* Re: [GIT] Networking
From: Colin Walters @ 2011-01-20 22:38 UTC (permalink / raw)
To: Linus Torvalds; +Cc: Eric Dumazet, David Miller, akpm, netdev, linux-kernel
In-Reply-To: <AANLkTikLY1B3=C2TjAbYKVHbub-aPeG2heaUBWRUAg=R@mail.gmail.com>
On Thu, Jan 20, 2011 at 5:21 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Thu, Jan 20, 2011 at 1:40 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>>
>> Then here ask for fd=3 both POLLIN and POLLOUT :
>> kernel answers : OK for POLLOUT (not POLLIN), so previous poll() call
>> was OK to be blocked after all...
>>
>> So I'm wondering if it could be a userland bug, that triggers with
>> recent kernel changes.
>
> As far as I can tell, that program isn't multi-threaded
It is actually; see src/gs-auth-pam.c; there is some pretty scary code
there; basically all of PAM is put in a thread to avoid blocking the
mainloop. Whether the code is actually buggy I can't say immediately;
it's certainly possible.
^ permalink raw reply
* Re: [GIT] Networking
From: Linus Torvalds @ 2011-01-20 22:21 UTC (permalink / raw)
To: Eric Dumazet; +Cc: David Miller, akpm, netdev, linux-kernel
In-Reply-To: <1295559646.2613.35.camel@edumazet-laptop>
On Thu, Jan 20, 2011 at 1:40 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>
> Then here ask for fd=3 both POLLIN and POLLOUT :
> kernel answers : OK for POLLOUT (not POLLIN), so previous poll() call
> was OK to be blocked after all...
>
> So I'm wondering if it could be a userland bug, that triggers with
> recent kernel changes.
As far as I can tell, that program isn't multi-threaded, and it should
not have returned to user land at all (no signal, and a restart). So I
think it's a kernel-only thing - there should have been nothing that
could have changed the poll list in user space. But I didn't really
check the threading status.
I'm trying to bisect it now to figure out more hints.
Linus
^ permalink raw reply
* [PATCH] Fix NULL dereference in rtlwifi driver
From: Jesper Juhl @ 2011-01-20 22:18 UTC (permalink / raw)
To: Larry Finger
Cc: netdev, linux-wireless, linux-kernel, John W. Linville,
Chaoming Li
In drivers/net/wireless/rtlwifi/pci.c::_rtl_pci_rx_interrupt() we call
dev_alloc_skb(), which may fail and return NULL, but we do not check the
returned value against NULL before dereferencing the returned pointer.
This may lead to a NULL pointer dereference which means we'll crash - not
good.
This patch tries to solve the issue by testing for NULL and bailing out if
we couldn't allocate a skb. However, I don't know this code well, so I'm
not sure that jumping to the 'done' label here is the correct action to
take. Someone more knowledgable about this code than me should definately
review it before it is applied anywhere.
While I was in the area I also moved an assignment in
_rtl_pci_init_rx_ring() a bit - if the dev_alloc_skb() call in that
function fails there's no reason to waste clock cycles assigning to the
local variable 'entry', we may as well do that after the NULL check and
potential bail out.
Here's the proposed patch, but please don't take it as much more than a
bug report. If it happens to be correct, then by all means apply it, but
I'm not personally making any guarantees.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
---
pci.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
compile tested only, I don't have the hardware to test for real.
diff --git a/drivers/net/wireless/rtlwifi/pci.c b/drivers/net/wireless/rtlwifi/pci.c
index 0fa36aa..5e99f89 100644
--- a/drivers/net/wireless/rtlwifi/pci.c
+++ b/drivers/net/wireless/rtlwifi/pci.c
@@ -619,6 +619,13 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
struct sk_buff *uskb = NULL;
u8 *pdata;
uskb = dev_alloc_skb(skb->len + 128);
+ if (!uskb) {
+ RT_TRACE(rtlpriv,
+ (COMP_INTR | COMP_RECV),
+ DBG_DMESG,
+ ("can't alloc rx skb\n"));
+ goto done;
+ }
memcpy(IEEE80211_SKB_RXCB(uskb),
&rx_status,
sizeof(rx_status));
@@ -1066,9 +1073,9 @@ static int _rtl_pci_init_rx_ring(struct ieee80211_hw *hw)
struct sk_buff *skb =
dev_alloc_skb(rtlpci->rxbuffersize);
u32 bufferaddress;
- entry = &rtlpci->rx_ring[rx_queue_idx].desc[i];
if (!skb)
return 0;
+ entry = &rtlpci->rx_ring[rx_queue_idx].desc[i];
/*skb->dev = dev; */
--
Jesper Juhl <jj@chaosbits.net> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.
^ permalink raw reply related
* Re: [GIT] Networking
From: Eric Dumazet @ 2011-01-20 21:40 UTC (permalink / raw)
To: Linus Torvalds; +Cc: David Miller, akpm, netdev, linux-kernel
In-Reply-To: <AANLkTin32jUnBtHF-EAkSMnFQM6cTbn-G3NZQJ3xjTWU@mail.gmail.com>
Le jeudi 20 janvier 2011 à 13:12 -0800, Linus Torvalds a écrit :
> ...
> read(3, 0x9806500, 4096) = -1 EAGAIN (Resource
> temporarily unavailable)
> poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12,
> events=POLLIN|POLLPRI}, {fd=14, events=POLLIN|POLLPRI}, {fd=9,
> events=POLLIN|POLLPRI}, {fd=10, events=POLLIN|POLLPRI}, {fd=15,
> events=POLLIN}, {fd=16, events=POLLIN}, {fd=17, events=0}, {fd=19,
> events=POLLIN}], 10, -1) = ? ERESTART_RESTARTBLOCK (To be restarted)
> restart_syscall(
>
Hmm, poll() here on fd=3 only asks events=POLLIN
> and that's it - it's now hung. So why did it work when I straced it
> while hung? And why is it doing that ERESTART_RESTARTBLOCK in the
> first place, I'm not seeing any signals there?
>
> So I tried sending it a useless signal, which will re-animate the
> strace, and now I get:
>
> restart_syscall(<... resuming interrupted call ...>) = 1
> --- SIGWINCH (Window changed) @ 0 (0) ---
> poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
>
Then here ask for fd=3 both POLLIN and POLLOUT :
kernel answers : OK for POLLOUT (not POLLIN), so previous poll() call
was OK to be blocked after all...
So I'm wondering if it could be a userland bug, that triggers with
recent kernel changes.
^ permalink raw reply
* Re: [GIT] Networking
From: Eric Dumazet @ 2011-01-20 21:30 UTC (permalink / raw)
To: Linus Torvalds; +Cc: David Miller, akpm, netdev, linux-kernel
In-Reply-To: <1295558748.2613.28.camel@edumazet-laptop>
Le jeudi 20 janvier 2011 à 22:25 +0100, Eric Dumazet a écrit :
> Do you know the type of socket ? UNIX or INET ?
>
> You could try a revert of 2c6607c611cb7bf0a6750bcea3
> (net: add POLLPRI to sock_def_readable())
>
> But I dont understand how it could hurt...
>
>
>
Another candidate (AF_UNIX side) would be 973a34aa8593dbfe84386343c69
(af_unix: optimize unix_dgram_poll())
Thanks
^ permalink raw reply
* Re: [GIT] Networking
From: Rafael J. Wysocki @ 2011-01-20 21:28 UTC (permalink / raw)
To: Linus Torvalds; +Cc: David Miller, akpm, netdev, linux-kernel, Tejun Heo
In-Reply-To: <AANLkTin32jUnBtHF-EAkSMnFQM6cTbn-G3NZQJ3xjTWU@mail.gmail.com>
On Thursday, January 20, 2011, Linus Torvalds wrote:
> On Wed, Jan 19, 2011 at 6:04 PM, David Miller <davem@davemloft.net> wrote:
> >
> > 1) Revert a netlink flag sanity check that is causing regressions in
> > existing applications.
> ...
>
> This is a long-shot, but I thought I'd ask before I start trying to
> bisect the fourth independent suspend/resume related issue in this
> merge window..
>
> When I suspend/resume while logged in by closing the lid on my laptop
> on FC14, it causes the gnome-screensaver-dialog to start up. So far so
> fine, that's what I want, and it all works fin in 2.6.37.
>
> But in current -git (and in -rc8, so it's not changed by your latest
> pull request), gnome-screensaver-dialog gets stuck after I type in my
> password, making the box basically useless.
>
> So I straced it over the network, and if I attach _when_ it is already
> stuck, it immediately becomes unstuck. But if I attach to it before
> typing my password, I can see the hang in strace, and it looks like
> this:
>
> ...
> read(3, 0x9806500, 4096) = -1 EAGAIN (Resource
> temporarily unavailable)
> poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12,
> events=POLLIN|POLLPRI}, {fd=14, events=POLLIN|POLLPRI}, {fd=9,
> events=POLLIN|POLLPRI}, {fd=10, events=POLLIN|POLLPRI}, {fd=15,
> events=POLLIN}, {fd=16, events=POLLIN}, {fd=17, events=0}, {fd=19,
> events=POLLIN}], 10, -1) = ? ERESTART_RESTARTBLOCK (To be restarted)
> restart_syscall(
>
> and that's it - it's now hung. So why did it work when I straced it
> while hung? And why is it doing that ERESTART_RESTARTBLOCK in the
> first place, I'm not seeing any signals there?
>
> So I tried sending it a useless signal, which will re-animate the
> strace, and now I get:
>
> restart_syscall(<... resuming interrupted call ...>) = 1
> --- SIGWINCH (Window changed) @ 0 (0) ---
> poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
>
> Whee. That signal got it started again, and the poll finished immediately.
>
> And how/why did the input to the poll apparently change? That looks
> suspicious too. Might be some odd strace artifact, but whatever.
>
> So I'm contacting you because that fd=3 is a socket (I didn't check
> details), and because anything I find in the git logs that discusses
> "poll" seems to be network-related. So I'm wondering it this rings any
> bells, because bisecting this is going to be painful as hell (since I
> have to carefully work around all the _other_ problems I've bisected
> on that machine while doing so).
This is a long shot too, but perhaps it's related to
8cfe400 Freezer: Fix a race during freezing of TASK_STOPPED tasks
(adding Tejun to the CC just in case).
Rafael
^ permalink raw reply
* Re: [GIT] Networking
From: Eric Dumazet @ 2011-01-20 21:25 UTC (permalink / raw)
To: Linus Torvalds; +Cc: David Miller, akpm, netdev, linux-kernel
In-Reply-To: <AANLkTin32jUnBtHF-EAkSMnFQM6cTbn-G3NZQJ3xjTWU@mail.gmail.com>
Le jeudi 20 janvier 2011 à 13:12 -0800, Linus Torvalds a écrit :
> On Wed, Jan 19, 2011 at 6:04 PM, David Miller <davem@davemloft.net> wrote:
> >
> > 1) Revert a netlink flag sanity check that is causing regressions in
> > existing applications.
> ...
>
> This is a long-shot, but I thought I'd ask before I start trying to
> bisect the fourth independent suspend/resume related issue in this
> merge window..
>
> When I suspend/resume while logged in by closing the lid on my laptop
> on FC14, it causes the gnome-screensaver-dialog to start up. So far so
> fine, that's what I want, and it all works fin in 2.6.37.
>
> But in current -git (and in -rc8, so it's not changed by your latest
> pull request), gnome-screensaver-dialog gets stuck after I type in my
> password, making the box basically useless.
>
> So I straced it over the network, and if I attach _when_ it is already
> stuck, it immediately becomes unstuck. But if I attach to it before
> typing my password, I can see the hang in strace, and it looks like
> this:
>
> ...
> read(3, 0x9806500, 4096) = -1 EAGAIN (Resource
> temporarily unavailable)
> poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12,
> events=POLLIN|POLLPRI}, {fd=14, events=POLLIN|POLLPRI}, {fd=9,
> events=POLLIN|POLLPRI}, {fd=10, events=POLLIN|POLLPRI}, {fd=15,
> events=POLLIN}, {fd=16, events=POLLIN}, {fd=17, events=0}, {fd=19,
> events=POLLIN}], 10, -1) = ? ERESTART_RESTARTBLOCK (To be restarted)
> restart_syscall(
>
> and that's it - it's now hung. So why did it work when I straced it
> while hung? And why is it doing that ERESTART_RESTARTBLOCK in the
> first place, I'm not seeing any signals there?
>
> So I tried sending it a useless signal, which will re-animate the
> strace, and now I get:
>
> restart_syscall(<... resuming interrupted call ...>) = 1
> --- SIGWINCH (Window changed) @ 0 (0) ---
> poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
>
> Whee. That signal got it started again, and the poll finished immediately.
>
> And how/why did the input to the poll apparently change? That looks
> suspicious too. Might be some odd strace artifact, but whatever.
>
> So I'm contacting you because that fd=3 is a socket (I didn't check
> details), and because anything I find in the git logs that discusses
> "poll" seems to be network-related. So I'm wondering it this rings any
> bells, because bisecting this is going to be painful as hell (since I
> have to carefully work around all the _other_ problems I've bisected
> on that machine while doing so).
>
Do you know the type of socket ? UNIX or INET ?
You could try a revert of 2c6607c611cb7bf0a6750bcea3
(net: add POLLPRI to sock_def_readable())
But I dont understand how it could hurt...
^ permalink raw reply
* Re: [GIT] Networking
From: Linus Torvalds @ 2011-01-20 21:12 UTC (permalink / raw)
To: David Miller; +Cc: akpm, netdev, linux-kernel
In-Reply-To: <20110119.180418.216749267.davem@davemloft.net>
On Wed, Jan 19, 2011 at 6:04 PM, David Miller <davem@davemloft.net> wrote:
>
> 1) Revert a netlink flag sanity check that is causing regressions in
> existing applications.
...
This is a long-shot, but I thought I'd ask before I start trying to
bisect the fourth independent suspend/resume related issue in this
merge window..
When I suspend/resume while logged in by closing the lid on my laptop
on FC14, it causes the gnome-screensaver-dialog to start up. So far so
fine, that's what I want, and it all works fin in 2.6.37.
But in current -git (and in -rc8, so it's not changed by your latest
pull request), gnome-screensaver-dialog gets stuck after I type in my
password, making the box basically useless.
So I straced it over the network, and if I attach _when_ it is already
stuck, it immediately becomes unstuck. But if I attach to it before
typing my password, I can see the hang in strace, and it looks like
this:
...
read(3, 0x9806500, 4096) = -1 EAGAIN (Resource
temporarily unavailable)
poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12,
events=POLLIN|POLLPRI}, {fd=14, events=POLLIN|POLLPRI}, {fd=9,
events=POLLIN|POLLPRI}, {fd=10, events=POLLIN|POLLPRI}, {fd=15,
events=POLLIN}, {fd=16, events=POLLIN}, {fd=17, events=0}, {fd=19,
events=POLLIN}], 10, -1) = ? ERESTART_RESTARTBLOCK (To be restarted)
restart_syscall(
and that's it - it's now hung. So why did it work when I straced it
while hung? And why is it doing that ERESTART_RESTARTBLOCK in the
first place, I'm not seeing any signals there?
So I tried sending it a useless signal, which will re-animate the
strace, and now I get:
restart_syscall(<... resuming interrupted call ...>) = 1
--- SIGWINCH (Window changed) @ 0 (0) ---
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
Whee. That signal got it started again, and the poll finished immediately.
And how/why did the input to the poll apparently change? That looks
suspicious too. Might be some odd strace artifact, but whatever.
So I'm contacting you because that fd=3 is a socket (I didn't check
details), and because anything I find in the git logs that discusses
"poll" seems to be network-related. So I'm wondering it this rings any
bells, because bisecting this is going to be painful as hell (since I
have to carefully work around all the _other_ problems I've bisected
on that machine while doing so).
Linus
^ permalink raw reply
* Re: [Bugme-new] [Bug 27212] New: Warning kmemcheck: Caught 64-bit read from uninitialized memory in netlink_broadcast_filtered
From: Eric Dumazet @ 2011-01-20 20:41 UTC (permalink / raw)
To: Andrew Morton
Cc: netdev, bugzilla-daemon, bugme-daemon, casteyde.christian,
Changli Gao, Vegard Nossum, Pekka Enberg
In-Reply-To: <20110120122549.85863a84.akpm@linux-foundation.org>
Le jeudi 20 janvier 2011 à 12:25 -0800, Andrew Morton a écrit :
> (switched to email. Please respond via emailed reply-to-all, not via the
> bugzilla web interface).
>
> On Thu, 20 Jan 2011 20:08:32 GMT
> bugzilla-daemon@bugzilla.kernel.org wrote:
>
> > https://bugzilla.kernel.org/show_bug.cgi?id=27212
> >
> > Summary: Warning kmemcheck: Caught 64-bit read from
> > uninitialized memory in netlink_broadcast_filtered
> > Product: Other
> > Version: 2.5
> > Kernel Version: 2.6.38-rc1
> > Platform: All
> > OS/Version: Linux
> > Tree: Mainline
> > Status: NEW
> > Severity: normal
> > Priority: P1
> > Component: Other
> > AssignedTo: other_other@kernel-bugs.osdl.org
> > ReportedBy: casteyde.christian@free.fr
> > Regression: Yes
> >
> >
> > Athlon 64 X2 3000 in 64bits
> > Slackware64 13.1
> > Kernel compiled with kmemcheck and other debug options
> >
> > At boot I got the following warning:
> >
> > PCI: Using ACPI for IRQ routing
> > PCI: pci_cache_line_size set to 64 bytes
> > pci 0000:00:00.0: address space collision: [mem 0xe0000000-0xefffffff pref]
> > conflicts with GART [mem 0x
> > e0000000-0xefffffff]
> > reserve RAM buffer: 000000000009fc00 - 000000000009ffff
> > reserve RAM buffer: 000000003ffb0000 - 000000003fffffff
> > WARNING: kmemcheck: Caught 64-bit read from uninitialized memory
> > (ffff88003e170eb0)
> > 0000000000000000010000000000000000000000000000000000000000000000
> > i i i i i i i i i i i i u u u u u u u u u u u u u u u u u u u u
> > ^
> >
> > Pid: 1, comm: swapper Not tainted 2.6.38-rc1 #2 K8 Combo-Z/K8 Combo-Z
> > RIP: 0010:[<ffffffff8127ad72>] [<ffffffff8127ad72>] memmove+0x122/0x1a0
> > RSP: 0018:ffff88003e0b3c60 EFLAGS: 00010202
> > RAX: ffff88003e170080 RBX: ffff88003e27b500 RCX: 0000000000000020
> > RDX: 0000000000000018 RSI: ffff88003e170ea0 RDI: ffff88003e1700a0
> > RBP: ffff88003e0b3c60 R08: 0000000000000001 R09: 0000000000000001
> > R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> > R13: 0000000000000080 R14: 0000000000000000 R15: 0000000000000001
> > FS: 0000000000000000(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000
> > CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> > CR2: ffff88003e018abc CR3: 0000000001a1c000 CR4: 00000000000006f0
> > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
> > [<ffffffff814741c2>] pskb_expand_head+0xc2/0x2a0
> > [<ffffffff81498fa7>] netlink_broadcast_filtered+0xa7/0x4a0
> > [<ffffffff814993b8>] netlink_broadcast+0x18/0x20
> > [<ffffffff8149b884>] genlmsg_mcast+0x144/0x180
> > [<ffffffff8149bc4a>] genl_ctrl_event+0xca/0x450
> > [<ffffffff8149c75d>] genl_register_mc_group+0x10d/0x2a0
> > [<ffffffff81ad9da4>] genl_init+0x6c/0x84
> > [<ffffffff810001de>] do_one_initcall+0x3e/0x170
> > [<ffffffff81aae6ea>] kernel_init+0x197/0x21b
> > [<ffffffff81003254>] kernel_thread_helper+0x4/0x10
> > [<ffffffffffffffff>] 0xffffffffffffffff
> > pnp: PnP ACPI init
> > ACPI: bus type pnp registered
> > pnp 00:00: [bus 00-ff]
> > pnp 00:00: [io 0x0cf8-0x0cff]
> >
> > This is specific to 2.6.38-rc1.
> >
>
Likely a false positive after commit ca44ac38
(net: don't reallocate skb->head unless the current one hasn't the
needed extra size or is shared)
ksize() allows us to use a bit more than what was asked at kmalloc()
time, because of discrete kmem caches sizes.
We probably need to instruct kmemcheck of this.
^ permalink raw reply
* Re: [Bugme-new] [Bug 27212] New: Warning kmemcheck: Caught 64-bit read from uninitialized memory in netlink_broadcast_filtered
From: Andrew Morton @ 2011-01-20 20:25 UTC (permalink / raw)
To: netdev; +Cc: bugzilla-daemon, bugme-daemon, casteyde.christian
In-Reply-To: <bug-27212-10286@https.bugzilla.kernel.org/>
(switched to email. Please respond via emailed reply-to-all, not via the
bugzilla web interface).
On Thu, 20 Jan 2011 20:08:32 GMT
bugzilla-daemon@bugzilla.kernel.org wrote:
> https://bugzilla.kernel.org/show_bug.cgi?id=27212
>
> Summary: Warning kmemcheck: Caught 64-bit read from
> uninitialized memory in netlink_broadcast_filtered
> Product: Other
> Version: 2.5
> Kernel Version: 2.6.38-rc1
> Platform: All
> OS/Version: Linux
> Tree: Mainline
> Status: NEW
> Severity: normal
> Priority: P1
> Component: Other
> AssignedTo: other_other@kernel-bugs.osdl.org
> ReportedBy: casteyde.christian@free.fr
> Regression: Yes
>
>
> Athlon 64 X2 3000 in 64bits
> Slackware64 13.1
> Kernel compiled with kmemcheck and other debug options
>
> At boot I got the following warning:
>
> PCI: Using ACPI for IRQ routing
> PCI: pci_cache_line_size set to 64 bytes
> pci 0000:00:00.0: address space collision: [mem 0xe0000000-0xefffffff pref]
> conflicts with GART [mem 0x
> e0000000-0xefffffff]
> reserve RAM buffer: 000000000009fc00 - 000000000009ffff
> reserve RAM buffer: 000000003ffb0000 - 000000003fffffff
> WARNING: kmemcheck: Caught 64-bit read from uninitialized memory
> (ffff88003e170eb0)
> 0000000000000000010000000000000000000000000000000000000000000000
> i i i i i i i i i i i i u u u u u u u u u u u u u u u u u u u u
> ^
>
> Pid: 1, comm: swapper Not tainted 2.6.38-rc1 #2 K8 Combo-Z/K8 Combo-Z
> RIP: 0010:[<ffffffff8127ad72>] [<ffffffff8127ad72>] memmove+0x122/0x1a0
> RSP: 0018:ffff88003e0b3c60 EFLAGS: 00010202
> RAX: ffff88003e170080 RBX: ffff88003e27b500 RCX: 0000000000000020
> RDX: 0000000000000018 RSI: ffff88003e170ea0 RDI: ffff88003e1700a0
> RBP: ffff88003e0b3c60 R08: 0000000000000001 R09: 0000000000000001
> R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> R13: 0000000000000080 R14: 0000000000000000 R15: 0000000000000001
> FS: 0000000000000000(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: ffff88003e018abc CR3: 0000000001a1c000 CR4: 00000000000006f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
> [<ffffffff814741c2>] pskb_expand_head+0xc2/0x2a0
> [<ffffffff81498fa7>] netlink_broadcast_filtered+0xa7/0x4a0
> [<ffffffff814993b8>] netlink_broadcast+0x18/0x20
> [<ffffffff8149b884>] genlmsg_mcast+0x144/0x180
> [<ffffffff8149bc4a>] genl_ctrl_event+0xca/0x450
> [<ffffffff8149c75d>] genl_register_mc_group+0x10d/0x2a0
> [<ffffffff81ad9da4>] genl_init+0x6c/0x84
> [<ffffffff810001de>] do_one_initcall+0x3e/0x170
> [<ffffffff81aae6ea>] kernel_init+0x197/0x21b
> [<ffffffff81003254>] kernel_thread_helper+0x4/0x10
> [<ffffffffffffffff>] 0xffffffffffffffff
> pnp: PnP ACPI init
> ACPI: bus type pnp registered
> pnp 00:00: [bus 00-ff]
> pnp 00:00: [io 0x0cf8-0x0cff]
>
> This is specific to 2.6.38-rc1.
>
^ permalink raw reply
* [PATCH 7/7] netfilter: add a missing include in nf_conntrack_reasm.c
From: kaber @ 2011-01-20 20:22 UTC (permalink / raw)
To: davem
Cc: netfilter-devel, netdev, Eric Dumazet, KOVACS Krisztian,
Patrick McHardy
In-Reply-To: <1295554966-5263-1-git-send-email-kaber@trash.net>
From: Eric Dumazet <eric.dumazet@gmail.com>
After commit ae90bdeaeac6b (netfilter: fix compilation when conntrack is
disabled but tproxy is enabled) we have following warnings :
net/ipv6/netfilter/nf_conntrack_reasm.c:520:16: warning: symbol
'nf_ct_frag6_gather' was not declared. Should it be static?
net/ipv6/netfilter/nf_conntrack_reasm.c:591:6: warning: symbol
'nf_ct_frag6_output' was not declared. Should it be static?
net/ipv6/netfilter/nf_conntrack_reasm.c:612:5: warning: symbol
'nf_ct_frag6_init' was not declared. Should it be static?
net/ipv6/netfilter/nf_conntrack_reasm.c:640:6: warning: symbol
'nf_ct_frag6_cleanup' was not declared. Should it be static?
Fix this including net/netfilter/ipv6/nf_defrag_ipv6.h
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: KOVACS Krisztian <hidden@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
net/ipv6/netfilter/nf_conntrack_reasm.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 66e003e..0857272 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -45,6 +45,7 @@
#include <linux/netfilter_ipv6.h>
#include <linux/kernel.h>
#include <linux/module.h>
+#include <net/netfilter/ipv6/nf_defrag_ipv6.h>
struct nf_ct_frag6_skb_cb
--
1.7.3.4
^ permalink raw reply related
* [PATCH 2/7] netfilter: do not omit re-route check on NF_QUEUE verdict
From: kaber @ 2011-01-20 20:22 UTC (permalink / raw)
To: davem; +Cc: netfilter-devel, netdev, Florian Westphal, Patrick McHardy
In-Reply-To: <1295554966-5263-1-git-send-email-kaber@trash.net>
From: Florian Westphal <fw@strlen.de>
ret != NF_QUEUE only works in the "--queue-num 0" case; for
queues > 0 the test should be '(ret & NF_VERDICT_MASK) != NF_QUEUE'.
However, NF_QUEUE no longer DROPs the skb unconditionally if queueing
fails (due to NF_VERDICT_FLAG_QUEUE_BYPASS verdict flag), so the
re-route test should also be performed if this flag is set in the
verdict.
The full test would then look something like
&& ((ret & NF_VERDICT_MASK) == NF_QUEUE && (ret & NF_VERDICT_FLAG_QUEUE_BYPASS))
This is rather ugly, so just remove the NF_QUEUE test altogether.
The only effect is that we might perform an unnecessary route lookup
in the NF_QUEUE case.
ip6table_mangle did not have such a check.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
net/ipv4/netfilter/iptable_mangle.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 294a2a3..aef5d1f 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -60,7 +60,7 @@ ipt_mangle_out(struct sk_buff *skb, const struct net_device *out)
ret = ipt_do_table(skb, NF_INET_LOCAL_OUT, NULL, out,
dev_net(out)->ipv4.iptable_mangle);
/* Reroute for ANY change. */
- if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) {
+ if (ret != NF_DROP && ret != NF_STOLEN) {
iph = ip_hdr(skb);
if (iph->saddr != saddr ||
--
1.7.3.4
^ permalink raw reply related
* [PATCH 1/7] netfilter: xtables: connlimit revision 1
From: kaber @ 2011-01-20 20:22 UTC (permalink / raw)
To: davem; +Cc: netfilter-devel, netdev, Jan Engelhardt
In-Reply-To: <1295554966-5263-1-git-send-email-kaber@trash.net>
From: Jan Engelhardt <jengelh@medozas.de>
This adds destination address-based selection. The old "inverse"
member is overloaded (memory-wise) with a new "flags" variable,
similar to how J.Park did it with xt_string rev 1. Since revision 0
userspace only sets flag 0x1, no great changes are made to explicitly
test for different revisions.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
Documentation/feature-removal-schedule.txt | 7 ++++
include/linux/netfilter/xt_connlimit.h | 12 +++++++
net/netfilter/xt_connlimit.c | 44 +++++++++++++++++++---------
3 files changed, 49 insertions(+), 14 deletions(-)
diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt
index 22f1081..45cc804 100644
--- a/Documentation/feature-removal-schedule.txt
+++ b/Documentation/feature-removal-schedule.txt
@@ -576,3 +576,10 @@ Why: The functions have been superceded by cancel_delayed_work_sync()
Who: Tejun Heo <tj@kernel.org>
----------------------------
+
+What: xt_connlimit rev 0
+When: 2012
+Who: Jan Engelhardt <jengelh@medozas.de>
+Files: net/netfilter/xt_connlimit.c
+
+----------------------------
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index 7e3284b..8884efc 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -3,6 +3,11 @@
struct xt_connlimit_data;
+enum {
+ XT_CONNLIMIT_INVERT = 1 << 0,
+ XT_CONNLIMIT_DADDR = 1 << 1,
+};
+
struct xt_connlimit_info {
union {
union nf_inet_addr mask;
@@ -14,6 +19,13 @@ struct xt_connlimit_info {
#endif
};
unsigned int limit, inverse;
+ union {
+ /* revision 0 */
+ unsigned int inverse;
+
+ /* revision 1 */
+ __u32 flags;
+ };
/* Used internally by the kernel */
struct xt_connlimit_data *data __attribute__((aligned(8)));
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index 452bc16..7fd3fd5 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -193,10 +193,12 @@ connlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)
if (par->family == NFPROTO_IPV6) {
const struct ipv6hdr *iph = ipv6_hdr(skb);
- memcpy(&addr.ip6, &iph->saddr, sizeof(iph->saddr));
+ memcpy(&addr.ip6, (info->flags & XT_CONNLIMIT_DADDR) ?
+ &iph->daddr : &iph->saddr, sizeof(addr.ip6));
} else {
const struct iphdr *iph = ip_hdr(skb);
- addr.ip = iph->saddr;
+ addr.ip = (info->flags & XT_CONNLIMIT_DADDR) ?
+ iph->daddr : iph->saddr;
}
spin_lock_bh(&info->data->lock);
@@ -208,7 +210,8 @@ connlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)
/* kmalloc failed, drop it entirely */
goto hotdrop;
- return (connections > info->limit) ^ info->inverse;
+ return (connections > info->limit) ^
+ !!(info->flags & XT_CONNLIMIT_INVERT);
hotdrop:
par->hotdrop = true;
@@ -266,25 +269,38 @@ static void connlimit_mt_destroy(const struct xt_mtdtor_param *par)
kfree(info->data);
}
-static struct xt_match connlimit_mt_reg __read_mostly = {
- .name = "connlimit",
- .revision = 0,
- .family = NFPROTO_UNSPEC,
- .checkentry = connlimit_mt_check,
- .match = connlimit_mt,
- .matchsize = sizeof(struct xt_connlimit_info),
- .destroy = connlimit_mt_destroy,
- .me = THIS_MODULE,
+static struct xt_match connlimit_mt_reg[] __read_mostly = {
+ {
+ .name = "connlimit",
+ .revision = 0,
+ .family = NFPROTO_UNSPEC,
+ .checkentry = connlimit_mt_check,
+ .match = connlimit_mt,
+ .matchsize = sizeof(struct xt_connlimit_info),
+ .destroy = connlimit_mt_destroy,
+ .me = THIS_MODULE,
+ },
+ {
+ .name = "connlimit",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .checkentry = connlimit_mt_check,
+ .match = connlimit_mt,
+ .matchsize = sizeof(struct xt_connlimit_info),
+ .destroy = connlimit_mt_destroy,
+ .me = THIS_MODULE,
+ },
};
static int __init connlimit_mt_init(void)
{
- return xt_register_match(&connlimit_mt_reg);
+ return xt_register_matches(connlimit_mt_reg,
+ ARRAY_SIZE(connlimit_mt_reg));
}
static void __exit connlimit_mt_exit(void)
{
- xt_unregister_match(&connlimit_mt_reg);
+ xt_unregister_matches(connlimit_mt_reg, ARRAY_SIZE(connlimit_mt_reg));
}
module_init(connlimit_mt_init);
--
1.7.3.4
^ permalink raw reply related
* [PATCH 6/7] netfilter: nf_conntrack: fix linker error with NF_CONNTRACK_TIMESTAMP=n
From: kaber @ 2011-01-20 20:22 UTC (permalink / raw)
To: davem; +Cc: netfilter-devel, netdev, Patrick McHardy
In-Reply-To: <1295554966-5263-1-git-send-email-kaber@trash.net>
From: Patrick McHardy <kaber@trash.net>
net/built-in.o: In function `nf_conntrack_init_net':
net/netfilter/nf_conntrack_core.c:1521:
undefined reference to `nf_conntrack_tstamp_init'
net/netfilter/nf_conntrack_core.c:1531:
undefined reference to `nf_conntrack_tstamp_fini'
Add dummy inline functions for the =n case to fix this.
Reported-by: John Fastabend <john.r.fastabend@intel.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
include/net/netfilter/nf_conntrack_timestamp.h | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/include/net/netfilter/nf_conntrack_timestamp.h b/include/net/netfilter/nf_conntrack_timestamp.h
index f17dcb6..fc9c82b 100644
--- a/include/net/netfilter/nf_conntrack_timestamp.h
+++ b/include/net/netfilter/nf_conntrack_timestamp.h
@@ -47,7 +47,19 @@ static inline void nf_ct_set_tstamp(struct net *net, bool enable)
net->ct.sysctl_tstamp = enable;
}
+#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP
extern int nf_conntrack_tstamp_init(struct net *net);
extern void nf_conntrack_tstamp_fini(struct net *net);
+#else
+static inline int nf_conntrack_tstamp_init(struct net *net)
+{
+ return 0;
+}
+
+static inline void nf_conntrack_tstamp_fini(struct net *net)
+{
+ return;
+}
+#endif /* CONFIG_NF_CONNTRACK_TIMESTAMP */
#endif /* _NF_CONNTRACK_TSTAMP_H */
--
1.7.3.4
^ permalink raw reply related
* [PATCH 5/7] netfilter: xtables: add missing header inclusions for headers_check
From: kaber @ 2011-01-20 20:22 UTC (permalink / raw)
To: davem; +Cc: netfilter-devel, netdev, Jan Engelhardt
In-Reply-To: <1295554966-5263-1-git-send-email-kaber@trash.net>
From: Jan Engelhardt <jengelh@medozas.de>
Resolve these warnings on `make headers_check`:
usr/include/linux/netfilter/xt_CT.h:7: found __[us]{8,16,32,64} type
without #include <linux/types.h>
...
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
include/linux/netfilter/xt_CT.h | 2 ++
include/linux/netfilter/xt_TCPOPTSTRIP.h | 2 ++
include/linux/netfilter/xt_TPROXY.h | 2 ++
include/linux/netfilter/xt_cluster.h | 2 ++
include/linux/netfilter/xt_connlimit.h | 2 ++
include/linux/netfilter/xt_quota.h | 2 ++
include/linux/netfilter/xt_socket.h | 2 ++
include/linux/netfilter/xt_time.h | 2 ++
include/linux/netfilter/xt_u32.h | 2 ++
include/linux/netfilter_bridge/ebt_802_3.h | 2 ++
include/linux/netfilter_bridge/ebt_among.h | 2 ++
include/linux/netfilter_bridge/ebt_arp.h | 2 ++
include/linux/netfilter_bridge/ebt_ip.h | 2 ++
include/linux/netfilter_bridge/ebt_ip6.h | 2 ++
include/linux/netfilter_bridge/ebt_limit.h | 2 ++
include/linux/netfilter_bridge/ebt_log.h | 2 ++
include/linux/netfilter_bridge/ebt_mark_m.h | 2 ++
include/linux/netfilter_bridge/ebt_nflog.h | 2 ++
include/linux/netfilter_bridge/ebt_pkttype.h | 2 ++
include/linux/netfilter_bridge/ebt_stp.h | 2 ++
include/linux/netfilter_bridge/ebt_ulog.h | 2 ++
include/linux/netfilter_bridge/ebt_vlan.h | 2 ++
include/linux/netfilter_ipv4/ipt_CLUSTERIP.h | 2 ++
include/linux/netfilter_ipv4/ipt_ECN.h | 2 ++
include/linux/netfilter_ipv4/ipt_SAME.h | 2 ++
include/linux/netfilter_ipv4/ipt_TTL.h | 2 ++
include/linux/netfilter_ipv4/ipt_addrtype.h | 2 ++
include/linux/netfilter_ipv4/ipt_ah.h | 2 ++
include/linux/netfilter_ipv4/ipt_ecn.h | 2 ++
include/linux/netfilter_ipv4/ipt_ttl.h | 2 ++
include/linux/netfilter_ipv6/ip6t_HL.h | 2 ++
include/linux/netfilter_ipv6/ip6t_REJECT.h | 2 ++
include/linux/netfilter_ipv6/ip6t_ah.h | 2 ++
include/linux/netfilter_ipv6/ip6t_frag.h | 2 ++
include/linux/netfilter_ipv6/ip6t_hl.h | 2 ++
| 2 ++
include/linux/netfilter_ipv6/ip6t_mh.h | 2 ++
include/linux/netfilter_ipv6/ip6t_opts.h | 2 ++
include/linux/netfilter_ipv6/ip6t_rt.h | 1 +
39 files changed, 77 insertions(+), 0 deletions(-)
diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h
index fbf4c56..b56e768 100644
--- a/include/linux/netfilter/xt_CT.h
+++ b/include/linux/netfilter/xt_CT.h
@@ -1,6 +1,8 @@
#ifndef _XT_CT_H
#define _XT_CT_H
+#include <linux/types.h>
+
#define XT_CT_NOTRACK 0x1
struct xt_ct_target_info {
diff --git a/include/linux/netfilter/xt_TCPOPTSTRIP.h b/include/linux/netfilter/xt_TCPOPTSTRIP.h
index 342ef14..7157318 100644
--- a/include/linux/netfilter/xt_TCPOPTSTRIP.h
+++ b/include/linux/netfilter/xt_TCPOPTSTRIP.h
@@ -1,6 +1,8 @@
#ifndef _XT_TCPOPTSTRIP_H
#define _XT_TCPOPTSTRIP_H
+#include <linux/types.h>
+
#define tcpoptstrip_set_bit(bmap, idx) \
(bmap[(idx) >> 5] |= 1U << (idx & 31))
#define tcpoptstrip_test_bit(bmap, idx) \
diff --git a/include/linux/netfilter/xt_TPROXY.h b/include/linux/netfilter/xt_TPROXY.h
index 8097e0b..902043c 100644
--- a/include/linux/netfilter/xt_TPROXY.h
+++ b/include/linux/netfilter/xt_TPROXY.h
@@ -1,6 +1,8 @@
#ifndef _XT_TPROXY_H
#define _XT_TPROXY_H
+#include <linux/types.h>
+
/* TPROXY target is capable of marking the packet to perform
* redirection. We can get rid of that whenever we get support for
* mutliple targets in the same rule. */
diff --git a/include/linux/netfilter/xt_cluster.h b/include/linux/netfilter/xt_cluster.h
index 66cfa3c..9b883c8 100644
--- a/include/linux/netfilter/xt_cluster.h
+++ b/include/linux/netfilter/xt_cluster.h
@@ -1,6 +1,8 @@
#ifndef _XT_CLUSTER_MATCH_H
#define _XT_CLUSTER_MATCH_H
+#include <linux/types.h>
+
enum xt_cluster_flags {
XT_CLUSTER_F_INV = (1 << 0)
};
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index ab1d3b5..0ca66e9 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -1,6 +1,8 @@
#ifndef _XT_CONNLIMIT_H
#define _XT_CONNLIMIT_H
+#include <linux/types.h>
+
struct xt_connlimit_data;
enum {
diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h
index 8bda65f..ca6e03e 100644
--- a/include/linux/netfilter/xt_quota.h
+++ b/include/linux/netfilter/xt_quota.h
@@ -1,6 +1,8 @@
#ifndef _XT_QUOTA_H
#define _XT_QUOTA_H
+#include <linux/types.h>
+
enum xt_quota_flags {
XT_QUOTA_INVERT = 0x1,
};
diff --git a/include/linux/netfilter/xt_socket.h b/include/linux/netfilter/xt_socket.h
index 6f475b8..26d7217 100644
--- a/include/linux/netfilter/xt_socket.h
+++ b/include/linux/netfilter/xt_socket.h
@@ -1,6 +1,8 @@
#ifndef _XT_SOCKET_H
#define _XT_SOCKET_H
+#include <linux/types.h>
+
enum {
XT_SOCKET_TRANSPARENT = 1 << 0,
};
diff --git a/include/linux/netfilter/xt_time.h b/include/linux/netfilter/xt_time.h
index b8bd456..7c37fac 100644
--- a/include/linux/netfilter/xt_time.h
+++ b/include/linux/netfilter/xt_time.h
@@ -1,6 +1,8 @@
#ifndef _XT_TIME_H
#define _XT_TIME_H 1
+#include <linux/types.h>
+
struct xt_time_info {
__u32 date_start;
__u32 date_stop;
diff --git a/include/linux/netfilter/xt_u32.h b/include/linux/netfilter/xt_u32.h
index e8c3d87..04d1bfe 100644
--- a/include/linux/netfilter/xt_u32.h
+++ b/include/linux/netfilter/xt_u32.h
@@ -1,6 +1,8 @@
#ifndef _XT_U32_H
#define _XT_U32_H 1
+#include <linux/types.h>
+
enum xt_u32_ops {
XT_U32_AND,
XT_U32_LEFTSH,
diff --git a/include/linux/netfilter_bridge/ebt_802_3.h b/include/linux/netfilter_bridge/ebt_802_3.h
index c427764..be5be15 100644
--- a/include/linux/netfilter_bridge/ebt_802_3.h
+++ b/include/linux/netfilter_bridge/ebt_802_3.h
@@ -1,6 +1,8 @@
#ifndef __LINUX_BRIDGE_EBT_802_3_H
#define __LINUX_BRIDGE_EBT_802_3_H
+#include <linux/types.h>
+
#define EBT_802_3_SAP 0x01
#define EBT_802_3_TYPE 0x02
diff --git a/include/linux/netfilter_bridge/ebt_among.h b/include/linux/netfilter_bridge/ebt_among.h
index 686c961..bd4e3ad 100644
--- a/include/linux/netfilter_bridge/ebt_among.h
+++ b/include/linux/netfilter_bridge/ebt_among.h
@@ -1,6 +1,8 @@
#ifndef __LINUX_BRIDGE_EBT_AMONG_H
#define __LINUX_BRIDGE_EBT_AMONG_H
+#include <linux/types.h>
+
#define EBT_AMONG_DST 0x01
#define EBT_AMONG_SRC 0x02
diff --git a/include/linux/netfilter_bridge/ebt_arp.h b/include/linux/netfilter_bridge/ebt_arp.h
index e62b5af..522f3e4 100644
--- a/include/linux/netfilter_bridge/ebt_arp.h
+++ b/include/linux/netfilter_bridge/ebt_arp.h
@@ -1,6 +1,8 @@
#ifndef __LINUX_BRIDGE_EBT_ARP_H
#define __LINUX_BRIDGE_EBT_ARP_H
+#include <linux/types.h>
+
#define EBT_ARP_OPCODE 0x01
#define EBT_ARP_HTYPE 0x02
#define EBT_ARP_PTYPE 0x04
diff --git a/include/linux/netfilter_bridge/ebt_ip.h b/include/linux/netfilter_bridge/ebt_ip.h
index d99de58..c4bbc41 100644
--- a/include/linux/netfilter_bridge/ebt_ip.h
+++ b/include/linux/netfilter_bridge/ebt_ip.h
@@ -15,6 +15,8 @@
#ifndef __LINUX_BRIDGE_EBT_IP_H
#define __LINUX_BRIDGE_EBT_IP_H
+#include <linux/types.h>
+
#define EBT_IP_SOURCE 0x01
#define EBT_IP_DEST 0x02
#define EBT_IP_TOS 0x04
diff --git a/include/linux/netfilter_bridge/ebt_ip6.h b/include/linux/netfilter_bridge/ebt_ip6.h
index 998e9d5..42b8896 100644
--- a/include/linux/netfilter_bridge/ebt_ip6.h
+++ b/include/linux/netfilter_bridge/ebt_ip6.h
@@ -12,6 +12,8 @@
#ifndef __LINUX_BRIDGE_EBT_IP6_H
#define __LINUX_BRIDGE_EBT_IP6_H
+#include <linux/types.h>
+
#define EBT_IP6_SOURCE 0x01
#define EBT_IP6_DEST 0x02
#define EBT_IP6_TCLASS 0x04
diff --git a/include/linux/netfilter_bridge/ebt_limit.h b/include/linux/netfilter_bridge/ebt_limit.h
index 721d51f..66d80b3 100644
--- a/include/linux/netfilter_bridge/ebt_limit.h
+++ b/include/linux/netfilter_bridge/ebt_limit.h
@@ -1,6 +1,8 @@
#ifndef __LINUX_BRIDGE_EBT_LIMIT_H
#define __LINUX_BRIDGE_EBT_LIMIT_H
+#include <linux/types.h>
+
#define EBT_LIMIT_MATCH "limit"
/* timings are in milliseconds. */
diff --git a/include/linux/netfilter_bridge/ebt_log.h b/include/linux/netfilter_bridge/ebt_log.h
index 564beb4..7e7f1d1 100644
--- a/include/linux/netfilter_bridge/ebt_log.h
+++ b/include/linux/netfilter_bridge/ebt_log.h
@@ -1,6 +1,8 @@
#ifndef __LINUX_BRIDGE_EBT_LOG_H
#define __LINUX_BRIDGE_EBT_LOG_H
+#include <linux/types.h>
+
#define EBT_LOG_IP 0x01 /* if the frame is made by ip, log the ip information */
#define EBT_LOG_ARP 0x02
#define EBT_LOG_NFLOG 0x04
diff --git a/include/linux/netfilter_bridge/ebt_mark_m.h b/include/linux/netfilter_bridge/ebt_mark_m.h
index 97b96c4..410f9e5 100644
--- a/include/linux/netfilter_bridge/ebt_mark_m.h
+++ b/include/linux/netfilter_bridge/ebt_mark_m.h
@@ -1,6 +1,8 @@
#ifndef __LINUX_BRIDGE_EBT_MARK_M_H
#define __LINUX_BRIDGE_EBT_MARK_M_H
+#include <linux/types.h>
+
#define EBT_MARK_AND 0x01
#define EBT_MARK_OR 0x02
#define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR)
diff --git a/include/linux/netfilter_bridge/ebt_nflog.h b/include/linux/netfilter_bridge/ebt_nflog.h
index 477315b..df829fc 100644
--- a/include/linux/netfilter_bridge/ebt_nflog.h
+++ b/include/linux/netfilter_bridge/ebt_nflog.h
@@ -1,6 +1,8 @@
#ifndef __LINUX_BRIDGE_EBT_NFLOG_H
#define __LINUX_BRIDGE_EBT_NFLOG_H
+#include <linux/types.h>
+
#define EBT_NFLOG_MASK 0x0
#define EBT_NFLOG_PREFIX_SIZE 64
diff --git a/include/linux/netfilter_bridge/ebt_pkttype.h b/include/linux/netfilter_bridge/ebt_pkttype.h
index 7c0fb0f..c241bad 100644
--- a/include/linux/netfilter_bridge/ebt_pkttype.h
+++ b/include/linux/netfilter_bridge/ebt_pkttype.h
@@ -1,6 +1,8 @@
#ifndef __LINUX_BRIDGE_EBT_PKTTYPE_H
#define __LINUX_BRIDGE_EBT_PKTTYPE_H
+#include <linux/types.h>
+
struct ebt_pkttype_info {
__u8 pkt_type;
__u8 invert;
diff --git a/include/linux/netfilter_bridge/ebt_stp.h b/include/linux/netfilter_bridge/ebt_stp.h
index 13a0bd4..1025b9f 100644
--- a/include/linux/netfilter_bridge/ebt_stp.h
+++ b/include/linux/netfilter_bridge/ebt_stp.h
@@ -1,6 +1,8 @@
#ifndef __LINUX_BRIDGE_EBT_STP_H
#define __LINUX_BRIDGE_EBT_STP_H
+#include <linux/types.h>
+
#define EBT_STP_TYPE 0x0001
#define EBT_STP_FLAGS 0x0002
diff --git a/include/linux/netfilter_bridge/ebt_ulog.h b/include/linux/netfilter_bridge/ebt_ulog.h
index de35a51..89a6bec 100644
--- a/include/linux/netfilter_bridge/ebt_ulog.h
+++ b/include/linux/netfilter_bridge/ebt_ulog.h
@@ -1,6 +1,8 @@
#ifndef _EBT_ULOG_H
#define _EBT_ULOG_H
+#include <linux/types.h>
+
#define EBT_ULOG_DEFAULT_NLGROUP 0
#define EBT_ULOG_DEFAULT_QTHRESHOLD 1
#define EBT_ULOG_MAXNLGROUPS 32 /* hardcoded netlink max */
diff --git a/include/linux/netfilter_bridge/ebt_vlan.h b/include/linux/netfilter_bridge/ebt_vlan.h
index 48dffc1..967d1d5 100644
--- a/include/linux/netfilter_bridge/ebt_vlan.h
+++ b/include/linux/netfilter_bridge/ebt_vlan.h
@@ -1,6 +1,8 @@
#ifndef __LINUX_BRIDGE_EBT_VLAN_H
#define __LINUX_BRIDGE_EBT_VLAN_H
+#include <linux/types.h>
+
#define EBT_VLAN_ID 0x01
#define EBT_VLAN_PRIO 0x02
#define EBT_VLAN_ENCAP 0x04
diff --git a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
index 3114f06..c6a204c 100644
--- a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
+++ b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
@@ -1,6 +1,8 @@
#ifndef _IPT_CLUSTERIP_H_target
#define _IPT_CLUSTERIP_H_target
+#include <linux/types.h>
+
enum clusterip_hashmode {
CLUSTERIP_HASHMODE_SIP = 0,
CLUSTERIP_HASHMODE_SIP_SPT,
diff --git a/include/linux/netfilter_ipv4/ipt_ECN.h b/include/linux/netfilter_ipv4/ipt_ECN.h
index c6e3e01..bb88d53 100644
--- a/include/linux/netfilter_ipv4/ipt_ECN.h
+++ b/include/linux/netfilter_ipv4/ipt_ECN.h
@@ -8,6 +8,8 @@
*/
#ifndef _IPT_ECN_TARGET_H
#define _IPT_ECN_TARGET_H
+
+#include <linux/types.h>
#include <linux/netfilter/xt_DSCP.h>
#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
diff --git a/include/linux/netfilter_ipv4/ipt_SAME.h b/include/linux/netfilter_ipv4/ipt_SAME.h
index fa0ebec..5bca782 100644
--- a/include/linux/netfilter_ipv4/ipt_SAME.h
+++ b/include/linux/netfilter_ipv4/ipt_SAME.h
@@ -1,6 +1,8 @@
#ifndef _IPT_SAME_H
#define _IPT_SAME_H
+#include <linux/types.h>
+
#define IPT_SAME_MAX_RANGE 10
#define IPT_SAME_NODST 0x01
diff --git a/include/linux/netfilter_ipv4/ipt_TTL.h b/include/linux/netfilter_ipv4/ipt_TTL.h
index f6250e4..f6ac169 100644
--- a/include/linux/netfilter_ipv4/ipt_TTL.h
+++ b/include/linux/netfilter_ipv4/ipt_TTL.h
@@ -4,6 +4,8 @@
#ifndef _IPT_TTL_H
#define _IPT_TTL_H
+#include <linux/types.h>
+
enum {
IPT_TTL_SET = 0,
IPT_TTL_INC,
diff --git a/include/linux/netfilter_ipv4/ipt_addrtype.h b/include/linux/netfilter_ipv4/ipt_addrtype.h
index f29c3cf..0da4223 100644
--- a/include/linux/netfilter_ipv4/ipt_addrtype.h
+++ b/include/linux/netfilter_ipv4/ipt_addrtype.h
@@ -1,6 +1,8 @@
#ifndef _IPT_ADDRTYPE_H
#define _IPT_ADDRTYPE_H
+#include <linux/types.h>
+
enum {
IPT_ADDRTYPE_INVERT_SOURCE = 0x0001,
IPT_ADDRTYPE_INVERT_DEST = 0x0002,
diff --git a/include/linux/netfilter_ipv4/ipt_ah.h b/include/linux/netfilter_ipv4/ipt_ah.h
index 8fea283..4e02bb0 100644
--- a/include/linux/netfilter_ipv4/ipt_ah.h
+++ b/include/linux/netfilter_ipv4/ipt_ah.h
@@ -1,6 +1,8 @@
#ifndef _IPT_AH_H
#define _IPT_AH_H
+#include <linux/types.h>
+
struct ipt_ah {
__u32 spis[2]; /* Security Parameter Index */
__u8 invflags; /* Inverse flags */
diff --git a/include/linux/netfilter_ipv4/ipt_ecn.h b/include/linux/netfilter_ipv4/ipt_ecn.h
index 78b98aa..eabf95f 100644
--- a/include/linux/netfilter_ipv4/ipt_ecn.h
+++ b/include/linux/netfilter_ipv4/ipt_ecn.h
@@ -8,6 +8,8 @@
*/
#ifndef _IPT_ECN_H
#define _IPT_ECN_H
+
+#include <linux/types.h>
#include <linux/netfilter/xt_dscp.h>
#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
diff --git a/include/linux/netfilter_ipv4/ipt_ttl.h b/include/linux/netfilter_ipv4/ipt_ttl.h
index 93d9a06..37bee44 100644
--- a/include/linux/netfilter_ipv4/ipt_ttl.h
+++ b/include/linux/netfilter_ipv4/ipt_ttl.h
@@ -4,6 +4,8 @@
#ifndef _IPT_TTL_H
#define _IPT_TTL_H
+#include <linux/types.h>
+
enum {
IPT_TTL_EQ = 0, /* equals */
IPT_TTL_NE, /* not equals */
diff --git a/include/linux/netfilter_ipv6/ip6t_HL.h b/include/linux/netfilter_ipv6/ip6t_HL.h
index 81cdaf0..ebd8ead 100644
--- a/include/linux/netfilter_ipv6/ip6t_HL.h
+++ b/include/linux/netfilter_ipv6/ip6t_HL.h
@@ -5,6 +5,8 @@
#ifndef _IP6T_HL_H
#define _IP6T_HL_H
+#include <linux/types.h>
+
enum {
IP6T_HL_SET = 0,
IP6T_HL_INC,
diff --git a/include/linux/netfilter_ipv6/ip6t_REJECT.h b/include/linux/netfilter_ipv6/ip6t_REJECT.h
index b999aa4..205ed62 100644
--- a/include/linux/netfilter_ipv6/ip6t_REJECT.h
+++ b/include/linux/netfilter_ipv6/ip6t_REJECT.h
@@ -1,6 +1,8 @@
#ifndef _IP6T_REJECT_H
#define _IP6T_REJECT_H
+#include <linux/types.h>
+
enum ip6t_reject_with {
IP6T_ICMP6_NO_ROUTE,
IP6T_ICMP6_ADM_PROHIBITED,
diff --git a/include/linux/netfilter_ipv6/ip6t_ah.h b/include/linux/netfilter_ipv6/ip6t_ah.h
index a602c16..5da2b65 100644
--- a/include/linux/netfilter_ipv6/ip6t_ah.h
+++ b/include/linux/netfilter_ipv6/ip6t_ah.h
@@ -1,6 +1,8 @@
#ifndef _IP6T_AH_H
#define _IP6T_AH_H
+#include <linux/types.h>
+
struct ip6t_ah {
__u32 spis[2]; /* Security Parameter Index */
__u32 hdrlen; /* Header Length */
diff --git a/include/linux/netfilter_ipv6/ip6t_frag.h b/include/linux/netfilter_ipv6/ip6t_frag.h
index 538b31e..b47f61b 100644
--- a/include/linux/netfilter_ipv6/ip6t_frag.h
+++ b/include/linux/netfilter_ipv6/ip6t_frag.h
@@ -1,6 +1,8 @@
#ifndef _IP6T_FRAG_H
#define _IP6T_FRAG_H
+#include <linux/types.h>
+
struct ip6t_frag {
__u32 ids[2]; /* Security Parameter Index */
__u32 hdrlen; /* Header Length */
diff --git a/include/linux/netfilter_ipv6/ip6t_hl.h b/include/linux/netfilter_ipv6/ip6t_hl.h
index c6fddcb..6e76dbc 100644
--- a/include/linux/netfilter_ipv6/ip6t_hl.h
+++ b/include/linux/netfilter_ipv6/ip6t_hl.h
@@ -5,6 +5,8 @@
#ifndef _IP6T_HL_H
#define _IP6T_HL_H
+#include <linux/types.h>
+
enum {
IP6T_HL_EQ = 0, /* equals */
IP6T_HL_NE, /* not equals */
--git a/include/linux/netfilter_ipv6/ip6t_ipv6header.h b/include/linux/netfilter_ipv6/ip6t_ipv6header.h
index 73d53bd..efae3a2 100644
--- a/include/linux/netfilter_ipv6/ip6t_ipv6header.h
+++ b/include/linux/netfilter_ipv6/ip6t_ipv6header.h
@@ -8,6 +8,8 @@ on whether they contain certain headers */
#ifndef __IPV6HEADER_H
#define __IPV6HEADER_H
+#include <linux/types.h>
+
struct ip6t_ipv6header_info {
__u8 matchflags;
__u8 invflags;
diff --git a/include/linux/netfilter_ipv6/ip6t_mh.h b/include/linux/netfilter_ipv6/ip6t_mh.h
index 98c8cf6..a7729a5 100644
--- a/include/linux/netfilter_ipv6/ip6t_mh.h
+++ b/include/linux/netfilter_ipv6/ip6t_mh.h
@@ -1,6 +1,8 @@
#ifndef _IP6T_MH_H
#define _IP6T_MH_H
+#include <linux/types.h>
+
/* MH matching stuff */
struct ip6t_mh {
__u8 types[2]; /* MH type range */
diff --git a/include/linux/netfilter_ipv6/ip6t_opts.h b/include/linux/netfilter_ipv6/ip6t_opts.h
index 405d309..17d419a 100644
--- a/include/linux/netfilter_ipv6/ip6t_opts.h
+++ b/include/linux/netfilter_ipv6/ip6t_opts.h
@@ -1,6 +1,8 @@
#ifndef _IP6T_OPTS_H
#define _IP6T_OPTS_H
+#include <linux/types.h>
+
#define IP6T_OPTS_OPTSNR 16
struct ip6t_opts {
diff --git a/include/linux/netfilter_ipv6/ip6t_rt.h b/include/linux/netfilter_ipv6/ip6t_rt.h
index e8dad20..7605a5f 100644
--- a/include/linux/netfilter_ipv6/ip6t_rt.h
+++ b/include/linux/netfilter_ipv6/ip6t_rt.h
@@ -1,6 +1,7 @@
#ifndef _IP6T_RT_H
#define _IP6T_RT_H
+#include <linux/types.h>
/*#include <linux/in6.h>*/
#define IP6T_RT_HOPS 16
--
1.7.3.4
^ permalink raw reply related
* [PATCH 4/7] netfilter: nf_nat: place conntrack in source hash after SNAT is done
From: kaber @ 2011-01-20 20:22 UTC (permalink / raw)
To: davem; +Cc: netfilter-devel, netdev, Changli Gao, Patrick McHardy
In-Reply-To: <1295554966-5263-1-git-send-email-kaber@trash.net>
From: Changli Gao <xiaosuo@gmail.com>
If SNAT isn't done, the wrong info maybe got by the other cts.
As the filter table is after DNAT table, the packets dropped in filter
table also bother bysource hash table.
Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
net/ipv4/netfilter/nf_nat_core.c | 18 +++++++++++-------
1 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 3002c04..21bcf47 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -221,7 +221,14 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple,
manips not an issue. */
if (maniptype == IP_NAT_MANIP_SRC &&
!(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) {
- if (find_appropriate_src(net, zone, orig_tuple, tuple, range)) {
+ /* try the original tuple first */
+ if (in_range(orig_tuple, range)) {
+ if (!nf_nat_used_tuple(orig_tuple, ct)) {
+ *tuple = *orig_tuple;
+ return;
+ }
+ } else if (find_appropriate_src(net, zone, orig_tuple, tuple,
+ range)) {
pr_debug("get_unique_tuple: Found current src map\n");
if (!nf_nat_used_tuple(tuple, ct))
return;
@@ -266,7 +273,6 @@ nf_nat_setup_info(struct nf_conn *ct,
struct net *net = nf_ct_net(ct);
struct nf_conntrack_tuple curr_tuple, new_tuple;
struct nf_conn_nat *nat;
- int have_to_hash = !(ct->status & IPS_NAT_DONE_MASK);
/* nat helper or nfctnetlink also setup binding */
nat = nfct_nat(ct);
@@ -306,8 +312,7 @@ nf_nat_setup_info(struct nf_conn *ct,
ct->status |= IPS_DST_NAT;
}
- /* Place in source hash if this is the first time. */
- if (have_to_hash) {
+ if (maniptype == IP_NAT_MANIP_SRC) {
unsigned int srchash;
srchash = hash_by_src(net, nf_ct_zone(ct),
@@ -535,7 +540,7 @@ static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
if (nat == NULL || nat->ct == NULL)
return;
- NF_CT_ASSERT(nat->ct->status & IPS_NAT_DONE_MASK);
+ NF_CT_ASSERT(nat->ct->status & IPS_SRC_NAT_DONE);
spin_lock_bh(&nf_nat_lock);
hlist_del_rcu(&nat->bysource);
@@ -548,11 +553,10 @@ static void nf_nat_move_storage(void *new, void *old)
struct nf_conn_nat *old_nat = old;
struct nf_conn *ct = old_nat->ct;
- if (!ct || !(ct->status & IPS_NAT_DONE_MASK))
+ if (!ct || !(ct->status & IPS_SRC_NAT_DONE))
return;
spin_lock_bh(&nf_nat_lock);
- new_nat->ct = ct;
hlist_replace_rcu(&old_nat->bysource, &new_nat->bysource);
spin_unlock_bh(&nf_nat_lock);
}
--
1.7.3.4
^ permalink raw reply related
* [PATCH 3/7] netfilter: xtables: remove duplicate member
From: kaber @ 2011-01-20 20:22 UTC (permalink / raw)
To: davem; +Cc: netfilter-devel, netdev, Jan Engelhardt
In-Reply-To: <1295554966-5263-1-git-send-email-kaber@trash.net>
From: Jan Engelhardt <jengelh@medozas.de>
Accidentally missed removing the old out-of-union "inverse" member,
which caused the struct size to change which then gives size mismatch
warnings when using an old iptables.
It is interesting to see that gcc did not warn about this before.
(Filed http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47376 )
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
include/linux/netfilter/xt_connlimit.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index 8884efc..ab1d3b5 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -18,7 +18,7 @@ struct xt_connlimit_info {
};
#endif
};
- unsigned int limit, inverse;
+ unsigned int limit;
union {
/* revision 0 */
unsigned int inverse;
--
1.7.3.4
^ permalink raw reply related
* [PATCH 0/7] netfilter: netfilter fixes for net-next
From: kaber @ 2011-01-20 20:22 UTC (permalink / raw)
To: davem; +Cc: netfilter-devel, netdev
the following patches fix a couple of problems in yesterdays netfilter pull,
as well as a few unrelated bugs:
- an inconsistency in rerouting with userspace queueing when using queue
numbers other than zero, from Florian
- a duplicate member in the xt_connlimit_info struct, from Jan
- a missing include in nf_conntrack_reasm, from Eric
- a linking error with NF_CONNTRACK_TIMESTAMP=n, from myself
- missing linux/types.h includes in netfilter headers after the change
to use __[us]XX types, from Jan
Additionally a few new features are contained:
- connlimit revision 1, supporting limiting by destination
- NAT fixes for source address selection, from Changli
Please apply or pull from:
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6.git master
Thanks!
^ permalink raw reply
* Re: [PATCH] netfilter: undefined reference to 'nf_conntrack_tstamp_*'
From: Patrick McHardy @ 2011-01-20 20:10 UTC (permalink / raw)
To: John Fastabend
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,
pablo@netfilter.org
In-Reply-To: <4D38958C.7090101@intel.com>
Am 20.01.2011 21:05, schrieb John Fastabend:
> On 1/20/2011 11:52 AM, Patrick McHardy wrote:
>> Am 20.01.2011 20:16, schrieb John Fastabend:
>>> net/built-in.o: In function `nf_conntrack_init_net':
>>> net/netfilter/nf_conntrack_core.c:1521:
>>> undefined reference to `nf_conntrack_tstamp_init'
>>> net/netfilter/nf_conntrack_core.c:1531:
>>> undefined reference to `nf_conntrack_tstamp_fini'
>>>
>>> Add 'selects' notation to Kconfig to include NF_CONNTRACK_TIMESTAMP
>>> this resolves all the config files I tested.
>>
>> That's not the correct fix, NF_CONNTRACK_TIMESTAMP is supposed
>> to be option. Please try whether this patch fixes the problem.
>>
>
> You patch fixes this thanks!
Thanks John!
^ permalink raw reply
* Re: [PATCH] netfilter: undefined reference to 'nf_conntrack_tstamp_*'
From: John Fastabend @ 2011-01-20 20:05 UTC (permalink / raw)
To: Patrick McHardy
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,
pablo@netfilter.org
In-Reply-To: <4D389283.3040307@trash.net>
On 1/20/2011 11:52 AM, Patrick McHardy wrote:
> Am 20.01.2011 20:16, schrieb John Fastabend:
>> net/built-in.o: In function `nf_conntrack_init_net':
>> net/netfilter/nf_conntrack_core.c:1521:
>> undefined reference to `nf_conntrack_tstamp_init'
>> net/netfilter/nf_conntrack_core.c:1531:
>> undefined reference to `nf_conntrack_tstamp_fini'
>>
>> Add 'selects' notation to Kconfig to include NF_CONNTRACK_TIMESTAMP
>> this resolves all the config files I tested.
>
> That's not the correct fix, NF_CONNTRACK_TIMESTAMP is supposed
> to be option. Please try whether this patch fixes the problem.
>
You patch fixes this thanks!
^ permalink raw reply
* Re: [PATCH] netfilter: add a missing include in nf_conntrack_reasm.c
From: Patrick McHardy @ 2011-01-20 20:01 UTC (permalink / raw)
To: Eric Dumazet; +Cc: Netfilter Development Mailinglist, netdev, KOVACS Krisztian
In-Reply-To: <1295553443.2613.3.camel@edumazet-laptop>
Am 20.01.2011 20:57, schrieb Eric Dumazet:
> Le jeudi 20 janvier 2011 à 20:18 +0100, Patrick McHardy a écrit :
>> Am 20.01.2011 18:53, schrieb Eric Dumazet:
>>> After commit ae90bdeaeac6b (netfilter: fix compilation when conntrack is
>>> disabled but tproxy is enabled) we have following warnings :
>>>
>>> net/ipv6/netfilter/nf_conntrack_reasm.c:520:16: warning: symbol
>>> 'nf_ct_frag6_gather' was not declared. Should it be static?
>>> net/ipv6/netfilter/nf_conntrack_reasm.c:591:6: warning: symbol
>>> 'nf_ct_frag6_output' was not declared. Should it be static?
>>> net/ipv6/netfilter/nf_conntrack_reasm.c:612:5: warning: symbol
>>> 'nf_ct_frag6_init' was not declared. Should it be static?
>>> net/ipv6/netfilter/nf_conntrack_reasm.c:640:6: warning: symbol
>>> 'nf_ct_frag6_cleanup' was not declared. Should it be static?
>>>
>>> Fix this including net/netfilter/ipv6/nf_defrag_ipv6.h
>>>
>>
>> I currently don't have access to all my trees, does this patch
>> apply to 2.6.38 or just the current -rc?
>
> I dont really understand the question.
>
> Or do you mean 2.6.37 versus 2.6.38-rc1 ?
Right, that was a typo.
> It's a minor correction anyway, not a stable candidate. It would be good
> to push it for current (2.6.38)
Applied, thanks.
I'll push this together with a bunch of other fixes to Dave later tonight.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply
* Re: [PATCH] Ensure that we unshare skbs prior to calling pskb_may_pull in bonding driver
From: Andy Gospodarek @ 2011-01-20 19:59 UTC (permalink / raw)
To: Neil Horman; +Cc: netdev, Andy Gospodarek, Jay Vosburgh, David S. Miller
In-Reply-To: <1295550151-25913-1-git-send-email-nhorman@tuxdriver.com>
On Thu, Jan 20, 2011 at 02:02:31PM -0500, Neil Horman wrote:
> Recently reported oops:
>
> kernel BUG at net/core/skbuff.c:813!
> invalid opcode: 0000 [#1] SMP
> last sysfs file: /sys/devices/virtual/net/bond0/broadcast
> CPU 8
> Modules linked in: sit tunnel4 cpufreq_ondemand acpi_cpufreq freq_table bonding
> ipv6 dm_mirror dm_region_hash dm_log cdc_ether usbnet mii serio_raw i2c_i801
> i2c_core iTCO_wdt iTCO_vendor_support shpchp ioatdma i7core_edac edac_core bnx2
> ixgbe dca mdio sg ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase
> scsi_transport_sas dm_mod [last unloaded: microcode]
>
> Modules linked in: sit tunnel4 cpufreq_ondemand acpi_cpufreq freq_table bonding
> ipv6 dm_mirror dm_region_hash dm_log cdc_ether usbnet mii serio_raw i2c_i801
> i2c_core iTCO_wdt iTCO_vendor_support shpchp ioatdma i7core_edac edac_core bnx2
> ixgbe dca mdio sg ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase
> scsi_transport_sas dm_mod [last unloaded: microcode]
> Pid: 0, comm: swapper Not tainted 2.6.32-71.el6.x86_64 #1 BladeCenter HS22
> -[7870AC1]-
> RIP: 0010:[<ffffffff81405b16>] [<ffffffff81405b16>]
> pskb_expand_head+0x36/0x1e0
> RSP: 0018:ffff880028303b70 EFLAGS: 00010202
> RAX: 0000000000000002 RBX: ffff880c6458ec80 RCX: 0000000000000020
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880c6458ec80
> RBP: ffff880028303bc0 R08: ffffffff818a6180 R09: ffff880c6458ed64
> R10: ffff880c622b36c0 R11: 0000000000000400 R12: 0000000000000000
> R13: 0000000000000180 R14: ffff880c622b3000 R15: 0000000000000000
> FS: 0000000000000000(0000) GS:ffff880028300000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
> CR2: 00000038653452a4 CR3: 0000000001001000 CR4: 00000000000006e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process swapper (pid: 0, threadinfo ffff8806649c2000, task ffff880c64f16ab0)
> Stack:
> ffff880028303bc0 ffffffff8104fff9 000000000000001c 0000000100000000
> <0> ffff880000047d80 ffff880c6458ec80 000000000000001c ffff880c6223da00
> <0> ffff880c622b3000 0000000000000000 ffff880028303c10 ffffffff81407f7a
> Call Trace:
> <IRQ>
> [<ffffffff8104fff9>] ? __wake_up_common+0x59/0x90
> [<ffffffff81407f7a>] __pskb_pull_tail+0x2aa/0x360
> [<ffffffffa0244530>] bond_arp_rcv+0x2c0/0x2e0 [bonding]
> [<ffffffff814a0857>] ? packet_rcv+0x377/0x440
> [<ffffffff8140f21b>] netif_receive_skb+0x2db/0x670
> [<ffffffff8140f788>] napi_skb_finish+0x58/0x70
> [<ffffffff8140fc89>] napi_gro_receive+0x39/0x50
> [<ffffffffa01286eb>] ixgbe_clean_rx_irq+0x35b/0x900 [ixgbe]
> [<ffffffffa01290f6>] ixgbe_clean_rxtx_many+0x136/0x240 [ixgbe]
> [<ffffffff8140fe53>] net_rx_action+0x103/0x210
> [<ffffffff81073bd7>] __do_softirq+0xb7/0x1e0
> [<ffffffff810d8740>] ? handle_IRQ_event+0x60/0x170
> [<ffffffff810142cc>] call_softirq+0x1c/0x30
> [<ffffffff81015f35>] do_softirq+0x65/0xa0
> [<ffffffff810739d5>] irq_exit+0x85/0x90
> [<ffffffff814cf915>] do_IRQ+0x75/0xf0
> [<ffffffff81013ad3>] ret_from_intr+0x0/0x11
> <EOI>
> [<ffffffff8101bc01>] ? mwait_idle+0x71/0xd0
> [<ffffffff814cd80a>] ? atomic_notifier_call_chain+0x1a/0x20
> [<ffffffff81011e96>] cpu_idle+0xb6/0x110
> [<ffffffff814c17c8>] start_secondary+0x1fc/0x23f
>
> Resulted from bonding driver registering packet handlers via dev_add_pack and
> then trying to call pskb_may_pull. If another packet handler (like for AF_PACKET
> sockets) gets called first, the delivered skb will have a user count > 1, which
> causes pskb_may_pull to BUG halt when it does its skb_shared check. Fix this by
> calling skb_share_check prior to the may_pull call sites in the bonding driver
> to clone the skb when needed. Tested by myself and the reported successfully.
>
> Signed-off-by: Neil Horman
> CC: Andy Gospodarek <andy@greyhouse.net>
> CC: Jay Vosburgh <fubar@us.ibm.com>
> CC: "David S. Miller" <davem@davemloft.net>
Looks great. Thanks for posting this, Neil. I agree with Jay that this
would be good any stable kernel that also took:
ab12811c89e88f2e66746790b1fe4469ccb7bdd9 bonding: correctly process non-linear skbs
Signed-off-by: Andy Gospodarek <andy@greyhouse.net>
^ permalink raw reply
* Re: [PATCH] netfilter: add a missing include in nf_conntrack_reasm.c
From: Eric Dumazet @ 2011-01-20 19:57 UTC (permalink / raw)
To: Patrick McHardy
Cc: Netfilter Development Mailinglist, netdev, KOVACS Krisztian
In-Reply-To: <4D388A83.5020501@trash.net>
Le jeudi 20 janvier 2011 à 20:18 +0100, Patrick McHardy a écrit :
> Am 20.01.2011 18:53, schrieb Eric Dumazet:
> > After commit ae90bdeaeac6b (netfilter: fix compilation when conntrack is
> > disabled but tproxy is enabled) we have following warnings :
> >
> > net/ipv6/netfilter/nf_conntrack_reasm.c:520:16: warning: symbol
> > 'nf_ct_frag6_gather' was not declared. Should it be static?
> > net/ipv6/netfilter/nf_conntrack_reasm.c:591:6: warning: symbol
> > 'nf_ct_frag6_output' was not declared. Should it be static?
> > net/ipv6/netfilter/nf_conntrack_reasm.c:612:5: warning: symbol
> > 'nf_ct_frag6_init' was not declared. Should it be static?
> > net/ipv6/netfilter/nf_conntrack_reasm.c:640:6: warning: symbol
> > 'nf_ct_frag6_cleanup' was not declared. Should it be static?
> >
> > Fix this including net/netfilter/ipv6/nf_defrag_ipv6.h
> >
>
> I currently don't have access to all my trees, does this patch
> apply to 2.6.38 or just the current -rc?
I dont really understand the question.
Or do you mean 2.6.37 versus 2.6.38-rc1 ?
It's a minor correction anyway, not a stable candidate. It would be good
to push it for current (2.6.38)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply
* Re: Bonding on bond
From: Jay Vosburgh @ 2011-01-20 19:53 UTC (permalink / raw)
To: =?ISO-8859-1?Q?Nicolas_de_Peslo=FCan?=
Cc: Jiri Bohac, bonding-devel@lists.sourceforge.net,
netdev@vger.kernel.org
In-Reply-To: <4D385F0B.1010000@gmail.com>
Nicolas de Pesloüan <nicolas.2p.debian@gmail.com> wrote:
>Le 20/01/2011 16:31, Jiri Bohac a écrit :
>> On Wed, Jan 19, 2011 at 09:33:19PM +0100, Nicolas de Pesloüan wrote:
>>> Even if it is possible to test for slave and for master with a
>>> single condition (IFF_BONDING), I suggest to split the tests and the
>>> error messages, to give end user the best possible diagnostic.
>>
>> OK, why not. The below patch still uses IFF_BONDING to detect a
>> master is being enslaved, because IFF_MASTER is also used by the
>> eql driver. No idea if it works / someone ever uses it with
>> bonding, but it might collide.
>
>Thanks Jiri.
>
>> bonding: prohibit enslaving of bonding masters
>>
>> Nested bonding is not supported and will result in strange problems, e.g.:
>> - netif_receive_skb() will not properly change skb->dev to point to the
>> uppoer-most bonding master
>> - arp monitor will not work (dev->last_rx is only updated by hardware drivers)
>> - accidentally enslaving a bonding master to itself will cause an infinite
>> recursion in the TX path
Did you test these? I'm curious about the ARP monitor
assertion, because last_rx is updated by bonding itself now (in
skb_bond_should_drop), not in the device drivers.
I'm in agreement that, by and large, nesting of bonds is
pointless. However, I suspect that there are users out in the world who
are happily doing so, and this patch may shut them down.
I've not tested with nesting in a while; I know it used to work
(at least for limited cases, typically an active-backup bond with a pair
of balance-xor or balance-rr or sometimes 802.3ad enslaved to it), but
has never really been a deliberate feature. Is nesting now utterly
broken, as suggested by the list of problems above?
>> This patch prevents this by prohibiting a bonding master from being further enslaved.
>>
>> Signed-off-by: Jiri Bohac<jbohac@suse.cz>
>
>Reviewed-by: Nicolas de Pesloüan <nicolas.2p.debian@free.fr>
If nesting really doesn't work and is going to be disabled, then
at a minimum it should also have an update to the documentation
explaining this.
-J
>> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
>> index b1025b8..b117dd8 100644
>> --- a/drivers/net/bonding/bond_main.c
>> +++ b/drivers/net/bonding/bond_main.c
>> @@ -1453,6 +1453,12 @@ int bond_enslave(struct net_device *bond_dev, struct net_device *slave_dev)
>> return -EBUSY;
>> }
>>
>> + /* cannot enslave a master */
>> + if (slave_dev->priv_flags& IFF_BONDING) {
>> + pr_debug("Error, cannot enslave a bonding master\n");
>> + return -EBUSY;
>> + }
>> +
>> /* vlan challenged mutual exclusion */
>> /* no need to lock since we're protected by rtnl_lock */
>> if (slave_dev->features& NETIF_F_VLAN_CHALLENGED) {
>>
---
-Jay Vosburgh, IBM Linux Technology Center, fubar@us.ibm.com
^ permalink raw reply
* Re: [PATCH] netfilter: undefined reference to 'nf_conntrack_tstamp_*'
From: Patrick McHardy @ 2011-01-20 19:52 UTC (permalink / raw)
To: John Fastabend; +Cc: netfilter-devel, netdev, pablo
In-Reply-To: <20110120191612.24205.73463.stgit@jf-dev1-dcblab>
[-- Attachment #1: Type: text/plain, Size: 538 bytes --]
Am 20.01.2011 20:16, schrieb John Fastabend:
> net/built-in.o: In function `nf_conntrack_init_net':
> net/netfilter/nf_conntrack_core.c:1521:
> undefined reference to `nf_conntrack_tstamp_init'
> net/netfilter/nf_conntrack_core.c:1531:
> undefined reference to `nf_conntrack_tstamp_fini'
>
> Add 'selects' notation to Kconfig to include NF_CONNTRACK_TIMESTAMP
> this resolves all the config files I tested.
That's not the correct fix, NF_CONNTRACK_TIMESTAMP is supposed
to be option. Please try whether this patch fixes the problem.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1418 bytes --]
commit 2f1e3176723d74ea2dd975e5be0ef6bb4fed2e2e
Author: Patrick McHardy <kaber@trash.net>
Date: Thu Jan 20 20:46:52 2011 +0100
netfilter: nf_conntrack: fix linker error with NF_CONNTRACK_TIMESTAMP=n
net/built-in.o: In function `nf_conntrack_init_net':
net/netfilter/nf_conntrack_core.c:1521:
undefined reference to `nf_conntrack_tstamp_init'
net/netfilter/nf_conntrack_core.c:1531:
undefined reference to `nf_conntrack_tstamp_fini'
Add dummy inline functions for the =n case to fix this.
Reported-by: John Fastabend <john.r.fastabend@intel.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/include/net/netfilter/nf_conntrack_timestamp.h b/include/net/netfilter/nf_conntrack_timestamp.h
index f17dcb6..fc9c82b 100644
--- a/include/net/netfilter/nf_conntrack_timestamp.h
+++ b/include/net/netfilter/nf_conntrack_timestamp.h
@@ -47,7 +47,19 @@ static inline void nf_ct_set_tstamp(struct net *net, bool enable)
net->ct.sysctl_tstamp = enable;
}
+#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP
extern int nf_conntrack_tstamp_init(struct net *net);
extern void nf_conntrack_tstamp_fini(struct net *net);
+#else
+static inline int nf_conntrack_tstamp_init(struct net *net)
+{
+ return 0;
+}
+
+static inline void nf_conntrack_tstamp_fini(struct net *net)
+{
+ return;
+}
+#endif /* CONFIG_NF_CONNTRACK_TIMESTAMP */
#endif /* _NF_CONNTRACK_TSTAMP_H */
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox