1. 04 1月, 2014 1 次提交
  2. 20 12月, 2013 5 次提交
  3. 18 12月, 2013 5 次提交
  4. 14 12月, 2013 8 次提交
  5. 01 12月, 2013 1 次提交
  6. 04 11月, 2013 1 次提交
    • A
      net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0) · f421436a
      Arvid Brodin 提交于
      High-availability Seamless Redundancy ("HSR") provides instant failover
      redundancy for Ethernet networks. It requires a special network topology where
      all nodes are connected in a ring (each node having two physical network
      interfaces). It is suited for applications that demand high availability and
      very short reaction time.
      
      HSR acts on the Ethernet layer, using a registered Ethernet protocol type to
      send special HSR frames in both directions over the ring. The driver creates
      virtual network interfaces that can be used just like any ordinary Linux
      network interface, for IP/TCP/UDP traffic etc. All nodes in the network ring
      must be HSR capable.
      
      This code is a "best effort" to comply with the HSR standard as described in
      IEC 62439-3:2010 (HSRv0).
      Signed-off-by: NArvid Brodin <arvid.brodin@xdin.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f421436a
  7. 20 10月, 2013 2 次提交
  8. 01 9月, 2013 1 次提交
  9. 31 7月, 2013 1 次提交
  10. 14 6月, 2013 1 次提交
  11. 11 6月, 2013 2 次提交
  12. 29 4月, 2013 2 次提交
  13. 20 4月, 2013 1 次提交
    • P
      net: vlan: add 802.1ad support · 8ad227ff
      Patrick McHardy 提交于
      Add support for 802.1ad VLAN devices. This mainly consists of checking for
      ETH_P_8021AD in addition to ETH_P_8021Q in a couple of places and check
      offloading capabilities based on the used protocol.
      
      Configuration is done using "ip link":
      
      # ip link add link eth0 eth0.1000 \
      	type vlan proto 802.1ad id 1000
      # ip link add link eth0.1000 eth0.1000.1000 \
      	type vlan proto 802.1q id 1000
      
      52:54:00:12:34:56 > 92:b1:54:28:e4:8c, ethertype 802.1Q (0x8100), length 106: vlan 1000, p 0, ethertype 802.1Q, vlan 1000, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
          20.1.0.2 > 20.1.0.1: ICMP echo request, id 3003, seq 8, length 64
      92:b1:54:28:e4:8c > 52:54:00:12:34:56, ethertype 802.1Q-QinQ (0x88a8), length 106: vlan 1000, p 0, ethertype 802.1Q, vlan 1000, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 47944, offset 0, flags [none], proto ICMP (1), length 84)
          20.1.0.1 > 20.1.0.2: ICMP echo reply, id 3003, seq 8, length 64
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8ad227ff
  14. 17 4月, 2013 1 次提交
  15. 09 4月, 2013 1 次提交
    • D
      net: ipv6: add tokenized interface identifier support · f53adae4
      Daniel Borkmann 提交于
      This patch adds support for IPv6 tokenized IIDs, that allow
      for administrators to assign well-known host-part addresses
      to nodes whilst still obtaining global network prefix from
      Router Advertisements. It is currently in draft status.
      
        The primary target for such support is server platforms
        where addresses are usually manually configured, rather
        than using DHCPv6 or SLAAC. By using tokenised identifiers,
        hosts can still determine their network prefix by use of
        SLAAC, but more readily be automatically renumbered should
        their network prefix change. [...]
      
        The disadvantage with static addresses is that they are
        likely to require manual editing should the network prefix
        in use change.  If instead there were a method to only
        manually configure the static identifier part of the IPv6
        address, then the address could be automatically updated
        when a new prefix was introduced, as described in [RFC4192]
        for example.  In such cases a DNS server might be
        configured with such a tokenised interface identifier of
        ::53, and SLAAC would use the token in constructing the
        interface address, using the advertised prefix. [...]
      
        http://tools.ietf.org/html/draft-chown-6man-tokenised-ipv6-identifiers-02
      
      The implementation is partially based on top of Mark K.
      Thompson's proof of concept. However, it uses the Netlink
      interface for configuration resp. data retrival, so that
      it can be easily extended in future. Successfully tested
      by myself.
      
      Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
      Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
      Cc: Thomas Graf <tgraf@suug.ch>
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f53adae4
  16. 29 12月, 2012 1 次提交
  17. 06 12月, 2012 1 次提交
    • D
      bridge: implement multicast fast leave · c2d3babf
      David S. Miller 提交于
      V3: make it a flag
      V2: make the toggle per-port
      
      Fast leave allows bridge to immediately stops the multicast
      traffic on the port receives IGMP Leave when IGMP snooping is enabled,
      no timeouts are observed.
      
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Stephen Hemminger <shemminger@vyatta.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: NCong Wang <amwang@redhat.com>
      c2d3babf
  18. 21 11月, 2012 1 次提交
    • D
      add DOVE extensions for VXLAN · e4f67add
      David Stevens 提交于
      This patch provides extensions to VXLAN for supporting Distributed
      Overlay Virtual Ethernet (DOVE) networks. The patch includes:
      
      	+ a dove flag per VXLAN device to enable DOVE extensions
      	+ ARP reduction, whereby a bridge-connected VXLAN tunnel endpoint
      		answers ARP requests from the local bridge on behalf of
      		remote DOVE clients
      	+ route short-circuiting (aka L3 switching). Known destination IP
      		addresses use the corresponding destination MAC address for
      		switching rather than going to a (possibly remote) router first.
      	+ netlink notification messages for forwarding table and L3 switching
      		misses
      
      Changes since v2
      	- combined bools into "u32 flags"
      	- replaced loop with !is_zero_ether_addr()
      Signed-off-by: NDavid L Stevens <dlstevens@us.ibm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e4f67add
  19. 15 11月, 2012 3 次提交
    • S
      bridge: add root port blocking · 1007dd1a
      stephen hemminger 提交于
      This is Linux bridge implementation of root port guard.
      If BPDU is received from a leaf (edge) port, it should not
      be elected as root port.
      
      Why would you want to do this?
      If using STP on a bridge and the downstream bridges are not fully
      trusted; this prevents a hostile guest for rerouting traffic.
      
      Why not just use netfilter?
      Netfilter does not track of follow spanning tree decisions.
      It would be difficult and error prone to try and mirror STP
      resolution in netfilter module.
      Signed-off-by: NStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1007dd1a
    • S
      bridge: implement BPDU blocking · a2e01a65
      stephen hemminger 提交于
      This is Linux bridge implementation of STP protection
      (Cisco BPDU guard/Juniper BPDU block). BPDU block disables
      the bridge port if a STP BPDU packet is received.
      
      Why would you want to do this?
      If running Spanning Tree on bridge, hostile devices on the network
      may send BPDU and cause network failure. Enabling bpdu block
      will detect and stop this.
      
      How to recover the port?
      The port will be restarted if link is brought down, or
      removed and reattached.  For example:
       # ip li set dev eth0 down; ip li set dev eth0 up
      Signed-off-by: NStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a2e01a65
    • S
      bridge: bridge port parameters over netlink · 25c71c75
      stephen hemminger 提交于
      Expose bridge port parameter over netlink. By switching to a nested
      message, this can be used for other bridge parameters.
      
      This changes IFLA_PROTINFO attribute from one byte to a full nested
      set of attributes. This is safe for application interface because the
      old message used IFLA_PROTINFO and new one uses
       IFLA_PROTINFO | NLA_F_NESTED.
      
      The code adapts to old format requests, and therefore stays
      compatible with user mode RSTP daemon. Since the type field
      for nested and unnested attributes are different, and the old
      code in libnetlink doesn't do the mask, it is also safe to use
      with old versions of bridge monitor command.
      
      Note: although mode is only a boolean, treating it as a
      full byte since in the future someone will probably want to add more
      values (like macvlan has).
      Signed-off-by: NStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      25c71c75
  20. 13 10月, 2012 1 次提交