1. 09 12月, 2016 35 次提交
  2. 08 12月, 2016 5 次提交
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · 5fccd64a
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter/IPVS updates for net-next
      
      The following patchset contains a large Netfilter update for net-next,
      to summarise:
      
      1) Add support for stateful objects. This series provides a nf_tables
         native alternative to the extended accounting infrastructure for
         nf_tables. Two initial stateful objects are supported: counters and
         quotas. Objects are identified by a user-defined name, you can fetch
         and reset them anytime. You can also use a maps to allow fast lookups
         using any arbitrary key combination. More info at:
      
         http://marc.info/?l=netfilter-devel&m=148029128323837&w=2
      
      2) On-demand registration of nf_conntrack and defrag hooks per netns.
         Register nf_conntrack hooks if we have a stateful ruleset, ie.
         state-based filtering or NAT. The new nf_conntrack_default_on sysctl
         enables this from newly created netnamespaces. Default behaviour is not
         modified. Patches from Florian Westphal.
      
      3) Allocate 4k chunks and then use these for x_tables counter allocation
         requests, this improves ruleset load time and also datapath ruleset
         evaluation, patches from Florian Westphal.
      
      4) Add support for ebpf to the existing x_tables bpf extension.
         From Willem de Bruijn.
      
      5) Update layer 4 checksum if any of the pseudoheader fields is updated.
         This provides a limited form of 1:1 stateless NAT that make sense in
         specific scenario, eg. load balancing.
      
      6) Add support to flush sets in nf_tables. This series comes with a new
         set->ops->deactivate_one() indirection given that we have to walk
         over the list of set elements, then deactivate them one by one.
         The existing set->ops->deactivate() performs an element lookup that
         we don't need.
      
      7) Two patches to avoid cloning packets, thus speed up packet forwarding
         via nft_fwd from ingress. From Florian Westphal.
      
      8) Two IPVS patches via Simon Horman: Decrement ttl in all modes to
         prevent infinite loops, patch from Dwip Banerjee. And one minor
         refactoring from Gao feng.
      
      9) Revisit recent log support for nf_tables netdev families: One patch
         to ensure that we correctly handle non-ethernet packets. Another
         patch to add missing logger definition for netdev. Patches from
         Liping Zhang.
      
      10) Three patches for nft_fib, one to address insufficient register
          initialization and another to solve incorrect (although harmless)
          byteswap operation. Moreover update xt_rpfilter and nft_fib to match
          lbcast packets with zeronet as source, eg. DHCP Discover packets
          (0.0.0.0 -> 255.255.255.255). Also from Liping Zhang.
      
      11) Built-in DCCP, SCTP and UDPlite conntrack and NAT support, from
          Davide Caratti. While DCCP is rather hopeless lately, and UDPlite has
          been broken in many-cast mode for some little time, let's give them a
          chance by placing them at the same level as other existing protocols.
          Thus, users don't explicitly have to modprobe support for this and
          NAT rules work for them. Some people point to the lack of support in
          SOHO Linux-based routers that make deployment of new protocols harder.
          I guess other middleboxes outthere on the Internet are also to blame.
          Anyway, let's see if this has any impact in the midrun.
      
      12) Skip software SCTP software checksum calculation if the NIC comes
          with SCTP checksum offload support. From Davide Caratti.
      
      13) Initial core factoring to prepare conversion to hook array. Three
          patches from Aaron Conole.
      
      14) Gao Feng made a wrong conversion to switch in the xt_multiport
          extension in a patch coming in the previous batch. Fix it in this
          batch.
      
      15) Get vmalloc call in sync with kmalloc flags to avoid a warning
          and likely OOM killer intervention from x_tables. From Marcelo
          Ricardo Leitner.
      
      16) Update Arturo Borrero's email address in all source code headers.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5fccd64a
    • D
      Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue · 63c36c40
      David S. Miller 提交于
      Jeff Kirsher says:
      
      ====================
      40GbE Intel Wired LAN Driver Updates 2016-12-07
      
      This series contains updates to i40e and i40evf only.
      
      Filip modifies the i40e to log link speed change and when the link is
      brought up and down.
      
      Mitch replaces i40e_txd_use_count() with a new function which is slightly
      faster and better documented so the dim witted can better follow the
      code.  Fixes the locking of the service task so that it is actually
      done in the service task and not in the scheduling function which calls
      the service task.
      
      Jacob, being the busy little beaver he is, provides most of the changes
      starting restores a workaround that is still needed in some configurations,
      specifically the Ethernet Controller XL710 for 40GbE QSFP+.  Removes
      duplicate code and simplifies the i40e_vsi_add_vlan() and
      i40e_vsi_kill_vlan() functions.  Removes detection of PTP frames over L4
      (UDP) on the XL710 MAC, since there was a product decision to defeature
      it.  Fixed a previous refactor of active filters which caused issues in
      the accounting of active_filters.  Remaining work was done in the VLAN
      filters to improve readability and simplify code as much as possible
      to reduce inconsistencies.
      
      Alex fixes foul budget accounting in core code by returning actual
      work done, capped to budget-1.
      
      Henry fixes the "ethtool -p" function for 1G BaseT PHYs.
      
      Carolyn adds support for 25G devices for i40e and i40evf.
      
      Michal adds functions to apply the correct access method for external PHYs
      which could use Clause22 or Clause45 depending on the PHY.
      
      v2: dropped last patch from previous series, since changes are needed based
          on feedback from Sergei Shtylyov
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      63c36c40
    • Z
      dummy: expend mtu range for dummy device · 25e3e84b
      Zhang Shengju 提交于
      After commit 61e84623 ("net: centralize net_device min/max MTU checking"),
      the mtu range for dummy device becomes [68, 1500].
      
      This patch extends it to [0, 65535].
      Signed-off-by: NZhang Shengju <zhangshengju@cmss.chinamobile.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      25e3e84b
    • Z
      nlmon: use core MTU range checking in nlmon driver · e82621e3
      Zhang Shengju 提交于
      Since commit 61e84623 ("net: centralize net_device min/max MTU checking"),
      mtu range is checked at dev_set_mtu().
      
      This patch adds min_mtu for nlmon device and remove unnecessary
      ndo_change_mtu() function.
      Signed-off-by: NZhang Shengju <zhangshengju@cmss.chinamobile.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e82621e3
    • G
      driver: macvlan: Remove the rcu member of macvlan_port · a1f5315c
      Gao Feng 提交于
      When free macvlan_port in macvlan_port_destroy, it is safe to free
      directly because netdev_rx_handler_unregister could enforce one
      grace period.
      So it is unnecessary to use kfree_rcu for macvlan_port.
      Signed-off-by: NGao Feng <fgao@ikuai8.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a1f5315c