Re: [PATCH] net: neigh: disallow state transition DELAY->STALE in neigh_update()

[YOSHIFUJI Hideaki/吉藤英明]

Hi,

Chunhui He wrote:
> Hi,
> 
> On Fri, 22 Jul 2016 10:20:01 +0300 (EEST), Julian Anastasov  
> wrote:
>>
>>  Hello,
>>
>> On Thu, 21 Jul 2016, Chunhui He wrote:
>>
>>> If neigh entry was CONNECTED and address is not changed, and if new state is
>>> STALE, entry state will not change. Because DELAY is not in CONNECTED, it's
>>> possible to change state from DELAY to STALE.
>>>
>>> That is bad. Consider a host in IPv4 nerwork, a neigh entry in STALE state
>>> is referenced to send packets, so goes to DELAY state. If the entry is not
>>> confirmed by upper layer, it goes to PROBE state, and sends ARP request.
>>> The neigh host sends ARP reply, then the entry goes to REACHABLE state.
>>> But the entry state may be reseted to STALE by broadcast ARP packets, before
>>> the entry goes to PROBE state. So it's possible that the entry will never go
>>> to REACHABLE state, without external confirmation.
>>>
>>> In my case, the gateway refuses to send unicast packets to me, before it 
>>> sees
>>> my ARP request. So it's critical to enter REACHABLE state by sending ARP
>>> request, but not by external confirmation.
>>>
>>> This fixes neigh_update() not to change to STALE if old state is CONNECTED 
>>> or
>>> DELAY.
>>>
>>> Signed-off-by: Chunhui He 
>>> ---
>>>  net/core/neighbour.c | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
>>> index 510cd62..29429eb 100644
>>> --- a/net/core/neighbour.c
>>> +++ b/net/core/neighbour.c
>>> @@ -1152,7 +1152,7 @@ int neigh_update(struct neighbour *neigh, const u8 
>>> *lladdr, u8 new,
>>> } else {
>>> if (lladdr == neigh->ha && new == NUD_STALE &&
>>> ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) ||
>>> -(old & NUD_CONNECTED))
>>> +(old & (NUD_CONNECTED | NUD_DELAY)))
>>> )
>>> new = old;
>>> }
>>
>>  You change looks correct to me. But this place
>> has more problems. There is no good reason to set NUD_STALE
>> for any state that is NUD_VALID if address is not changed.
>> This matches perfectly the comment above this code:
>> NUD_STALE should change a NUD_VALID state only when
>> address changes. It also means that IPv6 does not need
>> to provide NEIGH_UPDATE_F_WEAK_OVERRIDE anymore when
>> NEIGH_UPDATE_F_OVERRIDE is also present.
>>
> 
> The NEIGH_UPDATE_F_WEAK_OVERRIDE is confusing to me, so I choose not to deal
> with the flag.

IPv6 depends on WEAK_OVERRIDE.  Please do not change.

> 
>>  By this way the state machine can continue with
>> the resolving: NUD_STALE -> NUD_DELAY (traffic) ->
>> NUD_PROBE (retries) -> NUD_REACHABLE (unicast reply)
>> while the address is not changed. Your change covers only
>> NUD_DELAY, not NUD_PROBE, so it is better to allow more
>> retries to send. We should not give up until success (NUD_REACHABLE).
>>
> 
> I have thought about this.
> The origin code allows NUD_DELAY -> NUD_STALE and NUD_PROBE -> NUD_STALE.
> This part was imported to kernel since v2.1.79, I don't know clearly why it
> allows that.
> 
> My analysis:
> (1) As shown in my previous mail, NUD_DELAY -> NUD_STALE may cause "dead 
> loop",
> so it should be fixed.
> 
> (2) But NUD_PROBE -> NUD_STALE is acceptable, because in NUD_PROBE, ARP 
> request
> has been sent, it is sufficient to break the "dead loop".
> More attempts are accomplished by the following sequence:
> NUD_STALE --> NUD_DELAY -(sent req)-> NUD_PROBE -(reset by neigh_update())->
> NUD_STALE --> NUD_DELAY -(send req again)-> ... -->
> NUD_REACHABLE
> 
> 
> But I also agree your change.
> 
>>  Second problem: NEIGH_UPDATE_F_WEAK_OVERRIDE has no
>> priority over NEIGH_UPDATE_F_ADMIN. For example, now I can not
>> change from NUD_PERMANENT to NUD_STALE:
>>
>> # ip neigh add 192.168.168.111 lladdr 00:11:22:33:44:55 nud perm dev wlan0
>> # ip neigh show to 192.168.168.111
>> 192.168.168.111 dev wlan0 lladdr 00:11:22:33:44:55 PERMANENT
>> # ip neigh change 192.168.168.111 lladdr 00:11:22:33:44:55 nud stale dev 
>> wlan0
>> # ip neigh show to 192.168.168.111
>> 192.168.168.111 dev wlan0 lladdr 00:11:22:33:44:55 PERMANENT
>>
>>  IMHO, here is how this place should look:
>>
>> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
>> index 5cdc62a..2b1cb91 100644
>> --- a/net/core/neighbour.c
>> +++ b/net/core/neighbour.c
>> @@ -1151,10 +1151,8 @@ int neigh_update(struct neighbour *neigh, const u8 
>> *lladdr, u8 new,
>>  goto out;
>>  } else {
>>  if (lladdr == neigh->ha && new == NUD_STALE &&
>> -((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) ||
>> - (old & NUD_CONNECTED))
>> -)
>> -new = old;
>> +!(flags & NEIGH_UPDATE_F_ADMIN))
>> +  

Re: [PATCHv3 net-next 08/12] ipv6: introduce neighbour discovery ops

[YOSHIFUJI Hideaki/吉藤英明]

Alexander Aring wrote:
> This patch introduces neighbour discovery ops callback structure. The
> idea is to separate the handling for 6LoWPAN into the 6lowpan module.
> 
> These callback offers 6lowpan different handling, such as 802.15.4 short
> address handling or RFC6775 (Neighbor Discovery Optimization for IPv6
> over 6LoWPANs).
> 
> Cc: David S. Miller 
> Cc: Alexey Kuznetsov 
> Cc: James Morris 
> Cc: Hideaki YOSHIFUJI 
> Cc: Patrick McHardy 
> Signed-off-by: Alexander Aring 

Acked-by: YOSHIFUJI Hideaki 

> ---
>  include/linux/netdevice.h |   5 ++
>  include/net/ndisc.h   | 197 
> +-
>  net/ipv6/addrconf.c   |  13 ++-
>  net/ipv6/ndisc.c  | 101 
>  net/ipv6/route.c  |   8 +-
>  5 files changed, 284 insertions(+), 40 deletions(-)
> 
> diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
> index 36e43bd..890158e 100644
> --- a/include/linux/netdevice.h
> +++ b/include/linux/netdevice.h
> @@ -1456,6 +1456,8 @@ enum netdev_priv_flags {
>   *   @netdev_ops:Includes several pointers to callbacks,
>   *   if one wants to override the ndo_*() functions
>   *   @ethtool_ops:   Management operations
> + *   @ndisc_ops: Includes callbacks for different IPv6 neighbour
> + *   discovery handling. Necessary for e.g. 6LoWPAN.
>   *   @header_ops:Includes callbacks for creating,parsing,caching,etc
>   *   of Layer 2 headers.
>   *
> @@ -1672,6 +1674,9 @@ struct net_device {
>  #ifdef CONFIG_NET_L3_MASTER_DEV
>   const struct l3mdev_ops *l3mdev_ops;
>  #endif
> +#if IS_ENABLED(CONFIG_IPV6)
> + const struct ndisc_ops *ndisc_ops;
> +#endif
>  
>   const struct header_ops *header_ops;
>  
> diff --git a/include/net/ndisc.h b/include/net/ndisc.h
> index c8962ad..a5e2767 100644
> --- a/include/net/ndisc.h
> +++ b/include/net/ndisc.h
> @@ -58,6 +58,7 @@ struct inet6_dev;
>  struct net_device;
>  struct net_proto_family;
>  struct sk_buff;
> +struct prefix_info;
>  
>  extern struct neigh_table nd_tbl;
>  
> @@ -110,9 +111,182 @@ struct ndisc_options {
>  
>  #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
>  
> -struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
> +struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
> +   u8 *opt, int opt_len,
> struct ndisc_options *ndopts);
>  
> +#define NDISC_OPS_REDIRECT_DATA_SPACE2
> +
> +/*
> + * This structure defines the hooks for IPv6 neighbour discovery.
> + * The following hooks can be defined; unless noted otherwise, they are
> + * optional and can be filled with a null pointer.
> + *
> + * int (*is_useropt)(u8 nd_opt_type):
> + * This function is called when IPv6 decide RA userspace options. if
> + * this function returns 1 then the option given by nd_opt_type will
> + * be handled as userspace option additional to the IPv6 options.
> + *
> + * int (*parse_options)(const struct net_device *dev,
> + *   struct nd_opt_hdr *nd_opt,
> + *   struct ndisc_options *ndopts):
> + * This function is called while parsing ndisc ops and put each position
> + * as pointer into ndopts. If this function return unequal 0, then this
> + * function took care about the ndisc option, if 0 then the IPv6 ndisc
> + * option parser will take care about that option.
> + *
> + * void (*update)(const struct net_device *dev, struct neighbour *n,
> + * u32 flags, u8 icmp6_type,
> + * const struct ndisc_options *ndopts):
> + * This function is called when IPv6 ndisc updates the neighbour cache
> + * entry. Additional options which can be updated may be previously
> + * parsed by parse_opts callback and accessible over ndopts parameter.
> + *
> + * int (*opt_addr_space)(const struct net_device *dev, u8 icmp6_type,
> + *struct neighbour *neigh, u8 *ha_buf,
> + *u8 **ha):
> + * This function is called when the necessary option space will be
> + * calculated before allocating a skb. The parameters neigh, ha_buf
> + * abd ha are available on NDISC_REDIRECT messages only.
> + *
> + * void (*fill_addr_option)(const struct net_device *dev,
> + *   struct sk_buff *skb, u8 icmp6_type,
> + *   const u8 *ha):
> + * This function is called when the skb will finally fill the option
> + * fields inside skb. NOTE: this callback should fill the option
> + * fields to the skb which are previously indicated by opt_space
> + * parameter. That means the decision to add such option should
> + * not lost between these two callbacks, e.g. protected by interface
> + * up state.
> + *

Re: [PATCH 1/4] kernel: time: Add current_nw_timestamp() for network timestamps

[YOSHIFUJI Hideaki/吉藤英明]

Hi,

Deepa Dinamani wrote:
>>>  include/linux/ip.h |  2 ++
>>>  include/linux/time64.h |  3 +++
>>>  kernel/time/time.c | 26 ++
>>>  3 files changed, 31 insertions(+)
>>>
>> Since net/ipv4/* are the only users, it is enough to put
>> it in under net/ipv4/.
> 
> time.c hosts functions that are used by individual subsystems like
> current_fs_time() used by filesystems
> (sometimes used by other subsystems also).
> 
> The network timestamp function is used for both source route ip option
> and timestamp icmp messages.
> So it makes it difficult for it to be owned by a single layer.
> This is the reason it was chosen to include here.
> 
> Another option is to include it in the lowest layer its used:
> af_inet.c. Is this what you were suggesting?
> 

Yes, that's right.

--yoshfuji

> -Deepa
> 

Re: [RFCv3 bluetooth-next 3/4] ipv6: add ipv6_addr_prefix_copy

[YOSHIFUJI Hideaki/吉藤英明]

Hannes Frederic Sowa wrote:
> 
> 
> On Sun, Nov 29, 2015, at 12:34, Alexander Aring wrote:
>> This patch adds a static inline function ipv6_addr_prefix_copy which
>> copies a ipv6 address prefix(argument pfx) into the ipv6 address prefix.
>> The prefix len is given by plen as bits. This function mainly based on
>> ipv6_addr_prefix which copies one address prefix from address into a new
>> ipv6 address destination and zero all other address bits.
>>
>> The difference is that ipv6_addr_prefix_copy don't get a prefix from an
>> ipv6 address, it sets a prefix to an ipv6 address with keeping other
>> address bits. The use case is for context based address compression
>> inside 6LoWPAN IPHC header which keeping ipv6 prefixes inside a context
>> table to lookup address-bits without sending them.
>>
>> Cc: David S. Miller 
>> Cc: Alexey Kuznetsov 
>> Cc: James Morris 
>> Cc: Hideaki YOSHIFUJI 
>> Cc: Patrick McHardy 
>> Signed-off-by: Alexander Aring 
>> ---
>>  include/net/ipv6.h | 15 +++
>>  1 file changed, 15 insertions(+)
>>
>> diff --git a/include/net/ipv6.h b/include/net/ipv6.h
>> index e1a10b0..cd3881e6 100644
>> --- a/include/net/ipv6.h
>> +++ b/include/net/ipv6.h
>> @@ -382,6 +382,21 @@ static inline void ipv6_addr_prefix(struct in6_addr
>> *pfx,
>>  pfx->s6_addr[o] = addr->s6_addr[o] & (0xff00 >> b);
>>  }
>>  
>> +static inline void ipv6_addr_prefix_copy(struct in6_addr *addr,
>> +const struct in6_addr *pfx,
>> +int plen)
>> +{
>> +   /* caller must guarantee 0 <= plen <= 128 */
>> +   int o = plen >> 3,
>> +   b = plen & 0x7;
>> +
>> +   memcpy(addr->s6_addr, pfx, o);
>> +   if (b != 0) {
>> +   addr->s6_addr[o] &= ~(0xff00 >> b);
>> +   addr->s6_addr[o] |= (pfx->s6_addr[o] & (0xff00 >> b));
>> +   }
>> +}
>> +
> 
> Acked-by: Hannes Frederic Sowa 
Acked-by: YOSHIFUJI Hideaki 


> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

-- 
吉藤英明 
ミラクル・リナックス株式会社 技術本部 サポート部
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v4 1/2] geneve: implement support for IPv6-based tunnels

[YOSHIFUJI Hideaki/吉藤英明]

Hi,

John W. Linville wrote:
> Signed-off-by: John W. Linville 
> ---
> v4:
> - treat mode field of ip_tunnel_info as flags
> - add a missing IS_ENABLED(CONFIG_IPV6) to geneve_rx
> - remove unneeded flags field in geneve_dev
> - NULL-check parameter for __geneve_sock_release
> - check remote socket family for AF_UNSPEC in geneve_configure
> - rename geneve_get_{rt,dst} as geneve_get_{v4_rt,v6_dst}
> - refactor some error handling in the xmit paths
> 
> v3:
> - declare geneve_remote_unspec as static
> 
> v2:
> - do not require remote address for tx on metadata tunnels
> - pass correct sockaddr family to udp_tun_rx_dst in geneve_rx
> - accommodate both ipv4 and ipv6 sockets open on same tunnel
> - move declaration of geneve_get_dst for aesthetic purposes
> 
>  drivers/net/geneve.c | 459 
> +++
>  include/uapi/linux/if_link.h |   1 +
>  2 files changed, 377 insertions(+), 83 deletions(-)
> 
> diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
> index 8f5c02eed47d..217b472ab9e7 100644
> --- a/drivers/net/geneve.c
> +++ b/drivers/net/geneve.c
> @@ -46,16 +46,25 @@ struct geneve_net {
>  
>  static int geneve_net_id;
>  
> +union geneve_addr {
> + struct sockaddr_in sin;
> + struct sockaddr_in6 sin6;
> + struct sockaddr sa;
> +};
> +
> +static union geneve_addr geneve_remote_unspec = { .sa.sa_family = AF_UNSPEC, 
> };
> +
>  /* Pseudo network device */
>  struct geneve_dev {
>   struct hlist_node  hlist;   /* vni hash table */
>   struct net *net;/* netns for packet i/o */
>   struct net_device  *dev;/* netdev for geneve tunnel */
> - struct geneve_sock *sock;   /* socket used for geneve tunnel */
> + struct geneve_sock *sock4;  /* IPv4 socket used for geneve tunnel */
> + struct geneve_sock *sock6;  /* IPv6 socket used for geneve tunnel */
>   u8 vni[3];  /* virtual network ID for tunnel */
>   u8 ttl; /* TTL override */
>   u8 tos; /* TOS override */
> - struct sockaddr_in remote;  /* IPv4 address for link partner */
> + union geneve_addr  remote;  /* IP address for link partner */
>   struct list_head   next;/* geneve's per namespace list */
>   __be16 dst_port;
>   bool   collect_md;
> @@ -103,11 +112,32 @@ static struct geneve_dev *geneve_lookup(struct 
> geneve_sock *gs,
>   vni_list_head = >vni_list[hash];
>   hlist_for_each_entry_rcu(geneve, vni_list_head, hlist) {
>   if (!memcmp(vni, geneve->vni, sizeof(geneve->vni)) &&
> - addr == geneve->remote.sin_addr.s_addr)
> + addr == geneve->remote.sin.sin_addr.s_addr)
> + return geneve;
> + }
> + return NULL;
> +}
> +
> +#if IS_ENABLED(CONFIG_IPV6)
> +static struct geneve_dev *geneve6_lookup(struct geneve_sock *gs,
> +  struct in6_addr addr6, u8 vni[])
> +{
> + struct hlist_head *vni_list_head;
> + struct geneve_dev *geneve;
> + __u32 hash;
> +
> + /* Find the device for this VNI */
> + hash = geneve_net_vni_hash(vni);
> + vni_list_head = >vni_list[hash];
> + hlist_for_each_entry_rcu(geneve, vni_list_head, hlist) {
> + if (!memcmp(vni, geneve->vni, sizeof(geneve->vni)) &&
> + !memcmp(, >remote.sin6.sin6_addr,
> + sizeof(addr6)))

Please use ipv6_addr_equal().
How do you handle link-local addresses here?

>   return geneve;
>   }
>   return NULL;
>  }
> +#endif
>  
>  static inline struct genevehdr *geneve_hdr(const struct sk_buff *skb)
>  {
> @@ -121,24 +151,49 @@ static void geneve_rx(struct geneve_sock *gs, struct 
> sk_buff *skb)
>   struct metadata_dst *tun_dst = NULL;
>   struct geneve_dev *geneve = NULL;
>   struct pcpu_sw_netstats *stats;
> - struct iphdr *iph;
> - u8 *vni;
> + struct iphdr *iph = NULL;
>   __be32 addr;
> - int err;
> + static u8 zero_vni[3];
> + u8 *vni;
> + int err = 0;
> + sa_family_t sa_family;
> +#if IS_ENABLED(CONFIG_IPV6)
> + struct ipv6hdr *ip6h = NULL;
> + struct in6_addr addr6;
> + static struct in6_addr zero_addr6;
> +#endif
>  
> - iph = ip_hdr(skb); /* outer IP header... */
> + sa_family = gs->sock->sk->sk_family;
>  
> - if (gs->collect_md) {
> - static u8 zero_vni[3];
> + if (sa_family == AF_INET) {
> + iph = ip_hdr(skb); /* outer IP header... */
>  
> - vni = zero_vni;
> - addr = 0;
> - } else {
> - vni = gnvh->vni;
> - addr = iph->saddr;
> - }
> + if (gs->collect_md) {
> + vni = zero_vni;
> + addr = 0;
> + } else {
> + vni = gnvh->vni;
> +
> + addr = 

Re: [PATCH net-next v2 1/2] ipv6: Re-arrange code in rt6_probe()

[YOSHIFUJI Hideaki/吉藤英明]

Martin KaFai Lau wrote:
 It is a prep work for the next patch to remove write_lock
 from rt6_probe().
 
 1. Reduce the number of if(neigh) check.  From 4 to 1.
 2. Bring the write_(un)lock() closer to the operations that the
lock is protecting.
 
 Hopefully, the above make rt6_probe() more readable.
 
 Signed-off-by: Martin KaFai Lau ka...@fb.com
 Cc: Hannes Frederic Sowa han...@stressinduktion.org
 Cc: Julian Anastasov j...@ssi.bg
 Cc: YOSHIFUJI Hideaki hideaki.yoshif...@miraclelinux.com

Acked-by: YOSHIFUJI Hideaki hideaki.yoshif...@miraclelinux.com

--yoshfuji

 ---
  net/ipv6/route.c | 44 
  1 file changed, 20 insertions(+), 24 deletions(-)
 
 diff --git a/net/ipv6/route.c b/net/ipv6/route.c
 index 7f2214f..6d503db 100644
 --- a/net/ipv6/route.c
 +++ b/net/ipv6/route.c
 @@ -545,6 +545,7 @@ static void rt6_probe_deferred(struct work_struct *w)
  
  static void rt6_probe(struct rt6_info *rt)
  {
 + struct __rt6_probe_work *work;
   struct neighbour *neigh;
   /*
* Okay, this does not seem to be appropriate
 @@ -559,34 +560,29 @@ static void rt6_probe(struct rt6_info *rt)
   rcu_read_lock_bh();
   neigh = __ipv6_neigh_lookup_noref(rt-dst.dev, rt-rt6i_gateway);
   if (neigh) {
 + work = NULL;
   write_lock(neigh-lock);
 - if (neigh-nud_state  NUD_VALID)
 - goto out;
 - }
 -
 - if (!neigh ||
 - time_after(jiffies, neigh-updated + 
 rt-rt6i_idev-cnf.rtr_probe_interval)) {
 - struct __rt6_probe_work *work;
 -
 - work = kmalloc(sizeof(*work), GFP_ATOMIC);
 -
 - if (neigh  work)
 - __neigh_set_probe_once(neigh);
 -
 - if (neigh)
 - write_unlock(neigh-lock);
 -
 - if (work) {
 - INIT_WORK(work-work, rt6_probe_deferred);
 - work-target = rt-rt6i_gateway;
 - dev_hold(rt-dst.dev);
 - work-dev = rt-dst.dev;
 - schedule_work(work-work);
 + if (!(neigh-nud_state  NUD_VALID) 
 + time_after(jiffies,
 +neigh-updated +
 +rt-rt6i_idev-cnf.rtr_probe_interval)) {
 + work = kmalloc(sizeof(*work), GFP_ATOMIC);
 + if (work)
 + __neigh_set_probe_once(neigh);
   }
 - } else {
 -out:
   write_unlock(neigh-lock);
 + } else {
 + work = kmalloc(sizeof(*work), GFP_ATOMIC);
 + }
 +
 + if (work) {
 + INIT_WORK(work-work, rt6_probe_deferred);
 + work-target = rt-rt6i_gateway;
 + dev_hold(rt-dst.dev);
 + work-dev = rt-dst.dev;
 + schedule_work(work-work);
   }
 +
   rcu_read_unlock_bh();
  }
  #else
 

-- 
吉藤英明 hideaki.yoshif...@miraclelinux.com
ミラクル・リナックス株式会社 技術本部 サポート部
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCHv2] net/ipv6: add sysctl option accept_ra_hop_limit

[YOSHIFUJI Hideaki/吉藤英明]

Hi,

Hangbin Liu wrote:
 Commit 6fd99094de2b (ipv6: Don't reduce hop limit for an interface)
 disabled accept hop limit from RA if it is higher than the current hop
 limit for security stuff. But this behavior kind of break the RFC definition.
 
 RFC 4861, 6.3.4.  Processing Received Router Advertisements
If the received Cur Hop Limit value is non-zero, the host SHOULD set
its CurHopLimit variable to the received value.
 
 So add sysctl option accept_ra_hop_limit to let user choose whether accept
 hop limit info in RA.
 

How about introducing minimum hop limit, instead?

|commit 6fd99094de2b83d1d4c8457f2c83483b2828e75a
|Author: D.S. Ljungmark ljungm...@modio.se
|Date:   Wed Mar 25 09:28:15 2015 +0100
|
|ipv6: Don't reduce hop limit for an interface
:
|RFC 3756, Section 4.2.7, Parameter Spoofing
|
:
|  As an example, one possible approach to mitigate this threat is to
|   ignore very small hop limits.  The nodes could implement a
|   configurable minimum hop limit, and ignore attempts to set it below
|   said limit.

--yoshfuji


 Signed-off-by: Hangbin Liu liuhang...@gmail.com
 ---
  Documentation/networking/ip-sysctl.txt | 11 +++
  include/linux/ipv6.h   |  1 +
  include/uapi/linux/ipv6.h  |  1 +
  net/ipv6/addrconf.c| 10 ++
  net/ipv6/ndisc.c   | 17 +++--
  5 files changed, 34 insertions(+), 6 deletions(-)
 
 diff --git a/Documentation/networking/ip-sysctl.txt 
 b/Documentation/networking/ip-sysctl.txt
 index 5fae770..778c479 100644
 --- a/Documentation/networking/ip-sysctl.txt
 +++ b/Documentation/networking/ip-sysctl.txt
 @@ -1346,6 +1346,17 @@ accept_ra_pinfo - BOOLEAN
   Functional default: enabled if accept_ra is enabled.
   disabled if accept_ra is disabled.
  
 +accept_ra_hop_limit - INTEGER
 + Learn hop limit in Router Advertisement.
 +
 + Possible values are:
 + 0 Do not accept hop limit in Router Advertisements.
 + 1 Accept hop limit in Router Advertisements if it is higher
 +   than the current hop limit.
 + 2 Accept hop limit in Router Advertisements anyway.
 +
 + Default: 1
 +
  accept_ra_rt_info_max_plen - INTEGER
   Maximum prefix length of Route Information in RA.
  
 diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
 index 82806c6..a21a9c6 100644
 --- a/include/linux/ipv6.h
 +++ b/include/linux/ipv6.h
 @@ -30,6 +30,7 @@ struct ipv6_devconf {
   __s32   max_addresses;
   __s32   accept_ra_defrtr;
   __s32   accept_ra_pinfo;
 + __s32   accept_ra_hop_limit;
  #ifdef CONFIG_IPV6_ROUTER_PREF
   __s32   accept_ra_rtr_pref;
   __s32   rtr_probe_interval;
 diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h
 index 5efa54a..a8c1083 100644
 --- a/include/uapi/linux/ipv6.h
 +++ b/include/uapi/linux/ipv6.h
 @@ -171,6 +171,7 @@ enum {
   DEVCONF_USE_OPTIMISTIC,
   DEVCONF_ACCEPT_RA_MTU,
   DEVCONF_STABLE_SECRET,
 + DEVCONF_ACCEPT_RA_HOP_LIMIT,
   DEVCONF_MAX
  };
  
 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
 index 21c2c81..486a7a5 100644
 --- a/net/ipv6/addrconf.c
 +++ b/net/ipv6/addrconf.c
 @@ -196,6 +196,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
   .accept_ra_defrtr   = 1,
   .accept_ra_from_local   = 0,
   .accept_ra_pinfo= 1,
 + .accept_ra_hop_limit= 1,
  #ifdef CONFIG_IPV6_ROUTER_PREF
   .accept_ra_rtr_pref = 1,
   .rtr_probe_interval = 60 * HZ,
 @@ -237,6 +238,7 @@ static struct ipv6_devconf ipv6_devconf_dflt 
 __read_mostly = {
   .accept_ra_defrtr   = 1,
   .accept_ra_from_local   = 0,
   .accept_ra_pinfo= 1,
 + .accept_ra_hop_limit= 1,
  #ifdef CONFIG_IPV6_ROUTER_PREF
   .accept_ra_rtr_pref = 1,
   .rtr_probe_interval = 60 * HZ,
 @@ -4561,6 +4563,7 @@ static inline void ipv6_store_devconf(struct 
 ipv6_devconf *cnf,
   array[DEVCONF_MAX_ADDRESSES] = cnf-max_addresses;
   array[DEVCONF_ACCEPT_RA_DEFRTR] = cnf-accept_ra_defrtr;
   array[DEVCONF_ACCEPT_RA_PINFO] = cnf-accept_ra_pinfo;
 + array[DEVCONF_ACCEPT_RA_HOP_LIMIT] = cnf-accept_ra_hop_limit;
  #ifdef CONFIG_IPV6_ROUTER_PREF
   array[DEVCONF_ACCEPT_RA_RTR_PREF] = cnf-accept_ra_rtr_pref;
   array[DEVCONF_RTR_PROBE_INTERVAL] =
 @@ -5462,6 +5465,13 @@ static struct addrconf_sysctl_table
   .mode   = 0644,
   .proc_handler   = proc_dointvec,
   },
 + {
 + .procname   = accept_ra_hop_limit,
 + .data   = ipv6_devconf.accept_ra_hop_limit,
 + .maxlen = sizeof(int),
 + .mode   = 0644,
 + .proc_handler   = proc_dointvec,
 + },
  #ifdef 

Re: [RFC PATCH v3 net-next 2/3] tcp: add in_flight to tcp_skb_cb

[YOSHIFUJI Hideaki/吉藤英明]

Hi,

Lawrence Brakmo wrote:
 Based on comments by Neal Cardwell to tcp_nv patch:
 
   AFAICT this patch would not require an increase in the size of sk_buff
   cb[] if it were to take advantage of the fact that the tcp_skb_cb
   header.h4 and header.h6 fields are only used in the packet reception
   code path, and this in_flight field is only used on the transmit
   side. So the in_flight field could be placed in a struct that is
   itself placed in a union with the header union.

Please make another patch only for this.

 
   That way the sender code can remember the in_flight value
   without requiring any extra space. And in the future other
   sender-side info could be stored in the tx struct, if needed.
 
 Signed-off-by: Lawrence Brakmo bra...@fb.com
 ---
  include/net/tcp.h | 13 ++---
  net/ipv4/tcp_input.c  |  5 -
  net/ipv4/tcp_output.c |  4 +++-
  3 files changed, 17 insertions(+), 5 deletions(-)
 
 diff --git a/include/net/tcp.h b/include/net/tcp.h
 index 1e6c5b04..b98d79a 100644
 --- a/include/net/tcp.h
 +++ b/include/net/tcp.h
 @@ -755,11 +755,17 @@ struct tcp_skb_cb {
   /* 1 byte hole */
   __u32   ack_seq;/* Sequence number ACK'd*/
   union {
 - struct inet_skb_parmh4;
 + struct {
 + /* bytes in flight when this packet was sent */
 + __u32 in_flight;
 + } tx;   /* only used for outgoing skbs */
 + union {
 + struct inet_skb_parmh4;
  #if IS_ENABLED(CONFIG_IPV6)
 - struct inet6_skb_parm   h6;
 + struct inet6_skb_parm   h6;
  #endif
 - } header;   /* For incoming frames  */
 + } header;   /* For incoming skbs */
 + };
  };
  
  #define TCP_SKB_CB(__skb)((struct tcp_skb_cb *)((__skb)-cb[0]))
 @@ -837,6 +843,7 @@ union tcp_cc_info;
  struct ack_sample {
   u32 pkts_acked;
   s32 rtt_us;
 + u32 in_flight;
  };
  
  struct tcp_congestion_ops {
 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
 index 423d3af..3ab4178 100644
 --- a/net/ipv4/tcp_input.c
 +++ b/net/ipv4/tcp_input.c
 @@ -3068,6 +3068,7 @@ static int tcp_clean_rtx_queue(struct sock *sk, int 
 prior_fackets,
   long ca_rtt_us = -1L;
   struct sk_buff *skb;
   u32 pkts_acked = 0;
 + u32 last_in_flight = 0;
   bool rtt_update;
   int flag = 0;
  
 @@ -3107,6 +3108,7 @@ static int tcp_clean_rtx_queue(struct sock *sk, int 
 prior_fackets,
   if (!first_ackt.v64)
   first_ackt = last_ackt;
  
 + last_in_flight = TCP_SKB_CB(skb)-tx.in_flight;
   reord = min(pkts_acked, reord);
   if (!after(scb-end_seq, tp-high_seq))
   flag |= FLAG_ORIG_SACK_ACKED;
 @@ -3196,7 +3198,8 @@ static int tcp_clean_rtx_queue(struct sock *sk, int 
 prior_fackets,
   }
  
   if (icsk-icsk_ca_ops-pkts_acked) {
 - struct ack_sample sample = {pkts_acked, ca_rtt_us};
 + struct ack_sample sample = {pkts_acked, ca_rtt_us,
 + last_in_flight};
  
   icsk-icsk_ca_ops-pkts_acked(sk, sample);
   }
 diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
 index 7105784..e9deab5 100644
 --- a/net/ipv4/tcp_output.c
 +++ b/net/ipv4/tcp_output.c
 @@ -920,9 +920,12 @@ static int tcp_transmit_skb(struct sock *sk, struct 
 sk_buff *skb, int clone_it,
   int err;
  
   BUG_ON(!skb || !tcp_skb_pcount(skb));
 + tp = tcp_sk(sk);
  
   if (clone_it) {
   skb_mstamp_get(skb-skb_mstamp);
 + TCP_SKB_CB(skb)-tx.in_flight = TCP_SKB_CB(skb)-end_seq
 + - tp-snd_una;
  
   if (unlikely(skb_cloned(skb)))
   skb = pskb_copy(skb, gfp_mask);
 @@ -933,7 +936,6 @@ static int tcp_transmit_skb(struct sock *sk, struct 
 sk_buff *skb, int clone_it,
   }
  
   inet = inet_sk(sk);
 - tp = tcp_sk(sk);
   tcb = TCP_SKB_CB(skb);
   memset(opts, 0, sizeof(opts));
  
 

-- 
吉藤英明 hideaki.yoshif...@miraclelinux.com
ミラクル・リナックス株式会社 技術本部 サポート部
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] ipv6: Fix finding best source address in ipv6_dev_get_saddr().

[YOSHIFUJI Hideaki/吉藤英明]

Hi,

Tom Herbert wrote:
 I am testing this patch which may be a little simpler. Also idev needs
 to be checked after __in6_dev_get

We have to select source address on *given* interface for link-local/
multicast destinations.

 
 Tom
 
 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
 index 4ab74d5..d631ac3 100644
 --- a/net/ipv6/addrconf.c
 +++ b/net/ipv6/addrconf.c
 @@ -1363,9 +1363,10 @@ static void __ipv6_dev_get_saddr(struct net *net,
  unsigned int prefs,
  const struct in6_addr *saddr,
  struct inet6_dev *idev,
 -struct ipv6_saddr_score *scores)
 +struct ipv6_saddr_score **in_score,
 +struct ipv6_saddr_score **in_hiscore)
  {
 -   struct ipv6_saddr_score *score = scores[0], *hiscore = scores[1];
 +   struct ipv6_saddr_score *score = *in_score, *hiscore = *in_hiscore;
 
 read_lock_bh(idev-lock);
 list_for_each_entry(score-ifa, idev-addr_list, if_list) {
 @@ -1434,13 +1435,16 @@ static void __ipv6_dev_get_saddr(struct net *net,
 }
  out:
 read_unlock_bh(idev-lock);
 +   *in_hiscore = hiscore;
 +   *in_score = score;
  }
 
  int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev,
const struct in6_addr *daddr, unsigned int prefs,
struct in6_addr *saddr)
  {
 -   struct ipv6_saddr_score scores[2], *hiscore = scores[1];
 +   struct ipv6_saddr_score scores[2];
 +   struct ipv6_saddr_score *score = scores[0], *hiscore = scores[1];
 struct ipv6_saddr_dst dst;
 struct inet6_dev *idev;
 struct net_device *dev;
 @@ -1475,18 +1479,19 @@ int ipv6_dev_get_saddr(struct net *net, const
 struct net_device *dst_dev,
 if ((dst_type  IPV6_ADDR_MULTICAST) ||
 dst.scope = IPV6_ADDR_SCOPE_LINKLOCAL) {
 idev = __in6_dev_get(dst_dev);
 -   use_oif_addr = true;
 +   if (idev)
 +   use_oif_addr = true;
 }
 }
 if (use_oif_addr) {
 -   __ipv6_dev_get_saddr(net, dst, prefs, saddr, idev, scores);
 +   __ipv6_dev_get_saddr(net, dst, prefs, saddr, idev,
 score, hiscore);
 } else {
 for_each_netdev_rcu(net, dev) {
 idev = __in6_dev_get(dev);
 if (!idev)
 continue;
 -   __ipv6_dev_get_saddr(net, dst, prefs, saddr,
 idev, scores);
 +   __ipv6_dev_get_saddr(net, dst, prefs, saddr,
 idev, score, hiscore);
 }
 }
 rcu_read_unlock();
 
 On Mon, Jul 13, 2015 at 7:28 AM, YOSHIFUJI Hideaki/吉藤英明
 hideaki.yoshif...@miraclelinux.com wrote:
 Commit 9131f3de2 (ipv6: Do not iterate over all interfaces when
 finding source address on specific interface.) did not properly
 update best source address available.  Plus, it introduced
 possible NULL pointer dereference.

 Bug was reported by Erik Kline e...@google.com.
 Based on patch proposed by Hajime Tazaki thehaj...@gmail.com.

 Fixes: 9131f3de24db4dc12199aede7d931e6703e97f3b (ipv6: Do not
 iterate over all interfaces when finding source address
 on specific interface.)
 Signed-off-by: YOSHIFUJI Hideaki hideaki.yoshif...@miraclelinux.com
 ---
  net/ipv6/addrconf.c | 30 ++
  1 file changed, 18 insertions(+), 12 deletions(-)

 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
 index 4ab74d5..4c9a024 100644
 --- a/net/ipv6/addrconf.c
 +++ b/net/ipv6/addrconf.c
 @@ -1358,14 +1358,15 @@ out:
 return ret;
  }

 -static void __ipv6_dev_get_saddr(struct net *net,
 -struct ipv6_saddr_dst *dst,
 -unsigned int prefs,
 -const struct in6_addr *saddr,
 -struct inet6_dev *idev,
 -struct ipv6_saddr_score *scores)
 +static int __ipv6_dev_get_saddr(struct net *net,
 +   struct ipv6_saddr_dst *dst,
 +   unsigned int prefs,
 +   const struct in6_addr *saddr,
 +   struct inet6_dev *idev,
 +   struct ipv6_saddr_score *scores,
 +   int hiscore_idx)
  {
 -   struct ipv6_saddr_score *score = scores[0], *hiscore = scores[1];
 +   struct ipv6_saddr_score *score = scores[1 - hiscore_idx], *hiscore 
 = scores[hiscore_idx];

 read_lock_bh(idev-lock);
 list_for_each_entry(score-ifa, idev-addr_list, if_list) {
 @@ -1424,6 +1425,7 @@ static void __ipv6_dev_get_saddr(struct net *net,
 in6_ifa_hold(score

[PATCH] ipv6: Fix finding best source address in ipv6_dev_get_saddr().

[YOSHIFUJI Hideaki/吉藤英明]

Commit 9131f3de2 (ipv6: Do not iterate over all interfaces when
finding source address on specific interface.) did not properly
update best source address available.  Plus, it introduced
possible NULL pointer dereference.

Bug was reported by Erik Kline e...@google.com.
Based on patch proposed by Hajime Tazaki thehaj...@gmail.com.

Fixes: 9131f3de24db4dc12199aede7d931e6703e97f3b (ipv6: Do not
iterate over all interfaces when finding source address
on specific interface.)
Signed-off-by: YOSHIFUJI Hideaki hideaki.yoshif...@miraclelinux.com
---
 net/ipv6/addrconf.c | 30 ++
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 4ab74d5..4c9a024 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1358,14 +1358,15 @@ out:
return ret;
 }
 
-static void __ipv6_dev_get_saddr(struct net *net,
-struct ipv6_saddr_dst *dst,
-unsigned int prefs,
-const struct in6_addr *saddr,
-struct inet6_dev *idev,
-struct ipv6_saddr_score *scores)
+static int __ipv6_dev_get_saddr(struct net *net,
+   struct ipv6_saddr_dst *dst,
+   unsigned int prefs,
+   const struct in6_addr *saddr,
+   struct inet6_dev *idev,
+   struct ipv6_saddr_score *scores,
+   int hiscore_idx)
 {
-   struct ipv6_saddr_score *score = scores[0], *hiscore = scores[1];
+   struct ipv6_saddr_score *score = scores[1 - hiscore_idx], *hiscore = 
scores[hiscore_idx];
 
read_lock_bh(idev-lock);
list_for_each_entry(score-ifa, idev-addr_list, if_list) {
@@ -1424,6 +1425,7 @@ static void __ipv6_dev_get_saddr(struct net *net,
in6_ifa_hold(score-ifa);
 
swap(hiscore, score);
+   hiscore_idx = 1 - hiscore_idx;
 
/* restore our iterator */
score-ifa = hiscore-ifa;
@@ -1434,18 +1436,20 @@ static void __ipv6_dev_get_saddr(struct net *net,
}
 out:
read_unlock_bh(idev-lock);
+   return hiscore_idx;
 }
 
 int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev,
   const struct in6_addr *daddr, unsigned int prefs,
   struct in6_addr *saddr)
 {
-   struct ipv6_saddr_score scores[2], *hiscore = scores[1];
+   struct ipv6_saddr_score scores[2], *hiscore;
struct ipv6_saddr_dst dst;
struct inet6_dev *idev;
struct net_device *dev;
int dst_type;
bool use_oif_addr = false;
+   int hiscore_idx = 0;
 
dst_type = __ipv6_addr_type(daddr);
dst.addr = daddr;
@@ -1454,8 +1458,8 @@ int ipv6_dev_get_saddr(struct net *net, const struct 
net_device *dst_dev,
dst.label = ipv6_addr_label(net, daddr, dst_type, dst.ifindex);
dst.prefs = prefs;
 
-   hiscore-rule = -1;
-   hiscore-ifa = NULL;
+   scores[hiscore_idx].rule = -1;
+   scores[hiscore_idx].ifa = NULL;
 
rcu_read_lock();
 
@@ -1480,17 +1484,19 @@ int ipv6_dev_get_saddr(struct net *net, const struct 
net_device *dst_dev,
}
 
if (use_oif_addr) {
-   __ipv6_dev_get_saddr(net, dst, prefs, saddr, idev, scores);
+   if (idev)
+   hiscore_idx = __ipv6_dev_get_saddr(net, dst, prefs, 
saddr, idev, scores, hiscore_idx);
} else {
for_each_netdev_rcu(net, dev) {
idev = __in6_dev_get(dev);
if (!idev)
continue;
-   __ipv6_dev_get_saddr(net, dst, prefs, saddr, idev, 
scores);
+   hiscore_idx = __ipv6_dev_get_saddr(net, dst, prefs, 
saddr, idev, scores, hiscore_idx);
}
}
rcu_read_unlock();
 
+   hiscore = scores[hiscore_idx];
if (!hiscore-ifa)
return -EADDRNOTAVAIL;
 
-- 
1.9.1

--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH net-next] ipv6: Do not iterate over all interfaces when finding source address on specific interface.

[YOSHIFUJI Hideaki/吉藤英明]

If outgoing interface is specified and the candidate addresses
are restricted to the outgoing interface, it is enough to iterate
over that given interface only.

Signed-off-by: YOSHIFUJI Hideaki hideaki.yoshif...@miraclelinux.com
---
 net/ipv6/addrconf.c | 201 +---
 1 file changed, 111 insertions(+), 90 deletions(-)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 21c2c81..b4c82d8 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1358,15 +1358,94 @@ out:
return ret;
 }
 
+static void __ipv6_dev_get_saddr(struct net *net,
+struct ipv6_saddr_dst *dst,
+unsigned int prefs,
+const struct in6_addr *saddr,
+struct inet6_dev *idev,
+struct ipv6_saddr_score *scores)
+{
+   struct ipv6_saddr_score *score = scores[0], *hiscore = scores[1];
+
+   read_lock_bh(idev-lock);
+   list_for_each_entry(score-ifa, idev-addr_list, if_list) {
+   int i;
+
+   /*
+* - Tentative Address (RFC2462 section 5.4)
+*  - A tentative address is not considered
+*assigned to an interface in the traditional
+*sense, unless it is also flagged as optimistic.
+* - Candidate Source Address (section 4)
+*  - In any case, anycast addresses, multicast
+*addresses, and the unspecified address MUST
+*NOT be included in a candidate set.
+*/
+   if ((score-ifa-flags  IFA_F_TENTATIVE) 
+   (!(score-ifa-flags  IFA_F_OPTIMISTIC)))
+   continue;
+
+   score-addr_type = __ipv6_addr_type(score-ifa-addr);
+
+   if (unlikely(score-addr_type == IPV6_ADDR_ANY ||
+score-addr_type  IPV6_ADDR_MULTICAST)) {
+   net_dbg_ratelimited(ADDRCONF: unspecified / multicast 
address assigned as unicast address on %s,
+   idev-dev-name);
+   continue;
+   }
+
+   score-rule = -1;
+   bitmap_zero(score-scorebits, IPV6_SADDR_RULE_MAX);
+
+   for (i = 0; i  IPV6_SADDR_RULE_MAX; i++) {
+   int minihiscore, miniscore;
+
+   minihiscore = ipv6_get_saddr_eval(net, hiscore, dst, i);
+   miniscore = ipv6_get_saddr_eval(net, score, dst, i);
+
+   if (minihiscore  miniscore) {
+   if (i == IPV6_SADDR_RULE_SCOPE 
+   score-scopedist  0) {
+   /*
+* special case:
+* each remaining entry
+* has too small (not enough)
+* scope, because ifa entries
+* are sorted by their scope
+* values.
+*/
+   goto out;
+   }
+   break;
+   } else if (minihiscore  miniscore) {
+   if (hiscore-ifa)
+   in6_ifa_put(hiscore-ifa);
+
+   in6_ifa_hold(score-ifa);
+
+   swap(hiscore, score);
+
+   /* restore our iterator */
+   score-ifa = hiscore-ifa;
+
+   break;
+   }
+   }
+   }
+out:
+   read_unlock_bh(idev-lock);
+}
+
 int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev,
   const struct in6_addr *daddr, unsigned int prefs,
   struct in6_addr *saddr)
 {
-   struct ipv6_saddr_score scores[2],
-   *score = scores[0], *hiscore = scores[1];
+   struct ipv6_saddr_score scores[2], *hiscore = scores[1];
struct ipv6_saddr_dst dst;
+   struct inet6_dev *idev;
struct net_device *dev;
int dst_type;
+   bool use_oif_addr = false;
 
dst_type = __ipv6_addr_type(daddr);
dst.addr = daddr;
@@ -1380,97 +1459,39 @@ int ipv6_dev_get_saddr(struct net *net, const struct 
net_device *dst_dev,
 
rcu_read_lock();
 
-   for_each_netdev_rcu(net, dev) {
-   struct inet6_dev *idev;
-
-   /* Candidate Source Address (section 4)
-*  - multicast and link-local destination address,
-*the set of candidate source address MUST only
-*include addresses assigned 

[PATCH net-next v2] ipv6: Do not iterate over all interfaces when finding source address on specific interface.

[YOSHIFUJI Hideaki/吉藤英明]

If outgoing interface is specified and the candidate address is
restricted to the outgoing interface, it is enough to iterate
over that given interface only.

Signed-off-by: YOSHIFUJI Hideaki hideaki.yoshif...@miraclelinux.com
Acked-by: Erik Kline e...@google.com
---
 net/ipv6/addrconf.c | 197 
 1 file changed, 107 insertions(+), 90 deletions(-)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 21c2c81..4ab74d5 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1358,15 +1358,94 @@ out:
return ret;
 }
 
+static void __ipv6_dev_get_saddr(struct net *net,
+struct ipv6_saddr_dst *dst,
+unsigned int prefs,
+const struct in6_addr *saddr,
+struct inet6_dev *idev,
+struct ipv6_saddr_score *scores)
+{
+   struct ipv6_saddr_score *score = scores[0], *hiscore = scores[1];
+
+   read_lock_bh(idev-lock);
+   list_for_each_entry(score-ifa, idev-addr_list, if_list) {
+   int i;
+
+   /*
+* - Tentative Address (RFC2462 section 5.4)
+*  - A tentative address is not considered
+*assigned to an interface in the traditional
+*sense, unless it is also flagged as optimistic.
+* - Candidate Source Address (section 4)
+*  - In any case, anycast addresses, multicast
+*addresses, and the unspecified address MUST
+*NOT be included in a candidate set.
+*/
+   if ((score-ifa-flags  IFA_F_TENTATIVE) 
+   (!(score-ifa-flags  IFA_F_OPTIMISTIC)))
+   continue;
+
+   score-addr_type = __ipv6_addr_type(score-ifa-addr);
+
+   if (unlikely(score-addr_type == IPV6_ADDR_ANY ||
+score-addr_type  IPV6_ADDR_MULTICAST)) {
+   net_dbg_ratelimited(ADDRCONF: unspecified / multicast 
address assigned as unicast address on %s,
+   idev-dev-name);
+   continue;
+   }
+
+   score-rule = -1;
+   bitmap_zero(score-scorebits, IPV6_SADDR_RULE_MAX);
+
+   for (i = 0; i  IPV6_SADDR_RULE_MAX; i++) {
+   int minihiscore, miniscore;
+
+   minihiscore = ipv6_get_saddr_eval(net, hiscore, dst, i);
+   miniscore = ipv6_get_saddr_eval(net, score, dst, i);
+
+   if (minihiscore  miniscore) {
+   if (i == IPV6_SADDR_RULE_SCOPE 
+   score-scopedist  0) {
+   /*
+* special case:
+* each remaining entry
+* has too small (not enough)
+* scope, because ifa entries
+* are sorted by their scope
+* values.
+*/
+   goto out;
+   }
+   break;
+   } else if (minihiscore  miniscore) {
+   if (hiscore-ifa)
+   in6_ifa_put(hiscore-ifa);
+
+   in6_ifa_hold(score-ifa);
+
+   swap(hiscore, score);
+
+   /* restore our iterator */
+   score-ifa = hiscore-ifa;
+
+   break;
+   }
+   }
+   }
+out:
+   read_unlock_bh(idev-lock);
+}
+
 int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev,
   const struct in6_addr *daddr, unsigned int prefs,
   struct in6_addr *saddr)
 {
-   struct ipv6_saddr_score scores[2],
-   *score = scores[0], *hiscore = scores[1];
+   struct ipv6_saddr_score scores[2], *hiscore = scores[1];
struct ipv6_saddr_dst dst;
+   struct inet6_dev *idev;
struct net_device *dev;
int dst_type;
+   bool use_oif_addr = false;
 
dst_type = __ipv6_addr_type(daddr);
dst.addr = daddr;
@@ -1380,97 +1459,35 @@ int ipv6_dev_get_saddr(struct net *net, const struct 
net_device *dst_dev,
 
rcu_read_lock();
 
-   for_each_netdev_rcu(net, dev) {
-   struct inet6_dev *idev;
-
-   /* Candidate Source Address (section 4)
-*  - multicast and link-local destination address,
-*the set of candidate source address MUST only
-   

Re: [PATCH] ipv6: Fixed source specific default route handling.

[YOSHIFUJI Hideaki/吉藤英明]

Matthias Schiffer wrote:
 On 06/22/2015 07:58 AM, Steven Barth wrote:
 On 22.06.2015 00:35, Matthias Schiffer wrote:
 Could you explain in detail what you mean with If you want specific SA,
 add same route with higher metric and/or (more) specific src match.?
 Routes aren't bound to specific addresses except via the src attribute
 (which is called prefsrc in the kernel), which is exactly what it not
 working. I can't control the chosen source address at all when
 source-specific routes are involved.
 Except that prefsrc and src are two different beasts and usually ip route 
 from transates to
 RTA_SRC instead of RTA_PREFSOURCE when used with a prefix length.

 Try adding two routes to the same destination with the same metric but 
 different source values with PREFSRC (e.g. IPv4) and then
 try doing the same with SRC (e.g. IPv6). The former will fail but the latter 
 will succeed.
 
 Ah sorry, I didn't know that src and prefsrc were distinct concepts.
 I meant to refer to src whenever I wrote prefsrc. What are the
 precise semantics of the src attribute? Any RFC I can read, or is this
 a Linux-specific concept?
 

src is long-lived feature which is usually used with mutiple routing
tables by ip rule.

--yoshfuji



 https://tools.ietf.org/html/draft-troan-homenet-sadr-01
 was the original draft for source-address dependent routing IIRC so might be 
 a good read.
 
 Thanks for the link, that helps a bit.
 



 Even though the source-specific route has a higher metric than the
 generic one, the source-specific one shadows the generic route.

 (was a bit ago since I read into this so please correct me if I am wrong)
 IIRC this is intentional since longest-prefix-match beats metric here
 and the source-address match counts to being more-specific here. See also 
 above difference between PREFSRC and SRC.
 
 Ah, that would explain the metric issue. I looks like the source of my
 confusion is that for source-specific routes *all* addresses are in the
 candidate set, not only the addresses of the outgoing interface (which
 makes sense as ip6_route_get_saddr() is called with a NULL rt6_info in
 the source-specific case).
 
 I'm not sure if this can be fixed in a sane way (as there seems to be a
 dependency cycle: source address should depend on outgoing interface,
 which depends on the chosen route, which depends on the source address),
 but it leads to highly unintuitive source address selection :(
 
 Markus suggested in the commit message not to call ip6_route_output at
 all before the source address has been selected. Wouldn't this make it
 impossible to choose the source address depending on the outgoing
 interface in the non-source-specific case as well?
 
 Cheers,

 Steven
 
 Thanks for the explanation,
 Matthias
 

-- 
吉藤英明 hideaki.yoshif...@miraclelinux.com
ミラクル・リナックス株式会社 技術本部 サポート部
--
To unsubscribe from this list: send the line unsubscribe netdev in

Re: [PATCH] neighbour: Convert if statment in the function, neigh_add_timer to a WARN_ON

[YOSHIFUJI Hideaki/吉藤英明]

Nicholas Krause wrote:
 This converts the if statement for dumping the stack into a
 WARN_ON in order to make this function's debugging check
 simpler and have a cleaner output when this condition
 occurs inside this function for when bugs related to
 adding a duplicate neighbour table timer arise.
 
 Signed-off-by: Nicholas Krause xerofo...@gmail.com
 ---
  net/core/neighbour.c | 6 +-
  1 file changed, 1 insertion(+), 5 deletions(-)
 
 diff --git a/net/core/neighbour.c b/net/core/neighbour.c
 index 3de6542..0bf71da 100644
 --- a/net/core/neighbour.c
 +++ b/net/core/neighbour.c
 @@ -165,11 +165,7 @@ static int neigh_forced_gc(struct neigh_table *tbl)
  static void neigh_add_timer(struct neighbour *n, unsigned long when)
  {
   neigh_hold(n);
 - if (unlikely(mod_timer(n-timer, when))) {
 - printk(NEIGH: BUG, double timer add, state is %x\n,
 -n-nud_state);
 - dump_stack();
 - }
 + WARN_ON(unlikely(mod_timer(n-timer, when)));
  }

NACK, please do not use WARN_ON for things with side effects.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][KEY] fix bug in spdadd

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu, 14 Feb 2008 20:55:40 +0900), Kazunori 
MIYAZAWA [EMAIL PROTECTED] says:

 This patch fix a BUG when adding spds which have
 same selector.
 
 Signed-off-by: Kazunori MIYAZAWA [EMAIL PROTECTED]

I think we need to fix xfrm_user side as well.

---
[PATCH] [XFRM]: Avoid bogus BUG() when throwing new policy away.

When we destory a new policy entry, we need to tell
xfrm_policy_destroy() explicitly that the entry is not
alive yet.

--- 
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 7833807..f971ca5 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1105,6 +1105,7 @@ static struct xfrm_policy *xfrm_policy_construct(struct 
xfrm_userpolicy_info *p,
return xp;
  error:
*errp = err;
+   xp-dead = 1;
xfrm_policy_destroy(xp);
return NULL;
 }

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[RFC PATCH] [XFRM]: Fix ordering issue in xfrm_dst_hash_transfer().

[YOSHIFUJI Hideaki / 吉藤英明]

Keep ordering of policy entries with same selector in xfrm_dst_hash_transfer().

Issue should not appear in usual cases because multiple policy entries with
same selector are basically not allowed so far.
Bug was pointed out by Sebastien Decugis [EMAIL PROTECTED].

We could convert bydst from hlist to list and use list_add_tail() instead.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]


diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 47219f9..9fc4c31 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -331,15 +331,31 @@ static void xfrm_dst_hash_transfer(struct hlist_head 
*list,
   struct hlist_head *ndsttable,
   unsigned int nhashmask)
 {
-   struct hlist_node *entry, *tmp;
+   struct hlist_node *entry, *tmp, *entry0 = NULL;
struct xfrm_policy *pol;
+   unsigned int h0 = 0;
 
+redo:
hlist_for_each_entry_safe(pol, entry, tmp, list, bydst) {
unsigned int h;
 
h = __addr_hash(pol-selector.daddr, pol-selector.saddr,
pol-family, nhashmask);
-   hlist_add_head(pol-bydst, ndsttable+h);
+   if (!entry0) {
+   hlist_del(entry);
+   hlist_add_head(pol-bydst, ndsttable+h);
+   h0 = h;
+   } else {
+   if (h != h0)
+   continue;
+   hlist_del(entry);
+   hlist_add_after(entry0, pol-bydst);
+   }
+   entry0 = entry;
+   }
+   if (!hlist_empty(list)) {
+   entry0 = NULL;
+   goto redo;
}
 }
 

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCh TAKE 2] [IPROUTE2] Add addrlabel sub-command.

[YOSHIFUJI Hideaki / 吉藤英明]

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
diff --git a/ip/Makefile b/ip/Makefile
index b427d58..d908817 100644
--- a/ip/Makefile
+++ b/ip/Makefile
@@ -1,4 +1,4 @@
-IPOBJ=ip.o ipaddress.o iproute.o iprule.o \
+IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o \
 rtm_map.o iptunnel.o ip6tunnel.o tunnel.o ipneigh.o ipntable.o iplink.o \
 ipmaddr.o ipmonitor.o ipmroute.o ipprefix.o \
 ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o \
diff --git a/ip/ip.c b/ip/ip.c
index aeb8c68..c4c773f 100644
--- a/ip/ip.c
+++ b/ip/ip.c
@@ -46,8 +46,8 @@ static void usage(void)
fprintf(stderr,
 Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }\n
ip [ -force ] [-batch filename\n
-where  OBJECT := { link | addr | route | rule | neigh | ntable | tunnel |\n
-   maddr | mroute | monitor | xfrm }\n
+where  OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable 
|\n
+   tunnel | maddr | mroute | monitor | xfrm }\n
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n
 -f[amily] { inet | inet6 | ipx | dnet | link } |\n
 -o[neline] | -t[imestamp] }\n);
@@ -64,6 +64,7 @@ static const struct cmd {
int (*func)(int argc, char **argv);
 } cmds[] = {
{ address,do_ipaddr },
+   { addrlabel,  do_ipaddrlabel },
{ maddress,   do_multiaddr },
{ route,  do_iproute },
{ rule,   do_iprule },
diff --git a/ip/ip_common.h b/ip/ip_common.h
index 39f2507..1bbd50d 100644
--- a/ip/ip_common.h
+++ b/ip/ip_common.h
@@ -4,6 +4,9 @@ extern int print_linkinfo(const struct sockaddr_nl *who,
 extern int print_addrinfo(const struct sockaddr_nl *who,
  struct nlmsghdr *n,
  void *arg);
+extern int print_addrlabelinfo(const struct sockaddr_nl *who,
+  struct nlmsghdr *n,
+  void *arg);
 extern int print_neigh(const struct sockaddr_nl *who,
   struct nlmsghdr *n, void *arg);
 extern int print_ntable(const struct sockaddr_nl *who,
@@ -23,6 +26,7 @@ extern int print_prefix(const struct sockaddr_nl *who,
 extern int print_rule(const struct sockaddr_nl *who,
  struct nlmsghdr *n, void *arg);
 extern int do_ipaddr(int argc, char **argv);
+extern int do_ipaddrlabel(int argc, char **argv);
 extern int do_iproute(int argc, char **argv);
 extern int do_iprule(int argc, char **argv);
 extern int do_ipneigh(int argc, char **argv);
diff --git a/ip/ipaddrlabel.c b/ip/ipaddrlabel.c
new file mode 100644
index 000..1c873e9
--- /dev/null
+++ b/ip/ipaddrlabel.c
@@ -0,0 +1,260 @@
+/*
+ * ipaddrlabel.c   ip addrlabel
+ *
+ * Copyright (C)2007 USAGI/WIDE Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ *
+ * Based on iprule.c.
+ *
+ * Authors:YOSHIFUJI Hideaki [EMAIL PROTECTED]
+ *
+ */
+
+#include stdio.h
+#include stdlib.h
+#include unistd.h
+#include syslog.h
+#include fcntl.h
+#include sys/socket.h
+#include netinet/in.h
+#include netinet/ip.h
+#include arpa/inet.h
+#include string.h
+#include linux/types.h
+#include linux/if_addrlabel.h
+
+#include rt_names.h
+#include utils.h
+#include ip_common.h
+
+#define IFAL_RTA(r)((struct rtattr*)(((char*)(r)) + 
NLMSG_ALIGN(sizeof(struct ifaddrlblmsg
+#define IFAL_PAYLOAD(n)NLMSG_PAYLOAD(n,sizeof(struct ifaddrlblmsg))
+
+extern struct rtnl_handle rth;
+
+static void usage(void) __attribute__((noreturn));
+
+static void usage(void)
+{
+   fprintf(stderr, Usage: ip addrlabel [ list | add | del | flush ] 
prefix PREFIX [ dev DEV ] [ label LABEL ]\n);
+   exit(-1);
+}
+
+int print_addrlabel(const struct sockaddr_nl *who, struct nlmsghdr *n, void 
*arg)
+{
+   FILE *fp = (FILE*)arg;
+   struct ifaddrlblmsg *ifal = NLMSG_DATA(n);
+   int len = n-nlmsg_len;
+   int host_len = -1;
+   struct rtattr *tb[IFAL_MAX+1];
+   char abuf[256];
+
+   if (n-nlmsg_type != RTM_NEWADDRLABEL  n-nlmsg_type != 
RTM_DELADDRLABEL)
+   return 0;
+
+   len -= NLMSG_LENGTH(sizeof(*ifal));
+   if (len  0)
+   return -1;
+
+   parse_rtattr(tb, IFAL_MAX, IFAL_RTA(ifal), len);
+
+   if (ifal-ifal_family == AF_INET)
+   host_len 

Re: [PATCH] Add IPv6 support to TCP SYN cookies

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu, 07 Feb 2008 10:40:19 +0100), Eric 
Dumazet [EMAIL PROTECTED] says:

 [NET] IPV4: lower stack usage in cookie_hash() function
 
 400 bytes allocated on stack might be a litle bit too much. Using a 
 per_cpu var is more friendly.
 
 Signed-off-by: Eric Dumazet [EMAIL PROTECTED]

Applied to my inet6-2.6.26 tree.  Thanks.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] Add IPv6 support to TCP SYN cookies

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu,  7 Feb 2008 21:49:26 -0800), Glenn 
Griffin [EMAIL PROTECTED] says:

 Updated to incorporate Eric's suggestion of using a per cpu buffer
 rather than allocating on the stack.  Just a two line change, but will
 resend in it's entirety.
 
 Signed-off-by: Glenn Griffin [EMAIL PROTECTED]

Applied in my linux-2.6-dev tree.  Thanks.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 14/14] replace __inline__ by inline in include/linux (net related)

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Wed, 06 Feb 2008 10:14:19 +0100), Daniel 
Lezcano [EMAIL PROTECTED] says:

 replace __inline__ by inline in include/linux (net related)
 
 Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]
 ---
  include/linux/atm.h|4 ++--
  include/linux/atmsap.h |2 +-
  include/linux/hdlc.h   |   13 +++--
  include/linux/inetdevice.h |   14 ++
  include/linux/netlink.h|5 +++--
  include/linux/rtnetlink.h  |2 +-
  6 files changed, 20 insertions(+), 20 deletions(-)

Please do this change within the #ifdef __KERNEL__ .. #endif only.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 6/6][NETNS]: Udp sockets per-net lookup.

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu, 31 Jan 2008 15:41:58 +0300), Pavel 
Emelyanov [EMAIL PROTECTED] says:

 Add the net parameter to udp_get_port family of calls and 
 udp_lookup one and use it to filter sockets.

I may miss something, but I'm afraid that I have to disagree.
Port is identified only by family, address, protocol and port,
and should not be split by name space.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 6/6][NETNS]: Udp sockets per-net lookup.

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu, 31 Jan 2008 05:20:07 -0800 (PST)), 
David Miller [EMAIL PROTECTED] says:

 The networking devices are even per-namespace already,
 so you can even say that each namespace is even
 physically different.

Ah, okay, we are splitting weak domains...

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] Add addrlabel subsystem.

[YOSHIFUJI Hideaki / 吉藤英明]

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 include/linux/if_addrlabel.h |   32 +
 ip/Makefile  |2 +-
 ip/ip.c  |5 +-
 ip/ip_common.h   |4 +
 ip/ipaddrlabel.c |  260 ++
 ip/ipmonitor.c   |4 +
 6 files changed, 304 insertions(+), 3 deletions(-)

diff --git a/include/linux/if_addrlabel.h b/include/linux/if_addrlabel.h
new file mode 100644
index 000..9fe79c9
--- /dev/null
+++ b/include/linux/if_addrlabel.h
@@ -0,0 +1,32 @@
+/*
+ * if_addrlabel.h - netlink interface for address labels
+ *
+ * Copyright (C)2007 USAGI/WIDE Project,  All Rights Reserved.
+ *
+ * Authors:
+ * YOSHIFUJI Hideaki @ USAGI/WIDE [EMAIL PROTECTED]
+ */
+
+#ifndef __LINUX_IF_ADDRLABEL_H
+#define __LINUX_IF_ADDRLABEL_H
+
+struct ifaddrlblmsg
+{
+   __u8ifal_family;/* Address family */
+   __u8__ifal_reserved;/* Reserved */
+   __u8ifal_prefixlen; /* Prefix length */
+   __u8ifal_flags; /* Flags */
+   __u32   ifal_index; /* Link index */
+   __u32   ifal_seq;   /* sequence number */
+};
+
+enum
+{
+   IFAL_ADDRESS = 1,
+   IFAL_LABEL = 2,
+   __IFAL_MAX
+};
+
+#define IFAL_MAX   (__IFAL_MAX - 1)
+
+#endif
diff --git a/ip/Makefile b/ip/Makefile
index b427d58..d908817 100644
--- a/ip/Makefile
+++ b/ip/Makefile
@@ -1,4 +1,4 @@
-IPOBJ=ip.o ipaddress.o iproute.o iprule.o \
+IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o \
 rtm_map.o iptunnel.o ip6tunnel.o tunnel.o ipneigh.o ipntable.o iplink.o \
 ipmaddr.o ipmonitor.o ipmroute.o ipprefix.o \
 ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o \
diff --git a/ip/ip.c b/ip/ip.c
index aeb8c68..c4c773f 100644
--- a/ip/ip.c
+++ b/ip/ip.c
@@ -46,8 +46,8 @@ static void usage(void)
fprintf(stderr,
 Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }\n
ip [ -force ] [-batch filename\n
-where  OBJECT := { link | addr | route | rule | neigh | ntable | tunnel |\n
-   maddr | mroute | monitor | xfrm }\n
+where  OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable 
|\n
+   tunnel | maddr | mroute | monitor | xfrm }\n
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n
 -f[amily] { inet | inet6 | ipx | dnet | link } |\n
 -o[neline] | -t[imestamp] }\n);
@@ -64,6 +64,7 @@ static const struct cmd {
int (*func)(int argc, char **argv);
 } cmds[] = {
{ address,do_ipaddr },
+   { addrlabel,  do_ipaddrlabel },
{ maddress,   do_multiaddr },
{ route,  do_iproute },
{ rule,   do_iprule },
diff --git a/ip/ip_common.h b/ip/ip_common.h
index 39f2507..1bbd50d 100644
--- a/ip/ip_common.h
+++ b/ip/ip_common.h
@@ -4,6 +4,9 @@ extern int print_linkinfo(const struct sockaddr_nl *who,
 extern int print_addrinfo(const struct sockaddr_nl *who,
  struct nlmsghdr *n,
  void *arg);
+extern int print_addrlabelinfo(const struct sockaddr_nl *who,
+  struct nlmsghdr *n,
+  void *arg);
 extern int print_neigh(const struct sockaddr_nl *who,
   struct nlmsghdr *n, void *arg);
 extern int print_ntable(const struct sockaddr_nl *who,
@@ -23,6 +26,7 @@ extern int print_prefix(const struct sockaddr_nl *who,
 extern int print_rule(const struct sockaddr_nl *who,
  struct nlmsghdr *n, void *arg);
 extern int do_ipaddr(int argc, char **argv);
+extern int do_ipaddrlabel(int argc, char **argv);
 extern int do_iproute(int argc, char **argv);
 extern int do_iprule(int argc, char **argv);
 extern int do_ipneigh(int argc, char **argv);
diff --git a/ip/ipaddrlabel.c b/ip/ipaddrlabel.c
new file mode 100644
index 000..1c873e9
--- /dev/null
+++ b/ip/ipaddrlabel.c
@@ -0,0 +1,260 @@
+/*
+ * ipaddrlabel.c   ip addrlabel
+ *
+ * Copyright (C)2007 USAGI/WIDE Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ *
+ * Based on iprule.c.
+ *
+ * Authors:YOSHIFUJI Hideaki [EMAIL PROTECTED]
+ *
+ */
+
+#include stdio.h

[PATCH] IPROUTE2: Add addrlabel subsystem.

[YOSHIFUJI Hideaki / 吉藤英明]

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 include/linux/if_addrlabel.h |   32 +
 ip/Makefile  |2 +-
 ip/ip.c  |5 +-
 ip/ip_common.h   |4 +
 ip/ipaddrlabel.c |  260 ++
 ip/ipmonitor.c   |4 +
 6 files changed, 304 insertions(+), 3 deletions(-)

diff --git a/include/linux/if_addrlabel.h b/include/linux/if_addrlabel.h
new file mode 100644
index 000..9fe79c9
--- /dev/null
+++ b/include/linux/if_addrlabel.h
@@ -0,0 +1,32 @@
+/*
+ * if_addrlabel.h - netlink interface for address labels
+ *
+ * Copyright (C)2007 USAGI/WIDE Project,  All Rights Reserved.
+ *
+ * Authors:
+ * YOSHIFUJI Hideaki @ USAGI/WIDE [EMAIL PROTECTED]
+ */
+
+#ifndef __LINUX_IF_ADDRLABEL_H
+#define __LINUX_IF_ADDRLABEL_H
+
+struct ifaddrlblmsg
+{
+   __u8ifal_family;/* Address family */
+   __u8__ifal_reserved;/* Reserved */
+   __u8ifal_prefixlen; /* Prefix length */
+   __u8ifal_flags; /* Flags */
+   __u32   ifal_index; /* Link index */
+   __u32   ifal_seq;   /* sequence number */
+};
+
+enum
+{
+   IFAL_ADDRESS = 1,
+   IFAL_LABEL = 2,
+   __IFAL_MAX
+};
+
+#define IFAL_MAX   (__IFAL_MAX - 1)
+
+#endif
diff --git a/ip/Makefile b/ip/Makefile
index b427d58..d908817 100644
--- a/ip/Makefile
+++ b/ip/Makefile
@@ -1,4 +1,4 @@
-IPOBJ=ip.o ipaddress.o iproute.o iprule.o \
+IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o \
 rtm_map.o iptunnel.o ip6tunnel.o tunnel.o ipneigh.o ipntable.o iplink.o \
 ipmaddr.o ipmonitor.o ipmroute.o ipprefix.o \
 ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o \
diff --git a/ip/ip.c b/ip/ip.c
index aeb8c68..c4c773f 100644
--- a/ip/ip.c
+++ b/ip/ip.c
@@ -46,8 +46,8 @@ static void usage(void)
fprintf(stderr,
 Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }\n
ip [ -force ] [-batch filename\n
-where  OBJECT := { link | addr | route | rule | neigh | ntable | tunnel |\n
-   maddr | mroute | monitor | xfrm }\n
+where  OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable 
|\n
+   tunnel | maddr | mroute | monitor | xfrm }\n
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n
 -f[amily] { inet | inet6 | ipx | dnet | link } |\n
 -o[neline] | -t[imestamp] }\n);
@@ -64,6 +64,7 @@ static const struct cmd {
int (*func)(int argc, char **argv);
 } cmds[] = {
{ address,do_ipaddr },
+   { addrlabel,  do_ipaddrlabel },
{ maddress,   do_multiaddr },
{ route,  do_iproute },
{ rule,   do_iprule },
diff --git a/ip/ip_common.h b/ip/ip_common.h
index 39f2507..1bbd50d 100644
--- a/ip/ip_common.h
+++ b/ip/ip_common.h
@@ -4,6 +4,9 @@ extern int print_linkinfo(const struct sockaddr_nl *who,
 extern int print_addrinfo(const struct sockaddr_nl *who,
  struct nlmsghdr *n,
  void *arg);
+extern int print_addrlabelinfo(const struct sockaddr_nl *who,
+  struct nlmsghdr *n,
+  void *arg);
 extern int print_neigh(const struct sockaddr_nl *who,
   struct nlmsghdr *n, void *arg);
 extern int print_ntable(const struct sockaddr_nl *who,
@@ -23,6 +26,7 @@ extern int print_prefix(const struct sockaddr_nl *who,
 extern int print_rule(const struct sockaddr_nl *who,
  struct nlmsghdr *n, void *arg);
 extern int do_ipaddr(int argc, char **argv);
+extern int do_ipaddrlabel(int argc, char **argv);
 extern int do_iproute(int argc, char **argv);
 extern int do_iprule(int argc, char **argv);
 extern int do_ipneigh(int argc, char **argv);
diff --git a/ip/ipaddrlabel.c b/ip/ipaddrlabel.c
new file mode 100644
index 000..1c873e9
--- /dev/null
+++ b/ip/ipaddrlabel.c
@@ -0,0 +1,260 @@
+/*
+ * ipaddrlabel.c   ip addrlabel
+ *
+ * Copyright (C)2007 USAGI/WIDE Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ *
+ * Based on iprule.c.
+ *
+ * Authors:YOSHIFUJI Hideaki [EMAIL PROTECTED]
+ *
+ */
+
+#include stdio.h

Re: [PATCH] Add addrlabel subsystem.

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Fri, 01 Feb 2008 06:56:10 +1100 (EST)), 
YOSHIFUJI Hideaki / 吉藤英明 [EMAIL PROTECTED] says:

 Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
 ---
  include/linux/if_addrlabel.h |   32 +
  ip/Makefile  |2 +-
  ip/ip.c  |5 +-
  ip/ip_common.h   |4 +
  ip/ipaddrlabel.c |  260 
 ++
  ip/ipmonitor.c   |4 +
  6 files changed, 304 insertions(+), 3 deletions(-)

Sorry, iproute2 was missing in the subject...resent.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH net-2.6.25] [IPV6] ADDRLABEL: Fix double free on label deletion.

[YOSHIFUJI Hideaki / 吉藤英明]

If an entry is being deleted because it has only one reference, 
we immediately delete it and blindly register the rcu handler for it,
This results in oops by double freeing that object.

This patch fixes it by consolidating the code paths for the deletion;
let its rcu handler delete the object if it has no more reference.

Bug was found by Mitsuru Chinen [EMAIL PROTECTED]

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---

diff --git a/net/ipv6/addrlabel.c b/net/ipv6/addrlabel.c
index 6f1ca60..7a706c4 100644
--- a/net/ipv6/addrlabel.c
+++ b/net/ipv6/addrlabel.c
@@ -106,6 +106,11 @@ static inline void ip6addrlbl_free(struct ip6addrlbl_entry 
*p)
kfree(p);
 }
 
+static void ip6addrlbl_free_rcu(struct rcu_head *h)
+{
+   ip6addrlbl_free(container_of(h, struct ip6addrlbl_entry, rcu));
+}
+
 static inline int ip6addrlbl_hold(struct ip6addrlbl_entry *p)
 {
return atomic_inc_not_zero(p-refcnt);
@@ -114,12 +119,7 @@ static inline int ip6addrlbl_hold(struct ip6addrlbl_entry 
*p)
 static inline void ip6addrlbl_put(struct ip6addrlbl_entry *p)
 {
if (atomic_dec_and_test(p-refcnt))
-   ip6addrlbl_free(p);
-}
-
-static void ip6addrlbl_free_rcu(struct rcu_head *h)
-{
-   ip6addrlbl_free(container_of(h, struct ip6addrlbl_entry, rcu));
+   call_rcu(p-rcu, ip6addrlbl_free_rcu);
 }
 
 /* Find label */
@@ -240,7 +240,6 @@ int __ip6addrlbl_add(struct ip6addrlbl_entry *newp, int 
replace)
}
hlist_replace_rcu(p-list, newp-list);
ip6addrlbl_put(p);
-   call_rcu(p-rcu, ip6addrlbl_free_rcu);
goto out;
} else if ((p-prefixlen == newp-prefixlen  
!p-ifindex) ||
   (p-prefixlen  newp-prefixlen)) {
@@ -300,7 +299,6 @@ int __ip6addrlbl_del(const struct in6_addr *prefix, int 
prefixlen,
ipv6_addr_equal(p-prefix, prefix)) {
hlist_del_rcu(p-list);
ip6addrlbl_put(p);
-   call_rcu(p-rcu, ip6addrlbl_free_rcu);
ret = 0;
break;
}

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch net-2.6.25][IPV6][SYSCTL] fix sysctl compilation error

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Fri, 25 Jan 2008 14:32:23 +0100), Daniel 
Lezcano [EMAIL PROTECTED] says:

 Move ipv6_icmp_sysctl_init and ipv6_route_sysctl_init into
 the right ifdef section otherwise that does not compile when
 CONFIG_SYSCTL=yes and CONFIG_PROC_FS=no
 
 Signed-off-by: Daniel Lezcano [EMAIL PROTECTED]

My bad

Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 12/12 net-2.6.25] [NETNS]: Add namespace for ICMP replying code.

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Wed, 23 Jan 2008 10:16:29 +0100), Mathieu 
Lacage [EMAIL PROTECTED] says:

 I have been following the netns patches on this ML for a while but I
 still have not figured out in which tree the patches fed to David Miller
 are applied. I have attempted to grep the public trees 'davem/net-2.6'
 and 'davem/net-2.6.25' but without much success so far. Is there a
 public git tree I can clone which contains all the netns patches which
 David Miller state are 'Applied' ?

I'm cloning from
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.25.git

There may be some time-lag.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[GIT PULL] [IPV6,IPV4]: Fix several sparse warnings.

[YOSHIFUJI Hideaki / 吉藤英明]

Dave, please consider pulling following changes on top of net-2.6.25 tree:
git://git.linux-ipv6.org/gitroot/yoshfuji/linux-2.6-dev.git 
net-2.6-dev-20080122

Thank you.

HEADLINES
-

[IPV4] UDP,UDPLITE: Sparse: {__udp4_lib,udp,udplite}_err() are of void.
[IPV6] UDP,UDPLITE: Sparse: {__udp6_lib,udp,udplite}_err() are of void.
[IPV6] UDPLITE: Sparse: Declare non-static symbols in header.
[IPV6] ADDRLABEL: Sparse: Make several functions static.
[IPV6]: Sparse: Declare non-static ipv6_{route,icmp,frag}_sysctl_init() in 
header.
[IPV6] ADDRCONF: Sparse: Make inet6_dump_addr() code paths more 
straight-forward.
[IPV6] NDISC: Sparse: Use different variable name for local use.

DIFFSTAT


 include/net/ipv6.h |4 
 net/ipv4/udp.c |2 +-
 net/ipv4/udplite.c |2 +-
 net/ipv6/addrconf.c|   38 ++
 net/ipv6/addrlabel.c   |   20 ++--
 net/ipv6/af_inet6.c|2 --
 net/ipv6/ndisc.c   |   10 +-
 net/ipv6/sysctl_net_ipv6.c |3 ---
 net/ipv6/udp.c |2 +-
 net/ipv6/udp_impl.h|1 +
 net/ipv6/udplite.c |2 +-
 11 files changed, 42 insertions(+), 44 deletions(-)

CHANGESETS
--

commit 9c14555fec7d209c90ae5079c59dc9a338620fd7
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Tue Jan 22 17:05:31 2008 +0900

[IPV4] UDP,UDPLITE: Sparse: {__udp4_lib,udp,udplite}_err() are of void.

Fix following sparse warnings:
| net/ipv4/udp.c:421:2: warning: returning void-valued expression
| net/ipv4/udplite.c:38:2: warning: returning void-valued expression

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index cb2411c..ecd9d91 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -418,7 +418,7 @@ out:
 
 void udp_err(struct sk_buff *skb, u32 info)
 {
-   return __udp4_lib_err(skb, info, udp_hash);
+   __udp4_lib_err(skb, info, udp_hash);
 }
 
 /*
diff --git a/net/ipv4/udplite.c b/net/ipv4/udplite.c
index f5baeb3..001b881 100644
--- a/net/ipv4/udplite.c
+++ b/net/ipv4/udplite.c
@@ -35,7 +35,7 @@ static int udplite_rcv(struct sk_buff *skb)
 
 static void udplite_err(struct sk_buff *skb, u32 info)
 {
-   return __udp4_lib_err(skb, info, udplite_hash);
+   __udp4_lib_err(skb, info, udplite_hash);
 }
 
 static struct net_protocol udplite_protocol = {

---
commit feafbe254cd11496370192a08dbdc1d0ddda226f
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Tue Jan 22 17:09:55 2008 +0900

[IPV6] UDP,UDPLITE: Sparse: {__udp6_lib,udp,udplite}_err() are of void.

Fix following sparse warnings:
| net/ipv6/udp.c:262:2: warning: returning void-valued expression
| net/ipv6/udplite.c:29:2: warning: returning void-valued expression

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index bf58aca..bd4b9df 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -259,7 +259,7 @@ static __inline__ void udpv6_err(struct sk_buff *skb,
 struct inet6_skb_parm *opt, int type,
 int code, int offset, __be32 info )
 {
-   return __udp6_lib_err(skb, opt, type, code, offset, info, udp_hash);
+   __udp6_lib_err(skb, opt, type, code, offset, info, udp_hash);
 }
 
 int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
diff --git a/net/ipv6/udplite.c b/net/ipv6/udplite.c
index 39f0705..87d4202 100644
--- a/net/ipv6/udplite.c
+++ b/net/ipv6/udplite.c
@@ -26,7 +26,7 @@ static void udplitev6_err(struct sk_buff *skb,
  struct inet6_skb_parm *opt,
  int type, int code, int offset, __be32 info)
 {
-   return __udp6_lib_err(skb, opt, type, code, offset, info, udplite_hash);
+   __udp6_lib_err(skb, opt, type, code, offset, info, udplite_hash);
 }
 
 static struct inet6_protocol udplitev6_protocol = {

---
commit ce97db1c7fa125b3f24a3d424a6373824a0bca37
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Tue Jan 22 17:25:46 2008 +0900

[IPV6] UDPLITE: Sparse: Declare non-static symbols in header.

Fix the following sparse warnings:
| net/ipv6/udplite.c:45:14: warning: symbol 'udplitev6_prot' was not 
declared. Should it be static?
| net/ipv6/udplite.c:80:12: warning: symbol 'udplitev6_init' was not 
declared. Should it be static?
| net/ipv6/udplite.c:99:6: warning: symbol 'udplitev6_exit' was not 
declared. Should it be static?

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/ipv6/udp_impl.h b/net/ipv6/udp_impl.h
index 2d3fda6..21be3a8 100644
--- a/net/ipv6/udp_impl.h
+++ b/net/ipv6/udp_impl.h
@@ -5,6 +5,7 @@
 #include net/protocol.h
 #include net/addrconf.h
 #include net/inet_common.h
+#include net/transp_v6.h
 
 extern int __udp6_lib_rcv(struct sk_buff *, struct hlist_head [], int );
 extern void

Re: [PATCH 1/2] IPV6: ICMP6_MIB_OUTMSGS increment duplicated

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Mon, 21 Jan 2008 17:46:32 +0800), Wang Chen 
[EMAIL PROTECTED] says:

 [IPV6]: ICMP6_MIB_OUTMSGS increment duplicated
 
 icmpv6_send() calls ip6_push_pending_frames() indirectly.
 Both ip6_push_pending_frames() and icmpv6_send() increment
 counter ICMP6_MIB_OUTMSGS.
 
 This patch remove the increment from icmpv6_send.
 
 Signed-off-by: Wang Chen [EMAIL PROTECTED]
Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/2] IPV6: RFC 2011 compatibility broken

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Mon, 21 Jan 2008 17:46:44 +0800), Wang Chen 
[EMAIL PROTECTED] says:

 The snmp6 entry name was changed, and it broke compatibility
 to RFC 2011.
 
 Signed-off-by: Wang Chen [EMAIL PROTECTED]
Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] IPv4: Enable use of 240/4 address space

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Sat, 19 Jan 2008 14:44:13 +0100 (CET)), Jan 
Engelhardt [EMAIL PROTECTED] says:

 From 84bccef295aa9754ee662191e32ba1d64edce2ba Mon Sep 17 00:00:00 2001
 From: Jan Engelhardt [EMAIL PROTECTED]
 Date: Fri, 18 Jan 2008 02:10:44 +0100
 Subject: [PATCH] IPv4: enable use of 240/4 address space
 
 This short patch modifies the IPv4 networking to enable use of the
 240.0.0.0/4 (aka class-E) address space as propsed in the internet
 draft draft-fuller-240space-00.txt.
 
 Signed-off-by: Jan Engelhardt [EMAIL PROTECTED]
Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] [IPV6] ROUTE: Make sending algorithm more friendly with RFC 4861.

[YOSHIFUJI Hideaki / 吉藤英明]

We omit (or delay) sending NSes for known-to-unreachable routers
(in NUD_FAILED state) according to RFC 4191 (Default Router Preferences
and More-Specific Routes).
But this is not fully compatible with RFC 4861 (Neighbor Discovery Protocol
for IPv6), which does not remember unreachability of neighbors.

So, let's avoid mixing sending algorithm of RFC 4191 and that of RFC 4861,
and make the algorithm more friendly with RFC 4861 if RFC 4191 is disabled.

Issue was found by IPv6 Ready Logo Core Self_Test 1.5.0b2 (by TAHI Project),
and has been tracked down by Mitsuru Chinen [EMAIL PROTECTED].

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 6ecb5e6..20083e0 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -329,7 +329,7 @@ static inline int rt6_check_dev(struct rt6_info *rt, int 
oif)
 static inline int rt6_check_neigh(struct rt6_info *rt)
 {
struct neighbour *neigh = rt-rt6i_nexthop;
-   int m = 0;
+   int m;
if (rt-rt6i_flags  RTF_NONEXTHOP ||
!(rt-rt6i_flags  RTF_GATEWAY))
m = 1;
@@ -337,10 +337,15 @@ static inline int rt6_check_neigh(struct rt6_info *rt)
read_lock_bh(neigh-lock);
if (neigh-nud_state  NUD_VALID)
m = 2;
-   else if (!(neigh-nud_state  NUD_FAILED))
+#ifdef CONFIG_IPV6_ROUTER_PREF
+   else if (neigh-nud_state  NUD_FAILED)
+   m = 0;
+#endif
+   else
m = 1;
read_unlock_bh(neigh-lock);
-   }
+   } else
+   m = 0;
return m;
 }
 

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] IPv4: Enable use of 240/4 address space

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Fri, 18 Jan 2008 02:13:52 +0100 (CET)), Jan 
Engelhardt [EMAIL PROTECTED] says:

 diff --git a/include/linux/in.h b/include/linux/in.h
 index 27d8a5a..b01bf75 100644
 --- a/include/linux/in.h
 +++ b/include/linux/in.h
 @@ -216,9 +216,6 @@ struct sockaddr_in {
  #define  IN_MULTICAST(a) IN_CLASSD(a)
  #define IN_MULTICAST_NET 0xF000
  
 -#define  IN_EXPERIMENTAL(a)  long int) (a))  0xf000) == 
 0xf000)
 -#define  IN_BADCLASS(a)  IN_EXPERIMENTAL((a))
 -
  /* Address to accept any incoming messages. */
  #define  INADDR_ANY  ((unsigned long int) 0x)
  

No, please keep these macros.

 @@ -264,7 +261,7 @@ static inline bool ipv4_is_local_multicast(__be32 addr)
  
  static inline bool ipv4_is_badclass(__be32 addr)
  {
 - return (addr  htonl(0xf000)) == htonl(0xf000);
 + return addr == 0x;
  }
  

To (un)align the IN_BADCLASS macro and ipv6_is_badclass() definition,
you should change the name anyway, e.g., ipv6_is_limited_broadcast()
or some something alike.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] IPv4: Enable use of 240/4 address space

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Fri, 18 Jan 2008 02:52:08 +0100 (CET)), Jan 
Engelhardt [EMAIL PROTECTED] says:

 
 On Jan 18 2008 10:26, YOSHIFUJI Hideaki / 吉藤英明 wrote:
  -#define   IN_EXPERIMENTAL(a)  long int) (a))  0xf000) == 
  0xf000)
  -#define   IN_BADCLASS(a)  IN_EXPERIMENTAL((a))
 
 No, please keep these macros.
 
  @@ -264,7 +261,7 @@ static inline bool ipv4_is_local_multicast(__be32 addr)
   
   static inline bool ipv4_is_badclass(__be32 addr)
   {
  -  return (addr  htonl(0xf000)) == htonl(0xf000);
  +  return addr == 0x;
   }
   
 
 To (un)align the IN_BADCLASS macro and ipv6_is_badclass() definition,
 
 Unalign? IPv6? Limited broadcast?

Sorry, ipv4_is_badclass().
Assuming IN_BADCLASS() is still there, we should not reuse the name
of ipv6_is_badclass because the their meanings are different.

 -static inline bool ipv4_is_badclass(__be32 addr)
 +static inline bool ipv4_is_broadcast(__be32 addr)
  {

I'm just afraid that people might think ipv4_is_broadcast
is for testing subnet broadcast address.

255.255.255.255 is limited broadcast address
(vs subnet broadcast address, which can be forwarded by routers).

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] IPv4: Enable use of 240/4 address space

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Fri, 18 Jan 2008 11:13:19 +0900 (JST)), 
YOSHIFUJI Hideaki / 吉藤英明 [EMAIL PROTECTED] says:

 Assuming IN_BADCLASS() is still there, we should not reuse the name
 of ipv6_is_badclass because the their meanings are different.

Again, ipv4_is_badclass()
My hands almost automatically type 6 after ipv...

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Netconf at conf.au 2008?

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Sun, 13 Jan 2008 19:17:51 +0100), martin f 
krafft [EMAIL PROTECTED] says:

 also sprach Andy Johnson [EMAIL PROTECTED] [2008.01.12.0752 +0100]:
  I saw somewhere (maybe in this mailing list a while ago) that
  there might be a  Linux Kernel Developers' Netconf conference  at
  conf.au 2008.
 
 I think you may be mixing things up, and it may be my fault in ways.
 I am developing netconf: http://netconf.alioth.debian.org. I am
 aware of the NETCONF protocol and have considered renaming my
 project, but looking around, it seemed to me that NETCONF isn't
 really all that active, and so I chose to keep the name. If people
 think that wasn't wise, I'm willing to listen...

Very confusing to me...

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 001/001] ipv4: enable use of 240/4 address space

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Fri, 11 Jan 2008 12:17:02 +0100), Andi Kleen 
[EMAIL PROTECTED] says:

 Vince Fuller [EMAIL PROTECTED] writes:
 
  from Vince Fuller [EMAIL PROTECTED]
 
  This set of diffs modify the 2.6.20 kernel to enable use of the 240/4
  (aka class-E) address space as consistent with the Internet Draft
  draft-fuller-240space-00.txt.
 
 Wouldn't it be wise to at least wait for it becoming an RFC first? 

I do think so, too.

There is no positive consesus on this draft
at the intarea meeting in Vancouver, right?

We cannot / should not enable that space until we have reached
a consensus on it.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 001/001] ipv4: enable use of 240/4 address space

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Fri, 11 Jan 2008 17:48:57 -0800 (PST)), 
David Miller [EMAIL PROTECTED] says:

 From: YOSHIFUJI Hideaki / 吉藤英明 [EMAIL PROTECTED]
 Date: Fri, 11 Jan 2008 21:41:20 +0900 (JST)
 
  There is no positive consesus on this draft
  at the intarea meeting in Vancouver, right?
  
  We cannot / should not enable that space until we have reached
  a consensus on it.
 
 This is so incredibly incorrect.
 
 There is consensus on making network stacks able to use this
 address space.  And that is all that the patch does.

No, we did never make consensus on it.

 The consensus is only missing on whether to make the address
 space public or private.
 
 This is also clearly spelled out in the draft.
 
 It is important to get as large of a head start on this as
 possible because of how long it takes to deploy something
 like this.

Okay, though I am afraid this space will not be used widely,
we should be ready for it.

I'll make some more comments on the patch itself from
another point view.

--yoshfuji

--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 001/001] ipv4: enable use of 240/4 address space

[YOSHIFUJI Hideaki / 吉藤英明]

Hello.

In article [EMAIL PROTECTED] (at Mon, 7 Jan 2008 17:10:57 -0800), Vince 
Fuller [EMAIL PROTECTED] says:

  #define IN_MULTICAST_NET 0xF000
  
 +#define IN_CLASSE(a) long int) (a))  0xf000) == 0xf000)
 +#define  IN_CLASSE_NET   0xff00
 +#define  IN_CLASSE_NSHIFT8
 +#define  IN_CLASSE_HOST  (0x  ~IN_CLASSE_NET)
 +
 +/* 
 + * these are no longer used
  #define  IN_EXPERIMENTAL(a)  long int) (a))  0xf000) == 
 0xf000)
  #define  IN_BADCLASS(a)  IN_EXPERIMENTAL((a))
 +*/

Please do not remove this, but have these instead:

#define IN_EXPERIMENTAL(a)  IN_CLASSE((a))
#define IN_BADCASS(a)   IN_CLASSE((a))

And, I think it is good to remove BADCLASS() (inside
#ifdef __KERNEL__ .. #endif) because we do not have its users
any longer, right?

Regards,

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Linux IPv6 DAD not full conform to RFC 4862 ?

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Wed, 9 Jan 2008 16:36:56 +0100), Karsten 
Keil [EMAIL PROTECTED] says:

 So I think we should disable the interface now, if DAD fails on a
 hardware based LLA.

I don't want to do this, at least, unconditionally.

Options (not exclusive):

- we could have enable_ipv6 interface flag and check it in
  input/output paths
- we could have dad_reaction interface variable and
  1: disable interface
 = 1: disable IPv6
  0: ignore (as we do now)

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Linux IPv6 DAD not full conform to RFC 4862 ?

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu, 10 Jan 2008 01:38:57 +0900 (JST)), 
YOSHIFUJI Hideaki / 吉藤英明 [EMAIL PROTECTED] says:

 - we could have dad_reaction interface variable and
   1: disable interface
  = 1: disable IPv6
   0: ignore (as we do now)

Argh, 0, 0 and 0, maybe.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Linux IPv6 DAD not full conform to RFC 4862 ?

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Wed, 09 Jan 2008 15:32:12 -0800 (PST)), 
David Miller [EMAIL PROTECTED] says:

 I question any RFC mandate that shuts down IP communication on a node
 because of packets received from remote systems.

RFC4862 tell us that we SHOULD disable IP communication.
(IP means IPv6 here; IPv4 is out of scope.)
In IETF term, a SHOULD is almost a MUST.  We are required to follow
unless we have very good reason to ignore it.

 If the TAHI test can trigger this, so can a compromised system on your
 network and won't that be fun? :-)

So, I know the specification, but I have ignored it.
I think it is fine to implent in some way, but I do think we must have
a switch not to do this.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Linux IPv6 DAD not full conform to RFC 4862 ?

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Wed, 09 Jan 2008 15:55:44 -0800 (PST)), 
David Miller [EMAIL PROTECTED] says:

 Because of the above, the existing behavior must still stay the
 default.  I hope this is your plan.
 
 By default Linux will not implement this SHOULD, it's a security
 issue.

Yes so far, though we may have more things to consider.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH net-2.6][NEIGH] Updating affected neighbours when about MAC address change

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Sun, 23 Dec 2007 13:41:36 +0200), David 
Shwatrz [EMAIL PROTECTED] says:

 I had written a small patch to neigh_changeaddr() in net/core/neighbour.c
 against the 2.6 git net tree, which sends a gratuitous ARP to update
 the list of
 all the involved neighbours with the change of MAC address.
 The patch is for neigh_changeaddr() only.

Though I can see no patch, but I disagree. ;-)
I do think you should change arp_netdev_event() and ndisc_netdev_event().

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH net-2.6][NEIGH] Updating affected neighbours when about MAC address change

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Sun, 23 Dec 2007 14:24:00 +0200), David 
Shwatrz [EMAIL PROTECTED] says:

 Regarding your answer;  I accept it and I will soon send a revised
 version of this patch (making changes to
  arp_netdev_event() and ndisc_netdev_event().)
 I had  IPv4 in mind, there is no reason that it will no be also in IPv6.

You should iterate all of ifa_list (for IPv4) / addr_list (for IPv6).
For IPv6, we also have anycast (maintained by ac_list) as well.

--yoshfuji

--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH net-2.6][NEIGH] Updating affected neighbours when about MAC address change

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Sun, 23 Dec 2007 07:46:15 -0500), jamal 
[EMAIL PROTECTED] says:

 On Sun, 2007-23-12 at 21:38 +0900, YOSHIFUJI Hideaki / 吉藤英明 wrote:
  In article [EMAIL PROTECTED] (at Sun, 23 Dec 2007 14:24:00 +0200), David 
  Shwatrz [EMAIL PROTECTED] says:
  
   Regarding your answer;  I accept it and I will soon send a revised
   version of this patch (making changes to
arp_netdev_event() and ndisc_netdev_event().)
   I had  IPv4 in mind, there is no reason that it will no be also in IPv6.
  
  You should iterate all of ifa_list (for IPv4) / addr_list (for IPv6).
  For IPv6, we also have anycast (maintained by ac_list) as well.
  
 
 Hrm, how is this going to work for the case of multiple MACs on a
 device? 
 Changing one MAC address doesnt equate to issuing a grat arp with _the
 new MAC_ for all ifa (given each MAC may be map to a different ifa) 

If the secondary MACs are used with ARP/NDP, we should take care of
that, but I think we use the primary MAC for ARP/NDP, no?
(In other words, we always use primary MAC for ARP reply / NA, no?)

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH net-2.6][NEIGH] Updating affected neighbours when about MAC address change

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Sun, 23 Dec 2007 15:04:37 +0200), David 
Shwatrz [EMAIL PROTECTED] says:

 Hello,
 
 
 You should iterate all of ifa_list (for IPv4) / addr_list (for IPv6).
  For IPv6, we also have anycast (maintained by ac_list) as well.
 
 I am not sure that we need to iterate all of ifa_list in IPv4.
 The reason is that we end with arp_send, and it initiates a broadcast.
 So all neighbours will receive it and update their arp tables
 accordingly.
 The dest hw in the arp_send is NULL according to this patch ; this means that
 we will assign dev-broadcast to dest_hw  in apr_create().
 
 It seems to me there's no reason to send more than one broadcast.

Urgh? what is happend if you have multiple IPv4 addresses on the device?


 In IPv6, I need to check, since it is multicast.

Please read RFC2461 Section 7.2.6.  In short we should send a few
unsolicited NA, but I think you can start from sending once per an
address.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] [IPROUTE]: A workaround to make larger rto_min printed correctly

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Fri, 21 Dec 2007 11:24:54 +0900), Satoru 
SATOH [EMAIL PROTECTED] says:

 2007/12/21, Jarek Poplawski [EMAIL PROTECTED]:
  Jarek Poplawski wrote, On 12/20/2007 09:24 PM:
  ...
 
   but since it's your patch, I hope you do some additional checking
   if it's always like this...
 
 
  ...or maybe only changing this all a little bit will make it look safer!
 
  Jarek P.
 
 
 OK, how about this?
 
 Signed-off-by: Satoru SATOH [EMAIL PROTECTED]
 
  ip/iproute.c |   12 
  1 files changed, 8 insertions(+), 4 deletions(-)
 
 diff --git a/ip/iproute.c b/ip/iproute.c
 index f4200ae..c771b34 100644
 --- a/ip/iproute.c
 +++ b/ip/iproute.c
 @@ -510,16 +510,20 @@ int print_route(const struct sockaddr_nl *who,
 struct nlmsghdr *n, void *arg)
   fprintf(fp,  %u, 
 *(unsigned*)RTA_DATA(mxrta[i]));
   else {
   unsigned val = *(unsigned*)RTA_DATA(mxrta[i]);
 + unsigned hz1 = hz;
 + if (hz1  1000)

Why don't you simply use unsigned long long (or maybe uint64_t) here?

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--- 
diff --git a/ip/iproute.c b/ip/iproute.c
index f4200ae..db9a3b6 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -509,16 +509,21 @@ int print_route(const struct sockaddr_nl *who, struct 
nlmsghdr *n, void *arg)
i != RTAX_RTO_MIN)
fprintf(fp,  %u, 
*(unsigned*)RTA_DATA(mxrta[i]));
else {
-   unsigned val = *(unsigned*)RTA_DATA(mxrta[i]);
+   unsigned long long val = 
*(unsigned*)RTA_DATA(mxrta[i]);
+   unsigned div = 1;
 
-   val *= 1000;
if (i == RTAX_RTT)
-   val /= 8;
+   div = 8;
else if (i == RTAX_RTTVAR)
-   val /= 4;
-   if (val = hz)
-   fprintf(fp,  %ums, val/hz);
+   div = 4;
else
+   div = 1;
+
+   val = val * 1000ULL / div;
+
+   if (val = hz) {
+   fprintf(fp,  %llums, val/hz);
+   } else
fprintf(fp,  %.2fms, (float)val/hz);
}
}

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] [IPROUTE]: A workaround to make larger rto_min printed correctly

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Fri, 21 Dec 2007 22:49:59 +0900), Satoru 
SATOH [EMAIL PROTECTED] says:

 I agree.
 
 I mistakenly thought hz in that context must be larger than 1000..
 As it's uncertain, your's looks much simpler and better.
 
 (btw, the lines else  div = 1 is not needed, is it?)

Simplest fix is as follows:

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
--
diff --git a/ip/iproute.c b/ip/iproute.c
index f4200ae..7a885b0 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -509,7 +509,7 @@ int print_route(const struct sockaddr_nl *who, struct 
nlmsghdr *n, void *arg)
i != RTAX_RTO_MIN)
fprintf(fp,  %u, 
*(unsigned*)RTA_DATA(mxrta[i]));
else {
-   unsigned val = *(unsigned*)RTA_DATA(mxrta[i]);
+   unsigned long long val = 
*(unsigned*)RTA_DATA(mxrta[i]);
 
val *= 1000;
if (i == RTAX_RTT)
@@ -517,7 +517,7 @@ int print_route(const struct sockaddr_nl *who, struct 
nlmsghdr *n, void *arg)
else if (i == RTAX_RTTVAR)
val /= 4;
if (val = hz)
-   fprintf(fp,  %ums, val/hz);
+   fprintf(fp,  %llums, val/hz);
else
fprintf(fp,  %.2fms, (float)val/hz);
}

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] [IPROUTE]: A workaround to make larger rto_min printed correctly

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu, 20 Dec 2007 12:31:27 +0900), Satoru 
SATOH [EMAIL PROTECTED] says:

 diff --git a/ip/iproute.c b/ip/iproute.c
 index f4200ae..fa722c6 100644
 --- a/ip/iproute.c
 +++ b/ip/iproute.c
 @@ -510,16 +510,16 @@ int print_route(const struct sockaddr_nl *who,
 struct nlmsghdr *n, void *arg)
 fprintf(fp,  %u,
 *(unsigned*)RTA_DATA(mxrta[i]));
 else {
 unsigned val = *(unsigned*)RTA_DATA(mxrta[i]);
 +   unsigned hz1 = hz / 1000;
 
 -   val *= 1000;
 if (i == RTAX_RTT)

I think this is incorrect; hz might not be 1000; e.g. 250 etc.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [TCP] IPV6 : Change a divide into a right shift in tcp_v6_send_ack()

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Fri, 21 Dec 2007 07:03:58 +0100), Eric 
Dumazet [EMAIL PROTECTED] says:

 Because tot_len is signed in tcp_v6_send_ack(), tot_len/4 forces compiler
 to emit an integer divide, while we can help it to use a right shift,
 less expensive.

Are you really sure?
At least, gcc-4.1.2-20061115 (debian) does not make any difference.

And, IMHO, because shift for signed variable is fragile, so we should
avoid using it.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [TCP] IPV6 : Change a divide into a right shift in tcp_v6_send_ack()

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Fri, 21 Dec 2007 08:39:24 +0100), Eric 
Dumazet [EMAIL PROTECTED] says:

  Okay, anyway, I'll convert them to unsigned int, which is more
  appropriate.
 
 I didnt chose this path, because David was against changing some fields from 
 'int' to 'unsigned'. If you look in other parts of networking, we have many 
  
 1 or  2 already there.

I do think it is safe to convert them here.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[TCP]: Convert several length variable to unsigned.

[YOSHIFUJI Hideaki / 吉藤英明]

Several length variables cannot be negative, so convert int to
unsigned int.  This also allows us to do sane shift operations
on those variables.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--
diff --git a/include/net/tcp.h b/include/net/tcp.h
index cb5b033..f663a85 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1153,7 +1153,8 @@ extern int
tcp_v4_calc_md5_hash(char *md5_hash,
 struct dst_entry *dst,
 struct request_sock *req,
 struct tcphdr *th,
-int protocol, int tcplen);
+int protocol,
+unsigned int tcplen);
 extern struct tcp_md5sig_key   *tcp_v4_md5_lookup(struct sock *sk,
   struct sock *addr_sk);
 
@@ -1359,7 +1360,8 @@ struct tcp_sock_af_ops {
  struct dst_entry *dst,
  struct request_sock *req,
  struct tcphdr *th,
- int protocol, int len);
+ int protocol,
+ unsigned int len);
int (*md5_add) (struct sock *sk,
struct sock *addr_sk,
u8 *newkey,
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 652c323..601b4ca 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -99,7 +99,7 @@ static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct 
sock *sk,
 static int tcp_v4_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
   __be32 saddr, __be32 daddr,
   struct tcphdr *th, int protocol,
-  int tcplen);
+  unsigned int tcplen);
 #endif
 
 struct inet_hashinfo __cacheline_aligned tcp_hashinfo = {
@@ -1020,7 +1020,7 @@ static int tcp_v4_parse_md5_keys(struct sock *sk, char 
__user *optval,
 static int tcp_v4_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
   __be32 saddr, __be32 daddr,
   struct tcphdr *th, int protocol,
-  int tcplen)
+  unsinged int tcplen)
 {
struct scatterlist sg[4];
__u16 data_len;
@@ -1113,7 +1113,7 @@ int tcp_v4_calc_md5_hash(char *md5_hash, struct 
tcp_md5sig_key *key,
 struct dst_entry *dst,
 struct request_sock *req,
 struct tcphdr *th, int protocol,
-int tcplen)
+unsigned int tcplen)
 {
__be32 saddr, daddr;
 
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 93980c3..3b4169c 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -733,7 +733,7 @@ static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct 
tcp_md5sig_key *key,
   struct in6_addr *saddr,
   struct in6_addr *daddr,
   struct tcphdr *th, int protocol,
-  int tcplen)
+  unsigned int tcplen)
 {
struct scatterlist sg[4];
__u16 data_len;
@@ -818,7 +818,7 @@ static int tcp_v6_calc_md5_hash(char *md5_hash, struct 
tcp_md5sig_key *key,
struct dst_entry *dst,
struct request_sock *req,
struct tcphdr *th, int protocol,
-   int tcplen)
+   unsigned int tcplen)
 {
struct in6_addr *saddr, *daddr;
 
@@ -985,7 +985,7 @@ static void tcp_v6_send_reset(struct sock *sk, struct 
sk_buff *skb)
struct tcphdr *th = tcp_hdr(skb), *t1;
struct sk_buff *buff;
struct flowi fl;
-   int tot_len = sizeof(*th);
+   unsigned int tot_len = sizeof(*th);
 #ifdef CONFIG_TCP_MD5SIG
struct tcp_md5sig_key *key;
 #endif
@@ -1085,7 +1085,7 @@ static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
struct tcphdr *th = tcp_hdr(skb), *t1;
struct sk_buff *buff;
struct flowi fl;
-   int tot_len = sizeof(struct tcphdr);
+   unsigned int tot_len = sizeof(struct tcphdr);
__be32 *topt;
 #ifdef CONFIG_TCP_MD5SIG
struct tcp_md5sig_key *key;
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  

[GIT PULL] [NET]: Use {hton{s,l},cpu_to_be{16,32}}() where appropriate.

[YOSHIFUJI Hideaki / 吉藤英明]

Hello.

Please consider pulling the following changes from the branch
net-2.6-dev-20071214
available at
git://git.linux-ipv6.org/gitroot/yoshfuji/linux-2.6-dev.git
which is on top of your net-2.6-devel tree.

Regards,

---
HEADLINES
-

[BRIDGE]: Use cpu_to_be16() where appropriate.
[DECNET]: Use htons() where appropriate.
[IEEE80211]: Use htons() where appropriate.
[IPVS]: Use htons() where appropriate.
[IRDA]: Use htons() where appropriate.
[MAC80211]: Use htons() where appropriate.
[RXRPC]: Use cpu_to_be32() where appropriate.
[SUNRPC]: Use htonl() where appropriate.

DIFFSTAT


 net/bridge/br_input.c   |2 +-
 net/decnet/af_decnet.c  |2 +-
 net/decnet/dn_nsp_out.c |2 +-
 net/decnet/dn_route.c   |2 +-
 net/ieee80211/ieee80211_rx.c|4 ++--
 net/ipv4/ipvs/ip_vs_proto.c |2 +-
 net/ipv4/ipvs/ip_vs_proto_esp.c |   16 
 net/irda/iriap.c|2 +-
 net/mac80211/rx.c   |2 +-
 net/mac80211/wme.c  |2 +-
 net/rxrpc/ar-connection.c   |2 +-
 net/rxrpc/ar-input.c|4 ++--
 net/rxrpc/rxkad.c   |4 ++--
 net/sunrpc/xprtrdma/rpc_rdma.c  |6 +++---
 14 files changed, 26 insertions(+), 26 deletions(-)

CHANGESETS
--

commit 8979a93df4ca6b9b411296265ad3591d9f780569
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Wed Dec 12 03:51:03 2007 +0900

[BRIDGE]: Use cpu_to_be16() where appropriate.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 0ee79a7..255c00f 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -109,7 +109,7 @@ static inline int is_link_local(const unsigned char *dest)
 {
__be16 *a = (__be16 *)dest;
static const __be16 *b = (const __be16 *)br_group_address;
-   static const __be16 m = __constant_cpu_to_be16(0xfff0);
+   static const __be16 m = cpu_to_be16(0xfff0);
 
return ((a[0] ^ b[0]) | (a[1] ^ b[1]) | ((a[2] ^ b[2])  m)) == 0;
 }

---
commit c60e701fabb6c2371a9fab2aa6a71b00bfa3cc1d
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Wed Dec 12 03:51:49 2007 +0900

[DECNET]: Use htons() where appropriate.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index 57d5749..acd48ee 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -1904,7 +1904,7 @@ static inline struct sk_buff *dn_alloc_send_pskb(struct 
sock *sk,
struct sk_buff *skb = sock_alloc_send_skb(sk, datalen,
   noblock, errcode);
if (skb) {
-   skb-protocol = __constant_htons(ETH_P_DNA_RT);
+   skb-protocol = htons(ETH_P_DNA_RT);
skb-pkt_type = PACKET_OUTGOING;
}
return skb;
diff --git a/net/decnet/dn_nsp_out.c b/net/decnet/dn_nsp_out.c
index 7404653..1964faf 100644
--- a/net/decnet/dn_nsp_out.c
+++ b/net/decnet/dn_nsp_out.c
@@ -124,7 +124,7 @@ struct sk_buff *dn_alloc_skb(struct sock *sk, int size, 
gfp_t pri)
if ((skb = alloc_skb(size + hdr, pri)) == NULL)
return NULL;
 
-   skb-protocol = __constant_htons(ETH_P_DNA_RT);
+   skb-protocol = htons(ETH_P_DNA_RT);
skb-pkt_type = PACKET_OUTGOING;
 
if (sk)
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c
index 2d95cf1..20263d9 100644
--- a/net/decnet/dn_route.c
+++ b/net/decnet/dn_route.c
@@ -1551,7 +1551,7 @@ static int dn_cache_getroute(struct sk_buff *in_skb, 
struct nlmsghdr *nlh, void
kfree_skb(skb);
return -ENODEV;
}
-   skb-protocol = __constant_htons(ETH_P_DNA_RT);
+   skb-protocol = htons(ETH_P_DNA_RT);
skb-dev = dev;
cb-src = fl.fld_src;
cb-dst = fl.fld_dst;

---
commit 6a29ce9b3427655b4e54e64d156199262dc08078
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Wed Dec 12 03:52:26 2007 +0900

[IEEE80211]: Use htons() where appropriate.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c
index 21c0fad..13b12a6 100644
--- a/net/ieee80211/ieee80211_rx.c
+++ b/net/ieee80211/ieee80211_rx.c
@@ -45,7 +45,7 @@ static void ieee80211_monitor_rx(struct ieee80211_device 
*ieee,
skb_reset_mac_header(skb);
skb_pull(skb, ieee80211_get_hdrlen(fc));
skb-pkt_type = PACKET_OTHERHOST;
-   skb-protocol = __constant_htons(ETH_P_80211_RAW);
+   skb-protocol = htons(ETH_P_80211_RAW);
memset(skb-cb, 0, sizeof(skb-cb));
netif_rx(skb);
 }
@@ -800,7 +800,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct 
sk_buff *skb,
if (skb2 != NULL) {
/* send to wireless media */
skb2-dev = dev;

Re: ip neigh show not showing arp cache entries?

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Wed, 12 Dec 2007 15:57:08 -0600), Chris 
Friesen [EMAIL PROTECTED] says:

  You may try other versions of this command
  
  http://devresources.linux-foundation.org/dev/iproute2/download/
 
 They appear to be numbered by kernel version, and the above version is 
 the most recent one for 2.6.14.  Will more recent ones (for newer 
 kernels) work with my kernel?

It should work; if it doesn't, please make a report.  Thanks.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v2] XFRM: assorted IPsec fixups

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Tue, 11 Dec 2007 11:30:19 -0500), Paul Moore 
[EMAIL PROTECTED] says:

 diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
 index 5b860b6..e2a3dd1 100644
 --- a/net/xfrm/xfrm_state.c
 +++ b/net/xfrm/xfrm_state.c
:
 @@ -1994,67 +1995,59 @@ void __init xfrm_state_init(void)
  static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x,
  struct audit_buffer *audit_buf)
  {
 - if (x-security)
 - audit_log_format(audit_buf,  sec_alg=%u sec_doi=%u sec_obj=%s,
 -  x-security-ctx_alg, x-security-ctx_doi,
 -  x-security-ctx_str);
 + struct xfrm_sec_ctx *ctx = x-security;
 + u32 spi = ntohl(x-id.spi);
  
 - switch(x-props.family) {
 - case AF_INET:
 - audit_log_format(audit_buf,  src=%u.%u.%u.%u dst=%u.%u.%u.%u,
 -  NIPQUAD(x-props.saddr.a4),
 -  NIPQUAD(x-id.daddr.a4));
 - break;
 - case AF_INET6:
 - {
 - struct in6_addr saddr6, daddr6;
 -
 - memcpy(saddr6, x-props.saddr.a6,
 - sizeof(struct in6_addr));
 - memcpy(daddr6, x-id.daddr.a6,
 - sizeof(struct in6_addr));
 - audit_log_format(audit_buf,
 -   src= NIP6_FMT  dst= NIP6_FMT,
 -  NIP6(saddr6), NIP6(daddr6));
 - }
 - break;
 - }
 +if (ctx)
 +audit_log_format(audit_buf,  sec_alg=%u sec_doi=%u 
 sec_obj=%s,
 + ctx-ctx_alg, ctx-ctx_doi, ctx-ctx_str);
 +
 +switch(x-props.family) {
 +case AF_INET:
 +audit_log_format(audit_buf,
 +   src= NIPQUAD_FMT  dst= NIPQUAD_FMT,
 + NIPQUAD(x-props.saddr.a4),
 + NIPQUAD(x-id.daddr.a4));
 +break;
 +case AF_INET6:
 + audit_log_format(audit_buf,
 +   src= NIP6_FMT  dst= NIP6_FMT,
 +  NIP6(*(struct in6_addr *)x-props.saddr.a6),
 +  NIP6(*(struct in6_addr *)x-id.daddr.a6));
 +break;
 +}
 +
 + audit_log_format(audit_buf,  spi=%u(0x%x), spi, spi);
  }
  

Please do not mangle tabs into spaces.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] IPv6 support for NFS server

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Tue, 11 Dec 2007 19:00:08 +0100), Aurélien 
Charbon [EMAIL PROTECTED] says:

 --- linux-2.6.24-rc4/include/net/ipv6.h   2007-12-10 16:11:38.0 
 +0100
 +++ linux-2.6.24-rc4-IPv6-cache-based/include/net/ipv6.h  2007-12-11 
 17:52:39.0 +0100
 @@ -400,6 +400,15 @@ static inline int ipv6_addr_v4mapped(con
a-s6_addr32[2] == htonl(0x));
  }
  
 +static inline void ipv6_addr_set_v4mapped(const __be32 addr,
 +   struct in6_addr *v4mapped)
 +{
 + ipv6_addr_set(v4mapped,
 + 0, 0,
 + __constant_htonl(0x),
 + addr);
 +}
 +
  /*
   * find the first different bit between two addresses
   * length of address must be a multiple of 32bits

Use htonl() here, not __constant_htonl().

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] NETLINK : kzalloc() conversion

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Tue, 11 Dec 2007 06:40:18 +0100), Eric 
Dumazet [EMAIL PROTECTED] says:

 nl_pid_hash_alloc() is renamed to nl_pid_hash_zalloc().
 It is now returning zeroed memory to its callers.

I do think you do not need (and you should not) rename it
because XXX_zalloc() would imply we have raw XXX_alloc().

--yoshfuji

--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] [NET]: Remove unused mibalign argument for snmp_mib_init().

[YOSHIFUJI Hideaki / 吉藤英明]

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

---
diff --git a/include/net/ip.h b/include/net/ip.h
index 840dd91..7f18819 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -169,7 +169,7 @@ DECLARE_SNMP_STAT(struct linux_mib, net_statistics);
 #define NET_ADD_STATS_USER(field, adnd)
SNMP_ADD_STATS_USER(net_statistics, field, adnd)
 
 extern unsigned long snmp_fold_field(void *mib[], int offt);
-extern int snmp_mib_init(void *ptr[2], size_t mibsize, size_t mibalign);
+extern int snmp_mib_init(void *ptr[2], size_t mibsize);
 extern void snmp_mib_free(void *ptr[2]);
 
 extern void inet_get_local_port_range(int *low, int *high);
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index d2f22e7..afee63e 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1237,7 +1237,7 @@ unsigned long snmp_fold_field(void *mib[], int offt)
 }
 EXPORT_SYMBOL_GPL(snmp_fold_field);
 
-int snmp_mib_init(void *ptr[2], size_t mibsize, size_t mibalign)
+int snmp_mib_init(void *ptr[2], size_t mibsize)
 {
BUG_ON(ptr == NULL);
ptr[0] = __alloc_percpu(mibsize);
@@ -1291,32 +1291,25 @@ static struct net_protocol icmp_protocol = {
 static int __init init_ipv4_mibs(void)
 {
if (snmp_mib_init((void **)net_statistics,
- sizeof(struct linux_mib),
- __alignof__(struct linux_mib))  0)
+ sizeof(struct linux_mib))  0)
goto err_net_mib;
if (snmp_mib_init((void **)ip_statistics,
- sizeof(struct ipstats_mib),
- __alignof__(struct ipstats_mib))  0)
+ sizeof(struct ipstats_mib))  0)
goto err_ip_mib;
if (snmp_mib_init((void **)icmp_statistics,
- sizeof(struct icmp_mib),
- __alignof__(struct icmp_mib))  0)
+ sizeof(struct icmp_mib))  0)
goto err_icmp_mib;
if (snmp_mib_init((void **)icmpmsg_statistics,
- sizeof(struct icmpmsg_mib),
- __alignof__(struct icmpmsg_mib))  0)
+ sizeof(struct icmpmsg_mib))  0)
goto err_icmpmsg_mib;
if (snmp_mib_init((void **)tcp_statistics,
- sizeof(struct tcp_mib),
- __alignof__(struct tcp_mib))  0)
+ sizeof(struct tcp_mib))  0)
goto err_tcp_mib;
if (snmp_mib_init((void **)udp_statistics,
- sizeof(struct udp_mib),
- __alignof__(struct udp_mib))  0)
+ sizeof(struct udp_mib))  0)
goto err_udp_mib;
if (snmp_mib_init((void **)udplite_statistics,
- sizeof(struct udp_mib),
- __alignof__(struct udp_mib))  0)
+ sizeof(struct udp_mib))  0)
goto err_udplite_mib;
 
tcp_mib_init();
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index d9a59e0..9d4896f 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -257,16 +257,13 @@ static void addrconf_mod_timer(struct inet6_ifaddr *ifp,
 static int snmp6_alloc_dev(struct inet6_dev *idev)
 {
if (snmp_mib_init((void **)idev-stats.ipv6,
- sizeof(struct ipstats_mib),
- __alignof__(struct ipstats_mib))  0)
+ sizeof(struct ipstats_mib))  0)
goto err_ip;
if (snmp_mib_init((void **)idev-stats.icmpv6,
- sizeof(struct icmpv6_mib),
- __alignof__(struct icmpv6_mib))  0)
+ sizeof(struct icmpv6_mib))  0)
goto err_icmp;
if (snmp_mib_init((void **)idev-stats.icmpv6msg,
- sizeof(struct icmpv6msg_mib),
- __alignof__(struct icmpv6msg_mib))  0)
+ sizeof(struct icmpv6msg_mib))  0)
goto err_icmpmsg;
 
return 0;

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: 'default' vs. 'all'

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Sat, 08 Dec 2007 00:04:29 -0800 (PST)), 
David Miller [EMAIL PROTECTED] says:

 Herbert, Yoshifuji and I were just discussing the
 sysfs device attribute issue.
 
 It's seems sane to me that if we had some kind of
 'dirty' bit per attribute we could propagate default
 settings everywhere except where the dirty bit had
 been set.

One good event to propagate is the NETDEV_UP; if the dirty bit is
not set when the device is brought up, copy the default values to
the device.

Regards,

--yoshfuji @ Seattle
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][NET]: Finish removing unused mibalign argument for snmp_mib_init().

[YOSHIFUJI Hideaki / 吉藤英明]

Hello.

In article [EMAIL PROTECTED] (at Sat, 8 Dec 2007 15:55:34 -0200), Arnaldo 
Carvalho de Melo [EMAIL PROTECTED] says:

 Signed-off-by: Arnaldo Carvalho de Melo [EMAIL PROTECTED]
 
 diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
 index 5ab8ba7..90d2f72 100644
 --- a/net/ipv6/af_inet6.c
 +++ b/net/ipv6/af_inet6.c
 @@ -714,20 +714,19 @@ EXPORT_SYMBOL_GPL(ipv6_opt_accepted);
  
  static int __init init_ipv6_mibs(void)
  {
 - if (snmp_mib_init((void **)ipv6_statistics, sizeof (struct ipstats_mib),
 -   __alignof__(struct ipstats_mib))  0)
 + if (snmp_mib_init((void **)ipv6_statistics,
 +   sizeof(struct ipstats_mib))  0)
   goto err_ip_mib;

Oops... thanks.
Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 0/3][IPV6]: remove ifdef in route6 init/fini functions

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Fri, 07 Dec 2007 14:13:25 +0100), Daniel 
Lezcano [EMAIL PROTECTED] says:

 The route6 init function is a little difficult to read because it contains 
 a lot of ifdef. The patchset redefines the usual static inline functions when
 the code is to be disabled by configuration, so we can call the code without
 taking care of the config option in the init function.

Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] [IPV6] XFRM: Fix auditing rt6i_flags; use RTF_xxx flags instead of RTCF_xxx.

[YOSHIFUJI Hideaki / 吉藤英明]

RTCF_xxx flags, defined in include/linux/in_route.h) are available for
IPv4 route (rtable) entries only.  Use RTF_xxx flags instead,
defined in include/linux/ipv6_route.h, for IPv6 route entries (rt6_info).

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 82e27b8..b8e9eb4 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -233,7 +233,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct 
xfrm_state **xfrm, int
dst_prev-output = dst_prev-xfrm-outer_mode-afinfo-output;
/* Sheit... I remember I did this right. Apparently,
 * it was magically lost, so this code needs audit */
-   x-u.rt6.rt6i_flags= 
rt0-rt6i_flags(RTCF_BROADCAST|RTCF_MULTICAST|RTCF_LOCAL);
+   x-u.rt6.rt6i_flags= 
rt0-rt6i_flags(RTF_ANYCAST|RTF_LOCAL);
x-u.rt6.rt6i_metric   = rt0-rt6i_metric;
x-u.rt6.rt6i_node = rt0-rt6i_node;
x-u.rt6.rt6i_gateway  = rt0-rt6i_gateway;

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: XFRM and IPv6 raw sockets and multicast

[YOSHIFUJI Hideaki / 吉藤英明]

Hello.

In article [EMAIL PROTECTED] (at Tue, 4 Dec 2007 16:27:50 +0100), Hugo 
Santos [EMAIL PROTECTED] says:

   The behavior is the same as in UDP, but ipv6_pinfo-saddr is not
 usually set for these kind of sockets. I would say that if fl6_src is
 any, it should be copied from the ipv6 header.

What do you mean by ipv6 header?

   Another question is why does raw.c require a msg_name? If
 inet-hdrincl was set, it could use the ipv6 header destination
 address in the absense of msg_name.

I think hdrincl is broken (and even, say, deprecated) on IPv6.

If we do really support it, if hdcincl is set, XFRM and other
all extension header processes should be skipped, but they are
not very clear at all so far.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: XFRM and IPv6 raw sockets and multicast

[YOSHIFUJI Hideaki / 吉藤英明]

Hello.

In article [EMAIL PROTECTED] (at Tue, 4 Dec 2007 17:01:43 +0100), Hugo 
Santos [EMAIL PROTECTED] says:

  If we do really support it, if hdcincl is set, XFRM and other
  all extension header processes should be skipped, but they are
  not very clear at all so far.
 
   I understand how some users of IPPROTO_RAW would want xfrm to be
 skipped, but on the other hand i also see the interoperation between
 the two as useful, to for instance allowing a ESP tunnel to be used by
 such packets.

I do think all extension header, including fragment and/or XFRM, process
should be skipped if hdrincl is set.

--yoshfuji
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.5)

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu, 29 Nov 2007 21:29:40 +1100), Herbert Xu 
[EMAIL PROTECTED] says:

 On Mon, Nov 26, 2007 at 05:16:16PM +, Templin, Fred L wrote:
  From: Fred L. Templin [EMAIL PROTECTED]
  
  This patch includes support for the Intra-Site Automatic Tunnel
  Addressing Protocol (ISATAP) per RFC4214. It uses the SIT
  module, and is configured using extensions to the iproute2
  utility. The diffs are specific to the Linux 2.6.24-rc2 kernel
  distribution.
  
  This version includes the diff for ./include/linux/if.h which was
  missing in the v2.4 submission and is needed to make the
  patch compile. The patch has been installed, compiled and
  tested in a clean 2.6.24-rc2 kernel build area.
  
  Signed-off-by: Fred L. Templin [EMAIL PROTECTED]
 
 Sorry, the patch doesn't apply to net-2.6.25.
 
 $ git apply --check --whitespace=error-all ~/p
 Space in indent is followed by a tab.
 /home/gondolin/herbert/p:101:  %s: Disabled 
 Multicast RS\n,
 Space in indent is followed by a tab.
 /home/gondolin/herbert/p:216:   }
 Space in indent is followed by a tab.
 /home/gondolin/herbert/p:252:   printk(KERN_DEBUG 
 sit: nexthop == NULL\n);
 Space in indent is followed by a tab.
 /home/gondolin/herbert/p:254:   }
 fatal: corrupt patch at line 269
 $
 
 There seems to be a line missing at the end.  Please fix the white space
 errors and resend.

I've fixed up those errors.

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
Subject: [PATCH] IPv6: RFC4214 Support (v2.5)
Date: Mon, 26 Nov 2007 09:16:16 -0800
From: Fred L. Templin [EMAIL PROTECTED]

This patch includes support for the Intra-Site Automatic Tunnel
Addressing Protocol (ISATAP) per RFC4214. It uses the SIT
module, and is configured using extensions to the iproute2
utility. The diffs are specific to the Linux 2.6.24-rc2 kernel
distribution.

This version includes the diff for ./include/linux/if.h which was
missing in the v2.4 submission and is needed to make the
patch compile. The patch has been installed, compiled and
tested in a clean 2.6.24-rc2 kernel build area.

Signed-off-by: Fred L. Templin [EMAIL PROTECTED]
Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

---

diff --git a/include/linux/if.h b/include/linux/if.h
index 186070d..5c9d1fa 100644
--- a/include/linux/if.h
+++ b/include/linux/if.h
@@ -63,6 +63,7 @@
 #define IFF_MASTER_ALB 0x10/* bonding master, balance-alb. */
 #define IFF_BONDING0x20/* bonding master or slave  */
 #define IFF_SLAVE_NEEDARP 0x40 /* need ARPs for validation */
+#define IFF_ISATAP 0x80/* ISATAP interface (RFC4214)   */
 
 #define IF_GET_IFACE   0x0001  /* for querying only */
 #define IF_GET_PROTO   0x0002
diff --git a/include/linux/if_tunnel.h b/include/linux/if_tunnel.h
index 660b501..228eb4e 100644
--- a/include/linux/if_tunnel.h
+++ b/include/linux/if_tunnel.h
@@ -17,6 +17,9 @@
 #define GRE_FLAGS  __constant_htons(0x00F8)
 #define GRE_VERSION__constant_htons(0x0007)
 
+/* i_flags values for SIT mode */
+#defineSIT_ISATAP  0x0001
+
 struct ip_tunnel_parm
 {
charname[IFNAMSIZ];
diff --git a/include/linux/in.h b/include/linux/in.h
index 3975cbf..a8f00ca 100644
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -253,6 +253,14 @@ struct sockaddr_in {
 #define ZERONET(x) (((x)  htonl(0xff00)) == htonl(0x))
 #define LOCAL_MCAST(x) (((x)  htonl(0xFF00)) == htonl(0xE000))
 
+/* Special-Use IPv4 Addresses (RFC3330) */
+#define PRIVATE_10(x)  (((x)  htonl(0xff00)) == htonl(0x0A00))
+#define LINKLOCAL_169(x) (((x)  htonl(0x)) == htonl(0xA9FE))
+#define PRIVATE_172(x) (((x)  htonl(0xfff0)) == htonl(0xAC10))
+#define TEST_192(x)(((x)  htonl(0xff00)) == htonl(0xC200))
+#define ANYCAST_6TO4(x)(((x)  htonl(0xff00)) == htonl(0xC0586300))
+#define PRIVATE_192(x) (((x)  htonl(0x)) == htonl(0xC0A8))
+#define TEST_198(x)(((x)  htonl(0xfffe)) == htonl(0xC612))
 #endif
 
 #endif /* _LINUX_IN_H */
diff --git a/include/net/addrconf.h b/include/net/addrconf.h
index bccc2fe..c56827d 100644
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -17,6 +17,7 @@
 
 #define IPV6_MAX_ADDRESSES 16
 
+#include linux/in.h
 #include linux/in6.h
 
 struct prefix_info {
@@ -249,6 +250,24 @@ static inline int ipv6_addr_is_ll_all_routers(const struct 
in6_addr *addr)
addr-s6_addr32[3] == htonl(0x0002));
 }
 
+static inline int ipv6_isatap_eui64(u8 *eui, __be32 addr)
+{
+   eui[0] = (ZERONET(addr) || PRIVATE_10(addr) || LOOPBACK(addr) ||
+ LINKLOCAL_169(addr) || PRIVATE_172(addr) || TEST_192(addr) ||
+ ANYCAST_6TO4(addr) || PRIVATE_192(addr) || TEST_198(addr) ||
+ MULTICAST(addr) || BADCLASS(addr)) ? 0x00 : 

Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.5)

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Mon, 26 Nov 2007 09:16:16 -0800), Templin, 
Fred L [EMAIL PROTECTED] says:

 From: Fred L. Templin [EMAIL PROTECTED]
 
 This patch includes support for the Intra-Site Automatic Tunnel
 Addressing Protocol (ISATAP) per RFC4214. It uses the SIT
 module, and is configured using extensions to the iproute2
 utility. The diffs are specific to the Linux 2.6.24-rc2 kernel
 distribution.
 
 This version includes the diff for ./include/linux/if.h which was
 missing in the v2.4 submission and is needed to make the
 patch compile. The patch has been installed, compiled and
 tested in a clean 2.6.24-rc2 kernel build area.
 
 Signed-off-by: Fred L. Templin [EMAIL PROTECTED]
Acked-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

Note:
With linux-2.6:
| % patch -p1  /tmp/isatap.patch 
| patching file include/linux/if.h
| patching file include/linux/if_tunnel.h
| patching file include/linux/in.h
| patching file include/net/addrconf.h
| patching file net/ipv6/addrconf.c
| patching file net/ipv6/route.c
| Hunk #1 succeeded at 1660 (offset -8 lines).
| patching file net/ipv6/sit.c

With net-2.6.24:
| % patch -p1  /tmp/isatap.patch
| % patch -p1  /tmp/isatap.patch 
| patching file include/linux/if.h
| patching file include/linux/if_tunnel.h
| patching file include/linux/in.h
| patching file include/net/addrconf.h
| patching file net/ipv6/addrconf.c
| Hunk #1 succeeded at 378 (offset -1 lines).
| Hunk #2 succeeded at 1441 (offset -1 lines).
| Hunk #3 succeeded at 1479 (offset -1 lines).
| Hunk #4 succeeded at 2210 (offset -1 lines).
| patching file net/ipv6/route.c
| Hunk #1 succeeded at 1727 (offset 59 lines).
| patching file net/ipv6/sit.c

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC/PATCH] SO_NO_CHECK for IPv6

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Wed, 21 Nov 2007 07:45:32 -0500), Jeff 
Garzik [EMAIL PROTECTED] says:

 
 SO_NO_CHECK support for IPv6 appeared to be missing. This is presented,
 based on a reading of net/ipv4/udp.c.

Disagree. UDP checksum is mandatory in IPv6.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC/PATCH] SO_NO_CHECK for IPv6

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu, 22 Nov 2007 10:34:03 +0800), Herbert Xu 
[EMAIL PROTECTED] says:

 On Wed, Nov 21, 2007 at 07:17:40PM -0500, Jeff Garzik wrote:
 
  For those interested, I am dealing with a UDP app that already does very 
  strong checksumming and encryption, so additional software checksumming 
  at the lower layers is quite simply a waste of CPU cycles.  Hardware 
  checksumming is fine, as long as its free.
 
 No matter how strong your underlying checksumming is it's not
 going to protect the IPv6 header is it :)

In that sense, we should use AH.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

PATCH 1/4] [IPV4] TCPMD5: Omit redundant NULL check for kfree() argument.

[YOSHIFUJI Hideaki / 吉藤英明]

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 net/ipv4/tcp_ipv4.c |3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index e566f3c..ff36096 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -900,8 +900,7 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
   sizeof(*keys) * md5sig-entries4);
 
/* Free old key list, and reference new one */
-   if (md5sig-keys4)
-   kfree(md5sig-keys4);
+   kfree(md5sig-keys4);
md5sig-keys4 = keys;
md5sig-alloced4++;
}
-- 
1.4.4.4

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/4] [IPV4] TCPMD5: Use memmove() instead of memcpy() because we have overlaps.

[YOSHIFUJI Hideaki / 吉藤英明]

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 net/ipv4/tcp_ipv4.c |8 
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index ff36096..652c323 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -938,10 +938,10 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
tp-md5sig_info-alloced4 = 0;
} else if (tp-md5sig_info-entries4 != i) {
/* Need to do some manipulation */
-   memcpy(tp-md5sig_info-keys4[i],
-  tp-md5sig_info-keys4[i+1],
-  (tp-md5sig_info-entries4 - i) *
-   sizeof(struct tcp4_md5sig_key));
+   memmove(tp-md5sig_info-keys4[i],
+   tp-md5sig_info-keys4[i+1],
+   (tp-md5sig_info-entries4 - i) *
+sizeof(struct tcp4_md5sig_key));
}
tcp_free_md5sig_pool();
return 0;
-- 
1.4.4.4

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 3/4] [IPV6] TCPMD5: Check return value of tcp_alloc_md5sig_pool().

[YOSHIFUJI Hideaki / 吉藤英明]

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 net/ipv6/tcp_ipv6.c |5 -
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 3aad861..b1bfbdd 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -581,7 +581,10 @@ static int tcp_v6_md5_do_add(struct sock *sk, struct 
in6_addr *peer,
}
sk-sk_route_caps = ~NETIF_F_GSO_MASK;
}
-   tcp_alloc_md5sig_pool();
+   if (tcp_alloc_md5sig_pool() == NULL) {
+   kfree(newkey);
+   return -ENOMEM;
+   }
if (tp-md5sig_info-alloced6 == tp-md5sig_info-entries6) {
keys = kmalloc((sizeof (tp-md5sig_info-keys6[0]) *
   (tp-md5sig_info-entries6 + 1)), 
GFP_ATOMIC);
-- 
1.4.4.4

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 4/4] [IPV6] TCPMD5: Fix deleting key operation.

[YOSHIFUJI Hideaki / 吉藤英明]

Due to the bug, refcnt for md5sig pool was leaked when
an user try to delete a key if we have more than one key.
In addition to the leakage, we returned incorrect return
result value for userspace.

This fix should close Bug #9418, reported by [EMAIL PROTECTED].

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 net/ipv6/tcp_ipv6.c |6 ++
 1 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index b1bfbdd..93980c3 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -637,10 +637,6 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct 
in6_addr *peer)
kfree(tp-md5sig_info-keys6);
tp-md5sig_info-keys6 = NULL;
tp-md5sig_info-alloced6 = 0;
-
-   tcp_free_md5sig_pool();
-
-   return 0;
} else {
/* shrink the database */
if (tp-md5sig_info-entries6 != i)
@@ -649,6 +645,8 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct 
in6_addr *peer)
(tp-md5sig_info-entries6 - i)
* sizeof 
(tp-md5sig_info-keys6[0]));
}
+   tcp_free_md5sig_pool();
+   return 0;
}
}
return -ENOENT;
-- 
1.4.4.4

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.4)

[YOSHIFUJI Hideaki / 吉藤英明]

Hello.

I'll take care of this.

Regards,

--yoshfuji

In article [EMAIL PROTECTED] (at Tue, 20 Nov 2007 09:36:26 -0800), Templin, 
Fred L [EMAIL PROTECTED] says:

 From: Fred L. Templin [EMAIL PROTECTED]
 
 This patch includes support for the Intra-Site Automatic Tunnel
 Addressing Protocol (ISATAP) per RFC4214. It uses the SIT
 module, and is configured using extensions to the iproute2
 utility. The diffs are specific to the Linux 2.6.24-rc2 kernel
 distribution.
 
 This version reflects changes based on netdev list discussions
 on 11/14/07 thru 11/15/07. It does away with in-the-kernel RS/RA
 pinging and now asks that the task be performed by an application.
 The application will essentially entail a port of the FreeBSD 'rtsold'
 daemon, and will use the standard socket API.
 
 Signed-off-by: Fred L. Templin [EMAIL PROTECTED]
 
 ---
 
 --- linux-2.6.24-rc2/include/linux/if_tunnel.h.orig   2007-11-19 
 03:54:12.0 -0800
 +++ linux-2.6.24-rc2/include/linux/if_tunnel.h2007-11-19 
 03:55:58.0 -0800
 @@ -17,6 +17,9 @@
  #define GRE_FLAGS__constant_htons(0x00F8)
  #define GRE_VERSION  __constant_htons(0x0007)
  
 +/* i_flags values for SIT mode */
 +#define  SIT_ISATAP  0x0001
 +
  struct ip_tunnel_parm
  {
   charname[IFNAMSIZ];
 --- linux-2.6.24-rc2/include/linux/in.h.orig  2007-11-09 08:00:32.0 
 -0800
 +++ linux-2.6.24-rc2/include/linux/in.h   2007-11-12 07:37:05.0 
 -0800
 @@ -253,6 +253,14 @@ struct sockaddr_in {
  #define ZERONET(x)   (((x)  htonl(0xff00)) == htonl(0x))
  #define LOCAL_MCAST(x)   (((x)  htonl(0xFF00)) == htonl(0xE000))
  
 +/* Special-Use IPv4 Addresses (RFC3330) */
 +#define PRIVATE_10(x)(((x)  htonl(0xff00)) == htonl(0x0A00))
 +#define LINKLOCAL_169(x) (((x)  htonl(0x)) == htonl(0xA9FE))
 +#define PRIVATE_172(x)   (((x)  htonl(0xfff0)) == htonl(0xAC10))
 +#define TEST_192(x)  (((x)  htonl(0xff00)) == htonl(0xC200))
 +#define ANYCAST_6TO4(x)  (((x)  htonl(0xff00)) == htonl(0xC0586300))
 +#define PRIVATE_192(x)   (((x)  htonl(0x)) == htonl(0xC0A8))
 +#define TEST_198(x)  (((x)  htonl(0xfffe)) == htonl(0xC612))
  #endif
  
  #endif   /* _LINUX_IN_H */
 --- linux-2.6.24-rc2/include/net/addrconf.h.orig  2007-11-08 
 12:06:17.0 -0800
 +++ linux-2.6.24-rc2/include/net/addrconf.h   2007-11-19 05:47:48.0 
 -0800
 @@ -17,6 +17,7 @@
  
  #define IPV6_MAX_ADDRESSES   16
  
 +#include linux/in.h
  #include linux/in6.h
  
  struct prefix_info {
 @@ -241,6 +242,24 @@ static inline int ipv6_addr_is_ll_all_ro
   addr-s6_addr32[3] == htonl(0x0002));
  }
  
 +static inline int ipv6_isatap_eui64(u8 *eui, __be32 addr)
 +{
 + eui[0] = (ZERONET(addr) || PRIVATE_10(addr) || LOOPBACK(addr) ||
 +   LINKLOCAL_169(addr) || PRIVATE_172(addr) || TEST_192(addr) ||
 +   ANYCAST_6TO4(addr) || PRIVATE_192(addr) || TEST_198(addr) ||
 +   MULTICAST(addr) || BADCLASS(addr)) ? 0x00 : 0x02;
 + eui[1] = 0;
 + eui[2] = 0x5E;
 + eui[3] = 0xFE;
 + memcpy (eui+4, addr, 4);
 + return 0;
 +}
 +
 +static inline int ipv6_addr_is_isatap(const struct in6_addr *addr)
 +{
 + return ((addr-s6_addr32[2] | htonl(0x0200)) == htonl(0x02005EFE));
 +}
 +
  #ifdef CONFIG_PROC_FS
  extern int if6_proc_init(void);
  extern void if6_proc_exit(void);
 --- linux-2.6.24-rc2/net/ipv6/addrconf.c.orig 2007-11-19 03:43:06.0 
 -0800
 +++ linux-2.6.24-rc2/net/ipv6/addrconf.c  2007-11-19 13:29:36.0 
 -0800
 @@ -379,6 +379,13 @@ static struct inet6_dev * ipv6_add_dev(s
  %s: Disabled Privacy Extensions\n,
  dev-name);
   ndev-cnf.use_tempaddr = -1;
 +
 + if (dev-type == ARPHRD_SIT  (dev-priv_flags  IFF_ISATAP)) {
 + printk(KERN_INFO
 +%s: Disabled Multicast RS\n,
 +dev-name);
 + ndev-cnf.rtr_solicits = 0;
 + }
   } else {
   in6_dev_hold(ndev);
   ipv6_regen_rndid((unsigned long) ndev);
 @@ -1435,6 +1442,9 @@ static int ipv6_generate_eui64(u8 *eui, 
   return addrconf_ifid_arcnet(eui, dev);
   case ARPHRD_INFINIBAND:
   return addrconf_ifid_infiniband(eui, dev);
 + case ARPHRD_SIT:
 + if (dev-priv_flags  IFF_ISATAP)
 + return ipv6_isatap_eui64(eui, *(__be32 *)dev-dev_addr);
   }
   return -1;
  }
 @@ -1470,7 +1480,7 @@ regen:
*
*  - Reserved subnet anycast (RFC 2526)
*  1101 1111 1xxx
 -  *  - ISATAP (draft-ietf-ngtrans-isatap-13.txt) 5.1
 +  *  - ISATAP (RFC4214) 6.1
*  00-00-5E-FE-xx-xx-xx-xx
*  - value 0
*  - XXX: already assigned to an address on the device
 @@ -2201,6 +2211,16 @@ static void 

Re: [PATCH 6/6 net-2.6.25][RAW] Consolidate proc interface

[YOSHIFUJI Hideaki / 吉藤英明]

NAK.

In article [EMAIL PROTECTED] (at Fri, 16 Nov 2007 17:19:27 +0300), Pavel 
Emelyanov [EMAIL PROTECTED] says:

 @@ -858,7 +852,7 @@ static struct sock *raw_get_first(struct seq_file *seq)
   ++state-bucket) {
   struct hlist_node *node;
  
 - sk_for_each(sk, node, raw_v4_hashinfo.ht[state-bucket])
 + sk_for_each(sk, node, state-h-ht[state-bucket])
   if (sk-sk_family == PF_INET)
   goto found;
   }

This and

 -static struct sock *raw6_get_first(struct seq_file *seq)
 -{
 - struct sock *sk;
 - struct hlist_node *node;
 - struct raw6_iter_state* state = raw6_seq_private(seq);
 -
 - for (state-bucket = 0; state-bucket  RAW_HTABLE_SIZE;
 - ++state-bucket)
 - sk_for_each(sk, node, raw_v6_hashinfo.ht[state-bucket])
 - if (sk-sk_family == PF_INET6)
 - goto out;
 - sk = NULL;
 -out:
 - return sk;
 -}
 -

this are different.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.2)

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Wed, 14 Nov 2007 22:44:17 -0800), Templin, 
Fred L [EMAIL PROTECTED] says:

 --- linux-2.6.24-rc2/net/ipv6/addrconf.c.orig 2007-11-08 11:59:35.0 
 -0800
 +++ linux-2.6.24-rc2/net/ipv6/addrconf.c  2007-11-14 22:17:28.0 
 -0800
 @@ -1424,6 +1424,21 @@ static int addrconf_ifid_infiniband(u8 *
   return 0;
  }
  
 +static int addrconf_ifid_isatap(u8 *eui, __be32 addr)
 +{
 +
 + eui[0] = 0x02; eui[1] = 0; eui[2] = 0x5E; eui[3] = 0xFE;
 + memcpy (eui+4, addr, 4);
 +
 + if (ZERONET(addr) || PRIVATE_10(addr) || LOOPBACK(addr) ||
 + LINKLOCAL_169(addr) || PRIVATE_172(addr) || TEST_192(addr) ||
 + ANYCAST_6TO4(addr) || PRIVATE_192(addr) || TEST_198(addr) ||
 + MULTICAST(addr) || BADCLASS(addr))
 + eui[0] = ~0x02;
 +
 + return 0;
 +}
 +
  static int ipv6_generate_eui64(u8 *eui, struct net_device *dev)
  {
   switch (dev-type) {

{
  eui[0] = (ZERONET(addr) || PRIVATE_10(addr) || LOOPBACK(addr) ||
LINKLOCAL_169(addr) || PRIVATE_172(addr) || TEST_192(addr) ||
ANYCAST_6TO4(addr) || PRIVATE_192(addr) || TEST_198(addr) ||
MULTICAST(addr) || BADCLASS(addr)) ? 0 : 2;
  eui[1] = 0;
  eui[2] = 0x5E;
  eui[3] = 0xFE;
  memcpy (eui+4, addr, 4);
}


 @@ -2167,7 +2185,8 @@ static void addrconf_dev_config(struct n
   (dev-type != ARPHRD_FDDI) 
   (dev-type != ARPHRD_IEEE802_TR) 
   (dev-type != ARPHRD_ARCNET) 
 - (dev-type != ARPHRD_INFINIBAND)) {
 + (dev-type != ARPHRD_INFINIBAND) 
 + !(dev-priv_flags  IFF_ISATAP)) {
   /* Alas, we support only Ethernet autoconfiguration. */
   return;
   }

Because priv_flags are local to device type, you need to check dev-type:
(dev-type == ARPHRD_SIT  !(dev-priv_flags  IFF_ISATAP))
or something like this.


 + struct ip_tunnel *t  = netdev_priv(ifp-idev-dev);
 + if (t-parms.i_key != INADDR_NONE) {
 + spin_lock(ifp-lock);

I guess INADDR_ANY.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.2)

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Wed, 14 Nov 2007 22:44:17 -0800), Templin, 
Fred L [EMAIL PROTECTED] says:

 From: Fred L. Templin [EMAIL PROTECTED]
 
 This patch includes support for the Intra-Site Automatic Tunnel
 Addressing Protocol (ISATAP) per RFC4214. It uses the SIT
 module, and is configured using extensions to the iproute2
 utility.
 
 The following diffs are specific to the Linux 2.6.24-rc2 kernel
 distribution. This message includes the full and patchable diff text;
 please use this version to apply patches.
 
 Signed-off-by: Fred L. Templin [EMAIL PROTECTED]

BTW, how will we handle DNS name (and TTL) and/or multiple PRL entries 
in RFC4214?

I'm doubting if we really need to handle PRL refresh in kernel.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.2)

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu, 15 Nov 2007 10:11:16 -0800), Templin, 
Fred L [EMAIL PROTECTED] says:

 Yoshifuji, 
 
  -Original Message-
  From: YOSHIFUJI Hideaki / 吉藤英明 [mailto:[EMAIL PROTECTED] 
  Sent: Thursday, November 15, 2007 3:48 AM
  To: Templin, Fred L
  Cc: netdev@vger.kernel.org; [EMAIL PROTECTED]; 
  [EMAIL PROTECTED]
  Subject: Re: [PATCH 01/01] ipv6: RFC4214 Support (v2.2)
  
  In article 
  [EMAIL PROTECTED]
  eing.com (at Wed, 14 Nov 2007 22:44:17 -0800), Templin, 
  Fred L [EMAIL PROTECTED] says:
  
   From: Fred L. Templin [EMAIL PROTECTED]
   
   This patch includes support for the Intra-Site Automatic Tunnel
   Addressing Protocol (ISATAP) per RFC4214. It uses the SIT
   module, and is configured using extensions to the iproute2
   utility.
   
   The following diffs are specific to the Linux 2.6.24-rc2 kernel
   distribution. This message includes the full and patchable 
  diff text;
   please use this version to apply patches.
   
   Signed-off-by: Fred L. Templin [EMAIL PROTECTED]
  
  BTW, how will we handle DNS name (and TTL) and/or multiple PRL entries 
  in RFC4214?
  
  I'm doubting if we really need to handle PRL refresh in kernel.
 
 DNS name and PRL refresh are done in a daemon that either exec's
 'ip' or issues the device ioctl's directly. When there are multiple default
 router IPv4 addresses, the daemon picks one as the primary and writes
 it to the kernel. It can then change to a different primary later if it wants
 to. Also possible is something like VRRP to allow several routers for
 fault tolerance even though there is only a single default router address. 

Why?  All PRLs should be installed in kernel so that standard router 
selection can be used.  For this, I think we should have just one
isatap interface per set of PRLs provideing virtual link,
especially if each of them provides the same prefix.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 05/25] NFS: eliminate NIPQUAD(clp-cl_addr.sin_addr)

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Tue, 13 Nov 2007 13:31:27 -0500), Chuck 
Lever [EMAIL PROTECTED] says:

  clp-rpc_ops-version,
 -NIPQUAD(clp-cl_addr.sin_addr),
 -ntohs(clp-cl_addr.sin_port),
 +rpc_peeraddr2str(clp-cl_rpcclient, RPC_DISPLAY_HEX_ADDR),
 +rpc_peeraddr2str(clp-cl_rpcclient, RPC_DISPLAY_HEX_PORT),
  atomic_read(clp-cl_count),

Is this really safe?

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[GIT PULL] RFC3484 Configurable Policy Table.

[YOSHIFUJI Hideaki / 吉藤英明]

David,

Please consider pulling from
inet6-2.6.25
branch at
git://git.linux-ipv6.org/gitroot/yoshfuji/linux-2.6-dev.git
which contains the following commits on top of your net-2.6.25 tree.

Regards,

--

HEADLINES
-

[IPV6] ADDRCONF: Rename ipv6_saddr_label() to ipv6_addr_label().
[IPV6] ADDRCONF: Allow address selection policy with ifindex.
[IPV6] ADDRCONF: Support RFC3484 configurable address selection policy 
table.

DIFFSTAT


 include/linux/if_addrlabel.h |   32 ++
 include/linux/rtnetlink.h|7 +
 include/net/addrconf.h   |8 +
 net/ipv6/Makefile|1 
 net/ipv6/addrconf.c  |   50 +---
 net/ipv6/addrlabel.c |  551 ++
 6 files changed, 616 insertions(+), 33 deletions(-)

CHANGESETS
--

commit d4e85a45763d572e39f3c040253a4d7b45ca67aa
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Wed Nov 14 15:55:29 2007 +0900

[IPV6] ADDRCONF: Rename ipv6_saddr_label() to ipv6_addr_label().

This patch renames ipv6_saddr_label() to ipv6_addr_label() because
address label is used for both of source address and destination
address.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index f825b92..a30f4e3 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -875,7 +875,7 @@ static inline int ipv6_saddr_preferred(int type)
 }
 
 /* static matching label */
-static inline int ipv6_saddr_label(const struct in6_addr *addr, int type)
+static inline int ipv6_addr_label(const struct in6_addr *addr, int type)
 {
  /*
   *prefix (longest match)  label
@@ -910,7 +910,7 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
struct inet6_ifaddr *ifa_result = NULL;
int daddr_type = __ipv6_addr_type(daddr);
int daddr_scope = __ipv6_addr_src_scope(daddr_type);
-   u32 daddr_label = ipv6_saddr_label(daddr, daddr_type);
+   u32 daddr_label = ipv6_addr_label(daddr, daddr_type);
struct net_device *dev;
 
memset(hiscore, 0, sizeof(hiscore));
@@ -1083,11 +1083,13 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
 
/* Rule 6: Prefer matching label */
if (hiscore.rule  6) {
-   if (ipv6_saddr_label(ifa_result-addr, 
hiscore.addr_type) == daddr_label)
+   if (ipv6_addr_label(ifa_result-addr,
+   hiscore.addr_type) == 
daddr_label)
hiscore.attrs |= IPV6_SADDR_SCORE_LABEL;
hiscore.rule++;
}
-   if (ipv6_saddr_label(ifa-addr, score.addr_type) == 
daddr_label) {
+   if (ipv6_addr_label(ifa-addr,
+   score.addr_type) == daddr_label) {
score.attrs |= IPV6_SADDR_SCORE_LABEL;
if (!(hiscore.attrs  IPV6_SADDR_SCORE_LABEL)) {
score.rule = 6;

---
commit 010ae4d3b1209c724050f10e1832fd8a54d40ef2
Author: YOSHIFUJI Hideaki [EMAIL PROTECTED]
Date:   Wed Nov 14 15:56:15 2007 +0900

[IPV6] ADDRCONF: Allow address selection policy with ifindex.

Think patch allows ifindex to be a key for address selection policy table.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index a30f4e3..0076010 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -875,7 +875,8 @@ static inline int ipv6_saddr_preferred(int type)
 }
 
 /* static matching label */
-static inline int ipv6_addr_label(const struct in6_addr *addr, int type)
+static inline int ipv6_addr_label(const struct in6_addr *addr, int type,
+ int ifindex)
 {
  /*
   *prefix (longest match)  label
@@ -910,7 +911,8 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
struct inet6_ifaddr *ifa_result = NULL;
int daddr_type = __ipv6_addr_type(daddr);
int daddr_scope = __ipv6_addr_src_scope(daddr_type);
-   u32 daddr_label = ipv6_addr_label(daddr, daddr_type);
+   int daddr_ifindex = daddr_dev ? daddr_dev-ifindex : 0;
+   u32 daddr_label = ipv6_addr_label(daddr, daddr_type, daddr_ifindex);
struct net_device *dev;
 
memset(hiscore, 0, sizeof(hiscore));
@@ -1084,12 +1086,14 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
/* Rule 6: Prefer matching label */
if (hiscore.rule  6) {
if (ipv6_addr_label(ifa_result-addr,
-   hiscore.addr_type) == 
daddr_label)
+   hiscore.addr_type,
+   
ifa_result-idev-dev-ifindex) == 

Re: [patch 1/1][NETNS][IPV6] protect addrconf from loopback registration

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Mon, 12 Nov 2007 12:50:53 -0700), [EMAIL 
PROTECTED] (Eric W. Biederman) says:

 My opinion is that both your analysis is slightly off (as to the cause
 of your problems) and that your approach to fix your problem is wrong
 because you don't untangle the knot you keep it.
:
 I have register_pernet_subsys and register_per_net_device to ensure
 that when we create a new network namespace all of the subsystems are
 initialized before the network devices are initialize.  So ipv6 should
 be ready before we initialize the new loopback device comes into
 existence.

User may not load ipv6.ko at boot, and then do modprobe ipv6.
Do you take this into account?

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: UDP-Lite and /proc/net/snmp

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Sat, 10 Nov 2007 21:14:29 +0800), Herbert Xu 
[EMAIL PROTECTED] says:

 It looks like the addition of UDP-Lite has upset netstat:
 
 $ netstat -s
 Ip:
:
 Udp:
 30 packets received
 0 packets to unknown port received.
 0 packet receive errors
 17 packets sent
 UdpLite:
 error parsing /proc/net/snmp: Success
 $
 
 Should we remove it again or let it stay this time?

Hmm?  netstat 1.42 (net-tools 1.60) seems fine.
Which netstat are you using?

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: UDP-Lite and /proc/net/snmp

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Sat, 10 Nov 2007 22:33:25 +0800), Herbert Xu 
[EMAIL PROTECTED] says:

 On Sat, Nov 10, 2007 at 10:32:43PM +0900, YOSHIFUJI Hideaki / 吉藤英明 wrote:
 
  Hmm?  netstat 1.42 (net-tools 1.60) seems fine.
  Which netstat are you using?
 
 The one from Debian etch:

Hmm. netstat -s from etch (i386) and etch (x86_64) work
fine for me.  Same version, same architecture.  Strange...

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 05/05] ipv6: RFC4214 Support (3)

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Fri, 09 Nov 2007 16:35:59 -0800), osprey67 
[EMAIL PROTECTED] says:

 --- linux-2.6.24-rc2/include/linux/if_tunnel.h.orig   2007-11-09 
 09:06:16.0 -0800
 +++ linux-2.6.24-rc2/include/linux/if_tunnel.h2007-11-09 
 15:49:54.0 -0800
 @@ -25,6 +25,8 @@ struct ip_tunnel_parm
   __be16  o_flags;
   __be32  i_key;
   __be32  o_key;
 + __be32  router;
 + __be32  lifetime;
   struct iphdriph;
  };
  

No, you cannot simply change this.
If you change ioctl structure, you need to change
constants for SIOC{GET,ADD,CHG,DEL}TUNNEL.
Rename ole ones to OSIOxxx and assign new values.

If possible, new iproute2 should work with old kernels, and
old iproute2 should work with new kernels (without new features).

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 04/05] ipv6: RFC4214 Support

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Wed, 7 Nov 2007 11:12:47 -0800), Templin, 
Fred L [EMAIL PROTECTED] says:

   The goal was to avoid requiring changes to applications such as
   'iproute2', i.e., the intention was for a standalone code 
  insertion point
   within the kernel itself. What do you suggest?
  
  Agreed, magic names are evil.
  
  Change iproute2 utilities, if it is more logical for administration.
 
 This being an experimental release, I would prefer to go
 forward with a standalone kernel solution for the first
 iteration then come back with the iproute2 changes at a
 later time. IMHO, we should only touch iproute2 once, and
 it should be an architected solution - not just a quick
 hack. For the short term, timeliness of interoperability testing
 with the other major OS's should be the highest priority, IMHO.

Hmm, what is missing from API POV?

Since even if you do not change iproute2 now, users may need
to change their configuration script twice anyway, we should
be careful.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 02/05] ipv6: RFC4214 Support (2)

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu, 08 Nov 2007 12:41:39 -0800), osprey67 
[EMAIL PROTECTED] says:

 From: Fred L. Templin [EMAIL PROTECTED]
 
 This is experimental support for the Intra-Site Automatic
 Tunnel Addressing Protocol (ISATAP) per RFC4214. It uses
 the SIT module, and is configured using the unmodified
 ip utility with device names beginning with: isatap.
 
 The following diffs are specific to the Linux 2.6.24-rc2
 kernel distribution.
 
 Signed-off-by: Fred L. Templin [EMAIL PROTECTED]

Hmm...tabs are still mangled, and it's better to have your
official address.  Anyway...

 --- linux-2.6.24-rc2/include/net/addrconf.h.orig2007-11-08 
 12:06:17.0 -0800
 +++ linux-2.6.24-rc2/include/net/addrconf.h 2007-11-08 08:27:24.0 
 -0800
 @@ -241,6 +241,37 @@ static inline int ipv6_addr_is_ll_all_ro
  addr-s6_addr32[3] == htonl(0x0002));
   }
 
 +#if defined(CONFIG_IPV6_ISATAP)
 +static inline int ipv6_isatap_eui64(u8 *eui, __be32 addr)
 +{
 +
 +   /* RFC3330 Special-Use IPv4 Addresses */
 +   eui[0] = (((addr  htonl(0xFF00)) == htonl(0x)) ||
 + ((addr  htonl(0xFF00)) == htonl(0x0A00)) ||
 + ((addr  htonl(0xFF00)) == htonl(0x0D00)) ||
 + ((addr  htonl(0xFF00)) == htonl(0x1800)) ||
 + ((addr  htonl(0xFF00)) == htonl(0x7F00)) ||
 + ((addr  htonl(0x)) == htonl(0xA9FE)) ||
 + ((addr  htonl(0xFFF0)) == htonl(0xAC10)) ||
 + ((addr  htonl(0xFF00)) == htonl(0xC200)) ||
 + ((addr  htonl(0xFF00)) == htonl(0xC0586300)) ||
 + ((addr  htonl(0x)) == htonl(0xC0A8)) ||
 + ((addr  htonl(0xFFFE)) == htonl(0xC612)) ||
 + ((addr  htonl(0xF000)) == htonl(0xE000)) ||
 + ((addr  htonl(0xF000)) == htonl(0xF000))) ?
 +   0x00 : 0x02;
 +
 +   eui[1] = 0; eui[2] = 0x5E; eui[3] = 0xFE;
 +   memcpy (eui+4, addr, 4);
 +   return 0;
 +}
 +

Please put this function in net/ipv6/addrconf.c as addrconf_ifid_isatap().

Please use MULTICAST, LOCALNET etc. (and probaly introduce new macro
for others).  IMHO, it's better to add a comment for each entry, e.g.,
MULTICAST(addr) ||  /* 224.0.0.0/4 */
instead of
((addr  htonl(0xF000)) == htonl(0xE000)) ||

 +static inline int ipv6_addr_is_isatap(const struct in6_addr *addr)
 +{
 +   return ((addr-s6_addr32[2] | htonl(0x0200)) == 
 htonl(0x02005EFE));
 +}
 +#endif
 +

ipv6_addr_isatap(), maybe (to align with ipv6_addr_any() etc.).

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 02/05] ipv6: RFC4214 Support

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Wed, 7 Nov 2007 10:24:50 -0800), Templin, 
Fred L [EMAIL PROTECTED] says:

  
 
  -Original Message-
  From: YOSHIFUJI Hideaki / 吉藤英明 [mailto:[EMAIL PROTECTED] 
  Sent: Wednesday, November 07, 2007 10:12 AM
  To: [EMAIL PROTECTED]
  Cc: Templin, Fred L; netdev@vger.kernel.org; [EMAIL PROTECTED]
  Subject: Re: [PATCH 02/05] ipv6: RFC4214 Support
  
  Hello.
  
  In article [EMAIL PROTECTED] (at Wed, 7 
  Nov 2007 16:58:59 +0100), Ingo Oeser [EMAIL PROTECTED] says:
  
+   eui[0] = 0;
+
+   /* Check for RFC3330 global address ranges */
+   if (((ipv4 = 0x0100)  (ipv4  0x0a00)) ||
+   ((ipv4 = 0x0b00)  (ipv4  0x7f00)) ||
+   ((ipv4 = 0x8000)  (ipv4  0xa9fe)) ||
+   ((ipv4 = 0xa9ff)  (ipv4  0xac10)) ||
+   ((ipv4 = 0xac20)  (ipv4  0xc0a8)) ||
+   ((ipv4 = 0xc0a9)  (ipv4  0xc612)) ||
+   ((ipv4 = 0xc614)  (ipv4  0xe000))) eui[0] |=
0x2;
+
   
   Instead of converting network to host byte order at runtime 
   and comparing the results to constants, let the compiler convert
   the constants to network byte order and compare in network order.
   
   so use:
   
if (((*addr = htonl(0x0100))  (*addr  
  htonl(0x0a00))) || 
   
   instead. The compiler will notice that 0x0100 is a 
  constant and will
   use _constant_htonl() automatically.
  
  No, you cannot do this.
  When you check the range, you need to use host-byte order.
 
 I think the original poster was correct on this one; the addr comes
 in in network byte order, and the constants are depicted in host
 byte order. So, the suggested fix was to have htonl(const) to make
 all of the constants into network byte order while leaving addr
 alone.

I don't understand.

For example, 1.0.0.11 is valid IPv4 global address.
In little-endian, this is not in the range of
0x0001 = addr = 0x000a (addr is 0x0b01).

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 02/05] ipv6: RFC4214 Support

[YOSHIFUJI Hideaki / 吉藤英明]

Hello.

In article [EMAIL PROTECTED] (at Wed, 7 Nov 2007 16:58:59 +0100), Ingo Oeser 
[EMAIL PROTECTED] says:

  +   eui[0] = 0;
  +
  +   /* Check for RFC3330 global address ranges */
  +   if (((ipv4 = 0x0100)  (ipv4  0x0a00)) ||
  +   ((ipv4 = 0x0b00)  (ipv4  0x7f00)) ||
  +   ((ipv4 = 0x8000)  (ipv4  0xa9fe)) ||
  +   ((ipv4 = 0xa9ff)  (ipv4  0xac10)) ||
  +   ((ipv4 = 0xac20)  (ipv4  0xc0a8)) ||
  +   ((ipv4 = 0xc0a9)  (ipv4  0xc612)) ||
  +   ((ipv4 = 0xc614)  (ipv4  0xe000))) eui[0] |=
  0x2;
  +
 
 Instead of converting network to host byte order at runtime 
 and comparing the results to constants, let the compiler convert
 the constants to network byte order and compare in network order.
 
 so use:
 
  if (((*addr = htonl(0x0100))  (*addr  htonl(0x0a00))) || 
 
 instead. The compiler will notice that 0x0100 is a constant and will
 use _constant_htonl() automatically.

No, you cannot do this.
When you check the range, you need to use host-byte order.

  +
  +static inline int ipv6_addr_is_isatap(const struct in6_addr *addr)
  +{
  +   return (addr-s6_addr32[2] == __constant_htonl(0x02005EFE) ||
  +   addr-s6_addr32[2] == __constant_htonl(0x5EFE));
  +}
  +#endif
 
 The compiler will notice that 0x0100 is a constant and will
 use _constant_htonl() automatically. Please use simply htonl().

Right.  And, maybe, you can write as follows:
return ((addr-s6_addr32[2] | htonl(0x0200)) == htonl(0x02005EFE));

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 04/05] ipv6: RFC4214 Support

[YOSHIFUJI Hideaki / 吉藤英明]

Hello.

In article [EMAIL PROTECTED] (at Tue, 6 Nov 2007 17:16:11 -0800), Templin, 
Fred L [EMAIL PROTECTED] says:

 @@ -154,6 +155,14 @@ static struct ip_tunnel * ipip6_tunnel_l
   struct net_device *dev;
   char name[IFNAMSIZ];
  
 +#if defined(CONFIG_IPV6_ISATAP)
 + /* ISATAP (RFC4214) - router address in daddr */
 + if (!strncmp(parms-name, isatap, 6)) {
 + parms-i_key = parms-iph.daddr;
 + parms-iph.daddr = remote = 0;
 + }
 +#endif
 +
   for (tp = __ipip6_bucket(parms); (t = *tp) != NULL; tp =
 t-next) {
   if (local == t-parms.iph.saddr  remote ==
 t-parms.iph.daddr)
   return t;

I do not think it is a good idea to change the behavior based on
the interface name.

 @@ -182,6 +191,11 @@ static struct ip_tunnel * ipip6_tunnel_l
   dev-init = ipip6_tunnel_init;
   nt-parms = *parms;
  
 +#if defined(CONFIG_IPV6_ISATAP)
 + if (!strncmp(dev-name, isatap, 6))
 + dev-priv_flags |= IFF_ISATAP;
 +#endif
 +

ditto.

 + if (!(ipv6_addr_is_isatap(addr6)) ||
 + (addr6-s6_addr32[3] != iph-saddr)) {
 +drop:
 + tunnel-stat.rx_errors++;

you can unlock here.

 + dst_release(dst);
 + kfree_skb(skb);
 + read_unlock(ipip6_lock);
 + return 0;
 + }
 + dst_release(dst);
 + }
 +accept:
 +#endif

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 00/05] ipv6: RFC4214 Support

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Tue, 06 Nov 2007 21:37:50 -0800 (PST)), 
David Miller [EMAIL PROTECTED] says:

 From: David Stevens [EMAIL PROTECTED]
 Date: Tue, 6 Nov 2007 21:26:15 -0800
 
  Last I heard, there are Intellectual Property claims with ISATAP,
  which is why the RFC is not standards track and which makes it
  effectively a proprietary protocol.
  
  Unless that's been resolved, I think the claim by the IP owner is
  that it can't be distributed without a license from them. So, maybe
  not worth the effort for an experimental RFC.
 
 If this is the case, I agree, we cannot include ISATAP
 support in the kernel.

I guess license is no longer required for implementers of ISATAP.
Is it right, Fred?

https://datatracker.ietf.org/ipr/550/

--yoshfuji


-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [BUG] in inet6_create

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu, 01 Nov 2007 21:07:52 +0100), Roel Kluin 
[EMAIL PROTECTED] says:

 I got this bug recently, I am not sure whether this is related to any 
 previously 
 reported ones. It was a recently pulled git kernel. Also I have been hacking 
 my
 kernel a bit lately, but I think that I haven't got any changes in the 
 currently
 running kernel.

Please try this.

-
[IPV6]: Ensure to initialize inetsw6 array before we start accepting socket.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index ecbd388..9ecd41b 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -789,6 +789,7 @@ static int __init inet6_init(void)
/* Register the socket-side information for inet6_create.  */
for(r = inetsw6[0]; r  inetsw6[SOCK_MAX]; ++r)
INIT_LIST_HEAD(r);
+   synchronize_net();
 
/* We MUST register RAW sockets before we create the ICMP6,
 * IGMP6, or NDISC control sockets.

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[RFC 1/2] [IPV6] ADDRCONF: Preparation for configurable address selection policy with ifindex.

[YOSHIFUJI Hideaki / 吉藤英明]

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 net/ipv6/addrconf.c |   14 ++
 1 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 348bd8d..8b408b7 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -877,7 +877,8 @@ static inline int ipv6_saddr_preferred(int type)
 }
 
 /* static matching label */
-static inline int ipv6_saddr_label(const struct in6_addr *addr, int type)
+static inline int ipv6_addr_label(const struct in6_addr *addr, int type,
+ int ifindex)
 {
  /*
   *prefix (longest match)  label
@@ -912,7 +913,8 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
struct inet6_ifaddr *ifa_result = NULL;
int daddr_type = __ipv6_addr_type(daddr);
int daddr_scope = __ipv6_addr_src_scope(daddr_type);
-   u32 daddr_label = ipv6_saddr_label(daddr, daddr_type);
+   int daddr_ifindex = daddr_dev ? daddr_dev-ifindex : 0;
+   u32 daddr_label = ipv6_addr_label(daddr, daddr_type, daddr_ifindex);
struct net_device *dev;
 
memset(hiscore, 0, sizeof(hiscore));
@@ -1085,11 +1087,15 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
 
/* Rule 6: Prefer matching label */
if (hiscore.rule  6) {
-   if (ipv6_saddr_label(ifa_result-addr, 
hiscore.addr_type) == daddr_label)
+   if (ipv6_addr_label(ifa_result-addr,
+   hiscore.addr_type,
+   
ifa_result-idev-dev-ifindex) == daddr_label)
hiscore.attrs |= IPV6_SADDR_SCORE_LABEL;
hiscore.rule++;
}
-   if (ipv6_saddr_label(ifa-addr, score.addr_type) == 
daddr_label) {
+   if (ipv6_addr_label(ifa-addr,
+   score.addr_type,
+   ifa-idev-dev-ifindex) == 
daddr_label) {
score.attrs |= IPV6_SADDR_SCORE_LABEL;
if (!(hiscore.attrs  IPV6_SADDR_SCORE_LABEL)) {
score.rule = 6;
-- 
1.4.4.4

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[RFC 0/2] [IPV6] ADDRCONF: IPv6 configurable Default Address Selection support (TAKE 2)

[YOSHIFUJI Hideaki / 吉藤英明]

This is the 2nd RFC for supporting configurable IPv6 Default Address Selection
policy (RFC3484) based on 2.6.24-rc1.
This is intended for 2.6.25.

Major changes:
- Use rtnetlink instead of ioctl/procfs.
- Use RCU.

Git tree is available at the branch named 2.6.24-rc1-addrlabel-20071030 at
git://git.linux-ipv6.org/gitroot/yoshfuji/linux-2.6-dev.git

iproute2 is available at the branch named addrlabel-20071030 at
git://git.linux-ipv6.org/gitroot/yoshfuji/iproute2-dev.git

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[RFC 2/2] [IPV6] ADDRCONF: Support RFC3484 configurable address selection policy table.

[YOSHIFUJI Hideaki / 吉藤英明]

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]
---
 include/linux/if_addrlabel.h |   55 
 include/linux/rtnetlink.h|7 +
 include/net/addrconf.h   |8 +
 net/ipv6/Makefile|1 +
 net/ipv6/addrconf.c  |   40 +---
 net/ipv6/addrlabel.c |  566 ++
 6 files changed, 646 insertions(+), 31 deletions(-)

diff --git a/include/linux/if_addrlabel.h b/include/linux/if_addrlabel.h
new file mode 100644
index 000..66978a5
--- /dev/null
+++ b/include/linux/if_addrlabel.h
@@ -0,0 +1,55 @@
+/*
+ * ifaddrlabel.h - netlink interface for address labels
+ *
+ * Copyright (C)2007 USAGI/WIDE Project,  All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *may be used to endorse or promote products derived from this software
+ *without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+#ifndef __LINUX_IF_ADDRLABEL_H
+#define __LINUX_IF_ADDRLABEL_H
+
+struct ifaddrlblmsg
+{
+   __u8ifal_family;/* Address family */
+   __u8__ifal_reserved;/* Reserved */
+   __u8ifal_prefixlen; /* Prefix length */
+   __u8ifal_flags; /* Flags */
+   __u32   ifal_index; /* Link index */
+   __u32   ifal_seq;   /* sequence number */
+};
+
+enum
+{
+   IFAL_ADDRESS = 1,
+   IFAL_LABEL = 2,
+   __IFAL_MAX
+};
+
+#define IFAL_MAX   (__IFAL_MAX - 1)
+
+#endif
diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h
index 5bf6182..9a8bf01 100644
--- a/include/linux/rtnetlink.h
+++ b/include/linux/rtnetlink.h
@@ -100,6 +100,13 @@ enum {
RTM_NEWNDUSEROPT = 68,
 #define RTM_NEWNDUSEROPT RTM_NEWNDUSEROPT
 
+   RTM_NEWADDRLABEL = 72,
+#define RTM_NEWADDRLABEL RTM_NEWADDRLABEL
+   RTM_DELADDRLABEL,
+#define RTM_NEWADDRLABEL RTM_NEWADDRLABEL
+   RTM_GETADDRLABEL,
+#define RTM_GETADDRLABEL RTM_GETADDRLABEL
+
__RTM_MAX,
 #define RTM_MAX(((__RTM_MAX + 3)  ~3) - 1)
 };
diff --git a/include/net/addrconf.h b/include/net/addrconf.h
index 33b593e..bccc2fe 100644
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -84,6 +84,14 @@ extern void  addrconf_leave_solict(struct 
inet6_dev *idev,
struct in6_addr *addr);
 
 /*
+ * IPv6 Address Label subsystem (addrlabel.c)
+ */
+extern int ipv6_addr_label_init(void);
+extern voidipv6_addr_label_rtnl_register(void);
+extern u32 ipv6_addr_label(const struct in6_addr *addr,
+   int type, int ifindex);
+
+/*
  * multicast prototypes (mcast.c)
  */
 extern int ipv6_sock_mc_join(struct sock *sk, int ifindex, 
diff --git a/net/ipv6/Makefile b/net/ipv6/Makefile
index 87c23a7..5ffa980 100644
--- a/net/ipv6/Makefile
+++ b/net/ipv6/Makefile
@@ -5,6 +5,7 @@
 obj-$(CONFIG_IPV6) += ipv6.o
 
 ipv6-objs :=   af_inet6.o anycast.o ip6_output.o ip6_input.o addrconf.o \
+   addrlabel.o \
route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o udplite.o \
raw.o protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \
exthdrs.o sysctl_net_ipv6.o datagram.o \
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 8b408b7..5b6553f 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -876,36 +876,6 @@ static inline int ipv6_saddr_preferred(int type)
return 0;
 }
 
-/* static matching label */
-static inline int ipv6_addr_label(const struct in6_addr *addr, int type,
-  

[PATCH 2.6.24-rc] [IPV6] NDISC: Fix setting base_reachable_time_ms variable.

[YOSHIFUJI Hideaki / 吉藤英明]

This bug was introduced by the commit
d12af679bcf8995a237560bdf7a4d734f8df5dbb.

Signed-off-by: YOSHIFUJI Hideaki [EMAIL PROTECTED]

--- 
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 20cfc90..36f7dbf 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1670,7 +1670,7 @@ int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int 
write, struct file * f
filp, buffer, lenp, ppos);
 
else if ((strcmp(ctl-procname, retrans_time_ms) == 0) ||
-(strcmp(ctl-procname, base_reacable_time_ms) == 0))
+(strcmp(ctl-procname, base_reachable_time_ms) == 0))
ret = proc_dointvec_ms_jiffies(ctl, write,
   filp, buffer, lenp, ppos);
else

-- 
YOSHIFUJI Hideaki @ USAGI Project  [EMAIL PROTECTED]
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [UDP6]: Restore sk_filter optimisation

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Mon, 29 Oct 2007 15:33:20 +0900), Mitsuru 
Chinen [EMAIL PROTECTED] says:

 Hello Herbert,
 
 Let me ask a question about this patch.
 After this patch was applied, 2 of the protocol stack behaviors were
 changed when it receives a UDP datagram with broken checksum:
 
  1. udp6InDatagrams is incremented instead of udpInErrors
  2. In userland, recvfrom() replies an error with EAGAIN.
 recvfrom() wasn't aware of such a packet before.
 
 Are these changes intentional?

And, we're not sure how much the optimization's benefit is.
It is even worse when we are handling multicast packets.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [Bugme-new] [Bug 9224] New: Settings to /proc/sys/net/ipv[46]/conf/all are not propagated

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu, 25 Oct 2007 09:16:52 -0700), Andrew 
Morton [EMAIL PROTECTED] says:

  Most recent kernel where this bug did not occur: 2.6.22 (not sure)

 Apparently a regression.

I would say it is a bug, but it is not a regression.
I mean, I believe this bug lives since 2.2.

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC][PATCH 0/3][XFRM]: Support packet processing error statistics.

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Tue, 23 Oct 2007 16:08:34 +0900), Masahide 
NAKAMURA [EMAIL PROTECTED] says:

 Monday 22 October 2007 21:28, jamal wrote:
  On Mon, 2007-22-10 at 15:11 +0900, Masahide NAKAMURA wrote:
:
 This point is one of what I want to hear comment.
 My patch uses XFRM_MIB_XXX because I found LINUX_MIB_XXX definition at
 include/linux/snmp.h for TCP extended statistics at /proc/net/netstat and
 it does not seem to be defined by any RFC specification. Then I feel it is 
 not so bad to
 use _MIB_ for them. Maybe we have another idea to merge them into LINUX_MIB.
 
 Now we have the following candidates:
 
 (1) my patch  XFRM_MIB_INHDRERROR
 (2) some extender XFRM_XXX_INHDRERROR (XXX is requested)
 (3) not-mib extender  XFRM_NOTMIB_INHDRERROR
 (4) no extender   XFRM_INHDRERROR
 (5) merge linux-mib   LINUX_MIB_XFRMINHDRERROR
 
 Comments?

I would support (5) or (1).

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/3] Lost locking in fl6_sock_lookup

[YOSHIFUJI Hideaki / 吉藤英明]

In article [EMAIL PROTECTED] (at Thu, 18 Oct 2007 15:53:52 +0400), Pavel 
Emelyanov [EMAIL PROTECTED] says:

 This routine scans the ipv6_fl_list whose update is
 protected with the socket lock and the ip6_sk_fl_lock.

   struct ip6_flowlabel *fl = sfl-fl;
   if (fl-label == label) {
 + read_unlock_bh(ip6_sk_fl_lock);
   fl-lastuse = jiffies;
   atomic_inc(fl-users);
   return fl;

We should increment fl-users within the critical section, shouldn't we?

--yoshfuji
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html