David Miller a écrit :
From: Eric Dumazet <[EMAIL PROTECTED]>
Date: Tue, 06 Mar 2007 08:14:46 +0100
I wonder... are you sure this has no relation with the size of rt_hash_locks /
RT_HASH_LOCK_SZ ?
One entry must have the same lock in the two tables when resizing is in flight.
#define MIN_RTHAS
From: Eric Dumazet <[EMAIL PROTECTED]>
Date: Tue, 06 Mar 2007 08:14:46 +0100
> I wonder... are you sure this has no relation with the size of rt_hash_locks
> /
> RT_HASH_LOCK_SZ ?
> One entry must have the same lock in the two tables when resizing is in
> flight.
> #define MIN_RTHASH_SHIFT LOG2
David Miller a écrit :
This is essentially a "port" of Nick Piggin's dcache hash table
patches to the routing cache. It solves the locking issues
during table grow/shrink that I couldn't handle properly last
time I tried to code up a patch like this.
But one of the core issues of this kind of c
On Mon, Mar 05, 2007 at 08:03:50PM -0800, Greg KH wrote:
> On Mon, Mar 05, 2007 at 09:39:47PM -0600, Matt Mackall wrote:
> > On Mon, Mar 05, 2007 at 06:48:50PM -0800, Greg KH wrote:
> > > If so, can you disable the option and strace it to see what program is
> > > trying to access what? That will
From: Horms <[EMAIL PROTECTED]>
Date: Sun, 11 Feb 2007 12:04:43 +0900
> this is a small patch by Janusz Krzysztofik to ip_route_output_slow()
> that allows VIP-less LVS linux director to generate packets originating
> >From VIP if sysctl_ip_nonlocal_bind is set.
>
> In a nutshell, the intention
From: Stephen Hemminger <[EMAIL PROTECTED]>
Date: Thu, 1 Mar 2007 17:30:30 -0800
> What about implementing the unused arp_announce flag on the inetdevice?
> Something like the following. Totally untested...
>
> Looks like it either was there (and got removed) or was planned but
> never implement
This is essentially a "port" of Nick Piggin's dcache hash table
patches to the routing cache. It solves the locking issues
during table grow/shrink that I couldn't handle properly last
time I tried to code up a patch like this.
But one of the core issues of this kind of change still remains.
The
Mark Brown wrote:
[Once more with CCs]
On Tue, Mar 06, 2007 at 12:10:08AM +0400, Sergei Shtylyov wrote:
#ifdef CONFIG_NET_POLL_CONTROLLER
static void natsemi_poll_controller(struct net_device *dev)
{
+ struct netdev_private *np = netdev_priv(dev);
+
disable_irq(dev->irq);
-
On Mon, Mar 05, 2007 at 09:39:47PM -0600, Matt Mackall wrote:
> On Mon, Mar 05, 2007 at 06:48:50PM -0800, Greg KH wrote:
> > If so, can you disable the option and strace it to see what program is
> > trying to access what? That will put the
> > HAL/NetworkManager/libsysfs/distro script finger poin
On Mon, Mar 05, 2007 at 06:48:50PM -0800, Greg KH wrote:
> If so, can you disable the option and strace it to see what program is
> trying to access what? That will put the
> HAL/NetworkManager/libsysfs/distro script finger pointing to rest pretty
> quickly :)
Ok, I've got straces of both good an
On Mon, 5 Mar 2007, Joy Latten wrote:
> 5. Around the time the set of SAs for OUT direction are to be
>inserted into SAD, I see another ACQUIRE happening.
>
>I have not yet figured out where this second ACQUIRE comes from
>and why it happens. As long as the minimal SA or set of val
On Mon, Mar 05, 2007 at 06:48:50PM -0800, Greg KH wrote:
> Wait, have confirmed that if you enable this config option,
> NetworkManager starts back up again and works properly?
Yep, probably should have mentioned that.
> If so, can you disable the option and strace it to see what program is
> t
On Mon, Mar 05, 2007 at 02:39:00PM -0800, Greg KH wrote:
> Ok, I only named HAL as that is what people have told me the problem is.
> I have been running this change on my boxs, without
> CONFIG_SYSFS_DEPRECATED since last July or so.
>
> But I don't use NetworkManager here for the most part, but
On Mon, Mar 05, 2007 at 07:30:21PM -0600, Matt Mackall wrote:
> On Mon, Mar 05, 2007 at 04:07:22PM -0800, Greg KH wrote:
> > On Tue, Mar 06, 2007 at 12:40:52AM +0100, Adrian Bunk wrote:
> > > On Mon, Mar 05, 2007 at 10:58:13AM -0800, Greg KH wrote:
> > > >
> > > > Ok, how about the following patch
The patch below moves the init_block out of the private struct and
only allocates init block with pci_alloc_consistent.
This has two effects:
1. Performance increase for non cache coherent machines, because the
CPU only data in the private struct are now cached
2. locks are working now for pl
The PCnet32 driver always passed the the size of the largest possible packet
to the pci_dma_sync_single_for_cpu and pci_dma_sync_single_for_device.
This results in a fairly large "colateral damage" in the caches and makes
the flush operation itself much slower. On a system with a 40MHz CPU this
pa
>From: Joy Latten <[EMAIL PROTECTED]>
>Date: Mon, 05 Feb 2007 14:53:39 -0600
>
>> I can run some tests with this patch and report any results...
>
>Please check out the two most recent patches I posted:
>
>1) Updated core patch with ipv6 side added.
>2) Fix for thinko noticed by Venkat.
I have be
On Mon, Mar 05, 2007 at 07:30:21PM -0600, Matt Mackall wrote:
> On Mon, Mar 05, 2007 at 04:07:22PM -0800, Greg KH wrote:
> > On Tue, Mar 06, 2007 at 12:40:52AM +0100, Adrian Bunk wrote:
> > > On Mon, Mar 05, 2007 at 10:58:13AM -0800, Greg KH wrote:
> > > >
> > > > Ok, how about the following patch
On Mon, Mar 05, 2007 at 04:07:22PM -0800, Greg KH wrote:
> On Tue, Mar 06, 2007 at 12:40:52AM +0100, Adrian Bunk wrote:
> > On Mon, Mar 05, 2007 at 10:58:13AM -0800, Greg KH wrote:
> > >
> > > Ok, how about the following patch. Is it acceptable to everyone?
> > >
> > > thanks,
> > >
> > > greg
Hi Dave:
[UDP]: Clean up UDP-Lite receive checksum
This patch eliminates some duplicate code for the verification of
receive checksums between UDP-Lite and UDP. It does this by
introducing __skb_checksum_complete_head which is identical to
__skb_checksum_complete_head apart from the fact that it
On Mon, 5 Mar 2007 17:17:09 -0800
Greg KH <[EMAIL PROTECTED]> wrote:
> On Mon, Mar 05, 2007 at 05:08:49PM -0800, Andrew Morton wrote:
> > On Mon, 5 Mar 2007 19:56:25 -0500
> > Theodore Tso <[EMAIL PROTECTED]> wrote:
> >
> > > So the question really is are we really done making changes to sysfs,
>
Hi Dave:
[UDP6]: Restore sk_filter optimisation
This reverts the changeset
[IPV6]: UDPv6 checksum.
We always need to check UDPv6 checksum because it is mandatory.
The sk_filter optimisation has nothing to do whether we verify the
checksum. It simply postpones it to the point when the
On Mon, Mar 05, 2007 at 05:08:49PM -0800, Andrew Morton wrote:
> On Mon, 5 Mar 2007 19:56:25 -0500
> Theodore Tso <[EMAIL PROTECTED]> wrote:
>
> > So the question really is are we really done making changes to sysfs,
> > or maybe what we should do is talk about major version numbers to
> > sysfs.
On Mon, Mar 05, 2007 at 07:56:25PM -0500, Theodore Tso wrote:
> On Mon, Mar 05, 2007 at 04:37:15PM -0800, Greg KH wrote:
> > But I AM TRYING TO MAKE IT COMPATIBLE!!!
> >
> > That's what that config option is there for. If you happen to be
> > running a newer userspace, a different distro than wha
On Mon, 5 Mar 2007 19:56:25 -0500
Theodore Tso <[EMAIL PROTECTED]> wrote:
> So the question really is are we really done making changes to sysfs,
> or maybe what we should do is talk about major version numbers to
> sysfs.
Perhaps using a config option wasn't the right way to do this - a kernel
b
From: Herbert Xu <[EMAIL PROTECTED]>
Date: Tue, 6 Mar 2007 12:00:20 +1100
> Hi Dave:
>
> [UDP]: Reread uh pointer after pskb_trim
>
> The header may have moved when trimming.
>
> Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Good catch, I'll apply this and push to -stable, thanks
Herbert.
-
To
Hi Dave:
[UDP]: Reread uh pointer after pskb_trim
The header may have moved when trimming.
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Ke
On Mon, Mar 05, 2007 at 04:37:15PM -0800, Greg KH wrote:
> But I AM TRYING TO MAKE IT COMPATIBLE!!!
>
> That's what that config option is there for. If you happen to be
> running a newer userspace, a different distro than what is in Debian
> right now, or don't use HAL and Networkmanager, then di
On Mon, Mar 05, 2007 at 03:14:25PM -0600, Matt Mackall wrote:
> On Mon, Mar 05, 2007 at 04:46:09PM +0100, Tomasz Torcz wrote:
> > > That's not the point. The point is that Debian/unstable as of _this
> > > morning_ doesn't work. For reference, I'm running both the latest
> > > releases of both hal
On Tue, Mar 06, 2007 at 01:35:41AM +0100, Adrian Bunk wrote:
> On Mon, Mar 05, 2007 at 04:07:22PM -0800, Greg KH wrote:
> > On Tue, Mar 06, 2007 at 12:40:52AM +0100, Adrian Bunk wrote:
> > > On Mon, Mar 05, 2007 at 10:58:13AM -0800, Greg KH wrote:
> > > >
> > > > Ok, how about the following patch.
On Tue, Mar 06, 2007 at 11:24:57AM +1100, Bron Gondwana wrote:
> On Mon, Mar 05, 2007 at 03:14:25PM -0600, Matt Mackall wrote:
> > On Mon, Mar 05, 2007 at 04:46:09PM +0100, Tomasz Torcz wrote:
> > > > That's not the point. The point is that Debian/unstable as of _this
> > > > morning_ doesn't work.
On Fri, 2 Mar 2007, Eric Paris wrote:
> Inside pfkey_delete and xfrm_del_sa the audit hooks were not called if
> there was any permission/security failures in attempting to do the del
> operation (such as permission denied from security_xfrm_state_delete).
> This patch moves the audit hook to the
On Fri, 2 Mar 2007, Eric Paris wrote:
> pfkey_spdget neither had an LSM security hook nor auditing for the
> removal of xfrm_policy structs. The security hook was added when it was
> moved into xfrm_policy_byid instead of the callers to that function by
> my earlier patch and this patch adds the
On Fri, 2 Mar 2007, Eric Paris wrote:
> Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
Acked-by: James Morris <[EMAIL PROTECTED]>
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo
On Mon, Mar 05, 2007 at 04:07:22PM -0800, Greg KH wrote:
> On Tue, Mar 06, 2007 at 12:40:52AM +0100, Adrian Bunk wrote:
> > On Mon, Mar 05, 2007 at 10:58:13AM -0800, Greg KH wrote:
> > >
> > > Ok, how about the following patch. Is it acceptable to everyone?
> > >
> > > thanks,
> > >
> > > greg
On Tue, 6 Mar 2007, Herbert Xu wrote:
> It's just too error-prone to rely on it to not have MSG_TRUNC set.
Agreed.
> I'm going to clean this up for UDP and improve the UDP-lite checksum
> handling while I'm at it.
Great. It'll be good to get this years-old UDP bug fixed.
Thanks,
Jim
-
To unsub
From: Stephen Hemminger <[EMAIL PROTECTED]>
Date: Mon, 5 Mar 2007 15:57:14 -0800
> I tried the code from Hacker's Delight.
> It is cool, but performance is CPU (and data) dependent:
>
> Average # of usecs per operation:
Interesting results.
The problem with these algorithms that tradoff one or
On Tue, Mar 06, 2007 at 12:40:52AM +0100, Adrian Bunk wrote:
> On Mon, Mar 05, 2007 at 10:58:13AM -0800, Greg KH wrote:
> >
> > Ok, how about the following patch. Is it acceptable to everyone?
> >
> > thanks,
> >
> > greg k-h
> >
> > ---
> > init/Kconfig | 13 +++--
> > 1 file chang
On Tue, Mar 06, 2007 at 10:34:49AM +1100, Herbert Xu wrote:
> >
> > That's not true. Please see my post.
> >
> > Specifically, at linux-2.6.20.1/net/ipv4/udp.c:843, it seems that
> > udp_recvmsg() can randomly ignore whether the HW has computed a checksum
> > and compute it in SW redundantly.
On 03 Mar 2007 03:31:52 +0100
Andi Kleen <[EMAIL PROTECTED]> wrote:
> Stephen Hemminger <[EMAIL PROTECTED]> writes:
>
> > Here is another way to handle the 64 bit divide case.
> > It allows full 64 bit divide by adding the support routine
> > GCC needs.
>
> Not supplying that was intentional by
On Monday March 5, [EMAIL PROTECTED] wrote:
> On Friday 02 March 2007 05:28, NeilBrown wrote:
> > The sunrpc server code needs to know the source and destination address
> > for UDP packets so it can reply properly.
> > It currently copies code out of the network stack to pick the pieces out
> > of
On Mon, Mar 05, 2007 at 10:58:13AM -0800, Greg KH wrote:
>
> Ok, how about the following patch. Is it acceptable to everyone?
>
> thanks,
>
> greg k-h
>
> ---
> init/Kconfig | 13 +++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
>
> --- gregkh-2.6.orig/init/Kconfig
> +++ gr
Greg KH wrote:
On Mon, Mar 05, 2007 at 07:59:50AM -0500, Theodore Tso wrote:
Ok, how about the following patch. Is it acceptable to everyone?
thanks,
greg k-h
---
init/Kconfig | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
--- gregkh-2.6.orig/init/Kconfig
+++ gre
On Mon, Mar 05, 2007 at 01:01:16PM -0800, Jim Chow wrote:
> On Tue, 6 Mar 2007, Herbert Xu wrote:
> > msg_flags [...] its initial value is not used.
>
> That's not true. Please see my post.
>
> Specifically, at linux-2.6.20.1/net/ipv4/udp.c:843, it seems that
> udp_recvmsg() can randomly ignore
On Mon, 5 Mar 2007 14:26:30 -0800
[EMAIL PROTECTED] wrote:
> http://bugzilla.kernel.org/show_bug.cgi?id=8132
>
>Summary: pptp server lockup in ppp_asynctty_receive()
> Kernel Version: 2.6.20
> Status: NEW
> Severity: high
> Owner: [EMAIL PROTECT
Ignore this. I rebooted into the wrong kernel and was testing with 2.6.16
instead of 2.6.20. It works fine with 2.6.20.
-Chris
On Mon, 5 Mar 2007, Chris Stromsoe wrote:
I have a bunch of dual-port SK 98xx cards that work with sk98lin but not
with skge. After loading skge, I get
ACPI: PCI
[Once more with CCs]
On Tue, Mar 06, 2007 at 12:10:08AM +0400, Sergei Shtylyov wrote:
> #ifdef CONFIG_NET_POLL_CONTROLLER
> static void natsemi_poll_controller(struct net_device *dev)
> {
> + struct netdev_private *np = netdev_priv(dev);
> +
> disable_irq(dev->irq);
> - intr_hand
Comments on this patch -
1. device_close_flag is unused and is not required.
> +static pci_ers_result_t s2io_io_error_detected(struct pci_dev *pdev,
> + pci_channel_state_t
state)
> +{
...
> + do_s2io_card_down(sp, 0);
> +
On Tue, Mar 06, 2007 at 12:10:08AM +0400, Sergei Shtylyov wrote:
> #ifdef CONFIG_NET_POLL_CONTROLLER
> static void natsemi_poll_controller(struct net_device *dev)
> {
> + struct netdev_private *np = netdev_priv(dev);
> +
> disable_irq(dev->irq);
> - intr_handler(dev->irq, dev);
>
On Mon, Mar 05, 2007 at 01:55:30PM -0600, Matt Mackall wrote:
> On Mon, Mar 05, 2007 at 10:58:13AM -0800, Greg KH wrote:
> > Ok, how about the following patch. Is it acceptable to everyone?
> >
> > - If you are using a distro that was released in 2006 or later,
> > - it should be safe to
On Mon, 5 Mar 2007, Stephen Hemminger wrote:
What kernel version. Type 0 is XMAC support, and that was added to a
fairly recent kernel (2.6.19?)
It was an old kernel. I booted into 2.6.16 instead of 2.6.20. See my
follow-up (and ignore the report).
-Chris
-
To unsubscribe from this list:
On Mon, 5 Mar 2007 13:48:29 -0800 (PST)
Chris Stromsoe <[EMAIL PROTECTED]> wrote:
> I have a bunch of dual-port SK 98xx cards that work with sk98lin but not
> with skge. After loading skge, I get
>
> ACPI: PCI Interrupt :01:0a.0[A] -> Link [LNKC] -> GSI 10 (level, low) ->
> IRQ 10
> skge 0
On Tue, 6 Mar 2007, Herbert Xu wrote:
> msg_flags [...] its initial value is not used.
That's not true. Please see my post.
Specifically, at linux-2.6.20.1/net/ipv4/udp.c:843, it seems that
udp_recvmsg() can randomly ignore whether the HW has computed a checksum
and compute it in SW redundantl
On Mon, Mar 05, 2007 at 04:46:09PM +0100, Tomasz Torcz wrote:
> On Mon, Mar 05, 2007 at 01:13:26AM -0600, Matt Mackall wrote:
> > That's not the point. The point is that Debian/unstable as of _this
> > morning_ doesn't work. For reference, I'm running both the latest
> > releases of both hal (0.5.8
Jim Chow <[EMAIL PROTECTED]> wrote:
> After inspection of some networking code, it seems there is a use of
> uninitialized data in udp_recvmsg(),
> linux-2.6.20.1/net/ipv4/udp.c:843, while testing msg->msg_flags (see
> the backtrace below). It looks like sys_recvfrom() is not
msg_flags is set on
I have a bunch of dual-port SK 98xx cards that work with sk98lin but not
with skge. After loading skge, I get
ACPI: PCI Interrupt :01:0a.0[A] -> Link [LNKC] -> GSI 10 (level, low) ->
IRQ 10
skge :01:0a.0: unsupported phy type 0x0
ACPI: PCI interrupt for device :01:0a.0 disabled
skg
From: Eric Dumazet <[EMAIL PROTECTED]>
Date: Mon, 5 Mar 2007 16:09:21 +0100
> While browsing include/net/inet_timewait_sock.h, I found this buggy
> definition
> of twcal_jiffie.
>
> int twcal_jiffie;
>
> I wonder how inet_twdr_twcal_tick() can really works on x86_64
>
> This seems qui
On Mon, Mar 05, 2007 at 04:46:09PM +0100, Tomasz Torcz wrote:
> > That's not the point. The point is that Debian/unstable as of _this
> > morning_ doesn't work. For reference, I'm running both the latest
> > releases of both hal (0.5.8.1-6.1) and network-manager (0.6.4-6). And
> > there are people
After inspection of some networking code, it seems there is a use of
uninitialized data in udp_recvmsg(),
linux-2.6.20.1/net/ipv4/udp.c:843, while testing msg->msg_flags (see
the backtrace below). It looks like sys_recvfrom() is not
initializing msg.msg_flags and, along the path given below, msg_f
On Mon, 2007-03-05 at 11:39 -0500, James Morris wrote:
> On Mon, 5 Mar 2007, Venkat Yekkirala wrote:
>
> > >
> > > Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
> > Acked-by: Venkat Yekkirala <[EMAIL PROTECTED]>
>
> What about your previous comment:
>
> "I guess you meant to do this here?
>
On Monday March 5, [EMAIL PROTECTED] wrote:
>
> Hi Neil,
>
> here's another minor comment:
>
> On Friday 02 March 2007 05:28, NeilBrown wrote:
> > +static inline void svc_udp_get_dest_address(struct svc_rqst *rqstp,
> > + struct cmsghdr *cmh)
> > {
> >
Fix two issues in this driver's netpoll path: one usual, with spin_unlock_irq()
enabling interrupts which nobody asks it to do (that has been fixed recently in
a number of drivers) and one unusual, with poll_controller() method possibly
causing loss of interrupts due to the interrupt status registe
On Mon, Mar 05, 2007 at 10:58:13AM -0800, Greg KH wrote:
> Ok, how about the following patch. Is it acceptable to everyone?
>
> - If you are using a distro that was released in 2006 or later,
> - it should be safe to say N here.
> + If you are using an OpenSuSE, Gentoo, Ubuntu,
Stephen Hemminger wrote:
> Don't bother changing netem. I have a version that uses hrtimer's
> and doesn't use PSCHED() clock source anymore.
Me too :) I'm going to send it with my other patches soon, if you
don't like it we can still drop it.
-
To unsubscribe from this list: send the line "unsubs
On Mon, 05 Mar 2007 18:42:26 +0100
Patrick McHardy <[EMAIL PROTECTED]> wrote:
> David Miller wrote:
> > Frankly, I think now that we have ktime and all of the proper generic
> > infrastructure to do this stuff properly, I think we should just use
> > ktime for the packet scheduler across the board
Hi Neil,
here's another minor comment:
On Friday 02 March 2007 05:28, NeilBrown wrote:
> +static inline void svc_udp_get_dest_address(struct svc_rqst *rqstp,
> + struct cmsghdr *cmh)
> {
> switch (rqstp->rq_sock->sk_sk->sk_family) {
> case AF_
On Mon, Mar 05, 2007 at 07:59:50AM -0500, Theodore Tso wrote:
> On Sun, Mar 04, 2007 at 05:17:29PM -0800, Greg KH wrote:
> > I should not have broken any userspace if CONFIG_SYSFS_DEPRECATED is
> > enabled with that patch. If that is enabled, and that patch still
> > causes problems, please let me
On Friday 02 March 2007 05:28, NeilBrown wrote:
> The sunrpc server code needs to know the source and destination address
> for UDP packets so it can reply properly.
> It currently copies code out of the network stack to pick the pieces out
> of the skb.
> This is ugly and causes compile problems w
David Miller wrote:
> Frankly, I think now that we have ktime and all of the proper generic
> infrastructure to do this stuff properly, I think we should just use
> ktime for the packet scheduler across the board and just delete all of
> that old by-hand timekeeping selection crap from pkt_sched.h
> > >
> > > Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
> > Acked-by: Venkat Yekkirala <[EMAIL PROTECTED]>
>
> What about your previous comment:
>
> "I guess you meant to do this here?
> else if (err)
> return err; "
I saw that this was taken care of in patch-2 for t
On March 3, 2007 06:40:12 pm John Heffner wrote:
> David Miller wrote:
> > From: John Heffner <[EMAIL PROTECTED]>
> > Date: Fri, 02 Mar 2007 16:16:39 -0500
> >
> >> Please don't apply the patch I sent. I've been thinking about this a
> >> bit harder, and it may not fix this particular problem. (H
On Mon, 5 Mar 2007, Venkat Yekkirala wrote:
> >
> > Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
> Acked-by: Venkat Yekkirala <[EMAIL PROTECTED]>
What about your previous comment:
"I guess you meant to do this here?
else if (err)
return err; "
--
James Morris
<[E
Hello listers,
I'm tutor on the Faculty ICT, department NID. This is a bachelor degree
and we are preparing our students to become something more then just
System Administrators (such as manager, consulting, etc). Since this
department is part of the Microsoft camp, the students are educated
m
> Inside pfkey_delete and xfrm_del_sa the audit hooks were not called if
> there was any permission/security failures in attempting to do the del
> operation (such as permission denied from security_xfrm_state_delete).
> This patch moves the audit hook to the exit path such that
> all failures
> (
> pfkey_spdget neither had an LSM security hook nor auditing for the
> removal of xfrm_policy structs. The security hook was added
> when it was
> moved into xfrm_policy_byid instead of the callers to that function by
> my earlier patch and this patch adds the auditing hooks as well.
>
> Signed
>
> Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
Acked-by: Venkat Yekkirala <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Mar 05, 2007 at 01:13:26AM -0600, Matt Mackall wrote:
> On Sun, Mar 04, 2007 at 11:02:48PM -0800, Greg KH wrote:
> > On Mon, Mar 05, 2007 at 12:42:29AM -0600, Matt Mackall wrote:
> > > On Sun, Mar 04, 2007 at 05:16:25PM -0800, Greg KH wrote:
> > > > On Sun, Mar 04, 2007 at 04:08:57PM -0600,
Implements an iptables module which matches packets which have the
tproxy flag set, that is, packets diverted in the tproxy table.
Signed-off-by: KOVACS Krisztian <[EMAIL PROTECTED]>
---
net/netfilter/Kconfig |9 +
net/netfilter/Makefile|1 +
net/netfilter/xt_tproxy.c | 77
The TPROXY target implements redirection of non-local TCP/UDP traffic
to local sockets. It is simply a wrapper around functionality exported
from iptable_tproxy.
Signed-off-by: KOVACS Krisztian <[EMAIL PROTECTED]>
---
include/linux/netfilter_ipv4/ipt_TPROXY.h |9 +++
net/ipv4/netfilter/Kcon
The iptables tproxy table registers a new hook on PRE_ROUTING and for
each incoming TCP/UDP packet performs as follows:
1. Does IPv4 fragment reassembly. We need this to be able to do TCP/UDP
header processing.
2. Does a TCP/UDP socket hash lookup to decide whether or not the packet
is sent
We would like to be able to match on whether or not a given packet has
been diverted by tproxy. To make this possible we need a flag in
sk_buff.
Signed-off-by: KOVACS Krisztian <[EMAIL PROTECTED]>
---
include/linux/skbuff.h |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --gi
The iptables tproxy code has to be able to do UDP socket hash lookups,
so we have to provide an exported lookup function for this purpose.
Signed-off-by: KOVACS Krisztian <[EMAIL PROTECTED]>
---
include/net/udp.h |4
net/ipv4/udp.c|8
2 files changed, 12 insertions(+),
The TCP stack sends out SYN+ACK/ACK/RST reply packets in response to
incoming packets. The non-local source address check on output bites
us again, as replies for transparently redirected traffic won't have a
chance to leave the node.
This patch selectively sets the FLOWI_FLAG_TRANSPARENT flag whe
Set FLOWI_FLAG_TRANSPARENT in flowi->flags if the socket has the
transparent socket option set. This way we selectively enable certain
connections with non-local source addresses to be routed.
Signed-off-by: KOVACS Krisztian <[EMAIL PROTECTED]>
---
include/net/route.h |4
1 files chang
This patch introduces the IP_TRANSPARENT socket option: enabling that will make
the IPv4 routing omit the non-local source address check on output. Setting
IP_TRANSPARENT requires NET_ADMIN capability.
Signed-off-by: KOVACS Krisztian <[EMAIL PROTECTED]>
---
include/linux/in.h |
UDP input code path looks up the UDP socket hash tables to find a
socket matching the incoming packet. However, as iptable_tproxy does
socket lookups early the skb may already have the appropriate
reference attached, in that case we steal that reference instead of
doing the lookup.
Signed-off-by:
ip_route_output() contains a check to make sure that no flows with
non-local source IP addresses are routed. This obviously makes using
such addresses impossible.
This patch introduces a flowi flag which makes omitting this check
possible. The new flag provides a way of handling transparent and
no
TCP input code path looks up the TCP socket hash tables to find a
socket matching the incoming packet. However, as iptable_tproxy does
socket lookups early the skb may already have the appropriate
reference attached, in that case we steal that reference instead of
doing the lookup.
Signed-off-by:
Current TCP code relies on the local port of the listening socket
being the same as the destination address of the incoming
connection. Port redirection used by many transparent proxying
techniques obviously breaks this, so we have to store the original
destination port address.
This patch extends
The input path for non-local bound sockets requires diverting certain
packets locally, even if their destination IP address is not
considered local. We achieve this by assigning a specially crafted dst
entry to these skbs, and optionally also attaching a socket to the skb
so that the upper layer co
Hi,
These patches are my second try at providing Linux 2.2-like transparent
proxying support for Linux 2.6.
Major changes since the first version:
- iptable_tproxy now does IPv4 fragment reassembly (necessary for
processing TCP/UDP header)
- The removal of the source address check in ip_rou
> Also, [Joy cc'd] deletions here needn't be audited?
OK, I see the next patch addressed this :)
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
> @@ -2552,7 +2550,7 @@ static int pfkey_spdget(struct sock
> *sk, struct sk_buff *skb, struct sadb_msg *h
> return -EINVAL;
>
> xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir,
> pol->sadb_x_policy_id,
> - hdr->sadb_msg_type == SADB_X_SPDDELETE2);
Hello Eric,
See comments about __dev_alloc_name() below.
Regards,
Benjamin
Eric W. Biederman wrote:
From: Eric W. Biederman <[EMAIL PROTECTED]> - unquoted
When forcibly changing the network namespace of a device
I need something that can generate a name for the device
in the new namespace wit
Hi David
While browsing include/net/inet_timewait_sock.h, I found this buggy definition
of twcal_jiffie.
int twcal_jiffie;
I wonder how inet_twdr_twcal_tick() can really works on x86_64
This seems quite an old bug, it was there before introduction of
inet_timewait_death_row made by Ar
On Monday 05 March 2007 12:20, Howard Chu wrote:
> Why is the Maximum Segment Lifetime a global parameter? Surely the
> maximum possible lifetime of a particular TCP segment depends on the
> actual connection. At the very least, it would be useful to be able to
> set it on a per-interface basis. E.
On Tue, Feb 20, 2007 at 11:00:53AM -0800, Stephen Hemminger wrote:
> You need the flow control fix and the tx_timeout fix posted for 2.6.20
> (stable)
> and current git tree.
sky2 1.13 has been far better than 1.10; there have been no system hangs
or permanent sky2 failures. However, the follow
On Saturday 03 March 2007 06:35, Jeff Garzik wrote:
> Linsys Contractor Mithlesh Thukral wrote:
> > NetXen: Make driver use multi PCI functions.
> >
> > Signed-off by: Mithlesh Thukral <[EMAIL PROTECTED]>
> >
> > ---
> >
> > netxen_nic.h | 126 +---
> > netxen_nic_ethtool.c |
On Sun, Mar 04, 2007 at 05:17:29PM -0800, Greg KH wrote:
> I should not have broken any userspace if CONFIG_SYSFS_DEPRECATED is
> enabled with that patch. If that is enabled, and that patch still
> causes problems, please let me know.
But we still need to update the help text for CONFIG_SYS_DEPRE
NetXen: Fix ping failure of Jumbo frames on MEZ cards.
Signed-off by: Mithlesh Thukral <[EMAIL PROTECTED]>
---
drivers/net/netxen/netxen_nic_hw.c |7 ++-
1 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/netxen/netxen_nic_hw.c
b/drivers/net/netxen/netxen_nic_hw
1 - 100 of 112 matches
Mail list logo
