<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/net/sctp/sysctl.c, branch linux-3.10.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>net: sctp: check proc_dointvec result in proc_sctp_do_auth</title>
<updated>2014-07-28T15:00:04+00:00</updated>
<author>
<name>Daniel Borkmann</name>
<email>dborkman@redhat.com</email>
</author>
<published>2014-06-18T21:46:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e9013d0f0faef78f90f7bb30e722965fe992dc1e'/>
<id>e9013d0f0faef78f90f7bb30e722965fe992dc1e</id>
<content type='text'>
[ Upstream commit 24599e61b7552673dd85971cf5a35369cd8c119e ]

When writing to the sysctl field net.sctp.auth_enable, it can well
be that the user buffer we handed over to proc_dointvec() via
proc_sctp_do_auth() handler contains something other than integers.

In that case, we would set an uninitialized 4-byte value from the
stack to net-&gt;sctp.auth_enable that can be leaked back when reading
the sysctl variable, and it can unintentionally turn auth_enable
on/off based on the stack content since auth_enable is interpreted
as a boolean.

Fix it up by making sure proc_dointvec() returned sucessfully.

Fixes: b14878ccb7fa ("net: sctp: cache auth_enable per endpoint")
Reported-by: Florian Westphal &lt;fwestpha@redhat.com&gt;
Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Acked-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 24599e61b7552673dd85971cf5a35369cd8c119e ]

When writing to the sysctl field net.sctp.auth_enable, it can well
be that the user buffer we handed over to proc_dointvec() via
proc_sctp_do_auth() handler contains something other than integers.

In that case, we would set an uninitialized 4-byte value from the
stack to net-&gt;sctp.auth_enable that can be leaked back when reading
the sysctl variable, and it can unintentionally turn auth_enable
on/off based on the stack content since auth_enable is interpreted
as a boolean.

Fix it up by making sure proc_dointvec() returned sucessfully.

Fixes: b14878ccb7fa ("net: sctp: cache auth_enable per endpoint")
Reported-by: Florian Westphal &lt;fwestpha@redhat.com&gt;
Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Acked-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: sctp: cache auth_enable per endpoint</title>
<updated>2014-05-31T04:52:15+00:00</updated>
<author>
<name>Vlad Yasevich</name>
<email>vyasevic@redhat.com</email>
</author>
<published>2014-04-17T15:26:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e5eae4a0511241959498b180fa0df0d4f1b11b9c'/>
<id>e5eae4a0511241959498b180fa0df0d4f1b11b9c</id>
<content type='text'>
[ Upstream commit b14878ccb7fac0242db82720b784ab62c467c0dc ]

Currently, it is possible to create an SCTP socket, then switch
auth_enable via sysctl setting to 1 and crash the system on connect:

Oops[#1]:
CPU: 0 PID: 0 Comm: swapper Not tainted 3.14.1-mipsgit-20140415 #1
task: ffffffff8056ce80 ti: ffffffff8055c000 task.ti: ffffffff8055c000
[...]
Call Trace:
[&lt;ffffffff8043c4e8&gt;] sctp_auth_asoc_set_default_hmac+0x68/0x80
[&lt;ffffffff8042b300&gt;] sctp_process_init+0x5e0/0x8a4
[&lt;ffffffff8042188c&gt;] sctp_sf_do_5_1B_init+0x234/0x34c
[&lt;ffffffff804228c8&gt;] sctp_do_sm+0xb4/0x1e8
[&lt;ffffffff80425a08&gt;] sctp_endpoint_bh_rcv+0x1c4/0x214
[&lt;ffffffff8043af68&gt;] sctp_rcv+0x588/0x630
[&lt;ffffffff8043e8e8&gt;] sctp6_rcv+0x10/0x24
[&lt;ffffffff803acb50&gt;] ip6_input+0x2c0/0x440
[&lt;ffffffff8030fc00&gt;] __netif_receive_skb_core+0x4a8/0x564
[&lt;ffffffff80310650&gt;] process_backlog+0xb4/0x18c
[&lt;ffffffff80313cbc&gt;] net_rx_action+0x12c/0x210
[&lt;ffffffff80034254&gt;] __do_softirq+0x17c/0x2ac
[&lt;ffffffff800345e0&gt;] irq_exit+0x54/0xb0
[&lt;ffffffff800075a4&gt;] ret_from_irq+0x0/0x4
[&lt;ffffffff800090ec&gt;] rm7k_wait_irqoff+0x24/0x48
[&lt;ffffffff8005e388&gt;] cpu_startup_entry+0xc0/0x148
[&lt;ffffffff805a88b0&gt;] start_kernel+0x37c/0x398
Code: dd0900b8  000330f8  0126302d &lt;dcc60000&gt; 50c0fff1  0047182a  a48306a0
03e00008  00000000
---[ end trace b530b0551467f2fd ]---
Kernel panic - not syncing: Fatal exception in interrupt

What happens while auth_enable=0 in that case is, that
ep-&gt;auth_hmacs is initialized to NULL in sctp_auth_init_hmacs()
when endpoint is being created.

After that point, if an admin switches over to auth_enable=1,
the machine can crash due to NULL pointer dereference during
reception of an INIT chunk. When we enter sctp_process_init()
via sctp_sf_do_5_1B_init() in order to respond to an INIT chunk,
the INIT verification succeeds and while we walk and process
all INIT params via sctp_process_param() we find that
net-&gt;sctp.auth_enable is set, therefore do not fall through,
but invoke sctp_auth_asoc_set_default_hmac() instead, and thus,
dereference what we have set to NULL during endpoint
initialization phase.

The fix is to make auth_enable immutable by caching its value
during endpoint initialization, so that its original value is
being carried along until destruction. The bug seems to originate
from the very first days.

Fix in joint work with Daniel Borkmann.

Reported-by: Joshua Kinard &lt;kumba@gentoo.org&gt;
Signed-off-by: Vlad Yasevich &lt;vyasevic@redhat.com&gt;
Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Tested-by: Joshua Kinard &lt;kumba@gentoo.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit b14878ccb7fac0242db82720b784ab62c467c0dc ]

Currently, it is possible to create an SCTP socket, then switch
auth_enable via sysctl setting to 1 and crash the system on connect:

Oops[#1]:
CPU: 0 PID: 0 Comm: swapper Not tainted 3.14.1-mipsgit-20140415 #1
task: ffffffff8056ce80 ti: ffffffff8055c000 task.ti: ffffffff8055c000
[...]
Call Trace:
[&lt;ffffffff8043c4e8&gt;] sctp_auth_asoc_set_default_hmac+0x68/0x80
[&lt;ffffffff8042b300&gt;] sctp_process_init+0x5e0/0x8a4
[&lt;ffffffff8042188c&gt;] sctp_sf_do_5_1B_init+0x234/0x34c
[&lt;ffffffff804228c8&gt;] sctp_do_sm+0xb4/0x1e8
[&lt;ffffffff80425a08&gt;] sctp_endpoint_bh_rcv+0x1c4/0x214
[&lt;ffffffff8043af68&gt;] sctp_rcv+0x588/0x630
[&lt;ffffffff8043e8e8&gt;] sctp6_rcv+0x10/0x24
[&lt;ffffffff803acb50&gt;] ip6_input+0x2c0/0x440
[&lt;ffffffff8030fc00&gt;] __netif_receive_skb_core+0x4a8/0x564
[&lt;ffffffff80310650&gt;] process_backlog+0xb4/0x18c
[&lt;ffffffff80313cbc&gt;] net_rx_action+0x12c/0x210
[&lt;ffffffff80034254&gt;] __do_softirq+0x17c/0x2ac
[&lt;ffffffff800345e0&gt;] irq_exit+0x54/0xb0
[&lt;ffffffff800075a4&gt;] ret_from_irq+0x0/0x4
[&lt;ffffffff800090ec&gt;] rm7k_wait_irqoff+0x24/0x48
[&lt;ffffffff8005e388&gt;] cpu_startup_entry+0xc0/0x148
[&lt;ffffffff805a88b0&gt;] start_kernel+0x37c/0x398
Code: dd0900b8  000330f8  0126302d &lt;dcc60000&gt; 50c0fff1  0047182a  a48306a0
03e00008  00000000
---[ end trace b530b0551467f2fd ]---
Kernel panic - not syncing: Fatal exception in interrupt

What happens while auth_enable=0 in that case is, that
ep-&gt;auth_hmacs is initialized to NULL in sctp_auth_init_hmacs()
when endpoint is being created.

After that point, if an admin switches over to auth_enable=1,
the machine can crash due to NULL pointer dereference during
reception of an INIT chunk. When we enter sctp_process_init()
via sctp_sf_do_5_1B_init() in order to respond to an INIT chunk,
the INIT verification succeeds and while we walk and process
all INIT params via sctp_process_param() we find that
net-&gt;sctp.auth_enable is set, therefore do not fall through,
but invoke sctp_auth_asoc_set_default_hmac() instead, and thus,
dereference what we have set to NULL during endpoint
initialization phase.

The fix is to make auth_enable immutable by caching its value
during endpoint initialization, so that its original value is
being carried along until destruction. The bug seems to originate
from the very first days.

Fix in joint work with Daniel Borkmann.

Reported-by: Joshua Kinard &lt;kumba@gentoo.org&gt;
Signed-off-by: Vlad Yasevich &lt;vyasevic@redhat.com&gt;
Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Tested-by: Joshua Kinard &lt;kumba@gentoo.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>SCTP: Free the per-net sysctl table on net exit. v2</title>
<updated>2013-01-28T05:09:32+00:00</updated>
<author>
<name>Vlad Yasevich</name>
<email>vyasevich@gmail.com</email>
</author>
<published>2013-01-24T16:02:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5f19d1219a5b96c7b00ad5c3f889030093a8d1a3'/>
<id>5f19d1219a5b96c7b00ad5c3f889030093a8d1a3</id>
<content type='text'>
Per-net sysctl table needs to be explicitly freed at
net exit.  Otherwise we see the following with kmemleak:

unreferenced object 0xffff880402d08000 (size 2048):
  comm "chrome_sandbox", pid 18437, jiffies 4310887172 (age 9097.630s)
  hex dump (first 32 bytes):
    b2 68 89 81 ff ff ff ff 20 04 04 f8 01 88 ff ff  .h...... .......
    04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [&lt;ffffffff815b4aad&gt;] kmemleak_alloc+0x21/0x3e
    [&lt;ffffffff81110352&gt;] slab_post_alloc_hook+0x28/0x2a
    [&lt;ffffffff81113fad&gt;] __kmalloc_track_caller+0xf1/0x104
    [&lt;ffffffff810f10c2&gt;] kmemdup+0x1b/0x30
    [&lt;ffffffff81571e9f&gt;] sctp_sysctl_net_register+0x1f/0x72
    [&lt;ffffffff8155d305&gt;] sctp_net_init+0x100/0x39f
    [&lt;ffffffff814ad53c&gt;] ops_init+0xc6/0xf5
    [&lt;ffffffff814ad5b7&gt;] setup_net+0x4c/0xd0
    [&lt;ffffffff814ada5e&gt;] copy_net_ns+0x6d/0xd6
    [&lt;ffffffff810938b1&gt;] create_new_namespaces+0xd7/0x147
    [&lt;ffffffff810939f4&gt;] copy_namespaces+0x63/0x99
    [&lt;ffffffff81076733&gt;] copy_process+0xa65/0x1233
    [&lt;ffffffff81077030&gt;] do_fork+0x10b/0x271
    [&lt;ffffffff8100a0e9&gt;] sys_clone+0x23/0x25
    [&lt;ffffffff815dda73&gt;] stub_clone+0x13/0x20
    [&lt;ffffffffffffffff&gt;] 0xffffffffffffffff

I fixed the spelling of sysctl_header so the code actually
compiles. -- EWB.

Reported-by: Martin Mokrejs &lt;mmokrejs@fold.natur.cuni.cz&gt;
Signed-off-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Per-net sysctl table needs to be explicitly freed at
net exit.  Otherwise we see the following with kmemleak:

unreferenced object 0xffff880402d08000 (size 2048):
  comm "chrome_sandbox", pid 18437, jiffies 4310887172 (age 9097.630s)
  hex dump (first 32 bytes):
    b2 68 89 81 ff ff ff ff 20 04 04 f8 01 88 ff ff  .h...... .......
    04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [&lt;ffffffff815b4aad&gt;] kmemleak_alloc+0x21/0x3e
    [&lt;ffffffff81110352&gt;] slab_post_alloc_hook+0x28/0x2a
    [&lt;ffffffff81113fad&gt;] __kmalloc_track_caller+0xf1/0x104
    [&lt;ffffffff810f10c2&gt;] kmemdup+0x1b/0x30
    [&lt;ffffffff81571e9f&gt;] sctp_sysctl_net_register+0x1f/0x72
    [&lt;ffffffff8155d305&gt;] sctp_net_init+0x100/0x39f
    [&lt;ffffffff814ad53c&gt;] ops_init+0xc6/0xf5
    [&lt;ffffffff814ad5b7&gt;] setup_net+0x4c/0xd0
    [&lt;ffffffff814ada5e&gt;] copy_net_ns+0x6d/0xd6
    [&lt;ffffffff810938b1&gt;] create_new_namespaces+0xd7/0x147
    [&lt;ffffffff810939f4&gt;] copy_namespaces+0x63/0x99
    [&lt;ffffffff81076733&gt;] copy_process+0xa65/0x1233
    [&lt;ffffffff81077030&gt;] do_fork+0x10b/0x271
    [&lt;ffffffff8100a0e9&gt;] sys_clone+0x23/0x25
    [&lt;ffffffff815dda73&gt;] stub_clone+0x13/0x20
    [&lt;ffffffffffffffff&gt;] 0xffffffffffffffff

I fixed the spelling of sysctl_header so the code actually
compiles. -- EWB.

Reported-by: Martin Mokrejs &lt;mmokrejs@fold.natur.cuni.cz&gt;
Signed-off-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>sctp: Make hmac algorithm selection for cookie generation dynamic</title>
<updated>2012-10-26T06:22:18+00:00</updated>
<author>
<name>Neil Horman</name>
<email>nhorman@tuxdriver.com</email>
</author>
<published>2012-10-24T09:20:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3c68198e75111a905ac2412be12bf7b29099729b'/>
<id>3c68198e75111a905ac2412be12bf7b29099729b</id>
<content type='text'>
Currently sctp allows for the optional use of md5 of sha1 hmac algorithms to
generate cookie values when establishing new connections via two build time
config options.  Theres no real reason to make this a static selection.  We can
add a sysctl that allows for the dynamic selection of these algorithms at run
time, with the default value determined by the corresponding crypto library
availability.
This comes in handy when, for example running a system in FIPS mode, where use
of md5 is disallowed, but SHA1 is permitted.

Note: This new sysctl has no corresponding socket option to select the cookie
hmac algorithm.  I chose not to implement that intentionally, as RFC 6458
contains no option for this value, and I opted not to pollute the socket option
namespace.

Change notes:
v2)
	* Updated subject to have the proper sctp prefix as per Dave M.
	* Replaced deafult selection options with new options that allow
	  developers to explicitly select available hmac algs at build time
	  as per suggestion by Vlad Y.

Signed-off-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
CC: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
CC: "David S. Miller" &lt;davem@davemloft.net&gt;
CC: netdev@vger.kernel.org
Acked-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Currently sctp allows for the optional use of md5 of sha1 hmac algorithms to
generate cookie values when establishing new connections via two build time
config options.  Theres no real reason to make this a static selection.  We can
add a sysctl that allows for the dynamic selection of these algorithms at run
time, with the default value determined by the corresponding crypto library
availability.
This comes in handy when, for example running a system in FIPS mode, where use
of md5 is disallowed, but SHA1 is permitted.

Note: This new sysctl has no corresponding socket option to select the cookie
hmac algorithm.  I chose not to implement that intentionally, as RFC 6458
contains no option for this value, and I opted not to pollute the socket option
namespace.

Change notes:
v2)
	* Updated subject to have the proper sctp prefix as per Dave M.
	* Replaced deafult selection options with new options that allow
	  developers to explicitly select available hmac algs at build time
	  as per suggestion by Vlad Y.

Signed-off-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
CC: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
CC: "David S. Miller" &lt;davem@davemloft.net&gt;
CC: netdev@vger.kernel.org
Acked-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>sctp: Make sysctl tunables per net</title>
<updated>2012-08-15T06:32:16+00:00</updated>
<author>
<name>Eric W. Biederman</name>
<email>ebiederm@xmission.com</email>
</author>
<published>2012-08-07T07:29:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e1fc3b14f9a90d9591016749289f2c3d7b35fbf4'/>
<id>e1fc3b14f9a90d9591016749289f2c3d7b35fbf4</id>
<content type='text'>
Signed-off-by: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>sctp: Add infrastructure for per net sysctls</title>
<updated>2012-08-15T06:30:37+00:00</updated>
<author>
<name>Eric W. Biederman</name>
<email>ebiederm@xmission.com</email>
</author>
<published>2012-08-07T07:23:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ebb7e95d9351f77a8ec1fca20eb645051401b7b2'/>
<id>ebb7e95d9351f77a8ec1fca20eb645051401b7b2</id>
<content type='text'>
Start with an empty sctp_net_table that will be populated as the various
tunable sysctls are made per net.

Signed-off-by: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Acked-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Start with an empty sctp_net_table that will be populated as the various
tunable sysctls are made per net.

Signed-off-by: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Acked-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>sctp: Implement quick failover draft from tsvwg</title>
<updated>2012-07-22T19:13:46+00:00</updated>
<author>
<name>Neil Horman</name>
<email>nhorman@tuxdriver.com</email>
</author>
<published>2012-07-21T07:56:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5aa93bcf66f4af094d6f11096e81d5501a0b4ba5'/>
<id>5aa93bcf66f4af094d6f11096e81d5501a0b4ba5</id>
<content type='text'>
I've seen several attempts recently made to do quick failover of sctp transports
by reducing various retransmit timers and counters.  While its possible to
implement a faster failover on multihomed sctp associations, its not
particularly robust, in that it can lead to unneeded retransmits, as well as
false connection failures due to intermittent latency on a network.

Instead, lets implement the new ietf quick failover draft found here:
http://tools.ietf.org/html/draft-nishida-tsvwg-sctp-failover-05

This will let the sctp stack identify transports that have had a small number of
errors, and avoid using them quickly until their reliability can be
re-established.  I've tested this out on two virt guests connected via multiple
isolated virt networks and believe its in compliance with the above draft and
works well.

Signed-off-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
CC: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
CC: Sridhar Samudrala &lt;sri@us.ibm.com&gt;
CC: "David S. Miller" &lt;davem@davemloft.net&gt;
CC: linux-sctp@vger.kernel.org
CC: joe@perches.com
Acked-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
I've seen several attempts recently made to do quick failover of sctp transports
by reducing various retransmit timers and counters.  While its possible to
implement a faster failover on multihomed sctp associations, its not
particularly robust, in that it can lead to unneeded retransmits, as well as
false connection failures due to intermittent latency on a network.

Instead, lets implement the new ietf quick failover draft found here:
http://tools.ietf.org/html/draft-nishida-tsvwg-sctp-failover-05

This will let the sctp stack identify transports that have had a small number of
errors, and avoid using them quickly until their reliability can be
re-established.  I've tested this out on two virt guests connected via multiple
isolated virt networks and believe its in compliance with the above draft and
works well.

Signed-off-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
CC: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
CC: Sridhar Samudrala &lt;sri@us.ibm.com&gt;
CC: "David S. Miller" &lt;davem@davemloft.net&gt;
CC: linux-sctp@vger.kernel.org
CC: joe@perches.com
Acked-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: Convert all sysctl registrations to register_net_sysctl</title>
<updated>2012-04-21T01:22:30+00:00</updated>
<author>
<name>Eric W. Biederman</name>
<email>ebiederm@xmission.com</email>
</author>
<published>2012-04-19T13:44:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ec8f23ce0f4005b74013d4d122e0d540397a93c9'/>
<id>ec8f23ce0f4005b74013d4d122e0d540397a93c9</id>
<content type='text'>
This results in code with less boiler plate that is a bit easier
to read.

Additionally stops us from using compatibility code in the sysctl
core, hastening the day when the compatibility code can be removed.

Signed-off-by: Eric W. Biederman &lt;ebiederm@xmission.com&gt;
Acked-by: Pavel Emelyanov &lt;xemul@parallels.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This results in code with less boiler plate that is a bit easier
to read.

Additionally stops us from using compatibility code in the sysctl
core, hastening the day when the compatibility code can be removed.

Signed-off-by: Eric W. Biederman &lt;ebiederm@xmission.com&gt;
Acked-by: Pavel Emelyanov &lt;xemul@parallels.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: Move all of the network sysctls without a namespace into init_net.</title>
<updated>2012-04-21T01:21:17+00:00</updated>
<author>
<name>Eric W. Biederman</name>
<email>ebiederm@xmission.com</email>
</author>
<published>2012-04-19T13:24:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5dd3df105b9f6cb7dd2472b59e028d0d1c878ecb'/>
<id>5dd3df105b9f6cb7dd2472b59e028d0d1c878ecb</id>
<content type='text'>
This makes it clearer which sysctls are relative to your current network
namespace.

This makes it a little less error prone by not exposing sysctls for the
initial network namespace in other namespaces.

This is the same way we handle all of our other network interfaces to
userspace and I can't honestly remember why we didn't do this for
sysctls right from the start.

Signed-off-by: Eric W. Biederman &lt;ebiederm@xmission.com&gt;
Acked-by: Pavel Emelyanov &lt;xemul@parallels.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This makes it clearer which sysctls are relative to your current network
namespace.

This makes it a little less error prone by not exposing sysctls for the
initial network namespace in other namespaces.

This is the same way we handle all of our other network interfaces to
userspace and I can't honestly remember why we didn't do this for
sysctls right from the start.

Signed-off-by: Eric W. Biederman &lt;ebiederm@xmission.com&gt;
Acked-by: Pavel Emelyanov &lt;xemul@parallels.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>sctp: fix incorrect overflow check on autoclose</title>
<updated>2011-12-19T21:25:46+00:00</updated>
<author>
<name>Xi Wang</name>
<email>xi.wang@gmail.com</email>
</author>
<published>2011-12-16T12:44:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2692ba61a82203404abd7dd2a027bda962861f74'/>
<id>2692ba61a82203404abd7dd2a027bda962861f74</id>
<content type='text'>
Commit 8ffd3208 voids the previous patches f6778aab and 810c0719 for
limiting the autoclose value.  If userspace passes in -1 on 32-bit
platform, the overflow check didn't work and autoclose would be set
to 0xffffffff.

This patch defines a max_autoclose (in seconds) for limiting the value
and exposes it through sysctl, with the following intentions.

1) Avoid overflowing autoclose * HZ.

2) Keep the default autoclose bound consistent across 32- and 64-bit
   platforms (INT_MAX / HZ in this patch).

3) Keep the autoclose value consistent between setsockopt() and
   getsockopt() calls.

Suggested-by: Vlad Yasevich &lt;vladislav.yasevich@hp.com&gt;
Signed-off-by: Xi Wang &lt;xi.wang@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Commit 8ffd3208 voids the previous patches f6778aab and 810c0719 for
limiting the autoclose value.  If userspace passes in -1 on 32-bit
platform, the overflow check didn't work and autoclose would be set
to 0xffffffff.

This patch defines a max_autoclose (in seconds) for limiting the value
and exposes it through sysctl, with the following intentions.

1) Avoid overflowing autoclose * HZ.

2) Keep the default autoclose bound consistent across 32- and 64-bit
   platforms (INT_MAX / HZ in this patch).

3) Keep the autoclose value consistent between setsockopt() and
   getsockopt() calls.

Suggested-by: Vlad Yasevich &lt;vladislav.yasevich@hp.com&gt;
Signed-off-by: Xi Wang &lt;xi.wang@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
</feed>
