Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-3.17.y 2014-03-11T01:45:11Z 2014-03-11T01:45:11Z Eric Dumazet edumazet@google.com 2014-03-10T14:09:07Z urn:sha1:d32d9bb85c65f52bed99a0149b47e9f6578c44c5 It is not legal to create multiple kmem_cache having the same name. flowcache can use a single kmem_cache, no need for a per netns one. Fixes: ca925cf1534e ("flowcache: Make flow cache name space aware") Reported-by: Jakub Kicinski <moorray3@wp.pl> Tested-by: Jakub Kicinski <moorray3@wp.pl> Tested-by: Fan Du <fan.du@windriver.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2014-02-19T09:35:43Z Steffen Klassert steffen.klassert@secunet.com 2014-02-19T09:07:34Z urn:sha1:1a1ccc96abb2ed9b8fbb71018e64b97324caef53 We currently cache socket policy bundles at xfrm_policy_sk_bundles. These cached bundles are never used. Instead we create and cache a new one whenever xfrm_lookup() is called on a socket policy. Most protocols cache the used routes to the socket, so let's remove the unused caching of socket policy bundles in xfrm. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2014-02-12T06:02:11Z Fan Du fan.du@windriver.com 2014-01-18T01:55:27Z urn:sha1:ca925cf1534ebcec332c08719a7dee6ee1782ce4 Inserting a entry into flowcache, or flushing flowcache should be based on per net scope. The reason to do so is flushing operation from fat netns crammed with flow entries will also making the slim netns with only a few flow cache entries go away in original implementation. Since flowcache is tightly coupled with IPsec, so it would be easier to put flow cache global parameters into xfrm namespace part. And one last thing needs to do is bumping flow cache genid, and flush flow cache should also be made in per net style. Signed-off-by: Fan Du <fan.du@windriver.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2013-12-06T06:24:31Z Steffen Klassert steffen.klassert@secunet.com 2013-08-27T11:43:30Z urn:sha1:5b8ef3415a21f173ab115e90ec92c071a03f22d7 We now queue packets to the policy if the states are not yet resolved, this replaces the ancient sleeping code. Also the sleeping can cause indefinite task hangs if the needed state does not get resolved. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2013-12-06T05:45:06Z Fan Du fan.du@windriver.com 2013-11-07T09:47:50Z urn:sha1:283bc9f35bbbcb0e9ab4e6d2427da7f9f710d52d By semantics, xfrm layer is fully name space aware, so will the locks, e.g. xfrm_state/pocliy_lock. Ensure exclusive access into state/policy link list for different name space with one global lock is not right in terms of semantics aspect at first place, as they are indeed mutually independent with each other, but also more seriously causes scalability problem. One practical scenario is on a Open Network Stack, more than hundreds of lxc tenants acts as routers within one host, a global xfrm_state/policy_lock becomes the bottleneck. But onces those locks are decoupled in a per-namespace fashion, locks contend is just with in specific name space scope, without causing additional SPD/SAD access delay for other name space. Also this patch improve scalability while as without changing original xfrm behavior. Signed-off-by: Fan Du <fan.du@windriver.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2011-12-11T23:25:16Z Eric Dumazet eric.dumazet@gmail.com 2011-12-10T09:48:31Z urn:sha1:dfd56b8b38fff3586f36232db58e1e9f7885a605 Instead of testing defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2010-10-17T20:49:14Z Eric Dumazet eric.dumazet@gmail.com 2010-10-14T05:56:18Z urn:sha1:8e602ce2980fd6941dc0d3dda12e5095e8206f34 In a network bench, I noticed an unfortunate false sharing between 'loopback_dev' and 'count' fields in "struct net". 'count' is written each time a socket is created or destroyed, while loopback_dev might be often read in routing code. Move loopback_dev in a read mostly section of "struct net" Note: struct netns_xfrm is cache line aligned on SMP. (It contains a "struct dst_ops") Move it at the end to avoid holes, and reduce sizeof(struct net) by 128 bytes on ia32. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2010-01-25T06:47:53Z Alexey Dobriyan adobriyan@gmail.com 2010-01-25T06:47:53Z urn:sha1:d7c7544c3d5f59033d1bf3236bc7b289f5f26b75 GC is non-existent in netns, so after you hit GC threshold, no new dst entries will be created until someone triggers cleanup in init_net. Make xfrm4_dst_ops and xfrm6_dst_ops per-netns. This is not done in a generic way, because it woule waste (AF_MAX - 2) * sizeof(struct dst_ops) bytes per-netns. Reorder GC threshold initialization so it'd be done before registering XFRM policies. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2009-12-03T20:22:03Z Eric W. Biederman ebiederm@xmission.com 2009-12-03T02:29:05Z urn:sha1:d79d792ef9f99cca463b6619a93e860d1c833a6e xfrm.nlsk is provided by the xfrm_user module and is access via rcu from other parts of the xfrm code. Add xfrm.nlsk_stash a copy of xfrm.nlsk that will never be set to NULL. This allows the synchronize_net and netlink_kernel_release to be deferred until a whole batch of xfrm.nlsk sockets have been set to NULL. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-11-26T02:00:48Z Alexey Dobriyan adobriyan@gmail.com 2008-11-26T02:00:48Z urn:sha1:b27aeadb5948d400df83db4d29590fb9862ba49d Make net.core.xfrm_aevent_etime net.core.xfrm_acq_expires net.core.xfrm_aevent_rseqth net.core.xfrm_larval_drop sysctls per-netns. For that make net_core_path[] global, register it to prevent two /proc/net/core antries and change initcall position -- xfrm_init() is called from fs_initcall, so this one should be fs_initcall at least. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>