mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-11 15:49:56 +00:00
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (353 commits) [IPV6] ADDRCONF: Mobile IPv6 Home Address support. [IPV6] ADDRCONF: Allow non-DAD'able addresses. [IPV6] NDISC: Fix is_router flag setting. [IPV6] ADDRCONF: Convert addrconf_lock to RCU. [IPV6] NDISC: Add proxy_ndp sysctl. [IPV6] NDISC: Set per-entry is_router flag in Proxy NA. [IPV6] NDISC: Avoid updating neighbor cache for proxied address in receiving NA. [IPV6]: Don't forward packets to proxied link-local address. [IPV6] NDISC: Handle NDP messages to proxied addresses. [NETFILTER]: PPTP conntrack: fix another GRE keymap leak [NETFILTER]: PPTP conntrack: fix GRE keymap leak [NETFILTER]: PPTP conntrack: fix PPTP_IN_CALL message types [NETFILTER]: PPTP conntrack: check call ID before changing state [NETFILTER]: PPTP conntrack: clean up debugging cruft [NETFILTER]: PPTP conntrack: consolidate header parsing [NETFILTER]: PPTP conntrack: consolidate header size checks [NETFILTER]: PPTP conntrack: simplify expectation handling [NETFILTER]: PPTP conntrack: remove unnecessary cid/pcid header pointers [NETFILTER]: PPTP conntrack: fix header definitions [NETFILTER]: PPTP conntrack: remove more dead code ...
This commit is contained in:
commit
a4c12d6c5d
7
CREDITS
7
CREDITS
@ -2384,6 +2384,13 @@ N: Thomas Molina
|
||||
E: tmolina@cablespeed.com
|
||||
D: bug fixes, documentation, minor hackery
|
||||
|
||||
N: Paul Moore
|
||||
E: paul.moore@hp.com
|
||||
D: NetLabel author
|
||||
S: Hewlett-Packard
|
||||
S: 110 Spit Brook Road
|
||||
S: Nashua, NH 03062
|
||||
|
||||
N: James Morris
|
||||
E: jmorris@namei.org
|
||||
W: http://namei.org/
|
||||
|
@ -184,6 +184,8 @@ mtrr.txt
|
||||
- how to use PPro Memory Type Range Registers to increase performance.
|
||||
nbd.txt
|
||||
- info on a TCP implementation of a network block device.
|
||||
netlabel/
|
||||
- directory with information on the NetLabel subsystem.
|
||||
networking/
|
||||
- directory with info on various aspects of networking with Linux.
|
||||
nfsroot.txt
|
||||
|
10
Documentation/netlabel/00-INDEX
Normal file
10
Documentation/netlabel/00-INDEX
Normal file
@ -0,0 +1,10 @@
|
||||
00-INDEX
|
||||
- this file.
|
||||
cipso_ipv4.txt
|
||||
- documentation on the IPv4 CIPSO protocol engine.
|
||||
draft-ietf-cipso-ipsecurity-01.txt
|
||||
- IETF draft of the CIPSO protocol, dated 16 July 1992.
|
||||
introduction.txt
|
||||
- NetLabel introduction, READ THIS FIRST.
|
||||
lsm_interface.txt
|
||||
- documentation on the NetLabel kernel security module API.
|
48
Documentation/netlabel/cipso_ipv4.txt
Normal file
48
Documentation/netlabel/cipso_ipv4.txt
Normal file
@ -0,0 +1,48 @@
|
||||
NetLabel CIPSO/IPv4 Protocol Engine
|
||||
==============================================================================
|
||||
Paul Moore, paul.moore@hp.com
|
||||
|
||||
May 17, 2006
|
||||
|
||||
* Overview
|
||||
|
||||
The NetLabel CIPSO/IPv4 protocol engine is based on the IETF Commercial IP
|
||||
Security Option (CIPSO) draft from July 16, 1992. A copy of this draft can be
|
||||
found in this directory, consult '00-INDEX' for the filename. While the IETF
|
||||
draft never made it to an RFC standard it has become a de-facto standard for
|
||||
labeled networking and is used in many trusted operating systems.
|
||||
|
||||
* Outbound Packet Processing
|
||||
|
||||
The CIPSO/IPv4 protocol engine applies the CIPSO IP option to packets by
|
||||
adding the CIPSO label to the socket. This causes all packets leaving the
|
||||
system through the socket to have the CIPSO IP option applied. The socket's
|
||||
CIPSO label can be changed at any point in time, however, it is recommended
|
||||
that it is set upon the socket's creation. The LSM can set the socket's CIPSO
|
||||
label by using the NetLabel security module API; if the NetLabel "domain" is
|
||||
configured to use CIPSO for packet labeling then a CIPSO IP option will be
|
||||
generated and attached to the socket.
|
||||
|
||||
* Inbound Packet Processing
|
||||
|
||||
The CIPSO/IPv4 protocol engine validates every CIPSO IP option it finds at the
|
||||
IP layer without any special handling required by the LSM. However, in order
|
||||
to decode and translate the CIPSO label on the packet the LSM must use the
|
||||
NetLabel security module API to extract the security attributes of the packet.
|
||||
This is typically done at the socket layer using the 'socket_sock_rcv_skb()'
|
||||
LSM hook.
|
||||
|
||||
* Label Translation
|
||||
|
||||
The CIPSO/IPv4 protocol engine contains a mechanism to translate CIPSO security
|
||||
attributes such as sensitivity level and category to values which are
|
||||
appropriate for the host. These mappings are defined as part of a CIPSO
|
||||
Domain Of Interpretation (DOI) definition and are configured through the
|
||||
NetLabel user space communication layer. Each DOI definition can have a
|
||||
different security attribute mapping table.
|
||||
|
||||
* Label Translation Cache
|
||||
|
||||
The NetLabel system provides a framework for caching security attribute
|
||||
mappings from the network labels to the corresponding LSM identifiers. The
|
||||
CIPSO/IPv4 protocol engine supports this caching mechanism.
|
791
Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt
Normal file
791
Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt
Normal file
@ -0,0 +1,791 @@
|
||||
IETF CIPSO Working Group
|
||||
16 July, 1992
|
||||
|
||||
|
||||
|
||||
COMMERCIAL IP SECURITY OPTION (CIPSO 2.2)
|
||||
|
||||
|
||||
|
||||
1. Status
|
||||
|
||||
This Internet Draft provides the high level specification for a Commercial
|
||||
IP Security Option (CIPSO). This draft reflects the version as approved by
|
||||
the CIPSO IETF Working Group. Distribution of this memo is unlimited.
|
||||
|
||||
This document is an Internet Draft. Internet Drafts are working documents
|
||||
of the Internet Engineering Task Force (IETF), its Areas, and its Working
|
||||
Groups. Note that other groups may also distribute working documents as
|
||||
Internet Drafts.
|
||||
|
||||
Internet Drafts are draft documents valid for a maximum of six months.
|
||||
Internet Drafts may be updated, replaced, or obsoleted by other documents
|
||||
at any time. It is not appropriate to use Internet Drafts as reference
|
||||
material or to cite them other than as a "working draft" or "work in
|
||||
progress."
|
||||
|
||||
Please check the I-D abstract listing contained in each Internet Draft
|
||||
directory to learn the current status of this or any other Internet Draft.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Background
|
||||
|
||||
Currently the Internet Protocol includes two security options. One of
|
||||
these options is the DoD Basic Security Option (BSO) (Type 130) which allows
|
||||
IP datagrams to be labeled with security classifications. This option
|
||||
provides sixteen security classifications and a variable number of handling
|
||||
restrictions. To handle additional security information, such as security
|
||||
categories or compartments, another security option (Type 133) exists and
|
||||
is referred to as the DoD Extended Security Option (ESO). The values for
|
||||
the fixed fields within these two options are administered by the Defense
|
||||
Information Systems Agency (DISA).
|
||||
|
||||
Computer vendors are now building commercial operating systems with
|
||||
mandatory access controls and multi-level security. These systems are
|
||||
no longer built specifically for a particular group in the defense or
|
||||
intelligence communities. They are generally available commercial systems
|
||||
for use in a variety of government and civil sector environments.
|
||||
|
||||
The small number of ESO format codes can not support all the possible
|
||||
applications of a commercial security option. The BSO and ESO were
|
||||
designed to only support the United States DoD. CIPSO has been designed
|
||||
to support multiple security policies. This Internet Draft provides the
|
||||
format and procedures required to support a Mandatory Access Control
|
||||
security policy. Support for additional security policies shall be
|
||||
defined in future RFCs.
|
||||
|
||||
|
||||
|
||||
|
||||
Internet Draft, Expires 15 Jan 93 [PAGE 1]
|
||||
|
||||
|
||||
|
||||
CIPSO INTERNET DRAFT 16 July, 1992
|
||||
|
||||
|
||||
|
||||
|
||||
3. CIPSO Format
|
||||
|
||||
Option type: 134 (Class 0, Number 6, Copy on Fragmentation)
|
||||
Option length: Variable
|
||||
|
||||
This option permits security related information to be passed between
|
||||
systems within a single Domain of Interpretation (DOI). A DOI is a
|
||||
collection of systems which agree on the meaning of particular values
|
||||
in the security option. An authority that has been assigned a DOI
|
||||
identifier will define a mapping between appropriate CIPSO field values
|
||||
and their human readable equivalent. This authority will distribute that
|
||||
mapping to hosts within the authority's domain. These mappings may be
|
||||
sensitive, therefore a DOI authority is not required to make these
|
||||
mappings available to anyone other than the systems that are included in
|
||||
the DOI.
|
||||
|
||||
This option MUST be copied on fragmentation. This option appears at most
|
||||
once in a datagram. All multi-octet fields in the option are defined to be
|
||||
transmitted in network byte order. The format of this option is as follows:
|
||||
|
||||
+----------+----------+------//------+-----------//---------+
|
||||
| 10000110 | LLLLLLLL | DDDDDDDDDDDD | TTTTTTTTTTTTTTTTTTTT |
|
||||
+----------+----------+------//------+-----------//---------+
|
||||
|
||||
TYPE=134 OPTION DOMAIN OF TAGS
|
||||
LENGTH INTERPRETATION
|
||||
|
||||
|
||||
Figure 1. CIPSO Format
|
||||
|
||||
|
||||
3.1 Type
|
||||
|
||||
This field is 1 octet in length. Its value is 134.
|
||||
|
||||
|
||||
3.2 Length
|
||||
|
||||
This field is 1 octet in length. It is the total length of the option
|
||||
including the type and length fields. With the current IP header length
|
||||
restriction of 40 octets the value of this field MUST not exceed 40.
|
||||
|
||||
|
||||
3.3 Domain of Interpretation Identifier
|
||||
|
||||
This field is an unsigned 32 bit integer. The value 0 is reserved and MUST
|
||||
not appear as the DOI identifier in any CIPSO option. Implementations
|
||||
should assume that the DOI identifier field is not aligned on any particular
|
||||
byte boundary.
|
||||
|
||||
To conserve space in the protocol, security levels and categories are
|
||||
represented by numbers rather than their ASCII equivalent. This requires
|
||||
a mapping table within CIPSO hosts to map these numbers to their
|
||||
corresponding ASCII representations. Non-related groups of systems may
|
||||
|
||||
|
||||
|
||||
Internet Draft, Expires 15 Jan 93 [PAGE 2]
|
||||
|
||||
|
||||
|
||||
CIPSO INTERNET DRAFT 16 July, 1992
|
||||
|
||||
|
||||
|
||||
have their own unique mappings. For example, one group of systems may
|
||||
use the number 5 to represent Unclassified while another group may use the
|
||||
number 1 to represent that same security level. The DOI identifier is used
|
||||
to identify which mapping was used for the values within the option.
|
||||
|
||||
|
||||
3.4 Tag Types
|
||||
|
||||
A common format for passing security related information is necessary
|
||||
for interoperability. CIPSO uses sets of "tags" to contain the security
|
||||
information relevant to the data in the IP packet. Each tag begins with
|
||||
a tag type identifier followed by the length of the tag and ends with the
|
||||
actual security information to be passed. All multi-octet fields in a tag
|
||||
are defined to be transmitted in network byte order. Like the DOI
|
||||
identifier field in the CIPSO header, implementations should assume that
|
||||
all tags, as well as fields within a tag, are not aligned on any particular
|
||||
octet boundary. The tag types defined in this document contain alignment
|
||||
bytes to assist alignment of some information, however alignment can not
|
||||
be guaranteed if CIPSO is not the first IP option.
|
||||
|
||||
CIPSO tag types 0 through 127 are reserved for defining standard tag
|
||||
formats. Their definitions will be published in RFCs. Tag types whose
|
||||
identifiers are greater than 127 are defined by the DOI authority and may
|
||||
only be meaningful in certain Domains of Interpretation. For these tag
|
||||
types, implementations will require the DOI identifier as well as the tag
|
||||
number to determine the security policy and the format associated with the
|
||||
tag. Use of tag types above 127 are restricted to closed networks where
|
||||
interoperability with other networks will not be an issue. Implementations
|
||||
that support a tag type greater than 127 MUST support at least one DOI that
|
||||
requires only tag types 1 to 127.
|
||||
|
||||
Tag type 0 is reserved. Tag types 1, 2, and 5 are defined in this
|
||||
Internet Draft. Types 3 and 4 are reserved for work in progress.
|
||||
The standard format for all current and future CIPSO tags is shown below:
|
||||
|
||||
+----------+----------+--------//--------+
|
||||
| TTTTTTTT | LLLLLLLL | IIIIIIIIIIIIIIII |
|
||||
+----------+----------+--------//--------+
|
||||
TAG TAG TAG
|
||||
TYPE LENGTH INFORMATION
|
||||
|
||||
Figure 2: Standard Tag Format
|
||||
|
||||
In the three tag types described in this document, the length and count
|
||||
restrictions are based on the current IP limitation of 40 octets for all
|
||||
IP options. If the IP header is later expanded, then the length and count
|
||||
restrictions specified in this document may increase to use the full area
|
||||
provided for IP options.
|
||||
|
||||
|
||||
3.4.1 Tag Type Classes
|
||||
|
||||
Tag classes consist of tag types that have common processing requirements
|
||||
and support the same security policy. The three tags defined in this
|
||||
Internet Draft belong to the Mandatory Access Control (MAC) Sensitivity
|
||||
|
||||
|
||||
|
||||
Internet Draft, Expires 15 Jan 93 [PAGE 3]
|
||||
|
||||
|
||||
|
||||
CIPSO INTERNET DRAFT 16 July, 1992
|
||||
|
||||
|
||||
|
||||
class and support the MAC Sensitivity security policy.
|
||||
|
||||
|
||||
3.4.2 Tag Type 1
|
||||
|
||||
This is referred to as the "bit-mapped" tag type. Tag type 1 is included
|
||||
in the MAC Sensitivity tag type class. The format of this tag type is as
|
||||
follows:
|
||||
|
||||
+----------+----------+----------+----------+--------//---------+
|
||||
| 00000001 | LLLLLLLL | 00000000 | LLLLLLLL | CCCCCCCCCCCCCCCCC |
|
||||
+----------+----------+----------+----------+--------//---------+
|
||||
|
||||
TAG TAG ALIGNMENT SENSITIVITY BIT MAP OF
|
||||
TYPE LENGTH OCTET LEVEL CATEGORIES
|
||||
|
||||
Figure 3. Tag Type 1 Format
|
||||
|
||||
|
||||
3.4.2.1 Tag Type
|
||||
|
||||
This field is 1 octet in length and has a value of 1.
|
||||
|
||||
|
||||
3.4.2.2 Tag Length
|
||||
|
||||
This field is 1 octet in length. It is the total length of the tag type
|
||||
including the type and length fields. With the current IP header length
|
||||
restriction of 40 bytes the value within this field is between 4 and 34.
|
||||
|
||||
|
||||
3.4.2.3 Alignment Octet
|
||||
|
||||
This field is 1 octet in length and always has the value of 0. Its purpose
|
||||
is to align the category bitmap field on an even octet boundary. This will
|
||||
speed many implementations including router implementations.
|
||||
|
||||
|
||||
3.4.2.4 Sensitivity Level
|
||||
|
||||
This field is 1 octet in length. Its value is from 0 to 255. The values
|
||||
are ordered with 0 being the minimum value and 255 representing the maximum
|
||||
value.
|
||||
|
||||
|
||||
3.4.2.5 Bit Map of Categories
|
||||
|
||||
The length of this field is variable and ranges from 0 to 30 octets. This
|
||||
provides representation of categories 0 to 239. The ordering of the bits
|
||||
is left to right or MSB to LSB. For example category 0 is represented by
|
||||
the most significant bit of the first byte and category 15 is represented
|
||||
by the least significant bit of the second byte. Figure 4 graphically
|
||||
shows this ordering. Bit N is binary 1 if category N is part of the label
|
||||
for the datagram, and bit N is binary 0 if category N is not part of the
|
||||
label. Except for the optimized tag 1 format described in the next section,
|
||||
|
||||
|
||||
|
||||
Internet Draft, Expires 15 Jan 93 [PAGE 4]
|
||||
|
||||
|
||||
|
||||
CIPSO INTERNET DRAFT 16 July, 1992
|
||||
|
||||
|
||||
|
||||
minimal encoding SHOULD be used resulting in no trailing zero octets in the
|
||||
category bitmap.
|
||||
|
||||
octet 0 octet 1 octet 2 octet 3 octet 4 octet 5
|
||||
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX . . .
|
||||
bit 01234567 89111111 11112222 22222233 33333333 44444444
|
||||
number 012345 67890123 45678901 23456789 01234567
|
||||
|
||||
Figure 4. Ordering of Bits in Tag 1 Bit Map
|
||||
|
||||
|
||||
3.4.2.6 Optimized Tag 1 Format
|
||||
|
||||
Routers work most efficiently when processing fixed length fields. To
|
||||
support these routers there is an optimized form of tag type 1. The format
|
||||
does not change. The only change is to the category bitmap which is set to
|
||||
a constant length of 10 octets. Trailing octets required to fill out the 10
|
||||
octets are zero filled. Ten octets, allowing for 80 categories, was chosen
|
||||
because it makes the total length of the CIPSO option 20 octets. If CIPSO
|
||||
is the only option then the option will be full word aligned and additional
|
||||
filler octets will not be required.
|
||||
|
||||
|
||||
3.4.3 Tag Type 2
|
||||
|
||||
This is referred to as the "enumerated" tag type. It is used to describe
|
||||
large but sparsely populated sets of categories. Tag type 2 is in the MAC
|
||||
Sensitivity tag type class. The format of this tag type is as follows:
|
||||
|
||||
+----------+----------+----------+----------+-------------//-------------+
|
||||
| 00000010 | LLLLLLLL | 00000000 | LLLLLLLL | CCCCCCCCCCCCCCCCCCCCCCCCCC |
|
||||
+----------+----------+----------+----------+-------------//-------------+
|
||||
|
||||
TAG TAG ALIGNMENT SENSITIVITY ENUMERATED
|
||||
TYPE LENGTH OCTET LEVEL CATEGORIES
|
||||
|
||||
Figure 5. Tag Type 2 Format
|
||||
|
||||
|
||||
3.4.3.1 Tag Type
|
||||
|
||||
This field is one octet in length and has a value of 2.
|
||||
|
||||
|
||||
3.4.3.2 Tag Length
|
||||
|
||||
This field is 1 octet in length. It is the total length of the tag type
|
||||
including the type and length fields. With the current IP header length
|
||||
restriction of 40 bytes the value within this field is between 4 and 34.
|
||||
|
||||
|
||||
3.4.3.3 Alignment Octet
|
||||
|
||||
This field is 1 octet in length and always has the value of 0. Its purpose
|
||||
is to align the category field on an even octet boundary. This will
|
||||
|
||||
|
||||
|
||||
Internet Draft, Expires 15 Jan 93 [PAGE 5]
|
||||
|
||||
|
||||
|
||||
CIPSO INTERNET DRAFT 16 July, 1992
|
||||
|
||||
|
||||
|
||||
speed many implementations including router implementations.
|
||||
|
||||
|
||||
3.4.3.4 Sensitivity Level
|
||||
|
||||
This field is 1 octet in length. Its value is from 0 to 255. The values
|
||||
are ordered with 0 being the minimum value and 255 representing the
|
||||
maximum value.
|
||||
|
||||
|
||||
3.4.3.5 Enumerated Categories
|
||||
|
||||
In this tag, categories are represented by their actual value rather than
|
||||
by their position within a bit field. The length of each category is 2
|
||||
octets. Up to 15 categories may be represented by this tag. Valid values
|
||||
for categories are 0 to 65534. Category 65535 is not a valid category
|
||||
value. The categories MUST be listed in ascending order within the tag.
|
||||
|
||||
|
||||
3.4.4 Tag Type 5
|
||||
|
||||
This is referred to as the "range" tag type. It is used to represent
|
||||
labels where all categories in a range, or set of ranges, are included
|
||||
in the sensitivity label. Tag type 5 is in the MAC Sensitivity tag type
|
||||
class. The format of this tag type is as follows:
|
||||
|
||||
+----------+----------+----------+----------+------------//-------------+
|
||||
| 00000101 | LLLLLLLL | 00000000 | LLLLLLLL | Top/Bottom | Top/Bottom |
|
||||
+----------+----------+----------+----------+------------//-------------+
|
||||
|
||||
TAG TAG ALIGNMENT SENSITIVITY CATEGORY RANGES
|
||||
TYPE LENGTH OCTET LEVEL
|
||||
|
||||
Figure 6. Tag Type 5 Format
|
||||
|
||||
|
||||
3.4.4.1 Tag Type
|
||||
|
||||
This field is one octet in length and has a value of 5.
|
||||
|
||||
|
||||
3.4.4.2 Tag Length
|
||||
|
||||
This field is 1 octet in length. It is the total length of the tag type
|
||||
including the type and length fields. With the current IP header length
|
||||
restriction of 40 bytes the value within this field is between 4 and 34.
|
||||
|
||||
|
||||
3.4.4.3 Alignment Octet
|
||||
|
||||
This field is 1 octet in length and always has the value of 0. Its purpose
|
||||
is to align the category range field on an even octet boundary. This will
|
||||
speed many implementations including router implementations.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Internet Draft, Expires 15 Jan 93 [PAGE 6]
|
||||
|
||||
|
||||
|
||||
CIPSO INTERNET DRAFT 16 July, 1992
|
||||
|
||||
|
||||
|
||||
3.4.4.4 Sensitivity Level
|
||||
|
||||
This field is 1 octet in length. Its value is from 0 to 255. The values
|
||||
are ordered with 0 being the minimum value and 255 representing the maximum
|
||||
value.
|
||||
|
||||
|
||||
3.4.4.5 Category Ranges
|
||||
|
||||
A category range is a 4 octet field comprised of the 2 octet index of the
|
||||
highest numbered category followed by the 2 octet index of the lowest
|
||||
numbered category. These range endpoints are inclusive within the range of
|
||||
categories. All categories within a range are included in the sensitivity
|
||||
label. This tag may contain a maximum of 7 category pairs. The bottom
|
||||
category endpoint for the last pair in the tag MAY be omitted and SHOULD be
|
||||
assumed to be 0. The ranges MUST be non-overlapping and be listed in
|
||||
descending order. Valid values for categories are 0 to 65534. Category
|
||||
65535 is not a valid category value.
|
||||
|
||||
|
||||
3.4.5 Minimum Requirements
|
||||
|
||||
A CIPSO implementation MUST be capable of generating at least tag type 1 in
|
||||
the non-optimized form. In addition, a CIPSO implementation MUST be able
|
||||
to receive any valid tag type 1 even those using the optimized tag type 1
|
||||
format.
|
||||
|
||||
|
||||
4. Configuration Parameters
|
||||
|
||||
The configuration parameters defined below are required for all CIPSO hosts,
|
||||
gateways, and routers that support multiple sensitivity labels. A CIPSO
|
||||
host is defined to be the origination or destination system for an IP
|
||||
datagram. A CIPSO gateway provides IP routing services between two or more
|
||||
IP networks and may be required to perform label translations between
|
||||
networks. A CIPSO gateway may be an enhanced CIPSO host or it may just
|
||||
provide gateway services with no end system CIPSO capabilities. A CIPSO
|
||||
router is a dedicated IP router that routes IP datagrams between two or more
|
||||
IP networks.
|
||||
|
||||
An implementation of CIPSO on a host MUST have the capability to reject a
|
||||
datagram for reasons that the information contained can not be adequately
|
||||
protected by the receiving host or if acceptance may result in violation of
|
||||
the host or network security policy. In addition, a CIPSO gateway or router
|
||||
MUST be able to reject datagrams going to networks that can not provide
|
||||
adequate protection or may violate the network's security policy. To
|
||||
provide this capability the following minimal set of configuration
|
||||
parameters are required for CIPSO implementations:
|
||||
|
||||
HOST_LABEL_MAX - This parameter contains the maximum sensitivity label that
|
||||
a CIPSO host is authorized to handle. All datagrams that have a label
|
||||
greater than this maximum MUST be rejected by the CIPSO host. This
|
||||
parameter does not apply to CIPSO gateways or routers. This parameter need
|
||||
not be defined explicitly as it can be implicitly derived from the
|
||||
PORT_LABEL_MAX parameters for the associated interfaces.
|
||||
|
||||
|
||||
|
||||
Internet Draft, Expires 15 Jan 93 [PAGE 7]
|
||||
|
||||
|
||||
|
||||
CIPSO INTERNET DRAFT 16 July, 1992
|
||||
|
||||
|
||||
|
||||
|
||||
HOST_LABEL_MIN - This parameter contains the minimum sensitivity label that
|
||||
a CIPSO host is authorized to handle. All datagrams that have a label less
|
||||
than this minimum MUST be rejected by the CIPSO host. This parameter does
|
||||
not apply to CIPSO gateways or routers. This parameter need not be defined
|
||||
explicitly as it can be implicitly derived from the PORT_LABEL_MIN
|
||||
parameters for the associated interfaces.
|
||||
|
||||
PORT_LABEL_MAX - This parameter contains the maximum sensitivity label for
|
||||
all datagrams that may exit a particular network interface port. All
|
||||
outgoing datagrams that have a label greater than this maximum MUST be
|
||||
rejected by the CIPSO system. The label within this parameter MUST be
|
||||
less than or equal to the label within the HOST_LABEL_MAX parameter. This
|
||||
parameter does not apply to CIPSO hosts that support only one network port.
|
||||
|
||||
PORT_LABEL_MIN - This parameter contains the minimum sensitivity label for
|
||||
all datagrams that may exit a particular network interface port. All
|
||||
outgoing datagrams that have a label less than this minimum MUST be
|
||||
rejected by the CIPSO system. The label within this parameter MUST be
|
||||
greater than or equal to the label within the HOST_LABEL_MIN parameter.
|
||||
This parameter does not apply to CIPSO hosts that support only one network
|
||||
port.
|
||||
|
||||
PORT_DOI - This parameter is used to assign a DOI identifier value to a
|
||||
particular network interface port. All CIPSO labels within datagrams
|
||||
going out this port MUST use the specified DOI identifier. All CIPSO
|
||||
hosts and gateways MUST support either this parameter, the NET_DOI
|
||||
parameter, or the HOST_DOI parameter.
|
||||
|
||||
NET_DOI - This parameter is used to assign a DOI identifier value to a
|
||||
particular IP network address. All CIPSO labels within datagrams destined
|
||||
for the particular IP network MUST use the specified DOI identifier. All
|
||||
CIPSO hosts and gateways MUST support either this parameter, the PORT_DOI
|
||||
parameter, or the HOST_DOI parameter.
|
||||
|
||||
HOST_DOI - This parameter is used to assign a DOI identifier value to a
|
||||
particular IP host address. All CIPSO labels within datagrams destined for
|
||||
the particular IP host will use the specified DOI identifier. All CIPSO
|
||||
hosts and gateways MUST support either this parameter, the PORT_DOI
|
||||
parameter, or the NET_DOI parameter.
|
||||
|
||||
This list represents the minimal set of configuration parameters required
|
||||
to be compliant. Implementors are encouraged to add to this list to
|
||||
provide enhanced functionality and control. For example, many security
|
||||
policies may require both incoming and outgoing datagrams be checked against
|
||||
the port and host label ranges.
|
||||
|
||||
|
||||
4.1 Port Range Parameters
|
||||
|
||||
The labels represented by the PORT_LABEL_MAX and PORT_LABEL_MIN parameters
|
||||
MAY be in CIPSO or local format. Some CIPSO systems, such as routers, may
|
||||
want to have the range parameters expressed in CIPSO format so that incoming
|
||||
labels do not have to be converted to a local format before being compared
|
||||
against the range. If multiple DOIs are supported by one of these CIPSO
|
||||
|
||||
|
||||
|
||||
Internet Draft, Expires 15 Jan 93 [PAGE 8]
|
||||
|
||||
|
||||
|
||||
CIPSO INTERNET DRAFT 16 July, 1992
|
||||
|
||||
|
||||
|
||||
systems then multiple port range parameters would be needed, one set for
|
||||
each DOI supported on a particular port.
|
||||
|
||||
The port range will usually represent the total set of labels that may
|
||||
exist on the logical network accessed through the corresponding network
|
||||
interface. It may, however, represent a subset of these labels that are
|
||||
allowed to enter the CIPSO system.
|
||||
|
||||
|
||||
4.2 Single Label CIPSO Hosts
|
||||
|
||||
CIPSO implementations that support only one label are not required to
|
||||
support the parameters described above. These limited implementations are
|
||||
only required to support a NET_LABEL parameter. This parameter contains
|
||||
the CIPSO label that may be inserted in datagrams that exit the host. In
|
||||
addition, the host MUST reject any incoming datagram that has a label which
|
||||
is not equivalent to the NET_LABEL parameter.
|
||||
|
||||
|
||||
5. Handling Procedures
|
||||
|
||||
This section describes the processing requirements for incoming and
|
||||
outgoing IP datagrams. Just providing the correct CIPSO label format
|
||||
is not enough. Assumptions will be made by one system on how a
|
||||
receiving system will handle the CIPSO label. Wrong assumptions may
|
||||
lead to non-interoperability or even a security incident. The
|
||||
requirements described below represent the minimal set needed for
|
||||
interoperability and that provide users some level of confidence.
|
||||
Many other requirements could be added to increase user confidence,
|
||||
however at the risk of restricting creativity and limiting vendor
|
||||
participation.
|
||||
|
||||
|
||||
5.1 Input Procedures
|
||||
|
||||
All datagrams received through a network port MUST have a security label
|
||||
associated with them, either contained in the datagram or assigned to the
|
||||
receiving port. Without this label the host, gateway, or router will not
|
||||
have the information it needs to make security decisions. This security
|
||||
label will be obtained from the CIPSO if the option is present in the
|
||||
datagram. See section 4.1.2 for handling procedures for unlabeled
|
||||
datagrams. This label will be compared against the PORT (if appropriate)
|
||||
and HOST configuration parameters defined in section 3.
|
||||
|
||||
If any field within the CIPSO option, such as the DOI identifier, is not
|
||||
recognized the IP datagram is discarded and an ICMP "parameter problem"
|
||||
(type 12) is generated and returned. The ICMP code field is set to "bad
|
||||
parameter" (code 0) and the pointer is set to the start of the CIPSO field
|
||||
that is unrecognized.
|
||||
|
||||
If the contents of the CIPSO are valid but the security label is
|
||||
outside of the configured host or port label range, the datagram is
|
||||
discarded and an ICMP "destination unreachable" (type 3) is generated
|
||||
and returned. The code field of the ICMP is set to "communication with
|
||||
destination network administratively prohibited" (code 9) or to
|
||||
|
||||
|
||||
|
||||
Internet Draft, Expires 15 Jan 93 [PAGE 9]
|
||||
|
||||
|
||||
|
||||
CIPSO INTERNET DRAFT 16 July, 1992
|
||||
|
||||
|
||||
|
||||
"communication with destination host administratively prohibited"
|
||||
(code 10). The value of the code field used is dependent upon whether
|
||||
the originator of the ICMP message is acting as a CIPSO host or a CIPSO
|
||||
gateway. The recipient of the ICMP message MUST be able to handle either
|
||||
value. The same procedure is performed if a CIPSO can not be added to an
|
||||
IP packet because it is too large to fit in the IP options area.
|
||||
|
||||
If the error is triggered by receipt of an ICMP message, the message
|
||||
is discarded and no response is permitted (consistent with general ICMP
|
||||
processing rules).
|
||||
|
||||
|
||||
5.1.1 Unrecognized tag types
|
||||
|
||||
The default condition for any CIPSO implementation is that an
|
||||
unrecognized tag type MUST be treated as a "parameter problem" and
|
||||
handled as described in section 4.1. A CIPSO implementation MAY allow
|
||||
the system administrator to identify tag types that may safely be
|
||||
ignored. This capability is an allowable enhancement, not a
|
||||
requirement.
|
||||
|
||||
|
||||
5.1.2 Unlabeled Packets
|
||||
|
||||
A network port may be configured to not require a CIPSO label for all
|
||||
incoming datagrams. For this configuration a CIPSO label must be
|
||||
assigned to that network port and associated with all unlabeled IP
|
||||
datagrams. This capability might be used for single level networks or
|
||||
networks that have CIPSO and non-CIPSO hosts and the non-CIPSO hosts
|
||||
all operate at the same label.
|
||||
|
||||
If a CIPSO option is required and none is found, the datagram is
|
||||
discarded and an ICMP "parameter problem" (type 12) is generated and
|
||||
returned to the originator of the datagram. The code field of the ICMP
|
||||
is set to "option missing" (code 1) and the ICMP pointer is set to 134
|
||||
(the value of the option type for the missing CIPSO option).
|
||||
|
||||
|
||||
5.2 Output Procedures
|
||||
|
||||
A CIPSO option MUST appear only once in a datagram. Only one tag type
|
||||
from the MAC Sensitivity class MAY be included in a CIPSO option. Given
|
||||
the current set of defined tag types, this means that CIPSO labels at
|
||||
first will contain only one tag.
|
||||
|
||||
All datagrams leaving a CIPSO system MUST meet the following condition:
|
||||
|
||||
PORT_LABEL_MIN <= CIPSO label <= PORT_LABEL_MAX
|
||||
|
||||
If this condition is not satisfied the datagram MUST be discarded.
|
||||
If the CIPSO system only supports one port, the HOST_LABEL_MIN and the
|
||||
HOST_LABEL_MAX parameters MAY be substituted for the PORT parameters in
|
||||
the above condition.
|
||||
|
||||
The DOI identifier to be used for all outgoing datagrams is configured by
|
||||
|
||||
|
||||
|
||||
Internet Draft, Expires 15 Jan 93 [PAGE 10]
|
||||
|
||||
|
||||
|
||||
CIPSO INTERNET DRAFT 16 July, 1992
|
||||
|
||||
|
||||
|
||||
the administrator. If port level DOI identifier assignment is used, then
|
||||
the PORT_DOI configuration parameter MUST contain the DOI identifier to
|
||||
use. If network level DOI assignment is used, then the NET_DOI parameter
|
||||
MUST contain the DOI identifier to use. And if host level DOI assignment
|
||||
is employed, then the HOST_DOI parameter MUST contain the DOI identifier
|
||||
to use. A CIPSO implementation need only support one level of DOI
|
||||
assignment.
|
||||
|
||||
|
||||
5.3 DOI Processing Requirements
|
||||
|
||||
A CIPSO implementation MUST support at least one DOI and SHOULD support
|
||||
multiple DOIs. System and network administrators are cautioned to
|
||||
ensure that at least one DOI is common within an IP network to allow for
|
||||
broadcasting of IP datagrams.
|
||||
|
||||
CIPSO gateways MUST be capable of translating a CIPSO option from one
|
||||
DOI to another when forwarding datagrams between networks. For
|
||||
efficiency purposes this capability is only a desired feature for CIPSO
|
||||
routers.
|
||||
|
||||
|
||||
5.4 Label of ICMP Messages
|
||||
|
||||
The CIPSO label to be used on all outgoing ICMP messages MUST be equivalent
|
||||
to the label of the datagram that caused the ICMP message. If the ICMP was
|
||||
generated due to a problem associated with the original CIPSO label then the
|
||||
following responses are allowed:
|
||||
|
||||
a. Use the CIPSO label of the original IP datagram
|
||||
b. Drop the original datagram with no return message generated
|
||||
|
||||
In most cases these options will have the same effect. If you can not
|
||||
interpret the label or if it is outside the label range of your host or
|
||||
interface then an ICMP message with the same label will probably not be
|
||||
able to exit the system.
|
||||
|
||||
|
||||
6. Assignment of DOI Identifier Numbers =
|
||||
|
||||
Requests for assignment of a DOI identifier number should be addressed to
|
||||
the Internet Assigned Numbers Authority (IANA).
|
||||
|
||||
|
||||
7. Acknowledgements
|
||||
|
||||
Much of the material in this RFC is based on (and copied from) work
|
||||
done by Gary Winiger of Sun Microsystems and published as Commercial
|
||||
IP Security Option at the INTEROP 89, Commercial IPSO Workshop.
|
||||
|
||||
|
||||
8. Author's Address
|
||||
|
||||
To submit mail for distribution to members of the IETF CIPSO Working
|
||||
Group, send mail to: cipso@wdl1.wdl.loral.com.
|
||||
|
||||
|
||||
|
||||
Internet Draft, Expires 15 Jan 93 [PAGE 11]
|
||||
|
||||
|
||||
|
||||
CIPSO INTERNET DRAFT 16 July, 1992
|
||||
|
||||
|
||||
|
||||
|
||||
To be added to or deleted from this distribution, send mail to:
|
||||
cipso-request@wdl1.wdl.loral.com.
|
||||
|
||||
|
||||
9. References
|
||||
|
||||
RFC 1038, "Draft Revised IP Security Option", M. St. Johns, IETF, January
|
||||
1988.
|
||||
|
||||
RFC 1108, "U.S. Department of Defense Security Options
|
||||
for the Internet Protocol", Stephen Kent, IAB, 1 March, 1991.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Internet Draft, Expires 15 Jan 93 [PAGE 12]
|
||||
|
||||
|
||||
|
46
Documentation/netlabel/introduction.txt
Normal file
46
Documentation/netlabel/introduction.txt
Normal file
@ -0,0 +1,46 @@
|
||||
NetLabel Introduction
|
||||
==============================================================================
|
||||
Paul Moore, paul.moore@hp.com
|
||||
|
||||
August 2, 2006
|
||||
|
||||
* Overview
|
||||
|
||||
NetLabel is a mechanism which can be used by kernel security modules to attach
|
||||
security attributes to outgoing network packets generated from user space
|
||||
applications and read security attributes from incoming network packets. It
|
||||
is composed of three main components, the protocol engines, the communication
|
||||
layer, and the kernel security module API.
|
||||
|
||||
* Protocol Engines
|
||||
|
||||
The protocol engines are responsible for both applying and retrieving the
|
||||
network packet's security attributes. If any translation between the network
|
||||
security attributes and those on the host are required then the protocol
|
||||
engine will handle those tasks as well. Other kernel subsystems should
|
||||
refrain from calling the protocol engines directly, instead they should use
|
||||
the NetLabel kernel security module API described below.
|
||||
|
||||
Detailed information about each NetLabel protocol engine can be found in this
|
||||
directory, consult '00-INDEX' for filenames.
|
||||
|
||||
* Communication Layer
|
||||
|
||||
The communication layer exists to allow NetLabel configuration and monitoring
|
||||
from user space. The NetLabel communication layer uses a message based
|
||||
protocol built on top of the Generic NETLINK transport mechanism. The exact
|
||||
formatting of these NetLabel messages as well as the Generic NETLINK family
|
||||
names can be found in the the 'net/netlabel/' directory as comments in the
|
||||
header files as well as in 'include/net/netlabel.h'.
|
||||
|
||||
* Security Module API
|
||||
|
||||
The purpose of the NetLabel security module API is to provide a protocol
|
||||
independent interface to the underlying NetLabel protocol engines. In addition
|
||||
to protocol independence, the security module API is designed to be completely
|
||||
LSM independent which should allow multiple LSMs to leverage the same code
|
||||
base.
|
||||
|
||||
Detailed information about the NetLabel security module API can be found in the
|
||||
'include/net/netlabel.h' header file as well as the 'lsm_interface.txt' file
|
||||
found in this directory.
|
47
Documentation/netlabel/lsm_interface.txt
Normal file
47
Documentation/netlabel/lsm_interface.txt
Normal file
@ -0,0 +1,47 @@
|
||||
NetLabel Linux Security Module Interface
|
||||
==============================================================================
|
||||
Paul Moore, paul.moore@hp.com
|
||||
|
||||
May 17, 2006
|
||||
|
||||
* Overview
|
||||
|
||||
NetLabel is a mechanism which can set and retrieve security attributes from
|
||||
network packets. It is intended to be used by LSM developers who want to make
|
||||
use of a common code base for several different packet labeling protocols.
|
||||
The NetLabel security module API is defined in 'include/net/netlabel.h' but a
|
||||
brief overview is given below.
|
||||
|
||||
* NetLabel Security Attributes
|
||||
|
||||
Since NetLabel supports multiple different packet labeling protocols and LSMs
|
||||
it uses the concept of security attributes to refer to the packet's security
|
||||
labels. The NetLabel security attributes are defined by the
|
||||
'netlbl_lsm_secattr' structure in the NetLabel header file. Internally the
|
||||
NetLabel subsystem converts the security attributes to and from the correct
|
||||
low-level packet label depending on the NetLabel build time and run time
|
||||
configuration. It is up to the LSM developer to translate the NetLabel
|
||||
security attributes into whatever security identifiers are in use for their
|
||||
particular LSM.
|
||||
|
||||
* NetLabel LSM Protocol Operations
|
||||
|
||||
These are the functions which allow the LSM developer to manipulate the labels
|
||||
on outgoing packets as well as read the labels on incoming packets. Functions
|
||||
exist to operate both on sockets as well as the sk_buffs directly. These high
|
||||
level functions are translated into low level protocol operations based on how
|
||||
the administrator has configured the NetLabel subsystem.
|
||||
|
||||
* NetLabel Label Mapping Cache Operations
|
||||
|
||||
Depending on the exact configuration, translation between the network packet
|
||||
label and the internal LSM security identifier can be time consuming. The
|
||||
NetLabel label mapping cache is a caching mechanism which can be used to
|
||||
sidestep much of this overhead once a mapping has been established. Once the
|
||||
LSM has received a packet, used NetLabel to decode it's security attributes,
|
||||
and translated the security attributes into a LSM internal identifier the LSM
|
||||
can use the NetLabel caching functions to associate the LSM internal
|
||||
identifier with the network packet's label. This means that in the future
|
||||
when a incoming packet matches a cached value not only are the internal
|
||||
NetLabel translation mechanisms bypassed but the LSM translation mechanisms are
|
||||
bypassed as well which should result in a significant reduction in overhead.
|
@ -375,6 +375,41 @@ tcp_slow_start_after_idle - BOOLEAN
|
||||
be timed out after an idle period.
|
||||
Default: 1
|
||||
|
||||
CIPSOv4 Variables:
|
||||
|
||||
cipso_cache_enable - BOOLEAN
|
||||
If set, enable additions to and lookups from the CIPSO label mapping
|
||||
cache. If unset, additions are ignored and lookups always result in a
|
||||
miss. However, regardless of the setting the cache is still
|
||||
invalidated when required when means you can safely toggle this on and
|
||||
off and the cache will always be "safe".
|
||||
Default: 1
|
||||
|
||||
cipso_cache_bucket_size - INTEGER
|
||||
The CIPSO label cache consists of a fixed size hash table with each
|
||||
hash bucket containing a number of cache entries. This variable limits
|
||||
the number of entries in each hash bucket; the larger the value the
|
||||
more CIPSO label mappings that can be cached. When the number of
|
||||
entries in a given hash bucket reaches this limit adding new entries
|
||||
causes the oldest entry in the bucket to be removed to make room.
|
||||
Default: 10
|
||||
|
||||
cipso_rbm_optfmt - BOOLEAN
|
||||
Enable the "Optimized Tag 1 Format" as defined in section 3.4.2.6 of
|
||||
the CIPSO draft specification (see Documentation/netlabel for details).
|
||||
This means that when set the CIPSO tag will be padded with empty
|
||||
categories in order to make the packet data 32-bit aligned.
|
||||
Default: 0
|
||||
|
||||
cipso_rbm_structvalid - BOOLEAN
|
||||
If set, do a very strict check of the CIPSO option when
|
||||
ip_options_compile() is called. If unset, relax the checks done during
|
||||
ip_options_compile(). Either way is "safe" as errors are caught else
|
||||
where in the CIPSO processing code but setting this to 0 (False) should
|
||||
result in less work (i.e. it should be faster) but could cause problems
|
||||
with other implementations that require strict checking.
|
||||
Default: 0
|
||||
|
||||
IP Variables:
|
||||
|
||||
ip_local_port_range - 2 INTEGERS
|
||||
@ -730,6 +765,9 @@ conf/all/forwarding - BOOLEAN
|
||||
|
||||
This referred to as global forwarding.
|
||||
|
||||
proxy_ndp - BOOLEAN
|
||||
Do proxy ndp.
|
||||
|
||||
conf/interface/*:
|
||||
Change special settings per interface.
|
||||
|
||||
|
14
Documentation/networking/secid.txt
Normal file
14
Documentation/networking/secid.txt
Normal file
@ -0,0 +1,14 @@
|
||||
flowi structure:
|
||||
|
||||
The secid member in the flow structure is used in LSMs (e.g. SELinux) to indicate
|
||||
the label of the flow. This label of the flow is currently used in selecting
|
||||
matching labeled xfrm(s).
|
||||
|
||||
If this is an outbound flow, the label is derived from the socket, if any, or
|
||||
the incoming packet this flow is being generated as a response to (e.g. tcp
|
||||
resets, timewait ack, etc.). It is also conceivable that the label could be
|
||||
derived from other sources such as process context, device, etc., in special
|
||||
cases, as may be appropriate.
|
||||
|
||||
If this is an inbound flow, the label is derived from the IPSec security
|
||||
associations, if any, used by the packet.
|
@ -1912,7 +1912,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
|
||||
skb->tail = skb->data + skb->len;
|
||||
#ifdef USE_CHECKSUM_HW
|
||||
if (vcc->vpi == 0 && vcc->vci >= ATM_NOT_RSV_VCI) {
|
||||
skb->ip_summed = CHECKSUM_HW;
|
||||
skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
skb->csum = TCP_CKSUM(skb->data,
|
||||
he_vcc->pdu_len);
|
||||
}
|
||||
|
@ -2077,7 +2077,7 @@ boomerang_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
|
||||
vp->tx_ring[entry].next = 0;
|
||||
#if DO_ZEROCOPY
|
||||
if (skb->ip_summed != CHECKSUM_HW)
|
||||
if (skb->ip_summed != CHECKSUM_PARTIAL)
|
||||
vp->tx_ring[entry].status = cpu_to_le32(skb->len | TxIntrUploaded);
|
||||
else
|
||||
vp->tx_ring[entry].status = cpu_to_le32(skb->len | TxIntrUploaded | AddTCPChksum | AddUDPChksum);
|
||||
|
@ -813,7 +813,7 @@ static int cp_start_xmit (struct sk_buff *skb, struct net_device *dev)
|
||||
|
||||
if (mss)
|
||||
flags |= LargeSend | ((mss & MSSMask) << MSSShift);
|
||||
else if (skb->ip_summed == CHECKSUM_HW) {
|
||||
else if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
const struct iphdr *ip = skb->nh.iph;
|
||||
if (ip->protocol == IPPROTO_TCP)
|
||||
flags |= IPCS | TCPCS;
|
||||
@ -867,7 +867,7 @@ static int cp_start_xmit (struct sk_buff *skb, struct net_device *dev)
|
||||
if (mss)
|
||||
ctrl |= LargeSend |
|
||||
((mss & MSSMask) << MSSShift);
|
||||
else if (skb->ip_summed == CHECKSUM_HW) {
|
||||
else if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
if (ip->protocol == IPPROTO_TCP)
|
||||
ctrl |= IPCS | TCPCS;
|
||||
else if (ip->protocol == IPPROTO_UDP)
|
||||
@ -898,7 +898,7 @@ static int cp_start_xmit (struct sk_buff *skb, struct net_device *dev)
|
||||
txd->addr = cpu_to_le64(first_mapping);
|
||||
wmb();
|
||||
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
if (ip->protocol == IPPROTO_TCP)
|
||||
txd->opts1 = cpu_to_le32(first_eor | first_len |
|
||||
FirstFrag | DescOwn |
|
||||
|
@ -2040,7 +2040,7 @@ static void ace_rx_int(struct net_device *dev, u32 rxretprd, u32 rxretcsm)
|
||||
*/
|
||||
if (bd_flags & BD_FLG_TCP_UDP_SUM) {
|
||||
skb->csum = htons(csum);
|
||||
skb->ip_summed = CHECKSUM_HW;
|
||||
skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
} else {
|
||||
skb->ip_summed = CHECKSUM_NONE;
|
||||
}
|
||||
@ -2511,7 +2511,7 @@ restart:
|
||||
|
||||
mapping = ace_map_tx_skb(ap, skb, skb, idx);
|
||||
flagsize = (skb->len << 16) | (BD_FLG_END);
|
||||
if (skb->ip_summed == CHECKSUM_HW)
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL)
|
||||
flagsize |= BD_FLG_TCP_UDP_SUM;
|
||||
#if ACENIC_DO_VLAN
|
||||
if (vlan_tx_tag_present(skb)) {
|
||||
@ -2534,7 +2534,7 @@ restart:
|
||||
|
||||
mapping = ace_map_tx_skb(ap, skb, NULL, idx);
|
||||
flagsize = (skb_headlen(skb) << 16);
|
||||
if (skb->ip_summed == CHECKSUM_HW)
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL)
|
||||
flagsize |= BD_FLG_TCP_UDP_SUM;
|
||||
#if ACENIC_DO_VLAN
|
||||
if (vlan_tx_tag_present(skb)) {
|
||||
@ -2560,7 +2560,7 @@ restart:
|
||||
PCI_DMA_TODEVICE);
|
||||
|
||||
flagsize = (frag->size << 16);
|
||||
if (skb->ip_summed == CHECKSUM_HW)
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL)
|
||||
flagsize |= BD_FLG_TCP_UDP_SUM;
|
||||
idx = (idx + 1) % ACE_TX_RING_ENTRIES(ap);
|
||||
|
||||
|
@ -161,6 +161,7 @@ static struct pci_device_id com20020pci_id_table[] = {
|
||||
{ 0x1571, 0xa204, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ARC_CAN_10MBIT },
|
||||
{ 0x1571, 0xa205, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ARC_CAN_10MBIT },
|
||||
{ 0x1571, 0xa206, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ARC_CAN_10MBIT },
|
||||
{ 0x10B5, 0x9030, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ARC_CAN_10MBIT },
|
||||
{ 0x10B5, 0x9050, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ARC_CAN_10MBIT },
|
||||
{0,}
|
||||
};
|
||||
|
@ -4423,7 +4423,7 @@ bnx2_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
ring_prod = TX_RING_IDX(prod);
|
||||
|
||||
vlan_tag_flags = 0;
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
vlan_tag_flags |= TX_BD_FLAGS_TCP_UDP_CKSUM;
|
||||
}
|
||||
|
||||
|
@ -2167,7 +2167,7 @@ end_copy_pkt:
|
||||
cas_page_unmap(addr);
|
||||
}
|
||||
skb->csum = ntohs(i ^ 0xffff);
|
||||
skb->ip_summed = CHECKSUM_HW;
|
||||
skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
skb->protocol = eth_type_trans(skb, cp->dev);
|
||||
return len;
|
||||
}
|
||||
@ -2821,7 +2821,7 @@ static inline int cas_xmit_tx_ringN(struct cas *cp, int ring,
|
||||
}
|
||||
|
||||
ctrl = 0;
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
u64 csum_start_off, csum_stuff_off;
|
||||
|
||||
csum_start_off = (u64) (skb->h.raw - skb->data);
|
||||
|
@ -1470,9 +1470,9 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
}
|
||||
|
||||
if (!(adapter->flags & UDP_CSUM_CAPABLE) &&
|
||||
skb->ip_summed == CHECKSUM_HW &&
|
||||
skb->ip_summed == CHECKSUM_PARTIAL &&
|
||||
skb->nh.iph->protocol == IPPROTO_UDP)
|
||||
if (unlikely(skb_checksum_help(skb, 0))) {
|
||||
if (unlikely(skb_checksum_help(skb))) {
|
||||
dev_kfree_skb_any(skb);
|
||||
return NETDEV_TX_OK;
|
||||
}
|
||||
@ -1495,11 +1495,11 @@ int t1_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
cpl = (struct cpl_tx_pkt *)__skb_push(skb, sizeof(*cpl));
|
||||
cpl->opcode = CPL_TX_PKT;
|
||||
cpl->ip_csum_dis = 1; /* SW calculates IP csum */
|
||||
cpl->l4_csum_dis = skb->ip_summed == CHECKSUM_HW ? 0 : 1;
|
||||
cpl->l4_csum_dis = skb->ip_summed == CHECKSUM_PARTIAL ? 0 : 1;
|
||||
/* the length field isn't used so don't bother setting it */
|
||||
|
||||
st->tx_cso += (skb->ip_summed == CHECKSUM_HW);
|
||||
sge->stats.tx_do_cksum += (skb->ip_summed == CHECKSUM_HW);
|
||||
st->tx_cso += (skb->ip_summed == CHECKSUM_PARTIAL);
|
||||
sge->stats.tx_do_cksum += (skb->ip_summed == CHECKSUM_PARTIAL);
|
||||
sge->stats.tx_reg_pkts++;
|
||||
}
|
||||
cpl->iff = dev->if_port;
|
||||
|
@ -611,7 +611,7 @@ start_xmit (struct sk_buff *skb, struct net_device *dev)
|
||||
txdesc = &np->tx_ring[entry];
|
||||
|
||||
#if 0
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
txdesc->status |=
|
||||
cpu_to_le64 (TCPChecksumEnable | UDPChecksumEnable |
|
||||
IPChecksumEnable);
|
||||
|
@ -2600,7 +2600,7 @@ e1000_tx_csum(struct e1000_adapter *adapter, struct e1000_tx_ring *tx_ring,
|
||||
unsigned int i;
|
||||
uint8_t css;
|
||||
|
||||
if (likely(skb->ip_summed == CHECKSUM_HW)) {
|
||||
if (likely(skb->ip_summed == CHECKSUM_PARTIAL)) {
|
||||
css = skb->h.raw - skb->data;
|
||||
|
||||
i = tx_ring->next_to_use;
|
||||
@ -2927,11 +2927,11 @@ e1000_xmit_frame(struct sk_buff *skb, struct net_device *netdev)
|
||||
}
|
||||
|
||||
/* reserve a descriptor for the offload context */
|
||||
if ((mss) || (skb->ip_summed == CHECKSUM_HW))
|
||||
if ((mss) || (skb->ip_summed == CHECKSUM_PARTIAL))
|
||||
count++;
|
||||
count++;
|
||||
#else
|
||||
if (skb->ip_summed == CHECKSUM_HW)
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL)
|
||||
count++;
|
||||
#endif
|
||||
|
||||
@ -3608,7 +3608,7 @@ e1000_rx_checksum(struct e1000_adapter *adapter,
|
||||
*/
|
||||
csum = ntohl(csum ^ 0xFFFF);
|
||||
skb->csum = csum;
|
||||
skb->ip_summed = CHECKSUM_HW;
|
||||
skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
}
|
||||
adapter->hw_csum_good++;
|
||||
}
|
||||
|
@ -1503,7 +1503,8 @@ static int nv_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
tx_flags_extra = NV_TX2_TSO | (skb_shinfo(skb)->gso_size << NV_TX2_TSO_SHIFT);
|
||||
else
|
||||
#endif
|
||||
tx_flags_extra = (skb->ip_summed == CHECKSUM_HW ? (NV_TX2_CHECKSUM_L3|NV_TX2_CHECKSUM_L4) : 0);
|
||||
tx_flags_extra = skb->ip_summed == CHECKSUM_PARTIAL ?
|
||||
NV_TX2_CHECKSUM_L3 | NV_TX2_CHECKSUM_L4 : 0;
|
||||
|
||||
/* vlan tag */
|
||||
if (np->vlangrp && vlan_tx_tag_present(skb)) {
|
||||
|
@ -947,7 +947,7 @@ static int gfar_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
|
||||
/* Set up checksumming */
|
||||
if (likely((dev->features & NETIF_F_IP_CSUM)
|
||||
&& (CHECKSUM_HW == skb->ip_summed))) {
|
||||
&& (CHECKSUM_PARTIAL == skb->ip_summed))) {
|
||||
fcb = gfar_add_fcb(skb, txbdp);
|
||||
status |= TXBD_TOE;
|
||||
gfar_tx_checksum(skb, fcb);
|
||||
|
@ -1648,7 +1648,7 @@ static int hamachi_rx(struct net_device *dev)
|
||||
* could do the pseudo myself and return
|
||||
* CHECKSUM_UNNECESSARY
|
||||
*/
|
||||
skb->ip_summed = CHECKSUM_HW;
|
||||
skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1036,7 +1036,7 @@ static inline u16 emac_tx_csum(struct ocp_enet_private *dev,
|
||||
struct sk_buff *skb)
|
||||
{
|
||||
#if defined(CONFIG_IBM_EMAC_TAH)
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
++dev->stats.tx_packets_csum;
|
||||
return EMAC_TX_CTRL_TAH_CSUM;
|
||||
}
|
||||
|
@ -1387,7 +1387,7 @@ static int ioc3_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
* MAC header which should not be summed and the TCP/UDP pseudo headers
|
||||
* manually.
|
||||
*/
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
int proto = ntohs(skb->nh.iph->protocol);
|
||||
unsigned int csoff;
|
||||
struct iphdr *ih = skb->nh.iph;
|
||||
|
@ -249,7 +249,7 @@ static void __exit ali_ircc_cleanup(void)
|
||||
|
||||
IRDA_DEBUG(2, "%s(), ---------------- Start ----------------\n", __FUNCTION__);
|
||||
|
||||
for (i=0; i < 4; i++) {
|
||||
for (i=0; i < ARRAY_SIZE(dev_self); i++) {
|
||||
if (dev_self[i])
|
||||
ali_ircc_close(dev_self[i]);
|
||||
}
|
||||
@ -273,6 +273,12 @@ static int ali_ircc_open(int i, chipio_t *info)
|
||||
int err;
|
||||
|
||||
IRDA_DEBUG(2, "%s(), ---------------- Start ----------------\n", __FUNCTION__);
|
||||
|
||||
if (i >= ARRAY_SIZE(dev_self)) {
|
||||
IRDA_ERROR("%s(), maximum number of supported chips reached!\n",
|
||||
__FUNCTION__);
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
/* Set FIR FIFO and DMA Threshold */
|
||||
if ((ali_ircc_setup(info)) == -1)
|
||||
|
@ -1090,7 +1090,7 @@ static int __init irport_init(void)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i=0; (io[i] < 2000) && (i < 4); i++) {
|
||||
for (i=0; (io[i] < 2000) && (i < ARRAY_SIZE(dev_self)); i++) {
|
||||
if (irport_open(i, io[i], irq[i]) != NULL)
|
||||
return 0;
|
||||
}
|
||||
@ -1112,7 +1112,7 @@ static void __exit irport_cleanup(void)
|
||||
|
||||
IRDA_DEBUG( 4, "%s()\n", __FUNCTION__);
|
||||
|
||||
for (i=0; i < 4; i++) {
|
||||
for (i=0; i < ARRAY_SIZE(dev_self); i++) {
|
||||
if (dev_self[i])
|
||||
irport_close(dev_self[i]);
|
||||
}
|
||||
|
@ -279,7 +279,7 @@ static void via_ircc_clean(void)
|
||||
|
||||
IRDA_DEBUG(3, "%s()\n", __FUNCTION__);
|
||||
|
||||
for (i=0; i < 4; i++) {
|
||||
for (i=0; i < ARRAY_SIZE(dev_self); i++) {
|
||||
if (dev_self[i])
|
||||
via_ircc_close(dev_self[i]);
|
||||
}
|
||||
@ -327,6 +327,9 @@ static __devinit int via_ircc_open(int i, chipio_t * info, unsigned int id)
|
||||
|
||||
IRDA_DEBUG(3, "%s()\n", __FUNCTION__);
|
||||
|
||||
if (i >= ARRAY_SIZE(dev_self))
|
||||
return -ENOMEM;
|
||||
|
||||
/* Allocate new instance of the driver */
|
||||
dev = alloc_irdadev(sizeof(struct via_ircc_cb));
|
||||
if (dev == NULL)
|
||||
|
@ -117,7 +117,7 @@ static int __init w83977af_init(void)
|
||||
|
||||
IRDA_DEBUG(0, "%s()\n", __FUNCTION__ );
|
||||
|
||||
for (i=0; (io[i] < 2000) && (i < 4); i++) {
|
||||
for (i=0; (io[i] < 2000) && (i < ARRAY_SIZE(dev_self)); i++) {
|
||||
if (w83977af_open(i, io[i], irq[i], dma[i]) == 0)
|
||||
return 0;
|
||||
}
|
||||
@ -136,7 +136,7 @@ static void __exit w83977af_cleanup(void)
|
||||
|
||||
IRDA_DEBUG(4, "%s()\n", __FUNCTION__ );
|
||||
|
||||
for (i=0; i < 4; i++) {
|
||||
for (i=0; i < ARRAY_SIZE(dev_self); i++) {
|
||||
if (dev_self[i])
|
||||
w83977af_close(dev_self[i]);
|
||||
}
|
||||
|
@ -1232,7 +1232,7 @@ ixgb_tx_csum(struct ixgb_adapter *adapter, struct sk_buff *skb)
|
||||
unsigned int i;
|
||||
uint8_t css, cso;
|
||||
|
||||
if(likely(skb->ip_summed == CHECKSUM_HW)) {
|
||||
if(likely(skb->ip_summed == CHECKSUM_PARTIAL)) {
|
||||
css = skb->h.raw - skb->data;
|
||||
cso = (skb->h.raw + skb->csum) - skb->data;
|
||||
|
||||
|
@ -1147,7 +1147,7 @@ static void eth_tx_submit_descs_for_skb(struct mv643xx_private *mp,
|
||||
desc->byte_cnt = length;
|
||||
desc->buf_ptr = dma_map_single(NULL, skb->data, length, DMA_TO_DEVICE);
|
||||
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
BUG_ON(skb->protocol != ETH_P_IP);
|
||||
|
||||
cmd_sts |= ETH_GEN_TCP_UDP_CHECKSUM |
|
||||
|
@ -930,7 +930,7 @@ static inline void myri10ge_vlan_ip_csum(struct sk_buff *skb, u16 hw_csum)
|
||||
(vh->h_vlan_encapsulated_proto == htons(ETH_P_IP) ||
|
||||
vh->h_vlan_encapsulated_proto == htons(ETH_P_IPV6))) {
|
||||
skb->csum = hw_csum;
|
||||
skb->ip_summed = CHECKSUM_HW;
|
||||
skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
}
|
||||
}
|
||||
|
||||
@ -973,7 +973,7 @@ myri10ge_rx_done(struct myri10ge_priv *mgp, struct myri10ge_rx_buf *rx,
|
||||
if ((skb->protocol == ntohs(ETH_P_IP)) ||
|
||||
(skb->protocol == ntohs(ETH_P_IPV6))) {
|
||||
skb->csum = ntohs((u16) csum);
|
||||
skb->ip_summed = CHECKSUM_HW;
|
||||
skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
} else
|
||||
myri10ge_vlan_ip_csum(skb, ntohs((u16) csum));
|
||||
}
|
||||
@ -1897,13 +1897,13 @@ again:
|
||||
pseudo_hdr_offset = 0;
|
||||
odd_flag = 0;
|
||||
flags = (MXGEFW_FLAGS_NO_TSO | MXGEFW_FLAGS_FIRST);
|
||||
if (likely(skb->ip_summed == CHECKSUM_HW)) {
|
||||
if (likely(skb->ip_summed == CHECKSUM_PARTIAL)) {
|
||||
cksum_offset = (skb->h.raw - skb->data);
|
||||
pseudo_hdr_offset = (skb->h.raw + skb->csum) - skb->data;
|
||||
/* If the headers are excessively large, then we must
|
||||
* fall back to a software checksum */
|
||||
if (unlikely(cksum_offset > 255 || pseudo_hdr_offset > 127)) {
|
||||
if (skb_checksum_help(skb, 0))
|
||||
if (skb_checksum_help(skb))
|
||||
goto drop;
|
||||
cksum_offset = 0;
|
||||
pseudo_hdr_offset = 0;
|
||||
|
@ -1153,7 +1153,7 @@ again:
|
||||
if (!nr_frags)
|
||||
frag = NULL;
|
||||
extsts = 0;
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
extsts |= EXTSTS_IPPKT;
|
||||
if (IPPROTO_TCP == skb->nh.iph->protocol)
|
||||
extsts |= EXTSTS_TCPPKT;
|
||||
|
@ -2169,7 +2169,7 @@ static inline u32 rtl8169_tso_csum(struct sk_buff *skb, struct net_device *dev)
|
||||
if (mss)
|
||||
return LargeSend | ((mss & MSSMask) << MSSShift);
|
||||
}
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
const struct iphdr *ip = skb->nh.iph;
|
||||
|
||||
if (ip->protocol == IPPROTO_TCP)
|
||||
|
@ -3893,7 +3893,7 @@ static int s2io_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
txdp->Control_1 |= TXD_TCP_LSO_MSS(s2io_tcp_mss(skb));
|
||||
}
|
||||
#endif
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
txdp->Control_2 |=
|
||||
(TXD_TX_CKO_IPV4_EN | TXD_TX_CKO_TCP_EN |
|
||||
TXD_TX_CKO_UDP_EN);
|
||||
|
@ -1559,7 +1559,7 @@ struct sk_buff *pMessage) /* pointer to send-message */
|
||||
pTxd->VDataHigh = (SK_U32) (PhysAddr >> 32);
|
||||
pTxd->pMBuf = pMessage;
|
||||
|
||||
if (pMessage->ip_summed == CHECKSUM_HW) {
|
||||
if (pMessage->ip_summed == CHECKSUM_PARTIAL) {
|
||||
u16 hdrlen = pMessage->h.raw - pMessage->data;
|
||||
u16 offset = hdrlen + pMessage->csum;
|
||||
|
||||
@ -1678,7 +1678,7 @@ struct sk_buff *pMessage) /* pointer to send-message */
|
||||
/*
|
||||
** Does the HW need to evaluate checksum for TCP or UDP packets?
|
||||
*/
|
||||
if (pMessage->ip_summed == CHECKSUM_HW) {
|
||||
if (pMessage->ip_summed == CHECKSUM_PARTIAL) {
|
||||
u16 hdrlen = pMessage->h.raw - pMessage->data;
|
||||
u16 offset = hdrlen + pMessage->csum;
|
||||
|
||||
@ -2158,7 +2158,7 @@ rx_start:
|
||||
|
||||
#ifdef USE_SK_RX_CHECKSUM
|
||||
pMsg->csum = pRxd->TcpSums & 0xffff;
|
||||
pMsg->ip_summed = CHECKSUM_HW;
|
||||
pMsg->ip_summed = CHECKSUM_COMPLETE;
|
||||
#else
|
||||
pMsg->ip_summed = CHECKSUM_NONE;
|
||||
#endif
|
||||
|
@ -2338,7 +2338,7 @@ static int skge_xmit_frame(struct sk_buff *skb, struct net_device *dev)
|
||||
td->dma_lo = map;
|
||||
td->dma_hi = map >> 32;
|
||||
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
int offset = skb->h.raw - skb->data;
|
||||
|
||||
/* This seems backwards, but it is what the sk98lin
|
||||
@ -2642,7 +2642,7 @@ static inline struct sk_buff *skge_rx_get(struct skge_port *skge,
|
||||
skb->dev = skge->netdev;
|
||||
if (skge->rx_csum) {
|
||||
skb->csum = csum;
|
||||
skb->ip_summed = CHECKSUM_HW;
|
||||
skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
}
|
||||
|
||||
skb->protocol = eth_type_trans(skb, skge->netdev);
|
||||
|
@ -1163,7 +1163,7 @@ static unsigned tx_le_req(const struct sk_buff *skb)
|
||||
if (skb_is_gso(skb))
|
||||
++count;
|
||||
|
||||
if (skb->ip_summed == CHECKSUM_HW)
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL)
|
||||
++count;
|
||||
|
||||
return count;
|
||||
@ -1272,7 +1272,7 @@ static int sky2_xmit_frame(struct sk_buff *skb, struct net_device *dev)
|
||||
#endif
|
||||
|
||||
/* Handle TCP checksum offload */
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
u16 hdr = skb->h.raw - skb->data;
|
||||
u16 offset = hdr + skb->csum;
|
||||
|
||||
@ -2000,7 +2000,7 @@ static int sky2_status_intr(struct sky2_hw *hw, int to_do)
|
||||
#endif
|
||||
case OP_RXCHKS:
|
||||
skb = sky2->rx_ring[sky2->rx_next].skb;
|
||||
skb->ip_summed = CHECKSUM_HW;
|
||||
skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
skb->csum = le16_to_cpu(status);
|
||||
break;
|
||||
|
||||
|
@ -1230,7 +1230,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev)
|
||||
}
|
||||
|
||||
#if defined(ZEROCOPY) && defined(HAS_BROKEN_FIRMWARE)
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
if (skb_padto(skb, (skb->len + PADDING_MASK) & ~PADDING_MASK))
|
||||
return NETDEV_TX_OK;
|
||||
}
|
||||
@ -1252,7 +1252,7 @@ static int start_tx(struct sk_buff *skb, struct net_device *dev)
|
||||
status |= TxDescIntr;
|
||||
np->reap_tx = 0;
|
||||
}
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
status |= TxCalTCP;
|
||||
np->stats.tx_compressed++;
|
||||
}
|
||||
@ -1499,7 +1499,7 @@ static int __netdev_rx(struct net_device *dev, int *quota)
|
||||
* Until then, the printk stays. :-) -Ion
|
||||
*/
|
||||
else if (le16_to_cpu(desc->status2) & 0x0040) {
|
||||
skb->ip_summed = CHECKSUM_HW;
|
||||
skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
skb->csum = le16_to_cpu(desc->csum);
|
||||
printk(KERN_DEBUG "%s: checksum_hw, status2 = %#x\n", dev->name, le16_to_cpu(desc->status2));
|
||||
}
|
||||
|
@ -855,7 +855,7 @@ static int gem_rx(struct gem *gp, int work_to_do)
|
||||
}
|
||||
|
||||
skb->csum = ntohs((status & RXDCTRL_TCPCSUM) ^ 0xffff);
|
||||
skb->ip_summed = CHECKSUM_HW;
|
||||
skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
skb->protocol = eth_type_trans(skb, gp->dev);
|
||||
|
||||
netif_receive_skb(skb);
|
||||
@ -1026,7 +1026,7 @@ static int gem_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
unsigned long flags;
|
||||
|
||||
ctrl = 0;
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
u64 csum_start_off, csum_stuff_off;
|
||||
|
||||
csum_start_off = (u64) (skb->h.raw - skb->data);
|
||||
|
@ -1207,7 +1207,7 @@ static void happy_meal_transceiver_check(struct happy_meal *hp, void __iomem *tr
|
||||
* flags, thus:
|
||||
*
|
||||
* skb->csum = rxd->rx_flags & 0xffff;
|
||||
* skb->ip_summed = CHECKSUM_HW;
|
||||
* skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
*
|
||||
* before sending off the skb to the protocols, and we are good as gold.
|
||||
*/
|
||||
@ -2074,7 +2074,7 @@ static void happy_meal_rx(struct happy_meal *hp, struct net_device *dev)
|
||||
|
||||
/* This card is _fucking_ hot... */
|
||||
skb->csum = ntohs(csum ^ 0xffff);
|
||||
skb->ip_summed = CHECKSUM_HW;
|
||||
skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
|
||||
RXD(("len=%d csum=%4x]", len, csum));
|
||||
skb->protocol = eth_type_trans(skb, dev);
|
||||
@ -2268,7 +2268,7 @@ static int happy_meal_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
u32 tx_flags;
|
||||
|
||||
tx_flags = TXFLAG_OWN;
|
||||
if (skb->ip_summed == CHECKSUM_HW) {
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
u32 csum_start_off, csum_stuff_off;
|
||||
|
||||
csum_start_off = (u32) (skb->h.raw - skb->data);
|
||||
|
@ -149,122 +149,67 @@ module_param(tg3_debug, int, 0);
|
||||
MODULE_PARM_DESC(tg3_debug, "Tigon3 bitmapped debugging message enable value");
|
||||
|
||||
static struct pci_device_id tg3_pci_tbl[] = {
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5700,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5701,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5703,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5704,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702FE,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705_2,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705M,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705M_2,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702X,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5703X,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5704S,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702A3,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5703A3,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5782,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5788,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5789,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5901,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5901_2,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5704S_2,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705F,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5720,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5721,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5750,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5751,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5750M,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5751M,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5751F,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5752,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5752M,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5753,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5753M,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5753F,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5754,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5754M,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5755,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5755M,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5786,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5787,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5787M,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5714,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5714S,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5715,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5715S,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5780,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5780S,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5781,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_SYSKONNECT, PCI_DEVICE_ID_SYSKONNECT_9DXX,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_SYSKONNECT, PCI_DEVICE_ID_SYSKONNECT_9MXX,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1000,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1001,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1003,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC9100,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ PCI_VENDOR_ID_APPLE, PCI_DEVICE_ID_APPLE_TIGON3,
|
||||
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0UL },
|
||||
{ 0, }
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5700)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5701)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5703)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5704)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702FE)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705_2)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705M)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705M_2)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702X)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5703X)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5704S)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5702A3)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5703A3)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5782)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5788)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5789)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5901)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5901_2)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5704S_2)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5705F)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5720)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5721)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5750)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5751)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5750M)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5751M)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5751F)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5752)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5752M)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5753)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5753M)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5753F)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5754)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5754M)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5755)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5755M)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5786)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5787)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5787M)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5714)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5714S)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5715)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5715S)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5780)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5780S)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, PCI_DEVICE_ID_TIGON3_5781)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, PCI_DEVICE_ID_SYSKONNECT_9DXX)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, PCI_DEVICE_ID_SYSKONNECT_9MXX)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1000)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1001)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1003)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC9100)},
|
||||
{PCI_DEVICE(PCI_VENDOR_ID_APPLE, PCI_DEVICE_ID_APPLE_TIGON3)},
|
||||
{}
|
||||
};
|
||||
|
||||
MODULE_DEVICE_TABLE(pci, tg3_pci_tbl);
|
||||
|
||||
static struct {
|
||||
static const struct {
|
||||
const char string[ETH_GSTRING_LEN];
|
||||
} ethtool_stats_keys[TG3_NUM_STATS] = {
|
||||
{ "rx_octets" },
|
||||
@ -345,7 +290,7 @@ static struct {
|
||||
{ "nic_tx_threshold_hit" }
|
||||
};
|
||||
|
||||
static struct {
|
||||
static const struct {
|
||||
const char string[ETH_GSTRING_LEN];
|
||||
} ethtool_test_keys[TG3_NUM_TEST] = {
|
||||
{ "nvram test (online) " },
|
||||
@ -3851,11 +3796,11 @@ static int tg3_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
skb->h.th->check = 0;
|
||||
|
||||
}
|
||||
else if (skb->ip_summed == CHECKSUM_HW)
|
||||
else if (skb->ip_summed == CHECKSUM_PARTIAL)
|
||||
base_flags |= TXD_FLAG_TCPUDP_CSUM;
|
||||
#else
|
||||
mss = 0;
|
||||
if (skb->ip_summed == CHECKSUM_HW)
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL)
|
||||
base_flags |= TXD_FLAG_TCPUDP_CSUM;
|
||||
#endif
|
||||
#if TG3_VLAN_TAG_USED
|
||||
@ -3981,7 +3926,7 @@ static int tg3_start_xmit_dma_bug(struct sk_buff *skb, struct net_device *dev)
|
||||
|
||||
entry = tp->tx_prod;
|
||||
base_flags = 0;
|
||||
if (skb->ip_summed == CHECKSUM_HW)
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL)
|
||||
base_flags |= TXD_FLAG_TCPUDP_CSUM;
|
||||
#if TG3_TSO_SUPPORT != 0
|
||||
mss = 0;
|
||||
@ -4969,7 +4914,7 @@ static int tg3_halt(struct tg3 *tp, int kind, int silent)
|
||||
#define TG3_FW_BSS_ADDR 0x08000a70
|
||||
#define TG3_FW_BSS_LEN 0x10
|
||||
|
||||
static u32 tg3FwText[(TG3_FW_TEXT_LEN / sizeof(u32)) + 1] = {
|
||||
static const u32 tg3FwText[(TG3_FW_TEXT_LEN / sizeof(u32)) + 1] = {
|
||||
0x00000000, 0x10000003, 0x00000000, 0x0000000d, 0x0000000d, 0x3c1d0800,
|
||||
0x37bd3ffc, 0x03a0f021, 0x3c100800, 0x26100000, 0x0e000018, 0x00000000,
|
||||
0x0000000d, 0x3c1d0800, 0x37bd3ffc, 0x03a0f021, 0x3c100800, 0x26100034,
|
||||
@ -5063,7 +5008,7 @@ static u32 tg3FwText[(TG3_FW_TEXT_LEN / sizeof(u32)) + 1] = {
|
||||
0x27bd0008, 0x03e00008, 0x00000000, 0x00000000, 0x00000000
|
||||
};
|
||||
|
||||
static u32 tg3FwRodata[(TG3_FW_RODATA_LEN / sizeof(u32)) + 1] = {
|
||||
static const u32 tg3FwRodata[(TG3_FW_RODATA_LEN / sizeof(u32)) + 1] = {
|
||||
0x35373031, 0x726c7341, 0x00000000, 0x00000000, 0x53774576, 0x656e7430,
|
||||
0x00000000, 0x726c7045, 0x76656e74, 0x31000000, 0x556e6b6e, 0x45766e74,
|
||||
0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x66617461, 0x6c457272,
|
||||
@ -5128,13 +5073,13 @@ static int tg3_halt_cpu(struct tg3 *tp, u32 offset)
|
||||
struct fw_info {
|
||||
unsigned int text_base;
|
||||
unsigned int text_len;
|
||||
u32 *text_data;
|
||||
const u32 *text_data;
|
||||
unsigned int rodata_base;
|
||||
unsigned int rodata_len;
|
||||
u32 *rodata_data;
|
||||
const u32 *rodata_data;
|
||||
unsigned int data_base;
|
||||
unsigned int data_len;
|
||||
u32 *data_data;
|
||||
const u32 *data_data;
|
||||
};
|
||||
|
||||
/* tp->lock is held. */
|
||||
@ -5266,7 +5211,7 @@ static int tg3_load_5701_a0_firmware_fix(struct tg3 *tp)
|
||||
#define TG3_TSO_FW_BSS_ADDR 0x08001b80
|
||||
#define TG3_TSO_FW_BSS_LEN 0x894
|
||||
|
||||
static u32 tg3TsoFwText[(TG3_TSO_FW_TEXT_LEN / 4) + 1] = {
|
||||
static const u32 tg3TsoFwText[(TG3_TSO_FW_TEXT_LEN / 4) + 1] = {
|
||||
0x0e000003, 0x00000000, 0x08001b24, 0x00000000, 0x10000003, 0x00000000,
|
||||
0x0000000d, 0x0000000d, 0x3c1d0800, 0x37bd4000, 0x03a0f021, 0x3c100800,
|
||||
0x26100000, 0x0e000010, 0x00000000, 0x0000000d, 0x27bdffe0, 0x3c04fefe,
|
||||
@ -5553,7 +5498,7 @@ static u32 tg3TsoFwText[(TG3_TSO_FW_TEXT_LEN / 4) + 1] = {
|
||||
0xac470014, 0xac4a0018, 0x03e00008, 0xac4b001c, 0x00000000, 0x00000000,
|
||||
};
|
||||
|
||||
static u32 tg3TsoFwRodata[] = {
|
||||
static const u32 tg3TsoFwRodata[] = {
|
||||
0x4d61696e, 0x43707542, 0x00000000, 0x4d61696e, 0x43707541, 0x00000000,
|
||||
0x00000000, 0x00000000, 0x73746b6f, 0x66666c64, 0x496e0000, 0x73746b6f,
|
||||
0x66662a2a, 0x00000000, 0x53774576, 0x656e7430, 0x00000000, 0x00000000,
|
||||
@ -5561,7 +5506,7 @@ static u32 tg3TsoFwRodata[] = {
|
||||
0x00000000,
|
||||
};
|
||||
|
||||
static u32 tg3TsoFwData[] = {
|
||||
static const u32 tg3TsoFwData[] = {
|
||||
0x00000000, 0x73746b6f, 0x66666c64, 0x5f76312e, 0x362e3000, 0x00000000,
|
||||
0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
|
||||
0x00000000,
|
||||
@ -5583,7 +5528,7 @@ static u32 tg3TsoFwData[] = {
|
||||
#define TG3_TSO5_FW_BSS_ADDR 0x00010f50
|
||||
#define TG3_TSO5_FW_BSS_LEN 0x88
|
||||
|
||||
static u32 tg3Tso5FwText[(TG3_TSO5_FW_TEXT_LEN / 4) + 1] = {
|
||||
static const u32 tg3Tso5FwText[(TG3_TSO5_FW_TEXT_LEN / 4) + 1] = {
|
||||
0x0c004003, 0x00000000, 0x00010f04, 0x00000000, 0x10000003, 0x00000000,
|
||||
0x0000000d, 0x0000000d, 0x3c1d0001, 0x37bde000, 0x03a0f021, 0x3c100001,
|
||||
0x26100000, 0x0c004010, 0x00000000, 0x0000000d, 0x27bdffe0, 0x3c04fefe,
|
||||
@ -5742,14 +5687,14 @@ static u32 tg3Tso5FwText[(TG3_TSO5_FW_TEXT_LEN / 4) + 1] = {
|
||||
0x00000000, 0x00000000, 0x00000000,
|
||||
};
|
||||
|
||||
static u32 tg3Tso5FwRodata[(TG3_TSO5_FW_RODATA_LEN / 4) + 1] = {
|
||||
static const u32 tg3Tso5FwRodata[(TG3_TSO5_FW_RODATA_LEN / 4) + 1] = {
|
||||
0x4d61696e, 0x43707542, 0x00000000, 0x4d61696e, 0x43707541, 0x00000000,
|
||||
0x00000000, 0x00000000, 0x73746b6f, 0x66666c64, 0x00000000, 0x00000000,
|
||||
0x73746b6f, 0x66666c64, 0x00000000, 0x00000000, 0x66617461, 0x6c457272,
|
||||
0x00000000, 0x00000000, 0x00000000,
|
||||
};
|
||||
|
||||
static u32 tg3Tso5FwData[(TG3_TSO5_FW_DATA_LEN / 4) + 1] = {
|
||||
static const u32 tg3Tso5FwData[(TG3_TSO5_FW_DATA_LEN / 4) + 1] = {
|
||||
0x00000000, 0x73746b6f, 0x66666c64, 0x5f76312e, 0x322e3000, 0x00000000,
|
||||
0x00000000, 0x00000000, 0x00000000,
|
||||
};
|
||||
|
@ -830,7 +830,7 @@ typhoon_start_tx(struct sk_buff *skb, struct net_device *dev)
|
||||
first_txd->addrHi = (u64)((unsigned long) skb) >> 32;
|
||||
first_txd->processFlags = 0;
|
||||
|
||||
if(skb->ip_summed == CHECKSUM_HW) {
|
||||
if(skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
/* The 3XP will figure out if this is UDP/TCP */
|
||||
first_txd->processFlags |= TYPHOON_TX_PF_TCP_CHKSUM;
|
||||
first_txd->processFlags |= TYPHOON_TX_PF_UDP_CHKSUM;
|
||||
|
@ -1230,7 +1230,7 @@ static int rhine_start_tx(struct sk_buff *skb, struct net_device *dev)
|
||||
rp->tx_skbuff[entry] = skb;
|
||||
|
||||
if ((rp->quirks & rqRhineI) &&
|
||||
(((unsigned long)skb->data & 3) || skb_shinfo(skb)->nr_frags != 0 || skb->ip_summed == CHECKSUM_HW)) {
|
||||
(((unsigned long)skb->data & 3) || skb_shinfo(skb)->nr_frags != 0 || skb->ip_summed == CHECKSUM_PARTIAL)) {
|
||||
/* Must use alignment buffer. */
|
||||
if (skb->len > PKT_BUF_SZ) {
|
||||
/* packet too long, drop it */
|
||||
|
@ -2002,7 +2002,7 @@ static int velocity_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
* Handle hardware checksum
|
||||
*/
|
||||
if ((vptr->flags & VELOCITY_FLAGS_TX_CSUM)
|
||||
&& (skb->ip_summed == CHECKSUM_HW)) {
|
||||
&& (skb->ip_summed == CHECKSUM_PARTIAL)) {
|
||||
struct iphdr *ip = skb->nh.iph;
|
||||
if (ip->protocol == IPPROTO_TCP)
|
||||
td_ptr->tdesc1.TCR |= TCR0_TCPCK;
|
||||
|
@ -114,7 +114,7 @@ extern void *__init alloc_large_system_hash(const char *tablename,
|
||||
#else
|
||||
#define HASHDIST_DEFAULT 0
|
||||
#endif
|
||||
extern int __initdata hashdist; /* Distribute hashes across NUMA nodes? */
|
||||
extern int hashdist; /* Distribute hashes across NUMA nodes? */
|
||||
|
||||
|
||||
#endif /* _LINUX_BOOTMEM_H */
|
||||
|
@ -438,6 +438,7 @@ struct dccp_ackvec;
|
||||
* @dccps_role - Role of this sock, one of %dccp_role
|
||||
* @dccps_ndp_count - number of Non Data Packets since last data packet
|
||||
* @dccps_hc_rx_ackvec - rx half connection ack vector
|
||||
* @dccps_xmit_timer - timer for when CCID is not ready to send
|
||||
*/
|
||||
struct dccp_sock {
|
||||
/* inet_connection_sock has to be the first member of dccp_sock */
|
||||
@ -470,6 +471,7 @@ struct dccp_sock {
|
||||
enum dccp_role dccps_role:2;
|
||||
__u8 dccps_hc_rx_insert_options:1;
|
||||
__u8 dccps_hc_tx_insert_options:1;
|
||||
struct timer_list dccps_xmit_timer;
|
||||
};
|
||||
|
||||
static inline struct dccp_sock *dccp_sk(const struct sock *sk)
|
||||
|
65
include/linux/fib_rules.h
Normal file
65
include/linux/fib_rules.h
Normal file
@ -0,0 +1,65 @@
|
||||
#ifndef __LINUX_FIB_RULES_H
|
||||
#define __LINUX_FIB_RULES_H
|
||||
|
||||
#include <linux/types.h>
|
||||
#include <linux/rtnetlink.h>
|
||||
|
||||
/* rule is permanent, and cannot be deleted */
|
||||
#define FIB_RULE_PERMANENT 1
|
||||
|
||||
struct fib_rule_hdr
|
||||
{
|
||||
__u8 family;
|
||||
__u8 dst_len;
|
||||
__u8 src_len;
|
||||
__u8 tos;
|
||||
|
||||
__u8 table;
|
||||
__u8 res1; /* reserved */
|
||||
__u8 res2; /* reserved */
|
||||
__u8 action;
|
||||
|
||||
__u32 flags;
|
||||
};
|
||||
|
||||
enum
|
||||
{
|
||||
FRA_UNSPEC,
|
||||
FRA_DST, /* destination address */
|
||||
FRA_SRC, /* source address */
|
||||
FRA_IFNAME, /* interface name */
|
||||
FRA_UNUSED1,
|
||||
FRA_UNUSED2,
|
||||
FRA_PRIORITY, /* priority/preference */
|
||||
FRA_UNUSED3,
|
||||
FRA_UNUSED4,
|
||||
FRA_UNUSED5,
|
||||
FRA_FWMARK, /* netfilter mark */
|
||||
FRA_FLOW, /* flow/class id */
|
||||
FRA_UNUSED6,
|
||||
FRA_UNUSED7,
|
||||
FRA_UNUSED8,
|
||||
FRA_TABLE, /* Extended table id */
|
||||
FRA_FWMASK, /* mask for netfilter mark */
|
||||
__FRA_MAX
|
||||
};
|
||||
|
||||
#define FRA_MAX (__FRA_MAX - 1)
|
||||
|
||||
enum
|
||||
{
|
||||
FR_ACT_UNSPEC,
|
||||
FR_ACT_TO_TBL, /* Pass to fixed table */
|
||||
FR_ACT_RES1,
|
||||
FR_ACT_RES2,
|
||||
FR_ACT_RES3,
|
||||
FR_ACT_RES4,
|
||||
FR_ACT_BLACKHOLE, /* Drop without notification */
|
||||
FR_ACT_UNREACHABLE, /* Drop with ENETUNREACH */
|
||||
FR_ACT_PROHIBIT, /* Drop with EACCES */
|
||||
__FR_ACT_MAX,
|
||||
};
|
||||
|
||||
#define FR_ACT_MAX (__FR_ACT_MAX - 1)
|
||||
|
||||
#endif
|
@ -25,10 +25,10 @@
|
||||
|
||||
struct sock_filter /* Filter block */
|
||||
{
|
||||
__u16 code; /* Actual filter code */
|
||||
__u8 jt; /* Jump true */
|
||||
__u8 jf; /* Jump false */
|
||||
__u32 k; /* Generic multiuse field */
|
||||
__u16 code; /* Actual filter code */
|
||||
__u8 jt; /* Jump true */
|
||||
__u8 jf; /* Jump false */
|
||||
__u32 k; /* Generic multiuse field */
|
||||
};
|
||||
|
||||
struct sock_fprog /* Required for SO_ATTACH_FILTER. */
|
||||
@ -41,8 +41,9 @@ struct sock_fprog /* Required for SO_ATTACH_FILTER. */
|
||||
struct sk_filter
|
||||
{
|
||||
atomic_t refcnt;
|
||||
unsigned int len; /* Number of filter blocks */
|
||||
struct sock_filter insns[0];
|
||||
unsigned int len; /* Number of filter blocks */
|
||||
struct rcu_head rcu;
|
||||
struct sock_filter insns[0];
|
||||
};
|
||||
|
||||
static inline unsigned int sk_filter_len(struct sk_filter *fp)
|
||||
|
@ -16,6 +16,8 @@ struct genlmsghdr {
|
||||
|
||||
#define GENL_HDRLEN NLMSG_ALIGN(sizeof(struct genlmsghdr))
|
||||
|
||||
#define GENL_ADMIN_PERM 0x01
|
||||
|
||||
/*
|
||||
* List of reserved static generic netlink identifiers:
|
||||
*/
|
||||
@ -43,9 +45,25 @@ enum {
|
||||
CTRL_ATTR_UNSPEC,
|
||||
CTRL_ATTR_FAMILY_ID,
|
||||
CTRL_ATTR_FAMILY_NAME,
|
||||
CTRL_ATTR_VERSION,
|
||||
CTRL_ATTR_HDRSIZE,
|
||||
CTRL_ATTR_MAXATTR,
|
||||
CTRL_ATTR_OPS,
|
||||
__CTRL_ATTR_MAX,
|
||||
};
|
||||
|
||||
#define CTRL_ATTR_MAX (__CTRL_ATTR_MAX - 1)
|
||||
|
||||
enum {
|
||||
CTRL_ATTR_OP_UNSPEC,
|
||||
CTRL_ATTR_OP_ID,
|
||||
CTRL_ATTR_OP_FLAGS,
|
||||
CTRL_ATTR_OP_POLICY,
|
||||
CTRL_ATTR_OP_DOIT,
|
||||
CTRL_ATTR_OP_DUMPIT,
|
||||
__CTRL_ATTR_OP_MAX,
|
||||
};
|
||||
|
||||
#define CTRL_ATTR_OP_MAX (__CTRL_ATTR_OP_MAX - 1)
|
||||
|
||||
#endif /* __LINUX_GENERIC_NETLINK_H */
|
||||
|
@ -212,5 +212,134 @@ struct ifconf
|
||||
#define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */
|
||||
#define ifc_req ifc_ifcu.ifcu_req /* array of structures */
|
||||
|
||||
/* The struct should be in sync with struct net_device_stats */
|
||||
struct rtnl_link_stats
|
||||
{
|
||||
__u32 rx_packets; /* total packets received */
|
||||
__u32 tx_packets; /* total packets transmitted */
|
||||
__u32 rx_bytes; /* total bytes received */
|
||||
__u32 tx_bytes; /* total bytes transmitted */
|
||||
__u32 rx_errors; /* bad packets received */
|
||||
__u32 tx_errors; /* packet transmit problems */
|
||||
__u32 rx_dropped; /* no space in linux buffers */
|
||||
__u32 tx_dropped; /* no space available in linux */
|
||||
__u32 multicast; /* multicast packets received */
|
||||
__u32 collisions;
|
||||
|
||||
/* detailed rx_errors: */
|
||||
__u32 rx_length_errors;
|
||||
__u32 rx_over_errors; /* receiver ring buff overflow */
|
||||
__u32 rx_crc_errors; /* recved pkt with crc error */
|
||||
__u32 rx_frame_errors; /* recv'd frame alignment error */
|
||||
__u32 rx_fifo_errors; /* recv'r fifo overrun */
|
||||
__u32 rx_missed_errors; /* receiver missed packet */
|
||||
|
||||
/* detailed tx_errors */
|
||||
__u32 tx_aborted_errors;
|
||||
__u32 tx_carrier_errors;
|
||||
__u32 tx_fifo_errors;
|
||||
__u32 tx_heartbeat_errors;
|
||||
__u32 tx_window_errors;
|
||||
|
||||
/* for cslip etc */
|
||||
__u32 rx_compressed;
|
||||
__u32 tx_compressed;
|
||||
};
|
||||
|
||||
/* The struct should be in sync with struct ifmap */
|
||||
struct rtnl_link_ifmap
|
||||
{
|
||||
__u64 mem_start;
|
||||
__u64 mem_end;
|
||||
__u64 base_addr;
|
||||
__u16 irq;
|
||||
__u8 dma;
|
||||
__u8 port;
|
||||
};
|
||||
|
||||
enum
|
||||
{
|
||||
IFLA_UNSPEC,
|
||||
IFLA_ADDRESS,
|
||||
IFLA_BROADCAST,
|
||||
IFLA_IFNAME,
|
||||
IFLA_MTU,
|
||||
IFLA_LINK,
|
||||
IFLA_QDISC,
|
||||
IFLA_STATS,
|
||||
IFLA_COST,
|
||||
#define IFLA_COST IFLA_COST
|
||||
IFLA_PRIORITY,
|
||||
#define IFLA_PRIORITY IFLA_PRIORITY
|
||||
IFLA_MASTER,
|
||||
#define IFLA_MASTER IFLA_MASTER
|
||||
IFLA_WIRELESS, /* Wireless Extension event - see wireless.h */
|
||||
#define IFLA_WIRELESS IFLA_WIRELESS
|
||||
IFLA_PROTINFO, /* Protocol specific information for a link */
|
||||
#define IFLA_PROTINFO IFLA_PROTINFO
|
||||
IFLA_TXQLEN,
|
||||
#define IFLA_TXQLEN IFLA_TXQLEN
|
||||
IFLA_MAP,
|
||||
#define IFLA_MAP IFLA_MAP
|
||||
IFLA_WEIGHT,
|
||||
#define IFLA_WEIGHT IFLA_WEIGHT
|
||||
IFLA_OPERSTATE,
|
||||
IFLA_LINKMODE,
|
||||
__IFLA_MAX
|
||||
};
|
||||
|
||||
|
||||
#define IFLA_MAX (__IFLA_MAX - 1)
|
||||
|
||||
/* ifi_flags.
|
||||
|
||||
IFF_* flags.
|
||||
|
||||
The only change is:
|
||||
IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are
|
||||
more not changeable by user. They describe link media
|
||||
characteristics and set by device driver.
|
||||
|
||||
Comments:
|
||||
- Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid
|
||||
- If neither of these three flags are set;
|
||||
the interface is NBMA.
|
||||
|
||||
- IFF_MULTICAST does not mean anything special:
|
||||
multicasts can be used on all not-NBMA links.
|
||||
IFF_MULTICAST means that this media uses special encapsulation
|
||||
for multicast frames. Apparently, all IFF_POINTOPOINT and
|
||||
IFF_BROADCAST devices are able to use multicasts too.
|
||||
*/
|
||||
|
||||
/* IFLA_LINK.
|
||||
For usual devices it is equal ifi_index.
|
||||
If it is a "virtual interface" (f.e. tunnel), ifi_link
|
||||
can point to real physical interface (f.e. for bandwidth calculations),
|
||||
or maybe 0, what means, that real media is unknown (usual
|
||||
for IPIP tunnels, when route to endpoint is allowed to change)
|
||||
*/
|
||||
|
||||
/* Subtype attributes for IFLA_PROTINFO */
|
||||
enum
|
||||
{
|
||||
IFLA_INET6_UNSPEC,
|
||||
IFLA_INET6_FLAGS, /* link flags */
|
||||
IFLA_INET6_CONF, /* sysctl parameters */
|
||||
IFLA_INET6_STATS, /* statistics */
|
||||
IFLA_INET6_MCAST, /* MC things. What of them? */
|
||||
IFLA_INET6_CACHEINFO, /* time values and max reasm size */
|
||||
__IFLA_INET6_MAX
|
||||
};
|
||||
|
||||
#define IFLA_INET6_MAX (__IFLA_INET6_MAX - 1)
|
||||
|
||||
struct ifla_cacheinfo
|
||||
{
|
||||
__u32 max_reasm_len;
|
||||
__u32 tstamp; /* ipv6InterfaceTable updated timestamp */
|
||||
__u32 reachable_time;
|
||||
__u32 retrans_time;
|
||||
};
|
||||
|
||||
#endif /* _LINUX_IF_H */
|
||||
|
55
include/linux/if_addr.h
Normal file
55
include/linux/if_addr.h
Normal file
@ -0,0 +1,55 @@
|
||||
#ifndef __LINUX_IF_ADDR_H
|
||||
#define __LINUX_IF_ADDR_H
|
||||
|
||||
#include <linux/netlink.h>
|
||||
|
||||
struct ifaddrmsg
|
||||
{
|
||||
__u8 ifa_family;
|
||||
__u8 ifa_prefixlen; /* The prefix length */
|
||||
__u8 ifa_flags; /* Flags */
|
||||
__u8 ifa_scope; /* Address scope */
|
||||
__u32 ifa_index; /* Link index */
|
||||
};
|
||||
|
||||
/*
|
||||
* Important comment:
|
||||
* IFA_ADDRESS is prefix address, rather than local interface address.
|
||||
* It makes no difference for normally configured broadcast interfaces,
|
||||
* but for point-to-point IFA_ADDRESS is DESTINATION address,
|
||||
* local address is supplied in IFA_LOCAL attribute.
|
||||
*/
|
||||
enum
|
||||
{
|
||||
IFA_UNSPEC,
|
||||
IFA_ADDRESS,
|
||||
IFA_LOCAL,
|
||||
IFA_LABEL,
|
||||
IFA_BROADCAST,
|
||||
IFA_ANYCAST,
|
||||
IFA_CACHEINFO,
|
||||
IFA_MULTICAST,
|
||||
__IFA_MAX,
|
||||
};
|
||||
|
||||
#define IFA_MAX (__IFA_MAX - 1)
|
||||
|
||||
/* ifa_flags */
|
||||
#define IFA_F_SECONDARY 0x01
|
||||
#define IFA_F_TEMPORARY IFA_F_SECONDARY
|
||||
|
||||
#define IFA_F_NODAD 0x02
|
||||
#define IFA_F_HOMEADDRESS 0x10
|
||||
#define IFA_F_DEPRECATED 0x20
|
||||
#define IFA_F_TENTATIVE 0x40
|
||||
#define IFA_F_PERMANENT 0x80
|
||||
|
||||
struct ifa_cacheinfo
|
||||
{
|
||||
__u32 ifa_prefered;
|
||||
__u32 ifa_valid;
|
||||
__u32 cstamp; /* created timestamp, hundredths of seconds */
|
||||
__u32 tstamp; /* updated timestamp, hundredths of seconds */
|
||||
};
|
||||
|
||||
#endif
|
@ -52,7 +52,7 @@ enum {
|
||||
|
||||
/* Internet address. */
|
||||
struct in_addr {
|
||||
__u32 s_addr;
|
||||
__be32 s_addr;
|
||||
};
|
||||
|
||||
#define IP_TOS 1
|
||||
@ -177,7 +177,7 @@ struct in_pktinfo
|
||||
#define __SOCK_SIZE__ 16 /* sizeof(struct sockaddr) */
|
||||
struct sockaddr_in {
|
||||
sa_family_t sin_family; /* Address family */
|
||||
unsigned short int sin_port; /* Port number */
|
||||
__be16 sin_port; /* Port number */
|
||||
struct in_addr sin_addr; /* Internet address */
|
||||
|
||||
/* Pad to size of `struct sockaddr'. */
|
||||
|
@ -134,6 +134,7 @@ struct in6_flowlabel_req
|
||||
#define IPPROTO_ICMPV6 58 /* ICMPv6 */
|
||||
#define IPPROTO_NONE 59 /* IPv6 no next header */
|
||||
#define IPPROTO_DSTOPTS 60 /* IPv6 destination options */
|
||||
#define IPPROTO_MH 135 /* IPv6 mobility header */
|
||||
|
||||
/*
|
||||
* IPv6 TLV options.
|
||||
@ -142,6 +143,7 @@ struct in6_flowlabel_req
|
||||
#define IPV6_TLV_PADN 1
|
||||
#define IPV6_TLV_ROUTERALERT 5
|
||||
#define IPV6_TLV_JUMBO 194
|
||||
#define IPV6_TLV_HAO 201 /* home address option */
|
||||
|
||||
/*
|
||||
* IPV6 socket options
|
||||
|
@ -46,5 +46,7 @@
|
||||
#include <linux/types.h>
|
||||
|
||||
extern __be32 in_aton(const char *str);
|
||||
extern int in4_pton(const char *src, int srclen, u8 *dst, char delim, const char **end);
|
||||
extern int in6_pton(const char *src, int srclen, u8 *dst, char delim, const char **end);
|
||||
#endif
|
||||
#endif /* _LINUX_INET_H */
|
||||
|
@ -57,6 +57,7 @@
|
||||
#define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY)
|
||||
#define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY)
|
||||
#define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT)
|
||||
#define IPOPT_CIPSO (6 |IPOPT_CONTROL|IPOPT_COPY)
|
||||
#define IPOPT_RR (7 |IPOPT_CONTROL)
|
||||
#define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY)
|
||||
#define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY)
|
||||
|
@ -29,6 +29,7 @@ struct in6_ifreq {
|
||||
|
||||
#define IPV6_SRCRT_STRICT 0x01 /* this hop must be a neighbor */
|
||||
#define IPV6_SRCRT_TYPE_0 0 /* IPv6 type 0 Routing Header */
|
||||
#define IPV6_SRCRT_TYPE_2 2 /* IPv6 type 2 Routing Header */
|
||||
|
||||
/*
|
||||
* routing header
|
||||
@ -73,6 +74,28 @@ struct rt0_hdr {
|
||||
#define rt0_type rt_hdr.type
|
||||
};
|
||||
|
||||
/*
|
||||
* routing header type 2
|
||||
*/
|
||||
|
||||
struct rt2_hdr {
|
||||
struct ipv6_rt_hdr rt_hdr;
|
||||
__u32 reserved;
|
||||
struct in6_addr addr;
|
||||
|
||||
#define rt2_type rt_hdr.type
|
||||
};
|
||||
|
||||
/*
|
||||
* home address option in destination options header
|
||||
*/
|
||||
|
||||
struct ipv6_destopt_hao {
|
||||
__u8 type;
|
||||
__u8 length;
|
||||
struct in6_addr addr;
|
||||
} __attribute__ ((__packed__));
|
||||
|
||||
struct ipv6_auth_hdr {
|
||||
__u8 nexthdr;
|
||||
__u8 hdrlen; /* This one is measured in 32 bit units! */
|
||||
@ -153,6 +176,7 @@ struct ipv6_devconf {
|
||||
__s32 accept_ra_rt_info_max_plen;
|
||||
#endif
|
||||
#endif
|
||||
__s32 proxy_ndp;
|
||||
void *sysctl;
|
||||
};
|
||||
|
||||
@ -180,6 +204,7 @@ enum {
|
||||
DEVCONF_ACCEPT_RA_RTR_PREF,
|
||||
DEVCONF_RTR_PROBE_INTERVAL,
|
||||
DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN,
|
||||
DEVCONF_PROXY_NDP,
|
||||
DEVCONF_MAX
|
||||
};
|
||||
|
||||
@ -206,6 +231,9 @@ struct inet6_skb_parm {
|
||||
__u16 lastopt;
|
||||
__u32 nhoff;
|
||||
__u16 flags;
|
||||
#ifdef CONFIG_IPV6_MIP6
|
||||
__u16 dsthao;
|
||||
#endif
|
||||
|
||||
#define IP6SKB_XFRM_TRANSFORMED 1
|
||||
};
|
||||
@ -242,6 +270,9 @@ struct ipv6_pinfo {
|
||||
struct in6_addr rcv_saddr;
|
||||
struct in6_addr daddr;
|
||||
struct in6_addr *daddr_cache;
|
||||
#ifdef CONFIG_IPV6_SUBTREES
|
||||
struct in6_addr *saddr_cache;
|
||||
#endif
|
||||
|
||||
__u32 flow_label;
|
||||
__u32 frag_size;
|
||||
|
159
include/linux/neighbour.h
Normal file
159
include/linux/neighbour.h
Normal file
@ -0,0 +1,159 @@
|
||||
#ifndef __LINUX_NEIGHBOUR_H
|
||||
#define __LINUX_NEIGHBOUR_H
|
||||
|
||||
#include <linux/netlink.h>
|
||||
|
||||
struct ndmsg
|
||||
{
|
||||
__u8 ndm_family;
|
||||
__u8 ndm_pad1;
|
||||
__u16 ndm_pad2;
|
||||
__s32 ndm_ifindex;
|
||||
__u16 ndm_state;
|
||||
__u8 ndm_flags;
|
||||
__u8 ndm_type;
|
||||
};
|
||||
|
||||
enum
|
||||
{
|
||||
NDA_UNSPEC,
|
||||
NDA_DST,
|
||||
NDA_LLADDR,
|
||||
NDA_CACHEINFO,
|
||||
NDA_PROBES,
|
||||
__NDA_MAX
|
||||
};
|
||||
|
||||
#define NDA_MAX (__NDA_MAX - 1)
|
||||
|
||||
/*
|
||||
* Neighbor Cache Entry Flags
|
||||
*/
|
||||
|
||||
#define NTF_PROXY 0x08 /* == ATF_PUBL */
|
||||
#define NTF_ROUTER 0x80
|
||||
|
||||
/*
|
||||
* Neighbor Cache Entry States.
|
||||
*/
|
||||
|
||||
#define NUD_INCOMPLETE 0x01
|
||||
#define NUD_REACHABLE 0x02
|
||||
#define NUD_STALE 0x04
|
||||
#define NUD_DELAY 0x08
|
||||
#define NUD_PROBE 0x10
|
||||
#define NUD_FAILED 0x20
|
||||
|
||||
/* Dummy states */
|
||||
#define NUD_NOARP 0x40
|
||||
#define NUD_PERMANENT 0x80
|
||||
#define NUD_NONE 0x00
|
||||
|
||||
/* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change
|
||||
and make no address resolution or NUD.
|
||||
NUD_PERMANENT is also cannot be deleted by garbage collectors.
|
||||
*/
|
||||
|
||||
struct nda_cacheinfo
|
||||
{
|
||||
__u32 ndm_confirmed;
|
||||
__u32 ndm_used;
|
||||
__u32 ndm_updated;
|
||||
__u32 ndm_refcnt;
|
||||
};
|
||||
|
||||
/*****************************************************************
|
||||
* Neighbour tables specific messages.
|
||||
*
|
||||
* To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
|
||||
* NLM_F_DUMP flag set. Every neighbour table configuration is
|
||||
* spread over multiple messages to avoid running into message
|
||||
* size limits on systems with many interfaces. The first message
|
||||
* in the sequence transports all not device specific data such as
|
||||
* statistics, configuration, and the default parameter set.
|
||||
* This message is followed by 0..n messages carrying device
|
||||
* specific parameter sets.
|
||||
* Although the ordering should be sufficient, NDTA_NAME can be
|
||||
* used to identify sequences. The initial message can be identified
|
||||
* by checking for NDTA_CONFIG. The device specific messages do
|
||||
* not contain this TLV but have NDTPA_IFINDEX set to the
|
||||
* corresponding interface index.
|
||||
*
|
||||
* To change neighbour table attributes, send RTM_SETNEIGHTBL
|
||||
* with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
|
||||
* NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
|
||||
* otherwise. Device specific parameter sets can be changed by
|
||||
* setting NDTPA_IFINDEX to the interface index of the corresponding
|
||||
* device.
|
||||
****/
|
||||
|
||||
struct ndt_stats
|
||||
{
|
||||
__u64 ndts_allocs;
|
||||
__u64 ndts_destroys;
|
||||
__u64 ndts_hash_grows;
|
||||
__u64 ndts_res_failed;
|
||||
__u64 ndts_lookups;
|
||||
__u64 ndts_hits;
|
||||
__u64 ndts_rcv_probes_mcast;
|
||||
__u64 ndts_rcv_probes_ucast;
|
||||
__u64 ndts_periodic_gc_runs;
|
||||
__u64 ndts_forced_gc_runs;
|
||||
};
|
||||
|
||||
enum {
|
||||
NDTPA_UNSPEC,
|
||||
NDTPA_IFINDEX, /* u32, unchangeable */
|
||||
NDTPA_REFCNT, /* u32, read-only */
|
||||
NDTPA_REACHABLE_TIME, /* u64, read-only, msecs */
|
||||
NDTPA_BASE_REACHABLE_TIME, /* u64, msecs */
|
||||
NDTPA_RETRANS_TIME, /* u64, msecs */
|
||||
NDTPA_GC_STALETIME, /* u64, msecs */
|
||||
NDTPA_DELAY_PROBE_TIME, /* u64, msecs */
|
||||
NDTPA_QUEUE_LEN, /* u32 */
|
||||
NDTPA_APP_PROBES, /* u32 */
|
||||
NDTPA_UCAST_PROBES, /* u32 */
|
||||
NDTPA_MCAST_PROBES, /* u32 */
|
||||
NDTPA_ANYCAST_DELAY, /* u64, msecs */
|
||||
NDTPA_PROXY_DELAY, /* u64, msecs */
|
||||
NDTPA_PROXY_QLEN, /* u32 */
|
||||
NDTPA_LOCKTIME, /* u64, msecs */
|
||||
__NDTPA_MAX
|
||||
};
|
||||
#define NDTPA_MAX (__NDTPA_MAX - 1)
|
||||
|
||||
struct ndtmsg
|
||||
{
|
||||
__u8 ndtm_family;
|
||||
__u8 ndtm_pad1;
|
||||
__u16 ndtm_pad2;
|
||||
};
|
||||
|
||||
struct ndt_config
|
||||
{
|
||||
__u16 ndtc_key_len;
|
||||
__u16 ndtc_entry_size;
|
||||
__u32 ndtc_entries;
|
||||
__u32 ndtc_last_flush; /* delta to now in msecs */
|
||||
__u32 ndtc_last_rand; /* delta to now in msecs */
|
||||
__u32 ndtc_hash_rnd;
|
||||
__u32 ndtc_hash_mask;
|
||||
__u32 ndtc_hash_chain_gc;
|
||||
__u32 ndtc_proxy_qlen;
|
||||
};
|
||||
|
||||
enum {
|
||||
NDTA_UNSPEC,
|
||||
NDTA_NAME, /* char *, unchangeable */
|
||||
NDTA_THRESH1, /* u32 */
|
||||
NDTA_THRESH2, /* u32 */
|
||||
NDTA_THRESH3, /* u32 */
|
||||
NDTA_CONFIG, /* struct ndt_config, read-only */
|
||||
NDTA_PARMS, /* nested TLV NDTPA_* */
|
||||
NDTA_STATS, /* struct ndt_stats, read-only */
|
||||
NDTA_GC_INTERVAL, /* u64, msecs */
|
||||
__NDTA_MAX
|
||||
};
|
||||
#define NDTA_MAX (__NDTA_MAX - 1)
|
||||
|
||||
#endif
|
@ -169,11 +169,6 @@ struct proto_ops {
|
||||
struct net_proto_family {
|
||||
int family;
|
||||
int (*create)(struct socket *sock, int protocol);
|
||||
/* These are counters for the number of different methods of
|
||||
each we support */
|
||||
short authentication;
|
||||
short encryption;
|
||||
short encrypt_net;
|
||||
struct module *owner;
|
||||
};
|
||||
|
||||
@ -181,8 +176,8 @@ struct iovec;
|
||||
struct kvec;
|
||||
|
||||
extern int sock_wake_async(struct socket *sk, int how, int band);
|
||||
extern int sock_register(struct net_proto_family *fam);
|
||||
extern int sock_unregister(int family);
|
||||
extern int sock_register(const struct net_proto_family *fam);
|
||||
extern void sock_unregister(int family);
|
||||
extern int sock_create(int family, int type, int proto,
|
||||
struct socket **res);
|
||||
extern int sock_create_kern(int family, int type, int proto,
|
||||
@ -208,6 +203,25 @@ extern int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
|
||||
struct kvec *vec, size_t num,
|
||||
size_t len, int flags);
|
||||
|
||||
extern int kernel_bind(struct socket *sock, struct sockaddr *addr,
|
||||
int addrlen);
|
||||
extern int kernel_listen(struct socket *sock, int backlog);
|
||||
extern int kernel_accept(struct socket *sock, struct socket **newsock,
|
||||
int flags);
|
||||
extern int kernel_connect(struct socket *sock, struct sockaddr *addr,
|
||||
int addrlen, int flags);
|
||||
extern int kernel_getsockname(struct socket *sock, struct sockaddr *addr,
|
||||
int *addrlen);
|
||||
extern int kernel_getpeername(struct socket *sock, struct sockaddr *addr,
|
||||
int *addrlen);
|
||||
extern int kernel_getsockopt(struct socket *sock, int level, int optname,
|
||||
char *optval, int *optlen);
|
||||
extern int kernel_setsockopt(struct socket *sock, int level, int optname,
|
||||
char *optval, int optlen);
|
||||
extern int kernel_sendpage(struct socket *sock, struct page *page, int offset,
|
||||
size_t size, int flags);
|
||||
extern int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg);
|
||||
|
||||
#ifndef CONFIG_SMP
|
||||
#define SOCKOPS_WRAPPED(name) name
|
||||
#define SOCKOPS_WRAP(name, fam)
|
||||
|
@ -976,7 +976,7 @@ extern void dev_mcast_init(void);
|
||||
extern int netdev_max_backlog;
|
||||
extern int weight_p;
|
||||
extern int netdev_set_master(struct net_device *dev, struct net_device *master);
|
||||
extern int skb_checksum_help(struct sk_buff *skb, int inward);
|
||||
extern int skb_checksum_help(struct sk_buff *skb);
|
||||
extern struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features);
|
||||
#ifdef CONFIG_BUG
|
||||
extern void netdev_rx_csum_fault(struct net_device *dev);
|
||||
@ -1012,7 +1012,7 @@ static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb)
|
||||
{
|
||||
return skb_is_gso(skb) &&
|
||||
(!skb_gso_ok(skb, dev->features) ||
|
||||
unlikely(skb->ip_summed != CHECKSUM_HW));
|
||||
unlikely(skb->ip_summed != CHECKSUM_PARTIAL));
|
||||
}
|
||||
|
||||
/* On bonding slaves other than the currently active slave, suppress
|
||||
|
@ -282,6 +282,12 @@ extern void nf_invalidate_cache(int pf);
|
||||
Returns true or false. */
|
||||
extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len);
|
||||
|
||||
extern u_int16_t nf_csum_update(u_int32_t oldval, u_int32_t newval,
|
||||
u_int32_t csum);
|
||||
extern u_int16_t nf_proto_csum_update(struct sk_buff *skb,
|
||||
u_int32_t oldval, u_int32_t newval,
|
||||
u_int16_t csum, int pseudohdr);
|
||||
|
||||
struct nf_afinfo {
|
||||
unsigned short family;
|
||||
unsigned int (*checksum)(struct sk_buff *skb, unsigned int hook,
|
||||
|
@ -125,6 +125,10 @@ enum ip_conntrack_events
|
||||
/* Counter highest bit has been set */
|
||||
IPCT_COUNTER_FILLING_BIT = 11,
|
||||
IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
|
||||
|
||||
/* Mark is set */
|
||||
IPCT_MARK_BIT = 12,
|
||||
IPCT_MARK = (1 << IPCT_MARK_BIT),
|
||||
};
|
||||
|
||||
enum ip_conntrack_expect_events {
|
||||
|
@ -49,6 +49,7 @@ struct ip_ct_tcp
|
||||
u_int32_t last_seq; /* Last sequence number seen in dir */
|
||||
u_int32_t last_ack; /* Last sequence number seen in opposite dir */
|
||||
u_int32_t last_end; /* Last seq + len */
|
||||
u_int16_t last_win; /* Last window advertisement seen in dir */
|
||||
};
|
||||
|
||||
#endif /* __KERNEL__ */
|
||||
|
@ -43,7 +43,7 @@ struct nfattr
|
||||
u_int16_t nfa_len;
|
||||
u_int16_t nfa_type; /* we use 15 bits for the type, and the highest
|
||||
* bit to indicate whether the payload is nested */
|
||||
} __attribute__ ((packed));
|
||||
};
|
||||
|
||||
/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
|
||||
* rtnetlink.h, it's time to put this in a generic file */
|
||||
@ -79,7 +79,7 @@ struct nfgenmsg {
|
||||
u_int8_t nfgen_family; /* AF_xxx */
|
||||
u_int8_t version; /* nfnetlink version */
|
||||
u_int16_t res_id; /* resource id */
|
||||
} __attribute__ ((packed));
|
||||
};
|
||||
|
||||
#define NFNETLINK_V0 0
|
||||
|
||||
|
@ -19,18 +19,18 @@ struct nfulnl_msg_packet_hdr {
|
||||
u_int16_t hw_protocol; /* hw protocol (network order) */
|
||||
u_int8_t hook; /* netfilter hook */
|
||||
u_int8_t _pad;
|
||||
} __attribute__ ((packed));
|
||||
};
|
||||
|
||||
struct nfulnl_msg_packet_hw {
|
||||
u_int16_t hw_addrlen;
|
||||
u_int16_t _pad;
|
||||
u_int8_t hw_addr[8];
|
||||
} __attribute__ ((packed));
|
||||
};
|
||||
|
||||
struct nfulnl_msg_packet_timestamp {
|
||||
aligned_u64 sec;
|
||||
aligned_u64 usec;
|
||||
} __attribute__ ((packed));
|
||||
};
|
||||
|
||||
#define NFULNL_PREFIXLEN 30 /* just like old log target */
|
||||
|
||||
|
@ -22,12 +22,12 @@ struct nfqnl_msg_packet_hw {
|
||||
u_int16_t hw_addrlen;
|
||||
u_int16_t _pad;
|
||||
u_int8_t hw_addr[8];
|
||||
} __attribute__ ((packed));
|
||||
};
|
||||
|
||||
struct nfqnl_msg_packet_timestamp {
|
||||
aligned_u64 sec;
|
||||
aligned_u64 usec;
|
||||
} __attribute__ ((packed));
|
||||
};
|
||||
|
||||
enum nfqnl_attr_type {
|
||||
NFQA_UNSPEC,
|
||||
@ -49,7 +49,7 @@ enum nfqnl_attr_type {
|
||||
struct nfqnl_msg_verdict_hdr {
|
||||
u_int32_t verdict;
|
||||
u_int32_t id;
|
||||
} __attribute__ ((packed));
|
||||
};
|
||||
|
||||
|
||||
enum nfqnl_msg_config_cmds {
|
||||
@ -64,7 +64,7 @@ struct nfqnl_msg_config_cmd {
|
||||
u_int8_t command; /* nfqnl_msg_config_cmds */
|
||||
u_int8_t _pad;
|
||||
u_int16_t pf; /* AF_xxx for PF_[UN]BIND */
|
||||
} __attribute__ ((packed));
|
||||
};
|
||||
|
||||
enum nfqnl_config_mode {
|
||||
NFQNL_COPY_NONE,
|
||||
|
@ -138,16 +138,6 @@ struct xt_counters_info
|
||||
|
||||
#include <linux/netdevice.h>
|
||||
|
||||
#define ASSERT_READ_LOCK(x)
|
||||
#define ASSERT_WRITE_LOCK(x)
|
||||
#include <linux/netfilter_ipv4/listhelp.h>
|
||||
|
||||
#ifdef CONFIG_COMPAT
|
||||
#define COMPAT_TO_USER 1
|
||||
#define COMPAT_FROM_USER -1
|
||||
#define COMPAT_CALC_SIZE 0
|
||||
#endif
|
||||
|
||||
struct xt_match
|
||||
{
|
||||
struct list_head list;
|
||||
@ -174,21 +164,24 @@ struct xt_match
|
||||
const void *ip,
|
||||
const struct xt_match *match,
|
||||
void *matchinfo,
|
||||
unsigned int matchinfosize,
|
||||
unsigned int hook_mask);
|
||||
|
||||
/* Called when entry of this type deleted. */
|
||||
void (*destroy)(const struct xt_match *match, void *matchinfo,
|
||||
unsigned int matchinfosize);
|
||||
void (*destroy)(const struct xt_match *match, void *matchinfo);
|
||||
|
||||
/* Called when userspace align differs from kernel space one */
|
||||
int (*compat)(void *match, void **dstptr, int *size, int convert);
|
||||
void (*compat_from_user)(void *dst, void *src);
|
||||
int (*compat_to_user)(void __user *dst, void *src);
|
||||
|
||||
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
|
||||
struct module *me;
|
||||
|
||||
/* Free to use by each match */
|
||||
unsigned long data;
|
||||
|
||||
char *table;
|
||||
unsigned int matchsize;
|
||||
unsigned int compatsize;
|
||||
unsigned int hooks;
|
||||
unsigned short proto;
|
||||
|
||||
@ -211,8 +204,7 @@ struct xt_target
|
||||
const struct net_device *out,
|
||||
unsigned int hooknum,
|
||||
const struct xt_target *target,
|
||||
const void *targinfo,
|
||||
void *userdata);
|
||||
const void *targinfo);
|
||||
|
||||
/* Called when user tries to insert an entry of this type:
|
||||
hook_mask is a bitmask of hooks from which it can be
|
||||
@ -222,21 +214,21 @@ struct xt_target
|
||||
const void *entry,
|
||||
const struct xt_target *target,
|
||||
void *targinfo,
|
||||
unsigned int targinfosize,
|
||||
unsigned int hook_mask);
|
||||
|
||||
/* Called when entry of this type deleted. */
|
||||
void (*destroy)(const struct xt_target *target, void *targinfo,
|
||||
unsigned int targinfosize);
|
||||
void (*destroy)(const struct xt_target *target, void *targinfo);
|
||||
|
||||
/* Called when userspace align differs from kernel space one */
|
||||
int (*compat)(void *target, void **dstptr, int *size, int convert);
|
||||
void (*compat_from_user)(void *dst, void *src);
|
||||
int (*compat_to_user)(void __user *dst, void *src);
|
||||
|
||||
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
|
||||
struct module *me;
|
||||
|
||||
char *table;
|
||||
unsigned int targetsize;
|
||||
unsigned int compatsize;
|
||||
unsigned int hooks;
|
||||
unsigned short proto;
|
||||
|
||||
@ -290,8 +282,13 @@ struct xt_table_info
|
||||
|
||||
extern int xt_register_target(struct xt_target *target);
|
||||
extern void xt_unregister_target(struct xt_target *target);
|
||||
extern int xt_register_targets(struct xt_target *target, unsigned int n);
|
||||
extern void xt_unregister_targets(struct xt_target *target, unsigned int n);
|
||||
|
||||
extern int xt_register_match(struct xt_match *target);
|
||||
extern void xt_unregister_match(struct xt_match *target);
|
||||
extern int xt_register_matches(struct xt_match *match, unsigned int n);
|
||||
extern void xt_unregister_matches(struct xt_match *match, unsigned int n);
|
||||
|
||||
extern int xt_check_match(const struct xt_match *match, unsigned short family,
|
||||
unsigned int size, const char *table, unsigned int hook,
|
||||
@ -388,9 +385,18 @@ struct compat_xt_counters_info
|
||||
|
||||
extern void xt_compat_lock(int af);
|
||||
extern void xt_compat_unlock(int af);
|
||||
extern int xt_compat_match(void *match, void **dstptr, int *size, int convert);
|
||||
extern int xt_compat_target(void *target, void **dstptr, int *size,
|
||||
int convert);
|
||||
|
||||
extern int xt_compat_match_offset(struct xt_match *match);
|
||||
extern void xt_compat_match_from_user(struct xt_entry_match *m,
|
||||
void **dstptr, int *size);
|
||||
extern int xt_compat_match_to_user(struct xt_entry_match *m,
|
||||
void * __user *dstptr, int *size);
|
||||
|
||||
extern int xt_compat_target_offset(struct xt_target *target);
|
||||
extern void xt_compat_target_from_user(struct xt_entry_target *t,
|
||||
void **dstptr, int *size);
|
||||
extern int xt_compat_target_to_user(struct xt_entry_target *t,
|
||||
void * __user *dstptr, int *size);
|
||||
|
||||
#endif /* CONFIG_COMPAT */
|
||||
#endif /* __KERNEL__ */
|
||||
|
20
include/linux/netfilter/xt_DSCP.h
Normal file
20
include/linux/netfilter/xt_DSCP.h
Normal file
@ -0,0 +1,20 @@
|
||||
/* x_tables module for setting the IPv4/IPv6 DSCP field
|
||||
*
|
||||
* (C) 2002 Harald Welte <laforge@gnumonks.org>
|
||||
* based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
|
||||
* This software is distributed under GNU GPL v2, 1991
|
||||
*
|
||||
* See RFC2474 for a description of the DSCP field within the IP Header.
|
||||
*
|
||||
* xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp
|
||||
*/
|
||||
#ifndef _XT_DSCP_TARGET_H
|
||||
#define _XT_DSCP_TARGET_H
|
||||
#include <linux/netfilter/xt_dscp.h>
|
||||
|
||||
/* target info */
|
||||
struct xt_DSCP_info {
|
||||
u_int8_t dscp;
|
||||
};
|
||||
|
||||
#endif /* _XT_DSCP_TARGET_H */
|
23
include/linux/netfilter/xt_dscp.h
Normal file
23
include/linux/netfilter/xt_dscp.h
Normal file
@ -0,0 +1,23 @@
|
||||
/* x_tables module for matching the IPv4/IPv6 DSCP field
|
||||
*
|
||||
* (C) 2002 Harald Welte <laforge@gnumonks.org>
|
||||
* This software is distributed under GNU GPL v2, 1991
|
||||
*
|
||||
* See RFC2474 for a description of the DSCP field within the IP Header.
|
||||
*
|
||||
* xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp
|
||||
*/
|
||||
#ifndef _XT_DSCP_H
|
||||
#define _XT_DSCP_H
|
||||
|
||||
#define XT_DSCP_MASK 0xfc /* 11111100 */
|
||||
#define XT_DSCP_SHIFT 2
|
||||
#define XT_DSCP_MAX 0x3f /* 00111111 */
|
||||
|
||||
/* match info */
|
||||
struct xt_dscp_info {
|
||||
u_int8_t dscp;
|
||||
u_int8_t invert;
|
||||
};
|
||||
|
||||
#endif /* _XT_DSCP_H */
|
@ -248,8 +248,7 @@ extern unsigned int arpt_do_table(struct sk_buff **pskb,
|
||||
unsigned int hook,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
struct arpt_table *table,
|
||||
void *userdata);
|
||||
struct arpt_table *table);
|
||||
|
||||
#define ARPT_ALIGN(s) (((s) + (__alignof__(struct arpt_entry)-1)) & ~(__alignof__(struct arpt_entry)-1))
|
||||
#endif /*__KERNEL__*/
|
||||
|
@ -5,9 +5,8 @@
|
||||
*/
|
||||
|
||||
#include <linux/netfilter.h>
|
||||
#if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER)
|
||||
#include <linux/if_ether.h>
|
||||
#endif
|
||||
#include <linux/if_vlan.h>
|
||||
|
||||
/* Bridge Hooks */
|
||||
/* After promisc drops, checksum checks. */
|
||||
@ -47,40 +46,20 @@ enum nf_br_hook_priorities {
|
||||
|
||||
|
||||
/* Only used in br_forward.c */
|
||||
static inline
|
||||
int nf_bridge_maybe_copy_header(struct sk_buff *skb)
|
||||
extern int nf_bridge_copy_header(struct sk_buff *skb);
|
||||
static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb)
|
||||
{
|
||||
int err;
|
||||
|
||||
if (skb->nf_bridge) {
|
||||
if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
|
||||
err = skb_cow(skb, 18);
|
||||
if (err)
|
||||
return err;
|
||||
memcpy(skb->data - 18, skb->nf_bridge->data, 18);
|
||||
skb_push(skb, 4);
|
||||
} else {
|
||||
err = skb_cow(skb, 16);
|
||||
if (err)
|
||||
return err;
|
||||
memcpy(skb->data - 16, skb->nf_bridge->data, 16);
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
if (skb->nf_bridge)
|
||||
return nf_bridge_copy_header(skb);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* This is called by the IP fragmenting code and it ensures there is
|
||||
* enough room for the encapsulating header (if there is one). */
|
||||
static inline
|
||||
int nf_bridge_pad(struct sk_buff *skb)
|
||||
static inline int nf_bridge_pad(const struct sk_buff *skb)
|
||||
{
|
||||
if (skb->protocol == __constant_htons(ETH_P_IP))
|
||||
return 0;
|
||||
if (skb->nf_bridge) {
|
||||
if (skb->protocol == __constant_htons(ETH_P_8021Q))
|
||||
return 4;
|
||||
}
|
||||
return 0;
|
||||
return (skb->nf_bridge && skb->protocol == htons(ETH_P_8021Q))
|
||||
? VLAN_HLEN : 0;
|
||||
}
|
||||
|
||||
struct bridge_skb_cb {
|
||||
@ -90,6 +69,9 @@ struct bridge_skb_cb {
|
||||
};
|
||||
|
||||
extern int brnf_deferred_hooks;
|
||||
#else
|
||||
#define nf_bridge_maybe_copy_header(skb) (0)
|
||||
#define nf_bridge_pad(skb) (0)
|
||||
#endif /* CONFIG_BRIDGE_NETFILTER */
|
||||
|
||||
#endif /* __KERNEL__ */
|
||||
|
@ -25,6 +25,8 @@ struct ip_conntrack_helper
|
||||
struct ip_conntrack *ct,
|
||||
enum ip_conntrack_info conntrackinfo);
|
||||
|
||||
void (*destroy)(struct ip_conntrack *ct);
|
||||
|
||||
int (*to_nfattr)(struct sk_buff *skb, const struct ip_conntrack *ct);
|
||||
};
|
||||
|
||||
|
@ -31,8 +31,8 @@ struct ip_ct_pptp_master {
|
||||
/* everything below is going to be per-expectation in newnat,
|
||||
* since there could be more than one call within one session */
|
||||
enum pptp_ctrlcall_state cstate; /* call state */
|
||||
u_int16_t pac_call_id; /* call id of PAC, host byte order */
|
||||
u_int16_t pns_call_id; /* call id of PNS, host byte order */
|
||||
__be16 pac_call_id; /* call id of PAC, host byte order */
|
||||
__be16 pns_call_id; /* call id of PNS, host byte order */
|
||||
|
||||
/* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack
|
||||
* and therefore imposes a fixed limit on the number of maps */
|
||||
@ -42,8 +42,8 @@ struct ip_ct_pptp_master {
|
||||
/* conntrack_expect private member */
|
||||
struct ip_ct_pptp_expect {
|
||||
enum pptp_ctrlcall_state cstate; /* call state */
|
||||
u_int16_t pac_call_id; /* call id of PAC */
|
||||
u_int16_t pns_call_id; /* call id of PNS */
|
||||
__be16 pac_call_id; /* call id of PAC */
|
||||
__be16 pns_call_id; /* call id of PNS */
|
||||
};
|
||||
|
||||
|
||||
@ -107,8 +107,7 @@ struct PptpControlHeader {
|
||||
|
||||
struct PptpStartSessionRequest {
|
||||
__be16 protocolVersion;
|
||||
__u8 reserved1;
|
||||
__u8 reserved2;
|
||||
__u16 reserved1;
|
||||
__be32 framingCapability;
|
||||
__be32 bearerCapability;
|
||||
__be16 maxChannels;
|
||||
@ -143,6 +142,8 @@ struct PptpStartSessionReply {
|
||||
|
||||
struct PptpStopSessionRequest {
|
||||
__u8 reason;
|
||||
__u8 reserved1;
|
||||
__u16 reserved2;
|
||||
};
|
||||
|
||||
/* PptpStopSessionResultCode */
|
||||
@ -152,6 +153,7 @@ struct PptpStopSessionRequest {
|
||||
struct PptpStopSessionReply {
|
||||
__u8 resultCode;
|
||||
__u8 generalErrorCode;
|
||||
__u16 reserved1;
|
||||
};
|
||||
|
||||
struct PptpEchoRequest {
|
||||
@ -188,9 +190,8 @@ struct PptpOutCallRequest {
|
||||
__be32 framingType;
|
||||
__be16 packetWindow;
|
||||
__be16 packetProcDelay;
|
||||
__u16 reserved1;
|
||||
__be16 phoneNumberLength;
|
||||
__u16 reserved2;
|
||||
__u16 reserved1;
|
||||
__u8 phoneNumber[64];
|
||||
__u8 subAddress[64];
|
||||
};
|
||||
@ -285,19 +286,19 @@ struct PptpSetLinkInfo {
|
||||
};
|
||||
|
||||
union pptp_ctrl_union {
|
||||
struct PptpStartSessionRequest sreq;
|
||||
struct PptpStartSessionReply srep;
|
||||
struct PptpStopSessionRequest streq;
|
||||
struct PptpStopSessionReply strep;
|
||||
struct PptpOutCallRequest ocreq;
|
||||
struct PptpOutCallReply ocack;
|
||||
struct PptpInCallRequest icreq;
|
||||
struct PptpInCallReply icack;
|
||||
struct PptpInCallConnected iccon;
|
||||
struct PptpClearCallRequest clrreq;
|
||||
struct PptpCallDisconnectNotify disc;
|
||||
struct PptpWanErrorNotify wanerr;
|
||||
struct PptpSetLinkInfo setlink;
|
||||
struct PptpStartSessionRequest sreq;
|
||||
struct PptpStartSessionReply srep;
|
||||
struct PptpStopSessionRequest streq;
|
||||
struct PptpStopSessionReply strep;
|
||||
struct PptpOutCallRequest ocreq;
|
||||
struct PptpOutCallReply ocack;
|
||||
struct PptpInCallRequest icreq;
|
||||
struct PptpInCallReply icack;
|
||||
struct PptpInCallConnected iccon;
|
||||
struct PptpClearCallRequest clrreq;
|
||||
struct PptpCallDisconnectNotify disc;
|
||||
struct PptpWanErrorNotify wanerr;
|
||||
struct PptpSetLinkInfo setlink;
|
||||
};
|
||||
|
||||
extern int
|
||||
@ -314,7 +315,7 @@ extern int
|
||||
struct PptpControlHeader *ctlh,
|
||||
union pptp_ctrl_union *pptpReq);
|
||||
|
||||
extern int
|
||||
extern void
|
||||
(*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig,
|
||||
struct ip_conntrack_expect *exp_reply);
|
||||
|
||||
|
@ -49,18 +49,18 @@ struct gre_hdr {
|
||||
#else
|
||||
#error "Adjust your <asm/byteorder.h> defines"
|
||||
#endif
|
||||
__u16 protocol;
|
||||
__be16 protocol;
|
||||
};
|
||||
|
||||
/* modified GRE header for PPTP */
|
||||
struct gre_hdr_pptp {
|
||||
__u8 flags; /* bitfield */
|
||||
__u8 version; /* should be GRE_VERSION_PPTP */
|
||||
__u16 protocol; /* should be GRE_PROTOCOL_PPTP */
|
||||
__u16 payload_len; /* size of ppp payload, not inc. gre header */
|
||||
__u16 call_id; /* peer's call_id for this session */
|
||||
__u32 seq; /* sequence number. Present if S==1 */
|
||||
__u32 ack; /* seq number of highest packet recieved by */
|
||||
__u8 flags; /* bitfield */
|
||||
__u8 version; /* should be GRE_VERSION_PPTP */
|
||||
__be16 protocol; /* should be GRE_PROTOCOL_PPTP */
|
||||
__be16 payload_len; /* size of ppp payload, not inc. gre header */
|
||||
__be16 call_id; /* peer's call_id for this session */
|
||||
__be32 seq; /* sequence number. Present if S==1 */
|
||||
__be32 ack; /* seq number of highest packet recieved by */
|
||||
/* sender in this session */
|
||||
};
|
||||
|
||||
@ -92,13 +92,13 @@ void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct);
|
||||
|
||||
|
||||
/* get pointer to gre key, if present */
|
||||
static inline u_int32_t *gre_key(struct gre_hdr *greh)
|
||||
static inline __be32 *gre_key(struct gre_hdr *greh)
|
||||
{
|
||||
if (!greh->key)
|
||||
return NULL;
|
||||
if (greh->csum || greh->routing)
|
||||
return (u_int32_t *) (greh+sizeof(*greh)+4);
|
||||
return (u_int32_t *) (greh+sizeof(*greh));
|
||||
return (__be32 *) (greh+sizeof(*greh)+4);
|
||||
return (__be32 *) (greh+sizeof(*greh));
|
||||
}
|
||||
|
||||
/* get pointer ot gre csum, if present */
|
||||
|
@ -72,10 +72,6 @@ extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack,
|
||||
extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple,
|
||||
const struct ip_conntrack *ignored_conntrack);
|
||||
|
||||
/* Calculate relative checksum. */
|
||||
extern u_int16_t ip_nat_cheat_check(u_int32_t oldvalinv,
|
||||
u_int32_t newval,
|
||||
u_int16_t oldcheck);
|
||||
#else /* !__KERNEL__: iptables wants this to compile. */
|
||||
#define ip_nat_multi_range ip_nat_multi_range_compat
|
||||
#endif /*__KERNEL__*/
|
||||
|
@ -11,8 +11,8 @@ extern unsigned int ip_nat_packet(struct ip_conntrack *ct,
|
||||
unsigned int hooknum,
|
||||
struct sk_buff **pskb);
|
||||
|
||||
extern int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
|
||||
struct ip_conntrack *ct,
|
||||
enum ip_nat_manip_type manip,
|
||||
enum ip_conntrack_dir dir);
|
||||
extern int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
|
||||
enum ip_conntrack_info ctinfo,
|
||||
unsigned int hooknum,
|
||||
struct sk_buff **pskb);
|
||||
#endif /* _IP_NAT_CORE_H */
|
||||
|
@ -4,8 +4,8 @@
|
||||
|
||||
/* conntrack private data */
|
||||
struct ip_nat_pptp {
|
||||
u_int16_t pns_call_id; /* NAT'ed PNS call id */
|
||||
u_int16_t pac_call_id; /* NAT'ed PAC call id */
|
||||
__be16 pns_call_id; /* NAT'ed PNS call id */
|
||||
__be16 pac_call_id; /* NAT'ed PAC call id */
|
||||
};
|
||||
|
||||
#endif /* _NAT_PPTP_H */
|
||||
|
@ -312,8 +312,7 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb,
|
||||
unsigned int hook,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
struct ipt_table *table,
|
||||
void *userdata);
|
||||
struct ipt_table *table);
|
||||
|
||||
#define IPT_ALIGN(s) XT_ALIGN(s)
|
||||
|
||||
|
@ -11,10 +11,8 @@
|
||||
#ifndef _IPT_DSCP_TARGET_H
|
||||
#define _IPT_DSCP_TARGET_H
|
||||
#include <linux/netfilter_ipv4/ipt_dscp.h>
|
||||
#include <linux/netfilter/xt_DSCP.h>
|
||||
|
||||
/* target info */
|
||||
struct ipt_DSCP_info {
|
||||
u_int8_t dscp;
|
||||
};
|
||||
#define ipt_DSCP_info xt_DSCP_info
|
||||
|
||||
#endif /* _IPT_DSCP_TARGET_H */
|
||||
|
@ -10,14 +10,12 @@
|
||||
#ifndef _IPT_DSCP_H
|
||||
#define _IPT_DSCP_H
|
||||
|
||||
#define IPT_DSCP_MASK 0xfc /* 11111100 */
|
||||
#define IPT_DSCP_SHIFT 2
|
||||
#define IPT_DSCP_MAX 0x3f /* 00111111 */
|
||||
#include <linux/netfilter/xt_dscp.h>
|
||||
|
||||
/* match info */
|
||||
struct ipt_dscp_info {
|
||||
u_int8_t dscp;
|
||||
u_int8_t invert;
|
||||
};
|
||||
#define IPT_DSCP_MASK XT_DSCP_MASK
|
||||
#define IPT_DSCP_SHIFT XT_DSCP_SHIFT
|
||||
#define IPT_DSCP_MAX XT_DSCP_MAX
|
||||
|
||||
#define ipt_dscp_info xt_dscp_info
|
||||
|
||||
#endif /* _IPT_DSCP_H */
|
||||
|
@ -1,123 +0,0 @@
|
||||
#ifndef _LISTHELP_H
|
||||
#define _LISTHELP_H
|
||||
#include <linux/list.h>
|
||||
|
||||
/* Header to do more comprehensive job than linux/list.h; assume list
|
||||
is first entry in structure. */
|
||||
|
||||
/* Return pointer to first true entry, if any, or NULL. A macro
|
||||
required to allow inlining of cmpfn. */
|
||||
#define LIST_FIND(head, cmpfn, type, args...) \
|
||||
({ \
|
||||
const struct list_head *__i, *__j = NULL; \
|
||||
\
|
||||
ASSERT_READ_LOCK(head); \
|
||||
list_for_each(__i, (head)) \
|
||||
if (cmpfn((const type)__i , ## args)) { \
|
||||
__j = __i; \
|
||||
break; \
|
||||
} \
|
||||
(type)__j; \
|
||||
})
|
||||
|
||||
#define LIST_FIND_W(head, cmpfn, type, args...) \
|
||||
({ \
|
||||
const struct list_head *__i, *__j = NULL; \
|
||||
\
|
||||
ASSERT_WRITE_LOCK(head); \
|
||||
list_for_each(__i, (head)) \
|
||||
if (cmpfn((type)__i , ## args)) { \
|
||||
__j = __i; \
|
||||
break; \
|
||||
} \
|
||||
(type)__j; \
|
||||
})
|
||||
|
||||
/* Just like LIST_FIND but we search backwards */
|
||||
#define LIST_FIND_B(head, cmpfn, type, args...) \
|
||||
({ \
|
||||
const struct list_head *__i, *__j = NULL; \
|
||||
\
|
||||
ASSERT_READ_LOCK(head); \
|
||||
list_for_each_prev(__i, (head)) \
|
||||
if (cmpfn((const type)__i , ## args)) { \
|
||||
__j = __i; \
|
||||
break; \
|
||||
} \
|
||||
(type)__j; \
|
||||
})
|
||||
|
||||
static inline int
|
||||
__list_cmp_same(const void *p1, const void *p2) { return p1 == p2; }
|
||||
|
||||
/* Is this entry in the list? */
|
||||
static inline int
|
||||
list_inlist(struct list_head *head, const void *entry)
|
||||
{
|
||||
return LIST_FIND(head, __list_cmp_same, void *, entry) != NULL;
|
||||
}
|
||||
|
||||
/* Delete from list. */
|
||||
#ifdef CONFIG_NETFILTER_DEBUG
|
||||
#define LIST_DELETE(head, oldentry) \
|
||||
do { \
|
||||
ASSERT_WRITE_LOCK(head); \
|
||||
if (!list_inlist(head, oldentry)) \
|
||||
printk("LIST_DELETE: %s:%u `%s'(%p) not in %s.\n", \
|
||||
__FILE__, __LINE__, #oldentry, oldentry, #head); \
|
||||
else list_del((struct list_head *)oldentry); \
|
||||
} while(0)
|
||||
#else
|
||||
#define LIST_DELETE(head, oldentry) list_del((struct list_head *)oldentry)
|
||||
#endif
|
||||
|
||||
/* Append. */
|
||||
static inline void
|
||||
list_append(struct list_head *head, void *new)
|
||||
{
|
||||
ASSERT_WRITE_LOCK(head);
|
||||
list_add((new), (head)->prev);
|
||||
}
|
||||
|
||||
/* Prepend. */
|
||||
static inline void
|
||||
list_prepend(struct list_head *head, void *new)
|
||||
{
|
||||
ASSERT_WRITE_LOCK(head);
|
||||
list_add(new, head);
|
||||
}
|
||||
|
||||
/* Insert according to ordering function; insert before first true. */
|
||||
#define LIST_INSERT(head, new, cmpfn) \
|
||||
do { \
|
||||
struct list_head *__i; \
|
||||
ASSERT_WRITE_LOCK(head); \
|
||||
list_for_each(__i, (head)) \
|
||||
if ((new), (typeof (new))__i) \
|
||||
break; \
|
||||
list_add((struct list_head *)(new), __i->prev); \
|
||||
} while(0)
|
||||
|
||||
/* If the field after the list_head is a nul-terminated string, you
|
||||
can use these functions. */
|
||||
static inline int __list_cmp_name(const void *i, const char *name)
|
||||
{
|
||||
return strcmp(name, i+sizeof(struct list_head)) == 0;
|
||||
}
|
||||
|
||||
/* Returns false if same name already in list, otherwise does insert. */
|
||||
static inline int
|
||||
list_named_insert(struct list_head *head, void *new)
|
||||
{
|
||||
if (LIST_FIND(head, __list_cmp_name, void *,
|
||||
new + sizeof(struct list_head)))
|
||||
return 0;
|
||||
list_prepend(head, new);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Find this named element in the list. */
|
||||
#define list_named_find(head, name) \
|
||||
LIST_FIND(head, __list_cmp_name, void *, name)
|
||||
|
||||
#endif /*_LISTHELP_H*/
|
@ -73,6 +73,7 @@ enum nf_ip6_hook_priorities {
|
||||
};
|
||||
|
||||
#ifdef CONFIG_NETFILTER
|
||||
extern int ip6_route_me_harder(struct sk_buff *skb);
|
||||
extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
|
||||
unsigned int dataoff, u_int8_t protocol);
|
||||
|
||||
|
@ -300,8 +300,7 @@ extern unsigned int ip6t_do_table(struct sk_buff **pskb,
|
||||
unsigned int hook,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
struct ip6t_table *table,
|
||||
void *userdata);
|
||||
struct ip6t_table *table);
|
||||
|
||||
/* Check for an extension */
|
||||
extern int ip6t_ext_hdr(u8 nexthdr);
|
||||
|
@ -1,33 +0,0 @@
|
||||
/* Internal logging interface, which relies on the real
|
||||
LOG target modules */
|
||||
#ifndef __LINUX_NETFILTER_LOGGING_H
|
||||
#define __LINUX_NETFILTER_LOGGING_H
|
||||
|
||||
#ifdef __KERNEL__
|
||||
#include <asm/atomic.h>
|
||||
|
||||
struct nf_logging_t {
|
||||
void (*nf_log_packet)(struct sk_buff **pskb,
|
||||
unsigned int hooknum,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
const char *prefix);
|
||||
void (*nf_log)(char *pfh, size_t len,
|
||||
const char *prefix);
|
||||
};
|
||||
|
||||
extern void nf_log_register(int pf, const struct nf_logging_t *logging);
|
||||
extern void nf_log_unregister(int pf, const struct nf_logging_t *logging);
|
||||
|
||||
extern void nf_log_packet(int pf,
|
||||
struct sk_buff **pskb,
|
||||
unsigned int hooknum,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
const char *fmt, ...);
|
||||
extern void nf_log(int pf,
|
||||
char *pfh, size_t len,
|
||||
const char *fmt, ...);
|
||||
#endif /*__KERNEL__*/
|
||||
|
||||
#endif /*__LINUX_NETFILTER_LOGGING_H*/
|
@ -305,6 +305,7 @@ enum
|
||||
TCA_FW_POLICE,
|
||||
TCA_FW_INDEV, /* used by CONFIG_NET_CLS_IND */
|
||||
TCA_FW_ACT, /* used by CONFIG_NET_CLS_ACT */
|
||||
TCA_FW_MASK,
|
||||
__TCA_FW_MAX
|
||||
};
|
||||
|
||||
|
@ -2,6 +2,7 @@
|
||||
#define __LINUX_RTNETLINK_H
|
||||
|
||||
#include <linux/netlink.h>
|
||||
#include <linux/if.h>
|
||||
|
||||
/****
|
||||
* Routing/neighbour discovery messages.
|
||||
@ -238,10 +239,8 @@ enum rt_class_t
|
||||
RT_TABLE_DEFAULT=253,
|
||||
RT_TABLE_MAIN=254,
|
||||
RT_TABLE_LOCAL=255,
|
||||
__RT_TABLE_MAX
|
||||
RT_TABLE_MAX=0xFFFFFFFF
|
||||
};
|
||||
#define RT_TABLE_MAX (__RT_TABLE_MAX - 1)
|
||||
|
||||
|
||||
|
||||
/* Routing message attributes */
|
||||
@ -263,6 +262,7 @@ enum rtattr_type_t
|
||||
RTA_CACHEINFO,
|
||||
RTA_SESSION,
|
||||
RTA_MP_ALGO,
|
||||
RTA_TABLE,
|
||||
__RTA_MAX
|
||||
};
|
||||
|
||||
@ -383,226 +383,6 @@ struct rta_session
|
||||
} u;
|
||||
};
|
||||
|
||||
|
||||
/*********************************************************
|
||||
* Interface address.
|
||||
****/
|
||||
|
||||
struct ifaddrmsg
|
||||
{
|
||||
unsigned char ifa_family;
|
||||
unsigned char ifa_prefixlen; /* The prefix length */
|
||||
unsigned char ifa_flags; /* Flags */
|
||||
unsigned char ifa_scope; /* See above */
|
||||
int ifa_index; /* Link index */
|
||||
};
|
||||
|
||||
enum
|
||||
{
|
||||
IFA_UNSPEC,
|
||||
IFA_ADDRESS,
|
||||
IFA_LOCAL,
|
||||
IFA_LABEL,
|
||||
IFA_BROADCAST,
|
||||
IFA_ANYCAST,
|
||||
IFA_CACHEINFO,
|
||||
IFA_MULTICAST,
|
||||
__IFA_MAX
|
||||
};
|
||||
|
||||
#define IFA_MAX (__IFA_MAX - 1)
|
||||
|
||||
/* ifa_flags */
|
||||
|
||||
#define IFA_F_SECONDARY 0x01
|
||||
#define IFA_F_TEMPORARY IFA_F_SECONDARY
|
||||
|
||||
#define IFA_F_DEPRECATED 0x20
|
||||
#define IFA_F_TENTATIVE 0x40
|
||||
#define IFA_F_PERMANENT 0x80
|
||||
|
||||
struct ifa_cacheinfo
|
||||
{
|
||||
__u32 ifa_prefered;
|
||||
__u32 ifa_valid;
|
||||
__u32 cstamp; /* created timestamp, hundredths of seconds */
|
||||
__u32 tstamp; /* updated timestamp, hundredths of seconds */
|
||||
};
|
||||
|
||||
|
||||
#define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
|
||||
#define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
|
||||
|
||||
/*
|
||||
Important comment:
|
||||
IFA_ADDRESS is prefix address, rather than local interface address.
|
||||
It makes no difference for normally configured broadcast interfaces,
|
||||
but for point-to-point IFA_ADDRESS is DESTINATION address,
|
||||
local address is supplied in IFA_LOCAL attribute.
|
||||
*/
|
||||
|
||||
/**************************************************************
|
||||
* Neighbour discovery.
|
||||
****/
|
||||
|
||||
struct ndmsg
|
||||
{
|
||||
unsigned char ndm_family;
|
||||
unsigned char ndm_pad1;
|
||||
unsigned short ndm_pad2;
|
||||
int ndm_ifindex; /* Link index */
|
||||
__u16 ndm_state;
|
||||
__u8 ndm_flags;
|
||||
__u8 ndm_type;
|
||||
};
|
||||
|
||||
enum
|
||||
{
|
||||
NDA_UNSPEC,
|
||||
NDA_DST,
|
||||
NDA_LLADDR,
|
||||
NDA_CACHEINFO,
|
||||
NDA_PROBES,
|
||||
__NDA_MAX
|
||||
};
|
||||
|
||||
#define NDA_MAX (__NDA_MAX - 1)
|
||||
|
||||
#define NDA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndmsg))))
|
||||
#define NDA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndmsg))
|
||||
|
||||
/*
|
||||
* Neighbor Cache Entry Flags
|
||||
*/
|
||||
|
||||
#define NTF_PROXY 0x08 /* == ATF_PUBL */
|
||||
#define NTF_ROUTER 0x80
|
||||
|
||||
/*
|
||||
* Neighbor Cache Entry States.
|
||||
*/
|
||||
|
||||
#define NUD_INCOMPLETE 0x01
|
||||
#define NUD_REACHABLE 0x02
|
||||
#define NUD_STALE 0x04
|
||||
#define NUD_DELAY 0x08
|
||||
#define NUD_PROBE 0x10
|
||||
#define NUD_FAILED 0x20
|
||||
|
||||
/* Dummy states */
|
||||
#define NUD_NOARP 0x40
|
||||
#define NUD_PERMANENT 0x80
|
||||
#define NUD_NONE 0x00
|
||||
|
||||
|
||||
struct nda_cacheinfo
|
||||
{
|
||||
__u32 ndm_confirmed;
|
||||
__u32 ndm_used;
|
||||
__u32 ndm_updated;
|
||||
__u32 ndm_refcnt;
|
||||
};
|
||||
|
||||
|
||||
/*****************************************************************
|
||||
* Neighbour tables specific messages.
|
||||
*
|
||||
* To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
|
||||
* NLM_F_DUMP flag set. Every neighbour table configuration is
|
||||
* spread over multiple messages to avoid running into message
|
||||
* size limits on systems with many interfaces. The first message
|
||||
* in the sequence transports all not device specific data such as
|
||||
* statistics, configuration, and the default parameter set.
|
||||
* This message is followed by 0..n messages carrying device
|
||||
* specific parameter sets.
|
||||
* Although the ordering should be sufficient, NDTA_NAME can be
|
||||
* used to identify sequences. The initial message can be identified
|
||||
* by checking for NDTA_CONFIG. The device specific messages do
|
||||
* not contain this TLV but have NDTPA_IFINDEX set to the
|
||||
* corresponding interface index.
|
||||
*
|
||||
* To change neighbour table attributes, send RTM_SETNEIGHTBL
|
||||
* with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
|
||||
* NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
|
||||
* otherwise. Device specific parameter sets can be changed by
|
||||
* setting NDTPA_IFINDEX to the interface index of the corresponding
|
||||
* device.
|
||||
****/
|
||||
|
||||
struct ndt_stats
|
||||
{
|
||||
__u64 ndts_allocs;
|
||||
__u64 ndts_destroys;
|
||||
__u64 ndts_hash_grows;
|
||||
__u64 ndts_res_failed;
|
||||
__u64 ndts_lookups;
|
||||
__u64 ndts_hits;
|
||||
__u64 ndts_rcv_probes_mcast;
|
||||
__u64 ndts_rcv_probes_ucast;
|
||||
__u64 ndts_periodic_gc_runs;
|
||||
__u64 ndts_forced_gc_runs;
|
||||
};
|
||||
|
||||
enum {
|
||||
NDTPA_UNSPEC,
|
||||
NDTPA_IFINDEX, /* u32, unchangeable */
|
||||
NDTPA_REFCNT, /* u32, read-only */
|
||||
NDTPA_REACHABLE_TIME, /* u64, read-only, msecs */
|
||||
NDTPA_BASE_REACHABLE_TIME, /* u64, msecs */
|
||||
NDTPA_RETRANS_TIME, /* u64, msecs */
|
||||
NDTPA_GC_STALETIME, /* u64, msecs */
|
||||
NDTPA_DELAY_PROBE_TIME, /* u64, msecs */
|
||||
NDTPA_QUEUE_LEN, /* u32 */
|
||||
NDTPA_APP_PROBES, /* u32 */
|
||||
NDTPA_UCAST_PROBES, /* u32 */
|
||||
NDTPA_MCAST_PROBES, /* u32 */
|
||||
NDTPA_ANYCAST_DELAY, /* u64, msecs */
|
||||
NDTPA_PROXY_DELAY, /* u64, msecs */
|
||||
NDTPA_PROXY_QLEN, /* u32 */
|
||||
NDTPA_LOCKTIME, /* u64, msecs */
|
||||
__NDTPA_MAX
|
||||
};
|
||||
#define NDTPA_MAX (__NDTPA_MAX - 1)
|
||||
|
||||
struct ndtmsg
|
||||
{
|
||||
__u8 ndtm_family;
|
||||
__u8 ndtm_pad1;
|
||||
__u16 ndtm_pad2;
|
||||
};
|
||||
|
||||
struct ndt_config
|
||||
{
|
||||
__u16 ndtc_key_len;
|
||||
__u16 ndtc_entry_size;
|
||||
__u32 ndtc_entries;
|
||||
__u32 ndtc_last_flush; /* delta to now in msecs */
|
||||
__u32 ndtc_last_rand; /* delta to now in msecs */
|
||||
__u32 ndtc_hash_rnd;
|
||||
__u32 ndtc_hash_mask;
|
||||
__u32 ndtc_hash_chain_gc;
|
||||
__u32 ndtc_proxy_qlen;
|
||||
};
|
||||
|
||||
enum {
|
||||
NDTA_UNSPEC,
|
||||
NDTA_NAME, /* char *, unchangeable */
|
||||
NDTA_THRESH1, /* u32 */
|
||||
NDTA_THRESH2, /* u32 */
|
||||
NDTA_THRESH3, /* u32 */
|
||||
NDTA_CONFIG, /* struct ndt_config, read-only */
|
||||
NDTA_PARMS, /* nested TLV NDTPA_* */
|
||||
NDTA_STATS, /* struct ndt_stats, read-only */
|
||||
NDTA_GC_INTERVAL, /* u64, msecs */
|
||||
__NDTA_MAX
|
||||
};
|
||||
#define NDTA_MAX (__NDTA_MAX - 1)
|
||||
|
||||
#define NDTA_RTA(r) ((struct rtattr*)(((char*)(r)) + \
|
||||
NLMSG_ALIGN(sizeof(struct ndtmsg))))
|
||||
#define NDTA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndtmsg))
|
||||
|
||||
|
||||
/****
|
||||
* General form of address family dependent message.
|
||||
****/
|
||||
@ -663,138 +443,6 @@ struct prefix_cacheinfo
|
||||
__u32 valid_time;
|
||||
};
|
||||
|
||||
/* The struct should be in sync with struct net_device_stats */
|
||||
struct rtnl_link_stats
|
||||
{
|
||||
__u32 rx_packets; /* total packets received */
|
||||
__u32 tx_packets; /* total packets transmitted */
|
||||
__u32 rx_bytes; /* total bytes received */
|
||||
__u32 tx_bytes; /* total bytes transmitted */
|
||||
__u32 rx_errors; /* bad packets received */
|
||||
__u32 tx_errors; /* packet transmit problems */
|
||||
__u32 rx_dropped; /* no space in linux buffers */
|
||||
__u32 tx_dropped; /* no space available in linux */
|
||||
__u32 multicast; /* multicast packets received */
|
||||
__u32 collisions;
|
||||
|
||||
/* detailed rx_errors: */
|
||||
__u32 rx_length_errors;
|
||||
__u32 rx_over_errors; /* receiver ring buff overflow */
|
||||
__u32 rx_crc_errors; /* recved pkt with crc error */
|
||||
__u32 rx_frame_errors; /* recv'd frame alignment error */
|
||||
__u32 rx_fifo_errors; /* recv'r fifo overrun */
|
||||
__u32 rx_missed_errors; /* receiver missed packet */
|
||||
|
||||
/* detailed tx_errors */
|
||||
__u32 tx_aborted_errors;
|
||||
__u32 tx_carrier_errors;
|
||||
__u32 tx_fifo_errors;
|
||||
__u32 tx_heartbeat_errors;
|
||||
__u32 tx_window_errors;
|
||||
|
||||
/* for cslip etc */
|
||||
__u32 rx_compressed;
|
||||
__u32 tx_compressed;
|
||||
};
|
||||
|
||||
/* The struct should be in sync with struct ifmap */
|
||||
struct rtnl_link_ifmap
|
||||
{
|
||||
__u64 mem_start;
|
||||
__u64 mem_end;
|
||||
__u64 base_addr;
|
||||
__u16 irq;
|
||||
__u8 dma;
|
||||
__u8 port;
|
||||
};
|
||||
|
||||
enum
|
||||
{
|
||||
IFLA_UNSPEC,
|
||||
IFLA_ADDRESS,
|
||||
IFLA_BROADCAST,
|
||||
IFLA_IFNAME,
|
||||
IFLA_MTU,
|
||||
IFLA_LINK,
|
||||
IFLA_QDISC,
|
||||
IFLA_STATS,
|
||||
IFLA_COST,
|
||||
#define IFLA_COST IFLA_COST
|
||||
IFLA_PRIORITY,
|
||||
#define IFLA_PRIORITY IFLA_PRIORITY
|
||||
IFLA_MASTER,
|
||||
#define IFLA_MASTER IFLA_MASTER
|
||||
IFLA_WIRELESS, /* Wireless Extension event - see wireless.h */
|
||||
#define IFLA_WIRELESS IFLA_WIRELESS
|
||||
IFLA_PROTINFO, /* Protocol specific information for a link */
|
||||
#define IFLA_PROTINFO IFLA_PROTINFO
|
||||
IFLA_TXQLEN,
|
||||
#define IFLA_TXQLEN IFLA_TXQLEN
|
||||
IFLA_MAP,
|
||||
#define IFLA_MAP IFLA_MAP
|
||||
IFLA_WEIGHT,
|
||||
#define IFLA_WEIGHT IFLA_WEIGHT
|
||||
IFLA_OPERSTATE,
|
||||
IFLA_LINKMODE,
|
||||
__IFLA_MAX
|
||||
};
|
||||
|
||||
|
||||
#define IFLA_MAX (__IFLA_MAX - 1)
|
||||
|
||||
#define IFLA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
|
||||
#define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg))
|
||||
|
||||
/* ifi_flags.
|
||||
|
||||
IFF_* flags.
|
||||
|
||||
The only change is:
|
||||
IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are
|
||||
more not changeable by user. They describe link media
|
||||
characteristics and set by device driver.
|
||||
|
||||
Comments:
|
||||
- Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid
|
||||
- If neither of these three flags are set;
|
||||
the interface is NBMA.
|
||||
|
||||
- IFF_MULTICAST does not mean anything special:
|
||||
multicasts can be used on all not-NBMA links.
|
||||
IFF_MULTICAST means that this media uses special encapsulation
|
||||
for multicast frames. Apparently, all IFF_POINTOPOINT and
|
||||
IFF_BROADCAST devices are able to use multicasts too.
|
||||
*/
|
||||
|
||||
/* IFLA_LINK.
|
||||
For usual devices it is equal ifi_index.
|
||||
If it is a "virtual interface" (f.e. tunnel), ifi_link
|
||||
can point to real physical interface (f.e. for bandwidth calculations),
|
||||
or maybe 0, what means, that real media is unknown (usual
|
||||
for IPIP tunnels, when route to endpoint is allowed to change)
|
||||
*/
|
||||
|
||||
/* Subtype attributes for IFLA_PROTINFO */
|
||||
enum
|
||||
{
|
||||
IFLA_INET6_UNSPEC,
|
||||
IFLA_INET6_FLAGS, /* link flags */
|
||||
IFLA_INET6_CONF, /* sysctl parameters */
|
||||
IFLA_INET6_STATS, /* statistics */
|
||||
IFLA_INET6_MCAST, /* MC things. What of them? */
|
||||
IFLA_INET6_CACHEINFO, /* time values and max reasm size */
|
||||
__IFLA_INET6_MAX
|
||||
};
|
||||
|
||||
#define IFLA_INET6_MAX (__IFLA_INET6_MAX - 1)
|
||||
|
||||
struct ifla_cacheinfo
|
||||
{
|
||||
__u32 max_reasm_len;
|
||||
__u32 tstamp; /* ipv6InterfaceTable updated timestamp */
|
||||
__u32 reachable_time;
|
||||
__u32 retrans_time;
|
||||
};
|
||||
|
||||
/*****************************************************************
|
||||
* Traffic control messages.
|
||||
@ -885,10 +533,13 @@ enum rtnetlink_groups {
|
||||
RTNLGRP_NOP2,
|
||||
RTNLGRP_DECnet_ROUTE,
|
||||
#define RTNLGRP_DECnet_ROUTE RTNLGRP_DECnet_ROUTE
|
||||
RTNLGRP_NOP3,
|
||||
RTNLGRP_DECnet_RULE,
|
||||
#define RTNLGRP_DECnet_RULE RTNLGRP_DECnet_RULE
|
||||
RTNLGRP_NOP4,
|
||||
RTNLGRP_IPV6_PREFIX,
|
||||
#define RTNLGRP_IPV6_PREFIX RTNLGRP_IPV6_PREFIX
|
||||
RTNLGRP_IPV6_RULE,
|
||||
#define RTNLGRP_IPV6_RULE RTNLGRP_IPV6_RULE
|
||||
__RTNLGRP_MAX
|
||||
};
|
||||
#define RTNLGRP_MAX (__RTNLGRP_MAX - 1)
|
||||
@ -923,8 +574,6 @@ extern int rtattr_parse(struct rtattr *tb[], int maxattr, struct rtattr *rta, in
|
||||
#define rtattr_parse_nested(tb, max, rta) \
|
||||
rtattr_parse((tb), (max), RTA_DATA((rta)), RTA_PAYLOAD((rta)))
|
||||
|
||||
extern struct sock *rtnl;
|
||||
|
||||
struct rtnetlink_link
|
||||
{
|
||||
int (*doit)(struct sk_buff *, struct nlmsghdr*, void *attr);
|
||||
@ -933,6 +582,10 @@ struct rtnetlink_link
|
||||
|
||||
extern struct rtnetlink_link * rtnetlink_links[NPROTO];
|
||||
extern int rtnetlink_send(struct sk_buff *skb, u32 pid, u32 group, int echo);
|
||||
extern int rtnl_unicast(struct sk_buff *skb, u32 pid);
|
||||
extern int rtnl_notify(struct sk_buff *skb, u32 pid, u32 group,
|
||||
struct nlmsghdr *nlh, gfp_t flags);
|
||||
extern void rtnl_set_sk_err(u32 group, int error);
|
||||
extern int rtnetlink_put_metrics(struct sk_buff *skb, u32 *metrics);
|
||||
|
||||
extern void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data);
|
||||
@ -1065,6 +718,13 @@ extern void __rtnl_unlock(void);
|
||||
} \
|
||||
} while(0)
|
||||
|
||||
static inline u32 rtm_get_table(struct rtattr **rta, u8 table)
|
||||
{
|
||||
return RTA_GET_U32(rta[RTA_TABLE-1]);
|
||||
rtattr_failure:
|
||||
return table;
|
||||
}
|
||||
|
||||
#endif /* __KERNEL__ */
|
||||
|
||||
|
||||
|
@ -31,6 +31,8 @@
|
||||
#include <linux/msg.h>
|
||||
#include <linux/sched.h>
|
||||
#include <linux/key.h>
|
||||
#include <linux/xfrm.h>
|
||||
#include <net/flow.h>
|
||||
|
||||
struct ctl_table;
|
||||
|
||||
@ -88,6 +90,7 @@ extern int cap_netlink_recv(struct sk_buff *skb, int cap);
|
||||
struct nfsctl_arg;
|
||||
struct sched_param;
|
||||
struct swap_info_struct;
|
||||
struct request_sock;
|
||||
|
||||
/* bprm_apply_creds unsafe reasons */
|
||||
#define LSM_UNSAFE_SHARE 1
|
||||
@ -812,9 +815,19 @@ struct swap_info_struct;
|
||||
* which is used to copy security attributes between local stream sockets.
|
||||
* @sk_free_security:
|
||||
* Deallocate security structure.
|
||||
* @sk_getsid:
|
||||
* Retrieve the LSM-specific sid for the sock to enable caching of network
|
||||
* @sk_clone_security:
|
||||
* Clone/copy security structure.
|
||||
* @sk_getsecid:
|
||||
* Retrieve the LSM-specific secid for the sock to enable caching of network
|
||||
* authorizations.
|
||||
* @sock_graft:
|
||||
* Sets the socket's isec sid to the sock's sid.
|
||||
* @inet_conn_request:
|
||||
* Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
|
||||
* @inet_csk_clone:
|
||||
* Sets the new child socket's sid to the openreq sid.
|
||||
* @req_classify_flow:
|
||||
* Sets the flow's sid to the openreq sid.
|
||||
*
|
||||
* Security hooks for XFRM operations.
|
||||
*
|
||||
@ -823,9 +836,10 @@ struct swap_info_struct;
|
||||
* used by the XFRM system.
|
||||
* @sec_ctx contains the security context information being provided by
|
||||
* the user-level policy update program (e.g., setkey).
|
||||
* Allocate a security structure to the xp->security field.
|
||||
* The security field is initialized to NULL when the xfrm_policy is
|
||||
* allocated.
|
||||
* @sk refers to the sock from which to derive the security context.
|
||||
* Allocate a security structure to the xp->security field; the security
|
||||
* field is initialized to NULL when the xfrm_policy is allocated. Only
|
||||
* one of sec_ctx or sock can be specified.
|
||||
* Return 0 if operation was successful (memory to allocate, legal context)
|
||||
* @xfrm_policy_clone_security:
|
||||
* @old contains an existing xfrm_policy in the SPD.
|
||||
@ -844,9 +858,14 @@ struct swap_info_struct;
|
||||
* Database by the XFRM system.
|
||||
* @sec_ctx contains the security context information being provided by
|
||||
* the user-level SA generation program (e.g., setkey or racoon).
|
||||
* Allocate a security structure to the x->security field. The
|
||||
* security field is initialized to NULL when the xfrm_state is
|
||||
* allocated.
|
||||
* @polsec contains the security context information associated with a xfrm
|
||||
* policy rule from which to take the base context. polsec must be NULL
|
||||
* when sec_ctx is specified.
|
||||
* @secid contains the secid from which to take the mls portion of the context.
|
||||
* Allocate a security structure to the x->security field; the security
|
||||
* field is initialized to NULL when the xfrm_state is allocated. Set the
|
||||
* context to correspond to either sec_ctx or polsec, with the mls portion
|
||||
* taken from secid in the latter case.
|
||||
* Return 0 if operation was successful (memory to allocate, legal context).
|
||||
* @xfrm_state_free_security:
|
||||
* @x contains the xfrm_state.
|
||||
@ -857,13 +876,27 @@ struct swap_info_struct;
|
||||
* @xfrm_policy_lookup:
|
||||
* @xp contains the xfrm_policy for which the access control is being
|
||||
* checked.
|
||||
* @sk_sid contains the sock security label that is used to authorize
|
||||
* @fl_secid contains the flow security label that is used to authorize
|
||||
* access to the policy xp.
|
||||
* @dir contains the direction of the flow (input or output).
|
||||
* Check permission when a sock selects a xfrm_policy for processing
|
||||
* Check permission when a flow selects a xfrm_policy for processing
|
||||
* XFRMs on a packet. The hook is called when selecting either a
|
||||
* per-socket policy or a generic xfrm policy.
|
||||
* Return 0 if permission is granted.
|
||||
* @xfrm_state_pol_flow_match:
|
||||
* @x contains the state to match.
|
||||
* @xp contains the policy to check for a match.
|
||||
* @fl contains the flow to check for a match.
|
||||
* Return 1 if there is a match.
|
||||
* @xfrm_flow_state_match:
|
||||
* @fl contains the flow key to match.
|
||||
* @xfrm points to the xfrm_state to match.
|
||||
* Return 1 if there is a match.
|
||||
* @xfrm_decode_session:
|
||||
* @skb points to skb to decode.
|
||||
* @secid points to the flow key secid to set.
|
||||
* @ckall says if all xfrms used should be checked for same secid.
|
||||
* Return 0 if ckall is zero or all xfrms used have the same secid.
|
||||
*
|
||||
* Security hooks affecting all Key Management operations
|
||||
*
|
||||
@ -1308,8 +1341,8 @@ struct security_operations {
|
||||
int (*unix_may_send) (struct socket * sock, struct socket * other);
|
||||
|
||||
int (*socket_create) (int family, int type, int protocol, int kern);
|
||||
void (*socket_post_create) (struct socket * sock, int family,
|
||||
int type, int protocol, int kern);
|
||||
int (*socket_post_create) (struct socket * sock, int family,
|
||||
int type, int protocol, int kern);
|
||||
int (*socket_bind) (struct socket * sock,
|
||||
struct sockaddr * address, int addrlen);
|
||||
int (*socket_connect) (struct socket * sock,
|
||||
@ -1332,18 +1365,31 @@ struct security_operations {
|
||||
int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
|
||||
int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
|
||||
void (*sk_free_security) (struct sock *sk);
|
||||
unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir);
|
||||
void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
|
||||
void (*sk_getsecid) (struct sock *sk, u32 *secid);
|
||||
void (*sock_graft)(struct sock* sk, struct socket *parent);
|
||||
int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb,
|
||||
struct request_sock *req);
|
||||
void (*inet_csk_clone)(struct sock *newsk, const struct request_sock *req);
|
||||
void (*req_classify_flow)(const struct request_sock *req, struct flowi *fl);
|
||||
#endif /* CONFIG_SECURITY_NETWORK */
|
||||
|
||||
#ifdef CONFIG_SECURITY_NETWORK_XFRM
|
||||
int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx);
|
||||
int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp,
|
||||
struct xfrm_user_sec_ctx *sec_ctx, struct sock *sk);
|
||||
int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new);
|
||||
void (*xfrm_policy_free_security) (struct xfrm_policy *xp);
|
||||
int (*xfrm_policy_delete_security) (struct xfrm_policy *xp);
|
||||
int (*xfrm_state_alloc_security) (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
|
||||
int (*xfrm_state_alloc_security) (struct xfrm_state *x,
|
||||
struct xfrm_user_sec_ctx *sec_ctx, struct xfrm_sec_ctx *polsec,
|
||||
u32 secid);
|
||||
void (*xfrm_state_free_security) (struct xfrm_state *x);
|
||||
int (*xfrm_state_delete_security) (struct xfrm_state *x);
|
||||
int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 sk_sid, u8 dir);
|
||||
int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 fl_secid, u8 dir);
|
||||
int (*xfrm_state_pol_flow_match)(struct xfrm_state *x,
|
||||
struct xfrm_policy *xp, struct flowi *fl);
|
||||
int (*xfrm_flow_state_match)(struct flowi *fl, struct xfrm_state *xfrm);
|
||||
int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall);
|
||||
#endif /* CONFIG_SECURITY_NETWORK_XFRM */
|
||||
|
||||
/* key management security hooks */
|
||||
@ -2778,13 +2824,13 @@ static inline int security_socket_create (int family, int type,
|
||||
return security_ops->socket_create(family, type, protocol, kern);
|
||||
}
|
||||
|
||||
static inline void security_socket_post_create(struct socket * sock,
|
||||
int family,
|
||||
int type,
|
||||
int protocol, int kern)
|
||||
static inline int security_socket_post_create(struct socket * sock,
|
||||
int family,
|
||||
int type,
|
||||
int protocol, int kern)
|
||||
{
|
||||
security_ops->socket_post_create(sock, family, type,
|
||||
protocol, kern);
|
||||
return security_ops->socket_post_create(sock, family, type,
|
||||
protocol, kern);
|
||||
}
|
||||
|
||||
static inline int security_socket_bind(struct socket * sock,
|
||||
@ -2885,9 +2931,36 @@ static inline void security_sk_free(struct sock *sk)
|
||||
return security_ops->sk_free_security(sk);
|
||||
}
|
||||
|
||||
static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir)
|
||||
static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
|
||||
{
|
||||
return security_ops->sk_getsid(sk, fl, dir);
|
||||
return security_ops->sk_clone_security(sk, newsk);
|
||||
}
|
||||
|
||||
static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
|
||||
{
|
||||
security_ops->sk_getsecid(sk, &fl->secid);
|
||||
}
|
||||
|
||||
static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
|
||||
{
|
||||
security_ops->req_classify_flow(req, fl);
|
||||
}
|
||||
|
||||
static inline void security_sock_graft(struct sock* sk, struct socket *parent)
|
||||
{
|
||||
security_ops->sock_graft(sk, parent);
|
||||
}
|
||||
|
||||
static inline int security_inet_conn_request(struct sock *sk,
|
||||
struct sk_buff *skb, struct request_sock *req)
|
||||
{
|
||||
return security_ops->inet_conn_request(sk, skb, req);
|
||||
}
|
||||
|
||||
static inline void security_inet_csk_clone(struct sock *newsk,
|
||||
const struct request_sock *req)
|
||||
{
|
||||
security_ops->inet_csk_clone(newsk, req);
|
||||
}
|
||||
#else /* CONFIG_SECURITY_NETWORK */
|
||||
static inline int security_unix_stream_connect(struct socket * sock,
|
||||
@ -2909,11 +2982,12 @@ static inline int security_socket_create (int family, int type,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline void security_socket_post_create(struct socket * sock,
|
||||
int family,
|
||||
int type,
|
||||
int protocol, int kern)
|
||||
static inline int security_socket_post_create(struct socket * sock,
|
||||
int family,
|
||||
int type,
|
||||
int protocol, int kern)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_socket_bind(struct socket * sock,
|
||||
@ -3011,16 +3085,43 @@ static inline void security_sk_free(struct sock *sk)
|
||||
{
|
||||
}
|
||||
|
||||
static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir)
|
||||
static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
|
||||
{
|
||||
}
|
||||
|
||||
static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
|
||||
{
|
||||
}
|
||||
|
||||
static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
|
||||
{
|
||||
}
|
||||
|
||||
static inline void security_sock_graft(struct sock* sk, struct socket *parent)
|
||||
{
|
||||
}
|
||||
|
||||
static inline int security_inet_conn_request(struct sock *sk,
|
||||
struct sk_buff *skb, struct request_sock *req)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline void security_inet_csk_clone(struct sock *newsk,
|
||||
const struct request_sock *req)
|
||||
{
|
||||
}
|
||||
#endif /* CONFIG_SECURITY_NETWORK */
|
||||
|
||||
#ifdef CONFIG_SECURITY_NETWORK_XFRM
|
||||
static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
|
||||
{
|
||||
return security_ops->xfrm_policy_alloc_security(xp, sec_ctx);
|
||||
return security_ops->xfrm_policy_alloc_security(xp, sec_ctx, NULL);
|
||||
}
|
||||
|
||||
static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
|
||||
{
|
||||
return security_ops->xfrm_policy_alloc_security(xp, NULL, sk);
|
||||
}
|
||||
|
||||
static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
|
||||
@ -3038,9 +3139,18 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
|
||||
return security_ops->xfrm_policy_delete_security(xp);
|
||||
}
|
||||
|
||||
static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
|
||||
static inline int security_xfrm_state_alloc(struct xfrm_state *x,
|
||||
struct xfrm_user_sec_ctx *sec_ctx)
|
||||
{
|
||||
return security_ops->xfrm_state_alloc_security(x, sec_ctx);
|
||||
return security_ops->xfrm_state_alloc_security(x, sec_ctx, NULL, 0);
|
||||
}
|
||||
|
||||
static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
|
||||
struct xfrm_sec_ctx *polsec, u32 secid)
|
||||
{
|
||||
if (!polsec)
|
||||
return 0;
|
||||
return security_ops->xfrm_state_alloc_security(x, NULL, polsec, secid);
|
||||
}
|
||||
|
||||
static inline int security_xfrm_state_delete(struct xfrm_state *x)
|
||||
@ -3053,9 +3163,32 @@ static inline void security_xfrm_state_free(struct xfrm_state *x)
|
||||
security_ops->xfrm_state_free_security(x);
|
||||
}
|
||||
|
||||
static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir)
|
||||
static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
|
||||
{
|
||||
return security_ops->xfrm_policy_lookup(xp, sk_sid, dir);
|
||||
return security_ops->xfrm_policy_lookup(xp, fl_secid, dir);
|
||||
}
|
||||
|
||||
static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
|
||||
struct xfrm_policy *xp, struct flowi *fl)
|
||||
{
|
||||
return security_ops->xfrm_state_pol_flow_match(x, xp, fl);
|
||||
}
|
||||
|
||||
static inline int security_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm)
|
||||
{
|
||||
return security_ops->xfrm_flow_state_match(fl, xfrm);
|
||||
}
|
||||
|
||||
static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
|
||||
{
|
||||
return security_ops->xfrm_decode_session(skb, secid, 1);
|
||||
}
|
||||
|
||||
static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
|
||||
{
|
||||
int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0);
|
||||
|
||||
BUG_ON(rc);
|
||||
}
|
||||
#else /* CONFIG_SECURITY_NETWORK_XFRM */
|
||||
static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
|
||||
@ -3063,6 +3196,11 @@ static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
|
||||
{
|
||||
return 0;
|
||||
@ -3077,7 +3215,14 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
|
||||
static inline int security_xfrm_state_alloc(struct xfrm_state *x,
|
||||
struct xfrm_user_sec_ctx *sec_ctx)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
|
||||
struct xfrm_sec_ctx *polsec, u32 secid)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
@ -3091,10 +3236,32 @@ static inline int security_xfrm_state_delete(struct xfrm_state *x)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir)
|
||||
static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
|
||||
struct xfrm_policy *xp, struct flowi *fl)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
static inline int security_xfrm_flow_state_match(struct flowi *fl,
|
||||
struct xfrm_state *xfrm)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
|
||||
{
|
||||
}
|
||||
|
||||
#endif /* CONFIG_SECURITY_NETWORK_XFRM */
|
||||
|
||||
#ifdef CONFIG_KEYS
|
||||
|
@ -34,8 +34,9 @@
|
||||
#define HAVE_ALIGNABLE_SKB /* Ditto 8) */
|
||||
|
||||
#define CHECKSUM_NONE 0
|
||||
#define CHECKSUM_HW 1
|
||||
#define CHECKSUM_PARTIAL 1
|
||||
#define CHECKSUM_UNNECESSARY 2
|
||||
#define CHECKSUM_COMPLETE 3
|
||||
|
||||
#define SKB_DATA_ALIGN(X) (((X) + (SMP_CACHE_BYTES - 1)) & \
|
||||
~(SMP_CACHE_BYTES - 1))
|
||||
@ -56,17 +57,17 @@
|
||||
* Apparently with secret goal to sell you new device, when you
|
||||
* will add new protocol to your host. F.e. IPv6. 8)
|
||||
*
|
||||
* HW: the most generic way. Device supplied checksum of _all_
|
||||
* COMPLETE: the most generic way. Device supplied checksum of _all_
|
||||
* the packet as seen by netif_rx in skb->csum.
|
||||
* NOTE: Even if device supports only some protocols, but
|
||||
* is able to produce some skb->csum, it MUST use HW,
|
||||
* is able to produce some skb->csum, it MUST use COMPLETE,
|
||||
* not UNNECESSARY.
|
||||
*
|
||||
* B. Checksumming on output.
|
||||
*
|
||||
* NONE: skb is checksummed by protocol or csum is not required.
|
||||
*
|
||||
* HW: device is required to csum packet as seen by hard_start_xmit
|
||||
* PARTIAL: device is required to csum packet as seen by hard_start_xmit
|
||||
* from skb->h.raw to the end and to record the checksum
|
||||
* at skb->h.raw+skb->csum.
|
||||
*
|
||||
@ -1261,14 +1262,14 @@ static inline int skb_linearize_cow(struct sk_buff *skb)
|
||||
* @len: length of data pulled
|
||||
*
|
||||
* After doing a pull on a received packet, you need to call this to
|
||||
* update the CHECKSUM_HW checksum, or set ip_summed to CHECKSUM_NONE
|
||||
* so that it can be recomputed from scratch.
|
||||
* update the CHECKSUM_COMPLETE checksum, or set ip_summed to
|
||||
* CHECKSUM_NONE so that it can be recomputed from scratch.
|
||||
*/
|
||||
|
||||
static inline void skb_postpull_rcsum(struct sk_buff *skb,
|
||||
const void *start, unsigned int len)
|
||||
{
|
||||
if (skb->ip_summed == CHECKSUM_HW)
|
||||
if (skb->ip_summed == CHECKSUM_COMPLETE)
|
||||
skb->csum = csum_sub(skb->csum, csum_partial(start, len, 0));
|
||||
}
|
||||
|
||||
@ -1287,7 +1288,7 @@ static inline int pskb_trim_rcsum(struct sk_buff *skb, unsigned int len)
|
||||
{
|
||||
if (likely(len >= skb->len))
|
||||
return 0;
|
||||
if (skb->ip_summed == CHECKSUM_HW)
|
||||
if (skb->ip_summed == CHECKSUM_COMPLETE)
|
||||
skb->ip_summed = CHECKSUM_NONE;
|
||||
return __pskb_trim(skb, len);
|
||||
}
|
||||
|
@ -155,42 +155,11 @@ enum
|
||||
UDP_MIB_NOPORTS, /* NoPorts */
|
||||
UDP_MIB_INERRORS, /* InErrors */
|
||||
UDP_MIB_OUTDATAGRAMS, /* OutDatagrams */
|
||||
UDP_MIB_RCVBUFERRORS, /* RcvbufErrors */
|
||||
UDP_MIB_SNDBUFERRORS, /* SndbufErrors */
|
||||
__UDP_MIB_MAX
|
||||
};
|
||||
|
||||
/* sctp mib definitions */
|
||||
/*
|
||||
* draft-ietf-sigtran-sctp-mib-07.txt
|
||||
*/
|
||||
enum
|
||||
{
|
||||
SCTP_MIB_NUM = 0,
|
||||
SCTP_MIB_CURRESTAB, /* CurrEstab */
|
||||
SCTP_MIB_ACTIVEESTABS, /* ActiveEstabs */
|
||||
SCTP_MIB_PASSIVEESTABS, /* PassiveEstabs */
|
||||
SCTP_MIB_ABORTEDS, /* Aborteds */
|
||||
SCTP_MIB_SHUTDOWNS, /* Shutdowns */
|
||||
SCTP_MIB_OUTOFBLUES, /* OutOfBlues */
|
||||
SCTP_MIB_CHECKSUMERRORS, /* ChecksumErrors */
|
||||
SCTP_MIB_OUTCTRLCHUNKS, /* OutCtrlChunks */
|
||||
SCTP_MIB_OUTORDERCHUNKS, /* OutOrderChunks */
|
||||
SCTP_MIB_OUTUNORDERCHUNKS, /* OutUnorderChunks */
|
||||
SCTP_MIB_INCTRLCHUNKS, /* InCtrlChunks */
|
||||
SCTP_MIB_INORDERCHUNKS, /* InOrderChunks */
|
||||
SCTP_MIB_INUNORDERCHUNKS, /* InUnorderChunks */
|
||||
SCTP_MIB_FRAGUSRMSGS, /* FragUsrMsgs */
|
||||
SCTP_MIB_REASMUSRMSGS, /* ReasmUsrMsgs */
|
||||
SCTP_MIB_OUTSCTPPACKS, /* OutSCTPPacks */
|
||||
SCTP_MIB_INSCTPPACKS, /* InSCTPPacks */
|
||||
SCTP_MIB_RTOALGORITHM, /* RtoAlgorithm */
|
||||
SCTP_MIB_RTOMIN, /* RtoMin */
|
||||
SCTP_MIB_RTOMAX, /* RtoMax */
|
||||
SCTP_MIB_RTOINITIAL, /* RtoInitial */
|
||||
SCTP_MIB_VALCOOKIELIFE, /* ValCookieLife */
|
||||
SCTP_MIB_MAXINITRETR, /* MaxInitRetr */
|
||||
__SCTP_MIB_MAX
|
||||
};
|
||||
|
||||
/* linux mib definitions */
|
||||
enum
|
||||
{
|
||||
|
@ -411,6 +411,10 @@ enum
|
||||
NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115,
|
||||
NET_TCP_DMA_COPYBREAK=116,
|
||||
NET_TCP_SLOW_START_AFTER_IDLE=117,
|
||||
NET_CIPSOV4_CACHE_ENABLE=118,
|
||||
NET_CIPSOV4_CACHE_BUCKET_SIZE=119,
|
||||
NET_CIPSOV4_RBM_OPTFMT=120,
|
||||
NET_CIPSOV4_RBM_STRICTVALID=121,
|
||||
};
|
||||
|
||||
enum {
|
||||
@ -552,6 +556,7 @@ enum {
|
||||
NET_IPV6_ACCEPT_RA_RTR_PREF=20,
|
||||
NET_IPV6_RTR_PROBE_INTERVAL=21,
|
||||
NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN=22,
|
||||
NET_IPV6_PROXY_NDP=23,
|
||||
__NET_IPV6_MAX
|
||||
};
|
||||
|
||||
|
@ -102,6 +102,13 @@ struct xfrm_stats {
|
||||
__u32 integrity_failed;
|
||||
};
|
||||
|
||||
enum
|
||||
{
|
||||
XFRM_POLICY_TYPE_MAIN = 0,
|
||||
XFRM_POLICY_TYPE_SUB = 1,
|
||||
XFRM_POLICY_TYPE_MAX = 2
|
||||
};
|
||||
|
||||
enum
|
||||
{
|
||||
XFRM_POLICY_IN = 0,
|
||||
@ -120,7 +127,9 @@ enum
|
||||
|
||||
#define XFRM_MODE_TRANSPORT 0
|
||||
#define XFRM_MODE_TUNNEL 1
|
||||
#define XFRM_MODE_MAX 2
|
||||
#define XFRM_MODE_ROUTEOPTIMIZATION 2
|
||||
#define XFRM_MODE_IN_TRIGGER 3
|
||||
#define XFRM_MODE_MAX 4
|
||||
|
||||
/* Netlink configuration messages. */
|
||||
enum {
|
||||
@ -164,6 +173,10 @@ enum {
|
||||
#define XFRM_MSG_NEWAE XFRM_MSG_NEWAE
|
||||
XFRM_MSG_GETAE,
|
||||
#define XFRM_MSG_GETAE XFRM_MSG_GETAE
|
||||
|
||||
XFRM_MSG_REPORT,
|
||||
#define XFRM_MSG_REPORT XFRM_MSG_REPORT
|
||||
|
||||
__XFRM_MSG_MAX
|
||||
};
|
||||
#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1)
|
||||
@ -217,6 +230,12 @@ enum xfrm_ae_ftype_t {
|
||||
#define XFRM_AE_MAX (__XFRM_AE_MAX - 1)
|
||||
};
|
||||
|
||||
struct xfrm_userpolicy_type {
|
||||
__u8 type;
|
||||
__u16 reserved1;
|
||||
__u8 reserved2;
|
||||
};
|
||||
|
||||
/* Netlink message attributes. */
|
||||
enum xfrm_attr_type_t {
|
||||
XFRMA_UNSPEC,
|
||||
@ -232,6 +251,10 @@ enum xfrm_attr_type_t {
|
||||
XFRMA_REPLAY_VAL,
|
||||
XFRMA_REPLAY_THRESH,
|
||||
XFRMA_ETIMER_THRESH,
|
||||
XFRMA_SRCADDR, /* xfrm_address_t */
|
||||
XFRMA_COADDR, /* xfrm_address_t */
|
||||
XFRMA_LASTUSED,
|
||||
XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */
|
||||
__XFRMA_MAX
|
||||
|
||||
#define XFRMA_MAX (__XFRMA_MAX - 1)
|
||||
@ -247,12 +270,13 @@ struct xfrm_usersa_info {
|
||||
__u32 seq;
|
||||
__u32 reqid;
|
||||
__u16 family;
|
||||
__u8 mode; /* 0=transport,1=tunnel */
|
||||
__u8 mode; /* XFRM_MODE_xxx */
|
||||
__u8 replay_window;
|
||||
__u8 flags;
|
||||
#define XFRM_STATE_NOECN 1
|
||||
#define XFRM_STATE_DECAP_DSCP 2
|
||||
#define XFRM_STATE_NOPMTUDISC 4
|
||||
#define XFRM_STATE_WILDRECV 8
|
||||
};
|
||||
|
||||
struct xfrm_usersa_id {
|
||||
@ -319,12 +343,18 @@ struct xfrm_usersa_flush {
|
||||
__u8 proto;
|
||||
};
|
||||
|
||||
struct xfrm_user_report {
|
||||
__u8 proto;
|
||||
struct xfrm_selector sel;
|
||||
};
|
||||
|
||||
#ifndef __KERNEL__
|
||||
/* backwards compatibility for userspace */
|
||||
#define XFRMGRP_ACQUIRE 1
|
||||
#define XFRMGRP_EXPIRE 2
|
||||
#define XFRMGRP_SA 4
|
||||
#define XFRMGRP_POLICY 8
|
||||
#define XFRMGRP_REPORT 0x10
|
||||
#endif
|
||||
|
||||
enum xfrm_nlgroups {
|
||||
@ -340,6 +370,8 @@ enum xfrm_nlgroups {
|
||||
#define XFRMNLGRP_POLICY XFRMNLGRP_POLICY
|
||||
XFRMNLGRP_AEVENTS,
|
||||
#define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS
|
||||
XFRMNLGRP_REPORT,
|
||||
#define XFRMNLGRP_REPORT XFRMNLGRP_REPORT
|
||||
__XFRMNLGRP_MAX
|
||||
};
|
||||
#define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1)
|
||||
|
@ -8,70 +8,110 @@
|
||||
#include <net/sch_generic.h>
|
||||
#include <net/pkt_sched.h>
|
||||
|
||||
#define tca_gen(name) \
|
||||
struct tcf_##name *next; \
|
||||
u32 index; \
|
||||
int refcnt; \
|
||||
int bindcnt; \
|
||||
u32 capab; \
|
||||
int action; \
|
||||
struct tcf_t tm; \
|
||||
struct gnet_stats_basic bstats; \
|
||||
struct gnet_stats_queue qstats; \
|
||||
struct gnet_stats_rate_est rate_est; \
|
||||
spinlock_t *stats_lock; \
|
||||
spinlock_t lock
|
||||
|
||||
struct tcf_police
|
||||
{
|
||||
tca_gen(police);
|
||||
int result;
|
||||
u32 ewma_rate;
|
||||
u32 burst;
|
||||
u32 mtu;
|
||||
u32 toks;
|
||||
u32 ptoks;
|
||||
psched_time_t t_c;
|
||||
struct qdisc_rate_table *R_tab;
|
||||
struct qdisc_rate_table *P_tab;
|
||||
struct tcf_common {
|
||||
struct tcf_common *tcfc_next;
|
||||
u32 tcfc_index;
|
||||
int tcfc_refcnt;
|
||||
int tcfc_bindcnt;
|
||||
u32 tcfc_capab;
|
||||
int tcfc_action;
|
||||
struct tcf_t tcfc_tm;
|
||||
struct gnet_stats_basic tcfc_bstats;
|
||||
struct gnet_stats_queue tcfc_qstats;
|
||||
struct gnet_stats_rate_est tcfc_rate_est;
|
||||
spinlock_t *tcfc_stats_lock;
|
||||
spinlock_t tcfc_lock;
|
||||
};
|
||||
#define tcf_next common.tcfc_next
|
||||
#define tcf_index common.tcfc_index
|
||||
#define tcf_refcnt common.tcfc_refcnt
|
||||
#define tcf_bindcnt common.tcfc_bindcnt
|
||||
#define tcf_capab common.tcfc_capab
|
||||
#define tcf_action common.tcfc_action
|
||||
#define tcf_tm common.tcfc_tm
|
||||
#define tcf_bstats common.tcfc_bstats
|
||||
#define tcf_qstats common.tcfc_qstats
|
||||
#define tcf_rate_est common.tcfc_rate_est
|
||||
#define tcf_stats_lock common.tcfc_stats_lock
|
||||
#define tcf_lock common.tcfc_lock
|
||||
|
||||
struct tcf_police {
|
||||
struct tcf_common common;
|
||||
int tcfp_result;
|
||||
u32 tcfp_ewma_rate;
|
||||
u32 tcfp_burst;
|
||||
u32 tcfp_mtu;
|
||||
u32 tcfp_toks;
|
||||
u32 tcfp_ptoks;
|
||||
psched_time_t tcfp_t_c;
|
||||
struct qdisc_rate_table *tcfp_R_tab;
|
||||
struct qdisc_rate_table *tcfp_P_tab;
|
||||
};
|
||||
#define to_police(pc) \
|
||||
container_of(pc, struct tcf_police, common)
|
||||
|
||||
struct tcf_hashinfo {
|
||||
struct tcf_common **htab;
|
||||
unsigned int hmask;
|
||||
rwlock_t *lock;
|
||||
};
|
||||
|
||||
static inline unsigned int tcf_hash(u32 index, unsigned int hmask)
|
||||
{
|
||||
return index & hmask;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_NET_CLS_ACT
|
||||
|
||||
#define ACT_P_CREATED 1
|
||||
#define ACT_P_DELETED 1
|
||||
|
||||
struct tcf_act_hdr
|
||||
{
|
||||
tca_gen(act_hdr);
|
||||
struct tcf_act_hdr {
|
||||
struct tcf_common common;
|
||||
};
|
||||
|
||||
struct tc_action
|
||||
{
|
||||
void *priv;
|
||||
struct tc_action_ops *ops;
|
||||
__u32 type; /* for backward compat(TCA_OLD_COMPAT) */
|
||||
__u32 order;
|
||||
struct tc_action *next;
|
||||
struct tc_action {
|
||||
void *priv;
|
||||
struct tc_action_ops *ops;
|
||||
__u32 type; /* for backward compat(TCA_OLD_COMPAT) */
|
||||
__u32 order;
|
||||
struct tc_action *next;
|
||||
};
|
||||
|
||||
#define TCA_CAP_NONE 0
|
||||
struct tc_action_ops
|
||||
{
|
||||
struct tc_action_ops {
|
||||
struct tc_action_ops *next;
|
||||
struct tcf_hashinfo *hinfo;
|
||||
char kind[IFNAMSIZ];
|
||||
__u32 type; /* TBD to match kind */
|
||||
__u32 capab; /* capabilities includes 4 bit version */
|
||||
struct module *owner;
|
||||
int (*act)(struct sk_buff *, struct tc_action *, struct tcf_result *);
|
||||
int (*get_stats)(struct sk_buff *, struct tc_action *);
|
||||
int (*dump)(struct sk_buff *, struct tc_action *,int , int);
|
||||
int (*dump)(struct sk_buff *, struct tc_action *, int, int);
|
||||
int (*cleanup)(struct tc_action *, int bind);
|
||||
int (*lookup)(struct tc_action *, u32 );
|
||||
int (*init)(struct rtattr *,struct rtattr *,struct tc_action *, int , int );
|
||||
int (*walk)(struct sk_buff *, struct netlink_callback *, int , struct tc_action *);
|
||||
int (*lookup)(struct tc_action *, u32);
|
||||
int (*init)(struct rtattr *, struct rtattr *, struct tc_action *, int , int);
|
||||
int (*walk)(struct sk_buff *, struct netlink_callback *, int, struct tc_action *);
|
||||
};
|
||||
|
||||
extern struct tcf_common *tcf_hash_lookup(u32 index,
|
||||
struct tcf_hashinfo *hinfo);
|
||||
extern void tcf_hash_destroy(struct tcf_common *p, struct tcf_hashinfo *hinfo);
|
||||
extern int tcf_hash_release(struct tcf_common *p, int bind,
|
||||
struct tcf_hashinfo *hinfo);
|
||||
extern int tcf_generic_walker(struct sk_buff *skb, struct netlink_callback *cb,
|
||||
int type, struct tc_action *a);
|
||||
extern u32 tcf_hash_new_index(u32 *idx_gen, struct tcf_hashinfo *hinfo);
|
||||
extern int tcf_hash_search(struct tc_action *a, u32 index);
|
||||
extern struct tcf_common *tcf_hash_check(u32 index, struct tc_action *a,
|
||||
int bind, struct tcf_hashinfo *hinfo);
|
||||
extern struct tcf_common *tcf_hash_create(u32 index, struct rtattr *est,
|
||||
struct tc_action *a, int size,
|
||||
int bind, u32 *idx_gen,
|
||||
struct tcf_hashinfo *hinfo);
|
||||
extern void tcf_hash_insert(struct tcf_common *p, struct tcf_hashinfo *hinfo);
|
||||
|
||||
extern int tcf_register_action(struct tc_action_ops *a);
|
||||
extern int tcf_unregister_action(struct tc_action_ops *a);
|
||||
extern void tcf_action_destroy(struct tc_action *a, int bind);
|
||||
@ -96,17 +136,17 @@ tcf_police_release(struct tcf_police *p, int bind)
|
||||
int ret = 0;
|
||||
#ifdef CONFIG_NET_CLS_ACT
|
||||
if (p) {
|
||||
if (bind) {
|
||||
p->bindcnt--;
|
||||
}
|
||||
p->refcnt--;
|
||||
if (p->refcnt <= 0 && !p->bindcnt) {
|
||||
if (bind)
|
||||
p->tcf_bindcnt--;
|
||||
|
||||
p->tcf_refcnt--;
|
||||
if (p->tcf_refcnt <= 0 && !p->tcf_bindcnt) {
|
||||
tcf_police_destroy(p);
|
||||
ret = 1;
|
||||
}
|
||||
}
|
||||
#else
|
||||
if (p && --p->refcnt == 0)
|
||||
if (p && --p->tcf_refcnt == 0)
|
||||
tcf_police_destroy(p);
|
||||
|
||||
#endif /* CONFIG_NET_CLS_ACT */
|
||||
|
@ -1,142 +0,0 @@
|
||||
/*
|
||||
* include/net/act_generic.h
|
||||
*
|
||||
*/
|
||||
#ifndef _NET_ACT_GENERIC_H
|
||||
#define _NET_ACT_GENERIC_H
|
||||
static inline int tcf_defact_release(struct tcf_defact *p, int bind)
|
||||
{
|
||||
int ret = 0;
|
||||
if (p) {
|
||||
if (bind) {
|
||||
p->bindcnt--;
|
||||
}
|
||||
p->refcnt--;
|
||||
if (p->bindcnt <= 0 && p->refcnt <= 0) {
|
||||
kfree(p->defdata);
|
||||
tcf_hash_destroy(p);
|
||||
ret = 1;
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static inline int
|
||||
alloc_defdata(struct tcf_defact *p, u32 datalen, void *defdata)
|
||||
{
|
||||
p->defdata = kmalloc(datalen, GFP_KERNEL);
|
||||
if (p->defdata == NULL)
|
||||
return -ENOMEM;
|
||||
p->datalen = datalen;
|
||||
memcpy(p->defdata, defdata, datalen);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int
|
||||
realloc_defdata(struct tcf_defact *p, u32 datalen, void *defdata)
|
||||
{
|
||||
/* safer to be just brute force for now */
|
||||
kfree(p->defdata);
|
||||
return alloc_defdata(p, datalen, defdata);
|
||||
}
|
||||
|
||||
static inline int
|
||||
tcf_defact_init(struct rtattr *rta, struct rtattr *est,
|
||||
struct tc_action *a, int ovr, int bind)
|
||||
{
|
||||
struct rtattr *tb[TCA_DEF_MAX];
|
||||
struct tc_defact *parm;
|
||||
struct tcf_defact *p;
|
||||
void *defdata;
|
||||
u32 datalen = 0;
|
||||
int ret = 0;
|
||||
|
||||
if (rta == NULL || rtattr_parse_nested(tb, TCA_DEF_MAX, rta) < 0)
|
||||
return -EINVAL;
|
||||
|
||||
if (tb[TCA_DEF_PARMS - 1] == NULL ||
|
||||
RTA_PAYLOAD(tb[TCA_DEF_PARMS - 1]) < sizeof(*parm))
|
||||
return -EINVAL;
|
||||
|
||||
parm = RTA_DATA(tb[TCA_DEF_PARMS - 1]);
|
||||
defdata = RTA_DATA(tb[TCA_DEF_DATA - 1]);
|
||||
if (defdata == NULL)
|
||||
return -EINVAL;
|
||||
|
||||
datalen = RTA_PAYLOAD(tb[TCA_DEF_DATA - 1]);
|
||||
if (datalen <= 0)
|
||||
return -EINVAL;
|
||||
|
||||
p = tcf_hash_check(parm->index, a, ovr, bind);
|
||||
if (p == NULL) {
|
||||
p = tcf_hash_create(parm->index, est, a, sizeof(*p), ovr, bind);
|
||||
if (p == NULL)
|
||||
return -ENOMEM;
|
||||
|
||||
ret = alloc_defdata(p, datalen, defdata);
|
||||
if (ret < 0) {
|
||||
kfree(p);
|
||||
return ret;
|
||||
}
|
||||
ret = ACT_P_CREATED;
|
||||
} else {
|
||||
if (!ovr) {
|
||||
tcf_defact_release(p, bind);
|
||||
return -EEXIST;
|
||||
}
|
||||
realloc_defdata(p, datalen, defdata);
|
||||
}
|
||||
|
||||
spin_lock_bh(&p->lock);
|
||||
p->action = parm->action;
|
||||
spin_unlock_bh(&p->lock);
|
||||
if (ret == ACT_P_CREATED)
|
||||
tcf_hash_insert(p);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static inline int tcf_defact_cleanup(struct tc_action *a, int bind)
|
||||
{
|
||||
struct tcf_defact *p = PRIV(a, defact);
|
||||
|
||||
if (p != NULL)
|
||||
return tcf_defact_release(p, bind);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int
|
||||
tcf_defact_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref)
|
||||
{
|
||||
unsigned char *b = skb->tail;
|
||||
struct tc_defact opt;
|
||||
struct tcf_defact *p = PRIV(a, defact);
|
||||
struct tcf_t t;
|
||||
|
||||
opt.index = p->index;
|
||||
opt.refcnt = p->refcnt - ref;
|
||||
opt.bindcnt = p->bindcnt - bind;
|
||||
opt.action = p->action;
|
||||
RTA_PUT(skb, TCA_DEF_PARMS, sizeof(opt), &opt);
|
||||
RTA_PUT(skb, TCA_DEF_DATA, p->datalen, p->defdata);
|
||||
t.install = jiffies_to_clock_t(jiffies - p->tm.install);
|
||||
t.lastuse = jiffies_to_clock_t(jiffies - p->tm.lastuse);
|
||||
t.expires = jiffies_to_clock_t(p->tm.expires);
|
||||
RTA_PUT(skb, TCA_DEF_TM, sizeof(t), &t);
|
||||
return skb->len;
|
||||
|
||||
rtattr_failure:
|
||||
skb_trim(skb, b - skb->data);
|
||||
return -1;
|
||||
}
|
||||
|
||||
#define tca_use_default_ops \
|
||||
.dump = tcf_defact_dump, \
|
||||
.cleanup = tcf_defact_cleanup, \
|
||||
.init = tcf_defact_init, \
|
||||
.walk = tcf_generic_walker, \
|
||||
|
||||
#define tca_use_default_defines(name) \
|
||||
static u32 idx_gen; \
|
||||
static struct tcf_defact *tcf_##name_ht[MY_TAB_SIZE]; \
|
||||
static DEFINE_RWLOCK(##name_lock);
|
||||
#endif /* _NET_ACT_GENERIC_H */
|
@ -61,6 +61,9 @@ extern int addrconf_set_dstaddr(void __user *arg);
|
||||
extern int ipv6_chk_addr(struct in6_addr *addr,
|
||||
struct net_device *dev,
|
||||
int strict);
|
||||
#ifdef CONFIG_IPV6_MIP6
|
||||
extern int ipv6_chk_home_addr(struct in6_addr *addr);
|
||||
#endif
|
||||
extern struct inet6_ifaddr * ipv6_get_ifaddr(struct in6_addr *addr,
|
||||
struct net_device *dev,
|
||||
int strict);
|
||||
@ -126,20 +129,18 @@ extern int unregister_inet6addr_notifier(struct notifier_block *nb);
|
||||
static inline struct inet6_dev *
|
||||
__in6_dev_get(struct net_device *dev)
|
||||
{
|
||||
return (struct inet6_dev *)dev->ip6_ptr;
|
||||
return rcu_dereference(dev->ip6_ptr);
|
||||
}
|
||||
|
||||
extern rwlock_t addrconf_lock;
|
||||
|
||||
static inline struct inet6_dev *
|
||||
in6_dev_get(struct net_device *dev)
|
||||
{
|
||||
struct inet6_dev *idev = NULL;
|
||||
read_lock(&addrconf_lock);
|
||||
idev = dev->ip6_ptr;
|
||||
rcu_read_lock();
|
||||
idev = __in6_dev_get(dev);
|
||||
if (idev)
|
||||
atomic_inc(&idev->refcnt);
|
||||
read_unlock(&addrconf_lock);
|
||||
rcu_read_unlock();
|
||||
return idev;
|
||||
}
|
||||
|
||||
|
246
include/net/cipso_ipv4.h
Normal file
246
include/net/cipso_ipv4.h
Normal file
@ -0,0 +1,246 @@
|
||||
/*
|
||||
* CIPSO - Commercial IP Security Option
|
||||
*
|
||||
* This is an implementation of the CIPSO 2.2 protocol as specified in
|
||||
* draft-ietf-cipso-ipsecurity-01.txt with additional tag types as found in
|
||||
* FIPS-188, copies of both documents can be found in the Documentation
|
||||
* directory. While CIPSO never became a full IETF RFC standard many vendors
|
||||
* have chosen to adopt the protocol and over the years it has become a
|
||||
* de-facto standard for labeled networking.
|
||||
*
|
||||
* Author: Paul Moore <paul.moore@hp.com>
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
|
||||
* the GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef _CIPSO_IPV4_H
|
||||
#define _CIPSO_IPV4_H
|
||||
|
||||
#include <linux/types.h>
|
||||
#include <linux/rcupdate.h>
|
||||
#include <linux/list.h>
|
||||
#include <linux/net.h>
|
||||
#include <linux/skbuff.h>
|
||||
#include <net/netlabel.h>
|
||||
|
||||
/* known doi values */
|
||||
#define CIPSO_V4_DOI_UNKNOWN 0x00000000
|
||||
|
||||
/* tag types */
|
||||
#define CIPSO_V4_TAG_INVALID 0
|
||||
#define CIPSO_V4_TAG_RBITMAP 1
|
||||
#define CIPSO_V4_TAG_ENUM 2
|
||||
#define CIPSO_V4_TAG_RANGE 5
|
||||
#define CIPSO_V4_TAG_PBITMAP 6
|
||||
#define CIPSO_V4_TAG_FREEFORM 7
|
||||
|
||||
/* doi mapping types */
|
||||
#define CIPSO_V4_MAP_UNKNOWN 0
|
||||
#define CIPSO_V4_MAP_STD 1
|
||||
#define CIPSO_V4_MAP_PASS 2
|
||||
|
||||
/* limits */
|
||||
#define CIPSO_V4_MAX_REM_LVLS 256
|
||||
#define CIPSO_V4_INV_LVL 0x80000000
|
||||
#define CIPSO_V4_MAX_LOC_LVLS (CIPSO_V4_INV_LVL - 1)
|
||||
#define CIPSO_V4_MAX_REM_CATS 65536
|
||||
#define CIPSO_V4_INV_CAT 0x80000000
|
||||
#define CIPSO_V4_MAX_LOC_CATS (CIPSO_V4_INV_CAT - 1)
|
||||
|
||||
/*
|
||||
* CIPSO DOI definitions
|
||||
*/
|
||||
|
||||
/* DOI definition struct */
|
||||
#define CIPSO_V4_TAG_MAXCNT 5
|
||||
struct cipso_v4_doi {
|
||||
u32 doi;
|
||||
u32 type;
|
||||
union {
|
||||
struct cipso_v4_std_map_tbl *std;
|
||||
} map;
|
||||
u8 tags[CIPSO_V4_TAG_MAXCNT];
|
||||
|
||||
u32 valid;
|
||||
struct list_head list;
|
||||
struct rcu_head rcu;
|
||||
struct list_head dom_list;
|
||||
};
|
||||
|
||||
/* Standard CIPSO mapping table */
|
||||
/* NOTE: the highest order bit (i.e. 0x80000000) is an 'invalid' flag, if the
|
||||
* bit is set then consider that value as unspecified, meaning the
|
||||
* mapping for that particular level/category is invalid */
|
||||
struct cipso_v4_std_map_tbl {
|
||||
struct {
|
||||
u32 *cipso;
|
||||
u32 *local;
|
||||
u32 cipso_size;
|
||||
u32 local_size;
|
||||
} lvl;
|
||||
struct {
|
||||
u32 *cipso;
|
||||
u32 *local;
|
||||
u32 cipso_size;
|
||||
u32 local_size;
|
||||
} cat;
|
||||
};
|
||||
|
||||
/*
|
||||
* Sysctl Variables
|
||||
*/
|
||||
|
||||
#ifdef CONFIG_NETLABEL
|
||||
extern int cipso_v4_cache_enabled;
|
||||
extern int cipso_v4_cache_bucketsize;
|
||||
extern int cipso_v4_rbm_optfmt;
|
||||
extern int cipso_v4_rbm_strictvalid;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Helper Functions
|
||||
*/
|
||||
|
||||
#define CIPSO_V4_OPTEXIST(x) (IPCB(x)->opt.cipso != 0)
|
||||
#define CIPSO_V4_OPTPTR(x) ((x)->nh.raw + IPCB(x)->opt.cipso)
|
||||
|
||||
/*
|
||||
* DOI List Functions
|
||||
*/
|
||||
|
||||
#ifdef CONFIG_NETLABEL
|
||||
int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);
|
||||
int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head * head));
|
||||
struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
|
||||
struct sk_buff *cipso_v4_doi_dump_all(size_t headroom);
|
||||
struct sk_buff *cipso_v4_doi_dump(u32 doi, size_t headroom);
|
||||
int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def, const char *domain);
|
||||
int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,
|
||||
const char *domain);
|
||||
#else
|
||||
static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
|
||||
{
|
||||
return -ENOSYS;
|
||||
}
|
||||
|
||||
static inline int cipso_v4_doi_remove(u32 doi,
|
||||
void (*callback) (struct rcu_head * head))
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static inline struct sk_buff *cipso_v4_doi_dump_all(size_t headroom)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static inline struct sk_buff *cipso_v4_doi_dump(u32 doi, size_t headroom)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static inline int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def,
|
||||
const char *domain)
|
||||
{
|
||||
return -ENOSYS;
|
||||
}
|
||||
|
||||
static inline int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,
|
||||
const char *domain)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
#endif /* CONFIG_NETLABEL */
|
||||
|
||||
/*
|
||||
* Label Mapping Cache Functions
|
||||
*/
|
||||
|
||||
#ifdef CONFIG_NETLABEL
|
||||
void cipso_v4_cache_invalidate(void);
|
||||
int cipso_v4_cache_add(const struct sk_buff *skb,
|
||||
const struct netlbl_lsm_secattr *secattr);
|
||||
#else
|
||||
static inline void cipso_v4_cache_invalidate(void)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
static inline int cipso_v4_cache_add(const struct sk_buff *skb,
|
||||
const struct netlbl_lsm_secattr *secattr)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
#endif /* CONFIG_NETLABEL */
|
||||
|
||||
/*
|
||||
* Protocol Handling Functions
|
||||
*/
|
||||
|
||||
#ifdef CONFIG_NETLABEL
|
||||
void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway);
|
||||
int cipso_v4_socket_setattr(const struct socket *sock,
|
||||
const struct cipso_v4_doi *doi_def,
|
||||
const struct netlbl_lsm_secattr *secattr);
|
||||
int cipso_v4_socket_getattr(const struct socket *sock,
|
||||
struct netlbl_lsm_secattr *secattr);
|
||||
int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
|
||||
struct netlbl_lsm_secattr *secattr);
|
||||
int cipso_v4_validate(unsigned char **option);
|
||||
#else
|
||||
static inline void cipso_v4_error(struct sk_buff *skb,
|
||||
int error,
|
||||
u32 gateway)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
static inline int cipso_v4_socket_setattr(const struct socket *sock,
|
||||
const struct cipso_v4_doi *doi_def,
|
||||
const struct netlbl_lsm_secattr *secattr)
|
||||
{
|
||||
return -ENOSYS;
|
||||
}
|
||||
|
||||
static inline int cipso_v4_socket_getattr(const struct socket *sock,
|
||||
struct netlbl_lsm_secattr *secattr)
|
||||
{
|
||||
return -ENOSYS;
|
||||
}
|
||||
|
||||
static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
|
||||
struct netlbl_lsm_secattr *secattr)
|
||||
{
|
||||
return -ENOSYS;
|
||||
}
|
||||
|
||||
static inline int cipso_v4_validate(unsigned char **option)
|
||||
{
|
||||
return -ENOSYS;
|
||||
}
|
||||
#endif /* CONFIG_NETLABEL */
|
||||
|
||||
#endif /* _CIPSO_IPV4_H */
|
@ -22,7 +22,7 @@ struct dn_kern_rta
|
||||
};
|
||||
|
||||
struct dn_fib_res {
|
||||
struct dn_fib_rule *r;
|
||||
struct fib_rule *r;
|
||||
struct dn_fib_info *fi;
|
||||
unsigned char prefixlen;
|
||||
unsigned char nh_sel;
|
||||
@ -94,7 +94,8 @@ struct dn_fib_node {
|
||||
|
||||
|
||||
struct dn_fib_table {
|
||||
int n;
|
||||
struct hlist_node hlist;
|
||||
u32 n;
|
||||
|
||||
int (*insert)(struct dn_fib_table *t, struct rtmsg *r,
|
||||
struct dn_kern_rta *rta, struct nlmsghdr *n,
|
||||
@ -130,14 +131,11 @@ extern __le16 dn_fib_get_attr16(struct rtattr *attr, int attrlen, int type);
|
||||
extern void dn_fib_flush(void);
|
||||
extern void dn_fib_select_multipath(const struct flowi *fl,
|
||||
struct dn_fib_res *res);
|
||||
extern int dn_fib_sync_down(__le16 local, struct net_device *dev,
|
||||
int force);
|
||||
extern int dn_fib_sync_up(struct net_device *dev);
|
||||
|
||||
/*
|
||||
* dn_tables.c
|
||||
*/
|
||||
extern struct dn_fib_table *dn_fib_get_table(int n, int creat);
|
||||
extern struct dn_fib_table *dn_fib_get_table(u32 n, int creat);
|
||||
extern struct dn_fib_table *dn_fib_empty_table(void);
|
||||
extern void dn_fib_table_init(void);
|
||||
extern void dn_fib_table_cleanup(void);
|
||||
@ -147,10 +145,8 @@ extern void dn_fib_table_cleanup(void);
|
||||
*/
|
||||
extern void dn_fib_rules_init(void);
|
||||
extern void dn_fib_rules_cleanup(void);
|
||||
extern void dn_fib_rule_put(struct dn_fib_rule *);
|
||||
extern __le16 dn_fib_rules_policy(__le16 saddr, struct dn_fib_res *res, unsigned *flags);
|
||||
extern unsigned dnet_addr_type(__le16 addr);
|
||||
extern int dn_fib_lookup(const struct flowi *fl, struct dn_fib_res *res);
|
||||
extern int dn_fib_lookup(struct flowi *fl, struct dn_fib_res *res);
|
||||
|
||||
/*
|
||||
* rtnetlink interface
|
||||
@ -176,11 +172,9 @@ static inline void dn_fib_res_put(struct dn_fib_res *res)
|
||||
if (res->fi)
|
||||
dn_fib_info_put(res->fi);
|
||||
if (res->r)
|
||||
dn_fib_rule_put(res->r);
|
||||
fib_rule_put(res->r);
|
||||
}
|
||||
|
||||
extern struct dn_fib_table *dn_fib_tables[];
|
||||
|
||||
#else /* Endnode */
|
||||
|
||||
#define dn_fib_init() do { } while(0)
|
||||
|
@ -54,6 +54,7 @@ struct dst_entry
|
||||
unsigned long expires;
|
||||
|
||||
unsigned short header_len; /* more space at head required */
|
||||
unsigned short nfheader_len; /* more non-fragment space at head required */
|
||||
unsigned short trailer_len; /* space to reserve at tail */
|
||||
|
||||
u32 metrics[RTAX_MAX];
|
||||
|
@ -15,13 +15,14 @@ struct esp_data
|
||||
struct {
|
||||
u8 *key; /* Key */
|
||||
int key_len; /* Key length */
|
||||
u8 *ivec; /* ivec buffer */
|
||||
int padlen; /* 0..255 */
|
||||
/* ivlen is offset from enc_data, where encrypted data start.
|
||||
* It is logically different of crypto_tfm_alg_ivsize(tfm).
|
||||
* We assume that it is either zero (no ivec), or
|
||||
* >= crypto_tfm_alg_ivsize(tfm). */
|
||||
int ivlen;
|
||||
int padlen; /* 0..255 */
|
||||
int ivinitted;
|
||||
u8 *ivec; /* ivec buffer */
|
||||
struct crypto_blkcipher *tfm; /* crypto handle */
|
||||
} conf;
|
||||
|
||||
|
97
include/net/fib_rules.h
Normal file
97
include/net/fib_rules.h
Normal file
@ -0,0 +1,97 @@
|
||||
#ifndef __NET_FIB_RULES_H
|
||||
#define __NET_FIB_RULES_H
|
||||
|
||||
#include <linux/types.h>
|
||||
#include <linux/netdevice.h>
|
||||
#include <linux/fib_rules.h>
|
||||
#include <net/flow.h>
|
||||
#include <net/netlink.h>
|
||||
|
||||
struct fib_rule
|
||||
{
|
||||
struct list_head list;
|
||||
atomic_t refcnt;
|
||||
int ifindex;
|
||||
char ifname[IFNAMSIZ];
|
||||
u32 pref;
|
||||
u32 flags;
|
||||
u32 table;
|
||||
u8 action;
|
||||
struct rcu_head rcu;
|
||||
};
|
||||
|
||||
struct fib_lookup_arg
|
||||
{
|
||||
void *lookup_ptr;
|
||||
void *result;
|
||||
struct fib_rule *rule;
|
||||
};
|
||||
|
||||
struct fib_rules_ops
|
||||
{
|
||||
int family;
|
||||
struct list_head list;
|
||||
int rule_size;
|
||||
|
||||
int (*action)(struct fib_rule *,
|
||||
struct flowi *, int,
|
||||
struct fib_lookup_arg *);
|
||||
int (*match)(struct fib_rule *,
|
||||
struct flowi *, int);
|
||||
int (*configure)(struct fib_rule *,
|
||||
struct sk_buff *,
|
||||
struct nlmsghdr *,
|
||||
struct fib_rule_hdr *,
|
||||
struct nlattr **);
|
||||
int (*compare)(struct fib_rule *,
|
||||
struct fib_rule_hdr *,
|
||||
struct nlattr **);
|
||||
int (*fill)(struct fib_rule *, struct sk_buff *,
|
||||
struct nlmsghdr *,
|
||||
struct fib_rule_hdr *);
|
||||
u32 (*default_pref)(void);
|
||||
|
||||
int nlgroup;
|
||||
struct nla_policy *policy;
|
||||
struct list_head *rules_list;
|
||||
struct module *owner;
|
||||
};
|
||||
|
||||
static inline void fib_rule_get(struct fib_rule *rule)
|
||||
{
|
||||
atomic_inc(&rule->refcnt);
|
||||
}
|
||||
|
||||
static inline void fib_rule_put_rcu(struct rcu_head *head)
|
||||
{
|
||||
struct fib_rule *rule = container_of(head, struct fib_rule, rcu);
|
||||
kfree(rule);
|
||||
}
|
||||
|
||||
static inline void fib_rule_put(struct fib_rule *rule)
|
||||
{
|
||||
if (atomic_dec_and_test(&rule->refcnt))
|
||||
call_rcu(&rule->rcu, fib_rule_put_rcu);
|
||||
}
|
||||
|
||||
static inline u32 frh_get_table(struct fib_rule_hdr *frh, struct nlattr **nla)
|
||||
{
|
||||
if (nla[FRA_TABLE])
|
||||
return nla_get_u32(nla[FRA_TABLE]);
|
||||
return frh->table;
|
||||
}
|
||||
|
||||
extern int fib_rules_register(struct fib_rules_ops *);
|
||||
extern int fib_rules_unregister(struct fib_rules_ops *);
|
||||
|
||||
extern int fib_rules_lookup(struct fib_rules_ops *,
|
||||
struct flowi *, int flags,
|
||||
struct fib_lookup_arg *);
|
||||
|
||||
extern int fib_nl_newrule(struct sk_buff *,
|
||||
struct nlmsghdr *, void *);
|
||||
extern int fib_nl_delrule(struct sk_buff *,
|
||||
struct nlmsghdr *, void *);
|
||||
extern int fib_rules_dump(struct sk_buff *,
|
||||
struct netlink_callback *, int);
|
||||
#endif
|
@ -26,6 +26,7 @@ struct flowi {
|
||||
struct {
|
||||
struct in6_addr daddr;
|
||||
struct in6_addr saddr;
|
||||
__u32 fwmark;
|
||||
__u32 flowlabel;
|
||||
} ip6_u;
|
||||
|
||||
@ -42,6 +43,7 @@ struct flowi {
|
||||
#define fld_scope nl_u.dn_u.scope
|
||||
#define fl6_dst nl_u.ip6_u.daddr
|
||||
#define fl6_src nl_u.ip6_u.saddr
|
||||
#define fl6_fwmark nl_u.ip6_u.fwmark
|
||||
#define fl6_flowlabel nl_u.ip6_u.flowlabel
|
||||
#define fl4_dst nl_u.ip4_u.daddr
|
||||
#define fl4_src nl_u.ip4_u.saddr
|
||||
@ -72,12 +74,22 @@ struct flowi {
|
||||
} dnports;
|
||||
|
||||
__u32 spi;
|
||||
|
||||
#ifdef CONFIG_IPV6_MIP6
|
||||
struct {
|
||||
__u8 type;
|
||||
} mht;
|
||||
#endif
|
||||
} uli_u;
|
||||
#define fl_ip_sport uli_u.ports.sport
|
||||
#define fl_ip_dport uli_u.ports.dport
|
||||
#define fl_icmp_type uli_u.icmpt.type
|
||||
#define fl_icmp_code uli_u.icmpt.code
|
||||
#define fl_ipsec_spi uli_u.spi
|
||||
#ifdef CONFIG_IPV6_MIP6
|
||||
#define fl_mh_type uli_u.mht.type
|
||||
#endif
|
||||
__u32 secid; /* used by xfrm; see secid.txt */
|
||||
} __attribute__((__aligned__(BITS_PER_LONG/8)));
|
||||
|
||||
#define FLOW_DIR_IN 0
|
||||
@ -85,10 +97,10 @@ struct flowi {
|
||||
#define FLOW_DIR_FWD 2
|
||||
|
||||
struct sock;
|
||||
typedef void (*flow_resolve_t)(struct flowi *key, u32 sk_sid, u16 family, u8 dir,
|
||||
typedef void (*flow_resolve_t)(struct flowi *key, u16 family, u8 dir,
|
||||
void **objp, atomic_t **obj_refp);
|
||||
|
||||
extern void *flow_cache_lookup(struct flowi *key, u32 sk_sid, u16 family, u8 dir,
|
||||
extern void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir,
|
||||
flow_resolve_t resolver);
|
||||
extern void flow_cache_flush(void);
|
||||
extern atomic_t flow_cache_genid;
|
||||
|
@ -27,8 +27,6 @@ struct genl_family
|
||||
struct list_head family_list; /* private */
|
||||
};
|
||||
|
||||
#define GENL_ADMIN_PERM 0x01
|
||||
|
||||
/**
|
||||
* struct genl_info - receiving information
|
||||
* @snd_seq: sending sequence number
|
||||
@ -133,11 +131,12 @@ static inline int genlmsg_cancel(struct sk_buff *skb, void *hdr)
|
||||
* @skb: netlink message as socket buffer
|
||||
* @pid: own netlink pid to avoid sending to yourself
|
||||
* @group: multicast group id
|
||||
* @flags: allocation flags
|
||||
*/
|
||||
static inline int genlmsg_multicast(struct sk_buff *skb, u32 pid,
|
||||
unsigned int group)
|
||||
unsigned int group, gfp_t flags)
|
||||
{
|
||||
return nlmsg_multicast(genl_sock, skb, pid, group);
|
||||
return nlmsg_multicast(genl_sock, skb, pid, group, flags);
|
||||
}
|
||||
|
||||
/**
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user