aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
Commit message (Collapse)AuthorAgeFilesLines
...
| | * [TCP]: Add return value indication to tcp_prune_ofo_queue().Vitaliy Gusev2008-04-151-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | Returns non-zero if tp->out_of_order_queue was seen non-empty. This allows tcp_try_rmem_schedule() to return early. Signed-off-by: Vitaliy Gusev <vgusev@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * [TCP]: Fix never pruned tcp out-of-order queue.Vitaliy Gusev2008-04-151-26/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tcp_prune_queue() doesn't prune an out-of-order queue at all. Therefore sk_rmem_schedule() can fail but the out-of-order queue isn't pruned . This can lead to tcp deadlock state if the next two conditions are held: 1. There are a sequence hole between last received in order segment and segments enqueued to the out-of-order queue. 2. Size of all segments in the out-of-order queue is more than tcp_mem[2]. Signed-off-by: Vitaliy Gusev <vgusev@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds2008-04-141-1/+3
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (31 commits) [BRIDGE]: Fix crash in __ip_route_output_key with bridge netfilter [NETFILTER]: ipt_CLUSTERIP: fix race between clusterip_config_find_get and _entry_put [IPV6] ADDRCONF: Don't generate temporary address for ip6-ip6 interface. [IPV6] ADDRCONF: Ensure disabling multicast RS even if privacy extensions are disabled. [IPV6]: Use appropriate sock tclass setting for routing lookup. [IPV6]: IPv6 extension header structures need to be packed. [IPV6]: Fix ipv6 address fetching in raw6_icmp_error(). [NET]: Return more appropriate error from eth_validate_addr(). [ISDN]: Do not validate ISDN net device address prior to interface-up [NET]: Fix kernel-doc for skb_segment [SOCK] sk_stamp: should be initialized to ktime_set(-1L, 0) net: check for underlength tap writes net: make struct tun_struct private to tun.c [SCTP]: IPv4 vs IPv6 addresses mess in sctp_inet[6]addr_event. [SCTP]: Fix compiler warning about const qualifiers [SCTP]: Fix protocol violation when receiving an error lenght INIT-ACK [SCTP]: Add check for hmac_algo parameter in sctp_verify_param() [NET_SCHED] cls_u32: refcounting fix for u32_delete() [DCCP]: Fix skb->cb conflicts with IP [AX25]: Potential ax25_uid_assoc-s leaks on module unload. ...
| * | Merge branch 'docs' of git://git.lwn.net/linux-2.6Linus Torvalds2008-04-112-5/+5
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 'docs' of git://git.lwn.net/linux-2.6: Add additional examples in Documentation/spinlocks.txt Move sched-rt-group.txt to scheduler/ Documentation: move rpc-cache.txt to filesystems/ Documentation: move nfsroot.txt to filesystems/ Spell out behavior of atomic_dec_and_lock() in kerneldoc Fix a typo in highres.txt Fixes to the seq_file document Fill out information on patch tags in SubmittingPatches Add the seq_file documentation
| | * | Documentation: move nfsroot.txt to filesystems/J. Bruce Fields2008-04-112-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Documentation/ is a little large, and filesystems/ seems an obvious place for this file. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* | | | [INET]: Uninline the __inet_inherit_port call.Pavel Emelyanov2008-04-171-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This deblats ~200 bytes when ipv6 and dccp are 'y'. Besides, this will ease compilation issues for patches I'm working on to make inet hash tables more scalable wrt net namespaces. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [NETNS]: Add netns refcnt debug for inet bind buckets.Denis V. Lunev2008-04-161-1/+2
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [NETNS]: Add netns refcnt debug into fib_info.Denis V. Lunev2008-04-161-1/+2
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [NETNS]: Add netns refcnt debug for timewait buckets.Denis V. Lunev2008-04-161-1/+2
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [SIT]: Allow for IPPROTO_IPV6 protocol in namespaces.Pavel Emelyanov2008-04-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes sit-generated traffic enter the namespace. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [GRE]: Allow for IPPROTO_GRE protocol in namespaces.Pavel Emelyanov2008-04-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This one was also disabled by default for sanity. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [GRE]: Allow to create IPGRE tunnels in net namespaces.Pavel Emelyanov2008-04-161-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | I.e. set the proper net and mark as NETNS_LOCAL. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [GRE]: Use proper net in routing calls.Pavel Emelyanov2008-04-161-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As for the IPIP tunnel, there are some ip_route_output_key() calls in there that require a proper net so give one to them. And a proper net for the __get_dev_by_index hanging around. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [GRE]: Make tunnels hashes per-net.Pavel Emelyanov2008-04-161-34/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Very similar to what was done for the IPIP code. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [GRE]: Make the fallback tunnel device per-net.Pavel Emelyanov2008-04-161-31/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Everything is prepared for this change now. Create on in init callback, use it over the code and destroy on net exit. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [GRE]: Use proper net in hash-lookup functions.Pavel Emelyanov2008-04-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the part#2 of the patch #2 - get the proper net for these functions. This change in a separate patch in order not to get lost in a large previous patch. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [GRE]: Add net/gre_net argument to some functions.Pavel Emelyanov2008-04-161-19/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The fallback device and hashes are to become per-net, but many code doesn't have anything to get the struct net pointer from. So pass the proper net there with an extra argument. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [GRE]: Introduce empty ipgre_net structure and net init/exit ops.Pavel Emelyanov2008-04-161-0/+49
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [IPIP]: Allow for IPPROTO_IPIP protocol in namespaces.Pavel Emelyanov2008-04-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This one was disabled by default for sanity. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [IPIP]: Allow to create IPIP tunnels in net namespaces.Pavel Emelyanov2008-04-161-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set the proper net before calling register_netdev and disable the tunnel device netns changing. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [IPIP]: Use proper net in (mostly) routing calls.Pavel Emelyanov2008-04-161-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are some ip_route_output_key() calls in there that require a proper net so give one to them. Besides - give a proper net to a single __get_dev_by_index call in ipip_tunnel_bind_dev(). Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [IPIP]: Make tunnels hashes per net.Pavel Emelyanov2008-04-161-32/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Either net or ipip_net already exists in all the required places, so just use one. Besides, tune net_init and net_exit calls to respectively initialize the hashes and destroy devices. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [IPIP]: Use proper net in hash-lookup functions.Pavel Emelyanov2008-04-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the part#2 of the previous patch - get the proper net for these functions. I make it in a separate patch, so that this change does not get lost in a large previous patch. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [IPIP]: Add net/ipip_net argument to some functions.Pavel Emelyanov2008-04-161-19/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The hashes of tunnels will be per-net too, so prepare all the functions that uses them for this change by adding an argument. Use init_net temporarily in places, where the net does not exist explicitly yet. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [IPIP]: Make the fallback tunnel device per-net.Pavel Emelyanov2008-04-161-32/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Create on in ipip_init_net(), use it all over the code (the proper place to get the net from already exists) and destroy in ipip_net_exit(). Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [IPIP]: Introduce empty ipip_net structure and net init/exit ops.Pavel Emelyanov2008-04-161-0/+50
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [TCP]: Remove superflushious skb == write_queue_tail() checkIlpo Järvinen2008-04-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Needed can only be more strict than what was checked by the earlier common case check for non-tail skbs, thus cwnd_len <= needed will never match in that case anyway. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [TCP]: Format addresses appropriately in debug messages.YOSHIFUJI Hideaki2008-04-142-8/+29
| | | | | | | | | | | | | | | | | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [IPV4]: Use NIPQUAD_FMT to format ipv4 addresses.YOSHIFUJI Hideaki2008-04-1414-47/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | And use %u to format port. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | Merge branch 'master' of ↵David S. Miller2008-04-1433-487/+768
|\ \ \ \ | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.26
| * | | | [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by ↵Jan Engelhardt2008-04-143-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | function call Directly call IPv4 and IPv6 variants where the address family is easily known. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, ↵Jan Engelhardt2008-04-142-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | nf_nat_proto_gre Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_nat: use bool type in nf_nat_protoJan Engelhardt2008-04-1410-66/+66
| | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4protoJan Engelhardt2008-04-141-13/+12
| | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l3protoJan Engelhardt2008-04-141-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessorsPatrick McHardy2008-04-141-9/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add accessors for l3num and protonum and get rid of some overly long expressions. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_nat: kill helper and seq_adjust hooksPatrick McHardy2008-04-144-65/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Connection tracking helpers (specifically FTP) need to be called before NAT sequence numbers adjustments are performed to be able to compare them against previously seen ones. We've introduced two new hooks around 2.6.11 to maintain this ordering when NAT modules were changed to get called from conntrack helpers directly. The cost of netfilter hooks is quite high and sequence number adjustments are only rarely needed however. Add a RCU-protected sequence number adjustment function pointer and call it from IPv4 conntrack after calling the helper. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_nat: don't add NAT extension for confirmed conntracksPatrick McHardy2008-04-142-23/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding extensions to confirmed conntracks is not allowed to avoid races on reallocation. Don't setup NAT for confirmed conntracks in case NAT module is loaded late. The has one side-effect, the connections existing before the NAT module was loaded won't enter the bysource hash. The only case where this actually makes a difference is in case of SNAT to a multirange where the IP before NAT is also part of the range. Since old connections don't enter the bysource hash the first new connection from the IP will have a new address selected. This shouldn't matter at all. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_nat: remove obsolete check for ICMP redirectsPatrick McHardy2008-04-141-14/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Locally generated ICMP packets have a reference to the conntrack entry of the original packet manually attached by icmp_send(). Therefore the check for locally originated untracked ICMP redirects can never be true. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_nat: add SCTP protocol supportPatrick McHardy2008-04-144-2/+106
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_nat: add DCCP protocol supportPatrick McHardy2008-04-144-2/+118
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: Add partial checksum validation helperPatrick McHardy2008-04-141-7/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move the UDP-Lite conntrack checksum validation to a generic helper similar to nf_checksum() and make it fall back to nf_checksum() in case the full packet is to be checksummed and hardware checksums are available. This is to be used by DCCP conntrack, which also needs to verify partial checksums. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_nat: add UDP-Lite supportPatrick McHardy2008-04-144-2/+109
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_nat: remove unused name from struct nf_nat_protocolPatrick McHardy2008-04-145-5/+0
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_conntrack_netlink: clean up NAT protocol parsingPatrick McHardy2008-04-141-13/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move responsibility for setting the IP_NAT_RANGE_PROTO_SPECIFIED flag to the NAT protocol, properly propagate errors and get rid of ugly return value convention. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_nat: move NAT ctnetlink helpers to nf_nat_proto_commonPatrick McHardy2008-04-146-48/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move to nf_nat_proto_common and rename to nf_nat_proto_... since they're also used by protocols that don't have port numbers. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_nat: fix random mode not to overwrite port roverPatrick McHardy2008-04-141-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The port rover should not get overwritten when using random mode, otherwise other rules will also use more or less random ports. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: nf_nat: add helpers for common NAT protocol operationsPatrick McHardy2008-04-145-141/+95
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add generic ->in_range and ->unique_tuple ops to avoid duplicating them again and again for future NAT modules and save a few bytes of text: net/ipv4/netfilter/nf_nat_proto_tcp.c: tcp_in_range | -62 (removed) tcp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0 2 functions changed, 321 bytes removed net/ipv4/netfilter/nf_nat_proto_udp.c: udp_in_range | -62 (removed) udp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0 2 functions changed, 321 bytes removed net/ipv4/netfilter/nf_nat_proto_gre.c: gre_in_range | -62 (removed) 1 function changed, 62 bytes removed vmlinux: 5 functions changed, 704 bytes removed Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: {ip,ip6,arp}_tables: return EAGAIN for invalid SO_GET_ENTRIES sizePatrick McHardy2008-04-142-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rule dumping is performed in two steps: first userspace gets the ruleset size using getsockopt(SO_GET_INFO) and allocates memory, then it calls getsockopt(SO_GET_ENTRIES) to actually dump the ruleset. When another process changes the ruleset in between the sizes from the first getsockopt call doesn't match anymore and the kernel aborts. Unfortunately it returns EAGAIN, as for multiple other possible errors, so userspace can't distinguish this case from real errors. Return EAGAIN so userspace can retry the operation. Fixes (with current iptables SVN version) netfilter bugzilla #104. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | | [NETFILTER]: Explicitly initialize .priority in arptable_filterJan Engelhardt2008-04-141-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>