summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [DCCP]: Increment sequence numbers on retransmitted Response packetsGerrit Renker2006-12-022-7/+13
| | | | Problem:
* [DCCP]: Update comments on precisely which packets can be retransmittedGerrit Renker2006-12-021-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This updates program documentation: spell out precise conditions about which packets are eligible for retransmission (which is actually quite hard to extract from RFC 4340). It is based on the following table derived from RFC 4340: +-----------+---------------------------------+---------------------+ | Type | Retransmit? | Remark | +-----------+---------------------------------+---------------------+ | Request | in client-REQUEST state | sec. 8.1.1 | | Response | NEVER | SHOULD NOT, 8.1.3 | | Data | NEVER | unreliable protocol | | Ack | possible in client-PARTOPEN | sec. 8.1.5 | | DataAck | NEVER | unreliable protocol | | CloseReq | only in server-CLOSEREQ state | MUST, sec. 8.3 | | Close | in node-CLOSING state | MUST, sec. 8.3 | +-----------+-------------------------------------------------------+ | Reset | only in response to other packets | | Sync | only in response to sequence-invalid packets (7.5.4) | | SyncAck | only in response to Sync packets | +-----------+-------------------------------------------------------+ Hence the only packets eligible for retransmission are: * Requests in client-REQUEST state (sec. 8.1.1) * Acks in client-PARTOPEN state (sec. 8.1.5) * CloseReq in server-CLOSEREQ state (sec. 8.3) * Close in node-CLOSING state (sec. 8.3) I had meant to put in a check for these types too, but have left that for later. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [DECNET]: Fix build regressions.David S. Miller2006-12-022-8/+2
| | | | | | Spotted by Arnaldo. Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP] htcp: Better packing of struct htcp.David S. Miller2006-12-021-2/+2
| | | | | | Based upon a patch by Joe Perches. Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPv6]: Only modify checksum for UDPBrian Haley2006-12-022-3/+1
| | | | | | | | Only change upper-layer checksum from 0 to 0xFFFF for UDP (as RFC 768 states), not for others as RFC 4443 doesn't require it. Signed-off-by: Brian Haley <brian.haley@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPv6] rules: Remove bogus tos validation checkThomas Graf2006-12-021-2/+1
| | | | | | | | | | Noticed by Al Viro: (frh->tos & ~IPV6_FLOWINFO_MASK)) where IPV6_FLOWINFO_MASK is htonl(0xfffffff) and frh->tos is u8, which makes no sense here... Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETLINK]: Do precise netlink message allocations where possibleThomas Graf2006-12-0221-107/+233
| | | | | | | | | | | | | Account for the netlink message header size directly in nlmsg_new() instead of relying on the caller calculate it correctly. Replaces error handling of message construction functions when constructing notifications with bug traps since a failure implies a bug in calculating the size of the skb. Signed-off-by: Thomas Graf <tgraf@suug.ch> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Remove dead code in init_sequenceGerrit Renker2006-12-022-15/+8
| | | | | | | | | | | | | | | | This removes two redundancies: 1) The test (skb->protocol == htons(ETH_P_IPV6) in tcp_v6_init_sequence() is always true, due to * tcp_v6_conn_request() is the only function calling this one * tcp_v6_conn_request() redirects all skb's with ETH_P_IP protocol to tcp_v4_conn_request() [ cf. top of tcp_v6_conn_request()] 2) The first argument, `struct sock *sk' of tcp_v{4,6}_init_sequence() is never used. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: Support for partial checksums (RFC 4340, sec. 9.2)Gerrit Renker2006-12-027-97/+173
| | | | | | | | | | | | | | | | | | | | | | | | | | | This patch does the following: a) introduces variable-length checksums as specified in [RFC 4340, sec. 9.2] b) provides necessary socket options and documentation as to how to use them c) basic support and infrastructure for the Minimum Checksum Coverage feature [RFC 4340, sec. 9.2.1]: acceptability tests, user notification and user interface In addition, it (1) fixes two bugs in the DCCPv4 checksum computation: * pseudo-header used checksum_len instead of skb->len * incorrect checksum coverage calculation based on dccph_x (2) removes dccp_v4_verify_checksum() since it reduplicates code of the checksum computation; code calling this function is updated accordingly. (3) now uses skb_checksum(), which is safer than checksum_partial() if the sk_buff has is a non-linear buffer (has pages attached to it). (4) fixes an outstanding TODO item: * If P.CsCov is too large for the packet size, drop packet and return. The code has been tested with applications, the latest version of tcpdump now comes with support for partial DCCP checksums. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [IPV6]: Per-interface statistics support.YOSHIFUJI Hideaki2006-12-0213-108/+195
| | | | | | For IP MIB (RFC4293). Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* [IPV6]: Introduce ip6_dst_idev() to get inet6_dev{} stored in dst_entry{}.YOSHIFUJI Hideaki2006-12-023-2/+7
| | | | | | Otherwise, we will see a lot of casts... Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* [IPV6] ROUTE: Use &rt->u.dst instead of cast.YOSHIFUJI Hideaki2006-12-022-4/+4
| | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* [IPV6] ROUTE: Use macros to format /proc/net/ipv6_route.YOSHIFUJI Hideaki2006-12-021-24/+13
| | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* [DCCP]: Update code comments for Step 2/3Gerrit Renker2006-12-024-51/+68
| | | | | | | | | Sorts out the comments for processing steps 2,3 in section 8.5 of RFC 4340. All comments have been updated against this document, and the reference to step 2 has been made consistent throughout the files. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [DCCP]: tidy up dccp_v{4,6}_conn_requestGerrit Renker2006-12-024-22/+16
| | | | | | | This is a code simplification to remove reduplicated code by concentrating and abstracting shared code. Detailed Changes:
* [DCCP]: Fix logfile overflowIan McDonald2006-12-022-3/+7
| | | | | | | | | | | | This patch fixes data being spewed into the logs continually. As the code stood if there was a large queue and long delays timeo would go down to zero and never get reset. This fixes it by resetting timeo. Put constant into header as well. Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [DCCP]: Fix DCCP Probe TypoIan McDonald2006-12-021-1/+1
| | | | | | | | | Fixes a typo in Kconfig, patch is by Ian McDonald and is re-sent from http://www.mail-archive.com/dccp@vger.kernel.org/msg00579.html Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [DCCPv6]: remove forward declarations in ipv6.cGerrit Renker2006-12-021-195/+190
| | | | | | | | | | | This does the same for ipv6.c as the preceding one does for ipv4.c: Only the inet_connection_sock_af_ops forward declarations remain, since at least dccp_ipv6_mapped has a circular dependency to dccp_v6_request_recv_sock. No code change, merely re-ordering. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [DCCPv4]: remove forward declarations in ipv4.cGerrit Renker2006-12-021-134/+132
| | | | | | | | | | | | | | This relates to Arnaldo's announcement in http://www.mail-archive.com/dccp@vger.kernel.org/msg00604.html Originally this had been part of the Oops fix and is a revised variant of http://www.mail-archive.com/dccp@vger.kernel.org/msg00598.html No code change, merely reshuffling, with the particular objective of having all request_sock_ops close(r) together for more clarity. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [DCCP]: calling dccp_v{4,6}_reqsk_send_ack is a BUGGerrit Renker2006-12-024-103/+14
| | | | | | | | | | This patch removes two functions, the send_ack functions of request_sock, which are not called/used by the DCCP code. It is correct that these functions are not called, below is a justification why calling these functions (on a passive socket in the LISTEN/RESPOND state) would mean a DCCP protocol violation. A) Background: using request_sock in TCP:
* [DCCP] timewait: Remove leftover extern declarationsArnaldo Carvalho de Melo2006-12-021-2/+0
| | | | | | | | | Gerrit Renker noticed dccp_tw_deschedule and submitted a patch with a FIXME, but as he suggests in the same patch the best thing is to just ditch this declaration, while doing that also noticed that tcp_tw_count is as well not defined anywhere, so ditch it too. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [DCCP]: Simplify jump labels in dccp_v{4,6}_rcvGerrit Renker2006-12-022-23/+14
| | | | | | | | | | | | | | | | This is a code simplification and was singled out from the DCCPv6 Oops patch on http://www.mail-archive.com/dccp@vger.kernel.org/msg00600.html It mainly makes the code consistent between ipv{4,6}.c for the functions dccp_v4_rcv dccp_v6_rcv and removes the do_time_wait label to simplify code somewhat. Commiter note: fixed up a compile problem, trivial. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [DCCP]: Combine allocating & zeroing header space on skbGerrit Renker2006-12-024-24/+14
| | | | | | | | | | | | This is a code simplification: it combines three often recurring operations into one inline function, * allocate `len' bytes header space in skb * fill these `len' bytes with zeroes * cast the start of this header space as dccp_hdr Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [DCCPv6]: Add a FIXME for missing IPV6_PKTOPTIONSGerrit Renker2006-12-021-2/+6
| | | | | | | | | | | | This refers to the possible memory leak pointed out in http://www.mail-archive.com/dccp@vger.kernel.org/msg00574.html, fixed by David Miller in http://www.mail-archive.com/netdev@vger.kernel.org/msg24881.html and adds a FIXME to point out where code is missing. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [DCCP]: set safe upper bound for option lengthGerrit Renker2006-12-021-6/+12
| | | | | | | | | | | This is a re-send from http://www.mail-archive.com/dccp@vger.kernel.org/msg00553.html It is the same patch as before, but I have built in Arnaldo's suggestions pointed out in that posting. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [TCP]: Don't set SKB owner in tcp_transmit_skb().David S. Miller2006-12-028-12/+10
| | | | | | | | | | | | | | | | | | | | The data itself is already charged to the SKB, doing the skb_set_owner_w() just generates a lot of noise and extra atomics we don't really need. Lmbench improvements on lat_tcp are minimal: before: TCP latency using localhost: 23.2701 microseconds TCP latency using localhost: 23.1994 microseconds TCP latency using localhost: 23.2257 microseconds after: TCP latency using localhost: 22.8380 microseconds TCP latency using localhost: 22.9465 microseconds TCP latency using localhost: 22.8462 microseconds Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET] ip-sysctl.txt: Alphabetize.Stephen Hemminger2006-12-021-178/+177
| | | | | | | Rearrange TCP entries in alpha order. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Allow autoloading of congestion control via setsockopt.Stephen Hemminger2006-12-021-1/+11
| | | | | | | | If user has permision to load modules, then autoload then attempt autoload of TCP congestion module. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Restrict congestion control choices.Stephen Hemminger2006-12-025-0/+125
| | | | | | | | | | | | | Allow normal users to only choose among a restricted set of congestion control choices. The default is reno and what ever has been configured as default. But the policy can be changed by administrator at any time. For example, to allow any choice: cp /proc/sys/net/ipv4/tcp_available_congestion_control \ /proc/sys/net/ipv4/tcp_allowed_congestion_control Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Add tcp_available_congestion_control sysctl.Stephen Hemminger2006-12-025-0/+51
| | | | | | | | Create /proc/sys/net/ipv4/tcp_available_congestion_control that reflects currently available TCP choices. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Fix warningVlad Yasevich2006-12-022-1/+8
| | | | | | | | | | | | | | | | | | | | An alternate solution would be to make the digest a pointer, allocate it in sctp_endpoint_init() and free it in sctp_endpoint_destroy(). I guess I should have originally done it this way... CC [M] net/sctp/sm_make_chunk.o net/sctp/sm_make_chunk.c: In function 'sctp_unpack_cookie': net/sctp/sm_make_chunk.c:1358: warning: initialization discards qualifiers from pointer target type The reason is that sctp_unpack_cookie() takes a const struct sctp_endpoint and modifies the digest in it (digest being embedded in the struct, not a pointer). Make digest a pointer to fix this warning. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6] tcp: Fix typo _read_mostly --> __read_mostly.David S. Miller2006-12-021-1/+1
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: Fix typo _read_mostly --> __read_mostly.David S. Miller2006-12-021-1/+1
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Size listen hash tables using backlog hintEric Dumazet2006-12-029-25/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | We currently allocate a fixed size (TCP_SYNQ_HSIZE=512) slots hash table for each LISTEN socket, regardless of various parameters (listen backlog for example) On x86_64, this means order-1 allocations (might fail), even for 'small' sockets, expecting few connections. On the contrary, a huge server wanting a backlog of 50000 is slowed down a bit because of this fixed limit. This patch makes the sizing of listen hash table a dynamic parameter, depending of : - net.core.somaxconn tunable (default is 128) - net.ipv4.tcp_max_syn_backlog tunable (default : 256, 1024 or 128) - backlog value given by user application (2nd parameter of listen()) For large allocations (bigger than PAGE_SIZE), we use vmalloc() instead of kmalloc(). We still limit memory allocation with the two existing tunables (somaxconn & tcp_max_syn_backlog). So for standard setups, this patch actually reduce RAM usage. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PKT_SCHED]: Make sch_fifo.o available when CONFIG_NET_SCHED is not set.David Kimdon2006-12-022-1/+6
| | | | | | | | | | | | | | | Based on patch by Patrick McHardy. Add a new option, NET_SCH_FIFO, which provides a simple fifo qdisc without requiring CONFIG_NET_SCHED. The d80211 stack needs a generic fifo qdisc for WME. At present it uses net/d80211/fifo_qdisc.c which is functionally equivalent to sch_fifo.c. This patch will allow the d80211 stack to remove net/d80211/fifo_qdisc.c and use sch_fifo.c instead. Signed-off-by: David Kimdon <david.kimdon@devicescape.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET] rules: Add support to invert selectorsThomas Graf2006-12-022-7/+18
| | | | | | | | Introduces a new flag FIB_RULE_INVERT causing rules to apply if the specified selector doesn't match. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET] rules: Share common attribute validation policyThomas Graf2006-12-024-15/+10
| | | | | | | | Move the attribute policy for the non-specific attributes into net/fib_rules.h and include it in the respective protocols. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET] rules: Protocol independant mark selectorThomas Graf2006-12-026-89/+32
| | | | | | | | Move mark selector currently implemented per protocol into the protocol independant part. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4] nl_fib_lookup: Rename fl_fwmark to fl_markThomas Graf2006-12-022-2/+2
| | | | | | | For the sake of consistency. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Rethink mark field in struct flowiThomas Graf2006-12-0214-121/+26
| | | | | | | | | | | | | | | | | | Now that all protocols have been made aware of the mark field it can be moved out of the union thus simplyfing its usage. The config options in the IPv4/IPv6/DECnet subsystems to enable respectively disable mark based routing only obfuscate the code with ifdefs, the cost for the additional comparison in the flow key is insignificant, and most distributions have all these options enabled by default anyway. Therefore it makes sense to remove the config options and enable mark based routing by default. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Turn nfmark into generic markThomas Graf2006-12-0228-68/+59
| | | | | | | | | | nfmark is being used in various subsystems and has become the defacto mark field for all kinds of packets. Therefore it makes sense to rename it to `mark' and remove the dependency on CONFIG_NETFILTER. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DECNET]: Don't clear memory twice.Ralf Baechle2006-12-021-1/+0
| | | | | | | | | | When dn_neigh.c was converted from kmalloc to kzalloc in commit 0da974f4f303a6842516b764507e3c0a03f41e5a it was missed that dn_neigh_seq_open was actually clearing the allocation twice was missed. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: uninline xfrm_selector_match()Andrew Morton2006-12-022-34/+36
| | | | | | | Six callsites, huge. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [BLUETOOTH] lockdep: annotate sk_lock nesting in AF_BLUETOOTHPeter Zijlstra2006-12-023-6/+12
| | | | | | ============================================= [ INFO: possible recursive locking detected ] 2.6.18-1.2726.fc6 #1
* SELinux: Fix SA selection semanticsVenkat Yekkirala2006-12-026-93/+70
| | | | | | | | | | | | | | | | | | | | | Fix the selection of an SA for an outgoing packet to be at the same context as the originating socket/flow. This eliminates the SELinux policy's ability to use/sendto SAs with contexts other than the socket's. With this patch applied, the SELinux policy will require one or more of the following for a socket to be able to communicate with/without SAs: 1. To enable a socket to communicate without using labeled-IPSec SAs: allow socket_t unlabeled_t:association { sendto recvfrom } 2. To enable a socket to communicate with labeled-IPSec SAs: allow socket_t self:association { sendto }; allow socket_t peer_sa_t:association { recvfrom }; Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: James Morris <jmorris@namei.org>
* SELinux: Return correct context for SO_PEERSECVenkat Yekkirala2006-12-027-48/+50
| | | | | | | | | Fix SO_PEERSEC for tcp sockets to return the security context of the peer (as represented by the SA from the peer) as opposed to the SA used by the local/source socket. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: James Morris <jmorris@namei.org>
* SELinux: Various xfrm labeling fixesVenkat Yekkirala2006-12-024-41/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since the upstreaming of the mlsxfrm modification a few months back, testing has resulted in the identification of the following issues/bugs that are resolved in this patch set. 1. Fix the security context used in the IKE negotiation to be the context of the socket as opposed to the context of the SPD rule. 2. Fix SO_PEERSEC for tcp sockets to return the security context of the peer as opposed to the source. 3. Fix the selection of an SA for an outgoing packet to be at the same context as the originating socket/flow. The following would be the result of applying this patchset: - SO_PEERSEC will now correctly return the peer's context. - IKE deamons will receive the context of the source socket/flow as opposed to the SPD rule's context so that the negotiated SA will be at the same context as the source socket/flow. - The SELinux policy will require one or more of the following for a socket to be able to communicate with/without SAs: 1. To enable a socket to communicate without using labeled-IPSec SAs: allow socket_t unlabeled_t:association { sendto recvfrom } 2. To enable a socket to communicate with labeled-IPSec SAs: allow socket_t self:association { sendto }; allow socket_t peer_sa_t:association { recvfrom }; This Patch: Pass correct security context to IKE for use in negotiation Fix the security context passed to IKE for use in negotiation to be the context of the socket as opposed to the context of the SPD rule so that the SA carries the label of the originating socket/flow. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: James Morris <jmorris@namei.org>
* [BLUETOOTH] rfcomm endianness bug: param_mask is little-endian on the wireAl Viro2006-12-021-8/+8
| | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* [BLUETOOTH]: rfcomm endianness annotationsAl Viro2006-12-022-3/+3
| | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* [BLUETOOTH]: bnep endianness annotationsAl Viro2006-12-022-8/+8
| | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>