GitHub/exynos8895/android_kernel_samsung_universal8895.git
13 years agonetlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms
Patrick McHardy [Thu, 3 Mar 2011 18:55:40 +0000 (10:55 -0800)]
netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms

Netlink message processing in the kernel is synchronous these days, the
session information can be collected when needed.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: Fix crash in dst_release when udp_sendmsg route lookup fails.
David S. Miller [Thu, 3 Mar 2011 18:38:01 +0000 (10:38 -0800)]
ipv4: Fix crash in dst_release when udp_sendmsg route lookup fails.

As reported by Eric:

[11483.697233] IP: [<c12b0638>] dst_release+0x18/0x60
 ...
[11483.697741] Call Trace:
[11483.697764]  [<c12fc9d2>] udp_sendmsg+0x282/0x6e0
[11483.697790]  [<c12a1c01>] ? memcpy_toiovec+0x51/0x70
[11483.697818]  [<c12dbd90>] ? ip_generic_getfrag+0x0/0xb0

The pointer passed to dst_release() is -EINVAL, that's because
we leave an error pointer in the local variable "rt" by accident.

NULL it out to fix the bug.

Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agocxgb{3,4}*: improve Kconfig dependencies
Dimitris Michailidis [Mon, 28 Feb 2011 17:34:15 +0000 (17:34 +0000)]
cxgb{3,4}*: improve Kconfig dependencies

- Remove the dependency of cxgb4 and cxgb4vf on INET.  cxgb3 really
  depends on INET, keep it but add it directly to the driver's Kconfig
  entry.
- Make the iSCSI drivers cxgb3i and cxgb4i available in the SCSI menu
  without requiring any options in the net driver menu to be enabled
  first.  Add needed selects so the iSCSI drivers can build their
  corresponding net drivers.
- Remove CHELSIO_T*_DEPENDS.

Signed-off-by: Dimitris Michailidis <dm@chelsio.com>
Acked-by: Jan Beulich <jbeulich@novell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agodcbnl: add support for retrieving peer configuration - cee
Shmulik Ravid [Sun, 27 Feb 2011 05:04:38 +0000 (05:04 +0000)]
dcbnl: add support for retrieving peer configuration - cee

This patch adds the support for retrieving the remote or peer DCBX
configuration via dcbnl for embedded DCBX stacks supporting the CEE DCBX
standard.

Signed-off-by: Shmulik Ravid <shmulikr@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agodcbnl: add support for retrieving peer configuration - ieee
Shmulik Ravid [Sun, 27 Feb 2011 05:04:31 +0000 (05:04 +0000)]
dcbnl: add support for retrieving peer configuration - ieee

These 2 patches add the support for retrieving the remote or peer DCBX
configuration via dcbnl for embedded DCBX stacks. The peer configuration
is part of the DCBX MIB and is useful for debugging and diagnostics of
the overall DCB configuration. The first patch add this support for IEEE
802.1Qaz standard the second patch add the same support for the older
CEE standard. Diff for v2 - the peer-app-info is CEE specific.

Signed-off-by: Shmulik Ravid <shmulikr@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonetdevice: make initial group visible to userspace
Vlad Dogaru [Sat, 26 Feb 2011 22:39:12 +0000 (22:39 +0000)]
netdevice: make initial group visible to userspace

INIT_NETDEV_GROUP is needed by userspace, move it outside __KERNEL__
guards.

Signed-off-by: Vlad Dogaru <ddvlad@rosedu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: ip_route_output_key() is better as an inline.
David S. Miller [Wed, 2 Mar 2011 22:56:30 +0000 (14:56 -0800)]
ipv4: ip_route_output_key() is better as an inline.

This avoid a stack frame at zero cost.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: Make output route lookup return rtable directly.
David S. Miller [Wed, 2 Mar 2011 22:31:35 +0000 (14:31 -0800)]
ipv4: Make output route lookup return rtable directly.

Instead of on the stack.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Return dst directly from xfrm_lookup()
David S. Miller [Wed, 2 Mar 2011 21:27:41 +0000 (13:27 -0800)]
xfrm: Return dst directly from xfrm_lookup()

Instead of on the stack.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6
David S. Miller [Wed, 2 Mar 2011 19:30:24 +0000 (11:30 -0800)]
Merge branch 'master' of git://git./linux/kernel/git/kaber/nf-next-2.6

13 years agoinet: Replace left-over references to inet->cork
Herbert Xu [Wed, 2 Mar 2011 07:00:58 +0000 (23:00 -0800)]
inet: Replace left-over references to inet->cork

The patch to replace inet->cork with cork left out two spots in
__ip_append_data that can result in bogus packet construction.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agopfkey: fix warning
Stephen Hemminger [Wed, 2 Mar 2011 06:51:52 +0000 (22:51 -0800)]
pfkey: fix warning

If CONFIG_NET_KEY_MIGRATE is not defined the arguments of
pfkey_migrate stub do not match causing warning.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv6: Make icmp route lookup code a bit clearer.
David S. Miller [Wed, 2 Mar 2011 06:06:22 +0000 (22:06 -0800)]
ipv6: Make icmp route lookup code a bit clearer.

The route lookup code in icmpv6_send() is slightly tricky as a result of
having to handle all of the requirements of RFC 4301 host relookups.

Pull the route resolution into a seperate function, so that the error
handling and route reference counting is hopefully easier to see and
contained wholly within this new routine.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: Make icmp route lookup code a bit clearer.
David S. Miller [Tue, 1 Mar 2011 23:49:55 +0000 (15:49 -0800)]
ipv4: Make icmp route lookup code a bit clearer.

The route lookup code in icmp_send() is slightly tricky as a result of
having to handle all of the requirements of RFC 4301 host relookups.

Pull the route resolution into a seperate function, so that the error
handling and route reference counting is hopefully easier to see and
contained wholly within this new routine.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Handle blackhole route creation via afinfo.
David S. Miller [Tue, 1 Mar 2011 22:59:04 +0000 (14:59 -0800)]
xfrm: Handle blackhole route creation via afinfo.

That way we don't have to potentially do this in every xfrm_lookup()
caller.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv6: Normalize arguments to ip6_dst_blackhole().
David S. Miller [Tue, 1 Mar 2011 22:45:33 +0000 (14:45 -0800)]
ipv6: Normalize arguments to ip6_dst_blackhole().

Return a dst pointer which is potentitally error encoded.

Don't pass original dst pointer by reference, pass a struct net
instead of a socket, and elide the flow argument since it is
unnecessary.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Kill XFRM_LOOKUP_WAIT flag.
David S. Miller [Tue, 1 Mar 2011 22:36:37 +0000 (14:36 -0800)]
xfrm: Kill XFRM_LOOKUP_WAIT flag.

This can be determined from the flow flags instead.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv6: Change final dst lookup arg name to "can_sleep"
David S. Miller [Tue, 1 Mar 2011 22:32:04 +0000 (14:32 -0800)]
ipv6: Change final dst lookup arg name to "can_sleep"

Since it indicates whether we are invoked from a sleepable
context or not.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: Kill can_sleep arg to ip_route_output_flow()
David S. Miller [Tue, 1 Mar 2011 22:27:04 +0000 (14:27 -0800)]
ipv4: Kill can_sleep arg to ip_route_output_flow()

This boolean state is now available in the flow flags.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet: Add FLOWI_FLAG_CAN_SLEEP.
David S. Miller [Tue, 1 Mar 2011 22:22:19 +0000 (14:22 -0800)]
net: Add FLOWI_FLAG_CAN_SLEEP.

And set is in contexts where the route resolution can sleep.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: Make final arg to ip_route_output_flow to be boolean "can_sleep"
David S. Miller [Tue, 1 Mar 2011 22:19:23 +0000 (14:19 -0800)]
ipv4: Make final arg to ip_route_output_flow to be boolean "can_sleep"

Since that is what the current vague "flags" argument means.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: Can final ip_route_connect() arg to boolean "can_sleep".
David S. Miller [Tue, 1 Mar 2011 22:15:24 +0000 (14:15 -0800)]
ipv4: Can final ip_route_connect() arg to boolean "can_sleep".

Since that's what the current vague "flags" thing means.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv6: Consolidate route lookup sequences.
David S. Miller [Tue, 1 Mar 2011 21:19:07 +0000 (13:19 -0800)]
ipv6: Consolidate route lookup sequences.

Route lookups follow a general pattern in the ipv6 code wherein
we first find the non-IPSEC route, potentially override the
flow destination address due to ipv6 options settings, and then
finally make an IPSEC search using either xfrm_lookup() or
__xfrm_lookup().

__xfrm_lookup() is used when we want to generate a blackhole route
if the key manager needs to resolve the IPSEC rules (in this case
-EREMOTE is returned and the original 'dst' is left unchanged).

Otherwise plain xfrm_lookup() is used and when asynchronous IPSEC
resolution is necessary, we simply fail the lookup completely.

All of these cases are encapsulated into two routines,
ip6_dst_lookup_flow and ip6_sk_dst_lookup_flow.  The latter of which
handles unconnected UDP datagram sockets.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoudp: Add lockless transmit path
Herbert Xu [Tue, 1 Mar 2011 02:36:48 +0000 (02:36 +0000)]
udp: Add lockless transmit path

The UDP transmit path has been running under the socket lock
for a long time because of the corking feature.  This means that
transmitting to the same socket in multiple threads does not
scale at all.

However, as most users don't actually use corking, the locking
can be removed in the common case.

This patch creates a lockless fast path where corking is not used.

Please note that this does create a slight inaccuracy in the
enforcement of socket send buffer limits.  In particular, we
may exceed the socket limit by up to (number of CPUs) * (packet
size) because of the way the limit is computed.

As the primary purpose of socket buffers is to indicate congestion,
this should not be a great problem for now.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoudp: Switch to ip_finish_skb
Herbert Xu [Tue, 1 Mar 2011 02:36:48 +0000 (02:36 +0000)]
udp: Switch to ip_finish_skb

This patch converts UDP to use the new ip_finish_skb API.  This
would then allows us to more easily use ip_make_skb which allows
UDP to run without a socket lock.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoinet: Add ip_make_skb and ip_finish_skb
Herbert Xu [Tue, 1 Mar 2011 02:36:47 +0000 (02:36 +0000)]
inet: Add ip_make_skb and ip_finish_skb

This patch adds the helper ip_make_skb which is like ip_append_data
and ip_push_pending_frames all rolled into one, except that it does
not send the skb produced.  The sending part is carried out by
ip_send_skb, which the transport protocol can call after it has
tweaked the skb.

It is meant to be called in cases where corking is not used should
have a one-to-one correspondence to sendmsg.

This patch also adds the helper ip_finish_skb which is meant to
be replace ip_push_pending_frames when corking is required.
Previously the protocol stack would peek at the socket write
queue and add its header to the first packet.  With ip_finish_skb,
the protocol stack can directly operate on the final skb instead,
just like the non-corking case with ip_make_skb.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoinet: Remove explicit write references to sk/inet in ip_append_data
Herbert Xu [Tue, 1 Mar 2011 02:36:47 +0000 (02:36 +0000)]
inet: Remove explicit write references to sk/inet in ip_append_data

In order to allow simultaneous calls to ip_append_data on the same
socket, it must not modify any shared state in sk or inet (other
than those that are designed to allow that such as atomic counters).

This patch abstracts out write references to sk and inet_sk in
ip_append_data and its friends so that we may use the underlying
code in parallel.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoinet: Remove unused sk_sndmsg_* from UFO
Herbert Xu [Tue, 1 Mar 2011 02:36:47 +0000 (02:36 +0000)]
inet: Remove unused sk_sndmsg_* from UFO

UFO doesn't really use the sk_sndmsg_* parameters so touching
them is pointless.  It can't use them anyway since the whole
point of UFO is to use the original pages without copying.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoMerge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/bwh/sfc...
David S. Miller [Tue, 1 Mar 2011 20:24:04 +0000 (12:24 -0800)]
Merge branch 'for-davem' of git://git./linux/kernel/git/bwh/sfc-next-2.6

13 years agosfc: Bump version to 3.1
Ben Hutchings [Fri, 25 Feb 2011 00:04:42 +0000 (00:04 +0000)]
sfc: Bump version to 3.1

All features originally planned for version 3.1 (and some that
weren't) have been implemented.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
13 years agosfc: Remove configurable FIFO thresholds for pause frame generation
Ben Hutchings [Thu, 24 Feb 2011 19:30:41 +0000 (19:30 +0000)]
sfc: Remove configurable FIFO thresholds for pause frame generation

In Falcon we can configure the fill levels of the RX data FIFO which
trigger the generation of pause frames (if enabled), and we have
module parameters for this.

Siena does not allow the levels to be configured (or, if it does, this
is done by the MC firmware and is not configurable by drivers).

So far as I can tell, the module parameters are not used by our
internal scripts and have not been documented (with the exception of
the short parameter descriptions).  Therefore, remove them and always
initialise Falcon with the default values.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
13 years agosfc: Expose TX push and TSO counters through ethtool statistics
Ben Hutchings [Fri, 18 Feb 2011 19:14:13 +0000 (19:14 +0000)]
sfc: Expose TX push and TSO counters through ethtool statistics

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
13 years agosfc: Update copyright dates
Ben Hutchings [Fri, 25 Feb 2011 00:01:34 +0000 (00:01 +0000)]
sfc: Update copyright dates

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
13 years agosfc: Do not read STAT1.FAULT in efx_mdio_check_mmd()
Ben Hutchings [Thu, 24 Feb 2011 23:59:15 +0000 (23:59 +0000)]
sfc: Do not read STAT1.FAULT in efx_mdio_check_mmd()

This field does not exist in all MMDs we want to check, and all
callers allow it to be set (fault_fatal = 0).

Remove the loopback condition, as STAT2.DEVPRST should be valid
regardless of any fault.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
13 years agosfc: Read MC firmware version when requested through ethtool
Ben Hutchings [Thu, 24 Feb 2011 23:57:47 +0000 (23:57 +0000)]
sfc: Read MC firmware version when requested through ethtool

We currently make no use of siena_nic_data::fw_{version,build} except
to format the firmware version for ethtool_get_drvinfo().  Since we
only read the version at start of day, this information is incorrect
after an MC firmware update.  Remove the cached version information
and read it via MCDI whenever it is requested.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
13 years agosfc: Reduce size of efx_rx_buffer further by removing data member
Steve Hodgson [Thu, 24 Feb 2011 23:45:16 +0000 (23:45 +0000)]
sfc: Reduce size of efx_rx_buffer further by removing data member

Instead calculate the KVA of receive data. It's not like it's a hard sum.

[bwh: Fixed to work with GRO.]
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
13 years agosfc: Reduce size of efx_rx_buffer by unionising skb and page
Steve Hodgson [Thu, 24 Feb 2011 23:36:01 +0000 (23:36 +0000)]
sfc: Reduce size of efx_rx_buffer by unionising skb and page

[bwh: Forward-ported to net-next-2.6.]
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
13 years agobonding: use the correct size for _simple_hash()
Amerigo Wang [Sun, 27 Feb 2011 23:34:28 +0000 (23:34 +0000)]
bonding: use the correct size for _simple_hash()

Clearly it should be the size of ->ip_dst here.
Although this is harmless, but it still reads odd.

Signed-off-by: WANG Cong <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoenic: Flush driver cache of registered addr lists during port profile disassociate
Roopa Prabhu [Wed, 23 Feb 2011 15:16:01 +0000 (15:16 +0000)]
enic: Flush driver cache of registered addr lists during port profile disassociate

During a port profile disassociate all address registrations for the interface
are blown away from the adapter. This patch resets the driver cache of
registered address lists to zero after a port profile disassociate.

Signed-off-by: Roopa Prabhu <roprabhu@cisco.com>
Signed-off-by: David Wang <dwang2@cisco.com>
Signed-off-by: Christian Benvenuti <benve@cisco.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoDM9000: Allow randomised ethernet address
Ben Dooks [Thu, 24 Feb 2011 03:17:12 +0000 (03:17 +0000)]
DM9000: Allow randomised ethernet address

Allow randomised ethernet address if the device does not have a valid
EEPROM or pre-set MAC address.

Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoqla3xxx: add missing __iomem annotation
stephen hemminger [Wed, 23 Feb 2011 07:54:27 +0000 (07:54 +0000)]
qla3xxx: add missing __iomem annotation

Add necessary annotations about pointer to io memory space
that is checked by sparse.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Acked-by: Ron Mercer <ron.mercer@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agobonding: fix sparse warning
stephen hemminger [Wed, 23 Feb 2011 07:40:33 +0000 (07:40 +0000)]
bonding: fix sparse warning

Fix use of zero where NULL expected. And wrap long line.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet: TX timestamps for IPv6 UDP packets
Anders Berggren [Mon, 28 Feb 2011 20:32:11 +0000 (12:32 -0800)]
net: TX timestamps for IPv6 UDP packets

Enabling TX timestamps (SO_TIMESTAMPING) for IPv6 UDP packets, in
the same fashion as for IPv4. Necessary in order for NICs such as
Intel 82580 to timestamp IPv6 packets.

Signed-off-by: Anders Berggren <anders@halon.se>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agosis900: use pci_dev->revision
Sergei Shtylyov [Mon, 28 Feb 2011 20:29:34 +0000 (12:29 -0800)]
sis900: use pci_dev->revision

This driver uses PCI_CLASS_REVISION instead of PCI_REVISION_ID, so it wasn't
converted by commit 44c10138fd4bbc4b6d6bff0873c24902f2a9da65 (PCI: Change all
drivers to use pci_device->revision).

Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agollc: avoid skb_clone() if there is only one handler
Changli Gao [Tue, 22 Feb 2011 01:55:18 +0000 (01:55 +0000)]
llc: avoid skb_clone() if there is only one handler

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agobnx2x: use dcb_setapp to manage negotiated application tlvs
Shmulik Ravid [Mon, 28 Feb 2011 20:19:55 +0000 (12:19 -0800)]
bnx2x: use dcb_setapp to manage negotiated application tlvs

With this patch the bnx2x uses the generic dcbnl application tlv list
instead of implementing its own get-app handler. When the driver is
alerted to a change in the DCB negotiated parameters, it calls
dcb_setapp to update the dcbnl application tlvs list making it available
to user mode applications and registered notifiers.

Signed-off-by: Shmulik Ravid <shmulikr@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet: use pci_dev->revision, again
Sergei Shtylyov [Mon, 28 Feb 2011 19:57:33 +0000 (11:57 -0800)]
net: use pci_dev->revision, again

Several more network drivers that read the device's revision ID
from the PCI configuration register were merged after the commit
44c10138fd4bbc4b6d6bff0873c24902f2a9da65 (PCI: Change all drivers
to use pci_device->revision), so it's time to do another pass of
conversion to using the 'revision' field of 'struct pci_dev'...

Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Acked-by: "John W. Linville" <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet: Forgot to commit net/core/dev.c part of Jiri's ->rx_handler patch.
David S. Miller [Mon, 28 Feb 2011 18:48:59 +0000 (10:48 -0800)]
net: Forgot to commit net/core/dev.c part of Jiri's ->rx_handler patch.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonetfilter: nf_ct_tcp: fix out of sync scenario while in SYN_RECV
Pablo Neira Ayuso [Mon, 28 Feb 2011 16:59:15 +0000 (17:59 +0100)]
netfilter: nf_ct_tcp: fix out of sync scenario while in SYN_RECV

This patch fixes the out of sync scenarios while in SYN_RECV state.

Quoting Jozsef, what it happens if we are out of sync if the
following:

> > b. conntrack entry is outdated, new SYN received
> >    - (b1) we ignore it but save the initialization data from it
> >    - (b2) when the reply SYN/ACK receives and it matches the saved data,
> >      we pick up the new connection
This is what it should happen if we are in SYN_RECV state. Initially,
the SYN packet hits b1, thus we save data from it. But the SYN/ACK
packet is considered a retransmission given that we're in SYN_RECV
state. Therefore, we never hit b2 and we don't get in sync. To fix
this, we ignore SYN/ACK if we are in SYN_RECV. If the previous packet
was a SYN, then we enter the ignore case that get us in sync.

This patch helps a lot to conntrackd in stress scenarios (assumming a
client that generates lots of small TCP connections). During the failover,
consider that the new primary has injected one outdated flow in SYN_RECV
state (this is likely to happen if the conntrack event rate is high
because the backup will be a bit delayed from the primary). With the
current code, if the client starts a new fresh connection that matches
the tuple, the SYN packet will be ignored without updating the state
tracking, and the SYN+ACK in reply will blocked as it will not pass
checkings III or IV (since all state tracking in the original direction
is not initialized because of the SYN packet was ignored and the ignore
case that get us in sync is not applied).

I posted a couple of patches before this one. Changli Gao spotted
a simpler way to fix this problem. This patch implements his idea.

Cc: Changli Gao <xiaosuo@gmail.com>
Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
13 years agonet: convert bonding to use rx_handler
Jiri Pirko [Wed, 23 Feb 2011 09:05:42 +0000 (09:05 +0000)]
net: convert bonding to use rx_handler

This patch converts bonding to use rx_handler. Results in cleaner
__netif_receive_skb() with much less exceptions needed. Also
bond-specific work is moved into bond code.

Did performance test using pktgen and counting incoming packets by
iptables. No regression noted.

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Reviewed-by: Nicolas de Pesloüan <nicolas.2p.debian@free.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Pass const xfrm_mark to xfrm_mark_put().
David S. Miller [Mon, 28 Feb 2011 07:20:19 +0000 (23:20 -0800)]
xfrm: Pass const xfrm_mark to xfrm_mark_put().

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Pass const xfrm_address_t objects to xfrm_state_lookup* and xfrm_find_acq.
David S. Miller [Mon, 28 Feb 2011 07:17:24 +0000 (23:17 -0800)]
xfrm: Pass const xfrm_address_t objects to xfrm_state_lookup* and xfrm_find_acq.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Pass const arg to xfrm_alg_len and xfrm_alg_auth_len.
David S. Miller [Mon, 28 Feb 2011 07:07:02 +0000 (23:07 -0800)]
xfrm: Pass const arg to xfrm_alg_len and xfrm_alg_auth_len.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Pass name as const to xfrm_*_get_byname().
David S. Miller [Mon, 28 Feb 2011 07:04:45 +0000 (23:04 -0800)]
xfrm: Pass name as const to xfrm_*_get_byname().

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agobond: service netpoll arp queue on master device
Amerigo Wang [Thu, 17 Feb 2011 23:43:34 +0000 (23:43 +0000)]
bond: service netpoll arp queue on master device

Neil pointed out that we can't send ARP reply on behalf of slaves,
we need to move the arp queue to their bond device.

Signed-off-by: WANG Cong <amwang@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonetpoll: remove IFF_IN_NETPOLL flag
Amerigo Wang [Thu, 17 Feb 2011 23:43:33 +0000 (23:43 +0000)]
netpoll: remove IFF_IN_NETPOLL flag

V4: rebase to net-next-2.6

This patch removes the flag IFF_IN_NETPOLL, we don't need it any more since
we have netpoll_tx_running() now.

Signed-off-by: WANG Cong <amwang@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agobonding: sync netpoll code with bridge
Amerigo Wang [Thu, 17 Feb 2011 23:43:32 +0000 (23:43 +0000)]
bonding: sync netpoll code with bridge

V4: rebase to net-next-2.6
V3: remove an useless #ifdef.

This patch unifies the netpoll code in bonding with netpoll code in bridge,
thanks to Herbert that code is much cleaner now.

Signed-off-by: WANG Cong <amwang@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoqeth: remove needless IPA-commands in offline
Ursula Braun [Sun, 27 Feb 2011 06:41:36 +0000 (22:41 -0800)]
qeth: remove needless IPA-commands in offline

If a qeth device is set offline, data and control subchannels are
cleared, which means removal of all IP Assist Primitive settings
implicitly. There is no need to delete those settings explicitly.
This patch removes all IP Assist invocations from offline.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agopfkey: Use const where possible.
David S. Miller [Sat, 26 Feb 2011 02:07:06 +0000 (18:07 -0800)]
pfkey: Use const where possible.

This actually pointed out a (seemingly known) bug where we mangle the
pfkey header in a potentially shared SKB, which is fixed here.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agosched: protocol only needed when CONFIG_NET_CLS_ACT is enabled
Hagen Paul Pfeifer [Fri, 25 Feb 2011 05:45:21 +0000 (05:45 +0000)]
sched: protocol only needed when CONFIG_NET_CLS_ACT is enabled

Signed-off-by: Hagen Paul Pfeifer <hagen@jauu.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv6: ignore rtnl_unicast() return code
Hagen Paul Pfeifer [Fri, 25 Feb 2011 05:45:20 +0000 (05:45 +0000)]
ipv6: ignore rtnl_unicast() return code

rtnl_unicast() return value is not of interest, we can silently ignore
it, save some instructions and four byte on the stack.

Signed-off-by: Hagen Paul Pfeifer <hagen@jauu.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv6: variable next is never used in this function
Hagen Paul Pfeifer [Fri, 25 Feb 2011 05:45:19 +0000 (05:45 +0000)]
ipv6: variable next is never used in this function

Signed-off-by: Hagen Paul Pfeifer <hagen@jauu.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv6: hash is calculated but not used afterwards
Hagen Paul Pfeifer [Fri, 25 Feb 2011 05:45:18 +0000 (05:45 +0000)]
ipv6: hash is calculated but not used afterwards

hash is declared and assigned but not used anymore. ipv6_addr_hash()
exhibit no side-effects.

Signed-off-by: Hagen Paul Pfeifer <hagen@jauu.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv6: totlen is declared and assigned but not used
Hagen Paul Pfeifer [Fri, 25 Feb 2011 05:45:17 +0000 (05:45 +0000)]
ipv6: totlen is declared and assigned but not used

Signed-off-by: Hagen Paul Pfeifer <hagen@jauu.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agodccp: newdp is declared/assigned but never be used
Hagen Paul Pfeifer [Fri, 25 Feb 2011 05:45:16 +0000 (05:45 +0000)]
dccp: newdp is declared/assigned but never be used

Declaration and assignment of newdp is removed. Usage of dccp_sk()
exhibit no side effects.

Signed-off-by: Hagen Paul Pfeifer <hagen@jauu.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agophonet: Protect pipe_do_remove() with appropriate ifdefs.
David S. Miller [Fri, 25 Feb 2011 19:23:22 +0000 (11:23 -0800)]
phonet: Protect pipe_do_remove() with appropriate ifdefs.

It is only used when CONFIG_PHONET_PIPECTRLR is not set.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoPhonet: fix flawed "SYN/ACK" logic
Rémi Denis-Courmont [Thu, 24 Feb 2011 23:15:01 +0000 (23:15 +0000)]
Phonet: fix flawed "SYN/ACK" logic

* Do not fail if the peer supports more or less than 3 algorithms.
 * Ignore unknown congestion control algorithms instead of failing.
 * Simplify congestion algorithm negotiation (largest is best).
 * Do not use a static buffer.
 * Fix off-by-two read overflow.
 * Avoid extra memory copy (in addition to skb_copy_bits()).

The previous code really made no sense.

Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoPhonet: don't bother with transaction IDs (especially for indications)
Rémi Denis-Courmont [Thu, 24 Feb 2011 23:15:00 +0000 (23:15 +0000)]
Phonet: don't bother with transaction IDs (especially for indications)

Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoPhonet: remove redumdant pep->pipe_state
Rémi Denis-Courmont [Thu, 24 Feb 2011 23:14:59 +0000 (23:14 +0000)]
Phonet: remove redumdant pep->pipe_state

sk->sk_state already contains the pipe state.

Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoPhonet: use socket destination in pipe protocol
Rémi Denis-Courmont [Thu, 24 Feb 2011 23:14:58 +0000 (23:14 +0000)]
Phonet: use socket destination in pipe protocol

Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoPhonet: implement per-socket destination/peer address
Rémi Denis-Courmont [Thu, 24 Feb 2011 23:14:57 +0000 (23:14 +0000)]
Phonet: implement per-socket destination/peer address

Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoPhonet: allow multiple listen() and fix small race condition
Rémi Denis-Courmont [Thu, 24 Feb 2011 23:14:56 +0000 (23:14 +0000)]
Phonet: allow multiple listen() and fix small race condition

Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agortlwifi: Need to include vmalloc.h
David S. Miller [Fri, 25 Feb 2011 06:50:30 +0000 (22:50 -0800)]
rtlwifi: Need to include vmalloc.h

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agosch_netem: Need to include vmalloc.h
David S. Miller [Fri, 25 Feb 2011 06:48:13 +0000 (22:48 -0800)]
sch_netem: Need to include vmalloc.h

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoMerge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville...
David S. Miller [Fri, 25 Feb 2011 06:35:12 +0000 (22:35 -0800)]
Merge branch 'for-davem' of git://git./linux/kernel/git/linville/wireless-next-2.6

13 years agosch_choke: add choke_skb_cb
Eric Dumazet [Thu, 24 Feb 2011 17:45:41 +0000 (17:45 +0000)]
sch_choke: add choke_skb_cb

Better document choke skb->cb[] use, like we did in netem and sfb

This adds a compile time check to make sure we dont exhaust skb->cb[]
space.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Stephen Hemminger <shemminger@vyatta.com>
CC: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonetem: update version and cleanup
stephen hemminger [Wed, 23 Feb 2011 13:04:22 +0000 (13:04 +0000)]
netem: update version and cleanup

Get rid of debug message that are not useful, and enable
the log messages in case of error.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonetem: revised correlated loss generator
stephen hemminger [Wed, 23 Feb 2011 13:04:21 +0000 (13:04 +0000)]
netem: revised correlated loss generator

This is a patch originated with Stefano Salsano and Fabio Ludovici.
It provides several alternative loss models for use with netem.
This patch adds two state machine based loss models.

See: http://netgroup.uniroma2.it/twiki/bin/view.cgi/Main/NetemCLG

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoRevert "sch_netem: Remove classful functionality"
stephen hemminger [Wed, 23 Feb 2011 13:04:20 +0000 (13:04 +0000)]
Revert "sch_netem: Remove classful functionality"

Many users have wanted the old functionality that was lost
to be able to use pfifo as inner qdisc for netem. The reason that
netem could not be classful with the older API was because of the
limitations of the old dequeue/requeue interface; now that qdisc API has
a peek function, there is no longer a problem with using any
inner qdisc's.

This reverts commit 02201464119334690fe209849843881b8e9cfa9f.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonetem: define NETEM_DIST_MAX
stephen hemminger [Wed, 23 Feb 2011 13:04:19 +0000 (13:04 +0000)]
netem: define NETEM_DIST_MAX

Rather than magic constant in code, expose the maximum size of
packet distribution table in API. In iproute2, q_netem defines
MAX_DIST as 16K already.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonetem: use vmalloc for distribution table
stephen hemminger [Wed, 23 Feb 2011 13:04:18 +0000 (13:04 +0000)]
netem: use vmalloc for distribution table

The netem probability table can be large (up to 64K bytes)
which may be too large to allocate in one contiguous chunk.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonetem: cleanup dump code
stephen hemminger [Wed, 23 Feb 2011 13:04:17 +0000 (13:04 +0000)]
netem: cleanup dump code

Use nla_put_nested to update netlink attribute value.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipvs: unify the formula to estimate the overhead of processing connections
Changli Gao [Sat, 19 Feb 2011 09:32:28 +0000 (17:32 +0800)]
ipvs: unify the formula to estimate the overhead of processing connections

lc and wlc use the same formula, but lblc and lblcr use another one. There
is no reason for using two different formulas for the lc variants.

The formula used by lc is used by all the lc variants in this patch.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Acked-by: Wensong Zhang <wensong@linux-vs.org>
Signed-off-by: Simon Horman <horms@verge.net.au>
13 years agoMerge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/jkirsher/net...
David S. Miller [Fri, 25 Feb 2011 00:29:00 +0000 (16:29 -0800)]
Merge branch 'master' of /linux/kernel/git/jkirsher/net-next-2.6

13 years agoipv4: Rearrange how ip_route_newports() gets port keys.
David S. Miller [Thu, 24 Feb 2011 21:38:12 +0000 (13:38 -0800)]
ipv4: Rearrange how ip_route_newports() gets port keys.

ip_route_newports() is the only place in the entire kernel that
cares about the port members in the routing cache entry's lookup
flow key.

Therefore the only reason we store an entire flow inside of the
struct rtentry is for this one special case.

Rewrite ip_route_newports() such that:

1) The caller passes in the original port values, so we don't need
   to use the rth->fl.fl_ip_{s,d}port values to remember them.

2) The lookup flow is constructed by hand instead of being copied
   from the routing cache entry's flow.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoigb: update version string
Carolyn Wyborny [Wed, 16 Feb 2011 05:09:46 +0000 (05:09 +0000)]
igb: update version string

This will synchronize the version with the out of tree driver which
shares its functionality.

Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
13 years agoigb: Update Intel copyright notice for driver source.
Carolyn Wyborny [Thu, 17 Feb 2011 09:02:30 +0000 (09:02 +0000)]
igb: Update Intel copyright notice for driver source.

This fix updates copyright information to include current year 2011.

Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
13 years agoigb: add support for VF Transmit rate limit using iproute2
Lior Levy [Tue, 8 Feb 2011 02:28:46 +0000 (02:28 +0000)]
igb: add support for VF Transmit rate limit using iproute2

Implemented igb_ndo_set_vf_bw function which is being used
by iproute2 tool. In addition, updated igb_ndo_get_vf_config function
to show the actual rate limit to the user.

The rate limitation can be configured only when the link is up.
The rate limit value can be ranged between 0 and actual
link speed measured in Mbps. A value of '0' disables the rate limit for
this specific VF.

iproute2 usage will be 'ip link set ethX vf Y rate Z'.
After the command is made, the rate will be changed instantly.
To view the current rate limit, use 'ip link show ethX'.

The rates will be zeroed only upon driver reload or a link speed change.

This feature is being supported only by 82576 device.

Signed-off-by: Lior Levy <lior.levy@intel.com>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
13 years agoigbvf: remove Tx hang detection
Lior Levy [Fri, 11 Feb 2011 03:38:04 +0000 (03:38 +0000)]
igbvf: remove Tx hang detection

Removed Tx hang detection mechanism from igbvf.
This mechanism has no affect and can cause false alarm message in some cases.

Signed-off-by: Lior Levy <lior.levy@intel.com>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
13 years agoixgbevf: Fix name of function in function header comment
Greg Rose [Thu, 3 Feb 2011 06:54:13 +0000 (06:54 +0000)]
ixgbevf: Fix name of function in function header comment

Some of the function names in function header comments did not match
actual name of the function.

Signed-off-by: Greg Rose <gregory.v.rose@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
13 years agoixgbevf: Enable jumbo frame support for X540 VF
Greg Rose [Wed, 26 Jan 2011 01:06:12 +0000 (01:06 +0000)]
ixgbevf: Enable jumbo frame support for X540 VF

The X540 controller allows jumbo frame setup on a per VF basis.  Enable
use of jumbo frames when the VF device belongs to the X540 controller.

Signed-off-by: Greg Rose <gregory.v.rose@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
13 years agoixgbe: Enable Jumbo Frames on the X540 10Gigabit Controller
Greg Rose [Wed, 26 Jan 2011 01:06:07 +0000 (01:06 +0000)]
ixgbe: Enable Jumbo Frames on the X540 10Gigabit Controller

The X540 controller supports jumbo frames in SR-IOV mode.  Allow
configuration of jumbo frames either in the PF driver or on behalf of
a VF.

Signed-off-by: Greg Rose <gregory.v.rose@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
13 years agoxfrm: Const'ify xfrm_address_t args to xfrm_state_find.
David S. Miller [Thu, 24 Feb 2011 06:55:45 +0000 (01:55 -0500)]
xfrm: Const'ify xfrm_address_t args to xfrm_state_find.

This required a const'ification in xfrm_init_tempstate() too.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Remove unused 'saddr' and 'daddr' args to xfrm_state_look_at.
David S. Miller [Thu, 24 Feb 2011 06:53:13 +0000 (01:53 -0500)]
xfrm: Remove unused 'saddr' and 'daddr' args to xfrm_state_look_at.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Const'ify xfrm_address_t args to __xfrm_state_lookup{,_byaddr}.
David S. Miller [Thu, 24 Feb 2011 06:51:36 +0000 (01:51 -0500)]
xfrm: Const'ify xfrm_address_t args to __xfrm_state_lookup{,_byaddr}.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Const'ify xfrm_tmpl arg to xfrm_init_tempstate.
David S. Miller [Thu, 24 Feb 2011 06:50:12 +0000 (01:50 -0500)]
xfrm: Const'ify xfrm_tmpl arg to xfrm_init_tempstate.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Const'ify xfrm_address_t args to xfrm_*_hash.
David S. Miller [Thu, 24 Feb 2011 06:47:16 +0000 (01:47 -0500)]
xfrm: Const'ify xfrm_address_t args to xfrm_*_hash.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Const'ify sec_path arg to secpath_has_nontransport.
David S. Miller [Thu, 24 Feb 2011 06:44:12 +0000 (01:44 -0500)]
xfrm: Const'ify sec_path arg to secpath_has_nontransport.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Const'ify ptr args to xfrm_policy_ok.
David S. Miller [Thu, 24 Feb 2011 06:43:33 +0000 (01:43 -0500)]
xfrm: Const'ify ptr args to xfrm_policy_ok.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Const'ify ptr args to xfrm_state_ok.
David S. Miller [Thu, 24 Feb 2011 06:43:01 +0000 (01:43 -0500)]
xfrm: Const'ify ptr args to xfrm_state_ok.

Signed-off-by: David S. Miller <davem@davemloft.net>