]> err.no Git - linux-2.6/log
linux-2.6
18 years ago[NET] net/core: Annotations.
Al Viro [Wed, 15 Nov 2006 04:48:11 +0000 (20:48 -0800)]
[NET] net/core: Annotations.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IRDA]: Trivial annotations.
Al Viro [Wed, 15 Nov 2006 04:47:46 +0000 (20:47 -0800)]
[IRDA]: Trivial annotations.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETPOLL]: Minor coding-style cleanups.
David S. Miller [Wed, 15 Nov 2006 04:40:49 +0000 (20:40 -0800)]
[NETPOLL]: Minor coding-style cleanups.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Supporting UDP-Lite (RFC 3828) in Linux
Gerrit Renker [Mon, 27 Nov 2006 19:10:57 +0000 (11:10 -0800)]
[NET]: Supporting UDP-Lite (RFC 3828) in Linux

This is a revision of the previously submitted patch, which alters
the way files are organized and compiled in the following manner:

* UDP and UDP-Lite now use separate object files
* source file dependencies resolved via header files
  net/ipv{4,6}/udp_impl.h
* order of inclusion files in udp.c/udplite.c adapted
  accordingly

[NET/IPv4]: Support for the UDP-Lite protocol (RFC 3828)

This patch adds support for UDP-Lite to the IPv4 stack, provided as an
extension to the existing UDPv4 code:
        * generic routines are all located in net/ipv4/udp.c
        * UDP-Lite specific routines are in net/ipv4/udplite.c
        * MIB/statistics support in /proc/net/snmp and /proc/net/udplite
        * shared API with extensions for partial checksum coverage

[NET/IPv6]: Extension for UDP-Lite over IPv6

It extends the existing UDPv6 code base with support for UDP-Lite
in the same manner as per UDPv4. In particular,
        * UDPv6 generic and shared code is in net/ipv6/udp.c
        * UDP-Litev6 specific extensions are in net/ipv6/udplite.c
        * MIB/statistics support in /proc/net/snmp6 and /proc/net/udplite6
        * support for IPV6_ADDRFORM
        * aligned the coding style of protocol initialisation with af_inet6.c
        * made the error handling in udpv6_queue_rcv_skb consistent;
          to return `-1' on error on all error cases
        * consolidation of shared code

[NET]: UDP-Lite Documentation and basic XFRM/Netfilter support

The UDP-Lite patch further provides
        * API documentation for UDP-Lite
        * basic xfrm support
        * basic netfilter support for IPv4 and IPv6 (LOG target)

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPv6] prefix: Convert RTM_NEWPREFIX notifications to use the new netlink api
Thomas Graf [Wed, 15 Nov 2006 03:54:19 +0000 (19:54 -0800)]
[IPv6] prefix: Convert RTM_NEWPREFIX notifications to use the new netlink api

RTM_GETPREFIX is completely unused and is thus removed.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPv6] iflink: Convert IPv6's RTM_GETLINK to use the new netlink api
Thomas Graf [Wed, 15 Nov 2006 03:53:58 +0000 (19:53 -0800)]
[IPv6] iflink: Convert IPv6's RTM_GETLINK to use the new netlink api

By replacing the current method of exporting the device configuration
which included allocating a temporary buffer, copying ipv6_devconf
into it and copying that buffer into the message with a method that
uses nla_reserve() allowing to copy the device configuration directly
into the skb data buffer, a GFP_ATOMIC allocation could be removed.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[TCP]: Fix some warning when MD5 is disabled.
David S. Miller [Wed, 15 Nov 2006 03:53:22 +0000 (19:53 -0800)]
[TCP]: Fix some warning when MD5 is disabled.

Just some mis-placed ifdefs:

net/ipv4/tcp_minisocks.c: In function ‘tcp_twsk_destructor’:
net/ipv4/tcp_minisocks.c:364: warning: unused variable ‘twsk’
net/ipv6/tcp_ipv6.c:1846: warning: ‘tcp_sock_ipv6_specific’ defined but not used
net/ipv6/tcp_ipv6.c:1877: warning: ‘tcp_sock_ipv6_mapped_specific’ defined but not used

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[GENL]: Add genlmsg_put_reply() to simplify building reply headers
Thomas Graf [Wed, 15 Nov 2006 03:46:02 +0000 (19:46 -0800)]
[GENL]: Add genlmsg_put_reply() to simplify building reply headers

By modyfing genlmsg_put() to take a genl_family and by adding
genlmsg_put_reply() the process of constructing the netlink
and generic netlink headers is simplified.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[GENL]: Add genlmsg_reply() to simply unicast replies to requests
Thomas Graf [Wed, 15 Nov 2006 03:45:27 +0000 (19:45 -0800)]
[GENL]: Add genlmsg_reply() to simply unicast replies to requests

A generic netlink user has no interest in knowing how to
address the source of the original request.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[GENL]: Add genlmsg_new() to allocate generic netlink messages
Thomas Graf [Wed, 15 Nov 2006 03:44:52 +0000 (19:44 -0800)]
[GENL]: Add genlmsg_new() to allocate generic netlink messages

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[TCP]: MD5 Signature Option (RFC2385) support.
YOSHIFUJI Hideaki [Wed, 15 Nov 2006 03:07:45 +0000 (19:07 -0800)]
[TCP]: MD5 Signature Option (RFC2385) support.

Based on implementation by Rick Payne.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years agonetpoll header cleanup
Stephen Hemminger [Thu, 26 Oct 2006 22:46:56 +0000 (15:46 -0700)]
netpoll header cleanup

As Steve left netpoll beast, hopefully not to return soon.
He noticed that the header was messy. He straightened it
up and polished it a little, then waved goodbye.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
18 years agonetpoll queue cleanup
Stephen Hemminger [Thu, 26 Oct 2006 22:46:55 +0000 (15:46 -0700)]
netpoll queue cleanup

The beast had a long and not very happy history. At one
point, a friend (netdump) had asked that he open up a little.
Well, the friend was long gone now, and the beast had
this dangling piece hanging (netpoll_queue).

It wasn't hard to stitch the netpoll_queue back in
where it belonged and make everything tidy.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
18 years agonetpoll retry cleanup
Stephen Hemminger [Thu, 26 Oct 2006 22:46:54 +0000 (15:46 -0700)]
netpoll retry cleanup

The netpoll beast was still not happy. If the beast got
clogged pipes, it tended to stare blankly off in space
for a long time.

The problem couldn't be completely fixed because the
beast talked with irq's disabled. But it could be made
less painful and shorter.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
18 years agonetpoll deferred transmit path
Stephen Hemminger [Thu, 26 Oct 2006 22:46:53 +0000 (15:46 -0700)]
netpoll deferred transmit path

When the netpoll beast got busy, he tended to babble.
Instead of talking out of his large mouth as normal,
he tended to try to snort out other orifices. This lead
to words (skbs) ending up in odd places (like NIT) that
he did not intend.

The normal way of talking wouldn't work, but he could
at least change to using the same tone all the time.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
18 years agonetpoll setup error handling
Stephen Hemminger [Thu, 26 Oct 2006 22:46:52 +0000 (15:46 -0700)]
netpoll setup error handling

The beast was not always healthy. When it was sick,
it tended to be laconic and not tell anyone the real problem.
A few small changes had it telling the world about its
problems, if they really wanted to hear.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
18 years agonetpoll per device txq
Stephen Hemminger [Thu, 26 Oct 2006 22:46:51 +0000 (15:46 -0700)]
netpoll per device txq

When the netpoll beast got really busy, it tended to clog
things, so it stored them for later. But the beast was putting
all it's skb's in one basket. This was bad because maybe some
pipes were clogged and others were not.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
18 years agonetpoll info leak
Stephen Hemminger [Thu, 26 Oct 2006 22:46:50 +0000 (15:46 -0700)]
netpoll info leak

After looking harder, Steve noticed that the netpoll
beast leaked a little every time it shutdown for a nap.
Not a big leak, but a nuisance kind of thing.

He took out his refcount duct tape and patched the
leak. It was overkill since there was already other
locking in that area, but it looked clean and wouldn't
attract fleas.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
18 years agonetpoll: private skb pool (rev3)
Stephen Hemminger [Tue, 14 Nov 2006 18:43:58 +0000 (10:43 -0800)]
netpoll: private skb pool (rev3)

It was a dark and stormy night when Steve first saw the
netpoll beast. The beast was odd, and misshapen but not
extremely ugly.

"Let me take off one of your warts" he said. This wart
is where you tried to make an skb list yourself. If the
beast had ever run out of memory, he would have stupefied
himself unnecessarily.

The first try was painful, so he tried again till the bleeding
stopped. And again, and again...

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
18 years ago[DCCP] ACKVEC: Optimization - Do not traverse records if none will be found
Andrea Bittau [Tue, 14 Nov 2006 15:19:45 +0000 (13:19 -0200)]
[DCCP] ACKVEC: Optimization - Do not traverse records if none will be found

Do not traverse the list of ack vector records [proportional to window size]
when we know we will not find what we are looking for.  This is especially
useful because ack vectors are checked twice:
1) Upon parsing of options.
2) Upon notification of a new ack.

All of the work will occur during check #1.  Therefore, when check #2 is
performed, no new work will be done.  This is now "detected" and there is no
performance hit when doing #2.

Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCP]: Miscellaneous code tidy-ups
Gerrit Renker [Tue, 14 Nov 2006 14:57:34 +0000 (12:57 -0200)]
[DCCP]: Miscellaneous code tidy-ups

This patch does not change code; it performs some trivial clean/tidy-ups:

  * removal of a `debug_prefix' string in favour of the
    already existing dccp_role(sk)

  * add documentation of structures and constants

  * separated out the cases for invalid packets (step 1
    of the packet validation)

  * removing duplicate statements

  * combining declaration & initialisation

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCP]: Make feature negotiation more readable
Gerrit Renker [Tue, 14 Nov 2006 14:48:10 +0000 (12:48 -0200)]
[DCCP]: Make feature negotiation more readable

This patch replaces cryptic feature negotiation messages of type

Oct 31 15:42:20 kernel: dccp_feat_change: feat change type=32 feat=1
Oct 31 15:42:21 kernel: dccp_feat_change: feat change type=34 feat=1
Oct 31 15:42:21 kernel: dccp_feat_change: feat change type=32 feat=5

into ones of type:

Nov  2 13:54:45 kernel: dccp_feat_change: ChangeL(CCID (1), 3)
Nov  2 13:54:45 kernel: dccp_feat_change: ChangeR(CCID (1), 3)
Nov  2 13:54:45 kernel: dccp_feat_change: ChangeL(Ack Ratio (5), 2)

Also,
* completed the feature number list wrt RFC 4340 sec. 6.4
* annotating which ones have been implemented so far
* implemented rudimentary sanity checking in feat.c (FIXMEs)
* some minor fixes

Commiter note: uninlined dccp_feat_name and dccp_feat_typename, for
               consistency with dccp_{state,packet}_name, that, BTW,
               should be compiled only if CONFIG_IP_DCCP_DEBUG is
               selected, leaving this to another cset tho. Also
               shortened dccp_feat_negotiation_debug to dccp_feat_debug.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCPv6]: Resolve conditional build problem
Gerrit Renker [Tue, 14 Nov 2006 13:50:36 +0000 (11:50 -0200)]
[DCCPv6]: Resolve conditional build problem

Resolves the problem that if IPv6 was configured `y' and DCCP `m' then
dccp_ipv6 was not built as a module. With this change, dccp_ipv6 is built
as a module whenever DCCP *OR* IPv6 are configured as modules; it will be
built-in only if both DCCP = `y' and IPV6 = `y'.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[TCP/DCCP]: Introduce net_xmit_eval
Gerrit Renker [Tue, 14 Nov 2006 13:21:36 +0000 (11:21 -0200)]
[TCP/DCCP]: Introduce net_xmit_eval

Throughout the TCP/DCCP (and tunnelling) code, it often happens that the
return code of a transmit function needs to be tested against NET_XMIT_CN
which is a value that does not indicate a strict error condition.

This patch uses a macro for these recurring situations which is consistent
with the already existing macro net_xmit_errno, saving on duplicated code.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[SCTP]: Cleanup of the sctp state table code.
Peter Zijlstra [Tue, 14 Nov 2006 00:19:07 +0000 (16:19 -0800)]
[SCTP]: Cleanup of the sctp state table code.

I noticed an insane high density of repeated characters fixable by a
simple regular expression:

  % s/{.fn = \([^,]*\),[[:space:]]\+\(\\\n[[:space:]]\+\)\?.name = "\1"}/TYPE_SCTP_FUNC(\1)/g

(NOTE: the .name for .fn = sctp_sf_do_9_2_start_shutdown didn't match)

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[ATM] ambassador,firestream: "-1 >>" is implementation defined
Alexey Dobriyan [Tue, 14 Nov 2006 00:12:08 +0000 (16:12 -0800)]
[ATM] ambassador,firestream: "-1 >>" is implementation defined

6.5.7(5): The result of E1 >> E2 is E1 right-shifted E2 bit positions.
...
If E1 has a signed type and a negative value, the resulting value
is implementation defined.

So, cast -1 to unsigned type to make result well-defined.

[ Modified to use ~0U based upon recommendation from Al Viro. -DaveM ]

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[SELinux]: Add support for DCCP
James Morris [Tue, 14 Nov 2006 00:09:01 +0000 (16:09 -0800)]
[SELinux]: Add support for DCCP

This patch implements SELinux kernel support for DCCP
(http://linux-net.osdl.org/index.php/DCCP), which is similar in
operation to TCP in terms of connected state between peers.

The SELinux support for DCCP is thus modeled on existing handling of
TCP.

A new DCCP socket class is introduced, to allow protocol
differentation.  The permissions for this class inherit all of the
socket permissions, as well as the current TCP permissions (node_bind,
name_bind etc). IPv4 and IPv6 are supported, although labeled
networking is not, at this stage.

Patches for SELinux userspace are at:
http://people.redhat.com/jmorris/selinux/dccp/user/

I've performed some basic testing, and it seems to be working as
expected.  Adding policy support is similar to TCP, the only real
difference being that it's a different protocol.

Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: The scheduled removal of the frame diverter.
Adrian Bunk [Tue, 14 Nov 2006 00:02:22 +0000 (16:02 -0800)]
[NET]: The scheduled removal of the frame diverter.

This patch contains the scheduled removal of the frame diverter.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCPv6]: Choose a genuine initial sequence number
Gerrit Renker [Mon, 13 Nov 2006 15:34:38 +0000 (13:34 -0200)]
[DCCPv6]: Choose a genuine initial sequence number

This
* resolves a FIXME - DCCPv6 connections started all with
  an initial sequence number of 1;
* provides a redirection `secure_dccpv6_sequence_number'
  in case the init_sequence_v6 code should be updated later;
* concentrates the update of S.GAR into dccp_connect_init();
* removes a duplicate dccp_update_gss() in ipv4.c;
* uses inet->dport instead of usin->sin_port, due to the
  following assignment in dccp_v4_connect():
  inet->dport = usin->sin_port;

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCP]: Remove redundant statements in init_sequence (ISS)
Gerrit Renker [Mon, 13 Nov 2006 15:31:50 +0000 (13:31 -0200)]
[DCCP]: Remove redundant statements in init_sequence (ISS)

This patch removes the following redundancies:

 1) The test skb->protocol == htons(ETH_P_IPV6) in dccp_v6_init_sequence
    is always true since
     * dccp_v6_conn_request() is the only calling function
     * dccp_v6_conn_request() redirects all skb's with ETH_P_IP to
       dccp_v4_conn_request()

 2) The first argument, `struct sock *sk', of dccp_v{4,6}_init_sequence()
    is never used.

(This is similar for tcp_v{4,6}_init_sequence, an analogous patch has been
 submitted to netdev and merged.)

By the way - are the `sport' / `dport' arguments in the right order?
I have made them consistent among calls but they seem to be in the
reverse order.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCP]: Remove forward declarations in timer.c
Gerrit Renker [Mon, 13 Nov 2006 15:26:51 +0000 (13:26 -0200)]
[DCCP]: Remove forward declarations in timer.c

This removes 3 forward declarations by reordering 2 functions.

No code change at all.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCP]: Introduce a consistent naming scheme for sysctls
Gerrit Renker [Mon, 13 Nov 2006 15:25:41 +0000 (13:25 -0200)]
[DCCP]: Introduce a consistent naming scheme for sysctls

In order to make their function clearer and obtain a consistent naming
scheme to identify sysctls, all existing DCCP sysctls have been prefixed
with `sysctl_dccp', following the same convention as used by TCP.

Feature-specific sysctls retain the `feat' in the middle, although the
`default' has been dropped, since it is obvious from use.

Also removed a duplicate `dccp_feat_default_sequence_window' in ipv4.c.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCP]: Add sysctls to control retransmission behaviour
Gerrit Renker [Mon, 13 Nov 2006 15:23:52 +0000 (13:23 -0200)]
[DCCP]: Add sysctls to control retransmission behaviour

This adds 3 sysctls which govern the retransmission behaviour of DCCP control
packets (3way handshake, feature negotiation).

It removes 4 FIXMEs from the code.

The close resemblance of sysctl variables to their TCP analogues is emphasised
not only by their name, but also by giving them the same initial values.
This is useful since there is not much practical experience with DCCP yet.

Furthermore, with regard to the previous patch, it is now possible to limit
the number of keepalive-Responses by setting net.dccp.default.request_retries
(also a bit like in TCP).

Lastly, added documentation of all existing DCCP sysctls.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCP]: Increment sequence numbers on retransmitted Response packets
Gerrit Renker [Mon, 13 Nov 2006 15:12:07 +0000 (13:12 -0200)]
[DCCP]: Increment sequence numbers on retransmitted Response packets

Problem:

18 years ago[DCCP]: Update comments on precisely which packets can be retransmitted
Gerrit Renker [Mon, 13 Nov 2006 15:07:51 +0000 (13:07 -0200)]
[DCCP]: Update comments on precisely which packets can be retransmitted

This updates program documentation: spell out precise conditions about
which packets are eligible for retransmission (which is actually quite
hard to extract from RFC 4340).

It is based on the following table derived from RFC 4340:

+-----------+---------------------------------+---------------------+
|   Type    | Retransmit?                     |  Remark             |
+-----------+---------------------------------+---------------------+
| Request   |  in client-REQUEST state        | sec. 8.1.1          |
| Response  |  NEVER                          | SHOULD NOT, 8.1.3   |
| Data      |  NEVER                          | unreliable protocol |
| Ack       |  possible in client-PARTOPEN    | sec. 8.1.5          |
| DataAck   |  NEVER                          | unreliable protocol |
| CloseReq  |  only in server-CLOSEREQ state  | MUST, sec. 8.3      |
| Close     |  in node-CLOSING state          | MUST, sec. 8.3      |
+-----------+-------------------------------------------------------+
| Reset     |  only in response to other packets                    |
| Sync      |  only in response to sequence-invalid packets (7.5.4) |
| SyncAck   |  only in response to Sync packets                     |
+-----------+-------------------------------------------------------+

Hence the only packets eligible for retransmission are:
       * Requests in client-REQUEST  state (sec. 8.1.1)
       * Acks     in client-PARTOPEN state (sec. 8.1.5)
       * CloseReq in server-CLOSEREQ state (sec. 8.3)
       * Close    in   node-CLOSING  state (sec. 8.3)

I had meant to put in a check for these types too, but have left that
for later.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DECNET]: Fix build regressions.
David S. Miller [Mon, 13 Nov 2006 07:02:01 +0000 (23:02 -0800)]
[DECNET]: Fix build regressions.

Spotted by Arnaldo.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[TCP] htcp: Better packing of struct htcp.
David S. Miller [Fri, 10 Nov 2006 23:01:14 +0000 (15:01 -0800)]
[TCP] htcp: Better packing of struct htcp.

Based upon a patch by Joe Perches.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPv6]: Only modify checksum for UDP
Brian Haley [Fri, 10 Nov 2006 22:54:51 +0000 (14:54 -0800)]
[IPv6]: Only modify checksum for UDP

Only change upper-layer checksum from 0 to 0xFFFF for UDP (as RFC 768
states), not for others as RFC 4443 doesn't require it.

Signed-off-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPv6] rules: Remove bogus tos validation check
Thomas Graf [Fri, 10 Nov 2006 22:11:04 +0000 (14:11 -0800)]
[IPv6] rules: Remove bogus tos validation check

Noticed by Al Viro:
     (frh->tos & ~IPV6_FLOWINFO_MASK))
where IPV6_FLOWINFO_MASK is htonl(0xfffffff) and frh->tos
is u8, which makes no sense here...

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETLINK]: Do precise netlink message allocations where possible
Thomas Graf [Fri, 10 Nov 2006 22:10:15 +0000 (14:10 -0800)]
[NETLINK]: Do precise netlink message allocations where possible

Account for the netlink message header size directly in nlmsg_new()
instead of relying on the caller calculate it correctly.

Replaces error handling of message construction functions when
constructing notifications with bug traps since a failure implies
a bug in calculating the size of the skb.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[TCP]: Remove dead code in init_sequence
Gerrit Renker [Fri, 10 Nov 2006 22:06:49 +0000 (14:06 -0800)]
[TCP]: Remove dead code in init_sequence

This removes two redundancies:

1) The test (skb->protocol == htons(ETH_P_IPV6) in tcp_v6_init_sequence()
   is always true, due to
* tcp_v6_conn_request() is the only function calling this one
* tcp_v6_conn_request() redirects all skb's with ETH_P_IP protocol to
  tcp_v4_conn_request() [ cf. top of tcp_v6_conn_request()]

2) The first argument, `struct sock *sk' of tcp_v{4,6}_init_sequence() is
   never used.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP]: Support for partial checksums (RFC 4340, sec. 9.2)
Gerrit Renker [Fri, 10 Nov 2006 19:43:06 +0000 (17:43 -0200)]
[DCCP]: Support for partial checksums (RFC 4340, sec. 9.2)

This patch does the following:
  a) introduces variable-length checksums as specified in [RFC 4340, sec. 9.2]
  b) provides necessary socket options and documentation as to how to use them
  c) basic support and infrastructure for the Minimum Checksum Coverage feature
     [RFC 4340, sec. 9.2.1]: acceptability tests, user notification and user
     interface

In addition, it

 (1) fixes two bugs in the DCCPv4 checksum computation:
  * pseudo-header used checksum_len instead of skb->len
* incorrect checksum coverage calculation based on dccph_x
 (2) removes dccp_v4_verify_checksum() since it reduplicates code of the
     checksum computation; code calling this function is updated accordingly.
 (3) now uses skb_checksum(), which is safer than checksum_partial() if the
     sk_buff has is a non-linear buffer (has pages attached to it).
 (4) fixes an outstanding TODO item:
        * If P.CsCov is too large for the packet size, drop packet and return.

The code has been tested with applications, the latest version of tcpdump now
comes with support for partial DCCP checksums.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[IPV6]: Per-interface statistics support.
YOSHIFUJI Hideaki [Sat, 4 Nov 2006 11:11:37 +0000 (20:11 +0900)]
[IPV6]: Per-interface statistics support.

For IP MIB (RFC4293).

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
18 years ago[IPV6]: Introduce ip6_dst_idev() to get inet6_dev{} stored in dst_entry{}.
YOSHIFUJI Hideaki [Fri, 13 Oct 2006 07:17:25 +0000 (16:17 +0900)]
[IPV6]: Introduce ip6_dst_idev() to get inet6_dev{} stored in dst_entry{}.

Otherwise, we will see a lot of casts...

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
18 years ago[IPV6] ROUTE: Use &rt->u.dst instead of cast.
YOSHIFUJI Hideaki [Thu, 19 Oct 2006 04:50:09 +0000 (13:50 +0900)]
[IPV6] ROUTE: Use &rt->u.dst instead of cast.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
18 years ago[IPV6] ROUTE: Use macros to format /proc/net/ipv6_route.
YOSHIFUJI Hideaki [Fri, 13 Oct 2006 17:00:56 +0000 (02:00 +0900)]
[IPV6] ROUTE: Use macros to format /proc/net/ipv6_route.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
18 years ago[DCCP]: Update code comments for Step 2/3
Gerrit Renker [Fri, 10 Nov 2006 18:29:14 +0000 (16:29 -0200)]
[DCCP]: Update code comments for Step 2/3

Sorts out the comments for processing steps 2,3 in section 8.5 of RFC 4340.
All comments have been updated against this document, and the reference to step
2 has been made consistent throughout the files.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCP]: tidy up dccp_v{4,6}_conn_request
Gerrit Renker [Fri, 10 Nov 2006 18:08:37 +0000 (16:08 -0200)]
[DCCP]: tidy up dccp_v{4,6}_conn_request

This is a code simplification to remove reduplicated code
by concentrating and abstracting shared code.

Detailed Changes:

18 years ago[DCCP]: Fix logfile overflow
Ian McDonald [Fri, 10 Nov 2006 15:09:10 +0000 (13:09 -0200)]
[DCCP]: Fix logfile overflow

This patch fixes data being spewed into the logs continually. As the
code stood if there was a large queue and long delays timeo would go
down to zero and never get reset.

This fixes it by resetting timeo. Put constant into header as well.

Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCP]: Fix DCCP Probe Typo
Ian McDonald [Fri, 10 Nov 2006 15:04:52 +0000 (13:04 -0200)]
[DCCP]: Fix DCCP Probe Typo

Fixes a typo in Kconfig, patch is by Ian McDonald and is re-sent from
http://www.mail-archive.com/dccp@vger.kernel.org/msg00579.html

Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCPv6]: remove forward declarations in ipv6.c
Gerrit Renker [Fri, 10 Nov 2006 15:01:31 +0000 (13:01 -0200)]
[DCCPv6]: remove forward declarations in ipv6.c

This does the same for ipv6.c as the preceding one does for ipv4.c: Only the
inet_connection_sock_af_ops forward declarations remain, since at least
dccp_ipv6_mapped has a circular dependency to dccp_v6_request_recv_sock.

No code change, merely re-ordering.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCPv4]: remove forward declarations in ipv4.c
Gerrit Renker [Fri, 10 Nov 2006 14:52:36 +0000 (12:52 -0200)]
[DCCPv4]: remove forward declarations in ipv4.c

This relates to Arnaldo's announcement in
http://www.mail-archive.com/dccp@vger.kernel.org/msg00604.html

Originally this had been part of the Oops fix and is a revised variant of
http://www.mail-archive.com/dccp@vger.kernel.org/msg00598.html

No code change, merely reshuffling, with the particular objective of
having all request_sock_ops close(r) together for more clarity.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCP]: calling dccp_v{4,6}_reqsk_send_ack is a BUG
Gerrit Renker [Fri, 10 Nov 2006 14:32:01 +0000 (12:32 -0200)]
[DCCP]: calling dccp_v{4,6}_reqsk_send_ack is a BUG

This patch removes two functions, the send_ack functions of request_sock,
which are not called/used by the DCCP code. It is correct that these
functions are not called, below is a justification why calling these
functions (on a passive socket in the LISTEN/RESPOND state) would mean
a DCCP protocol violation.

A) Background: using request_sock in TCP:

18 years ago[DCCP] timewait: Remove leftover extern declarations
Arnaldo Carvalho de Melo [Fri, 10 Nov 2006 14:01:52 +0000 (12:01 -0200)]
[DCCP] timewait: Remove leftover extern declarations

Gerrit Renker noticed dccp_tw_deschedule and submitted a patch with a FIXME,
but as he suggests in the same patch the best thing is to just ditch this
declaration, while doing that also noticed that tcp_tw_count is as well not
defined anywhere, so ditch it too.

Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCP]: Simplify jump labels in dccp_v{4,6}_rcv
Gerrit Renker [Fri, 10 Nov 2006 13:46:34 +0000 (11:46 -0200)]
[DCCP]: Simplify jump labels in dccp_v{4,6}_rcv

This is a code simplification and was singled out from the
DCCPv6 Oops patch on
http://www.mail-archive.com/dccp@vger.kernel.org/msg00600.html

It mainly makes the code consistent between ipv{4,6}.c for the functions
        dccp_v4_rcv
        dccp_v6_rcv
and removes the do_time_wait label to simplify code somewhat.

Commiter note: fixed up a compile problem, trivial.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCP]: Combine allocating & zeroing header space on skb
Gerrit Renker [Fri, 10 Nov 2006 13:22:32 +0000 (11:22 -0200)]
[DCCP]: Combine allocating & zeroing header space on skb

This is a code simplification:
it combines three often recurring operations into one inline function,

        * allocate `len' bytes header space in skb
        * fill these `len' bytes with zeroes
        * cast the start of this header space as dccp_hdr

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCPv6]: Add a FIXME for missing IPV6_PKTOPTIONS
Gerrit Renker [Fri, 10 Nov 2006 13:13:33 +0000 (11:13 -0200)]
[DCCPv6]: Add a FIXME for missing IPV6_PKTOPTIONS

This refers to the possible memory leak pointed out in
http://www.mail-archive.com/dccp@vger.kernel.org/msg00574.html,
fixed by David Miller in
http://www.mail-archive.com/netdev@vger.kernel.org/msg24881.html

and adds a FIXME to point out where code is missing.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[DCCP]: set safe upper bound for option length
Gerrit Renker [Fri, 10 Nov 2006 04:13:56 +0000 (02:13 -0200)]
[DCCP]: set safe upper bound for option length

This is a re-send from
http://www.mail-archive.com/dccp@vger.kernel.org/msg00553.html

It is the same patch as before, but I have built in Arnaldo's suggestions
pointed out in that posting.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
18 years ago[TCP]: Don't set SKB owner in tcp_transmit_skb().
David S. Miller [Fri, 10 Nov 2006 03:58:25 +0000 (19:58 -0800)]
[TCP]: Don't set SKB owner in tcp_transmit_skb().

The data itself is already charged to the SKB, doing
the skb_set_owner_w() just generates a lot of noise and
extra atomics we don't really need.

Lmbench improvements on lat_tcp are minimal:

before:
TCP latency using localhost: 23.2701 microseconds
TCP latency using localhost: 23.1994 microseconds
TCP latency using localhost: 23.2257 microseconds

after:
TCP latency using localhost: 22.8380 microseconds
TCP latency using localhost: 22.9465 microseconds
TCP latency using localhost: 22.8462 microseconds

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET] ip-sysctl.txt: Alphabetize.
Stephen Hemminger [Fri, 10 Nov 2006 00:37:26 +0000 (16:37 -0800)]
[NET] ip-sysctl.txt: Alphabetize.

Rearrange TCP entries in alpha order.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[TCP]: Allow autoloading of congestion control via setsockopt.
Stephen Hemminger [Fri, 10 Nov 2006 00:36:36 +0000 (16:36 -0800)]
[TCP]: Allow autoloading of congestion control via setsockopt.

If user has permision to load modules, then autoload then attempt
autoload of TCP congestion module.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[TCP]: Restrict congestion control choices.
Stephen Hemminger [Fri, 10 Nov 2006 00:35:15 +0000 (16:35 -0800)]
[TCP]: Restrict congestion control choices.

Allow normal users to only choose among a restricted set of congestion
control choices.  The default is reno and what ever has been configured
as default. But the policy can be changed by administrator at any time.

For example, to allow any choice:
    cp /proc/sys/net/ipv4/tcp_available_congestion_control \
       /proc/sys/net/ipv4/tcp_allowed_congestion_control

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[TCP]: Add tcp_available_congestion_control sysctl.
Stephen Hemminger [Fri, 10 Nov 2006 00:32:06 +0000 (16:32 -0800)]
[TCP]: Add tcp_available_congestion_control sysctl.

Create /proc/sys/net/ipv4/tcp_available_congestion_control
that reflects currently available TCP choices.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[SCTP]: Fix warning
Vlad Yasevich [Fri, 10 Nov 2006 00:29:57 +0000 (16:29 -0800)]
[SCTP]: Fix warning

An alternate solution would be to make the digest a pointer, allocate
it in sctp_endpoint_init() and free it in sctp_endpoint_destroy().

I guess I should have originally done it this way...

  CC [M]  net/sctp/sm_make_chunk.o
net/sctp/sm_make_chunk.c: In function 'sctp_unpack_cookie':
net/sctp/sm_make_chunk.c:1358: warning: initialization discards qualifiers from pointer target type

The reason is that sctp_unpack_cookie() takes a const struct
sctp_endpoint and modifies the digest in it (digest being embedded in
the struct, not a pointer).  Make digest a pointer to fix this
warning.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Acked-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6] tcp: Fix typo _read_mostly --> __read_mostly.
David S. Miller [Fri, 10 Nov 2006 00:26:09 +0000 (16:26 -0800)]
[IPV6] tcp: Fix typo _read_mostly --> __read_mostly.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP]: Fix typo _read_mostly --> __read_mostly.
David S. Miller [Fri, 10 Nov 2006 00:23:22 +0000 (16:23 -0800)]
[DCCP]: Fix typo _read_mostly --> __read_mostly.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Size listen hash tables using backlog hint
Eric Dumazet [Thu, 16 Nov 2006 10:30:37 +0000 (02:30 -0800)]
[NET]: Size listen hash tables using backlog hint

We currently allocate a fixed size (TCP_SYNQ_HSIZE=512) slots hash table for
each LISTEN socket, regardless of various parameters (listen backlog for
example)

On x86_64, this means order-1 allocations (might fail), even for 'small'
sockets, expecting few connections. On the contrary, a huge server wanting a
backlog of 50000 is slowed down a bit because of this fixed limit.

This patch makes the sizing of listen hash table a dynamic parameter,
depending of :
- net.core.somaxconn tunable (default is 128)
- net.ipv4.tcp_max_syn_backlog tunable (default : 256, 1024 or 128)
- backlog value given by user application  (2nd parameter of listen())

For large allocations (bigger than PAGE_SIZE), we use vmalloc() instead of
kmalloc().

We still limit memory allocation with the two existing tunables (somaxconn &
tcp_max_syn_backlog). So for standard setups, this patch actually reduce RAM
usage.

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[PKT_SCHED]: Make sch_fifo.o available when CONFIG_NET_SCHED is not set.
David Kimdon [Fri, 10 Nov 2006 00:16:21 +0000 (16:16 -0800)]
[PKT_SCHED]: Make sch_fifo.o available when CONFIG_NET_SCHED is not set.

Based on patch by Patrick McHardy.

Add a new option, NET_SCH_FIFO, which provides a simple fifo qdisc
without requiring CONFIG_NET_SCHED.

The d80211 stack needs a generic fifo qdisc for WME.  At present it
uses net/d80211/fifo_qdisc.c which is functionally equivalent to
sch_fifo.c.  This patch will allow the d80211 stack to remove
net/d80211/fifo_qdisc.c and use sch_fifo.c instead.

Signed-off-by: David Kimdon <david.kimdon@devicescape.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET] rules: Add support to invert selectors
Thomas Graf [Thu, 9 Nov 2006 23:23:20 +0000 (15:23 -0800)]
[NET] rules: Add support to invert selectors

Introduces a new flag FIB_RULE_INVERT causing rules to apply
if the specified selector doesn't match.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET] rules: Share common attribute validation policy
Thomas Graf [Thu, 9 Nov 2006 23:22:48 +0000 (15:22 -0800)]
[NET] rules: Share common attribute validation policy

Move the attribute policy for the non-specific attributes into
net/fib_rules.h and include it in the respective protocols.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET] rules: Protocol independant mark selector
Thomas Graf [Thu, 9 Nov 2006 23:22:18 +0000 (15:22 -0800)]
[NET] rules: Protocol independant mark selector

Move mark selector currently implemented per protocol into
the protocol independant part.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV4] nl_fib_lookup: Rename fl_fwmark to fl_mark
Thomas Graf [Thu, 9 Nov 2006 23:21:41 +0000 (15:21 -0800)]
[IPV4] nl_fib_lookup: Rename fl_fwmark to fl_mark

For the sake of consistency.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Rethink mark field in struct flowi
Thomas Graf [Thu, 9 Nov 2006 23:20:38 +0000 (15:20 -0800)]
[NET]: Rethink mark field in struct flowi

Now that all protocols have been made aware of the mark
field it can be moved out of the union thus simplyfing
its usage.

The config options in the IPv4/IPv6/DECnet subsystems
to enable respectively disable mark based routing only
obfuscate the code with ifdefs, the cost for the
additional comparison in the flow key is insignificant,
and most distributions have all these options enabled
by default anyway. Therefore it makes sense to remove
the config options and enable mark based routing by
default.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Turn nfmark into generic mark
Thomas Graf [Thu, 9 Nov 2006 23:19:14 +0000 (15:19 -0800)]
[NET]: Turn nfmark into generic mark

nfmark is being used in various subsystems and has become
the defacto mark field for all kinds of packets. Therefore
it makes sense to rename it to `mark' and remove the
dependency on CONFIG_NETFILTER.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DECNET]: Don't clear memory twice.
Ralf Baechle [Thu, 9 Nov 2006 07:02:19 +0000 (23:02 -0800)]
[DECNET]: Don't clear memory twice.

When dn_neigh.c was converted from kmalloc to kzalloc in commit
0da974f4f303a6842516b764507e3c0a03f41e5a it was missed that
dn_neigh_seq_open was actually clearing the allocation twice was
missed.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[XFRM]: uninline xfrm_selector_match()
Andrew Morton [Thu, 9 Nov 2006 06:46:26 +0000 (22:46 -0800)]
[XFRM]: uninline xfrm_selector_match()

Six callsites, huge.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[BLUETOOTH] lockdep: annotate sk_lock nesting in AF_BLUETOOTH
Peter Zijlstra [Thu, 9 Nov 2006 06:44:35 +0000 (22:44 -0800)]
[BLUETOOTH] lockdep: annotate sk_lock nesting in AF_BLUETOOTH

=============================================
[ INFO: possible recursive locking detected ]
2.6.18-1.2726.fc6 #1

18 years agoSELinux: Fix SA selection semantics
Venkat Yekkirala [Wed, 8 Nov 2006 23:04:26 +0000 (17:04 -0600)]
SELinux: Fix SA selection semantics

Fix the selection of an SA for an outgoing packet to be at the same
context as the originating socket/flow. This eliminates the SELinux
policy's ability to use/sendto SAs with contexts other than the socket's.

With this patch applied, the SELinux policy will require one or more of the
following for a socket to be able to communicate with/without SAs:

1. To enable a socket to communicate without using labeled-IPSec SAs:

allow socket_t unlabeled_t:association { sendto recvfrom }

2. To enable a socket to communicate with labeled-IPSec SAs:

allow socket_t self:association { sendto };
allow socket_t peer_sa_t:association { recvfrom };

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: James Morris <jmorris@namei.org>
18 years agoSELinux: Return correct context for SO_PEERSEC
Venkat Yekkirala [Wed, 8 Nov 2006 23:04:09 +0000 (17:04 -0600)]
SELinux: Return correct context for SO_PEERSEC

Fix SO_PEERSEC for tcp sockets to return the security context of
the peer (as represented by the SA from the peer) as opposed to the
SA used by the local/source socket.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: James Morris <jmorris@namei.org>
18 years agoSELinux: Various xfrm labeling fixes
Venkat Yekkirala [Wed, 8 Nov 2006 23:03:44 +0000 (17:03 -0600)]
SELinux: Various xfrm labeling fixes

Since the upstreaming of the mlsxfrm modification a few months back,
testing has resulted in the identification of the following issues/bugs that
are resolved in this patch set.

1. Fix the security context used in the IKE negotiation to be the context
   of the socket as opposed to the context of the SPD rule.

2. Fix SO_PEERSEC for tcp sockets to return the security context of
   the peer as opposed to the source.

3. Fix the selection of an SA for an outgoing packet to be at the same
   context as the originating socket/flow.

The following would be the result of applying this patchset:

- SO_PEERSEC will now correctly return the peer's context.

- IKE deamons will receive the context of the source socket/flow
  as opposed to the SPD rule's context so that the negotiated SA
  will be at the same context as the source socket/flow.

- The SELinux policy will require one or more of the
  following for a socket to be able to communicate with/without SAs:

  1. To enable a socket to communicate without using labeled-IPSec SAs:

     allow socket_t unlabeled_t:association { sendto recvfrom }

  2. To enable a socket to communicate with labeled-IPSec SAs:

     allow socket_t self:association { sendto };
     allow socket_t peer_sa_t:association { recvfrom };

This Patch: Pass correct security context to IKE for use in negotiation

Fix the security context passed to IKE for use in negotiation to be the
context of the socket as opposed to the context of the SPD rule so that
the SA carries the label of the originating socket/flow.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: James Morris <jmorris@namei.org>
18 years ago[BLUETOOTH] rfcomm endianness bug: param_mask is little-endian on the wire
Al Viro [Wed, 8 Nov 2006 08:28:44 +0000 (00:28 -0800)]
[BLUETOOTH] rfcomm endianness bug: param_mask is little-endian on the wire

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[BLUETOOTH]: rfcomm endianness annotations
Al Viro [Wed, 8 Nov 2006 08:28:19 +0000 (00:28 -0800)]
[BLUETOOTH]: rfcomm endianness annotations

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[BLUETOOTH]: bnep endianness annotations
Al Viro [Wed, 8 Nov 2006 08:27:57 +0000 (00:27 -0800)]
[BLUETOOTH]: bnep endianness annotations

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[BLUETOOTH] bnep endianness bug: filtering by packet type
Al Viro [Wed, 8 Nov 2006 08:27:36 +0000 (00:27 -0800)]
[BLUETOOTH] bnep endianness bug: filtering by packet type

<= and => don't work well on net-endian...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6]: ip6_output annotations
Al Viro [Wed, 8 Nov 2006 08:27:11 +0000 (00:27 -0800)]
[IPV6]: ip6_output annotations

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: trivial annotations
Al Viro [Wed, 8 Nov 2006 08:26:51 +0000 (00:26 -0800)]
[NETFILTER]: trivial annotations

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[AF_PACKET]: annotate
Al Viro [Wed, 8 Nov 2006 08:26:29 +0000 (00:26 -0800)]
[AF_PACKET]: annotate

Weirdness: the third argument of socket() is net-endian
here.  Oh, well - it's documented in packet(7).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[LLC]: anotations
Al Viro [Wed, 8 Nov 2006 08:26:05 +0000 (00:26 -0800)]
[LLC]: anotations

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6]: annotate inet6_csk_search_req()
Al Viro [Wed, 8 Nov 2006 08:25:41 +0000 (00:25 -0800)]
[IPV6]: annotate inet6_csk_search_req()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6]: flowlabels are net-endian
Al Viro [Wed, 8 Nov 2006 08:25:17 +0000 (00:25 -0800)]
[IPV6]: flowlabels are net-endian

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[INET]: annotate inet_ecn.h
Al Viro [Wed, 8 Nov 2006 08:24:47 +0000 (00:24 -0800)]
[INET]: annotate inet_ecn.h

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: annotate dsfield.h
Al Viro [Wed, 8 Nov 2006 08:24:26 +0000 (00:24 -0800)]
[NET]: annotate dsfield.h

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[XFRM]: annotate ->new_mapping()
Al Viro [Wed, 8 Nov 2006 08:24:06 +0000 (00:24 -0800)]
[XFRM]: annotate ->new_mapping()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[AF_KEY]: annotate
Al Viro [Wed, 8 Nov 2006 08:23:42 +0000 (00:23 -0800)]
[AF_KEY]: annotate

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV4]: encapsulation annotations
Al Viro [Wed, 8 Nov 2006 08:23:14 +0000 (00:23 -0800)]
[IPV4]: encapsulation annotations

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[SUNRPC]: annotate hash_ip()
Al Viro [Wed, 8 Nov 2006 08:22:34 +0000 (00:22 -0800)]
[SUNRPC]: annotate hash_ip()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6]: annotate ipv6 mcast
Al Viro [Wed, 8 Nov 2006 08:22:08 +0000 (00:22 -0800)]
[IPV6]: annotate ipv6 mcast

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6]: annotate struct frag_hdr
Al Viro [Wed, 8 Nov 2006 08:21:46 +0000 (00:21 -0800)]
[IPV6]: annotate struct frag_hdr

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6]: annotate icmpv6 headers
Al Viro [Wed, 8 Nov 2006 08:21:21 +0000 (00:21 -0800)]
[IPV6]: annotate icmpv6 headers

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6]: 'info' argument of ipv6 ->err_handler() is net-endian
Al Viro [Wed, 8 Nov 2006 08:21:01 +0000 (00:21 -0800)]
[IPV6]: 'info' argument of ipv6 ->err_handler() is net-endian

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>