1. 12 7月, 2012 1 次提交
  2. 04 7月, 2012 1 次提交
  3. 13 5月, 2012 1 次提交
    • E
      fq_codel: Fair Queue Codel AQM · 4b549a2e
      Eric Dumazet 提交于
      Fair Queue Codel packet scheduler
      
      Principles :
      
      - Packets are classified (internal classifier or external) on flows.
      - This is a Stochastic model (as we use a hash, several flows might
                                    be hashed on same slot)
      - Each flow has a CoDel managed queue.
      - Flows are linked onto two (Round Robin) lists,
        so that new flows have priority on old ones.
      
      - For a given flow, packets are not reordered (CoDel uses a FIFO)
      - head drops only.
      - ECN capability is on by default.
      - Very low memory footprint (64 bytes per flow)
      
      tc qdisc ... fq_codel [ limit PACKETS ] [ flows number ]
                            [ target TIME ] [ interval TIME ] [ noecn ]
                            [ quantum BYTES ]
      
      defaults : 1024 flows, 10240 packets limit, quantum : device MTU
                 target : 5ms (CoDel default)
                 interval : 100ms (CoDel default)
      
      Impressive results on load :
      
      class htb 1:1 root leaf 10: prio 0 quantum 1514 rate 200000Kbit ceil 200000Kbit burst 1475b/8 mpu 0b overhead 0b cburst 1475b/8 mpu 0b overhead 0b level 0
       Sent 43304920109 bytes 33063109 pkt (dropped 0, overlimits 0 requeues 0)
       rate 201691Kbit 28595pps backlog 0b 312p requeues 0
       lended: 33063109 borrowed: 0 giants: 0
       tokens: -912 ctokens: -912
      
      class fq_codel 10:1735 parent 10:
       (dropped 1292, overlimits 0 requeues 0)
       backlog 15140b 10p requeues 0
        deficit 1514 count 1 lastcount 1 ldelay 7.1ms
      class fq_codel 10:4524 parent 10:
       (dropped 1291, overlimits 0 requeues 0)
       backlog 16654b 11p requeues 0
        deficit 1514 count 1 lastcount 1 ldelay 7.1ms
      class fq_codel 10:4e74 parent 10:
       (dropped 1290, overlimits 0 requeues 0)
       backlog 6056b 4p requeues 0
        deficit 1514 count 1 lastcount 1 ldelay 6.4ms dropping drop_next 92.0ms
      class fq_codel 10:628a parent 10:
       (dropped 1289, overlimits 0 requeues 0)
       backlog 7570b 5p requeues 0
        deficit 1514 count 1 lastcount 1 ldelay 5.4ms dropping drop_next 90.9ms
      class fq_codel 10:a4b3 parent 10:
       (dropped 302, overlimits 0 requeues 0)
       backlog 16654b 11p requeues 0
        deficit 1514 count 1 lastcount 1 ldelay 7.1ms
      class fq_codel 10:c3c2 parent 10:
       (dropped 1284, overlimits 0 requeues 0)
       backlog 13626b 9p requeues 0
        deficit 1514 count 1 lastcount 1 ldelay 5.9ms
      class fq_codel 10:d331 parent 10:
       (dropped 299, overlimits 0 requeues 0)
       backlog 15140b 10p requeues 0
        deficit 1514 count 1 lastcount 1 ldelay 7.0ms
      class fq_codel 10:d526 parent 10:
       (dropped 12160, overlimits 0 requeues 0)
       backlog 35870b 211p requeues 0
        deficit 1508 count 12160 lastcount 1 ldelay 15.3ms dropping drop_next 247us
      class fq_codel 10:e2c6 parent 10:
       (dropped 1288, overlimits 0 requeues 0)
       backlog 15140b 10p requeues 0
        deficit 1514 count 1 lastcount 1 ldelay 7.1ms
      class fq_codel 10:eab5 parent 10:
       (dropped 1285, overlimits 0 requeues 0)
       backlog 16654b 11p requeues 0
        deficit 1514 count 1 lastcount 1 ldelay 5.9ms
      class fq_codel 10:f220 parent 10:
       (dropped 1289, overlimits 0 requeues 0)
       backlog 15140b 10p requeues 0
        deficit 1514 count 1 lastcount 1 ldelay 7.1ms
      
      qdisc htb 1: root refcnt 6 r2q 10 default 1 direct_packets_stat 0 ver 3.17
       Sent 43331086547 bytes 33092812 pkt (dropped 0, overlimits 66063544 requeues 71)
       rate 201697Kbit 28602pps backlog 0b 260p requeues 71
      qdisc fq_codel 10: parent 1:1 limit 10240p flows 65536 target 5.0ms interval 100.0ms ecn
       Sent 43331086547 bytes 33092812 pkt (dropped 949359, overlimits 0 requeues 0)
       rate 201697Kbit 28602pps backlog 189352b 260p requeues 0
        maxpacket 1514 drop_overlimit 0 new_flow_count 5582 ecn_mark 125593
        new_flows_len 0 old_flows_len 11
      
      PING 172.30.42.18 (172.30.42.18) 56(84) bytes of data.
      64 bytes from 172.30.42.18: icmp_req=1 ttl=64 time=0.227 ms
      64 bytes from 172.30.42.18: icmp_req=2 ttl=64 time=0.165 ms
      64 bytes from 172.30.42.18: icmp_req=3 ttl=64 time=0.166 ms
      64 bytes from 172.30.42.18: icmp_req=4 ttl=64 time=0.151 ms
      64 bytes from 172.30.42.18: icmp_req=5 ttl=64 time=0.164 ms
      64 bytes from 172.30.42.18: icmp_req=6 ttl=64 time=0.172 ms
      64 bytes from 172.30.42.18: icmp_req=7 ttl=64 time=0.175 ms
      64 bytes from 172.30.42.18: icmp_req=8 ttl=64 time=0.183 ms
      64 bytes from 172.30.42.18: icmp_req=9 ttl=64 time=0.158 ms
      64 bytes from 172.30.42.18: icmp_req=10 ttl=64 time=0.200 ms
      
      10 packets transmitted, 10 received, 0% packet loss, time 8999ms
      rtt min/avg/max/mdev = 0.151/0.176/0.227/0.022 ms
      
      Much better than SFQ because of priority given to new flows, and fast
      path dirtying less cache lines.
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4b549a2e
  4. 11 5月, 2012 1 次提交
    • E
      codel: Controlled Delay AQM · 76e3cc12
      Eric Dumazet 提交于
      An implementation of CoDel AQM, from Kathleen Nichols and Van Jacobson.
      
      http://queue.acm.org/detail.cfm?id=2209336
      
      This AQM main input is no longer queue size in bytes or packets, but the
      delay packets stay in (FIFO) queue.
      
      As we don't have infinite memory, we still can drop packets in enqueue()
      in case of massive load, but mean of CoDel is to drop packets in
      dequeue(), using a control law based on two simple parameters :
      
      target : target sojourn time (default 5ms)
      interval : width of moving time window (default 100ms)
      
      Based on initial work from Dave Taht.
      
      Refactored to help future codel inclusion as a plugin for other linux
      qdisc (FQ_CODEL, ...), like RED.
      
      include/net/codel.h contains codel algorithm as close as possible than
      Kathleen reference.
      
      net/sched/sch_codel.c contains the linux qdisc specific glue.
      
      Separate structures permit a memory efficient implementation of fq_codel
      (to be sent as a separate work) : Each flow has its own struct
      codel_vars.
      
      timestamps are taken at enqueue() time with 1024 ns precision, allowing
      a range of 2199 seconds in queue, and 100Gb links support. iproute2 uses
      usec as base unit.
      
      Selected packets are dropped, unless ECN is enabled and packets can get
      ECN mark instead.
      
      Tested from 2Mb to 10Gb speeds with no particular problems, on ixgbe and
      tg3 drivers (BQL enabled).
      
      Usage: tc qdisc ... codel [ limit PACKETS ] [ target TIME ]
                                [ interval TIME ] [ ecn ]
      
      qdisc codel 10: parent 1:1 limit 2000p target 3.0ms interval 60.0ms ecn
       Sent 13347099587 bytes 8815805 pkt (dropped 0, overlimits 0 requeues 0)
       rate 202365Kbit 16708pps backlog 113550b 75p requeues 0
        count 116 lastcount 98 ldelay 4.3ms dropping drop_next 816us
        maxpacket 1514 ecn_mark 84399 drop_overlimit 0
      
      CoDel must be seen as a base module, and should be used keeping in mind
      there is still a FIFO queue. So a typical setup will probably need a
      hierarchy of several qdiscs and packet classifiers to be able to meet
      whatever constraints a user might have.
      
      One possible example would be to use fq_codel, which combines Fair
      Queueing and CoDel, in replacement of sfq / sfq_red.
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDave Taht <dave.taht@bufferbloat.net>
      Cc: Kathleen Nichols <nichols@pollere.com>
      Cc: Van Jacobson <van@pollere.net>
      Cc: Tom Herbert <therbert@google.com>
      Cc: Matt Mathis <mattmathis@google.com>
      Cc: Yuchung Cheng <ycheng@google.com>
      Cc: Stephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      76e3cc12
  5. 08 2月, 2012 1 次提交
    • S
      net/sched: sch_plug - Queue traffic until an explicit release command · c3059be1
      Shriram Rajagopalan 提交于
      The qdisc supports two operations - plug and unplug. When the
      qdisc receives a plug command via netlink request, packets arriving
      henceforth are buffered until a corresponding unplug command is received.
      Depending on the type of unplug command, the queue can be unplugged
      indefinitely or selectively.
      
      This qdisc can be used to implement output buffering, an essential
      functionality required for consistent recovery in checkpoint based
      fault-tolerance systems. Output buffering enables speculative execution
      by allowing generated network traffic to be rolled back. It is used to
      provide network protection for Xen Guests in the Remus high availability
      project, available as part of Xen.
      
      This module is generic enough to be used by any other system that wishes
      to add speculative execution and output buffering to its applications.
      
      This module was originally available in the linux 2.6.32 PV-OPS tree,
      used as dom0 for Xen.
      
      For more information, please refer to http://nss.cs.ubc.ca/remus/
      and http://wiki.xensource.com/xenwiki/Remus
      
      Changes in V3:
        * Removed debug output (printk) on queue overflow
        * Added TCQ_PLUG_RELEASE_INDEFINITE - that allows the user to
          use this qdisc, for simple plug/unplug operations.
        * Use of packet counts instead of pointers to keep track of
          the buffers in the queue.
      Signed-off-by: NShriram Rajagopalan <rshriram@cs.ubc.ca>
      Signed-off-by: NBrendan Cully <brendan@cs.ubc.ca>
      [author of the code in the linux 2.6.32 pvops tree]
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c3059be1
  6. 20 5月, 2011 1 次提交
  7. 05 4月, 2011 1 次提交
  8. 24 2月, 2011 1 次提交
    • E
      net_sched: SFB flow scheduler · e13e02a3
      Eric Dumazet 提交于
      This is the Stochastic Fair Blue scheduler, based on work from :
      
      W. Feng, D. Kandlur, D. Saha, K. Shin. Blue: A New Class of Active Queue
      Management Algorithms. U. Michigan CSE-TR-387-99, April 1999.
      
      http://www.thefengs.com/wuchang/blue/CSE-TR-387-99.pdf
      
      This implementation is based on work done by Juliusz Chroboczek
      
      General SFB algorithm can be found in figure 14, page 15:
      
      B[l][n] : L x N array of bins (L levels, N bins per level)
      enqueue()
      Calculate hash function values h{0}, h{1}, .. h{L-1}
      Update bins at each level
      for i = 0 to L - 1
         if (B[i][h{i}].qlen > bin_size)
            B[i][h{i}].p_mark += p_increment;
         else if (B[i][h{i}].qlen == 0)
            B[i][h{i}].p_mark -= p_decrement;
      p_min = min(B[0][h{0}].p_mark ... B[L-1][h{L-1}].p_mark);
      if (p_min == 1.0)
          ratelimit();
      else
          mark/drop with probabilty p_min;
      
      I did the adaptation of Juliusz code to meet current kernel standards,
      and various changes to address previous comments :
      
      http://thread.gmane.org/gmane.linux.network/90225
      http://thread.gmane.org/gmane.linux.network/90375
      
      Default flow classifier is the rxhash introduced by RPS in 2.6.35, but
      we can use an external flow classifier if wanted.
      
      tc qdisc add dev $DEV parent 1:11 handle 11:  \
              est 0.5sec 2sec sfb limit 128
      
      tc filter add dev $DEV protocol ip parent 11: handle 3 \
              flow hash keys dst divisor 1024
      
      Notes:
      
      1) SFB default child qdisc is pfifo_fast. It can be changed by another
      qdisc but a child qdisc MUST not drop a packet previously queued. This
      is because SFB needs to handle a dequeued packet in order to maintain
      its virtual queue states. pfifo_head_drop or CHOKe should not be used.
      
      2) ECN is enabled by default, unlike RED/CHOKe/GRED
      
      With help from Patrick McHardy & Andi Kleen
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      CC: Juliusz Chroboczek <Juliusz.Chroboczek@pps.jussieu.fr>
      CC: Stephen Hemminger <shemminger@vyatta.com>
      CC: Patrick McHardy <kaber@trash.net>
      CC: Andi Kleen <andi@firstfloor.org>
      CC: John W. Linville <linville@tuxdriver.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e13e02a3
  9. 03 2月, 2011 1 次提交
    • S
      sched: CHOKe flow scheduler · 45e14433
      stephen hemminger 提交于
      CHOKe ("CHOose and Kill" or "CHOose and Keep") is an alternative
      packet scheduler based on the Random Exponential Drop (RED) algorithm.
      
      The core idea is:
        For every packet arrival:
        	Calculate Qave
      	if (Qave < minth)
      	     Queue the new packet
      	else
      	     Select randomly a packet from the queue
      	     if (both packets from same flow)
      	     then Drop both the packets
      	     else if (Qave > maxth)
      	          Drop packet
      	     else
      	       	  Admit packet with proability p (same as RED)
      
      See also:
        Rong Pan, Balaji Prabhakar, Konstantinos Psounis, "CHOKe: a stateless active
         queue management scheme for approximating fair bandwidth allocation",
        Proceeding of INFOCOM'2000, March 2000.
      
      Help from:
           Eric Dumazet <eric.dumazet@gmail.com>
           Patrick McHardy <kaber@trash.net>
      Signed-off-by: NStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      45e14433
  10. 20 1月, 2011 1 次提交
    • J
      net_sched: implement a root container qdisc sch_mqprio · b8970f0b
      John Fastabend 提交于
      This implements a mqprio queueing discipline that by default creates
      a pfifo_fast qdisc per tx queue and provides the needed configuration
      interface.
      
      Using the mqprio qdisc the number of tcs currently in use along
      with the range of queues alloted to each class can be configured. By
      default skbs are mapped to traffic classes using the skb priority.
      This mapping is configurable.
      
      Configurable parameters,
      
      struct tc_mqprio_qopt {
      	__u8    num_tc;
      	__u8    prio_tc_map[TC_BITMASK + 1];
      	__u8    hw;
      	__u16   count[TC_MAX_QUEUE];
      	__u16   offset[TC_MAX_QUEUE];
      };
      
      Here the count/offset pairing give the queue alignment and the
      prio_tc_map gives the mapping from skb->priority to tc.
      
      The hw bit determines if the hardware should configure the count
      and offset values. If the hardware bit is set then the operation
      will fail if the hardware does not implement the ndo_setup_tc
      operation. This is to avoid undetermined states where the hardware
      may or may not control the queue mapping. Also minimal bounds
      checking is done on the count/offset to verify a queue does not
      exceed num_tx_queues and that queue ranges do not overlap. Otherwise
      it is left to user policy or hardware configuration to create
      useful mappings.
      
      It is expected that hardware QOS schemes can be implemented by
      creating appropriate mappings of queues in ndo_tc_setup().
      
      One expected use case is drivers will use the ndo_setup_tc to map
      queue ranges onto 802.1Q traffic classes. This provides a generic
      mechanism to map network traffic onto these traffic classes and
      removes the need for lower layer drivers to know specifics about
      traffic types.
      Signed-off-by: NJohn Fastabend <john.r.fastabend@intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b8970f0b
  11. 14 1月, 2011 1 次提交
    • P
      netfilter: fix Kconfig dependencies · c7066f70
      Patrick McHardy 提交于
      Fix dependencies of netfilter realm match: it depends on NET_CLS_ROUTE,
      which itself depends on NET_SCHED; this dependency is missing from netfilter.
      
      Since matching on realms is also useful without having NET_SCHED enabled and
      the option really only controls whether the tclassid member is included in
      route and dst entries, rename the config option to IP_ROUTE_CLASSID and move
      it outside of traffic scheduling context to get rid of the NET_SCHED dependeny.
      Reported-by: NVladis Kletnieks <Valdis.Kletnieks@vt.edu>
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      c7066f70
  12. 16 11月, 2010 1 次提交
    • M
      Docs/Kconfig: Update: osdl.org -> linuxfoundation.org · c996d8b9
      Michael Witten 提交于
      Some of the documentation refers to web pages under
      the domain `osdl.org'. However, `osdl.org' now
      redirects to `linuxfoundation.org'.
      
      Rather than rely on redirections, this patch updates
      the addresses appropriately; for the most part, only
      documentation that is meant to be current has been
      updated.
      
      The patch should be pretty quick to scan and check;
      each new web-page url was gotten by trying out the
      original URL in a browser and then simply copying the
      the redirected URL (formatting as necessary).
      
      There is some conflict as to which one of these domain
      names is preferred:
      
        linuxfoundation.org
        linux-foundation.org
      
      So, I wrote:
      
        info@linuxfoundation.org
      
      and got this reply:
      
        Message-ID: <4CE17EE6.9040807@linuxfoundation.org>
        Date: Mon, 15 Nov 2010 10:41:42 -0800
        From: David Ames <david@linuxfoundation.org>
      
        ...
      
        linuxfoundation.org is preferred. The canonical name for our web site is
        www.linuxfoundation.org. Our list site is actually
        lists.linux-foundation.org.
      
        Regarding email linuxfoundation.org is preferred there are a few people
        who choose to use linux-foundation.org for their own reasons.
      
      Consequently, I used `linuxfoundation.org' for web pages and
      `lists.linux-foundation.org' for mailing-list web pages and email addresses;
      the only personal email address I updated from `@osdl.org' was that of
      Andrew Morton, who prefers `linux-foundation.org' according `git log'.
      Signed-off-by: NMichael Witten <mfwitten@gmail.com>
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      c996d8b9
  13. 24 8月, 2010 1 次提交
  14. 20 8月, 2010 1 次提交
    • G
      net/sched: add ACT_CSUM action to update packets checksums · eb4d4065
      Grégoire Baron 提交于
      net/sched: add ACT_CSUM action to update packets checksums
      
      ACT_CSUM can be called just after ACT_PEDIT in order to re-compute some
      altered checksums in IPv4 and IPv6 packets. The following checksums are
      supported by this patch:
       - IPv4: IPv4 header, ICMP, IGMP, TCP, UDP & UDPLite
       - IPv6: ICMPv6, TCP, UDP & UDPLite
      It's possible to request in the same action to update different kind of
      checksums, if the packets flow mix TCP, UDP and UDPLite, ...
      
      An example of usage is done in the associated iproute2 patch.
      
      Version 3 changes:
       - remove useless goto instructions
       - improve IPv6 hop options decoding
      
      Version 2 changes:
       - coding style correction
       - remove useless arguments of some functions
       - use stack in tcf_csum_dump()
       - add tcf_csum_skb_nextlayer() to factor code
      Signed-off-by: NGregoire Baron <baronchon@n7mm.org>
      Acked-by: Njamal <hadi@cyberus.ca>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      eb4d4065
  15. 24 3月, 2010 1 次提交
    • B
      cgroups: net_cls as module · 8e039d84
      Ben Blum 提交于
      Allows the net_cls cgroup subsystem to be compiled as a module
      
      This patch modifies net/sched/cls_cgroup.c to allow the net_cls subsystem
      to be optionally compiled as a module instead of builtin.  The
      cgroup_subsys struct is moved around a bit to allow the subsys_id to be
      either declared as a compile-time constant by the cgroup_subsys.h include
      in cgroup.h, or, if it's a module, initialized within the struct by
      cgroup_load_subsys.
      Signed-off-by: NBen Blum <bblum@andrew.cmu.edu>
      Acked-by: NLi Zefan <lizf@cn.fujitsu.com>
      Cc: Paul Menage <menage@google.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Cc: Lai Jiangshan <laijs@cn.fujitsu.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8e039d84
  16. 09 2月, 2010 1 次提交
  17. 30 12月, 2008 1 次提交
  18. 20 11月, 2008 1 次提交
  19. 08 11月, 2008 1 次提交
    • T
      pkt_sched: Control group classifier · f4009237
      Thomas Graf 提交于
      The classifier should cover the most common use case and will work
      without any special configuration.
      
      The principle of the classifier is to directly access the
      task_struct via get_current(). In order for this to work,
      classification requests from softirqs must be ignored. This is
      not a problem because the vast majority of packets in softirq
      context are not assigned to a task anyway. For this to work, a
      mechanism is needed to trace softirq context. 
      
      This repost goes back to the method of relying on the number of
      nested bh disable calls for the sake of not adding too much
      complexity and the option to come up with something more reliable
      if actually needed.
      Signed-off-by: NThomas Graf <tgraf@suug.ch>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f4009237
  20. 13 9月, 2008 2 次提交
  21. 28 6月, 2008 1 次提交
  22. 01 2月, 2008 2 次提交
    • P
      [NET_SCHED]: Add flow classifier · e5dfb815
      Patrick McHardy 提交于
      Add new "flow" classifier, which is meant to extend the SFQ hashing
      capabilities without hard-coding new hash functions and also allows
      deterministic mappings of keys to classes, replacing some out of tree
      iptables patches like IPCLASSIFY (maps IPs to classes), IPMARK (maps
      IPs to marks, with fw filters to classes), ...
      
      Some examples:
      
      - Classic SFQ hash:
      
        tc filter add ... flow hash \
        	keys src,dst,proto,proto-src,proto-dst divisor 1024
      
      - Classic SFQ hash, but using information from conntrack to work properly in
        combination with NAT:
      
        tc filter add ... flow hash \
        	keys nfct-src,nfct-dst,proto,nfct-proto-src,nfct-proto-dst divisor 1024
      
      - Map destination IPs of 192.168.0.0/24 to classids 1-257:
      
        tc filter add ... flow map \
        	key dst addend -192.168.0.0 divisor 256
      
      - alternatively:
      
        tc filter add ... flow map \
        	key dst and 0xff
      
      - similar, but reverse ordered:
      
        tc filter add ... flow map \
        	key dst and 0xff xor 0xff
      
      Perturbation is currently not supported because we can't reliable kill the
      timer on destruction.
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e5dfb815
    • P
      [NET_SCHED]: sch_ingress: remove netfilter support · 72eb7bd2
      Patrick McHardy 提交于
      Since the old policer code is gone, TC actions are needed for policing.
      The ingress qdisc can get packets directly from netif_receive_skb()
      in case TC actions are enabled or through netfilter otherwise, but
      since without TC actions there is no policer the only thing it actually
      does is count packets.
      
      Remove the netfilter support and always require TC actions.
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      Acked-by: NJamal Hadi Salim <hadi@cyberus.ca>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      72eb7bd2
  23. 29 1月, 2008 3 次提交
  24. 19 10月, 2007 1 次提交
  25. 11 10月, 2007 1 次提交
    • H
      [PKT_SCHED]: Add stateless NAT · b4219952
      Herbert Xu 提交于
      Stateless NAT is useful in controlled environments where restrictions are
      placed on through traffic such that we don't need connection tracking to
      correctly NAT protocol-specific data.
      
      In particular, this is of interest when the number of flows or the number
      of addresses being NATed is large, or if connection tracking information
      has to be replicated and where it is not practical to do so.
      
      Previously we had stateless NAT functionality which was integrated into
      the IPv4 routing subsystem.  This was a great solution as long as the NAT
      worked on a subnet to subnet basis such that the number of NAT rules was
      relatively small.  The reason is that for SNAT the routing based system
      had to perform a linear scan through the rules.
      
      If the number of rules is large then major renovations would have take
      place in the routing subsystem to make this practical.
      
      For the time being, the least intrusive way of achieving this is to use
      the u32 classifier written by Alexey Kuznetsov along with the actions
      infrastructure implemented by Jamal Hadi Salim.
      
      The following patch is an attempt at this problem by creating a new nat
      action that can be invoked from u32 hash tables which would allow large
      number of stateless NAT rules that can be used/updated in constant time.
      
      The actual NAT code is mostly based on the previous stateless NAT code
      written by Alexey.  In future we might be able to utilise the protocol
      NAT code from netfilter to improve support for other protocols.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b4219952
  26. 18 7月, 2007 1 次提交
  27. 15 7月, 2007 1 次提交
  28. 11 7月, 2007 2 次提交
  29. 26 4月, 2007 1 次提交
  30. 03 12月, 2006 2 次提交
  31. 01 7月, 2006 1 次提交
  32. 21 3月, 2006 1 次提交
  33. 14 1月, 2006 1 次提交
  34. 12 1月, 2006 1 次提交