summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* netlink: allow empty nested attributesPatrick McHardy2008-11-281-0/+6
| | | | | | | | | | | | | validate_nla() currently doesn't allow empty nested attributes. This makes userspace code unnecessarily complicated when starting and ending the nested attribute is done by generic upper level code and the inner attributes are dumped by a module. Add a special case to accept empty nested attributes. When the nested attribute is non empty, the same checks as before are performed. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'master' of ↵David S. Miller2008-11-2840-221/+514
|\ | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 Conflicts: net/netfilter/nf_conntrack_netlink.c
| * netfilter: fix warning in net/netfilter/nf_conntrack_ftp.cIngo Molnar2008-11-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this warning: net/netfilter/nf_conntrack_ftp.c: In function 'help': net/netfilter/nf_conntrack_ftp.c:360: warning: 'matchoff' may be used uninitialized in this function net/netfilter/nf_conntrack_ftp.c:360: warning: 'matchlen' may be used uninitialized in this function triggers because GCC does not recognize the (correct) error flow between find_pattern(), 'found', 'matchoff' and 'matchlen'. Annotate it. Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: fix warning in net/netfilter/nf_conntrack_proto_tcp.cIngo Molnar2008-11-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | fix this warning: net/netfilter/nf_conntrack_proto_tcp.c: In function \u2018tcp_in_window\u2019: net/netfilter/nf_conntrack_proto_tcp.c:491: warning: unused variable \u2018net\u2019 net/netfilter/nf_conntrack_proto_tcp.c: In function \u2018tcp_packet\u2019: net/netfilter/nf_conntrack_proto_tcp.c:812: warning: unused variable \u2018net\u2019 Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: nfmark IPV6 routing in OUTPUT, mangle, NFQUEUEEric Leblond2008-11-251-1/+4
| | | | | | | | | | | | | | | | | | This patch let nfmark to be evaluated for routing decision for OUTPUT packet, in mangle table, when process paquet in NFQUEUE. This patch is an IPv6 port of Laurent Licour IPv4 one. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: nfmark routing in OUTPUT, mangle, NFQUEUEEric Leblond2008-11-251-0/+3
| | | | | | | | | | | | | | | | | | | | | | This patch let nfmark to be evaluated for routing decision for OUTPUT packet, in mangle table, when process paquet in NFQUEUE Until now, only change (in NFQUEUE process) on fields src_addr, dest_addr and tos could make netfilter to reevalute the routing. From: Laurent Licour <laurent@licour.com> Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: nf_conntrack_ftp: change "partial ..." message to pr_debug()Patrick McHardy2008-11-241-4/+2
| | | | | | | | | | | | | | | | | | The message triggers when sending non-FTP data on port 21 or with certain clients that use multiple syscalls to send the command. Change to pr_debug() since users have been complaining. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: nf_conntrack_proto_sctp: avoid bogus warningPatrick McHardy2008-11-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | net/netfilter/nf_conntrack_proto_sctp.c: In function 'sctp_packet': net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds gcc doesn't realize that do_basic_checks() guarantees that there is at least one valid chunk and thus new_state is never SCTP_CONNTRACK_MAX after the loop. Initialize to SCTP_CONNTRACK_NONE to avoid the warning. Based on patch by Wu Fengguang <wfg@linux.intel.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ip{,6}t_policy.h should include xp_policy.hAndy Whitcroft2008-11-202-0/+4
| | | | | | | | | | | | | | | | | | | | It seems that all of the include/netfilter_{ipv4,ipv6}/{ipt,ip6t}_*.h which share constants include the corresponding include/netfilter/xp_*.h files. Neither ipt_policy.h not ip6t_policy.h do. Make these consistant with the norm. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: nf_conntrack_proto_gre: spread __exitAlexey Dobriyan2008-11-201-1/+1
| | | | | | | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ip6table_filter: merge LOCAL_IN and FORWARD hooksAlexey Dobriyan2008-11-201-14/+3
| | | | | | | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xt_recent: don't save proc dirsAlexey Dobriyan2008-11-201-11/+11
| | | | | | | | | | | | | | Not needed, since creation and removal are done by name. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: nf_conntrack: fix warning and prototype mismatchPatrick McHardy2008-11-181-4/+4
| | | | | | | | | | | | | | | | net/netfilter/nf_conntrack_core.c:46:1: warning: symbol 'nfnetlink_parse_nat_setup_hook' was not declared. Should it be static? Including the proper header also revealed an incorrect prototype. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: nfnetlink_log: fix warning and prototype mismatchPatrick McHardy2008-11-182-1/+2
| | | | | | | | | | | | | | | | net/netfilter/nfnetlink_log.c:537:1: warning: symbol 'nfulnl_log_packet' was not declared. Should it be static? Including the proper header also revealed an incorrect prototype. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ctnetlink: deliver events for conntracks changed from userspacePablo Neira Ayuso2008-11-187-34/+197
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As for now, the creation and update of conntracks via ctnetlink do not propagate an event to userspace. This can result in inconsistent situations if several userspace processes modify the connection tracking table by means of ctnetlink at the same time. Specifically, using the conntrack command line tool and conntrackd at the same time can trigger unconsistencies. This patch also modifies the event cache infrastructure to pass the process PID and the ECHO flag to nfnetlink_send() to report back to userspace if the process that triggered the change needs so. Based on a suggestion from Patrick McHardy. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ctnetlink: helper modules load-on-demand supportPablo Neira Ayuso2008-11-184-40/+95
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds module loading for helpers via ctnetlink. * Creation path: We support explicit and implicit helper assignation. For the explicit case, we try to load the module. If the module is correctly loaded and the helper is present, we return EAGAIN to re-start the creation. Otherwise, we return EOPNOTSUPP. * Update path: release the spin lock, load the module and check. If it is present, then return EAGAIN to re-start the update. This patch provides a refactorized function to lookup-and-set the connection tracking helper. The function removes the exported symbol __nf_ct_helper_find as it has not clients anymore. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: nf_conntrack: connection tracking helper name persistent aliasesPablo Neira Ayuso2008-11-1710-0/+12
| | | | | | | | | | | | | | | | | | | | | | This patch adds the macro MODULE_ALIAS_NFCT_HELPER that defines a way to provide generic and persistent aliases for the connection tracking helpers. This next patch requires this patch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ctnetlink: get rid of module refcounting in ctnetlinkPablo Neira Ayuso2008-11-171-20/+18
| | | | | | | | | | | | | | | | | | | | | | This patch replaces the unnecessary module refcounting with the read-side locks. With this patch, all the dump and fill_info function are called under the RCU read lock. Based on a patch from Fabian Hugelshofer. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ctnetlink: use EOPNOTSUPP instead of EINVAL if the conntrack has ↵Pablo Neira Ayuso2008-11-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | no helper This patch changes the return value if the conntrack has no helper assigned. Instead of EINVAL, which is reserved for malformed messages, it returns EOPNOTSUPP. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ctnetlink: use nf_conntrack_get instead of atomic_incPablo Neira Ayuso2008-11-171-1/+1
| | | | | | | | | | | | | | Use nf_conntrack_get instead of the direct call to atomic_inc. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: nf_nat: remove warn_if_extra_mangleSimon Arlott2008-11-041-23/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In net/ipv4/netfilter/nf_nat_rule.c, the function warn_if_extra_mangle was added in commit 5b1158e909ecbe1a052203e0d8df15633f829930 (2006-12-02). I have a DNAT target in the OUTPUT chain than changes connections with dst 2.0.0.1 to another address which I'll substitute with 66.102.9.99 below. On every boot I get the following message: [ 146.252505] NAT: no longer support implicit source local NAT [ 146.252517] NAT: packet src 66.102.9.99 -> dst 2.0.0.1 As far as I can tell from reading the function doing this, it should warn if the source IP for the route to 66.102.9.99 is different from 2.0.0.1 but that is not the case. It doesn't make sense to check the DNAT target against the local route source. Either the function should be changed to correctly check the route, or it should be removed entirely as it's been nearly 2 years since it was added. Signed-off-by: Simon Arlott <simon@fire.lp0.eu> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns ebtables: br_nf_pre_routing_finish() fixupAlexey Dobriyan2008-11-041-1/+1
| | | | | | | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns ebtables: ebtable_nat in netnsAlexey Dobriyan2008-11-042-15/+33
| | | | | | | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns ebtables: ebtable_filter in netnsAlexey Dobriyan2008-11-042-13/+38
| | | | | | | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns ebtables: ebtable_broute in netnsAlexey Dobriyan2008-11-042-8/+30
| | | | | | | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns ebtables: more cleanup during ebt_unregister_table()Alexey Dobriyan2008-11-041-0/+4
| | | | | | | | | | | | | | | | Now that ebt_unregister_table() can be called during netns stop, and module pinning scheme can't prevent netns stop, do table cleanup by hand. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns ebtables: part 2Alexey Dobriyan2008-11-045-34/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | * return ebt_table from ebt_register_table(), module code will save it into per-netns data for unregistration * duplicate ebt_table at the very beginning of registration -- it's added into list, so one ebt_table wouldn't end up in many lists (and each netns has different one) * introduce underscored tables in individial modules, this is temporary to not break bisection. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns ebtables: part 1Alexey Dobriyan2008-11-045-17/+18
| | | | | | | | | | | | | | | | | | | | | | * propagate netns from userspace, register table in passed netns * remporarily register every ebt_table in init_net P. S.: one needs to add ".netns_ok = 1" to igmp_protocol to test with ebtables(8) in netns. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: arptable_filter: merge forward hookAlexey Dobriyan2008-11-041-11/+1
| | | | | | | | | | | | | | It's identical to NF_ARP_IN hook. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns-aware ipt_addrtypeAlexey Dobriyan2008-11-041-7/+9
| | | | | | | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xt_NFLOG: don't call nf_log_packet in NFLOG module.Eric Leblond2008-11-043-3/+19
| | | | | | | | | | | | | | | | | | | | This patch modifies xt_NFLOG to suppress the call to nf_log_packet() function. The call of this wrapper in xt_NFLOG was causing NFLOG to use the first initialized module. Thus, if ipt_ULOG is loaded before nfnetlink_log all NFLOG rules are treated as plain LOG rules. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | decnet: compile fix for removal of byteorder wrapperHarvey Harrison2008-11-281-1/+1
| | | | | | | | | | Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ixgbe: section fixesAl Viro2008-11-281-3/+2
| | | | | | | | | | | | | | | | | | ixgbe_init_interrupt_scheme() is called from ixgbe_resume(). Build that with CONFIG_PM and without CONFIG_HOTPLUG and you've got a problem. Several helpers called by it also are misannotated __devinit. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* | sctp: fix missing label when PROC_FS=nRandy Dunlap2008-11-281-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | Fix missing label when CONFIG_PROC_FS=n: net/sctp/protocol.c: In function 'sctp_proc_init': net/sctp/protocol.c:106: error: label 'out_nomem' used but not defined make[3]: *** [net/sctp/protocol.o] Error 1 Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | igb: Add support for pci-e Advanced Error ReportingAlexander Duyck2008-11-271-10/+20
| | | | | | | | | | | | | | | | | | Add the calls necessary to enable advanced error reporting for igb on systems with AER enabled. Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | e100: cleanup link up/down messagesJeff Kirsher2008-11-271-4/+6
| | | | | | | | | | | | | | | | | | The system log messages created on a link status change need to follow a specific format to work with tools some customers use. This also makes the messages consistant with other Intel driver link messages. Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ixgb: cleanup link up/down messagesJeff Kirsher2008-11-271-3/+11
| | | | | | | | | | | | | | | | | | The system log messages created on a link status change need to follow a specific format to work with tools some customers use. This also makes the messages consistant with other Intel driver link messages. Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | e1000: cleanup link up/down messagesJeff Kirsher2008-11-271-5/+7
| | | | | | | | | | | | | | | | | | The system log messages created on a link status change need to follow a specific format to work with tools some customers use. This also makes the messages consistant with other Intel driver link messages. Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ixgbe: cleanup link up/down messagesJeff Kirsher2008-11-271-10/+12
| | | | | | | | | | | | | | | | | | The system log messages created on a link status change need to follow a specific format to work with tools some customers use. This also makes the messages consistant with other Intel driver link messages. Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | igb: link up/down messages must follow a specific formatAlexander Duyck2008-11-271-3/+6
| | | | | | | | | | | | | | | | | | The system log messages created on a link status change need to follow a specific format to work with tools some customers use. Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | decnet: remove private wrappers of endian helpersHarvey Harrison2008-11-2710-94/+94
| | | | | | | | | | | | Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Reviewed-by: Steven Whitehouse <swhiteho@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | Merge branch 'master' of ↵David S. Miller2008-11-2731-85/+215
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Conflicts: drivers/net/hp-plus.c drivers/net/wireless/ath5k/base.c drivers/net/wireless/ath9k/recv.c net/wireless/reg.c
| * | netfilter: ctnetlink: fix GFP_KERNEL allocation under spinlockPatrick McHardy2008-11-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous fix for the conntrack creation race (netfilter: ctnetlink: fix conntrack creation race) missed a GFP_KERNEL allocation that is now performed while holding a spinlock. Switch to GFP_ATOMIC. Reported-and-tested-by: Zoltan Borbely <bozo@andrews.hu> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | sungem: Fix PCS_MIICTRL register write in gem_init_phy().David S. Miller2008-11-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Use writel not writeb. Noticed by Hermann Lauer. Signed-off-by: David S. Miller <davem@davemloft.net>
| * | net: make skb_truesize_bug() call WARN()Arjan van de Ven2008-11-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | The truesize message check is important enough to make it print "BUG" to the user console... lets also make it important enough to spit a backtrace/module list etc so that kerneloops.org can track them. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | net: hp-plus uses eip_pollRandy Dunlap2008-11-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | hp-plus uses 8390p.c, so it should use eip_poll(), not ei_poll(). drivers/built-in.o: In function `hpp_probe1': hp-plus.c:(.init.text+0x9cbd): undefined reference to `ei_poll' Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | Merge branch 'master' of ↵David S. Miller2008-11-258-21/+74
| |\ \ | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
| | * | net/wireless/reg.c: fix bad WARN_ON in if statementIngo Molnar2008-11-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fix: net/wireless/reg.c:348:29: error: macro "if" passed 2 arguments, but takes just 1 triggered by the branch-tracer. Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * | ath5k: disable beacon filter when station is not associatedMartin Xu2008-11-252-1/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ath5k driver has too many interrupts per second at idle http://bugzilla.kernel.org/show_bug.cgi?id=11749 Signed-off-by: Martin Xu <martin.xu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * | ath5k: fix Security issue in DebugFS part of ath5kCheng Renquan2008-11-251-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | http://bugzilla.kernel.org/show_bug.cgi?id=12076 Remove any write access to groups and others, only keep write permission to its owner, usually only root user. Reported-by: Jérôme Poulin <jeromepoulin@gmail.com> Signed-off-by: Cheng Renquan <crquan@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-21 09:32:10 +0100