1. 04 Aug, 2006 1 commit
    • Ilpo Järvinen's avatar
      [PKT_SCHED] RED: Fix overflow in calculation of queue average · c4c0ce5c
      Ilpo Järvinen authored
      
      
      Overflow can occur very easily with 32 bits, e.g., with 1 second
      us_idle is approx. 2^20, which leaves only 11-Wlog bits for queue
      length. Since the EWMA exponent is typically around 9, queue
      lengths larger than 2^2 cause overflow. Whether the affected
      branch is taken when us_idle is as high as 1 second, depends on
      Scell_log, but with rather reasonable configuration Scell_log is
      large enough to cause p->Stab to have zero index, which always
      results zero shift (typically also few other small indices result
      in zero shift).
      Signed-off-by: default avatarIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c4c0ce5c
  2. 02 Aug, 2006 5 commits
    • Alexey Dobriyan's avatar
      [NET]: Fix more per-cpu typos · 29bbd72d
      Alexey Dobriyan authored
      
      Signed-off-by: default avatarAlexey Dobriyan <adobriyan@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      29bbd72d
    • Catherine Zhang's avatar
      [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch · dc49c1f9
      Catherine Zhang authored
      
      
      From: Catherine Zhang <cxzhang@watson.ibm.com>
      
      This patch implements a cleaner fix for the memory leak problem of the
      original unix datagram getpeersec patch.  Instead of creating a
      security context each time a unix datagram is sent, we only create the
      security context when the receiver requests it.
      
      This new design requires modification of the current
      unix_getsecpeer_dgram LSM hook and addition of two new hooks, namely,
      secid_to_secctx and release_secctx.  The former retrieves the security
      context and the latter releases it.  A hook is required for releasing
      the security context because it is up to the security module to decide
      how that's done.  In the case of Selinux, it's a simple kfree
      operation.
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dc49c1f9
    • Tom Tucker's avatar
      [NET]: Network Event Notifier Mechanism. · 792d1932
      Tom Tucker authored
      
      
      This patch uses notifier blocks to implement a network event
      notifier mechanism.
      
      Clients register their callback function by calling
      register_netevent_notifier() like this:
      
      static struct notifier_block nb = {
              .notifier_call = my_callback_func
      };
      
      ...
      
      register_netevent_notifier(&nb);
      Signed-off-by: default avatarTom Tucker <tom@opengridcomputing.com>
      Signed-off-by: default avatarSteve Wise <swise@opengridcomputing.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      792d1932
    • Wei Yongjun's avatar
      [TCP]: SNMPv2 tcpAttemptFails counter error · 3687b1dc
      Wei Yongjun authored
      
      
      Refer to RFC2012, tcpAttemptFails is defined as following:
        tcpAttemptFails OBJECT-TYPE
            SYNTAX      Counter32
            MAX-ACCESS  read-only
            STATUS      current
            DESCRIPTION
                    "The number of times TCP connections have made a direct
                    transition to the CLOSED state from either the SYN-SENT
                    state or the SYN-RCVD state, plus the number of times TCP
                    connections have made a direct transition to the LISTEN
                    state from the SYN-RCVD state."
            ::= { tcp 7 }
      
      When I lookup into RFC793, I found that the state change should occured
      under following condition:
        1. SYN-SENT -> CLOSED
           a) Received ACK,RST segment when SYN-SENT state.
      
        2. SYN-RCVD -> CLOSED
           b) Received SYN segment when SYN-RCVD state(came from LISTEN).
           c) Received RST segment when SYN-RCVD state(came from SYN-SENT).
           d) Received SYN segment when SYN-RCVD state(came from SYN-SENT).
      
        3. SYN-RCVD -> LISTEN
           e) Received RST segment when SYN-RCVD state(came from LISTEN).
      
      In my test, those direct state transition can not be counted to
      tcpAttemptFails.
      Signed-off-by: default avatarWei Yongjun <yjwei@nanjing-fnst.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3687b1dc
    • Herbert Xu's avatar
      [IPV6]: Audit all ip6_dst_lookup/ip6_dst_store calls · 497c615a
      Herbert Xu authored
      
      
      The current users of ip6_dst_lookup can be divided into two classes:
      
      1) The caller holds no locks and is in user-context (UDP).
      2) The caller does not want to lookup the dst cache at all.
      
      The second class covers everyone except UDP because most people do
      the cache lookup directly before calling ip6_dst_lookup.  This patch
      adds ip6_sk_dst_lookup for the first class.
      
      Similarly ip6_dst_store users can be divded into those that need to
      take the socket dst lock and those that don't.  This patch adds
      __ip6_dst_store for those (everyone except UDP/datagram) that don't
      need an extra lock.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      497c615a
  3. 24 Jul, 2006 1 commit
  4. 21 Jul, 2006 3 commits
  5. 14 Jul, 2006 1 commit
  6. 08 Jul, 2006 1 commit
  7. 05 Jul, 2006 1 commit
    • Joseph Jezak's avatar
      [PATCH] SoftMAC: Prevent multiple authentication attempts on the same network · cb74c432
      Joseph Jezak authored
      
      
      This patch addresses the "No queue exists" messages commonly seen during
      authentication and associating.  These appear due to scheduling multiple
      authentication attempts on the same network.  To prevent this, I added a
      flag to stop multiple authentication attempts by the association layer.
      I also added a check to the wx handler to see if we're connecting to a
      different network than the one already in progress.  This scenario was
      causing multiple requests on the same network because the network BSSID
      was not being updated despite the fact that the ESSID changed.
      Signed-off-by: default avatarJoseph Jezak <josejx@gentoo.org>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      cb74c432
  8. 03 Jul, 2006 9 commits
  9. 02 Jul, 2006 1 commit
  10. 30 Jun, 2006 3 commits
    • Herbert Xu's avatar
      [IPV6]: Added GSO support for TCPv6 · f83ef8c0
      Herbert Xu authored
      
      
      This patch adds GSO support for IPv6 and TCPv6.  This is based on a patch
      by Ananda Raju <Ananda.Raju@neterion.com>.  His original description is:
      
      	This patch enables TSO over IPv6. Currently Linux network stacks
      	restricts TSO over IPv6 by clearing of the NETIF_F_TSO bit from
      	"dev->features". This patch will remove this restriction.
      
      	This patch will introduce a new flag NETIF_F_TSO6 which will be used
      	to check whether device supports TSO over IPv6. If device support TSO
      	over IPv6 then we don't clear of NETIF_F_TSO and which will make the
      	TCP layer to create TSO packets. Any device supporting TSO over IPv6
      	will set NETIF_F_TSO6 flag in "dev->features" along with NETIF_F_TSO.
      
      	In case when user disables TSO using ethtool, NETIF_F_TSO will get
      	cleared from "dev->features". So even if we have NETIF_F_TSO6 we don't
      	get TSO packets created by TCP layer.
      
      	SKB_GSO_TCPV4 renamed to SKB_GSO_TCP to make it generic GSO packet.
      	SKB_GSO_UDPV4 renamed to SKB_GSO_UDP as UFO is not a IPv4 feature.
      	UFO is supported over IPv6 also
      
      	The following table shows there is significant improvement in
      	throughput with normal frames and CPU usage for both normal and jumbo.
      
      	--------------------------------------------------
      	|          |     1500        |      9600         |
      	|          ------------------|-------------------|
      	|          | thru     CPU    |  thru     CPU     |
      	--------------------------------------------------
      	| TSO OFF  | 2.00   5.5% id  |  5.66   20.0% id  |
      	--------------------------------------------------
      	| TSO ON   | 2.63   78.0 id  |  5.67   39.0% id  |
      	--------------------------------------------------
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f83ef8c0
    • Herbert Xu's avatar
      [NET]: Generalise TSO-specific bits from skb_setup_caps · bcd76111
      Herbert Xu authored
      
      
      This patch generalises the TSO-specific bits from sk_setup_caps by adding
      the sk_gso_type member to struct sock.  This makes sk_setup_caps generic
      so that it can be used by TCPv6 or UFO.
      
      The only catch is that whoever uses this must provide a GSO implementation
      for their protocol which I think is a fair deal :) For now UFO continues to
      live without a GSO implementation which is OK since it doesn't use the sock
      caps field at the moment.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bcd76111
    • Herbert Xu's avatar
      [IPV6]: Added GSO support for TCPv6 · adcfc7d0
      Herbert Xu authored
      
      
      This patch adds GSO support for IPv6 and TCPv6.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      adcfc7d0
  11. 29 Jun, 2006 4 commits
    • Michael Chan's avatar
      [NET]: Add ECN support for TSO · b0da8537
      Michael Chan authored
      
      
      In the current TSO implementation, NETIF_F_TSO and ECN cannot be
      turned on together in a TCP connection.  The problem is that most
      hardware that supports TSO does not handle CWR correctly if it is set
      in the TSO packet.  Correct handling requires CWR to be set in the
      first packet only if it is set in the TSO header.
      
      This patch adds the ability to turn on NETIF_F_TSO and ECN using
      GSO if necessary to handle TSO packets with CWR set.  Hardware
      that handles CWR correctly can turn on NETIF_F_TSO_ECN in the dev->
      features flag.
      
      All TSO packets with CWR set will have the SKB_GSO_TCPV4_ECN set.  If
      the output device does not have the NETIF_F_TSO_ECN feature set, GSO
      will split the packet up correctly with CWR only set in the first
      segment.
      
      With help from Herbert Xu <herbert@gondor.apana.org.au>.
      
      Since ECN can always be enabled with TSO, the SOCK_NO_LARGESEND sock
      flag is completely removed.
      Signed-off-by: default avatarMichael Chan <mchan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b0da8537
    • Catherine Zhang's avatar
      [AF_UNIX]: Datagram getpeersec · 877ce7c1
      Catherine Zhang authored
      
      
      This patch implements an API whereby an application can determine the
      label of its peer's Unix datagram sockets via the auxiliary data mechanism of
      recvmsg.
      
      Patch purpose:
      
      This patch enables a security-aware application to retrieve the
      security context of the peer of a Unix datagram socket.  The application
      can then use this security context to determine the security context for
      processing on behalf of the peer who sent the packet.
      
      Patch design and implementation:
      
      The design and implementation is very similar to the UDP case for INET
      sockets.  Basically we build upon the existing Unix domain socket API for
      retrieving user credentials.  Linux offers the API for obtaining user
      credentials via ancillary messages (i.e., out of band/control messages
      that are bundled together with a normal message).  To retrieve the security
      context, the application first indicates to the kernel such desire by
      setting the SO_PASSSEC option via getsockopt.  Then the application
      retrieves the security context using the auxiliary data mechanism.
      
      An example server application for Unix datagram socket should look like this:
      
      toggle = 1;
      toggle_len = sizeof(toggle);
      
      setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
      recvmsg(sockfd, &msg_hdr, 0);
      if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
          cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
          if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
              cmsg_hdr->cmsg_level == SOL_SOCKET &&
              cmsg_hdr->cmsg_type == SCM_SECURITY) {
              memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
          }
      }
      
      sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
      a server socket to receive security context of the peer.
      
      Testing:
      
      We have tested the patch by setting up Unix datagram client and server
      applications.  We verified that the server can retrieve the security context
      using the auxiliary data mechanism of recvmsg.
      Signed-off-by: default avatarCatherine Zhang <cxzhang@watson.ibm.com>
      Acked-by: default avatarAcked-by: James Morris <jmorris@namei.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      877ce7c1
    • Shuya MAEDA's avatar
    • Herbert Xu's avatar
      [NET]: Added GSO header verification · 576a30eb
      Herbert Xu authored
      
      
      When GSO packets come from an untrusted source (e.g., a Xen guest domain),
      we need to verify the header integrity before passing it to the hardware.
      
      Since the first step in GSO is to verify the header, we can reuse that
      code by adding a new bit to gso_type: SKB_GSO_DODGY.  Packets with this
      bit set can only be fed directly to devices with the corresponding bit
      NETIF_F_GSO_ROBUST.  If the device doesn't have that bit, then the skb
      is fed to the GSO engine which will allow the packet to be sent to the
      hardware if it passes the header check.
      
      This patch changes the sg flag to a full features flag.  The same method
      can be used to implement TSO ECN support.  We simply have to mark packets
      with CWR set with SKB_GSO_ECN so that only hardware with a corresponding
      NETIF_F_TSO_ECN can accept them.  The GSO engine can either fully segment
      the packet, or segment the first MTU and pass the rest to the hardware for
      further segmentation.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      576a30eb
  12. 26 Jun, 2006 1 commit
  13. 23 Jun, 2006 4 commits
    • Randy Dunlap's avatar
      [NET]: fix net-core kernel-doc · f4b8ea78
      Randy Dunlap authored
      
      
      Warning(/var/linsrc/linux-2617-g4//include/linux/skbuff.h:304): No description found for parameter 'dma_cookie'
      Warning(/var/linsrc/linux-2617-g4//include/net/sock.h:1274): No description found for parameter 'copied_early'
      Warning(/var/linsrc/linux-2617-g4//net/core/dev.c:3309): No description found for parameter 'chan'
      Warning(/var/linsrc/linux-2617-g4//net/core/dev.c:3309): No description found for parameter 'event'
      Signed-off-by: default avatarRandy Dunlap <rdunlap@xenotime.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f4b8ea78
    • Herbert Xu's avatar
      [NET]: Added GSO toggle · 37c3185a
      Herbert Xu authored
      
      
      This patch adds a generic segmentation offload toggle that can be turned
      on/off for each net device.  For now it only supports in TCPv4.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      37c3185a
    • Herbert Xu's avatar
      [NET]: Add software TSOv4 · f4c50d99
      Herbert Xu authored
      
      
      This patch adds the GSO implementation for IPv4 TCP.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f4c50d99
    • Herbert Xu's avatar
      [NET]: Merge TSO/UFO fields in sk_buff · 7967168c
      Herbert Xu authored
      
      
      Having separate fields in sk_buff for TSO/UFO (tso_size/ufo_size) is not
      going to scale if we add any more segmentation methods (e.g., DCCP).  So
      let's merge them.
      
      They were used to tell the protocol of a packet.  This function has been
      subsumed by the new gso_type field.  This is essentially a set of netdev
      feature bits (shifted by 16 bits) that are required to process a specific
      skb.  As such it's easy to tell whether a given device can process a GSO
      skb: you just have to and the gso_type field and the netdev's features
      field.
      
      I've made gso_type a conjunction.  The idea is that you have a base type
      (e.g., SKB_GSO_TCPV4) that can be modified further to support new features.
      For example, if we add a hardware TSO type that supports ECN, they would
      declare NETIF_F_TSO | NETIF_F_TSO_ECN.  All TSO packets with CWR set would
      have a gso_type of SKB_GSO_TCPV4 | SKB_GSO_TCPV4_ECN while all other TSO
      packets would be SKB_GSO_TCPV4.  This means that only the CWR packets need
      to be emulated in software.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7967168c
  14. 20 Jun, 2006 2 commits
    • David S. Miller's avatar
      [SCTP]: Fix unintentional change to SCTP_ASSERT when !SCTP_DEBUG · 65fd28f7
      David S. Miller authored
      
      
      A local debugging change slipped into a previous changeset.
      
      When SCTP_DEBUG is off SCTP_ASSERT should do nothing.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      65fd28f7
    • Herbert Xu's avatar
      [NET]: Prevent multiple qdisc runs · 48d83325
      Herbert Xu authored
      
      
      Having two or more qdisc_run's contend against each other is bad because
      it can induce packet reordering if the packets have to be requeued.  It
      appears that this is an unintended consequence of relinquinshing the queue
      lock while transmitting.  That in turn is needed for devices that spend a
      lot of time in their transmit routine.
      
      There are no advantages to be had as devices with queues are inherently
      single-threaded (the loopback device is not but then it doesn't have a
      queue).
      
      Even if you were to add a queue to a parallel virtual device (e.g., bolt
      a tbf filter in front of an ipip tunnel device), you would still want to
      process the queue in sequence to ensure that the packets are ordered
      correctly.
      
      The solution here is to steal a bit from net_device to prevent this.
      
      BTW, as qdisc_restart is no longer used by anyone as a module inside the
      kernel (IIRC it used to with netif_wake_queue), I have not exported the
      new __qdisc_run function.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      48d83325
  15. 17 Jun, 2006 3 commits