summaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)AuthorFilesLines
2006-12-06rpcgss: krb5: sanity check sealalg value in the downcallJ. Bruce Fields3-30/+5
The sealalg is checked in several places, giving the impression it could be either SEAL_ALG_NONE or SEAL_ALG_DES. But in fact SEAL_ALG_NONE seems to be sufficient only for making mic's, and all the contexts we get must be capable of wrapping as well. So the sealalg must be SEAL_ALG_DES. As with signalg, just check for the right value on the downcall and ignore it otherwise. Similarly, tighten expectations for the sealalg on incoming tokens, in case we do support other values eventually. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpcgss: krb5: clean up some goto's, etc.J. Bruce Fields3-75/+48
Remove some unnecessary goto labels; clean up some return values; etc. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpcgss: simplify make_checksumJ. Bruce Fields4-16/+5
We're doing some pointless translation between krb5 constants and kernel crypto string names. Also clean up some related spkm3 code as necessary. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpcgss: krb5: kill checksum_type, miscellaneous small cleanupJ. Bruce Fields3-20/+4
Previous changes reveal some obvious cruft. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpcgss: krb5: expect a constant signalg valueJ. Bruce Fields2-60/+27
We also only ever receive one value of the signalg, so let's not pretend otherwise Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06gss: krb5: remove signalg and sealalgJ. Bruce Fields3-47/+22
We designed the krb5 context import without completely understanding the context. Now it's clear that there are a number of fields that we ignore, or that we depend on having one single value. In particular, we only support one value of signalg currently; so let's check the signalg field in the downcall (in case we decide there's something else we could support here eventually), but ignore it otherwise. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpc: spkm3 updateOlga Kornievskaia5-162/+166
This updates the spkm3 code to bring it up to date with our current understanding of the spkm3 spec. In doing so, we're changing the downcall format used by gssd in the spkm3 case, which will cause an incompatilibity with old userland spkm3 support. Since the old code a) didn't implement the protocol correctly, and b) was never distributed except in the form of some experimental patches from the citi web site, we're assuming this is OK. We do detect the old downcall format and print warning (and fail). We also include a version number in the new downcall format, to be used in the future in case any further change is required. In some more detail: - fix integrity support - removed dependency on NIDs. instead OIDs are used - known OID values for algorithms added. - fixed some context fields and types Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpc: move process_xdr_bufOlga Kornievskaia2-69/+72
Since process_xdr_buf() is useful outside of the kerberos-specific code, we move it to net/sunrpc/xdr.c, export it, and rename it in keeping with xdr_* naming convention of xdr.c. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpc: gss: fix a kmap_atomic race in krb5 codeJ. Bruce Fields1-2/+2
This code is never called from interrupt context; it's always run by either a user thread or rpciod. So KM_SKB_SUNRPC_DATA is inappropriate here. Thanks to Aimé Le Rouzic for capturing an oops which showed the kernel taking an interrupt while we were in this piece of code, resulting in a nested kmap_atomic(.,KM_SKB_SUNRPC_DATA) call from xdr_partial_copy_from_skb(). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpc: gss: eliminate print_hexl()'sJ. Bruce Fields5-64/+2
Dumping all this data to the logs is wasteful (even when debugging is turned off), and creates too much output to be useful when it's turned on. Fix a minor style bug or two while we're at it. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06SUNRPC: another pmap wakeup fixChuck Lever1-5/+6
Don't wake up bind waiters if a task finds that another task is already trying to bind. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06SUNRPC: Make the transport-specific setup routine allocate rpc_xprtChuck Lever2-45/+59
Change the location where the rpc_xprt structure is allocated so each transport implementation can allocate a private area from the same chunk of memory. Note also that xprt->ops->destroy, rather than xprt_destroy, is now responsible for freeing rpc_xprt when the transport is destroyed. Test plan: Connectathon. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06SUNRPC: Clean up xs_send_pages()Trond Myklebust1-75/+65
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06SUNRPC: Ensure xdr_buf_read_netobj() checks for memory overrunsTrond Myklebust1-33/+26
Also clean up the code... Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06SUNRPC: Add __(read|write)_bytes_from_xdr_bufTrond Myklebust1-29/+37
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06SUNRPC: Clean up argument types in xdr.cTrond Myklebust1-43/+43
Converts various integer buffer offsets and sizes to unsigned integer. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06SUNRPC: Remove BKL around the RPC socket operations etc.Trond Myklebust2-5/+11
All internal RPC client operations should no longer depend on the BKL, however lockd and NFS callbacks may still require it. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06SUNRPC: Fix up missing BKL in asynchronous RPC callback functionsTrond Myklebust2-6/+12
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06SUNRPC: Give cloned RPC clients their own rpc_pipefs directoryTrond Myklebust1-10/+13
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06SUNRPC: Handle the cases where rpc_alloc_iostats() failsTrond Myklebust1-1/+10
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06SUNRPC: Fix a potential race in rpc_wake_up_task()Trond Myklebust1-10/+20
Use RCU to ensure that we can safely call rpc_finish_wakeup after we've called __rpc_do_wake_up_task. If not, there is a theoretical race, in which the rpc_task finishes executing, and gets freed first. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06Fix a second potential rpc_wakeup race...Trond Myklebust4-44/+58
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06Subject: Re: [PATCH] Fix SUNRPC wakeup/execute race conditionChristophe Saout1-4/+6
The sunrpc scheduler contains a race condition that can let an RPC task end up being neither running nor on any wait queue. The race takes place between rpc_make_runnable (called from rpc_wake_up_task) and __rpc_execute under the following condition: First __rpc_execute calls tk_action which puts the task on some wait queue. The task is dequeued by another process before __rpc_execute continues its execution. While executing rpc_make_runnable exactly after setting the task `running' bit and before clearing the `queued' bit __rpc_execute picks up execution, clears `running' and subsequently both functions fall through, both under the false assumption somebody else took the job. Swapping rpc_test_and_set_running with rpc_clear_queued in rpc_make_runnable fixes that hole. This introduces another possible race condition that can be handled by checking for `queued' after setting the `running' bit. Bug noticed on a 4-way x86_64 system under XEN with an NFSv4 server on the same physical machine, apparently one of the few ways to hit this race condition at all. Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Christophe Saout <christophe@saout.de> Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
2006-12-04Merge branch 'for-linus4' of ↵Linus Torvalds16-1/+35
master.kernel.org:/pub/scm/linux/kernel/git/viro/bird * 'for-linus4' of master.kernel.org:/pub/scm/linux/kernel/git/viro/bird: [PATCH] severing poll.h -> mm.h [PATCH] severing skbuff.h -> mm.h [PATCH] severing skbuff.h -> poll.h [PATCH] severing skbuff.h -> highmem.h [PATCH] severing uaccess.h -> sched.h [PATCH] severing fs.h, radix-tree.h -> sched.h [PATCH] severing module.h->sched.h
2006-12-04[PATCH] severing skbuff.h -> mm.hAl Viro10-0/+10
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-12-04[PATCH] severing skbuff.h -> highmem.hAl Viro6-1/+25
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-12-03Merge master.kernel.org:/pub/scm/linux/kernel/git/acme/net-2.6David S. Miller4-139/+237
2006-12-03[XFRM] xfrm_user: Better validation of user templates.David S. Miller1-8/+42
Since we never checked the ->family value of templates before, many applications simply leave it at zero. Detect this and fix it up to be the pol->family value. Also, do not clobber xp->family while reading in templates, that is not necessary. Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-03[DCCP] tfrc: Binary search for reverse TFRC lookupGerrit Renker1-14/+24
This replaces the linear search algorithm for reverse lookup with binary search. It has the advantage of better scalability: O(log2(N)) instead of O(N). This means that the average number of iterations is reduced from 250 (linear search if each value appears equally likely) down to at most 9. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Acked-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
2006-12-03[DCCP] ccid3: Deprecate TFRC_SMALLEST_PGerrit Renker2-18/+6
This patch deprecates the existing use of an arbitrary value TFRC_SMALLEST_P for low-threshold values of p. This avoids masking low-resolution errors. Instead, the code now checks against real boundaries (implemented by preceding patch) and provides warnings whenever a real value falls below the threshold. If such messages are observed, it is a better solution to take this as an indication that the lookup table needs to be re-engineered. Changelog: ---------- This patch * makes handling all TFRC resolution errors local to the TFRC library * removes unnecessary test whether X_calc is 'infinity' due to p==0 -- this condition is already caught by tfrc_calc_x() * removes setting ccid3hctx_p = TFRC_SMALLEST_P in ccid3_hc_tx_packet_recv since this is now done by the TFRC library * updates BUG_ON test in ccid3_hc_tx_no_feedback_timer to take into account that p now is either 0 (and then X_calc is irrelevant), or it is > 0; since the handling of TFRC_SMALLEST_P is now taken care of in the tfrc library Justification: -------------- The TFRC code uses a lookup table which has a bounded resolution. The lowest possible value of the loss event rate `p' which can be resolved is currently 0.0001. Substituting this lower threshold for p when p is less than 0.0001 results in a huge, exponentially-growing error. The error can be computed by the following formula: (f(0.0001) - f(p))/f(p) * 100 for p < 0.0001 Currently the solution is to use an (arbitrary) value TFRC_SMALLEST_P = 40 * 1E-6 = 0.00004 and to consider all values below this value as `virtually zero'. Due to the exponentially growing resolution error, this is not a good idea, since it hides the fact that the table can not resolve practically occurring cases. Already at p == TFRC_SMALLEST_P, the error is as high as 58.19%! Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Acked-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
2006-12-03[DCCP] tfrc: Identify TFRC table limits and simplify codeGerrit Renker1-9/+18
This * adds documentation about the lowest resolution that is possible within the bounds of the current lookup table * defines a constant TFRC_SMALLEST_P which defines this resolution * issues a warning if a given value of p is below resolution * combines two previously adjacent if-blocks of nearly identical structure into one This patch does not change the algorithm as such. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Acked-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
2006-12-03[DCCP] tfrc: Add protection against invalid parameters to TFRC routinesGerrit Renker1-14/+19
1) For the forward X_calc lookup, it * protects effectively against RTT=0 (this case is possible), by returning the maximal lookup value instead of just setting it to 1 * reformulates the array-bounds exceeded condition: this only happens if p is greater than 1E6 (due to the scaling) * the case of negative indices can now with certainty be excluded, since documentation shows that the formulas are within bounds * additional protection against p = 0 (would give divide-by-zero) 2) For the reverse lookup, it warns against * protects against exceeding array bounds * now returns 0 if f(p) = 0, due to function definition * warns about minimal resolution error and returns the smallest table value instead of p=0 [this would mask congestion conditions] Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Acked-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
2006-12-03[DCCP] tfrc: Fix small error in reverse lookup of p for given f(p)Gerrit Renker1-2/+2
This fixes the following small error in tfrc_calc_x_reverse_lookup. 1) The table is generated by the following equations: lookup[index][0] = g((index+1) * 1000000/TFRC_CALC_X_ARRSIZE); lookup[index][1] = g((index+1) * TFRC_CALC_X_SPLIT/TFRC_CALC_X_ARRSIZE); where g(q) is 1E6 * f(q/1E6) 2) The reverse lookup assigns an entry in lookup[index][small] 3) This index needs to match the above, i.e. * if small=0 then p = (index + 1) * 1000000/TFRC_CALC_X_ARRSIZE * if small=1 then p = (index+1) * TFRC_CALC_X_SPLIT/TFRC_CALC_X_ARRSIZE These are exactly the changes that the patch makes; previously the code did not conform to the way the lookup table was generated (this difference resulted in a mean error of about 1.12%). Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Acked-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
2006-12-03[DCCP] tfrc: Document boundaries and limits of the TFRC lookup tableGerrit Renker1-56/+88
This adds documentation for the TCP Reno throughput equation which is at the heart of the TFRC sending rate / loss rate calculations. It spells out precisely how the values were determined and what they mean. The equations were derived through reverse engineering and found to be fully accurate (verified using test programs). This patch does not change any code. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
2006-12-03[DCCP] ccid3: Fix warning message about illegal ACKGerrit Renker1-1/+2
This avoids a (harmless) warning message being printed at the DCCP server (the receiver of a DCCP half connection). Incoming packets are both directed to * ccid_hc_rx_packet_recv() for the server half * ccid_hc_tx_packet_recv() for the client half The message gets printed since on a server the client half is currently not sending data packets. This is resolved for the moment by checking the DCCP-role first. In future times (bidirectional DCCP connections), this test may have to be more sophisticated. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Acked-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
2006-12-03[DCCP] ccid3: Fix bug in calculation of send rateGerrit Renker1-37/+52
The main object of this patch is the following bug: ==> In ccid3_hc_tx_packet_recv, the parameters p and X_recv were updated _after_ the send rate was calculated. This is clearly an error and is resolved by re-ordering statements. In addition, * r_sample is converted from u32 to long to check whether the time difference was negative (it would otherwise be converted to a large u32 value) * protection against RTT=0 (this is possible) is provided in a further patch * t_elapsed is also converted to long, to match the type of r_sample * adds a a more debugging information regarding current send rates * various trivial comment/documentation updates Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Acked-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
2006-12-03[DCCP]: Fix BUG in retransmission delay calculationGerrit Renker1-1/+1
This bug resulted in ccid3_hc_tx_send_packet returning negative delay values, which in turn triggered silently dequeueing packets in dccp_write_xmit. As a result, only a few out of the submitted packets made it at all onto the network. Occasionally, when dccp_wait_for_ccid was involved, this also triggered a bug warning since ccid3_hc_tx_send_packet returned a negative value (which in reality was a negative delay value). The cause for this bug lies in the comparison if (delay >= hctx->ccid3hctx_delta) return delay / 1000L; The type of `delay' is `long', that of ccid3hctx_delta is `u32'. When comparing negative long values against u32 values, the test returned `true' whenever delay was smaller than 0 (meaning the packet was overdue to send). The fix is by casting, subtracting, and then testing the difference with regard to 0. This has been tested and shown to work. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
2006-12-03[DCCP]: Use higher RTO default for CCID3Gerrit Renker2-8/+46
The TFRC nofeedback timer normally expires after the maximum of 4 RTTs and twice the current send interval (RFC 3448, 4.3). On LANs with a small RTT this can mean a high processing load and reduced performance, since then the nofeedback timer is triggered very frequently. This patch provides a configuration option to set the bound for the nofeedback timer, using as default 100 milliseconds. By setting the configuration option to 0, strict RFC 3448 behaviour can be enforced for the nofeedback timer. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
2006-12-02[XFRM]: Fix aevent structuring to be more complete.Jamal Hadi Salim1-1/+3
aevents can not uniquely identify an SA. We break the ABI with this patch, but consensus is that since it is not yet utilized by any (known) application then it is fine (better do it now than later). Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NETFILTER]: xtables: fixes warning on compilation of hashlimitYasuyuki Kozakai1-1/+1
To use ipv6_find_hdr(), IP6_NF_IPTABLES is necessary. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[ROSE] rose_add_loopback_node: propagate -EAlexey Dobriyan1-2/+2
David Binderman's icc logs: net/rose/rose_route.c(399): remark #593: variable "err" was set but never used Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NETFILTER]: nf_conntrack: fix header inclusions for helpersYasuyuki Kozakai5-4/+4
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NETFILTER]: nf_conntrack: EXPORT_SYMBOL cleanupPatrick McHardy10-86/+75
- move EXPORT_SYMBOL next to exported symbol - use EXPORT_SYMBOL_GPL since this is what the original code used Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NETFILTER]: Mark old IPv4-only connection tracking scheduled for removalPatrick McHardy3-5/+5
Also remove the references to "new connection tracking" from Kconfig. After some short stabilization period of the new connection tracking helpers/NAT code the old one will be removed. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NETFILTER]: nf_nat: add SNMP NAT helper portPatrick McHardy3-0/+1348
Add nf_conntrack port of the SNMP NAT helper. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NETFILTER]: nf_conntrack/nf_nat: add TFTP helper portPatrick McHardy6-0/+229
Add IPv4 and IPv6 capable nf_conntrack port of the TFTP conntrack/NAT helper. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NETFILTER]: nf_conntrack/nf_nat: add SIP helper portPatrick McHardy6-0/+832
Add IPv4 and IPv6 capable nf_conntrack port of the SIP conntrack/NAT helper. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NETFILTER]: nf_conntrack/nf_nat: add PPTP helper portPatrick McHardy9-0/+1449
Add nf_conntrack port of the PPtP conntrack/NAT helper. Since there seems to be no IPv6-capable PPtP implementation the helper only support IPv4. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NETFILTER]: nf_conntrack: add NetBIOS name service helper portPatrick McHardy3-0/+145
Add nf_conntrack port of the NetBIOS name service conntrack helper. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NETFILTER]: nf_conntrack/nf_nat: add IRC helper portPatrick McHardy6-0/+404
Add nf_conntrack port of the IRC conntrack/NAT helper. Since DCC doesn't support IPv6 yet, the helper is still IPv4 only. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>