net/genetlink.h | 2 | ||||
-rw-r--r-- | include/net/ip.h | 1 | ||||
-rw-r--r-- | include/net/ip_fib.h | 2 | ||||
-rw-r--r-- | include/net/netlink.h | 12 | ||||
-rw-r--r-- | include/net/udp.h | 9 | ||||
-rw-r--r-- | include/net/udplite.h | 2 | ||||
-rw-r--r-- | include/net/xfrm.h | 6 |
11 files changed, 98 insertions, 63 deletions
diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h index c0f7aec331c2..ae04901aa09a 100644 --- a/include/linux/inetdevice.h +++ b/include/linux/inetdevice.h @@ -3,6 +3,7 @@ #ifdef __KERNEL__ +#include <linux/bitmap.h> #include <linux/if.h> #include <linux/netdevice.h> #include <linux/rcupdate.h> @@ -10,28 +11,9 @@ struct ipv4_devconf { - int accept_redirects; - int send_redirects; - int secure_redirects; - int shared_media; - int accept_source_route; - int rp_filter; - int proxy_arp; - int bootp_relay; - int log_martians; - int forwarding; - int mc_forwarding; - int tag; - int arp_filter; - int arp_announce; - int arp_ignore; - int arp_accept; - int medium_id; - int no_xfrm; - int no_policy; - int force_igmp_version; - int promote_secondaries; void *sysctl; + int data[__NET_IPV4_CONF_MAX - 1]; + DECLARE_BITMAP(state, __NET_IPV4_CONF_MAX - 1); }; extern struct ipv4_devconf ipv4_devconf; @@ -60,30 +42,70 @@ struct in_device struct rcu_head rcu_head; }; -#define IN_DEV_FORWARD(in_dev) ((in_dev)->cnf.forwarding) -#define IN_DEV_MFORWARD(in_dev) (ipv4_devconf.mc_forwarding && (in_dev)->cnf.mc_forwarding) -#define IN_DEV_RPFILTER(in_dev) (ipv4_devconf.rp_filter && (in_dev)->cnf.rp_filter) -#define IN_DEV_SOURCE_ROUTE(in_dev) (ipv4_devconf.accept_source_route && (in_dev)->cnf.accept_source_route) -#define IN_DEV_BOOTP_RELAY(in_dev) (ipv4_devconf.bootp_relay && (in_dev)->cnf.bootp_relay) - -#define IN_DEV_LOG_MARTIANS(in_dev) (ipv4_devconf.log_martians || (in_dev)->cnf.log_martians) -#define IN_DEV_PROXY_ARP(in_dev) (ipv4_devconf.proxy_arp || (in_dev)->cnf.proxy_arp) -#define IN_DEV_SHARED_MEDIA(in_dev) (ipv4_devconf.shared_media || (in_dev)->cnf.shared_media) -#define IN_DEV_TX_REDIRECTS(in_dev) (ipv4_devconf.send_redirects || (in_dev)->cnf.send_redirects) -#define IN_DEV_SEC_REDIRECTS(in_dev) (ipv4_devconf.secure_redirects || (in_dev)->cnf.secure_redirects) -#define IN_DEV_IDTAG(in_dev) ((in_dev)->cnf.tag) -#define IN_DEV_MEDIUM_ID(in_dev) ((in_dev)->cnf.medium_id) -#define IN_DEV_PROMOTE_SECONDARIES(in_dev) (ipv4_devconf.promote_secondaries || (in_dev)->cnf.promote_secondaries) +#define IPV4_DEVCONF(cnf, attr) ((cnf).data[NET_IPV4_CONF_ ## attr - 1]) +#define IPV4_DEVCONF_ALL(attr) IPV4_DEVCONF(ipv4_devconf, attr) + +static inline int ipv4_devconf_get(struct in_device *in_dev, int index) +{ + index--; + return in_dev->cnf.data[index]; +} + +static inline void ipv4_devconf_set(struct in_device *in_dev, int index, + int val) +{ + index--; + set_bit(index, in_dev->cnf.state); + in_dev->cnf.data[index] = val; +} + +static inline void ipv4_devconf_setall(struct in_device *in_dev) +{ + bitmap_fill(in_dev->cnf.state, __NET_IPV4_CONF_MAX - 1); +} + +#define IN_DEV_CONF_GET(in_dev, attr) \ + ipv4_devconf_get((in_dev), NET_IPV4_CONF_ ## attr) +#define IN_DEV_CONF_SET(in_dev, attr, val) \ + ipv4_devconf_set((in_dev), NET_IPV4_CONF_ ## attr, (val)) + +#define IN_DEV_ANDCONF(in_dev, attr) \ + (IPV4_DEVCONF_ALL(attr) && IN_DEV_CONF_GET((in_dev), attr)) +#define IN_DEV_ORCONF(in_dev, attr) \ + (IPV4_DEVCONF_ALL(attr) || IN_DEV_CONF_GET((in_dev), attr)) +#define IN_DEV_MAXCONF(in_dev, attr) \ + (max(IPV4_DEVCONF_ALL(attr), IN_DEV_CONF_GET((in_dev), attr))) + +#define IN_DEV_FORWARD(in_dev) IN_DEV_CONF_GET((in_dev), FORWARDING) +#define IN_DEV_MFORWARD(in_dev) (IPV4_DEVCONF_ALL(MC_FORWARDING) && \ + IPV4_DEVCONF((in_dev)->cnf, \ + MC_FORWARDING)) +#define IN_DEV_RPFILTER(in_dev) IN_DEV_ANDCONF((in_dev), RP_FILTER) +#define IN_DEV_SOURCE_ROUTE(in_dev) IN_DEV_ANDCONF((in_dev), \ + ACCEPT_SOURCE_ROUTE) +#define IN_DEV_BOOTP_RELAY(in_dev) IN_DEV_ANDCONF((in_dev), BOOTP_RELAY) + +#define IN_DEV_LOG_MARTIANS(in_dev) IN_DEV_ORCONF((in_dev), LOG_MARTIANS) +#define IN_DEV_PROXY_ARP(in_dev) IN_DEV_ORCONF((in_dev), PROXY_ARP) +#define IN_DEV_SHARED_MEDIA(in_dev) IN_DEV_ORCONF((in_dev), SHARED_MEDIA) +#define IN_DEV_TX_REDIRECTS(in_dev) IN_DEV_ORCONF((in_dev), SEND_REDIRECTS) +#define IN_DEV_SEC_REDIRECTS(in_dev) IN_DEV_ORCONF((in_dev), \ + SECURE_REDIRECTS) +#define IN_DEV_IDTAG(in_dev) IN_DEV_CONF_GET(in_dev, TAG) +#define IN_DEV_MEDIUM_ID(in_dev) IN_DEV_CONF_GET(in_dev, MEDIUM_ID) +#define IN_DEV_PROMOTE_SECONDARIES(in_dev) \ + IN_DEV_ORCONF((in_dev), \ + PROMOTE_SECONDARIES) #define IN_DEV_RX_REDIRECTS(in_dev) \ ((IN_DEV_FORWARD(in_dev) && \ - (ipv4_devconf.accept_redirects && (in_dev)->cnf.accept_redirects)) \ + IN_DEV_ANDCONF((in_dev), ACCEPT_REDIRECTS)) \ || (!IN_DEV_FORWARD(in_dev) && \ - (ipv4_devconf.accept_redirects || (in_dev)->cnf.accept_redirects))) + IN_DEV_ORCONF((in_dev), ACCEPT_REDIRECTS))) -#define IN_DEV_ARPFILTER(in_dev) (ipv4_devconf.arp_filter || (in_dev)->cnf.arp_filter) -#define IN_DEV_ARP_ANNOUNCE(in_dev) (max(ipv4_devconf.arp_announce, (in_dev)->cnf.arp_announce)) -#define IN_DEV_ARP_IGNORE(in_dev) (max(ipv4_devconf.arp_ignore, (in_dev)->cnf.arp_ignore)) +#define IN_DEV_ARPFILTER(in_dev) IN_DEV_ORCONF((in_dev), ARPFILTER) +#define IN_DEV_ARP_ANNOUNCE(in_dev) IN_DEV_MAXCONF((in_dev), ARP_ANNOUNCE) +#define IN_DEV_ARP_IGNORE(in_dev) IN_DEV_MAXCONF((in_dev), ARP_IGNORE) struct in_ifaddr { @@ -108,7 +130,6 @@ extern struct net_device *ip_dev_find(__be32 addr); extern int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b); extern int devinet_ioctl(unsigned int cmd, void __user *); extern void devinet_init(void); -extern struct in_device *inetdev_init(struct net_device *dev); extern struct in_device *inetdev_by_index(int); extern __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope); extern __be32 inet_confirm_addr(const struct net_device *dev, __be32 dst, __be32 local, int scope); diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index 2f46dd728ee1..e992cd6b28f5 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h @@ -264,6 +264,26 @@ ipt_get_target(struct ipt_entry *e) __ret; \ }) +/* fn returns 0 to continue iteration */ +#define IPT_ENTRY_ITERATE_CONTINUE(entries, size, n, fn, args...) \ +({ \ + unsigned int __i, __n; \ + int __ret = 0; \ + struct ipt_entry *__entry; \ + \ + for (__i = 0, __n = 0; __i < (size); \ + __i += __entry->next_offset, __n++) { \ + __entry = (void *)(entries) + __i; \ + if (__n < n) \ + continue; \ + \ + __ret = fn(__entry , ## args); \ + if (__ret != 0) \ + break; \ + } \ + __ret; \ +}) + /* * Main firewall chains definitions and global var's definitions. */ diff --git a/include/linux/rfkill.h b/include/linux/rfkill.h index 7c1ffbab7865..a8a6ea809da0 100644 --- a/include/linux/rfkill.h +++ b/include/linux/rfkill.h @@ -63,7 +63,7 @@ enum rfkill_state { * This structure represents a RF switch located on a network device. */ struct rfkill { - char *name; + const char *name; enum rfkill_type type; enum rfkill_state state; diff --git a/include/net/fib_rules.h b/include/net/fib_rules.h index ed3a8872c6ca..83e41dd15ccd 100644 --- a/include/net/fib_rules.h +++ b/include/net/fib_rules.h @@ -64,7 +64,7 @@ struct fib_rules_ops void (*flush_cache)(void); int nlgroup; - struct nla_policy *policy; + const struct nla_policy *policy; struct list_head *rules_list; struct module *owner; }; diff --git a/include/net/genetlink.h b/include/net/genetlink.h index adff4c898d50..b6eaca122db8 100644 --- a/include/net/genetlink.h +++ b/include/net/genetlink.h @@ -60,7 +60,7 @@ struct genl_ops { u8 cmd; unsigned int flags; - struct nla_policy *policy; + const struct nla_policy *policy; int (*doit)(struct sk_buff *skb, struct genl_info *info); int (*dumpit)(struct sk_buff *skb, diff --git a/include/net/ip.h b/include/net/ip.h index bb207db03675..abf2820a1125 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -143,6 +143,7 @@ struct ip_reply_arg { __wsum csum; int csumoffset; /* u16 offset of csum in iov[0].iov_base */ /* -1 if not needed */ + int bound_dev_if; }; void ip_send_reply(struct sock *sk, struct sk_buff *skb, struct ip_reply_arg *arg, diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h index 5a4a0366c24f..69252cbe05b0 100644 --- a/include/net/ip_fib.h +++ b/include/net/ip_fib.h @@ -213,7 +213,7 @@ extern void fib_select_default(const struct flowi *flp, struct fib_result *res); #endif /* CONFIG_IP_MULTIPLE_TABLES */ /* Exported by fib_frontend.c */ -extern struct nla_policy rtm_ipv4_policy[]; +extern const struct nla_policy rtm_ipv4_policy[]; extern void ip_fib_init(void); extern int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif, struct net_device *dev, __be32 *spec_dst, u32 *itag); diff --git a/include/net/netlink.h b/include/net/netlink.h index 0bf325c29aff..7b510a9edb91 100644 --- a/include/net/netlink.h +++ b/include/net/netlink.h @@ -222,10 +222,10 @@ extern int nlmsg_notify(struct sock *sk, struct sk_buff *skb, gfp_t flags); extern int nla_validate(struct nlattr *head, int len, int maxtype, - struct nla_policy *policy); + const struct nla_policy *policy); extern int nla_parse(struct nlattr *tb[], int maxtype, struct nlattr *head, int len, - struct nla_policy *policy); + const struct nla_policy *policy); extern struct nlattr * nla_find(struct nlattr *head, int len, int attrtype); extern size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize); @@ -360,7 +360,7 @@ static inline struct nlmsghdr *nlmsg_next(struct nlmsghdr *nlh, int *remaining) */ static inline int nlmsg_parse(struct nlmsghdr *nlh, int hdrlen, struct nlattr *tb[], int maxtype, - struct nla_policy *policy) + const struct nla_policy *policy) { if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) return -EINVAL; @@ -392,7 +392,7 @@ static inline struct nlattr *nlmsg_find_attr(struct nlmsghdr *nlh, * @policy: validation policy */ static inline int nlmsg_validate(struct nlmsghdr *nlh, int hdrlen, int maxtype, - struct nla_policy *policy) + const struct nla_policy *policy) { if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) return -EINVAL; @@ -729,7 +729,7 @@ static inline struct nlattr *nla_find_nested(struct nlattr *nla, int attrtype) */ static inline int nla_parse_nested(struct nlattr *tb[], int maxtype, struct nlattr *nla, - struct nla_policy *policy) + const struct nla_policy *policy) { return nla_parse(tb, maxtype, nla_data(nla), nla_len(nla), policy); } @@ -990,7 +990,7 @@ static inline int nla_nest_cancel(struct sk_buff *skb, struct nlattr *start) * Returns 0 on success or a negative error code. */ static inline int nla_validate_nested(struct nlattr *start, int maxtype, - struct nla_policy *policy) + const struct nla_policy *policy) { return nla_validate(nla_data(start), nla_len(start), maxtype, policy); } diff --git a/include/net/udp.h b/include/net/udp.h index 496f89d45c8b..98755ebaf163 100644 --- a/include/net/udp.h +++ b/include/net/udp.h @@ -119,16 +119,9 @@ static inline void udp_lib_close(struct sock *sk, long timeout) } -struct udp_get_port_ops { - int (*saddr_cmp)(const struct sock *sk1, const struct sock *sk2); - int (*saddr_any)(const struct sock *sk); - unsigned int (*hash_port_and_rcv_saddr)(__u16 port, - const struct sock *sk); -}; - /* net/ipv4/udp.c */ extern int udp_get_port(struct sock *sk, unsigned short snum, - const struct udp_get_port_ops *ops); + int (*saddr_cmp)(const struct sock *, const struct sock *)); extern void udp_err(struct sk_buff *, u32); extern int udp_sendmsg(struct kiocb *iocb, struct sock *sk, diff --git a/include/net/udplite.h b/include/net/udplite.h index 50b4b424d1ca..635b0eafca95 100644 --- a/include/net/udplite.h +++ b/include/net/udplite.h @@ -120,5 +120,5 @@ static inline __wsum udplite_csum_outgoing(struct sock *sk, struct sk_buff *skb) extern void udplite4_register(void); extern int udplite_get_port(struct sock *sk, unsigned short snum, - const struct udp_get_port_ops *ops); + int (*scmp)(const struct sock *, const struct sock *)); #endif /* _UDPLITE_H */ diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 90185e8b335e..311f25af5e1a 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -964,7 +964,7 @@ struct xfrmk_spdinfo { extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq); extern int xfrm_state_delete(struct xfrm_state *x); -extern void xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info); +extern int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info); extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si); extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si); extern int xfrm_replay_check(struct xfrm_state *x, __be32 seq); @@ -1020,13 +1020,13 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, struct xfrm_sec_ctx *ctx, int delete, int *err); struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete, int *err); -void xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info); +int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info); u32 xfrm_get_acqseq(void); void xfrm_alloc_spi(struct xfrm_state *x, __be32 minspi, __be32 maxspi); struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create, unsigned short family); -extern void xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info); +extern int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info); extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst, struct flowi *fl, int family, int strict); |