]> www.infradead.org Git - users/willy/linux.git/log
users/willy/linux.git
18 years ago[MAC80211]: use internal network device stats
Stephen Hemminger [Fri, 24 Aug 2007 18:29:34 +0000 (11:29 -0700)]
[MAC80211]: use internal network device stats

Stats are now available for device usage inside network_device

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: get STA after tx radiotap snipped
warmcat [Fri, 14 Sep 2007 15:10:25 +0000 (11:10 -0400)]
[MAC80211]: get STA after tx radiotap snipped

Johannes Berg noticed that in __ieee80211_tx_prepare() we try to get the
STA from addr1 of the ieee80211 header when the radiotap header is actually
still at the front of the packet.  This patch defers doing that until the
radiotap header is gone.

Signed-off-by: Andy Green <andy@warmcat.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: ignore key index on pairwise key (WEP only)
Volker Braun [Fri, 14 Sep 2007 15:10:25 +0000 (11:10 -0400)]
[MAC80211]: ignore key index on pairwise key (WEP only)

Work-around for broken APs that use a non-zero key index for WEP
pairwise keys. With this patch, WEP encryption only is exempt from
providing a zero key index.

Signed-off-by: Volker Braun <volker.braun@physik.hu-berlin.de>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove TKIP mixing for hw accel again
Johannes Berg [Fri, 14 Sep 2007 15:10:25 +0000 (11:10 -0400)]
[MAC80211]: remove TKIP mixing for hw accel again

The TKIP mixing code was added for the benefit of Intel's ipw3945
chipset but that code ended up not using it. We have previously
identified many problems with this code and it crystallized that
library functions for mixing are likely to handle this in much
more generality and might allow b43 to take advantage of hardware
acceleration for TKIP.

Due to these reasons, remove the TKIP mixing for hardware
accelerated crypto operations.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Buesch <mb@bu3sch.de>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove HW_KEY_IDX_INVALID
Johannes Berg [Fri, 14 Sep 2007 15:10:25 +0000 (11:10 -0400)]
[MAC80211]: remove HW_KEY_IDX_INVALID

This patch makes the mac80211/driver interface rely only on the
IEEE80211_TXCTL_DO_NOT_ENCRYPT flag to signal to the driver whether
a frame should be encrypted or not, since mac80211 internally no
longer relies on HW_KEY_IDX_INVALID either this removes it, changes
the key index to be a u8 in all places and makes the full range of
the value available to drivers.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: some more documentation
Johannes Berg [Fri, 14 Sep 2007 15:10:25 +0000 (11:10 -0400)]
[MAC80211]: some more documentation

This patch formats some documentation in mac80211.h into kerneldoc
and also adds some more explanations for hardware crypto.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove set_key_idx callback
Johannes Berg [Fri, 14 Sep 2007 15:10:25 +0000 (11:10 -0400)]
[MAC80211]: remove set_key_idx callback

No existing drivers use this callback, hence there's no telling
how it might be used. In fact, it is unlikely to be of much use
as-is because the default key index isn't something that the
driver can do much with without knowing which interface it was
for etc. And if it needs the key index for the transmitted frame,
it can get it by keeping a reference to the key_conf structure
and looking it up by hw_key_idx.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: rework hardware crypto flags
Johannes Berg [Fri, 14 Sep 2007 15:10:25 +0000 (11:10 -0400)]
[MAC80211]: rework hardware crypto flags

This patch reworks the various hardware crypto related
flags to make them more local, i.e. put them with each
key or each packet instead of into the hw struct.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove turbo modes
Johannes Berg [Fri, 14 Sep 2007 15:10:25 +0000 (11:10 -0400)]
[MAC80211]: remove turbo modes

This patch removes all mention of the atheros turbo modes that
can't possibly work properly anyway since in some places we don't
check for them when we should.

I have no idea what the iwlwifi drivers were doing with these but
it can't possibly have been correct.

Cc: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: fix race conditions with keys
Johannes Berg [Fri, 14 Sep 2007 15:10:24 +0000 (11:10 -0400)]
[MAC80211]: fix race conditions with keys

During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.

Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)

This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.

When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.

In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().

One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.

This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: don't send invalid QoS frames
Johannes Berg [Fri, 14 Sep 2007 15:10:24 +0000 (11:10 -0400)]
[MAC80211]: don't send invalid QoS frames

Kalle Valo noticed that QoS frames are sent with an invalid QoS control
field; this is because we increase the header length but neither
initialise the space nor actually have enough space in the header
structure for the QoS control field.

This patch fixes it by treating the QoS field specially and appending it
explicitly, initialising it to zero.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove spy wext ioctls
Johannes Berg [Fri, 14 Sep 2007 15:10:24 +0000 (11:10 -0400)]
[MAC80211]: remove spy wext ioctls

mac80211 never calls wireless_spy_update so these aren't
useful.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV4]: Convert rt_check_expire() from softirq processing to workqueue.
Eric Dumazet [Sat, 15 Sep 2007 17:55:54 +0000 (10:55 -0700)]
[IPV4]: Convert rt_check_expire() from softirq processing to workqueue.

On loaded/big hosts, rt_check_expire() if of litle use, because it
generally breaks out of its main loop because of a jiffies change.

It can take a long time (read : timer invocations) to actually
scan the whole hash table, freeing unused entries.

Converting it to use a workqueue instead of softirq is a nice
move because we can allow rt_check_expire() to do the scan
it is supposed to do, without hogging the CPU.

This has an impact on the average number of entries in cache,
reducing ram usage. Cache is more responsive to parameter
changes (/proc/sys/net/ipv4/route/gc_timeout and
/proc/sys/net/ipv4/route/gc_interval)

Note: Maybe the default value of gc_interval (60 seconds)
is too high, since this means we actually need 5 (300/60)
invocations to scan the whole table.

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[RFKILL]: Add rfkill documentation
Ivo van Doorn [Thu, 13 Sep 2007 07:22:55 +0000 (09:22 +0200)]
[RFKILL]: Add rfkill documentation

Add a documentation file which contains
a short description about rfkill with some
notes about drivers and the userspace interface.

Changes since v1 and v2:
 - Spellchecking

Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Acked-by: Dmitry Torokhov <dtor@mail.ru>
Acked-by: Randy Dunlap <randy.dunlap@oracle.com>
18 years ago[RFKILL]: Add support for ultrawideband
Ivo van Doorn [Thu, 13 Sep 2007 07:21:31 +0000 (09:21 +0200)]
[RFKILL]: Add support for ultrawideband

This patch will add support for UWB keys to rfkill,
support for this has been requested by Inaky.

Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[RFKILL]: Remove IRDA
Ivo van Doorn [Thu, 13 Sep 2007 07:20:42 +0000 (09:20 +0200)]
[RFKILL]: Remove IRDA

As Dmitry pointed out earlier, rfkill-input.c
doesn't support irda because there are no users
and we shouldn't add unrequired KEY_ defines.

However, RFKILL_TYPE_IRDA was defined in the
rfkill.h header file and would confuse people
about whether it is implemented or not.

This patch removes IRDA support completely,
so it can be added whenever a driver wants the
feature.

Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Fix race when opening a proc file while a network namespace is exiting.
Eric W. Biederman [Thu, 13 Sep 2007 07:18:57 +0000 (09:18 +0200)]
[NET]: Fix race when opening a proc file while a network namespace is exiting.

The problem:  proc_net files remember which network namespace the are
against but do not remember hold a reference count (as that would pin
the network namespace).   So we currently have a small window where
the reference count on a network namespace may be incremented when opening
a /proc file when it has already gone to zero.

To fix this introduce maybe_get_net and get_proc_net.

maybe_get_net increments the network namespace reference count only if it is
greater then zero, ensuring we don't increment a reference count after it
has gone to zero.

get_proc_net handles all of the magic to go from a proc inode to the network
namespace instance and call maybe_get_net on it.

PROC_NET the old accessor is removed so that we don't get confused and use
the wrong helper function.

Then I fix up the callers to use get_proc_net and handle the case case
where get_proc_net returns NULL.  In that case I return -ENXIO because
effectively the network namespace has already gone away so the files
we are trying to access don't exist anymore.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Acked-by: Paul E. McKenney <paulmck@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETNS]: Fix allnoconfig compilation error.
Daniel Lezcano [Thu, 13 Sep 2007 07:16:29 +0000 (09:16 +0200)]
[NETNS]: Fix allnoconfig compilation error.

When CONFIG_NET=no, init_net is unresolved because net_namespace.c
is not compiled and the include pull init_net definition.

This problem was very similar with the ipc namespace where the kernel
can be compiled with SYSV ipc out.

This patch fix that defining a macro which simply remove init_net
initialization from nsproxy namespace aggregator.

Compiled and booted on qemu-i386 with CONFIG_NET=no and CONFIG_NET=yes.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET_SCHED]: Making rate table lookups more flexible.
Jesper Dangaard Brouer [Wed, 12 Sep 2007 14:36:28 +0000 (16:36 +0200)]
[NET_SCHED]: Making rate table lookups more flexible.

This is done in order to, add support to changing the rate table to
use the upper-boundry L2T (length to time) value. Currently we use the
lower-boundry, which result in under-estimating the actual bandwidth
usage.

Extend the tc_ratespec struct, with two parameters: 1) "cell_align"
that allow adjusting the alignment of the rate table. 2) "overhead"
that allow adding a packet overhead before the lookup.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET_SCHED]: Cleanup L2T macros and handle oversized packets
Jesper Dangaard Brouer [Wed, 12 Sep 2007 14:35:24 +0000 (16:35 +0200)]
[NET_SCHED]: Cleanup L2T macros and handle oversized packets

Change L2T (length to time) macros, in all rate based schedulers, to
call a common function qdisc_l2t() that does the rate table lookup.
This function handles if the packet size lookup is larger than the
rate table, which often occurs with TSO enabled.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[SCTP] net/sctp/socket.c: make 3 variables static
Adrian Bunk [Wed, 12 Sep 2007 13:18:00 +0000 (15:18 +0200)]
[SCTP] net/sctp/socket.c: make 3 variables static

This patch makes the following needlessly global variables static:
- sctp_memory_pressure
- sctp_memory_allocated
- sctp_sockets_allocated

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[SCTP]: Make sctp_addto_param() static.
Adrian Bunk [Wed, 12 Sep 2007 13:16:21 +0000 (15:16 +0200)]
[SCTP]: Make sctp_addto_param() static.

sctp_addto_param() can become static.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[KERNEL]: Unexport raise_softirq_irqoff
Adrian Bunk [Wed, 12 Sep 2007 13:14:45 +0000 (15:14 +0200)]
[KERNEL]: Unexport raise_softirq_irqoff

raise_softirq_irqoff no longer has any modular user.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETNS]: Fix bad macro definition.
Daniel Lezcano [Wed, 12 Sep 2007 12:57:09 +0000 (14:57 +0200)]
[NETNS]: Fix bad macro definition.

The macro definition is bad. When calling next_net_device with
parameter name "dev", the resulting code is:
  struct net_device *dev = dev and that leads to an unexpected
behavior. Especially when llc_core is compiled in, the kernel panics
at boot time.
The patchset change macro definition with static inline functions as
they were defined before.

Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETNS]: Fix loopback network namespace initialization.
Daniel Lezcano [Wed, 12 Sep 2007 12:54:14 +0000 (14:54 +0200)]
[NETNS]: Fix loopback network namespace initialization.

The core patchset of the network namespace sent by
Eric Biederman does not do dynamic loopback creation.
So there is no call to alloc_netdev_mq which fills the
network namespace field of the netdevice.

This patch assign the loopback to the init network namespace.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETNS]: Fix export symbols.
Daniel Lezcano [Wed, 12 Sep 2007 12:51:47 +0000 (14:51 +0200)]
[NETNS]: Fix export symbols.

Add the appropriate EXPORT_SYMBOLS for proc_net_create,
proc_net_fops_create and proc_net_remove to fix errors when
compiling allmodconfig

Signed-off-by: Mark Nelson <markn@au1.ibm.com>
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETLINK]: Introduce nested and byteorder flag to netlink attribute
Thomas Graf [Wed, 12 Sep 2007 12:44:36 +0000 (14:44 +0200)]
[NETLINK]: Introduce nested and byteorder flag to netlink attribute

This change allows the generic attribute interface to be used within
the netfilter subsystem where this flag was initially introduced.

The byte-order flag is yet unused, it's intended use is to
allow automatic byte order convertions for all atomic types.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Add a might_sleep() to dev_close().
David S. Miller [Wed, 12 Sep 2007 12:33:25 +0000 (14:33 +0200)]
[NET]: Add a might_sleep() to dev_close().

Requested by Johannes Berg.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[PATCH] NET : convert IP route cache garbage collection from softirq processing to...
Eric Dumazet [Wed, 12 Sep 2007 12:29:01 +0000 (14:29 +0200)]
[PATCH] NET : convert IP route cache garbage collection from softirq processing to a workqueue

When the periodic IP route cache flush is done (every 600 seconds on
default configuration), some hosts suffer a lot and eventually trigger
the "soft lockup" message.

dst_run_gc() is doing a scan of a possibly huge list of dst_entries,
eventually freeing some (less than 1%) of them, while holding the
dst_lock spinlock for the whole scan.

Then it rearms a timer to redo the full thing 1/10 s later...
The slowdown can last one minute or so, depending on how active are
the tcp sessions.

This second version of the patch converts the processing from a softirq
based one to a workqueue.

Even if the list of entries in garbage_list is huge, host is still
responsive to softirqs and can make progress.

Instead of resetting gc timer to 0.1 second if one entry was freed in a
gc run, we do this if more than 10% of entries were freed.

Before patch :

Aug 16 06:21:37 SRV1 kernel: BUG: soft lockup detected on CPU#0!
Aug 16 06:21:37 SRV1 kernel:
Aug 16 06:21:37 SRV1 kernel: Call Trace:
Aug 16 06:21:37 SRV1 kernel:  <IRQ>  [<ffffffff802286f0>] wake_up_process+0x10/0x20
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff80251e09>] softlockup_tick+0xe9/0x110
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803cd380>] dst_run_gc+0x0/0x140
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff802376f3>] run_local_timers+0x13/0x20
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff802379c7>] update_process_times+0x57/0x90
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff80216034>] smp_local_timer_interrupt+0x34/0x60
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff802165cc>] smp_apic_timer_interrupt+0x5c/0x80
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff8020a816>] apic_timer_interrupt+0x66/0x70
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803cd3d3>] dst_run_gc+0x53/0x140
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803cd3c6>] dst_run_gc+0x46/0x140
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff80237148>] run_timer_softirq+0x148/0x1c0
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff8023340c>] __do_softirq+0x6c/0xe0
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff8020ad6c>] call_softirq+0x1c/0x30
Aug 16 06:21:37 SRV1 kernel:  <EOI>  [<ffffffff8020cb34>] do_softirq+0x34/0x90
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff802331cf>] local_bh_enable_ip+0x3f/0x60
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff80422913>] _spin_unlock_bh+0x13/0x20
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803dfde8>] rt_garbage_collect+0x1d8/0x320
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803cd4dd>] dst_alloc+0x1d/0xa0
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803e1433>] __ip_route_output_key+0x573/0x800
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803c02e2>] sock_common_recvmsg+0x32/0x50
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803e16dc>] ip_route_output_flow+0x1c/0x60
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff80400160>] tcp_v4_connect+0x150/0x610
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803ebf07>] inet_bind_bucket_create+0x17/0x60
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff8040cd16>] inet_stream_connect+0xa6/0x2c0
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff80422981>] _spin_lock_bh+0x11/0x30
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803c0bdf>] lock_sock_nested+0xcf/0xe0
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff80422981>] _spin_lock_bh+0x11/0x30
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803be551>] sys_connect+0x71/0xa0
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803eee3f>] tcp_setsockopt+0x1f/0x30
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803c030f>] sock_common_setsockopt+0xf/0x20
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff803be4bd>] sys_setsockopt+0x9d/0xc0
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff8028881e>] sys_ioctl+0x5e/0x80
Aug 16 06:21:37 SRV1 kernel:  [<ffffffff80209c4e>] system_call+0x7e/0x83

After patch : (RT_CACHE_DEBUG set to 2 to get following traces)

dst_total: 75469 delayed: 74109 work_perf: 141 expires: 150 elapsed: 8092 us
dst_total: 78725 delayed: 73366 work_perf: 743 expires: 400 elapsed: 8542 us
dst_total: 86126 delayed: 71844 work_perf: 1522 expires: 775 elapsed: 8849 us
dst_total: 100173 delayed: 68791 work_perf: 3053 expires: 1256 elapsed: 9748 us
dst_total: 121798 delayed: 64711 work_perf: 4080 expires: 1997 elapsed: 10146 us
dst_total: 154522 delayed: 58316 work_perf: 6395 expires: 25 elapsed: 11402 us
dst_total: 154957 delayed: 58252 work_perf: 64 expires: 150 elapsed: 6148 us
dst_total: 157377 delayed: 57843 work_perf: 409 expires: 400 elapsed: 6350 us
dst_total: 163745 delayed: 56679 work_perf: 1164 expires: 775 elapsed: 7051 us
dst_total: 176577 delayed: 53965 work_perf: 2714 expires: 1389 elapsed: 8120 us
dst_total: 198993 delayed: 49627 work_perf: 4338 expires: 1997 elapsed: 8909 us
dst_total: 226638 delayed: 46865 work_perf: 2762 expires: 2748 elapsed: 7351 us

I successfully reduced the IP route cache of many hosts by a four factor
thanks to this patch. Previously, I had to disable "ip route flush cache"
to avoid crashes.

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Fix missed addition of fs/proc/proc_net.c
David S. Miller [Wed, 12 Sep 2007 12:18:18 +0000 (14:18 +0200)]
[NET]: Fix missed addition of fs/proc/proc_net.c

My bad.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: #if 0 out net_alloc() for now.
David S. Miller [Wed, 12 Sep 2007 12:01:08 +0000 (14:01 +0200)]
[NET]: #if 0 out net_alloc() for now.

We will undo this once it is actually used.

Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Disable netfilter sockopts when not in the initial network namespace
Eric W. Biederman [Wed, 12 Sep 2007 11:58:02 +0000 (13:58 +0200)]
[NET]: Disable netfilter sockopts when not in the initial network namespace

Until we support multiple network namespaces with netfilter only allow
netfilter configuration in the initial network namespace.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: netlink support for moving devices between network namespaces.
Eric W. Biederman [Wed, 12 Sep 2007 11:57:04 +0000 (13:57 +0200)]
[NET]: netlink support for moving devices between network namespaces.

The simplest thing to implement is moving network devices between
namespaces.  However with the same attribute IFLA_NET_NS_PID we can
easily implement creating devices in the destination network
namespace as well.  However that is a little bit trickier so this
patch sticks to what is simple and easy.

A pid is used to identify a process that happens to be a member
of the network namespace we want to move the network device to.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Implement network device movement between namespaces
Eric W. Biederman [Wed, 12 Sep 2007 11:53:49 +0000 (13:53 +0200)]
[NET]: Implement network device movement between namespaces

This patch introduces NETIF_F_NETNS_LOCAL a flag to indicate
a network device is local to a single network namespace and
should never be moved.  Useful for pseudo devices that we
need an instance in each network namespace (like the loopback
device) and for any device we find that cannot handle multiple
network namespaces so we may trap them in the initial network
namespace.

This patch introduces the function dev_change_net_namespace
a function used to move a network device from one network
namespace to another.  To the network device nothing
special appears to happen, to the components of the network
stack it appears as if the network device was unregistered
in the network namespace it is in, and a new device
was registered in the network namespace the device
was moved to.

This patch sets up a namespace device destructor that
upon the exit of a network namespace moves all of the
movable network devices  to the initial network namespace
so they are not lost.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Factor out __dev_alloc_name from dev_alloc_name
Eric W. Biederman [Wed, 12 Sep 2007 11:48:45 +0000 (13:48 +0200)]
[NET]: Factor out __dev_alloc_name from dev_alloc_name

When forcibly changing the network namespace of a device
I need something that can generate a name for the device
in the new namespace without overwriting the old name.

__dev_alloc_name provides me that functionality.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Make the device list and device lookups per namespace.
Eric W. Biederman [Mon, 17 Sep 2007 18:56:21 +0000 (11:56 -0700)]
[NET]: Make the device list and device lookups per namespace.

This patch makes most of the generic device layer network
namespace safe.  This patch makes dev_base_head a
network namespace variable, and then it picks up
a few associated variables.  The functions:
dev_getbyhwaddr
dev_getfirsthwbytype
dev_get_by_flags
dev_get_by_name
__dev_get_by_name
dev_get_by_index
__dev_get_by_index
dev_ioctl
dev_ethtool
dev_load
wireless_process_ioctl

were modified to take a network namespace argument, and
deal with it.

vlan_ioctl_set and brioctl_set were modified so their
hooks will receive a network namespace argument.

So basically anthing in the core of the network stack that was
affected to by the change of dev_base was modified to handle
multiple network namespaces.  The rest of the network stack was
simply modified to explicitly use &init_net the initial network
namespace.  This can be fixed when those components of the network
stack are modified to handle multiple network namespaces.

For now the ifindex generator is left global.

Fundametally ifindex numbers are per namespace, or else
we will have corner case problems with migration when
we get that far.

At the same time there are assumptions in the network stack
that the ifindex of a network device won't change.  Making
the ifindex number global seems a good compromise until
the network stack can cope with ifindex changes when
you change namespaces, and the like.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Support multiple network namespaces with netlink
Eric W. Biederman [Wed, 12 Sep 2007 11:05:38 +0000 (13:05 +0200)]
[NET]: Support multiple network namespaces with netlink

Each netlink socket will live in exactly one network namespace,
this includes the controlling kernel sockets.

This patch updates all of the existing netlink protocols
to only support the initial network namespace.  Request
by clients in other namespaces will get -ECONREFUSED.
As they would if the kernel did not have the support for
that netlink protocol compiled in.

As each netlink protocol is updated to be multiple network
namespace safe it can register multiple kernel sockets
to acquire a presence in the rest of the network namespaces.

The implementation in af_netlink is a simple filter implementation
at hash table insertion and hash table look up time.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Make device event notification network namespace safe
Eric W. Biederman [Wed, 12 Sep 2007 11:02:17 +0000 (13:02 +0200)]
[NET]: Make device event notification network namespace safe

Every user of the network device notifiers is either a protocol
stack or a pseudo device.  If a protocol stack that does not have
support for multiple network namespaces receives an event for a
device that is not in the initial network namespace it quite possibly
can get confused and do the wrong thing.

To avoid problems until all of the protocol stacks are converted
this patch modifies all netdev event handlers to ignore events on
devices that are not in the initial network namespace.

As the rest of the code is made network namespace aware these
checks can be removed.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Make packet reception network namespace safe
Eric W. Biederman [Mon, 17 Sep 2007 18:53:39 +0000 (11:53 -0700)]
[NET]: Make packet reception network namespace safe

This patch modifies every packet receive function
registered with dev_add_pack() to drop packets if they
are not from the initial network namespace.

This should ensure that the various network stacks do
not receive packets in a anything but the initial network
namespace until the code has been converted and is ready
for them.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Initialize the network namespace of network devices.
Eric W. Biederman [Wed, 12 Sep 2007 10:57:33 +0000 (12:57 +0200)]
[NET]: Initialize the network namespace of network devices.

Except for carefully selected pseudo devices all network
interfaces should start out in the initial network namespace.
Ultimately it will be register_netdev that examines what
dev->nd_net is set to and places a device in a network namespace.

This patch modifies alloc_netdev to initialize the network
namespace a device is in with the initial network namespace.
This gets it right for the vast majority of devices so their
drivers need not be modified and for those few pseudo devices
that need something different they can change this parameter
before calling register_netdevice.

The network namespace parameter on a network device is not
reference counted as the devices are inside of a network namespace
and cannot remain in that namespace past the lifetime of the
network namespace.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Make socket creation namespace safe.
Eric W. Biederman [Tue, 9 Oct 2007 06:24:22 +0000 (23:24 -0700)]
[NET]: Make socket creation namespace safe.

This patch passes in the namespace a new socket should be created in
and has the socket code do the appropriate reference counting.  By
virtue of this all socket create methods are touched.  In addition
the socket create methods are modified so that they will fail if
you attempt to create a socket in a non-default network namespace.

Failing if we attempt to create a socket outside of the default
network namespace ensures that as we incrementally make the network stack
network namespace aware we will not export functionality that someone
has not audited and made certain is network namespace safe.
Allowing us to partially enable network namespaces before all of the
exotic protocols are supported.

Any protocol layers I have missed will fail to compile because I now
pass an extra parameter into the socket creation code.

[ Integrated AF_IUCV build fixes from Andrew Morton... -DaveM ]

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Make /proc/net per network namespace
Eric W. Biederman [Wed, 12 Sep 2007 10:01:34 +0000 (12:01 +0200)]
[NET]: Make /proc/net per network namespace

This patch makes /proc/net per network namespace.  It modifies the global
variables proc_net and proc_net_stat to be per network namespace.
The proc_net file helpers are modified to take a network namespace argument,
and all of their callers are fixed to pass &init_net for that argument.
This ensures that all of the /proc/net files are only visible and
usable in the initial network namespace until the code behind them
has been updated to be handle multiple network namespaces.

Making /proc/net per namespace is necessary as at least some files
in /proc/net depend upon the set of network devices which is per
network namespace, and even more files in /proc/net have contents
that are relevant to a single network namespace.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Add a network namespace parameter to struct sock
Eric W. Biederman [Wed, 12 Sep 2007 09:58:02 +0000 (11:58 +0200)]
[NET]: Add a network namespace parameter to struct sock

Sockets need to get a reference to their network namespace,
or possibly a simple hold if someone registers on the network
namespace notifier and will free the sockets when the namespace
is going to be destroyed.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Add a network namespace tag to struct net_device
Eric W. Biederman [Wed, 12 Sep 2007 09:56:32 +0000 (11:56 +0200)]
[NET]: Add a network namespace tag to struct net_device

Please note that network devices do not increase the count
count on the network namespace.  The are inside the network
namespace and so the network namespace tag is in the nature
of a back pointer and so getting and putting the network namespace
is unnecessary.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Add a network namespace parameter to tasks
Eric W. Biederman [Wed, 12 Sep 2007 09:55:17 +0000 (11:55 +0200)]
[NET]: Add a network namespace parameter to tasks

This is the network namespace from which all which all sockets
and anything else under user control ultimately get their network
namespace parameters.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Basic network namespace infrastructure.
Eric W. Biederman [Wed, 12 Sep 2007 09:50:50 +0000 (11:50 +0200)]
[NET]: Basic network namespace infrastructure.

This is the basic infrastructure needed to support network
namespaces.  This infrastructure is:
- Registration functions to support initializing per network
  namespace data when a network namespaces is created or destroyed.

- struct net.  The network namespace data structure.
  This structure will grow as variables are made per network
  namespace but this is the minimal starting point.

- Functions to grab a reference to the network namespace.
  I provide both get/put functions that keep a network namespace
  from being freed.  And hold/release functions serve as weak references
  and will warn if their count is not zero when the data structure
  is freed.  Useful for dealing with more complicated data structures
  like the ipv4 route cache.

- A list of all of the network namespaces so we can iterate over them.

- A slab for the network namespace data structure allowing leaks
  to be spotted.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Don't implement dev_ifname32 inline
Eric W. Biederman [Wed, 12 Sep 2007 09:37:03 +0000 (11:37 +0200)]
[NET]: Don't implement dev_ifname32 inline

The current implementation of dev_ifname makes maintenance difficult
because updates to the implementation of the ioctl have to made in two
places.  So this patch updates dev_ifname32 to do a classic 32/64
structure conversion and call sys_ioctl like the rest of the
compat calls do.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[ATALK]: In notifier handlers convert the void pointer to a netdevice
Eric W. Biederman [Wed, 12 Sep 2007 09:26:59 +0000 (11:26 +0200)]
[ATALK]: In notifier handlers convert the void pointer to a netdevice

This slightly improves code safety and clarity.

Later network namespace patches touch this code so this is a
preliminary cleanup.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[XFRM]: xfrm audit calls
Joy Latten [Mon, 17 Sep 2007 18:51:22 +0000 (11:51 -0700)]
[XFRM]: xfrm audit calls

This patch modifies the current ipsec audit layer
by breaking it up into purpose driven audit calls.

So far, the only audit calls made are when add/delete
an SA/policy. It had been discussed to give each
key manager it's own calls to do this, but I found
there to be much redundnacy since they did the exact
same things, except for how they got auid and sid, so I
combined them. The below audit calls can be made by any
key manager. Hopefully, this is ok.

Signed-off-by: Joy Latten <latten@austin.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: Change type of owner in sock_lock_t to int, rename
John Heffner [Wed, 12 Sep 2007 08:44:19 +0000 (10:44 +0200)]
[NET]: Change type of owner in sock_lock_t to int, rename

The type of owner in sock_lock_t is currently (struct sock_iocb *),
presumably for historical reasons.  It is never used as this type, only
tested as NULL or set to (void *)1.  For clarity, this changes it to type
int, and renames to owned, to avoid any possible type casting errors.

Signed-off-by: John Heffner <jheffner@psc.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET] Cleanup: Use sock_owned_by_user() macro
John Heffner [Wed, 12 Sep 2007 08:42:12 +0000 (10:42 +0200)]
[NET] Cleanup: Use sock_owned_by_user() macro

Changes asserts in sunrpc to use sock_owned_by_user() macro instead of
referencing sock_lock.owner directly.

Signed-off-by: John Heffner <jheffner@psc.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[TG3]: remove sparse warnings
Andy Gospodarek [Thu, 6 Sep 2007 19:42:14 +0000 (20:42 +0100)]
[TG3]: remove sparse warnings

Removed sparse warnings from tg3 driver.  The new logic seems fine (I
don't immediately see where we are running over values for any of the
variables that need to be saved).

This patch compiles fine and I'm currently using a tg3 with the patched
driver to post this patch as a basic proof of concept.

Signed-off-by: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[AF_PACKET]: Don't enable global timestamps.
Stephen Hemminger [Thu, 6 Sep 2007 12:55:02 +0000 (13:55 +0100)]
[AF_PACKET]: Don't enable global timestamps.

Andi mentioned he did something like this already, but never submitted
it.

The dhcp client application uses AF_PACKET with a packet filter to
receive data. The application doesn't even use timestamps, but because
the AF_PACKET API has timestamps, they get turned on globally which
causes an expensive time of day lookup for every packet received on
any system that uses the standard DHCP client.

The fix is to not enable the timestamp (but use if if available).
This causes the time lookup to only occur on those packets that are
destined for the AF_PACKET socket.  The timestamping occurs after
packet filtering so all packets dropped by filtering to not cause a
clock call.

The one downside of this a a few microseconds additional delay added
from the normal timestamping location (netif_rx) until the receive
callback in AF_PACKET. But since the offset is fairly consistent it
should not upset applications that do want really use timestamps, like
wireshark.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[DCCP]: Remove unneeded pointer newdp from dccp_v4_request_recv_sock()
Micah Gruber [Wed, 5 Sep 2007 14:58:14 +0000 (07:58 -0700)]
[DCCP]: Remove unneeded pointer newdp from dccp_v4_request_recv_sock()

This trivial patch removes the unneeded pointer newdp, which is never used.

Signed-off-by: Micah Gruber <micah.gruber@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6]: Remove unneeded pointer iph from ipcomp6_input() in net/ipv6/ipcomp6.c
Micah Gruber [Wed, 5 Sep 2007 14:56:50 +0000 (07:56 -0700)]
[IPV6]: Remove unneeded pointer iph from ipcomp6_input() in net/ipv6/ipcomp6.c

This trivial patch removes the unneeded pointer iph, which is never used.

Signed-off-by: Micah Gruber <micah.gruber@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: make assoc_ap a flag
Johannes Berg [Tue, 28 Aug 2007 21:01:55 +0000 (17:01 -0400)]
[MAC80211]: make assoc_ap a flag

The sta_info.assoc_ap value is used as a flag, move it
into flags.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove hostapd interface stuff
Johannes Berg [Tue, 28 Aug 2007 21:01:55 +0000 (17:01 -0400)]
[MAC80211]: remove hostapd interface stuff

This removes some definitions that are used only within ioctls
that will never make it into mainline.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: improve key selection comment
Johannes Berg [Tue, 28 Aug 2007 21:01:55 +0000 (17:01 -0400)]
[MAC80211]: improve key selection comment

When I changed the code there I forgot to mention what happens
with multicast frames in a regular BSS and keep wondering myself
if the code is correct. Add appropriate comments.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: filter locally-originated multicast frames
John W. Linville [Tue, 28 Aug 2007 21:01:55 +0000 (17:01 -0400)]
[MAC80211]: filter locally-originated multicast frames

In STA mode, the AP will echo our traffic.  This includes multicast
traffic.

Receiving these frames confuses some protocols and applications,
notably IPv6 Duplicate Address Detection.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: clean up whitespace
Johannes Berg [Tue, 28 Aug 2007 21:01:55 +0000 (17:01 -0400)]
[MAC80211]: clean up whitespace

This cleans up some whitespace to make the mac80211
version in mainline diverge less from wireless-dev.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: fix preamble setting
Johannes Berg [Tue, 28 Aug 2007 21:01:55 +0000 (17:01 -0400)]
[MAC80211]: fix preamble setting

It looks like in commit 28487a90 the condition was unintentionally
negated by moving some code, fix it.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Cc: Daniel Drake <dsd@gentoo.org>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: Remove overly sticky averaging filters for rssi, signal, noise
Larry Finger [Tue, 28 Aug 2007 21:01:55 +0000 (17:01 -0400)]
[MAC80211]: Remove overly sticky averaging filters for rssi, signal, noise

The current version of wireless statistics contains a bug in the averaging
that makes the numbers be too sticky and not react to small changes. This
patch removes all averaging.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: add interface index to key debugfs
Johannes Berg [Tue, 28 Aug 2007 21:01:55 +0000 (17:01 -0400)]
[MAC80211]: add interface index to key debugfs

Add a new file 'ifindex' to each key's debugfs dir to
allow finding which interface the key was configured on.
This isn't done as a symlink because of possible netdev
name changes.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: rework key handling
Johannes Berg [Tue, 28 Aug 2007 21:01:55 +0000 (17:01 -0400)]
[MAC80211]: rework key handling

This moves all the key handling code out from ieee80211_ioctl.c
into key.c and also does the following changes including documentation
updates in mac80211.h:

 1) Turn off hardware acceleration for keys when the interface
    is down. This is necessary because otherwise monitor
    interfaces could be decrypting frames for other interfaces
    that are down at the moment. Also, it should go some way
    towards better suspend/resume support, in any case the
    routines used here could be used for that as well.
    Additionally, this makes the driver interface nicer, keys
    for a specific local MAC address are only ever present
    while an interface with that MAC address is enabled.

 2) Change driver set_key() callback interface to allow only
    return values of -ENOSPC, -EOPNOTSUPP and 0, warn on all
    other return values. This allows debugging the stack when
    a driver notices it's handed a key while it is down.

 3) Invert the flag meaning to KEY_FLAG_UPLOADED_TO_HARDWARE.

 4) Remove REMOVE_ALL_KEYS command as it isn't used nor do we
    want to use it, we'll use DISABLE_KEY for each key. It is
    hard to use REMOVE_ALL_KEYS because we can handle multiple
    virtual interfaces with different key configuration, so we'd
    have to keep track of a lot of state for this and that isn't
    worth it.

 5) Warn when disabling a key fails, it musn't.

 6) Remove IEEE80211_HW_NO_TKIP_WMM_HWACCEL in favour of per-key
    IEEE80211_KEY_FLAG_WMM_STA to let driver sort it out itself.

 7) Tell driver that a (non-WEP) key is used only for transmission
    by using an all-zeroes station MAC address when configuring.

 8) Change the set_key() callback to have access to the local MAC
    address the key is being added for.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove fake set_key() call
Johannes Berg [Tue, 28 Aug 2007 21:01:55 +0000 (17:01 -0400)]
[MAC80211]: remove fake set_key() call

Remove adding a fake key with a NONE key algorithm for each
associated STA. If we have hardware with such TX filtering
we should probably extend the sta_table_notification()
callback with the sta information instead; the fact that
it's treated as a key for some atheros hardware shouldn't
bother the stack.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211] key handling: remove default_wep_only
Johannes Berg [Tue, 28 Aug 2007 21:01:54 +0000 (17:01 -0400)]
[MAC80211] key handling: remove default_wep_only

Remove the default_wep_only stuff, this wasn't really done well
and no current driver actually cares.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove krefs for keys
Johannes Berg [Tue, 28 Aug 2007 21:01:54 +0000 (17:01 -0400)]
[MAC80211]: remove krefs for keys

they aren't really refcounted anyway

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: embed key conf in key, fix driver interface
Johannes Berg [Tue, 28 Aug 2007 21:01:54 +0000 (17:01 -0400)]
[MAC80211]: embed key conf in key, fix driver interface

This patch embeds the struct ieee80211_key_conf into struct ieee80211_key
and thus avoids allocations and having data present twice.

This required some more changes:
 1) The removal of the IEEE80211_KEY_DEFAULT_TX_KEY key flag.
    This flag isn't used by drivers nor should it be since
    we have a set_key_idx() callback. Maybe that callback needs
    to be extended to include the key conf, but only a driver that
    requires it will tell.
 2) The removal of the IEEE80211_KEY_DEFAULT_WEP_ONLY key flag.
    This flag is global, so it shouldn't be passed in the key
    conf structure. Pass it to the function instead.

Also, this patch removes the AID parameter to the set_key() callback
because it is currently unused and the hardware currently cannot know
about the AID anyway. I suspect this was used with some hardware that
actually selected the AID itself, but that functionality was removed.

Additionally, I've removed the ALG_NULL key algorithm since we have
ALG_NONE.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: Remove bitfields from struct ieee80211_sub_if_data
Jiri Slaby [Tue, 28 Aug 2007 21:01:54 +0000 (17:01 -0400)]
[MAC80211]: Remove bitfields from struct ieee80211_sub_if_data

mac80211, remove bitfields from struct ieee80211_sub_if_data

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: Remove bitfields from struct ieee80211_if_sta
Jiri Slaby [Tue, 28 Aug 2007 21:01:54 +0000 (17:01 -0400)]
[MAC80211]: Remove bitfields from struct ieee80211_if_sta

mac80211, remove bitfields from struct ieee80211_if_sta

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: Remove bitfields from struct ieee80211_txrx_data
Jiri Slaby [Tue, 28 Aug 2007 21:01:54 +0000 (17:01 -0400)]
[MAC80211]: Remove bitfields from struct ieee80211_txrx_data

mac80211, remove bitfields from struct ieee80211_txrx_data

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: Remove bitfields from struct ieee80211_tx_packet_data
Jiri Slaby [Tue, 28 Aug 2007 21:01:54 +0000 (17:01 -0400)]
[MAC80211]: Remove bitfields from struct ieee80211_tx_packet_data

remove bitfields from struct ieee80211_tx_packet_data

[Johannes: completely clear flags in ieee80211_remove_tx_extra]

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: use switch statement in tx code
Johannes Berg [Tue, 28 Aug 2007 21:01:54 +0000 (17:01 -0400)]
[MAC80211]: use switch statement in tx code

The transmit code needs to set the addresses depending on the
interface type, a likely() for AP/VLAN is quite wrong since
most people will be using STA; convert to a switch statement
to make it look nicer.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: refactor event sending
Johannes Berg [Tue, 28 Aug 2007 21:01:53 +0000 (17:01 -0400)]
[MAC80211]: refactor event sending

Create a new file event.c that will contain code to send mac/mlme
events to userspace. For now put the Michael MIC failure condition
into it and remove sending of that condition via the management
interface, hostapd interestingly doesn't do anything when it gets
such a packet besides printing a message, it reacts only on the
private iwevent.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: kill key_mgmt, use key_management_enabled
Johannes Berg [Tue, 28 Aug 2007 21:01:53 +0000 (17:01 -0400)]
[MAC80211]: kill key_mgmt, use key_management_enabled

The key_mgmt variable for STA interfaces doesn't seem well-defined
nor do we actually use the values other than "NONE", so change it to
be named better.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove unused ioctls (3)
Johannes Berg [Tue, 28 Aug 2007 21:01:53 +0000 (17:01 -0400)]
[MAC80211]: remove unused ioctls (3)

The ioctls
 * PRISM2_PARAM_RADAR_DETECT
 * PRISM2_PARAM_SPECTRUM_MGMT

are not used by hostapd or wpa_supplicant,

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove unused ioctls (2)
Johannes Berg [Tue, 28 Aug 2007 21:01:53 +0000 (17:01 -0400)]
[MAC80211]: remove unused ioctls (2)

The ioctls

 * PRISM2_PARAM_STA_ANTENNA_SEL
 * PRISM2_PARAM_TX_POWER_REDUCTION
 * PRISM2_PARAM_DEFAULT_WEP_ONLY

are not used by hostapd or wpa_supplicant.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove unused ioctls (1)
Johannes Berg [Tue, 28 Aug 2007 21:01:53 +0000 (17:01 -0400)]
[MAC80211]: remove unused ioctls (1)

The ioctls

 * PRISM2_PARAM_ANTENNA_MODE
 * PRISM2_PARAM_STAT_TIME

are not used by hostapd or wpa_supplicant.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: fix software decryption
Johannes Berg [Tue, 28 Aug 2007 21:01:53 +0000 (17:01 -0400)]
[MAC80211]: fix software decryption

When doing key selection for software decryption, mac80211 gets
a few things wrong: it always uses pairwise keys if configured,
even if the frame is addressed to a multicast address. Also, it
doesn't allow using a key index of zero if a pairwise key has
also been found.

This patch changes the key selection code to be (more) in line
with the 802.11 specification. I have confirmed that with this,
multicast frames are correctly decrypted and I've tested with
WEP as well.

While at it, I've cleaned up the semantics of the hardware flags
IEEE80211_HW_WEP_INCLUDE_IV and IEEE80211_HW_DEVICE_HIDES_WEP
and clarified them in the mac80211.h header; it is also now
allowed to set the IEEE80211_HW_DEVICE_HIDES_WEP option even if
it only applies to frames that have been decrypted by the hw,
unencrypted frames must be dropped but encrypted frames that
the hardware couldn't handle can be passed up unmodified.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
18 years ago[MAC80211]: remove radar stuff
Johannes Berg [Tue, 28 Aug 2007 21:01:53 +0000 (17:01 -0400)]
[MAC80211]: remove radar stuff

Unused in drivers, userspace and mac80211.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove ieee80211_msg_wep_frame_unknown_key
Johannes Berg [Tue, 28 Aug 2007 21:01:53 +0000 (17:01 -0400)]
[MAC80211]: remove ieee80211_msg_wep_frame_unknown_key

Neither hostapd nor wpa_supplicant really use it.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
18 years ago[MAC80211]: ratelimit some RX messages
Johannes Berg [Tue, 28 Aug 2007 21:01:52 +0000 (17:01 -0400)]
[MAC80211]: ratelimit some RX messages

Many if not all of these messages can be triggered by sending
a few rogue frames which is trivially done and then we overflow
our logs.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove IEEE80211_HW_DATA_NULLFUNC_ACK
Johannes Berg [Thu, 6 Sep 2007 10:36:10 +0000 (03:36 -0700)]
[MAC80211]: remove IEEE80211_HW_DATA_NULLFUNC_ACK

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove PRISM2_PARAM_RADIO_ENABLED
Johannes Berg [Tue, 28 Aug 2007 21:01:52 +0000 (17:01 -0400)]
[MAC80211]: remove PRISM2_PARAM_RADIO_ENABLED

This now is unused in hostapd/wpa_supplicant.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove IEEE80211_HW_HOST_GEN_BEACON flag
Johannes Berg [Tue, 28 Aug 2007 21:01:52 +0000 (17:01 -0400)]
[MAC80211]: remove IEEE80211_HW_HOST_GEN_BEACON flag

The flag is never checked because drivers can simply call
ieee80211_beacon_get() regardless of setting this flag.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: remove reset callback
Johannes Berg [Tue, 28 Aug 2007 21:01:52 +0000 (17:01 -0400)]
[MAC80211]: remove reset callback

The callback isn't used so remove it.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: fix key debugfs
Johannes Berg [Tue, 28 Aug 2007 21:01:52 +0000 (17:01 -0400)]
[MAC80211]: fix key debugfs

This fixes two issues with the key debugfs:
 1) key index obviously isn't unique
 2) various missing break statements led to bogus output

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[MAC80211]: avoid copying packets to interfaces that are down
Johannes Berg [Tue, 28 Aug 2007 21:01:52 +0000 (17:01 -0400)]
[MAC80211]: avoid copying packets to interfaces that are down

David Woodhouse noticed that under some circumstances the number of slab
allocations kept growing. After looking a bit, this seemed to happen
when you had a management mode interface that was *down*.

The reason for this is that when the device is down, all management
frames get queued to the in-kernel MLME (via ieee80211_sta_rx_mgmt) but
then the sta work is invoked but doesn't run when the netif is down.
When you then bring the interface up, all such frames are freed, but if
you change the mode all of them are lost because the skb queue is
reinitialised as soon as you go back to managed mode. The skb queue is
correctly cleared when the interface is brought down, but the code
doesn't account for the fact that it may be filled while it is not up.

This patch should fix the issue by simply ignoring all interfaces that
are down when going through the RX handlers.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IrDA]: Kingsun KS-959 IrDA USB driver
Alex Villacís Lasso [Tue, 28 Aug 2007 22:58:31 +0000 (15:58 -0700)]
[IrDA]: Kingsun KS-959 IrDA USB driver

This dongle does not follow the usb-irda specification, so it needs its own
special driver. First, it uses control URBs for data transfer, instead of
bulk or interrupt transfers; the only interrupt endpoint exposed seems to
be a dummy to prevent the interface from being rejected. Second, it uses
obfuscation and padding at the USB traffic level, for no apparent reason
other than to make reverse engineering harder (full details on obfuscation
in comments at beginning of source). Although it is advertised as a "4 Mbps
FIR dongle", it apparently loses packets at speeds greater than 57600 bps.

On plugin, this dongle reports vendor and device IDs: 0x07d0:0x4959 .

The Windows driver that is used normally to control this dongle has a
filename of KS-959.SYS .

Signed-off-by: Alex Villacís Lasso <a_villacis@palosanto.com>
Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IrDA]: Kingsun Dazzle IrDA USB driver
Alex Villacís Lasso [Tue, 28 Aug 2007 22:57:50 +0000 (15:57 -0700)]
[IrDA]: Kingsun Dazzle IrDA USB driver

This dongle does not follow the usb-irda specification, so it needs its own
special driver. Just like the Kingsun/Donshine dongle, it exposes two
interrupt endpoints. Reception is performed through direct reads from the
input endpoint. Transmission requires splitting the IrDA frames into 8-byte
segments, in which the first byte encodes how many of the remaining 7 bytes
are used as data. Speed change is made with a control URB just like the one
in cypress_m8, and it seems to support up to 115200 bps.

On plugin, this dongle reports vendor and device IDs: 0x07d0:0x4100

Signed-off-by: Alex Villacís Lasso <a_villacis@palosanto.com>
Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IrDA]: MSG_NOSIGNAL support for IrDA sockets
Samuel Ortiz [Tue, 28 Aug 2007 22:57:12 +0000 (15:57 -0700)]
[IrDA]: MSG_NOSIGNAL support for IrDA sockets

Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NET]: DIV_ROUND_UP cleanup (part two)
Ilpo Järvinen [Tue, 28 Aug 2007 22:50:33 +0000 (15:50 -0700)]
[NET]: DIV_ROUND_UP cleanup (part two)

Hopefully captured all single statement cases under net/. I'm
not too sure if there is some policy about #includes that are
"guaranteed" (ie., in the current tree) to be available through
some other #included header, so I just added linux/kernel.h to
each changed file that didn't #include it previously.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[SOFTIRQ]: Remove do_softirq() symbol export.
Robert Olsson [Mon, 17 Sep 2007 18:47:12 +0000 (11:47 -0700)]
[SOFTIRQ]: Remove do_softirq() symbol export.

As noted by Christoph Hellwig, pktgen was the only user so
it can now be removed.

[ Add missing cases caught by Adrian Bunk. -DaveM ]

Signed-off-by: Robert Olsson <robert.olsson@its.uu.se>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[PKTGEN]: Remove softirq scheduling.
Robert Olsson [Tue, 28 Aug 2007 22:46:58 +0000 (15:46 -0700)]
[PKTGEN]: Remove softirq scheduling.

It's not a job for pktgen.

Signed-off-by: Robert Olsson <robert.olsson@its.uu.se>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[PKTGEN]: Multiqueue support.
Robert Olsson [Tue, 28 Aug 2007 22:45:55 +0000 (15:45 -0700)]
[PKTGEN]: Multiqueue support.

Below some pktgen support to send into different TX queues.
This can of course be feed into input queues on other machines

Signed-off-by: Robert Olsson <robert.olsson@its.uu.se>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[NETLINK]: use container_of instead
Denis Cheng [Tue, 28 Aug 2007 22:41:11 +0000 (15:41 -0700)]
[NETLINK]: use container_of instead

This could make future redesign of struct netlink_sock easier.

Signed-off-by: Denis Cheng <crquan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[XFRM] policy: Replace magic number with XFRM_POLICY_OUT
Thomas Graf [Sat, 25 Aug 2007 20:46:55 +0000 (13:46 -0700)]
[XFRM] policy: Replace magic number with XFRM_POLICY_OUT

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV4] IPSEC: Omit redirect for tunnelled packet.
Masahide NAKAMURA [Sat, 25 Aug 2007 06:33:01 +0000 (23:33 -0700)]
[IPV4] IPSEC: Omit redirect for tunnelled packet.

IPv4 IPsec tunnel gateway incorrectly sends redirect to
sender if it is onlink host when network device the IPsec tunnelled
packet is arrived is the same as the one the decapsulated packet
is sent.

With this patch, it omits to send the redirect when the forwarding
skbuff carries secpath, since such skbuff should be assumed as
a decapsulated packet from IPsec tunnel by own.

Request for comments:
Alternatively we'd have another way to change net/ipv4/route.c
(__mkroute_input) to use RTCF_DOREDIRECT flag unless skbuff
has no secpath. It is better than this patch at performance
point of view because IPv4 redirect judgement is done at
routing slow-path. However, it should be taken care of resource
changes between SAD(XFRM states) and routing table. In other words,
When IPv4 SAD is changed does the related routing entry go to its
slow-path? If not, it is reasonable to apply this patch.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6] IPSEC: Omit redirect for tunnelled packet.
Masahide NAKAMURA [Fri, 24 Aug 2007 10:08:55 +0000 (19:08 +0900)]
[IPV6] IPSEC: Omit redirect for tunnelled packet.

IPv6 IPsec tunnel gateway incorrectly sends redirect to
router or sender when network device the IPsec tunnelled packet
is arrived is the same as the one the decapsulated packet
is sent.

With this patch, it omits to send the redirect when the forwarding
skbuff carries secpath, since such skbuff should be assumed as
a decapsulated packet from IPsec tunnel by own.

It may be a rare case for an IPsec security gateway, however
it is not rare when the gateway is MIPv6 Home Agent since
the another tunnel end-point is Mobile Node and it changes
the attached network.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 years ago[IPV6] XFRM: Fix connected socket to use transformation.
Noriaki TAKAMIYA [Thu, 6 Sep 2007 10:31:25 +0000 (03:31 -0700)]
[IPV6] XFRM: Fix connected socket to use transformation.

When XFRM policy and state are ready after TCP connection is started,
the traffic should be transformed immediately, however it does not
on IPv6 TCP.

It depends on a dst cache replacement policy with connected socket.
It seems that the replacement is always done for IPv4, however, on
IPv6 case it is done only when routing cookie is changed.

This patch fix that non-transformation dst can be changed to
transformation one.
This behavior is required by MIPv6 and improves IPv6 IPsec.

Fixes by Masahide NAKAMURA.

Signed-off-by: Noriaki TAKAMIYA <takamiya@po.ntts.co.jp>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>