Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (353 commits)
  [IPV6] ADDRCONF: Mobile IPv6 Home Address support.
  [IPV6] ADDRCONF: Allow non-DAD'able addresses.
  [IPV6] NDISC: Fix is_router flag setting.
  [IPV6] ADDRCONF: Convert addrconf_lock to RCU.
  [IPV6] NDISC: Add proxy_ndp sysctl.
  [IPV6] NDISC: Set per-entry is_router flag in Proxy NA.
  [IPV6] NDISC: Avoid updating neighbor cache for proxied address in receiving NA.
  [IPV6]: Don't forward packets to proxied link-local address.
  [IPV6] NDISC: Handle NDP messages to proxied addresses.
  [NETFILTER]: PPTP conntrack: fix another GRE keymap leak
  [NETFILTER]: PPTP conntrack: fix GRE keymap leak
  [NETFILTER]: PPTP conntrack: fix PPTP_IN_CALL message types
  [NETFILTER]: PPTP conntrack: check call ID before changing state
  [NETFILTER]: PPTP conntrack: clean up debugging cruft
  [NETFILTER]: PPTP conntrack: consolidate header parsing
  [NETFILTER]: PPTP conntrack: consolidate header size checks
  [NETFILTER]: PPTP conntrack: simplify expectation handling
  [NETFILTER]: PPTP conntrack: remove unnecessary cid/pcid header pointers
  [NETFILTER]: PPTP conntrack: fix header definitions
  [NETFILTER]: PPTP conntrack: remove more dead code
  ...
This commit is contained in:
Linus Torvalds 2006-09-23 16:49:31 -07:00
commit a4c12d6c5d
449 changed files with 23730 additions and 11592 deletions

View file

@ -2384,6 +2384,13 @@ N: Thomas Molina
E: tmolina@cablespeed.com
D: bug fixes, documentation, minor hackery
N: Paul Moore
E: paul.moore@hp.com
D: NetLabel author
S: Hewlett-Packard
S: 110 Spit Brook Road
S: Nashua, NH 03062
N: James Morris
E: jmorris@namei.org
W: http://namei.org/

View file

@ -184,6 +184,8 @@ mtrr.txt
- how to use PPro Memory Type Range Registers to increase performance.
nbd.txt
- info on a TCP implementation of a network block device.
netlabel/
- directory with information on the NetLabel subsystem.
networking/
- directory with info on various aspects of networking with Linux.
nfsroot.txt

View file

@ -0,0 +1,10 @@
00-INDEX
- this file.
cipso_ipv4.txt
- documentation on the IPv4 CIPSO protocol engine.
draft-ietf-cipso-ipsecurity-01.txt
- IETF draft of the CIPSO protocol, dated 16 July 1992.
introduction.txt
- NetLabel introduction, READ THIS FIRST.
lsm_interface.txt
- documentation on the NetLabel kernel security module API.

View file

@ -0,0 +1,48 @@
NetLabel CIPSO/IPv4 Protocol Engine
==============================================================================
Paul Moore, paul.moore@hp.com
May 17, 2006
* Overview
The NetLabel CIPSO/IPv4 protocol engine is based on the IETF Commercial IP
Security Option (CIPSO) draft from July 16, 1992. A copy of this draft can be
found in this directory, consult '00-INDEX' for the filename. While the IETF
draft never made it to an RFC standard it has become a de-facto standard for
labeled networking and is used in many trusted operating systems.
* Outbound Packet Processing
The CIPSO/IPv4 protocol engine applies the CIPSO IP option to packets by
adding the CIPSO label to the socket. This causes all packets leaving the
system through the socket to have the CIPSO IP option applied. The socket's
CIPSO label can be changed at any point in time, however, it is recommended
that it is set upon the socket's creation. The LSM can set the socket's CIPSO
label by using the NetLabel security module API; if the NetLabel "domain" is
configured to use CIPSO for packet labeling then a CIPSO IP option will be
generated and attached to the socket.
* Inbound Packet Processing
The CIPSO/IPv4 protocol engine validates every CIPSO IP option it finds at the
IP layer without any special handling required by the LSM. However, in order
to decode and translate the CIPSO label on the packet the LSM must use the
NetLabel security module API to extract the security attributes of the packet.
This is typically done at the socket layer using the 'socket_sock_rcv_skb()'
LSM hook.
* Label Translation
The CIPSO/IPv4 protocol engine contains a mechanism to translate CIPSO security
attributes such as sensitivity level and category to values which are
appropriate for the host. These mappings are defined as part of a CIPSO
Domain Of Interpretation (DOI) definition and are configured through the
NetLabel user space communication layer. Each DOI definition can have a
different security attribute mapping table.
* Label Translation Cache
The NetLabel system provides a framework for caching security attribute
mappings from the network labels to the corresponding LSM identifiers. The
CIPSO/IPv4 protocol engine supports this caching mechanism.

View file

@ -0,0 +1,791 @@
IETF CIPSO Working Group
16 July, 1992
COMMERCIAL IP SECURITY OPTION (CIPSO 2.2)
1. Status
This Internet Draft provides the high level specification for a Commercial
IP Security Option (CIPSO). This draft reflects the version as approved by
the CIPSO IETF Working Group. Distribution of this memo is unlimited.
This document is an Internet Draft. Internet Drafts are working documents
of the Internet Engineering Task Force (IETF), its Areas, and its Working
Groups. Note that other groups may also distribute working documents as
Internet Drafts.
Internet Drafts are draft documents valid for a maximum of six months.
Internet Drafts may be updated, replaced, or obsoleted by other documents
at any time. It is not appropriate to use Internet Drafts as reference
material or to cite them other than as a "working draft" or "work in
progress."
Please check the I-D abstract listing contained in each Internet Draft
directory to learn the current status of this or any other Internet Draft.
2. Background
Currently the Internet Protocol includes two security options. One of
these options is the DoD Basic Security Option (BSO) (Type 130) which allows
IP datagrams to be labeled with security classifications. This option
provides sixteen security classifications and a variable number of handling
restrictions. To handle additional security information, such as security
categories or compartments, another security option (Type 133) exists and
is referred to as the DoD Extended Security Option (ESO). The values for
the fixed fields within these two options are administered by the Defense
Information Systems Agency (DISA).
Computer vendors are now building commercial operating systems with
mandatory access controls and multi-level security. These systems are
no longer built specifically for a particular group in the defense or
intelligence communities. They are generally available commercial systems
for use in a variety of government and civil sector environments.
The small number of ESO format codes can not support all the possible
applications of a commercial security option. The BSO and ESO were
designed to only support the United States DoD. CIPSO has been designed
to support multiple security policies. This Internet Draft provides the
format and procedures required to support a Mandatory Access Control
security policy. Support for additional security policies shall be
defined in future RFCs.
Internet Draft, Expires 15 Jan 93 [PAGE 1]
CIPSO INTERNET DRAFT 16 July, 1992
3. CIPSO Format
Option type: 134 (Class 0, Number 6, Copy on Fragmentation)
Option length: Variable
This option permits security related information to be passed between
systems within a single Domain of Interpretation (DOI). A DOI is a
collection of systems which agree on the meaning of particular values
in the security option. An authority that has been assigned a DOI
identifier will define a mapping between appropriate CIPSO field values
and their human readable equivalent. This authority will distribute that
mapping to hosts within the authority's domain. These mappings may be
sensitive, therefore a DOI authority is not required to make these
mappings available to anyone other than the systems that are included in
the DOI.
This option MUST be copied on fragmentation. This option appears at most
once in a datagram. All multi-octet fields in the option are defined to be
transmitted in network byte order. The format of this option is as follows:
+----------+----------+------//------+-----------//---------+
| 10000110 | LLLLLLLL | DDDDDDDDDDDD | TTTTTTTTTTTTTTTTTTTT |
+----------+----------+------//------+-----------//---------+
TYPE=134 OPTION DOMAIN OF TAGS
LENGTH INTERPRETATION
Figure 1. CIPSO Format
3.1 Type
This field is 1 octet in length. Its value is 134.
3.2 Length
This field is 1 octet in length. It is the total length of the option
including the type and length fields. With the current IP header length
restriction of 40 octets the value of this field MUST not exceed 40.
3.3 Domain of Interpretation Identifier
This field is an unsigned 32 bit integer. The value 0 is reserved and MUST
not appear as the DOI identifier in any CIPSO option. Implementations
should assume that the DOI identifier field is not aligned on any particular
byte boundary.
To conserve space in the protocol, security levels and categories are
represented by numbers rather than their ASCII equivalent. This requires
a mapping table within CIPSO hosts to map these numbers to their
corresponding ASCII representations. Non-related groups of systems may
Internet Draft, Expires 15 Jan 93 [PAGE 2]
CIPSO INTERNET DRAFT 16 July, 1992
have their own unique mappings. For example, one group of systems may
use the number 5 to represent Unclassified while another group may use the
number 1 to represent that same security level. The DOI identifier is used
to identify which mapping was used for the values within the option.
3.4 Tag Types
A common format for passing security related information is necessary
for interoperability. CIPSO uses sets of "tags" to contain the security
information relevant to the data in the IP packet. Each tag begins with
a tag type identifier followed by the length of the tag and ends with the
actual security information to be passed. All multi-octet fields in a tag
are defined to be transmitted in network byte order. Like the DOI
identifier field in the CIPSO header, implementations should assume that
all tags, as well as fields within a tag, are not aligned on any particular
octet boundary. The tag types defined in this document contain alignment
bytes to assist alignment of some information, however alignment can not
be guaranteed if CIPSO is not the first IP option.
CIPSO tag types 0 through 127 are reserved for defining standard tag
formats. Their definitions will be published in RFCs. Tag types whose
identifiers are greater than 127 are defined by the DOI authority and may
only be meaningful in certain Domains of Interpretation. For these tag
types, implementations will require the DOI identifier as well as the tag
number to determine the security policy and the format associated with the
tag. Use of tag types above 127 are restricted to closed networks where
interoperability with other networks will not be an issue. Implementations
that support a tag type greater than 127 MUST support at least one DOI that
requires only tag types 1 to 127.
Tag type 0 is reserved. Tag types 1, 2, and 5 are defined in this
Internet Draft. Types 3 and 4 are reserved for work in progress.
The standard format for all current and future CIPSO tags is shown below:
+----------+----------+--------//--------+
| TTTTTTTT | LLLLLLLL | IIIIIIIIIIIIIIII |
+----------+----------+--------//--------+
TAG TAG TAG
TYPE LENGTH INFORMATION
Figure 2: Standard Tag Format
In the three tag types described in this document, the length and count
restrictions are based on the current IP limitation of 40 octets for all
IP options. If the IP header is later expanded, then the length and count
restrictions specified in this document may increase to use the full area
provided for IP options.
3.4.1 Tag Type Classes
Tag classes consist of tag types that have common processing requirements
and support the same security policy. The three tags defined in this
Internet Draft belong to the Mandatory Access Control (MAC) Sensitivity
Internet Draft, Expires 15 Jan 93 [PAGE 3]
CIPSO INTERNET DRAFT 16 July, 1992
class and support the MAC Sensitivity security policy.
3.4.2 Tag Type 1
This is referred to as the "bit-mapped" tag type. Tag type 1 is included
in the MAC Sensitivity tag type class. The format of this tag type is as
follows:
+----------+----------+----------+----------+--------//---------+
| 00000001 | LLLLLLLL | 00000000 | LLLLLLLL | CCCCCCCCCCCCCCCCC |
+----------+----------+----------+----------+--------//---------+
TAG TAG ALIGNMENT SENSITIVITY BIT MAP OF
TYPE LENGTH OCTET LEVEL CATEGORIES
Figure 3. Tag Type 1 Format
3.4.2.1 Tag Type
This field is 1 octet in length and has a value of 1.
3.4.2.2 Tag Length
This field is 1 octet in length. It is the total length of the tag type
including the type and length fields. With the current IP header length
restriction of 40 bytes the value within this field is between 4 and 34.
3.4.2.3 Alignment Octet
This field is 1 octet in length and always has the value of 0. Its purpose
is to align the category bitmap field on an even octet boundary. This will
speed many implementations including router implementations.
3.4.2.4 Sensitivity Level
This field is 1 octet in length. Its value is from 0 to 255. The values
are ordered with 0 being the minimum value and 255 representing the maximum
value.
3.4.2.5 Bit Map of Categories
The length of this field is variable and ranges from 0 to 30 octets. This
provides representation of categories 0 to 239. The ordering of the bits
is left to right or MSB to LSB. For example category 0 is represented by
the most significant bit of the first byte and category 15 is represented
by the least significant bit of the second byte. Figure 4 graphically
shows this ordering. Bit N is binary 1 if category N is part of the label
for the datagram, and bit N is binary 0 if category N is not part of the
label. Except for the optimized tag 1 format described in the next section,
Internet Draft, Expires 15 Jan 93 [PAGE 4]
CIPSO INTERNET DRAFT 16 July, 1992
minimal encoding SHOULD be used resulting in no trailing zero octets in the
category bitmap.
octet 0 octet 1 octet 2 octet 3 octet 4 octet 5
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX . . .
bit 01234567 89111111 11112222 22222233 33333333 44444444
number 012345 67890123 45678901 23456789 01234567
Figure 4. Ordering of Bits in Tag 1 Bit Map
3.4.2.6 Optimized Tag 1 Format
Routers work most efficiently when processing fixed length fields. To
support these routers there is an optimized form of tag type 1. The format
does not change. The only change is to the category bitmap which is set to
a constant length of 10 octets. Trailing octets required to fill out the 10
octets are zero filled. Ten octets, allowing for 80 categories, was chosen
because it makes the total length of the CIPSO option 20 octets. If CIPSO
is the only option then the option will be full word aligned and additional
filler octets will not be required.
3.4.3 Tag Type 2
This is referred to as the "enumerated" tag type. It is used to describe
large but sparsely populated sets of categories. Tag type 2 is in the MAC
Sensitivity tag type class. The format of this tag type is as follows:
+----------+----------+----------+----------+-------------//-------------+
| 00000010 | LLLLLLLL | 00000000 | LLLLLLLL | CCCCCCCCCCCCCCCCCCCCCCCCCC |
+----------+----------+----------+----------+-------------//-------------+
TAG TAG ALIGNMENT SENSITIVITY ENUMERATED
TYPE LENGTH OCTET LEVEL CATEGORIES
Figure 5. Tag Type 2 Format
3.4.3.1 Tag Type
This field is one octet in length and has a value of 2.
3.4.3.2 Tag Length
This field is 1 octet in length. It is the total length of the tag type
including the type and length fields. With the current IP header length
restriction of 40 bytes the value within this field is between 4 and 34.
3.4.3.3 Alignment Octet
This field is 1 octet in length and always has the value of 0. Its purpose
is to align the category field on an even octet boundary. This will
Internet Draft, Expires 15 Jan 93 [PAGE 5]
CIPSO INTERNET DRAFT 16 July, 1992
speed many implementations including router implementations.
3.4.3.4 Sensitivity Level
This field is 1 octet in length. Its value is from 0 to 255. The values
are ordered with 0 being the minimum value and 255 representing the
maximum value.
3.4.3.5 Enumerated Categories
In this tag, categories are represented by their actual value rather than
by their position within a bit field. The length of each category is 2
octets. Up to 15 categories may be represented by this tag. Valid values
for categories are 0 to 65534. Category 65535 is not a valid category
value. The categories MUST be listed in ascending order within the tag.
3.4.4 Tag Type 5
This is referred to as the "range" tag type. It is used to represent
labels where all categories in a range, or set of ranges, are included
in the sensitivity label. Tag type 5 is in the MAC Sensitivity tag type
class. The format of this tag type is as follows:
+----------+----------+----------+----------+------------//-------------+
| 00000101 | LLLLLLLL | 00000000 | LLLLLLLL | Top/Bottom | Top/Bottom |
+----------+----------+----------+----------+------------//-------------+
TAG TAG ALIGNMENT SENSITIVITY CATEGORY RANGES
TYPE LENGTH OCTET LEVEL
Figure 6. Tag Type 5 Format
3.4.4.1 Tag Type
This field is one octet in length and has a value of 5.
3.4.4.2 Tag Length
This field is 1 octet in length. It is the total length of the tag type
including the type and length fields. With the current IP header length
restriction of 40 bytes the value within this field is between 4 and 34.
3.4.4.3 Alignment Octet
This field is 1 octet in length and always has the value of 0. Its purpose
is to align the category range field on an even octet boundary. This will
speed many implementations including router implementations.
Internet Draft, Expires 15 Jan 93 [PAGE 6]
CIPSO INTERNET DRAFT 16 July, 1992
3.4.4.4 Sensitivity Level
This field is 1 octet in length. Its value is from 0 to 255. The values
are ordered with 0 being the minimum value and 255 representing the maximum
value.
3.4.4.5 Category Ranges
A category range is a 4 octet field comprised of the 2 octet index of the
highest numbered category followed by the 2 octet index of the lowest
numbered category. These range endpoints are inclusive within the range of
categories. All categories within a range are included in the sensitivity
label. This tag may contain a maximum of 7 category pairs. The bottom
category endpoint for the last pair in the tag MAY be omitted and SHOULD be
assumed to be 0. The ranges MUST be non-overlapping and be listed in
descending order. Valid values for categories are 0 to 65534. Category
65535 is not a valid category value.
3.4.5 Minimum Requirements
A CIPSO implementation MUST be capable of generating at least tag type 1 in
the non-optimized form. In addition, a CIPSO implementation MUST be able
to receive any valid tag type 1 even those using the optimized tag type 1
format.
4. Configuration Parameters
The configuration parameters defined below are required for all CIPSO hosts,
gateways, and routers that support multiple sensitivity labels. A CIPSO
host is defined to be the origination or destination system for an IP
datagram. A CIPSO gateway provides IP routing services between two or more
IP networks and may be required to perform label translations between
networks. A CIPSO gateway may be an enhanced CIPSO host or it may just
provide gateway services with no end system CIPSO capabilities. A CIPSO
router is a dedicated IP router that routes IP datagrams between two or more
IP networks.
An implementation of CIPSO on a host MUST have the capability to reject a
datagram for reasons that the information contained can not be adequately
protected by the receiving host or if acceptance may result in violation of
the host or network security policy. In addition, a CIPSO gateway or router
MUST be able to reject datagrams going to networks that can not provide
adequate protection or may violate the network's security policy. To
provide this capability the following minimal set of configuration
parameters are required for CIPSO implementations:
HOST_LABEL_MAX - This parameter contains the maximum sensitivity label that
a CIPSO host is authorized to handle. All datagrams that have a label
greater than this maximum MUST be rejected by the CIPSO host. This
parameter does not apply to CIPSO gateways or routers. This parameter need
not be defined explicitly as it can be implicitly derived from the
PORT_LABEL_MAX parameters for the associated interfaces.
Internet Draft, Expires 15 Jan 93 [PAGE 7]
CIPSO INTERNET DRAFT 16 July, 1992
HOST_LABEL_MIN - This parameter contains the minimum sensitivity label that
a CIPSO host is authorized to handle. All datagrams that have a label less
than this minimum MUST be rejected by the CIPSO host. This parameter does
not apply to CIPSO gateways or routers. This parameter need not be defined
explicitly as it can be implicitly derived from the PORT_LABEL_MIN
parameters for the associated interfaces.
PORT_LABEL_MAX - This parameter contains the maximum sensitivity label for
all datagrams that may exit a particular network interface port. All
outgoing datagrams that have a label greater than this maximum MUST be
rejected by the CIPSO system. The label within this parameter MUST be
less than or equal to the label within the HOST_LABEL_MAX parameter. This
parameter does not apply to CIPSO hosts that support only one network port.
PORT_LABEL_MIN - This parameter contains the minimum sensitivity label for
all datagrams that may exit a particular network interface port. All
outgoing datagrams that have a label less than this minimum MUST be
rejected by the CIPSO system. The label within this parameter MUST be
greater than or equal to the label within the HOST_LABEL_MIN parameter.
This parameter does not apply to CIPSO hosts that support only one network
port.
PORT_DOI - This parameter is used to assign a DOI identifier value to a
particular network interface port. All CIPSO labels within datagrams
going out this port MUST use the specified DOI identifier. All CIPSO
hosts and gateways MUST support either this parameter, the NET_DOI
parameter, or the HOST_DOI parameter.
NET_DOI - This parameter is used to assign a DOI identifier value to a
particular IP network address. All CIPSO labels within datagrams destined
for the particular IP network MUST use the specified DOI identifier. All
CIPSO hosts and gateways MUST support either this parameter, the PORT_DOI
parameter, or the HOST_DOI parameter.
HOST_DOI - This parameter is used to assign a DOI identifier value to a
particular IP host address. All CIPSO labels within datagrams destined for
the particular IP host will use the specified DOI identifier. All CIPSO
hosts and gateways MUST support either this parameter, the PORT_DOI
parameter, or the NET_DOI parameter.
This list represents the minimal set of configuration parameters required
to be compliant. Implementors are encouraged to add to this list to
provide enhanced functionality and control. For example, many security
policies may require both incoming and outgoing datagrams be checked against
the port and host label ranges.
4.1 Port Range Parameters
The labels represented by the PORT_LABEL_MAX and PORT_LABEL_MIN parameters
MAY be in CIPSO or local format. Some CIPSO systems, such as routers, may
want to have the range parameters expressed in CIPSO format so that incoming
labels do not have to be converted to a local format before being compared
against the range. If multiple DOIs are supported by one of these CIPSO
Internet Draft, Expires 15 Jan 93 [PAGE 8]
CIPSO INTERNET DRAFT 16 July, 1992
systems then multiple port range parameters would be needed, one set for
each DOI supported on a particular port.
The port range will usually represent the total set of labels that may
exist on the logical network accessed through the corresponding network
interface. It may, however, represent a subset of these labels that are
allowed to enter the CIPSO system.
4.2 Single Label CIPSO Hosts
CIPSO implementations that support only one label are not required to
support the parameters described above. These limited implementations are
only required to support a NET_LABEL parameter. This parameter contains
the CIPSO label that may be inserted in datagrams that exit the host. In
addition, the host MUST reject any incoming datagram that has a label which
is not equivalent to the NET_LABEL parameter.
5. Handling Procedures
This section describes the processing requirements for incoming and
outgoing IP datagrams. Just providing the correct CIPSO label format
is not enough. Assumptions will be made by one system on how a
receiving system will handle the CIPSO label. Wrong assumptions may
lead to non-interoperability or even a security incident. The
requirements described below represent the minimal set needed for
interoperability and that provide users some level of confidence.
Many other requirements could be added to increase user confidence,
however at the risk of restricting creativity and limiting vendor
participation.
5.1 Input Procedures
All datagrams received through a network port MUST have a security label
associated with them, either contained in the datagram or assigned to the
receiving port. Without this label the host, gateway, or router will not
have the information it needs to make security decisions. This security
label will be obtained from the CIPSO if the option is present in the
datagram. See section 4.1.2 for handling procedures for unlabeled
datagrams. This label will be compared against the PORT (if appropriate)
and HOST configuration parameters defined in section 3.
If any field within the CIPSO option, such as the DOI identifier, is not
recognized the IP datagram is discarded and an ICMP "parameter problem"
(type 12) is generated and returned. The ICMP code field is set to "bad
parameter" (code 0) and the pointer is set to the start of the CIPSO field
that is unrecognized.
If the contents of the CIPSO are valid but the security label is
outside of the configured host or port label range, the datagram is
discarded and an ICMP "destination unreachable" (type 3) is generated
and returned. The code field of the ICMP is set to "communication with
destination network administratively prohibited" (code 9) or to
Internet Draft, Expires 15 Jan 93 [PAGE 9]
CIPSO INTERNET DRAFT 16 July, 1992
"communication with destination host administratively prohibited"
(code 10). The value of the code field used is dependent upon whether
the originator of the ICMP message is acting as a CIPSO host or a CIPSO
gateway. The recipient of the ICMP message MUST be able to handle either
value. The same procedure is performed if a CIPSO can not be added to an
IP packet because it is too large to fit in the IP options area.
If the error is triggered by receipt of an ICMP message, the message
is discarded and no response is permitted (consistent with general ICMP
processing rules).
5.1.1 Unrecognized tag types
The default condition for any CIPSO implementation is that an
unrecognized tag type MUST be treated as a "parameter problem" and
handled as described in section 4.1. A CIPSO implementation MAY allow
the system administrator to identify tag types that may safely be
ignored. This capability is an allowable enhancement, not a
requirement.
5.1.2 Unlabeled Packets
A network port may be configured to not require a CIPSO label for all
incoming datagrams. For this configuration a CIPSO label must be
assigned to that network port and associated with all unlabeled IP
datagrams. This capability might be used for single level networks or
networks that have CIPSO and non-CIPSO hosts and the non-CIPSO hosts
all operate at the same label.
If a CIPSO option is required and none is found, the datagram is
discarded and an ICMP "parameter problem" (type 12) is generated and
returned to the originator of the datagram. The code field of the ICMP
is set to "option missing" (code 1) and the ICMP pointer is set to 134
(the value of the option type for the missing CIPSO option).
5.2 Output Procedures
A CIPSO option MUST appear only once in a datagram. Only one tag type
from the MAC Sensitivity class MAY be included in a CIPSO option. Given
the current set of defined tag types, this means that CIPSO labels at
first will contain only one tag.
All datagrams leaving a CIPSO system MUST meet the following condition:
PORT_LABEL_MIN <= CIPSO label <= PORT_LABEL_MAX
If this condition is not satisfied the datagram MUST be discarded.
If the CIPSO system only supports one port, the HOST_LABEL_MIN and the
HOST_LABEL_MAX parameters MAY be substituted for the PORT parameters in
the above condition.
The DOI identifier to be used for all outgoing datagrams is configured by
Internet Draft, Expires 15 Jan 93 [PAGE 10]
CIPSO INTERNET DRAFT 16 July, 1992
the administrator. If port level DOI identifier assignment is used, then
the PORT_DOI configuration parameter MUST contain the DOI identifier to
use. If network level DOI assignment is used, then the NET_DOI parameter
MUST contain the DOI identifier to use. And if host level DOI assignment
is employed, then the HOST_DOI parameter MUST contain the DOI identifier
to use. A CIPSO implementation need only support one level of DOI
assignment.
5.3 DOI Processing Requirements
A CIPSO implementation MUST support at least one DOI and SHOULD support
multiple DOIs. System and network administrators are cautioned to
ensure that at least one DOI is common within an IP network to allow for
broadcasting of IP datagrams.
CIPSO gateways MUST be capable of translating a CIPSO option from one
DOI to another when forwarding datagrams between networks. For
efficiency purposes this capability is only a desired feature for CIPSO
routers.
5.4 Label of ICMP Messages
The CIPSO label to be used on all outgoing ICMP messages MUST be equivalent
to the label of the datagram that caused the ICMP message. If the ICMP was
generated due to a problem associated with the original CIPSO label then the
following responses are allowed:
a. Use the CIPSO label of the original IP datagram
b. Drop the original datagram with no return message generated
In most cases these options will have the same effect. If you can not
interpret the label or if it is outside the label range of your host or
interface then an ICMP message with the same label will probably not be
able to exit the system.
6. Assignment of DOI Identifier Numbers =
Requests for assignment of a DOI identifier number should be addressed to
the Internet Assigned Numbers Authority (IANA).
7. Acknowledgements
Much of the material in this RFC is based on (and copied from) work
done by Gary Winiger of Sun Microsystems and published as Commercial
IP Security Option at the INTEROP 89, Commercial IPSO Workshop.
8. Author's Address
To submit mail for distribution to members of the IETF CIPSO Working
Group, send mail to: cipso@wdl1.wdl.loral.com.
Internet Draft, Expires 15 Jan 93 [PAGE 11]
CIPSO INTERNET DRAFT 16 July, 1992
To be added to or deleted from this distribution, send mail to:
cipso-request@wdl1.wdl.loral.com.
9. References
RFC 1038, "Draft Revised IP Security Option", M. St. Johns, IETF, January
1988.
RFC 1108, "U.S. Department of Defense Security Options
for the Internet Protocol", Stephen Kent, IAB, 1 March, 1991.
Internet Draft, Expires 15 Jan 93 [PAGE 12]

View file

@ -0,0 +1,46 @@
NetLabel Introduction
==============================================================================
Paul Moore, paul.moore@hp.com
August 2, 2006
* Overview
NetLabel is a mechanism which can be used by kernel security modules to attach
security attributes to outgoing network packets generated from user space
applications and read security attributes from incoming network packets. It
is composed of three main components, the protocol engines, the communication
layer, and the kernel security module API.
* Protocol Engines
The protocol engines are responsible for both applying and retrieving the
network packet's security attributes. If any translation between the network
security attributes and those on the host are required then the protocol
engine will handle those tasks as well. Other kernel subsystems should
refrain from calling the protocol engines directly, instead they should use
the NetLabel kernel security module API described below.
Detailed information about each NetLabel protocol engine can be found in this
directory, consult '00-INDEX' for filenames.
* Communication Layer
The communication layer exists to allow NetLabel configuration and monitoring
from user space. The NetLabel communication layer uses a message based
protocol built on top of the Generic NETLINK transport mechanism. The exact
formatting of these NetLabel messages as well as the Generic NETLINK family
names can be found in the the 'net/netlabel/' directory as comments in the
header files as well as in 'include/net/netlabel.h'.
* Security Module API
The purpose of the NetLabel security module API is to provide a protocol
independent interface to the underlying NetLabel protocol engines. In addition
to protocol independence, the security module API is designed to be completely
LSM independent which should allow multiple LSMs to leverage the same code
base.
Detailed information about the NetLabel security module API can be found in the
'include/net/netlabel.h' header file as well as the 'lsm_interface.txt' file
found in this directory.

View file

@ -0,0 +1,47 @@
NetLabel Linux Security Module Interface
==============================================================================
Paul Moore, paul.moore@hp.com
May 17, 2006
* Overview
NetLabel is a mechanism which can set and retrieve security attributes from
network packets. It is intended to be used by LSM developers who want to make
use of a common code base for several different packet labeling protocols.
The NetLabel security module API is defined in 'include/net/netlabel.h' but a
brief overview is given below.
* NetLabel Security Attributes
Since NetLabel supports multiple different packet labeling protocols and LSMs
it uses the concept of security attributes to refer to the packet's security
labels. The NetLabel security attributes are defined by the
'netlbl_lsm_secattr' structure in the NetLabel header file. Internally the
NetLabel subsystem converts the security attributes to and from the correct
low-level packet label depending on the NetLabel build time and run time
configuration. It is up to the LSM developer to translate the NetLabel
security attributes into whatever security identifiers are in use for their
particular LSM.
* NetLabel LSM Protocol Operations
These are the functions which allow the LSM developer to manipulate the labels
on outgoing packets as well as read the labels on incoming packets. Functions
exist to operate both on sockets as well as the sk_buffs directly. These high
level functions are translated into low level protocol operations based on how
the administrator has configured the NetLabel subsystem.
* NetLabel Label Mapping Cache Operations
Depending on the exact configuration, translation between the network packet
label and the internal LSM security identifier can be time consuming. The
NetLabel label mapping cache is a caching mechanism which can be used to
sidestep much of this overhead once a mapping has been established. Once the
LSM has received a packet, used NetLabel to decode it's security attributes,
and translated the security attributes into a LSM internal identifier the LSM
can use the NetLabel caching functions to associate the LSM internal
identifier with the network packet's label. This means that in the future
when a incoming packet matches a cached value not only are the internal
NetLabel translation mechanisms bypassed but the LSM translation mechanisms are
bypassed as well which should result in a significant reduction in overhead.

View file

@ -375,6 +375,41 @@ tcp_slow_start_after_idle - BOOLEAN
be timed out after an idle period.
Default: 1
CIPSOv4 Variables:
cipso_cache_enable - BOOLEAN
If set, enable additions to and lookups from the CIPSO label mapping
cache. If unset, additions are ignored and lookups always result in a
miss. However, regardless of the setting the cache is still
invalidated when required when means you can safely toggle this on and
off and the cache will always be "safe".
Default: 1
cipso_cache_bucket_size - INTEGER
The CIPSO label cache consists of a fixed size hash table with each
hash bucket containing a number of cache entries. This variable limits
the number of entries in each hash bucket; the larger the value the
more CIPSO label mappings that can be cached. When the number of
entries in a given hash bucket reaches this limit adding new entries
causes the oldest entry in the bucket to be removed to make room.
Default: 10
cipso_rbm_optfmt - BOOLEAN
Enable the "Optimized Tag 1 Format" as defined in section 3.4.2.6 of
the CIPSO draft specification (see Documentation/netlabel for details).
This means that when set the CIPSO tag will be padded with empty
categories in order to make the packet data 32-bit aligned.
Default: 0
cipso_rbm_structvalid - BOOLEAN
If set, do a very strict check of the CIPSO option when
ip_options_compile() is called. If unset, relax the checks done during
ip_options_compile(). Either way is "safe" as errors are caught else
where in the CIPSO processing code but setting this to 0 (False) should
result in less work (i.e. it should be faster) but could cause problems
with other implementations that require strict checking.
Default: 0
IP Variables:
ip_local_port_range - 2 INTEGERS
@ -730,6 +765,9 @@ conf/all/forwarding - BOOLEAN
This referred to as global forwarding.
proxy_ndp - BOOLEAN
Do proxy ndp.
conf/interface/*:
Change special settings per interface.

View file

@ -0,0 +1,14 @@
flowi structure:
The secid member in the flow structure is used in LSMs (e.g. SELinux) to indicate
the label of the flow. This label of the flow is currently used in selecting
matching labeled xfrm(s).
If this is an outbound flow, the label is derived from the socket, if any, or
the incoming packet this flow is being generated as a response to (e.g. tcp
resets, timewait ack, etc.). It is also conceivable that the label could be
derived from other sources such as process context, device, etc., in special
cases, as may be appropriate.
If this is an inbound flow, the label is derived from the IPSec security
associations, if any, used by the packet.

View file

@ -1912,7 +1912,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
skb->tail = skb->data + skb->len;
#ifdef USE_CHECKSUM_HW
if (vcc->vpi == 0 && vcc->vci >= ATM_NOT_RSV_VCI) {
skb->ip_summed = CHECKSUM_HW;
skb->ip_summed = CHECKSUM_COMPLETE;
skb->csum = TCP_CKSUM(skb->data,
he_vcc->pdu_len);
}

View file

@ -2077,7 +2077,7 @@ boomerang_start_xmit(struct sk_buff *skb, struct net_device *dev)
vp->tx_ring[entry].next = 0;
#if DO_ZEROCOPY
if (skb->ip_summed != CHECKSUM_HW)
if (skb->ip_summed != CHECKSUM_PARTIAL)
vp->tx_ring[entry].status = cpu_to_le32(skb->len | TxIntrUploaded);
else
vp->tx_ring[entry].status = cpu_to_le32(skb->len | TxIntrUploaded | AddTCPChksum | AddUDPChksum);

View file

@ -813,7 +813,7 @@ static int cp_start_xmit (struct sk_buff *skb, struct net_device *dev)
if (mss)
flags |= LargeSend | ((mss & MSSMask) << MSSShift);
else if (skb->ip_summed == CHECKSUM_HW) {
else if (skb->ip_summed == CHECKSUM_PARTIAL) {
const struct iphdr *ip = skb->nh.iph;
if (ip->protocol == IPPROTO_TCP)
flags |= IPCS | TCPCS;
@ -867,7 +867,7 @@ static int cp_start_xmit (struct sk_buff *skb, struct net_device *dev)
if (mss)
ctrl |= LargeSend |
((mss & MSSMask) << MSSShift);
else if (skb->ip_summed == CHECKSUM_HW) {
else if (skb->ip_summed == CHECKSUM_PARTIAL) {
if (ip->protocol == IPPROTO_TCP)
ctrl |= IPCS | TCPCS;
else if (ip->protocol == IPPROTO_UDP)
@ -898,7 +898,7 @@ static int cp_start_xmit (struct sk_buff *skb, struct net_device *dev)
txd->addr = cpu_to_le64(first_mapping);
wmb();
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
if (ip->protocol == IPPROTO_TCP)
txd->opts1 = cpu_to_le32(first_eor | first_len |
FirstFrag | DescOwn |

View file

@ -2040,7 +2040,7 @@ static void ace_rx_int(struct net_device *dev, u32 rxretprd, u32 rxretcsm)
*/
if (bd_flags & BD_FLG_TCP_UDP_SUM) {
skb->csum = htons(csum);
skb->ip_summed = CHECKSUM_HW;
skb->ip_summed = CHECKSUM_COMPLETE;
} else {
skb->ip_summed = CHECKSUM_NONE;
}
@ -2511,7 +2511,7 @@ static int ace_start_xmit(struct sk_buff *skb, struct net_device *dev)
mapping = ace_map_tx_skb(ap, skb, skb, idx);
flagsize = (skb->len << 16) | (BD_FLG_END);
if (skb->ip_summed == CHECKSUM_HW)
if (skb->ip_summed == CHECKSUM_PARTIAL)
flagsize |= BD_FLG_TCP_UDP_SUM;
#if ACENIC_DO_VLAN
if (vlan_tx_tag_present(skb)) {
@ -2534,7 +2534,7 @@ static int ace_start_xmit(struct sk_buff *skb, struct net_device *dev)
mapping = ace_map_tx_skb(ap, skb, NULL, idx);
flagsize = (skb_headlen(skb) << 16);
if (skb->ip_summed == CHECKSUM_HW)
if (skb->ip_summed == CHECKSUM_PARTIAL)
flagsize |= BD_FLG_TCP_UDP_SUM;
#if ACENIC_DO_VLAN
if (vlan_tx_tag_present(skb)) {
@ -2560,7 +2560,7 @@ static int ace_start_xmit(struct sk_buff *skb, struct net_device *dev)
PCI_DMA_TODEVICE);
flagsize = (frag->size << 16);
if (skb->ip_summed == CHECKSUM_HW)
if (skb->ip_summed == CHECKSUM_PARTIAL)
flagsize |= BD_FLG_TCP_UDP_SUM;
idx = (idx + 1) % ACE_TX_RING_ENTRIES(ap);

View file

@ -161,6 +161,7 @@ static struct pci_device_id com20020pci_id_table[] = {
{ 0x1571, 0xa204, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ARC_CAN_10MBIT },
{ 0x1571, 0xa205, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ARC_CAN_10MBIT },
{ 0x1571, 0xa206, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ARC_CAN_10MBIT },
{ 0x10B5, 0x9030, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ARC_CAN_10MBIT },
{ 0x10B5, 0x9050, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ARC_CAN_10MBIT },
{0,}
};

View file

@ -4423,7 +4423,7 @@ bnx2_start_xmit(struct sk_buff *skb, struct net_device *dev)
ring_prod = TX_RING_IDX(prod);
vlan_tag_flags = 0;
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
vlan_tag_flags |= TX_BD_FLAGS_TCP_UDP_CKSUM;
}

View file

@ -2167,7 +2167,7 @@ static int cas_rx_process_pkt(struct cas *cp, struct cas_rx_comp *rxc,
cas_page_unmap(addr);
}
skb->csum = ntohs(i ^ 0xffff);
skb->ip_summed = CHECKSUM_HW;
skb->ip_summed = CHECKSUM_COMPLETE;
skb->protocol = eth_type_trans(skb, cp->dev);
return len;
}
@ -2821,7 +2821,7 @@ static inline int cas_xmit_tx_ringN(struct cas *cp, int ring,
}
ctrl = 0;
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
u64 csum_start_off, csum_stuff_off;
csum_start_off = (u64) (skb->h.raw - skb->data);

View file

@ -1470,9 +1470,9 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
}
if (!(adapter->flags & UDP_CSUM_CAPABLE) &&
skb->ip_summed == CHECKSUM_HW &&
skb->ip_summed == CHECKSUM_PARTIAL &&
skb->nh.iph->protocol == IPPROTO_UDP)
if (unlikely(skb_checksum_help(skb, 0))) {
if (unlikely(skb_checksum_help(skb))) {
dev_kfree_skb_any(skb);
return NETDEV_TX_OK;
}
@ -1495,11 +1495,11 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
cpl = (struct cpl_tx_pkt *)__skb_push(skb, sizeof(*cpl));
cpl->opcode = CPL_TX_PKT;
cpl->ip_csum_dis = 1; /* SW calculates IP csum */
cpl->l4_csum_dis = skb->ip_summed == CHECKSUM_HW ? 0 : 1;
cpl->l4_csum_dis = skb->ip_summed == CHECKSUM_PARTIAL ? 0 : 1;
/* the length field isn't used so don't bother setting it */
st->tx_cso += (skb->ip_summed == CHECKSUM_HW);
sge->stats.tx_do_cksum += (skb->ip_summed == CHECKSUM_HW);
st->tx_cso += (skb->ip_summed == CHECKSUM_PARTIAL);
sge->stats.tx_do_cksum += (skb->ip_summed == CHECKSUM_PARTIAL);
sge->stats.tx_reg_pkts++;
}
cpl->iff = dev->if_port;

View file

@ -611,7 +611,7 @@ start_xmit (struct sk_buff *skb, struct net_device *dev)
txdesc = &np->tx_ring[entry];
#if 0
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
txdesc->status |=
cpu_to_le64 (TCPChecksumEnable | UDPChecksumEnable |
IPChecksumEnable);

View file

@ -2600,7 +2600,7 @@ e1000_tx_csum(struct e1000_adapter *adapter, struct e1000_tx_ring *tx_ring,
unsigned int i;
uint8_t css;
if (likely(skb->ip_summed == CHECKSUM_HW)) {
if (likely(skb->ip_summed == CHECKSUM_PARTIAL)) {
css = skb->h.raw - skb->data;
i = tx_ring->next_to_use;
@ -2927,11 +2927,11 @@ e1000_xmit_frame(struct sk_buff *skb, struct net_device *netdev)
}
/* reserve a descriptor for the offload context */
if ((mss) || (skb->ip_summed == CHECKSUM_HW))
if ((mss) || (skb->ip_summed == CHECKSUM_PARTIAL))
count++;
count++;
#else
if (skb->ip_summed == CHECKSUM_HW)
if (skb->ip_summed == CHECKSUM_PARTIAL)
count++;
#endif
@ -3608,7 +3608,7 @@ e1000_rx_checksum(struct e1000_adapter *adapter,
*/
csum = ntohl(csum ^ 0xFFFF);
skb->csum = csum;
skb->ip_summed = CHECKSUM_HW;
skb->ip_summed = CHECKSUM_COMPLETE;
}
adapter->hw_csum_good++;
}

View file

@ -1503,7 +1503,8 @@ static int nv_start_xmit(struct sk_buff *skb, struct net_device *dev)
tx_flags_extra = NV_TX2_TSO | (skb_shinfo(skb)->gso_size << NV_TX2_TSO_SHIFT);
else
#endif
tx_flags_extra = (skb->ip_summed == CHECKSUM_HW ? (NV_TX2_CHECKSUM_L3|NV_TX2_CHECKSUM_L4) : 0);
tx_flags_extra = skb->ip_summed == CHECKSUM_PARTIAL ?
NV_TX2_CHECKSUM_L3 | NV_TX2_CHECKSUM_L4 : 0;
/* vlan tag */
if (np->vlangrp && vlan_tx_tag_present(skb)) {

View file

@ -947,7 +947,7 @@ static int gfar_start_xmit(struct sk_buff *skb, struct net_device *dev)
/* Set up checksumming */
if (likely((dev->features & NETIF_F_IP_CSUM)
&& (CHECKSUM_HW == skb->ip_summed))) {
&& (CHECKSUM_PARTIAL == skb->ip_summed))) {
fcb = gfar_add_fcb(skb, txbdp);
status |= TXBD_TOE;
gfar_tx_checksum(skb, fcb);

View file

@ -1648,7 +1648,7 @@ static int hamachi_rx(struct net_device *dev)
* could do the pseudo myself and return
* CHECKSUM_UNNECESSARY
*/
skb->ip_summed = CHECKSUM_HW;
skb->ip_summed = CHECKSUM_COMPLETE;
}
}
}

View file

@ -1036,7 +1036,7 @@ static inline u16 emac_tx_csum(struct ocp_enet_private *dev,
struct sk_buff *skb)
{
#if defined(CONFIG_IBM_EMAC_TAH)
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
++dev->stats.tx_packets_csum;
return EMAC_TX_CTRL_TAH_CSUM;
}

View file

@ -1387,7 +1387,7 @@ static int ioc3_start_xmit(struct sk_buff *skb, struct net_device *dev)
* MAC header which should not be summed and the TCP/UDP pseudo headers
* manually.
*/
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
int proto = ntohs(skb->nh.iph->protocol);
unsigned int csoff;
struct iphdr *ih = skb->nh.iph;

View file

@ -249,7 +249,7 @@ static void __exit ali_ircc_cleanup(void)
IRDA_DEBUG(2, "%s(), ---------------- Start ----------------\n", __FUNCTION__);
for (i=0; i < 4; i++) {
for (i=0; i < ARRAY_SIZE(dev_self); i++) {
if (dev_self[i])
ali_ircc_close(dev_self[i]);
}
@ -273,6 +273,12 @@ static int ali_ircc_open(int i, chipio_t *info)
int err;
IRDA_DEBUG(2, "%s(), ---------------- Start ----------------\n", __FUNCTION__);
if (i >= ARRAY_SIZE(dev_self)) {
IRDA_ERROR("%s(), maximum number of supported chips reached!\n",
__FUNCTION__);
return -ENOMEM;
}
/* Set FIR FIFO and DMA Threshold */
if ((ali_ircc_setup(info)) == -1)

View file

@ -1090,7 +1090,7 @@ static int __init irport_init(void)
{
int i;
for (i=0; (io[i] < 2000) && (i < 4); i++) {
for (i=0; (io[i] < 2000) && (i < ARRAY_SIZE(dev_self)); i++) {
if (irport_open(i, io[i], irq[i]) != NULL)
return 0;
}
@ -1112,7 +1112,7 @@ static void __exit irport_cleanup(void)
IRDA_DEBUG( 4, "%s()\n", __FUNCTION__);
for (i=0; i < 4; i++) {
for (i=0; i < ARRAY_SIZE(dev_self); i++) {
if (dev_self[i])
irport_close(dev_self[i]);
}

View file

@ -279,7 +279,7 @@ static void via_ircc_clean(void)
IRDA_DEBUG(3, "%s()\n", __FUNCTION__);
for (i=0; i < 4; i++) {
for (i=0; i < ARRAY_SIZE(dev_self); i++) {
if (dev_self[i])
via_ircc_close(dev_self[i]);
}
@ -327,6 +327,9 @@ static __devinit int via_ircc_open(int i, chipio_t * info, unsigned int id)
IRDA_DEBUG(3, "%s()\n", __FUNCTION__);
if (i >= ARRAY_SIZE(dev_self))
return -ENOMEM;
/* Allocate new instance of the driver */
dev = alloc_irdadev(sizeof(struct via_ircc_cb));
if (dev == NULL)

View file

@ -117,7 +117,7 @@ static int __init w83977af_init(void)
IRDA_DEBUG(0, "%s()\n", __FUNCTION__ );
for (i=0; (io[i] < 2000) && (i < 4); i++) {
for (i=0; (io[i] < 2000) && (i < ARRAY_SIZE(dev_self)); i++) {
if (w83977af_open(i, io[i], irq[i], dma[i]) == 0)
return 0;
}
@ -136,7 +136,7 @@ static void __exit w83977af_cleanup(void)
IRDA_DEBUG(4, "%s()\n", __FUNCTION__ );
for (i=0; i < 4; i++) {
for (i=0; i < ARRAY_SIZE(dev_self); i++) {
if (dev_self[i])
w83977af_close(dev_self[i]);
}

View file

@ -1232,7 +1232,7 @@ ixgb_tx_csum(struct ixgb_adapter *adapter, struct sk_buff *skb)
unsigned int i;
uint8_t css, cso;
if(likely(skb->ip_summed == CHECKSUM_HW)) {
if(likely(skb->ip_summed == CHECKSUM_PARTIAL)) {
css = skb->h.raw - skb->data;
cso = (skb->h.raw + skb->csum) - skb->data;

View file

@ -1147,7 +1147,7 @@ static void eth_tx_submit_descs_for_skb(struct mv643xx_private *mp,
desc->byte_cnt = length;
desc->buf_ptr = dma_map_single(NULL, skb->data, length, DMA_TO_DEVICE);
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
BUG_ON(skb->protocol != ETH_P_IP);
cmd_sts |= ETH_GEN_TCP_UDP_CHECKSUM |

View file

@ -930,7 +930,7 @@ static inline void myri10ge_vlan_ip_csum(struct sk_buff *skb, u16 hw_csum)
(vh->h_vlan_encapsulated_proto == htons(ETH_P_IP) ||
vh->h_vlan_encapsulated_proto == htons(ETH_P_IPV6))) {
skb->csum = hw_csum;
skb->ip_summed = CHECKSUM_HW;
skb->ip_summed = CHECKSUM_COMPLETE;
}
}
@ -973,7 +973,7 @@ myri10ge_rx_done(struct myri10ge_priv *mgp, struct myri10ge_rx_buf *rx,
if ((skb->protocol == ntohs(ETH_P_IP)) ||
(skb->protocol == ntohs(ETH_P_IPV6))) {
skb->csum = ntohs((u16) csum);
skb->ip_summed = CHECKSUM_HW;
skb->ip_summed = CHECKSUM_COMPLETE;
} else
myri10ge_vlan_ip_csum(skb, ntohs((u16) csum));
}
@ -1897,13 +1897,13 @@ static int myri10ge_xmit(struct sk_buff *skb, struct net_device *dev)
pseudo_hdr_offset = 0;
odd_flag = 0;
flags = (MXGEFW_FLAGS_NO_TSO | MXGEFW_FLAGS_FIRST);
if (likely(skb->ip_summed == CHECKSUM_HW)) {
if (likely(skb->ip_summed == CHECKSUM_PARTIAL)) {
cksum_offset = (skb->h.raw - skb->data);
pseudo_hdr_offset = (skb->h.raw + skb->csum) - skb->data;
/* If the headers are excessively large, then we must
* fall back to a software checksum */
if (unlikely(cksum_offset > 255 || pseudo_hdr_offset > 127)) {
if (skb_checksum_help(skb, 0))
if (skb_checksum_help(skb))
goto drop;
cksum_offset = 0;
pseudo_hdr_offset = 0;

View file

@ -1153,7 +1153,7 @@ static int ns83820_hard_start_xmit(struct sk_buff *skb, struct net_device *ndev)
if (!nr_frags)
frag = NULL;
extsts = 0;
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
extsts |= EXTSTS_IPPKT;
if (IPPROTO_TCP == skb->nh.iph->protocol)
extsts |= EXTSTS_TCPPKT;

View file

@ -2169,7 +2169,7 @@ static inline u32 rtl8169_tso_csum(struct sk_buff *skb, struct net_device *dev)
if (mss)
return LargeSend | ((mss & MSSMask) << MSSShift);
}
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
const struct iphdr *ip = skb->nh.iph;
if (ip->protocol == IPPROTO_TCP)

View file

@ -3893,7 +3893,7 @@ static int s2io_xmit(struct sk_buff *skb, struct net_device *dev)
txdp->Control_1 |= TXD_TCP_LSO_MSS(s2io_tcp_mss(skb));
}
#endif
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
txdp->Control_2 |=
(TXD_TX_CKO_IPV4_EN | TXD_TX_CKO_TCP_EN |
TXD_TX_CKO_UDP_EN);

View file

@ -1559,7 +1559,7 @@ struct sk_buff *pMessage) /* pointer to send-message */
pTxd->VDataHigh = (SK_U32) (PhysAddr >> 32);
pTxd->pMBuf = pMessage;
if (pMessage->ip_summed == CHECKSUM_HW) {
if (pMessage->ip_summed == CHECKSUM_PARTIAL) {
u16 hdrlen = pMessage->h.raw - pMessage->data;
u16 offset = hdrlen + pMessage->csum;
@ -1678,7 +1678,7 @@ struct sk_buff *pMessage) /* pointer to send-message */
/*
** Does the HW need to evaluate checksum for TCP or UDP packets?
*/
if (pMessage->ip_summed == CHECKSUM_HW) {
if (pMessage->ip_summed == CHECKSUM_PARTIAL) {
u16 hdrlen = pMessage->h.raw - pMessage->data;
u16 offset = hdrlen + pMessage->csum;
@ -2158,7 +2158,7 @@ SK_U64 PhysAddr;
#ifdef USE_SK_RX_CHECKSUM
pMsg->csum = pRxd->TcpSums & 0xffff;
pMsg->ip_summed = CHECKSUM_HW;
pMsg->ip_summed = CHECKSUM_COMPLETE;
#else
pMsg->ip_summed = CHECKSUM_NONE;
#endif

View file

@ -2338,7 +2338,7 @@ static int skge_xmit_frame(struct sk_buff *skb, struct net_device *dev)
td->dma_lo = map;
td->dma_hi = map >> 32;
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
int offset = skb->h.raw - skb->data;
/* This seems backwards, but it is what the sk98lin
@ -2642,7 +2642,7 @@ static inline struct sk_buff *skge_rx_get(struct skge_port *skge,
skb->dev = skge->netdev;
if (skge->rx_csum) {
skb->csum = csum;
skb->ip_summed = CHECKSUM_HW;
skb->ip_summed = CHECKSUM_COMPLETE;
}
skb->protocol = eth_type_trans(skb, skge->netdev);

View file

@ -1163,7 +1163,7 @@ static unsigned tx_le_req(const struct sk_buff *skb)
if (skb_is_gso(skb))
++count;
if (skb->ip_summed == CHECKSUM_HW)
if (skb->ip_summed == CHECKSUM_PARTIAL)
++count;
return count;
@ -1272,7 +1272,7 @@ static int sky2_xmit_frame(struct sk_buff *skb, struct net_device *dev)
#endif
/* Handle TCP checksum offload */
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
u16 hdr = skb->h.raw - skb->data;
u16 offset = hdr + skb->csum;
@ -2000,7 +2000,7 @@ static int sky2_status_intr(struct sky2_hw *hw, int to_do)
#endif
case OP_RXCHKS:
skb = sky2->rx_ring[sky2->rx_next].skb;
skb->ip_summed = CHECKSUM_HW;
skb->ip_summed = CHECKSUM_COMPLETE;
skb->csum = le16_to_cpu(status);
break;

View file

@ -1230,7 +1230,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev)
}
#if defined(ZEROCOPY) && defined(HAS_BROKEN_FIRMWARE)
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
if (skb_padto(skb, (skb->len + PADDING_MASK) & ~PADDING_MASK))
return NETDEV_TX_OK;
}
@ -1252,7 +1252,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev)
status |= TxDescIntr;
np->reap_tx = 0;
}
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
status |= TxCalTCP;
np->stats.tx_compressed++;
}
@ -1499,7 +1499,7 @@ static int __netdev_rx(struct net_device *dev, int *quota)
* Until then, the printk stays. :-) -Ion
*/
else if (le16_to_cpu(desc->status2) & 0x0040) {
skb->ip_summed = CHECKSUM_HW;
skb->ip_summed = CHECKSUM_COMPLETE;
skb->csum = le16_to_cpu(desc->csum);
printk(KERN_DEBUG "%s: checksum_hw, status2 = %#x\n", dev->name, le16_to_cpu(desc->status2));
}

View file

@ -855,7 +855,7 @@ static int gem_rx(struct gem *gp, int work_to_do)
}
skb->csum = ntohs((status & RXDCTRL_TCPCSUM) ^ 0xffff);
skb->ip_summed = CHECKSUM_HW;
skb->ip_summed = CHECKSUM_COMPLETE;
skb->protocol = eth_type_trans(skb, gp->dev);
netif_receive_skb(skb);
@ -1026,7 +1026,7 @@ static int gem_start_xmit(struct sk_buff *skb, struct net_device *dev)
unsigned long flags;
ctrl = 0;
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
u64 csum_start_off, csum_stuff_off;
csum_start_off = (u64) (skb->h.raw - skb->data);

View file

@ -1207,7 +1207,7 @@ static void happy_meal_transceiver_check(struct happy_meal *hp, void __iomem *tr
* flags, thus:
*
* skb->csum = rxd->rx_flags & 0xffff;
* skb->ip_summed = CHECKSUM_HW;
* skb->ip_summed = CHECKSUM_COMPLETE;
*
* before sending off the skb to the protocols, and we are good as gold.
*/
@ -2074,7 +2074,7 @@ static void happy_meal_rx(struct happy_meal *hp, struct net_device *dev)
/* This card is _fucking_ hot... */
skb->csum = ntohs(csum ^ 0xffff);
skb->ip_summed = CHECKSUM_HW;
skb->ip_summed = CHECKSUM_COMPLETE;
RXD(("len=%d csum=%4x]", len, csum));
skb->protocol = eth_type_trans(skb, dev);
@ -2268,7 +2268,7 @@ static int happy_meal_start_xmit(struct sk_buff *skb, struct net_device *dev)
u32 tx_flags;
tx_flags = TXFLAG_OWN;
if (skb->ip_summed == CHECKSUM_HW) {
if (skb->ip_summed == CHECKSUM_PARTIAL) {
u32 csum_start_off, csum_stuff_off;
csum_start_off = (u32) (skb->h.raw - skb->data);

View file

@ -149,122 +149,67 @@ module_param(tg3_debug, int, 0);
MODULE_PARM_DESC(tg3_debug, "Tigon3 bitmapped debugging message enable value");
static struct pci_device_id tg3_pci_tbl[] = {
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5700,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5701,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5703,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5704,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702FE,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705_2,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705M,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705M_2,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702X,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5703X,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5704S,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702A3,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5703A3,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5782,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5788,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5789,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5901,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5901_2,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5704S_2,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705F,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5720,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5721,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5750,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5751,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5750M,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5751M,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5751F,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5752,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5752M,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5753,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5753M,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5753F,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5754,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5754M,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5755,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5755M,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5786,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5787,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5787M,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5714,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5714S,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5715,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5715S,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5780,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5780S,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5781,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_SYSKONNECT, PCI_DEVICE_ID_SYSKONNECT_9DXX,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_SYSKONNECT, PCI_DEVICE_ID_SYSKONNECT_9MXX,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1000,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1001,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1003,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC9100,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ PCI_VENDOR_ID_APPLE, PCI_DEVICE_ID_APPLE_TIGON3,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
{ 0, }
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5700)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5701)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5703)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5704)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702FE)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705_2)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705M)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705M_2)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702X)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5703X)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5704S)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702A3)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5703A3)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5782)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5788)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5789)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5901)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5901_2)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5704S_2)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705F)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5720)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5721)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5750)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5751)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5750M)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5751M)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5751F)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5752)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5752M)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5753)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5753M)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5753F)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5754)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5754M)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5755)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5755M)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5786)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5787)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5787M)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5714)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5714S)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5715)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5715S)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5780)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5780S)},
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5781)},
{PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, PCI_DEVICE_ID_SYSKONNECT_9DXX)},
{PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, PCI_DEVICE_ID_SYSKONNECT_9MXX)},
{PCI_DEVICE(PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1000)},
{PCI_DEVICE(PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1001)},
{PCI_DEVICE(PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1003)},
{PCI_DEVICE(PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC9100)},
{PCI_DEVICE(PCI_VENDOR_ID_APPLE, PCI_DEVICE_ID_APPLE_TIGON3)},
{}
};
MODULE_DEVICE_TABLE(pci, tg3_pci_tbl);
static struct {
static const struct {
const char string[ETH_GSTRING_LEN];
} ethtool_stats_keys[TG3_NUM_STATS] = {
{ "rx_octets" },
@ -345,7 +290,7 @@ static struct {
{ "nic_tx_threshold_hit" }
};
static struct {
static const struct {
const char string[ETH_GSTRING_LEN];
} ethtool_test_keys[TG3_NUM_TEST] = {
{ "nvram test (online) " },
@ -3851,11 +3796,11 @@ static int tg3_start_xmit(struct sk_buff *skb, struct net_device *dev)
skb->h.th->check = 0;
}
else if (skb->ip_summed == CHECKSUM_HW)
else if (skb->ip_summed == CHECKSUM_PARTIAL)
base_flags |= TXD_FLAG_TCPUDP_CSUM;
#else
mss = 0;
if (skb->ip_summed == CHECKSUM_HW)
if (skb->ip_summed == CHECKSUM_PARTIAL)
base_flags |= TXD_FLAG_TCPUDP_CSUM;
#endif
#if TG3_VLAN_TAG_USED
@ -3981,7 +3926,7 @@ static int tg3_start_xmit_dma_bug(struct sk_buff *skb, struct net_device *dev)
entry = tp->tx_prod;
base_flags = 0;
if (skb->ip_summed == CHECKSUM_HW)
if (skb->ip_summed == CHECKSUM_PARTIAL)
base_flags |= TXD_FLAG_TCPUDP_CSUM;
#if TG3_TSO_SUPPORT != 0
mss = 0;
@ -4969,7 +4914,7 @@ static int tg3_halt(struct tg3 *tp, int kind, int silent)
#define TG3_FW_BSS_ADDR 0x08000a70
#define TG3_FW_BSS_LEN 0x10
static u32 tg3FwText[(TG3_FW_TEXT_LEN / sizeof(u32)) + 1] = {
static const u32 tg3FwText[(TG3_FW_TEXT_LEN / sizeof(u32)) + 1] = {
0x00000000, 0x10000003, 0x00000000, 0x0000000d, 0x0000000d, 0x3c1d0800,
0x37bd3ffc, 0x03a0f021, 0x3c100800, 0x26100000, 0x0e000018, 0x00000000,
0x0000000d, 0x3c1d0800, 0x37bd3ffc, 0x03a0f021, 0x3c100800, 0x26100034,
@ -5063,7 +5008,7 @@ static u32 tg3FwText[(TG3_FW_TEXT_LEN / sizeof(u32)) + 1] = {
0x27bd0008, 0x03e00008, 0x00000000, 0x00000000, 0x00000000
};
static u32 tg3FwRodata[(TG3_FW_RODATA_LEN / sizeof(u32)) + 1] = {
static const u32 tg3FwRodata[(TG3_FW_RODATA_LEN / sizeof(u32)) + 1] = {
0x35373031, 0x726c7341, 0x00000000, 0x00000000, 0x53774576, 0x656e7430,
0x00000000, 0x726c7045, 0x76656e74, 0x31000000, 0x556e6b6e, 0x45766e74,
0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x66617461, 0x6c457272,
@ -5128,13 +5073,13 @@ static int tg3_halt_cpu(struct tg3 *tp, u32 offset)
struct fw_info {
unsigned int text_base;
unsigned int text_len;
u32 *text_data;
const u32 *text_data;
unsigned int rodata_base;
unsigned int rodata_len;
u32 *rodata_data;
const u32 *rodata_data;
unsigned int data_base;
unsigned int data_len;
u32 *data_data;
const u32 *data_data;
};
/* tp->lock is held. */
@ -5266,7 +5211,7 @@ static int tg3_load_5701_a0_firmware_fix(struct tg3 *tp)
#define TG3_TSO_FW_BSS_ADDR 0x08001b80
#define TG3_TSO_FW_BSS_LEN 0x894
static u32 tg3TsoFwText[(TG3_TSO_FW_TEXT_LEN / 4) + 1] = {
static const u32 tg3TsoFwText[(TG3_TSO_FW_TEXT_LEN / 4) + 1] = {
0x0e000003, 0x00000000, 0x08001b24, 0x00000000, 0x10000003, 0x00000000,
0x0000000d, 0x0000000d, 0x3c1d0800, 0x37bd4000, 0x03a0f021, 0x3c100800,
0x26100000, 0x0e000010, 0x00000000, 0x0000000d, 0x27bdffe0, 0x3c04fefe,
@ -5553,7 +5498,7 @@ static u32 tg3TsoFwText[(TG3_TSO_FW_TEXT_LEN / 4) + 1] = {
0xac470014, 0xac4a0018, 0x03e00008, 0xac4b001c, 0x00000000, 0x00000000,
};
static u32 tg3TsoFwRodata[] = {
static const u32 tg3TsoFwRodata[] = {
0x4d61696e, 0x43707542, 0x00000000, 0x4d61696e, 0x43707541, 0x00000000,
0x00000000, 0x00000000, 0x73746b6f, 0x66666c64, 0x496e0000, 0x73746b6f,
0x66662a2a, 0x00000000, 0x53774576, 0x656e7430, 0x00000000, 0x00000000,
@ -5561,7 +5506,7 @@ static u32 tg3TsoFwRodata[] = {
0x00000000,
};
static u32 tg3TsoFwData[] = {
static const u32 tg3TsoFwData[] = {
0x00000000, 0x73746b6f, 0x66666c64, 0x5f76312e, 0x362e3000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000,
@ -5583,7 +5528,7 @@ static u32 tg3TsoFwData[] = {
#define TG3_TSO5_FW_BSS_ADDR 0x00010f50
#define TG3_TSO5_FW_BSS_LEN 0x88
static u32 tg3Tso5FwText[(TG3_TSO5_FW_TEXT_LEN / 4) + 1] = {
static const u32 tg3Tso5FwText[(TG3_TSO5_FW_TEXT_LEN / 4) + 1] = {
0x0c004003, 0x00000000, 0x00010f04, 0x00000000, 0x10000003, 0x00000000,
0x0000000d, 0x0000000d, 0x3c1d0001, 0x37bde000, 0x03a0f021, 0x3c100001,
0x26100000, 0x0c004010, 0x00000000, 0x0000000d, 0x27bdffe0, 0x3c04fefe,
@ -5742,14 +5687,14 @@ static u32 tg3Tso5FwText[(TG3_TSO5_FW_TEXT_LEN / 4) + 1] = {
0x00000000, 0x00000000, 0x00000000,
};
static u32 tg3Tso5FwRodata[(TG3_TSO5_FW_RODATA_LEN / 4) + 1] = {
static const u32 tg3Tso5FwRodata[(TG3_TSO5_FW_RODATA_LEN / 4) + 1] = {
0x4d61696e, 0x43707542, 0x00000000, 0x4d61696e, 0x43707541, 0x00000000,
0x00000000, 0x00000000, 0x73746b6f, 0x66666c64, 0x00000000, 0x00000000,
0x73746b6f, 0x66666c64, 0x00000000, 0x00000000, 0x66617461, 0x6c457272,
0x00000000, 0x00000000, 0x00000000,
};
static u32 tg3Tso5FwData[(TG3_TSO5_FW_DATA_LEN / 4) + 1] = {
static const u32 tg3Tso5FwData[(TG3_TSO5_FW_DATA_LEN / 4) + 1] = {
0x00000000, 0x73746b6f, 0x66666c64, 0x5f76312e, 0x322e3000, 0x00000000,
0x00000000, 0x00000000, 0x00000000,
};

View file

@ -830,7 +830,7 @@ typhoon_start_tx(struct sk_buff *skb, struct net_device *dev)
first_txd->addrHi = (u64)((unsigned long) skb) >> 32;
first_txd->processFlags = 0;
if(skb->ip_summed == CHECKSUM_HW) {
if(skb->ip_summed == CHECKSUM_PARTIAL) {
/* The 3XP will figure out if this is UDP/TCP */
first_txd->processFlags |= TYPHOON_TX_PF_TCP_CHKSUM;
first_txd->processFlags |= TYPHOON_TX_PF_UDP_CHKSUM;

View file

@ -1230,7 +1230,7 @@ static int rhine_start_tx(struct sk_buff *skb, struct net_device *dev)
rp->tx_skbuff[entry] = skb;
if ((rp->quirks & rqRhineI) &&
(((unsigned long)skb->data & 3) || skb_shinfo(skb)->nr_frags != 0 || skb->ip_summed == CHECKSUM_HW)) {
(((unsigned long)skb->data & 3) || skb_shinfo(skb)->nr_frags != 0 || skb->ip_summed == CHECKSUM_PARTIAL)) {
/* Must use alignment buffer. */
if (skb->len > PKT_BUF_SZ) {
/* packet too long, drop it */

View file

@ -2002,7 +2002,7 @@ static int velocity_xmit(struct sk_buff *skb, struct net_device *dev)
* Handle hardware checksum
*/
if ((vptr->flags & VELOCITY_FLAGS_TX_CSUM)
&& (skb->ip_summed == CHECKSUM_HW)) {
&& (skb->ip_summed == CHECKSUM_PARTIAL)) {
struct iphdr *ip = skb->nh.iph;
if (ip->protocol == IPPROTO_TCP)
td_ptr->tdesc1.TCR |= TCR0_TCPCK;

View file

@ -114,7 +114,7 @@ extern void *__init alloc_large_system_hash(const char *tablename,
#else
#define HASHDIST_DEFAULT 0
#endif
extern int __initdata hashdist; /* Distribute hashes across NUMA nodes? */
extern int hashdist; /* Distribute hashes across NUMA nodes? */
#endif /* _LINUX_BOOTMEM_H */

View file

@ -438,6 +438,7 @@ struct dccp_ackvec;
* @dccps_role - Role of this sock, one of %dccp_role
* @dccps_ndp_count - number of Non Data Packets since last data packet
* @dccps_hc_rx_ackvec - rx half connection ack vector
* @dccps_xmit_timer - timer for when CCID is not ready to send
*/
struct dccp_sock {
/* inet_connection_sock has to be the first member of dccp_sock */
@ -470,6 +471,7 @@ struct dccp_sock {
enum dccp_role dccps_role:2;
__u8 dccps_hc_rx_insert_options:1;
__u8 dccps_hc_tx_insert_options:1;
struct timer_list dccps_xmit_timer;
};
static inline struct dccp_sock *dccp_sk(const struct sock *sk)

65
include/linux/fib_rules.h Normal file
View file

@ -0,0 +1,65 @@
#ifndef __LINUX_FIB_RULES_H
#define __LINUX_FIB_RULES_H
#include <linux/types.h>
#include <linux/rtnetlink.h>
/* rule is permanent, and cannot be deleted */
#define FIB_RULE_PERMANENT 1
struct fib_rule_hdr
{
__u8 family;
__u8 dst_len;
__u8 src_len;
__u8 tos;
__u8 table;
__u8 res1; /* reserved */
__u8 res2; /* reserved */
__u8 action;
__u32 flags;
};
enum
{
FRA_UNSPEC,
FRA_DST, /* destination address */
FRA_SRC, /* source address */
FRA_IFNAME, /* interface name */
FRA_UNUSED1,
FRA_UNUSED2,
FRA_PRIORITY, /* priority/preference */
FRA_UNUSED3,
FRA_UNUSED4,
FRA_UNUSED5,
FRA_FWMARK, /* netfilter mark */
FRA_FLOW, /* flow/class id */
FRA_UNUSED6,
FRA_UNUSED7,
FRA_UNUSED8,
FRA_TABLE, /* Extended table id */
FRA_FWMASK, /* mask for netfilter mark */
__FRA_MAX
};
#define FRA_MAX (__FRA_MAX - 1)
enum
{
FR_ACT_UNSPEC,
FR_ACT_TO_TBL, /* Pass to fixed table */
FR_ACT_RES1,
FR_ACT_RES2,
FR_ACT_RES3,
FR_ACT_RES4,
FR_ACT_BLACKHOLE, /* Drop without notification */
FR_ACT_UNREACHABLE, /* Drop with ENETUNREACH */
FR_ACT_PROHIBIT, /* Drop with EACCES */
__FR_ACT_MAX,
};
#define FR_ACT_MAX (__FR_ACT_MAX - 1)
#endif

View file

@ -25,10 +25,10 @@
struct sock_filter /* Filter block */
{
__u16 code; /* Actual filter code */
__u8 jt; /* Jump true */
__u8 jf; /* Jump false */
__u32 k; /* Generic multiuse field */
__u16 code; /* Actual filter code */
__u8 jt; /* Jump true */
__u8 jf; /* Jump false */
__u32 k; /* Generic multiuse field */
};
struct sock_fprog /* Required for SO_ATTACH_FILTER. */
@ -41,8 +41,9 @@ struct sock_fprog /* Required for SO_ATTACH_FILTER. */
struct sk_filter
{
atomic_t refcnt;
unsigned int len; /* Number of filter blocks */
struct sock_filter insns[0];
unsigned int len; /* Number of filter blocks */
struct rcu_head rcu;
struct sock_filter insns[0];
};
static inline unsigned int sk_filter_len(struct sk_filter *fp)

View file

@ -16,6 +16,8 @@ struct genlmsghdr {
#define GENL_HDRLEN NLMSG_ALIGN(sizeof(struct genlmsghdr))
#define GENL_ADMIN_PERM 0x01
/*
* List of reserved static generic netlink identifiers:
*/
@ -43,9 +45,25 @@ enum {
CTRL_ATTR_UNSPEC,
CTRL_ATTR_FAMILY_ID,
CTRL_ATTR_FAMILY_NAME,
CTRL_ATTR_VERSION,
CTRL_ATTR_HDRSIZE,
CTRL_ATTR_MAXATTR,
CTRL_ATTR_OPS,
__CTRL_ATTR_MAX,
};
#define CTRL_ATTR_MAX (__CTRL_ATTR_MAX - 1)
enum {
CTRL_ATTR_OP_UNSPEC,
CTRL_ATTR_OP_ID,
CTRL_ATTR_OP_FLAGS,
CTRL_ATTR_OP_POLICY,
CTRL_ATTR_OP_DOIT,
CTRL_ATTR_OP_DUMPIT,
__CTRL_ATTR_OP_MAX,
};
#define CTRL_ATTR_OP_MAX (__CTRL_ATTR_OP_MAX - 1)
#endif /* __LINUX_GENERIC_NETLINK_H */

View file

@ -212,5 +212,134 @@ struct ifconf
#define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */
#define ifc_req ifc_ifcu.ifcu_req /* array of structures */
/* The struct should be in sync with struct net_device_stats */
struct rtnl_link_stats
{
__u32 rx_packets; /* total packets received */
__u32 tx_packets; /* total packets transmitted */
__u32 rx_bytes; /* total bytes received */
__u32 tx_bytes; /* total bytes transmitted */
__u32 rx_errors; /* bad packets received */
__u32 tx_errors; /* packet transmit problems */
__u32 rx_dropped; /* no space in linux buffers */
__u32 tx_dropped; /* no space available in linux */
__u32 multicast; /* multicast packets received */
__u32 collisions;
/* detailed rx_errors: */
__u32 rx_length_errors;
__u32 rx_over_errors; /* receiver ring buff overflow */
__u32 rx_crc_errors; /* recved pkt with crc error */
__u32 rx_frame_errors; /* recv'd frame alignment error */
__u32 rx_fifo_errors; /* recv'r fifo overrun */
__u32 rx_missed_errors; /* receiver missed packet */
/* detailed tx_errors */
__u32 tx_aborted_errors;
__u32 tx_carrier_errors;
__u32 tx_fifo_errors;
__u32 tx_heartbeat_errors;
__u32 tx_window_errors;
/* for cslip etc */
__u32 rx_compressed;
__u32 tx_compressed;
};
/* The struct should be in sync with struct ifmap */
struct rtnl_link_ifmap
{
__u64 mem_start;
__u64 mem_end;
__u64 base_addr;
__u16 irq;
__u8 dma;
__u8 port;
};
enum
{
IFLA_UNSPEC,
IFLA_ADDRESS,
IFLA_BROADCAST,
IFLA_IFNAME,
IFLA_MTU,
IFLA_LINK,
IFLA_QDISC,
IFLA_STATS,
IFLA_COST,
#define IFLA_COST IFLA_COST
IFLA_PRIORITY,
#define IFLA_PRIORITY IFLA_PRIORITY
IFLA_MASTER,
#define IFLA_MASTER IFLA_MASTER
IFLA_WIRELESS, /* Wireless Extension event - see wireless.h */
#define IFLA_WIRELESS IFLA_WIRELESS
IFLA_PROTINFO, /* Protocol specific information for a link */
#define IFLA_PROTINFO IFLA_PROTINFO
IFLA_TXQLEN,
#define IFLA_TXQLEN IFLA_TXQLEN
IFLA_MAP,
#define IFLA_MAP IFLA_MAP
IFLA_WEIGHT,
#define IFLA_WEIGHT IFLA_WEIGHT
IFLA_OPERSTATE,
IFLA_LINKMODE,
__IFLA_MAX
};
#define IFLA_MAX (__IFLA_MAX - 1)
/* ifi_flags.
IFF_* flags.
The only change is:
IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are
more not changeable by user. They describe link media
characteristics and set by device driver.
Comments:
- Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid
- If neither of these three flags are set;
the interface is NBMA.
- IFF_MULTICAST does not mean anything special:
multicasts can be used on all not-NBMA links.
IFF_MULTICAST means that this media uses special encapsulation
for multicast frames. Apparently, all IFF_POINTOPOINT and
IFF_BROADCAST devices are able to use multicasts too.
*/
/* IFLA_LINK.
For usual devices it is equal ifi_index.
If it is a "virtual interface" (f.e. tunnel), ifi_link
can point to real physical interface (f.e. for bandwidth calculations),
or maybe 0, what means, that real media is unknown (usual
for IPIP tunnels, when route to endpoint is allowed to change)
*/
/* Subtype attributes for IFLA_PROTINFO */
enum
{
IFLA_INET6_UNSPEC,
IFLA_INET6_FLAGS, /* link flags */
IFLA_INET6_CONF, /* sysctl parameters */
IFLA_INET6_STATS, /* statistics */
IFLA_INET6_MCAST, /* MC things. What of them? */
IFLA_INET6_CACHEINFO, /* time values and max reasm size */
__IFLA_INET6_MAX
};
#define IFLA_INET6_MAX (__IFLA_INET6_MAX - 1)
struct ifla_cacheinfo
{
__u32 max_reasm_len;
__u32 tstamp; /* ipv6InterfaceTable updated timestamp */
__u32 reachable_time;
__u32 retrans_time;
};
#endif /* _LINUX_IF_H */

55
include/linux/if_addr.h Normal file
View file

@ -0,0 +1,55 @@
#ifndef __LINUX_IF_ADDR_H
#define __LINUX_IF_ADDR_H
#include <linux/netlink.h>
struct ifaddrmsg
{
__u8 ifa_family;
__u8 ifa_prefixlen; /* The prefix length */
__u8 ifa_flags; /* Flags */
__u8 ifa_scope; /* Address scope */
__u32 ifa_index; /* Link index */
};
/*
* Important comment:
* IFA_ADDRESS is prefix address, rather than local interface address.
* It makes no difference for normally configured broadcast interfaces,
* but for point-to-point IFA_ADDRESS is DESTINATION address,
* local address is supplied in IFA_LOCAL attribute.
*/
enum
{
IFA_UNSPEC,
IFA_ADDRESS,
IFA_LOCAL,
IFA_LABEL,
IFA_BROADCAST,
IFA_ANYCAST,
IFA_CACHEINFO,
IFA_MULTICAST,
__IFA_MAX,
};
#define IFA_MAX (__IFA_MAX - 1)
/* ifa_flags */
#define IFA_F_SECONDARY 0x01
#define IFA_F_TEMPORARY IFA_F_SECONDARY
#define IFA_F_NODAD 0x02
#define IFA_F_HOMEADDRESS 0x10
#define IFA_F_DEPRECATED 0x20
#define IFA_F_TENTATIVE 0x40
#define IFA_F_PERMANENT 0x80
struct ifa_cacheinfo
{
__u32 ifa_prefered;
__u32 ifa_valid;
__u32 cstamp; /* created timestamp, hundredths of seconds */
__u32 tstamp; /* updated timestamp, hundredths of seconds */
};
#endif

View file

@ -52,7 +52,7 @@ enum {
/* Internet address. */
struct in_addr {
__u32 s_addr;
__be32 s_addr;
};
#define IP_TOS 1
@ -177,7 +177,7 @@ struct in_pktinfo
#define __SOCK_SIZE__ 16 /* sizeof(struct sockaddr) */
struct sockaddr_in {
sa_family_t sin_family; /* Address family */
unsigned short int sin_port; /* Port number */
__be16 sin_port; /* Port number */
struct in_addr sin_addr; /* Internet address */
/* Pad to size of `struct sockaddr'. */

View file

@ -134,6 +134,7 @@ struct in6_flowlabel_req
#define IPPROTO_ICMPV6 58 /* ICMPv6 */
#define IPPROTO_NONE 59 /* IPv6 no next header */
#define IPPROTO_DSTOPTS 60 /* IPv6 destination options */
#define IPPROTO_MH 135 /* IPv6 mobility header */
/*
* IPv6 TLV options.
@ -142,6 +143,7 @@ struct in6_flowlabel_req
#define IPV6_TLV_PADN 1
#define IPV6_TLV_ROUTERALERT 5
#define IPV6_TLV_JUMBO 194
#define IPV6_TLV_HAO 201 /* home address option */
/*
* IPV6 socket options

View file

@ -46,5 +46,7 @@
#include <linux/types.h>
extern __be32 in_aton(const char *str);
extern int in4_pton(const char *src, int srclen, u8 *dst, char delim, const char **end);
extern int in6_pton(const char *src, int srclen, u8 *dst, char delim, const char **end);
#endif
#endif /* _LINUX_INET_H */

View file

@ -57,6 +57,7 @@
#define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY)
#define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY)
#define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT)
#define IPOPT_CIPSO (6 |IPOPT_CONTROL|IPOPT_COPY)
#define IPOPT_RR (7 |IPOPT_CONTROL)
#define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY)
#define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY)

View file

@ -29,6 +29,7 @@ struct in6_ifreq {
#define IPV6_SRCRT_STRICT 0x01 /* this hop must be a neighbor */
#define IPV6_SRCRT_TYPE_0 0 /* IPv6 type 0 Routing Header */
#define IPV6_SRCRT_TYPE_2 2 /* IPv6 type 2 Routing Header */
/*
* routing header
@ -73,6 +74,28 @@ struct rt0_hdr {
#define rt0_type rt_hdr.type
};
/*
* routing header type 2
*/
struct rt2_hdr {
struct ipv6_rt_hdr rt_hdr;
__u32 reserved;
struct in6_addr addr;
#define rt2_type rt_hdr.type
};
/*
* home address option in destination options header
*/
struct ipv6_destopt_hao {
__u8 type;
__u8 length;
struct in6_addr addr;
} __attribute__ ((__packed__));
struct ipv6_auth_hdr {
__u8 nexthdr;
__u8 hdrlen; /* This one is measured in 32 bit units! */
@ -153,6 +176,7 @@ struct ipv6_devconf {
__s32 accept_ra_rt_info_max_plen;
#endif
#endif
__s32 proxy_ndp;
void *sysctl;
};
@ -180,6 +204,7 @@ enum {
DEVCONF_ACCEPT_RA_RTR_PREF,
DEVCONF_RTR_PROBE_INTERVAL,
DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN,
DEVCONF_PROXY_NDP,
DEVCONF_MAX
};
@ -206,6 +231,9 @@ struct inet6_skb_parm {
__u16 lastopt;
__u32 nhoff;
__u16 flags;
#ifdef CONFIG_IPV6_MIP6
__u16 dsthao;
#endif
#define IP6SKB_XFRM_TRANSFORMED 1
};
@ -242,6 +270,9 @@ struct ipv6_pinfo {
struct in6_addr rcv_saddr;
struct in6_addr daddr;
struct in6_addr *daddr_cache;
#ifdef CONFIG_IPV6_SUBTREES
struct in6_addr *saddr_cache;
#endif
__u32 flow_label;
__u32 frag_size;

159
include/linux/neighbour.h Normal file
View file

@ -0,0 +1,159 @@
#ifndef __LINUX_NEIGHBOUR_H
#define __LINUX_NEIGHBOUR_H
#include <linux/netlink.h>
struct ndmsg
{
__u8 ndm_family;
__u8 ndm_pad1;
__u16 ndm_pad2;
__s32 ndm_ifindex;
__u16 ndm_state;
__u8 ndm_flags;
__u8 ndm_type;
};
enum
{
NDA_UNSPEC,
NDA_DST,
NDA_LLADDR,
NDA_CACHEINFO,
NDA_PROBES,
__NDA_MAX
};
#define NDA_MAX (__NDA_MAX - 1)
/*
* Neighbor Cache Entry Flags
*/
#define NTF_PROXY 0x08 /* == ATF_PUBL */
#define NTF_ROUTER 0x80
/*
* Neighbor Cache Entry States.
*/
#define NUD_INCOMPLETE 0x01
#define NUD_REACHABLE 0x02
#define NUD_STALE 0x04
#define NUD_DELAY 0x08
#define NUD_PROBE 0x10
#define NUD_FAILED 0x20
/* Dummy states */
#define NUD_NOARP 0x40
#define NUD_PERMANENT 0x80
#define NUD_NONE 0x00
/* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change
and make no address resolution or NUD.
NUD_PERMANENT is also cannot be deleted by garbage collectors.
*/
struct nda_cacheinfo
{
__u32 ndm_confirmed;
__u32 ndm_used;
__u32 ndm_updated;
__u32 ndm_refcnt;
};
/*****************************************************************
* Neighbour tables specific messages.
*
* To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
* NLM_F_DUMP flag set. Every neighbour table configuration is
* spread over multiple messages to avoid running into message
* size limits on systems with many interfaces. The first message
* in the sequence transports all not device specific data such as
* statistics, configuration, and the default parameter set.
* This message is followed by 0..n messages carrying device
* specific parameter sets.
* Although the ordering should be sufficient, NDTA_NAME can be
* used to identify sequences. The initial message can be identified
* by checking for NDTA_CONFIG. The device specific messages do
* not contain this TLV but have NDTPA_IFINDEX set to the
* corresponding interface index.
*
* To change neighbour table attributes, send RTM_SETNEIGHTBL
* with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
* NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
* otherwise. Device specific parameter sets can be changed by
* setting NDTPA_IFINDEX to the interface index of the corresponding
* device.
****/
struct ndt_stats
{
__u64 ndts_allocs;
__u64 ndts_destroys;
__u64 ndts_hash_grows;
__u64 ndts_res_failed;
__u64 ndts_lookups;
__u64 ndts_hits;
__u64 ndts_rcv_probes_mcast;
__u64 ndts_rcv_probes_ucast;
__u64 ndts_periodic_gc_runs;
__u64 ndts_forced_gc_runs;
};
enum {
NDTPA_UNSPEC,
NDTPA_IFINDEX, /* u32, unchangeable */
NDTPA_REFCNT, /* u32, read-only */
NDTPA_REACHABLE_TIME, /* u64, read-only, msecs */
NDTPA_BASE_REACHABLE_TIME, /* u64, msecs */
NDTPA_RETRANS_TIME, /* u64, msecs */
NDTPA_GC_STALETIME, /* u64, msecs */
NDTPA_DELAY_PROBE_TIME, /* u64, msecs */
NDTPA_QUEUE_LEN, /* u32 */
NDTPA_APP_PROBES, /* u32 */
NDTPA_UCAST_PROBES, /* u32 */
NDTPA_MCAST_PROBES, /* u32 */
NDTPA_ANYCAST_DELAY, /* u64, msecs */
NDTPA_PROXY_DELAY, /* u64, msecs */
NDTPA_PROXY_QLEN, /* u32 */
NDTPA_LOCKTIME, /* u64, msecs */
__NDTPA_MAX
};
#define NDTPA_MAX (__NDTPA_MAX - 1)
struct ndtmsg
{
__u8 ndtm_family;
__u8 ndtm_pad1;
__u16 ndtm_pad2;
};
struct ndt_config
{
__u16 ndtc_key_len;
__u16 ndtc_entry_size;
__u32 ndtc_entries;
__u32 ndtc_last_flush; /* delta to now in msecs */
__u32 ndtc_last_rand; /* delta to now in msecs */
__u32 ndtc_hash_rnd;
__u32 ndtc_hash_mask;
__u32 ndtc_hash_chain_gc;
__u32 ndtc_proxy_qlen;
};
enum {
NDTA_UNSPEC,
NDTA_NAME, /* char *, unchangeable */
NDTA_THRESH1, /* u32 */
NDTA_THRESH2, /* u32 */
NDTA_THRESH3, /* u32 */
NDTA_CONFIG, /* struct ndt_config, read-only */
NDTA_PARMS, /* nested TLV NDTPA_* */
NDTA_STATS, /* struct ndt_stats, read-only */
NDTA_GC_INTERVAL, /* u64, msecs */
__NDTA_MAX
};
#define NDTA_MAX (__NDTA_MAX - 1)
#endif

View file

@ -169,11 +169,6 @@ struct proto_ops {
struct net_proto_family {
int family;
int (*create)(struct socket *sock, int protocol);
/* These are counters for the number of different methods of
each we support */
short authentication;
short encryption;
short encrypt_net;
struct module *owner;
};
@ -181,8 +176,8 @@ struct iovec;
struct kvec;
extern int sock_wake_async(struct socket *sk, int how, int band);
extern int sock_register(struct net_proto_family *fam);
extern int sock_unregister(int family);
extern int sock_register(const struct net_proto_family *fam);
extern void sock_unregister(int family);
extern int sock_create(int family, int type, int proto,
struct socket **res);
extern int sock_create_kern(int family, int type, int proto,
@ -208,6 +203,25 @@ extern int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
struct kvec *vec, size_t num,
size_t len, int flags);
extern int kernel_bind(struct socket *sock, struct sockaddr *addr,
int addrlen);
extern int kernel_listen(struct socket *sock, int backlog);
extern int kernel_accept(struct socket *sock, struct socket **newsock,
int flags);
extern int kernel_connect(struct socket *sock, struct sockaddr *addr,
int addrlen, int flags);
extern int kernel_getsockname(struct socket *sock, struct sockaddr *addr,
int *addrlen);
extern int kernel_getpeername(struct socket *sock, struct sockaddr *addr,
int *addrlen);
extern int kernel_getsockopt(struct socket *sock, int level, int optname,
char *optval, int *optlen);
extern int kernel_setsockopt(struct socket *sock, int level, int optname,
char *optval, int optlen);
extern int kernel_sendpage(struct socket *sock, struct page *page, int offset,
size_t size, int flags);
extern int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg);
#ifndef CONFIG_SMP
#define SOCKOPS_WRAPPED(name) name
#define SOCKOPS_WRAP(name, fam)

View file

@ -976,7 +976,7 @@ extern void dev_mcast_init(void);
extern int netdev_max_backlog;
extern int weight_p;
extern int netdev_set_master(struct net_device *dev, struct net_device *master);
extern int skb_checksum_help(struct sk_buff *skb, int inward);
extern int skb_checksum_help(struct sk_buff *skb);
extern struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features);
#ifdef CONFIG_BUG
extern void netdev_rx_csum_fault(struct net_device *dev);
@ -1012,7 +1012,7 @@ static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb)
{
return skb_is_gso(skb) &&
(!skb_gso_ok(skb, dev->features) ||
unlikely(skb->ip_summed != CHECKSUM_HW));
unlikely(skb->ip_summed != CHECKSUM_PARTIAL));
}
/* On bonding slaves other than the currently active slave, suppress

View file

@ -282,6 +282,12 @@ extern void nf_invalidate_cache(int pf);
Returns true or false. */
extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len);
extern u_int16_t nf_csum_update(u_int32_t oldval, u_int32_t newval,
u_int32_t csum);
extern u_int16_t nf_proto_csum_update(struct sk_buff *skb,
u_int32_t oldval, u_int32_t newval,
u_int16_t csum, int pseudohdr);
struct nf_afinfo {
unsigned short family;
unsigned int (*checksum)(struct sk_buff *skb, unsigned int hook,

View file

@ -125,6 +125,10 @@ enum ip_conntrack_events
/* Counter highest bit has been set */
IPCT_COUNTER_FILLING_BIT = 11,
IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
/* Mark is set */
IPCT_MARK_BIT = 12,
IPCT_MARK = (1 << IPCT_MARK_BIT),
};
enum ip_conntrack_expect_events {

View file

@ -49,6 +49,7 @@ struct ip_ct_tcp
u_int32_t last_seq; /* Last sequence number seen in dir */
u_int32_t last_ack; /* Last sequence number seen in opposite dir */
u_int32_t last_end; /* Last seq + len */
u_int16_t last_win; /* Last window advertisement seen in dir */
};
#endif /* __KERNEL__ */

View file

@ -43,7 +43,7 @@ struct nfattr
u_int16_t nfa_len;
u_int16_t nfa_type; /* we use 15 bits for the type, and the highest
* bit to indicate whether the payload is nested */
} __attribute__ ((packed));
};
/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
* rtnetlink.h, it's time to put this in a generic file */
@ -79,7 +79,7 @@ struct nfgenmsg {
u_int8_t nfgen_family; /* AF_xxx */
u_int8_t version; /* nfnetlink version */
u_int16_t res_id; /* resource id */
} __attribute__ ((packed));
};
#define NFNETLINK_V0 0

View file

@ -19,18 +19,18 @@ struct nfulnl_msg_packet_hdr {
u_int16_t hw_protocol; /* hw protocol (network order) */
u_int8_t hook; /* netfilter hook */
u_int8_t _pad;
} __attribute__ ((packed));
};
struct nfulnl_msg_packet_hw {
u_int16_t hw_addrlen;
u_int16_t _pad;
u_int8_t hw_addr[8];
} __attribute__ ((packed));
};
struct nfulnl_msg_packet_timestamp {
aligned_u64 sec;
aligned_u64 usec;
} __attribute__ ((packed));
};
#define NFULNL_PREFIXLEN 30 /* just like old log target */

View file

@ -22,12 +22,12 @@ struct nfqnl_msg_packet_hw {
u_int16_t hw_addrlen;
u_int16_t _pad;
u_int8_t hw_addr[8];
} __attribute__ ((packed));
};
struct nfqnl_msg_packet_timestamp {
aligned_u64 sec;
aligned_u64 usec;
} __attribute__ ((packed));
};
enum nfqnl_attr_type {
NFQA_UNSPEC,
@ -49,7 +49,7 @@ enum nfqnl_attr_type {
struct nfqnl_msg_verdict_hdr {
u_int32_t verdict;
u_int32_t id;
} __attribute__ ((packed));
};
enum nfqnl_msg_config_cmds {
@ -64,7 +64,7 @@ struct nfqnl_msg_config_cmd {
u_int8_t command; /* nfqnl_msg_config_cmds */
u_int8_t _pad;
u_int16_t pf; /* AF_xxx for PF_[UN]BIND */
} __attribute__ ((packed));
};
enum nfqnl_config_mode {
NFQNL_COPY_NONE,

View file

@ -138,16 +138,6 @@ struct xt_counters_info
#include <linux/netdevice.h>
#define ASSERT_READ_LOCK(x)
#define ASSERT_WRITE_LOCK(x)
#include <linux/netfilter_ipv4/listhelp.h>
#ifdef CONFIG_COMPAT
#define COMPAT_TO_USER 1
#define COMPAT_FROM_USER -1
#define COMPAT_CALC_SIZE 0
#endif
struct xt_match
{
struct list_head list;
@ -174,21 +164,24 @@ struct xt_match
const void *ip,
const struct xt_match *match,
void *matchinfo,
unsigned int matchinfosize,
unsigned int hook_mask);
/* Called when entry of this type deleted. */
void (*destroy)(const struct xt_match *match, void *matchinfo,
unsigned int matchinfosize);
void (*destroy)(const struct xt_match *match, void *matchinfo);
/* Called when userspace align differs from kernel space one */
int (*compat)(void *match, void **dstptr, int *size, int convert);
void (*compat_from_user)(void *dst, void *src);
int (*compat_to_user)(void __user *dst, void *src);
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
/* Free to use by each match */
unsigned long data;
char *table;
unsigned int matchsize;
unsigned int compatsize;
unsigned int hooks;
unsigned short proto;
@ -211,8 +204,7 @@ struct xt_target
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo,
void *userdata);
const void *targinfo);
/* Called when user tries to insert an entry of this type:
hook_mask is a bitmask of hooks from which it can be
@ -222,21 +214,21 @@ struct xt_target
const void *entry,
const struct xt_target *target,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask);
/* Called when entry of this type deleted. */
void (*destroy)(const struct xt_target *target, void *targinfo,
unsigned int targinfosize);
void (*destroy)(const struct xt_target *target, void *targinfo);
/* Called when userspace align differs from kernel space one */
int (*compat)(void *target, void **dstptr, int *size, int convert);
void (*compat_from_user)(void *dst, void *src);
int (*compat_to_user)(void __user *dst, void *src);
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
char *table;
unsigned int targetsize;
unsigned int compatsize;
unsigned int hooks;
unsigned short proto;
@ -290,8 +282,13 @@ struct xt_table_info
extern int xt_register_target(struct xt_target *target);
extern void xt_unregister_target(struct xt_target *target);
extern int xt_register_targets(struct xt_target *target, unsigned int n);
extern void xt_unregister_targets(struct xt_target *target, unsigned int n);
extern int xt_register_match(struct xt_match *target);
extern void xt_unregister_match(struct xt_match *target);
extern int xt_register_matches(struct xt_match *match, unsigned int n);
extern void xt_unregister_matches(struct xt_match *match, unsigned int n);
extern int xt_check_match(const struct xt_match *match, unsigned short family,
unsigned int size, const char *table, unsigned int hook,
@ -388,9 +385,18 @@ struct compat_xt_counters_info
extern void xt_compat_lock(int af);
extern void xt_compat_unlock(int af);
extern int xt_compat_match(void *match, void **dstptr, int *size, int convert);
extern int xt_compat_target(void *target, void **dstptr, int *size,
int convert);
extern int xt_compat_match_offset(struct xt_match *match);
extern void xt_compat_match_from_user(struct xt_entry_match *m,
void **dstptr, int *size);
extern int xt_compat_match_to_user(struct xt_entry_match *m,
void * __user *dstptr, int *size);
extern int xt_compat_target_offset(struct xt_target *target);
extern void xt_compat_target_from_user(struct xt_entry_target *t,
void **dstptr, int *size);
extern int xt_compat_target_to_user(struct xt_entry_target *t,
void * __user *dstptr, int *size);
#endif /* CONFIG_COMPAT */
#endif /* __KERNEL__ */

View file

@ -0,0 +1,20 @@
/* x_tables module for setting the IPv4/IPv6 DSCP field
*
* (C) 2002 Harald Welte <laforge@gnumonks.org>
* based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
* This software is distributed under GNU GPL v2, 1991
*
* See RFC2474 for a description of the DSCP field within the IP Header.
*
* xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp
*/
#ifndef _XT_DSCP_TARGET_H
#define _XT_DSCP_TARGET_H
#include <linux/netfilter/xt_dscp.h>
/* target info */
struct xt_DSCP_info {
u_int8_t dscp;
};
#endif /* _XT_DSCP_TARGET_H */

View file

@ -0,0 +1,23 @@
/* x_tables module for matching the IPv4/IPv6 DSCP field
*
* (C) 2002 Harald Welte <laforge@gnumonks.org>
* This software is distributed under GNU GPL v2, 1991
*
* See RFC2474 for a description of the DSCP field within the IP Header.
*
* xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp
*/
#ifndef _XT_DSCP_H
#define _XT_DSCP_H
#define XT_DSCP_MASK 0xfc /* 11111100 */
#define XT_DSCP_SHIFT 2
#define XT_DSCP_MAX 0x3f /* 00111111 */
/* match info */
struct xt_dscp_info {
u_int8_t dscp;
u_int8_t invert;
};
#endif /* _XT_DSCP_H */

View file

@ -248,8 +248,7 @@ extern unsigned int arpt_do_table(struct sk_buff **pskb,
unsigned int hook,
const struct net_device *in,
const struct net_device *out,
struct arpt_table *table,
void *userdata);
struct arpt_table *table);
#define ARPT_ALIGN(s) (((s) + (__alignof__(struct arpt_entry)-1)) & ~(__alignof__(struct arpt_entry)-1))
#endif /*__KERNEL__*/

View file

@ -5,9 +5,8 @@
*/
#include <linux/netfilter.h>
#if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER)
#include <linux/if_ether.h>
#endif
#include <linux/if_vlan.h>
/* Bridge Hooks */
/* After promisc drops, checksum checks. */
@ -47,40 +46,20 @@ enum nf_br_hook_priorities {
/* Only used in br_forward.c */
static inline
int nf_bridge_maybe_copy_header(struct sk_buff *skb)
extern int nf_bridge_copy_header(struct sk_buff *skb);
static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb)
{
int err;
if (skb->nf_bridge) {
if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
err = skb_cow(skb, 18);
if (err)
return err;
memcpy(skb->data - 18, skb->nf_bridge->data, 18);
skb_push(skb, 4);
} else {
err = skb_cow(skb, 16);
if (err)
return err;
memcpy(skb->data - 16, skb->nf_bridge->data, 16);
}
}
return 0;
if (skb->nf_bridge)
return nf_bridge_copy_header(skb);
return 0;
}
/* This is called by the IP fragmenting code and it ensures there is
* enough room for the encapsulating header (if there is one). */
static inline
int nf_bridge_pad(struct sk_buff *skb)
static inline int nf_bridge_pad(const struct sk_buff *skb)
{
if (skb->protocol == __constant_htons(ETH_P_IP))
return 0;
if (skb->nf_bridge) {
if (skb->protocol == __constant_htons(ETH_P_8021Q))
return 4;
}
return 0;
return (skb->nf_bridge && skb->protocol == htons(ETH_P_8021Q))
? VLAN_HLEN : 0;
}
struct bridge_skb_cb {
@ -90,6 +69,9 @@ struct bridge_skb_cb {
};
extern int brnf_deferred_hooks;
#else
#define nf_bridge_maybe_copy_header(skb) (0)
#define nf_bridge_pad(skb) (0)
#endif /* CONFIG_BRIDGE_NETFILTER */
#endif /* __KERNEL__ */

View file

@ -25,6 +25,8 @@ struct ip_conntrack_helper
struct ip_conntrack *ct,
enum ip_conntrack_info conntrackinfo);
void (*destroy)(struct ip_conntrack *ct);
int (*to_nfattr)(struct sk_buff *skb, const struct ip_conntrack *ct);
};

View file

@ -31,8 +31,8 @@ struct ip_ct_pptp_master {
/* everything below is going to be per-expectation in newnat,
* since there could be more than one call within one session */
enum pptp_ctrlcall_state cstate; /* call state */
u_int16_t pac_call_id; /* call id of PAC, host byte order */
u_int16_t pns_call_id; /* call id of PNS, host byte order */
__be16 pac_call_id; /* call id of PAC, host byte order */
__be16 pns_call_id; /* call id of PNS, host byte order */
/* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack
* and therefore imposes a fixed limit on the number of maps */
@ -42,8 +42,8 @@ struct ip_ct_pptp_master {
/* conntrack_expect private member */
struct ip_ct_pptp_expect {
enum pptp_ctrlcall_state cstate; /* call state */
u_int16_t pac_call_id; /* call id of PAC */
u_int16_t pns_call_id; /* call id of PNS */
__be16 pac_call_id; /* call id of PAC */
__be16 pns_call_id; /* call id of PNS */
};
@ -107,8 +107,7 @@ struct PptpControlHeader {
struct PptpStartSessionRequest {
__be16 protocolVersion;
__u8 reserved1;
__u8 reserved2;
__u16 reserved1;
__be32 framingCapability;
__be32 bearerCapability;
__be16 maxChannels;
@ -143,6 +142,8 @@ struct PptpStartSessionReply {
struct PptpStopSessionRequest {
__u8 reason;
__u8 reserved1;
__u16 reserved2;
};
/* PptpStopSessionResultCode */
@ -152,6 +153,7 @@ struct PptpStopSessionRequest {
struct PptpStopSessionReply {
__u8 resultCode;
__u8 generalErrorCode;
__u16 reserved1;
};
struct PptpEchoRequest {
@ -188,9 +190,8 @@ struct PptpOutCallRequest {
__be32 framingType;
__be16 packetWindow;
__be16 packetProcDelay;
__u16 reserved1;
__be16 phoneNumberLength;
__u16 reserved2;
__u16 reserved1;
__u8 phoneNumber[64];
__u8 subAddress[64];
};
@ -285,19 +286,19 @@ struct PptpSetLinkInfo {
};
union pptp_ctrl_union {
struct PptpStartSessionRequest sreq;
struct PptpStartSessionReply srep;
struct PptpStopSessionRequest streq;
struct PptpStopSessionReply strep;
struct PptpOutCallRequest ocreq;
struct PptpOutCallReply ocack;
struct PptpInCallRequest icreq;
struct PptpInCallReply icack;
struct PptpInCallConnected iccon;
struct PptpClearCallRequest clrreq;
struct PptpCallDisconnectNotify disc;
struct PptpWanErrorNotify wanerr;
struct PptpSetLinkInfo setlink;
struct PptpStartSessionRequest sreq;
struct PptpStartSessionReply srep;
struct PptpStopSessionRequest streq;
struct PptpStopSessionReply strep;
struct PptpOutCallRequest ocreq;
struct PptpOutCallReply ocack;
struct PptpInCallRequest icreq;
struct PptpInCallReply icack;
struct PptpInCallConnected iccon;
struct PptpClearCallRequest clrreq;
struct PptpCallDisconnectNotify disc;
struct PptpWanErrorNotify wanerr;
struct PptpSetLinkInfo setlink;
};
extern int
@ -314,7 +315,7 @@ extern int
struct PptpControlHeader *ctlh,
union pptp_ctrl_union *pptpReq);
extern int
extern void
(*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig,
struct ip_conntrack_expect *exp_reply);

View file

@ -49,18 +49,18 @@ struct gre_hdr {
#else
#error "Adjust your <asm/byteorder.h> defines"
#endif
__u16 protocol;
__be16 protocol;
};
/* modified GRE header for PPTP */
struct gre_hdr_pptp {
__u8 flags; /* bitfield */
__u8 version; /* should be GRE_VERSION_PPTP */
__u16 protocol; /* should be GRE_PROTOCOL_PPTP */
__u16 payload_len; /* size of ppp payload, not inc. gre header */
__u16 call_id; /* peer's call_id for this session */
__u32 seq; /* sequence number. Present if S==1 */
__u32 ack; /* seq number of highest packet recieved by */
__u8 flags; /* bitfield */
__u8 version; /* should be GRE_VERSION_PPTP */
__be16 protocol; /* should be GRE_PROTOCOL_PPTP */
__be16 payload_len; /* size of ppp payload, not inc. gre header */
__be16 call_id; /* peer's call_id for this session */
__be32 seq; /* sequence number. Present if S==1 */
__be32 ack; /* seq number of highest packet recieved by */
/* sender in this session */
};
@ -92,13 +92,13 @@ void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct);
/* get pointer to gre key, if present */
static inline u_int32_t *gre_key(struct gre_hdr *greh)
static inline __be32 *gre_key(struct gre_hdr *greh)
{
if (!greh->key)
return NULL;
if (greh->csum || greh->routing)
return (u_int32_t *) (greh+sizeof(*greh)+4);
return (u_int32_t *) (greh+sizeof(*greh));
return (__be32 *) (greh+sizeof(*greh)+4);
return (__be32 *) (greh+sizeof(*greh));
}
/* get pointer ot gre csum, if present */

View file

@ -72,10 +72,6 @@ extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack,
extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple,
const struct ip_conntrack *ignored_conntrack);
/* Calculate relative checksum. */
extern u_int16_t ip_nat_cheat_check(u_int32_t oldvalinv,
u_int32_t newval,
u_int16_t oldcheck);
#else /* !__KERNEL__: iptables wants this to compile. */
#define ip_nat_multi_range ip_nat_multi_range_compat
#endif /*__KERNEL__*/

View file

@ -11,8 +11,8 @@ extern unsigned int ip_nat_packet(struct ip_conntrack *ct,
unsigned int hooknum,
struct sk_buff **pskb);
extern int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
struct ip_conntrack *ct,
enum ip_nat_manip_type manip,
enum ip_conntrack_dir dir);
extern int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
enum ip_conntrack_info ctinfo,
unsigned int hooknum,
struct sk_buff **pskb);
#endif /* _IP_NAT_CORE_H */

View file

@ -4,8 +4,8 @@
/* conntrack private data */
struct ip_nat_pptp {
u_int16_t pns_call_id; /* NAT'ed PNS call id */
u_int16_t pac_call_id; /* NAT'ed PAC call id */
__be16 pns_call_id; /* NAT'ed PNS call id */
__be16 pac_call_id; /* NAT'ed PAC call id */
};
#endif /* _NAT_PPTP_H */

View file

@ -312,8 +312,7 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb,
unsigned int hook,
const struct net_device *in,
const struct net_device *out,
struct ipt_table *table,
void *userdata);
struct ipt_table *table);
#define IPT_ALIGN(s) XT_ALIGN(s)

View file

@ -11,10 +11,8 @@
#ifndef _IPT_DSCP_TARGET_H
#define _IPT_DSCP_TARGET_H
#include <linux/netfilter_ipv4/ipt_dscp.h>
#include <linux/netfilter/xt_DSCP.h>
/* target info */
struct ipt_DSCP_info {
u_int8_t dscp;
};
#define ipt_DSCP_info xt_DSCP_info
#endif /* _IPT_DSCP_TARGET_H */

View file

@ -10,14 +10,12 @@
#ifndef _IPT_DSCP_H
#define _IPT_DSCP_H
#define IPT_DSCP_MASK 0xfc /* 11111100 */
#define IPT_DSCP_SHIFT 2
#define IPT_DSCP_MAX 0x3f /* 00111111 */
#include <linux/netfilter/xt_dscp.h>
/* match info */
struct ipt_dscp_info {
u_int8_t dscp;
u_int8_t invert;
};
#define IPT_DSCP_MASK XT_DSCP_MASK
#define IPT_DSCP_SHIFT XT_DSCP_SHIFT
#define IPT_DSCP_MAX XT_DSCP_MAX
#define ipt_dscp_info xt_dscp_info
#endif /* _IPT_DSCP_H */

View file

@ -1,123 +0,0 @@
#ifndef _LISTHELP_H
#define _LISTHELP_H
#include <linux/list.h>
/* Header to do more comprehensive job than linux/list.h; assume list
is first entry in structure. */
/* Return pointer to first true entry, if any, or NULL. A macro
required to allow inlining of cmpfn. */
#define LIST_FIND(head, cmpfn, type, args...) \
({ \
const struct list_head *__i, *__j = NULL; \
\
ASSERT_READ_LOCK(head); \
list_for_each(__i, (head)) \
if (cmpfn((const type)__i , ## args)) { \
__j = __i; \
break; \
} \
(type)__j; \
})
#define LIST_FIND_W(head, cmpfn, type, args...) \
({ \
const struct list_head *__i, *__j = NULL; \
\
ASSERT_WRITE_LOCK(head); \
list_for_each(__i, (head)) \
if (cmpfn((type)__i , ## args)) { \
__j = __i; \
break; \
} \
(type)__j; \
})
/* Just like LIST_FIND but we search backwards */
#define LIST_FIND_B(head, cmpfn, type, args...) \
({ \
const struct list_head *__i, *__j = NULL; \
\
ASSERT_READ_LOCK(head); \
list_for_each_prev(__i, (head)) \
if (cmpfn((const type)__i , ## args)) { \
__j = __i; \
break; \
} \
(type)__j; \
})
static inline int
__list_cmp_same(const void *p1, const void *p2) { return p1 == p2; }
/* Is this entry in the list? */
static inline int
list_inlist(struct list_head *head, const void *entry)
{
return LIST_FIND(head, __list_cmp_same, void *, entry) != NULL;
}
/* Delete from list. */
#ifdef CONFIG_NETFILTER_DEBUG
#define LIST_DELETE(head, oldentry) \
do { \
ASSERT_WRITE_LOCK(head); \
if (!list_inlist(head, oldentry)) \
printk("LIST_DELETE: %s:%u `%s'(%p) not in %s.\n", \
__FILE__, __LINE__, #oldentry, oldentry, #head); \
else list_del((struct list_head *)oldentry); \
} while(0)
#else
#define LIST_DELETE(head, oldentry) list_del((struct list_head *)oldentry)
#endif
/* Append. */
static inline void
list_append(struct list_head *head, void *new)
{
ASSERT_WRITE_LOCK(head);
list_add((new), (head)->prev);
}
/* Prepend. */
static inline void
list_prepend(struct list_head *head, void *new)
{
ASSERT_WRITE_LOCK(head);
list_add(new, head);
}
/* Insert according to ordering function; insert before first true. */
#define LIST_INSERT(head, new, cmpfn) \
do { \
struct list_head *__i; \
ASSERT_WRITE_LOCK(head); \
list_for_each(__i, (head)) \
if ((new), (typeof (new))__i) \
break; \
list_add((struct list_head *)(new), __i->prev); \
} while(0)
/* If the field after the list_head is a nul-terminated string, you
can use these functions. */
static inline int __list_cmp_name(const void *i, const char *name)
{
return strcmp(name, i+sizeof(struct list_head)) == 0;
}
/* Returns false if same name already in list, otherwise does insert. */
static inline int
list_named_insert(struct list_head *head, void *new)
{
if (LIST_FIND(head, __list_cmp_name, void *,
new + sizeof(struct list_head)))
return 0;
list_prepend(head, new);
return 1;
}
/* Find this named element in the list. */
#define list_named_find(head, name) \
LIST_FIND(head, __list_cmp_name, void *, name)
#endif /*_LISTHELP_H*/

View file

@ -73,6 +73,7 @@ enum nf_ip6_hook_priorities {
};
#ifdef CONFIG_NETFILTER
extern int ip6_route_me_harder(struct sk_buff *skb);
extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u_int8_t protocol);

View file

@ -300,8 +300,7 @@ extern unsigned int ip6t_do_table(struct sk_buff **pskb,
unsigned int hook,
const struct net_device *in,
const struct net_device *out,
struct ip6t_table *table,
void *userdata);
struct ip6t_table *table);
/* Check for an extension */
extern int ip6t_ext_hdr(u8 nexthdr);

View file

@ -1,33 +0,0 @@
/* Internal logging interface, which relies on the real
LOG target modules */
#ifndef __LINUX_NETFILTER_LOGGING_H
#define __LINUX_NETFILTER_LOGGING_H
#ifdef __KERNEL__
#include <asm/atomic.h>
struct nf_logging_t {
void (*nf_log_packet)(struct sk_buff **pskb,
unsigned int hooknum,
const struct net_device *in,
const struct net_device *out,
const char *prefix);
void (*nf_log)(char *pfh, size_t len,
const char *prefix);
};
extern void nf_log_register(int pf, const struct nf_logging_t *logging);
extern void nf_log_unregister(int pf, const struct nf_logging_t *logging);
extern void nf_log_packet(int pf,
struct sk_buff **pskb,
unsigned int hooknum,
const struct net_device *in,
const struct net_device *out,
const char *fmt, ...);
extern void nf_log(int pf,
char *pfh, size_t len,
const char *fmt, ...);
#endif /*__KERNEL__*/
#endif /*__LINUX_NETFILTER_LOGGING_H*/

View file

@ -305,6 +305,7 @@ enum
TCA_FW_POLICE,
TCA_FW_INDEV, /* used by CONFIG_NET_CLS_IND */
TCA_FW_ACT, /* used by CONFIG_NET_CLS_ACT */
TCA_FW_MASK,
__TCA_FW_MAX
};

View file

@ -2,6 +2,7 @@
#define __LINUX_RTNETLINK_H
#include <linux/netlink.h>
#include <linux/if.h>
/****
* Routing/neighbour discovery messages.
@ -238,10 +239,8 @@ enum rt_class_t
RT_TABLE_DEFAULT=253,
RT_TABLE_MAIN=254,
RT_TABLE_LOCAL=255,
__RT_TABLE_MAX
RT_TABLE_MAX=0xFFFFFFFF
};
#define RT_TABLE_MAX (__RT_TABLE_MAX - 1)
/* Routing message attributes */
@ -263,6 +262,7 @@ enum rtattr_type_t
RTA_CACHEINFO,
RTA_SESSION,
RTA_MP_ALGO,
RTA_TABLE,
__RTA_MAX
};
@ -383,226 +383,6 @@ struct rta_session
} u;
};
/*********************************************************
* Interface address.
****/
struct ifaddrmsg
{
unsigned char ifa_family;
unsigned char ifa_prefixlen; /* The prefix length */
unsigned char ifa_flags; /* Flags */
unsigned char ifa_scope; /* See above */
int ifa_index; /* Link index */
};
enum
{
IFA_UNSPEC,
IFA_ADDRESS,
IFA_LOCAL,
IFA_LABEL,
IFA_BROADCAST,
IFA_ANYCAST,
IFA_CACHEINFO,
IFA_MULTICAST,
__IFA_MAX
};
#define IFA_MAX (__IFA_MAX - 1)
/* ifa_flags */
#define IFA_F_SECONDARY 0x01
#define IFA_F_TEMPORARY IFA_F_SECONDARY
#define IFA_F_DEPRECATED 0x20
#define IFA_F_TENTATIVE 0x40
#define IFA_F_PERMANENT 0x80
struct ifa_cacheinfo
{
__u32 ifa_prefered;
__u32 ifa_valid;
__u32 cstamp; /* created timestamp, hundredths of seconds */
__u32 tstamp; /* updated timestamp, hundredths of seconds */
};
#define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
#define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
/*
Important comment:
IFA_ADDRESS is prefix address, rather than local interface address.
It makes no difference for normally configured broadcast interfaces,
but for point-to-point IFA_ADDRESS is DESTINATION address,
local address is supplied in IFA_LOCAL attribute.
*/
/**************************************************************
* Neighbour discovery.
****/
struct ndmsg
{
unsigned char ndm_family;
unsigned char ndm_pad1;
unsigned short ndm_pad2;
int ndm_ifindex; /* Link index */
__u16 ndm_state;
__u8 ndm_flags;
__u8 ndm_type;
};
enum
{
NDA_UNSPEC,
NDA_DST,
NDA_LLADDR,
NDA_CACHEINFO,
NDA_PROBES,
__NDA_MAX
};
#define NDA_MAX (__NDA_MAX - 1)
#define NDA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndmsg))))
#define NDA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndmsg))
/*
* Neighbor Cache Entry Flags
*/
#define NTF_PROXY 0x08 /* == ATF_PUBL */
#define NTF_ROUTER 0x80
/*
* Neighbor Cache Entry States.
*/
#define NUD_INCOMPLETE 0x01
#define NUD_REACHABLE 0x02
#define NUD_STALE 0x04
#define NUD_DELAY 0x08
#define NUD_PROBE 0x10
#define NUD_FAILED 0x20
/* Dummy states */
#define NUD_NOARP 0x40
#define NUD_PERMANENT 0x80
#define NUD_NONE 0x00
struct nda_cacheinfo
{
__u32 ndm_confirmed;
__u32 ndm_used;
__u32 ndm_updated;
__u32 ndm_refcnt;
};
/*****************************************************************
* Neighbour tables specific messages.
*
* To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
* NLM_F_DUMP flag set. Every neighbour table configuration is
* spread over multiple messages to avoid running into message
* size limits on systems with many interfaces. The first message
* in the sequence transports all not device specific data such as
* statistics, configuration, and the default parameter set.
* This message is followed by 0..n messages carrying device
* specific parameter sets.
* Although the ordering should be sufficient, NDTA_NAME can be
* used to identify sequences. The initial message can be identified
* by checking for NDTA_CONFIG. The device specific messages do
* not contain this TLV but have NDTPA_IFINDEX set to the
* corresponding interface index.
*
* To change neighbour table attributes, send RTM_SETNEIGHTBL
* with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
* NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
* otherwise. Device specific parameter sets can be changed by
* setting NDTPA_IFINDEX to the interface index of the corresponding
* device.
****/
struct ndt_stats
{
__u64 ndts_allocs;
__u64 ndts_destroys;
__u64 ndts_hash_grows;
__u64 ndts_res_failed;
__u64 ndts_lookups;
__u64 ndts_hits;
__u64 ndts_rcv_probes_mcast;
__u64 ndts_rcv_probes_ucast;
__u64 ndts_periodic_gc_runs;
__u64 ndts_forced_gc_runs;
};
enum {
NDTPA_UNSPEC,
NDTPA_IFINDEX, /* u32, unchangeable */
NDTPA_REFCNT, /* u32, read-only */
NDTPA_REACHABLE_TIME, /* u64, read-only, msecs */
NDTPA_BASE_REACHABLE_TIME, /* u64, msecs */
NDTPA_RETRANS_TIME, /* u64, msecs */
NDTPA_GC_STALETIME, /* u64, msecs */
NDTPA_DELAY_PROBE_TIME, /* u64, msecs */
NDTPA_QUEUE_LEN, /* u32 */
NDTPA_APP_PROBES, /* u32 */
NDTPA_UCAST_PROBES, /* u32 */
NDTPA_MCAST_PROBES, /* u32 */
NDTPA_ANYCAST_DELAY, /* u64, msecs */
NDTPA_PROXY_DELAY, /* u64, msecs */
NDTPA_PROXY_QLEN, /* u32 */
NDTPA_LOCKTIME, /* u64, msecs */
__NDTPA_MAX
};
#define NDTPA_MAX (__NDTPA_MAX - 1)
struct ndtmsg
{
__u8 ndtm_family;
__u8 ndtm_pad1;
__u16 ndtm_pad2;
};
struct ndt_config
{
__u16 ndtc_key_len;
__u16 ndtc_entry_size;
__u32 ndtc_entries;
__u32 ndtc_last_flush; /* delta to now in msecs */
__u32 ndtc_last_rand; /* delta to now in msecs */
__u32 ndtc_hash_rnd;
__u32 ndtc_hash_mask;
__u32 ndtc_hash_chain_gc;
__u32 ndtc_proxy_qlen;
};
enum {
NDTA_UNSPEC,
NDTA_NAME, /* char *, unchangeable */
NDTA_THRESH1, /* u32 */
NDTA_THRESH2, /* u32 */
NDTA_THRESH3, /* u32 */
NDTA_CONFIG, /* struct ndt_config, read-only */
NDTA_PARMS, /* nested TLV NDTPA_* */
NDTA_STATS, /* struct ndt_stats, read-only */
NDTA_GC_INTERVAL, /* u64, msecs */
__NDTA_MAX
};
#define NDTA_MAX (__NDTA_MAX - 1)
#define NDTA_RTA(r) ((struct rtattr*)(((char*)(r)) + \
NLMSG_ALIGN(sizeof(struct ndtmsg))))
#define NDTA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndtmsg))
/****
* General form of address family dependent message.
****/
@ -663,138 +443,6 @@ struct prefix_cacheinfo
__u32 valid_time;
};
/* The struct should be in sync with struct net_device_stats */
struct rtnl_link_stats
{
__u32 rx_packets; /* total packets received */
__u32 tx_packets; /* total packets transmitted */
__u32 rx_bytes; /* total bytes received */
__u32 tx_bytes; /* total bytes transmitted */
__u32 rx_errors; /* bad packets received */
__u32 tx_errors; /* packet transmit problems */
__u32 rx_dropped; /* no space in linux buffers */
__u32 tx_dropped; /* no space available in linux */
__u32 multicast; /* multicast packets received */
__u32 collisions;
/* detailed rx_errors: */
__u32 rx_length_errors;
__u32 rx_over_errors; /* receiver ring buff overflow */
__u32 rx_crc_errors; /* recved pkt with crc error */
__u32 rx_frame_errors; /* recv'd frame alignment error */
__u32 rx_fifo_errors; /* recv'r fifo overrun */
__u32 rx_missed_errors; /* receiver missed packet */
/* detailed tx_errors */
__u32 tx_aborted_errors;
__u32 tx_carrier_errors;
__u32 tx_fifo_errors;
__u32 tx_heartbeat_errors;
__u32 tx_window_errors;
/* for cslip etc */
__u32 rx_compressed;
__u32 tx_compressed;
};
/* The struct should be in sync with struct ifmap */
struct rtnl_link_ifmap
{
__u64 mem_start;
__u64 mem_end;
__u64 base_addr;
__u16 irq;
__u8 dma;
__u8 port;
};
enum
{
IFLA_UNSPEC,
IFLA_ADDRESS,
IFLA_BROADCAST,
IFLA_IFNAME,
IFLA_MTU,
IFLA_LINK,
IFLA_QDISC,
IFLA_STATS,
IFLA_COST,
#define IFLA_COST IFLA_COST
IFLA_PRIORITY,
#define IFLA_PRIORITY IFLA_PRIORITY
IFLA_MASTER,
#define IFLA_MASTER IFLA_MASTER
IFLA_WIRELESS, /* Wireless Extension event - see wireless.h */
#define IFLA_WIRELESS IFLA_WIRELESS
IFLA_PROTINFO, /* Protocol specific information for a link */
#define IFLA_PROTINFO IFLA_PROTINFO
IFLA_TXQLEN,
#define IFLA_TXQLEN IFLA_TXQLEN
IFLA_MAP,
#define IFLA_MAP IFLA_MAP
IFLA_WEIGHT,
#define IFLA_WEIGHT IFLA_WEIGHT
IFLA_OPERSTATE,
IFLA_LINKMODE,
__IFLA_MAX
};
#define IFLA_MAX (__IFLA_MAX - 1)
#define IFLA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
#define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg))
/* ifi_flags.
IFF_* flags.
The only change is:
IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are
more not changeable by user. They describe link media
characteristics and set by device driver.
Comments:
- Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid
- If neither of these three flags are set;
the interface is NBMA.
- IFF_MULTICAST does not mean anything special:
multicasts can be used on all not-NBMA links.
IFF_MULTICAST means that this media uses special encapsulation
for multicast frames. Apparently, all IFF_POINTOPOINT and
IFF_BROADCAST devices are able to use multicasts too.
*/
/* IFLA_LINK.
For usual devices it is equal ifi_index.
If it is a "virtual interface" (f.e. tunnel), ifi_link
can point to real physical interface (f.e. for bandwidth calculations),
or maybe 0, what means, that real media is unknown (usual
for IPIP tunnels, when route to endpoint is allowed to change)
*/
/* Subtype attributes for IFLA_PROTINFO */
enum
{
IFLA_INET6_UNSPEC,
IFLA_INET6_FLAGS, /* link flags */
IFLA_INET6_CONF, /* sysctl parameters */
IFLA_INET6_STATS, /* statistics */
IFLA_INET6_MCAST, /* MC things. What of them? */
IFLA_INET6_CACHEINFO, /* time values and max reasm size */
__IFLA_INET6_MAX
};
#define IFLA_INET6_MAX (__IFLA_INET6_MAX - 1)
struct ifla_cacheinfo
{
__u32 max_reasm_len;
__u32 tstamp; /* ipv6InterfaceTable updated timestamp */
__u32 reachable_time;
__u32 retrans_time;
};
/*****************************************************************
* Traffic control messages.
@ -885,10 +533,13 @@ enum rtnetlink_groups {
RTNLGRP_NOP2,
RTNLGRP_DECnet_ROUTE,
#define RTNLGRP_DECnet_ROUTE RTNLGRP_DECnet_ROUTE
RTNLGRP_NOP3,
RTNLGRP_DECnet_RULE,
#define RTNLGRP_DECnet_RULE RTNLGRP_DECnet_RULE
RTNLGRP_NOP4,
RTNLGRP_IPV6_PREFIX,
#define RTNLGRP_IPV6_PREFIX RTNLGRP_IPV6_PREFIX
RTNLGRP_IPV6_RULE,
#define RTNLGRP_IPV6_RULE RTNLGRP_IPV6_RULE
__RTNLGRP_MAX
};
#define RTNLGRP_MAX (__RTNLGRP_MAX - 1)
@ -923,8 +574,6 @@ extern int rtattr_parse(struct rtattr *tb[], int maxattr, struct rtattr *rta, in
#define rtattr_parse_nested(tb, max, rta) \
rtattr_parse((tb), (max), RTA_DATA((rta)), RTA_PAYLOAD((rta)))
extern struct sock *rtnl;
struct rtnetlink_link
{
int (*doit)(struct sk_buff *, struct nlmsghdr*, void *attr);
@ -933,6 +582,10 @@ struct rtnetlink_link
extern struct rtnetlink_link * rtnetlink_links[NPROTO];
extern int rtnetlink_send(struct sk_buff *skb, u32 pid, u32 group, int echo);
extern int rtnl_unicast(struct sk_buff *skb, u32 pid);
extern int rtnl_notify(struct sk_buff *skb, u32 pid, u32 group,
struct nlmsghdr *nlh, gfp_t flags);
extern void rtnl_set_sk_err(u32 group, int error);
extern int rtnetlink_put_metrics(struct sk_buff *skb, u32 *metrics);
extern void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data);
@ -1065,6 +718,13 @@ extern void __rtnl_unlock(void);
} \
} while(0)
static inline u32 rtm_get_table(struct rtattr **rta, u8 table)
{
return RTA_GET_U32(rta[RTA_TABLE-1]);
rtattr_failure:
return table;
}
#endif /* __KERNEL__ */

View file

@ -31,6 +31,8 @@
#include <linux/msg.h>
#include <linux/sched.h>
#include <linux/key.h>
#include <linux/xfrm.h>
#include <net/flow.h>
struct ctl_table;
@ -88,6 +90,7 @@ extern int cap_netlink_recv(struct sk_buff *skb, int cap);
struct nfsctl_arg;
struct sched_param;
struct swap_info_struct;
struct request_sock;
/* bprm_apply_creds unsafe reasons */
#define LSM_UNSAFE_SHARE 1
@ -812,9 +815,19 @@ struct swap_info_struct;
* which is used to copy security attributes between local stream sockets.
* @sk_free_security:
* Deallocate security structure.
* @sk_getsid:
* Retrieve the LSM-specific sid for the sock to enable caching of network
* @sk_clone_security:
* Clone/copy security structure.
* @sk_getsecid:
* Retrieve the LSM-specific secid for the sock to enable caching of network
* authorizations.
* @sock_graft:
* Sets the socket's isec sid to the sock's sid.
* @inet_conn_request:
* Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
* @inet_csk_clone:
* Sets the new child socket's sid to the openreq sid.
* @req_classify_flow:
* Sets the flow's sid to the openreq sid.
*
* Security hooks for XFRM operations.
*
@ -823,9 +836,10 @@ struct swap_info_struct;
* used by the XFRM system.
* @sec_ctx contains the security context information being provided by
* the user-level policy update program (e.g., setkey).
* Allocate a security structure to the xp->security field.
* The security field is initialized to NULL when the xfrm_policy is
* allocated.
* @sk refers to the sock from which to derive the security context.
* Allocate a security structure to the xp->security field; the security
* field is initialized to NULL when the xfrm_policy is allocated. Only
* one of sec_ctx or sock can be specified.
* Return 0 if operation was successful (memory to allocate, legal context)
* @xfrm_policy_clone_security:
* @old contains an existing xfrm_policy in the SPD.
@ -844,9 +858,14 @@ struct swap_info_struct;
* Database by the XFRM system.
* @sec_ctx contains the security context information being provided by
* the user-level SA generation program (e.g., setkey or racoon).
* Allocate a security structure to the x->security field. The
* security field is initialized to NULL when the xfrm_state is
* allocated.
* @polsec contains the security context information associated with a xfrm
* policy rule from which to take the base context. polsec must be NULL
* when sec_ctx is specified.
* @secid contains the secid from which to take the mls portion of the context.
* Allocate a security structure to the x->security field; the security
* field is initialized to NULL when the xfrm_state is allocated. Set the
* context to correspond to either sec_ctx or polsec, with the mls portion
* taken from secid in the latter case.
* Return 0 if operation was successful (memory to allocate, legal context).
* @xfrm_state_free_security:
* @x contains the xfrm_state.
@ -857,13 +876,27 @@ struct swap_info_struct;
* @xfrm_policy_lookup:
* @xp contains the xfrm_policy for which the access control is being
* checked.
* @sk_sid contains the sock security label that is used to authorize
* @fl_secid contains the flow security label that is used to authorize
* access to the policy xp.
* @dir contains the direction of the flow (input or output).
* Check permission when a sock selects a xfrm_policy for processing
* Check permission when a flow selects a xfrm_policy for processing
* XFRMs on a packet. The hook is called when selecting either a
* per-socket policy or a generic xfrm policy.
* Return 0 if permission is granted.
* @xfrm_state_pol_flow_match:
* @x contains the state to match.
* @xp contains the policy to check for a match.
* @fl contains the flow to check for a match.
* Return 1 if there is a match.
* @xfrm_flow_state_match:
* @fl contains the flow key to match.
* @xfrm points to the xfrm_state to match.
* Return 1 if there is a match.
* @xfrm_decode_session:
* @skb points to skb to decode.
* @secid points to the flow key secid to set.
* @ckall says if all xfrms used should be checked for same secid.
* Return 0 if ckall is zero or all xfrms used have the same secid.
*
* Security hooks affecting all Key Management operations
*
@ -1308,8 +1341,8 @@ struct security_operations {
int (*unix_may_send) (struct socket * sock, struct socket * other);
int (*socket_create) (int family, int type, int protocol, int kern);
void (*socket_post_create) (struct socket * sock, int family,
int type, int protocol, int kern);
int (*socket_post_create) (struct socket * sock, int family,
int type, int protocol, int kern);
int (*socket_bind) (struct socket * sock,
struct sockaddr * address, int addrlen);
int (*socket_connect) (struct socket * sock,
@ -1332,18 +1365,31 @@ struct security_operations {
int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
void (*sk_free_security) (struct sock *sk);
unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir);
void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
void (*sk_getsecid) (struct sock *sk, u32 *secid);
void (*sock_graft)(struct sock* sk, struct socket *parent);
int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb,
struct request_sock *req);
void (*inet_csk_clone)(struct sock *newsk, const struct request_sock *req);
void (*req_classify_flow)(const struct request_sock *req, struct flowi *fl);
#endif /* CONFIG_SECURITY_NETWORK */
#ifdef CONFIG_SECURITY_NETWORK_XFRM
int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx);
int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp,
struct xfrm_user_sec_ctx *sec_ctx, struct sock *sk);
int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new);
void (*xfrm_policy_free_security) (struct xfrm_policy *xp);
int (*xfrm_policy_delete_security) (struct xfrm_policy *xp);
int (*xfrm_state_alloc_security) (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
int (*xfrm_state_alloc_security) (struct xfrm_state *x,
struct xfrm_user_sec_ctx *sec_ctx, struct xfrm_sec_ctx *polsec,
u32 secid);
void (*xfrm_state_free_security) (struct xfrm_state *x);
int (*xfrm_state_delete_security) (struct xfrm_state *x);
int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 sk_sid, u8 dir);
int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 fl_secid, u8 dir);
int (*xfrm_state_pol_flow_match)(struct xfrm_state *x,
struct xfrm_policy *xp, struct flowi *fl);
int (*xfrm_flow_state_match)(struct flowi *fl, struct xfrm_state *xfrm);
int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall);
#endif /* CONFIG_SECURITY_NETWORK_XFRM */
/* key management security hooks */
@ -2778,13 +2824,13 @@ static inline int security_socket_create (int family, int type,
return security_ops->socket_create(family, type, protocol, kern);
}
static inline void security_socket_post_create(struct socket * sock,
int family,
int type,
int protocol, int kern)
static inline int security_socket_post_create(struct socket * sock,
int family,
int type,
int protocol, int kern)
{
security_ops->socket_post_create(sock, family, type,
protocol, kern);
return security_ops->socket_post_create(sock, family, type,
protocol, kern);
}
static inline int security_socket_bind(struct socket * sock,
@ -2885,9 +2931,36 @@ static inline void security_sk_free(struct sock *sk)
return security_ops->sk_free_security(sk);
}
static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir)
static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
{
return security_ops->sk_getsid(sk, fl, dir);
return security_ops->sk_clone_security(sk, newsk);
}
static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
{
security_ops->sk_getsecid(sk, &fl->secid);
}
static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
{
security_ops->req_classify_flow(req, fl);
}
static inline void security_sock_graft(struct sock* sk, struct socket *parent)
{
security_ops->sock_graft(sk, parent);
}
static inline int security_inet_conn_request(struct sock *sk,
struct sk_buff *skb, struct request_sock *req)
{
return security_ops->inet_conn_request(sk, skb, req);
}
static inline void security_inet_csk_clone(struct sock *newsk,
const struct request_sock *req)
{
security_ops->inet_csk_clone(newsk, req);
}
#else /* CONFIG_SECURITY_NETWORK */
static inline int security_unix_stream_connect(struct socket * sock,
@ -2909,11 +2982,12 @@ static inline int security_socket_create (int family, int type,
return 0;
}
static inline void security_socket_post_create(struct socket * sock,
int family,
int type,
int protocol, int kern)
static inline int security_socket_post_create(struct socket * sock,
int family,
int type,
int protocol, int kern)
{
return 0;
}
static inline int security_socket_bind(struct socket * sock,
@ -3011,16 +3085,43 @@ static inline void security_sk_free(struct sock *sk)
{
}
static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir)
static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
{
}
static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
{
}
static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
{
}
static inline void security_sock_graft(struct sock* sk, struct socket *parent)
{
}
static inline int security_inet_conn_request(struct sock *sk,
struct sk_buff *skb, struct request_sock *req)
{
return 0;
}
static inline void security_inet_csk_clone(struct sock *newsk,
const struct request_sock *req)
{
}
#endif /* CONFIG_SECURITY_NETWORK */
#ifdef CONFIG_SECURITY_NETWORK_XFRM
static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
{
return security_ops->xfrm_policy_alloc_security(xp, sec_ctx);
return security_ops->xfrm_policy_alloc_security(xp, sec_ctx, NULL);
}
static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
{
return security_ops->xfrm_policy_alloc_security(xp, NULL, sk);
}
static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
@ -3038,9 +3139,18 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
return security_ops->xfrm_policy_delete_security(xp);
}
static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
static inline int security_xfrm_state_alloc(struct xfrm_state *x,
struct xfrm_user_sec_ctx *sec_ctx)
{
return security_ops->xfrm_state_alloc_security(x, sec_ctx);
return security_ops->xfrm_state_alloc_security(x, sec_ctx, NULL, 0);
}
static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
struct xfrm_sec_ctx *polsec, u32 secid)
{
if (!polsec)
return 0;
return security_ops->xfrm_state_alloc_security(x, NULL, polsec, secid);
}
static inline int security_xfrm_state_delete(struct xfrm_state *x)
@ -3053,9 +3163,32 @@ static inline void security_xfrm_state_free(struct xfrm_state *x)
security_ops->xfrm_state_free_security(x);
}
static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir)
static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
{
return security_ops->xfrm_policy_lookup(xp, sk_sid, dir);
return security_ops->xfrm_policy_lookup(xp, fl_secid, dir);
}
static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
struct xfrm_policy *xp, struct flowi *fl)
{
return security_ops->xfrm_state_pol_flow_match(x, xp, fl);
}
static inline int security_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm)
{
return security_ops->xfrm_flow_state_match(fl, xfrm);
}
static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
{
return security_ops->xfrm_decode_session(skb, secid, 1);
}
static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
{
int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0);
BUG_ON(rc);
}
#else /* CONFIG_SECURITY_NETWORK_XFRM */
static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
@ -3063,6 +3196,11 @@ static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm
return 0;
}
static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
{
return 0;
}
static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
{
return 0;
@ -3077,7 +3215,14 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
return 0;
}
static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
static inline int security_xfrm_state_alloc(struct xfrm_state *x,
struct xfrm_user_sec_ctx *sec_ctx)
{
return 0;
}
static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
struct xfrm_sec_ctx *polsec, u32 secid)
{
return 0;
}
@ -3091,10 +3236,32 @@ static inline int security_xfrm_state_delete(struct xfrm_state *x)
return 0;
}
static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir)
static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
{
return 0;
}
static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
struct xfrm_policy *xp, struct flowi *fl)
{
return 1;
}
static inline int security_xfrm_flow_state_match(struct flowi *fl,
struct xfrm_state *xfrm)
{
return 1;
}
static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
{
return 0;
}
static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
{
}
#endif /* CONFIG_SECURITY_NETWORK_XFRM */
#ifdef CONFIG_KEYS

View file

@ -34,8 +34,9 @@
#define HAVE_ALIGNABLE_SKB /* Ditto 8) */
#define CHECKSUM_NONE 0
#define CHECKSUM_HW 1
#define CHECKSUM_PARTIAL 1
#define CHECKSUM_UNNECESSARY 2
#define CHECKSUM_COMPLETE 3
#define SKB_DATA_ALIGN(X) (((X) + (SMP_CACHE_BYTES - 1)) & \
~(SMP_CACHE_BYTES - 1))
@ -56,17 +57,17 @@
* Apparently with secret goal to sell you new device, when you
* will add new protocol to your host. F.e. IPv6. 8)
*
* HW: the most generic way. Device supplied checksum of _all_
* COMPLETE: the most generic way. Device supplied checksum of _all_
* the packet as seen by netif_rx in skb->csum.
* NOTE: Even if device supports only some protocols, but
* is able to produce some skb->csum, it MUST use HW,
* is able to produce some skb->csum, it MUST use COMPLETE,
* not UNNECESSARY.
*
* B. Checksumming on output.
*
* NONE: skb is checksummed by protocol or csum is not required.
*
* HW: device is required to csum packet as seen by hard_start_xmit
* PARTIAL: device is required to csum packet as seen by hard_start_xmit
* from skb->h.raw to the end and to record the checksum
* at skb->h.raw+skb->csum.
*
@ -1261,14 +1262,14 @@ static inline int skb_linearize_cow(struct sk_buff *skb)
* @len: length of data pulled
*
* After doing a pull on a received packet, you need to call this to
* update the CHECKSUM_HW checksum, or set ip_summed to CHECKSUM_NONE
* so that it can be recomputed from scratch.
* update the CHECKSUM_COMPLETE checksum, or set ip_summed to
* CHECKSUM_NONE so that it can be recomputed from scratch.
*/
static inline void skb_postpull_rcsum(struct sk_buff *skb,
const void *start, unsigned int len)
{
if (skb->ip_summed == CHECKSUM_HW)
if (skb->ip_summed == CHECKSUM_COMPLETE)
skb->csum = csum_sub(skb->csum, csum_partial(start, len, 0));
}
@ -1287,7 +1288,7 @@ static inline int pskb_trim_rcsum(struct sk_buff *skb, unsigned int len)
{
if (likely(len >= skb->len))
return 0;
if (skb->ip_summed == CHECKSUM_HW)
if (skb->ip_summed == CHECKSUM_COMPLETE)
skb->ip_summed = CHECKSUM_NONE;
return __pskb_trim(skb, len);
}

View file

@ -155,42 +155,11 @@ enum
UDP_MIB_NOPORTS, /* NoPorts */
UDP_MIB_INERRORS, /* InErrors */
UDP_MIB_OUTDATAGRAMS, /* OutDatagrams */
UDP_MIB_RCVBUFERRORS, /* RcvbufErrors */
UDP_MIB_SNDBUFERRORS, /* SndbufErrors */
__UDP_MIB_MAX
};
/* sctp mib definitions */
/*
* draft-ietf-sigtran-sctp-mib-07.txt
*/
enum
{
SCTP_MIB_NUM = 0,
SCTP_MIB_CURRESTAB, /* CurrEstab */
SCTP_MIB_ACTIVEESTABS, /* ActiveEstabs */
SCTP_MIB_PASSIVEESTABS, /* PassiveEstabs */
SCTP_MIB_ABORTEDS, /* Aborteds */
SCTP_MIB_SHUTDOWNS, /* Shutdowns */
SCTP_MIB_OUTOFBLUES, /* OutOfBlues */
SCTP_MIB_CHECKSUMERRORS, /* ChecksumErrors */
SCTP_MIB_OUTCTRLCHUNKS, /* OutCtrlChunks */
SCTP_MIB_OUTORDERCHUNKS, /* OutOrderChunks */
SCTP_MIB_OUTUNORDERCHUNKS, /* OutUnorderChunks */
SCTP_MIB_INCTRLCHUNKS, /* InCtrlChunks */
SCTP_MIB_INORDERCHUNKS, /* InOrderChunks */
SCTP_MIB_INUNORDERCHUNKS, /* InUnorderChunks */
SCTP_MIB_FRAGUSRMSGS, /* FragUsrMsgs */
SCTP_MIB_REASMUSRMSGS, /* ReasmUsrMsgs */
SCTP_MIB_OUTSCTPPACKS, /* OutSCTPPacks */
SCTP_MIB_INSCTPPACKS, /* InSCTPPacks */
SCTP_MIB_RTOALGORITHM, /* RtoAlgorithm */
SCTP_MIB_RTOMIN, /* RtoMin */
SCTP_MIB_RTOMAX, /* RtoMax */
SCTP_MIB_RTOINITIAL, /* RtoInitial */
SCTP_MIB_VALCOOKIELIFE, /* ValCookieLife */
SCTP_MIB_MAXINITRETR, /* MaxInitRetr */
__SCTP_MIB_MAX
};
/* linux mib definitions */
enum
{

View file

@ -411,6 +411,10 @@ enum
NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115,
NET_TCP_DMA_COPYBREAK=116,
NET_TCP_SLOW_START_AFTER_IDLE=117,
NET_CIPSOV4_CACHE_ENABLE=118,
NET_CIPSOV4_CACHE_BUCKET_SIZE=119,
NET_CIPSOV4_RBM_OPTFMT=120,
NET_CIPSOV4_RBM_STRICTVALID=121,
};
enum {
@ -552,6 +556,7 @@ enum {
NET_IPV6_ACCEPT_RA_RTR_PREF=20,
NET_IPV6_RTR_PROBE_INTERVAL=21,
NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN=22,
NET_IPV6_PROXY_NDP=23,
__NET_IPV6_MAX
};

View file

@ -102,6 +102,13 @@ struct xfrm_stats {
__u32 integrity_failed;
};
enum
{
XFRM_POLICY_TYPE_MAIN = 0,
XFRM_POLICY_TYPE_SUB = 1,
XFRM_POLICY_TYPE_MAX = 2
};
enum
{
XFRM_POLICY_IN = 0,
@ -120,7 +127,9 @@ enum
#define XFRM_MODE_TRANSPORT 0
#define XFRM_MODE_TUNNEL 1
#define XFRM_MODE_MAX 2
#define XFRM_MODE_ROUTEOPTIMIZATION 2
#define XFRM_MODE_IN_TRIGGER 3
#define XFRM_MODE_MAX 4
/* Netlink configuration messages. */
enum {
@ -164,6 +173,10 @@ enum {
#define XFRM_MSG_NEWAE XFRM_MSG_NEWAE
XFRM_MSG_GETAE,
#define XFRM_MSG_GETAE XFRM_MSG_GETAE
XFRM_MSG_REPORT,
#define XFRM_MSG_REPORT XFRM_MSG_REPORT
__XFRM_MSG_MAX
};
#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1)
@ -217,6 +230,12 @@ enum xfrm_ae_ftype_t {
#define XFRM_AE_MAX (__XFRM_AE_MAX - 1)
};
struct xfrm_userpolicy_type {
__u8 type;
__u16 reserved1;
__u8 reserved2;
};
/* Netlink message attributes. */
enum xfrm_attr_type_t {
XFRMA_UNSPEC,
@ -232,6 +251,10 @@ enum xfrm_attr_type_t {
XFRMA_REPLAY_VAL,
XFRMA_REPLAY_THRESH,
XFRMA_ETIMER_THRESH,
XFRMA_SRCADDR, /* xfrm_address_t */
XFRMA_COADDR, /* xfrm_address_t */
XFRMA_LASTUSED,
XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */
__XFRMA_MAX
#define XFRMA_MAX (__XFRMA_MAX - 1)
@ -247,12 +270,13 @@ struct xfrm_usersa_info {
__u32 seq;
__u32 reqid;
__u16 family;
__u8 mode; /* 0=transport,1=tunnel */
__u8 mode; /* XFRM_MODE_xxx */
__u8 replay_window;
__u8 flags;
#define XFRM_STATE_NOECN 1
#define XFRM_STATE_DECAP_DSCP 2
#define XFRM_STATE_NOPMTUDISC 4
#define XFRM_STATE_WILDRECV 8
};
struct xfrm_usersa_id {
@ -319,12 +343,18 @@ struct xfrm_usersa_flush {
__u8 proto;
};
struct xfrm_user_report {
__u8 proto;
struct xfrm_selector sel;
};
#ifndef __KERNEL__
/* backwards compatibility for userspace */
#define XFRMGRP_ACQUIRE 1
#define XFRMGRP_EXPIRE 2
#define XFRMGRP_SA 4
#define XFRMGRP_POLICY 8
#define XFRMGRP_REPORT 0x10
#endif
enum xfrm_nlgroups {
@ -340,6 +370,8 @@ enum xfrm_nlgroups {
#define XFRMNLGRP_POLICY XFRMNLGRP_POLICY
XFRMNLGRP_AEVENTS,
#define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS
XFRMNLGRP_REPORT,
#define XFRMNLGRP_REPORT XFRMNLGRP_REPORT
__XFRMNLGRP_MAX
};
#define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1)

View file

@ -8,70 +8,110 @@
#include <net/sch_generic.h>
#include <net/pkt_sched.h>
#define tca_gen(name) \
struct tcf_##name *next; \
u32 index; \
int refcnt; \
int bindcnt; \
u32 capab; \
int action; \
struct tcf_t tm; \
struct gnet_stats_basic bstats; \
struct gnet_stats_queue qstats; \
struct gnet_stats_rate_est rate_est; \
spinlock_t *stats_lock; \
spinlock_t lock
struct tcf_police
{
tca_gen(police);
int result;
u32 ewma_rate;
u32 burst;
u32 mtu;
u32 toks;
u32 ptoks;
psched_time_t t_c;
struct qdisc_rate_table *R_tab;
struct qdisc_rate_table *P_tab;
struct tcf_common {
struct tcf_common *tcfc_next;
u32 tcfc_index;
int tcfc_refcnt;
int tcfc_bindcnt;
u32 tcfc_capab;
int tcfc_action;
struct tcf_t tcfc_tm;
struct gnet_stats_basic tcfc_bstats;
struct gnet_stats_queue tcfc_qstats;
struct gnet_stats_rate_est tcfc_rate_est;
spinlock_t *tcfc_stats_lock;
spinlock_t tcfc_lock;
};
#define tcf_next common.tcfc_next
#define tcf_index common.tcfc_index
#define tcf_refcnt common.tcfc_refcnt
#define tcf_bindcnt common.tcfc_bindcnt
#define tcf_capab common.tcfc_capab
#define tcf_action common.tcfc_action
#define tcf_tm common.tcfc_tm
#define tcf_bstats common.tcfc_bstats
#define tcf_qstats common.tcfc_qstats
#define tcf_rate_est common.tcfc_rate_est
#define tcf_stats_lock common.tcfc_stats_lock
#define tcf_lock common.tcfc_lock
struct tcf_police {
struct tcf_common common;
int tcfp_result;
u32 tcfp_ewma_rate;
u32 tcfp_burst;
u32 tcfp_mtu;
u32 tcfp_toks;
u32 tcfp_ptoks;
psched_time_t tcfp_t_c;
struct qdisc_rate_table *tcfp_R_tab;
struct qdisc_rate_table *tcfp_P_tab;
};
#define to_police(pc) \
container_of(pc, struct tcf_police, common)
struct tcf_hashinfo {
struct tcf_common **htab;
unsigned int hmask;
rwlock_t *lock;
};
static inline unsigned int tcf_hash(u32 index, unsigned int hmask)
{
return index & hmask;
}
#ifdef CONFIG_NET_CLS_ACT
#define ACT_P_CREATED 1
#define ACT_P_DELETED 1
struct tcf_act_hdr
{
tca_gen(act_hdr);
struct tcf_act_hdr {
struct tcf_common common;
};
struct tc_action
{
void *priv;
struct tc_action_ops *ops;
__u32 type; /* for backward compat(TCA_OLD_COMPAT) */
__u32 order;
struct tc_action *next;
struct tc_action {
void *priv;
struct tc_action_ops *ops;
__u32 type; /* for backward compat(TCA_OLD_COMPAT) */
__u32 order;
struct tc_action *next;
};
#define TCA_CAP_NONE 0
struct tc_action_ops
{
struct tc_action_ops {
struct tc_action_ops *next;
struct tcf_hashinfo *hinfo;
char kind[IFNAMSIZ];
__u32 type; /* TBD to match kind */
__u32 capab; /* capabilities includes 4 bit version */
struct module *owner;
int (*act)(struct sk_buff *, struct tc_action *, struct tcf_result *);
int (*get_stats)(struct sk_buff *, struct tc_action *);
int (*dump)(struct sk_buff *, struct tc_action *,int , int);
int (*dump)(struct sk_buff *, struct tc_action *, int, int);
int (*cleanup)(struct tc_action *, int bind);
int (*lookup)(struct tc_action *, u32 );
int (*init)(struct rtattr *,struct rtattr *,struct tc_action *, int , int );
int (*walk)(struct sk_buff *, struct netlink_callback *, int , struct tc_action *);
int (*lookup)(struct tc_action *, u32);
int (*init)(struct rtattr *, struct rtattr *, struct tc_action *, int , int);
int (*walk)(struct sk_buff *, struct netlink_callback *, int, struct tc_action *);
};
extern struct tcf_common *tcf_hash_lookup(u32 index,
struct tcf_hashinfo *hinfo);
extern void tcf_hash_destroy(struct tcf_common *p, struct tcf_hashinfo *hinfo);
extern int tcf_hash_release(struct tcf_common *p, int bind,
struct tcf_hashinfo *hinfo);
extern int tcf_generic_walker(struct sk_buff *skb, struct netlink_callback *cb,
int type, struct tc_action *a);
extern u32 tcf_hash_new_index(u32 *idx_gen, struct tcf_hashinfo *hinfo);
extern int tcf_hash_search(struct tc_action *a, u32 index);
extern struct tcf_common *tcf_hash_check(u32 index, struct tc_action *a,
int bind, struct tcf_hashinfo *hinfo);
extern struct tcf_common *tcf_hash_create(u32 index, struct rtattr *est,
struct tc_action *a, int size,
int bind, u32 *idx_gen,
struct tcf_hashinfo *hinfo);
extern void tcf_hash_insert(struct tcf_common *p, struct tcf_hashinfo *hinfo);
extern int tcf_register_action(struct tc_action_ops *a);
extern int tcf_unregister_action(struct tc_action_ops *a);
extern void tcf_action_destroy(struct tc_action *a, int bind);
@ -96,17 +136,17 @@ tcf_police_release(struct tcf_police *p, int bind)
int ret = 0;
#ifdef CONFIG_NET_CLS_ACT
if (p) {
if (bind) {
p->bindcnt--;
}
p->refcnt--;
if (p->refcnt <= 0 && !p->bindcnt) {
if (bind)
p->tcf_bindcnt--;
p->tcf_refcnt--;
if (p->tcf_refcnt <= 0 && !p->tcf_bindcnt) {
tcf_police_destroy(p);
ret = 1;
}
}
#else
if (p && --p->refcnt == 0)
if (p && --p->tcf_refcnt == 0)
tcf_police_destroy(p);
#endif /* CONFIG_NET_CLS_ACT */

View file

@ -1,142 +0,0 @@
/*
* include/net/act_generic.h
*
*/
#ifndef _NET_ACT_GENERIC_H
#define _NET_ACT_GENERIC_H
static inline int tcf_defact_release(struct tcf_defact *p, int bind)
{
int ret = 0;
if (p) {
if (bind) {
p->bindcnt--;
}
p->refcnt--;
if (p->bindcnt <= 0 && p->refcnt <= 0) {
kfree(p->defdata);
tcf_hash_destroy(p);
ret = 1;
}
}
return ret;
}
static inline int
alloc_defdata(struct tcf_defact *p, u32 datalen, void *defdata)
{
p->defdata = kmalloc(datalen, GFP_KERNEL);
if (p->defdata == NULL)
return -ENOMEM;
p->datalen = datalen;
memcpy(p->defdata, defdata, datalen);
return 0;
}
static inline int
realloc_defdata(struct tcf_defact *p, u32 datalen, void *defdata)
{
/* safer to be just brute force for now */
kfree(p->defdata);
return alloc_defdata(p, datalen, defdata);
}
static inline int
tcf_defact_init(struct rtattr *rta, struct rtattr *est,
struct tc_action *a, int ovr, int bind)
{
struct rtattr *tb[TCA_DEF_MAX];
struct tc_defact *parm;
struct tcf_defact *p;
void *defdata;
u32 datalen = 0;
int ret = 0;
if (rta == NULL || rtattr_parse_nested(tb, TCA_DEF_MAX, rta) < 0)
return -EINVAL;
if (tb[TCA_DEF_PARMS - 1] == NULL ||
RTA_PAYLOAD(tb[TCA_DEF_PARMS - 1]) < sizeof(*parm))
return -EINVAL;
parm = RTA_DATA(tb[TCA_DEF_PARMS - 1]);
defdata = RTA_DATA(tb[TCA_DEF_DATA - 1]);
if (defdata == NULL)
return -EINVAL;
datalen = RTA_PAYLOAD(tb[TCA_DEF_DATA - 1]);
if (datalen <= 0)
return -EINVAL;
p = tcf_hash_check(parm->index, a, ovr, bind);
if (p == NULL) {
p = tcf_hash_create(parm->index, est, a, sizeof(*p), ovr, bind);
if (p == NULL)
return -ENOMEM;
ret = alloc_defdata(p, datalen, defdata);
if (ret < 0) {
kfree(p);
return ret;
}
ret = ACT_P_CREATED;
} else {
if (!ovr) {
tcf_defact_release(p, bind);
return -EEXIST;
}
realloc_defdata(p, datalen, defdata);
}
spin_lock_bh(&p->lock);
p->action = parm->action;
spin_unlock_bh(&p->lock);
if (ret == ACT_P_CREATED)
tcf_hash_insert(p);
return ret;
}
static inline int tcf_defact_cleanup(struct tc_action *a, int bind)
{
struct tcf_defact *p = PRIV(a, defact);
if (p != NULL)
return tcf_defact_release(p, bind);
return 0;
}
static inline int
tcf_defact_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref)
{
unsigned char *b = skb->tail;
struct tc_defact opt;
struct tcf_defact *p = PRIV(a, defact);
struct tcf_t t;
opt.index = p->index;
opt.refcnt = p->refcnt - ref;
opt.bindcnt = p->bindcnt - bind;
opt.action = p->action;
RTA_PUT(skb, TCA_DEF_PARMS, sizeof(opt), &opt);
RTA_PUT(skb, TCA_DEF_DATA, p->datalen, p->defdata);
t.install = jiffies_to_clock_t(jiffies - p->tm.install);
t.lastuse = jiffies_to_clock_t(jiffies - p->tm.lastuse);
t.expires = jiffies_to_clock_t(p->tm.expires);
RTA_PUT(skb, TCA_DEF_TM, sizeof(t), &t);
return skb->len;
rtattr_failure:
skb_trim(skb, b - skb->data);
return -1;
}
#define tca_use_default_ops \
.dump = tcf_defact_dump, \
.cleanup = tcf_defact_cleanup, \
.init = tcf_defact_init, \
.walk = tcf_generic_walker, \
#define tca_use_default_defines(name) \
static u32 idx_gen; \
static struct tcf_defact *tcf_##name_ht[MY_TAB_SIZE]; \
static DEFINE_RWLOCK(##name_lock);
#endif /* _NET_ACT_GENERIC_H */

View file

@ -61,6 +61,9 @@ extern int addrconf_set_dstaddr(void __user *arg);
extern int ipv6_chk_addr(struct in6_addr *addr,
struct net_device *dev,
int strict);
#ifdef CONFIG_IPV6_MIP6
extern int ipv6_chk_home_addr(struct in6_addr *addr);
#endif
extern struct inet6_ifaddr * ipv6_get_ifaddr(struct in6_addr *addr,
struct net_device *dev,
int strict);
@ -126,20 +129,18 @@ extern int unregister_inet6addr_notifier(struct notifier_block *nb);
static inline struct inet6_dev *
__in6_dev_get(struct net_device *dev)
{
return (struct inet6_dev *)dev->ip6_ptr;
return rcu_dereference(dev->ip6_ptr);
}
extern rwlock_t addrconf_lock;
static inline struct inet6_dev *
in6_dev_get(struct net_device *dev)
{
struct inet6_dev *idev = NULL;
read_lock(&addrconf_lock);
idev = dev->ip6_ptr;
rcu_read_lock();
idev = __in6_dev_get(dev);
if (idev)
atomic_inc(&idev->refcnt);
read_unlock(&addrconf_lock);
rcu_read_unlock();
return idev;
}

246
include/net/cipso_ipv4.h Normal file
View file

@ -0,0 +1,246 @@
/*
* CIPSO - Commercial IP Security Option
*
* This is an implementation of the CIPSO 2.2 protocol as specified in
* draft-ietf-cipso-ipsecurity-01.txt with additional tag types as found in
* FIPS-188, copies of both documents can be found in the Documentation
* directory. While CIPSO never became a full IETF RFC standard many vendors
* have chosen to adopt the protocol and over the years it has become a
* de-facto standard for labeled networking.
*
* Author: Paul Moore <paul.moore@hp.com>
*
*/
/*
* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
* the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
#ifndef _CIPSO_IPV4_H
#define _CIPSO_IPV4_H
#include <linux/types.h>
#include <linux/rcupdate.h>
#include <linux/list.h>
#include <linux/net.h>
#include <linux/skbuff.h>
#include <net/netlabel.h>
/* known doi values */
#define CIPSO_V4_DOI_UNKNOWN 0x00000000
/* tag types */
#define CIPSO_V4_TAG_INVALID 0
#define CIPSO_V4_TAG_RBITMAP 1
#define CIPSO_V4_TAG_ENUM 2
#define CIPSO_V4_TAG_RANGE 5
#define CIPSO_V4_TAG_PBITMAP 6
#define CIPSO_V4_TAG_FREEFORM 7
/* doi mapping types */
#define CIPSO_V4_MAP_UNKNOWN 0
#define CIPSO_V4_MAP_STD 1
#define CIPSO_V4_MAP_PASS 2
/* limits */
#define CIPSO_V4_MAX_REM_LVLS 256
#define CIPSO_V4_INV_LVL 0x80000000
#define CIPSO_V4_MAX_LOC_LVLS (CIPSO_V4_INV_LVL - 1)
#define CIPSO_V4_MAX_REM_CATS 65536
#define CIPSO_V4_INV_CAT 0x80000000
#define CIPSO_V4_MAX_LOC_CATS (CIPSO_V4_INV_CAT - 1)
/*
* CIPSO DOI definitions
*/
/* DOI definition struct */
#define CIPSO_V4_TAG_MAXCNT 5
struct cipso_v4_doi {
u32 doi;
u32 type;
union {
struct cipso_v4_std_map_tbl *std;
} map;
u8 tags[CIPSO_V4_TAG_MAXCNT];
u32 valid;
struct list_head list;
struct rcu_head rcu;
struct list_head dom_list;
};
/* Standard CIPSO mapping table */
/* NOTE: the highest order bit (i.e. 0x80000000) is an 'invalid' flag, if the
* bit is set then consider that value as unspecified, meaning the
* mapping for that particular level/category is invalid */
struct cipso_v4_std_map_tbl {
struct {
u32 *cipso;
u32 *local;
u32 cipso_size;
u32 local_size;
} lvl;
struct {
u32 *cipso;
u32 *local;
u32 cipso_size;
u32 local_size;
} cat;
};
/*
* Sysctl Variables
*/
#ifdef CONFIG_NETLABEL
extern int cipso_v4_cache_enabled;
extern int cipso_v4_cache_bucketsize;
extern int cipso_v4_rbm_optfmt;
extern int cipso_v4_rbm_strictvalid;
#endif
/*
* Helper Functions
*/
#define CIPSO_V4_OPTEXIST(x) (IPCB(x)->opt.cipso != 0)
#define CIPSO_V4_OPTPTR(x) ((x)->nh.raw + IPCB(x)->opt.cipso)
/*
* DOI List Functions
*/
#ifdef CONFIG_NETLABEL
int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);
int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head * head));
struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
struct sk_buff *cipso_v4_doi_dump_all(size_t headroom);
struct sk_buff *cipso_v4_doi_dump(u32 doi, size_t headroom);
int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def, const char *domain);
int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,
const char *domain);
#else
static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
{
return -ENOSYS;
}
static inline int cipso_v4_doi_remove(u32 doi,
void (*callback) (struct rcu_head * head))
{
return 0;
}
static inline struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi)
{
return NULL;
}
static inline struct sk_buff *cipso_v4_doi_dump_all(size_t headroom)
{
return NULL;
}
static inline struct sk_buff *cipso_v4_doi_dump(u32 doi, size_t headroom)
{
return NULL;
}
static inline int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def,
const char *domain)
{
return -ENOSYS;
}
static inline int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,
const char *domain)
{
return 0;
}
#endif /* CONFIG_NETLABEL */
/*
* Label Mapping Cache Functions
*/
#ifdef CONFIG_NETLABEL
void cipso_v4_cache_invalidate(void);
int cipso_v4_cache_add(const struct sk_buff *skb,
const struct netlbl_lsm_secattr *secattr);
#else
static inline void cipso_v4_cache_invalidate(void)
{
return;
}
static inline int cipso_v4_cache_add(const struct sk_buff *skb,
const struct netlbl_lsm_secattr *secattr)
{
return 0;
}
#endif /* CONFIG_NETLABEL */
/*
* Protocol Handling Functions
*/
#ifdef CONFIG_NETLABEL
void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway);
int cipso_v4_socket_setattr(const struct socket *sock,
const struct cipso_v4_doi *doi_def,
const struct netlbl_lsm_secattr *secattr);
int cipso_v4_socket_getattr(const struct socket *sock,
struct netlbl_lsm_secattr *secattr);
int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
struct netlbl_lsm_secattr *secattr);
int cipso_v4_validate(unsigned char **option);
#else
static inline void cipso_v4_error(struct sk_buff *skb,
int error,
u32 gateway)
{
return;
}
static inline int cipso_v4_socket_setattr(const struct socket *sock,
const struct cipso_v4_doi *doi_def,
const struct netlbl_lsm_secattr *secattr)
{
return -ENOSYS;
}
static inline int cipso_v4_socket_getattr(const struct socket *sock,
struct netlbl_lsm_secattr *secattr)
{
return -ENOSYS;
}
static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
struct netlbl_lsm_secattr *secattr)
{
return -ENOSYS;
}
static inline int cipso_v4_validate(unsigned char **option)
{
return -ENOSYS;
}
#endif /* CONFIG_NETLABEL */
#endif /* _CIPSO_IPV4_H */

View file

@ -22,7 +22,7 @@ struct dn_kern_rta
};
struct dn_fib_res {
struct dn_fib_rule *r;
struct fib_rule *r;
struct dn_fib_info *fi;
unsigned char prefixlen;
unsigned char nh_sel;
@ -94,7 +94,8 @@ struct dn_fib_node {
struct dn_fib_table {
int n;
struct hlist_node hlist;
u32 n;
int (*insert)(struct dn_fib_table *t, struct rtmsg *r,
struct dn_kern_rta *rta, struct nlmsghdr *n,
@ -130,14 +131,11 @@ extern __le16 dn_fib_get_attr16(struct rtattr *attr, int attrlen, int type);
extern void dn_fib_flush(void);
extern void dn_fib_select_multipath(const struct flowi *fl,
struct dn_fib_res *res);
extern int dn_fib_sync_down(__le16 local, struct net_device *dev,
int force);
extern int dn_fib_sync_up(struct net_device *dev);
/*
* dn_tables.c
*/
extern struct dn_fib_table *dn_fib_get_table(int n, int creat);
extern struct dn_fib_table *dn_fib_get_table(u32 n, int creat);
extern struct dn_fib_table *dn_fib_empty_table(void);
extern void dn_fib_table_init(void);
extern void dn_fib_table_cleanup(void);
@ -147,10 +145,8 @@ extern void dn_fib_table_cleanup(void);
*/
extern void dn_fib_rules_init(void);
extern void dn_fib_rules_cleanup(void);
extern void dn_fib_rule_put(struct dn_fib_rule *);
extern __le16 dn_fib_rules_policy(__le16 saddr, struct dn_fib_res *res, unsigned *flags);
extern unsigned dnet_addr_type(__le16 addr);
extern int dn_fib_lookup(const struct flowi *fl, struct dn_fib_res *res);
extern int dn_fib_lookup(struct flowi *fl, struct dn_fib_res *res);
/*
* rtnetlink interface
@ -176,11 +172,9 @@ static inline void dn_fib_res_put(struct dn_fib_res *res)
if (res->fi)
dn_fib_info_put(res->fi);
if (res->r)
dn_fib_rule_put(res->r);
fib_rule_put(res->r);
}
extern struct dn_fib_table *dn_fib_tables[];
#else /* Endnode */
#define dn_fib_init() do { } while(0)

View file

@ -54,6 +54,7 @@ struct dst_entry
unsigned long expires;
unsigned short header_len; /* more space at head required */
unsigned short nfheader_len; /* more non-fragment space at head required */
unsigned short trailer_len; /* space to reserve at tail */
u32 metrics[RTAX_MAX];

View file

@ -15,13 +15,14 @@ struct esp_data
struct {
u8 *key; /* Key */
int key_len; /* Key length */
u8 *ivec; /* ivec buffer */
int padlen; /* 0..255 */
/* ivlen is offset from enc_data, where encrypted data start.
* It is logically different of crypto_tfm_alg_ivsize(tfm).
* We assume that it is either zero (no ivec), or
* >= crypto_tfm_alg_ivsize(tfm). */
int ivlen;
int padlen; /* 0..255 */
int ivinitted;
u8 *ivec; /* ivec buffer */
struct crypto_blkcipher *tfm; /* crypto handle */
} conf;

97
include/net/fib_rules.h Normal file
View file

@ -0,0 +1,97 @@
#ifndef __NET_FIB_RULES_H
#define __NET_FIB_RULES_H
#include <linux/types.h>
#include <linux/netdevice.h>
#include <linux/fib_rules.h>
#include <net/flow.h>
#include <net/netlink.h>
struct fib_rule
{
struct list_head list;
atomic_t refcnt;
int ifindex;
char ifname[IFNAMSIZ];
u32 pref;
u32 flags;
u32 table;
u8 action;
struct rcu_head rcu;
};
struct fib_lookup_arg
{
void *lookup_ptr;
void *result;
struct fib_rule *rule;
};
struct fib_rules_ops
{
int family;
struct list_head list;
int rule_size;
int (*action)(struct fib_rule *,
struct flowi *, int,
struct fib_lookup_arg *);
int (*match)(struct fib_rule *,
struct flowi *, int);
int (*configure)(struct fib_rule *,
struct sk_buff *,
struct nlmsghdr *,
struct fib_rule_hdr *,
struct nlattr **);
int (*compare)(struct fib_rule *,
struct fib_rule_hdr *,
struct nlattr **);
int (*fill)(struct fib_rule *, struct sk_buff *,
struct nlmsghdr *,
struct fib_rule_hdr *);
u32 (*default_pref)(void);
int nlgroup;
struct nla_policy *policy;
struct list_head *rules_list;
struct module *owner;
};
static inline void fib_rule_get(struct fib_rule *rule)
{
atomic_inc(&rule->refcnt);
}
static inline void fib_rule_put_rcu(struct rcu_head *head)
{
struct fib_rule *rule = container_of(head, struct fib_rule, rcu);
kfree(rule);
}
static inline void fib_rule_put(struct fib_rule *rule)
{
if (atomic_dec_and_test(&rule->refcnt))
call_rcu(&rule->rcu, fib_rule_put_rcu);
}
static inline u32 frh_get_table(struct fib_rule_hdr *frh, struct nlattr **nla)
{
if (nla[FRA_TABLE])
return nla_get_u32(nla[FRA_TABLE]);
return frh->table;
}
extern int fib_rules_register(struct fib_rules_ops *);
extern int fib_rules_unregister(struct fib_rules_ops *);
extern int fib_rules_lookup(struct fib_rules_ops *,
struct flowi *, int flags,
struct fib_lookup_arg *);
extern int fib_nl_newrule(struct sk_buff *,
struct nlmsghdr *, void *);
extern int fib_nl_delrule(struct sk_buff *,
struct nlmsghdr *, void *);
extern int fib_rules_dump(struct sk_buff *,
struct netlink_callback *, int);
#endif

View file

@ -26,6 +26,7 @@ struct flowi {
struct {
struct in6_addr daddr;
struct in6_addr saddr;
__u32 fwmark;
__u32 flowlabel;
} ip6_u;
@ -42,6 +43,7 @@ struct flowi {
#define fld_scope nl_u.dn_u.scope
#define fl6_dst nl_u.ip6_u.daddr
#define fl6_src nl_u.ip6_u.saddr
#define fl6_fwmark nl_u.ip6_u.fwmark
#define fl6_flowlabel nl_u.ip6_u.flowlabel
#define fl4_dst nl_u.ip4_u.daddr
#define fl4_src nl_u.ip4_u.saddr
@ -72,12 +74,22 @@ struct flowi {
} dnports;
__u32 spi;
#ifdef CONFIG_IPV6_MIP6
struct {
__u8 type;
} mht;
#endif
} uli_u;
#define fl_ip_sport uli_u.ports.sport
#define fl_ip_dport uli_u.ports.dport
#define fl_icmp_type uli_u.icmpt.type
#define fl_icmp_code uli_u.icmpt.code
#define fl_ipsec_spi uli_u.spi
#ifdef CONFIG_IPV6_MIP6
#define fl_mh_type uli_u.mht.type
#endif
__u32 secid; /* used by xfrm; see secid.txt */
} __attribute__((__aligned__(BITS_PER_LONG/8)));
#define FLOW_DIR_IN 0
@ -85,10 +97,10 @@ struct flowi {
#define FLOW_DIR_FWD 2
struct sock;
typedef void (*flow_resolve_t)(struct flowi *key, u32 sk_sid, u16 family, u8 dir,
typedef void (*flow_resolve_t)(struct flowi *key, u16 family, u8 dir,
void **objp, atomic_t **obj_refp);
extern void *flow_cache_lookup(struct flowi *key, u32 sk_sid, u16 family, u8 dir,
extern void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir,
flow_resolve_t resolver);
extern void flow_cache_flush(void);
extern atomic_t flow_cache_genid;

View file

@ -27,8 +27,6 @@ struct genl_family
struct list_head family_list; /* private */
};
#define GENL_ADMIN_PERM 0x01
/**
* struct genl_info - receiving information
* @snd_seq: sending sequence number
@ -133,11 +131,12 @@ static inline int genlmsg_cancel(struct sk_buff *skb, void *hdr)
* @skb: netlink message as socket buffer
* @pid: own netlink pid to avoid sending to yourself
* @group: multicast group id
* @flags: allocation flags
*/
static inline int genlmsg_multicast(struct sk_buff *skb, u32 pid,
unsigned int group)
unsigned int group, gfp_t flags)
{
return nlmsg_multicast(genl_sock, skb, pid, group);
return nlmsg_multicast(genl_sock, skb, pid, group, flags);
}
/**

Some files were not shown because too many files have changed in this diff Show more