- 28 Aug, 2013 2 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller authored
Pablo Neira Ayuso says: ==================== The following patchset contains Netfilter updates for your net-next tree, they are: * The new SYNPROXY target for iptables, including IPv4 and IPv6 support, from Patrick McHardy. * nf_defrag_ipv6.o should be only linked to nf_defrag_ipv6.ko, from Nathan Hintz. * Fix an old bug in REJECT, which replies with wrong MAC source address from the bridge, by Phil Oester. * Fix uninitialized helper variable in the expectation support over nfnetlink_queue, from Florian Westphal. ==================== Signed-off-by:David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/bwh/sfc-nextDavid S. Miller authored
Ben Hutchings says: ==================== More refactoring and cleanup, particularly around filter management. ==================== Signed-off-by:
-
- 27 Aug, 2013 25 commits
-
-
Florian Westphal authored
net/netfilter/nf_conntrack_netlink.c: In function 'ctnetlink_nfqueue_attach_expect': 'helper' may be used uninitialized in this function It was only initialized in if CTA_EXPECT_HELP_NAME attribute was present, it must be NULL otherwise. Problem added recently in bd077937 (netfilter: nfnetlink_queue: allow to attach expectations to conntracks). Signed-off-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org>
-
Patrick McHardy authored
Add an IPv6 version of the SYNPROXY target. The main differences to the IPv4 version is routing and IP header construction. Signed-off-by:
Patrick McHardy <kaber@trash.net> Tested-by:
Martin Topholm <mph@one.com> Signed-off-by:
Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by:
-
Patrick McHardy authored
Extract the local TCP stack independant parts of tcp_v6_init_sequence() and cookie_v6_check() and export them for use by the upcoming IPv6 SYNPROXY target. Signed-off-by:
-
Patrick McHardy authored
Add a SYNPROXY for netfilter. The code is split into two parts, the synproxy core with common functions and an address family specific target. The SYNPROXY receives the connection request from the client, responds with a SYN/ACK containing a SYN cookie and announcing a zero window and checks whether the final ACK from the client contains a valid cookie. It then establishes a connection to the original destination and, if successful, sends a window update to the client with the window size announced by the server. Support for timestamps, SACK, window scaling and MSS options can be statically configured as target parameters if the features of the server are known. If timestamps are used, the timestamp value sent back to the client in the SYN/ACK will be different from the real timestamp of the server. In order to now break PAWS, the timestamps are translated in the direction server->client. Signed-off-by:
-
Patrick McHardy authored
Extract the local TCP stack independant parts of tcp_v4_init_sequence() and cookie_v4_check() and export them for use by the upcoming SYNPROXY target. Signed-off-by:
-
Patrick McHardy authored
Split out sequence number adjustments from NAT and move them to the conntrack core to make them usable for SYN proxying. The sequence number adjustment information is moved to a seperate extend. The extend is added to new conntracks when a NAT mapping is set up for a connection using a helper. As a side effect, this saves 24 bytes per connection with NAT in the common case that a connection does not have a helper assigned. Signed-off-by:
-
Nathan Hintz authored
'nf_defrag_ipv6' is built as a separate module; it shouldn't be included in the 'nf_conntrack_ipv6' module as well. Signed-off-by:
Nathan Hintz <nlhintz@hotmail.com> Signed-off-by:
-
Phil Oester authored
As reported by Casper Gripenberg, in a bridged setup, using ip[6]t_REJECT with the tcp-reset option sends out reset packets with the src MAC address of the local bridge interface, instead of the MAC address of the intended destination. This causes some routers/firewalls to drop the reset packet as it appears to be spoofed. Fix this by bypassing ip[6]_local_out and setting the MAC of the sender in the tcp reset packet. This closes netfilter bugzilla #531. Signed-off-by:
Phil Oester <kernel@linuxace.com> Signed-off-by:
-
Steven La authored
Steven (cc-ed) noticed an imbalance in semaphore put/get for 82573-based NICs. Don't we need something like the following (untested) patch? Signed-off-by:
Steven La <sla@riverbed.com> Acked-by:
Arthur Kepner <akepner@riverbed.com> Tested-by:
Aaron Brown <aaron.f.brown@intel.com> Signed-off-by:
Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by:
-
Jeff Kirsher authored
Updates the documentation to the Intel wired LAN drivers. Signed-off-by:
Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by:
-
Rasesh Mody authored
This patch updates the firmware to address the thermal notification issue Signed-off-by:
Rasesh Mody <rmody@brocade.com> Signed-off-by:
-
Andy King authored
This patch adds support for virtual IOMMU to the vmxnet3 module. We switch to DMA consistent mappings for anything we pass to the device. There were a few places where we already did this, but using pci_blah(); these have been fixed to use dma_blah(), along with all new occurrences where we've replaced kmalloc() and friends. Also fix two small bugs: 1) use after free of rq->buf_info in vmxnet3_rq_destroy() 2) a cpu_to_le32() that should have been a cpu_to_le64() Acked-by:
George Zhang <georgezhang@vmware.com> Acked-by:
Aditya Sarwade <asarwade@vmware.com> Signed-off-by:
Andy King <acking@vmware.com> Signed-off-by:
-
Sathya Perla authored
Support is provided only for combined channels. When SR-IOV is not enabled, BE3 supports upto 16 channels and Lancer-R/SH-R support upto 32 channels. Signed-off-by:
Sathya Perla <sathya.perla@emulex.com> Signed-off-by:
-
Sathya Perla authored
1) Move be_cmd_if_create() above queue create routines to allow TXQ creation (that requires if_handle) to be clubbed with TX-CQ creation. 2) Consolidate all queue create routines into be_setup_queues() Signed-off-by:
-
Sathya Perla authored
Currently the IF_CREATE FW cmd is issued only *after* MCCQ is created as it was coded to only use MCCQ. By fixing this, cmd_if_create() can be called before MCCQ is created and the same routine for VF provisioning can be called after. This allows for consolidating all the queue create routines by moving the be_cmd_if_create() call above all queue create calls in be_setup(). Signed-off-by:
-
Sathya Perla authored
1) use be_resources{} struct to query/store HW resource limits 2) The HW queue/resource limits for BE2/BE3 chips are mostly called out in driver as constants. Code to handle this is scattered across various places in be_setup(). Consolidate this code into BEx_get_resources(). For Lancer-R, Skyhawk-R, these limits are queried from FW. Signed-off-by: -
Vasundhara Volam authored
1) Parse PCIe descriptor for max-VFs supported by HW 2) Cleanup NIC descriptor parsing in get_func/profile_config() routines 3) Use common struct definitions for v0 and v1 versions of GET_FUNC_CONFIG Signed-off-by:
Vasundhara Volam <vasundhara.volam@emulex.com> Signed-off-by:
-
Sathya Perla authored
EQ_CREATEv2 explicitly returns the msix-index associated with a EQ. For SH-R this is needed if EQs need to be deleted and re-created without resetting a function. Signed-off-by:
-
Daniel Borkmann authored
Currently, the tcp_probe snooper can either filter packets by a given port (handed to the module via module parameter e.g. port=80) or lets all TCP traffic pass (port=0, default). When a port is specified, the port number is tested against the sk's source/destination port. Thus, if one of them matches, the information will be further processed for the log. As this is quite limited, allow for more advanced filtering possibilities which can facilitate debugging/analysis with the help of the tcp_probe snooper. Therefore, similarly as added to BPF machine in commit 7e75f93e ("pkt_sched: ingress socket filter by mark"), add the possibility to use skb->mark as a filter. If the mark is not being used otherwise, this allows ingress filtering by flow (e.g. in order to track updates from only a single flow, or a subset of all flows for a given port) and other things such as dynamic logging and reconfiguration without removing/re-inserting the tcp_probe module, etc. Simple example: insmod net/ipv4/tcp_probe.ko fwmark=8888 full=1 ... iptables -A INPUT -i eth4 -t mangle -p tcp --dport 22 \ --sport 60952 -j MARK --set-mark 8888 [... sampling interval ...] iptables -D INPUT -i eth4 -t mangle -p tcp --dport 22 \ --sport 60952 -j MARK --set-mark 8888 The current option to filter by a given port is still being preserved. A similar approach could be done for the sctp_probe module as a follow-up. Signed-off-by:
Daniel Borkmann <dborkman@redhat.com> Signed-off-by:
-
Sucheta Chakraborty authored
Signed-off-by:
Sucheta Chakraborty <sucheta.chakraborty@qlogic.com> Signed-off-by:
-
Sucheta Chakraborty authored
o Adapter and driver supports only CEE dcbnl ops. Only GET callbacks within dcbnl ops are supported currently. Signed-off-by:
-
Sucheta Chakraborty authored
o Adapter sends Asynchronous Event Notifications to the driver when there are changes in the switch or adapter DCBX configuration. AEN handler updates the driver DCBX parameters. Signed-off-by:
-
Sucheta Chakraborty authored
o Populate driver data structures with local, operational, and peer DCB parameters. Signed-off-by:
-
Sucheta Chakraborty authored
o Query adapter DCB capabilities and populate local data structures with relevant information. o Add QLCNIC_DCB to Kconfig for enabling/disabling DCB. Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/bwh/sfc-nextDavid S. Miller authored
Ben Hutchings says: ==================== 1. Refactoring and cleanup in preparation for new hardware support. 2. Some bug fixes for firmware completion handling. (They're not known to cause real problems, otherwise I'd be submitting these for net and stable.) 3. Update to the firmware protocol (MCDI) definitions. ==================== Signed-off-by:
-
- 26 Aug, 2013 4 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller authored
Conflicts: drivers/net/wireless/iwlwifi/pcie/trans.c include/linux/inetdevice.h The inetdevice.h conflict involves moving the IPV4_DEVCONF values into a UAPI header, overlapping additions of some new entries. The iwlwifi conflict is a context overlap. Signed-off-by: -
David S. Miller authored
Boris BREZILLON says: ==================== net/cadence/macb: add support for dt phy definition This patch series adds support for ethernet phy definition using device tree. This may help in moving some at91 boards to dt (some of them define an interrupt pin). Tested on samad31ek. ==================== Signed-off-by: -
Boris BREZILLON authored
This patch describe the phy used on atmel sama5d3 mother board: - phy address - phy interrupt pin Signed-off-by:
Boris BREZILLON <b.brezillon@overkiz.com> Signed-off-by:
-
Boris BREZILLON authored
The macb driver only handle PHY description through platform_data (macb_platform_data). Thus, when using dt you cannot define phy properties like phy address or phy irq pin. This patch makes use of the of_mdiobus_register to add support for phy device definition using dt. A fallback to the autoscan procedure is added in case there is no phy devices defined in dt. Signed-off-by:
-
- 25 Aug, 2013 3 commits
-
-
Dan Carpenter authored
Eric Dumazet says that my previous fix for an ERR_PTR dereference (ea857f28 'ipip: dereferencing an ERR_PTR in ip_tunnel_init_net()') could be racy and suggests the following fix instead. Reported-by:
Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
Wei Yongjun authored
Fix to return a negative error code in the add bond vlan ids error handling case instead of 0, as done elsewhere in this function. Introduced by commit 1ff412ad. (bonding: change the bond's vlan syncing functions with the standard ones) Signed-off-by:
Wei Yongjun <yongjun_wei@trendmicro.com.cn> Acked-by:
Nikolay Aleksandrov <nikolay@redhat.com> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/bwh/sfc-nextDavid S. Miller authored
Merge SFC driver changes from Ben Hutchings. Signed-off-by:
-
- 23 Aug, 2013 6 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Merge networking fixes from David Miller: 1) Revert Johannes Berg's genetlink locking fix, because it causes regressions. Johannes and Pravin Shelar are working on fixing things properly. 2) Do not drop ipv6 ICMP messages without a redirected header option, they are legal. From Duan Jiong. 3) Missing error return propagation in probing of via-ircc driver. From Alexey Khoroshilov. 4) Do not clear out broadcast/multicast/unicast/WOL bits in r8169 when initializing, from Peter Wu. 5) realtek phy driver programs wrong interrupt status bit, from Giuseppe CAVALLARO. 6) Fix statistics regression in AF_PACKET code, from Willem de Bruijn. 7) Bridge code uses wrong bitmap length, from Toshiaki Makita. 8) SFC driver uses wrong indexes to look up MAC filters, from Ben Hutchings. 9) Don't pass stack buffers into usb control operations in hso driver, from Daniel Gimpelevich. 10) Multiple ipv6 fragmentation headers in one packet is illegal and such packets should be dropped, from Hannes Frederic Sowa. 11) When TCP sockets are "repaired" as part of checkpoint/restart, the timestamp field of SKBs need to be refreshed otherwise RTOs can be wildly off. From Andrey Vagin. 12) Fix memcpy args (uses 'address of pointer' instead of 'pointer') in hostp driver. From Dan Carpenter. 13) nl80211hdr_put() doesn't return an ERR_PTR, but some code believes it does. From Dan Carpenter. 14) Fix regression in wireless SME disconnects, from Johannes Berg. 15) Don't use a stack buffer for DMA in zd1201 USB wireless driver, from Jussi Kivilinna. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (33 commits) ipv4: expose IPV4_DEVCONF ipv6: handle Redirect ICMP Message with no Redirected Header option be2net: fix disabling TX in be_close() Revert "genetlink: fix family dump race" hso: Fix stack corruption on some architectures hso: Earlier catch of error condition sfc: Fix lookup of default RX MAC filters when steered using ethtool bridge: Use the correct bit length for bitmap functions in the VLAN code packet: restore packet statistics tp_packets to include drops net: phy: rtl8211: fix interrupt on status link change r8169: remember WOL preferences on driver load via-ircc: don't return zero if via_ircc_open() failed macvtap: Ignore tap features when VNET_HDR is off macvtap: Correctly set tap features when IFF_VNET_HDR is disabled. macvtap: simplify usage of tap_features tcp: set timestamps for restored skb-s bnx2x: set VF DMAE when first function has 0 supported VFs bnx2x: Protect against VFs' ndos when SR-IOV is disabled bnx2x: prevent VF benign attentions bnx2x: Consider DCBX remote error ... -
Linus Torvalds authored
Merge fixes from Andrew Morton: "A few fixes. One is a licensing change and I don't do licensing, so please eyeball that one" Licensing eye-balled. * emailed patches from Andrew Morton <akpm@linux-foundation.org>: lib/lz4: correct the LZ4 license memcg: get rid of swapaccount leftovers nilfs2: fix issue with counting number of bio requests for BIO_EOPNOTSUPP error detection nilfs2: remove double bio_put() in nilfs_end_bio_write() for BIO_EOPNOTSUPP error drivers/platform/olpc/olpc-ec.c: initialise earlier
-
Richard Laager authored
The LZ4 code is listed as using the "BSD 2-Clause License". Signed-off-by:
Richard Laager <rlaager@wiktel.com> Acked-by:
Kyungsik Lee <kyungsik.lee@lge.com> Cc: Chanho Min <chanho.min@lge.com> Cc: Richard Yao <ryao@gentoo.org> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> [ The 2-clause BSD can be just converted into GPL, but that's rude and pointless, so don't do it - Linus ] Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Michal Hocko authored
The swapaccount kernel parameter without any values has been removed by commit a2c8990a ("memsw: remove noswapaccount kernel parameter") but it seems that we didn't get rid of all the left overs. Make sure that menuconfig help text and kernel-parameters.txt are clear about value for the paramter and remove the stalled comment which is not very much useful on its own. Signed-off-by:
Michal Hocko <mhocko@suse.cz> Reported-by:
Gergely Risko <gergely@risko.hu> Signed-off-by:
-
Vyacheslav Dubeyko authored
Fix the issue with improper counting number of flying bio requests for BIO_EOPNOTSUPP error detection case. The sb_nbio must be incremented exactly the same number of times as complete() function was called (or will be called) because nilfs_segbuf_wait() will call wail_for_completion() for the number of times set to sb_nbio: do { wait_for_completion(&segbuf->sb_bio_event); } while (--segbuf->sb_nbio > 0); Two functions complete() and wait_for_completion() must be called the same number of times for the same sb_bio_event. Otherwise, wait_for_completion() will hang or leak. Signed-off-by:Vyacheslav Dubeyko <slava@dubeyko.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Acked-by:
Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> Tested-by:
-
Vyacheslav Dubeyko authored
Remove double call of bio_put() in nilfs_end_bio_write() for the case of BIO_EOPNOTSUPP error detection. The issue was found by Dan Carpenter and he suggests first version of the fix too. Signed-off-by:
-
