1. 26 10月, 2007 1 次提交
  2. 11 10月, 2007 2 次提交
    • S
      [INET]: local port range robustness · 227b60f5
      Stephen Hemminger 提交于
      Expansion of original idea from Denis V. Lunev <den@openvz.org>
      
      Add robustness and locking to the local_port_range sysctl.
      1. Enforce that low < high when setting.
      2. Use seqlock to ensure atomic update.
      
      The locking might seem like overkill, but there are
      cases where sysadmin might want to change value in the
      middle of a DoS attack.
      Signed-off-by: NStephen Hemminger <shemminger@linux-foundation.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      227b60f5
    • E
      [NET]: Make /proc/net per network namespace · 457c4cbc
      Eric W. Biederman 提交于
      This patch makes /proc/net per network namespace.  It modifies the global
      variables proc_net and proc_net_stat to be per network namespace.
      The proc_net file helpers are modified to take a network namespace argument,
      and all of their callers are fixed to pass &init_net for that argument.
      This ensures that all of the /proc/net files are only visible and
      usable in the initial network namespace until the code behind them
      has been updated to be handle multiple network namespaces.
      
      Making /proc/net per namespace is necessary as at least some files
      in /proc/net depend upon the set of network devices which is per
      network namespace, and even more files in /proc/net have contents
      that are relevant to a single network namespace.
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      457c4cbc
  3. 29 9月, 2007 1 次提交
    • D
      [TCP]: Fix MD5 signature handling on big-endian. · f8ab18d2
      David S. Miller 提交于
      Based upon a report and initial patch by Peter Lieven.
      
      tcp4_md5sig_key and tcp6_md5sig_key need to start with
      the exact same members as tcp_md5sig_key.  Because they
      are both cast to that type by tcp_v{4,6}_md5_do_lookup().
      
      Unfortunately tcp{4,6}_md5sig_key use a u16 for the key
      length instead of a u8, which is what tcp_md5sig_key
      uses.  This just so happens to work by accident on
      little-endian, but on big-endian it doesn't.
      
      Instead of casting, just place tcp_md5sig_key as the first member of
      the address-family specific structures, adjust the access sites, and
      kill off the ugly casts.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f8ab18d2
  4. 03 8月, 2007 1 次提交
    • D
      [TCP]: Invoke tcp_sendmsg() directly, do not use inet_sendmsg(). · 3516ffb0
      David S. Miller 提交于
      As discovered by Evegniy Polyakov, if we try to sendmsg after
      a connection reset, we can do incredibly stupid things.
      
      The core issue is that inet_sendmsg() tries to autobind the
      socket, but we should never do that for TCP.  Instead we should
      just go straight into TCP's sendmsg() code which will do all
      of the necessary state and pending socket error checks.
      
      TCP's sendpage already directly vectors to tcp_sendpage(), so this
      merely brings sendmsg() in line with that.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3516ffb0
  5. 11 7月, 2007 1 次提交
    • H
      [TCPv4]: Improve BH latency in /proc/net/tcp · a7ab4b50
      Herbert Xu 提交于
      Currently the code for /proc/net/tcp disable BH while iterating
      over the entire established hash table.  Even though we call
      cond_resched_softirq for each entry, we still won't process
      softirq's as regularly as we would otherwise do which results
      in poor performance when the system is loaded near capacity.
      
      This anomaly comes from the 2.4 code where this was all in a
      single function and the local_bh_disable might have made sense
      as a small optimisation.
      
      The cost of each local_bh_disable is so small when compared
      against the increased latency in keeping it disabled over a
      large but mostly empty TCP established hash table that we
      should just move it to the individual read_lock/read_unlock
      calls as we do in inet_diag.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a7ab4b50
  6. 13 6月, 2007 1 次提交
  7. 08 6月, 2007 1 次提交
  8. 04 6月, 2007 1 次提交
  9. 26 4月, 2007 10 次提交
  10. 11 2月, 2007 1 次提交
  11. 09 2月, 2007 3 次提交
    • E
      [NET]: change layout of ehash table · dbca9b27
      Eric Dumazet 提交于
      ehash table layout is currently this one :
      
      First half of this table is used by sockets not in TIME_WAIT state
      Second half of it is used by sockets in TIME_WAIT state.
      
      This is non optimal because of for a given hash or socket, the two chain heads 
      are located in separate cache lines.
      Moreover the locks of the second half are never used.
      
      If instead of this halving, we use two list heads in inet_ehash_bucket instead 
      of only one, we probably can avoid one cache miss, and reduce ram usage, 
      particularly if sizeof(rwlock_t) is big (various CONFIG_DEBUG_SPINLOCK, 
      CONFIG_DEBUG_LOCK_ALLOC settings). So we still halves the table but we keep 
      together related chains to speedup lookups and socket state change.
      
      In this patch I did not try to align struct inet_ehash_bucket, but a future 
      patch could try to make this structure have a convenient size (a power of two 
      or a multiple of L1_CACHE_SIZE).
      I guess rwlock will just vanish as soon as RCU is plugged into ehash :) , so 
      maybe we dont need to scratch our heads to align the bucket...
      
      Note : In case struct inet_ehash_bucket is not a power of two, we could 
      probably change alloc_large_system_hash() (in case it use __get_free_pages()) 
      to free the unused space. It currently allocates a big zone, but the last 
      quarter of it could be freed. Again, this should be a temporary 'problem'.
      
      Patch tested on ipv4 tcp only, but should be OK for IPV6 and DCCP.
      Signed-off-by: NEric Dumazet <dada1@cosmosbay.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dbca9b27
    • D
      [IPV4/IPV6]: Always wait for IPSEC SA resolution in socket contexts. · 8eb9086f
      David S. Miller 提交于
      Do this even for non-blocking sockets.  This avoids the silly -EAGAIN
      that applications can see now, even for non-blocking sockets in some
      cases (f.e. connect()).
      
      With help from Venkat Tekkirala.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8eb9086f
    • F
      [TCP]: remove tcp header from tcp_v4_check (take #2) · ba7808ea
      Frederik Deweerdt 提交于
      The tcphdr struct passed to tcp_v4_check is not used, the following
      patch removes it from the parameter list.
      
      This adds the netfilter modifications missing in the patch I sent
      for rc3-mm1.
      Signed-off-by: NFrederik Deweerdt <frederik.deweerdt@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ba7808ea
  12. 09 1月, 2007 1 次提交
  13. 18 12月, 2006 2 次提交
  14. 03 12月, 2006 13 次提交
  15. 20 10月, 2006 1 次提交