]> err.no Git - linux-2.6/log
linux-2.6
18 years ago[IPV6] NDISC: Set per-entry is_router flag in Proxy NA.
Ville Nuorvala [Fri, 22 Sep 2006 21:43:19 +0000 (14:43 -0700)]
[IPV6] NDISC: Set per-entry is_router flag in Proxy NA.

We have sent NA with router flag from the node-wide forwarding
configuration.  This is not appropriate for proxy NA, and it should be
set according to each proxy entry's configuration.

This is used by Mobile IPv6 home agent to support physical home link
in acting as a proxy router for mobile node which is not a router,
for example.

Based on MIPL2 kernel patch.

Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
18 years ago[IPV6] NDISC: Avoid updating neighbor cache for proxied address in receiving NA.
Ville Nuorvala [Fri, 22 Sep 2006 21:42:46 +0000 (14:42 -0700)]
[IPV6] NDISC: Avoid updating neighbor cache for proxied address in receiving NA.

This aims at proxying router not updating neighbor cache entry for proxied
address when it receives NA because either the proxied node is off link or
it has already sent a NA to the proxied router.

Based on MIPL2 kernel patch.

Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
18 years ago[IPV6]: Don't forward packets to proxied link-local address.
Ville Nuorvala [Fri, 22 Sep 2006 21:42:18 +0000 (14:42 -0700)]
[IPV6]: Don't forward packets to proxied link-local address.

Proxying router can't forward traffic sent to link-local address, so signal
the sender and discard the packet. This behavior is clarified by Mobile IPv6
specification (RFC3775) but might be required for all proxying router.
Based on MIPL2 kernel patch.

Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
18 years ago[IPV6] NDISC: Handle NDP messages to proxied addresses.
Ville Nuorvala [Fri, 22 Sep 2006 21:41:44 +0000 (14:41 -0700)]
[IPV6] NDISC: Handle NDP messages to proxied addresses.

It is required to respond to NDP messages sent directly to the "target"
unicast address.  Proxying node (router) is required to handle such
messages.  To achieve this, check if the packet in forwarding patch is
NDP message.

With this patch, the proxy neighbor entries are always looked up in
forwarding path.  We may want to optimize further.

Based on MIPL2 kernel patch.

Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
18 years ago[NETFILTER]: PPTP conntrack: fix another GRE keymap leak
Patrick McHardy [Wed, 20 Sep 2006 19:11:30 +0000 (12:11 -0700)]
[NETFILTER]: PPTP conntrack: fix another GRE keymap leak

When the master PPTP connection times out while still having unfullfilled
expectations (and a GRE keymap entry) associated with it, the keymap entry
is not destroyed.

Add a destroy callback to struct ip_conntrack_helper and use it to destroy
PPTP siblings when the master is destroyed.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: PPTP conntrack: fix GRE keymap leak
Patrick McHardy [Wed, 20 Sep 2006 19:11:12 +0000 (12:11 -0700)]
[NETFILTER]: PPTP conntrack: fix GRE keymap leak

When destroying the GRE expectations without having seen the GRE connection
the keymap entry is not freed, leading to a memory leak and, in case of
a following call within the same session, failure during expectation setup.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: PPTP conntrack: fix PPTP_IN_CALL message types
Patrick McHardy [Wed, 20 Sep 2006 19:10:52 +0000 (12:10 -0700)]
[NETFILTER]: PPTP conntrack: fix PPTP_IN_CALL message types

Fix incorrectly used message types and call IDs:

- PPTP_IN_CALL_REQUEST (PAC->PNS) contains a PptpInCallRequest (icreq)
  message and the PAC call ID

- PPTP_IN_CALL_REPLY (PNS->PAC) contains a PptpInCallReply (icack)
  message and the PNS call ID

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: PPTP conntrack: check call ID before changing state
Patrick McHardy [Wed, 20 Sep 2006 19:10:37 +0000 (12:10 -0700)]
[NETFILTER]: PPTP conntrack: check call ID before changing state

For rejected calls the state is set to PPTP_CALL_NONE even for non-matching
call ids.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: PPTP conntrack: clean up debugging cruft
Patrick McHardy [Wed, 20 Sep 2006 19:10:21 +0000 (12:10 -0700)]
[NETFILTER]: PPTP conntrack: clean up debugging cruft

Also make sure not to hand packets received in an invalid state to the
NAT helper since it will mangle the packet with invalid data.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: PPTP conntrack: consolidate header parsing
Patrick McHardy [Wed, 20 Sep 2006 19:10:06 +0000 (12:10 -0700)]
[NETFILTER]: PPTP conntrack: consolidate header parsing

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: PPTP conntrack: consolidate header size checks
Patrick McHardy [Wed, 20 Sep 2006 19:09:51 +0000 (12:09 -0700)]
[NETFILTER]: PPTP conntrack: consolidate header size checks

Also make sure not to pass undersized messages to the NAT helper.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: PPTP conntrack: simplify expectation handling
Patrick McHardy [Wed, 20 Sep 2006 19:09:34 +0000 (12:09 -0700)]
[NETFILTER]: PPTP conntrack: simplify expectation handling

Remove duplicated expectation handling in the NAT helper and simplify
the remains in the conntrack helper.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: PPTP conntrack: remove unnecessary cid/pcid header pointers
Patrick McHardy [Wed, 20 Sep 2006 19:09:19 +0000 (12:09 -0700)]
[NETFILTER]: PPTP conntrack: remove unnecessary cid/pcid header pointers

Just the values are needed, not the memory locations.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: PPTP conntrack: fix header definitions
Patrick McHardy [Wed, 20 Sep 2006 19:08:56 +0000 (12:08 -0700)]
[NETFILTER]: PPTP conntrack: fix header definitions

Fix a few header definitions to match RFC2637. Most importantly the
PptpOutCallRequest header included an invalid padding field and a
size check was disabled because of this.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: PPTP conntrack: remove more dead code
Patrick McHardy [Wed, 20 Sep 2006 19:08:41 +0000 (12:08 -0700)]
[NETFILTER]: PPTP conntrack: remove more dead code

The calculated sequence numbers are not used for anything.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: PPTP conntrack: remove dead code
Patrick McHardy [Wed, 20 Sep 2006 19:08:23 +0000 (12:08 -0700)]
[NETFILTER]: PPTP conntrack: remove dead code

The call ID in reply packets is never changed, remove the code.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: PPTP conntrack: get rid of unnecessary byte order conversions
Patrick McHardy [Wed, 20 Sep 2006 19:08:03 +0000 (12:08 -0700)]
[NETFILTER]: PPTP conntrack: get rid of unnecessary byte order conversions

The conntrack structure contains the call ID in host byte order for no
reason, get rid of back and forth conversions.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: PPTP conntrack: fix whitespace errors
Patrick McHardy [Wed, 20 Sep 2006 19:07:39 +0000 (12:07 -0700)]
[NETFILTER]: PPTP conntrack: fix whitespace errors

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: ipt_hashlimit: add compat conversion functions
Patrick McHardy [Wed, 20 Sep 2006 19:07:23 +0000 (12:07 -0700)]
[NETFILTER]: ipt_hashlimit: add compat conversion functions

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: xt_limit: add compat conversion functions
Patrick McHardy [Wed, 20 Sep 2006 19:07:06 +0000 (12:07 -0700)]
[NETFILTER]: xt_limit: add compat conversion functions

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: xt_CONNMARK: add compat conversion functions
Patrick McHardy [Wed, 20 Sep 2006 19:06:40 +0000 (12:06 -0700)]
[NETFILTER]: xt_CONNMARK: add compat conversion functions

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: xt_connmark: add compat conversion functions
Patrick McHardy [Wed, 20 Sep 2006 19:06:25 +0000 (12:06 -0700)]
[NETFILTER]: xt_connmark: add compat conversion functions

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: xt_MARK: add compat conversion functions
Patrick McHardy [Wed, 20 Sep 2006 19:06:10 +0000 (12:06 -0700)]
[NETFILTER]: xt_MARK: add compat conversion functions

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: xt_mark: add compat conversion functions
Patrick McHardy [Wed, 20 Sep 2006 19:05:54 +0000 (12:05 -0700)]
[NETFILTER]: xt_mark: add compat conversion functions

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: x_tables: simplify compat API
Patrick McHardy [Wed, 20 Sep 2006 19:05:37 +0000 (12:05 -0700)]
[NETFILTER]: x_tables: simplify compat API

Split the xt_compat_match/xt_compat_target into smaller type-safe functions
performing just one operation. Handle all alignment and size-related
conversions centrally in these function instead of requiring each module to
implement a full-blown conversion function. Replace ->compat callback by
->compat_from_user and ->compat_to_user callbacks, responsible for
converting just a single private structure.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: ip_tables: revision support for compat code
Patrick McHardy [Wed, 20 Sep 2006 19:05:08 +0000 (12:05 -0700)]
[NETFILTER]: ip_tables: revision support for compat code

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: ip_tables: fix module refcount leaks in compat error paths
Patrick McHardy [Wed, 20 Sep 2006 19:04:08 +0000 (12:04 -0700)]
[NETFILTER]: ip_tables: fix module refcount leaks in compat error paths

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: make some netfilter globals __read_mostly
Brian Haley [Wed, 20 Sep 2006 19:03:46 +0000 (12:03 -0700)]
[NETFILTER]: make some netfilter globals __read_mostly

Signed-off-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: TCP conntrack: improve dead connection detection
George Hansper [Wed, 20 Sep 2006 19:03:23 +0000 (12:03 -0700)]
[NETFILTER]: TCP conntrack: improve dead connection detection

Don't count window updates as retransmissions.

Signed-off-by: George Hansper <georgeh@anstat.com.au>
Signed-off-by: Patrick McHardy <kaber@trash.net>
18 years ago[NETFILTER]: xt_policy: remove dups in .family
Alexey Dobriyan [Wed, 20 Sep 2006 19:02:44 +0000 (12:02 -0700)]
[NETFILTER]: xt_policy: remove dups in .family

sparse "defined twice" warning

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: ip6t_HL: remove write-only variable
Patrick McHardy [Wed, 20 Sep 2006 19:02:21 +0000 (12:02 -0700)]
[NETFILTER]: ip6t_HL: remove write-only variable

Noticed by Alexey Dobriyan <adobriyan@gmail.com>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: ipt_TTL: fix checksum update bug
Patrick McHardy [Wed, 20 Sep 2006 19:01:34 +0000 (12:01 -0700)]
[NETFILTER]: ipt_TTL: fix checksum update bug

Fix regression introduced by the incremental checksum patches.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: conntrack: fix race condition in early_drop
Pablo Neira Ayuso [Wed, 20 Sep 2006 19:01:06 +0000 (12:01 -0700)]
[NETFILTER]: conntrack: fix race condition in early_drop

On SMP environments the maximum number of conntracks can be overpassed
under heavy stress situations due to an existing race condition.

        CPU A                   CPU B
     atomic_read()               ...
     early_drop()                ...
        ...                  atomic_read()
   allocate conntrack      allocate conntrack
     atomic_inc()             atomic_inc()

This patch moves the counter incrementation before the early drop stage.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: ctnetlink: simplify the code to dump the conntrack table
Pablo Neira Ayuso [Wed, 20 Sep 2006 19:00:45 +0000 (12:00 -0700)]
[NETFILTER]: ctnetlink: simplify the code to dump the conntrack table

Merge the bits to dump the conntrack table and the ones to dump and
zero counters in a single piece of code. This patch does not change
the default behaviour if accounting is not enabled.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: x_tables: small check_entry & module_refcount cleanup
Dmitry Mishin [Wed, 20 Sep 2006 19:00:21 +0000 (12:00 -0700)]
[NETFILTER]: x_tables: small check_entry & module_refcount cleanup

While standard_target has target->me == NULL, module_put() should be
called for it as for others, because there were try_module_get() before.

Signed-off-by: Dmitry Mishin <dim@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: ip6table_mangle: reroute when nfmark changes in NF_IP6_LOCAL_OUT
Patrick McHardy [Wed, 20 Sep 2006 18:59:42 +0000 (11:59 -0700)]
[NETFILTER]: ip6table_mangle: reroute when nfmark changes in NF_IP6_LOCAL_OUT

Now that IPv6 supports policy routing we need to reroute in NF_IP6_LOCAL_OUT
when the mark value changes.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: xt_limit: don't reset state on unrelated rule updates
Patrick McHardy [Wed, 20 Sep 2006 18:59:25 +0000 (11:59 -0700)]
[NETFILTER]: xt_limit: don't reset state on unrelated rule updates

The limit match reinitializes its state whenever the ruleset changes,
which means it will forget about previously used credits.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: ipt_TCPMSS: misc cleanup
Patrick McHardy [Wed, 20 Sep 2006 18:59:06 +0000 (11:59 -0700)]
[NETFILTER]: ipt_TCPMSS: misc cleanup

- remove debugging cruft
- remove printk for reallocation failures
- remove unused addition

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: ipt_TCPMSS: remove impossible condition
Patrick McHardy [Wed, 20 Sep 2006 18:58:50 +0000 (11:58 -0700)]
[NETFILTER]: ipt_TCPMSS: remove impossible condition

Every skb must have a dst_entry at this point.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: ipt_TCPMSS: reformat
Patrick McHardy [Wed, 20 Sep 2006 18:58:35 +0000 (11:58 -0700)]
[NETFILTER]: ipt_TCPMSS: reformat

- fix whitespace error
- break lines at 80 characters
- reformat some expressions to be more readable

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: xt_conntrack: clean up overly long lines
Patrick McHardy [Wed, 20 Sep 2006 18:58:17 +0000 (11:58 -0700)]
[NETFILTER]: xt_conntrack: clean up overly long lines

Also fix some whitespace errors and use the NAT bits instead of deriving
the state manually.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: kill listhelp.h
Patrick McHardy [Wed, 20 Sep 2006 18:57:53 +0000 (11:57 -0700)]
[NETFILTER]: kill listhelp.h

Kill listhelp.h and use the list.h functions instead.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: remove unused include file
Patrick McHardy [Wed, 20 Sep 2006 18:57:09 +0000 (11:57 -0700)]
[NETFILTER]: remove unused include file

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV4]: ipip and ip_gre encapsulation bugs
Al Viro [Tue, 19 Sep 2006 20:23:19 +0000 (13:23 -0700)]
[IPV4]: ipip and ip_gre encapsulation bugs

Handling of ipip and ip_gre ICMP error relaying is b0rken; it accesses
8bit field + 3 reserved octets as host-endian 32bit, does comparison,
subtraction and stuffs the result back.  That breaks on big-endian.

Fixed, made endian-clean.

[ Note that this effected code is permanently commented out with
  and ifdef, so this error couldn't actually cause problems for
  anyone. -DaveM ]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP] CCID2: Add helper functions for changing important CCID2 state
Andrea Bittau [Tue, 19 Sep 2006 20:15:33 +0000 (13:15 -0700)]
[DCCP] CCID2: Add helper functions for changing important CCID2 state

Introduce methods which manipulate interesting congestion control
state such as pipe and rtt estimate.  This is useful for people
wishing to monitor the variables of CCID and instrument the code
[perhaps using Kprobes].  Personally, I am a fan of
encapsulation---that justifies this change =D.

Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP] CCID2: Halve cwnd once upon multiple losses in a single RTT
Andrea Bittau [Tue, 19 Sep 2006 20:14:43 +0000 (13:14 -0700)]
[DCCP] CCID2: Halve cwnd once upon multiple losses in a single RTT

When multiple losses occur in one RTT, the window should be halved
only once [a single "congestion event"].  This is now implemented,
although not perfectly.  Slightly changed the interface for changing
the cwnd: pass hctx instead of dp.  This is required in order to allow
for change_cwnd to be called from _init().

Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP] CCID2: Allocate seq records on demand
Andrea Bittau [Tue, 19 Sep 2006 20:13:37 +0000 (13:13 -0700)]
[DCCP] CCID2: Allocate seq records on demand

Allocate more sequence state on demand.  Each time a packet is sent
out by CCID2, a record of it needs to be kept.  This list of records
grows proportionally to cwnd.  Previously, the length of this list was
hardcored and therefore the cwnd could only grow to this value (of
128).  Now, records are allocated on demand as necessary---cwnd may
grow as it wishes.  The exceptional case of when memory is not
available is not handled gracefully.  Perhaps, cwnd should be capped
at that point.

Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP] CCID2: Add Kconfig option for CCID2 debug
Andrea Bittau [Tue, 19 Sep 2006 20:12:44 +0000 (13:12 -0700)]
[DCCP] CCID2: Add Kconfig option for CCID2 debug

Allow the user to choose whether or not to enable CCID2 debugging via
Kconfig.

Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP] CCID2: Tell DCCP to quickly check whether cwnd is available
Andrea Bittau [Tue, 19 Sep 2006 20:10:11 +0000 (13:10 -0700)]
[DCCP] CCID2: Tell DCCP to quickly check whether cwnd is available

If not enough cwnd is available, tell the sender to check again as
soon as possible.  This will increase CPU utilization (polling
frequently for cwnd) but will improve network performance.  That is,
the sender will need to wait less before detecting the increase of
cwnd.  A better architecture would be for the CCID to call-back (or
dequeue) from DCCP when it is able to transmit traffic -- not the
other way around as it currently occurs.

Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[ATM]: proper prototypes in net/atm/mpc.h (and reduce ifdef clutter)
Adrian Bunk [Fri, 22 Sep 2006 21:28:11 +0000 (14:28 -0700)]
[ATM]: proper prototypes in net/atm/mpc.h (and reduce ifdef clutter)

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP] CCID2: Initialize ssthresh to infinity
Andrea Bittau [Tue, 19 Sep 2006 20:07:20 +0000 (13:07 -0700)]
[DCCP] CCID2: Initialize ssthresh to infinity

Initialize the slow-start threshold to infinity.  This way, upon connection
initiation, slow-start will be exited only upon a packet loss.  This patch will
allow connections to quickly gain speed.

Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP] CCID2: Fix jiffie wrap issues
Andrea Bittau [Tue, 19 Sep 2006 20:06:46 +0000 (13:06 -0700)]
[DCCP] CCID2: Fix jiffie wrap issues

Jiffies are now handled correctly (I hope) in CCID2.  If they wrap, no
problem.

Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP] ackvec: Remove unused variables
Andrea Bittau [Tue, 19 Sep 2006 20:06:16 +0000 (13:06 -0700)]
[DCCP] ackvec: Remove unused variables

Get rid of unused variables in ackvector state.

Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP] ackvec: Fix how DCCP_ACKVEC_STATE_NOT_RECEIVED is used
Andrea Bittau [Tue, 19 Sep 2006 20:05:35 +0000 (13:05 -0700)]
[DCCP] ackvec: Fix how DCCP_ACKVEC_STATE_NOT_RECEIVED is used

Fix the way state is masked out.  DCCP_ACKVEC_STATE_NOT_RECEIVED is
defined as appears in the packet, therefore bit shifting is not
required.  This fix allows CCID2 to correctly detect losses.

Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP] ACKVEC: fix ackvector length calculation
Andrea Bittau [Tue, 19 Sep 2006 20:04:54 +0000 (13:04 -0700)]
[DCCP] ACKVEC: fix ackvector length calculation

Fix ackvector length calculation upon receiving an "ack-of-ack".  This
patch avoids the ackvector from growing too large which causes it to
not be inserted into packets.

Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[XFRM]: Fix wildcard as tunnel source
Patrick McHardy [Tue, 19 Sep 2006 19:57:34 +0000 (12:57 -0700)]
[XFRM]: Fix wildcard as tunnel source

Hashing SAs by source address breaks templates with wildcards as tunnel
source since the source address used for hashing/lookup is still 0/0.
Move source address lookup to xfrm_tmpl_resolve_one() so we can use the
real address in the lookup.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[TCP]: Send ACKs each 2nd received segment.
Alexey Kuznetsov [Tue, 19 Sep 2006 19:52:50 +0000 (12:52 -0700)]
[TCP]: Send ACKs each 2nd received segment.

It does not affect either mss-sized connections (obviously) or
connections controlled by Nagle (because there is only one small
segment in flight).

The idea is to record the fact that a small segment arrives on a
connection, where one small segment has already been received and
still not-ACKed. In this case ACK is forced after tcp_recvmsg() drains
receive buffer.

In other words, it is a "soft" each-2nd-segment ACK, which is enough
to preserve ACK clock even when ABC is enabled.

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[SELINUX]: Fix bug in security_sid_mls_copy
Venkat Yekkirala [Tue, 19 Sep 2006 17:24:19 +0000 (10:24 -0700)]
[SELINUX]: Fix bug in security_sid_mls_copy

The following fixes a bug where random mem is being tampered with in the
non-mls case; encountered by Jashua Brindle on a gentoo box.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
18 years ago[SCTP]: Cleanups
Adrian Bunk [Mon, 18 Sep 2006 07:40:38 +0000 (00:40 -0700)]
[SCTP]: Cleanups

This patch contains the following cleanups:
- make the following needlessly global function static:
  - socket.c: sctp_apply_peer_addr_params()
- add proper prototypes for the several global functions in
  include/net/sctp/sctp.h

Note that this fixes wrong prototypes for the following functions:
- sctp_snmp_proc_exit()
- sctp_eps_proc_exit()
- sctp_assocs_proc_exit()

The latter was spotted by the GNU C compiler and reported
by David Woodhouse.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Acked-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6] address: Support NLM_F_EXCL when adding addresses
Thomas Graf [Mon, 18 Sep 2006 07:13:46 +0000 (00:13 -0700)]
[IPV6] address: Support NLM_F_EXCL when adding addresses

iproute2 doesn't provide the NLM_F_CREATE flag when adding addresses,
it is assumed to be implied. The existing code issues a check on
said flag when the modify operation fails (likely due to ENOENT)
before continueing to create it, this leads to a hard to predict
result, therefore the NLM_F_CREATE check is removed.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6] address: Allow address changes while device is administrative down
Thomas Graf [Mon, 18 Sep 2006 07:13:07 +0000 (00:13 -0700)]
[IPV6] address: Allow address changes while device is administrative down

Same behaviour as IPv4, using IFF_UP is a no-no anyway.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6] address: Convert address dumping to new netlink api
Thomas Graf [Mon, 18 Sep 2006 07:12:35 +0000 (00:12 -0700)]
[IPV6] address: Convert address dumping to new netlink api

Replaces INET6_IFADDR_RTA_SPACE with a new function calculating
the total required message size for all address messages.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6] address: Add put_ifaddrmsg() and rt_scope()
Thomas Graf [Mon, 18 Sep 2006 07:11:52 +0000 (00:11 -0700)]
[IPV6] address: Add put_ifaddrmsg() and rt_scope()

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6] address: Add put_cacheinfo() to dump struct cacheinfo
Thomas Graf [Mon, 18 Sep 2006 07:11:24 +0000 (00:11 -0700)]
[IPV6] address: Add put_cacheinfo() to dump struct cacheinfo

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6] address: Convert address lookup to new netlink api
Thomas Graf [Mon, 18 Sep 2006 07:10:50 +0000 (00:10 -0700)]
[IPV6] address: Convert address lookup to new netlink api

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6] address: Convert address deletion to new netlink api
Thomas Graf [Mon, 18 Sep 2006 07:10:19 +0000 (00:10 -0700)]
[IPV6] address: Convert address deletion to new netlink api

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6] address: Convert address addition to new netlink api
Thomas Graf [Mon, 18 Sep 2006 07:09:49 +0000 (00:09 -0700)]
[IPV6] address: Convert address addition to new netlink api

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: Change tunables to __read_mostly
Brian Haley [Mon, 18 Sep 2006 07:05:22 +0000 (00:05 -0700)]
[NETFILTER]: Change tunables to __read_mostly

Change some netfilter tunables to __read_mostly.  Also fixed some
incorrect file reference comments while I was in there.

(this will be my last __read_mostly patch unless someone points out
something else that needs it)

Signed-off-by: Brian Haley <brian.haley@hp.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[SCTP]: Change globals to __read_mostly
Brian Haley [Mon, 18 Sep 2006 07:04:22 +0000 (00:04 -0700)]
[SCTP]: Change globals to __read_mostly

Change sctp globals to __read_mostly.

Signed-off-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[BRIDGE]: Change sysctl tunables to __read_mostly
Brian Haley [Mon, 18 Sep 2006 07:03:41 +0000 (00:03 -0700)]
[BRIDGE]: Change sysctl tunables to __read_mostly

Change some bridge sysctl tunables to __read_mostly.

Signed-off-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[GENL]: Provide more information to userspace about registered genl families
Thomas Graf [Mon, 18 Sep 2006 07:01:59 +0000 (00:01 -0700)]
[GENL]: Provide more information to userspace about registered genl families

Additionaly exports the following information when providing
the list of registered generic netlink families:
  - protocol version
  - header size
  - maximum number of attributes
  - list of available operations including
      - id
      - flags
      - avaiability of policy and doit/dumpit function

libnl HEAD provides a utility to read this new information:

0x0010 nlctrl version 1
    hdrsize 0 maxattr 6
      op GETFAMILY (0x03) [POLICY,DOIT,DUMPIT]
0x0011 NLBL_MGMT version 1
    hdrsize 0 maxattr 0
      op unknown (0x02) [DOIT]
      op unknown (0x03) [DOIT]
      ....

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[RTNETLINK]: Fix netdevice name corruption
Patrick McHardy [Thu, 14 Sep 2006 03:35:36 +0000 (20:35 -0700)]
[RTNETLINK]: Fix netdevice name corruption

When changing a device by ifindex without including a IFLA_IFNAME
attribute, the ifname variable contains random garbage and is used
to change the device name.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[XFRM]: remove xerr_idxp from __xfrm_policy_check()
James Morris [Fri, 1 Sep 2006 07:32:12 +0000 (00:32 -0700)]
[XFRM]: remove xerr_idxp from __xfrm_policy_check()

It seems that during the MIPv6 respin, some code which was originally
conditionally compiled around CONFIG_XFRM_ADVANCED was accidently left
in after the config option was removed.

This patch removes an extraneous pointer (xerr_idxp) which is no
longer needed.

Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPSEC]: output mode to take an xfrm state as input param
Jamal Hadi Salim [Fri, 1 Sep 2006 00:42:59 +0000 (17:42 -0700)]
[IPSEC]: output mode to take an xfrm state as input param

Expose IPSEC modes output path to take an xfrm state as input param.
This makes it consistent with the input mode processing (which already
takes the xfrm state as a param).

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Fix sk->sk_filter field access
Dmitry Mishin [Thu, 31 Aug 2006 22:28:39 +0000 (15:28 -0700)]
[NET]: Fix sk->sk_filter field access

Function sk_filter() is called from tcp_v{4,6}_rcv() functions with arg
needlock = 0, while socket is not locked at that moment. In order to avoid
this and similar issues in the future, use rcu for sk->sk_filter field read
protection.

Signed-off-by: Dmitry Mishin <dim@openvz.org>
Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
18 years ago[IPV6] MIP6: Fix to update IP6CB when cloned skbuff is received at HAO.
Masahide NAKAMURA [Thu, 31 Aug 2006 22:18:49 +0000 (15:18 -0700)]
[IPV6] MIP6: Fix to update IP6CB when cloned skbuff is received at HAO.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[XFRM] STATE: Fix flusing with hash mask.
Masahide NAKAMURA [Thu, 31 Aug 2006 22:14:32 +0000 (15:14 -0700)]
[XFRM] STATE: Fix flusing with hash mask.

This is a minor fix about transformation state flushing
for net-2.6.19. Please apply it.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[TCP]: Fix rcv mss estimate for LRO
Herbert Xu [Thu, 31 Aug 2006 22:11:02 +0000 (15:11 -0700)]
[TCP]: Fix rcv mss estimate for LRO

By passing a Linux-generated TSO packet straight back into Linux, Xen
becomes our first LRO user :) Unfortunately, there is at least one spot
in our stack that needs to be changed to cope with this.

The receive MSS estimate is computed from the raw packet size.  This is
broken if the packet is GSO/LRO.  Fortunately the real MSS can be found
in gso_size so we simply need to use that if it is non-zero.

Real LRO NICs should of course set the gso_size field in future.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[RTNETLINK]: Fix typo causing wrong skb to be freed
Thomas Graf [Thu, 31 Aug 2006 22:04:30 +0000 (15:04 -0700)]
[RTNETLINK]: Fix typo causing wrong skb to be freed

A typo introduced by myself which leads to freeing the skb
containing the netlink message when it should free the newly
allocated skb for the reply.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[AF_UNIX]: Change max_dgram_qlen sysctl to __read_mostly
Brian Haley [Thu, 31 Aug 2006 22:03:36 +0000 (15:03 -0700)]
[AF_UNIX]: Change max_dgram_qlen sysctl to __read_mostly

Signed-off-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Change somaxconn sysctl to __read_mostly
Brian Haley [Thu, 31 Aug 2006 22:03:02 +0000 (15:03 -0700)]
[NET]: Change somaxconn sysctl to __read_mostly

Signed-off-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[PKT_SCHED] act_simple.c: make struct simp_hash_info static
Adrian Bunk [Wed, 30 Aug 2006 22:03:07 +0000 (15:03 -0700)]
[PKT_SCHED] act_simple.c: make struct simp_hash_info static

This patch makes the needlessly global struct simp_hash_info static.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NetLabel]: add some missing #includes to various header files
Paul Moore [Wed, 30 Aug 2006 00:56:04 +0000 (17:56 -0700)]
[NetLabel]: add some missing #includes to various header files

Add some missing include files to the NetLabel related header files.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NetLabel]: uninline selinux_netlbl_inode_permission()
Paul Moore [Wed, 30 Aug 2006 00:55:38 +0000 (17:55 -0700)]
[NetLabel]: uninline selinux_netlbl_inode_permission()

Uninline the selinux_netlbl_inode_permission() at the request of
Andrew Morton.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NetLabel]: Cleanup ebitmap_import()
Paul Moore [Wed, 30 Aug 2006 00:55:11 +0000 (17:55 -0700)]
[NetLabel]: Cleanup ebitmap_import()

Rewrite ebitmap_import() so it is a bit cleaner and easier to read.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NetLabel]: Comment corrections.
Paul Moore [Wed, 30 Aug 2006 00:54:41 +0000 (17:54 -0700)]
[NetLabel]: Comment corrections.

Fix some incorrect comments.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NetLabel]: remove unused function prototypes
Paul Moore [Wed, 30 Aug 2006 00:54:17 +0000 (17:54 -0700)]
[NetLabel]: remove unused function prototypes

Removed some older function prototypes for functions that no longer exist.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NetLabel]: Correctly initialize the NetLabel fields.
Paul Moore [Wed, 30 Aug 2006 00:53:48 +0000 (17:53 -0700)]
[NetLabel]: Correctly initialize the NetLabel fields.

Fix a problem where the NetLabel specific fields of the sk_security_struct
structure were not being initialized early enough in some cases.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP]: Tidyup CCID3 list handling
Ian McDonald [Wed, 30 Aug 2006 00:50:19 +0000 (17:50 -0700)]
[DCCP]: Tidyup CCID3 list handling

As Arnaldo Carvalho de Melo points out I should be using list_entry in case
the structure changes in future. Current code functions but is reliant
on position and requires type cast.

Noticed when doing this that I have one more variable than I needed so
removing that also.

Signed off by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER] bridge: debug message fixes
Stephen Hemminger [Wed, 30 Aug 2006 00:49:31 +0000 (17:49 -0700)]
[NETFILTER] bridge: debug message fixes

If CONFIG_NETFILTER_DEBUG is enabled, it shouldn't change the
actions of the filtering. The message about skb->dst being NULL
is commonly triggered by dhclient, so it is useless. Make sure all
messages end in newline.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER] bridge: simplify nf_bridge_pad
Stephen Hemminger [Wed, 30 Aug 2006 00:48:57 +0000 (17:48 -0700)]
[NETFILTER] bridge: simplify nf_bridge_pad

Do some simple optimization on the nf_bridge_pad() function
and don't use magic constants. Eliminate a double call and
the #ifdef'd code for CONFIG_BRIDGE_NETFILTER.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER] bridge: code rearrangement for clarity
Stephen Hemminger [Wed, 30 Aug 2006 00:48:17 +0000 (17:48 -0700)]
[NETFILTER] bridge: code rearrangement for clarity

Cleanup and rearrangement for better style and clarity:
Split the function nf_bridge_maybe_copy_header into two pieces
Move copy portion out of line.
Use Ethernet header size macros.
Use header file to handle CONFIG_NETFILTER_BRIDGE differences

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV4]: Make struct sockaddr_in::sin_port __be16
Alexey Dobriyan [Tue, 29 Aug 2006 06:58:32 +0000 (23:58 -0700)]
[IPV4]: Make struct sockaddr_in::sin_port __be16

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV4]: Make struct in_addr::s_addr __be32
Alexey Dobriyan [Tue, 29 Aug 2006 06:57:56 +0000 (23:57 -0700)]
[IPV4]: Make struct in_addr::s_addr __be32

There will be relatively small increase in sparse endian warnings, but
this (and sin_port) patch is a first step to make networking code
endian clean.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETFILTER]: xt_CONNMARK.c build fix
Benoit Boissinot [Tue, 29 Aug 2006 00:50:37 +0000 (17:50 -0700)]
[NETFILTER]: xt_CONNMARK.c build fix

net/netfilter/xt_CONNMARK.c: In function 'target':
net/netfilter/xt_CONNMARK.c:59: warning: implicit declaration of
function 'nf_conntrack_event_cache'

The warning is due to the following .config:
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_CONNTRACK_MARK=y
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
CONFIG_IP_NF_CONNTRACK_NETLINK=m

This change was introduced by:
http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.19.git;a=commit;h=76e4b41009b8a2e9dd246135cf43c7fe39553aa5

Proposed solution (based on the define in
include/net/netfilter/nf_conntrack_compat.h:

Signed-off-by: Benoit Boissinot <benoit.boissinot@ens-lyon.org>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6] ROUTE: Fix dst reference counting in ip6_pol_route_lookup().
YOSHIFUJI Hideaki [Mon, 28 Aug 2006 20:19:30 +0000 (13:19 -0700)]
[IPV6] ROUTE: Fix dst reference counting in ip6_pol_route_lookup().

In ip6_pol_route_lookup(), when we finish backtracking at the
top-level root entry, we need to hold it.

Bug noticed by Mitsuru Chinen <CHINEN@jp.ibm.com>.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETLINK]: Make use of NLA_STRING/NLA_NUL_STRING attribute validation
Thomas Graf [Sun, 27 Aug 2006 03:13:18 +0000 (20:13 -0700)]
[NETLINK]: Make use of NLA_STRING/NLA_NUL_STRING attribute validation

Converts existing NLA_STRING attributes to use the new
validation features, saving a couple of temporary buffers.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETLINK]: Improve string attribute validation
Thomas Graf [Sun, 27 Aug 2006 03:11:47 +0000 (20:11 -0700)]
[NETLINK]: Improve string attribute validation

Introduces a new attribute type NLA_NUL_STRING to support NUL
terminated strings. Attributes of this kind require to carry
a terminating NUL within the maximum specified in the policy.

The `old' NLA_STRING which is not required to be NUL terminated
is extended to provide means to specify a maximum length of the
string.

Aims at easing the pain with using nla_strlcpy() on temporary
buffers.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[UDP]: saddr_cmp function should take const socket pointers
David S. Miller [Sun, 27 Aug 2006 03:10:15 +0000 (20:10 -0700)]
[UDP]: saddr_cmp function should take const socket pointers

This also kills a warning while building ipv6:

net/ipv6/udp.c: In function ‘udp_v6_get_port’:
net/ipv6/udp.c:66: warning: passing argument 3 of ‘udp_get_port’ from incompatible pointer type

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[UDP]: Mark udp_port_rover static.
David S. Miller [Sun, 27 Aug 2006 03:06:49 +0000 (20:06 -0700)]
[UDP]: Mark udp_port_rover static.

It is not referenced outside of net/ipv4/udp.c any longer.

Signed-off-by: David S. Miller <davem@davemloft.net>