1. 14 Nov, 2016 5 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · 7d384846
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter updates for net-next
      
      The following patchset contains a second batch of Netfilter updates for
      your net-next tree. This includes a rework of the core hook
      infrastructure that improves Netfilter performance by ~15% according to
      synthetic benchmarks. Then, a large batch with ipset updates, including
      a new hash:ipmac set type, via Jozsef Kadlecsik. This also includes a
      couple of assorted updates.
      
      Regarding the core hook infrastructure rework to improve performance,
      using this simple drop-all packets ruleset from ingress:
      
              nft add table netdev x
              nft add chain netdev x y { type filter hook ingress device eth0 priority 0\; }
              nft add rule netdev x y drop
      
      And generating traffic through Jesper Brouer's
      samples/pktgen/pktgen_bench_xmit_mode_netif_receive.sh script using -i
      option. perf report shows nf_tables calls in its top 10:
      
          17.30%  kpktgend_0   [nf_tables]            [k] nft_do_chain
          15.75%  kpktgend_0   [kernel.vmlinux]       [k] __netif_receive_skb_core
          10.39%  kpktgend_0   [nf_tables_netdev]     [k] nft_do_chain_netdev
      
      I'm measuring here an improvement of ~15% in performance with this
      patchset, so we got +2.5Mpps more. I have used my old laptop Intel(R)
      Core(TM) i5-3320M CPU @ 2.60GHz 4-cores.
      
      This rework contains more specifically, in strict order, these patches:
      
      1) Remove compile-time debugging from core.
      
      2) Remove obsolete comments that predate the rcu era. These days it is
         well known that a Netfilter hook always runs under rcu_read_lock().
      
      3) Remove threshold handling, this is only used by br_netfilter too.
         We already have specific code to handle this from br_netfilter,
         so remove this code from the core path.
      
      4) Deprecate NF_STOP, as this is only used by br_netfilter.
      
      5) Place nf_state_hook pointer into xt_action_param structure, so
         this structure fits into one single cacheline according to pahole.
         This also implicit affects nftables since it also relies on the
         xt_action_param structure.
      
      6) Move state->hook_entries into nf_queue entry. The hook_entries
         pointer is only required by nf_queue(), so we can store this in the
         queue entry instead.
      
      7) use switch() statement to handle verdict cases.
      
      8) Remove hook_entries field from nf_hook_state structure, this is only
         required by nf_queue, so store it in nf_queue_entry structure.
      
      9) Merge nf_iterate() into nf_hook_slow() that results in a much more
         simple and readable function.
      
      10) Handle NF_REPEAT away from the core, so far the only client is
          nf_conntrack_in() and we can restart the packet processing using a
          simple goto to jump back there when the TCP requires it.
          This update required a second pass to fix fallout, fix from
          Arnd Bergmann.
      
      11) Set random seed from nft_hash when no seed is specified from
          userspace.
      
      12) Simplify nf_tables expression registration, in a much smarter way
          to save lots of boiler plate code, by Liping Zhang.
      
      13) Simplify layer 4 protocol conntrack tracker registration, from
          Davide Caratti.
      
      14) Missing CONFIG_NF_SOCKET_IPV4 dependency for udp4_lib_lookup, due
          to recent generalization of the socket infrastructure, from Arnd
          Bergmann.
      
      15) Then, the ipset batch from Jozsef, he describes it as it follows:
      
      * Cleanup: Remove extra whitespaces in ip_set.h
      * Cleanup: Mark some of the helpers arguments as const in ip_set.h
      * Cleanup: Group counter helper functions together in ip_set.h
      * struct ip_set_skbinfo is introduced instead of open coded fields
        in skbinfo get/init helper funcions.
      * Use kmalloc() in comment extension helper instead of kzalloc()
        because it is unnecessary to zero out the area just before
        explicit initialization.
      * Cleanup: Split extensions into separate files.
      * Cleanup: Separate memsize calculation code into dedicated function.
      * Cleanup: group ip_set_put_extensions() and ip_set_get_extensions()
        together.
      * Add element count to hash headers by Eric B Munson.
      * Add element count to all set types header for uniform output
        across all set types.
      * Count non-static extension memory into memsize calculation for
        userspace.
      * Cleanup: Remove redundant mtype_expire() arguments, because
        they can be get from other parameters.
      * Cleanup: Simplify mtype_expire() for hash types by removing
        one level of intendation.
      * Make NLEN compile time constant for hash types.
      * Make sure element data size is a multiple of u32 for the hash set
        types.
      * Optimize hash creation routine, exit as early as possible.
      * Make struct htype per ipset family so nets array becomes fixed size
        and thus simplifies the struct htype allocation.
      * Collapse same condition body into a single one.
      * Fix reported memory size for hash:* types, base hash bucket structure
        was not taken into account.
      * hash:ipmac type support added to ipset by Tomasz Chilinski.
      * Use setup_timer() and mod_timer() instead of init_timer()
        by Muhammad Falak R Wani, individually for the set type families.
      
      16) Remove useless connlabel field in struct netns_ct, patch from
          Florian Westphal.
      
      17) xt_find_table_lock() doesn't return ERR_PTR() anymore, so simplify
          {ip,ip6,arp}tables code that uses this.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7d384846
    • Jiri Pirko's avatar
      mlxsw: spectrum_router: Add FIB abort warning · 8d419324
      Jiri Pirko authored
      Add a warning that the abort mechanism was triggered for device.
      Also avoid going through the procedure if abort was already done.
      Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
      Acked-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8d419324
    • David S. Miller's avatar
      Merge branch 'dsa-mv88e6xxx-post-refactor-fixes' · 5aad5b42
      David S. Miller authored
      Andrew Lunn says:
      
      ====================
      dsa: mv88e6xxx: Fixes for port refactoring
      
      The patches which refactored setting up the switch MACs introduced a
      couple of regressions. The RGMII delays for a port can be set using
      other mechanism than just phy-mode. Don't overwrite the delays unless
      explicitly asked to. This broke my Armada 370 RD. Also, the mv88e6351
      family supports setting RGMII delays, but is missing the necessary
      entries in the ops structures to allow this.
      
      These fixes are to patches currently in net-next. No need for stable
      etc.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5aad5b42
    • Andrew Lunn's avatar
      net: dsa: mv88e6xxx: 6351 family also has RGMII delays · 94d66ae6
      Andrew Lunn authored
      The recent refactoring of setting the MAC configuration broke setting
      of RGMII delays, via the phy-mode, on the 6351 family. Add the missing
      ops to the structure.
      
      Fixes: 7340e5ecdbb1 ("net: dsa: mv88e6xxx: setup port's MAC")
      Signed-off-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      94d66ae6
    • Andrew Lunn's avatar
      net: dsa: mv88e6xxx: Don't modify RGMII delays when not RGMII mode · fedf1865
      Andrew Lunn authored
      The RGMII modes delays can be set via strapping pings or EEPROM.
      Don't change them unless explicitly asked to change them.  The recent
      refactoring of setting the MAC configuration changed this behaviours,
      in that CPU and DSA ports have any pre-configured RGMII delays
      removed. This breaks the Armada 370RD board. Restore the previous
      behaviour, in that RGMII delays are only applied/removed when
      explicitly asked for via an phy-mode being PHY_INTERFACE_MODE_RGMII*
      
      Fixes: 7340e5ecdbb1 ("net: dsa: mv88e6xxx: setup port's MAC")
      Signed-off-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fedf1865
  2. 13 Nov, 2016 31 commits
  3. 10 Nov, 2016 4 commits