sfrench/cifs-2.6.git
14 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Fri, 1 Feb 2008 10:06:29 +0000 (21:06 +1100)]
Merge git://git./linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (173 commits)
  [NETNS]: Lookup in FIB semantic hashes taking into account the namespace.
  [NETNS]: Add a namespace mark to fib_info.
  [IPV4]: fib_sync_down rework.
  [NETNS]: Process interface address manipulation routines in the namespace.
  [IPV4]: Small style cleanup of the error path in rtm_to_ifaddr.
  [IPV4]: Fix memory leak on error path during FIB initialization.
  [NETFILTER]: Ipv6-related xt_hashlimit compilation fix.
  [NET_SCHED]: Add flow classifier
  [NET_SCHED]: sch_sfq: make internal queues visible as classes
  [NET_SCHED]: sch_sfq: add support for external classifiers
  [NET_SCHED]: Constify struct tcf_ext_map
  [BLUETOOTH]: Fix bugs in previous conn add/del workqueue changes.
  [TCP]: Unexport sysctl_tcp_tso_win_divisor
  [IPV4]: Make struct ipv4_devconf static.
  [TR] net/802/tr.c: sysctl_tr_rif_timeout static
  [XFRM]: Fix statistics.
  [XFRM]: Remove unused exports.
  [PKT_SCHED] sch_teql.c: Duplicate IFF_BROADCAST in FMASK, remove 2nd.
  [BNX2]: Fix ASYM PAUSE advertisement for remote PHY.
  [IPV4] route cache: Introduce rt_genid for smooth cache invalidation
  ...

14 years agopasemi: Fix thinko in dma_direct_ops setup
Olof Johansson [Thu, 31 Jan 2008 23:50:02 +0000 (17:50 -0600)]
pasemi: Fix thinko in dma_direct_ops setup

[POWERPC] pasemi: Fix thinko in dma_direct_ops setup

The first patch will just fall through and still set dma_data to a bad
value, make it return directly instead.

Signed-off-by: Olof Johansson <olof@lixom.net>
Acked-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: remove dead timer int pending code
Greg Ungerer [Fri, 1 Feb 2008 07:40:52 +0000 (17:40 +1000)]
m68knommu: remove dead timer int pending code

Remove all the dead timer interrupt checking functions for the ColdFire
CPU "timers" hardware that are not used after switching to GENERIC_TIME.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: remove empty timer offset function for 68360
Greg Ungerer [Fri, 1 Feb 2008 07:40:49 +0000 (17:40 +1000)]
m68knommu: remove empty timer offset function for 68360

Switching to GENERIC_TIME means we no longer need the empty timer offset
function for the 68360 CPU.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: remove local gettimeofday code
Greg Ungerer [Fri, 1 Feb 2008 07:40:39 +0000 (17:40 +1000)]
m68knommu: remove local gettimeofday code

Remove unused local gettimeofday functions, now that we are using
GENERIC_TIME.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: set config to use GENERIC_TIME
Greg Ungerer [Fri, 1 Feb 2008 07:40:30 +0000 (17:40 +1000)]
m68knommu: set config to use GENERIC_TIME

Switch m68knommu arch to using GENERIC_TIME.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: switch ColdFire TIMER to use GENERIC_TIME
Greg Ungerer [Fri, 1 Feb 2008 07:40:26 +0000 (17:40 +1000)]
m68knommu: switch ColdFire TIMER to use GENERIC_TIME

Switch the ColdFire TIMER timer to use GENERIC_TIME.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: switch ColdFire PIT timer to use GENERIC_TIME
Greg Ungerer [Fri, 1 Feb 2008 07:40:21 +0000 (17:40 +1000)]
m68knommu: switch ColdFire PIT timer to use GENERIC_TIME

Switch the ColdFire PIT timer to using GENERIC_TIME.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: switch 68328 timer to use GENERIC_TIME
Greg Ungerer [Fri, 1 Feb 2008 07:40:17 +0000 (17:40 +1000)]
m68knommu: switch 68328 timer to use GENERIC_TIME

Switch the 68328 CPU timer code to using GENERIC_TIME.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: remove unused CONFIG_DISKtel symbol
Greg Ungerer [Fri, 1 Feb 2008 07:38:26 +0000 (17:38 +1000)]
m68knommu: remove unused CONFIG_DISKtel symbol

Remove unused CONFIG_DISKtel define.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: fix 528x ColdFire cache settings
Greg Ungerer [Fri, 1 Feb 2008 07:38:24 +0000 (17:38 +1000)]
m68knommu: fix 528x ColdFire cache settings

Fix problems with the 528x ColdFire CPU cache setup.
Do not cache the flash region (if present), and make the runtime
settings consistent with the init setting.

Problems pointed out by Bernd Buttner <b.buettner@mkc-gmbh.de>

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: use container_of in mcf.c
Greg Ungerer [Fri, 1 Feb 2008 07:38:34 +0000 (17:38 +1000)]
m68knommu: use container_of in mcf.c

Use container_of() instead of assuming local uart struct is first member
of uart_port struct.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: remove dead code from m68knommu timer code
Greg Ungerer [Fri, 1 Feb 2008 07:38:20 +0000 (17:38 +1000)]
m68knommu: remove dead code from m68knommu timer code

Remove unused LED heartbeat code from m68knommu timer code.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: use IRQF_DISABLE in m68328serial.c
Greg Ungerer [Fri, 1 Feb 2008 07:38:32 +0000 (17:38 +1000)]
m68knommu: use IRQF_DISABLE in m68328serial.c

Use IRQF_DISABLED instead of obsolete IRQ_FLG_STD for request_irq() flags
in m68328serial.c driver.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: create common DMA table for ColdFire CPUs
Greg Ungerer [Fri, 1 Feb 2008 07:38:03 +0000 (17:38 +1000)]
m68knommu: create common DMA table for ColdFire CPUs

Move the ColdFire DMA address table into its own file, and out
of each of the different CPU config files. No need to have a copy
of it in each of the config setup files.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: modify Makefiles to support common coldfire directory
Greg Ungerer [Fri, 1 Feb 2008 07:37:56 +0000 (17:37 +1000)]
m68knommu: modify Makefiles to support common coldfire directory

Modify Makefiles to support separate coldfire platform directory.

Currently the common ColdFire CPU family code sits in the
arch/m68knommu/platform/5307 directory. This is confusing, the files
containing this common code are in no way specific to the 5307 ColdFire.
Create an arch/m68knommu/platform/coldfire directory to contain this
common code. Other m68knommu CPU varients do not need use this code
though, so it doesn't make sense to move it to arch/m68knommu/kernel.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: move ColdFire vectors.c to its own coldfire directory
Greg Ungerer [Fri, 1 Feb 2008 07:37:46 +0000 (17:37 +1000)]
m68knommu: move ColdFire vectors.c to its own coldfire directory

Move common ColdFire CPU vectors.c to common coldfire platform directory.

Currently the common ColdFire CPU family code sits in the
arch/m68knommu/platform/5307 directory. This is confusing, the files
containing this common code are in no way specific to the 5307 ColdFire.
Create an arch/m68knommu/platform/coldfire directory to contain this
common code. Other m68knommu CPU varients do not need use this code
though, so it doesn't make sense to move it to arch/m68knommu/kernel.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: move ColdFire timers.c to its own coldfire directory
Greg Ungerer [Fri, 1 Feb 2008 07:37:39 +0000 (17:37 +1000)]
m68knommu: move ColdFire timers.c to its own coldfire directory

Move common ColdFire CPU timers.c to common coldfire platform directory.

Currently the common ColdFire CPU family code sits in the
arch/m68knommu/platform/5307 directory. This is confusing, the files
containing this common code are in no way specific to the 5307 ColdFire.
Create an arch/m68knommu/platform/coldfire directory to contain this
common code. Other m68knommu CPU varients do not need use this code
though, so it doesn't make sense to move it to arch/m68knommu/kernel.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: move ColdFire pit.c to its own coldfire directory
Greg Ungerer [Fri, 1 Feb 2008 07:37:36 +0000 (17:37 +1000)]
m68knommu: move ColdFire pit.c to its own coldfire directory

Move common ColdFire CPU pit.c to common coldfire platform directory.

Currently the common ColdFire CPU family code sits in the
arch/m68knommu/platform/5307 directory. This is confusing, the files
containing this common code are in no way specific to the 5307 ColdFire.
Create an arch/m68knommu/platform/coldfire directory to contain this
common code. Other m68knommu CPU varients do not need use this code
though, so it doesn't make sense to move it to arch/m68knommu/kernel.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: move ColdFire head.S to its own coldfire directory
Greg Ungerer [Fri, 1 Feb 2008 07:37:28 +0000 (17:37 +1000)]
m68knommu: move ColdFire head.S to its own coldfire directory

Move common ColdFire CPU head.S to common coldfire platform directory.

Currently the common ColdFire CPU family code sits in the
arch/m68knommu/platform/5307 directory. This is confusing, the files
containing this common code are in no way specific to the 5307 ColdFire.
Create an arch/m68knommu/platform/coldfire directory to contain this
common code. Other m68knommu CPU varients do not need use this code
though, so it doesn't make sense to move it to arch/m68knommu/kernel.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: move ColdFire entry.S to its own coldfire directory
Greg Ungerer [Fri, 1 Feb 2008 07:37:18 +0000 (17:37 +1000)]
m68knommu: move ColdFire entry.S to its own coldfire directory

Move common ColdFire CPU entry.S to common coldfire platform directory.

Currently the common ColdFire CPU family code sits in the
arch/m68knommu/platform/5307 directory. This is confusing, the files
containing this common code are in no way specific to the 5307 ColdFire.
Create an arch/m68knommu/platform/coldfire directory to contain this
common code. Other m68knommu CPU varients do not need use this code
though, so it doesn't make sense to move it to arch/m68knommu/kernel.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: platform setup for 5407 ColdFire parts
Greg Ungerer [Fri, 1 Feb 2008 07:35:03 +0000 (17:35 +1000)]
m68knommu: platform setup for 5407 ColdFire parts

Switch to platform style configuration for 5407 ColdFire parts.
Initial support is for the UARTs. DMA support moved to common code
for all ColdFire parts.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: platform setup for 532x ColdFire parts
Greg Ungerer [Fri, 1 Feb 2008 07:34:58 +0000 (17:34 +1000)]
m68knommu: platform setup for 532x ColdFire parts

Switch to platform style configuration for 532x ColdFire parts.
Initial support is for the UARTs. DMA support moved to common code
for all ColdFire parts.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: platform setup for 527x ColdFire parts
Greg Ungerer [Fri, 1 Feb 2008 07:34:40 +0000 (17:34 +1000)]
m68knommu: platform setup for 527x ColdFire parts

Switch to platform style configuration for 527x ColdFire parts.
Initial support is for the UARTs. DMA support moved to common code
for all ColdFire parts.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: platform setup for 5307 ColdFire parts
Greg Ungerer [Fri, 1 Feb 2008 07:34:55 +0000 (17:34 +1000)]
m68knommu: platform setup for 5307 ColdFire parts

Switch to platform style configuration for 5307 ColdFire parts.
Initial support is for the UARTs. DMA support moved to common code
for all ColdFire parts.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: platform setup for 528x ColdFire parts
Greg Ungerer [Fri, 1 Feb 2008 07:34:50 +0000 (17:34 +1000)]
m68knommu: platform setup for 528x ColdFire parts

Switch to platform style configuration for 528x ColdFire parts.
Initial support is for the UARTs. DMA support moved to common code
for all ColdFire parts.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: platform setup for 5249 ColdFire parts
Greg Ungerer [Fri, 1 Feb 2008 07:34:30 +0000 (17:34 +1000)]
m68knommu: platform setup for 5249 ColdFire parts

Switch to platform style configuration for 5249 ColdFire parts.
Initial support is for the UARTs. DMA support moved to common code
for all ColdFire parts.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: platform setup for 5272 ColdFire parts
Greg Ungerer [Fri, 1 Feb 2008 07:34:32 +0000 (17:34 +1000)]
m68knommu: platform setup for 5272 ColdFire parts

Switch to platform style configuration for 5272 ColdFire parts.
Initial support is for the UARTs. DMA support moved to common code
for all ColdFire parts.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: platform setup for 520x ColdFire parts
Greg Ungerer [Fri, 1 Feb 2008 07:34:10 +0000 (17:34 +1000)]
m68knommu: platform setup for 520x ColdFire parts

Switch to platform style configuration for 520x ColdFire parts.
Initial support is for the UARTs. DMA support moved to common code
for all ColdFire parts.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: platform setup for 523x ColdFire parts
Greg Ungerer [Fri, 1 Feb 2008 07:34:15 +0000 (17:34 +1000)]
m68knommu: platform setup for 523x ColdFire parts

Switch to platform style configuration for 523x ColdFire parts.
Initial support is for the UARTs. DMA support moved to common code
for all ColdFire parts.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: platform setup for 5206e ColdFire parts
Greg Ungerer [Fri, 1 Feb 2008 07:34:08 +0000 (17:34 +1000)]
m68knommu: platform setup for 5206e ColdFire parts

Switch to platform style configuration for 5206e ColdFire parts.
Initial support is for the UARTs. DMA support is moved to common code.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: platform setup for 5206 ColdFire parts
Greg Ungerer [Fri, 1 Feb 2008 07:34:04 +0000 (17:34 +1000)]
m68knommu: platform setup for 5206 ColdFire parts

Switch to platform style configuration for 5206 ColdFire parts.
Initial support is for the UARTs. DMA support moved to common code
for all ColdFire parts.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: configure support for new ColdFire serial driver
Greg Ungerer [Fri, 1 Feb 2008 07:32:00 +0000 (17:32 +1000)]
m68knommu: configure support for new ColdFire serial driver

Add configure support for new ColdFire serial driver.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom68knommu: build support for new ColdFire serial driver
Greg Ungerer [Fri, 1 Feb 2008 07:31:58 +0000 (17:31 +1000)]
m68knommu: build support for new ColdFire serial driver

Add build support for new ColdFire serial driver.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agoFix dl2k constants
Al Viro [Fri, 1 Feb 2008 07:05:44 +0000 (07:05 +0000)]
Fix dl2k constants

The MSSR constants didn't match the reality - bitfield declarations used
to be correct (1000BT_FD - bit 11, 1000BT_HD - bit 10), but enum had
them the other way round.  Went unnoticed until the switch from the
bitfields use to the explicit arithmetics and I hadn't caught that one
when verifying correctness of change...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years ago[NETNS]: Lookup in FIB semantic hashes taking into account the namespace.
Denis V. Lunev [Fri, 1 Feb 2008 02:50:07 +0000 (18:50 -0800)]
[NETNS]: Lookup in FIB semantic hashes taking into account the namespace.

The namespace is not available in the fib_sync_down_addr, add it as a
parameter.

Looking up a device by the pointer to it is OK. Looking up using a
result from fib_trie/fib_hash table lookup is also safe. No need to
fix that at all.  So, just fix lookup by address and insertion to the
hash table path.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETNS]: Add a namespace mark to fib_info.
Denis V. Lunev [Fri, 1 Feb 2008 02:49:32 +0000 (18:49 -0800)]
[NETNS]: Add a namespace mark to fib_info.

This is required to make fib_info lookups namespace aware. In the
other case initial namespace devices are marked as dead in the local
routing table during other namespace stop.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[IPV4]: fib_sync_down rework.
Denis V. Lunev [Fri, 1 Feb 2008 02:48:47 +0000 (18:48 -0800)]
[IPV4]: fib_sync_down rework.

fib_sync_down can be called with an address and with a device. In
reality it is called either with address OR with a device. The
codepath inside is completely different, so lets separate it into two
calls for these two cases.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETNS]: Process interface address manipulation routines in the namespace.
Denis V. Lunev [Fri, 1 Feb 2008 02:47:40 +0000 (18:47 -0800)]
[NETNS]: Process interface address manipulation routines in the namespace.

The namespace is available when required except rtm_to_ifaddr. Add
namespace argument to it.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[IPV4]: Small style cleanup of the error path in rtm_to_ifaddr.
Denis V. Lunev [Fri, 1 Feb 2008 02:47:00 +0000 (18:47 -0800)]
[IPV4]: Small style cleanup of the error path in rtm_to_ifaddr.

Remove error code assignment inside brackets on failure. The code
looks better if the error is assigned before condition check. Also,
the compiler treats this better.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[IPV4]: Fix memory leak on error path during FIB initialization.
Denis V. Lunev [Fri, 1 Feb 2008 02:44:53 +0000 (18:44 -0800)]
[IPV4]: Fix memory leak on error path during FIB initialization.

net->ipv4.fib_table_hash is not freed when fib4_rules_init failed.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: Ipv6-related xt_hashlimit compilation fix.
Pavel Emelyanov [Fri, 1 Feb 2008 02:42:26 +0000 (18:42 -0800)]
[NETFILTER]: Ipv6-related xt_hashlimit compilation fix.

The hashlimit_ipv6_mask() is called from under IP6_NF_IPTABLES config
option, but is not under it by itself.

gcc warns us about it :) :
net/netfilter/xt_hashlimit.c:473: warning: "hashlimit_ipv6_mask" defined but not used

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NET_SCHED]: Add flow classifier
Patrick McHardy [Fri, 1 Feb 2008 02:37:42 +0000 (18:37 -0800)]
[NET_SCHED]: Add flow classifier

Add new "flow" classifier, which is meant to extend the SFQ hashing
capabilities without hard-coding new hash functions and also allows
deterministic mappings of keys to classes, replacing some out of tree
iptables patches like IPCLASSIFY (maps IPs to classes), IPMARK (maps
IPs to marks, with fw filters to classes), ...

Some examples:

- Classic SFQ hash:

  tc filter add ... flow hash \
   keys src,dst,proto,proto-src,proto-dst divisor 1024

- Classic SFQ hash, but using information from conntrack to work properly in
  combination with NAT:

  tc filter add ... flow hash \
   keys nfct-src,nfct-dst,proto,nfct-proto-src,nfct-proto-dst divisor 1024

- Map destination IPs of 192.168.0.0/24 to classids 1-257:

  tc filter add ... flow map \
   key dst addend -192.168.0.0 divisor 256

- alternatively:

  tc filter add ... flow map \
   key dst and 0xff

- similar, but reverse ordered:

  tc filter add ... flow map \
   key dst and 0xff xor 0xff

Perturbation is currently not supported because we can't reliable kill the
timer on destruction.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NET_SCHED]: sch_sfq: make internal queues visible as classes
Patrick McHardy [Fri, 1 Feb 2008 02:37:16 +0000 (18:37 -0800)]
[NET_SCHED]: sch_sfq: make internal queues visible as classes

Add support for dumping statistics and make internal queues visible as
classes.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NET_SCHED]: sch_sfq: add support for external classifiers
Patrick McHardy [Fri, 1 Feb 2008 02:36:52 +0000 (18:36 -0800)]
[NET_SCHED]: sch_sfq: add support for external classifiers

Add support for external classifiers to allow using different flow
hash functions similar to ESFQ. When no classifier is attached the
built-in hash is used as before.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NET_SCHED]: Constify struct tcf_ext_map
Patrick McHardy [Fri, 1 Feb 2008 02:36:18 +0000 (18:36 -0800)]
[NET_SCHED]: Constify struct tcf_ext_map

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[BLUETOOTH]: Fix bugs in previous conn add/del workqueue changes.
Dave Young [Fri, 1 Feb 2008 02:33:10 +0000 (18:33 -0800)]
[BLUETOOTH]: Fix bugs in previous conn add/del workqueue changes.

Jens Axboe noticed that we were queueing &conn->work on both btaddconn
and keventd_wq.

Signed-off-by: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[TCP]: Unexport sysctl_tcp_tso_win_divisor
Adrian Bunk [Fri, 1 Feb 2008 01:18:50 +0000 (17:18 -0800)]
[TCP]: Unexport sysctl_tcp_tso_win_divisor

This patch removes the no longer used
EXPORT_SYMBOL(sysctl_tcp_tso_win_divisor).

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[IPV4]: Make struct ipv4_devconf static.
Adrian Bunk [Fri, 1 Feb 2008 01:17:31 +0000 (17:17 -0800)]
[IPV4]: Make struct ipv4_devconf static.

struct ipv4_devconf can now become static.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[TR] net/802/tr.c: sysctl_tr_rif_timeout static
Adrian Bunk [Fri, 1 Feb 2008 01:16:32 +0000 (17:16 -0800)]
[TR] net/802/tr.c: sysctl_tr_rif_timeout static

sysctl_tr_rif_timeout can now become static.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[XFRM]: Fix statistics.
Masahide NAKAMURA [Fri, 1 Feb 2008 01:14:58 +0000 (17:14 -0800)]
[XFRM]: Fix statistics.

o Outbound sequence number overflow error status
  is counted as XfrmOutStateSeqError.
o Additionaly, it changes inbound sequence number replay
  error name from XfrmInSeqOutOfWindow to XfrmInStateSeqError
  to apply name scheme above.
o Inbound IPv4 UDP encapsuling type mismatch error is wrongly
  mapped to XfrmInStateInvalid then this patch fiex the error
  to XfrmInStateMismatch.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[XFRM]: Remove unused exports.
Adrian Bunk [Fri, 1 Feb 2008 01:10:30 +0000 (17:10 -0800)]
[XFRM]: Remove unused exports.

This patch removes the following no longer used EXPORT_SYMBOL's:
- xfrm_input.c: xfrm_parse_spi
- xfrm_state.c: xfrm_replay_check
- xfrm_state.c: xfrm_replay_advance

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[PKT_SCHED] sch_teql.c: Duplicate IFF_BROADCAST in FMASK, remove 2nd.
Roel Kluin [Fri, 1 Feb 2008 01:08:47 +0000 (17:08 -0800)]
[PKT_SCHED] sch_teql.c: Duplicate IFF_BROADCAST in FMASK, remove 2nd.

Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[BNX2]: Fix ASYM PAUSE advertisement for remote PHY.
Michael Chan [Fri, 1 Feb 2008 01:07:21 +0000 (17:07 -0800)]
[BNX2]: Fix ASYM PAUSE advertisement for remote PHY.

We were checking for the ASYM_PAUSE bit for 1000Base-X twice instead
checking for both the 1000Base-X bit and the 10/100/1000Base-T bit.
The purpose of the logic is to tell the firmware that ASYM_PAUSE is
set on either the Serdes or Copper interface.

Problem was discovered by Roel Kluin <12o3l@tiscali.nl>

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[IPV4] route cache: Introduce rt_genid for smooth cache invalidation
Eric Dumazet [Fri, 1 Feb 2008 01:05:09 +0000 (17:05 -0800)]
[IPV4] route cache: Introduce rt_genid for smooth cache invalidation

Current ip route cache implementation is not suited to large caches.

We can consume a lot of CPU when cache must be invalidated, since we
currently need to evict all cache entries, and this eviction is
sometimes asynchronous. min_delay & max_delay can somewhat control this
asynchronism behavior, but whole thing is a kludge, regularly triggering
infamous soft lockup messages. When entries are still in use, this also
consumes a lot of ram, filling dst_garbage.list.

A better scheme is to use a generation identifier on each entry,
so that cache invalidation can be performed by changing the table
identifier, without having to scan all entries.
No more delayed flushing, no more stalling when secret_interval expires.

Invalidated entries will then be freed at GC time (controled by
ip_rt_gc_timeout or stress), or when an invalidated entry is found
in a chain when an insert is done.
Thus we keep a normal equilibrium.

This patch :
- renames rt_hash_rnd to rt_genid (and makes it an atomic_t)
- Adds a new rt_genid field to 'struct rtable' (filling a hole on 64bit)
- Checks entry->rt_genid at appropriate places :

14 years ago[PKTGEN]: pktgen should not print info that it is spinning
Jesse Brandeburg [Fri, 1 Feb 2008 00:59:47 +0000 (16:59 -0800)]
[PKTGEN]: pktgen should not print info that it is spinning

when using pktgen to send delay packets the module prints repeatedly
to the kernel log:

sleeping for X
sleeping for X
...

This is probably just a debugging item left in and should not be
enabled for regular use of the module.

Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NET_SCHED]: sch_ingress: remove netfilter support
Patrick McHardy [Fri, 1 Feb 2008 00:57:15 +0000 (16:57 -0800)]
[NET_SCHED]: sch_ingress: remove netfilter support

Since the old policer code is gone, TC actions are needed for policing.
The ingress qdisc can get packets directly from netif_receive_skb()
in case TC actions are enabled or through netfilter otherwise, but
since without TC actions there is no policer the only thing it actually
does is count packets.

Remove the netfilter support and always require TC actions.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[MACVLAN]: Setting macvlan_handle_frame_hook to NULL when rtnl_link_register() fails.
Rami Rosen [Fri, 1 Feb 2008 00:56:03 +0000 (16:56 -0800)]
[MACVLAN]: Setting macvlan_handle_frame_hook to NULL when rtnl_link_register() fails.

In drivers/net/macvlan.c, when rtnl_link_register() fails in
macvlan_init_module(), there is no point to set it (second time in
this method) to macvlan_handle_frame; macvlan_init_module() will
return a negative number, so instead this patch sets
macvlan_handle_frame_hook to NULL.

Signed-off-by: Rami Rosen <ramirose@gmail.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[VLAN]: set_rx_mode support for unicast address list
Chris Leech [Fri, 1 Feb 2008 00:53:23 +0000 (16:53 -0800)]
[VLAN]: set_rx_mode support for unicast address list

Reuse the existing logic for multicast list synchronization for the
unicast address list. The core of dev_mc_sync/unsync are split out as
__dev_addr_sync/unsync and moved from dev_mcast.c to dev.c.  These are
then used to implement dev_unicast_sync/unsync as well.

I'm working on cleaning up Intel's FCoE stack, which generates new MAC
addresses from the fibre channel device id assigned by the fabric as
per the current draft specification in T11.  When using such a
protocol in a VLAN environment it would be nice to not always be
forced into promiscuous mode, assuming the underlying Ethernet driver
supports multiple unicast addresses as well.

Signed-off-by: Chris Leech <christopher.leech@intel.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years ago[TCP]: Fix a bug in strategy_allowed_congestion_control
Shan Wei [Fri, 1 Feb 2008 00:47:27 +0000 (16:47 -0800)]
[TCP]: Fix a bug in strategy_allowed_congestion_control

In strategy_allowed_congestion_control of the 2.6.24 kernel, when
sysctl_string return 1 on success,it should call
tcp_set_allowed_congestion_control to set the allowed congestion
control.But, it don't.  the sysctl_string return 1 on success,
otherwise return negative, never return 0.The patch fix the problem.

Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[IPV4] fib_trie: rescan if key is lost during dump
Stephen Hemminger [Fri, 1 Feb 2008 00:45:47 +0000 (16:45 -0800)]
[IPV4] fib_trie: rescan if key is lost during dump

Normally during a dump the key of the last dumped entry is used for
continuation, but since lock is dropped it might be lost. In that case
fallback to the old counter based N^2 behaviour.  This means the dump
will end up skipping some routes which matches what FIB_HASH does.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[PKTGEN]: Remove an unused definition in pktgen.c.
Rami Rosen [Fri, 1 Feb 2008 00:42:23 +0000 (16:42 -0800)]
[PKTGEN]: Remove an unused definition in pktgen.c.

- Remove an unused definition (LAT_BUCKETS_MAX) in net/core/pktgen.c.
- Remove the corresponding comment.
- The LAT_BUCKETS_MAX seems to have to do with a patch from a long
time ago which was not applied (Ben Greear), which dealt with latency
counters.

See, for example : http://oss.sgi.com/archives/netdev/2002-09/msg00184.html

Signed-off-by: Rami Rosen <ramirose@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[IPV6]: Update MSS even if MTU is unchanged.
Jim Paris [Fri, 1 Feb 2008 00:36:25 +0000 (16:36 -0800)]
[IPV6]: Update MSS even if MTU is unchanged.

This is needed because in ndisc.c, we have:

  static void ndisc_router_discovery(struct sk_buff *skb)
  {
  // ...
   if (ndopts.nd_opts_mtu) {
  // ...
   if (rt)
   rt->u.dst.metrics[RTAX_MTU-1] = mtu;

   rt6_mtu_change(skb->dev, mtu);
  // ...
  }

Since the mtu is set directly here, rt6_mtu_change_route thinks that
it is unchanged, and so it fails to update the MSS accordingly.  This
patch lets rt6_mtu_change_route still update MSS if old_mtu == new_mtu.

Signed-off-by: Jim Paris <jim@jtan.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETNS]: Udp sockets per-net lookup.
Pavel Emelyanov [Thu, 31 Jan 2008 13:07:57 +0000 (05:07 -0800)]
[NETNS]: Udp sockets per-net lookup.

Add the net parameter to udp_get_port family of calls and
udp_lookup one and use it to filter sockets.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETNS]: Tcp-v6 sockets per-net lookup.
Pavel Emelyanov [Thu, 31 Jan 2008 13:07:21 +0000 (05:07 -0800)]
[NETNS]: Tcp-v6 sockets per-net lookup.

Add a net argument to inet6_lookup and propagate it further.
Actually, this is tcp-v6 implementation of what was done for
tcp-v4 sockets in a previous patch.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETNS]: Tcp-v4 sockets per-net lookup.
Pavel Emelyanov [Thu, 31 Jan 2008 13:06:40 +0000 (05:06 -0800)]
[NETNS]: Tcp-v4 sockets per-net lookup.

Add a net argument to inet_lookup and propagate it further
into lookup calls. Plus tune the __inet_check_established.

The dccp and inet_diag, which use that lookup functions
pass the init_net into them.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETNS]: Make bind buckets live in net namespaces.
Pavel Emelyanov [Thu, 31 Jan 2008 13:05:50 +0000 (05:05 -0800)]
[NETNS]: Make bind buckets live in net namespaces.

This tags the inet_bind_bucket struct with net pointer,
initializes it during creation and makes a filtering
during lookup.

A better hashfn, that takes the net into account is to
be done in the future, but currently all bind buckets
with similar port will be in one hash chain.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[INET]: Consolidate inet(6)_hash_connect.
Pavel Emelyanov [Thu, 31 Jan 2008 13:04:45 +0000 (05:04 -0800)]
[INET]: Consolidate inet(6)_hash_connect.

These two functions are the same except for what they call
to "check_established" and "hash" for a socket.

This saves half-a-kilo for ipv4 and ipv6.

 add/remove: 1/0 grow/shrink: 1/4 up/down: 582/-1128 (-546)
 function                                     old     new   delta
 __inet_hash_connect                            -     577    +577
 arp_ignore                                   108     113      +5
 static.hint                                    8       4      -4
 rt_worker_func                               376     372      -4
 inet6_hash_connect                           584      25    -559
 inet_hash_connect                            586      25    -561

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[IPV6]: Introduce the INET6_TW_MATCH macro.
Pavel Emelyanov [Thu, 31 Jan 2008 13:03:27 +0000 (05:03 -0800)]
[IPV6]: Introduce the INET6_TW_MATCH macro.

We have INET_MATCH, INET_TW_MATCH and INET6_MATCH to test sockets and
twbuckets for matching, but ipv6 twbuckets are tested manually.

Here's the INET6_TW_MATCH to help with it.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: xt_iprange: fix sparse warnings
Patrick McHardy [Thu, 31 Jan 2008 12:55:29 +0000 (04:55 -0800)]
[NETFILTER]: xt_iprange: fix sparse warnings

  CHECK   net/netfilter/xt_iprange.c
net/netfilter/xt_iprange.c:104:19: warning: restricted degrades to integer
net/netfilter/xt_iprange.c:104:37: warning: restricted degrades to integer
net/netfilter/xt_iprange.c:104:19: warning: restricted degrades to integer
net/netfilter/xt_iprange.c:104:37: warning: restricted degrades to integer
net/netfilter/xt_iprange.c:104:19: warning: restricted degrades to integer
net/netfilter/xt_iprange.c:104:37: warning: restricted degrades to integer
net/netfilter/xt_iprange.c:104:19: warning: restricted degrades to integer
net/netfilter/xt_iprange.c:104:37: warning: restricted degrades to integer

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_nat: fix sparse warning
Patrick McHardy [Thu, 31 Jan 2008 12:55:07 +0000 (04:55 -0800)]
[NETFILTER]: nf_nat: fix sparse warning

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack: fix sparse warning
Patrick McHardy [Thu, 31 Jan 2008 12:54:45 +0000 (04:54 -0800)]
[NETFILTER]: nf_conntrack: fix sparse warning

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: {ip,ip6}_queue: fix build error
Patrick McHardy [Thu, 31 Jan 2008 12:54:18 +0000 (04:54 -0800)]
[NETFILTER]: {ip,ip6}_queue: fix build error

Reported by Ingo Molnar:

 net/built-in.o: In function `ip_queue_init':
 ip_queue.c:(.init.text+0x322c): undefined reference to `net_ipv4_ctl_path'

Fix the build error and also handle CONFIG_PROC_FS=n properly.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack: annotate l3protos with const
Jan Engelhardt [Thu, 31 Jan 2008 12:53:24 +0000 (04:53 -0800)]
[NETFILTER]: nf_conntrack: annotate l3protos with const

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_{conntrack,nat}_icmp: constify and annotate
Jan Engelhardt [Thu, 31 Jan 2008 12:53:05 +0000 (04:53 -0800)]
[NETFILTER]: nf_{conntrack,nat}_icmp: constify and annotate

Constify a few data tables use const qualifiers on variables where
possible in the nf_conntrack_icmp* sources.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_{conntrack,nat}_proto_gre: annotate with const
Jan Engelhardt [Thu, 31 Jan 2008 12:52:46 +0000 (04:52 -0800)]
[NETFILTER]: nf_{conntrack,nat}_proto_gre: annotate with const

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_{conntrack,nat}_proto_udp{,lite}: annotate with const
Jan Engelhardt [Thu, 31 Jan 2008 12:52:29 +0000 (04:52 -0800)]
[NETFILTER]: nf_{conntrack,nat}_proto_udp{,lite}: annotate with const

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_{conntrack,nat}_proto_tcp: constify and annotate TCP modules
Jan Engelhardt [Thu, 31 Jan 2008 12:52:07 +0000 (04:52 -0800)]
[NETFILTER]: nf_{conntrack,nat}_proto_tcp: constify and annotate TCP modules

Constify a few data tables use const qualifiers on variables where
possible in the nf_*_proto_tcp sources.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack_sane: annotate SANE helper with const
Jan Engelhardt [Thu, 31 Jan 2008 12:51:45 +0000 (04:51 -0800)]
[NETFILTER]: nf_conntrack_sane: annotate SANE helper with const

Annotate nf_conntrack_sane variables with const qualifier and remove
a few casts.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_{conntrack,nat}_pptp: annotate PPtP helper with const
Jan Engelhardt [Thu, 31 Jan 2008 12:51:23 +0000 (04:51 -0800)]
[NETFILTER]: nf_{conntrack,nat}_pptp: annotate PPtP helper with const

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_{conntrack,nat}_tftp: annotate TFTP helper with const
Jan Engelhardt [Thu, 31 Jan 2008 12:50:51 +0000 (04:50 -0800)]
[NETFILTER]: nf_{conntrack,nat}_tftp: annotate TFTP helper with const

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_{conntrack,nat}_sip: annotate SIP helper with const
Jan Engelhardt [Thu, 31 Jan 2008 12:50:25 +0000 (04:50 -0800)]
[NETFILTER]: nf_{conntrack,nat}_sip: annotate SIP helper with const

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper
Jan Engelhardt [Thu, 31 Jan 2008 12:50:05 +0000 (04:50 -0800)]
[NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper

Constify data tables (predominantly in nf_conntrack_h323_types.c, but
also a few in nf_conntrack_h323_asn1.c) and use const qualifiers on
variables where possible in the h323 sources.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: x_tables: create per-netns /proc/net/*_tables_*
Alexey Dobriyan [Thu, 31 Jan 2008 12:49:35 +0000 (04:49 -0800)]
[NETFILTER]: x_tables: create per-netns /proc/net/*_tables_*

Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: x_tables: netns propagation for /proc/net/*_tables_names
Alexey Dobriyan [Thu, 31 Jan 2008 12:49:16 +0000 (04:49 -0800)]
[NETFILTER]: x_tables: netns propagation for /proc/net/*_tables_names

Propagate netns together with AF down to ->start/->next/->stop
iterators. Choose table based on netns and AF for showing.

Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: x_tables: semi-rewrite of /proc/net/foo_tables_*
Alexey Dobriyan [Thu, 31 Jan 2008 12:48:54 +0000 (04:48 -0800)]
[NETFILTER]: x_tables: semi-rewrite of /proc/net/foo_tables_*

There are many small but still wrong things with /proc/net/*_tables_*
so I decided to do overhaul simultaneously making it more suitable for
per-netns /proc/net/*_tables_* implementation.

Fix
a) xt_get_idx() duplicating now standard seq_list_start/seq_list_next
   iterators
b) tables/matches/targets list was chosen again and again on every ->next
c) multiple useless "af >= NPROTO" checks -- we simple don't supply invalid
   AFs there and registration function should BUG_ON instead.

   Regardless, the one in ->next() is the most useless -- ->next doesn't
   run at all if ->start fails.
d) Don't use mutex_lock_interruptible() -- it can fail and ->stop is
   executed even if ->start failed, so unlock without lock is possible.

As side effect, streamline code by splitting xt_tgt_ops into xt_target_ops,
xt_matches_ops, xt_tables_ops.

xt_tables_ops hooks will be changed by per-netns code. Code of
xt_matches_ops, xt_target_ops is identical except the list chosen for
iterating, but I think consolidating code for two files not worth it
given "<< 16" hacks needed for it.

[Patrick: removed unused enum in x_tables.c]

Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: xt_hashlimit match, revision 1
Jan Engelhardt [Thu, 31 Jan 2008 12:48:13 +0000 (04:48 -0800)]
[NETFILTER]: xt_hashlimit match, revision 1

Introduces the xt_hashlimit match revision 1. It adds support for
kernel-level inversion and grouping source and/or destination IP
addresses, allowing to limit on a per-subnet basis. While this would
technically obsolete xt_limit, xt_hashlimit is a more expensive due
to the hashbucketing.

Kernel-level inversion: Previously you had to do user-level inversion:

iptables -N foo
iptables -A foo -m hashlimit --hashlimit(-upto) 5/s -j RETURN
iptables -A foo -j DROP
iptables -A INPUT -j foo

now it is simpler:

iptables -A INPUT -m hashlimit --hashlimit-over 5/s -j DROP

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack: kill unused static inline (do_iter)
Ilpo Järvinen [Thu, 31 Jan 2008 12:47:35 +0000 (04:47 -0800)]
[NETFILTER]: nf_conntrack: kill unused static inline (do_iter)

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: ipt_CLUSTERIP: kill clusterip_config_entry_get
Ilpo Järvinen [Thu, 31 Jan 2008 12:46:02 +0000 (04:46 -0800)]
[NETFILTER]: ipt_CLUSTERIP: kill clusterip_config_entry_get

It's unused static inline.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack_netlink: transmit mark during all events
Eric Leblond [Thu, 31 Jan 2008 12:44:27 +0000 (04:44 -0800)]
[NETFILTER]: nf_conntrack_netlink: transmit mark during all events

The following feature was submitted some months ago. It forces the dump
of mark during the connection destruction event. The induced load is
quiet small and the patch is usefull to provide an easy way to filter
event on user side without having to keep an hash in userspace.

Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack_h323: clean up code a bit
Jan Engelhardt [Thu, 31 Jan 2008 12:43:53 +0000 (04:43 -0800)]
[NETFILTER]: nf_conntrack_h323: clean up code a bit

-total: 81 errors, 3 warnings, 876 lines checked
+total: 44 errors, 3 warnings, 876 lines checked

There is still work to be done, but that's for another patch.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_nat: switch rwlock to spinlock
Patrick McHardy [Thu, 31 Jan 2008 12:43:06 +0000 (04:43 -0800)]
[NETFILTER]: nf_nat: switch rwlock to spinlock

Since we're using RCU, all users of nf_nat_lock take a write_lock.
Switch it to a spinlock.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_nat: use RCU for bysource hash
Patrick McHardy [Thu, 31 Jan 2008 12:42:37 +0000 (04:42 -0800)]
[NETFILTER]: nf_nat: use RCU for bysource hash

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack: naming unification
Patrick McHardy [Thu, 31 Jan 2008 12:42:11 +0000 (04:42 -0800)]
[NETFILTER]: nf_conntrack: naming unification

Rename all "conntrack" variables to "ct" for more consistency and
avoiding some overly long lines.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack: don't inline early_drop()
Patrick McHardy [Thu, 31 Jan 2008 12:41:44 +0000 (04:41 -0800)]
[NETFILTER]: nf_conntrack: don't inline early_drop()

early_drop() is only called *very* rarely, unfortunately gcc inlines it
into the hotpath because there is only a single caller. Explicitly mark
it noinline.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack: reorder struct nf_conntrack_l4proto
Patrick McHardy [Thu, 31 Jan 2008 12:41:14 +0000 (04:41 -0800)]
[NETFILTER]: nf_conntrack: reorder struct nf_conntrack_l4proto

Reorder struct nf_conntrack_l4proto so all members used during packet
processing are in the same cacheline.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack: optimize hash_conntrack()
Patrick McHardy [Thu, 31 Jan 2008 12:40:52 +0000 (04:40 -0800)]
[NETFILTER]: nf_conntrack: optimize hash_conntrack()

Avoid calling jhash three times and hash the entire tuple in one go.

  __hash_conntrack | -485 # 760 -> 275, # inlines: 3 -> 1, size inlines: 717 -> 252
 1 function changed, 485 bytes removed

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack: avoid duplicate protocol comparison in nf_ct_tuple_equal()
Patrick McHardy [Thu, 31 Jan 2008 12:40:04 +0000 (04:40 -0800)]
[NETFILTER]: nf_conntrack: avoid duplicate protocol comparison in nf_ct_tuple_equal()

nf_ct_tuple_src_equal() and nf_ct_tuple_dst_equal() both compare the protocol
numbers. Unfortunately gcc doesn't optimize out the second comparison, so
remove it and prefix both functions with __ to indicate that they should not
be used directly.

Saves another 16 byte of text in __nf_conntrack_find() on x86_64:

  nf_conntrack_tuple_taken |  -20 # 320 -> 300, size inlines: 181 -> 161
  __nf_conntrack_find      |  -16 # 267 -> 251, size inlines: 127 -> 115
  __nf_conntrack_confirm   |  -40 # 875 -> 835, size inlines: 570 -> 537
 3 functions changed, 76 bytes removed

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack: optimize __nf_conntrack_find()
Patrick McHardy [Thu, 31 Jan 2008 12:39:23 +0000 (04:39 -0800)]
[NETFILTER]: nf_conntrack: optimize __nf_conntrack_find()

Ignoring specific entries in __nf_conntrack_find() is only needed by NAT
for nf_conntrack_tuple_taken(). Remove it from __nf_conntrack_find()
and make nf_conntrack_tuple_taken() search the hash itself.

Saves 54 bytes of text in the hotpath on x86_64:

  __nf_conntrack_find      |  -54 # 321 -> 267, # inlines: 3 -> 2, size inlines: 181 -> 127
  nf_conntrack_tuple_taken | +305 # 15 -> 320, lexblocks: 0 -> 3, # inlines: 0 -> 3, size inlines: 0 -> 181
  nf_conntrack_find_get    |   -2 # 90 -> 88
 3 functions changed, 305 bytes added, 56 bytes removed, diff: +249

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago[NETFILTER]: nf_conntrack: switch rwlock to spinlock
Patrick McHardy [Thu, 31 Jan 2008 12:38:58 +0000 (04:38 -0800)]
[NETFILTER]: nf_conntrack: switch rwlock to spinlock

With the RCU conversion only write_lock usages of nf_conntrack_lock are
left (except one read_lock that should actually use write_lock in the
H.323 helper). Switch to a spinlock.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>