aboutsummaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2008-01-28[NETNS]: Namespace stop vs 'ip r l' race.Denis V. Lunev
During network namespace stop process kernel side netlink sockets belonging to a namespace should be closed. They should not prevent namespace to stop, so they do not increment namespace usage counter. Though this counter will be put during last sock_put. The raplacement of the correct netns for init_ns solves the problem only partial as socket to be stoped until proper stop is a valid netlink kernel socket and can be looked up by the user processes. This is not a problem until it resides in initial namespace (no processes inside this net), but this is not true for init_net. So, hold the referrence for a socket, remove it from lookup tables and only after that change namespace and perform a last put. Signed-off-by: Denis V. Lunev <den@openvz.org> Tested-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETNS]: Consolidate kernel netlink socket destruction.Denis V. Lunev
Create a specific helper for netlink kernel socket disposal. This just let the code look better and provides a ground for proper disposal inside a namespace. Signed-off-by: Denis V. Lunev <den@openvz.org> Tested-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETNS]: Memory leak on network namespace stop.Denis V. Lunev
Network namespace allocates 2 kernel netlink sockets, fibnl & rtnl. These sockets should be disposed properly, i.e. by sock_release. Plain sock_put is not enough. Signed-off-by: Denis V. Lunev <den@openvz.org> Tested-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETNS]: Double free in netlink_release.Denis V. Lunev
Netlink protocol table is global for all namespaces. Some netlink protocols have been virtualized, i.e. they have per/namespace netlink socket. This difference can easily lead to double free if more than 1 namespace is started. Count the number of kernel netlink sockets to track that this table is not used any more. Signed-off-by: Denis V. Lunev <den@openvz.org> Tested-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[IPV6]: Fix ip6_frag ctlDaniel Lezcano
Alexey Dobriyan reported an oops when unsharing the network indefinitely inside a loop. This is because the ip6_frag is not per namespace while the ctls are. That happens at the fragment timer expiration: inet_frag_secret_rebuild function is called and this one restarts the timer using the value stored inside the sysctl field. "mod_timer(&f->secret_timer, now + f->ctl->secret_interval);" When the network is unshared, ip6_frag.ctl is initialized with the new sysctl instances, but ip6_frag has only one instance. A race in this case will appear because f->ctl can be modified during the read access in the timer callback. Until the ip6_frag is not per namespace, I discard the assignation to the ctl field of ip6_frags in ip6_frag_sysctl_init when the network namespace is not the init net. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28wireless: fix '!x & y' typo'sRoel Kluin
Fix priority mistakes similar to '!x & y' Signed-off-by: Roel Kluin <12o3l@tiscali.nl> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-01-28[BRIDGE]: Remove unused include of a header file in ebtables.cRami Rosen
In net/bridge/netfilter/ebtables.c, - remove unused include of a header file (linux/tty.h) and remove the corresponding comment above it. Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[SCTP]: Fix build warning in sctp_sf_do_5_1C_ack().David S. Miller
Reported by Andrew Morton. net/sctp/sm_statefuns.c: In function 'sctp_sf_do_5_1C_ack': net/sctp/sm_statefuns.c:484: warning: 'error' may be used uninitialized in this function Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETNS][DST] dst: pass the dst_ops as parameter to the gc functionsDaniel Lezcano
The garbage collection function receive the dst_ops structure as parameter. This is useful for the next incoming patchset because it will need the dst_ops (there will be several instances) and the network namespace pointer (contained in the dst_ops). The protocols which do not take care of the namespaces will not be impacted by this change (expect for the function signature), they do just ignore the parameter. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[IPV4] FIB_HASH: Reduce memory needs and speedup lookupsEric Dumazet
Currently, sizeof(struct fib_alias) is 24 or 48 bytes on 32/64 bits arches. Because of SLAB_HWCACHE_ALIGN requirement, these are rounded to 32 and 64 bytes respectively. This patch moves rcu to the end of fib_alias, and conditionally defines it only for CONFIG_IP_FIB_TRIE. We also remove SLAB_HWCACHE_ALIGN requirement for fib_alias and fib_node objects because it is not necessary. (BTW SLUB currently denies it for objects smaller than cache_line_size() / 2, but not SLAB) Finally, sizeof(fib_alias) go back to 16 and 32 bytes. Then, we can embed one fib_alias on each fib_node, to favor locality. Most of the time access to the fib_alias will be free because one cache line contains both the list head (fn_alias) and (one of) the list element. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[FIB]: Fix rcu_dereference() abuses in fib_trie.cEric Dumazet
node_parent() and tnode_get_child() currently use rcu_dereference(). These functions are called from both - readers only paths (where rcu_dereference() is needed), and - writer path (where rcu_dereference() is not needed) To make explicit where rcu_dereference() is really needed, I introduced new node_parent_rcu() and tnode_get_child_rcu() functions which use rcu_dereference(), while node_parent() and tnode_get_child() dont use it. Then I changed calling sites where rcu_dereference() was really needed to call the _rcu() variants. This should have no impact but for alpha architecture, and may help future sparse checks. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[ROSE]: Supress sparse warningsEric Dumazet
CHECK net/rose/af_rose.c net/rose/af_rose.c:125:11: warning: expensive signed divide net/rose/af_rose.c:976:46: warning: expensive signed divide net/rose/af_rose.c:1379:13: warning: context imbalance in 'rose_info_start' - wrong count at exit net/rose/af_rose.c:1406:13: warning: context imbalance in 'rose_info_stop' - unexpected unlock CHECK net/rose/rose_in.c net/rose/rose_in.c:185:25: warning: expensive signed divide CHECK net/rose/rose_route.c net/rose/rose_route.c:997:46: warning: expensive signed divide net/rose/rose_route.c:1070:13: warning: context imbalance in 'rose_node_start' - wrong count at exit net/rose/rose_route.c:1093:13: warning: context imbalance in 'rose_node_stop' - unexpected unlock net/rose/rose_route.c:1146:13: warning: context imbalance in 'rose_neigh_start' - wrong count at exit net/rose/rose_route.c:1169:13: warning: context imbalance in 'rose_neigh_stop' - unexpected unlock net/rose/rose_route.c:1229:13: warning: context imbalance in 'rose_route_start' - wrong count at exit net/rose/rose_route.c:1252:13: warning: context imbalance in 'rose_route_stop' - unexpected unlock Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[ATM]: Suppress some sparse warningsEric Dumazet
CHECK net/atm/br2684.c net/atm/br2684.c:665:13: warning: context imbalance in 'br2684_seq_start' - wrong count at exit net/atm/br2684.c:676:13: warning: context imbalance in 'br2684_seq_stop' - unexpected unlock CHECK net/atm/lec.c net/atm/lec.c:196:23: warning: expensive signed divide CHECK net/atm/proc.c net/atm/proc.c:151:14: warning: context imbalance in 'vcc_seq_start' - wrong count at exit net/atm/proc.c:154:13: warning: context imbalance in 'vcc_seq_stop' - unexpected unlock Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[APPLETALK]: Annotations to clear sparse warningsEric Dumazet
CHECK net/appletalk/aarp.c net/appletalk/aarp.c:951:14: warning: context imbalance in 'aarp_seq_start' - wrong count at exit net/appletalk/aarp.c:977:13: warning: context imbalance in 'aarp_seq_stop' - unexpected unlock CHECK net/appletalk/atalk_proc.c net/appletalk/atalk_proc.c:34:11: warning: context imbalance in 'atalk_seq_interface_start' - wrong count at exit net/appletalk/atalk_proc.c:54:13: warning: context imbalance in 'atalk_seq_interface_stop' - unexpected unlock net/appletalk/atalk_proc.c:93:11: warning: context imbalance in 'atalk_seq_route_start' - wrong count at exit net/appletalk/atalk_proc.c:113:13: warning: context imbalance in 'atalk_seq_route_stop' - unexpected unlock net/appletalk/atalk_proc.c:161:11: warning: context imbalance in 'atalk_seq_socket_start' - wrong count at exit net/appletalk/atalk_proc.c:178:13: warning: context imbalance in 'atalk_seq_socket_stop' - unexpected unlock Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack: make print_conntrack function optional for l4protosPatrick McHardy
Allows to remove five empty implementations. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack: remove print_conntrack function from l3protosPatrick McHardy
Its unused and unlikely to ever be used. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack: clean up a few header filesPatrick McHardy
- Remove declarations of non-existing variables and functions - Move helper init/cleanup function declarations to nf_conntrack_helper.h - Remove unneeded __nf_conntrack_attach declaration and make it static Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: kill nf_sysctl.cPatrick McHardy
Since there now is generic support for shared sysctl paths, the only remains are the net/netfilter and net/ipv4/netfilter paths. Move them to net/netfilter/core.c and net/ipv4/netfilter.c and kill nf_sysctl.c. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack_sctp: remove timeout indirectionPatrick McHardy
Instead of keeping pointers to the timeout values in a table, simply put the timeout values in the table directly. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack_sctp: replace magic value by symbolic constantPatrick McHardy
Use SCTP_CHUNK_FLAG_T instead of 0x1. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack_sctp: don't take sctp_lock once per chunkPatrick McHardy
Don't take and release the lock once per SCTP chunk, simply hold it the entire time while iterating through the chunks. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack_sctp: rename "newconntrack" variablePatrick McHardy
The name is misleading, it holds the new connection state, so rename it to "newstate". Also rename "oldsctpstate" to "oldstate" for consistency. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack_sctp: consolidate sctp_packet() error pathsPatrick McHardy
Consolidate error paths and use proper symbolic return value instead of magic values. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack_sctp: reduce line length furtherPatrick McHardy
Eliminate a few lines over 80 characters by using a local variable to hold the conntrack direction instead of using CTINFO2DIR everywhere. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack_sctp: reduce line lengthPatrick McHardy
Reduce the length of some overly long lines by renaming all "conntrack" variables to "ct". Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack_sctp: use proper types for bitopsPatrick McHardy
Use unsigned long instead of char for the bitmap and removed lots of casts. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack_sctp: basic cleanupsPatrick McHardy
Reindent switch cases properly, get rid of weird constructs like "!(x == y)", put logical operations on the end of the line instead of the next line, get rid of superfluous braces. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack_tcp: remove timeout indirectionPatrick McHardy
Instead of keeping pointers to the timeout values in a table, simply put the timeout values in the table directly. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack_{tcp,sctp}: shrink state tablePatrick McHardy
The TCP and SCTP conntrack state transition tables only holds small numbers, but gcc uses 4 byte per entry for the enum. Switching to an u8 reduces the size from 480 to 120 bytes for TCP and from 576 to 144 bytes for SCTP. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: nf_conntrack_{tcp,sctp}: mark state table constPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: ipt_REJECT: properly handle IP optionsDenys Vlasenko
The current TCP RST construction reuses the old packet and can't deal with IP options as a consequence of that. Construct the RST from scratch instead. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: {ip,ip6}_tables: remove some inlinesDenys Vlasenko
This patch removes inlines except those which are used by packet matching code and thus are performance-critical. Before: $ size */*/*/ip*tables*.o text data bss dec hex filename 6402 500 16 6918 1b06 net/ipv4/netfilter/ip_tables.o 7130 500 16 7646 1dde net/ipv6/netfilter/ip6_tables.o After: $ size */*/*/ip*tables*.o text data bss dec hex filename 6307 500 16 6823 1aa7 net/ipv4/netfilter/ip_tables.o 7010 500 16 7526 1d66 net/ipv6/netfilter/ip6_tables.o Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: xt_iprange match, revision 1Jan Engelhardt
Adds IPv6 support to xt_iprange, making it possible to match on IPv6 address ranges with ip6tables. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: Rename ipt_iprange to xt_iprangeJan Engelhardt
This patch moves ipt_iprange to xt_iprange, in preparation for adding IPv6 support to xt_iprange. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: Update modules' descriptionsJan Engelhardt
Updates the MODULE_DESCRIPTION() tags for all Netfilter modules, actually describing what the module does and not just "netfilter XYZ target". Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: xt_policy: use the new union nf_inet_addrJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: xt_pkttype: IPv6 multicast address recognitionJan Engelhardt
Signed-off-by: Jan Engelhart <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: xt_pkttype: Add explicit check for IPv4Jan Engelhardt
In the PACKET_LOOPBACK case, the skb data was always interpreted as IPv4, but that is not valid for IPv6, obviously. Fix this by adding an extra condition to check for AF_INET. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: xt_mark match, revision 1Jan Engelhardt
Introduces the xt_mark match revision 1. It uses fixed types, eventually obsoleting revision 0 some day (uses nonfixed types). Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: xt_conntrack match, revision 1Jan Engelhardt
Introduces the xt_conntrack match revision 1. It uses fixed types, the new nf_inet_addr and comes with IPv6 support, thereby completely superseding xt_state. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: xt_connmark match, revision 1Jan Engelhardt
Introduces the xt_connmark match revision 1. It uses fixed types, eventually obsoleting revision 0 some day (uses nonfixed types). (Unfixed types like "unsigned long" do not play well with mixed user-/kernelspace "bitness", e.g. 32/64, as is common on SPARC64, and need extra compat code.) Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: xt_MARK target, revision 2Jan Engelhardt
Introduces the xt_MARK target revision 2. It uses fixed types, and also uses the more expressive XOR logic. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: xt_CONNMARK target, revision 1Jan Engelhardt
Introduces the xt_CONNMARK target revision 1. It uses fixed types, and also uses the more expressive XOR logic. Futhermore, it allows to selectively pick bits from both the ctmark and the nfmark in the SAVE and RESTORE operations. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: xt_TOS: Properly set the TOS fieldJan Engelhardt
Fix incorrect mask value passed to ipv4_change_dsfield/ipv6_change_dsfield. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: xt_TOS: Change semantic of mask valueJan Engelhardt
This patch changes the behavior of xt_TOS v1 so that the mask value the user supplies means "zero out these bits" rather than "keep these bits". This is more easy on the user, as (I would assume) people keep more bits than zeroing, so, an example: Action: Set bit 0x01. before (&): iptables -j TOS --set-tos 0x01/0xFE after (&~): iptables -j TOS --set-tos 0x01/0x01 This is not too "tragic" with xt_TOS, but where larger fields are used (e.g. proposed xt_MARK v2), `--set-xmar 0x01/0x01` vs. `--set-xmark 0x01/0xFFFFFFFE` really makes a difference. Other target(!) modules, such as xt_TPROXY also use &~ rather than &, so let's get to a common ground. (Since xt_TOS has not yet left the development tree en direction to mainline, the semantic can be changed as proposed without breaking iptables.) Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: remove ipt_TOS.cJan Engelhardt
Commit 88c85d81f74f92371745158aebc5cbf490412002 forgot to remove the old ipt_TOS file (whose code has been merged into xt_DSCP). Remove it now. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: Remove some EXPERIMENTAL dependenciesPatrick McHardy
Most of the netfilter modules are not considered experimental anymore, the only ones I want to keep marked as EXPERIMENTAL are: - TCPOPTSTRIP target, which is brand new. - SANE helper, which is quite new. - CLUSTERIP target, which I believe hasn't had much testing despite being in the kernel for quite a long time. - SCTP match and conntrack protocol, which are a mess and need to be reviewed and cleaned up before I would trust them. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETFILTER]: Hide a few more options under NETFILTER_ADVANCEDPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[IPV4]: fib hash|trie initializationStephen Hemminger
Initialization of the slab cache's should be done when IP is initialized to make sure of available memory, and that code can be marked __init. Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[IPV4] fib_trie: size and statisticsStephen Hemminger
Show number of entries in trie, the size field was being set but never used, but it only counted leaves, not all entries. Refactor the two cases in fib_triestat_seq_show into a single routine. Note: the stat structure was being malloc'd but the stack usage isn't so high (288 bytes) that it is worth the additional complexity. Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>