Talos™ II Linux sources for OpenPOWER https://git.raptorcs.com/git/talos-op-linux/atom?h=v3.5 2012-06-07T12:53:01+00:00 2012-06-07T12:53:01+00:00 Hans Schillstrom hans@schillstrom.com 2012-05-17T22:35:46+00:00 urn:sha1:d1992b169d31f339dc5ea4e9f312567c8cf322a3 This patch addresses two issues: a) Fix usage of u32 and __be32 that causes endianess warnings via sparse. b) Ensure consistent hashing in a cluster that is composed of big and little endian systems. Thus, we obtain the same hash mark in an heterogeneous cluster. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Hans Schillstrom <hans@schillstrom.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-05-17T02:17:37+00:00 David S. Miller davem@davemloft.net 2012-05-17T02:17:37+00:00 urn:sha1:028940342a906db8da014a7603a0deddc2c323dd 2012-05-16T22:56:41+00:00 Jozsef Kadlecsik kadlec@blackhole.kfki.hu 2012-05-07T02:35:44+00:00 urn:sha1:127f559127f5175e4bec3dab725a34845d956591 Large timeout parameters could result wrong timeout values due to an overflow at msec to jiffies conversion (reported by Andreas Herz) [ This patch was mangled by Pablo Neira Ayuso since David Laight and Eric Dumazet noticed that we were using hardcoded 1000 instead of MSEC_PER_SEC to calculate the timeout ] Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-05-16T22:56:31+00:00 Florian Westphal fw@strlen.de 2012-05-10T22:11:54+00:00 urn:sha1:1f27e2516c1d95ae19024bec5be68a3f489cc47e David Miller says: The canonical way to validate if the set bits are in a valid range is to have a "_ALL" macro, and test: if (val & ~XT_HASHLIMIT_ALL) goto err;" make it so. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-05-16T19:38:49+00:00 Jozsef Kadlecsik kadlec@blackhole.kfki.hu 2012-05-14T01:47:01+00:00 urn:sha1:26a5d3cc0b3d1ff23b5a94edb58226afe7f12a0c The hash size must fit both into u32 (jhash) and the max value of size_t. The missing checking could lead to kernel crash, bug reported by Seblu. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-05-09T11:04:57+00:00 Florian Westphal fw@strlen.de 2012-05-07T10:51:45+00:00 urn:sha1:0197dee7d3182bb6b6a21955860dfa14fa022d84 can be used e.g. for ingress traffic policing or to detect when a host/port consumes more bandwidth than expected. This is done by optionally making cost to mean "cost per 16-byte-chunk-of-data" instead of "cost per packet". Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-05-09T10:54:05+00:00 Hans Schillstrom hans.schillstrom@ericsson.com 2012-05-02T07:49:47+00:00 urn:sha1:cf308a1fae432f315989e2da6878bfaa3daa22b1 The target allows you to create rules in the "raw" and "mangle" tables which set the skbuff mark by means of hash calculation within a given range. The nfmark can influence the routing method (see "Use netfilter MARK value as routing key") and can also be used by other subsystems to change their behaviour. [ Part of this patch has been refactorized and modified by Pablo Neira Ayuso ] Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-05-08T17:44:42+00:00 Pablo Neira Ayuso pablo@netfilter.org 2012-05-03T02:17:45+00:00 urn:sha1:6714cf5465d2803a21c6a46c1ea747795a8889fa Explicit helper attachment via the CT target is broken with NAT if non-standard ports are used. This problem was hidden behind the automatic helper assignment routine. Thus, it becomes more noticeable now that we can disable the automatic helper assignment with Eric Leblond's: 9e8ac5a netfilter: nf_ct_helper: allow to disable automatic helper assignment Basically, nf_conntrack_alter_reply asks for looking up the helper up if NAT is enabled. Unfortunately, we don't have the conntrack template at that point anymore. Since we don't want to rely on the automatic helper assignment, we can skip the second look-up and stick to the helper that was attached by iptables. With the CT target, the user is in full control of helper attachment, thus, the policy is to trust what the user explicitly configures via iptables (no automatic magic anymore). Interestingly, this bug was hidden by the automatic helper look-up code. But it can be easily trigger if you attach the helper in a non-standard port, eg. iptables -I PREROUTING -t raw -p tcp --dport 8888 \ -j CT --helper ftp And you disabled the automatic helper assignment. I added the IPS_HELPER_BIT that allows us to differenciate between a helper that has been explicitly attached and those that have been automatically assigned. I didn't come up with a better solution (having backward compatibility in mind). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-04-15T16:44:40+00:00 Eric Dumazet eric.dumazet@gmail.com 2012-04-15T05:58:06+00:00 urn:sha1:95c961747284a6b83a5e2d81240e214b0fa3464d Use of "unsigned int" is preferred to bare "unsigned" in net tree. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-04-10T18:30:45+00:00 David S. Miller davem@davemloft.net 2012-04-10T18:30:45+00:00 urn:sha1:06eb4eafbdc0796d741d139a44f1253278da8611