summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2006-12-02[TCP]: Restrict congestion control choices.Stephen Hemminger
Allow normal users to only choose among a restricted set of congestion control choices. The default is reno and what ever has been configured as default. But the policy can be changed by administrator at any time. For example, to allow any choice: cp /proc/sys/net/ipv4/tcp_available_congestion_control \ /proc/sys/net/ipv4/tcp_allowed_congestion_control Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[TCP]: Add tcp_available_congestion_control sysctl.Stephen Hemminger
Create /proc/sys/net/ipv4/tcp_available_congestion_control that reflects currently available TCP choices. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[SCTP]: Fix warningVlad Yasevich
An alternate solution would be to make the digest a pointer, allocate it in sctp_endpoint_init() and free it in sctp_endpoint_destroy(). I guess I should have originally done it this way... CC [M] net/sctp/sm_make_chunk.o net/sctp/sm_make_chunk.c: In function 'sctp_unpack_cookie': net/sctp/sm_make_chunk.c:1358: warning: initialization discards qualifiers from pointer target type The reason is that sctp_unpack_cookie() takes a const struct sctp_endpoint and modifies the digest in it (digest being embedded in the struct, not a pointer). Make digest a pointer to fix this warning. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[IPV6] tcp: Fix typo _read_mostly --> __read_mostly.David S. Miller
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[DCCP]: Fix typo _read_mostly --> __read_mostly.David S. Miller
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NET]: Size listen hash tables using backlog hintEric Dumazet
We currently allocate a fixed size (TCP_SYNQ_HSIZE=512) slots hash table for each LISTEN socket, regardless of various parameters (listen backlog for example) On x86_64, this means order-1 allocations (might fail), even for 'small' sockets, expecting few connections. On the contrary, a huge server wanting a backlog of 50000 is slowed down a bit because of this fixed limit. This patch makes the sizing of listen hash table a dynamic parameter, depending of : - net.core.somaxconn tunable (default is 128) - net.ipv4.tcp_max_syn_backlog tunable (default : 256, 1024 or 128) - backlog value given by user application (2nd parameter of listen()) For large allocations (bigger than PAGE_SIZE), we use vmalloc() instead of kmalloc(). We still limit memory allocation with the two existing tunables (somaxconn & tcp_max_syn_backlog). So for standard setups, this patch actually reduce RAM usage. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[PKT_SCHED]: Make sch_fifo.o available when CONFIG_NET_SCHED is not set.David Kimdon
Based on patch by Patrick McHardy. Add a new option, NET_SCH_FIFO, which provides a simple fifo qdisc without requiring CONFIG_NET_SCHED. The d80211 stack needs a generic fifo qdisc for WME. At present it uses net/d80211/fifo_qdisc.c which is functionally equivalent to sch_fifo.c. This patch will allow the d80211 stack to remove net/d80211/fifo_qdisc.c and use sch_fifo.c instead. Signed-off-by: David Kimdon <david.kimdon@devicescape.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NET] rules: Add support to invert selectorsThomas Graf
Introduces a new flag FIB_RULE_INVERT causing rules to apply if the specified selector doesn't match. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NET] rules: Share common attribute validation policyThomas Graf
Move the attribute policy for the non-specific attributes into net/fib_rules.h and include it in the respective protocols. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NET] rules: Protocol independant mark selectorThomas Graf
Move mark selector currently implemented per protocol into the protocol independant part. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[IPV4] nl_fib_lookup: Rename fl_fwmark to fl_markThomas Graf
For the sake of consistency. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NET]: Rethink mark field in struct flowiThomas Graf
Now that all protocols have been made aware of the mark field it can be moved out of the union thus simplyfing its usage. The config options in the IPv4/IPv6/DECnet subsystems to enable respectively disable mark based routing only obfuscate the code with ifdefs, the cost for the additional comparison in the flow key is insignificant, and most distributions have all these options enabled by default anyway. Therefore it makes sense to remove the config options and enable mark based routing by default. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NET]: Turn nfmark into generic markThomas Graf
nfmark is being used in various subsystems and has become the defacto mark field for all kinds of packets. Therefore it makes sense to rename it to `mark' and remove the dependency on CONFIG_NETFILTER. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[DECNET]: Don't clear memory twice.Ralf Baechle
When dn_neigh.c was converted from kmalloc to kzalloc in commit 0da974f4f303a6842516b764507e3c0a03f41e5a it was missed that dn_neigh_seq_open was actually clearing the allocation twice was missed. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[XFRM]: uninline xfrm_selector_match()Andrew Morton
Six callsites, huge. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[BLUETOOTH] lockdep: annotate sk_lock nesting in AF_BLUETOOTHPeter Zijlstra
============================================= [ INFO: possible recursive locking detected ] 2.6.18-1.2726.fc6 #1
2006-12-02SELinux: Fix SA selection semanticsVenkat Yekkirala
Fix the selection of an SA for an outgoing packet to be at the same context as the originating socket/flow. This eliminates the SELinux policy's ability to use/sendto SAs with contexts other than the socket's. With this patch applied, the SELinux policy will require one or more of the following for a socket to be able to communicate with/without SAs: 1. To enable a socket to communicate without using labeled-IPSec SAs: allow socket_t unlabeled_t:association { sendto recvfrom } 2. To enable a socket to communicate with labeled-IPSec SAs: allow socket_t self:association { sendto }; allow socket_t peer_sa_t:association { recvfrom }; Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: James Morris <jmorris@namei.org>
2006-12-02SELinux: Return correct context for SO_PEERSECVenkat Yekkirala
Fix SO_PEERSEC for tcp sockets to return the security context of the peer (as represented by the SA from the peer) as opposed to the SA used by the local/source socket. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: James Morris <jmorris@namei.org>
2006-12-02SELinux: Various xfrm labeling fixesVenkat Yekkirala
Since the upstreaming of the mlsxfrm modification a few months back, testing has resulted in the identification of the following issues/bugs that are resolved in this patch set. 1. Fix the security context used in the IKE negotiation to be the context of the socket as opposed to the context of the SPD rule. 2. Fix SO_PEERSEC for tcp sockets to return the security context of the peer as opposed to the source. 3. Fix the selection of an SA for an outgoing packet to be at the same context as the originating socket/flow. The following would be the result of applying this patchset: - SO_PEERSEC will now correctly return the peer's context. - IKE deamons will receive the context of the source socket/flow as opposed to the SPD rule's context so that the negotiated SA will be at the same context as the source socket/flow. - The SELinux policy will require one or more of the following for a socket to be able to communicate with/without SAs: 1. To enable a socket to communicate without using labeled-IPSec SAs: allow socket_t unlabeled_t:association { sendto recvfrom } 2. To enable a socket to communicate with labeled-IPSec SAs: allow socket_t self:association { sendto }; allow socket_t peer_sa_t:association { recvfrom }; This Patch: Pass correct security context to IKE for use in negotiation Fix the security context passed to IKE for use in negotiation to be the context of the socket as opposed to the context of the SPD rule so that the SA carries the label of the originating socket/flow. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: James Morris <jmorris@namei.org>
2006-12-02[BLUETOOTH] rfcomm endianness bug: param_mask is little-endian on the wireAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[BLUETOOTH]: rfcomm endianness annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[BLUETOOTH]: bnep endianness annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[BLUETOOTH] bnep endianness bug: filtering by packet typeAl Viro
<= and => don't work well on net-endian... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[IPV6]: ip6_output annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NETFILTER]: trivial annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[AF_PACKET]: annotateAl Viro
Weirdness: the third argument of socket() is net-endian here. Oh, well - it's documented in packet(7). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[LLC]: anotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[IPV6]: annotate inet6_csk_search_req()Al Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[IPV6]: flowlabels are net-endianAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[INET]: annotate inet_ecn.hAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NET]: annotate dsfield.hAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[XFRM]: annotate ->new_mapping()Al Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[AF_KEY]: annotateAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[IPV4]: encapsulation annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[SUNRPC]: annotate hash_ip()Al Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[IPV6]: annotate ipv6 mcastAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[IPV6]: annotate struct frag_hdrAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[IPV6]: annotate icmpv6 headersAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[IPV6]: 'info' argument of ipv6 ->err_handler() is net-endianAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[XFRM]: misc annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[IPV6]: annotate inet6_hashtablesAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[NET]: ipconfig and nfsroot annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[TIPC]: endianness annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[IPV6] NDISC: Calculate packet length correctly for allocation.David S. Miller
MAX_HEADER does not include the ipv6 header length in it, so we need to add it in explicitly. With help from YOSHIFUJI Hideaki. Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02Merge branch 'upstream-linus' of ↵Linus Torvalds
master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6 * 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6: (118 commits) [netdrvr] skge: build fix [PATCH] NetXen: driver cleanup, removed unnecessary __iomem type casts [PATCH] PHY: Add support for configuring the PHY connection interface [PATCH] chelesio: transmit locking (plus bug fix). [PATCH] chelsio: statistics improvement [PATCH] chelsio: add MSI support [PATCH] chelsio: use standard CRC routines [PATCH] chelsio: cleanup pm3393 code [PATCH] chelsio: add 1G swcixw aupport [PATCH] chelsio: add support for other 10G boards [PATCH] chelsio: remove unused mutex [PATCH] chelsio: use kzalloc [PATCH] chelsio: whitespace fixes [PATCH] amd8111e use standard CRC lib [PATCH] sky2: msi enhancements. [PATCH] sky2: kfree_skb_any needed [PATCH] sky2: fixes for Yukon EC_U chip revisions [PATCH] sky2: add Dlink 560SX id [PATCH] sky2: receive error handling fix [PATCH] skge: don't clear MC state on link down ...
2006-12-02Merge branch 'for-linus' of ↵Linus Torvalds
master.kernel.org:/pub/scm/linux/kernel/git/drzeus/mmc * 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/drzeus/mmc: mmc: correct request error handling mmc: Flush block queue when removing card mmc: sdhci high speed support mmc: Support for high speed SD cards mmc: Fix mmc_delay() function mmc: Add support for mmc v4 wide-bus modes [PATCH] mmc: Add support for mmc v4 high speed mode trivial change for mmc/Kconfig: MMC_PXA does not mean only PXA255 Make general code cleanups Add MMC_CAP_{MULTIWRITE,BYTEBLOCK} flags Platform device error handling cleanup Move register definitions away from the header file Change OMAP_MMC_{READ,WRITE} macros to use the host pointer Replace base with virt_base and phys_base mmc: constify mmc_host_ops vectors mmc: remove kernel_thread()
2006-12-02Merge branch 'release' of ↵Linus Torvalds
master.kernel.org:/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 * 'release' of master.kernel.org:/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6: Revert "ACPI: SCI interrupt source override"
2006-12-02[netdrvr] skge: build fixJeff Garzik
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-02Revert "ACPI: SCI interrupt source override"Len Brown
This reverts commit 281ea49b0c294649a6de47a6f8fbe5611137726b, which broke ACPI Interrupt source overrides that move the SCI from one IRQ in PIC mode to another in IOAPIC mode. If the SCI shared an interrupt line with another device, this would result in a "irq 18: nobody cared" type failure. http://bugzilla.kernel.org/show_bug.cgi?id=7601 Signed-off-by: Len Brown <len.brown@intel.com>
2006-12-02[PATCH] NetXen: driver cleanup, removed unnecessary __iomem type castsAmit S. Kale
Signed-off-by: Amit S. Kale <amitkale@netxen.com> netxen_nic.h | 38 ++++++++------------------------------ netxen_nic_ethtool.c | 5 ++--- netxen_nic_hw.c | 12 +++++------- netxen_nic_main.c | 8 +++----- 4 files changed, 18 insertions(+), 45 deletions(-) Signed-off-by: Jeff Garzik <jeff@garzik.org>