Revision tags: v2.6.26-rc8, v2.6.26-rc7, v2.6.26-rc6 |
|
#
0b040829 |
| 11-Jun-2008 |
Adrian Bunk <bunk@kernel.org> |
net: remove CVS keywords
This patch removes CVS keywords that weren't updated for a long time from comments.
Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davem
net: remove CVS keywords
This patch removes CVS keywords that weren't updated for a long time from comments.
Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v2.6.26-rc5, v2.6.26-rc4, v2.6.26-rc3, v2.6.26-rc2, v2.6.26-rc1, v2.6.25, v2.6.25-rc9 |
|
#
1ed8516f |
| 03-Apr-2008 |
Denis V. Lunev <den@openvz.org> |
[IPV6]: Simplify IPv6 control sockets creation.
Do this by replacing sock_create_kern with inet_ctl_sock_create.
Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Arnaldo Carvalho de Melo <a
[IPV6]: Simplify IPv6 control sockets creation.
Do this by replacing sock_create_kern with inet_ctl_sock_create.
Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
af268182 |
| 03-Apr-2008 |
Herbert Xu <herbert@gondor.apana.org.au> |
[ICMP]: Ensure that ICMP relookup maintains status quo
The ICMP relookup path is only meant to modify behaviour when appropriate IPsec policies are in place and marked as requiring relookups. It is
[ICMP]: Ensure that ICMP relookup maintains status quo
The ICMP relookup path is only meant to modify behaviour when appropriate IPsec policies are in place and marked as requiring relookups. It is certainly not meant to modify behaviour when IPsec policies don't exist at all.
However, due to an oversight on the error paths existing behaviour may in fact change should one of the relookup steps fail.
This patch corrects this by redirecting all errors on relookup failures to the previous code path. That is, if the initial xfrm_lookup let the packet pass, we will stand by that decision should the relookup fail due to an error.
This should be safe from a security point-of-view because compliant systems must install a default deny policy so the packet would'nt have passed in that case.
Many thanks to Julian Anastasov for pointing out this error.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
f32c5f2c |
| 02-Apr-2008 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPV6]: Fix ICMP relookup error path dst leak
When we encounter an error while looking up the dst the second time we need to drop the first dst. This patch is pretty much the same as the one for IP
[IPV6]: Fix ICMP relookup error path dst leak
When we encounter an error while looking up the dst the second time we need to drop the first dst. This patch is pretty much the same as the one for IPv4.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v2.6.25-rc8, v2.6.25-rc7 |
|
#
3b1e0a65 |
| 25-Mar-2008 |
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
[NET] NETNS: Omit sock->sk_net without CONFIG_NET_NS.
Introduce per-sock inlines: sock_net(), sock_net_set() and per-inet_timewait_sock inlines: twsk_net(), twsk_net_set(). Without CONFIG_NET_NS, no
[NET] NETNS: Omit sock->sk_net without CONFIG_NET_NS.
Introduce per-sock inlines: sock_net(), sock_net_set() and per-inet_timewait_sock inlines: twsk_net(), twsk_net_set(). Without CONFIG_NET_NS, no namespace other than &init_net exists. Let's explicitly define them to help compiler optimizations.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
show more ...
|
#
c346dca1 |
| 25-Mar-2008 |
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
[NET] NETNS: Omit net_device->nd_net without CONFIG_NET_NS.
Introduce per-net_device inlines: dev_net(), dev_net_set(). Without CONFIG_NET_NS, no namespace other than &init_net exists. Let's explici
[NET] NETNS: Omit net_device->nd_net without CONFIG_NET_NS.
Introduce per-net_device inlines: dev_net(), dev_net_set(). Without CONFIG_NET_NS, no namespace other than &init_net exists. Let's explicitly define them to help compiler optimizations.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
show more ...
|
Revision tags: v2.6.25-rc6 |
|
#
6b75d090 |
| 10-Mar-2008 |
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
[IPV6]: Optimize hop-limit determination.
Last part of hop-limit determination is always: hoplimit = dst_metric(dst, RTAX_HOPLIMIT); if (hoplimit < 0) hoplimit = ipv6_get_hoplimit(ds
[IPV6]: Optimize hop-limit determination.
Last part of hop-limit determination is always: hoplimit = dst_metric(dst, RTAX_HOPLIMIT); if (hoplimit < 0) hoplimit = ipv6_get_hoplimit(dst->dev).
Let's consolidate it as ip6_dst_hoplimit(dst).
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
show more ...
|
Revision tags: v2.6.25-rc5 |
|
#
9a43b709 |
| 05-Mar-2008 |
Benjamin Thery <benjamin.thery@bull.net> |
[NETNS][IPV6] icmp6 - make icmpv6_socket per namespace
This patch make the changes necessary to support network namespaces in ICMPv6.
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net> Signed-
[NETNS][IPV6] icmp6 - make icmpv6_socket per namespace
This patch make the changes necessary to support network namespaces in ICMPv6.
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
4591db4f |
| 05-Mar-2008 |
Daniel Lezcano <dlezcano@fr.ibm.com> |
[NETNS][IPV6] route6 - add netns parameter to ip6_route_output
Add an netns parameter to ip6_route_output. That will allow to access to the right routing table for outgoing traffic.
Signed-off-by:
[NETNS][IPV6] route6 - add netns parameter to ip6_route_output
Add an netns parameter to ip6_route_output. That will allow to access to the right routing table for outgoing traffic.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Benjamin Thery <benjamin.thery@bull.net> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v2.6.25-rc4, v2.6.25-rc3, v2.6.25-rc2, v2.6.25-rc1, v2.6.24, v2.6.24-rc8, v2.6.24-rc7, v2.6.24-rc6, v2.6.24-rc5 |
|
#
95e41e93 |
| 06-Dec-2007 |
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
[IPV6]: Make ndisc_flow_init() common for later use.
For later use, this patch is renaming ndisc_flow_init() to icmpv6_flow_init() and putting it in common place.
Signed-off-by: YOSHIFUJI Hideaki <
[IPV6]: Make ndisc_flow_init() common for later use.
For later use, this patch is renaming ndisc_flow_init() to icmpv6_flow_init() and putting it in common place.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
show more ...
|
#
5ee09105 |
| 27-Feb-2008 |
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
[IPV6] SYSCTL: complete initialization for sysctl table in subsystem code.
Move initialization bits for subsystem sysctl tables to appropriate functions. - route - icmp
Signed-off-by: YOSHIFUJI H
[IPV6] SYSCTL: complete initialization for sysctl table in subsystem code.
Move initialization bits for subsystem sysctl tables to appropriate functions. - route - icmp
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
show more ...
|
#
8ed7edce |
| 03-Mar-2008 |
Alexey Dobriyan <adobriyan@sw.ru> |
ipv6: fix inet6_init/icmpv6_cleanup sections mismatch
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
98c6d1b2 |
| 29-Feb-2008 |
Denis V. Lunev <den@openvz.org> |
[NETNS]: Make icmpv6_sk per namespace.
All preparations are done. Now just add a hook to perform an initialization on namespace startup and replace icmpv6_sk macro with proper inline call. Actual n
[NETNS]: Make icmpv6_sk per namespace.
All preparations are done. Now just add a hook to perform an initialization on namespace startup and replace icmpv6_sk macro with proper inline call. Actual namespace the packet belongs too will be passed later along with the one for the routing.
Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
5c8cafd6 |
| 29-Feb-2008 |
Denis V. Lunev <den@openvz.org> |
[NETNS]: icmp(v6)_sk should not pin a namespace.
So, change icmp(v6)_sk creation/disposal to the scheme used in the netlink for rtnl, i.e. create a socket in the context of the init_net and assign t
[NETNS]: icmp(v6)_sk should not pin a namespace.
So, change icmp(v6)_sk creation/disposal to the scheme used in the netlink for rtnl, i.e. create a socket in the context of the init_net and assign the namespace without getting a referrence later.
Also use sk_release_kernel instead of sock_release to properly destroy such sockets.
Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
79c91159 |
| 29-Feb-2008 |
Denis V. Lunev <den@openvz.org> |
[ICMP]: Allocate data for __icmp(v6)_sk dynamically.
Own __icmp(v6)_sk should be present in each namespace. So, it should be allocated dynamically. Though, alloc_percpu does not fit the case as it i
[ICMP]: Allocate data for __icmp(v6)_sk dynamically.
Own __icmp(v6)_sk should be present in each namespace. So, it should be allocated dynamically. Though, alloc_percpu does not fit the case as it implies additional dereferrence for no bonus.
Allocate data for pointers just like __percpu_alloc_mask does and place pointers to struct sock into this array.
Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
405666db |
| 29-Feb-2008 |
Denis V. Lunev <den@openvz.org> |
[ICMP]: Pass proper ICMP socket into icmp(v6)_xmit_(un)lock.
We have to get socket lock inside icmp(v6)_xmit_lock/unlock. The socket is get from global variable now. When this code became namespaces
[ICMP]: Pass proper ICMP socket into icmp(v6)_xmit_(un)lock.
We have to get socket lock inside icmp(v6)_xmit_lock/unlock. The socket is get from global variable now. When this code became namespaces, one should pass a namespace and get socket from it.
Though, above is useless. Socket is available in the caller, just pass it inside. This saves a bit of code now and saves more later.
add/remove: 0/0 grow/shrink: 1/3 up/down: 1/-169 (-168) function old new delta icmp_rcv 718 719 +1 icmpv6_rcv 2343 2303 -40 icmp_send 1566 1518 -48 icmp_reply 549 468 -81
Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
b7e729c4 |
| 29-Feb-2008 |
Denis V. Lunev <den@openvz.org> |
[ICMP]: Store sock rather than socket for ICMP flow control.
Basically, there is no difference, what to store: socket or sock. Though, sock looks better as there will be 1 less dereferrence on the f
[ICMP]: Store sock rather than socket for ICMP flow control.
Basically, there is no difference, what to store: socket or sock. Though, sock looks better as there will be 1 less dereferrence on the fast path.
Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
9b0f976f |
| 29-Feb-2008 |
Denis V. Lunev <den@openvz.org> |
[INET]: Remove struct net_proto_family* from _init calls.
struct net_proto_family* is not used in icmp[v6]_init, ndisc_init, igmp_init and tcp_v4_init. Remove it.
Signed-off-by: Denis V. Lunev <den
[INET]: Remove struct net_proto_family* from _init calls.
struct net_proto_family* is not used in icmp[v6]_init, ndisc_init, igmp_init and tcp_v4_init. Remove it.
Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
8cf22943 |
| 05-Feb-2008 |
Herbert Xu <herbert@gondor.apana.org.au> |
[ICMP]: Restore pskb_pull calls in receive function
Somewhere along the development of my ICMP relookup patch the header length check went AWOL on the non-IPsec path. This patch restores the check.
[ICMP]: Restore pskb_pull calls in receive function
Somewhere along the development of my ICMP relookup patch the header length check went AWOL on the non-IPsec path. This patch restores the check.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
bfeade08 |
| 11-Jan-2008 |
Daniel Lezcano <dlezcano@fr.ibm.com> |
[NETNS][IPV6]: inet6_addr - check ipv6 address per namespace
When a new address is added, we must check if the new address does not already exists. This patch makes this check to be aware of a netw
[NETNS][IPV6]: inet6_addr - check ipv6 address per namespace
When a new address is added, we must check if the new address does not already exists. This patch makes this check to be aware of a network namespace, so the check will look if the address already exists for the specified network namespace. While the addresses are browsed, the addresses which do not belong to the namespace are discarded.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Benjamin Thery <benjamin.thery@bull.net> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
41a76906 |
| 10-Jan-2008 |
Daniel Lezcano <dlezcano@fr.ibm.com> |
[NETNS][IPV6]: Make icmpv6_time sysctl per namespace.
This patch moves the icmpv6_time sysctl to the network namespace structure.
Because the ipv6 protocol is not yet per namespace, the variable is
[NETNS][IPV6]: Make icmpv6_time sysctl per namespace.
This patch moves the icmpv6_time sysctl to the network namespace structure.
Because the ipv6 protocol is not yet per namespace, the variable is accessed relatively to the initial network namespace.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
760f2d01 |
| 10-Jan-2008 |
Daniel Lezcano <dlezcano@fr.ibm.com> |
[NETNS][IPV6]: Make multiple instance of sysctl tables.
Each network namespace wants its own set of sysctl value, eg. we should not be able from a namespace to set a sysctl value for another namespa
[NETNS][IPV6]: Make multiple instance of sysctl tables.
Each network namespace wants its own set of sysctl value, eg. we should not be able from a namespace to set a sysctl value for another namespace , especially for the initial network namespace.
This patch duplicates the sysctl table when we register a new network namespace for ipv6. The duplicated table are postfixed with the "template" word to notify the developper the table is cloned.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
aebcf82c |
| 12-Dec-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Do not let packets pass when ICMP flag is off
This fixes a logical error in ICMP policy checks which lets packets through if the state ICMP flag is off.
Signed-off-by: Herbert Xu <herbert@
[IPSEC]: Do not let packets pass when ICMP flag is off
This fixes a logical error in ICMP policy checks which lets packets through if the state ICMP flag is off.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
7233b9f3 |
| 12-Dec-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Fix reversed ICMP6 policy check
The policy check I added for ICMP on IPv6 is reversed. This patch fixes that.
It also adds an skb->sp check so that unprotected packets that fail the polic
[IPSEC]: Fix reversed ICMP6 policy check
The policy check I added for ICMP on IPv6 is reversed. This patch fixes that.
It also adds an skb->sp check so that unprotected packets that fail the policy check do not crash the machine.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
8b7817f3 |
| 12-Dec-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Add ICMP host relookup support
RFC 4301 requires us to relookup ICMP traffic that does not match any policies using the reverse of its payload. This patch implements this for ICMP traffic
[IPSEC]: Add ICMP host relookup support
RFC 4301 requires us to relookup ICMP traffic that does not match any policies using the reverse of its payload. This patch implements this for ICMP traffic that originates from or terminates on localhost.
This is activated on outbound with the new policy flag XFRM_POLICY_ICMP, and on inbound by the new state flag XFRM_STATE_ICMP.
On inbound the policy check is now performed by the ICMP protocol so that it can repeat the policy check where necessary.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|