Patrick McHardy [Tue, 15 Jan 2008 07:45:48 +0000 (23:45 -0800)]
[NETFILTER]: nf_conntrack_sctp: basic cleanups
Reindent switch cases properly, get rid of weird constructs like "!(x == y)",
put logical operations on the end of the line instead of the next line, get
rid of superfluous braces.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 15 Jan 2008 07:45:32 +0000 (23:45 -0800)]
[NETFILTER]: nf_conntrack_tcp: remove timeout indirection
Instead of keeping pointers to the timeout values in a table, simply
put the timeout values in the table directly.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 15 Jan 2008 07:45:11 +0000 (23:45 -0800)]
[NETFILTER]: nf_conntrack_{tcp,sctp}: shrink state table
The TCP and SCTP conntrack state transition tables only holds
small numbers, but gcc uses 4 byte per entry for the enum. Switching
to an u8 reduces the size from 480 to 120 bytes for TCP and from
576 to 144 bytes for SCTP.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 15 Jan 2008 07:44:49 +0000 (23:44 -0800)]
[NETFILTER]: nf_conntrack_{tcp,sctp}: mark state table const
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denys Vlasenko [Tue, 15 Jan 2008 07:44:26 +0000 (23:44 -0800)]
[NETFILTER]: ipt_REJECT: properly handle IP options
The current TCP RST construction reuses the old packet and can't
deal with IP options as a consequence of that. Construct the
RST from scratch instead.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denys Vlasenko [Tue, 15 Jan 2008 07:44:05 +0000 (23:44 -0800)]
[NETFILTER]: {ip,ip6}_tables: remove some inlines
This patch removes inlines except those which are used
by packet matching code and thus are performance-critical.
Before:
$ size */*/*/ip*tables*.o
text data bss dec hex filename
6402 500 16 6918 1b06 net/ipv4/netfilter/ip_tables.o
7130 500 16 7646 1dde net/ipv6/netfilter/ip6_tables.o
After:
$ size */*/*/ip*tables*.o
text data bss dec hex filename
6307 500 16 6823 1aa7 net/ipv4/netfilter/ip_tables.o
7010 500 16 7526 1d66 net/ipv6/netfilter/ip6_tables.o
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:43:34 +0000 (23:43 -0800)]
[NETFILTER]: Update feature-removal-schedule.txt
With all the newly introduced features, there is a lot to remove
later on after a compatibility grace period of 2 years.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:43:03 +0000 (23:43 -0800)]
[NETFILTER]: xt_iprange match, revision 1
Adds IPv6 support to xt_iprange, making it possible to match on IPv6
address ranges with ip6tables.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:42:47 +0000 (23:42 -0800)]
[NETFILTER]: Rename ipt_iprange to xt_iprange
This patch moves ipt_iprange to xt_iprange, in preparation for adding
IPv6 support to xt_iprange.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:42:28 +0000 (23:42 -0800)]
[NETFILTER]: Update modules' descriptions
Updates the MODULE_DESCRIPTION() tags for all Netfilter modules,
actually describing what the module does and not just
"netfilter XYZ target".
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:42:06 +0000 (23:42 -0800)]
[NETFILTER]: xt_policy: use the new union nf_inet_addr
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:41:50 +0000 (23:41 -0800)]
[NETFILTER]: xt_pkttype: IPv6 multicast address recognition
Signed-off-by: Jan Engelhart <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:41:34 +0000 (23:41 -0800)]
[NETFILTER]: xt_pkttype: Add explicit check for IPv4
In the PACKET_LOOPBACK case, the skb data was always interpreted as
IPv4, but that is not valid for IPv6, obviously. Fix this by adding an
extra condition to check for AF_INET.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:41:11 +0000 (23:41 -0800)]
[NETFILTER]: xt_mark match, revision 1
Introduces the xt_mark match revision 1. It uses fixed types,
eventually obsoleting revision 0 some day (uses nonfixed types).
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:40:53 +0000 (23:40 -0800)]
[NETFILTER]: xt_conntrack match, revision 1
Introduces the xt_conntrack match revision 1. It uses fixed types, the
new nf_inet_addr and comes with IPv6 support, thereby completely
superseding xt_state.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:40:34 +0000 (23:40 -0800)]
[NETFILTER]: Extend nf_inet_addr with in{,6}_addr
Extend union nf_inet_addr with struct in_addr and in6_addr. Useful
because a lot of in-kernel IPv4 and IPv6 functions use
in_addr/in6_addr.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:39:13 +0000 (23:39 -0800)]
[NETFILTER]: xt_connmark match, revision 1
Introduces the xt_connmark match revision 1. It uses fixed types,
eventually obsoleting revision 0 some day (uses nonfixed types).
(Unfixed types like "unsigned long" do not play well with mixed
user-/kernelspace "bitness", e.g. 32/64, as is common on SPARC64,
and need extra compat code.)
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:38:52 +0000 (23:38 -0800)]
[NETFILTER]: xt_MARK target, revision 2
Introduces the xt_MARK target revision 2. It uses fixed types, and
also uses the more expressive XOR logic.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:38:34 +0000 (23:38 -0800)]
[NETFILTER]: xt_CONNMARK target, revision 1
Introduces the xt_CONNMARK target revision 1. It uses fixed types, and
also uses the more expressive XOR logic. Futhermore, it allows to
selectively pick bits from both the ctmark and the nfmark in the SAVE
and RESTORE operations.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:33:14 +0000 (23:33 -0800)]
[NETFILTER]: Annotate start of kernel fields in NF headers
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:32:54 +0000 (23:32 -0800)]
[NETFILTER]: xt_TOS: Properly set the TOS field
Fix incorrect mask value passed to ipv4_change_dsfield/ipv6_change_dsfield.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:32:37 +0000 (23:32 -0800)]
[NETFILTER]: xt_TOS: Change semantic of mask value
This patch changes the behavior of xt_TOS v1 so that the mask value
the user supplies means "zero out these bits" rather than "keep these
bits". This is more easy on the user, as (I would assume) people keep
more bits than zeroing, so, an example:
Action: Set bit 0x01.
before (&): iptables -j TOS --set-tos 0x01/0xFE
after (&~): iptables -j TOS --set-tos 0x01/0x01
This is not too "tragic" with xt_TOS, but where larger fields are used
(e.g. proposed xt_MARK v2), `--set-xmar 0x01/0x01` vs. `--set-xmark
0x01/0xFFFFFFFE` really makes a difference. Other target(!) modules,
such as xt_TPROXY also use &~ rather than &, so let's get to a common
ground.
(Since xt_TOS has not yet left the development tree en direction to
mainline, the semantic can be changed as proposed without breaking
iptables.)
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Tue, 15 Jan 2008 07:32:13 +0000 (23:32 -0800)]
[NETFILTER]: remove ipt_TOS.c
Commit
88c85d81f74f92371745158aebc5cbf490412002 forgot to remove the
old ipt_TOS file (whose code has been merged into xt_DSCP). Remove
it now.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 15 Jan 2008 07:31:36 +0000 (23:31 -0800)]
[NETFILTER]: Remove some EXPERIMENTAL dependencies
Most of the netfilter modules are not considered experimental anymore,
the only ones I want to keep marked as EXPERIMENTAL are:
- TCPOPTSTRIP target, which is brand new.
- SANE helper, which is quite new.
- CLUSTERIP target, which I believe hasn't had much testing despite
being in the kernel for quite a long time.
- SCTP match and conntrack protocol, which are a mess and need to
be reviewed and cleaned up before I would trust them.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Tue, 15 Jan 2008 07:30:56 +0000 (23:30 -0800)]
[NETFILTER]: Hide a few more options under NETFILTER_ADVANCED
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Hemminger [Tue, 15 Jan 2008 07:14:20 +0000 (23:14 -0800)]
[IPV4]: fib hash|trie initialization
Initialization of the slab cache's should be done when IP is
initialized to make sure of available memory, and that code can be
marked __init.
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Hemminger [Tue, 15 Jan 2008 07:11:54 +0000 (23:11 -0800)]
[IPV4] fib_trie: size and statistics
Show number of entries in trie, the size field was being set but never used,
but it only counted leaves, not all entries. Refactor the two cases in
fib_triestat_seq_show into a single routine.
Note: the stat structure was being malloc'd but the stack usage isn't so
high (288 bytes) that it is worth the additional complexity.
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Tue, 15 Jan 2008 07:09:56 +0000 (23:09 -0800)]
[FIB]: Avoid using static variables without proper locking
fib_trie_seq_show() uses two helper functions, rtn_scope() and
rtn_type() that can write to static storage without locking.
Just pass to them a temporary buffer to avoid potential corruption
(probably not triggerable but still...)
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Tue, 15 Jan 2008 07:06:19 +0000 (23:06 -0800)]
[NETNS]: Process inet_confirm_addr in the correct namespace.
inet_confirm_addr can be called with NULL in_dev from arp_ignore iff
scope is RT_SCOPE_LINK.
Lets always pass the device and check for RT_SCOPE_LINK scope inside
inet_confirm_addr. This let us take network namespace from in_device a
need for an additional argument.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Tue, 15 Jan 2008 07:05:55 +0000 (23:05 -0800)]
[IPV4]: Remove extra argument from arp_ignore.
arp_ignore has two arguments: dev & in_dev. dev is used for
inet_confirm_addr calling only.
inet_confirm_addr, in turn, either gets in_dev from the device passed
or iterates over all network devices if the device passed is NULL. It
seems logical to directly pass in_dev into inet_confirm_addr.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 24 Jan 2008 08:30:58 +0000 (00:30 -0800)]
[ARP]: neigh_parms_put(destroy) are essentially local to core/neighbour.c.
Make them static.
[ Moved the inline before, instead of after, call sites. -DaveM ]
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Tue, 15 Jan 2008 07:00:22 +0000 (23:00 -0800)]
[ARP]: Remove forward declaration of neigh_changeaddr.
No need for this. It is declared in the neighbour.h
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Tue, 15 Jan 2008 06:59:59 +0000 (22:59 -0800)]
[ARP]: Remove overkill checks from neigh_param_alloc.
Valid network device is always passed into neigh_param_alloc, so
remove extra checking for dev == NULL. Additionally, cleanup bogus
netns assignment.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Tue, 15 Jan 2008 06:59:30 +0000 (22:59 -0800)]
[IPV4]: fib_rules_unregister is essentially void.
fib_rules_unregister is called only after successful register and the
return code is never checked.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Tue, 15 Jan 2008 06:58:55 +0000 (22:58 -0800)]
[NETNS]: Make arp code network namespace consistent.
Some calls in the arp.c have network namespace as an argument. Getting
init_net inside these functions is simply inconsistent. Fix this.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Tue, 15 Jan 2008 06:56:01 +0000 (22:56 -0800)]
[ARP]: Move inet_addr_type call after simple error checks in arp_contructor.
The neighbour entry will be destroyed in the case of error, so it is
pointless to perform constly routing table lookup in this case.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Mon, 14 Jan 2008 13:36:50 +0000 (05:36 -0800)]
[NETNS][RAW]: Create the /proc/net/raw(6) in each namespace.
To do so, just register the proper subsystem and create files in
->init callbacks.
No other special per-namespace handling for raw sockets is required.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Mon, 14 Jan 2008 13:36:27 +0000 (05:36 -0800)]
[NETNS][RAW]: Eliminate explicit init_net references.
Happily, in all the rest places (->bind callbacks only), that require the
struct net, we have a socket, so get the net from it.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Mon, 14 Jan 2008 13:35:57 +0000 (05:35 -0800)]
[NETNS][RAW]: Make /proc/net/raw(6) show per-namespace socket list.
Pull the struct net pointer up to the showing functions
to filter the sockets depending on their namespaces.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Mon, 14 Jan 2008 13:35:31 +0000 (05:35 -0800)]
[NETNS][RAW]: Make ipv[46] raw sockets lookup namespaces aware.
This requires just to pass the appropriate struct net pointer
into __raw_v[46]_lookup and skip sockets that do not belong
to a needed namespace.
The proper net is get from skb->dev in all the cases.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 14 Jan 2008 06:31:44 +0000 (22:31 -0800)]
[FIB]: full_children & empty_children should be uint, not ushort
If declared as unsigned short, these fields can overflow, and whole
trie logic is broken. I could not make the machine crash, but some
tnode can never be freed.
Note for 64 bit arches : By reordering t_key and parent in [node,
leaf, tnode] structures, we can use 32 bits hole after t_key so that
sizeof(struct tnode) doesnt change after this patch.
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Robert Olsson <robert.olsson@its.uu.se>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 14 Jan 2008 06:29:41 +0000 (22:29 -0800)]
[AX25]: sparse cleanups
net/ax25/ax25_route.c:251:13: warning: context imbalance in
'ax25_rt_seq_start' - wrong count at exit
net/ax25/ax25_route.c:276:13: warning: context imbalance in 'ax25_rt_seq_stop'
- unexpected unlock
net/ax25/ax25_std_timer.c:65:25: warning: expensive signed divide
net/ax25/ax25_uid.c:46:1: warning: symbol 'ax25_uid_list' was not declared.
Should it be static?
net/ax25/ax25_uid.c:146:13: warning: context imbalance in 'ax25_uid_seq_start'
- wrong count at exit
net/ax25/ax25_uid.c:169:13: warning: context imbalance in 'ax25_uid_seq_stop'
- unexpected unlock
net/ax25/af_ax25.c:573:28: warning: expensive signed divide
net/ax25/af_ax25.c:1865:13: warning: context imbalance in 'ax25_info_start' -
wrong count at exit
net/ax25/af_ax25.c:1888:13: warning: context imbalance in 'ax25_info_stop' -
unexpected unlock
net/ax25/ax25_ds_timer.c:133:25: warning: expensive signed divide
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 14 Jan 2008 06:27:52 +0000 (22:27 -0800)]
[X25]: Avoid divides and sparse warnings
CHECK net/x25/af_x25.c
net/x25/af_x25.c:117:46: warning: expensive signed divide
CHECK net/x25/x25_facilities.c
net/x25/x25_facilities.c:209:30: warning: expensive signed divide
CHECK net/x25/x25_in.c
net/x25/x25_in.c:250:26: warning: expensive signed divide
CHECK net/x25/x25_proc.c
net/x25/x25_proc.c:48:11: warning: context imbalance in 'x25_seq_route_start'
- wrong count at exit
net/x25/x25_proc.c:72:13: warning: context imbalance in 'x25_seq_route_stop' -
unexpected unlock
net/x25/x25_proc.c:112:11: warning: context imbalance in
'x25_seq_socket_start' - wrong count at exit
net/x25/x25_proc.c:129:13: warning: context imbalance in 'x25_seq_socket_stop'
- unexpected unlock
net/x25/x25_proc.c:190:11: warning: context imbalance in
'x25_seq_forward_start' - wrong count at exit
net/x25/x25_proc.c:215:13: warning: context imbalance in
'x25_seq_forward_stop' - unexpected unlock
CHECK net/x25/x25_subr.c
net/x25/x25_subr.c:362:57: warning: expensive signed divide
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Sun, 13 Jan 2008 08:43:22 +0000 (00:43 -0800)]
[IPV4] fib_trie: removes a memset() call in tnode_new()
tnode_alloc() already clears allocated memory, using kcalloc() or
alloc_pages(GFP_KERNEL|__GFP_ZERO, ...)
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sun, 13 Jan 2008 05:49:01 +0000 (21:49 -0800)]
[IPV4] FIB: Include nexthop device indexes in fib_info hashfn.
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sun, 13 Jan 2008 05:31:29 +0000 (21:31 -0800)]
[XFRM]: Fix struct xfrm_algo code formatting.
Realign struct members.
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Sun, 13 Jan 2008 05:30:23 +0000 (21:30 -0800)]
[XFRM]: alg_key_len should be unsigned to avoid integer divides
alg_key_len is currently defined as 'signed int'. This unfortunatly
leads to integer divides in several paths.
Converting it to unsigned is safe and saves 208 bytes of text on i386.
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Sun, 13 Jan 2008 05:29:14 +0000 (21:29 -0800)]
[PKT_SCHED] HTB: htb_classid is dead static inline
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Sun, 13 Jan 2008 05:28:37 +0000 (21:28 -0800)]
[NET] core/utils.c: digit2bin is dead static inline
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Sun, 13 Jan 2008 05:27:41 +0000 (21:27 -0800)]
[FIB]: Reduce text size of net/ipv4/fib_trie.o
In struct tnode, we use two fields of 5 bits for 'pos' and 'bits'.
Switching to plain 'unsigned char' (8 bits) take the same space
because of compiler alignments, and reduce text size by 435 bytes
on i386.
On i386 :
$ size net/ipv4/fib_trie.o.before_patch net/ipv4/fib_trie.o
text data bss dec hex filename
13714 4 64 13782 35d6 net/ipv4/fib_trie.o.before
13279 4 64 13347 3423 net/ipv4/fib_trie.o
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Acked-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Sun, 13 Jan 2008 05:26:31 +0000 (21:26 -0800)]
[NETFILTER] xt_policy.c: kill some bloat
net/netfilter/xt_policy.c:
policy_mt | -906
1 function changed, 906 bytes removed, diff: -906
net/netfilter/xt_policy.c:
match_xfrm_state | +427
1 function changed, 427 bytes added, diff: +427
net/netfilter/xt_policy.o:
2 functions changed, 427 bytes added, 906 bytes removed, diff: -479
Alternatively, this could be done by combining identical
parts of the match_policy_in/out()
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Hemminger [Sun, 13 Jan 2008 05:25:02 +0000 (21:25 -0800)]
[IPV4] fib_trie: Fix sparse warnings.
Make FIB TRIE go through sparse checker without warnings.
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Hemminger [Sun, 13 Jan 2008 05:23:17 +0000 (21:23 -0800)]
[IPV4] fib_trie: Add statistics.
The FIB TRIE code has a bunch of statistics, but the code is hidden
behind an ifdef that was never implemented. Since it was dead code, it
was broken as well.
This patch fixes that by making it a config option.
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Hemminger [Sun, 13 Jan 2008 04:58:35 +0000 (20:58 -0800)]
[IPV4] FIB: printk related cleanups
printk related cleanups:
* Get rid of unused printk wrappers.
* Make bug checks into KERN_WARNING because KERN_DEBUG gets ignored
* Turn one cryptic old message into something real
* Make sure all messages have KERN_XXX
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Hemminger [Sun, 13 Jan 2008 04:57:07 +0000 (20:57 -0800)]
[IPV4] fib_trie: fib_insert_node cleanup
The only error from fib_insert_node is if memory allocation fails, so
instead of passing by reference, just use the convention of returning
NULL.
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Hemminger [Sun, 13 Jan 2008 04:55:55 +0000 (20:55 -0800)]
[IPV4] fib_trie: Use %u for unsigned printfs.
Use %u instead of %d when printing unsigned values.
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Hemminger [Sun, 13 Jan 2008 04:50:23 +0000 (20:50 -0800)]
[IPV4] fib_trie: Get rid of unused revision element.
The revision element must of been part of an earlier design, because
currently it is set but never used.
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Hemminger [Sun, 13 Jan 2008 04:49:13 +0000 (20:49 -0800)]
[IPV4] fib_trie: Get rid of trie_init().
trie_init is worthless it is just zeroing stuff that is already zero!
Move the memset() down to make it obvious.
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Sat, 12 Jan 2008 11:25:00 +0000 (03:25 -0800)]
[PKTGEN]: uninline getCurUs
net/core/pktgen.c:
pktgen_stop_device | -50
pktgen_run | -105
pktgen_if_show | -37
pktgen_thread_worker | -702
4 functions changed, 894 bytes removed, diff: -894
net/core/pktgen.c:
getCurUs | +36
1 function changed, 36 bytes added, diff: +36
net/core/pktgen.o:
5 functions changed, 36 bytes added, 894 bytes removed, diff: -858
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Sat, 12 Jan 2008 11:23:58 +0000 (03:23 -0800)]
[PKTGEN]: Kill dead static inlines
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Sat, 12 Jan 2008 11:21:50 +0000 (03:21 -0800)]
[NETLINK] af_netlink: kill some bloat
net/netlink/af_netlink.c:
netlink_realloc_groups | -46
netlink_insert | -49
netlink_autobind | -94
netlink_clear_multicast_users | -48
netlink_bind | -55
netlink_setsockopt | -54
netlink_release | -86
netlink_kernel_create | -47
netlink_change_ngroups | -56
9 functions changed, 535 bytes removed, diff: -535
net/netlink/af_netlink.c:
netlink_table_ungrab | +53
1 function changed, 53 bytes added, diff: +53
net/netlink/af_netlink.o:
10 functions changed, 53 bytes added, 535 bytes removed, diff: -482
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Sat, 12 Jan 2008 11:21:00 +0000 (03:21 -0800)]
[IPV6] route: kill some bloat
net/ipv6/route.c:
ip6_pkt_prohibit_out | -130
ip6_pkt_discard | -261
ip6_pkt_discard_out | -130
ip6_pkt_prohibit | -261
4 functions changed, 782 bytes removed, diff: -782
net/ipv6/route.c:
ip6_pkt_drop | +300
1 function changed, 300 bytes added, diff: +300
net/ipv6/route.o:
5 functions changed, 300 bytes added, 782 bytes removed, diff: -482
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Sat, 12 Jan 2008 11:20:03 +0000 (03:20 -0800)]
[XFRM] xfrm_policy: kill some bloat
net/xfrm/xfrm_policy.c:
xfrm_audit_policy_delete | -692
xfrm_audit_policy_add | -692
2 functions changed, 1384 bytes removed, diff: -1384
net/xfrm/xfrm_policy.c:
xfrm_audit_common_policyinfo | +704
1 function changed, 704 bytes added, diff: +704
net/xfrm/xfrm_policy.o:
3 functions changed, 704 bytes added, 1384 bytes removed, diff: -680
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Sat, 12 Jan 2008 11:19:12 +0000 (03:19 -0800)]
[TCP]: Uninline tcp_is_cwnd_limited
net/ipv4/tcp_cong.c:
tcp_reno_cong_avoid | -65
1 function changed, 65 bytes removed, diff: -65
net/ipv4/arp.c:
arp_ignore | -5
1 function changed, 5 bytes removed, diff: -5
net/ipv4/tcp_bic.c:
bictcp_cong_avoid | -57
1 function changed, 57 bytes removed, diff: -57
net/ipv4/tcp_cubic.c:
bictcp_cong_avoid | -61
1 function changed, 61 bytes removed, diff: -61
net/ipv4/tcp_highspeed.c:
hstcp_cong_avoid | -63
1 function changed, 63 bytes removed, diff: -63
net/ipv4/tcp_hybla.c:
hybla_cong_avoid | -85
1 function changed, 85 bytes removed, diff: -85
net/ipv4/tcp_htcp.c:
htcp_cong_avoid | -57
1 function changed, 57 bytes removed, diff: -57
net/ipv4/tcp_veno.c:
tcp_veno_cong_avoid | -52
1 function changed, 52 bytes removed, diff: -52
net/ipv4/tcp_scalable.c:
tcp_scalable_cong_avoid | -61
1 function changed, 61 bytes removed, diff: -61
net/ipv4/tcp_yeah.c:
tcp_yeah_cong_avoid | -75
1 function changed, 75 bytes removed, diff: -75
net/ipv4/tcp_illinois.c:
tcp_illinois_cong_avoid | -54
1 function changed, 54 bytes removed, diff: -54
net/dccp/ccids/ccid3.c:
ccid3_update_send_interval | -7
ccid3_hc_tx_packet_recv | +7
2 functions changed, 7 bytes added, 7 bytes removed, diff: +0
net/ipv4/tcp_cong.c:
tcp_is_cwnd_limited | +88
1 function changed, 88 bytes added, diff: +88
built-in.o:
14 functions changed, 95 bytes added, 642 bytes removed, diff: -547
...Again some gcc artifacts visible as well.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Sat, 12 Jan 2008 11:17:20 +0000 (03:17 -0800)]
[TCP]: Uninline tcp_set_state
net/ipv4/tcp.c:
tcp_close_state | -226
tcp_done | -145
tcp_close | -564
tcp_disconnect | -141
4 functions changed, 1076 bytes removed, diff: -1076
net/ipv4/tcp_input.c:
tcp_fin | -86
tcp_rcv_state_process | -164
2 functions changed, 250 bytes removed, diff: -250
net/ipv4/tcp_ipv4.c:
tcp_v4_connect | -209
1 function changed, 209 bytes removed, diff: -209
net/ipv4/arp.c:
arp_ignore | +5
1 function changed, 5 bytes added, diff: +5
net/ipv6/tcp_ipv6.c:
tcp_v6_connect | -158
1 function changed, 158 bytes removed, diff: -158
net/sunrpc/xprtsock.c:
xs_sendpages | -2
1 function changed, 2 bytes removed, diff: -2
net/dccp/ccids/ccid3.c:
ccid3_update_send_interval | +7
1 function changed, 7 bytes added, diff: +7
net/ipv4/tcp.c:
tcp_set_state | +238
1 function changed, 238 bytes added, diff: +238
built-in.o:
12 functions changed, 250 bytes added, 1695 bytes removed, diff: -1445
I've no explanation why some unrelated changes seem to occur
consistently as well (arp_ignore, ccid3_update_send_interval;
I checked the arp_ignore asm and it seems to be due to some
reordered of operation order causing some extra opcodes to be
generated). Still, the benefits are pretty obvious from the
codiff's results.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Lezcano [Fri, 11 Jan 2008 06:44:40 +0000 (22:44 -0800)]
[NETNS][IPV6]: inet6_addr - make ipv6_chk_home_addr namespace aware
Looks if the address is belonging to the network namespace, otherwise
discard the address for the check.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Lezcano [Fri, 11 Jan 2008 06:44:09 +0000 (22:44 -0800)]
[NETNS][IPV6]: inet6_addr - ipv6_get_ifaddr namespace aware
The inet6_addr_lst is browsed taking into account the network
namespace specified as parameter. If an address does not belong
to the specified namespace, it is ignored.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Lezcano [Fri, 11 Jan 2008 06:43:42 +0000 (22:43 -0800)]
[NETNS][IPV6]: inet6_addr - ipv6_chk_same_addr namespace aware
This patch makes ipv6_chk_same_addr function to be aware of the
network namespace. The addresses not belonging to the network
namespace are discarded.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Lezcano [Fri, 11 Jan 2008 06:43:18 +0000 (22:43 -0800)]
[NETNS][IPV6]: inet6_addr - check ipv6 address per namespace
When a new address is added, we must check if the new address does not
already exists. This patch makes this check to be aware of a network
namespace, so the check will look if the address already exists for
the specified network namespace. While the addresses are browsed, the
addresses which do not belong to the namespace are discarded.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Lezcano [Fri, 11 Jan 2008 06:42:49 +0000 (22:42 -0800)]
[NETNS][IPV6]: inet6_addr - isolate inet6 addresses from proc file
Make /proc/net/if_inet6 show only inet6 addresses belonging to the
namespace.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Fri, 11 Jan 2008 06:37:16 +0000 (22:37 -0800)]
[NEIGH]: Add a comment describing what a NUD stands for.
When I studied the neighbor code I puzzled over what the NUD can mean
for quite a long time.
Finally I asked Alexey and he said that this was smth like "neighbor
unreachability detection".
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 11 Jan 2008 05:56:38 +0000 (21:56 -0800)]
[TCP]: Do not purge sk_forward_alloc entirely in tcp_delack_timer().
Otherwise we beat heavily on the global tcp_memory atomics
when all of the sockets in the system are slowly sending
perioding packet clumps.
Noticed and suggested by Eric Dumazet.
Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Fri, 11 Jan 2008 01:43:50 +0000 (17:43 -0800)]
[NETNS]: Use the per-net ipv6_devconf(_all) in sysctl handlers
Actually the net->ipv6.devconf_all can be used in a few places,
but to keep the /proc/sys/net/ipv6/conf/ sysctls work consistently
in the namespace we should use the per-net devconf_all in the
sysctl "forwarding" handler.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Fri, 11 Jan 2008 01:43:22 +0000 (17:43 -0800)]
[NETNS]: Use the per-net ipv6_devconf_dflt
All its users are in net/ipv6/addrconf.c's sysctl handlers.
Since they already have the struct net to get from, the
per-net ipv6_devconf_dflt can already be used.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Fri, 11 Jan 2008 01:42:55 +0000 (17:42 -0800)]
[NETNS]: Create ipv6 devconf-s for namespaces
This is the core. Declare and register the pernet subsys for
addrconf. The init callback the will create the devconf-s.
The init_net will reuse the existing statically declared confs,
so that accessing them from inside the ipv6 code will still
work.
The register_pernet_subsys() is moved above the ipv6_add_dev()
call for loopback, because this function will need the
net->devconf_dflt pointer to be already set.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Fri, 11 Jan 2008 01:42:13 +0000 (17:42 -0800)]
[NETNS]: Make the ctl-tables per-namespace
This includes passing the net to __addrconf_sysctl_register
and saving this on the ctl_table->extra2 to be used in
handlers (those, needing it).
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Fri, 11 Jan 2008 01:41:45 +0000 (17:41 -0800)]
[NETNS]: Make the __addrconf_sysctl_register return an error
This error code will be needed to abort the namespace
creation if needed.
Probably, this is to be checked when a new device is
created (currently it is ignored).
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Fri, 11 Jan 2008 01:41:21 +0000 (17:41 -0800)]
[NETNS]: Clean out the ipv6-related sysctls creation/destruction
The addrconf sysctls and neigh sysctls are registered and
unregistered always in pairs, so they can be joined into
one (well, two) functions, that accept the struct inet6_dev
and do all the job.
This also get rids of unneeded ifdefs inside the code.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:53:12 +0000 (03:53 -0800)]
[NEIGH]: Make /proc/net/arp opening consistent with seq_net_open semantics
seq_open_net requires that first field of the seq->private data to be
struct seq_net_private. In reality this is a single pointer to a
struct net for now. The patch makes code consistent.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:52:35 +0000 (03:52 -0800)]
[ATM]: Simplify /proc/net/atm/arp opening
The iterator state->ns.neigh_sub_iter initialization is moved from
arp_seq_open to clip_seq_start for convinience. This should not be a
problem as the iterator will be used only after the seq_start
callback.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:51:41 +0000 (03:51 -0800)]
[ATM]: Oops reading net/atm/arp
cat /proc/net/atm/arp causes the NULL pointer dereference in the
get_proc_net+0xc/0x3a. This happens as proc_get_net believes that the
parent proc dir entry contains struct net.
Fix this assumption for "net/atm" case.
The problem is introduced by the commit
c0097b07abf5f92ab135d024dd41bd2aada1512f
from Eric W. Biederman/Daniel Lezcano.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:30:49 +0000 (03:30 -0800)]
[NETNS]: Enable routing configuration in non-initial namespace.
I.e. remove the net != &init_net checks from the places, that now can
handle other-than-init net namespace.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:30:24 +0000 (03:30 -0800)]
[NETNS]: Replace init_net with the correct context in fib_frontend.c
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:29:53 +0000 (03:29 -0800)]
[NETNS]: Pass namespace through ip_rt_ioctl.
... up to rtentry_to_fib_config
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:29:23 +0000 (03:29 -0800)]
[NETNS]: Correctly fill fib_config data.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:28:55 +0000 (03:28 -0800)]
[NETNS]: Provide correct namespace for fibnl netlink socket.
This patch makes the netlink socket to be per namespace. That allows
to have each namespace its own socket for routing queries.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:28:24 +0000 (03:28 -0800)]
[NETNS]: Place fib tables into netns.
The preparatory work has been done. All we need is to substitute
fib_table_hash with net->ipv4.fib_table_hash. Netns context is
available when required.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:27:51 +0000 (03:27 -0800)]
[NETNS]: Namespacing IPv4 fib rules.
The final trick for rules: place fib4_rules_ops into struct net and
modify initialization path for this.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:27:17 +0000 (03:27 -0800)]
[NETNS]: Show routing information from correct namespace (fib_trie.c)
This is the second part (for the CONFIG_IP_FIB_TRIE case) of the patch
#4, where we have created proc files in namespaces.
Now we can dump correct info in them.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:26:50 +0000 (03:26 -0800)]
[NETNS]: Show routing information from correct namespace (fib_hash.c)
This is the second part (for the CONFIG_IP_FIB_HASH case) of the patch
#4, where we have created proc files in namespaces.
Now we can dump correct info in them.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:26:13 +0000 (03:26 -0800)]
[NETNS]: Add netns to nl_info structure.
nl_info is used to track the end-user destination of routing change
notification. This is a natural object to hold a namespace on. Place
it there and utilize the context in the appropriate places.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric W. Biederman [Thu, 10 Jan 2008 11:25:28 +0000 (03:25 -0800)]
[NETNS]: Add netns parameter to inet_(dev_)add_type.
The patch extends the inet_addr_type and inet_dev_addr_type with the
network namespace pointer. That allows to access the different tables
relatively to the network namespace.
The modification of the signature function is reported in all the
callers of the inet_addr_type using the pointer to the well known
init_net.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:24:11 +0000 (03:24 -0800)]
[NETNS]: Add netns parameter to fib_get_table/fib_new_table.
This patch extends the fib_get_table and the fib_new_table functions
with the network namespace pointer. That will allow to access the
table relatively from the network namespace.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:23:38 +0000 (03:23 -0800)]
[IPV4]: Unify access to the routing tables.
Replace the direct pointers to local and main tables with
calls to fib_get_table() with appropriate argument.
This doesn't introduce additional dereferences, but makes the access to fib
tables uniform in any (CONFIG_IP_MULTIPLE_TABLES) case.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:22:17 +0000 (03:22 -0800)]
[NETNS]: Refactor fib initialization so it can handle multiple namespaces.
This patch makes the fib to be initialized as a subsystem for the
network namespaces. The code does not handle several namespaces yet,
so in case of a creation of a network namespace, the
creation/initialization will not occur.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:21:49 +0000 (03:21 -0800)]
[IPV4]: Check fib4_rules_init failure.
This adds error paths into both versions of fib4_rules_init
(with/without CONFIG_IP_MULTIPLE_TABLES) and returns error code to the
caller.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:21:09 +0000 (03:21 -0800)]
[NETNS]: Add namespace to API for routing /proc entries creation.
This adds netns parameter to fib_proc_init/exit and replaces __init
specifier with __net_init. After this, we will not yet have these proc
files show info from the specific namespace - this will be done when
these tables become namespaced.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:20:28 +0000 (03:20 -0800)]
[NETNS]: Namespacing in the generic fib rules code.
Move static rules_ops & rules_mod_lock to the struct net, register the
pernet subsys to init them and enjoy the fact that the core rules
infrastructure works in the namespace.
Real IPv4 fib rules virtualization requires fib tables support in the
namespace and will be done seriously later in the patchset.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:18:25 +0000 (03:18 -0800)]
[NETNS]: Pass fib_rules_ops into default_pref method.
fib_rules_ops contains operations and the list of configured rules. ops will
become per/namespace soon, so we need them to be known in the default_pref
callback.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Thu, 10 Jan 2008 11:17:29 +0000 (03:17 -0800)]
[NETNS]: Add netns parameter to fib_rules_(un)register.
The patch extends the different fib rules API in order to pass the
network namespace pointer. That will allow to access the different
tables from a namespace relative object. As usual, the pointer to the
init_net variable is passed as parameter so we don't break the
network.
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>