aboutsummaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2007-10-10[NEIGH]: Netlink notificationsThomas Graf
Currently neighbour event notifications are limited to update notifications and only sent if the ARP daemon is enabled. This patch extends the existing notification code by also reporting neighbours being removed due to gc or administratively and removes the dependency on the ARP daemon. This allows to keep track of neighbour states without periodically fetching the complete neighbour table. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10[NEIGH]: Combine neighbour cleanup and releaseThomas Graf
Introduces neigh_cleanup_and_release() to be used after a neighbour has been removed from its neighbour table. Serves as preparation to add event notifications. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10[NET]: Generic Large Receive Offload for TCP trafficJan-Bernd Themann
This patch provides generic Large Receive Offload (LRO) functionality for IPv4/TCP traffic. LRO combines received tcp packets to a single larger tcp packet and passes them then to the network stack in order to increase performance (throughput). The interface supports two modes: Drivers can either pass SKBs or fragment lists to the LRO engine. Signed-off-by: Jan-Bernd Themann <themann@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10[RTNETLINK]: Introduce generic rtnl_create_link().Pavel Emelianov
This routine gets the parsed rtnl attributes and creates a new link with generic info (IFLA_LINKINFO policy). Its intention is to help the drivers, that need to create several links at once (like VETH). This is nothing but a copy-paste-ed part of rtnl_newlink() function that is responsible for creation of new device. Signed-off-by: Pavel Emelianov <xemul@openvz.org> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10[NET]: Make NAPI polling independent of struct net_device objects.Stephen Hemminger
Several devices have multiple independant RX queues per net device, and some have a single interrupt doorbell for several queues. In either case, it's easier to support layouts like that if the structure representing the poll is independant from the net device itself. The signature of the ->poll() call back goes from: int foo_poll(struct net_device *dev, int *budget) to int foo_poll(struct napi_struct *napi, int budget) The caller is returned the number of RX packets processed (or the number of "NAPI credits" consumed if you want to get abstract). The callee no longer messes around bumping dev->quota, *budget, etc. because that is all handled in the caller upon return. The napi_struct is to be embedded in the device driver private data structures. Furthermore, it is the driver's responsibility to disable all NAPI instances in it's ->stop() device close handler. Since the napi_struct is privatized into the driver's private data structures, only the driver knows how to get at all of the napi_struct instances it may have per-device. With lots of help and suggestions from Rusty Russell, Roland Dreier, Michael Chan, Jeff Garzik, and Jamal Hadi Salim. Bug fixes from Thomas Graf, Roland Dreier, Peter Zijlstra, Joseph Fannin, Scott Wood, Hans J. Koch, and Michael Chan. [ Ported to current tree and all drivers converted. Integrated Stephen's follow-on kerneldoc additions, and restored poll_list handling to the old style to fix mutual exclusion issues. -DaveM ] Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10[WIRELESS] radiotap parser: accept all other fieldsJohannes Berg
This makes the radiotap parser accept all other fields that are currently defined. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: Add SIOCGIWTXPOWER routineLarry Finger
The wireless extensions ioctl's implemented in mac80211 do not include SIOCGIWTXPOWER. This patch adds the necessary code. Acked-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[WIRELESS]: Use type safe netlink interfaceThomas Graf
Makes use of the type safe netlink interface and adds a warning if the message is too big for NLMSG_DEFAULT_SIZE to help debug. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: fix add_interface monitor mode behaviourJohannes Berg
This makes it behave the same whether we have monitor during operation or not. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: Improve sanity checks on injected packetsAndy Green
Michael Wu noticed that the skb length checking is not taken care of enough when a packet is presented on the Monitor interface for injection. This patch improves the sanity checking and removes fake offsets placed into the skb network and transport header. Signed-off-by: Andy Green <andy@warmcat.com> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: use more GFP_KERNEL instead of GFP_ATOMICMichael Wu
This patch replaces atomic allocations with regular ones where possible. Merged with "revert some GFP_ATOMIC -> GFP_KERNEL changes" from Michael Wu: > Some of the allocations made with GFP_ATOMIC really were necessary. Signed-off-by: Michael Wu <flamingice@sourmilk.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: implement ERP info change notificationsDaniel Drake
zd1211rw and bcm43xx are interested in being notified when ERP IE conditions change, so that they can reprogram a register which affects how control frames are transmitted. This patch adds an interface similar to the one that can be found in softmac. Signed-off-by: Daniel Drake <dsd@gentoo.org> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: improved short preamble handlingDaniel Drake
Similarly to CTS protection, whether short preambles are used for 802.11b transmissions should be a per-subif setting, not device global. For STAs, this patch makes short preamble handling automatic based on the ERP IE. For APs, hostapd still uses the prism ioctls, but the write ioctl has been restricted to AP-only subifs. ieee80211_txrx_data.short_preamble (an unused field) was removed. Unfortunately, some API changes were required for the following functions: - ieee80211_generic_frame_duration - ieee80211_rts_duration - ieee80211_ctstoself_duration - ieee80211_rts_get - ieee80211_ctstoself_get Affected drivers were updated accordingly. Signed-off-by: Daniel Drake <dsd@gentoo.org> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: Add LONG_RETRY flag to ieee80211_tx_controlIvo van Doorn
mac80211 informs the driver what the short and long retry values are through set_retry_limit(), but when packets are being transmitted it did not inform the driver which of the 2 retry limits should actually be used. Instead it sends the actual value, but for drivers that can only set the retry limit and the register and in the descriptor need to indicate which of the limits should be used this is not really useful. This patch will add a IEEE80211_TXCTL_LONG_RETRY_LIMIT flag to the ieee80211_tx_control structure. By default the short retry limit should be used but if the flag is set the long retry should be used. This does not prevent the driver to ignore the request for "no retry" packets, but at least those will be send out with the short retry limit. But there is no perfect cure for this problem.. :( Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: STA reassociation improvementsDaniel Drake
My cheapy D-Link AP behaves strangely w.r.t reassociations. The following sequence of commands causes me to lose association and to be unable to regain it: ifconfig eth8 down ifconfig eth8 up iwconfig eth8 essid <x> This is because mac80211 tries to reassociate, rather than just associate. My AP replies with an association response (not a reassociation response...) denying the association with code 12: "Association denied due to reason outside the scope of this standard" mac80211 tries this reassociation another 4 times or so before finally giving up. I see 2 problems here: 1. bringing the interface down and up again should be resetting interface state i.e. after the interface is brought down, it should have no memory of if or where it was previously associated 2. after the first reassociation fails, mac80211 should fall back to standard association for the next attempt Signed-off-by: Daniel Drake <dsd@gentoo.org> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: improve locking of sta_info related structuresMichael Wu
The sta_info code has some awkward locking which prevents some driver callbacks from being allowed to sleep. This patch makes the locking more focused so code that calls driver callbacks are allowed to sleep. It also converts sta_lock to a rwlock. Signed-off-by: Michael Wu <flamingice@sourmilk.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: introduce util.cJohannes Berg
Introduce a new file util.c and move a whole bunch of functions into it. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: reorder interface related functionsJohannes Berg
This patch groups a whole bunch of functions together to make ieee80211.c more maintainable. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: move some rate control functions out of ieee80211.cJohannes Berg
I think these can go with rate control just as well and it makes ieee80211.c more readable. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: split out some key functions from ieee80211.cJohannes Berg
into a new file key.c which doesn't have much code right now but it makes ieee80211.c easier to read. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: remove some unnecessary includesJohannes Berg
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: split TX path into own fileJohannes Berg
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: rx cleanups (2)Johannes Berg
Some more outdenting to make the code more readable. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: fix bug for per-sta statsJohannes Berg
pre_rx handlers can't really touch sta since for IBSS it might not be assigned yet, it can create sta info structs on-the-fly. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: split up __ieee80211_rxJohannes Berg
The really indented part that does the huge switch on the interface type is a nuisance. Put it into an own function 'prepare_for_handlers'. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: split ieee80211_rx_h_check handlerJohannes Berg
The ieee80211_rx_h_check handler really does two things, it's a lot easier to understand if it's split into ieee80211_rx_h_check and ieee80211_rx_h_load_key, and it may be possible in the future to optimise the key loading to not do it for each interface. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: rx cleanups (1)Johannes Berg
Make some really indented code more readable by outdenting. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: move QoS rx handlers into rx.cJohannes Berg
This patch moves the QoS handlers into rx.c making it possible to compile wme.c only when NET_SCHED is defined. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[MAC80211]: split RX handlers into own fileJohannes Berg
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-08[IPv6]: Fix ICMPv6 redirect handling with target multicast addressBrian Haley
When the ICMPv6 Target address is multicast, Linux processes the redirect instead of dropping it. The problem is in this code in ndisc_redirect_rcv(): if (ipv6_addr_equal(dest, target)) { on_link = 1; } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { ND_PRINTK2(KERN_WARNING "ICMPv6 Redirect: target address is not link-local.\n"); return; } This second check will succeed if the Target address is, for example, FF02::1 because it has link-local scope. Instead, it should be checking if it's a unicast link-local address, as stated in RFC 2461/4861 Section 8.1: - The ICMP Target Address is either a link-local address (when redirected to a router) or the same as the ICMP Destination Address (when redirected to the on-link destination). I know this doesn't explicitly say unicast link-local address, but it's implied. This bug is preventing Linux kernels from achieving IPv6 Logo Phase II certification because of a recent error that was found in the TAHI test suite - Neighbor Disovery suite test 206 (v6LC.2.3.6_G) had the multicast address in the Destination field instead of Target field, so we were passing the test. This won't be the case anymore. The patch below fixes this problem, and also fixes ndisc_send_redirect() to not send an invalid redirect with a multicast address in the Target field. I re-ran the TAHI Neighbor Discovery section to make sure Linux passes all 245 tests now. Signed-off-by: Brian Haley <brian.haley@hp.com> Acked-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-07[PKT_SCHED] cls_u32: error code isn't been propogated properlyStephen Hemminger
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-07[ROSE]: Fix rose.ko oops on unloadAlexey Dobriyan
Commit a3d384029aa304f8f3f5355d35f0ae274454f7cd aka "[AX.25]: Fix unchecked rose_add_loopback_neigh uses" transformed rose_loopback_neigh var into statically allocated one. However, on unload it will be kfree's which can't work. Steps to reproduce: modprobe rose rmmod rose BUG: unable to handle kernel NULL pointer dereference at virtual address 00000008 printing eip: c014c664 *pde = 00000000 Oops: 0000 [#1] PREEMPT DEBUG_PAGEALLOC Modules linked in: rose ax25 fan ufs loop usbhid rtc snd_intel8x0 snd_ac97_codec ehci_hcd ac97_bus uhci_hcd thermal usbcore button processor evdev sr_mod cdrom CPU: 0 EIP: 0060:[<c014c664>] Not tainted VLI EFLAGS: 00210086 (2.6.23-rc9 #3) EIP is at kfree+0x48/0xa1 eax: 00000556 ebx: c1734aa0 ecx: f6a5e000 edx: f7082000 esi: 00000000 edi: f9a55d20 ebp: 00200287 esp: f6a5ef28 ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068 Process rmmod (pid: 1823, ti=f6a5e000 task=f7082000 task.ti=f6a5e000) Stack: f9a55d20 f9a5200c 00000000 00000000 00000000 f6a5e000 f9a5200c f9a55a00 00000000 bf818cf0 f9a51f3f f9a55a00 00000000 c0132c60 65736f72 00000000 f69f9630 f69f9528 c014244a f6a4e900 00200246 f7082000 c01025e6 00000000 Call Trace: [<f9a5200c>] rose_rt_free+0x1d/0x49 [rose] [<f9a5200c>] rose_rt_free+0x1d/0x49 [rose] [<f9a51f3f>] rose_exit+0x4c/0xd5 [rose] [<c0132c60>] sys_delete_module+0x15e/0x186 [<c014244a>] remove_vma+0x40/0x45 [<c01025e6>] sysenter_past_esp+0x8f/0x99 [<c012bacf>] trace_hardirqs_on+0x118/0x13b [<c01025b6>] sysenter_past_esp+0x5f/0x99 ======================= Code: 05 03 1d 80 db 5b c0 8b 03 25 00 40 02 00 3d 00 40 02 00 75 03 8b 5b 0c 8b 73 10 8b 44 24 18 89 44 24 04 9c 5d fa e8 77 df fd ff <8b> 56 08 89 f8 e8 84 f4 fd ff e8 bd 32 06 00 3b 5c 86 60 75 0f EIP: [<c014c664>] kfree+0x48/0xa1 SS:ESP 0068:f6a5ef28 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-07[TCP]: Fix fastpath_cnt_hint when GSO skb is partially ACKedIlpo Järvinen
When only GSO skb was partially ACKed, no hints are reset, therefore fastpath_cnt_hint must be tweaked too or else it can corrupt fackets_out. The corruption to occur, one must have non-trivial ACK/SACK sequence, so this bug is not very often that harmful. There's a fackets_out state reset in TCP because fackets_out is known to be inaccurate and that fixes the issue eventually anyway. In case there was also at least one skb that got fully ACKed, the fastpath_skb_hint is set to NULL which causes a recount for fastpath_cnt_hint (the old value won't be accessed anymore), thus it can safely be decremented without additional checking. Reported by Cedric Le Goater <clg@fr.ibm.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-03Merge branch 'fixes-jgarzik' of ↵Jeff Garzik
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream-fixes
2007-10-02[PATCH] softmac: Fix compiler-warningRichard Knutsson
CC net/ieee80211/softmac/ieee80211softmac_wx.o /home/kernel/src/net/ieee80211/softmac/ieee80211softmac_wx.c: In function ‘ieee80211softmac_wx_set_essid’: /home/kernel/src/net/ieee80211/softmac/ieee80211softmac_wx.c:117: warning: label ‘out’ defined but not used due to commit: efe870f9f4ad74410a18ecbf0d9ba7c14b50a0fb. Removing the label. Signed-off-by: Richard Knutsson <ricknu-0@student.ltu.se> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-01[IEEE80211]: avoid integer underflow for runt rx framesJohn W. Linville
Reported by Chris Evans <scarybeasts@gmail.com>: > The summary is that an evil 80211 frame can crash out a victim's > machine. It only applies to drivers using the 80211 wireless code, and > only then to certain drivers (and even then depends on a card's > firmware not dropping a dubious packet). I must confess I'm not > keeping track of Linux wireless support, and the different protocol > stacks etc. > > Details are as follows: > > ieee80211_rx() does not explicitly check that "skb->len >= hdrlen". > There are other skb->len checks, but not enough to prevent a subtle > off-by-two error if the frame has the IEEE80211_STYPE_QOS_DATA flag > set. > > This leads to integer underflow and crash here: > > if (frag != 0) > flen -= hdrlen; > > (flen is subsequently used as a memcpy length parameter). How about this? Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-01[SFQ]: Remove artificial limitation for queue limit.Alexey Kuznetsov
This is followup to Patrick's patch. A little optimization to enqueue routine allows to remove artificial limitation on queue length. Plus, testing showed that hash function used by SFQ is too bad or even worse. It does not even sweep the whole range of hash values. Switched to Jenkins' hash. Signed-off-by: Alexey Kuznetsov <kaber@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-28[TCP]: Fix MD5 signature handling on big-endian.David S. Miller
Based upon a report and initial patch by Peter Lieven. tcp4_md5sig_key and tcp6_md5sig_key need to start with the exact same members as tcp_md5sig_key. Because they are both cast to that type by tcp_v{4,6}_md5_do_lookup(). Unfortunately tcp{4,6}_md5sig_key use a u16 for the key length instead of a u8, which is what tcp_md5sig_key uses. This just so happens to work by accident on little-endian, but on big-endian it doesn't. Instead of casting, just place tcp_md5sig_key as the first member of the address-family specific structures, adjust the access sites, and kill off the ugly casts. Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-27[NET]: Zero length write() on socket should not simply return 0.David S. Miller
This fixes kernel bugzilla #5731 It should generate an empty packet for datagram protocols when the socket is connected, for one. The check is doubly-wrong because all that a write() can be is a sendmsg() call with a NULL msg_control and a single entry iovec. No special semantics should be assigned to it, therefore the zero length check should be removed entirely. This matches the behavior of BSD and several other systems. Alan Cox notes that SuSv3 says the behavior of a zero length write on non-files is "unspecified", but that's kind of useless since BSD has defined this behavior for a quarter century and BSD is essentially what application folks code to. Based upon a patch from Stephen Hemminger. Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-26fix sctp_del_bind_addr() last argument typeAl Viro
It gets pointer to fastcall function, expects a pointer to normal one and calls the sucker. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-26Merge branch 'master' of ↵Linus Torvalds
master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 * 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [PPP_MPPE]: Don't put InterimKey on the stack SCTP : Add paramters validity check for ASCONF chunk SCTP: Discard OOTB packetes with bundled INIT early. SCTP: Clean up OOTB handling and fix infinite loop processing SCTP: Explicitely discard OOTB chunks SCTP: Send ABORT chunk with correct tag in response to INIT ACK SCTP: Validate buffer room when processing sequential chunks [PATCH] mac80211: fix initialisation when built-in [PATCH] net/mac80211/wme.c: fix sparse warning [PATCH] cfg80211: fix initialisation if built-in [PATCH] net/wireless/sysfs.c: Shut up build warning
2007-09-25SCTP : Add paramters validity check for ASCONF chunkWei Yongjun
If ADDIP is enabled, when an ASCONF chunk is received with ASCONF paramter length set to zero, this will cause infinite loop. By the way, if an malformed ASCONF chunk is received, will cause processing to access memory without verifying. This is because of not check the validity of parameters in ASCONF chunk. This patch fixed this. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25SCTP: Discard OOTB packetes with bundled INIT early.Vlad Yasevich
RFC 4460 and future RFC 4960 (2960-bis) specify that packets with bundled INIT chunks need to be dropped. We currenlty do that only after processing any leading chunks. For OOTB chunks, since we already walk the entire packet, we should discard packets with bundled INITs. There are other chunks chunks that MUST NOT be bundled, but the spec is silent on theire treatment. Thus, we'll leave their teatment alone for the moment. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Wei Yongjun <yjwei@cn.fujitsu.com>
2007-09-25SCTP: Clean up OOTB handling and fix infinite loop processingVlad Yasevich
While processing OOTB chunks as well as chunks with an invalid length of 0, it was possible to SCTP to get wedged inside an infinite loop because we didn't catch the condition correctly, or didn't mark the packet for discard correctly. This work is based on original findings and work by Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25SCTP: Explicitely discard OOTB chunksVlad Yasevich
Explicitely discard OOTB chunks, whether the result is a SHUTDOWN COMPLETE or an ABORT. We need to discard the OOTB SHUTDOWN ACK to prevent bombing attackes since responsed MUST NOT be bundled. We also explicietely discard in the ABORT case since that function is widely used internally. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Neil Horman <nhorman@tuxdriver.com>
2007-09-25SCTP: Send ABORT chunk with correct tag in response to INIT ACKWei Yongjun
When SCTP client received an INIT ACK chunk with missing mandatory parameter such as "cookie parameter", it will send back a ABORT with T-bit not set and verification tag is set to 0. This is because before we accept this INIT ACK chunk, we do not know the peer's tag. This patch change to reflect vtag when responding to INIT ACK with missing mandatory parameter. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25SCTP: Validate buffer room when processing sequential chunksVlad Yasevich
When we process bundled chunks, we need to make sure that the skb has the buffer for each header since we assume it's always there. Some malicious node can send us something like DATA + 2 bytes and we'll try to walk off the end refrencing potentially uninitialized memory. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25[PATCH] mac80211: fix initialisation when built-inJohannes Berg
When mac80211 is built into the kernel it needs to init earlier so that device registrations are run after it has initialised. The same applies to rate control algorithms. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-09-25[PATCH] net/mac80211/wme.c: fix sparse warningJohannes Berg
wme.c triggers a sparse warning; it wasn't noticed before because until recently ARRAY_SIZE triggered a sparse error. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-09-25[PATCH] cfg80211: fix initialisation if built-inJohannes Berg
When cfg80211 is built into the kernel it needs to init earlier so that device registrations are run after it has initialised. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>