08 Oct, 2008
39 commits
-
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Again, it's deducible from skb, but we're going to use it for
nf_conntrack_checksum and statistics, so just pass it from upper layer.Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
It's deducible from skb->dev or skb->dst->dev, but we know netns at
the moment of call, so pass it down and use for finding and creating
conntracks.Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
What is confirmed connection in one netns can very well be unconfirmed
in another one.Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Make per-netns a) expectation hash and b) expectations count.
Expectations always belongs to netns to which it's master conntrack belong.
This is natural and doesn't bloat expectation.Proc files and leaf users are stubbed to init_net, this is temporary.
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Take netns from skb->dst->dev. It should be safe because, they are called
from LOCAL_OUT hook where dst is valid (though, I'm not exactly sure about
IPVS and queueing packets to userspace).[Patrick: its safe everywhere since they already expect skb->dst to be set]
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
* make per-netns conntrack hash
Other solution is to add ->ct_net pointer to tuplehashes and still has one
hash, I tried that it's ugly and requires more code deep down in protocol
modules et al.* propagate netns pointer to where needed, e. g. to conntrack iterators.
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Sysctls and proc files are stubbed to init_net's one. This is temporary.
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Conntrack (struct nf_conn) gets pointer to netns: ->ct_net -- netns in which
it was created. It comes from netdevice.->ct_net is write-once field.
Every conntrack in system has ->ct_net initialized, no exceptions.
->ct_net doesn't pin netns: conntracks are recycled after timeouts and
pinning background traffic will prevent netns from even starting shutdown
sequence.Right now every conntrack is created in init_net.
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
One comment: #ifdefs around #include is necessary to overcome amazing compile
breakages in NOTRACK-in-netns patch (see below).Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Now that dev_net() exists, the usefullness of them is even less. Also they're
a big problem in resolving circular header dependencies necessary for
NOTRACK-in-netns patch. See below.Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
When a match or target is looked up using xt_find_{match,target},
Xtables will also search the NFPROTO_UNSPEC module list. This allows
for protocol-independent extensions (like xt_time) to be reused from
other components (e.g. arptables, ebtables).Extensions that take different codepaths depending on match->family
or target->family of course cannot use NFPROTO_UNSPEC within the
registration structure (e.g. xt_pkttype).Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
The netfilter subsystem only supports a handful of protocols (much
less than PF_*) and even non-PF protocols like ARP and
pseudo-protocols like PF_BRIDGE. By creating NFPROTO_*, we can earn a
few memory savings on arrays that previously were always PF_MAX-sized
and keep the pseudo-protocols to ourselves.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
This updates xt_recent to support the IPv6 address family.
The new /proc/net/xt_recent directory must be used for this.
The old proc interface can also be configured out.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Like with other modules (such as ipt_state), ipt_recent.h is changed
to forward definitions to (IOW include) xt_recent.h, and xt_recent.c
is changed to use the new constant names.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
and (try to) consistently use u_int8_t for the L3 family.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
The content of init_ipv6_mibs/cleanup_ipv6_mibs will be moved to new
calls one by one next.Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Unused net variable will become used very soon.
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
idev has been stored on seq->private. NULL has been stored for global
statistics.The situation is changed with net namespace. We need to store pointer to
struct net and the only place is seq->private. So, we'll have for
/proc/net/dev_snmp6/* and for /proc/net/snmp6 pointers of two different
types stored in the same field.This effectively requires to separate seq_ops of these files.
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Simple, comsolidate sockstat6 staff in one place, at the beginning of
the file. Right now sockstat6_seq_open/sockstat6_seq_fops looks like an
intrusion in the middle of snmp6 code.Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Do the same for /proc/net/snmp6.
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
I'm quite sure that if I give this function in its old format
for you to inspect, you start to wonder what is the type of
demanded or if it's a global variable.Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller -
It all started from me noticing that this urgent check in
tcp_clean_rtx_queue is unnecessarily inside the loop. Then
I took a longer look to it and found out that the users of
urg_mode can trivially do without, well almost, there was
one gotcha.Bonus: those funny people who use urg with >= 2^31 write_seq -
snd_una could now rejoice too (that's the only purpose for the
between being there, otherwise a simple compare would have done
the thing). Not that I assume that the rest of the tcp code
happily lives with such mind-boggling numbers :-). Alas, it
turned out to be impossible to set wmem to such numbers anyway,
yes I really tried a big sendfile after setting some wmem but
nothing happened :-). ...Tcp_wmem is int and so is sk_sndbuf...
So I hacked a bit variable to long and found out that it seems
to work... :-)Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller -
Add some packet-split receive hooks.
For one this allows to do NUMA node affine page allocs. Later on these
hooks will be extended to do emergency reserve allocations for
fragments.Signed-off-by: Peter Zijlstra
Signed-off-by: David S. Miller -
Wrap calling sk->sk_backlog_rcv() in a function. This will allow extending the
generic sk_backlog_rcv behaviour.Signed-off-by: Peter Zijlstra
Signed-off-by: David S. Miller -
This makes that ip6_route_net_init() does all of the route init code.
There used to be a race between ip6_route_net_init() and ip6_net_init()
and someone relying on the combined result was left out cold.Signed-off-by: Peter Zijlstra
Signed-off-by: David S. Miller -
ip6_route_net_init() error handling looked less than solid, fix 'er up.
Signed-off-by: Peter Zijlstra
Signed-off-by: David S. Miller -
Use the socket cached in the skb if it's present.
Signed-off-by: KOVACS Krisztian
Acked-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
To be able to use the cached socket reference in the skb during input
processing we add a new set of lookup functions that receive the skb on
their argument list.Signed-off-by: KOVACS Krisztian
Acked-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
To be able to use the cached socket reference in the skb during input
processing we add a new set of lookup functions that receive the skb on
their argument list.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: KOVACS Krisztian
Signed-off-by: David S. Miller
07 Oct, 2008
1 commit
-
Based upon a report by Vito Caputo.
Signed-off-by: David S. Miller