29 Jan, 2008
40 commits
-
The garbage collection function receive the dst_ops structure as
parameter. This is useful for the next incoming patchset because it
will need the dst_ops (there will be several instances) and the
network namespace pointer (contained in the dst_ops).The protocols which do not take care of the namespaces will not be
impacted by this change (expect for the function signature), they do
just ignore the parameter.Signed-off-by: Daniel Lezcano
Signed-off-by: David S. Miller -
Currently, sizeof(struct fib_alias) is 24 or 48 bytes on 32/64 bits
arches.Because of SLAB_HWCACHE_ALIGN requirement, these are rounded to 32 and
64 bytes respectively.This patch moves rcu to the end of fib_alias, and conditionally
defines it only for CONFIG_IP_FIB_TRIE.We also remove SLAB_HWCACHE_ALIGN requirement for fib_alias and
fib_node objects because it is not necessary.(BTW SLUB currently denies it for objects smaller than
cache_line_size() / 2, but not SLAB)Finally, sizeof(fib_alias) go back to 16 and 32 bytes.
Then, we can embed one fib_alias on each fib_node, to favor locality.
Most of the time access to the fib_alias will be free because one
cache line contains both the list head (fn_alias) and (one of) the
list element.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
node_parent() and tnode_get_child() currently use rcu_dereference().
These functions are called from both
- readers only paths (where rcu_dereference() is needed), and
- writer path (where rcu_dereference() is not needed)To make explicit where rcu_dereference() is really needed, I
introduced new node_parent_rcu() and tnode_get_child_rcu() functions
which use rcu_dereference(), while node_parent() and tnode_get_child()
dont use it.Then I changed calling sites where rcu_dereference() was really needed
to call the _rcu() variants.This should have no impact but for alpha architecture, and may help
future sparse checks.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
CHECK net/rose/af_rose.c
net/rose/af_rose.c:125:11: warning: expensive signed divide
net/rose/af_rose.c:976:46: warning: expensive signed divide
net/rose/af_rose.c:1379:13: warning: context imbalance in 'rose_info_start' - wrong count at exit
net/rose/af_rose.c:1406:13: warning: context imbalance in 'rose_info_stop' - unexpected unlock
CHECK net/rose/rose_in.c
net/rose/rose_in.c:185:25: warning: expensive signed divide
CHECK net/rose/rose_route.c
net/rose/rose_route.c:997:46: warning: expensive signed divide
net/rose/rose_route.c:1070:13: warning: context imbalance in 'rose_node_start' - wrong count at exit
net/rose/rose_route.c:1093:13: warning: context imbalance in 'rose_node_stop' - unexpected unlock
net/rose/rose_route.c:1146:13: warning: context imbalance in 'rose_neigh_start' - wrong count at exit
net/rose/rose_route.c:1169:13: warning: context imbalance in 'rose_neigh_stop' - unexpected unlock
net/rose/rose_route.c:1229:13: warning: context imbalance in 'rose_route_start' - wrong count at exit
net/rose/rose_route.c:1252:13: warning: context imbalance in 'rose_route_stop' - unexpected unlockSigned-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
CHECK net/atm/br2684.c
net/atm/br2684.c:665:13: warning: context imbalance in 'br2684_seq_start' - wrong count at exit
net/atm/br2684.c:676:13: warning: context imbalance in 'br2684_seq_stop' - unexpected unlock
CHECK net/atm/lec.c
net/atm/lec.c:196:23: warning: expensive signed divide
CHECK net/atm/proc.c
net/atm/proc.c:151:14: warning: context imbalance in 'vcc_seq_start' - wrong count at exit
net/atm/proc.c:154:13: warning: context imbalance in 'vcc_seq_stop' - unexpected unlockSigned-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
CHECK net/appletalk/aarp.c
net/appletalk/aarp.c:951:14: warning: context imbalance in 'aarp_seq_start' - wrong count at exit
net/appletalk/aarp.c:977:13: warning: context imbalance in 'aarp_seq_stop' - unexpected unlock
CHECK net/appletalk/atalk_proc.c
net/appletalk/atalk_proc.c:34:11: warning: context imbalance in 'atalk_seq_interface_start' - wrong count at exit
net/appletalk/atalk_proc.c:54:13: warning: context imbalance in 'atalk_seq_interface_stop' - unexpected unlock
net/appletalk/atalk_proc.c:93:11: warning: context imbalance in 'atalk_seq_route_start' - wrong count at exit
net/appletalk/atalk_proc.c:113:13: warning: context imbalance in 'atalk_seq_route_stop' - unexpected unlock
net/appletalk/atalk_proc.c:161:11: warning: context imbalance in 'atalk_seq_socket_start' - wrong count at exit
net/appletalk/atalk_proc.c:178:13: warning: context imbalance in 'atalk_seq_socket_stop' - unexpected unlockSigned-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
Allows to remove five empty implementations.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Its unused and unlikely to ever be used.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
- Remove declarations of non-existing variables and functions
- Move helper init/cleanup function declarations to nf_conntrack_helper.h
- Remove unneeded __nf_conntrack_attach declaration and make it staticSigned-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Since there now is generic support for shared sysctl paths, the only
remains are the net/netfilter and net/ipv4/netfilter paths. Move them
to net/netfilter/core.c and net/ipv4/netfilter.c and kill nf_sysctl.c.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Instead of keeping pointers to the timeout values in a table, simply
put the timeout values in the table directly.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Use SCTP_CHUNK_FLAG_T instead of 0x1.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Spotted by Pablo Neira Ayuso .
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Don't take and release the lock once per SCTP chunk, simply hold it
the entire time while iterating through the chunks.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The name is misleading, it holds the new connection state, so rename it
to "newstate". Also rename "oldsctpstate" to "oldstate" for consistency.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Consolidate error paths and use proper symbolic return value instead
of magic values.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Eliminate a few lines over 80 characters by using a local variable to
hold the conntrack direction instead of using CTINFO2DIR everywhere.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Reduce the length of some overly long lines by renaming all
"conntrack" variables to "ct".Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Use unsigned long instead of char for the bitmap and removed lots
of casts.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Reindent switch cases properly, get rid of weird constructs like "!(x == y)",
put logical operations on the end of the line instead of the next line, get
rid of superfluous braces.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Instead of keeping pointers to the timeout values in a table, simply
put the timeout values in the table directly.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The TCP and SCTP conntrack state transition tables only holds
small numbers, but gcc uses 4 byte per entry for the enum. Switching
to an u8 reduces the size from 480 to 120 bytes for TCP and from
576 to 144 bytes for SCTP.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The current TCP RST construction reuses the old packet and can't
deal with IP options as a consequence of that. Construct the
RST from scratch instead.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This patch removes inlines except those which are used
by packet matching code and thus are performance-critical.Before:
$ size */*/*/ip*tables*.o
text data bss dec hex filename
6402 500 16 6918 1b06 net/ipv4/netfilter/ip_tables.o
7130 500 16 7646 1dde net/ipv6/netfilter/ip6_tables.oAfter:
$ size */*/*/ip*tables*.o
text data bss dec hex filename
6307 500 16 6823 1aa7 net/ipv4/netfilter/ip_tables.o
7010 500 16 7526 1d66 net/ipv6/netfilter/ip6_tables.oSigned-off-by: Denys Vlasenko
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
With all the newly introduced features, there is a lot to remove
later on after a compatibility grace period of 2 years.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Adds IPv6 support to xt_iprange, making it possible to match on IPv6
address ranges with ip6tables.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This patch moves ipt_iprange to xt_iprange, in preparation for adding
IPv6 support to xt_iprange.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Updates the MODULE_DESCRIPTION() tags for all Netfilter modules,
actually describing what the module does and not just
"netfilter XYZ target".Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Jan Engelhart
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
In the PACKET_LOOPBACK case, the skb data was always interpreted as
IPv4, but that is not valid for IPv6, obviously. Fix this by adding an
extra condition to check for AF_INET.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Introduces the xt_mark match revision 1. It uses fixed types,
eventually obsoleting revision 0 some day (uses nonfixed types).Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Introduces the xt_conntrack match revision 1. It uses fixed types, the
new nf_inet_addr and comes with IPv6 support, thereby completely
superseding xt_state.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Extend union nf_inet_addr with struct in_addr and in6_addr. Useful
because a lot of in-kernel IPv4 and IPv6 functions use
in_addr/in6_addr.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Introduces the xt_connmark match revision 1. It uses fixed types,
eventually obsoleting revision 0 some day (uses nonfixed types).
(Unfixed types like "unsigned long" do not play well with mixed
user-/kernelspace "bitness", e.g. 32/64, as is common on SPARC64,
and need extra compat code.)Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Introduces the xt_MARK target revision 2. It uses fixed types, and
also uses the more expressive XOR logic.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Introduces the xt_CONNMARK target revision 1. It uses fixed types, and
also uses the more expressive XOR logic. Futhermore, it allows to
selectively pick bits from both the ctmark and the nfmark in the SAVE
and RESTORE operations.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Fix incorrect mask value passed to ipv4_change_dsfield/ipv6_change_dsfield.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
