linux-stable.git/net/ipv4/ip_output.c, branch v3.1 Linux kernel stable tree ipv4: use dst with ref during bcast/mcast loopback 2011-08-08T05:52:32+00:00 Julian Anastasov ja@ssi.bg 2011-08-07T10:17:22+00:00 d52fbfc9e5c7bb0b0dbc256edf17dee170ce839d Make sure skb dst has reference when moving to another context. Currently, I don't see protocols that can hit it when sending broadcasts/multicasts to loopback using noref dsts, so it is just a precaution. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: David S. Miller <davem@davemloft.net> 
Make sure skb dst has reference when moving to
another context. Currently, I don't see protocols that can
hit it when sending broadcasts/multicasts to loopback using
noref dsts, so it is just a precaution.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
net: fix NULL dereferences in check_peer_redir() 2011-08-03T10:34:12+00:00 Eric Dumazet eric.dumazet@gmail.com 2011-07-29T19:00:53+00:00 f2c31e32b378a6653f8de606149d963baf11d7d3 Gergely Kalman reported crashes in check_peer_redir(). It appears commit f39925dbde778 (ipv4: Cache learned redirect information in inetpeer.) added a race, leading to possible NULL ptr dereference. Since we can now change dst neighbour, we should make sure a reader can safely use a neighbour. Add RCU protection to dst neighbour, and make sure check_peer_redir() can be called safely by different cpus in parallel. As neighbours are already freed after one RCU grace period, this patch should not add typical RCU penalty (cache cold effects) Many thanks to Gergely for providing a pretty report pointing to the bug. Reported-by: Gergely Kalman <synapse@hippy.csoma.elte.hu> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Gergely Kalman reported crashes in check_peer_redir().

It appears commit f39925dbde778 (ipv4: Cache learned redirect
information in inetpeer.) added a race, leading to possible NULL ptr
dereference.

Since we can now change dst neighbour, we should make sure a reader can
safely use a neighbour.

Add RCU protection to dst neighbour, and make sure check_peer_redir()
can be called safely by different cpus in parallel.

As neighbours are already freed after one RCU grace period, this patch
should not add typical RCU penalty (cache cold effects)

Many thanks to Gergely for providing a pretty report pointing to the
bug.

Reported-by: Gergely Kalman <synapse@hippy.csoma.elte.hu>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
ipv4: Constrain UFO fragment sizes to multiples of 8 bytes 2011-07-22T04:31:41+00:00 Bill Sommerfeld wsommerfeld@google.com 2011-07-19T15:22:33+00:00 d9be4f7a6f5a8da3133b832eca41c3591420b1ca Because the ip fragment offset field counts 8-byte chunks, ip fragments other than the last must contain a multiple of 8 bytes of payload. ip_ufo_append_data wasn't respecting this constraint and, depending on the MTU and ip option sizes, could create malformed non-final fragments. Google-Bug-Id: 5009328 Signed-off-by: Bill Sommerfeld <wsommerfeld@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Because the ip fragment offset field counts 8-byte chunks, ip
fragments other than the last must contain a multiple of 8 bytes of
payload.  ip_ufo_append_data wasn't respecting this constraint and,
depending on the MTU and ip option sizes, could create malformed
non-final fragments.

Google-Bug-Id: 5009328
Signed-off-by: Bill Sommerfeld <wsommerfeld@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net: Abstract dst->neighbour accesses behind helpers. 2011-07-18T06:11:35+00:00 David S. Miller davem@davemloft.net 2011-07-18T06:09:49+00:00 69cce1d1404968f78b177a0314f5822d5afdbbfb dst_{get,set}_neighbour() Signed-off-by: David S. Miller <davem@davemloft.net> 
dst_{get,set}_neighbour()

Signed-off-by: David S. Miller <davem@davemloft.net>
net: Create and use new helper, neigh_output(). 2011-07-17T00:26:00+00:00 David S. Miller davem@davemloft.net 2011-07-17T00:26:00+00:00 05e3aa0949c138803185f92bd7db9be59cfca1be Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: David S. Miller <davem@davemloft.net>
ipv4: Use calculated 'neigh' instead of re-evaluating dst->neighbour 2011-07-16T21:25:54+00:00 David S. Miller davem@davemloft.net 2011-07-16T21:25:54+00:00 fec8292d9cb662274b583c5c69fdfa6932e593a5 Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: David S. Miller <davem@davemloft.net>
net: Embed hh_cache inside of struct neighbour. 2011-07-14T14:53:20+00:00 David S. Miller davem@davemloft.net 2011-07-14T14:53:20+00:00 f6b72b6217f8c24f2a54988e58af858b4e66024d Now that there is a one-to-one correspondance between neighbour and hh_cache entries, we no longer need: 1) dynamic allocation 2) attachment to dst->hh 3) refcounting Initialization of the hh_cache entry is indicated by hh_len being non-zero, and such initialization is always done with the neighbour's lock held as a writer. Signed-off-by: David S. Miller <davem@davemloft.net> 
Now that there is a one-to-one correspondance between neighbour
and hh_cache entries, we no longer need:

1) dynamic allocation
2) attachment to dst->hh
3) refcounting

Initialization of the hh_cache entry is indicated by hh_len
being non-zero, and such initialization is always done with
the neighbour's lock held as a writer.

Signed-off-by: David S. Miller <davem@davemloft.net>
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-07-06T06:23:37+00:00 David S. Miller davem@davemloft.net 2011-07-06T06:23:37+00:00 e12fe68ce34d60c04bb1ddb1d3cc5c3022388fe4 






ipv4: Don't use ufo handling on later transformed packets
2011-07-02T00:33:19+00:00

Steffen Klassert
steffen.klassert@secunet.com

2011-06-29T23:19:32+00:00

c146066ab80267c3305de5dda6a4083f06df9265

We might call ip_ufo_append_data() for packets that will be IPsec
transformed later. This function should be used just for real
udp packets. So we check for rt->dst.header_len which is only
nonzero on IPsec handling and call ip_ufo_append_data() just
if rt->dst.header_len is zero.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>





We might call ip_ufo_append_data() for packets that will be IPsec
transformed later. This function should be used just for real
udp packets. So we check for rt->dst.header_len which is only
nonzero on IPsec handling and call ip_ufo_append_data() just
if rt->dst.header_len is zero.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>







ipv4: Fix IPsec slowpath fragmentation problem
2011-06-28T03:34:26+00:00

Steffen Klassert
steffen.klassert@secunet.com

2011-06-22T01:05:37+00:00

353e5c9abd900de3d1a40925386ffe4abf76111e

ip_append_data() builds packets based on the mtu from dst_mtu(rt->dst.path).
On IPsec the effective mtu is lower because we need to add the protocol
headers and trailers later when we do the IPsec transformations. So after
the IPsec transformations the packet might be too big, which leads to a
slowpath fragmentation then. This patch fixes this by building the packets
based on the lower IPsec mtu from dst_mtu(&rt->dst) and adapts the exthdr
handling to this.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>





ip_append_data() builds packets based on the mtu from dst_mtu(rt->dst.path).
On IPsec the effective mtu is lower because we need to add the protocol
headers and trailers later when we do the IPsec transformations. So after
the IPsec transformations the packet might be too big, which leads to a
slowpath fragmentation then. This patch fixes this by building the packets
based on the lower IPsec mtu from dst_mtu(&rt->dst) and adapts the exthdr
handling to this.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>