mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/include/net
History
David S. Miller 99cb99aa05 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 
Pablo Neira Ayuso says:

====================
Netfilter/IPVS updates for net-next

The following patchset contains Netfilter/IPVS updates for your net-next tree
in this 4.4 development cycle, they are:

1) Schedule ICMP traffic to IPVS instances, this introduces a new schedule_icmp
   proc knob to enable/disable it. By default is off to retain the old
   behaviour. Patchset from Alex Gartrell.

I'm also including what Alex originally said for the record:

"The configuration of ipvs at Facebook is relatively straightforward.  All
ipvs instances bgp advertise a set of VIPs and the network prefers the
nearest one or uses ECMP in the event of a tie.  For the uninitiated, ECMP
deterministically and statelessly load balances by hashing the packet
(usually a 5-tuple of protocol, saddr, daddr, sport, and dport) and using
that number as an index (basic hash table type logic).

The problem is that ICMP packets (which contain really important
information like whether or not an MTU has been exceeded) will get a
different hash value and may end up at a different ipvs instance.  With no
information about where to route these packets, they are dropped, creating
ICMP black holes and breaking Path MTU discovery.  Suddenly, my mom's
pictures can't load and I'm fielding midday calls that I want nothing to do
with.

To address this, this patch set introduces the ability to schedule icmp
packets which is gated by a sysctl net.ipv4.vs.schedule_icmp.  If set to 0,
the old behavior is maintained -- otherwise ICMP packets are scheduled."

2) Add another proc entry to ignore tunneled packets to avoid routing loops
   from IPVS, also from Alex.

3) Fifteen patches from Eric Biederman to:

* Stop passing nf_hook_ops as parameter to the hook and use the state hook
  object instead all around the netfilter code, so only the private data
  pointer is passed to the registered hook function.

* Now that we've got state->net, propagate the netns pointer to netfilter hook
  clients to avoid its computation over and over again. A good example of how
  this has been simplified is the former TEE target (now nf_dup infrastructure)
  since it has killed the ugly pick_net() function.

There's another round of netns updates from Eric Biederman making the line. To
avoid the patchbomb again to almost all the networking mailing list (that is 84
patches) I'd suggest we send you a pull request with no patches or let me know
if you prefer a better way.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
 		2015-09-22 13:11:43 -07:00
..
9p 9p: switch p9_client_read() to passing struct iov_iter * 2015-04-11 22:28:27 -04:00
bluetooth Bluetooth: Add BT_ERR_RATELIMITED 2015-09-18 09:53:19 +02:00
caif caif: fix a signedness bug in cfpkt_iterate() 2015-02-20 17:35:14 -05:00
irda irda: Convert function pointer arrays and uses to const 2014-12-10 15:33:16 -05:00
iucv s390/iucv: do not use arrays as argument 2015-09-21 16:03:04 -07:00
netfilter netfilter: Pass net into nf_xfrm_me_harder 2015-09-18 22:00:22 +02:00
netns Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2015-08-04 23:57:45 -07:00
nfc nfc: netlink: Add capability to reply to vendor_cmd with data 2015-08-20 22:00:11 +02:00
phonet
sctp sctp: fix ASCONF list handling 2015-06-14 12:55:49 -07:00
tc_act act_connmark: Remember the struct net instead of guessing it. 2015-09-18 21:59:31 +02:00
6lowpan.h ieee802154: 6lowpan: remove tx full-size calc workaround 2015-09-17 13:20:04 +02:00
Space.h drivers: net: Include new header file in sbni.c 2013-12-19 18:51:20 -05:00
act_api.h net_sched: make tcf_hash_destroy() static 2015-08-26 11:01:44 -07:00
addrconf.h Changes for 4.3 2015-09-09 08:33:31 -07:00
af_ieee802154.h ieee802154: af_ieee802154: fix typo in comment. 2015-09-17 13:20:05 +02:00
af_rxrpc.h
af_unix.h net/unix: support SCM_SECURITY for stream sockets 2015-06-10 22:49:20 -07:00
af_vsock.h net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
ah.h ipsec: Remove obsolete MAX_AH_AUTH_LEN 2014-09-18 10:54:36 +02:00
arp.h neigh: Factor out ___neigh_lookup_noref 2015-03-04 00:23:23 -05:00
atmclip.h
ax25.h ax25: Stop using sock->sk_protinfo. 2015-06-28 16:55:44 -07:00
ax88796.h
bond_3ad.h bonding: Implement port churn-machine (AD standard 43.4.17). 2015-02-24 16:05:48 -05:00
bond_alb.h net: Move bonding headers under include/net 2014-11-10 13:27:49 -05:00
bond_options.h bonding: convert num_grat_arp to the new bonding option API 2015-07-27 01:05:24 -07:00
bonding.h net/bonding: Export bond_option_active_slave_get_rcu 2015-08-30 18:08:50 -04:00
busy_poll.h sched, net: Fixup busy_loop_us_clock() 2014-01-13 17:39:11 +01:00
cfg80211-wext.h
cfg80211.h Merge branch 'mac80211' into mac80211-next 2015-07-17 15:39:41 +02:00
cfg802154.h ieee802154: add ack request default handling 2015-08-10 20:43:06 +02:00
checksum.h net: Add inet_proto_csum_replace_by_diff utility function 2015-08-17 21:33:06 -07:00
cipso_ipv4.h cipso: don't use IPCB() to locate the CIPSO IP option 2015-02-11 14:46:37 -05:00
cls_cgroup.h cls_cgroup: factor out classid retrieval 2015-07-20 12:41:30 -07:00
codel.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-05-13 14:31:43 -04:00
compat.h net: switch importing msghdr from userland to {compat_,}import_iovec() 2015-04-09 00:02:26 -04:00
datalink.h net: Move prototype declaration to header file include/net/datalink.h from net/ipx/af_ipx.c 2014-02-09 17:32:50 -08:00
dcbevent.h include/net/: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
dcbnl.h net/dcb: Add IEEE QCN attribute 2015-03-06 21:50:02 -05:00
dn.h net: Move prototype declaration to header file include/net/dn.h from net/decnet/af_decnet.c 2014-02-09 17:32:49 -08:00
dn_dev.h dn_dev: add support for IFA_FLAGS nl attribute 2013-12-10 21:50:00 -05:00
dn_fib.h
dn_neigh.h netfilter: Pass net into okfn 2015-09-17 17:18:37 -07:00
dn_nsp.h
dn_route.h net: Move prototype declaration to appropriate header file from decnet/af_decnet.c 2014-02-09 17:32:49 -08:00
dsa.h net: dsa: Add dsa_is_dsa_port() helper 2015-08-18 14:17:21 -07:00
dsfield.h
dst.h netfilter: Pass net into okfn 2015-09-17 17:18:37 -07:00
dst_metadata.h tun_dst: Remove opts_size 2015-08-31 21:23:42 -07:00
dst_ops.h net: Remove protocol from struct dst_ops 2015-03-09 16:06:10 -04:00
esp.h net: move pskb_put() to core code 2013-11-07 19:28:58 -05:00
ethoc.h net: ethoc: set up MII management bus clock 2014-02-04 20:19:51 -08:00
fib_rules.h net: ipv6: use common fib_default_rule_pref 2015-09-09 14:19:50 -07:00
firewire.h
flow.h flow_dissector: Use 'const' where possible. 2015-09-01 21:19:17 -07:00
flow_dissector.h flow_dissector: Don't use bit fields. 2015-09-01 16:46:08 -07:00
flowcache.h flowcache: Make flow cache name space aware 2014-02-12 07:02:11 +01:00
fou.h ip_tunnel: Ops registration for secondary encap (fou, gue) 2014-11-12 15:01:35 -05:00
garp.h
gen_stats.h net: sched: enable per cpu qstats 2014-09-30 01:02:26 -04:00
genetlink.h net: Introduce possible_net_t 2015-03-12 14:39:40 -04:00
geneve.h geneve: Consolidate Geneve functionality in single module. 2015-08-27 15:42:48 -07:00
gre.h gre: Remove support for sharing GRE protocol hook. 2015-08-10 14:03:54 -07:00
gro_cells.h gro_cells: remove spinlock protecting receive queues 2015-08-31 15:17:17 -07:00
gue.h gue: Protocol constants for remote checksum offload 2014-11-05 16:30:03 -05:00
icmp.h
ieee80211_radiotap.h mac80211: propagate STBC / LDPC flags to radiotap 2014-02-06 09:34:58 +01:00
ieee802154_netdev.h mac802154: cleanup llsec param flags 2015-06-12 11:42:29 +02:00
if_inet6.h ipv6: do retries on stable privacy addresses 2015-03-23 22:12:09 -04:00
inet6_connection_sock.h inet: get rid of central tcp/dccp listener timer 2015-03-20 12:40:25 -04:00
inet6_hashtables.h ipv6: get rid of __inet6_hash() 2015-03-18 22:00:35 -04:00
inet_common.h net: Modify sk_alloc to not reference count the netns of kernel sockets. 2015-05-11 10:50:18 -04:00
inet_connection_sock.h tcp: fix child sockets to use system default congestion control if not set 2015-05-31 21:49:14 -07:00
inet_ecn.h tunnel: fix RFC number in comment for INET_ECN_decapsulate() 2014-05-07 15:30:52 -04:00
inet_frag.h inet: frags: remove INET_FRAG_EVICTED and use list_evictor for the test 2015-07-26 21:00:15 -07:00
inet_hashtables.h inet: simplify timewait refcounting 2015-07-09 15:12:20 -07:00
inet_sock.h inet: add IP_BIND_ADDRESS_NO_PORT to overcome bind(0) limitations 2015-06-06 23:57:12 -07:00
inet_timewait_sock.h inet: inet_twsk_deschedule factorization 2015-07-09 15:12:20 -07:00
inetpeer.h net: Add support for VRFs to inetpeer cache 2015-08-28 13:32:36 -07:00
ip.h net: Introduce helper functions to get the per cpu data 2015-08-30 21:48:58 -07:00
ip6_checksum.h net: add gro_compute_pseudo functions 2014-08-24 18:09:23 -07:00
ip6_fib.h route: move lwtunnel state to dst_entry 2015-08-20 15:42:36 -07:00
ip6_route.h ipv6: Add rt6_get_cookie() function 2015-05-25 13:25:34 -04:00
ip6_tunnel.h udp_tunnel: Pass UDP socket down through udp_tunnel{, 6}_xmit_skb(). 2015-04-07 15:29:08 -04:00
ip_fib.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-07-31 23:52:20 -07:00
ip_tunnels.h ip-tunnel: Use API to access tunnel metadata options. 2015-08-31 12:28:56 -07:00
ip_vs.h ipvs: add sysctl to ignore tunneled packets 2015-09-17 11:50:02 +09:00
ipcomp.h
ipconfig.h
ipv6.h netfilter: Pass net into okfn 2015-09-17 17:18:37 -07:00
ipx.h switch ipxrtr_route_packet() from iovec to msghdr 2014-11-24 04:28:49 -05:00
iw_handler.h wext: add checked wrappers for adding events/points to streams 2015-02-28 21:31:12 +01:00
lapb.h
lib80211.h lib80211: remove unused print_ssid() 2014-10-14 02:18:27 +02:00
llc.h llc: make lock static 2014-01-03 20:56:48 -05:00
llc_c_ac.h
llc_c_ev.h
llc_c_st.h llc: Make llc_conn_ev_qfyr_t function pointer arrays const 2014-12-10 15:21:24 -05:00
llc_conn.h net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
llc_if.h
llc_pdu.h net: llc: fix order of evaluation in llc_conn_ac_inc_vr_by_1 2014-01-01 22:22:43 -05:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h llc: Make llc_sap_action_t function pointer arrays const 2014-12-10 15:21:24 -05:00
llc_sap.h
lwtunnel.h lwt: Add cfg argument to build_state 2015-08-24 10:34:40 -07:00
mac80211.h mac80211: protect non-HT BSS when HT TDLS traffic exists 2015-09-04 14:25:46 +02:00
mac802154.h ieee802154: 6lowpan: check on valid 802.15.4 frame 2015-09-17 13:20:04 +02:00
mip6.h include/net/: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
mld.h ipv6: mld: answer mldv2 queries with mldv1 reports in mldv1 fallback 2014-09-22 16:23:15 -04:00
mpls.h openvswitch: Add basic MPLS support to kernel 2014-11-05 23:52:33 -08:00
mpls_iptunnel.h mpls: ip tunnel support 2015-07-21 10:39:05 -07:00
mrp.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-10-01 17:06:14 -04:00
ndisc.h ipv6: ndisc: inherit metadata dst when creating ndisc requests 2015-08-20 15:42:37 -07:00
neighbour.h net: add explicit logging and stat for neighbour table overflow 2015-08-10 13:46:21 -07:00
net_namespace.h netfilter: nfacct: per network namespace support 2015-08-07 11:50:56 +02:00
net_ratelimit.h
netevent.h
netlabel.h netlabel: fix the netlbl_catmap_setlong() dummy function 2014-08-07 20:55:21 -04:00
netlink.h netlink: implement nla_get_in_addr and nla_get_in6_addr 2015-03-31 13:58:35 -04:00
netprio_cgroup.h cgroup: clean up cgroup_subsys names and initialization 2014-02-08 10:36:58 -05:00
netrom.h
nexthop.h
nl802154.h ieee802154: add ack request default handling 2015-08-10 20:43:06 +02:00
p8022.h
ping.h net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
pkt_cls.h net: sched: remove tcf_proto from ematch calls 2014-10-06 18:02:32 -04:00
pkt_sched.h net: sched: consolidate tc_classify{,_compat} 2015-08-27 14:18:48 -07:00
protocol.h net: Eliminate no_check from protosw 2014-05-23 16:28:53 -04:00
psnap.h
raw.h
rawv6.h
red.h reciprocal_divide: update/correction of the algorithm 2014-01-21 23:17:20 -08:00
regulatory.h cfg80211: allow wiphy specific regdomain management 2014-12-17 11:49:55 +01:00
request_sock.h tcp: provide SYN headers for passive connections 2015-05-05 16:02:34 -04:00
rose.h
route.h net: Add FIB table id to rtable 2015-09-15 12:01:41 -07:00
rtnetlink.h rtnetlink: RTEXT_FILTER_SKIP_STATS support to avoid dumping inet/inet6 stats 2015-09-15 15:25:02 -07:00
sch_generic.h bpf: add bpf_redirect() helper 2015-09-17 21:09:07 -07:00
scm.h
secure_seq.h inetpeer: get rid of ip_id_count 2014-06-02 11:00:41 -07:00
slhc_vj.h
snmp.h Merge branch 'for-3.18-consistent-ops' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2014-10-15 07:48:18 +02:00
sock.h tcp: provide skb->hash to synack packets 2015-09-17 21:01:04 -07:00
stp.h
switchdev.h net: switchdev: support static FDB addresses 2015-08-11 12:03:19 -07:00
tcp.h tcp: usec resolution SYN/ACK RTT 2015-09-21 16:19:01 -07:00
tcp_memcontrol.h tcp_memcontrol: Kill struct tcp_memcontrol 2013-10-21 18:43:02 -04:00
tcp_states.h inet: add TCP_NEW_SYN_RECV state 2015-03-12 22:58:12 -04:00
timewait_sock.h inet: remove BUG_ON() in twsk_destructor() 2015-07-09 15:12:20 -07:00
transp_v6.h ipv6: make IPV6_RECVPKTINFO work for ipv4 datagrams 2014-01-19 19:53:18 -08:00
tso.h net: Add a software TSO helper API 2014-05-22 14:57:15 -04:00
udp.h net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
udp_tunnel.h vxlan: do not receive IPv4 packets on IPv6 socket 2015-08-29 13:07:54 -07:00
udplite.h net: switch memcpy_fromiovec()/memcpy_fromiovecend() users to copy_from_iter() 2015-02-04 01:34:15 -05:00
vrf.h net: Make table id type u32 2015-09-01 14:32:44 -07:00
vsock_addr.h
vxlan.h vxlan: fix multiple inclusion of vxlan.h 2015-08-25 14:32:04 -07:00
wext.h
wimax.h net: treewide: Fix typo found in DocBook/networking.xml 2014-09-05 17:35:28 -07:00
x25.h
x25device.h
xfrm.h xfrm: Remove unused afinfo method init_dst 2015-09-17 17:18:32 -07:00