summaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAgeFilesLines
* tcp: MD5: Fix IPv6 signaturesAdam Langley2008-07-311-1/+1
| | | | | | | | | | | | | | | | | Reported by Stefanos Harhalakis; although 2.6.27-rc1 talks to itself using IPv6 TCP MD5 packets just fine, Stefanos noted that tcpdump claimed that the signatures were invalid. I broke this in 49a72dfb8814c2d65bd9f8c9c6daf6395a1ec58d ("tcp: Fix MD5 signatures for non-linear skbs"), it was just a typo. Note that tcpdump will still sometimes claim that the signatures are incorrect. A patch to tcpdump has been submitted for this[1]. [1] http://tinyurl.com/6a4fl2 Signed-off-by: Adam Langley <agl@imperialviolet.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net/ipv4/route.c: fix build errorIngo Molnar2008-07-311-0/+2
| | | | | | | | | | | | | fix: net/ipv4/route.c: In function 'ip_static_sysctl_init': net/ipv4/route.c:3225: error: 'ipv4_route_path' undeclared (first use in this function) net/ipv4/route.c:3225: error: (Each undeclared identifier is reported only once net/ipv4/route.c:3225: error: for each function it appears in.) net/ipv4/route.c:3225: error: 'ipv4_route_table' undeclared (first use in this function) Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: David S. Miller <davem@davemloft.net>
* tcp: MD5: Fix MD5 signatures on certain ACK packetsAdam Langley2008-07-312-4/+4
| | | | | | | | | | | | | | I noticed, looking at tcpdumps, that timewait ACKs were getting sent with an incorrect MD5 signature when signatures were enabled. I broke this in 49a72dfb8814c2d65bd9f8c9c6daf6395a1ec58d ("tcp: Fix MD5 signatures for non-linear skbs"). I didn't take into account that the skb passed to tcp_*_send_ack was the inbound packet, thus the source and dest addresses need to be swapped when calculating the MD5 pseudoheader. Signed-off-by: Adam Langley <agl@imperialviolet.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: Fix ip6_xmit to send fragments if ipfragok is trueWei Yongjun2008-07-311-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | SCTP used ip6_xmit() to send fragments after received ICMP packet too big message. But while send packet used ip6_xmit, the skb->local_df is not initialized. So when skb if enter ip6_fragment(), the following code will discard the skb. ip6_fragment(...) { if (!skb->local_df) { ... return -EMSGSIZE; } ... } SCTP do the following step: 1. send packet ip6_xmit(skb, ipfragok=0) 2. received ICMP packet too big message 3. if PMTUD_ENABLE: ip6_xmit(skb, ipfragok=1) This patch fixed the problem by set local_df if ipfragok is true. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* netdev: Fix lockdep warnings in multiqueue configurations.David S. Miller2008-07-315-8/+16
| | | | | | | | | | | | | | When support for multiple TX queues were added, the netif_tx_lock() routines we converted to iterate over all TX queues and grab each queue's spinlock. This causes heartburn for lockdep and it's not a healthy thing to do with lots of TX queues anyways. So modify this to use a top-level lock and a "frozen" state for the individual TX queues. Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: xt_hashlimit: fix race between htable_destroy and htable_gcPavel Emelyanov2008-07-311-3/+1
| | | | | | | | | | | | | | | | | Deleting a timer with del_timer doesn't guarantee, that the timer function is not running at the moment of deletion. Thus in the xt_hashlimit case we can get into a ticklish situation when the htable_gc rearms the timer back and we'll actually delete an entry with a pending timer. Fix it with using del_timer_sync(). AFAIK del_timer_sync checks for the timer to be pending by itself, so I remove the check. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: ipt_recent: fix race between recent_mt_destroy and proc manipulationsPavel Emelyanov2008-07-311-1/+1
| | | | | | | | | | | | | | | | | | | | The thing is that recent_mt_destroy first flushes the entries from table with the recent_table_flush and only *after* this removes the proc file, corresponding to that table. Thus, if we manage to write to this file the '+XXX' command we will leak some entries. If we manage to write there a 'clean' command we'll race in two recent_table_flush flows, since the recent_mt_destroy calls this outside the recent_lock. The proper solution as I see it is to remove the proc file first and then go on with flushing the table. This flushing becomes safe w/o the lock, since the table is already inaccessible from the outside. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: nf_conntrack_tcp: decrease timeouts while data in unacknowledgedPatrick McHardy2008-07-311-5/+24
| | | | | | | | | | In order to time out dead connections quicker, keep track of outstanding data and cap the timeout. Suggested by Herbert Xu. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* atm: fix const assignment/discard warnings in the ATM networking driverDavid Howells2008-07-301-9/+13
| | | | | | | | | | | | | Fix const assignment/discard warnings in the ATM networking driver. The lane2_assoc_ind() function needed its arguments changing to match changes in the lane2_ops struct (patch 61c33e012964ce358b42d2a1e9cd309af5dab02b "atm: use const where reasonable"). Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: use the common ascii hex helpersHarvey Harrison2008-07-301-3/+2
| | | | | | Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* bridge: send correct MTU value in PMTU (revised)Simon Wunderlich2008-07-304-30/+51
| | | | | | | | | | | | | | | | | | | | | When bridging interfaces with different MTUs, the bridge correctly chooses the minimum of the MTUs of the physical devices as the bridges MTU. But when a frame is passed which fits through the incoming, but not through the outgoing interface, a "Fragmentation Needed" packet is generated. However, the propagated MTU is hardcoded to 1500, which is wrong in this situation. The sender will repeat the packet again with the same frame size, and the same problem will occur again. Instead of sending 1500, the (correct) MTU value of the bridge is now sent via PMTU. To achieve this, the corresponding rtable structure is stored in its net_bridge structure. Modified to get rid of fake_net_device as well. Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Make "networking" one-click deselectable.Robert P. J. Day2008-07-301-6/+1
| | | | | | | | Use a menuconfig directive to make all of networking support one-click deselectable from the top-level menu. Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: Fix useless proc net sockstat6 removalDaniel Lezcano2008-07-301-1/+0
| | | | | | | | This call is no longer needed, sockstat6 is per namespace so it is removed at the namespace subsystem destruction. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* tcp: MD5: Use MIB counter instead of warning for MD5 mismatch.David S. Miller2008-07-303-27/+12
| | | | | | From a report by Matti Aarnio, and preliminary patch by Adam Langley. Signed-off-by: David S. Miller <davem@davemloft.net>
* pkt_sched: Fix OOPS on ingress qdisc add.David S. Miller2008-07-303-46/+23
| | | | | | | | | | | | | | | | | | | | | Bug report from Steven Jan Springl: Issuing the following command causes a kernel oops: tc qdisc add dev eth0 handle ffff: ingress The problem mostly stems from all of the special case handling of ingress qdiscs. So, to fix this, do the grafting operation the same way we do for TX qdiscs. Which means that dev_activate() and dev_deactivate() now do the "qdisc_sleeping <--> qdisc" transitions on dev->rx_queue too. Future simplifications are possible now, mainly because it is impossible for dev_queue->{qdisc,qdisc_sleeping} to be NULL. There are NULL checks all over to handle the ingress qdisc special case that used to exist before this commit. Signed-off-by: David S. Miller <davem@davemloft.net>
* IPv6: datagram_send_ctl() should exit immediately when an error occuredMiao Xie2008-07-291-1/+1
| | | | | | | | | | | When an error occured, datagram_send_ctl() should exit immediately rather than continue to run the for loop. Otherwise, the variable err might be changed and the error might be hidden. Fix this bug by using "goto" instead of "break". Signed-off-by: Miao Xie <miaox@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'master' of ↵David S. Miller2008-07-299-207/+319
|\ | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
| * mac80211: fix mesh beaconingLuis Carlos Cobo2008-07-291-0/+1
| | | | | | | | | | | | | | | | This patch fixes mesh beaconing, which was broken by "mac80211: revamp beacon configuration". Signed-off-by: Luis Carlos Cobo <luisca@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: fix cfg80211 hooks for master interfaceJohannes Berg2008-07-291-15/+88
| | | | | | | | | | | | | | | | | | | | | | The master interface is a virtual interface that is registered to mac80211, changing that does not seem like a good idea at the moment. However, since it has no sdata, we cannot accept any configuration for it. This patch makes the cfg80211 hooks reject any such attempt. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * nl80211: fix dump callbacksJohannes Berg2008-07-291-122/+153
| | | | | | | | | | | | | | | | | | | | | | Julius Volz pointed out that the dump callbacks in nl80211 were broken and fixed one of them. This patch fixes the other three and also addresses the TODOs there. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Cc: Julius Volz <juliusv@google.com> Cc: Thomas Graf <tgraf@suug.ch> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: partially fix skb->cb useJohannes Berg2008-07-295-39/+30
| | | | | | | | | | | | | | | | | | | | | | | | This patch fixes mac80211 to not use the skb->cb over the queue step from virtual interfaces to the master. The patch also, for now, disables aggregation because that would still require requeuing, will fix that in a separate patch. There are two other places (software requeue and powersaving stations) where requeue can happen, but that is not currently used by any drivers/not possible to use respectively. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: append CONFIG_ to MAC80211_VERBOSE_PS_DEBUG in net/mac80211/tx.c.Rami Rosen2008-07-291-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In net/mac80211/tx.c, there are some #ifdef which checks MAC80211_VERBOSE_PS_DEBUG (which in fact is never set) instead of CONFIG_MAC80211_VERBOSE_PS_DEBUG, as should be. This patch replaces MAC80211_VERBOSE_PS_DEBUG with CONFIG_MAC80211_VERBOSE_PS_DEBUG in these #ifdef commands in net/mac80211/tx.c. Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: return correct error return from ieee80211_wep_initJeremy Fitzhardinge2008-07-292-4/+4
| | | | | | | | | | | | | | | | Return the proper error code rather than a hard-coded ENOMEM from ieee80211_wep_init. Also, print the error code on failure. Signed-off-by: Jeremy Fitzhardinge <jeremy@goop.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: tx, use dev_kfree_skb_any for beacon_getJiri Slaby2008-07-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | Use dev_kfree_skb_any(); instead of dev_kfree_skb();, since ieee80211_beacon_get function might be called from atomic. (It's in a fail path.) Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Johannes Berg <johannes@sipsolutions.net> Cc: Michael Wu <flamingice@sourmilk.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * rfkill: yet more minor kernel-doc fixesHenrique de Moraes Holschuh2008-07-291-10/+10
| | | | | | | | | | | | | | | | | | | | For some stupid reason, I sent and old version of the patch minor kernel doc-fix patch, and it got merged before I noticed the problem. This is an incremental fix on top. Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * rfkill: mutex fixesHenrique de Moraes Holschuh2008-07-291-10/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are two mutexes in rfkill: rfkill->mutex, which protects some of the fields of a rfkill struct, and is also used for callback serialization. rfkill_mutex, which protects the global state, the list of registered rfkill structs and rfkill->claim. Make sure to use the correct mutex, and to not miss locking rfkill->mutex even when we already took rfkill_mutex. Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * rfkill: fix led-trigger unregister order in error unwindHenrique de Moraes Holschuh2008-07-291-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rfkill needs to unregister the led trigger AFTER a call to rfkill_remove_switch(), otherwise it will not update the LED state, possibly leaving it ON when it should be OFF. To make led-trigger unregistering safer, guard against unregistering a trigger twice, and also against issuing trigger events to a led trigger that was unregistered. This makes the error unwind paths more resilient. Refer to "rfkill: Register LED triggers before registering switch". Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Cc: Michael Buesch <mb@bu3sch.de> Cc: Dmitry Baryshkov <dbaryshkov@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * rfkill: document rfkill_force_state as required (v2)Henrique de Moraes Holschuh2008-07-291-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | While the rfkill class does work with just get_state(), it doesn't work well on devices that are subject to external events that cause rfkill state changes. Document that rfkill_force_state() is required in those cases. Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | Merge branch 'linus' into cpus4096Ingo Molnar2008-07-287-50/+58
|\ \ | |/ | | | | | | | | | | | | Conflicts: kernel/stop_machine.c Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * Merge branch 'master' of git://eden-feed.erg.abdn.ac.uk/net-2.6David S. Miller2008-07-275-44/+56
| |\
| | * dccp: Add check for truncated ICMPv6 DCCP error packetsWei Yongjun2008-07-261-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | This patch adds a minimum-length check for ICMPv6 packets, as per the previous patch for ICMPv4 payloads. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
| | * dccp: Fix incorrect length check for ICMPv4 packetsWei Yongjun2008-07-261-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unlike TCP, which only needs 8 octets of original packet data, DCCP requires minimally 12 or 16 bytes for ICMP-payload sequence number checks. This patch replaces the insufficient length constant of 8 with a two-stage test, making sure that 12 bytes are available, before computing the basic header length required for sequence number checks. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
| | * dccp: Add check for sequence number in ICMPv6 messageWei Yongjun2008-07-261-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | This adds a sequence number check for ICMPv6 DCCP error packets, in the same manner as it has been done for ICMPv4 in the previous patch. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Acked-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
| | * dccp: Fix sequence number check for ICMPv4 packetsWei Yongjun2008-07-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The payload of ICMP message is a part of the packet sent by ourself, so the sequence number check must use AWL and AWH, not SWL and SWH. For example: Endpoint A Endpoint B DATA-ACK --------> (SEQ=X) <-------- ICMP (Fragmentation Needed) (SEQ=X) Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Acked-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
| | * dccp: Bug-Fix - AWL was never updatedGerrit Renker2008-07-261-18/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The AWL lower Ack validity window advances in proportion to GSS, the greatest sequence number sent. Updating AWL other than at connection setup (in the DCCP-Request sent by dccp_v{4,6}_connect()) was missing in the DCCP code. This bug lead to syslog messages such as "kernel: dccp_check_seqno: DCCP: Step 6 failed for DATAACK packet, [...] P.ackno exists or LAWL(82947089) <= P.ackno(82948208) <= S.AWH(82948728), sending SYNC..." The difference between AWL/AWH here is 1639 packets, while the expected value (the Sequence Window) would have been 100 (the default). A closer look showed that LAWL = AWL = 82947089 equalled the ISS on the Response. The patch now updates AWL with each increase of GSS. Further changes: ---------------- The patch also enforces more stringent checks on the ISS sequence number: * AWL is initialised to ISS at connection setup and remains at this value; * AWH is then always set to GSS (via dccp_update_gss()); * so on the first Request: AWL = AWH = ISS, and on the n-th Request: AWL = ISS, AWH = ISS + n. As a consequence, only Response packets that refer to Requests sent by this host will pass, all others are discarded. This is the intention and in effect implements the initial adjustments for AWL as specified in RFC 4340, 7.5.1. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Acked-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
| | * dccp: Allow to distinguish original and retransmitted packetsGerrit Renker2008-07-263-21/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch allows the sender to distinguish original and retransmitted packets, which is in particular needed for the retransmission of DCCP-Requests: * the first Request uses ISS (generated in net/dccp/ip*.c), and sets GSS = ISS; * all retransmitted Requests use GSS' = GSS + 1, so that the n-th retransmitted Request has sequence number ISS + n (mod 48). To add generic support, the patch reorganises existing code so that: * icsk_retransmits == 0 for the original packet and * icsk_retransmits = n > 0 for the n-th retransmitted packet at the time dccp_transmit_skb() is called, via dccp_retransmit_skb(). Thanks to Wei Yongjun for pointing this problem out. Further changes: ---------------- * removed the `skb' argument from dccp_retransmit_skb(), since sk_send_head is used for all retransmissions (the exception is client-Acks in PARTOPEN state, but these do not use sk_send_head); * since sk_send_head always contains the original skb (via dccp_entail()), skb_cloned() never evaluated to true and thus pskb_copy() was never used. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
| * | net: missing bits of net-namespace / sysctlAl Viro2008-07-275-16/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Piss-poor sysctl registration API strikes again, film at 11... What we really need is _pathname_ required to be present in already registered table, so that kernel could warn about bad order. That's the next target for sysctl stuff (and generally saner and more explicit order of initialization of ipv[46] internals wouldn't hurt either). For the time being, here are full fixups required by ..._rotable() stuff; we make per-net sysctl sets descendents of "ro" one and make sure that sufficient skeleton is there before we start registering per-net sysctls. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | Merge branch 'master' of ↵David S. Miller2008-07-2720-78/+239
| |\ \ | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6
| * | | ipcomp: Fix warnings after ipcomp consolidation.David S. Miller2008-07-272-6/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | net/ipv4/ipcomp.c: In function ‘ipcomp4_init_state’: net/ipv4/ipcomp.c:109: warning: unused variable ‘calg_desc’ net/ipv4/ipcomp.c:108: warning: unused variable ‘ipcd’ net/ipv4/ipcomp.c:107: warning: ‘err’ may be used uninitialized in this function net/ipv6/ipcomp6.c: In function ‘ipcomp6_init_state’: net/ipv6/ipcomp6.c:139: warning: unused variable ‘calg_desc’ net/ipv6/ipcomp6.c:138: warning: unused variable ‘ipcd’ net/ipv6/ipcomp6.c:137: warning: ‘err’ may be used uninitialized in this function Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | Merge branch 'linus' into cpus4096Ingo Molnar2008-07-2868-239/+277
|\ \ \ \
| * | | | missing bits of net-namespace / sysctlAl Viro2008-07-275-16/+41
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Piss-poor sysctl registration API strikes again, film at 11... What we really need is _pathname_ required to be present in already registered table, so that kernel could warn about bad order. That's the next target for sysctl stuff (and generally saner and more explicit order of initialization of ipv[46] internals wouldn't hurt either). For the time being, here are full fixups required by ..._rotable() stuff; we make per-net sysctl sets descendents of "ro" one and make sure that sufficient skeleton is there before we start registering per-net sysctls. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * | | Merge branch 'for-linus' of ↵Linus Torvalds2008-07-266-24/+33
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: (39 commits) [PATCH] fix RLIM_NOFILE handling [PATCH] get rid of corner case in dup3() entirely [PATCH] remove remaining namei_{32,64}.h crap [PATCH] get rid of indirect users of namei.h [PATCH] get rid of __user_path_lookup_open [PATCH] f_count may wrap around [PATCH] dup3 fix [PATCH] don't pass nameidata to __ncp_lookup_validate() [PATCH] don't pass nameidata to gfs2_lookupi() [PATCH] new (local) helper: user_path_parent() [PATCH] sanitize __user_walk_fd() et.al. [PATCH] preparation to __user_walk_fd cleanup [PATCH] kill nameidata passing to permission(), rename to inode_permission() [PATCH] take noexec checks to very few callers that care Re: [PATCH 3/6] vfs: open_exec cleanup [patch 4/4] vfs: immutable inode checking cleanup [patch 3/4] fat: dont call notify_change [patch 2/4] vfs: utimes cleanup [patch 1/4] vfs: utimes: move owner check into inode_change_ok() [PATCH] vfs: use kstrdup() and check failing allocation ...
| | * | | [PATCH] f_count may wrap aroundAl Viro2008-07-263-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | make it atomic_long_t; while we are at it, get rid of useless checks in affs, hfs and hpfs - ->open() always has it equal to 1, ->release() - to 0. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| | * | | [PATCH] sysctl: make sure that /proc/sys/net/ipv4 appears before per-ns onesAl Viro2008-07-262-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Massage ipv4 initialization - make sure that net.ipv4 appears as non-per-net-namespace before it shows up in per-net-namespace sysctls. That's the only change outside of sysctl.c needed to get sane ordering rules and data structures for sysctls (esp. for procfs side of that mess). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| | * | | [PATCH] beginning of sysctl cleanup - ctl_table_setAl Viro2008-07-261-12/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New object: set of sysctls [currently - root and per-net-ns]. Contains: pointer to parent set, list of tables and "should I see this set?" method (->is_seen(set)). Current lists of tables are subsumed by that; net-ns contains such a beast. ->lookup() for ctl_table_root returns pointer to ctl_table_set instead of that to ->list of that ctl_table_set. [folded compile fixes by rdd for configs without sysctl] Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * | | | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds2008-07-2660-204/+207
| |\ \ \ \ | | |/ / / | |/| / / | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: netns: fix ip_rt_frag_needed rt_is_expired netfilter: nf_conntrack_extend: avoid unnecessary "ct->ext" dereferences netfilter: fix double-free and use-after free netfilter: arptables in netns for real netfilter: ip{,6}tables_security: fix future section mismatch selinux: use nf_register_hooks() netfilter: ebtables: use nf_register_hooks() Revert "pkt_sched: sch_sfq: dump a real number of flows" qeth: use dev->ml_priv instead of dev->priv syncookies: Make sure ECN is disabled net: drop unused BUG_TRAP() net: convert BUG_TRAP to generic WARN_ON drivers/net: convert BUG_TRAP to generic WARN_ON
| | * | netns: fix ip_rt_frag_needed rt_is_expiredHugh Dickins2008-07-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Running recent kernels, and using a particular vpn gateway, I've been having to edit my mails down to get them accepted by the smtp server. Git bisect led to commit e84f84f276473dcc673f360e8ff3203148bdf0e2 - netns: place rt_genid into struct net. The conversion from a != test to rt_is_expired() put one negative too many: and now my mail works. Signed-off-by: Hugh Dickins <hugh@veritas.com> Acked-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | netfilter: nf_conntrack_extend: avoid unnecessary "ct->ext" dereferencesPatrick McHardy2008-07-261-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As Linus points out, "ct->ext" and "new" are always equal, avoid unnecessary dereferences and use "new" directly. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | netfilter: fix double-free and use-after freePekka Enberg2008-07-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As suggested by Patrick McHardy, introduce a __krealloc() that doesn't free the original buffer to fix a double-free and use-after-free bug introduced by me in netfilter that uses RCU. Reported-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi> Tested-by: Dieter Ries <clip2@gmx.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | netfilter: arptables in netns for realAlexey Dobriyan2008-07-261-9/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | IN, FORWARD -- grab netns from in device, OUT -- from out device. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
OpenPOWER on IntegriCloud