- 21 Jan, 2013 2 commits
-
-
Pablo Neira Ayuso authored
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Willem de Bruijn authored
Support arbitrary linux socket filter (BPF) programs as x_tables match rules. This allows for very expressive filters, and on platforms with BPF JIT appears competitive with traditional hardcoded iptables rules using the u32 match. The size of the filter has been artificially limited to 64 instructions maximum to avoid bloating the size of each rule using this new match. Signed-off-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 17 Jan, 2013 5 commits
-
-
stephen hemminger authored
Prototype for nf_nat_snmp_hook is in nf_conntrack_snmp.h therefore it should be included to get type checking. Found by sparse. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Florian Westphal authored
Add the ability to set/clear labels assigned to a conntrack via ctnetlink. To allow userspace to only alter specific bits, Pablo suggested to add a new CTA_LABELS_MASK attribute: The new set of active labels is then determined via active = (active & ~mask) ^ changeset i.e., the mask selects those bits in the existing set that should be changed. This follows the same method already used by MARK and CONNMARK targets. Omitting CTA_LABELS_MASK is the same as setting all bits in CTA_LABELS_MASK to 1: The existing set is replaced by the one from userspace. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Florian Westphal authored
Introduce CTA_LABELS attribute to send a bit-vector of currently active labels to userspace. Future patch will permit userspace to also set/delete active labels. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Florian Westphal authored
similar to connmarks, except labels are bit-based; i.e. all labels may be attached to a flow at the same time. Up to 128 labels are supported. Supporting more labels is possible, but requires increasing the ct offset delta from u8 to u16 type due to increased extension sizes. Mapping of bit-identifier to label name is done in userspace. The extension is enabled at run-time once "-m connlabel" netfilter rules are added. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Kevin Cernekee authored
Most SIP devices use a source port of 5060/udp on SIP requests, so the response automatically comes back to port 5060: phone_ip:5060 -> proxy_ip:5060 REGISTER proxy_ip:5060 -> phone_ip:5060 100 Trying The newer Cisco IP phones, however, use a randomly chosen high source port for the SIP request but expect the response on port 5060: phone_ip:49173 -> proxy_ip:5060 REGISTER proxy_ip:5060 -> phone_ip:5060 100 Trying Standard Linux NAT, with or without nf_nat_sip, will send the reply back to port 49173, not 5060: phone_ip:49173 -> proxy_ip:5060 REGISTER proxy_ip:5060 -> phone_ip:49173 100 Trying But the phone is not listening on 49173, so it will never see the reply. This patch modifies nf_*_sip to work around this quirk by extracting the SIP response port from the Via: header, iff the source IP in the packet header matches the source IP in the SIP request. Signed-off-by: Kevin Cernekee <cernekee@gmail.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 15 Jan, 2013 14 commits
-
-
Yuval Mintz authored
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yuval Mintz authored
Since submit 621b4d66 the bnx2x driver support FW GRO. However, when using the device with GRO enabled in bridging scenarios throughput is very low, as the bridge expects all incoming packets to be passed with CHECKSUM_PARTIAL - a demand which is satisfied by the SW GRO implementation, but was missed in the bnx2x driver implementation (which returned CHECKSUM_UNNECESSARY). Now, given that the traffic is supported by FW GRO (TCP/IP), the bnx2x driver calculates the pseudo checksum by itself, passing skbs with CHECKSUM_PARTIAL and giving a much better throughput when receiving GRO traffic. Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yuval Mintz authored
When enabling interrupts, acknowledge the interrupt only after configuring the IGU to the correct interrupt mode (otherwise it would dirty selftests) Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yuval Mintz authored
Get better control over interrupts during panic, and allow FW to test outgoing Tx packets when stop-on-error is allowed. Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Miriam Shitrit authored
This revises and enhances the bnx2x register dump facilities, adding support for `ethtool -w' on top of `ethtool -d'. Signed-off-by: Miriam Shitrit <miris@broadcom.com> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yuval Mintz authored
When a device is configured to act as either iscsi or fcoe device in its nvram, prevent the other from being misused by preventing its activation in the driver. Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yaniv Rosner authored
On rare occasions, self test link may fail since the link is being sampled while it's still being stabilized. To correct this behaviour, try to sample the link for 2 seconds prior to declaring a failure. Signed-off-by: Yaniv Rosner <yanivr@broadcom.com> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dmitry Kravkov authored
Current logic causes chips running in switch dependent multi-function FCoE mode not to configure their MAC, leading to an all 0s MAC. This patch configures the interface with the SAN Mac instead. Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dmitry Kravkov authored
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yuval Mintz authored
Self-tests following boot from SAN have failed as the UNDI driver might leave some NIG interrupt indications. This patch does the clean-up, clearing those indications and allowing the test to pass. Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller authored
Conflicts: Documentation/networking/ip-sysctl.txt drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c Both conflicts were simply overlapping context. A build fix for qlcnic is in here too, simply removing the added devinit annotations which no longer exist. Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nithin Nayak Sujir authored
TG3_PHY_AUXCTL_SMDSP_ENABLE/DISABLE macros do a blind write to the phy auxiliary control register and overwrite the EXT_PKT_LEN (bit 14) resulting in intermittent crc errors on jumbo frames with some link partners. Change the code to do a read/modify/write. Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nithin Nayak Sujir authored
When netconsole is enabled, logging messages generated during tg3_open can result in a null pointer dereference for the uninitialized tg3 status block. Use the irq_sync flag to disable polling in the early stages. irq_sync is cleared when the driver is enabling interrupts after all initialization is completed. Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Paul Gortmaker authored
In commit a5e371f6 ("drivers/net: delete all code/drivers depending on CONFIG_MCA") most of the MCA drivers went, including the Kconfig/Makefile hooks for ibmlana, but it seems that I missed the "git rm" on these actual driver files, and with the namespace overlap with machine check architecture, it got missed by various git grep type checking done at that time. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 14 Jan, 2013 19 commits
-
-
git://1984.lsi.us.es/nfDavid S. Miller authored
Pablo Neira Ayuso says: ==================== The following patchset contains netfilter fixes for 3.8-rc3, they are: * fix possible BUG_ON if several netns are in use and the nf_conntrack module is removed, initial patch from Gao feng, final patch from myself. * fix unset return value if conntrack zone are disabled at compile-time, reported by Borislav Petkov, fix from myself. * fix display error message via dmesg for arp_tables, from Jan Engelhardt. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Paul Moore authored
This patch corrects some problems with LSM/SELinux that were introduced with the multiqueue patchset. The problem stems from the fact that the multiqueue work changed the relationship between the tun device and its associated socket; before the socket persisted for the life of the device, however after the multiqueue changes the socket only persisted for the life of the userspace connection (fd open). For non-persistent devices this is not an issue, but for persistent devices this can cause the tun device to lose its SELinux label. We correct this problem by adding an opaque LSM security blob to the tun device struct which allows us to have the LSM security state, e.g. SELinux labeling information, persist for the lifetime of the tun device. In the process we tweak the LSM hooks to work with this new approach to TUN device/socket labeling and introduce a new LSM hook, security_tun_dev_attach_queue(), to approve requests to attach to a TUN queue via TUNSETQUEUE. The SELinux code has been adjusted to match the new LSM hooks, the other LSMs do not make use of the LSM TUN controls. This patch makes use of the recently added "tun_socket:attach_queue" permission to restrict access to the TUNSETQUEUE operation. On older SELinux policies which do not define the "tun_socket:attach_queue" permission the access control decision for TUNSETQUEUE will be handled according to the SELinux policy's unknown permission setting. Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Eric Paris <eparis@parisplace.org> Tested-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Paul Moore authored
Add a new permission to align with the new TUN multiqueue support, "tun_socket:attach_queue". The corresponding SELinux reference policy patch is show below: diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors index 28802c5..a0664a1 100644 --- a/policy/flask/access_vectors +++ b/policy/flask/access_vectors @@ -827,6 +827,9 @@ class kernel_service class tun_socket inherits socket +{ + attach_queue +} class x_pointer inherits x_device Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Eric Paris <eparis@parisplace.org> Tested-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
spin_is_locked() on a non !SMP build is kind of useless. BUG_ON(!spin_is_locked(xx)) is guaranteed to crash. Just remove this check in reqsk_fastopen_remove() as the callers do hold the socket lock. Reported-by: Ketan Kulkarni <ketkulka@gmail.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Jerry Chu <hkchu@google.com> Cc: Yuchung Cheng <ycheng@google.com> Cc: Dave Taht <dave.taht@gmail.com> Acked-by: H.K. Jerry Chu <hkchu@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://sources.calxeda.com/kernel/linuxLinus Torvalds authored
Pull devicetree fixes from Rob Herring: "Two fixes to prevent unconditional re-compile of dts files on arm and arm64." * tag 'dt-fixes-for-3.8' of git://sources.calxeda.com/kernel/linux: ARM: dts: prevent *.dtb from always being rebuilt arm64: dts: prevent *.dtb from always being rebuilt
-
Linus Torvalds authored
Andrew Morton pointed this out a month ago, and then I completely forgot about it. If we read a partial last page of a block device, we will zero out the end of the page, but since that page can then be mapped into user space, we should also make sure to flush the cache on architectures that have virtual caches. We have the flush_dcache_page() function for this, so use it. Now, in practice this really never matters, because nobody sane uses virtual caches to begin with, and they largely exist on old broken RISC arhitectures. And even if you did run on one of those obsolete CPU's, the whole "mmap and access the last partial page of a block device" behavior probably doesn't actually exist. The normal IO functions (read/write) will never see the zeroed-out part of the page that migth not be coherent in the cache, because they honor the size of the device. So I'm marking this for stable (3.7 only), but I'm not sure anybody will ever care. Pointed-out-by: Andrew Morton <akpm@linux-foundation.org> Cc: stable@vger.kernel.org # 3.7 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Eric Dumazet authored
ifb should lookup devices in the appropriate namespace. Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Cc: Benjamin LaHaise <bcrl@kvack.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Fainelli authored
The flags argument of the phy_{attach,connect,connect_direct} functions is then used to assign a struct phy_device dev_flags with its value. All callers but the tg3 driver pass the flag 0, which results in the underlying PHY drivers in drivers/net/phy/ not being able to actually use any of the flags they would set in dev_flags. This patch gets rid of the flags argument, and passes phydev->dev_flags to the internal PHY library call phy_attach_direct() such that drivers which actually modify a phy device dev_flags get the value preserved for use by the underlying phy driver. Acked-by: Kosta Zertsekel <konszert@marvell.com> Signed-off-by: Florian Fainelli <florian@openwrt.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Benjamin LaHaise authored
Eric Dumazet pointed out that act_mirred needs to find the current net_ns, and struct net pointer is not provided in the call chain. His original patch made use of current->nsproxy->net_ns to find the network namespace, but this fails to work correctly for userspace code that makes use of netlink sockets in different network namespaces. Instead, pass the "struct net *" down along the call chain to where it is needed. This version removes the ifb changes as Eric has submitted that patch separately, but is otherwise identical to the previous version. Signed-off-by: Benjamin LaHaise <bcrl@kvack.org> Tested-by: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
YOSHIFUJI Hideaki / 吉藤英明 authored
The only user is cxgb3 driver. old_neigh is used to check device change, but it must not happen on redirect. In this sense, we can remove old_neigh argument. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/soundLinus Torvalds authored
Pull sound fixes from Takashi Iwai: "Most of commits found here are for ASoC device specific fixes, arizona, cs4271, wm5102, wm2200, etc, in addition to a couple of memory leak fixes in ASoC core. Other than that, regression fixes in HD-audio and USB-audio, and a fix for new Realtek codecs." * tag 'sound-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (30 commits) ALSA: usb-audio: Fix NULL dereference by access to non-existing substream ALSA: hda - Add support of new codec ALC284 ALSA: usb-audio: Make ebox44_table static ALSA: hdspm - Fix wordclock status on AES32 Revert "ALSA: hda - Shut up pins at power-saving mode with Conexnat codecs" ALSA: hda - Disable runtime D3 for Intel CPT & co ALSA: pxa27x: fix ac97 warm reset ALSA: pxa27x: fix ac97 cold reset ASoC: wm_adsp: Ensure that block writes are from DMA aligned addresses ASoC: wm2000: Fix sense of speech clarity enable ASoC: wm5100: Remove DSP B and left justified formats ASoC: arizona: Remove DSP B and left justified AIF modes ASoC: wm2200: Remove DSP B and left justified AIF modes ASoC: wm5102: Improve speaker enable performance ASoC: core: fix the memory leak in case of remove_aux_dev() ASoC: core: fix the memory leak in case of device_add() failure ASoC: cs42l52: Catch no-match case in cs42l52_get_clk ASoC: lm49453: Update lm49453_reg_defs values as per LM49453 HW revision-B ASoC: lm49453: Fix adc, mic and sidetone volume ranges ASoC: arizona: Correct FLL source definitions ...
-
Paul Gortmaker authored
The removal of the 8390 EISA drivers actually comprises the complete content of the EISA probe block, so we can now remove that block, and its hook into the unified probe. Note that the deleted comment mentions PCI probes, but they long since moved elsewhere, so no PCI probes are touched here. We get rid of the orphaned EISA probe prototypes, and a couple of left over MCA probe prototypes at the same time. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
YOSHIFUJI Hideaki / 吉藤英明 authored
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
YOSHIFUJI Hideaki / 吉藤英明 authored
ipv6_prefix_equal() just casts its arguments and it is the only user of __ipv6_prefix_equal(). Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
YOSHIFUJI Hideaki / 吉藤英明 authored
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
YOSHIFUJI Hideaki / 吉藤英明 authored
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
YOSHIFUJI Hideaki / 吉藤英明 authored
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
YOSHIFUJI Hideaki / 吉藤英明 authored
Introduce __ipv6_addr_diff64() to to find the first different bit between two addresses on 64bit architectures. 32bit version is still available as __ipv6_addr_diff32(), and __ipv6_addr_diff() automatically selects appropriate version. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/stagingLinus Torvalds authored
Pull staging fixes from Greg Kroah-Hartman: "Here are a number of small fixes to staging drivers for your 3.8-rc3 tree. Well, the omapdrm fixes aren't really "small" but they were waiting on a number of other drm patches to go in through the drm tree, and got delayed by my vacation over the holidays. They are totally self-contained, everyone involved have acked them, and they fix issues that people have been having with the driver. Other than that one, it's a bunch of tiny bugfixes for a number of reported issues. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>" * tag 'staging-3.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (36 commits) staging: zram: fix invalid memory references during disk write staging: tidspbridge: use prepare/unprepare on dsp clocks staging: tidspbridge: Fix build breakage due to splitting CM functions. staging: comedi: comedi_test: fix race when cancelling command staging: comedi: Kconfig: COMEDI_NI_AT_A2150 should select COMEDI_FC staging: comedi: prevent auto-unconfig of manually configured devices staging: comedi: fix minimum AO period for NI 625x and NI 628x staging: vme_pio2: fix oops on module unloading staging: speakup: avoid out-of-range access in synth_add() staging: speakup: avoid out-of-range access in synth_init() staging: rtl8192e: Fix failure to check pci_map_single() staging: rtl8187se: Fix failure to check pci_map_single() staging: drm/imx: fix double free bug in error path staging: drm/imx: several bug fixes staging: drm/imx: check return value of ipu_reset() staging: drm/omap: fix flags in dma buf exporting staging: drm/omap: use omapdss low level API staging/fwserial: Update TODO file per reviewer comments staging/fwserial: Limit tx/rx to 1394-2008 spec maximum staging/fwserial: Refine Kconfig help text ...
-