11 Oct, 2007
3 commits
-
Background: RFC 4293 deprecates existing individual, named ICMP
type counters to be replaced with the ICMPMsgStatsTable. This table
includes entries for both IPv4 and IPv6, and requires counting of all
ICMP types, whether or not the machine implements the type.These patches "remove" (but not really) the existing counters, and
replace them with the ICMPMsgStats tables for v4 and v6.
It includes the named counters in the /proc places they were, but gets the
values for them from the new tables. It also counts packets generated
from raw socket output (e.g., OutEchoes, MLD queries, RA's from
radvd, etc).Changes:
1) create icmpmsg_statistics mib
2) create icmpv6msg_statistics mib
3) modify existing counters to use these
4) modify /proc/net/snmp to add "IcmpMsg" with all ICMP types
listed by number for easy SNMP parsing
5) modify /proc/net/snmp printing for "Icmp" to get the named data
from new counters.Signed-off-by: David L Stevens
Signed-off-by: David S. Miller -
Signed-off-by: Denis Cheng
Signed-off-by: David S. Miller -
This patch passes in the namespace a new socket should be created in
and has the socket code do the appropriate reference counting. By
virtue of this all socket create methods are touched. In addition
the socket create methods are modified so that they will fail if
you attempt to create a socket in a non-default network namespace.Failing if we attempt to create a socket outside of the default
network namespace ensures that as we incrementally make the network stack
network namespace aware we will not export functionality that someone
has not audited and made certain is network namespace safe.
Allowing us to partially enable network namespaces before all of the
exotic protocols are supported.Any protocol layers I have missed will fail to compile because I now
pass an extra parameter into the socket creation code.[ Integrated AF_IUCV build fixes from Andrew Morton... -DaveM ]
Signed-off-by: Eric W. Biederman
Signed-off-by: David S. Miller
03 Aug, 2007
1 commit
-
As discovered by Evegniy Polyakov, if we try to sendmsg after
a connection reset, we can do incredibly stupid things.The core issue is that inet_sendmsg() tries to autobind the
socket, but we should never do that for TCP. Instead we should
just go straight into TCP's sendmsg() code which will do all
of the necessary state and pending socket error checks.TCP's sendpage already directly vectors to tcp_sendpage(), so this
merely brings sendmsg() in line with that.Signed-off-by: David S. Miller
11 Jul, 2007
1 commit
-
The existing model for checksum offload does not correctly handle
devices that can offload IPV4 and IPV6 only. The NETIF_F_HW_CSUM flag
implies device can do any arbitrary protocol.This patch:
* adds NETIF_F_IPV6_CSUM for those devices
* fixes bnx2 and tg3 devices that need it
* add NETIF_F_IPV6_CSUM to ipv6 output (incl GSO)
* fixes assumptions about NETIF_F_ALL_CSUM in nat
* adjusts bridge union of checksumming computationSigned-off-by: David S. Miller
09 May, 2007
1 commit
-
Remove includes of where it is not used/needed.
Suggested by Al Viro.Builds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc,
sparc64, and arm (all 59 defconfigs).Signed-off-by: Randy Dunlap
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
26 Apr, 2007
9 commits
-
This patch moves the SNMP code shared between IPv4/IPv6 from proc.c
into net/ipv4/af_inet.c. This makes sense because these functions
aren't specific to /proc.As a result we can again skip proc.o if /proc is disabled.
Signed-off-by: Herbert Xu
Acked-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
This also fixes memory leak in error path.
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
There is a very tiny probability that build_ehash_secret() is called
at the same time by different CPUS.Also, using __read_mostly is a must for inet_ehash_secret
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
The days are gone when this was not an issue, there are folks out
there with huge bot networks that can be used to attack the
established hash tables on remote systems.So just like the routing cache and connection tracking
hash, use Jenkins hash with random secret input.Signed-off-by: David S. Miller
-
For the common, open coded 'skb->h.raw = skb->data' operation, so that we can
later turn skb->h.raw into a offset, reducing the size of struct sk_buff in
64bit land while possibly keeping it as a pointer on 32bit.This one touches just the most simple cases:
skb->h.raw = skb->data;
skb->h.raw = {skb_push|[__]skb_pull}()The next ones will handle the slightly more "complex" cases.
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
For the places where we need a pointer to the network header, it is still legal
to touch skb->nh.raw directly if just adding to, subtracting from or setting it
to another layer header.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
Add whitespace around keywords.
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Now network timestamps use ktime_t infrastructure, we can add a new
ioctl() SIOCGSTAMPNS command to get timestamps in 'struct timespec'.
User programs can thus access to nanosecond resolution.Signed-off-by: Eric Dumazet
CC: Stephen Hemminger
Signed-off-by: David S. Miller
11 Feb, 2007
1 commit
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
09 Feb, 2007
1 commit
-
Do this even for non-blocking sockets. This avoids the silly -EAGAIN
that applications can see now, even for non-blocking sockets in some
cases (f.e. connect()).With help from Venkat Tekkirala.
Signed-off-by: David S. Miller
10 Jan, 2007
1 commit
-
A quick patch to change the inet_sock->is_icsk assignment to better fit with
existing kernel coding style.Signed-off-by: Paul Moore
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller
09 Jan, 2007
1 commit
-
The inet_create() and inet6_create() functions incorrectly set the
inet_sock->is_icsk field. Both functions assume that the is_icsk field is
large enough to hold at least a INET_PROTOSW_ICSK value when it is actually
only a single bit. This patch corrects the assignment by doing a boolean
comparison whose result will safely fit into a single bit field.Signed-off-by: Paul Moore
Signed-off-by: David S. Miller
03 Dec, 2006
3 commits
-
Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
This is a revision of the previously submitted patch, which alters
the way files are organized and compiled in the following manner:* UDP and UDP-Lite now use separate object files
* source file dependencies resolved via header files
net/ipv{4,6}/udp_impl.h
* order of inclusion files in udp.c/udplite.c adapted
accordingly[NET/IPv4]: Support for the UDP-Lite protocol (RFC 3828)
This patch adds support for UDP-Lite to the IPv4 stack, provided as an
extension to the existing UDPv4 code:
* generic routines are all located in net/ipv4/udp.c
* UDP-Lite specific routines are in net/ipv4/udplite.c
* MIB/statistics support in /proc/net/snmp and /proc/net/udplite
* shared API with extensions for partial checksum coverage[NET/IPv6]: Extension for UDP-Lite over IPv6
It extends the existing UDPv6 code base with support for UDP-Lite
in the same manner as per UDPv4. In particular,
* UDPv6 generic and shared code is in net/ipv6/udp.c
* UDP-Litev6 specific extensions are in net/ipv6/udplite.c
* MIB/statistics support in /proc/net/snmp6 and /proc/net/udplite6
* support for IPV6_ADDRFORM
* aligned the coding style of protocol initialisation with af_inet6.c
* made the error handling in udpv6_queue_rcv_skb consistent;
to return `-1' on error on all error cases
* consolidation of shared code[NET]: UDP-Lite Documentation and basic XFRM/Netfilter support
The UDP-Lite patch further provides
* API documentation for UDP-Lite
* basic xfrm support
* basic netfilter support for IPv4 and IPv6 (LOG target)Signed-off-by: Gerrit Renker
Signed-off-by: David S. Miller -
We currently allocate a fixed size (TCP_SYNQ_HSIZE=512) slots hash table for
each LISTEN socket, regardless of various parameters (listen backlog for
example)On x86_64, this means order-1 allocations (might fail), even for 'small'
sockets, expecting few connections. On the contrary, a huge server wanting a
backlog of 50000 is slowed down a bit because of this fixed limit.This patch makes the sizing of listen hash table a dynamic parameter,
depending of :
- net.core.somaxconn tunable (default is 128)
- net.ipv4.tcp_max_syn_backlog tunable (default : 256, 1024 or 128)
- backlog value given by user application (2nd parameter of listen())For large allocations (bigger than PAGE_SIZE), we use vmalloc() instead of
kmalloc().We still limit memory allocation with the two existing tunables (somaxconn &
tcp_max_syn_backlog). So for standard setups, this patch actually reduce RAM
usage.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
29 Sep, 2006
3 commits
-
->faddr is net-endian; annotated as such, variables inferred to be net-endian
annotated.Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
This is just a minor buglet I came across by accident - when inet_init
fails to register raw_prot, it jumps to out_unregister_udp_proto which
should unregister UDP _and_ TCP.Signed-off-by: Olaf Kirch
Signed-off-by: David S. Miller -
annotated address arguments (port number left alone for now); ditto
for inferred net-endian variables in callers.Signed-off-by: Al Viro
Signed-off-by: David S. Miller
23 Sep, 2006
4 commits
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
Change net/core, ipv4 and ipv6 sysctl variables to __read_mostly.
Couldn't actually measure any performance increase while testing (.3%
I consider noise), but seems like the right thing to do.Signed-off-by: Brian Haley
Signed-off-by: David S. Miller -
config.h is automatically included by kbuild these days.
Signed-off-by: Dave Jones
Signed-off-by: David S. Miller -
This labels the flows that could utilize IPSec xfrms at the points the
flows are defined so that IPSec policy and SAs at the right label can
be used.The following protos are currently not handled, but they should
continue to be able to use single-labeled IPSec like they currently
do.ipmr
ip_gre
ipip
igmp
sit
sctp
ip6_tunnel (IPv6 over IPv6 tunnel device)
decnetSigned-off-by: Venkat Yekkirala
Signed-off-by: David S. Miller
09 Jul, 2006
1 commit
-
Certain subsystems in the stack (e.g., netfilter) can break the partial
checksum on GSO packets. Until they're fixed, this patch allows this to
work by recomputing the partial checksums through the GSO mechanism.Once they've all been converted to update the partial checksum instead of
clearing it, this workaround can be removed.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
04 Jul, 2006
1 commit
-
We don't want nasty Xen guests to pass a TCPv6 packet in with gso_type set
to TCPv4 or even UDP (or a packet that's both TCP and UDP).Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
30 Jun, 2006
1 commit
-
When GSO packets come from an untrusted source (e.g., a Xen guest domain),
we need to verify the header integrity before passing it to the hardware.Since the first step in GSO is to verify the header, we can reuse that
code by adding a new bit to gso_type: SKB_GSO_DODGY. Packets with this
bit set can only be fed directly to devices with the corresponding bit
NETIF_F_GSO_ROBUST. If the device doesn't have that bit, then the skb
is fed to the GSO engine which will allow the packet to be sent to the
hardware if it passes the header check.This patch changes the sg flag to a full features flag. The same method
can be used to implement TSO ECN support. We simply have to mark packets
with CWR set with SKB_GSO_ECN so that only hardware with a corresponding
NETIF_F_TSO_ECN can accept them. The GSO engine can either fully segment
the packet, or segment the first MTU and pass the rest to the hardware for
further segmentation.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
23 Jun, 2006
1 commit
-
This patch adds the GSO implementation for IPv4 TCP.
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
30 Apr, 2006
1 commit
-
Convert inet_init to an fs_initcall to make sure its called before any
device driver's initcall.Signed-off-by: Heiko Carstens
Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller
21 Mar, 2006
2 commits
-
No code changes, just tidying up, in some cases moving EXPORT_SYMBOLs
to just after the function exported, etc.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
This patch extends {get|set}sockopt compatibility layer in order to
move protocol specific parts to their place and avoid huge universal
net/compat.c file in the future.Signed-off-by: Dmitry Mishin
Signed-off-by: David S. Miller
12 Jan, 2006
1 commit
-
net: Use where capable() is used.
Signed-off-by: Randy Dunlap
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
04 Jan, 2006
3 commits
-
Currently all network protocols need to call dev_ioctl as the default
fallback in their ioctl implementations. This patch adds a fallback
to dev_ioctl to sock_ioctl if the protocol returned -ENOIOCTLCMD.
This way all the procotol ioctl handlers can be simplified and we don't
need to export dev_ioctl.Signed-off-by: Christoph Hellwig
Signed-off-by: David S. Miller -
To help in reducing the number of include dependencies, several files were
touched as they were getting needed headers indirectly for stuff they use.Thanks also to Alan Menegotto for pointing out that net/dccp/proto.c had
linux/dccp.h include twice.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
I noticed that some of 'struct proto_ops' used in the kernel may share
a cache line used by locks or other heavily modified data. (default
linker alignement is 32 bytes, and L1_CACHE_LINE is 64 or 128 at
least)This patch makes sure a 'struct proto_ops' can be declared as const,
so that all cpus can share all parts of it without false sharing.This is not mandatory : a driver can still use a read/write structure
if it needs to (and eventually a __read_mostly)I made a global stubstitute to change all existing occurences to make
them const.This should reduce the possibility of false sharing on SMP, and
speedup some socket system calls.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
