summaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAgeFilesLines
* [NET]: Set truesize in pskb_copyHerbert Xu2006-11-071-0/+1
| | | | | | | | Since pskb_copy tacks on the non-linear bits from the original skb, it needs to count them in the truesize field of the new skb. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETPOLL]: Compute checksum properly in netpoll_send_udp().Chris Lalancette2006-11-071-0/+6
| | | | | Signed-off-by: Chris Lalancette <clalance@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PKT_SCHED] sch_htb: Use hlist_del_init().Stephen Hemminger2006-11-071-4/+2
| | | | | | | | Otherwise we can hit paths that (legally) do multiple deletes on the same node and OOPS with the HLIST poison values there instead of NULL. Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Don't use highmem in tcp hash size calculation.John Heffner2006-11-071-2/+2
| | | | | | | | | This patch removes consideration of high memory when determining TCP hash table sizes. Taking into account high memory results in tcp_mem values that are too large. Signed-off-by: John Heffner <jheffner@psc.edu> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'upstream-linus' of ↵Linus Torvalds2006-11-061-6/+6
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6 * 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6: [PATCH] Kconfig: remove redundant NETDEVICES depends [PATCH] ehea: 64K page support fix [PATCH] ehea: Removed redundant define [PATCH] ehea: Nullpointer dereferencation fix [PATCH] bcm43xx: fix unexpected LED control values in BCM4303 sprom [PATCH] bcm43xx: Fix low-traffic netdev watchdog TX timeouts [PATCH] hostap_plx: fix CIS verification [PATCH] ieee80211: don't flood log with errors
| * Merge branch 'upstream-fixes' of ↵Jeff Garzik2006-11-061-6/+6
| |\ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream-fixes
| | * [PATCH] ieee80211: don't flood log with errorsJiri Benc2006-10-311-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "ieee80211: Workaround malformed 802.11 frames from AP" patch (see http://kernel.org/git/?p=linux/kernel/git/linville/wireless-2.6.git;a=commit;h=f09fc44d8c25f22c4d985bb93857338ed02feac6 ) fixes the problem with some buggy APs but also converts debug message into an error one. This floods the log with errors when you are near such AP (you get a message for every beacon). This patch reverts the error message back to the debug one. Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | [PATCH] sunrpc: add missing spin_unlockAkinobu Mita2006-11-061-0/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | auth_domain_put() forgot to unlock acquired spinlock. Cc: Olaf Kirch <okir@monad.swb.de> Cc: Andy Adamson <andros@citi.umich.edu> Cc: J. Bruce Fields <bfields@citi.umich.edu> Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Cc: Neil Brown <neilb@suse.de> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* | [NETLABEL]: Fix build failure.Paul Moore2006-11-052-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | > the build with the attached .config failed, make ends with: > ... > : undefined reference to `cipso_v4_sock_getattr' > net/built-in.o: In function `netlbl_socket_getattr': ... It looks like I was stupid and made NetLabel depend on CONFIG_NET and not CONFIG_INET, the patch below should fix this by making NetLabel depend on CONFIG_INET and CONFIG_SECURITY. Please review and apply for 2.6.19. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6]: Give sit driver an appropriate module alias.Patrick McHardy2006-11-051-0/+1
| | | | | | | | | | | | | | | | | | | | It would be nice to keep things working even with this built as a module, it took me some time to realize my IPv6 tunnel was broken because of the missing sit module. This module alias fixes things until distributions have added an appropriate alias to modprobe.conf. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6]: Add ndisc_netdev_notifier unregister.Dmitry Mishin2006-11-051-0/+1
| | | | | | | | | | | | | | | | | | If inet6_init() fails later than ndisc_init() call, or IPv6 module is unloaded, ndisc_netdev_notifier call remains in the list and will follows in oops later. Signed-off-by: Dmitry Mishin <dim@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET]: __alloc_pages() failures reported due to fragmentationLarry Woodman2006-11-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | We have seen a couple of __alloc_pages() failures due to fragmentation, there is plenty of free memory but no large order pages available. I think the problem is in sock_alloc_send_pskb(), the gfp_mask includes __GFP_REPEAT but its never used/passed to the page allocator. Shouldnt the gfp_mask be passed to alloc_skb() ? Signed-off-by: Larry Woodman <lwoodman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [PKTGEN]: TCI endianness fixesAl Viro2006-11-051-12/+18
| | | | | | | | | | | | | | open-coded variant there works only for little-endian Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER] bug: skb->protocol is already net-endianAl Viro2006-11-052-2/+2
| | | | | | | | | | | | | | | | htons() is not needed (and no, it's not misspelled ntohs() - userland expects net-endian here). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER] bug: nfulnl_msg_config_mode ->copy_range is 32bitAl Viro2006-11-051-1/+1
| | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER] bug: NFULA_CFG_QTHRESH uses 32bitAl Viro2006-11-051-2/+2
| | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPX]: Annotate and fix IPX checksumAl Viro2006-11-052-14/+21
| | | | | | | | | | | | | | | | | | | | | | | | Calculation of IPX checksum got buggered about 2.4.0. The old variant mangled the packet; that got fixed, but calculation itself got buggered. Restored the correct logics, fixed a subtle breakage we used to have even back then: if the sum is 0 mod 0xffff, we want to return 0, not 0xffff. The latter has special meaning for IPX (cheksum disabled). Observation (and obvious fix) nicked from history of FreeBSD ipx_cksum.c... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPX]: Trivial parts of endianness annotationsAl Viro2006-11-053-38/+38
| | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: silence a warning in ebtablesMeelis Roos2006-11-011-1/+1
| | | | | | | | | | | | | | | | | | | | net/bridge/netfilter/ebtables.c: In function 'ebt_dev_check': net/bridge/netfilter/ebtables.c:89: warning: initialization discards qualifiers from pointer target type So make the char* a const char * and the warning is gone. Signed-off-by: Meelis Roos <mroos@linux.ee> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6]: File the fingerprints off ah6->spi/esp6->spiAl Viro2006-11-011-2/+2
| | | | | | | | | | | | | | | | | | In theory these are opaque 32bit values. However, we end up allocating them sequentially in host-endian and stick unchanged on the wire. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TCP]: Set default congestion control when no sysctl.Stephen Hemminger2006-11-012-7/+8
| | | | | | | | | | | | | | | | | | The setting of the default congestion control was buried in the sysctl code so it would not be done properly if SYSCTL was not enabled. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TIPC] net/tipc/port.c: fix NULL dereferenceAdrian Bunk2006-11-011-2/+3
| | | | | | | | | | | | | | | | | | The correct order is: NULL check before dereference Spotted by the Coverity checker. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [PATCH] skge, sky2, et all. gplv2 onlyStephen Hemminger2006-10-311-1/+1
|/ | | | | | | | | I don't want my code to downgraded to GPLv3 because of cut-n-pasted the comments. These files which I hold copyright on were started before it was clear what GPLv3 was going to be. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
* [IPV6]: fix flowlabel seqfile handlingJames Morris2006-10-311-12/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | There's a bug in the seqfile show operation for flowlabel objects, where each hash chain is traversed cumulatively for each element. The following function is called for each element of each chain: static void ip6fl_fl_seq_show(struct seq_file *seq, struct ip6_flowlabel *fl) { while(fl) { seq_printf... fl = fl->next; } } Thus, objects can appear mutliple times when reading /proc/net/ip6_flowlabel, as the above is called for each element in the chain. The solution is to remove the while() loop from the above, and traverse each chain exactly once, per the patch below. This also removes the ip6fl_fl_seq_show() function, which does nothing else. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: return EINVAL for invalid address with flowlabel lease requestJames Morris2006-10-301-1/+3
| | | | | | | | | | | Currently, when an application requests a lease for a flowlabel via the IPV6_FLOWLABEL_MGR socket option, no error is returned if an invalid type of destination address is supplied as part of the request, leading to a silent failure. This patch ensures that EINVAL is returned to the application in this case. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Remove temporary associations from backlog and hash.Vlad Yasevich2006-10-303-4/+24
| | | | | | | | | | | | | Every time SCTP creates a temporary association, the stack hashes it, puts it on a list of endpoint associations and increments the backlog. However, the lifetime of a temporary association is the processing time of a current packet and it's destroyed after that. In fact, we don't really want anyone else finding this association. There is no reason to do this extra work. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Correctly set IP id for SCTP trafficVlad Yasevich2006-10-302-1/+10
| | | | | | | | | | Make SCTP 1-1 style and peeled-off associations behave like TCP when setting IP id. In both cases, we set the inet_sk(sk)->daddr and initialize inet_sk(sk)->id to a random value. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NetLabel]: protect the CIPSOv4 socket option from setsockopt()Paul Moore2006-10-302-5/+4
| | | | | | | | | | | | | | | | This patch makes two changes to protect applications from either removing or tampering with the CIPSOv4 IP option on a socket. The first is the requirement that applications have the CAP_NET_RAW capability to set an IPOPT_CIPSO option on a socket; this prevents untrusted applications from setting their own CIPSOv4 security attributes on the packets they send. The second change is to SELinux and it prevents applications from setting any IPv4 options when there is an IPOPT_CIPSO option already present on the socket; this prevents applications from removing CIPSOv4 security attributes from the packets they send. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: ip_tables: compat code module refcounting fixDmitry Mishin2006-10-301-25/+11
| | | | | | | | | | | | | | This patch fixes bug in iptables modules refcounting on compat error way. As we are getting modules in check_compat_entry_size_and_hooks(), in case of later error, we should put them all in translate_compat_table(), not in the compat_copy_entry_from_user() or compat_copy_match_from_user(), as it is now. Signed-off-by: Dmitry Mishin <dim@openvz.org> Acked-by: Vasily Averin <vvs@openvz.org> Acked-by: Kirill Korotaev <dev@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_conntrack: add missing unlock in get_next_corpse()Martin Josefsson2006-10-301-1/+2
| | | | | | | | | | | | Add missing unlock in get_next_corpse() in nf_conntrack. It was missed during the removal of listhelp.h . Also remove an unneeded use of nf_ct_tuplehash_to_ctrack() in the same function. Should be applied before 2.6.19 is released. Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: ip_tables: compat error way cleanupVasily Averin2006-10-301-0/+1
| | | | | | | | | | | | This patch adds forgotten compat_flush_offset() call to error way of translate_compat_table(). May lead to table corruption on the next compat_do_replace(). Signed-off-by: Vasily Averin <vvs@openvz.org> Acked-by: Dmitry Mishin <dim@openvz.org> Acked-by: Kirill Korotaev <dev@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Missed and reordered checks in {arp,ip,ip6}_tablesDmitry Mishin2006-10-303-25/+54
| | | | | | | | | | | | | | | | | | | | | | | | There is a number of issues in parsing user-provided table in translate_table(). Malicious user with CAP_NET_ADMIN may crash system by passing special-crafted table to the *_tables. The first issue is that mark_source_chains() function is called before entry content checks. In case of standard target, mark_source_chains() function uses t->verdict field in order to determine new position. But the check, that this field leads no further, than the table end, is in check_entry(), which is called later, than mark_source_chains(). The second issue, that there is no check that target_offset points inside entry. If so, *_ITERATE_MATCH macro will follow further, than the entry ends. As a result, we'll have oops or memory disclosure. And the third issue, that there is no check that the target is completely inside entry. Results are the same, as in previous issue. Signed-off-by: Dmitry Mishin <dim@openvz.org> Acked-by: Kirill Korotaev <dev@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: remove masq/NAT from ip6tables Kconfig helpPatrick McHardy2006-10-301-1/+1
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: fix lockup via /proc/net/ip6_flowlabelJames Morris2006-10-301-0/+2
| | | | | | | | | | | | | | | | There's a bug in the seqfile handling for /proc/net/ip6_flowlabel, where, after finding a flowlabel, the code will loop forever not finding any further flowlabels, first traversing the rest of the hash bucket then just looping. This patch fixes the problem by breaking after the hash bucket has been traversed. Note that this bug can cause lockups and oopses, and is trivially invoked by an unpriveleged user. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: fix uaccess handlingHeiko Carstens2006-10-303-14/+25
| | | | | Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Always linearise packet on inputHerbert Xu2006-10-301-0/+3
| | | | | | | | | | | | | | | | | | | I was looking at a RHEL5 bug report involving Xen and SCTP (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212550). It turns out that SCTP wasn't written to handle skb fragments at all. The absence of any calls to skb_may_pull is testament to that. It just so happens that Xen creates fragmented packets more often than other scenarios (header & data split when going from domU to dom0). That's what caused this bug to show up. Until someone has the time sits down and audits the entire net/sctp directory, here is a conservative and safe solution that simply linearises all packets on input. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: fix printk format warningsRandy Dunlap2006-10-301-8/+10
| | | | | | | | | | | | | | Fix printk format warnings: build2.out:net/dccp/ccids/ccid2.c:355: warning: long long unsigned int format, u64 arg (arg 3) build2.out:net/dccp/ccids/ccid2.c:360: warning: long long unsigned int format, u64 arg (arg 3) build2.out:net/dccp/ccids/ccid2.c:482: warning: long long unsigned int format, u64 arg (arg 5) build2.out:net/dccp/ccids/ccid2.c:639: warning: long long unsigned int format, u64 arg (arg 3) build2.out:net/dccp/ccids/ccid2.c:639: warning: long long unsigned int format, u64 arg (arg 4) build2.out:net/dccp/ccids/ccid2.c:674: warning: long long unsigned int format, u64 arg (arg 3) build2.out:net/dccp/ccids/ccid2.c:720: warning: long long unsigned int format, u64 arg (arg 3) Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Fix segmentation of linear packetsHerbert Xu2006-10-301-5/+4
| | | | | | | | | | | | | | | | skb_segment fails to segment linear packets correctly because it tries to write all linear parts of the original skb into each segment. This will always panic as each segment only contains enough space for one MSS. This was not detected earlier because linear packets should be rare for GSO. In fact it still remains to be seen what exactly created the linear packets that triggered this bug. Basically the only time this should happen is if someone enables GSO emulation on an interface that does not support SG. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM] xfrm_user: Fix unaligned accesses.David S. Miller2006-10-301-2/+2
| | | | | | | | | Use memcpy() to move xfrm_address_t objects in and out of netlink messages. The vast majority of xfrm_user was doing this properly, except for copy_from_user_state() and copy_to_user_state(). Signed-off-by: David S. Miller <davem@davemloft.net>
* [APPLETALK]: Fix potential OOPS in atalk_sendmsg().David S. Miller2006-10-301-2/+0
| | | | | | | atrtr_find() can return NULL, so do not blindly dereference rt->dev before we check for rt being NULL. Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] fix "sunrpc: fix refcounting problems in rpc servers"Andrew Morton2006-10-301-2/+3
| | | | | | | | | | | - printk should remain dprintk - fix coding-style. Cc: Neil Brown <neilb@suse.de> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] sunrpc: fix refcounting problems in rpc serversNeil Brown2006-10-302-19/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | A recent patch fixed a problem which would occur when the refcount on an auth_domain reached zero. This problem has not been reported in practice despite existing in two major kernel releases because the refcount can never reach zero. This patch fixes the problems that stop the refcount reaching zero. 1/ We were adding to the refcount when inserting in the hash table, but only removing from the hashtable when the refcount reached zero. Obviously it never would. So don't count the implied reference of being in the hash table. 2/ There are two paths on which a socket can be destroyed. One called svcauth_unix_info_release(). The other didn't. So when the other was taken, we can lose a reference to an ip_map which in-turn holds a reference to an auth_domain So unify the exit paths into svc_sock_put. This highlights the fact that svc_delete_socket has slightly odd semantics - it does not drop a reference but probably should. Fixing this need a bit more thought and testing. Signed-off-by: Neil Brown <neilb@suse.de> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [BRIDGE]: correct print message typoRandy Dunlap2006-10-251-1/+1
| | | | | | | Correct message typo/spello. Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP] H-TCP: fix integer overflowGavin McCullagh2006-10-251-1/+1
| | | | | | | | | When using H-TCP with a single flow on a 500Mbit connection (or less actually), alpha can exceed 65000, so alpha needs to be a u32. Signed-off-by: Gavin McCullagh <gavin.mccullagh@nuim.ie> Signed-off-by: Doug Leith <doug.leith@nuim.ie> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP] cubic: scaling errorStephen Hemminger2006-10-251-3/+3
| | | | | | | | | | | | | | | | | | | | Doug Leith observed a discrepancy between the version of CUBIC described in the papers and the version in 2.6.18. A math error related to scaling causes Cubic to grow too slowly. Patch is from "Sangtae Ha" <sha2@ncsu.edu>. I validated that it does fix the problems. See the following to show behavior over 500ms 100 Mbit link. Sender (2.6.19-rc3) --- Bridge (2.6.18-rt7) ------- Receiver (2.6.19-rc3) 1G [netem] 100M http://developer.osdl.org/shemminger/tcp/2.6.19-rc3/cubic-orig.png http://developer.osdl.org/shemminger/tcp/2.6.19-rc3/cubic-fix.png Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds2006-10-251-0/+2
|\ | | | | | | | | * master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6: [CRYPTO] users: Select ECB/CBC where needed
| * [CRYPTO] users: Select ECB/CBC where neededPatrick McHardy2006-10-251-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRYPTO_MANAGER is selected automatically by CONFIG_ECB and CONFIG_CBC. config CRYPTO_ECB tristate "ECB support" select CRYPTO_BLKCIPHER select CRYPTO_MANAGER I've added CONFIG_ECB to the ones you mentioned and CONFIG_CBC to gssapi. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | [DCCP]: Update documentation references.Gerrit Renker2006-10-2411-30/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updates the references to spec documents throughout the code, taking into account that * the DCCP, CCID 2, and CCID 3 drafts all became RFCs in March this year * RFC 1063 was obsoleted by RFC 1191 * draft-ietf-tcpimpl-pmtud-0x.txt was published as an Informational RFC, RFC 2923 on 2000-09-22. All references verified. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: Fix ip6_tables extension header bypass bugPatrick McHardy2006-10-245-8/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As reported by Mark Dowd <Mark_Dowd@McAfee.com>, ip6_tables is susceptible to a fragmentation attack causing false negatives on extension header matches. When extension headers occur in the non-first fragment after the fragment header (possibly with an incorrect nexthdr value in the fragment header) a rule looking for this extension header will never match. Drop fragments that are at offset 0 and don't contain the final protocol header regardless of the ruleset, since this should not happen normally. Since all extension headers are before the protocol header this makes sure an extension header is either not present or in the first fragment, where we can properly parse it. With help from Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: Fix ip6_tables protocol bypass bugPatrick McHardy2006-10-241-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As reported by Mark Dowd <Mark_Dowd@McAfee.com>, ip6_tables is susceptible to a fragmentation attack causing false negatives on protocol matches. When the protocol header doesn't follow the fragment header immediately, the fragment header contains the protocol number of the next extension header. When the extension header and the protocol header are sent in a second fragment a rule like "ip6tables .. -p udp -j DROP" will never match. Drop fragments that are at offset 0 and don't contain the final protocol header regardless of the ruleset, since this should not happen normally. With help from Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>