23 Nov, 2011
1 commit
-
C assignment can handle struct in6_addr copying.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
23 Apr, 2011
1 commit
-
Add const qualifiers to structs iphdr, ipv6hdr and in6_addr pointers
where possible, to make code intention more obvious.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
13 Mar, 2011
5 commits
-
Signed-off-by: David S. Miller
-
Signed-off-by: David S. Miller
-
Signed-off-by: David S. Miller
-
Create two sets of port member accessors, one set prefixed by fl4_*
and the other prefixed by fl6_*This will let us to create AF optimal flow instances.
It will work because every context in which we access the ports,
we have to be fully aware of which AF the flowi is anyways.Signed-off-by: David S. Miller
-
I intend to turn struct flowi into a union of AF specific flowi
structs. There will be a common structure that each variant includes
first, much like struct sock_common.This is the first step to move in that direction.
Signed-off-by: David S. Miller
02 Mar, 2011
1 commit
-
That way we don't have to potentially do this in every xfrm_lookup()
caller.Signed-off-by: David S. Miller
24 Feb, 2011
1 commit
-
Signed-off-by: David S. Miller
23 Feb, 2011
2 commits
-
Signed-off-by: David S. Miller
-
Signed-off-by: David S. Miller
27 Jan, 2011
2 commits
-
Routing metrics are now copy-on-write.
Initially a route entry points it's metrics at a read-only location.
If a routing table entry exists, it will point there. Else it will
point at the all zero metric place-holder called 'dst_default_metrics'.The writeability state of the metrics is stored in the low bits of the
metrics pointer, we have two bits left to spare if we want to store
more states.For the initial implementation, COW is implemented simply via kmalloc.
However future enhancements will change this to place the writable
metrics somewhere else, in order to increase sharing. Very likely
this "somewhere else" will be the inetpeer cache.Note also that this means that metrics updates may transiently fail
if we cannot COW the metrics successfully.But even by itself, this patch should decrease memory usage and
increase cache locality especially for routing workloads. In those
cases the read-only metric copies stay in place and never get written
to.TCP workloads where metrics get updated, and those rare cases where
PMTU triggers occur, will take a very slight performance hit. But
that hit will be alleviated when the long-term writable metrics
move to a more sharable location.Since the metrics storage went from a u32 array of RTAX_MAX entries to
what is essentially a pointer, some retooling of the dst_entry layout
was necessary.Most importantly, we need to preserve the alignment of the reference
count so that it doesn't share cache lines with the read-mostly state,
as per Eric Dumazet's alignment assertion checks.The only non-trivial bit here is the move of the 'flags' member into
the writeable cacheline. This is OK since we are always accessing the
flags around the same moment when we made a modification to the
reference count.Signed-off-by: David S. Miller
-
Like ipv4, we have to propagate the ipv6 route peer into
the ipsec top-level route during instantiation.Signed-off-by: David S. Miller
12 Oct, 2010
1 commit
-
struct dst_ops tracks number of allocated dst in an atomic_t field,
subject to high cache line contention in stress workload.Switch to a percpu_counter, to reduce number of time we need to dirty a
central location. Place it on a separate cache line to avoid dirtying
read only fields.Stress test :
(Sending 160.000.000 UDP frames,
IP route cache disabled, dual E5540 @2.53GHz,
32bit kernel, FIB_TRIE, SLUB/NUMA)Before:
real 0m51.179s
user 0m15.329s
sys 10m15.942sAfter:
real 0m45.570s
user 0m15.525s
sys 9m56.669sWith a small reordering of struct neighbour fields, subject of a
following patch, (to separate refcnt from other read mostly fields)real 0m41.841s
user 0m15.261s
sys 8m45.949sSigned-off-by: Eric Dumazet
Signed-off-by: David S. Miller
24 Sep, 2010
1 commit
-
Change "return (EXPR);" to "return EXPR;"
return is not a function, parentheses are not required.
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
05 Jul, 2010
1 commit
-
While using xfrm by MARK feature in
2.6.34 - 2.6.35 kernels, the mark
is always cleared in flowi structure via memset in
_decode_session4 (net/ipv4/xfrm4_policy.c), so
the policy lookup fails.
IPv6 code is affected by this bug too.Signed-off-by: Peter Kosyh
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller
28 Apr, 2010
1 commit
-
Conflicts:
drivers/net/e100.c
drivers/net/e1000e/netdev.c
22 Apr, 2010
1 commit
-
When building a bundle, we set dst.dev and rt6.rt6i_idev.
We must ensure to set the same device for both fields.Signed-off-by: Nicolas Dichtel
Signed-off-by: David S. Miller
07 Apr, 2010
1 commit
-
__xfrm_lookup() is called for each packet transmitted out of
system. The xfrm_find_bundle() does a linear search which can
kill system performance depending on how many bundles are
required per policy.This modifies __xfrm_lookup() to store bundles directly in
the flow cache. If we did not get a hit, we just create a new
bundle instead of doing slow search. This means that we can now
get multiple xfrm_dst's for same flow (on per-cpu basis).Signed-off-by: Timo Teras
Signed-off-by: David S. Miller
03 Mar, 2010
1 commit
-
When I merged the bundle creation code, I introduced a bogus
flowi value in the bundle. Instead of getting from the caller,
it was instead set to the flow in the route object, which is
totally different.The end result is that the bundles we created never match, and
we instead end up with an ever growing bundle list.Thanks to Jamal for find this problem.
Reported-by: Jamal Hadi Salim
Signed-off-by: Herbert Xu
Acked-by: Steffen Klassert
Acked-by: Jamal Hadi Salim
Signed-off-by: David S. Miller
25 Jan, 2010
1 commit
-
GC is non-existent in netns, so after you hit GC threshold, no new
dst entries will be created until someone triggers cleanup in init_net.Make xfrm4_dst_ops and xfrm6_dst_ops per-netns.
This is not done in a generic way, because it woule waste
(AF_MAX - 2) * sizeof(struct dst_ops) bytes per-netns.Reorder GC threshold initialization so it'd be done before registering
XFRM policies.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
12 Nov, 2009
1 commit
-
Now that sys_sysctl is a compatiblity wrapper around /proc/sys
all sysctl strategy routines, and all ctl_name and strategy
entries in the sysctl tables are unused, and can be
revmoed.In addition neigh_sysctl_register has been modified to no longer
take a strategy argument and it's callers have been modified not
to pass one.Cc: "David Miller"
Cc: Hideaki YOSHIFUJI
Cc: netdev@vger.kernel.org
Signed-off-by: Eric W. Biederman
05 Aug, 2009
1 commit
-
Same as how Randy Dunlap fixed the ipv4 side of things.
Signed-off-by: David S. Miller
31 Jul, 2009
1 commit
-
Choose saner defaults for xfrm[4|6] gc_thresh values on init
Currently, the xfrm[4|6] code has hard-coded initial gc_thresh values
(set to 1024). Given that the ipv4 and ipv6 routing caches are sized
dynamically at boot time, the static selections can be non-sensical.
This patch dynamically selects an appropriate gc threshold based on
the corresponding main routing table size, using the assumption that
we should in the worst case be able to handle as many connections as
the routing table can.For ipv4, the maximum route cache size is 16 * the number of hash
buckets in the route cache. Given that xfrm4 starts garbage
collection at the gc_thresh and prevents new allocations at 2 *
gc_thresh, we set gc_thresh to half the maximum route cache size.For ipv6, its a bit trickier. there is no maximum route cache size,
but the ipv6 dst_ops gc_thresh is statically set to 1024. It seems
sane to select a simmilar gc_thresh for the xfrm6 code that is half
the number of hash buckets in the v6 route cache times 16 (like the v4
code does).Signed-off-by: Neil Horman
Signed-off-by: David S. Miller
28 Jul, 2009
1 commit
-
Export garbage collector thresholds for xfrm[4|6]_dst_ops
Had a problem reported to me recently in which a high volume of ipsec
connections on a system began reporting ENOBUFS for new connections
eventually.It seemed that after about 2000 connections we started being unable to
create more. A quick look revealed that the xfrm code used a dst_ops
structure that limited the gc_thresh value to 1024, and always
dropped route cache entries after 2x the gc_thresh.It seems the most direct solution is to export the gc_thresh values in
the xfrm[4|6] dst_ops as sysctls, like the main routing table does, so
that higher volumes of connections can be supported. This patch has
been tested and allows the reporter to increase their ipsec connection
volume successfully.Reported-by: Joe Nall
Signed-off-by: Neil Hormanipv4/xfrm4_policy.c | 18 ++++++++++++++++++
ipv6/xfrm6_policy.c | 18 ++++++++++++++++++
2 files changed, 36 insertions(+)
Signed-off-by: David S. Miller
04 Jul, 2009
1 commit
-
The SCTP pushed the skb above the sctp chunk header, so the
check of pskb_may_pull(skb, nh + offset + 1 - skb->data) in
_decode_session6() will never return 0 and the ports decode
of sctp will always fail. (nh + offset + 1 - skb->data < 0)Signed-off-by: Wei Yongjun
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
01 Feb, 2009
1 commit
-
Base versions handle constant folding now.
Signed-off-by: Harvey Harrison
Signed-off-by: David S. Miller
26 Nov, 2008
3 commits
-
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Pass netns pointer to struct xfrm_policy_afinfo::garbage_collect()
[This needs more thoughts on what to do with dst_ops]
[Currently stub to init_net]Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
12 Nov, 2008
1 commit
-
Unused after kmem_cache_zalloc() conversion.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
02 Nov, 2008
1 commit
-
RFC4301 Section 7.1 says:
"7.1. Tunnel Mode SAs that Carry Initial and Non-Initial Fragments
All implementations MUST support tunnel mode SAs that are configured
to pass traffic without regard to port field (or ICMP type/code or
Mobility Header type) values. If the SA will carry traffic for
specified protocols, the selector set for the SA MUST specify the
port fields (or ICMP type/code or Mobility Header type) as ANY. An
SA defined in this fashion will carry all traffic including initial
and non-initial fragments for the indicated Local/Remote addresses
and specified Next Layer protocol(s)."But for IPv6, fragment is treated as a protocol. This change catches
protocol transported in fragmented packet. In IPv4, there is no
problem.Signed-off-by: Nicolas Dichtel
Signed-off-by: David S. Miller
15 Aug, 2008
1 commit
-
ipv6_dev_get_saddr() blindly de-references dst_dev to get the network
namespace, but some callers might pass NULL. Change callers to pass a
namespace pointer instead.Signed-off-by: Brian Haley
Signed-off-by: David S. Miller
26 Mar, 2008
1 commit
-
Introduce per-net_device inlines: dev_net(), dev_net_set().
Without CONFIG_NET_NS, no namespace other than &init_net exists.
Let's explicitly define them to help compiler optimizations.Signed-off-by: YOSHIFUJI Hideaki
25 Mar, 2008
1 commit
-
Signed-off-by: YOSHIFUJI Hideaki
06 Mar, 2008
1 commit
-
Add an netns parameter to ip6_route_output. That will allow to access
to the right routing table for outgoing traffic.Signed-off-by: Daniel Lezcano
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller
04 Mar, 2008
1 commit
-
Since most users of ipv6_get_saddr() pass non-NULL as
dst argument, use ipv6_dev_get_saddr() directly.Signed-off-by: YOSHIFUJI Hideaki
01 Feb, 2008
1 commit
-
All but one struct dst_ops static initializations miss explicit
initialization of entries field.As this field is atomic_t, we should use ATOMIC_INIT(0), and not
rely on atomic_t implementation.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
29 Jan, 2008
2 commits
-
The garbage collection function receive the dst_ops structure as
parameter. This is useful for the next incoming patchset because it
will need the dst_ops (there will be several instances) and the
network namespace pointer (contained in the dst_ops).The protocols which do not take care of the namespaces will not be
impacted by this change (expect for the function signature), they do
just ignore the parameter.Signed-off-by: Daniel Lezcano
Signed-off-by: David S. Miller -
IPv6 specific thing is wrongly removed from transformation at net-2.6.25.
This patch recovers it with current design.o Update "path" of xfrm_dst since IPv6 transformation should
care about routing changes. It is required by MIPv6 and
off-link destined IPsec.
o Rename nfheader_len which is for non-fragment transformation used by
MIPv6 to rt6i_nfheader_len as IPv6 name space.Signed-off-by: Masahide NAKAMURA
Acked-by: Herbert Xu
Signed-off-by: David S. Miller