1. 10 May, 2012 20 commits
    • Jacob Keller's avatar
      ixgbe: Hardware Timestamping + PTP Hardware Clock (PHC) · 3a6a4eda
      Jacob Keller authored
      
      
      This patch enables hardware timestamping for use with PTP software by
      extracting a ns counter from an arbitrary fixed point cycles counter.
      The hardware generates SYSTIME registers using the DMA tick which
      changes based on the current link speed. These SYSTIME registers are
      converted to ns using the cyclecounter and timecounter structures
      provided by the kernel. Using the SO_TIMESTAMPING api, software can
      enable and access timestamps for PTP packets.
      
      The SO_TIMESTAMPING API has space for 3 different kinds of timestamps,
      SYS, RAW, and SOF. SYS hardware timestamps are hardware ns values that
      are then scaled to the software clock. RAW hardware timestamps are the
      direct raw value of the ns counter. SOF software timestamps are the
      software timestamp calculated as close as possible to the software
      transmit, but are not offloaded to the hardware. This patch only
      supports the RAW hardware timestamps due to inefficiency of the SYS
      design.
      
      This patch also enables the PHC subsystem features for atomically
      adjusting the cycle register, and adjusting the clock frequency in
      parts per billion. This frequency adjustment works by slightly
      adjusting the value added to the cycle registers each DMA tick. This
      causes the hardware registers to overflow rapidly (approximately once
      every 34 seconds, when at 10gig link). To solve this, the timecounter
      structure is used, along with a timer set for every 25 seconds. This
      allows for detecting register overflow and converting the cycle
      counter registers into ns values needed for providing useful
      timestamps to the network stack.
      
      Only the basic required clock functions are supported at this time,
      although the hardware supports some ancillary features and these could
      easily be enabled in the future.
      
      Note that use of this hardware timestamping requires modifying daemon
      software to use the SO_TIMESTAMPING API for timestamps, and the
      ptp_clock PHC framework for accessing the clock. The timestamps have
      no relation to the system time at all, so software must use the posix
      clock generated by the PHC framework instead.
      Signed-off-by: default avatarJacob E Keller <jacob.e.keller@intel.com>
      Tested-by: default avatarStephen Ko <stephen.s.ko@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      3a6a4eda
    • Greg Rose's avatar
      ixgbe: Fix bogus error message · 44b82dde
      Greg Rose authored
      
      
      If the VF sends a MACVLAN request with index of zero then it is not
      actually trying to add a filter.  Check the index value and only
      indicate that operation is not allowed when the VF is actually trying
      to add a filter.
      Signed-off-by: default avatarGreg Rose <gregory.v.rose@intel.com>
      Tested-by: default avatarSibai Li <sibai.li@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      44b82dde
    • Alexander Duyck's avatar
      ixgbe: Set Drop_EN bit when multiple Rx queues are present w/o flow control · 3ebe8fde
      Alexander Duyck authored
      
      
      The drop enable bit can be used to improve the performance of the adapter
      in the case of multiple queues being present.  This performance gain is due
      to the fact that some slower CPUs can cause the FIFO to backfill preventing
      faster CPUs from receiving additional work.  By setting the drop enable bit
      we prevent this and instead just drop the packets that would have been
      bound for the slower CPU.
      Signed-off-by: default avatarAlexander Duyck <alexander.h.duyck@intel.com>
      Tested-by: default avatarRoss Brattain <ross.b.brattain@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      3ebe8fde
    • Alexander Duyck's avatar
      ixgbe: Clean up priority based flow control · 943561d3
      Alexander Duyck authored
      
      
      This change cleans up the logic in the priority based flow control
      configuration routines.  Both the 82599 and 82598 based routines perform
      similar functions however they are both arranged completely differently.
      This patch goes over both of them to clean up the code.
      
      In addition I am dropping the ixgbe_fc_pfc flow control mode and instead
      just replacing it with checks for if priority flow control is enabled.
      This allows us to maintain some of the link flow control information which
      allows for an easier transition between link and priority flow control.
      Signed-off-by: default avatarAlexander Duyck <alexander.h.duyck@intel.com>
      Tested-by: default avatarRoss Brattain <ross.b.brattain@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      943561d3
    • Alexander Duyck's avatar
      ixgbe: Exit on error case in VF message processing · dcaccc82
      Alexander Duyck authored
      
      
      Previously we would get a mailbox error and still process the message.
      Instead we should exit on error.
      
      In addition we should also be flushing the ACK of the message so that we
      can guarantee that the other end is aware we have received the message
      while we are processing it.
      Signed-off-by: default avatarAlexander Duyck <alexander.h.duyck@intel.com>
      Tested-by: default avatarSibai Li <sibai.li@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      dcaccc82
    • Koki Sanagi's avatar
      igb: output register's information related to RX/TX queue[4-15] · 7e3b4ffb
      Koki Sanagi authored
      
      
      Current igb outputs registers related to TX/RX queues(ex. RDT, RDH, TDT, TDH).
      But it thinks the number of RX/TX queues is 4. But 82576 has 16 RX/TX queues.
      This patch modifies igb to output the rest of the registers if the device is
      82576.
      Signed-off-by: default avatarKoki Sanagi <sanagi.koki@jp.fujitsu.com>
      Acked-by: default avatarCarolyn Wyborny <carolyn.wyborny@intel.com>
      Tested-by: default avatarAaron Brown <aaron.f.brown@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      7e3b4ffb
    • Jeff Kirsher's avatar
    • Joe Perches's avatar
      dsa: Convert compare_ether_addr to ether_addr_equal · 8feedbb4
      Joe Perches authored
      
      
      Use the new bool function ether_addr_equal to add
      some clarity and reduce the likelihood for misuse
      of compare_ether_addr for sorting.
      
      Done via cocci script:
      
      $ cat compare_ether_addr.cocci
      @@
      expression a,b;
      @@
      -	!compare_ether_addr(a, b)
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	compare_ether_addr(a, b)
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) == 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) != 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) == 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) != 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!!ether_addr_equal(a, b)
      +	ether_addr_equal(a, b)
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8feedbb4
    • Joe Perches's avatar
      wireless: Convert compare_ether_addr to ether_addr_equal by hand · 4c764729
      Joe Perches authored
      
      
      spatch/coccinelle isn't perfect.  It doesn't understand
      __aligned(x) and doesn't convert functions it can't parse.
      
      Convert the remaining compare_ether_addr uses.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4c764729
    • Joe Perches's avatar
      wireless: Convert compare_ether_addr to ether_addr_equal · ac422d3c
      Joe Perches authored
      
      
      Use the new bool function ether_addr_equal to add
      some clarity and reduce the likelihood for misuse
      of compare_ether_addr for sorting.
      
      I removed a conversion from scan.c/cmp_bss_core
      that appears to be a sorting function.
      
      Done via cocci script:
      
      $ cat compare_ether_addr.cocci
      @@
      expression a,b;
      @@
      -	!compare_ether_addr(a, b)
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	compare_ether_addr(a, b)
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) == 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) != 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) == 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) != 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!!ether_addr_equal(a, b)
      +	ether_addr_equal(a, b)
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ac422d3c
    • Joe Perches's avatar
      netfilter: Convert compare_ether_addr to ether_addr_equal · 8561cf99
      Joe Perches authored
      
      
      Use the new bool function ether_addr_equal to add
      some clarity and reduce the likelihood for misuse
      of compare_ether_addr for sorting.
      
      Done via cocci script:
      
      $ cat compare_ether_addr.cocci
      @@
      expression a,b;
      @@
      -	!compare_ether_addr(a, b)
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	compare_ether_addr(a, b)
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) == 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) != 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) == 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) != 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!!ether_addr_equal(a, b)
      +	ether_addr_equal(a, b)
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8561cf99
    • Joe Perches's avatar
      mac80211: Convert compare_ether_addr to ether_addr_equal by hand · 3bc7945e
      Joe Perches authored
      
      
      spatch/coccinelle isn't perfect.  It doesn't understand
      __aligned(x) and doesn't convert functions it can't parse.
      
      Convert the remaining compare_ether_addr uses.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3bc7945e
    • Joe Perches's avatar
      mac80211: Convert compare_ether_addr to ether_addr_equal · b203ca39
      Joe Perches authored
      
      
      Use the new bool function ether_addr_equal to add
      some clarity and reduce the likelihood for misuse
      of compare_ether_addr for sorting.
      
      Done via cocci script:
      
      $ cat compare_ether_addr.cocci
      @@
      expression a,b;
      @@
      -	!compare_ether_addr(a, b)
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	compare_ether_addr(a, b)
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) == 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) != 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) == 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) != 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!!ether_addr_equal(a, b)
      +	ether_addr_equal(a, b)
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b203ca39
    • Joe Perches's avatar
      bluetooth: Convert compare_ether_addr to ether_addr_equal · c47fc981
      Joe Perches authored
      
      
      Use the new bool function ether_addr_equal to add
      some clarity and reduce the likelihood for misuse
      of compare_ether_addr for sorting.
      
      Done via cocci script:
      
      $ cat compare_ether_addr.cocci
      @@
      expression a,b;
      @@
      -	!compare_ether_addr(a, b)
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	compare_ether_addr(a, b)
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) == 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) != 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) == 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) != 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!!ether_addr_equal(a, b)
      +	ether_addr_equal(a, b)
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c47fc981
    • Joe Perches's avatar
      atm: Convert compare_ether_addr to ether_addr_equal · 150238eb
      Joe Perches authored
      
      
      Use the new bool function ether_addr_equal to add
      some clarity and reduce the likelihood for misuse
      of compare_ether_addr for sorting.
      
      Done via cocci script:
      
      $ cat compare_ether_addr.cocci
      @@
      expression a,b;
      @@
      -	!compare_ether_addr(a, b)
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	compare_ether_addr(a, b)
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) == 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) != 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) == 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) != 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!!ether_addr_equal(a, b)
      +	ether_addr_equal(a, b)
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      150238eb
    • Joe Perches's avatar
      bridge: Convert compare_ether_addr to ether_addr_equal · 9a7b6ef9
      Joe Perches authored
      
      
      Use the new bool function ether_addr_equal to add
      some clarity and reduce the likelihood for misuse
      of compare_ether_addr for sorting.
      
      Done via cocci script:
      
      $ cat compare_ether_addr.cocci
      @@
      expression a,b;
      @@
      -	!compare_ether_addr(a, b)
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	compare_ether_addr(a, b)
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) == 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) != 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) == 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) != 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!!ether_addr_equal(a, b)
      +	ether_addr_equal(a, b)
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9a7b6ef9
    • Joe Perches's avatar
      bridge: netfilter: Convert compare_ether_addr to ether_addr_equal · 171fe5ef
      Joe Perches authored
      
      
      Use the new bool function ether_addr_equal to add
      some clarity and reduce the likelihood for misuse
      of compare_ether_addr for sorting.
      
      Done via cocci script:
      
      $ cat compare_ether_addr.cocci
      @@
      expression a,b;
      @@
      -	!compare_ether_addr(a, b)
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	compare_ether_addr(a, b)
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) == 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) != 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) == 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) != 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!!ether_addr_equal(a, b)
      +	ether_addr_equal(a, b)
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Acked-by: default avatarStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      171fe5ef
    • Joe Perches's avatar
      8021q: Convert compare_ether_addr to ether_addr_equal · 53a2b3a1
      Joe Perches authored
      
      
      Use the new bool function ether_addr_equal to add
      some clarity and reduce the likelihood for misuse
      of compare_ether_addr for sorting.
      
      Done via cocci script:
      
      $ cat compare_ether_addr.cocci
      @@
      expression a,b;
      @@
      -	!compare_ether_addr(a, b)
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	compare_ether_addr(a, b)
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) == 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) != 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) == 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) != 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!!ether_addr_equal(a, b)
      +	ether_addr_equal(a, b)
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      53a2b3a1
    • Joe Perches's avatar
      802: Convert compare_ether_addr to ether_addr_equal · 28b29801
      Joe Perches authored
      
      
      Use the new bool function ether_addr_equal to add
      some clarity and reduce the likelihood for misuse
      of compare_ether_addr for sorting.
      
      Done via cocci script:
      
      $ cat compare_ether_addr.cocci
      @@
      expression a,b;
      @@
      -	!compare_ether_addr(a, b)
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	compare_ether_addr(a, b)
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) == 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!ether_addr_equal(a, b) != 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) == 0
      +	!ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	ether_addr_equal(a, b) != 0
      +	ether_addr_equal(a, b)
      
      @@
      expression a,b;
      @@
      -	!!ether_addr_equal(a, b)
      +	ether_addr_equal(a, b)
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      28b29801
    • Joe Perches's avatar
      etherdevice.h: Add ether_addr_equal · a599b0f5
      Joe Perches authored
      
      
      Add a boolean function to check if 2 ethernet addresses
      are the same.
      
      This is to avoid any confusion about compare_ether_addr
      returning an unsigned, and not being able to use the
      compare_ether_addr function for sorting ala memcmp.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a599b0f5
  2. 09 May, 2012 8 commits
  3. 08 May, 2012 12 commits
    • David S. Miller's avatar
      9bb862be
    • Pablo Neira Ayuso's avatar
      netfilter: remove ip_queue support · d16cf20e
      Pablo Neira Ayuso authored
      
      
      This patch removes ip_queue support which was marked as obsolete
      years ago. The nfnetlink_queue modules provides more advanced
      user-space packet queueing mechanism.
      
      This patch also removes capability code included in SELinux that
      refers to ip_queue. Otherwise, we break compilation.
      
      Several warning has been sent regarding this to the mailing list
      in the past month without anyone rising the hand to stop this
      with some strong argument.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      d16cf20e
    • Pablo Neira Ayuso's avatar
      netfilter: nf_conntrack: fix explicit helper attachment and NAT · 6714cf54
      Pablo Neira Ayuso authored
      
      
      Explicit helper attachment via the CT target is broken with NAT
      if non-standard ports are used. This problem was hidden behind
      the automatic helper assignment routine. Thus, it becomes more
      noticeable now that we can disable the automatic helper assignment
      with Eric Leblond's:
      
      9e8ac5a netfilter: nf_ct_helper: allow to disable automatic helper assignment
      
      Basically, nf_conntrack_alter_reply asks for looking up the helper
      up if NAT is enabled. Unfortunately, we don't have the conntrack
      template at that point anymore.
      
      Since we don't want to rely on the automatic helper assignment,
      we can skip the second look-up and stick to the helper that was
      attached by iptables. With the CT target, the user is in full
      control of helper attachment, thus, the policy is to trust what
      the user explicitly configures via iptables (no automatic magic
      anymore).
      
      Interestingly, this bug was hidden by the automatic helper look-up
      code. But it can be easily trigger if you attach the helper in
      a non-standard port, eg.
      
      iptables -I PREROUTING -t raw -p tcp --dport 8888 \
      	-j CT --helper ftp
      
      And you disabled the automatic helper assignment.
      
      I added the IPS_HELPER_BIT that allows us to differenciate between
      a helper that has been explicitly attached and those that have been
      automatically assigned. I didn't come up with a better solution
      (having backward compatibility in mind).
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      6714cf54
    • Kelvie Wong's avatar
      netfilter: nf_ct_expect: partially implement ctnetlink_change_expect · 9768e1ac
      Kelvie Wong authored
      
      
      This refreshes the "timeout" attribute in existing expectations if one is
      given.
      
      The use case for this would be for userspace helpers to extend the lifetime
      of the expectation when requested, as this is not possible right now
      without deleting/recreating the expectation.
      
      I use this specifically for forwarding DCERPC traffic through:
      
      DCERPC has a port mapper daemon that chooses a (seemingly) random port for
      future traffic to go to. We expect this traffic (with a reasonable
      timeout), but sometimes the port mapper will tell the client to continue
      using the same port. This allows us to extend the expectation accordingly.
      Signed-off-by: default avatarKelvie Wong <kelvie@ieee.org>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      9768e1ac
    • Hans Schillstrom's avatar
      net: export sysctl_[r|w]mem_max symbols needed by ip_vs_sync · 6d8ebc8a
      Hans Schillstrom authored
      
      
      To build ip_vs as a module sysctl_rmem_max and sysctl_wmem_max
      needs to be exported.
      
      The dependency was added by "ipvs: wakeup master thread" patch.
      Signed-off-by: default avatarHans Schillstrom <hans.schillstrom@ericsson.com>
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      6d8ebc8a
    • H Hartley Sweeten's avatar
      ipvs: ip_vs_proto: local functions should not be exposed globally · 068d5220
      H Hartley Sweeten authored
      
      
      Functions not referenced outside of a source file should be marked
      static to prevent it from being exposed globally.
      
      This quiets the sparse warnings:
      
      warning: symbol '__ipvs_proto_data_get' was not declared. Should it be static?
      Signed-off-by: default avatarH Hartley Sweeten <hsweeten@visionengravers.com>
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      068d5220
    • H Hartley Sweeten's avatar
      ipvs: ip_vs_ftp: local functions should not be exposed globally · d5cce208
      H Hartley Sweeten authored
      
      
      Functions not referenced outside of a source file should be marked
      static to prevent it from being exposed globally.
      
      This quiets the sparse warnings:
      
      warning: symbol 'ip_vs_ftp_init' was not declared. Should it be static?
      Signed-off-by: default avatarH Hartley Sweeten <hsweeten@visionengravers.com>
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      d5cce208
    • Pablo Neira Ayuso's avatar
      ipvs: optimize the use of flags in ip_vs_bind_dest · 6b324dbf
      Pablo Neira Ayuso authored
      
      
      	cp->flags is marked volatile but ip_vs_bind_dest
      can safely modify the flags, so save some CPU cycles by
      using temp variable.
      Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      6b324dbf
    • Pablo Neira Ayuso's avatar
      ipvs: add support for sync threads · f73181c8
      Pablo Neira Ayuso authored
      
      
      	Allow master and backup servers to use many threads
      for sync traffic. Add sysctl var "sync_ports" to define the
      number of threads. Every thread will use single UDP port,
      thread 0 will use the default port 8848 while last thread
      will use port 8848+sync_ports-1.
      
      	The sync traffic for connections is scheduled to many
      master threads based on the cp address but one connection is
      always assigned to same thread to avoid reordering of the
      sync messages.
      
      	Remove ip_vs_sync_switch_mode because this check
      for sync mode change is still risky. Instead, check for mode
      change under sync_buff_lock.
      
      	Make sure the backup socks do not block on reading.
      
      Special thanks to Aleksey Chudov for helping in all tests.
      Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
      Tested-by: default avatarAleksey Chudov <aleksey.chudov@gmail.com>
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      f73181c8
    • Julian Anastasov's avatar
      ipvs: reduce sync rate with time thresholds · 749c42b6
      Julian Anastasov authored
      
      
      	Add two new sysctl vars to control the sync rate with the
      main idea to reduce the rate for connection templates because
      currently it depends on the packet rate for controlled connections.
      This mechanism should be useful also for normal connections
      with high traffic.
      
      sync_refresh_period: in seconds, difference in reported connection
      	timer that triggers new sync message. It can be used to
      	avoid sync messages for the specified period (or half of
      	the connection timeout if it is lower) if connection state
      	is not changed from last sync.
      
      sync_retries: integer, 0..3, defines sync retries with period of
      	sync_refresh_period/8. Useful to protect against loss of
      	sync messages.
      
      	Allow sysctl_sync_threshold to be used with
      sysctl_sync_period=0, so that only single sync message is sent
      if sync_refresh_period is also 0.
      
      	Add new field "sync_endtime" in connection structure to
      hold the reported time when connection expires. The 2 lowest
      bits will represent the retry count.
      
      	As the sysctl_sync_period now can be 0 use ACCESS_ONCE to
      avoid division by zero.
      
      	Special thanks to Aleksey Chudov for being patient with me,
      for his extensive reports and helping in all tests.
      Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
      Tested-by: default avatarAleksey Chudov <aleksey.chudov@gmail.com>
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      749c42b6
    • Pablo Neira Ayuso's avatar
      ipvs: wakeup master thread · 1c003b15
      Pablo Neira Ayuso authored
      
      
      	High rate of sync messages in master can lead to
      overflowing the socket buffer and dropping the messages.
      Fixed sleep of 1 second without wakeup events is not suitable
      for loaded masters,
      
      	Use delayed_work to schedule sending for queued messages
      and limit the delay to IPVS_SYNC_SEND_DELAY (20ms). This will
      reduce the rate of wakeups but to avoid sending long bursts we
      wakeup the master thread after IPVS_SYNC_WAKEUP_RATE (8) messages.
      
      	Add hard limit for the queued messages before sending
      by using "sync_qlen_max" sysctl var. It defaults to 1/32 of
      the memory pages but actually represents number of messages.
      It will protect us from allocating large parts of memory
      when the sending rate is lower than the queuing rate.
      
      	As suggested by Pablo, add new sysctl var
      "sync_sock_size" to configure the SNDBUF (master) or
      RCVBUF (slave) socket limit. Default value is 0 (preserve
      system defaults).
      
      	Change the master thread to detect and block on
      SNDBUF overflow, so that we do not drop messages when
      the socket limit is low but the sync_qlen_max limit is
      not reached. On ENOBUFS or other errors just drop the
      messages.
      
      	Change master thread to enter TASK_INTERRUPTIBLE
      state early, so that we do not miss wakeups due to messages or
      kthread_should_stop event.
      
      Thanks to Pablo Neira Ayuso for his valuable feedback!
      Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      1c003b15
    • Julian Anastasov's avatar
      ipvs: always update some of the flags bits in backup · cdcc5e90
      Julian Anastasov authored
      
      
      	As the goal is to mirror the inactconns/activeconns
      counters in the backup server, make sure the cp->flags are
      updated even if cp is still not bound to dest. If cp->flags
      are not updated ip_vs_bind_dest will rely only on the initial
      flags when updating the counters. To avoid mistakes and
      complicated checks for protocol state rely only on the
      IP_VS_CONN_F_INACTIVE bit when updating the counters.
      Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
      Tested-by: default avatarAleksey Chudov <aleksey.chudov@gmail.com>
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      cdcc5e90