* [PATCH nf-next-2.6] netfilter: {ip,ip6,arp}_tables: dont block bottom half more than necessary
From: Eric Dumazet @ 2010-07-23 15:23 UTC (permalink / raw)
To: Patrick McHardy; +Cc: Netfilter Development Mailinglist, netdev
We currently disable BH for the whole duration of get_counters()
On machines with a lot of cpus and large tables, this might be too long.
We can disable preemption during the whole function, and disable BH only
while fetching counters for the current cpu.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
---
net/ipv4/netfilter/arp_tables.c | 10 ++++++----
net/ipv4/netfilter/ip_tables.c | 10 ++++++----
net/ipv6/netfilter/ip6_tables.c | 10 ++++++----
3 files changed, 18 insertions(+), 12 deletions(-)
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index c868dd5..6bccba3 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -710,7 +710,7 @@ static void get_counters(const struct xt_table_info *t,
struct arpt_entry *iter;
unsigned int cpu;
unsigned int i;
- unsigned int curcpu;
+ unsigned int curcpu = get_cpu();
/* Instead of clearing (by a previous call to memset())
* the counters and using adds, we set the counters
@@ -720,14 +720,16 @@ static void get_counters(const struct xt_table_info *t,
* if new softirq were to run and call ipt_do_table
*/
local_bh_disable();
- curcpu = smp_processor_id();
-
i = 0;
xt_entry_foreach(iter, t->entries[curcpu], t->size) {
SET_COUNTER(counters[i], iter->counters.bcnt,
iter->counters.pcnt);
++i;
}
+ local_bh_enable();
+ /* Processing counters from other cpus, we can let bottom half enabled,
+ * (preemption is disabled)
+ */
for_each_possible_cpu(cpu) {
if (cpu == curcpu)
@@ -741,7 +743,7 @@ static void get_counters(const struct xt_table_info *t,
}
xt_info_wrunlock(cpu);
}
- local_bh_enable();
+ put_cpu();
}
static struct xt_counters *alloc_counters(const struct xt_table *table)
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 3c584a6..c439721 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -884,7 +884,7 @@ get_counters(const struct xt_table_info *t,
struct ipt_entry *iter;
unsigned int cpu;
unsigned int i;
- unsigned int curcpu;
+ unsigned int curcpu = get_cpu();
/* Instead of clearing (by a previous call to memset())
* the counters and using adds, we set the counters
@@ -894,14 +894,16 @@ get_counters(const struct xt_table_info *t,
* if new softirq were to run and call ipt_do_table
*/
local_bh_disable();
- curcpu = smp_processor_id();
-
i = 0;
xt_entry_foreach(iter, t->entries[curcpu], t->size) {
SET_COUNTER(counters[i], iter->counters.bcnt,
iter->counters.pcnt);
++i;
}
+ local_bh_enable();
+ /* Processing counters from other cpus, we can let bottom half enabled,
+ * (preemption is disabled)
+ */
for_each_possible_cpu(cpu) {
if (cpu == curcpu)
@@ -915,7 +917,7 @@ get_counters(const struct xt_table_info *t,
}
xt_info_wrunlock(cpu);
}
- local_bh_enable();
+ put_cpu();
}
static struct xt_counters *alloc_counters(const struct xt_table *table)
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 33113c1..5359ef4 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -897,7 +897,7 @@ get_counters(const struct xt_table_info *t,
struct ip6t_entry *iter;
unsigned int cpu;
unsigned int i;
- unsigned int curcpu;
+ unsigned int curcpu = get_cpu();
/* Instead of clearing (by a previous call to memset())
* the counters and using adds, we set the counters
@@ -907,14 +907,16 @@ get_counters(const struct xt_table_info *t,
* if new softirq were to run and call ipt_do_table
*/
local_bh_disable();
- curcpu = smp_processor_id();
-
i = 0;
xt_entry_foreach(iter, t->entries[curcpu], t->size) {
SET_COUNTER(counters[i], iter->counters.bcnt,
iter->counters.pcnt);
++i;
}
+ local_bh_enable();
+ /* Processing counters from other cpus, we can let bottom half enabled,
+ * (preemption is disabled)
+ */
for_each_possible_cpu(cpu) {
if (cpu == curcpu)
@@ -928,7 +930,7 @@ get_counters(const struct xt_table_info *t,
}
xt_info_wrunlock(cpu);
}
- local_bh_enable();
+ put_cpu();
}
static struct xt_counters *alloc_counters(const struct xt_table *table)
^ permalink raw reply related
* Re: Yet another bridge netfilter crash
From: Patrick McHardy @ 2010-07-23 15:17 UTC (permalink / raw)
To: Herbert Xu; +Cc: Stephen Hemminger, netdev
In-Reply-To: <20100723150041.GA7301@gondor.apana.org.au>
On 23.07.2010 17:00, Herbert Xu wrote:
> On Fri, Jul 23, 2010 at 04:18:46PM +0200, Patrick McHardy wrote:
>>
>> I think we've already fixed this by commit 8fa9ff6:
>>
>
>> commit 8fa9ff6849bb86c59cc2ea9faadf3cb2d5223497
>> Author: Patrick McHardy <kaber@trash.net>
>> Date: Tue Dec 15 16:59:59 2009 +0100
>>
>> netfilter: fix crashes in bridge netfilter caused by fragment jumps
>
> Thanks for the pointer Patrick.
>
> Your memory is much better than mine, as I was in that thread too :)
>
> BTW, do you have any plans on addressing the deeper issue of
> separating the connection tracking as well?
No concrete plans yet, but its something I'm definitely planning
to try at some point.
> There's also the matter of fragments jumping between bridges.
Conntrack zones can be used to avoid that, but that currently needs
manual configuration.
^ permalink raw reply
* Re: IPv6 Anycast?
From: Stuart Sheldon @ 2010-07-23 15:12 UTC (permalink / raw)
To: Mikael Abrahamsson; +Cc: netdev, Stuart Sheldon
In-Reply-To: <alpine.DEB.1.10.1007230748380.9875@uplift.swm.pp.se>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mikael,
Thanks for stepping up and helping me with this... I am aware of the
method of using the loopback adapter. This method is suggested when
doing things like DNS in a Anycast setup, and also works well with IPv4.
Here is a more detailed explanation of what I'm trying to make work...
If this is better addressed by another kernel group, please let me know,
as I'm unsure where this should be directed.
Currently, when you enable IPv6 forwarding on Linux, Linux automatically
creates an Anycast address for each interface. Here is an example:
cat /proc/net/anycast6
<empty_file>
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
cat /proc/net/anycast6
1 lo 00000000000000000000000000000001 1
2 eth0 2607ff38000000000000000000000000 1
2 eth0 fe800000000000000000000000000000 1
3 eth1 fe800000000000000000000000000000 1
3 eth1 2607ff38000000010000000000000000 1
4 eth2 fe800000000000000000000000000000 1
5 eth3 2607ff38000000020000000000000000 1
5 eth3 fe800000000000000000000000000000 1
6 eth4 fe800000000000000000000000000000 1
If you ping one of these auto configured Anycast addresses, let's say
eth0's 2607:ff38:: from another host on the eth0 network, you will get a
reply from the Linux route box. This allows you to set the default route
of that host to the Anycast address 2607:ff38:: and if you have multiple
routers on that LAN, it will add the one that responds first to it's
neighbor table. This way if one goes down, the host will automatically
swing over to another router (once the neighbor cache expires)...
Anycast addresses are addresses that are never used as a source address,
and are exempt from duplicate address detection (as per RFC 3513).
It would appear that the Linux kernel is automatically implementing the
reserved Anycast address referenced in RFC 2526. This would be cool,
except for a few things. what if you don't want the router to act as an
Anycast router on a particular network? How do you remove an Anycast
address? And, what if you want to use another address that isn't the
reserved address as your Anycast router address? How do you add / change
an Anycast address? The RFC regarding Anycast addresses is very clear
that it and be ANY unicast address.
What I'm looking for is an answer to how I can add/remove/change these
Anycast addresses.
Again, if I'm asking the wrong list, please point me in the right direction.
Thanks again!
Stu Sheldon
ACT USA
Mikael Abrahamsson wrote:
> On Thu, 22 Jul 2010, Stuart Sheldon wrote:
>
>> Yea, I'm sure...
>>
>> We use Linux for routers as well as servers and workstations. Since I
>> sent this I've discovered that by default, when a Linux system has IPv6
>> forwarding turned on, it adds the <network>::/64 anycast router
>> addresses on all the interfaces (as per rfc 2526).
>>
>> What I'm actually looking to do is (change / add) other addresses the to
>> anycast6 list to work in an existing configuration that does not use the
>> rfc 2526 anycast router address.
>>
>> Is there a command line method of setting up these anycast addresses?
>
> In routers, this is done by adding the IP address to a loopback
> interface and announcing the address using a routing protocol, I don't
> see why this can't be done on a linux box?
>
- --
And you run and you run to catch up with the sun, but its sinking
And racing around to come up behind you again
The sun is the same in the relative way, but youre older
Shorter of breath and one day closer to death
-- Pink Floyd - "Time Lyrics"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCAAGBQJMSbFfAAoJEFKVLITDJSGSmcYP/jdhuORDnqIY9+Z9tyKxgeIo
pC5I4PsIGM4ZQkHitkCnouB8Q42Ac9JDpip8wf3ViMm+yW5MC9wkEpWQHrFeHv8N
jO8AaJVG7BtP8bUUTRDYiEO+5A/U6ls6kf3bVAAvBMTNHVeiEtXY0Lqf1I9gA0gI
tB0Ozzsp38uJ0vAeIM7b30lM24+kwqAGWILf3+zNm/sHz+M2KXUJYZs0qen/fKYd
kJu35Rdj3fpg47Gz2QQwftVfE5MI7SnQ+BhxnSCriLEkLe5tGWOEFvt15VsLmWM+
akrJI/JJlm+vIyfMgSZU7BPoJQrQ2XCFf4XEyA8kiSHYNUHoReKzgPdft747Vfo9
ZTy8QhJURp/PNNoDYsPa98Y9A0eFUQh/9t4QHz+UcdgO9cC9hjGi/C5bWfAjnAwl
0lCTffYww9MdyoRTQypVs02+iypCLODFZvyf2pblXluciBiv3u+8vKdVEfidy6FM
QEfb02d8h2SUS3QKUdGDWwlS9FUU+MXDE6tGSwyxfKsne/rXkk5TvTKPie+wGKVu
X0308iA0F2sUZ71t8PGVgVsIbnda00e+8M+a89E1UPHAHe6XW2WvY3/3QOZo6FRD
yCcHhl0JaM5NBrMHQJElW2eEKLOZd1ITal2ZhXPNw2JvBM3cb4QnuSxZuhJ6jA9u
hy8zTkXmmVBJKNOqXsZZ
=fE94
-----END PGP SIGNATURE-----
^ permalink raw reply
* Re: Yet another bridge netfilter crash
From: Herbert Xu @ 2010-07-23 15:00 UTC (permalink / raw)
To: Patrick McHardy; +Cc: Stephen Hemminger, netdev
In-Reply-To: <4C49A4C6.4070503@trash.net>
On Fri, Jul 23, 2010 at 04:18:46PM +0200, Patrick McHardy wrote:
>
> I think we've already fixed this by commit 8fa9ff6:
>
> commit 8fa9ff6849bb86c59cc2ea9faadf3cb2d5223497
> Author: Patrick McHardy <kaber@trash.net>
> Date: Tue Dec 15 16:59:59 2009 +0100
>
> netfilter: fix crashes in bridge netfilter caused by fragment jumps
Thanks for the pointer Patrick.
Your memory is much better than mine, as I was in that thread too :)
BTW, do you have any plans on addressing the deeper issue of
separating the connection tracking as well?
There's also the matter of fragments jumping between bridges.
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH V3] Export SMBIOS provided firmware instance and label to sysfs
From: Matt Domsch @ 2010-07-23 14:58 UTC (permalink / raw)
To: Greg KH
Cc: Narendra K, netdev, linux-hotplug, linux-pci, charles_rose,
jordan_hargrave, vijay_nijhawan
In-Reply-To: <20100723135557.GA3624@kroah.com>
On Fri, Jul 23, 2010 at 06:55:57AM -0700, Greg KH wrote:
> On Fri, Jul 23, 2010 at 08:34:56AM -0500, Narendra K wrote:
> > --- a/Documentation/ABI/testing/sysfs-bus-pci
> > +++ b/Documentation/ABI/testing/sysfs-bus-pci
> > @@ -179,3 +179,30 @@ Contact: linux-pci@vger.kernel.org
> > Description:
> > This symbolic link points to the PCI hotplug controller driver
> > module that manages the hotplug slot.
> > +
> > +What: /sys/bus/pci/devices/.../label
> > +Date: July 2010
> > +Contact: linux-bugs@dell.com
>
> that's not your email address. Please don't hide behind some random
> address, Linux is about contacting developers directly were ever
> possible.
That's actually the public email address for the whole Linux
engineering team (including engineers and managers) at Dell, of which
Narendra is a part. It's the address we publish for people to include
on the cc: list of bugzilla issues on the kernel.org, Novell, and Red
Hat bugzillas. This ensures someone on the team will see bug reports
or patches and act accordingly, likely Narendra, but could be anyone
in the future once Narendra is promoted or changes responsibilities
(or even employers).
-Matt
--
Matt Domsch
Technology Strategist
Dell | Office of the CTO
^ permalink raw reply
* Re: CONNMARK getsockopt/setsockopt functionality
From: Daniel Wagner @ 2010-07-23 14:50 UTC (permalink / raw)
To: netdev
In-Reply-To: <20100721072006.GA17965@pc0043.bmw-carit.intra>
Hi,
> There used to be a way to mark packets in userspace by invoking the
> setsocketopt with SO_CONNMARK as it was proposed by Krisztian [1].
> This code was superseeded by Jan's work [2]. Now I wonder how I get
> the same result out of the new code. Something with conditions?
Silly me, the above statement is completely wrong. I was looking for
SO_MARK which is obviously still there. Sorry for the noise.
thanks,
daniel
^ permalink raw reply
* [RFC v2 1/1] netfilter: xtables: inclusion of xt_condition
From: Luciano Coelho @ 2010-07-23 14:28 UTC (permalink / raw)
To: netfilter-devel; +Cc: netdev, kaber, jengelh, sameo
In-Reply-To: <1279895320-12958-1-git-send-email-luciano.coelho@nokia.com>
xt_condition can be used by userspace to influence decisions in rules
by means of togglable variables without having to reload the entire
ruleset.
This is a respin of the module in Xtables-addons, with support for
multiple namespaces and other small improvements. Some of the changes
were made by Jan Engelhardt.
Cc: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
---
in v2:
o Removed per-netns module parameters
o Use par->net instead of current->nsproxy->net_ns
o Fix file-leak in procfs when exiting the netns
include/linux/netfilter/Kbuild | 1 +
include/linux/netfilter/xt_condition.h | 14 ++
net/netfilter/Kconfig | 8 +
net/netfilter/Makefile | 1 +
net/netfilter/xt_condition.c | 265 ++++++++++++++++++++++++++++++++
5 files changed, 289 insertions(+), 0 deletions(-)
create mode 100644 include/linux/netfilter/xt_condition.h
create mode 100644 net/netfilter/xt_condition.c
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index bb103f4..d873f67 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -20,6 +20,7 @@ header-y += xt_TCPOPTSTRIP.h
header-y += xt_TEE.h
header-y += xt_TPROXY.h
header-y += xt_comment.h
+header-y += xt_condition.h
header-y += xt_connbytes.h
header-y += xt_connlimit.h
header-y += xt_connmark.h
diff --git a/include/linux/netfilter/xt_condition.h b/include/linux/netfilter/xt_condition.h
new file mode 100644
index 0000000..4faf3ca
--- /dev/null
+++ b/include/linux/netfilter/xt_condition.h
@@ -0,0 +1,14 @@
+#ifndef _XT_CONDITION_H
+#define _XT_CONDITION_H
+
+#include <linux/types.h>
+
+struct xt_condition_mtinfo {
+ char name[31];
+ __u8 invert;
+
+ /* Used internally by the kernel */
+ void *condvar __attribute__((aligned(8)));
+};
+
+#endif /* _XT_CONDITION_H */
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index aa2f106..8c114b8 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -605,6 +605,14 @@ config NETFILTER_XT_MATCH_COMMENT
If you want to compile it as a module, say M here and read
<file:Documentation/kbuild/modules.txt>. If unsure, say `N'.
+config NETFILTER_XT_MATCH_CONDITION
+ tristate '"condition" match support'
+ depends on NETFILTER_ADVANCED
+ depends on PROC_FS
+ ---help---
+ This option allows you to match firewall rules against condition
+ variables stored in the /proc/net/nf_condition directory.
+
config NETFILTER_XT_MATCH_CONNBYTES
tristate '"connbytes" per-connection counter match support'
depends on NF_CONNTRACK
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index e28420a..474dd06 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -66,6 +66,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_IDLETIMER) += xt_IDLETIMER.o
# matches
obj-$(CONFIG_NETFILTER_XT_MATCH_CLUSTER) += xt_cluster.o
obj-$(CONFIG_NETFILTER_XT_MATCH_COMMENT) += xt_comment.o
+obj-$(CONFIG_NETFILTER_XT_MATCH_CONDITION) += xt_condition.o
obj-$(CONFIG_NETFILTER_XT_MATCH_CONNBYTES) += xt_connbytes.o
obj-$(CONFIG_NETFILTER_XT_MATCH_CONNLIMIT) += xt_connlimit.o
obj-$(CONFIG_NETFILTER_XT_MATCH_CONNTRACK) += xt_conntrack.o
diff --git a/net/netfilter/xt_condition.c b/net/netfilter/xt_condition.c
new file mode 100644
index 0000000..a78d832
--- /dev/null
+++ b/net/netfilter/xt_condition.c
@@ -0,0 +1,265 @@
+/*
+ * "condition" match extension for Xtables
+ *
+ * Description: This module allows firewall rules to match using
+ * condition variables available through procfs.
+ *
+ * Authors:
+ * Stephane Ouellette <ouellettes [at] videotron ca>, 2002-10-22
+ * Massimiliano Hofer <max [at] nucleus it>, 2006-05-15
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License; either version 2
+ * or 3 of the License, as published by the Free Software Foundation.
+ */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+#include <linux/kernel.h>
+#include <linux/list.h>
+#include <linux/module.h>
+#include <linux/proc_fs.h>
+#include <linux/spinlock.h>
+#include <linux/string.h>
+#include <linux/version.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_condition.h>
+#include <net/netns/generic.h>
+#include <asm/uaccess.h>
+
+/* Defaults, these can be overridden on the module command-line. */
+static unsigned int condition_list_perms = S_IRUGO | S_IWUSR;
+static unsigned int condition_uid_perms = 0;
+static unsigned int condition_gid_perms = 0;
+
+MODULE_AUTHOR("Stephane Ouellette <ouellettes@videotron.ca>");
+MODULE_AUTHOR("Massimiliano Hofer <max@nucleus.it>");
+MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
+MODULE_DESCRIPTION("Allows rules to match against condition variables");
+MODULE_LICENSE("GPL");
+module_param(condition_list_perms, uint, S_IRUSR | S_IWUSR);
+MODULE_PARM_DESC(condition_list_perms, "default permissions on /proc/net/nf_condition/* files");
+module_param(condition_uid_perms, uint, S_IRUSR | S_IWUSR);
+MODULE_PARM_DESC(condition_uid_perms, "default user owner of /proc/net/nf_condition/* files");
+module_param(condition_gid_perms, uint, S_IRUSR | S_IWUSR);
+MODULE_PARM_DESC(condition_gid_perms, "default group owner of /proc/net/nf_condition/* files");
+MODULE_ALIAS("ipt_condition");
+MODULE_ALIAS("ip6t_condition");
+
+struct condition_variable {
+ struct list_head list;
+ struct proc_dir_entry *status_proc;
+ unsigned int refcount;
+ bool enabled;
+};
+
+struct condition_net {
+ struct list_head list;
+ struct proc_dir_entry *proc_dir;
+};
+
+static int condition_net_id;
+static inline struct condition_net *condition_pernet(struct net *net)
+{
+ return net_generic(net, condition_net_id);
+}
+
+/* proc_lock is a user context only semaphore used for write access */
+/* to the conditions' list. */
+static DEFINE_MUTEX(proc_lock);
+
+static int condition_proc_read(char __user *buffer, char **start, off_t offset,
+ int length, int *eof, void *data)
+{
+ const struct condition_variable *var = data;
+
+ buffer[0] = var->enabled ? '1' : '0';
+ buffer[1] = '\n';
+ if (length >= 2)
+ *eof = true;
+ return 2;
+}
+
+static int condition_proc_write(struct file *file, const char __user *buffer,
+ unsigned long length, void *data)
+{
+ struct condition_variable *var = data;
+ char newval;
+
+ if (length > 0) {
+ if (get_user(newval, buffer) != 0)
+ return -EFAULT;
+ /* Match only on the first character */
+ switch (newval) {
+ case '0':
+ var->enabled = false;
+ break;
+ case '1':
+ var->enabled = true;
+ break;
+ }
+ }
+ return length;
+}
+
+static bool
+condition_mt(const struct sk_buff *skb, struct xt_action_param *par)
+{
+ const struct xt_condition_mtinfo *info = par->matchinfo;
+ const struct condition_variable *var = info->condvar;
+
+ return var->enabled ^ info->invert;
+}
+
+static int condition_mt_check(const struct xt_mtchk_param *par)
+{
+ struct xt_condition_mtinfo *info = par->matchinfo;
+ struct condition_variable *var;
+ struct condition_net *cond_net = condition_pernet(par->net);
+
+ /* Forbid certain names */
+ if (*info->name == '\0' || *info->name == '.' ||
+ info->name[sizeof(info->name)-1] != '\0' ||
+ memchr(info->name, '/', sizeof(info->name)) != NULL) {
+ pr_info("name not allowed or too long: \"%.*s\"\n",
+ (unsigned int)sizeof(info->name), info->name);
+ return -EINVAL;
+ }
+
+ /*
+ * Let's acquire the lock, check for the condition and add it
+ * or increase the reference counter.
+ */
+ mutex_lock(&proc_lock);
+ list_for_each_entry(var, &cond_net->list, list) {
+ if (strcmp(info->name, var->status_proc->name) == 0) {
+ ++var->refcount;
+ mutex_unlock(&proc_lock);
+ info->condvar = var;
+ return 0;
+ }
+ }
+
+ /* At this point, we need to allocate a new condition variable. */
+ var = kmalloc(sizeof(struct condition_variable), GFP_KERNEL);
+ if (var == NULL) {
+ mutex_unlock(&proc_lock);
+ return -ENOMEM;
+ }
+
+ /* Create the condition variable's proc file entry. */
+ var->status_proc = create_proc_entry(info->name,
+ condition_list_perms,
+ cond_net->proc_dir);
+ if (var->status_proc == NULL) {
+ kfree(var);
+ mutex_unlock(&proc_lock);
+ return -ENOMEM;
+ }
+
+ var->refcount = 1;
+ var->enabled = false;
+ var->status_proc->data = var;
+ var->status_proc->read_proc = condition_proc_read;
+ var->status_proc->write_proc = condition_proc_write;
+ var->status_proc->uid = condition_uid_perms;
+ var->status_proc->gid = condition_gid_perms;
+ list_add(&var->list, &cond_net->list);
+ mutex_unlock(&proc_lock);
+ info->condvar = var;
+ return 0;
+}
+
+static void condition_mt_destroy(const struct xt_mtdtor_param *par)
+{
+ const struct xt_condition_mtinfo *info = par->matchinfo;
+ struct condition_variable *var = info->condvar;
+ struct condition_net *cond_net = condition_pernet(par->net);
+
+ mutex_lock(&proc_lock);
+ if (--var->refcount == 0) {
+ list_del(&var->list);
+ /* status_proc may be null in case of ns exit */
+ if (var->status_proc)
+ remove_proc_entry(var->status_proc->name,
+ cond_net->proc_dir);
+ mutex_unlock(&proc_lock);
+ kfree(var);
+ return;
+ }
+ mutex_unlock(&proc_lock);
+}
+
+static struct xt_match condition_mt_reg __read_mostly = {
+ .name = "condition",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .matchsize = sizeof(struct xt_condition_mtinfo),
+ .match = condition_mt,
+ .checkentry = condition_mt_check,
+ .destroy = condition_mt_destroy,
+ .me = THIS_MODULE,
+};
+
+static const char *const dir_name = "nf_condition";
+
+static int __net_init condnet_mt_init(struct net *net)
+{
+ struct condition_net *cond_net = condition_pernet(net);
+
+ INIT_LIST_HEAD(&cond_net->list);
+
+ cond_net->proc_dir = proc_mkdir(dir_name, net->proc_net);
+
+ return (cond_net->proc_dir == NULL) ? -EACCES : 0;
+}
+
+static void __net_exit condnet_mt_exit(struct net *net)
+{
+ struct condition_net *cond_net = condition_pernet(net);
+ struct condition_variable *var, *tmp;
+
+ mutex_lock(&proc_lock);
+ list_for_each_entry_safe(var, tmp, &cond_net->list, list) {
+ remove_proc_entry(var->status_proc->name,
+ cond_net->proc_dir);
+ /* set to null so we don't double remove in mt_destroy */
+ var->status_proc = NULL;
+ }
+
+ mutex_unlock(&proc_lock);
+
+ remove_proc_entry(dir_name, net->proc_net);
+}
+
+static struct pernet_operations condition_mt_netops = {
+ .init = condnet_mt_init,
+ .exit = condnet_mt_exit,
+ .id = &condition_net_id,
+ .size = sizeof(struct condition_net),
+};
+
+static int __init condition_mt_init(void)
+{
+ int ret;
+
+ mutex_init(&proc_lock);
+ ret = xt_register_match(&condition_mt_reg);
+ if (ret < 0)
+ return ret;
+
+ ret = register_pernet_subsys(&condition_mt_netops);
+ if (ret < 0) {
+ xt_unregister_match(&condition_mt_reg);
+ return ret;
+ }
+
+ return 0;
+}
+
+static void __exit condition_mt_exit(void)
+{
+ unregister_pernet_subsys(&condition_mt_netops);
+ xt_unregister_match(&condition_mt_reg);
+}
+
+module_init(condition_mt_init);
+module_exit(condition_mt_exit);
--
1.7.0.4
^ permalink raw reply related
* [RFC v2 0/1] netfilter: xtables: xt_condition inclusion with namespace fix
From: Luciano Coelho @ 2010-07-23 14:28 UTC (permalink / raw)
To: netfilter-devel; +Cc: netdev, kaber, jengelh, sameo
Hi,
This is a respin of the patch Jan sent to the list some time ago. I've made
the changes proposed by Patrick in order to support multiple namespaces
correctly.
I still need to reapply my condition target and the u32 changes to the
condition on top of this, but I'd like to get some comments before I continue.
In v2 I've made a few changes as discussed in the review:
* Removed per-netns module parameters
* Use par->net instead of current->nsproxy->net_ns
* Fix file-leak in procfs when exiting the netns
Please let me know how it looks after these changes.
Cheers,
Luca.
Luciano Coelho (1):
netfilter: xtables: inclusion of xt_condition
include/linux/netfilter/Kbuild | 1 +
include/linux/netfilter/xt_condition.h | 14 ++
net/netfilter/Kconfig | 8 +
net/netfilter/Makefile | 1 +
net/netfilter/xt_condition.c | 265 ++++++++++++++++++++++++++++++++
5 files changed, 289 insertions(+), 0 deletions(-)
create mode 100644 include/linux/netfilter/xt_condition.h
create mode 100644 net/netfilter/xt_condition.c
^ permalink raw reply
* Re: [PATCH] iptables: use skb->len for accounting
From: Patrick McHardy @ 2010-07-23 14:25 UTC (permalink / raw)
To: Changli Gao; +Cc: David S. Miller, netfilter-devel, netdev
In-Reply-To: <1279856088-9004-1-git-send-email-xiaosuo@gmail.com>
On 23.07.2010 05:34, Changli Gao wrote:
> iptables: use skb->len for accounting
>
> use skb->len for accounting as xt_quota does.
>
Applied, thanks.
^ permalink raw reply
* Re: [PATCH] ip6tables: use skb->len for accounting
From: Patrick McHardy @ 2010-07-23 14:24 UTC (permalink / raw)
To: Changli Gao
Cc: David S. Miller, Alexey Kuznetsov, Pekka Savola (ipv6),
James Morris, Hideaki YOSHIFUJI, netfilter-devel, netdev
In-Reply-To: <1279855877-8945-1-git-send-email-xiaosuo@gmail.com>
On 23.07.2010 05:31, Changli Gao wrote:
> ip6tables: use skb->len for accounting
>
> ipv6_hdr(skb)->payload_len is ZERO and can't be used for accounting, if the
> payload is a Jumbo Payload specified in RFC2675.
Applied, thanks.
^ permalink raw reply
* Re: 2.6.35-rc6: Reported regressions from 2.6.34
From: Larry Finger @ 2010-07-23 14:21 UTC (permalink / raw)
To: Rafael J. Wysocki
Cc: Linux SCSI List, Network Development, Linux Wireless List,
Linux Kernel Mailing List, DRI, Linux ACPI, Andrew Morton,
Kernel Testers List, Linus Torvalds, Linux PM List,
Maciej Rutecki
In-Reply-To: <Lupw7pePXBO.A.fZH.G2XSMB@chimera>
On 07/23/2010 06:42 AM, Rafael J. Wysocki wrote:
> This message contains a list of some regressions from 2.6.34,
> for which there are no fixes in the mainline known to the tracking team.
> If any of them have been fixed already, please let us know.
> Bug-Entry : http://bugzilla.kernel.org/show_bug.cgi?id=16312
> Subject : WARNING: at fs/fs-writeback.c:1127 __mark_inode_dirty
> Submitter : Zdenek Kabelac<zdenek.kabelac@gmail.com>
> Date : 2010-06-28 9:40 (26 days old)
> Message-ID :<AANLkTin24fr5O4_q5Xbo9Y_NKkEmtcp6Hgmr9_4qXaFz@mail.gmail.com>
> References : http://marc.info/?l=linux-kernel&m=127771804806465&w=2
I still have this in 2.6.35-rc5.
Larry
^ permalink raw reply
* Re: [PATCH] ip6tables: use skb->len for accounting
From: Patrick McHardy @ 2010-07-23 14:21 UTC (permalink / raw)
To: Changli Gao
Cc: Jan Engelhardt, David S. Miller, Alexey Kuznetsov,
Pekka Savola (ipv6), James Morris, Hideaki YOSHIFUJI,
netfilter-devel, netdev
In-Reply-To: <AANLkTi=PAVfcX4ttUsSgm+A_WMYcfXt4FLvYunccgtjS@mail.gmail.com>
On 23.07.2010 15:05, Changli Gao wrote:
> On Fri, Jul 23, 2010 at 7:48 PM, Patrick McHardy <kaber@trash.net> wrote:
>> On 23.07.2010 08:38, Changli Gao wrote:
>>>
>>> For the packets received, ip_rcv, ipv6_rcv and bridge all call
>>> pskb_trim_rcsum before feeding them to netfilter. The raw packets are
>>> sent via dev_queue_xmit(), and they don't pass through the output path
>>> of netfilter.
>>
>> That's not true, raw packets also pass through netfilter. However
>> I agree that this patch makes sense to properly deal with jumbo
>> frames, but you should also update xt_length for consistency.
>>
>
> In order to support jumbo frames, we have to change the type of min
> and max in xt_length_info to u32.
I see. In that case I'll apply your skb->len patches as they are,
so please make the xt_length change in a new patch.
> I'll change xt_match.revision to 1,
> do I need to support the current revision 0 at the same time?
You should simply keep the revision 0 code as it is. Revision 1,
using skb->len, can be used for both IPv4 and IPv6.
^ permalink raw reply
* Re: Yet another bridge netfilter crash
From: Patrick McHardy @ 2010-07-23 14:18 UTC (permalink / raw)
To: Herbert Xu; +Cc: Stephen Hemminger, netdev
In-Reply-To: <20100723134208.GA6655@gondor.apana.org.au>
[-- Attachment #1: Type: text/plain, Size: 1003 bytes --]
On 23.07.2010 15:42, Herbert Xu wrote:
> Hi:
>
> I was cced on the following bug:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=617268
>
>>From what I've seen in the crash dump, this would appear to be
> yet another manifestation of the evil relationship between the
> bridge and IPv4 through netfilter.
>
> In particular, bridge netfilter invokes IPv4's PRE_ROUTING rules,
> one of which assembles packets for connection tracking.
>
> Unfortunately, the same cache is used for reassembling bridge
> packets and non-bridge packets.
>
> Now we already knew about this and its potential security effects.
> However, what we didn't know is that this can also cause a packet
> to appear in the bridge pre_routing code with nf_bridge set to
> NULL when it must not be NULL.
>
> This happens if the non-bridge fragment appeared first.
>
> So now is the time to fix this properly by giving the bridge its
> own separate conntrack namespace/zone.
I think we've already fixed this by commit 8fa9ff6:
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 4090 bytes --]
commit 8fa9ff6849bb86c59cc2ea9faadf3cb2d5223497
Author: Patrick McHardy <kaber@trash.net>
Date: Tue Dec 15 16:59:59 2009 +0100
netfilter: fix crashes in bridge netfilter caused by fragment jumps
When fragments from bridge netfilter are passed to IPv4 or IPv6 conntrack
and a reassembly queue with the same fragment key already exists from
reassembling a similar packet received on a different device (f.i. with
multicasted fragments), the reassembled packet might continue on a different
codepath than where the head fragment originated. This can cause crashes
in bridge netfilter when a fragment received on a non-bridge device (and
thus with skb->nf_bridge == NULL) continues through the bridge netfilter
code.
Add a new reassembly identifier for packets originating from bridge
netfilter and use it to put those packets in insolated queues.
Fixes http://bugzilla.kernel.org/show_bug.cgi?id=14805
Reported-and-Tested-by: Chong Qiao <qiaochong@loongson.cn>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/include/net/ip.h b/include/net/ip.h
index e6b9d12..85108cf 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -337,6 +337,7 @@ enum ip_defrag_users {
IP_DEFRAG_CALL_RA_CHAIN,
IP_DEFRAG_CONNTRACK_IN,
IP_DEFRAG_CONNTRACK_OUT,
+ IP_DEFRAG_CONNTRACK_BRIDGE_IN,
IP_DEFRAG_VS_IN,
IP_DEFRAG_VS_OUT,
IP_DEFRAG_VS_FWD
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index d691603..ccab594 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -354,6 +354,7 @@ enum ip6_defrag_users {
IP6_DEFRAG_LOCAL_DELIVER,
IP6_DEFRAG_CONNTRACK_IN,
IP6_DEFRAG_CONNTRACK_OUT,
+ IP6_DEFRAG_CONNTRACK_BRIDGE_IN,
};
struct ip6_create_arg {
diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c
index fa2d6b6..331ead3 100644
--- a/net/ipv4/netfilter/nf_defrag_ipv4.c
+++ b/net/ipv4/netfilter/nf_defrag_ipv4.c
@@ -14,6 +14,7 @@
#include <net/route.h>
#include <net/ip.h>
+#include <linux/netfilter_bridge.h>
#include <linux/netfilter_ipv4.h>
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
@@ -34,6 +35,20 @@ static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
return err;
}
+static enum ip_defrag_users nf_ct_defrag_user(unsigned int hooknum,
+ struct sk_buff *skb)
+{
+#ifdef CONFIG_BRIDGE_NETFILTER
+ if (skb->nf_bridge &&
+ skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)
+ return IP_DEFRAG_CONNTRACK_BRIDGE_IN;
+#endif
+ if (hooknum == NF_INET_PRE_ROUTING)
+ return IP_DEFRAG_CONNTRACK_IN;
+ else
+ return IP_DEFRAG_CONNTRACK_OUT;
+}
+
static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
struct sk_buff *skb,
const struct net_device *in,
@@ -50,10 +65,8 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
#endif
/* Gather fragments. */
if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
- if (nf_ct_ipv4_gather_frags(skb,
- hooknum == NF_INET_PRE_ROUTING ?
- IP_DEFRAG_CONNTRACK_IN :
- IP_DEFRAG_CONNTRACK_OUT))
+ enum ip_defrag_users user = nf_ct_defrag_user(hooknum, skb);
+ if (nf_ct_ipv4_gather_frags(skb, user))
return NF_STOLEN;
}
return NF_ACCEPT;
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index c0a82fe..0956eba 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -20,6 +20,7 @@
#include <net/ipv6.h>
#include <net/inet_frag.h>
+#include <linux/netfilter_bridge.h>
#include <linux/netfilter_ipv6.h>
#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack_helper.h>
@@ -190,6 +191,11 @@ out:
static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum,
struct sk_buff *skb)
{
+#ifdef CONFIG_BRIDGE_NETFILTER
+ if (skb->nf_bridge &&
+ skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)
+ return IP6_DEFRAG_CONNTRACK_BRIDGE_IN;
+#endif
if (hooknum == NF_INET_PRE_ROUTING)
return IP6_DEFRAG_CONNTRACK_IN;
else
^ permalink raw reply related
* Re: [PATCH iptables] extension: add xt_cpu match
From: Patrick McHardy @ 2010-07-23 14:13 UTC (permalink / raw)
To: Eric Dumazet; +Cc: Jan Engelhardt, Netfilter Development Mailinglist, netdev
In-Reply-To: <1279892621.2481.53.camel@edumazet-laptop>
On 23.07.2010 15:43, Eric Dumazet wrote:
> extension: add xt_cpu match
>
> Kernel 2.6.36 supports xt_cpu match
>
> In some situations a CPU match permits a better spreading of
> connections, or select targets only for a given cpu.
>
> With Remote Packet Steering or multiqueue NIC and appropriate IRQ
> affinities, we can distribute trafic on available cpus, per session.
> (all RX packets for a given flow are handled by a given cpu)
>
> Some legacy applications being not SMP friendly, one way to scale a
> server is to run multiple copies of them.
>
> Instead of randomly choosing an instance, we can use the cpu number as a
> key so that softirq handler for a whole instance is running on a single
> cpu, maximizing cache effects in TCP/UDP stacks.
>
> Using NAT for example, a four ways machine might run four copies of
> server application, using a separate listening port for each instance,
> but still presenting an unique external port :
>
> iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 \
> -j REDIRECT --to-port 8080
>
> iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 \
> -j REDIRECT --to-port 8081
>
> iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 2 \
> -j REDIRECT --to-port 8082
>
> iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 3 \
> -j REDIRECT --to-port 8083
>
Applied to the iptables-next branch, thanks Eric.
^ permalink raw reply
* Re: [PATCH V3] Export SMBIOS provided firmware instance and label to sysfs
From: Greg KH @ 2010-07-23 13:55 UTC (permalink / raw)
To: Narendra K
Cc: netdev, linux-hotplug, linux-pci, matt_domsch, charles_rose,
jordan_hargrave, vijay_nijhawan
In-Reply-To: <20100723133456.GA9378@auslistsprd01.us.dell.com>
On Fri, Jul 23, 2010 at 08:34:56AM -0500, Narendra K wrote:
> --- a/Documentation/ABI/testing/sysfs-bus-pci
> +++ b/Documentation/ABI/testing/sysfs-bus-pci
> @@ -179,3 +179,30 @@ Contact: linux-pci@vger.kernel.org
> Description:
> This symbolic link points to the PCI hotplug controller driver
> module that manages the hotplug slot.
> +
> +What: /sys/bus/pci/devices/.../label
> +Date: July 2010
> +Contact: linux-bugs@dell.com
that's not your email address. Please don't hide behind some random
address, Linux is about contacting developers directly were ever
possible.
thanks,
greg k-h
^ permalink raw reply
* [PATCH] iproute2: filter routing entries based on clone flag
From: Ulrich Weber @ 2010-07-23 13:36 UTC (permalink / raw)
To: shemminger; +Cc: netdev
Before IPv6 routing cache entries were always displayed
if additional tables beside MAIN and LOCAL are installed.
Signed-off-by: Ulrich Weber <uweber@astaro.com>
---
ip/iproute.c | 13 +++----------
1 files changed, 3 insertions(+), 10 deletions(-)
diff --git a/ip/iproute.c b/ip/iproute.c
index 8252e18..fce7f33 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -160,14 +160,11 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
if (r->rtm_family == AF_INET6 && table != RT_TABLE_MAIN)
ip6_multiple_tables = 1;
+ if (filter.cloned == !(r->rtm_flags&RTM_F_CLONED))
+ return 0;
+
if (r->rtm_family == AF_INET6 && !ip6_multiple_tables) {
- if (filter.cloned) {
- if (!(r->rtm_flags&RTM_F_CLONED))
- return 0;
- }
if (filter.tb) {
- if (!filter.cloned && r->rtm_flags&RTM_F_CLONED)
- return 0;
if (filter.tb == RT_TABLE_LOCAL) {
if (r->rtm_type != RTN_LOCAL)
return 0;
@@ -179,10 +176,6 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
}
}
} else {
- if (filter.cloned) {
- if (!(r->rtm_flags&RTM_F_CLONED))
- return 0;
- }
if (filter.tb > 0 && filter.tb != table)
return 0;
}
--
1.7.0.4
^ permalink raw reply related
* [PATCH iptables] extension: add xt_cpu match
From: Eric Dumazet @ 2010-07-23 13:43 UTC (permalink / raw)
To: Patrick McHardy; +Cc: Jan Engelhardt, Netfilter Development Mailinglist, netdev
In-Reply-To: <4C497644.7050201@trash.net>
Patrick,
Here is iptables extension for xt_cpu match.
I put same changelog than kernel one, tell me if its ok or not ;)
Thanks
[PATCH iptables] extension: add xt_cpu match
Kernel 2.6.36 supports xt_cpu match
In some situations a CPU match permits a better spreading of
connections, or select targets only for a given cpu.
With Remote Packet Steering or multiqueue NIC and appropriate IRQ
affinities, we can distribute trafic on available cpus, per session.
(all RX packets for a given flow are handled by a given cpu)
Some legacy applications being not SMP friendly, one way to scale a
server is to run multiple copies of them.
Instead of randomly choosing an instance, we can use the cpu number as a
key so that softirq handler for a whole instance is running on a single
cpu, maximizing cache effects in TCP/UDP stacks.
Using NAT for example, a four ways machine might run four copies of
server application, using a separate listening port for each instance,
but still presenting an unique external port :
iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 \
-j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 \
-j REDIRECT --to-port 8081
iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 2 \
-j REDIRECT --to-port 8082
iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 3 \
-j REDIRECT --to-port 8083
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
---
extensions/libxt_cpu.c | 98 +++++++++++++++++++++++++++++
extensions/libxt_cpu.man | 16 ++++
include/linux/netfilter/xt_cpu.h | 11 +++
3 files changed, 125 insertions(+)
diff --git a/extensions/libxt_cpu.c b/extensions/libxt_cpu.c
index e69de29..869998d 100644
--- a/extensions/libxt_cpu.c
+++ b/extensions/libxt_cpu.c
@@ -0,0 +1,98 @@
+/* Shared library add-on to iptables to add CPU match support. */
+#include <stdio.h>
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_cpu.h>
+
+static void cpu_help(void)
+{
+ printf(
+"cpu match options:\n"
+"[!] --cpu number Match CPU number\n");
+}
+
+static const struct option cpu_opts[] = {
+ { "cpu", 1, NULL, '1' },
+ { .name = NULL }
+};
+
+static void
+parse_cpu(const char *s, struct xt_cpu_info *info)
+{
+ unsigned int cpu;
+ char *end;
+
+ if (!xtables_strtoui(s, &end, &cpu, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "cpu", "--cpu", s);
+
+ if (*end != '\0')
+ xtables_param_act(XTF_BAD_VALUE, "cpu", "--cpu", s);
+
+ info->cpu = cpu;
+}
+
+static int
+cpu_parse(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry, struct xt_entry_match **match)
+{
+ struct xt_cpu_info *cpuinfo = (struct xt_cpu_info *)(*match)->data;
+
+ switch (c) {
+ case '1':
+ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+ parse_cpu(optarg, cpuinfo);
+ if (invert)
+ cpuinfo->invert = 1;
+ *flags = 1;
+ break;
+
+ default:
+ return 0;
+ }
+
+ return 1;
+}
+
+static void cpu_check(unsigned int flags)
+{
+ if (!flags)
+ xtables_error(PARAMETER_PROBLEM,
+ "You must specify `--cpu'");
+}
+
+static void
+cpu_print(const void *ip, const struct xt_entry_match *match, int numeric)
+{
+ const struct xt_cpu_info *info = (void *)match->data;
+
+ printf("cpu %s%u ", info->invert ? "! ":"", info->cpu);
+}
+
+static void cpu_save(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_cpu_info *info = (void *)match->data;
+
+ printf("%s--cpu %u ", info->invert ? "! ":"", info->cpu);
+}
+
+static struct xtables_match cpu_match = {
+ .family = NFPROTO_UNSPEC,
+ .name = "cpu",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_cpu_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_cpu_info)),
+ .help = cpu_help,
+ .parse = cpu_parse,
+ .final_check = cpu_check,
+ .print = cpu_print,
+ .save = cpu_save,
+ .extra_opts = cpu_opts,
+};
+
+void _init(void)
+{
+ xtables_register_match(&cpu_match);
+}
diff --git a/extensions/libxt_cpu.man b/extensions/libxt_cpu.man
index e69de29..f42ac7a 100644
--- a/extensions/libxt_cpu.man
+++ b/extensions/libxt_cpu.man
@@ -0,0 +1,16 @@
+.TP
+[\fB!\fP] \fB\-\-cpu\fP \fInumber\fP
+
+Match cpu handling this packet. cpus are numbered from 0 to NR_CPUS-1
+Can be used in combination with RPS (Remote Packet Steering) or
+multiqueue NICS to spread network traffic on different queues.
+.PP
+Example:
+.PP
+iptables \-t nat \-A PREROUTING \-p tcp \-\-dport 80 \-m cpu \-\-cpu 0
+ \-j REDIRECT \-\-to\-port 8080
+.PP
+iptables \-t nat \-A PREROUTING \-p tcp \-\-dport 80 \-m cpu \-\-cpu 1
+ \-j REDIRECT \-\-to\-port 8081
+.PP
+Available since linux 2.6.36
diff --git a/include/linux/netfilter/xt_cpu.h b/include/linux/netfilter/xt_cpu.h
index e69de29..93c7f11 100644
--- a/include/linux/netfilter/xt_cpu.h
+++ b/include/linux/netfilter/xt_cpu.h
@@ -0,0 +1,11 @@
+#ifndef _XT_CPU_H
+#define _XT_CPU_H
+
+#include <linux/types.h>
+
+struct xt_cpu_info {
+ __u32 cpu;
+ __u32 invert;
+};
+
+#endif /*_XT_CPU_H*/
^ permalink raw reply related
* Yet another bridge netfilter crash
From: Herbert Xu @ 2010-07-23 13:42 UTC (permalink / raw)
To: Patrick McHardy, Stephen Hemminger, netdev
Hi:
I was cced on the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=617268
>From what I've seen in the crash dump, this would appear to be
yet another manifestation of the evil relationship between the
bridge and IPv4 through netfilter.
In particular, bridge netfilter invokes IPv4's PRE_ROUTING rules,
one of which assembles packets for connection tracking.
Unfortunately, the same cache is used for reassembling bridge
packets and non-bridge packets.
Now we already knew about this and its potential security effects.
However, what we didn't know is that this can also cause a packet
to appear in the bridge pre_routing code with nf_bridge set to
NULL when it must not be NULL.
This happens if the non-bridge fragment appeared first.
So now is the time to fix this properly by giving the bridge its
own separate conntrack namespace/zone.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* [PATCH] iproute2: use get_user_hz() for IPv6 print_route
From: Ulrich Weber @ 2010-07-23 13:37 UTC (permalink / raw)
To: shemminger; +Cc: netdev
as already done in IPv4 and metrics code part
Signed-off-by: Ulrich Weber <uweber@astaro.com>
---
ip/iproute.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ip/iproute.c b/ip/iproute.c
index fce7f33..04b253a 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -482,7 +482,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
if (mxrta[i] == NULL)
continue;
if (!hz)
- hz = get_hz();
+ hz = get_user_hz();
if (i < sizeof(mx_names)/sizeof(char*) && mx_names[i])
fprintf(fp, " %s", mx_names[i]);
--
1.7.0.4
^ permalink raw reply related
* [PATCH] iproute2: use int instead of long for RTAX_HOPLIMIT compare
From: Ulrich Weber @ 2010-07-23 13:39 UTC (permalink / raw)
To: shemminger; +Cc: netdev
otherwise "if ((int)val == -1)" will never match on 64 bit systems
Signed-off-by: Ulrich Weber <uweber@astaro.com>
---
ip/iproute.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ip/iproute.c b/ip/iproute.c
index 04b253a..711576e 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -494,7 +494,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
val = *(unsigned*)RTA_DATA(mxrta[i]);
switch (i) {
case RTAX_HOPLIMIT:
- if ((long)val == -1)
+ if ((int)val == -1)
val = 0;
/* fall through */
default:
--
1.7.0.4
^ permalink raw reply related
* Re: [PATCH V3] Export SMBIOS provided firmware instance and label to sysfs
From: Narendra K @ 2010-07-23 13:34 UTC (permalink / raw)
To: greg
Cc: netdev, linux-hotplug, linux-pci, matt_domsch, charles_rose,
jordan_hargrave, vijay_nijhawan
In-Reply-To: <EDA0A4495861324DA2618B4C45DCB3EE612C40@blrx3m08.blr.amer.dell.com>
> -----Original Message-----
> From: Greg KH [mailto:greg@kroah.com]
> Sent: Friday, July 23, 2010 12:26 AM
> To: K, Narendra
> Cc: netdev@vger.kernel.org; linux-hotplug@vger.kernel.org;
> linux-pci@vger.kernel.org; Domsch, Matt; Rose, Charles; Hargrave,
> Jordan; Nijhawan, Vijay
> Subject: Re: [PATCH V3] Export SMBIOS provided firmware instance and
> label to sysfs
>
> On Thu, Jul 22, 2010 at 01:44:48PM -0500, Narendra K wrote:
> > Hello,
> >
> > Resubmitting the patch with suggested changes -
> >
> > V2 -> V3:
> > +Date: July 2010
> > +Contact: Linux PCI developers <linux-pci@vger.kernel.org>
>
> Why not contact you?
>
> > +Description:
> > + Reading this attribute will provide the firmware
> > + given name of the PCI device. The attribute will
> > + be created only if the firmware has given a name
> > + to the PCI device.
>
> Where does that "name" come from? Please describe this.
>
> > +Users:
> > + Userspace applications interested in knowing the
> > + firmware assigned name of the PCI device.
> > +
> > +What: /sys/bus/pci/devices/.../index
> > +Date: July 2010
> > +Contact: Linux PCI developers <linux-pci@vger.kernel.org>
> > +Description:
> > + Reading this attribute will provide the firmware
> > + given instance of the PCI device. The attribute will
> > + be created only if the firmware has given a device
> > + type instance to the PCI device.
>
> Same comments as above.
Please find the patch with above suggestions incorporated -
From: Narendra K <narendra_k@dell.com>
Subject: [PATCH] Export SMBIOS provided firmware instance and label to sysfs
This patch exports SMBIOS provided firmware instance and label
of onboard pci devices to sysfs
Signed-off-by: Jordan Hargrave <jordan_hargrave@dell.com>
Signed-off-by: Narendra K <narendra_k@dell.com>
---
Documentation/ABI/testing/sysfs-bus-pci | 27 ++++++
drivers/firmware/dmi_scan.c | 25 ++++++
drivers/pci/Makefile | 3 +
drivers/pci/pci-label.c | 143 +++++++++++++++++++++++++++++++
drivers/pci/pci-sysfs.c | 5 +
drivers/pci/pci.h | 9 ++
include/linux/dmi.h | 9 ++
7 files changed, 221 insertions(+), 0 deletions(-)
create mode 100644 drivers/pci/pci-label.c
diff --git a/Documentation/ABI/testing/sysfs-bus-pci b/Documentation/ABI/testing/sysfs-bus-pci
index 428676c..c17b48b 100644
--- a/Documentation/ABI/testing/sysfs-bus-pci
+++ b/Documentation/ABI/testing/sysfs-bus-pci
@@ -179,3 +179,30 @@ Contact: linux-pci@vger.kernel.org
Description:
This symbolic link points to the PCI hotplug controller driver
module that manages the hotplug slot.
+
+What: /sys/bus/pci/devices/.../label
+Date: July 2010
+Contact: linux-bugs@dell.com
+Description:
+ Reading this attribute will provide the firmware
+ given name(SMBIOS type 41 string) of the PCI device.
+ The attribute will be created only if the firmware
+ has given a name to the PCI device.
+Users:
+ Userspace applications interested in knowing the
+ firmware assigned name of the PCI device.
+
+What: /sys/bus/pci/devices/.../index
+Date: July 2010
+Contact: linux-bugs@dell.com
+Description:
+ Reading this attribute will provide the firmware
+ given instance(SMBIOS type 41 device type instance)
+ of the PCI device. The attribute will be created
+ only if the firmware has given a device type instance
+ to the PCI device.
+Users:
+ Userspace applications interested in knowing the
+ firmware assigned device type instance of the PCI
+ device that can help in understanding the firmware
+ intended order of the PCI device.
diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
index d464672..b3d22d6 100644
--- a/drivers/firmware/dmi_scan.c
+++ b/drivers/firmware/dmi_scan.c
@@ -277,6 +277,29 @@ static void __init dmi_save_ipmi_device(const struct dmi_header *dm)
list_add_tail(&dev->list, &dmi_devices);
}
+static void __init dmi_save_dev_onboard(int instance, int segment, int bus,
+ int devfn, const char *name)
+{
+ struct dmi_dev_onboard *onboard_dev;
+
+ onboard_dev = dmi_alloc(sizeof(*onboard_dev) + strlen(name) + 1);
+ if (!onboard_dev) {
+ printk(KERN_ERR "dmi_save_dev_onboard: out of memory.\n");
+ return;
+ }
+ onboard_dev->instance = instance;
+ onboard_dev->segment = segment;
+ onboard_dev->bus = bus;
+ onboard_dev->devfn = devfn;
+
+ strcpy((char *)&onboard_dev[1], name);
+ onboard_dev->dev.type = DMI_DEV_TYPE_DEV_ONBOARD;
+ onboard_dev->dev.name = (char *)&onboard_dev[1];
+ onboard_dev->dev.device_data = onboard_dev;
+
+ list_add(&onboard_dev->dev.list, &dmi_devices);
+}
+
static void __init dmi_save_extended_devices(const struct dmi_header *dm)
{
const u8 *d = (u8*) dm + 5;
@@ -285,6 +308,8 @@ static void __init dmi_save_extended_devices(const struct dmi_header *dm)
if ((*d & 0x80) == 0)
return;
+ dmi_save_dev_onboard(*(d+1), *(u16 *)(d+2), *(d+4), *(d+5),
+ dmi_string_nosave(dm, *(d-1)));
dmi_save_one_device(*d & 0x7f, dmi_string_nosave(dm, *(d - 1)));
}
diff --git a/drivers/pci/Makefile b/drivers/pci/Makefile
index 0b51857..dc1aa09 100644
--- a/drivers/pci/Makefile
+++ b/drivers/pci/Makefile
@@ -55,6 +55,9 @@ obj-$(CONFIG_MICROBLAZE) += setup-bus.o
#
obj-$(CONFIG_ACPI) += pci-acpi.o
+# SMBIOS provided firmware instance and labels
+obj-$(CONFIG_DMI) += pci-label.o
+
# Cardbus & CompactPCI use setup-bus
obj-$(CONFIG_HOTPLUG) += setup-bus.o
diff --git a/drivers/pci/pci-label.c b/drivers/pci/pci-label.c
new file mode 100644
index 0000000..111500e
--- /dev/null
+++ b/drivers/pci/pci-label.c
@@ -0,0 +1,143 @@
+/*
+ * Purpose: Export the firmware instance and label associated with
+ * a pci device to sysfs
+ * Copyright (C) 2010 Dell Inc.
+ * by Narendra K <Narendra_K@dell.com>,
+ * Jordan Hargrave <Jordan_Hargrave@dell.com>
+ *
+ * SMBIOS defines type 41 for onboard pci devices. This code retrieves
+ * the instance number and string from the type 41 record and exports
+ * it to sysfs.
+ *
+ * Please see http://linux.dell.com/wiki/index.php/Oss/libnetdevname for more
+ * information.
+ */
+
+#include <linux/dmi.h>
+#include <linux/sysfs.h>
+#include <linux/pci.h>
+#include <linux/pci_ids.h>
+#include <linux/module.h>
+#include <linux/device.h>
+#include "pci.h"
+
+enum smbios_attr_enum {
+ SMBIOS_ATTR_NONE = 0,
+ SMBIOS_ATTR_LABEL_SHOW,
+ SMBIOS_ATTR_INSTANCE_SHOW,
+};
+
+static mode_t
+find_smbios_instance_string(struct pci_dev *pdev, char *buf,
+ enum smbios_attr_enum attribute)
+{
+ const struct dmi_device *dmi;
+ struct dmi_dev_onboard *donboard;
+ int bus;
+ int devfn;
+
+ bus = pdev->bus->number;
+ devfn = pdev->devfn;
+
+ dmi = NULL;
+ while ((dmi = dmi_find_device(DMI_DEV_TYPE_DEV_ONBOARD,
+ NULL, dmi)) != NULL) {
+ donboard = dmi->device_data;
+ if (donboard && donboard->bus == bus &&
+ donboard->devfn == devfn) {
+ if (buf) {
+ if (attribute == SMBIOS_ATTR_INSTANCE_SHOW)
+ return scnprintf(buf, PAGE_SIZE,
+ "%d\n",
+ donboard->instance);
+ else if (attribute == SMBIOS_ATTR_LABEL_SHOW)
+ return scnprintf(buf, PAGE_SIZE,
+ "%s\n",
+ dmi->name);
+ }
+ return strlen(dmi->name);
+ }
+ }
+ return 0;
+}
+
+static mode_t
+smbios_instance_string_exist(struct kobject *kobj, struct attribute *attr,
+ int n)
+{
+ struct device *dev;
+ struct pci_dev *pdev;
+
+ dev = container_of(kobj, struct device, kobj);
+ pdev = to_pci_dev(dev);
+
+ return find_smbios_instance_string(pdev, NULL, SMBIOS_ATTR_NONE) ?
+ S_IRUGO : 0;
+}
+
+static ssize_t
+smbioslabel_show(struct device *dev, struct device_attribute *attr, char *buf)
+{
+ struct pci_dev *pdev;
+ pdev = to_pci_dev(dev);
+
+ return find_smbios_instance_string(pdev, buf,
+ SMBIOS_ATTR_LABEL_SHOW);
+}
+
+static ssize_t
+smbiosinstance_show(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+ struct pci_dev *pdev;
+ pdev = to_pci_dev(dev);
+
+ return find_smbios_instance_string(pdev, buf,
+ SMBIOS_ATTR_INSTANCE_SHOW);
+}
+
+static struct device_attribute smbios_attr_label = {
+ .attr = {.name = "label", .mode = 0444, .owner = THIS_MODULE},
+ .show = smbioslabel_show,
+};
+
+static struct device_attribute smbios_attr_instance = {
+ .attr = {.name = "index", .mode = 0444, .owner = THIS_MODULE},
+ .show = smbiosinstance_show,
+};
+
+static struct attribute *smbios_attributes[] = {
+ &smbios_attr_label.attr,
+ &smbios_attr_instance.attr,
+ NULL,
+};
+
+static struct attribute_group smbios_attr_group = {
+ .attrs = smbios_attributes,
+ .is_visible = smbios_instance_string_exist,
+};
+
+static int
+pci_create_smbiosname_file(struct pci_dev *pdev)
+{
+ if (!sysfs_create_group(&pdev->dev.kobj, &smbios_attr_group))
+ return 0;
+ return -ENODEV;
+}
+
+static void
+pci_remove_smbiosname_file(struct pci_dev *pdev)
+{
+ sysfs_remove_group(&pdev->dev.kobj, &smbios_attr_group);
+}
+
+void pci_create_firmware_label_files(struct pci_dev *pdev)
+{
+ if (!pci_create_smbiosname_file(pdev))
+ ;
+}
+
+void pci_remove_firmware_label_files(struct pci_dev *pdev)
+{
+ pci_remove_smbiosname_file(pdev);
+}
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index afd2fbf..01fd799 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -1132,6 +1132,8 @@ int __must_check pci_create_sysfs_dev_files (struct pci_dev *pdev)
pci_create_slot_links(pdev);
+ pci_create_firmware_label_files(pdev);
+
return 0;
err_vga_file:
@@ -1201,6 +1203,9 @@ void pci_remove_sysfs_dev_files(struct pci_dev *pdev)
sysfs_remove_bin_file(&pdev->dev.kobj, pdev->rom_attr);
kfree(pdev->rom_attr);
}
+
+ pci_remove_firmware_label_files(pdev);
+
}
static int __init pci_sysfs_init(void)
diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h
index f8077b3..d930338 100644
--- a/drivers/pci/pci.h
+++ b/drivers/pci/pci.h
@@ -11,6 +11,15 @@
extern int pci_uevent(struct device *dev, struct kobj_uevent_env *env);
extern int pci_create_sysfs_dev_files(struct pci_dev *pdev);
extern void pci_remove_sysfs_dev_files(struct pci_dev *pdev);
+#ifndef CONFIG_DMI
+static inline void pci_create_firmware_label_files(struct pci_dev *pdev)
+{ return 0; }
+static inline void pci_remove_firmware_label_files(struct pci_dev *pdev)
+{ return 0; }
+#else
+extern void pci_create_firmware_label_files(struct pci_dev *pdev);
+extern void pci_remove_firmware_label_files(struct pci_dev *pdev);
+#endif
extern void pci_cleanup_rom(struct pci_dev *dev);
#ifdef HAVE_PCI_MMAP
extern int pci_mmap_fits(struct pci_dev *pdev, int resno,
diff --git a/include/linux/dmi.h b/include/linux/dmi.h
index a8a3e1a..90e087f 100644
--- a/include/linux/dmi.h
+++ b/include/linux/dmi.h
@@ -20,6 +20,7 @@ enum dmi_device_type {
DMI_DEV_TYPE_SAS,
DMI_DEV_TYPE_IPMI = -1,
DMI_DEV_TYPE_OEM_STRING = -2,
+ DMI_DEV_TYPE_DEV_ONBOARD = -3,
};
struct dmi_header {
@@ -37,6 +38,14 @@ struct dmi_device {
#ifdef CONFIG_DMI
+struct dmi_dev_onboard {
+ struct dmi_device dev;
+ int instance;
+ int segment;
+ int bus;
+ int devfn;
+};
+
extern int dmi_check_system(const struct dmi_system_id *list);
const struct dmi_system_id *dmi_first_match(const struct dmi_system_id *list);
extern const char * dmi_get_system_info(int field);
--
1.6.5.2
With regards,
Narendra K
^ permalink raw reply related
* Re: [PATCH 6/6] pcmcia: remove cs_types.h
From: John W. Linville @ 2010-07-23 13:27 UTC (permalink / raw)
To: Dominik Brodowski
Cc: linux-pcmcia, netdev, linux-wireless, linux-ide, linux-usb,
laforge, linux-mtd, linux-bluetooth, alsa-devel, linux-serial
In-Reply-To: <1279874305-21191-6-git-send-email-linux@dominikbrodowski.net>
On Fri, Jul 23, 2010 at 10:38:25AM +0200, Dominik Brodowski wrote:
> Remove cs_types.h which is no longer needed: Most definitions aren't
> used at all, a few can be made away with, and two remaining definitions
> (typedefs, unfortunatley) may be moved to more specific places.
>
> CC: netdev@vger.kernel.org
> CC: linux-wireless@vger.kernel.org
> CC: linux-ide@vger.kernel.org
> CC: linux-usb@vger.kernel.org
> CC: laforge@gnumonks.org
> CC: linux-mtd@lists.infradead.org
> CC: linux-bluetooth@vger.kernel.org
> CC: alsa-devel@alsa-project.org
> CC: linux-serial@vger.kernel.org
> Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
ACK for the drivers/net/wireless bits...
--
John W. Linville Someday the world will need a hero, and you
linville@tuxdriver.com might be all we have. Be ready.
^ permalink raw reply
* [PATCH 4/5] wireless: use newly introduced hex_to_bin()
From: Andy Shevchenko @ 2010-07-23 13:18 UTC (permalink / raw)
To: David S. Miller, netdev, linux-kernel
Cc: Andy Shevchenko, Corey Thomas, John W. Linville, linux-wireless
In-Reply-To: <cover.1279890832.git.andy.shevchenko@gmail.com>
Signed-off-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: Corey Thomas <coreythomas@charter.net>
Cc: "John W. Linville" <linville@tuxdriver.com>
Cc: linux-wireless@vger.kernel.org
---
drivers/net/wireless/ray_cs.c | 23 ++---------------------
1 files changed, 2 insertions(+), 21 deletions(-)
diff --git a/drivers/net/wireless/ray_cs.c b/drivers/net/wireless/ray_cs.c
index abff893..9c38fc3 100644
--- a/drivers/net/wireless/ray_cs.c
+++ b/drivers/net/wireless/ray_cs.c
@@ -97,7 +97,6 @@ static iw_stats *ray_get_wireless_stats(struct net_device *dev);
static const struct iw_handler_def ray_handler_def;
/***** Prototypes for raylink functions **************************************/
-static int asc_to_int(char a);
static void authenticate(ray_dev_t *local);
static int build_auth_frame(ray_dev_t *local, UCHAR *dest, int auth_type);
static void authenticate_timeout(u_long);
@@ -1717,24 +1716,6 @@ static void authenticate_timeout(u_long data)
}
/*===========================================================================*/
-static int asc_to_int(char a)
-{
- if (a < '0')
- return -1;
- if (a <= '9')
- return (a - '0');
- if (a < 'A')
- return -1;
- if (a <= 'F')
- return (10 + a - 'A');
- if (a < 'a')
- return -1;
- if (a <= 'f')
- return (10 + a - 'a');
- return -1;
-}
-
-/*===========================================================================*/
static int parse_addr(char *in_str, UCHAR *out)
{
int len;
@@ -1754,14 +1735,14 @@ static int parse_addr(char *in_str, UCHAR *out)
i = 5;
while (j > 0) {
- if ((k = asc_to_int(in_str[j--])) != -1)
+ if ((k = hex_to_bin(in_str[j--])) != -1)
out[i] = k;
else
return 0;
if (j == 0)
break;
- if ((k = asc_to_int(in_str[j--])) != -1)
+ if ((k = hex_to_bin(in_str[j--])) != -1)
out[i] += k << 4;
else
return 0;
--
1.7.1.1
^ permalink raw reply related
* [PATCH 1/5] drivers: atm: don't use private copy of hex_to_bin()
From: Andy Shevchenko @ 2010-07-23 13:18 UTC (permalink / raw)
To: David S. Miller, netdev, linux-kernel
Cc: Andy Shevchenko, Chas Williams, linux-atm-general
In-Reply-To: <cover.1279890832.git.andy.shevchenko@gmail.com>
Signed-off-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: Chas Williams <chas@cmf.nrl.navy.mil>
Cc: linux-atm-general@lists.sourceforge.net
---
drivers/atm/nicstar.c | 15 ++-------------
1 files changed, 2 insertions(+), 13 deletions(-)
diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c
index 729a149..2f3516b 100644
--- a/drivers/atm/nicstar.c
+++ b/drivers/atm/nicstar.c
@@ -154,7 +154,6 @@ static void which_list(ns_dev * card, struct sk_buff *skb);
#endif
static void ns_poll(unsigned long arg);
static int ns_parse_mac(char *mac, unsigned char *esi);
-static short ns_h2i(char c);
static void ns_phy_put(struct atm_dev *dev, unsigned char value,
unsigned long addr);
static unsigned char ns_phy_get(struct atm_dev *dev, unsigned long addr);
@@ -2824,9 +2823,9 @@ static int ns_parse_mac(char *mac, unsigned char *esi)
return -1;
j = 0;
for (i = 0; i < 6; i++) {
- if ((byte1 = ns_h2i(mac[j++])) < 0)
+ if ((byte1 = hex_to_bin(mac[j++])) < 0)
return -1;
- if ((byte0 = ns_h2i(mac[j++])) < 0)
+ if ((byte0 = hex_to_bin(mac[j++])) < 0)
return -1;
esi[i] = (unsigned char)(byte1 * 16 + byte0);
if (i < 5) {
@@ -2837,16 +2836,6 @@ static int ns_parse_mac(char *mac, unsigned char *esi)
return 0;
}
-static short ns_h2i(char c)
-{
- if (c >= '0' && c <= '9')
- return (short)(c - '0');
- if (c >= 'A' && c <= 'F')
- return (short)(c - 'A' + 10);
- if (c >= 'a' && c <= 'f')
- return (short)(c - 'a' + 10);
- return -1;
-}
static void ns_phy_put(struct atm_dev *dev, unsigned char value,
unsigned long addr)
--
1.7.1.1
^ permalink raw reply related
* [PATCH 5/5] net: core: don't use own hex_to_bin() method
From: Andy Shevchenko @ 2010-07-23 13:18 UTC (permalink / raw)
To: David S. Miller, netdev, linux-kernel; +Cc: Andy Shevchenko
In-Reply-To: <cover.1279890832.git.andy.shevchenko@gmail.com>
Signed-off-by: Andy Shevchenko <andy.shevchenko@gmail.com>
---
net/core/pktgen.c | 36 ++++++++++++------------------------
1 files changed, 12 insertions(+), 24 deletions(-)
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index 24a19de..10a1ea7 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -1434,18 +1434,12 @@ static ssize_t pktgen_if_write(struct file *file,
i += len;
for (*m = 0; *v && m < pkt_dev->dst_mac + 6; v++) {
- if (*v >= '0' && *v <= '9') {
- *m *= 16;
- *m += *v - '0';
- }
- if (*v >= 'A' && *v <= 'F') {
- *m *= 16;
- *m += *v - 'A' + 10;
- }
- if (*v >= 'a' && *v <= 'f') {
- *m *= 16;
- *m += *v - 'a' + 10;
- }
+ int value;
+
+ value = hex_to_bin(*v);
+ if (value >= 0)
+ *m = *m * 16 + value;
+
if (*v == ':') {
m++;
*m = 0;
@@ -1476,18 +1470,12 @@ static ssize_t pktgen_if_write(struct file *file,
i += len;
for (*m = 0; *v && m < pkt_dev->src_mac + 6; v++) {
- if (*v >= '0' && *v <= '9') {
- *m *= 16;
- *m += *v - '0';
- }
- if (*v >= 'A' && *v <= 'F') {
- *m *= 16;
- *m += *v - 'A' + 10;
- }
- if (*v >= 'a' && *v <= 'f') {
- *m *= 16;
- *m += *v - 'a' + 10;
- }
+ int value;
+
+ value = hex_to_bin(*v);
+ if (value >= 0)
+ *m = *m * 16 + value;
+
if (*v == ':') {
m++;
*m = 0;
--
1.7.1.1
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox