From fd184ab4283a6a6105e8312a497d2a2a193eaf67 Mon Sep 17 00:00:00 2001 From: Marcel Holtmann Date: Thu, 24 May 2007 14:26:15 +0200 Subject: [PATCH 01/25] [Bluetooth] Always send HCI_Reset for Broadcom devices In case of Broadcom based Bluetooth devices, it is safe to always send HCI_Reset as first command. This gives the advantage that all HID Proxy versions will automatically work and don't need any additional quirks anymore. Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_usb.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/bluetooth/hci_usb.c b/drivers/bluetooth/hci_usb.c index b0238b46dded..7e04dd69f609 100644 --- a/drivers/bluetooth/hci_usb.c +++ b/drivers/bluetooth/hci_usb.c @@ -115,11 +115,11 @@ static struct usb_device_id blacklist_ids[] = { { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 }, /* Broadcom BCM2045 */ - { USB_DEVICE(0x0a5c, 0x2101), .driver_info = HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x0a5c, 0x2101), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, /* IBM/Lenovo ThinkPad with Broadcom chip */ - { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_WRONG_SCO_MTU }, - { USB_DEVICE(0x0a5c, 0x2110), .driver_info = HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x0a5c, 0x2110), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, /* Targus ACB10US */ { USB_DEVICE(0x0a5c, 0x2100), .driver_info = HCI_RESET }, @@ -128,17 +128,17 @@ static struct usb_device_id blacklist_ids[] = { { USB_DEVICE(0x0a5c, 0x2111), .driver_info = HCI_RESET }, /* HP laptop with Broadcom chip */ - { USB_DEVICE(0x03f0, 0x171d), .driver_info = HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x03f0, 0x171d), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, /* Dell laptop with Broadcom chip */ - { USB_DEVICE(0x413c, 0x8126), .driver_info = HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x413c, 0x8126), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, /* Microsoft Wireless Transceiver for Bluetooth 2.0 */ { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET }, /* Kensington Bluetooth USB adapter */ { USB_DEVICE(0x047d, 0x105d), .driver_info = HCI_RESET }, - { USB_DEVICE(0x047d, 0x105e), .driver_info = HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x047d, 0x105e), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, /* ISSC Bluetooth Adapter v3.1 */ { USB_DEVICE(0x1131, 0x1001), .driver_info = HCI_RESET }, @@ -148,8 +148,8 @@ static struct usb_device_id blacklist_ids[] = { { USB_DEVICE(0x0400, 0x080a), .driver_info = HCI_BROKEN_ISOC }, /* Belkin F8T012 and F8T013 devices */ - { USB_DEVICE(0x050d, 0x0012), .driver_info = HCI_WRONG_SCO_MTU }, - { USB_DEVICE(0x050d, 0x0013), .driver_info = HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x050d, 0x0012), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, + { USB_DEVICE(0x050d, 0x0013), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, /* Digianswer devices */ { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER }, From 5dee9e7c4c869fcffccc3d432b755793dfa71376 Mon Sep 17 00:00:00 2001 From: Marcel Holtmann Date: Thu, 24 May 2007 14:27:19 +0200 Subject: [PATCH 02/25] [Bluetooth] Fix L2CAP configuration parameter handling The L2CAP configuration parameter handling was missing the support for rejecting unknown options. The capability to reject unknown options is mandatory since the Bluetooth 1.2 specification. This patch implements its and also simplifies the parameter parsing. Signed-off-by: Marcel Holtmann --- include/net/bluetooth/l2cap.h | 8 +- net/bluetooth/l2cap.c | 144 +++++++++++++++++++--------------- 2 files changed, 86 insertions(+), 66 deletions(-) diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h index 8242a0ee1f58..87df4e87622d 100644 --- a/include/net/bluetooth/l2cap.h +++ b/include/net/bluetooth/l2cap.h @@ -129,8 +129,10 @@ struct l2cap_conf_rsp { __u8 data[0]; } __attribute__ ((packed)); -#define L2CAP_CONF_SUCCESS 0x00 -#define L2CAP_CONF_UNACCEPT 0x01 +#define L2CAP_CONF_SUCCESS 0x0000 +#define L2CAP_CONF_UNACCEPT 0x0001 +#define L2CAP_CONF_REJECT 0x0002 +#define L2CAP_CONF_UNKNOWN 0x0003 struct l2cap_conf_opt { __u8 type; @@ -215,6 +217,8 @@ struct l2cap_pinfo { __u32 link_mode; + __u8 conf_req[64]; + __u8 conf_len; __u8 conf_state; __u8 conf_retry; __u16 conf_mtu; diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index a59b1fb63b76..670ff95ca64b 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -507,6 +507,7 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent) } /* Default config options */ + pi->conf_len = 0; pi->conf_mtu = L2CAP_DEFAULT_MTU; pi->flush_to = L2CAP_DEFAULT_FLUSH_TO; } @@ -1271,42 +1272,6 @@ static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned return len; } -static inline void l2cap_parse_conf_req(struct sock *sk, void *data, int len) -{ - int type, hint, olen; - unsigned long val; - void *ptr = data; - - BT_DBG("sk %p len %d", sk, len); - - while (len >= L2CAP_CONF_OPT_SIZE) { - len -= l2cap_get_conf_opt(&ptr, &type, &olen, &val); - - hint = type & 0x80; - type &= 0x7f; - - switch (type) { - case L2CAP_CONF_MTU: - l2cap_pi(sk)->conf_mtu = val; - break; - - case L2CAP_CONF_FLUSH_TO: - l2cap_pi(sk)->flush_to = val; - break; - - case L2CAP_CONF_QOS: - break; - - default: - if (hint) - break; - - /* FIXME: Reject unknown option */ - break; - } - } -} - static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val) { struct l2cap_conf_opt *opt = *ptr; @@ -1358,39 +1323,75 @@ static int l2cap_build_conf_req(struct sock *sk, void *data) return ptr - data; } -static inline int l2cap_conf_output(struct sock *sk, void **ptr) +static int l2cap_parse_conf_req(struct sock *sk, void *data) { struct l2cap_pinfo *pi = l2cap_pi(sk); - int result = 0; + struct l2cap_conf_rsp *rsp = data; + void *ptr = rsp->data; + void *req = pi->conf_req; + int len = pi->conf_len; + int type, hint, olen; + unsigned long val; + u16 result = L2CAP_CONF_SUCCESS; - /* Configure output options and let the other side know - * which ones we don't like. */ - if (pi->conf_mtu < pi->omtu) - result = L2CAP_CONF_UNACCEPT; - else - pi->omtu = pi->conf_mtu; + BT_DBG("sk %p", sk); - l2cap_add_conf_opt(ptr, L2CAP_CONF_MTU, 2, pi->omtu); + while (len >= L2CAP_CONF_OPT_SIZE) { + len -= l2cap_get_conf_opt(&req, &type, &olen, &val); - BT_DBG("sk %p result %d", sk, result); - return result; + hint = type & 0x80; + type &= 0x7f; + + switch (type) { + case L2CAP_CONF_MTU: + pi->conf_mtu = val; + break; + + case L2CAP_CONF_FLUSH_TO: + pi->flush_to = val; + break; + + case L2CAP_CONF_QOS: + break; + + default: + if (hint) + break; + + result = L2CAP_CONF_UNKNOWN; + *((u8 *) ptr++) = type; + break; + } + } + + if (result == L2CAP_CONF_SUCCESS) { + /* Configure output options and let the other side know + * which ones we don't like. */ + + if (pi->conf_mtu < pi->omtu) + result = L2CAP_CONF_UNACCEPT; + else + pi->omtu = pi->conf_mtu; + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu); + } + + rsp->scid = cpu_to_le16(pi->dcid); + rsp->result = cpu_to_le16(result); + rsp->flags = cpu_to_le16(0x0000); + + return ptr - data; } -static int l2cap_build_conf_rsp(struct sock *sk, void *data, int *result) +static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags) { struct l2cap_conf_rsp *rsp = data; void *ptr = rsp->data; - u16 flags = 0; - BT_DBG("sk %p complete %d", sk, result ? 1 : 0); - - if (result) - *result = l2cap_conf_output(sk, &ptr); - else - flags = 0x0001; + BT_DBG("sk %p", sk); rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid); - rsp->result = cpu_to_le16(result ? *result : 0); + rsp->result = cpu_to_le16(result); rsp->flags = cpu_to_le16(flags); return ptr - data; @@ -1535,7 +1536,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr u16 dcid, flags; u8 rsp[64]; struct sock *sk; - int result; + int len; dcid = __le16_to_cpu(req->dcid); flags = __le16_to_cpu(req->flags); @@ -1548,25 +1549,40 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr if (sk->sk_state == BT_DISCONN) goto unlock; - l2cap_parse_conf_req(sk, req->data, cmd->len - sizeof(*req)); + /* Reject if config buffer is too small. */ + len = cmd->len - sizeof(*req); + if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) { + l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, + l2cap_build_conf_rsp(sk, rsp, + L2CAP_CONF_REJECT, flags), rsp); + goto unlock; + } + + /* Store config. */ + memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len); + l2cap_pi(sk)->conf_len += len; if (flags & 0x0001) { /* Incomplete config. Send empty response. */ l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, - l2cap_build_conf_rsp(sk, rsp, NULL), rsp); + l2cap_build_conf_rsp(sk, rsp, + L2CAP_CONF_SUCCESS, 0x0001), rsp); goto unlock; } /* Complete config. */ - l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, - l2cap_build_conf_rsp(sk, rsp, &result), rsp); - - if (result) + len = l2cap_parse_conf_req(sk, rsp); + if (len < 0) goto unlock; - /* Output config done */ + l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp); + + /* Output config done. */ l2cap_pi(sk)->conf_state |= L2CAP_CONF_OUTPUT_DONE; + /* Reset config buffer. */ + l2cap_pi(sk)->conf_len = 0; + if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) { sk->sk_state = BT_CONNECTED; l2cap_chan_ready(sk); From 36247f5421015eab0bdd96789b24790598934db9 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 23 May 2007 14:30:44 -0700 Subject: [PATCH 03/25] [NET_SCHED]: Fix qdisc_restart return value when dequeue is empty My previous patch that changed the return value of qdisc_restart incorrectly made the case where dequeue returns empty continue processing packets. This patch is based on diagnosis and fix by Patrick McHardy. Reported-and-debugged-by: Anant Nitya Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/sched/sch_generic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c index f28bb2dc58d0..cbefe225581e 100644 --- a/net/sched/sch_generic.c +++ b/net/sched/sch_generic.c @@ -169,8 +169,8 @@ requeue: else q->ops->requeue(skb, q); netif_schedule(dev); - return 0; } + return 0; out: BUG_ON((int) q->q.qlen < 0); From bbb711e63332d7b43b535381c78b26a66cd60f48 Mon Sep 17 00:00:00 2001 From: Oliver Hartkopp Date: Wed, 23 May 2007 14:35:31 -0700 Subject: [PATCH 04/25] [IPV6]: Ignore ipv6 events on non-IPV6 capable devices. Signed-off-by: Oliver Hartkopp Signed-off-by: Urs Thuermann Signed-off-by: David S. Miller --- net/ipv6/addrconf.c | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index c7ea248fae2e..329de679ac38 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -2154,15 +2154,6 @@ static void addrconf_dev_config(struct net_device *dev) ASSERT_RTNL(); - if ((dev->type != ARPHRD_ETHER) && - (dev->type != ARPHRD_FDDI) && - (dev->type != ARPHRD_IEEE802_TR) && - (dev->type != ARPHRD_ARCNET) && - (dev->type != ARPHRD_INFINIBAND)) { - /* Alas, we support only Ethernet autoconfiguration. */ - return; - } - idev = addrconf_add_dev(dev); if (idev == NULL) return; @@ -2250,13 +2241,33 @@ static void addrconf_ip6_tnl_config(struct net_device *dev) ip6_tnl_add_linklocal(idev); } +static int ipv6_hwtype(struct net_device *dev) +{ + if ((dev->type == ARPHRD_ETHER) || + (dev->type == ARPHRD_LOOPBACK) || + (dev->type == ARPHRD_SIT) || + (dev->type == ARPHRD_TUNNEL6) || + (dev->type == ARPHRD_FDDI) || + (dev->type == ARPHRD_IEEE802_TR) || + (dev->type == ARPHRD_ARCNET) || + (dev->type == ARPHRD_INFINIBAND)) + return 1; + + return 0; +} + static int addrconf_notify(struct notifier_block *this, unsigned long event, void * data) { struct net_device *dev = (struct net_device *) data; - struct inet6_dev *idev = __in6_dev_get(dev); + struct inet6_dev *idev; int run_pending = 0; + if (!ipv6_hwtype(dev)) + return NOTIFY_OK; + + idev = __in6_dev_get(dev); + switch(event) { case NETDEV_REGISTER: if (!idev) { From 7e7a2d07b0faf13b2f7ad982c77ca30c9e9ee0e4 Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke Date: Wed, 23 May 2007 14:45:45 -0700 Subject: [PATCH 05/25] [ATM]: Use mutex instead of binary semaphore in idt77252 driver. Use mutex instead of binary semaphore in idt77252 driver. Signed-off-by: Matthias Kaehlcke Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- drivers/atm/idt77252.c | 27 ++++++++++++++------------- drivers/atm/idt77252.h | 4 ++-- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c index 057efbc55d38..3800bc0cb2ef 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c @@ -47,7 +47,8 @@ static char const rcsid[] = #include #include #include -#include +#include + #include #include #include @@ -2435,7 +2436,7 @@ idt77252_open(struct atm_vcc *vcc) set_bit(ATM_VF_ADDR, &vcc->flags); - down(&card->mutex); + mutex_lock(&card->mutex); OPRINTK("%s: opening vpi.vci: %d.%d\n", card->name, vpi, vci); @@ -2446,7 +2447,7 @@ idt77252_open(struct atm_vcc *vcc) break; default: printk("%s: Unsupported AAL: %d\n", card->name, vcc->qos.aal); - up(&card->mutex); + mutex_unlock(&card->mutex); return -EPROTONOSUPPORT; } @@ -2455,7 +2456,7 @@ idt77252_open(struct atm_vcc *vcc) card->vcs[index] = kzalloc(sizeof(struct vc_map), GFP_KERNEL); if (!card->vcs[index]) { printk("%s: can't alloc vc in open()\n", card->name); - up(&card->mutex); + mutex_unlock(&card->mutex); return -ENOMEM; } card->vcs[index]->card = card; @@ -2484,14 +2485,14 @@ idt77252_open(struct atm_vcc *vcc) if (inuse) { printk("%s: %s vci already in use.\n", card->name, inuse == 1 ? "tx" : inuse == 2 ? "rx" : "tx and rx"); - up(&card->mutex); + mutex_unlock(&card->mutex); return -EADDRINUSE; } if (vcc->qos.txtp.traffic_class != ATM_NONE) { error = idt77252_init_tx(card, vc, vcc, &vcc->qos); if (error) { - up(&card->mutex); + mutex_unlock(&card->mutex); return error; } } @@ -2499,14 +2500,14 @@ idt77252_open(struct atm_vcc *vcc) if (vcc->qos.rxtp.traffic_class != ATM_NONE) { error = idt77252_init_rx(card, vc, vcc, &vcc->qos); if (error) { - up(&card->mutex); + mutex_unlock(&card->mutex); return error; } } set_bit(ATM_VF_READY, &vcc->flags); - up(&card->mutex); + mutex_unlock(&card->mutex); return 0; } @@ -2520,7 +2521,7 @@ idt77252_close(struct atm_vcc *vcc) unsigned long addr; unsigned long timeout; - down(&card->mutex); + mutex_lock(&card->mutex); IPRINTK("%s: idt77252_close: vc = %d (%d.%d)\n", card->name, vc->index, vcc->vpi, vcc->vci); @@ -2591,7 +2592,7 @@ done: free_scq(card, vc->scq); } - up(&card->mutex); + mutex_unlock(&card->mutex); } static int @@ -2602,7 +2603,7 @@ idt77252_change_qos(struct atm_vcc *vcc, struct atm_qos *qos, int flags) struct vc_map *vc = vcc->dev_data; int error = 0; - down(&card->mutex); + mutex_lock(&card->mutex); if (qos->txtp.traffic_class != ATM_NONE) { if (!test_bit(VCF_TX, &vc->flags)) { @@ -2648,7 +2649,7 @@ idt77252_change_qos(struct atm_vcc *vcc, struct atm_qos *qos, int flags) set_bit(ATM_VF_HASQOS, &vcc->flags); out: - up(&card->mutex); + mutex_unlock(&card->mutex); return error; } @@ -3709,7 +3710,7 @@ idt77252_init_one(struct pci_dev *pcidev, const struct pci_device_id *id) membase = pci_resource_start(pcidev, 1); srambase = pci_resource_start(pcidev, 2); - init_MUTEX(&card->mutex); + mutex_init(&card->mutex); spin_lock_init(&card->cmd_lock); spin_lock_init(&card->tst_lock); diff --git a/drivers/atm/idt77252.h b/drivers/atm/idt77252.h index 544b39738291..6f2b4a5875fb 100644 --- a/drivers/atm/idt77252.h +++ b/drivers/atm/idt77252.h @@ -37,7 +37,7 @@ #include #include #include - +#include /*****************************************************************************/ /* */ @@ -359,7 +359,7 @@ struct idt77252_dev unsigned long srambase; /* SAR's sram base address */ void __iomem *fbq[4]; /* FBQ fill addresses */ - struct semaphore mutex; + struct mutex mutex; spinlock_t cmd_lock; /* for r/w utility/sram */ unsigned long softstat; From 3df25df354d0e9bae9b83be5a828b6756db9bcf4 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 23 May 2007 14:46:35 -0700 Subject: [PATCH 06/25] [DCCP]: Use menuconfig objects. Use menuconfigs instead of menus, so the whole menu can be disabled at once instead of going through all options. Signed-off-by: Jan Engelhardt Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/dccp/Kconfig | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/net/dccp/Kconfig b/net/dccp/Kconfig index b8a68dd41000..0549e4719b13 100644 --- a/net/dccp/Kconfig +++ b/net/dccp/Kconfig @@ -1,8 +1,6 @@ -menu "DCCP Configuration (EXPERIMENTAL)" - depends on INET && EXPERIMENTAL - -config IP_DCCP +menuconfig IP_DCCP tristate "The DCCP Protocol (EXPERIMENTAL)" + depends on INET && EXPERIMENTAL ---help--- Datagram Congestion Control Protocol (RFC 4340) @@ -19,19 +17,20 @@ config IP_DCCP If in doubt, say N. +if IP_DCCP + config INET_DCCP_DIAG - depends on IP_DCCP && INET_DIAG + depends on INET_DIAG def_tristate y if (IP_DCCP = y && INET_DIAG = y) def_tristate m config IP_DCCP_ACKVEC - depends on IP_DCCP bool source "net/dccp/ccids/Kconfig" menu "DCCP Kernel Hacking" - depends on IP_DCCP && DEBUG_KERNEL=y + depends on DEBUG_KERNEL=y config IP_DCCP_DEBUG bool "DCCP debug messages" @@ -61,4 +60,4 @@ config NET_DCCPPROBE endmenu -endmenu +endif # IP_DDCP From a6938a1e0e0ebdf42f34b37116576d9eaaa9bba4 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 23 May 2007 14:48:10 -0700 Subject: [PATCH 07/25] [IPVS]: Use menuconfig objects. Use menuconfigs instead of menus, so the whole menu can be disabled at once instead of going through all options. Signed-off-by: Jan Engelhardt Acked-by: Simon Horman Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/ipv4/ipvs/Kconfig | 30 +++++------------------------- 1 file changed, 5 insertions(+), 25 deletions(-) diff --git a/net/ipv4/ipvs/Kconfig b/net/ipv4/ipvs/Kconfig index 891b9355cf96..09d0c3f35669 100644 --- a/net/ipv4/ipvs/Kconfig +++ b/net/ipv4/ipvs/Kconfig @@ -1,10 +1,7 @@ # # IP Virtual Server configuration # -menu "IP: Virtual Server Configuration" - depends on NETFILTER - -config IP_VS +menuconfig IP_VS tristate "IP virtual server support (EXPERIMENTAL)" depends on NETFILTER ---help--- @@ -25,9 +22,10 @@ config IP_VS If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. +if IP_VS + config IP_VS_DEBUG bool "IP virtual server debugging" - depends on IP_VS ---help--- Say Y here if you want to get additional messages useful in debugging the IP virtual server code. You can change the debug @@ -35,7 +33,6 @@ config IP_VS_DEBUG config IP_VS_TAB_BITS int "IPVS connection table size (the Nth power of 2)" - depends on IP_VS default "12" ---help--- The IPVS connection hash table uses the chaining scheme to handle @@ -61,42 +58,35 @@ config IP_VS_TAB_BITS needed for your box. comment "IPVS transport protocol load balancing support" - depends on IP_VS config IP_VS_PROTO_TCP bool "TCP load balancing support" - depends on IP_VS ---help--- This option enables support for load balancing TCP transport protocol. Say Y if unsure. config IP_VS_PROTO_UDP bool "UDP load balancing support" - depends on IP_VS ---help--- This option enables support for load balancing UDP transport protocol. Say Y if unsure. config IP_VS_PROTO_ESP bool "ESP load balancing support" - depends on IP_VS ---help--- This option enables support for load balancing ESP (Encapsulation Security Payload) transport protocol. Say Y if unsure. config IP_VS_PROTO_AH bool "AH load balancing support" - depends on IP_VS ---help--- This option enables support for load balancing AH (Authentication Header) transport protocol. Say Y if unsure. comment "IPVS scheduler" - depends on IP_VS config IP_VS_RR tristate "round-robin scheduling" - depends on IP_VS ---help--- The robin-robin scheduling algorithm simply directs network connections to different real servers in a round-robin manner. @@ -106,7 +96,6 @@ config IP_VS_RR config IP_VS_WRR tristate "weighted round-robin scheduling" - depends on IP_VS ---help--- The weighted robin-robin scheduling algorithm directs network connections to different real servers based on server weights @@ -120,7 +109,6 @@ config IP_VS_WRR config IP_VS_LC tristate "least-connection scheduling" - depends on IP_VS ---help--- The least-connection scheduling algorithm directs network connections to the server with the least number of active @@ -131,7 +119,6 @@ config IP_VS_LC config IP_VS_WLC tristate "weighted least-connection scheduling" - depends on IP_VS ---help--- The weighted least-connection scheduling algorithm directs network connections to the server with the least active connections @@ -142,7 +129,6 @@ config IP_VS_WLC config IP_VS_LBLC tristate "locality-based least-connection scheduling" - depends on IP_VS ---help--- The locality-based least-connection scheduling algorithm is for destination IP load balancing. It is usually used in cache cluster. @@ -157,7 +143,6 @@ config IP_VS_LBLC config IP_VS_LBLCR tristate "locality-based least-connection with replication scheduling" - depends on IP_VS ---help--- The locality-based least-connection with replication scheduling algorithm is also for destination IP load balancing. It is @@ -176,7 +161,6 @@ config IP_VS_LBLCR config IP_VS_DH tristate "destination hashing scheduling" - depends on IP_VS ---help--- The destination hashing scheduling algorithm assigns network connections to the servers through looking up a statically assigned @@ -187,7 +171,6 @@ config IP_VS_DH config IP_VS_SH tristate "source hashing scheduling" - depends on IP_VS ---help--- The source hashing scheduling algorithm assigns network connections to the servers through looking up a statically assigned @@ -198,7 +181,6 @@ config IP_VS_SH config IP_VS_SED tristate "shortest expected delay scheduling" - depends on IP_VS ---help--- The shortest expected delay scheduling algorithm assigns network connections to the server with the shortest expected delay. The @@ -212,7 +194,6 @@ config IP_VS_SED config IP_VS_NQ tristate "never queue scheduling" - depends on IP_VS ---help--- The never queue scheduling algorithm adopts a two-speed model. When there is an idle server available, the job will be sent to @@ -225,11 +206,10 @@ config IP_VS_NQ module, choose M here. If unsure, say N. comment 'IPVS application helper' - depends on IP_VS config IP_VS_FTP tristate "FTP protocol helper" - depends on IP_VS && IP_VS_PROTO_TCP + depends on IP_VS_PROTO_TCP ---help--- FTP is a protocol that transfers IP address and/or port number in the payload. In the virtual server via Network Address Translation, @@ -241,4 +221,4 @@ config IP_VS_FTP If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. -endmenu +endif # IP_VS From 29e32ccdec8574aa5b6e0b6b555815dbb62591e1 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 23 May 2007 14:48:57 -0700 Subject: [PATCH 08/25] [SCTP]: Use menuconfig objects. Use menuconfigs instead of menus, so the whole menu can be disabled at once instead of going through all options. Signed-off-by: Jan Engelhardt Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/sctp/Kconfig | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig index 9cba49e2ad43..8210f549c492 100644 --- a/net/sctp/Kconfig +++ b/net/sctp/Kconfig @@ -2,11 +2,9 @@ # SCTP configuration # -menu "SCTP Configuration (EXPERIMENTAL)" - depends on INET && EXPERIMENTAL - -config IP_SCTP +menuconfig IP_SCTP tristate "The SCTP Protocol (EXPERIMENTAL)" + depends on INET && EXPERIMENTAL depends on IPV6 || IPV6=n select CRYPTO if SCTP_HMAC_SHA1 || SCTP_HMAC_MD5 select CRYPTO_HMAC if SCTP_HMAC_SHA1 || SCTP_HMAC_MD5 @@ -36,9 +34,10 @@ config IP_SCTP If in doubt, say N. +if IP_SCTP + config SCTP_DBG_MSG bool "SCTP: Debug messages" - depends on IP_SCTP help If you say Y, this will enable verbose debugging messages. @@ -47,7 +46,6 @@ config SCTP_DBG_MSG config SCTP_DBG_OBJCNT bool "SCTP: Debug object counts" - depends on IP_SCTP help If you say Y, this will enable debugging support for counting the type of objects that are currently allocated. This is useful for @@ -59,7 +57,6 @@ config SCTP_DBG_OBJCNT choice prompt "SCTP: Cookie HMAC Algorithm" - depends on IP_SCTP default SCTP_HMAC_MD5 help HMAC algorithm to be used during association initialization. It @@ -86,4 +83,5 @@ config SCTP_HMAC_MD5 advised to use either HMAC-MD5 or HMAC-SHA1. endchoice -endmenu + +endif # IP_SCTP From a31b19c514664b8161b956f8da45d8a9166da0c6 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 23 May 2007 14:49:38 -0700 Subject: [PATCH 09/25] [TIPC]: Use menuconfig objects. Use menuconfigs instead of menus, so the whole menu can be disabled at once instead of going through all options. Signed-off-by: Jan Engelhardt Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/tipc/Kconfig | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/net/tipc/Kconfig b/net/tipc/Kconfig index f9e367d946eb..3b30d1130b61 100644 --- a/net/tipc/Kconfig +++ b/net/tipc/Kconfig @@ -2,11 +2,9 @@ # TIPC configuration # -menu "TIPC Configuration (EXPERIMENTAL)" - depends on INET && EXPERIMENTAL - -config TIPC +menuconfig TIPC tristate "The TIPC Protocol (EXPERIMENTAL)" + depends on INET && EXPERIMENTAL ---help--- The Transparent Inter Process Communication (TIPC) protocol is specially designed for intra cluster communication. This protocol @@ -22,9 +20,10 @@ config TIPC If in doubt, say N. +if TIPC + config TIPC_ADVANCED bool "TIPC: Advanced configuration" - depends on TIPC default n help Saying Y here will open some advanced configuration @@ -33,7 +32,7 @@ config TIPC_ADVANCED config TIPC_ZONES int "Maximum number of zones in network" - depends on TIPC && TIPC_ADVANCED + depends on TIPC_ADVANCED default "3" help Max number of zones inside TIPC network. Max supported value @@ -44,7 +43,7 @@ config TIPC_ZONES config TIPC_CLUSTERS int "Maximum number of clusters in a zone" - depends on TIPC && TIPC_ADVANCED + depends on TIPC_ADVANCED default "1" help ***Only 1 (one cluster in a zone) is supported by current code. @@ -59,7 +58,7 @@ config TIPC_CLUSTERS config TIPC_NODES int "Maximum number of nodes in cluster" - depends on TIPC && TIPC_ADVANCED + depends on TIPC_ADVANCED default "255" help Maximum number of nodes inside a TIPC cluster. Maximum @@ -70,7 +69,7 @@ config TIPC_NODES config TIPC_SLAVE_NODES int "Maximum number of slave nodes in cluster" - depends on TIPC && TIPC_ADVANCED + depends on TIPC_ADVANCED default "0" help ***This capability is not supported by current code.*** @@ -83,7 +82,7 @@ config TIPC_SLAVE_NODES config TIPC_PORTS int "Maximum number of ports in a node" - depends on TIPC && TIPC_ADVANCED + depends on TIPC_ADVANCED default "8191" help Maximum number of ports within a node. Maximum @@ -94,7 +93,7 @@ config TIPC_PORTS config TIPC_LOG int "Size of log buffer" - depends on TIPC && TIPC_ADVANCED + depends on TIPC_ADVANCED default 0 help Size (in bytes) of TIPC's internal log buffer, which records the @@ -106,7 +105,6 @@ config TIPC_LOG config TIPC_DEBUG bool "Enable debugging support" - depends on TIPC default n help This will enable debugging of TIPC. @@ -114,4 +112,4 @@ config TIPC_DEBUG Only say Y here if you are having trouble with TIPC. It will enable the display of detailed information about what is going on. -endmenu +endif # TIPC From 42859007f458f305624009862d6ca818e3c5be57 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 23 May 2007 14:50:18 -0700 Subject: [PATCH 10/25] [ARCNET]: Use menuconfig objects. Use menuconfigs instead of menus, so the whole menu can be disabled at once instead of going through all options. Signed-off-by: Jan Engelhardt Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- drivers/net/arcnet/Kconfig | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/drivers/net/arcnet/Kconfig b/drivers/net/arcnet/Kconfig index 7284ccad0b91..4030274fe788 100644 --- a/drivers/net/arcnet/Kconfig +++ b/drivers/net/arcnet/Kconfig @@ -2,10 +2,8 @@ # Arcnet configuration # -menu "ARCnet devices" +menuconfig ARCNET depends on NETDEVICES && (ISA || PCI) - -config ARCNET tristate "ARCnet support" ---help--- If you have a network card of this type, say Y and check out the @@ -25,9 +23,10 @@ config ARCNET . The module will be called arcnet. +if ARCNET + config ARCNET_1201 tristate "Enable standard ARCNet packet format (RFC 1201)" - depends on ARCNET help This allows you to use RFC1201 with your ARCnet card via the virtual arc0 device. You need to say Y here to communicate with @@ -38,7 +37,6 @@ config ARCNET_1201 config ARCNET_1051 tristate "Enable old ARCNet packet format (RFC 1051)" - depends on ARCNET ---help--- This allows you to use RFC1051 with your ARCnet card via the virtual arc0s device. You only need arc0s if you want to talk to ARCnet @@ -53,7 +51,6 @@ config ARCNET_1051 config ARCNET_RAW tristate "Enable raw mode packet interface" - depends on ARCNET help ARCnet "raw mode" packet encapsulation, no soft headers. Unlikely to work unless talking to a copy of the same Linux arcnet driver, @@ -61,7 +58,6 @@ config ARCNET_RAW config ARCNET_CAP tristate "Enable CAP mode packet interface" - depends on ARCNET help ARCnet "cap mode" packet encapsulation. Used to get the hardware acknowledge back to userspace. After the initial protocol byte every @@ -80,7 +76,6 @@ config ARCNET_CAP config ARCNET_COM90xx tristate "ARCnet COM90xx (normal) chipset driver" - depends on ARCNET help This is the chipset driver for the standard COM90xx cards. If you have always used the old ARCnet driver without knowing what type of @@ -92,7 +87,6 @@ config ARCNET_COM90xx config ARCNET_COM90xxIO tristate "ARCnet COM90xx (IO mapped) chipset driver" - depends on ARCNET ---help--- This is the chipset driver for the COM90xx cards, using them in IO-mapped mode instead of memory-mapped mode. This is slower than @@ -105,7 +99,6 @@ config ARCNET_COM90xxIO config ARCNET_RIM_I tristate "ARCnet COM90xx (RIM I) chipset driver" - depends on ARCNET ---help--- This is yet another chipset driver for the COM90xx cards, but this time only using memory-mapped mode, and no IO ports at all. This @@ -118,7 +111,6 @@ config ARCNET_RIM_I config ARCNET_COM20020 tristate "ARCnet COM20020 chipset driver" - depends on ARCNET help This is the driver for the new COM20020 chipset. It supports such things as promiscuous mode, so packet sniffing is possible, and @@ -136,5 +128,4 @@ config ARCNET_COM20020_PCI tristate "Support for COM20020 on PCI" depends on ARCNET_COM20020 && PCI -endmenu - +endif # ARCNET From 8a903be129a741fd1e1d44223f0e3a01c357bde5 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 23 May 2007 14:51:07 -0700 Subject: [PATCH 11/25] [TR]: Use menuconfig objects. Use menuconfigs instead of menus, so the whole menu can be disabled at once instead of going through all options. Signed-off-by: Jan Engelhardt Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- drivers/net/tokenring/Kconfig | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/drivers/net/tokenring/Kconfig b/drivers/net/tokenring/Kconfig index 99c4c1922f19..e6b2e06493e7 100644 --- a/drivers/net/tokenring/Kconfig +++ b/drivers/net/tokenring/Kconfig @@ -2,12 +2,10 @@ # Token Ring driver configuration # -menu "Token Ring devices" - depends on NETDEVICES && !UML - # So far, we only have PCI, ISA, and MCA token ring devices -config TR +menuconfig TR bool "Token Ring driver support" + depends on NETDEVICES && !UML depends on (PCI || ISA || MCA || CCW) select LLC help @@ -20,9 +18,11 @@ config TR from . Most people can say N here. +if TR + config IBMTR tristate "IBM Tropic chipset based adapter support" - depends on TR && (ISA || MCA) + depends on ISA || MCA ---help--- This is support for all IBM Token Ring cards that don't use DMA. If you have such a beast, say Y and read the Token-Ring mini-HOWTO, @@ -36,7 +36,7 @@ config IBMTR config IBMOL tristate "IBM Olympic chipset PCI adapter support" - depends on TR && PCI + depends on PCI ---help--- This is support for all non-Lanstreamer IBM PCI Token Ring Cards. Specifically this is all IBM PCI, PCI Wake On Lan, PCI II, PCI II @@ -54,7 +54,7 @@ config IBMOL config IBMLS tristate "IBM Lanstreamer chipset PCI adapter support" - depends on TR && PCI && !64BIT + depends on PCI && !64BIT help This is support for IBM Lanstreamer PCI Token Ring Cards. @@ -66,7 +66,7 @@ config IBMLS config 3C359 tristate "3Com 3C359 Token Link Velocity XL adapter support" - depends on TR && PCI + depends on PCI ---help--- This is support for the 3Com PCI Velocity XL cards, specifically the 3Com 3C359, please note this is not for the 3C339 cards, you @@ -84,7 +84,7 @@ config 3C359 config TMS380TR tristate "Generic TMS380 Token Ring ISA/PCI adapter support" - depends on TR && (PCI || ISA && ISA_DMA_API || MCA) + depends on PCI || ISA && ISA_DMA_API || MCA select FW_LOADER ---help--- This driver provides generic support for token ring adapters @@ -108,7 +108,7 @@ config TMS380TR config TMSPCI tristate "Generic TMS380 PCI support" - depends on TR && TMS380TR && PCI + depends on TMS380TR && PCI ---help--- This tms380 module supports generic TMS380-based PCI cards. @@ -123,7 +123,7 @@ config TMSPCI config SKISA tristate "SysKonnect TR4/16 ISA support" - depends on TR && TMS380TR && ISA + depends on TMS380TR && ISA help This tms380 module supports SysKonnect TR4/16 ISA cards. @@ -135,7 +135,7 @@ config SKISA config PROTEON tristate "Proteon ISA support" - depends on TR && TMS380TR && ISA + depends on TMS380TR && ISA help This tms380 module supports Proteon ISA cards. @@ -148,7 +148,7 @@ config PROTEON config ABYSS tristate "Madge Smart 16/4 PCI Mk2 support" - depends on TR && TMS380TR && PCI + depends on TMS380TR && PCI help This tms380 module supports the Madge Smart 16/4 PCI Mk2 cards (51-02). @@ -158,7 +158,7 @@ config ABYSS config MADGEMC tristate "Madge Smart 16/4 Ringnode MicroChannel" - depends on TR && TMS380TR && MCA + depends on TMS380TR && MCA help This tms380 module supports the Madge Smart 16/4 MC16 and MC32 MicroChannel adapters. @@ -168,7 +168,7 @@ config MADGEMC config SMCTR tristate "SMC ISA/MCA adapter support" - depends on TR && (ISA || MCA_LEGACY) && (BROKEN || !64BIT) + depends on (ISA || MCA_LEGACY) && (BROKEN || !64BIT) ---help--- This is support for the ISA and MCA SMC Token Ring cards, specifically SMC TokenCard Elite (8115T) and SMC TokenCard Elite/A @@ -182,5 +182,4 @@ config SMCTR To compile this driver as a module, choose M here: the module will be called smctr. -endmenu - +endif # TR From b8f558313506b5bc435f2e031f3bec4b1725098e Mon Sep 17 00:00:00 2001 From: Milan Kocian Date: Wed, 23 May 2007 14:55:06 -0700 Subject: [PATCH 12/25] [RTNETLINK]: Fix sending netlink message when replace route. When you replace route via ip r r command the netlink multicast message is not send. This patch corrects it. NL message is sent with NLM_F_REPLACE flag. Addresses http://bugzilla.kernel.org/show_bug.cgi?id=8320 Signed-off-by: Milan Kocian Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/ipv4/fib_hash.c | 6 ++++-- net/ipv4/fib_lookup.h | 3 ++- net/ipv4/fib_semantics.c | 5 +++-- net/ipv4/fib_trie.c | 6 ++++-- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c index 9cfecf1215c9..07e843a47dde 100644 --- a/net/ipv4/fib_hash.c +++ b/net/ipv4/fib_hash.c @@ -456,6 +456,8 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) fib_release_info(fi_drop); if (state & FA_S_ACCESSED) rt_cache_flush(-1); + rtmsg_fib(RTM_NEWROUTE, key, fa, cfg->fc_dst_len, tb->tb_id, + &cfg->fc_nlinfo, NLM_F_REPLACE); return 0; } @@ -523,7 +525,7 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) rt_cache_flush(-1); rtmsg_fib(RTM_NEWROUTE, key, new_fa, cfg->fc_dst_len, tb->tb_id, - &cfg->fc_nlinfo); + &cfg->fc_nlinfo, 0); return 0; out_free_new_fa: @@ -589,7 +591,7 @@ static int fn_hash_delete(struct fib_table *tb, struct fib_config *cfg) fa = fa_to_delete; rtmsg_fib(RTM_DELROUTE, key, fa, cfg->fc_dst_len, - tb->tb_id, &cfg->fc_nlinfo); + tb->tb_id, &cfg->fc_nlinfo, 0); kill_fn = 0; write_lock_bh(&fib_hash_lock); diff --git a/net/ipv4/fib_lookup.h b/net/ipv4/fib_lookup.h index 0e8b70bad4e1..eef9eec17e0c 100644 --- a/net/ipv4/fib_lookup.h +++ b/net/ipv4/fib_lookup.h @@ -30,7 +30,8 @@ extern int fib_dump_info(struct sk_buff *skb, u32 pid, u32 seq, int event, int dst_len, u8 tos, struct fib_info *fi, unsigned int); extern void rtmsg_fib(int event, __be32 key, struct fib_alias *fa, - int dst_len, u32 tb_id, struct nl_info *info); + int dst_len, u32 tb_id, struct nl_info *info, + unsigned int nlm_flags); extern struct fib_alias *fib_find_alias(struct list_head *fah, u8 tos, u32 prio); extern int fib_detect_death(struct fib_info *fi, int order, diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c index 406ea7050aed..bb94550d95c3 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -301,7 +301,8 @@ static inline size_t fib_nlmsg_size(struct fib_info *fi) } void rtmsg_fib(int event, __be32 key, struct fib_alias *fa, - int dst_len, u32 tb_id, struct nl_info *info) + int dst_len, u32 tb_id, struct nl_info *info, + unsigned int nlm_flags) { struct sk_buff *skb; u32 seq = info->nlh ? info->nlh->nlmsg_seq : 0; @@ -313,7 +314,7 @@ void rtmsg_fib(int event, __be32 key, struct fib_alias *fa, err = fib_dump_info(skb, info->pid, seq, event, tb_id, fa->fa_type, fa->fa_scope, key, dst_len, - fa->fa_tos, fa->fa_info, 0); + fa->fa_tos, fa->fa_info, nlm_flags); if (err < 0) { /* -EMSGSIZE implies BUG in fib_nlmsg_size() */ WARN_ON(err == -EMSGSIZE); diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c index 9be7da7c3a8f..30e332ade61b 100644 --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c @@ -1226,6 +1226,8 @@ static int fn_trie_insert(struct fib_table *tb, struct fib_config *cfg) fib_release_info(fi_drop); if (state & FA_S_ACCESSED) rt_cache_flush(-1); + rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen, + tb->tb_id, &cfg->fc_nlinfo, NLM_F_REPLACE); goto succeeded; } @@ -1278,7 +1280,7 @@ static int fn_trie_insert(struct fib_table *tb, struct fib_config *cfg) rt_cache_flush(-1); rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen, tb->tb_id, - &cfg->fc_nlinfo); + &cfg->fc_nlinfo, 0); succeeded: return 0; @@ -1624,7 +1626,7 @@ static int fn_trie_delete(struct fib_table *tb, struct fib_config *cfg) fa = fa_to_delete; rtmsg_fib(RTM_DELROUTE, htonl(key), fa, plen, tb->tb_id, - &cfg->fc_nlinfo); + &cfg->fc_nlinfo, 0); l = fib_find_node(t, key); li = find_leaf_info(l, plen); From cb283ead710c342d9856af8507e2a42bf5c6576c Mon Sep 17 00:00:00 2001 From: Jon Paul Maloy Date: Wed, 23 May 2007 15:11:15 -0700 Subject: [PATCH 13/25] [TIPC]: Fixed erroneous introduction of for_each_netdev Signed-off-by: Jon Paul Maloy Signed-off-by: David S. Miller --- net/tipc/eth_media.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/net/tipc/eth_media.c b/net/tipc/eth_media.c index 0ee6ded18f3a..77d2d9ce8962 100644 --- a/net/tipc/eth_media.c +++ b/net/tipc/eth_media.c @@ -120,18 +120,20 @@ static int recv_msg(struct sk_buff *buf, struct net_device *dev, static int enable_bearer(struct tipc_bearer *tb_ptr) { - struct net_device *dev, *pdev; + struct net_device *dev = NULL; + struct net_device *pdev = NULL; struct eth_bearer *eb_ptr = ð_bearers[0]; struct eth_bearer *stop = ð_bearers[MAX_ETH_BEARERS]; char *driver_name = strchr((const char *)tb_ptr->name, ':') + 1; /* Find device with specified name */ - dev = NULL; - for_each_netdev(pdev) - if (!strncmp(dev->name, driver_name, IFNAMSIZ)) { + + for_each_netdev(pdev){ + if (!strncmp(pdev->name, driver_name, IFNAMSIZ)) { dev = pdev; break; } + } if (!dev) return -ENODEV; From 1b07a95a5be77dc1291de12b216f930aee04eb4f Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Wed, 23 May 2007 17:43:11 -0700 Subject: [PATCH 14/25] [DCCP]: Fix build warning when debugging is disabled. Signed-off-by: David S. Miller --- net/dccp/ccids/ccid3.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c index d7d9ce737244..ec7fa4d67f08 100644 --- a/net/dccp/ccids/ccid3.c +++ b/net/dccp/ccids/ccid3.c @@ -419,7 +419,6 @@ static void ccid3_hc_tx_packet_sent(struct sock *sk, int more, static void ccid3_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb) { - const struct dccp_sock *dp = dccp_sk(sk); struct ccid3_hc_tx_sock *hctx = ccid3_hc_tx_sk(sk); struct ccid3_options_received *opt_recv; struct dccp_tx_hist_entry *packet; @@ -491,7 +490,7 @@ static void ccid3_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb) ccid3_pr_debug("%s(%p), s=%u, MSS=%u, " "R_sample=%uus, X=%u\n", dccp_role(sk), sk, hctx->ccid3hctx_s, - dp->dccps_mss_cache, r_sample, + dccp_sk(sk)->dccps_mss_cache, r_sample, (unsigned)(hctx->ccid3hctx_x >> 6)); ccid3_hc_tx_set_state(sk, TFRC_SSTATE_FBACK); From 2e4b3b0e8734d1173c96c6f5d8a8dd6728950b56 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Wed, 23 May 2007 23:39:54 -0700 Subject: [PATCH 15/25] [NET_SCHED]: sch_htb: fix event cache time calculation The event cache time must be an absolute value, when no event exists it is incorrectly set to 1s instead of 1s in the future. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/sched/sch_htb.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c index 99bcec8dd04c..035788c5b7f8 100644 --- a/net/sched/sch_htb.c +++ b/net/sched/sch_htb.c @@ -976,8 +976,9 @@ static struct sk_buff *htb_dequeue(struct Qdisc *sch) if (q->now >= q->near_ev_cache[level]) { event = htb_do_events(q, level); - q->near_ev_cache[level] = event ? event : - PSCHED_TICKS_PER_SEC; + if (!event) + event = q->now + PSCHED_TICKS_PER_SEC; + q->near_ev_cache[level] = event; } else event = q->near_ev_cache[level]; From 5fe26f53fe9e2ba5dca2835a4ca69d0ba7b5f707 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 24 May 2007 16:40:51 -0700 Subject: [PATCH 16/25] [NETFILTER]: nf_conntrack_ftp: fix newline sequence number update When trying to locate the oldest entry in the history of newline character sequence numbers, the sequence number of the current entry is incorrectly compared with the index of the oldest sequence number instead of the number itself. Additionally it is not made sure that the current sequence number really is after the oldest known one. Based on report by YU, Haitao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/nf_conntrack_ftp.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c index a186799f6542..4bb669c7780f 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c @@ -335,15 +335,17 @@ static void update_nl_seq(u32 nl_seq, struct nf_ct_ftp_master *info, int dir, if (info->seq_aft_nl[dir][i] == nl_seq) return; - if (oldest == info->seq_aft_nl_num[dir] - || before(info->seq_aft_nl[dir][i], oldest)) + if (oldest == info->seq_aft_nl_num[dir] || + before(info->seq_aft_nl[dir][i], + info->seq_aft_nl[dir][oldest])) oldest = i; } if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; nf_conntrack_event_cache(IPCT_HELPINFO_VOLATILE, skb); - } else if (oldest != NUM_SEQ_TO_REMEMBER) { + } else if (oldest != NUM_SEQ_TO_REMEMBER && + after(nl_seq, info->seq_aft_nl[dir][oldest])) { info->seq_aft_nl[dir][oldest] = nl_seq; nf_conntrack_event_cache(IPCT_HELPINFO_VOLATILE, skb); } From 25b86e05467a2bf936b78695ef49039e3bbd1e0c Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 24 May 2007 16:41:50 -0700 Subject: [PATCH 17/25] [NETFILTER]: nf_conntrack_ftp: fix newline sequence number calculation When the packet size is changed by the FTP NAT helper, the connection tracking helper adjusts the sequence number of the newline character by the size difference. This is wrong because NAT sequence number adjustment happens after helpers are called, so the unadjusted number is compared to the already adjusted one. Based on report by YU, Haitao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- include/linux/netfilter/nf_conntrack_ftp.h | 3 +-- net/ipv4/netfilter/nf_nat_ftp.c | 20 ++++++-------------- net/netfilter/nf_conntrack_ftp.c | 5 ++--- 3 files changed, 9 insertions(+), 19 deletions(-) diff --git a/include/linux/netfilter/nf_conntrack_ftp.h b/include/linux/netfilter/nf_conntrack_ftp.h index 81453ea7e4c2..b7c360ffd0d0 100644 --- a/include/linux/netfilter/nf_conntrack_ftp.h +++ b/include/linux/netfilter/nf_conntrack_ftp.h @@ -37,8 +37,7 @@ extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb, enum nf_ct_ftp_type type, unsigned int matchoff, unsigned int matchlen, - struct nf_conntrack_expect *exp, - u32 *seq); + struct nf_conntrack_expect *exp); #endif /* __KERNEL__ */ #endif /* _NF_CONNTRACK_FTP_H */ diff --git a/net/ipv4/netfilter/nf_nat_ftp.c b/net/ipv4/netfilter/nf_nat_ftp.c index 751b59801755..e6bc8e5a72f1 100644 --- a/net/ipv4/netfilter/nf_nat_ftp.c +++ b/net/ipv4/netfilter/nf_nat_ftp.c @@ -40,8 +40,7 @@ mangle_rfc959_packet(struct sk_buff **pskb, unsigned int matchoff, unsigned int matchlen, struct nf_conn *ct, - enum ip_conntrack_info ctinfo, - u32 *seq) + enum ip_conntrack_info ctinfo) { char buffer[sizeof("nnn,nnn,nnn,nnn,nnn,nnn")]; @@ -50,7 +49,6 @@ mangle_rfc959_packet(struct sk_buff **pskb, DEBUGP("calling nf_nat_mangle_tcp_packet\n"); - *seq += strlen(buffer) - matchlen; return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, matchlen, buffer, strlen(buffer)); } @@ -63,8 +61,7 @@ mangle_eprt_packet(struct sk_buff **pskb, unsigned int matchoff, unsigned int matchlen, struct nf_conn *ct, - enum ip_conntrack_info ctinfo, - u32 *seq) + enum ip_conntrack_info ctinfo) { char buffer[sizeof("|1|255.255.255.255|65535|")]; @@ -72,7 +69,6 @@ mangle_eprt_packet(struct sk_buff **pskb, DEBUGP("calling nf_nat_mangle_tcp_packet\n"); - *seq += strlen(buffer) - matchlen; return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, matchlen, buffer, strlen(buffer)); } @@ -85,8 +81,7 @@ mangle_epsv_packet(struct sk_buff **pskb, unsigned int matchoff, unsigned int matchlen, struct nf_conn *ct, - enum ip_conntrack_info ctinfo, - u32 *seq) + enum ip_conntrack_info ctinfo) { char buffer[sizeof("|||65535|")]; @@ -94,14 +89,13 @@ mangle_epsv_packet(struct sk_buff **pskb, DEBUGP("calling nf_nat_mangle_tcp_packet\n"); - *seq += strlen(buffer) - matchlen; return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, matchlen, buffer, strlen(buffer)); } static int (*mangle[])(struct sk_buff **, __be32, u_int16_t, unsigned int, unsigned int, struct nf_conn *, - enum ip_conntrack_info, u32 *seq) + enum ip_conntrack_info) = { [NF_CT_FTP_PORT] = mangle_rfc959_packet, [NF_CT_FTP_PASV] = mangle_rfc959_packet, @@ -116,8 +110,7 @@ static unsigned int nf_nat_ftp(struct sk_buff **pskb, enum nf_ct_ftp_type type, unsigned int matchoff, unsigned int matchlen, - struct nf_conntrack_expect *exp, - u32 *seq) + struct nf_conntrack_expect *exp) { __be32 newip; u_int16_t port; @@ -145,8 +138,7 @@ static unsigned int nf_nat_ftp(struct sk_buff **pskb, if (port == 0) return NF_DROP; - if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo, - seq)) { + if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo)) { nf_conntrack_unexpect_related(exp); return NF_DROP; } diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c index 4bb669c7780f..82db2aa53bfc 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c @@ -48,8 +48,7 @@ unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb, enum nf_ct_ftp_type type, unsigned int matchoff, unsigned int matchlen, - struct nf_conntrack_expect *exp, - u32 *seq); + struct nf_conntrack_expect *exp); EXPORT_SYMBOL_GPL(nf_nat_ftp_hook); #if 0 @@ -521,7 +520,7 @@ static int help(struct sk_buff **pskb, nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook); if (nf_nat_ftp && ct->status & IPS_NAT_MASK) ret = nf_nat_ftp(pskb, ctinfo, search[dir][i].ftptype, - matchoff, matchlen, exp, &seq); + matchoff, matchlen, exp); else { /* Can't expect this? Best to drop packet now. */ if (nf_conntrack_expect_related(exp) != 0) From d052918688bdd7a1218aa5ae182013bf45a4881a Mon Sep 17 00:00:00 2001 From: Jing Min Zhao Date: Thu, 24 May 2007 16:42:26 -0700 Subject: [PATCH 18/25] [NETFILTER]: nf_conntrack_h323: fix ASN.1 types 1. Add support for decoding IPv6 address. I know it was manually added in the header file, but not in the template file. That wouldn't work. 2. Add missing support for decoding T.120 address in OLCA. 3. Remove unnecessary decoding of Information signal. Signed-off-by: Jing Min Zhao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- .../linux/netfilter/nf_conntrack_h323_types.h | 23 ++------------ net/netfilter/nf_conntrack_h323_types.c | 31 ++++++++----------- 2 files changed, 16 insertions(+), 38 deletions(-) diff --git a/include/linux/netfilter/nf_conntrack_h323_types.h b/include/linux/netfilter/nf_conntrack_h323_types.h index 38d74d5c9700..f35b6b4801e7 100644 --- a/include/linux/netfilter/nf_conntrack_h323_types.h +++ b/include/linux/netfilter/nf_conntrack_h323_types.h @@ -1,4 +1,4 @@ -/* Generated by Jing Min Zhao's ASN.1 parser, Apr 20 2006 +/* Generated by Jing Min Zhao's ASN.1 parser, May 16 2007 * * Copyright (c) 2006 Jing Min Zhao * @@ -12,7 +12,7 @@ typedef struct TransportAddress_ipAddress { /* SEQUENCE */ typedef struct TransportAddress_ip6Address { /* SEQUENCE */ int options; /* No use */ - unsigned ip6; + unsigned ip; } TransportAddress_ip6Address; typedef struct TransportAddress { /* CHOICE */ @@ -364,23 +364,6 @@ typedef struct Alerting_UUIE { /* SEQUENCE */ Alerting_UUIE_fastStart fastStart; } Alerting_UUIE; -typedef struct Information_UUIE_fastStart { /* SEQUENCE OF */ - int count; - OpenLogicalChannel item[30]; -} Information_UUIE_fastStart; - -typedef struct Information_UUIE { /* SEQUENCE */ - enum { - eInformation_UUIE_callIdentifier = (1 << 31), - eInformation_UUIE_tokens = (1 << 30), - eInformation_UUIE_cryptoTokens = (1 << 29), - eInformation_UUIE_fastStart = (1 << 28), - eInformation_UUIE_fastConnectRefused = (1 << 27), - eInformation_UUIE_circuitInfo = (1 << 26), - } options; - Information_UUIE_fastStart fastStart; -} Information_UUIE; - typedef struct FacilityReason { /* CHOICE */ enum { eFacilityReason_routeCallToGatekeeper, @@ -471,7 +454,6 @@ typedef struct H323_UU_PDU_h323_message_body { /* CHOICE */ CallProceeding_UUIE callProceeding; Connect_UUIE connect; Alerting_UUIE alerting; - Information_UUIE information; Facility_UUIE facility; Progress_UUIE progress; }; @@ -561,6 +543,7 @@ typedef struct OpenLogicalChannelAck { /* SEQUENCE */ } options; OpenLogicalChannelAck_reverseLogicalChannelParameters reverseLogicalChannelParameters; + NetworkAccessParameters separateStack; OpenLogicalChannelAck_forwardMultiplexAckParameters forwardMultiplexAckParameters; } OpenLogicalChannelAck; diff --git a/net/netfilter/nf_conntrack_h323_types.c b/net/netfilter/nf_conntrack_h323_types.c index 4c6f8b3b1208..3a21fdf1a265 100644 --- a/net/netfilter/nf_conntrack_h323_types.c +++ b/net/netfilter/nf_conntrack_h323_types.c @@ -1,4 +1,4 @@ -/* Generated by Jing Min Zhao's ASN.1 parser, Apr 20 2006 +/* Generated by Jing Min Zhao's ASN.1 parser, May 16 2007 * * Copyright (c) 2006 Jing Min Zhao * @@ -37,7 +37,7 @@ static field_t _TransportAddress_ipxAddress[] = { /* SEQUENCE */ static field_t _TransportAddress_ip6Address[] = { /* SEQUENCE */ {FNAME("ip") OCTSTR, FIXD, 16, 0, DECODE, - offsetof(TransportAddress_ip6Address, ip6), NULL}, + offsetof(TransportAddress_ip6Address, ip), NULL}, {FNAME("port") INT, WORD, 0, 0, SKIP, 0, NULL}, }; @@ -67,7 +67,8 @@ static field_t _TransportAddress[] = { /* CHOICE */ {FNAME("ipxAddress") SEQ, 0, 3, 3, SKIP, 0, _TransportAddress_ipxAddress}, {FNAME("ip6Address") SEQ, 0, 2, 2, DECODE | EXT, - offsetof(TransportAddress, ip6Address), _TransportAddress_ip6Address}, + offsetof(TransportAddress, ip6Address), + _TransportAddress_ip6Address}, {FNAME("netBios") OCTSTR, FIXD, 16, 0, SKIP, 0, NULL}, {FNAME("nsap") OCTSTR, 5, 1, 0, SKIP, 0, NULL}, {FNAME("nonStandardAddress") SEQ, 0, 2, 2, SKIP, 0, @@ -638,7 +639,8 @@ static field_t _UnicastAddress_iPXAddress[] = { /* SEQUENCE */ }; static field_t _UnicastAddress_iP6Address[] = { /* SEQUENCE */ - {FNAME("network") OCTSTR, FIXD, 16, 0, SKIP, 0, NULL}, + {FNAME("network") OCTSTR, FIXD, 16, 0, DECODE, + offsetof(UnicastAddress_iP6Address, network), NULL}, {FNAME("tsapIdentifier") INT, WORD, 0, 0, SKIP, 0, NULL}, }; @@ -665,8 +667,8 @@ static field_t _UnicastAddress[] = { /* CHOICE */ offsetof(UnicastAddress, iPAddress), _UnicastAddress_iPAddress}, {FNAME("iPXAddress") SEQ, 0, 3, 3, SKIP | EXT, 0, _UnicastAddress_iPXAddress}, - {FNAME("iP6Address") SEQ, 0, 2, 2, SKIP | EXT, 0, - _UnicastAddress_iP6Address}, + {FNAME("iP6Address") SEQ, 0, 2, 2, DECODE | EXT, + offsetof(UnicastAddress, iP6Address), _UnicastAddress_iP6Address}, {FNAME("netBios") OCTSTR, FIXD, 16, 0, SKIP, 0, NULL}, {FNAME("iPSourceRouteAddress") SEQ, 0, 4, 4, SKIP | EXT, 0, _UnicastAddress_iPSourceRouteAddress}, @@ -984,19 +986,12 @@ static field_t _Alerting_UUIE[] = { /* SEQUENCE */ {FNAME("featureSet") SEQ, 3, 4, 4, SKIP | EXT | OPT, 0, NULL}, }; -static field_t _Information_UUIE_fastStart[] = { /* SEQUENCE OF */ - {FNAME("item") SEQ, 1, 3, 5, DECODE | OPEN | EXT, - sizeof(OpenLogicalChannel), _OpenLogicalChannel} - , -}; - static field_t _Information_UUIE[] = { /* SEQUENCE */ {FNAME("protocolIdentifier") OID, BYTE, 0, 0, SKIP, 0, NULL}, {FNAME("callIdentifier") SEQ, 0, 1, 1, SKIP | EXT, 0, NULL}, {FNAME("tokens") SEQOF, SEMI, 0, 0, SKIP | OPT, 0, NULL}, {FNAME("cryptoTokens") SEQOF, SEMI, 0, 0, SKIP | OPT, 0, NULL}, - {FNAME("fastStart") SEQOF, SEMI, 0, 30, DECODE | OPT, - offsetof(Information_UUIE, fastStart), _Information_UUIE_fastStart}, + {FNAME("fastStart") SEQOF, SEMI, 0, 30, SKIP | OPT, 0, NULL}, {FNAME("fastConnectRefused") NUL, FIXD, 0, 0, SKIP | OPT, 0, NULL}, {FNAME("circuitInfo") SEQ, 3, 3, 3, SKIP | EXT | OPT, 0, NULL}, }; @@ -1343,9 +1338,7 @@ static field_t _H323_UU_PDU_h323_message_body[] = { /* CHOICE */ offsetof(H323_UU_PDU_h323_message_body, connect), _Connect_UUIE}, {FNAME("alerting") SEQ, 1, 3, 17, DECODE | EXT, offsetof(H323_UU_PDU_h323_message_body, alerting), _Alerting_UUIE}, - {FNAME("information") SEQ, 0, 1, 7, DECODE | EXT, - offsetof(H323_UU_PDU_h323_message_body, information), - _Information_UUIE}, + {FNAME("information") SEQ, 0, 1, 7, SKIP | EXT, 0, _Information_UUIE}, {FNAME("releaseComplete") SEQ, 1, 2, 11, SKIP | EXT, 0, _ReleaseComplete_UUIE}, {FNAME("facility") SEQ, 3, 5, 21, DECODE | EXT, @@ -1430,7 +1423,9 @@ static field_t _OpenLogicalChannelAck[] = { /* SEQUENCE */ DECODE | EXT | OPT, offsetof(OpenLogicalChannelAck, reverseLogicalChannelParameters), _OpenLogicalChannelAck_reverseLogicalChannelParameters}, - {FNAME("separateStack") SEQ, 2, 4, 5, SKIP | EXT | OPT, 0, NULL}, + {FNAME("separateStack") SEQ, 2, 4, 5, DECODE | EXT | OPT, + offsetof(OpenLogicalChannelAck, separateStack), + _NetworkAccessParameters}, {FNAME("forwardMultiplexAckParameters") CHOICE, 0, 1, 1, DECODE | EXT | OPT, offsetof(OpenLogicalChannelAck, forwardMultiplexAckParameters), From bb807245ef981cac7e8550aea365e6f2157d5c4d Mon Sep 17 00:00:00 2001 From: Jing Min Zhao Date: Thu, 24 May 2007 16:43:07 -0700 Subject: [PATCH 19/25] [NETFILTER]: nf_conntrack_h323: fix get_h225_addr() for IPv6 address access Update get_h225_addr() to meet the changes in ASN.1 types. It was using field ip6 to access IPv6 TransportAddress, it should be ip according the ASN.1 definition. Signed-off-by: Jing Min Zhao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/nf_conntrack_h323_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c index b284db73ca7c..8bb99b3675b7 100644 --- a/net/netfilter/nf_conntrack_h323_main.c +++ b/net/netfilter/nf_conntrack_h323_main.c @@ -640,7 +640,7 @@ int get_h225_addr(struct nf_conn *ct, unsigned char *data, case eTransportAddress_ip6Address: if (family != AF_INET6) return 0; - p = data + taddr->ip6Address.ip6; + p = data + taddr->ip6Address.ip; len = 16; break; default: From 596830f1a1e5d26a83fe83b99ced1456d9d7f39b Mon Sep 17 00:00:00 2001 From: Jing Min Zhao Date: Thu, 24 May 2007 16:43:42 -0700 Subject: [PATCH 20/25] [NETFILTER]: nf_conntrack_h323: remove unnecessary process of Information signal According to the implementation of H.323, it's not necessary to check the addresses in Information signals. Signed-off-by: Jing Min Zhao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/nf_conntrack_h323_main.c | 29 -------------------------- 1 file changed, 29 deletions(-) diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c index 8bb99b3675b7..6d668af4f999 100644 --- a/net/netfilter/nf_conntrack_h323_main.c +++ b/net/netfilter/nf_conntrack_h323_main.c @@ -976,30 +976,6 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, return 0; } -/****************************************************************************/ -static int process_information(struct sk_buff **pskb, - struct nf_conn *ct, - enum ip_conntrack_info ctinfo, - unsigned char **data, int dataoff, - Information_UUIE *info) -{ - int ret; - int i; - - DEBUGP("nf_ct_q931: Information\n"); - - if (info->options & eInformation_UUIE_fastStart) { - for (i = 0; i < info->fastStart.count; i++) { - ret = process_olc(pskb, ct, ctinfo, data, dataoff, - &info->fastStart.item[i]); - if (ret < 0) - return -1; - } - } - - return 0; -} - /****************************************************************************/ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, enum ip_conntrack_info ctinfo, @@ -1096,11 +1072,6 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, ret = process_alerting(pskb, ct, ctinfo, data, dataoff, &pdu->h323_message_body.alerting); break; - case eH323_UU_PDU_h323_message_body_information: - ret = process_information(pskb, ct, ctinfo, data, dataoff, - &pdu->h323_message_body. - information); - break; case eH323_UU_PDU_h323_message_body_facility: ret = process_facility(pskb, ct, ctinfo, data, dataoff, &pdu->h323_message_body.facility); From f8f1c08eaef838e22bf427665da87cfa73e5074d Mon Sep 17 00:00:00 2001 From: Jing Min Zhao Date: Thu, 24 May 2007 16:44:11 -0700 Subject: [PATCH 21/25] [NETFILTER]: nf_conntrack_h323: add missing T.120 address in OLCA Add missing process of T.120 address in OpenLogicalChannelAck signal. Signed-off-by: Jing Min Zhao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/nf_conntrack_h323_main.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c index 6d668af4f999..a1b95acad297 100644 --- a/net/netfilter/nf_conntrack_h323_main.c +++ b/net/netfilter/nf_conntrack_h323_main.c @@ -520,6 +520,16 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, } } + if ((olca->options & eOpenLogicalChannelAck_separateStack) && + olca->separateStack.networkAddress.choice == + eNetworkAccessParameters_networkAddress_localAreaAddress) { + ret = expect_t120(pskb, ct, ctinfo, data, dataoff, + &olca->separateStack.networkAddress. + localAreaAddress); + if (ret < 0) + return -1; + } + return 0; } From 1ff75ed254bdbb47bb0c1d71a3cc65f6831a8e3a Mon Sep 17 00:00:00 2001 From: Jing Min Zhao Date: Thu, 24 May 2007 16:44:40 -0700 Subject: [PATCH 22/25] [NETFILTER]: nf_nat_h323: call set_h225_addr instead of set_h225_addr_hook They're the same. Signed-off-by: Jing Min Zhao Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/ipv4/netfilter/nf_nat_h323.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index fcebc968d37f..c5d2a2d690b8 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c @@ -455,9 +455,9 @@ static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct, if (idx > 0 && get_h225_addr(ct, *data, &taddr[0], &addr, &port) && (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { - set_h225_addr_hook(pskb, data, 0, &taddr[0], - &ct->tuplehash[!dir].tuple.dst.u3, - info->sig_port[!dir]); + set_h225_addr(pskb, data, 0, &taddr[0], + &ct->tuplehash[!dir].tuple.dst.u3, + info->sig_port[!dir]); } } else { nf_conntrack_unexpect_related(exp); From ba78073e6f70cd9c64a478a9bd901d7c8736cfbc Mon Sep 17 00:00:00 2001 From: Vasily Averin Date: Thu, 24 May 2007 16:58:54 -0700 Subject: [PATCH 23/25] [NET]: "wrong timeout value" in sk_wait_data() v2 sys_setsockopt() do not check properly timeout values for SO_RCVTIMEO/SO_SNDTIMEO, for example it's possible to set negative timeout values. POSIX do not defines behaviour for sys_setsockopt in case negative timeouts, but requires that setsockopt() shall fail with -EDOM if the send and receive timeout values are too big to fit into the timeout fields in the socket structure. In current implementation negative timeout can lead to error messages like "schedule_timeout: wrong timeout value". Proposed patch: - checks tv_usec and returns -EDOM if it is wrong - do not allows to set negative timeout values (sets 0 instead) and outputs ratelimited information message about such attempts. Signed-off-By: Vasily Averin Signed-off-by: David S. Miller --- net/core/sock.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/core/sock.c b/net/core/sock.c index 22183c2ef284..7e51d3a5e4f6 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -206,7 +206,19 @@ static int sock_set_timeout(long *timeo_p, char __user *optval, int optlen) return -EINVAL; if (copy_from_user(&tv, optval, sizeof(tv))) return -EFAULT; + if (tv.tv_usec < 0 || tv.tv_usec >= USEC_PER_SEC) + return -EDOM; + if (tv.tv_sec < 0) { + static int warned = 0; + *timeo_p = 0; + if (warned < 10 && net_ratelimit()) + warned++; + printk(KERN_INFO "sock_set_timeout: `%s' (pid %d) " + "tries to set negative timeout\n", + current->comm, current->pid); + return 0; + } *timeo_p = MAX_SCHEDULE_TIMEOUT; if (tv.tv_sec == 0 && tv.tv_usec == 0) return 0; From 04efb8787e4d8a7b21a61aeb723de33154311256 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Thu, 24 May 2007 17:54:15 -0700 Subject: [PATCH 24/25] [CASSINI]: Check pci_set_mwi() return value. Signed-off-by: David S. Miller --- drivers/net/cassini.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/net/cassini.c b/drivers/net/cassini.c index 4aec747d9e43..9fe3a38883ee 100644 --- a/drivers/net/cassini.c +++ b/drivers/net/cassini.c @@ -4919,7 +4919,10 @@ static int __devinit cas_init_one(struct pci_dev *pdev, pci_cmd &= ~PCI_COMMAND_SERR; pci_cmd |= PCI_COMMAND_PARITY; pci_write_config_word(pdev, PCI_COMMAND, pci_cmd); - pci_set_mwi(pdev); + if (pci_set_mwi(pdev)) + printk(KERN_WARNING PFX "Could enable MWI for %s\n", + pci_name(pdev)); + /* * On some architectures, the default cache line size set * by pci_set_mwi reduces perforamnce. We have to increase From 14e50e57aedb2a89cf79b77782879769794cab7b Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Thu, 24 May 2007 18:17:54 -0700 Subject: [PATCH 25/25] [XFRM]: Allow packet drops during larval state resolution. The current IPSEC rule resolution behavior we have does not work for a lot of people, even though technically it's an improvement from the -EAGAIN buisness we had before. Right now we'll block until the key manager resolves the route. That works for simple cases, but many folks would rather packets get silently dropped until the key manager resolves the IPSEC rules. We can't tell these folks to "set the socket non-blocking" because they don't have control over the non-block setting of things like the sockets used to resolve DNS deep inside of the resolver libraries in libc. With that in mind I coded up the patch below with some help from Herbert Xu which provides packet-drop behavior during larval state resolution, controllable via sysctl and off by default. This lays the framework to either: 1) Make this default at some point or... 2) Move this logic into xfrm{4,6}_policy.c and implement the ARP-like resolution queue we've all been dreaming of. The idea would be to queue packets to the policy, then once the larval state is resolved by the key manager we re-resolve the route and push the packets out. The packets would timeout if the rule didn't get resolved in a certain amount of time. Signed-off-by: David S. Miller --- include/net/dst.h | 7 ++++ include/net/ipv6.h | 3 ++ net/core/sysctl_net_core.c | 9 +++++ net/dccp/ipv6.c | 10 ++++-- net/ipv4/route.c | 71 +++++++++++++++++++++++++++++++++++++- net/ipv6/datagram.c | 8 +++-- net/ipv6/raw.c | 8 +++-- net/ipv6/route.c | 63 +++++++++++++++++++++++++++++++++ net/ipv6/tcp_ipv6.c | 8 +++-- net/ipv6/udp.c | 8 +++-- net/xfrm/xfrm_policy.c | 28 +++++++++++++-- 11 files changed, 209 insertions(+), 14 deletions(-) diff --git a/include/net/dst.h b/include/net/dst.h index e12a8ce0b9b3..82270f9332db 100644 --- a/include/net/dst.h +++ b/include/net/dst.h @@ -265,9 +265,16 @@ static inline int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, { return 0; } +static inline int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, + struct sock *sk, int flags) +{ + return 0; +} #else extern int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, struct sock *sk, int flags); +extern int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, + struct sock *sk, int flags); #endif #endif diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 4fa5dfe886c4..78a0d06d98d5 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -469,6 +469,9 @@ extern void ip6_flush_pending_frames(struct sock *sk); extern int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl); +extern int ip6_dst_blackhole(struct sock *sk, + struct dst_entry **dst, + struct flowi *fl); extern int ip6_sk_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl); diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c index b29712033dd4..f34aca041a25 100644 --- a/net/core/sysctl_net_core.c +++ b/net/core/sysctl_net_core.c @@ -24,6 +24,7 @@ extern int sysctl_core_destroy_delay; #ifdef CONFIG_XFRM extern u32 sysctl_xfrm_aevent_etime; extern u32 sysctl_xfrm_aevent_rseqth; +extern int sysctl_xfrm_larval_drop; #endif ctl_table core_table[] = { @@ -118,6 +119,14 @@ ctl_table core_table[] = { .mode = 0644, .proc_handler = &proc_dointvec }, + { + .ctl_name = CTL_UNNUMBERED, + .procname = "xfrm_larval_drop", + .data = &sysctl_xfrm_larval_drop, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = &proc_dointvec + }, #endif /* CONFIG_XFRM */ #endif /* CONFIG_NET */ { diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c index 64eac2515aa2..31737cdf156a 100644 --- a/net/dccp/ipv6.c +++ b/net/dccp/ipv6.c @@ -1043,9 +1043,13 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, if (final_p) ipv6_addr_copy(&fl.fl6_dst, final_p); - err = xfrm_lookup(&dst, &fl, sk, 1); - if (err < 0) - goto failure; + err = __xfrm_lookup(&dst, &fl, sk, 1); + if (err < 0) { + if (err == -EREMOTE) + err = ip6_dst_blackhole(sk, &dst, &fl); + if (err < 0) + goto failure; + } if (saddr == NULL) { saddr = &fl.fl6_src; diff --git a/net/ipv4/route.c b/net/ipv4/route.c index df9fe4f2e8cc..8603cfb271f2 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2598,6 +2598,69 @@ int __ip_route_output_key(struct rtable **rp, const struct flowi *flp) EXPORT_SYMBOL_GPL(__ip_route_output_key); +static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu) +{ +} + +static struct dst_ops ipv4_dst_blackhole_ops = { + .family = AF_INET, + .protocol = __constant_htons(ETH_P_IP), + .destroy = ipv4_dst_destroy, + .check = ipv4_dst_check, + .update_pmtu = ipv4_rt_blackhole_update_pmtu, + .entry_size = sizeof(struct rtable), +}; + + +static int ipv4_blackhole_output(struct sk_buff *skb) +{ + kfree_skb(skb); + return 0; +} + +static int ipv4_dst_blackhole(struct rtable **rp, struct flowi *flp, struct sock *sk) +{ + struct rtable *ort = *rp; + struct rtable *rt = (struct rtable *) + dst_alloc(&ipv4_dst_blackhole_ops); + + if (rt) { + struct dst_entry *new = &rt->u.dst; + + atomic_set(&new->__refcnt, 1); + new->__use = 1; + new->input = ipv4_blackhole_output; + new->output = ipv4_blackhole_output; + memcpy(new->metrics, ort->u.dst.metrics, RTAX_MAX*sizeof(u32)); + + new->dev = ort->u.dst.dev; + if (new->dev) + dev_hold(new->dev); + + rt->fl = ort->fl; + + rt->idev = ort->idev; + if (rt->idev) + in_dev_hold(rt->idev); + rt->rt_flags = ort->rt_flags; + rt->rt_type = ort->rt_type; + rt->rt_dst = ort->rt_dst; + rt->rt_src = ort->rt_src; + rt->rt_iif = ort->rt_iif; + rt->rt_gateway = ort->rt_gateway; + rt->rt_spec_dst = ort->rt_spec_dst; + rt->peer = ort->peer; + if (rt->peer) + atomic_inc(&rt->peer->refcnt); + + dst_free(new); + } + + dst_release(&(*rp)->u.dst); + *rp = rt; + return (rt ? 0 : -ENOMEM); +} + int ip_route_output_flow(struct rtable **rp, struct flowi *flp, struct sock *sk, int flags) { int err; @@ -2610,7 +2673,11 @@ int ip_route_output_flow(struct rtable **rp, struct flowi *flp, struct sock *sk, flp->fl4_src = (*rp)->rt_src; if (!flp->fl4_dst) flp->fl4_dst = (*rp)->rt_dst; - return xfrm_lookup((struct dst_entry **)rp, flp, sk, flags); + err = __xfrm_lookup((struct dst_entry **)rp, flp, sk, flags); + if (err == -EREMOTE) + err = ipv4_dst_blackhole(rp, flp, sk); + + return err; } return 0; @@ -3139,6 +3206,8 @@ int __init ip_rt_init(void) kmem_cache_create("ip_dst_cache", sizeof(struct rtable), 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL); + ipv4_dst_blackhole_ops.kmem_cachep = ipv4_dst_ops.kmem_cachep; + rt_hash_table = (struct rt_hash_bucket *) alloc_large_system_hash("IP route cache", sizeof(struct rt_hash_bucket), diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index 403eee66b9c5..b1fe7ac5dc90 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c @@ -177,8 +177,12 @@ ipv4_connected: if (final_p) ipv6_addr_copy(&fl.fl6_dst, final_p); - if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0) - goto out; + if ((err = __xfrm_lookup(&dst, &fl, sk, 1)) < 0) { + if (err == -EREMOTE) + err = ip6_dst_blackhole(sk, &dst, &fl); + if (err < 0) + goto out; + } /* source address lookup done in ip6_dst_lookup */ diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index 009a1047fc3f..a58459a76684 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -818,8 +818,12 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk, if (final_p) ipv6_addr_copy(&fl.fl6_dst, final_p); - if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0) - goto out; + if ((err = __xfrm_lookup(&dst, &fl, sk, 1)) < 0) { + if (err == -EREMOTE) + err = ip6_dst_blackhole(sk, &dst, &fl); + if (err < 0) + goto out; + } if (hlimit < 0) { if (ipv6_addr_is_multicast(&fl.fl6_dst)) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index b46ad53044ba..1324b06796c0 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -119,6 +119,19 @@ static struct dst_ops ip6_dst_ops = { .entry_size = sizeof(struct rt6_info), }; +static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu) +{ +} + +static struct dst_ops ip6_dst_blackhole_ops = { + .family = AF_INET6, + .protocol = __constant_htons(ETH_P_IPV6), + .destroy = ip6_dst_destroy, + .check = ip6_dst_check, + .update_pmtu = ip6_rt_blackhole_update_pmtu, + .entry_size = sizeof(struct rt6_info), +}; + struct rt6_info ip6_null_entry = { .u = { .dst = { @@ -833,6 +846,54 @@ struct dst_entry * ip6_route_output(struct sock *sk, struct flowi *fl) EXPORT_SYMBOL(ip6_route_output); +static int ip6_blackhole_output(struct sk_buff *skb) +{ + kfree_skb(skb); + return 0; +} + +int ip6_dst_blackhole(struct sock *sk, struct dst_entry **dstp, struct flowi *fl) +{ + struct rt6_info *ort = (struct rt6_info *) *dstp; + struct rt6_info *rt = (struct rt6_info *) + dst_alloc(&ip6_dst_blackhole_ops); + struct dst_entry *new = NULL; + + if (rt) { + new = &rt->u.dst; + + atomic_set(&new->__refcnt, 1); + new->__use = 1; + new->input = ip6_blackhole_output; + new->output = ip6_blackhole_output; + + memcpy(new->metrics, ort->u.dst.metrics, RTAX_MAX*sizeof(u32)); + new->dev = ort->u.dst.dev; + if (new->dev) + dev_hold(new->dev); + rt->rt6i_idev = ort->rt6i_idev; + if (rt->rt6i_idev) + in6_dev_hold(rt->rt6i_idev); + rt->rt6i_expires = 0; + + ipv6_addr_copy(&rt->rt6i_gateway, &ort->rt6i_gateway); + rt->rt6i_flags = ort->rt6i_flags & ~RTF_EXPIRES; + rt->rt6i_metric = 0; + + memcpy(&rt->rt6i_dst, &ort->rt6i_dst, sizeof(struct rt6key)); +#ifdef CONFIG_IPV6_SUBTREES + memcpy(&rt->rt6i_src, &ort->rt6i_src, sizeof(struct rt6key)); +#endif + + dst_free(new); + } + + dst_release(*dstp); + *dstp = new; + return (new ? 0 : -ENOMEM); +} +EXPORT_SYMBOL_GPL(ip6_dst_blackhole); + /* * Destination cache support functions */ @@ -2495,6 +2556,8 @@ void __init ip6_route_init(void) ip6_dst_ops.kmem_cachep = kmem_cache_create("ip6_dst_cache", sizeof(struct rt6_info), 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL); + ip6_dst_blackhole_ops.kmem_cachep = ip6_dst_ops.kmem_cachep; + fib6_init(); #ifdef CONFIG_PROC_FS p = proc_net_create("ipv6_route", 0, rt6_proc_info); diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index e2f25ea43b68..4f06a51ad4fd 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -265,8 +265,12 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, if (final_p) ipv6_addr_copy(&fl.fl6_dst, final_p); - if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0) - goto failure; + if ((err = __xfrm_lookup(&dst, &fl, sk, 1)) < 0) { + if (err == -EREMOTE) + err = ip6_dst_blackhole(sk, &dst, &fl); + if (err < 0) + goto failure; + } if (saddr == NULL) { saddr = &fl.fl6_src; diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index a7ae59c954d5..d1fbddd172e7 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -767,8 +767,12 @@ do_udp_sendmsg: if (final_p) ipv6_addr_copy(&fl.fl6_dst, final_p); - if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0) - goto out; + if ((err = __xfrm_lookup(&dst, &fl, sk, 1)) < 0) { + if (err == -EREMOTE) + err = ip6_dst_blackhole(sk, &dst, &fl); + if (err < 0) + goto out; + } if (hlimit < 0) { if (ipv6_addr_is_multicast(&fl.fl6_dst)) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index d0882e53b6fc..b8bab89616a0 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -29,6 +29,8 @@ #include "xfrm_hash.h" +int sysctl_xfrm_larval_drop; + DEFINE_MUTEX(xfrm_cfg_mutex); EXPORT_SYMBOL(xfrm_cfg_mutex); @@ -1390,8 +1392,8 @@ static int stale_bundle(struct dst_entry *dst); * At the moment we eat a raw IP route. Mostly to speed up lookups * on interfaces with disabled IPsec. */ -int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, - struct sock *sk, int flags) +int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, + struct sock *sk, int flags) { struct xfrm_policy *policy; struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX]; @@ -1509,6 +1511,13 @@ restart: if (unlikely(nx<0)) { err = nx; + if (err == -EAGAIN && sysctl_xfrm_larval_drop) { + /* EREMOTE tells the caller to generate + * a one-shot blackhole route. + */ + xfrm_pol_put(policy); + return -EREMOTE; + } if (err == -EAGAIN && flags) { DECLARE_WAITQUEUE(wait, current); @@ -1598,6 +1607,21 @@ error: *dst_p = NULL; return err; } +EXPORT_SYMBOL(__xfrm_lookup); + +int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, + struct sock *sk, int flags) +{ + int err = __xfrm_lookup(dst_p, fl, sk, flags); + + if (err == -EREMOTE) { + dst_release(*dst_p); + *dst_p = NULL; + err = -EAGAIN; + } + + return err; +} EXPORT_SYMBOL(xfrm_lookup); static inline int