- 17 Jan, 2005 9 commits
-
-
Rusty Russell authored
Currently connection tracking and NAT helper modules for a protocol interact only indirectly (the conntrack module places information in the conntrack structure, which the NAT module pulls out). This leads to several issues: 1) Both modules must know what port to watch, and must match. 2) Identifying the particular packet which created the connection is cumbersome (TCP) or impossible (UDP). 3) The connection tracking code sets up an expectation which the NAT code then has to change. 4) The lack of direct symbol dependencies means we have to contrive one, since they are functionally dependent. Here is the current code flow: FTP CONTROL PACKET: NF_IP_PRE_ROUTING: ip_conntrack_in resolve_normal_ct init_conntrack: sets ct->helper to ip_conntrack_ftp.c:help() ct->help(): if PORT/PASV command: Sets exp->help.exp_ftp_info to tcp seq number of data. ip_conntrack_expect(): expects the connection ip_nat_setup_info: sets ct->nat.info->helper to ip_nat_ftp.c:help() ip_nat_fn: proto->exp_matches_pkt: if packet matches expectation ct->nat.info->helper(): If packet going client->server, and packet data is one in ct_ftp_info: ftp_data_fixup(): ip_conntrack_change_expect(): change the expectation Modify packet contents with new address. NF_IP_POST_ROUTING: ip_nat_fn ct->nat.info->helper(): If packet going server->client, and packet data is one in ct_ftp_info: ftp_data_fixup(): ip_conntrack_change_expect(): change the expectation Modify packet contents with new address. FTP DATA (EXPECTED) CONNECTION FIRST PACKET: NF_IP_PRE_ROUTING: ip_conntrack_in resolve_normal_ct init_conntrack: set ct->master. ip_nat_fn: master->nat.info.helper->expect() Set up source NAT mapping to match FTP control connection. NF_IP_PRE_ROUTING: ip_nat_fn: master->nat.info.helper->expect() Set up dest NAT mapping to match FTP control connection. The new flow looks like this: FTP CONTROL PACKET: NF_IP_PRE_ROUTING: ip_conntrack_in resolve_normal_ct init_conntrack: sets ct->helper to ip_conntrack_ftp.c:help() NF_IP_POST_ROUTING: ip_confirm: ct->helper->help: If !ip_nat_ftp_hook: ip_conntrack_expect(). ip_nat_ftp: set exp->oldproto to old port. ip_conntrack_change_expect(): change the expectation set exp->expectfn to ftp_nat_expected. Modify packet contents with new address. FTP DATA (EXPECTED) CONNECTION FIRST PACKET: NF_IP_PRE_ROUTING: ip_conntrack_in resolve_normal_ct init_conntrack: set ct->master. call exp->expectfn (ftp_nat_expected): call ip_nat_follow_master(). The big changes are that the ip_nat_ftp module sets ip_conntrack_ftp's ip_nat_ftp_hook when it initializes, so it calls the NAT code directly when a packet containing the expect information is found by the conntrack helper: and this interface can carry all the information these two want to share. Also, that conntrack helper is called as the packet leaves the box, so there are no issues with expectations being set up before the packet has been filtered. The NAT helper doesn't need to register and duplicate the conntrack ports. The other trick is ip_nat_follow_master(), which does the NAT setup all at once (source and destination NAT as required) such that the expected connection is NATed the same way the master connection was. We also call ip_conntrack_tcp_update() (which I incidentally neatened) after mangling a TCP packet; ip_nat_seq_adjust() does this, but now mangling is done at the last possible moment, after ip_nat_seq_adjust() was already called. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Rusty Russell authored
Change kmem_cache_free() calls in ip_conntrack_expect_related() to ip_conntrack_expect_put(): they should be equivalent but allows a hack in next patch (caller can keep expect). More importantly, a previous expectation should only be refreshed and return EEXIST if it's owned by the same connection (nfsim found this bug). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Signed-off-by: David S. Miller <davem@davemloft.net>
-
Arthur Kepner authored
Signed-off-by: Arthur Kepner <akepner@sgi.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Christoph Hellwig authored
- put a dev_id field in struct net_device, so that it uses space that would be wasted by padding otherwise. - if this fields is non-null let ipv6_generate_eui64 use the algorithm from the QETH code to generate an EUI that's different for each OS instance. See code comments for details. Signed-off-by: David S. Miller <davem@davemloft.net>
-
Thomas Graf authored
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Herbert Xu authored
This makes the skb->truesize modifications always OK. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
bk://kernel.bkbits.net/acme/connection_sock-2.6David S. Miller authored
into nuts.davemloft.net:/disk1/BK/net-2.6
-
bk://bk.skbuff.net:20611/linux-2.6-inet6David S. Miller authored
into nuts.davemloft.net:/disk1/BK/net-2.6
-
- 16 Jan, 2005 22 commits
-
-
Trond Myklebust authored
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Trond Myklebust authored
RPC: Fix a module refcount leak in RPCSEC_GSS Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Trond Myklebust authored
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Trond Myklebust authored
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
bk://bk.arm.linux.org.uk/linux-2.6-smpLinus Torvalds authored
into ppc970.osdl.org:/home/torvalds/v2.6/linux
-
Russell King authored
profile_pc() used thread_saved_fp() with the current task. However, thread_saved_fp() only returns sane values when called for threads which are presently sleeping, so this caused an oops. Instead, use regs->ARM_fp, which correspond with the frame pointer.
-
Pawel Sikora authored
The build is clean now.
-
Hideaki Yoshifuji authored
As NAs do not create new entries (RFC2461 7.2.5), NA should not change state of FAILED entries. Signed-off-by: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
-
Hideaki Yoshifuji authored
Signed-off-by: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
-
Roland McGrath authored
God invented symbolic names to help you. Repeating magic constants by hand is begging to lose, especially when you get them wrong. Don't be a loser. [ Editor's hint: 0xfffe000 vs 0xffffe000 ] Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matthew Wilcox authored
Remove unreferenced file Signed-off-by: Domen Puncer <domen@coderock.org> Signed-off-by: Grant Grundler <grundler@parisc-linux.org> Signed-off-by: Matthew Wilcox <willy@parisc-linux.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matthew Wilcox authored
- sparse annotations for ioremap/iounmap (Randolph Chung) - Turn gsc_readb, __raw_readb and readb functions into static inline functions (Matthew Wilcox) - Document the difference between the gsc_readb, __raw_readb and readb families of functions (Matthew Wilcox) - Add a debugging option to determine when they are being used incorrectly (Matthew Wilcox) - Make memcpy_fromio's second argument const (Matthew Wilcox) Signed-off-by: Matthew Wilcox <willy@parisc-linux.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matthew Wilcox authored
Fix _syscallN wrappers (Mike Frysinger) Signed-off-by: Matthew Wilcox <willy@parisc-linux.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matthew Wilcox authored
Fix ptrace(SINGLESTEP) through system call Signed-off-by: Randolph Chung <tausq@parisc-linux.org> Signed-off-by: Matthew Wilcox <willy@parisc-linux.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matthew Wilcox authored
Remove some unused definitions Signed-off-by: Matthew Wilcox <willy@parisc-linux.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matthew Wilcox authored
Add PDC Stable Storage wrappers (Thibaut Varene) Rewrite PDC Initiator (Matthew Wilcox) Signed-off-by: Matthew Wilcox <willy@parisc-linux.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matthew Wilcox authored
Implement the iomap interfaces on PA-RISC Signed-off-by: Matthew Wilcox <willy@parisc-linux.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matthew Wilcox authored
- Remove declaration of sys_setpgid - __user annotations - Rewrite hpux_statfs - Add hpux_fstatfs Signed-off-by: Matthew Wilcox <willy@parisc-linux.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matthew Wilcox authored
- Removes the hardware path from /proc/interrupts for Dino to make it consistant with the rest of /proc/interrupts Signed-off-by: Ryan Bradetich - Remove iomem related warnings from dino.c Signed-off-by: Kyle McMartin <kyle@parisc-linux.org> - Convert SPIN_LOCK_UNLOCKED to spin_lock_init (Thomas Gleixner) Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Matthew Wilcox Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matthew Wilcox authored
Defconfig updates from Grant Grundler and Paul Bame Signed-off-by: Matthew Wilcox <willy@parisc-linux.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matthew Wilcox authored
- Remove parent/child/sibling links from parisc_device in favour of the ones in the embedded struct device. - Display irq and device IDs through sysfs - Translate a PA-RISC firmware path into a struct device (Thibaut Varene) Signed-off-by: Matthew Wilcox <willy@parisc-linux.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matthew Wilcox authored
Cache flush optimization for UP/SMP; remove hardcoded threshold for selecting whole cache vs region flush From: Randolph Chung <tausq@parisc-linux.org> Signed-off-by: Matthew Wilcox <willy@parisc-linux.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
- 15 Jan, 2005 9 commits
-
-
Matthew Wilcox authored
Make PA-RISC use the generic interrupt handling code. We need one tiny change to the generic code -- the addition of a data pointer to irq_desc. This shouldn't be a problem in terms of increasing size of irq_desc for other architectures as the struct is cacheline aligned. It's now 32 bytes on 32-bit platforms and 44/48 bytes on 64-bit platforms (assuming spinlock_t is 4 bytes on 32-bit and 4 or 8 bytes on 64-bit). Signed-off-by: Matthew Wilcox <matthew@wil.cx> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Vadim Lobanov authored
Signed-off-by: Vadim Lobanov <vlobanov@speakeasy.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Gabor Egry authored
Here are some Kconfig fixes: - typo fixes - unused token removes (empty or duplicated 'help') - non ASCII characters replaces - e-mail address and URL format corrections Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matt Mackall authored
The input layer wants to send us an entropy event per input event and who are we to argue? Create add_input_randomness with an input-friendly interface and kill the remaining two keyboard and mouse sources. This eliminates lots of duplicate entropy events while covering all the input bases nicely. We now get two events per keystroke as we should, one down and one up. Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matt Mackall authored
The input layer is now sending us a bunch of events in a row for each actual event. This shows up weaknesses in the periodicity detector and using the high clock rate from get_clock: each keystroke is getting accounted as 10 different maximal-entropy events. A brief touch on a trackpad will generate as much as 2000 maximal entropy events which is more than 2k of /dev/random output. IOW, we're WAY overestimating input entropy. Here's one keystroke: random 0024 0000 0000: mouse event random 0035 0000 0000: added 11 entropy credits to input random 0035 0000 0000: mouse event random 0046 0000 0000: added 11 entropy credits to input random 0046 0000 0000: mouse event random 0056 0000 0000: added 10 entropy credits to input random 0056 0000 0000: keyboard event random 0067 0000 0000: added 11 entropy credits to input random 0067 0000 0000: mouse event random 0078 0000 0000: added 11 entropy credits to input random 0078 0000 0000: awake random 0078 0000 0000: reading 128 bits random 0078 0000 0000: going to reseed blocking with 128 bits (128 of 0 requested) random 0078 0000 0000: trying to extract 128 bits from input random 0006 0000 0000: debiting 72 entropy credits from input random 0006 0072 0000: added 72 entropy credits to blocking random 0006 0072 0000: trying to extract 128 bits from blocking random 0006 0000 0000: debiting 72 entropy credits from blocking random 0006 0000 0000: read got 72 bits (56 still needed) random 0006 0000 0000: reading 56 bits random 0006 0000 0000: going to reseed blocking with 64 bits (56 of 0 requested random 0006 0000 0000: trying to extract 64 bits from input random 0006 0000 0000: debiting 0 entropy credits from input random 0006 0000 0000: trying to extract 56 bits from blocking random 0006 0000 0000: debiting 0 entropy credits from blocking random 0006 0000 0000: read got 0 bits (56 still needed) random 0006 0000 0000: sleeping random 0006 0000 0000: mouse event random 0017 0000 0000: added 11 entropy credits to input random 0017 0000 0000: mouse event random 0028 0000 0000: added 11 entropy credits to input random 0028 0000 0000: mouse event random 0038 0000 0000: added 10 entropy credits to input random 0038 0000 0000: keyboard event random 0049 0000 0000: added 11 entropy credits to input random 0049 0000 0000: mouse event random 0060 0000 0000: added 11 entropy credits to input The first step to fixing this is to check periodicity and estimate entropy against a slow clock like jiffies. We continue to mix in get_clock() rather than jiffies where available. This throws away most of the duplicate events and gives us more sensible entropy estimates, but we still duplicates from input.c and keyboard.c. Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matt Mackall authored
Add run-time switchable entropy debugging. Entire debug infrastructure remains compiled out by default. Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matt Mackall authored
Print pool entropy counts in all entropy debugging messages Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matt Mackall authored
Someone actually spotted this already. Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Vadim Lobanov authored
Signed-off-by: Vadim Lobanov <vlobanov@speakeasy.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-