Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v3.7 2012-11-20T20:16:15Z 2012-11-20T20:16:15Z Eric Dumazet edumazet@google.com 2012-11-20T20:14:51Z urn:sha1:b4dd006760d671337b62532277b0296bcee8dfd4 In case of error, inet6_csk_update_pmtu() should consistently return NULL. Bug added in commit 35ad9b9cf7d8a (ipv6: Add helper inet6_csk_update_pmtu().) Reported-by: Lluís Batlle i Rossell <viric@viric.name> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-11-13T19:38:47Z Hannes Frederic Sowa hannes@stressinduktion.org 2012-11-10T19:52:34Z urn:sha1:d4596bad2a713fcd0def492b1960e6d899d5baa8 Cc: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-11-09T22:11:17Z Nicolas Dichtel nicolas.dichtel@6wind.com 2012-11-09T05:34:56Z urn:sha1:a375413311b39005ef281bfd71ae8f4e3df22e97 Spotted after a code review. Introduced by c12b395a46646bab69089ce7016ac78177f6001f (gre: Support GRE over IPv6). Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-11-09T21:18:52Z Hannes Frederic Sowa hannes@stressinduktion.org 2012-11-06T16:18:41Z urn:sha1:60713a0ca7fd6651b951cc1b4dbd528d1fc0281b As documented in RFC4861 (Neighbor Discovery for IP version 6) 7.2.6., unsolicited neighbour advertisements should be sent to the all-nodes multicast address. Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-10-31T18:54:15Z David S. Miller davem@davemloft.net 2012-10-31T18:54:15Z urn:sha1:f8450bbe8c7e94b7ef83e74d270d48e057173ed0 Pablo Neira Ayuso says: ==================== The following patchset contains fixes for your net tree, two of them are due to relatively recent changes, one has been a longstanding bug, they are: * Fix incorrect usage of rt_gateway in the H.323 helper, from Julian Anastasov. * Skip re-route in nf_nat code for ICMP traffic. If CONFIG_XFRM is enabled, we waste cycles to look up for the route again. This problem seems to be there since really long time. From Ulrich Weber. * Fix mismatching section in nf_conntrack_reasm, from Hein Tibosch. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 2012-10-28T21:44:15Z Hein Tibosch hein_tibosch@yahoo.es 2012-10-26T23:49:26Z urn:sha1:f1df1374dc83d62588667e566e959df384718ad1 WARNING: net/ipv6/netfilter/nf_defrag_ipv6.o(.text+0xe0): Section mismatch in reference from the function nf_ct_net_init() to the function .init.text:nf_ct_frag6_sysctl_register() The function nf_ct_net_init() references the function __init nf_ct_frag6_sysctl_register(). In case nf_conntrack_ipv6 is compiled as a module, nf_ct_net_init could be called after the init code and data are unloaded. Therefore remove the "__net_init" annotation from nf_ct_frag6_sysctl_register(). Signed-off-by: Hein Tibosch <hein_tibosch@yahoo.es> Acked-by: Cong Wang <amwang@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-10-28T21:43:34Z Ulrich Weber ulrich.weber@sophos.com 2012-10-25T05:34:45Z urn:sha1:38fe36a248ec3228f8e6507955d7ceb0432d2000 ICMP tuples have id in src and type/code in dst. So comparing src.u.all with dst.u.all will always fail here and ip_xfrm_me_harder() is called for every ICMP packet, even if there was no NAT. Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-10-25T03:14:17Z Li RongQing roy.qing.li@gmail.com 2012-10-24T06:01:18Z urn:sha1:14edd87dc67311556f1254a8f29cf4dd6cb5b7d1 Commit a02e4b7dae4551(Demark default hoplimit as zero) only changes the hoplimit checking condition and default value in ip6_dst_hoplimit, not zeros all hoplimit default value. Keep the zeroing ip6_template_metrics[RTAX_HOPLIMIT - 1] to force it as const, cause as a37e6e344910(net: force dst_default_metrics to const section) Signed-off-by: Li RongQing <roy.qing.li@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-10-16T18:41:47Z Eric Dumazet edumazet@google.com 2012-10-16T07:37:27Z urn:sha1:9f0d3c2781baa1102108e16efbe640dd74564a7c Commit 1d5783030a1 (ipv6/addrconf: speedup /proc/net/if_inet6 filling) added bugs hiding some devices from if_inet6 and breaking applications. "ip -6 addr" could still display all IPv6 addresses, while "ifconfig -a" couldnt. One way to reproduce the bug is by starting in a shell : unshare -n /bin/bash ifconfig lo up And in original net namespace, lo device disappeared from if_inet6 Reported-by: Jan Hinnerk Stosch <janhinnerk.stosch@gmail.com> Tested-by: Jan Hinnerk Stosch <janhinnerk.stosch@gmail.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Mihai Maruseac <mihai.maruseac@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-10-12T17:52:40Z Alexey Kuznetsov kuznet@ms2.inr.ac.ru 2012-10-12T04:34:17Z urn:sha1:4c67525849e0b7f4bd4fab2487ec9e43ea52ef29 After commit e2446eaa ("tcp_v4_send_reset: binding oif to iif in no sock case").. tcp resets are always lost, when routing is asymmetric. Yes, backing out that patch will result in misrouting of resets for dead connections which used interface binding when were alive, but we actually cannot do anything here. What's died that's died and correct handling normal unbound connections is obviously a priority. Comment to comment: > This has few benefits: > 1. tcp_v6_send_reset already did that. It was done to route resets for IPv6 link local addresses. It was a mistake to do so for global addresses. The patch fixes this as well. Actually, the problem appears to be even more serious than guaranteed loss of resets. As reported by Sergey Soloviev <sol@eqv.ru>, those misrouted resets create a lot of arp traffic and huge amount of unresolved arp entires putting down to knees NAT firewalls which use asymmetric routing. Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>