- 28 Jan, 2008 40 commits
-
-
Gui Jianfeng authored
There are useless codes in fib6_del_route(). The following patch has been tested, every thing looks fine, as usual. Signed-off-by:
Gui Jianfeng <guijianfeng@cn.fujitsu.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Rami Rosen authored
Signed-off-by:
Rami Rosen <ramirose@gmail.com> Signed-off-by:
-
Rami Rosen authored
Signed-off-by:
-
Jorge Boncompte authored
Signed-off-by:
Jorge Boncompte <jorge@dti2.net> Signed-off-by:
Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by:
-
Joonwoo Park authored
Signed-off-by:
Joonwoo Park <joonwpark81@gmail.com> Signed-off-by:
-
Chas Williams authored
Signed-off-by:
-
Eric Kinzie authored
Signed-off-by:
-
Adrian Bunk authored
Signed-off-by:
Adrian Bunk <bunk@stusta.de> Signed-off-by:
-
Kay Sievers authored
Signed-off-by:
Kay Sievers <kay.sievers@vrfy.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by:
-
Robert P. J. Day authored
Signed-off-by:
-
Herbert Xu authored
Let's nip the code duplication in the bud :) Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Herbert Xu authored
When netfilter is off the transport-mode async resumption doesn't work because we don't push back the IP header. This patch fixes that by moving most of the code outside of ifdef NETFILTER since the only part that's not common is the short-circuit in the protocol handler. Signed-off-by:
-
Herbert Xu authored
When the output transform returns EINPROGRESS due to async operation we'll free the skb the straight away as if it were an error. This patch fixes that so that the skb is freed when the async operation completes. Signed-off-by:
-
David S. Miller authored
Reported by Denis V. Lunev Signed-off-by: -
Masahide NAKAMURA authored
Signed-off-by:
Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by:
-
Ilpo Järvinen authored
While checking Gavin's patch I noticed that the returned seq_rtt is not used by the caller. Signed-off-by:
Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by:
-
Ilpo Järvinen authored
If snd_wnd - snd_nxt wasn't multiple of MSS, skb was split on odd boundary by the callers of tcp_window_allows. We try really hard to avoid unnecessary modulos. Therefore the old caller side check "if (skb->len < limit)" was too wide as well because limit is not bound in any way to skb->len and can cause spurious testing for trimming in the middle of the queue while we only wanted that to happen at the tail of the queue. A simple additional caller side check for tcp_write_queue_tail would likely have resulted 2 x modulos because the limit would have to be first calculated from window, however, doing that unnecessary modulo is not mandatory. After a minor change to the algorithm, simply determine first if the modulo is needed at all and at that point immediately decide also from which value it should be calculated from. This approach also kills some duplicated code. Signed-off-by:
-
Michael Chan authored
print_mac() used many most net drivers and format_addr() used by net-sysfs.c are very similar and they can be intergrated. format_addr() is also identically redefined in the qla4xxx iscsi driver. Export a new function sysfs_format_mac() to be used by net-sysfs, qla4xxx and others in the future. Both print_mac() and sysfs_format_mac() call _format_mac_addr() to do the formatting. Changed print_mac() to use unsigned char * to be consistent with net_device struct's dev_addr. Added buffer length overrun checking as suggested by Joe Perches. Signed-off-by:
Michael Chan <mchan@broadcom.com> Signed-off-by:
-
Eric Dumazet authored
sk_forward_alloc being signed, we should take care of divides by SK_STREAM_MEM_QUANTUM we do in sk_stream_pages() and __sk_stream_mem_reclaim() This patchs introduces SK_STREAM_MEM_QUANTUM_SHIFT, defined as ilog2(SK_STREAM_MEM_QUANTUM), to be able to use right shifts instead of plain divides. This should help compiler to choose right shifts instead of expensive divides (as seen with CONFIG_CC_OPTIMIZE_FOR_SIZE=y on x86) Signed-off-by:
Eric Dumazet <dada1@cosmosbay.com> Signed-off-by:
-
Masahide NAKAMURA authored
Signed-off-by:
-
Eric W. Biederman authored
I'm actually surprised at how much was involved. At first glance it appears that the neighbour table data structures are already split by network device so all that should be needed is to modify the user interface commands to filter the set of neighbours by the network namespace of their devices. However a couple things turned up while I was reading through the code. The proxy neighbour table allows entries with no network device, and the neighbour parms are per network device (except for the defaults) so they now need a per network namespace default. So I updated the two structures (which surprised me) with their very own network namespace parameter. Updated the relevant lookup and destroy routines with a network namespace parameter and modified the code that interacts with users to filter out neighbour table entries for devices of other namespaces. I'm a little concerned that we can modify and display the global table configuration and from all network namespaces. But this appears good enough for now. I keep thinking modifying the neighbour table to have per network namespace instances of each table type would should be cleaner. The hash table is already dynamically sized so there are it is not a limiter. The default parameter would be straight forward to take care of. However when I look at the how the network table is built and used I still find some assumptions that there is only a single neighbour table for each type of table in the kernel. The netlink operations, neigh_seq_start, the non-core network users that call neigh_lookup. So while it might be doable it would require more refactoring than my current approach of just doing a little extra filtering in the code. Signed-off-by:
Eric W. Biederman <ebiederm@xmission.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by:
-
Paul Moore authored
According to RFC4303, section 3.3.3 we need to drop outgoing packets which cause the replay counter to overflow: 3.3.3. Sequence Number Generation The sender's counter is initialized to 0 when an SA is established. The sender increments the sequence number (or ESN) counter for this SA and inserts the low-order 32 bits of the value into the Sequence Number field. Thus, the first packet sent using a given SA will contain a sequence number of 1. If anti-replay is enabled (the default), the sender checks to ensure that the counter has not cycled before inserting the new value in the Sequence Number field. In other words, the sender MUST NOT send a packet on an SA if doing so would cause the sequence number to cycle. An attempt to transmit a packet that would result in sequence number overflow is an auditable event. The audit log entry for this event SHOULD include the SPI value, current date/time, Source Address, Destination Address, and (in IPv6) the cleartext Flow ID. Signed-off-by:
Paul Moore <paul.moore@hp.com> Acked-by:
James Morris <jmorris@namei.org> Signed-off-by:
-
Paul Moore authored
This patch adds a number of new IPsec audit events to meet the auditing requirements of RFC4303. This includes audit hooks for the following events: * Could not find a valid SA [sections 2.1, 3.4.2] . xfrm_audit_state_notfound() . xfrm_audit_state_notfound_simple() * Sequence number overflow [section 3.3.3] . xfrm_audit_state_replay_overflow() * Replayed packet [section 3.4.3] . xfrm_audit_state_replay() * Integrity check failure [sections 3.4.4.1, 3.4.4.2] . xfrm_audit_state_icvfail() While RFC4304 deals only with ESP most of the changes in this patch apply to IPsec in general, i.e. both AH and ESP. The one case, integrity check failure, where ESP specific code had to be modified the same was done to the AH code for the sake of consistency. Signed-off-by:
-
Eric Dumazet authored
tcp_win_from_space() being signed, compiler might emit an integer divide to compute tcp_win_from_space()/2 . Using right shifts is OK here and less expensive. Signed-off-by:
-
Eric Dumazet authored
tcp_mtu_to_mss() being signed, compiler might emit an integer divide to compute tcp_mtu_to_mss()/2 . Using a right shift is OK here and less expensive. Signed-off-by:
-
David S. Miller authored
Down into the only scope where it is used. Signed-off-by: -
Eric Dumazet authored
Because sk_wmem_queued, sk_sndbuf are signed, a divide per two may force compiler to use an integer divide. We can instead use a right shift. Signed-off-by:
-
Eric Dumazet authored
Before submiting a patch to change a divide to a right shift, I felt necessary to create a helper function tcp_mtu_probing() to reduce length of lines exceeding 100 chars in tcp_write_timeout(). Signed-off-by:
-
Eric Dumazet authored
Since 'goal' is a signed int, compiler may emit an integer divide to compute goal/2. Using a right shift is OK here and less expensive. Signed-off-by:
-
YOSHIFUJI Hideaki authored
Several length variables cannot be negative, so convert int to unsigned int. This also allows us to do sane shift operations on those variables. Signed-off-by:
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by:
-
John W. Linville authored
Signed-off-by:
John W. Linville <linville@tuxdriver.com> Signed-off-by:
-
John W. Linville authored
Signed-off-by:
-
Johannes Berg authored
According to the standard, the field cannot be present, so don't try to interpret it either. Signed-off-by:
Johannes Berg <johannes@sipsolutions.net> Cc: Daniel Drake <dsd@gentoo.org> Signed-off-by:
-
Johannes Berg authored
This patch moves the decision making about whether a frame is encrypted with a certain algorithm up into the TX handlers rather than having it in the crypto algorithm implementation. This fixes a problem with the radiotap injection code where injecting a non-data packet and requesting encryption could end up asking the driver to encrypt a packet without giving it a key. Signed-off-by:
-
Johannes Berg authored
This implements the required cfg80211 callback in mac80211 to allow userspace to get station statistics. Signed-off-by:
-
Johannes Berg authored
After a station is added to the kernel's structures, userspace has to be able to retrieve statistics about that station, especially whether the station was idle and how much bytes were transferred to and from it. This adds the necessary code to nl80211. Signed-off-by:
-
Johannes Berg authored
This patch adds station handling to cfg80211/nl80211. Signed-off-by:
-
Johannes Berg authored
This adds the necessary API to cfg80211/nl80211 to allow changing beaconing settings. Signed-off-by:
-
Johannes Berg authored
This implements cfg80211's get_key() to allow retrieving the sequence counter for a TKIP or CCMP key from userspace. It also cleans up and documents the associated low-level driver interface. Signed-off-by:
-
Johannes Berg authored
This adds the necessary hooks to mac80211 to allow userspace to edit keys with cfg80211 (through nl80211.) Signed-off-by:
-
