kernel/include/net/ipv6.h, branch linux-3.0.y Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-3.0.y 2013-02-28T14:32:27Z ipv6: use a stronger hash for tcp 2013-02-28T14:32:27Z Eric Dumazet edumazet@google.com 2013-02-21T12:18:52Z urn:sha1:ae593067dbed83010fee8ad59bab7948f3d3601f [ Upstream commit 08dcdbf6a7b9d14c2302c5bd0c5390ddf122f664 ] It looks like its possible to open thousands of TCP IPv6 sessions on a server, all landing in a single slot of TCP hash table. Incoming packets have to lookup sockets in a very long list. We should hash all bits from foreign IPv6 addresses, using a salt and hash mix, not a simple XOR. inet6_ehashfn() can also separately use the ports, instead of xoring them. Reported-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ipv6: fix NULL dereference in udp6_ufo_fragment() 2011-10-16T21:14:54Z Jason Wang jasowang@redhat.com 2011-10-09T02:56:44Z urn:sha1:a1b7ab0836a56fa4c9578f88ba1042398d7d9316 This patch fixes the issue caused by ef81bb40bf15f350fe865f31fa42f1082772a576 which is a backport of upstream 87c48fa3b4630905f98268dde838ee43626a060c. The problem does not exist in upstream. We do not check whether route is attached before trying to assign ip identification through route dest which lead NULL pointer dereference. This happens when host bridge transmit a packet from guest. This patch changes ipv6_select_ident() to accept in6_addr as its paramter and fix the issue by using the destination address in ipv6 header when no route is attached. Signed-off-by: Jason Wang <jasowang@redhat.com> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> ipv6: make fragment identifications less predictable 2011-08-16T01:31:37Z Eric Dumazet eric.dumazet@gmail.com 2011-08-09T06:44:00Z urn:sha1:ef81bb40bf15f350fe865f31fa42f1082772a576 [ Backport of upstream commit 87c48fa3b4630905f98268dde838ee43626a060c ] Fernando Gont reported current IPv6 fragment identification generation was not secure, because using a very predictable system-wide generator, allowing various attacks. IPv4 uses inetpeer cache to address this problem and to get good performance. We'll use this mechanism when IPv6 inetpeer is stable enough in linux-3.1 For the time being, we use jhash on destination address to provide less predictable identifications. Also remove a spinlock and use cmpxchg() to get better SMP performance. Reported-by: Fernando Gont <fernando@gont.com.ar> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> ipv6: reduce per device ICMP mib sizes 2011-05-19T20:21:22Z Eric Dumazet eric.dumazet@gmail.com 2011-05-19T01:14:23Z urn:sha1:be281e554e2a4cf2478df7a8b8926c89454bccfa ipv6 has per device ICMP SNMP counters, taking too much space because they use percpu storage. needed size per device is : (512+4)*sizeof(long)*number_of_possible_cpus*2 On a 32bit kernel, 16 possible cpus, this wastes more than 64kbytes of memory per ipv6 enabled network device, taken in vmalloc pool. Since ICMP messages are rare, just use shared counters (atomic_long_t) Per network space ICMP counters are still using percpu memory, we might also convert them to shared counters in a future patch. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Denys Fedoryshchenko <denys@visp.net.lb> Signed-off-by: David S. Miller <davem@davemloft.net> net: Remove __KERNEL__ cpp checks from include/net 2011-04-24T17:54:56Z David S. Miller davem@davemloft.net 2011-04-24T17:54:56Z urn:sha1:2a9e9507011440a57d6356ded630ba0c0f5d4b77 These header files are never installed to user consumption, so any __KERNEL__ cpp checks are superfluous. Projects should also not copy these files into their userland utility sources and try to use them there. If they insist on doing so, the onus is on them to sanitize the headers as needed. Signed-off-by: David S. Miller <davem@davemloft.net> inet: constify ip headers and in6_addr 2011-04-22T18:04:14Z Eric Dumazet eric.dumazet@gmail.com 2011-04-22T04:53:02Z urn:sha1:b71d1d426d263b0b6cb5760322efebbfc89d4463 Add const qualifiers to structs iphdr, ipv6hdr and in6_addr pointers where possible, to make code intention more obvious. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> ipv6: Convert to use flowi6 where applicable. 2011-03-12T23:08:54Z David S. Miller davem@davemloft.net 2011-03-12T21:22:43Z urn:sha1:4c9483b2fb5d2548c3cc1fe03cdd4484ceeb5d1c Signed-off-by: David S. Miller <davem@davemloft.net> Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-03-04T05:27:42Z David S. Miller davem@davemloft.net 2011-03-04T05:27:42Z urn:sha1:0a0e9ae1bd788bc19adc4d4ae08c98b233697402 Conflicts: drivers/net/bnx2x/bnx2x.h xfrm: Handle blackhole route creation via afinfo. 2011-03-01T22:59:04Z David S. Miller davem@davemloft.net 2011-03-01T22:59:04Z urn:sha1:2774c131b1d19920b4587db1cfbd6f0750ad1f15 That way we don't have to potentially do this in every xfrm_lookup() caller. Signed-off-by: David S. Miller <davem@davemloft.net> ipv6: Normalize arguments to ip6_dst_blackhole(). 2011-03-01T22:45:33Z David S. Miller davem@davemloft.net 2011-03-01T22:45:33Z urn:sha1:69ead7afdf6028184f713a77376ee26f8aaafdcd Return a dst pointer which is potentitally error encoded. Don't pass original dst pointer by reference, pass a struct net instead of a socket, and elide the flow argument since it is unnecessary. Signed-off-by: David S. Miller <davem@davemloft.net>