summaryrefslogtreecommitdiffstats
path: root/net (follow)
Commit message (Collapse)AuthorAgeFilesLines
* xfrm: Add support for IPsec extended sequence numbersSteffen Klassert2011-03-142-1/+193
| | | | | | | | | | This patch adds support for IPsec extended sequence numbers (esn) as defined in RFC 4303. The bits to manage the anti-replay window are based on a patch from Alex Badea. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Support anti-replay window size bigger than 32 packetsSteffen Klassert2011-03-141-1/+206
| | | | | | | | | | | | | | | | | As it is, the anti-replay bitmap in struct xfrm_replay_state can only accomodate 32 packets. Even though it is possible to configure anti-replay window sizes up to 255 packets from userspace. So we reject any packet with a sequence number within the configured window but outside the bitmap. With this patch, we represent the anti-replay window as a bitmap of variable length that can be accessed via the new struct xfrm_replay_state_esn. Thus, we have no limit on the window size anymore. To use the new anti-replay window implementantion, new userspace tools are required. We leave the old implementation untouched to stay in sync with old userspace tools. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Move IPsec replay detection functions to a separate fileSteffen Klassert2011-03-146-124/+154
| | | | | | | | | | To support multiple versions of replay detection, we move the replay detection functions to a separate file and make them accessible via function pointers contained in the struct xfrm_replay. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* esp6: Add support for IPsec extended sequence numbersSteffen Klassert2011-03-141-19/+86
| | | | | | | | | | This patch adds IPsec extended sequence numbers support to esp6. We use the authencesn crypto algorithm to handle esp with separate encryption/authentication algorithms. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* esp4: Add support for IPsec extended sequence numbersSteffen Klassert2011-03-141-18/+82
| | | | | | | | | | This patch adds IPsec extended sequence numbers support to esp4. We use the authencesn crypto algorithm to handle esp with separate encryption/authentication algorithms. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Use separate low and high order bits of the sequence numbers in ↵Steffen Klassert2011-03-146-9/+9
| | | | | | | | | | | | | xfrm_skb_cb To support IPsec extended sequence numbers, we split the output sequence numbers of xfrm_skb_cb in low and high order 32 bits and we add the high order 32 bits to the input sequence numbers. All users are updated accordingly. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'tipc-Mar13-2011' of ↵David S. Miller2011-03-1421-387/+273
|\ | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/paulg/net-next-2.6
| * tipc: Eliminate obsolete routine for handling routed messagesAllan Stephens2011-03-133-16/+0
| | | | | | | | | | | | | | | | | | Eliminates a routine that is used in handling messages arriving from another cluster or zone. Such messages can no longer be received by TIPC now that multi-cluster and multi-zone network support has been eliminated. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Eliminate remaining support for routing table messagesAllan Stephens2011-03-133-46/+4
| | | | | | | | | | | | | | | | | | | | Gets rid of all remaining code relating to ROUTE_DISTRIBUTOR messages. These messages were only used in multi-cluster and multi-zone networks, which TIPC no longer supports. (For safety, TIPC now treats such messages the same way that it handles other unrecognized messages.) Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Remove bearer flag indicating existence of broadcast addressAllan Stephens2011-03-132-7/+2
| | | | | | | | | | | | | | | | | | Eliminates the flag in the TIPC bearer structure that indicates if the bearer supports broadcasting, since the flag is always set to 1 and serves no useful purpose. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Don't respond to neighbor discovery request on blocked bearerAllan Stephens2011-03-131-1/+1
| | | | | | | | | | | | | | | | | | Adds a check to prevent TIPC from trying to respond to an incoming LINK_CONFIG request message if the associated bearer is currently prohibited from sending messages. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Eliminate unnecessary constant for neighbor discovery msg sizeAllan Stephens2011-03-132-3/+2
| | | | | | | | | | | | | | | | | | | | | | Eliminates an unnecessary constant that defines the size of a LINK_CONFIG message, and uses one of the existing standard message size symbols in its place. (The defunct constant was located in the wrong place anyway, since it was grouped with other constants that define message users instead of message sizes.) Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Remove unused field in bearer structureAllan Stephens2011-03-132-3/+0
| | | | | | | | | | | | | | | | Eliminates a field in TIPC's bearer objects that is set, but never referenced. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Correct misnamed references to neighbor discovery domainAllan Stephens2011-03-133-9/+9
| | | | | | | | | | | | | | | | | | | | Renames items that are improperly labelled as "network scope" items (which are represented by simple integer values) rather than "network domain" items (which are represented by <Z.C.N>-type network addresses). This change is purely cosmetic, and does not affect the operation of TIPC. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Optimizations to link creation codeAllan Stephens2011-03-135-36/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enhances link creation code as follows: 1) Detects illegal attempts to add a requested link earlier in the link creation process. This prevents TIPC from wasting time initializing a link object it then throws away, and also eliminates the code needed to do the throwing away. 2) Passes in the node object associated with the requested link. This allows TIPC to eliminate a search to locate the node object, as well as code that attempted to create the node if it doesn't exist. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Give Tx of discovery responses priority over link messagesAllan Stephens2011-03-131-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | Delay releasing the node lock when processing a neighbor discovery message until after the optional discovery response message has been sent. This helps ensure that any link protocol messages sent by a link endpoint created as a result of a neighbor discovery request are received after the discovery response is received, thereby giving the receiving node a chance to create a peer link endpoint to consume those link protocol messages, if one does not already exist. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Cosmetic changes to neighbor discovery logicAllan Stephens2011-03-131-44/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reworks the appearance of the routine that processes incoming LINK_CONFIG messages to keep the main logic flow at a consistent level of indentation, and to add comments outlining the various phases involved in processing each message. This rework is being done to allow upcoming enhancements to this routine to be integrated more cleanly. The diff isn't really readable, so know that it was a case of the old code being like: tipc_disc_recv_msg(..) { if (in_own_cluster(orig)) { ... lines and lines of stuff ... } } which is now replaced with the more sane: tipc_disc_recv_msg(..) { if (!in_own_cluster(orig)) return; ... lines and lines of stuff ... } Instances of spin locking within the reindented block were replaced with the identical tipc_node_[un]lock() abstractions. Note that all these changes are cosmetic in nature, and do not change the way LINK_CONFIG messages are processed. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Fix redundant link field handling in link protocol messageAllan Stephens2011-03-131-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensures that the "redundant link exists" field of the LINK_PROTOCOL messages sent by a link endpoint is set if and only if the sending node has at least one other working link to the peer node. Previously, the bit was set only if there were at least 2 working links to the peer node, meaning the bit was incorrectly left unset in messages sent by a non-working link endpoint when exactly one alternate working link was available. The revised code now takes the state of the link sending the message into account when deciding if an alternate link exists. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: make msg_set_redundant_link() consistent with other set opsAllan Stephens2011-03-132-11/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | All the other boolean like msg_set_X(m) operations don't export both a msg_set_X(a) and a msg_clear_X(m), but instead just have the single msg_set_X(m, val) variant. Make the redundant_link one consistent by having the set take a value, and delete the msg_clear_redundant_link() anomoly. This is a cosmetic change and should not change behaviour. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: cosmetic - function names are not to be full sentencesPaul Gortmaker2011-03-134-9/+9
| | | | | | | | | | | | | | | | | | | | | | Function names like "tipc_node_has_redundant_links" are unweildy and result in long lines even for simple lines. The "has" doesn't contribute any value add, so dropping that is a slight step in the right direction. This is a cosmetic change, basic result of: for i in `grep -l tipc_node_has_ *` ; do sed -i s/tipc_node_has_/tipc_node_/ $i ; done Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Eliminate timestamp from link protocol messagesAllan Stephens2011-03-133-12/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | Removes support for the timestamp field of TIPC's link protocol messages. This field was previously used to hold an OS-dependent timestamp value that was used to assist in debugging early versions of TIPC. The field has now been deemed unnecessary and has been removed from the latest TIPC specification. This change has no impact on the operation of TIPC since the field was set by TIPC, but never referenced. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: manually inline net_start/stop, make assoc. vars staticAllan Stephens2011-03-133-23/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | Relocates network-related variables into the subsystem files where they are now primarily used (following the recent rework of TIPC's node table), and converts globals into locals where possible. Changes the initialization of tipc_num_links from run-time to compile-time, and eliminates the net_start routine that becomes empty as a result. Also eliminates the corresponding net_stop routine by moving its (trivial) content into the one location that called the routine. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Convert node object array to a hash tableAllan Stephens2011-03-135-55/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replaces the dynamically allocated array of pointers to the cluster's node objects with a static hash table. Hash collisions are resolved using chaining, with a typical hash chain having only a single node, to avoid degrading performance during processing of incoming packets. The conversion to a hash table reduces the memory requirements for TIPC's node table to approximately the same size it had prior to the previous commit. In addition to the hash table itself, TIPC now also maintains a linked list for the node objects, sorted by ascending network address. This list allows TIPC to continue sending responses to user space applications that request node and link information in sorted order. The list also improves performance when name table update messages are sent by making it easier to identify the nodes that must be notified. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Eliminate configuration for maximum number of cluster nodesAllan Stephens2011-03-136-55/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Gets rid of the need for users to specify the maximum number of cluster nodes supported by TIPC. TIPC now automatically provides support for all 4K nodes allowed by its addressing scheme. Note: This change sets TIPC's memory usage to the amount used by a maximum size node table with 4K entries. An upcoming patch that converts the node table from a linear array to a hash table will compact the node table to a more efficient design, but for clarity it is nice to have all the Kconfig infrastruture go away separately. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Split up unified structure of network-related variablesAllan Stephens2011-03-135-42/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Converts the fields of the global "tipc_net" structure into individual variables. Since the struct was never referenced as a complete unit, its existence was pointless. This will facilitate upcoming changes to TIPC's node table and simpify upcoming relocation of the variables so they are only visible to the files that actually use them. This change is essentially cosmetic in nature, and doesn't affect the operation of TIPC. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Fix problem with missing link in "tipc-config -l" outputAllan Stephens2011-03-133-6/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removes a race condition that could cause TIPC's internal counter of the number of links it has to neighboring nodes to have the incorrect value if two independent threads of control simultaneously create new link endpoints connecting to two different nodes using two different bearers. Such under counting would result in TIPC failing to list the final link(s) in its response to a configuration request to list all of the node's links. The counter is now updated atomically to ensure that simultaneous increments do not interfere with each other. Thanks go to Peter Butler <pbutler@pt.com> for his assistance in diagnosing and fixing this problem. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Add support for SO_RCVTIMEO socket optionAllan Stephens2011-03-131-15/+17
| | | | | | | | | | | | | | | | | | | | | | Adds support for the SO_RCVTIMEO socket option to TIPC's socket receive routines. Thanks go out to Raj Hegde <rajenhegde@yahoo.ca> for his contribution to the development and testing this enhancement. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Cosmetic changes to node subscription codeAllan Stephens2011-03-134-13/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Relocates the code that notifies users of node subscriptions so that it is adjacent to the rest of the routines that implement TIPC's node subscription capability. Renames the name table routine that is invoked by a node subscription to better reflect its purpose and to be consistent with other, similar name table routines. These changes are cosmetic in nature, and do not alter the behavior of TIPC. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Prevent null pointer error when removing a node subscriptionAllan Stephens2011-03-132-8/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevents a null pointer dereference from occurring if a node subscription is triggered at the same time that the subscribing port or publication is terminating the subscription. The problem arises if the triggering routine asynchronously activates and deregisters the node subscription while deregistration is already underway -- the deregistration routine may find that the pointer it has just verified to be non-NULL is now NULL. To avoid this race condition the triggering routine now simply marks the node subscription as defunct (to prevent it from re-activating) instead of deregistering it. The subscription is now both deregistered and destroyed only when the subscribing port or publication code terminates the node subscription. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Add network address mask helper routinesAllan Stephens2011-03-133-7/+16
| | | | | | | | | | | | | | | | | | | | | | | | Introduces a pair of helper routines that convert the network address for a TIPC node into the network address for its cluster or zone. This is a cosmetic change designed to avoid future errors caused by the incorrect use of address bitmasks, and does not alter the existing operation of TIPC. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Correct broadcast link peer info when displaying linksAllan Stephens2011-03-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | Fixes a typo in the calculation of the network address of a node's own cluster when generating a response to the configuration command that lists all of the node's links. The correct mask value for a <Z.C.N> network address uses 1's for the 8-bit zone and 12-bit cluster parts and 0's for the 12-bit node part. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| * tipc: Allow receiving into iovec containing multiple entriesAllan Stephens2011-03-131-23/+15
| | | | | | | | | | | | | | | | | | | | | | | | Enhances TIPC's socket receive routines to support iovec structures containing more than a single entry. This change leverages existing sk_buff routines to do most of the work; the only significant change to TIPC itself is that an sk_buff now records how much data has been already consumed as an numeric offset, rather than as a pointer to the first unread data byte. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
* | ipv4: Fix PMTU update.Hiroaki SHIMODA2011-03-142-5/+18
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | On current net-next-2.6, when Linux receives ICMP Type: 3, Code: 4 (Destination unreachable (Fragmentation needed)), icmp_unreach -> ip_rt_frag_needed (peer->pmtu_expires is set here) -> tcp_v4_err -> do_pmtu_discovery -> ip_rt_update_pmtu (peer->pmtu_expires is already set, so check_peer_pmtu is skipped.) -> check_peer_pmtu check_peer_pmtu is skipped and MTU is not updated. To fix this, let check_peer_pmtu execute unconditionally. And some minor fixes 1) Avoid potential peer->pmtu_expires set to be zero. 2) In check_peer_pmtu, argument of time_before is reversed. 3) check_peer_pmtu expects peer->pmtu_orig is initialized as zero, but not initialized. Signed-off-by: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* decnet: Convert to use flowidn where applicable.David S. Miller2011-03-136-170/+177
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Put fl6_* macros to struct flowi6 and use them again.David S. Miller2011-03-1312-51/+51
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: Convert to use flowi6 where applicable.David S. Miller2011-03-1328-600/+602
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Put fl4_* macros to struct flowi4 and use them again.David S. Miller2011-03-1310-32/+32
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv4: Kill fib_semantic_match declaration from fib_lookup.hDavid S. Miller2011-03-131-3/+0
| | | | | | This function no longer exists. Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Use flowi4 and flowi6 in xfrm layer.David S. Miller2011-03-135-64/+77
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: Use flowi4 and flowi6 in xt_TCPMSSDavid S. Miller2011-03-131-5/+10
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: Use flowi4 and flowi6 in nf_conntrack_h323_mainDavid S. Miller2011-03-131-12/+20
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv4: Use flowi4 in UDPDavid S. Miller2011-03-131-6/+8
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: Use flowi4 in nf_nat_standalone.cDavid S. Miller2011-03-131-4/+5
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv4: Use flowi4 in ipmr code.David S. Miller2011-03-131-16/+17
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv4: Use flowi4 in FIB layer.David S. Miller2011-03-133-30/+31
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv4: Use flowi4 in public route lookup interfaces.David S. Miller2011-03-1313-165/+172
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv4: Use struct flowi4 internally in routing lookups.David S. Miller2011-03-131-115/+115
| | | | | | We will change the externally visible APIs next. Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv4: Pass ipv4 flow objects into fib_lookup() paths.David S. Miller2011-03-135-17/+17
| | | | | | | | To start doing these conversions, we need to add some temporary flow4_* macros which will eventually go away when all the protocol code paths are changed to work on AF specific flowi objects. Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Break struct flowi out into AF specific instances.David S. Miller2011-03-134-10/+10
| | | | | | | | | | | Now we have struct flowi4, flowi6, and flowidn for each address family. And struct flowi is just a union of them all. It might have been troublesome to convert flow_cache_uli_match() but as it turns out this function is completely unused and therefore can be simply removed. Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Make flowi ports AF dependent.David S. Miller2011-03-1325-93/+93
| | | | | | | | | | | | Create two sets of port member accessors, one set prefixed by fl4_* and the other prefixed by fl6_* This will let us to create AF optimal flow instances. It will work because every context in which we access the ports, we have to be fully aware of which AF the flowi is anyways. Signed-off-by: David S. Miller <davem@davemloft.net>