08 Mar, 2012
22 commits
-
This patch allows you to attach the timeout policy via the
CT target, it adds a new revision of the target to ensure
backward compatibility. Moreover, it also contains the glue
code to stick the timeout object defined via nfnetlink_cttimeout
to the given flow.Example usage (it requires installing the nfct tool and
libnetfilter_cttimeout):1) create the timeout policy:
nfct timeout add tcp-policy0 inet tcp \
established 1000 close 10 time_wait 10 last_ack 102) attach the timeout policy to the packet:
iptables -I PREROUTING -t raw -p tcp -j CT --timeout tcp-policy0
You have to install the following user-space software:
a) libnetfilter_cttimeout:
git://git.netfilter.org/libnetfilter_cttimeoutb) nfct:
git://git.netfilter.org/nfctYou also have to get iptables with -j CT --timeout support.
Signed-off-by: Pablo Neira Ayuso
-
This patch adds the timeout extension, which allows you to attach
specific timeout policies to flows.This extension is only used by the template conntrack.
Signed-off-by: Pablo Neira Ayuso
-
This patch adds the infrastructure to add fine timeout tuning
over nfnetlink. Now you can use the NFNL_SUBSYS_CTNETLINK_TIMEOUT
subsystem to create/delete/dump timeout objects that contain some
specific timeout policy for one flow.The follow up patches will allow you attach timeout policy object
to conntrack via the CT target and the conntrack extension
infrastructure.Signed-off-by: Pablo Neira Ayuso
-
This patch defines a new interface for l4 protocol trackers:
unsigned int *(*get_timeouts)(struct net *net);
that is used to return the array of unsigned int that contains
the timeouts that will be applied for this flow. This is passed
to the l4proto->new(...) and l4proto->packet(...) functions to
specify the timeout policy.This interface allows per-net global timeout configuration
(although only DCCP supports this by now) and it will allow
custom custom timeout configuration by means of follow-up
patches.Signed-off-by: Pablo Neira Ayuso
-
This patch adds an array to define the default GRE timeouts.
Signed-off-by: Pablo Neira Ayuso
-
This patch moves the retransmission and unacknowledged timeouts
to the tcp_timeouts array. This change is required by follow-up
patches.Signed-off-by: Pablo Neira Ayuso
-
Use one array to store the UDP timeouts instead of two variables.
Signed-off-by: Pablo Neira Ayuso
-
net/netfilter/nf_conntrack_proto.c:70 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
3 locks held by conntrack/3235:
nfnl_lock+0x17/0x20
netlink_dump+0x32/0x240
ctnetlink_dump_table+0x3e/0x170 [nf_conntrack_netlink]stack backtrace:
Pid: 3235, comm: conntrack Tainted: G W 3.2.0+ #511
Call Trace:
[] lockdep_rcu_suspicious+0xe5/0x100
[] __nf_ct_l4proto_find+0x81/0xb0 [nf_conntrack]
[] ctnetlink_fill_info+0x215/0x5f0 [nf_conntrack_netlink]
[] ctnetlink_dump_table+0xd1/0x170 [nf_conntrack_netlink]
[] netlink_dump+0x7f/0x240
[] ? trace_hardirqs_on+0xd/0x10
[] netlink_dump_start+0xdf/0x190
[] ? ctnetlink_change_nat_seq_adj+0x160/0x160 [nf_conntrack_netlink]
[] ? ctnetlink_get_conntrack+0x2a0/0x2a0 [nf_conntrack_netlink]
[] ctnetlink_get_conntrack+0x89/0x2a0 [nf_conntrack_netlink]
[] nfnetlink_rcv_msg+0x467/0x5f0
[] ? nfnetlink_rcv_msg+0x49c/0x5f0
[] ? nfnetlink_rcv_msg+0x342/0x5f0
[] ? get_parent_ip+0x11/0x50
[] ? nfnetlink_subsys_register+0x60/0x60
[] netlink_rcv_skb+0xa9/0xd0
[] nfnetlink_rcv+0x15/0x20
[] netlink_unicast+0x1ae/0x1f0
[] netlink_sendmsg+0x2c6/0x320
[] sock_sendmsg+0x117/0x130
[] ? might_fault+0x53/0xb0
[] ? might_fault+0x9c/0xb0
[] ? might_fault+0x53/0xb0
[] ? move_addr_to_kernel+0x71/0x80
[] sys_sendto+0xfe/0x130
[] ? sys_bind+0xb4/0xd0
[] ? retint_swapgs+0xe/0x13
[] system_call_fastpath+0x16/0x1bReported-by: Hans Schillstrom
Signed-off-by: Eric Dumazet
Signed-off-by: Hans Schillstrom -
In 16059b5 netfilter: merge ipt_LOG and ip6_LOG into xt_LOG, we have
merged ipt_LOG and ip6t_LOG.However:
IN=wlan0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
SRC=213.150.61.61 DST=192.168.1.133 LEN=40 TOS=0x00 PREC=0x00 TTL=117
ID=10539 DF PROTO=TCP SPT=80 DPT=49013 WINDOW=0 RES=0x00 ACK RST
URGP=0 PROTO=UDPLITE SPT=80 DPT=49013 LEN=45843 PROTO=ICMP TYPE=0
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^Several missing break in the code led to including bogus layer-4
information. This patch fixes this problem.Signed-off-by: Richard Weinberger
Signed-off-by: Pablo Neira Ayuso -
These two headers are not required anymore, they have been
replaced by xt_SAME.h and xt_realm.h.Florian Westphal pointed out this.
Cc: "David S. Miller"
Cc: Florian Westphal
Signed-off-by: WANG Cong -
* identation lowered
* some CPU cycles saved at delayed item variable initializationSigned-off-by: Tony Zelenoff
Signed-off-by: Pablo Neira Ayuso -
Signed-off-by: Tony Zelenoff
Signed-off-by: Pablo Neira Ayuso -
ipt_LOG and ip6_LOG have a lot of common code, merge them
to reduce duplicate code.Signed-off-by: Richard Weinberger
Signed-off-by: Pablo Neira Ayuso -
This patch allows you to set expectfn which is specifically used
by the NAT side of most of the existing conntrack helpers.I have added a symbol map that uses a string as key to look up for
the function that is attached to the expectation object. This is
the best solution I came out with to solve this issue.Signed-off-by: Pablo Neira Ayuso
-
This patch adds the missing bits to create expectations that
are created in NAT setups. -
This patch allows you to set the expectation class.
Signed-off-by: Pablo Neira Ayuso
-
This patch allow you to set the helper for newly created
expectations based of the CTA_EXPECT_HELP_NAME attribute.
Before this, the helper set was NULL.Signed-off-by: Pablo Neira Ayuso
-
Timed out entries were still matched till the garbage collector
purged them out. The fix is verified in the testsuite.Signed-off-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso -
The "nomatch" keyword and option is added to the hash:*net* types,
by which one can add exception entries to sets. Example:ipset create test hash:net
ipset add test 192.168.0/24
ipset add test 192.168.0/30 nomatchIn this case the IP addresses from 192.168.0/24 except 192.168.0/30
match the elements of the set.Signed-off-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso -
If the set is full, the SET target cannot add more elements.
Log warning so that the admin got notified about it.Signed-off-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso -
iptables's libxt_SET.c depends on these.
Signed-off-by: Jan Engelhardt
Signed-off-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso -
ipset is actually using NFPROTO values rather than AF (xt_set passes
that along).Signed-off-by: Jan Engelhardt
Signed-off-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso
07 Mar, 2012
12 commits
-
This patch includes:
Configure EMAC PHY clock source (clock from PHY or internal clock).
Do not advertise PHY half duplex capability as APM821XX EMAC does not support half duplex mode.
Add changes to support configuring jumbo frame for APM821XX EMAC.
[ Fix coding style -DaveM ]
Signed-off-by: Duc Dang
Signed-off-by: David S. Miller -
This compatible value will be used to distinguish some special features of APM821XX EMAC: no half duplex mode support, configuring jumbo frame.
Signed-off-by: Duc Dang
Signed-off-by: David S. Miller -
Signed-off-by: David S. Miller
-
Fixing sparse warnings, the 2 functions are only used in same
file. Defining them as static and not exporting them.Signed-off-by: Yevgeny Petrilin
Signed-off-by: David S. Miller -
Removing functions that are no longer in use, but still exist
Signed-off-by: Yevgeny Petrilin
Signed-off-by: David S. Miller -
The SET_PORT functions are implemented in port.c, which is part
of mlx4_core, these functions are exported. The functions are in use by
the mlx4_en module (were originally part of mlx4_en).
Their declaration remained in mlx4_en module, moving the declaration to the right location.Signed-off-by: Yevgeny Petrilin
Signed-off-by: David S. Miller -
The mac should be written as __be64 the gid. The warning was because
we changed the mac parameter, which is u64, by writing result of cpu_to_be64
into it. Fixing by using new variable of type __be64.Signed-off-by: Yevgeny Petrilin
Signed-off-by: David S. Miller -
The keys used for the hardware RSS topelitz hash are of type __be32
where the values provided by the driver are from array of u32,
this triggered sparse warning on incorrect type in assignment as of different base types.
Since these values are picked randomly,
the fix is to transform the key to __be32 by executing cpu_to_be_32()Signed-off-by: Yevgeny Petrilin
Signed-off-by: David S. Miller -
The blue flame buffer is defined to be of type void __iomem *
but was passed to mlx4_bf_copy which gets unsigned long * .
This triggered sparse warning on different address spaces,
fix that by changing mlx4_bf_copy first param to be of type void __iomem * .Signed-off-by: Or Gerlitz
Signed-off-by: David S. Miller -
Fix sparse warnings on incompatibility between the endianess of the ctrl_flags
field of struct mlx4_en_priv to the srcrb_flags field of struct
mlx4_wqe_ctrl_seg by changing the former to be __be32 instead of u32.Signed-off-by: Or Gerlitz
Signed-off-by: David S. Miller -
Localized the pdev->dev, and using dma_map instead of pci_map
There are multiple map/unmap operations on data path,
optimizing those by saving redundant pointer access.
Those places were identified as hot-spots when running kernel profiling
during some benchmarks.
The fixes had most impact when testing packet rate with small packets,
reducing several % from CPU load, and in some case being the difference
between reaching wire speed or being CPU bound.Signed-off-by: Yevgeny Petrilin
Signed-off-by: David S. Miller -
Silence the following warning:
"warn: returning -1 instead of -ENOMEM is sloppy".Signed-off-by: Santosh Nayak
Signed-off-by: David S. Miller
06 Mar, 2012
6 commits
-
Switch to use ndo_get_stats64 to get 64bit statistics.
Two sync entries are used (one for Rx and one for Tx).Signed-off-by: Junchang Wang
Signed-off-by: David S. Miller -
Conflicts:
drivers/net/vmxnet3/vmxnet3_drv.cSmall vmxnet3 conflict with header size bug fix in 'net'.
Signed-off-by: David S. Miller
-
Pull perf fixes from Ingo Molnar:
"It contains three cherry-picked fixes from perf/core, which turned out
to be more urgent than we originally thought."* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf tools: Handle kernels that don't support attr.exclude_{guest,host}
perf tools: Change perf_guest default back to false
perf record: No build id option fails -
USB: revert a powerpc EHCI patch
There is just one patch in here, a revert of a powerpc EHCI driver
patch that was reported to cause problems.Signed-off-by: Greg Kroah-Hartman
* tag 'usb-3.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
Revert "powerpc/usb: fix issue of CPU halt when missing USB PHY clock" -
tty: build fix for 3.3-rc6
This contains one build fix for the powerpc udbg driver that was reported.
Signed-off-by: Greg Kroah-Hartman
* tag 'tty-3.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
tty/powerpc: early udbg consoles can't be modules -
Pull md fixes from Neil Brown:
"Three fixes for md in 3.3-rc: Two relate to the recently added drive
replacement. One fixes the problem where a read error in RAID10 would
sometimes be retried indefinitely."* tag 'md-3.3-fixes' of git://neil.brown.name/md:
md/raid10: fix assembling of arrays with replacement devices.
md/raid10: fix handling of error on last working device in array.
md/raid1: fix buglet in md_raid1_contested.
