summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2008-11-25netfilter: nfmark routing in OUTPUT, mangle, NFQUEUEEric Leblond
This patch let nfmark to be evaluated for routing decision for OUTPUT packet, in mangle table, when process paquet in NFQUEUE Until now, only change (in NFQUEUE process) on fields src_addr, dest_addr and tos could make netfilter to reevalute the routing. From: Laurent Licour <laurent@licour.com> Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-24netfilter: nf_conntrack_ftp: change "partial ..." message to pr_debug()Patrick McHardy
The message triggers when sending non-FTP data on port 21 or with certain clients that use multiple syscalls to send the command. Change to pr_debug() since users have been complaining. Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-24netfilter: nf_conntrack_proto_sctp: avoid bogus warningPatrick McHardy
net/netfilter/nf_conntrack_proto_sctp.c: In function 'sctp_packet': net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds gcc doesn't realize that do_basic_checks() guarantees that there is at least one valid chunk and thus new_state is never SCTP_CONNTRACK_MAX after the loop. Initialize to SCTP_CONNTRACK_NONE to avoid the warning. Based on patch by Wu Fengguang <wfg@linux.intel.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-20netfilter: ip{,6}t_policy.h should include xp_policy.hAndy Whitcroft
It seems that all of the include/netfilter_{ipv4,ipv6}/{ipt,ip6t}_*.h which share constants include the corresponding include/netfilter/xp_*.h files. Neither ipt_policy.h not ip6t_policy.h do. Make these consistant with the norm. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-20netfilter: nf_conntrack_proto_gre: spread __exitAlexey Dobriyan
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-20netfilter: ip6table_filter: merge LOCAL_IN and FORWARD hooksAlexey Dobriyan
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-20netfilter: xt_recent: don't save proc dirsAlexey Dobriyan
Not needed, since creation and removal are done by name. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-18netfilter: nf_conntrack: fix warning and prototype mismatchPatrick McHardy
net/netfilter/nf_conntrack_core.c:46:1: warning: symbol 'nfnetlink_parse_nat_setup_hook' was not declared. Should it be static? Including the proper header also revealed an incorrect prototype. Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-18netfilter: nfnetlink_log: fix warning and prototype mismatchPatrick McHardy
net/netfilter/nfnetlink_log.c:537:1: warning: symbol 'nfulnl_log_packet' was not declared. Should it be static? Including the proper header also revealed an incorrect prototype. Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-18netfilter: ctnetlink: deliver events for conntracks changed from userspacePablo Neira Ayuso
As for now, the creation and update of conntracks via ctnetlink do not propagate an event to userspace. This can result in inconsistent situations if several userspace processes modify the connection tracking table by means of ctnetlink at the same time. Specifically, using the conntrack command line tool and conntrackd at the same time can trigger unconsistencies. This patch also modifies the event cache infrastructure to pass the process PID and the ECHO flag to nfnetlink_send() to report back to userspace if the process that triggered the change needs so. Based on a suggestion from Patrick McHardy. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-18netfilter: ctnetlink: helper modules load-on-demand supportPablo Neira Ayuso
This patch adds module loading for helpers via ctnetlink. * Creation path: We support explicit and implicit helper assignation. For the explicit case, we try to load the module. If the module is correctly loaded and the helper is present, we return EAGAIN to re-start the creation. Otherwise, we return EOPNOTSUPP. * Update path: release the spin lock, load the module and check. If it is present, then return EAGAIN to re-start the update. This patch provides a refactorized function to lookup-and-set the connection tracking helper. The function removes the exported symbol __nf_ct_helper_find as it has not clients anymore. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-17netfilter: nf_conntrack: connection tracking helper name persistent aliasesPablo Neira Ayuso
This patch adds the macro MODULE_ALIAS_NFCT_HELPER that defines a way to provide generic and persistent aliases for the connection tracking helpers. This next patch requires this patch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-17netfilter: ctnetlink: get rid of module refcounting in ctnetlinkPablo Neira Ayuso
This patch replaces the unnecessary module refcounting with the read-side locks. With this patch, all the dump and fill_info function are called under the RCU read lock. Based on a patch from Fabian Hugelshofer. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-17netfilter: ctnetlink: use EOPNOTSUPP instead of EINVAL if the conntrack has ↵Pablo Neira Ayuso
no helper This patch changes the return value if the conntrack has no helper assigned. Instead of EINVAL, which is reserved for malformed messages, it returns EOPNOTSUPP. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-17netfilter: ctnetlink: use nf_conntrack_get instead of atomic_incPablo Neira Ayuso
Use nf_conntrack_get instead of the direct call to atomic_inc. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-04netfilter: nf_nat: remove warn_if_extra_mangleSimon Arlott
In net/ipv4/netfilter/nf_nat_rule.c, the function warn_if_extra_mangle was added in commit 5b1158e909ecbe1a052203e0d8df15633f829930 (2006-12-02). I have a DNAT target in the OUTPUT chain than changes connections with dst 2.0.0.1 to another address which I'll substitute with 66.102.9.99 below. On every boot I get the following message: [ 146.252505] NAT: no longer support implicit source local NAT [ 146.252517] NAT: packet src 66.102.9.99 -> dst 2.0.0.1 As far as I can tell from reading the function doing this, it should warn if the source IP for the route to 66.102.9.99 is different from 2.0.0.1 but that is not the case. It doesn't make sense to check the DNAT target against the local route source. Either the function should be changed to correctly check the route, or it should be removed entirely as it's been nearly 2 years since it was added. Signed-off-by: Simon Arlott <simon@fire.lp0.eu> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-04netfilter: netns ebtables: br_nf_pre_routing_finish() fixupAlexey Dobriyan
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-04netfilter: netns ebtables: ebtable_nat in netnsAlexey Dobriyan
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-04netfilter: netns ebtables: ebtable_filter in netnsAlexey Dobriyan
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-04netfilter: netns ebtables: ebtable_broute in netnsAlexey Dobriyan
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-04netfilter: netns ebtables: more cleanup during ebt_unregister_table()Alexey Dobriyan
Now that ebt_unregister_table() can be called during netns stop, and module pinning scheme can't prevent netns stop, do table cleanup by hand. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-04netfilter: netns ebtables: part 2Alexey Dobriyan
* return ebt_table from ebt_register_table(), module code will save it into per-netns data for unregistration * duplicate ebt_table at the very beginning of registration -- it's added into list, so one ebt_table wouldn't end up in many lists (and each netns has different one) * introduce underscored tables in individial modules, this is temporary to not break bisection. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-04netfilter: netns ebtables: part 1Alexey Dobriyan
* propagate netns from userspace, register table in passed netns * remporarily register every ebt_table in init_net P. S.: one needs to add ".netns_ok = 1" to igmp_protocol to test with ebtables(8) in netns. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-04netfilter: arptable_filter: merge forward hookAlexey Dobriyan
It's identical to NF_ARP_IN hook. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-04netfilter: netns-aware ipt_addrtypeAlexey Dobriyan
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-04netfilter: xt_NFLOG: don't call nf_log_packet in NFLOG module.Eric Leblond
This patch modifies xt_NFLOG to suppress the call to nf_log_packet() function. The call of this wrapper in xt_NFLOG was causing NFLOG to use the first initialized module. Thus, if ipt_ULOG is loaded before nfnetlink_log all NFLOG rules are treated as plain LOG rules. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-11-04net/: Kill now superfluous ->last_rx stores.David S. Miller
The generic packet receive code takes care of setting netdev->last_rx when necessary, for the sake of the bonding ARP monitor. Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04netem: eliminate unneeded return valuesStephen Hemminger
All these individual parsing functions never return an error, so they can be void. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04drivers/net: Kill now superfluous ->last_rx stores.David S. Miller
The generic packet receive code takes care of setting netdev->last_rx when necessary, for the sake of the bonding ARP monitor. Drivers need not do it any more. Some cases had to be skipped over because the drivers were making use of the ->last_rx value themselves. Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04net: remove two duplicated #includeJianjun Kong
Removed duplicated #include <rdma/ib_verbs.h> in net/9p/trans_rdma.c and #include <linux/thread_info.h> in net/socket.c Signed-off-by: Jianjun Kong <jianjun@zeuux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04net: '&' reduxAlexey Dobriyan
I want to compile out proc_* and sysctl_* handlers totally and stub them to NULL depending on config options, however usage of & will prevent this, since taking adress of NULL pointer will break compilation. So, drop & in front of every ->proc_handler and every ->strategy handler, it was never needed in fact. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04bonding, net: Move last_rx update into bonding recv logicJay Vosburgh
The only user of the net_device->last_rx field is bonding. This patch adds a conditional update of last_rx to the bonding special logic in skb_bond_should_drop, causing last_rx to only be updated when the ARP monitor is running. This frees network device drivers from the necessity of updating last_rx, which can have cache line thrash issues. Signed-off-by: Jay Vosburgh <fubar@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04net: increase receive packet quantumStephen Hemminger
This patch gets about 1.25% back on tbench regression. My change to NAPI for multiqueue support changed the time limit on network receive processing. Under sustained loads like tbench, this can cause the receiver to reschedule prematurely. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04printk: ipv4 address digits printed in reverse orderHarvey Harrison
put_dec_trunc prints the digits in reverse order and is reversed inside number(). Continue using put_dec_trunc, but reverse each quad in ip4_addr_string. [Noticed by Julius Volz] Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04IPVS: Remove supports_ipv6 scheduler flagJulius Volz
Remove the 'supports_ipv6' scheduler flag since all schedulers now support IPv6. Signed-off-by: Julius Volz <julius.volz@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04IPVS: Add IPv6 support to LBLC/LBLCR schedulersJulius Volz
Add IPv6 support to LBLC and LBLCR schedulers. These were the last schedulers without IPv6 support, but we might want to keep the supports_ipv6 flag in the case of future schedulers without IPv6 support. Signed-off-by: Julius Volz <julius.volz@gmail.com> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04tg3: Update version to 3.95Matt Carlson
This patch updates the version to 3.95. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04broadcom: Add support for BCM50610Matt Carlson
This patch adds the BCM50610 to the list of phys supported by the broadcom driver. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04broadcom: Refine expansion register access routineMatt Carlson
This patch makes the expansion register access routines a little more formal. They will be used by the following bcm50610 support patch. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04broadcom: Add flow control supportMatt Carlson
This patch adds flow control support to Broadcom phys. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04tg3: 5785 enhancementsMatt Carlson
This patch refines support for the 5785 device. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04tg3: Refine phylib supportMatt Carlson
This patch refines the phylib support in the tg3 driver. The patch does the following things : * Rename tg3_mdio_config() to tg3_mdio_config_5785(). The 5785 will be the only device that will use it so the name might as well reflect that. * Fix a memory leak if mdiobus_register() fails. * Add code to deal with phy device detection failures. * Add code to correct the supported list of phy features based on the MAC <=> PHY interface. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04tg3: Allow WOL for phylib controlled Broadcom physMatt Carlson
This patch allows WOL to be enabled for Broadcom phys under phylib control. The only exception is the AC131, which has a completely different register set. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04tg3: Refine power management and WOL codeMatt Carlson
Commit 12dac0756d357325b107fe6ec24921ec38661839 ("tg3: adapt tg3 to use reworked PCI PM code") introduced the new PCI PM API to the tg3 driver. The patch was understandably conservative, so this patch elaborates on that work. The patch starts by creating a single point in tg3_set_power_state() to decide whether or not to enable WOL. The rest of the code in tg3_set_power_state() was then pivoted to use the result of this decision. The patch then makes sure the device is allowed to wakeup before reporting whether or not WOL is currently enabled. The final hunks of the patch consolidate where the WOL capability and WOL enabled flags are set to a single location. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04tg3: Move phylib report to end of tg3_init_oneMatt Carlson
Currently, phylib reports appear with a eth%d prefix. Move the line after register_netdev() and place it alongside the other informative messages. Update nearby informative messages accordingly. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04tg3: Do not enable APE on bcm5700Matt Carlson
With older versions of the NVRAM format, the driver may mistakenly determine that APE is enabled. Make sure this doesn't happen by restricting the ENABLE_APE check to devices known to have more recent NVRAM image formats. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04tg3: Reclaim TG3_FLG3_5761_5784_AX_FIXES flagMatt Carlson
This patch reclaims the TG3_FLG3_5761_5784_AX_FIXES flag. It only used twice in non-fast paths. This patch also consolidates some other places where specific 5784 AX chip revisions can be generalized. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04tg3: Preserve LAA when device control is releasedMatt Carlson
This patch moves the __tg3_set_mac_addr() function earlier in the file listing, to avoid a function prototype, and calls the function to restore the LAA after a driver unload chip reset. With this code in place, the administrator can wake the machine using the LAA. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04tg3: Preserve DASH connectivity when WOL enabledMatt Carlson
DASH firmware runs on the APE side of the chip, but it requires a few MAC to be programmed correctly. When WOL is enabled and management firmware is disabled, incoming packets are evaluated and discarded at the chip's rule processor. When management firmware is enabled, the hardware must be informed that there are agents further up the stack that still use the incoming frames. Normally management firmware will configure the MAC correctly on its own, but there can be cases where the setting could get clobbered by the driver. The first hunk of this patch preserves this setting. The second hunk of this patch wipes out the driver present signature of the APE memory space. By doing so, the DASH firmware can assume driver absent behavior. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-04tg3: Use pci_ioremap_bar()Matt Carlson
This patch replaces the existing APE register mapping code with a call to pci_ioremap_bar(). The code that maps the main device register space did not undergo a similar change because the information derived from the pci_resource_start() and pci_resource_len() is still used to populate the (optional) mem_start and mem_end netdevice members. Replace hardcoded constants where appropriate. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>