linux.git/net/ipv4, branch v2.6.22-rc4 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git [ICMP]: Fix icmp_errors_use_inbound_ifaddr sysctl 2007-06-04T01:08:51+00:00 Patrick McHardy kaber@trash.net 2007-06-01T18:45:04+00:00 6e1d91039becc9d5bcd046d8c709dbaf471220e3 Currently when icmp_errors_use_inbound_ifaddr is set and an ICMP error is sent after the packet passed through ip_output(), an address from the outgoing interface is chosen as ICMP source address since skb->dev doesn't point to the incoming interface anymore. Fix this by doing an interface lookup on rt->dst.iif and using that device. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Currently when icmp_errors_use_inbound_ifaddr is set and an ICMP error is
sent after the packet passed through ip_output(), an address from the
outgoing interface is chosen as ICMP source address since skb->dev doesn't
point to the incoming interface anymore.

Fix this by doing an interface lookup on rt->dst.iif and using that device.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[IPV4]: Fix "ipOutNoRoutes" counter error for TCP and UDP 2007-06-04T01:08:50+00:00 Wei Dong weidong@cn.fujitsu.com 2007-06-01T05:49:28+00:00 584bdf8cbdf6f277c2a00e083257ee75687cf6f4 Signed-off-by: Wei Dong <weidong@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Wei Dong <weidong@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[TCP]: Fix GSO ignorance of pkts_acked arg (cong.cntrl modules) 2007-06-04T01:08:48+00:00 Ilpo Järvinen ilpo.jarvinen@helsinki.fi 2007-06-01T04:37:55+00:00 6418204f919c030ca0c943f6c77dc84aff2ec0d2 The code used to ignore GSO completely, passing either way too small or zero pkts_acked when GSO skb or part of it got ACKed. In addition, there is no need to calculate the value in the loop but simple arithmetics after the loop is sufficient. There is no need to handle SYN case specially because congestion control modules are not yet initialized when FLAG_SYN_ACKED is set. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net> 
The code used to ignore GSO completely, passing either way too
small or zero pkts_acked when GSO skb or part of it got ACKed.
In addition, there is no need to calculate the value in the loop
but simple arithmetics after the loop is sufficient. There is
no need to handle SYN case specially because congestion control
modules are not yet initialized when FLAG_SYN_ACKED is set.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
[TCP]: Use default 32768-61000 outgoing port range in all cases. 2007-06-04T01:08:43+00:00 Mark Glines mark@glines.org 2007-05-31T22:44:48+00:00 3f196eb519a419bf83ecc22753943fd0a0de4f8f This diff changes the default port range used for outgoing connections, from "use 32768-61000 in most cases, but use N-4999 on small boxes (where N is a multiple of 1024, depending on just *how* small the box is)" to just "use 32768-61000 in all cases". I don't believe there are any drawbacks to this change, and it keeps outgoing connection ports farther away from the mess of IANA-registered ports. Signed-off-by: Mark Glines <mark@glines.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
This diff changes the default port range used for outgoing connections,
from "use 32768-61000 in most cases, but use N-4999 on small boxes
(where N is a multiple of 1024, depending on just *how* small the box
is)" to just "use 32768-61000 in all cases".

I don't believe there are any drawbacks to this change, and it keeps
outgoing connection ports farther away from the mess of
IANA-registered ports.

Signed-off-by: Mark Glines <mark@glines.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[TCP] tcp_probe: use GCC printf attribute 2007-05-31T08:23:37+00:00 Stephen Hemminger shemminger@linux-foundation.org 2007-05-29T20:24:51+00:00 67403754bceda484a62a697878ff20a0e8d3aae6 The function in tcp_probe is printf like, use GCC to check the args. Sighed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
The function in tcp_probe is printf like, use GCC to check the args.

Sighed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[TCP] tcp_probe: a trivial fix for mismatched number of printl arguments. 2007-05-31T08:23:36+00:00 Sangtae Ha sangtae.ha@gmail.com 2007-05-29T20:24:11+00:00 63313494c4419bd5d60b4f3ef8970a98525ac9d3 Just a fix to correct the number of printl arguments. Now, srtt is logging correctly. Signed-off-by: Sangtae Ha <sangtae.ha@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Just a fix to correct the number of printl arguments. Now, srtt is
logging correctly.

Signed-off-by: Sangtae Ha <sangtae.ha@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[TCP]: Consolidate checking for tcp orphan count being too big. 2007-05-31T08:23:34+00:00 Pavel Emelianov xemul@openvz.org 2007-05-29T20:19:18+00:00 e4fd5da39f99d5921dda1fe3d93652fbd925fbfd tcp_out_of_resources() and tcp_close() perform the same checking of number of orphan sockets. Move this code into common place. Signed-off-by: Pavel Emelianov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
tcp_out_of_resources() and tcp_close() perform the
same checking of number of orphan sockets. Move this
code into common place.

Signed-off-by: Pavel Emelianov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[IPV4]: Kill references to bogus non-existent CONFIG_IP_NOSIOCRT 2007-05-31T08:23:29+00:00 David S. Miller davem@sunset.davemloft.net 2007-05-29T20:06:51+00:00 ddc31ce311b65fc3c30ec9ca5baf688a882260bc Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: David S. Miller <davem@davemloft.net>
[IPSEC]: Fix panic when using inter address familiy IPsec on loopback. 2007-05-31T08:23:28+00:00 Kazunori MIYAZAWA kazunori@miyazawa.org 2007-05-29T20:03:17+00:00 f282d45cb496e3960046afd3d5f241265eda6fde Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[XFRM]: Allow packet drops during larval state resolution. 2007-05-25T01:17:54+00:00 David S. Miller davem@sunset.davemloft.net 2007-05-25T01:17:54+00:00 14e50e57aedb2a89cf79b77782879769794cab7b The current IPSEC rule resolution behavior we have does not work for a lot of people, even though technically it's an improvement from the -EAGAIN buisness we had before. Right now we'll block until the key manager resolves the route. That works for simple cases, but many folks would rather packets get silently dropped until the key manager resolves the IPSEC rules. We can't tell these folks to "set the socket non-blocking" because they don't have control over the non-block setting of things like the sockets used to resolve DNS deep inside of the resolver libraries in libc. With that in mind I coded up the patch below with some help from Herbert Xu which provides packet-drop behavior during larval state resolution, controllable via sysctl and off by default. This lays the framework to either: 1) Make this default at some point or... 2) Move this logic into xfrm{4,6}_policy.c and implement the ARP-like resolution queue we've all been dreaming of. The idea would be to queue packets to the policy, then once the larval state is resolved by the key manager we re-resolve the route and push the packets out. The packets would timeout if the rule didn't get resolved in a certain amount of time. Signed-off-by: David S. Miller <davem@davemloft.net> 
The current IPSEC rule resolution behavior we have does not work for a
lot of people, even though technically it's an improvement from the
-EAGAIN buisness we had before.

Right now we'll block until the key manager resolves the route.  That
works for simple cases, but many folks would rather packets get
silently dropped until the key manager resolves the IPSEC rules.

We can't tell these folks to "set the socket non-blocking" because
they don't have control over the non-block setting of things like the
sockets used to resolve DNS deep inside of the resolver libraries in
libc.

With that in mind I coded up the patch below with some help from
Herbert Xu which provides packet-drop behavior during larval state
resolution, controllable via sysctl and off by default.

This lays the framework to either:

1) Make this default at some point or...

2) Move this logic into xfrm{4,6}_policy.c and implement the
   ARP-like resolution queue we've all been dreaming of.
   The idea would be to queue packets to the policy, then
   once the larval state is resolved by the key manager we
   re-resolve the route and push the packets out.  The
   packets would timeout if the rule didn't get resolved
   in a certain amount of time.

Signed-off-by: David S. Miller <davem@davemloft.net>