summaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2007-03-26[NET]: Correct accept(2) recovery after sock_attach_fd()Alexey Dobriyan
* d_alloc() in sock_attach_fd() fails leaving ->f_dentry of new file NULL * bail out to out_fd label, doing fput()/__fput() on new file * but __fput() assumes valid ->f_dentry and dereferences it Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25[NET_SCHED]: Fix ingress lockingPatrick McHardy
Ingress queueing uses a seperate lock for serializing enqueue operations, but fails to properly protect itself against concurrent changes to the qdisc tree. Use queue_lock for now since the real fix it quite intrusive. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25[NET_SCHED]: cls_basic: fix NULL pointer dereferencePatrick McHardy
cls_basic doesn't allocate tp->root before it is linked into the active classifier list, resulting in a NULL pointer dereference when packets hit the classifier before its ->change function is called. Reported by Chris Madden <chris@reflexsecurity.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25[DCCP]: make dccp_write_xmit_timer() static againAdrian Bunk
dccp_write_xmit_timer() needlessly became global. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25[IPV6]: Fix routing round-robin locking.David S. Miller
As per RFC2461, section 6.3.6, item #2, when no routers on the matching list are known to be reachable or probably reachable we do round robin on those available routes so that we make sure to probe as many of them as possible to detect when one becomes reachable faster. Each routing table has a rwlock protecting the tree and the linked list of routes at each leaf. The round robin code executes during lookup and thus with the rwlock taken as a reader. A small local spinlock tries to provide protection but this does not work at all for two reasons: 1) The round-robin list manipulation, as coded, goes like this (with read lock held): walk routes finding head and tail spin_lock(); rotate list using head and tail spin_unlock(); While one thread is rotating the list, another thread can end up with stale values of head and tail and then proceed to corrupt the list when it gets the lock. This ends up causing the OOPS in fib6_add() later onthat many people have been hitting. 2) All the other code paths that run with the rwlock held as a reader do not expect the list to change on them, they expect it to remain completely fixed while they hold the lock in that way. So, simply stated, it is impossible to implement this correctly using a manipulation of the list without violating the rwlock locking semantics. Reimplement using a per-fib6_node round-robin pointer. This way we don't need to manipulate the list at all, and since the round-robin pointer can only ever point to real existing entries we don't need to perform any locking on the changing of the round-robin pointer itself. We only need to reset the round-robin pointer to NULL when the entry it is pointing to is removed. The idea is from Thomas Graf and it is very similar to how this was implemented before the advanced router selection code when in. Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25[DECNet] fib: Fix out of bound access of dn_fib_props[]Thomas Graf
Fixes a typo which caused fib_props[] to have the wrong size and makes sure the value used to index the array which is provided by userspace via netlink is checked to avoid out of bound access. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25[IPv4] fib: Fix out of bound access of fib_props[]Thomas Graf
Fixes a typo which caused fib_props[] to have the wrong size and makes sure the value used to index the array which is provided by userspace via netlink is checked to avoid out of bound access. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25[NET] AX.25 Kconfig and docs updates and fixesRalf Baechle
o The AX.25 Howto is unmaintained since several years. I've replaced it with a wiki at http://www.linux-ax25.org which provides more uptodate information. o Change default for AX25_DAMA_SLAVE to Y. AX25_DAMA_SLAVE only compiles in support for DAMA but doesn't activate it. I hope this gets Linux distributions to ship their AX.25 kernels with AX25_DAMA_SLAVE enabled. The price for this would be very small. o Delete historic changelog from comments, that's what SCM systems are meant to do. o ---help--- in Kconfig looks so yellingly eye insulting. Use just help. o Rewrite the commented out piece of old Linux 2.4 configuration language to Kconfig for consistency. o Fixup dependencies. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25[NET]: Fix neighbour destructor handling.Alexey Kuznetsov
->neigh_destructor() is killed (not used), replaced with ->neigh_cleanup(), which is called when neighbor entry goes to dead state. At this point everything is still valid: neigh->dev, neigh->parms etc. The device should guarantee that dead neighbor entries (neigh->dead != 0) do not get private part initialized, otherwise nobody will cleanup it. I think this is enough for ipoib which is the only user of this thing. Initialization private part of neighbor entries happens in ipib start_xmit routine, which is not reached when device is down. But it would be better to add explicit test for neigh->dead in any case. Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25[NET]: Fix fib_rules compatibility breakageThomas Graf
Based upon a patch from Patrick McHardy. The fib_rules netlink attribute policy introduced in 2.6.19 broke userspace compatibilty. When specifying a rule with "from all" or "to all", iproute adds a zero byte long netlink attribute, but the policy requires all addresses to have a size equal to sizeof(struct in_addr)/sizeof(struct in6_addr), resulting in a validation error. Check attribute length of FRA_SRC/FRA_DST in the generic framework by letting the family specific rules implementation provide the length of an address. Report an error if address length is non zero but no address attribute is provided. Fix actual bug by checking address length for non-zero instead of relying on availability of attribute. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-24[PATCH] fix typos in net/ieee80211/KconfigPatrick Ringl
This is just a QA / cosmetic fix .. [ "a modules" => "a module" ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-22[NETFILTER]: nat: avoid rerouting packets if only XFRM policy key changedPatrick McHardy
Currently NAT not only reroutes packets in the OUTPUT chain when the routing key changed, but also if only the non-routing part of the IPsec policy key changed. This breaks ping -I since it doesn't use SO_BINDTODEVICE but IP_PKTINFO cmsg to specify the output device, and this information is lost. Only do full rerouting if the routing key changed, and just do a new policy lookup with the old route if only the ports changed. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-22[NETFILTER]: nf_conntrack_netlink: add missing dependency on NF_NATPatrick McHardy
NF_CT_NETLINK=y, NF_NAT=m results in: LD .tmp_vmlinux1 net/built-in.o: dans la fonction « nfnetlink_parse_nat_proto »: nf_conntrack_netlink.c:(.text+0x28db9): référence indéfinie vers « nf_nat_proto_find_get » nf_conntrack_netlink.c:(.text+0x28dd6): référence indéfinie vers « nf_nat_proto_put » net/built-in.o: dans la fonction « ctnetlink_new_conntrack »: nf_conntrack_netlink.c:(.text+0x29959): référence indéfinie vers « nf_nat_setup_info » nf_conntrack_netlink.c:(.text+0x29b35): référence indéfinie vers « nf_nat_setup_info » nf_conntrack_netlink.c:(.text+0x29cf7): référence indéfinie vers « nf_nat_setup_info » nf_conntrack_netlink.c:(.text+0x29de2): référence indéfinie vers « nf_nat_setup_info » make: *** [.tmp_vmlinux1] Erreur 1 Reported by Kevin Baradon <kevin.baradon@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-22[NET]: fix up misplaced inlines.Dave Jones
Turning up the warnings on gcc makes it emit warnings about the placement of 'inline' in function declarations. Here's everything that was under net/ Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-22[SCTP]: Correctly reset ssthresh when restarting associationVlad Yasevich
Reset ssthresh to the correct value (peer's a_rwnd) when restarting association. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-22[BRIDGE]: Fix fdb RCU racePatrick McHardy
br_fdb_get use atomic_inc to increase the refcount of an element found on a RCU protected list, which can lead to the following race: CPU0 CPU1 br_fdb_get: rcu_read_lock __br_fdb_get: find element fdb_delete: hlist_del_rcu br_fdb_put br_fdb_put: atomic_dec_and_test call_rcu(fdb_rcu_free) br_fdb_get: atomic_inc rcu_read_unlock fdb_rcu_free: kmem_cache_free Use atomic_inc_not_zero instead. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-22[NET]: Fix fib_rules dump racePatrick McHardy
fib_rules_dump needs to use list_for_each_entry_rcu to protect against concurrent changes to the rules list. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-20[XFRM]: ipsecv6 needs a space when printing audit record.Joy Latten
This patch adds a space between printing of the src and dst ipv6 addresses. Otherwise, audit or other test tools may fail to process the audit record properly because they cannot find the dst address. Signed-off-by: Joy Latten <latten@austin.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-20[X25] x25_forward_call(): fix NULL dereferencesAdrian Bunk
This patch fixes two NULL dereferences spotted by the Coverity checker. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-20[SCTP]: Reset some transport and association variables on restartVlad Yasevich
If the association has been restarted, we need to reset the transport congestion variables as well as accumulated error counts and CACC variables. If we do not, the association will use the wrong values and may terminate prematurely. This was found with a scenario where the peer restarted the association when lksctp was in the last HB timeout for its association. The restart happened, but the error counts have not been reset and when the timeout occurred, a newly restarted association was terminated due to excessive retransmits. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-20[SCTP]: Increment error counters on user requested HBs.Vlad Yasevich
2960bis states (Section 8.3): D) Request an on-demand HEARTBEAT on a specific destination transport address of a given association. The endpoint should increment the respective error counter of the destination transport address each time a HEARTBEAT is sent to that address and not acknowledged within one RTO. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-20[SCTP]: Clean up stale data during association restartVlad Yasevich
During association restart we may have stale data sitting on the ULP queue waiting for ordering or reassembly. This data may cause severe problems if not cleaned up. In particular stale data pending ordering may cause problems with receive window exhaustion if our peer has decided to restart the association. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-20[IrDA]: Calling ppp_unregister_channel() from process contextSamuel Ortiz
We need to call ppp_unregister_channel() when IrNET disconnects, and this must be done from a process context. Bug reported and patch tested by Guennadi Liakhovetski. Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-20[IrDA]: irttp_dup spin_lock initialisationG. Liakhovetski
Without this initialization one gets kernel BUG at kernel/rtmutex_common.h:80! This patch should also be included in the -stable kernel. Signed-off-by: G. Liakhovetski <gl@dsa-ac.de> Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-16[IPV6]: ipv6_fl_socklist is inadvertently shared.Masayuki Nakagawa
The ipv6_fl_socklist from listening socket is inadvertently shared with new socket created for connection. This leads to a variety of interesting, but fatal, bugs. For example, removing one of the sockets may lead to the other socket's encountering a page fault when the now freed list is referenced. The fix is to not share the flow label list with the new socket. Signed-off-by: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-16[TCP]: Fix tcp_mem[] initialization.John Heffner
Change tcp_mem initialization function. The fraction of total memory is now a continuous function of memory size, and independent of page size. Signed-off-by: John Heffner <jheffner@psc.edu> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-16[NET]: Copy mac_len in skb_clone() as wellAlexey Dobriyan
ANK says: "It is rarely used, that's wy it was not noticed. But in the places, where it is used, it should be disaster." Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-16[IPV4]: Do not disable preemption in trie_leaf_remove().Robert Olsson
Hello, Just discussed this Patrick... We have two users of trie_leaf_remove, fn_trie_flush and fn_trie_delete both are holding RTNL. So there shouldn't be need for this preempt stuff. This is assumed to a leftover from an older RCU-take. > Mhh .. I think I just remembered something - me incorrectly suggesting > to add it there while we were talking about this at OLS :) IIRC the > idea was to make sure tnode_free (which at that time didn't use > call_rcu) wouldn't free memory while still in use in a rcu read-side > critical section. It should have been synchronize_rcu of course, > but with tnode_free using call_rcu it seems to be completely > unnecessary. So I guess we can simply remove it. Signed-off-by: Robert Olsson <robert.olsson@its.uu.se> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-12[XFRM]: Fix missing protocol comparison of larval SAs.Joy Latten
I noticed that in xfrm_state_add we look for the larval SA in a few places without checking for protocol match. So when using both AH and ESP, whichever one gets added first, deletes the larval SA. It seems AH always gets added first and ESP is always the larval SA's protocol since the xfrm->tmpl has it first. Thus causing the additional km_query() Adding the check eliminates accidental double SA creation. Signed-off-by: Joy Latten <latten@austin.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-12[WANROUTER]: Delete superfluous source file "net/wanrouter/af_wanpipe.c".Robert P. J. Day
Delete the apparently superfluous source file net/wanrouter/af_wanpipe.c. Signed-off-by: Robert P. J. Day <rpjday@mindspring.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-12[IPV4]: Fix warning in ip_mc_rejoin_group.Geert Uytterhoeven
Kill warning about unused variable `in_dev' when CONFIG_IP_MULTICAST is not set. Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-12[ROSE]: Socket locking is a great invention.Ralf Baechle
Especially if you actually try to do it ;-) Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-12[ROSE]: Remove ourselves from waitqueue when receiving a signalRalf Baechle
Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-12[NetLabel]: parse the CIPSO ranged tag on incoming packetsPaul Moore
Commit 484b366932be0b73a22c74a82748ca10a721643e added support for the CIPSO ranged categories tag. However, it appears that I made a mistake when rebasing then patch to the latest upstream sources for submission and dropped the part of the patch that actually parses the tag on incoming packets. This patch fixes this mistake by adding the required function call to the cipso_v4_skbuff_getattr() function. I've run this patch over the weekend and have not noticed any problems. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-09[IPV6] fix ipv6_getsockopt_sticky copy_to_user leakChris Wright
User supplied len < 0 can cause leak of kernel memory. Use unsigned compare instead. Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-09[IPV6]: Fix for ipv6_setsockopt NULL dereferenceOlaf Kirch
I came across this bug in http://bugzilla.kernel.org/show_bug.cgi?id=8155 Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-09[DCCP]: Initialise write_xmit_timer also on passive socketsGerrit Renker
The TX CCID needs the write_xmit_timer for delaying packet sends. Previously this timer was only activated on active (connecting) sockets. This patch initialises the write_xmit_timer in sync with the other timers, i.e. the timer will be ready on any socket. This is used by applications with a listening socket which start to stream after receiving an initiation by the client. The write_xmit_timer is stopped when the application closes, as before. Was tested to work and to remove the timer bug reported on dccp@vger. Also moved timer initialisation into timer.c (static). Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Acked-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-09[IPV4]: Fix rtm_to_ifaddr() error handling.Evgeniy Polyakov
Return negative error value (embedded in the pointer) instead of returning NULL. Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-08[SCTP] ipv6: inconsistent lock state ipv6_add_addr/sctp_v6_copy_addrlistJarek Poplawski
lockdep found that dev->lock taken from softirq in ipv6_add_addr is also taken in sctp_v6_copy_addrlist with softirqs enabled, so lockup is possible. Noticed-by: Simon Arlott <simon@arlott.org> Signed-off-by: Jarek Poplawski <jarkao2@o2.pl> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-08[PATCH] bluetooth: fix socket locking in hci_sock_dev_event()Jiri Kosina
[Bluetooth] Fix socket locking in hci_sock_dev_event() hci_sock_dev_event() uses bh_lock_sock() to lock the socket lock. This is not deadlock-safe against locking of the same socket lock in l2cap_connect_cfm() from softirq context. In addition to that, hci_sock_dev_event() doesn't seem to be called from softirq context, so it is safe to use lock_sock()/release_sock() instead. The lockdep warning can be triggered on my T42p simply by switching the Bluetooth off by the keyboard button. ================================= [ INFO: inconsistent lock state ] 2.6.21-rc2 #4 --------------------------------- inconsistent {in-softirq-W} -> {softirq-on-W} usage. khubd/156 [HC0[0]:SC0[0]:HE1:SE1] takes: (slock-AF_BLUETOOTH){-+..}, at: [<e0ca5520>] hci_sock_dev_event+0xa8/0xc5 [bluetooth] {in-softirq-W} state was registered at: [<c012d1db>] mark_lock+0x59/0x414 [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<c012dfd7>] __lock_acquire+0x3e5/0xb99 [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<c012e7f2>] lock_acquire+0x67/0x81 [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<c036ee72>] _spin_lock+0x29/0x34 [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<e0ca17c3>] hci_send_cmd+0x126/0x14f [bluetooth] [<e0ca4ce4>] hci_event_packet+0x729/0xebd [bluetooth] [<e0ca205b>] hci_rx_task+0x2a/0x20f [bluetooth] [<e0ca209d>] hci_rx_task+0x6c/0x20f [bluetooth] [<c012d7be>] trace_hardirqs_on+0x10d/0x14e [<c011ac85>] tasklet_action+0x3d/0x68 [<c011abba>] __do_softirq+0x41/0x92 [<c011ac32>] do_softirq+0x27/0x3d [<c0105134>] do_IRQ+0x7b/0x8f [<c0103dec>] common_interrupt+0x24/0x34 [<c0103df6>] common_interrupt+0x2e/0x34 [<c0248e65>] acpi_processor_idle+0x1b3/0x34a [<c0248e68>] acpi_processor_idle+0x1b6/0x34a [<c010232b>] cpu_idle+0x39/0x4e [<c04bab0c>] start_kernel+0x372/0x37a [<c04ba42b>] unknown_bootoption+0x0/0x202 [<ffffffff>] 0xffffffff Signed-off-by: Jiri Kosina <jkosina@suse.cz> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-07[BRIDGE]: adding new device to bridge should enable if upAji Srinivas
One change introduced by the workqueue removal patch is that adding an interface that is up to a bridge which is also up does not ever call br_stp_enable_port(), leaving the port in DISABLED state until we do ifconfig down and up or link events occur. The following patch to the br_add_if function fixes it. This is a regression introduced in 2.6.21. Submitted-by: Aji_Srinivas@emc.com Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-07[IPV6]: Do not set IF_READY if device is downHerbert Xu
Now that we add the IPv6 device at registration time we don't need to set IF_READY in ipv6_add_dev anymore because we will always get a NETDEV_UP event later on should the device ever become ready. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-07[IPSEC]: xfrm audit hook misplaced in pfkey_delete and xfrm_del_saEric Paris
Inside pfkey_delete and xfrm_del_sa the audit hooks were not called if there was any permission/security failures in attempting to do the del operation (such as permission denied from security_xfrm_state_delete). This patch moves the audit hook to the exit path such that all failures (and successes) will actually get audited. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Venkat Yekkirala <vyekkirala@trustedcs.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-07[IPSEC]: Add xfrm policy change auditing to pfkey_spdgetEric Paris
pfkey_spdget neither had an LSM security hook nor auditing for the removal of xfrm_policy structs. The security hook was added when it was moved into xfrm_policy_byid instead of the callers to that function by my earlier patch and this patch adds the auditing hooks as well. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Venkat Yekkirala <vyekkirala@trustedcs.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-07[IPSEC]: xfrm_policy delete security check misplacedEric Paris
The security hooks to check permissions to remove an xfrm_policy were actually done after the policy was removed. Since the unlinking and deletion are done in xfrm_policy_by* functions this moves the hooks inside those 2 functions. There we have all the information needed to do the security check and it can be done before the deletion. Since auditing requires the result of that security check err has to be passed back and forth from the xfrm_policy_by* functions. This patch also fixes a bug where a deletion that failed the security check could cause improper accounting on the xfrm_policy (xfrm_get_policy didn't have a put on the exit path for the hold taken by xfrm_policy_by*) It also fixes the return code when no policy is found in xfrm_add_pol_expire. In old code (at least back in the 2.6.18 days) err wasn't used before the return when no policy is found and so the initialization would cause err to be ENOENT. But since err has since been used above when we don't get a policy back from the xfrm_policy_by* function we would always return 0 instead of the intended ENOENT. Also fixed some white space damage in the same area. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Venkat Yekkirala <vyekkirala@trustedcs.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-07[DCCP]: Revert patch which disables bidirectional modeGerrit Renker
This reverts an earlier patch which disabled bidirectional mode, meaning that a listening (passive) socket was not allowed to write to the other (active) end of the connection. This mode had been disabled when there were problems with CCID3, but it imposes a constraint on socket programming and thus hinders deployment. A change is included to ignore RX feedback received by the TX CCID3 module. Many thanks to Andre Noll for pointing out this issue. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-07[IPV6]: Handle np->opt being NULL in ipv6_getsockopt_sticky().David S. Miller
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-07[UDP]: Reread uh pointer after pskb_trimHerbert Xu
The header may have moved when trimming. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-07[NETFILTER]: nfnetlink_log: fix crash on bridged packetPatrick McHardy
physoutdev is only set on purely bridged packet, when nfnetlink_log is used in the OUTPUT/FORWARD/POSTROUTING hooks on packets forwarded from or to a bridge it crashes when trying to dereference skb->nf_bridge->physoutdev. Reported by Holger Eitzenberger <heitzenberger@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-07[NETFILTER]: nfnetlink_log: zero-terminate prefixPatrick McHardy
Userspace expects a zero-terminated string, so include the trailing zero in the netlink message. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>