Al Viro [Tue, 21 Nov 2006 01:08:09 +0000 (17:08 -0800)]
[SCTP]: Switch sctp_endpoint_is_match() to net-endian.
The only caller (__sctp_rcv_lookup_endpoint()) also switched,
its caller adjusted
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:07:48 +0000 (17:07 -0800)]
[SCTP]: Switch sctp_del_bind_addr() to net-endian.
Callers adjusted.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:07:25 +0000 (17:07 -0800)]
[SCTP]: Switch address inside the heartbeat opaque data to net-endian.
Its only use happens on the same host, when it gets quoted back to
us. So we are free to flip to net-endian and avoid extra PITA.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:07:06 +0000 (17:07 -0800)]
[SCTP]: Switch sctp_assoc_lookup_paddr() to net-endian.
Callers updated.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:06:45 +0000 (17:06 -0800)]
[SCTP]: sctp_assoc_del_peer() switched to net-endian.
Callers adjusted.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:06:24 +0000 (17:06 -0800)]
[SCTP]: Annotate ->dst_saddr()
switched to taking a pointer to net-endian sctp_addr
and a net-endian port number. Instances and callers
adjusted; interestingly enough, the only calls are
direct calls of specific instances - the method is not
used at all.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:06:04 +0000 (17:06 -0800)]
[SCTP]: Switch ->primary_addr to net-endian.
Users adjusted.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:05:43 +0000 (17:05 -0800)]
[SCTP]: Switch sctp_bind_addr_match() to net-endian.
Callers adjusted.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:05:23 +0000 (17:05 -0800)]
[SCTP]: Switch ->cmp_addr() and sctp_cmp_addr_exact() to net-endian.
instances of ->cmp_addr() are fine with switching both arguments
to net-endian; callers other than in sctp_cmp_addr_exact() (both
as ->cmp_addr(...) and direct calls of instances) adjusted;
sctp_cmp_addr_exact() switched to net-endian itself and adjustment
is done in its callers
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:04:59 +0000 (17:04 -0800)]
[SCTP]: Pass net-endian to ->seq_dump_addr()
No actual modifications of method instances are needed -
they don't look at port numbers. Switch callers...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:04:42 +0000 (17:04 -0800)]
[SCTP] embedded sctp_addr: net-endian mirrors
Add sctp_chunk->source, sctp_sockaddr_entry->a, sctp_transport->ipaddr
and sctp_transport->saddr, maintain them as net-endian mirrors of
their host-endian counterparts.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:04:10 +0000 (17:04 -0800)]
[SCTP]: Beginning of conversion to net-endian for embedded sctp_addr.
Part 1: rename sctp_chunk->source, sctp_sockaddr_entry->a,
sctp_transport->ipaddr and sctp_transport->saddr (to ..._h)
The next patch will reintroduce these fields and keep them as
net-endian mirrors of the original (renamed) ones. Split in
two patches to make sure that we hadn't forgotten any instanes.
Later in the series we'll eliminate uses of host-endian variants
(basically switching users to net-endian counterparts as we
progress through that mess). Then host-endian ones will die.
Other embedded host-endian sctp_addr will be easier to switch
directly, so we leave them alone for now.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:03:18 +0000 (17:03 -0800)]
[SCTP] bug: endianness problem in sctp_getsockopt_sctp_status()
Again, invalid sockaddr passed to userland - host-endiand sin_port.
Potential leak, again, but less dramatic than in previous case.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:03:01 +0000 (17:03 -0800)]
[SCTP] bug: sctp_assoc_control_transport() breakage
a) struct sockaddr_storage * passed to sctp_ulpevent_make_peer_addr_change()
actually points at union sctp_addr field in a structure. Then that sucker
gets copied to userland, with whatever junk we might have there.
b) it's actually having host-endian sin_port.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:02:40 +0000 (17:02 -0800)]
[SCTP] bug: sctp_find_unmatch_addr() compares net-endian to host-endian
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:02:22 +0000 (17:02 -0800)]
[SCTP] bug: sctp_assoc_lookup_laddr() is broken with ipv6.
It expects (and gets) laddr with net-endian sin_port. And then it calls
sctp_bind_addr_match(), which *does* care about port numbers in case of
ipv6 and expects them to be host-endian.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:02:01 +0000 (17:02 -0800)]
[SCTP]: Beginning of sin_port fixes.
That's going to be a long series. Introduced temporary helpers
doing copy-and-convert for sctp_addr; they are used to kill
flip-in-place in global data structures and will be used
to gradually push host-endian uses of sctp_addr out of existence.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:01:42 +0000 (17:01 -0800)]
[SCTP]: Trivial sctp endianness annotations.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:01:23 +0000 (17:01 -0800)]
[SCTP]: Annotate tsn_dups.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:01:06 +0000 (17:01 -0800)]
[SCTP]: SCTP_CMD_ASSOC_FAILED annotations.
also always get __be16 protocol error; switch to SCTP_PERR()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:00:44 +0000 (17:00 -0800)]
[SCTP]: SCTP_CMD_INIT_FAILED annotations.
argument stored for SCTP_CMD_INIT_FAILED is always __be16
(protocol error). Introduced new field and accessor for
it (SCTP_PERR()); switched to their use (from SCTP_U32() and
.u32)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:00:25 +0000 (17:00 -0800)]
[SCTP]: sctp_stop_t1_and_abort() annotations.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 01:00:05 +0000 (17:00 -0800)]
[SCTP]: sctp_make_op_error() annotations.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 00:59:45 +0000 (16:59 -0800)]
[SCTP]: Annotate sctp_init_cause().
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Tue, 21 Nov 2006 00:59:12 +0000 (16:59 -0800)]
[SCTP]: Annotate SCTP headers.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Adrian Bunk [Tue, 21 Nov 2006 00:56:48 +0000 (16:56 -0800)]
[IPV6] net/ipv6/sit.c: make 2 functions static
This patch makes two needlessly global functions static.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jamal Hadi Salim [Tue, 21 Nov 2006 00:51:22 +0000 (16:51 -0800)]
[XFRM]: Make copy_to_user_policy_type take a type
Make copy_to_user_policy_type take a type instead a policy and
fix its users to pass the type
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 21 Nov 2006 00:20:22 +0000 (16:20 -0800)]
[BRIDGE] netlink: Convert bridge netlink code to new netlink interface
Removes dependency on buggy rta_buf, fixes a memory corruption bug due to
a unvalidated netlink attribute, and simplifies the code.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ian McDonald [Mon, 20 Nov 2006 21:19:32 +0000 (19:19 -0200)]
[DCCP]: Adds the tx buffer sysctls
This one got lost on the way from Ian to Gerrit to me, fix it.
Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Ian McDonald [Mon, 20 Nov 2006 20:44:03 +0000 (18:44 -0200)]
[DCCP] CCID3: Remove non-referenced variable
This removes a non-referenced variable.
Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Ian McDonald [Mon, 20 Nov 2006 20:42:45 +0000 (18:42 -0200)]
[DCCP]: Update Documentation
This patch just updates DCCP documentation a bit.
Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Ian McDonald [Mon, 20 Nov 2006 20:41:37 +0000 (18:41 -0200)]
[DCCP]: Make dccp_probe more portable
This makes the code of the dccp_probe module more portable.
Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Gerrit Renker [Mon, 20 Nov 2006 20:40:42 +0000 (18:40 -0200)]
[CCID 3]: Add annotations for socket structures
This adds documentation to the CCID 3 rx/tx socket fields, plus some
minor re-formatting.
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Gerrit Renker [Mon, 20 Nov 2006 20:39:23 +0000 (18:39 -0200)]
[DCCP]: Simplified conditions due to use of enum:8 states
This reaps the benefit of the earlier patch, which changed the type of
CCID 3 states to use enums, in that many conditions are now simplified
and the number of possible (unexpected) values is greatly reduced.
In a few instances, this also allowed to simplify pre-conditions; where
care has been taken to retain logical equivalence.
[DCCP]: Introduce a consistent BUG/WARN message scheme
This refines the existing set of DCCP messages so that
* BUG(), BUG_ON(), WARN_ON() have meaningful DCCP-specific counterparts
* DCCP_CRIT (for severe warnings) is not rate-limited
* DCCP_WARN() is introduced as rate-limited wrapper
Using these allows a faster and cleaner transition to their original
counterparts once the code has matured into a full DCCP implementation.
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Ian McDonald [Mon, 20 Nov 2006 20:30:17 +0000 (18:30 -0200)]
[DCCP]: Set TX Queue Length Bounds via Sysctl
Previously the transmit queue was unbounded.
This patch:
* puts a limit on transmit queue length
and sends back EAGAIN if the buffer is full
* sets the TX queue length to a sensible default
* implements tx buffer sysctls for DCCP
Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Gerrit Renker [Mon, 20 Nov 2006 20:28:09 +0000 (18:28 -0200)]
[DCCP]: Add CCID3 debug support to Kconfig
This adds a CCID3 debug option to the configuration menu
which is missing in Kconfig, but already used by the code.
CCID 2 already provides such an entry.
To enable debugging, set CONFIG_IP_DCCP_CCID3_DEBUG=y
NOTE: The use of ccid3_{t,r}x_state_name is safe, since
now only enum values can appear.
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Gerrit Renker [Mon, 20 Nov 2006 20:26:03 +0000 (18:26 -0200)]
[DCCP]: enable debug messages also for static builds
This patch
* makes debugging (when configured) work both for static / module build
* provides generic debugging macros for use in other DCCP / CCID modules
* adds missing information about debug parameters to Kconfig
* performs some code tidy-up
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Michael Chan [Sun, 19 Nov 2006 22:15:31 +0000 (14:15 -0800)]
[BNX2]: Update version and rel date.
Update version to 1.5.1.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:15:05 +0000 (14:15 -0800)]
[BNX2]: Add 5709 PCI ID.
Add PCI ID and detection for 5709 copper and SerDes chips.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:14:35 +0000 (14:14 -0800)]
[BNX2]: Download 5709 firmware.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:13:52 +0000 (14:13 -0800)]
[BNX2]: New firmware to support 5709 (part 4).
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:13:23 +0000 (14:13 -0800)]
[BNX2]: New firmware to support 5709 (part 3).
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:12:55 +0000 (14:12 -0800)]
[BNX2]: New firmware to support 5709 (part 2).
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:12:28 +0000 (14:12 -0800)]
[BNX2]: New firmware to support 5709 (part 1).
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:11:41 +0000 (14:11 -0800)]
[BNX2]: Add 5709 reset and runtime code.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:10:45 +0000 (14:10 -0800)]
[BNX2]: Add 5709 init code.
Add basic support to initialize the 5709 chip.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:10:12 +0000 (14:10 -0800)]
[BNX2]: Add new 5709 registers (part 2).
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:09:48 +0000 (14:09 -0800)]
[BNX2]: Add new 5709 registers (part 1).
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:09:25 +0000 (14:09 -0800)]
[BNX2]: Re-organize firmware structures.
Re-organize the firmware handling code and declarations a bit to make
the code more compact.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:08:56 +0000 (14:08 -0800)]
[BNX2]: Remove udelay() in copper PHY code.
Change a long udelay() in bnx2_setup_copper_phy() to msleep().
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:08:29 +0000 (14:08 -0800)]
[BNX2]: Add 5708S parallel detection.
Add code to parallel detect 1Gbps and 2.5Gbps link speeds.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:08:00 +0000 (14:08 -0800)]
[BNX2]: Add bnx2_5706_serdes_timer().
Separate the 5706S SerDes handling code in bnx2_timer() and put it
in a new function.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:07:28 +0000 (14:07 -0800)]
[BNX2]: Improve SerDes handling.
1. Add support for 2.5Gbps forced speed setting.
2. Remove a long udelay() loop and change to msleep().
3. Other misc. SerDes fixes.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Sun, 19 Nov 2006 22:06:40 +0000 (14:06 -0800)]
[BNX2]: Fix Xen problem.
This fixes the problem of not receiving packets in the Xen bridging
environment. The Xen script sets the device's MAC address to
FE:FF:FF:FF:FF:FF and puts the device in promiscuous mode. The
firmware had problem receiving all packets in this configuration.
New firmware and setting the PROM_VLAN bit when in promiscuous mode
will fix this problem.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
James Morris [Sat, 18 Nov 2006 04:01:03 +0000 (23:01 -0500)]
Compile fix for "peer secid consolidation for external network labeling"
Use a forward declaration instead of dragging in skbuff.h and
related junk.
Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 17 Nov 2006 22:38:55 +0000 (17:38 -0500)]
NetLabel: honor the audit_enabled flag
The audit_enabled flag is used to signal when syscall auditing is to be
performed. While NetLabel uses a Netlink interface instead of syscalls, it is
reasonable to consider the NetLabel Netlink interface as a form of syscall so
pay attention to the audit_enabled flag when generating audit messages in
NetLabel.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 17 Nov 2006 22:38:54 +0000 (17:38 -0500)]
SELinux: peer secid consolidation for external network labeling
Now that labeled IPsec makes use of the peer_sid field in the
sk_security_struct we can remove a lot of the special cases between labeled
IPsec and NetLabel. In addition, create a new function,
security_skb_extlbl_sid(), which we can use in several places to get the
security context of the packet's external label which allows us to further
simplify the code in a few places.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 17 Nov 2006 22:38:53 +0000 (17:38 -0500)]
NetLabel: SELinux cleanups
This patch does a lot of cleanup in the SELinux NetLabel support code. A
summary of the changes include:
* Use RCU locking for the NetLabel state variable in the skk_security_struct
instead of using the inode_security_struct mutex.
* Remove unnecessary parameters in selinux_netlbl_socket_post_create().
* Rename selinux_netlbl_sk_clone_security() to
selinux_netlbl_sk_security_clone() to better fit the other NetLabel
sk_security functions.
* Improvements to selinux_netlbl_inode_permission() to help reduce the cost of
the common case.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 17 Nov 2006 22:38:52 +0000 (17:38 -0500)]
NetLabel: use cipso_v4_doi_search() for local CIPSOv4 functions
The cipso_v4_doi_search() function behaves the same as cipso_v4_doi_getdef()
but is a local, static function so use it whenever possibile in the CIPSOv4
code base.
Signed-of-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 17 Nov 2006 22:38:51 +0000 (17:38 -0500)]
NetLabel: use the correct CIPSOv4 MLS label limits
The CIPSOv4 engine currently has MLS label limits which are slightly larger
than what the draft allows. This is not a major problem due to the current
implementation but we should fix this so it doesn't bite us later.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 17 Nov 2006 22:38:50 +0000 (17:38 -0500)]
NetLabel: return the correct error for translated CIPSOv4 tags
The CIPSOv4 translated tag #1 mapping does not always return the correct error
code if the desired mapping does not exist; instead of returning -EPERM it
returns -ENOSPC indicating that the buffer is not large enough to hold the
translated value. This was caused by failing to check a specific error
condition. This patch fixes this so that unknown mappings return
-EPERM which is consistent with the rest of the related CIPSOv4 code.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 17 Nov 2006 22:38:49 +0000 (17:38 -0500)]
NetLabel: fixup the handling of CIPSOv4 tags to allow for multiple tag types
While the original CIPSOv4 code had provisions for multiple tag types the
implementation was not as great as it could be, pushing a lot of non-tag
specific processing into the tag specific code blocks. This patch fixes that
issue making it easier to support multiple tag types in the future.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 17 Nov 2006 22:38:48 +0000 (17:38 -0500)]
NetLabel: add tag verification when adding new CIPSOv4 DOI definitions
Currently the CIPSOv4 engine does not do any sort of checking when a new DOI
definition is added. The tags are still verified but only as a side effect of
normal NetLabel operation (packet processing, socket labeling, etc.) which
would cause application errors due to the faulty configuration. This patch
adds tag checking when new DOI definition are added allowing us to catch these
configuration problems when they happen.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 17 Nov 2006 22:38:47 +0000 (17:38 -0500)]
NetLabel: check for a CIPSOv4 option before we do call into the CIPSOv4 layer
Right now the NetLabel code always jumps into the CIPSOv4 layer to determine if
a CIPSO IP option is present. However, we can do this check directly in the
NetLabel code by making use of the CIPSO_V4_OPTEXIST() macro which should save
us a function call in the common case of not having a CIPSOv4 option present.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 17 Nov 2006 22:38:46 +0000 (17:38 -0500)]
NetLabel: make netlbl_lsm_secattr struct easier/quicker to understand
The existing netlbl_lsm_secattr struct required the LSM to check all of the
fields to determine if any security attributes were present resulting in a lot
of work in the common case of no attributes. This patch adds a 'flags' field
which is used to indicate which attributes are present in the structure; this
should allow the LSM to do a quick comparison to determine if the structure
holds any security attributes.
Example:
if (netlbl_lsm_secattr->flags)
/* security attributes present */
else
/* NO security attributes present */
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 17 Nov 2006 22:38:45 +0000 (17:38 -0500)]
NetLabel: change netlbl_secattr_init() to return void
The netlbl_secattr_init() function would always return 0 making it pointless
to have a return value. This patch changes the function to return void.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 17 Nov 2006 22:38:44 +0000 (17:38 -0500)]
NetLabel: convert the unlabeled accept flag to use RCU
Currently the NetLabel unlabeled packet accept flag is an atomic type and it
is checked for every non-NetLabel packet which comes into the system but rarely
ever changed. This patch changes this flag to a normal integer and protects it
with RCU locking.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore [Fri, 17 Nov 2006 22:38:43 +0000 (17:38 -0500)]
NetLabel: use gfp_t instead of int where it makes sense
There were a few places in the NetLabel code where the int type was being used
instead of the gfp_t type, this patch corrects this mistake.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Arnaldo Carvalho de Melo [Fri, 17 Nov 2006 21:59:12 +0000 (19:59 -0200)]
[TCP]: Tidy up skb_entail
Heck, it even saves us some few bytes:
[acme@newtoy net-2.6.20]$ codiff -f /tmp/tcp.o.before ../OUTPUT/qemu/net-2.6.20/net/ipv4/tcp.o
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/ipv4/tcp.c:
tcp_sendpage | -7
tcp_sendmsg | -5
2 functions changed, 12 bytes removed
[acme@newtoy net-2.6.20]$
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Arnaldo Carvalho de Melo [Fri, 17 Nov 2006 15:05:04 +0000 (13:05 -0200)]
[NETROM]: Use kmemdup
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Arnaldo Carvalho de Melo [Fri, 17 Nov 2006 14:43:07 +0000 (12:43 -0200)]
[AX25]: Use kmemdup
Code diff stats:
[acme@newtoy net-2.6.20]$ codiff /tmp/ax25.ko.before /tmp/ax25.ko.after
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/ax25/ax25_out.c:
ax25_send_frame | -8
1 function changed, 8 bytes removed
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/ax25/ax25_route.c:
ax25_rt_autobind | -15
1 function changed, 15 bytes removed
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/ax25/af_ax25.c:
ax25_make_new | -33
1 function changed, 33 bytes removed
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/ax25/sysctl_net_ax25.c:
ax25_register_sysctl | -21
1 function changed, 21 bytes removed
/tmp/ax25.ko.after:
4 functions changed, 77 bytes removed
[acme@newtoy net-2.6.20]$
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Arnaldo Carvalho de Melo [Fri, 17 Nov 2006 14:29:21 +0000 (12:29 -0200)]
[DECNET]: Use kmemdup
Code diff stats:
[acme@newtoy net-2.6.20]$ codiff /tmp/decnet.ko.before /tmp/decnet.ko.after
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/decnet/dn_dev.c:
dn_dev_sysctl_register | -51
1 function changed, 51 bytes removed
[acme@newtoy net-2.6.20]$
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Arnaldo Carvalho de Melo [Fri, 17 Nov 2006 14:21:43 +0000 (12:21 -0200)]
[DCCP]: Use kmemdup
Code diff stats:
[acme@newtoy net-2.6.20]$ codiff /tmp/dccp.ko.before /tmp/dccp.ko.after
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/dccp/feat.c:
__dccp_feat_init | -16
dccp_feat_change_recv | -55
dccp_feat_clone | -56
3 functions changed, 127 bytes removed
[acme@newtoy net-2.6.20]$
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Arnaldo Carvalho de Melo [Fri, 17 Nov 2006 14:14:37 +0000 (12:14 -0200)]
[IPV6]: Use kmemdup
Code diff stats:
[acme@newtoy net-2.6.20]$ codiff /tmp/ipv6.ko.before /tmp/ipv6.ko.after
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/ipv6/ip6_output.c:
ip6_output | -52
ip6_append_data | +2
2 functions changed, 2 bytes added, 52 bytes removed
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/ipv6/addrconf.c:
addrconf_sysctl_register | -27
1 function changed, 27 bytes removed
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/ipv6/tcp_ipv6.c:
tcp_v6_syn_recv_sock | -32
tcp_v6_parse_md5_keys | -24
2 functions changed, 56 bytes removed
/tmp/ipv6.ko.after:
5 functions changed, 2 bytes added, 135 bytes removed
[acme@newtoy net-2.6.20]$
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Arnaldo Carvalho de Melo [Fri, 17 Nov 2006 13:25:49 +0000 (11:25 -0200)]
[TCP] minisocks: Use kmemdup and LIMIT_NETDEBUG
Code diff stats:
[acme@newtoy net-2.6.20]$ codiff /tmp/tcp_minisocks.o.before /tmp/tcp_minisocks.o.after
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/ipv4/tcp_minisocks.c:
tcp_check_req | -44
1 function changed, 44 bytes removed
[acme@newtoy net-2.6.20]$
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Arnaldo Carvalho de Melo [Fri, 17 Nov 2006 13:18:20 +0000 (11:18 -0200)]
[IPV4]: Use kmemdup in net/ipv4/devinet.c
Code diff stats:
[acme@newtoy net-2.6.20]$ codiff /tmp/devinet.o.before /tmp/devinet.o.after
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/ipv4/devinet.c:
devinet_sysctl_register | -38
1 function changed, 38 bytes removed
[acme@newtoy net-2.6.20]$
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Arnaldo Carvalho de Melo [Fri, 17 Nov 2006 13:14:16 +0000 (11:14 -0200)]
[NETLABEL]: Use kmemdup in cipso_ipv4.c
Code diff stats:
[acme@newtoy net-2.6.20]$ codiff /tmp/cipso_ipv4.o.before /tmp/cipso_ipv4.o.after
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/ipv4/cipso_ipv4.c:
cipso_v4_cache_add | -46
1 function changed, 46 bytes removed
[acme@newtoy net-2.6.20]$
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Arnaldo Carvalho de Melo [Fri, 17 Nov 2006 13:06:01 +0000 (11:06 -0200)]
[TCP_IPV4]: Use kmemdup where appropriate
Also use a variable to avoid the longish tp->md5sig_info-> use
in tcp_v4_md5_do_add.
Code diff stats:
[acme@newtoy net-2.6.20]$ codiff /tmp/tcp_ipv4.o.before /tmp/tcp_ipv4.o.after
/pub/scm/linux/kernel/git/acme/net-2.6.20/net/ipv4/tcp_ipv4.c:
tcp_v4_md5_do_add | -62
tcp_v4_syn_recv_sock | -32
tcp_v4_parse_md5_keys | -86
3 functions changed, 180 bytes removed
[acme@newtoy net-2.6.20]$
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Arnaldo Carvalho de Melo [Fri, 17 Nov 2006 12:57:30 +0000 (10:57 -0200)]
[TCP_IPV4]: CodingStyle cleanups, no code change
Mostly related to CONFIG_TCP_MD5SIG recent merge.
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Andrea Bittau [Thu, 16 Nov 2006 16:28:40 +0000 (14:28 -0200)]
[DCCP] CCID2: Code optimizations
These are code optimizations which are relevant when dealing with large
windows. They are not coded the way I would like to, but they do the job for
the short-term. This patch should be more neat.
Commiter note: Changed the seqno comparisions to use {after,before}48 to handle
wrapping.
Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Arnaldo Carvalho de Melo [Thu, 16 Nov 2006 16:06:06 +0000 (14:06 -0200)]
[NET]: Conditionally use bh_lock_sock_nested in sk_receive_skb
Spotted by Ian McDonald, tentatively fixed by Gerrit Renker:
http://www.mail-archive.com/dccp%40vger.kernel.org/msg00599.html
Rewritten not to unroll sk_receive_skb, in the common case, i.e. no lock
debugging, its optimized away.
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Arnaldo Carvalho de Melo [Thu, 16 Nov 2006 14:23:58 +0000 (12:23 -0200)]
[DCCP]: One NET_INC_STATS() could be NET_INC_STATS_BH in dccp_v4_err()
Spotted by Eric Dumazet in tcp_v4_rcv().
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Gerrit Renker [Wed, 15 Nov 2006 23:27:47 +0000 (21:27 -0200)]
[DCCP]: Introduce DCCP_{BUG{_ON},CRIT} macros, use enum:8 for the ccid3 states
This patch tackles the following problem:
* the ccid3_hc_{t,r}x_sock define ccid3hc{t,r}x_state as `u8', but
in reality there can only be a few, pre-defined enum names
* this necessitates addiditional checking for unexpected values
which would otherwise be caught by the compiler
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
David S. Miller [Wed, 15 Nov 2006 09:09:32 +0000 (01:09 -0800)]
[UDPLite]: udplite.h needs ip6_checksum.h
Signed-off-by: David S. Miller <davem@davemloft.net>
Gerrit Renker [Wed, 15 Nov 2006 08:44:49 +0000 (00:44 -0800)]
[NET/IPv4]: Make udp_push_pending_frames static
udp_push_pending_frames is only referenced within
net/ipv4/udp.c and hence can remain static.
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Wed, 15 Nov 2006 06:09:20 +0000 (22:09 -0800)]
[IPV6]: udp.c build fix
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Wed, 15 Nov 2006 05:51:36 +0000 (21:51 -0800)]
[NET]: More dccp endianness annotations.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Wed, 15 Nov 2006 05:44:08 +0000 (21:44 -0800)]
[NET]: Preliminaty annotation of skb->csum.
It's still not completely right; we need to split it into anon unions
of __wsum and unsigned - for cases when we use it for partial checksum
and for offset of checksum in skb
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Wed, 15 Nov 2006 05:43:44 +0000 (21:43 -0800)]
[NET] driver/s390/net: Checksum annotations.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Wed, 15 Nov 2006 05:43:23 +0000 (21:43 -0800)]
[NET]: netfilter checksum annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Thu, 16 Nov 2006 10:41:18 +0000 (02:41 -0800)]
[NET]: ipvs checksum annotations.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Wed, 15 Nov 2006 05:42:26 +0000 (21:42 -0800)]
[NET]: IP header modifier helpers annotations.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Thu, 16 Nov 2006 10:36:50 +0000 (02:36 -0800)]
[NET]: Make mangling a checksum (0 -> 0xffff on the wire) explicit.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Wed, 15 Nov 2006 05:40:42 +0000 (21:40 -0800)]
[NET]: Annotate __skb_checksum_complete() and friends.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Wed, 15 Nov 2006 05:37:50 +0000 (21:37 -0800)]
[NET]: Annotate ip_vs_checksum_complete() and callers.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Wed, 15 Nov 2006 05:37:33 +0000 (21:37 -0800)]
[NET]: Annotate skb_copy_and_csum_bits() and callers.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Wed, 15 Nov 2006 05:37:14 +0000 (21:37 -0800)]
[NET]: Annotate skb_checksum() and callers.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Wed, 15 Nov 2006 05:36:54 +0000 (21:36 -0800)]
[NET]: Annotate callers of the reset of checksum.h stuff.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Wed, 15 Nov 2006 05:36:34 +0000 (21:36 -0800)]
[NET]: Annotate callers of csum_partial_copy_...() and csum_and_copy...() in net/*
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Al Viro [Wed, 15 Nov 2006 05:36:14 +0000 (21:36 -0800)]
[NET]: Annotate csum_partial() callers in net/*
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>