Commit bf603625 authored by Linus Torvalds's avatar Linus Torvalds

Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [ATM]: [lec] use refcnt to protect lec_arp_entries outside lock
  [ATM]: [lec] add reference counting to lec_arp entries
  [ATM]: [lec] use work queue instead of timer for lec arp expiry
  [ATM]: [lec] old_close is no longer used
  [ATM]: [lec] convert lec_arp_table to hlist
  [ATM]: [lec] header indent, comment and whitespace cleanup
  [ATM]: [lec] indent, comment and whitespace cleanup [continued]
  [ATM]: [lec] indent, comment and whitespace cleanup
  [SCTP]: Do not timestamp every SCTP packet.
  [SCTP]: Use correct mask when disabling PMTUD.
  [SCTP]: Include sk_buff overhead while updating the peer's receive window.
  [SCTP]: Enable Nagle algorithm by default.
  [BNX2]: Disable MSI on 5706 if AMD 8132 bridge is present.
  [NetLabel]: audit fixups due to delayed feedback
parents fbe96f92 6656e3c4
......@@ -56,8 +56,8 @@
#define DRV_MODULE_NAME "bnx2"
#define PFX DRV_MODULE_NAME ": "
#define DRV_MODULE_VERSION "1.4.44"
#define DRV_MODULE_RELDATE "August 10, 2006"
#define DRV_MODULE_VERSION "1.4.45"
#define DRV_MODULE_RELDATE "September 29, 2006"
#define RUN_AT(x) (jiffies + (x))
......@@ -5805,6 +5805,34 @@ bnx2_init_board(struct pci_dev *pdev, struct net_device *dev)
bp->cmd_ticks_int = bp->cmd_ticks;
}
/* Disable MSI on 5706 if AMD 8132 bridge is found.
*
* MSI is defined to be 32-bit write. The 5706 does 64-bit MSI writes
* with byte enables disabled on the unused 32-bit word. This is legal
* but causes problems on the AMD 8132 which will eventually stop
* responding after a while.
*
* AMD believes this incompatibility is unique to the 5706, and
* prefers to locally disable MSI rather than globally disabling it
* using pci_msi_quirk.
*/
if (CHIP_NUM(bp) == CHIP_NUM_5706 && disable_msi == 0) {
struct pci_dev *amd_8132 = NULL;
while ((amd_8132 = pci_get_device(PCI_VENDOR_ID_AMD,
PCI_DEVICE_ID_AMD_8132_BRIDGE,
amd_8132))) {
u8 rev;
pci_read_config_byte(amd_8132, PCI_REVISION_ID, &rev);
if (rev >= 0x10 && rev <= 0x13) {
disable_msi = 1;
pci_dev_put(amd_8132);
break;
}
}
}
bp->autoneg = AUTONEG_SPEED | AUTONEG_FLOW_CTRL;
bp->req_line_speed = 0;
if (bp->phy_flags & PHY_SERDES_FLAG) {
......
/*
* ATM Lan Emulation Daemon driver interface
*
* ATM Lan Emulation Daemon vs. driver interface
*
* mkiiskila@yahoo.com
*
* Marko Kiiskila <mkiiskila@yahoo.com>
*/
#ifndef _ATMLEC_H_
......@@ -13,28 +11,35 @@
#include <linux/atmioc.h>
#include <linux/atm.h>
#include <linux/if_ether.h>
/* ATM lec daemon control socket */
#define ATMLEC_CTRL _IO('a',ATMIOC_LANE)
#define ATMLEC_DATA _IO('a',ATMIOC_LANE+1)
#define ATMLEC_MCAST _IO('a',ATMIOC_LANE+2)
#define ATMLEC_CTRL _IO('a', ATMIOC_LANE)
#define ATMLEC_DATA _IO('a', ATMIOC_LANE+1)
#define ATMLEC_MCAST _IO('a', ATMIOC_LANE+2)
/* Maximum number of LEC interfaces (tweakable) */
#define MAX_LEC_ITF 48
/* From the total of MAX_LEC_ITF, last NUM_TR_DEVS are reserved for Token Ring.
/*
* From the total of MAX_LEC_ITF, last NUM_TR_DEVS are reserved for Token Ring.
* E.g. if MAX_LEC_ITF = 48 and NUM_TR_DEVS = 8, then lec0-lec39 are for
* Ethernet ELANs and lec40-lec47 are for Token Ring ELANS.
*/
#define NUM_TR_DEVS 8
typedef enum {
l_set_mac_addr, l_del_mac_addr,
l_set_mac_addr,
l_del_mac_addr,
l_svc_setup,
l_addr_delete, l_topology_change,
l_flush_complete, l_arp_update,
l_addr_delete,
l_topology_change,
l_flush_complete,
l_arp_update,
l_narp_req, /* LANE2 mandates the use of this */
l_config, l_flush_tran_id,
l_set_lecid, l_arp_xmt,
l_config,
l_flush_tran_id,
l_set_lecid,
l_arp_xmt,
l_rdesc_arp_xmt,
l_associate_req,
l_should_bridge /* should we bridge this MAC? */
......@@ -63,9 +68,11 @@ struct atmlec_msg {
struct {
unsigned char mac_addr[ETH_ALEN];
unsigned char atm_addr[ATM_ESA_LEN];
unsigned int flag;/* Topology_change flag,
remoteflag, permanent flag,
lecid, transaction id */
unsigned int flag; /*
* Topology_change flag,
* remoteflag, permanent flag,
* lecid, transaction id
*/
unsigned int targetless_le_arp; /* LANE2 */
unsigned int no_source_le_narp; /* LANE2 */
} normal;
......@@ -75,9 +82,11 @@ struct atmlec_msg {
uint32_t tran_id; /* transaction id */
unsigned char mac_addr[ETH_ALEN]; /* dst mac addr */
unsigned char atm_addr[ATM_ESA_LEN]; /* reqestor ATM addr */
} proxy;
/* For mapping LE_ARP requests to responses. Filled by */
} content; /* zeppelin, returned by kernel. Used only when proxying */
} proxy; /*
* For mapping LE_ARP requests to responses. Filled by
* zeppelin, returned by kernel. Used only when proxying
*/
} content;
} __ATM_API_ALIGN;
struct atmlec_ioc {
......
......@@ -95,12 +95,11 @@
#define AUDIT_MAC_POLICY_LOAD 1403 /* Policy file load */
#define AUDIT_MAC_STATUS 1404 /* Changed enforcing,permissive,off */
#define AUDIT_MAC_CONFIG_CHANGE 1405 /* Changes to booleans */
#define AUDIT_MAC_UNLBL_ACCEPT 1406 /* NetLabel: allow unlabeled traffic */
#define AUDIT_MAC_UNLBL_DENY 1407 /* NetLabel: deny unlabeled traffic */
#define AUDIT_MAC_CIPSOV4_ADD 1408 /* NetLabel: add CIPSOv4 DOI entry */
#define AUDIT_MAC_CIPSOV4_DEL 1409 /* NetLabel: del CIPSOv4 DOI entry */
#define AUDIT_MAC_MAP_ADD 1410 /* NetLabel: add LSM domain mapping */
#define AUDIT_MAC_MAP_DEL 1411 /* NetLabel: del LSM domain mapping */
#define AUDIT_MAC_UNLBL_ALLOW 1406 /* NetLabel: allow unlabeled traffic */
#define AUDIT_MAC_CIPSOV4_ADD 1407 /* NetLabel: add CIPSOv4 DOI entry */
#define AUDIT_MAC_CIPSOV4_DEL 1408 /* NetLabel: del CIPSOv4 DOI entry */
#define AUDIT_MAC_MAP_ADD 1409 /* NetLabel: add LSM domain mapping */
#define AUDIT_MAC_MAP_DEL 1410 /* NetLabel: del LSM domain mapping */
#define AUDIT_FIRST_KERN_ANOM_MSG 1700
#define AUDIT_LAST_KERN_ANOM_MSG 1799
......
......@@ -507,6 +507,7 @@
#define PCI_DEVICE_ID_AMD_8151_0 0x7454
#define PCI_DEVICE_ID_AMD_8131_BRIDGE 0x7450
#define PCI_DEVICE_ID_AMD_8131_APIC 0x7451
#define PCI_DEVICE_ID_AMD_8132_BRIDGE 0x7458
#define PCI_DEVICE_ID_AMD_CS5536_ISA 0x2090
#define PCI_DEVICE_ID_AMD_CS5536_FLASH 0x2091
#define PCI_DEVICE_ID_AMD_CS5536_AUDIO 0x2093
......
......@@ -129,7 +129,7 @@ extern int cipso_v4_rbm_strictvalid;
#ifdef CONFIG_NETLABEL
int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);
int cipso_v4_doi_remove(u32 doi,
u32 audit_secid,
struct netlbl_audit *audit_info,
void (*callback) (struct rcu_head * head));
struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
int cipso_v4_doi_walk(u32 *skip_cnt,
......@@ -145,7 +145,7 @@ static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
}
static inline int cipso_v4_doi_remove(u32 doi,
u32 audit_secid,
struct netlbl_audit *audit_info,
void (*callback) (struct rcu_head * head))
{
return 0;
......
......@@ -92,11 +92,17 @@
*
*/
/* NetLabel audit information */
struct netlbl_audit {
u32 secid;
uid_t loginuid;
};
/* Domain mapping definition struct */
struct netlbl_dom_map;
/* Domain mapping operations */
int netlbl_domhsh_remove(const char *domain, u32 audit_secid);
int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info);
/* LSM security attributes */
struct netlbl_lsm_cache {
......
This diff is collapsed.
/*
*
* Lan Emulation client header file
*
* Marko Kiiskila mkiiskila@yahoo.com
*
* Marko Kiiskila <mkiiskila@yahoo.com>
*/
#ifndef _LEC_H_
#define _LEC_H_
#include <linux/config.h>
#include <linux/atmdev.h>
#include <linux/netdevice.h>
#include <linux/atmlec.h>
......@@ -44,17 +43,18 @@ struct lecdatahdr_8025 {
*
*/
struct lane2_ops {
int (*resolve)(struct net_device *dev, u8 *dst_mac, int force,
int (*resolve) (struct net_device *dev, u8 *dst_mac, int force,
u8 **tlvs, u32 *sizeoftlvs);
int (*associate_req)(struct net_device *dev, u8 *lan_dst,
int (*associate_req) (struct net_device *dev, u8 *lan_dst,
u8 *tlvs, u32 sizeoftlvs);
void (*associate_indicator)(struct net_device *dev, u8 *mac_addr,
void (*associate_indicator) (struct net_device *dev, u8 *mac_addr,
u8 *tlvs, u32 sizeoftlvs);
};
/*
* ATM LAN Emulation supports both LLC & Dix Ethernet EtherType
* frames.
*
* 1. Dix Ethernet EtherType frames encoded by placing EtherType
* field in h_type field. Data follows immediatelly after header.
* 2. LLC Data frames whose total length, including LLC field and data,
......@@ -72,53 +72,70 @@ struct lane2_ops {
struct lec_priv {
struct net_device_stats stats;
unsigned short lecid; /* Lecid of this client */
struct lec_arp_table *lec_arp_empty_ones;
struct hlist_head lec_arp_empty_ones;
/* Used for storing VCC's that don't have a MAC address attached yet */
struct lec_arp_table *lec_arp_tables[LEC_ARP_TABLE_SIZE];
struct hlist_head lec_arp_tables[LEC_ARP_TABLE_SIZE];
/* Actual LE ARP table */
struct lec_arp_table *lec_no_forward;
/* Used for storing VCC's (and forward packets from) which are to
age out by not using them to forward packets.
This is because to some LE clients there will be 2 VCCs. Only
one of them gets used. */
struct lec_arp_table *mcast_fwds;
/* With LANEv2 it is possible that BUS (or a special multicast server)
establishes multiple Multicast Forward VCCs to us. This list
collects all those VCCs. LANEv1 client has only one item in this
list. These entries are not aged out. */
struct hlist_head lec_no_forward;
/*
* Used for storing VCC's (and forward packets from) which are to
* age out by not using them to forward packets.
* This is because to some LE clients there will be 2 VCCs. Only
* one of them gets used.
*/
struct hlist_head mcast_fwds;
/*
* With LANEv2 it is possible that BUS (or a special multicast server)
* establishes multiple Multicast Forward VCCs to us. This list
* collects all those VCCs. LANEv1 client has only one item in this
* list. These entries are not aged out.
*/
spinlock_t lec_arp_lock;
struct atm_vcc *mcast_vcc; /* Default Multicast Send VCC */
struct atm_vcc *lecd;
struct timer_list lec_arp_timer;
/* C10 */
struct work_struct lec_arp_work; /* C10 */
unsigned int maximum_unknown_frame_count;
/* Within the period of time defined by this variable, the client will send
no more than C10 frames to BUS for a given unicast destination. (C11) */
/*
* Within the period of time defined by this variable, the client will send
* no more than C10 frames to BUS for a given unicast destination. (C11)
*/
unsigned long max_unknown_frame_time;
/* If no traffic has been sent in this vcc for this period of time,
vcc will be torn down (C12)*/
/*
* If no traffic has been sent in this vcc for this period of time,
* vcc will be torn down (C12)
*/
unsigned long vcc_timeout_period;
/* An LE Client MUST not retry an LE_ARP_REQUEST for a
given frame's LAN Destination more than maximum retry count times,
after the first LEC_ARP_REQUEST (C13)*/
/*
* An LE Client MUST not retry an LE_ARP_REQUEST for a
* given frame's LAN Destination more than maximum retry count times,
* after the first LEC_ARP_REQUEST (C13)
*/
unsigned short max_retry_count;
/* Max time the client will maintain an entry in its arp cache in
absence of a verification of that relationship (C17)*/
/*
* Max time the client will maintain an entry in its arp cache in
* absence of a verification of that relationship (C17)
*/
unsigned long aging_time;
/* Max time the client will maintain an entry in cache when
topology change flag is true (C18) */
unsigned long forward_delay_time;
/* Topology change flag (C19)*/
/*
* Max time the client will maintain an entry in cache when
* topology change flag is true (C18)
*/
unsigned long forward_delay_time; /* Topology change flag (C19) */
int topology_change;
/* Max time the client expects an LE_ARP_REQUEST/LE_ARP_RESPONSE
cycle to take (C20)*/
/*
* Max time the client expects an LE_ARP_REQUEST/LE_ARP_RESPONSE
* cycle to take (C20)
*/
unsigned long arp_response_time;
/* Time limit ot wait to receive an LE_FLUSH_RESPONSE after the
LE_FLUSH_REQUEST has been sent before taking recover action. (C21)*/
/*
* Time limit ot wait to receive an LE_FLUSH_RESPONSE after the
* LE_FLUSH_REQUEST has been sent before taking recover action. (C21)
*/
unsigned long flush_timeout;
/* The time since sending a frame to the bus after which the
LE Client may assume that the frame has been either discarded or
delivered to the recipient (C22) */
/* The time since sending a frame to the bus after which the
* LE Client may assume that the frame has been either discarded or
* delivered to the recipient (C22)
*/
unsigned long path_switching_delay;
u8 *tlvs; /* LANE2: TLVs are new */
......@@ -131,11 +148,10 @@ struct lec_priv {
};
struct lec_vcc_priv {
void (*old_pop)(struct atm_vcc *vcc, struct sk_buff *skb);
void (*old_pop) (struct atm_vcc *vcc, struct sk_buff *skb);
int xoff;
};
#define LEC_VCC_PRIV(vcc) ((struct lec_vcc_priv *)((vcc)->user_back))
#endif /* _LEC_H_ */
/*
* Lec arp cache
* Marko Kiiskila mkiiskila@yahoo.com
*
* Marko Kiiskila <mkiiskila@yahoo.com>
*/
#ifndef _LEC_ARP_H
#define _LEC_ARP_H
#ifndef _LEC_ARP_H_
#define _LEC_ARP_H_
#include <linux/atm.h>
#include <linux/atmdev.h>
#include <linux/if_ether.h>
#include <linux/atmlec.h>
struct lec_arp_table {
struct lec_arp_table *next; /* Linked entry list */
struct hlist_node next; /* Linked entry list */
unsigned char atm_addr[ATM_ESA_LEN]; /* Atm address */
unsigned char mac_addr[ETH_ALEN]; /* Mac address */
int is_rdesc; /* Mac address is a route descriptor */
struct atm_vcc *vcc; /* Vcc this entry is attached */
struct atm_vcc *recv_vcc; /* Vcc we receive data from */
void (*old_push)(struct atm_vcc *vcc,struct sk_buff *skb);
void (*old_push) (struct atm_vcc *vcc, struct sk_buff *skb);
/* Push that leads to daemon */
void (*old_recv_push)(struct atm_vcc *vcc, struct sk_buff *skb);
void (*old_recv_push) (struct atm_vcc *vcc, struct sk_buff *skb);
/* Push that leads to daemon */
void (*old_close)(struct atm_vcc *vcc);
/* We want to see when this
* vcc gets closed */
unsigned long last_used; /* For expiry */
unsigned long timestamp; /* Used for various timestamping
* things:
unsigned long timestamp; /* Used for various timestamping things:
* 1. FLUSH started
* (status=ESI_FLUSH_PENDING)
* 2. Counting to
......@@ -34,23 +33,28 @@ struct lec_arp_table {
* (status=ESI_ARP_PENDING||
* status=ESI_VC_PENDING)
*/
unsigned char no_tries; /* No of times arp retry has been
tried */
unsigned char no_tries; /* No of times arp retry has been tried */
unsigned char status; /* Status of this entry */
unsigned short flags; /* Flags for this entry */
unsigned short packets_flooded; /* Data packets flooded */
unsigned long flush_tran_id; /* Transaction id in flush protocol */
struct timer_list timer; /* Arping timer */
struct lec_priv *priv; /* Pointer back */
u8 *tlvs; /* LANE2: Each MAC address can have TLVs */
u32 sizeoftlvs; /* associated with it. sizeoftlvs tells the */
/* the length of the tlvs array */
u8 *tlvs;
u32 sizeoftlvs; /*
* LANE2: Each MAC address can have TLVs
* associated with it. sizeoftlvs tells the
* the length of the tlvs array
*/
struct sk_buff_head tx_wait; /* wait queue for outgoing packets */
atomic_t usage; /* usage count */
};
struct tlv { /* LANE2: Template tlv struct for accessing */
/* the tlvs in the lec_arp_table->tlvs array*/
/*
* LANE2: Template tlv struct for accessing
* the tlvs in the lec_arp_table->tlvs array
*/
struct tlv {
u32 type;
u8 length;
u8 value[255];
......@@ -89,4 +93,4 @@ struct tlv { /* LANE2: Template tlv struct for accessing */
#define LEC_REMOTE_FLAG 0x0001
#define LEC_PERMANENT_FLAG 0x0002
#endif
#endif /* _LEC_ARP_H_ */
......@@ -485,7 +485,7 @@ int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
*
*/
int cipso_v4_doi_remove(u32 doi,
u32 audit_secid,
struct netlbl_audit *audit_info,
void (*callback) (struct rcu_head * head))
{
struct cipso_v4_doi *doi_def;
......@@ -506,7 +506,7 @@ int cipso_v4_doi_remove(u32 doi,
list_for_each_entry_rcu(dom_iter, &doi_def->dom_list, list)
if (dom_iter->valid)
netlbl_domhsh_remove(dom_iter->domain,
audit_secid);
audit_info);
cipso_v4_cache_invalidate();
rcu_read_unlock();
......
......@@ -384,11 +384,15 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
u32 doi;
const char *type_str = "(unknown)";
struct audit_buffer *audit_buf;
struct netlbl_audit audit_info;
if (!info->attrs[NLBL_CIPSOV4_A_DOI] ||
!info->attrs[NLBL_CIPSOV4_A_MTYPE])
return -EINVAL;
doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
netlbl_netlink_auditinfo(skb, &audit_info);
type = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE]);
switch (type) {
case CIPSO_V4_MAP_STD:
......@@ -401,13 +405,14 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
break;
}
if (ret_val == 0) {
doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
NETLINK_CB(skb).sid);
audit_log_format(audit_buf, " doi=%u type=%s", doi, type_str);
&audit_info);
audit_log_format(audit_buf,
" cipso_doi=%u cipso_type=%s res=%u",
doi,
type_str,
ret_val == 0 ? 1 : 0);
audit_log_end(audit_buf);
}
return ret_val;
}
......@@ -668,20 +673,25 @@ static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info)
int ret_val = -EINVAL;
u32 doi = 0;
struct audit_buffer *audit_buf;
struct netlbl_audit audit_info;
if (!info->attrs[NLBL_CIPSOV4_A_DOI])
return -EINVAL;
if (info->attrs[NLBL_CIPSOV4_A_DOI]) {
doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
netlbl_netlink_auditinfo(skb, &audit_info);
ret_val = cipso_v4_doi_remove(doi,
NETLINK_CB(skb).sid,
&audit_info,
netlbl_cipsov4_doi_free);
}
if (ret_val == 0) {
audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,
NETLINK_CB(skb).sid);
audit_log_format(audit_buf, " doi=%u", doi);
&audit_info);
audit_log_format(audit_buf,
" cipso_doi=%u res=%u",
doi,
ret_val == 0 ? 1 : 0);
audit_log_end(audit_buf);
}
return ret_val;
}
......
......@@ -188,7 +188,7 @@ int netlbl_domhsh_init(u32 size)
/**
* netlbl_domhsh_add - Adds a entry to the domain hash table
* @entry: the entry to add
* @audit_secid: the LSM secid to use in the audit message
* @audit_info: NetLabel audit information
*
* Description:
* Adds a new entry to the domain hash table and handles any updates to the
......@@ -196,7 +196,8 @@ int netlbl_domhsh_init(u32 size)
* negative on failure.
*
*/
int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
int netlbl_domhsh_add(struct netlbl_dom_map *entry,
struct netlbl_audit *audit_info)
{
int ret_val;
u32 bkt;
......@@ -241,26 +242,26 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
spin_unlock(&netlbl_domhsh_def_lock);
} else
ret_val = -EINVAL;
if (ret_val == 0) {
if (entry->domain != NULL)
audit_domain = entry->domain;
else
audit_domain = "(default)";
audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD,
audit_secid);
audit_log_format(audit_buf, " domain=%s", audit_domain);
audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD, audit_info);
audit_log_format(audit_buf, " nlbl_domain=%s", audit_domain);
switch (entry->type) {
case NETLBL_NLTYPE_UNLABELED:
audit_log_format(audit_buf, " protocol=unlbl");
audit_log_format(audit_buf, " nlbl_protocol=unlbl");
break;
case NETLBL_NLTYPE_CIPSOV4:
audit_log_format(audit_buf,
" protocol=cipsov4 doi=%u",
" nlbl_protocol=cipsov4 cipso_doi=%u",
entry->type_def.cipsov4->doi);
break;
}
audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
audit_log_end(audit_buf);
}
rcu_read_unlock();
if (ret_val != 0) {
......@@ -279,7 +280,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
/**
* netlbl_domhsh_add_default - Adds the default entry to the domain hash table
* @entry: the entry to add
* @audit_secid: the LSM secid to use in the audit message
* @audit_info: NetLabel audit information
*
* Description:
* Adds a new default entry to the domain hash table and handles any updates
......@@ -287,15 +288,16 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid)
* negative on failure.
*
*/
int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, u32 audit_secid)
int netlbl_domhsh_add_default(struct netlbl_dom_map *entry,
struct netlbl_audit *audit_info)
{
return netlbl_domhsh_add(entry, audit_secid);
return netlbl_domhsh_add(entry, audit_info);
}
/**
* netlbl_domhsh_remove - Removes an entry from the domain hash table
* @domain: the domain to remove
* @audit_secid: the LSM secid to use in the audit message
* @audit_info: NetLabel audit information
*
* Description:
* Removes an entry from the domain hash table and handles any updates to the
......@@ -303,7 +305,7 @@ int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, u32 audit_secid)
* negative on failure.
*
*/
int netlbl_domhsh_remove(const char *domain, u32 audit_secid)
int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info)
{
int ret_val = -ENOENT;
struct netlbl_dom_map *entry;
......@@ -345,18 +347,20 @@ int netlbl_domhsh_remove(const char *domain, u32 audit_secid)
ret_val = -ENOENT;
spin_unlock(&netlbl_domhsh_def_lock);
}
if (ret_val == 0) {
if (entry->domain != NULL)
audit_domain = entry->domain;
else
audit_domain = "(default)";
audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL,
audit_secid);
audit_log_format(audit_buf, " domain=%s", audit_domain);
audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info);
audit_log_format(audit_buf,
" nlbl_domain=%s res=%u",
audit_domain,
ret_val == 0 ? 1 : 0);
audit_log_end(audit_buf);
if (ret_val == 0)
call_rcu(&entry->rcu, netlbl_domhsh_free_entry);
}
remove_return:
rcu_read_unlock();
......@@ -365,7 +369,7 @@ int netlbl_domhsh_remove(const char *domain, u32 audit_secid)
/**
* netlbl_domhsh_remove_default - Removes the default entry from the table
* @audit_secid: the LSM secid to use in the audit message
* @audit_info: NetLabel audit information
*
* Description:
* Removes/resets the default entry for the domain hash table and handles any
......@@ -373,9 +377,9 @@ int netlbl_domhsh_remove(const char *domain, u32 audit_secid)
* success, non-zero on failure.
*
*/
int netlbl_domhsh_remove_default(u32 audit_secid)
int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info)
{
return netlbl_domhsh_remove(NULL, audit_secid);
return netlbl_domhsh_remove(NULL, audit_info);
}
/**
......
......@@ -57,9 +57,11 @@ struct netlbl_dom_map {
int netlbl_domhsh_init(u32 size);
/* Manipulate the domain hash table */
int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid);
int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, u32 audit_secid);
int netlbl_domhsh_remove_default(u32 audit_secid);
int netlbl_domhsh_add(struct netlbl_dom_map *entry,
struct netlbl_audit *audit_info);
int netlbl_domhsh_add_default(struct netlbl_dom_map *entry,
struct netlbl_audit *audit_info);
int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info);
struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain);
int netlbl_domhsh_walk(u32 *skip_bkt,
u32 *skip_chain,
......
......@@ -87,11 +87,14 @@ static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info)
struct netlbl_dom_map *entry = NULL;
size_t tmp_size;
u32 tmp_val;
struct netlbl_audit audit_info;
if (!info->attrs[NLBL_MGMT_A_DOMAIN] ||
!info->attrs[NLBL_MGMT_A_PROTOCOL])
goto add_failure;
netlbl_netlink_auditinfo(skb, &audit_info);
entry = kzalloc(sizeof(*entry), GFP_KERNEL);
if (entry == NULL) {
ret_val = -ENOMEM;
......@@ -108,7 +111,7 @@ static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info)
switch (entry->type) {
case NETLBL_NLTYPE_UNLABELED:
ret_val = netlbl_domhsh_add(entry, NETLINK_CB(skb).sid);
ret_val = netlbl_domhsh_add(entry, &audit_info);
break;
case NETLBL_NLTYPE_CIPSOV4:
if (!info->attrs[NLBL_MGMT_A_CV4DOI])
......@@ -125,7 +128,7 @@ static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info)
rcu_read_unlock();
goto add_failure;
}
ret_val = netlbl_domhsh_add(entry, NETLINK_CB(skb).sid);
ret_val = netlbl_domhsh_add(entry, &audit_info);
rcu_read_unlock();
break;
default:
......@@ -156,12 +159,15 @@ static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info)
static int netlbl_mgmt_remove(struct sk_buff *skb, struct genl_info *info)
{
char *domain;
struct netlbl_audit audit_info;
if (!info->attrs[NLBL_MGMT_A_DOMAIN])
return -EINVAL;
netlbl_netlink_auditinfo(skb, &audit_info);
domain = nla_data(info->attrs[NLBL_MGMT_A_DOMAIN]);
return netlbl_domhsh_remove(domain, NETLINK_CB(skb).sid);
return netlbl_domhsh_remove(domain, &audit_info);
}
/**
......@@ -264,10 +270,13 @@ static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info)
int ret_val = -EINVAL;
struct netlbl_dom_map *entry = NULL;
u32 tmp_val;
struct netlbl_audit audit_info;
if (!info->attrs[NLBL_MGMT_A_PROTOCOL])
goto adddef_failure;
netlbl_netlink_auditinfo(skb, &audit_info);
entry = kzalloc(sizeof(*entry), GFP_KERNEL);
if (entry == NULL) {
ret_val = -ENOMEM;
......@@ -277,8 +286,7 @@ static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info)
switch (entry->type) {
case NETLBL_NLTYPE_UNLABELED:
ret_val = netlbl_domhsh_add_default(entry,
NETLINK_CB(skb).sid);
ret_val = netlbl_domhsh_add_default(entry, &audit_info);
break;
case NETLBL_NLTYPE_CIPSOV4:
if (!info->attrs[NLBL_MGMT_A_CV4DOI])
......@@ -295,8 +303,7 @@ static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info)
rcu_read_unlock();
goto adddef_failure;
}
ret_val = netlbl_domhsh_add_default(entry,
NETLINK_CB(skb).sid);
ret_val = netlbl_domhsh_add_default(entry, &audit_info);
rcu_read_unlock();
break;
default:
......@@ -324,7 +331,11 @@ static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info)
*/
static int netlbl_mgmt_removedef(struct sk_buff *skb, struct genl_info *info)
{
return netlbl_domhsh_remove_default(NETLINK_CB(skb).sid);
struct netlbl_audit audit_info;
netlbl_netlink_auditinfo(skb, &audit_info);
return netlbl_domhsh_remove_default(&audit_info);
}
/**
......
......@@ -70,18 +70,25 @@ static struct nla_policy netlbl_unlabel_genl_policy[NLBL_UNLABEL_A_MAX + 1] = {
/**
* netlbl_unlabel_acceptflg_set - Set the unlabeled accept flag
* @value: desired value
* @audit_secid: the LSM secid to use in the audit message
* @audit_info: NetLabel audit information
*
* Description:
* Set the value of the unlabeled accept flag to @value.
*
*/
static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid)
static void netlbl_unlabel_acceptflg_set(u8 value,
struct netlbl_audit *audit_info)
{
struct audit_buffer *audit_buf;
u8 old_val;
old_val = atomic_read(&netlabel_unlabel_accept_flg);
atomic_set(&netlabel_unlabel_accept_flg, value);
netlbl_audit_nomsg((value ?
AUDIT_MAC_UNLBL_ACCEPT : AUDIT_MAC_UNLBL_DENY),
audit_secid);
audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_ALLOW,
audit_info);
audit_log_format(audit_buf, " unlbl_accept=%u old=%u", value, old_val);
audit_log_end(audit_buf);
}
/*
......@@ -101,12 +108,13 @@ static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid)
static int netlbl_unlabel_accept(struct sk_buff *skb, struct genl_info *info)
{
u8 value;
struct netlbl_audit audit_info;
if (info->attrs[NLBL_UNLABEL_A_ACPTFLG]) {
value = nla_get_u8(info->attrs[NLBL_UNLABEL_A_ACPTFLG]);
if (value == 1 || value == 0) {
netlbl_unlabel_acceptflg_set(value,
NETLINK_CB(skb).sid);
netlbl_netlink_auditinfo(skb, &audit_info);
netlbl_unlabel_acceptflg_set(value, &audit_info);
return 0;
}
}
......@@ -250,19 +258,23 @@ int netlbl_unlabel_defconf(void)
{
int ret_val;
struct netlbl_dom_map *entry;
u32 secid;
struct netlbl_audit audit_info;
security_task_getsecid(current, &secid);
/* Only the kernel is allowed to call this function and the only time
* it is called is at bootup before the audit subsystem is reporting
* messages so don't worry to much about these values. */
security_task_getsecid(current, &audit_info.secid);
audit_info.loginuid = 0;
entry = kzalloc(sizeof(*entry), GFP_KERNEL);
if (entry == NULL)
return -ENOMEM;
entry->type = NETLBL_NLTYPE_UNLABELED;
ret_val = netlbl_domhsh_add_default(entry, secid);
ret_val = netlbl_domhsh_add_default(entry, &audit_info);
if (ret_val != 0)
return ret_val;
netlbl_unlabel_acceptflg_set(1, secid);
netlbl_unlabel_acceptflg_set(1, &audit_info);
return 0;
}
......@@ -85,7 +85,7 @@ int netlbl_netlink_init(void)
/**
* netlbl_audit_start_common - Start an audit message
* @type: audit message type
* @secid: LSM context ID
* @audit_info: NetLabel audit information
*
* Description:
* Start an audit message using the type specified in @type and fill the audit
......@@ -93,14 +93,11 @@ int netlbl_netlink_init(void)
* a pointer to the audit buffer on success, NULL on failure.
*
*/
struct audit_buffer *netlbl_audit_start_common(int type, u32 secid)
struct audit_buffer *netlbl_audit_start_common(int type,
struct netlbl_audit *audit_info)
{
struct audit_context *audit_ctx = current->audit_context;
struct audit_buffer *audit_buf;
uid_t audit_loginuid;
const char *audit_tty;
char audit_comm[sizeof(current->comm)];
struct vm_area_struct *vma;
char *secctx;
u32 secctx_len;
......@@ -108,60 +105,13 @@ struct audit_buffer *netlbl_audit_start_common(int type, u32 secid)
if (audit_buf == NULL)
return NULL;
audit_loginuid = audit_get_loginuid(audit_ctx);
if (current->signal &&
current->signal->tty &&
current->signal->tty->name)
audit_tty = current->signal->tty->name;
else
audit_tty = "(none)";
get_task_comm(audit_comm, current);
audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid);
audit_log_format(audit_buf,
"netlabel: auid=%u uid=%u tty=%s pid=%d",
audit_loginuid,
current->uid,
audit_tty,
current->pid);
audit_log_format(audit_buf, " comm=");
audit_log_untrustedstring(audit_buf, audit_comm);
if (current->mm) {
down_read(&current->mm->mmap_sem);
vma = current->mm->mmap;
while (vma) {
if ((vma->vm_flags & VM_EXECUTABLE) &&
vma->vm_file) {
audit_log_d_path(audit_buf,
" exe=",
vma->vm_file->f_dentry,
vma->vm_file->f_vfsmnt);
break;
}
vma = vma->vm_next;
}
up_read(&current->mm->mmap_sem);
}
if (secid != 0 &&
security_secid_to_secctx(secid, &secctx, &secctx_len) == 0)
if (audit_info->secid != 0 &&
security_secid_to_secctx(audit_info->secid,
&secctx,
&secctx_len) == 0)
audit_log_format(audit_buf, " subj=%s", secctx);
return audit_buf;
}
/**
* netlbl_audit_nomsg - Send an audit message without additional text
* @type: audit message type
* @secid: LSM context ID
*
* Description:
* Send an audit message with only the common NetLabel audit fields.
*
*/
void netlbl_audit_nomsg(int type, u32 secid)
{
struct audit_buffer *audit_buf;
audit_buf = netlbl_audit_start_common(type, secid);
audit_log_end(audit_buf);
}
......@@ -72,13 +72,25 @@ static inline void *netlbl_netlink_hdr_put(struct sk_buff *skb,
NETLBL_PROTO_VERSION);
}
/**
* netlbl_netlink_auditinfo - Fetch the audit information from a NETLINK msg
* @skb: the packet
* @audit_info: NetLabel audit information
*/
static inline void netlbl_netlink_auditinfo(struct sk_buff *skb,
struct netlbl_audit *audit_info)
{
audit_info->secid = NETLINK_CB(skb).sid;
audit_info->loginuid = NETLINK_CB(skb).loginuid;
}
/* NetLabel NETLINK I/O functions */
int netlbl_netlink_init(void);
/* NetLabel Audit Functions */
struct audit_buffer *netlbl_audit_start_common(int type, u32 secid);
void netlbl_audit_nomsg(int type, u32 secid);
struct audit_buffer *netlbl_audit_start_common(int type,
struct netlbl_audit *audit_info);
#endif
......@@ -218,12 +218,6 @@ int sctp_rcv(struct sk_buff *skb)
}
}
/* SCTP seems to always need a timestamp right now (FIXME) */
if (skb->tstamp.off_sec == 0) {
__net_timestamp(skb);
sock_enable_timestamp(sk);
}
if (!xfrm_policy_check(sk, XFRM_POLICY_IN, skb, family))
goto discard_release;
nf_reset(skb);
......@@ -388,7 +382,7 @@ void sctp_icmp_frag_needed(struct sock *sk, struct sctp_association *asoc,
* pmtu discovery on this transport.
*/
t->pathmtu = SCTP_DEFAULT_MINSEGMENT;
t->param_flags = (t->param_flags & ~SPP_HB) |
t->param_flags = (t->param_flags & ~SPP_PMTUD) |
SPP_PMTUD_DISABLE;
} else {
t->pathmtu = pmtu;
......
......@@ -633,7 +633,7 @@ static sctp_xmit_t sctp_packet_append_data(struct sctp_packet *packet,
* data will fit or delay in hopes of bundling a full
* sized packet.
*/
if (len < asoc->pathmtu - packet->overhead) {
if (len < asoc->frag_point) {
retval = SCTP_XMIT_NAGLE_DELAY;
goto finish;
}
......@@ -645,7 +645,13 @@ static sctp_xmit_t sctp_packet_append_data(struct sctp_packet *packet,
/* Keep track of how many bytes are in flight to the receiver. */
asoc->outqueue.outstanding_bytes += datasize;
/* Update our view of the receiver's rwnd. */
/* Update our view of the receiver's rwnd. Include sk_buff overhead
* while updating peer.rwnd so that it reduces the chances of a
* receiver running out of receive buffer space even when receive
* window is still open. This can happen when a sender is sending
* sending small messages.
*/
datasize += sizeof(struct sk_buff);
if (datasize < rwnd)
rwnd -= datasize;
else
......
......@@ -416,7 +416,8 @@ void sctp_retransmit_mark(struct sctp_outq *q,
* (Section 7.2.4)), add the data size of those
* chunks to the rwnd.
*/
q->asoc->peer.rwnd += sctp_data_size(chunk);
q->asoc->peer.rwnd += (sctp_data_size(chunk) +
sizeof(struct sk_buff));
q->outstanding_bytes -= sctp_data_size(chunk);
transport->flight_size -= sctp_data_size(chunk);
......
......@@ -1447,8 +1447,16 @@ struct sctp_association *sctp_unpack_cookie(
/* Check to see if the cookie is stale. If there is already
* an association, there is no need to check cookie's expiration
* for init collision case of lost COOKIE ACK.
* If skb has been timestamped, then use the stamp, otherwise
* use current time. This introduces a small possibility that
* that a cookie may be considered expired, but his would only slow
* down the new association establishment instead of every packet.
*/
if (sock_flag(ep->base.sk, SOCK_TIMESTAMP))
skb_get_timestamp(skb, &tv);
else
do_gettimeofday(&tv);
if (!asoc && tv_lt(bear_cookie->expiration, tv)) {
__u16 len;
/*
......
......@@ -3084,8 +3084,8 @@ SCTP_STATIC int sctp_init_sock(struct sock *sk)
*/
sp->disable_fragments = 0;
/* Turn on/off any Nagle-like algorithm. */
sp->nodelay = 1;
/* Enable Nagle algorithm by default. */
sp->nodelay = 0;
/* Enable by default. */
sp->v4mapped = 1;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment