1. 16 Apr, 2010 1 commit
  2. 07 Apr, 2010 1 commit
    • Jouni Malinen's avatar
      cfg80211: Add local-state-change-only auth/deauth/disassoc · d5cdfacb
      Jouni Malinen authored
      cfg80211 is quite strict on allowing authentication and association
      commands only in certain states. In order to meet these requirements,
      user space applications may need to clear authentication or
      association state in some cases. Currently, this can be done with
      deauth/disassoc command, but that ends up sending out Deauthentication
      or Disassociation frame unnecessarily. Add a new nl80211 attribute to
      allow this sending of the frame be skipped, but with all other
      deauth/disassoc operations being completed.
      Similar state change is also needed for IEEE 802.11r FT protocol in
      the FT-over-DS case which does not use Authentication frame exchange
      in a transition to another BSS. For this to work with cfg80211, an
      authentication entry needs to be created for the target BSS without
      sending out an Authentication frame. The nl80211 authentication
      command can be used for this purpose, too, with the new attribute to
      indicate that the command is only for changing local state. This
      enables wpa_supplicant to complete FT-over-DS transition successfully.
      Signed-off-by: default avatarJouni Malinen <j@w1.fi>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  3. 31 Mar, 2010 3 commits
  4. 24 Mar, 2010 2 commits
  5. 23 Mar, 2010 1 commit
  6. 09 Mar, 2010 1 commit
  7. 08 Mar, 2010 1 commit
  8. 07 Mar, 2010 1 commit
  9. 05 Mar, 2010 2 commits
    • Zhu Yi's avatar
      net: backlog functions rename · a3a858ff
      Zhu Yi authored
      sk_add_backlog -> __sk_add_backlog
      sk_add_backlog_limited -> sk_add_backlog
      Signed-off-by: default avatarZhu Yi <yi.zhu@intel.com>
      Acked-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Zhu Yi's avatar
      net: add limit for socket backlog · 8eae939f
      Zhu Yi authored
      We got system OOM while running some UDP netperf testing on the loopback
      device. The case is multiple senders sent stream UDP packets to a single
      receiver via loopback on local host. Of course, the receiver is not able
      to handle all the packets in time. But we surprisingly found that these
      packets were not discarded due to the receiver's sk->sk_rcvbuf limit.
      Instead, they are kept queuing to sk->sk_backlog and finally ate up all
      the memory. We believe this is a secure hole that a none privileged user
      can crash the system.
      The root cause for this problem is, when the receiver is doing
      __release_sock() (i.e. after userspace recv, kernel udp_recvmsg ->
      skb_free_datagram_locked -> release_sock), it moves skbs from backlog to
      sk_receive_queue with the softirq enabled. In the above case, multiple
      busy senders will almost make it an endless loop. The skbs in the
      backlog end up eat all the system memory.
      The issue is not only for UDP. Any protocols using socket backlog is
      potentially affected. The patch adds limit for socket backlog so that
      the backlog size cannot be expanded endlessly.
      Reported-by: default avatarAlex Shi <alex.shi@intel.com>
      Cc: David Miller <davem@davemloft.net>
      Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
      Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru
      Cc: "Pekka Savola (ipv6)" <pekkas@netcore.fi>
      Cc: Patrick McHardy <kaber@trash.net>
      Cc: Vlad Yasevich <vladislav.yasevich@hp.com>
      Cc: Sridhar Samudrala <sri@us.ibm.com>
      Cc: Jon Maloy <jon.maloy@ericsson.com>
      Cc: Allan Stephens <allan.stephens@windriver.com>
      Cc: Andrew Hendry <andrew.hendry@gmail.com>
      Signed-off-by: default avatarZhu Yi <yi.zhu@intel.com>
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Acked-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  10. 04 Mar, 2010 1 commit
  11. 03 Mar, 2010 2 commits
  12. 27 Feb, 2010 4 commits
    • Marcel Holtmann's avatar
      Bluetooth: Add controller types for BR/EDR and 802.11 AMP · 943da25d
      Marcel Holtmann authored
      With the Bluetooth 3.0 specification and the introduction of alternate
      MAC/PHY (AMP) support, it is required to differentiate between primary
      BR/EDR controllers and 802.11 AMP controllers. So introduce a special
      type inside HCI device for differentiation.
      For now all AMP controllers will be treated as raw devices until an
      AMP manager has been implemented.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
    • Marcel Holtmann's avatar
      Bluetooth: Convert inquiry cache to use debugfs instead of sysfs · ca325f69
      Marcel Holtmann authored
      The output of the inquiry cache is only useful for debugging purposes
      and so move it into debugfs.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
    • Marcel Holtmann's avatar
      Bluetooth: Convert controller hdev->type to hdev->bus · c13854ce
      Marcel Holtmann authored
      The hdev->type is misnamed and should be actually hdev->bus instead. So
      convert it now.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
    • Patrick McHardy's avatar
      rtnetlink: support specifying device flags on device creation · 3729d502
      Patrick McHardy authored
      commit e8469ed959c373c2ff9e6f488aa5a14971aebe1f
      Author: Patrick McHardy <kaber@trash.net>
      Date:   Tue Feb 23 20:41:30 2010 +0100
      Support specifying the initial device flags when creating a device though
      rtnl_link. Devices allocated by rtnl_create_link() are marked as INITIALIZING
      in order to surpress netlink registration notifications. To complete setup,
      rtnl_configure_link() must be called, which performs the device flag changes
      and invokes the deferred notifiers if everything went well.
      Two examples:
      # add macvlan to eth0
      $ ip link add link eth0 up allmulticast on type macvlan
      [LINK]11: macvlan0@eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
          link/ether 26:f8:84:02:f9:2a brd ff:ff:ff:ff:ff:ff
      [ROUTE]ff00::/8 dev macvlan0  table local  metric 256  mtu 1500 advmss 1440 hoplimit 0
      [ROUTE]fe80::/64 dev macvlan0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
      [LINK]11: macvlan0@eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500
          link/ether 26:f8:84:02:f9:2a
      [ADDR]11: macvlan0    inet6 fe80::24f8:84ff:fe02:f92a/64 scope link
             valid_lft forever preferred_lft forever
      [ROUTE]local fe80::24f8:84ff:fe02:f92a via :: dev lo  table local  proto none  metric 0  mtu 16436 advmss 16376 hoplimit 0
      [ROUTE]default via fe80::215:e9ff:fef0:10f8 dev macvlan0  proto kernel  metric 1024  mtu 1500 advmss 1440 hoplimit 0
      [NEIGH]fe80::215:e9ff:fef0:10f8 dev macvlan0 lladdr 00:15:e9:f0:10:f8 router STALE
      [ROUTE]2001:6f8:974::/64 dev macvlan0  proto kernel  metric 256  expires 0sec mtu 1500 advmss 1440 hoplimit 0
      [PREFIX]prefix 2001:6f8:974::/64 dev macvlan0 onlink autoconf valid 14400 preferred 131084
      [ADDR]11: macvlan0    inet6 2001:6f8:974:0:24f8:84ff:fe02:f92a/64 scope global dynamic
             valid_lft 86399sec preferred_lft 14399sec
      # add VLAN to eth1, eth1 is down
      $ ip link add link eth1 up type vlan id 1000
      RTNETLINK answers: Network is down
      <no events>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  13. 26 Feb, 2010 1 commit
  14. 25 Feb, 2010 1 commit
    • Paul E. McKenney's avatar
      net: Add checking to rcu_dereference() primitives · a898def2
      Paul E. McKenney authored
      Update rcu_dereference() primitives to use new lockdep-based
      checking. The rcu_dereference() in __in6_dev_get() may be
      protected either by rcu_read_lock() or RTNL, per Eric Dumazet.
      The rcu_dereference() in __sk_free() is protected by the fact
      that it is never reached if an update could change it.  Check
      for this by using rcu_dereference_check() to verify that the
      struct sock's ->sk_wmem_alloc counter is zero.
      Acked-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Cc: laijs@cn.fujitsu.com
      Cc: dipankar@in.ibm.com
      Cc: mathieu.desnoyers@polymtl.ca
      Cc: josh@joshtriplett.org
      Cc: dvhltc@us.ibm.com
      Cc: niv@us.ibm.com
      Cc: peterz@infradead.org
      Cc: rostedt@goodmis.org
      Cc: Valdis.Kletnieks@vt.edu
      Cc: dhowells@redhat.com
      LKML-Reference: <1266887105-1528-5-git-send-email-paulmck@linux.vnet.ibm.com>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
  15. 22 Feb, 2010 4 commits
  16. 19 Feb, 2010 1 commit
    • Kalle Valo's avatar
      nl80211: add power save commands · ffb9eb3d
      Kalle Valo authored
      The most needed command from nl80211, which Wireless Extensions had,
      is support for power save mode. Add a simple command to make it possible
      to enable and disable power save via nl80211.
      I was also planning about extending the interface, for example adding the
      timeout value, but after thinking more about this I decided not to do it.
      Basically there were three reasons:
      Firstly, the parameters for power save are very much hardware dependent.
      Trying to find a unified interface which would work with all hardware, and
      still make sense to users, will be very difficult.
      Secondly, IEEE 802.11 power save implementation in Linux is still in state
      of flux. We have a long way to still to go and there is no way to predict
      what kind of implementation we will have after few years. And because we
      need to support nl80211 interface a long time, practically forever, adding
      now parameters to nl80211 might create maintenance problems later on.
      Third issue are the users. Power save parameters are mostly used for
      debugging, so debugfs is better, more flexible, interface for this.
      For example, wpa_supplicant currently doesn't configure anything related
      to power save mode. It's better to strive that kernel can automatically
      optimise the power save parameters, like with help of pm qos network
      and other traffic parameters.
      Later on, when we have better understanding of power save, we can extend
      this command with more features, if there's a need for that.
      Signed-off-by: default avatarKalle Valo <kalle.valo@nokia.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  17. 18 Feb, 2010 7 commits
  18. 17 Feb, 2010 3 commits
    • Stephen Hemminger's avatar
      IPv6: convert mc_lock to spinlock · 6457d26b
      Stephen Hemminger authored
      Only used for writing, so convert to spinlock
      Signed-off-by: default avatarStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Joe Perches's avatar
      ipv6.h: reassembly: replace calculated magic number with multiplication · 9874c41c
      Joe Perches authored
      On Tue, 2010-02-16 at 16:47 +0100, Patrick McHardy wrote:
      > Joe Perches wrote:
      > >> @@ -246,6 +246,8 @@ extern int ipv6_opt_accepted(struct sock *sk, struct sk_buff *skb);
      > >>  int ip6_frag_nqueues(struct net *net);
      > >>  int ip6_frag_mem(struct net *net);
      > >>
      > >> +#define IPV6_FRAG_HIGH_THRESH	262144		/* == 256*1024 */
      > >> +#define IPV6_FRAG_LOW_THRESH	196608		/* == 192*1024 */
      > >>  #define IPV6_FRAG_TIMEOUT	(60*HZ)		/* 60 seconds */
      > >
      > > 196608 isn't a number I want to remember.
      > > Is this better as:
      > >
      > > #define IPV6_FRAG_HIGH_THRESH	(256 * 1024)	/* 262144 */
      > > #define IPV6_FRAG_LOW_THRESH	(192 * 1024)	/* 196608 */
      > Please send a patch, I'll apply it once these patches are in Dave's
      > tree.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Tejun Heo's avatar
      percpu: add __percpu sparse annotations to net · 7d720c3e
      Tejun Heo authored
      Add __percpu sparse annotations to net.
      These annotations are to make sparse consider percpu variables to be
      in a different address space and warn if accessed without going
      through percpu accessors.  This patch doesn't affect normal builds.
      The macro and type tricks around snmp stats make things a bit
      interesting.  DEFINE/DECLARE_SNMP_STAT() macros mark the target field
      as __percpu and SNMP_UPD_PO_STATS() macro is updated accordingly.  All
      snmp_mib_*() users which used to cast the argument to (void **) are
      updated to cast it to (void __percpu **).
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
      Cc: Patrick McHardy <kaber@trash.net>
      Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
      Cc: Vlad Yasevich <vladislav.yasevich@hp.com>
      Cc: netdev@vger.kernel.org
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  19. 16 Feb, 2010 1 commit
  20. 15 Feb, 2010 2 commits
    • Jouni Malinen's avatar
      cfg80211/mac80211: allow registering for and sending action frames · 026331c4
      Jouni Malinen authored
      This implements a new command to register for action frames
      that userspace wants to handle instead of the in-kernel
      rejection. It is then responsible for rejecting ones that
      it decided not to handle. There is no unregistration, but
      the socket can be closed for that.
      Frames that are not registered for will not be forwarded
      to userspace and will be rejected by the kernel, the
      cfg80211 API helps implementing that.
      Additionally, this patch adds a new command that allows
      doing action frame transmission from userspace. It can be
      used either to exchange action frames on the current
      operational channel (e.g., with the AP with which we are
      currently associated) or to exchange off-channel Public
      Action frames with the remain-on-channel command.
      Signed-off-by: default avatarJouni Malinen <jouni.malinen@atheros.com>
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    • Patrick McHardy's avatar
      netfilter: nf_conntrack: add support for "conntrack zones" · 5d0aa2cc
      Patrick McHardy authored
      Normally, each connection needs a unique identity. Conntrack zones allow
      to specify a numerical zone using the CT target, connections in different
      zones can use the same identity.
      iptables -t raw -A PREROUTING -i veth0 -j CT --zone 1
      iptables -t raw -A OUTPUT -o veth1 -j CT --zone 1
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>