aboutsummaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAgeFilesLines
* nf: qtaguid: make procfs entry for ctrl return correct data.JP Abgrall2011-06-281-16/+29
| | | | | | | | | | | (This is a direct cherry-pick from 2.6.39: I3b925802) Fixed procreader for /proc/net/xt_qtaguid/ctrl: it would just fill the output with the same entry. Simplify the **start handling. Signed-off-by: JP Abgrall <jpa@google.com> Change-Id: I3b92580228f2b57795bb2d0d6197fc95ab6be552
* nf: qtaguid: workaround xt_socket_get_sk() returning bad SKs.JP Abgrall2011-06-281-9/+36
| | | | | | | | | | | | | (This is a direct cherry pick from 2.6.39: Id2a9912b) * xt_socket_get_sk() returns invalid sockets when the sk_state is TCP_TIME_WAIT. Added detection of time-wait. * Added more constrained usage: qtaguid insures that xt_socket_get*_sk() is not invoked for unexpected hooks or protocols (but I have not seen those active at the point where the returned sk is bad). Signed-off-by: JP Abgrall <jpa@google.com> Change-Id: Id2a9912bb451a3e59d012fc55bbbd40fbb90693f
* net: ipv4: tcp: Fix crash in tcp_nuke_addrColin Cross2011-06-221-1/+1
| | | | | | | ip_route_output_key can return an ERR_PTR, don't dereference it. Change-Id: I6b86a451b2bdb33873d79b3cf90c11dbe72bc081 Signed-off-by: Colin Cross <ccross@android.com>
* netfilter: have ip*t REJECT set the sock err when an icmp is to be sentJP Abgrall2011-06-204-0/+41
| | | | | | | | | | | | | | | | Allow the REJECT --reject-with icmp*blabla to also set the matching error locally on the socket affected by the reject. This allows the process to see an error almost as if it received it via ICMP. It avoids the local process who's ingress packet is rejected to have to wait for a pseudo-eternity until some timeout kicks in. Ideally, this should be enabled with a new iptables flag similar to --reject-with-sock-err For now it is enabled with CONFIG_IP*_NF_TARGET_REJECT_SKERR option. Change-Id: I649a4fd5940029ec0b3233e5abb205da6984891e Signed-off-by: JP Abgrall <jpa@google.com>
* netfilter: add xt_qtaguid matching moduleJP Abgrall2011-06-203-0/+1240
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This module allows tracking stats at the socket level for given UIDs. It replaces xt_owner. If the --uid-owner is not specified, it will just count stats based on who the skb belongs to. This will even happen on incoming skbs as it looks into the skb via xt_socket magic to see who owns it. If an skb is lost, it will be assigned to uid=0. To control what sockets of what UIDs are tagged by what, one uses: echo t $sock_fd $accounting_tag $the_billed_uid \ > /proc/net/xt_qtaguid/ctrl So whenever an skb belongs to a sock_fd, it will be accounted against $the_billed_uid and matching stats will show up under the uid with the given $accounting_tag. Because the number of allocations for the stats structs is not that big: ~500 apps * 32 per app we'll just do it atomic. This avoids walking lists many times, and the fancy worker thread handling. Slabs will grow when needed later. It use netdevice and inetaddr notifications instead of hooks in the core dev code to track when a device comes and goes. This removes the need for exposed iface_stat.h. Put procfs dirs in /proc/net/xt_qtaguid/ ctrl stats iface_stat/<iface>/... The uid stats are obtainable in ./stats. Change-Id: I01af4fd91c8de651668d3decb76d9bdc1e343919 Signed-off-by: JP Abgrall <jpa@google.com>
* nf: xt_socket: export the fancy sock finder codeJP Abgrall2011-06-201-24/+46
| | | | | | | | | | The socket matching function has some nifty logic to get the struct sock from the skb or from the connection tracker. We export this so other xt_* can use it, similarly to ho how xt_socket uses nf_tproxy_get_sock. Change-Id: I11c58f59087e7f7ae09e4abd4b937cd3370fa2fd Signed-off-by: JP Abgrall <jpa@google.com>
* Bluetooth: Allow SCO/eSCO packet type selection for outgoing SCO connections.Nick Pelly2011-06-145-38/+66
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | __u16 sco_pkt_type is introduced to struct sockaddr_sco. It allows bitwise selection of SCO/eSCO packet types. Currently those bits are: 0x0001 HV1 may be used. 0x0002 HV2 may be used. 0x0004 HV3 may be used. 0x0008 EV3 may be used. 0x0010 EV4 may be used. 0x0020 EV5 may be used. 0x0040 2-EV3 may be used. 0x0080 3-EV3 may be used. 0x0100 2-EV5 may be used. 0x0200 3-EV5 may be used. This is similar to the Packet Type parameter in the HCI Setup Synchronous Connection Command, except that we are not reversing the logic on the EDR bits. This makes the use of sco_pkt_tpye forward portable for the use case of white-listing packet types, which we expect will be the primary use case. If sco_pkt_type is zero, or userspace uses the old struct sockaddr_sco, then the default behavior is to allow all packet types. Packet type selection is just a request made to the Bluetooth chipset, and it is up to the link manager on the chipset to negiotiate and decide on the actual packet types used. Furthermore, when a SCO/eSCO connection is eventually made there is no way for the host stack to determine which packet type was used (however it is possible to get the link type of SCO or eSCO). sco_pkt_type is ignored for incoming SCO connections. It is possible to add this in the future as a parameter to the Accept Synchronous Connection Command, however its a little trickier because the kernel does not currently preserve sockaddr_sco data between userspace calls to accept(). The most common use for sco_pkt_type will be to white-list only SCO packets, which can be done with the hci.h constant SCO_ESCO_MASK. This patch is motivated by broken Bluetooth carkits such as the Motorolo HF850 (it claims to support eSCO, but will actually reject eSCO connections after 5 seconds) and the 2007/2008 Infiniti G35/37 (fails to route audio if a 2-EV5 packet type is negiotiated). With this patch userspace can maintain a list of compatible packet types to workaround remote devices such as these. Based on a patch by Marcel Holtmann. Rebased to 2.6.39. Change-Id: Ide1c89574fa4f6f1b9218282e1af17051eb86315 Signed-off-by: Nick Pelly <npelly@google.com>
* net: Fix "Support nuking IPv6 sockets as well as IPv4" for 2.6.39Colin Cross2011-06-141-2/+3
| | | | | Change-Id: I247b8dc2e32bb83e731209928600e92892dd042c Signed-off-by: Colin Cross <ccross@android.com>
* net: Support nuking IPv6 sockets as well as IPv4.Lorenzo Colitti2011-06-144-45/+115
| | | | | | | | | | | | | | On Linux, when an interface goes down all its IPv6 addresses are deleted, so relying on knowing the previous IPv6 addresses on the interface is brittle. Instead, support nuking all sockets that are bound to IP addresses that are not configured and up on the system. This behaviour is triggered by specifying the unspecified address (:: or 0.0.0.0). If an IP address is specified, the behaviour is unchanged, except the ioctl now supports IPv6 as well as IPv4. Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
* net: Fix CONFIG_RPS option to be turned offDmitry Shmidt2011-06-141-1/+1
| | | | Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* net: activity_stats: Add statistics for network transmission activityMike Chan2011-06-143-0/+124
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When enabled, tracks the frequency of network transmissions (inbound and outbound) and buckets them accordingly. Buckets are determined by time between network activity. Each bucket represents the number of network transmisions that were N sec or longer apart. Where N is defined as 1 << bucket index. This network pattern tracking is particularly useful for wireless networks (ie: 3G) where batching network activity closely together is more power efficient than far apart. New file: /proc/net/stat/activity output: Min Bucket(sec) Count 1 7 2 0 4 1 8 0 16 0 32 2 64 1 128 0 Change-Id: I4c4cd8627b872a55f326b1715c51bc3bdd6e8d92 Signed-off-by: Mike Chan <mike@android.com>
* Bluetooth: Hack: Don't dereference null pointer.Nick Pelly2011-06-141-1/+2
| | | | | | | | | | | This avoids the S305 panic during incoming connection. S305 sends PSM 25 L2CAP connection request before the L2CAP info response. When we receive that info response we crash on null pointer here. Bug: 2127637 Change-Id: Ib637516251f46fa9a9c87ac015dc2f27df5a27fd Signed-off-by: Nick Pelly <npelly@google.com>
* Bluetooth: Add ACL MTU, available buffers and total buffers to hci_conn_info.Nick Pelly2011-06-141-0/+18
| | | | | | This provides userspace debugging tools access to ACL flow control state. Signed-off-by: Nick Pelly <npelly@google.com>
* Bluetooth: Fallback to SCO on error code 0x10 (Connection Accept Timeout).Nick Pelly2011-06-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | This is to support the Motorola HF850 carkit which reports the error code 0x10 for an eSCO attempt, even though it advertises eSCO support. Here is the hcidump: 2009-09-22 15:40:24.492391 < HCI Command: Setup Synchronous Connection (0x01|0x0028) plen 17 handle 1 voice setting 0x0060 2009-09-22 15:40:24.493002 > HCI Event: Command Status (0x0f) plen 4 Setup Synchronous Connection (0x01|0x0028) status 0x00 ncmd 1 2009-09-22 15:40:30.594869 > HCI Event: Synchronous Connect Complete (0x2c) plen 17 status 0x10 handle 257 bdaddr 00:50:CD:20:C6:84 type eSCO Error: Connection Accept Timeout Exceeded With this patch we will retry with a SCO connection, which succeeds. Unfortunately the Moto HF850 also takes 5 seconds to return the error for the eSCO attempt, so it will still take 5 seconds to fallback to SCO with this patch. Signed-off-by: Nick Pelly <npelly@google.com>
* Bluetooth: Do not attempt to send dlci disconnect when in BT_CONFIG.Nick Pelly2011-06-141-1/+0
| | | | | | | This fixes a bug where shutdown() and close() on a rfcomm socket during ACL connection would not cause HCI Create Connection Cancel. Signed-off-by: Nick Pelly <npelly@google.com>
* rfkill: Introduce CONFIG_RFKILL_PM and use instead of CONFIG_PM to power downNick Pelly2011-06-142-0/+9
| | | | | | | Some platforms do not want to power down rfkill devices on suspend. Change-Id: I62a11630521c636d54a4a02ab9037a43435925f5 Signed-off-by: Nick Pelly <npelly@google.com>
* net: Replace AID_NET_RAW checks with capable(CAP_NET_RAW).Chia-chi Yeh2011-06-142-47/+22
| | | | Signed-off-by: Chia-chi Yeh <chiachi@android.com>
* misc: uidstat: Adding uid stat driver to collect network statistics.Mike Chan2011-06-141-1/+13
| | | | Signed-off-by: Mike Chan <mike@android.com>
* sysfs_net_ipv4: Add sysfs-based knobs for controlling TCP window sizeRobert Love2011-06-142-0/+89
| | | | | | | | | | | | | | | | | | | Add a family of knobs to /sys/kernel/ipv4 for controlling the TCP window size: tcp_wmem_min tcp_wmem_def tcp_wmem_max tcp_rmem_min tcp_rmem_def tcp_rmem_max This six values mirror the sysctl knobs in /proc/sys/net/ipv4/tcp_wmem and /proc/sys/net/ipv4/tcp_rmem. Sysfs, unlike sysctl, allows us to set and manage the files' permissions and owners. Signed-off-by: Robert Love <rlove@google.com>
* net: socket ioctl to reset connections matching local addressRobert Love2011-06-143-1/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce a new socket ioctl, SIOCKILLADDR, that nukes all sockets bound to the same local address. This is useful in situations with dynamic IPs, to kill stuck connections. Signed-off-by: Brian Swetland <swetland@google.com> net: fix tcp_v4_nuke_addr Signed-off-by: Dima Zavin <dima@android.com> net: ipv4: Fix a spinlock recursion bug in tcp_v4_nuke. We can't hold the lock while calling to tcp_done(), so we drop it before calling. We then have to start at the top of the chain again. Signed-off-by: Dima Zavin <dima@android.com> net: ipv4: Fix race in tcp_v4_nuke_addr(). To fix a recursive deadlock in 2.6.29, we stopped holding the hash table lock across tcp_done() calls. This fixed the deadlock, but introduced a race where the socket could die or change state. Fix: Before unlocking the hash table, we grab a reference to the socket. We can then unlock the hash table without risk of the socket going away. We then lock the socket, which is safe because it is pinned. We can then call tcp_done() without recursive deadlock and without race. Upon return, we unlock the socket and then unpin it, killing it. Change-Id: Idcdae072b48238b01bdbc8823b60310f1976e045 Signed-off-by: Robert Love <rlove@google.com> Acked-by: Dima Zavin <dima@android.com> ipv4: disable bottom halves around call to tcp_done(). Signed-off-by: Robert Love <rlove@google.com> Signed-off-by: Colin Cross <ccross@android.com> ipv4: Move sk_error_report inside bh_lock_sock in tcp_v4_nuke_addr When sk_error_report is called, it wakes up the user-space thread, which then calls tcp_close. When the tcp_close is interrupted by the tcp_v4_nuke_addr ioctl thread running tcp_done, it leaks 392 bytes and triggers a WARN_ON. This patch moves the call to sk_error_report inside the bh_lock_sock, which matches the locking used in tcp_v4_err. Signed-off-by: Colin Cross <ccross@android.com>
* Paranoid network.Robert Love2011-06-144-2/+105
| | | | | | | | | | | | | | | | | | | | | | | | | With CONFIG_ANDROID_PARANOID_NETWORK, require specific uids/gids to instantiate network sockets. Signed-off-by: Robert Love <rlove@google.com> paranoid networking: Use in_egroup_p() to check group membership The previous group_search() caused trouble for partners with module builds. in_egroup_p() is also cleaner. Signed-off-by: Nick Pelly <npelly@google.com> Fix 2.6.29 build. Signed-off-by: Arve Hjønnevåg <arve@android.com> net: Fix compilation of the IPv6 module Fix compilation of the IPv6 module -- current->euid does not exist anymore, current_euid() is what needs to be used. Signed-off-by: Steinar H. Gunderson <sesse@google.com>
* Merge branch 'for-linus' of ↵Linus Torvalds2011-06-131-5/+10
|\ | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: ceph: unwind canceled flock state ceph: fix ENOENT logic in striped_read ceph: fix short sync reads from the OSD ceph: fix sync vs canceled write ceph: use ihold when we already have an inode ref
| * ceph: fix sync vs canceled writeSage Weil2011-06-071-5/+10
| | | | | | | | | | | | | | If we cancel a write, trigger the safe completions to prevent a sync from blocking indefinitely in ceph_osdc_sync(). Signed-off-by: Sage Weil <sage@newdream.net>
* | netpoll: call dev_put() on error in netpoll_setup()Dan Carpenter2011-06-111-1/+2
| | | | | | | | | | | | | | | | | | There is a dev_put(ndev) missing on an error path. This was introduced in 0c1ad04aecb "netpoll: prevent netpoll setup on slave devices". Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | vlan: Fix the ingress VLAN_FLAG_REORDER_HDR checkJiri Pirko2011-06-112-28/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Testing of VLAN_FLAG_REORDER_HDR does not belong in vlan_untag but rather in vlan_do_receive. Otherwise the vlan header will not be properly put on the packet in the case of vlan header accelleration. As we remove the check from vlan_check_reorder_header rename it vlan_reorder_header to keep the naming clean. Fix up the skb->pkt_type early so we don't look at the packet after adding the vlan tag, which guarantees we don't goof and look at the wrong field. Use a simple if statement instead of a complicated switch statement to decided that we need to increment rx_stats for a multicast packet. Hopefully at somepoint we will just declare the case where VLAN_FLAG_REORDER_HDR is cleared as unsupported and remove the code. Until then this keeps it working correctly. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Jiri Pirko <jpirko@redhat.com> Acked-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | ipv4: Fix packet size calculation for raw IPsec packets in __ip_append_dataSteffen Klassert2011-06-091-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We assume that transhdrlen is positive on the first fragment which is wrong for raw packets. So we don't add exthdrlen to the packet size for raw packets. This leads to a reallocation on IPsec because we have not enough headroom on the skb to place the IPsec headers. This patch fixes this by adding exthdrlen to the packet size whenever the send queue of the socket is empty. This issue was introduced with git commit 1470ddf7 (inet: Remove explicit write references to sk/inet in ip_append_data) Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | Merge branch 'master' of ↵John W. Linville2011-06-096-36/+16
|\ \ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into for-davem
| * | mac80211: fix IBSS teardown raceJohannes Berg2011-06-081-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ignacy reports that sometimes after leaving an IBSS joining a new one didn't work because there still were stations on the list. He fixed it by flushing stations when attempting to join a new IBSS, but this shouldn't be happening in the first case. When I looked into it I saw a race condition in teardown that could cause stations to be added after flush, and thus cause this situation. Ignacy confirms that after applying my patch he hasn't seen this happen again. Reported-by: Ignacy Gawedzki <i@lri.fr> Debugged-by: Ignacy Gawedzki <i@lri.fr> Tested-by: Ignacy Gawedzki <i@lri.fr> Cc: stable@kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | nl80211: fix overflow in ssid_lenLuciano Coelho2011-06-071-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When one of the SSID's length passed in a scan or sched_scan request is larger than 255, there will be an overflow in the u8 that is used to store the length before checking. This causes the check to fail and we overrun the buffer when copying the SSID. Fix this by checking the nl80211 attribute length before copying it to the struct. This is a follow up for the previous commit 208c72f4fe44fe09577e7975ba0e7fa0278f3d03, which didn't fix the problem entirely. Reported-by: Ido Yariv <ido@wizery.com> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | Revert "mac80211: stop queues before rate control updation"John W. Linville2011-06-071-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 1d38c16ce4156f63b45abbd09dd28ca2ef5172b4. The mac80211 maintainer raised complaints about abuse of the CSA stop reason, and about whether this patch actually serves its intended purpose at all. Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | Revert "mac80211: Skip tailroom reservation for full HW-crypto devices"John W. Linville2011-06-063-23/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit aac6af5534fade2b18682a0b9efad1a6c04c34c6. Conflicts: net/mac80211/key.c That commit has a race that causes a warning, as documented in the thread here: http://marc.info/?l=linux-wireless&m=130717684914101&w=2 Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | netpoll: prevent netpoll setup on slave devicesWANG Cong2011-06-091-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In commit 8d8fc29d02a33e4bd5f4fa47823c1fd386346093 (netpoll: disable netpoll when enslave a device), we automatically disable netpoll when the underlying device is being enslaved, we also need to prevent people from setuping netpoll on devices that are already enslaved. Signed-off-by: WANG Cong <amwang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | net: pmtu_expires fixesEric Dumazet2011-06-091-34/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit 2c8cec5c10bc (ipv4: Cache learned PMTU information in inetpeer) added some racy peer->pmtu_expires accesses. As its value can be changed by another cpu/thread, we should be more careful, reading its value once. Add peer_pmtu_expired() and peer_pmtu_cleaned() helpers Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | xfrm: Fix off by one in the replay advance functionsSteffen Klassert2011-06-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | We may write 4 byte too much when we reinitialize the anti replay window in the replay advance functions. This patch fixes this by adjusting the last index of the initialization loop. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | net: cpu offline cause napi stallHeiko Carstens2011-06-071-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Frank Blaschka reported : <quote> During heavy network load we turn off/on cpus. Sometimes this causes a stall on the network device. Digging into the dump I found out following: napi is scheduled but does not run. From the I/O buffers and the napi state I see napi/rx_softirq processing has stopped because the budget was reached. napi stays in the softnet_data poll_list and the rx_softirq was raised again. I assume at this time the cpu offline comes in, the rx softirq is raised/moved to another cpu but napi stays in the poll_list of the softnet_data of the now offline cpu. Reviewing dev_cpu_callback (net/core/dev.c) I did not find the poll_list is transfered to the new cpu. </quote> This patch is a straightforward implementation of Frank suggestion : Transfert poll_list and trigger NET_RX_SOFTIRQ on new cpu. Reported-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Tested-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | bridge: provide a cow_metrics method for fake_opsAlexander Holler2011-06-071-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Like in commit 0972ddb237 (provide cow_metrics() methods to blackhole dst_ops), we must provide a cow_metrics for bridges fake_dst_ops as well. This fixes a regression coming from commits 62fa8a846d7d (net: Implement read-only protection and COW'ing of metrics.) and 33eb9873a28 (bridge: initialize fake_rtable metrics) ip link set mybridge mtu 1234 --> [ 136.546243] Pid: 8415, comm: ip Tainted: P 2.6.39.1-00006-g40545b7 #103 ASUSTeK Computer Inc. V1Sn /V1Sn [ 136.546256] EIP: 0060:[<00000000>] EFLAGS: 00010202 CPU: 0 [ 136.546268] EIP is at 0x0 [ 136.546273] EAX: f14a389c EBX: 000005d4 ECX: f80d32c0 EDX: f80d1da1 [ 136.546279] ESI: f14a3000 EDI: f255bf10 EBP: f15c3b54 ESP: f15c3b48 [ 136.546285] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 [ 136.546293] Process ip (pid: 8415, ti=f15c2000 task=f4741f80 task.ti=f15c2000) [ 136.546297] Stack: [ 136.546301] f80c658f f14a3000 ffffffed f15c3b64 c12cb9c8 f80d1b80 ffffffa1 f15c3bbc [ 136.546315] c12da347 c12d9c7d 00000000 f7670b00 00000000 f80d1b80 ffffffa6 f15c3be4 [ 136.546329] 00000004 f14a3000 f255bf20 00000008 f15c3bbc c11d6cae 00000000 00000000 [ 136.546343] Call Trace: [ 136.546359] [<f80c658f>] ? br_change_mtu+0x5f/0x80 [bridge] [ 136.546372] [<c12cb9c8>] dev_set_mtu+0x38/0x80 [ 136.546381] [<c12da347>] do_setlink+0x1a7/0x860 [ 136.546390] [<c12d9c7d>] ? rtnl_fill_ifinfo+0x9bd/0xc70 [ 136.546400] [<c11d6cae>] ? nla_parse+0x6e/0xb0 [ 136.546409] [<c12db931>] rtnl_newlink+0x361/0x510 [ 136.546420] [<c1023240>] ? vmalloc_sync_all+0x100/0x100 [ 136.546429] [<c1362762>] ? error_code+0x5a/0x60 [ 136.546438] [<c12db5d0>] ? rtnl_configure_link+0x80/0x80 [ 136.546446] [<c12db27a>] rtnetlink_rcv_msg+0xfa/0x210 [ 136.546454] [<c12db180>] ? __rtnl_unlock+0x20/0x20 [ 136.546463] [<c12ee0fe>] netlink_rcv_skb+0x8e/0xb0 [ 136.546471] [<c12daf1c>] rtnetlink_rcv+0x1c/0x30 [ 136.546479] [<c12edafa>] netlink_unicast+0x23a/0x280 [ 136.546487] [<c12ede6b>] netlink_sendmsg+0x26b/0x2f0 [ 136.546497] [<c12bb828>] sock_sendmsg+0xc8/0x100 [ 136.546508] [<c10adf61>] ? __alloc_pages_nodemask+0xe1/0x750 [ 136.546517] [<c11d0602>] ? _copy_from_user+0x42/0x60 [ 136.546525] [<c12c5e4c>] ? verify_iovec+0x4c/0xc0 [ 136.546534] [<c12bd805>] sys_sendmsg+0x1c5/0x200 [ 136.546542] [<c10c2150>] ? __do_fault+0x310/0x410 [ 136.546549] [<c10c2c46>] ? do_wp_page+0x1d6/0x6b0 [ 136.546557] [<c10c47d1>] ? handle_pte_fault+0xe1/0x720 [ 136.546565] [<c12bd1af>] ? sys_getsockname+0x7f/0x90 [ 136.546574] [<c10c4ec1>] ? handle_mm_fault+0xb1/0x180 [ 136.546582] [<c1023240>] ? vmalloc_sync_all+0x100/0x100 [ 136.546589] [<c10233b3>] ? do_page_fault+0x173/0x3d0 [ 136.546596] [<c12bd87b>] ? sys_recvmsg+0x3b/0x60 [ 136.546605] [<c12bdd83>] sys_socketcall+0x293/0x2d0 [ 136.546614] [<c13629d0>] sysenter_do_call+0x12/0x26 [ 136.546619] Code: Bad EIP value. [ 136.546627] EIP: [<00000000>] 0x0 SS:ESP 0068:f15c3b48 [ 136.546645] CR2: 0000000000000000 [ 136.546652] ---[ end trace 6909b560e78934fa ]--- Signed-off-by: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | af_packet: prevent information leakEric Dumazet2011-06-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In 2.6.27, commit 393e52e33c6c2 (packet: deliver VLAN TCI to userspace) added a small information leak. Add padding field and make sure its zeroed before copy to user. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | irda: iriap: Use seperate lockdep class for irias_objects->hb_spinlockDavid S. Miller2011-06-061-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The SEQ output functions grab the obj->attrib->hb_spinlock lock of sub-objects found in the hash traversal. These locks are in a different realm than the one used for the irias_objects hash table itself. So put the latter into it's own lockdep class. Reported-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | net: Rework netdev_drivername() to avoid warning.David S. Miller2011-06-062-13/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This interface uses a temporary buffer, but for no real reason. And now can generate warnings like: net/sched/sch_generic.c: In function dev_watchdog net/sched/sch_generic.c:254:10: warning: unused variable drivername Just return driver->name directly or "". Reported-by: Connor Hansen <cmdkhh@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | net/ipv6: check for mistakenly passed in non-AF_INET6 sockaddrsMarcus Meissner2011-06-061-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Same check as for IPv4, also do for IPv6. (If you passed in a IPv4 sockaddr_in here, the sizeof check in the line before would have triggered already though.) Signed-off-by: Marcus Meissner <meissner@suse.de> Cc: Reinhard Max <max@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | Merge branch 'for-davem' of ↵David S. Miller2011-06-061-0/+4
|\ \ \ | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
| * \ \ Merge branch 'master' of ↵John W. Linville2011-06-061-0/+4
| |\ \ \ | | |/ / | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into for-davem
| | * | mac80211: call dev_alloc_name before copying name to sdataThadeu Lima de Souza Cascardo2011-06-031-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This partially reverts 1c5cae815d19ffe02bdfda1260949ef2b1806171, because the netdev name is copied into sdata->name, which is used for debugging messages, for example. Otherwise, we get messages like this: wlan%d: authenticated Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com> Cc: Jiri Pirko <jpirko@redhat.com> Cc: David S. Miller <davem@davemloft.net> Cc: Johannes Berg <johannes@sipsolutions.net> Cc: "John W. Linville" <linville@tuxdriver.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | | netfilter: use unsigned variables for packet lengths in ip[6]_queue.Dave Jones2011-06-062-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Netlink message lengths can't be negative, so use unsigned variables. Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | | netfilter: nf_conntrack: fix ct refcount leak in l4proto->error()Pablo Neira Ayuso2011-06-063-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes a refcount leak of ct objects that may occur if l4proto->error() assigns one conntrack object to one skbuff. In that case, we have to skip further processing in nf_conntrack_in(). With this patch, we can also fix wrong return values (-NF_ACCEPT) for special cases in ICMP[v6] that should not bump the invalid/error statistic counters. Reported-by: Zoltan Menyhart <Zoltan.Menyhart@bull.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | | netfilter: nf_nat: fix crash in nf_nat_csumJulian Anastasov2011-06-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix crash in nf_nat_csum when mangling packets in OUTPUT hook where skb->dev is not defined, it is set later before POSTROUTING. Problem happens for CHECKSUM_NONE. We can check device from rt but using CHECKSUM_PARTIAL should be safe (skb_checksum_help). Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | | netfilter: ipset: Use the stored first cidr value instead of '1'Jozsef Kadlecsik2011-06-063-8/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The stored cidr values are tried one after anoter. The boolean condition evaluated to '1' instead of the first stored cidr or the default host cidr. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | | netfilter: ipset: Fix return code for destroy when sets are in useJozsef Kadlecsik2011-06-061-1/+1
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | | ipvs: restore support for iptables SNATJulian Anastasov2011-06-061-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the IPVS priority in LOCAL_IN hook, so that SNAT target in POSTROUTING is supported for IPVS traffic as in 2.6.36 where it worked depending on module load order. Before 2.6.37 we used priority 100 in LOCAL_IN to process remote requests. We used the same priority as iptables SNAT and if IPVS handlers are installed before SNAT handlers we supported SNAT in POSTROUTING for the IPVS traffic. If SNAT is installed before IPVS, the netfilter handlers are before IPVS and netfilter checks the NAT table twice for the IPVS requests: once in LOCAL_IN where IPS_SRC_NAT_DONE is set and second time in POSTROUTING where the SNAT rules are ignored because IPS_SRC_NAT_DONE was already set in LOCAL_IN. But in 2.6.37 we changed the IPVS priority for LOCAL_IN with the goal to be unique (101) forgetting the fact that for IPVS traffic we should not walk both LOCAL_IN and POSTROUTING nat tables. So, change the priority for processing remote IPVS requests from 101 to 99, i.e. before NAT_SRC (100) because we prefer to support SNAT in POSTROUTING instead of LOCAL_IN. It also moves the priority for IPVS replies from 99 to 98. Use constants instead of magic numbers at these places. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | | netfilter: add more values to enum ip_conntrack_infoEric Dumazet2011-06-0615-27/+23
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following error is raised (and other similar ones) : net/ipv4/netfilter/nf_nat_standalone.c: In function ‘nf_nat_fn’: net/ipv4/netfilter/nf_nat_standalone.c:119:2: warning: case value ‘4’ not in enumerated type ‘enum ip_conntrack_info’ gcc barfs on adding two enum values and getting a not enumerated result : case IP_CT_RELATED+IP_CT_IS_REPLY: Add missing enum values Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: David Miller <davem@davemloft.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
generated by cgit v1.1 at 2025-02-13 22:11:59 +0000