1. 05 Sep, 2012 12 commits
    • Eric Dumazet's avatar
      net: qdisc busylock needs lockdep annotations · 23d3b8bf
      Eric Dumazet authored
      
      
      It seems we need to provide ability for stacked devices
      to use specific lock_class_key for sch->busylock
      
      We could instead default l2tpeth tx_queue_len to 0 (no qdisc), but
      a user might use a qdisc anyway.
      
      (So same fixes are probably needed on non LLTX stacked drivers)
      
      Noticed while stressing L2TPV3 setup :
      
      ======================================================
       [ INFO: possible circular locking dependency detected ]
       3.6.0-rc3+ #788 Not tainted
       -------------------------------------------------------
       netperf/4660 is trying to acquire lock:
        (l2tpsock){+.-...}, at: [<ffffffffa0208db2>] l2tp_xmit_skb+0x172/0xa50 [l2tp_core]
      
       but task is already holding lock:
        (&(&sch->busylock)->rlock){+.-...}, at: [<ffffffff81596595>] dev_queue_xmit+0xd75/0xe00
      
       which lock already depends on the new lock.
      
       the existing dependency chain (in reverse order) is:
      
       -> #1 (&(&sch->busylock)->rlock){+.-...}:
              [<ffffffff810a5df0>] lock_acquire+0x90/0x200
              [<ffffffff817499fc>] _raw_spin_lock_irqsave+0x4c/0x60
              [<ffffffff81074872>] __wake_up+0x32/0x70
              [<ffffffff8136d39e>] tty_wakeup+0x3e/0x80
              [<ffffffff81378fb3>] pty_write+0x73/0x80
              [<ffffffff8136cb4c>] tty_put_char+0x3c/0x40
              [<ffffffff813722b2>] process_echoes+0x142/0x330
              [<ffffffff813742ab>] n_tty_receive_buf+0x8fb/0x1230
              [<ffffffff813777b2>] flush_to_ldisc+0x142/0x1c0
              [<ffffffff81062818>] process_one_work+0x198/0x760
              [<ffffffff81063236>] worker_thread+0x186/0x4b0
              [<ffffffff810694d3>] kthread+0x93/0xa0
              [<ffffffff81753e24>] kernel_thread_helper+0x4/0x10
      
       -> #0 (l2tpsock){+.-...}:
              [<ffffffff810a5288>] __lock_acquire+0x1628/0x1b10
              [<ffffffff810a5df0>] lock_acquire+0x90/0x200
              [<ffffffff817498c1>] _raw_spin_lock+0x41/0x50
              [<ffffffffa0208db2>] l2tp_xmit_skb+0x172/0xa50 [l2tp_core]
              [<ffffffffa021a802>] l2tp_eth_dev_xmit+0x32/0x60 [l2tp_eth]
              [<ffffffff815952b2>] dev_hard_start_xmit+0x502/0xa70
              [<ffffffff815b63ce>] sch_direct_xmit+0xfe/0x290
              [<ffffffff81595a05>] dev_queue_xmit+0x1e5/0xe00
              [<ffffffff815d9d60>] ip_finish_output+0x3d0/0x890
              [<ffffffff815db019>] ip_output+0x59/0xf0
              [<ffffffff815da36d>] ip_local_out+0x2d/0xa0
              [<ffffffff815da5a3>] ip_queue_xmit+0x1c3/0x680
              [<ffffffff815f4192>] tcp_transmit_skb+0x402/0xa60
              [<ffffffff815f4a94>] tcp_write_xmit+0x1f4/0xa30
              [<ffffffff815f5300>] tcp_push_one+0x30/0x40
              [<ffffffff815e6672>] tcp_sendmsg+0xe82/0x1040
              [<ffffffff81614495>] inet_sendmsg+0x125/0x230
              [<ffffffff81576cdc>] sock_sendmsg+0xdc/0xf0
              [<ffffffff81579ece>] sys_sendto+0xfe/0x130
              [<ffffffff81752c92>] system_call_fastpath+0x16/0x1b
        Possible unsafe locking scenario:
      
              CPU0                    CPU1
              ----                    ----
         lock(&(&sch->busylock)->rlock);
                                      lock(l2tpsock);
                                      lock(&(&sch->busylock)->rlock);
         lock(l2tpsock);
      
        *** DEADLOCK ***
      
       5 locks held by netperf/4660:
        #0:  (sk_lock-AF_INET){+.+.+.}, at: [<ffffffff815e581c>] tcp_sendmsg+0x2c/0x1040
        #1:  (rcu_read_lock){.+.+..}, at: [<ffffffff815da3e0>] ip_queue_xmit+0x0/0x680
        #2:  (rcu_read_lock_bh){.+....}, at: [<ffffffff815d9ac5>] ip_finish_output+0x135/0x890
        #3:  (rcu_read_lock_bh){.+....}, at: [<ffffffff81595820>] dev_queue_xmit+0x0/0xe00
        #4:  (&(&sch->busylock)->rlock){+.-...}, at: [<ffffffff81596595>] dev_queue_xmit+0xd75/0xe00
      
       stack backtrace:
       Pid: 4660, comm: netperf Not tainted 3.6.0-rc3+ #788
       Call Trace:
        [<ffffffff8173dbf8>] print_circular_bug+0x1fb/0x20c
        [<ffffffff810a5288>] __lock_acquire+0x1628/0x1b10
        [<ffffffff810a334b>] ? check_usage+0x9b/0x4d0
        [<ffffffff810a3f44>] ? __lock_acquire+0x2e4/0x1b10
        [<ffffffff810a5df0>] lock_acquire+0x90/0x200
        [<ffffffffa0208db2>] ? l2tp_xmit_skb+0x172/0xa50 [l2tp_core]
        [<ffffffff817498c1>] _raw_spin_lock+0x41/0x50
        [<ffffffffa0208db2>] ? l2tp_xmit_skb+0x172/0xa50 [l2tp_core]
        [<ffffffffa0208db2>] l2tp_xmit_skb+0x172/0xa50 [l2tp_core]
        [<ffffffffa021a802>] l2tp_eth_dev_xmit+0x32/0x60 [l2tp_eth]
        [<ffffffff815952b2>] dev_hard_start_xmit+0x502/0xa70
        [<ffffffff81594e0e>] ? dev_hard_start_xmit+0x5e/0xa70
        [<ffffffff81595961>] ? dev_queue_xmit+0x141/0xe00
        [<ffffffff815b63ce>] sch_direct_xmit+0xfe/0x290
        [<ffffffff81595a05>] dev_queue_xmit+0x1e5/0xe00
        [<ffffffff81595820>] ? dev_hard_start_xmit+0xa70/0xa70
        [<ffffffff815d9d60>] ip_finish_output+0x3d0/0x890
        [<ffffffff815d9ac5>] ? ip_finish_output+0x135/0x890
        [<ffffffff815db019>] ip_output+0x59/0xf0
        [<ffffffff815da36d>] ip_local_out+0x2d/0xa0
        [<ffffffff815da5a3>] ip_queue_xmit+0x1c3/0x680
        [<ffffffff815da3e0>] ? ip_local_out+0xa0/0xa0
        [<ffffffff815f4192>] tcp_transmit_skb+0x402/0xa60
        [<ffffffff815fa25e>] ? tcp_md5_do_lookup+0x18e/0x1a0
        [<ffffffff815f4a94>] tcp_write_xmit+0x1f4/0xa30
        [<ffffffff815f5300>] tcp_push_one+0x30/0x40
        [<ffffffff815e6672>] tcp_sendmsg+0xe82/0x1040
        [<ffffffff81614495>] inet_sendmsg+0x125/0x230
        [<ffffffff81614370>] ? inet_create+0x6b0/0x6b0
        [<ffffffff8157e6e2>] ? sock_update_classid+0xc2/0x3b0
        [<ffffffff8157e750>] ? sock_update_classid+0x130/0x3b0
        [<ffffffff81576cdc>] sock_sendmsg+0xdc/0xf0
        [<ffffffff81162579>] ? fget_light+0x3f9/0x4f0
        [<ffffffff81579ece>] sys_sendto+0xfe/0x130
        [<ffffffff810a69ad>] ? trace_hardirqs_on+0xd/0x10
        [<ffffffff8174a0b0>] ? _raw_spin_unlock_irq+0x30/0x50
        [<ffffffff810757e3>] ? finish_task_switch+0x83/0xf0
        [<ffffffff810757a6>] ? finish_task_switch+0x46/0xf0
        [<ffffffff81752cb7>] ? sysret_check+0x1b/0x56
        [<ffffffff81752c92>] system_call_fastpath+0x16/0x1b
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      23d3b8bf
    • Wei Yongjun's avatar
      bnx2x: use list_move_tail instead of list_del/list_add_tail · 7933aa5c
      Wei Yongjun authored
      Using list_move_tail() instead of list_del() + list_add_tail().
      
      spatch with a semantic match is used to found this problem.
      (http://coccinelle.lip6.fr/
      
      )
      Signed-off-by: default avatarWei Yongjun <yongjun_wei@trendmicro.com.cn>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7933aa5c
    • Stephen Rothwell's avatar
      netfilter: ipv6: using csum_ipv6_magic requires net/ip6_checksum.h · 2c969322
      Stephen Rothwell authored
      
      
      Fixes this build error:
      
      net/ipv6/netfilter/nf_nat_l3proto_ipv6.c: In function 'nf_nat_ipv6_csum_recalc':
      net/ipv6/netfilter/nf_nat_l3proto_ipv6.c:144:4: error: implicit declaration of function 'csum_ipv6_magic' [-Werror=implicit-function-declaration]
      Signed-off-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2c969322
    • Vipul Pandya's avatar
      cxgb4: Remove duplicate register definitions · 840f3000
      Vipul Pandya authored
      
      
      Removed duplicate definition for SGE_PF_KDOORBELL, SGE_INT_ENABLE3,
      PCIE_MEM_ACCESS_OFFSET registers.
      Moved the register field definitions around the register definition.
      Signed-off-by: default avatarSantosh Rastapur <santosh@chelsio.com>
      Signed-off-by: default avatarVipul Pandya <vipul@chelsio.com>
      Reviewed-by: default avatarSivakumar Subramani <sivasu@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      840f3000
    • Vipul Pandya's avatar
      RDMA/cxgb4: Update RDMA/cxgb4 due to macro definition removal in cxgb4 driver · e5619c12
      Vipul Pandya authored
      
      
      cxgb4 driver has duplicate definitions of registers which will be removed. This
      patch updates the RDMA/cxgb4 driver accordingly.
      Signed-off-by: default avatarSantosh Rastapur <santosh@chelsio.com>
      Signed-off-by: default avatarVipul Pandya <vipul@chelsio.com>
      Reviewed-by: default avatarSivakumar Subramani <sivasu@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e5619c12
    • Nikolay Aleksandrov's avatar
      net: add unknown state to sysfs NIC duplex export · c6c13965
      Nikolay Aleksandrov authored
      
      
      Currently when the NIC duplex state is DUPLEX_UNKNOWN it is exported as
      full through sysfs, this patch adds support for DUPLEX_UNKNOWN. It is
      handled the same way as in ethtool.
      Signed-off-by: default avatarNikolay Aleksandrov <naleksan@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c6c13965
    • Oliver Neukum's avatar
      Revert "usbnet: drop unneeded check for NULL" · f6fe569f
      Oliver Neukum authored
      
      
      This reverts commit 5d65878d7031b6c39054b282faceff406bb2fda9.
      The upper layers call usbnet_start_xmit() with a valid skb.
      However cdc_ncm abuses this method by calling it with NULL
      to trigger IO for the aggregated private skb holding erlier
      packets. Until cdc_ncm is fixed, the check for NULL must
      be reintroduced.
      Signed-off-by: default avatarOliver Neukum <oneukum@suse.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f6fe569f
    • Julian Anastasov's avatar
      tcp: add generic netlink support for tcp_metrics · d23ff701
      Julian Anastasov authored
      
      
      Add support for genl "tcp_metrics". No locking
      is changed, only that now we can unlink and delete
      entries after grace period. We implement get/del for
      single entry and dump to support show/flush filtering
      in user space. Del without address attribute causes
      flush for all addresses, sadly under genl_mutex.
      
      v2:
      - remove rcu_assign_pointer as suggested by Eric Dumazet,
      it is not needed because there are no other writes under lock
      - move the flushing code in tcp_metrics_flush_all
      
      v3:
      - remove synchronize_rcu on flush as suggested by Eric Dumazet
      Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d23ff701
    • Eliezer Tamir's avatar
      ixgbe: remove old init remnant · ab868256
      Eliezer Tamir authored
      
      
      Remove a for loop that does nothing in ixgbe_probe().
      This is a remnant from when we had IO bars (compare to the ixgb code).
      Signed-off-by: default avatarEliezer Tamir <eliezer.tamir@linux.intel.com>
      Tested-by: default avatarPhil Schmitt <phillip.j.schmitt@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      ab868256
    • Akeem G. Abodunrin's avatar
      igb: Supported and Advertised Pause Frame · 42f3c43b
      Akeem G. Abodunrin authored
      
      
      This patch add ethtool supports for Supported and Advertised Pause Frame,
      based on Adapter Flow Control settings.
      Signed-off-by: default avatarAkeem G. Abodunrin <akeem.g.abodunrin@intel.com>
      Tested-by: default avatarJeff Pieper <jeffrey.e.pieper@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      42f3c43b
    • Eric Dumazet's avatar
      igb: reduce Rx header size · 9936a7bb
      Eric Dumazet authored
      
      
      Reduce skb truesize by 256 bytes.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Alexander Duyck <alexander.h.duyck@intel.com>
      Tested-by: default avatarAaron Brown <aaron.f.brown@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      9936a7bb
    • Carolyn Wyborny's avatar
      igb: Add loopback test support for i210 · 8aa23f0d
      Carolyn Wyborny authored
      
      
      Early release of i210 devices had the loopback test of the ethtool
      self-test disabled. This patch enables the loopback test for i210 devices.
      Signed-off-by: default avatarCarolyn Wyborny <carolyn.wyborny@intel.com>
      Tested-by: default avatarJeff Pieper <jeffrey.e.pieper@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      8aa23f0d
  2. 04 Sep, 2012 8 commits
  3. 03 Sep, 2012 14 commits
    • Yuchung Cheng's avatar
      tcp: use PRR to reduce cwin in CWR state · 684bad11
      Yuchung Cheng authored
      
      
      Use proportional rate reduction (PRR) algorithm to reduce cwnd in CWR state,
      in addition to Recovery state. Retire the current rate-halving in CWR.
      When losses are detected via ACKs in CWR state, the sender enters Recovery
      state but the cwnd reduction continues and does not restart.
      
      Rename and refactor cwnd reduction functions since both CWR and Recovery
      use the same algorithm:
      tcp_init_cwnd_reduction() is new and initiates reduction state variables.
      tcp_cwnd_reduction() is previously tcp_update_cwnd_in_recovery().
      tcp_ends_cwnd_reduction() is previously  tcp_complete_cwr().
      
      The rate halving functions and logic such as tcp_cwnd_down(), tcp_min_cwnd(),
      and the cwnd moderation inside tcp_enter_cwr() are removed. The unused
      parameter, flag, in tcp_cwnd_reduction() is also removed.
      Signed-off-by: default avatarYuchung Cheng <ycheng@google.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      684bad11
    • Yuchung Cheng's avatar
      tcp: move tcp_update_cwnd_in_recovery · fb4d3d1d
      Yuchung Cheng authored
      
      
      To prepare replacing rate halving with PRR algorithm in CWR state.
      Signed-off-by: default avatarYuchung Cheng <ycheng@google.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fb4d3d1d
    • Yuchung Cheng's avatar
      tcp: move tcp_enter_cwr() · 09484d1f
      Yuchung Cheng authored
      
      
      To prepare replacing rate halving with PRR algorithm in CWR state.
      Signed-off-by: default avatarYuchung Cheng <ycheng@google.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      09484d1f
    • Bjørn Mork's avatar
      net: sierra_net: rx_urb_size is constant · 5aee0728
      Bjørn Mork authored
      
      
      The rx_urb_size is set to the same value for every device
      supported by this driver.  No need to keep a per-device
      data structure to do that. Replacing with a macro constant.
      
      This was the last device specific info, and removing it
      allows us to delete the sierra_net_info_data struct.
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5aee0728
    • Bjørn Mork's avatar
      9625e5fa
    • Bjørn Mork's avatar
      net: cx82310_eth: use common match macro · 11ad714b
      Bjørn Mork authored
      
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      11ad714b
    • Pablo Neira Ayuso's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next · ace1fe12
      Pablo Neira Ayuso authored
      This merges (3f509c68 netfilter: nf_nat_sip: fix incorrect handling
      of EBUSY for RTCP expectation) to Patrick McHardy's IPv6 NAT changes.
      ace1fe12
    • Jan Beulich's avatar
      netfilter: properly annotate ipv4_netfilter_{init,fini}() · ce9f3f31
      Jan Beulich authored
      
      
      Despite being just a few bytes of code, they should still have proper
      annotations.
      Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      ce9f3f31
    • Michael Wang's avatar
      netfilter: pass 'nf_hook_ops' instead of 'list_head' to nf_queue() · 1c15b677
      Michael Wang authored
      
      
      Since 'list_for_each_continue_rcu' has already been replaced by
      'list_for_each_entry_continue_rcu', pass 'list_head' to nf_queue() as a
      parameter can not benefit us any more.
      
      This patch will replace 'list_head' with 'nf_hook_ops' as the parameter of
      nf_queue() and __nf_queue() to save code.
      Signed-off-by: default avatarMichael Wang <wangyun@linux.vnet.ibm.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      1c15b677
    • Michael Wang's avatar
      netfilter: pass 'nf_hook_ops' instead of 'list_head' to nf_iterate() · 2a6decfd
      Michael Wang authored
      
      
      Since 'list_for_each_continue_rcu' has already been replaced by
      'list_for_each_entry_continue_rcu', pass 'list_head' to nf_iterate() as a
      parameter can not benefit us any more.
      
      This patch will replace 'list_head' with 'nf_hook_ops' as the parameter of
      nf_iterate() to save code.
      Signed-off-by: default avatarMichael Wang <wangyun@linux.vnet.ibm.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      2a6decfd
    • Cong Wang's avatar
      netfilter: remove xt_NOTRACK · 96550501
      Cong Wang authored
      
      
      It was scheduled to be removed for a long time.
      
      Cc: Pablo Neira Ayuso <pablo@netfilter.org>
      Cc: Patrick McHardy <kaber@trash.net>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: netfilter@vger.kernel.org
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      96550501
    • Pablo Neira Ayuso's avatar
      netfilter: nf_conntrack: add nf_ct_timeout_lookup · 84b5ee93
      Pablo Neira Ayuso authored
      
      
      This patch adds the new nf_ct_timeout_lookup function to encapsulate
      the timeout policy attachment that is called in the nf_conntrack_in
      path.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      84b5ee93
    • Pablo Neira Ayuso's avatar
      netfilter: xt_CT: refactorize xt_ct_tg_check · 236df005
      Pablo Neira Ayuso authored
      
      
      This patch adds xt_ct_set_helper and xt_ct_set_timeout to reduce
      the size of xt_ct_tg_check.
      
      This aims to improve code mantainability by splitting xt_ct_tg_check
      in smaller chunks.
      
      Suggested by Eric Dumazet.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      236df005
    • Pablo Neira Ayuso's avatar
      netfilter: xt_socket: fix compilation warnings with gcc 4.7 · 6703aa74
      Pablo Neira Ayuso authored
      
      
      This patch fixes compilation warnings in xt_socket with gcc-4.7.
      
      In file included from net/netfilter/xt_socket.c:22:0:
      net/netfilter/xt_socket.c: In function ‘socket_mt6_v1’:
      include/net/netfilter/nf_tproxy_core.h:175:23: warning: ‘sport’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/xt_socket.c:265:16: note: ‘sport’ was declared here
      In file included from net/netfilter/xt_socket.c:22:0:
      include/net/netfilter/nf_tproxy_core.h:175:23: warning: ‘dport’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/xt_socket.c:265:9: note: ‘dport’ was declared here
      In file included from net/netfilter/xt_socket.c:22:0:
      include/net/netfilter/nf_tproxy_core.h:175:6: warning: ‘saddr’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/xt_socket.c:264:27: note: ‘saddr’ was declared here
      In file included from net/netfilter/xt_socket.c:22:0:
      include/net/netfilter/nf_tproxy_core.h:175:6: warning: ‘daddr’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/xt_socket.c:264:19: note: ‘daddr’ was declared here
      In file included from net/netfilter/xt_socket.c:22:0:
      net/netfilter/xt_socket.c: In function ‘socket_match.isra.4’:
      include/net/netfilter/nf_tproxy_core.h:75:2: warning: ‘protocol’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/xt_socket.c:113:5: note: ‘protocol’ was declared here
      In file included from include/net/tcp.h:37:0,
                       from net/netfilter/xt_socket.c:17:
      include/net/inet_hashtables.h:356:45: warning: ‘sport’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/xt_socket.c:112:16: note: ‘sport’ was declared here
      In file included from net/netfilter/xt_socket.c:22:0:
      include/net/netfilter/nf_tproxy_core.h:106:23: warning: ‘dport’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/xt_socket.c:112:9: note: ‘dport’ was declared here
      In file included from include/net/tcp.h:37:0,
                       from net/netfilter/xt_socket.c:17:
      include/net/inet_hashtables.h:356:15: warning: ‘saddr’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/xt_socket.c:111:16: note: ‘saddr’ was declared here
      In file included from include/net/tcp.h:37:0,
                       from net/netfilter/xt_socket.c:17:
      include/net/inet_hashtables.h:356:15: warning: ‘daddr’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/xt_socket.c:111:9: note: ‘daddr’ was declared here
      In file included from net/netfilter/xt_socket.c:22:0:
      net/netfilter/xt_socket.c: In function ‘socket_mt6_v1’:
      include/net/netfilter/nf_tproxy_core.h:175:23: warning: ‘sport’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/xt_socket.c:268:16: note: ‘sport’ was declared here
      In file included from net/netfilter/xt_socket.c:22:0:
      include/net/netfilter/nf_tproxy_core.h:175:23: warning: ‘dport’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/xt_socket.c:268:9: note: ‘dport’ was declared here
      In file included from net/netfilter/xt_socket.c:22:0:
      include/net/netfilter/nf_tproxy_core.h:175:6: warning: ‘saddr’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/xt_socket.c:267:27: note: ‘saddr’ was declared here
      In file included from net/netfilter/xt_socket.c:22:0:
      include/net/netfilter/nf_tproxy_core.h:175:6: warning: ‘daddr’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/xt_socket.c:267:19: note: ‘daddr’ was declared here
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      6703aa74
  4. 02 Sep, 2012 2 commits
  5. 01 Sep, 2012 4 commits
    • David S. Miller's avatar
      Merge branch 'tcp_fastopen_server' · 1bed966c
      David S. Miller authored
      Jerry Chu says:
      
      ====================
      This patch series provides the server (passive open) side code
      for TCP Fast Open. Together with the earlier client side patches
      it completes the TCP Fast Open implementation.
      
      The server side Fast Open code accepts data carried in the SYN
      packet with a valid Fast Open cookie, and passes it to the
      application right away, allowing application to send back response
      data, all before TCP's 3-way handshake finishes.
      
      A simple cookie scheme together with capping the number of
      outstanding TFO requests (still in TCP_SYN_RECV state) to a limit
      per listener forms the main line of defense against spoofed SYN
      attacks.
      
      For more details about TCP Fast Open see our IETF internet draft
      at http://www.ietf.org/id/draft-ietf-tcpm-fastopen-01.txt
      and a research paper at
      http://conferences.sigcomm.org/co-next/2011/papers/1569470463.pdf
      
      
      
      A prototype implementation was first developed by Sivasankar
      Radhakrishnan (sivasankar@cs.ucsd.edu).
      
      A patch based on an older version of Linux kernel has been
      undergoing internal tests at Google for the past few months.
      
      Jerry Chu (3):
        tcp: TCP Fast Open Server - header & support functions
        tcp: TCP Fast Open Server - support TFO listeners
        tcp: TCP Fast Open Server - main code path
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1bed966c
    • Jerry Chu's avatar
      tcp: TCP Fast Open Server - main code path · 168a8f58
      Jerry Chu authored
      
      
      This patch adds the main processing path to complete the TFO server
      patches.
      
      A TFO request (i.e., SYN+data packet with a TFO cookie option) first
      gets processed in tcp_v4_conn_request(). If it passes the various TFO
      checks by tcp_fastopen_check(), a child socket will be created right
      away to be accepted by applications, rather than waiting for the 3WHS
      to finish.
      
      In additon to the use of TFO cookie, a simple max_qlen based scheme
      is put in place to fend off spoofed TFO attack.
      
      When a valid ACK comes back to tcp_rcv_state_process(), it will cause
      the state of the child socket to switch from either TCP_SYN_RECV to
      TCP_ESTABLISHED, or TCP_FIN_WAIT1 to TCP_FIN_WAIT2. At this time
      retransmission will resume for any unack'ed (data, FIN,...) segments.
      Signed-off-by: default avatarH.K. Jerry Chu <hkchu@google.com>
      Cc: Yuchung Cheng <ycheng@google.com>
      Cc: Neal Cardwell <ncardwell@google.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Tom Herbert <therbert@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      168a8f58
    • Jerry Chu's avatar
      tcp: TCP Fast Open Server - support TFO listeners · 8336886f
      Jerry Chu authored
      
      
      This patch builds on top of the previous patch to add the support
      for TFO listeners. This includes -
      
      1. allocating, properly initializing, and managing the per listener
      fastopen_queue structure when TFO is enabled
      
      2. changes to the inet_csk_accept code to support TFO. E.g., the
      request_sock can no longer be freed upon accept(), not until 3WHS
      finishes
      
      3. allowing a TCP_SYN_RECV socket to properly poll() and sendmsg()
      if it's a TFO socket
      
      4. properly closing a TFO listener, and a TFO socket before 3WHS
      finishes
      
      5. supporting TCP_FASTOPEN socket option
      
      6. modifying tcp_check_req() to use to check a TFO socket as well
      as request_sock
      
      7. supporting TCP's TFO cookie option
      
      8. adding a new SYN-ACK retransmit handler to use the timer directly
      off the TFO socket rather than the listener socket. Note that TFO
      server side will not retransmit anything other than SYN-ACK until
      the 3WHS is completed.
      
      The patch also contains an important function
      "reqsk_fastopen_remove()" to manage the somewhat complex relation
      between a listener, its request_sock, and the corresponding child
      socket. See the comment above the function for the detail.
      Signed-off-by: default avatarH.K. Jerry Chu <hkchu@google.com>
      Cc: Yuchung Cheng <ycheng@google.com>
      Cc: Neal Cardwell <ncardwell@google.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Tom Herbert <therbert@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8336886f
    • Jerry Chu's avatar
      tcp: TCP Fast Open Server - header & support functions · 10467163
      Jerry Chu authored
      
      
      This patch adds all the necessary data structure and support
      functions to implement TFO server side. It also documents a number
      of flags for the sysctl_tcp_fastopen knob, and adds a few Linux
      extension MIBs.
      
      In addition, it includes the following:
      
      1. a new TCP_FASTOPEN socket option an application must call to
      supply a max backlog allowed in order to enable TFO on its listener.
      
      2. A number of key data structures:
      "fastopen_rsk" in tcp_sock - for a big socket to access its
      request_sock for retransmission and ack processing purpose. It is
      non-NULL iff 3WHS not completed.
      
      "fastopenq" in request_sock_queue - points to a per Fast Open
      listener data structure "fastopen_queue" to keep track of qlen (# of
      outstanding Fast Open requests) and max_qlen, among other things.
      
      "listener" in tcp_request_sock - to point to the original listener
      for book-keeping purpose, i.e., to maintain qlen against max_qlen
      as part of defense against IP spoofing attack.
      
      3. various data structure and functions, many in tcp_fastopen.c, to
      support server side Fast Open cookie operations, including
      /proc/sys/net/ipv4/tcp_fastopen_key to allow manual rekeying.
      Signed-off-by: default avatarH.K. Jerry Chu <hkchu@google.com>
      Cc: Yuchung Cheng <ycheng@google.com>
      Cc: Neal Cardwell <ncardwell@google.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Tom Herbert <therbert@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      10467163