summaryrefslogtreecommitdiff
path: root/target/linux/patches/2.6.30.4/natt.patch
diff options
context:
space:
mode:
Diffstat (limited to 'target/linux/patches/2.6.30.4/natt.patch')
-rw-r--r--target/linux/patches/2.6.30.4/natt.patch2668
1 files changed, 2668 insertions, 0 deletions
diff --git a/target/linux/patches/2.6.30.4/natt.patch b/target/linux/patches/2.6.30.4/natt.patch
new file mode 100644
index 000000000..83103a369
--- /dev/null
+++ b/target/linux/patches/2.6.30.4/natt.patch
@@ -0,0 +1,2668 @@
+diff -Nur linux-2.6.30.1.orig/include/net/xfrmudp.h linux-2.6.30.1/include/net/xfrmudp.h
+--- linux-2.6.30.1.orig/include/net/xfrmudp.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.30.1/include/net/xfrmudp.h 2009-07-24 22:00:56.771280384 +0200
+@@ -0,0 +1,10 @@
++/*
++ * pointer to function for type that xfrm4_input wants, to permit
++ * decoupling of XFRM from udp.c
++ */
++#define HAVE_XFRM4_UDP_REGISTER
++
++typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
++extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
++ , xfrm4_rcv_encap_t *oldfunc);
++extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
+diff -Nur linux-2.6.30.1.orig/net/ipv4/Kconfig linux-2.6.30.1/net/ipv4/Kconfig
+--- linux-2.6.30.1.orig/net/ipv4/Kconfig 2009-07-03 01:52:38.000000000 +0200
++++ linux-2.6.30.1/net/ipv4/Kconfig 2009-07-24 22:00:56.751278392 +0200
+@@ -379,6 +379,12 @@
+ tristate
+ default n
+
++config IPSEC_NAT_TRAVERSAL
++ bool "IPSEC NAT-Traversal (KLIPS compatible)"
++ depends on INET
++ ---help---
++ Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
++
+ config INET_XFRM_MODE_TRANSPORT
+ tristate "IP: IPsec transport mode"
+ default y
+diff -Nur linux-2.6.30.1.orig/net/ipv4/Kconfig.orig linux-2.6.30.1/net/ipv4/Kconfig.orig
+--- linux-2.6.30.1.orig/net/ipv4/Kconfig.orig 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.30.1/net/ipv4/Kconfig.orig 2009-07-03 01:52:38.000000000 +0200
+@@ -0,0 +1,638 @@
++#
++# IP configuration
++#
++config IP_MULTICAST
++ bool "IP: multicasting"
++ help
++ This is code for addressing several networked computers at once,
++ enlarging your kernel by about 2 KB. You need multicasting if you
++ intend to participate in the MBONE, a high bandwidth network on top
++ of the Internet which carries audio and video broadcasts. More
++ information about the MBONE is on the WWW at
++ <http://www.savetz.com/mbone/>. Information about the multicast
++ capabilities of the various network cards is contained in
++ <file:Documentation/networking/multicast.txt>. For most people, it's
++ safe to say N.
++
++config IP_ADVANCED_ROUTER
++ bool "IP: advanced router"
++ ---help---
++ If you intend to run your Linux box mostly as a router, i.e. as a
++ computer that forwards and redistributes network packets, say Y; you
++ will then be presented with several options that allow more precise
++ control about the routing process.
++
++ The answer to this question won't directly affect the kernel:
++ answering N will just cause the configurator to skip all the
++ questions about advanced routing.
++
++ Note that your box can only act as a router if you enable IP
++ forwarding in your kernel; you can do that by saying Y to "/proc
++ file system support" and "Sysctl support" below and executing the
++ line
++
++ echo "1" > /proc/sys/net/ipv4/ip_forward
++
++ at boot time after the /proc file system has been mounted.
++
++ If you turn on IP forwarding, you should consider the rp_filter, which
++ automatically rejects incoming packets if the routing table entry
++ for their source address doesn't match the network interface they're
++ arriving on. This has security advantages because it prevents the
++ so-called IP spoofing, however it can pose problems if you use
++ asymmetric routing (packets from you to a host take a different path
++ than packets from that host to you) or if you operate a non-routing
++ host which has several IP addresses on different interfaces. To turn
++ rp_filter on use:
++
++ echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
++ and
++ echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
++
++ Note that some distributions enable it in startup scripts.
++ For details about rp_filter strict and loose mode read
++ <file:Documentation/networking/ip-sysctl.txt>.
++
++ If unsure, say N here.
++
++choice
++ prompt "Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure)"
++ depends on IP_ADVANCED_ROUTER
++ default ASK_IP_FIB_HASH
++
++config ASK_IP_FIB_HASH
++ bool "FIB_HASH"
++ ---help---
++ Current FIB is very proven and good enough for most users.
++
++config IP_FIB_TRIE
++ bool "FIB_TRIE"
++ ---help---
++ Use new experimental LC-trie as FIB lookup algorithm.
++ This improves lookup performance if you have a large
++ number of routes.
++
++ LC-trie is a longest matching prefix lookup algorithm which
++ performs better than FIB_HASH for large routing tables.
++ But, it consumes more memory and is more complex.
++
++ LC-trie is described in:
++
++ IP-address lookup using LC-tries. Stefan Nilsson and Gunnar Karlsson
++ IEEE Journal on Selected Areas in Communications, 17(6):1083-1092,
++ June 1999
++
++ An experimental study of compression methods for dynamic tries
++ Stefan Nilsson and Matti Tikkanen. Algorithmica, 33(1):19-33, 2002.
++ http://www.nada.kth.se/~snilsson/public/papers/dyntrie2/
++
++endchoice
++
++config IP_FIB_HASH
++ def_bool ASK_IP_FIB_HASH || !IP_ADVANCED_ROUTER
++
++config IP_FIB_TRIE_STATS
++ bool "FIB TRIE statistics"
++ depends on IP_FIB_TRIE
++ ---help---
++ Keep track of statistics on structure of FIB TRIE table.
++ Useful for testing and measuring TRIE performance.
++
++config IP_MULTIPLE_TABLES
++ bool "IP: policy routing"
++ depends on IP_ADVANCED_ROUTER
++ select FIB_RULES
++ ---help---
++ Normally, a router decides what to do with a received packet based
++ solely on the packet's final destination address. If you say Y here,
++ the Linux router will also be able to take the packet's source
++ address into account. Furthermore, the TOS (Type-Of-Service) field
++ of the packet can be used for routing decisions as well.
++
++ If you are interested in this, please see the preliminary
++ documentation at <http://www.compendium.com.ar/policy-routing.txt>
++ and <ftp://post.tepkom.ru/pub/vol2/Linux/docs/advanced-routing.tex>.
++ You will need supporting software from
++ <ftp://ftp.tux.org/pub/net/ip-routing/>.
++
++ If unsure, say N.
++
++config IP_ROUTE_MULTIPATH
++ bool "IP: equal cost multipath"
++ depends on IP_ADVANCED_ROUTER
++ help
++ Normally, the routing tables specify a single action to be taken in
++ a deterministic manner for a given packet. If you say Y here
++ however, it becomes possible to attach several actions to a packet
++ pattern, in effect specifying several alternative paths to travel
++ for those packets. The router considers all these paths to be of
++ equal "cost" and chooses one of them in a non-deterministic fashion
++ if a matching packet arrives.
++
++config IP_ROUTE_VERBOSE
++ bool "IP: verbose route monitoring"
++ depends on IP_ADVANCED_ROUTER
++ help
++ If you say Y here, which is recommended, then the kernel will print
++ verbose messages regarding the routing, for example warnings about
++ received packets which look strange and could be evidence of an
++ attack or a misconfigured system somewhere. The information is
++ handled by the klogd daemon which is responsible for kernel messages
++ ("man klogd").
++
++config IP_PNP
++ bool "IP: kernel level autoconfiguration"
++ help
++ This enables automatic configuration of IP addresses of devices and
++ of the routing table during kernel boot, based on either information
++ supplied on the kernel command line or by BOOTP or RARP protocols.
++ You need to say Y only for diskless machines requiring network
++ access to boot (in which case you want to say Y to "Root file system
++ on NFS" as well), because all other machines configure the network
++ in their startup scripts.
++
++config IP_PNP_DHCP
++ bool "IP: DHCP support"
++ depends on IP_PNP
++ ---help---
++ If you want your Linux box to mount its whole root file system (the
++ one containing the directory /) from some other computer over the
++ net via NFS and you want the IP address of your computer to be
++ discovered automatically at boot time using the DHCP protocol (a
++ special protocol designed for doing this job), say Y here. In case
++ the boot ROM of your network card was designed for booting Linux and
++ does DHCP itself, providing all necessary information on the kernel
++ command line, you can say N here.
++
++ If unsure, say Y. Note that if you want to use DHCP, a DHCP server
++ must be operating on your network. Read
++ <file:Documentation/filesystems/nfsroot.txt> for details.
++
++config IP_PNP_BOOTP
++ bool "IP: BOOTP support"
++ depends on IP_PNP
++ ---help---
++ If you want your Linux box to mount its whole root file system (the
++ one containing the directory /) from some other computer over the
++ net via NFS and you want the IP address of your computer to be
++ discovered automatically at boot time using the BOOTP protocol (a
++ special protocol designed for doing this job), say Y here. In case
++ the boot ROM of your network card was designed for booting Linux and
++ does BOOTP itself, providing all necessary information on the kernel
++ command line, you can say N here. If unsure, say Y. Note that if you
++ want to use BOOTP, a BOOTP server must be operating on your network.
++ Read <file:Documentation/filesystems/nfsroot.txt> for details.
++
++config IP_PNP_RARP
++ bool "IP: RARP support"
++ depends on IP_PNP
++ help
++ If you want your Linux box to mount its whole root file system (the
++ one containing the directory /) from some other computer over the
++ net via NFS and you want the IP address of your computer to be
++ discovered automatically at boot time using the RARP protocol (an
++ older protocol which is being obsoleted by BOOTP and DHCP), say Y
++ here. Note that if you want to use RARP, a RARP server must be
++ operating on your network. Read
++ <file:Documentation/filesystems/nfsroot.txt> for details.
++
++# not yet ready..
++# bool ' IP: ARP support' CONFIG_IP_PNP_ARP
++config NET_IPIP
++ tristate "IP: tunneling"
++ select INET_TUNNEL
++ ---help---
++ Tunneling means encapsulating data of one protocol type within
++ another protocol and sending it over a channel that understands the
++ encapsulating protocol. This particular tunneling driver implements
++ encapsulation of IP within IP, which sounds kind of pointless, but
++ can be useful if you want to make your (or some other) machine
++ appear on a different network than it physically is, or to use
++ mobile-IP facilities (allowing laptops to seamlessly move between
++ networks without changing their IP addresses).
++
++ Saying Y to this option will produce two modules ( = code which can
++ be inserted in and removed from the running kernel whenever you
++ want). Most people won't need this and can say N.
++
++config NET_IPGRE
++ tristate "IP: GRE tunnels over IP"
++ help
++ Tunneling means encapsulating data of one protocol type within
++ another protocol and sending it over a channel that understands the
++ encapsulating protocol. This particular tunneling driver implements
++ GRE (Generic Routing Encapsulation) and at this time allows
++ encapsulating of IPv4 or IPv6 over existing IPv4 infrastructure.
++ This driver is useful if the other endpoint is a Cisco router: Cisco
++ likes GRE much better than the other Linux tunneling driver ("IP
++ tunneling" above). In addition, GRE allows multicast redistribution
++ through the tunnel.
++
++config NET_IPGRE_BROADCAST
++ bool "IP: broadcast GRE over IP"
++ depends on IP_MULTICAST && NET_IPGRE
++ help
++ One application of GRE/IP is to construct a broadcast WAN (Wide Area
++ Network), which looks like a normal Ethernet LAN (Local Area
++ Network), but can be distributed all over the Internet. If you want
++ to do that, say Y here and to "IP multicast routing" below.
++
++config IP_MROUTE
++ bool "IP: multicast routing"
++ depends on IP_MULTICAST
++ help
++ This is used if you want your machine to act as a router for IP
++ packets that have several destination addresses. It is needed on the
++ MBONE, a high bandwidth network on top of the Internet which carries
++ audio and video broadcasts. In order to do that, you would most
++ likely run the program mrouted. Information about the multicast
++ capabilities of the various network cards is contained in
++ <file:Documentation/networking/multicast.txt>. If you haven't heard
++ about it, you don't need it.
++
++config IP_PIMSM_V1
++ bool "IP: PIM-SM version 1 support"
++ depends on IP_MROUTE
++ help
++ Kernel side support for Sparse Mode PIM (Protocol Independent
++ Multicast) version 1. This multicast routing protocol is used widely
++ because Cisco supports it. You need special software to use it
++ (pimd-v1). Please see <http://netweb.usc.edu/pim/> for more
++ information about PIM.
++
++ Say Y if you want to use PIM-SM v1. Note that you can say N here if
++ you just want to use Dense Mode PIM.
++
++config IP_PIMSM_V2
++ bool "IP: PIM-SM version 2 support"
++ depends on IP_MROUTE
++ help
++ Kernel side support for Sparse Mode PIM version 2. In order to use
++ this, you need an experimental routing daemon supporting it (pimd or
++ gated-5). This routing protocol is not used widely, so say N unless
++ you want to play with it.
++
++config ARPD
++ bool "IP: ARP daemon support (EXPERIMENTAL)"
++ depends on EXPERIMENTAL
++ ---help---
++ Normally, the kernel maintains an internal cache which maps IP
++ addresses to hardware addresses on the local network, so that
++ Ethernet/Token Ring/ etc. frames are sent to the proper address on
++ the physical networking layer. For small networks having a few
++ hundred directly connected hosts or less, keeping this address
++ resolution (ARP) cache inside the kernel works well. However,
++ maintaining an internal ARP cache does not work well for very large
++ switched networks, and will use a lot of kernel memory if TCP/IP
++ connections are made to many machines on the network.
++
++ If you say Y here, the kernel's internal ARP cache will never grow
++ to more than 256 entries (the oldest entries are expired in a LIFO
++ manner) and communication will be attempted with the user space ARP
++ daemon arpd. Arpd then answers the address resolution request either
++ from its own cache or by asking the net.
++
++ This code is experimental and also obsolete. If you want to use it,
++ you need to find a version of the daemon arpd on the net somewhere,
++ and you should also say Y to "Kernel/User network link driver",
++ below. If unsure, say N.
++
++config SYN_COOKIES
++ bool "IP: TCP syncookie support (disabled per default)"
++ ---help---
++ Normal TCP/IP networking is open to an attack known as "SYN
++ flooding". This denial-of-service attack prevents legitimate remote
++ users from being able to connect to your computer during an ongoing
++ attack and requires very little work from the attacker, who can
++ operate from anywhere on the Internet.
++
++ SYN cookies provide protection against this type of attack. If you
++ say Y here, the TCP/IP stack will use a cryptographic challenge
++ protocol known as "SYN cookies" to enable legitimate users to
++ continue to connect, even when your machine is under attack. There
++ is no need for the legitimate users to change their TCP/IP software;
++ SYN cookies work transparently to them. For technical information
++ about SYN cookies, check out <http://cr.yp.to/syncookies.html>.
++
++ If you are SYN flooded, the source address reported by the kernel is
++ likely to have been forged by the attacker; it is only reported as
++ an aid in tracing the packets to their actual source and should not
++ be taken as absolute truth.
++
++ SYN cookies may prevent correct error reporting on clients when the
++ server is really overloaded. If this happens frequently better turn
++ them off.
++
++ If you say Y here, note that SYN cookies aren't enabled by default;
++ you can enable them by saying Y to "/proc file system support" and
++ "Sysctl support" below and executing the command
++
++ echo 1 >/proc/sys/net/ipv4/tcp_syncookies
++
++ at boot time after the /proc file system has been mounted.
++
++ If unsure, say N.
++
++config INET_AH
++ tristate "IP: AH transformation"
++ select XFRM
++ select CRYPTO
++ select CRYPTO_HMAC
++ select CRYPTO_MD5
++ select CRYPTO_SHA1
++ ---help---
++ Support for IPsec AH.
++
++ If unsure, say Y.
++
++config INET_ESP
++ tristate "IP: ESP transformation"
++ select XFRM
++ select CRYPTO
++ select CRYPTO_AUTHENC
++ select CRYPTO_HMAC
++ select CRYPTO_MD5
++ select CRYPTO_CBC
++ select CRYPTO_SHA1
++ select CRYPTO_DES
++ ---help---
++ Support for IPsec ESP.
++
++ If unsure, say Y.
++
++config INET_IPCOMP
++ tristate "IP: IPComp transformation"
++ select INET_XFRM_TUNNEL
++ select XFRM_IPCOMP
++ ---help---
++ Support for IP Payload Compression Protocol (IPComp) (RFC3173),
++ typically needed for IPsec.
++
++ If unsure, say Y.
++
++config INET_XFRM_TUNNEL
++ tristate
++ select INET_TUNNEL
++ default n
++
++config INET_TUNNEL
++ tristate
++ default n
++
++config INET_XFRM_MODE_TRANSPORT
++ tristate "IP: IPsec transport mode"
++ default y
++ select XFRM
++ ---help---
++ Support for IPsec transport mode.
++
++ If unsure, say Y.
++
++config INET_XFRM_MODE_TUNNEL
++ tristate "IP: IPsec tunnel mode"
++ default y
++ select XFRM
++ ---help---
++ Support for IPsec tunnel mode.
++
++ If unsure, say Y.
++
++config INET_XFRM_MODE_BEET
++ tristate "IP: IPsec BEET mode"
++ default y
++ select XFRM
++ ---help---
++ Support for IPsec BEET mode.
++
++ If unsure, say Y.
++
++config INET_LRO
++ bool "Large Receive Offload (ipv4/tcp)"
++ default y
++ ---help---
++ Support for Large Receive Offload (ipv4/tcp).
++
++ If unsure, say Y.
++
++config INET_DIAG
++ tristate "INET: socket monitoring interface"
++ default y
++ ---help---
++ Support for INET (TCP, DCCP, etc) socket monitoring interface used by
++ native Linux tools such as ss. ss is included in iproute2, currently
++ downloadable at <http://linux-net.osdl.org/index.php/Iproute2>.
++
++ If unsure, say Y.
++
++config INET_TCP_DIAG
++ depends on INET_DIAG
++ def_tristate INET_DIAG
++
++menuconfig TCP_CONG_ADVANCED
++ bool "TCP: advanced congestion control"
++ ---help---
++ Support for selection of various TCP congestion control
++ modules.
++
++ Nearly all users can safely say no here, and a safe default
++ selection will be made (CUBIC with new Reno as a fallback).
++
++ If unsure, say N.
++
++if TCP_CONG_ADVANCED
++
++config TCP_CONG_BIC
++ tristate "Binary Increase Congestion (BIC) control"
++ default m
++ ---help---
++ BIC-TCP is a sender-side only change that ensures a linear RTT
++ fairness under large windows while offering both scalability and
++ bounded TCP-friendliness. The protocol combines two schemes
++ called additive increase and binary search increase. When the
++ congestion window is large, additive increase with a large
++ increment ensures linear RTT fairness as well as good
++ scalability. Under small congestion windows, binary search
++ increase provides TCP friendliness.
++ See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/
++
++config TCP_CONG_CUBIC
++ tristate "CUBIC TCP"
++ default y
++ ---help---
++ This is version 2.0 of BIC-TCP which uses a cubic growth function
++ among other techniques.
++ See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/cubic-paper.pdf
++
++config TCP_CONG_WESTWOOD
++ tristate "TCP Westwood+"
++ default m
++ ---help---
++ TCP Westwood+ is a sender-side only modification of the TCP Reno
++ protocol stack that optimizes the performance of TCP congestion
++ control. It is based on end-to-end bandwidth estimation to set
++ congestion window and slow start threshold after a congestion
++ episode. Using this estimation, TCP Westwood+ adaptively sets a
++ slow start threshold and a congestion window which takes into
++ account the bandwidth used at the time congestion is experienced.
++ TCP Westwood+ significantly increases fairness wrt TCP Reno in
++ wired networks and throughput over wireless links.
++
++config TCP_CONG_HTCP
++ tristate "H-TCP"
++ default m
++ ---help---
++ H-TCP is a send-side only modifications of the TCP Reno
++ protocol stack that optimizes the performance of TCP
++ congestion control for high speed network links. It uses a
++ modeswitch to change the alpha and beta parameters of TCP Reno
++ based on network conditions and in a way so as to be fair with
++ other Reno and H-TCP flows.
++
++config TCP_CONG_HSTCP
++ tristate "High Speed TCP"
++ depends on EXPERIMENTAL
++ default n
++ ---help---
++ Sally Floyd's High Speed TCP (RFC 3649) congestion control.
++ A modification to TCP's congestion control mechanism for use
++ with large congestion windows. A table indicates how much to
++ increase the congestion window by when an ACK is received.
++ For more detail see http://www.icir.org/floyd/hstcp.html
++
++config TCP_CONG_HYBLA
++ tristate "TCP-Hybla congestion control algorithm"
++ depends on EXPERIMENTAL
++ default n
++ ---help---
++ TCP-Hybla is a sender-side only change that eliminates penalization of
++ long-RTT, large-bandwidth connections, like when satellite legs are
++ involved, especially when sharing a common bottleneck with normal
++ terrestrial connections.
++
++config TCP_CONG_VEGAS
++ tristate "TCP Vegas"
++ depends on EXPERIMENTAL
++ default n
++ ---help---
++ TCP Vegas is a sender-side only change to TCP that anticipates
++ the onset of congestion by estimating the bandwidth. TCP Vegas
++ adjusts the sending rate by modifying the congestion
++ window. TCP Vegas should provide less packet loss, but it is
++ not as aggressive as TCP Reno.
++
++config TCP_CONG_SCALABLE
++ tristate "Scalable TCP"
++ depends on EXPERIMENTAL
++ default n
++ ---help---
++ Scalable TCP is a sender-side only change to TCP which uses a
++ MIMD congestion control algorithm which has some nice scaling
++ properties, though is known to have fairness issues.
++ See http://www.deneholme.net/tom/scalable/
++
++config TCP_CONG_LP
++ tristate "TCP Low Priority"
++ depends on EXPERIMENTAL
++ default n
++ ---help---
++ TCP Low Priority (TCP-LP), a distributed algorithm whose goal is
++ to utilize only the excess network bandwidth as compared to the
++ ``fair share`` of bandwidth as targeted by TCP.
++ See http://www-ece.rice.edu/networks/TCP-LP/
++
++config TCP_CONG_VENO
++ tristate "TCP Veno"
++ depends on EXPERIMENTAL
++ default n
++ ---help---
++ TCP Veno is a sender-side only enhancement of TCP to obtain better
++ throughput over wireless networks. TCP Veno makes use of state
++ distinguishing to circumvent the difficult judgment of the packet loss
++ type. TCP Veno cuts down less congestion window in response to random
++ loss packets.
++ See http://www.ntu.edu.sg/home5/ZHOU0022/papers/CPFu03a.pdf
++
++config TCP_CONG_YEAH
++ tristate "YeAH TCP"
++ depends on EXPERIMENTAL
++ select TCP_CONG_VEGAS
++ default n
++ ---help---
++ YeAH-TCP is a sender-side high-speed enabled TCP congestion control
++ algorithm, which uses a mixed loss/delay approach to compute the
++ congestion window. It's design goals target high efficiency,
++ internal, RTT and Reno fairness, resilience to link loss while
++ keeping network elements load as low as possible.
++
++ For further details look here:
++ http://wil.cs.caltech.edu/pfldnet2007/paper/YeAH_TCP.pdf
++
++config TCP_CONG_ILLINOIS
++ tristate "TCP Illinois"
++ depends on EXPERIMENTAL
++ default n
++ ---help---
++ TCP-Illinois is a sender-side modification of TCP Reno for
++ high speed long delay links. It uses round-trip-time to
++ adjust the alpha and beta parameters to achieve a higher average
++ throughput and maintain fairness.
++
++ For further details see:
++ http://www.ews.uiuc.edu/~shaoliu/tcpillinois/index.html
++
++choice
++ prompt "Default TCP congestion control"
++ default DEFAULT_CUBIC
++ help
++ Select the TCP congestion control that will be used by default
++ for all connections.
++
++ config DEFAULT_BIC
++ bool "Bic" if TCP_CONG_BIC=y
++
++ config DEFAULT_CUBIC
++ bool "Cubic" if TCP_CONG_CUBIC=y
++
++ config DEFAULT_HTCP
++ bool "Htcp" if TCP_CONG_HTCP=y
++
++ config DEFAULT_VEGAS
++ bool "Vegas" if TCP_CONG_VEGAS=y
++
++ config DEFAULT_WESTWOOD
++ bool "Westwood" if TCP_CONG_WESTWOOD=y
++
++ config DEFAULT_RENO
++ bool "Reno"
++
++endchoice
++
++endif
++
++config TCP_CONG_CUBIC
++ tristate
++ depends on !TCP_CONG_ADVANCED
++ default y
++
++config DEFAULT_TCP_CONG
++ string
++ default "bic" if DEFAULT_BIC
++ default "cubic" if DEFAULT_CUBIC
++ default "htcp" if DEFAULT_HTCP
++ default "vegas" if DEFAULT_VEGAS
++ default "westwood" if DEFAULT_WESTWOOD
++ default "reno" if DEFAULT_RENO
++ default "cubic"
++
++config TCP_MD5SIG
++ bool "TCP: MD5 Signature Option support (RFC2385) (EXPERIMENTAL)"
++ depends on EXPERIMENTAL
++ select CRYPTO
++ select CRYPTO_MD5
++ ---help---
++ RFC2385 specifies a method of giving MD5 protection to TCP sessions.
++ Its main (only?) use is to protect BGP sessions between core routers
++ on the Internet.
++
++ If unsure, say N.
++
+diff -Nur linux-2.6.30.1.orig/net/ipv4/udp.c linux-2.6.30.1/net/ipv4/udp.c
+--- linux-2.6.30.1.orig/net/ipv4/udp.c 2009-07-03 01:52:38.000000000 +0200
++++ linux-2.6.30.1/net/ipv4/udp.c 2009-07-24 22:00:56.755270521 +0200
+@@ -104,6 +104,7 @@
+ #include <net/route.h>
+ #include <net/checksum.h>
+ #include <net/xfrm.h>
++#include <net/xfrmudp.h>
+ #include "udp_impl.h"
+
+ struct udp_table udp_table;
+@@ -1035,6 +1036,128 @@
+ return -1;
+ }
+
++#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
++
++static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
++
++/*
++ * de-encapsulate and pass to the registered xfrm4_rcv_encap_func function.
++ * Most of this code stolen from net/ipv4/xfrm4_input.c
++ * which is attributed to YOSHIFUJI Hideaki @USAGI, and
++ * Derek Atkins <derek@ihtfp.com>
++ */
++
++static int xfrm4_udp_encap_rcv_wrapper(struct sock *sk, struct sk_buff *skb)
++{
++ struct udp_sock *up = udp_sk(sk);
++ struct udphdr *uh;
++ struct iphdr *iph;
++ int iphlen, len;
++ int ret;
++
++ __u8 *udpdata;
++ __be32 *udpdata32;
++ __u16 encap_type = up->encap_type;
++
++ /* if this is not encapsulated socket, then just return now */
++ if (!encap_type && !xfrm4_rcv_encap_func)
++ return 1;
++
++ /* If this is a paged skb, make sure we pull up
++ * whatever data we need to look at. */
++ len = skb->len - sizeof(struct udphdr);
++ if (!pskb_may_pull(skb, sizeof(struct udphdr) + min(len, 8)))
++ return 1;
++
++ /* Now we can get the pointers */
++ uh = udp_hdr(skb);
++ udpdata = (__u8 *)uh + sizeof(struct udphdr);
++ udpdata32 = (__be32 *)udpdata;
++
++ switch (encap_type) {
++ default:
++ case UDP_ENCAP_ESPINUDP:
++ /* Check if this is a keepalive packet. If so, eat it. */
++ if (len == 1 && udpdata[0] == 0xff) {
++ goto drop;
++ } else if (len > sizeof(struct ip_esp_hdr) && udpdata32[0] != 0) {
++ /* ESP Packet without Non-ESP header */
++ len = sizeof(struct udphdr);
++ } else
++ /* Must be an IKE packet.. pass it through */
++ return 1;
++ break;
++ case UDP_ENCAP_ESPINUDP_NON_IKE:
++ /* Check if this is a keepalive packet. If so, eat it. */
++ if (len == 1 && udpdata[0] == 0xff) {
++ goto drop;
++ } else if (len > 2 * sizeof(u32) + sizeof(struct ip_esp_hdr) &&
++ udpdata32[0] == 0 && udpdata32[1] == 0) {
++
++ /* ESP Packet with Non-IKE marker */
++ len = sizeof(struct udphdr) + 2 * sizeof(u32);
++ } else
++ /* Must be an IKE packet.. pass it through */
++ return 1;
++ break;
++ }
++
++ /* At this point we are sure that this is an ESPinUDP packet,
++ * so we need to remove 'len' bytes from the packet (the UDP
++ * header and optional ESP marker bytes) and then modify the
++ * protocol to ESP, and then call into the transform receiver.
++ */
++ if (skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
++ goto drop;
++
++ /* Now we can update and verify the packet length... */
++ iph = ip_hdr(skb);
++ iphlen = iph->ihl << 2;
++ iph->tot_len = htons(ntohs(iph->tot_len) - len);
++ if (skb->len < iphlen + len) {
++ /* packet is too small!?! */
++ goto drop;
++ }
++
++ /* pull the data buffer up to the ESP header and set the
++ * transport header to point to ESP. Keep UDP on the stack
++ * for later.
++ */
++ __skb_pull(skb, len);
++ skb_reset_transport_header(skb);
++
++ /* modify the protocol (it's ESP!) */
++ iph->protocol = IPPROTO_ESP;
++
++ /* process ESP */
++ ret = (*xfrm4_rcv_encap_func)(skb, encap_type);
++ return ret;
++
++drop:
++ kfree_skb(skb);
++ return 0;
++}
++
++int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func,
++ xfrm4_rcv_encap_t *oldfunc)
++{
++ if (oldfunc != NULL)
++ *oldfunc = xfrm4_rcv_encap_func;
++ xfrm4_rcv_encap_func = func;
++ return 0;
++}
++
++int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
++{
++ if (xfrm4_rcv_encap_func != func)
++ return -1;
++
++ xfrm4_rcv_encap_func = NULL;
++ return 0;
++}
++
++#endif /* CONFIG_XFRM_MODULE || CONFIG_IPSEC_NAT_TRAVERSAL */
++
+ /* returns:
+ * -1: error
+ * 0: success
+@@ -1377,6 +1500,11 @@
+ case 0:
+ case UDP_ENCAP_ESPINUDP:
+ case UDP_ENCAP_ESPINUDP_NON_IKE:
++#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
++ if (xfrm4_rcv_encap_func)
++ up->encap_rcv = xfrm4_udp_encap_rcv_wrapper;
++ else
++#endif
+ up->encap_rcv = xfrm4_udp_encap_rcv;
+ /* FALLTHROUGH */
+ case UDP_ENCAP_L2TPINUDP:
+@@ -1828,3 +1956,9 @@
+ EXPORT_SYMBOL(udp_proc_register);
+ EXPORT_SYMBOL(udp_proc_unregister);
+ #endif
++
++#if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
++EXPORT_SYMBOL(udp4_register_esp_rcvencap);
++EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
++#endif
++
+diff -Nur linux-2.6.30.1.orig/net/ipv4/udp.c.orig linux-2.6.30.1/net/ipv4/udp.c.orig
+--- linux-2.6.30.1.orig/net/ipv4/udp.c.orig 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.30.1/net/ipv4/udp.c.orig 2009-07-03 01:52:38.000000000 +0200
+@@ -0,0 +1,1830 @@
++/*
++ * INET An implementation of the TCP/IP protocol suite for the LINUX
++ * operating system. INET is implemented using the BSD Socket
++ * interface as the means of communication with the user level.
++ *
++ * The User Datagram Protocol (UDP).
++ *
++ * Authors: Ross Biro
++ * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
++ * Arnt Gulbrandsen, <agulbra@nvg.unit.no>
++ * Alan Cox, <alan@lxorguk.ukuu.org.uk>
++ * Hirokazu Takahashi, <taka@valinux.co.jp>
++ *
++ * Fixes:
++ * Alan Cox : verify_area() calls
++ * Alan Cox : stopped close while in use off icmp
++ * messages. Not a fix but a botch that
++ * for udp at least is 'valid'.
++ * Alan Cox : Fixed icmp handling properly
++ * Alan Cox : Correct error for oversized datagrams
++ * Alan Cox : Tidied select() semantics.
++ * Alan Cox : udp_err() fixed properly, also now
++ * select and read wake correctly on errors
++ * Alan Cox : udp_send verify_area moved to avoid mem leak
++ * Alan Cox : UDP can count its memory
++ * Alan Cox : send to an unknown connection causes
++ * an ECONNREFUSED off the icmp, but
++ * does NOT close.
++ * Alan Cox : Switched to new sk_buff handlers. No more backlog!
++ * Alan Cox : Using generic datagram code. Even smaller and the PEEK
++ * bug no longer crashes it.
++ * Fred Van Kempen : Net2e support for sk->broadcast.
++ * Alan Cox : Uses skb_free_datagram
++ * Alan Cox : Added get/set sockopt support.
++ * Alan Cox : Broadcasting without option set returns EACCES.
++ * Alan Cox : No wakeup calls. Instead we now use the callbacks.
++ * Alan Cox : Use ip_tos and ip_ttl
++ * Alan Cox : SNMP Mibs
++ * Alan Cox : MSG_DONTROUTE, and 0.0.0.0 support.
++ * Matt Dillon : UDP length checks.
++ * Alan Cox : Smarter af_inet used properly.
++ * Alan Cox : Use new kernel side addressing.
++ * Alan Cox : Incorrect return on truncated datagram receive.
++ * Arnt Gulbrandsen : New udp_send and stuff
++ * Alan Cox : Cache last socket
++ * Alan Cox : Route cache
++ * Jon Peatfield : Minor efficiency fix to sendto().
++ * Mike Shaver : RFC1122 checks.
++ * Alan Cox : Nonblocking error fix.
++ * Willy Konynenberg : Transparent proxying support.
++ * Mike McLagan : Routing by source
++ * David S. Miller : New socket lookup architecture.
++ * Last socket cache retained as it
++ * does have a high hit rate.
++ * Olaf Kirch : Don't linearise iovec on sendmsg.
++ * Andi Kleen : Some cleanups, cache destination entry
++ * for connect.
++ * Vitaly E. Lavrov : Transparent proxy revived after year coma.
++ * Melvin Smith : Check msg_name not msg_namelen in sendto(),
++ * return ENOTCONN for unconnected sockets (POSIX)
++ * Janos Farkas : don't deliver multi/broadcasts to a different
++ * bound-to-device socket
++ * Hirokazu Takahashi : HW checksumming for outgoing UDP
++ * datagrams.
++ * Hirokazu Takahashi : sendfile() on UDP works now.
++ * Arnaldo C. Melo : convert /proc/net/udp to seq_file
++ * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
++ * Alexey Kuznetsov: allow both IPv4 and IPv6 sockets to bind
++ * a single port at the same time.
++ * Derek Atkins <derek@ihtfp.com>: Add Encapulation Support
++ * James Chapman : Add L2TP encapsulation type.
++ *
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version
++ * 2 of the License, or (at your option) any later version.
++ */
++
++#include <asm/system.h>
++#include <asm/uaccess.h>
++#include <asm/ioctls.h>
++#include <linux/bootmem.h>
++#include <linux/highmem.h>
++#include <linux/swap.h>
++#include <linux/types.h>
++#include <linux/fcntl.h>
++#include <linux/module.h>
++#include <linux/socket.h>
++#include <linux/sockios.h>
++#include <linux/igmp.h>
++#include <linux/in.h>
++#include <linux/errno.h>
++#include <linux/timer.h>
++#include <linux/mm.h>
++#include <linux/inet.h>
++#include <linux/netdevice.h>
++#include <net/tcp_states.h>
++#include <linux/skbuff.h>
++#include <linux/proc_fs.h>
++#include <linux/seq_file.h>
++#include <net/net_namespace.h>
++#include <net/icmp.h>
++#include <net/route.h>
++#include <net/checksum.h>
++#include <net/xfrm.h>
++#include "udp_impl.h"
++
++struct udp_table udp_table;
++EXPORT_SYMBOL(udp_table);
++
++int sysctl_udp_mem[3] __read_mostly;
++int sysctl_udp_rmem_min __read_mostly;
++int sysctl_udp_wmem_min __read_mostly;
++
++EXPORT_SYMBOL(sysctl_udp_mem);
++EXPORT_SYMBOL(sysctl_udp_rmem_min);
++EXPORT_SYMBOL(sysctl_udp_wmem_min);
++
++atomic_t udp_memory_allocated;
++EXPORT_SYMBOL(udp_memory_allocated);
++
++#define PORTS_PER_CHAIN (65536 / UDP_HTABLE_SIZE)
++
++static int udp_lib_lport_inuse(struct net *net, __u16 num,
++ const struct udp_hslot *hslot,
++ unsigned long *bitmap,
++ struct sock *sk,
++ int (*saddr_comp)(const struct sock *sk1,
++ const struct sock *sk2))
++{
++ struct sock *sk2;
++ struct hlist_nulls_node *node;
++
++ sk_nulls_for_each(sk2, node, &hslot->head)
++ if (net_eq(sock_net(sk2), net) &&
++ sk2 != sk &&
++ (bitmap || sk2->sk_hash == num) &&
++ (!sk2->sk_reuse || !sk->sk_reuse) &&
++ (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if
++ || sk2->sk_bound_dev_if == sk->sk_bound_dev_if) &&
++ (*saddr_comp)(sk, sk2)) {
++ if (bitmap)
++ __set_bit(sk2->sk_hash / UDP_HTABLE_SIZE,
++ bitmap);
++ else
++ return 1;
++ }
++ return 0;
++}
++
++/**
++ * udp_lib_get_port - UDP/-Lite port lookup for IPv4 and IPv6
++ *
++ * @sk: socket struct in question
++ * @snum: port number to look up
++ * @saddr_comp: AF-dependent comparison of bound local IP addresses
++ */
++int udp_lib_get_port(struct sock *sk, unsigned short snum,
++ int (*saddr_comp)(const struct sock *sk1,
++ const struct sock *sk2 ) )
++{
++ struct udp_hslot *hslot;
++ struct udp_table *udptable = sk->sk_prot->h.udp_table;
++ int error = 1;
++ struct net *net = sock_net(sk);
++
++ if (!snum) {
++ int low, high, remaining;
++ unsigned rand;
++ unsigned short first, last;
++ DECLARE_BITMAP(bitmap, PORTS_PER_CHAIN);
++
++ inet_get_local_port_range(&low, &high);
++ remaining = (high - low) + 1;
++
++ rand = net_random();
++ first = (((u64)rand * remaining) >> 32) + low;
++ /*
++ * force rand to be an odd multiple of UDP_HTABLE_SIZE
++ */
++ rand = (rand | 1) * UDP_HTABLE_SIZE;
++ for (last = first + UDP_HTABLE_SIZE; first != last; first++) {
++ hslot = &udptable->hash[udp_hashfn(net, first)];
++ bitmap_zero(bitmap, PORTS_PER_CHAIN);
++ spin_lock_bh(&hslot->lock);
++ udp_lib_lport_inuse(net, snum, hslot, bitmap, sk,
++ saddr_comp);
++
++ snum = first;
++ /*
++ * Iterate on all possible values of snum for this hash.
++ * Using steps of an odd multiple of UDP_HTABLE_SIZE
++ * give us randomization and full range coverage.
++ */
++ do {
++ if (low <= snum && snum <= high &&
++ !test_bit(snum / UDP_HTABLE_SIZE, bitmap))
++ goto found;
++ snum += rand;
++ } while (snum != first);
++ spin_unlock_bh(&hslot->lock);
++ }
++ goto fail;
++ } else {
++ hslot = &udptable->hash[udp_hashfn(net, snum)];
++ spin_lock_bh(&hslot->lock);
++ if (udp_lib_lport_inuse(net, snum, hslot, NULL, sk, saddr_comp))
++ goto fail_unlock;
++ }
++found:
++ inet_sk(sk)->num = snum;
++ sk->sk_hash = snum;
++ if (sk_unhashed(sk)) {
++ sk_nulls_add_node_rcu(sk, &hslot->head);
++ sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
++ }
++ error = 0;
++fail_unlock:
++ spin_unlock_bh(&hslot->lock);
++fail:
++ return error;
++}
++
++static int ipv4_rcv_saddr_equal(const struct sock *sk1, const struct sock *sk2)
++{
++ struct inet_sock *inet1 = inet_sk(sk1), *inet2 = inet_sk(sk2);
++
++ return ( !ipv6_only_sock(sk2) &&
++ (!inet1->rcv_saddr || !inet2->rcv_saddr ||
++ inet1->rcv_saddr == inet2->rcv_saddr ));
++}
++
++int udp_v4_get_port(struct sock *sk, unsigned short snum)
++{
++ return udp_lib_get_port(sk, snum, ipv4_rcv_saddr_equal);
++}
++
++static inline int compute_score(struct sock *sk, struct net *net, __be32 saddr,
++ unsigned short hnum,
++ __be16 sport, __be32 daddr, __be16 dport, int dif)
++{
++ int score = -1;
++
++ if (net_eq(sock_net(sk), net) && sk->sk_hash == hnum &&
++ !ipv6_only_sock(sk)) {
++ struct inet_sock *inet = inet_sk(sk);
++
++ score = (sk->sk_family == PF_INET ? 1 : 0);
++ if (inet->rcv_saddr) {
++ if (inet->rcv_saddr != daddr)
++ return -1;
++ score += 2;
++ }
++ if (inet->daddr) {
++ if (inet->daddr != saddr)
++ return -1;
++ score += 2;
++ }
++ if (inet->dport) {
++ if (inet->dport != sport)
++ return -1;
++ score += 2;
++ }
++ if (sk->sk_bound_dev_if) {
++ if (sk->sk_bound_dev_if != dif)
++ return -1;
++ score += 2;
++ }
++ }
++ return score;
++}
++
++/* UDP is nearly always wildcards out the wazoo, it makes no sense to try
++ * harder than this. -DaveM
++ */
++static struct sock *__udp4_lib_lookup(struct net *net, __be32 saddr,
++ __be16 sport, __be32 daddr, __be16 dport,
++ int dif, struct udp_table *udptable)
++{
++ struct sock *sk, *result;
++ struct hlist_nulls_node *node;
++ unsigned short hnum = ntohs(dport);
++ unsigned int hash = udp_hashfn(net, hnum);
++ struct udp_hslot *hslot = &udptable->hash[hash];
++ int score, badness;
++
++ rcu_read_lock();
++begin:
++ result = NULL;
++ badness = -1;
++ sk_nulls_for_each_rcu(sk, node, &hslot->head) {
++ score = compute_score(sk, net, saddr, hnum, sport,
++ daddr, dport, dif);
++ if (score > badness) {
++ result = sk;
++ badness = score;
++ }
++ }
++ /*
++ * if the nulls value we got at the end of this lookup is
++ * not the expected one, we must restart lookup.
++ * We probably met an item that was moved to another chain.
++ */
++ if (get_nulls_value(node) != hash)
++ goto begin;
++
++ if (result) {
++ if (unlikely(!atomic_inc_not_zero(&result->sk_refcnt)))
++ result = NULL;
++ else if (unlikely(compute_score(result, net, saddr, hnum, sport,
++ daddr, dport, dif) < badness)) {
++ sock_put(result);
++ goto begin;
++ }
++ }
++ rcu_read_unlock();
++ return result;
++}
++
++static inline struct sock *__udp4_lib_lookup_skb(struct sk_buff *skb,
++ __be16 sport, __be16 dport,
++ struct udp_table *udptable)
++{
++ struct sock *sk;
++ const struct iphdr *iph = ip_hdr(skb);
++
++ if (unlikely(sk = skb_steal_sock(skb)))
++ return sk;
++ else
++ return __udp4_lib_lookup(dev_net(skb->dst->dev), iph->saddr, sport,
++ iph->daddr, dport, inet_iif(skb),
++ udptable);
++}
++
++struct sock *udp4_lib_lookup(struct net *net, __be32 saddr, __be16 sport,
++ __be32 daddr, __be16 dport, int dif)
++{
++ return __udp4_lib_lookup(net, saddr, sport, daddr, dport, dif, &udp_table);
++}
++EXPORT_SYMBOL_GPL(udp4_lib_lookup);
++
++static inline struct sock *udp_v4_mcast_next(struct net *net, struct sock *sk,
++ __be16 loc_port, __be32 loc_addr,
++ __be16 rmt_port, __be32 rmt_addr,
++ int dif)
++{
++ struct hlist_nulls_node *node;
++ struct sock *s = sk;
++ unsigned short hnum = ntohs(loc_port);
++
++ sk_nulls_for_each_from(s, node) {
++ struct inet_sock *inet = inet_sk(s);
++
++ if (!net_eq(sock_net(s), net) ||
++ s->sk_hash != hnum ||
++ (inet->daddr && inet->daddr != rmt_addr) ||
++ (inet->dport != rmt_port && inet->dport) ||
++ (inet->rcv_saddr && inet->rcv_saddr != loc_addr) ||
++ ipv6_only_sock(s) ||
++ (s->sk_bound_dev_if && s->sk_bound_dev_if != dif))
++ continue;
++ if (!ip_mc_sf_allow(s, loc_addr, rmt_addr, dif))
++ continue;
++ goto found;
++ }
++ s = NULL;
++found:
++ return s;
++}
++
++/*
++ * This routine is called by the ICMP module when it gets some
++ * sort of error condition. If err < 0 then the socket should
++ * be closed and the error returned to the user. If err > 0
++ * it's just the icmp type << 8 | icmp code.
++ * Header points to the ip header of the error packet. We move
++ * on past this. Then (as it used to claim before adjustment)
++ * header points to the first 8 bytes of the udp header. We need
++ * to find the appropriate port.
++ */
++
++void __udp4_lib_err(struct sk_buff *skb, u32 info, struct udp_table *udptable)
++{
++ struct inet_sock *inet;
++ struct iphdr *iph = (struct iphdr*)skb->data;
++ struct udphdr *uh = (struct udphdr*)(skb->data+(iph->ihl<<2));
++ const int type = icmp_hdr(skb)->type;
++ const int code = icmp_hdr(skb)->code;
++ struct sock *sk;
++ int harderr;
++ int err;
++ struct net *net = dev_net(skb->dev);
++
++ sk = __udp4_lib_lookup(net, iph->daddr, uh->dest,
++ iph->saddr, uh->source, skb->dev->ifindex, udptable);
++ if (sk == NULL) {
++ ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
++ return; /* No socket for error */
++ }
++
++ err = 0;
++ harderr = 0;
++ inet = inet_sk(sk);
++
++ switch (type) {
++ default:
++ case ICMP_TIME_EXCEEDED:
++ err = EHOSTUNREACH;
++ break;
++ case ICMP_SOURCE_QUENCH:
++ goto out;
++ case ICMP_PARAMETERPROB:
++ err = EPROTO;
++ harderr = 1;
++ break;
++ case ICMP_DEST_UNREACH:
++ if (code == ICMP_FRAG_NEEDED) { /* Path MTU discovery */
++ if (inet->pmtudisc != IP_PMTUDISC_DONT) {
++ err = EMSGSIZE;
++ harderr = 1;
++ break;
++ }
++ goto out;
++ }
++ err = EHOSTUNREACH;
++ if (code <= NR_ICMP_UNREACH) {
++ harderr = icmp_err_convert[code].fatal;
++ err = icmp_err_convert[code].errno;
++ }
++ break;
++ }
++
++ /*
++ * RFC1122: OK. Passes ICMP errors back to application, as per
++ * 4.1.3.3.
++ */
++ if (!inet->recverr) {
++ if (!harderr || sk->sk_state != TCP_ESTABLISHED)
++ goto out;
++ } else {
++ ip_icmp_error(sk, skb, err, uh->dest, info, (u8*)(uh+1));
++ }
++ sk->sk_err = err;
++ sk->sk_error_report(sk);
++out:
++ sock_put(sk);
++}
++
++void udp_err(struct sk_buff *skb, u32 info)
++{
++ __udp4_lib_err(skb, info, &udp_table);
++}
++
++/*
++ * Throw away all pending data and cancel the corking. Socket is locked.
++ */
++void udp_flush_pending_frames(struct sock *sk)
++{
++ struct udp_sock *up = udp_sk(sk);
++
++ if (up->pending) {
++ up->len = 0;
++ up->pending = 0;
++ ip_flush_pending_frames(sk);
++ }
++}
++EXPORT_SYMBOL(udp_flush_pending_frames);
++
++/**
++ * udp4_hwcsum_outgoing - handle outgoing HW checksumming
++ * @sk: socket we are sending on
++ * @skb: sk_buff containing the filled-in UDP header
++ * (checksum field must be zeroed out)
++ */
++static void udp4_hwcsum_outgoing(struct sock *sk, struct sk_buff *skb,
++ __be32 src, __be32 dst, int len )
++{
++ unsigned int offset;
++ struct udphdr *uh = udp_hdr(skb);
++ __wsum csum = 0;
++
++ if (skb_queue_len(&sk->sk_write_queue) == 1) {
++ /*
++ * Only one fragment on the socket.
++ */
++ skb->csum_start = skb_transport_header(skb) - skb->head;
++ skb->csum_offset = offsetof(struct udphdr, check);
++ uh->check = ~csum_tcpudp_magic(src, dst, len, IPPROTO_UDP, 0);
++ } else {
++ /*
++ * HW-checksum won't work as there are two or more
++ * fragments on the socket so that all csums of sk_buffs
++ * should be together
++ */
++ offset = skb_transport_offset(skb);
++ skb->csum = skb_checksum(skb, offset, skb->len - offset, 0);
++
++ skb->ip_summed = CHECKSUM_NONE;
++
++ skb_queue_walk(&sk->sk_write_queue, skb) {
++ csum = csum_add(csum, skb->csum);
++ }
++
++ uh->check = csum_tcpudp_magic(src, dst, len, IPPROTO_UDP, csum);
++ if (uh->check == 0)
++ uh->check = CSUM_MANGLED_0;
++ }
++}
++
++/*
++ * Push out all pending data as one UDP datagram. Socket is locked.
++ */
++static int udp_push_pending_frames(struct sock *sk)
++{
++ struct udp_sock *up = udp_sk(sk);
++ struct inet_sock *inet = inet_sk(sk);
++ struct flowi *fl = &inet->cork.fl;
++ struct sk_buff *skb;
++ struct udphdr *uh;
++ int err = 0;
++ int is_udplite = IS_UDPLITE(sk);
++ __wsum csum = 0;
++
++ /* Grab the skbuff where UDP header space exists. */
++ if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
++ goto out;
++
++ /*
++ * Create a UDP header
++ */
++ uh = udp_hdr(skb);
++ uh->source = fl->fl_ip_sport;
++ uh->dest = fl->fl_ip_dport;
++ uh->len = htons(up->len);
++ uh->check = 0;
++
++ if (is_udplite) /* UDP-Lite */
++ csum = udplite_csum_outgoing(sk, skb);
++
++ else if (sk->sk_no_check == UDP_CSUM_NOXMIT) { /* UDP csum disabled */
++
++ skb->ip_summed = CHECKSUM_NONE;
++ goto send;
++
++ } else if (skb->ip_summed == CHECKSUM_PARTIAL) { /* UDP hardware csum */
++
++ udp4_hwcsum_outgoing(sk, skb, fl->fl4_src,fl->fl4_dst, up->len);
++ goto send;
++
++ } else /* `normal' UDP */
++ csum = udp_csum_outgoing(sk, skb);
++
++ /* add protocol-dependent pseudo-header */
++ uh->check = csum_tcpudp_magic(fl->fl4_src, fl->fl4_dst, up->len,
++ sk->sk_protocol, csum );
++ if (uh->check == 0)
++ uh->check = CSUM_MANGLED_0;
++
++send:
++ err = ip_push_pending_frames(sk);
++out:
++ up->len = 0;
++ up->pending = 0;
++ if (!err)
++ UDP_INC_STATS_USER(sock_net(sk),
++ UDP_MIB_OUTDATAGRAMS, is_udplite);
++ return err;
++}
++
++int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
++ size_t len)
++{
++ struct inet_sock *inet = inet_sk(sk);
++ struct udp_sock *up = udp_sk(sk);
++ int ulen = len;
++ struct ipcm_cookie ipc;
++ struct rtable *rt = NULL;
++ int free = 0;
++ int connected = 0;
++ __be32 daddr, faddr, saddr;
++ __be16 dport;
++ u8 tos;
++ int err, is_udplite = IS_UDPLITE(sk);
++ int corkreq = up->corkflag || msg->msg_flags&MSG_MORE;
++ int (*getfrag)(void *, char *, int, int, int, struct sk_buff *);
++
++ if (len > 0xFFFF)
++ return -EMSGSIZE;
++
++ /*
++ * Check the flags.
++ */
++
++ if (msg->msg_flags&MSG_OOB) /* Mirror BSD error message compatibility */
++ return -EOPNOTSUPP;
++
++ ipc.opt = NULL;
++ ipc.shtx.flags = 0;
++
++ if (up->pending) {
++ /*
++ * There are pending frames.
++ * The socket lock must be held while it's corked.
++ */
++ lock_sock(sk);
++ if (likely(up->pending)) {
++ if (unlikely(up->pending != AF_INET)) {
++ release_sock(sk);
++ return -EINVAL;
++ }
++ goto do_append_data;
++ }
++ release_sock(sk);
++ }
++ ulen += sizeof(struct udphdr);
++
++ /*
++ * Get and verify the address.
++ */
++ if (msg->msg_name) {
++ struct sockaddr_in * usin = (struct sockaddr_in*)msg->msg_name;
++ if (msg->msg_namelen < sizeof(*usin))
++ return -EINVAL;
++ if (usin->sin_family != AF_INET) {
++ if (usin->sin_family != AF_UNSPEC)
++ return -EAFNOSUPPORT;
++ }
++
++ daddr = usin->sin_addr.s_addr;
++ dport = usin->sin_port;
++ if (dport == 0)
++ return -EINVAL;
++ } else {
++ if (sk->sk_state != TCP_ESTABLISHED)
++ return -EDESTADDRREQ;
++ daddr = inet->daddr;
++ dport = inet->dport;
++ /* Open fast path for connected socket.
++ Route will not be used, if at least one option is set.
++ */
++ connected = 1;
++ }
++ ipc.addr = inet->saddr;
++
++ ipc.oif = sk->sk_bound_dev_if;
++ err = sock_tx_timestamp(msg, sk, &ipc.shtx);
++ if (err)
++ return err;
++ if (msg->msg_controllen) {
++ err = ip_cmsg_send(sock_net(sk), msg, &ipc);
++ if (err)
++ return err;
++ if (ipc.opt)
++ free = 1;
++ connected = 0;
++ }
++ if (!ipc.opt)
++ ipc.opt = inet->opt;
++
++ saddr = ipc.addr;
++ ipc.addr = faddr = daddr;
++
++ if (ipc.opt && ipc.opt->srr) {
++ if (!daddr)
++ return -EINVAL;
++ faddr = ipc.opt->faddr;
++ connected = 0;
++ }
++ tos = RT_TOS(inet->tos);
++ if (sock_flag(sk, SOCK_LOCALROUTE) ||
++ (msg->msg_flags & MSG_DONTROUTE) ||
++ (ipc.opt && ipc.opt->is_strictroute)) {
++ tos |= RTO_ONLINK;
++ connected = 0;
++ }
++
++ if (ipv4_is_multicast(daddr)) {
++ if (!ipc.oif)
++ ipc.oif = inet->mc_index;
++ if (!saddr)
++ saddr = inet->mc_addr;
++ connected = 0;
++ }
++
++ if (connected)
++ rt = (struct rtable*)sk_dst_check(sk, 0);
++
++ if (rt == NULL) {
++ struct flowi fl = { .oif = ipc.oif,
++ .nl_u = { .ip4_u =
++ { .daddr = faddr,
++ .saddr = saddr,
++ .tos = tos } },
++ .proto = sk->sk_protocol,
++ .flags = inet_sk_flowi_flags(sk),
++ .uli_u = { .ports =
++ { .sport = inet->sport,
++ .dport = dport } } };
++ struct net *net = sock_net(sk);
++
++ security_sk_classify_flow(sk, &fl);
++ err = ip_route_output_flow(net, &rt, &fl, sk, 1);
++ if (err) {
++ if (err == -ENETUNREACH)
++ IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES);
++ goto out;
++ }
++
++ err = -EACCES;
++ if ((rt->rt_flags & RTCF_BROADCAST) &&
++ !sock_flag(sk, SOCK_BROADCAST))
++ goto out;
++ if (connected)
++ sk_dst_set(sk, dst_clone(&rt->u.dst));
++ }
++
++ if (msg->msg_flags&MSG_CONFIRM)
++ goto do_confirm;
++back_from_confirm:
++
++ saddr = rt->rt_src;
++ if (!ipc.addr)
++ daddr = ipc.addr = rt->rt_dst;
++
++ lock_sock(sk);
++ if (unlikely(up->pending)) {
++ /* The socket is already corked while preparing it. */
++ /* ... which is an evident application bug. --ANK */
++ release_sock(sk);
++
++ LIMIT_NETDEBUG(KERN_DEBUG "udp cork app bug 2\n");
++ err = -EINVAL;
++ goto out;
++ }
++ /*
++ * Now cork the socket to pend data.
++ */
++ inet->cork.fl.fl4_dst = daddr;
++ inet->cork.fl.fl_ip_dport = dport;
++ inet->cork.fl.fl4_src = saddr;
++ inet->cork.fl.fl_ip_sport = inet->sport;
++ up->pending = AF_INET;
++
++do_append_data:
++ up->len += ulen;
++ getfrag = is_udplite ? udplite_getfrag : ip_generic_getfrag;
++ err = ip_append_data(sk, getfrag, msg->msg_iov, ulen,
++ sizeof(struct udphdr), &ipc, &rt,
++ corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags);
++ if (err)
++ udp_flush_pending_frames(sk);
++ else if (!corkreq)
++ err = udp_push_pending_frames(sk);
++ else if (unlikely(skb_queue_empty(&sk->sk_write_queue)))
++ up->pending = 0;
++ release_sock(sk);
++
++out:
++ ip_rt_put(rt);
++ if (free)
++ kfree(ipc.opt);
++ if (!err)
++ return len;
++ /*
++ * ENOBUFS = no kernel mem, SOCK_NOSPACE = no sndbuf space. Reporting
++ * ENOBUFS might not be good (it's not tunable per se), but otherwise
++ * we don't have a good statistic (IpOutDiscards but it can be too many
++ * things). We could add another new stat but at least for now that
++ * seems like overkill.
++ */
++ if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) {
++ UDP_INC_STATS_USER(sock_net(sk),
++ UDP_MIB_SNDBUFERRORS, is_udplite);
++ }
++ return err;
++
++do_confirm:
++ dst_confirm(&rt->u.dst);
++ if (!(msg->msg_flags&MSG_PROBE) || len)
++ goto back_from_confirm;
++ err = 0;
++ goto out;
++}
++
++int udp_sendpage(struct sock *sk, struct page *page, int offset,
++ size_t size, int flags)
++{
++ struct udp_sock *up = udp_sk(sk);
++ int ret;
++
++ if (!up->pending) {
++ struct msghdr msg = { .msg_flags = flags|MSG_MORE };
++
++ /* Call udp_sendmsg to specify destination address which
++ * sendpage interface can't pass.
++ * This will succeed only when the socket is connected.
++ */
++ ret = udp_sendmsg(NULL, sk, &msg, 0);
++ if (ret < 0)
++ return ret;
++ }
++
++ lock_sock(sk);
++
++ if (unlikely(!up->pending)) {
++ release_sock(sk);
++
++ LIMIT_NETDEBUG(KERN_DEBUG "udp cork app bug 3\n");
++ return -EINVAL;
++ }
++
++ ret = ip_append_page(sk, page, offset, size, flags);
++ if (ret == -EOPNOTSUPP) {
++ release_sock(sk);
++ return sock_no_sendpage(sk->sk_socket, page, offset,
++ size, flags);
++ }
++ if (ret < 0) {
++ udp_flush_pending_frames(sk);
++ goto out;
++ }
++
++ up->len += size;
++ if (!(up->corkflag || (flags&MSG_MORE)))
++ ret = udp_push_pending_frames(sk);
++ if (!ret)
++ ret = size;
++out:
++ release_sock(sk);
++ return ret;
++}
++
++/*
++ * IOCTL requests applicable to the UDP protocol
++ */
++
++int udp_ioctl(struct sock *sk, int cmd, unsigned long arg)
++{
++ switch (cmd) {
++ case SIOCOUTQ:
++ {
++ int amount = atomic_read(&sk->sk_wmem_alloc);
++ return put_user(amount, (int __user *)arg);
++ }
++
++ case SIOCINQ:
++ {
++ struct sk_buff *skb;
++ unsigned long amount;
++
++ amount = 0;
++ spin_lock_bh(&sk->sk_receive_queue.lock);
++ skb = skb_peek(&sk->sk_receive_queue);
++ if (skb != NULL) {
++ /*
++ * We will only return the amount
++ * of this packet since that is all
++ * that will be read.
++ */
++ amount = skb->len - sizeof(struct udphdr);
++ }
++ spin_unlock_bh(&sk->sk_receive_queue.lock);
++ return put_user(amount, (int __user *)arg);
++ }
++
++ default:
++ return -ENOIOCTLCMD;
++ }
++
++ return 0;
++}
++
++/*
++ * This should be easy, if there is something there we
++ * return it, otherwise we block.
++ */
++
++int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
++ size_t len, int noblock, int flags, int *addr_len)
++{
++ struct inet_sock *inet = inet_sk(sk);
++ struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name;
++ struct sk_buff *skb;
++ unsigned int ulen, copied;
++ int peeked;
++ int err;
++ int is_udplite = IS_UDPLITE(sk);
++
++ /*
++ * Check any passed addresses
++ */
++ if (addr_len)
++ *addr_len=sizeof(*sin);
++
++ if (flags & MSG_ERRQUEUE)
++ return ip_recv_error(sk, msg, len);
++
++try_again:
++ skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0),
++ &peeked, &err);
++ if (!skb)
++ goto out;
++
++ ulen = skb->len - sizeof(struct udphdr);
++ copied = len;
++ if (copied > ulen)
++ copied = ulen;
++ else if (copied < ulen)
++ msg->msg_flags |= MSG_TRUNC;
++
++ /*
++ * If checksum is needed at all, try to do it while copying the
++ * data. If the data is truncated, or if we only want a partial
++ * coverage checksum (UDP-Lite), do it before the copy.
++ */
++
++ if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) {
++ if (udp_lib_checksum_complete(skb))
++ goto csum_copy_err;
++ }
++
++ if (skb_csum_unnecessary(skb))
++ err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr),
++ msg->msg_iov, copied );
++ else {
++ err = skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov);
++
++ if (err == -EINVAL)
++ goto csum_copy_err;
++ }
++
++ if (err)
++ goto out_free;
++
++ if (!peeked)
++ UDP_INC_STATS_USER(sock_net(sk),
++ UDP_MIB_INDATAGRAMS, is_udplite);
++
++ sock_recv_timestamp(msg, sk, skb);
++
++ /* Copy the address. */
++ if (sin)
++ {
++ sin->sin_family = AF_INET;
++ sin->sin_port = udp_hdr(skb)->source;
++ sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
++ memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
++ }
++ if (inet->cmsg_flags)
++ ip_cmsg_recv(msg, skb);
++
++ err = copied;
++ if (flags & MSG_TRUNC)
++ err = ulen;
++
++out_free:
++ lock_sock(sk);
++ skb_free_datagram(sk, skb);
++ release_sock(sk);
++out:
++ return err;
++
++csum_copy_err:
++ lock_sock(sk);
++ if (!skb_kill_datagram(sk, skb, flags))
++ UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
++ release_sock(sk);
++
++ if (noblock)
++ return -EAGAIN;
++ goto try_again;
++}
++
++
++int udp_disconnect(struct sock *sk, int flags)
++{
++ struct inet_sock *inet = inet_sk(sk);
++ /*
++ * 1003.1g - break association.
++ */
++
++ sk->sk_state = TCP_CLOSE;
++ inet->daddr = 0;
++ inet->dport = 0;
++ sk->sk_bound_dev_if = 0;
++ if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
++ inet_reset_saddr(sk);
++
++ if (!(sk->sk_userlocks & SOCK_BINDPORT_LOCK)) {
++ sk->sk_prot->unhash(sk);
++ inet->sport = 0;
++ }
++ sk_dst_reset(sk);
++ return 0;
++}
++
++void udp_lib_unhash(struct sock *sk)
++{
++ if (sk_hashed(sk)) {
++ struct udp_table *udptable = sk->sk_prot->h.udp_table;
++ unsigned int hash = udp_hashfn(sock_net(sk), sk->sk_hash);
++ struct udp_hslot *hslot = &udptable->hash[hash];
++
++ spin_lock_bh(&hslot->lock);
++ if (sk_nulls_del_node_init_rcu(sk)) {
++ inet_sk(sk)->num = 0;
++ sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
++ }
++ spin_unlock_bh(&hslot->lock);
++ }
++}
++EXPORT_SYMBOL(udp_lib_unhash);
++
++static int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
++{
++ int is_udplite = IS_UDPLITE(sk);
++ int rc;
++
++ if ((rc = sock_queue_rcv_skb(sk, skb)) < 0) {
++ /* Note that an ENOMEM error is charged twice */
++ if (rc == -ENOMEM) {
++ UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,
++ is_udplite);
++ atomic_inc(&sk->sk_drops);
++ }
++ goto drop;
++ }
++
++ return 0;
++
++drop:
++ UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
++ kfree_skb(skb);
++ return -1;
++}
++
++/* returns:
++ * -1: error
++ * 0: success
++ * >0: "udp encap" protocol resubmission
++ *
++ * Note that in the success and error cases, the skb is assumed to
++ * have either been requeued or freed.
++ */
++int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
++{
++ struct udp_sock *up = udp_sk(sk);
++ int rc;
++ int is_udplite = IS_UDPLITE(sk);
++
++ /*
++ * Charge it to the socket, dropping if the queue is full.
++ */
++ if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
++ goto drop;
++ nf_reset(skb);
++
++ if (up->encap_type) {
++ /*
++ * This is an encapsulation socket so pass the skb to
++ * the socket's udp_encap_rcv() hook. Otherwise, just
++ * fall through and pass this up the UDP socket.
++ * up->encap_rcv() returns the following value:
++ * =0 if skb was successfully passed to the encap
++ * handler or was discarded by it.
++ * >0 if skb should be passed on to UDP.
++ * <0 if skb should be resubmitted as proto -N
++ */
++
++ /* if we're overly short, let UDP handle it */
++ if (skb->len > sizeof(struct udphdr) &&
++ up->encap_rcv != NULL) {
++ int ret;
++
++ ret = (*up->encap_rcv)(sk, skb);
++ if (ret <= 0) {
++ UDP_INC_STATS_BH(sock_net(sk),
++ UDP_MIB_INDATAGRAMS,
++ is_udplite);
++ return -ret;
++ }
++ }
++
++ /* FALLTHROUGH -- it's a UDP Packet */
++ }
++
++ /*
++ * UDP-Lite specific tests, ignored on UDP sockets
++ */
++ if ((is_udplite & UDPLITE_RECV_CC) && UDP_SKB_CB(skb)->partial_cov) {
++
++ /*
++ * MIB statistics other than incrementing the error count are
++ * disabled for the following two types of errors: these depend
++ * on the application settings, not on the functioning of the
++ * protocol stack as such.
++ *
++ * RFC 3828 here recommends (sec 3.3): "There should also be a
++ * way ... to ... at least let the receiving application block
++ * delivery of packets with coverage values less than a value
++ * provided by the application."
++ */
++ if (up->pcrlen == 0) { /* full coverage was set */
++ LIMIT_NETDEBUG(KERN_WARNING "UDPLITE: partial coverage "
++ "%d while full coverage %d requested\n",
++ UDP_SKB_CB(skb)->cscov, skb->len);
++ goto drop;
++ }
++ /* The next case involves violating the min. coverage requested
++ * by the receiver. This is subtle: if receiver wants x and x is
++ * greater than the buffersize/MTU then receiver will complain
++ * that it wants x while sender emits packets of smaller size y.
++ * Therefore the above ...()->partial_cov statement is essential.
++ */
++ if (UDP_SKB_CB(skb)->cscov < up->pcrlen) {
++ LIMIT_NETDEBUG(KERN_WARNING
++ "UDPLITE: coverage %d too small, need min %d\n",
++ UDP_SKB_CB(skb)->cscov, up->pcrlen);
++ goto drop;
++ }
++ }
++
++ if (sk->sk_filter) {
++ if (udp_lib_checksum_complete(skb))
++ goto drop;
++ }
++
++ rc = 0;
++
++ bh_lock_sock(sk);
++ if (!sock_owned_by_user(sk))
++ rc = __udp_queue_rcv_skb(sk, skb);
++ else
++ sk_add_backlog(sk, skb);
++ bh_unlock_sock(sk);
++
++ return rc;
++
++drop:
++ UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
++ kfree_skb(skb);
++ return -1;
++}
++
++/*
++ * Multicasts and broadcasts go to each listener.
++ *
++ * Note: called only from the BH handler context,
++ * so we don't need to lock the hashes.
++ */
++static int __udp4_lib_mcast_deliver(struct net *net, struct sk_buff *skb,
++ struct udphdr *uh,
++ __be32 saddr, __be32 daddr,
++ struct udp_table *udptable)
++{
++ struct sock *sk;
++ struct udp_hslot *hslot = &udptable->hash[udp_hashfn(net, ntohs(uh->dest))];
++ int dif;
++
++ spin_lock(&hslot->lock);
++ sk = sk_nulls_head(&hslot->head);
++ dif = skb->dev->ifindex;
++ sk = udp_v4_mcast_next(net, sk, uh->dest, daddr, uh->source, saddr, dif);
++ if (sk) {
++ struct sock *sknext = NULL;
++
++ do {
++ struct sk_buff *skb1 = skb;
++
++ sknext = udp_v4_mcast_next(net, sk_nulls_next(sk), uh->dest,
++ daddr, uh->source, saddr,
++ dif);
++ if (sknext)
++ skb1 = skb_clone(skb, GFP_ATOMIC);
++
++ if (skb1) {
++ int ret = udp_queue_rcv_skb(sk, skb1);
++ if (ret > 0)
++ /* we should probably re-process instead
++ * of dropping packets here. */
++ kfree_skb(skb1);
++ }
++ sk = sknext;
++ } while (sknext);
++ } else
++ consume_skb(skb);
++ spin_unlock(&hslot->lock);
++ return 0;
++}
++
++/* Initialize UDP checksum. If exited with zero value (success),
++ * CHECKSUM_UNNECESSARY means, that no more checks are required.
++ * Otherwise, csum completion requires chacksumming packet body,
++ * including udp header and folding it to skb->csum.
++ */
++static inline int udp4_csum_init(struct sk_buff *skb, struct udphdr *uh,
++ int proto)
++{
++ const struct iphdr *iph;
++ int err;
++
++ UDP_SKB_CB(skb)->partial_cov = 0;
++ UDP_SKB_CB(skb)->cscov = skb->len;
++
++ if (proto == IPPROTO_UDPLITE) {
++ err = udplite_checksum_init(skb, uh);
++ if (err)
++ return err;
++ }
++
++ iph = ip_hdr(skb);
++ if (uh->check == 0) {
++ skb->ip_summed = CHECKSUM_UNNECESSARY;
++ } else if (skb->ip_summed == CHECKSUM_COMPLETE) {
++ if (!csum_tcpudp_magic(iph->saddr, iph->daddr, skb->len,
++ proto, skb->csum))
++ skb->ip_summed = CHECKSUM_UNNECESSARY;
++ }
++ if (!skb_csum_unnecessary(skb))
++ skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
++ skb->len, proto, 0);
++ /* Probably, we should checksum udp header (it should be in cache
++ * in any case) and data in tiny packets (< rx copybreak).
++ */
++
++ return 0;
++}
++
++/*
++ * All we need to do is get the socket, and then do a checksum.
++ */
++
++int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
++ int proto)
++{
++ struct sock *sk;
++ struct udphdr *uh;
++ unsigned short ulen;
++ struct rtable *rt = (struct rtable*)skb->dst;
++ __be32 saddr, daddr;
++ struct net *net = dev_net(skb->dev);
++
++ /*
++ * Validate the packet.
++ */
++ if (!pskb_may_pull(skb, sizeof(struct udphdr)))
++ goto drop; /* No space for header. */
++
++ uh = udp_hdr(skb);
++ ulen = ntohs(uh->len);
++ if (ulen > skb->len)
++ goto short_packet;
++
++ if (proto == IPPROTO_UDP) {
++ /* UDP validates ulen. */
++ if (ulen < sizeof(*uh) || pskb_trim_rcsum(skb, ulen))
++ goto short_packet;
++ uh = udp_hdr(skb);
++ }
++
++ if (udp4_csum_init(skb, uh, proto))
++ goto csum_error;
++
++ saddr = ip_hdr(skb)->saddr;
++ daddr = ip_hdr(skb)->daddr;
++
++ if (rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST))
++ return __udp4_lib_mcast_deliver(net, skb, uh,
++ saddr, daddr, udptable);
++
++ sk = __udp4_lib_lookup_skb(skb, uh->source, uh->dest, udptable);
++
++ if (sk != NULL) {
++ int ret = udp_queue_rcv_skb(sk, skb);
++ sock_put(sk);
++
++ /* a return value > 0 means to resubmit the input, but
++ * it wants the return to be -protocol, or 0
++ */
++ if (ret > 0)
++ return -ret;
++ return 0;
++ }
++
++ if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
++ goto drop;
++ nf_reset(skb);
++
++ /* No socket. Drop packet silently, if checksum is wrong */
++ if (udp_lib_checksum_complete(skb))
++ goto csum_error;
++
++ UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
++ icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
++
++ /*
++ * Hmm. We got an UDP packet to a port to which we
++ * don't wanna listen. Ignore it.
++ */
++ kfree_skb(skb);
++ return 0;
++
++short_packet:
++ LIMIT_NETDEBUG(KERN_DEBUG "UDP%s: short packet: From %pI4:%u %d/%d to %pI4:%u\n",
++ proto == IPPROTO_UDPLITE ? "-Lite" : "",
++ &saddr,
++ ntohs(uh->source),
++ ulen,
++ skb->len,
++ &daddr,
++ ntohs(uh->dest));
++ goto drop;
++
++csum_error:
++ /*
++ * RFC1122: OK. Discards the bad packet silently (as far as
++ * the network is concerned, anyway) as per 4.1.3.4 (MUST).
++ */
++ LIMIT_NETDEBUG(KERN_DEBUG "UDP%s: bad checksum. From %pI4:%u to %pI4:%u ulen %d\n",
++ proto == IPPROTO_UDPLITE ? "-Lite" : "",
++ &saddr,
++ ntohs(uh->source),
++ &daddr,
++ ntohs(uh->dest),
++ ulen);
++drop:
++ UDP_INC_STATS_BH(net, UDP_MIB_INERRORS, proto == IPPROTO_UDPLITE);
++ kfree_skb(skb);
++ return 0;
++}
++
++int udp_rcv(struct sk_buff *skb)
++{
++ return __udp4_lib_rcv(skb, &udp_table, IPPROTO_UDP);
++}
++
++void udp_destroy_sock(struct sock *sk)
++{
++ lock_sock(sk);
++ udp_flush_pending_frames(sk);
++ release_sock(sk);
++}
++
++/*
++ * Socket option code for UDP
++ */
++int udp_lib_setsockopt(struct sock *sk, int level, int optname,
++ char __user *optval, int optlen,
++ int (*push_pending_frames)(struct sock *))
++{
++ struct udp_sock *up = udp_sk(sk);
++ int val;
++ int err = 0;
++ int is_udplite = IS_UDPLITE(sk);
++
++ if (optlen<sizeof(int))
++ return -EINVAL;
++
++ if (get_user(val, (int __user *)optval))
++ return -EFAULT;
++
++ switch (optname) {
++ case UDP_CORK:
++ if (val != 0) {
++ up->corkflag = 1;
++ } else {
++ up->corkflag = 0;
++ lock_sock(sk);
++ (*push_pending_frames)(sk);
++ release_sock(sk);
++ }
++ break;
++
++ case UDP_ENCAP:
++ switch (val) {
++ case 0:
++ case UDP_ENCAP_ESPINUDP:
++ case UDP_ENCAP_ESPINUDP_NON_IKE:
++ up->encap_rcv = xfrm4_udp_encap_rcv;
++ /* FALLTHROUGH */
++ case UDP_ENCAP_L2TPINUDP:
++ up->encap_type = val;
++ break;
++ default:
++ err = -ENOPROTOOPT;
++ break;
++ }
++ break;
++
++ /*
++ * UDP-Lite's partial checksum coverage (RFC 3828).
++ */
++ /* The sender sets actual checksum coverage length via this option.
++ * The case coverage > packet length is handled by send module. */
++ case UDPLITE_SEND_CSCOV:
++ if (!is_udplite) /* Disable the option on UDP sockets */
++ return -ENOPROTOOPT;
++ if (val != 0 && val < 8) /* Illegal coverage: use default (8) */
++ val = 8;
++ else if (val > USHORT_MAX)
++ val = USHORT_MAX;
++ up->pcslen = val;
++ up->pcflag |= UDPLITE_SEND_CC;
++ break;
++
++ /* The receiver specifies a minimum checksum coverage value. To make
++ * sense, this should be set to at least 8 (as done below). If zero is
++ * used, this again means full checksum coverage. */
++ case UDPLITE_RECV_CSCOV:
++ if (!is_udplite) /* Disable the option on UDP sockets */
++ return -ENOPROTOOPT;
++ if (val != 0 && val < 8) /* Avoid silly minimal values. */
++ val = 8;
++ else if (val > USHORT_MAX)
++ val = USHORT_MAX;
++ up->pcrlen = val;
++ up->pcflag |= UDPLITE_RECV_CC;
++ break;
++
++ default:
++ err = -ENOPROTOOPT;
++ break;
++ }
++
++ return err;
++}
++
++int udp_setsockopt(struct sock *sk, int level, int optname,
++ char __user *optval, int optlen)
++{
++ if (level == SOL_UDP || level == SOL_UDPLITE)
++ return udp_lib_setsockopt(sk, level, optname, optval, optlen,
++ udp_push_pending_frames);
++ return ip_setsockopt(sk, level, optname, optval, optlen);
++}
++
++#ifdef CONFIG_COMPAT
++int compat_udp_setsockopt(struct sock *sk, int level, int optname,
++ char __user *optval, int optlen)
++{
++ if (level == SOL_UDP || level == SOL_UDPLITE)
++ return udp_lib_setsockopt(sk, level, optname, optval, optlen,
++ udp_push_pending_frames);
++ return compat_ip_setsockopt(sk, level, optname, optval, optlen);
++}
++#endif
++
++int udp_lib_getsockopt(struct sock *sk, int level, int optname,
++ char __user *optval, int __user *optlen)
++{
++ struct udp_sock *up = udp_sk(sk);
++ int val, len;
++
++ if (get_user(len,optlen))
++ return -EFAULT;
++
++ len = min_t(unsigned int, len, sizeof(int));
++
++ if (len < 0)
++ return -EINVAL;
++
++ switch (optname) {
++ case UDP_CORK:
++ val = up->corkflag;
++ break;
++
++ case UDP_ENCAP:
++ val = up->encap_type;
++ break;
++
++ /* The following two cannot be changed on UDP sockets, the return is
++ * always 0 (which corresponds to the full checksum coverage of UDP). */
++ case UDPLITE_SEND_CSCOV:
++ val = up->pcslen;
++ break;
++
++ case UDPLITE_RECV_CSCOV:
++ val = up->pcrlen;
++ break;
++
++ default:
++ return -ENOPROTOOPT;
++ }
++
++ if (put_user(len, optlen))
++ return -EFAULT;
++ if (copy_to_user(optval, &val,len))
++ return -EFAULT;
++ return 0;
++}
++
++int udp_getsockopt(struct sock *sk, int level, int optname,
++ char __user *optval, int __user *optlen)
++{
++ if (level == SOL_UDP || level == SOL_UDPLITE)
++ return udp_lib_getsockopt(sk, level, optname, optval, optlen);
++ return ip_getsockopt(sk, level, optname, optval, optlen);
++}
++
++#ifdef CONFIG_COMPAT
++int compat_udp_getsockopt(struct sock *sk, int level, int optname,
++ char __user *optval, int __user *optlen)
++{
++ if (level == SOL_UDP || level == SOL_UDPLITE)
++ return udp_lib_getsockopt(sk, level, optname, optval, optlen);
++ return compat_ip_getsockopt(sk, level, optname, optval, optlen);
++}
++#endif
++/**
++ * udp_poll - wait for a UDP event.
++ * @file - file struct
++ * @sock - socket
++ * @wait - poll table
++ *
++ * This is same as datagram poll, except for the special case of
++ * blocking sockets. If application is using a blocking fd
++ * and a packet with checksum error is in the queue;
++ * then it could get return from select indicating data available
++ * but then block when reading it. Add special case code
++ * to work around these arguably broken applications.
++ */
++unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait)
++{
++ unsigned int mask = datagram_poll(file, sock, wait);
++ struct sock *sk = sock->sk;
++ int is_lite = IS_UDPLITE(sk);
++
++ /* Check for false positives due to checksum errors */
++ if ( (mask & POLLRDNORM) &&
++ !(file->f_flags & O_NONBLOCK) &&
++ !(sk->sk_shutdown & RCV_SHUTDOWN)){
++ struct sk_buff_head *rcvq = &sk->sk_receive_queue;
++ struct sk_buff *skb;
++
++ spin_lock_bh(&rcvq->lock);
++ while ((skb = skb_peek(rcvq)) != NULL &&
++ udp_lib_checksum_complete(skb)) {
++ UDP_INC_STATS_BH(sock_net(sk),
++ UDP_MIB_INERRORS, is_lite);
++ __skb_unlink(skb, rcvq);
++ kfree_skb(skb);
++ }
++ spin_unlock_bh(&rcvq->lock);
++
++ /* nothing to see, move along */
++ if (skb == NULL)
++ mask &= ~(POLLIN | POLLRDNORM);
++ }
++
++ return mask;
++
++}
++
++struct proto udp_prot = {
++ .name = "UDP",
++ .owner = THIS_MODULE,
++ .close = udp_lib_close,
++ .connect = ip4_datagram_connect,
++ .disconnect = udp_disconnect,
++ .ioctl = udp_ioctl,
++ .destroy = udp_destroy_sock,
++ .setsockopt = udp_setsockopt,
++ .getsockopt = udp_getsockopt,
++ .sendmsg = udp_sendmsg,
++ .recvmsg = udp_recvmsg,
++ .sendpage = udp_sendpage,
++ .backlog_rcv = __udp_queue_rcv_skb,
++ .hash = udp_lib_hash,
++ .unhash = udp_lib_unhash,
++ .get_port = udp_v4_get_port,
++ .memory_allocated = &udp_memory_allocated,
++ .sysctl_mem = sysctl_udp_mem,
++ .sysctl_wmem = &sysctl_udp_wmem_min,
++ .sysctl_rmem = &sysctl_udp_rmem_min,
++ .obj_size = sizeof(struct udp_sock),
++ .slab_flags = SLAB_DESTROY_BY_RCU,
++ .h.udp_table = &udp_table,
++#ifdef CONFIG_COMPAT
++ .compat_setsockopt = compat_udp_setsockopt,
++ .compat_getsockopt = compat_udp_getsockopt,
++#endif
++};
++
++/* ------------------------------------------------------------------------ */
++#ifdef CONFIG_PROC_FS
++
++static struct sock *udp_get_first(struct seq_file *seq, int start)
++{
++ struct sock *sk;
++ struct udp_iter_state *state = seq->private;
++ struct net *net = seq_file_net(seq);
++
++ for (state->bucket = start; state->bucket < UDP_HTABLE_SIZE; ++state->bucket) {
++ struct hlist_nulls_node *node;
++ struct udp_hslot *hslot = &state->udp_table->hash[state->bucket];
++ spin_lock_bh(&hslot->lock);
++ sk_nulls_for_each(sk, node, &hslot->head) {
++ if (!net_eq(sock_net(sk), net))
++ continue;
++ if (sk->sk_family == state->family)
++ goto found;
++ }
++ spin_unlock_bh(&hslot->lock);
++ }
++ sk = NULL;
++found:
++ return sk;
++}
++
++static struct sock *udp_get_next(struct seq_file *seq, struct sock *sk)
++{
++ struct udp_iter_state *state = seq->private;
++ struct net *net = seq_file_net(seq);
++
++ do {
++ sk = sk_nulls_next(sk);
++ } while (sk && (!net_eq(sock_net(sk), net) || sk->sk_family != state->family));
++
++ if (!sk) {
++ if (state->bucket < UDP_HTABLE_SIZE)
++ spin_unlock_bh(&state->udp_table->hash[state->bucket].lock);
++ return udp_get_first(seq, state->bucket + 1);
++ }
++ return sk;
++}
++
++static struct sock *udp_get_idx(struct seq_file *seq, loff_t pos)
++{
++ struct sock *sk = udp_get_first(seq, 0);
++
++ if (sk)
++ while (pos && (sk = udp_get_next(seq, sk)) != NULL)
++ --pos;
++ return pos ? NULL : sk;
++}
++
++static void *udp_seq_start(struct seq_file *seq, loff_t *pos)
++{
++ struct udp_iter_state *state = seq->private;
++ state->bucket = UDP_HTABLE_SIZE;
++
++ return *pos ? udp_get_idx(seq, *pos-1) : SEQ_START_TOKEN;
++}
++
++static void *udp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
++{
++ struct sock *sk;
++
++ if (v == SEQ_START_TOKEN)
++ sk = udp_get_idx(seq, 0);
++ else
++ sk = udp_get_next(seq, v);
++
++ ++*pos;
++ return sk;
++}
++
++static void udp_seq_stop(struct seq_file *seq, void *v)
++{
++ struct udp_iter_state *state = seq->private;
++
++ if (state->bucket < UDP_HTABLE_SIZE)
++ spin_unlock_bh(&state->udp_table->hash[state->bucket].lock);
++}
++
++static int udp_seq_open(struct inode *inode, struct file *file)
++{
++ struct udp_seq_afinfo *afinfo = PDE(inode)->data;
++ struct udp_iter_state *s;
++ int err;
++
++ err = seq_open_net(inode, file, &afinfo->seq_ops,
++ sizeof(struct udp_iter_state));
++ if (err < 0)
++ return err;
++
++ s = ((struct seq_file *)file->private_data)->private;
++ s->family = afinfo->family;
++ s->udp_table = afinfo->udp_table;
++ return err;
++}
++
++/* ------------------------------------------------------------------------ */
++int udp_proc_register(struct net *net, struct udp_seq_afinfo *afinfo)
++{
++ struct proc_dir_entry *p;
++ int rc = 0;
++
++ afinfo->seq_fops.open = udp_seq_open;
++ afinfo->seq_fops.read = seq_read;
++ afinfo->seq_fops.llseek = seq_lseek;
++ afinfo->seq_fops.release = seq_release_net;
++
++ afinfo->seq_ops.start = udp_seq_start;
++ afinfo->seq_ops.next = udp_seq_next;
++ afinfo->seq_ops.stop = udp_seq_stop;
++
++ p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net,
++ &afinfo->seq_fops, afinfo);
++ if (!p)
++ rc = -ENOMEM;
++ return rc;
++}
++
++void udp_proc_unregister(struct net *net, struct udp_seq_afinfo *afinfo)
++{
++ proc_net_remove(net, afinfo->name);
++}
++
++/* ------------------------------------------------------------------------ */
++static void udp4_format_sock(struct sock *sp, struct seq_file *f,
++ int bucket, int *len)
++{
++ struct inet_sock *inet = inet_sk(sp);
++ __be32 dest = inet->daddr;
++ __be32 src = inet->rcv_saddr;
++ __u16 destp = ntohs(inet->dport);
++ __u16 srcp = ntohs(inet->sport);
++
++ seq_printf(f, "%4d: %08X:%04X %08X:%04X"
++ " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %d%n",
++ bucket, src, srcp, dest, destp, sp->sk_state,
++ atomic_read(&sp->sk_wmem_alloc),
++ atomic_read(&sp->sk_rmem_alloc),
++ 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
++ atomic_read(&sp->sk_refcnt), sp,
++ atomic_read(&sp->sk_drops), len);
++}
++
++int udp4_seq_show(struct seq_file *seq, void *v)
++{
++ if (v == SEQ_START_TOKEN)
++ seq_printf(seq, "%-127s\n",
++ " sl local_address rem_address st tx_queue "
++ "rx_queue tr tm->when retrnsmt uid timeout "
++ "inode ref pointer drops");
++ else {
++ struct udp_iter_state *state = seq->private;
++ int len;
++
++ udp4_format_sock(v, seq, state->bucket, &len);
++ seq_printf(seq, "%*s\n", 127 - len ,"");
++ }
++ return 0;
++}
++
++/* ------------------------------------------------------------------------ */
++static struct udp_seq_afinfo udp4_seq_afinfo = {
++ .name = "udp",
++ .family = AF_INET,
++ .udp_table = &udp_table,
++ .seq_fops = {
++ .owner = THIS_MODULE,
++ },
++ .seq_ops = {
++ .show = udp4_seq_show,
++ },
++};
++
++static int udp4_proc_init_net(struct net *net)
++{
++ return udp_proc_register(net, &udp4_seq_afinfo);
++}
++
++static void udp4_proc_exit_net(struct net *net)
++{
++ udp_proc_unregister(net, &udp4_seq_afinfo);
++}
++
++static struct pernet_operations udp4_net_ops = {
++ .init = udp4_proc_init_net,
++ .exit = udp4_proc_exit_net,
++};
++
++int __init udp4_proc_init(void)
++{
++ return register_pernet_subsys(&udp4_net_ops);
++}
++
++void udp4_proc_exit(void)
++{
++ unregister_pernet_subsys(&udp4_net_ops);
++}
++#endif /* CONFIG_PROC_FS */
++
++void __init udp_table_init(struct udp_table *table)
++{
++ int i;
++
++ for (i = 0; i < UDP_HTABLE_SIZE; i++) {
++ INIT_HLIST_NULLS_HEAD(&table->hash[i].head, i);
++ spin_lock_init(&table->hash[i].lock);
++ }
++}
++
++void __init udp_init(void)
++{
++ unsigned long nr_pages, limit;
++
++ udp_table_init(&udp_table);
++ /* Set the pressure threshold up by the same strategy of TCP. It is a
++ * fraction of global memory that is up to 1/2 at 256 MB, decreasing
++ * toward zero with the amount of memory, with a floor of 128 pages.
++ */
++ nr_pages = totalram_pages - totalhigh_pages;
++ limit = min(nr_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT);
++ limit = (limit * (nr_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11);
++ limit = max(limit, 128UL);
++ sysctl_udp_mem[0] = limit / 4 * 3;
++ sysctl_udp_mem[1] = limit;
++ sysctl_udp_mem[2] = sysctl_udp_mem[0] * 2;
++
++ sysctl_udp_rmem_min = SK_MEM_QUANTUM;
++ sysctl_udp_wmem_min = SK_MEM_QUANTUM;
++}
++
++EXPORT_SYMBOL(udp_disconnect);
++EXPORT_SYMBOL(udp_ioctl);
++EXPORT_SYMBOL(udp_prot);
++EXPORT_SYMBOL(udp_sendmsg);
++EXPORT_SYMBOL(udp_lib_getsockopt);
++EXPORT_SYMBOL(udp_lib_setsockopt);
++EXPORT_SYMBOL(udp_poll);
++EXPORT_SYMBOL(udp_lib_get_port);
++
++#ifdef CONFIG_PROC_FS
++EXPORT_SYMBOL(udp_proc_register);
++EXPORT_SYMBOL(udp_proc_unregister);
++#endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 04:09:25 +0000