From 249ddc79a38a8918ad53ac22606ca8af694344a5 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Tue, 24 May 2011 10:20:17 +0200 Subject: netfilter: ipset: Use proper timeout value to jiffies conversion Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter/ipset/ip_set_timeout.h | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'include') diff --git a/include/linux/netfilter/ipset/ip_set_timeout.h b/include/linux/netfilter/ipset/ip_set_timeout.h index 9f30c5f2ec1c..bcdd40ad39ed 100644 --- a/include/linux/netfilter/ipset/ip_set_timeout.h +++ b/include/linux/netfilter/ipset/ip_set_timeout.h @@ -45,7 +45,7 @@ ip_set_timeout_test(unsigned long timeout) { return timeout != IPSET_ELEM_UNSET && (timeout == IPSET_ELEM_PERMANENT || - time_after(timeout, jiffies)); + time_is_after_jiffies(timeout)); } static inline bool @@ -53,7 +53,7 @@ ip_set_timeout_expired(unsigned long timeout) { return timeout != IPSET_ELEM_UNSET && timeout != IPSET_ELEM_PERMANENT && - time_before(timeout, jiffies); + time_is_before_jiffies(timeout); } static inline unsigned long @@ -64,7 +64,7 @@ ip_set_timeout_set(u32 timeout) if (!timeout) return IPSET_ELEM_PERMANENT; - t = timeout * HZ + jiffies; + t = msecs_to_jiffies(timeout * 1000) + jiffies; if (t == IPSET_ELEM_UNSET || t == IPSET_ELEM_PERMANENT) /* Bingo! */ t++; @@ -75,7 +75,8 @@ ip_set_timeout_set(u32 timeout) static inline u32 ip_set_timeout_get(unsigned long timeout) { - return timeout == IPSET_ELEM_PERMANENT ? 0 : (timeout - jiffies)/HZ; + return timeout == IPSET_ELEM_PERMANENT ? 0 : + jiffies_to_msecs(timeout - jiffies)/1000; } #else @@ -89,14 +90,14 @@ static inline bool ip_set_timeout_test(unsigned long timeout) { return timeout == IPSET_ELEM_PERMANENT || - time_after(timeout, jiffies); + time_is_after_jiffies(timeout); } static inline bool ip_set_timeout_expired(unsigned long timeout) { return timeout != IPSET_ELEM_PERMANENT && - time_before(timeout, jiffies); + time_is_before_jiffies(timeout); } static inline unsigned long @@ -107,7 +108,7 @@ ip_set_timeout_set(u32 timeout) if (!timeout) return IPSET_ELEM_PERMANENT; - t = timeout * HZ + jiffies; + t = msecs_to_jiffies(timeout * 1000) + jiffies; if (t == IPSET_ELEM_PERMANENT) /* Bingo! :-) */ t++; @@ -118,7 +119,8 @@ ip_set_timeout_set(u32 timeout) static inline u32 ip_set_timeout_get(unsigned long timeout) { - return timeout == IPSET_ELEM_PERMANENT ? 0 : (timeout - jiffies)/HZ; + return timeout == IPSET_ELEM_PERMANENT ? 0 : + jiffies_to_msecs(timeout - jiffies)/1000; } #endif /* ! IP_SET_BITMAP_TIMEOUT */ -- cgit v1.2.3 From b141c242ff978b63cdf0f3d1a767a5152750166b Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Tue, 24 May 2011 10:20:18 +0200 Subject: netfilter: ipset: remove unused variable from type_pf_tdel() Variable 'ret' is set in type_pf_tdel() but not used, remove. Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter/ipset/ip_set_ahash.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/linux/netfilter/ipset/ip_set_ahash.h b/include/linux/netfilter/ipset/ip_set_ahash.h index a0196ac79051..ac3c822eb39a 100644 --- a/include/linux/netfilter/ipset/ip_set_ahash.h +++ b/include/linux/netfilter/ipset/ip_set_ahash.h @@ -839,7 +839,7 @@ type_pf_tdel(struct ip_set *set, void *value, u32 timeout) struct htable *t = h->table; const struct type_pf_elem *d = value; struct hbucket *n; - int i, ret = 0; + int i; struct type_pf_elem *data; u32 key; @@ -850,7 +850,7 @@ type_pf_tdel(struct ip_set *set, void *value, u32 timeout) if (!type_pf_data_equal(data, d)) continue; if (type_pf_data_expired(data)) - ret = -IPSET_ERR_EXIST; + return -IPSET_ERR_EXIST; if (i != n->pos - 1) /* Not last one */ type_pf_data_copy(data, ahash_tdata(n, n->pos - 1)); -- cgit v1.2.3 From 86e4ca66e81bba0f8640f1fa19b8b8f72cbd0561 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Thu, 26 May 2011 15:00:31 -0400 Subject: bug.h: Move ratelimit warn interfaces to ratelimit.h As reported by Ingo Molnar, we still have configuration combinations where use of the WARN_RATELIMIT interfaces break the build because dependencies don't get met. Instead of going down the long road of trying to make it so that ratelimit.h can get included by kernel.h or asm-generic/bug.h, just move the interface into ratelimit.h and make users have to include that. Reported-by: Ingo Molnar Signed-off-by: David S. Miller Acked-by: Randy Dunlap --- include/asm-generic/bug.h | 40 ---------------------------------------- include/linux/ratelimit.h | 40 ++++++++++++++++++++++++++++++++++++++++ net/core/filter.c | 1 + 3 files changed, 41 insertions(+), 40 deletions(-) (limited to 'include') diff --git a/include/asm-generic/bug.h b/include/asm-generic/bug.h index 91784841e407..dfb0ec666c94 100644 --- a/include/asm-generic/bug.h +++ b/include/asm-generic/bug.h @@ -162,46 +162,6 @@ extern void warn_slowpath_null(const char *file, const int line); unlikely(__ret_warn_once); \ }) -#ifdef CONFIG_PRINTK - -#define WARN_ON_RATELIMIT(condition, state) \ - WARN_ON((condition) && __ratelimit(state)) - -#define __WARN_RATELIMIT(condition, state, format...) \ -({ \ - int rtn = 0; \ - if (unlikely(__ratelimit(state))) \ - rtn = WARN(condition, format); \ - rtn; \ -}) - -#define WARN_RATELIMIT(condition, format...) \ -({ \ - static DEFINE_RATELIMIT_STATE(_rs, \ - DEFAULT_RATELIMIT_INTERVAL, \ - DEFAULT_RATELIMIT_BURST); \ - __WARN_RATELIMIT(condition, &_rs, format); \ -}) - -#else - -#define WARN_ON_RATELIMIT(condition, state) \ - WARN_ON(condition) - -#define __WARN_RATELIMIT(condition, state, format...) \ -({ \ - int rtn = WARN(condition, format); \ - rtn; \ -}) - -#define WARN_RATELIMIT(condition, format...) \ -({ \ - int rtn = WARN(condition, format); \ - rtn; \ -}) - -#endif - /* * WARN_ON_SMP() is for cases that the warning is either * meaningless for !SMP or may even cause failures. diff --git a/include/linux/ratelimit.h b/include/linux/ratelimit.h index 03ff67b0cdf5..2f007157fab9 100644 --- a/include/linux/ratelimit.h +++ b/include/linux/ratelimit.h @@ -41,4 +41,44 @@ extern struct ratelimit_state printk_ratelimit_state; extern int ___ratelimit(struct ratelimit_state *rs, const char *func); #define __ratelimit(state) ___ratelimit(state, __func__) +#ifdef CONFIG_PRINTK + +#define WARN_ON_RATELIMIT(condition, state) \ + WARN_ON((condition) && __ratelimit(state)) + +#define __WARN_RATELIMIT(condition, state, format...) \ +({ \ + int rtn = 0; \ + if (unlikely(__ratelimit(state))) \ + rtn = WARN(condition, format); \ + rtn; \ +}) + +#define WARN_RATELIMIT(condition, format...) \ +({ \ + static DEFINE_RATELIMIT_STATE(_rs, \ + DEFAULT_RATELIMIT_INTERVAL, \ + DEFAULT_RATELIMIT_BURST); \ + __WARN_RATELIMIT(condition, &_rs, format); \ +}) + +#else + +#define WARN_ON_RATELIMIT(condition, state) \ + WARN_ON(condition) + +#define __WARN_RATELIMIT(condition, state, format...) \ +({ \ + int rtn = WARN(condition, format); \ + rtn; \ +}) + +#define WARN_RATELIMIT(condition, format...) \ +({ \ + int rtn = WARN(condition, format); \ + rtn; \ +}) + +#endif + #endif /* _LINUX_RATELIMIT_H */ diff --git a/net/core/filter.c b/net/core/filter.c index 0e3622f1dcb1..36f975fa87cb 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -38,6 +38,7 @@ #include #include #include +#include /* No hurry in this branch */ static void *__load_pointer(const struct sk_buff *skb, int k, unsigned int size) -- cgit v1.2.3 From c74c0bfe0b61cf41a897c2444c038e0d3f600556 Mon Sep 17 00:00:00 2001 From: Hans Schillstrom Date: Tue, 24 May 2011 14:11:05 +0200 Subject: IPVS: bug in ip_vs_ftp, same list heaad used in all netns. When ip_vs was adapted to netns the ftp application was not adapted in a correct way. However this is a fix to avoid kernel errors. In the long term another solution might be chosen. I.e the ports that the ftp appl, uses should be per netns. Signed-off-by: Hans Schillstrom Acked-by: Julian Anastasov Signed-off-by: Pablo Neira Ayuso --- include/net/ip_vs.h | 3 ++- net/netfilter/ipvs/ip_vs_ftp.c | 27 +++++++++++++++++++-------- 2 files changed, 21 insertions(+), 9 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 4fff432aeade..481f856c650f 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -797,7 +797,8 @@ struct netns_ipvs { struct list_head rs_table[IP_VS_RTAB_SIZE]; /* ip_vs_app */ struct list_head app_list; - + /* ip_vs_ftp */ + struct ip_vs_app *ftp_app; /* ip_vs_proto */ #define IP_VS_PROTO_TAB_SIZE 32 /* must be power of 2 */ struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE]; diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c index 6b5dd6ddaae9..af63553fa332 100644 --- a/net/netfilter/ipvs/ip_vs_ftp.c +++ b/net/netfilter/ipvs/ip_vs_ftp.c @@ -411,25 +411,35 @@ static struct ip_vs_app ip_vs_ftp = { static int __net_init __ip_vs_ftp_init(struct net *net) { int i, ret; - struct ip_vs_app *app = &ip_vs_ftp; + struct ip_vs_app *app; + struct netns_ipvs *ipvs = net_ipvs(net); + + app = kmemdup(&ip_vs_ftp, sizeof(struct ip_vs_app), GFP_KERNEL); + if (!app) + return -ENOMEM; + INIT_LIST_HEAD(&app->a_list); + INIT_LIST_HEAD(&app->incs_list); + ipvs->ftp_app = app; ret = register_ip_vs_app(net, app); if (ret) - return ret; + goto err_exit; for (i=0; iprotocol, ports[i]); if (ret) - break; + goto err_unreg; pr_info("%s: loaded support on port[%d] = %d\n", app->name, i, ports[i]); } + return 0; - if (ret) - unregister_ip_vs_app(net, app); - +err_unreg: + unregister_ip_vs_app(net, app); +err_exit: + kfree(ipvs->ftp_app); return ret; } /* @@ -437,9 +447,10 @@ static int __net_init __ip_vs_ftp_init(struct net *net) */ static void __ip_vs_ftp_exit(struct net *net) { - struct ip_vs_app *app = &ip_vs_ftp; + struct netns_ipvs *ipvs = net_ipvs(net); - unregister_ip_vs_app(net, app); + unregister_ip_vs_app(net, ipvs->ftp_app); + kfree(ipvs->ftp_app); } static struct pernet_operations ip_vs_ftp_ops = { -- cgit v1.2.3 From 9d931dd2ed62c14d7bf7c4c3ab3ef7610c46ca9b Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Thu, 26 May 2011 16:30:57 -0400 Subject: net: Kill ether_table[] declaration. This got missed back in 2006 when Jes Sorensen deleted net/ethernet/sysctl_net_ether.c Signed-off-by: David S. Miller --- include/linux/if_ether.h | 4 ---- 1 file changed, 4 deletions(-) (limited to 'include') diff --git a/include/linux/if_ether.h b/include/linux/if_ether.h index 0f1325d98295..0065ffd3226b 100644 --- a/include/linux/if_ether.h +++ b/include/linux/if_ether.h @@ -132,10 +132,6 @@ static inline struct ethhdr *eth_hdr(const struct sk_buff *skb) int eth_header_parse(const struct sk_buff *skb, unsigned char *haddr); -#ifdef CONFIG_SYSCTL -extern struct ctl_table ether_table[]; -#endif - int mac_pton(const char *s, u8 *mac); extern ssize_t sysfs_format_mac(char *buf, const unsigned char *addr, int len); -- cgit v1.2.3 From bee95250f015ffc3a6efb99516489e70d1b52da2 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Thu, 26 May 2011 16:40:37 -0400 Subject: net: Add linux/sysctl.h includes where needed. Several networking headers were depending upon the implicit linux/sysctl.h include they get when including linux/net.h Add explicit includes. Signed-off-by: David S. Miller --- include/linux/netfilter.h | 1 + include/net/net_namespace.h | 1 + 2 files changed, 2 insertions(+) (limited to 'include') diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 7fa95df60146..857f5026ced6 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -13,6 +13,7 @@ #endif #include #include +#include /* Responses from hook functions. */ #define NF_DROP 0 diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index 3ae491932bc8..07a60e8b749e 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h @@ -7,6 +7,7 @@ #include #include #include +#include #include #include -- cgit v1.2.3 From c5c177b4aca83338781e72be2e6dd1601c560cb3 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Fri, 27 May 2011 13:41:33 -0400 Subject: net: Kill ratelimit.h dependency in linux/net.h Ingo Molnar noticed that we have this unnecessary ratelimit.h dependency in linux/net.h, which hid compilation problems from people doing builds only with CONFIG_NET enabled. Move this stuff out to a seperate net/net_ratelimit.h file and include that in the only two places where this thing is needed. Signed-off-by: David S. Miller Acked-by: Ingo Molnar --- include/linux/net.h | 6 ------ include/net/net_ratelimit.h | 8 ++++++++ net/core/sysctl_net_core.c | 1 + net/core/utils.c | 1 + 4 files changed, 10 insertions(+), 6 deletions(-) create mode 100644 include/net/net_ratelimit.h (limited to 'include') diff --git a/include/linux/net.h b/include/linux/net.h index 1da55e9b6f01..b29923006b11 100644 --- a/include/linux/net.h +++ b/include/linux/net.h @@ -289,11 +289,5 @@ extern int kernel_sock_shutdown(struct socket *sock, MODULE_ALIAS("net-pf-" __stringify(pf) "-proto-" __stringify(proto) \ "-type-" __stringify(type)) -#ifdef CONFIG_SYSCTL -#include -#include -extern struct ratelimit_state net_ratelimit_state; -#endif - #endif /* __KERNEL__ */ #endif /* _LINUX_NET_H */ diff --git a/include/net/net_ratelimit.h b/include/net/net_ratelimit.h new file mode 100644 index 000000000000..7727b4247daf --- /dev/null +++ b/include/net/net_ratelimit.h @@ -0,0 +1,8 @@ +#ifndef _LINUX_NET_RATELIMIT_H +#define _LINUX_NET_RATELIMIT_H + +#include + +extern struct ratelimit_state net_ratelimit_state; + +#endif /* _LINUX_NET_RATELIMIT_H */ diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c index a829e3f60aeb..77a65f031488 100644 --- a/net/core/sysctl_net_core.c +++ b/net/core/sysctl_net_core.c @@ -17,6 +17,7 @@ #include #include +#include #ifdef CONFIG_RPS static int rps_sock_flow_sysctl(ctl_table *table, int write, diff --git a/net/core/utils.c b/net/core/utils.c index 2012bc797f9c..386e263f6066 100644 --- a/net/core/utils.c +++ b/net/core/utils.c @@ -27,6 +27,7 @@ #include #include +#include #include #include -- cgit v1.2.3