From fd184ab4283a6a6105e8312a497d2a2a193eaf67 Mon Sep 17 00:00:00 2001 From: Marcel Holtmann Date: Thu, 24 May 2007 14:26:15 +0200 Subject: [Bluetooth] Always send HCI_Reset for Broadcom devices In case of Broadcom based Bluetooth devices, it is safe to always send HCI_Reset as first command. This gives the advantage that all HID Proxy versions will automatically work and don't need any additional quirks anymore. Signed-off-by: Marcel Holtmann diff --git a/drivers/bluetooth/hci_usb.c b/drivers/bluetooth/hci_usb.c index b0238b4..7e04dd6 100644 --- a/drivers/bluetooth/hci_usb.c +++ b/drivers/bluetooth/hci_usb.c @@ -115,11 +115,11 @@ static struct usb_device_id blacklist_ids[] = { { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 }, /* Broadcom BCM2045 */ - { USB_DEVICE(0x0a5c, 0x2101), .driver_info = HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x0a5c, 0x2101), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, /* IBM/Lenovo ThinkPad with Broadcom chip */ - { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_WRONG_SCO_MTU }, - { USB_DEVICE(0x0a5c, 0x2110), .driver_info = HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x0a5c, 0x2110), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, /* Targus ACB10US */ { USB_DEVICE(0x0a5c, 0x2100), .driver_info = HCI_RESET }, @@ -128,17 +128,17 @@ static struct usb_device_id blacklist_ids[] = { { USB_DEVICE(0x0a5c, 0x2111), .driver_info = HCI_RESET }, /* HP laptop with Broadcom chip */ - { USB_DEVICE(0x03f0, 0x171d), .driver_info = HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x03f0, 0x171d), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, /* Dell laptop with Broadcom chip */ - { USB_DEVICE(0x413c, 0x8126), .driver_info = HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x413c, 0x8126), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, /* Microsoft Wireless Transceiver for Bluetooth 2.0 */ { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET }, /* Kensington Bluetooth USB adapter */ { USB_DEVICE(0x047d, 0x105d), .driver_info = HCI_RESET }, - { USB_DEVICE(0x047d, 0x105e), .driver_info = HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x047d, 0x105e), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, /* ISSC Bluetooth Adapter v3.1 */ { USB_DEVICE(0x1131, 0x1001), .driver_info = HCI_RESET }, @@ -148,8 +148,8 @@ static struct usb_device_id blacklist_ids[] = { { USB_DEVICE(0x0400, 0x080a), .driver_info = HCI_BROKEN_ISOC }, /* Belkin F8T012 and F8T013 devices */ - { USB_DEVICE(0x050d, 0x0012), .driver_info = HCI_WRONG_SCO_MTU }, - { USB_DEVICE(0x050d, 0x0013), .driver_info = HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x050d, 0x0012), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x050d, 0x0013), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, /* Digianswer devices */ { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER }, -- cgit v0.10.2 From 5dee9e7c4c869fcffccc3d432b755793dfa71376 Mon Sep 17 00:00:00 2001 From: Marcel Holtmann Date: Thu, 24 May 2007 14:27:19 +0200 Subject: [Bluetooth] Fix L2CAP configuration parameter handling The L2CAP configuration parameter handling was missing the support for rejecting unknown options. The capability to reject unknown options is mandatory since the Bluetooth 1.2 specification. This patch implements its and also simplifies the parameter parsing. Signed-off-by: Marcel Holtmann diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h index 8242a0e..87df4e8 100644 --- a/include/net/bluetooth/l2cap.h +++ b/include/net/bluetooth/l2cap.h @@ -129,8 +129,10 @@ struct l2cap_conf_rsp { __u8 data[0]; } __attribute__ ((packed)); -#define L2CAP_CONF_SUCCESS 0x00 -#define L2CAP_CONF_UNACCEPT 0x01 +#define L2CAP_CONF_SUCCESS 0x0000 +#define L2CAP_CONF_UNACCEPT 0x0001 +#define L2CAP_CONF_REJECT 0x0002 +#define L2CAP_CONF_UNKNOWN 0x0003 struct l2cap_conf_opt { __u8 type; @@ -215,6 +217,8 @@ struct l2cap_pinfo { __u32 link_mode; + __u8 conf_req[64]; + __u8 conf_len; __u8 conf_state; __u8 conf_retry; __u16 conf_mtu; diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index a59b1fb..670ff95 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -507,6 +507,7 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent) } /* Default config options */ + pi->conf_len = 0; pi->conf_mtu = L2CAP_DEFAULT_MTU; pi->flush_to = L2CAP_DEFAULT_FLUSH_TO; } @@ -1271,42 +1272,6 @@ static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned return len; } -static inline void l2cap_parse_conf_req(struct sock *sk, void *data, int len) -{ - int type, hint, olen; - unsigned long val; - void *ptr = data; - - BT_DBG("sk %p len %d", sk, len); - - while (len >= L2CAP_CONF_OPT_SIZE) { - len -= l2cap_get_conf_opt(&ptr, &type, &olen, &val); - - hint = type & 0x80; - type &= 0x7f; - - switch (type) { - case L2CAP_CONF_MTU: - l2cap_pi(sk)->conf_mtu = val; - break; - - case L2CAP_CONF_FLUSH_TO: - l2cap_pi(sk)->flush_to = val; - break; - - case L2CAP_CONF_QOS: - break; - - default: - if (hint) - break; - - /* FIXME: Reject unknown option */ - break; - } - } -} - static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val) { struct l2cap_conf_opt *opt = *ptr; @@ -1358,39 +1323,75 @@ static int l2cap_build_conf_req(struct sock *sk, void *data) return ptr - data; } -static inline int l2cap_conf_output(struct sock *sk, void **ptr) +static int l2cap_parse_conf_req(struct sock *sk, void *data) { struct l2cap_pinfo *pi = l2cap_pi(sk); - int result = 0; + struct l2cap_conf_rsp *rsp = data; + void *ptr = rsp->data; + void *req = pi->conf_req; + int len = pi->conf_len; + int type, hint, olen; + unsigned long val; + u16 result = L2CAP_CONF_SUCCESS; - /* Configure output options and let the other side know - * which ones we don't like. */ - if (pi->conf_mtu < pi->omtu) - result = L2CAP_CONF_UNACCEPT; - else - pi->omtu = pi->conf_mtu; + BT_DBG("sk %p", sk); + + while (len >= L2CAP_CONF_OPT_SIZE) { + len -= l2cap_get_conf_opt(&req, &type, &olen, &val); - l2cap_add_conf_opt(ptr, L2CAP_CONF_MTU, 2, pi->omtu); + hint = type & 0x80; + type &= 0x7f; + + switch (type) { + case L2CAP_CONF_MTU: + pi->conf_mtu = val; + break; + + case L2CAP_CONF_FLUSH_TO: + pi->flush_to = val; + break; + + case L2CAP_CONF_QOS: + break; + + default: + if (hint) + break; + + result = L2CAP_CONF_UNKNOWN; + *((u8 *) ptr++) = type; + break; + } + } + + if (result == L2CAP_CONF_SUCCESS) { + /* Configure output options and let the other side know + * which ones we don't like. */ + + if (pi->conf_mtu < pi->omtu) + result = L2CAP_CONF_UNACCEPT; + else + pi->omtu = pi->conf_mtu; + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu); + } - BT_DBG("sk %p result %d", sk, result); - return result; + rsp->scid = cpu_to_le16(pi->dcid); + rsp->result = cpu_to_le16(result); + rsp->flags = cpu_to_le16(0x0000); + + return ptr - data; } -static int l2cap_build_conf_rsp(struct sock *sk, void *data, int *result) +static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags) { struct l2cap_conf_rsp *rsp = data; void *ptr = rsp->data; - u16 flags = 0; - - BT_DBG("sk %p complete %d", sk, result ? 1 : 0); - if (result) - *result = l2cap_conf_output(sk, &ptr); - else - flags = 0x0001; + BT_DBG("sk %p", sk); rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid); - rsp->result = cpu_to_le16(result ? *result : 0); + rsp->result = cpu_to_le16(result); rsp->flags = cpu_to_le16(flags); return ptr - data; @@ -1535,7 +1536,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr u16 dcid, flags; u8 rsp[64]; struct sock *sk; - int result; + int len; dcid = __le16_to_cpu(req->dcid); flags = __le16_to_cpu(req->flags); @@ -1548,25 +1549,40 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr if (sk->sk_state == BT_DISCONN) goto unlock; - l2cap_parse_conf_req(sk, req->data, cmd->len - sizeof(*req)); + /* Reject if config buffer is too small. */ + len = cmd->len - sizeof(*req); + if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) { + l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, + l2cap_build_conf_rsp(sk, rsp, + L2CAP_CONF_REJECT, flags), rsp); + goto unlock; + } + + /* Store config. */ + memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len); + l2cap_pi(sk)->conf_len += len; if (flags & 0x0001) { /* Incomplete config. Send empty response. */ l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, - l2cap_build_conf_rsp(sk, rsp, NULL), rsp); + l2cap_build_conf_rsp(sk, rsp, + L2CAP_CONF_SUCCESS, 0x0001), rsp); goto unlock; } /* Complete config. */ - l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, - l2cap_build_conf_rsp(sk, rsp, &result), rsp); - - if (result) + len = l2cap_parse_conf_req(sk, rsp); + if (len < 0) goto unlock; - /* Output config done */ + l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp); + + /* Output config done. */ l2cap_pi(sk)->conf_state |= L2CAP_CONF_OUTPUT_DONE; + /* Reset config buffer. */ + l2cap_pi(sk)->conf_len = 0; + if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) { sk->sk_state = BT_CONNECTED; l2cap_chan_ready(sk); -- cgit v0.10.2 From 36247f5421015eab0bdd96789b24790598934db9 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 23 May 2007 14:30:44 -0700 Subject: [NET_SCHED]: Fix qdisc_restart return value when dequeue is empty My previous patch that changed the return value of qdisc_restart incorrectly made the case where dequeue returns empty continue processing packets. This patch is based on diagnosis and fix by Patrick McHardy. Reported-and-debugged-by: Anant Nitya Signed-off-by: Herbert Xu Signed-off-by: David S. Miller diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c index f28bb2d..cbefe22 100644 --- a/net/sched/sch_generic.c +++ b/net/sched/sch_generic.c @@ -169,8 +169,8 @@ requeue: else q->ops->requeue(skb, q); netif_schedule(dev); - return 0; } + return 0; out: BUG_ON((int) q->q.qlen < 0); -- cgit v0.10.2 From bbb711e63332d7b43b535381c78b26a66cd60f48 Mon Sep 17 00:00:00 2001 From: Oliver Hartkopp Date: Wed, 23 May 2007 14:35:31 -0700 Subject: [IPV6]: Ignore ipv6 events on non-IPV6 capable devices. Signed-off-by: Oliver Hartkopp Signed-off-by: Urs Thuermann Signed-off-by: David S. Miller diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index c7ea248..329de67 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -2154,15 +2154,6 @@ static void addrconf_dev_config(struct net_device *dev) ASSERT_RTNL(); - if ((dev->type != ARPHRD_ETHER) && - (dev->type != ARPHRD_FDDI) && - (dev->type != ARPHRD_IEEE802_TR) && - (dev->type != ARPHRD_ARCNET) && - (dev->type != ARPHRD_INFINIBAND)) { - /* Alas, we support only Ethernet autoconfiguration. */ - return; - } - idev = addrconf_add_dev(dev); if (idev == NULL) return; @@ -2250,13 +2241,33 @@ static void addrconf_ip6_tnl_config(struct net_device *dev) ip6_tnl_add_linklocal(idev); } +static int ipv6_hwtype(struct net_device *dev) +{ + if ((dev->type == ARPHRD_ETHER) || + (dev->type == ARPHRD_LOOPBACK) || + (dev->type == ARPHRD_SIT) || + (dev->type == ARPHRD_TUNNEL6) || + (dev->type == ARPHRD_FDDI) || + (dev->type == ARPHRD_IEEE802_TR) || + (dev->type == ARPHRD_ARCNET) || + (dev->type == ARPHRD_INFINIBAND)) + return 1; + + return 0; +} + static int addrconf_notify(struct notifier_block *this, unsigned long event, void * data) { struct net_device *dev = (struct net_device *) data; - struct inet6_dev *idev = __in6_dev_get(dev); + struct inet6_dev *idev; int run_pending = 0; + if (!ipv6_hwtype(dev)) + return NOTIFY_OK; + + idev = __in6_dev_get(dev); + switch(event) { case NETDEV_REGISTER: if (!idev) { -- cgit v0.10.2 From 7e7a2d07b0faf13b2f7ad982c77ca30c9e9ee0e4 Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke Date: Wed, 23 May 2007 14:45:45 -0700 Subject: [ATM]: Use mutex instead of binary semaphore in idt77252 driver. Use mutex instead of binary semaphore in idt77252 driver. Signed-off-by: Matthias Kaehlcke Signed-off-by: Andrew Morton Signed-off-by: David S. Miller diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c index 057efbc..3800bc0 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c @@ -47,7 +47,8 @@ static char const rcsid[] = #include #include #include -#include +#include + #include #include #include @@ -2435,7 +2436,7 @@ idt77252_open(struct atm_vcc *vcc) set_bit(ATM_VF_ADDR, &vcc->flags); - down(&card->mutex); + mutex_lock(&card->mutex); OPRINTK("%s: opening vpi.vci: %d.%d\n", card->name, vpi, vci); @@ -2446,7 +2447,7 @@ idt77252_open(struct atm_vcc *vcc) break; default: printk("%s: Unsupported AAL: %d\n", card->name, vcc->qos.aal); - up(&card->mutex); + mutex_unlock(&card->mutex); return -EPROTONOSUPPORT; } @@ -2455,7 +2456,7 @@ idt77252_open(struct atm_vcc *vcc) card->vcs[index] = kzalloc(sizeof(struct vc_map), GFP_KERNEL); if (!card->vcs[index]) { printk("%s: can't alloc vc in open()\n", card->name); - up(&card->mutex); + mutex_unlock(&card->mutex); return -ENOMEM; } card->vcs[index]->card = card; @@ -2484,14 +2485,14 @@ idt77252_open(struct atm_vcc *vcc) if (inuse) { printk("%s: %s vci already in use.\n", card->name, inuse == 1 ? "tx" : inuse == 2 ? "rx" : "tx and rx"); - up(&card->mutex); + mutex_unlock(&card->mutex); return -EADDRINUSE; } if (vcc->qos.txtp.traffic_class != ATM_NONE) { error = idt77252_init_tx(card, vc, vcc, &vcc->qos); if (error) { - up(&card->mutex); + mutex_unlock(&card->mutex); return error; } } @@ -2499,14 +2500,14 @@ idt77252_open(struct atm_vcc *vcc) if (vcc->qos.rxtp.traffic_class != ATM_NONE) { error = idt77252_init_rx(card, vc, vcc, &vcc->qos); if (error) { - up(&card->mutex); + mutex_unlock(&card->mutex); return error; } } set_bit(ATM_VF_READY, &vcc->flags); - up(&card->mutex); + mutex_unlock(&card->mutex); return 0; } @@ -2520,7 +2521,7 @@ idt77252_close(struct atm_vcc *vcc) unsigned long addr; unsigned long timeout; - down(&card->mutex); + mutex_lock(&card->mutex); IPRINTK("%s: idt77252_close: vc = %d (%d.%d)\n", card->name, vc->index, vcc->vpi, vcc->vci); @@ -2591,7 +2592,7 @@ done: free_scq(card, vc->scq); } - up(&card->mutex); + mutex_unlock(&card->mutex); } static int @@ -2602,7 +2603,7 @@ idt77252_change_qos(struct atm_vcc *vcc, struct atm_qos *qos, int flags) struct vc_map *vc = vcc->dev_data; int error = 0; - down(&card->mutex); + mutex_lock(&card->mutex); if (qos->txtp.traffic_class != ATM_NONE) { if (!test_bit(VCF_TX, &vc->flags)) { @@ -2648,7 +2649,7 @@ idt77252_change_qos(struct atm_vcc *vcc, struct atm_qos *qos, int flags) set_bit(ATM_VF_HASQOS, &vcc->flags); out: - up(&card->mutex); + mutex_unlock(&card->mutex); return error; } @@ -3709,7 +3710,7 @@ idt77252_init_one(struct pci_dev *pcidev, const struct pci_device_id *id) membase = pci_resource_start(pcidev, 1); srambase = pci_resource_start(pcidev, 2); - init_MUTEX(&card->mutex); + mutex_init(&card->mutex); spin_lock_init(&card->cmd_lock); spin_lock_init(&card->tst_lock); diff --git a/drivers/atm/idt77252.h b/drivers/atm/idt77252.h index 544b397..6f2b4a5 100644 --- a/drivers/atm/idt77252.h +++ b/drivers/atm/idt77252.h @@ -37,7 +37,7 @@ #include #include #include - +#include /*****************************************************************************/ /* */ @@ -359,7 +359,7 @@ struct idt77252_dev unsigned long srambase; /* SAR's sram base address */ void __iomem *fbq[4]; /* FBQ fill addresses */ - struct semaphore mutex; + struct mutex mutex; spinlock_t cmd_lock; /* for r/w utility/sram */ unsigned long softstat; -- cgit v0.10.2 From 3df25df354d0e9bae9b83be5a828b6756db9bcf4 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 23 May 2007 14:46:35 -0700 Subject: [DCCP]: Use menuconfig objects. Use menuconfigs instead of menus, so the whole menu can be disabled at once instead of going through all options. Signed-off-by: Jan Engelhardt Signed-off-by: Andrew Morton Signed-off-by: David S. Miller diff --git a/net/dccp/Kconfig b/net/dccp/Kconfig index b8a68dd..0549e47 100644 --- a/net/dccp/Kconfig +++ b/net/dccp/Kconfig @@ -1,8 +1,6 @@ -menu "DCCP Configuration (EXPERIMENTAL)" - depends on INET && EXPERIMENTAL - -config IP_DCCP +menuconfig IP_DCCP tristate "The DCCP Protocol (EXPERIMENTAL)" + depends on INET && EXPERIMENTAL ---help--- Datagram Congestion Control Protocol (RFC 4340) @@ -19,19 +17,20 @@ config IP_DCCP If in doubt, say N. +if IP_DCCP + config INET_DCCP_DIAG - depends on IP_DCCP && INET_DIAG + depends on INET_DIAG def_tristate y if (IP_DCCP = y && INET_DIAG = y) def_tristate m config IP_DCCP_ACKVEC - depends on IP_DCCP bool source "net/dccp/ccids/Kconfig" menu "DCCP Kernel Hacking" - depends on IP_DCCP && DEBUG_KERNEL=y + depends on DEBUG_KERNEL=y config IP_DCCP_DEBUG bool "DCCP debug messages" @@ -61,4 +60,4 @@ config NET_DCCPPROBE endmenu -endmenu +endif # IP_DDCP -- cgit v0.10.2 From a6938a1e0e0ebdf42f34b37116576d9eaaa9bba4 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 23 May 2007 14:48:10 -0700 Subject: [IPVS]: Use menuconfig objects. Use menuconfigs instead of menus, so the whole menu can be disabled at once instead of going through all options. Signed-off-by: Jan Engelhardt Acked-by: Simon Horman Signed-off-by: Andrew Morton Signed-off-by: David S. Miller diff --git a/net/ipv4/ipvs/Kconfig b/net/ipv4/ipvs/Kconfig index 891b935..09d0c3f 100644 --- a/net/ipv4/ipvs/Kconfig +++ b/net/ipv4/ipvs/Kconfig @@ -1,10 +1,7 @@ # # IP Virtual Server configuration # -menu "IP: Virtual Server Configuration" - depends on NETFILTER - -config IP_VS +menuconfig IP_VS tristate "IP virtual server support (EXPERIMENTAL)" depends on NETFILTER ---help--- @@ -25,9 +22,10 @@ config IP_VS If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. +if IP_VS + config IP_VS_DEBUG bool "IP virtual server debugging" - depends on IP_VS ---help--- Say Y here if you want to get additional messages useful in debugging the IP virtual server code. You can change the debug @@ -35,7 +33,6 @@ config IP_VS_DEBUG config IP_VS_TAB_BITS int "IPVS connection table size (the Nth power of 2)" - depends on IP_VS default "12" ---help--- The IPVS connection hash table uses the chaining scheme to handle @@ -61,42 +58,35 @@ config IP_VS_TAB_BITS needed for your box. comment "IPVS transport protocol load balancing support" - depends on IP_VS config IP_VS_PROTO_TCP bool "TCP load balancing support" - depends on IP_VS ---help--- This option enables support for load balancing TCP transport protocol. Say Y if unsure. config IP_VS_PROTO_UDP bool "UDP load balancing support" - depends on IP_VS ---help--- This option enables support for load balancing UDP transport protocol. Say Y if unsure. config IP_VS_PROTO_ESP bool "ESP load balancing support" - depends on IP_VS ---help--- This option enables support for load balancing ESP (Encapsulation Security Payload) transport protocol. Say Y if unsure. config IP_VS_PROTO_AH bool "AH load balancing support" - depends on IP_VS ---help--- This option enables support for load balancing AH (Authentication Header) transport protocol. Say Y if unsure. comment "IPVS scheduler" - depends on IP_VS config IP_VS_RR tristate "round-robin scheduling" - depends on IP_VS ---help--- The robin-robin scheduling algorithm simply directs network connections to different real servers in a round-robin manner. @@ -106,7 +96,6 @@ config IP_VS_RR config IP_VS_WRR tristate "weighted round-robin scheduling" - depends on IP_VS ---help--- The weighted robin-robin scheduling algorithm directs network connections to different real servers based on server weights @@ -120,7 +109,6 @@ config IP_VS_WRR config IP_VS_LC tristate "least-connection scheduling" - depends on IP_VS ---help--- The least-connection scheduling algorithm directs network connections to the server with the least number of active @@ -131,7 +119,6 @@ config IP_VS_LC config IP_VS_WLC tristate "weighted least-connection scheduling" - depends on IP_VS ---help--- The weighted least-connection scheduling algorithm directs network connections to the server with the least active connections @@ -142,7 +129,6 @@ config IP_VS_WLC config IP_VS_LBLC tristate "locality-based least-connection scheduling" - depends on IP_VS ---help--- The locality-based least-connection scheduling algorithm is for destination IP load balancing. It is usually used in cache cluster. @@ -157,7 +143,6 @@ config IP_VS_LBLC config IP_VS_LBLCR tristate "locality-based least-connection with replication scheduling" - depends on IP_VS ---help--- The locality-based least-connection with replication scheduling algorithm is also for destination IP load balancing. It is @@ -176,7 +161,6 @@ config IP_VS_LBLCR config IP_VS_DH tristate "destination hashing scheduling" - depends on IP_VS ---help--- The destination hashing scheduling algorithm assigns network connections to the servers through looking up a statically assigned @@ -187,7 +171,6 @@ config IP_VS_DH config IP_VS_SH tristate "source hashing scheduling" - depends on IP_VS ---help--- The source hashing scheduling algorithm assigns network connections to the servers through looking up a statically assigned @@ -198,7 +181,6 @@ config IP_VS_SH config IP_VS_SED tristate "shortest expected delay scheduling" - depends on IP_VS ---help--- The shortest expected delay scheduling algorithm assigns network connections to the server with the shortest expected delay. The @@ -212,7 +194,6 @@ config IP_VS_SED config IP_VS_NQ tristate "never queue scheduling" - depends on IP_VS ---help--- The never queue scheduling algorithm adopts a two-speed model. When there is an idle server available, the job will be sent to @@ -225,11 +206,10 @@ config IP_VS_NQ module, choose M here. If unsure, say N. comment 'IPVS application helper' - depends on IP_VS config IP_VS_FTP tristate "FTP protocol helper" - depends on IP_VS && IP_VS_PROTO_TCP + depends on IP_VS_PROTO_TCP ---help--- FTP is a protocol that transfers IP address and/or port number in the payload. In the virtual server via Network Address Translation, @@ -241,4 +221,4 @@ config IP_VS_FTP If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. -endmenu +endif # IP_VS -- cgit v0.10.2 From 29e32ccdec8574aa5b6e0b6b555815dbb62591e1 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 23 May 2007 14:48:57 -0700 Subject: [SCTP]: Use menuconfig objects. Use menuconfigs instead of menus, so the whole menu can be disabled at once instead of going through all options. Signed-off-by: Jan Engelhardt Signed-off-by: Andrew Morton Signed-off-by: David S. Miller diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig index 9cba49e..8210f54 100644 --- a/net/sctp/Kconfig +++ b/net/sctp/Kconfig @@ -2,11 +2,9 @@ # SCTP configuration # -menu "SCTP Configuration (EXPERIMENTAL)" - depends on INET && EXPERIMENTAL - -config IP_SCTP +menuconfig IP_SCTP tristate "The SCTP Protocol (EXPERIMENTAL)" + depends on INET && EXPERIMENTAL depends on IPV6 || IPV6=n select CRYPTO if SCTP_HMAC_SHA1 || SCTP_HMAC_MD5 select CRYPTO_HMAC if SCTP_HMAC_SHA1 || SCTP_HMAC_MD5 @@ -36,9 +34,10 @@ config IP_SCTP If in doubt, say N. +if IP_SCTP + config SCTP_DBG_MSG bool "SCTP: Debug messages" - depends on IP_SCTP help If you say Y, this will enable verbose debugging messages. @@ -47,7 +46,6 @@ config SCTP_DBG_MSG config SCTP_DBG_OBJCNT bool "SCTP: Debug object counts" - depends on IP_SCTP help If you say Y, this will enable debugging support for counting the type of objects that are currently allocated. This is useful for @@ -59,7 +57,6 @@ config SCTP_DBG_OBJCNT choice prompt "SCTP: Cookie HMAC Algorithm" - depends on IP_SCTP default SCTP_HMAC_MD5 help HMAC algorithm to be used during association initialization. It @@ -86,4 +83,5 @@ config SCTP_HMAC_MD5 advised to use either HMAC-MD5 or HMAC-SHA1. endchoice -endmenu + +endif # IP_SCTP -- cgit v0.10.2 From a31b19c514664b8161b956f8da45d8a9166da0c6 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 23 May 2007 14:49:38 -0700 Subject: [TIPC]: Use menuconfig objects. Use menuconfigs instead of menus, so the whole menu can be disabled at once instead of going through all options. Signed-off-by: Jan Engelhardt Signed-off-by: Andrew Morton Signed-off-by: David S. Miller diff --git a/net/tipc/Kconfig b/net/tipc/Kconfig index f9e367d..3b30d11 100644 --- a/net/tipc/Kconfig +++ b/net/tipc/Kconfig @@ -2,11 +2,9 @@ # TIPC configuration # -menu "TIPC Configuration (EXPERIMENTAL)" - depends on INET && EXPERIMENTAL - -config TIPC +menuconfig TIPC tristate "The TIPC Protocol (EXPERIMENTAL)" + depends on INET && EXPERIMENTAL ---help--- The Transparent Inter Process Communication (TIPC) protocol is specially designed for intra cluster communication. This protocol @@ -22,9 +20,10 @@ config TIPC If in doubt, say N. +if TIPC + config TIPC_ADVANCED bool "TIPC: Advanced configuration" - depends on TIPC default n help Saying Y here will open some advanced configuration @@ -33,7 +32,7 @@ config TIPC_ADVANCED config TIPC_ZONES int "Maximum number of zones in network" - depends on TIPC && TIPC_ADVANCED + depends on TIPC_ADVANCED default "3" help Max number of zones inside TIPC network. Max supported value @@ -44,7 +43,7 @@ config TIPC_ZONES config TIPC_CLUSTERS int "Maximum number of clusters in a zone" - depends on TIPC && TIPC_ADVANCED + depends on TIPC_ADVANCED default "1" help ***Only 1 (one cluster in a zone) is supported by current code. @@ -59,7 +58,7 @@ config TIPC_CLUSTERS config TIPC_NODES int "Maximum number of nodes in cluster" - depends on TIPC && TIPC_ADVANCED + depends on TIPC_ADVANCED default "255" help Maximum number of nodes inside a TIPC cluster. Maximum @@ -70,7 +69,7 @@ config TIPC_NODES config TIPC_SLAVE_NODES int "Maximum number of slave nodes in cluster" - depends on TIPC && TIPC_ADVANCED + depends on TIPC_ADVANCED default "0" help ***This capability is not supported by current code.*** @@ -83,7 +82,7 @@ config TIPC_SLAVE_NODES config TIPC_PORTS int "Maximum number of ports in a node" - depends on TIPC && TIPC_ADVANCED + depends on TIPC_ADVANCED default "8191" help Maximum number of ports within a node. Maximum @@ -94,7 +93,7 @@ config TIPC_PORTS config TIPC_LOG int "Size of log buffer" - depends on TIPC && TIPC_ADVANCED + depends on TIPC_ADVANCED default 0 help Size (in bytes) of TIPC's internal log buffer, which records the @@ -106,7 +105,6 @@ config TIPC_LOG config TIPC_DEBUG bool "Enable debugging support" - depends on TIPC default n help This will enable debugging of TIPC. @@ -114,4 +112,4 @@ config TIPC_DEBUG Only say Y here if you are having trouble with TIPC. It will enable the display of detailed information about what is going on. -endmenu +endif # TIPC -- cgit v0.10.2 From 42859007f458f305624009862d6ca818e3c5be57 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 23 May 2007 14:50:18 -0700 Subject: [ARCNET]: Use menuconfig objects. Use menuconfigs instead of menus, so the whole menu can be disabled at once instead of going through all options. Signed-off-by: Jan Engelhardt Signed-off-by: Andrew Morton Signed-off-by: David S. Miller diff --git a/drivers/net/arcnet/Kconfig b/drivers/net/arcnet/Kconfig index 7284cca..4030274 100644 --- a/drivers/net/arcnet/Kconfig +++ b/drivers/net/arcnet/Kconfig @@ -2,10 +2,8 @@ # Arcnet configuration # -menu "ARCnet devices" +menuconfig ARCNET depends on NETDEVICES && (ISA || PCI) - -config ARCNET tristate "ARCnet support" ---help--- If you have a network card of this type, say Y and check out the @@ -25,9 +23,10 @@ config ARCNET . The module will be called arcnet. +if ARCNET + config ARCNET_1201 tristate "Enable standard ARCNet packet format (RFC 1201)" - depends on ARCNET help This allows you to use RFC1201 with your ARCnet card via the virtual arc0 device. You need to say Y here to communicate with @@ -38,7 +37,6 @@ config ARCNET_1201 config ARCNET_1051 tristate "Enable old ARCNet packet format (RFC 1051)" - depends on ARCNET ---help--- This allows you to use RFC1051 with your ARCnet card via the virtual arc0s device. You only need arc0s if you want to talk to ARCnet @@ -53,7 +51,6 @@ config ARCNET_1051 config ARCNET_RAW tristate "Enable raw mode packet interface" - depends on ARCNET help ARCnet "raw mode" packet encapsulation, no soft headers. Unlikely to work unless talking to a copy of the same Linux arcnet driver, @@ -61,7 +58,6 @@ config ARCNET_RAW config ARCNET_CAP tristate "Enable CAP mode packet interface" - depends on ARCNET help ARCnet "cap mode" packet encapsulation. Used to get the hardware acknowledge back to userspace. After the initial protocol byte every @@ -80,7 +76,6 @@ config ARCNET_CAP config ARCNET_COM90xx tristate "ARCnet COM90xx (normal) chipset driver" - depends on ARCNET help This is the chipset driver for the standard COM90xx cards. If you have always used the old ARCnet driver without knowing what type of @@ -92,7 +87,6 @@ config ARCNET_COM90xx config ARCNET_COM90xxIO tristate "ARCnet COM90xx (IO mapped) chipset driver" - depends on ARCNET ---help--- This is the chipset driver for the COM90xx cards, using them in IO-mapped mode instead of memory-mapped mode. This is slower than @@ -105,7 +99,6 @@ config ARCNET_COM90xxIO config ARCNET_RIM_I tristate "ARCnet COM90xx (RIM I) chipset driver" - depends on ARCNET ---help--- This is yet another chipset driver for the COM90xx cards, but this time only using memory-mapped mode, and no IO ports at all. This @@ -118,7 +111,6 @@ config ARCNET_RIM_I config ARCNET_COM20020 tristate "ARCnet COM20020 chipset driver" - depends on ARCNET help This is the driver for the new COM20020 chipset. It supports such things as promiscuous mode, so packet sniffing is possible, and @@ -136,5 +128,4 @@ config ARCNET_COM20020_PCI tristate "Support for COM20020 on PCI" depends on ARCNET_COM20020 && PCI -endmenu - +endif # ARCNET -- cgit v0.10.2 From 8a903be129a741fd1e1d44223f0e3a01c357bde5 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 23 May 2007 14:51:07 -0700 Subject: [TR]: Use menuconfig objects. Use menuconfigs instead of menus, so the whole menu can be disabled at once instead of going through all options. Signed-off-by: Jan Engelhardt Signed-off-by: Andrew Morton Signed-off-by: David S. Miller diff --git a/drivers/net/tokenring/Kconfig b/drivers/net/tokenring/Kconfig index 99c4c19..e6b2e06 100644 --- a/drivers/net/tokenring/Kconfig +++ b/drivers/net/tokenring/Kconfig @@ -2,12 +2,10 @@ # Token Ring driver configuration # -menu "Token Ring devices" - depends on NETDEVICES && !UML - # So far, we only have PCI, ISA, and MCA token ring devices -config TR +menuconfig TR bool "Token Ring driver support" + depends on NETDEVICES && !UML depends on (PCI || ISA || MCA || CCW) select LLC help @@ -20,9 +18,11 @@ config TR from . Most people can say N here. +if TR + config IBMTR tristate "IBM Tropic chipset based adapter support" - depends on TR && (ISA || MCA) + depends on ISA || MCA ---help--- This is support for all IBM Token Ring cards that don't use DMA. If you have such a beast, say Y and read the Token-Ring mini-HOWTO, @@ -36,7 +36,7 @@ config IBMTR config IBMOL tristate "IBM Olympic chipset PCI adapter support" - depends on TR && PCI + depends on PCI ---help--- This is support for all non-Lanstreamer IBM PCI Token Ring Cards. Specifically this is all IBM PCI, PCI Wake On Lan, PCI II, PCI II @@ -54,7 +54,7 @@ config IBMOL config IBMLS tristate "IBM Lanstreamer chipset PCI adapter support" - depends on TR && PCI && !64BIT + depends on PCI && !64BIT help This is support for IBM Lanstreamer PCI Token Ring Cards. @@ -66,7 +66,7 @@ config IBMLS config 3C359 tristate "3Com 3C359 Token Link Velocity XL adapter support" - depends on TR && PCI + depends on PCI ---help--- This is support for the 3Com PCI Velocity XL cards, specifically the 3Com 3C359, please note this is not for the 3C339 cards, you @@ -84,7 +84,7 @@ config 3C359 config TMS380TR tristate "Generic TMS380 Token Ring ISA/PCI adapter support" - depends on TR && (PCI || ISA && ISA_DMA_API || MCA) + depends on PCI || ISA && ISA_DMA_API || MCA select FW_LOADER ---help--- This driver provides generic support for token ring adapters @@ -108,7 +108,7 @@ config TMS380TR config TMSPCI tristate "Generic TMS380 PCI support" - depends on TR && TMS380TR && PCI + depends on TMS380TR && PCI ---help--- This tms380 module supports generic TMS380-based PCI cards. @@ -123,7 +123,7 @@ config TMSPCI config SKISA tristate "SysKonnect TR4/16 ISA support" - depends on TR && TMS380TR && ISA + depends on TMS380TR && ISA help This tms380 module supports SysKonnect TR4/16 ISA cards. @@ -135,7 +135,7 @@ config SKISA config PROTEON tristate "Proteon ISA support" - depends on TR && TMS380TR && ISA + depends on TMS380TR && ISA help This tms380 module supports Proteon ISA cards. @@ -148,7 +148,7 @@ config PROTEON config ABYSS tristate "Madge Smart 16/4 PCI Mk2 support" - depends on TR && TMS380TR && PCI + depends on TMS380TR && PCI help This tms380 module supports the Madge Smart 16/4 PCI Mk2 cards (51-02). @@ -158,7 +158,7 @@ config ABYSS config MADGEMC tristate "Madge Smart 16/4 Ringnode MicroChannel" - depends on TR && TMS380TR && MCA + depends on TMS380TR && MCA help This tms380 module supports the Madge Smart 16/4 MC16 and MC32 MicroChannel adapters. @@ -168,7 +168,7 @@ config MADGEMC config SMCTR tristate "SMC ISA/MCA adapter support" - depends on TR && (ISA || MCA_LEGACY) && (BROKEN || !64BIT) + depends on (ISA || MCA_LEGACY) && (BROKEN || !64BIT) ---help--- This is support for the ISA and MCA SMC Token Ring cards, specifically SMC TokenCard Elite (8115T) and SMC TokenCard Elite/A @@ -182,5 +182,4 @@ config SMCTR To compile this driver as a module, choose M here: the module will be called smctr. -endmenu - +endif # TR -- cgit v0.10.2 From b8f558313506b5bc435f2e031f3bec4b1725098e Mon Sep 17 00:00:00 2001 From: Milan Kocian Date: Wed, 23 May 2007 14:55:06 -0700 Subject: [RTNETLINK]: Fix sending netlink message when replace route. When you replace route via ip r r command the netlink multicast message is not send. This patch corrects it. NL message is sent with NLM_F_REPLACE flag. Addresses http://bugzilla.kernel.org/show_bug.cgi?id=8320 Signed-off-by: Milan Kocian Signed-off-by: Andrew Morton Signed-off-by: David S. Miller diff --git a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c index 9cfecf1..07e843a 100644 --- a/net/ipv4/fib_hash.c +++ b/net/ipv4/fib_hash.c @@ -456,6 +456,8 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) fib_release_info(fi_drop); if (state & FA_S_ACCESSED) rt_cache_flush(-1); + rtmsg_fib(RTM_NEWROUTE, key, fa, cfg->fc_dst_len, tb->tb_id, + &cfg->fc_nlinfo, NLM_F_REPLACE); return 0; } @@ -523,7 +525,7 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) rt_cache_flush(-1); rtmsg_fib(RTM_NEWROUTE, key, new_fa, cfg->fc_dst_len, tb->tb_id, - &cfg->fc_nlinfo); + &cfg->fc_nlinfo, 0); return 0; out_free_new_fa: @@ -589,7 +591,7 @@ static int fn_hash_delete(struct fib_table *tb, struct fib_config *cfg) fa = fa_to_delete; rtmsg_fib(RTM_DELROUTE, key, fa, cfg->fc_dst_len, - tb->tb_id, &cfg->fc_nlinfo); + tb->tb_id, &cfg->fc_nlinfo, 0); kill_fn = 0; write_lock_bh(&fib_hash_lock); diff --git a/net/ipv4/fib_lookup.h b/net/ipv4/fib_lookup.h index 0e8b70b..eef9eec 100644 --- a/net/ipv4/fib_lookup.h +++ b/net/ipv4/fib_lookup.h @@ -30,7 +30,8 @@ extern int fib_dump_info(struct sk_buff *skb, u32 pid, u32 seq, int event, int dst_len, u8 tos, struct fib_info *fi, unsigned int); extern void rtmsg_fib(int event, __be32 key, struct fib_alias *fa, - int dst_len, u32 tb_id, struct nl_info *info); + int dst_len, u32 tb_id, struct nl_info *info, + unsigned int nlm_flags); extern struct fib_alias *fib_find_alias(struct list_head *fah, u8 tos, u32 prio); extern int fib_detect_death(struct fib_info *fi, int order, diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c index 406ea70..bb94550 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -301,7 +301,8 @@ static inline size_t fib_nlmsg_size(struct fib_info *fi) } void rtmsg_fib(int event, __be32 key, struct fib_alias *fa, - int dst_len, u32 tb_id, struct nl_info *info) + int dst_len, u32 tb_id, struct nl_info *info, + unsigned int nlm_flags) { struct sk_buff *skb; u32 seq = info->nlh ? info->nlh->nlmsg_seq : 0; @@ -313,7 +314,7 @@ void rtmsg_fib(int event, __be32 key, struct fib_alias *fa, err = fib_dump_info(skb, info->pid, seq, event, tb_id, fa->fa_type, fa->fa_scope, key, dst_len, - fa->fa_tos, fa->fa_info, 0); + fa->fa_tos, fa->fa_info, nlm_flags); if (err < 0) { /* -EMSGSIZE implies BUG in fib_nlmsg_size() */ WARN_ON(err == -EMSGSIZE); diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c index 9be7da7..30e332a 100644 --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c @@ -1226,6 +1226,8 @@ static int fn_trie_insert(struct fib_table *tb, struct fib_config *cfg) fib_release_info(fi_drop); if (state & FA_S_ACCESSED) rt_cache_flush(-1); + rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen, + tb->tb_id, &cfg->fc_nlinfo, NLM_F_REPLACE); goto succeeded; } @@ -1278,7 +1280,7 @@ static int fn_trie_insert(struct fib_table *tb, struct fib_config *cfg) rt_cache_flush(-1); rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen, tb->tb_id, - &cfg->fc_nlinfo); + &cfg->fc_nlinfo, 0); succeeded: return 0; @@ -1624,7 +1626,7 @@ static int fn_trie_delete(struct fib_table *tb, struct fib_config *cfg) fa = fa_to_delete; rtmsg_fib(RTM_DELROUTE, htonl(key), fa, plen, tb->tb_id, - &cfg->fc_nlinfo); + &cfg->fc_nlinfo, 0); l = fib_find_node(t, key); li = find_leaf_info(l, plen); -- cgit v0.10.2 From cb283ead710c342d9856af8507e2a42bf5c6576c Mon Sep 17 00:00:00 2001 From: Jon Paul Maloy Date: Wed, 23 May 2007 15:11:15 -0700 Subject: [TIPC]: Fixed erroneous introduction of for_each_netdev Signed-off-by: Jon Paul Maloy Signed-off-by: David S. Miller diff --git a/net/tipc/eth_media.c b/net/tipc/eth_media.c index 0ee6ded..77d2d9c 100644 --- a/net/tipc/eth_media.c +++ b/net/tipc/eth_media.c @@ -120,18 +120,20 @@ static int recv_msg(struct sk_buff *buf, struct net_device *dev, static int enable_bearer(struct tipc_bearer *tb_ptr) { - struct net_device *dev, *pdev; + struct net_device *dev = NULL; + struct net_device *pdev = NULL; struct eth_bearer *eb_ptr = ð_bearers[0]; struct eth_bearer *stop = ð_bearers[MAX_ETH_BEARERS]; char *driver_name = strchr((const char *)tb_ptr->name, ':') + 1; /* Find device with specified name */ - dev = NULL; - for_each_netdev(pdev) - if (!strncmp(dev->name, driver_name, IFNAMSIZ)) { + + for_each_netdev(pdev){ + if (!strncmp(pdev->name, driver_name, IFNAMSIZ)) { dev = pdev; break; } + } if (!dev) return -ENODEV; -- cgit v0.10.2 From 1b07a95a5be77dc1291de12b216f930aee04eb4f Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Wed, 23 May 2007 17:43:11 -0700 Subject: [DCCP]: Fix build warning when debugging is disabled. Signed-off-by: David S. Miller diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c index d7d9ce7..ec7fa4d 100644 --- a/net/dccp/ccids/ccid3.c +++ b/net/dccp/ccids/ccid3.c @@ -419,7 +419,6 @@ static void ccid3_hc_tx_packet_sent(struct sock *sk, int more, static void ccid3_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb) { - const struct dccp_sock *dp = dccp_sk(sk); struct ccid3_hc_tx_sock *hctx = ccid3_hc_tx_sk(sk); struct ccid3_options_received *opt_recv; struct dccp_tx_hist_entry *packet; @@ -491,7 +490,7 @@ static void ccid3_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb) ccid3_pr_debug("%s(%p), s=%u, MSS=%u, " "R_sample=%uus, X=%u\n", dccp_role(sk), sk, hctx->ccid3hctx_s, - dp->dccps_mss_cache, r_sample, + dccp_sk(sk)->dccps_mss_cache, r_sample, (unsigned)(hctx->ccid3hctx_x >> 6)); ccid3_hc_tx_set_state(sk, TFRC_SSTATE_FBACK); -- cgit v0.10.2 From 2e4b3b0e8734d1173c96c6f5d8a8dd6728950b56 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Wed, 23 May 2007 23:39:54 -0700 Subject: [NET_SCHED]: sch_htb: fix event cache time calculation The event cache time must be an absolute value, when no event exists it is incorrectly set to 1s instead of 1s in the future. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c index 99bcec8..035788c 100644 --- a/net/sched/sch_htb.c +++ b/net/sched/sch_htb.c @@ -976,8 +976,9 @@ static struct sk_buff *htb_dequeue(struct Qdisc *sch) if (q->now >= q->near_ev_cache[level]) { event = htb_do_events(q, level); - q->near_ev_cache[level] = event ? event : - PSCHED_TICKS_PER_SEC; + if (!event) + event = q->now + PSCHED_TICKS_PER_SEC; + q->near_ev_cache[level] = event; } else event = q->near_ev_cache[level]; -- cgit v0.10.2 From 5fe26f53fe9e2ba5dca2835a4ca69d0ba7b5f707 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 24 May 2007 16:40:51 -0700 Subject: [NETFILTER]: nf_conntrack_ftp: fix newline sequence number update When trying to locate the oldest entry in the history of newline character sequence numbers, the sequence number of the current entry is incorrectly compared with the index of the oldest sequence number instead of the number itself. Additionally it is not made sure that the current sequence number really is after the oldest known one. Based on report by YU, Haitao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c index a186799..4bb669c 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c @@ -335,15 +335,17 @@ static void update_nl_seq(u32 nl_seq, struct nf_ct_ftp_master *info, int dir, if (info->seq_aft_nl[dir][i] == nl_seq) return; - if (oldest == info->seq_aft_nl_num[dir] - || before(info->seq_aft_nl[dir][i], oldest)) + if (oldest == info->seq_aft_nl_num[dir] || + before(info->seq_aft_nl[dir][i], + info->seq_aft_nl[dir][oldest])) oldest = i; } if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; nf_conntrack_event_cache(IPCT_HELPINFO_VOLATILE, skb); - } else if (oldest != NUM_SEQ_TO_REMEMBER) { + } else if (oldest != NUM_SEQ_TO_REMEMBER && + after(nl_seq, info->seq_aft_nl[dir][oldest])) { info->seq_aft_nl[dir][oldest] = nl_seq; nf_conntrack_event_cache(IPCT_HELPINFO_VOLATILE, skb); } -- cgit v0.10.2 From 25b86e05467a2bf936b78695ef49039e3bbd1e0c Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 24 May 2007 16:41:50 -0700 Subject: [NETFILTER]: nf_conntrack_ftp: fix newline sequence number calculation When the packet size is changed by the FTP NAT helper, the connection tracking helper adjusts the sequence number of the newline character by the size difference. This is wrong because NAT sequence number adjustment happens after helpers are called, so the unadjusted number is compared to the already adjusted one. Based on report by YU, Haitao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller diff --git a/include/linux/netfilter/nf_conntrack_ftp.h b/include/linux/netfilter/nf_conntrack_ftp.h index 81453ea..b7c360f 100644 --- a/include/linux/netfilter/nf_conntrack_ftp.h +++ b/include/linux/netfilter/nf_conntrack_ftp.h @@ -37,8 +37,7 @@ extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb, enum nf_ct_ftp_type type, unsigned int matchoff, unsigned int matchlen, - struct nf_conntrack_expect *exp, - u32 *seq); + struct nf_conntrack_expect *exp); #endif /* __KERNEL__ */ #endif /* _NF_CONNTRACK_FTP_H */ diff --git a/net/ipv4/netfilter/nf_nat_ftp.c b/net/ipv4/netfilter/nf_nat_ftp.c index 751b598..e6bc8e5 100644 --- a/net/ipv4/netfilter/nf_nat_ftp.c +++ b/net/ipv4/netfilter/nf_nat_ftp.c @@ -40,8 +40,7 @@ mangle_rfc959_packet(struct sk_buff **pskb, unsigned int matchoff, unsigned int matchlen, struct nf_conn *ct, - enum ip_conntrack_info ctinfo, - u32 *seq) + enum ip_conntrack_info ctinfo) { char buffer[sizeof("nnn,nnn,nnn,nnn,nnn,nnn")]; @@ -50,7 +49,6 @@ mangle_rfc959_packet(struct sk_buff **pskb, DEBUGP("calling nf_nat_mangle_tcp_packet\n"); - *seq += strlen(buffer) - matchlen; return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, matchlen, buffer, strlen(buffer)); } @@ -63,8 +61,7 @@ mangle_eprt_packet(struct sk_buff **pskb, unsigned int matchoff, unsigned int matchlen, struct nf_conn *ct, - enum ip_conntrack_info ctinfo, - u32 *seq) + enum ip_conntrack_info ctinfo) { char buffer[sizeof("|1|255.255.255.255|65535|")]; @@ -72,7 +69,6 @@ mangle_eprt_packet(struct sk_buff **pskb, DEBUGP("calling nf_nat_mangle_tcp_packet\n"); - *seq += strlen(buffer) - matchlen; return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, matchlen, buffer, strlen(buffer)); } @@ -85,8 +81,7 @@ mangle_epsv_packet(struct sk_buff **pskb, unsigned int matchoff, unsigned int matchlen, struct nf_conn *ct, - enum ip_conntrack_info ctinfo, - u32 *seq) + enum ip_conntrack_info ctinfo) { char buffer[sizeof("|||65535|")]; @@ -94,14 +89,13 @@ mangle_epsv_packet(struct sk_buff **pskb, DEBUGP("calling nf_nat_mangle_tcp_packet\n"); - *seq += strlen(buffer) - matchlen; return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, matchlen, buffer, strlen(buffer)); } static int (*mangle[])(struct sk_buff **, __be32, u_int16_t, unsigned int, unsigned int, struct nf_conn *, - enum ip_conntrack_info, u32 *seq) + enum ip_conntrack_info) = { [NF_CT_FTP_PORT] = mangle_rfc959_packet, [NF_CT_FTP_PASV] = mangle_rfc959_packet, @@ -116,8 +110,7 @@ static unsigned int nf_nat_ftp(struct sk_buff **pskb, enum nf_ct_ftp_type type, unsigned int matchoff, unsigned int matchlen, - struct nf_conntrack_expect *exp, - u32 *seq) + struct nf_conntrack_expect *exp) { __be32 newip; u_int16_t port; @@ -145,8 +138,7 @@ static unsigned int nf_nat_ftp(struct sk_buff **pskb, if (port == 0) return NF_DROP; - if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo, - seq)) { + if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo)) { nf_conntrack_unexpect_related(exp); return NF_DROP; } diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c index 4bb669c..82db2aa 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c @@ -48,8 +48,7 @@ unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb, enum nf_ct_ftp_type type, unsigned int matchoff, unsigned int matchlen, - struct nf_conntrack_expect *exp, - u32 *seq); + struct nf_conntrack_expect *exp); EXPORT_SYMBOL_GPL(nf_nat_ftp_hook); #if 0 @@ -521,7 +520,7 @@ static int help(struct sk_buff **pskb, nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook); if (nf_nat_ftp && ct->status & IPS_NAT_MASK) ret = nf_nat_ftp(pskb, ctinfo, search[dir][i].ftptype, - matchoff, matchlen, exp, &seq); + matchoff, matchlen, exp); else { /* Can't expect this? Best to drop packet now. */ if (nf_conntrack_expect_related(exp) != 0) -- cgit v0.10.2 From d052918688bdd7a1218aa5ae182013bf45a4881a Mon Sep 17 00:00:00 2001 From: Jing Min Zhao Date: Thu, 24 May 2007 16:42:26 -0700 Subject: [NETFILTER]: nf_conntrack_h323: fix ASN.1 types 1. Add support for decoding IPv6 address. I know it was manually added in the header file, but not in the template file. That wouldn't work. 2. Add missing support for decoding T.120 address in OLCA. 3. Remove unnecessary decoding of Information signal. Signed-off-by: Jing Min Zhao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller diff --git a/include/linux/netfilter/nf_conntrack_h323_types.h b/include/linux/netfilter/nf_conntrack_h323_types.h index 38d74d5..f35b6b4 100644 --- a/include/linux/netfilter/nf_conntrack_h323_types.h +++ b/include/linux/netfilter/nf_conntrack_h323_types.h @@ -1,4 +1,4 @@ -/* Generated by Jing Min Zhao's ASN.1 parser, Apr 20 2006 +/* Generated by Jing Min Zhao's ASN.1 parser, May 16 2007 * * Copyright (c) 2006 Jing Min Zhao * @@ -12,7 +12,7 @@ typedef struct TransportAddress_ipAddress { /* SEQUENCE */ typedef struct TransportAddress_ip6Address { /* SEQUENCE */ int options; /* No use */ - unsigned ip6; + unsigned ip; } TransportAddress_ip6Address; typedef struct TransportAddress { /* CHOICE */ @@ -364,23 +364,6 @@ typedef struct Alerting_UUIE { /* SEQUENCE */ Alerting_UUIE_fastStart fastStart; } Alerting_UUIE; -typedef struct Information_UUIE_fastStart { /* SEQUENCE OF */ - int count; - OpenLogicalChannel item[30]; -} Information_UUIE_fastStart; - -typedef struct Information_UUIE { /* SEQUENCE */ - enum { - eInformation_UUIE_callIdentifier = (1 << 31), - eInformation_UUIE_tokens = (1 << 30), - eInformation_UUIE_cryptoTokens = (1 << 29), - eInformation_UUIE_fastStart = (1 << 28), - eInformation_UUIE_fastConnectRefused = (1 << 27), - eInformation_UUIE_circuitInfo = (1 << 26), - } options; - Information_UUIE_fastStart fastStart; -} Information_UUIE; - typedef struct FacilityReason { /* CHOICE */ enum { eFacilityReason_routeCallToGatekeeper, @@ -471,7 +454,6 @@ typedef struct H323_UU_PDU_h323_message_body { /* CHOICE */ CallProceeding_UUIE callProceeding; Connect_UUIE connect; Alerting_UUIE alerting; - Information_UUIE information; Facility_UUIE facility; Progress_UUIE progress; }; @@ -561,6 +543,7 @@ typedef struct OpenLogicalChannelAck { /* SEQUENCE */ } options; OpenLogicalChannelAck_reverseLogicalChannelParameters reverseLogicalChannelParameters; + NetworkAccessParameters separateStack; OpenLogicalChannelAck_forwardMultiplexAckParameters forwardMultiplexAckParameters; } OpenLogicalChannelAck; diff --git a/net/netfilter/nf_conntrack_h323_types.c b/net/netfilter/nf_conntrack_h323_types.c index 4c6f8b3..3a21fdf 100644 --- a/net/netfilter/nf_conntrack_h323_types.c +++ b/net/netfilter/nf_conntrack_h323_types.c @@ -1,4 +1,4 @@ -/* Generated by Jing Min Zhao's ASN.1 parser, Apr 20 2006 +/* Generated by Jing Min Zhao's ASN.1 parser, May 16 2007 * * Copyright (c) 2006 Jing Min Zhao * @@ -37,7 +37,7 @@ static field_t _TransportAddress_ipxAddress[] = { /* SEQUENCE */ static field_t _TransportAddress_ip6Address[] = { /* SEQUENCE */ {FNAME("ip") OCTSTR, FIXD, 16, 0, DECODE, - offsetof(TransportAddress_ip6Address, ip6), NULL}, + offsetof(TransportAddress_ip6Address, ip), NULL}, {FNAME("port") INT, WORD, 0, 0, SKIP, 0, NULL}, }; @@ -67,7 +67,8 @@ static field_t _TransportAddress[] = { /* CHOICE */ {FNAME("ipxAddress") SEQ, 0, 3, 3, SKIP, 0, _TransportAddress_ipxAddress}, {FNAME("ip6Address") SEQ, 0, 2, 2, DECODE | EXT, - offsetof(TransportAddress, ip6Address), _TransportAddress_ip6Address}, + offsetof(TransportAddress, ip6Address), + _TransportAddress_ip6Address}, {FNAME("netBios") OCTSTR, FIXD, 16, 0, SKIP, 0, NULL}, {FNAME("nsap") OCTSTR, 5, 1, 0, SKIP, 0, NULL}, {FNAME("nonStandardAddress") SEQ, 0, 2, 2, SKIP, 0, @@ -638,7 +639,8 @@ static field_t _UnicastAddress_iPXAddress[] = { /* SEQUENCE */ }; static field_t _UnicastAddress_iP6Address[] = { /* SEQUENCE */ - {FNAME("network") OCTSTR, FIXD, 16, 0, SKIP, 0, NULL}, + {FNAME("network") OCTSTR, FIXD, 16, 0, DECODE, + offsetof(UnicastAddress_iP6Address, network), NULL}, {FNAME("tsapIdentifier") INT, WORD, 0, 0, SKIP, 0, NULL}, }; @@ -665,8 +667,8 @@ static field_t _UnicastAddress[] = { /* CHOICE */ offsetof(UnicastAddress, iPAddress), _UnicastAddress_iPAddress}, {FNAME("iPXAddress") SEQ, 0, 3, 3, SKIP | EXT, 0, _UnicastAddress_iPXAddress}, - {FNAME("iP6Address") SEQ, 0, 2, 2, SKIP | EXT, 0, - _UnicastAddress_iP6Address}, + {FNAME("iP6Address") SEQ, 0, 2, 2, DECODE | EXT, + offsetof(UnicastAddress, iP6Address), _UnicastAddress_iP6Address}, {FNAME("netBios") OCTSTR, FIXD, 16, 0, SKIP, 0, NULL}, {FNAME("iPSourceRouteAddress") SEQ, 0, 4, 4, SKIP | EXT, 0, _UnicastAddress_iPSourceRouteAddress}, @@ -984,19 +986,12 @@ static field_t _Alerting_UUIE[] = { /* SEQUENCE */ {FNAME("featureSet") SEQ, 3, 4, 4, SKIP | EXT | OPT, 0, NULL}, }; -static field_t _Information_UUIE_fastStart[] = { /* SEQUENCE OF */ - {FNAME("item") SEQ, 1, 3, 5, DECODE | OPEN | EXT, - sizeof(OpenLogicalChannel), _OpenLogicalChannel} - , -}; - static field_t _Information_UUIE[] = { /* SEQUENCE */ {FNAME("protocolIdentifier") OID, BYTE, 0, 0, SKIP, 0, NULL}, {FNAME("callIdentifier") SEQ, 0, 1, 1, SKIP | EXT, 0, NULL}, {FNAME("tokens") SEQOF, SEMI, 0, 0, SKIP | OPT, 0, NULL}, {FNAME("cryptoTokens") SEQOF, SEMI, 0, 0, SKIP | OPT, 0, NULL}, - {FNAME("fastStart") SEQOF, SEMI, 0, 30, DECODE | OPT, - offsetof(Information_UUIE, fastStart), _Information_UUIE_fastStart}, + {FNAME("fastStart") SEQOF, SEMI, 0, 30, SKIP | OPT, 0, NULL}, {FNAME("fastConnectRefused") NUL, FIXD, 0, 0, SKIP | OPT, 0, NULL}, {FNAME("circuitInfo") SEQ, 3, 3, 3, SKIP | EXT | OPT, 0, NULL}, }; @@ -1343,9 +1338,7 @@ static field_t _H323_UU_PDU_h323_message_body[] = { /* CHOICE */ offsetof(H323_UU_PDU_h323_message_body, connect), _Connect_UUIE}, {FNAME("alerting") SEQ, 1, 3, 17, DECODE | EXT, offsetof(H323_UU_PDU_h323_message_body, alerting), _Alerting_UUIE}, - {FNAME("information") SEQ, 0, 1, 7, DECODE | EXT, - offsetof(H323_UU_PDU_h323_message_body, information), - _Information_UUIE}, + {FNAME("information") SEQ, 0, 1, 7, SKIP | EXT, 0, _Information_UUIE}, {FNAME("releaseComplete") SEQ, 1, 2, 11, SKIP | EXT, 0, _ReleaseComplete_UUIE}, {FNAME("facility") SEQ, 3, 5, 21, DECODE | EXT, @@ -1430,7 +1423,9 @@ static field_t _OpenLogicalChannelAck[] = { /* SEQUENCE */ DECODE | EXT | OPT, offsetof(OpenLogicalChannelAck, reverseLogicalChannelParameters), _OpenLogicalChannelAck_reverseLogicalChannelParameters}, - {FNAME("separateStack") SEQ, 2, 4, 5, SKIP | EXT | OPT, 0, NULL}, + {FNAME("separateStack") SEQ, 2, 4, 5, DECODE | EXT | OPT, + offsetof(OpenLogicalChannelAck, separateStack), + _NetworkAccessParameters}, {FNAME("forwardMultiplexAckParameters") CHOICE, 0, 1, 1, DECODE | EXT | OPT, offsetof(OpenLogicalChannelAck, forwardMultiplexAckParameters), -- cgit v0.10.2 From bb807245ef981cac7e8550aea365e6f2157d5c4d Mon Sep 17 00:00:00 2001 From: Jing Min Zhao Date: Thu, 24 May 2007 16:43:07 -0700 Subject: [NETFILTER]: nf_conntrack_h323: fix get_h225_addr() for IPv6 address access Update get_h225_addr() to meet the changes in ASN.1 types. It was using field ip6 to access IPv6 TransportAddress, it should be ip according the ASN.1 definition. Signed-off-by: Jing Min Zhao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c index b284db7..8bb99b3 100644 --- a/net/netfilter/nf_conntrack_h323_main.c +++ b/net/netfilter/nf_conntrack_h323_main.c @@ -640,7 +640,7 @@ int get_h225_addr(struct nf_conn *ct, unsigned char *data, case eTransportAddress_ip6Address: if (family != AF_INET6) return 0; - p = data + taddr->ip6Address.ip6; + p = data + taddr->ip6Address.ip; len = 16; break; default: -- cgit v0.10.2 From 596830f1a1e5d26a83fe83b99ced1456d9d7f39b Mon Sep 17 00:00:00 2001 From: Jing Min Zhao Date: Thu, 24 May 2007 16:43:42 -0700 Subject: [NETFILTER]: nf_conntrack_h323: remove unnecessary process of Information signal According to the implementation of H.323, it's not necessary to check the addresses in Information signals. Signed-off-by: Jing Min Zhao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c index 8bb99b3..6d668af 100644 --- a/net/netfilter/nf_conntrack_h323_main.c +++ b/net/netfilter/nf_conntrack_h323_main.c @@ -977,30 +977,6 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, } /****************************************************************************/ -static int process_information(struct sk_buff **pskb, - struct nf_conn *ct, - enum ip_conntrack_info ctinfo, - unsigned char **data, int dataoff, - Information_UUIE *info) -{ - int ret; - int i; - - DEBUGP("nf_ct_q931: Information\n"); - - if (info->options & eInformation_UUIE_fastStart) { - for (i = 0; i < info->fastStart.count; i++) { - ret = process_olc(pskb, ct, ctinfo, data, dataoff, - &info->fastStart.item[i]); - if (ret < 0) - return -1; - } - } - - return 0; -} - -/****************************************************************************/ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, enum ip_conntrack_info ctinfo, unsigned char **data, int dataoff, @@ -1096,11 +1072,6 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, ret = process_alerting(pskb, ct, ctinfo, data, dataoff, &pdu->h323_message_body.alerting); break; - case eH323_UU_PDU_h323_message_body_information: - ret = process_information(pskb, ct, ctinfo, data, dataoff, - &pdu->h323_message_body. - information); - break; case eH323_UU_PDU_h323_message_body_facility: ret = process_facility(pskb, ct, ctinfo, data, dataoff, &pdu->h323_message_body.facility); -- cgit v0.10.2 From f8f1c08eaef838e22bf427665da87cfa73e5074d Mon Sep 17 00:00:00 2001 From: Jing Min Zhao Date: Thu, 24 May 2007 16:44:11 -0700 Subject: [NETFILTER]: nf_conntrack_h323: add missing T.120 address in OLCA Add missing process of T.120 address in OpenLogicalChannelAck signal. Signed-off-by: Jing Min Zhao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c index 6d668af..a1b95ac 100644 --- a/net/netfilter/nf_conntrack_h323_main.c +++ b/net/netfilter/nf_conntrack_h323_main.c @@ -520,6 +520,16 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, } } + if ((olca->options & eOpenLogicalChannelAck_separateStack) && + olca->separateStack.networkAddress.choice == + eNetworkAccessParameters_networkAddress_localAreaAddress) { + ret = expect_t120(pskb, ct, ctinfo, data, dataoff, + &olca->separateStack.networkAddress. + localAreaAddress); + if (ret < 0) + return -1; + } + return 0; } -- cgit v0.10.2 From 1ff75ed254bdbb47bb0c1d71a3cc65f6831a8e3a Mon Sep 17 00:00:00 2001 From: Jing Min Zhao Date: Thu, 24 May 2007 16:44:40 -0700 Subject: [NETFILTER]: nf_nat_h323: call set_h225_addr instead of set_h225_addr_hook They're the same. Signed-off-by: Jing Min Zhao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index fcebc96..c5d2a2d 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c @@ -455,9 +455,9 @@ static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct, if (idx > 0 && get_h225_addr(ct, *data, &taddr[0], &addr, &port) && (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { - set_h225_addr_hook(pskb, data, 0, &taddr[0], - &ct->tuplehash[!dir].tuple.dst.u3, - info->sig_port[!dir]); + set_h225_addr(pskb, data, 0, &taddr[0], + &ct->tuplehash[!dir].tuple.dst.u3, + info->sig_port[!dir]); } } else { nf_conntrack_unexpect_related(exp); -- cgit v0.10.2 From ba78073e6f70cd9c64a478a9bd901d7c8736cfbc Mon Sep 17 00:00:00 2001 From: Vasily Averin Date: Thu, 24 May 2007 16:58:54 -0700 Subject: [NET]: "wrong timeout value" in sk_wait_data() v2 sys_setsockopt() do not check properly timeout values for SO_RCVTIMEO/SO_SNDTIMEO, for example it's possible to set negative timeout values. POSIX do not defines behaviour for sys_setsockopt in case negative timeouts, but requires that setsockopt() shall fail with -EDOM if the send and receive timeout values are too big to fit into the timeout fields in the socket structure. In current implementation negative timeout can lead to error messages like "schedule_timeout: wrong timeout value". Proposed patch: - checks tv_usec and returns -EDOM if it is wrong - do not allows to set negative timeout values (sets 0 instead) and outputs ratelimited information message about such attempts. Signed-off-By: Vasily Averin Signed-off-by: David S. Miller diff --git a/net/core/sock.c b/net/core/sock.c index 22183c2..7e51d3a 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -206,7 +206,19 @@ static int sock_set_timeout(long *timeo_p, char __user *optval, int optlen) return -EINVAL; if (copy_from_user(&tv, optval, sizeof(tv))) return -EFAULT; - + if (tv.tv_usec < 0 || tv.tv_usec >= USEC_PER_SEC) + return -EDOM; + + if (tv.tv_sec < 0) { + static int warned = 0; + *timeo_p = 0; + if (warned < 10 && net_ratelimit()) + warned++; + printk(KERN_INFO "sock_set_timeout: `%s' (pid %d) " + "tries to set negative timeout\n", + current->comm, current->pid); + return 0; + } *timeo_p = MAX_SCHEDULE_TIMEOUT; if (tv.tv_sec == 0 && tv.tv_usec == 0) return 0; -- cgit v0.10.2 From 04efb8787e4d8a7b21a61aeb723de33154311256 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Thu, 24 May 2007 17:54:15 -0700 Subject: [CASSINI]: Check pci_set_mwi() return value. Signed-off-by: David S. Miller diff --git a/drivers/net/cassini.c b/drivers/net/cassini.c index 4aec747..9fe3a38 100644 --- a/drivers/net/cassini.c +++ b/drivers/net/cassini.c @@ -4919,7 +4919,10 @@ static int __devinit cas_init_one(struct pci_dev *pdev, pci_cmd &= ~PCI_COMMAND_SERR; pci_cmd |= PCI_COMMAND_PARITY; pci_write_config_word(pdev, PCI_COMMAND, pci_cmd); - pci_set_mwi(pdev); + if (pci_set_mwi(pdev)) + printk(KERN_WARNING PFX "Could enable MWI for %s\n", + pci_name(pdev)); + /* * On some architectures, the default cache line size set * by pci_set_mwi reduces perforamnce. We have to increase -- cgit v0.10.2 From 14e50e57aedb2a89cf79b77782879769794cab7b Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Thu, 24 May 2007 18:17:54 -0700 Subject: [XFRM]: Allow packet drops during larval state resolution. The current IPSEC rule resolution behavior we have does not work for a lot of people, even though technically it's an improvement from the -EAGAIN buisness we had before. Right now we'll block until the key manager resolves the route. That works for simple cases, but many folks would rather packets get silently dropped until the key manager resolves the IPSEC rules. We can't tell these folks to "set the socket non-blocking" because they don't have control over the non-block setting of things like the sockets used to resolve DNS deep inside of the resolver libraries in libc. With that in mind I coded up the patch below with some help from Herbert Xu which provides packet-drop behavior during larval state resolution, controllable via sysctl and off by default. This lays the framework to either: 1) Make this default at some point or... 2) Move this logic into xfrm{4,6}_policy.c and implement the ARP-like resolution queue we've all been dreaming of. The idea would be to queue packets to the policy, then once the larval state is resolved by the key manager we re-resolve the route and push the packets out. The packets would timeout if the rule didn't get resolved in a certain amount of time. Signed-off-by: David S. Miller diff --git a/include/net/dst.h b/include/net/dst.h index e12a8ce..82270f9 100644 --- a/include/net/dst.h +++ b/include/net/dst.h @@ -265,9 +265,16 @@ static inline int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, { return 0; } +static inline int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, + struct sock *sk, int flags) +{ + return 0; +} #else extern int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, struct sock *sk, int flags); +extern int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, + struct sock *sk, int flags); #endif #endif diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 4fa5dfe..78a0d06 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -469,6 +469,9 @@ extern void ip6_flush_pending_frames(struct sock *sk); extern int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl); +extern int ip6_dst_blackhole(struct sock *sk, + struct dst_entry **dst, + struct flowi *fl); extern int ip6_sk_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl); diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c index b297120..f34aca0 100644 --- a/net/core/sysctl_net_core.c +++ b/net/core/sysctl_net_core.c @@ -24,6 +24,7 @@ extern int sysctl_core_destroy_delay; #ifdef CONFIG_XFRM extern u32 sysctl_xfrm_aevent_etime; extern u32 sysctl_xfrm_aevent_rseqth; +extern int sysctl_xfrm_larval_drop; #endif ctl_table core_table[] = { @@ -118,6 +119,14 @@ ctl_table core_table[] = { .mode = 0644, .proc_handler = &proc_dointvec }, + { + .ctl_name = CTL_UNNUMBERED, + .procname = "xfrm_larval_drop", + .data = &sysctl_xfrm_larval_drop, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = &proc_dointvec + }, #endif /* CONFIG_XFRM */ #endif /* CONFIG_NET */ { diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c index 64eac25..31737cd 100644 --- a/net/dccp/ipv6.c +++ b/net/dccp/ipv6.c @@ -1043,9 +1043,13 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, if (final_p) ipv6_addr_copy(&fl.fl6_dst, final_p); - err = xfrm_lookup(&dst, &fl, sk, 1); - if (err < 0) - goto failure; + err = __xfrm_lookup(&dst, &fl, sk, 1); + if (err < 0) { + if (err == -EREMOTE) + err = ip6_dst_blackhole(sk, &dst, &fl); + if (err < 0) + goto failure; + } if (saddr == NULL) { saddr = &fl.fl6_src; diff --git a/net/ipv4/route.c b/net/ipv4/route.c index df9fe4f..8603cfb 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2598,6 +2598,69 @@ int __ip_route_output_key(struct rtable **rp, const struct flowi *flp) EXPORT_SYMBOL_GPL(__ip_route_output_key); +static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu) +{ +} + +static struct dst_ops ipv4_dst_blackhole_ops = { + .family = AF_INET, + .protocol = __constant_htons(ETH_P_IP), + .destroy = ipv4_dst_destroy, + .check = ipv4_dst_check, + .update_pmtu = ipv4_rt_blackhole_update_pmtu, + .entry_size = sizeof(struct rtable), +}; + + +static int ipv4_blackhole_output(struct sk_buff *skb) +{ + kfree_skb(skb); + return 0; +} + +static int ipv4_dst_blackhole(struct rtable **rp, struct flowi *flp, struct sock *sk) +{ + struct rtable *ort = *rp; + struct rtable *rt = (struct rtable *) + dst_alloc(&ipv4_dst_blackhole_ops); + + if (rt) { + struct dst_entry *new = &rt->u.dst; + + atomic_set(&new->__refcnt, 1); + new->__use = 1; + new->input = ipv4_blackhole_output; + new->output = ipv4_blackhole_output; + memcpy(new->metrics, ort->u.dst.metrics, RTAX_MAX*sizeof(u32)); + + new->dev = ort->u.dst.dev; + if (new->dev) + dev_hold(new->dev); + + rt->fl = ort->fl; + + rt->idev = ort->idev; + if (rt->idev) + in_dev_hold(rt->idev); + rt->rt_flags = ort->rt_flags; + rt->rt_type = ort->rt_type; + rt->rt_dst = ort->rt_dst; + rt->rt_src = ort->rt_src; + rt->rt_iif = ort->rt_iif; + rt->rt_gateway = ort->rt_gateway; + rt->rt_spec_dst = ort->rt_spec_dst; + rt->peer = ort->peer; + if (rt->peer) + atomic_inc(&rt->peer->refcnt); + + dst_free(new); + } + + dst_release(&(*rp)->u.dst); + *rp = rt; + return (rt ? 0 : -ENOMEM); +} + int ip_route_output_flow(struct rtable **rp, struct flowi *flp, struct sock *sk, int flags) { int err; @@ -2610,7 +2673,11 @@ int ip_route_output_flow(struct rtable **rp, struct flowi *flp, struct sock *sk, flp->fl4_src = (*rp)->rt_src; if (!flp->fl4_dst) flp->fl4_dst = (*rp)->rt_dst; - return xfrm_lookup((struct dst_entry **)rp, flp, sk, flags); + err = __xfrm_lookup((struct dst_entry **)rp, flp, sk, flags); + if (err == -EREMOTE) + err = ipv4_dst_blackhole(rp, flp, sk); + + return err; } return 0; @@ -3139,6 +3206,8 @@ int __init ip_rt_init(void) kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL); + ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep; + rt_hash_table = (struct rt_hash_bucket *) alloc_large_system_hash("IP route cache", sizeof(struct rt_hash_bucket), diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index 403eee6..b1fe7ac 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c @@ -177,8 +177,12 @@ ipv4_connected: if (final_p) ipv6_addr_copy(&fl.fl6_dst, final_p); - if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0) - goto out; + if ((err = __xfrm_lookup(&dst, &fl, sk, 1)) < 0) { + if (err == -EREMOTE) + err = ip6_dst_blackhole(sk, &dst, &fl); + if (err < 0) + goto out; + } /* source address lookup done in ip6_dst_lookup */ diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index 009a104..a58459a 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -818,8 +818,12 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk, if (final_p) ipv6_addr_copy(&fl.fl6_dst, final_p); - if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0) - goto out; + if ((err = __xfrm_lookup(&dst, &fl, sk, 1)) < 0) { + if (err == -EREMOTE) + err = ip6_dst_blackhole(sk, &dst, &fl); + if (err < 0) + goto out; + } if (hlimit < 0) { if (ipv6_addr_is_multicast(&fl.fl6_dst)) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index b46ad53..1324b06 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -119,6 +119,19 @@ static struct dst_ops ip6_dst_ops = { .entry_size = sizeof(struct rt6_info), }; +static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu) +{ +} + +static struct dst_ops ip6_dst_blackhole_ops = { + .family = AF_INET6, + .protocol = __constant_htons(ETH_P_IPV6), + .destroy = ip6_dst_destroy, + .check = ip6_dst_check, + .update_pmtu = ip6_rt_blackhole_update_pmtu, + .entry_size = sizeof(struct rt6_info), +}; + struct rt6_info ip6_null_entry = { .u = { .dst = { @@ -833,6 +846,54 @@ struct dst_entry * ip6_route_output(struct sock *sk, struct flowi *fl) EXPORT_SYMBOL(ip6_route_output); +static int ip6_blackhole_output(struct sk_buff *skb) +{ + kfree_skb(skb); + return 0; +} + +int ip6_dst_blackhole(struct sock *sk, struct dst_entry **dstp, struct flowi *fl) +{ + struct rt6_info *ort = (struct rt6_info *) *dstp; + struct rt6_info *rt = (struct rt6_info *) + dst_alloc(&ip6_dst_blackhole_ops); + struct dst_entry *new = NULL; + + if (rt) { + new = &rt->u.dst; + + atomic_set(&new->__refcnt, 1); + new->__use = 1; + new->input = ip6_blackhole_output; + new->output = ip6_blackhole_output; + + memcpy(new->metrics, ort->u.dst.metrics, RTAX_MAX*sizeof(u32)); + new->dev = ort->u.dst.dev; + if (new->dev) + dev_hold(new->dev); + rt->rt6i_idev = ort->rt6i_idev; + if (rt->rt6i_idev) + in6_dev_hold(rt->rt6i_idev); + rt->rt6i_expires = 0; + + ipv6_addr_copy(&rt->rt6i_gateway, &ort->rt6i_gateway); + rt->rt6i_flags = ort->rt6i_flags & ~RTF_EXPIRES; + rt->rt6i_metric = 0; + + memcpy(&rt->rt6i_dst, &ort->rt6i_dst, sizeof(struct rt6key)); +#ifdef CONFIG_IPV6_SUBTREES + memcpy(&rt->rt6i_src, &ort->rt6i_src, sizeof(struct rt6key)); +#endif + + dst_free(new); + } + + dst_release(*dstp); + *dstp = new; + return (new ? 0 : -ENOMEM); +} +EXPORT_SYMBOL_GPL(ip6_dst_blackhole); + /* * Destination cache support functions */ @@ -2495,6 +2556,8 @@ void __init ip6_route_init(void) ip6_dst_ops.kmem_cachep = kmem_cache_create("ip6_dst_cache", sizeof(struct rt6_info), 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL); + ip6_dst_blackhole_ops.kmem_cachep = ip6_dst_ops.kmem_cachep; + fib6_init(); #ifdef CONFIG_PROC_FS p = proc_net_create("ipv6_route", 0, rt6_proc_info); diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index e2f25ea..4f06a51 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -265,8 +265,12 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, if (final_p) ipv6_addr_copy(&fl.fl6_dst, final_p); - if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0) - goto failure; + if ((err = __xfrm_lookup(&dst, &fl, sk, 1)) < 0) { + if (err == -EREMOTE) + err = ip6_dst_blackhole(sk, &dst, &fl); + if (err < 0) + goto failure; + } if (saddr == NULL) { saddr = &fl.fl6_src; diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index a7ae59c..d1fbddd 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -767,8 +767,12 @@ do_udp_sendmsg: if (final_p) ipv6_addr_copy(&fl.fl6_dst, final_p); - if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0) - goto out; + if ((err = __xfrm_lookup(&dst, &fl, sk, 1)) < 0) { + if (err == -EREMOTE) + err = ip6_dst_blackhole(sk, &dst, &fl); + if (err < 0) + goto out; + } if (hlimit < 0) { if (ipv6_addr_is_multicast(&fl.fl6_dst)) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index d0882e5..b8bab89 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -29,6 +29,8 @@ #include "xfrm_hash.h" +int sysctl_xfrm_larval_drop; + DEFINE_MUTEX(xfrm_cfg_mutex); EXPORT_SYMBOL(xfrm_cfg_mutex); @@ -1390,8 +1392,8 @@ static int stale_bundle(struct dst_entry *dst); * At the moment we eat a raw IP route. Mostly to speed up lookups * on interfaces with disabled IPsec. */ -int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, - struct sock *sk, int flags) +int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, + struct sock *sk, int flags) { struct xfrm_policy *policy; struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX]; @@ -1509,6 +1511,13 @@ restart: if (unlikely(nx<0)) { err = nx; + if (err == -EAGAIN && sysctl_xfrm_larval_drop) { + /* EREMOTE tells the caller to generate + * a one-shot blackhole route. + */ + xfrm_pol_put(policy); + return -EREMOTE; + } if (err == -EAGAIN && flags) { DECLARE_WAITQUEUE(wait, current); @@ -1598,6 +1607,21 @@ error: *dst_p = NULL; return err; } +EXPORT_SYMBOL(__xfrm_lookup); + +int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, + struct sock *sk, int flags) +{ + int err = __xfrm_lookup(dst_p, fl, sk, flags); + + if (err == -EREMOTE) { + dst_release(*dst_p); + *dst_p = NULL; + err = -EAGAIN; + } + + return err; +} EXPORT_SYMBOL(xfrm_lookup); static inline int -- cgit v0.10.2