05 Dec, 2011
1 commit
-
The reverse path filter module will use fib_lookup.
If CONFIG_IP_MULTIPLE_TABLES is not set, fib_lookup is
only a static inline helper that calls fib_table_lookup,
so export that too.Signed-off-by: Florian Westphal
Acked-by: David S. Miller
Signed-off-by: Pablo Neira Ayuso
01 Nov, 2011
1 commit
-
These files are non modular, but need to export symbols using
the macros now living in export.h -- call out the include so
that things won't break when we remove the implicit presence
of module.h from everywhere.Signed-off-by: Paul Gortmaker
13 Mar, 2011
2 commits
-
Signed-off-by: David S. Miller
-
To start doing these conversions, we need to add some temporary
flow4_* macros which will eventually go away when all the protocol
code paths are changed to work on AF specific flowi objects.Signed-off-by: David S. Miller
18 Feb, 2011
1 commit
-
The only troublesome bit here is __mkroute_output which wants
to override res->fi and res->type, compute those in local
variables instead.Signed-off-by: David S. Miller
14 Jan, 2011
1 commit
-
Fix dependencies of netfilter realm match: it depends on NET_CLS_ROUTE,
which itself depends on NET_SCHED; this dependency is missing from netfilter.Since matching on realms is also useful without having NET_SCHED enabled and
the option really only controls whether the tclassid member is included in
route and dst entries, rename the config option to IP_ROUTE_CLASSID and move
it outside of traffic scheduling context to get rid of the NET_SCHED dependeny.Reported-by: Vladis Kletnieks
Signed-off-by: Patrick McHardy
06 Oct, 2010
1 commit
-
fib_lookup() converted to be called in RCU protected context, no
reference taken and released on a contended cache line (fib_clntref)fib_table_lookup() and fib_semantic_match() get an additional parameter.
struct fib_info gets an rcu_head field, and is freed after an rcu grace
period.Stress test :
(Sending 160.000.000 UDP frames on same neighbour,
IP route cache disabled, dual E5540 @2.53GHz,
32bit kernel, FIB_HASH) (about same results for FIB_TRIE)Before patch :
real 1m31.199s
user 0m13.761s
sys 23m24.780sAfter patch:
real 1m5.375s
user 0m14.997s
sys 15m50.115sBefore patch Profile :
13044.00 15.4% __ip_route_output_key vmlinux
8438.00 10.0% dst_destroy vmlinux
5983.00 7.1% fib_semantic_match vmlinux
5410.00 6.4% fib_rules_lookup vmlinux
4803.00 5.7% neigh_lookup vmlinux
4420.00 5.2% _raw_spin_lock vmlinux
3883.00 4.6% rt_set_nexthop vmlinux
3261.00 3.9% _raw_read_lock vmlinux
2794.00 3.3% fib_table_lookup vmlinux
2374.00 2.8% neigh_resolve_output vmlinux
2153.00 2.5% dst_alloc vmlinux
1502.00 1.8% _raw_read_lock_bh vmlinux
1484.00 1.8% kmem_cache_alloc vmlinux
1407.00 1.7% eth_header vmlinux
1406.00 1.7% ipv4_dst_destroy vmlinux
1298.00 1.5% __copy_from_user_ll vmlinux
1174.00 1.4% dev_queue_xmit vmlinux
1000.00 1.2% ip_output vmlinuxAfter patch Profile :
13712.00 15.8% dst_destroy vmlinux
8548.00 9.9% __ip_route_output_key vmlinux
7017.00 8.1% neigh_lookup vmlinux
4554.00 5.3% fib_semantic_match vmlinux
4067.00 4.7% _raw_read_lock vmlinux
3491.00 4.0% dst_alloc vmlinux
3186.00 3.7% neigh_resolve_output vmlinux
3103.00 3.6% fib_table_lookup vmlinux
2098.00 2.4% _raw_read_lock_bh vmlinux
2081.00 2.4% kmem_cache_alloc vmlinux
2013.00 2.3% _raw_spin_lock vmlinux
1763.00 2.0% __copy_from_user_ll vmlinux
1763.00 2.0% ip_output vmlinux
1761.00 2.0% ipv4_dst_destroy vmlinux
1631.00 1.9% eth_header vmlinux
1440.00 1.7% _raw_read_unlock_bh vmlinuxReference results, if IP route cache is enabled :
real 0m29.718s
user 0m10.845s
sys 7m37.341s25213.00 29.5% __ip_route_output_key vmlinux
9011.00 10.5% dst_release vmlinux
4817.00 5.6% ip_push_pending_frames vmlinux
4232.00 5.0% ip_finish_output vmlinux
3940.00 4.6% udp_sendmsg vmlinux
3730.00 4.4% __copy_from_user_ll vmlinux
3716.00 4.4% ip_route_output_flow vmlinux
2451.00 2.9% __xfrm_lookup vmlinux
2221.00 2.6% ip_append_data vmlinux
1718.00 2.0% _raw_spin_lock_bh vmlinux
1655.00 1.9% __alloc_skb vmlinux
1572.00 1.8% sock_wfree vmlinux
1345.00 1.6% kfree vmlinuxSigned-off-by: Eric Dumazet
Signed-off-by: David S. Miller
05 Oct, 2010
1 commit
-
Code style cleanups before upcoming functional changes.
C99 initializer for fib_props array.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
26 Apr, 2010
2 commits
-
Decouple rtnetlink address families from real address families in socket.h to
be able to add rtnetlink interfaces to code that is not a real address family
without increasing AF_MAX/NPROTO.This will be used to add support for multicast route dumping from all tables
as the proc interface can't be extended to support anything but the main table
without breaking compatibility.This partialy undoes the patch to introduce independant families for routing
rules and converts ipmr routing rules to a new rtnetlink family. Similar to
that patch, values up to 127 are reserved for real address families, values
above that may be used arbitrarily.Signed-off-by: Patrick McHardy
-
fib_rules_register() duplicates the template passed to it without modification,
mark the argument as const. Additionally the templates are only needed when
instantiating a new namespace, so mark them as __net_initdata, which means
they can be discarded when CONFIG_NET_NS=n.Signed-off-by: Patrick McHardy
14 Apr, 2010
3 commits
-
Decouple the address family values used for fib_rules from the real
address families in socket.h. This allows to use fib_rules for
code that is not a real address family without increasing AF_MAX/NPROTO.Values up to 127 are reserved for real address families and map directly
to the corresponding AF value, values starting from 128 are for other
uses. rtnetlink is changed to invoke the AF_UNSPEC dumpit/doit handlers
for these families.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
All fib_rules implementations need to set the family in their ->fill()
functions. Since the value is available to the generic fib_nl_fill_rule()
function, set it there.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Both functions are equivalent, consolidate them since a following patch
needs a third implementation for multicast routing.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
04 Dec, 2009
2 commits
-
Refactor the code so fib_rules_register always takes a template instead
of the actual fib_rules_ops structure that will be used. This is
required for network namespace support so 2 out of the 3 callers already
do this, it allows the error handling to be made common, and it allows
fib_rules_unregister to free the template for hte caller.Modify fib_rules_unregister to use call_rcu instead of syncrhonize_rcu
to allw multiple namespaces to be cleaned up in the same rcu grace
period.Signed-off-by: Eric W. Biederman
Signed-off-by: David S. Miller -
commit d124356ce314fff22a047ea334379d5105b2d834
Author: Patrick McHardy
Date: Thu Dec 3 12:16:35 2009 +0100net: fib_rules: allow to delete local rule
Allow to delete the local rule and recreate it with a higher priority. This
can be used to force packets with a local destination out on the wire instead
of routing them to loopback. Additionally this patch allows to recreate rules
with a priority of 0.Combined with the previous patch to allow oif classification, a socket can
be bound to the desired interface and packets routed to the wire like this:# move local rule to lower priority
ip rule add pref 1000 lookup local
ip rule del pref 0# route packets of sockets bound to eth0 to the wire independant
# of the destination address
ip rule add pref 100 oif eth0 lookup 100
ip route add default dev eth0 table 100Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
05 Oct, 2009
1 commit
-
The FIB algorithim for IPV4 is set at compile time, but kernel goes through
the overhead of function call indirection at runtime. Save some
cycles by turning the indirect calls to direct calls to either
hash or trie code.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
21 May, 2009
1 commit
-
The netlink message header (struct nlmsghdr) is an unused parameter in
fill method of fib_rules_ops struct. This patch removes this
parameter from this method and fixes the places where this method is
called.(include/net/fib_rules.h)
Signed-off-by: Rami Rosen
Signed-off-by: David S. Miller
18 May, 2009
1 commit
-
Signed-off-by: Rami Rosen
Signed-off-by: David S. Miller
06 Jul, 2008
2 commits
-
This is required to pass namespace context into rt_cache_flush called from
->flush_cache.Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller
26 Mar, 2008
1 commit
-
Introduce per-sock inlines: sock_net(), sock_net_set()
and per-inet_timewait_sock inlines: twsk_net(), twsk_net_set().
Without CONFIG_NET_NS, no namespace other than &init_net exists.
Let's explicitly define them to help compiler optimizations.Signed-off-by: YOSHIFUJI Hideaki
29 Jan, 2008
11 commits
-
The difference in the implementation of the fib_select_default when
CONFIG_IP_MULTIPLE_TABLES is (not) defined looks
negligible. Consolidate it and place into fib_frontend.c.Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Save namespace context on the fib rule at the rule creation time and
call routing lookup in the correct namespace.Signed-off-by: Denis V. Lunev
Acked-by: Daniel Lezcano
Signed-off-by: David S. Miller -
Remove struct net from fib_rules_register(unregister)/notify_change
paths and diet code size a bit.add/remove: 0/0 grow/shrink: 10/12 up/down: 35/-100 (-65)
function old new delta
notify_rule_change 273 280 +7
trie_show_stats 471 475 +4
fn_trie_delete 473 477 +4
fib_rules_unregister 144 148 +4
fib4_rule_compare 119 123 +4
resize 2842 2845 +3
fn_trie_select_default 515 518 +3
inet_sk_rebuild_header 836 838 +2
fib_trie_seq_show 764 766 +2
__devinet_sysctl_register 276 278 +2
fn_trie_lookup 1124 1123 -1
ip_fib_check_default 133 131 -2
devinet_conf_sysctl 223 221 -2
snmp_fold_field 126 123 -3
fn_trie_insert 2091 2086 -5
inet_create 876 870 -6
fib4_rules_init 197 191 -6
fib_sync_down 452 444 -8
inet_gso_send_check 334 325 -9
fib_create_info 3003 2991 -12
fib_nl_delrule 568 553 -15
fib_nl_newrule 883 852 -31Signed-off-by: Denis V. Lunev
Acked-by: Daniel Lezcano
Signed-off-by: David S. Miller -
The backward link from FIB rules operations to the network namespace
will allow to simplify the API a bit.Signed-off-by: Denis V. Lunev
Acked-by: Daniel Lezcano
Signed-off-by: David S. Miller -
The final trick for rules: place fib4_rules_ops into struct net and
modify initialization path for this.Acked-by: Benjamin Thery
Acked-by: Daniel Lezcano
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
This patch extends the fib_get_table and the fib_new_table functions
with the network namespace pointer. That will allow to access the
table relatively from the network namespace.Acked-by: Benjamin Thery
Acked-by: Daniel Lezcano
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
This patch makes the fib to be initialized as a subsystem for the
network namespaces. The code does not handle several namespaces yet,
so in case of a creation of a network namespace, the
creation/initialization will not occur.Acked-by: Benjamin Thery
Acked-by: Daniel Lezcano
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
This adds error paths into both versions of fib4_rules_init
(with/without CONFIG_IP_MULTIPLE_TABLES) and returns error code to the
caller.Acked-by: Benjamin Thery
Acked-by: Daniel Lezcano
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
fib_rules_ops contains operations and the list of configured rules. ops will
become per/namespace soon, so we need them to be known in the default_pref
callback.Acked-by: Benjamin Thery
Acked-by: Daniel Lezcano
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
The patch extends the different fib rules API in order to pass the
network namespace pointer. That will allow to access the different
tables from a namespace relative object. As usual, the pointer to the
init_net variable is passed as parameter so we don't break the
network.Acked-by: Benjamin Thery
Acked-by: Daniel Lezcano
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller
11 Nov, 2007
1 commit
-
This patch fixes a small memory leak. Default fib rules can be deleted by
the user if the rule does not carry FIB_RULE_PERMANENT flag, f.e. by
ip rule flushSuch a rule will not be freed as the ref-counter has 2 on start and becomes
clearly unreachable after removal.Signed-off-by: Denis V. Lunev
Acked-by: Alexey Kuznetsov
Signed-off-by: David S. Miller
11 Oct, 2007
1 commit
-
This patch slightly cleanups FIB rules framework. rules_list as a pointer
on struct fib_rules_ops is useless. It is always assigned with a static
per/subsystem list in IPv4, IPv6 and DecNet.Signed-off-by: Denis V. Lunev
Acked-by: Alexey Kuznetsov
Signed-off-by: David S. Miller
08 Jun, 2007
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
26 Apr, 2007
4 commits
-
Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
The results of FIB rules lookups are cached in the routing cache
except for IPv6 as no such cache exists. So far, it was the
responsibility of the user to flush the cache after modifying any
rules. This lead to many false bug reports due to misunderstanding
of this concept.This patch automatically flushes the route cache after inserting
or deleting a rule.Thanks to Muli Ben-Yehuda for catching a bug
in the previous patch.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
Implements a unified, protocol independant rules dumping function
which is capable of both, dumping a specific protocol family or
all of them. This speeds up dumping as less lookups are required.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller
26 Mar, 2007
1 commit
-
Based upon a patch from Patrick McHardy.
The fib_rules netlink attribute policy introduced in 2.6.19 broke
userspace compatibilty. When specifying a rule with "from all"
or "to all", iproute adds a zero byte long netlink attribute,
but the policy requires all addresses to have a size equal to
sizeof(struct in_addr)/sizeof(struct in6_addr), resulting in a
validation error.Check attribute length of FRA_SRC/FRA_DST in the generic framework
by letting the family specific rules implementation provide the
length of an address. Report an error if address length is non
zero but no address attribute is provided. Fix actual bug by
checking address length for non-zero instead of relying on
availability of attribute.Signed-off-by: Thomas Graf
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller