Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=tmp%2Fleds%2Fcore 2009-01-13T05:18:35Z 2009-01-13T05:18:35Z Jan Engelhardt jengelh@medozas.de 2009-01-12T00:06:06Z urn:sha1:d61ba9fd55b52a10b8e0ffd39bbc33587d3bfc8d Commit 8cc784ee (netfilter: change return types of match functions for ebtables extensions) broke ebtables matches by inverting the sense of match/nomatch. Reported-by: Matt Cross <matthltc@us.ibm.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2009-01-13T05:18:34Z Herbert Xu herbert@gondor.apana.org.au 2009-01-12T00:06:03Z urn:sha1:47e0e1ca13d64eeeb687995fbe4e239e743d7544 The PPPOE/VLAN processing code in the bridge netfilter is broken by design. The VLAN tag and the PPPOE session ID are an integral part of the packet flow information, yet they're completely ignored by the bridge netfilter. This is potentially a security hole as it treats all VLANs and PPPOE sessions as the same. What's more, it's actually broken for PPPOE as the bridge netfilter tries to trim the packets to the IP length without adjusting the PPPOE header (and adjusting the PPPOE header isn't much better since the PPPOE peer may require the padding to be present). Therefore we should disable this by default. It does mean that people relying on this feature may lose networking depending on how their bridge netfilter rules are configured. However, IMHO the problems this code causes are serious enough to warrant this. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2009-01-13T05:18:33Z Herbert Xu herbert@gondor.apana.org.au 2009-01-12T00:06:02Z urn:sha1:a2bd40ad3151d4d346fd167e01fb84b06f7247fc Currently the bridge FORWARD/POST_ROUTING chains treats all non-IPv4 packets as IPv6. This packet fixes that by returning NF_ACCEPT on non-IP packets instead, just as is done in PRE_ROUTING. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2009-01-11T08:06:33Z Julia Lawall julia@diku.dk 2009-01-09T10:22:22Z urn:sha1:f3d8b2e467da7a9237a45248ff03b56b6a7c3df7 In each case, if the NULL test is necessary, then the dereference should be moved below the NULL test. The semantic patch that makes this change is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @@ type T; expression E; identifier i,fld; statement S; @@ - T i = E->fld; + T i; ... when != E when != i if (E == NULL) S + i = E->fld; // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-11-28T10:19:15Z David S. Miller davem@davemloft.net 2008-11-28T10:19:15Z urn:sha1:ed77a89c30fa03dcb234a84ddea710b3fb7b62da Conflicts: net/netfilter/nf_conntrack_netlink.c 2008-11-27T07:48:40Z David S. Miller davem@davemloft.net 2008-11-27T07:48:40Z urn:sha1:5b9ab2ec04ec1e1e53939768805612ac191d7ba2 Conflicts: drivers/net/hp-plus.c drivers/net/wireless/ath5k/base.c drivers/net/wireless/ath9k/recv.c net/wireless/reg.c 2008-11-25T00:06:50Z Herbert Xu herbert@gondor.apana.org.au 2008-11-25T00:06:50Z urn:sha1:631339f1e544a4d39a63cfe6708c5bddcd5a2c48 As GRE tries to call the update_pmtu function on skb->dst and bridge supplies an skb->dst that has a NULL ops field, all is not well. This patch fixes this by giving the bridge device an ops field with an update_pmtu function. For the moment I've left all other fields blank but we can fill them in later should the need arise. Based on report and patch by Philip Craig. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-11-21T04:14:53Z Stephen Hemminger shemminger@vyatta.com 2008-11-21T04:14:53Z urn:sha1:008298231abbeb91bc7be9e8b078607b816d1a4a This patch moves neigh_setup and hard_start_xmit into the network device ops structure. For bisection, fix all the previously converted drivers as well. Bonding driver took the biggest hit on this. Added a prefetch of the hard_start_xmit in the fast path to try and reduce any impact this would have. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-11-20T06:42:38Z Stephen Hemminger shemminger@vyatta.com 2008-11-20T05:49:00Z urn:sha1:a2dbb88210b9877f1c53d3798fd5d717a4d45256 Convert to net_device_ops function table. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-11-13T07:39:10Z Wang Chen wangchen@cn.fujitsu.com 2008-11-13T07:39:10Z urn:sha1:524ad0a79126efabf58d0a49eace6155ab5b4549 We have some reasons to kill netdev->priv: 1. netdev->priv is equal to netdev_priv(). 2. netdev_priv() wraps the calculation of netdev->priv's offset, obviously netdev_priv() is more flexible than netdev->priv. But we cann't kill netdev->priv, because so many drivers reference to it directly. This patch is a safe convert for netdev->priv to netdev_priv(netdev). Since all of the netdev->priv is only for read. But it is too big to be sent in one mail. I split it to 4 parts and make every part smaller than 100,000 bytes, which is max size allowed by vger. Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>