Let GCC check for format string errors in sctp's probe printl
function. This patch fixes the warning when compiled with W=1:
net/sctp/probe.c:73:2: warning: function might be possible candidate
for 'gnu_printf' format attribute [-Wmissing-format-attribute]
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently, in menuconfig, Netlink's new mmaped IO is the very first
entry under the ``Networking support'' item and comes even before
``Networking options'':
[ ] Netlink: mmaped IO
Networking options --->
...
Lets move this into ``Networking options'' under netlink's Kconfig,
since this might be more appropriate. Introduced by commit ccdfcc398
(``netlink: mmaped netlink: ring setup'').
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bart Van Assche recently reported a warning to me:
<IRQ> [<ffffffff8103d79f>] warn_slowpath_common+0x7f/0xc0
[<ffffffff8103d7fa>] warn_slowpath_null+0x1a/0x20
[<ffffffff814761dd>] mutex_trylock+0x16d/0x180
[<ffffffff813968c9>] netpoll_poll_dev+0x49/0xc30
[<ffffffff8136a2d2>] ? __alloc_skb+0x82/0x2a0
[<ffffffff81397715>] netpoll_send_skb_on_dev+0x265/0x410
[<ffffffff81397c5a>] netpoll_send_udp+0x28a/0x3a0
[<ffffffffa0541843>] ? write_msg+0x53/0x110 [netconsole]
[<ffffffffa05418bf>] write_msg+0xcf/0x110 [netconsole]
[<ffffffff8103eba1>] call_console_drivers.constprop.17+0xa1/0x1c0
[<ffffffff8103fb76>] console_unlock+0x2d6/0x450
[<ffffffff8104011e>] vprintk_emit+0x1ee/0x510
[<ffffffff8146f9f6>] printk+0x4d/0x4f
[<ffffffffa0004f1d>] scsi_print_command+0x7d/0xe0 [scsi_mod]
This resulted from my commit ca99ca14c which introduced a mutex_trylock
operation in a path that could execute in interrupt context. When mutex
debugging is enabled, the above warns the user when we are in fact
exectuting in interrupt context
interrupt context.
After some discussion, It seems that a semaphore is the proper mechanism to use
here. While mutexes are defined to be unusable in interrupt context, no such
condition exists for semaphores (save for the fact that the non blocking api
calls, like up and down_trylock must be used when in irq context).
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: Bart Van Assche <bvanassche@acm.org>
CC: Bart Van Assche <bvanassche@acm.org>
CC: David Miller <davem@davemloft.net>
CC: netdev@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit f9c2288837 (netlink:
implement memory mapped recvmsg) increamented skb->users
ref count twice for a dump op which does not look right.
Following patch fixes that.
CC: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Deal with changes in newer xtables while maintaining backward
compatibility. Thanks to Jan Engelhardt for suggestions.
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
commit b6c39bfcf1 ("net/mlx4_en: Add a service task")
added a build error on 32bit arches.
ERROR: "__udivdi3" [drivers/net/ethernet/mellanox/mlx4/mlx4_en.ko]
undefined!
Fix this problem by using do_div()
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Amir Vadai <amirv@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This reverts commit d2d2d87dfd
("bnx2x: allow nvram test to run when device is down").
Since it makes access to the device in D3 state possible.
More work is required to make sure device is not set to D3
during ifdown. Until this is done the nvram-test should simply
exit if device is down like it did before.
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bridge can crash while trying to send topology change packet.
This happens if root port can't be found. This was reported by user
but currently unable to reproduce it easily. The STP conditions that cause
this are not known yet, but the problem doesn't have to be fatal.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
With the commit a11fbba (net/cpsw: fix irq_disable() with threaded interrupts)
from Sebastian Siewior, a kernel warning is generated as below. This warning
is generated as the irq_enabled is not initialized for the primary interface
and in probe it is initialized for the second interface. This patch moves
irq_enabled initialization from second interface to primary interface.
[ 3.049173] net eth0: phy found : id is : 0x4dd074
[ 3.054552] net eth0: phy found : id is : 0x4dd074
[ 3.070421] ------------[ cut here ]------------
[ 3.075308] WARNING: at kernel/irq/manage.c:437 enable_irq+0x3c/0x74()
[ 3.082173] Unbalanced enable for IRQ 56
[ 3.086299] Modules linked in:
[ 3.089557] [<c001abcc>] (unwind_backtrace+0x0/0xf0) from [<c004294c>] (warn_slowpath_common+0x4c/0x68)
[ 3.099450] [<c004294c>] (warn_slowpath_common+0x4c/0x68) from [<c00429fc>] (warn_slowpath_fmt+0x30/0x40)
[ 3.109521] [<c00429fc>] (warn_slowpath_fmt+0x30/0x40) from [<c00a29fc>] (enable_irq+0x3c/0x74)
[ 3.118681] [<c00a29fc>] (enable_irq+0x3c/0x74) from [<c03a7818>] (cpsw_ndo_open+0x61c/0x684)
[ 3.127669] [<c03a7818>] (cpsw_ndo_open+0x61c/0x684) from [<c0445c08>] (__dev_open+0x9c/0xf8)
[ 3.136646] [<c0445c08>] (__dev_open+0x9c/0xf8) from [<c0445e34>] (__dev_change_flags+0x78/0x13c)
[ 3.145988] [<c0445e34>] (__dev_change_flags+0x78/0x13c) from [<c0445f64>] (dev_change_flags+0x10/0x48)
[ 3.155884] [<c0445f64>] (dev_change_flags+0x10/0x48) from [<c0736d88>] (ip_auto_config+0x198/0x111c)
[ 3.165592] [<c0736d88>] (ip_auto_config+0x198/0x111c) from [<c00086a4>] (do_one_initcall+0x34/0x180)
[ 3.175309] [<c00086a4>] (do_one_initcall+0x34/0x180) from [<c07078f8>] (kernel_init_freeable+0xfc/0x1c8)
[ 3.185393] [<c07078f8>] (kernel_init_freeable+0xfc/0x1c8) from [<c04f36ec>] (kernel_init+0x8/0xe4)
[ 3.194929] [<c04f36ec>] (kernel_init+0x8/0xe4) from [<c00133d0>] (ret_from_fork+0x14/0x24)
[ 3.203712] ---[ end trace d6f979da080bc391 ]---
Cc: Sebastian Siewior <bigeasy@linutronix.de>
Signed-off-by: Mugunthan V N <mugunthanvnm@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
On Renesas R-Car based development boards, although a MAC address is printed on
all the Ethernet port labels, U-Boot doesn't write a valid MAC address to the
Ether MAHR/MALR registers (there's no storage provided for the Ether MAC address
either), so we have to resort to using a random MAC address...
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
The venerable 3c509 driver only sets its device parent in one case, the ISAPnP one.
It does this with the SET_NETDEV_DEV function. It should register with the device
hierarchy in two additional cases: standard (non-PnP) ISA and EISA.
- Currently they appear here:
/sys/devices/virtual/net/eth0 (standard ISA)
/sys/devices/virtual/net/eth1 (EISA)
- Rather, they should instead be here:
/sys/devices/isa/3c509.0/net/eth0 (standard ISA)
/sys/devices/pci0000:00/0000:00:07.0/00:04/net/eth1 (EISA)
Tested on ISA and EISA boards.
Signed-off-by: Matthew Whitehead <tedheadster@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The commit f233a976ad (tg3: shows
HW time stamping support only if ptp_capable is present) didn't
append hardware flags correctly. This patch fixes it.
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Conflicts:
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
drivers/net/ethernet/emulex/benet/be.h
include/net/tcp.h
net/mac802154/mac802154.h
Most conflicts were minor overlapping stuff.
The be2net driver brought in some fixes that added __vlan_put_tag
calls, which in net-next take an additional argument.
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently, peeking on a unix stream socket with an offset larger than len of
the data in the sk receive queue returns immediately with bogus data.
This patch fixes this so that the behavior is the same as peeking with no
offset on an empty queue: the caller blocks.
Signed-off-by: Benjamin Poirier <bpoirier@suse.de>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently, peeking on a unix datagram socket with an offset larger than len of
the data in the sk receive queue returns immediately with bogus data. That's
because *off is not reset between each skb_queue_walk().
This patch fixes this so that the behavior is the same as peeking with no
offset on an empty queue: the caller blocks.
Signed-off-by: Benjamin Poirier <bpoirier@suse.de>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
"77c1090 net: fix infinite loop in __skb_recv_datagram()" (v3.8) introduced a
regression:
After that commit, recv can no longer peek beyond a 0-sized skb in the queue.
__skb_recv_datagram() instead stops at the first skb with len == 0 and results
in the system call failing with -EFAULT via skb_copy_datagram_iovec().
When peeking at an offset with 0-sized skb(s), each one of those is received
only once, in sequence. The offset starts moving forward again after receiving
datagrams with len > 0.
Signed-off-by: Benjamin Poirier <bpoirier@suse.de>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The only user is get_dpifindex(), no need to redirect via the port
operations.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Use consume_skb() to free the original skb that is successfully transmitted
as gso segmented skbs so that it is not treated as a drop due to an error.
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
John W. Linville says:
====================
A few more stragglers intended for 3.10...
For the Bluetooth bits, Gustavo says:
"A few more patches intended for 3.10, the most important one is the support in
btusb for fw loading for the Intel Bluetooth device. Other than that we have
only fixes and clean ups."
For the iwlwifi bits, Johannes says:
"Here are a few more changes for the 3.10 stream, some bugfixes,
adjustments to some powersave parameters and a new device ID."
For the NFC bits, Samuel says:
"This pull request includes Marcel's Kconfig dependency fix on top of the LLCP
code move to net/nfc."
On top of that...Yogesh Ashok Powar provides a few PCI-related mwifiex
updates, Hauke Mehrtens provides a small ssb feature for spurious
tone avoidance on a specific chip, and Larry Finger provides a small
rtlwifi fix related to avoiding false detection of AP loss.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Kravkov says:
====================
The series fixes GSO flags in vxlan xmit code and
adds appropriate code for bnx2x driver to utilize
fw support for UDP tunneling protocols offload.
Netperf's results below show improvement in throughput
between two vxlan interfaces:
before:
MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 9.0.0.2 (9.0.0.2) port 0 AF_INET
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec
87380 16384 16384 10.20 228.73
after:
MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 9.0.0.2 (9.0.0.2) port 0 AF_INET
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec
87380 16384 16384 10.00 3314.75
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
CC: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Since SKB_GSO_* flags are set by appropriate gso_segment callback
in TCP/UDP layer.
CC: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Newer firmware can post CPL_SGE_EGR_UPDATE message encapsulated in a
CPL_FW4_MSG as follows
flit0 rss_header (if DropRSS == 0 in IQ context)
flit1 CPL_FW4_MSG cpl
flit2 rss_header w/opcode CPL_SGE_EGR_UPDATE
flit3 CPL_SGE_EGR_UPDATE cpl
So FW4_MSG CPLs with a newly created type of FW_TYPE_RSSCPL have the
CPL_SGE_EGR_UPDATE CPL message in flit 2 of the FW4_MSG. Firmware can still
post regular CPL_SGE_EGR_UPDATE messages, so the drivers need to handle
both.
This patch also writes a new parameter to firmware requesting encapsulated
EGR_UPDATE. This allows firmware with this support to not break older drivers.
Signed-off-by: Vipul Pandya <vipul@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Newer firmware can post CPL_SGE_EGR_UPDATE message encapsulated in a
CPL_FW4_MSG as follows
flit0 rss_header (if DropRSS == 0 in IQ context)
flit1 CPL_FW4_MSG cpl
flit2 rss_header w/opcode CPL_SGE_EGR_UPDATE
flit3 CPL_SGE_EGR_UPDATE cpl
So FW4_MSG CPLs with a newly created type of FW_TYPE_RSSCPL have the
CPL_SGE_EGR_UPDATE CPL message in flit 2 of the FW4_MSG. Firmware can still
post regular CPL_SGE_EGR_UPDATE messages, so the drivers need to handle
both.
This patch also writes a new parameter to firmware requesting encapsulated
EGR_UPDATE. This allows firmware with this support to not break older drivers.
Signed-off-by: Vipul Pandya <vipul@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linux immediately returns SYNACK on (spurious) SYN retransmits, but
keeps the SYNACK timer running independently. Thus the timer may
fire right after the SYNACK retransmit and causes a SYN-SYNACK
cross-fire burst.
Adopt the fast retransmit/recovery idea in established state by
re-arming the SYNACK timer after the fast (SYNACK) retransmit. The
timer may fire late up to 500ms due to the current SYNACK timer wheel,
but it's OK to be conservative when network is congested. Eric's new
listener design should address this issue.
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add MIB counters for checksum errors in IP layer,
and TCP/UDP/ICMP layers, to help diagnose problems.
$ nstat -a | grep Csum
IcmpInCsumErrors 72 0.0
TcpInCsumErrors 382 0.0
UdpInCsumErrors 463221 0.0
Icmp6InCsumErrors 75 0.0
Udp6InCsumErrors 173442 0.0
IpExtInCsumErrors 10884 0.0
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Current tg3 shows hardware timestamping support for all devices
when that is true only for the hardware with PTP_CAPABLE flag
present.
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Acked-by: Nithin Nayak Sujir <nsujir@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Instead of feeding net_secret[] at boot time, defer the init
at the point first socket is created.
This permits some platforms to use better entropy sources than
the ones available at boot time.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Lancer FW requires that the first cmd issued by the host-driver be an FLR.
So, re-order be_probe() to move be_cmd_function_reset() ahead of
be_cmd_fw_init().
Signed-off-by: Kalesh AP <kalesh.purayil@emulex.com>
Signed-off-by: Somnath Kotur <somnath.kotur@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Skyhawk-R requires V1 version of GET_FUNCTION_CONFIG cmd to be used for
querrying resources available per function.
Signed-off-by: Kalesh AP <kalesh.purayil@emulex.com>
Signed-off-by: Somnath Kotur <somnath.kotur@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
- One patch for moving the LLCP code into net/nfc.
It fixes a build annoyance reported by Dave Miller caused by the fact
that the LLCP code object targets are not in the same directory as the
Makefile trying to build them is. It prevents us from doing e.g.
make net/nfc/llcp/sock.o
Moving the LLCP code into net/nfc and not making it optional anymore
makes sense as LLCP is a fundamental piece of the NFC specifications
and thus should be in the core NFC directory.
- One patch that fixes the missing dependency against RFKILL. Without it NFC
fails to properly build when it's builtin and CONFIG_RFKILL=m.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJRewn5AAoJEIqAPN1PVmxKeDsQAJPGgwKPymgMwRceB6bwSQnx
hlbHkYVxgJd7wTK3Kz5oXf1i/Krz3K39845482qetS0I02/YwmAkrMHJ0YpbAvpq
+TCjKk8sYvJniq157GV05zHG5mCjMr+rh2yQ1D/2GQwiI39KHnXaJsnKV0hhlwl9
5/Z+RB1y83Qaz/ug5Y/ZlFmRxlVTIjIs/+KncC2v1KpKw050Amst+C8ScuAfpDny
ywvweCDUXh4aUteN1gC9+nelwczJDq2rbeP4oSoZctsoUmcO2WLtBuVc/lKSJBSE
8Ttje4IDRcSyn1zPAAwWV8O/zx0urBhskuyv7DNIuNDRjTIK3KdpVuNwEnUG0bO1
+DJ3GfsGQLSwZCi2YQ1ABUQc2kqlUFM10UvVObRrbD2Gwq0BbpvrkKsvbJUWpqWh
9zQe8G9lLHW//MF/sAvXcR+AezU8lZ/uU/qNVse/Yz0vBFUMYXthOd67ajybaSnW
cHf139buAn6kaW9LnxJs4vbHv1qKlVP6a4aAWC2elaHy8nv+UBx62vlrEJg5Jyle
kO7kHzesTK7NnC5Up0xQWbxQfvuoqINNhBI6IyMqb49L27MFDci+yN3aojfu+xGt
i/AH1fwltopRYd5bK+BIjpeo+G3n1FonxW/w1OOaVHr+4aEjSfAerUk59yoC+nMo
kdk7eBpn8uXVbYNjc+Ij
=8VFM
-----END PGP SIGNATURE-----
Merge tag 'nfc-next-3.10-4' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-next
Samuel Ortiz <sameo@linux.intel.com> says:
"With this one we have:
- One patch for moving the LLCP code into net/nfc.
It fixes a build annoyance reported by Dave Miller caused by the fact
that the LLCP code object targets are not in the same directory as the
Makefile trying to build them is. It prevents us from doing e.g.
make net/nfc/llcp/sock.o
Moving the LLCP code into net/nfc and not making it optional anymore
makes sense as LLCP is a fundamental piece of the NFC specifications
and thus should be in the core NFC directory.
- One patch that fixes the missing dependency against RFKILL. Without it NFC
fails to properly build when it's builtin and CONFIG_RFKILL=m."
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Pablo Neira Ayuso says:
====================
The following patchset contains relevant updates for the Netfilter
tree, they are:
* Enhancements for ipset: Add the counter extension for sets, this
information can be used from the iptables set match, to change
the matching behaviour. Jozsef required to add the extension
infrastructure and moved the existing timeout support upon it.
This also includes a change in net/sched/em_ipset to adapt it to
the new extension structure.
* Enhancements for performance boosting in nfnetlink_queue: Add new
configuration flags that allows user-space to receive big packets (GRO)
and to disable checksumming calculation. This were proposed by Eric
Dumazet during the Netfilter Workshop 2013 in Copenhagen. Florian
Westphal was kind enough to find the time to materialize the proposal.
* A sparse fix from Simon, he noticed it in the SCTP NAT helper, the fix
required a change in the interface of sctp_end_cksum.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Add support for another ARM member of the R-Car family, R-Car M1A, also known as
R8A77781 -- it will share the code with previously added R8A77790.
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Francois Romieu <romieu@fr.zoreil.com>
Cc: hayeswang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Change the type of the crc32 parameter of sctp_end_cksum()
from __be32 to __u32 to reflect that fact that it is passed
to cpu_to_le32().
There are five in-tree users of sctp_end_cksum().
The following four had warnings flagged by sparse which are
no longer present with this change.
net/netfilter/ipvs/ip_vs_proto_sctp.c:sctp_nat_csum()
net/netfilter/ipvs/ip_vs_proto_sctp.c:sctp_csum_check()
net/sctp/input.c:sctp_rcv_checksum()
net/sctp/output.c:sctp_packet_transmit()
The fifth user is net/netfilter/nf_nat_proto_sctp.c:sctp_manip_pkt().
It has been updated to pass a __u32 instead of a __be32,
the value in question was already calculated in cpu byte-order.
net/netfilter/nf_nat_proto_sctp.c:sctp_manip_pkt() has also
been updated to assign the return value of sctp_end_cksum()
directly to a variable of type __le32, matching the
type of the return value. Previously the return value
was assigned to a variable of type __be32 and then that variable
was finally assigned to another variable of type __le32.
Problems flagged by sparse.
Compile and sparse tested only.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Userspace can now indicate that it can cope with larger-than-mtu sized
packets and packets that have invalid ipv4/tcp checksums.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Once we allow userspace to receive gso/gro packets, userspace
needs to be able to determine when checksums appear to be
broken, but are not.
NFQA_SKB_CSUMNOTREADY means 'checksums will be fixed in kernel
later, pretend they are ok'.
NFQA_SKB_GSO could be used for statistics, or to determine when
packet size exceeds mtu.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
skb_gso_segment is expensive, so it would be nice if we could
avoid it in the future. However, userspace needs to be prepared
to receive larger-than-mtu-packets (which will also have incorrect
l3/l4 checksums), so we cannot simply remove it.
The plan is to add a per-queue feature flag that userspace can
set when binding the queue.
The problem is that in nf_queue, we only have a queue number,
not the queue context/configuration settings.
This patch should have no impact other than the skb_gso_segment
call now being in a function that has access to the queue config
data.
A new size attribute in nf_queue_entry is needed so
nfnetlink_queue can duplicate the entry of the gso skb
when segmenting the skb while also copying the route key.
The follow up patch adds switch to disable skb_gso_segment when
queue config says so.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
required by future patch that will need to duplicate the
nf_queue_entry, bumping refcounts of the copy.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
The new revision of the set match supports to match the counters
and to suppress updating the counters at matching too.
At the set:list types, the updating of the subcounters can be
suppressed as well.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>