Eric Lee / smarc-fsl-linux-kernel

04 Jun, 2007

1 commit

  • 3f196eb51   [TCP]: Use default 32768-61000 outgoing port range in all cases. ... Browse Code »

    This diff changes the default port range used for outgoing connections,
    from "use 32768-61000 in most cases, but use N-4999 on small boxes
    (where N is a multiple of 1024, depending on just *how* small the box
    is)" to just "use 32768-61000 in all cases".

    I don't believe there are any drawbacks to this change, and it keeps
    outgoing connection ports farther away from the mess of
    IANA-registered ports.

    Signed-off-by: Mark Glines
    Signed-off-by: David S. Miller

    Mark Glines
     

11 Feb, 2007

1 commit

03 Dec, 2006

1 commit

  • 72a3effaf   [NET]: Size listen hash tables using backlog hint ... Browse Code »

    We currently allocate a fixed size (TCP_SYNQ_HSIZE=512) slots hash table for
    each LISTEN socket, regardless of various parameters (listen backlog for
    example)

    On x86_64, this means order-1 allocations (might fail), even for 'small'
    sockets, expecting few connections. On the contrary, a huge server wanting a
    backlog of 50000 is slowed down a bit because of this fixed limit.

    This patch makes the sizing of listen hash table a dynamic parameter,
    depending of :
    - net.core.somaxconn tunable (default is 128)
    - net.ipv4.tcp_max_syn_backlog tunable (default : 256, 1024 or 128)
    - backlog value given by user application (2nd parameter of listen())

    For large allocations (bigger than PAGE_SIZE), we use vmalloc() instead of
    kmalloc().

    We still limit memory allocation with the two existing tunables (somaxconn &
    tcp_max_syn_backlog). So for standard setups, this patch actually reduce RAM
    usage.

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

29 Sep, 2006

3 commits

23 Sep, 2006

2 commits

  • 4237c75c0   [MLSXFRM]: Auto-labeling of child sockets ... Browse Code »

    This automatically labels the TCP, Unix stream, and dccp child sockets
    as well as openreqs to be at the same MLS level as the peer. This will
    result in the selection of appropriately labeled IPSec Security
    Associations.

    This also uses the sock's sid (as opposed to the isec sid) in SELinux
    enforcement of secmark in rcv_skb and postroute_last hooks.

    Signed-off-by: Venkat Yekkirala
    Signed-off-by: David S. Miller

    Venkat Yekkirala
     
  • beb8d13be   [MLSXFRM]: Add flow labeling ... Browse Code »

    This labels the flows that could utilize IPSec xfrms at the points the
    flows are defined so that IPSec policy and SAs at the right label can
    be used.

    The following protos are currently not handled, but they should
    continue to be able to use single-labeled IPSec like they currently
    do.

    ipmr
    ip_gre
    ipip
    igmp
    sit
    sctp
    ip6_tunnel (IPv6 over IPv6 tunnel device)
    decnet

    Signed-off-by: Venkat Yekkirala
    Signed-off-by: David S. Miller

    Venkat Yekkirala
     

01 Jul, 2006

1 commit

21 Mar, 2006

3 commits

04 Jan, 2006

3 commits

06 Nov, 2005

1 commit

  • 6df716340   [TCP/DCCP]: Randomize port selection ... Browse Code »

    This patch randomizes the port selected on bind() for connections
    to help with possible security attacks. It should also be faster
    in most cases because there is no need for a global lock.

    Signed-off-by: Stephen Hemminger
    Signed-off-by: Arnaldo Carvalho de Melo

    Stephen Hemminger
     

09 Oct, 2005

1 commit

  • dd0fc66fb   [PATCH] gfp flags annotations - part 1 ... Browse Code »

    - added typedef unsigned int __nocast gfp_t;

    - replaced __nocast uses for gfp flags with gfp_t - it gives exactly
    the same warnings as far as sparse is concerned, doesn't change
    generated code (from gcc point of view we replaced unsigned int with
    typedef) and documents what's going on far better.

    Signed-off-by: Al Viro
    Signed-off-by: Linus Torvalds

    Al Viro
     

30 Aug, 2005

4 commits