12 years ago[NETFILTER]: xt_MARK target, revision 2
Jan Engelhardt [Tue, 15 Jan 2008 07:38:52 +0000]
[NETFILTER]: xt_MARK target, revision 2

Introduces the xt_MARK target revision 2. It uses fixed types, and
also uses the more expressive XOR logic.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETFILTER]: xt_CONNMARK target, revision 1
Jan Engelhardt [Tue, 15 Jan 2008 07:38:34 +0000]
[NETFILTER]: xt_CONNMARK target, revision 1

Introduces the xt_CONNMARK target revision 1. It uses fixed types, and
also uses the more expressive XOR logic. Futhermore, it allows to
selectively pick bits from both the ctmark and the nfmark in the SAVE
and RESTORE operations.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETFILTER]: Annotate start of kernel fields in NF headers
Jan Engelhardt [Tue, 15 Jan 2008 07:33:14 +0000]
[NETFILTER]: Annotate start of kernel fields in NF headers

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETFILTER]: xt_TOS: Properly set the TOS field
Jan Engelhardt [Tue, 15 Jan 2008 07:32:54 +0000]
[NETFILTER]: xt_TOS: Properly set the TOS field

Fix incorrect mask value passed to ipv4_change_dsfield/ipv6_change_dsfield.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETFILTER]: xt_TOS: Change semantic of mask value
Jan Engelhardt [Tue, 15 Jan 2008 07:32:37 +0000]
[NETFILTER]: xt_TOS: Change semantic of mask value

This patch changes the behavior of xt_TOS v1 so that the mask value
the user supplies means "zero out these bits" rather than "keep these
bits". This is more easy on the user, as (I would assume) people keep
more bits than zeroing, so, an example:

Action:     Set bit 0x01.
     before (&): iptables -j TOS --set-tos 0x01/0xFE
     after (&~): iptables -j TOS --set-tos 0x01/0x01

This is not too "tragic" with xt_TOS, but where larger fields are used
(e.g. proposed xt_MARK v2), `--set-xmar 0x01/0x01` vs. `--set-xmark
0x01/0xFFFFFFFE` really makes a difference. Other target(!) modules,
such as xt_TPROXY also use &~ rather than &, so let's get to a common
ground.

(Since xt_TOS has not yet left the development tree en direction to
mainline, the semantic can be changed as proposed without breaking
iptables.)

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETFILTER]: remove ipt_TOS.c
Jan Engelhardt [Tue, 15 Jan 2008 07:32:13 +0000]
[NETFILTER]: remove ipt_TOS.c

Commit 88c85d81f74f92371745158aebc5cbf490412002 forgot to remove the
old ipt_TOS file (whose code has been merged into xt_DSCP). Remove
it now.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETFILTER]: Remove some EXPERIMENTAL dependencies
Patrick McHardy [Tue, 15 Jan 2008 07:31:36 +0000]
[NETFILTER]: Remove some EXPERIMENTAL dependencies

Most of the netfilter modules are not considered experimental anymore,
the only ones I want to keep marked as EXPERIMENTAL are:

- TCPOPTSTRIP target, which is brand new.

- SANE helper, which is quite new.

- CLUSTERIP target, which I believe hasn't had much testing despite
  being in the kernel for quite a long time.

- SCTP match and conntrack protocol, which are a mess and need to
  be reviewed and cleaned up before I would trust them.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETFILTER]: Hide a few more options under NETFILTER_ADVANCED
Patrick McHardy [Tue, 15 Jan 2008 07:30:56 +0000]
[NETFILTER]: Hide a few more options under NETFILTER_ADVANCED

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4]: fib hash|trie initialization
Stephen Hemminger [Tue, 15 Jan 2008 07:14:20 +0000]
[IPV4]: fib hash|trie initialization

Initialization of the slab cache's should be done when IP is
initialized to make sure of available memory, and that code can be
marked __init.

Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4] fib_trie: size and statistics
Stephen Hemminger [Tue, 15 Jan 2008 07:11:54 +0000]
[IPV4] fib_trie: size and statistics

Show number of entries in trie, the size field was being set but never used,
but it only counted leaves, not all entries. Refactor the two cases in
fib_triestat_seq_show into a single routine.

Note: the stat structure was being malloc'd but the stack usage isn't so
high (288 bytes) that it is worth the additional complexity.

Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[FIB]: Avoid using static variables without proper locking
Eric Dumazet [Tue, 15 Jan 2008 07:09:56 +0000]
[FIB]: Avoid using static variables without proper locking

fib_trie_seq_show() uses two helper functions, rtn_scope() and
rtn_type() that can write to static storage without locking.

Just pass to them a temporary buffer to avoid potential corruption
(probably not triggerable but still...)

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Process inet_confirm_addr in the correct namespace.
Denis V. Lunev [Tue, 15 Jan 2008 07:06:19 +0000]
[NETNS]: Process inet_confirm_addr in the correct namespace.

inet_confirm_addr can be called with NULL in_dev from arp_ignore iff
scope is RT_SCOPE_LINK.

Lets always pass the device and check for RT_SCOPE_LINK scope inside
inet_confirm_addr. This let us take network namespace from in_device a
need for an additional argument.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4]: Remove extra argument from arp_ignore.
Denis V. Lunev [Tue, 15 Jan 2008 07:05:55 +0000]
[IPV4]: Remove extra argument from arp_ignore.

arp_ignore has two arguments: dev & in_dev. dev is used for
inet_confirm_addr calling only.

inet_confirm_addr, in turn, either gets in_dev from the device passed
or iterates over all network devices if the device passed is NULL. It
seems logical to directly pass in_dev into inet_confirm_addr.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[ARP]: neigh_parms_put(destroy) are essentially local to core/neighbour.c.
Denis V. Lunev [Thu, 24 Jan 2008 08:30:58 +0000]
[ARP]: neigh_parms_put(destroy) are essentially local to core/neighbour.c.

Make them static.

[ Moved the inline before, instead of after, call sites. -DaveM ]

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[ARP]: Remove forward declaration of neigh_changeaddr.
Denis V. Lunev [Tue, 15 Jan 2008 07:00:22 +0000]
[ARP]: Remove forward declaration of neigh_changeaddr.

No need for this. It is declared in the neighbour.h

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[ARP]: Remove overkill checks from neigh_param_alloc.
Denis V. Lunev [Tue, 15 Jan 2008 06:59:59 +0000]
[ARP]: Remove overkill checks from neigh_param_alloc.

Valid network device is always passed into neigh_param_alloc, so
remove extra checking for dev == NULL. Additionally, cleanup bogus
netns assignment.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4]: fib_rules_unregister is essentially void.
Denis V. Lunev [Tue, 15 Jan 2008 06:59:30 +0000]
[IPV4]: fib_rules_unregister is essentially void.

fib_rules_unregister is called only after successful register and the
return code is never checked.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Make arp code network namespace consistent.
Denis V. Lunev [Tue, 15 Jan 2008 06:58:55 +0000]
[NETNS]: Make arp code network namespace consistent.

Some calls in the arp.c have network namespace as an argument. Getting
init_net inside these functions is simply inconsistent. Fix this.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[ARP]: Move inet_addr_type call after simple error checks in arp_contructor.
Denis V. Lunev [Tue, 15 Jan 2008 06:56:01 +0000]
[ARP]: Move inet_addr_type call after simple error checks in arp_contructor.

The neighbour entry will be destroyed in the case of error, so it is
pointless to perform constly routing table lookup in this case.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][RAW]: Create the /proc/net/raw(6) in each namespace.
Pavel Emelyanov [Mon, 14 Jan 2008 13:36:50 +0000]
[NETNS][RAW]: Create the /proc/net/raw(6) in each namespace.

To do so, just register the proper subsystem and create files in
->init callbacks.

No other special per-namespace handling for raw sockets is required.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][RAW]: Eliminate explicit init_net references.
Pavel Emelyanov [Mon, 14 Jan 2008 13:36:27 +0000]
[NETNS][RAW]: Eliminate explicit init_net references.

Happily, in all the rest places (->bind callbacks only), that require the
struct net, we have a socket, so get the net from it.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][RAW]: Make /proc/net/raw(6) show per-namespace socket list.
Pavel Emelyanov [Mon, 14 Jan 2008 13:35:57 +0000]
[NETNS][RAW]: Make /proc/net/raw(6) show per-namespace socket list.

Pull the struct net pointer up to the showing functions
to filter the sockets depending on their namespaces.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][RAW]: Make ipv[46] raw sockets lookup namespaces aware.
Pavel Emelyanov [Mon, 14 Jan 2008 13:35:31 +0000]
[NETNS][RAW]: Make ipv[46] raw sockets lookup namespaces aware.

This requires just to pass the appropriate struct net pointer
into __raw_v[46]_lookup and skip sockets that do not belong
to a needed namespace.

The proper net is get from skb->dev in all the cases.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[FIB]: full_children & empty_children should be uint, not ushort
Eric Dumazet [Mon, 14 Jan 2008 06:31:44 +0000]
[FIB]: full_children & empty_children should be uint, not ushort

If declared as unsigned short, these fields can overflow, and whole
trie logic is broken. I could not make the machine crash, but some
tnode can never be freed.

Note for 64 bit arches : By reordering t_key and parent in [node,
leaf, tnode] structures, we can use 32 bits hole after t_key so that
sizeof(struct tnode) doesnt change after this patch.

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Robert Olsson <robert.olsson@its.uu.se>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[AX25]: sparse cleanups
Eric Dumazet [Mon, 14 Jan 2008 06:29:41 +0000]
[AX25]: sparse cleanups

net/ax25/ax25_route.c:251:13: warning: context imbalance in
'ax25_rt_seq_start' - wrong count at exit
net/ax25/ax25_route.c:276:13: warning: context imbalance in 'ax25_rt_seq_stop'
- unexpected unlock
net/ax25/ax25_std_timer.c:65:25: warning: expensive signed divide
net/ax25/ax25_uid.c:46:1: warning: symbol 'ax25_uid_list' was not declared.
Should it be static?
net/ax25/ax25_uid.c:146:13: warning: context imbalance in 'ax25_uid_seq_start'
- wrong count at exit
net/ax25/ax25_uid.c:169:13: warning: context imbalance in 'ax25_uid_seq_stop'
- unexpected unlock
net/ax25/af_ax25.c:573:28: warning: expensive signed divide
net/ax25/af_ax25.c:1865:13: warning: context imbalance in 'ax25_info_start' -
wrong count at exit
net/ax25/af_ax25.c:1888:13: warning: context imbalance in 'ax25_info_stop' -
unexpected unlock
net/ax25/ax25_ds_timer.c:133:25: warning: expensive signed divide

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[X25]: Avoid divides and sparse warnings
Eric Dumazet [Mon, 14 Jan 2008 06:27:52 +0000]
[X25]: Avoid divides and sparse warnings

   CHECK   net/x25/af_x25.c
net/x25/af_x25.c:117:46: warning: expensive signed divide
   CHECK   net/x25/x25_facilities.c
net/x25/x25_facilities.c:209:30: warning: expensive signed divide
   CHECK   net/x25/x25_in.c
net/x25/x25_in.c:250:26: warning: expensive signed divide
   CHECK   net/x25/x25_proc.c
net/x25/x25_proc.c:48:11: warning: context imbalance in 'x25_seq_route_start'
- wrong count at exit
net/x25/x25_proc.c:72:13: warning: context imbalance in 'x25_seq_route_stop' -
unexpected unlock
net/x25/x25_proc.c:112:11: warning: context imbalance in
'x25_seq_socket_start' - wrong count at exit
net/x25/x25_proc.c:129:13: warning: context imbalance in 'x25_seq_socket_stop'
- unexpected unlock
net/x25/x25_proc.c:190:11: warning: context imbalance in
'x25_seq_forward_start' - wrong count at exit
net/x25/x25_proc.c:215:13: warning: context imbalance in
'x25_seq_forward_stop' - unexpected unlock
   CHECK   net/x25/x25_subr.c
net/x25/x25_subr.c:362:57: warning: expensive signed divide

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4] fib_trie: removes a memset() call in tnode_new()
Eric Dumazet [Sun, 13 Jan 2008 08:43:22 +0000]
[IPV4] fib_trie: removes a memset() call in tnode_new()

tnode_alloc() already clears allocated memory, using kcalloc() or
alloc_pages(GFP_KERNEL|__GFP_ZERO, ...)

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4] FIB: Include nexthop device indexes in fib_info hashfn.
David S. Miller [Sun, 13 Jan 2008 05:49:01 +0000]
[IPV4] FIB: Include nexthop device indexes in fib_info hashfn.

Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[XFRM]: Fix struct xfrm_algo code formatting.
David S. Miller [Sun, 13 Jan 2008 05:31:29 +0000]
[XFRM]: Fix struct xfrm_algo code formatting.

Realign struct members.

Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[XFRM]: alg_key_len should be unsigned to avoid integer divides
Eric Dumazet [Sun, 13 Jan 2008 05:30:23 +0000]
[XFRM]: alg_key_len should be unsigned to avoid integer divides

alg_key_len is currently defined as 'signed int'. This unfortunatly
leads to integer divides in several paths.

Converting it to unsigned is safe and saves 208 bytes of text on i386.

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[PKT_SCHED] HTB: htb_classid is dead static inline
Ilpo Järvinen [Sun, 13 Jan 2008 05:29:14 +0000]
[PKT_SCHED] HTB: htb_classid is dead static inline

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NET] core/utils.c: digit2bin is dead static inline
Ilpo Järvinen [Sun, 13 Jan 2008 05:28:37 +0000]
[NET] core/utils.c: digit2bin is dead static inline

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[FIB]: Reduce text size of net/ipv4/fib_trie.o
Eric Dumazet [Sun, 13 Jan 2008 05:27:41 +0000]
[FIB]: Reduce text size of net/ipv4/fib_trie.o

In struct tnode, we use two fields of 5 bits for 'pos' and 'bits'.
Switching to plain 'unsigned char' (8 bits) take the same space
because of compiler alignments, and reduce text size by 435 bytes
on i386.

On i386 :
$ size net/ipv4/fib_trie.o.before_patch net/ipv4/fib_trie.o
    text    data     bss     dec     hex filename
   13714       4      64   13782    35d6 net/ipv4/fib_trie.o.before
   13279       4      64   13347    3423 net/ipv4/fib_trie.o

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Acked-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETFILTER] xt_policy.c: kill some bloat
Ilpo Järvinen [Sun, 13 Jan 2008 05:26:31 +0000]
[NETFILTER] xt_policy.c: kill some bloat

net/netfilter/xt_policy.c:
  policy_mt | -906
 1 function changed, 906 bytes removed, diff: -906

net/netfilter/xt_policy.c:
  match_xfrm_state | +427
 1 function changed, 427 bytes added, diff: +427

net/netfilter/xt_policy.o:
 2 functions changed, 427 bytes added, 906 bytes removed, diff: -479

Alternatively, this could be done by combining identical
parts of the match_policy_in/out()

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4] fib_trie: Fix sparse warnings.
Stephen Hemminger [Sun, 13 Jan 2008 05:25:02 +0000]
[IPV4] fib_trie: Fix sparse warnings.

Make FIB TRIE go through sparse checker without warnings.

Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4] fib_trie: Add statistics.
Stephen Hemminger [Sun, 13 Jan 2008 05:23:17 +0000]
[IPV4] fib_trie: Add statistics.

The FIB TRIE code has a bunch of statistics, but the code is hidden
behind an ifdef that was never implemented. Since it was dead code, it
was broken as well.

This patch fixes that by making it a config option.

Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4] FIB: printk related cleanups
Stephen Hemminger [Sun, 13 Jan 2008 04:58:35 +0000]
[IPV4] FIB: printk related cleanups

printk related cleanups:
 * Get rid of unused printk wrappers.
 * Make bug checks into KERN_WARNING because KERN_DEBUG gets ignored
 * Turn one cryptic old message into something real
 * Make sure all messages have KERN_XXX

Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4] fib_trie: fib_insert_node cleanup
Stephen Hemminger [Sun, 13 Jan 2008 04:57:07 +0000]
[IPV4] fib_trie: fib_insert_node cleanup

The only error from fib_insert_node is if memory allocation fails, so
instead of passing by reference, just use the convention of returning
NULL.

Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4] fib_trie: Use %u for unsigned printfs.
Stephen Hemminger [Sun, 13 Jan 2008 04:55:55 +0000]
[IPV4] fib_trie: Use %u for unsigned printfs.

Use %u instead of %d when printing unsigned values.

Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4] fib_trie: Get rid of unused revision element.
Stephen Hemminger [Sun, 13 Jan 2008 04:50:23 +0000]
[IPV4] fib_trie: Get rid of unused revision element.

The revision element must of been part of an earlier design, because
currently it is set but never used.

Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4] fib_trie: Get rid of trie_init().
Stephen Hemminger [Sun, 13 Jan 2008 04:49:13 +0000]
[IPV4] fib_trie: Get rid of trie_init().

trie_init is worthless it is just zeroing stuff that is already zero!
Move the memset() down to make it obvious.

Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[PKTGEN]: uninline getCurUs
Ilpo Järvinen [Sat, 12 Jan 2008 11:25:00 +0000]
[PKTGEN]: uninline getCurUs

net/core/pktgen.c:
  pktgen_stop_device   |  -50
  pktgen_run           | -105
  pktgen_if_show       |  -37
  pktgen_thread_worker | -702
 4 functions changed, 894 bytes removed, diff: -894

net/core/pktgen.c:
  getCurUs |  +36
 1 function changed, 36 bytes added, diff: +36

net/core/pktgen.o:
 5 functions changed, 36 bytes added, 894 bytes removed, diff: -858

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[PKTGEN]: Kill dead static inlines
Ilpo Järvinen [Sat, 12 Jan 2008 11:23:58 +0000]
[PKTGEN]: Kill dead static inlines

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETLINK] af_netlink: kill some bloat
Ilpo Järvinen [Sat, 12 Jan 2008 11:21:50 +0000]
[NETLINK] af_netlink: kill some bloat

net/netlink/af_netlink.c:
  netlink_realloc_groups        |  -46
  netlink_insert                |  -49
  netlink_autobind              |  -94
  netlink_clear_multicast_users |  -48
  netlink_bind                  |  -55
  netlink_setsockopt            |  -54
  netlink_release               |  -86
  netlink_kernel_create         |  -47
  netlink_change_ngroups        |  -56
 9 functions changed, 535 bytes removed, diff: -535

net/netlink/af_netlink.c:
  netlink_table_ungrab |  +53
 1 function changed, 53 bytes added, diff: +53

net/netlink/af_netlink.o:
 10 functions changed, 53 bytes added, 535 bytes removed, diff: -482

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV6] route: kill some bloat
Ilpo Järvinen [Sat, 12 Jan 2008 11:21:00 +0000]
[IPV6] route: kill some bloat

net/ipv6/route.c:
  ip6_pkt_prohibit_out | -130
  ip6_pkt_discard      | -261
  ip6_pkt_discard_out  | -130
  ip6_pkt_prohibit     | -261
 4 functions changed, 782 bytes removed, diff: -782

net/ipv6/route.c:
  ip6_pkt_drop | +300
 1 function changed, 300 bytes added, diff: +300

net/ipv6/route.o:
 5 functions changed, 300 bytes added, 782 bytes removed, diff: -482

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[XFRM] xfrm_policy: kill some bloat
Ilpo Järvinen [Sat, 12 Jan 2008 11:20:03 +0000]
[XFRM] xfrm_policy: kill some bloat

net/xfrm/xfrm_policy.c:
  xfrm_audit_policy_delete | -692
  xfrm_audit_policy_add    | -692
 2 functions changed, 1384 bytes removed, diff: -1384

net/xfrm/xfrm_policy.c:
  xfrm_audit_common_policyinfo | +704
 1 function changed, 704 bytes added, diff: +704

net/xfrm/xfrm_policy.o:
 3 functions changed, 704 bytes added, 1384 bytes removed, diff: -680

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[TCP]: Uninline tcp_is_cwnd_limited
Ilpo Järvinen [Sat, 12 Jan 2008 11:19:12 +0000]
[TCP]: Uninline tcp_is_cwnd_limited

net/ipv4/tcp_cong.c:
  tcp_reno_cong_avoid |  -65
 1 function changed, 65 bytes removed, diff: -65

net/ipv4/arp.c:
  arp_ignore |   -5
 1 function changed, 5 bytes removed, diff: -5

net/ipv4/tcp_bic.c:
  bictcp_cong_avoid |  -57
 1 function changed, 57 bytes removed, diff: -57

net/ipv4/tcp_cubic.c:
  bictcp_cong_avoid |  -61
 1 function changed, 61 bytes removed, diff: -61

net/ipv4/tcp_highspeed.c:
  hstcp_cong_avoid |  -63
 1 function changed, 63 bytes removed, diff: -63

net/ipv4/tcp_hybla.c:
  hybla_cong_avoid |  -85
 1 function changed, 85 bytes removed, diff: -85

net/ipv4/tcp_htcp.c:
  htcp_cong_avoid |  -57
 1 function changed, 57 bytes removed, diff: -57

net/ipv4/tcp_veno.c:
  tcp_veno_cong_avoid |  -52
 1 function changed, 52 bytes removed, diff: -52

net/ipv4/tcp_scalable.c:
  tcp_scalable_cong_avoid |  -61
 1 function changed, 61 bytes removed, diff: -61

net/ipv4/tcp_yeah.c:
  tcp_yeah_cong_avoid |  -75
 1 function changed, 75 bytes removed, diff: -75

net/ipv4/tcp_illinois.c:
  tcp_illinois_cong_avoid |  -54
 1 function changed, 54 bytes removed, diff: -54

net/dccp/ccids/ccid3.c:
  ccid3_update_send_interval |   -7
  ccid3_hc_tx_packet_recv    |   +7
 2 functions changed, 7 bytes added, 7 bytes removed, diff: +0

net/ipv4/tcp_cong.c:
  tcp_is_cwnd_limited |  +88
 1 function changed, 88 bytes added, diff: +88

built-in.o:
 14 functions changed, 95 bytes added, 642 bytes removed, diff: -547

...Again some gcc artifacts visible as well.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[TCP]: Uninline tcp_set_state
Ilpo Järvinen [Sat, 12 Jan 2008 11:17:20 +0000]
[TCP]: Uninline tcp_set_state

net/ipv4/tcp.c:
  tcp_close_state | -226
  tcp_done        | -145
  tcp_close       | -564
  tcp_disconnect  | -141
 4 functions changed, 1076 bytes removed, diff: -1076

net/ipv4/tcp_input.c:
  tcp_fin               |  -86
  tcp_rcv_state_process | -164
 2 functions changed, 250 bytes removed, diff: -250

net/ipv4/tcp_ipv4.c:
  tcp_v4_connect | -209
 1 function changed, 209 bytes removed, diff: -209

net/ipv4/arp.c:
  arp_ignore |   +5
 1 function changed, 5 bytes added, diff: +5

net/ipv6/tcp_ipv6.c:
  tcp_v6_connect | -158
 1 function changed, 158 bytes removed, diff: -158

net/sunrpc/xprtsock.c:
  xs_sendpages |   -2
 1 function changed, 2 bytes removed, diff: -2

net/dccp/ccids/ccid3.c:
  ccid3_update_send_interval |   +7
 1 function changed, 7 bytes added, diff: +7

net/ipv4/tcp.c:
  tcp_set_state | +238
 1 function changed, 238 bytes added, diff: +238

built-in.o:
 12 functions changed, 250 bytes added, 1695 bytes removed, diff: -1445

I've no explanation why some unrelated changes seem to occur
consistently as well (arp_ignore, ccid3_update_send_interval;
I checked the arp_ignore asm and it seems to be due to some
reordered of operation order causing some extra opcodes to be
generated). Still, the benefits are pretty obvious from the
codiff's results.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: inet6_addr - make ipv6_chk_home_addr namespace aware
Daniel Lezcano [Fri, 11 Jan 2008 06:44:40 +0000]
[NETNS][IPV6]: inet6_addr - make ipv6_chk_home_addr namespace aware

Looks if the address is belonging to the network namespace, otherwise
discard the address for the check.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: inet6_addr - ipv6_get_ifaddr namespace aware
Daniel Lezcano [Fri, 11 Jan 2008 06:44:09 +0000]
[NETNS][IPV6]: inet6_addr - ipv6_get_ifaddr namespace aware

The inet6_addr_lst is browsed taking into account the network
namespace specified as parameter. If an address does not belong
to the specified namespace, it is ignored.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: inet6_addr - ipv6_chk_same_addr namespace aware
Daniel Lezcano [Fri, 11 Jan 2008 06:43:42 +0000]
[NETNS][IPV6]: inet6_addr - ipv6_chk_same_addr namespace aware

This patch makes ipv6_chk_same_addr function to be aware of the
network namespace. The addresses not belonging to the network
namespace are discarded.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: inet6_addr - check ipv6 address per namespace
Daniel Lezcano [Fri, 11 Jan 2008 06:43:18 +0000]
[NETNS][IPV6]: inet6_addr - check ipv6 address per namespace

When a new address is added, we must check if the new address does not
already exists.  This patch makes this check to be aware of a network
namespace, so the check will look if the address already exists for
the specified network namespace. While the addresses are browsed, the
addresses which do not belong to the namespace are discarded.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: inet6_addr - isolate inet6 addresses from proc file
Daniel Lezcano [Fri, 11 Jan 2008 06:42:49 +0000]
[NETNS][IPV6]: inet6_addr - isolate inet6 addresses from proc file

Make /proc/net/if_inet6 show only inet6 addresses belonging to the
namespace.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NEIGH]: Add a comment describing what a NUD stands for.
Pavel Emelyanov [Fri, 11 Jan 2008 06:37:16 +0000]
[NEIGH]: Add a comment describing what a NUD stands for.

When I studied the neighbor code I puzzled over what the NUD can mean
for quite a long time.

Finally I asked Alexey and he said that this was smth like "neighbor
unreachability detection".

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[TCP]: Do not purge sk_forward_alloc entirely in tcp_delack_timer().
David S. Miller [Fri, 11 Jan 2008 05:56:38 +0000]
[TCP]: Do not purge sk_forward_alloc entirely in tcp_delack_timer().

Otherwise we beat heavily on the global tcp_memory atomics
when all of the sockets in the system are slowly sending
perioding packet clumps.

Noticed and suggested by Eric Dumazet.

Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Use the per-net ipv6_devconf(_all) in sysctl handlers
Pavel Emelyanov [Fri, 11 Jan 2008 01:43:50 +0000]
[NETNS]: Use the per-net ipv6_devconf(_all) in sysctl handlers

Actually the net->ipv6.devconf_all can be used in a few places,
but to keep the /proc/sys/net/ipv6/conf/ sysctls work consistently
in the namespace we should use the per-net devconf_all in the
sysctl "forwarding" handler.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Use the per-net ipv6_devconf_dflt
Pavel Emelyanov [Fri, 11 Jan 2008 01:43:22 +0000]
[NETNS]: Use the per-net ipv6_devconf_dflt

All its users are in net/ipv6/addrconf.c's sysctl handlers.
Since they already have the struct net to get from, the
per-net ipv6_devconf_dflt can already be used.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Create ipv6 devconf-s for namespaces
Pavel Emelyanov [Fri, 11 Jan 2008 01:42:55 +0000]
[NETNS]: Create ipv6 devconf-s for namespaces

This is the core. Declare and register the pernet subsys for
addrconf. The init callback the will create the devconf-s.

The init_net will reuse the existing statically declared confs,
so that accessing them from inside the ipv6 code will still
work.

The register_pernet_subsys() is moved above the ipv6_add_dev()
call for loopback, because this function will need the
net->devconf_dflt pointer to be already set.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Make the ctl-tables per-namespace
Pavel Emelyanov [Fri, 11 Jan 2008 01:42:13 +0000]
[NETNS]: Make the ctl-tables per-namespace

This includes passing the net to __addrconf_sysctl_register
and saving this on the ctl_table->extra2 to be used in
handlers (those, needing it).

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Make the __addrconf_sysctl_register return an error
Pavel Emelyanov [Fri, 11 Jan 2008 01:41:45 +0000]
[NETNS]: Make the __addrconf_sysctl_register return an error

This error code will be needed to abort the namespace
creation if needed.

Probably, this is to be checked when a new device is
created (currently it is ignored).

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Clean out the ipv6-related sysctls creation/destruction
Pavel Emelyanov [Fri, 11 Jan 2008 01:41:21 +0000]
[NETNS]: Clean out the ipv6-related sysctls creation/destruction

The addrconf sysctls and neigh sysctls are registered and
unregistered always in pairs, so they can be joined into
one (well, two) functions, that accept the struct inet6_dev
and do all the job.

This also get rids of unneeded ifdefs inside the code.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NEIGH]: Make /proc/net/arp opening consistent with seq_net_open semantics
Denis V. Lunev [Thu, 10 Jan 2008 11:53:12 +0000]
[NEIGH]: Make /proc/net/arp opening consistent with seq_net_open semantics

seq_open_net requires that first field of the seq->private data to be
struct seq_net_private. In reality this is a single pointer to a
struct net for now. The patch makes code consistent.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[ATM]: Simplify /proc/net/atm/arp opening
Denis V. Lunev [Thu, 10 Jan 2008 11:52:35 +0000]
[ATM]: Simplify /proc/net/atm/arp opening

The iterator state->ns.neigh_sub_iter initialization is moved from
arp_seq_open to clip_seq_start for convinience. This should not be a
problem as the iterator will be used only after the seq_start
callback.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[ATM]: Oops reading net/atm/arp
Denis V. Lunev [Thu, 10 Jan 2008 11:51:41 +0000]
[ATM]: Oops reading net/atm/arp

cat /proc/net/atm/arp causes the NULL pointer dereference in the
get_proc_net+0xc/0x3a. This happens as proc_get_net believes that the
parent proc dir entry contains struct net.

Fix this assumption for "net/atm" case.

The problem is introduced by the commit c0097b07abf5f92ab135d024dd41bd2aada1512f
from Eric W. Biederman/Daniel Lezcano.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Enable routing configuration in non-initial namespace.
Denis V. Lunev [Thu, 10 Jan 2008 11:30:49 +0000]
[NETNS]: Enable routing configuration in non-initial namespace.

I.e. remove the net != &init_net checks from the places, that now can
handle other-than-init net namespace.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Replace init_net with the correct context in fib_frontend.c
Denis V. Lunev [Thu, 10 Jan 2008 11:30:24 +0000]
[NETNS]: Replace init_net with the correct context in fib_frontend.c

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Pass namespace through ip_rt_ioctl.
Denis V. Lunev [Thu, 10 Jan 2008 11:29:53 +0000]
[NETNS]: Pass namespace through ip_rt_ioctl.

... up to rtentry_to_fib_config

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Correctly fill fib_config data.
Denis V. Lunev [Thu, 10 Jan 2008 11:29:23 +0000]
[NETNS]: Correctly fill fib_config data.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Provide correct namespace for fibnl netlink socket.
Denis V. Lunev [Thu, 10 Jan 2008 11:28:55 +0000]
[NETNS]: Provide correct namespace for fibnl netlink socket.

This patch makes the netlink socket to be per namespace. That allows
to have each namespace its own socket for routing queries.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Place fib tables into netns.
Denis V. Lunev [Thu, 10 Jan 2008 11:28:24 +0000]
[NETNS]: Place fib tables into netns.

The preparatory work has been done. All we need is to substitute
fib_table_hash with net->ipv4.fib_table_hash. Netns context is
available when required.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Namespacing IPv4 fib rules.
Denis V. Lunev [Thu, 10 Jan 2008 11:27:51 +0000]
[NETNS]: Namespacing IPv4 fib rules.

The final trick for rules: place fib4_rules_ops into struct net and
modify initialization path for this.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Show routing information from correct namespace (fib_trie.c)
Denis V. Lunev [Thu, 10 Jan 2008 11:27:17 +0000]
[NETNS]: Show routing information from correct namespace (fib_trie.c)

This is the second part (for the CONFIG_IP_FIB_TRIE case) of the patch
#4, where we have created proc files in namespaces.

Now we can dump correct info in them.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Show routing information from correct namespace (fib_hash.c)
Denis V. Lunev [Thu, 10 Jan 2008 11:26:50 +0000]
[NETNS]: Show routing information from correct namespace (fib_hash.c)

This is the second part (for the CONFIG_IP_FIB_HASH case) of the patch
#4, where we have created proc files in namespaces.

Now we can dump correct info in them.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Add netns to nl_info structure.
Denis V. Lunev [Thu, 10 Jan 2008 11:26:13 +0000]
[NETNS]: Add netns to nl_info structure.

nl_info is used to track the end-user destination of routing change
notification. This is a natural object to hold a namespace on. Place
it there and utilize the context in the appropriate places.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Add netns parameter to inet_(dev_)add_type.
Eric W. Biederman [Thu, 10 Jan 2008 11:25:28 +0000]
[NETNS]: Add netns parameter to inet_(dev_)add_type.

The patch extends the inet_addr_type and inet_dev_addr_type with the
network namespace pointer. That allows to access the different tables
relatively to the network namespace.

The modification of the signature function is reported in all the
callers of the inet_addr_type using the pointer to the well known
init_net.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Add netns parameter to fib_get_table/fib_new_table.
Denis V. Lunev [Thu, 10 Jan 2008 11:24:11 +0000]
[NETNS]: Add netns parameter to fib_get_table/fib_new_table.

This patch extends the fib_get_table and the fib_new_table functions
with the network namespace pointer. That will allow to access the
table relatively from the network namespace.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4]: Unify access to the routing tables.
Denis V. Lunev [Thu, 10 Jan 2008 11:23:38 +0000]
[IPV4]: Unify access to the routing tables.

Replace the direct pointers to local and main tables with
calls to fib_get_table() with appropriate argument.

This doesn't introduce additional dereferences, but makes the access to fib
tables uniform in any (CONFIG_IP_MULTIPLE_TABLES) case.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Refactor fib initialization so it can handle multiple namespaces.
Denis V. Lunev [Thu, 10 Jan 2008 11:22:17 +0000]
[NETNS]: Refactor fib initialization so it can handle multiple namespaces.

This patch makes the fib to be initialized as a subsystem for the
network namespaces. The code does not handle several namespaces yet,
so in case of a creation of a network namespace, the
creation/initialization will not occur.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPV4]: Check fib4_rules_init failure.
Denis V. Lunev [Thu, 10 Jan 2008 11:21:49 +0000]
[IPV4]: Check fib4_rules_init failure.

This adds error paths into both versions of fib4_rules_init
(with/without CONFIG_IP_MULTIPLE_TABLES) and returns error code to the
caller.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Add namespace to API for routing /proc entries creation.
Denis V. Lunev [Thu, 10 Jan 2008 11:21:09 +0000]
[NETNS]: Add namespace to API for routing /proc entries creation.

This adds netns parameter to fib_proc_init/exit and replaces __init
specifier with __net_init. After this, we will not yet have these proc
files show info from the specific namespace - this will be done when
these tables become namespaced.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Namespacing in the generic fib rules code.
Denis V. Lunev [Thu, 10 Jan 2008 11:20:28 +0000]
[NETNS]: Namespacing in the generic fib rules code.

Move static rules_ops & rules_mod_lock to the struct net, register the
pernet subsys to init them and enjoy the fact that the core rules
infrastructure works in the namespace.

Real IPv4 fib rules virtualization requires fib tables support in the
namespace and will be done seriously later in the patchset.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Pass fib_rules_ops into default_pref method.
Denis V. Lunev [Thu, 10 Jan 2008 11:18:25 +0000]
[NETNS]: Pass fib_rules_ops into default_pref method.

fib_rules_ops contains operations and the list of configured rules. ops will
become per/namespace soon, so we need them to be known in the default_pref
callback.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS]: Add netns parameter to fib_rules_(un)register.
Denis V. Lunev [Thu, 10 Jan 2008 11:17:29 +0000]
[NETNS]: Add netns parameter to fib_rules_(un)register.

The patch extends the different fib rules API in order to pass the
network namespace pointer. That will allow to access the different
tables from a namespace relative object. As usual, the pointer to the
init_net variable is passed as parameter so we don't break the
network.

Acked-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: Make icmpv6_time sysctl per namespace.
Daniel Lezcano [Thu, 10 Jan 2008 11:02:40 +0000]
[NETNS][IPV6]: Make icmpv6_time sysctl per namespace.

This patch moves the icmpv6_time sysctl to the network namespace
structure.

Because the ipv6 protocol is not yet per namespace, the variable is
accessed relatively to the initial network namespace.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: Make sysctls route per namespace.
Daniel Lezcano [Thu, 10 Jan 2008 11:01:01 +0000]
[NETNS][IPV6]: Make sysctls route per namespace.

All the sysctl concerning the routes are moved to the network
namespace structure. A helper function is called to initialize the
variables.

Because the ipv6 protocol is not yet per namespace, the variables are
accessed relatively from the network namespace.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: Make mld_max_msf readonly in other namespaces.
Daniel Lezcano [Thu, 10 Jan 2008 10:57:43 +0000]
[NETNS][IPV6]: Make mld_max_msf readonly in other namespaces.

The mld_max_msf protects the system with a maximum allowed multicast
source filters. Making this variable per namespace can be potentially
an problem if someone inside a namespace set it to a big value, that
will impact the whole system including other namespaces.

I don't see any benefits to have it per namespace for now, so in order
to keep a directory entry in a newly created namespace, I make it
read-only when we are not in the initial network namespace.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: Make ip6_frags per namespace.
Daniel Lezcano [Thu, 10 Jan 2008 10:56:03 +0000]
[NETNS][IPV6]: Make ip6_frags per namespace.

The ip6_frags is moved to the network namespace structure.  Because
there can be multiple instances of the network namespaces, and the
ip6_frags is no longer a global static variable, a helper function has
been added to facilitate the initialization of the variables.

Until the ipv6 protocol is not per namespace, the variables are
accessed relatively from the initial network namespace.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: Make bindv6only sysctl per namespace.
Daniel Lezcano [Thu, 10 Jan 2008 10:54:53 +0000]
[NETNS][IPV6]: Make bindv6only sysctl per namespace.

This patch moves the bindv6only sysctl to the network namespace
structure. Until the ipv6 protocol is not per namespace, the sysctl
variable is always from the initial network namespace.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: Make multiple instance of sysctl tables.
Daniel Lezcano [Thu, 10 Jan 2008 10:53:43 +0000]
[NETNS][IPV6]: Make multiple instance of sysctl tables.

Each network namespace wants its own set of sysctl value, eg. we
should not be able from a namespace to set a sysctl value for another
namespace , especially for the initial network namespace.

This patch duplicates the sysctl table when we register a new network
namespace for ipv6. The duplicated table are postfixed with the
"template" word to notify the developper the table is cloned.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: Make the ipv6 sysctl to be a netns subsystem.
Daniel Lezcano [Thu, 10 Jan 2008 10:49:34 +0000]
[NETNS][IPV6]: Make the ipv6 sysctl to be a netns subsystem.

The initialization of the sysctl for the ipv6 protocol is changed to a
network namespace subsystem. That means when a new network namespace
is created the initialization function for the sysctl will be called.

That do not change the behavior of the sysctl in case of the kernel
with the network namespace disabled.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: Add ipv6 structure for netns.
Daniel Lezcano [Thu, 10 Jan 2008 10:49:06 +0000]
[NETNS][IPV6]: Add ipv6 structure for netns.

Like the ipv4 part, this patch adds an ipv6 structure in the net
structure to aggregate the different resources to make ipv6 per
namespace.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: Make a subsystem for af_inet6.
Daniel Lezcano [Thu, 10 Jan 2008 10:48:33 +0000]
[NETNS][IPV6]: Make a subsystem for af_inet6.

This patch add a network namespace subsystem for the af_inet6 module.
It does nothing right now, but one of its purpose is to receive the
different variables for sysctl in order to initialize them.

When the sysctl variable will be moved to the network namespace
structure, they will be no longer initialized as global static
variables, so we must find a place to initialize them. Because the
sysctl can be disabled, it has no sense to store them in the
sysctl_net_ipv6 file.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETNS][IPV6]: Make ipv6_sysctl_register to return a value.
Daniel Lezcano [Thu, 10 Jan 2008 10:47:55 +0000]
[NETNS][IPV6]: Make ipv6_sysctl_register to return a value.

This patch makes the function ipv6_sysctl_register to return a
value. The af_inet6 init function is now able to handle an error and
catch it from the initialization of the sysctl.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[XFRM]: Remove ifdef crypto.
Sebastian Siewior [Wed, 9 Jan 2008 08:36:17 +0000]
[XFRM]: Remove ifdef crypto.

and select the crypto subsystem if neccessary

Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[BRIDGE]: Remove unused macros from ebt_vlan.c
Rami Rosen [Wed, 9 Jan 2008 08:35:12 +0000]
[BRIDGE]: Remove unused macros from ebt_vlan.c

Remove two unused macros, INV_FLAG and SET_BITMASK
from net/bridge/netfilter/ebt_vlan.c.

Signed-off-by: Rami Rosen <ramirose@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETFILTER]: Use the ctl paths instead of hand-made analogue
Pavel Emelyanov [Wed, 9 Jan 2008 08:34:02 +0000]
[NETFILTER]: Use the ctl paths instead of hand-made analogue

The conntracks subsystem has a similar infrastructure
to maintain ctl_paths, but since we already have it
on the generic level, I think it's OK to switch to
using it.

So, basically, this patch just replaces the ctl_table-s
with ctl_path-s, nf_register_sysctl_table with
register_sysctl_paths() and removes no longer needed code.

After this the net/netfilter/nf_sysctl.c file contains
the paths only.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[NETFILTER]: Switch to using ctl_paths in nf_queue and conntrack modules
Pavel Emelyanov [Wed, 9 Jan 2008 08:33:11 +0000]
[NETFILTER]: Switch to using ctl_paths in nf_queue and conntrack modules

This includes the most simple cases for netfilter.

The first part is tne queue modules for ipv4 and ipv6,
on which the net/ipv4/ and net/ipv6/ paths are reused
from the appropriate ipv4 and ipv6 code.

The conntrack module is also patched, but this hunk is
very small and simple.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[AX25]: Switch to using ctl_paths.
Pavel Emelyanov [Wed, 9 Jan 2008 08:32:21 +0000]
[AX25]: Switch to using ctl_paths.

This one is almost the same as the hunks in the
first patch, but ax25 tables are created dynamically.

So this patch differs a bit to handle this case.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[DECNET]: Switch to using ctl_paths.
Pavel Emelyanov [Wed, 9 Jan 2008 08:31:49 +0000]
[DECNET]: Switch to using ctl_paths.

The decnet includes two places to patch. The first one is
the net/decnet table itself, and it is patched just like
other subsystems in the first patch in this series.

The second place is a bit more complex - it is the
net/decnet/conf/xxx entries,. similar to those in
ipv4/devinet.c and ipv6/addrconf.c. This code is made similar
to those in ipv[46].

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

12 years ago[IPVS]: Switch to using ctl_paths.
Pavel Emelyanov [Sat, 12 Jan 2008 10:33:50 +0000]
[IPVS]: Switch to using ctl_paths.

The feature of ipvs ctls is that the net/ipv4/vs path
is common for core ipvs ctls and for two schedulers,
so I make it exported and re-use it in modules.

Two other .c files required linux/sysctl.h to make the
extern declaration of this path compile well.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>