summaryrefslogtreecommitdiffstats
path: root/include/net
Commit message (Collapse)AuthorAgeFilesLines
* [TWSK]: Introduce struct timewait_sock_opsArnaldo Carvalho de Melo2006-01-034-3/+38
| | | | | | | | | | | | So that we can share several timewait sockets related functions and make the timewait mini sockets infrastructure closer to the request mini sockets one. Next changesets will take advantage of this, moving more code out of TCP and DCCP v4 and v6 to common infrastructure. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Export ipv6_opt_acceptedArnaldo Carvalho de Melo2006-01-031-0/+2
| | | | | | | It was already non-TCP specific, will be used by DCCPv6. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Introduce inet6_timewait_sockArnaldo Carvalho de Melo2006-01-032-4/+5
| | | | | | | | | | | | | Out of tcp6_timewait_sock, that now is just an aggregation of inet_timewait_sock and inet6_timewait_sock, using tw_ipv6_offset in struct inet_timewait_sock, that is common to the IPv6 transport protocols that use timewait sockets, like DCCP and TCP. tw_ipv6_offset plays the struct inet_sock pinfo6 role, i.e. for the generic code to find the IPv6 area in a timewait sock. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Generalise some functionsArnaldo Carvalho de Melo2006-01-031-1/+12
| | | | | | | | | Using sk->sk_protocol instead of IPPROTO_TCP. Will be used by DCCPv6 in the next changesets. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Avoid atomic xchg() for non-error caseBenjamin LaHaise2006-01-031-1/+4
| | | | | | | | | | | It also looks like there were 2 places where the test on sk_err was missing from the event wait logic (in sk_stream_wait_connect and sk_stream_wait_memory), while the rest of the sock_error() users look to be doing the right thing. This version of the patch fixes those, and cleans up a few places that were testing ->sk_err directly. Signed-off-by: Benjamin LaHaise <benjamin.c.lahaise@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ICSK]: Move v4_addr2sockaddr from TCP to icskArnaldo Carvalho de Melo2006-01-031-0/+2
| | | | | | | Renaming it to inet_csk_addr2sockaddr. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ICSK]: Rename struct tcp_func to struct inet_connection_sock_af_opsArnaldo Carvalho de Melo2006-01-033-50/+28
| | | | | | | | And move it to struct inet_connection_sock. DCCP will use it in the upcoming changesets. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Generalise tcp_v6_search_req & tcp_v6_synq_addArnaldo Carvalho de Melo2006-01-032-1/+32
| | | | | | | | | More work is needed tho to introduce inet6_request_sock from tcp6_request_sock, in the same layout considerations as ipv6_pinfo in inet_sock, next changeset will do that. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ICSK]: make inet_csk_reqsk_queue_hash_add timeout arg unsigned longArnaldo Carvalho de Melo2006-01-031-1/+1
| | | | | Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Generalise __tcp_v6_hash, renaming it to __inet6_hashArnaldo Carvalho de Melo2006-01-031-0/+26
| | | | | Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Reuse inet_csk_get_port in tcp_v6_get_portArnaldo Carvalho de Melo2006-01-031-1/+5
| | | | | Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Safer reassemblyHerbert Xu2006-01-032-0/+3
| | | | | | | | | | | | | | | | | Another spin of Herbert Xu's "safer ip reassembly" patch for 2.6.16. (The original patch is here: http://marc.theaimsgroup.com/?l=linux-netdev&m=112281936522415&w=2 and my only contribution is to have tested it.) This patch (optionally) does additional checks before accepting IP fragments, which can greatly reduce the possibility of reassembling fragments which originated from different IP datagrams. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Arthur Kepner <akepner@sgi.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [LSM-IPSec]: Security association restriction.Trent Jaeger2006-01-032-5/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch series implements per packet access control via the extension of the Linux Security Modules (LSM) interface by hooks in the XFRM and pfkey subsystems that leverage IPSec security associations to label packets. Extensions to the SELinux LSM are included that leverage the patch for this purpose. This patch implements the changes necessary to the XFRM subsystem, pfkey interface, ipv4/ipv6, and xfrm_user interface to restrict a socket to use only authorized security associations (or no security association) to send/receive network packets. Patch purpose: The patch is designed to enable access control per packets based on the strongly authenticated IPSec security association. Such access controls augment the existing ones based on network interface and IP address. The former are very coarse-grained, and the latter can be spoofed. By using IPSec, the system can control access to remote hosts based on cryptographic keys generated using the IPSec mechanism. This enables access control on a per-machine basis or per-application if the remote machine is running the same mechanism and trusted to enforce the access control policy. Patch design approach: The overall approach is that policy (xfrm_policy) entries set by user-level programs (e.g., setkey for ipsec-tools) are extended with a security context that is used at policy selection time in the XFRM subsystem to restrict the sockets that can send/receive packets via security associations (xfrm_states) that are built from those policies. A presentation available at www.selinux-symposium.org/2005/presentations/session2/2-3-jaeger.pdf from the SELinux symposium describes the overall approach. Patch implementation details: On output, the policy retrieved (via xfrm_policy_lookup or xfrm_sk_policy_lookup) must be authorized for the security context of the socket and the same security context is required for resultant security association (retrieved or negotiated via racoon in ipsec-tools). This is enforced in xfrm_state_find. On input, the policy retrieved must also be authorized for the socket (at __xfrm_policy_check), and the security context of the policy must also match the security association being used. The patch has virtually no impact on packets that do not use IPSec. The existing Netfilter (outgoing) and LSM rcv_skb hooks are used as before. Also, if IPSec is used without security contexts, the impact is minimal. The LSM must allow such policies to be selected for the combination of socket and remote machine, but subsequent IPSec processing proceeds as in the original case. Testing: The pfkey interface is tested using the ipsec-tools. ipsec-tools have been modified (a separate ipsec-tools patch is available for version 0.5) that supports assignment of xfrm_policy entries and security associations with security contexts via setkey and the negotiation using the security contexts via racoon. The xfrm_user interface is tested via ad hoc programs that set security contexts. These programs are also available from me, and contain programs for setting, getting, and deleting policy for testing this interface. Testing of sa functions was done by tracing kernel behavior. Signed-off-by: Trent Jaeger <tjaeger@cse.psu.edu> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6] mcast: Fix multiple issues in MLDv2 reports.David L Stevens2005-12-271-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The below "jumbo" patch fixes the following problems in MLDv2. 1) Add necessary "ntohs" to recent "pskb_may_pull" check [breaks all nonzero source queries on little-endian (!)] 2) Add locking to source filter list [resend of prior patch] 3) fix "mld_marksources()" to a) send nothing when all queried sources are excluded b) send full exclude report when source queried sources are not excluded c) don't schedule a timer when there's nothing to report NOTE: RFC 3810 specifies the source list should be saved and each source reported individually as an IS_IN. This is an obvious DOS path, requiring the host to store and then multicast as many sources as are queried (e.g., millions...). This alternative sends a full, relevant report that's limited to number of sources present on the machine. 4) fix "add_grec()" to send empty-source records when it should The original check doesn't account for a non-empty source list with all sources inactive; the new code keeps that short-circuit case, and also generates the group header with an empty list if needed. 5) fix mca_crcount decrement to be after add_grec(), which needs its original value These issues (other than item #1 ;-) ) were all found by Yan Zheng, much thanks! Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Defer IPv6 device initialization until the link becomes ready.YOSHIFUJI Hideaki2005-12-211-0/+1
| | | | | | | | NETDEV_UP might be sent even if the link attached to the interface was not ready. DAD does not make sense in such case, so we won't do so. After interface Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* [IPSEC]: Perform SA switchover immediately.David S. Miller2005-12-191-0/+1
| | | | | | | | | When we insert a new xfrm_state which potentially subsumes an existing one, make sure all cached bundles are flushed so that the new SA is used immediately. Signed-off-by: David S. Miller <davem@davemloft.net>
* [DECNET]: add memory buffer settings Steven Whitehouse2005-12-051-0/+4
| | | | | | | | The patch (originally from Steve) simply adds memory buffer settings to DECnet similar to those in TCP. Signed-off-by: Patrick Caulfield <patrick@tykepenguin.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Fix secondary IP addresses after promotionJamal Hadi Salim2005-11-221-0/+3
| | | | | | | | | | | | This patch fixes the problem with promoting aliases when: a) a single primary and > 1 secondary addresses b) multiple primary addresses each with at least one secondary address Based on earlier efforts from Brian Pomerantz <bapper@piratehaven.org>, Patrick McHardy <kaber@trash.net> and Thomas Graf <tgraf@suug.ch> Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge git://git.skbuff.net/gitroot/yoshfuji/linux-2.6.14+advapi-fix/David S. Miller2005-11-201-0/+2
|\
| * [IPV6]: Fix sending extension headers before and including routing header.YOSHIFUJI Hideaki2005-11-201-0/+2
| | | | | | | | | | | | Based on suggestion from Masahide Nakamura <nakam@linux-ipv6.org>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* | [PATCH] git-netdev-all-ieee80211_get_payload-warning-fixAndrew Morton2005-11-181-1/+1
| | | | | | | | | | | | | | | | | | include/net/ieee80211.h: In function `ieee80211_get_payload': include/net/ieee80211.h:1046: warning: control reaches end of non-void function Cc: Jeff Garzik <jgarzik@pobox.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
* | [TCP]: More spelling fixes.Stephen Hemminger2005-11-151-2/+2
| | | | | | | | | | | | | | From Joe Perches Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [LLC]: Fix typoJochen Friedrich2005-11-141-1/+1
| | | | | | | | | | | | Signed-off-by: Jochen Friedrich <jochen@scram.de> Acked-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [SCTP]: Include ulpevents in socket receive buffer accounting.Neil Horman2005-11-111-0/+16
| | | | | | | | | | | | | | | | | | | | | | Also introduces a sysctl option to configure the receive buffer accounting policy to be either at socket or association level. Default is all the associations on the same socket share the receive buffer. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [SCTP]: Fix ia64 NaT consumption fault with sctp_sideffect commands.Vladislav Yasevich2005-11-111-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | On ia64, it is possible to get NaT Consumption Fault and a kernel panic when initializing sctp sideeffect commands arguments. The union sctp_arg_t contains different sized elements and when loading a smaller sized element (32 or 16 bits), it is possible for a speculative load to fail and result in a NaT bit set which causes a kernel crash. The easy way to get around it is to load the largerst member of the union. Signed-off-by: Vladislav Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [SCTP]: Remove timeouts[] array from sctp_endpoint.Vladislav Yasevich2005-11-111-3/+0
| | | | | | | | | | | | | | | | | | | | The socket level timeout values are maintained in sctp_sock and association level timeouts are in sctp_association. So there is no need for ep->timeouts. Signed-off-by: Vladislav Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TCP]: speed up SACK processingStephen Hemminger2005-11-102-0/+15
| | | | | | | | | | | | | | | | | | Use "hints" to speed up the SACK processing. Various forms of this have been used by TCP developers (Web100, STCP, BIC) to avoid the 2x linear search of outstanding segments. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TCP]: spelling fixesStephen Hemminger2005-11-101-6/+6
| | | | | | | | | | | | | | Minor spelling fixes for TCP code. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TCP]: Appropriate Byte Count supportStephen Hemminger2005-11-101-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | This is an updated version of the RFC3465 ABC patch originally for Linux 2.6.11-rc4 by Yee-Ting Li. ABC is a way of counting bytes ack'd rather than packets when updating congestion control. The orignal ABC described in the RFC applied to a Reno style algorithm. For advanced congestion control there is little change after leaving slow start. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TCP]: add tcp_slow_start helperStephen Hemminger2005-11-101-0/+10
| | | | | | | | | | | | | | | | Move all the code that does linear TCP slowstart to one inline function to ease later patch to add ABC support. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TCP]: fix congestion window update when using TSO deferalStephen Hemminger2005-11-101-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TCP peformance with TSO over networks with delay is awful. On a 100Mbit link with 150ms delay, we get 4Mbits/sec with TSO and 50Mbits/sec without TSO. The problem is with TSO, we intentionally do not keep the maximum number of packets in flight to fill the window, we hold out to until we can send a MSS chunk. But, we also don't update the congestion window unless we have filled, as per RFC2861. This patch replaces the check for the congestion window being full with something smarter that accounts for TSO. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET]: Detect hardware rx checksum faults correctlyHerbert Xu2005-11-101-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Here is the patch that introduces the generic skb_checksum_complete which also checks for hardware RX checksum faults. If that happens, it'll call netdev_rx_csum_fault which currently prints out a stack trace with the device name. In future it can turn off RX checksum. I've converted every spot under net/ that does RX checksum checks to use skb_checksum_complete or __skb_checksum_complete with the exceptions of: * Those places where checksums are done bit by bit. These will call netdev_rx_csum_fault directly. * The following have not been completely checked/converted: ipmr ip_vs netfilter dccp This patch is based on patches and suggestions from Stephen Hemminger and David S. Miller. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETLINK]: Generic netlink familyThomas Graf2005-11-101-0/+154
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The generic netlink family builds on top of netlink and provides simplifies access for the less demanding netlink users. It solves the problem of protocol numbers running out by introducing a so called controller taking care of id management and name resolving. Generic netlink modules register themself after filling out their id card (struct genl_family), after successful registration the modules are able to register callbacks to command numbers by filling out a struct genl_ops and calling genl_register_op(). The registered callbacks are invoked with attributes parsed making life of simple modules a lot easier. Although generic netlink modules can request static identifiers, it is recommended to use GENL_ID_GENERATE and to let the controller assign a unique identifier to the module. Userspace applications will then ask the controller and lookup the idenfier by the module name. Due to the current multicast implementation of netlink, the number of generic netlink modules is restricted to 1024 to avoid wasting memory for the per socket multiacst subscription bitmask. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETLINK]: Generic netlink receive queue processorThomas Graf2005-11-101-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | Introduces netlink_run_queue() to handle the receive queue of a netlink socket in a generic way. Processes as much as there was in the queue upon entry and invokes a callback function for each netlink message found. The callback function may refuse a message by returning a negative error code but setting the error pointer to 0 in which case netlink_run_queue() will return with a qlen != 0. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETLINK]: Type-safe netlink messages/attributes interfaceThomas Graf2005-11-101-0/+877
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduces a new type-safe interface for netlink message and attributes handling. The interface is fully binary compatible with the old interface towards userspace. Besides type safety, this interface features attribute validation capabilities, simplified message contstruction, and documentation. The resulting netlink code should be smaller, less error prone and easier to understand. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: Add nf_conntrack subsystem.Yasuyuki Kozakai2005-11-0910-0/+1058
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The existing connection tracking subsystem in netfilter can only handle ipv4. There were basically two choices present to add connection tracking support for ipv6. We could either duplicate all of the ipv4 connection tracking code into an ipv6 counterpart, or (the choice taken by these patches) we could design a generic layer that could handle both ipv4 and ipv6 and thus requiring only one sub-protocol (TCP, UDP, etc.) connection tracking helper module to be written. In fact nf_conntrack is capable of working with any layer 3 protocol. The existing ipv4 specific conntrack code could also not deal with the pecularities of doing connection tracking on ipv6, which is also cured here. For example, these issues include: 1) ICMPv6 handling, which is used for neighbour discovery in ipv6 thus some messages such as these should not participate in connection tracking since effectively they are like ARP messages 2) fragmentation must be handled differently in ipv6, because the simplistic "defrag, connection track and NAT, refrag" (which the existing ipv4 connection tracking does) approach simply isn't feasible in ipv6 3) ipv6 extension header parsing must occur at the correct spots before and after connection tracking decisions, and there were no provisions for this in the existing connection tracking design 4) ipv6 has no need for stateful NAT The ipv4 specific conntrack layer is kept around, until all of the ipv4 specific conntrack helpers are ported over to nf_conntrack and it is feature complete. Once that occurs, the old conntrack stuff will get placed into the feature-removal-schedule and we will fully kill it off 6 months later. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* | Merge branch 'upstream-linus' of ↵Linus Torvalds2005-11-092-1/+2
|\ \ | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
| * | ieee80211: cleanup crypto list handling, other minor cleanups.Christoph Hellwig2005-11-091-0/+1
| | |
| * | Merge rsync://bughost.org/repos/ieee80211-delta/Jeff Garzik2005-11-091-1/+1
| |\ \
| | * | Update version ieee80211 stamp to 1.1.7James Ketrenos2005-11-071-1/+1
| | | |
* | | | [Bluetooth]: Remove the usage of /proc completelyMarcel Holtmann2005-11-083-11/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes all relics of the /proc usage from the Bluetooth subsystem core and its upper layers. All the previous information are now available via /sys/class/bluetooth through appropriate functions. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [Bluetooth]: Add endian annotations to the coreMarcel Holtmann2005-11-082-59/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds the endian annotations to the Bluetooth core. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [NET]: sk_add_backlog convert from macro to inlineStephen Hemminger2005-11-081-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no reason for sk_add_backlog to be a macro. It can just be an inline function and get type checking. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [IPV6]: Make ipv6_addr_type() more generic so that we can use it for source ↵YOSHIFUJI Hideaki2005-11-081-3/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | address selection. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [IPV6]: Put addr_diff() into common header for future use.YOSHIFUJI Hideaki2005-11-081-0/+48
|/ / / | | | | | | | | | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | Merge branch 'red' of 84.73.165.173:/home/tgr/repos/net-2.6Arnaldo Carvalho de Melo2005-11-052-4/+349
|\ \ \
| * | | [NET]: Introduce INET_ECN_set_ce() functionThomas Graf2005-11-051-4/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes IP_ECN_set_ce() and IP6_ECN_set_ce() to return 0 if the CE bits could not bet set because none of the ECT bits are set or 1 if the CE bits are already set or have been successfully set. Introduces INET_ECN_set_ce(skb) to enable CE bits for all supported protocols. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
| * | | [PKT_SCHED]: Generic RED layerThomas Graf2005-11-051-0/+325
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Extracts the RED algorithm from sch_red.c and puts it into include/net/red.h for use by other RED based modules. The statistics are extended to be more fine grained in order to differ between probability/forced marks/drops. We now reset the average queue length when setting new parameters, leaving it might result in an unreasonable qavg for a while depending on the value of W. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* / / [TCP/DCCP]: Randomize port selectionStephen Hemminger2005-11-051-2/+0
|/ / | | | | | | | | | | | | | | | | This patch randomizes the port selected on bind() for connections to help with possible security attacks. It should also be faster in most cases because there is no need for a global lock. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* | Merge branch 'upstream-linus' of ↵Linus Torvalds2005-10-292-4/+2
|\ \ | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6