Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v3.11.10 2013-02-06T10:36:29+00:00 2013-02-06T10:36:29+00:00 Michal Kubecek mkubecek@suse.cz 2013-02-06T09:46:33+00:00 urn:sha1:8d068875caca3b507ffa8a57d521483fd4eebcc7 The xfrm gc threshold can be configured via xfrm{4,6}_gc_thresh sysctl but currently only in init_net, other namespaces always use the default value. This can substantially limit the number of IPsec tunnels that can be effectively used. Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2013-01-07T05:09:56+00:00 Hannes Frederic Sowa hannes@stressinduktion.org 2013-01-05T16:10:48+00:00 urn:sha1:5d134f1c1f36166e8a738de92c4d2f4c262ff91b As per suggestion from Eric Dumazet this patch makes tcp_ecn sysctl namespace aware. The reason behind this patch is to ease the testing of ecn problems on the internet and allows applications to tune their own use of ecn. Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: David Miller <davem@davemloft.net> Cc: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-09-28T18:40:49+00:00 David S. Miller davem@davemloft.net 2012-09-28T18:40:49+00:00 urn:sha1:6a06e5e1bb217be077e1f8ee2745b4c5b1aa02db Conflicts: drivers/net/team/team.c drivers/net/usb/qmi_wwan.c net/batman-adv/bat_iv_ogm.c net/ipv4/fib_frontend.c net/ipv4/route.c net/l2tp/l2tp_netlink.c The team, fib_frontend, route, and l2tp_netlink conflicts were simply overlapping changes. qmi_wwan and bat_iv_ogm were of the "use HEAD" variety. With help from Antonio Quartulli. Signed-off-by: David S. Miller <davem@davemloft.net> 2012-09-18T19:57:03+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2012-09-10T22:09:44+00:00 urn:sha1:b42664f898c976247f7f609b8bb9c94d7475ca10 This commit prepares the use of rt_genid by both IPv4 and IPv6. Initialization is left in IPv4 part. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-09-03T13:34:51+00:00 Pablo Neira Ayuso pablo@netfilter.org 2012-09-03T13:28:30+00:00 urn:sha1:ace1fe1231bdfffd60b5e703aa5b7283fbf98dbd This merges (3f509c6 netfilter: nf_nat_sip: fix incorrect handling of EBUSY for RTCP expectation) to Patrick McHardy's IPv6 NAT changes. 2012-08-30T01:00:14+00:00 Patrick McHardy kaber@trash.net 2012-08-26T17:14:06+00:00 urn:sha1:c7232c9979cba684c50b64c513c4a83c9aa70563 Convert the IPv4 NAT implementation to a protocol independent core and address family specific modules. Signed-off-by: Patrick McHardy <kaber@trash.net> 2012-08-15T04:49:10+00:00 Eric W. Biederman ebiederm@xmission.com 2012-05-24T16:34:21+00:00 urn:sha1:7064d16e162adf8199f0288b694e6af823ed5431 - Store sysctl_ping_group_range as a paire of kgid_t values instead of a pair of gid_t values. - Move the kgid conversion work from ping_init_sock into ipv4_ping_group_range - For invalid cases reset to the default disabled state. With the kgid_t conversion made part of the original value sanitation from userspace understand how the code will react becomes clearer and it becomes possible to set the sysctl ping group range from something other than the initial user namespace. Cc: Vasiliy Kulikov <segoon@openwall.com> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> 2012-07-30T21:53:22+00:00 Eric Dumazet edumazet@google.com 2012-07-30T07:14:29+00:00 urn:sha1:0c7462a2351b4cc502f326aad7fedd04909928be After IP route cache removal, rt_cache_rebuild_count is no longer used. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-07-20T17:59:41+00:00 Eric Dumazet edumazet@google.com 2012-07-19T23:02:34+00:00 urn:sha1:5815d5e7aae3cc9c5e85af83094d4d6498c3f4fc Fix a missing roundup_pow_of_two(), since tcpmhash_entries is not guaranteed to be a power of two. Uses hash_32() instead of custom hash. tcpmhash_entries should be an unsigned int. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-07-19T17:35:30+00:00 Eric Dumazet edumazet@google.com 2012-07-19T07:34:03+00:00 urn:sha1:be9f4a44e7d41cee50ddb5f038fc2391cbbb4046 tcp_v4_send_reset() and tcp_v4_send_ack() use a single socket per network namespace. This leads to bad behavior on multiqueue NICS, because many cpus contend for the socket lock and once socket lock is acquired, extra false sharing on various socket fields slow down the operations. To better resist to attacks, we use a percpu socket. Each cpu can run without contention, using appropriate memory (local node) Additional features : 1) We also mirror the queue_mapping of the incoming skb, so that answers use the same queue if possible. 2) Setting SOCK_USE_WRITE_QUEUE socket flag speedup sock_wfree() 3) We now limit the number of in-flight RST/ACK [1] packets per cpu, instead of per namespace, and we honor the sysctl_wmem_default limit dynamically. (Prior to this patch, sysctl_wmem_default value was copied at boot time, so any further change would not affect tcp_sock limit) [1] These packets are only generated when no socket was matched for the incoming packet. Reported-by: Bill Sommerfeld <wsommerfeld@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Tom Herbert <therbert@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>