Masahide NAKAMURA [Thu, 24 Aug 2006 02:16:22 +0000 (19:16 -0700)]
[IPV6] MIP6: Add inbound interface of routing header type 2.
Add inbound interface of routing header type 2 for Mobile IPv6.
Based on MIPL2 kernel patch.
This patch was also written by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Noriaki TAKAMIYA [Thu, 24 Aug 2006 02:15:07 +0000 (19:15 -0700)]
[IPV6] MIP6: Add routing header type 2 definition.
Add routing header type 2 definition for Mobile IPv6.
Based on MIPL2 kernel patch.
Signed-off-by: Noriaki TAKAMIYA <takamiya@po.ntts.co.jp>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Masahide NAKAMURA [Thu, 24 Aug 2006 02:13:46 +0000 (19:13 -0700)]
[IPV6]: Add Kconfig to enable Mobile IPv6.
Add Kconfig to enable Mobile IPv6.
Based on MIPL2 kernel patch.
Signed-off-by: Noriaki TAKAMIYA <takamiya@po.ntts.co.jp>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Masahide NAKAMURA [Thu, 24 Aug 2006 02:12:56 +0000 (19:12 -0700)]
[XFRM]: Fix message about transformation user interface.
Transformation user interface is not only for IPsec.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Thu, 24 Aug 2006 02:12:01 +0000 (19:12 -0700)]
[XFRM] IPV6: Restrict bundle reusing
For outbound transformation, bundle is checked whether it is
suitable for current flow to be reused or not. In such IPv6 case
as below, transformation may apply incorrect bundle for the flow instead
of creating another bundle:
- The policy selector has destination prefix length < 128
(Two or more addresses can be matched it)
- Its bundle holds dst entry of default route whose prefix length < 128
(Previous traffic was used such route as next hop)
- The policy and the bundle were used a transport mode state and
this time flow address is not matched the bundled state.
This issue is found by Mobile IPv6 usage to protect mobility signaling
by IPsec, but it is not a Mobile IPv6 specific.
This patch adds strict check to xfrm_bundle_ok() for each
state mode and address when prefix length is less than 128.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Thu, 24 Aug 2006 01:20:16 +0000 (18:20 -0700)]
[XFRM] IPV6: Update outbound state timestamp for each sending.
With this patch transformation state is updated last used time
for each sending. Xtime is used for it like other state lifetime
expiration.
Mobile IPv6 enabled nodes will want to know traffic status of each
binding (e.g. judgement to request binding refresh by correspondent node,
or to keep home/care-of nonce alive by mobile node).
The last used timestamp is an important hint about it.
Based on MIPL2 kernel patch.
This patch was also written by: Henrik Petander <petander@tcs.hut.fi>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Noriaki TAKAMIYA [Thu, 24 Aug 2006 01:18:55 +0000 (18:18 -0700)]
[XFRM] STATE: Introduce care-of address.
Care-of address is carried by state as a transformation option like
IPsec encryption/authentication algorithm.
Based on MIPL2 kernel patch.
Signed-off-by: Noriaki TAKAMIYA <takamiya@po.ntts.co.jp>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Masahide NAKAMURA [Thu, 24 Aug 2006 01:11:50 +0000 (18:11 -0700)]
[XFRM] STATE: Support non-fragment outbound transformation headers.
For originated outbound IPv6 packets which will fragment, ip6_append_data()
should know length of extension headers before sending them and
the length is carried by dst_entry.
IPv6 IPsec headers fragment then transformation was
designed to place all headers after fragment header.
OTOH Mobile IPv6 extension headers do not fragment then
it is a good idea to make dst_entry have non-fragment length to tell it
to ip6_append_data().
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Thu, 24 Aug 2006 01:10:33 +0000 (18:10 -0700)]
[XFRM] STATE: Add a hook to obtain local/remote outbound address.
Outbound transformation replaces both source and destination address with
state's end-point addresses at the same time when IPsec tunnel mode.
It is also required to change them for Mobile IPv6 route optimization, but we
should care about the following differences:
- changing result is not end-point but care-of address
- either source or destination is replaced for each state
This hook is a common platform to change outbound address.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Thu, 24 Aug 2006 01:09:09 +0000 (18:09 -0700)]
[XFRM]: Rename secpath_has_tunnel to secpath_has_nontransport.
On current kernel inbound transformation state is allowed transport and
disallowed tunnel mode when mismatch is occurred between tempates and states.
As the result of adding two more modes by Mobile IPv6, this function name
is misleading. Inbound transformation can allow only transport mode
when mismatch is occurred between template and secpath.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Thu, 24 Aug 2006 01:08:21 +0000 (18:08 -0700)]
[XFRM] STATE: Common receive function for route optimization extension headers.
XFRM_STATE_WILDRECV flag is introduced; the last resort state is set
it and receives packet which is not route optimized but uses such
extension headers i.e. Mobile IPv6 signaling (binding update and
acknowledgement). A node enabled Mobile IPv6 adds the state.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Thu, 24 Aug 2006 01:00:48 +0000 (18:00 -0700)]
[XFRM]: Restrict authentication algorithm only when inbound transformation protocol is IPsec.
For Mobile IPv6 usage, routing header or destination options header is
used and it doesn't require this comparison. It is checked only for
IPsec template.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Thu, 24 Aug 2006 00:59:44 +0000 (17:59 -0700)]
[XFRM] STATE: Introduce route optimization mode.
Route optimization is used with routing header and destination options
header for Mobile IPv6.
At outbound it makes header space like IPsec transport. At inbound it
does nothing because exhdrs.c functions have responsibility to update
skbuff information for these headers.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Thu, 24 Aug 2006 00:57:28 +0000 (17:57 -0700)]
[XFRM] STATE: Add a hook to find offset to be inserted header in outbound.
On current kernel, ip6_find_1stfragopt() is used by IPv6 IPsec to find
offset to be inserted header in outbound for transport mode. (BTW, no
usage may be needed for IPv4 case.) Mobile IPv6 requires another
logic for routing header and destination options header
respectively. This patch is common platform for the offset and adopts
it to IPsec.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Thu, 24 Aug 2006 00:56:04 +0000 (17:56 -0700)]
[XFRM] STATE: Search by address using source address list.
This is a support to search transformation states by its addresses
by using source address list for Mobile IPv6 usage.
To use it from user-space, it is also added a message type for
source address as a xfrm state option.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Thu, 24 Aug 2006 00:53:57 +0000 (17:53 -0700)]
[XFRM] STATE: Add source address list.
Support source address based searching.
Mobile IPv6 will use it.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Thu, 24 Aug 2006 00:52:01 +0000 (17:52 -0700)]
[XFRM]: Expand XFRM_MAX_DEPTH for route optimization.
XFRM_MAX_DEPTH is a limit of transformation states to be applied to the same
flow. Two more extension headers are used by Mobile IPv6 transformation.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Thu, 24 Aug 2006 00:49:52 +0000 (17:49 -0700)]
[XFRM] STATE: Allow non IPsec protocol.
It will be added two more transformation protocols (routing header
and destination options header) for Mobile IPv6.
xfrm_id_proto_match() can be handle zero as all, IPSEC_PROTO_ANY as
all IPsec and otherwise as exact one.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Fri, 22 Sep 2006 22:06:24 +0000 (15:06 -0700)]
[XFRM]: Introduce a helper to compare id protocol.
Put the helper to header for future use.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA [Fri, 22 Sep 2006 22:05:15 +0000 (15:05 -0700)]
[XFRM]: Add XFRM_MODE_xxx for future use.
Transformation mode is used as either IPsec transport or tunnel.
It is required to add two more items, route optimization and inbound trigger
for Mobile IPv6.
Based on MIPL2 kernel patch.
This patch was also written by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:25:05 +0000 (17:25 -0700)]
[IPV6] ROUTE: Unify RT6_F_xxx and RT6_SELECT_F_xxx flags
Unify RT6_F_xxx and RT6_SELECT_F_xxx flags into
RT6_LOOKUP_F_xxx flags, and put them into ip6_route.h
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Ville Nuorvala <vnuorval@tcs.hut.fi
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:23:39 +0000 (17:23 -0700)]
[IPV6] KCONFIG: Add subtrees support.
This is for developers only.
Based on MIPL2 kernel patch.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:23:25 +0000 (17:23 -0700)]
[IPV6] ROUTE: Add credits about subtree fixes.
Based on MIPL2 kernel patch.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:23:11 +0000 (17:23 -0700)]
[IPV6] NDISC: Search subtrees when backtracking on receipt of redirects.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Ville Nuorvala <vnuorval@tcs.hut.fi
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:22:55 +0000 (17:22 -0700)]
[IPV6] ROUTE: Purge clones on other trees when deleting a route.
Based on MIPL2 kernel patch.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:22:39 +0000 (17:22 -0700)]
[IPV6] ROUTE: Search subtree when backtracking.
Based on MIPL2 kernel patch.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:22:24 +0000 (17:22 -0700)]
[IPV6] ROUTE: Put SUBTREE() as FIB6_SUBTREE() into ip6_fib.h for future use.
Based on MIPL2 kernel patch.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:21:50 +0000 (17:21 -0700)]
[IPV6] ROUTE: Allow searching subtree only.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:21:29 +0000 (17:21 -0700)]
[IPV6] ROUTE: Make sure we do not exceed args in fib6_lookup_1().
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:21:12 +0000 (17:21 -0700)]
[IPV6] ROUTE: Fix looking up a route on subtree.
Even on RTN_ROOT node, we need to process its subtree first.
Fix NULL pointer dereference in fib6_locate().
Based on MIPL2 kernel patch.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:20:54 +0000 (17:20 -0700)]
[IPV6] ROUTE: Prune clones from main tree as well.
Based on MIPL2 kernel patch.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:20:34 +0000 (17:20 -0700)]
[IPV6] ROUTE: Make sure we have fn->leaf when adding a node on subtree.
Based on MIPL2 kernel patch.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Wed, 30 Aug 2006 00:15:09 +0000 (17:15 -0700)]
[IPV6]: Cache source address as well in ipv6_pinfo{}.
Based on MIPL2 kernel patch.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:19:18 +0000 (17:19 -0700)]
[IPV6] ROUTE: Introduce a helper to check route validity.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:18:57 +0000 (17:18 -0700)]
[IPV6] NDISC: Initialize fl with outbound interface to lookup rules properly.
Based on MIPL2 kernel patch.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:18:26 +0000 (17:18 -0700)]
[IPV6] NDISC: Search over all possible rules on receipt of redirect.
Split up function for finding routes for redirects.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
YOSHIFUJI Hideaki [Thu, 24 Aug 2006 00:12:24 +0000 (17:12 -0700)]
[IPV6] NDISC: Take source address into account for redirects.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Wed, 23 Aug 2006 05:20:14 +0000 (22:20 -0700)]
[RTNETLINK]: Don't return error on no-metrics.
Instead just cancel the nested attribute and return 0.
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 22 Aug 2006 20:52:17 +0000 (13:52 -0700)]
[NETFILTER]: x_tables: Fix typos after conversion to use mass registation helper
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vladislav Yasevich [Tue, 22 Aug 2006 20:29:17 +0000 (13:29 -0700)]
[SCTP]: Remove multiple levels of msecs to jiffies conversions.
The SCTP sysctl entries are displayed in milliseconds, but stored
internally in jiffies. This results in multiple levels of msecs to
jiffies conversion and as a result produces a truncation error. This
patch makes things consistent in that we store and display defaults
in milliseconds and only convert once for use by association.
This patch also adds some sane min/max values so that we don't go off
the deep end.
Signed-off-by: Vladislav Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 22 Aug 2006 07:44:14 +0000 (00:44 -0700)]
[NETFILTER]: xt_tcpmss: minor cleanups
- remove unused define
- remove useless wrapper function
- use new line for expression after condition
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 22 Aug 2006 07:43:55 +0000 (00:43 -0700)]
[NETFILTER]: ip6_tables: consolidate dst and hbh matches
The matches are identical besides one looking for NEXTHDR_HOP, the other
for NEXTHDR_DEST. Remove ip6t_dst.c and handle both in ip6t_hbh.c.
Signed-off-by: Patrick McHardy <kaber@trash,net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 22 Aug 2006 07:43:38 +0000 (00:43 -0700)]
[NETFILTER]: x_tables: add data member to struct xt_match
Shared match functions can use this to make runtime decisions basen on the
used match.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 22 Aug 2006 07:43:20 +0000 (00:43 -0700)]
[NETFILTER]: nfnetlink: remove unnecessary packed attributes
Remove unnecessary packed attributes in nfnetlink structures. Unfortunately
in a few cases they have to stay to avoid changing structure sizes.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 22 Aug 2006 07:36:37 +0000 (00:36 -0700)]
[NETFILTER]: x_tables: remove unused size argument to check/destroy functions
The size is verified by x_tables and isn't needed by the modules anymore.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 22 Aug 2006 07:35:47 +0000 (00:35 -0700)]
[NETFILTER]: x_tables: remove unused argument to target functions
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 22 Aug 2006 07:34:04 +0000 (00:34 -0700)]
[NETFILTER]: x_tables: make use of mass registation helpers
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 22 Aug 2006 07:33:45 +0000 (00:33 -0700)]
[NETFILTER]: x_tables: add helpers for mass match/target registration
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 22 Aug 2006 07:33:26 +0000 (00:33 -0700)]
[NETFILTER]: xt_CONNMARK: use tabs for indentation
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 22 Aug 2006 07:33:09 +0000 (00:33 -0700)]
[NETFILTER]: replace open coded checksum updates
Replace open coded checksum update by nf_csum_update calls and clean up
the surrounding code a bit.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 22 Aug 2006 07:32:47 +0000 (00:32 -0700)]
[NETFILTER]: nfnetlink_queue: fix typo in error message
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Tue, 22 Aug 2006 07:32:23 +0000 (00:32 -0700)]
[NETFILTER]: ctnetlink: remove impossible events tests for updates
IPCT_HELPER and IPCT_NATINFO bits are never set on updates.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Tue, 22 Aug 2006 07:32:05 +0000 (00:32 -0700)]
[NETFILTER]: ctnetlink: check for listeners before sending expectation events
This patch uses nfnetlink_has_listeners to check for listeners in
userspace.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Tue, 22 Aug 2006 07:31:49 +0000 (00:31 -0700)]
[NETFILTER]: ctnetlink: dump connection mark
ctnetlink dumps the mark iif the event mark happened
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Tue, 22 Aug 2006 07:31:24 +0000 (00:31 -0700)]
[NETFILTER]: conntrack: introduce connection mark event
This patch introduces the mark event. ctnetlink can use this to know if
the mark needs to be dumped.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel De Graaf [Tue, 22 Aug 2006 07:30:55 +0000 (00:30 -0700)]
[NETFILTER]: ipt_recent: add module parameter for changing ownership of /proc/net/ipt_recent/*
Signed-off-by: Daniel De Graaf <danield@iastate.edu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yasuyuki Kozakai [Tue, 22 Aug 2006 07:30:26 +0000 (00:30 -0700)]
[NETFILTER]: x_tables: replace IPv4 DSCP target by address family independent version
This replaces IPv4 DSCP target by address family independent version.
This also
- utilizes dsfield.h to get/mangle DS field in IPv4/IPv6 header
- fixes Kconfig help text.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yasuyuki Kozakai [Tue, 22 Aug 2006 07:29:37 +0000 (00:29 -0700)]
[NETFILTER]: x_tables: replace IPv4 dscp match by address family independent version
This replaces IPv4 dscp match by address family independent version.
This also
- utilizes dsfield.h to get the DS field in IPv4/IPv6 header, and
- checks for the DSCP value from user space.
- fixes Kconfig help text.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Henrik Kretzschmar [Tue, 22 Aug 2006 07:28:33 +0000 (00:28 -0700)]
[TG3]: Convert the pci_device_id table to PCI_DEVICE()
Convert the pci_device_ids to PCI_DEVICE() macro. Saves 1.5k in the
sourcefile.
Signed-off-by: Henrik Kretzschmar <henne@nachtwindheim.de>
Acked-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sridhar Samudrala [Tue, 22 Aug 2006 07:24:09 +0000 (00:24 -0700)]
[SCTP]: Use the flags value that is passed as an arg to sctp_accept.
No need to do multiple dereferences - sk->sk_socket->file->f_flags
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vladislav Yasevich [Tue, 22 Aug 2006 07:23:13 +0000 (00:23 -0700)]
[SCTP]: Fix IPv6 address flag setting when doing peel-off/accept.
During accept/peeloff we try to copy the list of bound addresses from
the original endpoint to the new one. However, we forgot to set the flag
to say that IPv6 is allowed on the new endpoint.
Signed-off-by: Vladislav Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vladislav Yasevich [Tue, 22 Aug 2006 07:19:51 +0000 (00:19 -0700)]
[SCTP]: Cleanup nomem handling in the state functions.
This patch cleans up the "nomem" conditions that may occur during the
processing by the state machine functions. In most cases we delay adding
side-effect commands until all memory allocations are done.
Signed-off-by: Vladislav Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sridhar Samudrala [Tue, 22 Aug 2006 07:15:33 +0000 (00:15 -0700)]
[SCTP]: Extend /proc/net/sctp/snmp to provide more statistics.
This patch adds more statistics info under /proc/net/sctp/snmp
that should be useful for debugging. The additional events that
are counted now include timer expirations, retransmits, packet
and data chunk discards.
The Data chunk discards include all the cases where a data chunk
is discarded including high tsn, bad stream, dup tsn and the most
useful one(out of receive buffer/rwnd).
Also moved the SCTP MIB data structures from the generic include
directories to include/sctp/sctp.h.
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 22 Aug 2006 07:13:07 +0000 (00:13 -0700)]
[IPV6]: Fixup ip6_del_rt() call for new args.
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 22 Aug 2006 07:01:47 +0000 (00:01 -0700)]
[IPv6] route: Convert GETROUTE to use new netlink api
Fixes various unvalidated netlink attributes causing memory
corruptions when left empty by userspace applications.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 22 Aug 2006 07:01:27 +0000 (00:01 -0700)]
[IPv6] route: Convert FIB6 dumping to use new netlink api
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 22 Aug 2006 07:01:08 +0000 (00:01 -0700)]
[IPv6] route: FIB6 configuration using struct fib6_config
Replaces the struct in6_rtmsg based interface orignating from
the ioctl interface with a struct fib6_config based on. Allows
changing the interface without breaking the ioctl interface
and avoids passing on tons of parameters.
The recently introduced struct nl_info is used to pass on
netlink authorship information for notifications.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 22 Aug 2006 07:00:45 +0000 (00:00 -0700)]
[IPv6] route: Simplify ip6_ins_rt()
Provide a simple ip6_ins_rt() for the majority of users and
an alternative for the exception via netlink. Avoids code
obfuscation.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 22 Aug 2006 07:00:21 +0000 (00:00 -0700)]
[IPv6] route: Simplify ip6_del_rt()
Provide a simple ip6_del_rt() for the majority of users and
an alternative for the exception via netlink. Avoids code
obfuscation.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 22 Aug 2006 06:54:55 +0000 (23:54 -0700)]
[PKT_SCHED]: Kill pkt_act.h inlining.
This was simply making templates of functions and mostly causing a lot
of code duplication in the classifier action modules.
We solve this more cleanly by having a common "struct tcf_common" that
hash worker functions contained once in act_api.c can work with.
Callers work with real action objects that have the common struct
plus their module specific struct members. You go from a common
object to the higher level one using a "to_foo()" macro which makes
use of container_of() to do the dirty work.
This also kills off act_generic.h which was only used by act_simple.c
and keeping it around was more work than the it's value.
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Hemminger [Fri, 18 Aug 2006 01:20:18 +0000 (18:20 -0700)]
[ETH]: indentation and cleanup
Run ethernet support through Lindent and fix up.
Applies after docbook comments patch
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Hemminger [Fri, 18 Aug 2006 01:18:53 +0000 (18:18 -0700)]
[ETH]: docbook comments
Add docbook style comments to ethernet support.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Acked-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Hemminger [Fri, 18 Aug 2006 01:17:37 +0000 (18:17 -0700)]
[NET] neighbour: reduce exports
There are several symbols only used by rtnetlink and since it can
not be a module, there is no reason to export them.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Fri, 18 Aug 2006 01:15:44 +0000 (18:15 -0700)]
[IPv4]: Convert route get to new netlink api
Fixes various unvalidated netlink attributes causing memory
corruptions when left empty by userspace applications.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Fri, 18 Aug 2006 01:15:17 +0000 (18:15 -0700)]
[IPv4]: Convert FIB dumping to use new netlink api
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Fri, 18 Aug 2006 01:14:52 +0000 (18:14 -0700)]
[IPv4]: FIB configuration using struct fib_config
Introduces struct fib_config replacing the ugly struct kern_rta
prone to ordering issues. Avoids creating faked netlink messages
for auto generated routes or requests via ioctl.
A new interface net/nexthop.h is added to help navigate through
nexthop configuration arrays.
A new struct nl_info will be used to carry the necessary netlink
information to be used for notifications later on.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Brian Haley [Fri, 22 Sep 2006 21:15:41 +0000 (14:15 -0700)]
[NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly
Change net/core, ipv4 and ipv6 sysctl variables to __read_mostly.
Couldn't actually measure any performance increase while testing (.3%
I consider noise), but seems like the right thing to do.
Signed-off-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:37:29 +0000 (00:37 -0700)]
[RTNETLINK]: Unexport rtnl socket
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:37:09 +0000 (00:37 -0700)]
[NET] link: Convert notifications to use rtnl_notify()
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:36:49 +0000 (00:36 -0700)]
[WIRELESS]: Convert notifications to use rtnl_notify()
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:36:28 +0000 (00:36 -0700)]
[BRIDGE]: Convert notifications to use rtnl_notify()
Fixes a wrong use of current->pid as netlink pid.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:36:07 +0000 (00:36 -0700)]
[IPv6] prefix: Convert prefix notifications to use rtnl_notify()
Fixes a wrong use of current->pid as netlink pid.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:35:47 +0000 (00:35 -0700)]
[IPv6] link: Convert link notifications to use rtnl_notify()
Fixes a wrong use of current->pid as netlink pid.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:35:24 +0000 (00:35 -0700)]
[IPv6] route: Convert route notifications to use rtnl_notify()
Fixes a wrong use of current->pid as netlink pid.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:35:02 +0000 (00:35 -0700)]
[IPv6] address: Convert address notification to use rtnl_notify()
Fixes a wrong use of current->pid as netlink pid.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:34:17 +0000 (00:34 -0700)]
[IPv4] route: Convert route notifications to use rtnl_notify()
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:33:59 +0000 (00:33 -0700)]
[IPv4] address: Convert address notification to use rtnl_notify()
Adds support for NLM_F_ECHO allowing applications to easly
see which address have been deleted, added, or promoted.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:33:35 +0000 (00:33 -0700)]
[DECNET]: Convert DECnet notifications to use rtnl_notify()
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:33:14 +0000 (00:33 -0700)]
[NEIGH]: Convert neighbour notifications ot use rtnl_notify()
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:32:48 +0000 (00:32 -0700)]
[NET] fib_rules: Convert fib rule notification to use rtnl_notify()
Adds support for NLM_F_ECHO to simplify the process of identifying
inserted rules with an auto generated priority.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:31:41 +0000 (00:31 -0700)]
[RTNETLINK]: Add rtnetlink notification interface
Adds rtnl_notify() to send rtnetlink notification messages and
rtnl_set_sk_err() to report notification errors as socket
errors in order to indicate the need of a resync due to loss
of events.
nlmsg_report() is added to properly document the meaning of
NLM_F_ECHO.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:31:06 +0000 (00:31 -0700)]
[NETLINK]: Add notification message sending interface
Adds nlmsg_notify() implementing proper notification logic. The
message is multicasted to all listeners in the group. The
applications the requests orignates from can request a unicast
back report in which case said socket will be excluded from the
multicast to avoid duplicated notifications.
nlmsg_multicast() is extended to take allocation flags to
allow notification in atomic contexts.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Tue, 15 Aug 2006 07:30:25 +0000 (00:30 -0700)]
[RTNETLINK]: Use rtnl_unicast() for rtnetlink unicasts
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 15 Aug 2006 07:15:41 +0000 (00:15 -0700)]
[IPV6] udp: Fix type in previous change.
UDPv6 stats are UDP6_foo not UDP_foo.
Signed-off-by: David S. Miller <davem@davemloft.net>
Stphane Witzmann [Tue, 15 Aug 2006 07:09:17 +0000 (00:09 -0700)]
[ARCNET]: SoHard PCI support
Add support for a SoHard PCI ARCnet card.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjorn Helgaas [Tue, 15 Aug 2006 07:05:38 +0000 (00:05 -0700)]
[IRDA]: Replace hard-coded dev_self[] array sizes with ARRAY_SIZE()
Several IR drivers used "for (i = 0; i < 4; i++)" to walk their
dev_self[] table. Better to use ARRAY_SIZE(). And fix ali-ircc so it
won't run off the end if we find too many adapters.
Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Adrian Bunk [Tue, 15 Aug 2006 07:03:53 +0000 (00:03 -0700)]
[SELINUX]: security/selinux/hooks.c: Make 4 functions static.
This patch makes four needlessly global functions static.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Alan Cox [Tue, 15 Aug 2006 07:01:05 +0000 (00:01 -0700)]
[NETFILTER]: Make unused signal code go away so nobody copies its brokenness
This code is wrong on so many levels, please lose it so it isn't
replicated anywhere else.
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 15 Aug 2006 07:00:09 +0000 (00:00 -0700)]
[IPV6]: Add UDP_MIB_{SND,RCV}BUFERRORS handling.
Signed-off-by: David S. Miller <davem@davemloft.net>
Martin Bligh [Tue, 15 Aug 2006 06:57:10 +0000 (23:57 -0700)]
[IPV4]: add the UdpSndbufErrors and UdpRcvbufErrors MIBs
Signed-off-by: Martin Bligh <mbligh@google.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>