- 01 Sep, 2009 1 commit
-
-
Patrick McHardy authored
Commit 19eda879 (netfilter: change return types of check functions for Ebtables extensions) broke the ebtables ulog module by missing a return value conversion. Signed-off-by: Patrick McHardy <kaber@trash.net>
-
- 31 Aug, 2009 4 commits
-
-
Julius Volz authored
Add handling of incoming ICMPv6 messages. This follows the handling of IPv4 ICMP messages. Amongst ther things this problem allows IPVS to behave sensibly when an ICMPV6_PKT_TOOBIG message is received: This message is received when a realserver sends a packet >PMTU to the client. The hop on this path with insufficient MTU will generate an ICMPv6 Packet Too Big message back to the VIP. The LVS server receives this message, but the call to the function handling this has been missing. Thus, IPVS fails to forward the message to the real server, which then does not adjust the path MTU. This patch adds the missing call to ip_vs_in_icmp_v6() in ip_vs_in() to handle this situation. Thanks to Rob Gallagher from HEAnet for reporting this issue and for testing this patch in production (with direct routing mode). [horms@verge.net.au: tweaked changelog] Signed-off-by: Julius Volz <julius.volz@gmail.com> Tested-by: Rob Gallagher <robert.gallagher@heanet.ie> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Patrick McHardy <kaber@trash.net>
-
Patrick McHardy authored
Use memcmp() instead of open coded comparison that reads one byte past the intended end. Based on patch from Roel Kluin <roel.kluin@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
-
Alexey Dobriyan authored
Conntracks in netns other than init_net dying list were never killed. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
-
Simon Horman authored
A pointed out by Shin Hong, IPVS doesn't always use atomic operations in an atomic manner. While this seems unlikely to be manifest in strange behaviour, it seems appropriate to clean this up. Cc: shin hong <hongshin@gmail.com> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Patrick McHardy <kaber@trash.net>
-
- 25 Aug, 2009 3 commits
-
-
Patrick McHardy authored
Signed-off-by: Patrick McHardy <kaber@trash.net>
-
Patrick McHardy authored
Consitfy nlmsghdr arguments to a couple of functions as preparation for the next patch, which will constify the netlink message data in all nfnetlink users. Signed-off-by: Patrick McHardy <kaber@trash.net>
-
Patrick McHardy authored
Log packets dropped by helpers using the netfilter logging API. This is useful in combination with nfnetlink_log to analyze those packets in userspace for debugging. Signed-off-by: Patrick McHardy <kaber@trash.net>
-
- 24 Aug, 2009 3 commits
-
-
Eric Dumazet authored
commit f216f082 ([NETFILTER]: bridge netfilter: deal with martians correctly) added a refcount leak on in_dev. Instead of using in_dev_get(), we can use __in_dev_get_rcu(), as netfilter hooks are running under rcu_read_lock(), as pointed by Patrick. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
-
Maximilian Engelhardt authored
Kernel 2.6.30 introduced a patch [1] for the persistent option in the netfilter SNAT target. This is exactly what we need here so I had a quick look at the code and noticed that the patch is wrong. The logic is simply inverted. The patch below fixes this. Also note that because of this the default behavior of the SNAT target has changed since kernel 2.6.30 as it now ignores the destination IP in choosing the source IP for nating (which should only be the case if the persistent option is set). [1] http://git.eu.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=98d500d66cb7940747b424b245fc6a51ecfbf005Signed-off-by: Maximilian Engelhardt <maxi@daemonizer.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
-
Jan Engelhardt authored
The inputted table is never modified, so should be considered const. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
-
- 10 Aug, 2009 21 commits
-
-
-
Jan Engelhardt authored
This adds the second check that Rusty wanted to have a long time ago. :-) Base chain policies must have absolute verdicts that cease processing in the table, otherwise rule execution may continue in an unexpected spurious fashion (e.g. next chain that follows in memory). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
This adds a check that iptables's original author Rusty set forth in a FIXME comment. Underflows in iptables are better known as chain policies, and are required to be unconditional or there would be a stochastical chance for the policy rule to be skipped if it does not match. If that were to happen, rule execution would continue in an unexpected spurious fashion. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
The "hook_entry" and "underflow" array contains values even for hooks not provided, such as PREROUTING in conjunction with the "filter" table. Usually, the values point to whatever the next rule is. For the upcoming unconditionality and underflow checking patches however, we must not inspect that arbitrary rule. Skipping unassigned hooks seems like a good idea, also because newinfo->hook_entry and newinfo->underflow will then continue to have the poison value for detecting abnormalities. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
Instead of inspecting each u32/char open-coded, clean up and make use of memcmp. On some arches, memcmp is implemented as assembly or GCC's __builtin_memcmp which can possibly take advantages of known alignment. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
This commit gets rid of a padding hole as reported by pahole(1). Saves 8 bytes on x86_64. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
Simple substitution to indicate that the fields indeed use the NFPROTO_ space. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
When IPv4 and IPv6 matches were unified approx. 3.5 years ago, they received new header filenames (e.g. xt_CLASSIFY.h). Let's remove the old ones now. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
Superseded by xt_owner v1 (v2.6.24-2388-g0265ab44). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
Superseded by xt_mark v1 (v2.6.24-2922-g17b0d7ef). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
Superseded by xt_iprange v1 (v2.6.24-2928-g1a50c5a1). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
Superseded by xt_conntrack v1 (v2.6.24-2921-g64eb12f9). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
Superseded by xt_connmark v1 (v2.6.24-2919-g96e32272). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
Superseded by xt_MARK v2 (v2.6.24-2918-ge0a812ae). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
Superseded by xt_CONNMARK v1 (v2.6.24-2917-g0dc8c760). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Jan Engelhardt authored
Superseded by xt_TOS v1 (v2.6.24-2396-g5c350e5a). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
Tobias Klauser authored
ebt_log uses its own implementation of print_mac to print MAC addresses. This patch converts it to use the %pM conversion specifier for printk. Signed-off-by: Tobias Klauser <klto@zhaw.ch> Signed-off-by: Patrick McHardy <kaber@trash.net>
-
Rafael Laufer authored
Signed-off-by: Patrick McHardy <kaber@trash.net>
-
- 07 Aug, 2009 4 commits
-
-
Krishna Kumar authored
dev_queue_xmit enqueue's a skb and calls qdisc_run which dequeue's the skb and xmits it. In most cases, the skb that is enqueue'd is the same one that is dequeue'd (unless the queue gets stopped or multiple cpu's write to the same queue and ends in a race with qdisc_run). For default qdiscs, we can remove the redundant enqueue/dequeue and simply xmit the skb since the default qdisc is work-conserving. The patch uses a new flag - TCQ_F_CAN_BYPASS to identify the default fast queue. The controversial part of the patch is incrementing qlen when a skb is requeued - this is to avoid checks like the second line below: + } else if ((q->flags & TCQ_F_CAN_BYPASS) && !qdisc_qlen(q) && >> !q->gso_skb && + !test_and_set_bit(__QDISC_STATE_RUNNING, &q->state)) { Results of a 2 hour testing for multiple netperf sessions (1, 2, 4, 8, 12 sessions on a 4 cpu system-X). The BW numbers are aggregate Mb/s across iterations tested with this version on System-X boxes with Chelsio 10gbps cards: ---------------------------------- Size | ORG BW NEW BW | ---------------------------------- 128K | 156964 159381 | 256K | 158650 162042 | ---------------------------------- Changes from ver1: 1. Move sch_direct_xmit declaration from sch_generic.h to pkt_sched.h 2. Update qdisc basic statistics for direct xmit path. 3. Set qlen to zero in qdisc_reset. 4. Changed some function names to more meaningful ones. Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yevgeny Petrilin authored
We use 1:1 mapping between QPs and SRQs on receive side, so additional indirection level not required. Allocated the receive buffers for the RSS QPs. Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yevgeny Petrilin authored
There is no point in using more QPs then actual number of receive rings. If the RSS function for two streams gives the same result modulo number of rings, they will arrive to the same RX ring anyway. Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yevgeny Petrilin authored
If the net device is identified as "sender" (number of sent packets is higher then the number of received packets and the incoming packets are small), set the moderation time to its low limit. We do it because the incoming packets are acks, and we don't want to delay them Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 06 Aug, 2009 4 commits
-
-
Daniel Mack authored
Hibernation is unsupported for now, which meets the actual implementation in the driver. For free/thaw, the chip's D2 state should be entered. Signed-off-by: Daniel Mack <daniel@caiaq.de> Acked-by: <steve.glendinning@smsc.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Atsushi Nemoto authored
The datasheet say "When not enabling packing, the MinFrag value must remain at 0". Do not set value to RxFragSize register if TC35815_USE_PACKEDBUFFER disabled. This is not a bugfix. No real problem reported on this. Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Atsushi Nemoto authored
The Miss_Cnt register is cleared by reading. Accumulate its value to rx_missed_errors count. Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Atsushi Nemoto authored
The current timeout value is too short for very high-load condition which jiffies might jump up in busy-loop. Also add minimum delay before checking completion of MDIO. Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
-