* Block Http
From: varun @ 2006-05-13 10:03 UTC (permalink / raw)
To: netdev
Hi,
Can anyone suggest me a way in which i can stop http downloads
but not http traffic.
Say iam browsing and downloading a file from internet...my
traffic will go through the gateway. Is there anyway i
as a admin stop the download only but not the other http
traffic.Any suggestions?
Varun
^ permalink raw reply
* Re: [PATCH 1/5] new pcmcia IDs for hostap - ASUS WL-110
From: Jochen Friedrich @ 2006-05-13 9:58 UTC (permalink / raw)
To: Marcin Juszkiewicz; +Cc: netdev, Jouni Malinen, Pavel Roskin
In-Reply-To: <200605121521.32410.linux-arm@hrw.one.pl>
Hi Marcin,
> root@ipaq-pxa270:~# pccardctl ident
> Socket 0:
> product info: "ASUS", "802_11B_CF_CARD_25", "Version 01.00", ""
> manfid: 0x02aa, 0x0002
> function: 6 (network)
Yet another card known to work OK with hostap_cs:
# pccardctl ident
Socket 0:
no product info available
Socket 1:
product info: "U.S. Robotics", "IEEE 802.11b PC-CARD", "Version 01.02", ""
manfid: 0x0156, 0x0002
function: 6 (network)
Thanks,
Jochen
^ permalink raw reply
* Re: [PATCH 1/5] new pcmcia IDs for hostap - ASUS WL-110
From: Jar @ 2006-05-13 10:43 UTC (permalink / raw)
To: netdev
Pavel Roskin wrote:
>I strongly believe that every driver should list all devices it can
>support. In case of multiple drivers supporting one device, the choice
>should be done in userspace.
Just from end user's standpoint:
I am totally bored with this "model". Every time new kernel comes I
first delete all orinoco drivers, because I can't even blacklist them. I
don't want to use them, I have a better driver -->hostap. When I try to
do the following in the /etc/modprobe.d/blacklist-custom :
# a) Do NOT load orinoco_pci/plx when we are using hostap driver
# b) Do NOT load eepro100, 8139cp
blacklist orinoco_pci
blacklist orinoco_plx
blacklist eepro100
blacklist 8139cp
The eepro100 and 8139cp get blacklisted just fine but not the
orinoco_pci, it always want to load itself.
Because of this and the lack of WPA support in orinoco drivers the
prism2 id:s should be removed from the orinoco drivers. To achieve
security you have to run vpn over wireless when you use orinoco drivers.
How the orinoco driver can be as _good_ as the hostap driver for the
prism2 cards? I think hostap is a lot better.
--
Best Regards, Jar
^ permalink raw reply
* Re: [PATCH 4/6] myri10ge - First half of the driver
From: Francois Romieu @ 2006-05-13 16:13 UTC (permalink / raw)
To: Brice Goglin; +Cc: netdev, LKML, Andrew J. Gallatin
In-Reply-To: <4463CE88.20301@myri.com>
Brice Goglin <brice@myri.com> :
[...]
> > Return in a middle of a spinlock-intensive function. :o(
> >
>
> What do you mean ?
It is preferred for maintenance purpose (hello Mr Morton) to organize
the control flow with a single spin_{lock/unlock} pair: if there is a
branch in the control flow, it ought to be joined again before returning.
--
Ueimor
^ permalink raw reply
* Re: [PATCH 6/6] myri10ge - Kconfig and Makefile
From: Adrian Bunk @ 2006-05-13 18:51 UTC (permalink / raw)
To: Brice Goglin; +Cc: netdev, Andrew Morton, LKML, Andrew J. Gallatin
In-Reply-To: <44625E9B.3090509@myri.com>
On Wed, May 10, 2006 at 11:43:55PM +0200, Brice Goglin wrote:
>...
> --- linux-mm/drivers/net/Makefile.old 2006-04-08 04:49:53.000000000 -0700
> +++ linux-mm/drivers/net/Makefile 2006-04-21 08:10:27.000000000 -0700
> @@ -192,6 +192,7 @@ obj-$(CONFIG_R8169) += r8169.o
> obj-$(CONFIG_AMD8111_ETH) += amd8111e.o
> obj-$(CONFIG_IBMVETH) += ibmveth.o
> obj-$(CONFIG_S2IO) += s2io.o
> +obj-$(CONFIG_MYRI10GE) += myri10ge/
> obj-$(CONFIG_SMC91X) += smc91x.o
> obj-$(CONFIG_SMC911X) += smc911x.o
> obj-$(CONFIG_DM9000) += dm9000.o
> --- /dev/null 2006-04-21 00:45:09.064430000 -0700
> +++ linux-mm/drivers/net/myri10ge/Makefile 2006-04-21 08:14:21.000000000 -0700
> @@ -0,0 +1,5 @@
> +#
> +# Makefile for the Myricom Myri-10G ethernet driver
> +#
> +
> +obj-$(CONFIG_MYRI10GE) += myri10ge.o
If the driver consists of one source file, why does it need an own
subdir?
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
^ permalink raw reply
* Re: [PATCH 6/6] myri10ge - Kconfig and Makefile
From: Brice Goglin @ 2006-05-13 18:56 UTC (permalink / raw)
To: Adrian Bunk; +Cc: netdev, LKML, Andrew J. Gallatin
In-Reply-To: <20060513185157.GC6931@stusta.de>
Adrian Bunk wrote:
> On Wed, May 10, 2006 at 11:43:55PM +0200, Brice Goglin wrote:
>
>> ...
>> --- linux-mm/drivers/net/Makefile.old 2006-04-08 04:49:53.000000000 -0700
>> +++ linux-mm/drivers/net/Makefile 2006-04-21 08:10:27.000000000 -0700
>> @@ -192,6 +192,7 @@ obj-$(CONFIG_R8169) += r8169.o
>> obj-$(CONFIG_AMD8111_ETH) += amd8111e.o
>> obj-$(CONFIG_IBMVETH) += ibmveth.o
>> obj-$(CONFIG_S2IO) += s2io.o
>> +obj-$(CONFIG_MYRI10GE) += myri10ge/
>> obj-$(CONFIG_SMC91X) += smc91x.o
>> obj-$(CONFIG_SMC911X) += smc911x.o
>> obj-$(CONFIG_DM9000) += dm9000.o
>> --- /dev/null 2006-04-21 00:45:09.064430000 -0700
>> +++ linux-mm/drivers/net/myri10ge/Makefile 2006-04-21 08:14:21.000000000 -0700
>> @@ -0,0 +1,5 @@
>> +#
>> +# Makefile for the Myricom Myri-10G ethernet driver
>> +#
>> +
>> +obj-$(CONFIG_MYRI10GE) += myri10ge.o
>>
>
> If the driver consists of one source file, why does it need an own
> subdir?
>
> cu
> Adrian
>
We also have 2 header files. But, I am fine with putting our 3 files in
drivers/net/ instead.
Brice
^ permalink raw reply
* Re: network freeze with nforce-A939 integrated rhine card
From: David Lang @ 2006-05-13 23:27 UTC (permalink / raw)
To: Roger Luethi; +Cc: linux-kernel, netdev
In-Reply-To: <Pine.LNX.4.62.0605130122310.2801@qnivq.ynat.uz>
On Sat, 13 May 2006, David Lang wrote:
> On Fri, 12 May 2006, David Lang wrote:
>
>> On Fri, 12 May 2006, Roger Luethi wrote:
>>
>>> On Thu, 11 May 2006 22:59:44 -0700, David Lang wrote:
>
> I just confirmed this, I was able to transfer 84G with no trouble starting
> from /dev/hdb, but starting from /dev/md0 the nic hung in less then 3G
>
> a good boot logs
> eth0: VIA Rhine II at 0xe8121000, 00:11:5b:f4:14:a3, IRQ 17.
> eth0: MII PHY found at address 1, status 0x7869 advertising 05e1 Link cde1.
>
> root@david:~# ethtool eth0
> Settings for eth0:
> Supported ports: [ TP MII ]
> Supported link modes: 10baseT/Half 10baseT/Full
> 100baseT/Half 100baseT/Full
> Supports auto-negotiation: Yes
> Advertised link modes: 10baseT/Half 10baseT/Full
> 100baseT/Half 100baseT/Full
> Advertised auto-negotiation: Yes
> Speed: 100Mb/s
> Duplex: Full
> Port: MII
> PHYAD: 1
> Transceiver: internal
> Auto-negotiation: on
> Supports Wake-on: pumbg
> Wake-on: d
> Current message level: 0x00000001 (1)
> Link detected: yes
and here's what I get when it's hung
from syslog when it hangs
May 13 01:58:17 david kernel: attempt to access beyond end of device
May 13 01:58:17 david kernel: md0: rw=0, want=8708129352, limit=2188035584
May 13 01:58:17 david kernel: attempt to access beyond end of device
May 13 01:58:17 david kernel: md0: rw=0, want=7768925008, limit=2188035584
May 13 02:13:50 david ntpd[2589]: time reset +0.699871 s
May 13 02:16:51 david kernel: eth0: link down
from ethtool
Settings for eth0:
Supported ports: [ TP MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Advertised auto-negotiation: Yes
Speed: 10Mb/s
Duplex: Half
Port: MII
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: pumbg
Wake-on: d
Current message level: 0x00000001 (1)
Link detected: no
from the boot with it hung.
eth0: VIA Rhine II at 0xe8121000, 00:11:5b:f4:14:a3, IRQ 17.
eth0: MII PHY found at address 1, status 0x7849 advertising 05e1 Link 0000.
David Lang
^ permalink raw reply
* Re: Block Http
From: Steven Hayter @ 2006-05-14 0:17 UTC (permalink / raw)
To: varun; +Cc: netdev
In-Reply-To: <4465AEFB.2080905@rocsys.com>
varun wrote:
> Can anyone suggest me a way in which i can stop http downloads
> but not http traffic.
First point, your on the wrong mailing list for this type of inquiry.
Second, you might want to look at a Squid proxy, and mime-type
filtering, check there documentation and users mailing list.
http://www.squid-cache.org/
^ permalink raw reply
* Re: 2.6.16.13 e1000 reports incorrect PCI-X bus speed?
From: Chris Leech @ 2006-05-14 0:54 UTC (permalink / raw)
To: Ben Greear; +Cc: Auke Kok, netdev
In-Reply-To: <44650B7A.70209@candelatech.com>
> Any idea why 120Mhz is used instead of 133? It doesn't
> seem to matter in my performance tests, but I am curious...
I think Rick is right, the bus between the bridge on the card and the
e1000s is running at 120Mhz.
- Chris
^ permalink raw reply
* [RFC] SECMARK 1.1
From: James Morris @ 2006-05-14 6:03 UTC (permalink / raw)
To: selinux
Cc: netdev, netfilter-devel, Stephen Smalley, Daniel J Walsh,
Karl MacMillan, Patrick McHardy, David S. Miller, Thomas Bleher
In-Reply-To: <Pine.LNX.4.64.0605071104590.8588@d.namei>
Included below is an incremental patch against the initial secmark posting
last week: http://thread.gmane.org/gmane.linux.network/34927/focus=34927
This posting to gather feedback on changes made since then primarily to
address concerns raised by Karl MacMillan on providing fine-grained
assurances for network applications which pass connections (e.g. xinetd).
If all looks ok, I'll rebase the entire patchset (also merging elements
from the patch below back into other patches), and submit it for inclusion
in 2.6.18. As it touches a bunch of networking code, it may be best to
aim for Dave's tree, although it could also go into -mm.
Anyway, the way the issue has been addressed is to implement something
similar to CONNMARK, but specific to this useage scenario and dealing with
security markings instead of network markings.
In a nutshell:
1. A --track option was added to the SECMARK target, which causes the
security mark being applied to the packet to also be applied to a new
secmark field on the conntrack (only if it is unmarked).
2. A new CONNSECMARK target was added which copies the secmark value to
packets.
This allows all packets on a connection (or related to it) to be marked
with the same security label, so that they can be explicitly
differentiated.
This also turns out to simplify the SELinux policy, while the xtables
implementation has been designed to remain as simple as possible (e.g. it
only copies lables to packets, and has no options).
So, here's an example of per-packet network policy for vsftpd with the new
code:
allow ftpd_t ftpd_packet_t:packet { recv send };
Assuming it doesn't do DNS lookups, that's it in terms of access control
rules for packets. This covers all established and related packets,
including ICMP and the FTP data connetion.
(see the full policy at
http://people.redhat.com/jmorris/selinux/secmark/policy/ftpd_tracked/ftpd_tracked.te)
In terms of iptables rules, the only real change is that we need to add
CONNSECMARK rules for all incoming and outgoing packets (assuming you want
this for all services, otherwise, use iptables selectors to apply
CONNSECMARK on a per-service basis). Here's an example for the above:
#
# Accept incoming connections, label SYN packets, and copy
# labels to connections.
#
$IPT -A SEL_INPUT -p tcp --dport 21 -m state --state NEW -j SEL_FTPD
$IPT -A SEL_FTPD -j SECMARK --selctx system_u:object_r:ftpd_packet_t:s0 --track
$IPT -A SEL_FTPD -j ACCEPT
#
# Copy connection labels to established and related packets.
#
$IPT -A SEL_INPUT -m state --state ESTABLISHED,RELATED -j CONNSECMARK
$IPT -A SEL_OUTPUT -m state --state ESTABLISHED,RELATED -j CONNSECMARK
It should be easy to modularize the iptables rules and distribute them
with policy modules, and I'd recommend always generating them with some
script or macro.
Everything needed to get this running (including iptables patches) is at:
http://people.redhat.com/jmorris/selinux/secmark/
I've also added a patch at the site which adds a kernel boot param to
determine whether to use the old or new packet controls, although I'm
still not sure whether it's justified adding this stuff to the kernel when
it can be set at runtime during early boot.
Please review and let me know if there any further issues.
Signed-off-by: James Morris <jmorris@namei.org>
---
include/linux/netfilter/xt_SECMARK.h | 7 +-
include/linux/netfilter_ipv4/ip_conntrack.h | 4 +
include/net/netfilter/nf_conntrack.h | 4 +
include/net/netfilter/nf_conntrack_compat.h | 26 +++++++
net/ipv4/netfilter/Kconfig | 10 ++
net/ipv4/netfilter/ip_conntrack_core.c | 3
net/ipv4/netfilter/ip_conntrack_standalone.c | 5 +
net/netfilter/Kconfig | 20 +++++
net/netfilter/Makefile | 1
net/netfilter/nf_conntrack_core.c | 3
net/netfilter/nf_conntrack_standalone.c | 5 +
net/netfilter/xt_CONNSECMARK.c | 93 +++++++++++++++++++++++++++
net/netfilter/xt_SECMARK.c | 45 ++++++++++++-
13 files changed, 224 insertions(+), 2 deletions(-)
diff -purN -X dontdiff linux-2.6.17-rc3-git7.p/include/linux/netfilter/xt_SECMARK.h linux-2.6.17-rc3-git7.w/include/linux/netfilter/xt_SECMARK.h
--- linux-2.6.17-rc3-git7.p/include/linux/netfilter/xt_SECMARK.h 2006-05-13 15:15:29.000000000 -0400
+++ linux-2.6.17-rc3-git7.w/include/linux/netfilter/xt_SECMARK.h 2006-05-10 18:20:50.000000000 -0400
@@ -7,6 +7,10 @@
*
* 'mode' refers to the specific security subsystem which the
* packets are being marked for.
+ *
+ * The 'track' flag is used to request that the security marking also be
+ * applied to the associated conntrack, if the conntrack is not labeled
+ * already.
*/
#define SECMARK_MODE_SEL 0x01 /* SELinux */
#define SECMARK_SELCTX_MAX 256
@@ -17,7 +21,8 @@ struct xt_secmark_target_selinux_info {
};
struct xt_secmark_target_info {
- u_int8_t mode;
+ u_int32_t mode:8,
+ track:1;
union {
struct xt_secmark_target_selinux_info sel;
} u;
diff -purN -X dontdiff linux-2.6.17-rc3-git7.p/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.17-rc3-git7.w/include/linux/netfilter_ipv4/ip_conntrack.h
--- linux-2.6.17-rc3-git7.p/include/linux/netfilter_ipv4/ip_conntrack.h 2006-05-13 15:15:29.000000000 -0400
+++ linux-2.6.17-rc3-git7.w/include/linux/netfilter_ipv4/ip_conntrack.h 2006-05-10 11:59:17.000000000 -0400
@@ -121,6 +121,10 @@ struct ip_conntrack
u_int32_t mark;
#endif
+#ifdef CONFIG_IP_NF_CONNTRACK_SECMARK
+ u_int32_t secmark;
+#endif
+
/* Traversed often, so hopefully in different cacheline to top */
/* These are my tuples; original and reply */
struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
diff -purN -X dontdiff linux-2.6.17-rc3-git7.p/include/net/netfilter/nf_conntrack_compat.h linux-2.6.17-rc3-git7.w/include/net/netfilter/nf_conntrack_compat.h
--- linux-2.6.17-rc3-git7.p/include/net/netfilter/nf_conntrack_compat.h 2006-05-13 15:15:29.000000000 -0400
+++ linux-2.6.17-rc3-git7.w/include/net/netfilter/nf_conntrack_compat.h 2006-05-10 00:39:46.000000000 -0400
@@ -20,6 +20,19 @@ static inline u_int32_t *nf_ct_get_mark(
}
#endif /* CONFIG_IP_NF_CONNTRACK_MARK */
+#ifdef CONFIG_IP_NF_CONNTRACK_SECMARK
+static inline u_int32_t *nf_ct_get_secmark(const struct sk_buff *skb,
+ u_int32_t *ctinfo)
+{
+ struct ip_conntrack *ct = ip_conntrack_get(skb, ctinfo);
+
+ if (ct)
+ return &ct->secmark;
+ else
+ return NULL;
+}
+#endif /* CONFIG_IP_NF_CONNTRACK_SECMARK */
+
#ifdef CONFIG_IP_NF_CT_ACCT
static inline struct ip_conntrack_counter *
nf_ct_get_counters(const struct sk_buff *skb)
@@ -70,6 +83,19 @@ static inline u_int32_t *nf_ct_get_mark(
}
#endif /* CONFIG_NF_CONNTRACK_MARK */
+#ifdef CONFIG_NF_CONNTRACK_SECMARK
+static inline u_int32_t *nf_ct_get_secmark(const struct sk_buff *skb,
+ u_int32_t *ctinfo)
+{
+ struct nf_conn *ct = nf_ct_get(skb, ctinfo);
+
+ if (ct)
+ return &ct->secmark;
+ else
+ return NULL;
+}
+#endif /* CONFIG_NF_CONNTRACK_MARK */
+
#ifdef CONFIG_NF_CT_ACCT
static inline struct ip_conntrack_counter *
nf_ct_get_counters(const struct sk_buff *skb)
diff -purN -X dontdiff linux-2.6.17-rc3-git7.p/include/net/netfilter/nf_conntrack.h linux-2.6.17-rc3-git7.w/include/net/netfilter/nf_conntrack.h
--- linux-2.6.17-rc3-git7.p/include/net/netfilter/nf_conntrack.h 2006-05-13 15:15:29.000000000 -0400
+++ linux-2.6.17-rc3-git7.w/include/net/netfilter/nf_conntrack.h 2006-05-10 11:58:34.000000000 -0400
@@ -114,6 +114,10 @@ struct nf_conn
u_int32_t mark;
#endif
+#ifdef CONFIG_NF_CONNTRACK_SECMARK
+ u_int32_t secmark;
+#endif
+
/* Storage reserved for other modules: */
union nf_conntrack_proto proto;
diff -purN -X dontdiff linux-2.6.17-rc3-git7.p/net/ipv4/netfilter/ip_conntrack_core.c linux-2.6.17-rc3-git7.w/net/ipv4/netfilter/ip_conntrack_core.c
--- linux-2.6.17-rc3-git7.p/net/ipv4/netfilter/ip_conntrack_core.c 2006-05-03 10:25:01.000000000 -0400
+++ linux-2.6.17-rc3-git7.w/net/ipv4/netfilter/ip_conntrack_core.c 2006-05-13 15:20:47.000000000 -0400
@@ -724,6 +724,9 @@ init_conntrack(struct ip_conntrack_tuple
/* this is ugly, but there is no other place where to put it */
conntrack->nat.masq_index = exp->master->nat.masq_index;
#endif
+#ifdef CONFIG_IP_NF_CONNTRACK_SECMARK
+ conntrack->secmark = exp->master->secmark;
+#endif
nf_conntrack_get(&conntrack->master->ct_general);
CONNTRACK_STAT_INC(expect_new);
} else {
diff -purN -X dontdiff linux-2.6.17-rc3-git7.p/net/ipv4/netfilter/ip_conntrack_standalone.c linux-2.6.17-rc3-git7.w/net/ipv4/netfilter/ip_conntrack_standalone.c
--- linux-2.6.17-rc3-git7.p/net/ipv4/netfilter/ip_conntrack_standalone.c 2006-05-13 15:15:29.000000000 -0400
+++ linux-2.6.17-rc3-git7.w/net/ipv4/netfilter/ip_conntrack_standalone.c 2006-05-10 17:58:03.000000000 -0400
@@ -189,6 +189,11 @@ static int ct_seq_show(struct seq_file *
return -ENOSPC;
#endif
+#ifdef CONFIG_IP_NF_CONNTRACK_SECMARK
+ if (seq_printf(s, "secmark=%u ", conntrack->secmark))
+ return -ENOSPC;
+#endif
+
if (seq_printf(s, "use=%u\n", atomic_read(&conntrack->ct_general.use)))
return -ENOSPC;
diff -purN -X dontdiff linux-2.6.17-rc3-git7.p/net/ipv4/netfilter/Kconfig linux-2.6.17-rc3-git7.w/net/ipv4/netfilter/Kconfig
--- linux-2.6.17-rc3-git7.p/net/ipv4/netfilter/Kconfig 2006-05-13 15:15:29.000000000 -0400
+++ linux-2.6.17-rc3-git7.w/net/ipv4/netfilter/Kconfig 2006-05-10 18:09:02.000000000 -0400
@@ -55,6 +55,16 @@ config IP_NF_CONNTRACK_MARK
of packets, but this mark value is kept in the conntrack session
instead of the individual packets.
+config IP_NF_CONNTRACK_SECMARK
+ bool 'Connection tracking security mark support'
+ depends on IP_NF_CONNTRACK
+ help
+ This option enables security markings to be applied to
+ connections; typically copied from packet markings
+ via the the iptables SECMARK target.
+
+ If unsure, say 'N'.
+
config IP_NF_CONNTRACK_EVENTS
bool "Connection tracking events (EXPERIMENTAL)"
depends on EXPERIMENTAL && IP_NF_CONNTRACK
diff -purN -X dontdiff linux-2.6.17-rc3-git7.p/net/netfilter/Kconfig linux-2.6.17-rc3-git7.w/net/netfilter/Kconfig
--- linux-2.6.17-rc3-git7.p/net/netfilter/Kconfig 2006-05-13 15:15:29.000000000 -0400
+++ linux-2.6.17-rc3-git7.w/net/netfilter/Kconfig 2006-05-13 15:13:08.000000000 -0400
@@ -60,6 +60,16 @@ config NF_CONNTRACK_MARK
of packets, but this mark value is kept in the conntrack session
instead of the individual packets.
+config NF_CONNTRACK_SECMARK
+ bool 'Connection tracking security mark support'
+ depends on NF_CONNTRACK
+ help
+ This option enables security markings to be applied to
+ connections; typically copied from packet markings
+ via the the iptables SECMARK target.
+
+ If unsure, say 'N'.
+
config NF_CONNTRACK_EVENTS
bool "Connection tracking events (EXPERIMENTAL)"
depends on EXPERIMENTAL && NF_CONNTRACK
@@ -183,6 +193,16 @@ config NETFILTER_XT_TARGET_SECMARK
To compile it as a module, choose M here. If unsure, say N.
+config NETFILTER_XT_TARGET_CONNSECMARK
+ tristate '"CONNSECMARK" target support'
+ depends on NETFILTER_XTABLES && NETWORK_SECMARK && (NF_CONNTRACK_SECMARK || IP_NF_CONNTRACK_SECMARK)
+ help
+ The CONNSECMARK target copies security markings from conntracks
+ to packets, if the packets are not already marked. This would
+ normally be used in conjunction with 'SECMARK --track'.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
config NETFILTER_XT_MATCH_COMMENT
tristate '"comment" match support'
depends on NETFILTER_XTABLES
diff -purN -X dontdiff linux-2.6.17-rc3-git7.p/net/netfilter/Makefile linux-2.6.17-rc3-git7.w/net/netfilter/Makefile
--- linux-2.6.17-rc3-git7.p/net/netfilter/Makefile 2006-05-09 19:56:11.000000000 -0400
+++ linux-2.6.17-rc3-git7.w/net/netfilter/Makefile 2006-05-13 12:22:55.000000000 -0400
@@ -29,6 +29,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) +
obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o
obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o
obj-$(CONFIG_NETFILTER_XT_TARGET_SECMARK) += xt_SECMARK.o
+obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o
# matches
obj-$(CONFIG_NETFILTER_XT_MATCH_COMMENT) += xt_comment.o
diff -purN -X dontdiff linux-2.6.17-rc3-git7.p/net/netfilter/nf_conntrack_core.c linux-2.6.17-rc3-git7.w/net/netfilter/nf_conntrack_core.c
--- linux-2.6.17-rc3-git7.p/net/netfilter/nf_conntrack_core.c 2006-05-13 15:15:29.000000000 -0400
+++ linux-2.6.17-rc3-git7.w/net/netfilter/nf_conntrack_core.c 2006-05-10 18:22:10.000000000 -0400
@@ -990,6 +990,9 @@ init_conntrack(const struct nf_conntrack
#ifdef CONFIG_NF_CONNTRACK_MARK
conntrack->mark = exp->master->mark;
#endif
+#ifdef CONFIG_NF_CONNTRACK_SECMARK
+ conntrack->secmark = exp->master->secmark;
+#endif
nf_conntrack_get(&conntrack->master->ct_general);
NF_CT_STAT_INC(expect_new);
} else
diff -purN -X dontdiff linux-2.6.17-rc3-git7.p/net/netfilter/nf_conntrack_standalone.c linux-2.6.17-rc3-git7.w/net/netfilter/nf_conntrack_standalone.c
--- linux-2.6.17-rc3-git7.p/net/netfilter/nf_conntrack_standalone.c 2006-05-13 15:15:29.000000000 -0400
+++ linux-2.6.17-rc3-git7.w/net/netfilter/nf_conntrack_standalone.c 2006-05-13 15:21:45.000000000 -0400
@@ -213,6 +213,11 @@ static int ct_seq_show(struct seq_file *
return -ENOSPC;
#endif
+#ifdef CONFIG_NF_CONNTRACK_SECMARK
+ if (seq_printf(s, "secmark=%u ", conntrack->secmark))
+ return -ENOSPC;
+#endif
+
if (seq_printf(s, "use=%u\n", atomic_read(&conntrack->ct_general.use)))
return -ENOSPC;
diff -purN -X dontdiff linux-2.6.17-rc3-git7.p/net/netfilter/xt_CONNSECMARK.c linux-2.6.17-rc3-git7.w/net/netfilter/xt_CONNSECMARK.c
--- linux-2.6.17-rc3-git7.p/net/netfilter/xt_CONNSECMARK.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.17-rc3-git7.w/net/netfilter/xt_CONNSECMARK.c 2006-05-13 23:27:00.000000000 -0400
@@ -0,0 +1,93 @@
+/*
+ * This module is used to copy security markings from conntracks
+ * to packets, most likely in conjunction with "SECMARK --track".
+ *
+ * Based on the nfmark match by:
+ * (C) 1999-2001 Marc Boucher <marc@mbsi.ca>
+ *
+ * (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ */
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/netfilter/x_tables.h>
+#include <net/netfilter/nf_conntrack_compat.h>
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("James Morris <jmorris@redhat.com>");
+MODULE_DESCRIPTION("ip[6]tables CONNSECMARK module");
+MODULE_ALIAS("ipt_CONNSECMARK");
+MODULE_ALIAS("ip6t_CONNSECMARK");
+
+static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
+ const struct net_device *out, unsigned int hooknum,
+ const struct xt_target *target,
+ const void *targinfo, void *userinfo)
+{
+ struct sk_buff *skb = *pskb;
+
+ if (!skb->secmark) {
+ u32 *connsecmark;
+ enum ip_conntrack_info ctinfo;
+
+ /*
+ * If packet is unlabeled, and the connection is labeled,
+ * copy the connection label to the packet.
+ */
+ connsecmark = nf_ct_get_secmark(skb, &ctinfo);
+ if (connsecmark && *connsecmark != 0) {
+ if (skb->secmark != *connsecmark)
+ skb->secmark = *connsecmark;
+ }
+ }
+
+ return XT_CONTINUE;
+}
+
+static struct xt_target ipt_connsecmark_reg = {
+ .name = "CONNSECMARK",
+ .target = target,
+ .targetsize = 0,
+ .table = "mangle",
+ .me = THIS_MODULE,
+ .family = AF_INET,
+ .revision = 0,
+};
+
+static struct xt_target ip6t_connsecmark_reg = {
+ .name = "CONNSECMARK",
+ .target = target,
+ .targetsize = 0,
+ .table = "mangle",
+ .me = THIS_MODULE,
+ .family = AF_INET6,
+ .revision = 0,
+};
+
+static int __init xt_connsecmark_init(void)
+{
+ int err;
+
+ err = xt_register_target(&ipt_connsecmark_reg);
+ if (err)
+ return err;
+
+ err = xt_register_target(&ip6t_connsecmark_reg);
+ if (err)
+ xt_unregister_target(&ipt_connsecmark_reg);
+
+ return err;
+}
+
+static void __exit xt_connsecmark_fini(void)
+{
+ xt_unregister_target(&ip6t_connsecmark_reg);
+ xt_unregister_target(&ipt_connsecmark_reg);
+}
+
+module_init(xt_connsecmark_init);
+module_exit(xt_connsecmark_fini);
diff -purN -X dontdiff linux-2.6.17-rc3-git7.p/net/netfilter/xt_SECMARK.c linux-2.6.17-rc3-git7.w/net/netfilter/xt_SECMARK.c
--- linux-2.6.17-rc3-git7.p/net/netfilter/xt_SECMARK.c 2006-05-13 15:15:29.000000000 -0400
+++ linux-2.6.17-rc3-git7.w/net/netfilter/xt_SECMARK.c 2006-05-13 15:24:28.000000000 -0400
@@ -17,6 +17,7 @@
#include <linux/selinux.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_SECMARK.h>
+#include <net/netfilter/nf_conntrack_compat.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("James Morris <jmorris@redhat.com>");
@@ -28,6 +29,37 @@ MODULE_ALIAS("ip6t_SECMARK");
static u8 mode;
+#if defined(CONFIG_IP_NF_CONNTRACK_SECMARK) || defined(CONFIG_NF_CONNTRACK_SECMARK)
+static inline void secmark_conntrack(struct sk_buff **pskb, u32 secmark,
+ const struct xt_secmark_target_info *info)
+{
+ if (info->track) {
+ u32 *connsecmark;
+ enum ip_conntrack_info ctinfo;
+
+ /* If connection is unlabeled, copy packet label to it */
+ connsecmark = nf_ct_get_secmark(*pskb, &ctinfo);
+ if (connsecmark && *connsecmark == 0) {
+ if (*connsecmark != secmark)
+ *connsecmark = secmark;
+ }
+ }
+}
+
+static inline int tracking_enabled(void)
+{
+ return 1;
+}
+#else
+static inline void secmark_conntrack(struct sk_buff **pskb, const struct xt_secmark_target_info *info)
+{ }
+
+static inline int tracking_enabled(void)
+{
+ return 0;
+}
+#endif
+
static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target,
@@ -49,7 +81,9 @@ static unsigned int target(struct sk_buf
if ((*pskb)->secmark != secmark)
(*pskb)->secmark = secmark;
-
+
+ secmark_conntrack(pskb, secmark, info);
+
return XT_CONTINUE;
}
@@ -58,6 +92,12 @@ static int checkentry_selinux(struct xt_
int err;
struct xt_secmark_target_selinux_info *sel = &info->u.sel;
+ if (info->track && !tracking_enabled()) {
+ printk(KERN_INFO PFX "--track option invalid unless "
+ "conntrack and conntrack security marking enabled\n");
+ return 0;
+ }
+
err = selinux_string_to_sid(sel->selctx, &sel->selsid);
if (err) {
if (err == -EINVAL)
@@ -135,6 +175,9 @@ static int __init xt_secmark_init(void)
{
int err;
+ if (tracking_enabled())
+ need_conntrack();
+
err = xt_register_target(&ipt_secmark_reg);
if (err)
return err;
^ permalink raw reply
* Re: [PATCH] tcpdump may trace some outbound packets twice.
From: Andrew Morton @ 2006-05-14 10:10 UTC (permalink / raw)
To: Ranjit Manomohan; +Cc: linux-kernel, netdev
In-Reply-To: <Pine.LNX.4.56.0605101315380.8735@ranjit.corp.google.com>
Ranjit Manomohan <ranjitm@google.com> wrote:
>
> This patch fixes the problem where tcpdump shows duplicate packets
> while tracing outbound packets on drivers which support lockless
> transmit. The patch changes the current behaviour to tracing the
> packets only on a successful transmit.
>
There was no feedback on this one?
>
> --- linux-2.6/net/sched/sch_generic.c 2006-05-10 12:34:52.000000000 -0700
> +++ linux/net/sched/sch_generic.c 2006-05-10 12:39:38.000000000 -0700
> @@ -136,8 +136,12 @@
>
> if (!netif_queue_stopped(dev)) {
> int ret;
> + struct sk_buff *skbc = NULL;
> + /* Clone the skb so that we hold a reference
> + * to its data and we can trace it after a
> + * successful transmit. */
Like this:
/*
* Clone the skb so that we hold a reference to
* its data and we can trace it after a
* successful transmit
*/
> if (netdev_nit)
> - dev_queue_xmit_nit(skb, dev);
> + skbc = skb_clone(skb, GFP_ATOMIC);
>
> ret = dev->hard_start_xmit(skb, dev);
> if (ret == NETDEV_TX_OK) {
> @@ -145,6 +149,15 @@
> dev->xmit_lock_owner = -1;
> spin_unlock(&dev->xmit_lock);
> }
> + if(skbc) {
Like this:
if (skbc)
> + /* transmit succeeded,
> + * trace the clone. */
> + dev_queue_xmit_nit(skbc,dev);
> + kfree_skb(skbc);
> + }
> + /* Free clone if it exists */
> + if(skbc)
if (skbc)
> + kfree_skb(skbc);
We don't need to test for skbc==NULL - kfree_skb(NULL) is legal.
This code will end up running kfree_skb(skbc) twice. Unless
dev_queue_xmit_nit() takes an additional ref on the skb (I don't think it
does), this will cause corruption of freed memory.
> spin_lock(&dev->queue_lock);
> return -1;
> }
dev_queue_xmit_nit() already clones the skb. It's a bit sad to be taking a
clone of a clone like this. Avoidable?
^ permalink raw reply
* Re: [Bugme-new] [Bug 6548] New: MPPE Encrypt Decrypt module bug.
From: Andrew Morton @ 2006-05-14 12:10 UTC (permalink / raw)
To: bugme-daemon@kernel-bugs.osdl.org; +Cc: Matt Domsch, James Cameron, netdev
In-Reply-To: <200605141151.k4EBpsGI021236@fire-2.osdl.org>
bugme-daemon@bugzilla.kernel.org wrote:
>
> http://bugzilla.kernel.org/show_bug.cgi?id=6548
I cc'ed the developers. Please use reply-to-all henceforth on this bug and
don't make updates via the bugzilla web interface, thanks.
> Summary: MPPE Encrypt Decrypt module bug.
> Kernel Version: 2.6.16.16
> Status: NEW
> Severity: normal
> Owner: acme@conectiva.com.br
> Submitter: ffbi@mail.ru
>
>
> Most recent kernel where this bug did not occur: none
> Distribution:
> Hardware Environment:
>
> cat /proc/cpuinfo
> processor : 0
> vendor_id : GenuineIntel
> cpu family : 6
> model : 8
> model name : Celeron (Coppermine)
> stepping : 3
> cpu MHz : 855.153
> cache size : 128 KB
> fdiv_bug : no
> hlt_bug : no
> f00f_bug : no
> coma_bug : no
> fpu : yes
> fpu_exception : yes
> cpuid level : 2
> wp : yes
> flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov pat
> pse36 mmx fxsr sse
> bogomips : 1712.02
>
>
> cat /proc/iomem
> 00000000-0009ffff : System RAM
> 000a0000-000bffff : Video RAM area
> 000c0000-000cbfff : Video ROM
> 000f0000-000fffff : System ROM
> 00100000-2ffebfff : System RAM
> 00100000-003190ce : Kernel code
> 003190cf-003d518b : Kernel data
> 2ffec000-2ffeefff : ACPI Tables
> 2ffef000-2fffefff : reserved
> 2ffff000-2fffffff : ACPI Non-volatile Storage
> 40000000-4000ffff : 0000:00:0b.0
> d6000000-d60003ff : 0000:00:0b.0
> d6000000-d60003ff : @
> &R;e i¦u*PAa?
> d6800000-d68000ff : 0000:00:0a.0
> d6800000-d68000ff : 8139too
> d7000000-d7dfffff : PCI Bus #01
> d7000000-d700ffff : 0000:01:00.0
> d7000000-d700ffff : radeonfb mmio
> d7f00000-e3ffffff : PCI Bus #01
> d7fe0000-d7ffffff : 0000:01:00.0
> d8000000-dfffffff : 0000:01:00.0
> d8000000-dfffffff : radeonfb framebuffer
> e4000000-e7ffffff : 0000:00:00.0
> ffff0000-ffffffff : reserved
>
> ============
> cat /proc/ioports
> 0000-001f : dma1
> 0020-0021 : pic1
> 0040-0043 : timer0
> 0050-0053 : timer1
> 0060-006f : keyboard
> 0070-0077 : rtc
> 0080-008f : dma page reg
> 00a0-00a1 : pic2
> 00c0-00df : dma2
> 00f0-00ff : fpu
> 0170-0177 : ide1
> 01f0-01f7 : ide0
> 02f8-02ff : serial
> 0376-0376 : ide1
> 0378-037a : parport0
> 03c0-03df : vga+
> 03f6-03f6 : ide0
> 03f8-03ff : serial
> 0cf8-0cff : PCI conf1
> 9400-94ff : 0000:00:0b.0
> 9400-94ff : @
> &ie R;¦iu*PAa?
> 9800-98ff : 0000:00:0a.0
> 9800-98ff : 8139too
> a000-a003 : 0000:00:04.5
> a400-a403 : 0000:00:04.5
> a800-a8ff : 0000:00:04.5
> b000-b01f : 0000:00:04.3
> b400-b41f : 0000:00:04.2
> b800-b80f : 0000:00:04.1
> b800-b807 : ide0
> b808-b80f : ide1
> d000-dfff : PCI Bus #01
> d800-d8ff : 0000:01:00.0
> e400-e4ff : 0000:00:04.4
> e400-e47f : motherboard
> e400-e403 : PM1a_EVT_BLK
> e404-e405 : PM1a_CNT_BLK
> e408-e40b : PM_TMR
> e410-e415 : ACPI CPU throttle
> e420-e423 : GPE0_BLK
> e800-e80f : 0000:00:04.4
> e800-e80f : motherboard
> e800-e80f : pnp 00:02
>
> ==========
>
> lspci -vvv
> 00:00.0 Host bridge: VIA Technologies, Inc. VT82C693A/694x [Apollo PRO133x]
> (rev c4)
> Subsystem: ASUSTeK Computer Inc.: Unknown device 8020
> Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
> Stepping- SERR- FastB2B-
> Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
> <TAbort- <MAbort+ >SERR- <PERR+
> Latency: 0
> Region 0: Memory at e4000000 (32-bit, prefetchable) [size=64M]
> Capabilities: [a0] AGP version 2.0
> Status: RQ=32 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans-
> 64bit- FW- AGP3- Rate=x1,x2,x4
> Command: RQ=1 ArqSz=0 Cal=0 SBA- AGP- GART64- 64bit- FW-
> Rate=<none>
> Capabilities: [c0] Power Management version 2
> Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-
> ,D3hot-,D3cold-)
> Status: D0 PME-Enable- DSel=0 DScale=0 PME-
>
> 00:01.0 PCI bridge: VIA Technologies, Inc. VT82C598/694x [Apollo MVP3/Pro133x
> AGP] (prog-if 00 [Normal decode])
> Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
> Stepping- SERR- FastB2B-
> Status: Cap+ 66Mhz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
> <TAbort- <MAbort+ >SERR- <PERR-
> Latency: 0
> Bus: primary=00, secondary=01, subordinate=01, sec-latency=0
> I/O behind bridge: 0000d000-0000dfff
> Memory behind bridge: d7000000-d7dfffff
> Prefetchable memory behind bridge: d7f00000-e3ffffff
> Secondary status: 66Mhz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort-
> <MAbort- <SERR- <PERR-
> BridgeCtl: Parity- SERR- NoISA- VGA+ MAbort- >Reset- FastB2B-
> Capabilities: [80] Power Management version 2
> Flags: PMEClk- DSI- D1+ D2- AuxCurrent=0mA PME(D0-,D1-,D2-
> ,D3hot-,D3cold-)
> Status: D0 PME-Enable- DSel=0 DScale=0 PME-
>
> 00:04.0 ISA bridge: VIA Technologies, Inc. VT82C686 [Apollo Super South] (rev
> 22)
> Subsystem: ASUSTeK Computer Inc.: Unknown device 8020
> Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
> Stepping+ SERR- FastB2B-
> Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
> <TAbort- <MAbort- >SERR- <PERR-
> Latency: 0
>
> 00:04.1 IDE interface: VIA Technologies, Inc.
> VT82C586A/B/VT82C686/A/B/VT823x/A/C PIPC Bus Master IDE (rev 10) (prog-if 8a
> [Master SecP PriP])
> Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
> Stepping+ SERR- FastB2B-
> Status: Cap+ 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
> <TAbort- <MAbort- >SERR- <PERR-
> Latency: 32
> Region 4: I/O ports at b800 [size=16]
> Capabilities: [c0] Power Management version 2
> Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-
> ,D3hot-,D3cold-)
> Status: D0 PME-Enable- DSel=0 DScale=0 PME-
>
> 00:04.2 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1
> Controller (rev 10) (prog-if 00 [UHCI])
> Subsystem: VIA Technologies, Inc. (Wrong ID) USB Controller
> Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr-
> Stepping- SERR- FastB2B-
> Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
> <TAbort- <MAbort- >SERR- <PERR-
> Latency: 32, Cache Line Size 08
> Interrupt: pin D routed to IRQ 5
> Region 4: I/O ports at b400 [size=32]
> Capabilities: [80] Power Management version 2
> Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-
> ,D3hot-,D3cold-)
> Status: D0 PME-Enable- DSel=0 DScale=0 PME-
>
> 00:04.3 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1
> Controller (rev 10) (prog-if 00 [UHCI])
> Subsystem: VIA Technologies, Inc. (Wrong ID) USB Controller
> Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr-
> Stepping- SERR- FastB2B-
> Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
> <TAbort- <MAbort- >SERR- <PERR-
> Latency: 32, Cache Line Size 08
> Interrupt: pin D routed to IRQ 5
> Region 4: I/O ports at b000 [size=32]
> Capabilities: [80] Power Management version 2
> Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-
> ,D3hot-,D3cold-)
> Status: D0 PME-Enable- DSel=0 DScale=0 PME-
>
> 00:04.4 Host bridge: VIA Technologies, Inc. VT82C686 [Apollo Super ACPI] (rev
> 30)
> Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr-
> Stepping- SERR- FastB2B-
> Status: Cap+ 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
> <TAbort- <MAbort- >SERR- <PERR-
> Interrupt: pin ? routed to IRQ 9
> Capabilities: [68] Power Management version 2
> Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-
> ,D3hot-,D3cold-)
> Status: D0 PME-Enable- DSel=0 DScale=0 PME-
>
> 00:04.5 Multimedia audio controller: VIA Technologies, Inc. VT82C686 AC97
> Audio Controller (rev 20)
> Subsystem: ASUSTeK Computer Inc.: Unknown device 11d4
> Control: I/O+ Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr-
> Stepping- SERR- FastB2B-
> Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
> <TAbort- <MAbort- >SERR- <PERR-
> Interrupt: pin C routed to IRQ 12
> Region 0: I/O ports at a800 [size=256]
> Region 1: I/O ports at a400 [size=4]
> Region 2: I/O ports at a000 [size=4]
> Capabilities: [c0] Power Management version 2
> Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-
> ,D3hot-,D3cold-)
> Status: D0 PME-Enable- DSel=0 DScale=0 PME-
>
> 00:0a.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-
> 8139/8139C/8139C+ (rev 10)
> Subsystem: Realtek Semiconductor Co., Ltd. RT8139
> Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
> Stepping- SERR- FastB2B-
> Status: Cap+ 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
> <TAbort- <MAbort- >SERR- <PERR-
> Latency: 32 (8000ns min, 16000ns max)
> Interrupt: pin A routed to IRQ 12
> Region 0: I/O ports at 9800 [size=256]
> Region 1: Memory at d6800000 (32-bit, non-prefetchable) [size=256]
> Capabilities: [50] Power Management version 2
> Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA PME(D0-
> ,D1+,D2+,D3hot+,D3cold+)
> Status: D0 PME-Enable- DSel=0 DScale=0 PME-
>
> 00:0b.0 Ethernet controller: MYSON Technology Inc SURECOM EP-320X-S 100/10M
> Ethernet PCI Adapter
> Subsystem: Surecom Technology: Unknown device 1320
> Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr-
> Stepping- SERR- FastB2B-
> Status: Cap+ 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
> <TAbort- <MAbort- >SERR- <PERR-
> Latency: 32 (8000ns min, 16000ns max), Cache Line Size 08
> Interrupt: pin A routed to IRQ 11
> Region 0: I/O ports at 9400 [size=256]
> Region 1: Memory at d6000000 (32-bit, non-prefetchable) [size=1K]
> [virtual] Expansion ROM at 40000000 [disabled] [size=64K]
> Capabilities: [88] Power Management version 2
> Flags: PMEClk- DSI- D1+ D2- AuxCurrent=375mA PME(D0-,D1+,D2-
> ,D3hot+,D3cold+)
> Status: D0 PME-Enable- DSel=0 DScale=0 PME-
>
> 01:00.0 VGA compatible controller: ATI Technologies Inc Radeon RV100 QY
> [Radeon 7000/VE] (prog-if 00 [VGA])
> Subsystem: Palit Microsystems Inc.: Unknown device 5159
> Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
> Stepping+ SERR- FastB2B-
> Status: Cap+ 66Mhz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
> <TAbort- <MAbort- >SERR- <PERR-
> Latency: 64 (2000ns min), Cache Line Size 08
> Interrupt: pin A routed to IRQ 11
> Region 0: Memory at d8000000 (32-bit, prefetchable) [size=128M]
> Region 1: I/O ports at d800 [size=256]
> Region 2: Memory at d7000000 (32-bit, non-prefetchable) [size=64K]
> Expansion ROM at d7fe0000 [disabled] [size=128K]
> Capabilities: [58] AGP version 2.0
> Status: RQ=48 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans-
> 64bit- FW- AGP3- Rate=x1,x2,x4
> Command: RQ=1 ArqSz=0 Cal=0 SBA+ AGP- GART64- 64bit- FW-
> Rate=<none>
> Capabilities: [50] Power Management version 2
> Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0-,D1-,D2-
> ,D3hot-,D3cold-)
> Status: D0 PME-Enable- DSel=0 DScale=0 PME-
>
>
> ================================
>
>
>
>
> Software Environment:Linux version 2.6.15.6 Fedora Core 3
>
> env
> HOSTNAME=stdafx.net
> TERM=linux
> SHELL=/bin/bash
> HISTSIZE=1000
> USER=root
> LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;
> 01:or=01;05;37;41:mi=01;05;37;41:ex=01;32:*.cmd=01;32:*.exe=01;32:*.com=01;32:*
> .btm=01;32:*.bat=01;32:*.sh=01;32:*.csh=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;
> 31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;
> 31:*.bz=01;31:*.tz=01;31:*.rpm=01;31:*.cpio=01;31:*.jpg=01;35:*.gif=01;35:*.bmp
> =01;35:*.xbm=01;35:*.xpm=01;35:*.png=01;35:*.tif=01;35:
> CXXFLAGS=-O3 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -
> march=pentiumpro -fomit-frame-pointer -fno-exceptions
> MC_TMPDIR=/tmp/mc-root
> PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:
> /bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
> MAIL=/var/spool/mail/root
> PWD=/usr/local/src/linux-2.6.16.16
> INPUTRC=/etc/inputrc
> LANG=en_US.UTF-8
> HISTCONTROL=ignorespace
> HOME=/root
> SHLVL=2
> CFLAGS=-O3 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -
> march=pentiumpro -fomit-frame-pointer -fno-exceptions
> MC_SID=3607
> LOGNAME=root
> LESSOPEN=|/usr/bin/lesspipe.sh %s
> G_BROKEN_FILENAMES=1
> OLDPWD=/usr/local/src/linux-2.6.15.6
> _=/bin/env
>
>
>
> Problem Description:
>
> MPPE doesnt work correctly with any VPN daemons (such pptpd)
> when requesting some URL's such
> ya.ru or microsoft.com
>
>
> Steps to reproduce: download pptpd at http://www.poptop.org/ or any other VPN
> daemon that supports MPPE
>
> in /etc/ppp/options.pptpd turn MPPE encryption ON
> require-mppe-128
> or
> #require-mppe-40
>
> Connect to VPN and try goto over vpn : www.ya.ru or microsoft.com (and try to
> use windows update)
>
> Explorer freeze while timeout not reach
>
> without MPPE option this site works fine.
> I think that it is a bug in the Encrypt Decrypt data To/FROM MPPE
>
> P.S Try connect to ya.ru in telnet and type GET /
> when mppe enabled
>
> ------- You are receiving this mail because: -------
> You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply
* iptables broken on ppc (ptrace too?) (2.6.17-rc3)
From: Meelis Roos @ 2006-05-14 15:31 UTC (permalink / raw)
To: netdev, vger.kernel.org
[-- Attachment #1: Type: TEXT/PLAIN, Size: 6971 bytes --]
Iptables seems to be broken on ppc for me. Kernel 2.6.17-rc3 (currently
compiling rc4+git). 32-bit ppc, ARCH=ppc with PReP target. Iptables
userland binary is from the latest Debian unstable (1.3.3-2).
The symptoms: iptables usually just tells Invalid Argument on any
modification attempt. I'm trying to set up a simple one-rule NAT for
test:
iptables -t nat -A POSTROUTING -s 172.30.0.0/24 -j SNAT --to 10.0.0.1
and it usually fails but has succeeded 2 times (I now have 2 rules of
this kind and they seem to just wotk once set up). Trying to delete the
second rule (either by replacing -A with -D or using just -D 2) gives
the same error.
Trying to strace the iptables just left me one D state iptables in
page_fault and I also got a SIGSEGV with strace from iptables just at
the beginning (trace is below) - so it appears ptrace on ppc might also
be broken.
Nothing in dmesg.
execve("/sbin/iptables", ["iptables", "-t", "nat", "-D", "POSTROUTING", "2"], [/* 14 vars */]) = 0
uname({sys="Linux", node="muuseum", ...}) = 0
brk(0) = 0x1001d000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x30019000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=21161, ...}) = 0
mmap(NULL, 21161, PROT_READ, MAP_PRIVATE, 3, 0) = 0x3001a000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/tls/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\2\1\0\0\0\0\0\0\0\0\0\0\3\0\24\0\0\0\1\0\0\r@\0\0\0004\0\0001\224\0\0\0\0\0004\0 \0\10\0(\0\34\0\33\0\0\0\6\0\0\0004\0\0\0004\0\0\0004\0\0\1\0\0\0\1\0\0\0\0\5\0\0\0\4\0\0\0\3\0\0 \230\0\0 \230\0\0 \230\0\0\0\20\0\0\0\20\0\0\0\4\0\0\0\4\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \254\0\0 \254\0\0\0\5\0\1\0\0\0\0\0\1\0\0.\354\0\1.\354\0\1.\354\0\0\1\260\0\0\3\0\0\0\0\7\0\1\0\0\0\0\0\2\0\0/ \0\1/ \0\1/ \0\0\0\340\0\0\0\340\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0014\0\0\0014\0\0\0014\0\0\0 \0\0\0 \0\0\0\4\0\0\0\4dt\345Q\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\4dt\345R\0\0.\354\0\1.\354\0\1.\354\0\0\1\24\0\0\1\24\0\0\0\5\0\0\0\4\0\0\0\4\0\0\0\20\0\0\0\1GNU\0\0\0\0\0\0\0\0\2\0\0\0\6\0\0\0\0\0\0\0K\0\0\0005\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0-\0\0\0&\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\'\0\0\0\23\0\0\0\34\0\0\0004\0\0\0\0\0\0\0\0\0\0\0.\0\0\0\
17\0\0\0\0\0\0\0,\0\0\0\0\0\0\0\0\0\0\0+\0\0\0\0\0\0\0(\0\0\0\0\0\0\0 \0\0\0\0\0\0\0#\0\0!
\0\0\0\0\0\0\0\0\0\24\0\0\0\0\0\0\0\26\0\0\0\37\0\0\0002\0\0\0!", 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=13812, ...}) = 0
mmap(0xffdc000, 78316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xffdc000
mprotect(0xffdf000, 66028, PROT_NONE) = 0
mmap(0xffee000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0xffee000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/tls/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\2\1\0\0\0\0\0\0\0\0\0\0\3\0\24\0\0\0\1\0\0>@\0\0\0004\0\1J0\0\0\0\0\0004\0 \0\10\0(\0\35\0\34\0\0\0\6\0\0\0004\0\0\0004\0\0\0004\0\0\1\0\0\0\1\0\0\0\0\5\0\0\0\4\0\0\0\3\0\1>d\0\1>d\0\1>d\0\0\0\20\0\0\0\20\0\0\0\4\0\0\0\4\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\1>x\0\1>x\0\0\0\5\0\1\0\0\0\0\0\1\0\1>\354\0\2>\354\0\2>\354\0\0\n@\0\0/\224\0\0\0\7\0\1\0\0\0\0\0\2\0\1?(\0\2?(\0\2?(\0\0\0\330\0\0\0\330\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0014\0\0\0014\0\0\0014\0\0\0 \0\0\0 \0\0\0\4\0\0\0\4dt\345Q\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\4dt\345R\0\1>\354\0\2>\354\0\2>\354\0\0\1\24\0\0\1\24\0\0\0\5\0\0\0\4\0\0\0\4\0\0\0\20\0\0\0\1GNU\0\0\0\0\0\0\0\0\2\0\0\0\6\0\0\0\0\0\0\1\303\0\0\0\365\0\0\0\0\0\0\0@\0\0\0\210\0\0\0\0\0\0\0\0\0\0\0\35\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0q\0\0\0\0\0\0\0n\0\0\0\323\0\0\0\266\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\246\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0*\0\0\
0\304\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\232\0\0\0\0\0\0\0\0\0!
\0\0\0\0\0\0008\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\25", 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=85688, ...}) = 0
mmap(0xffa5000, 159360, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xffa5000
mprotect(0xffb9000, 77440, PROT_NONE) = 0
mmap(0xffc8000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13000) = 0xffc8000
mmap(0xffca000, 7808, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xffca000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/tls/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\2\1\0\0\0\0\0\0\0\0\0\0\3\0\24\0\0\0\1\0\1\314\220\0\0\0004\0\25,\364\0\0\0\0\0004\0 \0\n\0(\0?\0>\0\0\0\6\0\0\0004\0\0\0004\0\0\0004\0\0\1@\0\0\1@\0\0\0\5\0\0\0\4\0\0\0\3\0\24o\350\0\24o\350\0\24o\350\0\0\0\20\0\0\0\20\0\0\0\4\0\0\0\4\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\24\204\r\0\24\204\r\0\0\0\5\0\1\0\0\0\0\0\1\0\24\204\320\0\25\204\320\0\25\204\320\0\0\236D\0\0\306\274\0\0\0\7\0\1\0\0\0\0\0\2\0\24\357\30\0\25\357\30\0\25\357\30\0\0\0\350\0\0\0\350\0\0\0\6\0\0\0\4\0\0\0\4\0\0\1t\0\0\1t\0\0\1t\0\0\0 \0\0\0 \0\0\0\4\0\0\0\4\0\0\0\7\0\24\331H\0\25\331H\0\25\331H\0\0\0\10\0\0\0(\0\0\0\4\0\0\0\4dt\345P\0\24o\370\0\24o\370\0\24o\370\0\0\17\364\0\0\17\364\0\0\0\4\0\0\0\4dt\345Q\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\4dt\345R\0\24\204\320\0\25\204\320\0\25\204\320\0\0j@\0\0j@\0\0\0\5\0\0\0\4\0\0\0\4\0\0\0\20\0\0\0\1GNU\0\0\0\0\0\0\0\0\2\0\0\0\6\0\0\0\0\0\0\3\37
7\0\0\10R\0\0\1\10\0\0\6z\0\0\0\0\0\0\0\323\0\0\6\341\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0!
\6j\0\0\5\314\0\0\0\0\0\0\10\v\0\0\6s\0\0\2\25\0\0\2\243\0\0\10\37\0\0\4\37\0\0\10\23\0\0\0\0\0\0\1\373\0\0\2z\0\0\7\342\0\0\6\26\0\0\4\300", 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1390284, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x30020000
mmap(0xfe30000, 1461132, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xfe30000
mprotect(0xff79000, 113548, PROT_NONE) = 0
mmap(0xff88000, 45056, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x148000) = 0xff88000
mmap(0xff93000, 7052, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xff93000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x30021000
mprotect(0xff88000, 24576, PROT_READ) = 0
mprotect(0xffc8000, 4096, PROT_READ) = 0
mprotect(0xffee000, 4096, PROT_READ) = 0
mprotect(0x30028000, 4096, PROT_READ) = 0
munmap(0x3001a000, 21161) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
--
Meelis Roos (mroos@linux.ee)
^ permalink raw reply
* Re: [PATCH] tcpdump may trace some outbound packets twice.
From: Ranjit Manomohan @ 2006-05-14 15:58 UTC (permalink / raw)
To: Andrew Morton; +Cc: Ranjit Manomohan, linux-kernel, netdev
In-Reply-To: <20060514031034.5d0396e7.akpm@osdl.org>
Thank you for the comments. Incorporated feedback into current version.
-Thanks,
Ranjit
--- linux-2.6/net/sched/sch_generic.c 2006-05-10 12:34:52.000000000 -0700
+++ linux/net/sched/sch_generic.c 2006-05-14 08:53:33.000000000 -0700
@@ -136,8 +136,12 @@
if (!netif_queue_stopped(dev)) {
int ret;
+ struct sk_buff *skbc = NULL;
+ /* Clone the skb so that we hold a reference
+ * to its data and we can trace it after a
+ * successful transmit. */
if (netdev_nit)
- dev_queue_xmit_nit(skb, dev);
+ skbc = skb_clone(skb, GFP_ATOMIC);
ret = dev->hard_start_xmit(skb, dev);
if (ret == NETDEV_TX_OK) {
@@ -145,9 +149,17 @@
dev->xmit_lock_owner = -1;
spin_unlock(&dev->xmit_lock);
}
+ if (skbc) {
+ /* transmit succeeded,
+ * trace the clone. */
+ dev_queue_xmit_nit(skbc,dev);
+ kfree_skb(skbc);
+ }
spin_lock(&dev->queue_lock);
return -1;
}
+ /* Free clone if it exists */
+ kfree_skb(skbc);
if (ret == NETDEV_TX_LOCKED && nolock) {
spin_lock(&dev->queue_lock);
goto collision;
^ permalink raw reply
* attempt to make via-velocity work on big-endian hosts
From: Lennert Buytenhek @ 2006-05-14 16:16 UTC (permalink / raw)
To: netdev
Hi,
Attached below is an attempt I made, for a friend of mine, to make
via-velocity work on big-endian hosts. It doesn't quite work,
however, and since I don't have the hardware myself, it's kind of
cumbersome to debug it. Maybe someone here has an interest?
cheers,
Lennert
Index: linux-2.6.16/drivers/net/via-velocity.c
===================================================================
--- linux-2.6.16.orig/drivers/net/via-velocity.c
+++ linux-2.6.16/drivers/net/via-velocity.c
@@ -511,7 +511,7 @@ static void velocity_rx_reset(struct vel
* Init state, all RD entries belong to the NIC
*/
for (i = 0; i < vptr->options.numrx; ++i)
- vptr->rd_ring[i].rdesc0.owner = OWNED_BY_NIC;
+ vptr->rd_ring[i].rdesc0 |= cpu_to_le32(RDESC0_OWNED_BY_NIC);
writew(vptr->options.numrx, ®s->RBRDU);
writel(vptr->rd_pool_dma, ®s->RDBaseLo);
@@ -607,7 +607,7 @@ static void velocity_init_registers(stru
vptr->int_mask = INT_MASK_DEF;
- writel(cpu_to_le32(vptr->rd_pool_dma), ®s->RDBaseLo);
+ writel(vptr->rd_pool_dma, ®s->RDBaseLo);
writew(vptr->options.numrx - 1, ®s->RDCSize);
mac_rx_queue_run(regs);
mac_rx_queue_wake(regs);
@@ -615,7 +615,7 @@ static void velocity_init_registers(stru
writew(vptr->options.numtx - 1, ®s->TDCSize);
for (i = 0; i < vptr->num_txq; i++) {
- writel(cpu_to_le32(vptr->td_pool_dma[i]), &(regs->TDBaseLo[i]));
+ writel(vptr->td_pool_dma[i], &(regs->TDBaseLo[i]));
mac_tx_queue_run(regs, i);
}
@@ -1022,7 +1022,7 @@ static inline void velocity_give_many_rx
dirty = vptr->rd_dirty - unusable;
for (avail = vptr->rd_filled & 0xfffc; avail; avail--) {
dirty = (dirty > 0) ? dirty - 1 : vptr->options.numrx - 1;
- vptr->rd_ring[dirty].rdesc0.owner = OWNED_BY_NIC;
+ vptr->rd_ring[dirty].rdesc0 |= cpu_to_le32(RDESC0_OWNED_BY_NIC);
}
writew(vptr->rd_filled & 0xfffc, ®s->RBRDU);
@@ -1037,7 +1037,7 @@ static int velocity_rx_refill(struct vel
struct rx_desc *rd = vptr->rd_ring + dirty;
/* Fine for an all zero Rx desc at init time as well */
- if (rd->rdesc0.owner == OWNED_BY_NIC)
+ if (rd->rdesc0 & cpu_to_le32(RDESC0_OWNED_BY_NIC))
break;
if (!vptr->rd_info[dirty].skb) {
@@ -1237,31 +1237,34 @@ static int velocity_rx_srv(struct veloci
do {
struct rx_desc *rd = vptr->rd_ring + rd_curr;
+ u32 rdesc0;
if (!vptr->rd_info[rd_curr].skb)
break;
- if (rd->rdesc0.owner == OWNED_BY_NIC)
+ if (rd->rdesc0 & cpu_to_le32(RDESC0_OWNED_BY_NIC))
break;
rmb();
+ rdesc0 = le32_to_cpu(rd->rdesc0);
+
/*
* Don't drop CE or RL error frame although RXOK is off
*/
- if ((rd->rdesc0.RSR & RSR_RXOK) || (!(rd->rdesc0.RSR & RSR_RXOK) && (rd->rdesc0.RSR & (RSR_CE | RSR_RL)))) {
+ if ((rdesc0 & RDESC0_RSR_RXOK) || (!(rdesc0 & RDESC0_RSR_RXOK) && (rdesc0 & (RDESC0_RSR_CE | RDESC0_RSR_RL)))) {
if (velocity_receive_frame(vptr, rd_curr) < 0)
stats->rx_dropped++;
} else {
- if (rd->rdesc0.RSR & RSR_CRC)
+ if (rdesc0 & RDESC0_RSR_CRC)
stats->rx_crc_errors++;
- if (rd->rdesc0.RSR & RSR_FAE)
+ if (rdesc0 & RDESC0_RSR_FAE)
stats->rx_frame_errors++;
stats->rx_dropped++;
}
- rd->inten = 1;
+ rd->rdesc3 |= cpu_to_le32(RDESC3_INTEN);
vptr->dev->last_rx = jiffies;
@@ -1294,11 +1297,11 @@ static inline void velocity_rx_csum(stru
{
skb->ip_summed = CHECKSUM_NONE;
- if (rd->rdesc1.CSM & CSM_IPKT) {
- if (rd->rdesc1.CSM & CSM_IPOK) {
- if ((rd->rdesc1.CSM & CSM_TCPKT) ||
- (rd->rdesc1.CSM & CSM_UDPKT)) {
- if (!(rd->rdesc1.CSM & CSM_TUPOK)) {
+ if (rd->rdesc1 & cpu_to_le32(RDESC1_CSM_IPKT)) {
+ if (rd->rdesc1 & cpu_to_le32(RDESC1_CSM_IPOK)) {
+ if ((rd->rdesc1 & cpu_to_le32(RDESC1_CSM_TCPKT)) ||
+ (rd->rdesc1 & cpu_to_le32(RDESC1_CSM_UDPKT))) {
+ if (!(rd->rdesc1 & cpu_to_le32(RDESC1_CSM_TUPOK))) {
return;
}
}
@@ -1381,16 +1384,20 @@ static int velocity_receive_frame(struct
struct net_device_stats *stats = &vptr->stats;
struct velocity_rd_info *rd_info = &(vptr->rd_info[idx]);
struct rx_desc *rd = &(vptr->rd_ring[idx]);
- int pkt_len = rd->rdesc0.len;
+ u32 rdesc0;
+ int pkt_len;
struct sk_buff *skb;
- if (rd->rdesc0.RSR & (RSR_STP | RSR_EDP)) {
+ rdesc0 = le32_to_cpu(rd->rdesc0);
+ pkt_len = (rdesc0 >> RDESC0_LEN_SHIFT) & RDESC0_LEN_MASK;
+
+ if (rdesc0 & (RDESC0_RSR_STP | RDESC0_RSR_EDP)) {
VELOCITY_PRT(MSG_LEVEL_VERBOSE, KERN_ERR " %s : the received frame span multple RDs.\n", vptr->dev->name);
stats->rx_length_errors++;
return -EINVAL;
}
- if (rd->rdesc0.RSR & RSR_MAR)
+ if (rdesc0 & RDESC0_RSR_MAR)
vptr->stats.multicast++;
skb = rd_info->skb;
@@ -1404,7 +1411,7 @@ static int velocity_receive_frame(struct
*/
if (vptr->flags & VELOCITY_FLAGS_VAL_PKT_LEN) {
- if (rd->rdesc0.RSR & RSR_RL) {
+ if (rdesc0 & RDESC0_RSR_RL) {
stats->rx_length_errors++;
return -EINVAL;
}
@@ -1464,11 +1471,10 @@ static int velocity_alloc_rx_buf(struct
* Fill in the descriptor to match
*/
- *((u32 *) & (rd->rdesc0)) = 0;
- rd->len = cpu_to_le32(vptr->rx_buf_sz);
- rd->inten = 1;
+ rd->rdesc0 = cpu_to_le32(vptr->rx_buf_sz << RDESC0_LEN_SHIFT);
rd->pa_low = cpu_to_le32(rd_info->skb_dma);
- rd->pa_high = 0;
+ rd->rdesc3 = cpu_to_le32(RDESC3_INTEN);
+
return 0;
}
@@ -1502,22 +1508,22 @@ static int velocity_tx_srv(struct veloci
td = &(vptr->td_rings[qnum][idx]);
tdinfo = &(vptr->td_infos[qnum][idx]);
- if (td->tdesc0.owner == OWNED_BY_NIC)
+ if (td->tdesc0 & cpu_to_le32(TDESC0_OWNED_BY_NIC))
break;
if ((works++ > 15))
break;
- if (td->tdesc0.TSR & TSR0_TERR) {
+ if (td->tdesc0 & cpu_to_le32(TDESC0_TSR_TERR)) {
stats->tx_errors++;
stats->tx_dropped++;
- if (td->tdesc0.TSR & TSR0_CDH)
+ if (td->tdesc0 & cpu_to_le32(TDESC0_TSR_CDH))
stats->tx_heartbeat_errors++;
- if (td->tdesc0.TSR & TSR0_CRS)
+ if (td->tdesc0 & cpu_to_le32(TDESC0_TSR_CRS))
stats->tx_carrier_errors++;
- if (td->tdesc0.TSR & TSR0_ABT)
+ if (td->tdesc0 & cpu_to_le32(TDESC0_TSR_ABT))
stats->tx_aborted_errors++;
- if (td->tdesc0.TSR & TSR0_OWC)
+ if (td->tdesc0 & cpu_to_le32(TDESC0_TSR_OWC))
stats->tx_window_errors++;
} else {
stats->tx_packets++;
@@ -1905,9 +1911,9 @@ static int velocity_xmit(struct sk_buff
td_ptr = &(vptr->td_rings[qnum][index]);
tdinfo = &(vptr->td_infos[qnum][index]);
- td_ptr->tdesc1.TCPLS = TCPLS_NORMAL;
- td_ptr->tdesc1.TCR = TCR0_TIC;
- td_ptr->td_buf[0].queue = 0;
+ td_ptr->tdesc1 &= ~cpu_to_le32(TDESC1_TCPLS | TDESC1_TCR);
+ td_ptr->tdesc1 |= cpu_to_le32(TDESC1_TCPLS_NORMAL | TDESC1_TCR_TIC);
+ td_ptr->td_buf[0].td_buf1 &= ~cpu_to_le32(TD_BUF1_QUEUE);
/*
* Pad short frames.
@@ -1921,12 +1927,13 @@ static int velocity_xmit(struct sk_buff
memset(tdinfo->buf + skb->len, 0, ETH_ZLEN - skb->len);
tdinfo->skb = skb;
tdinfo->skb_dma[0] = tdinfo->buf_dma;
- td_ptr->tdesc0.pktsize = pktlen;
+ td_ptr->tdesc0 &= ~cpu_to_le32(TDESC0_PKTSIZE);
+ td_ptr->tdesc0 |= cpu_to_le32((pktlen & TDESC0_PKTSIZE_MASK) << TDESC0_PKTSIZE_SHIFT);
td_ptr->td_buf[0].pa_low = cpu_to_le32(tdinfo->skb_dma[0]);
- td_ptr->td_buf[0].pa_high = 0;
- td_ptr->td_buf[0].bufsize = td_ptr->tdesc0.pktsize;
+ td_ptr->td_buf[0].td_buf1 = cpu_to_le32((pktlen & TD_BUF1_BUFSIZE_MASK) << TD_BUF1_BUFSIZE_SHIFT);
tdinfo->nskb_dma = 1;
- td_ptr->tdesc1.CMDZ = 2;
+ td_ptr->tdesc1 &= ~cpu_to_le32(TDESC1_CMDZ);
+ td_ptr->tdesc1 |= cpu_to_le32(2 << TDESC1_CMDZ_SHIFT);
} else
#ifdef VELOCITY_ZERO_COPY_SUPPORT
if (skb_shinfo(skb)->nr_frags > 0) {
@@ -1936,12 +1943,12 @@ static int velocity_xmit(struct sk_buff
skb_linearize(skb, GFP_ATOMIC);
memcpy(tdinfo->buf, skb->data, skb->len);
tdinfo->skb_dma[0] = tdinfo->buf_dma;
- td_ptr->tdesc0.pktsize =
+ td_ptr->tdesc0.pktsize =
td_ptr->td_buf[0].pa_low = cpu_to_le32(tdinfo->skb_dma[0]);
- td_ptr->td_buf[0].pa_high = 0;
- td_ptr->td_buf[0].bufsize = td_ptr->tdesc0.pktsize;
+ td_ptr->td_buf[0].td_buf1 = cpu_to_le32((size & TD_BUF1_BUFSIZE_MASK) << TD_BUF1_BUFSIZE_SHIFT);
tdinfo->nskb_dma = 1;
- td_ptr->tdesc1.CMDZ = 2;
+ td_ptr->tdesc1 &= ~cpu_to_le32(TDESC1_CMDZ);
+ td_ptr->tdesc1 |= cpu_to_le32(2 << TDESC1_CMDZ_SHIFT);
} else {
int i = 0;
tdinfo->nskb_dma = 0;
@@ -1977,19 +1984,19 @@ static int velocity_xmit(struct sk_buff
*/
tdinfo->skb = skb;
tdinfo->skb_dma[0] = pci_map_single(vptr->pdev, skb->data, pktlen, PCI_DMA_TODEVICE);
- td_ptr->tdesc0.pktsize = pktlen;
+ td_ptr->tdesc0 &= ~cpu_to_le32(TDESC0_PKTSIZE);
+ td_ptr->tdesc0 |= cpu_to_le32((pktlen & TDESC0_PKTSIZE_MASK) << TDESC0_PKTSIZE_SHIFT);
td_ptr->td_buf[0].pa_low = cpu_to_le32(tdinfo->skb_dma[0]);
- td_ptr->td_buf[0].pa_high = 0;
- td_ptr->td_buf[0].bufsize = td_ptr->tdesc0.pktsize;
+ td_ptr->td_buf[0].td_buf1 = cpu_to_le32((pktlen & TD_BUF1_BUFSIZE_MASK) << TD_BUF1_BUFSIZE_SHIFT);
tdinfo->nskb_dma = 1;
- td_ptr->tdesc1.CMDZ = 2;
+ td_ptr->tdesc1 &= ~cpu_to_le32(TDESC1_CMDZ);
+ td_ptr->tdesc1 |= cpu_to_le32(2 << TDESC1_CMDZ_SHIFT);
}
if (vptr->flags & VELOCITY_FLAGS_TAGGING) {
- td_ptr->tdesc1.pqinf.VID = (vptr->options.vid & 0xfff);
- td_ptr->tdesc1.pqinf.priority = 0;
- td_ptr->tdesc1.pqinf.CFI = 0;
- td_ptr->tdesc1.TCR |= TCR0_VETAG;
+ td_ptr->tdesc1 |= cpu_to_le32(TDESC1_TCR_VETAG);
+ td_ptr->tdesc1 &= ~cpu_to_le32(TDESC1_PRIORITY | TDESC1_CFI | TDESC1_VID);
+ td_ptr->tdesc1 |= cpu_to_le32((vptr->options.vid & TDESC1_VID_MASK) << TDESC1_VID_SHIFT);
}
/*
@@ -1999,10 +2006,10 @@ static int velocity_xmit(struct sk_buff
&& (skb->ip_summed == CHECKSUM_HW)) {
struct iphdr *ip = skb->nh.iph;
if (ip->protocol == IPPROTO_TCP)
- td_ptr->tdesc1.TCR |= TCR0_TCPCK;
+ td_ptr->tdesc1 |= cpu_to_le32(TDESC1_TCR_TCPCK);
else if (ip->protocol == IPPROTO_UDP)
- td_ptr->tdesc1.TCR |= (TCR0_UDPCK);
- td_ptr->tdesc1.TCR |= TCR0_IPCK;
+ td_ptr->tdesc1 |= cpu_to_le32(TDESC1_TCR_UDPCK);
+ td_ptr->tdesc1 |= cpu_to_le32(TDESC1_TCR_IPCK);
}
{
@@ -2010,7 +2017,7 @@ static int velocity_xmit(struct sk_buff
if (prev < 0)
prev = vptr->options.numtx - 1;
- td_ptr->tdesc0.owner = OWNED_BY_NIC;
+ td_ptr->tdesc0 |= cpu_to_le32(TDESC0_OWNED_BY_NIC);
vptr->td_used[qnum]++;
vptr->td_curr[qnum] = (index + 1) % vptr->options.numtx;
@@ -2018,7 +2025,7 @@ static int velocity_xmit(struct sk_buff
netif_stop_queue(dev);
td_ptr = &(vptr->td_rings[qnum][prev]);
- td_ptr->td_buf[0].queue = 1;
+ td_ptr->td_buf[0].td_buf1 |= cpu_to_le32(TD_BUF1_QUEUE);
mac_tx_queue_wake(vptr->mac_regs, qnum);
}
dev->trans_start = jiffies;
Index: linux-2.6.16/drivers/net/via-velocity.h
===================================================================
--- linux-2.6.16.orig/drivers/net/via-velocity.h
+++ linux-2.6.16/drivers/net/via-velocity.h
@@ -56,113 +56,6 @@
#define VAR_USED(p) do {(p)=(p);} while (0)
-/*
- * Purpose: Structures for MAX RX/TX descriptors.
- */
-
-
-#define B_OWNED_BY_CHIP 1
-#define B_OWNED_BY_HOST 0
-
-/*
- * Bits in the RSR0 register
- */
-
-#define RSR_DETAG 0x0080
-#define RSR_SNTAG 0x0040
-#define RSR_RXER 0x0020
-#define RSR_RL 0x0010
-#define RSR_CE 0x0008
-#define RSR_FAE 0x0004
-#define RSR_CRC 0x0002
-#define RSR_VIDM 0x0001
-
-/*
- * Bits in the RSR1 register
- */
-
-#define RSR_RXOK 0x8000 // rx OK
-#define RSR_PFT 0x4000 // Perfect filtering address match
-#define RSR_MAR 0x2000 // MAC accept multicast address packet
-#define RSR_BAR 0x1000 // MAC accept broadcast address packet
-#define RSR_PHY 0x0800 // MAC accept physical address packet
-#define RSR_VTAG 0x0400 // 802.1p/1q tagging packet indicator
-#define RSR_STP 0x0200 // start of packet
-#define RSR_EDP 0x0100 // end of packet
-
-/*
- * Bits in the RSR1 register
- */
-
-#define RSR1_RXOK 0x80 // rx OK
-#define RSR1_PFT 0x40 // Perfect filtering address match
-#define RSR1_MAR 0x20 // MAC accept multicast address packet
-#define RSR1_BAR 0x10 // MAC accept broadcast address packet
-#define RSR1_PHY 0x08 // MAC accept physical address packet
-#define RSR1_VTAG 0x04 // 802.1p/1q tagging packet indicator
-#define RSR1_STP 0x02 // start of packet
-#define RSR1_EDP 0x01 // end of packet
-
-/*
- * Bits in the CSM register
- */
-
-#define CSM_IPOK 0x40 //IP Checkusm validatiaon ok
-#define CSM_TUPOK 0x20 //TCP/UDP Checkusm validatiaon ok
-#define CSM_FRAG 0x10 //Fragment IP datagram
-#define CSM_IPKT 0x04 //Received an IP packet
-#define CSM_TCPKT 0x02 //Received a TCP packet
-#define CSM_UDPKT 0x01 //Received a UDP packet
-
-/*
- * Bits in the TSR0 register
- */
-
-#define TSR0_ABT 0x0080 // Tx abort because of excessive collision
-#define TSR0_OWT 0x0040 // Jumbo frame Tx abort
-#define TSR0_OWC 0x0020 // Out of window collision
-#define TSR0_COLS 0x0010 // experience collision in this transmit event
-#define TSR0_NCR3 0x0008 // collision retry counter[3]
-#define TSR0_NCR2 0x0004 // collision retry counter[2]
-#define TSR0_NCR1 0x0002 // collision retry counter[1]
-#define TSR0_NCR0 0x0001 // collision retry counter[0]
-#define TSR0_TERR 0x8000 //
-#define TSR0_FDX 0x4000 // current transaction is serviced by full duplex mode
-#define TSR0_GMII 0x2000 // current transaction is serviced by GMII mode
-#define TSR0_LNKFL 0x1000 // packet serviced during link down
-#define TSR0_SHDN 0x0400 // shutdown case
-#define TSR0_CRS 0x0200 // carrier sense lost
-#define TSR0_CDH 0x0100 // AQE test fail (CD heartbeat)
-
-/*
- * Bits in the TSR1 register
- */
-
-#define TSR1_TERR 0x80 //
-#define TSR1_FDX 0x40 // current transaction is serviced by full duplex mode
-#define TSR1_GMII 0x20 // current transaction is serviced by GMII mode
-#define TSR1_LNKFL 0x10 // packet serviced during link down
-#define TSR1_SHDN 0x04 // shutdown case
-#define TSR1_CRS 0x02 // carrier sense lost
-#define TSR1_CDH 0x01 // AQE test fail (CD heartbeat)
-
-//
-// Bits in the TCR0 register
-//
-#define TCR0_TIC 0x80 // assert interrupt immediately while descriptor has been send complete
-#define TCR0_PIC 0x40 // priority interrupt request, INA# is issued over adaptive interrupt scheme
-#define TCR0_VETAG 0x20 // enable VLAN tag
-#define TCR0_IPCK 0x10 // request IP checksum calculation.
-#define TCR0_UDPCK 0x08 // request UDP checksum calculation.
-#define TCR0_TCPCK 0x04 // request TCP checksum calculation.
-#define TCR0_JMBO 0x02 // indicate a jumbo packet in GMAC side
-#define TCR0_CRC 0x01 // disable CRC generation
-
-#define TCPLS_NORMAL 3
-#define TCPLS_START 2
-#define TCPLS_END 1
-#define TCPLS_MED 0
-
// max transmit or receive buffer size
#define CB_RX_BUF_SIZE 2048UL // max buffer size
@@ -193,68 +86,114 @@
/*
* Receive descriptor
*/
-
-struct rdesc0 {
- u16 RSR; /* Receive status */
- u16 len:14; /* Received packet length */
- u16 reserved:1;
- u16 owner:1; /* Who owns this buffer ? */
-};
-
-struct rdesc1 {
- u16 PQTAG;
- u8 CSM;
- u8 IPKT;
-};
-
struct rx_desc {
- struct rdesc0 rdesc0;
- struct rdesc1 rdesc1;
+ u32 rdesc0;
+ u32 rdesc1;
u32 pa_low; /* Low 32 bit PCI address */
- u16 pa_high; /* Next 16 bit PCI address (48 total) */
- u16 len:15; /* Frame size */
- u16 inten:1; /* Enable interrupt */
-} __attribute__ ((__packed__));
+ u32 rdesc3;
+};
+
+#define RDESC0_OWNED_BY_NIC 0x80000000
+#define RDESC0_LEN 0x3fff0000
+#define RDESC0_LEN_SHIFT 16
+#define RDESC0_LEN_MASK 0x00003fff
+#define RDESC0_RSR 0x0000ffff
+#define RDESC0_RSR_RXOK 0x00008000
+#define RDESC0_RSR_PFT 0x00004000
+#define RDESC0_RSR_MAR 0x00002000
+#define RDESC0_RSR_BAR 0x00001000
+#define RDESC0_RSR_PHY 0x00000800
+#define RDESC0_RSR_VTAG 0x00000400
+#define RDESC0_RSR_STP 0x00000200
+#define RDESC0_RSR_EDP 0x00000100
+#define RDESC0_RSR_DETAG 0x00000080
+#define RDESC0_RSR_SNTAG 0x00000040
+#define RDESC0_RSR_RXER 0x00000020
+#define RDESC0_RSR_RL 0x00000010
+#define RDESC0_RSR_CE 0x00000008
+#define RDESC0_RSR_FAE 0x00000004
+#define RDESC0_RSR_CRC 0x00000002
+#define RDESC0_RSR_VIDM 0x00000001
+
+#define RDESC1_IPKT 0xff000000
+#define RDESC1_CSM 0x00ff0000
+#define RDESC1_CSM_IPOK 0x00400000
+#define RDESC1_CSM_TUPOK 0x00200000
+#define RDESC1_CSM_FRAG 0x00100000
+#define RDESC1_CSM_IPKT 0x00040000
+#define RDESC1_CSM_TCPKT 0x00020000
+#define RDESC1_CSM_UDPKT 0x00010000
+#define RDESC1_PQTAG 0x0000ffff
+
+#define RDESC3_INTEN 0x80000000
+#define RDESC3_LEN 0x3fff0000
+#define RDESC3_PA_HIGH 0x0000ffff
/*
* Transmit descriptor
*/
-struct tdesc0 {
- u16 TSR; /* Transmit status register */
- u16 pktsize:14; /* Size of frame */
- u16 reserved:1;
- u16 owner:1; /* Who owns the buffer */
-};
-
-struct pqinf { /* Priority queue info */
- u16 VID:12;
- u16 CFI:1;
- u16 priority:3;
-} __attribute__ ((__packed__));
-
-struct tdesc1 {
- struct pqinf pqinf;
- u8 TCR;
- u8 TCPLS:2;
- u8 reserved:2;
- u8 CMDZ:4;
-} __attribute__ ((__packed__));
-
struct td_buf {
u32 pa_low;
- u16 pa_high;
- u16 bufsize:14;
- u16 reserved:1;
- u16 queue:1;
-} __attribute__ ((__packed__));
+ u32 td_buf1;
+};
+
+#define TD_BUF1_QUEUE 0x80000000
+#define TD_BUF1_BUFSIZE 0x3fff0000
+#define TD_BUF1_BUFSIZE_SHIFT 16
+#define TD_BUF1_BUFSIZE_MASK 0x00003fff
+#define TD_BUF1_PA_HIGH 0x0000ffff
struct tx_desc {
- struct tdesc0 tdesc0;
- struct tdesc1 tdesc1;
+ u32 tdesc0;
+ u32 tdesc1;
struct td_buf td_buf[7];
};
+#define TDESC0_OWNED_BY_NIC 0x80000000
+#define TDESC0_PKTSIZE 0x3fff0000
+#define TDESC0_PKTSIZE_SHIFT 16
+#define TDESC0_PKTSIZE_MASK 0x00003fff
+#define TDESC0_TSR 0x0000ffff
+#define TDESC0_TSR_TERR 0x00008000
+#define TDESC0_TSR_FDX 0x00004000
+#define TDESC0_TSR_GMII 0x00002000
+#define TDESC0_TSR_LNKFL 0x00001000
+#define TDESC0_TSR_SHDN 0x00000400
+#define TDESC0_TSR_CRS 0x00000200
+#define TDESC0_TSR_CDH 0x00000100
+#define TDESC0_TSR_ABT 0x00000080
+#define TDESC0_TSR_OWT 0x00000040
+#define TDESC0_TSR_OWC 0x00000020
+#define TDESC0_TSR_COLS 0x00000010
+#define TDESC0_TSR_NCR3 0x00000008
+#define TDESC0_TSR_NCR2 0x00000004
+#define TDESC0_TSR_NCR1 0x00000002
+#define TDESC0_TSR_NCR0 0x00000001
+
+#define TDESC1_CMDZ 0xf0000000
+#define TDESC1_CMDZ_SHIFT 28
+#define TDESC1_CMDZ_MASK 0x0000000f
+#define TDESC1_TCPLS 0x03000000
+#define TDESC1_TCPLS_NORMAL 0x03000000
+#define TDESC1_TCPLS_START 0x02000000
+#define TDESC1_TCPLS_END 0x01000000
+#define TDESC1_TCPLS_MED 0x00000000
+#define TDESC1_TCR 0x00ff0000
+#define TDESC1_TCR_TIC 0x00800000
+#define TDESC1_TCR_PIC 0x00400000
+#define TDESC1_TCR_VETAG 0x00200000
+#define TDESC1_TCR_IPCK 0x00100000
+#define TDESC1_TCR_UDPCK 0x00080000
+#define TDESC1_TCR_TCPCK 0x00040000
+#define TDESC1_TCR_JMBO 0x00020000
+#define TDESC1_TCR_CRC 0x00010000
+#define TDESC1_PRIORITY 0x0000e000
+#define TDESC1_CFI 0x00001000
+#define TDESC1_VID 0x00000fff
+#define TDESC1_VID_SHIFT 0
+#define TDESC1_VID_MASK 0x00000fff
+
struct velocity_rd_info {
struct sk_buff *skb;
dma_addr_t skb_dma;
@@ -291,10 +230,6 @@ struct velocity_td_info {
dma_addr_t buf_dma;
};
-enum velocity_owner {
- OWNED_BY_HOST = 0,
- OWNED_BY_NIC = 1
-};
/*
^ permalink raw reply
* Re: iptables broken on ppc (ptrace too?) (2.6.17-rc3)
From: Patrick McHardy @ 2006-05-14 17:15 UTC (permalink / raw)
To: Meelis Roos; +Cc: netdev, vger.kernel.org
In-Reply-To: <Pine.SOC.4.61.0605141822260.26018@math.ut.ee>
Meelis Roos wrote:
> Iptables seems to be broken on ppc for me. Kernel 2.6.17-rc3 (currently
> compiling rc4+git). 32-bit ppc, ARCH=ppc with PReP target. Iptables
> userland binary is from the latest Debian unstable (1.3.3-2).
>
> The symptoms: iptables usually just tells Invalid Argument on any
> modification attempt. I'm trying to set up a simple one-rule NAT for test:
> iptables -t nat -A POSTROUTING -s 172.30.0.0/24 -j SNAT --to 10.0.0.1
> and it usually fails but has succeeded 2 times (I now have 2 rules of
> this kind and they seem to just wotk once set up). Trying to delete the
> second rule (either by replacing -A with -D or using just -D 2) gives
> the same error.
This should already be fixed in -rc4.
^ permalink raw reply
* Re: [RFC] SECMARK 1.1
From: Patrick McHardy @ 2006-05-14 18:37 UTC (permalink / raw)
To: James Morris
Cc: selinux, netdev, netfilter-devel, Stephen Smalley, Daniel J Walsh,
Karl MacMillan, David S. Miller, Thomas Bleher
In-Reply-To: <Pine.LNX.4.64.0605140133560.5506@d.namei>
James Morris wrote:
> @@ -135,6 +175,9 @@ static int __init xt_secmark_init(void)
> {
> int err;
>
> + if (tracking_enabled())
> + need_conntrack();
> +
This will load the conntrack modules even if the track flag is not set.
Wouldn't it be better to put everything related to connection marking
in the CONNSECMARK target?
^ permalink raw reply
* Re: [PATCH] tcpdump may trace some outbound packets twice.
From: David S. Miller @ 2006-05-14 20:42 UTC (permalink / raw)
To: akpm; +Cc: ranjitm, linux-kernel, netdev
In-Reply-To: <20060514031034.5d0396e7.akpm@osdl.org>
From: Andrew Morton <akpm@osdl.org>
Date: Sun, 14 May 2006 03:10:34 -0700
> It's a bit sad to be taking a clone of a clone like this.
> Avoidable?
Besides, clones of clones are illegal, if it's already a clone
you must make a copy.
^ permalink raw reply
* SIOCSIWESSID + SIOCSIWAP behaviour
From: Daniel Drake @ 2006-05-14 23:29 UTC (permalink / raw)
To: Jean Tourrilhes; +Cc: netdev, softmac-dev
Hi Jean,
I'd just like to check my understanding (and softmacs implementation)
of SIWESSID and SIWAP behaviour, for managed mode.
When SIWESSID happens, softmac drops association/authentication with the
current network and then starts a scan for the requested SSID. When
found, softmac authenticates and associates to that network.
When SIWAP happens, softmac drops association/authentication with the
current network and then starts a scan for the requested BSSID. When
found, softmac authenticates and associates to that network.
Is it correct that both of these immediately trigger
deauthenication+deassocation then authentication+assocation?
Is it correct that SIWAP can legally select *any* AP? (As opposed to
only being for selecting a specific AP *on the ESS* indicated by a past
or future SIWESSID call)
Right now, wpa_supplicant does SIWESSID and SIWAP in quick succession,
which causes softmac to associate twice, and that quickly confuses things.
No matter how I think of it, this strikes me as a hard interface to
implement. Because association isn't an atomic operation, it is tricky
to get the sequencing right, e.g. if the user does SIWESSID to start
association, and then SIWAP to select a different AP before the original
association has completed.
Any clarification appreciated.
Thanks,
Daniel
^ permalink raw reply
* [PATCH] pcnet32.c: modify RX ring size through module parameter
From: Wen Hsin Chang @ 2006-05-15 3:32 UTC (permalink / raw)
To: davem; +Cc: netdev, tsbogend
This patch is created from pcnet32.c v1.32. it will allow users to
specify RX ring size upon module
insertion via module parameter 'rx_log_size'. This is needed in some
cases where too small the rx ring
size will cause RX errors upon remote installation via pcnet32 NIC card.
Signed-off-by: Wen Hsin Chang <whchang@tw.ibm.com>
----------------------------------------------------------------------------------------------------
--- a/drivers/net/pcnet32.c 2006-03-30 09:49:10.000000000 +0800
+++ b/drivers/net/pcnet32.c 2006-05-15 11:14:45.000000000 +0800
@@ -93,6 +93,9 @@ static struct net_device *pcnet32_dev;
static int max_interrupt_work = 2;
static int rx_copybreak = 200;
+/* Module parameter to specify RX ring size at module insertion */
+static int rx_log_size = 0;
+
#define PCNET32_PORT_AUI 0x00
#define PCNET32_PORT_10BT 0x01
#define PCNET32_PORT_GPSI 0x02
@@ -1264,7 +1267,10 @@ pcnet32_probe1(unsigned long ioaddr, int
lp->name = chipname;
lp->shared_irq = shared;
lp->tx_ring_size = TX_RING_SIZE; /* default tx ring size */
- lp->rx_ring_size = RX_RING_SIZE; /* default rx ring size */
+ if (!rx_log_size)
+ lp->rx_ring_size = RX_RING_SIZE; /* default rx ring size */
+ else
+ lp->rx_ring_size = (1 << (rx_log_size));
lp->tx_mod_mask = lp->tx_ring_size - 1;
lp->rx_mod_mask = lp->rx_ring_size - 1;
lp->tx_len_bits = (PCNET32_LOG_TX_BUFFERS << 12);
@@ -2707,6 +2713,11 @@ module_param(tx_start_pt, int, 0);
MODULE_PARM_DESC(tx_start_pt, DRV_NAME " transmit start point (0-3)");
module_param(pcnet32vlb, int, 0);
MODULE_PARM_DESC(pcnet32vlb, DRV_NAME " Vesa local bus (VLB) support
(0/1)");
+
+/* Module parameter to specify RX ring size at module insertion */
+module_param(rx_log_size, int, 0);
+MODULE_PARM_DESC(rx_log_size, DRV_NAME " RX Ring Buffer Size (log_2
#BUF) ");
+
module_param_array(options, int, NULL, 0);
MODULE_PARM_DESC(options, DRV_NAME " initial option setting(s) (0-15)");
module_param_array(full_duplex, int, NULL, 0);
@@ -2731,6 +2742,12 @@ static int __init pcnet32_init_module(vo
if ((tx_start_pt >= 0) && (tx_start_pt <= 3))
tx_start = tx_start_pt;
+
+ /* validating rx_log_size */
+ if ((rx_log_size <= 0) ||
+ (rx_log_size > PCNET32_LOG_MAX_RX_BUFFERS))
+ rx_log_size = 0;
+
/* find the PCI devices */
if (!pci_module_init(&pcnet32_driver))
^ permalink raw reply
* Re: SIOCSIWESSID + SIOCSIWAP behaviour
From: Dan Williams @ 2006-05-15 3:29 UTC (permalink / raw)
To: Daniel Drake; +Cc: Jean Tourrilhes, netdev, softmac-dev
In-Reply-To: <4467BD47.5040000@gentoo.org>
On Mon, 2006-05-15 at 00:29 +0100, Daniel Drake wrote:
> Hi Jean,
>
> I'd just like to check my understanding (and softmacs implementation)
> of SIWESSID and SIWAP behaviour, for managed mode.
>
> When SIWESSID happens, softmac drops association/authentication with the
> current network and then starts a scan for the requested SSID. When
> found, softmac authenticates and associates to that network.
>
> When SIWAP happens, softmac drops association/authentication with the
> current network and then starts a scan for the requested BSSID. When
> found, softmac authenticates and associates to that network.
I'll chime in too... My understanding of WE is that your understanding
of WE is correct. But if the user has already set the SSID and _then_
sets the BSSID, the driver must attempt to associate with an AP that has
_both_ those properties. Setting one doesn't cancel the other out
(Jean, correct if I'm wrong here?) AFAIK, you can actually set any old
BSSID you like on the access point, so there's no guarantee that the
BSSID any access point advertises is unique. Furthermore I believe you
can have one AP with one BSSID server more than one ESSID. Higher-end
Cisco/3Com/etc products allow this.
> Is it correct that both of these immediately trigger
> deauthenication+deassocation then authentication+assocation?
Correct.
> Is it correct that SIWAP can legally select *any* AP? (As opposed to
> only being for selecting a specific AP *on the ESS* indicated by a past
> or future SIWESSID call)
Correct. The user may SIWAP _any_ BSSID at all, not necessarily related
to the SSID. However, if the user just set an ESSID with SIWESSID, I'm
fairly sure that ESSID must be honored as well.
> Right now, wpa_supplicant does SIWESSID and SIWAP in quick succession,
> which causes softmac to associate twice, and that quickly confuses things.
(I don't really understand why wpa_supplicant uses SIWAP when a BSSID
isn't specified in the config file, but...)
How does that confuse things? My understanding of most of the other
non-softmac drivers is that the SIWESSID sets the required SSID, then
the SIWAP sets the required BSSID, and that only if that ESSID is _also_
a member of the BSSID, then the association is permitted to happen. The
options are cumulative. If the user happens to set an ESSID and then a
BSSID that doesn't actually contain that ESSID, user==stupid and the
card can't do anything.
One may reset/unlock the ESSID to "any" by setting the "flags" member of
0 in the IWESSID request. The user can also reset/unlock the BSSID to
any by setting the BSSID in the request to all 0x00 or all 0xFF.
If a user app gets confused by disassociation events to userspace, the
app needs to get fixed.
> No matter how I think of it, this strikes me as a hard interface to
> implement. Because association isn't an atomic operation, it is tricky
> to get the sequencing right, e.g. if the user does SIWESSID to start
> association, and then SIWAP to select a different AP before the original
> association has completed.
Hmm, what problems does this have? It's not really any different than
if the user issues two SIWESSID calls in short sequence, so you have to
handle the start assoc->disassoc->start assoc sequence anyway...
Dan
^ permalink raw reply
* Re: Linux v2.6.17-rc4
From: Ayaz Abdulla @ 2006-05-14 7:57 UTC (permalink / raw)
To: Alistair John Strachan
Cc: Linus Torvalds, Linux Kernel Mailing List, jeff, netdev,
Manfred Spraul
In-Reply-To: <200605122219.37626.s0348365@sms.ed.ac.uk>
Alistair John Strachan wrote:
> On Friday 12 May 2006 00:44, Linus Torvalds wrote:
>
>>Ok, I've let the release time between -rc's slide a bit too much again,
>>but -rc4 is out there, and this is the time to hunker down for 2.6.17.
>>
>>If you know of any regressions, please holler now, so that we don't miss
>>them.
>>
>>-rc4 itself is mainly random driver fixes (sound, infiniband, scsi,
>>network drivers), but some splice fixes too and some arch (arm, powerpc,
>>mips) updates. Shortlog follows,
>
>
> Linus,
>
> I've got an oops in the forcedeth driver on shutdown. Sorry for the crappy
> camera phone pictures, this board doesn't have RS232 ports:
>
> http://devzero.co.uk/~alistair/oops-20060512/
>
> It was initially difficult to reproduce, but I found I could do so reliably if
> I ssh'ed into the box and halted it remotely, then it would always oops on
> shutdown. I assume this is because the driver is still active when something
> happens to it during halt.
>
> There's been just a single commit since -rc3:
>
> forcedeth: fix multi irq issues
> ebf34c9b6fcd22338ef764b039b3ac55ed0e297b
>
> However, it could have just been hidden since before -rc3, so I'll try to work
> backwards if nobody has any immediate ideas..
>
The interrupt handler could be called during the same time (on different
cpu) the dev->stop function is clearing out the rings (nv_txrx_reset).
^ permalink raw reply
* Re: [RFC] SECMARK 1.1
From: James Morris @ 2006-05-15 4:24 UTC (permalink / raw)
To: Patrick McHardy
Cc: selinux, netdev, netfilter-devel, Stephen Smalley, Daniel J Walsh,
Karl MacMillan, David S. Miller, Thomas Bleher
In-Reply-To: <446778F0.6000705@trash.net>
On Sun, 14 May 2006, Patrick McHardy wrote:
> James Morris wrote:
> > @@ -135,6 +175,9 @@ static int __init xt_secmark_init(void)
> > {
> > int err;
> >
> > + if (tracking_enabled())
> > + need_conntrack();
> > +
>
> This will load the conntrack modules even if the track flag is not set.
I guess need_conntrack() could be moved to checkentry() and only called
if the track flag is set.
> Wouldn't it be better to put everything related to connection marking
> in the CONNSECMARK target?
It's more efficient this way, and simpler to manage.
Currently, after security marking, the chain should normally terminate
with a -j ACCEPT. Requiring the use of CONNSECMARK to label connections
means inserting another rule before terminating the chain.
Also, security marking for connections only occurs in the context of
copying the security mark from packets, so there's no reason to build a
general feature to do this into CONNSECMARK.
Another possibility would be to get rid of CONNSECMARK completely and have
SECMARK copy security marks from connections to packets via the use of a
different flag (perhaps change --track into --save-state and then have
--restore-state, or similar).
- James
--
James Morris
<jmorris@namei.org>
^ permalink raw reply
* Re: Linux v2.6.17-rc4
From: Alistair John Strachan @ 2006-05-15 5:27 UTC (permalink / raw)
To: Ayaz Abdulla
Cc: Linus Torvalds, Linux Kernel Mailing List, jeff, netdev,
Manfred Spraul
In-Reply-To: <4466E2E8.7090801@nvidia.com>
On Sunday 14 May 2006 08:57, Ayaz Abdulla wrote:
> Alistair John Strachan wrote:
[snip]
> > There's been just a single commit since -rc3:
> >
> > forcedeth: fix multi irq issues
> > ebf34c9b6fcd22338ef764b039b3ac55ed0e297b
> >
> > However, it could have just been hidden since before -rc3, so I'll try to
> > work backwards if nobody has any immediate ideas..
>
> The interrupt handler could be called during the same time (on different
> cpu) the dev->stop function is clearing out the rings (nv_txrx_reset).
FWIW, I can't reproduce the fault with the commitdiff
ebf34c9b6fcd22338ef764b039b3ac55ed0e297b reverted.
--
Cheers,
Alistair.
Third year Computer Science undergraduate.
1F2 55 South Clerk Street, Edinburgh, UK.
^ permalink raw reply
* Re: [RFC] SECMARK 1.1
From: Patrick McHardy @ 2006-05-15 5:29 UTC (permalink / raw)
To: James Morris
Cc: selinux, netdev, netfilter-devel, Stephen Smalley, Daniel J Walsh,
Karl MacMillan, David S. Miller, Thomas Bleher
In-Reply-To: <Pine.LNX.4.64.0605150004590.645@d.namei>
James Morris wrote:
> On Sun, 14 May 2006, Patrick McHardy wrote:
>
>
>>James Morris wrote:
>>
>>>@@ -135,6 +175,9 @@ static int __init xt_secmark_init(void)
>>> {
>>> int err;
>>>
>>>+ if (tracking_enabled())
>>>+ need_conntrack();
>>>+
>>
>>This will load the conntrack modules even if the track flag is not set.
>
>
> I guess need_conntrack() could be moved to checkentry() and only called
> if the track flag is set.
That won't help, the function itself does nothing, its just a symbol
dependency.
>>Wouldn't it be better to put everything related to connection marking
>>in the CONNSECMARK target?
>
>
> It's more efficient this way, and simpler to manage.
>
> Currently, after security marking, the chain should normally terminate
> with a -j ACCEPT. Requiring the use of CONNSECMARK to label connections
> means inserting another rule before terminating the chain.
>
> Also, security marking for connections only occurs in the context of
> copying the security mark from packets, so there's no reason to build a
> general feature to do this into CONNSECMARK.
>
> Another possibility would be to get rid of CONNSECMARK completely and have
> SECMARK copy security marks from connections to packets via the use of a
> different flag (perhaps change --track into --save-state and then have
> --restore-state, or similar).
The reason why I'm asking is because my understanding is that SECMARK
would also be useful without conntrack, but automatically pulling in
the module leaves no option not to use conntrack except not to compile
this part in.
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox