Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-2.6.34.y 2014-02-10T21:10:42+00:00 2014-02-10T21:10:42+00:00 Eric Dumazet eric.dumazet@gmail.com 2011-04-21T09:45:37+00:00 urn:sha1:01f69c1211fdcbcb6f7f5624234499264687b258 commit f6d8bd051c391c1c0458a30b2a7abcd939329259 upstream. We lack proper synchronization to manipulate inet->opt ip_options Problem is ip_make_skb() calls ip_setup_cork() and ip_setup_cork() possibly makes a copy of ipc->opt (struct ip_options), without any protection against another thread manipulating inet->opt. Another thread can change inet->opt pointer and free old one under us. Use RCU to protect inet->opt (changed to inet->inet_opt). Instead of handling atomic refcounts, just copy ip_options when necessary, to avoid cache line dirtying. We cant insert an rcu_head in struct ip_options since its included in skb->cb[], so this patch is large because I had to introduce a new ip_options_rcu structure. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> [dannf/bwh: backported to Debian's 2.6.32] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Willy Tarreau <w@1wt.eu> [PG: use 2.6.32 patch, since it is closer to 2.6.34 than original baseline; drop net/l2tp/l2tp_ip.c chunk as we don't have that file] Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> 2010-01-12T00:28:01+00:00 Stephen Hemminger shemminger@vyatta.com 2010-01-12T00:28:01+00:00 urn:sha1:d218d11133d888f9745802146a50255a4781d37a This patch adds the kernel portions needed to implement RFC 5082 Generalized TTL Security Mechanism (GTSM). It is a lightweight security measure against forged packets causing DoS attacks (for BGP). This is already implemented the same way in BSD kernels. For the necessary Quagga patch http://www.gossamer-threads.com/lists/quagga/dev/17389 Description from Cisco http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_btsh.html It does add one byte to each socket structure, but I did a little rearrangement to reuse a hole (on 64 bit), but it does grow the structure on 32 bit This should be documented on ip(4) man page and the Glibc in.h file also needs update. IPV6_MINHOPLIMIT should also be added (although BSD doesn't support that). Only TCP is supported, but could also be added to UDP, DCCP, SCTP if desired. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2009-10-19T01:52:53+00:00 Eric Dumazet eric.dumazet@gmail.com 2009-10-15T06:30:45+00:00 urn:sha1:c720c7e8383aff1cb219bddf474ed89d850336e3 In order to have better cache layouts of struct sock (separate zones for rx/tx paths), we need this preliminary patch. Goal is to transfert fields used at lookup time in the first read-mostly cache line (inside struct sock_common) and move sk_refcnt to a separate cache line (only written by rx path) This patch adds inet_ prefix to daddr, rcv_saddr, dport, num, saddr, sport and id fields. This allows a future patch to define these fields as macros, like sk_refcnt, without name clashes. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2009-06-16T20:09:51+00:00 Linus Torvalds torvalds@linux-foundation.org 2009-06-16T20:09:51+00:00 urn:sha1:b3fec0fe35a4ff048484f1408385a27695d4273b * 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/vegard/kmemcheck: (39 commits) signal: fix __send_signal() false positive kmemcheck warning fs: fix do_mount_root() false positive kmemcheck warning fs: introduce __getname_gfp() trace: annotate bitfields in struct ring_buffer_event net: annotate struct sock bitfield c2port: annotate bitfield for kmemcheck net: annotate inet_timewait_sock bitfields ieee1394/csr1212: fix false positive kmemcheck report ieee1394: annotate bitfield net: annotate bitfields in struct inet_sock net: use kmemcheck bitfields API for skbuff kmemcheck: introduce bitfield API kmemcheck: add opcode self-testing at boot x86: unify pte_hidden x86: make _PAGE_HIDDEN conditional kmemcheck: make kconfig accessible for other architectures kmemcheck: enable in the x86 Kconfig kmemcheck: add hooks for the page allocator kmemcheck: add hooks for page- and sg-dma-mappings kmemcheck: don't track page tables ... 2009-06-15T13:49:27+00:00 Vegard Nossum vegard.nossum@gmail.com 2008-09-09T04:43:12+00:00 urn:sha1:45e3ff82708c65c895d5c5882aff17ecf62a80b5 Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com> 2009-06-02T07:45:24+00:00 Nivedita Singhvi niv@us.ibm.com 2009-05-28T07:00:46+00:00 urn:sha1:f771bef98004d9d141b085d987a77d06669d4f4f After some discussion offline with Christoph Lameter and David Stevens regarding multicast behaviour in Linux, I'm submitting a slightly modified patch from the one Christoph submitted earlier. This patch provides a new socket option IP_MULTICAST_ALL. In this case, default behaviour is _unchanged_ from the current Linux standard. The socket option is set by default to provide original behaviour. Sockets wishing to receive data only from multicast groups they join explicitly will need to clear this socket option. Signed-off-by: Nivedita Singhvi <niv@us.ibm.com> Signed-off-by: Christoph Lameter<cl@linux.com> Acked-by: David Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-10-01T14:46:49+00:00 KOVACS Krisztian hidden@sch.bme.hu 2008-10-01T14:46:49+00:00 urn:sha1:a3116ac5c216fc3c145906a46df9ce542ff7dcf2 Current TCP code relies on the local port of the listening socket being the same as the destination address of the incoming connection. Port redirection used by many transparent proxying techniques obviously breaks this, so we have to store the original destination port address. This patch extends struct inet_request_sock and stores the incoming destination port value there. It also modifies the handshake code to use that value as the source port when sending reply packets. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-10-01T14:41:00+00:00 KOVACS Krisztian hidden@sch.bme.hu 2008-10-01T14:41:00+00:00 urn:sha1:88ef4a5a78e63420dd1dd770f1bd1dc198926b04 The TCP stack sends out SYN+ACK/ACK/RST reply packets in response to incoming packets. The non-local source address check on output bites us again, as replies for transparently redirected traffic won't have a chance to leave the node. This patch selectively sets the FLOWI_FLAG_ANYSRC flag when doing the route lookup for those replies. Transparent replies are enabled if the listening socket has the transparent socket flag set. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-10-01T14:33:10+00:00 KOVACS Krisztian hidden@sch.bme.hu 2008-10-01T14:33:10+00:00 urn:sha1:1668e010cbe1a7567c81d4c02d31dde9859e9da1 inet_iif() in inet_sock.h requires route.h. Since users of inet_iif() usually require other route.h functionality anyway this patch moves inet_iif() to route.h. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-10-01T14:30:02+00:00 KOVACS Krisztian hidden@sch.bme.hu 2008-10-01T14:30:02+00:00 urn:sha1:f5715aea4564f233767ea1d944b2637a5fd7cd2e This patch introduces the IP_TRANSPARENT socket option: enabling that will make the IPv4 routing omit the non-local source address check on output. Setting IP_TRANSPARENT requires NET_ADMIN capability. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: David S. Miller <davem@davemloft.net>