GitHub/LineageOS/G12/android_kernel_amlogic_linux-4.9.git
16 years ago[NETFILTER]: nfnetlink_queue: remove useless enqueue status codes
Patrick McHardy [Wed, 5 Dec 2007 09:31:01 +0000 (01:31 -0800)]
[NETFILTER]: nfnetlink_queue: remove useless enqueue status codes

The queueing core doesn't care about the exact return value from
the queue handler, so there's no need to go through the trouble
of returning a meaningful value as long as we indicate an error.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: eliminate impossible switch case
Patrick McHardy [Wed, 5 Dec 2007 09:30:29 +0000 (01:30 -0800)]
[NETFILTER]: nfnetlink_queue: eliminate impossible switch case

We don't need a default case in nfqnl_build_packet_message(), the
copy_mode is validated when it is set. Tell the compiler about
the possible types and remove the default case. Saves 80b of
text on x86_64.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: use endianness-aware attribute functions
Patrick McHardy [Wed, 5 Dec 2007 09:30:02 +0000 (01:30 -0800)]
[NETFILTER]: nfnetlink_queue: use endianness-aware attribute functions

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: mark hash table __read_mostly
Patrick McHardy [Wed, 5 Dec 2007 09:29:38 +0000 (01:29 -0800)]
[NETFILTER]: nfnetlink_queue: mark hash table __read_mostly

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: remove useless debugging
Patrick McHardy [Wed, 5 Dec 2007 09:29:23 +0000 (01:29 -0800)]
[NETFILTER]: nfnetlink_queue: remove useless debugging

Originally I wanted to just remove the QDEBUG macro and use pr_debug, but
none of the messages seems worth keeping.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: kill useless wrapper
Patrick McHardy [Wed, 5 Dec 2007 09:29:05 +0000 (01:29 -0800)]
[NETFILTER]: nfnetlink_queue: kill useless wrapper

nfqnl_set_mode takes the queue lock and calls __nfqnl_set_mode. Just move
the code from __nfqnl_set_mode to nfqnl_set_mode since there is no other
user.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink: use RCU for queue instances hash
Patrick McHardy [Wed, 5 Dec 2007 09:28:50 +0000 (01:28 -0800)]
[NETFILTER]: nfnetlink: use RCU for queue instances hash

Use RCU for queue instances hash. Avoids multiple atomic operations
for each packet.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: fix checks in nfqnl_recv_config
Patrick McHardy [Wed, 5 Dec 2007 09:28:30 +0000 (01:28 -0800)]
[NETFILTER]: nfnetlink_queue: fix checks in nfqnl_recv_config

The peer_pid must be checked in all cases when a queue exists, currently
it is not checked if for NFQA_CFG_QUEUE_MAXLEN when a NFQA_CFG_CMD
attribute exists in some cases. Same for the queue existance check,
which can cause a NULL pointer dereference.

Also consistently return -ENODEV for "queue not found". -ENOENT would
be better, but that is already used to indicate a queued skb id doesn't
exist.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: avoid unnecessary atomic operation
Patrick McHardy [Wed, 5 Dec 2007 09:28:10 +0000 (01:28 -0800)]
[NETFILTER]: nfnetlink_queue: avoid unnecessary atomic operation

The sequence counter doesn't need to be an atomic_t, just move the increment
inside the locked section.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: remove annoying debugging message
Patrick McHardy [Wed, 5 Dec 2007 09:27:46 +0000 (01:27 -0800)]
[NETFILTER]: remove annoying debugging message

Don't log "nf_hook: Verdict = QUEUE." message with NETFILTER_DEBUG=y.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: clean up error paths
Patrick McHardy [Wed, 5 Dec 2007 09:27:19 +0000 (01:27 -0800)]
[NETFILTER]: nf_queue: clean up error paths

Move duplicated error handling to end of function and add a helper function
to release the device and module references from the queue entry.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: {nfnetlink,ip,ip6}_queue: kill issue_verdict
Patrick McHardy [Wed, 5 Dec 2007 09:27:02 +0000 (01:27 -0800)]
[NETFILTER]: {nfnetlink,ip,ip6}_queue: kill issue_verdict

Now that issue_verdict doesn't need to free the queue entries anymore,
all it does is disable local BHs and call nf_reinject. Move the BH
disabling to the okfn invocation in nf_reinject and kill the
issue_verdict functions.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: move list_head/skb/id to struct nf_info
Patrick McHardy [Wed, 5 Dec 2007 09:26:33 +0000 (01:26 -0800)]
[NETFILTER]: nf_queue: move list_head/skb/id to struct nf_info

Move common fields for queue management to struct nf_info and rename it
to struct nf_queue_entry. The avoids one allocation/free per packet and
simplifies the code a bit.

Alternatively we could add some private room at the tail, but since
all current users use identical structs this seems easier.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: ip6_queue: resync dev-index based flushing
Patrick McHardy [Wed, 5 Dec 2007 09:26:18 +0000 (01:26 -0800)]
[NETFILTER]: ip6_queue: resync dev-index based flushing

Resync dev_cmp to take bridge devices into account.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: ip6_queue: deobfuscate entry lookups
Patrick McHardy [Wed, 5 Dec 2007 09:26:02 +0000 (01:26 -0800)]
[NETFILTER]: ip6_queue: deobfuscate entry lookups

A queue entry lookup currently looks like this:

ipq_find_dequeue_entry -> __ipq_find_dequeue_entry ->
__ipq_find_entry -> cmpfn -> id_cmp

Use simple open-coded list walking and kill the cmpfn for
ipq_find_dequeue_entry. Instead add it to ipq_flush (after
similar cleanups) and use ipq_flush for both complete flushes
and flushing entries related to a device.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: ip_queue: deobfuscate entry lookups
Patrick McHardy [Wed, 5 Dec 2007 09:25:46 +0000 (01:25 -0800)]
[NETFILTER]: ip_queue: deobfuscate entry lookups

A queue entry lookup currently looks like this:

ipq_find_dequeue_entry -> __ipq_find_dequeue_entry ->
__ipq_find_entry -> cmpfn -> id_cmp

Use simple open-coded list walking and kill the cmpfn for
ipq_find_dequeue_entry. Instead add it to ipq_flush (after
similar cleanups) and use ipq_flush for both complete flushes
and flushing entries related to a device.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: deobfuscate entry lookups
Patrick McHardy [Wed, 5 Dec 2007 09:25:30 +0000 (01:25 -0800)]
[NETFILTER]: nfnetlink_queue: deobfuscate entry lookups

A queue entry lookup currently looks like this:

find_dequeue_entry -> __find_dequeue_entry ->
__find_entry -> cmpfn -> id_cmp

Use simple open-coded list walking and kill the cmpfn for
find_dequeue_entry. Instead add it to nfqnl_flush (after
similar cleanups) and use nfqnl_flush for both complete
flushes and flushing entries related to a device.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: {nf_netlink,ip,ip6}_queue: use list_for_each_entry
Patrick McHardy [Wed, 5 Dec 2007 09:25:03 +0000 (01:25 -0800)]
[NETFILTER]: {nf_netlink,ip,ip6}_queue: use list_for_each_entry

Use list_add_tail/list_for_each_entry instead of list_add and
list_for_each_prev as a preparation for switching to RCU.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: move queueing related functions/struct to seperate header
Patrick McHardy [Wed, 5 Dec 2007 09:24:48 +0000 (01:24 -0800)]
[NETFILTER]: nf_queue: move queueing related functions/struct to seperate header

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: remove unused data pointer
Patrick McHardy [Wed, 5 Dec 2007 09:24:30 +0000 (01:24 -0800)]
[NETFILTER]: nf_queue: remove unused data pointer

Remove the data pointer from struct nf_queue_handler. It has never been used
and is useless for the only handler that really matters, nfnetlink_queue,
since the handler is shared between all instances.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: make queue_handler const
Patrick McHardy [Wed, 5 Dec 2007 09:23:57 +0000 (01:23 -0800)]
[NETFILTER]: nf_queue: make queue_handler const

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: remove unnecessary hook existance check
Patrick McHardy [Wed, 5 Dec 2007 09:23:41 +0000 (01:23 -0800)]
[NETFILTER]: nf_queue: remove unnecessary hook existance check

We hold a module reference for each queued packet, so the hook that
queued the packet can't disappear. Also remove an obsolete  comment
stating the opposite.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: minor cleanup
Patrick McHardy [Wed, 5 Dec 2007 09:23:17 +0000 (01:23 -0800)]
[NETFILTER]: nf_queue: minor cleanup

Clean up

if (x) y;

constructs. We've got nothing to hide :)

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: Mark hooks __read_mostly
Patrick McHardy [Wed, 5 Dec 2007 09:23:00 +0000 (01:23 -0800)]
[NETFILTER]: Mark hooks __read_mostly

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: Use nf_register_hooks for multiple registrations
Patrick McHardy [Wed, 5 Dec 2007 09:22:43 +0000 (01:22 -0800)]
[NETFILTER]: Use nf_register_hooks for multiple registrations

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_conntrack_proto_icmp: kill extern declaration in .c file
Patrick McHardy [Wed, 5 Dec 2007 09:22:24 +0000 (01:22 -0800)]
[NETFILTER]: nf_conntrack_proto_icmp: kill extern declaration in .c file

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_ct_h323: remove ipv6 module dependency
Patrick McHardy [Wed, 5 Dec 2007 09:22:05 +0000 (01:22 -0800)]
[NETFILTER]: nf_ct_h323: remove ipv6 module dependency

nf_conntrack_h323 needs ip6_route_output for the call forwarding filter.
Add a ->route function to nf_afinfo and use that to avoid pulling in the
ipv6 module.

Fix the #ifdef for the IPv6 code while I'm at it - the IPv6 support is
only needed when IPv6 conntrack is enabled.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: xt_hashlimit: remove ip6tables module dependency
Patrick McHardy [Wed, 5 Dec 2007 07:51:48 +0000 (23:51 -0800)]
[NETFILTER]: xt_hashlimit: remove ip6tables module dependency

Switch from ipv6_find_hdr to ipv6_skip_exthdr to avoid pulling in ip6_tables
and ipv6 when only using it for IPv4.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: {ip,ip6}t_LOG: log GID
Maciej Soltysiak [Wed, 5 Dec 2007 07:50:38 +0000 (23:50 -0800)]
[NETFILTER]: {ip,ip6}t_LOG: log GID

Log GID in addition to UID

Signed-off-by: Maciej Soltysiak <maciej.soltysiak@ae.poznan.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: x_tables: add rateest match
Patrick McHardy [Tue, 4 Dec 2007 12:02:19 +0000 (13:02 +0100)]
[NETFILTER]: x_tables: add rateest match

Add rate estimator match. The rate estimator match can match on
estimated rates by the RATEEST target. It supports matching on
absolute bps/pps values, comparing two rate estimators and matching
on the difference between two rate estimators.

This is what I use to route outgoing data connections from a FTP
server over two lines based on the  available bandwidth:

# estimate outgoing rates
iptables -t mangle -A POSTROUTING -o eth0 -j RATEEST --rateest-name eth0 \
                                                     --rateest-interval 250ms \
                                                     --rateest-ewma 0.5s
iptables -t mangle -A POSTROUTING -o ppp0 -j RATEEST --rateest-name ppp0 \
                                                     --rateest-interval 250ms \
                                                     --rateest-ewma 0.5s

# mark based on available bandwidth
iptables -t mangle -A BALANCE -m state --state NEW \
                              -m helper --helper ftp \
                              -m rateest --rateest-delta \
                                         --rateest1 eth0 \
                                         --rateest-bps1 2.5mbit \
                                         --rateest-gt \
                                         --rateest2 ppp0 \
                                         --rateest-bps2 2mbit \
                              -j CONNMARK --set-mark 0x1

iptables -t mangle -A BALANCE -m state --state NEW \
                              -m helper --helper ftp \
                              -m rateest --rateest-delta \
                                         --rateest1 ppp0 \
                                         --rateest-bps1 2mbit \
                                         --rateest-gt \
                                         --rateest2 eth0 \
                                         --rateest-bps2 2.5mbit \
                              -j CONNMARK --set-mark 0x2

iptables -t mangle -A BALANCE -j CONNMARK --restore-mark

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: x_tables: add RATEEST target
Patrick McHardy [Wed, 5 Dec 2007 07:40:05 +0000 (23:40 -0800)]
[NETFILTER]: x_tables: add RATEEST target

Add new rate estimator target (using gen_estimator). In combination with
the rateest match (next patch) this can be used for load-based multipath
routing.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: ip_tables: remove obsolete SAME target
Patrick McHardy [Wed, 5 Dec 2007 07:39:36 +0000 (23:39 -0800)]
[NETFILTER]: ip_tables: remove obsolete SAME target

Remove the ipt_SAME target as scheduled in feature-removal-schedule.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: IPv6 capable xt_TOS v1 target
Jan Engelhardt [Wed, 5 Dec 2007 07:39:09 +0000 (23:39 -0800)]
[NETFILTER]: IPv6 capable xt_TOS v1 target

Extends the xt_DSCP target by xt_TOS v1 to add support for selectively
setting and flipping any bit in the IPv4 TOS and IPv6 Priority fields.
(ipt_TOS and xt_DSCP only accepted a limited range of possible
values.)

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: IPv6 capable xt_tos v1 match
Jan Engelhardt [Wed, 5 Dec 2007 07:38:30 +0000 (23:38 -0800)]
[NETFILTER]: IPv6 capable xt_tos v1 match

Extends the xt_dscp match by xt_tos v1 to add support for selectively
matching any bit in the IPv4 TOS and IPv6 Priority fields. (ipt_tos
and xt_dscp only accepted a limited range of possible values.)

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: Merge ipt_TOS into xt_DSCP
Jan Engelhardt [Wed, 5 Dec 2007 07:38:13 +0000 (23:38 -0800)]
[NETFILTER]: Merge ipt_TOS into xt_DSCP

Merge ipt_TOS into xt_DSCP.

Merge ipt_TOS (tos v0 target) into xt_DSCP. They both modify the same
field in the IPv4 header, so it seems reasonable to keep them in one
piece. This is part two of the implicit 4-patch series to move tos to
xtables and extend it by IPv6.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: Merge ipt_tos into xt_dscp
Jan Engelhardt [Wed, 5 Dec 2007 07:37:54 +0000 (23:37 -0800)]
[NETFILTER]: Merge ipt_tos into xt_dscp

Merge ipt_tos into xt_dscp.

Merge ipt_tos (tos v0 match) into xt_dscp. They both match on the same
field in the IPv4 header, so it seems reasonable to keep them in one
piece. This is part one of the implicit 4-patch series to move tos to
xtables and extend it by IPv6.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Constify include/net/dsfield.h
Jan Engelhardt [Wed, 5 Dec 2007 07:37:29 +0000 (23:37 -0800)]
[NET]: Constify include/net/dsfield.h

Constify include/net/dsfield.h

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: Use lowercase names for matches in Kconfig
Jan Engelhardt [Wed, 5 Dec 2007 07:31:59 +0000 (23:31 -0800)]
[NETFILTER]: Use lowercase names for matches in Kconfig

Unify netfilter match kconfig descriptions

Consistently use lowercase for matches in kconfig one-line
descriptions and name the match module.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: ipt_addrtype: limit address type checking to an interface
Laszlo Attila Toth [Wed, 5 Dec 2007 07:30:18 +0000 (23:30 -0800)]
[NETFILTER]: ipt_addrtype: limit address type checking to an interface

Addrtype match has a new revision (1), which lets address type checking
limited to the interface the current packet belongs to. Either incoming
or outgoing interface can be used depending on the current hook. In the
FORWARD hook two maches should be used if both interfaces have to be checked.
The new structure is ipt_addrtype_info_v1.

Revision 0 lets older userspace programs use the match as earlier.
ipt_addrtype_info is used.

Signed-off-by: Laszlo Attila Toth <panther@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: Add inet_dev_addr_type()
Laszlo Attila Toth [Wed, 5 Dec 2007 07:28:46 +0000 (23:28 -0800)]
[IPV4]: Add inet_dev_addr_type()

Address type search can be limited to an interface by
inet_dev_addr_type function.

Signed-off-by: Laszlo Attila Toth <panther@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: merge ipt_owner/ip6t_owner in xt_owner
Jan Engelhardt [Wed, 5 Dec 2007 07:27:38 +0000 (23:27 -0800)]
[NETFILTER]: merge ipt_owner/ip6t_owner in xt_owner

xt_owner merges ipt_owner and ip6t_owner, and adds a flag to match
on socket (non-)existence.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: x_tables: remove obsolete overflow check
Patrick McHardy [Wed, 5 Dec 2007 07:25:26 +0000 (23:25 -0800)]
[NETFILTER]: x_tables: remove obsolete overflow check

We're not multiplying the size with the number of CPUs anymore, so the
check is obsolete.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: x_tables: struct xt_table_info diet
Eric Dumazet [Wed, 5 Dec 2007 07:24:56 +0000 (23:24 -0800)]
[NETFILTER]: x_tables: struct xt_table_info diet

Instead of using a big array of NR_CPUS entries, we can compute the size
needed at runtime, using nr_cpu_ids

This should save some ram (especially on David's machines where NR_CPUS=4096 :
32 KB can be saved per table, and 64KB for dynamically allocated ones (because
of slab/slub alignements) )

In particular, the 'bootstrap' tables are not any more static (in data
section) but on stack as their size is now very small.

This also should reduce the size used on stack in compat functions
(get_info() declares an automatic variable, that could be bigger than kernel
stack size for big NR_CPUS)

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: x_tables: consistent and unique symbol names
Jan Engelhardt [Wed, 5 Dec 2007 07:24:03 +0000 (23:24 -0800)]
[NETFILTER]: x_tables: consistent and unique symbol names

Give all Netfilter modules consistent and unique symbol names.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: replace list_for_each with list_for_each_entry
Li Zefan [Wed, 5 Dec 2007 07:22:26 +0000 (23:22 -0800)]
[NETFILTER]: replace list_for_each with list_for_each_entry

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: x_tables: add TCPOPTSTRIP target
Sven Schnelle [Wed, 5 Dec 2007 07:21:50 +0000 (23:21 -0800)]
[NETFILTER]: x_tables: add TCPOPTSTRIP target

Signed-off-by: Sven Schnelle <svens@bitebene.org>
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: netns compilation speedup
Denis V. Lunev [Tue, 4 Dec 2007 09:15:45 +0000 (01:15 -0800)]
[NET]: netns compilation speedup

This patch speedups compilation when net_namespace.h is changed.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETLINK]: af_netlink.c checkpatch cleanups
Patrick McHardy [Tue, 4 Dec 2007 08:19:38 +0000 (00:19 -0800)]
[NETLINK]: af_netlink.c checkpatch cleanups

Fix large number of checkpatch errors.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPSEC]: Use the correct family for input state lookup
Herbert Xu [Tue, 4 Dec 2007 06:54:12 +0000 (22:54 -0800)]
[IPSEC]: Use the correct family for input state lookup

When merging the input paths of IPsec I accidentally left a hard-coded
AF_INET for the state lookup call.  This broke IPv6 obviously.  This
patch fixes by getting the input callers to specify the family through
skb->cb.

Credit goes to Kazunori Miyazawa for diagnosing this and providing an
initial patch.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[UDP]: Counter increment should be in USER mode for recvmsg
Wang Chen [Mon, 3 Dec 2007 11:36:13 +0000 (22:36 +1100)]
[UDP]: Counter increment should be in USER mode for recvmsg

System calls should be USER. So change the BH to USER for
UDP*_INC_STATS_BH().

Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[UDP]: Clean up for IS_UDPLITE macro
Wang Chen [Mon, 3 Dec 2007 11:34:16 +0000 (22:34 +1100)]
[UDP]: Clean up for IS_UDPLITE macro

Since we have macro IS_UDPLITE, we can use it.

Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[UDP]: Defer InDataGrams increment until recvmsg() does checksum
Wang Chen [Mon, 3 Dec 2007 11:33:28 +0000 (22:33 +1100)]
[UDP]: Defer InDataGrams increment until recvmsg() does checksum

Thanks dave, herbert, gerrit, andi and other people for your
discussion about this problem.

UdpInDatagrams can be confusing because it counts packets that
might be dropped later.
Move UdpInDatagrams into recvmsg() as allowed by the RFC.

Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: Abstract tp->highest_sack accessing & point to next skb
Ilpo Järvinen [Sat, 1 Dec 2007 22:48:06 +0000 (00:48 +0200)]
[TCP]: Abstract tp->highest_sack accessing & point to next skb

Pointing to the next skb is necessary to avoid referencing
already SACKed skbs which will soon be on a separate list.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: Cleanup local variables of clean_rtx_queue
Ilpo Järvinen [Sun, 30 Dec 2007 12:37:55 +0000 (04:37 -0800)]
[TCP]: Cleanup local variables of clean_rtx_queue

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: Add unlikely() to urgent handling in clean_rtx_queue
Ilpo Järvinen [Sat, 1 Dec 2007 22:48:04 +0000 (00:48 +0200)]
[TCP]: Add unlikely() to urgent handling in clean_rtx_queue

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: Remove duplicated code block from clean_rtx_queue
Ilpo Järvinen [Sun, 30 Dec 2007 12:35:27 +0000 (04:35 -0800)]
[TCP]: Remove duplicated code block from clean_rtx_queue

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: Add tcp_for_write_queue_from_safe and use it in mtu_probe
Ilpo Järvinen [Sat, 1 Dec 2007 22:48:02 +0000 (00:48 +0200)]
[TCP]: Add tcp_for_write_queue_from_safe and use it in mtu_probe

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: Remove local variable and use packets_in_flight directly
Ilpo Järvinen [Sat, 1 Dec 2007 22:48:01 +0000 (00:48 +0200)]
[TCP]: Remove local variable and use packets_in_flight directly

Lines won't be that long and it's compiler's job to optimize
them.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: MTUprobe: prepare skb fields earlier
Ilpo Järvinen [Sat, 1 Dec 2007 22:48:00 +0000 (00:48 +0200)]
[TCP]: MTUprobe: prepare skb fields earlier

They better be valid when call to write_queue functions is made
once things that follow are going in.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid
Ilpo Järvinen [Sat, 1 Dec 2007 22:47:59 +0000 (00:47 +0200)]
[TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: Unite identical code from two seqno split blocks
Ilpo Järvinen [Sat, 1 Dec 2007 22:47:58 +0000 (00:47 +0200)]
[TCP]: Unite identical code from two seqno split blocks

Bogus seqno compares just mislead, the code is identical for
both sides of the seqno compare (and was even executed just
once because of return in between).

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: Remove superflucious FLAG_DATA_SACKED
Ilpo Järvinen [Sat, 1 Dec 2007 22:47:57 +0000 (00:47 +0200)]
[TCP]: Remove superflucious FLAG_DATA_SACKED

To get there, highest_sack must have advanced. When it advances,
a new skb is SACKed, which already sets that FLAG. Besides, the
original purpose of it has puzzled me, never understood why
LOST bit setting of retransmitted skb is marked with
FLAG_DATA_SACKED.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: Move LOSTRETRANS MIB outside !(L|S) check
Ilpo Järvinen [Sat, 1 Dec 2007 22:47:56 +0000 (00:47 +0200)]
[TCP]: Move LOSTRETRANS MIB outside !(L|S) check

Usually those skbs will have L set, not counting them as lost
retransmissions is misleading.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Use ctl paths to register addrconf sysctls
Pavel Emelyanov [Sat, 1 Dec 2007 13:59:38 +0000 (00:59 +1100)]
[IPV6]: Use ctl paths to register addrconf sysctls

This looks very much like the patch for ipv4's devinet.

This is also intended to help us with the net namespaces
and saves the ipv6.ko size by ~320 bytes.

The difference from the first version is just the patch
offsets, that changed due to changes in the patch #2.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Unify and cleanup calls to addrconf_sysctl_register
Pavel Emelyanov [Sat, 1 Dec 2007 13:58:37 +0000 (00:58 +1100)]
[IPV6]: Unify and cleanup calls to addrconf_sysctl_register

Currently this call is (ab)used similar to devinet one - it
registers sysctls for devices and for the "default" confs, while
the "all" sysctls are registered separately. But unlike its
devinet brother, the passed inet6_device is needed.

The fix is to make a __addrconf_sysctl_register(), which registers
sysctls for all "devices" we need, including "default" and "all" :)

The original addrconf_sysctl_register() calls the introduced
function, passing the inet6_device, device name and ifindex (to
be used as procname and ctl_name) into it.

Thanks to Herbert again for pointing out, that we can shrink the
argument list to 1 :)

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: Use ctl paths to register devinet sysctls
Pavel Emelyanov [Sat, 1 Dec 2007 13:57:08 +0000 (00:57 +1100)]
[IPV4]: Use ctl paths to register devinet sysctls

This looks very much like the patch for neighbors.

The path is also located on the stack and is prepared
inside the function. This time, the call to the registering
function is guarded with the RTNL lock, but I decided
to keep it on the stack not to litter the devinet.c file
with unneeded names and to make it look similar to the
neighbors code.

This is also intended to help us with the net namespaces
and saves the vmlinux size as well - this time by more
than 670 bytes.

The difference from the first version is just the patch
offsets, that changed due to changes in the patch #2.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: Unify and cleanup calls to devinet_sysctl_register
Pavel Emelyanov [Sat, 1 Dec 2007 13:55:54 +0000 (00:55 +1100)]
[IPV4]: Unify and cleanup calls to devinet_sysctl_register

Currently this call is used to register sysctls for devices
and for the "default" confs. The "all" sysctls are registered
separately.

Besides, the inet_device is passed to this function, but it is
not needed there at all - just the device name and ifindex are
required.

Thanks to Herbert, who noticed, that this call doesn't even
require the devconf pointer (the last argument) - all we need
we can take from the in_device itself.

The fix is to make a __devinet_sysctl_register(), which registers
sysctls for all "devices" we need, including "default" and "all" :)

The original devinet_sysctl_register() works with struct net_device,
not the inet_device, and calls the introduced function, passing
the device name and ifindex (to be used as procname and ctl_name)
into it.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agosoftmac: mark as obsolete and schedule for removal
John W. Linville [Wed, 21 Nov 2007 20:24:35 +0000 (15:24 -0500)]
softmac: mark as obsolete and schedule for removal

Schedule softmac for for removal in the 2.6.26 development window.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agobcm43xx: mark as obsolete and schedule for removal
John W. Linville [Mon, 28 Jan 2008 06:48:37 +0000 (22:48 -0800)]
bcm43xx: mark as obsolete and schedule for removal

Schedule bcm43xx for for removal in the 2.6.26 development window.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomac80211: remove "bcn_int" and "capab" scan results info
John W. Linville [Wed, 21 Nov 2007 16:54:22 +0000 (11:54 -0500)]
mac80211: remove "bcn_int" and "capab" scan results info

These bits were dead code before "mac80211: Remove local->scan_flags"
(commit 6681dd3fd0e4d36a4547415853e83411baa7b705) and probably should
have been removed as part of that commit.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomac80211: move A-MSDU identifier to flags
Ron Rindjunsky [Thu, 29 Nov 2007 08:35:53 +0000 (10:35 +0200)]
mac80211: move A-MSDU identifier to flags

This patch moves u8 amsdu_frame in ieee80211_txrx_data to the flags
section as IEEE80211_TXRXD_RX_AMSDU

Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomac80211: adding 802.11n configuration flows
Ron Rindjunsky [Mon, 26 Nov 2007 14:14:34 +0000 (16:14 +0200)]
mac80211: adding 802.11n configuration flows

This patch configures the 802.11n mode of operation
internally in ieee80211_conf structure and in the low-level
driver as well (through op conf_ht).
It does not include AP configuration flows.

Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomac80211: adding 802.11n essential A-MSDU Rx capability
Ron Rindjunsky [Mon, 26 Nov 2007 14:14:33 +0000 (16:14 +0200)]
mac80211: adding 802.11n essential A-MSDU Rx capability

This patch adds the ability to receive and handle A-MSDU frames.

Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomac80211: adding 802.11n essential A-MPDU addBA capability
Ron Rindjunsky [Mon, 26 Nov 2007 14:14:32 +0000 (16:14 +0200)]
mac80211: adding 802.11n essential A-MPDU addBA capability

This patch adds the capability to identify and answer an add block ACK
request.
As this series of patches only adds HT handling with no aggregations,
(A-MPDU aggregations acceptance is not obligatory according to 802.11n
draft) we are currently sending back a refusal upon this request.

Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomac80211: adding 802.11n IEs handling
Ron Rindjunsky [Mon, 26 Nov 2007 14:14:31 +0000 (16:14 +0200)]
mac80211: adding 802.11n IEs handling

This patch presents the ability to parse and compose HT IEs, and to put
the IE relevant data inside the mac80211's internal HT structures

Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomac80211: adding 802.11n HT framework definitions
Ron Rindjunsky [Mon, 26 Nov 2007 14:14:30 +0000 (16:14 +0200)]
mac80211: adding 802.11n HT framework definitions

New structures:
 - ieee80211_ht_info: describing STA's HT capabilities
 - ieee80211_ht_bss_info: describing BSS's HT characteristics
Changed structures:
 - ieee80211_hw_mode: now also holds PHY HT capabilities for each HW mode
 - ieee80211_conf: ht_conf holds current self HT configuration
                   ht_bss_conf holds current BSS HT configuration
 - flag IEEE80211_CONF_SUPPORT_HT_MODE added to indicate if HT use is
   desired
 - sta_info: now also holds Peer's HT capabilities

Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomac80211: adding MAC80211_HT_DEBUG config variable
Ron Rindjunsky [Mon, 17 Dec 2007 00:09:26 +0000 (16:09 -0800)]
mac80211: adding MAC80211_HT_DEBUG config variable

This patch adds MAC80211_HT_DEBUG config variable
to separate HT debug features

Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomac80211: allow setting drop_unencrypted with wext
Johannes Berg [Wed, 28 Nov 2007 10:04:21 +0000 (11:04 +0100)]
mac80211: allow setting drop_unencrypted with wext

This patch allows wpa_supplicant to set the drop_unencrypted setting in
mac80211.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomac80211: make ieee80211_iterate_active_interfaces not need rtnl
Johannes Berg [Wed, 28 Nov 2007 09:55:32 +0000 (10:55 +0100)]
mac80211: make ieee80211_iterate_active_interfaces not need rtnl

Interface iteration in mac80211 can be done without holding any
locks because I converted it to RCU. Initially, I thought this
wouldn't be needed for ieee80211_iterate_active_interfaces but
it's turning out that multi-BSS AP support can be much simpler
in a driver if ieee80211_iterate_active_interfaces can be called
without holding locks. This converts it to use RCU, it adds a
requirement that the callback it invokes cannot sleep.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomac80211: restructuring data Rx handlers
Ron Rindjunsky [Thu, 22 Nov 2007 17:49:12 +0000 (19:49 +0200)]
mac80211: restructuring data Rx handlers

This patch restructures the Rx handlers chain by incorporating previously
handlers ieee80211_rx_h_802_1x_pae and ieee80211_rx_h_drop_unencrypted
into ieee80211_rx_h_data, already in 802.3 form. this scheme follows more
precisely after the IEEE802.11 data plane archituecture, and will prevent
code duplication to IEEE8021.11n A-MSDU handler.

added function:
 - ieee80211_data_to_8023: transfering 802.11 data frames to 802.3 frame
 - ieee80211_deliver_skb: delivering the 802.3 frames to upper stack
eliminated handlers:
 - ieee80211_rx_h_drop_unencrypted: now function ieee80211_drop_unencrypted
 - ieee80211_rx_h_802_1x_pae: now function ieee80211_802_1x_pae
changed handlers:
 - ieee80211_rx_h_data: now contains calls to four above function

Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomac80211: hardware scan rework
Zhu Yi [Thu, 22 Nov 2007 02:53:21 +0000 (10:53 +0800)]
mac80211: hardware scan rework

The scan code in mac80211 makes the software scan assumption in various
places. For example, we stop the Tx queue during a software scan so that
all the Tx packets will be queued by the stack. We also drop frames not
related to scan in the software scan process. But these are not true for
hardware scan.

Some wireless hardwares (for example iwl3945/4965) has the ability to
perform the whole scan process by hardware and/or firmware. The hardware
scan is relative powerful in that it tries to maintain normal network
traffic while doing a scan in the background. Some drivers (i.e iwlwifi)
do provide a way to tune the hardware scan parameters (for example if the
STA is associated, what's the max time could the STA leave from the
associated channel, how long the scans get suspended after returning to
the service channel, etc). But basically this is transparent to the
stack. mac80211 should not stop Tx queues or drop Rx packets during a
hardware scan.

This patch resolves the above problem by spliting the current scan
indicator local->sta_scanning into local->sta_sw_scanning and
local->sta_hw_scanning. It then changes the scan related code to be aware
of hardware scan or software scan in various places. With this patch,
iwlwifi performs much better in the scan-while-associated condition and
disable_hw_scan=1 should never be required.

Cc: Mohamed Abbas <mohamed.abbas@intel.com>
Cc: Ben Cahill <ben.m.cahill@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Cleanup the addconf_sysctl_register
Pavel Emelyanov [Sat, 1 Dec 2007 13:21:52 +0000 (00:21 +1100)]
[IPV6]: Cleanup the addconf_sysctl_register

This only includes fixing the space-indented lines and
removing one unneeded else after the goto.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: Cleanup the devinet_sysctl_register
Pavel Emelyanov [Sat, 1 Dec 2007 13:17:46 +0000 (00:17 +1100)]
[IPV4]: Cleanup the devinet_sysctl_register

I moved the call to kmalloc() from the *t declaration into
the code (this is confusing when a variable is initialized
with the result of some call) and removed unneeded comment
near the error path. Just like I did with the neigh ctl-s.

Besides, I fixed the goto's and the labels - they were indented
with spaces :(

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NEIGH]: Use the ctl paths to create neighbours sysctls
Pavel Emelyanov [Sat, 1 Dec 2007 13:08:16 +0000 (00:08 +1100)]
[NEIGH]: Use the ctl paths to create neighbours sysctls

The appropriate path is prepared right inside this function. It
is prepared similar to how the ctl tables were.

Since the path is modified, it is put on the stack, to avoid
possible races with multiple calls to neigh_sysctl_register() : it
is called by protocols and I didn't find any protection in this
case. Did I overlooked the rtnl lock?.

The stack growth of the neigh_sysctl_register() is 40 bytes. I
believe this is OK, since this is not that much and this function
is not called with the deep stack (device/protocols register).

The device's name is stored on the template to free it later.

This will help with the net namespaces, as each namespace should
have its own set of these ctls.

Besides, this saves ~350 bytes from the neigh template :)

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NEIGH]: Cleanup the neigh_sysctl_register
Pavel Emelyanov [Sat, 1 Dec 2007 13:06:34 +0000 (00:06 +1100)]
[NEIGH]: Cleanup the neigh_sysctl_register

This mainly removes the err variable, as this call always
return the same error code (-ENOBUFS).

Besides, I moved the call to kmalloc() from the *t declaration
into the code (this is confusing when a variable is initialized
with the result of some call) and removed unneeded comment near
the error path.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[UNIX]: Make the unix sysctl tables per-namespace
Pavel Emelyanov [Sat, 1 Dec 2007 12:51:01 +0000 (23:51 +1100)]
[UNIX]: Make the unix sysctl tables per-namespace

This is the core.

 * add the ctl_table_header on the struct net;
 * make the unix_sysctl_register and _unregister clone the table;
 * moves calls to them into per-net init and exit callbacks;
 * move the .data pointer in the proper place.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[UNIX]: Use ctl paths to register unix ctl tables
Pavel Emelyanov [Sat, 1 Dec 2007 12:45:41 +0000 (23:45 +1100)]
[UNIX]: Use ctl paths to register unix ctl tables

Unlike previous ones, this patch is useful by its own,
as it decreases the vmlinux size :)

But it will be used later, when the per-namespace sysctl
is added.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[UNIX]: Move the sysctl_unix_max_dgram_qlen
Pavel Emelyanov [Sat, 1 Dec 2007 12:44:15 +0000 (23:44 +1100)]
[UNIX]: Move the sysctl_unix_max_dgram_qlen

This will make all the sub-namespaces always use the
default value (10) and leave the tuning via sysctl
to the init namespace only.

Per-namespace tuning is coming.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[UNIX]: Extend unix_sysctl_(un)register prototypes
Pavel Emelyanov [Sat, 1 Dec 2007 12:40:40 +0000 (23:40 +1100)]
[UNIX]: Extend unix_sysctl_(un)register prototypes

Add the struct net * argument to both of them to use in
the future. Also make the register one return an error code.

It is useless right now, but will make the future patches
much simpler.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[DECNET]: Remove extra memset from dn_fib_check_nh
Denis V. Lunev [Sat, 1 Dec 2007 12:31:02 +0000 (23:31 +1100)]
[DECNET]: Remove extra memset from dn_fib_check_nh

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPSEC]: SPD auditing fix to include the netmask/prefix-length
Paul Moore [Sat, 1 Dec 2007 12:27:18 +0000 (23:27 +1100)]
[IPSEC]: SPD auditing fix to include the netmask/prefix-length

Currently the netmask/prefix-length of an IPsec SPD entry is not included in
any of the SPD related audit messages.  This can cause a problem when the
audit log is examined as the netmask/prefix-length is vital in determining
what network traffic is affected by a particular SPD entry.  This patch fixes
this problem by adding two additional fields, "src_prefixlen" and
"dst_prefixlen", to the SPD audit messages to indicate the source and
destination netmasks.  These new fields are only included in the audit message
when the netmask/prefix-length is less than the address length, i.e. the SPD
entry applies to a network address and not a host address.

Example audit message:

 type=UNKNOWN[1415] msg=audit(1196105849.752:25): auid=0 \
   subj=root:system_r:unconfined_t:s0-s0:c0.c1023 op=SPD-add res=1 \
   src=192.168.0.0 src_prefixlen=24 dst=192.168.1.0 dst_prefixlen=24

In addition, this patch also fixes a few other things in the
xfrm_audit_common_policyinfo() function.  The IPv4 string formatting was
converted to use the standard NIPQUAD_FMT constant, the memcpy() was removed
from the IPv6 code path and replaced with a typecast (the memcpy() was acting
as a slow, implicit typecast anyway), and two local variables were created to
make referencing the XFRM security context and selector information cleaner.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TFRC]: Hide tx history details from the CCIDs
Arnaldo Carvalho de Melo [Fri, 30 Nov 2007 00:47:15 +0000 (22:47 -0200)]
[TFRC]: Hide tx history details from the CCIDs

Based on a previous patch by Gerrit Renker.

Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Implement the per network namespace sysctl infrastructure
Eric W. Biederman [Fri, 30 Nov 2007 12:55:42 +0000 (23:55 +1100)]
[NET]: Implement the per network namespace sysctl infrastructure

The user interface is: register_net_sysctl_table and
unregister_net_sysctl_table.  Very much like the current
interface except there is a network namespace parameter.

With this any sysctl registered with register_net_sysctl_table
will only show up to tasks in the same network namespace.

All other sysctls continue to be globally visible.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Cc: Daniel Lezcano <dlezcano@fr.ibm.com>
Cc: Cedric Le Goater <clg@fr.ibm.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agosysctl: Infrastructure for per namespace sysctls
Eric W. Biederman [Fri, 30 Nov 2007 12:54:00 +0000 (23:54 +1100)]
sysctl: Infrastructure for per namespace sysctls

This patch implements the basic infrastructure for per namespace sysctls.

A list of lists of sysctl headers is added, allowing each namespace to have
it's own list of sysctl headers.

Each list of sysctl headers has a lookup function to find the first
sysctl header in the list, allowing the lists to have a per namespace
instance.

register_sysct_root is added to tell sysctl.c about additional
lists of sysctl_headers.  As all of the users are expected to be in
kernel no unregister function is provided.

sysctl_head_next is updated to walk through the list of lists.

__register_sysctl_paths is added to add a new sysctl table on
a non-default sysctl list.

The only intrusive part of this patch is propagating the information
to decided which list of sysctls to use for sysctl_check_table.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Cc: Daniel Lezcano <dlezcano@fr.ibm.com>
Cc: Cedric Le Goater <clg@fr.ibm.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agosysctl: Remember the ctl_table we passed to register_sysctl_paths
Eric W. Biederman [Fri, 30 Nov 2007 12:52:10 +0000 (23:52 +1100)]
sysctl: Remember the ctl_table we passed to register_sysctl_paths

By doing this we allow users of register_sysctl_paths that build
and dynamically allocate their ctl_table to be simpler.  This allows
them to just remember the ctl_table_header returned from
register_sysctl_paths from which they can now find the
ctl_table array they need to free.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Cc: Daniel Lezcano <dlezcano@fr.ibm.com>
Cc: Cedric Le Goater <clg@fr.ibm.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agosysctl: Add register_sysctl_paths function
Eric W. Biederman [Fri, 30 Nov 2007 12:50:18 +0000 (23:50 +1100)]
sysctl: Add register_sysctl_paths function

There are a number of modules that register a sysctl table
somewhere deeply nested in the sysctl hierarchy, such as
fs/nfs, fs/xfs, dev/cdrom, etc.

They all specify several dummy ctl_tables for the path name.
This patch implements register_sysctl_path that takes
an additional path name, and makes up dummy sysctl nodes
for each component.

This patch was originally written by Olaf Kirch and
brought to my attention and reworked some by Olaf Hering.
I have changed a few additional things so the bugs are mine.

After converting all of the easy callers Olaf Hering observed
allyesconfig ARCH=i386, the patch reduces the final binary size by 9369 bytes.

.text +897
.data -7008

   text    data     bss     dec     hex filename
   26959310        4045899 4718592 35723801        2211a19 ../vmlinux-vanilla
   26960207        4038891 4718592 35717690        221023a ../O-allyesconfig/vmlinux

So this change is both a space savings and a code simplification.

CC: Olaf Kirch <okir@suse.de>
CC: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Cc: Daniel Lezcano <dlezcano@fr.ibm.com>
Cc: Cedric Le Goater <clg@fr.ibm.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: Convert old checksum helper names
Patrick McHardy [Thu, 29 Nov 2007 14:17:11 +0000 (01:17 +1100)]
[NETFILTER]: Convert old checksum helper names

Kill the defines again, convert to the new checksum helper names and
remove the dependency of NET_ACT_NAT on NETFILTER.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Move netfilter checksum helpers to net/core/utils.c
Patrick McHardy [Thu, 29 Nov 2007 14:14:30 +0000 (01:14 +1100)]
[NET]: Move netfilter checksum helpers to net/core/utils.c

This allows to get rid of the CONFIG_NETFILTER dependency of NET_ACT_NAT.
This patch redefines the old names to keep the noise low, the next patch
converts all users.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[DCCP]: Remove duplicate test for CloseReq
Gerrit Renker [Wed, 28 Nov 2007 14:06:04 +0000 (12:06 -0200)]
[DCCP]: Remove duplicate test for CloseReq

This removes a redundant test for unexpected packet types. In dccp_rcv_state_process
it is tested twice whether a DCCP-server has received a CloseReq (Step 7):

 * first in the combined if-statement,
 * then in the call to dccp_rcv_closereq().

The latter is necesssary since dccp_rcv_closereq() is also called from
__dccp_rcv_established().

This patch removes the duplicate test.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[DCCP]: Integrate state transitions for passive-close
Gerrit Renker [Wed, 28 Nov 2007 13:59:48 +0000 (11:59 -0200)]
[DCCP]: Integrate state transitions for passive-close

This adds the necessary state transitions for the two forms of passive-close

 * PASSIVE_CLOSE    - which is entered when a host   receives a Close;
 * PASSIVE_CLOSEREQ - which is entered when a client receives a CloseReq.

Here is a detailed account of what the patch does in each state.

1) Receiving CloseReq

  The pseudo-code in 8.5 says:

     Step 13: Process CloseReq
          If P.type == CloseReq and S.state < CLOSEREQ,
              Generate Close
              S.state := CLOSING
              Set CLOSING timer.

  This means we need to address what to do in CLOSED, LISTEN, REQUEST, RESPOND, PARTOPEN, and OPEN.

   * CLOSED:         silently ignore - it may be a late or duplicate CloseReq;
   * LISTEN/RESPOND: will not appear, since Step 7 is performed first (we know we are the client);
   * REQUEST:        perform Step 13 directly (no need to enqueue packet);
   * OPEN/PARTOPEN:  enter PASSIVE_CLOSEREQ so that the application has a chance to process unread data.

  When already in PASSIVE_CLOSEREQ, no second CloseReq is enqueued. In any other state, the CloseReq is ignored.
  I think that this offers some robustness against rare and pathological cases: e.g. a simultaneous close where
  the client sends a Close and the server a CloseReq. The client will then be retransmitting its Close until it
  gets the Reset, so ignoring the CloseReq while in state CLOSING is sane.

2) Receiving Close

  The code below from 8.5 is unconditional.

     Step 14: Process Close
          If P.type == Close,
              Generate Reset(Closed)
              Tear down connection
              Drop packet and return

  Thus we need to consider all states:
   * CLOSED:           silently ignore, since this can happen when a retransmitted or late Close arrives;
   * LISTEN:           dccp_rcv_state_process() will generate a Reset ("No Connection");
   * REQUEST:          perform Step 14 directly (no need to enqueue packet);
   * RESPOND:          dccp_check_req() will generate a Reset ("Packet Error") -- left it at that;
   * OPEN/PARTOPEN:    enter PASSIVE_CLOSE so that application has a chance to process unread data;
   * CLOSEREQ:         server performed active-close -- perform Step 14;
   * CLOSING:          simultaneous-close: use a tie-breaker to avoid message ping-pong (see comment);
   * PASSIVE_CLOSEREQ: ignore - the peer has a bug (sending first a CloseReq and now a Close);
   * TIMEWAIT:         packet is ignored.

   Note that the condition of receiving a packet in state CLOSED here is different from the condition "there
   is no socket for such a connection": the socket still exists, but its state indicates it is unusable.

   Last, dccp_finish_passive_close sets either DCCP_CLOSED or DCCP_CLOSING = TCP_CLOSING, so that
   sk_stream_wait_close() will wait for the final Reset (which will trigger CLOSING => CLOSED).

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>