26 Apr, 2010
2 commits
-
Decouple rtnetlink address families from real address families in socket.h to
be able to add rtnetlink interfaces to code that is not a real address family
without increasing AF_MAX/NPROTO.This will be used to add support for multicast route dumping from all tables
as the proc interface can't be extended to support anything but the main table
without breaking compatibility.This partialy undoes the patch to introduce independant families for routing
rules and converts ipmr routing rules to a new rtnetlink family. Similar to
that patch, values up to 127 are reserved for real address families, values
above that may be used arbitrarily.Signed-off-by: Patrick McHardy
-
fib_rules_register() duplicates the template passed to it without modification,
mark the argument as const. Additionally the templates are only needed when
instantiating a new namespace, so mark them as __net_initdata, which means
they can be discarded when CONFIG_NET_NS=n.Signed-off-by: Patrick McHardy
14 Apr, 2010
3 commits
-
Decouple the address family values used for fib_rules from the real
address families in socket.h. This allows to use fib_rules for
code that is not a real address family without increasing AF_MAX/NPROTO.Values up to 127 are reserved for real address families and map directly
to the corresponding AF value, values starting from 128 are for other
uses. rtnetlink is changed to invoke the AF_UNSPEC dumpit/doit handlers
for these families.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
All fib_rules implementations need to set the family in their ->fill()
functions. Since the value is available to the generic fib_nl_fill_rule()
function, set it there.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Both functions are equivalent, consolidate them since a following patch
needs a third implementation for multicast routing.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
04 Dec, 2009
2 commits
-
Refactor the code so fib_rules_register always takes a template instead
of the actual fib_rules_ops structure that will be used. This is
required for network namespace support so 2 out of the 3 callers already
do this, it allows the error handling to be made common, and it allows
fib_rules_unregister to free the template for hte caller.Modify fib_rules_unregister to use call_rcu instead of syncrhonize_rcu
to allw multiple namespaces to be cleaned up in the same rcu grace
period.Signed-off-by: Eric W. Biederman
Signed-off-by: David S. Miller -
commit d124356ce314fff22a047ea334379d5105b2d834
Author: Patrick McHardy
Date: Thu Dec 3 12:16:35 2009 +0100net: fib_rules: allow to delete local rule
Allow to delete the local rule and recreate it with a higher priority. This
can be used to force packets with a local destination out on the wire instead
of routing them to loopback. Additionally this patch allows to recreate rules
with a priority of 0.Combined with the previous patch to allow oif classification, a socket can
be bound to the desired interface and packets routed to the wire like this:# move local rule to lower priority
ip rule add pref 1000 lookup local
ip rule del pref 0# route packets of sockets bound to eth0 to the wire independant
# of the destination address
ip rule add pref 100 oif eth0 lookup 100
ip route add default dev eth0 table 100Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
05 Oct, 2009
1 commit
-
The FIB algorithim for IPV4 is set at compile time, but kernel goes through
the overhead of function call indirection at runtime. Save some
cycles by turning the indirect calls to direct calls to either
hash or trie code.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
21 May, 2009
1 commit
-
The netlink message header (struct nlmsghdr) is an unused parameter in
fill method of fib_rules_ops struct. This patch removes this
parameter from this method and fixes the places where this method is
called.(include/net/fib_rules.h)
Signed-off-by: Rami Rosen
Signed-off-by: David S. Miller
18 May, 2009
1 commit
-
Signed-off-by: Rami Rosen
Signed-off-by: David S. Miller
06 Jul, 2008
2 commits
-
This is required to pass namespace context into rt_cache_flush called from
->flush_cache.Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller
26 Mar, 2008
1 commit
-
Introduce per-sock inlines: sock_net(), sock_net_set()
and per-inet_timewait_sock inlines: twsk_net(), twsk_net_set().
Without CONFIG_NET_NS, no namespace other than &init_net exists.
Let's explicitly define them to help compiler optimizations.Signed-off-by: YOSHIFUJI Hideaki
29 Jan, 2008
11 commits
-
The difference in the implementation of the fib_select_default when
CONFIG_IP_MULTIPLE_TABLES is (not) defined looks
negligible. Consolidate it and place into fib_frontend.c.Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Save namespace context on the fib rule at the rule creation time and
call routing lookup in the correct namespace.Signed-off-by: Denis V. Lunev
Acked-by: Daniel Lezcano
Signed-off-by: David S. Miller -
Remove struct net from fib_rules_register(unregister)/notify_change
paths and diet code size a bit.add/remove: 0/0 grow/shrink: 10/12 up/down: 35/-100 (-65)
function old new delta
notify_rule_change 273 280 +7
trie_show_stats 471 475 +4
fn_trie_delete 473 477 +4
fib_rules_unregister 144 148 +4
fib4_rule_compare 119 123 +4
resize 2842 2845 +3
fn_trie_select_default 515 518 +3
inet_sk_rebuild_header 836 838 +2
fib_trie_seq_show 764 766 +2
__devinet_sysctl_register 276 278 +2
fn_trie_lookup 1124 1123 -1
ip_fib_check_default 133 131 -2
devinet_conf_sysctl 223 221 -2
snmp_fold_field 126 123 -3
fn_trie_insert 2091 2086 -5
inet_create 876 870 -6
fib4_rules_init 197 191 -6
fib_sync_down 452 444 -8
inet_gso_send_check 334 325 -9
fib_create_info 3003 2991 -12
fib_nl_delrule 568 553 -15
fib_nl_newrule 883 852 -31Signed-off-by: Denis V. Lunev
Acked-by: Daniel Lezcano
Signed-off-by: David S. Miller -
The backward link from FIB rules operations to the network namespace
will allow to simplify the API a bit.Signed-off-by: Denis V. Lunev
Acked-by: Daniel Lezcano
Signed-off-by: David S. Miller -
The final trick for rules: place fib4_rules_ops into struct net and
modify initialization path for this.Acked-by: Benjamin Thery
Acked-by: Daniel Lezcano
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
This patch extends the fib_get_table and the fib_new_table functions
with the network namespace pointer. That will allow to access the
table relatively from the network namespace.Acked-by: Benjamin Thery
Acked-by: Daniel Lezcano
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
This patch makes the fib to be initialized as a subsystem for the
network namespaces. The code does not handle several namespaces yet,
so in case of a creation of a network namespace, the
creation/initialization will not occur.Acked-by: Benjamin Thery
Acked-by: Daniel Lezcano
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
This adds error paths into both versions of fib4_rules_init
(with/without CONFIG_IP_MULTIPLE_TABLES) and returns error code to the
caller.Acked-by: Benjamin Thery
Acked-by: Daniel Lezcano
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
fib_rules_ops contains operations and the list of configured rules. ops will
become per/namespace soon, so we need them to be known in the default_pref
callback.Acked-by: Benjamin Thery
Acked-by: Daniel Lezcano
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
The patch extends the different fib rules API in order to pass the
network namespace pointer. That will allow to access the different
tables from a namespace relative object. As usual, the pointer to the
init_net variable is passed as parameter so we don't break the
network.Acked-by: Benjamin Thery
Acked-by: Daniel Lezcano
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller
11 Nov, 2007
1 commit
-
This patch fixes a small memory leak. Default fib rules can be deleted by
the user if the rule does not carry FIB_RULE_PERMANENT flag, f.e. by
ip rule flushSuch a rule will not be freed as the ref-counter has 2 on start and becomes
clearly unreachable after removal.Signed-off-by: Denis V. Lunev
Acked-by: Alexey Kuznetsov
Signed-off-by: David S. Miller
11 Oct, 2007
1 commit
-
This patch slightly cleanups FIB rules framework. rules_list as a pointer
on struct fib_rules_ops is useless. It is always assigned with a static
per/subsystem list in IPv4, IPv6 and DecNet.Signed-off-by: Denis V. Lunev
Acked-by: Alexey Kuznetsov
Signed-off-by: David S. Miller
08 Jun, 2007
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
26 Apr, 2007
4 commits
-
Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
The results of FIB rules lookups are cached in the routing cache
except for IPv6 as no such cache exists. So far, it was the
responsibility of the user to flush the cache after modifying any
rules. This lead to many false bug reports due to misunderstanding
of this concept.This patch automatically flushes the route cache after inserting
or deleting a rule.Thanks to Muli Ben-Yehuda for catching a bug
in the previous patch.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
Implements a unified, protocol independant rules dumping function
which is capable of both, dumping a specific protocol family or
all of them. This speeds up dumping as less lookups are required.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller
26 Mar, 2007
1 commit
-
Based upon a patch from Patrick McHardy.
The fib_rules netlink attribute policy introduced in 2.6.19 broke
userspace compatibilty. When specifying a rule with "from all"
or "to all", iproute adds a zero byte long netlink attribute,
but the policy requires all addresses to have a size equal to
sizeof(struct in_addr)/sizeof(struct in6_addr), resulting in a
validation error.Check attribute length of FRA_SRC/FRA_DST in the generic framework
by letting the family specific rules implementation provide the
length of an address. Report an error if address length is non
zero but no address attribute is provided. Fix actual bug by
checking address length for non-zero instead of relying on
availability of attribute.Signed-off-by: Thomas Graf
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
03 Dec, 2006
4 commits
-
Account for the netlink message header size directly in nlmsg_new()
instead of relying on the caller calculate it correctly.Replaces error handling of message construction functions when
constructing notifications with bug traps since a failure implies
a bug in calculating the size of the skb.Signed-off-by: Thomas Graf
Acked-by: Paul Moore
Signed-off-by: David S. Miller -
Move the attribute policy for the non-specific attributes into
net/fib_rules.h and include it in the respective protocols.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
Move mark selector currently implemented per protocol into
the protocol independant part.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
Now that all protocols have been made aware of the mark
field it can be moved out of the union thus simplyfing
its usage.The config options in the IPv4/IPv6/DECnet subsystems
to enable respectively disable mark based routing only
obfuscate the code with ifdefs, the cost for the
additional comparison in the flow key is insignificant,
and most distributions have all these options enabled
by default anyway. Therefore it makes sense to remove
the config options and enable mark based routing by
default.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller
29 Sep, 2006
2 commits
-
use be32 netlink accessors for those
Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
Signed-off-by: Al Viro
Signed-off-by: David S. Miller
23 Sep, 2006
2 commits
-
Converts existing NLA_STRING attributes to use the new
validation features, saving a couple of temporary buffers.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
Add a FRA_FWMASK attributes for fwmark masks. For compatibility a mask of
0xFFFFFFFF is used when a mark value != 0 is sent without a mask.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller