]> err.no Git - linux-2.6/log
linux-2.6
16 years ago[NET]: Remove unused "mibalign" argument for snmp_mib_init().
YOSHIFUJI Hideaki [Thu, 24 Jan 2008 06:31:45 +0000 (22:31 -0800)]
[NET]: Remove unused "mibalign" argument for snmp_mib_init().

With fixes from Arnaldo Carvalho de Melo.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: last default route is a fib table property
Denis V. Lunev [Sat, 8 Dec 2007 08:32:23 +0000 (00:32 -0800)]
[IPV4]: last default route is a fib table property

Signed-off-by: Denis V. Lunev <den@openvz.org>
Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: Unify assignment of fi to fib_result
Denis V. Lunev [Sat, 8 Dec 2007 08:31:44 +0000 (00:31 -0800)]
[IPV4]: Unify assignment of fi to fib_result

Signed-off-by: Denis V. Lunev <den@openvz.org>
Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: no need pass pointer to a default into fib_detect_death
Denis V. Lunev [Sat, 8 Dec 2007 08:22:13 +0000 (00:22 -0800)]
[IPV4]: no need pass pointer to a default into fib_detect_death

ipv4: no need pass pointer to a default into fib_detect_death

Signed-off-by: Denis V. Lunev <den@openvz.org>
Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: route6 remove ifdef for fib_rules
Daniel Lezcano [Sat, 8 Dec 2007 08:14:54 +0000 (00:14 -0800)]
[IPV6]: route6 remove ifdef for fib_rules

The patch defines the usual static inline functions when the code is
disabled for fib6_rules. That's allow to remove some ifdef in route.c
file and make the code a little more clear.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: remove ifdef in route6 for xfrm6
Daniel Lezcano [Sat, 8 Dec 2007 08:14:11 +0000 (00:14 -0800)]
[IPV6]: remove ifdef in route6 for xfrm6

The following patch create the usual static inline functions to disable
the xfrm6_init and xfrm6_fini function when XFRM is off.
That's allow to remove some ifdef and make the code a little more clear.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: create route6 proc init-fini functions
Daniel Lezcano [Sat, 8 Dec 2007 08:13:32 +0000 (00:13 -0800)]
[IPV6]: create route6 proc init-fini functions

Make the proc creation/destruction to be a separate function. That
allows to remove the #ifdef CONFIG_PROC_FS in the init/fini function
and make them more readable.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET] sysctl: make sysctl_somaxconn per-namespace
Pavel Emelyanov [Sat, 8 Dec 2007 08:12:33 +0000 (00:12 -0800)]
[NET] sysctl: make sysctl_somaxconn per-namespace

Just move the variable on the struct net and adjust
its usage.

Others sysctls from sys.net.core table are more
difficult to virtualize (i.e. make them per-namespace),
but I'll look at them as well a bit later.

Signed-off-by: Pavel Emelyanov <xemul@oenvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET] sysctl: prepare core tables to point to netns variables
Pavel Emelyanov [Sat, 8 Dec 2007 08:11:51 +0000 (00:11 -0800)]
[NET] sysctl: prepare core tables to point to netns variables

Some of ctl variables are going to be on the struct
net. Here's the way to adjust the ->data pointer on the
ctl_table-s to point on the right variable.

Since some pointers still point on the global variables,
I keep turning the write bits off on such tables.

This looks to become a common procedure for net sysctls,
so later parts of this code may migrate to some more
generic place.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET] sysctl: make the sys.net.core sysctls per-namespace
Pavel Emelyanov [Sat, 8 Dec 2007 08:09:24 +0000 (00:09 -0800)]
[NET] sysctl: make the sys.net.core sysctls per-namespace

Making them per-namespace is required for the following
two reasons:

 First, some ctl values have a per-namespace meaning.
 Second, making them writable from the sub-namespace
 is an isolation hole.

So I introduce the pernet operations to create these
tables. For init_net I use the existing statically
declared tables, for sub-namespace they are duplicated
and the write bits are removed from the mode.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[SNMP]: Remove unused devconf macros.
Pavel Emelyanov [Sat, 8 Dec 2007 07:56:57 +0000 (23:56 -0800)]
[SNMP]: Remove unused devconf macros.

The SNMP_INC_STATS_OFFSET_BH is used only by ICMP6_INC_STATS_OFFSET_BH.
The ICMP6_INC_STATS_OFFSET_BH is unused.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IUCV]: use LIST_HEAD instead of LIST_HEAD_INIT
Denis Cheng [Fri, 7 Dec 2007 08:51:45 +0000 (00:51 -0800)]
[IUCV]: use LIST_HEAD instead of LIST_HEAD_INIT

these three list_head are all local variables, but can also use
LIST_HEAD.

Signed-off-by: Denis Cheng <crquan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[XFRM] net/xfrm/xfrm_state.c: use LIST_HEAD instead of LIST_HEAD_INIT
Denis Cheng [Fri, 7 Dec 2007 08:51:11 +0000 (00:51 -0800)]
[XFRM] net/xfrm/xfrm_state.c: use LIST_HEAD instead of LIST_HEAD_INIT

single list_head variable initialized with LIST_HEAD_INIT could almost
always can be replaced with LIST_HEAD declaration, this shrinks the code
and looks better.

Signed-off-by: Denis Cheng <crquan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[X25]: use LIST_HEAD instead of LIST_HEAD_INIT
Denis Cheng [Fri, 7 Dec 2007 08:50:43 +0000 (00:50 -0800)]
[X25]: use LIST_HEAD instead of LIST_HEAD_INIT

single list_head variable initialized with LIST_HEAD_INIT could almost
always can be replaced with LIST_HEAD declaration, this shrinks the code
and looks better.

Signed-off-by: Denis Cheng <crquan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[LAPB] net/lapb/lapb_iface.c: use LIST_HEAD instead of LIST_HEAD_INIT
Denis Cheng [Fri, 7 Dec 2007 08:50:15 +0000 (00:50 -0800)]
[LAPB] net/lapb/lapb_iface.c: use LIST_HEAD instead of LIST_HEAD_INIT

single list_head variable initialized with LIST_HEAD_INIT could almost
always can be replaced with LIST_HEAD declaration, this shrinks the code
and looks better.

Signed-off-by: Denis Cheng <crquan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4] net/ipv4/cipso_ipv4.c: use LIST_HEAD instead of LIST_HEAD_INIT
Denis Cheng [Fri, 7 Dec 2007 08:49:47 +0000 (00:49 -0800)]
[IPV4] net/ipv4/cipso_ipv4.c: use LIST_HEAD instead of LIST_HEAD_INIT

single list_head variable initialized with LIST_HEAD_INIT could almost
always can be replaced with LIST_HEAD declaration, this shrinks the code
and looks better.

Signed-off-by: Denis Cheng <crquan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET] net/core/dev.c: use LIST_HEAD instead of LIST_HEAD_INIT
Denis Cheng [Fri, 7 Dec 2007 08:49:17 +0000 (00:49 -0800)]
[NET] net/core/dev.c: use LIST_HEAD instead of LIST_HEAD_INIT

single list_head variable initialized with LIST_HEAD_INIT could almost
always can be replaced with LIST_HEAD declaration, this shrinks the code
and looks better.

Signed-off-by: Denis Cheng <crquan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: Move trie_local and trie_main into the proc iterator.
Eric W. Biederman [Fri, 7 Dec 2007 08:47:47 +0000 (00:47 -0800)]
[IPV4]: Move trie_local and trie_main into the proc iterator.

We only use these variables when displaying the trie in proc so
place them into the iterator to make this explicit.  We should
probably do something smarter to handle the CONFIG_IP_MULTIPLE_TABLES
case but at least this makes it clear that the silliness is limited
to the display in /proc.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: Remove ip_fib_local_table and ip_fib_main_table defines.
Eric W. Biederman [Fri, 7 Dec 2007 08:46:11 +0000 (00:46 -0800)]
[IPV4]: Remove ip_fib_local_table and ip_fib_main_table defines.

There are only 2 users and it doesn't hurt to call fib_get_table
instead, and it makes it easier to make the fib network namespace
aware.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6] route6/fib6: Don't panic a kmem_cache_create.
Daniel Lezcano [Fri, 7 Dec 2007 08:45:16 +0000 (00:45 -0800)]
[IPV6] route6/fib6: Don't panic a kmem_cache_create.

If the kmem_cache_creation fails, the kernel will panic. It is
acceptable if the system is booting, but if the ipv6 protocol is
compiled as a module and it is loaded after the system has booted, do
we want to panic instead of just failing to initialize the protocol ?

The init function is now returning an error and this one is checked
for protocol initialization. So the ipv6 protocol will safely fails.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Make af_inet6 to check ip6_route_init return value.
Daniel Lezcano [Fri, 7 Dec 2007 08:44:29 +0000 (00:44 -0800)]
[IPV6]: Make af_inet6 to check ip6_route_init return value.

The af_inet6 initialization function does not check the return code of
the route initilization, so if something goes wrong, the protocol
initialization will continue anyway.  This patch takes into account
the modification made in the different route's initialization
subroutines to check the return value and to make the protocol
initialization to fail.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Make ip6_route_init to return an error code.
Daniel Lezcano [Fri, 7 Dec 2007 08:43:48 +0000 (00:43 -0800)]
[IPV6]: Make ip6_route_init to return an error code.

The route initialization function does not return any value to notify
if the initialization is successful or not. This patch checks all
calls made for the initilization in order to return a value for the
caller.

Unfortunately, proc_net_fops_create will return a NULL pointer if
CONFIG_PROC_FS is off, so we can not check the return code without an
ifdef CONFIG_PROC_FS block in the ip6_route_init function.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Make fib6_rules_init to return an error code.
Daniel Lezcano [Fri, 7 Dec 2007 08:42:52 +0000 (00:42 -0800)]
[IPV6]: Make fib6_rules_init to return an error code.

When the fib_rules initialization finished, no return code is provided
so there is no way to know, for the caller, if the initialization has
been successful or has failed. This patch fix that.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Make xfrm6_init to return an error code.
Daniel Lezcano [Fri, 7 Dec 2007 08:42:11 +0000 (00:42 -0800)]
[IPV6]: Make xfrm6_init to return an error code.

The xfrm initialization function does not return any error code, so if
there is an error, the caller can not be advise of that.  This patch
checks the return code of the different called functions in order to
return a successful or failed initialization.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Make fib6_init to return an error code.
Daniel Lezcano [Fri, 7 Dec 2007 08:40:34 +0000 (00:40 -0800)]
[IPV6]: Make fib6_init to return an error code.

If there is an error in the initialization function, nothing is
followed up to the caller. So I add a return value to be set for the
init function.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Multiple namespaces in the all dst_ifdown routines.
Denis V. Lunev [Fri, 7 Dec 2007 08:38:10 +0000 (00:38 -0800)]
[NET]: Multiple namespaces in the all dst_ifdown routines.

Move dst entries to a namespace loopback to catch refcounting leaks.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TFRC]: New rx history code
Arnaldo Carvalho de Melo [Thu, 6 Dec 2007 15:18:11 +0000 (13:18 -0200)]
[TFRC]: New rx history code

Credit here goes to Gerrit Renker, that provided the initial implementation for
this new codebase.

I modified it just to try to make it closer to the existing API, renaming some
functions, add namespacing and fix one bug where the tfrc_rx_hist_alloc was not
freeing the allocated ring entries on the error path.

Original changeset comment from Gerrit:
      -----------
This provides a new, self-contained and generic RX history service for TFRC
based protocols.

Details:
 * new data structure, initialisation and cleanup routines;
 * allocation of dccp_rx_hist entries local to packet_history.c,
   as a service exported by the dccp_tfrc_lib module.
 * interface to automatically track highest-received seqno;
 * receiver-based RTT estimation (needed for instance by RFC 3448, 6.3.1);
 * a generic function to test for `data packets' as per  RFC 4340, sec. 7.7.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[CCID3]: The receiver of a half-connection does not set window counter values
Gerrit Renker [Thu, 6 Dec 2007 14:29:07 +0000 (12:29 -0200)]
[CCID3]: The receiver of a half-connection does not set window counter values

Only the sender sets window counters [RFC 4342, sections 5 and 8.1].

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TFRC]: Rename dccp_rx_ to tfrc_rx_
Arnaldo Carvalho de Melo [Thu, 6 Dec 2007 14:28:39 +0000 (12:28 -0200)]
[TFRC]: Rename dccp_rx_ to tfrc_rx_

This is in preparation for merging the new rx history code written by Gerrit Renker.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TFRC]: Make the rx history slab be global
Arnaldo Carvalho de Melo [Thu, 6 Dec 2007 14:28:13 +0000 (12:28 -0200)]
[TFRC]: Make the rx history slab be global

This is in preparation for merging the new rx history code written by Gerrit Renker.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TFRC]: Rename tfrc_tx_hist to tfrc_tx_hist_slab, for consistency
Arnaldo Carvalho de Melo [Thu, 6 Dec 2007 14:27:49 +0000 (12:27 -0200)]
[TFRC]: Rename tfrc_tx_hist to tfrc_tx_hist_slab, for consistency

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[DCCP]: Introduce generic function to test for `data packets'
Gerrit Renker [Thu, 6 Dec 2007 14:27:15 +0000 (12:27 -0200)]
[DCCP]: Introduce generic function to test for `data packets'

as per  RFC 4340, sec. 7.7.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TFRC]: Provide central source file and debug facility
Gerrit Renker [Thu, 6 Dec 2007 14:26:38 +0000 (12:26 -0200)]
[TFRC]: Provide central source file and debug facility

This patch changes the tfrc_lib module in the following manner:

 (1) a dedicated tfrc source file to call the packet history &
     loss interval init/exit functions.
 (2) a dedicated tfrc_pr_debug macro with toggle switch `tfrc_debug'.

Commiter note: renamed tfrc_module.c to tfrc.c, and made CONFIG_IP_DCCP_CCID3
select IP_DCCP_TFRC_LIB.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[ARP]: Consolidate some code in arp_req_set/delete_publc
Pavel Emelyanov [Thu, 6 Dec 2007 05:20:50 +0000 (21:20 -0800)]
[ARP]: Consolidate some code in arp_req_set/delete_publc

The PROXY_ARP is set on devconfigs in a similar way in
both calls.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[ARP]: Minus one level of ndentation in arp_req_delete
Pavel Emelyanov [Thu, 6 Dec 2007 05:20:18 +0000 (21:20 -0800)]
[ARP]: Minus one level of ndentation in arp_req_delete

The same cleanup for deletion requests.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[ARP]: Minus one level of indentation in arp_req_set
Pavel Emelyanov [Thu, 6 Dec 2007 05:19:44 +0000 (21:19 -0800)]
[ARP]: Minus one level of indentation in arp_req_set

The ATF_PUBL requests are handled completely separate from
the others. Emphasize it with a separate function. This also
reduces the indentation level.

The same issue exists with the arp_delete_request, but
when I tried to make it in one patch diff produced completely
unreadable patch. So I split it into two, but they may be
done with one commit.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4] ROUTE: Convert rt_hash_lock_init() macro into function
Pavel Emelyanov [Thu, 6 Dec 2007 05:15:05 +0000 (21:15 -0800)]
[IPV4] ROUTE: Convert rt_hash_lock_init() macro into function

There's no need in having this function exist in a form
of macro. Properly formatted function looks much better.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4] ROUTE: Clean up proc files creation.
Pavel Emelyanov [Thu, 6 Dec 2007 05:14:28 +0000 (21:14 -0800)]
[IPV4] ROUTE: Clean up proc files creation.

The rt_cache, stats/rt_cache and rt_acct(optional) files
creation looks a bit messy. Clean this out and join them
to other proc-related functions under the proper ifdef.

The struct net * argument in a new function will help net
namespaces patches look nicer.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4] ROUTE: Collect proc-related functions together
Pavel Emelyanov [Thu, 6 Dec 2007 05:13:48 +0000 (21:13 -0800)]
[IPV4] ROUTE: Collect proc-related functions together

The net/ipv4/route.c file declares some entries for proc
to dump some routing info. The reading functions are
scattered over this file - collect them together.

Besides, remove a useless IP_RT_ACCT_CPU macro.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETLINK]: Mark attribute construction exception unlikely
Patrick McHardy [Wed, 5 Dec 2007 11:31:53 +0000 (03:31 -0800)]
[NETLINK]: Mark attribute construction exception unlikely

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[UDP]: Only increment counter on first peek/recv
Herbert Xu [Wed, 5 Dec 2007 09:53:40 +0000 (01:53 -0800)]
[UDP]: Only increment counter on first peek/recv

The previous move of the the UDP inDatagrams counter caused each
peek of the same packet to be counted separately.  This may be
undesirable.

This patch fixes this by adding a bit to sk_buff to record whether
this packet has already been seen through skb_recv_datagram.  We
then only increment the counter when the packet is seen for the
first time.

The only dodgy part is the fact that skb_recv_datagram doesn't have
a good way of returning this new bit of information.  So I've added
a new function __skb_recv_datagram that does return this and made
skb_recv_datagram a wrapper around it.

The plan is to eventually replace all uses of skb_recv_datagram with
this new function at which time it can be renamed its proper name.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[UDP]: Restore missing inDatagrams increments
Herbert Xu [Tue, 11 Dec 2007 19:30:32 +0000 (11:30 -0800)]
[UDP]: Restore missing inDatagrams increments

The previous move of the the UDP inDatagrams counter caused the
counting of encapsulated packets, SUNRPC data (as opposed to call)
packets and RXRPC packets to go missing.

This patch restores all of these.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[UDP]: Avoid repeated counting of checksum errors due to peeking
Herbert Xu [Wed, 5 Dec 2007 09:51:58 +0000 (01:51 -0800)]
[UDP]: Avoid repeated counting of checksum errors due to peeking

Currently it is possible for two processes to peek on the same socket
and end up incrementing the error counter twice for the same packet.

This patch fixes it by making skb_kill_datagram return whether it
succeeded in unlinking the packet and only incrementing the counter
if it did.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Eliminate difference in actions of sysctl and proc handler for conf.all.forwa...
Pavel Emelyanov [Wed, 5 Dec 2007 09:50:24 +0000 (01:50 -0800)]
[IPV6]: Eliminate difference in actions of sysctl and proc handler for conf.all.forwarding

The only difference in this case is that updating all.forwarding
causes the update in default.forwarding when done via proc, but
not via the system call.

Besides, this consolidates a good portion of code.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[INET]: Merge sys.net.ipv4.ip_forward and sys.net.ipv4.conf.all.forwarding
Pavel Emelyanov [Wed, 5 Dec 2007 09:44:58 +0000 (01:44 -0800)]
[INET]: Merge sys.net.ipv4.ip_forward and sys.net.ipv4.conf.all.forwarding

AFAIS these two entries should do the same thing - change the
forwarding state on ipv4_devconf and on all the devices.

I propose to merge the handlers together using ctl paths.

The inet_forward_change() is static after this and I move
it higher to be closer to other "propagation" helpers and
to avoid diff making patches based on { and } matching :)
i.e. - make them easier to read.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Use sysctl paths to register ipv6 sysctl tables
Pavel Emelyanov [Wed, 5 Dec 2007 09:44:02 +0000 (01:44 -0800)]
[IPV6]: Use sysctl paths to register ipv6 sysctl tables

I have already done this for core, ipv4 and tr tables, so repeat this
for the ipv6 ones.

This makes the ipv6.ko smaller and creates the ground needed for net
namespaces support in ipv6.ko ssctls.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Make the ipv6/sysctl_net_ipv6.c compilation cleaner
Pavel Emelyanov [Wed, 5 Dec 2007 09:43:25 +0000 (01:43 -0800)]
[IPV6]: Make the ipv6/sysctl_net_ipv6.c compilation cleaner

Since this file is entirely enclosed with the
#ifdef CONFIG_SYSCTL/#endif pair, it's OK to move this
CONFIG_ into a Makefile.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Remove the empty net_table
Pavel Emelyanov [Wed, 5 Dec 2007 09:42:49 +0000 (01:42 -0800)]
[NET]: Remove the empty net_table

I have removed all the entries from this table (core_table,
ipv4_table and tr_table), so now we can safely drop it.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TR]: Use ctl paths to register net/token-ring/ table
Pavel Emelyanov [Fri, 25 Jan 2008 01:04:49 +0000 (17:04 -0800)]
[TR]: Use ctl paths to register net/token-ring/ table

The same thing for token-ring - use ctl paths and get
rid of external references on the tr_table.

Unfortunately, I couldn't split this patch into cleanup and
use-the-paths parts.

As a lame excuse I can say, that the cleanup is just moving
the tr_table from one file to another - closet to a single
variable, that this ctl table tunes. Since the source  file
becomes empty after the move, I remove it.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: Use ctl paths to register net/ipv4/ table
Pavel Emelyanov [Wed, 5 Dec 2007 09:41:26 +0000 (01:41 -0800)]
[IPV4]: Use ctl paths to register net/ipv4/ table

This is the same as I did for the net/core/ table in the
second patch in his series: use the paths and isolate the
whole table in the .c file.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: Cleanup the sysctl_net_ipv4.c file
Pavel Emelyanov [Wed, 5 Dec 2007 09:38:23 +0000 (01:38 -0800)]
[IPV4]: Cleanup the sysctl_net_ipv4.c file

This includes several cleanups:

 * tune Makefile to compile out this file when SYSCTL=n. Now
   it looks like net/core/sysctl_net_core.c one;
 * move the ipv4_config to af_inet.c to exist all the time;
 * remove additional sysctl_ip_nonlocal_bind declaration
   (it is already declared in net/ip.h);
 * remove no nonger needed ifdefs from this file.

This is a preparation for using ctl paths for net/ipv4/
sysctl table.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Isolate the net/core/ sysctl table
Pavel Emelyanov [Wed, 5 Dec 2007 09:37:34 +0000 (01:37 -0800)]
[NET]: Isolate the net/core/ sysctl table

Using ctl paths we can put all the stuff, related to net/core/
sysctl table, into one file and remove all the references on it.

As a good side effect this hides the "core_table" name from
the global scope :)

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Remove unneeded ifdefs from sysctl_net_core.c
Pavel Emelyanov [Wed, 5 Dec 2007 09:36:23 +0000 (01:36 -0800)]
[NET]: Remove unneeded ifdefs from sysctl_net_core.c

This file is already compiled out when the SYSCTL=n, so
these ifdefs, that enclose the whole file, can be removed.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: Select CONFIG_NETFILTER_NETLINK when needed
Patrick McHardy [Wed, 5 Dec 2007 09:31:52 +0000 (01:31 -0800)]
[NETFILTER]: Select CONFIG_NETFILTER_NETLINK when needed

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: remove NF_CONNTRACK_ENABLED option
Patrick McHardy [Wed, 5 Dec 2007 09:31:37 +0000 (01:31 -0800)]
[NETFILTER]: remove NF_CONNTRACK_ENABLED option

Remove the NF_CONNTRACK_ENABLED option. It was meant for a smoother upgrade
to nf_conntrack, people having reconfigured their kernel at least once since
ip_conntrack was removed will have the NF_CONNTRACK option already set.
People upgrading from older kernels have to reconfigure a lot anyway.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: update copyright
Patrick McHardy [Wed, 5 Dec 2007 09:31:17 +0000 (01:31 -0800)]
[NETFILTER]: nfnetlink_queue: update copyright

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: remove useless enqueue status codes
Patrick McHardy [Wed, 5 Dec 2007 09:31:01 +0000 (01:31 -0800)]
[NETFILTER]: nfnetlink_queue: remove useless enqueue status codes

The queueing core doesn't care about the exact return value from
the queue handler, so there's no need to go through the trouble
of returning a meaningful value as long as we indicate an error.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: eliminate impossible switch case
Patrick McHardy [Wed, 5 Dec 2007 09:30:29 +0000 (01:30 -0800)]
[NETFILTER]: nfnetlink_queue: eliminate impossible switch case

We don't need a default case in nfqnl_build_packet_message(), the
copy_mode is validated when it is set. Tell the compiler about
the possible types and remove the default case. Saves 80b of
text on x86_64.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: use endianness-aware attribute functions
Patrick McHardy [Wed, 5 Dec 2007 09:30:02 +0000 (01:30 -0800)]
[NETFILTER]: nfnetlink_queue: use endianness-aware attribute functions

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: mark hash table __read_mostly
Patrick McHardy [Wed, 5 Dec 2007 09:29:38 +0000 (01:29 -0800)]
[NETFILTER]: nfnetlink_queue: mark hash table __read_mostly

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: remove useless debugging
Patrick McHardy [Wed, 5 Dec 2007 09:29:23 +0000 (01:29 -0800)]
[NETFILTER]: nfnetlink_queue: remove useless debugging

Originally I wanted to just remove the QDEBUG macro and use pr_debug, but
none of the messages seems worth keeping.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: kill useless wrapper
Patrick McHardy [Wed, 5 Dec 2007 09:29:05 +0000 (01:29 -0800)]
[NETFILTER]: nfnetlink_queue: kill useless wrapper

nfqnl_set_mode takes the queue lock and calls __nfqnl_set_mode. Just move
the code from __nfqnl_set_mode to nfqnl_set_mode since there is no other
user.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink: use RCU for queue instances hash
Patrick McHardy [Wed, 5 Dec 2007 09:28:50 +0000 (01:28 -0800)]
[NETFILTER]: nfnetlink: use RCU for queue instances hash

Use RCU for queue instances hash. Avoids multiple atomic operations
for each packet.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: fix checks in nfqnl_recv_config
Patrick McHardy [Wed, 5 Dec 2007 09:28:30 +0000 (01:28 -0800)]
[NETFILTER]: nfnetlink_queue: fix checks in nfqnl_recv_config

The peer_pid must be checked in all cases when a queue exists, currently
it is not checked if for NFQA_CFG_QUEUE_MAXLEN when a NFQA_CFG_CMD
attribute exists in some cases. Same for the queue existance check,
which can cause a NULL pointer dereference.

Also consistently return -ENODEV for "queue not found". -ENOENT would
be better, but that is already used to indicate a queued skb id doesn't
exist.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: avoid unnecessary atomic operation
Patrick McHardy [Wed, 5 Dec 2007 09:28:10 +0000 (01:28 -0800)]
[NETFILTER]: nfnetlink_queue: avoid unnecessary atomic operation

The sequence counter doesn't need to be an atomic_t, just move the increment
inside the locked section.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: remove annoying debugging message
Patrick McHardy [Wed, 5 Dec 2007 09:27:46 +0000 (01:27 -0800)]
[NETFILTER]: remove annoying debugging message

Don't log "nf_hook: Verdict = QUEUE." message with NETFILTER_DEBUG=y.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: clean up error paths
Patrick McHardy [Wed, 5 Dec 2007 09:27:19 +0000 (01:27 -0800)]
[NETFILTER]: nf_queue: clean up error paths

Move duplicated error handling to end of function and add a helper function
to release the device and module references from the queue entry.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: {nfnetlink,ip,ip6}_queue: kill issue_verdict
Patrick McHardy [Wed, 5 Dec 2007 09:27:02 +0000 (01:27 -0800)]
[NETFILTER]: {nfnetlink,ip,ip6}_queue: kill issue_verdict

Now that issue_verdict doesn't need to free the queue entries anymore,
all it does is disable local BHs and call nf_reinject. Move the BH
disabling to the okfn invocation in nf_reinject and kill the
issue_verdict functions.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: move list_head/skb/id to struct nf_info
Patrick McHardy [Wed, 5 Dec 2007 09:26:33 +0000 (01:26 -0800)]
[NETFILTER]: nf_queue: move list_head/skb/id to struct nf_info

Move common fields for queue management to struct nf_info and rename it
to struct nf_queue_entry. The avoids one allocation/free per packet and
simplifies the code a bit.

Alternatively we could add some private room at the tail, but since
all current users use identical structs this seems easier.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: ip6_queue: resync dev-index based flushing
Patrick McHardy [Wed, 5 Dec 2007 09:26:18 +0000 (01:26 -0800)]
[NETFILTER]: ip6_queue: resync dev-index based flushing

Resync dev_cmp to take bridge devices into account.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: ip6_queue: deobfuscate entry lookups
Patrick McHardy [Wed, 5 Dec 2007 09:26:02 +0000 (01:26 -0800)]
[NETFILTER]: ip6_queue: deobfuscate entry lookups

A queue entry lookup currently looks like this:

ipq_find_dequeue_entry -> __ipq_find_dequeue_entry ->
__ipq_find_entry -> cmpfn -> id_cmp

Use simple open-coded list walking and kill the cmpfn for
ipq_find_dequeue_entry. Instead add it to ipq_flush (after
similar cleanups) and use ipq_flush for both complete flushes
and flushing entries related to a device.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: ip_queue: deobfuscate entry lookups
Patrick McHardy [Wed, 5 Dec 2007 09:25:46 +0000 (01:25 -0800)]
[NETFILTER]: ip_queue: deobfuscate entry lookups

A queue entry lookup currently looks like this:

ipq_find_dequeue_entry -> __ipq_find_dequeue_entry ->
__ipq_find_entry -> cmpfn -> id_cmp

Use simple open-coded list walking and kill the cmpfn for
ipq_find_dequeue_entry. Instead add it to ipq_flush (after
similar cleanups) and use ipq_flush for both complete flushes
and flushing entries related to a device.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nfnetlink_queue: deobfuscate entry lookups
Patrick McHardy [Wed, 5 Dec 2007 09:25:30 +0000 (01:25 -0800)]
[NETFILTER]: nfnetlink_queue: deobfuscate entry lookups

A queue entry lookup currently looks like this:

find_dequeue_entry -> __find_dequeue_entry ->
__find_entry -> cmpfn -> id_cmp

Use simple open-coded list walking and kill the cmpfn for
find_dequeue_entry. Instead add it to nfqnl_flush (after
similar cleanups) and use nfqnl_flush for both complete
flushes and flushing entries related to a device.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: {nf_netlink,ip,ip6}_queue: use list_for_each_entry
Patrick McHardy [Wed, 5 Dec 2007 09:25:03 +0000 (01:25 -0800)]
[NETFILTER]: {nf_netlink,ip,ip6}_queue: use list_for_each_entry

Use list_add_tail/list_for_each_entry instead of list_add and
list_for_each_prev as a preparation for switching to RCU.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: move queueing related functions/struct to seperate header
Patrick McHardy [Wed, 5 Dec 2007 09:24:48 +0000 (01:24 -0800)]
[NETFILTER]: nf_queue: move queueing related functions/struct to seperate header

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: remove unused data pointer
Patrick McHardy [Wed, 5 Dec 2007 09:24:30 +0000 (01:24 -0800)]
[NETFILTER]: nf_queue: remove unused data pointer

Remove the data pointer from struct nf_queue_handler. It has never been used
and is useless for the only handler that really matters, nfnetlink_queue,
since the handler is shared between all instances.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: make queue_handler const
Patrick McHardy [Wed, 5 Dec 2007 09:23:57 +0000 (01:23 -0800)]
[NETFILTER]: nf_queue: make queue_handler const

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: remove unnecessary hook existance check
Patrick McHardy [Wed, 5 Dec 2007 09:23:41 +0000 (01:23 -0800)]
[NETFILTER]: nf_queue: remove unnecessary hook existance check

We hold a module reference for each queued packet, so the hook that
queued the packet can't disappear. Also remove an obsolete  comment
stating the opposite.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_queue: minor cleanup
Patrick McHardy [Wed, 5 Dec 2007 09:23:17 +0000 (01:23 -0800)]
[NETFILTER]: nf_queue: minor cleanup

Clean up

if (x) y;

constructs. We've got nothing to hide :)

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: Mark hooks __read_mostly
Patrick McHardy [Wed, 5 Dec 2007 09:23:00 +0000 (01:23 -0800)]
[NETFILTER]: Mark hooks __read_mostly

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: Use nf_register_hooks for multiple registrations
Patrick McHardy [Wed, 5 Dec 2007 09:22:43 +0000 (01:22 -0800)]
[NETFILTER]: Use nf_register_hooks for multiple registrations

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_conntrack_proto_icmp: kill extern declaration in .c file
Patrick McHardy [Wed, 5 Dec 2007 09:22:24 +0000 (01:22 -0800)]
[NETFILTER]: nf_conntrack_proto_icmp: kill extern declaration in .c file

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: nf_ct_h323: remove ipv6 module dependency
Patrick McHardy [Wed, 5 Dec 2007 09:22:05 +0000 (01:22 -0800)]
[NETFILTER]: nf_ct_h323: remove ipv6 module dependency

nf_conntrack_h323 needs ip6_route_output for the call forwarding filter.
Add a ->route function to nf_afinfo and use that to avoid pulling in the
ipv6 module.

Fix the #ifdef for the IPv6 code while I'm at it - the IPv6 support is
only needed when IPv6 conntrack is enabled.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: xt_hashlimit: remove ip6tables module dependency
Patrick McHardy [Wed, 5 Dec 2007 07:51:48 +0000 (23:51 -0800)]
[NETFILTER]: xt_hashlimit: remove ip6tables module dependency

Switch from ipv6_find_hdr to ipv6_skip_exthdr to avoid pulling in ip6_tables
and ipv6 when only using it for IPv4.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: {ip,ip6}t_LOG: log GID
Maciej Soltysiak [Wed, 5 Dec 2007 07:50:38 +0000 (23:50 -0800)]
[NETFILTER]: {ip,ip6}t_LOG: log GID

Log GID in addition to UID

Signed-off-by: Maciej Soltysiak <maciej.soltysiak@ae.poznan.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: x_tables: add rateest match
Patrick McHardy [Tue, 4 Dec 2007 12:02:19 +0000 (13:02 +0100)]
[NETFILTER]: x_tables: add rateest match

Add rate estimator match. The rate estimator match can match on
estimated rates by the RATEEST target. It supports matching on
absolute bps/pps values, comparing two rate estimators and matching
on the difference between two rate estimators.

This is what I use to route outgoing data connections from a FTP
server over two lines based on the  available bandwidth:

# estimate outgoing rates
iptables -t mangle -A POSTROUTING -o eth0 -j RATEEST --rateest-name eth0 \
                                                     --rateest-interval 250ms \
                                                     --rateest-ewma 0.5s
iptables -t mangle -A POSTROUTING -o ppp0 -j RATEEST --rateest-name ppp0 \
                                                     --rateest-interval 250ms \
                                                     --rateest-ewma 0.5s

# mark based on available bandwidth
iptables -t mangle -A BALANCE -m state --state NEW \
                              -m helper --helper ftp \
                              -m rateest --rateest-delta \
                                         --rateest1 eth0 \
                                         --rateest-bps1 2.5mbit \
                                         --rateest-gt \
                                         --rateest2 ppp0 \
                                         --rateest-bps2 2mbit \
                              -j CONNMARK --set-mark 0x1

iptables -t mangle -A BALANCE -m state --state NEW \
                              -m helper --helper ftp \
                              -m rateest --rateest-delta \
                                         --rateest1 ppp0 \
                                         --rateest-bps1 2mbit \
                                         --rateest-gt \
                                         --rateest2 eth0 \
                                         --rateest-bps2 2.5mbit \
                              -j CONNMARK --set-mark 0x2

iptables -t mangle -A BALANCE -j CONNMARK --restore-mark

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: x_tables: add RATEEST target
Patrick McHardy [Wed, 5 Dec 2007 07:40:05 +0000 (23:40 -0800)]
[NETFILTER]: x_tables: add RATEEST target

Add new rate estimator target (using gen_estimator). In combination with
the rateest match (next patch) this can be used for load-based multipath
routing.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: ip_tables: remove obsolete SAME target
Patrick McHardy [Wed, 5 Dec 2007 07:39:36 +0000 (23:39 -0800)]
[NETFILTER]: ip_tables: remove obsolete SAME target

Remove the ipt_SAME target as scheduled in feature-removal-schedule.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: IPv6 capable xt_TOS v1 target
Jan Engelhardt [Wed, 5 Dec 2007 07:39:09 +0000 (23:39 -0800)]
[NETFILTER]: IPv6 capable xt_TOS v1 target

Extends the xt_DSCP target by xt_TOS v1 to add support for selectively
setting and flipping any bit in the IPv4 TOS and IPv6 Priority fields.
(ipt_TOS and xt_DSCP only accepted a limited range of possible
values.)

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: IPv6 capable xt_tos v1 match
Jan Engelhardt [Wed, 5 Dec 2007 07:38:30 +0000 (23:38 -0800)]
[NETFILTER]: IPv6 capable xt_tos v1 match

Extends the xt_dscp match by xt_tos v1 to add support for selectively
matching any bit in the IPv4 TOS and IPv6 Priority fields. (ipt_tos
and xt_dscp only accepted a limited range of possible values.)

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: Merge ipt_TOS into xt_DSCP
Jan Engelhardt [Wed, 5 Dec 2007 07:38:13 +0000 (23:38 -0800)]
[NETFILTER]: Merge ipt_TOS into xt_DSCP

Merge ipt_TOS into xt_DSCP.

Merge ipt_TOS (tos v0 target) into xt_DSCP. They both modify the same
field in the IPv4 header, so it seems reasonable to keep them in one
piece. This is part two of the implicit 4-patch series to move tos to
xtables and extend it by IPv6.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: Merge ipt_tos into xt_dscp
Jan Engelhardt [Wed, 5 Dec 2007 07:37:54 +0000 (23:37 -0800)]
[NETFILTER]: Merge ipt_tos into xt_dscp

Merge ipt_tos into xt_dscp.

Merge ipt_tos (tos v0 match) into xt_dscp. They both match on the same
field in the IPv4 header, so it seems reasonable to keep them in one
piece. This is part one of the implicit 4-patch series to move tos to
xtables and extend it by IPv6.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Constify include/net/dsfield.h
Jan Engelhardt [Wed, 5 Dec 2007 07:37:29 +0000 (23:37 -0800)]
[NET]: Constify include/net/dsfield.h

Constify include/net/dsfield.h

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: Use lowercase names for matches in Kconfig
Jan Engelhardt [Wed, 5 Dec 2007 07:31:59 +0000 (23:31 -0800)]
[NETFILTER]: Use lowercase names for matches in Kconfig

Unify netfilter match kconfig descriptions

Consistently use lowercase for matches in kconfig one-line
descriptions and name the match module.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: ipt_addrtype: limit address type checking to an interface
Laszlo Attila Toth [Wed, 5 Dec 2007 07:30:18 +0000 (23:30 -0800)]
[NETFILTER]: ipt_addrtype: limit address type checking to an interface

Addrtype match has a new revision (1), which lets address type checking
limited to the interface the current packet belongs to. Either incoming
or outgoing interface can be used depending on the current hook. In the
FORWARD hook two maches should be used if both interfaces have to be checked.
The new structure is ipt_addrtype_info_v1.

Revision 0 lets older userspace programs use the match as earlier.
ipt_addrtype_info is used.

Signed-off-by: Laszlo Attila Toth <panther@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: Add inet_dev_addr_type()
Laszlo Attila Toth [Wed, 5 Dec 2007 07:28:46 +0000 (23:28 -0800)]
[IPV4]: Add inet_dev_addr_type()

Address type search can be limited to an interface by
inet_dev_addr_type function.

Signed-off-by: Laszlo Attila Toth <panther@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: merge ipt_owner/ip6t_owner in xt_owner
Jan Engelhardt [Wed, 5 Dec 2007 07:27:38 +0000 (23:27 -0800)]
[NETFILTER]: merge ipt_owner/ip6t_owner in xt_owner

xt_owner merges ipt_owner and ip6t_owner, and adds a flag to match
on socket (non-)existence.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: x_tables: remove obsolete overflow check
Patrick McHardy [Wed, 5 Dec 2007 07:25:26 +0000 (23:25 -0800)]
[NETFILTER]: x_tables: remove obsolete overflow check

We're not multiplying the size with the number of CPUs anymore, so the
check is obsolete.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: x_tables: struct xt_table_info diet
Eric Dumazet [Wed, 5 Dec 2007 07:24:56 +0000 (23:24 -0800)]
[NETFILTER]: x_tables: struct xt_table_info diet

Instead of using a big array of NR_CPUS entries, we can compute the size
needed at runtime, using nr_cpu_ids

This should save some ram (especially on David's machines where NR_CPUS=4096 :
32 KB can be saved per table, and 64KB for dynamically allocated ones (because
of slab/slub alignements) )

In particular, the 'bootstrap' tables are not any more static (in data
section) but on stack as their size is now very small.

This also should reduce the size used on stack in compat functions
(get_info() declares an automatic variable, that could be bigger than kernel
stack size for big NR_CPUS)

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: x_tables: consistent and unique symbol names
Jan Engelhardt [Wed, 5 Dec 2007 07:24:03 +0000 (23:24 -0800)]
[NETFILTER]: x_tables: consistent and unique symbol names

Give all Netfilter modules consistent and unique symbol names.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>