aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2008-01-31[IPV4] route cache: Introduce rt_genid for smooth cache invalidationEric Dumazet
Current ip route cache implementation is not suited to large caches. We can consume a lot of CPU when cache must be invalidated, since we currently need to evict all cache entries, and this eviction is sometimes asynchronous. min_delay & max_delay can somewhat control this asynchronism behavior, but whole thing is a kludge, regularly triggering infamous soft lockup messages. When entries are still in use, this also consumes a lot of ram, filling dst_garbage.list. A better scheme is to use a generation identifier on each entry, so that cache invalidation can be performed by changing the table identifier, without having to scan all entries. No more delayed flushing, no more stalling when secret_interval expires. Invalidated entries will then be freed at GC time (controled by ip_rt_gc_timeout or stress), or when an invalidated entry is found in a chain when an insert is done. Thus we keep a normal equilibrium. This patch : - renames rt_hash_rnd to rt_genid (and makes it an atomic_t) - Adds a new rt_genid field to 'struct rtable' (filling a hole on 64bit) - Checks entry->rt_genid at appropriate places :
2008-01-31[PKTGEN]: pktgen should not print info that it is spinningJesse Brandeburg
when using pktgen to send delay packets the module prints repeatedly to the kernel log: sleeping for X sleeping for X ... This is probably just a debugging item left in and should not be enabled for regular use of the module. Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NET_SCHED]: sch_ingress: remove netfilter supportPatrick McHardy
Since the old policer code is gone, TC actions are needed for policing. The ingress qdisc can get packets directly from netif_receive_skb() in case TC actions are enabled or through netfilter otherwise, but since without TC actions there is no policer the only thing it actually does is count packets. Remove the netfilter support and always require TC actions. Signed-off-by: Patrick McHardy <kaber@trash.net> Acked-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[MACVLAN]: Setting macvlan_handle_frame_hook to NULL when ↵Rami Rosen
rtnl_link_register() fails. In drivers/net/macvlan.c, when rtnl_link_register() fails in macvlan_init_module(), there is no point to set it (second time in this method) to macvlan_handle_frame; macvlan_init_module() will return a negative number, so instead this patch sets macvlan_handle_frame_hook to NULL. Signed-off-by: Rami Rosen <ramirose@gmail.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[VLAN]: set_rx_mode support for unicast address listChris Leech
Reuse the existing logic for multicast list synchronization for the unicast address list. The core of dev_mc_sync/unsync are split out as __dev_addr_sync/unsync and moved from dev_mcast.c to dev.c. These are then used to implement dev_unicast_sync/unsync as well. I'm working on cleaning up Intel's FCoE stack, which generates new MAC addresses from the fibre channel device id assigned by the fabric as per the current draft specification in T11. When using such a protocol in a VLAN environment it would be nice to not always be forced into promiscuous mode, assuming the underlying Ethernet driver supports multiple unicast addresses as well. Signed-off-by: Chris Leech <christopher.leech@intel.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-01-31[TCP]: Fix a bug in strategy_allowed_congestion_controlShan Wei
In strategy_allowed_congestion_control of the 2.6.24 kernel, when sysctl_string return 1 on success,it should call tcp_set_allowed_congestion_control to set the allowed congestion control.But, it don't. the sysctl_string return 1 on success, otherwise return negative, never return 0.The patch fix the problem. Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com> Acked-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[IPV4] fib_trie: rescan if key is lost during dumpStephen Hemminger
Normally during a dump the key of the last dumped entry is used for continuation, but since lock is dropped it might be lost. In that case fallback to the old counter based N^2 behaviour. This means the dump will end up skipping some routes which matches what FIB_HASH does. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[PKTGEN]: Remove an unused definition in pktgen.c.Rami Rosen
- Remove an unused definition (LAT_BUCKETS_MAX) in net/core/pktgen.c. - Remove the corresponding comment. - The LAT_BUCKETS_MAX seems to have to do with a patch from a long time ago which was not applied (Ben Greear), which dealt with latency counters. See, for example : http://oss.sgi.com/archives/netdev/2002-09/msg00184.html Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[IPV6]: Update MSS even if MTU is unchanged.Jim Paris
This is needed because in ndisc.c, we have: static void ndisc_router_discovery(struct sk_buff *skb) { // ... if (ndopts.nd_opts_mtu) { // ... if (rt) rt->u.dst.metrics[RTAX_MTU-1] = mtu; rt6_mtu_change(skb->dev, mtu); // ... } Since the mtu is set directly here, rt6_mtu_change_route thinks that it is unchanged, and so it fails to update the MSS accordingly. This patch lets rt6_mtu_change_route still update MSS if old_mtu == new_mtu. Signed-off-by: Jim Paris <jim@jtan.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETNS]: Udp sockets per-net lookup.Pavel Emelyanov
Add the net parameter to udp_get_port family of calls and udp_lookup one and use it to filter sockets. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETNS]: Tcp-v6 sockets per-net lookup.Pavel Emelyanov
Add a net argument to inet6_lookup and propagate it further. Actually, this is tcp-v6 implementation of what was done for tcp-v4 sockets in a previous patch. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETNS]: Tcp-v4 sockets per-net lookup.Pavel Emelyanov
Add a net argument to inet_lookup and propagate it further into lookup calls. Plus tune the __inet_check_established. The dccp and inet_diag, which use that lookup functions pass the init_net into them. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETNS]: Make bind buckets live in net namespaces.Pavel Emelyanov
This tags the inet_bind_bucket struct with net pointer, initializes it during creation and makes a filtering during lookup. A better hashfn, that takes the net into account is to be done in the future, but currently all bind buckets with similar port will be in one hash chain. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[INET]: Consolidate inet(6)_hash_connect.Pavel Emelyanov
These two functions are the same except for what they call to "check_established" and "hash" for a socket. This saves half-a-kilo for ipv4 and ipv6. add/remove: 1/0 grow/shrink: 1/4 up/down: 582/-1128 (-546) function old new delta __inet_hash_connect - 577 +577 arp_ignore 108 113 +5 static.hint 8 4 -4 rt_worker_func 376 372 -4 inet6_hash_connect 584 25 -559 inet_hash_connect 586 25 -561 Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[IPV6]: Introduce the INET6_TW_MATCH macro.Pavel Emelyanov
We have INET_MATCH, INET_TW_MATCH and INET6_MATCH to test sockets and twbuckets for matching, but ipv6 twbuckets are tested manually. Here's the INET6_TW_MATCH to help with it. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: xt_iprange: fix sparse warningsPatrick McHardy
CHECK net/netfilter/xt_iprange.c net/netfilter/xt_iprange.c:104:19: warning: restricted degrades to integer net/netfilter/xt_iprange.c:104:37: warning: restricted degrades to integer net/netfilter/xt_iprange.c:104:19: warning: restricted degrades to integer net/netfilter/xt_iprange.c:104:37: warning: restricted degrades to integer net/netfilter/xt_iprange.c:104:19: warning: restricted degrades to integer net/netfilter/xt_iprange.c:104:37: warning: restricted degrades to integer net/netfilter/xt_iprange.c:104:19: warning: restricted degrades to integer net/netfilter/xt_iprange.c:104:37: warning: restricted degrades to integer Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_nat: fix sparse warningPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack: fix sparse warningPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: {ip,ip6}_queue: fix build errorPatrick McHardy
Reported by Ingo Molnar: net/built-in.o: In function `ip_queue_init': ip_queue.c:(.init.text+0x322c): undefined reference to `net_ipv4_ctl_path' Fix the build error and also handle CONFIG_PROC_FS=n properly. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack: annotate l3protos with constJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_{conntrack,nat}_icmp: constify and annotateJan Engelhardt
Constify a few data tables use const qualifiers on variables where possible in the nf_conntrack_icmp* sources. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_{conntrack,nat}_proto_gre: annotate with constJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_{conntrack,nat}_proto_udp{,lite}: annotate with constJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_{conntrack,nat}_proto_tcp: constify and annotate TCP modulesJan Engelhardt
Constify a few data tables use const qualifiers on variables where possible in the nf_*_proto_tcp sources. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack_sane: annotate SANE helper with constJan Engelhardt
Annotate nf_conntrack_sane variables with const qualifier and remove a few casts. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_{conntrack,nat}_pptp: annotate PPtP helper with constJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_{conntrack,nat}_tftp: annotate TFTP helper with constJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_{conntrack,nat}_sip: annotate SIP helper with constJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helperJan Engelhardt
Constify data tables (predominantly in nf_conntrack_h323_types.c, but also a few in nf_conntrack_h323_asn1.c) and use const qualifiers on variables where possible in the h323 sources. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: x_tables: create per-netns /proc/net/*_tables_*Alexey Dobriyan
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: x_tables: netns propagation for /proc/net/*_tables_namesAlexey Dobriyan
Propagate netns together with AF down to ->start/->next/->stop iterators. Choose table based on netns and AF for showing. Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: x_tables: semi-rewrite of /proc/net/foo_tables_*Alexey Dobriyan
There are many small but still wrong things with /proc/net/*_tables_* so I decided to do overhaul simultaneously making it more suitable for per-netns /proc/net/*_tables_* implementation. Fix a) xt_get_idx() duplicating now standard seq_list_start/seq_list_next iterators b) tables/matches/targets list was chosen again and again on every ->next c) multiple useless "af >= NPROTO" checks -- we simple don't supply invalid AFs there and registration function should BUG_ON instead. Regardless, the one in ->next() is the most useless -- ->next doesn't run at all if ->start fails. d) Don't use mutex_lock_interruptible() -- it can fail and ->stop is executed even if ->start failed, so unlock without lock is possible. As side effect, streamline code by splitting xt_tgt_ops into xt_target_ops, xt_matches_ops, xt_tables_ops. xt_tables_ops hooks will be changed by per-netns code. Code of xt_matches_ops, xt_target_ops is identical except the list chosen for iterating, but I think consolidating code for two files not worth it given "<< 16" hacks needed for it. [Patrick: removed unused enum in x_tables.c] Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: xt_hashlimit match, revision 1Jan Engelhardt
Introduces the xt_hashlimit match revision 1. It adds support for kernel-level inversion and grouping source and/or destination IP addresses, allowing to limit on a per-subnet basis. While this would technically obsolete xt_limit, xt_hashlimit is a more expensive due to the hashbucketing. Kernel-level inversion: Previously you had to do user-level inversion: iptables -N foo iptables -A foo -m hashlimit --hashlimit(-upto) 5/s -j RETURN iptables -A foo -j DROP iptables -A INPUT -j foo now it is simpler: iptables -A INPUT -m hashlimit --hashlimit-over 5/s -j DROP Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack: kill unused static inline (do_iter)Ilpo Järvinen
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: ipt_CLUSTERIP: kill clusterip_config_entry_getIlpo Järvinen
It's unused static inline. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack_netlink: transmit mark during all eventsEric Leblond
The following feature was submitted some months ago. It forces the dump of mark during the connection destruction event. The induced load is quiet small and the patch is usefull to provide an easy way to filter event on user side without having to keep an hash in userspace. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack_h323: clean up code a bitJan Engelhardt
-total: 81 errors, 3 warnings, 876 lines checked +total: 44 errors, 3 warnings, 876 lines checked There is still work to be done, but that's for another patch. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_nat: switch rwlock to spinlockPatrick McHardy
Since we're using RCU, all users of nf_nat_lock take a write_lock. Switch it to a spinlock. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_nat: use RCU for bysource hashPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack: naming unificationPatrick McHardy
Rename all "conntrack" variables to "ct" for more consistency and avoiding some overly long lines. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack: don't inline early_drop()Patrick McHardy
early_drop() is only called *very* rarely, unfortunately gcc inlines it into the hotpath because there is only a single caller. Explicitly mark it noinline. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack: reorder struct nf_conntrack_l4protoPatrick McHardy
Reorder struct nf_conntrack_l4proto so all members used during packet processing are in the same cacheline. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack: optimize hash_conntrack()Patrick McHardy
Avoid calling jhash three times and hash the entire tuple in one go. __hash_conntrack | -485 # 760 -> 275, # inlines: 3 -> 1, size inlines: 717 -> 252 1 function changed, 485 bytes removed Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack: avoid duplicate protocol comparison in ↵Patrick McHardy
nf_ct_tuple_equal() nf_ct_tuple_src_equal() and nf_ct_tuple_dst_equal() both compare the protocol numbers. Unfortunately gcc doesn't optimize out the second comparison, so remove it and prefix both functions with __ to indicate that they should not be used directly. Saves another 16 byte of text in __nf_conntrack_find() on x86_64: nf_conntrack_tuple_taken | -20 # 320 -> 300, size inlines: 181 -> 161 __nf_conntrack_find | -16 # 267 -> 251, size inlines: 127 -> 115 __nf_conntrack_confirm | -40 # 875 -> 835, size inlines: 570 -> 537 3 functions changed, 76 bytes removed Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack: optimize __nf_conntrack_find()Patrick McHardy
Ignoring specific entries in __nf_conntrack_find() is only needed by NAT for nf_conntrack_tuple_taken(). Remove it from __nf_conntrack_find() and make nf_conntrack_tuple_taken() search the hash itself. Saves 54 bytes of text in the hotpath on x86_64: __nf_conntrack_find | -54 # 321 -> 267, # inlines: 3 -> 2, size inlines: 181 -> 127 nf_conntrack_tuple_taken | +305 # 15 -> 320, lexblocks: 0 -> 3, # inlines: 0 -> 3, size inlines: 0 -> 181 nf_conntrack_find_get | -2 # 90 -> 88 3 functions changed, 305 bytes added, 56 bytes removed, diff: +249 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack: switch rwlock to spinlockPatrick McHardy
With the RCU conversion only write_lock usages of nf_conntrack_lock are left (except one read_lock that should actually use write_lock in the H.323 helper). Switch to a spinlock. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack: use RCU for conntrack hashPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack_expect: use RCU for expectation hashPatrick McHardy
Use RCU for expectation hash. This doesn't buy much for conntrack runtime performance, but allows to reduce the use of nf_conntrack_lock for /proc and nf_netlink_conntrack. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack_core: avoid taking nf_conntrack_lock in ↵Patrick McHardy
nf_conntrack_alter_reply The conntrack is unconfirmed, so we have an exclusive reference, which means that the write_lock is definitely unneeded. A read_lock used to be needed for the helper lookup, but since we're using RCU for helpers now rcu_read_lock is enough. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31[NETFILTER]: nf_conntrack: use RCU for conntrack helpersPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>