1. 01 Feb, 2011 18 commits
  2. 28 Jan, 2011 1 commit
  3. 27 Jan, 2011 1 commit
  4. 26 Jan, 2011 2 commits
  5. 25 Jan, 2011 2 commits
  6. 22 Jan, 2011 2 commits
  7. 20 Jan, 2011 14 commits
    • Eric Dumazet's avatar
      netfilter: add a missing include in nf_conntrack_reasm.c · bced94ed
      Eric Dumazet authored
      After commit ae90bdea (netfilter: fix compilation when conntrack is
      disabled but tproxy is enabled) we have following warnings :
      
      net/ipv6/netfilter/nf_conntrack_reasm.c:520:16: warning: symbol
      'nf_ct_frag6_gather' was not declared. Should it be static?
      net/ipv6/netfilter/nf_conntrack_reasm.c:591:6: warning: symbol
      'nf_ct_frag6_output' was not declared. Should it be static?
      net/ipv6/netfilter/nf_conntrack_reasm.c:612:5: warning: symbol
      'nf_ct_frag6_init' was not declared. Should it be static?
      net/ipv6/netfilter/nf_conntrack_reasm.c:640:6: warning: symbol
      'nf_ct_frag6_cleanup' was not declared. Should it be static?
      
      Fix this including net/netfilter/ipv6/nf_defrag_ipv6.h
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      CC: KOVACS Krisztian <hidden@balabit.hu>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      bced94ed
    • Patrick McHardy's avatar
      netfilter: nf_conntrack: fix linker error with NF_CONNTRACK_TIMESTAMP=n · 2f1e3176
      Patrick McHardy authored
      net/built-in.o: In function `nf_conntrack_init_net':
      net/netfilter/nf_conntrack_core.c:1521:
      	undefined reference to `nf_conntrack_tstamp_init'
      net/netfilter/nf_conntrack_core.c:1531:
      	undefined reference to `nf_conntrack_tstamp_fini'
      
      Add dummy inline functions for the =n case to fix this.
      Reported-by: default avatarJohn Fastabend <john.r.fastabend@intel.com>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      2f1e3176
    • Jan Engelhardt's avatar
      netfilter: xtables: add missing header inclusions for headers_check · 06988b06
      Jan Engelhardt authored
      Resolve these warnings on `make headers_check`:
      
      usr/include/linux/netfilter/xt_CT.h:7: found __[us]{8,16,32,64} type
      without #include <linux/types.h>
      ...
      Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
      06988b06
    • Changli Gao's avatar
      netfilter: nf_nat: place conntrack in source hash after SNAT is done · 41a7cab6
      Changli Gao authored
      If SNAT isn't done, the wrong info maybe got by the other cts.
      
      As the filter table is after DNAT table, the packets dropped in filter
      table also bother bysource hash table.
      Signed-off-by: default avatarChangli Gao <xiaosuo@gmail.com>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      41a7cab6
    • Patrick McHardy's avatar
      4cda47d2
    • Jan Engelhardt's avatar
      netfilter: xtables: remove duplicate member · ba12b130
      Jan Engelhardt authored
      Accidentally missed removing the old out-of-union "inverse" member,
      which caused the struct size to change which then gives size mismatch
      warnings when using an old iptables.
      
      It is interesting to see that gcc did not warn about this before.
      (Filed http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47376 )
      Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
      ba12b130
    • Patrick McHardy's avatar
      Merge branch 'connlimit' of git://dev.medozas.de/linux · 82d800d8
      Patrick McHardy authored
      Conflicts:
      	Documentation/feature-removal-schedule.txt
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      82d800d8
    • Florian Westphal's avatar
      netfilter: do not omit re-route check on NF_QUEUE verdict · 28a51ba5
      Florian Westphal authored
      ret != NF_QUEUE only works in the "--queue-num 0" case; for
      queues > 0 the test should be '(ret & NF_VERDICT_MASK) != NF_QUEUE'.
      
      However, NF_QUEUE no longer DROPs the skb unconditionally if queueing
      fails (due to NF_VERDICT_FLAG_QUEUE_BYPASS verdict flag), so the
      re-route test should also be performed if this flag is set in the
      verdict.
      
      The full test would then look something like
      
      && ((ret & NF_VERDICT_MASK) == NF_QUEUE && (ret & NF_VERDICT_FLAG_QUEUE_BYPASS))
      
      This is rather ugly, so just remove the NF_QUEUE test altogether.
      
      The only effect is that we might perform an unnecessary route lookup
      in the NF_QUEUE case.
      
      ip6table_mangle did not have such a check.
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      28a51ba5
    • David S. Miller's avatar
    • Jan Engelhardt's avatar
      netfilter: xtables: remove extraneous header that slipped in · 5d844928
      Jan Engelhardt authored
      Commit 0b8ad876 (netfilter: xtables: add missing header files to export
      list) erroneously added this.
      Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      5d844928
    • Eric Dumazet's avatar
      net_sched: cleanups · cc7ec456
      Eric Dumazet authored
      Cleanup net/sched code to current CodingStyle and practices.
      
      Reduce inline abuse
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cc7ec456
    • Alban Crequy's avatar
    • John Fastabend's avatar
      net_sched: implement a root container qdisc sch_mqprio · b8970f0b
      John Fastabend authored
      This implements a mqprio queueing discipline that by default creates
      a pfifo_fast qdisc per tx queue and provides the needed configuration
      interface.
      
      Using the mqprio qdisc the number of tcs currently in use along
      with the range of queues alloted to each class can be configured. By
      default skbs are mapped to traffic classes using the skb priority.
      This mapping is configurable.
      
      Configurable parameters,
      
      struct tc_mqprio_qopt {
      	__u8    num_tc;
      	__u8    prio_tc_map[TC_BITMASK + 1];
      	__u8    hw;
      	__u16   count[TC_MAX_QUEUE];
      	__u16   offset[TC_MAX_QUEUE];
      };
      
      Here the count/offset pairing give the queue alignment and the
      prio_tc_map gives the mapping from skb->priority to tc.
      
      The hw bit determines if the hardware should configure the count
      and offset values. If the hardware bit is set then the operation
      will fail if the hardware does not implement the ndo_setup_tc
      operation. This is to avoid undetermined states where the hardware
      may or may not control the queue mapping. Also minimal bounds
      checking is done on the count/offset to verify a queue does not
      exceed num_tx_queues and that queue ranges do not overlap. Otherwise
      it is left to user policy or hardware configuration to create
      useful mappings.
      
      It is expected that hardware QOS schemes can be implemented by
      creating appropriate mappings of queues in ndo_tc_setup().
      
      One expected use case is drivers will use the ndo_setup_tc to map
      queue ranges onto 802.1Q traffic classes. This provides a generic
      mechanism to map network traffic onto these traffic classes and
      removes the need for lower layer drivers to know specifics about
      traffic types.
      Signed-off-by: default avatarJohn Fastabend <john.r.fastabend@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b8970f0b
    • John Fastabend's avatar
      net: implement mechanism for HW based QOS · 4f57c087
      John Fastabend authored
      This patch provides a mechanism for lower layer devices to
      steer traffic using skb->priority to tx queues. This allows
      for hardware based QOS schemes to use the default qdisc without
      incurring the penalties related to global state and the qdisc
      lock. While reliably receiving skbs on the correct tx ring
      to avoid head of line blocking resulting from shuffling in
      the LLD. Finally, all the goodness from txq caching and xps/rps
      can still be leveraged.
      
      Many drivers and hardware exist with the ability to implement
      QOS schemes in the hardware but currently these drivers tend
      to rely on firmware to reroute specific traffic, a driver
      specific select_queue or the queue_mapping action in the
      qdisc.
      
      By using select_queue for this drivers need to be updated for
      each and every traffic type and we lose the goodness of much
      of the upstream work. Firmware solutions are inherently
      inflexible. And finally if admins are expected to build a
      qdisc and filter rules to steer traffic this requires knowledge
      of how the hardware is currently configured. The number of tx
      queues and the queue offsets may change depending on resources.
      Also this approach incurs all the overhead of a qdisc with filters.
      
      With the mechanism in this patch users can set skb priority using
      expected methods ie setsockopt() or the stack can set the priority
      directly. Then the skb will be steered to the correct tx queues
      aligned with hardware QOS traffic classes. In the normal case with
      single traffic class and all queues in this class everything
      works as is until the LLD enables multiple tcs.
      
      To steer the skb we mask out the lower 4 bits of the priority
      and allow the hardware to configure upto 15 distinct classes
      of traffic. This is expected to be sufficient for most applications
      at any rate it is more then the 8021Q spec designates and is
      equal to the number of prio bands currently implemented in
      the default qdisc.
      
      This in conjunction with a userspace application such as
      lldpad can be used to implement 8021Q transmission selection
      algorithms one of these algorithms being the extended transmission
      selection algorithm currently being used for DCB.
      Signed-off-by: default avatarJohn Fastabend <john.r.fastabend@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4f57c087