25 May, 2007
1 commit
-
The current IPSEC rule resolution behavior we have does not work for a
lot of people, even though technically it's an improvement from the
-EAGAIN buisness we had before.Right now we'll block until the key manager resolves the route. That
works for simple cases, but many folks would rather packets get
silently dropped until the key manager resolves the IPSEC rules.We can't tell these folks to "set the socket non-blocking" because
they don't have control over the non-block setting of things like the
sockets used to resolve DNS deep inside of the resolver libraries in
libc.With that in mind I coded up the patch below with some help from
Herbert Xu which provides packet-drop behavior during larval state
resolution, controllable via sysctl and off by default.This lays the framework to either:
1) Make this default at some point or...
2) Move this logic into xfrm{4,6}_policy.c and implement the
ARP-like resolution queue we've all been dreaming of.
The idea would be to queue packets to the policy, then
once the larval state is resolved by the key manager we
re-resolve the route and push the packets out. The
packets would timeout if the rule didn't get resolved
in a certain amount of time.Signed-off-by: David S. Miller
04 May, 2007
1 commit
-
1) struct ip6_flowlabel : moves 'users' field to avoid two 32bits
holes for 64bit arches. Shrinks by 8 bytes sizeof(struct
ip6_flowlabel)2) ipv6_addr_cmp() and ipv6_addr_copy() dont need (void *) casts :
Compiler might take into account natural alignement of in6_addr
structs to emit better code for memcpy()/memcmp() Casts to (void *)
force byte accesses.3) ipv6_addr_prefix() optimization :
Better to clear whole struct, as compiler can emit better code for
memset(addr, 0, 16) (2 stores on x86_64), and avoid some conditional
branches.# size vmlinux.after vmlinux.before
text data bss dec hex filename
5262262 647612 557432 6467306 62aeea vmlinux.after
5262550 647612 557432 6467594 62b00a vmlinux.beforethats 288 bytes saved.
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
03 May, 2007
1 commit
-
__HAVE_ARCH_ADDR_SET seems unused these days, just get rid of it.
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
26 Apr, 2007
4 commits
-
This patch moves the non-proc SNMP code into addrconf.c and reuses
IPv4 SNMP code where applicable.As a result we can skip proc.o if /proc is disabled.
Note that I've made a number of functions static since they're only
used by addrconf.c for now. If they ever get used elsewhere we can
always remove the static.Signed-off-by: Herbert Xu
Acked-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
Hint from David Miller .
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
Because stats pointer may not be aligned for u64, use memcpy
to fill u64 values.
Issue reported by David Miller .Signed-off-by: YOSHIFUJI Hideaki
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
03 Dec, 2006
6 commits
-
Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
This is a revision of the previously submitted patch, which alters
the way files are organized and compiled in the following manner:* UDP and UDP-Lite now use separate object files
* source file dependencies resolved via header files
net/ipv{4,6}/udp_impl.h
* order of inclusion files in udp.c/udplite.c adapted
accordingly[NET/IPv4]: Support for the UDP-Lite protocol (RFC 3828)
This patch adds support for UDP-Lite to the IPv4 stack, provided as an
extension to the existing UDPv4 code:
* generic routines are all located in net/ipv4/udp.c
* UDP-Lite specific routines are in net/ipv4/udplite.c
* MIB/statistics support in /proc/net/snmp and /proc/net/udplite
* shared API with extensions for partial checksum coverage[NET/IPv6]: Extension for UDP-Lite over IPv6
It extends the existing UDPv6 code base with support for UDP-Lite
in the same manner as per UDPv4. In particular,
* UDPv6 generic and shared code is in net/ipv6/udp.c
* UDP-Litev6 specific extensions are in net/ipv6/udplite.c
* MIB/statistics support in /proc/net/snmp6 and /proc/net/udplite6
* support for IPV6_ADDRFORM
* aligned the coding style of protocol initialisation with af_inet6.c
* made the error handling in udpv6_queue_rcv_skb consistent;
to return `-1' on error on all error cases
* consolidation of shared code[NET]: UDP-Lite Documentation and basic XFRM/Netfilter support
The UDP-Lite patch further provides
* API documentation for UDP-Lite
* basic xfrm support
* basic netfilter support for IPv4 and IPv6 (LOG target)Signed-off-by: Gerrit Renker
Signed-off-by: David S. Miller -
For IP MIB (RFC4293).
Signed-off-by: YOSHIFUJI Hideaki
-
Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
Signed-off-by: Al Viro
Signed-off-by: David S. Miller
29 Sep, 2006
1 commit
-
in6_addr elements are net-endian
Signed-off-by: Al Viro
Signed-off-by: David S. Miller
23 Sep, 2006
3 commits
-
Add Mobility header definition for Mobile IPv6.
Based on MIPL2 kernel patch.This patch was also written by: Antti Tuominen
Signed-off-by: Masahide NAKAMURA
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
In receiving Mobile IPv6 home address option which is a TLV carried by
destination options header, kernel will try to mangle source adderss
of packet. Think of cloned skbuff it is required to replace it by the
parser just like routing header case.This is a framework to achieve that to allow TLV parser to replace
inbound skbuff pointer.Signed-off-by: Masahide NAKAMURA
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
This is a helper to search option offset from extension header which
can carry TLV option like destination options header.Mobile IPv6 home address option will use it.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
03 Aug, 2006
1 commit
-
The current users of ip6_dst_lookup can be divided into two classes:
1) The caller holds no locks and is in user-context (UDP).
2) The caller does not want to lookup the dst cache at all.The second class covers everyone except UDP because most people do
the cache lookup directly before calling ip6_dst_lookup. This patch
adds ip6_sk_dst_lookup for the first class.Similarly ip6_dst_store users can be divded into those that need to
take the socket dst lock and those that don't. This patch adds
__ip6_dst_store for those (everyone except UDP/datagram) that don't
need an extra lock.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
26 Apr, 2006
1 commit
-
Signed-off-by: David Woodhouse
19 Apr, 2006
1 commit
-
- Removed unused argument (nhoff) for ipv6_parse_hopopts().
- Make ipv6_parse_hopopts() to align with other extension header
handlers.
- Removed pointless assignment (hdr), which is not used afterwards.Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
21 Mar, 2006
2 commits
-
This patch extends {get|set}sockopt compatibility layer in order to
move protocol specific parts to their place and avoid huge universal
net/compat.c file in the future.Signed-off-by: Dmitry Mishin
Signed-off-by: David S. Miller -
Replace netfilter's ip6_masked_addrcmp by a more efficient version
in include/net/ipv6.h to make it usable without module dependencies.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
08 Jan, 2006
1 commit
-
When the innermost transform uses transport mode the decapsulated packet
is not visible to netfilter. Pass the packet through the PRE_ROUTING and
LOCAL_IN hooks again before handing it to upper layer protocols to make
netfilter-visibility symetrical to the output path.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
04 Jan, 2006
4 commits
-
To help in reducing the number of include dependencies, several files were
touched as they were getting needed headers indirectly for stuff they use.Thanks also to Alan Menegotto for pointing out that net/dccp/proto.c had
linux/dccp.h include twice.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
I noticed that some of 'struct proto_ops' used in the kernel may share
a cache line used by locks or other heavily modified data. (default
linker alignement is 32 bytes, and L1_CACHE_LINE is 64 or 128 at
least)This patch makes sure a 'struct proto_ops' can be declared as const,
so that all cpus can share all parts of it without false sharing.This is not mandatory : a driver can still use a read/write structure
if it needs to (and eventually a __read_mostly)I made a global stubstitute to change all existing occurences to make
them const.This should reduce the possibility of false sharing on SMP, and
speedup some socket system calls.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
Renaming it to inet6_hash_connect, making it possible to ditch
dccp_v6_hash_connect and share the same code with TCP instead.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
It was already non-TCP specific, will be used by DCCPv6.
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller
21 Nov, 2005
1 commit
20 Nov, 2005
1 commit
-
Based on suggestion from Masahide Nakamura .
Signed-off-by: YOSHIFUJI Hideaki
09 Nov, 2005
2 commits
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
08 Sep, 2005
2 commits
-
Based on patch from David L Stevens
Signed-off-by: David L Stevens
Signed-off-by: YOSHIFUJI Hideaki -
Support several new socket options / ancillary data:
IPV6_RECVPKTINFO, IPV6_PKTINFO,
IPV6_RECVHOPOPTS, IPV6_HOPOPTS,
IPV6_RECVDSTOPTS, IPV6_DSTOPTS, IPV6_RTHDRDSTOPTS,
IPV6_RECVRTHDR, IPV6_RTHDR,
IPV6_RECVHOPOPTS, IPV6_HOPOPTSOld semantics are preserved as IPV6_2292xxxx so that
we can maintain backward compatibility.Signed-off-by: YOSHIFUJI Hideaki
30 Aug, 2005
3 commits
-
Of this type, mostly:
CHECK net/ipv6/netfilter.c
net/ipv6/netfilter.c:96:12: warning: symbol 'ipv6_netfilter_init' was not declared. Should it be static?
net/ipv6/netfilter.c:101:6: warning: symbol 'ipv6_netfilter_fini' was not declared. Should it be static?Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
Bonding just wants the device before the skb_bond()
decapsulation occurs, so simply pass that original
device into packet_type->func() as an argument.It remains to be seen whether we can use this same
exact thing to get rid of skb->input_dev as well.Signed-off-by: David S. Miller
29 Jun, 2005
1 commit
-
Remove two more unused IPV6_AUTHHDR option things,
which I failed to remove them last time,
plus, mark IPV6_AUTHHDR obsolete.Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
25 Apr, 2005
1 commit
-
The SELinux hooks invoke ipv6_skip_exthdr() with an incorrect
length final argument. However, the length argument turns out
to be superfluous.I was just reading ipv6_skip_exthdr and it occured to me that we can
get rid of len altogether. The only place where len is used is to
check whether the skb has two bytes for ipv6_opt_hdr. This check
is done by skb_header_pointer/skb_copy_bits anyway.Now it might appear that we've made the code slower by deferring
the check to skb_copy_bits. However, this check should not trigger
in the common case so this is OK.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
17 Apr, 2005
1 commit
-
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.Let it rip!
