openwrt/staging/blogic.git
14 years agoipvs: create ip_vs_defrag_user
Julian Anastasov [Sun, 17 Oct 2010 13:32:29 +0000 (16:32 +0300)]
ipvs: create ip_vs_defrag_user

  Create new function ip_vs_defrag_user to return correct
IP_DEFRAG_xxx user depending on the hooknum. It will be needed
when we add handlers in LOCAL_OUT.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
14 years agoipvs: fix CHECKSUM_PARTIAL for TUN method
Julian Anastasov [Sun, 17 Oct 2010 13:29:40 +0000 (16:29 +0300)]
ipvs: fix CHECKSUM_PARTIAL for TUN method

  The recent change in IP_VS_XMIT_TUNNEL to set
CHECKSUM_NONE is not correct. After adding IPIP header
skb->csum becomes invalid but the CHECKSUM_PARTIAL
case must be supported. So, use skb_forward_csum() which is
most suitable for us to allow local clients to send IPIP
to remote real server.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
14 years agoipvs: stop ICMP from FORWARD to local
Julian Anastasov [Sun, 17 Oct 2010 13:27:31 +0000 (16:27 +0300)]
ipvs: stop ICMP from FORWARD to local

  Delivering locally ICMP from FORWARD hook is not supported.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
14 years agoipvs: do not schedule conns from real servers
Julian Anastasov [Sun, 17 Oct 2010 13:24:37 +0000 (16:24 +0300)]
ipvs: do not schedule conns from real servers

  This patch is needed to avoid scheduling of
packets from local real server when we add ip_vs_in
in LOCAL_OUT hook to support local client.

  Currently, when ip_vs_in can not find existing
connection it tries to create new one by calling ip_vs_schedule.

  The default indication from ip_vs_schedule was if
connection was scheduled to real server. If real server is
not available we try to use the bypass forwarding method
or to send ICMP error. But in some cases we do not want to use
the bypass feature. So, add flag 'ignored' to indicate if
the scheduler ignores this packet.

  Make sure we do not create new connections from replies.
We can hit this problem for persistent services and local real
server when ip_vs_in is added to LOCAL_OUT hook to handle
local clients.

  Also, make sure ip_vs_schedule ignores SYN packets
for Active FTP DATA from local real server. The FTP DATA
connection should be created on SYN+ACK from client to assign
correct connection daddr.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
14 years agoipvs: switch to notrack mode
Julian Anastasov [Sun, 17 Oct 2010 13:21:07 +0000 (16:21 +0300)]
ipvs: switch to notrack mode

  Change skb->ipvs_property semantic. This is preparation
to support ip_vs_out processing in LOCAL_OUT. ipvs_property=1
will be used to avoid expensive lookups for traffic sent by
transmitters. Now when conntrack support is not used we call
ip_vs_notrack method to avoid problems in OUTPUT and
POST_ROUTING hooks instead of exiting POST_ROUTING as before.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
14 years agoipvs: optimize checksums for apps
Julian Anastasov [Sun, 17 Oct 2010 13:17:20 +0000 (16:17 +0300)]
ipvs: optimize checksums for apps

  Avoid full checksum calculation for apps that can provide
info whether csum was broken after payload mangling. For now only
ip_vs_ftp mangles payload and it updates the csum, so the full
recalculation is avoided for all packets.

  Add CHECKSUM_UNNECESSARY for snat_handler (TCP and UDP).
It is needed to support SNAT from local address for the case
when csum is fully recalculated.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
14 years agoipvs: fix CHECKSUM_PARTIAL for TCP, UDP
Julian Anastasov [Sun, 17 Oct 2010 13:14:31 +0000 (16:14 +0300)]
ipvs: fix CHECKSUM_PARTIAL for TCP, UDP

  Fix CHECKSUM_PARTIAL handling. Tested for IPv4 TCP,
UDP not tested because it needs network card with HW CSUM support.
May be fixes problem where IPVS can not be used in virtual boxes.
Problem appears with DNAT to local address when the local stack
sends reply in CHECKSUM_PARTIAL mode.

  Fix tcp_dnat_handler and udp_dnat_handler to provide
vaddr and daddr in right order (old and new IP) when calling
tcp_partial_csum_update/udp_partial_csum_update (CHECKSUM_PARTIAL).

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
14 years agoFixed race condition at ip_vs.ko module init.
Eduardo Blanco [Tue, 19 Oct 2010 09:26:47 +0000 (10:26 +0100)]
Fixed race condition at ip_vs.ko module init.

Lists were initialized after the module was registered.  Multiple ipvsadm
processes at module load triggered a race condition that resulted in a null
pointer dereference in do_ip_vs_get_ctl(). As a result, __ip_vs_mutex
was left locked preventing all further ipvsadm commands.

Signed-off-by: Eduardo J. Blanco <ejblanco@google.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
14 years agoipvs: IPv6 tunnel mode
Hans Schillstrom [Tue, 19 Oct 2010 08:38:48 +0000 (10:38 +0200)]
ipvs: IPv6 tunnel mode

IPv6 encapsulation uses a bad source address for the tunnel.
i.e. VIP will be used as local-addr and encap. dst addr.
Decapsulation will not accept this.

Example
LVS (eth1 2003::2:0:1/96, VIP 2003::2:0:100)
   (eth0 2003::1:0:1/96)
RS  (ethX 2003::1:0:5/96)

tcpdump
2003::2:0:100 > 2003::1:0:5: IP6 (hlim 63, next-header TCP (6) payload length: 40)  2003::3:0:10.50991 > 2003::2:0:100.http: Flags [S], cksum 0x7312 (correct), seq 3006460279, win 5760, options [mss 1440,sackOK,TS val 1904932 ecr 0,nop,wscale 3], length 0

In Linux IPv6 impl. you can't have a tunnel with an any cast address
receiving packets (I have not tried to interpret RFC 2473)
To have receive capabilities the tunnel must have:
 - Local address set as multicast addr or an unicast addr
 - Remote address set as an unicast addr.
 - Loop back addres or Link local address are not allowed.

This causes us to setup a tunnel in the Real Server with the
LVS as the remote address, here you can't use the VIP address since it's
used inside the tunnel.

Solution
Use outgoing interface IPv6 address (match against the destination).
i.e. use ip6_route_output() to look up the route cache and
then use ipv6_dev_get_saddr(...) to set the source address of the
encapsulated packet.

Additionally, cache the results in new destination
fields: dst_cookie and dst_saddr and properly check the
returned dst from ip6_route_output. We now add xfrm_lookup
call only for the tunneling method where the source address
is a local one.

Signed-off-by:Hans Schillstrom <hans.schillstrom@ericsson.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: ctnetlink: add expectation deletion events
Pablo Neira Ayuso [Tue, 19 Oct 2010 08:19:06 +0000 (10:19 +0200)]
netfilter: ctnetlink: add expectation deletion events

This patch allows to listen to events that inform about
expectations destroyed.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: install missing ebtables headers for userspace
Nick Bowler [Mon, 18 Oct 2010 09:22:05 +0000 (11:22 +0200)]
netfilter: install missing ebtables headers for userspace

The ebt_ip6.h and ebt_nflog.h headers are not not known to Kbuild and
therefore not installed by make headers_install.  Fix that up.

Signed-off-by: Nick Bowler <nbowler@elliptictech.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: fix kconfig unmet dependency warning
Randy Dunlap [Mon, 18 Oct 2010 09:13:30 +0000 (11:13 +0200)]
netfilter: fix kconfig unmet dependency warning

Fix netfilter kconfig unmet dependencies warning & spell out
"compatible" while there.

warning: (IP_NF_TARGET_TTL && NET && INET && NETFILTER && IP_NF_IPTABLES && NETFILTER_ADVANCED || IP6_NF_TARGET_HL && NET && INET && IPV6 && NETFILTER && IP6_NF_IPTABLES && NETFILTER_ADVANCED) selects NETFILTER_XT_TARGET_HL which has unmet direct dependencies ((IP_NF_MANGLE || IP6_NF_MANGLE) && NETFILTER_ADVANCED)

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agoIPVS: ip_vs_dbg_callid() is only needed for debugging
Simon Horman [Wed, 13 Oct 2010 19:22:35 +0000 (21:22 +0200)]
IPVS: ip_vs_dbg_callid() is only needed for debugging

ip_vs_dbg_callid() and IP_VS_DEBUG_CALLID() are only needed
it CONFIG_IP_VS_DEBUG is defined.

This resolves the following build warning when CONFIG_IP_VS_DEBUG is
not defined.

net/netfilter/ipvs/ip_vs_pe_sip.c:11: warning: 'ip_vs_dbg_callid' defined but not used

Reported-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: xtables: remove unused defines
Jan Engelhardt [Wed, 13 Oct 2010 14:42:02 +0000 (16:42 +0200)]
netfilter: xtables: remove unused defines

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agonetfilter: xtables: unify {ip,ip6,arp}t_error_target
Jan Engelhardt [Wed, 13 Oct 2010 14:37:45 +0000 (16:37 +0200)]
netfilter: xtables: unify {ip,ip6,arp}t_error_target

Unification of struct *_error_target was forgotten in
v2.6.16-1689-g1e30a01.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agonetfilter: xtables: resolve indirect macros 3/3
Jan Engelhardt [Wed, 13 Oct 2010 14:28:00 +0000 (16:28 +0200)]
netfilter: xtables: resolve indirect macros 3/3

14 years agonetfilter: xtables: resolve indirect macros 2/3
Jan Engelhardt [Wed, 13 Oct 2010 14:11:22 +0000 (16:11 +0200)]
netfilter: xtables: resolve indirect macros 2/3

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agonetfilter: xtables: resolve indirect macros 1/3
Jan Engelhardt [Wed, 13 Oct 2010 13:56:56 +0000 (15:56 +0200)]
netfilter: xtables: resolve indirect macros 1/3

Many of the used macros are just there for userspace compatibility.
Substitute the in-kernel code to directly use the terminal macro
and stuff the defines into #ifndef __KERNEL__ sections.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agonetfilter: add missing xt_log.h file
Patrick McHardy [Mon, 4 Oct 2010 21:24:21 +0000 (23:24 +0200)]
netfilter: add missing xt_log.h file

Forgot to add xt_log.h in commit a8defca0 (netfilter: ipt_LOG:
add bufferisation to call printk() once)

Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: unregister nf hooks, matches and targets in the reverse order
Changli Gao [Mon, 4 Oct 2010 20:24:12 +0000 (22:24 +0200)]
netfilter: unregister nf hooks, matches and targets in the reverse order

Since we register nf hooks, matches and targets in order, we'd better
unregister them in the reverse order.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: remove duplicated include
Nicolas Kaiser [Mon, 4 Oct 2010 19:00:42 +0000 (21:00 +0200)]
netfilter: remove duplicated include

Remove duplicated include.

Signed-off-by: Nicolas Kaiser <nikai@nikai.net>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: ipt_LOG: add bufferisation to call printk() once
Eric Dumazet [Mon, 4 Oct 2010 18:56:05 +0000 (20:56 +0200)]
netfilter: ipt_LOG: add bufferisation to call printk() once

ipt_LOG & ip6t_LOG use lot of calls to printk() and use a lock in a hope
several cpus wont mix their output in syslog.

printk() being very expensive [1], its better to call it once, on a
prebuilt and complete line. Also, with mixed IPv4 and IPv6 trafic,
separate IPv4/IPv6 locks dont avoid garbage.

I used an allocation of a 1024 bytes structure, sort of seq_printf() but
with a fixed size limit.
Use a static buffer if dynamic allocation failed.

Emit a once time alert if buffer size happens to be too short.

[1]: printk() has various features like printk_delay()...

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: nf_nat: make find/put static
Stephen Hemminger [Mon, 4 Oct 2010 18:53:18 +0000 (20:53 +0200)]
netfilter: nf_nat: make find/put static

The functions nf_nat_proto_find_get and nf_nat_proto_put are
only used internally in nf_nat_core. This might break some out
of tree NAT module.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agoIPVS: sip persistence engine
Simon Horman [Sun, 22 Aug 2010 12:37:55 +0000 (21:37 +0900)]
IPVS: sip persistence engine

Add the SIP callid as a key for persistence.

This allows multiple connections from the same IP address to be
differentiated on the basis of the callid.

When used in conjunction with the persistence mask, it allows connections
from different  IP addresses to be aggregated on the basis of the callid.

It is envisaged that a persistence mask of 0.0.0.0 will be a useful
setting.  That is, ignore the source IP address when checking for
persistence.

It is envisaged that this option will be used in conjunction with
one-packet scheduling.

This only works with UDP and cannot be made to work with TCP
within the current framework.

Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Julian Anastasov <ja@ssi.bg>
14 years agoIPVS: Fallback if persistence engine fails
Simon Horman [Sun, 22 Aug 2010 12:37:54 +0000 (21:37 +0900)]
IPVS: Fallback if persistence engine fails

Fall back to normal persistence handling if the persistence
engine fails to recognise a packet.

This way, at least the packet will go somewhere.

It is envisaged that iptables could be used to block packets
such if this is not desired although nf_conntrack_sip would
likely need to be enhanced first.

Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Julian Anastasov <ja@ssi.bg>
14 years agoIPVS: Allow configuration of persistence engines
Simon Horman [Sun, 22 Aug 2010 12:37:54 +0000 (21:37 +0900)]
IPVS: Allow configuration of persistence engines

Allow the persistence engine of a virtual service to be set, edited
and unset.

This feature only works with the netlink user-space interface.

Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Julian Anastasov <ja@ssi.bg>
14 years agoIPVS: management of persistence engine modules
Simon Horman [Sun, 22 Aug 2010 12:37:54 +0000 (21:37 +0900)]
IPVS: management of persistence engine modules

This is based heavily on the scheduler management code

Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Julian Anastasov <ja@ssi.bg>
14 years agoIPVS: Add persistence engine data to /proc/net/ip_vs_conn
Simon Horman [Sun, 22 Aug 2010 12:37:53 +0000 (21:37 +0900)]
IPVS: Add persistence engine data to /proc/net/ip_vs_conn

This shouldn't break compatibility with userspace as the new data
is at the end of the line.

I have confirmed that this doesn't break ipvsadm, the main (only?)
user-space user of this data.

Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Julian Anastasov <ja@ssi.bg>
14 years agoIPVS: Add struct ip_vs_pe
Simon Horman [Sun, 22 Aug 2010 12:37:53 +0000 (21:37 +0900)]
IPVS: Add struct ip_vs_pe

Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Julian Anastasov <ja@ssi.bg>
14 years agoIPVS: ip_vs_{un,}bind_scheduler NULL arguments
Simon Horman [Sun, 22 Aug 2010 12:37:52 +0000 (21:37 +0900)]
IPVS: ip_vs_{un,}bind_scheduler NULL arguments

In general NULL arguments aren't passed by the few callers that exist,
so don't test for them.

The exception is to make passing NULL to ip_vs_unbind_scheduler() a noop.

Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Julian Anastasov <ja@ssi.bg>
14 years agoIPVS: Allow null argument to ip_vs_scheduler_put()
Simon Horman [Sun, 22 Aug 2010 12:37:52 +0000 (21:37 +0900)]
IPVS: Allow null argument to ip_vs_scheduler_put()

This simplifies caller logic sightly.

Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Julian Anastasov <ja@ssi.bg>
14 years agoIPVS: Add struct ip_vs_conn_param
Simon Horman [Sun, 22 Aug 2010 12:37:52 +0000 (21:37 +0900)]
IPVS: Add struct ip_vs_conn_param

Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Julian Anastasov <ja@ssi.bg>
14 years agoIPVS: compact ip_vs_sched_persist()
Simon Horman [Sun, 22 Aug 2010 12:37:51 +0000 (21:37 +0900)]
IPVS: compact ip_vs_sched_persist()

Compact ip_vs_sched_persist() by setting up parameters
and calling functions once.

Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Julian Anastasov <ja@ssi.bg>
14 years agonetfilter: nf_conntrack_sip: Add callid parser
Simon Horman [Sun, 22 Aug 2010 12:37:51 +0000 (21:37 +0900)]
netfilter: nf_conntrack_sip: Add callid parser

Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Julian Anastasov <ja@ssi.bg>
14 years agonetfilter: nf_conntrack_sip: Allow ct_sip_get_header() to be called with a null ct...
Simon Horman [Sun, 22 Aug 2010 12:37:51 +0000 (21:37 +0900)]
netfilter: nf_conntrack_sip: Allow ct_sip_get_header() to be called with a null ct argument

Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Julian Anastasov <ja@ssi.bg>
14 years agonetfilter: ctnetlink: add support for user-space expectation helpers
Pablo Neira Ayuso [Tue, 28 Sep 2010 19:06:34 +0000 (21:06 +0200)]
netfilter: ctnetlink: add support for user-space expectation helpers

This patch adds the basic infrastructure to support user-space
expectation helpers via ctnetlink and the netfilter queuing
infrastructure NFQUEUE. Basically, this patch:

* adds NF_CT_EXPECT_USERSPACE flag to identify user-space
  created expectations. I have also added a sanity check in
  __nf_ct_expect_check() to avoid that kernel-space helpers
  may create an expectation if the master conntrack has no
  helper assigned.
* adds some branches to check if the master conntrack helper
  exists, otherwise we skip the code that refers to kernel-space
  helper such as the local expectation list and the expectation
  policy.
* allows to set the timeout for user-space expectations with
  no helper assigned.
* a list of expectations created from user-space that depends
  on ctnetlink (if this module is removed, they are deleted).
* includes USERSPACE in the /proc output for expectations
  that have been created by a user-space helper.

This patch also modifies ctnetlink to skip including the helper
name in the Netlink messages if no kernel-space helper is set
(since no user-space expectation has not kernel-space kernel
assigned).

You can access an example user-space FTP conntrack helper at:
http://people.netfilter.org/pablo/userspace-conntrack-helpers/nf-ftp-helper-userspace-POC.tar.bz

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: ctnetlink: allow to specify the expectation flags
Pablo Neira Ayuso [Wed, 22 Sep 2010 06:36:59 +0000 (08:36 +0200)]
netfilter: ctnetlink: allow to specify the expectation flags

With this patch, you can specify the expectation flags for user-space
created expectations.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: ctnetlink: missing validation of CTA_EXPECT_ZONE attribute
Pablo Neira Ayuso [Wed, 22 Sep 2010 06:35:36 +0000 (08:35 +0200)]
netfilter: ctnetlink: missing validation of CTA_EXPECT_ZONE attribute

This patch adds the missing validation of the CTA_EXPECT_ZONE
attribute in the ctnetlink code.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: nf_nat: better error handling of nf_ct_expect_related() in helpers
Pablo Neira Ayuso [Wed, 22 Sep 2010 06:34:12 +0000 (08:34 +0200)]
netfilter: nf_nat: better error handling of nf_ct_expect_related() in helpers

This patch improves the situation in which the expectation table is
full for conntrack NAT helpers. Basically, we give up if we don't
find a place in the table instead of looping over nf_ct_expect_related()
with a different port (we should only do this if it returns -EBUSY, for
-EMFILE or -ESHUTDOWN I think that it's better to skip this).

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agoipvs: changes related to service usecnt
Julian Anastasov [Tue, 21 Sep 2010 16:12:30 +0000 (18:12 +0200)]
ipvs: changes related to service usecnt

Change the usage of svc usecnt during command execution:

- we check if svc is registered but we do not need to hold usecnt
reference while under __ip_vs_mutex, only the packet handling needs
it during scheduling

- change __ip_vs_service_get to __ip_vs_service_find and
__ip_vs_svc_fwm_get to __ip_vs_svc_fwm_find because now caller
will increase svc->usecnt

- put common code that calls update_service in __ip_vs_update_dest

- put common code in ip_vs_unlink_service() and use it to unregister
the service

- add comment that svc should not be accessed after ip_vs_del_service
anymore

- all IP_VS_WAIT_WHILE calls are now unified: usecnt > 0

- Properly log the app ports

As result, some problems are fixed:

- possible use-after-free of svc in ip_vs_genl_set_cmd after
ip_vs_del_service because our usecnt reference does not guarantee that
svc is not freed on refcnt==0, eg. when no dests are moved to trash

- possible usecnt leak in do_ip_vs_set_ctl after ip_vs_del_service
when the service is not freed now, for example, when some
destionations are moved into trash and svc->refcnt remains above 0.
It is harmless because svc is not in hash anymore.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: save the hash of the tuple in the original direction for latter use
Changli Gao [Tue, 21 Sep 2010 15:49:20 +0000 (17:49 +0200)]
netfilter: save the hash of the tuple in the original direction for latter use

Since we don't change the tuple in the original direction, we can save it
in ct->tuplehash[IP_CT_DIR_REPLY].hnode.pprev for __nf_conntrack_confirm()
use.

__hash_conntrack() is split into two steps: hash_conntrack_raw() is used
to get the raw hash, and __hash_bucket() is used to get the bucket id.

In SYN-flood case, early_drop() doesn't need to recompute the hash again.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agoipvs: make rerouting optional with snat_reroute
Julian Anastasov [Tue, 21 Sep 2010 15:38:57 +0000 (17:38 +0200)]
ipvs: make rerouting optional with snat_reroute

Add new sysctl flag "snat_reroute". Recent kernels use
ip_route_me_harder() to route LVS-NAT responses properly by
VIP when there are multiple paths to client. But setups
that do not have alternative default routes can skip this
routing lookup by using snat_reroute=0.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agoipvs: netfilter connection tracking changes
Julian Anastasov [Tue, 21 Sep 2010 15:35:41 +0000 (17:35 +0200)]
ipvs: netfilter connection tracking changes

Add more code to IPVS to work with Netfilter connection
tracking and fix some problems.

- Allow IPVS to be compiled without connection tracking as in
2.6.35 and before. This can avoid keeping conntracks for all
IPVS connections because this costs memory. ip_vs_ftp still
depends on connection tracking and NAT as implemented for 2.6.36.

- Add sysctl var "conntrack" to enable connection tracking for
all IPVS connections. For loaded IPVS directors it needs
tuning of nf_conntrack_max limit.

- Add IP_VS_CONN_F_NFCT connection flag to request the connection
to use connection tracking. This allows user space to provide this
flag, for example, in dest->conn_flags. This can be useful to
request connection tracking per real server instead of forcing it
for all connections with the "conntrack" sysctl. This flag is
set currently only by ip_vs_ftp and of course by "conntrack" sysctl.

- Add ip_vs_nfct.c file to hold all connection tracking code,
by this way main code should not depend of netfilter conntrack
support.

- Return back the ip_vs_post_routing handler as in 2.6.35 and use
skb->ipvs_property=1 to allow IPVS to work without connection
tracking

Connection tracking:

- most of the code is already in 2.6.36-rc

- alter conntrack reply tuple for LVS-NAT connections when first packet
from client is forwarded and conntrack state is NEW or RELATED.
Additionally, alter reply for RELATED connections from real server,
again for packet in original direction.

- add IP_VS_XMIT_TUNNEL to confirm conntrack (without altering
reply) for LVS-TUN early because we want to call nf_reset. It is
needed because we add IPIP header and the original conntrack
should be preserved, not destroyed. The transmitted IPIP packets
can reuse same conntrack, so we do not set skb->ipvs_property.

- try to destroy conntrack when the IPVS connection is destroyed.
It is not fatal if conntrack disappears before that, it depends
on the used timers.

Fix problems from long time:

- add skb->ip_summed = CHECKSUM_NONE for the LVS-TUN transmitters

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agoipvs: extend connection flags to 32 bits
Julian Anastasov [Fri, 17 Sep 2010 12:18:16 +0000 (14:18 +0200)]
ipvs: extend connection flags to 32 bits

- the sync protocol supports 16 bits only, so bits 0..15 should be
used only for flags that should go to backup server, bits 16 and
above should be allocated for flags not sent to backup.

- use IP_VS_CONN_F_DEST_MASK as mask of connection flags in
destination that can be changed by user space

- allow IP_VS_CONN_F_ONE_PACKET to be set in destination

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: nf_conntrack: fix the hash random initializing race
Changli Gao [Thu, 16 Sep 2010 17:55:03 +0000 (19:55 +0200)]
netfilter: nf_conntrack: fix the hash random initializing race

nf_conntrack_alloc() isn't called with nf_conntrack_lock locked, so hash
random initializing code maybe executed more than once on different
CPUs.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: nf_nat: no IP_NAT_RANGE_MAP_IPS flags when alloc_null_binding()
Changli Gao [Thu, 16 Sep 2010 17:47:51 +0000 (19:47 +0200)]
netfilter: nf_nat: no IP_NAT_RANGE_MAP_IPS flags when alloc_null_binding()

When alloc_null_binding(), no IP_NAT_RNAGE_MAP_IPS in flags means no IP address
translation is needed. It isn't necessary to specify the address explicitly.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: nf_nat_core: don't check if the tuple is used if there is no other choice
Changli Gao [Thu, 16 Sep 2010 17:45:19 +0000 (19:45 +0200)]
netfilter: nf_nat_core: don't check if the tuple is used if there is no other choice

Eliminate nf_nat_used_tuple() to save some CPU cycles when there is no
other choice.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: use NFPROTO_IPV4 instead of AF_INET
Changli Gao [Thu, 16 Sep 2010 17:37:30 +0000 (19:37 +0200)]
netfilter: use NFPROTO_IPV4 instead of AF_INET

The field family of xt_target should be NFPROTO_IPV4, though
NFPROTO_IPV4 and AF_INET are the same.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agonetfilter: nf_nat: add nf_nat_csum()
Changli Gao [Wed, 15 Sep 2010 17:24:50 +0000 (19:24 +0200)]
netfilter: nf_nat: add nf_nat_csum()

Add a static function nf_nat_csum() to replace the duplicate code in
nf_nat_mangle_udp_packet() and __nf_nat_mangle_tcp_packet().

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agoe1000e: Simplify MSI interrupt testing
Jean Delvare [Sun, 12 Sep 2010 22:45:39 +0000 (22:45 +0000)]
e1000e: Simplify MSI interrupt testing

The code is quite convoluted, simplify it. This also avoids calling
e1000_request_irq() without testing the value it returned, which was
bad.

Signed-off-by: Jean Delvare <jdelvare@suse.de>
Cc: Bruce Allan <bruce.w.allan@intel.com>
Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Acked-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agouwb: use '%pM' format to print MAC address
Andy Shevchenko [Sun, 12 Sep 2010 08:16:26 +0000 (08:16 +0000)]
uwb: use '%pM' format to print MAC address

Signed-off-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agobnx2x: Spread rx buffers between allocated queues
Dmitry Kravkov [Sun, 12 Sep 2010 05:48:28 +0000 (05:48 +0000)]
bnx2x: Spread rx buffers between allocated queues

Default number of rx buffers will be divided equally
 between allocated queues. This will decrease amount of
 pre-allocated buffers on systems with multiple CPUs.
 User can override this behavior with ethtool -G.
 Minimum amount of rx buffers per queue set to 128.

Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocx82310_eth: allow empty URBs
Ondrej Zary [Sat, 11 Sep 2010 05:40:16 +0000 (05:40 +0000)]
cx82310_eth: allow empty URBs

Empty received URBs are currently counted as errors but the device sends them
sometimes as part of regular traffic - so remove this check.

Signed-off-by: Ondrej Zary <linux@rainbow-software.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocx82310_eth: check usb_string() return value for error
Ondrej Zary [Sat, 11 Sep 2010 05:39:57 +0000 (05:39 +0000)]
cx82310_eth: check usb_string() return value for error

Fix that usb_string() return value is not checked for error (negative value).
Also change the ignore message a bit and lower its level to info.

Signed-off-by: Ondrej Zary <linux@rainbow-software.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agodrivers/net/skfp: Remove pr_<level> uses of KERN_<level>
Joe Perches [Sat, 11 Sep 2010 19:10:56 +0000 (19:10 +0000)]
drivers/net/skfp: Remove pr_<level> uses of KERN_<level>

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonet/cxgb3: remove undefined operations
Andreas Schwab [Sat, 11 Sep 2010 01:12:34 +0000 (01:12 +0000)]
net/cxgb3: remove undefined operations

Modifying an object twice without an intervening sequence point is
undefined.

Signed-off-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonet/de4x5: remove undefined operations
Andreas Schwab [Sat, 11 Sep 2010 01:08:58 +0000 (01:08 +0000)]
net/de4x5: remove undefined operations

Modifying an object twice without an intervening sequence point is
undefined.

Signed-off-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agosundance: Add power management hooks
Denis Kirjanov [Fri, 10 Sep 2010 23:23:13 +0000 (23:23 +0000)]
sundance: Add power management hooks

This patch to adds support for PM hooks into sundance driver

Signed-off-by: Denis Kirjanov <dkirjanov@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoflow: better memory management
Eric Dumazet [Fri, 10 Sep 2010 07:00:25 +0000 (07:00 +0000)]
flow: better memory management

Allocate hash tables for every online cpus, not every possible ones.

NUMA aware allocations.

Dont use a full page on arches where PAGE_SIZE > 1024*sizeof(void *)

misc:
  __percpu , __read_mostly, __cpuinit annotations
  flow_compare_t is just an "unsigned long"

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agosfc: Fix order of channel_name array dimensions
Ben Hutchings [Mon, 13 Sep 2010 04:14:49 +0000 (04:14 +0000)]
sfc: Fix order of channel_name array dimensions

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agobna: Check for NULL before deref in bnad_cb_tx_cleanup
David S. Miller [Sun, 12 Sep 2010 19:06:00 +0000 (12:06 -0700)]
bna: Check for NULL before deref in bnad_cb_tx_cleanup

Reported-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agopkt_sched: remov unnecessary bh_disable
stephen hemminger [Wed, 8 Sep 2010 09:16:28 +0000 (09:16 +0000)]
pkt_sched: remov unnecessary bh_disable

Now that est_tree_lock is acquired with BH protection, the other
call is unnecessary.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agofib: cleanups
Eric Dumazet [Thu, 9 Sep 2010 23:32:28 +0000 (23:32 +0000)]
fib: cleanups

Use rcu_dereference_rtnl() helper

Change hard coded constants in fib_flag_trans()
 7 -> RTN_UNREACHABLE
 8 -> RTN_PROHIBIT

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agosfc: Allow changing the DMA ring sizes dynamically via ethtool
Ben Hutchings [Fri, 10 Sep 2010 06:42:33 +0000 (06:42 +0000)]
sfc: Allow changing the DMA ring sizes dynamically via ethtool

This requires some reorganisation of channel setup and teardown to
ensure that we can always roll-back a failed change.

Based on work by Steve Hodgson <shodgson@solarflare.com>

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agosfc: Make the dmaq size a run-time setting (rather than compile-time)
Steve Hodgson [Fri, 10 Sep 2010 06:42:22 +0000 (06:42 +0000)]
sfc: Make the dmaq size a run-time setting (rather than compile-time)

- Allow the ring size to be specified in non
   power-of-two sizes (for instance to limit
   the amount of receive buffers).
 - Automatically size the event queue.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agosfc: Allocate each channel separately, along with its RX and TX queues
Ben Hutchings [Fri, 10 Sep 2010 06:41:57 +0000 (06:41 +0000)]
sfc: Allocate each channel separately, along with its RX and TX queues

This will allow for reallocation of channel structures and rings.

Change module parameter separate_tx_channels to be read-only, since we
now require its value to be constant.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agosfc: Refactor channel and queue lookup and iteration
Ben Hutchings [Fri, 10 Sep 2010 06:41:47 +0000 (06:41 +0000)]
sfc: Refactor channel and queue lookup and iteration

In preparation for changes to the way channels and queue structures
are allocated, revise the macros and functions used to look up and
iterator over them.

- Replace efx_for_each_tx_queue() with iteration over channels then TX
  queues
- Replace efx_for_each_rx_queue() with iteration over channels then RX
  queues (with one exception, shortly to be removed)
- Introduce efx_get_{channel,rx_queue,tx_queue}() functions to look up
  channels and queues by index
- Introduce efx_channel_get_{rx,tx}_queue() functions to look up a
  channel's queues

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agosfc: Abstract channel and index lookup for RX queues
Ben Hutchings [Fri, 10 Sep 2010 06:41:36 +0000 (06:41 +0000)]
sfc: Abstract channel and index lookup for RX queues

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agosfc: Allocate DMA and event rings using GFP_KERNEL
Ben Hutchings [Fri, 10 Sep 2010 06:41:26 +0000 (06:41 +0000)]
sfc: Allocate DMA and event rings using GFP_KERNEL

Currently we allocate DMA descriptor rings and event rings using
pci_alloc_consistent() which selects non-blocking behaviour from the
page allocator (GFP_ATOMIC). This is unnecessary, and since we
currently allocate a single contiguous block for each ring (up to 32
pages!) these allocations are likely to fail if there is any
significant memory pressure.  Use dma_alloc_coherent() and GFP_KERNEL
instead.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agosfc: Fix failure paths in efx_probe_port()
Ben Hutchings [Fri, 10 Sep 2010 06:41:19 +0000 (06:41 +0000)]
sfc: Fix failure paths in efx_probe_port()

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agosfc: Remove declarations of functions that no longer exist
Ben Hutchings [Fri, 10 Sep 2010 06:41:12 +0000 (06:41 +0000)]
sfc: Remove declarations of functions that no longer exist

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agosfc: Accumulate RX_NODESC_DROP count in rx_dropped, not rx_over_errors
Ben Hutchings [Fri, 10 Sep 2010 06:41:06 +0000 (06:41 +0000)]
sfc: Accumulate RX_NODESC_DROP count in rx_dropped, not rx_over_errors

rx_over_errors appears to be intended as a count of packets that
overflow a packet buffer in the NIC.  Given that we implement a
cut-through receive path, this should always be 0.

rx_dropped appears to be the correct counter for packets dropped due
to lack of host buffers.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agosfc: Use MCDI RX_BAD_FCS_PKTS count as MAC rx_bad count
Ben Hutchings [Fri, 10 Sep 2010 06:41:00 +0000 (06:41 +0000)]
sfc: Use MCDI RX_BAD_FCS_PKTS count as MAC rx_bad count

Calculating rx_bad as rx_packets - rx_good is unnecessary and
incorrect, since rx_good does not include control frames (e.g.
pause frames) and rx_packets does.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoMerge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
David S. Miller [Fri, 10 Sep 2010 05:27:33 +0000 (22:27 -0700)]
Merge branch 'master' of /linux/kernel/git/davem/net-2.6

Conflicts:
net/mac80211/main.c

14 years agoMerge branch 'vhost-net' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
David S. Miller [Fri, 10 Sep 2010 04:59:51 +0000 (21:59 -0700)]
Merge branch 'vhost-net' of git://git./linux/kernel/git/mst/vhost

14 years agodrivers/net/bnx2x: use ARRAY_SIZE macro in bnx2x_main.c
Nikitas Angelinas [Wed, 8 Sep 2010 11:20:37 +0000 (11:20 +0000)]
drivers/net/bnx2x: use ARRAY_SIZE macro in bnx2x_main.c

Replace sizeof(bnx2x_parity_mask)/(sizeof(bnx2x_parity_mask[0]) with
ARRAY_SIZE(bnx2x_parity_mask) in drivers/net/bnx2x/bnx2x_main.c

Signed-off-by: Nikitas Angelinas <nikitasangelinas@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoipheth: remove incorrect devtype to WWAN
Dan Williams [Wed, 8 Sep 2010 07:50:47 +0000 (07:50 +0000)]
ipheth: remove incorrect devtype to WWAN

The 'wwan' devtype is meant for devices that require preconfiguration
and *every* time setup before the ethernet interface can be used, like
cellular modems which require a series of setup commands on serial ports
or other mechanisms before the ethernet interface will handle packets.

As ipheth only requires one-per-hotplug pairing setup with no
preconfiguration (like APN, phone #, etc) and the network interface is
usable at any time after that initial setup, remove the incorrect
devtype wwan.

Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoMAINTAINERS: Add CAIF
Joe Perches [Tue, 7 Sep 2010 20:33:24 +0000 (20:33 +0000)]
MAINTAINERS: Add CAIF

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoau1000-eth: change multi-line comments style
Florian Fainelli [Wed, 8 Sep 2010 11:11:59 +0000 (11:11 +0000)]
au1000-eth: change multi-line comments style

Signed-off-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoau1000-eth: remove volatiles, switch to I/O accessors
Florian Fainelli [Wed, 8 Sep 2010 11:15:13 +0000 (11:15 +0000)]
au1000-eth: remove volatiles, switch to I/O accessors

Remove all the volatile keywords where they were used, switch to using the
proper readl/writel accessors.

Signed-off-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoau1000-eth: fix asm -> linux headers inclusion
Florian Fainelli [Wed, 8 Sep 2010 11:11:49 +0000 (11:11 +0000)]
au1000-eth: fix asm -> linux headers inclusion

Replace asm/io.h and asm/cpu.h wih linux/io.h and linux/cpu.h

Signed-off-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoau1000-eth: fix bad printk usages
Florian Fainelli [Wed, 8 Sep 2010 11:11:45 +0000 (11:11 +0000)]
au1000-eth: fix bad printk usages

Use pr_(info|err) and pr_cont where required instead of calls to printk.
Add missing pr_fmt to the driver.

Signed-off-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoau1000-eth: fix all but one "line over 80 characters warnings"
Florian Fainelli [Wed, 8 Sep 2010 11:11:40 +0000 (11:11 +0000)]
au1000-eth: fix all but one "line over 80 characters warnings"

One line has not been changed because it would not improve readability.

Signed-off-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoau1000-eth: stylistic fixes
Florian Fainelli [Wed, 8 Sep 2010 11:11:31 +0000 (11:11 +0000)]
au1000-eth: stylistic fixes

This patch fixes the following checkpatch.pl warnings:
- spaces after tabs
- space between function and arguments
- one-line statement braces
- tabs instead of spaces

Signed-off-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoau1000-eth: typedefs removal
Florian Fainelli [Wed, 8 Sep 2010 11:11:25 +0000 (11:11 +0000)]
au1000-eth: typedefs removal

Signed-off-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agotipc: Optimize handling excess content on incoming messages
Paul Gortmaker [Wed, 8 Sep 2010 13:31:24 +0000 (13:31 +0000)]
tipc: Optimize handling excess content on incoming messages

Remove code that trimmed excess trailing info from incoming messages
arriving over an Ethernet interface.  TIPC now ignores the extra info
while the message is being processed by the node, and only trims it off
if the message is retransmitted to another node.  (This latter step is
done to ensure the extra info doesn't cause the sk_buff to exceed the
outgoing interface's MTU limit.) The outgoing buffer is guaranteed to
be linear.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoixgbevf: remove private net_device_stats
Eric Dumazet [Wed, 8 Sep 2010 22:48:31 +0000 (22:48 +0000)]
ixgbevf: remove private net_device_stats

Use the net_device provided net_device_stats structure.

Remove ixgbevf_get_stats() now its not needed.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agotunnels: missing rcu_assign_pointer()
Eric Dumazet [Thu, 9 Sep 2010 05:33:43 +0000 (05:33 +0000)]
tunnels: missing rcu_assign_pointer()

xfrm4_tunnel_register() & xfrm6_tunnel_register() should
use rcu_assign_pointer() to make sure previous writes
(to handler->next) are committed to memory before chain
insertion.

deregister functions dont need a particular barrier.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonet/core: add lock context change annotations in net/core/sock.c
Namhyung Kim [Wed, 8 Sep 2010 03:48:48 +0000 (03:48 +0000)]
net/core: add lock context change annotations in net/core/sock.c

__lock_sock() and __release_sock() releases and regrabs lock but
were missing proper annotations. Add it. This removes following
warning from sparse. (Currently __lock_sock() does not emit any
warning about it but I think it is better to add also.)

 net/core/sock.c:1580:17: warning: context imbalance in '__release_sock' - unexpected unlock

Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonet/core: remove address space warnings on verify_iovec()
Namhyung Kim [Wed, 8 Sep 2010 03:48:47 +0000 (03:48 +0000)]
net/core: remove address space warnings on verify_iovec()

move_addr_to_kernel() and copy_from_user() requires their argument
as __user pointer but were missing proper markups. Add it.
This removes following warnings from sparse.

 net/core/iovec.c:44:52: warning: incorrect type in argument 1 (different address spaces)
 net/core/iovec.c:44:52:    expected void [noderef] <asn:1>*uaddr
 net/core/iovec.c:44:52:    got void *msg_name
 net/core/iovec.c:55:34: warning: incorrect type in argument 2 (different address spaces)
 net/core/iovec.c:55:34:    expected void const [noderef] <asn:1>*from
 net/core/iovec.c:55:34:    got struct iovec *msg_iov

Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agosctp: fix test for end of loop
Joe Perches [Wed, 8 Sep 2010 11:04:21 +0000 (11:04 +0000)]
sctp: fix test for end of loop

Add a list_has_sctp_addr function to simplify loop

Based on a patches by Dan Carpenter and David Miller

Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoMerge branch 'for-davem' of git://oss.oracle.com/git/agrover/linux-2.6
David S. Miller [Thu, 9 Sep 2010 21:58:11 +0000 (14:58 -0700)]
Merge branch 'for-davem' of git://oss.oracle.com/git/agrover/linux-2.6

14 years agoMerge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6
David S. Miller [Thu, 9 Sep 2010 06:49:04 +0000 (23:49 -0700)]
Merge branch 'master' of /linux/kernel/git/torvalds/linux-2.6

14 years agoKS8851: Correct RX packet allocation
Eric Dumazet [Wed, 8 Sep 2010 13:26:55 +0000 (13:26 +0000)]
KS8851: Correct RX packet allocation

Use netdev_alloc_skb_ip_align() helper and do correct allocation

Tested-by: Abraham Arce <x0066660@ti.com>
Signed-off-by: Abraham Arce <x0066660@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoudp: add rehash on connect()
Eric Dumazet [Wed, 8 Sep 2010 05:08:44 +0000 (05:08 +0000)]
udp: add rehash on connect()

commit 30fff923 introduced in linux-2.6.33 (udp: bind() optimisation)
added a secondary hash on UDP, hashed on (local addr, local port).

Problem is that following sequence :

fd = socket(...)
connect(fd, &remote, ...)

not only selects remote end point (address and port), but also sets
local address, while UDP stack stored in secondary hash table the socket
while its local address was INADDR_ANY (or ipv6 equivalent)

Sequence is :
 - autobind() : choose a random local port, insert socket in hash tables
              [while local address is INADDR_ANY]
 - connect() : set remote address and port, change local address to IP
              given by a route lookup.

When an incoming UDP frame comes, if more than 10 sockets are found in
primary hash table, we switch to secondary table, and fail to find
socket because its local address changed.

One solution to this problem is to rehash datagram socket if needed.

We add a new rehash(struct socket *) method in "struct proto", and
implement this method for UDP v4 & v6, using a common helper.

This rehashing only takes care of secondary hash table, since primary
hash (based on local port only) is not changed.

Reported-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoatlx: make strings const
Stephen Hemminger [Thu, 9 Sep 2010 04:32:12 +0000 (21:32 -0700)]
atlx: make strings const

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Acked-by: Chris Snook <chris.snook@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonet: inet_add_protocol() can use cmpxchg()
Eric Dumazet [Thu, 9 Sep 2010 04:31:35 +0000 (21:31 -0700)]
net: inet_add_protocol() can use cmpxchg()

Use cmpxchg() to get rid of spinlocks in inet_add_protocol() and
friends.

inet_protos[] & inet6_protos[] are moved to read_mostly section

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocxacru: ignore cx82310_eth devices
Ondrej Zary [Thu, 9 Sep 2010 04:29:20 +0000 (21:29 -0700)]
cxacru: ignore cx82310_eth devices

Ignore ADSL routers, which can have the same vendor and product IDs
as ADSL modems but should be handled by the cx82310_eth driver.

This intentionally ignores device IDs that aren't currently handled
by cx82310_eth. There may be other device IDs that perhaps shouldn't
be claimed by cxacru.

Signed-off-by: Ondrej Zary <linux@rainbow-software.org>
Signed-off-by: Simon Arlott <simon@fire.lp0.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoRDS: Remove dead struct from rds.h
Andy Grover [Thu, 9 Sep 2010 01:03:54 +0000 (18:03 -0700)]
RDS: Remove dead struct from rds.h

flows are an obsolete date type.

Signed-off-by: Andy Grover <andy.grover@oracle.com>
14 years agoRDS: rds.h: Replace u_int[size]_t with uint[size]_t
Andy Grover [Wed, 25 Aug 2010 16:34:10 +0000 (09:34 -0700)]
RDS: rds.h: Replace u_int[size]_t with uint[size]_t

Replace e.g. u_int32_t types with the more common uint32_t.

Reported-by: Matthew Wilcox <willy@linux.intel.com>
Signed-off-by: Andy Grover <andy.grover@oracle.com>