aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* Merge branch 'lvs-next-2.6' of ↵David S. Miller2008-10-08
|\ | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/horms/lvs-2.6 Conflicts: net/netfilter/Kconfig
| * Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 into ↵Simon Horman2008-10-06
| |\ | | | | | | | | | lvs-next-2.6
| * | IPVS: Move IPVS to net/netfilter/ipvsJulius Volz2008-10-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since IPVS now has partial IPv6 support, this patch moves IPVS from net/ipv4/ipvs to net/netfilter/ipvs. It's a result of: $ git mv net/ipv4/ipvs net/netfilter and adapting the relevant Kconfigs/Makefiles to the new path. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
| * | ipvs: Fix unused label warningSven Wegener2008-09-21
| | | | | | | | | | | | | | | Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Signed-off-by: Simon Horman <horms@verge.net.au>
| * | ipvs: Restrict sync message to 255 connectionsSven Wegener2008-09-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The nr_conns variable in the sync message header is only eight bits wide and will overflow on interfaces with a large MTU. As a result the backup won't parse all connections contained in the sync buffer. On regular ethernet with an MTU of 1500 this isn't a problem, because we can't overflow the value, but consider jumbo frames being used on a cross-over connection between both directors. We now restrict the size of the sync buffer, so that we never put more than 255 connections into a single sync buffer. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Signed-off-by: Simon Horman <horms@verge.net.au>
* | | sctp: shrink sctp_tsnmap some more by removing gabs arrayVlad Yasevich2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The gabs array in the sctp_tsnmap structure is only used in one place, sctp_make_sack(). As such, carrying the array around in the sctp_tsnmap and thus directly in the sctp_association is rather pointless since most of the time it's just taking up space. Now, let sctp_make_sack create and populate it and then throw it away when it's done. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | sctp: Rework the tsn map to use generic bitmap.Vlad Yasevich2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The tsn map currently use is 4K large and is stuck inside the sctp_association structure making memory references REALLY expensive. What we really need is at most 4K worth of bits so the biggest map we would have is 512 bytes. Also, the map is only really usefull when we have gaps to store and report. As such, starting with minimal map of say 32 TSNs (bits) should be enough for normal low-loss operations. We can grow the map by some multiple of 32 along with some extra room any time we receive the TSN which would put us outside of the map boundry. As we close gaps, we can shift the map to rebase it on the latest TSN we've seen. This saves 4088 bytes per association just in the map alone along savings from the now unnecessary structure members. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | inet: cleanup of local_port_rangeEric Dumazet2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I noticed sysctl_local_port_range[] and its associated seqlock sysctl_local_port_range_lock were on separate cache lines. Moreover, sysctl_local_port_range[] was close to unrelated variables, highly modified, leading to cache misses. Moving these two variables in a structure can help data locality and moving this structure to read_mostly section helps sharing of this data among cpus. Cleanup of extern declarations (moved in include file where they belong), and use of inet_get_local_port_range() accessor instead of direct access to ports values. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | udp: Improve port randomizationEric Dumazet2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Current UDP port allocation is suboptimal. We select the shortest chain to chose a port (out of 512) that will hash in this shortest chain. First, it can lead to give not so ramdom ports and ease give attackers more opportunities to break the system. Second, it can consume a lot of CPU to scan all table in order to find the shortest chain. Third, in some pathological cases we can fail to find a free port even if they are plenty of them. This patch zap the search for a short chain and only use one random seed. Problem of getting long chains should be addressed in another way, since we can obtain long chains with non random ports. Based on a report and patch from Vitaly Mayatskikh Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | pkt_sched: Update qdisc requeue stats in dev_requeue_skb()Jarek Poplawski2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After the last change of requeuing there is no info about such incidents in tc stats. This patch updates the counter, but we should consider this should differ from previous stats because of additional checks preventing to repeat this. On the other hand, previous stats didn't include requeuing of gso_segmented skbs. Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | tcp: fix length used for checksum in a resetIlpo Järvinen2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While looking for some common code I came across difference in checksum calculation between tcp_v6_send_(reset|ack) I couldn't explain. I checked both v4 and v6 and found out that both seem to have the same "feature". I couldn't find anything in rfc nor anywhere else which would state that md5 option should be ignored like it was in case of reset so I came to a conclusion that this is probably a genuine bug. I suspect that addition of md5 just was fooled by the excessive copy-paste code in those functions and the reset part was never tested well enough to find out the problem. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | ipv6: remove unused not init_ipv6_mibs/cleanup_ipv6_mibsDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | ipv6: making ip and icmp statistics per/namespaceDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | ipv6: added net argument to _DEVINC/_DEVADDDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | ipv6: added net argument to ICMP6MSGIN_INC_STATS_BHDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | ipv6: ICMP6MSGIN_INC_STATS is not usedDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | | | | | | | Removed. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | ipv6: added net argument to ICMP6MSGOUT_INC_STATS_BHDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | ipv6: added net argument to ICMP6MSGOUT_INC_STATSDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | ipv6: added net argument to ICMP6_INC_STATS_BHDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | ipv6: added net argument to ICMP6_INC_STATSDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | ipv6: added net argument to IP6_ADD_STATS_BHDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | ipv6: added net argument to IP6_INC_STATS_BHDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | netns: add net parameter to IP6_INC_STATSDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | ipv6: consolidate error paths in ipv6_frag_rcvDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | ipv6: local dev is actually unused in ip6_fragmentDenis V. Lunev2008-10-08
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | Merge branch 'master' of ↵David S. Miller2008-10-08
|\ \ \ | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6
| * | | netfilter: xtables: remove bogus mangle table dependency of connmarkJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: xtables: use NFPROTO_UNSPEC in more extensionsJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Lots of extensions are completely family-independent, so squash some code. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: xtables: cut down on static data for family-independent extensionsJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using ->family in struct xt_*_param, multiple struct xt_{match,target} can be squashed together. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: xtables: provide invoked family value to extensionsJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By passing in the family through which extensions were invoked, a bit of data space can be reclaimed. The "family" member will be added to the parameter structures and the check functions be adjusted. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: xtables: move extension arguments into compound structure (6/6)Jan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch does this for target extensions' destroy functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: xtables: move extension arguments into compound structure (5/6)Jan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch does this for target extensions' checkentry functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: xtables: move extension arguments into compound structure (4/6)Jan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch does this for target extensions' target functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: xtables: move extension arguments into compound structure (3/6)Jan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch does this for match extensions' destroy functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: xtables: move extension arguments into compound structure (2/6)Jan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch does this for match extensions' checkentry functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: xtables: move extension arguments into compound structure (1/6)Jan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The function signatures for Xtables extensions have grown over time. It involves a lot of typing/replication, and also a bit of stack space even if they are not used. Realize an NFWS2008 idea and pack them into structs. The skb remains outside of the struct so gcc can continue to apply its optimizations. This patch does this for match extensions' match functions. A few ambiguities have also been addressed. The "offset" parameter for example has been renamed to "fragoff" (there are so many different offsets already) and "protoff" to "thoff" (there is more than just one protocol here, so clarify). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: xtables: use "if" blocks in KconfigJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: xtables: sort extensions alphabetically in KconfigJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: ebtables: make BRIDGE_NF_EBTABLES a menuconfig optionJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: ip6tables: fix Kconfig entry dependency for ip6t_LOGJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ip6t_LOG does certainly not depend on the filter table. (Also, move it so that menuconfig still displays it correctly.) Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: ip6tables: fix name of hopbyhop in KconfigJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The module is called hbh, not hopbyhop. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: xtables: do centralized checkentry call (1/2)Jan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It used to be that {ip,ip6,etc}_tables called extension->checkentry themselves, but this can be moved into the xtables core. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: ebtables: fix one wrong return valueJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Usually -EINVAL is used when checkentry fails (see *_tables). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: remove redundant casts from EbtablesJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: remove unused Ebtables functionsJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: implement hotdrop for EbtablesJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: ebtables: use generic table checkingJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ebtables ORs (1 << NF_BR_NUMHOOKS) into the hook mask to indicate that the extension was called from a base chain. So this also needs to be present in the extensions' ->hooks. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: x_tables: output bad hook mask in hexadecimalJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | It is a mask, and masks are most useful in hex. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: move Ebtables to use XtablesJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * | | netfilter: change Ebtables function signatures to match Xtables'sJan Engelhardt2008-10-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>