<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/include/net, branch v3.11.5</title>
<subtitle>Linux kernel source tree</subtitle>
<id>https://git.amat.us/linux/atom/include/net?h=v3.11.5</id>
<link rel='self' href='https://git.amat.us/linux/atom/include/net?h=v3.11.5'/>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/'/>
<updated>2013-10-14T01:14:29Z</updated>
<entry>
<title>Bluetooth: Introduce a new HCI_RFKILLED flag</title>
<updated>2013-10-14T01:14:29Z</updated>
<author>
<name>Johan Hedberg</name>
<email>johan.hedberg@intel.com</email>
</author>
<published>2013-09-13T05:58:17Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=fe3500ee45a4649a6837051572a02872e3017375'/>
<id>urn:sha1:fe3500ee45a4649a6837051572a02872e3017375</id>
<content type='text'>
commit 5e130367d43ff22836bbae380d197d600fe8ddbb upstream.

This makes it more convenient to check for rfkill (no need to check for
dev-&gt;rfkill before calling rfkill_blocked()) and also avoids potential
races if the RFKILL state needs to be checked from within the rfkill
callback.

Signed-off-by: Johan Hedberg &lt;johan.hedberg@intel.com&gt;
Acked-by: Marcel Holtmann &lt;marcel@holtmann.org&gt;
Signed-off-by: Gustavo Padovan &lt;gustavo.padovan@collabora.co.uk&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
</entry>
<entry>
<title>net: net_secret should not depend on TCP</title>
<updated>2013-10-14T01:14:26Z</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2013-09-24T13:19:57Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=1d9aa1c2278f3c77af5c5c5132afe596a97f8d13'/>
<id>urn:sha1:1d9aa1c2278f3c77af5c5c5132afe596a97f8d13</id>
<content type='text'>
[ Upstream commit 9a3bab6b05383f1e4c3716b3615500c51285959e ]

A host might need net_secret[] and never open a single socket.

Problem added in commit aebda156a570782
("net: defer net_secret[] initialization")

Based on prior patch from Hannes Frederic Sowa.

Reported-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@strressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>IPv6 NAT: Do not drop DNATed 6to4/6rd packets</title>
<updated>2013-10-14T01:14:26Z</updated>
<author>
<name>Catalin(ux) M. BOIE</name>
<email>catab@embedromix.ro</email>
</author>
<published>2013-09-23T20:04:19Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=3e459c8c1de3e9098e7fb0b97d5cb6121bef48a8'/>
<id>urn:sha1:3e459c8c1de3e9098e7fb0b97d5cb6121bef48a8</id>
<content type='text'>
[ Upstream commit 7df37ff33dc122f7bd0614d707939fe84322d264 ]

When a router is doing DNAT for 6to4/6rd packets the latest
anti-spoofing commit 218774dc ("ipv6: add anti-spoofing checks for
6to4 and 6rd") will drop them because the IPv6 address embedded does
not match the IPv4 destination. This patch will allow them to pass by
testing if we have an address that matches on 6to4/6rd interface.  I
have been hit by this problem using Fedora and IPV6TO4_IPV4ADDR.
Also, log the dropped packets (with rate limit).

Signed-off-by: Catalin(ux) M. BOIE &lt;catab@embedromix.ro&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ip: generate unique IP identificator if local fragmentation is allowed</title>
<updated>2013-10-14T01:14:25Z</updated>
<author>
<name>Ansis Atteka</name>
<email>aatteka@nicira.com</email>
</author>
<published>2013-09-18T22:29:53Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=c66097370b7dcfc508dc5a7b8e52adc77fba9961'/>
<id>urn:sha1:c66097370b7dcfc508dc5a7b8e52adc77fba9961</id>
<content type='text'>
[ Upstream commit 703133de331a7a7df47f31fb9de51dc6f68a9de8 ]

If local fragmentation is allowed, then ip_select_ident() and
ip_select_ident_more() need to generate unique IDs to ensure
correct defragmentation on the peer.

For example, if IPsec (tunnel mode) has to encrypt large skbs
that have local_df bit set, then all IP fragments that belonged
to different ESP datagrams would have used the same identificator.
If one of these IP fragments would get lost or reordered, then
peer could possibly stitch together wrong IP fragments that did
not belong to the same datagram. This would lead to a packet loss
or data corruption.

Signed-off-by: Ansis Atteka &lt;aatteka@nicira.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec</title>
<updated>2013-08-29T20:05:30Z</updated>
<author>
<name>David S. Miller</name>
<email>davem@davemloft.net</email>
</author>
<published>2013-08-29T20:05:30Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=79f9ab7e0a8ec452e58b5a5267b9eb019ff493d0'/>
<id>urn:sha1:79f9ab7e0a8ec452e58b5a5267b9eb019ff493d0</id>
<content type='text'>
Steffen Klassert says:

====================
This pull request fixes some issues that arise when 6in4 or 4in6 tunnels
are used in combination with IPsec, all from Hannes Frederic Sowa and a
null pointer dereference when queueing packets to the policy hold queue.

1) We might access the local error handler of the wrong address family if
   6in4 or 4in6 tunnel is protected by ipsec. Fix this by addind a pointer
   to the correct local_error to xfrm_state_afinet.

2) Add a helper function to always refer to the correct interpretation
   of skb-&gt;sk.

3) Call skb_reset_inner_headers to record the position of the inner headers
   when adding a new one in various ipv6 tunnels. This is needed to identify
   the addresses where to send back errors in the xfrm layer.

4) Dereference inner ipv6 header if encapsulated to always call the
   right error handler.

5) Choose protocol family by skb protocol to not call the wrong
   xfrm{4,6}_local_error handler in case an ipv6 sockets is used
   in ipv4 mode.

6) Partly revert "xfrm: introduce helper for safe determination of mtu"
   because this introduced pmtu discovery problems.

7) Set skb-&gt;protocol on tcp, raw and ip6_append_data genereated skbs.
   We need this to get the correct mtu informations in xfrm.

8) Fix null pointer dereference in xdst_queue_output.
====================

Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
</entry>
<entry>
<title>net: add cpu_relax to busy poll loop</title>
<updated>2013-08-28T21:45:48Z</updated>
<author>
<name>Eliezer Tamir</name>
<email>eliezer.tamir@linux.intel.com</email>
</author>
<published>2013-08-25T07:23:46Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=3046e2f5b79a86044ac0a29c69610d6ac6a4b882'/>
<id>urn:sha1:3046e2f5b79a86044ac0a29c69610d6ac6a4b882</id>
<content type='text'>
Add a cpu_relaxt to sk_busy_loop.

Julie Cummings reported performance issues when hyperthreading is on.
Arjan van de Ven observed that we should have a cpu_relax() in the
busy poll loop.

Reported-by: Julie Cummings &lt;julie.a.cummings@intel.com&gt;
Signed-off-by: Eliezer Tamir &lt;eliezer.tamir@linux.intel.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
</entry>
<entry>
<title>genl: Hold reference on correct module while netlink-dump.</title>
<updated>2013-08-28T21:19:17Z</updated>
<author>
<name>Pravin B Shelar</name>
<email>pshelar@nicira.com</email>
</author>
<published>2013-08-23T19:45:04Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=33c6b1f6b154894321f5734e50c66621e9134e7e'/>
<id>urn:sha1:33c6b1f6b154894321f5734e50c66621e9134e7e</id>
<content type='text'>
netlink dump operations take module as parameter to hold
reference for entire netlink dump duration.
Currently it holds ref only on genl module which is not correct
when we use ops registered to genl from another module.
Following patch adds module pointer to genl_ops so that netlink
can hold ref count on it.

CC: Jesse Gross &lt;jesse@nicira.com&gt;
CC: Johannes Berg &lt;johannes.berg@intel.com&gt;
Signed-off-by: Pravin B Shelar &lt;pshelar@nicira.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
</entry>
<entry>
<title>xfrm: revert ipv4 mtu determination to dst_mtu</title>
<updated>2013-08-26T10:40:53Z</updated>
<author>
<name>Hannes Frederic Sowa</name>
<email>hannes@stressinduktion.org</email>
</author>
<published>2013-08-26T10:31:19Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=5a25cf1e310888eb333f9e034be84a8117111d30'/>
<id>urn:sha1:5a25cf1e310888eb333f9e034be84a8117111d30</id>
<content type='text'>
In commit 0ea9d5e3e0e03a63b11392f5613378977dae7eca ("xfrm: introduce
helper for safe determination of mtu") I switched the determination of
ipv4 mtus from dst_mtu to ip_skb_dst_mtu. This was an error because in
case of IP_PMTUDISC_PROBE we fall back to the interface mtu, which is
never correct for ipv4 ipsec.

This patch partly reverts 0ea9d5e3e0e03a63b11392f5613378977dae7eca
("xfrm: introduce helper for safe determination of mtu").

Cc: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
Signed-off-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
</content>
</entry>
<entry>
<title>Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem</title>
<updated>2013-08-23T15:47:48Z</updated>
<author>
<name>John W. Linville</name>
<email>linville@tuxdriver.com</email>
</author>
<published>2013-08-23T15:47:48Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=81ca2ff9450c2e983ee416eca17ebe6fa9c3da4f'/>
<id>urn:sha1:81ca2ff9450c2e983ee416eca17ebe6fa9c3da4f</id>
<content type='text'>
</content>
</entry>
<entry>
<title>ipv6: handle Redirect ICMP Message with no Redirected Header option</title>
<updated>2013-08-23T03:08:21Z</updated>
<author>
<name>Duan Jiong</name>
<email>duanj.fnst@cn.fujitsu.com</email>
</author>
<published>2013-08-22T04:07:35Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=c92a59eca86f5d13ae4d481c3bae6b54609fe006'/>
<id>urn:sha1:c92a59eca86f5d13ae4d481c3bae6b54609fe006</id>
<content type='text'>
rfc 4861 says the Redirected Header option is optional, so
the kernel should not drop the Redirect Message that has no
Redirected Header option. In this patch, the function
ip6_redirect_no_header() is introduced to deal with that
condition.

Signed-off-by: Duan Jiong &lt;duanj.fnst@cn.fujitsu.com&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
</content>
</entry>
</feed>
