summaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2010-03-25netfilter: xtables: change targets to return error codeJan Engelhardt
Part of the transition of done by this semantic patch: // <smpl> @ rule1 @ struct xt_target ops; identifier check; @@ ops.checkentry = check; @@ identifier rule1.check; @@ check(...) { <... -return true; +return 0; ...> } @@ identifier rule1.check; @@ check(...) { <... -return false; +return -EINVAL; ...> } // </smpl> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: xtables: change matches to return error codeJan Engelhardt
The following semantic patch does part of the transformation: // <smpl> @ rule1 @ struct xt_match ops; identifier check; @@ ops.checkentry = check; @@ identifier rule1.check; @@ check(...) { <... -return true; +return 0; ...> } @@ identifier rule1.check; @@ check(...) { <... -return false; +return -EINVAL; ...> } // </smpl> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: xtables: change xt_target.checkentry return typeJan Engelhardt
Restore function signatures from bool to int so that we can report memory allocation failures or similar using -ENOMEM rather than always having to pass -EINVAL back. // <smpl> @@ type bool; identifier check, par; @@ -bool check +int check (struct xt_tgchk_param *par) { ... } // </smpl> Minus the change it does to xt_ct_find_proto. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: xtables: change xt_match.checkentry return typeJan Engelhardt
Restore function signatures from bool to int so that we can report memory allocation failures or similar using -ENOMEM rather than always having to pass -EINVAL back. This semantic patch may not be too precise (checking for functions that use xt_mtchk_param rather than functions referenced by xt_match.checkentry), but reviewed, it produced the intended result. // <smpl> @@ type bool; identifier check, par; @@ -bool check +int check (struct xt_mtchk_param *par) { ... } // </smpl> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: xtables: untangle spaghetti if clauses in checkentryJan Engelhardt
As I'm changing the return values soon, I want to have a clear visual path. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: ipvs: use NFPROTO values for NF_HOOK invocationJan Engelhardt
Semantic patch: // <smpl> @@ @@ IP_VS_XMIT( -PF_INET6, +NFPROTO_IPV6, ...) @@ @@ IP_VS_XMIT( -PF_INET, +NFPROTO_IPV4, ...) // </smpl> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: decnet: use NFPROTO values for NF_HOOK invocationJan Engelhardt
The semantic patch used was: // <smpl> @@ @@ NF_HOOK( -PF_DECnet, +NFPROTO_DECNET, ...) // </smpl> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: ipv6: use NFPROTO values for NF_HOOK invocationJan Engelhardt
The semantic patch that was used: // <smpl> @@ @@ (NF_HOOK |NF_HOOK_THRESH |nf_hook )( -PF_INET6, +NFPROTO_IPV6, ...) // </smpl> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: ipv4: use NFPROTO values for NF_HOOK invocationJan Engelhardt
The semantic patch that was used: // <smpl> @@ @@ (NF_HOOK |NF_HOOK_COND |nf_hook )( -PF_INET, +NFPROTO_IPV4, ...) // </smpl> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: bridge: use NFPROTO values for NF_HOOK invocationJan Engelhardt
The first argument to NF_HOOK* is an nfproto since quite some time. Commit v2.6.27-2457-gfdc9314 was the first to practically start using the new names. Do that now for the remaining NF_HOOK calls. The semantic patch used was: // <smpl> @@ @@ (NF_HOOK |NF_HOOK_THRESH )( -PF_BRIDGE, +NFPROTO_BRIDGE, ...) @@ @@ NF_HOOK( -PF_INET6, +NFPROTO_IPV6, ...) @@ @@ NF_HOOK( -PF_INET, +NFPROTO_IPV4, ...) // </smpl> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: xt_recent: allow changing ip_list_[ug]id at runtimeJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: xtables: consolidate code into xt_request_find_matchJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: xtables: make use of xt_request_find_targetJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: xt extensions: use pr_<level> (2)Jan Engelhardt
Supplement to 1159683ef48469de71dc26f0ee1a9c30d131cf89. Downgrade the log level to INFO for most checkentry messages as they are, IMO, just an extra information to the -EINVAL code that is returned as part of a parameter "constraint violation". Leave errors to real errors, such as being unable to create a LED trigger. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-25netfilter: xtables: make use of caller family rather than target familyJan Engelhardt
Supplement to aa5fa3185791aac71c9172d4fda3e8729164b5d1. The semantic patch for this change is: // <smpl> @@ struct xt_target_param *par; @@ -par->target->family +par->family @@ struct xt_tgchk_param *par; @@ -par->target->family +par->family @@ struct xt_tgdtor_param *par; @@ -par->target->family +par->family // </smpl> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-19netfilter: remove unused headers in net/ipv4/netfilter/nf_nat_h323.cZhitong Wang
Remove unused headers in net/ipv4/netfilter/nf_nat_h323.c Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-03-19netfilter: remove unused headers in net/ipv6/netfilter/ip6t_LOG.cZhitong Wang
Remove unused headers in net/ipv6/netfilter/ip6t_LOG.c Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-03-18netfilter: xt extensions: use pr_<level>Jan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-18netfilter: xtables: replace custom duprintf with pr_debugJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-18netfilter: xtables: do not print any messages on ENOMEMJan Engelhardt
ENOMEM is a very obvious error code (cf. EINVAL), so I think we do not really need a warning message. Not to mention that if the allocation fails, the user is most likely going to get a stack trace from slab already. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-18netfilter: xtables: remove almost-unused xt_match_param.data memberJan Engelhardt
This member is taking up a "long" per match, yet is only used by one module out of the roughly 90 modules, ip6t_hbh. ip6t_hbh can be restructured a little to accomodate for the lack of the .data member. This variant uses checking the par->match address, which should avoid having to add two extra functions, including calls, i.e. (hbh_mt6: call hbhdst_mt6(skb, par, NEXTHDR_OPT), dst_mt6: call hbhdst_mt6(skb, par, NEXTHDR_DEST)) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-18netfilter: xtables: make use of caller family rather than match familyJan Engelhardt
The matches can have .family = NFPROTO_UNSPEC, and though that is not the case for the touched modules, it seems better to just use the nfproto from the caller. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-18netfilter: xtables: resort osf kconfig textJan Engelhardt
Restore alphabetical ordering of the list and put the xt_osf option into its 'right' place again. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-18netfilter: xtables: limit xt_mac to ethernet devicesJan Engelhardt
I do not see a point of allowing the MAC module to work with devices that don't possibly have one, e.g. various tunnel interfaces such as tun and sit. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-18netfilter: xtables: clean up xt_mac match routineJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-18netfilter: xtables: do without explicit XT_ALIGNJan Engelhardt
XT_ALIGN is already applied on matchsize/targetsize in x_tables.c, so it is not strictly needed in the extensions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-18Merge branch 'master' of ../nf-2.6Patrick McHardy
2010-03-17netfilter: remove unused headers in net/netfilter/nfnetlink.cZhitong Wang
Remove unused headers in net/netfilter/nfnetlink.c Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-03-17netfilter: xt_recent: check for unsupported user space flagsTim Gardner
Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-03-17netfilter: xt_recent: add an entry reaperTim Gardner
One of the problems with the way xt_recent is implemented is that there is no efficient way to remove expired entries. Of course, one can write a rule '-m recent --remove', but you have to know beforehand which entry to delete. This commit adds reaper logic which checks the head of the LRU list when a rule is invoked that has a '--seconds' value and XT_RECENT_REAP set. If an entry ceases to accumulate time stamps, then it will eventually bubble to the top of the LRU list where it is then reaped. Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-03-17netfilter: xt_recent: remove old proc directoryJan Engelhardt
The compat option was introduced in October 2008. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-17netfilter: xt_recent: update descriptionJan Engelhardt
It had IPv6 for quite a while already :-) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-17netfilter: ebt_ip6: add principal maintainer in a MODULE_AUTHOR tagJan Engelhardt
Cc: Kuo-Lang Tseng <kuo-lang.tseng@intel.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-17netfilter: update my email addressJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-17netfilter: xtables: merge xt_CONNMARK into xt_connmarkJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-17netfilter: xtables: merge xt_MARK into xt_markJan Engelhardt
Two arguments for combining the two: - xt_mark is pretty useless without xt_MARK - the actual code is so small anyway that the kmod metadata and the module in its loaded state totally outweighs the combined actual code size. i586-before: -rw-r--r-- 1 jengelh users 3821 Feb 10 01:01 xt_MARK.ko -rw-r--r-- 1 jengelh users 2592 Feb 10 00:04 xt_MARK.o -rw-r--r-- 1 jengelh users 3274 Feb 10 01:01 xt_mark.ko -rw-r--r-- 1 jengelh users 2108 Feb 10 00:05 xt_mark.o text data bss dec hex filename 354 264 0 618 26a xt_MARK.o 223 176 0 399 18f xt_mark.o And the runtime size is like 14 KB. i586-after: -rw-r--r-- 1 jengelh users 3264 Feb 18 17:28 xt_mark.o Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-17netfilter: xtables: add comment markers to Xtables KconfigJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-17netfilter: xt_NFQUEUE: consolidate v4/v6 targets into oneJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-17netfilter: xt_CT: par->family is an nfprotoJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
2010-03-16net: convert multiple drivers to use netdev_for_each_mc_addr, part7Jiri Pirko
In mlx4, using char * to store mc address in private structure instead. Signed-off-by: Jiri Pirko <jpirko@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-03-16tipc: Allow retransmission of cloned buffersNeil Horman
Forward port commit fc477e160af086f6e30c3d4fdf5f5c000d29beb5 from git://tipc.cslab.ericsson.net/pub/git/people/allan/tipc.git Origional commit message: Allow retransmission of cloned buffers This patch fixes an issue with TIPC's message retransmission logic that prevented retransmission of clone sk_buffs. Originally intended as a means of avoiding wasted work in retransmitting messages that were still on the driver's outbound queue, it also prevented TIPC from retransmitting messages through other means -- such as the secondary bearer of the broadcast link, or another interface in a set of bonded interfaces. This fix removes existing checks for cloned sk_buffs that prevented such retransmission. Origionally-Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-03-16tipc: Increase frequency of load distribution over broadcast linkNeil Horman
Forward port commit 29eb572941501c40ac6e62dbc5043bf9ee76ee56 from git://tipc.cslab.ericsson.net/pub/git/people/allan/tipc.git Origional commit message: Increase frequency of load distribution over broadcast link This patch enhances the behavior of TIPC's broadcast link so that it alternates between redundant bearers (if available) after every message sent, rather than after every 10 messages. This change helps to speed up delivery of retransmitted messages by ensuring that they are not sent repeatedly over a bearer that is no longer working, but not yet recognized as failed. Tested by myself in the latest net-2.6 tree using the tipc sanity test suite Origionally-signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Neil Horman <nhorman@tuxdriver.com> bcast.c | 35 ++++++++++++++--------------------- 1 file changed, 14 insertions(+), 21 deletions(-) Signed-off-by: David S. Miller <davem@davemloft.net>
2010-03-16net: core: add IFLA_STATS64 supportJan Engelhardt
`ip -s link` shows interface counters truncated to 32 bit. This is because interface statistics are transported only in 32-bit quantity to userspace. This commit adds a new IFLA_STATS64 attribute that exports them in full 64 bit. References: http://lkml.indiana.edu/hypermail/linux/kernel/0307.3/0215.html Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-03-16net: tcp: make veno selectable as default congestion moduleJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-03-16net: tcp: make hybla selectable as default congestion moduleJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-03-16net: remove rcu locking from fib_rules_event()Eric Dumazet
We hold RTNL at this point and dont use RCU variants of list traversals, we dont need rcu_read_lock()/rcu_read_unlock() Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-03-16bridge: per-cpu packet statistics (v3)stephen hemminger
The shared packet statistics are a potential source of slow down on bridged traffic. Convert to per-cpu array, but only keep those statistics which change per-packet. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-03-16rps: Receive Packet SteeringTom Herbert
This patch implements software receive side packet steering (RPS). RPS distributes the load of received packet processing across multiple CPUs. Problem statement: Protocol processing done in the NAPI context for received packets is serialized per device queue and becomes a bottleneck under high packet load. This substantially limits pps that can be achieved on a single queue NIC and provides no scaling with multiple cores. This solution queues packets early on in the receive path on the backlog queues of other CPUs. This allows protocol processing (e.g. IP and TCP) to be performed on packets in parallel. For each device (or each receive queue in a multi-queue device) a mask of CPUs is set to indicate the CPUs that can process packets. A CPU is selected on a per packet basis by hashing contents of the packet header (e.g. the TCP or UDP 4-tuple) and using the result to index into the CPU mask. The IPI mechanism is used to raise networking receive softirqs between CPUs. This effectively emulates in software what a multi-queue NIC can provide, but is generic requiring no device support. Many devices now provide a hash over the 4-tuple on a per packet basis (e.g. the Toeplitz hash). This patch allow drivers to set the HW reported hash in an skb field, and that value in turn is used to index into the RPS maps. Using the HW generated hash can avoid cache misses on the packet when steering it to a remote CPU. The CPU mask is set on a per device and per queue basis in the sysfs variable /sys/class/net/<device>/queues/rx-<n>/rps_cpus. This is a set of canonical bit maps for receive queues in the device (numbered by <n>). If a device does not support multi-queue, a single variable is used for the device (rx-0). Generally, we have found this technique increases pps capabilities of a single queue device with good CPU utilization. Optimal settings for the CPU mask seem to depend on architectures and cache hierarcy. Below are some results running 500 instances of netperf TCP_RR test with 1 byte req. and resp. Results show cumulative transaction rate and system CPU utilization. e1000e on 8 core Intel Without RPS: 108K tps at 33% CPU With RPS: 311K tps at 64% CPU forcedeth on 16 core AMD Without RPS: 156K tps at 15% CPU With RPS: 404K tps at 49% CPU bnx2x on 16 core AMD Without RPS 567K tps at 61% CPU (4 HW RX queues) Without RPS 738K tps at 96% CPU (8 HW RX queues) With RPS: 854K tps at 76% CPU (4 HW RX queues) Caveats: - The benefits of this patch are dependent on architecture and cache hierarchy. Tuning the masks to get best performance is probably necessary. - This patch adds overhead in the path for processing a single packet. In a lightly loaded server this overhead may eliminate the advantages of increased parallelism, and possibly cause some relative performance degradation. We have found that masks that are cache aware (share same caches with the interrupting CPU) mitigate much of this. - The RPS masks can be changed dynamically, however whenever the mask is changed this introduces the possibility of generating out of order packets. It's probably best not change the masks too frequently. Signed-off-by: Tom Herbert <therbert@google.com> include/linux/netdevice.h | 32 ++++- include/linux/skbuff.h | 3 + net/core/dev.c | 335 +++++++++++++++++++++++++++++++++++++-------- net/core/net-sysfs.c | 225 ++++++++++++++++++++++++++++++- net/core/skbuff.c | 2 + 5 files changed, 538 insertions(+), 59 deletions(-) Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-03-16RDS: Enable per-cpu workqueue threadsTina Yang
Create per-cpu workqueue threads instead of a single krdsd thread. This is a step towards better scalability. Signed-off-by: Andy Grover <andy.grover@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-03-16RDS: Do not call set_page_dirty() with irqs offAndy Grover
set_page_dirty() unconditionally re-enables interrupts, so if we call it with irqs off, they will be on after the call, and that's bad. This patch moves the call after we've re-enabled interrupts in send_drop_to(), so it's safe. Also, add BUG_ONs to let us know if we ever do call set_page_dirty with interrupts off. Signed-off-by: Andy Grover <andy.grover@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>