Commit Graph

235486 Commits

Author SHA1 Message Date
Steffen Klassert 97e15c3a85 xfrm: Support anti-replay window size bigger than 32 packets
As it is, the anti-replay bitmap in struct xfrm_replay_state can
only accomodate 32 packets. Even though it is possible to configure
anti-replay window sizes up to 255 packets from userspace. So we
reject any packet with a sequence number within the configured window
but outside the bitmap. With this patch, we represent the anti-replay
window as a bitmap of variable length that can be accessed via the
new struct xfrm_replay_state_esn. Thus, we have no limit on the
window size anymore. To use the new anti-replay window implementantion,
new userspace tools are required. We leave the old implementation
untouched to stay in sync with old userspace tools.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-13 20:22:30 -07:00
Steffen Klassert 9fdc4883d9 xfrm: Move IPsec replay detection functions to a separate file
To support multiple versions of replay detection, we move the replay
detection functions to a separate file and make them accessible
via function pointers contained in the struct xfrm_replay.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-13 20:22:30 -07:00
Steffen Klassert d212a4c290 esp6: Add support for IPsec extended sequence numbers
This patch adds IPsec extended sequence numbers support to esp6.
We use the authencesn crypto algorithm to handle esp with separate
encryption/authentication algorithms.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-13 20:22:29 -07:00
Steffen Klassert 0dc49e9b28 esp4: Add support for IPsec extended sequence numbers
This patch adds IPsec extended sequence numbers support to esp4.
We use the authencesn crypto algorithm to handle esp with separate
encryption/authentication algorithms.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-13 20:22:29 -07:00
Steffen Klassert 1ce3644ade xfrm: Use separate low and high order bits of the sequence numbers in xfrm_skb_cb
To support IPsec extended sequence numbers, we split the
output sequence numbers of xfrm_skb_cb in low and high order 32 bits
and we add the high order 32 bits to the input sequence numbers.
All users are updated accordingly.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-13 20:22:28 -07:00
Steffen Klassert 9736acf395 xfrm: Add basic infrastructure to support IPsec extended sequence numbers
This patch adds the struct xfrm_replay_state_esn which will be
used to support IPsec extended sequence numbers and anti replay windows
bigger than 32 packets. Also we add a function that returns the actual
size of the xfrm_replay_state_esn, a xfrm netlink atribute and a xfrm state
flag for the use of extended sequence numbers.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-13 20:22:28 -07:00
Steffen Klassert a5079d084f crypto: authencesn - Add algorithm to handle IPsec extended sequence numbers
ESP with separate encryption/authentication algorithms needs a special
treatment for the associated data. This patch add a new algorithm that
handles esp with extended sequence numbers.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-13 20:22:27 -07:00
David S. Miller 27b61ae2d7 Merge branch 'tipc-Mar13-2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/net-next-2.6 2011-03-13 18:49:11 -07:00
Hiroaki SHIMODA 46af31800b ipv4: Fix PMTU update.
On current net-next-2.6, when Linux receives ICMP Type: 3, Code: 4
(Destination unreachable (Fragmentation needed)),

  icmp_unreach
    -> ip_rt_frag_needed
         (peer->pmtu_expires is set here)
    -> tcp_v4_err
         -> do_pmtu_discovery
              -> ip_rt_update_pmtu
                   (peer->pmtu_expires is already set,
                    so check_peer_pmtu is skipped.)
                   -> check_peer_pmtu

check_peer_pmtu is skipped and MTU is not updated.

To fix this, let check_peer_pmtu execute unconditionally.
And some minor fixes
1) Avoid potential peer->pmtu_expires set to be zero.
2) In check_peer_pmtu, argument of time_before is reversed.
3) check_peer_pmtu expects peer->pmtu_orig is initialized as zero,
   but not initialized.

Signed-off-by: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-13 18:37:49 -07:00
Allan Stephens 633d2bdedc tipc: Update maintenance information
Updates TIPC maintenance information to reflect changes that have
taken place during TIPC 2.0 development, including:

- removal of directories that have been deleted
- removal of websites that have been decommisioned
- removal of sidestream SCM repositories that are no longer used
- addition of netdev as appropriate list for kernel code.

Grateful acknowledgement is given to Joe Perches <joe@perches.com>,
who reported the stale file entry that triggered the update.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:19 -04:00
Allan Stephens 390bce4237 tipc: Eliminate obsolete routine for handling routed messages
Eliminates a routine that is used in handling messages arriving from
another cluster or zone. Such messages can no longer be received by TIPC
now that multi-cluster and multi-zone network support has been eliminated.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:19 -04:00
Allan Stephens 7945c1fb02 tipc: Eliminate remaining support for routing table messages
Gets rid of all remaining code relating to ROUTE_DISTRIBUTOR messages.
These messages were only used in multi-cluster and multi-zone networks,
which TIPC no longer supports. (For safety, TIPC now treats such messages
the same way that it handles other unrecognized messages.)

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:19 -04:00
Allan Stephens 50d492321a tipc: Remove bearer flag indicating existence of broadcast address
Eliminates the flag in the TIPC bearer structure that indicates if
the bearer supports broadcasting, since the flag is always set to 1
and serves no useful purpose.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:19 -04:00
Allan Stephens f9107ebe7d tipc: Don't respond to neighbor discovery request on blocked bearer
Adds a check to prevent TIPC from trying to respond to an incoming
LINK_CONFIG request message if the associated bearer is currently
prohibited from sending messages.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:19 -04:00
Allan Stephens d901a42b27 tipc: Eliminate unnecessary constant for neighbor discovery msg size
Eliminates an unnecessary constant that defines the size of a LINK_CONFIG
message, and uses one of the existing standard message size symbols in
its place. (The defunct constant was located in the wrong place anyway,
since it was grouped with other constants that define message users instead
of message sizes.)

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:18 -04:00
Allan Stephens a2b58de2e3 tipc: Remove unused field in bearer structure
Eliminates a field in TIPC's bearer objects that is set, but never
referenced.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:18 -04:00
Allan Stephens 50d3e6399a tipc: Correct misnamed references to neighbor discovery domain
Renames items that are improperly labelled as "network scope" items
(which are represented by simple integer values) rather than "network
domain" items (which are represented by <Z.C.N>-type network addresses).
This change is purely cosmetic, and does not affect the operation of TIPC.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:18 -04:00
Allan Stephens 37b9c08a88 tipc: Optimizations to link creation code
Enhances link creation code as follows:

1) Detects illegal attempts to add a requested link earlier in the
   link creation process. This prevents TIPC from wasting time
   initializing a link object it then throws away, and also eliminates
   the code needed to do the throwing away.

2) Passes in the node object associated with the requested link.
   This allows TIPC to eliminate a search to locate the node object,
   as well as code that attempted to create the node if it doesn't
   exist.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:18 -04:00
Allan Stephens fa2bae2d5b tipc: Give Tx of discovery responses priority over link messages
Delay releasing the node lock when processing a neighbor discovery
message until after the optional discovery response message has been
sent. This helps ensure that any link protocol messages sent by a
link endpoint created as a result of a neighbor discovery request
are received after the discovery response is received, thereby
giving the receiving node a chance to create a peer link endpoint to
consume those link protocol messages, if one does not already exist.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:18 -04:00
Allan Stephens a728750e4f tipc: Cosmetic changes to neighbor discovery logic
Reworks the appearance of the routine that processes incoming
LINK_CONFIG messages to keep the main logic flow at a consistent level
of indentation, and to add comments outlining the various phases involved
in processing each message. This rework is being done to allow upcoming
enhancements to this routine to be integrated more cleanly.

The diff isn't really readable, so know that it was a case of the
old code being like:

	tipc_disc_recv_msg(..)
	{
		if (in_own_cluster(orig)) {
			...
			lines and lines of stuff
			...
		}
	}

which is now replaced with the more sane:

	tipc_disc_recv_msg(..)
	{
		if (!in_own_cluster(orig))
			return;
		...
		lines and lines of stuff
		...
	}

Instances of spin locking within the reindented block were replaced with
the identical tipc_node_[un]lock() abstractions.  Note that all these
changes are cosmetic in nature, and do not change the way LINK_CONFIG
messages are processed.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:18 -04:00
Allan Stephens 75f0aa4990 tipc: Fix redundant link field handling in link protocol message
Ensures that the "redundant link exists" field of the LINK_PROTOCOL
messages sent by a link endpoint is set if and only if the sending
node has at least one other working link to the peer node. Previously,
the bit was set only if there were at least 2 working links to the peer
node, meaning the bit was incorrectly left unset in messages sent by a
non-working link endpoint when exactly one alternate working link was
available. The revised code now takes the state of the link sending
the message into account when deciding if an alternate link exists.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:18 -04:00
Allan Stephens 77f167fcce tipc: make msg_set_redundant_link() consistent with other set ops
All the other boolean like msg_set_X(m) operations don't
export both a msg_set_X(a) and a msg_clear_X(m), but instead
just have the single msg_set_X(m, val) variant.

Make the redundant_link one consistent by having the set take
a value, and delete the msg_clear_redundant_link() anomoly.
This is a cosmetic change and should not change behaviour.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:17 -04:00
Paul Gortmaker 8f19afb2db tipc: cosmetic - function names are not to be full sentences
Function names like "tipc_node_has_redundant_links" are unweildy
and result in long lines even for simple lines.  The "has" doesn't
contribute any value add, so dropping that is a slight step in the
right direction.   This is a cosmetic change, basic result of:

for i in `grep -l tipc_node_has_ *` ; do sed -i s/tipc_node_has_/tipc_node_/ $i ; done

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:17 -04:00
Allan Stephens e7b3acb6a8 tipc: Eliminate timestamp from link protocol messages
Removes support for the timestamp field of TIPC's link protocol messages.

This field was previously used to hold an OS-dependent timestamp value
that was used to assist in debugging early versions of TIPC. The field
has now been deemed unnecessary and has been removed from the latest TIPC
specification. This change has no impact on the operation of TIPC since
the field was set by TIPC, but never referenced.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:17 -04:00
Allan Stephens 34e46258cb tipc: manually inline net_start/stop, make assoc. vars static
Relocates network-related variables into the subsystem files where
they are now primarily used (following the recent rework of TIPC's
node table), and converts globals into locals where possible. Changes
the initialization of tipc_num_links from run-time to compile-time,
and eliminates the net_start routine that becomes empty as a result.
Also eliminates the corresponding net_stop routine by moving its
(trivial) content into the one location that called the routine.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:17 -04:00
Allan Stephens 672d99e19a tipc: Convert node object array to a hash table
Replaces the dynamically allocated array of pointers to the cluster's
node objects with a static hash table. Hash collisions are resolved
using chaining, with a typical hash chain having only a single node,
to avoid degrading performance during processing of incoming packets.
The conversion to a hash table reduces the memory requirements for
TIPC's node table to approximately the same size it had prior to
the previous commit.

In addition to the hash table itself, TIPC now also maintains a
linked list for the node objects, sorted by ascending network address.
This list allows TIPC to continue sending responses to user space
applications that request node and link information in sorted order.
The list also improves performance when name table update messages are
sent by making it easier to identify the nodes that must be notified.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:17 -04:00
Allan Stephens f831c963b5 tipc: Eliminate configuration for maximum number of cluster nodes
Gets rid of the need for users to specify the maximum number of
cluster nodes supported by TIPC. TIPC now automatically provides
support for all 4K nodes allowed by its addressing scheme.

Note: This change sets TIPC's memory usage to the amount used by
a maximum size node table with 4K entries.  An upcoming patch that
converts the node table from a linear array to a hash table will
compact the node table to a more efficient design, but for clarity
it is nice to have all the Kconfig infrastruture go away separately.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:17 -04:00
Allan Stephens d1bcb11544 tipc: Split up unified structure of network-related variables
Converts the fields of the global "tipc_net" structure into individual
variables.  Since the struct was never referenced as a complete unit,
its existence was pointless.  This will facilitate upcoming changes to
TIPC's node table and simpify upcoming relocation of the variables so
they are only visible to the files that actually use them.

This change is essentially cosmetic in nature, and doesn't affect the
operation of TIPC.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:17 -04:00
Allan Stephens 9df3b7eb6e tipc: Fix problem with missing link in "tipc-config -l" output
Removes a race condition that could cause TIPC's internal counter
of the number of links it has to neighboring nodes to have the
incorrect value if two independent threads of control simultaneously
create new link endpoints connecting to two different nodes using two
different bearers. Such under counting would result in TIPC failing to
list the final link(s) in its response to a configuration request to
list all of the node's links. The counter is now updated atomically
to ensure that simultaneous increments do not interfere with each
other.

Thanks go to Peter Butler <pbutler@pt.com> for his assistance in
diagnosing and fixing this problem.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:16 -04:00
Allan Stephens 71092ea122 tipc: Add support for SO_RCVTIMEO socket option
Adds support for the SO_RCVTIMEO socket option to TIPC's socket
receive routines.

Thanks go out to Raj Hegde <rajenhegde@yahoo.ca> for his contribution
to the development and testing this enhancement.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:16 -04:00
Allan Stephens f137917332 tipc: Cosmetic changes to node subscription code
Relocates the code that notifies users of node subscriptions so that
it is adjacent to the rest of the routines that implement TIPC's node
subscription capability. Renames the name table routine that is
invoked by a node subscription to better reflect its purpose and to
be consistent with other, similar name table routines.

These changes are cosmetic in nature, and do not alter the behavior
of TIPC.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:16 -04:00
Allan Stephens 431697eb60 tipc: Prevent null pointer error when removing a node subscription
Prevents a null pointer dereference from occurring if a node subscription
is triggered at the same time that the subscribing port or publication is
terminating the subscription. The problem arises if the triggering routine
asynchronously activates and deregisters the node subscription while
deregistration is already underway -- the deregistration routine may find
that the pointer it has just verified to be non-NULL is now NULL.
To avoid this race condition the triggering routine now simply marks the
node subscription as defunct (to prevent it from re-activating)
instead of deregistering it. The subscription is now both deregistered
and destroyed only when the subscribing port or publication code terminates
the node subscription.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:16 -04:00
Allan Stephens a3796f895f tipc: Add network address mask helper routines
Introduces a pair of helper routines that convert the network address
for a TIPC node into the network address for its cluster or zone.

This is a cosmetic change designed to avoid future errors caused by
the incorrect use of address bitmasks, and does not alter the existing
operation of TIPC.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:16 -04:00
Allan Stephens aa84729484 tipc: Correct broadcast link peer info when displaying links
Fixes a typo in the calculation of the network address of a node's own
cluster when generating a response to the configuration command that
lists all of the node's links. The correct mask value for a <Z.C.N>
network address uses 1's for the 8-bit zone and 12-bit cluster parts
and 0's for the 12-bit node part.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:16 -04:00
Allan Stephens 0232fd0ac4 tipc: Allow receiving into iovec containing multiple entries
Enhances TIPC's socket receive routines to support iovec structures
containing more than a single entry. This change leverages existing
sk_buff routines to do most of the work; the only significant change
to TIPC itself is that an sk_buff now records how much data has been
already consumed as an numeric offset, rather than as a pointer to
the first unread data byte.

Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-03-13 16:35:16 -04:00
David S. Miller bef55aebd5 decnet: Convert to use flowidn where applicable.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:55 -08:00
David S. Miller 1958b856c1 net: Put fl6_* macros to struct flowi6 and use them again.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:55 -08:00
David S. Miller 4c9483b2fb ipv6: Convert to use flowi6 where applicable.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:54 -08:00
David S. Miller 9cce96df5b net: Put fl4_* macros to struct flowi4 and use them again.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:54 -08:00
David S. Miller f42454d632 ipv4: Kill fib_semantic_match declaration from fib_lookup.h
This function no longer exists.

Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:53 -08:00
David S. Miller 7e1dc7b6f7 net: Use flowi4 and flowi6 in xfrm layer.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:52 -08:00
David S. Miller 2032656e76 net: Add flowi6_* member helper macros.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:52 -08:00
David S. Miller a1bbb0e698 netfilter: Use flowi4 and flowi6 in xt_TCPMSS
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:51 -08:00
David S. Miller 5a49d0e04d netfilter: Use flowi4 and flowi6 in nf_conntrack_h323_main
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:51 -08:00
David S. Miller b6f21b2680 ipv4: Use flowi4 in UDP
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:50 -08:00
David S. Miller 3073e5ab92 netfilter: Use flowi4 in nf_nat_standalone.c
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:50 -08:00
David S. Miller da91981bee ipv4: Use flowi4 in ipmr code.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:49 -08:00
David S. Miller 9ade22861f ipv4: Use flowi4 in FIB layer.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:49 -08:00
David S. Miller 9d6ec93801 ipv4: Use flowi4 in public route lookup interfaces.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:48 -08:00
David S. Miller 68a5e3dd0a ipv4: Use struct flowi4 internally in routing lookups.
We will change the externally visible APIs next.

Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:48 -08:00