aboutsummaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2006-03-01Merge branch 'upstream-fixes'Jeff Garzik
2006-02-28Merge branch 'upstream-fixes' of ↵Jeff Garzik
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
2006-02-27[PATCH] ieee80211_geo.c: remove frivolous BUG_ON'sPete Zaitcev
I have come to consider BUG_ON generally harmful. The idea of an assert is to prevent a program to execute past a point where its state is known erroneous, thus preventing it from dealing more damage to the data (or hiding the traces of malfunction). The problem is, in kernel this harm has to be balanced against the harm of forced reboot. The last straw was our softmac tree, where "iwlist eth1 scan" causes a lockup. It is absolutely frivolus and provides no advantages a normal assert has to provide. In fact, doing this impedes debugging. Signed-off-by: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-02-27Merge branch 'upstream-fixes'John W. Linville
2006-02-27Merge branch 'from-linus'John W. Linville
2006-02-27[PATCH] ieee80211_rx.c: is_beaconPete Zaitcev
Fix broken is_beacon(). Signed-off-by: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-02-27[REQSK]: Don't reset rskq_defer_accept in reqsk_queue_allocArnaldo Carvalho de Melo
In 295f7324ff8d9ea58b4d3ec93b1aaa1d80e048a9 I moved defer_accept from tcp_sock to request_queue and mistakingly reset it at reqsl_queue_alloc, causing calls to setsockopt(TCP_DEFER_ACCEPT ) to be lost after bind, the fix is to remove the zeroing of rskq_defer_accept from reqsl_queue_alloc. Thanks to Alexandra N. Kossovsky <Alexandra.Kossovsky@oktetlabs.ru> for reporting and testing the suggested fix. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-27[NETFILTER]: Restore {ipt,ip6t,ebt}_LOG compatibilityPatrick McHardy
The nfnetlink_log infrastructure changes broke compatiblity of the LOG targets. They currently use whatever log backend was registered first, which means that if ipt_ULOG was loaded first, no messages will be printed to the ring buffer anymore. Restore compatiblity by using the old log functions by default and only use the nf_log backend if the user explicitly said so. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-27[NETFILTER]: nf_queue: fix end-of-list checkPatrick McHardy
The comparison wants to find out if the last list iteration reached the end of the list. It needs to compare the iterator with the list head to do this, not the element it is looking for. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-27[NETFILTER]: nf_queue: remove unnecessary check for outfnPatrick McHardy
The only point of registering a queue handler is to provide an outfn, so there is no need to check for it. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-27[NETFILTER]: nf_queue: fix rerouting after packet manglingPatrick McHardy
Packets should be rerouted when they come back from userspace, not before. Also move the queue_rerouters to RCU to avoid taking the queue_handler_lock for each reinjected packet. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-27[NETFILTER]: nf_queue: check if rerouter is present before using itPatrick McHardy
Every rerouter needs to provide a save and a reroute function, we don't need to check for them. But we do need to check if a rerouter is registered at all for the current family, with bridging for example packets of unregistered families can hit nf_queue. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-27[NETFILTER]: nf_queue: don't copy registered rerouter dataPatrick McHardy
Use the registered data structure instead of copying it. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-27[IPSEC]: Kill post_input hook and do NAT-T in esp_input directlyHerbert Xu
The only reason post_input exists at all is that it gives us the potential to adjust the checksums incrementally in future which we ought to do. However, after thinking about it for a bit we can adjust the checksums without using this post_input stuff at all. The crucial point is that only the inner-most NAT-T SA needs to be considered when adjusting checksums. What's more, the checksum adjustment comes down to a single u32 due to the linearity of IP checksums. We just happen to have a spare u32 lying around in our skb structure :) When ip_summed is set to CHECKSUM_NONE on input, the value of skb->csum is currently unused. All we have to do is to make that the checksum adjustment and voila, there goes all the post_input and decap structures! I've left in the decap data structures for now since it's intricately woven into the sec_path stuff. We can kill them later too. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-27[IPSEC] esp: Kill unnecessary block and indentationHerbert Xu
We used to keep sg on the stack which is why the extra block was useful. We've long since stopped doing that so let's kill the block and save some indentation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-27Merge branch 'master'Jeff Garzik
2006-02-24[IPV6]: Do not ignore IPV6_MTU socket option.YOSHIFUJI Hideaki
Based on patch by Hoerdt Mickael <hoerdt@clarinet.u-strasbg.fr>. Signed-off-by: YOSHIFUJI Hideaki <yosufuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-24[IPV6] ip6_tunnel: release cached dst on change of tunnel paramsHugo Santos
The included patch fixes ip6_tunnel to release the cached dst entry when the tunnel parameters (such as tunnel endpoints) are changed so they are used immediatly for the next encapsulated packets. Signed-off-by: Hugo Santos <hsantos@av.it.pt> Acked-by: Ville Nuorvala <vnuorval@tcs.hut.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-23Merge branch 'upstream-fixes'Jeff Garzik
2006-02-23[IPSEC]: Use TOS when doing tunnel lookupsHerbert Xu
We should use the TOS because it's one of the routing keys. It also means that we update the correct routing cache entry when PMTU occurs. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-23[NET] ethernet: Fix first packet goes out with MAC 00:00:00:00:00:00Jamal Hadi Salim
When you turn off ARP on a netdevice then the first packet always goes out with a dstMAC of all zeroes. This is because the first packet is used to resolve ARP entries. Even though the ARP entry may be resolved (I tried by setting a static ARP entry for a host i was pinging from), it gets overwritten by virtue of having the netdevice disabling ARP. Subsequent packets go out fine with correct dstMAC address (which may be why people have ignored reporting this issue). To cut the story short: the culprit code is in net/ethernet/eth.c::eth_header() ---- /* * Anyway, the loopback-device should never use this function... */ if (dev->flags & (IFF_LOOPBACK|IFF_NOARP)) { memset(eth->h_dest, 0, dev->addr_len); return ETH_HLEN; } if(daddr) { memcpy(eth->h_dest,daddr,dev->addr_len); return ETH_HLEN; } ---- Note how the h_dest is being reset when device has IFF_NOARP. As a note: All devices including loopback pass a daddr. loopback in fact passes a 0 all the time ;-> This means i can delete the check totaly or i can remove the IFF_NOARP Alexey says: -------------------- I think, it was me who did this crap. It was so long ago I do not remember why it was made. I remember some troubles with dummy device. It tried to resolve addresses, apparently, without success and generated errors instead of blackholing. I think the problem was eventually solved at neighbour level. After some thinking I suspect the deletion of this chunk could change behaviour of some parts which do not use neighbour cache f.e. packet socket. I think safer approach would be to move this chunk after if (daddr). And the possibility to remove this completely could be analyzed later. -------------------- Patch updated with Alexey's safer suggestions. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-23[XFRM]: Eliminate refcounting confusion by creating __xfrm_state_put().Herbert Xu
We often just do an atomic_dec(&x->refcnt) on an xfrm_state object because we know there is more than 1 reference remaining and thus we can elide the heavier xfrm_state_put() call. Do this behind an inline function called __xfrm_state_put() so that is more obvious and also to allow us to more cleanly add refcount debugging later. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-23[IPV4]: Fix garbage collection of multipath route entriesSuresh Bhogavilli
When garbage collecting route cache entries of multipath routes in rt_garbage_collect(), entries were deleted from the hash bucket 'i' while holding a spin lock on bucket 'k' resulting in a system hang. Delete entries, if any, from bucket 'k' instead. Signed-off-by: Suresh Bhogavilli <sbhogavilli@verisign.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-23[NETFILTER]: Fix bridge netfilter related in xfrm_lookupPatrick McHardy
The bridge-netfilter code attaches a fake dst_entry with dst->ops == NULL to purely bridged packets. When these packets are SNATed and a policy lookup is done, xfrm_lookup crashes because it tries to dereference dst->ops. Change xfrm_lookup not to dereference dst->ops before checking for the DST_NOXFRM flag and set this flag in the fake dst_entry. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-20Merge branch 'fixes.b8' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/viro/bird
2006-02-19[NET]: NETFILTER: remove duplicated lines and fix order in skb_clone().YOSHIFUJI Hideaki
Some of netfilter-related members are initalized / copied twice in skb_clone(). Remove one. Pointed out by Olivier MATZ <olivier.matz@6wind.com>. And this patch also fixes order of copying / clearing members. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-19[NETFILTER]: Fix outgoing redirects to loopbackPatrick McHardy
When redirecting an outgoing packet to loopback, it keeps the original conntrack reference and information from the outgoing path, which falsely triggers the check for DNAT on input and the dst_entry is released to trigger rerouting. ip_route_input refuses to route the packet because it has a local source address and it is dropped. Look at the packet itself to dermine if it was NATed. Also fix a missing inversion that causes unneccesary xfrm lookups. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-19[NETFILTER]: Fix NAT PMTUD problemsPatrick McHardy
ICMP errors are only SNATed when their source matches the source of the connection they are related to, otherwise the source address is not changed. This creates problems with ICMP frag. required messages originating from a router behind the NAT, if private IPs are used the packet has a good change of getting dropped on the path to its destination. Always NAT ICMP errors similar to the original connection. Based on report by Al Viro. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-19[XFRM]: Fix policy double putPatrick McHardy
The policy is put once immediately and once at the error label, which results in the following Oops: kernel BUG at net/xfrm/xfrm_policy.c:250! invalid opcode: 0000 [#2] PREEMPT [...] CPU: 0 EIP: 0060:[<c028caf7>] Not tainted VLI EFLAGS: 00210246 (2.6.16-rc3 #39) EIP is at __xfrm_policy_destroy+0xf/0x46 eax: d49f2000 ebx: d49f2000 ecx: f74bd880 edx: f74bd280 esi: d49f2000 edi: 00000001 ebp: cd506dcc esp: cd506dc8 ds: 007b es: 007b ss: 0068 Process ssh (pid: 31970, threadinfo=cd506000 task=cfb04a70) Stack: <0>cd506000 cd506e34 c028e92b ebde7280 cd506e58 cd506ec0 f74bd280 00000000 00000214 0000000a 0000000a 00000000 00000002 f7ae6000 00000000 cd506e58 cd506e14 c0299e36 f74bd280 e873fe00 c02943fd cd506ec0 ebde7280 f271f440 Call Trace: [<c0103a44>] show_stack_log_lvl+0xaa/0xb5 [<c0103b75>] show_registers+0x126/0x18c [<c0103e68>] die+0x14e/0x1db [<c02b6809>] do_trap+0x7c/0x96 [<c0104237>] do_invalid_op+0x89/0x93 [<c01035af>] error_code+0x4f/0x54 [<c028e92b>] xfrm_lookup+0x349/0x3c2 [<c02b0b0d>] ip6_datagram_connect+0x317/0x452 [<c0281749>] inet_dgram_connect+0x49/0x54 [<c02404d2>] sys_connect+0x51/0x68 [<c0240928>] sys_socketcall+0x6f/0x166 [<c0102aa1>] syscall_call+0x7/0xb Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-18[PATCH] missing ntohs() in ip6_tunnelAl Viro
->payload_len is net-endian Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-02-17Merge branch 'upstream-fixes'Jeff Garzik
2006-02-17[PATCH] ieee80211: fix sparse warning about missing "static"Johannes Berg
This patch adds a missing "static" on a variable (sparse complaint) Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-02-17[PATCH] ieee80211: Use IWEVGENIE to set WPA IEZhu Yi
It replaces returning WPA/RSN IEs as custom events with returning them as IWEVGENIE events. I have tested that it returns proper information with both Xsupplicant, and the latest development version of the Linux wireless tools. Signed-off-by: Chris Hessing <Chris.Hessing@utah.edu> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-02-17Merge branch 'upstream' of ↵John W. Linville
git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
2006-02-15[NETFILTER]: nf_conntrack: Fix TCP/UDP HW checksum handling for IPv6 packetYasuyuki Kozakai
If skb->ip_summed is CHECKSUM_HW here, skb->csum includes checksum of actual IPv6 header and extension headers. Then such excess checksum must be subtruct when nf_conntrack calculates TCP/UDP checksum with pseudo IPv6 header. Spotted by Ben Skeggs. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-15[NETFILTER]: nf_conntrack: attach conntrack to locally generated ICMPv6 errorYasuyuki Kozakai
Locally generated ICMPv6 errors should be associated with the conntrack of the original packet. Since the conntrack entry may not be in the hash tables (for the first packet), it must be manually attached. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-15[NETFILTER]: nf_conntrack: attach conntrack to TCP RST generated by ip6t_REJECTYasuyuki Kozakai
TCP RSTs generated by the REJECT target should be associated with the conntrack of the original TCP packet. Since the conntrack entry is usually not is the hash tables, it must be manually attached. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-15[NETFILTER]: nf_conntrack: move registration of __nf_ct_attachYasuyuki Kozakai
Move registration of __nf_ct_attach to nf_conntrack_core to make it usable for IPv6 connection tracking as well. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-15[NETFILTER]: x_tables: fix dependencies of conntrack related modulesYasuyuki Kozakai
NF_CONNTRACK_MARK is bool and depends on NF_CONNTRACK which is tristate. If a variable depends on NF_CONNTRACK_MARK and doesn't take care about NF_CONNTRACK, it can be y even if NF_CONNTRACK isn't y. NF_CT_ACCT have same issue, too. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-15[XFRM]: Fix SNAT-related crash in xfrm4_output_finishPatrick McHardy
When a packet matching an IPsec policy is SNATed so it doesn't match any policy anymore it looses its xfrm bundle, which makes xfrm4_output_finish crash because of a NULL pointer dereference. This patch directs these packets to the original output path instead. Since the packets have already passed the POST_ROUTING hook, but need to start at the beginning of the original output path which includes another POST_ROUTING invocation, a flag is added to the IPCB to indicate that the packet was rerouted and doesn't need to pass the POST_ROUTING hook again. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-15[BRIDGE]: Fix deadlock in br_stp_disable_bridgeAdrian Drzewiecki
Looks like somebody forgot to use the _bh spin_lock variant. We ran into a deadlock where br->hello_timer expired while br_stp_disable_br() walked br->port_list. Signed-off-by: Adrian Drzewiecki <z@drze.net> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-15[NETFILTER]: Fix xfrm lookup after SNATPatrick McHardy
To find out if a packet needs to be handled by IPsec after SNAT, packets are currently rerouted in POST_ROUTING and a new xfrm lookup is done. This breaks SNAT of non-unicast packets to non-local addresses because the packet is routed as incoming packet and no neighbour entry is bound to the dst_entry. In general, it seems to be a bad idea to replace the dst_entry after the packet was already sent to the output routine because its state might not match what's expected. This patch changes the xfrm lookup in POST_ROUTING to re-use the original dst_entry without routing the packet again. This means no policy routing can be used for transport mode transforms (which keep the original route) when packets are SNATed to match the policy, but it looks like the best we can do for now. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[NET]: Revert skb_copy_datagram_iovec() recursion elimination.David S. Miller
Revert the following changeset: bc8dfcb93970ad7139c976356bfc99d7e251deaf Recursive SKB frag lists are really possible and disallowing them breaks things. Noticed by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[IPSEC]: Fix strange IPsec freeze.Herbert Xu
Problem discovered and initial patch by Olaf Kirch: there's a problem with IPsec that has been bugging some of our users for the last couple of kernel revs. Every now and then, IPsec will freeze the machine completely. This is with openswan user land, and with kernels up to and including 2.6.16-rc2. I managed to debug this a little, and what happens is that we end up looping in xfrm_lookup, and never get out. With a bit of debug printks added, I can this happening: ip_route_output_flow calls xfrm_lookup xfrm_find_bundle returns NULL (apparently we're in the middle of negotiating a new SA or something) We therefore call xfrm_tmpl_resolve. This returns EAGAIN We go to sleep, waiting for a policy update. Then we loop back to the top Apparently, the dst_orig that was passed into xfrm_lookup has been dropped from the routing table (obsolete=2) This leads to the endless loop, because we now create a new bundle, check the new bundle and find it's stale (stale_bundle -> xfrm_bundle_ok -> dst_check() return 0) People have been testing with the patch below, which seems to fix the problem partially. They still see connection hangs however (things only clear up when they start a new ping or new ssh). So the patch is obvsiouly not sufficient, and something else seems to go wrong. I'm grateful for any hints you may have... I suggest that we simply bail out always. If the dst decides to die on us later on, the packet will be dropped anyway. So there is no great urgency to retry here. Once we have the proper resolution queueing, we can then do the retry again. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Olaf Kirch <okir@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[IPV6] Don't store dst_entry for RAW socketNicolas DICHTEL
Signed-off-by: Nicolas DICHTEL <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[NETLINK] genetlink: Fix bugs spotted by Andrew Morton.Jamal Hadi Salim
- panic() doesn't return. - Don't forget to unlock on genl_register_family() error path - genl_rcv_msg() is called via pointer so there's no point in declaring it `inline'. Notes: genl_ctrl_event() ignores the genlmsg_multicast() return value. lots of things ignore the genl_ctrl_event() return value. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[BRIDGE]: Better fix for netfilter missing symbol has_bridge_parentStephen Hemminger
Horms patch was the best of the three fixes. Dave, already applied Harald's version, so this patch converts that to the better one. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[NETFILTER] Fix Kconfig menu level for x_tablesHarald Welte
The new x_tables related Kconfig options appear at the wrong menu level without this patch. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13Merge master.kernel.org:/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6David S. Miller
2006-02-13[P8023]: Fix tainting of kernel.Dave Jones
Missing license tag. I've assumed this is GPL. (It could also use a MODULE_AUTHOR) Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>