Re: [PATCH net] ipv6: revert degradation in IPv6 Ready Logo test results

2018-10-03 Thread 
Hi,

2018年10月3日(水) 16:57 Mike Manning :
>
> On 02/10/2018 19:26, David Miller wrote:
> > From: Mike Manning 
> > Date: Tue,  2 Oct 2018 12:40:30 +0100
> >
> >> This reverts commit 0ed4229b08c1 ("ipv6: defrag: drop non-last frags
> >> smaller than min mtu"). While one should not get fragments smaller than
> >> the IPv6 minimum MTU, not handling crafted packets in the TAHI IPv6
> >> conformance test suite (v6eval) for IPv6 Ready Logo results in 18
> >> failures representing over 5% of the score.
> >>
> >> Cc: Florian Westphal 
> >> Signed-off-by: Mike Manning 
> > Sorry, I'm not just going to blindly apply a patch because some
> > TAHI tests fail.
> >
> > It's possible the TAHI tests are wrong, or that the specification
> > elements it is testing don't make any sense these days.
> >
> > Allowing all kinds of random junk in the middle of the fragment queue
> > leads to lots of unnecessary cpu overhead and potential bugs, and it
> > triggerable remotely.
>
> Understood, thank you.
>
> It would be great if there is someone on this mailer who has influence
> with ipv6ready.org so as to get the TAHI tests for IPv6 conformance
> updated, as an upgrade to a kernel with the commit mentioned will result
> in a 5% degradation in results for the existing tests.
>

You can ignore some tests especially if you have some related,
updated RFC(s).

--yoshfuji

Re: [PATCH v3 net-next 3/3] rds: Extend RDS API for IPv6 support

2018-07-13 Thread 
Hi,

2018-07-13 20:02 GMT+09:00 Ka-Cheong Poon :
> There are many data structures (RDS socket options) used by RDS apps
> which use a 32 bit integer to store IP address. To support IPv6,
> struct in6_addr needs to be used. To ensure backward compatibility, a
> new data structure is introduced for each of those data structures
> which use a 32 bit integer to represent an IP address. And new socket
> options are introduced to use those new structures. This means that
> existing apps should work without a problem with the new RDS module.
> For apps which want to use IPv6, those new data structures and socket
> options can be used. IPv4 mapped address is used to represent IPv4
> address in the new data structures.

This seems to break old applications compiled with old header, no?

>
> Signed-off-by: Ka-Cheong Poon 
> ---
>  include/uapi/linux/rds.h |  71 +++--
>  net/rds/connection.c | 101 
> +++
>  net/rds/ib.c |  52 
>  net/rds/ib_mr.h  |   2 +
>  net/rds/ib_rdma.c|  11 +-
>  net/rds/recv.c   |  25 
>  net/rds/tcp.c|  44 +
>  7 files changed, 294 insertions(+), 12 deletions(-)
>
> diff --git a/include/uapi/linux/rds.h b/include/uapi/linux/rds.h
> index 20c6bd0..518d40f 100644
> --- a/include/uapi/linux/rds.h
> +++ b/include/uapi/linux/rds.h
> @@ -1,6 +1,6 @@
>  /* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR 
> Linux-OpenIB) */
>  /*
> - * Copyright (c) 2008 Oracle.  All rights reserved.
> + * Copyright (c) 2008, 2018 Oracle and/or its affiliates. All rights 
> reserved.
>   *
>   * This software is available to you under a choice of one of two
>   * licenses.  You may choose to be licensed under the terms of the GNU
> @@ -52,7 +52,7 @@
>  #define RDS_RECVERR5
>  #define RDS_CONG_MONITOR   6
>  #define RDS_GET_MR_FOR_DEST7
> -#define SO_RDS_TRANSPORT   8
> +#define SO_RDS_TRANSPORT   9

Re: [PATCH net-next 3/5] sctp: add spp_ipv6_flowlabel and spp_dscp for sctp_paddrparams

2018-06-30 Thread 
Hi,

2018-06-28 15:40 GMT+09:00 Xin Long :
> On Tue, Jun 26, 2018 at 8:02 PM, 吉藤英明
>  wrote:
>> 2018-06-26 13:33 GMT+09:00 Xin Long :
>>> On Tue, Jun 26, 2018 at 12:31 AM, Marcelo Ricardo Leitner
>>>  wrote:
>>>> Hi,
>>>>
>>>> On Tue, Jun 26, 2018 at 01:12:00AM +0900, 吉藤英明 wrote:
>>>>> Hi,
>>>>>
>>>>> 2018-06-25 22:03 GMT+09:00 Marcelo Ricardo Leitner 
>>>>> :
>>>>> > On Mon, Jun 25, 2018 at 07:28:47AM -0400, Neil Horman wrote:
>>>>> >> On Mon, Jun 25, 2018 at 04:31:26PM +0900, David Miller wrote:
>>>>> >> > From: Xin Long 
>>>>> >> > Date: Mon, 25 Jun 2018 10:14:35 +0800
>>>>> >> >
>>>>> >> > >  struct sctp_paddrparams {
>>>>> >> > > @@ -773,6 +775,8 @@ struct sctp_paddrparams {
>>>>> >> > >   __u32   spp_pathmtu;
>>>>> >> > >   __u32   spp_sackdelay;
>>>>> >> > >   __u32   spp_flags;
>>>>> >> > > + __u32   spp_ipv6_flowlabel;
>>>>> >> > > + __u8spp_dscp;
>>>>> >> > >  } __attribute__((packed, aligned(4)));
>>>>> >> >
>>>>> >> > I don't think you can change the size of this structure like this.
>>>>> >> >
>>>>> >> > This check in sctp_setsockopt_peer_addr_params():
>>>>> >> >
>>>>> >> > if (optlen != sizeof(struct sctp_paddrparams))
>>>>> >> > return -EINVAL;
>>>>> >> >
>>>>> >> > is going to trigger in old kernels when executing programs
>>>>> >> > built against the new struct definition.
>>>>> >
>>>>> > That will happen, yes, but do we really care about being future-proof
>>>>> > here? I mean: if we also update such check(s) to support dealing with
>>>>> > smaller-than-supported structs, newer kernels will be able to run
>>>>> > programs built against the old struct, and the new one; while building
>>>>> > using newer headers and running on older kernel may fool the
>>>>> > application in other ways too (like enabling support for something
>>>>> > that is available on newer kernel and that is not present in the older
>>>>> > one).
>>>>>
>>>>> We should not break existing apps.
>>>>> We still accept apps of pre-2.4 era without sin6_scope_id
>>>>> (e.g., net/ipv6/af_inet6.c:inet6_bind()).
>>>>
>>>> Yes. That's what I tried to say. That is supporting an old app built
>>>> with old kernel headers and running on a newer kernel, and not the
>>>> other way around (an app built with fresh headers and running on an
>>>> old kernel).
>>> To make it, I will update the check like:
>>>
>>> diff --git a/net/sctp/socket.c b/net/sctp/socket.c
>>> index 1df5d07..c949d8c 100644
>>> --- a/net/sctp/socket.c
>>> +++ b/net/sctp/socket.c
>>> @@ -2715,13 +2715,18 @@ static int
>>> sctp_setsockopt_peer_addr_params(struct sock *sk,
>>> struct sctp_sock*sp = sctp_sk(sk);
>>> int error;
>>> int hb_change, pmtud_change, sackdelay_change;
>>> +   int plen = sizeof(params);
>>> +   int old_plen = plen - sizeof(u32) * 2;
>>
>> if (optlen < offsetof(struct sctp_paddrparams, spp_ipv6_flowlabel))
>> maybe?
> Hi, yoshfuji,
> offsetof() is better. thank you.
>
>>
>>>
>>> -   if (optlen != sizeof(struct sctp_paddrparams))
>>> +   if (optlen != plen && optlen != old_plen)
>>> return -EINVAL;
>>>
>>> if (copy_from_user(, optval, optlen))
>>> return -EFAULT;
>>>
>>> +   if (optlen == old_plen)
>>> +   params.spp_flags &= ~(SPP_DSCP | SPP_IPV6_FLOWLABEL);
>>
>> I think we should return -EINVAL if size is not new one.
> Sorry, if we returned  -EINVAL when size is the old one,
> how can we guarantee an old app built with old kernel
> headers and running on a newer kernel works well?
> or you meant?
> if ((params.spp_flags & (SPP_DSCP | SPP_IPV6_FLOWLABEL)) &&
> optlen != plen)
> return EINVAL;

Yes, I meant this (it should be -EINVAL though).


>
>>
>> --yoshfuji
>>
>>> +
>>> /* Validate flags and value parameters. */
>>> hb_change= params.spp_flags & SPP_HB;
>>> pmtud_change = params.spp_flags & SPP_PMTUD;
>>> @@ -5591,10 +5596,13 @@ static int
>>> sctp_getsockopt_peer_addr_params(struct sock *sk, int len,
>>> struct sctp_transport   *trans = NULL;
>>> struct sctp_association *asoc = NULL;
>>> struct sctp_sock*sp = sctp_sk(sk);
>>> +   int plen = sizeof(params);
>>> +   int old_plen = plen - sizeof(u32) * 2;
>>>
>>> -   if (len < sizeof(struct sctp_paddrparams))
>>> +   if (len < old_plen)
>>> return -EINVAL;
>>> -   len = sizeof(struct sctp_paddrparams);
>>> +
>>> +   len = len >= plen ? plen : old_plen;
>>> if (copy_from_user(, optval, len))
>>> return -EFAULT;
>>>
>>> does it look ok to you?

Re: [PATCH net-next 3/5] sctp: add spp_ipv6_flowlabel and spp_dscp for sctp_paddrparams

2018-06-26 Thread 
2018-06-26 13:33 GMT+09:00 Xin Long :
> On Tue, Jun 26, 2018 at 12:31 AM, Marcelo Ricardo Leitner
>  wrote:
>> Hi,
>>
>> On Tue, Jun 26, 2018 at 01:12:00AM +0900, 吉藤英明 wrote:
>>> Hi,
>>>
>>> 2018-06-25 22:03 GMT+09:00 Marcelo Ricardo Leitner 
>>> :
>>> > On Mon, Jun 25, 2018 at 07:28:47AM -0400, Neil Horman wrote:
>>> >> On Mon, Jun 25, 2018 at 04:31:26PM +0900, David Miller wrote:
>>> >> > From: Xin Long 
>>> >> > Date: Mon, 25 Jun 2018 10:14:35 +0800
>>> >> >
>>> >> > >  struct sctp_paddrparams {
>>> >> > > @@ -773,6 +775,8 @@ struct sctp_paddrparams {
>>> >> > >   __u32   spp_pathmtu;
>>> >> > >   __u32   spp_sackdelay;
>>> >> > >   __u32   spp_flags;
>>> >> > > + __u32   spp_ipv6_flowlabel;
>>> >> > > + __u8spp_dscp;
>>> >> > >  } __attribute__((packed, aligned(4)));
>>> >> >
>>> >> > I don't think you can change the size of this structure like this.
>>> >> >
>>> >> > This check in sctp_setsockopt_peer_addr_params():
>>> >> >
>>> >> > if (optlen != sizeof(struct sctp_paddrparams))
>>> >> > return -EINVAL;
>>> >> >
>>> >> > is going to trigger in old kernels when executing programs
>>> >> > built against the new struct definition.
>>> >
>>> > That will happen, yes, but do we really care about being future-proof
>>> > here? I mean: if we also update such check(s) to support dealing with
>>> > smaller-than-supported structs, newer kernels will be able to run
>>> > programs built against the old struct, and the new one; while building
>>> > using newer headers and running on older kernel may fool the
>>> > application in other ways too (like enabling support for something
>>> > that is available on newer kernel and that is not present in the older
>>> > one).
>>>
>>> We should not break existing apps.
>>> We still accept apps of pre-2.4 era without sin6_scope_id
>>> (e.g., net/ipv6/af_inet6.c:inet6_bind()).
>>
>> Yes. That's what I tried to say. That is supporting an old app built
>> with old kernel headers and running on a newer kernel, and not the
>> other way around (an app built with fresh headers and running on an
>> old kernel).
> To make it, I will update the check like:
>
> diff --git a/net/sctp/socket.c b/net/sctp/socket.c
> index 1df5d07..c949d8c 100644
> --- a/net/sctp/socket.c
> +++ b/net/sctp/socket.c
> @@ -2715,13 +2715,18 @@ static int
> sctp_setsockopt_peer_addr_params(struct sock *sk,
> struct sctp_sock*sp = sctp_sk(sk);
> int error;
> int hb_change, pmtud_change, sackdelay_change;
> +   int plen = sizeof(params);
> +   int old_plen = plen - sizeof(u32) * 2;

if (optlen < offsetof(struct sctp_paddrparams, spp_ipv6_flowlabel))
maybe?

>
> -   if (optlen != sizeof(struct sctp_paddrparams))
> +   if (optlen != plen && optlen != old_plen)
> return -EINVAL;
>
> if (copy_from_user(, optval, optlen))
> return -EFAULT;
>
> +   if (optlen == old_plen)
> +   params.spp_flags &= ~(SPP_DSCP | SPP_IPV6_FLOWLABEL);

I think we should return -EINVAL if size is not new one.

--yoshfuji

> +
> /* Validate flags and value parameters. */
> hb_change= params.spp_flags & SPP_HB;
> pmtud_change = params.spp_flags & SPP_PMTUD;
> @@ -5591,10 +5596,13 @@ static int
> sctp_getsockopt_peer_addr_params(struct sock *sk, int len,
> struct sctp_transport   *trans = NULL;
> struct sctp_association *asoc = NULL;
> struct sctp_sock*sp = sctp_sk(sk);
> +   int plen = sizeof(params);
> +   int old_plen = plen - sizeof(u32) * 2;
>
> -   if (len < sizeof(struct sctp_paddrparams))
> +   if (len < old_plen)
> return -EINVAL;
> -   len = sizeof(struct sctp_paddrparams);
> +
> +   len = len >= plen ? plen : old_plen;
> if (copy_from_user(, optval, len))
> return -EFAULT;
>
> does it look ok to you?

Re: [PATCH net-next 3/5] sctp: add spp_ipv6_flowlabel and spp_dscp for sctp_paddrparams

2018-06-25 Thread 
Hi,

2018-06-25 22:03 GMT+09:00 Marcelo Ricardo Leitner :
> On Mon, Jun 25, 2018 at 07:28:47AM -0400, Neil Horman wrote:
>> On Mon, Jun 25, 2018 at 04:31:26PM +0900, David Miller wrote:
>> > From: Xin Long 
>> > Date: Mon, 25 Jun 2018 10:14:35 +0800
>> >
>> > >  struct sctp_paddrparams {
>> > > @@ -773,6 +775,8 @@ struct sctp_paddrparams {
>> > >   __u32   spp_pathmtu;
>> > >   __u32   spp_sackdelay;
>> > >   __u32   spp_flags;
>> > > + __u32   spp_ipv6_flowlabel;
>> > > + __u8spp_dscp;
>> > >  } __attribute__((packed, aligned(4)));
>> >
>> > I don't think you can change the size of this structure like this.
>> >
>> > This check in sctp_setsockopt_peer_addr_params():
>> >
>> > if (optlen != sizeof(struct sctp_paddrparams))
>> > return -EINVAL;
>> >
>> > is going to trigger in old kernels when executing programs
>> > built against the new struct definition.
>
> That will happen, yes, but do we really care about being future-proof
> here? I mean: if we also update such check(s) to support dealing with
> smaller-than-supported structs, newer kernels will be able to run
> programs built against the old struct, and the new one; while building
> using newer headers and running on older kernel may fool the
> application in other ways too (like enabling support for something
> that is available on newer kernel and that is not present in the older
> one).

We should not break existing apps.
We still accept apps of pre-2.4 era without sin6_scope_id
(e.g., net/ipv6/af_inet6.c:inet6_bind()).

>
>> >
>> I think thats also the reason its a packed aligned attribute, it can't be
>> changed, or older kernels won't be able to fill it out properly.
>> Neil
>
> It's more for supporting running 32-bits apps on 64-bit kernels
> (according to 20c9c825b12fc).
>
>   Marcelo

Re: [PATCH net-next] net: ipv6: Generate random IID for addresses on RAWIP devices

2018-06-03 Thread 
Hello,

2018-06-04 6:54 GMT+09:00 Subash Abhinov Kasiviswanathan
:
> RAWIP devices such as rmnet do not have a hardware address and
> instead require the kernel to generate a random IID for the
> temporary addresses. For permanent addresses, the device IID is
> used along with prefix received.
>
> Signed-off-by: Subash Abhinov Kasiviswanathan 
> ---
>  net/ipv6/addrconf.c | 17 -
>  1 file changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
> index f09afc2..e4c4540 100644
> --- a/net/ipv6/addrconf.c
> +++ b/net/ipv6/addrconf.c
> @@ -2230,6 +2230,18 @@ static int addrconf_ifid_ip6tnl(u8 *eui, struct 
> net_device *dev)
> return 0;
>  }
>
> +static int addrconf_ifid_rawip(u8 *eui, struct net_device *dev)
> +{
> +   struct in6_addr lladdr;
> +
> +   if (ipv6_get_lladdr(dev, , IFA_F_TENTATIVE))
> +   get_random_bytes(eui, 8);

Please be aware of I/G bit and G/L bit.

--yoshfuji

Re: [RFC/PATCH] Add a socketoption IPV6_MULTICAST_ALL analogue to the IPV4 version

2018-05-08 Thread 
Hi,

2018-05-08 15:41 GMT+09:00 Andre Naujoks <nauts...@gmail.com>:
> On 08.05.2018 08:31, 吉藤英明 wrote:
>> Hi,
>>
>> 2018-05-08 15:03 GMT+09:00 Andre Naujoks <nauts...@gmail.com>:
>>> On 11.04.2018 13:02, Andre Naujoks wrote:
>>>> Hi.
>>>
>>> Hi again.
>>>
>>> Since it has been a month now, I'd like to send a little "ping" on this 
>>> subject.
>>>
>>> Is anything wrong with this? Or was it just bad timing?
>>
>> I'm just curious... What kind of behaviour do you expect?
>>
>> Unless you explicitly join the group, you cannot get traffic for the group
>> because of multicast filtering at device level (multicast fitlering) or at 
>> the
>> switch level (MLD).
>>
>> If an application is interested in (several) multicast groups, it should
>> explicitly join the group.  So I cannot find valid (or meaningful) use-case.
>
> I expect only to receive the multicast traffic of groups I explicitly joined 
> on that
> socket. This is was the IPv4 version of this socket option already does. The 
> problem
> only exists if multiple groups are joined and the socket therefore has to be 
> bound
> to the "any"-address. Then we get traffic from all multicast groups joined by 
> any(!)
> process on the system (plus anything else on that IP-port).

Okay I agree that we should be able NOT to get such traffic.

Acked-By: YOSHIFUJI Hideaki <yoshf...@linux-ipv6.org>

--yoshfuji

>
> Regards
>   Andre
>
>>
>> --yoshfuji
>>
>>>
>>> Regards
>>>   Andre
>>>
>>>>
>>>> I was running into a problem, when trying to join multiple multicast groups
>>>> on a single socket and thus binding to the any-address on said socket. I
>>>> received traffic from multicast groups, I did not join on that socket and
>>>> was at first surprised by that. After reading some old e-mails/threads,
>>>> which came to the conclusion "It is, as it is."
>>>> (e.g https://marc.info/?l=linux-kernel=115815686626791=2), I discovered
>>>> the IPv4 socketoption IP_MULTICAST_ALL, which, when disabled, does exactly
>>>> what I would expect from a socket by default.
>>>>
>>>> I propose a socket option for IPv6, which does the same and has the same
>>>> default as the IPv4 version. My first thought was, to just apply
>>>> IP_MULTICAST_ALL to a ipv6 socket, but that would change the behavior of
>>>> current applications and would probably be a big no-no.
>>>>
>>>> Regards
>>>>   Andre
>>>>
>>>>
>>>> From 473653086c05a3de839c3504885053f6254c7bc5 Mon Sep 17 00:00:00 2001
>>>> From: Andre Naujoks <nauts...@gmail.com>
>>>> Date: Wed, 11 Apr 2018 12:38:28 +0200
>>>> Subject: [PATCH] Add a socketoption IPV6_MULTICAST_ALL analogue to the IPV4
>>>>  version
>>>>
>>>> The socket option will be enabled by default to ensure current behaviour
>>>> is not changed. This is the same for the IPv4 version.
>>>>
>>>> A socket bound to in6addr_any and a specific port will receive all traffic
>>>> on that port. Analogue to IP_MULTICAST_ALL, disable this behaviour, if
>>>> one or more multicast groups were joined (using said socket) and only
>>>> pass on multicast traffic from groups, which were explicitly joined via
>>>> this socket.
>>>>
>>>> Without this option disabled a socket (system even) joined to multiple
>>>> multicast groups is very hard to get right. Filtering by destination
>>>> address has to take place in user space to avoid receiving multicast
>>>> traffic from other multicast groups, which might have traffic on the same
>>>> port.
>>>>
>>>> The extension of the IP_MULTICAST_ALL socketoption to just apply to ipv6,
>>>> too, is not done to avoid changing the behaviour of current applications.
>>>>
>>>> Signed-off-by: Andre Naujoks <nauts...@gmail.com>
>>>> ---
>>>>  include/linux/ipv6.h |  3 ++-
>>>>  include/uapi/linux/in6.h |  1 +
>>>>  net/ipv6/af_inet6.c  |  1 +
>>>>  net/ipv6/ipv6_sockglue.c | 11 +++
>>>>  net/ipv6/mcast.c |  2 +-
>>>>  5 files changed, 16 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
>>>> index 8415bf1a9776..49

Re: [RFC/PATCH] Add a socketoption IPV6_MULTICAST_ALL analogue to the IPV4 version

2018-05-08 Thread 
Hi,

2018-05-08 15:03 GMT+09:00 Andre Naujoks :
> On 11.04.2018 13:02, Andre Naujoks wrote:
>> Hi.
>
> Hi again.
>
> Since it has been a month now, I'd like to send a little "ping" on this 
> subject.
>
> Is anything wrong with this? Or was it just bad timing?

I'm just curious... What kind of behaviour do you expect?

Unless you explicitly join the group, you cannot get traffic for the group
because of multicast filtering at device level (multicast fitlering) or at the
switch level (MLD).

If an application is interested in (several) multicast groups, it should
explicitly join the group.  So I cannot find valid (or meaningful) use-case.

--yoshfuji

>
> Regards
>   Andre
>
>>
>> I was running into a problem, when trying to join multiple multicast groups
>> on a single socket and thus binding to the any-address on said socket. I
>> received traffic from multicast groups, I did not join on that socket and
>> was at first surprised by that. After reading some old e-mails/threads,
>> which came to the conclusion "It is, as it is."
>> (e.g https://marc.info/?l=linux-kernel=115815686626791=2), I discovered
>> the IPv4 socketoption IP_MULTICAST_ALL, which, when disabled, does exactly
>> what I would expect from a socket by default.
>>
>> I propose a socket option for IPv6, which does the same and has the same
>> default as the IPv4 version. My first thought was, to just apply
>> IP_MULTICAST_ALL to a ipv6 socket, but that would change the behavior of
>> current applications and would probably be a big no-no.
>>
>> Regards
>>   Andre
>>
>>
>> From 473653086c05a3de839c3504885053f6254c7bc5 Mon Sep 17 00:00:00 2001
>> From: Andre Naujoks 
>> Date: Wed, 11 Apr 2018 12:38:28 +0200
>> Subject: [PATCH] Add a socketoption IPV6_MULTICAST_ALL analogue to the IPV4
>>  version
>>
>> The socket option will be enabled by default to ensure current behaviour
>> is not changed. This is the same for the IPv4 version.
>>
>> A socket bound to in6addr_any and a specific port will receive all traffic
>> on that port. Analogue to IP_MULTICAST_ALL, disable this behaviour, if
>> one or more multicast groups were joined (using said socket) and only
>> pass on multicast traffic from groups, which were explicitly joined via
>> this socket.
>>
>> Without this option disabled a socket (system even) joined to multiple
>> multicast groups is very hard to get right. Filtering by destination
>> address has to take place in user space to avoid receiving multicast
>> traffic from other multicast groups, which might have traffic on the same
>> port.
>>
>> The extension of the IP_MULTICAST_ALL socketoption to just apply to ipv6,
>> too, is not done to avoid changing the behaviour of current applications.
>>
>> Signed-off-by: Andre Naujoks 
>> ---
>>  include/linux/ipv6.h |  3 ++-
>>  include/uapi/linux/in6.h |  1 +
>>  net/ipv6/af_inet6.c  |  1 +
>>  net/ipv6/ipv6_sockglue.c | 11 +++
>>  net/ipv6/mcast.c |  2 +-
>>  5 files changed, 16 insertions(+), 2 deletions(-)
>>
>> diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
>> index 8415bf1a9776..495e834c1367 100644
>> --- a/include/linux/ipv6.h
>> +++ b/include/linux/ipv6.h
>> @@ -274,7 +274,8 @@ struct ipv6_pinfo {
>>*/
>>   dontfrag:1,
>>   autoflowlabel:1,
>> - autoflowlabel_set:1;
>> + autoflowlabel_set:1,
>> + mc_all:1;
>>   __u8min_hopcount;
>>   __u8tclass;
>>   __be32  rcv_flowinfo;
>> diff --git a/include/uapi/linux/in6.h b/include/uapi/linux/in6.h
>> index ed291e55f024..71d82fe15b03 100644
>> --- a/include/uapi/linux/in6.h
>> +++ b/include/uapi/linux/in6.h
>> @@ -177,6 +177,7 @@ struct in6_flowlabel_req {
>>  #define IPV6_V6ONLY  26
>>  #define IPV6_JOIN_ANYCAST27
>>  #define IPV6_LEAVE_ANYCAST   28
>> +#define IPV6_MULTICAST_ALL   29
>>
>>  /* IPV6_MTU_DISCOVER values */
>>  #define IPV6_PMTUDISC_DONT   0
>> diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
>> index 8da0b513f188..7844cd9d2f10 100644
>> --- a/net/ipv6/af_inet6.c
>> +++ b/net/ipv6/af_inet6.c
>> @@ -209,6 +209,7 @@ static int inet6_create(struct net *net, struct socket 
>> *sock, int protocol,
>>   np->hop_limit   = -1;
>>   np->mcast_hops  = IPV6_DEFAULT_MCASTHOPS;
>>   np->mc_loop = 1;
>> + np->mc_all  = 1;
>>   np->pmtudisc= IPV6_PMTUDISC_WANT;
>>   np->repflow = net->ipv6.sysctl.flowlabel_reflect;
>>   sk->sk_ipv6only = net->ipv6.sysctl.bindv6only;
>> diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
>> index 4d780c7f0130..b2bc1942a2ee 100644
>> --- a/net/ipv6/ipv6_sockglue.c
>> +++ b/net/ipv6/ipv6_sockglue.c
>> @@ -664,6 +664,13 @@ static int do_ipv6_setsockopt(struct sock *sk, int 
>> level, int

Re: [PATCH net-next 00/16] ipv6: replace rwlock with rcu and spinlock in fib6 table

2017-10-07 Thread 
Hi,

2017-10-07 8:49 GMT+09:00 Eric Dumazet :
> On Fri, 2017-10-06 at 12:05 -0700, Wei Wang wrote:
>> From: Wei Wang 
>>
>> Currently, fib6 table is protected by rwlock. During route lookup,
>> reader lock is taken and during route insertion, deletion or
>> modification, writer lock is taken. This is a very inefficient
>> implementation because the fastpath always has to do the operation
>> to grab the reader lock.
>> According to my latest syn flood test on an iota ivybridage machine
>> with 2 10G mlx nics bonded together, each with 8 rx queues on 2 NUMA
>> nodes, and with the upstream net-next kernel:
>> ipv4 stack can handle around 4.2Mpps
>> ipv6 stack can handle around 1.3Mpps
>>
>> In order to close the gap of the performance number between ipv4
>> and ipv6 stack, this patch series tries to get rid of the usage of
>> the rwlock and replace it with rcu and spinlock protection. This will
>> greatly speed up the fastpath performance as it only needs to hold
>> rcu which is much less expensive than grabbing the reader lock. It
>> also makes ipv6 fib implementation more consistent with ipv4.
>>
>> In order to be able to replace the current rwlock with rcu and
>> spinlock, some preparation work is needed:
>> Patch 1-8 introduces a per-route hash table (protected by rcu and a
>> different spinlock) to store all cached routes created by pmtu and ip
>> redirect under its main route. This makes the main fib6 tree only
>> contain static routes.
>> Patch 9-14 prepares all the reader path to be ready to tolerate
>> concurrent writer.
>> Patch 15 finally does the rwlock to rcu and spinlock conversion.
>> Patch 16 takes care of rt6_stats.
>>
>> After this patch series, in the same syn flood test,
>> ipv6 stack can now handle around 3.5Mpps compared to previous 1.3Mpps
>> in my test setup.
>>
>> After this patch series, there are still some improvements that should
>> be done in ipv6 stack:
>> 1. During route lookup, dst_use() is called everytime on the selected
>> route to update dst->__use and dst->lastuse. This dirties the cacheline
>> and causes extra cacheline miss and should be avoided.
>> 2. when no route is found in the current table, net->ip6.ipv6_null_entry
>> is used and refcnt is taken on it. As there is no pcpu cache for this
>> specific route, frequent change on the refcnt for this route causes
>> quite some cacheline misses.
>> And to make things worse, if CONFIG_IPV6_MULTIPLE_TABLES is defined,
>> output path route lookup always starts with local table first and
>> guarantees to hit net->ipv6.ip6_null_entry before continuing to do
>> lookup in the main table.
>> These operations on net->ipv6.ip6_null_entry could potentially be
>> avoided.
>> 3. ipv6 input path route lookup grabs refcnt on dst. This is different
>> from ipv4. We could potentially change this behavior to let ipv6 input
>> path route lookup not to grab refcnt on dst. However, it does not give
>> us much performance boost as we currently have pcpu route cache for
>> input path as well in ipv6. But this work probably is still worth doing
>> to unify ipv6 and ipv4 route lookup behavior.
>>
>> The above issues will be addressed separately after this patch series
>> has been accepted.
>>
>> This is a joint work with Martin KaFai Lau and Eric Dumazet. And many
>> many thanks to them for their inspiring ideas and big big code review
>> efforts.
>>
>> Wei Wang (16):
>>   ipv6: introduce a new function fib6_update_sernum()
>>   ipv6: introduce a hash table to store dst cache
>>   ipv6: prepare fib6_remove_prefsrc() for exception table
>>   ipv6: prepare rt6_mtu_change() for exception table
>>   ipv6: prepare rt6_clean_tohost() for exception table
>>   ipv6: prepare fib6_age() for exception table
>>   ipv6: prepare fib6_locate() for exception table
>>   ipv6: hook up exception table to store dst cache
>>   ipv6: grab rt->rt6i_ref before allocating pcpu rt
>>   ipv6: don't release rt->rt6i_pcpu memory during rt6_release()
>>   ipv6: replace dst_hold() with dst_hold_safe() in routing code
>>   ipv6: update fn_sernum after route is inserted to tree
>>   ipv6: check fn->leaf before it is used
>>   ipv6: add key length check into rt6_select()
>>   ipv6: replace rwlock with rcu and spinlock in fib6_table
>>   ipv6: take care of rt6_stats
>>
>>  include/net/dst.h   |   2 +-
>>  include/net/ip6_fib.h   |  79 -
>>  include/net/ip6_route.h |   5 +
>>  net/ipv6/addrconf.c |  17 +-
>>  net/ipv6/ip6_fib.c  | 645 ++
>>  net/ipv6/route.c| 901 
>> 
>>  6 files changed, 1179 insertions(+), 470 deletions(-)
>>
>
> Awesome work Wei.
>
> For the whole series :
>
> Reviewed-by: Eric Dumazet 

It looks ok to me.
Reviewed-by: YOSHIFUJI Hideaki 

>
> Thanks !
>
>

Re: [PATCH net-next 11/16] ipv6: replace dst_hold() with dst_hold_safe() in routing code

2017-10-06 Thread 
Hi,

2017-10-07 4:06 GMT+09:00 Wei Wang :
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index 941c062389d2..aeb349aea429 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
:
> @@ -1625,12 +1643,17 @@ struct rt6_info *ip6_pol_route(struct net *net, 
> struct fib6_table *table,
> if (rt_cache)
> rt = rt_cache;
>
> -   if (rt == net->ipv6.ip6_null_entry || (rt->rt6i_flags & RTF_CACHE)) {
> -   dst_use(>dst, jiffies);
> +   if (rt == net->ipv6.ip6_null_entry) {
> +   read_unlock_bh(>tb6_lock);
> +   dst_hold(>dst);
> +   trace_fib6_table_lookup(net, rt, table->tb6_id, fl6);
> +   return rt;
> +   } else if (rt->rt6i_flags & RTF_CACHE) {
> +   if (ip6_hold_safe(net, , true)) {
> +   dst_use_noref(>dst, jiffies);
> +   rt6_dst_from_metrics_check(rt);
> +   }
> read_unlock_bh(>tb6_lock);
> -
> -   rt6_dst_from_metrics_check(rt);
> -
> trace_fib6_table_lookup(net, rt, table->tb6_id, fl6);
> return rt;
> } else if (unlikely((fl6->flowi6_flags & FLOWI_FLAG_KNOWN_NH) &&

Is it intended to move rt6_dst_from_metrics_check() inside the table lock?

--yoshfuji

Re: [PATCH next] neigh: initialize neigh entry correctly during arp processing

2017-08-16 Thread 
Hi,

2017-08-17 9:02 GMT+09:00 Mahesh Bandewar :
> From: Mahesh Bandewar 
>
> If the ARP processing creates a neigh entry, it's immediately marked
> as STALE without timer and stays that way in that state as long as
> host do not send traffic to that neighbour.
>
> I observed this on hosts which are in IPv6 environment, where there is
> very little to no IPv4 traffic and neigh-entries are stuck in STALE
> mode. Ideally, the host should have PROBEd these neighbours before it
> can send the first packet out.

No, we do not probe neighbors until we have packet for/through
it.


>
> It happens as a result of following call sequence in an environment
> where host is mostly quiet as far as IPv4 traffic but few connected
> hosts/gateways are sending ARPs.
>
>arp_process()
>  neigh_event_ns()
>neigh_lookup()
>  neigh_create()
>neigh_alloc()
>  nud_state=NUD_NONE
>  neigh_update(nud_state=NUD_STALE)
>
> In the above scenario, the neighbour entry does not get a chance to get
> PROBEd as subsequent call to neigh_update() marks  this entry STALE.
> This patch initializes the neigh-entry correctly if it was created as a
> result of neigh_lookup instead of just updating it in neigh_event_ns()
> right after creating it.
>
> Signed-off-by: Mahesh Bandewar 
> ---
>  net/core/neighbour.c | 10 +++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
> index 16a1a4c4eb57..d8a35db6c43b 100644
> --- a/net/core/neighbour.c
> +++ b/net/core/neighbour.c
> @@ -1300,9 +1300,13 @@ struct neighbour *neigh_event_ns(struct neigh_table 
> *tbl,
>  {
> struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev,
>  lladdr || !dev->addr_len);
> -   if (neigh)
> -   neigh_update(neigh, lladdr, NUD_STALE,
> -NEIGH_UPDATE_F_OVERRIDE, 0);
> +   if (neigh) {
> +   if (neigh->nud_state & NUD_VALID)
> +   neigh_update(neigh, lladdr, NUD_STALE,
> +NEIGH_UPDATE_F_OVERRIDE, 0);
> +   else
> +   neigh_event_send(neigh, NULL);
> +   }
> return neigh;
>  }
>  EXPORT_SYMBOL(neigh_event_ns);
> --
> 2.14.1.480.gb18f417b89-goog
>

Re: [PATCH v2] sctp: fully initialize the IPv6 address in sctp_v6_to_addr()

2017-08-14 Thread 
Hi,

2017-08-15 3:43 GMT+09:00 Alexander Potapenko :
> KMSAN reported use of uninitialized sctp_addr->v4.sin_addr.s_addr and
> sctp_addr->v6.sin6_scope_id in sctp_v6_cmp_addr() (see below).
> Make sure all fields of an IPv6 address are initialized, which
> guarantees that the IPv4 fields are also initialized.
>
> ==
>  BUG: KMSAN: use of uninitialized memory in sctp_v6_cmp_addr+0x8d4/0x9f0
>  net/sctp/ipv6.c:517
>  CPU: 2 PID: 31056 Comm: syz-executor1 Not tainted 4.11.0-rc5+ #2944
>  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs
>  01/01/2011
>  Call Trace:
>   dump_stack+0x172/0x1c0 lib/dump_stack.c:42
>   is_logbuf_locked mm/kmsan/kmsan.c:59 [inline]
>   kmsan_report+0x12a/0x180 mm/kmsan/kmsan.c:938
>   native_save_fl arch/x86/include/asm/irqflags.h:18 [inline]
>   arch_local_save_flags arch/x86/include/asm/irqflags.h:72 [inline]
>   arch_local_irq_save arch/x86/include/asm/irqflags.h:113 [inline]
>   __msan_warning_32+0x61/0xb0 mm/kmsan/kmsan_instr.c:467
>   sctp_v6_cmp_addr+0x8d4/0x9f0 net/sctp/ipv6.c:517
>   sctp_v6_get_dst+0x8c7/0x1630 net/sctp/ipv6.c:290
>   sctp_transport_route+0x101/0x570 net/sctp/transport.c:292
>   sctp_assoc_add_peer+0x66d/0x16f0 net/sctp/associola.c:651
>   sctp_sendmsg+0x35a5/0x4f90 net/sctp/socket.c:1871
>   inet_sendmsg+0x498/0x670 net/ipv4/af_inet.c:762
>   sock_sendmsg_nosec net/socket.c:633 [inline]
>   sock_sendmsg net/socket.c:643 [inline]
>   SYSC_sendto+0x608/0x710 net/socket.c:1696
>   SyS_sendto+0x8a/0xb0 net/socket.c:1664
>   entry_SYSCALL_64_fastpath+0x13/0x94
>  RIP: 0033:0x44b479
>  RSP: 002b:7f6213f21c08 EFLAGS: 0286 ORIG_RAX: 002c
>  RAX: ffda RBX: 2000 RCX: 0044b479
>  RDX: 0041 RSI: 20edd000 RDI: 0006
>  RBP: 007080a8 R08: 20b85fe4 R09: 001c
>  R10: 00040005 R11: 0286 R12: 
>  R13: 3760 R14: 006e5820 R15: 00ff8000
>  origin description: dst_saddr@sctp_v6_get_dst
>  local variable created at:
>   sk_fullsock include/net/sock.h:2321 [inline]
>   inet6_sk include/linux/ipv6.h:309 [inline]
>   sctp_v6_get_dst+0x91/0x1630 net/sctp/ipv6.c:241
>   sctp_transport_route+0x101/0x570 net/sctp/transport.c:292
> ==
>  BUG: KMSAN: use of uninitialized memory in sctp_v6_cmp_addr+0x8d4/0x9f0
>  net/sctp/ipv6.c:517
>  CPU: 2 PID: 31056 Comm: syz-executor1 Not tainted 4.11.0-rc5+ #2944
>  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs
>  01/01/2011
>  Call Trace:
>   dump_stack+0x172/0x1c0 lib/dump_stack.c:42
>   is_logbuf_locked mm/kmsan/kmsan.c:59 [inline]
>   kmsan_report+0x12a/0x180 mm/kmsan/kmsan.c:938
>   native_save_fl arch/x86/include/asm/irqflags.h:18 [inline]
>   arch_local_save_flags arch/x86/include/asm/irqflags.h:72 [inline]
>   arch_local_irq_save arch/x86/include/asm/irqflags.h:113 [inline]
>   __msan_warning_32+0x61/0xb0 mm/kmsan/kmsan_instr.c:467
>   sctp_v6_cmp_addr+0x8d4/0x9f0 net/sctp/ipv6.c:517
>   sctp_v6_get_dst+0x8c7/0x1630 net/sctp/ipv6.c:290
>   sctp_transport_route+0x101/0x570 net/sctp/transport.c:292
>   sctp_assoc_add_peer+0x66d/0x16f0 net/sctp/associola.c:651
>   sctp_sendmsg+0x35a5/0x4f90 net/sctp/socket.c:1871
>   inet_sendmsg+0x498/0x670 net/ipv4/af_inet.c:762
>   sock_sendmsg_nosec net/socket.c:633 [inline]
>   sock_sendmsg net/socket.c:643 [inline]
>   SYSC_sendto+0x608/0x710 net/socket.c:1696
>   SyS_sendto+0x8a/0xb0 net/socket.c:1664
>   entry_SYSCALL_64_fastpath+0x13/0x94
>  RIP: 0033:0x44b479
>  RSP: 002b:7f6213f21c08 EFLAGS: 0286 ORIG_RAX: 002c
>  RAX: ffda RBX: 2000 RCX: 0044b479
>  RDX: 0041 RSI: 20edd000 RDI: 0006
>  RBP: 007080a8 R08: 20b85fe4 R09: 001c
>  R10: 00040005 R11: 0286 R12: 
>  R13: 3760 R14: 006e5820 R15: 00ff8000
>  origin description: dst_saddr@sctp_v6_get_dst
>  local variable created at:
>   sk_fullsock include/net/sock.h:2321 [inline]
>   inet6_sk include/linux/ipv6.h:309 [inline]
>   sctp_v6_get_dst+0x91/0x1630 net/sctp/ipv6.c:241
>   sctp_transport_route+0x101/0x570 net/sctp/transport.c:292
> ==
>
> Signed-off-by: Alexander Potapenko 
> Reviewed-by: Xin Long 
> ---
> v2 is identical to v1, resending per request by Marcelo Ricardo Leitner.
> ---
>  net/sctp/ipv6.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
> index 2a186b201ad2..a15d691829c6 100644
> --- a/net/sctp/ipv6.c
> +++ b/net/sctp/ipv6.c
> @@ -513,6 +513,8 @@ static void sctp_v6_to_addr(union sctp_addr *addr, struct 
> in6_addr *saddr,
> addr->sa.sa_family =

Re: [PATCH RFC net-next] net: Allow name change of IFF_UP interfaces

2017-08-09 Thread 
2017-08-09 19:42 GMT+09:00 Vitaly Kuznetsov :
> What happens is: __netvsc_vf_setup() does dev_open() for the VF device and
> the consecutive dev_change_name() fails with -EBUSY because of the
> (dev->flags & IFF_UP) check. The history of this code predates git so I
> wasn't able to figure out when and why the check was added, everything
> seems to work fine without it. dev_change_name() has only two call sites,
> both hold rtnl_lock.
>
> Signed-off-by: Vitaly Kuznetsov 
> ---
>  RFC: I'm probably miossing something obvious and the check can't be just
>  dropped. Stephen suggested a different solution to the isuue:
>  https://www.spinics.net/lists/netdev/msg448243.html but it has its own
>  drawbacks.
> ---
>  net/core/dev.c | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 1d75499add72..c608e233a78a 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -1186,8 +1186,6 @@ int dev_change_name(struct net_device *dev, const char 
> *newname)
> BUG_ON(!dev_net(dev));
>
> net = dev_net(dev);
> -   if (dev->flags & IFF_UP)
> -   return -EBUSY;
>
> write_seqcount_begin(_rename_seq);

I think people expect the name won't change while up
and I don't think it is a good idea to allow changing the
name while the interface is up.

--yoshfuji


>
> --
> 2.13.4
>

Re: [PATCH net-next 1/2] net: ndisc.c: fix coding style issue

2017-05-26 Thread 
Hi,

2017-05-26 22:55 GMT+09:00 yuan linyu <cug...@163.com>:
> On 五, 2017-05-26 at 22:45 +0900, 吉藤英明 wrote:
>> Hi,
>>
>> 2017-05-26 22:23 GMT+09:00 yuan linyu <cug...@163.com>:
>> >
>> > From: yuan linyu <linyu.y...@alcatel-sbell.com.cn>
>> >
>> > Signed-off-by: yuan linyu <linyu.y...@alcatel-sbell.com.cn>
>> > ---
>> >  net/ipv6/ndisc.c | 109 
>> > ---
>> >  1 file changed, 55 insertions(+), 54 deletions(-)
>> Sorry, I don't think this kind of change for style is good
>> bacause this makes effort of  backport more difficult.
> hi, i can't understand.
> if any change of this code you decide to backport, it need effort,
> not only important fix.
>
> do I miss your point ?

Please let us minimize our effort when doing so.

If the style is not changed, we have more chance to apply the patch
itself on top of old tree.

Thank you.

>>
>> --yoshfuji
>>
>
>

Re: [PATCH net-next 1/2] net: ndisc.c: fix coding style issue

2017-05-26 Thread 
Hi,

2017-05-26 22:23 GMT+09:00 yuan linyu :
> From: yuan linyu 
>
> Signed-off-by: yuan linyu 
> ---
>  net/ipv6/ndisc.c | 109 
> ---
>  1 file changed, 55 insertions(+), 54 deletions(-)

Sorry, I don't think this kind of change for style is good
bacause this makes effort of  backport more difficult.

--yoshfuji

>
> diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
> index d310dc4..292c827 100644
> --- a/net/ipv6/ndisc.c
> +++ b/net/ipv6/ndisc.c
> @@ -99,7 +99,6 @@ static const struct neigh_ops ndisc_hh_ops = {
> .connected_output = neigh_resolve_output,
>  };
>
> -
>  static const struct neigh_ops ndisc_direct_ops = {
> .family =   AF_INET6,
> .output =   neigh_direct_output,
> @@ -147,13 +146,13 @@ void __ndisc_fill_addr_option(struct sk_buff *skb, int 
> type, void *data,
> u8 *opt = skb_put(skb, space);
>
> opt[0] = type;
> -   opt[1] = space>>3;
> +   opt[1] = space >> 3;
>
> memset(opt + 2, 0, pad);
> opt   += pad;
> space -= pad;
>
> -   memcpy(opt+2, data, data_len);
> +   memcpy(opt + 2, data, data_len);
> data_len += 2;
> opt += data_len;
> space -= data_len;
> @@ -182,6 +181,7 @@ static struct nd_opt_hdr *ndisc_next_option(struct 
> nd_opt_hdr *cur,
> struct nd_opt_hdr *end)
>  {
> int type;
> +
> if (!cur || !end || cur >= end)
> return NULL;
> type = cur->nd_opt_type;
> @@ -222,6 +222,7 @@ struct ndisc_options *ndisc_parse_options(const struct 
> net_device *dev,
> memset(ndopts, 0, sizeof(*ndopts));
> while (opt_len) {
> int l;
> +
> if (opt_len < sizeof(struct nd_opt_hdr))
> return NULL;
> l = nd_opt->nd_opt_len << 3;
> @@ -327,9 +328,8 @@ static int ndisc_constructor(struct neighbour *neigh)
> bool is_multicast = ipv6_addr_is_multicast(addr);
>
> in6_dev = in6_dev_get(dev);
> -   if (!in6_dev) {
> +   if (!in6_dev)
> return -EINVAL;
> -   }
>
> parms = in6_dev->nd_parms;
> __neigh_parms_put(neigh->parms);
> @@ -344,12 +344,12 @@ static int ndisc_constructor(struct neighbour *neigh)
> if (is_multicast) {
> neigh->nud_state = NUD_NOARP;
> ndisc_mc_map(addr, neigh->ha, dev, 1);
> -   } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
> +   } else if (dev->flags & (IFF_NOARP | IFF_LOOPBACK)) {
> neigh->nud_state = NUD_NOARP;
> memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
> -   if (dev->flags_LOOPBACK)
> +   if (dev->flags & IFF_LOOPBACK)
> neigh->type = RTN_LOCAL;
> -   } else if (dev->flags_POINTOPOINT) {
> +   } else if (dev->flags & IFF_POINTOPOINT) {
> neigh->nud_state = NUD_NOARP;
> memcpy(neigh->ha, dev->broadcast, dev->addr_len);
> }
> @@ -357,7 +357,7 @@ static int ndisc_constructor(struct neighbour *neigh)
> neigh->ops = _hh_ops;
> else
> neigh->ops = _generic_ops;
> -   if (neigh->nud_state_VALID)
> +   if (neigh->nud_state & NUD_VALID)
> neigh->output = neigh->ops->connected_output;
> else
> neigh->output = neigh->ops->output;
> @@ -580,7 +580,7 @@ void ndisc_send_ns(struct net_device *dev, const struct 
> in6_addr *solicit,
>
> if (!saddr) {
> if (ipv6_get_lladdr(dev, _buf,
> -  (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
> +  (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)))
> return;
> saddr = _buf;
> }
> @@ -641,9 +641,8 @@ void ndisc_send_rs(struct net_device *dev, const struct 
> in6_addr *saddr,
> struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), 
> saddr,
>dev, 1);
> if (ifp) {
> -   if (ifp->flags & IFA_F_OPTIMISTIC)  {
> +   if (ifp->flags & IFA_F_OPTIMISTIC)
> send_sllao = 0;
> -   }
> in6_ifa_put(ifp);
> } else {
> send_sllao = 0;
> @@ -672,7 +671,6 @@ void ndisc_send_rs(struct net_device *dev, const struct 
> in6_addr *saddr,
> ndisc_send_skb(skb, daddr, saddr);
>  }
>
> -
>  static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
>  {
>

Re: [PATCH net 1/2] ipv6: add missing netconf notif when 'all' is updated

2016-08-29 Thread 
Hi,

2016-08-29 22:00 GMT+09:00 Sergei Shtylyov :
> Hello.
>
> On 8/29/2016 1:05 PM, Nicolas Dichtel wrote:
>
>> The 'default' value was not advertised.
>>
>> Fixes: f3a1bfb11ccb ("rtnl/ipv6: use netconf msg to advertise forwarding
>> status")
>> Signed-off-by: Nicolas Dichtel 
>> ---
>>  net/ipv6/addrconf.c | 7 +++
>>  1 file changed, 7 insertions(+)
>>
>> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
>> index f418d2eaeddd..299f0656e87f 100644
>> --- a/net/ipv6/addrconf.c
>> +++ b/net/ipv6/addrconf.c
>> @@ -778,7 +778,14 @@ static int addrconf_fixup_forwarding(struct ctl_table
>> *table, int *p, int newf)
>> }
>>
>> if (p == >ipv6.devconf_all->forwarding) {
>> +   int old_dftl = net->ipv6.devconf_dflt->forwarding;
>> +
>> net->ipv6.devconf_dflt->forwarding = newf;
>> +   if ((!newf) ^ (!old_dftl))
>
>
>IIUC, !'s are not necessary here (and more so the parens around them).
> And perhaps ^ can be changed to != for clarity...

No, it will break.

--yoshfuji

Re: [PATCH net] net: ipv6: Fix ping to link-local addresses.

2016-08-08 Thread 
Hi,

2016-08-08 23:45 GMT+09:00 Lorenzo Colitti :
> On Mon, Aug 8, 2016 at 11:26 PM, Hannes Frederic Sowa
>  wrote:
>>> - if (sk->sk_bound_dev_if &&
>>> - sk->sk_bound_dev_if != u->sin6_scope_id) {
>>> - return -EINVAL;
>>> - }
>>
>> Hmm, sk->sk_bound_dev_if always has highest prio for the selection of
>> the output interface. Thus this code made sense to me.
>
> Removing it is consistent with the other sendmsg functions such as
> udpv6_sendmsg or rawv6_sendmsg.
>
> There is similar code in __ip6_datagram_connect, but that seems a bit
> different because that code also *sets* sk_bound_dev_if.
>
> Personally I think it's better for pingv6_sendmsg be consistent with
> the other *_sendmsg functions than with ip6_datagram_connect, and thus
> the code should be removed. But I don't feel particularly strongly
> about it.

Following must be met, at least, IMHO.
- SO_BINDTODEVICE requires "root", which sets sk_bound_dev_if.
- sin6_scope_id and sk_bound_dev_if should match (if the address it
link-local address), or each or both should equal to 0.

I think it would make more sense if former setting wins...

--yoshfuji

Re: [PATCH] net: neigh: disallow state transition DELAY->STALE in neigh_update()

2016-07-25 Thread 
Hi,

2016-07-25 17:13 GMT+09:00 Chunhui He :
>>> The NEIGH_UPDATE_F_WEAK_OVERRIDE is confusing to me, so I choose not to deal
>>> with the flag.
>>
>> IPv6 depends on WEAK_OVERRIDE.  Please do not change.
>>
>
> It seems like IPv6 always sets WEAK_OVERRIDE.
>

Yes.

> As Julian said, maybe there is no good reason to set NUD_STALE for any state
> that is NUD_VALID if address is not changed, even WEAK_OVERRIDE is not set.
> So we may eliminate WEAK_OVERRIDE in that branch.
>
> I think this change should not break IPv6.

OK, following blocks are "no-op" and we will get same result.

Well, please do not try changing several things at the same time and
you could say:

if (ladder == neigh->ha && new == NUD_STALE &&
!(flags & NUD_UPDATE_F_ADMIN))
new = old;

I think I tried to maintain our traditional IPv4 behavior (e.g. as of
2.2 era), BTW...

--yoshfuji

Re: [PATCH] net: neigh: disallow state transition DELAY->STALE in neigh_update()

2016-07-24 Thread YOSHIFUJI Hideaki/ 
8.111 dev wlan0 lladdr 00:11:22:33:44:55 PERMANENT
>>
>>  IMHO, here is how this place should look:
>>
>> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
>> index 5cdc62a..2b1cb91 100644
>> --- a/net/core/neighbour.c
>> +++ b/net/core/neighbour.c
>> @@ -1151,10 +1151,8 @@ int neigh_update(struct neighbour *neigh, const u8 
>> *lladdr, u8 new,
>>  goto out;
>>  } else {
>>  if (lladdr == neigh->ha && new == NUD_STALE &&
>> -((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) ||
>> - (old & NUD_CONNECTED))
>> -)
>> -new = old;
>> +!(flags & NEIGH_UPDATE_F_ADMIN))
>> +goto out;
>>  }
>>  }
>>
>>  Any thoughts?
>>  
>> Regards
>>
>> --
>> Julian Anastasov <j...@ssi.bg>
> 
> Regards,
> Chunhui He
> 

-- 
吉藤英明 <hideaki.yoshif...@miraclelinux.com>
ミラクル・リナックス株式会社 技術本部 サポート部

Re: [PATCHv3 net-next 08/12] ipv6: introduce neighbour discovery ops

2016-06-15 Thread YOSHIFUJI Hideaki/ 
gt; +  NEIGH_UPDATE_F_OVERRIDE,
> +  NDISC_NEIGHBOUR_SOLICITATION, );
>   if (neigh || !dev->header_ops) {
>   ndisc_send_na(dev, saddr, >target, !!is_router,
> true, (ifp != NULL && inc), inc);
> @@ -917,7 +947,7 @@ static void ndisc_recv_na(struct sk_buff *skb)
>   idev->cnf.drop_unsolicited_na)
>   return;
>  
> - if (!ndisc_parse_options(msg->opt, ndoptlen, )) {
> + if (!ndisc_parse_options(dev, msg->opt, ndoptlen, )) {
>   ND_PRINTK(2, warn, "NS: invalid ND option\n");
>   return;
>   }
> @@ -973,12 +1003,13 @@ static void ndisc_recv_na(struct sk_buff *skb)
>   goto out;
>   }
>  
> - neigh_update(neigh, lladdr,
> + ndisc_update(dev, neigh, lladdr,
>msg->icmph.icmp6_solicited ? NUD_REACHABLE : 
> NUD_STALE,
>NEIGH_UPDATE_F_WEAK_OVERRIDE|
>(msg->icmph.icmp6_override ? 
> NEIGH_UPDATE_F_OVERRIDE : 0)|
>NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
> -  (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER 
> : 0));
> +  (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER 
> : 0),
> +  NDISC_NEIGHBOUR_ADVERTISEMENT, );
>  
>   if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
>   /*
> @@ -1023,7 +1054,7 @@ static void ndisc_recv_rs(struct sk_buff *skb)
>   goto out;
>  
>   /* Parse ND options */
> - if (!ndisc_parse_options(rs_msg->opt, ndoptlen, )) {
> + if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, )) {
>   ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
>   goto out;
>   }
> @@ -1037,10 +1068,11 @@ static void ndisc_recv_rs(struct sk_buff *skb)
>  
>   neigh = __neigh_lookup(_tbl, saddr, skb->dev, 1);
>   if (neigh) {
> - neigh_update(neigh, lladdr, NUD_STALE,
> + ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
>NEIGH_UPDATE_F_WEAK_OVERRIDE|
>NEIGH_UPDATE_F_OVERRIDE|
> -  NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
> +  NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
> +  NDISC_ROUTER_SOLICITATION, );
>   neigh_release(neigh);
>   }
>  out:
> @@ -1141,7 +1173,7 @@ static void ndisc_router_discovery(struct sk_buff *skb)
>   return;
>   }
>  
> - if (!ndisc_parse_options(opt, optlen, )) {
> + if (!ndisc_parse_options(skb->dev, opt, optlen, )) {
>   ND_PRINTK(2, warn, "RA: invalid ND options\n");
>   return;
>   }
> @@ -1335,11 +1367,12 @@ skip_linkparms:
>   goto out;
>   }
>   }
> - neigh_update(neigh, lladdr, NUD_STALE,
> + ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
>NEIGH_UPDATE_F_WEAK_OVERRIDE|
>NEIGH_UPDATE_F_OVERRIDE|
>NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
> -  NEIGH_UPDATE_F_ISROUTER);
> +  NEIGH_UPDATE_F_ISROUTER,
> +  NDISC_ROUTER_ADVERTISEMENT, );
>   }
>  
>   if (!ipv6_accept_ra(in6_dev)) {
> @@ -1427,7 +1460,8 @@ skip_routeinfo:
>   struct nd_opt_hdr *p;
>   for (p = ndopts.nd_useropts;
>p;
> -  p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
> +  p = ndisc_next_useropt(skb->dev, p,
> + ndopts.nd_useropts_end)) {
>   ndisc_ra_useropt(skb, p);
>   }
>   }
> @@ -1465,7 +1499,7 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
>   return;
>   }
>  
> - if (!ndisc_parse_options(msg->opt, ndoptlen, ))
> + if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, ))
>   return;
>  
>   if (!ndopts.nd_opts_rh) {
> @@ -1510,7 +1544,8 @@ void ndisc_send_redirect(struct sk_buff *skb, const 
> struct in6_addr *target)
>   struct dst_entry *dst;
>   struct flowi6 fl6;
>   int rd_len;
> - u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
> + u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
> +ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
>   int oif = l3mdev_fib_oif(dev);
>   bool ret;
>  
> @@ -1569,7 +1604,9 @@ void ndisc_send_redirect(struct sk_buff *skb, const 
> struct in6_addr *target)
>   memcpy(ha_buf, neigh->ha, dev->addr_len);
>   read_unlock_bh(>lock);
>   ha = ha_buf;
> - optlen += ndisc_opt_addr_space(dev);
> + optlen += ndisc_redirect_opt_addr_space(dev, neigh,
> + ops_data_buf,
> + _data);
>   } else
>   read_unlock_bh(>lock);
>  
> @@ -1600,7 +1637,7 @@ void ndisc_send_redirect(struct sk_buff *skb, const 
> struct in6_addr *target)
>*/
>  
>   if (ha)
> - ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
> + ndisc_fill_redirect_addr_option(buff, ha, ops_data);
>  
>   /*
>*  build redirect option and copy skb over to the new packet.
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index c6ae6f9..af6f711 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -2200,7 +2200,7 @@ static void rt6_do_redirect(struct dst_entry *dst, 
> struct sock *sk, struct sk_bu
>*  first-hop router for the specified ICMP Destination Address.
>*/
>  
> - if (!ndisc_parse_options(msg->opt, optlen, )) {
> + if (!ndisc_parse_options(skb->dev, msg->opt, optlen, )) {
>   net_dbg_ratelimited("rt6_redirect: invalid ND options\n");
>   return;
>   }
> @@ -2235,12 +2235,12 @@ static void rt6_do_redirect(struct dst_entry *dst, 
> struct sock *sk, struct sk_bu
>*  We have finally decided to accept it.
>*/
>  
> - neigh_update(neigh, lladdr, NUD_STALE,
> + ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
>NEIGH_UPDATE_F_WEAK_OVERRIDE|
>NEIGH_UPDATE_F_OVERRIDE|
>(on_link ? 0 : (NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
> -  NEIGH_UPDATE_F_ISROUTER))
> -  );
> +  NEIGH_UPDATE_F_ISROUTER)),
> +  NDISC_REDIRECT, );
>  
>   nrt = ip6_rt_cache_alloc(rt, >dest, NULL);
>   if (!nrt)
> 

-- 
吉藤英明 <hideaki.yoshif...@miraclelinux.com>
ミラクル・リナックス株式会社 技術本部 サポート部

Re: Issue with ping source address display

2016-04-12 Thread 
Hi,

2016-04-13 2:52 GMT+09:00 Daniele Orlandi :
>
> Hello,
>
> More than one year ago I posted the following message but it hasn't
> received a reply, now I've been stung by a similar issue, you may want
> to investigate:
>
>
> I noticed that when ping receives ICMP messages from different sources
> the first IP address is always used and displayed:
>
>
> vihai@seviolab:~$ ping -V
> ping utility, iputils-s20121221
>
> This is a (simulated) flapping route:
>
> vihai@seviolab:~$ ping 10.254.10.140
> PING 10.254.10.140 (10.254.10.140) 56(84) bytes of data.
> From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
> From 192.168.1.1 icmp_seq=2 Destination Host Unreachable
> From 192.168.1.1 icmp_seq=3 Destination Host Unreachable
> 64 bytes from 192.168.1.1: icmp_seq=4 ttl=61 time=24.7 ms
> 64 bytes from 192.168.1.1: icmp_seq=5 ttl=61 time=25.6 ms
> 64 bytes from 192.168.1.1: icmp_seq=6 ttl=61 time=69.6 ms
> From 192.168.1.1 icmp_seq=7 Destination Host Unreachable
> From 192.168.1.1 icmp_seq=8 Destination Host Unreachable
> From 192.168.1.1 icmp_seq=9 Destination Host Unreachable
> ^C
> --- 10.254.10.140 ping statistics ---
> 9 packets transmitted, 3 received, +6 errors, 66% packet loss, time 8001ms
> rtt min/avg/max/mdev = 24.797/40.061/69.692/20.955 ms
>
>
> The sources, however are different:
>
> vihai@seviolab:~$ sudo tcpdump -n icmp
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
> ^[OA^[OA^[OA17:09:55.932981 IP 192.168.1.21 > 10.254.10.140: ICMP echo
> request, id 9278, seq 1, length 64
> 17:09:55.933234 IP 192.168.1.1 > 192.168.1.21: ICMP host 10.254.10.140
> unreachable, length 92
> 17:09:56.933169 IP 192.168.1.21 > 10.254.10.140: ICMP echo request, id
> 9278, seq 2, length 64
> 17:09:56.933416 IP 192.168.1.1 > 192.168.1.21: ICMP host 10.254.10.140
> unreachable, length 92
> 17:09:57.933160 IP 192.168.1.21 > 10.254.10.140: ICMP echo request, id
> 9278, seq 3, length 64
> 17:09:57.933404 IP 192.168.1.1 > 192.168.1.21: ICMP host 10.254.10.140
> unreachable, length 92
> 17:09:58.933163 IP 192.168.1.21 > 10.254.10.140: ICMP echo request, id
> 9278, seq 4, length 64
> 17:09:58.957939 IP 10.254.10.140 > 192.168.1.21: ICMP echo reply, id
> 9278, seq 4, length 64
> 17:09:59.935050 IP 192.168.1.21 > 10.254.10.140: ICMP echo request, id
> 9278, seq 5, length 64
> 17:09:59.960724 IP 10.254.10.140 > 192.168.1.21: ICMP echo reply, id
> 9278, seq 5, length 64
> 17:10:00.936177 IP 192.168.1.21 > 10.254.10.140: ICMP echo request, id
> 9278, seq 6, length 64
> 17:10:01.005849 IP 10.254.10.140 > 192.168.1.21: ICMP echo reply, id
> 9278, seq 6, length 64
> 17:10:01.936313 IP 192.168.1.21 > 10.254.10.140: ICMP echo request, id
> 9278, seq 7, length 64
> 17:10:01.936626 IP 192.168.1.1 > 192.168.1.21: ICMP host 10.254.10.140
> unreachable, length 92
> 17:10:02.935321 IP 192.168.1.21 > 10.254.10.140: ICMP echo request, id
> 9278, seq 8, length 64
> 17:10:02.935591 IP 192.168.1.1 > 192.168.1.21: ICMP host 10.254.10.140
> unreachable, length 92
> 17:10:03.934322 IP 192.168.1.21 > 10.254.10.140: ICMP echo request, id
> 9278, seq 9, length 64
> 17:10:03.934613 IP 192.168.1.1 > 192.168.1.21: ICMP host 10.254.10.140
> unreachable, length 92
>

Thank you for your report.  I'll try fixing it.

--yoshfuji

>
>
>
> Tried with a different ping implementation (RouterOS) and the behaviour
> seems correct:
>
> [vihai@SevioLab SW1] > ping 10.254.10.140
> HOST SIZE TTL TIME  STATUS
> 192.168.1.1 84  64 0ms   host unreachable
> 192.168.1.1 84  64 0ms   host unreachable
> 192.168.1.1 84  64 0ms   host unreachable
> 10.254.10.140   56  61 20ms
> 10.254.10.140   56  61 46ms
> 10.254.10.140   56  61 37ms
> 192.168.1.1 84  64 0ms   host unreachable
> 192.168.1.1 84  64 0ms   host unreachable
> 192.168.1.1 84  64 0ms   host unreachable
> sent=9 received=3 packet-loss=66% min-rtt=20ms avg-rtt=34ms max-rtt=46ms
>
>
> Recently I was pinging with IPv6, a router in between filtered the
> packet, however the shown source address was not the right one:
>
> root@monitor:~# ping6 -i 0.2 www.google.com
> PING www.google.com(mil01s25-in-x04.1e100.net) 56 data bytes
> From mil01s25-in-x04.1e100.net icmp_seq=1 Destination unreachable: No route
> From mil01s25-in-x04.1e100.net icmp_seq=2 Destination unreachable: No route
> From mil01s25-in-x04.1e100.net icmp_seq=3 Destination unreachable: No route
>
> 19:33:19.589285 IP6 2a01:2d8:aca0:fce:944e:c8ff:fe4d:96de >
> mil01s25-in-x04.1e100.net: ICMP6, echo request, seq 1, length 64
> 19:33:19.611666 IP6 mix-br2.intercom.it >
> 2a01:2d8:aca0:fce:944e:c8ff:fe4d:96de: ICMP6, destination unreachable,
> unreachable route

Re: [PATCH 1/4] kernel: time: Add current_nw_timestamp() for network timestamps

2016-02-25 Thread YOSHIFUJI Hideaki/ 
Hi,

Deepa Dinamani wrote:
>>>  include/linux/ip.h |  2 ++
>>>  include/linux/time64.h |  3 +++
>>>  kernel/time/time.c | 26 ++
>>>  3 files changed, 31 insertions(+)
>>>
>> Since net/ipv4/* are the only users, it is enough to put
>> it in under net/ipv4/.
> 
> time.c hosts functions that are used by individual subsystems like
> current_fs_time() used by filesystems
> (sometimes used by other subsystems also).
> 
> The network timestamp function is used for both source route ip option
> and timestamp icmp messages.
> So it makes it difficult for it to be owned by a single layer.
> This is the reason it was chosen to include here.
> 
> Another option is to include it in the lowest layer its used:
> af_inet.c. Is this what you were suggesting?
> 

Yes, that's right.

--yoshfuji

> -Deepa
>

Re: [RFCv3 bluetooth-next 3/4] ipv6: add ipv6_addr_prefix_copy

2015-12-01 Thread YOSHIFUJI Hideaki/ 
Hannes Frederic Sowa wrote:
> 
> 
> On Sun, Nov 29, 2015, at 12:34, Alexander Aring wrote:
>> This patch adds a static inline function ipv6_addr_prefix_copy which
>> copies a ipv6 address prefix(argument pfx) into the ipv6 address prefix.
>> The prefix len is given by plen as bits. This function mainly based on
>> ipv6_addr_prefix which copies one address prefix from address into a new
>> ipv6 address destination and zero all other address bits.
>>
>> The difference is that ipv6_addr_prefix_copy don't get a prefix from an
>> ipv6 address, it sets a prefix to an ipv6 address with keeping other
>> address bits. The use case is for context based address compression
>> inside 6LoWPAN IPHC header which keeping ipv6 prefixes inside a context
>> table to lookup address-bits without sending them.
>>
>> Cc: David S. Miller <da...@davemloft.net>
>> Cc: Alexey Kuznetsov <kuz...@ms2.inr.ac.ru>
>> Cc: James Morris <jmor...@namei.org>
>> Cc: Hideaki YOSHIFUJI <yoshf...@linux-ipv6.org>
>> Cc: Patrick McHardy <ka...@trash.net>
>> Signed-off-by: Alexander Aring <alex.ar...@gmail.com>
>> ---
>>  include/net/ipv6.h | 15 +++
>>  1 file changed, 15 insertions(+)
>>
>> diff --git a/include/net/ipv6.h b/include/net/ipv6.h
>> index e1a10b0..cd3881e6 100644
>> --- a/include/net/ipv6.h
>> +++ b/include/net/ipv6.h
>> @@ -382,6 +382,21 @@ static inline void ipv6_addr_prefix(struct in6_addr
>> *pfx,
>>  pfx->s6_addr[o] = addr->s6_addr[o] & (0xff00 >> b);
>>  }
>>  
>> +static inline void ipv6_addr_prefix_copy(struct in6_addr *addr,
>> +const struct in6_addr *pfx,
>> +int plen)
>> +{
>> +   /* caller must guarantee 0 <= plen <= 128 */
>> +   int o = plen >> 3,
>> +   b = plen & 0x7;
>> +
>> +   memcpy(addr->s6_addr, pfx, o);
>> +   if (b != 0) {
>> +   addr->s6_addr[o] &= ~(0xff00 >> b);
>> +   addr->s6_addr[o] |= (pfx->s6_addr[o] & (0xff00 >> b));
>> +   }
>> +}
>> +
> 
> Acked-by: Hannes Frederic Sowa <han...@stressinduktion.org>
Acked-by: YOSHIFUJI Hideaki <yoshf...@linux-ipv6.org>


> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

-- 
吉藤英明 <hideaki.yoshif...@miraclelinux.com>
ミラクル・リナックス株式会社 技術本部 サポート部
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC] ipv6: use a random ifid for headerless devices

2015-11-30 Thread 
Hi,

2015-11-30 20:55 GMT+09:00 Bjørn Mork :
> Generating a random ifid for devices with no L2 header
> at all, allowing such devices to take part in IPv6
> autoconfiguration. The tuntap driver is one example of
> a driver where such an ifid would be useful.
>
> Note that as there is no persistence, new addresses
> will be generated every time an interface is brought up:
>
>  # ip -6 addr show dev tun0
>  8: tun0:  mtu 1500 state UNKNOWN 
> qlen 500
>  inet6 fe80::eef2:111c:f270:92ba/64 scope link
> valid_lft forever preferred_lft forever
>  # ip link set tun0 down
>  # ip link set tun0 up
>  # ip -6 addr show dev tun0
>  8: tun0:  mtu 1500 state UNKNOWN 
> qlen 500
>  inet6 fe80::eec0:48d0:6b52:8835/64 scope link
> valid_lft forever preferred_lft forever
>
> Signed-off-by: Bjørn Mork 
> ---
> I'm planning raw-ip support for the qmi_wwan driver.  And
> the feedback from primary users (ModemManager++) is that
> a headerless netdev is preferred over a fake ethernet
> device. The current plan is to model this after 'tun'
> devices, using ARPHRD_NONE as type.
>
> But these devices will need an IPv6 link local address for
> full SLAAC support.  I am therefore wondering if an approach
> like this patch will be acceptable, or if I should look for
> some other solution?
>
>
>
> Bjørn
>
>
>  net/ipv6/addrconf.c | 14 --
>  1 file changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
> index d84742f003a9..6cf3cae691a5 100644
> --- a/net/ipv6/addrconf.c
> +++ b/net/ipv6/addrconf.c
> @@ -53,6 +53,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  #include 
>  #include 
>  #include 
> @@ -2026,6 +2027,13 @@ static int addrconf_ifid_ip6tnl(u8 *eui, struct 
> net_device *dev)
> return 0;
>  }
>
> +static int addrconf_ifid_random(u8 *eui, struct net_device *dev)
> +{
> +   get_random_bytes(eui, 8);
> +   eui[0] |= 0x02;
> +   return 0;
> +}
> +

Since random identifier is locally assigned, drop the global bit
instead if setting it.

--yoshfuji
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v4 1/2] geneve: implement support for IPv6-based tunnels

2015-10-20 Thread YOSHIFUJI Hideaki/ 
f(struct in6_addr) },
>   [IFLA_GENEVE_TTL]   = { .type = NLA_U8 },
>   [IFLA_GENEVE_TOS]   = { .type = NLA_U8 },
>   [IFLA_GENEVE_PORT]  = { .type = NLA_U16 },
> @@ -790,7 +1054,7 @@ static int geneve_validate(struct nlattr *tb[], struct 
> nlattr *data[])
>  
>  static struct geneve_dev *geneve_find_dev(struct geneve_net *gn,
> __be16 dst_port,
> -   __be32 rem_addr,
> +   union geneve_addr *remote,
> u8 vni[],
> bool *tun_on_same_port,
> bool *tun_collect_md)
> @@ -806,7 +1070,7 @@ static struct geneve_dev *geneve_find_dev(struct 
> geneve_net *gn,
>   *tun_on_same_port = true;
>   }
>   if (!memcmp(vni, geneve->vni, sizeof(geneve->vni)) &&
> - rem_addr == geneve->remote.sin_addr.s_addr &&
> + !memcmp(remote, >remote, sizeof(geneve->remote)) &&
>   dst_port == geneve->dst_port)
>   t = geneve;
>   }
> @@ -814,18 +1078,20 @@ static struct geneve_dev *geneve_find_dev(struct 
> geneve_net *gn,
>  }
>  
>  static int geneve_configure(struct net *net, struct net_device *dev,
> - __be32 rem_addr, __u32 vni, __u8 ttl, __u8 tos,
> - __be16 dst_port, bool metadata)
> + union geneve_addr *remote,
> + __u32 vni, __u8 ttl, __u8 tos, __be16 dst_port,
> + bool metadata)
>  {
>   struct geneve_net *gn = net_generic(net, geneve_net_id);
>   struct geneve_dev *t, *geneve = netdev_priv(dev);
>   bool tun_collect_md, tun_on_same_port;
>   int err;
>  
> - if (metadata) {
> - if (rem_addr || vni || tos || ttl)
> - return -EINVAL;
> - }
> + if (!remote)
> + return -EINVAL;
> + if (metadata &&
> + (remote->sa.sa_family != AF_UNSPEC || vni || tos || ttl))
> + return -EINVAL;
>  
>   geneve->net = net;
>   geneve->dev = dev;
> @@ -834,16 +1100,19 @@ static int geneve_configure(struct net *net, struct 
> net_device *dev,
>   geneve->vni[1] = (vni & 0xff00) >> 8;
>   geneve->vni[2] =  vni & 0x00ff;
>  
> - geneve->remote.sin_addr.s_addr = rem_addr;
> - if (IN_MULTICAST(ntohl(geneve->remote.sin_addr.s_addr)))
> + if ((remote->sa.sa_family == AF_INET &&
> +  IN_MULTICAST(ntohl(remote->sin.sin_addr.s_addr))) ||
> + (remote->sa.sa_family == AF_INET6 &&
> +  ipv6_addr_is_multicast(>sin6.sin6_addr)))
>   return -EINVAL;
> + geneve->remote = *remote;
>  
>   geneve->ttl = ttl;
>   geneve->tos = tos;
>   geneve->dst_port = dst_port;
>   geneve->collect_md = metadata;
>  
> - t = geneve_find_dev(gn, dst_port, rem_addr, geneve->vni,
> + t = geneve_find_dev(gn, dst_port, remote, geneve->vni,
>   _on_same_port, _collect_md);
>   if (t)
>   return -EBUSY;
> @@ -870,14 +1139,29 @@ static int geneve_newlink(struct net *net, struct 
> net_device *dev,
>   __be16 dst_port = htons(GENEVE_UDP_PORT);
>   __u8 ttl = 0, tos = 0;
>   bool metadata = false;
> - __be32 rem_addr;
> + union geneve_addr remote;
>   __u32 vni;
>  
> - if (!data[IFLA_GENEVE_ID] || !data[IFLA_GENEVE_REMOTE])
> + if (!data[IFLA_GENEVE_ID] ||
> + (data[IFLA_GENEVE_REMOTE] && data[IFLA_GENEVE_REMOTE6]) ||
> + (!data[IFLA_GENEVE_REMOTE] && !data[IFLA_GENEVE_REMOTE6]))
>   return -EINVAL;
>  
>   vni = nla_get_u32(data[IFLA_GENEVE_ID]);
> - rem_addr = nla_get_in_addr(data[IFLA_GENEVE_REMOTE]);
> +
> + memset(, 0, sizeof(remote));
> + if (data[IFLA_GENEVE_REMOTE]) {
> + remote.sa.sa_family = AF_INET;
> + remote.sin.sin_addr.s_addr =
> + nla_get_in_addr(data[IFLA_GENEVE_REMOTE]);
> + } else if (data[IFLA_GENEVE_REMOTE6]) {
> + if (!IS_ENABLED(CONFIG_IPV6))
> + return -EPFNOSUPPORT;
> +
> + remote.sa.sa_family = AF_INET6;
> + remote.sin6.sin6_addr =
> + nla_get_in6_addr(data[IFLA_GENEVE_REMOTE6]);
> + }
>  
>   if (data[IFLA_GENEVE_TTL])
>   ttl = nla_get_u8(data[IFLA_G

Re: [PATCH net-next v2 1/2] ipv6: Re-arrange code in rt6_probe()

2015-07-27 Thread YOSHIFUJI Hideaki/ 
Martin KaFai Lau wrote:
 It is a prep work for the next patch to remove write_lock
 from rt6_probe().
 
 1. Reduce the number of if(neigh) check.  From 4 to 1.
 2. Bring the write_(un)lock() closer to the operations that the
lock is protecting.
 
 Hopefully, the above make rt6_probe() more readable.
 
 Signed-off-by: Martin KaFai Lau ka...@fb.com
 Cc: Hannes Frederic Sowa han...@stressinduktion.org
 Cc: Julian Anastasov j...@ssi.bg
 Cc: YOSHIFUJI Hideaki hideaki.yoshif...@miraclelinux.com

Acked-by: YOSHIFUJI Hideaki hideaki.yoshif...@miraclelinux.com

--yoshfuji

 ---
  net/ipv6/route.c | 44 
  1 file changed, 20 insertions(+), 24 deletions(-)
 
 diff --git a/net/ipv6/route.c b/net/ipv6/route.c
 index 7f2214f..6d503db 100644
 --- a/net/ipv6/route.c
 +++ b/net/ipv6/route.c
 @@ -545,6 +545,7 @@ static void rt6_probe_deferred(struct work_struct *w)
  
  static void rt6_probe(struct rt6_info *rt)
  {
 + struct __rt6_probe_work *work;
   struct neighbour *neigh;
   /*
* Okay, this does not seem to be appropriate
 @@ -559,34 +560,29 @@ static void rt6_probe(struct rt6_info *rt)
   rcu_read_lock_bh();
   neigh = __ipv6_neigh_lookup_noref(rt-dst.dev, rt-rt6i_gateway);
   if (neigh) {
 + work = NULL;
   write_lock(neigh-lock);
 - if (neigh-nud_state  NUD_VALID)
 - goto out;
 - }
 -
 - if (!neigh ||
 - time_after(jiffies, neigh-updated + 
 rt-rt6i_idev-cnf.rtr_probe_interval)) {
 - struct __rt6_probe_work *work;
 -
 - work = kmalloc(sizeof(*work), GFP_ATOMIC);
 -
 - if (neigh  work)
 - __neigh_set_probe_once(neigh);
 -
 - if (neigh)
 - write_unlock(neigh-lock);
 -
 - if (work) {
 - INIT_WORK(work-work, rt6_probe_deferred);
 - work-target = rt-rt6i_gateway;
 - dev_hold(rt-dst.dev);
 - work-dev = rt-dst.dev;
 - schedule_work(work-work);
 + if (!(neigh-nud_state  NUD_VALID) 
 + time_after(jiffies,
 +neigh-updated +
 +rt-rt6i_idev-cnf.rtr_probe_interval)) {
 + work = kmalloc(sizeof(*work), GFP_ATOMIC);
 + if (work)
 + __neigh_set_probe_once(neigh);
   }
 - } else {
 -out:
   write_unlock(neigh-lock);
 + } else {
 + work = kmalloc(sizeof(*work), GFP_ATOMIC);
 + }
 +
 + if (work) {
 + INIT_WORK(work-work, rt6_probe_deferred);
 + work-target = rt-rt6i_gateway;
 + dev_hold(rt-dst.dev);
 + work-dev = rt-dst.dev;
 + schedule_work(work-work);
   }
 +
   rcu_read_unlock_bh();
  }
  #else
 

-- 
吉藤英明 hideaki.yoshif...@miraclelinux.com
ミラクル・リナックス株式会社 技術本部 サポート部
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCHv2] net/ipv6: add sysctl option accept_ra_hop_limit

2015-07-27 Thread YOSHIFUJI Hideaki/ 
 CONFIG_IPV6_ROUTER_PREF
   {
   .procname   = accept_ra_rtr_pref,
 diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
 index 0a05b35..aca67da 100644
 --- a/net/ipv6/ndisc.c
 +++ b/net/ipv6/ndisc.c
 @@ -1226,13 +1226,18 @@ static void ndisc_router_discovery(struct sk_buff 
 *skb)
   if (rt)
   rt6_set_expires(rt, jiffies + (HZ * lifetime));
   if (ra_msg-icmph.icmp6_hop_limit) {
 - /* Only set hop_limit on the interface if it is higher than
 -  * the current hop_limit.
 -  */
 - if (in6_dev-cnf.hop_limit  ra_msg-icmph.icmp6_hop_limit) {
 + switch (in6_dev-cnf.accept_ra_hop_limit) {
 + case 0:
 + break;
 + case 1:
 + if (in6_dev-cnf.hop_limit  
 ra_msg-icmph.icmp6_hop_limit) {
 + ND_PRINTK(2, warn,
 +   RA: Got route advertisement with 
 lower hop_limit than current\n);
 + break;
 + }
 + default:
   in6_dev-cnf.hop_limit = ra_msg-icmph.icmp6_hop_limit;
 - } else {
 - ND_PRINTK(2, warn, RA: Got route advertisement with 
 lower hop_limit than current\n);
 + break;
   }
   if (rt)
   dst_metric_set(rt-dst, RTAX_HOPLIMIT,
 

-- 
吉藤英明 hideaki.yoshif...@miraclelinux.com
ミラクル・リナックス株式会社 技術本部 サポート部
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC PATCH v3 net-next 2/3] tcp: add in_flight to tcp_skb_cb

2015-07-23 Thread YOSHIFUJI Hideaki/ 
Hi,

Lawrence Brakmo wrote:
 Based on comments by Neal Cardwell to tcp_nv patch:
 
   AFAICT this patch would not require an increase in the size of sk_buff
   cb[] if it were to take advantage of the fact that the tcp_skb_cb
   header.h4 and header.h6 fields are only used in the packet reception
   code path, and this in_flight field is only used on the transmit
   side. So the in_flight field could be placed in a struct that is
   itself placed in a union with the header union.

Please make another patch only for this.

 
   That way the sender code can remember the in_flight value
   without requiring any extra space. And in the future other
   sender-side info could be stored in the tx struct, if needed.
 
 Signed-off-by: Lawrence Brakmo bra...@fb.com
 ---
  include/net/tcp.h | 13 ++---
  net/ipv4/tcp_input.c  |  5 -
  net/ipv4/tcp_output.c |  4 +++-
  3 files changed, 17 insertions(+), 5 deletions(-)
 
 diff --git a/include/net/tcp.h b/include/net/tcp.h
 index 1e6c5b04..b98d79a 100644
 --- a/include/net/tcp.h
 +++ b/include/net/tcp.h
 @@ -755,11 +755,17 @@ struct tcp_skb_cb {
   /* 1 byte hole */
   __u32   ack_seq;/* Sequence number ACK'd*/
   union {
 - struct inet_skb_parmh4;
 + struct {
 + /* bytes in flight when this packet was sent */
 + __u32 in_flight;
 + } tx;   /* only used for outgoing skbs */
 + union {
 + struct inet_skb_parmh4;
  #if IS_ENABLED(CONFIG_IPV6)
 - struct inet6_skb_parm   h6;
 + struct inet6_skb_parm   h6;
  #endif
 - } header;   /* For incoming frames  */
 + } header;   /* For incoming skbs */
 + };
  };
  
  #define TCP_SKB_CB(__skb)((struct tcp_skb_cb *)((__skb)-cb[0]))
 @@ -837,6 +843,7 @@ union tcp_cc_info;
  struct ack_sample {
   u32 pkts_acked;
   s32 rtt_us;
 + u32 in_flight;
  };
  
  struct tcp_congestion_ops {
 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
 index 423d3af..3ab4178 100644
 --- a/net/ipv4/tcp_input.c
 +++ b/net/ipv4/tcp_input.c
 @@ -3068,6 +3068,7 @@ static int tcp_clean_rtx_queue(struct sock *sk, int 
 prior_fackets,
   long ca_rtt_us = -1L;
   struct sk_buff *skb;
   u32 pkts_acked = 0;
 + u32 last_in_flight = 0;
   bool rtt_update;
   int flag = 0;
  
 @@ -3107,6 +3108,7 @@ static int tcp_clean_rtx_queue(struct sock *sk, int 
 prior_fackets,
   if (!first_ackt.v64)
   first_ackt = last_ackt;
  
 + last_in_flight = TCP_SKB_CB(skb)-tx.in_flight;
   reord = min(pkts_acked, reord);
   if (!after(scb-end_seq, tp-high_seq))
   flag |= FLAG_ORIG_SACK_ACKED;
 @@ -3196,7 +3198,8 @@ static int tcp_clean_rtx_queue(struct sock *sk, int 
 prior_fackets,
   }
  
   if (icsk-icsk_ca_ops-pkts_acked) {
 - struct ack_sample sample = {pkts_acked, ca_rtt_us};
 + struct ack_sample sample = {pkts_acked, ca_rtt_us,
 + last_in_flight};
  
   icsk-icsk_ca_ops-pkts_acked(sk, sample);
   }
 diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
 index 7105784..e9deab5 100644
 --- a/net/ipv4/tcp_output.c
 +++ b/net/ipv4/tcp_output.c
 @@ -920,9 +920,12 @@ static int tcp_transmit_skb(struct sock *sk, struct 
 sk_buff *skb, int clone_it,
   int err;
  
   BUG_ON(!skb || !tcp_skb_pcount(skb));
 + tp = tcp_sk(sk);
  
   if (clone_it) {
   skb_mstamp_get(skb-skb_mstamp);
 + TCP_SKB_CB(skb)-tx.in_flight = TCP_SKB_CB(skb)-end_seq
 + - tp-snd_una;
  
   if (unlikely(skb_cloned(skb)))
   skb = pskb_copy(skb, gfp_mask);
 @@ -933,7 +936,6 @@ static int tcp_transmit_skb(struct sock *sk, struct 
 sk_buff *skb, int clone_it,
   }
  
   inet = inet_sk(sk);
 - tp = tcp_sk(sk);
   tcb = TCP_SKB_CB(skb);
   memset(opts, 0, sizeof(opts));
  
 

-- 
吉藤英明 hideaki.yoshif...@miraclelinux.com
ミラクル・リナックス株式会社 技術本部 サポート部
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] ipv6: Fix finding best source address in ipv6_dev_get_saddr().

2015-07-14 Thread YOSHIFUJI Hideaki/ 
Hi,

Tom Herbert wrote:
 I am testing this patch which may be a little simpler. Also idev needs
 to be checked after __in6_dev_get

We have to select source address on *given* interface for link-local/
multicast destinations.

 
 Tom
 
 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
 index 4ab74d5..d631ac3 100644
 --- a/net/ipv6/addrconf.c
 +++ b/net/ipv6/addrconf.c
 @@ -1363,9 +1363,10 @@ static void __ipv6_dev_get_saddr(struct net *net,
  unsigned int prefs,
  const struct in6_addr *saddr,
  struct inet6_dev *idev,
 -struct ipv6_saddr_score *scores)
 +struct ipv6_saddr_score **in_score,
 +struct ipv6_saddr_score **in_hiscore)
  {
 -   struct ipv6_saddr_score *score = scores[0], *hiscore = scores[1];
 +   struct ipv6_saddr_score *score = *in_score, *hiscore = *in_hiscore;
 
 read_lock_bh(idev-lock);
 list_for_each_entry(score-ifa, idev-addr_list, if_list) {
 @@ -1434,13 +1435,16 @@ static void __ipv6_dev_get_saddr(struct net *net,
 }
  out:
 read_unlock_bh(idev-lock);
 +   *in_hiscore = hiscore;
 +   *in_score = score;
  }
 
  int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev,
const struct in6_addr *daddr, unsigned int prefs,
struct in6_addr *saddr)
  {
 -   struct ipv6_saddr_score scores[2], *hiscore = scores[1];
 +   struct ipv6_saddr_score scores[2];
 +   struct ipv6_saddr_score *score = scores[0], *hiscore = scores[1];
 struct ipv6_saddr_dst dst;
 struct inet6_dev *idev;
 struct net_device *dev;
 @@ -1475,18 +1479,19 @@ int ipv6_dev_get_saddr(struct net *net, const
 struct net_device *dst_dev,
 if ((dst_type  IPV6_ADDR_MULTICAST) ||
 dst.scope = IPV6_ADDR_SCOPE_LINKLOCAL) {
 idev = __in6_dev_get(dst_dev);
 -   use_oif_addr = true;
 +   if (idev)
 +   use_oif_addr = true;
 }
 }
 if (use_oif_addr) {
 -   __ipv6_dev_get_saddr(net, dst, prefs, saddr, idev, scores);
 +   __ipv6_dev_get_saddr(net, dst, prefs, saddr, idev,
 score, hiscore);
 } else {
 for_each_netdev_rcu(net, dev) {
 idev = __in6_dev_get(dev);
 if (!idev)
 continue;
 -   __ipv6_dev_get_saddr(net, dst, prefs, saddr,
 idev, scores);
 +   __ipv6_dev_get_saddr(net, dst, prefs, saddr,
 idev, score, hiscore);
 }
 }
 rcu_read_unlock();
 
 On Mon, Jul 13, 2015 at 7:28 AM, YOSHIFUJI Hideaki/吉藤英明
 hideaki.yoshif...@miraclelinux.com wrote:
 Commit 9131f3de2 (ipv6: Do not iterate over all interfaces when
 finding source address on specific interface.) did not properly
 update best source address available.  Plus, it introduced
 possible NULL pointer dereference.

 Bug was reported by Erik Kline e...@google.com.
 Based on patch proposed by Hajime Tazaki thehaj...@gmail.com.

 Fixes: 9131f3de24db4dc12199aede7d931e6703e97f3b (ipv6: Do not
 iterate over all interfaces when finding source address
 on specific interface.)
 Signed-off-by: YOSHIFUJI Hideaki hideaki.yoshif...@miraclelinux.com
 ---
  net/ipv6/addrconf.c | 30 ++
  1 file changed, 18 insertions(+), 12 deletions(-)

 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
 index 4ab74d5..4c9a024 100644
 --- a/net/ipv6/addrconf.c
 +++ b/net/ipv6/addrconf.c
 @@ -1358,14 +1358,15 @@ out:
 return ret;
  }

 -static void __ipv6_dev_get_saddr(struct net *net,
 -struct ipv6_saddr_dst *dst,
 -unsigned int prefs,
 -const struct in6_addr *saddr,
 -struct inet6_dev *idev,
 -struct ipv6_saddr_score *scores)
 +static int __ipv6_dev_get_saddr(struct net *net,
 +   struct ipv6_saddr_dst *dst,
 +   unsigned int prefs,
 +   const struct in6_addr *saddr,
 +   struct inet6_dev *idev,
 +   struct ipv6_saddr_score *scores,
 +   int hiscore_idx)
  {
 -   struct ipv6_saddr_score *score = scores[0], *hiscore = scores[1];
 +   struct ipv6_saddr_score *score = scores[1 - hiscore_idx], *hiscore 
 = scores[hiscore_idx];

 read_lock_bh(idev-lock);
 list_for_each_entry(score-ifa, idev-addr_list, if_list) {
 @@ -1424,6 +1425,7 @@ static void __ipv6_dev_get_saddr(struct net *net,
 in6_ifa_hold(score

[PATCH] ipv6: Fix finding best source address in ipv6_dev_get_saddr().

2015-07-13 Thread YOSHIFUJI Hideaki/ 
Commit 9131f3de2 (ipv6: Do not iterate over all interfaces when
finding source address on specific interface.) did not properly
update best source address available.  Plus, it introduced
possible NULL pointer dereference.

Bug was reported by Erik Kline e...@google.com.
Based on patch proposed by Hajime Tazaki thehaj...@gmail.com.

Fixes: 9131f3de24db4dc12199aede7d931e6703e97f3b (ipv6: Do not
iterate over all interfaces when finding source address
on specific interface.)
Signed-off-by: YOSHIFUJI Hideaki hideaki.yoshif...@miraclelinux.com
---
 net/ipv6/addrconf.c | 30 ++
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 4ab74d5..4c9a024 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1358,14 +1358,15 @@ out:
return ret;
 }
 
-static void __ipv6_dev_get_saddr(struct net *net,
-struct ipv6_saddr_dst *dst,
-unsigned int prefs,
-const struct in6_addr *saddr,
-struct inet6_dev *idev,
-struct ipv6_saddr_score *scores)
+static int __ipv6_dev_get_saddr(struct net *net,
+   struct ipv6_saddr_dst *dst,
+   unsigned int prefs,
+   const struct in6_addr *saddr,
+   struct inet6_dev *idev,
+   struct ipv6_saddr_score *scores,
+   int hiscore_idx)
 {
-   struct ipv6_saddr_score *score = scores[0], *hiscore = scores[1];
+   struct ipv6_saddr_score *score = scores[1 - hiscore_idx], *hiscore = 
scores[hiscore_idx];
 
read_lock_bh(idev-lock);
list_for_each_entry(score-ifa, idev-addr_list, if_list) {
@@ -1424,6 +1425,7 @@ static void __ipv6_dev_get_saddr(struct net *net,
in6_ifa_hold(score-ifa);
 
swap(hiscore, score);
+   hiscore_idx = 1 - hiscore_idx;
 
/* restore our iterator */
score-ifa = hiscore-ifa;
@@ -1434,18 +1436,20 @@ static void __ipv6_dev_get_saddr(struct net *net,
}
 out:
read_unlock_bh(idev-lock);
+   return hiscore_idx;
 }
 
 int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev,
   const struct in6_addr *daddr, unsigned int prefs,
   struct in6_addr *saddr)
 {
-   struct ipv6_saddr_score scores[2], *hiscore = scores[1];
+   struct ipv6_saddr_score scores[2], *hiscore;
struct ipv6_saddr_dst dst;
struct inet6_dev *idev;
struct net_device *dev;
int dst_type;
bool use_oif_addr = false;
+   int hiscore_idx = 0;
 
dst_type = __ipv6_addr_type(daddr);
dst.addr = daddr;
@@ -1454,8 +1458,8 @@ int ipv6_dev_get_saddr(struct net *net, const struct 
net_device *dst_dev,
dst.label = ipv6_addr_label(net, daddr, dst_type, dst.ifindex);
dst.prefs = prefs;
 
-   hiscore-rule = -1;
-   hiscore-ifa = NULL;
+   scores[hiscore_idx].rule = -1;
+   scores[hiscore_idx].ifa = NULL;
 
rcu_read_lock();
 
@@ -1480,17 +1484,19 @@ int ipv6_dev_get_saddr(struct net *net, const struct 
net_device *dst_dev,
}
 
if (use_oif_addr) {
-   __ipv6_dev_get_saddr(net, dst, prefs, saddr, idev, scores);
+   if (idev)
+   hiscore_idx = __ipv6_dev_get_saddr(net, dst, prefs, 
saddr, idev, scores, hiscore_idx);
} else {
for_each_netdev_rcu(net, dev) {
idev = __in6_dev_get(dev);
if (!idev)
continue;
-   __ipv6_dev_get_saddr(net, dst, prefs, saddr, idev, 
scores);
+   hiscore_idx = __ipv6_dev_get_saddr(net, dst, prefs, 
saddr, idev, scores, hiscore_idx);
}
}
rcu_read_unlock();
 
+   hiscore = scores[hiscore_idx];
if (!hiscore-ifa)
return -EADDRNOTAVAIL;
 
-- 
1.9.1

--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH net-next] ipv6: Do not iterate over all interfaces when finding source address on specific interface.

2015-07-10 Thread YOSHIFUJI Hideaki/ 
If outgoing interface is specified and the candidate addresses
are restricted to the outgoing interface, it is enough to iterate
over that given interface only.

Signed-off-by: YOSHIFUJI Hideaki hideaki.yoshif...@miraclelinux.com
---
 net/ipv6/addrconf.c | 201 +---
 1 file changed, 111 insertions(+), 90 deletions(-)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 21c2c81..b4c82d8 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1358,15 +1358,94 @@ out:
return ret;
 }
 
+static void __ipv6_dev_get_saddr(struct net *net,
+struct ipv6_saddr_dst *dst,
+unsigned int prefs,
+const struct in6_addr *saddr,
+struct inet6_dev *idev,
+struct ipv6_saddr_score *scores)
+{
+   struct ipv6_saddr_score *score = scores[0], *hiscore = scores[1];
+
+   read_lock_bh(idev-lock);
+   list_for_each_entry(score-ifa, idev-addr_list, if_list) {
+   int i;
+
+   /*
+* - Tentative Address (RFC2462 section 5.4)
+*  - A tentative address is not considered
+*assigned to an interface in the traditional
+*sense, unless it is also flagged as optimistic.
+* - Candidate Source Address (section 4)
+*  - In any case, anycast addresses, multicast
+*addresses, and the unspecified address MUST
+*NOT be included in a candidate set.
+*/
+   if ((score-ifa-flags  IFA_F_TENTATIVE) 
+   (!(score-ifa-flags  IFA_F_OPTIMISTIC)))
+   continue;
+
+   score-addr_type = __ipv6_addr_type(score-ifa-addr);
+
+   if (unlikely(score-addr_type == IPV6_ADDR_ANY ||
+score-addr_type  IPV6_ADDR_MULTICAST)) {
+   net_dbg_ratelimited(ADDRCONF: unspecified / multicast 
address assigned as unicast address on %s,
+   idev-dev-name);
+   continue;
+   }
+
+   score-rule = -1;
+   bitmap_zero(score-scorebits, IPV6_SADDR_RULE_MAX);
+
+   for (i = 0; i  IPV6_SADDR_RULE_MAX; i++) {
+   int minihiscore, miniscore;
+
+   minihiscore = ipv6_get_saddr_eval(net, hiscore, dst, i);
+   miniscore = ipv6_get_saddr_eval(net, score, dst, i);
+
+   if (minihiscore  miniscore) {
+   if (i == IPV6_SADDR_RULE_SCOPE 
+   score-scopedist  0) {
+   /*
+* special case:
+* each remaining entry
+* has too small (not enough)
+* scope, because ifa entries
+* are sorted by their scope
+* values.
+*/
+   goto out;
+   }
+   break;
+   } else if (minihiscore  miniscore) {
+   if (hiscore-ifa)
+   in6_ifa_put(hiscore-ifa);
+
+   in6_ifa_hold(score-ifa);
+
+   swap(hiscore, score);
+
+   /* restore our iterator */
+   score-ifa = hiscore-ifa;
+
+   break;
+   }
+   }
+   }
+out:
+   read_unlock_bh(idev-lock);
+}
+
 int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev,
   const struct in6_addr *daddr, unsigned int prefs,
   struct in6_addr *saddr)
 {
-   struct ipv6_saddr_score scores[2],
-   *score = scores[0], *hiscore = scores[1];
+   struct ipv6_saddr_score scores[2], *hiscore = scores[1];
struct ipv6_saddr_dst dst;
+   struct inet6_dev *idev;
struct net_device *dev;
int dst_type;
+   bool use_oif_addr = false;
 
dst_type = __ipv6_addr_type(daddr);
dst.addr = daddr;
@@ -1380,97 +1459,39 @@ int ipv6_dev_get_saddr(struct net *net, const struct 
net_device *dst_dev,
 
rcu_read_lock();
 
-   for_each_netdev_rcu(net, dev) {
-   struct inet6_dev *idev;
-
-   /* Candidate Source Address (section 4)
-*  - multicast and link-local destination address,
-*the set of candidate source address MUST only
-*include addresses assigned

[PATCH net-next v2] ipv6: Do not iterate over all interfaces when finding source address on specific interface.

2015-07-10 Thread YOSHIFUJI Hideaki/ 
If outgoing interface is specified and the candidate address is
restricted to the outgoing interface, it is enough to iterate
over that given interface only.

Signed-off-by: YOSHIFUJI Hideaki hideaki.yoshif...@miraclelinux.com
Acked-by: Erik Kline e...@google.com
---
 net/ipv6/addrconf.c | 197 
 1 file changed, 107 insertions(+), 90 deletions(-)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 21c2c81..4ab74d5 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1358,15 +1358,94 @@ out:
return ret;
 }
 
+static void __ipv6_dev_get_saddr(struct net *net,
+struct ipv6_saddr_dst *dst,
+unsigned int prefs,
+const struct in6_addr *saddr,
+struct inet6_dev *idev,
+struct ipv6_saddr_score *scores)
+{
+   struct ipv6_saddr_score *score = scores[0], *hiscore = scores[1];
+
+   read_lock_bh(idev-lock);
+   list_for_each_entry(score-ifa, idev-addr_list, if_list) {
+   int i;
+
+   /*
+* - Tentative Address (RFC2462 section 5.4)
+*  - A tentative address is not considered
+*assigned to an interface in the traditional
+*sense, unless it is also flagged as optimistic.
+* - Candidate Source Address (section 4)
+*  - In any case, anycast addresses, multicast
+*addresses, and the unspecified address MUST
+*NOT be included in a candidate set.
+*/
+   if ((score-ifa-flags  IFA_F_TENTATIVE) 
+   (!(score-ifa-flags  IFA_F_OPTIMISTIC)))
+   continue;
+
+   score-addr_type = __ipv6_addr_type(score-ifa-addr);
+
+   if (unlikely(score-addr_type == IPV6_ADDR_ANY ||
+score-addr_type  IPV6_ADDR_MULTICAST)) {
+   net_dbg_ratelimited(ADDRCONF: unspecified / multicast 
address assigned as unicast address on %s,
+   idev-dev-name);
+   continue;
+   }
+
+   score-rule = -1;
+   bitmap_zero(score-scorebits, IPV6_SADDR_RULE_MAX);
+
+   for (i = 0; i  IPV6_SADDR_RULE_MAX; i++) {
+   int minihiscore, miniscore;
+
+   minihiscore = ipv6_get_saddr_eval(net, hiscore, dst, i);
+   miniscore = ipv6_get_saddr_eval(net, score, dst, i);
+
+   if (minihiscore  miniscore) {
+   if (i == IPV6_SADDR_RULE_SCOPE 
+   score-scopedist  0) {
+   /*
+* special case:
+* each remaining entry
+* has too small (not enough)
+* scope, because ifa entries
+* are sorted by their scope
+* values.
+*/
+   goto out;
+   }
+   break;
+   } else if (minihiscore  miniscore) {
+   if (hiscore-ifa)
+   in6_ifa_put(hiscore-ifa);
+
+   in6_ifa_hold(score-ifa);
+
+   swap(hiscore, score);
+
+   /* restore our iterator */
+   score-ifa = hiscore-ifa;
+
+   break;
+   }
+   }
+   }
+out:
+   read_unlock_bh(idev-lock);
+}
+
 int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev,
   const struct in6_addr *daddr, unsigned int prefs,
   struct in6_addr *saddr)
 {
-   struct ipv6_saddr_score scores[2],
-   *score = scores[0], *hiscore = scores[1];
+   struct ipv6_saddr_score scores[2], *hiscore = scores[1];
struct ipv6_saddr_dst dst;
+   struct inet6_dev *idev;
struct net_device *dev;
int dst_type;
+   bool use_oif_addr = false;
 
dst_type = __ipv6_addr_type(daddr);
dst.addr = daddr;
@@ -1380,97 +1459,35 @@ int ipv6_dev_get_saddr(struct net *net, const struct 
net_device *dst_dev,
 
rcu_read_lock();
 
-   for_each_netdev_rcu(net, dev) {
-   struct inet6_dev *idev;
-
-   /* Candidate Source Address (section 4)
-*  - multicast and link-local destination address,
-*the set of candidate source address MUST only
-

Re: [PATCH] ipv6: Fixed source specific default route handling.

2015-06-22 Thread YOSHIFUJI Hideaki/ 
Matthias Schiffer wrote:
 On 06/22/2015 07:58 AM, Steven Barth wrote:
 On 22.06.2015 00:35, Matthias Schiffer wrote:
 Could you explain in detail what you mean with If you want specific SA,
 add same route with higher metric and/or (more) specific src match.?
 Routes aren't bound to specific addresses except via the src attribute
 (which is called prefsrc in the kernel), which is exactly what it not
 working. I can't control the chosen source address at all when
 source-specific routes are involved.
 Except that prefsrc and src are two different beasts and usually ip route 
 from transates to
 RTA_SRC instead of RTA_PREFSOURCE when used with a prefix length.

 Try adding two routes to the same destination with the same metric but 
 different source values with PREFSRC (e.g. IPv4) and then
 try doing the same with SRC (e.g. IPv6). The former will fail but the latter 
 will succeed.
 
 Ah sorry, I didn't know that src and prefsrc were distinct concepts.
 I meant to refer to src whenever I wrote prefsrc. What are the
 precise semantics of the src attribute? Any RFC I can read, or is this
 a Linux-specific concept?
 

src is long-lived feature which is usually used with mutiple routing
tables by ip rule.

--yoshfuji



 https://tools.ietf.org/html/draft-troan-homenet-sadr-01
 was the original draft for source-address dependent routing IIRC so might be 
 a good read.
 
 Thanks for the link, that helps a bit.
 



 Even though the source-specific route has a higher metric than the
 generic one, the source-specific one shadows the generic route.

 (was a bit ago since I read into this so please correct me if I am wrong)
 IIRC this is intentional since longest-prefix-match beats metric here
 and the source-address match counts to being more-specific here. See also 
 above difference between PREFSRC and SRC.
 
 Ah, that would explain the metric issue. I looks like the source of my
 confusion is that for source-specific routes *all* addresses are in the
 candidate set, not only the addresses of the outgoing interface (which
 makes sense as ip6_route_get_saddr() is called with a NULL rt6_info in
 the source-specific case).
 
 I'm not sure if this can be fixed in a sane way (as there seems to be a
 dependency cycle: source address should depend on outgoing interface,
 which depends on the chosen route, which depends on the source address),
 but it leads to highly unintuitive source address selection :(
 
 Markus suggested in the commit message not to call ip6_route_output at
 all before the source address has been selected. Wouldn't this make it
 impossible to choose the source address depending on the outgoing
 interface in the non-source-specific case as well?
 
 Cheers,

 Steven
 
 Thanks for the explanation,
 Matthias
 

-- 
吉藤英明 hideaki.yoshif...@miraclelinux.com
ミラクル・リナックス株式会社 技術本部 サポート部
--
To unsubscribe from this list: send the line unsubscribe netdev in

Re: [PATCH] neighbour: Convert if statment in the function, neigh_add_timer to a WARN_ON

2015-06-01 Thread YOSHIFUJI Hideaki/ 
Nicholas Krause wrote:
 This converts the if statement for dumping the stack into a
 WARN_ON in order to make this function's debugging check
 simpler and have a cleaner output when this condition
 occurs inside this function for when bugs related to
 adding a duplicate neighbour table timer arise.
 
 Signed-off-by: Nicholas Krause xerofo...@gmail.com
 ---
  net/core/neighbour.c | 6 +-
  1 file changed, 1 insertion(+), 5 deletions(-)
 
 diff --git a/net/core/neighbour.c b/net/core/neighbour.c
 index 3de6542..0bf71da 100644
 --- a/net/core/neighbour.c
 +++ b/net/core/neighbour.c
 @@ -165,11 +165,7 @@ static int neigh_forced_gc(struct neigh_table *tbl)
  static void neigh_add_timer(struct neighbour *n, unsigned long when)
  {
   neigh_hold(n);
 - if (unlikely(mod_timer(n-timer, when))) {
 - printk(NEIGH: BUG, double timer add, state is %x\n,
 -n-nud_state);
 - dump_stack();
 - }
 + WARN_ON(unlikely(mod_timer(n-timer, when)));
  }

NACK, please do not use WARN_ON for things with side effects.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][KEY] fix bug in spdadd

2008-02-14 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Thu, 14 Feb 2008 20:55:40 +0900), Kazunori 
MIYAZAWA [EMAIL PROTECTED] says:

 This patch fix a BUG when adding spds which have
 same selector.
 
 Signed-off-by: Kazunori MIYAZAWA [EMAIL PROTECTED]

I think we need to fix xfrm_user side as well.

---
[PATCH] [XFRM]: Avoid bogus BUG() when throwing new policy away.

When we destory a new policy entry, we need to tell
xfrm_policy_destroy() explicitly that the entry is not
alive yet.

--- 
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 7833807..f971ca5 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1105,6 +1105,7 @@ static struct xfrm_policy *xfrm_policy_construct(struct 
xfrm_userpolicy_info *p,
return xp;
  error:
*errp = err;
+   xp-dead = 1;
xfrm_policy_destroy(xp);
return NULL;
 }

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[RFC PATCH] [XFRM]: Fix ordering issue in xfrm_dst_hash_transfer().

2008-02-14 Thread YOSHIFUJI Hideaki / 
Keep ordering of policy entries with same selector in xfrm_dst_hash_transfer().

Issue should not appear in usual cases because multiple policy entries with
same selector are basically not allowed so far.
Bug was pointed out by Sebastien Decugis [EMAIL PROTECTED].

We could convert bydst from hlist to list and use list_add_tail() instead.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]


diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 47219f9..9fc4c31 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -331,15 +331,31 @@ static void xfrm_dst_hash_transfer(struct hlist_head 
*list,
   struct hlist_head *ndsttable,
   unsigned int nhashmask)
 {
-   struct hlist_node *entry, *tmp;
+   struct hlist_node *entry, *tmp, *entry0 = NULL;
struct xfrm_policy *pol;
+   unsigned int h0 = 0;
 
+redo:
hlist_for_each_entry_safe(pol, entry, tmp, list, bydst) {
unsigned int h;
 
h = __addr_hash(pol-selector.daddr, pol-selector.saddr,
pol-family, nhashmask);
-   hlist_add_head(pol-bydst, ndsttable+h);
+   if (!entry0) {
+   hlist_del(entry);
+   hlist_add_head(pol-bydst, ndsttable+h);
+   h0 = h;
+   } else {
+   if (h != h0)
+   continue;
+   hlist_del(entry);
+   hlist_add_after(entry0, pol-bydst);
+   }
+   entry0 = entry;
+   }
+   if (!hlist_empty(list)) {
+   entry0 = NULL;
+   goto redo;
}
 }
 

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCh TAKE 2] [IPROUTE2] Add addrlabel sub-command.

2008-02-13 Thread YOSHIFUJI Hideaki / 
Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
diff --git a/ip/Makefile b/ip/Makefile
index b427d58..d908817 100644
--- a/ip/Makefile
+++ b/ip/Makefile
@@ -1,4 +1,4 @@
-IPOBJ=ip.o ipaddress.o iproute.o iprule.o \
+IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o \
 rtm_map.o iptunnel.o ip6tunnel.o tunnel.o ipneigh.o ipntable.o iplink.o \
 ipmaddr.o ipmonitor.o ipmroute.o ipprefix.o \
 ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o \
diff --git a/ip/ip.c b/ip/ip.c
index aeb8c68..c4c773f 100644
--- a/ip/ip.c
+++ b/ip/ip.c
@@ -46,8 +46,8 @@ static void usage(void)
fprintf(stderr,
 Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }\n
ip [ -force ] [-batch filename\n
-where  OBJECT := { link | addr | route | rule | neigh | ntable | tunnel |\n
-   maddr | mroute | monitor | xfrm }\n
+where  OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable 
|\n
+   tunnel | maddr | mroute | monitor | xfrm }\n
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n
 -f[amily] { inet | inet6 | ipx | dnet | link } |\n
 -o[neline] | -t[imestamp] }\n);
@@ -64,6 +64,7 @@ static const struct cmd {
int (*func)(int argc, char **argv);
 } cmds[] = {
{ address,do_ipaddr },
+   { addrlabel,  do_ipaddrlabel },
{ maddress,   do_multiaddr },
{ route,  do_iproute },
{ rule,   do_iprule },
diff --git a/ip/ip_common.h b/ip/ip_common.h
index 39f2507..1bbd50d 100644
--- a/ip/ip_common.h
+++ b/ip/ip_common.h
@@ -4,6 +4,9 @@ extern int print_linkinfo(const struct sockaddr_nl *who,
 extern int print_addrinfo(const struct sockaddr_nl *who,
  struct nlmsghdr *n,
  void *arg);
+extern int print_addrlabelinfo(const struct sockaddr_nl *who,
+  struct nlmsghdr *n,
+  void *arg);
 extern int print_neigh(const struct sockaddr_nl *who,
   struct nlmsghdr *n, void *arg);
 extern int print_ntable(const struct sockaddr_nl *who,
@@ -23,6 +26,7 @@ extern int print_prefix(const struct sockaddr_nl *who,
 extern int print_rule(const struct sockaddr_nl *who,
  struct nlmsghdr *n, void *arg);
 extern int do_ipaddr(int argc, char **argv);
+extern int do_ipaddrlabel(int argc, char **argv);
 extern int do_iproute(int argc, char **argv);
 extern int do_iprule(int argc, char **argv);
 extern int do_ipneigh(int argc, char **argv);
diff --git a/ip/ipaddrlabel.c b/ip/ipaddrlabel.c
new file mode 100644
index 000..1c873e9
--- /dev/null
+++ b/ip/ipaddrlabel.c
@@ -0,0 +1,260 @@
+/*
+ * ipaddrlabel.c   ip addrlabel
+ *
+ * Copyright (C)2007 USAGI/WIDE Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ *
+ * Based on iprule.c.
+ *
+ * Authors:YOSHIFUJI Hideaki [EMAIL PROTECTED]
+ *
+ */
+
+#include stdio.h
+#include stdlib.h
+#include unistd.h
+#include syslog.h
+#include fcntl.h
+#include sys/socket.h
+#include netinet/in.h
+#include netinet/ip.h
+#include arpa/inet.h
+#include string.h
+#include linux/types.h
+#include linux/if_addrlabel.h
+
+#include rt_names.h
+#include utils.h
+#include ip_common.h
+
+#define IFAL_RTA(r)((struct rtattr*)(((char*)(r)) + 
NLMSG_ALIGN(sizeof(struct ifaddrlblmsg
+#define IFAL_PAYLOAD(n)NLMSG_PAYLOAD(n,sizeof(struct ifaddrlblmsg))
+
+extern struct rtnl_handle rth;
+
+static void usage(void) __attribute__((noreturn));
+
+static void usage(void)
+{
+   fprintf(stderr, Usage: ip addrlabel [ list | add | del | flush ] 
prefix PREFIX [ dev DEV ] [ label LABEL ]\n);
+   exit(-1);
+}
+
+int print_addrlabel(const struct sockaddr_nl *who, struct nlmsghdr *n, void 
*arg)
+{
+   FILE *fp = (FILE*)arg;
+   struct ifaddrlblmsg *ifal = NLMSG_DATA(n);
+   int len = n-nlmsg_len;
+   int host_len = -1;
+   struct rtattr *tb[IFAL_MAX+1];
+   char abuf[256];
+
+   if (n-nlmsg_type != RTM_NEWADDRLABEL  n-nlmsg_type != 
RTM_DELADDRLABEL)
+   return 0;
+
+   len -= NLMSG_LENGTH(sizeof(*ifal));
+   if (len  0)
+   return -1;
+
+   parse_rtattr(tb, IFAL_MAX, IFAL_RTA(ifal), len);
+
+   if (ifal-ifal_family == AF_INET)
+   host_len

Re: [PATCH] Add IPv6 support to TCP SYN cookies

2008-02-12 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Thu, 07 Feb 2008 10:40:19 +0100), Eric 
Dumazet [EMAIL PROTECTED] says:

 [NET] IPV4: lower stack usage in cookie_hash() function
 
 400 bytes allocated on stack might be a litle bit too much. Using a 
 per_cpu var is more friendly.
 
 Signed-off-by: Eric Dumazet [EMAIL PROTECTED]

Applied to my inet6-2.6.26 tree.  Thanks.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] Add IPv6 support to TCP SYN cookies

2008-02-11 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Thu,  7 Feb 2008 21:49:26 -0800), Glenn 
Griffin [EMAIL PROTECTED] says:

 Updated to incorporate Eric's suggestion of using a per cpu buffer
 rather than allocating on the stack.  Just a two line change, but will
 resend in it's entirety.
 
 Signed-off-by: Glenn Griffin [EMAIL PROTECTED]

Applied in my linux-2.6-dev tree.  Thanks.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 14/14] replace __inline__ by inline in include/linux (net related)

2008-02-06 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Wed, 06 Feb 2008 10:14:19 +0100), Daniel 
Lezcano [EMAIL PROTECTED] says:

 replace __inline__ by inline in include/linux (net related)
 
 Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]
 ---
  include/linux/atm.h|4 ++--
  include/linux/atmsap.h |2 +-
  include/linux/hdlc.h   |   13 +++--
  include/linux/inetdevice.h |   14 ++
  include/linux/netlink.h|5 +++--
  include/linux/rtnetlink.h  |2 +-
  6 files changed, 20 insertions(+), 20 deletions(-)

Please do this change within the #ifdef __KERNEL__ .. #endif only.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 6/6][NETNS]: Udp sockets per-net lookup.

2008-01-31 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Thu, 31 Jan 2008 15:41:58 +0300), Pavel 
Emelyanov [EMAIL PROTECTED] says:

 Add the net parameter to udp_get_port family of calls and 
 udp_lookup one and use it to filter sockets.

I may miss something, but I'm afraid that I have to disagree.
Port is identified only by family, address, protocol and port,
and should not be split by name space.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 6/6][NETNS]: Udp sockets per-net lookup.

2008-01-31 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Thu, 31 Jan 2008 05:20:07 -0800 (PST)), 
David Miller [EMAIL PROTECTED] says:

 The networking devices are even per-namespace already,
 so you can even say that each namespace is even
 physically different.

Ah, okay, we are splitting weak domains...

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] Add addrlabel subsystem.

2008-01-31 Thread YOSHIFUJI Hideaki / 
Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 include/linux/if_addrlabel.h |   32 +
 ip/Makefile  |2 +-
 ip/ip.c  |5 +-
 ip/ip_common.h   |4 +
 ip/ipaddrlabel.c |  260 ++
 ip/ipmonitor.c   |4 +
 6 files changed, 304 insertions(+), 3 deletions(-)

diff --git a/include/linux/if_addrlabel.h b/include/linux/if_addrlabel.h
new file mode 100644
index 000..9fe79c9
--- /dev/null
+++ b/include/linux/if_addrlabel.h
@@ -0,0 +1,32 @@
+/*
+ * if_addrlabel.h - netlink interface for address labels
+ *
+ * Copyright (C)2007 USAGI/WIDE Project,  All Rights Reserved.
+ *
+ * Authors:
+ * YOSHIFUJI Hideaki @ USAGI/WIDE [EMAIL PROTECTED]
+ */
+
+#ifndef __LINUX_IF_ADDRLABEL_H
+#define __LINUX_IF_ADDRLABEL_H
+
+struct ifaddrlblmsg
+{
+   __u8ifal_family;/* Address family */
+   __u8__ifal_reserved;/* Reserved */
+   __u8ifal_prefixlen; /* Prefix length */
+   __u8ifal_flags; /* Flags */
+   __u32   ifal_index; /* Link index */
+   __u32   ifal_seq;   /* sequence number */
+};
+
+enum
+{
+   IFAL_ADDRESS = 1,
+   IFAL_LABEL = 2,
+   __IFAL_MAX
+};
+
+#define IFAL_MAX   (__IFAL_MAX - 1)
+
+#endif
diff --git a/ip/Makefile b/ip/Makefile
index b427d58..d908817 100644
--- a/ip/Makefile
+++ b/ip/Makefile
@@ -1,4 +1,4 @@
-IPOBJ=ip.o ipaddress.o iproute.o iprule.o \
+IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o \
 rtm_map.o iptunnel.o ip6tunnel.o tunnel.o ipneigh.o ipntable.o iplink.o \
 ipmaddr.o ipmonitor.o ipmroute.o ipprefix.o \
 ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o \
diff --git a/ip/ip.c b/ip/ip.c
index aeb8c68..c4c773f 100644
--- a/ip/ip.c
+++ b/ip/ip.c
@@ -46,8 +46,8 @@ static void usage(void)
fprintf(stderr,
 Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }\n
ip [ -force ] [-batch filename\n
-where  OBJECT := { link | addr | route | rule | neigh | ntable | tunnel |\n
-   maddr | mroute | monitor | xfrm }\n
+where  OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable 
|\n
+   tunnel | maddr | mroute | monitor | xfrm }\n
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n
 -f[amily] { inet | inet6 | ipx | dnet | link } |\n
 -o[neline] | -t[imestamp] }\n);
@@ -64,6 +64,7 @@ static const struct cmd {
int (*func)(int argc, char **argv);
 } cmds[] = {
{ address,do_ipaddr },
+   { addrlabel,  do_ipaddrlabel },
{ maddress,   do_multiaddr },
{ route,  do_iproute },
{ rule,   do_iprule },
diff --git a/ip/ip_common.h b/ip/ip_common.h
index 39f2507..1bbd50d 100644
--- a/ip/ip_common.h
+++ b/ip/ip_common.h
@@ -4,6 +4,9 @@ extern int print_linkinfo(const struct sockaddr_nl *who,
 extern int print_addrinfo(const struct sockaddr_nl *who,
  struct nlmsghdr *n,
  void *arg);
+extern int print_addrlabelinfo(const struct sockaddr_nl *who,
+  struct nlmsghdr *n,
+  void *arg);
 extern int print_neigh(const struct sockaddr_nl *who,
   struct nlmsghdr *n, void *arg);
 extern int print_ntable(const struct sockaddr_nl *who,
@@ -23,6 +26,7 @@ extern int print_prefix(const struct sockaddr_nl *who,
 extern int print_rule(const struct sockaddr_nl *who,
  struct nlmsghdr *n, void *arg);
 extern int do_ipaddr(int argc, char **argv);
+extern int do_ipaddrlabel(int argc, char **argv);
 extern int do_iproute(int argc, char **argv);
 extern int do_iprule(int argc, char **argv);
 extern int do_ipneigh(int argc, char **argv);
diff --git a/ip/ipaddrlabel.c b/ip/ipaddrlabel.c
new file mode 100644
index 000..1c873e9
--- /dev/null
+++ b/ip/ipaddrlabel.c
@@ -0,0 +1,260 @@
+/*
+ * ipaddrlabel.c   ip addrlabel
+ *
+ * Copyright (C)2007 USAGI/WIDE Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ *
+ * Based on iprule.c.
+ *
+ * Authors:YOSHIFUJI Hideaki [EMAIL PROTECTED]
+ *
+ */
+
+#include stdio.h

[PATCH] IPROUTE2: Add addrlabel subsystem.

2008-01-31 Thread YOSHIFUJI Hideaki / 
Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 include/linux/if_addrlabel.h |   32 +
 ip/Makefile  |2 +-
 ip/ip.c  |5 +-
 ip/ip_common.h   |4 +
 ip/ipaddrlabel.c |  260 ++
 ip/ipmonitor.c   |4 +
 6 files changed, 304 insertions(+), 3 deletions(-)

diff --git a/include/linux/if_addrlabel.h b/include/linux/if_addrlabel.h
new file mode 100644
index 000..9fe79c9
--- /dev/null
+++ b/include/linux/if_addrlabel.h
@@ -0,0 +1,32 @@
+/*
+ * if_addrlabel.h - netlink interface for address labels
+ *
+ * Copyright (C)2007 USAGI/WIDE Project,  All Rights Reserved.
+ *
+ * Authors:
+ * YOSHIFUJI Hideaki @ USAGI/WIDE [EMAIL PROTECTED]
+ */
+
+#ifndef __LINUX_IF_ADDRLABEL_H
+#define __LINUX_IF_ADDRLABEL_H
+
+struct ifaddrlblmsg
+{
+   __u8ifal_family;/* Address family */
+   __u8__ifal_reserved;/* Reserved */
+   __u8ifal_prefixlen; /* Prefix length */
+   __u8ifal_flags; /* Flags */
+   __u32   ifal_index; /* Link index */
+   __u32   ifal_seq;   /* sequence number */
+};
+
+enum
+{
+   IFAL_ADDRESS = 1,
+   IFAL_LABEL = 2,
+   __IFAL_MAX
+};
+
+#define IFAL_MAX   (__IFAL_MAX - 1)
+
+#endif
diff --git a/ip/Makefile b/ip/Makefile
index b427d58..d908817 100644
--- a/ip/Makefile
+++ b/ip/Makefile
@@ -1,4 +1,4 @@
-IPOBJ=ip.o ipaddress.o iproute.o iprule.o \
+IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o \
 rtm_map.o iptunnel.o ip6tunnel.o tunnel.o ipneigh.o ipntable.o iplink.o \
 ipmaddr.o ipmonitor.o ipmroute.o ipprefix.o \
 ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o \
diff --git a/ip/ip.c b/ip/ip.c
index aeb8c68..c4c773f 100644
--- a/ip/ip.c
+++ b/ip/ip.c
@@ -46,8 +46,8 @@ static void usage(void)
fprintf(stderr,
 Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }\n
ip [ -force ] [-batch filename\n
-where  OBJECT := { link | addr | route | rule | neigh | ntable | tunnel |\n
-   maddr | mroute | monitor | xfrm }\n
+where  OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable 
|\n
+   tunnel | maddr | mroute | monitor | xfrm }\n
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n
 -f[amily] { inet | inet6 | ipx | dnet | link } |\n
 -o[neline] | -t[imestamp] }\n);
@@ -64,6 +64,7 @@ static const struct cmd {
int (*func)(int argc, char **argv);
 } cmds[] = {
{ address,do_ipaddr },
+   { addrlabel,  do_ipaddrlabel },
{ maddress,   do_multiaddr },
{ route,  do_iproute },
{ rule,   do_iprule },
diff --git a/ip/ip_common.h b/ip/ip_common.h
index 39f2507..1bbd50d 100644
--- a/ip/ip_common.h
+++ b/ip/ip_common.h
@@ -4,6 +4,9 @@ extern int print_linkinfo(const struct sockaddr_nl *who,
 extern int print_addrinfo(const struct sockaddr_nl *who,
  struct nlmsghdr *n,
  void *arg);
+extern int print_addrlabelinfo(const struct sockaddr_nl *who,
+  struct nlmsghdr *n,
+  void *arg);
 extern int print_neigh(const struct sockaddr_nl *who,
   struct nlmsghdr *n, void *arg);
 extern int print_ntable(const struct sockaddr_nl *who,
@@ -23,6 +26,7 @@ extern int print_prefix(const struct sockaddr_nl *who,
 extern int print_rule(const struct sockaddr_nl *who,
  struct nlmsghdr *n, void *arg);
 extern int do_ipaddr(int argc, char **argv);
+extern int do_ipaddrlabel(int argc, char **argv);
 extern int do_iproute(int argc, char **argv);
 extern int do_iprule(int argc, char **argv);
 extern int do_ipneigh(int argc, char **argv);
diff --git a/ip/ipaddrlabel.c b/ip/ipaddrlabel.c
new file mode 100644
index 000..1c873e9
--- /dev/null
+++ b/ip/ipaddrlabel.c
@@ -0,0 +1,260 @@
+/*
+ * ipaddrlabel.c   ip addrlabel
+ *
+ * Copyright (C)2007 USAGI/WIDE Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ *
+ * Based on iprule.c.
+ *
+ * Authors:YOSHIFUJI Hideaki [EMAIL PROTECTED]
+ *
+ */
+
+#include stdio.h

Re: [PATCH] Add addrlabel subsystem.

2008-01-31 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Fri, 01 Feb 2008 06:56:10 +1100 (EST)), 
YOSHIFUJI Hideaki / 吉藤英明 [EMAIL PROTECTED] says:

 Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
 ---
  include/linux/if_addrlabel.h |   32 +
  ip/Makefile  |2 +-
  ip/ip.c  |5 +-
  ip/ip_common.h   |4 +
  ip/ipaddrlabel.c |  260 
 ++
  ip/ipmonitor.c   |4 +
  6 files changed, 304 insertions(+), 3 deletions(-)

Sorry, iproute2 was missing in the subject...resent.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH net-2.6.25] [IPV6] ADDRLABEL: Fix double free on label deletion.

2008-01-28 Thread YOSHIFUJI Hideaki / 
If an entry is being deleted because it has only one reference, 
we immediately delete it and blindly register the rcu handler for it,
This results in oops by double freeing that object.

This patch fixes it by consolidating the code paths for the deletion;
let its rcu handler delete the object if it has no more reference.

Bug was found by Mitsuru Chinen [EMAIL PROTECTED]

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---

diff --git a/net/ipv6/addrlabel.c b/net/ipv6/addrlabel.c
index 6f1ca60..7a706c4 100644
--- a/net/ipv6/addrlabel.c
+++ b/net/ipv6/addrlabel.c
@@ -106,6 +106,11 @@ static inline void ip6addrlbl_free(struct ip6addrlbl_entry 
*p)
kfree(p);
 }
 
+static void ip6addrlbl_free_rcu(struct rcu_head *h)
+{
+   ip6addrlbl_free(container_of(h, struct ip6addrlbl_entry, rcu));
+}
+
 static inline int ip6addrlbl_hold(struct ip6addrlbl_entry *p)
 {
return atomic_inc_not_zero(p-refcnt);
@@ -114,12 +119,7 @@ static inline int ip6addrlbl_hold(struct ip6addrlbl_entry 
*p)
 static inline void ip6addrlbl_put(struct ip6addrlbl_entry *p)
 {
if (atomic_dec_and_test(p-refcnt))
-   ip6addrlbl_free(p);
-}
-
-static void ip6addrlbl_free_rcu(struct rcu_head *h)
-{
-   ip6addrlbl_free(container_of(h, struct ip6addrlbl_entry, rcu));
+   call_rcu(p-rcu, ip6addrlbl_free_rcu);
 }
 
 /* Find label */
@@ -240,7 +240,6 @@ int __ip6addrlbl_add(struct ip6addrlbl_entry *newp, int 
replace)
}
hlist_replace_rcu(p-list, newp-list);
ip6addrlbl_put(p);
-   call_rcu(p-rcu, ip6addrlbl_free_rcu);
goto out;
} else if ((p-prefixlen == newp-prefixlen  
!p-ifindex) ||
   (p-prefixlen  newp-prefixlen)) {
@@ -300,7 +299,6 @@ int __ip6addrlbl_del(const struct in6_addr *prefix, int 
prefixlen,
ipv6_addr_equal(p-prefix, prefix)) {
hlist_del_rcu(p-list);
ip6addrlbl_put(p);
-   call_rcu(p-rcu, ip6addrlbl_free_rcu);
ret = 0;
break;
}

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch net-2.6.25][IPV6][SYSCTL] fix sysctl compilation error

2008-01-25 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Fri, 25 Jan 2008 14:32:23 +0100), Daniel 
Lezcano [EMAIL PROTECTED] says:

 Move ipv6_icmp_sysctl_init and ipv6_route_sysctl_init into
 the right ifdef section otherwise that does not compile when
 CONFIG_SYSCTL=yes and CONFIG_PROC_FS=no
 
 Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]

My bad

Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 12/12 net-2.6.25] [NETNS]: Add namespace for ICMP replying code.

2008-01-23 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Wed, 23 Jan 2008 10:16:29 +0100), Mathieu 
Lacage [EMAIL PROTECTED] says:

 I have been following the netns patches on this ML for a while but I
 still have not figured out in which tree the patches fed to David Miller
 are applied. I have attempted to grep the public trees 'davem/net-2.6'
 and 'davem/net-2.6.25' but without much success so far. Is there a
 public git tree I can clone which contains all the netns patches which
 David Miller state are 'Applied' ?

I'm cloning from
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.25.git

There may be some time-lag.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[GIT PULL] [IPV6,IPV4]: Fix several sparse warnings.

2008-01-22 Thread YOSHIFUJI Hideaki / 
Dave, please consider pulling following changes on top of net-2.6.25 tree:
git://git.linux-ipv6.org/gitroot/yoshfuji/linux-2.6-dev.git 
net-2.6-dev-20080122

Thank you.

HEADLINES
-

[IPV4] UDP,UDPLITE: Sparse: {__udp4_lib,udp,udplite}_err() are of void.
[IPV6] UDP,UDPLITE: Sparse: {__udp6_lib,udp,udplite}_err() are of void.
[IPV6] UDPLITE: Sparse: Declare non-static symbols in header.
[IPV6] ADDRLABEL: Sparse: Make several functions static.
[IPV6]: Sparse: Declare non-static ipv6_{route,icmp,frag}_sysctl_init() in 
header.
[IPV6] ADDRCONF: Sparse: Make inet6_dump_addr() code paths more 
straight-forward.
[IPV6] NDISC: Sparse: Use different variable name for local use.

DIFFSTAT


 include/net/ipv6.h |4 
 net/ipv4/udp.c |2 +-
 net/ipv4/udplite.c |2 +-
 net/ipv6/addrconf.c|   38 ++
 net/ipv6/addrlabel.c   |   20 ++--
 net/ipv6/af_inet6.c|2 --
 net/ipv6/ndisc.c   |   10 +-
 net/ipv6/sysctl_net_ipv6.c |3 ---
 net/ipv6/udp.c |2 +-
 net/ipv6/udp_impl.h|1 +
 net/ipv6/udplite.c |2 +-
 11 files changed, 42 insertions(+), 44 deletions(-)

CHANGESETS
--

commit 9c14555fec7d209c90ae5079c59dc9a338620fd7
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Tue Jan 22 17:05:31 2008 +0900

[IPV4] UDP,UDPLITE: Sparse: {__udp4_lib,udp,udplite}_err() are of void.

Fix following sparse warnings:
| net/ipv4/udp.c:421:2: warning: returning void-valued expression
| net/ipv4/udplite.c:38:2: warning: returning void-valued expression

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index cb2411c..ecd9d91 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -418,7 +418,7 @@ out:
 
 void udp_err(struct sk_buff *skb, u32 info)
 {
-   return __udp4_lib_err(skb, info, udp_hash);
+   __udp4_lib_err(skb, info, udp_hash);
 }
 
 /*
diff --git a/net/ipv4/udplite.c b/net/ipv4/udplite.c
index f5baeb3..001b881 100644
--- a/net/ipv4/udplite.c
+++ b/net/ipv4/udplite.c
@@ -35,7 +35,7 @@ static int udplite_rcv(struct sk_buff *skb)
 
 static void udplite_err(struct sk_buff *skb, u32 info)
 {
-   return __udp4_lib_err(skb, info, udplite_hash);
+   __udp4_lib_err(skb, info, udplite_hash);
 }
 
 static struct net_protocol udplite_protocol = {

---
commit feafbe254cd11496370192a08dbdc1d0ddda226f
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Tue Jan 22 17:09:55 2008 +0900

[IPV6] UDP,UDPLITE: Sparse: {__udp6_lib,udp,udplite}_err() are of void.

Fix following sparse warnings:
| net/ipv6/udp.c:262:2: warning: returning void-valued expression
| net/ipv6/udplite.c:29:2: warning: returning void-valued expression

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index bf58aca..bd4b9df 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -259,7 +259,7 @@ static __inline__ void udpv6_err(struct sk_buff *skb,
 struct inet6_skb_parm *opt, int type,
 int code, int offset, __be32 info )
 {
-   return __udp6_lib_err(skb, opt, type, code, offset, info, udp_hash);
+   __udp6_lib_err(skb, opt, type, code, offset, info, udp_hash);
 }
 
 int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
diff --git a/net/ipv6/udplite.c b/net/ipv6/udplite.c
index 39f0705..87d4202 100644
--- a/net/ipv6/udplite.c
+++ b/net/ipv6/udplite.c
@@ -26,7 +26,7 @@ static void udplitev6_err(struct sk_buff *skb,
  struct inet6_skb_parm *opt,
  int type, int code, int offset, __be32 info)
 {
-   return __udp6_lib_err(skb, opt, type, code, offset, info, udplite_hash);
+   __udp6_lib_err(skb, opt, type, code, offset, info, udplite_hash);
 }
 
 static struct inet6_protocol udplitev6_protocol = {

---
commit ce97db1c7fa125b3f24a3d424a6373824a0bca37
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Tue Jan 22 17:25:46 2008 +0900

[IPV6] UDPLITE: Sparse: Declare non-static symbols in header.

Fix the following sparse warnings:
| net/ipv6/udplite.c:45:14: warning: symbol 'udplitev6_prot' was not 
declared. Should it be static?
| net/ipv6/udplite.c:80:12: warning: symbol 'udplitev6_init' was not 
declared. Should it be static?
| net/ipv6/udplite.c:99:6: warning: symbol 'udplitev6_exit' was not 
declared. Should it be static?

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/ipv6/udp_impl.h b/net/ipv6/udp_impl.h
index 2d3fda6..21be3a8 100644
--- a/net/ipv6/udp_impl.h
+++ b/net/ipv6/udp_impl.h
@@ -5,6 +5,7 @@
 #include net/protocol.h
 #include net/addrconf.h
 #include net/inet_common.h
+#include net/transp_v6.h
 
 extern int __udp6_lib_rcv(struct sk_buff *, struct hlist_head [], int );
 extern void

Re: [PATCH 1/2] IPV6: ICMP6_MIB_OUTMSGS increment duplicated

2008-01-21 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Mon, 21 Jan 2008 17:46:32 +0800), Wang Chen 
[EMAIL PROTECTED] says:

 [IPV6]: ICMP6_MIB_OUTMSGS increment duplicated
 
 icmpv6_send() calls ip6_push_pending_frames() indirectly.
 Both ip6_push_pending_frames() and icmpv6_send() increment
 counter ICMP6_MIB_OUTMSGS.
 
 This patch remove the increment from icmpv6_send.
 
 Signed-off-by: Wang Chen [EMAIL PROTECTED]
Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/2] IPV6: RFC 2011 compatibility broken

2008-01-21 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Mon, 21 Jan 2008 17:46:44 +0800), Wang Chen 
[EMAIL PROTECTED] says:

 The snmp6 entry name was changed, and it broke compatibility
 to RFC 2011.
 
 Signed-off-by: Wang Chen [EMAIL PROTECTED]
Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] IPv4: Enable use of 240/4 address space

2008-01-19 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Sat, 19 Jan 2008 14:44:13 +0100 (CET)), Jan 
Engelhardt [EMAIL PROTECTED] says:

 From 84bccef295aa9754ee662191e32ba1d64edce2ba Mon Sep 17 00:00:00 2001
 From: Jan Engelhardt [EMAIL PROTECTED]
 Date: Fri, 18 Jan 2008 02:10:44 +0100
 Subject: [PATCH] IPv4: enable use of 240/4 address space
 
 This short patch modifies the IPv4 networking to enable use of the
 240.0.0.0/4 (aka class-E) address space as propsed in the internet
 draft draft-fuller-240space-00.txt.
 
 Signed-off-by: Jan Engelhardt [EMAIL PROTECTED]
Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] [IPV6] ROUTE: Make sending algorithm more friendly with RFC 4861.

2008-01-18 Thread YOSHIFUJI Hideaki / 
We omit (or delay) sending NSes for known-to-unreachable routers
(in NUD_FAILED state) according to RFC 4191 (Default Router Preferences
and More-Specific Routes).
But this is not fully compatible with RFC 4861 (Neighbor Discovery Protocol
for IPv6), which does not remember unreachability of neighbors.

So, let's avoid mixing sending algorithm of RFC 4191 and that of RFC 4861,
and make the algorithm more friendly with RFC 4861 if RFC 4191 is disabled.

Issue was found by IPv6 Ready Logo Core Self_Test 1.5.0b2 (by TAHI Project),
and has been tracked down by Mitsuru Chinen [EMAIL PROTECTED].

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 6ecb5e6..20083e0 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -329,7 +329,7 @@ static inline int rt6_check_dev(struct rt6_info *rt, int 
oif)
 static inline int rt6_check_neigh(struct rt6_info *rt)
 {
struct neighbour *neigh = rt-rt6i_nexthop;
-   int m = 0;
+   int m;
if (rt-rt6i_flags  RTF_NONEXTHOP ||
!(rt-rt6i_flags  RTF_GATEWAY))
m = 1;
@@ -337,10 +337,15 @@ static inline int rt6_check_neigh(struct rt6_info *rt)
read_lock_bh(neigh-lock);
if (neigh-nud_state  NUD_VALID)
m = 2;
-   else if (!(neigh-nud_state  NUD_FAILED))
+#ifdef CONFIG_IPV6_ROUTER_PREF
+   else if (neigh-nud_state  NUD_FAILED)
+   m = 0;
+#endif
+   else
m = 1;
read_unlock_bh(neigh-lock);
-   }
+   } else
+   m = 0;
return m;
 }
 

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] IPv4: Enable use of 240/4 address space

2008-01-17 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Fri, 18 Jan 2008 02:13:52 +0100 (CET)), Jan 
Engelhardt [EMAIL PROTECTED] says:

 diff --git a/include/linux/in.h b/include/linux/in.h
 index 27d8a5a..b01bf75 100644
 --- a/include/linux/in.h
 +++ b/include/linux/in.h
 @@ -216,9 +216,6 @@ struct sockaddr_in {
  #define  IN_MULTICAST(a) IN_CLASSD(a)
  #define IN_MULTICAST_NET 0xF000
  
 -#define  IN_EXPERIMENTAL(a)  long int) (a))  0xf000) == 
 0xf000)
 -#define  IN_BADCLASS(a)  IN_EXPERIMENTAL((a))
 -
  /* Address to accept any incoming messages. */
  #define  INADDR_ANY  ((unsigned long int) 0x)
  

No, please keep these macros.

 @@ -264,7 +261,7 @@ static inline bool ipv4_is_local_multicast(__be32 addr)
  
  static inline bool ipv4_is_badclass(__be32 addr)
  {
 - return (addr  htonl(0xf000)) == htonl(0xf000);
 + return addr == 0x;
  }
  

To (un)align the IN_BADCLASS macro and ipv6_is_badclass() definition,
you should change the name anyway, e.g., ipv6_is_limited_broadcast()
or some something alike.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] IPv4: Enable use of 240/4 address space

2008-01-17 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Fri, 18 Jan 2008 02:52:08 +0100 (CET)), Jan 
Engelhardt [EMAIL PROTECTED] says:

 
 On Jan 18 2008 10:26, YOSHIFUJI Hideaki / 吉藤英明 wrote:
  -#define   IN_EXPERIMENTAL(a)  long int) (a))  0xf000) == 
  0xf000)
  -#define   IN_BADCLASS(a)  IN_EXPERIMENTAL((a))
 
 No, please keep these macros.
 
  @@ -264,7 +261,7 @@ static inline bool ipv4_is_local_multicast(__be32 addr)
   
   static inline bool ipv4_is_badclass(__be32 addr)
   {
  -  return (addr  htonl(0xf000)) == htonl(0xf000);
  +  return addr == 0x;
   }
   
 
 To (un)align the IN_BADCLASS macro and ipv6_is_badclass() definition,
 
 Unalign? IPv6? Limited broadcast?

Sorry, ipv4_is_badclass().
Assuming IN_BADCLASS() is still there, we should not reuse the name
of ipv6_is_badclass because the their meanings are different.

 -static inline bool ipv4_is_badclass(__be32 addr)
 +static inline bool ipv4_is_broadcast(__be32 addr)
  {

I'm just afraid that people might think ipv4_is_broadcast
is for testing subnet broadcast address.

255.255.255.255 is limited broadcast address
(vs subnet broadcast address, which can be forwarded by routers).

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] IPv4: Enable use of 240/4 address space

2008-01-17 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Fri, 18 Jan 2008 11:13:19 +0900 (JST)), 
YOSHIFUJI Hideaki / 吉藤英明 [EMAIL PROTECTED] says:

 Assuming IN_BADCLASS() is still there, we should not reuse the name
 of ipv6_is_badclass because the their meanings are different.

Again, ipv4_is_badclass()
My hands almost automatically type 6 after ipv...

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Netconf at conf.au 2008?

2008-01-14 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Sun, 13 Jan 2008 19:17:51 +0100), martin f 
krafft [EMAIL PROTECTED] says:

 also sprach Andy Johnson [EMAIL PROTECTED] [2008.01.12.0752 +0100]:
  I saw somewhere (maybe in this mailing list a while ago) that
  there might be a  Linux Kernel Developers' Netconf conference  at
  conf.au 2008.
 
 I think you may be mixing things up, and it may be my fault in ways.
 I am developing netconf: http://netconf.alioth.debian.org. I am
 aware of the NETCONF protocol and have considered renaming my
 project, but looking around, it seemed to me that NETCONF isn't
 really all that active, and so I chose to keep the name. If people
 think that wasn't wise, I'm willing to listen...

Very confusing to me...

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 001/001] ipv4: enable use of 240/4 address space

2008-01-11 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Fri, 11 Jan 2008 12:17:02 +0100), Andi Kleen 
[EMAIL PROTECTED] says:

 Vince Fuller [EMAIL PROTECTED] writes:
 
  from Vince Fuller [EMAIL PROTECTED]
 
  This set of diffs modify the 2.6.20 kernel to enable use of the 240/4
  (aka class-E) address space as consistent with the Internet Draft
  draft-fuller-240space-00.txt.
 
 Wouldn't it be wise to at least wait for it becoming an RFC first? 

I do think so, too.

There is no positive consesus on this draft
at the intarea meeting in Vancouver, right?

We cannot / should not enable that space until we have reached
a consensus on it.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 001/001] ipv4: enable use of 240/4 address space

2008-01-11 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Fri, 11 Jan 2008 17:48:57 -0800 (PST)), 
David Miller [EMAIL PROTECTED] says:

 From: YOSHIFUJI Hideaki / 吉藤英明 [EMAIL PROTECTED]
 Date: Fri, 11 Jan 2008 21:41:20 +0900 (JST)
 
  There is no positive consesus on this draft
  at the intarea meeting in Vancouver, right?
  
  We cannot / should not enable that space until we have reached
  a consensus on it.
 
 This is so incredibly incorrect.
 
 There is consensus on making network stacks able to use this
 address space.  And that is all that the patch does.

No, we did never make consensus on it.

 The consensus is only missing on whether to make the address
 space public or private.
 
 This is also clearly spelled out in the draft.
 
 It is important to get as large of a head start on this as
 possible because of how long it takes to deploy something
 like this.

Okay, though I am afraid this space will not be used widely,
we should be ready for it.

I'll make some more comments on the patch itself from
another point view.

--yoshfuji

--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 001/001] ipv4: enable use of 240/4 address space

2008-01-11 Thread YOSHIFUJI Hideaki / 
Hello.

In article [EMAIL PROTECTED] (at Mon, 7 Jan 2008 17:10:57 -0800), Vince 
Fuller [EMAIL PROTECTED] says:

  #define IN_MULTICAST_NET 0xF000
  
 +#define IN_CLASSE(a) long int) (a))  0xf000) == 0xf000)
 +#define  IN_CLASSE_NET   0xff00
 +#define  IN_CLASSE_NSHIFT8
 +#define  IN_CLASSE_HOST  (0x  ~IN_CLASSE_NET)
 +
 +/* 
 + * these are no longer used
  #define  IN_EXPERIMENTAL(a)  long int) (a))  0xf000) == 
 0xf000)
  #define  IN_BADCLASS(a)  IN_EXPERIMENTAL((a))
 +*/

Please do not remove this, but have these instead:

#define IN_EXPERIMENTAL(a)  IN_CLASSE((a))
#define IN_BADCASS(a)   IN_CLASSE((a))

And, I think it is good to remove BADCLASS() (inside
#ifdef __KERNEL__ .. #endif) because we do not have its users
any longer, right?

Regards,

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Linux IPv6 DAD not full conform to RFC 4862 ?

2008-01-09 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Wed, 9 Jan 2008 16:36:56 +0100), Karsten 
Keil [EMAIL PROTECTED] says:

 So I think we should disable the interface now, if DAD fails on a
 hardware based LLA.

I don't want to do this, at least, unconditionally.

Options (not exclusive):

- we could have enable_ipv6 interface flag and check it in
  input/output paths
- we could have dad_reaction interface variable and
  1: disable interface
 = 1: disable IPv6
  0: ignore (as we do now)

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Linux IPv6 DAD not full conform to RFC 4862 ?

2008-01-09 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Thu, 10 Jan 2008 01:38:57 +0900 (JST)), 
YOSHIFUJI Hideaki / 吉藤英明 [EMAIL PROTECTED] says:

 - we could have dad_reaction interface variable and
   1: disable interface
  = 1: disable IPv6
   0: ignore (as we do now)

Argh, 0, 0 and 0, maybe.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Linux IPv6 DAD not full conform to RFC 4862 ?

2008-01-09 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Wed, 09 Jan 2008 15:32:12 -0800 (PST)), 
David Miller [EMAIL PROTECTED] says:

 I question any RFC mandate that shuts down IP communication on a node
 because of packets received from remote systems.

RFC4862 tell us that we SHOULD disable IP communication.
(IP means IPv6 here; IPv4 is out of scope.)
In IETF term, a SHOULD is almost a MUST.  We are required to follow
unless we have very good reason to ignore it.

 If the TAHI test can trigger this, so can a compromised system on your
 network and won't that be fun? :-)

So, I know the specification, but I have ignored it.
I think it is fine to implent in some way, but I do think we must have
a switch not to do this.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Linux IPv6 DAD not full conform to RFC 4862 ?

2008-01-09 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Wed, 09 Jan 2008 15:55:44 -0800 (PST)), 
David Miller [EMAIL PROTECTED] says:

 Because of the above, the existing behavior must still stay the
 default.  I hope this is your plan.
 
 By default Linux will not implement this SHOULD, it's a security
 issue.

Yes so far, though we may have more things to consider.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH net-2.6][NEIGH] Updating affected neighbours when about MAC address change

2007-12-23 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Sun, 23 Dec 2007 13:41:36 +0200), David 
Shwatrz [EMAIL PROTECTED] says:

 I had written a small patch to neigh_changeaddr() in net/core/neighbour.c
 against the 2.6 git net tree, which sends a gratuitous ARP to update
 the list of
 all the involved neighbours with the change of MAC address.
 The patch is for neigh_changeaddr() only.

Though I can see no patch, but I disagree. ;-)
I do think you should change arp_netdev_event() and ndisc_netdev_event().

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH net-2.6][NEIGH] Updating affected neighbours when about MAC address change

2007-12-23 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Sun, 23 Dec 2007 14:24:00 +0200), David 
Shwatrz [EMAIL PROTECTED] says:

 Regarding your answer;  I accept it and I will soon send a revised
 version of this patch (making changes to
  arp_netdev_event() and ndisc_netdev_event().)
 I had  IPv4 in mind, there is no reason that it will no be also in IPv6.

You should iterate all of ifa_list (for IPv4) / addr_list (for IPv6).
For IPv6, we also have anycast (maintained by ac_list) as well.

--yoshfuji

--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH net-2.6][NEIGH] Updating affected neighbours when about MAC address change

2007-12-23 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Sun, 23 Dec 2007 07:46:15 -0500), jamal 
[EMAIL PROTECTED] says:

 On Sun, 2007-23-12 at 21:38 +0900, YOSHIFUJI Hideaki / 吉藤英明 wrote:
  In article [EMAIL PROTECTED] (at Sun, 23 Dec 2007 14:24:00 +0200), David 
  Shwatrz [EMAIL PROTECTED] says:
  
   Regarding your answer;  I accept it and I will soon send a revised
   version of this patch (making changes to
arp_netdev_event() and ndisc_netdev_event().)
   I had  IPv4 in mind, there is no reason that it will no be also in IPv6.
  
  You should iterate all of ifa_list (for IPv4) / addr_list (for IPv6).
  For IPv6, we also have anycast (maintained by ac_list) as well.
  
 
 Hrm, how is this going to work for the case of multiple MACs on a
 device? 
 Changing one MAC address doesnt equate to issuing a grat arp with _the
 new MAC_ for all ifa (given each MAC may be map to a different ifa) 

If the secondary MACs are used with ARP/NDP, we should take care of
that, but I think we use the primary MAC for ARP/NDP, no?
(In other words, we always use primary MAC for ARP reply / NA, no?)

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH net-2.6][NEIGH] Updating affected neighbours when about MAC address change

2007-12-23 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Sun, 23 Dec 2007 15:04:37 +0200), David 
Shwatrz [EMAIL PROTECTED] says:

 Hello,
 
 
 You should iterate all of ifa_list (for IPv4) / addr_list (for IPv6).
  For IPv6, we also have anycast (maintained by ac_list) as well.
 
 I am not sure that we need to iterate all of ifa_list in IPv4.
 The reason is that we end with arp_send, and it initiates a broadcast.
 So all neighbours will receive it and update their arp tables
 accordingly.
 The dest hw in the arp_send is NULL according to this patch ; this means that
 we will assign dev-broadcast to dest_hw  in apr_create().
 
 It seems to me there's no reason to send more than one broadcast.

Urgh? what is happend if you have multiple IPv4 addresses on the device?


 In IPv6, I need to check, since it is multicast.

Please read RFC2461 Section 7.2.6.  In short we should send a few
unsolicited NA, but I think you can start from sending once per an
address.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] [IPROUTE]: A workaround to make larger rto_min printed correctly

2007-12-21 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Fri, 21 Dec 2007 11:24:54 +0900), Satoru 
SATOH [EMAIL PROTECTED] says:

 2007/12/21, Jarek Poplawski [EMAIL PROTECTED]:
  Jarek Poplawski wrote, On 12/20/2007 09:24 PM:
  ...
 
   but since it's your patch, I hope you do some additional checking
   if it's always like this...
 
 
  ...or maybe only changing this all a little bit will make it look safer!
 
  Jarek P.
 
 
 OK, how about this?
 
 Signed-off-by: Satoru SATOH [EMAIL PROTECTED]
 
  ip/iproute.c |   12 
  1 files changed, 8 insertions(+), 4 deletions(-)
 
 diff --git a/ip/iproute.c b/ip/iproute.c
 index f4200ae..c771b34 100644
 --- a/ip/iproute.c
 +++ b/ip/iproute.c
 @@ -510,16 +510,20 @@ int print_route(const struct sockaddr_nl *who,
 struct nlmsghdr *n, void *arg)
   fprintf(fp,  %u, 
 *(unsigned*)RTA_DATA(mxrta[i]));
   else {
   unsigned val = *(unsigned*)RTA_DATA(mxrta[i]);
 + unsigned hz1 = hz;
 + if (hz1  1000)

Why don't you simply use unsigned long long (or maybe uint64_t) here?

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--- 
diff --git a/ip/iproute.c b/ip/iproute.c
index f4200ae..db9a3b6 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -509,16 +509,21 @@ int print_route(const struct sockaddr_nl *who, struct 
nlmsghdr *n, void *arg)
i != RTAX_RTO_MIN)
fprintf(fp,  %u, 
*(unsigned*)RTA_DATA(mxrta[i]));
else {
-   unsigned val = *(unsigned*)RTA_DATA(mxrta[i]);
+   unsigned long long val = 
*(unsigned*)RTA_DATA(mxrta[i]);
+   unsigned div = 1;
 
-   val *= 1000;
if (i == RTAX_RTT)
-   val /= 8;
+   div = 8;
else if (i == RTAX_RTTVAR)
-   val /= 4;
-   if (val = hz)
-   fprintf(fp,  %ums, val/hz);
+   div = 4;
else
+   div = 1;
+
+   val = val * 1000ULL / div;
+
+   if (val = hz) {
+   fprintf(fp,  %llums, val/hz);
+   } else
fprintf(fp,  %.2fms, (float)val/hz);
}
}

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] [IPROUTE]: A workaround to make larger rto_min printed correctly

2007-12-21 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Fri, 21 Dec 2007 22:49:59 +0900), Satoru 
SATOH [EMAIL PROTECTED] says:

 I agree.
 
 I mistakenly thought hz in that context must be larger than 1000..
 As it's uncertain, your's looks much simpler and better.
 
 (btw, the lines else  div = 1 is not needed, is it?)

Simplest fix is as follows:

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
--
diff --git a/ip/iproute.c b/ip/iproute.c
index f4200ae..7a885b0 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -509,7 +509,7 @@ int print_route(const struct sockaddr_nl *who, struct 
nlmsghdr *n, void *arg)
i != RTAX_RTO_MIN)
fprintf(fp,  %u, 
*(unsigned*)RTA_DATA(mxrta[i]));
else {
-   unsigned val = *(unsigned*)RTA_DATA(mxrta[i]);
+   unsigned long long val = 
*(unsigned*)RTA_DATA(mxrta[i]);
 
val *= 1000;
if (i == RTAX_RTT)
@@ -517,7 +517,7 @@ int print_route(const struct sockaddr_nl *who, struct 
nlmsghdr *n, void *arg)
else if (i == RTAX_RTTVAR)
val /= 4;
if (val = hz)
-   fprintf(fp,  %ums, val/hz);
+   fprintf(fp,  %llums, val/hz);
else
fprintf(fp,  %.2fms, (float)val/hz);
}

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] [IPROUTE]: A workaround to make larger rto_min printed correctly

2007-12-20 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Thu, 20 Dec 2007 12:31:27 +0900), Satoru 
SATOH [EMAIL PROTECTED] says:

 diff --git a/ip/iproute.c b/ip/iproute.c
 index f4200ae..fa722c6 100644
 --- a/ip/iproute.c
 +++ b/ip/iproute.c
 @@ -510,16 +510,16 @@ int print_route(const struct sockaddr_nl *who,
 struct nlmsghdr *n, void *arg)
 fprintf(fp,  %u,
 *(unsigned*)RTA_DATA(mxrta[i]));
 else {
 unsigned val = *(unsigned*)RTA_DATA(mxrta[i]);
 +   unsigned hz1 = hz / 1000;
 
 -   val *= 1000;
 if (i == RTAX_RTT)

I think this is incorrect; hz might not be 1000; e.g. 250 etc.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [TCP] IPV6 : Change a divide into a right shift in tcp_v6_send_ack()

2007-12-20 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Fri, 21 Dec 2007 07:03:58 +0100), Eric 
Dumazet [EMAIL PROTECTED] says:

 Because tot_len is signed in tcp_v6_send_ack(), tot_len/4 forces compiler
 to emit an integer divide, while we can help it to use a right shift,
 less expensive.

Are you really sure?
At least, gcc-4.1.2-20061115 (debian) does not make any difference.

And, IMHO, because shift for signed variable is fragile, so we should
avoid using it.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [TCP] IPV6 : Change a divide into a right shift in tcp_v6_send_ack()

2007-12-20 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Fri, 21 Dec 2007 08:39:24 +0100), Eric 
Dumazet [EMAIL PROTECTED] says:

  Okay, anyway, I'll convert them to unsigned int, which is more
  appropriate.
 
 I didnt chose this path, because David was against changing some fields from 
 'int' to 'unsigned'. If you look in other parts of networking, we have many 
  
 1 or  2 already there.

I do think it is safe to convert them here.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[TCP]: Convert several length variable to unsigned.

2007-12-20 Thread YOSHIFUJI Hideaki / 
Several length variables cannot be negative, so convert int to
unsigned int.  This also allows us to do sane shift operations
on those variables.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--
diff --git a/include/net/tcp.h b/include/net/tcp.h
index cb5b033..f663a85 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1153,7 +1153,8 @@ extern int
tcp_v4_calc_md5_hash(char *md5_hash,
 struct dst_entry *dst,
 struct request_sock *req,
 struct tcphdr *th,
-int protocol, int tcplen);
+int protocol,
+unsigned int tcplen);
 extern struct tcp_md5sig_key   *tcp_v4_md5_lookup(struct sock *sk,
   struct sock *addr_sk);
 
@@ -1359,7 +1360,8 @@ struct tcp_sock_af_ops {
  struct dst_entry *dst,
  struct request_sock *req,
  struct tcphdr *th,
- int protocol, int len);
+ int protocol,
+ unsigned int len);
int (*md5_add) (struct sock *sk,
struct sock *addr_sk,
u8 *newkey,
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 652c323..601b4ca 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -99,7 +99,7 @@ static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct 
sock *sk,
 static int tcp_v4_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
   __be32 saddr, __be32 daddr,
   struct tcphdr *th, int protocol,
-  int tcplen);
+  unsigned int tcplen);
 #endif
 
 struct inet_hashinfo __cacheline_aligned tcp_hashinfo = {
@@ -1020,7 +1020,7 @@ static int tcp_v4_parse_md5_keys(struct sock *sk, char 
__user *optval,
 static int tcp_v4_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
   __be32 saddr, __be32 daddr,
   struct tcphdr *th, int protocol,
-  int tcplen)
+  unsinged int tcplen)
 {
struct scatterlist sg[4];
__u16 data_len;
@@ -1113,7 +1113,7 @@ int tcp_v4_calc_md5_hash(char *md5_hash, struct 
tcp_md5sig_key *key,
 struct dst_entry *dst,
 struct request_sock *req,
 struct tcphdr *th, int protocol,
-int tcplen)
+unsigned int tcplen)
 {
__be32 saddr, daddr;
 
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 93980c3..3b4169c 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -733,7 +733,7 @@ static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct 
tcp_md5sig_key *key,
   struct in6_addr *saddr,
   struct in6_addr *daddr,
   struct tcphdr *th, int protocol,
-  int tcplen)
+  unsigned int tcplen)
 {
struct scatterlist sg[4];
__u16 data_len;
@@ -818,7 +818,7 @@ static int tcp_v6_calc_md5_hash(char *md5_hash, struct 
tcp_md5sig_key *key,
struct dst_entry *dst,
struct request_sock *req,
struct tcphdr *th, int protocol,
-   int tcplen)
+   unsigned int tcplen)
 {
struct in6_addr *saddr, *daddr;
 
@@ -985,7 +985,7 @@ static void tcp_v6_send_reset(struct sock *sk, struct 
sk_buff *skb)
struct tcphdr *th = tcp_hdr(skb), *t1;
struct sk_buff *buff;
struct flowi fl;
-   int tot_len = sizeof(*th);
+   unsigned int tot_len = sizeof(*th);
 #ifdef CONFIG_TCP_MD5SIG
struct tcp_md5sig_key *key;
 #endif
@@ -1085,7 +1085,7 @@ static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
struct tcphdr *th = tcp_hdr(skb), *t1;
struct sk_buff *buff;
struct flowi fl;
-   int tot_len = sizeof(struct tcphdr);
+   unsigned int tot_len = sizeof(struct tcphdr);
__be32 *topt;
 #ifdef CONFIG_TCP_MD5SIG
struct tcp_md5sig_key *key;
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at

[GIT PULL] [NET]: Use {hton{s,l},cpu_to_be{16,32}}() where appropriate.

2007-12-13 Thread YOSHIFUJI Hideaki / 
Hello.

Please consider pulling the following changes from the branch
net-2.6-dev-20071214
available at
git://git.linux-ipv6.org/gitroot/yoshfuji/linux-2.6-dev.git
which is on top of your net-2.6-devel tree.

Regards,

---
HEADLINES
-

[BRIDGE]: Use cpu_to_be16() where appropriate.
[DECNET]: Use htons() where appropriate.
[IEEE80211]: Use htons() where appropriate.
[IPVS]: Use htons() where appropriate.
[IRDA]: Use htons() where appropriate.
[MAC80211]: Use htons() where appropriate.
[RXRPC]: Use cpu_to_be32() where appropriate.
[SUNRPC]: Use htonl() where appropriate.

DIFFSTAT


 net/bridge/br_input.c   |2 +-
 net/decnet/af_decnet.c  |2 +-
 net/decnet/dn_nsp_out.c |2 +-
 net/decnet/dn_route.c   |2 +-
 net/ieee80211/ieee80211_rx.c|4 ++--
 net/ipv4/ipvs/ip_vs_proto.c |2 +-
 net/ipv4/ipvs/ip_vs_proto_esp.c |   16 
 net/irda/iriap.c|2 +-
 net/mac80211/rx.c   |2 +-
 net/mac80211/wme.c  |2 +-
 net/rxrpc/ar-connection.c   |2 +-
 net/rxrpc/ar-input.c|4 ++--
 net/rxrpc/rxkad.c   |4 ++--
 net/sunrpc/xprtrdma/rpc_rdma.c  |6 +++---
 14 files changed, 26 insertions(+), 26 deletions(-)

CHANGESETS
--

commit 8979a93df4ca6b9b411296265ad3591d9f780569
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Wed Dec 12 03:51:03 2007 +0900

[BRIDGE]: Use cpu_to_be16() where appropriate.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 0ee79a7..255c00f 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -109,7 +109,7 @@ static inline int is_link_local(const unsigned char *dest)
 {
__be16 *a = (__be16 *)dest;
static const __be16 *b = (const __be16 *)br_group_address;
-   static const __be16 m = __constant_cpu_to_be16(0xfff0);
+   static const __be16 m = cpu_to_be16(0xfff0);
 
return ((a[0] ^ b[0]) | (a[1] ^ b[1]) | ((a[2] ^ b[2])  m)) == 0;
 }

---
commit c60e701fabb6c2371a9fab2aa6a71b00bfa3cc1d
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Wed Dec 12 03:51:49 2007 +0900

[DECNET]: Use htons() where appropriate.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index 57d5749..acd48ee 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -1904,7 +1904,7 @@ static inline struct sk_buff *dn_alloc_send_pskb(struct 
sock *sk,
struct sk_buff *skb = sock_alloc_send_skb(sk, datalen,
   noblock, errcode);
if (skb) {
-   skb-protocol = __constant_htons(ETH_P_DNA_RT);
+   skb-protocol = htons(ETH_P_DNA_RT);
skb-pkt_type = PACKET_OUTGOING;
}
return skb;
diff --git a/net/decnet/dn_nsp_out.c b/net/decnet/dn_nsp_out.c
index 7404653..1964faf 100644
--- a/net/decnet/dn_nsp_out.c
+++ b/net/decnet/dn_nsp_out.c
@@ -124,7 +124,7 @@ struct sk_buff *dn_alloc_skb(struct sock *sk, int size, 
gfp_t pri)
if ((skb = alloc_skb(size + hdr, pri)) == NULL)
return NULL;
 
-   skb-protocol = __constant_htons(ETH_P_DNA_RT);
+   skb-protocol = htons(ETH_P_DNA_RT);
skb-pkt_type = PACKET_OUTGOING;
 
if (sk)
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c
index 2d95cf1..20263d9 100644
--- a/net/decnet/dn_route.c
+++ b/net/decnet/dn_route.c
@@ -1551,7 +1551,7 @@ static int dn_cache_getroute(struct sk_buff *in_skb, 
struct nlmsghdr *nlh, void
kfree_skb(skb);
return -ENODEV;
}
-   skb-protocol = __constant_htons(ETH_P_DNA_RT);
+   skb-protocol = htons(ETH_P_DNA_RT);
skb-dev = dev;
cb-src = fl.fld_src;
cb-dst = fl.fld_dst;

---
commit 6a29ce9b3427655b4e54e64d156199262dc08078
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Wed Dec 12 03:52:26 2007 +0900

[IEEE80211]: Use htons() where appropriate.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c
index 21c0fad..13b12a6 100644
--- a/net/ieee80211/ieee80211_rx.c
+++ b/net/ieee80211/ieee80211_rx.c
@@ -45,7 +45,7 @@ static void ieee80211_monitor_rx(struct ieee80211_device 
*ieee,
skb_reset_mac_header(skb);
skb_pull(skb, ieee80211_get_hdrlen(fc));
skb-pkt_type = PACKET_OTHERHOST;
-   skb-protocol = __constant_htons(ETH_P_80211_RAW);
+   skb-protocol = htons(ETH_P_80211_RAW);
memset(skb-cb, 0, sizeof(skb-cb));
netif_rx(skb);
 }
@@ -800,7 +800,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct 
sk_buff *skb,
if (skb2 != NULL) {
/* send to wireless media */
skb2-dev = dev;

Re: ip neigh show not showing arp cache entries?

2007-12-12 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Wed, 12 Dec 2007 15:57:08 -0600), Chris 
Friesen [EMAIL PROTECTED] says:

  You may try other versions of this command
  
  http://devresources.linux-foundation.org/dev/iproute2/download/
 
 They appear to be numbered by kernel version, and the above version is 
 the most recent one for 2.6.14.  Will more recent ones (for newer 
 kernels) work with my kernel?

It should work; if it doesn't, please make a report.  Thanks.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v2] XFRM: assorted IPsec fixups

2007-12-11 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Tue, 11 Dec 2007 11:30:19 -0500), Paul Moore 
[EMAIL PROTECTED] says:

 diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
 index 5b860b6..e2a3dd1 100644
 --- a/net/xfrm/xfrm_state.c
 +++ b/net/xfrm/xfrm_state.c
:
 @@ -1994,67 +1995,59 @@ void __init xfrm_state_init(void)
  static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x,
  struct audit_buffer *audit_buf)
  {
 - if (x-security)
 - audit_log_format(audit_buf,  sec_alg=%u sec_doi=%u sec_obj=%s,
 -  x-security-ctx_alg, x-security-ctx_doi,
 -  x-security-ctx_str);
 + struct xfrm_sec_ctx *ctx = x-security;
 + u32 spi = ntohl(x-id.spi);
  
 - switch(x-props.family) {
 - case AF_INET:
 - audit_log_format(audit_buf,  src=%u.%u.%u.%u dst=%u.%u.%u.%u,
 -  NIPQUAD(x-props.saddr.a4),
 -  NIPQUAD(x-id.daddr.a4));
 - break;
 - case AF_INET6:
 - {
 - struct in6_addr saddr6, daddr6;
 -
 - memcpy(saddr6, x-props.saddr.a6,
 - sizeof(struct in6_addr));
 - memcpy(daddr6, x-id.daddr.a6,
 - sizeof(struct in6_addr));
 - audit_log_format(audit_buf,
 -   src= NIP6_FMT  dst= NIP6_FMT,
 -  NIP6(saddr6), NIP6(daddr6));
 - }
 - break;
 - }
 +if (ctx)
 +audit_log_format(audit_buf,  sec_alg=%u sec_doi=%u 
 sec_obj=%s,
 + ctx-ctx_alg, ctx-ctx_doi, ctx-ctx_str);
 +
 +switch(x-props.family) {
 +case AF_INET:
 +audit_log_format(audit_buf,
 +   src= NIPQUAD_FMT  dst= NIPQUAD_FMT,
 + NIPQUAD(x-props.saddr.a4),
 + NIPQUAD(x-id.daddr.a4));
 +break;
 +case AF_INET6:
 + audit_log_format(audit_buf,
 +   src= NIP6_FMT  dst= NIP6_FMT,
 +  NIP6(*(struct in6_addr *)x-props.saddr.a6),
 +  NIP6(*(struct in6_addr *)x-id.daddr.a6));
 +break;
 +}
 +
 + audit_log_format(audit_buf,  spi=%u(0x%x), spi, spi);
  }
  

Please do not mangle tabs into spaces.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] IPv6 support for NFS server

2007-12-11 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Tue, 11 Dec 2007 19:00:08 +0100), Aurélien 
Charbon [EMAIL PROTECTED] says:

 --- linux-2.6.24-rc4/include/net/ipv6.h   2007-12-10 16:11:38.0 
 +0100
 +++ linux-2.6.24-rc4-IPv6-cache-based/include/net/ipv6.h  2007-12-11 
 17:52:39.0 +0100
 @@ -400,6 +400,15 @@ static inline int ipv6_addr_v4mapped(con
a-s6_addr32[2] == htonl(0x));
  }
  
 +static inline void ipv6_addr_set_v4mapped(const __be32 addr,
 +   struct in6_addr *v4mapped)
 +{
 + ipv6_addr_set(v4mapped,
 + 0, 0,
 + __constant_htonl(0x),
 + addr);
 +}
 +
  /*
   * find the first different bit between two addresses
   * length of address must be a multiple of 32bits

Use htonl() here, not __constant_htonl().

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] NETLINK : kzalloc() conversion

2007-12-10 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Tue, 11 Dec 2007 06:40:18 +0100), Eric 
Dumazet [EMAIL PROTECTED] says:

 nl_pid_hash_alloc() is renamed to nl_pid_hash_zalloc().
 It is now returning zeroed memory to its callers.

I do think you do not need (and you should not) rename it
because XXX_zalloc() would imply we have raw XXX_alloc().

--yoshfuji

--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] [NET]: Remove unused mibalign argument for snmp_mib_init().

2007-12-08 Thread YOSHIFUJI Hideaki / 
Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

---
diff --git a/include/net/ip.h b/include/net/ip.h
index 840dd91..7f18819 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -169,7 +169,7 @@ DECLARE_SNMP_STAT(struct linux_mib, net_statistics);
 #define NET_ADD_STATS_USER(field, adnd)
SNMP_ADD_STATS_USER(net_statistics, field, adnd)
 
 extern unsigned long snmp_fold_field(void *mib[], int offt);
-extern int snmp_mib_init(void *ptr[2], size_t mibsize, size_t mibalign);
+extern int snmp_mib_init(void *ptr[2], size_t mibsize);
 extern void snmp_mib_free(void *ptr[2]);
 
 extern void inet_get_local_port_range(int *low, int *high);
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index d2f22e7..afee63e 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1237,7 +1237,7 @@ unsigned long snmp_fold_field(void *mib[], int offt)
 }
 EXPORT_SYMBOL_GPL(snmp_fold_field);
 
-int snmp_mib_init(void *ptr[2], size_t mibsize, size_t mibalign)
+int snmp_mib_init(void *ptr[2], size_t mibsize)
 {
BUG_ON(ptr == NULL);
ptr[0] = __alloc_percpu(mibsize);
@@ -1291,32 +1291,25 @@ static struct net_protocol icmp_protocol = {
 static int __init init_ipv4_mibs(void)
 {
if (snmp_mib_init((void **)net_statistics,
- sizeof(struct linux_mib),
- __alignof__(struct linux_mib))  0)
+ sizeof(struct linux_mib))  0)
goto err_net_mib;
if (snmp_mib_init((void **)ip_statistics,
- sizeof(struct ipstats_mib),
- __alignof__(struct ipstats_mib))  0)
+ sizeof(struct ipstats_mib))  0)
goto err_ip_mib;
if (snmp_mib_init((void **)icmp_statistics,
- sizeof(struct icmp_mib),
- __alignof__(struct icmp_mib))  0)
+ sizeof(struct icmp_mib))  0)
goto err_icmp_mib;
if (snmp_mib_init((void **)icmpmsg_statistics,
- sizeof(struct icmpmsg_mib),
- __alignof__(struct icmpmsg_mib))  0)
+ sizeof(struct icmpmsg_mib))  0)
goto err_icmpmsg_mib;
if (snmp_mib_init((void **)tcp_statistics,
- sizeof(struct tcp_mib),
- __alignof__(struct tcp_mib))  0)
+ sizeof(struct tcp_mib))  0)
goto err_tcp_mib;
if (snmp_mib_init((void **)udp_statistics,
- sizeof(struct udp_mib),
- __alignof__(struct udp_mib))  0)
+ sizeof(struct udp_mib))  0)
goto err_udp_mib;
if (snmp_mib_init((void **)udplite_statistics,
- sizeof(struct udp_mib),
- __alignof__(struct udp_mib))  0)
+ sizeof(struct udp_mib))  0)
goto err_udplite_mib;
 
tcp_mib_init();
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index d9a59e0..9d4896f 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -257,16 +257,13 @@ static void addrconf_mod_timer(struct inet6_ifaddr *ifp,
 static int snmp6_alloc_dev(struct inet6_dev *idev)
 {
if (snmp_mib_init((void **)idev-stats.ipv6,
- sizeof(struct ipstats_mib),
- __alignof__(struct ipstats_mib))  0)
+ sizeof(struct ipstats_mib))  0)
goto err_ip;
if (snmp_mib_init((void **)idev-stats.icmpv6,
- sizeof(struct icmpv6_mib),
- __alignof__(struct icmpv6_mib))  0)
+ sizeof(struct icmpv6_mib))  0)
goto err_icmp;
if (snmp_mib_init((void **)idev-stats.icmpv6msg,
- sizeof(struct icmpv6msg_mib),
- __alignof__(struct icmpv6msg_mib))  0)
+ sizeof(struct icmpv6msg_mib))  0)
goto err_icmpmsg;
 
return 0;

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: 'default' vs. 'all'

2007-12-08 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Sat, 08 Dec 2007 00:04:29 -0800 (PST)), 
David Miller [EMAIL PROTECTED] says:

 Herbert, Yoshifuji and I were just discussing the
 sysfs device attribute issue.
 
 It's seems sane to me that if we had some kind of
 'dirty' bit per attribute we could propagate default
 settings everywhere except where the dirty bit had
 been set.

One good event to propagate is the NETDEV_UP; if the dirty bit is
not set when the device is brought up, copy the default values to
the device.

Regards,

--yoshfuji @ Seattle
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][NET]: Finish removing unused mibalign argument for snmp_mib_init().

2007-12-08 Thread YOSHIFUJI Hideaki / 
Hello.

In article [EMAIL PROTECTED] (at Sat, 8 Dec 2007 15:55:34 -0200), Arnaldo 
Carvalho de Melo [EMAIL PROTECTED] says:

 Signed-off-by: Arnaldo Carvalho de Melo [EMAIL PROTECTED]
 
 diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
 index 5ab8ba7..90d2f72 100644
 --- a/net/ipv6/af_inet6.c
 +++ b/net/ipv6/af_inet6.c
 @@ -714,20 +714,19 @@ EXPORT_SYMBOL_GPL(ipv6_opt_accepted);
  
  static int __init init_ipv6_mibs(void)
  {
 - if (snmp_mib_init((void **)ipv6_statistics, sizeof (struct ipstats_mib),
 -   __alignof__(struct ipstats_mib))  0)
 + if (snmp_mib_init((void **)ipv6_statistics,
 +   sizeof(struct ipstats_mib))  0)
   goto err_ip_mib;

Oops... thanks.
Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 0/3][IPV6]: remove ifdef in route6 init/fini functions

2007-12-07 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Fri, 07 Dec 2007 14:13:25 +0100), Daniel 
Lezcano [EMAIL PROTECTED] says:

 The route6 init function is a little difficult to read because it contains 
 a lot of ifdef. The patchset redefines the usual static inline functions when
 the code is to be disabled by configuration, so we can call the code without
 taking care of the config option in the init function.

Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] [IPV6] XFRM: Fix auditing rt6i_flags; use RTF_xxx flags instead of RTCF_xxx.

2007-12-07 Thread YOSHIFUJI Hideaki / 
RTCF_xxx flags, defined in include/linux/in_route.h) are available for
IPv4 route (rtable) entries only.  Use RTF_xxx flags instead,
defined in include/linux/ipv6_route.h, for IPv6 route entries (rt6_info).

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 82e27b8..b8e9eb4 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -233,7 +233,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct 
xfrm_state **xfrm, int
dst_prev-output = dst_prev-xfrm-outer_mode-afinfo-output;
/* Sheit... I remember I did this right. Apparently,
 * it was magically lost, so this code needs audit */
-   x-u.rt6.rt6i_flags= 
rt0-rt6i_flags(RTCF_BROADCAST|RTCF_MULTICAST|RTCF_LOCAL);
+   x-u.rt6.rt6i_flags= 
rt0-rt6i_flags(RTF_ANYCAST|RTF_LOCAL);
x-u.rt6.rt6i_metric   = rt0-rt6i_metric;
x-u.rt6.rt6i_node = rt0-rt6i_node;
x-u.rt6.rt6i_gateway  = rt0-rt6i_gateway;

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: XFRM and IPv6 raw sockets and multicast

2007-12-04 Thread YOSHIFUJI Hideaki / 
Hello.

In article [EMAIL PROTECTED] (at Tue, 4 Dec 2007 16:27:50 +0100), Hugo 
Santos [EMAIL PROTECTED] says:

   The behavior is the same as in UDP, but ipv6_pinfo-saddr is not
 usually set for these kind of sockets. I would say that if fl6_src is
 any, it should be copied from the ipv6 header.

What do you mean by ipv6 header?

   Another question is why does raw.c require a msg_name? If
 inet-hdrincl was set, it could use the ipv6 header destination
 address in the absense of msg_name.

I think hdrincl is broken (and even, say, deprecated) on IPv6.

If we do really support it, if hdcincl is set, XFRM and other
all extension header processes should be skipped, but they are
not very clear at all so far.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: XFRM and IPv6 raw sockets and multicast

2007-12-04 Thread YOSHIFUJI Hideaki / 
Hello.

In article [EMAIL PROTECTED] (at Tue, 4 Dec 2007 17:01:43 +0100), Hugo 
Santos [EMAIL PROTECTED] says:

  If we do really support it, if hdcincl is set, XFRM and other
  all extension header processes should be skipped, but they are
  not very clear at all so far.
 
   I understand how some users of IPPROTO_RAW would want xfrm to be
 skipped, but on the other hand i also see the interoperation between
 the two as useful, to for instance allowing a ESP tunnel to be used by
 such packets.

I do think all extension header, including fragment and/or XFRM, process
should be skipped if hdrincl is set.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.5)

2007-11-29 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Thu, 29 Nov 2007 21:29:40 +1100), Herbert Xu 
[EMAIL PROTECTED] says:

 On Mon, Nov 26, 2007 at 05:16:16PM +, Templin, Fred L wrote:
  From: Fred L. Templin [EMAIL PROTECTED]
  
  This patch includes support for the Intra-Site Automatic Tunnel
  Addressing Protocol (ISATAP) per RFC4214. It uses the SIT
  module, and is configured using extensions to the iproute2
  utility. The diffs are specific to the Linux 2.6.24-rc2 kernel
  distribution.
  
  This version includes the diff for ./include/linux/if.h which was
  missing in the v2.4 submission and is needed to make the
  patch compile. The patch has been installed, compiled and
  tested in a clean 2.6.24-rc2 kernel build area.
  
  Signed-off-by: Fred L. Templin [EMAIL PROTECTED]
 
 Sorry, the patch doesn't apply to net-2.6.25.
 
 $ git apply --check --whitespace=error-all ~/p
 Space in indent is followed by a tab.
 /home/gondolin/herbert/p:101:  %s: Disabled 
 Multicast RS\n,
 Space in indent is followed by a tab.
 /home/gondolin/herbert/p:216:   }
 Space in indent is followed by a tab.
 /home/gondolin/herbert/p:252:   printk(KERN_DEBUG 
 sit: nexthop == NULL\n);
 Space in indent is followed by a tab.
 /home/gondolin/herbert/p:254:   }
 fatal: corrupt patch at line 269
 $
 
 There seems to be a line missing at the end.  Please fix the white space
 errors and resend.

I've fixed up those errors.

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
Subject: [PATCH] IPv6: RFC4214 Support (v2.5)
Date: Mon, 26 Nov 2007 09:16:16 -0800
From: Fred L. Templin [EMAIL PROTECTED]

This patch includes support for the Intra-Site Automatic Tunnel
Addressing Protocol (ISATAP) per RFC4214. It uses the SIT
module, and is configured using extensions to the iproute2
utility. The diffs are specific to the Linux 2.6.24-rc2 kernel
distribution.

This version includes the diff for ./include/linux/if.h which was
missing in the v2.4 submission and is needed to make the
patch compile. The patch has been installed, compiled and
tested in a clean 2.6.24-rc2 kernel build area.

Signed-off-by: Fred L. Templin [EMAIL PROTECTED]
Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

---

diff --git a/include/linux/if.h b/include/linux/if.h
index 186070d..5c9d1fa 100644
--- a/include/linux/if.h
+++ b/include/linux/if.h
@@ -63,6 +63,7 @@
 #define IFF_MASTER_ALB 0x10/* bonding master, balance-alb. */
 #define IFF_BONDING0x20/* bonding master or slave  */
 #define IFF_SLAVE_NEEDARP 0x40 /* need ARPs for validation */
+#define IFF_ISATAP 0x80/* ISATAP interface (RFC4214)   */
 
 #define IF_GET_IFACE   0x0001  /* for querying only */
 #define IF_GET_PROTO   0x0002
diff --git a/include/linux/if_tunnel.h b/include/linux/if_tunnel.h
index 660b501..228eb4e 100644
--- a/include/linux/if_tunnel.h
+++ b/include/linux/if_tunnel.h
@@ -17,6 +17,9 @@
 #define GRE_FLAGS  __constant_htons(0x00F8)
 #define GRE_VERSION__constant_htons(0x0007)
 
+/* i_flags values for SIT mode */
+#defineSIT_ISATAP  0x0001
+
 struct ip_tunnel_parm
 {
charname[IFNAMSIZ];
diff --git a/include/linux/in.h b/include/linux/in.h
index 3975cbf..a8f00ca 100644
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -253,6 +253,14 @@ struct sockaddr_in {
 #define ZERONET(x) (((x)  htonl(0xff00)) == htonl(0x))
 #define LOCAL_MCAST(x) (((x)  htonl(0xFF00)) == htonl(0xE000))
 
+/* Special-Use IPv4 Addresses (RFC3330) */
+#define PRIVATE_10(x)  (((x)  htonl(0xff00)) == htonl(0x0A00))
+#define LINKLOCAL_169(x) (((x)  htonl(0x)) == htonl(0xA9FE))
+#define PRIVATE_172(x) (((x)  htonl(0xfff0)) == htonl(0xAC10))
+#define TEST_192(x)(((x)  htonl(0xff00)) == htonl(0xC200))
+#define ANYCAST_6TO4(x)(((x)  htonl(0xff00)) == htonl(0xC0586300))
+#define PRIVATE_192(x) (((x)  htonl(0x)) == htonl(0xC0A8))
+#define TEST_198(x)(((x)  htonl(0xfffe)) == htonl(0xC612))
 #endif
 
 #endif /* _LINUX_IN_H */
diff --git a/include/net/addrconf.h b/include/net/addrconf.h
index bccc2fe..c56827d 100644
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -17,6 +17,7 @@
 
 #define IPV6_MAX_ADDRESSES 16
 
+#include linux/in.h
 #include linux/in6.h
 
 struct prefix_info {
@@ -249,6 +250,24 @@ static inline int ipv6_addr_is_ll_all_routers(const struct 
in6_addr *addr)
addr-s6_addr32[3] == htonl(0x0002));
 }
 
+static inline int ipv6_isatap_eui64(u8 *eui, __be32 addr)
+{
+   eui[0] = (ZERONET(addr) || PRIVATE_10(addr) || LOOPBACK(addr) ||
+ LINKLOCAL_169(addr) || PRIVATE_172(addr) || TEST_192(addr) ||
+ ANYCAST_6TO4(addr) || PRIVATE_192(addr) || TEST_198(addr) ||
+ MULTICAST(addr) || BADCLASS(addr)) ? 0x00 :

Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.5)

2007-11-26 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Mon, 26 Nov 2007 09:16:16 -0800), Templin, 
Fred L [EMAIL PROTECTED] says:

 From: Fred L. Templin [EMAIL PROTECTED]
 
 This patch includes support for the Intra-Site Automatic Tunnel
 Addressing Protocol (ISATAP) per RFC4214. It uses the SIT
 module, and is configured using extensions to the iproute2
 utility. The diffs are specific to the Linux 2.6.24-rc2 kernel
 distribution.
 
 This version includes the diff for ./include/linux/if.h which was
 missing in the v2.4 submission and is needed to make the
 patch compile. The patch has been installed, compiled and
 tested in a clean 2.6.24-rc2 kernel build area.
 
 Signed-off-by: Fred L. Templin [EMAIL PROTECTED]
Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

Note:
With linux-2.6:
| % patch -p1  /tmp/isatap.patch 
| patching file include/linux/if.h
| patching file include/linux/if_tunnel.h
| patching file include/linux/in.h
| patching file include/net/addrconf.h
| patching file net/ipv6/addrconf.c
| patching file net/ipv6/route.c
| Hunk #1 succeeded at 1660 (offset -8 lines).
| patching file net/ipv6/sit.c

With net-2.6.24:
| % patch -p1  /tmp/isatap.patch
| % patch -p1  /tmp/isatap.patch 
| patching file include/linux/if.h
| patching file include/linux/if_tunnel.h
| patching file include/linux/in.h
| patching file include/net/addrconf.h
| patching file net/ipv6/addrconf.c
| Hunk #1 succeeded at 378 (offset -1 lines).
| Hunk #2 succeeded at 1441 (offset -1 lines).
| Hunk #3 succeeded at 1479 (offset -1 lines).
| Hunk #4 succeeded at 2210 (offset -1 lines).
| patching file net/ipv6/route.c
| Hunk #1 succeeded at 1727 (offset 59 lines).
| patching file net/ipv6/sit.c

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC/PATCH] SO_NO_CHECK for IPv6

2007-11-21 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Wed, 21 Nov 2007 07:45:32 -0500), Jeff 
Garzik [EMAIL PROTECTED] says:

 
 SO_NO_CHECK support for IPv6 appeared to be missing. This is presented,
 based on a reading of net/ipv4/udp.c.

Disagree. UDP checksum is mandatory in IPv6.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC/PATCH] SO_NO_CHECK for IPv6

2007-11-21 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Thu, 22 Nov 2007 10:34:03 +0800), Herbert Xu 
[EMAIL PROTECTED] says:

 On Wed, Nov 21, 2007 at 07:17:40PM -0500, Jeff Garzik wrote:
 
  For those interested, I am dealing with a UDP app that already does very 
  strong checksumming and encryption, so additional software checksumming 
  at the lower layers is quite simply a waste of CPU cycles.  Hardware 
  checksumming is fine, as long as its free.
 
 No matter how strong your underlying checksumming is it's not
 going to protect the IPv6 header is it :)

In that sense, we should use AH.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

PATCH 1/4] [IPV4] TCPMD5: Omit redundant NULL check for kfree() argument.

2007-11-20 Thread YOSHIFUJI Hideaki / 
Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 net/ipv4/tcp_ipv4.c |3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index e566f3c..ff36096 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -900,8 +900,7 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
   sizeof(*keys) * md5sig-entries4);
 
/* Free old key list, and reference new one */
-   if (md5sig-keys4)
-   kfree(md5sig-keys4);
+   kfree(md5sig-keys4);
md5sig-keys4 = keys;
md5sig-alloced4++;
}
-- 
1.4.4.4

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/4] [IPV4] TCPMD5: Use memmove() instead of memcpy() because we have overlaps.

2007-11-20 Thread YOSHIFUJI Hideaki / 
Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 net/ipv4/tcp_ipv4.c |8 
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index ff36096..652c323 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -938,10 +938,10 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
tp-md5sig_info-alloced4 = 0;
} else if (tp-md5sig_info-entries4 != i) {
/* Need to do some manipulation */
-   memcpy(tp-md5sig_info-keys4[i],
-  tp-md5sig_info-keys4[i+1],
-  (tp-md5sig_info-entries4 - i) *
-   sizeof(struct tcp4_md5sig_key));
+   memmove(tp-md5sig_info-keys4[i],
+   tp-md5sig_info-keys4[i+1],
+   (tp-md5sig_info-entries4 - i) *
+sizeof(struct tcp4_md5sig_key));
}
tcp_free_md5sig_pool();
return 0;
-- 
1.4.4.4

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 3/4] [IPV6] TCPMD5: Check return value of tcp_alloc_md5sig_pool().

2007-11-20 Thread YOSHIFUJI Hideaki / 
Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 net/ipv6/tcp_ipv6.c |5 -
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 3aad861..b1bfbdd 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -581,7 +581,10 @@ static int tcp_v6_md5_do_add(struct sock *sk, struct 
in6_addr *peer,
}
sk-sk_route_caps = ~NETIF_F_GSO_MASK;
}
-   tcp_alloc_md5sig_pool();
+   if (tcp_alloc_md5sig_pool() == NULL) {
+   kfree(newkey);
+   return -ENOMEM;
+   }
if (tp-md5sig_info-alloced6 == tp-md5sig_info-entries6) {
keys = kmalloc((sizeof (tp-md5sig_info-keys6[0]) *
   (tp-md5sig_info-entries6 + 1)), 
GFP_ATOMIC);
-- 
1.4.4.4

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 4/4] [IPV6] TCPMD5: Fix deleting key operation.

2007-11-20 Thread YOSHIFUJI Hideaki / 
Due to the bug, refcnt for md5sig pool was leaked when
an user try to delete a key if we have more than one key.
In addition to the leakage, we returned incorrect return
result value for userspace.

This fix should close Bug #9418, reported by [EMAIL PROTECTED].

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 net/ipv6/tcp_ipv6.c |6 ++
 1 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index b1bfbdd..93980c3 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -637,10 +637,6 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct 
in6_addr *peer)
kfree(tp-md5sig_info-keys6);
tp-md5sig_info-keys6 = NULL;
tp-md5sig_info-alloced6 = 0;
-
-   tcp_free_md5sig_pool();
-
-   return 0;
} else {
/* shrink the database */
if (tp-md5sig_info-entries6 != i)
@@ -649,6 +645,8 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct 
in6_addr *peer)
(tp-md5sig_info-entries6 - i)
* sizeof 
(tp-md5sig_info-keys6[0]));
}
+   tcp_free_md5sig_pool();
+   return 0;
}
}
return -ENOENT;
-- 
1.4.4.4

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.4)

2007-11-20 Thread YOSHIFUJI Hideaki / 
Hello.

I'll take care of this.

Regards,

--yoshfuji

In article [EMAIL PROTECTED] (at Tue, 20 Nov 2007 09:36:26 -0800), Templin, 
Fred L [EMAIL PROTECTED] says:

 From: Fred L. Templin [EMAIL PROTECTED]
 
 This patch includes support for the Intra-Site Automatic Tunnel
 Addressing Protocol (ISATAP) per RFC4214. It uses the SIT
 module, and is configured using extensions to the iproute2
 utility. The diffs are specific to the Linux 2.6.24-rc2 kernel
 distribution.
 
 This version reflects changes based on netdev list discussions
 on 11/14/07 thru 11/15/07. It does away with in-the-kernel RS/RA
 pinging and now asks that the task be performed by an application.
 The application will essentially entail a port of the FreeBSD 'rtsold'
 daemon, and will use the standard socket API.
 
 Signed-off-by: Fred L. Templin [EMAIL PROTECTED]
 
 ---
 
 --- linux-2.6.24-rc2/include/linux/if_tunnel.h.orig   2007-11-19 
 03:54:12.0 -0800
 +++ linux-2.6.24-rc2/include/linux/if_tunnel.h2007-11-19 
 03:55:58.0 -0800
 @@ -17,6 +17,9 @@
  #define GRE_FLAGS__constant_htons(0x00F8)
  #define GRE_VERSION  __constant_htons(0x0007)
  
 +/* i_flags values for SIT mode */
 +#define  SIT_ISATAP  0x0001
 +
  struct ip_tunnel_parm
  {
   charname[IFNAMSIZ];
 --- linux-2.6.24-rc2/include/linux/in.h.orig  2007-11-09 08:00:32.0 
 -0800
 +++ linux-2.6.24-rc2/include/linux/in.h   2007-11-12 07:37:05.0 
 -0800
 @@ -253,6 +253,14 @@ struct sockaddr_in {
  #define ZERONET(x)   (((x)  htonl(0xff00)) == htonl(0x))
  #define LOCAL_MCAST(x)   (((x)  htonl(0xFF00)) == htonl(0xE000))
  
 +/* Special-Use IPv4 Addresses (RFC3330) */
 +#define PRIVATE_10(x)(((x)  htonl(0xff00)) == htonl(0x0A00))
 +#define LINKLOCAL_169(x) (((x)  htonl(0x)) == htonl(0xA9FE))
 +#define PRIVATE_172(x)   (((x)  htonl(0xfff0)) == htonl(0xAC10))
 +#define TEST_192(x)  (((x)  htonl(0xff00)) == htonl(0xC200))
 +#define ANYCAST_6TO4(x)  (((x)  htonl(0xff00)) == htonl(0xC0586300))
 +#define PRIVATE_192(x)   (((x)  htonl(0x)) == htonl(0xC0A8))
 +#define TEST_198(x)  (((x)  htonl(0xfffe)) == htonl(0xC612))
  #endif
  
  #endif   /* _LINUX_IN_H */
 --- linux-2.6.24-rc2/include/net/addrconf.h.orig  2007-11-08 
 12:06:17.0 -0800
 +++ linux-2.6.24-rc2/include/net/addrconf.h   2007-11-19 05:47:48.0 
 -0800
 @@ -17,6 +17,7 @@
  
  #define IPV6_MAX_ADDRESSES   16
  
 +#include linux/in.h
  #include linux/in6.h
  
  struct prefix_info {
 @@ -241,6 +242,24 @@ static inline int ipv6_addr_is_ll_all_ro
   addr-s6_addr32[3] == htonl(0x0002));
  }
  
 +static inline int ipv6_isatap_eui64(u8 *eui, __be32 addr)
 +{
 + eui[0] = (ZERONET(addr) || PRIVATE_10(addr) || LOOPBACK(addr) ||
 +   LINKLOCAL_169(addr) || PRIVATE_172(addr) || TEST_192(addr) ||
 +   ANYCAST_6TO4(addr) || PRIVATE_192(addr) || TEST_198(addr) ||
 +   MULTICAST(addr) || BADCLASS(addr)) ? 0x00 : 0x02;
 + eui[1] = 0;
 + eui[2] = 0x5E;
 + eui[3] = 0xFE;
 + memcpy (eui+4, addr, 4);
 + return 0;
 +}
 +
 +static inline int ipv6_addr_is_isatap(const struct in6_addr *addr)
 +{
 + return ((addr-s6_addr32[2] | htonl(0x0200)) == htonl(0x02005EFE));
 +}
 +
  #ifdef CONFIG_PROC_FS
  extern int if6_proc_init(void);
  extern void if6_proc_exit(void);
 --- linux-2.6.24-rc2/net/ipv6/addrconf.c.orig 2007-11-19 03:43:06.0 
 -0800
 +++ linux-2.6.24-rc2/net/ipv6/addrconf.c  2007-11-19 13:29:36.0 
 -0800
 @@ -379,6 +379,13 @@ static struct inet6_dev * ipv6_add_dev(s
  %s: Disabled Privacy Extensions\n,
  dev-name);
   ndev-cnf.use_tempaddr = -1;
 +
 + if (dev-type == ARPHRD_SIT  (dev-priv_flags  IFF_ISATAP)) {
 + printk(KERN_INFO
 +%s: Disabled Multicast RS\n,
 +dev-name);
 + ndev-cnf.rtr_solicits = 0;
 + }
   } else {
   in6_dev_hold(ndev);
   ipv6_regen_rndid((unsigned long) ndev);
 @@ -1435,6 +1442,9 @@ static int ipv6_generate_eui64(u8 *eui, 
   return addrconf_ifid_arcnet(eui, dev);
   case ARPHRD_INFINIBAND:
   return addrconf_ifid_infiniband(eui, dev);
 + case ARPHRD_SIT:
 + if (dev-priv_flags  IFF_ISATAP)
 + return ipv6_isatap_eui64(eui, *(__be32 *)dev-dev_addr);
   }
   return -1;
  }
 @@ -1470,7 +1480,7 @@ regen:
*
*  - Reserved subnet anycast (RFC 2526)
*  1101 1111 1xxx
 -  *  - ISATAP (draft-ietf-ngtrans-isatap-13.txt) 5.1
 +  *  - ISATAP (RFC4214) 6.1
*  00-00-5E-FE-xx-xx-xx-xx
*  - value 0
*  - XXX: already assigned to an address on the device
 @@ -2201,6 +2211,16 @@ static void

Re: [PATCH 6/6 net-2.6.25][RAW] Consolidate proc interface

2007-11-16 Thread YOSHIFUJI Hideaki / 
NAK.

In article [EMAIL PROTECTED] (at Fri, 16 Nov 2007 17:19:27 +0300), Pavel 
Emelyanov [EMAIL PROTECTED] says:

 @@ -858,7 +852,7 @@ static struct sock *raw_get_first(struct seq_file *seq)
   ++state-bucket) {
   struct hlist_node *node;
  
 - sk_for_each(sk, node, raw_v4_hashinfo.ht[state-bucket])
 + sk_for_each(sk, node, state-h-ht[state-bucket])
   if (sk-sk_family == PF_INET)
   goto found;
   }

This and

 -static struct sock *raw6_get_first(struct seq_file *seq)
 -{
 - struct sock *sk;
 - struct hlist_node *node;
 - struct raw6_iter_state* state = raw6_seq_private(seq);
 -
 - for (state-bucket = 0; state-bucket  RAW_HTABLE_SIZE;
 - ++state-bucket)
 - sk_for_each(sk, node, raw_v6_hashinfo.ht[state-bucket])
 - if (sk-sk_family == PF_INET6)
 - goto out;
 - sk = NULL;
 -out:
 - return sk;
 -}
 -

this are different.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.2)

2007-11-15 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Wed, 14 Nov 2007 22:44:17 -0800), Templin, 
Fred L [EMAIL PROTECTED] says:

 --- linux-2.6.24-rc2/net/ipv6/addrconf.c.orig 2007-11-08 11:59:35.0 
 -0800
 +++ linux-2.6.24-rc2/net/ipv6/addrconf.c  2007-11-14 22:17:28.0 
 -0800
 @@ -1424,6 +1424,21 @@ static int addrconf_ifid_infiniband(u8 *
   return 0;
  }
  
 +static int addrconf_ifid_isatap(u8 *eui, __be32 addr)
 +{
 +
 + eui[0] = 0x02; eui[1] = 0; eui[2] = 0x5E; eui[3] = 0xFE;
 + memcpy (eui+4, addr, 4);
 +
 + if (ZERONET(addr) || PRIVATE_10(addr) || LOOPBACK(addr) ||
 + LINKLOCAL_169(addr) || PRIVATE_172(addr) || TEST_192(addr) ||
 + ANYCAST_6TO4(addr) || PRIVATE_192(addr) || TEST_198(addr) ||
 + MULTICAST(addr) || BADCLASS(addr))
 + eui[0] = ~0x02;
 +
 + return 0;
 +}
 +
  static int ipv6_generate_eui64(u8 *eui, struct net_device *dev)
  {
   switch (dev-type) {

{
  eui[0] = (ZERONET(addr) || PRIVATE_10(addr) || LOOPBACK(addr) ||
LINKLOCAL_169(addr) || PRIVATE_172(addr) || TEST_192(addr) ||
ANYCAST_6TO4(addr) || PRIVATE_192(addr) || TEST_198(addr) ||
MULTICAST(addr) || BADCLASS(addr)) ? 0 : 2;
  eui[1] = 0;
  eui[2] = 0x5E;
  eui[3] = 0xFE;
  memcpy (eui+4, addr, 4);
}


 @@ -2167,7 +2185,8 @@ static void addrconf_dev_config(struct n
   (dev-type != ARPHRD_FDDI) 
   (dev-type != ARPHRD_IEEE802_TR) 
   (dev-type != ARPHRD_ARCNET) 
 - (dev-type != ARPHRD_INFINIBAND)) {
 + (dev-type != ARPHRD_INFINIBAND) 
 + !(dev-priv_flags  IFF_ISATAP)) {
   /* Alas, we support only Ethernet autoconfiguration. */
   return;
   }

Because priv_flags are local to device type, you need to check dev-type:
(dev-type == ARPHRD_SIT  !(dev-priv_flags  IFF_ISATAP))
or something like this.


 + struct ip_tunnel *t  = netdev_priv(ifp-idev-dev);
 + if (t-parms.i_key != INADDR_NONE) {
 + spin_lock(ifp-lock);

I guess INADDR_ANY.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.2)

2007-11-15 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Wed, 14 Nov 2007 22:44:17 -0800), Templin, 
Fred L [EMAIL PROTECTED] says:

 From: Fred L. Templin [EMAIL PROTECTED]
 
 This patch includes support for the Intra-Site Automatic Tunnel
 Addressing Protocol (ISATAP) per RFC4214. It uses the SIT
 module, and is configured using extensions to the iproute2
 utility.
 
 The following diffs are specific to the Linux 2.6.24-rc2 kernel
 distribution. This message includes the full and patchable diff text;
 please use this version to apply patches.
 
 Signed-off-by: Fred L. Templin [EMAIL PROTECTED]

BTW, how will we handle DNS name (and TTL) and/or multiple PRL entries 
in RFC4214?

I'm doubting if we really need to handle PRL refresh in kernel.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.2)

2007-11-15 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Thu, 15 Nov 2007 10:11:16 -0800), Templin, 
Fred L [EMAIL PROTECTED] says:

 Yoshifuji, 
 
  -Original Message-
  From: YOSHIFUJI Hideaki / 吉藤英明 [mailto:[EMAIL PROTECTED] 
  Sent: Thursday, November 15, 2007 3:48 AM
  To: Templin, Fred L
  Cc: netdev@vger.kernel.org; [EMAIL PROTECTED]; 
  [EMAIL PROTECTED]
  Subject: Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.2)
  
  In article 
  [EMAIL PROTECTED]
  eing.com (at Wed, 14 Nov 2007 22:44:17 -0800), Templin, 
  Fred L [EMAIL PROTECTED] says:
  
   From: Fred L. Templin [EMAIL PROTECTED]
   
   This patch includes support for the Intra-Site Automatic Tunnel
   Addressing Protocol (ISATAP) per RFC4214. It uses the SIT
   module, and is configured using extensions to the iproute2
   utility.
   
   The following diffs are specific to the Linux 2.6.24-rc2 kernel
   distribution. This message includes the full and patchable 
  diff text;
   please use this version to apply patches.
   
   Signed-off-by: Fred L. Templin [EMAIL PROTECTED]
  
  BTW, how will we handle DNS name (and TTL) and/or multiple PRL entries 
  in RFC4214?
  
  I'm doubting if we really need to handle PRL refresh in kernel.
 
 DNS name and PRL refresh are done in a daemon that either exec's
 'ip' or issues the device ioctl's directly. When there are multiple default
 router IPv4 addresses, the daemon picks one as the primary and writes
 it to the kernel. It can then change to a different primary later if it wants
 to. Also possible is something like VRRP to allow several routers for
 fault tolerance even though there is only a single default router address. 

Why?  All PRLs should be installed in kernel so that standard router 
selection can be used.  For this, I think we should have just one
isatap interface per set of PRLs provideing virtual link,
especially if each of them provides the same prefix.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 05/25] NFS: eliminate NIPQUAD(clp-cl_addr.sin_addr)

2007-11-13 Thread YOSHIFUJI Hideaki / 
In article [EMAIL PROTECTED] (at Tue, 13 Nov 2007 13:31:27 -0500), Chuck 
Lever [EMAIL PROTECTED] says:

  clp-rpc_ops-version,
 -NIPQUAD(clp-cl_addr.sin_addr),
 -ntohs(clp-cl_addr.sin_port),
 +rpc_peeraddr2str(clp-cl_rpcclient, RPC_DISPLAY_HEX_ADDR),
 +rpc_peeraddr2str(clp-cl_rpcclient, RPC_DISPLAY_HEX_PORT),
  atomic_read(clp-cl_count),

Is this really safe?

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

  1   2   3   4   5   >