diff options
author | Tony Luck <tony.luck@intel.com> | 2005-07-13 12:15:43 -0700 |
---|---|---|
committer | Tony Luck <tony.luck@intel.com> | 2005-07-13 12:15:43 -0700 |
commit | 99ad25a313bda566a346b46a6015afa65bc0a02b (patch) | |
tree | b9443fed1ab74f320c4ee0791864ee96d7c069df /net/ipv4 | |
parent | f62c4a96f74d6c6dd56d1742697e94a5c2085e87 (diff) | |
parent | 9a556e89081b0c1c2f83cee915363b15a68a6f2d (diff) |
Auto merge with /home/aegl/GIT/linus
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/Kconfig | 25 | ||||
-rw-r--r-- | net/ipv4/ip_output.c | 9 | ||||
-rw-r--r-- | net/ipv4/ipvs/Kconfig | 4 | ||||
-rw-r--r-- | net/ipv4/ipvs/ip_vs_conn.c | 6 | ||||
-rw-r--r-- | net/ipv4/ipvs/ip_vs_ctl.c | 9 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_standalone.c | 7 | ||||
-rw-r--r-- | net/ipv4/route.c | 2 |
7 files changed, 24 insertions, 38 deletions
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig index 3e63123f7bbd..df5386885a90 100644 --- a/net/ipv4/Kconfig +++ b/net/ipv4/Kconfig @@ -3,7 +3,6 @@ # config IP_MULTICAST bool "IP: multicasting" - depends on INET help This is code for addressing several networked computers at once, enlarging your kernel by about 2 KB. You need multicasting if you @@ -17,7 +16,6 @@ config IP_MULTICAST config IP_ADVANCED_ROUTER bool "IP: advanced router" - depends on INET ---help--- If you intend to run your Linux box mostly as a router, i.e. as a computer that forwards and redistributes network packets, say Y; you @@ -183,7 +181,6 @@ config IP_ROUTE_VERBOSE config IP_PNP bool "IP: kernel level autoconfiguration" - depends on INET help This enables automatic configuration of IP addresses of devices and of the routing table during kernel boot, based on either information @@ -242,7 +239,6 @@ config IP_PNP_RARP # bool ' IP: ARP support' CONFIG_IP_PNP_ARP config NET_IPIP tristate "IP: tunneling" - depends on INET select INET_TUNNEL ---help--- Tunneling means encapsulating data of one protocol type within @@ -260,7 +256,6 @@ config NET_IPIP config NET_IPGRE tristate "IP: GRE tunnels over IP" - depends on INET select XFRM help Tunneling means encapsulating data of one protocol type within @@ -319,7 +314,7 @@ config IP_PIMSM_V2 config ARPD bool "IP: ARP daemon support (EXPERIMENTAL)" - depends on INET && EXPERIMENTAL + depends on EXPERIMENTAL ---help--- Normally, the kernel maintains an internal cache which maps IP addresses to hardware addresses on the local network, so that @@ -344,7 +339,6 @@ config ARPD config SYN_COOKIES bool "IP: TCP syncookie support (disabled per default)" - depends on INET ---help--- Normal TCP/IP networking is open to an attack known as "SYN flooding". This denial-of-service attack prevents legitimate remote @@ -381,7 +375,6 @@ config SYN_COOKIES config INET_AH tristate "IP: AH transformation" - depends on INET select XFRM select CRYPTO select CRYPTO_HMAC @@ -394,7 +387,6 @@ config INET_AH config INET_ESP tristate "IP: ESP transformation" - depends on INET select XFRM select CRYPTO select CRYPTO_HMAC @@ -408,7 +400,6 @@ config INET_ESP config INET_IPCOMP tristate "IP: IPComp transformation" - depends on INET select XFRM select INET_TUNNEL select CRYPTO @@ -421,7 +412,6 @@ config INET_IPCOMP config INET_TUNNEL tristate "IP: tunnel transformation" - depends on INET select XFRM ---help--- Support for generic IP tunnel transformation, which is required by @@ -431,7 +421,6 @@ config INET_TUNNEL config IP_TCPDIAG tristate "IP: TCP socket monitoring interface" - depends on INET default y ---help--- Support for TCP socket monitoring interface used by native Linux @@ -447,7 +436,6 @@ config IP_TCPDIAG_IPV6 config TCP_CONG_ADVANCED bool "TCP: advanced congestion control" - depends on INET ---help--- Support for selection of various TCP congestion control modules. @@ -463,7 +451,6 @@ menu "TCP congestion control" config TCP_CONG_BIC tristate "Binary Increase Congestion (BIC) control" - depends on INET default y ---help--- BIC-TCP is a sender-side only change that ensures a linear RTT @@ -478,7 +465,6 @@ config TCP_CONG_BIC config TCP_CONG_WESTWOOD tristate "TCP Westwood+" - depends on INET default m ---help--- TCP Westwood+ is a sender-side only modification of the TCP Reno @@ -493,7 +479,6 @@ config TCP_CONG_WESTWOOD config TCP_CONG_HTCP tristate "H-TCP" - depends on INET default m ---help--- H-TCP is a send-side only modifications of the TCP Reno @@ -505,7 +490,7 @@ config TCP_CONG_HTCP config TCP_CONG_HSTCP tristate "High Speed TCP" - depends on INET && EXPERIMENTAL + depends on EXPERIMENTAL default n ---help--- Sally Floyd's High Speed TCP (RFC 3649) congestion control. @@ -516,7 +501,7 @@ config TCP_CONG_HSTCP config TCP_CONG_HYBLA tristate "TCP-Hybla congestion control algorithm" - depends on INET && EXPERIMENTAL + depends on EXPERIMENTAL default n ---help--- TCP-Hybla is a sender-side only change that eliminates penalization of @@ -526,7 +511,7 @@ config TCP_CONG_HYBLA config TCP_CONG_VEGAS tristate "TCP Vegas" - depends on INET && EXPERIMENTAL + depends on EXPERIMENTAL default n ---help--- TCP Vegas is a sender-side only change to TCP that anticipates @@ -537,7 +522,7 @@ config TCP_CONG_VEGAS config TCP_CONG_SCALABLE tristate "Scalable TCP" - depends on INET && EXPERIMENTAL + depends on EXPERIMENTAL default n ---help--- Scalable TCP is a sender-side only change to TCP which uses a diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 9de83e6e0f1d..80d13103b2b0 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -107,7 +107,6 @@ static int ip_dev_loopback_xmit(struct sk_buff *newskb) newskb->pkt_type = PACKET_LOOPBACK; newskb->ip_summed = CHECKSUM_UNNECESSARY; BUG_TRAP(newskb->dst); - nf_reset(newskb); netif_rx(newskb); return 0; } @@ -188,14 +187,6 @@ static inline int ip_finish_output2(struct sk_buff *skb) skb = skb2; } -#ifdef CONFIG_BRIDGE_NETFILTER - /* bridge-netfilter defers calling some IP hooks to the bridge layer - * and still needs the conntrack reference. - */ - if (skb->nf_bridge == NULL) -#endif - nf_reset(skb); - if (hh) { int hh_alen; diff --git a/net/ipv4/ipvs/Kconfig b/net/ipv4/ipvs/Kconfig index 63a82b4b64bb..c9820bfc493a 100644 --- a/net/ipv4/ipvs/Kconfig +++ b/net/ipv4/ipvs/Kconfig @@ -2,11 +2,11 @@ # IP Virtual Server configuration # menu "IP: Virtual Server Configuration" - depends on INET && NETFILTER + depends on NETFILTER config IP_VS tristate "IP virtual server support (EXPERIMENTAL)" - depends on INET && NETFILTER + depends on NETFILTER ---help--- IP Virtual Server support will let you build a high-performance virtual server based on cluster of two or more real servers. This diff --git a/net/ipv4/ipvs/ip_vs_conn.c b/net/ipv4/ipvs/ip_vs_conn.c index 9f16ab309106..d0145a8b1551 100644 --- a/net/ipv4/ipvs/ip_vs_conn.c +++ b/net/ipv4/ipvs/ip_vs_conn.c @@ -758,7 +758,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp) return 1; } - +/* Called from keventd and must protect itself from softirqs */ void ip_vs_random_dropentry(void) { int idx; @@ -773,7 +773,7 @@ void ip_vs_random_dropentry(void) /* * Lock is actually needed in this loop. */ - ct_write_lock(hash); + ct_write_lock_bh(hash); list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) { if (!cp->cport && !(cp->flags & IP_VS_CONN_F_NO_CPORT)) @@ -806,7 +806,7 @@ void ip_vs_random_dropentry(void) ip_vs_conn_expire_now(cp->control); } } - ct_write_unlock(hash); + ct_write_unlock_bh(hash); } } diff --git a/net/ipv4/ipvs/ip_vs_ctl.c b/net/ipv4/ipvs/ip_vs_ctl.c index 12a82e91d22a..7d99ede2ef79 100644 --- a/net/ipv4/ipvs/ip_vs_ctl.c +++ b/net/ipv4/ipvs/ip_vs_ctl.c @@ -90,7 +90,8 @@ int ip_vs_get_debug_level(void) #endif /* - * update_defense_level is called from keventd and from sysctl. + * update_defense_level is called from keventd and from sysctl, + * so it needs to protect itself from softirqs */ static void update_defense_level(void) { @@ -110,6 +111,8 @@ static void update_defense_level(void) nomem = (availmem < sysctl_ip_vs_amemthresh); + local_bh_disable(); + /* drop_entry */ spin_lock(&__ip_vs_dropentry_lock); switch (sysctl_ip_vs_drop_entry) { @@ -206,6 +209,8 @@ static void update_defense_level(void) if (to_change >= 0) ip_vs_protocol_timeout_change(sysctl_ip_vs_secure_tcp>1); write_unlock(&__ip_vs_securetcp_lock); + + local_bh_enable(); } @@ -1360,9 +1365,7 @@ proc_do_defense_mode(ctl_table *table, int write, struct file * filp, /* Restore the correct value */ *valp = val; } else { - local_bh_disable(); update_defense_level(); - local_bh_enable(); } } return rc; diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c index 42dc95102873..1dd824f3cf0a 100644 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c @@ -432,6 +432,13 @@ static unsigned int ip_conntrack_defrag(unsigned int hooknum, const struct net_device *out, int (*okfn)(struct sk_buff *)) { +#if !defined(CONFIG_IP_NF_NAT) && !defined(CONFIG_IP_NF_NAT_MODULE) + /* Previously seen (loopback)? Ignore. Do this before + fragment check. */ + if ((*pskb)->nfct) + return NF_ACCEPT; +#endif + /* Gather fragments. */ if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { *pskb = ip_ct_gather_frags(*pskb, diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 726ea5e8180a..d675ff80b04d 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1685,7 +1685,7 @@ static void ip_handle_martian_source(struct net_device *dev, printk(KERN_WARNING "martian source %u.%u.%u.%u from " "%u.%u.%u.%u, on dev %s\n", NIPQUAD(daddr), NIPQUAD(saddr), dev->name); - if (dev->hard_header_len) { + if (dev->hard_header_len && skb->mac.raw) { int i; unsigned char *p = skb->mac.raw; printk(KERN_WARNING "ll header: "); |