1. 20 Apr, 2015 8 commits
  2. 13 Apr, 2015 9 commits
    • Felix Fietkau's avatar
      tc: add support for connmark action · b8d5c9a7
      Felix Fietkau authored
      Add ability to add the netfilter connmark support.
      
      Typical usage:
      ...lets tag outgoing icmp with mark 0x10..
      iptables -tmangle -A PREROUTING -p icmp -j CONNMARK --set-mark 0x10
      ..add on ingress of $ETH an extractor for connmark...
      tc filter add dev $ETH parent ffff: prio 4 protocol ip \
      u32 match ip protocol 1 0xff \
      flowid 1:1 \
      action connmark continue
      ...if the connmark was 0x11, we police to a ridic rate of 10Kbps
      tc filter add dev $ETH parent ffff: prio 5 protocol ip \
      handle 0x11 fw flowid 1:1 \
      action police rate 10kbit burst 10k
      
      Other ways to use the connmark is to supply the zone, index and
      branching choice. Refer to help.
      Signed-off-by: default avatarFelix Fietkau <nbd@openwrt.org>
      Signed-off-by: default avatarJamal Hadi Salim <jhs@mojatatu.com>
      b8d5c9a7
    • Stephen Hemminger's avatar
      update kernel headers and add tc_connmark.h · 94f66538
      Stephen Hemminger authored
      Needed for later tc action patches
      94f66538
    • Andy Gospodarek's avatar
      iproute2: unify naming for entries offloaded to hardware · aa05b988
      Andy Gospodarek authored
      The kernel now has the capability to offload FDB and FIB entries to hardware.
      It is important to let users know if table entries are also offloaded to
      hardware.  Currently offloaded FDB entries are indicated by the existence of
      the flag 'external' on the entry as of the following commit:
      
      commit 28467b7f
      Author: Scott Feldman <sfeldma@gmail.com>
      Date:   Thu Dec 4 09:57:15 2014 +0100
      
          bridge/fdb: add flag/indication for FDB entry synced from offload device
      
      When the patch to add support for indicating that FIB entries were also
      offloaded as posted to netdev by Scott Feldman it became clear that 'external'
      would not be an ideal name for routes.  There could definitely be confusion
      about what this might mean since many routes are to external networks -- a
      collision/confusion that did not happen with FDB.
      
      Scott Feldman asked me to check with others and build concensus around a name.
      After speaking with several people about this I am proposing we refer to both
      FDB and FIB entries that are currently backed by hardware (based on the work
      done in rocker) with the flag 'offload' appended to the end ofthe entry.
      
      Some people liked the string 'external,' others liked 'hardware,' but the point
      is to communicate that these routes are available to something that will will
      offload the forwarding normally done by the kernel.  Since the term 'offload'
      is used so frequently it seems appropriate to use the same language in
      ip/bridge output.
      
      The term 'offload' also seems to resonate with many of the people who have
      responded on Scott's original thread or to those who I reached out to directly
      and did respond to my query, so it seems we have reached consensus that it
      should be the term used going forward.
      
      v2: rebased against net-next branch
      Signed-off-by: default avatarAndy Gospodarek <gospo@cumulusnetworks.com>
      CC: Jamal Hadi Salim <jhs@mojatatu.com>
      CC: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
      CC: Jiri Pirko <jiri@resnulli.us>
      CC: John W. Linville <linville@tuxdriver.com>
      CC: Roopa Prabhu <roopa@cumulusnetworks.com>
      CC: Scott Feldman <sfeldma@gmail.com>
      CC: Stephen Hemminger <stephen@networkplumber.org>
      aa05b988
    • Stephen Hemminger's avatar
      Merge branch 'master' into net-next · 93531fac
      Stephen Hemminger authored
      93531fac
    • Stephen Hemminger's avatar
      fix whitespace · 672acc72
      Stephen Hemminger authored
      672acc72
    • Stephen Hemminger's avatar
      v4.0.0 · aed6d85d
      Stephen Hemminger authored
      aed6d85d
    • Nicolas Dichtel's avatar
      ipnetns: add a runtime check for RTM_GETNSID support · 4c7d9a58
      Nicolas Dichtel authored
      The goal of this patch is to test during the runtime if the command RTM_GETNSID
      is supported by the kernel.
      Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      4c7d9a58
    • Nicolas Dichtel's avatar
      5a2ce868
    • Nicolas Dichtel's avatar
      694ed195
  3. 10 Apr, 2015 8 commits
  4. 07 Apr, 2015 6 commits
  5. 24 Mar, 2015 9 commits