Re: [PATCH] IPv6/DCCP: Fix memory leak in dccp_v6_do_rcv()

[Andrew Morton]

On Fri, 29 Sep 2006 02:45:33 +0200
Jesper Juhl [EMAIL PROTECTED] wrote:

 
 Coverity found what looks like a real leak in 
 net/dccp/ipv6.c::dccp_v6_do_rcv()
 
 We may leave via the return inside if (sk-sk_state == DCCP_OPEN) {
 but at that point we may have allocated opt_skb, but we never free it
 in that path before the return.
 
 
 Signed-off-by: Jesper Juhl [EMAIL PROTECTED]
 ---
 
  net/dccp/ipv6.c |2 ++
  1 file changed, 2 insertions(+)
 
 --- linux-2.6.18-git10-orig/net/dccp/ipv6.c   2006-09-28 22:40:07.0 
 +0200
 +++ linux-2.6.18-git10/net/dccp/ipv6.c2006-09-29 02:35:15.0 
 +0200
 @@ -997,6 +997,8 @@ static int dccp_v6_do_rcv(struct sock *s
   if (sk-sk_state == DCCP_OPEN) { /* Fast path */
   if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb-len))
   goto reset;
 + if (opt_skb)
 + __kfree_skb(opt_skb);
   return 0;
   }

Looks right to me.  But it'd be better coded as below, so we don't have
multiple deeply-nested return points (the cause of this bug) and duplicated
code.

otoh, it seems to me that opt_skb doesn't actually do anything and can be
removed?


diff -puN net/dccp/ipv6.c~ipv6-dccp-fix-memory-leak-in-dccp_v6_do_rcv 
net/dccp/ipv6.c
--- a/net/dccp/ipv6.c~ipv6-dccp-fix-memory-leak-in-dccp_v6_do_rcv
+++ a/net/dccp/ipv6.c
@@ -997,7 +997,7 @@ static int dccp_v6_do_rcv(struct sock *s
if (sk-sk_state == DCCP_OPEN) { /* Fast path */
if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb-len))
goto reset;
-   return 0;
+   goto out;
}
 
if (sk-sk_state == DCCP_LISTEN) {
@@ -1013,9 +1013,7 @@ static int dccp_v6_do_rcv(struct sock *s
if (nsk != sk) {
if (dccp_child_process(sk, nsk, skb))
goto reset;
-   if (opt_skb != NULL)
-   __kfree_skb(opt_skb);
-   return 0;
+   goto out;
}
}
 
@@ -1026,9 +1024,10 @@ static int dccp_v6_do_rcv(struct sock *s
 reset:
dccp_v6_ctl_send_reset(skb);
 discard:
+   kfree_skb(skb);
+out:
if (opt_skb != NULL)
__kfree_skb(opt_skb);
-   kfree_skb(skb);
return 0;
 }
 
_

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: tc related lockdep warning.

[Jarek Poplawski]

On Thu, Sep 28, 2006 at 07:20:00AM -0700, Stephen Hemminger wrote:
 On Thu, 28 Sep 2006 15:13:01 +0200
 Jarek Poplawski [EMAIL PROTECTED] wrote:
 
  On Thu, Sep 28, 2006 at 02:17:51PM +0200, Patrick McHardy wrote:
   [My mail provider is down, so responding manually]
   
   Jarek Poplawski wrote:
 [NET_SCHED]: Fix fallout from dev-qdisc RCU change
   
Sorry again but I can't abstain from some doubts:
   
...
 diff --git a/net/core/dev.c b/net/core/dev.c
 index 14de297..4d891be 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
 @@ -1480,14 +1480,16 @@ #endif
   if (q-enqueue) {
   /* Grab device queue */
   spin_lock(dev-queue_lock);
 + q = dev-qdisc;
   
I don't get it. If it is some anti-race step according to
rcu rules it should be again:
q = rcu_dereference(dev-qdisc);
   
   At this point RCU protection is not needed anymore since we
   have the lock. We simply want to avoid taking the lock for
   devices that don't have a real qdisc attached (like loopback).
   Thats what the test for q-enqueue is there for. RCU is only
   needed to avoid races between testing q-enqueue and freeing
   of the qdisc.
  
  But in Documentation/RCU/whatisRCU.txt I see this:
  
  /*
   * Return the value of field a of the current gbl_foo
   * structure.  Use rcu_read_lock() and rcu_read_unlock()
   * to ensure that the structure does not get deleted out
   * from under us, and use rcu_dereference() to ensure that
   * we see the initialized version of the structure (important
   * for DEC Alpha and for people reading the code).
   */
  int foo_get_a(void)
  {
  int retval;
  
  rcu_read_lock();
  retval = rcu_dereference(gbl_foo)-a;
  rcu_read_unlock();
  return retval;
  }
  
 
 The example uses rcu_read_lock() which is a weaker form of protection
 than a real lock, so the rcu_dereference() is needed to do memory barriers.

I don't question this and I know it is not required - I mean
what is in the parenthesis (important ...) or here: 

From Documentation/RCU/checklist.txt:

The rcu_dereference() primitive is used by the various
_rcu() list-traversal primitives, such as the
list_for_each_entry_rcu().  Note that it is perfectly
legal (if redundant) for update-side code to use
rcu_dereference() and the _rcu() list-traversal
primitives.  This is particularly useful in code
that is common to readers and updaters.


 In the qdisc case we have the proper spin_lock() so no additional
 barrier is needed.

So why isn't it done in the code instead of comments?: 

if (q-enqueue) {

rcu_read_unlock();

/* Grab device queue */
spin_lock(dev-queue_lock);
q = dev-qdisc;
...
}
rcu_read_unlock();

I mean the consequence.

Another thing is why? Now it looks RCU is good for the first test
but we don't believe it entirely (or assume the pointer could change
at this particular moment) so take this pointer again with
a real lock. I think RCU assures the consistency within it's block 
and we should only test for NULL pointer.


Jarek P.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [2.6.18 backport] RTL8168 ethernet support in r8169

[Francois Romieu]

Samir Bellabes [EMAIL PROTECTED] :
[...]
  +   { PCI_DEVICE(PCI_VENDOR_ID_REALTEK, 0x8167), 0, 0, RTL_CFG_1 },
 ^
  Should be RTL_CFG_1.
 
 You mean should be RTL_CFG_0 ?

Yes.

It was typos night.

-- 
Ueimor
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: 2.6.19 status

[Ismail Donmez]

Hi Dave,
29 Eyl 2006 Cum 04:41 tarihinde şunları yazmıştınız:
 I've just pushed my current net-2.6 tree to Linus.  The bulk of the
 changes in there are endianness annotations for sparse by Al Viro,
 along with the patches I've been ACK'ing here on the list and
 elsewhere.

 If you want a non-bugfix change to get into 2.6.19 you must have it to
 me by the end of the weekend.

 As of next Monday, anything I receive has to be a bugfix for 2.6.19
 consideration.

 Thanks for everyone's hard work and let's make sure there are no
 networking regressions at all in 2.6.19, in fact let's strive to
 make it have no regressions plus bugs fixed that were in 2.6.18 :-)

Looks like following fix from Herbert still didn't made it to Linus which 
fixes hard lockups with some tc usage.


[NET_SCHED]: HTB: fix incorrect use of RB_EMPTY_NODE

Fix incorrect use of RB_EMPTY_NODE in htb_safe_rb_erase, which makes it
skip nodes within the rbtree instead of nodes not in the tree, resulting
in crashes later on.

The root cause for this seems to be the very counter-intuitive behaviour
of the RB_EMPTY_NODE macro, which returns _false_ when the node is empty.

Signed-off-by: Patrick McHardy [EMAIL PROTECTED]

---
commit 9a0cd6d60280d88c38791844c87548d45cf6f2c2
tree fdf4f4a46fb088d957322006828af557b8ce594a
parent 7e4720201ad44ace85a443f41d668a62a737e7d0
author Patrick McHardy [EMAIL PROTECTED] Wed, 27 Sep 2006 13:27:24 +0200
committer Patrick McHardy [EMAIL PROTECTED] Wed, 27 Sep 2006 13:27:24 +0200

 net/sched/sch_htb.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
index bb3ddd4..6c058e3 100644
--- a/net/sched/sch_htb.c
+++ b/net/sched/sch_htb.c
@@ -391,7 +391,7 @@ static inline void htb_add_class_to_row(
 /* If this triggers, it is a bug in this code, but it need not be fatal */
 static void htb_safe_rb_erase(struct rb_node *rb, struct rb_root *root)
 {
-   if (RB_EMPTY_NODE(rb)) {
+   if (!RB_EMPTY_NODE(rb)) {
WARN_ON(1);
} else {
rb_erase(rb, root);


-- 
They that can give up essential liberty to obtain a little temporary safety 
deserve neither liberty nor safety.
-- Benjamin Franklin
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

XFRM BEET mode and 2.6.19 kernel

[Miika Komu]

Hi folks,

I hope you will consider the BEET mode IPsec patch for the 2.6.19 kernel:

http://www.mail-archive.com/netdev@vger.kernel.org/msg22333.html

We have refactored the patch several times according to feedback from 
Herbert Xu during the past year.


--
Miika Komu   http://www.iki.fi/miika/
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 6/7] secid reconciliation-v03: Label locally generated IPv4 traffic

[James Morris]

On Thu, 28 Sep 2006, Venkat Yekkirala wrote:

 +static inline void security_skb_classify_ipcm(struct sk_buff *skb,
 + struct ipcm_cookie *ipc)
 +{
 + ipc-secid = 0;
 + ipc-secid = skb-secmark;
 +}

You don't need the assignment to 0.



- James
-- 
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/7] secid reconciliation-v03: Invoke LSM hook for outbound traffic

[James Morris]

On Thu, 28 Sep 2006, Venkat Yekkirala wrote:

 + }
 + else/* inbound */
 + /* loopback traffic should already be labeled
 +and any filtering on outbound should suffice */
 + if (in == loopback_dev)
 + goto out;

Minor nit that akpm will point out, the else belongs on the same line as 
the brace.  Also, the comment style is:

/*
 * Comment...
 * etc.
 */




- James
-- 
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: 2.6.19 status

[David Miller]

From: Ismail Donmez [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 10:10:34 +0300

 Hi Dave,
 29 Eyl 2006 Cum 04:41 tarihinde $,1 (Bunlar$,1 Q(B yazm$,1 Q (Bt$,1 
 Q(Bn$,1 Q(Bz:
  I've just pushed my current net-2.6 tree to Linus.  The bulk of the
  changes in there are endianness annotations for sparse by Al Viro,
  along with the patches I've been ACK'ing here on the list and
  elsewhere.
 
  If you want a non-bugfix change to get into 2.6.19 you must have it to
  me by the end of the weekend.
 
  As of next Monday, anything I receive has to be a bugfix for 2.6.19
  consideration.
 
  Thanks for everyone's hard work and let's make sure there are no
  networking regressions at all in 2.6.19, in fact let's strive to
  make it have no regressions plus bugs fixed that were in 2.6.18 :-)
 
 Looks like following fix from Herbert still didn't made it to Linus which 
 fixes hard lockups with some tc usage.

It's in my net-2.6 tree, which is where you should check for
whether something is queued and pending submission yet.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/7] secid reconciliation-v03: Invoke LSM hook for outbound traffic

[James Morris]

On Thu, 28 Sep 2006, Venkat Yekkirala wrote:

 + if (connsecmark)
 + if (*connsecmark != skb-secmark) {
   *connsecmark = skb-secmark;
 + }

Please remove the braces if re-submitting.

 +printk(KERN_ERR IN HOOK (%d) (%u) (%u)\n, hooknum, skb-secmark, 
 *psecmark);\

Please remove debugging (here and elsewhere).



 + /* Set secmark on inbound and filter it on outbound */
 + if ((target-family == AF_INET 
 + (hooknum == NF_IP_POST_ROUTING ||
 +  hooknum == NF_IP_LOCAL_OUT ||
 +  hooknum == NF_IP_FORWARD)) ||
 + (target-family == AF_INET6 
 + (hooknum == NF_IP6_POST_ROUTING ||
 +  hooknum == NF_IP6_LOCAL_OUT ||
 +  hooknum == NF_IP6_FORWARD))) {

I think this should be a separate helper function, so the logic can be 
changed/evaluated in isolation (preferred, but not a blocker).

 + secmark_save(skb, hooknum, target);

It seems that the target parameter is not needed.


 + return secmark_restore(skb, hooknum, in, target);

Please pass a family parameter instead of target.



-- 
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATH] Allow mtu bigger than 1500 for ieee80211

[Johannes Berg]

On Thu, 2006-09-28 at 19:57 +0200, matthieu castet wrote:

 + if ((new_mtu  68) || (new_mtu  IEEE80211_DATA_LEN))
 + return -EINVAL;

What's with that lower limit, why 68?

johannes
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch 3/3] Add tsi108 On Chip Ethernet device driver support

[Zang Roy-r61911]

On Thu, 2006-09-21 at 12:46, Jeff Garzik wrote:
 Zang Roy-r61911 wrote:
  +struct tsi108_prv_data {
  + void  __iomem *regs;/* Base of normal regs */
  + void  __iomem *phyregs; /* Base of register bank used for PHY
 access */
  + 
  + int phy;/* Index of PHY for this interface */
  + int irq_num;
  + int id;
  +
  + struct timer_list timer;/* Timer that triggers the check phy
 function */
  + int rxtail; /* Next entry in rxring to read */
  + int rxhead; /* Next entry in rxring to give a new
 buffer */
  + int rxfree; /* Number of free, allocated RX
 buffers */
  +
  + int rxpending;  /* Non-zero if there are still
 descriptors
  +  * to be processed from a previous
 descriptor
  +  * interrupt condition that has been
 cleared */
  +
  + int txtail; /* Next TX descriptor to check status
 on */
  + int txhead; /* Next TX descriptor to use */
 
 most of these should be unsigned, to prevent bugs.
 
 
  + /* Number of free TX descriptors.  This could be calculated
 from
  +  * rxhead and rxtail if one descriptor were left unused to
 disambiguate
  +  * full and empty conditions, but it's simpler to just keep
 track
  +  * explicitly. */
  +
  + int txfree;
  +
  + int phy_ok; /* The PHY is currently powered on. */
  +
  + /* PHY status (duplex is 1 for half, 2 for full,
  +  * so that the default 0 indicates that neither has
  +  * yet been configured). */
  +
  + int link_up;
  + int speed;
  + int duplex;
  +
  + tx_desc *txring;
  + rx_desc *rxring;
  + struct sk_buff *txskbs[TSI108_TXRING_LEN];
  + struct sk_buff *rxskbs[TSI108_RXRING_LEN];
  +
  + dma_addr_t txdma, rxdma;
  +
  + /* txlock nests in misclock and phy_lock */
  +
  + spinlock_t txlock, misclock;
  +
  + /* stats is used to hold the upper bits of each hardware
 counter,
  +  * and tmpstats is used to hold the full values for returning
  +  * to the caller of get_stats().  They must be separate in
 case
  +  * an overflow interrupt occurs before the stats are consumed.
  +  */
  +
  + struct net_device_stats stats;
  + struct net_device_stats tmpstats;
  +
  + /* These stats are kept separate in hardware, thus require
 individual
  +  * fields for handling carry.  They are combined in get_stats.
  +  */
  +
  + unsigned long rx_fcs;   /* Add to rx_frame_errors */
  + unsigned long rx_short_fcs; /* Add to rx_frame_errors */
  + unsigned long rx_long_fcs;  /* Add to rx_frame_errors */
  + unsigned long rx_underruns; /* Add to rx_length_errors */
  + unsigned long rx_overruns;  /* Add to rx_length_errors */
  +
  + unsigned long tx_coll_abort;/* Add to
 tx_aborted_errors/collisions */
  + unsigned long tx_pause_drop;/* Add to tx_aborted_errors */
  +
  + unsigned long mc_hash[16];
  +};
  +
  +/* Structure for a device driver */
  +
  +static struct platform_driver tsi_eth_driver = {
  + .probe = tsi108_init_one,
  + .remove = tsi108_ether_remove,
  + .driver = {
  + .name = tsi-ethernet,
  + },
  +};
  +
  +static void tsi108_timed_checker(unsigned long dev_ptr);
  +
  +static void dump_eth_one(struct net_device *dev)
  +{
  + struct tsi108_prv_data *data = netdev_priv(dev);
  +
  + printk(Dumping %s...\n, dev-name);
  + printk(intstat %x intmask %x phy_ok %d
  + link %d speed %d duplex %d\n,
  +TSI108_ETH_READ_REG(TSI108_EC_INTSTAT),
  +TSI108_ETH_READ_REG(TSI108_EC_INTMASK), data-phy_ok,
  +data-link_up, data-speed, data-duplex);
  +
  + printk(TX: head %d, tail %d, free %d, stat %x, estat %x, err
 %x\n,
  +data-txhead, data-txtail, data-txfree,
  +TSI108_ETH_READ_REG(TSI108_EC_TXSTAT),
  +TSI108_ETH_READ_REG(TSI108_EC_TXESTAT),
  +TSI108_ETH_READ_REG(TSI108_EC_TXERR));
  +
  + printk(RX: head %d, tail %d, free %d, stat %x,
  + estat %x, err %x, pending %d\n\n,
  +data-rxhead, data-rxtail, data-rxfree,
  +TSI108_ETH_READ_REG(TSI108_EC_RXSTAT),
  +TSI108_ETH_READ_REG(TSI108_EC_RXESTAT),
  +TSI108_ETH_READ_REG(TSI108_EC_RXERR), data-rxpending);
  +}
  +
  +/* Synchronization is needed between the thread and up/down events.
  + * Note that the PHY is accessed through the same registers for
 both
  + * interfaces, so this can't be made interface-specific.
  + */
  +
  +static DEFINE_SPINLOCK(phy_lock);
 
 you should have a chip structure, that contains two structs (one for 
 each interface/port)
 
 
Could you interpret the chip structure in more detail?
Need I create two net_device struct for each port?
Thanks.
Roy

-
To unsubscribe from this list: send the line 

Re: [patch 3/3] Add tsi108 On Chip Ethernet device driver support

[Jeff Garzik]

Zang Roy-r61911 wrote:

Could you interpret the chip structure in more detail?
Need I create two net_device struct for each port?


No.  One net_device per port.  And one container structure for the 
entire device.


Jeff


-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATH] Allow mtu bigger than 1500 for ieee80211

[Joerg Roedel]

On Fri, Sep 29, 2006 at 09:38:21AM +0200, Johannes Berg wrote:
 On Thu, 2006-09-28 at 19:57 +0200, matthieu castet wrote:
 
  +   if ((new_mtu  68) || (new_mtu  IEEE80211_DATA_LEN))
  +   return -EINVAL;
 
 What's with that lower limit, why 68?

Isn't 68 the minimum MTU required by IPv4?
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] IPv6/DCCP: Remove unused IPV6_PKTOPTIONS code

[Gerrit Renker]

  Coverity found what looks like a real leak in 
 net/dccp/ipv6.c::dccp_v6_do_rcv()

|  otoh, it seems to me that opt_skb doesn't actually do anything and can be
|  removed?
This is right, there is no code referencing opt_skb: compare with 
net/ipv6/tcp_ipv6.c.
Until someone has time to add the missing DCCP-specific code, it does seem 
better
to replace the dead part with a FIXME. This is done by the patch below, applies 
to
davem-net2.6 and has been tested to compile.

Signed-off-by: Gerrit Renker [EMAIL PROTECTED]
--
 ipv6.c |   23 ++-
 1 file changed, 2 insertions(+), 21 deletions(-)

diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 7a47399..9d19344 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -956,8 +956,6 @@ out:
  */
 static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
 {
-   struct ipv6_pinfo *np = inet6_sk(sk);
-   struct sk_buff *opt_skb = NULL;
 
/* Imagine: socket is IPv6. IPv4 packet arrives,
   goes to IPv4 receive handler and backlogged.
@@ -978,21 +976,8 @@ static int dccp_v6_do_rcv(struct sock *s
 * called with bh processing disabled.
 */
 
-   /* Do Stevens' IPV6_PKTOPTIONS.
-
-  Yes, guys, it is the only place in our code, where we
-  may make it not affecting IPv4.
-  The rest of code is protocol independent,
-  and I do not like idea to uglify IPv4.
-
-  Actually, all the idea behind IPV6_PKTOPTIONS
-  looks not very well thought. For now we latch
-  options, received in the last packet, enqueued
-  by tcp. Feel free to propose better solution.
-  --ANK (980728)
-*/
-   if (np-rxopt.all)
-   opt_skb = skb_clone(skb, GFP_ATOMIC);
+   /* FIXME: Add handling of IPV6_PKTOPTIONS with appropriate freeing of 
+*skb (see net/ipv6/tcp_ipv6.c for example)   */
 
if (sk-sk_state == DCCP_OPEN) { /* Fast path */
if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb-len))
@@ -1013,8 +998,6 @@ static int dccp_v6_do_rcv(struct sock *s
if (nsk != sk) {
if (dccp_child_process(sk, nsk, skb))
goto reset;
-   if (opt_skb != NULL)
-   __kfree_skb(opt_skb);
return 0;
}
}
@@ -1026,8 +1009,6 @@ static int dccp_v6_do_rcv(struct sock *s
 reset:
dccp_v6_ctl_send_reset(skb);
 discard:
-   if (opt_skb != NULL)
-   __kfree_skb(opt_skb);
kfree_skb(skb);
return 0;
 }


-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [ACRYPTO] New asynchronous crypto layer (acrypto) release.

[Evgeniy Polyakov]

On Thu, Sep 28, 2006 at 03:23:43PM +0200, Andreas Jellinghaus ([EMAIL 
PROTECTED]) wrote:
 Evgeniy Polyakov wrote:
 Hello.
 
 I'm pleased to announce asynchronous crypto layer (acrypto) [1] release 
 for 2.6.18 kernel tree. Acrypto allows to handle crypto requests 
 asynchronously in hardware.
 
 Combined patchset includes:
  * acrypto core
  * IPsec ESP4 port to acrypto
  * dm-crypt port to acrypto
 
 so I should be able to replace a plain 2.6.18 kernel with one
 with this patchset and use dm-crypt'ed partitions (e.g. swap,
 encrypted root filesystem) as usual without further changes?
 
 Did anyone test this with success?
 
 Regards, Andreas

As I answered in your first e-mail, yes, you just need to patch 2.6.18
tree and load one of the crypto provider.

Acrypto works with request/response model, i.e. you ask acrypto core to
perform some operation on given buffers and if it can, it will call
your callback when it is ready (or some error happend and acrypto was
unable to reroute request to other device), otherwise it will return error.

With such a model it is possible to extend acrypto to any kind of
operations on buffers, not only crypto related, for example it is
possible to onload IPsec header transformation, perform DMA between
specified areas and much more.

-- 
Evgeniy Polyakov
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [ACRYPTO] New asynchronous crypto layer (acrypto) release.

[Samuel Tardieu]

 Evgeniy == Evgeniy Polyakov [EMAIL PROTECTED] writes:

Evgeniy Hello.  I'm pleased to announce asynchronous crypto layer
Evgeniy (acrypto) [1] release for 2.6.18 kernel tree. Acrypto allows
Evgeniy to handle crypto requests asynchronously in hardware.

Would userspace programs benefit from this patch? In particular, would
OpenSSL get better performances on Via nehemiah CPUs or does it need
to be patched?

  Sam
-- 
Samuel Tardieu -- [EMAIL PROTECTED] -- http://www.rfc1149.net/

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [ACRYPTO] New asynchronous crypto layer (acrypto) release.

[Evgeniy Polyakov]

On Fri, Sep 29, 2006 at 12:17:58PM +0200, Samuel Tardieu ([EMAIL PROTECTED]) 
wrote:
  Evgeniy == Evgeniy Polyakov [EMAIL PROTECTED] writes:
 
 Evgeniy Hello.  I'm pleased to announce asynchronous crypto layer
 Evgeniy (acrypto) [1] release for 2.6.18 kernel tree. Acrypto allows
 Evgeniy to handle crypto requests asynchronously in hardware.
 
 Would userspace programs benefit from this patch? In particular, would
 OpenSSL get better performances on Via nehemiah CPUs or does it need
 to be patched?

Userspace supports Via Nehemiah CPUs crypto engine quite for a long time
without any external patching.

   Sam
 -- 
 Samuel Tardieu -- [EMAIL PROTECTED] -- http://www.rfc1149.net/

-- 
Evgeniy Polyakov
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

lifetime of IPv6 tempaddr is limited to lifetime specified in router advertisements: address lost while SSH connection is still established

[Peter Bieringer]

Hi,

running kernel-2.6.17-1.2187_FC5 and using

net.ipv6.conf.default.use_tempaddr = 2 in /etc/sysctl.conf

results in enabling and prefered use of temporary IPv6 addresses as
expected.


Current related sysctl values are:

# sysctl -a |grep temp_
net.ipv6.conf.eth0.temp_prefered_lft = 86400
net.ipv6.conf.eth0.temp_valid_lft = 604800
net.ipv6.conf.default.temp_prefered_lft = 86400
net.ipv6.conf.default.temp_valid_lft = 604800
net.ipv6.conf.all.temp_prefered_lft = 86400
net.ipv6.conf.all.temp_valid_lft = 604800
net.ipv6.conf.lo.temp_prefered_lft = 86400
net.ipv6.conf.lo.temp_valid_lft = 604800


But now strange things happen. It looks like that the prefered_lft is
not used because of receiving router advertisements (imho a normal
scenario).

Router advertisements have
valid time 3000s, pref. time 2000s


Current available addresses:

# ip -6 addr show dev eth0
2: eth0: BROADCAST,MULTICAST,UP,1 mtu 1500 qlen 1000
inet6 2001:db8:0:0:f0fc:f50b:3cb1:cfea/64 scope global secondary dynamic
   valid_lft 2047sec preferred_lft 1047sec
inet6 2001:db8:0:0:a963:ce7f:8e4e:fdf2/64 scope global secondary
deprecated dynamic
   valid_lft 265sec preferred_lft -735sec
inet6 2001:db8:0:0:201:3ff:fe33:23c9/64 scope global dynamic
   valid_lft 2555sec preferred_lft 1555sec
inet6 fe80::201:3ff:fe01:2345/64 scope link
   valid_lft forever preferred_lft forever


Established TCP sessions:

# lsof -n -i :22
COMMAND   PID  USER   FD   TYPE DEVICE SIZE NODE NAME
sshd 1613  root3u  IPv6   4777   TCP *:ssh (LISTEN)
ssh 15606 peter3u  IPv6 153678   TCP
[2001:db8:0:0:d45e:37d7:616d:99a]:55953-[2001:dba:0:1::164:1]:ssh
(ESTABLISHED)

As you see, the source address 2001:db8:0:0:d45e:37d7:616d:99a do no
longer appear in interface address list.


So it looks like that if lifetime from router advertisment limits the
lifetime of the temporary address, but there is an update mechanism
missing which extends the lifetime of this temporary address (up to the
sysctl limit), if a next router advertisement is received.

Also it should not happen that the address is removed completly in case
it's still used in an open socket.


Is this a (known) bug or a (strange) feature or already fixed in 2.6.18?


Thank you very much.

Regards,
Peter
-- 
Dr. Peter Bieringer http://www.bieringer.de/pb/
GPG/PGP Key 0x958F422D   mailto:[EMAIL PROTECTED]
Deep Space 6 Co-Founder and Core Member  http://www.deepspace6.net/
OpenBChttp://www.openbc.com/hp/Peter_Bieringer/
Personal invitation to OpenBC  http://www.openbc.com/go/invita/3889
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATH] Allow mtu bigger than 1500 for ieee80211

[Johannes Berg]

On Fri, 2006-09-29 at 11:30 +0200, Joerg Roedel wrote:
 On Fri, Sep 29, 2006 at 09:38:21AM +0200, Johannes Berg wrote:
  On Thu, 2006-09-28 at 19:57 +0200, matthieu castet wrote:
  
   + if ((new_mtu  68) || (new_mtu  IEEE80211_DATA_LEN))
   + return -EINVAL;
  
  What's with that lower limit, why 68?
 
 Isn't 68 the minimum MTU required by IPv4?

No idea, but shouldn't there be a named constant somewhere for that
then?

johannes
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Stephen Smalley]

On Thu, 2006-09-28 at 23:52 -0400, Joshua Brindle wrote:
 Venkat Yekkirala wrote:
  snip
  +
  +   err = avc_has_perm(xfrm_sid, skb-secmark, SECCLASS_PACKET,
  +   PACKET__FLOW_IN, NULL);
  +   if (err)
  +   goto out;
  +
  +   if (xfrm_sid) {
  +   err = security_transition_sid(xfrm_sid, skb-secmark,
  +   SECCLASS_PACKET, trans_sid);
  +   if (err)
  +   goto out;
  +

 I thought we weren't doing transitions to label packets anymore per the 
 conference call?

No, transitions are still part of the reconciliation process.  By
default, this just means that we end up with the xfrm_sid (which is what
you want).  But it allows us the freedom to define transitions on the
secmark label if desired, and those transitions can still yield subject
labels.

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Joshua Brindle]

On Fri, 2006-09-29 at 08:59 -0400, Stephen Smalley wrote:
 On Thu, 2006-09-28 at 23:52 -0400, Joshua Brindle wrote:
  Venkat Yekkirala wrote:
   snip
   +
   + err = avc_has_perm(xfrm_sid, skb-secmark, SECCLASS_PACKET,
   + PACKET__FLOW_IN, NULL);
   + if (err)
   + goto out;
   +
   + if (xfrm_sid) {
   + err = security_transition_sid(xfrm_sid, skb-secmark,
   + SECCLASS_PACKET, trans_sid);
   + if (err)
   + goto out;
   +
 
  I thought we weren't doing transitions to label packets anymore per the 
  conference call?
 
 No, transitions are still part of the reconciliation process.  By
 default, this just means that we end up with the xfrm_sid (which is what
 you want).  But it allows us the freedom to define transitions on the
 secmark label if desired, and those transitions can still yield subject
 labels.
 

This is not consistent with my perception of the decision made in the
conference call. I thought that the secid was either going to be 1) the
secmark label if no external labeling is present or 2) the external
label if it is present. The flow_in permission would be checked between
the external label and the secmark label in either case (unlabeled in
the case of #1)

How is this different from the implementation before the call?

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Stephen Smalley]

On Fri, 2006-09-29 at 10:00 -0400, Joshua Brindle wrote:
 On Fri, 2006-09-29 at 08:59 -0400, Stephen Smalley wrote:
  On Thu, 2006-09-28 at 23:52 -0400, Joshua Brindle wrote:
   Venkat Yekkirala wrote:
snip
+
+   err = avc_has_perm(xfrm_sid, skb-secmark, SECCLASS_PACKET,
+   PACKET__FLOW_IN, NULL);
+   if (err)
+   goto out;
+
+   if (xfrm_sid) {
+   err = security_transition_sid(xfrm_sid, skb-secmark,
+   SECCLASS_PACKET, 
trans_sid);
+   if (err)
+   goto out;
+
  
   I thought we weren't doing transitions to label packets anymore per the 
   conference call?
  
  No, transitions are still part of the reconciliation process.  By
  default, this just means that we end up with the xfrm_sid (which is what
  you want).  But it allows us the freedom to define transitions on the
  secmark label if desired, and those transitions can still yield subject
  labels.
  
 
 This is not consistent with my perception of the decision made in the
 conference call. I thought that the secid was either going to be 1) the
 secmark label if no external labeling is present or 2) the external
 label if it is present. The flow_in permission would be checked between
 the external label and the secmark label in either case (unlabeled in
 the case of #1)

The behavior you describe is precisely what will happen in the absence
of any type_transition rules on packet class in the policy, given the
way in which he has defined security_transition_sid on packet class.
The only question is whether there is any value in allowing a transition
to be configured in policy (and if such a transition is configured,
whether the resulting SID requires its own separate permission check,
which is what is usually done - the transition doesn't implicitly
authorize anything).  I don't recall a particular decision on the
transition issue during the call nor do I see it in the posted notes.
However, since the transition was removed in the flow_out case, it would
be logical to remove it from the flow_in case as well, and that would
have the side benefit of less overhead.

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[James Morris]

On Fri, 29 Sep 2006, Stephen Smalley wrote:

 However, since the transition was removed in the flow_out case, it would
 be logical to remove it from the flow_in case as well, and that would
 have the side benefit of less overhead.

How about adding secmark transitions later, if needed, perhaps with an 
/selinux config control ?

It does keep things simpler for now, in terms of getting this code merged, 
deployed into distros and likely certified.


- James
-- 
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] IPv6/DCCP: Remove unused IPV6_PKTOPTIONS code

[Arnaldo Carvalho de Melo]

On 9/29/06, Gerrit Renker [EMAIL PROTECTED] wrote:

  Coverity found what looks like a real leak in 
net/dccp/ipv6.c::dccp_v6_do_rcv()

|  otoh, it seems to me that opt_skb doesn't actually do anything and can be
|  removed?
This is right, there is no code referencing opt_skb: compare with 
net/ipv6/tcp_ipv6.c.
Until someone has time to add the missing DCCP-specific code, it does seem 
better
to replace the dead part with a FIXME. This is done by the patch below, applies 
to
davem-net2.6 and has been tested to compile.


Thanks, I've been again sidetracked by Real Life(tm) but hopefully
tomorrow I'll go over all the DCCP pending patches backlog and get
them into tree to submit to Dave.

- Arnaldo
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Paul Moore]

Stephen Smalley wrote:
 On Fri, 2006-09-29 at 10:33 -0400, James Morris wrote:
 
On Fri, 29 Sep 2006, Stephen Smalley wrote:


However, since the transition was removed in the flow_out case, it would
be logical to remove it from the flow_in case as well, and that would
have the side benefit of less overhead.

How about adding secmark transitions later, if needed, perhaps with an 
/selinux config control ?

It does keep things simpler for now, in terms of getting this code merged, 
deployed into distros and likely certified.
 
 
 Fine with me, unless Venkat has an immediate use case for such
 transitions in the flow_in case (but I think this is mostly my fault for
 suggesting transitions a while ago).

Unless I'm confusing something, there still may be a need for transitions
if we want to support both IPsec and NetLabel labeling on the same
connection.
If we don't support transitions and allow both labeling methods on the
same connection we'll need to decide how to handle resolving the two -
maybe use a transition is this one case?

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[James Morris]

On Fri, 29 Sep 2006, Paul Moore wrote:

 Unless I'm confusing something, there still may be a need for transitions
 if we want to support both IPsec and NetLabel labeling on the same
 connection.

I'd prefer not to support this, as it's too complicated, and CIPSO is a 
legacy protocol.

Normal IPsec protection applied to CIPSO: yes, but not IPsec labeling and 
CIPSO labeling on the same connection.



- James
-- 
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Venkat Yekkirala]

  Fine with me, unless Venkat has an immediate use case for such
  transitions in the flow_in case (but I think this is mostly 
 my fault for
  suggesting transitions a while ago).

I don't have a use case currently.

 
 Unless I'm confusing something, there still may be a need for 
 transitions
 if we want to support both IPsec and NetLabel labeling on the same
 connection.
 If we don't support transitions and allow both labeling methods on the
 same connection we'll need to decide how to handle resolving the two -
 maybe use a transition is this one case?

Since CIPSO doesn't do full contexts currently, it would be just a
matter of an additional flow_in check. The base sid used here would
be the current secmark at that point (which will be the xfrm sid
if xfrm was used). So, no transitions needed here currently.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: mii-tool gigabit support.

[David Hollis]

On Wed, 2006-09-27 at 12:32 -0700, Auke Kok wrote:
 dumping registers in readable format is an extension that needs to be 
 implemented per driver. Not all nics have done this - we just did it
 ourselves 
 for ixgb, and I saw skge/sky2 just fly by this week. 

This has always bothered me a bit with ethtool.  It really stinks that
we have to actually write code and generate patches and get everyone to
update a utility just to be able to get this type of access.  I see two
ways to make the situation better:  1) add extensions to the drivers
themselves to be able to report this which would likely lead to a lot of
driver bloat and too much user-space style info (like verbose
descriptions of the register and it's purpose) or 2) develop some style
of register description definition type of text file, maybe XML, maybe
INI style or something stored in /etc/ethtool as drivername.conf or
something like that.  This way, ethtool doesn't have to be
changed/updated/patched/likely-bug-added for every single device known
to man.  

Just a thought.

-- 
David Hollis [EMAIL PROTECTED]

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Paul Moore]

Venkat Yekkirala wrote:
Fine with me, unless Venkat has an immediate use case for such
transitions in the flow_in case (but I think this is mostly 

my fault for

suggesting transitions a while ago).
 
 I don't have a use case currently.
 
Unless I'm confusing something, there still may be a need for 
transitions
if we want to support both IPsec and NetLabel labeling on the same
connection.
If we don't support transitions and allow both labeling methods on the
same connection we'll need to decide how to handle resolving the two -
maybe use a transition is this one case?
 
 
 Since CIPSO doesn't do full contexts currently, it would be just a
 matter of an additional flow_in check. The base sid used here would
 be the current secmark at that point (which will be the xfrm sid
 if xfrm was used). So, no transitions needed here currently.

That's fine by me, I just wanted to make sure something like that would
be acceptable.  So, in summary, we would do the normal flow_in checks
for both IPsec and NetLabel and then set the secmark using the IPsec
label as the base sid for the NetLabel's generated SID?

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Venkat Yekkirala]

  Unless I'm confusing something, there still may be a need 
 for transitions
  if we want to support both IPsec and NetLabel labeling on the same
  connection.
 
 I'd prefer not to support this, as it's too complicated,

Actually, from my vantage point, it actually seems natural.

 and 
 CIPSO is a 
 legacy protocol.

Sure.

 
 Normal IPsec protection applied to CIPSO: yes, but not IPsec 
 labeling and 
 CIPSO labeling on the same connection.

One use case example can be one SA for Secret in combination with
any/all/none of the compartments. And another SA for Top Secret ...
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Venkat Yekkirala]

 That's fine by me, I just wanted to make sure something like 
 that would
 be acceptable.  So, in summary, we would do the normal flow_in checks
 for both IPsec and NetLabel and then set the secmark using the IPsec
 label as the base sid for the NetLabel's generated SID?

That's correct (in short you won't care if IPSec was in use or not, you
would just use the secmark at that point as the base sid in coming up
with the NetLabel sid, and if it flow controls fine vis a vis the secmark
you would replace secmark with the NetLabel sid. The logic flow is quite
natural and intuitive for the users as well).
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Venkat Yekkirala]

 I tend to agree, I just can't see it being all that useful in the real
 world.  However, each time it comes up (including the conference call
 earlier this week) it seems that people would prefer to use 
 both at the
 same time.

A matter of providing options to users. It seems more of a pain to actually
prevent their use at the same time and/or explain strange/unnatural
behavior.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Paul Moore]

Venkat Yekkirala wrote:
I tend to agree, I just can't see it being all that useful in the real
world.  However, each time it comes up (including the conference call
earlier this week) it seems that people would prefer to use 
both at the
same time.
  
 A matter of providing options to users.

As long as those options receive the blessings of the maintainers ;)

 It seems more of a pain to actually
 prevent their use at the same time and/or explain strange/unnatural
 behavior.

Agreed, the solution that we agreed upon is much easier to implement and
explain than a lot of the alternatives.

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Paul Moore]

Venkat Yekkirala wrote:
 This defines SELinux enforcement of the 2 new LSM hooks as well
 as related changes elsewhere in the SELinux code.

As soon as I hit send on this mail I'll start working on the related
patch to provide the missing NetLabel support.

Additional comments are below.

 Signed-off-by: Venkat Yekkirala [EMAIL PROTECTED]
 ---
  security/selinux/hooks.c|  129 +++---
  security/selinux/include/xfrm.h |5 +
  security/selinux/ss/mls.c   |2 
  security/selinux/ss/services.c  |2 
  security/selinux/xfrm.c |   28 ++
  5 files changed, 139 insertions(+), 27 deletions(-)
 
 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
 index 5a66c4c..143b4b8 100644
 --- a/security/selinux/hooks.c
 +++ b/security/selinux/hooks.c
 @@ -3449,8 +3449,12 @@ static int selinux_sock_rcv_skb_compat(s
  
   err = avc_has_perm(sock_sid, port_sid,
  sock_class, recv_perm, ad);
 + if (err)
 + goto out;
   }
  
 + err = selinux_xfrm_sock_rcv_skb(sock_sid, skb, ad);
 +
  out:
   return err;
  }
 @@ -3489,10 +3493,6 @@ static int selinux_socket_sock_rcv_skb(s
   goto out;
  
   err = selinux_netlbl_sock_rcv_skb(sksec, skb, ad);
 - if (err)
 - goto out;
 -
 - err = selinux_xfrm_sock_rcv_skb(sksec-sid, skb, ad);
  out: 
   return err;
  }
 @@ -3626,13 +3626,16 @@ static int selinux_inet_conn_request(str
   return 0;
   }
  
 - err = selinux_xfrm_decode_session(skb, peersid, 0);
 - BUG_ON(err);
 + if (selinux_compat_net) {
 + err = selinux_xfrm_decode_session(skb, peersid, 0);
 + BUG_ON(err);
  
 - if (peersid == SECSID_NULL) {
 - req-secid = sksec-sid;
 - return 0;
 - }
 + if (peersid == SECSID_NULL) {
 + req-secid = sksec-sid;
 + return 0;
 + }
 + } else
 + peersid = skb-secmark;
  
   err = security_sid_mls_copy(sksec-sid, peersid, newsid);
   if (err)
 @@ -3662,6 +3665,69 @@ static void selinux_req_classify_flow(co
   fl-secid = req-secid;
  }
  
 +static int selinux_skb_flow_in(struct sk_buff *skb, unsigned short family)
 +{
 + u32 xfrm_sid, trans_sid;
 + int err;
 +
 + if (selinux_compat_net)
 + return 1;
 +
 + /* xfrm/cipso inapplicable for loopback traffic */
 + if (skb-dev == loopback_dev)
 + return 1;

Just to clarify (I believe this is the case from your remarks as well as
the code, but better safe than sorry) the secmark for loopback traffic
is set by the originating socket, yes?

Beware: a bit of a nit follows :)

While I understand that NetLabel currently only supports CIPSO, it is a
framework that can support multiple labeling procotols (i.e. RIPSO
support is planned).  Please change the comment from cipso/CIPSO to
netlabel/NetLabel so it is consistent with the rest of the code which
makes use of NetLabel.

 + err = selinux_xfrm_decode_session(skb, xfrm_sid, 0);
 + BUG_ON(err);
 +
 + err = avc_has_perm(xfrm_sid, skb-secmark, SECCLASS_PACKET,
 + PACKET__FLOW_IN, NULL);
 + if (err)
 + goto out;
 +
 + if (xfrm_sid) {
 + err = security_transition_sid(xfrm_sid, skb-secmark,
 + SECCLASS_PACKET, trans_sid);
 + if (err)
 + goto out;
 +
 + skb-secmark = trans_sid;
 + }
 + /* See if CIPSO can flow in thru the current secmark here */

Same nit applies about the use of CIPSO vs NetLabel.

 +out:
 + return err ? 0 : 1;
 +};
 +
 +static int selinux_skb_flow_out(struct sk_buff *skb, u32 nf_secid)
 +{
 + u32 trans_sid;
 + int err;
 +
 + if (selinux_compat_net)
 + return 1;
 +
 + if (!skb-secmark) {
 + u32 xfrm_sid;
 +
 + selinux_skb_xfrm_sid(skb, xfrm_sid);
 +
 + if (xfrm_sid)
 + skb-secmark = xfrm_sid;
 + else if (skb-sk) {
 + struct sk_security_struct *sksec = skb-sk-sk_security;
 + skb-secmark = sksec-sid;
 + }
 + }
 +
 + err = avc_has_perm(skb-secmark, nf_secid, SECCLASS_PACKET,
 + PACKET__FLOW_OUT, NULL);

While I don't see any explicit mention of it in the documentation or
your comments, I assume we would want a flow_out check for NetLabel here
as well?

 +out:
 + return err ? 0 : 1;
 +}
 +
  static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
  {
   int err = 0;
 @@ -3700,7 +3766,8 @@ out:
  
  #ifdef CONFIG_NETFILTER
  
 -static int selinux_ip_postroute_last_compat(struct sock *sk, struct 
 net_device *dev,
 +static int selinux_ip_postroute_last_compat(struct sock *sk, struct sk_buff 
 *skb,
 +

[PATCH 3/8][ATM]: [lec] header indent, comment and whitespace cleanup

[chas williams - CONTRACTOR]

please consider for 2.6.19 -- thanks!

[ATM]: [lec] header indent, comment and whitespace cleanup

Signed-off-by: Chas Williams [EMAIL PROTECTED]

---
commit ad9e9d30230b99dd41921b61a506c41e168e1a84
tree cc1e31605aaf3d473c4f3c8e26d9a1f9b98e72b7
parent 55300d040155e883eb8d3dd39d381c95080719e6
author chas williams - CONTRACTOR [EMAIL PROTECTED] Wed, 20 Sep 2006 18:18:44 
-0400
committer chas williams - CONTRACTOR [EMAIL PROTECTED] Wed, 20 Sep 2006 
18:18:44 -0400

 include/linux/atmlec.h |  119 ++---
 net/atm/lec.h  |  172 ++--
 net/atm/lec_arpc.h |  148 +
 3 files changed, 235 insertions(+), 204 deletions(-)

diff --git a/include/linux/atmlec.h b/include/linux/atmlec.h
index f267f24..e7f1a75 100644
--- a/include/linux/atmlec.h
+++ b/include/linux/atmlec.h
@@ -1,9 +1,7 @@
 /*
- * 
- * ATM Lan Emulation Daemon vs. driver interface
- *
- * [EMAIL PROTECTED]
+ * ATM Lan Emulation Daemon driver interface
  *
+ * Marko Kiiskila [EMAIL PROTECTED]
  */
 
 #ifndef _ATMLEC_H_
@@ -13,76 +11,87 @@ #include linux/atmapi.h
 #include linux/atmioc.h
 #include linux/atm.h
 #include linux/if_ether.h
+
 /* ATM lec daemon control socket */
-#define ATMLEC_CTRL _IO('a',ATMIOC_LANE)
-#define ATMLEC_DATA _IO('a',ATMIOC_LANE+1)
-#define ATMLEC_MCAST _IO('a',ATMIOC_LANE+2)
+#define ATMLEC_CTRL_IO('a', ATMIOC_LANE)
+#define ATMLEC_DATA_IO('a', ATMIOC_LANE+1)
+#define ATMLEC_MCAST   _IO('a', ATMIOC_LANE+2)
 
 /* Maximum number of LEC interfaces (tweakable) */
 #define MAX_LEC_ITF 48
 
-/* From the total of MAX_LEC_ITF, last NUM_TR_DEVS are reserved for Token Ring.
+/*
+ * From the total of MAX_LEC_ITF, last NUM_TR_DEVS are reserved for Token Ring.
  * E.g. if MAX_LEC_ITF = 48 and NUM_TR_DEVS = 8, then lec0-lec39 are for
  * Ethernet ELANs and lec40-lec47 are for Token Ring ELANS.
  */
 #define NUM_TR_DEVS 8
 
-typedef enum { 
-l_set_mac_addr,   l_del_mac_addr, 
-l_svc_setup, 
-l_addr_delete,l_topology_change, 
-l_flush_complete, l_arp_update,
-l_narp_req, /* LANE2 mandates the use of this */
-l_config, l_flush_tran_id, 
-l_set_lecid,  l_arp_xmt,
-l_rdesc_arp_xmt,
-l_associate_req,
-l_should_bridge   /* should we bridge this MAC? */
+typedef enum {
+   l_set_mac_addr,
+   l_del_mac_addr,
+   l_svc_setup,
+   l_addr_delete,
+   l_topology_change,
+   l_flush_complete,
+   l_arp_update,
+   l_narp_req, /* LANE2 mandates the use of this */
+   l_config,
+   l_flush_tran_id,
+   l_set_lecid,
+   l_arp_xmt,
+   l_rdesc_arp_xmt,
+   l_associate_req,
+   l_should_bridge /* should we bridge this MAC? */
 } atmlec_msg_type;
 
 #define ATMLEC_MSG_TYPE_MAX l_should_bridge
 
 struct atmlec_config_msg {
-unsigned int maximum_unknown_frame_count;
-unsigned int max_unknown_frame_time;
-unsigned short max_retry_count;
-unsigned int aging_time;
-unsigned int forward_delay_time;
-unsigned int arp_response_time;
-unsigned int flush_timeout;
-unsigned int path_switching_delay;
-unsigned int  lane_version; /* LANE2: 1 for LANEv1, 2 for LANEv2 */
-int mtu;
-int is_proxy;
+   unsigned int maximum_unknown_frame_count;
+   unsigned int max_unknown_frame_time;
+   unsigned short max_retry_count;
+   unsigned int aging_time;
+   unsigned int forward_delay_time;
+   unsigned int arp_response_time;
+   unsigned int flush_timeout;
+   unsigned int path_switching_delay;
+   unsigned int lane_version;  /* LANE2: 1 for LANEv1, 2 for LANEv2 */
+   int mtu;
+   int is_proxy;
 };
- 
+
 struct atmlec_msg {
-atmlec_msg_type type;
-int sizeoftlvs;/* LANE2: if != 0, tlvs follow */ 
-union {
-struct {
-unsigned char mac_addr[ETH_ALEN];
-unsigned char atm_addr[ATM_ESA_LEN];
-unsigned int flag;/* Topology_change flag, 
-  remoteflag, permanent flag,
-  lecid, transaction id */
-unsigned int targetless_le_arp; /* LANE2 */
-unsigned int no_source_le_narp; /* LANE2 */
-} normal;
-struct atmlec_config_msg config;
-struct {
-uint16_t lec_id; /* requestor 
lec_id  */
-uint32_t tran_id;/* transaction id 
   */
-unsigned char mac_addr[ETH_ALEN];/* dst mac addr   
   */
-unsigned char atm_addr[ATM_ESA_LEN]; /* reqestor ATM 
addr */
-} proxy;
-/* For mapping LE_ARP 

[PATCH 4/8][ATM]: [lec] convert lec_arp_table to hlist

[chas williams - CONTRACTOR]

please consider for 2.6.19 -- thanks!

[ATM]: [lec] convert lec_arp_table to hlist

Signed-off-by: Chas Williams [EMAIL PROTECTED]

---
commit cf14c654bcb812dae6ed85075777a19e1e02bee1
tree d01bc707baf050862e676e5609081ba1cc22aca1
parent ad9e9d30230b99dd41921b61a506c41e168e1a84
author chas williams - CONTRACTOR [EMAIL PROTECTED] Wed, 20 Sep 2006 18:52:59 
-0400
committer chas williams - CONTRACTOR [EMAIL PROTECTED] Wed, 20 Sep 2006 
18:52:59 -0400

 net/atm/lec.c  |  442 +++-
 net/atm/lec.h  |8 -
 net/atm/lec_arpc.h |2 
 3 files changed, 170 insertions(+), 282 deletions(-)

diff --git a/net/atm/lec.c b/net/atm/lec.c
index 13aeacf..87fb0c2 100644
--- a/net/atm/lec.c
+++ b/net/atm/lec.c
@@ -806,7 +806,7 @@ #endif
dev_kfree_skb(skb);
return;
}
-   if (priv-lec_arp_empty_ones) {
+   if (!hlist_empty(priv-lec_arp_empty_ones)) {
lec_arp_check_empties(priv, vcc, skb);
}
skb-dev = dev;
@@ -998,29 +998,32 @@ static void lec_info(struct seq_file *se
 struct lec_state {
unsigned long flags;
struct lec_priv *locked;
-   struct lec_arp_table *entry;
+   struct hlist_node *node;
struct net_device *dev;
int itf;
int arp_table;
int misc_table;
 };
 
-static void *lec_tbl_walk(struct lec_state *state, struct lec_arp_table *tbl,
+static void *lec_tbl_walk(struct lec_state *state, struct hlist_head *tbl,
  loff_t *l)
 {
-   struct lec_arp_table *e = state-entry;
+   struct hlist_node *e = state-node;
+   struct lec_arp_table *tmp;
 
if (!e)
-   e = tbl;
+   e = tbl-first;
if (e == (void *)1) {
-   e = tbl;
+   e = tbl-first;
--*l;
}
-   for (; e; e = e-next) {
+
+   hlist_for_each_entry_from(tmp, e, next) {
if (--*l  0)
break;
}
-   state-entry = e;
+   state-node = e;
+
return (*l  0) ? state : NULL;
 }
 
@@ -1031,7 +1034,7 @@ static void *lec_arp_walk(struct lec_sta
int p;
 
for (p = state-arp_table; p  LEC_ARP_TABLE_SIZE; p++) {
-   v = lec_tbl_walk(state, priv-lec_arp_tables[p], l);
+   v = lec_tbl_walk(state, priv-lec_arp_tables[p], l);
if (v)
break;
}
@@ -1042,10 +1045,10 @@ static void *lec_arp_walk(struct lec_sta
 static void *lec_misc_walk(struct lec_state *state, loff_t *l,
   struct lec_priv *priv)
 {
-   struct lec_arp_table *lec_misc_tables[] = {
-   priv-lec_arp_empty_ones,
-   priv-lec_no_forward,
-   priv-mcast_fwds
+   struct hlist_head *lec_misc_tables[] = {
+   priv-lec_arp_empty_ones,
+   priv-lec_no_forward,
+   priv-mcast_fwds
};
void *v = NULL;
int q;
@@ -1112,7 +1115,7 @@ static void *lec_seq_start(struct seq_fi
state-locked = NULL;
state-arp_table = 0;
state-misc_table = 0;
-   state-entry = (void *)1;
+   state-node = (void *)1;
 
return *pos ? lec_get_idx(state, *pos) : (void *)1;
 }
@@ -1148,9 +1151,10 @@ static int lec_seq_show(struct seq_file 
else {
struct lec_state *state = seq-private;
struct net_device *dev = state-dev;
+   struct lec_arp_table *entry = hlist_entry(state-node, struct 
lec_arp_table, next);
 
seq_printf(seq, %s , dev-name);
-   lec_info(seq, state-entry);
+   lec_info(seq, entry);
}
return 0;
 }
@@ -1455,8 +1459,11 @@ static void lec_arp_init(struct lec_priv
unsigned short i;
 
for (i = 0; i  LEC_ARP_TABLE_SIZE; i++) {
-   priv-lec_arp_tables[i] = NULL;
+   INIT_HLIST_HEAD(priv-lec_arp_tables[i]);
}
+INIT_HLIST_HEAD(priv-lec_arp_empty_ones);
+INIT_HLIST_HEAD(priv-lec_no_forward);
+INIT_HLIST_HEAD(priv-mcast_fwds);
spin_lock_init(priv-lec_arp_lock);
init_timer(priv-lec_arp_timer);
priv-lec_arp_timer.expires = jiffies + LEC_ARP_REFRESH_INTERVAL;
@@ -1479,7 +1486,7 @@ static void lec_arp_clear_vccs(struct le
vcc-user_back = NULL;
vcc-push = entry-old_push;
vcc_release_async(vcc, -EPIPE);
-   vcc = NULL;
+   entry-vcc = NULL;
}
if (entry-recv_vcc) {
entry-recv_vcc-push = entry-old_recv_push;
@@ -1493,27 +1500,17 @@ static void lec_arp_clear_vccs(struct le
  * LANE2: Add to the end of the list to satisfy 8.1.13
  */
 static inline void
-lec_arp_add(struct lec_priv *priv, struct lec_arp_table *to_add)
+lec_arp_add(struct lec_priv *priv, struct lec_arp_table *entry)
 {
-   

[PATCH 5/8][ATM]: [lec] old_close is no longer used

[chas williams - CONTRACTOR]

please consider for 2.6.19 -- thanks!

[ATM]: [lec] old_close is no longer used

Signed-off-by: Chas Williams [EMAIL PROTECTED]

---
commit 693b186c2a764f62e017db4b7ed39298831d99e8
tree d054ccd10917693803070634a21481b09361b126
parent cf14c654bcb812dae6ed85075777a19e1e02bee1
author chas williams - CONTRACTOR [EMAIL PROTECTED] Wed, 20 Sep 2006 18:54:09 
-0400
committer chas williams - CONTRACTOR [EMAIL PROTECTED] Wed, 20 Sep 2006 
18:54:09 -0400

 net/atm/lec_arpc.h |3 ---
 1 files changed, 0 insertions(+), 3 deletions(-)

diff --git a/net/atm/lec_arpc.h b/net/atm/lec_arpc.h
index 3cc2eba..69aeb07 100644
--- a/net/atm/lec_arpc.h
+++ b/net/atm/lec_arpc.h
@@ -24,9 +24,6 @@ struct lec_arp_table {
void (*old_recv_push) (struct atm_vcc *vcc, struct sk_buff *skb);
/* Push that leads to daemon */
 
-   void (*old_close) (struct atm_vcc *vcc);
-   /* We want to see when this vcc gets 
closed */
-
unsigned long last_used;/* For expiry */
unsigned long timestamp;/* Used for various timestamping things:
 * 1. FLUSH started 
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 6/8][ATM]: [lec] use work queue instead of timer for lec arp expiry

[chas williams - CONTRACTOR]

please consider for 2.6.19 -- thanks!

[ATM]: [lec] use work queue instead of timer for lec arp expiry

Signed-off-by: Chas Williams [EMAIL PROTECTED]

---
commit 0152dcfb9d42e203ff26d1619158c9664cfbf2d9
tree 24d0a36e52e7d4e86dd7bf1422ae9948011a194d
parent 693b186c2a764f62e017db4b7ed39298831d99e8
author chas williams - CONTRACTOR [EMAIL PROTECTED] Mon, 25 Sep 2006 07:22:57 
-0400
committer chas williams - CONTRACTOR [EMAIL PROTECTED] Mon, 25 Sep 2006 
07:22:57 -0400

 net/atm/lec.c |   17 +++--
 net/atm/lec.h |2 +-
 2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/net/atm/lec.c b/net/atm/lec.c
index 87fb0c2..8a9f9ab 100644
--- a/net/atm/lec.c
+++ b/net/atm/lec.c
@@ -1442,7 +1442,7 @@ #define DEBUG_ARP_TABLE 0
 
 #define LEC_ARP_REFRESH_INTERVAL (3*HZ)
 
-static void lec_arp_check_expire(unsigned long data);
+static void lec_arp_check_expire(void *data);
 static void lec_arp_expire_arp(unsigned long data);
 
 /* 
@@ -1465,11 +1465,8 @@ static void lec_arp_init(struct lec_priv
 INIT_HLIST_HEAD(priv-lec_no_forward);
 INIT_HLIST_HEAD(priv-mcast_fwds);
spin_lock_init(priv-lec_arp_lock);
-   init_timer(priv-lec_arp_timer);
-   priv-lec_arp_timer.expires = jiffies + LEC_ARP_REFRESH_INTERVAL;
-   priv-lec_arp_timer.data = (unsigned long)priv;
-   priv-lec_arp_timer.function = lec_arp_check_expire;
-   add_timer(priv-lec_arp_timer);
+   INIT_WORK(priv-lec_arp_work, lec_arp_check_expire, priv);
+   schedule_delayed_work(priv-lec_arp_work, LEC_ARP_REFRESH_INTERVAL);
 }
 
 static void lec_arp_clear_vccs(struct lec_arp_table *entry)
@@ -1719,7 +1716,7 @@ static void lec_arp_destroy(struct lec_p
struct lec_arp_table *entry;
int i;
 
-   del_timer_sync(priv-lec_arp_timer);
+   cancel_rearming_delayed_work(priv-lec_arp_work);
 
/*
 * Remove all entries
@@ -1865,10 +1862,10 @@ static void lec_arp_expire_vcc(unsigned 
  *   to ESI_FORWARD_DIRECT. This causes the flush period to end
  *   regardless of the progress of the flush protocol.
  */
-static void lec_arp_check_expire(unsigned long data)
+static void lec_arp_check_expire(void *data)
 {
unsigned long flags;
-   struct lec_priv *priv = (struct lec_priv *)data;
+   struct lec_priv *priv = data;
struct hlist_node *node, *next;
struct lec_arp_table *entry;
unsigned long now;
@@ -1930,7 +1927,7 @@ static void lec_arp_check_expire(unsigne
}
spin_unlock_irqrestore(priv-lec_arp_lock, flags);
 
-   mod_timer(priv-lec_arp_timer, jiffies + LEC_ARP_REFRESH_INTERVAL);
+   schedule_delayed_work(priv-lec_arp_work, LEC_ARP_REFRESH_INTERVAL);
 }
 
 /*
diff --git a/net/atm/lec.h b/net/atm/lec.h
index 8a6cb64..5bf3544 100644
--- a/net/atm/lec.h
+++ b/net/atm/lec.h
@@ -93,7 +93,7 @@ struct lec_priv {
spinlock_t lec_arp_lock;
struct atm_vcc *mcast_vcc;  /* Default Multicast Send VCC */
struct atm_vcc *lecd;
-   struct timer_list lec_arp_timer;/* C10 */
+   struct work_struct lec_arp_work;/* C10 */
unsigned int maximum_unknown_frame_count;
/*
 * Within the period of time 
defined by this variable, the client will send 
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 7/8][ATM]: [lec] add reference counting to lec_arp entries

[chas williams - CONTRACTOR]

please consider for 2.6.19 -- thanks!

[ATM]: [lec] add reference counting to lec_arp entries

Signed-off-by: Chas Williams [EMAIL PROTECTED]

---
commit 397725689277192a899da4009cd078bab8f6ee2d
tree 3bba44e1549229947ed332bb6263c704cabd55c7
parent 0152dcfb9d42e203ff26d1619158c9664cfbf2d9
author chas williams - CONTRACTOR [EMAIL PROTECTED] Mon, 25 Sep 2006 07:28:18 
-0400
committer chas williams - CONTRACTOR [EMAIL PROTECTED] Mon, 25 Sep 2006 
07:28:18 -0400

 net/atm/lec.c  |   42 --
 net/atm/lec_arpc.h |1 +
 2 files changed, 29 insertions(+), 14 deletions(-)

diff --git a/net/atm/lec.c b/net/atm/lec.c
index 8a9f9ab..c865f68 100644
--- a/net/atm/lec.c
+++ b/net/atm/lec.c
@@ -107,6 +107,19 @@ static void lec_vcc_added(struct lec_pri
struct sk_buff *skb));
 static void lec_vcc_close(struct lec_priv *priv, struct atm_vcc *vcc);
 
+/* must be done under lec_arp_lock */
+static inline void lec_arp_hold(struct lec_arp_table *entry)
+{
+   atomic_inc(entry-usage);
+}
+
+static inline void lec_arp_put(struct lec_arp_table *entry)
+{
+   if (atomic_dec_and_test(entry-usage))
+   kfree(entry);
+}
+
+
 static struct lane2_ops lane2_ops = {
lane2_resolve,  /* resolve, spec 3.1.3 */
lane2_associate_req,/* associate_req,   spec 3.1.4 */
@@ -795,7 +808,7 @@ #endif
entry = lec_arp_find(priv, src);
if (entry  entry-vcc != vcc) {
lec_arp_remove(priv, entry);
-   kfree(entry);
+   lec_arp_put(entry);
}
}
spin_unlock_irqrestore(priv-lec_arp_lock, flags);
@@ -1726,7 +1739,7 @@ static void lec_arp_destroy(struct lec_p
for (i = 0; i  LEC_ARP_TABLE_SIZE; i++) {
hlist_for_each_entry_safe(entry, node, next, 
priv-lec_arp_tables[i], next) {
lec_arp_remove(priv, entry);
-   kfree(entry);
+   lec_arp_put(entry);
}
INIT_HLIST_HEAD(priv-lec_arp_tables[i]);
}
@@ -1735,7 +1748,7 @@ static void lec_arp_destroy(struct lec_p
del_timer_sync(entry-timer);
lec_arp_clear_vccs(entry);
hlist_del(entry-next);
-   kfree(entry);
+   lec_arp_put(entry);
}
INIT_HLIST_HEAD(priv-lec_arp_empty_ones);

@@ -1743,7 +1756,7 @@ static void lec_arp_destroy(struct lec_p
del_timer_sync(entry-timer);
lec_arp_clear_vccs(entry);
hlist_del(entry-next);
-   kfree(entry);
+   lec_arp_put(entry);
}
INIT_HLIST_HEAD(priv-lec_no_forward);
 
@@ -1751,7 +1764,7 @@ static void lec_arp_destroy(struct lec_p
/* No timer, LANEv2 7.1.20 and 2.3.5.3 */
lec_arp_clear_vccs(entry);
hlist_del(entry-next);
-   kfree(entry);
+   lec_arp_put(entry);
}
INIT_HLIST_HEAD(priv-mcast_fwds);
priv-mcast_vcc = NULL;
@@ -1799,6 +1812,7 @@ static struct lec_arp_table *make_entry(
to_return-last_used = jiffies;
to_return-priv = priv;
skb_queue_head_init(to_return-tx_wait);
+   atomic_set(to_return-usage, 1);
return to_return;
 }
 
@@ -1843,7 +1857,7 @@ static void lec_arp_expire_vcc(unsigned 
spin_unlock_irqrestore(priv-lec_arp_lock, flags);
 
lec_arp_clear_vccs(to_remove);
-   kfree(to_remove);
+   lec_arp_put(to_remove);
 }
 
 /*
@@ -1891,7 +1905,7 @@ static void lec_arp_check_expire(void *d
/* Remove entry */
DPRINTK(LEC:Entry timed out\n);
lec_arp_remove(priv, entry);
-   kfree(entry);
+   lec_arp_put(entry);
} else {
/* Something else */
if ((entry-status == ESI_VC_PENDING ||
@@ -2045,7 +2059,7 @@ lec_addr_delete(struct lec_priv *priv, u
 (permanent ||
!(entry-flags  LEC_PERMANENT_FLAG))) {
lec_arp_remove(priv, entry);
-   kfree(entry);
+   lec_arp_put(entry);
}
spin_unlock_irqrestore(priv-lec_arp_lock, flags);
return 0;
@@ -2094,7 +2108,7 @@ lec_arp_update(struct lec_priv *priv, un
tmp-old_push = entry-old_push;
tmp-last_used = jiffies;
del_timer(entry-timer);
-   kfree(entry);
+   

[PATCH 8/8][ATM]: [lec] use refcnt to protect lec_arp_entries outside lock

[chas williams - CONTRACTOR]

please consider for 2.6.19 -- thanks!

[ATM]: [lec] use refcnt to protect lec_arp_entries outside lock

Signed-off-by: Chas Williams [EMAIL PROTECTED]

---
commit 74391472d01cdd483714b807c9417a0279ed75d5
tree a191d09973b569f0562d9d433c324bbe80a08560
parent 397725689277192a899da4009cd078bab8f6ee2d
author chas williams - CONTRACTOR [EMAIL PROTECTED] Mon, 25 Sep 2006 22:07:01 
-0400
committer chas williams - CONTRACTOR [EMAIL PROTECTED] Mon, 25 Sep 2006 
22:07:01 -0400

 net/atm/lec.c |   34 --
 1 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/net/atm/lec.c b/net/atm/lec.c
index c865f68..9e635a0 100644
--- a/net/atm/lec.c
+++ b/net/atm/lec.c
@@ -396,7 +396,7 @@ #endif
priv-stats.tx_dropped++;
dev_kfree_skb(skb);
}
-   return 0;
+   goto out;
}
 #if DUMP_PACKETS  0
printk(%s:sending to vpi:%d vci:%d\n, dev-name, vcc-vpi, vcc-vci);
@@ -428,6 +428,9 @@ #endif /* DUMP_PACKETS  0 */
netif_wake_queue(dev);
}
 
+out:
+   if (entry)
+   lec_arp_put(entry);
dev-trans_start = jiffies;
return 0;
 }
@@ -1888,6 +1891,7 @@ static void lec_arp_check_expire(void *d
 
DPRINTK(lec_arp_check_expire %p\n, priv);
now = jiffies;
+restart:
spin_lock_irqsave(priv-lec_arp_lock, flags);
for (i = 0; i  LEC_ARP_TABLE_SIZE; i++) {
hlist_for_each_entry_safe(entry, node, next, 
priv-lec_arp_tables[i], next) {
@@ -1927,14 +1931,16 @@ static void lec_arp_check_expire(void *d
time_after_eq(now, entry-timestamp +
  priv-path_switching_delay)) {
struct sk_buff *skb;
+   struct atm_vcc *vcc = entry-vcc;
 
-   while ((skb =
-   skb_dequeue(entry-tx_wait)) !=
-  NULL)
-   lec_send(entry-vcc, skb,
-entry-priv);
+   lec_arp_hold(entry);
+   
spin_unlock_irqrestore(priv-lec_arp_lock, flags);
+   while ((skb = 
skb_dequeue(entry-tx_wait)) != NULL)
+   lec_send(vcc, skb, entry-priv);
entry-last_used = jiffies;
entry-status = ESI_FORWARD_DIRECT;
+   lec_arp_put(entry);
+   goto restart;
}
}
}
@@ -1977,6 +1983,7 @@ static struct atm_vcc *lec_arp_resolve(s
if (entry-status == ESI_FORWARD_DIRECT) {
/* Connection Ok */
entry-last_used = jiffies;
+   lec_arp_hold(entry);
*ret_entry = entry;
found = entry-vcc;
goto out;
@@ -2007,6 +2014,7 @@ static struct atm_vcc *lec_arp_resolve(s
 * or BUS flood limit was reached for an entry which is
 * in ESI_ARP_PENDING or ESI_VC_PENDING state.
 */
+   lec_arp_hold(entry);
*ret_entry = entry;
DPRINTK(lec: entry-status %d entry-vcc %p\n, entry-status,
entry-vcc);
@@ -2335,18 +2343,24 @@ static void lec_flush_complete(struct le
int i;
 
DPRINTK(LEC:lec_flush_complete %lx\n, tran_id);
+restart:
spin_lock_irqsave(priv-lec_arp_lock, flags);
for (i = 0; i  LEC_ARP_TABLE_SIZE; i++) {
hlist_for_each_entry(entry, node, priv-lec_arp_tables[i], 
next) {
if (entry-flush_tran_id == tran_id
 entry-status == ESI_FLUSH_PENDING) {
struct sk_buff *skb;
+   struct atm_vcc *vcc = entry-vcc;
 
-   while ((skb =
-   skb_dequeue(entry-tx_wait)) != NULL)
-   lec_send(entry-vcc, skb, entry-priv);
+   lec_arp_hold(entry);
+   spin_unlock_irqrestore(priv-lec_arp_lock, 
flags);
+   while ((skb = skb_dequeue(entry-tx_wait)) != 
NULL)
+   lec_send(vcc, skb, entry-priv);
+   entry-last_used = jiffies;
entry-status = ESI_FORWARD_DIRECT;
+   lec_arp_put(entry);
DPRINTK(LEC_ARP: Flushed\n);
+ 

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[James Morris]

On Fri, 29 Sep 2006, Paul Moore wrote:

  It seems more of a pain to actually
  prevent their use at the same time and/or explain strange/unnatural
  behavior.
 
 Agreed, the solution that we agreed upon is much easier to implement and
 explain than a lot of the alternatives.

Ok, can you please explain it further?

i.e. show me what the policy looks like, exactly what the user is trying 
to achieve, and explain what happens to each packet exactly in terms of 
labeling on the input and output paths.




-- 
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: mii-tool gigabit support.

[Stephen Hemminger]

On Fri, 29 Sep 2006 12:12:58 -0400
David Hollis [EMAIL PROTECTED] wrote:

 On Wed, 2006-09-27 at 12:32 -0700, Auke Kok wrote:
  dumping registers in readable format is an extension that needs to be 
  implemented per driver. Not all nics have done this - we just did it
  ourselves 
  for ixgb, and I saw skge/sky2 just fly by this week. 
 
 This has always bothered me a bit with ethtool.  It really stinks that
 we have to actually write code and generate patches and get everyone to
 update a utility just to be able to get this type of access.  I see two
 ways to make the situation better:  1) add extensions to the drivers
 themselves to be able to report this which would likely lead to a lot of
 driver bloat and too much user-space style info (like verbose
 descriptions of the register and it's purpose) or 2) develop some style
 of register description definition type of text file, maybe XML, maybe
 INI style or something stored in /etc/ethtool as drivername.conf or
 something like that.  This way, ethtool doesn't have to be
 changed/updated/patched/likely-bug-added for every single device known
 to man.  
 
 Just a thought.
 
We could switch to shared libraries like 'tc' uses.


-- 
Stephen Hemminger [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Venkat Yekkirala]

  +static int selinux_skb_flow_in(struct sk_buff *skb, 
 unsigned short family)
  +{
  +   u32 xfrm_sid, trans_sid;
  +   int err;
  +
  +   if (selinux_compat_net)
  +   return 1;
  +
  +   /* xfrm/cipso inapplicable for loopback traffic */
  +   if (skb-dev == loopback_dev)
  +   return 1;
 
 Just to clarify (I believe this is the case from your remarks 
 as well as
 the code, but better safe than sorry) the secmark for loopback traffic
 is set by the originating socket, yes?

That's correct.

 
 Beware: a bit of a nit follows :)
 
 While I understand that NetLabel currently only supports 
 CIPSO, it is a
 framework that can support multiple labeling procotols (i.e. RIPSO
 support is planned).  Please change the comment from cipso/CIPSO to
 netlabel/NetLabel so it is consistent with the rest of the code which
 makes use of NetLabel.

Sure.

 
  +   err = selinux_xfrm_decode_session(skb, xfrm_sid, 0);
  +   BUG_ON(err);
  +
  +   err = avc_has_perm(xfrm_sid, skb-secmark, SECCLASS_PACKET,
  +   PACKET__FLOW_IN, NULL);
  +   if (err)
  +   goto out;
  +
  +   if (xfrm_sid) {
  +   err = security_transition_sid(xfrm_sid, skb-secmark,
  +   
 SECCLASS_PACKET, trans_sid);
  +   if (err)
  +   goto out;
  +
  +   skb-secmark = trans_sid;
  +   }
  +   /* See if CIPSO can flow in thru the current secmark here */
 
 Same nit applies about the use of CIPSO vs NetLabel.

Sure.

 
  +out:
  +   return err ? 0 : 1;
  +};
  +
  +static int selinux_skb_flow_out(struct sk_buff *skb, u32 nf_secid)
  +{
  +   u32 trans_sid;
  +   int err;
  +
  +   if (selinux_compat_net)
  +   return 1;
  +
  +   if (!skb-secmark) {
  +   u32 xfrm_sid;
  +
  +   selinux_skb_xfrm_sid(skb, xfrm_sid);
  +
  +   if (xfrm_sid)
  +   skb-secmark = xfrm_sid;
  +   else if (skb-sk) {
  +   struct sk_security_struct *sksec = 
 skb-sk-sk_security;
  +   skb-secmark = sksec-sid;
  +   }
  +   }
  +
  +   err = avc_has_perm(skb-secmark, nf_secid, SECCLASS_PACKET,
  +   PACKET__FLOW_OUT, NULL);
 
 While I don't see any explicit mention of it in the documentation or
 your comments, I assume we would want a flow_out check for 
 NetLabel here
 as well?

I don't believe we do. By this time, the packet is or should already be
carrying the CIPSO/NetLabel option which should already be the right one
(derived from the socket or flow as appropriate), but you would want to
audit the code to make sure. IOW, the label option in the IP header should
already be reflecting the secmark on the skb. But again, you may want to
audit the code to make sure.

 
  +out:
  +   return err ? 0 : 1;
  +}
  +
   static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
   {
  int err = 0;
  @@ -3700,7 +3766,8 @@ out:
   
   #ifdef CONFIG_NETFILTER
   
  -static int selinux_ip_postroute_last_compat(struct sock 
 *sk, struct net_device *dev,
  +static int selinux_ip_postroute_last_compat(struct sock 
 *sk, struct sk_buff *skb,
  +   struct net_device *dev,
  struct avc_audit_data *ad,
  u16 family, char 
 *addrp, int len)
   {
  @@ -3710,6 +3777,9 @@ static int selinux_ip_postroute_last_com
  struct inode *inode;
  struct inode_security_struct *isec;
   
  +   if (!sk)
  +   goto out;
  +
  sock = sk-sk_socket;
  if (!sock)
  goto out;
  @@ -3768,7 +3838,11 @@ static int selinux_ip_postroute_last_com
   
  err = avc_has_perm(isec-sid, port_sid, isec-sclass,
 send_perm, ad);
  +   if (err)
  +   goto out;
  }
  +
  +   err = selinux_xfrm_postroute_last(isec-sid, skb, ad);
   out:
  return err;
   }
  @@ -3782,17 +3856,9 @@ static unsigned int selinux_ip_postroute
   {
  char *addrp;
  int len, err = 0;
  -   struct sock *sk;
  struct sk_buff *skb = *pskb;
  struct avc_audit_data ad;
  struct net_device *dev = (struct net_device *)out;
  -   struct sk_security_struct *sksec;
  -
  -   sk = skb-sk;
  -   if (!sk)
  -   goto out;
  -
  -   sksec = sk-sk_security;
   
  AVC_AUDIT_DATA_INIT(ad, NET);
  ad.u.net.netif = dev-name;
  @@ -3803,16 +3869,25 @@ static unsigned int selinux_ip_postroute
  goto out;
   
  if (selinux_compat_net)
  -   err = selinux_ip_postroute_last_compat(sk, dev, ad,
  +   err = selinux_ip_postroute_last_compat(skb-sk, 
 skb, dev, ad,
 family, 
 addrp, len);
  -   else
  -   err = avc_has_perm(sksec-sid, skb-secmark, 
 SECCLASS_PACKET,
  -  PACKET__SEND, ad);
  +   else {
  +   if (!skb-secmark) {
  +  

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[James Morris]

On Fri, 29 Sep 2006, James Morris wrote:

 On Fri, 29 Sep 2006, Paul Moore wrote:
 
   It seems more of a pain to actually
   prevent their use at the same time and/or explain strange/unnatural
   behavior.
  
  Agreed, the solution that we agreed upon is much easier to implement and
  explain than a lot of the alternatives.
 
 Ok, can you please explain it further?
 
 i.e. show me what the policy looks like, exactly what the user is trying 
 to achieve, and explain what happens to each packet exactly in terms of 
 labeling on the input and output paths.

Also, why can't this be done just with xfrm labeling?

CIPSO is not there to provide a mechanism for separating the label of the 
connection from the label of the data, it's only there to provide interop 
with legacy systems.

If you need to have two labels for a packet (the object and the domain), 
then this needs to be supported directly by xfrm labeling.



- James
-- 
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Paul Moore]

Venkat Yekkirala wrote:
+static int selinux_skb_flow_out(struct sk_buff *skb, u32 nf_secid)
+{
+u32 trans_sid;
+int err;
+
+if (selinux_compat_net)
+return 1;
+
+if (!skb-secmark) {
+u32 xfrm_sid;
+
+selinux_skb_xfrm_sid(skb, xfrm_sid);
+
+if (xfrm_sid)
+skb-secmark = xfrm_sid;
+else if (skb-sk) {
+struct sk_security_struct *sksec = 

skb-sk-sk_security;

+skb-secmark = sksec-sid;
+}
+}
+
+err = avc_has_perm(skb-secmark, nf_secid, SECCLASS_PACKET,
+PACKET__FLOW_OUT, NULL);

While I don't see any explicit mention of it in the documentation or
your comments, I assume we would want a flow_out check for 
NetLabel here
as well?
  
 I don't believe we do. By this time, the packet is or should already be
 carrying the CIPSO/NetLabel option which should already be the right one
 (derived from the socket or flow as appropriate), but you would want to
 audit the code to make sure. IOW, the label option in the IP header should
 already be reflecting the secmark on the skb. But again, you may want to
 audit the code to make sure.

In the case above I am concerned about the situation where the
skb-secmark == 0 and there is a IPv4 option (i.e. it is NetLabel
labeled) on the packet.  It would seem that the right/consistent thing
to do would be to adjust the secmark accordingly, similar to what we
would do on the flow_in case, yes?

+static int selinux_ip_postroute_last_compat(struct sock 

*sk, struct sk_buff *skb,

+struct net_device *dev,
 struct avc_audit_data *ad,
 u16 family, char 

*addrp, int len)

 {
@@ -3710,6 +3777,9 @@ static int selinux_ip_postroute_last_com
 struct inode *inode;
 struct inode_security_struct *isec;
 
+if (!sk)
+goto out;
+
 sock = sk-sk_socket;
 if (!sock)
 goto out;
@@ -3768,7 +3838,11 @@ static int selinux_ip_postroute_last_com
 
 err = avc_has_perm(isec-sid, port_sid, isec-sclass,
send_perm, ad);
+if (err)
+goto out;
 }
+
+err = selinux_xfrm_postroute_last(isec-sid, skb, ad);
 out:
 return err;
 }
@@ -3782,17 +3856,9 @@ static unsigned int selinux_ip_postroute
 {
 char *addrp;
 int len, err = 0;
-struct sock *sk;
 struct sk_buff *skb = *pskb;
 struct avc_audit_data ad;
 struct net_device *dev = (struct net_device *)out;
-struct sk_security_struct *sksec;
-
-sk = skb-sk;
-if (!sk)
-goto out;
-
-sksec = sk-sk_security;
 
 AVC_AUDIT_DATA_INIT(ad, NET);
 ad.u.net.netif = dev-name;
@@ -3803,16 +3869,25 @@ static unsigned int selinux_ip_postroute
 goto out;
 
 if (selinux_compat_net)
-err = selinux_ip_postroute_last_compat(sk, dev, ad,
+err = selinux_ip_postroute_last_compat(skb-sk, 

skb, dev, ad,

family, 

addrp, len);

-else
-err = avc_has_perm(sksec-sid, skb-secmark, 

SECCLASS_PACKET,

-   PACKET__SEND, ad);
+else {
+if (!skb-secmark) {
+u32 xfrm_sid;
 
-if (err)
-goto out;
+selinux_skb_xfrm_sid(skb, xfrm_sid);
 
-err = selinux_xfrm_postroute_last(sksec-sid, skb, ad);
+if (xfrm_sid)
+skb-secmark = xfrm_sid;
+else if (skb-sk) {
+struct sk_security_struct *sksec =
+skb-sk-sk_security;
+skb-secmark = sksec-sid;
+}
+}
+err = avc_has_perm(skb-secmark, SECINITSID_UNLABELED,
+   SECCLASS_PACKET, 

PACKET__FLOW_OUT, ad);

+}

This looks nearly identical to selinux_skb_flow_out() as implemented
above, the only real differences being two of the args to the
avc_has_perm() call.  Any reason you don't abstract out the 
common parts
to a separate function?
 
 May be in the future.
 
Also, the same comment/question about NetLabel support in
selinux_skb_flow_out() applies here as well I suspect.
 
 My comments earlier should apply here as well. 

Mine too :)

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Paul Moore]

James Morris wrote:
 On Fri, 29 Sep 2006, Paul Moore wrote:
 
It seems more of a pain to actually
prevent their use at the same time and/or explain strange/unnatural
behavior.

Agreed, the solution that we agreed upon is much easier to implement and
explain than a lot of the alternatives.
 
 Ok, can you please explain it further?
 
 i.e. show me what the policy looks like, exactly what the user is trying 
 to achieve, and explain what happens to each packet exactly in terms of 
 labeling on the input and output paths.

All right, here is my take on it, perhaps Venkat can chime in too.

 * packet labeling, input

Code below is taken from the secid patchset, minus the SID transition
code as it sounds like that is going to be dropped.  Please note that
this is not a patch just something to help explain.

+static int selinux_skb_flow_in(struct sk_buff *skb, unsigned short family)
+{
+   u32 xfrm_sid, trans_sid;
u32 nlbl_sid;
+   int err;
+
+   if (selinux_compat_net)
+   return 1;
+
+   /* xfrm/cipso inapplicable for loopback traffic */
+   if (skb-dev == loopback_dev)
+   return 1;
+
+   err = selinux_xfrm_decode_session(skb, xfrm_sid, 0);
+   BUG_ON(err);
+
+   err = avc_has_perm(xfrm_sid, skb-secmark, SECCLASS_PACKET,
+   PACKET__FLOW_IN, NULL);
+   if (err)
+   goto out;
+
if (xfrm_sid)
skb-secmark = xfrm_sid;

err = selinux_netlbl_skbuff_getsid(skb,
   skb-secmark,
   nlbl_sid);
if (err)
goto out;

if (nlbl_sid != SECINITSID_UNLABELED) {
/* not sure if we want this avc check above this if
 * block? */
err = avc_has_perm(nlbl_sid,
   skb-secmark,
   SECCLASS_PACKET,
   PACKET__FLOW_IN,
   NULL);
if (err)
goto out;
skb-secmark = nlbl_sid;
}
+
+out:
+   return err ? 0 : 1;
+};

 * packet labeling, output

This is currently being discussed, so take this with a few grains of salt.

+static int selinux_skb_flow_out(struct sk_buff *skb, u32 nf_secid)
+{
+   u32 trans_sid;
u32 nlbl_sid;
+   int err;
+
+   if (selinux_compat_net)
+   return 1;
+
+   if (!skb-secmark) {
+   u32 xfrm_sid;
+
+   selinux_skb_xfrm_sid(skb, xfrm_sid);
+
+   if (xfrm_sid)
+   skb-secmark = xfrm_sid;
+   else if (skb-sk) {
+   struct sk_security_struct *sksec =
+   skb-sk-sk_security;
+   skb-secmark = sksec-sid;
+   }

err = selinux_netlbl_skbuff_getsid(skb,
   skb-secmark,
   nlbl_sid);
if (err)
goto out;
if (nlbl_sid != SECINITSID_UNLABELED) {
err = avc_has_perm(nlbl_sid,
   skb-secmark,
   SECCLASS_PACKET,
   PACKET__FLOW_OUT,
   NULL);
if (err)
goto out;
skb-secmark = nlbl_sid;
}
+   }
+
+   err = avc_has_perm(skb-secmark, nf_secid, SECCLASS_PACKET,
+   PACKET__FLOW_OUT, NULL);
+
+out:
+   return err ? 0 : 1;
+}

 * pseudo policy

Since NetLabel presently only provides a MLS label I don't believe there
would be any additional SELinux allow rules beyond those needed for
IPsec labeling (maybe in the flow_out, not sure).  The MLS/MCS
constraints would be the only thing affected I believe, and even then
the existing constraints should suffice.

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Paul Moore]

James Morris wrote:
 On Fri, 29 Sep 2006, James Morris wrote:
 
 
On Fri, 29 Sep 2006, Paul Moore wrote:


It seems more of a pain to actually
prevent their use at the same time and/or explain strange/unnatural
behavior.

Agreed, the solution that we agreed upon is much easier to implement and
explain than a lot of the alternatives.

Ok, can you please explain it further?

i.e. show me what the policy looks like, exactly what the user is trying 
to achieve, and explain what happens to each packet exactly in terms of 
labeling on the input and output paths.
  
 Also, why can't this be done just with xfrm labeling?

I believe the issue Venkat and I were discussing was how to handle the
case of multiple external labeling protocols, i.e. what to do if we get
a packet through labeled SA which has a CIPSO option.  As I've said
before, I don't believe this is something we will see much in practice
but I think we need to decide what to do: handle it somehow or just punt
on the problem and drop it.  Several people with experience with
external labeling have commented on how supporting both external
labeling protocols would be a good idea so Venkat and I are trying to
come up with a solution that works.

Please see my reponse with the pseudo code/policy examples as this might
help clear things up.

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: mii-tool gigabit support.

[Rick Jones]

2) develop some style

of register description definition type of text file, maybe XML, maybe
INI style or something stored in /etc/ethtool as drivername.conf or
something like that.  This way, ethtool doesn't have to be
changed/updated/patched/likely-bug-added for every single device known
to man.  


Just a thought.


 
We could switch to shared libraries like 'tc' uses.


From a practical standpoint is shipping a new config file or a new shared 
library all that much different from a new ethtool binary?


rick
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

rewriting skb-truesize... good or bad idea

[Vlad Yasevich]

Hi Folks

I was looking at SCTP performance problem that is a result of
receive buffer exhaustion and found the we severely overcharge
the receive buffer when multiple data chunks are bundled together.
This bundling usually happens at retransmit time which penalizes us
even more.

Here is what happens.  For every data chunk that SCTP stack receives,
we clone skb of that data chunk, charge the receive buffer for the skb,
and put the chunk on the the socket receive queue (this is skipping a
few steps, but they don't matter for the sake of this discussion).  We
charge the receive buffer with the skb-truesize.

The problem shows up when multiple data chunks are bundled into the
same skb.  We end up with multiple clones, and for each clone we charge
skb-truesize against the receive buffer.  However, since skb_clone()
preservers the original truesize in all clones, we end up overcharging.

One of the proposed solutions is change the skb-truesize of the clone
to just be sizeof(struct sk_buff), if and only if this is not the first
data chunk in the packet.

I've attached the patch, in case people want to look at the code.

However, we question if this is a good idea or if this is going to break
things...

Thanks
-vlad
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 5b5ae79..9bb1dbd 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -5349,7 +5349,7 @@ static int sctp_eat_data(const struct sc
if (SCTP_CMD_CHUNK_ULP == deliver)
sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_TSN, SCTP_U32(tsn));
 
-   chunk-data_accepted = 1;
+   chunk-data_accepted++;
 
/* Note: Some chunks may get overcounted (if we drop) or overcounted
 * if we renege and the chunk arrives again.
diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
index ee23678..0e1f11d 100644
--- a/net/sctp/ulpevent.c
+++ b/net/sctp/ulpevent.c
@@ -685,6 +685,17 @@ struct sctp_ulpevent *sctp_ulpevent_make
/* Initialize event with flags 0.  */
sctp_ulpevent_init(event, 0);
 
+   /* Check to see if we need to fixup the truesize of the clone.
+* We are about to charge the receive buffer for this chunk,
+* and we always use skb-truesize.  However, this doesn't work
+* for bundled data chunks since we'll drastically overcharge.
+* To get around that, keep the oiginal truesize on the clone
+* only for the first data chunk, and update truesize for the clone
+* on subsequent ones.
+*/
+   if (chunk-data_accepted  1)
+   skb-truesize = sizeof(struct skb);
+
sctp_ulpevent_receive_data(event, asoc);
 
event-stream = ntohs(chunk-subh.data_hdr-stream);

Re: sky2 (was Re: 2.6.18-mm2)

[Andrea Gelmini]

On Thu, Sep 28, 2006 at 04:30:23PM -0700, Stephen Hemminger wrote:
 Note: I know what is causing all the sky2 problems, there is something wrong 
 that
 is causing flow control negotiation not to propagate back to all the multiple 
 levels
 of the chip. Unclear how to fix it, the documentation is not helpful on this.
 If not resolved soon, I'll just force Tx flow control off for now.

just for the record, same problem here.
I mean, with my Sony Vaio VGN-SZ1VP (here[1] you can find all hardware
details), it's enough some mega of udp traffic, usually nfs, to freeze
the network. Well, no complain from the kernel. It's enough to rmmod and
modprobe sky2 to fix the problem. I already tried -mm1, but nothing
changed. In the meanwhile I will continue to use my usb network card.

Thanks a lot for your time,
Andrea Gelmini

---
[1] http://groups.google.it/group/linux.kernel/msg/ceff3014c410bea6 
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/1] NetLabel: add audit support for configuration changes

[Steve Grubb]

On Thursday 28 September 2006 14:03, [EMAIL PROTECTED] wrote:
 This patch adds audit support to NetLabel, including six new audit message
 types shown below.

  #define AUDIT_MAC_UNLBL_ACCEPT 1406
  #define AUDIT_MAC_UNLBL_DENY   1407
  #define AUDIT_MAC_CIPSOV4_ADD  1408
  #define AUDIT_MAC_CIPSOV4_DEL  1409
  #define AUDIT_MAC_MAP_ADD  1410
  #define AUDIT_MAC_MAP_DEL  1411

 Please consider this for inclusion into 2.6.19.

 Signed-off-by: Paul Moore [EMAIL PROTECTED]
 ---
  include/linux/audit.h  |6 ++
  include/net/cipso_ipv4.h   |5 +-
  include/net/netlabel.h |2
  net/ipv4/cipso_ipv4.c  |8 ++-
  net/netlabel/netlabel_cipso_v4.c   |   43 +
  net/netlabel/netlabel_domainhash.c |   54 +++--
  net/netlabel/netlabel_domainhash.h |6 +-
  net/netlabel/netlabel_mgmt.c   |   14 +++--
  net/netlabel/netlabel_unlabeled.c  |   36 --
  net/netlabel/netlabel_user.c   |   91
 + net/netlabel/netlabel_user.h   | 
   6 ++
  11 files changed, 235 insertions(+), 36 deletions(-)

 Index: net-2.6/include/linux/audit.h
 ===
 --- net-2.6.orig/include/linux/audit.h
 +++ net-2.6/include/linux/audit.h
 @@ -95,6 +95,12 @@
  #define AUDIT_MAC_POLICY_LOAD1403/* Policy file load */
  #define AUDIT_MAC_STATUS 1404/* Changed enforcing,permissive,off */
  #define AUDIT_MAC_CONFIG_CHANGE  1405/* Changes to booleans */
 +#define AUDIT_MAC_UNLBL_ACCEPT   1406/* NetLabel: allow unlabeled 
 traffic */ 
 +#define AUDIT_MAC_UNLBL_DENY 1407/* NetLabel: deny unlabeled traffic */

Please drop the use of DENY per comments later down.

 +#define AUDIT_MAC_CIPSOV4_ADD1408/* NetLabel: add CIPSOv4 DOI 
 entry */
 +#define AUDIT_MAC_CIPSOV4_DEL1409/* NetLabel: del CIPSOv4 DOI 
 entry */
 +#define AUDIT_MAC_MAP_ADD1410/* NetLabel: add LSM domain mapping */  
 +#define AUDIT_MAC_MAP_DEL1411/* NetLabel: del LSM domain mapping */

  #define AUDIT_FIRST_KERN_ANOM_MSG   1700
  #define AUDIT_LAST_KERN_ANOM_MSG1799
 Index: net-2.6/include/net/cipso_ipv4.h
 ===
 --- net-2.6.orig/include/net/cipso_ipv4.h
 +++ net-2.6/include/net/cipso_ipv4.h
 @@ -128,7 +128,9 @@ extern int cipso_v4_rbm_strictvalid;

  #ifdef CONFIG_NETLABEL
  int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);
 -int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head *
 head)); +int cipso_v4_doi_remove(u32 doi,
 + u32 audit_secid,
 + void (*callback) (struct rcu_head * head));
  struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
  int cipso_v4_doi_walk(u32 *skip_cnt,
int (*callback) (struct cipso_v4_doi *doi_def, void *arg),
 @@ -143,6 +145,7 @@ static inline int cipso_v4_doi_add(struc
  }

  static inline int cipso_v4_doi_remove(u32 doi,
 + u32 audit_secid,
   void (*callback) (struct rcu_head * head))
  {
   return 0;
 Index: net-2.6/include/net/netlabel.h
 ===
 --- net-2.6.orig/include/net/netlabel.h
 +++ net-2.6/include/net/netlabel.h
 @@ -96,7 +96,7 @@
  struct netlbl_dom_map;

  /* Domain mapping operations */
 -int netlbl_domhsh_remove(const char *domain);
 +int netlbl_domhsh_remove(const char *domain, u32 audit_secid);

  /* LSM security attributes */
  struct netlbl_lsm_cache {
 Index: net-2.6/net/ipv4/cipso_ipv4.c
 ===
 --- net-2.6.orig/net/ipv4/cipso_ipv4.c
 +++ net-2.6/net/ipv4/cipso_ipv4.c
 @@ -474,6 +474,7 @@ doi_add_failure_rlock:
  /**
   * cipso_v4_doi_remove - Remove an existing DOI from the CIPSO protocol
 engine * @doi: the DOI value
 + * @audit_secid: the LSM secid to use in the audit message
   * @callback: the DOI cleanup/free callback
   *
   * Description:
 @@ -483,7 +484,9 @@ doi_add_failure_rlock:
   * success and negative values on failure.
   *
   */
 -int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head *
 head)) +int cipso_v4_doi_remove(u32 doi,
 + u32 audit_secid,
 + void (*callback) (struct rcu_head * head))
  {
   struct cipso_v4_doi *doi_def;
   struct cipso_v4_domhsh_entry *dom_iter;
 @@ -502,7 +505,8 @@ int cipso_v4_doi_remove(u32 doi, void (*
   spin_unlock(cipso_v4_doi_list_lock);
   list_for_each_entry_rcu(dom_iter, doi_def-dom_list, list)
   if (dom_iter-valid)
 - netlbl_domhsh_remove(dom_iter-domain);
 + netlbl_domhsh_remove(dom_iter-domain,
 +  audit_secid);
   cipso_v4_cache_invalidate();
 

Re: [PATCH 1/1] NetLabel: add audit support for configuration changes

[James Morris]

Dave,

Looks like this patch needs to be reverted until these issues are 
resolved.



On Fri, 29 Sep 2006, Steve Grubb wrote:

 On Thursday 28 September 2006 14:03, [EMAIL PROTECTED] wrote:
  This patch adds audit support to NetLabel, including six new audit message
  types shown below.
 
   #define AUDIT_MAC_UNLBL_ACCEPT 1406
   #define AUDIT_MAC_UNLBL_DENY   1407
   #define AUDIT_MAC_CIPSOV4_ADD  1408
   #define AUDIT_MAC_CIPSOV4_DEL  1409
   #define AUDIT_MAC_MAP_ADD  1410
   #define AUDIT_MAC_MAP_DEL  1411
 
  Please consider this for inclusion into 2.6.19.
 
  Signed-off-by: Paul Moore [EMAIL PROTECTED]
  ---
   include/linux/audit.h  |6 ++
   include/net/cipso_ipv4.h   |5 +-
   include/net/netlabel.h |2
   net/ipv4/cipso_ipv4.c  |8 ++-
   net/netlabel/netlabel_cipso_v4.c   |   43 +
   net/netlabel/netlabel_domainhash.c |   54 +++--
   net/netlabel/netlabel_domainhash.h |6 +-
   net/netlabel/netlabel_mgmt.c   |   14 +++--
   net/netlabel/netlabel_unlabeled.c  |   36 --
   net/netlabel/netlabel_user.c   |   91
  + net/netlabel/netlabel_user.h   | 
6 ++
   11 files changed, 235 insertions(+), 36 deletions(-)
 
  Index: net-2.6/include/linux/audit.h
  ===
  --- net-2.6.orig/include/linux/audit.h
  +++ net-2.6/include/linux/audit.h
  @@ -95,6 +95,12 @@
   #define AUDIT_MAC_POLICY_LOAD  1403/* Policy file load */
   #define AUDIT_MAC_STATUS   1404/* Changed enforcing,permissive,off */
   #define AUDIT_MAC_CONFIG_CHANGE1405/* Changes to booleans */
  +#define AUDIT_MAC_UNLBL_ACCEPT 1406/* NetLabel: allow unlabeled 
  traffic */ 
  +#define AUDIT_MAC_UNLBL_DENY   1407/* NetLabel: deny unlabeled 
  traffic */
 
 Please drop the use of DENY per comments later down.
 
  +#define AUDIT_MAC_CIPSOV4_ADD  1408/* NetLabel: add CIPSOv4 DOI 
  entry */
  +#define AUDIT_MAC_CIPSOV4_DEL  1409/* NetLabel: del CIPSOv4 DOI 
  entry */
  +#define AUDIT_MAC_MAP_ADD  1410/* NetLabel: add LSM domain mapping */  
  +#define AUDIT_MAC_MAP_DEL  1411/* NetLabel: del LSM domain mapping */
 
   #define AUDIT_FIRST_KERN_ANOM_MSG   1700
   #define AUDIT_LAST_KERN_ANOM_MSG1799
  Index: net-2.6/include/net/cipso_ipv4.h
  ===
  --- net-2.6.orig/include/net/cipso_ipv4.h
  +++ net-2.6/include/net/cipso_ipv4.h
  @@ -128,7 +128,9 @@ extern int cipso_v4_rbm_strictvalid;
 
   #ifdef CONFIG_NETLABEL
   int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);
  -int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head *
  head)); +int cipso_v4_doi_remove(u32 doi,
  +   u32 audit_secid,
  +   void (*callback) (struct rcu_head * head));
   struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
   int cipso_v4_doi_walk(u32 *skip_cnt,
   int (*callback) (struct cipso_v4_doi *doi_def, void *arg),
  @@ -143,6 +145,7 @@ static inline int cipso_v4_doi_add(struc
   }
 
   static inline int cipso_v4_doi_remove(u32 doi,
  +   u32 audit_secid,
  void (*callback) (struct rcu_head * head))
   {
  return 0;
  Index: net-2.6/include/net/netlabel.h
  ===
  --- net-2.6.orig/include/net/netlabel.h
  +++ net-2.6/include/net/netlabel.h
  @@ -96,7 +96,7 @@
   struct netlbl_dom_map;
 
   /* Domain mapping operations */
  -int netlbl_domhsh_remove(const char *domain);
  +int netlbl_domhsh_remove(const char *domain, u32 audit_secid);
 
   /* LSM security attributes */
   struct netlbl_lsm_cache {
  Index: net-2.6/net/ipv4/cipso_ipv4.c
  ===
  --- net-2.6.orig/net/ipv4/cipso_ipv4.c
  +++ net-2.6/net/ipv4/cipso_ipv4.c
  @@ -474,6 +474,7 @@ doi_add_failure_rlock:
   /**
* cipso_v4_doi_remove - Remove an existing DOI from the CIPSO protocol
  engine * @doi: the DOI value
  + * @audit_secid: the LSM secid to use in the audit message
* @callback: the DOI cleanup/free callback
*
* Description:
  @@ -483,7 +484,9 @@ doi_add_failure_rlock:
* success and negative values on failure.
*
*/
  -int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head *
  head)) +int cipso_v4_doi_remove(u32 doi,
  +   u32 audit_secid,
  +   void (*callback) (struct rcu_head * head))
   {
  struct cipso_v4_doi *doi_def;
  struct cipso_v4_domhsh_entry *dom_iter;
  @@ -502,7 +505,8 @@ int cipso_v4_doi_remove(u32 doi, void (*
  spin_unlock(cipso_v4_doi_list_lock);
  list_for_each_entry_rcu(dom_iter, doi_def-dom_list, list)
  if (dom_iter-valid)
  -   

Re: [PATCH 1/1] NetLabel: add audit support for configuration changes

[Paul Moore]

James Morris wrote:
 Dave,
 
 Looks like this patch needs to be reverted until these issues are 
 resolved.

Yes, please revert this patch.

I posted an earlier version to the linux-audit list and waited for a day
to see if there any comments before submitting for inclusion, but
unfortunately it seems I didn't wait long enough for Steve.  I'll deal
with Steve's comments once I handle the secid reconciliation patches as
I think they are more important right now.

 On Fri, 29 Sep 2006, Steve Grubb wrote:
 
 
On Thursday 28 September 2006 14:03, [EMAIL PROTECTED] wrote:

This patch adds audit support to NetLabel, including six new audit message
types shown below.

 #define AUDIT_MAC_UNLBL_ACCEPT 1406
 #define AUDIT_MAC_UNLBL_DENY   1407
 #define AUDIT_MAC_CIPSOV4_ADD  1408
 #define AUDIT_MAC_CIPSOV4_DEL  1409
 #define AUDIT_MAC_MAP_ADD  1410
 #define AUDIT_MAC_MAP_DEL  1411

Please consider this for inclusion into 2.6.19.

Signed-off-by: Paul Moore [EMAIL PROTECTED]
---
 include/linux/audit.h  |6 ++
 include/net/cipso_ipv4.h   |5 +-
 include/net/netlabel.h |2
 net/ipv4/cipso_ipv4.c  |8 ++-
 net/netlabel/netlabel_cipso_v4.c   |   43 +
 net/netlabel/netlabel_domainhash.c |   54 +++--
 net/netlabel/netlabel_domainhash.h |6 +-
 net/netlabel/netlabel_mgmt.c   |   14 +++--
 net/netlabel/netlabel_unlabeled.c  |   36 --
 net/netlabel/netlabel_user.c   |   91
+ net/netlabel/netlabel_user.h   | 
  6 ++
 11 files changed, 235 insertions(+), 36 deletions(-)

Index: net-2.6/include/linux/audit.h
===
--- net-2.6.orig/include/linux/audit.h
+++ net-2.6/include/linux/audit.h
@@ -95,6 +95,12 @@
 #define AUDIT_MAC_POLICY_LOAD   1403/* Policy file load */
 #define AUDIT_MAC_STATUS1404/* Changed enforcing,permissive,off */
 #define AUDIT_MAC_CONFIG_CHANGE 1405/* Changes to booleans */
+#define AUDIT_MAC_UNLBL_ACCEPT  1406/* NetLabel: allow unlabeled 
traffic */ 
+#define AUDIT_MAC_UNLBL_DENY1407/* NetLabel: deny unlabeled 
traffic */

Please drop the use of DENY per comments later down.


+#define AUDIT_MAC_CIPSOV4_ADD   1408/* NetLabel: add CIPSOv4 DOI 
entry */
+#define AUDIT_MAC_CIPSOV4_DEL   1409/* NetLabel: del CIPSOv4 DOI 
entry */
+#define AUDIT_MAC_MAP_ADD   1410/* NetLabel: add LSM domain mapping */  
+#define AUDIT_MAC_MAP_DEL   1411/* NetLabel: del LSM domain mapping */

 #define AUDIT_FIRST_KERN_ANOM_MSG   1700
 #define AUDIT_LAST_KERN_ANOM_MSG1799
Index: net-2.6/include/net/cipso_ipv4.h
===
--- net-2.6.orig/include/net/cipso_ipv4.h
+++ net-2.6/include/net/cipso_ipv4.h
@@ -128,7 +128,9 @@ extern int cipso_v4_rbm_strictvalid;

 #ifdef CONFIG_NETLABEL
 int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);
-int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head *
head)); +int cipso_v4_doi_remove(u32 doi,
+u32 audit_secid,
+void (*callback) (struct rcu_head * head));
 struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
 int cipso_v4_doi_walk(u32 *skip_cnt,
  int (*callback) (struct cipso_v4_doi *doi_def, void *arg),
@@ -143,6 +145,7 @@ static inline int cipso_v4_doi_add(struc
 }

 static inline int cipso_v4_doi_remove(u32 doi,
+u32 audit_secid,
 void (*callback) (struct rcu_head * head))
 {
 return 0;
Index: net-2.6/include/net/netlabel.h
===
--- net-2.6.orig/include/net/netlabel.h
+++ net-2.6/include/net/netlabel.h
@@ -96,7 +96,7 @@
 struct netlbl_dom_map;

 /* Domain mapping operations */
-int netlbl_domhsh_remove(const char *domain);
+int netlbl_domhsh_remove(const char *domain, u32 audit_secid);

 /* LSM security attributes */
 struct netlbl_lsm_cache {
Index: net-2.6/net/ipv4/cipso_ipv4.c
===
--- net-2.6.orig/net/ipv4/cipso_ipv4.c
+++ net-2.6/net/ipv4/cipso_ipv4.c
@@ -474,6 +474,7 @@ doi_add_failure_rlock:
 /**
  * cipso_v4_doi_remove - Remove an existing DOI from the CIPSO protocol
engine * @doi: the DOI value
+ * @audit_secid: the LSM secid to use in the audit message
  * @callback: the DOI cleanup/free callback
  *
  * Description:
@@ -483,7 +484,9 @@ doi_add_failure_rlock:
  * success and negative values on failure.
  *
  */
-int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head *
head)) +int cipso_v4_doi_remove(u32 doi,
+u32 audit_secid,
+void (*callback) (struct rcu_head * head))
 {
 struct cipso_v4_doi *doi_def;
 struct cipso_v4_domhsh_entry *dom_iter;
@@ -502,7 +505,8 @@ int cipso_v4_doi_remove(u32 doi, void (*
 

Re: Network problem with 2.6.18-mm1 ?

[Jesse Brandeburg]

On 9/28/06, Sukadev Bhattiprolu [EMAIL PROTECTED] wrote:

$ cat /proc/interrupts

   CPU0   CPU1
 28:  0  0   IO-APIC-fasteoi  eth0
NMI: 96 35
LOC:  18251  18524
ERR:  0


you should be getting an interrupt every two seconds from the eth0
(e1000) driver.  You are having interrupt delivery problems probably
due to something screwing up interrupt routing in the kernel.
Normally these issues are associated with MSI interrupts but your
adapter doesn't support those and is using generic IRQ

I'm guessing that if you somehow enable interrupts on your vga card on
the same bus as e1000 (bus 3) it will have interrupt delivery problems
as well.  Maybe try xorg?

Jesse
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[James Morris]

On Fri, 29 Sep 2006, Paul Moore wrote:

 James Morris wrote:
  Ok, can you please explain it further?
  
  i.e. show me what the policy looks like, exactly what the user is trying 
  to achieve, and explain what happens to each packet exactly in terms of 
  labeling on the input and output paths.
 
 All right, here is my take on it, perhaps Venkat can chime in too.

Thanks, that cleared up many things, but how does this interact with 
CONNSECMARK?

Please provide some example iptables rules, SELinux policy statements, 
racoon config and netlabel config.  I need to understand exactly what 
happens to each packet in, say, an FTP session and how you envisage the 
configuration.

Here's a sample scenario for the above (let me know if this is not how 
you expect this to be used):

Say that the SA is labeled secret and you have two FTP clients 
connecting to a server via xinetd on this SA.  Each client additionally 
labels their packets via CIPSO as secret:c1 and secret:c2 respectively.  
xinetd launches an FTP server for each at the correct level.



- James 
-- 
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Venkat Yekkirala]

 While I don't see any explicit mention of it in the documentation or
 your comments, I assume we would want a flow_out check for 
 NetLabel here
 as well?
   
  I don't believe we do. By this time, the packet is or 
 should already be
  carrying the CIPSO/NetLabel option which should already be 
 the right one
  (derived from the socket or flow as appropriate), but you 
 would want to
  audit the code to make sure. IOW, the label option in the 
 IP header should
  already be reflecting the secmark on the skb. But again, 
 you may want to
  audit the code to make sure.
 
 In the case above I am concerned about the situation where the
 skb-secmark == 0 and there is a IPv4 option (i.e. it is NetLabel
 labeled) on the packet.

Where we initialize the secmark should be immaterial from the NetLabel
point of view. The kernel mechanisms should assure that the IP option
reflects the MLS portion (or a label in the SA range) elsewhere. In any
case, a flow_out check doesn't make sense since the IP option and the
secmark are (should be) mirroring each other and there's in actuality
no flow out happening; they are just 2 representation of the SAME label.

Your suggestion as to adjusting the secmark per the IP option might be
fraught with danger since, in certain cases, I believe, you just return
the incoming options in the outgoing packet (timewait, openreq, etc.?),
and there's no assurance that that's a valid enough option that you can
retrieve a sid with it, correct?
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Paul Moore]

James Morris wrote:
 On Fri, 29 Sep 2006, Paul Moore wrote:
 
James Morris wrote:

Ok, can you please explain it further?

i.e. show me what the policy looks like, exactly what the user is trying 
to achieve, and explain what happens to each packet exactly in terms of 
labeling on the input and output paths.

All right, here is my take on it, perhaps Venkat can chime in too.
 
 Thanks, that cleared up many things, but how does this interact with 
 CONNSECMARK?
 
 Please provide some example iptables rules, SELinux policy statements, 
 racoon config and netlabel config.  I need to understand exactly what 
 happens to each packet in, say, an FTP session and how you envisage the 
 configuration.

Hopefully Venkat can talk to the iptables rule, policy statements, and
racoon config.  He has the best understanding of how this works with the
secid patches.  There really is no specific NetLabel config as the
NetLabel config only specifies how to create the explicit packet label
(CIPSO IPv4 option) using the socket's SID.  NetLabel, like SECMARK, is
just a packet labeling mechanism.

I think the key thing to remember is that the only change brought about
by the pseudo-code I posted earlier is that the secmark's MLS label
would be adjusted to match the value of the NetLabel (CIPSO option)
assuming it passes the avc flow_in checks.

 Here's a sample scenario for the above (let me know if this is not how 
 you expect this to be used):
 
 Say that the SA is labeled secret and you have two FTP clients 
 connecting to a server via xinetd on this SA.  Each client additionally 
 labels their packets via CIPSO as secret:c1 and secret:c2 respectively.  
 xinetd launches an FTP server for each at the correct level.

I believe Venkat can address this.

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Paul Moore]

Venkat Yekkirala wrote:
While I don't see any explicit mention of it in the documentation or
your comments, I assume we would want a flow_out check for 
NetLabel here
as well?

 
I don't believe we do. By this time, the packet is or 

should already be

carrying the CIPSO/NetLabel option which should already be 

the right one

(derived from the socket or flow as appropriate), but you 

would want to

audit the code to make sure. IOW, the label option in the 

IP header should

already be reflecting the secmark on the skb. But again, 

you may want to

audit the code to make sure.

In the case above I am concerned about the situation where the
skb-secmark == 0 and there is a IPv4 option (i.e. it is NetLabel
labeled) on the packet.

It's unfortunate that you cut out the code in your reply.

 Where we initialize the secmark should be immaterial from the NetLabel
 point of view. The kernel mechanisms should assure that the IP option
 reflects the MLS portion (or a label in the SA range) elsewhere.

Yep, I agree.

 In any
 case, a flow_out check doesn't make sense since the IP option and the
 secmark are (should be) mirroring each other and there's in actuality
 no flow out happening; they are just 2 representation of the SAME label.

Well, reading the code I see that if the secmark is zero upon entering
the function you query the XFRM subsystem to query the SA label and set
the secmark accordingly, yes?  All I am suggesting is that we do the
same thing for NetLabel.

Please see the mail I sent earlier with the code in it to address James'
concerns, this has a proposed solution for the flow_out case.

 Your suggestion as to adjusting the secmark per the IP option might be
 fraught with danger since, in certain cases, I believe, you just return
 the incoming options in the outgoing packet (timewait, openreq, etc.?),
 and there's no assurance that that's a valid enough option that you can
 retrieve a sid with it, correct?

As implemented in the code snippets I sent earlier the generated
NetLabel SID would reflect the secmark as determined by the IPsec label
and the IP options on the packet.  I believe this is what we want as the
resulting secmark value would directly represent the security attributes
of the packet.

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] tcp-lp: prevent chance for oops

[Wong Edison]

I do this since i have a sourceforge homepage for it. I update the CVS
version there, test, and then submit to netdev. As I sync code in both
side, this $Id$ is keeped.

May you just let it be? I think it will let my maintenance become more simple...

On 9/29/06, David Miller [EMAIL PROTECTED] wrote:

From: Wong Edison [EMAIL PROTECTED]
Date: Thu, 28 Sep 2006 18:43:58 +0800

   *
 - * Version: $Id: tcp_lp.c,v 1.24 2006/09/05 20:22:53 hswong3i Exp $
 + * Version: $Id: tcp_lp.c,v 1.25 2006/09/22 20:50:27 hswong3i Exp $

BTW, I'm deleting this line from the source file in the tree
because every patch you send doesn't apply cleanly because
your patch is against a different string on this line and we
don't use $Id$ tags in the kernel sources anyways.


-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[James Morris]

On Fri, 29 Sep 2006, Paul Moore wrote:

  Say that the SA is labeled secret and you have two FTP clients 
  connecting to a server via xinetd on this SA.  Each client additionally 
  labels their packets via CIPSO as secret:c1 and secret:c2 respectively.  
  xinetd launches an FTP server for each at the correct level.
 
 I believe Venkat can address this.

Ok, I'd still really like to see a worked example of just Netlabel + 
secmark/connseckmark, to see what happens to the connection marks.  It 
seems that the connection mark should always be correct, and restored to 
the packet.  In which case, what happens when a CIPSO label on an 
established or related packet doesn't match, or you get no CIPSO label 
(e.g. ICMP from intermediate router) ?  Or, is would you be always 
overwriting secmark/connsecmark labeling, and if so, how/why are you using 
them?

Venkat,

With xfrm labeling, the external packets are always going to be protocol 
ESP or AH, and we can't connection track the inner protocols.  So, 
external labeling when using xfrm labeling seems somewhat superfluous, 
except for the case of setting a label based on the interface the packets 
arrived on.  Correct?  If so, all you can realistically do with the flow 
permissions is bind the ESP/AH packets to types of interfaces (which does 
seem useful for some folk).


-- 
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Paul Moore]

James Morris wrote:
 On Fri, 29 Sep 2006, Paul Moore wrote:
 
 
Say that the SA is labeled secret and you have two FTP clients 
connecting to a server via xinetd on this SA.  Each client additionally 
labels their packets via CIPSO as secret:c1 and secret:c2 respectively.  
xinetd launches an FTP server for each at the correct level.

I believe Venkat can address this.
 
 Ok, I'd still really like to see a worked example of just Netlabel + 
 secmark/connseckmark, to see what happens to the connection marks.

Fair enough.

 It 
 seems that the connection mark should always be correct, and restored to 
 the packet.  In which case, what happens when a CIPSO label on an 
 established {connection} ...

The following would happen, in order, in selinux_skb_flow_in() (I'm
ommitting the IPsec relevant portions of this function for clarity):

1. A NetLabel SID would be generated using the secmark as the
base_sid; this means that the NetLabel would be the concatenation of
the secmark's TE context and the NetLabel's MLS label.  The secmark is
not yet modified.

2. The NetLabel SID would be avc checked against the secmark:
avc_has_perm(nlbl_sid,
 skb-secmark,
 SECCLASS_PACKET,
 PACKET__FLOW_IN,
 NULL)
   Note that in practice this is basically just a MLS label check.

3. If the NetLabel SID != 0 the secmark would be replaced with the
NetLabel SID.

I am trying to make NetLabel behave in a similar fashion as to how
labeled IPsec works in the secid patches; I believe the above steps
acomplish this.  If not please let me know and I'll make the necessary
changes.

 ... or related packet doesn't match ...

Not sure what you mean by related packet, but if the check in step #2
fails then the packet would be dropped.  The only case where I can see
this happening is that if the MLS/MCS constraints did not allow the
flow_in permission.  This allows administrators to set specific MLS
labels for any iptables object.

 ... or you get no CIPSO label (e.g. ICMP from intermediate router) ...

If there is no packet label that NetLabel recognizes and NetLabel is
configured to allow unlabeled traffic then the NetLabel SID generated in
step #1 above would be 0.

 Or, is would you be always 
 overwriting secmark/connsecmark labeling, and if so, how/why are you using 
 them?

I think I addressed that above.

FYI: in between emails I'm working on a patch against Venkat's secid
patches which implements this, hopefully Venkat can roll this patch into
his secid patchset so this is all committed/rejected at once.

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[James Morris]

On Fri, 29 Sep 2006, Paul Moore wrote:

  ... or related packet doesn't match ...
 
 Not sure what you mean by related packet,

A related packet with conntrack would be an FTP data packet related to a 
specific FTP control session (where the conntrack is initialized, and has 
a secmark saved to it).

 but if the check in step #2
 fails then the packet would be dropped. 

Ok.

 The only case where I can see
 this happening is that if the MLS/MCS constraints did not allow the
 flow_in permission.  This allows administrators to set specific MLS
 labels for any iptables object.

Yep, one thing to watch for here is packets arriving on a different 
interface for valid reasons (e.g. routing changes), but that's a policy 
issue.

  ... or you get no CIPSO label (e.g. ICMP from intermediate router) ...
 
 If there is no packet label that NetLabel recognizes and NetLabel is
 configured to allow unlabeled traffic then the NetLabel SID generated in
 step #1 above would be 0.

Well, conntrack will say that this packet is related to the connection 
and CONNSECMARK will restore the secmark label to it (i.e. it'll have the 
same secmark as the initial syn packet).  But, no CIPSO label.  I guess 
this needs to be considered in any case, secmark or not.


- James
-- 
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Paul Moore]

James Morris wrote:
 On Fri, 29 Sep 2006, Paul Moore wrote:
... or you get no CIPSO label (e.g. ICMP from intermediate router) ...

If there is no packet label that NetLabel recognizes and NetLabel is
configured to allow unlabeled traffic then the NetLabel SID generated in
step #1 above would be 0.
 
 
 Well, conntrack will say that this packet is related to the connection 
 and CONNSECMARK will restore the secmark label to it (i.e. it'll have the 
 same secmark as the initial syn packet).  But, no CIPSO label.  I guess 
 this needs to be considered in any case, secmark or not.

Yep, I would categorize this case as 'external label not present,
internal label present'.  I believe the code as described would do the
right thing in allowing admins to control this, it's just up to how you
configure the system and what your policy dictates.

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 4/4] [SCTP]: Do not timestamp every SCTP packet.

[Sridhar Samudrala]

[SCTP]: Do not timestamp every SCTP packet.

We only need the timestamp on COOKIE-ECHO chunks, so instead of always
timestamping every SCTP packet, let common code timestamp if the socket
option is set.  For COOKIE-ECHO, simply get the time of day if we don't
have a timestamp.  This introduces a small possibility that the cookie
may be considered expired, but it will be renegotiated.

Signed-off-by: Vlad Yasevich [EMAIL PROTECTED]
Signed-off-by: Sridhar Samudrala [EMAIL PROTECTED]

---
 net/sctp/input.c |6 --
 net/sctp/sm_make_chunk.c |   10 +-
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/net/sctp/input.c b/net/sctp/input.c
index 4714882..64f6301 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -218,12 +218,6 @@ int sctp_rcv(struct sk_buff *skb)
}
}
 
-   /* SCTP seems to always need a timestamp right now (FIXME) */
-   if (skb-tstamp.off_sec == 0) {
-   __net_timestamp(skb);
-   sock_enable_timestamp(sk); 
-   }
-
if (!xfrm_policy_check(sk, XFRM_POLICY_IN, skb, family))
goto discard_release;
nf_reset(skb);
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 7745bde..507dff7 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -1447,8 +1447,16 @@ no_hmac:
/* Check to see if the cookie is stale.  If there is already
 * an association, there is no need to check cookie's expiration
 * for init collision case of lost COOKIE ACK.
+* If skb has been timestamped, then use the stamp, otherwise
+* use current time.  This introduces a small possibility that
+* that a cookie may be considered expired, but his would only slow
+* down the new association establishment instead of every packet.
 */
-   skb_get_timestamp(skb, tv);
+   if (sock_flag(ep-base.sk, SOCK_TIMESTAMP))
+   skb_get_timestamp(skb, tv);
+   else
+   do_gettimeofday(tv);
+
if (!asoc  tv_lt(bear_cookie-expiration, tv)) {
__u16 len;
/*


-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 3/4] [SCTP]: Use correct mask when disabling PMTUD.

[Sridhar Samudrala]

[SCTP]: Use correct mask when disabling PMTUD.

Signed-off-by: Vlad Yasevich [EMAIL PROTECTED]
Signed-off-by: Sridhar Samudrala [EMAIL PROTECTED]

---
 net/sctp/input.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/sctp/input.c b/net/sctp/input.c
index 03f65de..4714882 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -388,7 +388,7 @@ void sctp_icmp_frag_needed(struct sock *
 * pmtu discovery on this transport.
 */
t-pathmtu = SCTP_DEFAULT_MINSEGMENT;
-   t-param_flags = (t-param_flags  ~SPP_HB) |
+   t-param_flags = (t-param_flags  ~SPP_PMTUD) |
SPP_PMTUD_DISABLE;
} else {
t-pathmtu = pmtu;


-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/4] [SCTP]: Include sk_buff overhead while updating the peer's receive window.

[Sridhar Samudrala]

[SCTP]: Include sk_buff overhead while updating the peer's receive window.

Currently if the sender is sending small messages, it can cause a receiver
to run out of receive buffer space even when the advertised receive window
is still open and results in packet drops and retransmissions. Including
a overhead while updating the sender's view of peer receive window will
reduce the chances of receive buffer space overshooting the receive window.

Signed-off-by: Sridhar Samudrala [EMAIL PROTECTED]

---
 net/sctp/output.c   |   10 --
 net/sctp/outqueue.c |3 ++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/net/sctp/output.c b/net/sctp/output.c
index cdc5a39..9825b11 100644
--- a/net/sctp/output.c
+++ b/net/sctp/output.c
@@ -633,7 +633,7 @@ static sctp_xmit_t sctp_packet_append_da
 * data will fit or delay in hopes of bundling a full
 * sized packet.
 */
-   if (len  asoc-pathmtu - packet-overhead) {
+   if (len  asoc-frag_point) {
retval = SCTP_XMIT_NAGLE_DELAY;
goto finish;
}
@@ -645,7 +645,13 @@ static sctp_xmit_t sctp_packet_append_da
/* Keep track of how many bytes are in flight to the receiver. */
asoc-outqueue.outstanding_bytes += datasize;
 
-   /* Update our view of the receiver's rwnd. */
+   /* Update our view of the receiver's rwnd. Include sk_buff overhead
+* while updating peer.rwnd so that it reduces the chances of a
+* receiver running out of receive buffer space even when receive
+* window is still open. This can happen when a sender is sending
+* sending small messages.
+*/
+   datasize += sizeof(struct sk_buff);
if (datasize  rwnd)
rwnd -= datasize;
else
diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c
index 37074a3..7395824 100644
--- a/net/sctp/outqueue.c
+++ b/net/sctp/outqueue.c
@@ -416,7 +416,8 @@ void sctp_retransmit_mark(struct sctp_ou
 * (Section 7.2.4)), add the data size of those
 * chunks to the rwnd.
 */
-   q-asoc-peer.rwnd += sctp_data_size(chunk);
+   q-asoc-peer.rwnd += (sctp_data_size(chunk) +
+   sizeof(struct sk_buff));
q-outstanding_bytes -= sctp_data_size(chunk);
transport-flight_size -= sctp_data_size(chunk);
 


-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/4] [SCTP]: Enable Nagle algorithm by default.

[Sridhar Samudrala]

Dave,

Please consider the following 4 SCTP patches for 2.6.19.

Thanks
Sridhar

[SCTP]: Enable Nagle algorithm by default.

This allows more aggressive bundling of chunks when sending small
messages.

Signed-off-by: Sridhar Samudrala [EMAIL PROTECTED]

---
 net/sctp/socket.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 79c3e07..3fe906d 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -3084,8 +3084,8 @@ SCTP_STATIC int sctp_init_sock(struct so
 */
sp-disable_fragments = 0;
 
-   /* Turn on/off any Nagle-like algorithm.  */
-   sp-nodelay   = 1;
+   /* Enable Nagle algorithm by default.  */
+   sp-nodelay   = 0;
 
/* Enable by default. */
sp-v4mapped  = 1;


-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/1] NetLabel: secid reconciliation support

[paul . moore]

This patch provides the missing NetLabel support to the secid reconciliation
patchset.

Signed-off-by: Paul Moore [EMAIL PROTECTED]
---
 security/selinux/hooks.c|   51 
 security/selinux/include/objsec.h   |1 
 security/selinux/include/selinux_netlabel.h |   16 +++-
 security/selinux/ss/mls.c   |2 -
 security/selinux/ss/services.c  |   42 ---
 5 files changed, 82 insertions(+), 30 deletions(-)

Index: net-2.6/security/selinux/hooks.c
===
--- net-2.6.orig/security/selinux/hooks.c
+++ net-2.6/security/selinux/hooks.c
@@ -3440,6 +3440,10 @@ static int selinux_sock_rcv_skb_compat(s
goto out;
}
 
+   err = selinux_netlbl_sock_rcv_skb(sock_sid, sock_class, skb, ad);
+   if (err)
+   goto out;
+
err = selinux_xfrm_sock_rcv_skb(sock_sid, skb, ad);
 
 out:
@@ -3476,10 +3480,7 @@ static int selinux_socket_sock_rcv_skb(s
else
err = avc_has_perm(sksec-sid, skb-secmark, SECCLASS_PACKET,
   PACKET__RECV, ad);
-   if (err)
-   goto out;
 
-   err = selinux_netlbl_sock_rcv_skb(sksec, skb, ad);
 out:   
return err;
 }
@@ -3654,13 +3655,14 @@ static void selinux_req_classify_flow(co
 
 static int selinux_skb_flow_in(struct sk_buff *skb, unsigned short family)
 {
-   u32 xfrm_sid, trans_sid;
+   u32 xfrm_sid;
+   u32 nlbl_sid;
int err;
 
if (selinux_compat_net)
return 1;
 
-   /* xfrm/cipso inapplicable for loopback traffic */
+   /* allow all loopback traffic */
if (skb-dev == loopback_dev)
return 1;
 
@@ -3672,16 +3674,20 @@ static int selinux_skb_flow_in(struct sk
if (err)
goto out;
 
-   if (xfrm_sid) {
-   err = security_transition_sid(xfrm_sid, skb-secmark,
-   SECCLASS_PACKET, trans_sid);
-   if (err)
-   goto out;
+   if (xfrm_sid)
+   skb-secmark = xfrm_sid;
 
-   skb-secmark = trans_sid;
-   }
+   err = selinux_netlbl_skb_sid(skb, skb-secmark, nlbl_sid);
+   if (err)
+   goto out;
 
-   /* See if CIPSO can flow in thru the current secmark here */
+   err = avc_has_perm(nlbl_sid, skb-secmark, SECCLASS_PACKET,
+   PACKET__FLOW_IN, NULL);
+   if (err)
+   goto out;
+
+   if (nlbl_sid)
+   skb-secmark = nlbl_sid;
 
 out:
return err ? 0 : 1;
@@ -3689,7 +3695,6 @@ out:
 
 static int selinux_skb_flow_out(struct sk_buff *skb, u32 nf_secid)
 {
-   u32 trans_sid;
int err;
 
if (selinux_compat_net)
@@ -3697,6 +3702,7 @@ static int selinux_skb_flow_out(struct s
 
if (!skb-secmark) {
u32 xfrm_sid;
+   u32 nlbl_sid;
 
selinux_skb_xfrm_sid(skb, xfrm_sid);
 
@@ -3706,6 +3712,13 @@ static int selinux_skb_flow_out(struct s
struct sk_security_struct *sksec = skb-sk-sk_security;
skb-secmark = sksec-sid;
}
+
+   err = selinux_netlbl_skb_sid(skb, skb-secmark, nlbl_sid);
+   if (err)
+   goto out;
+
+   if (nlbl_sid)
+   skb-secmark = nlbl_sid;
}
 
err = avc_has_perm(skb-secmark, nf_secid, SECCLASS_PACKET,
@@ -3861,6 +3874,7 @@ static unsigned int selinux_ip_postroute
else {
if (!skb-secmark) {
u32 xfrm_sid;
+   u32 nlbl_sid;
 
selinux_skb_xfrm_sid(skb, xfrm_sid);
 
@@ -3871,6 +3885,15 @@ static unsigned int selinux_ip_postroute
skb-sk-sk_security;
skb-secmark = sksec-sid;
}
+
+   err = selinux_netlbl_skb_sid(skb,
+skb-secmark,
+nlbl_sid);
+   if (err)
+   goto out;
+
+   if (nlbl_sid)
+   skb-secmark = nlbl_sid;
}
err = avc_has_perm(skb-secmark, SECINITSID_UNLABELED,
   SECCLASS_PACKET, PACKET__FLOW_OUT, ad);
Index: net-2.6/security/selinux/include/objsec.h
===
--- net-2.6.orig/security/selinux/include/objsec.h
+++ net-2.6/security/selinux/include/objsec.h
@@ -102,7 +102,6 @@ struct sk_security_struct {
u32 sid;/* SID of this object */
u32 peer_sid;   /* SID of peer */
 #ifdef 

[PATCH 0/1] NetLabel: patch against Venkat's secid patchset

[paul . moore]

The following patch is against this morning's net-2.6 tree with Venkat's secid 
patches applied.  You may notice some differences as I had to fuzz/fix-up 
Venkat's patches in a few places.

This patch provides the missing NetLabel support for the secid reconciliation 
patches based on the discussions we have been having on the mailing lists.  
Ideally I would hope Venkat could merge this patch in with his patchset so that 
the secid patchset will include NetLabel support.  However, if that is not 
possibile I'll respin this patch later once the secid patches have been 
committed.

Venkat, please merge this patch into your next version of the secid patches.

--
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/1] NetLabel: add audit support for configuration changes

[Paul Moore]

Steve Grubb wrote:
 On Thursday 28 September 2006 14:03, [EMAIL PROTECTED] wrote:
@@ -381,21 +380,35 @@ static int netlbl_cipsov4_add(struct sk_

 {
  int ret_val = -EINVAL;
- u32 map_type;
+ u32 type;
+ u32 doi;
+ const char *type_str = (unknown);
+ struct audit_buffer *audit_buf;

- if (!info-attrs[NLBL_CIPSOV4_A_MTYPE])
+ if (!info-attrs[NLBL_CIPSOV4_A_DOI] ||
+ !info-attrs[NLBL_CIPSOV4_A_MTYPE])
  return -EINVAL;

- map_type = nla_get_u32(info-attrs[NLBL_CIPSOV4_A_MTYPE]);
- switch (map_type) {
+ type = nla_get_u32(info-attrs[NLBL_CIPSOV4_A_MTYPE]);
+ switch (type) {
  case CIPSO_V4_MAP_STD:
+ type_str = std;
  ret_val = netlbl_cipsov4_add_std(info);
  break;
  case CIPSO_V4_MAP_PASS:
+ type_str = pass;
  ret_val = netlbl_cipsov4_add_pass(info);
  break;
  }

+ if (ret_val == 0) {
+ doi = nla_get_u32(info-attrs[NLBL_CIPSOV4_A_DOI]);
+ audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
+   NETLINK_CB(skb).sid);
+ audit_log_format(audit_buf,  doi=%u type=%s, doi, type_str);
 
 
 type field is already taken for another purpose, it needs to be renamed.

If we can't have duplicate field names I would propose prefixing both
these fields (and doing similar things with the other NetLabel specific
fields) with a cipso_ making them cipso_doi and cipso_type.

If this isn't acceptable please suggest names which you feel are
appropriate.

+/**
+ * netlbl_unlabel_acceptflg_set - Set the unlabeled accept flag
+ * @value: desired value
+ * @audit_secid: the LSM secid to use in the audit message
+ *
+ * Description:
+ * Set the value of the unlabeled accept flag to @value.
+ *
+ */
+static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid)
+{
+ atomic_set(netlabel_unlabel_accept_flg, value);
+ netlbl_audit_nomsg((value ?
+ AUDIT_MAC_UNLBL_ACCEPT : AUDIT_MAC_UNLBL_DENY),
+audit_secid);
 
 Looking at how this is being used, I think only 1 message type should be 
 used. 
 There are places in the audit system where we set a flag to 1 or 0, but only 
 have 1 message type. We record the old and new value. So, you'd need to pass 
 that to the logger.

With that in mind I would probably change the message type to
AUDIT_MAC_UNLBL_ALLOW and use a unlbl_accept field; is that okay?  If
not please suggest something you would find acceptable.

+/**
+ * netlbl_audit_start_common - Start an audit message
+ * @type: audit message type
+ * @secid: LSM context ID
+ *
+ * Description:
+ * Start an audit message using the type specified in @type and fill the
audit + * message with some fields common to all NetLabel audit messages. 
Returns + * a pointer to the audit buffer on success, NULL on failure.
+ *
+ */
+struct audit_buffer *netlbl_audit_start_common(int type, u32 secid)
+{
 
 Generally, logging functions are moved into auditsc.c where the context and 
 other functions are defined.

How about leaving this for a future revision?  I'd like this first
attempt to be relatively self contained.  James Morris has made other
comments along the same lines.

+ audit_log_format(audit_buf,
+  netlabel: auid=%u uid=%u tty=%s pid=%d,
+  audit_loginuid,
+  current-uid,
+  audit_tty,
+  current-pid);
 
 
 Why are you logging all this? When we add audit rules, all that we log is the 
 auid, and subj. If we need to log all this, we should probably have a helper 
 function that gets called by other config change loggers.

If I drop the uid, tty, and pid fields will this be acceptable?

+ audit_log_format(audit_buf,  comm=);
+ audit_log_untrustedstring(audit_buf, audit_comm);
+ if (current-mm) {
+ down_read(current-mm-mmap_sem);
+ vma = current-mm-mmap;
+ while (vma) {
+ if ((vma-vm_flags  VM_EXECUTABLE) 
+ vma-vm_file) {
+ audit_log_d_path(audit_buf,
+   exe=,
+  vma-vm_file-f_dentry,
+  vma-vm_file-f_vfsmnt);
+ break;
+ }
+ vma = vma-vm_next;
+ }
+ up_read(current-mm-mmap_sem);
+ }
+
 
 
 If this function was moved inside auditsc.c you could use a function there 
 that does this. But the question remains why all this data?

In the ideal world would you prefer this to be removed?

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/1] NetLabel: add audit support for configuration changes

[Paul Moore]

Dave,

I think Steve and I have agreed on a solution, I'll put together a patch
right now based on what is currently in net-2.6 (i.e. the existing
NetLabel audit patch) and submit it to the lists in a few hours.

Steve Grubb wrote:
 On Friday 29 September 2006 14:09, Paul Moore wrote:
 
type field is already taken for another purpose, it needs to be renamed.

If we can't have duplicate field names I would propose prefixing both
these fields (and doing similar things with the other NetLabel specific
fields) with a cipso_ making them cipso_doi and cipso_type.
 
 
 That would be fine. This limits future field name collisions.
 
 
+/**
+ * netlbl_unlabel_acceptflg_set - Set the unlabeled accept flag
+ * @value: desired value
+ * @audit_secid: the LSM secid to use in the audit message
+ *
+ * Description:
+ * Set the value of the unlabeled accept flag to @value.
+ *
+ */
+static void netlbl_unlabel_acceptflg_set(u8 value, u32 audit_secid)
+{
+ atomic_set(netlabel_unlabel_accept_flg, value);
+ netlbl_audit_nomsg((value ?
+ AUDIT_MAC_UNLBL_ACCEPT : AUDIT_MAC_UNLBL_DENY),
+audit_secid);

Looking at how this is being used, I think only 1 message type should be
used. There are places in the audit system where we set a flag to 1 or 0,
but only have 1 message type. We record the old and new value. So, you'd
need to pass that to the logger.

With that in mind I would probably change the message type to
AUDIT_MAC_UNLBL_ALLOW and use a unlbl_accept field; is that okay?  
 
 
 That would be fine. Just a quick note...we have generally been old  to 
 indicate the previous value. Example, backlog=512 old=256.
 
 
+/**
+ * netlbl_audit_start_common - Start an audit message
+ * @type: audit message type
+ * @secid: LSM context ID
+ *
+ * Description:
+ * Start an audit message using the type specified in @type and fill the
audit + * message with some fields common to all NetLabel audit messages.
Returns + * a pointer to the audit buffer on success, NULL on failure.
+ *
+ */
+struct audit_buffer *netlbl_audit_start_common(int type, u32 secid)
+{

Generally, logging functions are moved into auditsc.c where the context
and other functions are defined.

How about leaving this for a future revision?
 
 
 Come to think of it, you don't need to move it. The reason to move it is to 
 access the context and use helper functions related to it. But I found that 
 you were using current which may not always be the sender. So if you cannot 
 use current, most of the stuff you are logging can't be, so the event being 
 logged becomes simpler and you don't need to move it.
 
 I have not traced through all the code, but if you do any security checks 
 before taking the rules, be careful not to use current.
 
 
+ audit_log_format(audit_buf,
+  netlabel: auid=%u uid=%u tty=%s pid=%d,
+  audit_loginuid,
+  current-uid,
+  audit_tty,
+  current-pid);

Why are you logging all this? When we add audit rules, all that we log is
the auid, and subj. If we need to log all this, we should probably have a
helper function that gets called by other config change loggers.

If I drop the uid, tty, and pid fields will this be acceptable?
 
 
  and comm  exe, yes. Anything you were basing off of current has to go. The 
 audit rule logging was reduced to the credentials that are carried along in 
 the netlink packet since that's all you can trust. The sending process could 
 be gone by the time you get to this point in the code.
 
 
+ audit_log_format(audit_buf,  comm=);
+ audit_log_untrustedstring(audit_buf, audit_comm);
+ if (current-mm) {
+ down_read(current-mm-mmap_sem);
+ vma = current-mm-mmap;
+ while (vma) {
+ if ((vma-vm_flags  VM_EXECUTABLE) 
+ vma-vm_file) {
+ audit_log_d_path(audit_buf,
+   exe=,
+  vma-vm_file-f_dentry,
+  vma-vm_file-f_vfsmnt);
+ break;
+ }
+ vma = vma-vm_next;
+ }
+ up_read(current-mm-mmap_sem);
+ }
+

If this function was moved inside auditsc.c you could use a function
there that does this. But the question remains why all this data?

In the ideal world would you prefer this to be removed?
 
 
 Yes.
 
 -Steve


-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH][BNX2]: Disable MSI on 5706 if AMD 8132 bridge is present

[Michael Chan]

[BNX2]: Disable MSI on 5706 if AMD 8132 bridge is present.

MSI is defined to be 32-bit write.  The 5706 does 64-bit MSI writes
with byte enables disabled on the unused 32-bit word.  This is legal
but causes problems on the AMD 8132 which will eventually stop
responding after a while.

Without this patch, the MSI test done by the driver during open will
pass, but MSI will eventually stop working after a few MSIs are
written by the device.

AMD believes this incompatibility is unique to the 5706, and
prefers to locally disable MSI rather than globally disabling it
using pci_msi_quirk.

Update version to 1.4.45.

Signed-off-by: Michael Chan [EMAIL PROTECTED]

diff --git a/drivers/net/bnx2.c b/drivers/net/bnx2.c
index 7fcf015..a65a697 100644
--- a/drivers/net/bnx2.c
+++ b/drivers/net/bnx2.c
@@ -56,8 +56,8 @@
 
 #define DRV_MODULE_NAMEbnx2
 #define PFX DRV_MODULE_NAME: 
-#define DRV_MODULE_VERSION 1.4.44
-#define DRV_MODULE_RELDATE August 10, 2006
+#define DRV_MODULE_VERSION 1.4.45
+#define DRV_MODULE_RELDATE September 29, 2006
 
 #define RUN_AT(x) (jiffies + (x))
 
@@ -5805,6 +5805,34 @@ bnx2_init_board(struct pci_dev *pdev, st
bp-cmd_ticks_int = bp-cmd_ticks;
}
 
+   /* Disable MSI on 5706 if AMD 8132 bridge is found.
+*
+* MSI is defined to be 32-bit write.  The 5706 does 64-bit MSI writes
+* with byte enables disabled on the unused 32-bit word.  This is legal
+* but causes problems on the AMD 8132 which will eventually stop
+* responding after a while.
+*
+* AMD believes this incompatibility is unique to the 5706, and
+* prefers to locally disable MSI rather than globally disabling it
+* using pci_msi_quirk.
+*/
+   if (CHIP_NUM(bp) == CHIP_NUM_5706  disable_msi == 0) {
+   struct pci_dev *amd_8132 = NULL;
+
+   while ((amd_8132 = pci_get_device(PCI_VENDOR_ID_AMD,
+ PCI_DEVICE_ID_AMD_8132_BRIDGE,
+ amd_8132))) {
+   u8 rev;
+
+   pci_read_config_byte(amd_8132, PCI_REVISION_ID, rev);
+   if (rev = 0x10  rev = 0x13) {
+   disable_msi = 1;
+   pci_dev_put(amd_8132);
+   break;
+   }
+   }
+   }
+
bp-autoneg = AUTONEG_SPEED | AUTONEG_FLOW_CTRL;
bp-req_line_speed = 0;
if (bp-phy_flags  PHY_SERDES_FLAG) {
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 2cead40..59e52cb 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -506,6 +506,7 @@
 #define PCI_DEVICE_ID_AMD_8151_0   0x7454
 #define PCI_DEVICE_ID_AMD_8131_BRIDGE  0x7450
 #define PCI_DEVICE_ID_AMD_8131_APIC0x7451
+#define PCI_DEVICE_ID_AMD_8132_BRIDGE  0x7458
 #define PCI_DEVICE_ID_AMD_CS5536_ISA0x2090
 #define PCI_DEVICE_ID_AMD_CS5536_FLASH  0x2091
 #define PCI_DEVICE_ID_AMD_CS5536_AUDIO  0x2093


-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[MLSXFRM] Fix mis-labelling of child sockets

[David Woodhouse]

Accepted connections of types other than AF_INET, AF_INET6, AF_UNIX
won't have an appropriate label derived from the peer, so don't use it.

Signed-off-by: David Woodhouse [EMAIL PROTECTED]
Acked-by:  Stephen Smalley [EMAIL PROTECTED]

--- linux-2.6.18.ppc/security/selinux/hooks.c~  2006-09-28 14:37:20.0 
+0100
+++ linux-2.6.18.ppc/security/selinux/hooks.c   2006-09-29 19:00:25.0 
+0100
@@ -3604,7 +3604,9 @@ void selinux_sock_graft(struct sock* sk,
struct inode_security_struct *isec = SOCK_INODE(parent)-i_security;
struct sk_security_struct *sksec = sk-sk_security;
 
-   isec-sid = sksec-sid;
+   if (sk-sk_family == PF_INET || sk-sk_family == PF_INET6 ||
+   sk-sk_family == PF_UNIX)
+   isec-sid = sksec-sid;
 
selinux_netlbl_sock_graft(sk, parent);
 }

-- 
dwmw2

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [PATCH 1/1] NetLabel: secid reconciliation support

[Venkat Yekkirala]

 @@ -3672,16 +3674,20 @@ static int selinux_skb_flow_in(struct sk
   if (err)
   goto out;
  
 - if (xfrm_sid) {
 - err = security_transition_sid(xfrm_sid, skb-secmark,
 - 
 SECCLASS_PACKET, trans_sid);
 - if (err)
 - goto out;
 + if (xfrm_sid)
 + skb-secmark = xfrm_sid;
  
 - skb-secmark = trans_sid;
 - }
 + err = selinux_netlbl_skb_sid(skb, skb-secmark, nlbl_sid);

I take it nlbl_sid here will be 0 if netlabel is NOT configured
for the traffic correct?

 --- net-2.6.orig/security/selinux/ss/mls.c
 +++ net-2.6/security/selinux/ss/mls.c
 @@ -547,7 +547,7 @@ int mls_compute_sid(struct context *scon

rtr-target_range);
   }
   }
 - else if (tclass == SECCLASS_PACKET)
 + if (tclass == SECCLASS_PACKET)

What's the purpose of getting rid of else above?

I haven't reviewed the netlbl native changes, but the hooks.c changes
seem ok to me.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] tcp-lp: prevent chance for oops

[David Miller]

From: Wong Edison [EMAIL PROTECTED]
Date: Sat, 30 Sep 2006 03:27:00 +0800

 I do this since i have a sourceforge homepage for it. I update the
 CVS version there, test, and then submit to netdev. As I sync code
 in both side, this $Id$ is keeped.  May you just let it be? I think
 it will let my maintenance become more simple...

You could not even generate a clean patch to me, it just
gets in the way and causes more work for me and anyone
else who tries to use your patches.

If you want to use versioning, use MODULE_VERSION() just like
everyone else in the kernel does.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

What's new in wireless-dev today? (29 September 2006)

[John W. Linville]

Here is today's batch -- I'm still playing catch-up in the
wireless-dev tree.  Please bear with me...

---

The following changes since commit 0888451bf4108fbaa07b221649b1289d8f79ef0f:
  John W. Linville:
Merge branch 'from-linus'

are found in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-dev.git

David Kimdon:
  d80211: fix multiple device ap support
  d80211: Fix type of prism2_hostapd_param crypt.alg
  d80211: allow vlan interfaces to receive ToDS frames

Hong Liu:
  d80211: fix wpa_supplicant reassoc problem
  d80211: add hardware scan callback
  d80211: fix iwconfig key [x] behavior

Ivo van Doorn:
  rt2x00: remove hardware button support

Jiri Benc:
  d80211: fix invalid pointer dereference

Johannes Berg:
  d80211: use BUILD_BUG_ON
  d80211: clean up those huge else if statements
  d80211: use list_for_each_entry{,_safe}
  d80211: LED triggers

John W. Linville:
  Merge branch 'fixes-for-linville' of http://bu3sch.de/git/wireless-dev
  Merge branch 'up' of rsync://rsync.kernel.org/.../jbenc/dscape

mabbas:
  d80211: diplay supported rates in readable format

Michael Buesch:
  ssb: fix init sprom read/write race
  add bcm43xx-d80211 MAINTAINERS entry

Michael Wu:
  d80211: fix WEP on big endian cpus

Mohamed Abbas:
  d80211: getting wrong freq value if we did hardware scan

 MAINTAINERS|8 +
 drivers/misc/ssb.c |   29 +++--
 drivers/net/wireless/d80211/bcm43xx/bcm43xx_main.c |6 +
 drivers/net/wireless/d80211/rt2x00/Kconfig |   27 -
 drivers/net/wireless/d80211/rt2x00/rt2400pci.c |   36 --
 drivers/net/wireless/d80211/rt2x00/rt2500pci.c |   36 --
 drivers/net/wireless/d80211/rt2x00/rt2x00.h|8 -
 drivers/net/wireless/d80211/rt2x00/rt2x00pci.h |  111 
 drivers/net/wireless/d80211/rt2x00/rt61pci.c   |   36 --
 include/linux/ssb.h|   15 +++
 include/net/d80211.h   |   46 ++--
 net/d80211/Kconfig |9 ++
 net/d80211/Makefile|   10 +-
 net/d80211/hostapd_ioctl.h |2 
 net/d80211/ieee80211.c |   73 +
 net/d80211/ieee80211_dev.c |7 +
 net/d80211/ieee80211_i.h   |6 +
 net/d80211/ieee80211_iface.c   |2 
 net/d80211/ieee80211_ioctl.c   |  108 ++-
 net/d80211/ieee80211_led.c |   93 ++---
 net/d80211/ieee80211_led.h |   32 ++
 net/d80211/ieee80211_sta.c |  107 +++
 net/d80211/sta_info.c  |   26 ++---
 net/d80211/wep.c   |   10 +-
 24 files changed, 371 insertions(+), 472 deletions(-)
 create mode 100644 net/d80211/ieee80211_led.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 3748cb1..2f06c7c 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -464,6 +464,14 @@ L: linux-hams@vger.kernel.org
 W: http://www.baycom.org/~tom/ham/ham.html
 S: Maintained
 
+BCM43XX WIRELESS DRIVER (DEVICESCAPE BASED VERSION)
+P: Michael Buesch
+M: [EMAIL PROTECTED]
+P: Stefano Brivio
+M: [EMAIL PROTECTED]
+W: http://bcm43xx.berlios.de/
+S: Maintained
+
 BCM43XX WIRELESS DRIVER (SOFTMAC BASED VERSION)
 P: Larry Finger
 M: [EMAIL PROTECTED]
diff --git a/drivers/misc/ssb.c b/drivers/misc/ssb.c
index 44ab647..6087977 100644
--- a/drivers/misc/ssb.c
+++ b/drivers/misc/ssb.c
@@ -516,8 +516,6 @@ int ssb_init(struct ssb *ssb,
 int (*device_suspend)(struct ssb *ssb),
 int (*device_resume)(struct ssb *ssb))
 {
-   int err;
-
if (!ssb || !pci_dev || !mmio ||
!device_suspend || !device_resume)
return -EINVAL;
@@ -535,19 +533,12 @@ int ssb_init(struct ssb *ssb,
list_add(ssb-list, ssb_list);
mutex_unlock(ssb_list_mutex);
 
-   err = device_create_file(pci_dev-dev, dev_attr_ssb_sprom);
-   if (err)
-   goto out;
-
-out:
-   return err;
+   return 0;
 }
 EXPORT_SYMBOL_GPL(ssb_init);
 
 void ssb_exit(struct ssb *ssb)
 {
-   device_remove_file(ssb-pci_dev-dev, dev_attr_ssb_sprom);
-
mutex_lock(ssb_list_mutex);
list_del(ssb-list);
mutex_unlock(ssb_list_mutex);
@@ -558,6 +549,24 @@ void ssb_exit(struct ssb *ssb)
 }
 EXPORT_SYMBOL_GPL(ssb_exit);
 
+int ssb_start(struct ssb *ssb)
+{
+   int err;
+
+   err = device_create_file(ssb-pci_dev-dev,
+dev_attr_ssb_sprom);
+
+   return err;
+}
+EXPORT_SYMBOL_GPL(ssb_start);
+
+void ssb_stop(struct ssb *ssb)
+{
+   device_remove_file(ssb-pci_dev-dev,
+   

Re: [PATCH][BNX2]: Disable MSI on 5706 if AMD 8132 bridge is present

[Jeff Garzik]

Michael Chan wrote:

AMD believes this incompatibility is unique to the 5706, and
prefers to locally disable MSI rather than globally disabling it
using pci_msi_quirk.


Why is it unique to the 5706?  Is this just a guess on AMD and 
Broadcom's part?


Jeff


-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: rewriting skb-truesize... good or bad idea

[David Miller]

From: Vlad Yasevich [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 14:16:57 -0400

 I've attached the patch, in case people want to look at the code.
 
 However, we question if this is a good idea or if this is going to break
 things...

Modification of skb-truesize is very dangerous and is only legal
in a very limited set of circumstances.

The core problem is that if any other reference exists to the skb
you could corrupt existing socket accounting by changing skb-truesize.

Let's say that the packet went into a network tap like tcpdump and
the packet has been charged to an AF_PACKET socket via skb-truesize.
If you modify skb-truesize then when the AF_PACKET socket releases
it's reference it will subtract the wrong amount of skb-truesize
from the socket receive buffer.

If, on the other hand, you know you have exclusive access to the
skb and there are no other references, setting skb-truesize can
be OK.  However setting it to sizeof(struct sk_buff) doesn't make
sense since there is at least:

sizeof(struct sk_buff) + sizeof(struct skb_shared_info)

memory assosciated with any SKB whatsoever in the kernel.  That is,
even for a zero length skb-data buffer, we still always allocate
the skb_shared_info area which must be accounted for.

BTW, I think the whole chunking mechanism in the SCTP code is the
largest source of problems and maintainability issues in that stack.
Any time I want to make major modifications to SKBs to make them
smaller or whatever, the most difficult piece of code to adjust is
this code.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [MLSXFRM] Fix mis-labelling of child sockets

[James Morris]

On Fri, 29 Sep 2006, David Woodhouse wrote:

 Accepted connections of types other than AF_INET, AF_INET6, AF_UNIX
 won't have an appropriate label derived from the peer, so don't use it.
 
 Signed-off-by: David Woodhouse [EMAIL PROTECTED]
 Acked-by:  Stephen Smalley [EMAIL PROTECTED]

Acked-by: James Morris [EMAIL PROTECTED]


Please apply as a bugfix.



-- 
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][BNX2]: Disable MSI on 5706 if AMD 8132 bridge is present

[Michael Chan]

On Fri, 2006-09-29 at 17:28 -0400, Jeff Garzik wrote:
 Michael Chan wrote:
  AMD believes this incompatibility is unique to the 5706, and
  prefers to locally disable MSI rather than globally disabling it
  using pci_msi_quirk.
 
 Why is it unique to the 5706?  Is this just a guess on AMD and 
 Broadcom's part?
 
I just took AMD's word for it.  It doesn't matter to me whether we
disable it locally or globally.  Since this is AMD's bridge, I just
follow their recommendation.  They probably haven't seen this issue on
any other devices except ours.

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/1] NetLabel: secid reconciliation support

[Paul Moore]

Venkat Yekkirala wrote:
@@ -3672,16 +3674,20 @@ static int selinux_skb_flow_in(struct sk
  if (err)
  goto out;
 
- if (xfrm_sid) {
- err = security_transition_sid(xfrm_sid, skb-secmark,
- 
SECCLASS_PACKET, trans_sid);
- if (err)
- goto out;
+ if (xfrm_sid)
+ skb-secmark = xfrm_sid;
 
- skb-secmark = trans_sid;
- }
+ err = selinux_netlbl_skb_sid(skb, skb-secmark, nlbl_sid);
 
 
 I take it nlbl_sid here will be 0 if netlabel is NOT configured
 for the traffic correct?

That would be the desired behavior yes, however, in verifying this
against the
patch I posted I noticed that the dummy function in
security/selinux/include/selinux_netlabel.h is wrong - it should be replaced
with the following (I mistakenly set it to SECINITSID_UNLABELED):

static inline int selinux_netlbl_skb_sid(struct sk_buff *skb,
 u32 base_sid,
 u32 *sid)
{
*sid = 0;
return 0;
}

--- net-2.6.orig/security/selinux/ss/mls.c
+++ net-2.6/security/selinux/ss/mls.c
@@ -547,7 +547,7 @@ int mls_compute_sid(struct context *scon
   
 
 rtr-target_range);
 
  }
  }
- else if (tclass == SECCLASS_PACKET)
+ if (tclass == SECCLASS_PACKET)
 
 
 What's the purpose of getting rid of else above?

Fix a compile problem - the braces above the else belong to a for loop.
 Feel free to disregard this, it was one of the changes I had to make to
your patch to get it to compile against the latest net-2.6 tree.

 I haven't reviewed the netlbl native changes, but the hooks.c changes
 seem ok to me.

Okay, if you have any other questions you know where to find me.

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Venkat Yekkirala]

 Venkat,
 
 With xfrm labeling, the external packets are always going to 
 be protocol 
 ESP or AH, and we can't connection track the inner protocols.  So, 

Are you sure? This doesn't compare to what my limited testing seems
to have turned up (normal netfiltering of inner protos followed by xfrms,
interspersed with their own netfiltering).

 external labeling when using xfrm labeling seems somewhat 
 superfluous, 
 except for the case of setting a label based on the interface 
 the packets 
 arrived on.  Correct?  If so, all you can realistically do 
 with the flow 
 permissions is bind the ESP/AH packets to types of interfaces 
 (which does 
 seem useful for some folk).
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] b44: fix multicast with 32 groups

[Bill Helfinstine]

The b44 driver has a bug where if there are more than B44_MCAST_TABLE_SIZE 
groups in the dev-mc_list, it will only listen to the first 
B44_MCAST_TABLE_SIZE that it sees.


This patch makes the driver go into RXCONFIG_ALLMULTI mode if there are more 
than B44_MCAST_TABLE_SIZE groups being subscribed to.


This patch is against 2.6.18, b44.c version 1.01.


Signed-off-by: Bill Helfinstine [EMAIL PROTECTED]

diff --git a/drivers/net/b44.c b/drivers/net/b44.c
index e891ea2..dd024e1 100644
--- a/drivers/net/b44.c
+++ b/drivers/net/b44.c
@@ -1706,7 +1706,8 @@ static void __b44_set_rx_mode(struct net

__b44_set_mac_addr(bp);

-   if (dev-flags  IFF_ALLMULTI)
+   if ((dev-flags  IFF_ALLMULTI) ||
+   (dev-mc_count  B44_MCAST_TABLE_SIZE))
val |= RXCONFIG_ALLMULTI;
else
i = __b44_load_mcast(bp, dev);
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [PATCH 7/7] secid reconciliation-v03: Enforcement for SELinux

[Venkat Yekkirala]

 It seems more of a pain to actually
 prevent their use at the same time and/or explain 
 strange/unnatural
 behavior.
 
 Agreed, the solution that we agreed upon is much easier to 
 implement and
 explain than a lot of the alternatives.
 
 Ok, can you please explain it further?
 
 i.e. show me what the policy looks like, exactly what the 
 user is trying 
 to achieve, and explain what happens to each packet exactly 
 in terms of 
 labeling on the input and output paths.
   
  Also, why can't this be done just with xfrm labeling?
 
 I believe the issue Venkat and I were discussing was how to handle the
 case of multiple external labeling protocols, i.e. what to do 
 if we get
 a packet through labeled SA which has a CIPSO option.  As I've said
 before, I don't believe this is something we will see much in practice
 but I think we need to decide what to do: handle it somehow 
 or just punt
 on the problem and drop it.  Several people with experience with
 external labeling have commented on how supporting both external
 labeling protocols would be a good idea so Venkat and I are trying to
 come up with a solution that works.

Here's the scoop on using xfrm and cipso at the same time:

JUST REDUNDANT

I was only paying attention to the inbound side when I was
saying a ranged SA could be used in conjunction with fine-grained
cipso labeling. In actuality, this isn't possible because of the
change we are instituting for SA selection to be based on the context
of the sock (specifically, the sock's MLS range must equal the range
on the SA, and cipso at this point would be representing this same range).

So, if someone were to configure CIPSO along with labeled ipsec, BOTH
mechanisms will be used, with BOTH labels carrying the same MLS range,
and with CIPSO always overriding the SA (after a
flow_in check) on the inbound. Should just be additional overhead, that's
all.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 0/3] myri10ge Large Receive Offload

[Brice Goglin]

Jeff Garzik a écrit :
 Brice Goglin wrote:
 This is a complete rework of the myri10ge receive path. The first
 patch converts skb allocation to use physical pages. The second one
 adds a software implementation of Large Receive Offload. The third
 one updates the driver version to 1.1.0.

 The complete driver code in our CVS actually also supports high-order
 allocations instead of single physical pages since it significantly
 increase the performance. Order=2 allows us to receive standard frames
 at line rate even on low-end hardware such as an AMD Athlon(tm) 64 X2
 Dual Core Processor 3800+ (2.0GHz). Some customer might not care a lot
 about memory fragmentation if the performance is better.

 But, since high-order allocations are generally considered a bad idea,
 we do not include the relevant code in the following patch for inclusion
 in Linux. Here, we simply pass order=0 to all page allocation routines.
 If necessary, I could drop the remaining reference to high-order
 (especially replace alloc_pages() with alloc_page()) but I'd rather
 keep it as is.

 If high-order allocations are ever considered OK under some circum-
 stances, we could send an additional patch (a module parameter would
 be used to switch from single physical pages to high-order pages).

 As Herbert's already done, I would rather let the net core people
 comment on this.  The code implementation doesn't look scary, but we
 may want to be smarter about this in the core net stack, rather than
 implementing it inside multiple drivers.

Ok, makes sense. We look forward to see this.

Could we get patch #1 merged anyway (page-based skb allocation)?

Any comments about what I was saying about high-order allocations above?

thanks,
Brice

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC] cfg80211 and nl80211

[James Ketrenos]

Johannes Berg wrote:

  * Should the userspace daemon be allowed to unilaterally update the
regulatory information if it learns something new (via the user)?

Many countries forbid users (root is still a user) being enabled to
override the parameters set up by the hardware vendor as tested for use
with a specific device.

If the hardware and/or driver for the hardware advertises a set of
operating parameters, user space should honor those settings and the
kernel should enforce them.

User space should be able to shrink the set of available spectrum
parameters but should not expand it.

Or why not even just publish the regulatory information APs might
broadcast in the scan results, and let the userspace daemon pick
that apart? Then the kernel need not ask for anything at all...

I think exposing this information to the user would be useful, and
indicate which capabilities are restricted based on information provided
by the kernel and/or hardware driver.  When channel 13 doesn't work, it
should be clear to the user why so they know who to get mad at.

  * I seem to have read between the lines that the EEPROM data is
pretty much useless. Is that generally true, or should the userspace
daemon be told what it contains (somehow)?

The EEPROM contents typically represent the configuration and operating
parameters which have been tested and certified to be operational.

These would represent the only settings which a user can operate with
and still be covered by existing certifications.

Regardless of which country you are operating a device in, the device
was intended for sale within a specific geographic and regulatory region
-- it was tested and certified accordingly.  The EEPROM contents
typically provide the information on what was tested and what the
approved operating parameters are for that device.

  * Should the kernel perform some kind of validation on the regulatory
data the daemon gives it as well?

The kernel should enforce the parameters as specified by the
hardware/driver.  In the event that a driver does not advertise a set of
capabilities, the kernel should select the minimal safe set, which
would be a subset of the 2.4Ghz spectrum and likely exclude all of 5.2Ghz.

 Right now I'd think that it would make sense to just leave the whole
 task to our userspace daemon, iow. nl80211 just provides a command
 to update the kernel's knowledge about regulory and the daemon periodically
 checks the scan results for country information, asks the user for
 the country, or similar. If it's not running, the kernel simply starts
 from a generic no-frills set.

With hardware that restricts operation to the capabilities it was tested
and calibrated for, this will likely result in a broken user experience
-- if they try and use a device on channel 13 and the device restricts
operation to channels 1 - 11, tuning operations will fail.

James
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [MLSXFRM] Fix mis-labelling of child sockets

[Paul Moore]

James Morris wrote:
 On Fri, 29 Sep 2006, David Woodhouse wrote:
 
 
Accepted connections of types other than AF_INET, AF_INET6, AF_UNIX
won't have an appropriate label derived from the peer, so don't use it.

Signed-off-by: David Woodhouse [EMAIL PROTECTED]
Acked-by:  Stephen Smalley [EMAIL PROTECTED]
 
 
 Acked-by: James Morris [EMAIL PROTECTED]
 
 
 Please apply as a bugfix.
 

Sorry for the late response.

Acked-by: Paul Moore [EMAIL PROTECTED]

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][BNX2]: Disable MSI on 5706 if AMD 8132 bridge is present

[David Miller]

From: Michael Chan [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 14:39:23 -0700

 On Fri, 2006-09-29 at 17:28 -0400, Jeff Garzik wrote:
  Michael Chan wrote:
   AMD believes this incompatibility is unique to the 5706, and
   prefers to locally disable MSI rather than globally disabling it
   using pci_msi_quirk.
  
  Why is it unique to the 5706?  Is this just a guess on AMD and 
  Broadcom's part?
  
 I just took AMD's word for it.  It doesn't matter to me whether we
 disable it locally or globally.  Since this is AMD's bridge, I just
 follow their recommendation.  They probably haven't seen this issue on
 any other devices except ours.

I really think this is a reasonable thing to do.

It's absolutely rediculious to disable MSI for every card just
because one decided to use a masked 64-bit transaction for
what's supposed to be a 32-bit one.

Jeff, I totally understand your knee-jerk reaction to per-device MSI
validation checks, but in this case I find that knee-jerk reaction
to be totally unreasonable. :-)

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Bcm43xx softMac Driver in 2.6.18

[Ray Lee]

(re-adding linux-kernel.)

Larry Finger wrote:
 Would you please test the attached patch that should be applied to a
 vanilla 2.6.18? I'm currently running it, but only for a few minutes. It
 comes up fine and I ran it through several ifdown/ifup cycles without
 any problem.

Okay, this is far better than vanilla 2.6.18 (or your other patch). I've
been running this for six hours so far with no troubles, when before I'd
have a hard system freeze within a minute or two of associating (or
trying to associate) with an access point.

As for -stable, the patch is sorta, y'know, ginormous:

 bcm43xx.h |  181 +-
 bcm43xx_debugfs.c |   80 
 bcm43xx_debugfs.h |1
 bcm43xx_dma.c |  583 +++---
 bcm43xx_dma.h |  296 +
 bcm43xx_leds.c|   10
 bcm43xx_main.c|  905
+++---
 bcm43xx_main.h|6
 bcm43xx_phy.c |   48 +-
 bcm43xx_pio.c |4
 bcm43xx_sysfs.c   |   46 +-
 bcm43xx_wx.c  |  121 +++
 12 files changed, 1426 insertions(+), 855 deletions(-)

OTOH, the current version is completely unusable on this system, so I
don't know if the right path is to revert the driver to 2.6.17's
version, or to try to move forward with the patch when it's had hard
review and testing.

I'm heading out on vacation for the next two weeks. I'll catch up with
any mail directed to me for more things to try (or report about this
specific system), if requested, when I get back. (Or catch me today.)

Thank you very much for your help,

Ray
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][BNX2]: Disable MSI on 5706 if AMD 8132 bridge is present

[Jeff Garzik]

David Miller wrote:

From: Michael Chan [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 14:39:23 -0700


On Fri, 2006-09-29 at 17:28 -0400, Jeff Garzik wrote:

Michael Chan wrote:

AMD believes this incompatibility is unique to the 5706, and
prefers to locally disable MSI rather than globally disabling it
using pci_msi_quirk.
Why is it unique to the 5706?  Is this just a guess on AMD and 
Broadcom's part?



I just took AMD's word for it.  It doesn't matter to me whether we
disable it locally or globally.  Since this is AMD's bridge, I just
follow their recommendation.  They probably haven't seen this issue on
any other devices except ours.


I really think this is a reasonable thing to do.

It's absolutely rediculious to disable MSI for every card just
because one decided to use a masked 64-bit transaction for
what's supposed to be a 32-bit one.

Jeff, I totally understand your knee-jerk reaction to per-device MSI
validation checks, but in this case I find that knee-jerk reaction
to be totally unreasonable. :-)


How it is unreasonable to clarify a completely vague description of the 
problem?


The patch and description provided no information about whether or not 
it would be better to blacklist 8132 globally, as we have already done 
with the 8131.


Jeff



-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][BNX2]: Disable MSI on 5706 if AMD 8132 bridge is present

[David Miller]

From: Jeff Garzik [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 19:00:15 -0400

 The patch and description provided no information about whether or not 
 it would be better to blacklist 8132 globally, as we have already done 
 with the 8131.

It absolutely was not vague, it gave an explicit description of what
the problem was, down to the transaction type being used by 5706 and
what the stated rules are in the PCI spec, and it also gave a clear
indication that the 5706 was in the wrong and that this was believed
to be a unique situation.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][BNX2]: Disable MSI on 5706 if AMD 8132 bridge is present

[Jeff Garzik]

David Miller wrote:

From: Jeff Garzik [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 19:00:15 -0400

The patch and description provided no information about whether or not 
it would be better to blacklist 8132 globally, as we have already done 
with the 8131.


It absolutely was not vague, it gave an explicit description of what
the problem was, down to the transaction type being used by 5706 and
what the stated rules are in the PCI spec, and it also gave a clear
indication that the 5706 was in the wrong and that this was believed
to be a unique situation.


It was completely vague as to why this incompatibility was specific to 
the 5706, when -- as the description noted -- the behavior is legal.


Re-read the patch.  At no time does it say 5706 was in the wrong.

Jeff



-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][BNX2]: Disable MSI on 5706 if AMD 8132 bridge is present

[Michael Chan]

On Fri, 2006-09-29 at 19:15 -0400, Jeff Garzik wrote:

 It was completely vague as to why this incompatibility was specific to 
 the 5706, when -- as the description noted -- the behavior is legal.
 

The description is a bit vague in that one aspect that Jeff pointed out,
but otherwise very complete in my opinion.

 Re-read the patch.  At no time does it say 5706 was in the wrong.
 

The behavior is legal but AMD believes that it is unique to the 5706.  I
cannot make this less vague since it is a recommendation from AMD.  I
just trust their opinion on this.


-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][BNX2]: Disable MSI on 5706 if AMD 8132 bridge is present

[David Miller]

From: Jeff Garzik [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 19:15:14 -0400

 It was completely vague as to why this incompatibility was specific to 
 the 5706, when -- as the description noted -- the behavior is legal.
 
 Re-read the patch.  At no time does it say 5706 was in the wrong.

True, but it does indicate that using a masked 64-bit transaction
for MSI instead of a true 32-bit one is considered to be quite rare.

Do you wish to put a table of all devices that do this, and at PCI
quirk time disable PCI for everyone on the AMD chipset if even one
such device is found in the device?

That doesn't make any sense to me.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][BNX2]: Disable MSI on 5706 if AMD 8132 bridge is present

[Rick Jones]

It absolutely was not vague, it gave an explicit description of what
the problem was, down to the transaction type being used by 5706 and
what the stated rules are in the PCI spec, and it also gave a clear
indication that the 5706 was in the wrong and that this was believed
to be a unique situation.


I'm not disagreeing with a per-driver check at the moment, but I thought that 
Michael told us that the masking being attempted by the 5706 was legal:


Michael Chan wrote:

MSI is defined to be 32-bit write.  The 5706 does 64-bit MSI writes
with byte enables disabled on the unused 32-bit word.  This is legal
but causes problems on the AMD 8132 which will eventually stop
responding after a while.


 ...

MSI is defined to be 32-bit write.  The 5706 does 64-bit MSI writes
with byte enables disabled on the unused 32-bit word.  This is legal
but causes problems on the AMD 8132 which will eventually stop
responding after a while.



rick jones

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 3/4] [SCTP]: Use correct mask when disabling PMTUD.

[David Miller]

From: Sridhar Samudrala [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 13:00:29 -0700

 [SCTP]: Use correct mask when disabling PMTUD.
 
 Signed-off-by: Vlad Yasevich [EMAIL PROTECTED]
 Signed-off-by: Sridhar Samudrala [EMAIL PROTECTED]

Applied, thanks.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 6/8][ATM]: [lec] use work queue instead of timer for lec arp expiry

[David Miller]

From: chas williams - CONTRACTOR [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 12:44:35 -0400

 please consider for 2.6.19 -- thanks!
 
 [ATM]: [lec] use work queue instead of timer for lec arp expiry
 
 Signed-off-by: Chas Williams [EMAIL PROTECTED]

Applied.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/4] [SCTP]: Do not timestamp every SCTP packet.

[David Miller]

From: Sridhar Samudrala [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 13:00:37 -0700

 [SCTP]: Do not timestamp every SCTP packet.
 
 We only need the timestamp on COOKIE-ECHO chunks, so instead of always
 timestamping every SCTP packet, let common code timestamp if the socket
 option is set.  For COOKIE-ECHO, simply get the time of day if we don't
 have a timestamp.  This introduces a small possibility that the cookie
 may be considered expired, but it will be renegotiated.
 
 Signed-off-by: Vlad Yasevich [EMAIL PROTECTED]
 Signed-off-by: Sridhar Samudrala [EMAIL PROTECTED]

Also applied, thanks a lot.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/8][ATM]: [lec] convert lec_arp_table to hlist

[David Miller]

From: chas williams - CONTRACTOR [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 12:40:47 -0400

 please consider for 2.6.19 -- thanks!
 
 [ATM]: [lec] convert lec_arp_table to hlist
 
 Signed-off-by: Chas Williams [EMAIL PROTECTED]

Applied.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/8][ATM]: [lec] indent, comment and whitespace cleanup

[David Miller]

From: chas williams - CONTRACTOR [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 12:37:26 -0400

 [ATM]: [lec] indent, comment and whitespace cleanup
 
 Signed-off-by: Chas Williams [EMAIL PROTECTED]

Applied, thanks.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html