1. 17 2月, 2010 1 次提交
  2. 07 1月, 2010 1 次提交
    • J
      net: RFC3069, private VLAN proxy arp support · 65324144
      Jesper Dangaard Brouer 提交于
      This is to be used together with switch technologies, like RFC3069,
      that where the individual ports are not allowed to communicate with
      each other, but they are allowed to talk to the upstream router.  As
      described in RFC 3069, it is possible to allow these hosts to
      communicate through the upstream router by proxy_arp'ing.
      
      This patch basically allow proxy arp replies back to the same
      interface (from which the ARP request/solicitation was received).
      
      Tunable per device via proc "proxy_arp_pvlan":
        /proc/sys/net/ipv4/conf/*/proxy_arp_pvlan
      
      This switch technology is known by different vendor names:
       - In RFC 3069 it is called VLAN Aggregation.
       - Cisco and Allied Telesyn call it Private VLAN.
       - Hewlett-Packard call it Source-Port filtering or port-isolation.
       - Ericsson call it MAC-Forced Forwarding (RFC Draft).
      Signed-off-by: NJesper Dangaard Brouer <hawk@comx.dk>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      65324144
  3. 26 12月, 2009 1 次提交
    • J
      net: restore ip source validation · 28f6aeea
      Jamal Hadi Salim 提交于
      when using policy routing and the skb mark:
      there are cases where a back path validation requires us
      to use a different routing table for src ip validation than
      the one used for mapping ingress dst ip.
      One such a case is transparent proxying where we pretend to be
      the destination system and therefore the local table
      is used for incoming packets but possibly a main table would
      be used on outbound.
      Make the default behavior to allow the above and if users
      need to turn on the symmetry via sysctl src_valid_mark
      Signed-off-by: NJamal Hadi Salim <hadi@cyberus.ca>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      28f6aeea
  4. 04 12月, 2009 1 次提交
  5. 26 11月, 2009 1 次提交
  6. 14 11月, 2009 1 次提交
    • E
      ipv4: speedup inet_dump_ifaddr() · eec4df98
      Eric Dumazet 提交于
      Stephen Hemminger a écrit :
      > On Thu, 12 Nov 2009 15:11:36 +0100
      > Eric Dumazet <eric.dumazet@gmail.com> wrote:
      >
      >> When handling large number of netdevices, inet_dump_ifaddr()
      >> is very slow because it has O(N^2) complexity.
      >>
      >> Instead of scanning one single list, we can use the NETDEV_HASHENTRIES
      >> sub lists of the dev_index hash table, and RCU lookups.
      >>
      >> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
      >
      > You might be able to make RCU critical section smaller by moving
      > it into loop.
      >
      
      Indeed. But we dump at most one skb (<= 8192 bytes ?), so rcu_read_lock
      holding time is small, unless we meet many netdevices without
      addresses. I wonder if its really common...
      
      Thanks
      
      [PATCH net-next-2.6] ipv4: speedup inet_dump_ifaddr()
      
      When handling large number of netdevices, inet_dump_ifaddr()
      is very slow because it has O(N2) complexity.
      
      Instead of scanning one single list, we can use the NETDEV_HASHENTRIES
      sub lists of the dev_index hash table, and RCU lookups.
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Acked-by: NStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      eec4df98
  7. 12 11月, 2009 1 次提交
    • E
      sysctl net: Remove unused binary sysctl code · f8572d8f
      Eric W. Biederman 提交于
      Now that sys_sysctl is a compatiblity wrapper around /proc/sys
      all sysctl strategy routines, and all ctl_name and strategy
      entries in the sysctl tables are unused, and can be
      revmoed.
      
      In addition neigh_sysctl_register has been modified to no longer
      take a strategy argument and it's callers have been modified not
      to pass one.
      
      Cc: "David Miller" <davem@davemloft.net>
      Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
      Cc: netdev@vger.kernel.org
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      f8572d8f
  8. 05 11月, 2009 1 次提交
  9. 04 11月, 2009 1 次提交
  10. 02 11月, 2009 1 次提交
  11. 07 10月, 2009 1 次提交
  12. 24 9月, 2009 1 次提交
  13. 15 9月, 2009 1 次提交
  14. 19 5月, 2009 1 次提交
  15. 25 2月, 2009 1 次提交
    • P
      netlink: change nlmsg_notify() return value logic · 1ce85fe4
      Pablo Neira Ayuso 提交于
      This patch changes the return value of nlmsg_notify() as follows:
      
      If NETLINK_BROADCAST_ERROR is set by any of the listeners and
      an error in the delivery happened, return the broadcast error;
      else if there are no listeners apart from the socket that
      requested a change with the echo flag, return the result of the
      unicast notification. Thus, with this patch, the unicast
      notification is handled in the same way of a broadcast listener
      that has set the NETLINK_BROADCAST_ERROR socket flag.
      
      This patch is useful in case that the caller of nlmsg_notify()
      wants to know the result of the delivery of a netlink notification
      (including the broadcast delivery) and take any action in case
      that the delivery failed. For example, ctnetlink can drop packets
      if the event delivery failed to provide reliable logging and
      state-synchronization at the cost of dropping packets.
      
      This patch also modifies the rtnetlink code to ignore the return
      value of rtnl_notify() in all callers. The function rtnl_notify()
      (before this patch) returned the error of the unicast notification
      which makes rtnl_set_sk_err() reports errors to all listeners. This
      is not of any help since the origin of the change (the socket that
      requested the echoing) notices the ENOBUFS error if the notification
      fails and should resync itself.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      Acked-by: NPatrick McHardy <kaber@trash.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1ce85fe4
  16. 01 2月, 2009 1 次提交
  17. 03 11月, 2008 1 次提交
  18. 29 10月, 2008 1 次提交
  19. 17 10月, 2008 2 次提交
  20. 03 9月, 2008 1 次提交
  21. 26 7月, 2008 1 次提交
  22. 06 7月, 2008 1 次提交
  23. 20 6月, 2008 1 次提交
  24. 12 6月, 2008 1 次提交
  25. 11 6月, 2008 1 次提交
  26. 04 6月, 2008 1 次提交
  27. 26 3月, 2008 2 次提交
  28. 29 2月, 2008 4 次提交
  29. 27 2月, 2008 1 次提交
    • B
      [IPV4]: Reset scope when changing address · 148f9729
      Bjorn Mork 提交于
      This bug did bite at least one user, who did have to resort to rebooting
      the system after an "ifconfig eth0 127.0.0.1" typo.
      
      Deleting the address and adding a new is a less intrusive workaround.
      But I still beleive this is a bug that should be fixed.  Some way or
      another.
      
      Another possibility would be to remove the scope mangling based on
      address.  This will always be incomplete (are 127/8 the only address
      space with host scope requirements?)
      
      We set the scope to RT_SCOPE_HOST if an IPv4 interface is configured
      with a loopback address (127/8).  The scope is never reset, and will
      remain set to RT_SCOPE_HOST after changing the address. This patch
      resets the scope if the address is changed again, to restore normal
      functionality.
      Signed-off-by: NBjorn Mork <bjorn@mork.no>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      148f9729
  30. 01 2月, 2008 3 次提交
  31. 29 1月, 2008 3 次提交