diff options
author | Jeff Garzik <jgarzik@pobox.com> | 2005-11-05 15:44:02 -0500 |
---|---|---|
committer | Jeff Garzik <jgarzik@pobox.com> | 2005-11-05 15:44:02 -0500 |
commit | 8cedcfd43a0b00741fff43d6a4c1a8b7748db3b0 (patch) | |
tree | 41758e4da78f94a20813554ef9f5ed9b323a4f8c /net | |
parent | cd8200e6d4f9f05e6ea48f7c000be890337396ac (diff) | |
parent | 70d9d825e0a5a78ec1dacaaaf5c72ff5b0206fab (diff) | |
download | kernel-crypto-8cedcfd43a0b00741fff43d6a4c1a8b7748db3b0.tar.gz kernel-crypto-8cedcfd43a0b00741fff43d6a4c1a8b7748db3b0.tar.xz kernel-crypto-8cedcfd43a0b00741fff43d6a4c1a8b7748db3b0.zip |
Merge branch 'master'
Diffstat (limited to 'net')
-rw-r--r-- | net/bridge/br_fdb.c | 12 | ||||
-rw-r--r-- | net/bridge/br_input.c | 2 | ||||
-rw-r--r-- | net/bridge/br_stp_if.c | 9 | ||||
-rw-r--r-- | net/core/datagram.c | 4 | ||||
-rw-r--r-- | net/dccp/dccp.h | 1 | ||||
-rw-r--r-- | net/dccp/output.c | 34 | ||||
-rw-r--r-- | net/ipv4/igmp.c | 5 | ||||
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 201 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_addrtype.c | 2 | ||||
-rw-r--r-- | net/ipv4/tcp_bic.c | 2 | ||||
-rw-r--r-- | net/ipv6/addrconf.c | 2 | ||||
-rw-r--r-- | net/ipv6/mcast.c | 23 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 298 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_MARK.c | 8 | ||||
-rw-r--r-- | net/ipv6/route.c | 2 | ||||
-rw-r--r-- | net/rose/rose_timer.c | 1 | ||||
-rw-r--r-- | net/sched/Kconfig | 394 | ||||
-rw-r--r-- | net/sunrpc/auth.c | 15 | ||||
-rw-r--r-- | net/sunrpc/sunrpc_syms.c | 2 | ||||
-rw-r--r-- | net/sunrpc/sysctl.c | 7 | ||||
-rw-r--r-- | net/sunrpc/xprtsock.c | 9 |
21 files changed, 601 insertions, 432 deletions
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index 24396b914d1..1f08a59b51e 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -86,8 +86,8 @@ void br_fdb_changeaddr(struct net_bridge_port *p, const unsigned char *newaddr) struct net_bridge_port *op; list_for_each_entry(op, &br->port_list, list) { if (op != p && - !memcmp(op->dev->dev_addr, - f->addr.addr, ETH_ALEN)) { + !compare_ether_addr(op->dev->dev_addr, + f->addr.addr)) { f->dst = op; goto insert; } @@ -151,8 +151,8 @@ void br_fdb_delete_by_port(struct net_bridge *br, struct net_bridge_port *p) struct net_bridge_port *op; list_for_each_entry(op, &br->port_list, list) { if (op != p && - !memcmp(op->dev->dev_addr, - f->addr.addr, ETH_ALEN)) { + !compare_ether_addr(op->dev->dev_addr, + f->addr.addr)) { f->dst = op; goto skip_delete; } @@ -174,7 +174,7 @@ struct net_bridge_fdb_entry *__br_fdb_get(struct net_bridge *br, struct net_bridge_fdb_entry *fdb; hlist_for_each_entry_rcu(fdb, h, &br->hash[br_mac_hash(addr)], hlist) { - if (!memcmp(fdb->addr.addr, addr, ETH_ALEN)) { + if (!compare_ether_addr(fdb->addr.addr, addr)) { if (unlikely(has_expired(br, fdb))) break; return fdb; @@ -264,7 +264,7 @@ static inline struct net_bridge_fdb_entry *fdb_find(struct hlist_head *head, struct net_bridge_fdb_entry *fdb; hlist_for_each_entry_rcu(fdb, h, head, hlist) { - if (!memcmp(fdb->addr.addr, addr, ETH_ALEN)) + if (!compare_ether_addr(fdb->addr.addr, addr)) return fdb; } return NULL; diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index 9a45e6279c5..b88220a64cd 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -128,7 +128,7 @@ int br_handle_frame(struct net_bridge_port *p, struct sk_buff **pskb) dest = eth_hdr(skb)->h_dest; } - if (!memcmp(p->br->dev->dev_addr, dest, ETH_ALEN)) + if (!compare_ether_addr(p->br->dev->dev_addr, dest)) skb->pkt_type = PACKET_HOST; NF_HOOK(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c index 0da11ff05fa..ac09b6a2352 100644 --- a/net/bridge/br_stp_if.c +++ b/net/bridge/br_stp_if.c @@ -15,6 +15,7 @@ #include <linux/kernel.h> #include <linux/smp_lock.h> +#include <linux/etherdevice.h> #include "br_private.h" #include "br_private_stp.h" @@ -133,10 +134,10 @@ static void br_stp_change_bridge_id(struct net_bridge *br, memcpy(br->dev->dev_addr, addr, ETH_ALEN); list_for_each_entry(p, &br->port_list, list) { - if (!memcmp(p->designated_bridge.addr, oldaddr, ETH_ALEN)) + if (!compare_ether_addr(p->designated_bridge.addr, oldaddr)) memcpy(p->designated_bridge.addr, addr, ETH_ALEN); - if (!memcmp(p->designated_root.addr, oldaddr, ETH_ALEN)) + if (!compare_ether_addr(p->designated_root.addr, oldaddr)) memcpy(p->designated_root.addr, addr, ETH_ALEN); } @@ -157,12 +158,12 @@ void br_stp_recalculate_bridge_id(struct net_bridge *br) list_for_each_entry(p, &br->port_list, list) { if (addr == br_mac_zero || - memcmp(p->dev->dev_addr, addr, ETH_ALEN) < 0) + compare_ether_addr(p->dev->dev_addr, addr) < 0) addr = p->dev->dev_addr; } - if (memcmp(br->bridge_id.addr, addr, ETH_ALEN)) + if (compare_ether_addr(br->bridge_id.addr, addr)) br_stp_change_bridge_id(br, addr); } diff --git a/net/core/datagram.c b/net/core/datagram.c index 81987df536e..d219435d086 100644 --- a/net/core/datagram.c +++ b/net/core/datagram.c @@ -213,6 +213,10 @@ int skb_copy_datagram_iovec(const struct sk_buff *skb, int offset, { int i, err, fraglen, end = 0; struct sk_buff *next = skb_shinfo(skb)->frag_list; + + if (!len) + return 0; + next_skb: fraglen = skb_headlen(skb); i = -1; diff --git a/net/dccp/dccp.h b/net/dccp/dccp.h index 5871c027f9d..f97b85d55ad 100644 --- a/net/dccp/dccp.h +++ b/net/dccp/dccp.h @@ -118,7 +118,6 @@ DECLARE_SNMP_STAT(struct dccp_mib, dccp_statistics); #define DCCP_ADD_STATS_USER(field, val) \ SNMP_ADD_STATS_USER(dccp_statistics, field, val) -extern int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb); extern int dccp_retransmit_skb(struct sock *sk, struct sk_buff *skb); extern int dccp_send_response(struct sock *sk); diff --git a/net/dccp/output.c b/net/dccp/output.c index d59f86f7cea..74ff8702587 100644 --- a/net/dccp/output.c +++ b/net/dccp/output.c @@ -12,6 +12,7 @@ #include <linux/config.h> #include <linux/dccp.h> +#include <linux/kernel.h> #include <linux/skbuff.h> #include <net/sock.h> @@ -25,13 +26,20 @@ static inline void dccp_event_ack_sent(struct sock *sk) inet_csk_clear_xmit_timer(sk, ICSK_TIME_DACK); } +static inline void dccp_skb_entail(struct sock *sk, struct sk_buff *skb) +{ + skb_set_owner_w(skb, sk); + WARN_ON(sk->sk_send_head); + sk->sk_send_head = skb; +} + /* * All SKB's seen here are completely headerless. It is our * job to build the DCCP header, and pass the packet down to * IP so it can do the same plus pass the packet off to the * device. */ -int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb) +static int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb) { if (likely(skb != NULL)) { const struct inet_sock *inet = inet_sk(sk); @@ -50,10 +58,21 @@ int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb) switch (dcb->dccpd_type) { case DCCP_PKT_DATA: set_ack = 0; + /* fall through */ + case DCCP_PKT_DATAACK: break; + case DCCP_PKT_SYNC: case DCCP_PKT_SYNCACK: ackno = dcb->dccpd_seq; + /* fall through */ + default: + /* + * Only data packets should come through with skb->sk + * set. + */ + WARN_ON(skb->sk); + skb_set_owner_w(skb, sk); break; } @@ -63,9 +82,6 @@ int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb) skb->h.raw = skb_push(skb, dccp_header_size); dh = dccp_hdr(skb); - if (!skb->sk) - skb_set_owner_w(skb, sk); - /* Build DCCP header and checksum it. */ memset(dh, 0, dccp_header_size); dh->dccph_type = dcb->dccpd_type; @@ -393,10 +409,8 @@ int dccp_connect(struct sock *sk) DCCP_SKB_CB(skb)->dccpd_type = DCCP_PKT_REQUEST; skb->csum = 0; - skb_set_owner_w(skb, sk); - BUG_TRAP(sk->sk_send_head == NULL); - sk->sk_send_head = skb; + dccp_skb_entail(sk, skb); dccp_transmit_skb(sk, skb_clone(skb, GFP_KERNEL)); DCCP_INC_STATS(DCCP_MIB_ACTIVEOPENS); @@ -425,7 +439,6 @@ void dccp_send_ack(struct sock *sk) skb_reserve(skb, MAX_DCCP_HEADER); skb->csum = 0; DCCP_SKB_CB(skb)->dccpd_type = DCCP_PKT_ACK; - skb_set_owner_w(skb, sk); dccp_transmit_skb(sk, skb); } } @@ -482,7 +495,6 @@ void dccp_send_sync(struct sock *sk, const u64 seq, DCCP_SKB_CB(skb)->dccpd_type = pkt_type; DCCP_SKB_CB(skb)->dccpd_seq = seq; - skb_set_owner_w(skb, sk); dccp_transmit_skb(sk, skb); } @@ -507,10 +519,8 @@ void dccp_send_close(struct sock *sk, const int active) DCCP_SKB_CB(skb)->dccpd_type = dp->dccps_role == DCCP_ROLE_CLIENT ? DCCP_PKT_CLOSE : DCCP_PKT_CLOSEREQ; - skb_set_owner_w(skb, sk); if (active) { - BUG_TRAP(sk->sk_send_head == NULL); - sk->sk_send_head = skb; + dccp_skb_entail(sk, skb); dccp_transmit_skb(sk, skb_clone(skb, prio)); } else dccp_transmit_skb(sk, skb); diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c index 8b6d3939e1e..c6247fc8406 100644 --- a/net/ipv4/igmp.c +++ b/net/ipv4/igmp.c @@ -1908,8 +1908,11 @@ int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex) sock_kfree_s(sk, newpsl, IP_SFLSIZE(newpsl->sl_max)); goto done; } - } else + } else { newpsl = NULL; + (void) ip_mc_add_src(in_dev, &msf->imsf_multiaddr, + msf->imsf_fmode, 0, NULL, 0); + } psl = pmc->sflist; if (psl) { (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index a7969286e6e..3c2e9639bba 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -347,58 +347,106 @@ unsigned int arpt_do_table(struct sk_buff **pskb, return verdict; } -static inline void *find_inlist_lock_noload(struct list_head *head, - const char *name, - int *error, - struct semaphore *mutex) +/* + * These are weird, but module loading must not be done with mutex + * held (since they will register), and we have to have a single + * function to use try_then_request_module(). + */ + +/* Find table by name, grabs mutex & ref. Returns ERR_PTR() on error. */ +static inline struct arpt_table *find_table_lock(const char *name) { - void *ret; + struct arpt_table *t; - *error = down_interruptible(mutex); - if (*error != 0) - return NULL; + if (down_interruptible(&arpt_mutex) != 0) + return ERR_PTR(-EINTR); - ret = list_named_find(head, name); - if (!ret) { - *error = -ENOENT; - up(mutex); - } - return ret; + list_for_each_entry(t, &arpt_tables, list) + if (strcmp(t->name, name) == 0 && try_module_get(t->me)) + return t; + up(&arpt_mutex); + return NULL; } -#ifndef CONFIG_KMOD -#define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m)) -#else -static void * -find_inlist_lock(struct list_head *head, - const char *name, - const char *prefix, - int *error, - struct semaphore *mutex) + +/* Find target, grabs ref. Returns ERR_PTR() on error. */ +static inline struct arpt_target *find_target(const char *name, u8 revision) { - void *ret; + struct arpt_target *t; + int err = 0; - ret = find_inlist_lock_noload(head, name, error, mutex); - if (!ret) { - duprintf("find_inlist: loading `%s%s'.\n", prefix, name); - request_module("%s%s", prefix, name); - ret = find_inlist_lock_noload(head, name, error, mutex); + if (down_interruptible(&arpt_mutex) != 0) + return ERR_PTR(-EINTR); + + list_for_each_entry(t, &arpt_target, list) { + if (strcmp(t->name, name) == 0) { + if (t->revision == revision) { + if (try_module_get(t->me)) { + up(&arpt_mutex); + return t; + } + } else + err = -EPROTOTYPE; /* Found something. */ + } } + up(&arpt_mutex); + return ERR_PTR(err); +} - return ret; +struct arpt_target *arpt_find_target(const char *name, u8 revision) +{ + struct arpt_target *target; + + target = try_then_request_module(find_target(name, revision), + "arpt_%s", name); + if (IS_ERR(target) || !target) + return NULL; + return target; } -#endif -static inline struct arpt_table *arpt_find_table_lock(const char *name, int *error, struct semaphore *mutex) +static int target_revfn(const char *name, u8 revision, int *bestp) { - return find_inlist_lock(&arpt_tables, name, "arptable_", error, mutex); + struct arpt_target *t; + int have_rev = 0; + + list_for_each_entry(t, &arpt_target, list) { + if (strcmp(t->name, name) == 0) { + if (t->revision > *bestp) + *bestp = t->revision; + if (t->revision == revision) + have_rev =1; + } + } + return have_rev; } -static struct arpt_target *arpt_find_target_lock(const char *name, int *error, struct semaphore *mutex) +/* Returns true or false (if no such extension at all) */ +static inline int find_revision(const char *name, u8 revision, + int (*revfn)(const char *, u8, int *), + int *err) { - return find_inlist_lock(&arpt_target, name, "arpt_", error, mutex); + int have_rev, best = -1; + + if (down_interruptible(&arpt_mutex) != 0) { + *err = -EINTR; + return 1; + } + have_rev = revfn(name, revision, &best); + up(&arpt_mutex); + + /* Nothing at all? Return 0 to try loading module. */ + if (best == -1) { + *err = -ENOENT; + return 0; + } + + *err = best; + if (!have_rev) + *err = -EPROTONOSUPPORT; + return 1; } + /* All zeroes == unconditional rule. */ static inline int unconditional(const struct arpt_arp *arp) { @@ -544,17 +592,15 @@ static inline int check_entry(struct arpt_entry *e, const char *name, unsigned i } t = arpt_get_target(e); - target = arpt_find_target_lock(t->u.user.name, &ret, &arpt_mutex); - if (!target) { + target = try_then_request_module(find_target(t->u.user.name, + t->u.user.revision), + "arpt_%s", t->u.user.name); + if (IS_ERR(target) || !target) { duprintf("check_entry: `%s' not found\n", t->u.user.name); + ret = target ? PTR_ERR(target) : -ENOENT; goto out; } - if (!try_module_get((target->me))) { - ret = -ENOENT; - goto out_unlock; - } t->u.kernel.target = target; - up(&arpt_mutex); if (t->u.kernel.target == &arpt_standard_target) { if (!standard_check(t, size)) { @@ -576,8 +622,6 @@ static inline int check_entry(struct arpt_entry *e, const char *name, unsigned i (*i)++; return 0; -out_unlock: - up(&arpt_mutex); out: return ret; } @@ -846,8 +890,8 @@ static int get_entries(const struct arpt_get_entries *entries, int ret; struct arpt_table *t; - t = arpt_find_table_lock(entries->name, &ret, &arpt_mutex); - if (t) { + t = find_table_lock(entries->name); + if (t || !IS_ERR(t)) { duprintf("t->private->number = %u\n", t->private->number); if (entries->size == t->private->size) @@ -859,10 +903,10 @@ static int get_entries(const struct arpt_get_entries *entries, entries->size); ret = -EINVAL; } + module_put(t->me); up(&arpt_mutex); } else - duprintf("get_entries: Can't find %s!\n", - entries->name); + ret = t ? PTR_ERR(t) : -ENOENT; return ret; } @@ -913,22 +957,19 @@ static int do_replace(void __user *user, unsigned int len) duprintf("arp_tables: Translated table\n"); - t = arpt_find_table_lock(tmp.name, &ret, &arpt_mutex); - if (!t) + t = try_then_request_module(find_table_lock(tmp.name), + "arptable_%s", tmp.name); + if (!t || IS_ERR(t)) { + ret = t ? PTR_ERR(t) : -ENOENT; goto free_newinfo_counters_untrans; + } /* You lied! */ if (tmp.valid_hooks != t->valid_hooks) { duprintf("Valid hook crap: %08X vs %08X\n", tmp.valid_hooks, t->valid_hooks); ret = -EINVAL; - goto free_newinfo_counters_untrans_unlock; - } - - /* Get a reference in advance, we're not allowed fail later */ - if (!try_module_get(t->me)) { - ret = -EBUSY; - goto free_newinfo_counters_untrans_unlock; + goto put_module; } oldinfo = replace_table(t, tmp.num_counters, newinfo, &ret); @@ -959,7 +1000,6 @@ static int do_replace(void __user *user, unsigned int len) put_module: module_put(t->me); - free_newinfo_counters_untrans_unlock: up(&arpt_mutex); free_newinfo_counters_untrans: ARPT_ENTRY_ITERATE(newinfo->entries, newinfo->size, cleanup_entry, NULL); @@ -989,7 +1029,7 @@ static int do_add_counters(void __user *user, unsigned int len) unsigned int i; struct arpt_counters_info tmp, *paddc; struct arpt_table *t; - int ret; + int ret = 0; if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) return -EFAULT; @@ -1006,9 +1046,11 @@ static int do_add_counters(void __user *user, unsigned int len) goto free; } - t = arpt_find_table_lock(tmp.name, &ret, &arpt_mutex); - if (!t) + t = find_table_lock(tmp.name); + if (!t || IS_ERR(t)) { + ret = t ? PTR_ERR(t) : -ENOENT; goto free; + } write_lock_bh(&t->lock); if (t->private->number != paddc->num_counters) { @@ -1025,6 +1067,7 @@ static int do_add_counters(void __user *user, unsigned int len) unlock_up_free: write_unlock_bh(&t->lock); up(&arpt_mutex); + module_put(t->me); free: vfree(paddc); @@ -1079,8 +1122,10 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len break; } name[ARPT_TABLE_MAXNAMELEN-1] = '\0'; - t = arpt_find_table_lock(name, &ret, &arpt_mutex); - if (t) { + + t = try_then_request_module(find_table_lock(name), + "arptable_%s", name); + if (t && !IS_ERR(t)) { struct arpt_getinfo info; info.valid_hooks = t->valid_hooks; @@ -1096,9 +1141,10 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len ret = -EFAULT; else ret = 0; - up(&arpt_mutex); - } + module_put(t->me); + } else + ret = t ? PTR_ERR(t) : -ENOENT; } break; @@ -1119,6 +1165,24 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len break; } + case ARPT_SO_GET_REVISION_TARGET: { + struct arpt_get_revision rev; + + if (*len != sizeof(rev)) { + ret = -EINVAL; + break; + } + if (copy_from_user(&rev, user, sizeof(rev)) != 0) { + ret = -EFAULT; + break; + } + + try_then_request_module(find_revision(rev.name, rev.revision, + target_revfn, &ret), + "arpt_%s", rev.name); + break; + } + default: duprintf("do_arpt_get_ctl: unknown request %i\n", cmd); ret = -EINVAL; @@ -1136,12 +1200,9 @@ int arpt_register_target(struct arpt_target *target) if (ret != 0) return ret; - if (!list_named_insert(&arpt_target, target)) { - duprintf("arpt_register_target: `%s' already in list!\n", - target->name); - ret = -EINVAL; - } + list_add(&target->list, &arpt_target); up(&arpt_mutex); + return ret; } diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c index f5909a4c3fc..e19c2a52d00 100644 --- a/net/ipv4/netfilter/ipt_addrtype.c +++ b/net/ipv4/netfilter/ipt_addrtype.c @@ -48,7 +48,7 @@ static int checkentry(const char *tablename, const struct ipt_ip *ip, unsigned int hook_mask) { if (matchsize != IPT_ALIGN(sizeof(struct ipt_addrtype_info))) { - printk(KERN_ERR "ipt_addrtype: invalid size (%u != %Zu)\n.", + printk(KERN_ERR "ipt_addrtype: invalid size (%u != %Zu)\n", matchsize, IPT_ALIGN(sizeof(struct ipt_addrtype_info))); return 0; } diff --git a/net/ipv4/tcp_bic.c b/net/ipv4/tcp_bic.c index 6d80e063c18..ae35e060904 100644 --- a/net/ipv4/tcp_bic.c +++ b/net/ipv4/tcp_bic.c @@ -27,7 +27,7 @@ */ static int fast_convergence = 1; -static int max_increment = 32; +static int max_increment = 16; static int low_window = 14; static int beta = 819; /* = 819/1024 (BICTCP_BETA_SCALE) */ static int low_utilization_threshold = 153; diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 41edc14851e..2c5f57299d6 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -2163,7 +2163,7 @@ static int addrconf_ifdown(struct net_device *dev, int how) /* Step 5: netlink notification of this interface */ idev->tstamp = jiffies; - inet6_ifinfo_notify(RTM_NEWLINK, idev); + inet6_ifinfo_notify(RTM_DELLINK, idev); /* Shot the device (if unregistered) */ diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c index c4f2a0ef748..f15e04ad026 100644 --- a/net/ipv6/mcast.c +++ b/net/ipv6/mcast.c @@ -545,8 +545,10 @@ int ip6_mc_msfilter(struct sock *sk, struct group_filter *gsf) sock_kfree_s(sk, newpsl, IP6_SFLSIZE(newpsl->sl_max)); goto done; } - } else + } else { newpsl = NULL; + (void) ip6_mc_add_src(idev, group, gsf->gf_fmode, 0, NULL, 0); + } psl = pmc->sflist; if (psl) { (void) ip6_mc_del_src(idev, group, pmc->sfmode, @@ -1087,7 +1089,7 @@ static void mld_marksources(struct ifmcaddr6 *pmc, int nsrcs, int igmp6_event_query(struct sk_buff *skb) { - struct mld2_query *mlh2 = (struct mld2_query *) skb->h.raw; + struct mld2_query *mlh2 = NULL; struct ifmcaddr6 *ma; struct in6_addr *group; unsigned long max_delay; @@ -1140,6 +1142,13 @@ int igmp6_event_query(struct sk_buff *skb) /* clear deleted report items */ mld_clear_delrec(idev); } else if (len >= 28) { + int srcs_offset = sizeof(struct mld2_query) - + sizeof(struct icmp6hdr); + if (!pskb_may_pull(skb, srcs_offset)) { + in6_dev_put(idev); + return -EINVAL; + } + mlh2 = (struct mld2_query *) skb->h.raw; max_delay = (MLDV2_MRC(ntohs(mlh2->mrc))*HZ)/1000; if (!max_delay) max_delay = 1; @@ -1156,7 +1165,15 @@ int igmp6_event_query(struct sk_buff *skb) return 0; } /* mark sources to include, if group & source-specific */ - mark = mlh2->nsrcs != 0; + if (mlh2->nsrcs != 0) { + if (!pskb_may_pull(skb, srcs_offset + + mlh2->nsrcs * sizeof(struct in6_addr))) { + in6_dev_put(idev); + return -EINVAL; + } + mlh2 = (struct mld2_query *) skb->h.raw; + mark = 1; + } } else { in6_dev_put(idev); return -EINVAL; diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 21deec25a12..7d492226c16 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -2,7 +2,7 @@ * Packet matching code. * * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling - * Copyright (C) 2000-2002 Netfilter core team <coreteam@netfilter.org> + * Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -23,7 +23,6 @@ #include <linux/tcp.h> #include <linux/udp.h> #include <linux/icmpv6.h> -#include <net/ip.h> #include <net/ipv6.h> #include <asm/uaccess.h> #include <asm/semaphore.h> @@ -80,13 +79,12 @@ static DECLARE_MUTEX(ip6t_mutex); #define inline #endif -/* Locking is simple: we assume at worst case there will be one packet - in user context and one from bottom halves (or soft irq if Alexey's - softnet patch was applied). - +/* We keep a set of rules for each CPU, so we can avoid write-locking - them; doing a readlock_bh() stops packets coming through if we're - in user context. + them in the softirq when updating the counters and therefore + only need to read-lock in the softirq; doing a write_lock_bh() in user + context stops packets coming through and allows user context to read + the counters or update the rules. To be cache friendly on SMP, we arrange them like so: [ n-entries ] @@ -356,7 +354,7 @@ ip6t_do_table(struct sk_buff **pskb, struct ip6t_table *table, void *userdata) { - static const char nulldevname[IFNAMSIZ]; + static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); int offset = 0; unsigned int protoff = 0; int hotdrop = 0; @@ -369,7 +367,6 @@ ip6t_do_table(struct sk_buff **pskb, /* Initialization */ indev = in ? in->name : nulldevname; outdev = out ? out->name : nulldevname; - /* We handle fragments by dealing with the first fragment as * if it was a normal packet. All other fragments are treated * normally, except that they will NEVER match rules that ask @@ -497,75 +494,145 @@ ip6t_do_table(struct sk_buff **pskb, #endif } -/* If it succeeds, returns element and locks mutex */ -static inline void * -find_inlist_lock_noload(struct list_head *head, - const char *name, - int *error, - struct semaphore *mutex) +/* + * These are weird, but module loading must not be done with mutex + * held (since they will register), and we have to have a single + * function to use try_then_request_module(). + */ + +/* Find table by name, grabs mutex & ref. Returns ERR_PTR() on error. */ +static inline struct ip6t_table *find_table_lock(const char *name) { - void *ret; + struct ip6t_table *t; -#if 1 - duprintf("find_inlist: searching for `%s' in %s.\n", - name, head == &ip6t_target ? "ip6t_target" - : head == &ip6t_match ? "ip6t_match" - : head == &ip6t_tables ? "ip6t_tables" : "UNKNOWN"); -#endif + if (down_interruptible(&ip6t_mutex) != 0) + return ERR_PTR(-EINTR); - *error = down_interruptible(mutex); - if (*error != 0) - return NULL; + list_for_each_entry(t, &ip6t_tables, list) + if (strcmp(t->name, name) == 0 && try_module_get(t->me)) + return t; + up(&ip6t_mutex); + return NULL; +} + +/* Find match, grabs ref. Returns ERR_PTR() on error. */ +static inline struct ip6t_match *find_match(const char *name, u8 revision) +{ + struct ip6t_match *m; + int err = 0; - ret = list_named_find(head, name); - if (!ret) { - *error = -ENOENT; - up(mutex); + if (down_interruptible(&ip6t_mutex) != 0) + return ERR_PTR(-EINTR); + + list_for_each_entry(m, &ip6t_match, list) { + if (strcmp(m->name, name) == 0) { + if (m->revision == revision) { + if (try_module_get(m->me)) { + up(&ip6t_mutex); + return m; + } + } else + err = -EPROTOTYPE; /* Found something. */ + } } - return ret; + up(&ip6t_mutex); + return ERR_PTR(err); } -#ifndef CONFIG_KMOD -#define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m)) -#else -static void * -find_inlist_lock(struct list_head *head, - const char *name, - const char *prefix, - int *error, - struct semaphore *mutex) +/* Find target, grabs ref. Returns ERR_PTR() on error. */ +static inline struct ip6t_target *find_target(const char *name, u8 revision) { - void *ret; + struct ip6t_target *t; + int err = 0; - ret = find_inlist_lock_noload(head, name, error, mutex); - if (!ret) { - duprintf("find_inlist: loading `%s%s'.\n", prefix, name); - request_module("%s%s", prefix, name); - ret = find_inlist_lock_noload(head, name, error, mutex); + if (down_interruptible(&ip6t_mutex) != 0) + return ERR_PTR(-EINTR); + + list_for_each_entry(t, &ip6t_target, list) { + if (strcmp(t->name, name) == 0) { + if (t->revision == revision) { + if (try_module_get(t->me)) { + up(&ip6t_mutex); + return t; + } + } else + err = -EPROTOTYPE; /* Found something. */ + } } + up(&ip6t_mutex); + return ERR_PTR(err); +} - return ret; +struct ip6t_target *ip6t_find_target(const char *name, u8 revision) +{ + struct ip6t_target *target; + + target = try_then_request_module(find_target(name, revision), + "ip6t_%s", name); + if (IS_ERR(target) || !target) + return NULL; + return target; } -#endif -static inline struct ip6t_table * -ip6t_find_table_lock(const char *name, int *error, struct semaphore *mutex) +static int match_revfn(const char *name, u8 revision, int *bestp) { - return find_inlist_lock(&ip6t_tables, name, "ip6table_", error, mutex); + struct ip6t_match *m; + int have_rev = 0; + + list_for_each_entry(m, &ip6t_match, list) { + if (strcmp(m->name, name) == 0) { + if (m->revision > *bestp) + *bestp = m->revision; + if (m->revision == revision) + have_rev = 1; + } + } + return have_rev; } -static inline struct ip6t_match * -find_match_lock(const char *name, int *error, struct semaphore *mutex) +static int target_revfn(const char *name, u8 revision, int *bestp) { - return find_inlist_lock(&ip6t_match, name, "ip6t_", error, mutex); + struct ip6t_target *t; + int have_rev = 0; + + list_for_each_entry(t, &ip6t_target, list) { + if (strcmp(t->name, name) == 0) { + if (t->revision > *bestp) + *bestp = t->revision; + if (t->revision == revision) + have_rev = 1; + } + } + return have_rev; } -static struct ip6t_target * -ip6t_find_target_lock(const char *name, int *error, struct semaphore *mutex) +/* Returns true or fals (if no such extension at all) */ +static inline int find_revision(const char *name, u8 revision, + int (*revfn)(const char *, u8, int *), + int *err) { - return find_inlist_lock(&ip6t_target, name, "ip6t_", error, mutex); + int have_rev, best = -1; + + if (down_interruptible(&ip6t_mutex) != 0) { + *err = -EINTR; + return 1; + } + have_rev = revfn(name, revision, &best); + up(&ip6t_mutex); + + /* Nothing at all? Return 0 to try loading module. */ + if (best == -1) { + *err = -ENOENT; + return 0; + } + + *err = best; + if (!have_rev) + *err = -EPROTONOSUPPORT; + return 1; } + /* All zeroes == unconditional rule. */ static inline int unconditional(const struct ip6t_ip6 *ipv6) @@ -725,20 +792,16 @@ check_match(struct ip6t_entry_match *m, unsigned int hookmask, unsigned int *i) { - int ret; struct ip6t_match *match; - match = find_match_lock(m->u.user.name, &ret, &ip6t_mutex); - if (!match) { - // duprintf("check_match: `%s' not found\n", m->u.name); - return ret; - } - if (!try_module_get(match->me)) { - up(&ip6t_mutex); - return -ENOENT; + match = try_then_request_module(find_match(m->u.user.name, + m->u.user.revision), + "ip6t_%s", m->u.user.name); + if (IS_ERR(match) || !match) { + duprintf("check_match: `%s' not found\n", m->u.user.name); + return match ? PTR_ERR(match) : -ENOENT; } m->u.kernel.match = match; - up(&ip6t_mutex); if (m->u.kernel.match->checkentry && !m->u.kernel.match->checkentry(name, ipv6, m->data, @@ -776,22 +839,16 @@ check_entry(struct ip6t_entry *e, const char *name, unsigned int size, goto cleanup_matches; t = ip6t_get_target(e); - target = ip6t_find_target_lock(t->u.user.name, &ret, &ip6t_mutex); - if (!target) { + target = try_then_request_module(find_target(t->u.user.name, + t->u.user.revision), + "ip6t_%s", t->u.user.name); + if (IS_ERR(target) || !target) { duprintf("check_entry: `%s' not found\n", t->u.user.name); - goto cleanup_matches; - } - if (!try_module_get(target->me)) { - up(&ip6t_mutex); - ret = -ENOENT; + ret = target ? PTR_ERR(target) : -ENOENT; goto cleanup_matches; } t->u.kernel.target = target; - up(&ip6t_mutex); - if (!t->u.kernel.target) { - ret = -EBUSY; - goto cleanup_matches; - } + if (t->u.kernel.target == &ip6t_standard_target) { if (!standard_check(t, size)) { ret = -EINVAL; @@ -1118,8 +1175,8 @@ get_entries(const struct ip6t_get_entries *entries, int ret; struct ip6t_table *t; - t = ip6t_find_table_lock(entries->name, &ret, &ip6t_mutex); - if (t) { + t = find_table_lock(entries->name); + if (t && !IS_ERR(t)) { duprintf("t->private->number = %u\n", t->private->number); if (entries->size == t->private->size) @@ -1131,10 +1188,10 @@ get_entries(const struct ip6t_get_entries *entries, entries->size); ret = -EINVAL; } + module_put(t->me); up(&ip6t_mutex); } else - duprintf("get_entries: Can't find %s!\n", - entries->name); + ret = t ? PTR_ERR(t) : -ENOENT; return ret; } @@ -1182,22 +1239,19 @@ do_replace(void __user *user, unsigned int len) duprintf("ip_tables: Translated table\n"); - t = ip6t_find_table_lock(tmp.name, &ret, &ip6t_mutex); - if (!t) + t = try_then_request_module(find_table_lock(tmp.name), + "ip6table_%s", tmp.name); + if (!t || IS_ERR(t)) { + ret = t ? PTR_ERR(t) : -ENOENT; goto free_newinfo_counters_untrans; + } /* You lied! */ if (tmp.valid_hooks != t->valid_hooks) { duprintf("Valid hook crap: %08X vs %08X\n", tmp.valid_hooks, t->valid_hooks); ret = -EINVAL; - goto free_newinfo_counters_untrans_unlock; - } - - /* Get a reference in advance, we're not allowed fail later */ - if (!try_module_get(t->me)) { - ret = -EBUSY; - goto free_newinfo_counters_untrans_unlock; + goto put_module; } oldinfo = replace_table(t, tmp.num_counters, newinfo, &ret); @@ -1219,7 +1273,6 @@ do_replace(void __user *user, unsigned int len) /* Decrease module usage counts and free resource */ IP6T_ENTRY_ITERATE(oldinfo->entries, oldinfo->size, cleanup_entry,NULL); vfree(oldinfo); - /* Silent error: too late now. */ if (copy_to_user(tmp.counters, counters, sizeof(struct ip6t_counters) * tmp.num_counters) != 0) ret = -EFAULT; @@ -1229,7 +1282,6 @@ do_replace(void __user *user, unsigned int len) put_module: module_put(t->me); - free_newinfo_counters_untrans_unlock: up(&ip6t_mutex); free_newinfo_counters_untrans: IP6T_ENTRY_ITERATE(newinfo->entries, newinfo->size, cleanup_entry,NULL); @@ -1268,7 +1320,7 @@ do_add_counters(void __user *user, unsigned int len) unsigned int i; struct ip6t_counters_info tmp, *paddc; struct ip6t_table *t; - int ret; + int ret = 0; if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) return -EFAULT; @@ -1285,9 +1337,11 @@ do_add_counters(void __user *user, unsigned int len) goto free; } - t = ip6t_find_table_lock(tmp.name, &ret, &ip6t_mutex); - if (!t) + t = find_table_lock(tmp.name); + if (!t || IS_ERR(t)) { + ret = t ? PTR_ERR(t) : -ENOENT; goto free; + } write_lock_bh(&t->lock); if (t->private->number != paddc->num_counters) { @@ -1304,6 +1358,7 @@ do_add_counters(void __user *user, unsigned int len) unlock_up_free: write_unlock_bh(&t->lock); up(&ip6t_mutex); + module_put(t->me); free: vfree(paddc); @@ -1360,8 +1415,10 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) break; } name[IP6T_TABLE_MAXNAMELEN-1] = '\0'; - t = ip6t_find_table_lock(name, &ret, &ip6t_mutex); - if (t) { + + t = try_then_request_module(find_table_lock(name), + "ip6table_%s", name); + if (t && !IS_ERR(t)) { struct ip6t_getinfo info; info.valid_hooks = t->valid_hooks; @@ -1377,9 +1434,10 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) ret = -EFAULT; else ret = 0; - up(&ip6t_mutex); - } + module_put(t->me); + } else + ret = t ? PTR_ERR(t) : -ENOENT; } break; @@ -1400,6 +1458,31 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) break; } + case IP6T_SO_GET_REVISION_MATCH: + case IP6T_SO_GET_REVISION_TARGET: { + struct ip6t_get_revision rev; + int (*revfn)(const char *, u8, int *); + + if (*len != sizeof(rev)) { + ret = -EINVAL; + break; + } + if (copy_from_user(&rev, user, sizeof(rev)) != 0) { + ret = -EFAULT; + break; + } + + if (cmd == IP6T_SO_GET_REVISION_TARGET) + revfn = target_revfn; + else + revfn = match_revfn; + + try_then_request_module(find_revision(rev.name, rev.revision, + revfn, &ret), + "ip6t_%s", rev.name); + break; + } + default: duprintf("do_ip6t_get_ctl: unknown request %i\n", cmd); ret = -EINVAL; @@ -1417,12 +1500,7 @@ ip6t_register_target(struct ip6t_target *target) ret = down_interruptible(&ip6t_mutex); if (ret != 0) return ret; - - if (!list_named_insert(&ip6t_target, target)) { - duprintf("ip6t_register_target: `%s' already in list!\n", - target->name); - ret = -EINVAL; - } + list_add(&target->list, &ip6t_target); up(&ip6t_mutex); return ret; } @@ -1444,11 +1522,7 @@ ip6t_register_match(struct ip6t_match *match) if (ret != 0) return ret; - if (!list_named_insert(&ip6t_match, match)) { - duprintf("ip6t_register_match: `%s' already in list!\n", - match->name); - ret = -EINVAL; - } + list_add(&match->list, &ip6t_match); up(&ip6t_mutex); return ret; diff --git a/net/ipv6/netfilter/ip6t_MARK.c b/net/ipv6/netfilter/ip6t_MARK.c index 81924fcc585..0c7584f9217 100644 --- a/net/ipv6/netfilter/ip6t_MARK.c +++ b/net/ipv6/netfilter/ip6t_MARK.c @@ -56,8 +56,12 @@ checkentry(const char *tablename, return 1; } -static struct ip6t_target ip6t_mark_reg -= { { NULL, NULL }, "MARK", target, checkentry, NULL, THIS_MODULE }; +static struct ip6t_target ip6t_mark_reg = { + .name = "MARK", + .target = target, + .checkentry = checkentry, + .me = THIS_MODULE +}; static int __init init(void) { diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 5d5bbb49ec7..227e99ed510 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -483,7 +483,7 @@ restart: goto out; } - rt = rt6_device_match(rt, skb->dev->ifindex, 0); + rt = rt6_device_match(rt, skb->dev->ifindex, strict); BACKTRACK(); if (!rt->rt6i_nexthop && !(rt->rt6i_flags & RTF_NONEXTHOP)) { diff --git a/net/rose/rose_timer.c b/net/rose/rose_timer.c index 50ae0371dab..b6c8f38cc26 100644 --- a/net/rose/rose_timer.c +++ b/net/rose/rose_timer.c @@ -138,6 +138,7 @@ static void rose_heartbeat_expiry(unsigned long param) is accepted() it isn't 'dead' so doesn't get removed. */ if (sock_flag(sk, SOCK_DESTROY) || (sk->sk_state == TCP_LISTEN && sock_flag(sk, SOCK_DEAD))) { + bh_unlock_sock(sk); rose_destroy_socket(sk); return; } diff --git a/net/sched/Kconfig b/net/sched/Kconfig index 81510da3179..7f34e7fd767 100644 --- a/net/sched/Kconfig +++ b/net/sched/Kconfig @@ -2,13 +2,15 @@ # Traffic control configuration. # -menuconfig NET_SCHED +menu "QoS and/or fair queueing" + +config NET_SCHED bool "QoS and/or fair queueing" ---help--- When the kernel has several packets to send out over a network device, it has to decide which ones to send first, which ones to - delay, and which ones to drop. This is the job of the packet - scheduler, and several different algorithms for how to do this + delay, and which ones to drop. This is the job of the queueing + disciplines, several different algorithms for how to do this "fairly" have been proposed. If you say N here, you will get the standard packet scheduler, which @@ -23,13 +25,13 @@ menuconfig NET_SCHED To administer these schedulers, you'll need the user-level utilities from the package iproute2+tc at <ftp://ftp.tux.org/pub/net/ip-routing/>. That package also contains some documentation; for more, check out - <http://snafu.freedom.org/linux2.2/iproute-notes.html>. + <http://linux-net.osdl.org/index.php/Iproute2>. This Quality of Service (QoS) support will enable you to use Differentiated Services (diffserv) and Resource Reservation Protocol - (RSVP) on your Linux router if you also say Y to "QoS support", - "Packet classifier API" and to some classifiers below. Documentation - and software is at <http://diffserv.sourceforge.net/>. + (RSVP) on your Linux router if you also say Y to the corresponding + classifiers below. Documentation and software is at + <http://diffserv.sourceforge.net/>. If you say Y here and to "/proc file system" below, you will be able to read status information about packet schedulers from the file @@ -42,7 +44,7 @@ choice prompt "Packet scheduler clock source" depends on NET_SCHED default NET_SCH_CLK_JIFFIES - help + ---help--- Packet schedulers need a monotonic clock that increments at a static rate. The kernel provides several suitable interfaces, each with different properties: @@ -56,7 +58,7 @@ choice config NET_SCH_CLK_JIFFIES bool "Timer interrupt" - help + ---help--- Say Y here if you want to use the timer interrupt (jiffies) as clock source. This clock source is fast, synchronized on all processors and handles cpu clock frequency changes, but its resolution is too low @@ -64,7 +66,7 @@ config NET_SCH_CLK_JIFFIES config NET_SCH_CLK_GETTIMEOFDAY bool "gettimeofday" - help + ---help--- Say Y here if you want to use gettimeofday as clock source. This clock source has high resolution, is synchronized on all processors and handles cpu clock frequency changes, but it is slow. @@ -77,7 +79,7 @@ config NET_SCH_CLK_GETTIMEOFDAY config NET_SCH_CLK_CPU bool "CPU cycle counter" depends on ((X86_TSC || X86_64) && !SMP) || ALPHA || SPARC64 || PPC64 || IA64 - help + ---help--- Say Y here if you want to use the CPU's cycle counter as clock source. This is a cheap and high resolution clock source, but on some architectures it is not synchronized on all processors and doesn't @@ -95,134 +97,129 @@ config NET_SCH_CLK_CPU endchoice +comment "Queueing/Scheduling" + depends on NET_SCHED + config NET_SCH_CBQ - tristate "CBQ packet scheduler" + tristate "Class Based Queueing (CBQ)" depends on NET_SCHED ---help--- Say Y here if you want to use the Class-Based Queueing (CBQ) packet - scheduling algorithm for some of your network devices. This - algorithm classifies the waiting packets into a tree-like hierarchy - of classes; the leaves of this tree are in turn scheduled by - separate algorithms (called "disciplines" in this context). + scheduling algorithm. This algorithm classifies the waiting packets + into a tree-like hierarchy of classes; the leaves of this tree are + in turn scheduled by separate algorithms. - See the top of <file:net/sched/sch_cbq.c> for references about the - CBQ algorithm. + See the top of <file:net/sched/sch_cbq.c> for more details. CBQ is a commonly used scheduler, so if you're unsure, you should say Y here. Then say Y to all the queueing algorithms below that you - want to use as CBQ disciplines. Then say Y to "Packet classifier - API" and say Y to all the classifiers you want to use; a classifier - is a routine that allows you to sort your outgoing traffic into - classes based on a certain criterion. + want to use as leaf disciplines. To compile this code as a module, choose M here: the module will be called sch_cbq. config NET_SCH_HTB - tristate "HTB packet scheduler" + tristate "Hierarchical Token Bucket (HTB)" depends on NET_SCHED ---help--- Say Y here if you want to use the Hierarchical Token Buckets (HTB) - packet scheduling algorithm for some of your network devices. See + packet scheduling algorithm. See <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and in-depth articles. - HTB is very similar to the CBQ regarding its goals however is has + HTB is very similar to CBQ regarding its goals however is has different properties and different algorithm. To compile this code as a module, choose M here: the module will be called sch_htb. config NET_SCH_HFSC - tristate "HFSC packet scheduler" + tristate "Hierarchical Fair Service Curve (HFSC)" depends on NET_SCHED ---help--- Say Y here if you want to use the Hierarchical Fair Service Curve - (HFSC) packet scheduling algorithm for some of your network devices. + (HFSC) packet scheduling algorithm. To compile this code as a module, choose M here: the module will be called sch_hfsc. -#tristate ' H-PFQ packet scheduler' CONFIG_NET_SCH_HPFQ config NET_SCH_ATM - tristate "ATM pseudo-scheduler" + tristate "ATM Virtual Circuits (ATM)" depends on NET_SCHED && ATM ---help--- Say Y here if you want to use the ATM pseudo-scheduler. This - provides a framework for invoking classifiers (aka "filters"), which - in turn select classes of this queuing discipline. Each class maps - the flow(s) it is handling to a given virtual circuit (see the top of - <file:net/sched/sch_atm.c>). + provides a framework for invoking classifiers, which in turn + select classes of this queuing discipline. Each class maps + the flow(s) it is handling to a given virtual circuit. + + See the top of <file:net/sched/sch_atm.c>) for more details. To compile this code as a module, choose M here: the module will be called sch_atm. config NET_SCH_PRIO - tristate "The simplest PRIO pseudoscheduler" + tristate "Multi Band Priority Queueing (PRIO)" depends on NET_SCHED - help + ---help--- Say Y here if you want to use an n-band priority queue packet - "scheduler" for some of your network devices or as a leaf discipline - for the CBQ scheduling algorithm. If unsure, say Y. + scheduler. To compile this code as a module, choose M here: the module will be called sch_prio. config NET_SCH_RED - tristate "RED queue" + tristate "Random Early Detection (RED)" depends on NET_SCHED - help + ---help--- Say Y here if you want to use the Random Early Detection (RED) - packet scheduling algorithm for some of your network devices (see - the top of <file:net/sched/sch_red.c> for details and references - about the algorithm). + packet scheduling algorithm. + + See the top of <file:net/sched/sch_red.c> for more details. To compile this code as a module, choose M here: the module will be called sch_red. config NET_SCH_SFQ - tristate "SFQ queue" + tristate "Stochastic Fairness Queueing (SFQ)" depends on NET_SCHED ---help--- Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) - packet scheduling algorithm for some of your network devices or as a - leaf discipline for the CBQ scheduling algorithm (see the top of - <file:net/sched/sch_sfq.c> for details and references about the SFQ - algorithm). + packet scheduling algorithm . + + See the top of <file:net/sched/sch_sfq.c> for more details. To compile this code as a module, choose M here: the module will be called sch_sfq. config NET_SCH_TEQL - tristate "TEQL queue" + tristate "True Link Equalizer (TEQL)" depends on NET_SCHED ---help--- Say Y here if you want to use the True Link Equalizer (TLE) packet - scheduling algorithm for some of your network devices or as a leaf - discipline for the CBQ scheduling algorithm. This queueing - discipline allows the combination of several physical devices into - one virtual device. (see the top of <file:net/sched/sch_teql.c> for - details). + scheduling algorithm. This queueing discipline allows the combination + of several physical devices into one virtual device. + + See the top of <file:net/sched/sch_teql.c> for more details. To compile this code as a module, choose M here: the module will be called sch_teql. config NET_SCH_TBF - tristate "TBF queue" + tristate "Token Bucket Filter (TBF)" depends on NET_SCHED - help - Say Y here if you want to use the Simple Token Bucket Filter (TBF) - packet scheduling algorithm for some of your network devices or as a - leaf discipline for the CBQ scheduling algorithm (see the top of - <file:net/sched/sch_tbf.c> for a description of the TBF algorithm). + ---help--- + Say Y here if you want to use the Token Bucket Filter (TBF) packet + scheduling algorithm. + + See the top of <file:net/sched/sch_tbf.c> for more details. To compile this code as a module, choose M here: the module will be called sch_tbf. config NET_SCH_GRED - tristate "GRED queue" + tristate "Generic Random Early Detection (GRED)" depends on NET_SCHED - help + ---help--- Say Y here if you want to use the Generic Random Early Detection (GRED) packet scheduling algorithm for some of your network devices (see the top of <file:net/sched/sch_red.c> for details and @@ -232,9 +229,9 @@ config NET_SCH_GRED module will be called sch_gred. config NET_SCH_DSMARK - tristate "Diffserv field marker" + tristate "Differentiated Services marker (DSMARK)" depends on NET_SCHED - help + ---help--- Say Y if you want to schedule packets according to the Differentiated Services architecture proposed in RFC 2475. Technical information on this method, with pointers to associated @@ -244,9 +241,9 @@ config NET_SCH_DSMARK module will be called sch_dsmark. config NET_SCH_NETEM - tristate "Network emulator" + tristate "Network emulator (NETEM)" depends on NET_SCHED - help + ---help--- Say Y if you want to emulate network delay, loss, and packet re-ordering. This is often useful to simulate networks when testing applications or protocols. @@ -259,58 +256,23 @@ config NET_SCH_NETEM config NET_SCH_INGRESS tristate "Ingress Qdisc" depends on NET_SCHED - help - If you say Y here, you will be able to police incoming bandwidth - and drop packets when this bandwidth exceeds your desired rate. + ---help--- + Say Y here if you want to use classifiers for incoming packets. If unsure, say Y. To compile this code as a module, choose M here: the module will be called sch_ingress. -config NET_QOS - bool "QoS support" +comment "Classification" depends on NET_SCHED - ---help--- - Say Y here if you want to include Quality Of Service scheduling - features, which means that you will be able to request certain - rate-of-flow limits for your network devices. - - This Quality of Service (QoS) support will enable you to use - Differentiated Services (diffserv) and Resource Reservation Protocol - (RSVP) on your Linux router if you also say Y to "Packet classifier - API" and to some classifiers below. Documentation and software is at - <http://diffserv.sourceforge.net/>. - - Note that the answer to this question won't directly affect the - kernel: saying N will just cause the configurator to skip all - the questions about QoS support. - -config NET_ESTIMATOR - bool "Rate estimator" - depends on NET_QOS - help - In order for Quality of Service scheduling to work, the current - rate-of-flow for a network device has to be estimated; if you say Y - here, the kernel will do just that. config NET_CLS - bool "Packet classifier API" - depends on NET_SCHED - ---help--- - The CBQ scheduling algorithm requires that network packets which are - scheduled to be sent out over a network device be classified - according to some criterion. If you say Y here, you will get a - choice of several different packet classifiers with the following - questions. - - This will enable you to use Differentiated Services (diffserv) and - Resource Reservation Protocol (RSVP) on your Linux router. - Documentation and software is at - <http://diffserv.sourceforge.net/>. + boolean config NET_CLS_BASIC - tristate "Basic classifier" - depends on NET_CLS + tristate "Elementary classification (BASIC)" + depends NET_SCHED + select NET_CLS ---help--- Say Y here if you want to be able to classify packets using only extended matches and actions. @@ -319,24 +281,25 @@ config NET_CLS_BASIC module will be called cls_basic. config NET_CLS_TCINDEX - tristate "TC index classifier" - depends on NET_CLS - help - If you say Y here, you will be able to classify outgoing packets - according to the tc_index field of the skb. You will want this - feature if you want to implement Differentiated Services using - sch_dsmark. If unsure, say Y. + tristate "Traffic-Control Index (TCINDEX)" + depends NET_SCHED + select NET_CLS + ---help--- + Say Y here if you want to be able to classify packets based on + traffic control indices. You will want this feature if you want + to implement Differentiated Services together with DSMARK. To compile this code as a module, choose M here: the module will be called cls_tcindex. config NET_CLS_ROUTE4 - tristate "Routing table based classifier" - depends on NET_CLS + tristate "Routing decision (ROUTE)" + depends NET_SCHED select NET_CLS_ROUTE - help - If you say Y here, you will be able to classify outgoing packets - according to the route table entry they matched. If unsure, say Y. + select NET_CLS + ---help--- + If you say Y here, you will be able to classify packets + according to the route table entry they matched. To compile this code as a module, choose M here: the module will be called cls_route. @@ -346,58 +309,45 @@ config NET_CLS_ROUTE default n config NET_CLS_FW - tristate "Firewall based classifier" - depends on NET_CLS - help - If you say Y here, you will be able to classify outgoing packets - according to firewall criteria you specified. + tristate "Netfilter mark (FW)" + depends NET_SCHED + select NET_CLS + ---help--- + If you say Y here, you will be able to classify packets + according to netfilter/firewall marks. To compile this code as a module, choose M here: the module will be called cls_fw. config NET_CLS_U32 - tristate "U32 classifier" - depends on NET_CLS - help - If you say Y here, you will be able to classify outgoing packets - according to their destination address. If unsure, say Y. + tristate "Universal 32bit comparisons w/ hashing (U32)" + depends NET_SCHED + select NET_CLS + ---help--- + Say Y here to be able to classify packetes using a universal + 32bit pieces based comparison scheme. To compile this code as a module, choose M here: the module will be called cls_u32. config CLS_U32_PERF - bool "U32 classifier performance counters" + bool "Performance counters support" depends on NET_CLS_U32 - help - gathers stats that could be used to tune u32 classifier performance. - Requires a new iproute2 - You MUST NOT turn this on if you dont have an update iproute2. - -config NET_CLS_IND - bool "classify input device (slows things u32/fw) " - depends on NET_CLS_U32 || NET_CLS_FW - help - This option will be killed eventually when a - metadata action appears because it slows things a little - Available only for u32 and fw classifiers. - Requires a new iproute2 - You MUST NOT turn this on if you dont have an update iproute2. + ---help--- + Say Y here to make u32 gather additional statistics useful for + fine tuning u32 classifiers. config CLS_U32_MARK - bool "Use nfmark as a key in U32 classifier" + bool "Netfilter marks support" depends on NET_CLS_U32 && NETFILTER - help - This allows you to match mark in a u32 filter. - Example: - tc filter add dev eth0 protocol ip parent 1:0 prio 5 u32 \ - match mark 0x0090 0xffff \ - match ip dst 4.4.4.4 \ - flowid 1:90 - You must use a new iproute2 to use this feature. + ---help--- + Say Y here to be able to use netfilter marks as u32 key. config NET_CLS_RSVP - tristate "Special RSVP classifier" - depends on NET_CLS && NET_QOS + tristate "IPv4 Resource Reservation Protocol (RSVP)" + depends on NET_SCHED + select NET_CLS + select NET_ESTIMATOR ---help--- The Resource Reservation Protocol (RSVP) permits end systems to request a minimum and maximum data flow rate for a connection; this @@ -410,31 +360,33 @@ config NET_CLS_RSVP module will be called cls_rsvp. config NET_CLS_RSVP6 - tristate "Special RSVP classifier for IPv6" - depends on NET_CLS && NET_QOS + tristate "IPv6 Resource Reservation Protocol (RSVP6)" + depends on NET_SCHED + select NET_CLS + select NET_ESTIMATOR ---help--- The Resource Reservation Protocol (RSVP) permits end systems to request a minimum and maximum data flow rate for a connection; this is important for real time data such as streaming sound or video. Say Y here if you want to be able to classify outgoing packets based - on their RSVP requests and you are using the new Internet Protocol - IPv6 as opposed to the older and more common IPv4. + on their RSVP requests and you are using the IPv6. To compile this code as a module, choose M here: the module will be called cls_rsvp6. config NET_EMATCH bool "Extended Matches" - depends on NET_CLS + depends NET_SCHED + select NET_CLS ---help--- Say Y here if you want to use extended matches on top of classifiers and select the extended matches below. Extended matches are small classification helpers not worth writing - a separate classifier. + a separate classifier for. - You must have a recent version of the iproute2 tools in order to use + A recent version of the iproute2 package is required to use extended matches. config NET_EMATCH_STACK @@ -468,7 +420,7 @@ config NET_EMATCH_NBYTE module will be called em_nbyte. config NET_EMATCH_U32 - tristate "U32 hashing key" + tristate "U32 key" depends on NET_EMATCH ---help--- Say Y here if you want to be able to classify packets using @@ -496,76 +448,120 @@ config NET_EMATCH_TEXT select TEXTSEARCH_BM select TEXTSEARCH_FSM ---help--- - Say Y here if you want to be ablt to classify packets based on + Say Y here if you want to be able to classify packets based on textsearch comparisons. To compile this code as a module, choose M here: the module will be called em_text. config NET_CLS_ACT - bool "Packet ACTION" - depends on EXPERIMENTAL && NET_CLS && NET_QOS + bool "Actions" + depends on EXPERIMENTAL && NET_SCHED + select NET_ESTIMATOR ---help--- - This option requires you have a new iproute2. It enables - tc extensions which can be used with tc classifiers. - You MUST NOT turn this on if you dont have an update iproute2. + Say Y here if you want to use traffic control actions. Actions + get attached to classifiers and are invoked after a successful + classification. They are used to overwrite the classification + result, instantly drop or redirect packets, etc. + + A recent version of the iproute2 package is required to use + extended matches. config NET_ACT_POLICE - tristate "Policing Actions" + tristate "Traffic Policing" depends on NET_CLS_ACT ---help--- - If you are using a newer iproute2 select this one, otherwise use one - below to select a policer. - You MUST NOT turn this on if you dont have an update iproute2. + Say Y here if you want to do traffic policing, i.e. strict + bandwidth limiting. This action replaces the existing policing + module. + + To compile this code as a module, choose M here: the + module will be called police. config NET_ACT_GACT - tristate "generic Actions" + tristate "Generic actions" depends on NET_CLS_ACT ---help--- - You must have new iproute2 to use this feature. - This adds simple filtering actions like drop, accept etc. + Say Y here to take generic actions such as dropping and + accepting packets. + + To compile this code as a module, choose M here: the + module will be called gact. config GACT_PROB - bool "generic Actions probability" + bool "Probability support" depends on NET_ACT_GACT ---help--- - Allows generic actions to be randomly or deterministically used. + Say Y here to use the generic action randomly or deterministically. config NET_ACT_MIRRED - tristate "Packet In/Egress redirecton/mirror Actions" + tristate "Redirecting and Mirroring" depends on NET_CLS_ACT ---help--- - requires new iproute2 - This allows packets to be mirrored or redirected to netdevices + Say Y here to allow packets to be mirrored or redirected to + other devices. + + To compile this code as a module, choose M here: the + module will be called mirred. config NET_ACT_IPT - tristate "iptables Actions" + tristate "IPtables targets" depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES ---help--- - requires new iproute2 - This allows iptables targets to be used by tc filters + Say Y here to be able to invoke iptables targets after succesful + classification. + + To compile this code as a module, choose M here: the + module will be called ipt. config NET_ACT_PEDIT - tristate "Generic Packet Editor Actions" + tristate "Packet Editing" depends on NET_CLS_ACT ---help--- - requires new iproute2 - This allows for packets to be generically edited + Say Y here if you want to mangle the content of packets. -config NET_CLS_POLICE - bool "Traffic policing (needed for in/egress)" - depends on NET_CLS && NET_QOS && NET_CLS_ACT!=y - help - Say Y to support traffic policing (bandwidth limits). Needed for - ingress and egress rate limiting. + To compile this code as a module, choose M here: the + module will be called pedit. config NET_ACT_SIMP - tristate "Simple action" + tristate "Simple Example (Debug)" depends on NET_CLS_ACT ---help--- - You must have new iproute2 to use this feature. - This adds a very simple action for demonstration purposes - The idea is to give action authors a basic example to look at. - All this action will do is print on the console the configured - policy string followed by _ then packet count. + Say Y here to add a simple action for demonstration purposes. + It is meant as an example and for debugging purposes. It will + print a configured policy string followed by the packet count + to the console for every packet that passes by. + + If unsure, say N. + + To compile this code as a module, choose M here: the + module will be called simple. + +config NET_CLS_POLICE + bool "Traffic Policing (obsolete)" + depends on NET_SCHED && NET_CLS_ACT!=y + select NET_ESTIMATOR + ---help--- + Say Y here if you want to do traffic policing, i.e. strict + bandwidth limiting. This option is obsoleted by the traffic + policer implemented as action, it stays here for compatibility + reasons. + +config NET_CLS_IND + bool "Incoming device classification" + depends on NET_SCHED && (NET_CLS_U32 || NET_CLS_FW) + ---help--- + Say Y here to extend the u32 and fw classifier to support + classification based on the incoming device. This option is + likely to disappear in favour of the metadata ematch. + +config NET_ESTIMATOR + bool "Rate estimator" + depends on NET_SCHED + ---help--- + Say Y here to allow using rate estimators to estimate the current + rate-of-flow for network devices, queues, etc. This module is + automaticaly selected if needed but can be selected manually for + statstical purposes. +endmenu diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c index a415d99c394..8c7756036e9 100644 --- a/net/sunrpc/auth.c +++ b/net/sunrpc/auth.c @@ -299,11 +299,10 @@ put_rpccred(struct rpc_cred *cred) void rpcauth_unbindcred(struct rpc_task *task) { - struct rpc_auth *auth = task->tk_auth; struct rpc_cred *cred = task->tk_msg.rpc_cred; dprintk("RPC: %4d releasing %s cred %p\n", - task->tk_pid, auth->au_ops->au_name, cred); + task->tk_pid, task->tk_auth->au_ops->au_name, cred); put_rpccred(cred); task->tk_msg.rpc_cred = NULL; @@ -312,22 +311,22 @@ rpcauth_unbindcred(struct rpc_task *task) u32 * rpcauth_marshcred(struct rpc_task *task, u32 *p) { - struct rpc_auth *auth = task->tk_auth; struct rpc_cred *cred = task->tk_msg.rpc_cred; dprintk("RPC: %4d marshaling %s cred %p\n", - task->tk_pid, auth->au_ops->au_name, cred); + task->tk_pid, task->tk_auth->au_ops->au_name, cred); + return cred->cr_ops->crmarshal(task, p); } u32 * rpcauth_checkverf(struct rpc_task *task, u32 *p) { - struct rpc_auth *auth = task->tk_auth; struct rpc_cred *cred = task->tk_msg.rpc_cred; dprintk("RPC: %4d validating %s cred %p\n", - task->tk_pid, auth->au_ops->au_name, cred); + task->tk_pid, task->tk_auth->au_ops->au_name, cred); + return cred->cr_ops->crvalidate(task, p); } @@ -363,12 +362,12 @@ rpcauth_unwrap_resp(struct rpc_task *task, kxdrproc_t decode, void *rqstp, int rpcauth_refreshcred(struct rpc_task *task) { - struct rpc_auth *auth = task->tk_auth; struct rpc_cred *cred = task->tk_msg.rpc_cred; int err; dprintk("RPC: %4d refreshing %s cred %p\n", - task->tk_pid, auth->au_ops->au_name, cred); + task->tk_pid, task->tk_auth->au_ops->au_name, cred); + err = cred->cr_ops->crrefresh(task); if (err < 0) task->tk_status = err; diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c index 2387e7b823f..a03d4b600c9 100644 --- a/net/sunrpc/sunrpc_syms.c +++ b/net/sunrpc/sunrpc_syms.c @@ -63,8 +63,6 @@ EXPORT_SYMBOL(rpc_mkpipe); /* Client transport */ EXPORT_SYMBOL(xprt_create_proto); EXPORT_SYMBOL(xprt_set_timeout); -EXPORT_SYMBOL(xprt_udp_slot_table_entries); -EXPORT_SYMBOL(xprt_tcp_slot_table_entries); /* Client credential cache */ EXPORT_SYMBOL(rpcauth_register); diff --git a/net/sunrpc/sysctl.c b/net/sunrpc/sysctl.c index d0c9f460e41..1065904841f 100644 --- a/net/sunrpc/sysctl.c +++ b/net/sunrpc/sysctl.c @@ -119,13 +119,6 @@ done: return 0; } -unsigned int xprt_udp_slot_table_entries = RPC_DEF_SLOT_TABLE; -unsigned int xprt_tcp_slot_table_entries = RPC_DEF_SLOT_TABLE; -unsigned int xprt_min_resvport = RPC_DEF_MIN_RESVPORT; -EXPORT_SYMBOL(xprt_min_resvport); -unsigned int xprt_max_resvport = RPC_DEF_MAX_RESVPORT; -EXPORT_SYMBOL(xprt_max_resvport); - static unsigned int min_slot_table_size = RPC_MIN_SLOT_TABLE; static unsigned int max_slot_table_size = RPC_MAX_SLOT_TABLE; diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c index 2e1529217e6..0a51fd46a84 100644 --- a/net/sunrpc/xprtsock.c +++ b/net/sunrpc/xprtsock.c @@ -36,6 +36,15 @@ #include <net/tcp.h> /* + * xprtsock tunables + */ +unsigned int xprt_udp_slot_table_entries = RPC_DEF_SLOT_TABLE; +unsigned int xprt_tcp_slot_table_entries = RPC_DEF_SLOT_TABLE; + +unsigned int xprt_min_resvport = RPC_DEF_MIN_RESVPORT; +unsigned int xprt_max_resvport = RPC_DEF_MAX_RESVPORT; + +/* * How many times to try sending a request on a socket before waiting * for the socket buffer to clear. */ |