- 19 Jun, 2008 3 commits
-
-
Vlad Yasevich authored
RFC 4960, Section 11.4. Protection of Non-SCTP-Capable Hosts When an SCTP stack receives a packet containing multiple control or DATA chunks and the processing of the packet requires the sending of multiple chunks in response, the sender of the response chunk(s) MUST NOT send more than one packet. If bundling is supported, multiple response chunks that fit into a single packet MAY be bundled together into one single response packet. If bundling is not supported, then the sender MUST NOT send more than one response chunk and MUST discard all other responses. Note that this rule does NOT apply to a SACK chunk, since a SACK chunk is, in itself, a response to DATA and a SACK does not require a response of more DATA. We implement this by not servicing our outqueue until we reach the end of the packet. This enables maximum bundling. We also identify 'response' chunks and make sure that we only send 1 packet when sending such chunks. Signed-off-by:
Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Wei Yongjun authored
This patch add to validate initiate tag and chunk type if verification tag is 0 when handling ICMP message. RFC 4960, Appendix C. ICMP Handling ICMP6) An implementation MUST validate that the Verification Tag contained in the ICMP message matches the Verification Tag of the peer. If the Verification Tag is not 0 and does NOT match, discard the ICMP message. If it is 0 and the ICMP message contains enough bytes to verify that the chunk type is an INIT chunk and that the Initiate Tag matches the tag of the peer, continue with ICMP7. If the ICMP message is too short or the chunk type or the Initiate Tag does not match, silently discard the packet. Signed-off-by:
Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by:
-
David S. Miller authored
Conflicts: net/mac80211/tx.c
-
- 18 Jun, 2008 36 commits
-
-
Johannes Berg authored
When a driver rejects a frame in it's ->tx() callback, it must also stop queues, otherwise mac80211 can go into a loop here. Detect this situation and abort the loop after five retries, warning about the driver bug. Signed-off-by:
Johannes Berg <johannes@sipsolutions.net> Signed-off-by:
-
Patrick McHardy authored
genetlink has a circular locking dependency when dumping the registered families: - dump start: genl_rcv() : take genl_mutex genl_rcv_msg() : call netlink_dump_start() while holding genl_mutex netlink_dump_start(), netlink_dump() : take nlk->cb_mutex ctrl_dumpfamily() : try to detect this case and not take genl_mutex a second time - dump continuance: netlink_rcv() : call netlink_dump netlink_dump : take nlk->cb_mutex ctrl_dumpfamily() : take genl_mutex Register genl_lock as callback mutex with netlink to fix this. This slightly widens an already existing module unload race, the genl ops used during the dump might go away when the module is unloaded. Thomas Graf is working on a seperate fix for this. Signed-off-by:Patrick McHardy <kaber@trash.net> Signed-off-by:
-
Wang Chen authored
Max of promiscuity and allmulti plus positive @inc can cause overflow. Fox example: when allmulti=0xFFFFFFFF, any caller give dev_set_allmulti() a positive @inc will cause allmulti be off. This is not what we want, though it's rare case. The fix is that only negative @inc will cause allmulti or promiscuity be off and when any caller makes the counters touch the roof, we return error. Change of v2: Change void function dev_set_promiscuity/allmulti to return int. So callers can get the overflow error. Caller's fix will be done later. Change of v3: 1. Since we return error to caller, we don't need to print KERN_ERROR, KERN_WARNING is enough. 2. In dev_set_promiscuity(), if __dev_set_promiscuity() failed, we return at once. Signed-off-by:
Wang Chen <wangchen@cn.fujitsu.com> Acked-by:
-
David S. Miller authored
This reverts commit 608961a5. The problem is that the mac80211 stack not only needs to be able to muck with the link-level headers, it also might need to mangle all of the packet data if doing sw wireless encryption. This fixes kernel bugzilla #10903. Thanks to Didier Raboud (for the bugzilla report), Andrew Prince (for bisecting), Johannes Berg (for bringing this bisection analysis to my attention), and Ilpo (for trying to analyze this purely from the TCP side). In 2.6.27 we can take another stab at this, by using something like skb_cow_data() when the TX path of mac80211 ends up with a non-NULL tx->key. The ESP protocol code in the IPSEC stack can be used as a model for implementation. Signed-off-by:
-
Rami Rosen authored
In net/ipv6/tcp_ipv6.c: - Remove unneeded tcp_v6_send_check() declaration. Signed-off-by:
Rami Rosen <ramirose@gmail.com> Signed-off-by:
-
David S. Miller authored
In order to more easily grep for all things that set sk->sk_socket, add sk_set_socket() helper inline function. Suggested (although only half-seriously) by Evgeniy Polyakov. Signed-off-by: -
Rainer Weikusat authored
The unix_dgram_sendmsg routine implements a (somewhat crude) form of receiver-imposed flow control by comparing the length of the receive queue of the 'peer socket' with the max_ack_backlog value stored in the corresponding sock structure, either blocking the thread which caused the send-routine to be called or returning EAGAIN. This routine is used by both SOCK_DGRAM and SOCK_SEQPACKET sockets. The poll-implementation for these socket types is datagram_poll from core/datagram.c. A socket is deemed to be writeable by this routine when the memory presently consumed by datagrams owned by it is less than the configured socket send buffer size. This is always wrong for connected PF_UNIX non-stream sockets when the abovementioned receive queue is currently considered to be full. 'poll' will then return, indicating that the socket is writeable, but a subsequent write result in EAGAIN, effectively causing an (usual) application to 'poll for writeability by repeated send request with O_NONBLOCK set' until it has consumed its time quantum. The change below uses a suitably modified variant of the datagram_poll routines for both type of PF_UNIX sockets, which tests if the recv-queue of the peer a socket is connected to is presently considered to be 'full' as part of the 'is this socket writeable'-checking code. The socket being polled is additionally put onto the peer_wait wait queue associated with its peer, because the unix_dgram_sendmsg routine does a wake up on this queue after a datagram was received and the 'other wakeup call' is done implicitly as part of skb destruction, meaning, a process blocked in poll because of a full peer receive queue could otherwise sleep forever if no datagram owned by its socket was already sitting on this queue. Among this change is a small (inline) helper routine named 'unix_recvq_full', which consolidates the actual testing code (in three different places) into a single location. Signed-off-by:
Rainer Weikusat <rweikusat@mssgmbh.com> Signed-off-by:
-
David S. Miller authored
-
David S. Miller authored
-
David S. Miller authored
Tihomir Heidelberg - 9a4gl, reports: -------------------- I would like to direct you attention to one problem existing in ax.25 kernel since 2.4. If listening socket is closed and its SKB queue is released but those sockets get weird. Those "unAccepted()" sockets should be destroyed in ax25_std_heartbeat_expiry, but it will not happen. And there is also a note about that in ax25_std_timer.c: /* Magic here: If we listen() and a new link dies before it is accepted() it isn't 'dead' so doesn't get removed. */ This issue cause ax25d to stop accepting new connections and I had to restarted ax25d approximately each day and my services were unavailable. Also netstat -n -l shows invalid source and device for those listening sockets. It is strange why ax25d's listening socket get weird because of this issue, but definitely when I solved this bug I do not have problems with ax25d anymore and my ax25d can run for months without problems. -------------------- Actually as far as I can see, this problem is even in releases as far back as 2.2.x as well. It seems senseless to special case this test on TCP_LISTEN state. Anything still stuck in state 0 has no external references and we can just simply kill it off directly. Signed-off-by: -
Wang Chen authored
The comments of dev_set_allmulti/promiscuity() is that "While the count in the device remains above zero...". So negative count is useless. Fix the type of the counter from "int" to "unsigned int". Signed-off-by:
-
Ang Way Chuang authored
By default, tun.c running in TUN_TUN_DEV mode will set the protocol of packet to IPv4 if TUN_NO_PI is set. My program failed to work when I assumed that the driver will check the first nibble of packet, determine IP version and set the appropriate protocol. Signed-off-by:
Ang Way Chuang <wcang@nav6.org> Acked-by:
Max Krasnyansky <maxk@qualcomm.com> Signed-off-by:
-
Eric Dumazet authored
In commits 33c732c3 ([IPV4]: Add raw drops counter) and a92aa318 ([IPV6]: Add raw drops counter), Wang Chen added raw drops counter for /proc/net/raw & /proc/net/raw6 This patch adds this capability to UDP sockets too (/proc/net/udp & /proc/net/udp6). This means that 'RcvbufErrors' errors found in /proc/net/snmp can be also be examined for each udp socket. # grep Udp: /proc/net/snmp Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors Udp: 23971006 75 899420 16390693 146348 0 # cat /proc/net/udp sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt --- uid timeout inode ref pointer drops 75: 00000000:02CB 00000000:0000 07 00000000:00000000 00:00000000 00000000 --- 0 0 2358 2 ffff81082a538c80 0 111: 00000000:006F 00000000:0000 07 00000000:00000000 00:00000000 00000000 --- 0 0 2286 2 ffff81042dd35c80 146348 In this example, only port 111 (0x006F) was flooded by messages that user program could not read fast enough. 146348 messages were lost. Signed-off-by:
Eric Dumazet <dada1@cosmosbay.com> Signed-off-by:
-
Jeff Kirsher authored
Add PJ Waskiewicz to the list of maintainers for Intel 10/100/1000/10GbE adapters. Signed-off-by:
Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by:
PJ Waskiewicz <peter.p.waskiewicz.jr@intel.com> Signed-off-by:
Jeff Garzik <jgarzik@redhat.com>
-
Jay Vosburgh authored
Permit bonding to function rationally if max_bonds is set to zero. This will load the module, but create no master devices (which can be created via sysfs). Requires some change to bond_create_sysfs; currently, the netdev sysfs directory is determined from the first bonding device created, but this is no longer possible. Instead, an interface from net/core is created to create and destroy files in net_class. Based on a patch submitted by Phil Oester <kernel@linuxaces.com>. Modified by Jay Vosburgh to fix the sysfs issue mentioned above and to update the documentation. Signed-off-by:
Phil Oester <kernel@linuxace.com> Signed-off-by:
Jay Vosburgh <fubar@us.ibm.com> Signed-off-by:
-
Jay Vosburgh authored
Support for sending multiple gratuitous ARPs during failovers was added by commit: commit 7893b249 Author: Moni Shoua <monis@voltaire.com> Date: Sat May 17 21:10:12 2008 -0700 bonding: Send more than one gratuitous ARP when slave takes over This change modifies that support to remove duplicated code, add support for ARP monitor (the original only supported miimon), clear the grat ARP counter in bond_close (lest a later "ifconfig up" immediately start spewing ARPs), and add documentation for the module parameter. Also updated driver version to 3.3.0. Signed-off-by:
-
Or Gerlitz authored
under active-backup mode and when there's actual new_active slave, have bond_change_active_slave() call the networking core to deliver NETDEV_BONDING_FAILOVER event such that the fail-over can be notable by code outside of the bonding driver such as the RDMA stack and monitoring tools. As the correct context of locking appropriate for notifier calls is RTNL and nothing else, bond->curr_slave_lock and bond->lock are unlocked and later locked again. This is ensured by the rest of the code to be safe under backup-mode AND when new_active is not NULL. Jay Vosburgh modified the original patch for formatting and fixed a compiler error. Signed-off-by:
Or Gerlitz <ogerlitz@voltaire.com> Signed-off-by:
-
Or Gerlitz authored
simplified the code of bond_change_active_slave() such that under active-backup mode there's one "if (new_active)" test and the rest of the code only does extra checks on top of it. This removed an unneeded "if (bond->send_grat_arp > 0)" check and avoid calling bond_send_gratuitous_arp when there's no active slave. Jay Vosburgh made minor coding style changes to the orignal patch. Signed-off-by:
-
Or Gerlitz authored
Add NETDEV_BONDING_FAILOVER event to be used in a successive patch by bonding to announce fail-over for the active-backup mode through the netdev events notifier chain mechanism. Such an event can be of use for the RDMA CM (communication manager) to let native RDMA ULPs (eg NFS-RDMA, iSER) always be aligned with the IP stack, in the sense that they use the same ports/links as the stack does. More usages can be done to allow monitoring tools based on netlink events being aware to bonding fail-over. Signed-off-by:
-
Stephen Hemminger authored
New version to reflect new hardware support Signed-off-by:
Stephen Hemminger <shemminger@vyatta.com> Signed-off-by:
-
Stephen Hemminger authored
Add support for Yukon 2 Ultra 2 chip set (88E8057) based on code in latest version of vendor driver (sk98lin 10.60.2.3). Untested on real hardware. Signed-off-by:
-
Stephen Hemminger authored
PCI device table can be marked as devinitconst by using macro. Signed-off-by:
-
Stephen Hemminger authored
Change how chip version is printed so that if an unknown version is detected nothing breaks. Signed-off-by:
-
Stephen Hemminger authored
Change the setup of the PHY registers on some chip ids. These changes make the latest sky2 driver follow the vendor driver. Signed-off-by:
-
Josh Boyer authored
The arch/ppc sub-tree has been removed in the powerpc git tree. The old ibm_emac driver is no longer used by anything as a result of this. This removes it, leaving the ibm_newemac driver as the proper driver to use for PowerPC boards with the EMAC hardware. Signed-off-by:
Josh Boyer <jwboyer@linux.vnet.ibm.com> Signed-off-by:
-
-
Radu Cristescu authored
The atl1 driver tries to determine the MAC address thusly: - If an EEPROM exists, read the MAC address from EEPROM and validate it. - If an EEPROM doesn't exist, try to read a MAC address from SPI flash. - If that fails, try to read a MAC address directly from the MAC Station Address register. - If that fails, assign a random MAC address provided by the kernel. We now have a report of a system fitted with an EEPROM containing all zeros where we expect the MAC address to be, and we currently handle this as an error condition. Turns out, on this system the BIOS writes a valid MAC address to the NIC's MAC Station Address register, but we never try to read it because we return an error when we find the all- zeros address in EEPROM. This patch relaxes the error check and continues looking for a MAC address even if it finds an illegal one in EEPROM. Signed-off-by:
Radu Cristescu <advantis@gmx.net> Signed-off-by:
Jay Cliburn <jacliburn@bellsouth.net> Signed-off-by:
-
David Brownell authored
Keep enc28j60 chips in low-power mode when they're not in use. At typically 120 mA, these chips run hot even when idle; this low power mode cuts that power usage by a factor of around 100. This version provides a generic routine to poll a register until its masked value equals some value ... e.g. bit set or cleared. It's basically what the previous wait_phy_ready() did, but this version is generalized to support the handshaking needed to enter and exit low power mode. Signed-off-by:
David Brownell <dbrownell@users.sourceforge.net> Signed-off-by:
Claudio Lanconelli <lanconelli.claudio@eptar.com> Signed-off-by:
-
David Brownell authored
Minor bugfixes to the enc28j60 driver ... wrong section marking, indentation, and bogus use of spi_bus_type. Signed-off-by:
-
Stephen Hemminger authored
Missed one pci id for 88E8040T. Signed-off-by:
-
Dhananjay Phadke authored
Downloading firmware in pci probe allows recovery in case of firmware failure by reloading the driver. Also reduced delays in firmware load. Signed-off-by:
Dhananjay Phadke <dhananjay@netxen.com> Signed-off-by:
-
Dhananjay Phadke authored
o Remove unnecessary debug prints and functions. o Explicitly specify pci class (0x020000) to avoid enabling management function. Signed-off-by:
-
Dhananjay Phadke authored
Store physical port number in netxen_adapter structure. Signed-off-by:
-
Dhananjay Phadke authored
This fixes a the issue where logical port number is set incorrectly for HP blade mezz cards. Signed-off-by:
-
Josh Boyer authored
The ibm_newemac driver requires ether_crc to be defined. Apparently it is possible to generate a .config without CONFIG_CRC32 set which causes the following link errors if IBM_NEW_EMAC is selected: LD .tmp_vmlinux1 drivers/built-in.o: In function `emac_hash_mc': core.c:(.text+0x2f524): undefined reference to `crc32_le' core.c:(.text+0x2f528): undefined reference to `bitrev32' make: *** [.tmp_vmlinux1] Error 1 This patch has IBM_NEW_EMAC select CRC32 so we don't hit this error. Signed-off-by:
-
Bernard Pidoux authored
ROSE network is organized through nodes connected via hamradio or Internet. AX25 packet radio frames sent to a remote ROSE address destination are routed through these nodes. Without the present patch, automatic routing mechanism did not work optimally due to an improper parameter checking. rose_get_neigh() function is called either by rose_connect() or by rose_route_frame(). In the case of a call from rose_connect(), f0 timer is checked to find if a connection is already pending. In that case it returns the address of the neighbour, or returns a NULL otherwise. When called by rose_route_frame() the purpose was to route a packet AX25 frame through an adjacent node given a destination rose address. However, in that case, t0 timer checked does not indicate if the adjacent node is actually connected even if the timer is not null. Thus, for each frame sent, the function often tried to start a new connexion even if the adjacent node was already connected. The patch adds a "new" parameter that is true when the function is called by rose route_frame(). This instructs rose_get_neigh() to check node parameter "restarted". If restarted is true it means that the route to the destination address is opened via a neighbour node already connected. If "restarted" is false the function returns a NULL. In that case the calling function will initiate a new connection as before. This results in a fast routing of frames, from nodes to nodes, until destination is reached, as originaly specified by ROSE protocole. Signed-off-by:
Bernard Pidoux <f6bvp@amsat.org> Signed-off-by:
-
- 17 Jun, 2008 1 commit
-
-
Steffen Klassert authored
When generating the ip header for the transformed packet we just copy the frag_off field of the ip header from the original packet to the ip header of the new generated packet. If we receive a packet as a chain of fragments, all but the last of the new generated packets have the IP_MF flag set. We have to mask the frag_off field to only keep the IP_DF flag from the original packet. This got lost with git commit 36cf9acf ("[IPSEC]: Separate inner/outer mode processing on output") Signed-off-by:
Steffen Klassert <steffen.klassert@secunet.com> Acked-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
