1. 22 Apr, 2009 11 commits
  2. 20 Apr, 2009 1 commit
  3. 16 Apr, 2009 1 commit
    • Patrick McHardy's avatar
      netfilter: nf_nat: add support for persistent mappings · 98d500d6
      Patrick McHardy authored
      The removal of the SAME target accidentally removed one feature that is
      not available from the normal NAT targets so far, having multi-range
      mappings that use the same mapping for each connection from a single
      client. The current behaviour is to choose the address from the range
      based on source and destination IP, which breaks when communicating
      with sites having multiple addresses that require all connections to
      originate from the same IP address.
      
      Introduce a IP_NAT_RANGE_PERSISTENT option that controls whether the
      destination address is taken into account for selecting addresses.
      
      http://bugzilla.kernel.org/show_bug.cgi?id=12954
      
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      98d500d6
  4. 11 Apr, 2009 1 commit
    • Vlad Yasevich's avatar
      ipv6: Fix NULL pointer dereference with time-wait sockets · 499923c7
      Vlad Yasevich authored
      Commit b2f5e7cd
      
      
      (ipv6: Fix conflict resolutions during ipv6 binding)
      introduced a regression where time-wait sockets were
      not treated correctly.  This resulted in the following:
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000062
      IP: [<ffffffff805d7d61>] ipv4_rcv_saddr_equal+0x61/0x70
      ...
      Call Trace:
      [<ffffffffa033847b>] ipv6_rcv_saddr_equal+0x1bb/0x250 [ipv6]
      [<ffffffffa03505a8>] inet6_csk_bind_conflict+0x88/0xd0 [ipv6]
      [<ffffffff805bb18e>] inet_csk_get_port+0x1ee/0x400
      [<ffffffffa0319b7f>] inet6_bind+0x1cf/0x3a0 [ipv6]
      [<ffffffff8056d17c>] ? sockfd_lookup_light+0x3c/0xd0
      [<ffffffff8056ed49>] sys_bind+0x89/0x100
      [<ffffffff80613ea2>] ? trace_hardirqs_on_thunk+0x3a/0x3c
      [<ffffffff8020bf9b>] system_call_fastpath+0x16/0x1b
      Tested-by: default avatarBrian Haley <brian.haley@hp.com>
      Tested-by: default avatarEd Tomlinson <edt@aei.ca>
      Signed-off-by: default avatarVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      499923c7
  5. 06 Apr, 2009 1 commit
  6. 02 Apr, 2009 1 commit
  7. 27 Mar, 2009 17 commits
    • Paul Moore's avatar
      netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections · 07feee8f
      Paul Moore authored
      
      
      This patch cleans up a lot of the Smack network access control code.  The
      largest changes are to fix the labeling of incoming TCP connections in a
      manner similar to the recent SELinux changes which use the
      security_inet_conn_request() hook to label the request_sock and let the label
      move to the child socket via the normal network stack mechanisms.  In addition
      to the incoming TCP connection fixes this patch also removes the smk_labled
      field from the socket_smack struct as the minor optimization advantage was
      outweighed by the difficulty in maintaining it's proper state.
      Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      07feee8f
    • Paul Moore's avatar
      netlabel: Label incoming TCP connections correctly in SELinux · 389fb800
      Paul Moore authored
      
      
      The current NetLabel/SELinux behavior for incoming TCP connections works but
      only through a series of happy coincidences that rely on the limited nature of
      standard CIPSO (only able to convey MLS attributes) and the write equality
      imposed by the SELinux MLS constraints.  The problem is that network sockets
      created as the result of an incoming TCP connection were not on-the-wire
      labeled based on the security attributes of the parent socket but rather based
      on the wire label of the remote peer.  The issue had to do with how IP options
      were managed as part of the network stack and where the LSM hooks were in
      relation to the code which set the IP options on these newly created child
      sockets.  While NetLabel/SELinux did correctly set the socket's on-the-wire
      label it was promptly cleared by the network stack and reset based on the IP
      options of the remote peer.
      
      This patch, in conjunction with a prior patch that adjusted the LSM hook
      locations, works to set the correct on-the-wire label format for new incoming
      connections through the security_inet_conn_request() hook.  Besides the
      correct behavior there are many advantages to this change, the most significant
      is that all of the NetLabel socket labeling code in SELinux now lives in hooks
      which can return error codes to the core stack which allows us to finally get
      ride of the selinux_netlbl_inode_permission() logic which greatly simplfies
      the NetLabel/SELinux glue code.  In the process of developing this patch I
      also ran into a small handful of AF_INET6 cleanliness issues that have been
      fixed which should make the code safer and easier to extend in the future.
      Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      389fb800
    • Johannes Berg's avatar
      mac80211/iwlwifi: move virtual A-MDPU queue bookkeeping to iwlwifi · e4e72fb4
      Johannes Berg authored
      
      
      This patch removes all the virtual A-MPDU-queue bookkeeping from
      mac80211. Curiously, iwlwifi already does its own bookkeeping, so
      it doesn't require much changes except where it needs to handle
      starting and stopping the queues in mac80211.
      
      To handle the queue stop/wake properly, we rewrite the software
      queue number for aggregation frames and internally to iwlwifi keep
      track of the queues that map into the same AC queue, and only talk
      to mac80211 about the AC queue. The implementation requires calling
      two new functions, iwl_stop_queue and iwl_wake_queue instead of the
      mac80211 counterparts.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Cc: Reinette Chattre <reinette.chatre@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      e4e72fb4
    • Johannes Berg's avatar
      mac80211: fix aggregation to not require queue stop · cd8ffc80
      Johannes Berg authored
      
      
      Instead of stopping the entire AC queue when enabling aggregation
      (which was only done for hardware with aggregation queues) buffer
      the packets for each station, and release them to the pending skb
      queue once aggregation is turned on successfully.
      
      We get a little more code, but it becomes conceptually simpler and
      we can remove the entire virtual queue mechanism from mac80211 in
      a follow-up patch.
      
      This changes how mac80211 behaves towards drivers that support
      aggregation but have no hardware queues -- those drivers will now
      not be handed packets while the aggregation session is being
      established, but only after it has been fully established.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      cd8ffc80
    • Johannes Berg's avatar
      mac80211: unify and fix TX aggregation start · b1720231
      Johannes Berg authored
      
      
      When TX aggregation becomes operational, we do a number of steps:
       1) print a debug message
       2) wake the virtual queue
       3) notify the driver
      
      Unfortunately, 1) and 3) are only done if the driver is first to
      reply to the aggregation request, it is, however, possible that the
      remote station replies before the driver! Thus, unify the code for
      this and call the new function ieee80211_agg_tx_operational in both
      places where TX aggregation can become operational.
      
      Additionally, rename the driver notification from
      IEEE80211_AMPDU_TX_RESUME to IEEE80211_AMPDU_TX_OPERATIONAL.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      b1720231
    • Johannes Berg's avatar
      mac80211: rate control status only for controlled packets · 2b874e83
      Johannes Berg authored
      
      
      This patch changes mac80211 to not notify the rate control algorithm's
      tx_status() method when reporting status for a packet that didn't go
      through the rate control algorithm's get_rate() method.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      2b874e83
    • Kalle Valo's avatar
      mac80211: add beacon filtering support · 04de8381
      Kalle Valo authored
      
      
      Add IEEE80211_HW_BEACON_FILTERING flag so that driver inform that it supports
      beacon filtering. Drivers need to call the new function
      ieee80211_beacon_loss() to notify about beacon loss.
      Signed-off-by: default avatarKalle Valo <kalle.valo@nokia.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      04de8381
    • Kalle Valo's avatar
      cfg80211: add feature to hold bss · a08c1c1a
      Kalle Valo authored
      
      
      In beacon filtering there needs to be a way to not expire the BSS even
      when no beacons are received. Add an interface to cfg80211 to hold
      BSS and make sure that it's not expired.
      Signed-off-by: default avatarKalle Valo <kalle.valo@nokia.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      a08c1c1a
    • Kalle Valo's avatar
      mac80211: disable power save when scanning · 9050bdd8
      Kalle Valo authored
      
      
      When software scanning we need to disable power save so that all possible
      probe responses and beacons are received. For hardware scanning assume that
      hardware will take care of that and document that assumption.
      Signed-off-by: default avatarKalle Valo <kalle.valo@nokia.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      9050bdd8
    • Jouni Malinen's avatar
      nl80211: Remove NL80211_CMD_SET_MGMT_EXTRA_IE · 65fc73ac
      Jouni Malinen authored
      
      
      The functionality that NL80211_CMD_SET_MGMT_EXTRA_IE provided can now
      be achieved with cleaner design by adding IE(s) into
      NL80211_CMD_TRIGGER_SCAN, NL80211_CMD_AUTHENTICATE,
      NL80211_CMD_ASSOCIATE, NL80211_CMD_DEAUTHENTICATE, and
      NL80211_CMD_DISASSOCIATE.
      
      Since this is a very recently added command and there are no known (or
      known planned) applications using NL80211_CMD_SET_MGMT_EXTRA_IE and
      taken into account how much extra complexity it adds to the IE
      processing we have now (and need to add in the future to fix IE order
      in couple of frames), it looks like the best option is to just remove
      the implementation of this command for now. The enum values themselves
      are left to avoid changing the nl80211 command or attribute numbers.
      Signed-off-by: default avatarJouni Malinen <jouni.malinen@atheros.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      65fc73ac
    • Jouni Malinen's avatar
      nl80211: Add MLME primitives to support external SME · 636a5d36
      Jouni Malinen authored
      
      
      This patch adds new nl80211 commands to allow user space to request
      authentication and association (and also deauthentication and
      disassociation). The commands are structured to allow separate
      authentication and association steps, i.e., the interface between
      kernel and user space is similar to the MLME SAP interface in IEEE
      802.11 standard and an user space application takes the role of the
      SME.
      
      The patch introduces MLME-AUTHENTICATE.request,
      MLME-{,RE}ASSOCIATE.request, MLME-DEAUTHENTICATE.request, and
      MLME-DISASSOCIATE.request primitives. The authentication and
      association commands request the actual operations in two steps
      (assuming the driver supports this; if not, separate authentication
      step is skipped; this could end up being a separate "connect"
      command).
      
      The initial implementation for mac80211 uses the current
      net/mac80211/mlme.c for actual sending and processing of management
      frames and the new nl80211 commands will just stop the current state
      machine from moving automatically from authentication to association.
      Future cleanup may move more of the MLME operations into cfg80211.
      
      The goal of this design is to provide more control of authentication and
      association process to user space without having to move the full MLME
      implementation. This should be enough to allow IEEE 802.11r FT protocol
      and 802.11s SAE authentication to be implemented. Obviously, this will
      also bring the extra benefit of not having to use WEXT for association
      requests with mac80211. An example implementation of a user space SME
      using the new nl80211 commands is available for wpa_supplicant.
      
      This patch is enough to get IEEE 802.11r FT protocol working with
      over-the-air mechanism (over-the-DS will need additional MLME
      primitives for handling the FT Action frames).
      Signed-off-by: default avatarJouni Malinen <j@w1.fi>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      636a5d36
    • Jouni Malinen's avatar
      nl80211: Event notifications for MLME events · 6039f6d2
      Jouni Malinen authored
      
      
      Add new nl80211 event notifications (and a new multicast group, "mlme")
      for informing user space about received and processed Authentication,
      (Re)Association Response, Deauthentication, and Disassociation frames in
      station and IBSS modes (i.e., MLME SAP interface primitives
      MLME-AUTHENTICATE.confirm, MLME-ASSOCIATE.confirm,
      MLME-REASSOCIATE.confirm, MLME-DEAUTHENTICATE.indicate, and
      MLME-DISASSOCIATE.indication). The event data is encapsulated as the 802.11
      management frame since we already have the frame in that format and it
      includes all the needed information.
      
      This is the initial step in providing MLME SAP interface for
      authentication and association with nl80211. In other words, kernel code
      will act as the MLME and a user space application can control it as the
      SME.
      Signed-off-by: default avatarJouni Malinen <j@w1.fi>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      6039f6d2
    • Johannes Berg's avatar
      mac80211: kill IEEE80211_CONF_SHORT_SLOT_TIME · b3a90285
      Johannes Berg authored
      
      
      No drivers use it any more, so it can now be removed safely.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      b3a90285
    • Johannes Berg's avatar
      wireless: radiotap updates · aae89831
      Johannes Berg authored
      
      
      Radiotap was updated to include a "bad PLCP" flag and standardise
      the "bad FCS" flag in the "flags" rather than "RX flags" field,
      this patch updates Linux to that standard.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      aae89831
    • Johannes Berg's avatar
      mac80211: reduce max number of queues · 51b38147
      Johannes Berg authored
      
      
      No hw/driver actually supports more than four queues right now,
      and we allocate a number of things per queue which means we
      waste a bit of memory. Reduce the maximum number to four to
      accurately reflect what we do (and need for QoS). Even if we
      had hardware supporting more queues we couldn't take advantage
      of that right now anyway.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      51b38147
    • Johannes Berg's avatar
      mac80211: remove ieee80211_num_regular_queues · 176be728
      Johannes Berg authored
      
      
      This inline is useless and actually makes the code _longer_
      rather than shorter.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      176be728
    • Thierry Reding's avatar
      net: Add support for the OpenCores 10/100 Mbps Ethernet MAC. · a1702857
      Thierry Reding authored
      
      
      This patch adds a platform device driver that supports the OpenCores 10/100
      Mbps Ethernet MAC.
      
      The driver expects three resources: one IORESOURCE_MEM resource defines the
      memory region for the core's memory-mapped registers while a second
      IORESOURCE_MEM resource defines the network packet buffer space. The third
      resource, of type IORESOURCE_IRQ, associates an interrupt with the driver.
      Signed-off-by: default avatarThierry Reding <thierry.reding@avionic-design.de>
      Acked-by: default avatarFlorian Fainelli <florian@openwrt.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a1702857
  8. 25 Mar, 2009 6 commits
  9. 24 Mar, 2009 1 commit