summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-06-10netfilter: {ip,ip6,nfnetlink}_queue: misc cleanupsRami Rosen3-7/+0
- No need to perform data_len = 0 in the switch command, since data_len is initialized to 0 in the beginning of the ipq_build_packet_message() method. - {ip,ip6}_queue: We can reach nlmsg_failure only from one place; skb is sure to be NULL when getting there; since skb is NULL, there is no need to check this fact and call kfree_skb(). Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10netfilter: nf_conntrack: remove unnecessary function declarationRami Rosen1-2/+0
This patch removes nf_ct_ipv4_ct_gather_frags() method declaration from include/net/netfilter/ipv4/nf_conntrack_ipv4.h, since it is unused in the Linux kernel. Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10netfilter: ctnetlink: include conntrack status in destroy event messageFabian Hugelshofer1-3/+3
When a conntrack is destroyed, the connection status does not get exported to netlink. I don't see a reason for not doing so. This patch exports the status on all conntrack events. Signed-off-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10netfilter: nf_conntrack: properly account terminating packetsFabian Hugelshofer6-7/+36
Currently the last packet of a connection isn't accounted when its causing abnormal termination. Introduces nf_ct_kill_acct() which increments the accounting counters on conntrack kill. The new function was necessary, because there are calls to nf_ct_kill() which don't need accounting: nf_conntrack_proto_tcp.c line ~847: Kills ct and returns NF_REPEAT. We don't want to count twice. nf_conntrack_proto_tcp.c line ~880: Kills ct and returns NF_DROP. I think we don't want to count dropped packets. nf_conntrack_netlink.c line ~824: As far as I can see ctnetlink_del_conntrack() is used to destroy a conntrack on behalf of the user. There is an sk_buff, but I don't think this is an actual packet. Incrementing counters here is therefore not desired. Signed-off-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10netfilter: nf_conntrack: add nf_ct_kill()Patrick McHardy7-16/+18
Encapsulate the common if (del_timer(&ct->timeout)) ct->timeout.function((unsigned long)ct) sequence in a new function. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10netfilter: nf_conntrack_extend: use krealloc() in nf_conntrack_extend.c V2Pekka Enberg1-6/+4
The ksize() API is going away because it is being abused and it doesn't even work consistenly across different allocators. Therefore, convert net/netfilter/nf_conntrack_extend.c to use krealloc(). Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10netfilter: ip6_tables: add ip6tables security tableJames Morris5-0/+187
This is a port of the IPv4 security table for IPv6. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10netfilter: ip_tables: add iptables security table for mandatory access ↵James Morris7-6/+209
control rules The following patch implements a new "security" table for iptables, so that MAC (SELinux etc.) networking rules can be managed separately to standard DAC rules. This is to help with distro integration of the new secmark-based network controls, per various previous discussions. The need for a separate table arises from the fact that existing tools and usage of iptables will likely clash with centralized MAC policy management. The SECMARK and CONNSECMARK targets will still be valid in the mangle table to prevent breakage of existing users. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10netfilter: ctnetlink: add full support for SCTP to ctnetlinkPablo Neira Ayuso2-0/+90
This patch adds full support for SCTP to ctnetlink. This includes three new attributes: state, original vtag and reply vtag. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10netfilter: ctnetlink: group errors into logical errno setsPablo Neira Ayuso1-11/+10
This patch groups ctnetlink errors into three logical sets: * Malformed messages: if ctnetlink receives a message without some mandatory attribute, then it returns EINVAL. * Unsupported operations: if userspace tries to perform an unsupported operation, then it returns EOPNOTSUPP. * Unchangeable: if userspace tries to change some attribute of the conntrack object that can only be set once, then it returns EBUSY. This patch reduces the number of -EINVAL from 23 to 14 and it results in 5 -EBUSY and 6 -EOPNOTSUPP. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10netfilter: ebtables: add IPv6 supportKuo-lang Tseng6-17/+244
It implements matching functions for IPv6 address & traffic class (merged from the patch sent by Jan Engelhardt [jengelh@computergmbh.de] http://marc.info/?l=netfilter-devel&m=120182168424052&w=2), protocol, and layer-4 port id. Corresponding watcher logging function is also added for IPv6. Signed-off-by: Kuo-lang Tseng <kuo-lang.tseng@intel.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10af_iucv: exploit target message class support of IUCVUrsula Braun1-0/+1
The first 4 bytes of data to be sent are stored additionally into the message class field of the send request. A receiving target program (not an af_iucv socket program) can make use of this information to pre-screen incoming messages. Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10iucv: prevent cpu hotplug when walking cpu_online_map.Heiko Carstens1-4/+7
The code used preempt_disable() to prevent cpu hotplug, however that doesn't protect for cpus being added. So use get_online_cpus() instead. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10iucv: fix section mismatch warning.Heiko Carstens1-1/+1
WARNING: net/iucv/built-in.o(.exit.text+0x9c): Section mismatch in reference from the function iucv_exit() to the variable .cpuinit.data:iucv_cpu_notifier This warning is caused by a reference from unregister_hotcpu_notifier() from an exit function to a cpuinitdata annotated data structurre. This is a false positive warning since for the non CPU_HOTPLUG case unregister_hotcpu_notifier() is a nop. Use __refdata instead of __cpuinitdata to get rid of the warning. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10sctp: Fix problems with the new SCTP_DELAYED_ACK codeVlad Yasevich1-2/+2
The default sack frequency should be 2. Also fix copy/paste error when updating all transports. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05netlink: Remove nonblock parameter from netlink_attachskbDenis V. Lunev3-4/+4
Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tipc: Message rejection rework preparatory changesAllan Stephens3-4/+31
This patch defines a few new message header manipulation routines, and generalizes the usefulness of another, in preparation for upcoming rework of TIPC's message rejection code. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tipc: Fix bugs in rejection of message with short headerAllan Stephens1-4/+6
This patch ensures that TIPC doesn't try to access non-existent message header fields when rejecting a message with a short header. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tipc: Message header creation optimizationsAllan Stephens1-6/+1
This patch eliminates several cases where message header fields were being set to the same value twice. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tipc: Expand link sequence gap field to 13 bitsAllan Stephens1-4/+4
This patch increases the "sequence gap" field of the LINK_PROTOCOL message header from 8 bits to 13 bits (utilizing 5 previously unused 0 bits). This ensures that the field is big enough to indicate the loss of up to 8191 consecutive messages on the link, thereby accommodating the current worst-case scenario of 4000 lost messages. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tipc: Add missing spinlock in name table display codeAllan Stephens1-1/+3
This patch ensures that the display code that traverses the publication lists belonging to a name table entry take its associated spinlock, to protect against a possible change to one of its "head of list" pointers caused by a simultaneous name table lookup operation by another thread of control. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tipc: Prevent display of name table types with no publicationsAllan Stephens1-0/+3
This patch adds a check to prevent TIPC's name table display code from listing a name type entry if it exists only to hold subscription info, rather than published names. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tipc: Optimize message initialization routineAllan Stephens7-18/+16
This patch eliminates the rarely-used "error code" argument when initializing a TIPC message header, since the default value of zero is the desired result in most cases; the few exceptional cases now set the error code explicitly. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tipc: Prevent access of non-existent field in short message headerAllan Stephens1-1/+3
This patch eliminates a case where TIPC's link code could try reading a field that is not present in a short message header. (The random value obtained was not being used, but the read operation could result in an invalid memory access exception in extremely rare circumstances.) Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tipc: Minor optimizations to received message processingAllan Stephens3-25/+8
This patch enhances TIPC's handler for incoming messages in two ways: - the trivial, single-use routine for processing non-sequenced messages has been merged into the main handler - the interface that received a message is now identified without having to access and/or modify the associated sk_buff Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tipc: Fix minor bugs in link session number handlingAllan Stephens1-5/+12
This patch introduces a new, out-of-range value to indicate that a link endpoint does not have an existing session established with its peer, eliminating the risk that the previously used "invalid session number" value (i.e. zero) might eventually be assigned as a valid session number and cause incorrect link behavior. The patch also introduces explicit bit masking when assigning a new link session number to ensure it does not exceed 16 bits. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tipc: Fix bugs in message error code display when debuggingAllan Stephens1-3/+0
This patch corrects two problems in the display of error code information in TIPC messages when debugging: - no longer tries to display error code in NAME_DISTRIBUTOR messages, which don't have the error field - now displays error code in 24 byte data messages, which do have the error field Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tipc: Standardize error checking on incoming messages via native APIAllan Stephens1-16/+9
This patch re-orders & re-groups the error checks performed on messages being delivered to native API ports, in order to clarify the similarities and differences required for the various message types. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tipc: Fix bug in connection setup via native APIAllan Stephens1-6/+3
This patch fixes a bug that prevented TIPC from receiving a connection setup request message on a native TIPC port. The revised connection setup logic ensures that validation of the source of a connection-based message is skipped if the port is not yet connected to a peer. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-31ns8320: use netdev_alloc_skbStephen Hemminger1-6/+3
Use netdev_alloc_skb. This sets skb->dev and allows arch specific allocation. Compile tested only. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31ts108: use netdev_alloc_skbStephen Hemminger1-2/+4
Use netdev_alloc_skb for rx buffer allocation. This sets skb->dev and can be overriden for NUMA machines. This device is PowerPC only, so not tested or compiled. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31net/s2io: set_rxd_buffer_pointer returns -ENOMEM, not ENOMEMMarcin Slusarz1-1/+1
Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Cc: Ramkrishna Vepa <ram.vepa@neterion.com> Cc: Rastapur Santosh <santosh.rastapur@neterion.com> Cc: Sivakumar Subramani <sivakumar.subramani@neterion.com> Cc: Sreenivasa Honnur <sreenivasa.honnur@neterion.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31sky2: pci power savingsStephen Hemminger2-7/+107
Turn on special bits to save more power when device is shutdown. Tested on a limited range of hardware, some of the bits are for hardware that probably isn't even in production (like Yukon Supreme) and was ported from the vendor driver. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31sky2: put PHY in sleep when downStephen Hemminger2-2/+45
Put PHY int sleep mode (from vendor sk98lin 10.50 driver) when the network device is brought down. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31sky2: split phy power into two functionsStephen Hemminger1-15/+24
Later changes add more code to PHY power changes so refactor now. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31[netdrvr] forcedeth: reorder suspend/resume codeTobias Diedrich1-15/+11
Match the suspend/resume code ordering in e100/e1000e more closely. For example the configuration space should be saved on suspend even for devices that are not up. Signed-off-by: Tobias Diedrich <ranma+kernel@tdiedrich.de> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31[netdrvr] forcedeth: save/restore device configuration spaceTobias Diedrich1-6/+15
The memory mapped device configuration space is lost during hibernate. Save and restore it (fixes 'swapped mac' problem). Signed-off-by: TTobias Diedrich <ranma+kernel@tdiedrich.de> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31[netdrvr] forcedeth: setup wake-on-lan before shutting downTobias Diedrich1-0/+16
When hibernating in 'shutdown' mode, after saving the image the suspend hook is not called again. However, if the device is in promiscous mode, wake-on-lan will not work. This adds a shutdown hook to setup wake-on-lan before the final shutdown. Signed-off-by: Tobias Diedrich <ranma+kernel@tdiedrich.de> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31ps3: gelic: updown_lock semaphore to mutexDaniel Walker2-6/+6
Signed-off-by: Daniel Walker <dwalker@mvista.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31ps3: gelic: assoc_stat_lock semaphore to mutexDaniel Walker2-12/+12
Signed-off-by: Daniel Walker <dwalker@mvista.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31ps3: gelic: scan_lock semaphore to mutexDaniel Walker2-10/+10
Signed-off-by: Daniel Walker <dwalker@mvista.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31fs_enet: MDIO on GPIO supportLaurent Pinchart1-11/+20
Port the fs_enet driver to support the MDIO on GPIO driver for PHY access in addition to the mii-bitbang driver. Signed-off-by: Laurent Pinchart <laurentp@cse-semaphore.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31net: OpenFirmware GPIO based MDIO bitbang driverLaurent Pinchart4-0/+233
This patch adds an MDIO bitbang driver that uses the GPIO library and its OF bindings to access the bus I/Os. Signed-off-by: Laurent Pinchart <laurentp@cse-semaphore.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31sfc: Reduce I2C udelay to 5 resulting in a clock frequency of 100 kHzBen Hutchings1-1/+1
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31sfc: Use kernel I2C system and i2c-algo-bit driverBen Hutchings10-559/+133
Remove our own implementation of I2C bit-banging. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31cxgb3: fix build error when INET=nRandy Dunlap1-1/+1
cxgb3 uses lro_* functions and selects INET_LRO, but this doesn't help unless INET is already enabled, so make the driver depend on INET also. sge.c:(.text+0x9f09a): undefined reference to `lro_flush_all' sge.c:(.text+0x9f62f): undefined reference to `lro_receive_skb' sge.c:(.text+0x9f8a3): undefined reference to `lro_receive_frags' sge.c:(.text+0x9fbe0): undefined reference to `lro_vlan_hwaccel_receive_skb' sge.c:(.text+0x9ffcd): undefined reference to `lro_vlan_hwaccel_receive_frags' Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31tlan: wrap source linesStephen Hemminger2-115/+203
Make driver more readable on standard 80 col windows. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31tlan: proper shared IRQ supportStephen Hemminger1-44/+17
Handle shared IRQ correctly. If IRQ is shared, it typically will show up as an IRQ with an empty status field. So check in driver and handle it without crapping out with invalid interrupt message. Compile tested only. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31tlan: manage rx allocation failure betterStephen Hemminger1-34/+29
Rx allocation failure at runtime is non-fatal. For normal Rx frame, it just reuses the buffer, and during setup it just continues with a smaller receive buffer pool. Compile tested only. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-05-31tlan: 64bit conversionStephen Hemminger2-22/+18
Make this driver compile cleanly on 64 bit platforms. Compile tested only. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>