summaryrefslogtreecommitdiffstats
path: root/net (follow)
Commit message (Collapse)AuthorAgeFilesLines
* netfilter: ip6table_filter: merge LOCAL_IN and FORWARD hooksAlexey Dobriyan2008-11-201-14/+3
| | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: xt_recent: don't save proc dirsAlexey Dobriyan2008-11-201-11/+11
| | | | | | | Not needed, since creation and removal are done by name. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: nf_conntrack: fix warning and prototype mismatchPatrick McHardy2008-11-181-4/+4
| | | | | | | | net/netfilter/nf_conntrack_core.c:46:1: warning: symbol 'nfnetlink_parse_nat_setup_hook' was not declared. Should it be static? Including the proper header also revealed an incorrect prototype. Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: nfnetlink_log: fix warning and prototype mismatchPatrick McHardy2008-11-181-0/+1
| | | | | | | | net/netfilter/nfnetlink_log.c:537:1: warning: symbol 'nfulnl_log_packet' was not declared. Should it be static? Including the proper header also revealed an incorrect prototype. Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: ctnetlink: deliver events for conntracks changed from userspacePablo Neira Ayuso2008-11-184-29/+141
| | | | | | | | | | | | | | | | As for now, the creation and update of conntracks via ctnetlink do not propagate an event to userspace. This can result in inconsistent situations if several userspace processes modify the connection tracking table by means of ctnetlink at the same time. Specifically, using the conntrack command line tool and conntrackd at the same time can trigger unconsistencies. This patch also modifies the event cache infrastructure to pass the process PID and the ECHO flag to nfnetlink_send() to report back to userspace if the process that triggered the change needs so. Based on a suggestion from Patrick McHardy. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: ctnetlink: helper modules load-on-demand supportPablo Neira Ayuso2008-11-183-37/+93
| | | | | | | | | | | | | | | | | | This patch adds module loading for helpers via ctnetlink. * Creation path: We support explicit and implicit helper assignation. For the explicit case, we try to load the module. If the module is correctly loaded and the helper is present, we return EAGAIN to re-start the creation. Otherwise, we return EOPNOTSUPP. * Update path: release the spin lock, load the module and check. If it is present, then return EAGAIN to re-start the update. This patch provides a refactorized function to lookup-and-set the connection tracking helper. The function removes the exported symbol __nf_ct_helper_find as it has not clients anymore. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: nf_conntrack: connection tracking helper name persistent aliasesPablo Neira Ayuso2008-11-179-0/+9
| | | | | | | | | | | This patch adds the macro MODULE_ALIAS_NFCT_HELPER that defines a way to provide generic and persistent aliases for the connection tracking helpers. This next patch requires this patch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: ctnetlink: get rid of module refcounting in ctnetlinkPablo Neira Ayuso2008-11-171-20/+18
| | | | | | | | | | | This patch replaces the unnecessary module refcounting with the read-side locks. With this patch, all the dump and fill_info function are called under the RCU read lock. Based on a patch from Fabian Hugelshofer. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: ctnetlink: use EOPNOTSUPP instead of EINVAL if the conntrack has ↵Pablo Neira Ayuso2008-11-171-1/+1
| | | | | | | | | | | no helper This patch changes the return value if the conntrack has no helper assigned. Instead of EINVAL, which is reserved for malformed messages, it returns EOPNOTSUPP. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: ctnetlink: use nf_conntrack_get instead of atomic_incPablo Neira Ayuso2008-11-171-1/+1
| | | | | | | Use nf_conntrack_get instead of the direct call to atomic_inc. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: nf_nat: remove warn_if_extra_mangleSimon Arlott2008-11-041-23/+0
| | | | | | | | | | | | | | | | | | | | | | In net/ipv4/netfilter/nf_nat_rule.c, the function warn_if_extra_mangle was added in commit 5b1158e909ecbe1a052203e0d8df15633f829930 (2006-12-02). I have a DNAT target in the OUTPUT chain than changes connections with dst 2.0.0.1 to another address which I'll substitute with 66.102.9.99 below. On every boot I get the following message: [ 146.252505] NAT: no longer support implicit source local NAT [ 146.252517] NAT: packet src 66.102.9.99 -> dst 2.0.0.1 As far as I can tell from reading the function doing this, it should warn if the source IP for the route to 66.102.9.99 is different from 2.0.0.1 but that is not the case. It doesn't make sense to check the DNAT target against the local route source. Either the function should be changed to correctly check the route, or it should be removed entirely as it's been nearly 2 years since it was added. Signed-off-by: Simon Arlott <simon@fire.lp0.eu> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: netns ebtables: br_nf_pre_routing_finish() fixupAlexey Dobriyan2008-11-041-1/+1
| | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: netns ebtables: ebtable_nat in netnsAlexey Dobriyan2008-11-041-15/+32
| | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: netns ebtables: ebtable_filter in netnsAlexey Dobriyan2008-11-041-13/+37
| | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: netns ebtables: ebtable_broute in netnsAlexey Dobriyan2008-11-041-8/+27
| | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: netns ebtables: more cleanup during ebt_unregister_table()Alexey Dobriyan2008-11-041-0/+4
| | | | | | | | Now that ebt_unregister_table() can be called during netns stop, and module pinning scheme can't prevent netns stop, do table cleanup by hand. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: netns ebtables: part 2Alexey Dobriyan2008-11-044-33/+45
| | | | | | | | | | | | | * return ebt_table from ebt_register_table(), module code will save it into per-netns data for unregistration * duplicate ebt_table at the very beginning of registration -- it's added into list, so one ebt_table wouldn't end up in many lists (and each netns has different one) * introduce underscored tables in individial modules, this is temporary to not break bisection. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: netns ebtables: part 1Alexey Dobriyan2008-11-044-16/+17
| | | | | | | | | | | * propagate netns from userspace, register table in passed netns * remporarily register every ebt_table in init_net P. S.: one needs to add ".netns_ok = 1" to igmp_protocol to test with ebtables(8) in netns. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: arptable_filter: merge forward hookAlexey Dobriyan2008-11-041-11/+1
| | | | | | | It's identical to NF_ARP_IN hook. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: netns-aware ipt_addrtypeAlexey Dobriyan2008-11-041-7/+9
| | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: xt_NFLOG: don't call nf_log_packet in NFLOG module.Eric Leblond2008-11-042-3/+5
| | | | | | | | | | This patch modifies xt_NFLOG to suppress the call to nf_log_packet() function. The call of this wrapper in xt_NFLOG was causing NFLOG to use the first initialized module. Thus, if ipt_ULOG is loaded before nfnetlink_log all NFLOG rules are treated as plain LOG rules. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
* net/: Kill now superfluous ->last_rx stores.David S. Miller2008-11-047-9/+0
| | | | | | | | The generic packet receive code takes care of setting netdev->last_rx when necessary, for the sake of the bonding ARP monitor. Signed-off-by: David S. Miller <davem@davemloft.net>
* netem: eliminate unneeded return valuesStephen Hemminger2008-11-041-21/+9
| | | | | | | | All these individual parsing functions never return an error, so they can be void. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: remove two duplicated #includeJianjun Kong2008-11-042-2/+0
| | | | | | | | Removed duplicated #include <rdma/ib_verbs.h> in net/9p/trans_rdma.c and #include <linux/thread_info.h> in net/socket.c Signed-off-by: Jianjun Kong <jianjun@zeuux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: '&' reduxAlexey Dobriyan2008-11-0438-509/+509
| | | | | | | | | | | | | I want to compile out proc_* and sysctl_* handlers totally and stub them to NULL depending on config options, however usage of & will prevent this, since taking adress of NULL pointer will break compilation. So, drop & in front of every ->proc_handler and every ->strategy handler, it was never needed in fact. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: increase receive packet quantumStephen Hemminger2008-11-041-7/+4
| | | | | | | | | | | This patch gets about 1.25% back on tbench regression. My change to NAPI for multiqueue support changed the time limit on network receive processing. Under sustained loads like tbench, this can cause the receiver to reschedule prematurely. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* IPVS: Remove supports_ipv6 scheduler flagJulius Volz2008-11-0411-48/+6
| | | | | | | | Remove the 'supports_ipv6' scheduler flag since all schedulers now support IPv6. Signed-off-by: Julius Volz <julius.volz@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* IPVS: Add IPv6 support to LBLC/LBLCR schedulersJulius Volz2008-11-042-61/+92
| | | | | | | | | | | Add IPv6 support to LBLC and LBLCR schedulers. These were the last schedulers without IPv6 support, but we might want to keep the supports_ipv6 flag in the case of future schedulers without IPv6 support. Signed-off-by: Julius Volz <julius.volz@gmail.com> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* pkt_sched: sch_generic: Kfree gso_skb in qdisc_reset()Jarek Poplawski2008-11-031-0/+3
| | | | | | | | | | | Since gso_skb is re-used for qdisc_peek_dequeued(), and this skb is counted in the qdisc->q.qlen, it has to be kfreed during qdisc_reset() when qlen is zeroed. With help from David S. Miller <davem@davemloft.net> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: clean up net/ipv4/tcp_ipv4.cJianjun Kong2008-11-031-8/+8
| | | | | Signed-off-by: Jianjun Kong <jianjun@zeuux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: clean up net/ipv4/devinet.cJianjun Kong2008-11-031-5/+5
| | | | | Signed-off-by: Jianjun Kong <jianjun@zeuux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: clean up net/ipv4/pararp.cJianjun Kong2008-11-031-7/+7
| | | | | Signed-off-by: Jianjun Kong <jianjun@zeuux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: clean up net/ipv4/ip_fragment.c tcp_timer.c ip_input.cJianjun Kong2008-11-033-5/+5
| | | | | Signed-off-by: Jianjun Kong <jianjun@zeuux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: clean up net/ipv4/ipmr.cJianjun Kong2008-11-031-65/+65
| | | | | Signed-off-by: Jianjun Kong <jianjun@zeuux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: clean up net/ipv4/ip_sockglue.c tcp_output.cJianjun Kong2008-11-032-20/+20
| | | | | Signed-off-by: Jianjun Kong <jianjun@zeuux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: clean up net/ipv4/igmp.cJianjun Kong2008-11-031-23/+23
| | | | | Signed-off-by: Jianjun Kong <jianjun@zeuux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: clean up net/ipv4/fib_frontend.c fib_hash.c ip_gre.cJianjun Kong2008-11-033-18/+18
| | | | | Signed-off-by: Jianjun Kong <jianjun@zeuux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: clean up net/ipv4/ipip.c raw.c tcp.c tcp_minisocks.c tcp_yeah.c ↵Jianjun Kong2008-11-036-12/+12
| | | | | | | xfrm4_policy.c Signed-off-by: Jianjun Kong <jianjun@zeuux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: clean up net/ipv4/ah4.c esp4.c fib_semantics.c inet_connection_sock.c ↵Jianjun Kong2008-11-036-13/+13
| | | | | | | inetpeer.c ip_output.c Signed-off-by: Jianjun Kong <jianjun@zeuux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* sunrpc: Fix build warning due to typo in %pI4 format changes.David S. Miller2008-11-031-1/+1
| | | | | | Noticed by Stephen Hemminger. Signed-off-by: David S. Miller <davem@davemloft.net>
* IPVS: Add IPv6 support to SH and DH schedulersJulius Volz2008-11-032-18/+42
| | | | | | | | | | Add IPv6 support to SH and DH schedulers. I hope this simple IPv6 address hashing is good enough. The 128 bit are just XORed into 32 before hashing them like an IPv4 address. Signed-off-by: Julius Volz <julius.volz@gmail.com> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* sch_netem: Replace ->requeue() method with open codeJarek Poplawski2008-11-021-1/+5
| | | | | | | | | | | | After removing netem classful functionality we are sure its inner qdisc is tfifo, so we can replace qdisc->ops->requeue() method with open code. After this patch there are no more ops->requeue() users. The idea of this patch is by Patrick McHardy. Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sch_netem: Remove classful functionalityJarek Poplawski2008-11-021-87/+0
| | | | | | | | | | | | | | | | Patrick McHardy noticed that: "a lot of the functionality of netem requires the inner tfifo anyways and rate-limiting is usually done on top of netem. So I would suggest so either hard-wire the tfifo qdisc or at least make the assumption that inner qdiscs are work-conserving.", and later: "- a lot of other qdiscs still don't work as inner qdiscs of netem [...]". So, according to his suggestion, this patch removes classful options of netem. The main reason of this change is to remove ops->requeue() method, which is currently used only by netem. Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP] CUBIC v2.3Sangtae Ha2008-11-021-11/+109
| | | | | Signed-off-by: Sangtae Ha <sha2@ncsu.edu> Signed-off-by: David S. Miller <davem@davemloft.net>
* af_unix: clean up net/unix/af_unix.c garbage.c sysctl_net_unix.cJianjun Kong2008-11-023-44/+42
| | | | | | | clean up net/unix/af_unix.c garbage.c sysctl_net_unix.c Signed-off-by: Jianjun Kong <jianjun@zeuux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* udp: add a missing smp_wmb() in udp_lib_get_port()Eric Dumazet2008-11-021-0/+5
| | | | | | | | | | | | | | | | Corey Minyard spotted a missing memory barrier in udp_lib_get_port() We need to make sure a reader cannot read the new 'sk->sk_next' value and previous value of 'sk->sk_hash'. Or else, an item could be deleted from a chain, and inserted into another chain. If new chain was empty before the move, 'next' pointer is NULL, and lockless reader can not detect it missed following items in original chain. This patch is temporary, since we expect an upcoming patch to introduce another way of handling the problem. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm6: handling fragmentNicolas Dichtel2008-11-021-3/+6
| | | | | | | | | | | | | | | | | | | | | | RFC4301 Section 7.1 says: "7.1. Tunnel Mode SAs that Carry Initial and Non-Initial Fragments All implementations MUST support tunnel mode SAs that are configured to pass traffic without regard to port field (or ICMP type/code or Mobility Header type) values. If the SA will carry traffic for specified protocols, the selector set for the SA MUST specify the port fields (or ICMP type/code or Mobility Header type) as ANY. An SA defined in this fashion will carry all traffic including initial and non-initial fragments for the indicated Local/Remote addresses and specified Next Layer protocol(s)." But for IPv6, fragment is treated as a protocol. This change catches protocol transported in fragmented packet. In IPv4, there is no problem. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* mac80211: fix two kernel-doc warningsJohannes Berg2008-11-011-18/+20
| | | | | | | | One parameter wasn't described and one I forgot to update when renaming it; also update TBDs in sta_info. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* wireless regulatory: move ignore_requestJohannes Berg2008-11-011-63/+63
| | | | | | | This function is only used once, move it closer to its caller. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* wireless: clean up regulatory ignore_request functionJohannes Berg2008-11-011-40/+27
| | | | | | | | | | | | | | | | | | | | | This function has a few WARNs that may eventually trigger when an AP sends rogue beacons, those must be removed. Some of the comments in the function are also inappropriate as this function is concerned with the global hint, not a per- wiphy thing (which a multidomain flag on a wiphy would imply). I'm convinced that we don't need to do anything to implement multi-domain capability as 802.11-2007 specifies it because it makes only two things mandatory: * starting of BSS/IBSS must have country information (this can easily be done with a mac80211 patch) * a STA must adopt the country information (we already have the framework for this) But we don't have anything implemented anyway for now. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-15 03:40:32 +0100