1. 19 Jun, 2008 4 commits
    • Ben Hutchings's avatar
      net: Disable LRO on devices that are forwarding · 0187bdfb
      Ben Hutchings authored
      Large Receive Offload (LRO) is only appropriate for packets that are
      destined for the host, and should be disabled if received packets may be
      forwarded.  It can also confuse the GSO on output.
      
      Add dev_disable_lro() function which uses the appropriate ethtool ops to
      disable LRO if enabled.
      
      Add calls to dev_disable_lro() in br_add_if() and functions that enable
      IPv4 and IPv6 forwarding.
      Signed-off-by: default avatarBen Hutchings <bhutchings@solarflare.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0187bdfb
    • Vlad Yasevich's avatar
      sctp: Follow security requirement of responding with 1 packet · 2e3216cd
      Vlad Yasevich authored
      RFC 4960, Section 11.4. Protection of Non-SCTP-Capable Hosts
      
      When an SCTP stack receives a packet containing multiple control or
      DATA chunks and the processing of the packet requires the sending of
      multiple chunks in response, the sender of the response chunk(s) MUST
      NOT send more than one packet.  If bundling is supported, multiple
      response chunks that fit into a single packet MAY be bundled together
      into one single response packet.  If bundling is not supported, then
      the sender MUST NOT send more than one response chunk and MUST
      discard all other responses.  Note that this rule does NOT apply to a
      SACK chunk, since a SACK chunk is, in itself, a response to DATA and
      a SACK does not require a response of more DATA.
      
      We implement this by not servicing our outqueue until we reach the end
      of the packet.  This enables maximum bundling.  We also identify
      'response' chunks and make sure that we only send 1 packet when sending
      such chunks.
      Signed-off-by: default avatarVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2e3216cd
    • Wei Yongjun's avatar
      sctp: Validate Initiate Tag when handling ICMP message · 7115e632
      Wei Yongjun authored
      This patch add to validate initiate tag and chunk type if verification
      tag is 0 when handling ICMP message.
      
      RFC 4960, Appendix C. ICMP Handling
      
      ICMP6) An implementation MUST validate that the Verification Tag
      contained in the ICMP message matches the Verification Tag of the peer.
      If the Verification Tag is not 0 and does NOT match, discard the ICMP
      message.  If it is 0 and the ICMP message contains enough bytes to
      verify that the chunk type is an INIT chunk and that the Initiate Tag
      matches the tag of the peer, continue with ICMP7.  If the ICMP message
      is too short or the chunk type or the Initiate Tag does not match,
      silently discard the packet.
      Signed-off-by: default avatarWei Yongjun <yjwei@cn.fujitsu.com>
      Signed-off-by: default avatarVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7115e632
    • David S. Miller's avatar
      Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 · 0344f1c6
      David S. Miller authored
      Conflicts:
      
      	net/mac80211/tx.c
      0344f1c6
  2. 18 Jun, 2008 36 commits