diff options
Diffstat (limited to 'include/net')
44 files changed, 694 insertions, 216 deletions
diff --git a/include/net/act_api.h b/include/net/act_api.h index c739531e156..06ef7e926a6 100644 --- a/include/net/act_api.h +++ b/include/net/act_api.h @@ -35,21 +35,6 @@ struct tcf_common { #define tcf_lock common.tcfc_lock #define tcf_rcu common.tcfc_rcu -struct tcf_police { - struct tcf_common common; - int tcfp_result; - u32 tcfp_ewma_rate; - u32 tcfp_burst; - u32 tcfp_mtu; - u32 tcfp_toks; - u32 tcfp_ptoks; - psched_time_t tcfp_t_c; - struct qdisc_rate_table *tcfp_R_tab; - struct qdisc_rate_table *tcfp_P_tab; -}; -#define to_police(pc) \ - container_of(pc, struct tcf_police, common) - struct tcf_hashinfo { struct tcf_common **htab; unsigned int hmask; @@ -91,7 +76,9 @@ struct tc_action_ops { int (*dump)(struct sk_buff *, struct tc_action *, int, int); int (*cleanup)(struct tc_action *, int bind); int (*lookup)(struct tc_action *, u32); - int (*init)(struct nlattr *, struct nlattr *, struct tc_action *, int , int); + int (*init)(struct net *net, struct nlattr *nla, + struct nlattr *est, struct tc_action *act, int ovr, + int bind); int (*walk)(struct sk_buff *, struct netlink_callback *, int, struct tc_action *); }; @@ -116,8 +103,12 @@ extern int tcf_register_action(struct tc_action_ops *a); extern int tcf_unregister_action(struct tc_action_ops *a); extern void tcf_action_destroy(struct tc_action *a, int bind); extern int tcf_action_exec(struct sk_buff *skb, const struct tc_action *a, struct tcf_result *res); -extern struct tc_action *tcf_action_init(struct nlattr *nla, struct nlattr *est, char *n, int ovr, int bind); -extern struct tc_action *tcf_action_init_1(struct nlattr *nla, struct nlattr *est, char *n, int ovr, int bind); +extern struct tc_action *tcf_action_init(struct net *net, struct nlattr *nla, + struct nlattr *est, char *n, int ovr, + int bind); +extern struct tc_action *tcf_action_init_1(struct net *net, struct nlattr *nla, + struct nlattr *est, char *n, int ovr, + int bind); extern int tcf_action_dump(struct sk_buff *skb, struct tc_action *a, int, int); extern int tcf_action_dump_old(struct sk_buff *skb, struct tc_action *a, int, int); extern int tcf_action_dump_1(struct sk_buff *skb, struct tc_action *a, int, int); diff --git a/include/net/addrconf.h b/include/net/addrconf.h index df4ef945338..40be2a0d8ae 100644 --- a/include/net/addrconf.h +++ b/include/net/addrconf.h @@ -15,6 +15,10 @@ #define IPV6_MAX_ADDRESSES 16 +#define ADDRCONF_TIMER_FUZZ_MINUS (HZ > 50 ? HZ / 50 : 1) +#define ADDRCONF_TIMER_FUZZ (HZ / 4) +#define ADDRCONF_TIMER_FUZZ_MAX (HZ) + #include <linux/in.h> #include <linux/in6.h> @@ -150,7 +154,31 @@ extern void addrconf_dad_failure(struct inet6_ifaddr *ifp); extern bool ipv6_chk_mcast_addr(struct net_device *dev, const struct in6_addr *group, const struct in6_addr *src_addr); -extern bool ipv6_is_mld(struct sk_buff *skb, int nexthdr); + +/* + * identify MLD packets for MLD filter exceptions + */ +static inline bool ipv6_is_mld(struct sk_buff *skb, int nexthdr, int offset) +{ + struct icmp6hdr *hdr; + + if (nexthdr != IPPROTO_ICMPV6 || + !pskb_network_may_pull(skb, offset + sizeof(struct icmp6hdr))) + return false; + + hdr = (struct icmp6hdr *)(skb_network_header(skb) + offset); + + switch (hdr->icmp6_type) { + case ICMPV6_MGM_QUERY: + case ICMPV6_MGM_REPORT: + case ICMPV6_MGM_REDUCTION: + case ICMPV6_MLD2_REPORT: + return true; + default: + break; + } + return false; +} extern void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len, bool sllao); @@ -257,30 +285,55 @@ static inline void addrconf_addr_solict_mult(const struct in6_addr *addr, htonl(0xFF000000) | addr->s6_addr32[3]); } -static inline int ipv6_addr_is_multicast(const struct in6_addr *addr) +static inline bool ipv6_addr_is_multicast(const struct in6_addr *addr) { return (addr->s6_addr32[0] & htonl(0xFF000000)) == htonl(0xFF000000); } -static inline int ipv6_addr_is_ll_all_nodes(const struct in6_addr *addr) +static inline bool ipv6_addr_is_ll_all_nodes(const struct in6_addr *addr) { +#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 + __u64 *p = (__u64 *)addr; + return ((p[0] ^ cpu_to_be64(0xff02000000000000UL)) | (p[1] ^ cpu_to_be64(1))) == 0UL; +#else return ((addr->s6_addr32[0] ^ htonl(0xff020000)) | addr->s6_addr32[1] | addr->s6_addr32[2] | (addr->s6_addr32[3] ^ htonl(0x00000001))) == 0; +#endif } -static inline int ipv6_addr_is_ll_all_routers(const struct in6_addr *addr) +static inline bool ipv6_addr_is_ll_all_routers(const struct in6_addr *addr) { +#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 + __u64 *p = (__u64 *)addr; + return ((p[0] ^ cpu_to_be64(0xff02000000000000UL)) | (p[1] ^ cpu_to_be64(2))) == 0UL; +#else return ((addr->s6_addr32[0] ^ htonl(0xff020000)) | addr->s6_addr32[1] | addr->s6_addr32[2] | (addr->s6_addr32[3] ^ htonl(0x00000002))) == 0; +#endif } -static inline int ipv6_addr_is_isatap(const struct in6_addr *addr) +static inline bool ipv6_addr_is_isatap(const struct in6_addr *addr) { return (addr->s6_addr32[2] | htonl(0x02000000)) == htonl(0x02005EFE); } +static inline bool ipv6_addr_is_solict_mult(const struct in6_addr *addr) +{ +#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 + __u64 *p = (__u64 *)addr; + return ((p[0] ^ cpu_to_be64(0xff02000000000000UL)) | + ((p[1] ^ cpu_to_be64(0x00000001ff000000UL)) & + cpu_to_be64(0xffffffffff000000UL))) == 0UL; +#else + return ((addr->s6_addr32[0] ^ htonl(0xff020000)) | + addr->s6_addr32[1] | + (addr->s6_addr32[2] ^ htonl(0x00000001)) | + (addr->s6_addr[12] ^ 0xff)) == 0; +#endif +} + #ifdef CONFIG_PROC_FS extern int if6_proc_init(void); extern void if6_proc_exit(void); diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index fa2612952c1..d581c6de5d6 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -2541,7 +2541,7 @@ struct wiphy { u32 rts_threshold; u8 coverage_class; - char fw_version[ETHTOOL_BUSINFO_LEN]; + char fw_version[ETHTOOL_FWVERS_LEN]; u32 hw_version; #ifdef CONFIG_PM diff --git a/include/net/dn_route.h b/include/net/dn_route.h index 4f7d6a18238..2e9d317c82d 100644 --- a/include/net/dn_route.h +++ b/include/net/dn_route.h @@ -16,7 +16,7 @@ *******************************************************************************/ extern struct sk_buff *dn_alloc_skb(struct sock *sk, int size, gfp_t pri); -extern int dn_route_output_sock(struct dst_entry **pprt, struct flowidn *, struct sock *sk, int flags); +extern int dn_route_output_sock(struct dst_entry __rcu **pprt, struct flowidn *, struct sock *sk, int flags); extern int dn_cache_dump(struct sk_buff *skb, struct netlink_callback *cb); extern void dn_rt_cache_flush(int delay); diff --git a/include/net/dsfield.h b/include/net/dsfield.h index 8a8d4e06900..e1ad903a8d6 100644 --- a/include/net/dsfield.h +++ b/include/net/dsfield.h @@ -43,11 +43,9 @@ static inline void ipv4_change_dsfield(struct iphdr *iph,__u8 mask, static inline void ipv6_change_dsfield(struct ipv6hdr *ipv6h,__u8 mask, __u8 value) { - __u16 tmp; + __be16 *p = (__force __be16 *)ipv6h; - tmp = ntohs(*(__be16 *) ipv6h); - tmp = (tmp & ((mask << 4) | 0xf00f)) | (value << 4); - *(__be16 *) ipv6h = htons(tmp); + *p = (*p & htons((((u16)mask << 4) | 0xf00f))) | htons((u16)value << 4); } diff --git a/include/net/dst.h b/include/net/dst.h index 9a7881066fb..3da47e0a4a1 100644 --- a/include/net/dst.h +++ b/include/net/dst.h @@ -61,6 +61,7 @@ struct dst_entry { #define DST_NOPEER 0x0040 #define DST_FAKE_RTABLE 0x0080 #define DST_XFRM_TUNNEL 0x0100 +#define DST_XFRM_QUEUE 0x0200 unsigned short pending_confirm; diff --git a/include/net/gro_cells.h b/include/net/gro_cells.h index e5062c955ea..734d9b5f577 100644 --- a/include/net/gro_cells.h +++ b/include/net/gro_cells.h @@ -73,8 +73,8 @@ static inline int gro_cells_init(struct gro_cells *gcells, struct net_device *de int i; gcells->gro_cells_mask = roundup_pow_of_two(netif_get_num_default_rss_queues()) - 1; - gcells->cells = kcalloc(sizeof(struct gro_cell), - gcells->gro_cells_mask + 1, + gcells->cells = kcalloc(gcells->gro_cells_mask + 1, + sizeof(struct gro_cell), GFP_KERNEL); if (!gcells->cells) return -ENOMEM; diff --git a/include/net/inet6_hashtables.h b/include/net/inet6_hashtables.h index 9e34c877a77..7ca75cbbf75 100644 --- a/include/net/inet6_hashtables.h +++ b/include/net/inet6_hashtables.h @@ -71,6 +71,8 @@ extern struct sock *__inet6_lookup_established(struct net *net, extern struct sock *inet6_lookup_listener(struct net *net, struct inet_hashinfo *hashinfo, + const struct in6_addr *saddr, + const __be16 sport, const struct in6_addr *daddr, const unsigned short hnum, const int dif); @@ -88,7 +90,8 @@ static inline struct sock *__inet6_lookup(struct net *net, if (sk) return sk; - return inet6_lookup_listener(net, hashinfo, daddr, hnum, dif); + return inet6_lookup_listener(net, hashinfo, saddr, sport, + daddr, hnum, dif); } static inline struct sock *__inet6_lookup_skb(struct inet_hashinfo *hashinfo, diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h index 32786a04471..3f237db0a42 100644 --- a/include/net/inet_frag.h +++ b/include/net/inet_frag.h @@ -1,10 +1,17 @@ #ifndef __NET_FRAG_H__ #define __NET_FRAG_H__ +#include <linux/percpu_counter.h> + struct netns_frags { int nqueues; - atomic_t mem; struct list_head lru_list; + spinlock_t lru_lock; + + /* The percpu_counter "mem" need to be cacheline aligned. + * mem.count must not share cacheline with other writers + */ + struct percpu_counter mem ____cacheline_aligned_in_smp; /* sysctls */ int timeout; @@ -13,12 +20,11 @@ struct netns_frags { }; struct inet_frag_queue { - struct hlist_node list; - struct netns_frags *net; - struct list_head lru_list; /* lru list member */ spinlock_t lock; - atomic_t refcnt; struct timer_list timer; /* when will this queue expire? */ + struct list_head lru_list; /* lru list member */ + struct hlist_node list; + atomic_t refcnt; struct sk_buff *fragments; /* list of received fragments */ struct sk_buff *fragments_tail; ktime_t stamp; @@ -31,24 +37,29 @@ struct inet_frag_queue { #define INET_FRAG_LAST_IN 1 u16 max_size; + + struct netns_frags *net; }; #define INETFRAGS_HASHSZ 64 struct inet_frags { struct hlist_head hash[INETFRAGS_HASHSZ]; - rwlock_t lock; - u32 rnd; - int qsize; + /* This rwlock is a global lock (seperate per IPv4, IPv6 and + * netfilter). Important to keep this on a seperate cacheline. + */ + rwlock_t lock ____cacheline_aligned_in_smp; int secret_interval; struct timer_list secret_timer; + u32 rnd; + int qsize; unsigned int (*hashfn)(struct inet_frag_queue *); + bool (*match)(struct inet_frag_queue *q, void *arg); void (*constructor)(struct inet_frag_queue *q, void *arg); void (*destructor)(struct inet_frag_queue *); void (*skb_free)(struct sk_buff *); - bool (*match)(struct inet_frag_queue *q, void *arg); void (*frag_expire)(unsigned long data); }; @@ -72,4 +83,59 @@ static inline void inet_frag_put(struct inet_frag_queue *q, struct inet_frags *f inet_frag_destroy(q, f, NULL); } +/* Memory Tracking Functions. */ + +/* The default percpu_counter batch size is not big enough to scale to + * fragmentation mem acct sizes. + * The mem size of a 64K fragment is approx: + * (44 fragments * 2944 truesize) + frag_queue struct(200) = 129736 bytes + */ +static unsigned int frag_percpu_counter_batch = 130000; + +static inline int frag_mem_limit(struct netns_frags *nf) +{ + return percpu_counter_read(&nf->mem); +} + +static inline void sub_frag_mem_limit(struct inet_frag_queue *q, int i) +{ + __percpu_counter_add(&q->net->mem, -i, frag_percpu_counter_batch); +} + +static inline void add_frag_mem_limit(struct inet_frag_queue *q, int i) +{ + __percpu_counter_add(&q->net->mem, i, frag_percpu_counter_batch); +} + +static inline void init_frag_mem_limit(struct netns_frags *nf) +{ + percpu_counter_init(&nf->mem, 0); +} + +static inline int sum_frag_mem_limit(struct netns_frags *nf) +{ + return percpu_counter_sum_positive(&nf->mem); +} + +static inline void inet_frag_lru_move(struct inet_frag_queue *q) +{ + spin_lock(&q->net->lru_lock); + list_move_tail(&q->lru_list, &q->net->lru_list); + spin_unlock(&q->net->lru_lock); +} + +static inline void inet_frag_lru_del(struct inet_frag_queue *q) +{ + spin_lock(&q->net->lru_lock); + list_del(&q->lru_list); + spin_unlock(&q->net->lru_lock); +} + +static inline void inet_frag_lru_add(struct netns_frags *nf, + struct inet_frag_queue *q) +{ + spin_lock(&nf->lru_lock); + list_add_tail(&q->lru_list, &nf->lru_list); + spin_unlock(&nf->lru_lock); +} #endif diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h index 67a8fa098e3..7b2ae9d3707 100644 --- a/include/net/inet_hashtables.h +++ b/include/net/inet_hashtables.h @@ -81,7 +81,9 @@ struct inet_bind_bucket { struct net *ib_net; #endif unsigned short port; - signed short fastreuse; + signed char fastreuse; + signed char fastreuseport; + kuid_t fastuid; int num_owners; struct hlist_node node; struct hlist_head owners; @@ -257,15 +259,19 @@ extern void inet_unhash(struct sock *sk); extern struct sock *__inet_lookup_listener(struct net *net, struct inet_hashinfo *hashinfo, + const __be32 saddr, + const __be16 sport, const __be32 daddr, const unsigned short hnum, const int dif); static inline struct sock *inet_lookup_listener(struct net *net, struct inet_hashinfo *hashinfo, + __be32 saddr, __be16 sport, __be32 daddr, __be16 dport, int dif) { - return __inet_lookup_listener(net, hashinfo, daddr, ntohs(dport), dif); + return __inet_lookup_listener(net, hashinfo, saddr, sport, + daddr, ntohs(dport), dif); } /* Socket demux engine toys. */ @@ -358,7 +364,8 @@ static inline struct sock *__inet_lookup(struct net *net, struct sock *sk = __inet_lookup_established(net, hashinfo, saddr, sport, daddr, hnum, dif); - return sk ? : __inet_lookup_listener(net, hashinfo, daddr, hnum, dif); + return sk ? : __inet_lookup_listener(net, hashinfo, saddr, sport, + daddr, hnum, dif); } static inline struct sock *inet_lookup(struct net *net, diff --git a/include/net/ip.h b/include/net/ip.h index 0707fb9551a..a68f838a132 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -143,6 +143,8 @@ static inline struct sk_buff *ip_finish_skb(struct sock *sk, struct flowi4 *fl4) extern int ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len); +extern void ip4_datagram_release_cb(struct sock *sk); + struct ip_reply_arg { struct kvec iov[1]; int flags; diff --git a/include/net/ip6_checksum.h b/include/net/ip6_checksum.h index 652d3d30935..7686e3f5033 100644 --- a/include/net/ip6_checksum.h +++ b/include/net/ip6_checksum.h @@ -35,63 +35,10 @@ #include <linux/ipv6.h> #ifndef _HAVE_ARCH_IPV6_CSUM - -static __inline__ __sum16 csum_ipv6_magic(const struct in6_addr *saddr, - const struct in6_addr *daddr, - __u32 len, unsigned short proto, - __wsum csum) -{ - - int carry; - __u32 ulen; - __u32 uproto; - __u32 sum = (__force u32)csum; - - sum += (__force u32)saddr->s6_addr32[0]; - carry = (sum < (__force u32)saddr->s6_addr32[0]); - sum += carry; - - sum += (__force u32)saddr->s6_addr32[1]; - carry = (sum < (__force u32)saddr->s6_addr32[1]); - sum += carry; - - sum += (__force u32)saddr->s6_addr32[2]; - carry = (sum < (__force u32)saddr->s6_addr32[2]); - sum += carry; - - sum += (__force u32)saddr->s6_addr32[3]; - carry = (sum < (__force u32)saddr->s6_addr32[3]); - sum += carry; - - sum += (__force u32)daddr->s6_addr32[0]; - carry = (sum < (__force u32)daddr->s6_addr32[0]); - sum += carry; - - sum += (__force u32)daddr->s6_addr32[1]; - carry = (sum < (__force u32)daddr->s6_addr32[1]); - sum += carry; - - sum += (__force u32)daddr->s6_addr32[2]; - carry = (sum < (__force u32)daddr->s6_addr32[2]); - sum += carry; - - sum += (__force u32)daddr->s6_addr32[3]; - carry = (sum < (__force u32)daddr->s6_addr32[3]); - sum += carry; - - ulen = (__force u32)htonl((__u32) len); - sum += ulen; - carry = (sum < ulen); - sum += carry; - - uproto = (__force u32)htonl(proto); - sum += uproto; - carry = (sum < uproto); - sum += carry; - - return csum_fold((__force __wsum)sum); -} - +__sum16 csum_ipv6_magic(const struct in6_addr *saddr, + const struct in6_addr *daddr, + __u32 len, unsigned short proto, + __wsum csum); #endif static __inline__ __sum16 tcp_v6_check(int len, @@ -126,4 +73,5 @@ static inline void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb) __tcp_v6_send_check(skb, &np->saddr, &np->daddr); } +int udp6_csum_init(struct sk_buff *skb, struct udphdr *uh, int proto); #endif diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h index fdc48a94a06..6919a501f99 100644 --- a/include/net/ip6_fib.h +++ b/include/net/ip6_fib.h @@ -89,8 +89,6 @@ struct fib6_table; struct rt6_info { struct dst_entry dst; - struct neighbour *n; - /* * Tail elements of dst_entry (__refcnt etc.) * and these elements (rarely used in hot path) are in diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h index 27d83183e61..260f83f16bc 100644 --- a/include/net/ip6_route.h +++ b/include/net/ip6_route.h @@ -23,6 +23,7 @@ struct route_info { #include <net/sock.h> #include <linux/ip.h> #include <linux/ipv6.h> +#include <linux/route.h> #define RT6_LOOKUP_F_IFACE 0x00000001 #define RT6_LOOKUP_F_REACHABLE 0x00000002 @@ -102,7 +103,6 @@ extern struct rt6_info *rt6_lookup(struct net *net, int oif, int flags); extern struct dst_entry *icmp6_dst_alloc(struct net_device *dev, - struct neighbour *neigh, struct flowi6 *fl6); extern int icmp6_dst_gc(void); @@ -194,4 +194,11 @@ static inline int ip6_skb_dst_mtu(struct sk_buff *skb) skb_dst(skb)->dev->mtu : dst_mtu(skb_dst(skb)); } +static inline struct in6_addr *rt6_nexthop(struct rt6_info *rt, struct in6_addr *dest) +{ + if (rt->rt6i_flags & RTF_GATEWAY) + return &rt->rt6i_gateway; + return dest; +} + #endif diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 5af66b26ebd..851d5412a29 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -222,6 +222,7 @@ struct ip6_flowlabel { struct in6_addr dst; struct ipv6_txoptions *opt; unsigned long linger; + struct rcu_head rcu; u8 share; union { struct pid *pid; @@ -238,6 +239,7 @@ struct ip6_flowlabel { struct ipv6_fl_socklist { struct ipv6_fl_socklist *next; struct ip6_flowlabel *fl; + struct rcu_head rcu; }; extern struct ip6_flowlabel *fl6_sock_lookup(struct sock *sk, __be32 label); @@ -288,12 +290,12 @@ static inline int ip6_frag_nqueues(struct net *net) static inline int ip6_frag_mem(struct net *net) { - return atomic_read(&net->ipv6.frags.mem); + return sum_frag_mem_limit(&net->ipv6.frags); } #endif -#define IPV6_FRAG_HIGH_THRESH (256 * 1024) /* 262144 */ -#define IPV6_FRAG_LOW_THRESH (192 * 1024) /* 196608 */ +#define IPV6_FRAG_HIGH_THRESH (4 * 1024*1024) /* 4194304 */ +#define IPV6_FRAG_LOW_THRESH (3 * 1024*1024) /* 3145728 */ #define IPV6_FRAG_TIMEOUT (60 * HZ) /* 60 seconds */ extern int __ipv6_addr_type(const struct in6_addr *addr); @@ -355,14 +357,32 @@ static inline void ipv6_addr_prefix(struct in6_addr *pfx, pfx->s6_addr[o] = addr->s6_addr[o] & (0xff00 >> b); } +static inline void __ipv6_addr_set_half(__be32 *addr, + __be32 wh, __be32 wl) +{ +#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 +#if defined(__BIG_ENDIAN) + if (__builtin_constant_p(wh) && __builtin_constant_p(wl)) { + *(__force u64 *)addr = ((__force u64)(wh) << 32 | (__force u64)(wl)); + return; + } +#elif defined(__LITTLE_ENDIAN) + if (__builtin_constant_p(wl) && __builtin_constant_p(wh)) { + *(__force u64 *)addr = ((__force u64)(wl) << 32 | (__force u64)(wh)); + return; + } +#endif +#endif + addr[0] = wh; + addr[1] = wl; +} + static inline void ipv6_addr_set(struct in6_addr *addr, __be32 w1, __be32 w2, __be32 w3, __be32 w4) { - addr->s6_addr32[0] = w1; - addr->s6_addr32[1] = w2; - addr->s6_addr32[2] = w3; - addr->s6_addr32[3] = w4; + __ipv6_addr_set_half(&addr->s6_addr32[0], w1, w2); + __ipv6_addr_set_half(&addr->s6_addr32[2], w3, w4); } static inline bool ipv6_addr_equal(const struct in6_addr *a1, @@ -381,9 +401,37 @@ static inline bool ipv6_addr_equal(const struct in6_addr *a1, #endif } -static inline bool __ipv6_prefix_equal(const __be32 *a1, const __be32 *a2, - unsigned int prefixlen) +#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 +static inline bool __ipv6_prefix_equal64_half(const __be64 *a1, + const __be64 *a2, + unsigned int len) +{ + if (len && ((*a1 ^ *a2) & cpu_to_be64((~0UL) << (64 - len)))) + return false; + return true; +} + +static inline bool ipv6_prefix_equal(const struct in6_addr *addr1, + const struct in6_addr *addr2, + unsigned int prefixlen) +{ + const __be64 *a1 = (const __be64 *)addr1; + const __be64 *a2 = (const __be64 *)addr2; + + if (prefixlen >= 64) { + if (a1[0] ^ a2[0]) + return false; + return __ipv6_prefix_equal64_half(a1 + 1, a2 + 1, prefixlen - 64); + } + return __ipv6_prefix_equal64_half(a1, a2, prefixlen); +} +#else +static inline bool ipv6_prefix_equal(const struct in6_addr *addr1, + const struct in6_addr *addr2, + unsigned int prefixlen) { + const __be32 *a1 = addr1->s6_addr32; + const __be32 *a2 = addr2->s6_addr32; unsigned int pdw, pbi; /* check complete u32 in prefix */ @@ -398,14 +446,7 @@ static inline bool __ipv6_prefix_equal(const __be32 *a1, const __be32 *a2, return true; } - -static inline bool ipv6_prefix_equal(const struct in6_addr *a1, - const struct in6_addr *a2, - unsigned int prefixlen) -{ - return __ipv6_prefix_equal(a1->s6_addr32, a2->s6_addr32, - prefixlen); -} +#endif struct inet_frag_queue; @@ -475,14 +516,25 @@ static inline u32 ipv6_addr_hash(const struct in6_addr *a) static inline bool ipv6_addr_loopback(const struct in6_addr *a) { +#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 + const unsigned long *ul = (const unsigned long *)a; + + return (ul[0] | (ul[1] ^ cpu_to_be64(1))) == 0UL; +#else return (a->s6_addr32[0] | a->s6_addr32[1] | a->s6_addr32[2] | (a->s6_addr32[3] ^ htonl(1))) == 0; +#endif } static inline bool ipv6_addr_v4mapped(const struct in6_addr *a) { - return (a->s6_addr32[0] | a->s6_addr32[1] | - (a->s6_addr32[2] ^ htonl(0x0000ffff))) == 0; + return ( +#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 + *(__be64 *)a | +#else + (a->s6_addr32[0] | a->s6_addr32[1]) | +#endif + (a->s6_addr32[2] ^ htonl(0x0000ffff))) == 0UL; } /* @@ -507,7 +559,7 @@ static inline void ipv6_addr_set_v4mapped(const __be32 addr, * find the first different bit between two addresses * length of address must be a multiple of 32bits */ -static inline int __ipv6_addr_diff(const void *token1, const void *token2, int addrlen) +static inline int __ipv6_addr_diff32(const void *token1, const void *token2, int addrlen) { const __be32 *a1 = token1, *a2 = token2; int i; @@ -539,6 +591,33 @@ static inline int __ipv6_addr_diff(const void *token1, const void *token2, int a return addrlen << 5; } +#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 +static inline int __ipv6_addr_diff64(const void *token1, const void *token2, int addrlen) +{ + const __be64 *a1 = token1, *a2 = token2; + int i; + + addrlen >>= 3; + + for (i = 0; i < addrlen; i++) { + __be64 xb = a1[i] ^ a2[i]; + if (xb) + return i * 64 + 63 - __fls(be64_to_cpu(xb)); + } + + return addrlen << 6; +} +#endif + +static inline int __ipv6_addr_diff(const void *token1, const void *token2, int addrlen) +{ +#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 + if (__builtin_constant_p(addrlen) && !(addrlen & 7)) + return __ipv6_addr_diff64(token1, token2, addrlen); +#endif + return __ipv6_addr_diff32(token1, token2, addrlen); +} + static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_addr *a2) { return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr)); @@ -547,6 +626,20 @@ static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_add extern void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt); /* + * Header manipulation + */ +static inline void ip6_flow_hdr(struct ipv6hdr *hdr, unsigned int tclass, + __be32 flowlabel) +{ + *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | flowlabel; +} + +static inline __be32 ip6_flowinfo(const struct ipv6hdr *hdr) +{ + return *(__be32 *)hdr & IPV6_FLOWINFO_MASK; +} + +/* * Prototypes exported by ipv6 */ @@ -570,13 +663,6 @@ extern int ip6_xmit(struct sock *sk, struct ipv6_txoptions *opt, int tclass); -extern int ip6_nd_hdr(struct sock *sk, - struct sk_buff *skb, - struct net_device *dev, - const struct in6_addr *saddr, - const struct in6_addr *daddr, - int proto, int len); - extern int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr); extern int ip6_append_data(struct sock *sk, diff --git a/include/net/mrp.h b/include/net/mrp.h new file mode 100644 index 00000000000..4fbf02aa2ec --- /dev/null +++ b/include/net/mrp.h @@ -0,0 +1,143 @@ +#ifndef _NET_MRP_H +#define _NET_MRP_H + +#define MRP_END_MARK 0x0 + +struct mrp_pdu_hdr { + u8 version; +}; + +struct mrp_msg_hdr { + u8 attrtype; + u8 attrlen; +}; + +struct mrp_vecattr_hdr { + __be16 lenflags; + unsigned char firstattrvalue[]; +#define MRP_VECATTR_HDR_LEN_MASK cpu_to_be16(0x1FFF) +#define MRP_VECATTR_HDR_FLAG_LA cpu_to_be16(0x2000) +}; + +enum mrp_vecattr_event { + MRP_VECATTR_EVENT_NEW, + MRP_VECATTR_EVENT_JOIN_IN, + MRP_VECATTR_EVENT_IN, + MRP_VECATTR_EVENT_JOIN_MT, + MRP_VECATTR_EVENT_MT, + MRP_VECATTR_EVENT_LV, + __MRP_VECATTR_EVENT_MAX +}; + +struct mrp_skb_cb { + struct mrp_msg_hdr *mh; + struct mrp_vecattr_hdr *vah; + unsigned char attrvalue[]; +}; + +static inline struct mrp_skb_cb *mrp_cb(struct sk_buff *skb) +{ + BUILD_BUG_ON(sizeof(struct mrp_skb_cb) > + FIELD_SIZEOF(struct sk_buff, cb)); + return (struct mrp_skb_cb *)skb->cb; +} + +enum mrp_applicant_state { + MRP_APPLICANT_INVALID, + MRP_APPLICANT_VO, + MRP_APPLICANT_VP, + MRP_APPLICANT_VN, + MRP_APPLICANT_AN, + MRP_APPLICANT_AA, + MRP_APPLICANT_QA, + MRP_APPLICANT_LA, + MRP_APPLICANT_AO, + MRP_APPLICANT_QO, + MRP_APPLICANT_AP, + MRP_APPLICANT_QP, + __MRP_APPLICANT_MAX +}; +#define MRP_APPLICANT_MAX (__MRP_APPLICANT_MAX - 1) + +enum mrp_event { + MRP_EVENT_NEW, + MRP_EVENT_JOIN, + MRP_EVENT_LV, + MRP_EVENT_TX, + MRP_EVENT_R_NEW, + MRP_EVENT_R_JOIN_IN, + MRP_EVENT_R_IN, + MRP_EVENT_R_JOIN_MT, + MRP_EVENT_R_MT, + MRP_EVENT_R_LV, + MRP_EVENT_R_LA, + MRP_EVENT_REDECLARE, + MRP_EVENT_PERIODIC, + __MRP_EVENT_MAX +}; +#define MRP_EVENT_MAX (__MRP_EVENT_MAX - 1) + +enum mrp_tx_action { + MRP_TX_ACTION_NONE, + MRP_TX_ACTION_S_NEW, + MRP_TX_ACTION_S_JOIN_IN, + MRP_TX_ACTION_S_JOIN_IN_OPTIONAL, + MRP_TX_ACTION_S_IN_OPTIONAL, + MRP_TX_ACTION_S_LV, +}; + +struct mrp_attr { + struct rb_node node; + enum mrp_applicant_state state; + u8 type; + u8 len; + unsigned char value[]; +}; + +enum mrp_applications { + MRP_APPLICATION_MVRP, + __MRP_APPLICATION_MAX +}; +#define MRP_APPLICATION_MAX (__MRP_APPLICATION_MAX - 1) + +struct mrp_application { + enum mrp_applications type; + unsigned int maxattr; + struct packet_type pkttype; + unsigned char group_address[ETH_ALEN]; + u8 version; +}; + +struct mrp_applicant { + struct mrp_application *app; + struct net_device *dev; + struct timer_list join_timer; + + spinlock_t lock; + struct sk_buff_head queue; + struct sk_buff *pdu; + struct rb_root mad; + struct rcu_head rcu; +}; + +struct mrp_port { + struct mrp_applicant __rcu *applicants[MRP_APPLICATION_MAX + 1]; + struct rcu_head rcu; +}; + +extern int mrp_register_application(struct mrp_application *app); +extern void mrp_unregister_application(struct mrp_application *app); + +extern int mrp_init_applicant(struct net_device *dev, + struct mrp_application *app); +extern void mrp_uninit_applicant(struct net_device *dev, + struct mrp_application *app); + +extern int mrp_request_join(const struct net_device *dev, + const struct mrp_application *app, + const void *value, u8 len, u8 type); +extern void mrp_request_leave(const struct net_device *dev, + const struct mrp_application *app, + const void *value, u8 len, u8 type); + +#endif /* _NET_MRP_H */ diff --git a/include/net/ndisc.h b/include/net/ndisc.h index 23b3a7c5878..745bf741e02 100644 --- a/include/net/ndisc.h +++ b/include/net/ndisc.h @@ -127,13 +127,19 @@ static int ndisc_addr_option_pad(unsigned short type) } } +static inline int ndisc_opt_addr_space(struct net_device *dev) +{ + return NDISC_OPT_SPACE(dev->addr_len + + ndisc_addr_option_pad(dev->type)); +} + static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, struct net_device *dev) { u8 *lladdr = (u8 *)(p + 1); int lladdrlen = p->nd_opt_len << 3; int prepad = ndisc_addr_option_pad(dev->type); - if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) + if (lladdrlen != ndisc_opt_addr_space(dev)) return NULL; return lladdr + prepad; } @@ -148,15 +154,14 @@ static inline u32 ndisc_hashfn(const void *pkey, const struct net_device *dev, _ (p32[3] * hash_rnd[3])); } -static inline struct neighbour *__ipv6_neigh_lookup(struct neigh_table *tbl, struct net_device *dev, const void *pkey) +static inline struct neighbour *__ipv6_neigh_lookup_noref(struct net_device *dev, const void *pkey) { struct neigh_hash_table *nht; const u32 *p32 = pkey; struct neighbour *n; u32 hash_val; - rcu_read_lock_bh(); - nht = rcu_dereference_bh(tbl->nht); + nht = rcu_dereference_bh(nd_tbl.nht); hash_val = ndisc_hashfn(pkey, dev, nht->hash_rnd) >> (32 - nht->hash_shift); for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]); n != NULL; @@ -164,12 +169,21 @@ static inline struct neighbour *__ipv6_neigh_lookup(struct neigh_table *tbl, str u32 *n32 = (u32 *) n->primary_key; if (n->dev == dev && ((n32[0] ^ p32[0]) | (n32[1] ^ p32[1]) | - (n32[2] ^ p32[2]) | (n32[3] ^ p32[3])) == 0) { - if (!atomic_inc_not_zero(&n->refcnt)) - n = NULL; - break; - } + (n32[2] ^ p32[2]) | (n32[3] ^ p32[3])) == 0) + return n; } + + return NULL; +} + +static inline struct neighbour *__ipv6_neigh_lookup(struct net_device *dev, const void *pkey) +{ + struct neighbour *n; + + rcu_read_lock_bh(); + n = __ipv6_neigh_lookup_noref(dev, pkey); + if (n && !atomic_inc_not_zero(&n->refcnt)) + n = NULL; rcu_read_unlock_bh(); return n; diff --git a/include/net/neighbour.h b/include/net/neighbour.h index 0dab173e27d..7e748ad8b50 100644 --- a/include/net/neighbour.h +++ b/include/net/neighbour.h @@ -181,10 +181,11 @@ struct neigh_table { }; #define NEIGH_PRIV_ALIGN sizeof(long long) +#define NEIGH_ENTRY_SIZE(size) ALIGN((size), NEIGH_PRIV_ALIGN) static inline void *neighbour_priv(const struct neighbour *n) { - return (char *)n + ALIGN(sizeof(*n) + n->tbl->key_len, NEIGH_PRIV_ALIGN); + return (char *)n + n->tbl->entry_size; } /* flags for neigh_update() */ diff --git a/include/net/netevent.h b/include/net/netevent.h index 3ce4988c9c0..fe630dde35c 100644 --- a/include/net/netevent.h +++ b/include/net/netevent.h @@ -16,9 +16,8 @@ struct neighbour; struct netevent_redirect { struct dst_entry *old; - struct neighbour *old_neigh; struct dst_entry *new; - struct neighbour *new_neigh; + struct neighbour *neigh; const void *daddr; }; diff --git a/include/net/netfilter/nf_conntrack_acct.h b/include/net/netfilter/nf_conntrack_acct.h index 463ae8e1669..2bdb7a15fe0 100644 --- a/include/net/netfilter/nf_conntrack_acct.h +++ b/include/net/netfilter/nf_conntrack_acct.h @@ -57,7 +57,9 @@ static inline void nf_ct_set_acct(struct net *net, bool enable) net->ct.sysctl_acct = enable; } -extern int nf_conntrack_acct_init(struct net *net); -extern void nf_conntrack_acct_fini(struct net *net); +extern int nf_conntrack_acct_pernet_init(struct net *net); +extern void nf_conntrack_acct_pernet_fini(struct net *net); +extern int nf_conntrack_acct_init(void); +extern void nf_conntrack_acct_fini(void); #endif /* _NF_CONNTRACK_ACCT_H */ diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h index d8f5b9f5216..930275fa2ea 100644 --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h @@ -25,11 +25,20 @@ extern unsigned int nf_conntrack_in(struct net *net, unsigned int hooknum, struct sk_buff *skb); -extern int nf_conntrack_init(struct net *net); -extern void nf_conntrack_cleanup(struct net *net); +extern int nf_conntrack_init_net(struct net *net); +extern void nf_conntrack_cleanup_net(struct net *net); -extern int nf_conntrack_proto_init(struct net *net); -extern void nf_conntrack_proto_fini(struct net *net); +extern int nf_conntrack_proto_pernet_init(struct net *net); +extern void nf_conntrack_proto_pernet_fini(struct net *net); + +extern int nf_conntrack_proto_init(void); +extern void nf_conntrack_proto_fini(void); + +extern int nf_conntrack_init_start(void); +extern void nf_conntrack_cleanup_start(void); + +extern void nf_conntrack_init_end(void); +extern void nf_conntrack_cleanup_end(void); extern bool nf_ct_get_tuple(const struct sk_buff *skb, diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h index 5654d292efd..092dc651689 100644 --- a/include/net/netfilter/nf_conntrack_ecache.h +++ b/include/net/netfilter/nf_conntrack_ecache.h @@ -207,9 +207,11 @@ nf_ct_expect_event(enum ip_conntrack_expect_events event, nf_ct_expect_event_report(event, exp, 0, 0); } -extern int nf_conntrack_ecache_init(struct net *net); -extern void nf_conntrack_ecache_fini(struct net *net); +extern int nf_conntrack_ecache_pernet_init(struct net *net); +extern void nf_conntrack_ecache_pernet_fini(struct net *net); +extern int nf_conntrack_ecache_init(void); +extern void nf_conntrack_ecache_fini(void); #else /* CONFIG_NF_CONNTRACK_EVENTS */ static inline void nf_conntrack_event_cache(enum ip_conntrack_events event, @@ -232,12 +234,21 @@ static inline void nf_ct_expect_event_report(enum ip_conntrack_expect_events e, u32 portid, int report) {} -static inline int nf_conntrack_ecache_init(struct net *net) +static inline int nf_conntrack_ecache_pernet_init(struct net *net) { return 0; } -static inline void nf_conntrack_ecache_fini(struct net *net) +static inline void nf_conntrack_ecache_pernet_fini(struct net *net) +{ +} + +static inline int nf_conntrack_ecache_init(void) +{ + return 0; +} + +static inline void nf_conntrack_ecache_fini(void) { } #endif /* CONFIG_NF_CONNTRACK_EVENTS */ diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h index cc13f377a70..cbbae7621e2 100644 --- a/include/net/netfilter/nf_conntrack_expect.h +++ b/include/net/netfilter/nf_conntrack_expect.h @@ -69,8 +69,11 @@ struct nf_conntrack_expect_policy { #define NF_CT_EXPECT_CLASS_DEFAULT 0 -int nf_conntrack_expect_init(struct net *net); -void nf_conntrack_expect_fini(struct net *net); +int nf_conntrack_expect_pernet_init(struct net *net); +void nf_conntrack_expect_pernet_fini(struct net *net); + +int nf_conntrack_expect_init(void); +void nf_conntrack_expect_fini(void); struct nf_conntrack_expect * __nf_ct_expect_find(struct net *net, u16 zone, diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h index 8b4d1fc2909..977bc8a4644 100644 --- a/include/net/netfilter/nf_conntrack_extend.h +++ b/include/net/netfilter/nf_conntrack_extend.h @@ -23,6 +23,9 @@ enum nf_ct_ext_id { #ifdef CONFIG_NF_CONNTRACK_TIMEOUT NF_CT_EXT_TIMEOUT, #endif +#ifdef CONFIG_NF_CONNTRACK_LABELS + NF_CT_EXT_LABELS, +#endif NF_CT_EXT_NUM, }; @@ -33,6 +36,7 @@ enum nf_ct_ext_id { #define NF_CT_EXT_ZONE_TYPE struct nf_conntrack_zone #define NF_CT_EXT_TSTAMP_TYPE struct nf_conn_tstamp #define NF_CT_EXT_TIMEOUT_TYPE struct nf_conn_timeout +#define NF_CT_EXT_LABELS_TYPE struct nf_conn_labels /* Extensions: optional stuff which isn't permanently in struct. */ struct nf_ct_ext { diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h index 9aad956d100..ce27edf5757 100644 --- a/include/net/netfilter/nf_conntrack_helper.h +++ b/include/net/netfilter/nf_conntrack_helper.h @@ -82,8 +82,11 @@ static inline void *nfct_help_data(const struct nf_conn *ct) return (void *)help->data; } -extern int nf_conntrack_helper_init(struct net *net); -extern void nf_conntrack_helper_fini(struct net *net); +extern int nf_conntrack_helper_pernet_init(struct net *net); +extern void nf_conntrack_helper_pernet_fini(struct net *net); + +extern int nf_conntrack_helper_init(void); +extern void nf_conntrack_helper_fini(void); extern int nf_conntrack_broadcast_help(struct sk_buff *skb, unsigned int protoff, diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h index 6f7c13f4ac0..3bb89eac3fa 100644 --- a/include/net/netfilter/nf_conntrack_l3proto.h +++ b/include/net/netfilter/nf_conntrack_l3proto.h @@ -76,11 +76,16 @@ struct nf_conntrack_l3proto { extern struct nf_conntrack_l3proto __rcu *nf_ct_l3protos[AF_MAX]; -/* Protocol registration. */ -extern int nf_conntrack_l3proto_register(struct net *net, +/* Protocol pernet registration. */ +extern int nf_ct_l3proto_pernet_register(struct net *net, struct nf_conntrack_l3proto *proto); -extern void nf_conntrack_l3proto_unregister(struct net *net, +extern void nf_ct_l3proto_pernet_unregister(struct net *net, struct nf_conntrack_l3proto *proto); + +/* Protocol global registration. */ +extern int nf_ct_l3proto_register(struct nf_conntrack_l3proto *proto); +extern void nf_ct_l3proto_unregister(struct nf_conntrack_l3proto *proto); + extern struct nf_conntrack_l3proto *nf_ct_l3proto_find_get(u_int16_t l3proto); extern void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p); diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h index c3be4aef6bf..914d8d90079 100644 --- a/include/net/netfilter/nf_conntrack_l4proto.h +++ b/include/net/netfilter/nf_conntrack_l4proto.h @@ -121,12 +121,16 @@ extern struct nf_conntrack_l4proto * nf_ct_l4proto_find_get(u_int16_t l3proto, u_int8_t l4proto); extern void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p); -/* Protocol registration. */ -extern int nf_conntrack_l4proto_register(struct net *net, +/* Protocol pernet registration. */ +extern int nf_ct_l4proto_pernet_register(struct net *net, struct nf_conntrack_l4proto *proto); -extern void nf_conntrack_l4proto_unregister(struct net *net, +extern void nf_ct_l4proto_pernet_unregister(struct net *net, struct nf_conntrack_l4proto *proto); +/* Protocol global registration. */ +extern int nf_ct_l4proto_register(struct nf_conntrack_l4proto *proto); +extern void nf_ct_l4proto_unregister(struct nf_conntrack_l4proto *proto); + static inline void nf_ct_kfree_compat_sysctl_table(struct nf_proto_net *pn) { #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) diff --git a/include/net/netfilter/nf_conntrack_labels.h b/include/net/netfilter/nf_conntrack_labels.h new file mode 100644 index 00000000000..c985695283b --- /dev/null +++ b/include/net/netfilter/nf_conntrack_labels.h @@ -0,0 +1,58 @@ +#include <linux/types.h> +#include <net/net_namespace.h> +#include <linux/netfilter/nf_conntrack_common.h> +#include <linux/netfilter/nf_conntrack_tuple_common.h> +#include <net/netfilter/nf_conntrack.h> +#include <net/netfilter/nf_conntrack_extend.h> + +#include <uapi/linux/netfilter/xt_connlabel.h> + +struct nf_conn_labels { + u8 words; + unsigned long bits[]; +}; + +static inline struct nf_conn_labels *nf_ct_labels_find(const struct nf_conn *ct) +{ +#ifdef CONFIG_NF_CONNTRACK_LABELS + return nf_ct_ext_find(ct, NF_CT_EXT_LABELS); +#else + return NULL; +#endif +} + +static inline struct nf_conn_labels *nf_ct_labels_ext_add(struct nf_conn *ct) +{ +#ifdef CONFIG_NF_CONNTRACK_LABELS + struct nf_conn_labels *cl_ext; + struct net *net = nf_ct_net(ct); + u8 words; + + words = ACCESS_ONCE(net->ct.label_words); + if (words == 0 || WARN_ON_ONCE(words > 8)) + return NULL; + + cl_ext = nf_ct_ext_add_length(ct, NF_CT_EXT_LABELS, + words * sizeof(long), GFP_ATOMIC); + if (cl_ext != NULL) + cl_ext->words = words; + + return cl_ext; +#else + return NULL; +#endif +} + +bool nf_connlabel_match(const struct nf_conn *ct, u16 bit); +int nf_connlabel_set(struct nf_conn *ct, u16 bit); + +int nf_connlabels_replace(struct nf_conn *ct, + const u32 *data, const u32 *mask, unsigned int words); + +#ifdef CONFIG_NF_CONNTRACK_LABELS +int nf_conntrack_labels_init(void); +void nf_conntrack_labels_fini(void); +#else +static inline int nf_conntrack_labels_init(void) { return 0; } +static inline void nf_conntrack_labels_fini(void) {} +#endif diff --git a/include/net/netfilter/nf_conntrack_timeout.h b/include/net/netfilter/nf_conntrack_timeout.h index e41e472d08f..d23aceb16d9 100644 --- a/include/net/netfilter/nf_conntrack_timeout.h +++ b/include/net/netfilter/nf_conntrack_timeout.h @@ -76,15 +76,15 @@ nf_ct_timeout_lookup(struct net *net, struct nf_conn *ct, } #ifdef CONFIG_NF_CONNTRACK_TIMEOUT -extern int nf_conntrack_timeout_init(struct net *net); -extern void nf_conntrack_timeout_fini(struct net *net); +extern int nf_conntrack_timeout_init(void); +extern void nf_conntrack_timeout_fini(void); #else -static inline int nf_conntrack_timeout_init(struct net *net) +static inline int nf_conntrack_timeout_init(void) { return 0; } -static inline void nf_conntrack_timeout_fini(struct net *net) +static inline void nf_conntrack_timeout_fini(void) { return; } diff --git a/include/net/netfilter/nf_conntrack_timestamp.h b/include/net/netfilter/nf_conntrack_timestamp.h index fc9c82b1f06..b00461413ef 100644 --- a/include/net/netfilter/nf_conntrack_timestamp.h +++ b/include/net/netfilter/nf_conntrack_timestamp.h @@ -48,15 +48,28 @@ static inline void nf_ct_set_tstamp(struct net *net, bool enable) } #ifdef CONFIG_NF_CONNTRACK_TIMESTAMP -extern int nf_conntrack_tstamp_init(struct net *net); -extern void nf_conntrack_tstamp_fini(struct net *net); +extern int nf_conntrack_tstamp_pernet_init(struct net *net); +extern void nf_conntrack_tstamp_pernet_fini(struct net *net); + +extern int nf_conntrack_tstamp_init(void); +extern void nf_conntrack_tstamp_fini(void); #else -static inline int nf_conntrack_tstamp_init(struct net *net) +static inline int nf_conntrack_tstamp_pernet_init(struct net *net) +{ + return 0; +} + +static inline void nf_conntrack_tstamp_pernet_fini(struct net *net) +{ + return; +} + +static inline int nf_conntrack_tstamp_init(void) { return 0; } -static inline void nf_conntrack_tstamp_fini(struct net *net) +static inline void nf_conntrack_tstamp_fini(void) { return; } diff --git a/include/net/netfilter/nf_tproxy_core.h b/include/net/netfilter/nf_tproxy_core.h index 75ca9291cf2..36d9379d4c4 100644 --- a/include/net/netfilter/nf_tproxy_core.h +++ b/include/net/netfilter/nf_tproxy_core.h @@ -82,6 +82,7 @@ nf_tproxy_get_sock_v4(struct net *net, const u8 protocol, break; case NFT_LOOKUP_LISTENER: sk = inet_lookup_listener(net, &tcp_hashinfo, + saddr, sport, daddr, dport, in->ifindex); @@ -151,6 +152,7 @@ nf_tproxy_get_sock_v6(struct net *net, const u8 protocol, break; case NFT_LOOKUP_LISTENER: sk = inet6_lookup_listener(net, &tcp_hashinfo, + saddr, sport, daddr, ntohs(dport), in->ifindex); diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h index a1d83cc8bf8..c9c0c538b68 100644 --- a/include/net/netns/conntrack.h +++ b/include/net/netns/conntrack.h @@ -71,6 +71,7 @@ struct netns_ct { struct hlist_head *expect_hash; struct hlist_nulls_head unconfirmed; struct hlist_nulls_head dying; + struct hlist_nulls_head tmpl; struct ip_conntrack_stat __percpu *stat; struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb; struct nf_exp_event_notifier __rcu *nf_expect_event_cb; @@ -83,6 +84,10 @@ struct netns_ct { int sysctl_auto_assign_helper; bool auto_assign_helper_warned; struct nf_ip_net nf_ct_proto; +#if defined(CONFIG_NF_CONNTRACK_LABELS) + unsigned int labels_used; + u8 label_words; +#endif #ifdef CONFIG_NF_NAT_NEEDED struct hlist_head *nat_bysource; unsigned int nat_htable_size; diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h index 2ae2b8372cf..2ba9de89e8e 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h @@ -22,6 +22,7 @@ struct netns_ipv4 { struct ctl_table_header *frags_hdr; struct ctl_table_header *ipv4_hdr; struct ctl_table_header *route_hdr; + struct ctl_table_header *xfrm4_hdr; #endif struct ipv4_devconf *devconf_all; struct ipv4_devconf *devconf_dflt; @@ -61,6 +62,8 @@ struct netns_ipv4 { int sysctl_icmp_ratemask; int sysctl_icmp_errors_use_inbound_ifaddr; + int sysctl_tcp_ecn; + kgid_t sysctl_ping_group_range[2]; long sysctl_tcp_mem[3]; diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h index 214cb0a5335..1242f371718 100644 --- a/include/net/netns/ipv6.h +++ b/include/net/netns/ipv6.h @@ -16,6 +16,7 @@ struct netns_sysctl_ipv6 { struct ctl_table_header *route_hdr; struct ctl_table_header *icmp_hdr; struct ctl_table_header *frags_hdr; + struct ctl_table_header *xfrm6_hdr; #endif int bindv6only; int flush_delay; diff --git a/include/net/netns/x_tables.h b/include/net/netns/x_tables.h index 591db7d657a..c24060ee411 100644 --- a/include/net/netns/x_tables.h +++ b/include/net/netns/x_tables.h @@ -8,6 +8,7 @@ struct ebt_table; struct netns_xt { struct list_head tables[NFPROTO_NUMPROTO]; + bool notrack_deprecated_warning; #if defined(CONFIG_BRIDGE_NF_EBTABLES) || \ defined(CONFIG_BRIDGE_NF_EBTABLES_MODULE) struct ebt_table *broute_table; diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h index 9fcc680ab6b..13174509cdf 100644 --- a/include/net/pkt_cls.h +++ b/include/net/pkt_cls.h @@ -126,9 +126,10 @@ tcf_exts_exec(struct sk_buff *skb, struct tcf_exts *exts, return 0; } -extern int tcf_exts_validate(struct tcf_proto *tp, struct nlattr **tb, - struct nlattr *rate_tlv, struct tcf_exts *exts, - const struct tcf_ext_map *map); +extern int tcf_exts_validate(struct net *net, struct tcf_proto *tp, + struct nlattr **tb, struct nlattr *rate_tlv, + struct tcf_exts *exts, + const struct tcf_ext_map *map); extern void tcf_exts_destroy(struct tcf_proto *tp, struct tcf_exts *exts); extern void tcf_exts_change(struct tcf_proto *tp, struct tcf_exts *dst, struct tcf_exts *src); diff --git a/include/net/pkt_sched.h b/include/net/pkt_sched.h index 66f5ac370f9..388bf8b6d06 100644 --- a/include/net/pkt_sched.h +++ b/include/net/pkt_sched.h @@ -65,8 +65,14 @@ struct qdisc_watchdog { }; extern void qdisc_watchdog_init(struct qdisc_watchdog *wd, struct Qdisc *qdisc); -extern void qdisc_watchdog_schedule(struct qdisc_watchdog *wd, - psched_time_t expires); +extern void qdisc_watchdog_schedule_ns(struct qdisc_watchdog *wd, u64 expires); + +static inline void qdisc_watchdog_schedule(struct qdisc_watchdog *wd, + psched_time_t expires) +{ + qdisc_watchdog_schedule_ns(wd, PSCHED_TICKS2NS(expires)); +} + extern void qdisc_watchdog_cancel(struct qdisc_watchdog *wd); extern struct Qdisc_ops pfifo_qdisc_ops; diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h index 1540f9c2fcf..2761c905504 100644 --- a/include/net/sch_generic.h +++ b/include/net/sch_generic.h @@ -195,7 +195,7 @@ struct tcf_proto_ops { unsigned long (*get)(struct tcf_proto*, u32 handle); void (*put)(struct tcf_proto*, unsigned long); - int (*change)(struct sk_buff *, + int (*change)(struct net *net, struct sk_buff *, struct tcf_proto*, unsigned long, u32 handle, struct nlattr **, unsigned long *); @@ -679,4 +679,23 @@ static inline struct sk_buff *skb_act_clone(struct sk_buff *skb, gfp_t gfp_mask, } #endif +struct psched_ratecfg { + u64 rate_bps; + u32 mult; + u32 shift; +}; + +static inline u64 psched_l2t_ns(const struct psched_ratecfg *r, + unsigned int len) +{ + return ((u64)len * r->mult) >> r->shift; +} + +extern void psched_ratecfg_precompute(struct psched_ratecfg *r, u32 rate); + +static inline u32 psched_ratecfg_getrate(const struct psched_ratecfg *r) +{ + return r->rate_bps >> 3; +} + #endif diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h index c29707d654c..a7dd5c50df7 100644 --- a/include/net/sctp/constants.h +++ b/include/net/sctp/constants.h @@ -303,7 +303,7 @@ enum { SCTP_MAX_GABS = 16 }; * to which we will raise the P-MTU. */ #define SCTP_DEFAULT_MINSEGMENT 512 /* MTU size ... if no mtu disc */ -#define SCTP_HOW_MANY_SECRETS 2 /* How many secrets I keep */ + #define SCTP_SECRET_SIZE 32 /* Number of octets in a 256 bits. */ #define SCTP_SIGNATURE_SIZE 20 /* size of a SLA-1 signature */ diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index fdeb85a970f..0e0f9d2322e 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h @@ -1236,10 +1236,7 @@ struct sctp_endpoint { * Discussion in [RFC1750] can be helpful in * selection of the key. */ - __u8 secret_key[SCTP_HOW_MANY_SECRETS][SCTP_SECRET_SIZE]; - int current_key; - int last_key; - int key_changed_at; + __u8 secret_key[SCTP_SECRET_SIZE]; /* digest: This is a digest of the sctp cookie. This field is * only used on the receive path when we try to validate diff --git a/include/net/sock.h b/include/net/sock.h index 93a6745bfdb..a340ab46b41 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -140,6 +140,7 @@ typedef __u64 __bitwise __addrpair; * @skc_family: network address family * @skc_state: Connection state * @skc_reuse: %SO_REUSEADDR setting + * @skc_reuseport: %SO_REUSEPORT setting * @skc_bound_dev_if: bound device index if != 0 * @skc_bind_node: bind hash linkage for various protocol lookup tables * @skc_portaddr_node: second hash linkage for UDP/UDP-Lite protocol @@ -179,7 +180,8 @@ struct sock_common { unsigned short skc_family; volatile unsigned char skc_state; - unsigned char skc_reuse; + unsigned char skc_reuse:4; + unsigned char skc_reuseport:4; int skc_bound_dev_if; union { struct hlist_node skc_bind_node; @@ -297,6 +299,7 @@ struct sock { #define sk_family __sk_common.skc_family #define sk_state __sk_common.skc_state #define sk_reuse __sk_common.skc_reuse +#define sk_reuseport __sk_common.skc_reuseport #define sk_bound_dev_if __sk_common.skc_bound_dev_if #define sk_bind_node __sk_common.skc_bind_node #define sk_prot __sk_common.skc_prot @@ -337,7 +340,7 @@ struct sock { #endif unsigned long sk_flags; struct dst_entry *sk_rx_dst; - struct dst_entry *sk_dst_cache; + struct dst_entry __rcu *sk_dst_cache; spinlock_t sk_dst_lock; atomic_t sk_wmem_alloc; atomic_t sk_omem_alloc; @@ -367,7 +370,7 @@ struct sock { unsigned short sk_ack_backlog; unsigned short sk_max_ack_backlog; __u32 sk_priority; -#ifdef CONFIG_CGROUPS +#if IS_ENABLED(CONFIG_NETPRIO_CGROUP) __u32 sk_cgrp_prioidx; #endif struct pid *sk_peer_pid; @@ -664,6 +667,7 @@ enum sock_flags { * Will use last 4 bytes of packet sent from * user-space instead. */ + SOCK_FILTER_LOCKED, /* Filter cannot be changed anymore */ }; static inline void sock_copy_flags(struct sock *nsk, struct sock *osk) diff --git a/include/net/tcp.h b/include/net/tcp.h index aed42c78515..23f2e98d4b6 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -266,7 +266,6 @@ extern int sysctl_tcp_abort_on_overflow; extern int sysctl_tcp_max_orphans; extern int sysctl_tcp_fack; extern int sysctl_tcp_reordering; -extern int sysctl_tcp_ecn; extern int sysctl_tcp_dsack; extern int sysctl_tcp_wmem[3]; extern int sysctl_tcp_rmem[3]; @@ -280,7 +279,6 @@ extern int sysctl_tcp_dma_copybreak; extern int sysctl_tcp_nometrics_save; extern int sysctl_tcp_moderate_rcvbuf; extern int sysctl_tcp_tso_win_divisor; -extern int sysctl_tcp_abc; extern int sysctl_tcp_mtu_probing; extern int sysctl_tcp_base_mss; extern int sysctl_tcp_workaround_signed_windows; @@ -504,7 +502,8 @@ static inline __u32 cookie_v4_init_sequence(struct sock *sk, #endif extern __u32 cookie_init_timestamp(struct request_sock *req); -extern bool cookie_check_timestamp(struct tcp_options_received *opt, bool *); +extern bool cookie_check_timestamp(struct tcp_options_received *opt, + struct net *net, bool *ecn_ok); /* From net/ipv6/syncookies.c */ extern struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb); @@ -728,11 +727,12 @@ struct tcp_skb_cb { * notifications, we disable TCP ECN negociation. */ static inline void -TCP_ECN_create_request(struct request_sock *req, const struct sk_buff *skb) +TCP_ECN_create_request(struct request_sock *req, const struct sk_buff *skb, + struct net *net) { const struct tcphdr *th = tcp_hdr(skb); - if (sysctl_tcp_ecn && th->ece && th->cwr && + if (net->ipv4.sysctl_tcp_ecn && th->ece && th->cwr && INET_ECN_is_not_ect(TCP_SKB_CB(skb)->ip_dsfield)) inet_rsk(req)->ecn_ok = 1; } diff --git a/include/net/transp_v6.h b/include/net/transp_v6.h index 498433dd067..938b7fd1120 100644 --- a/include/net/transp_v6.h +++ b/include/net/transp_v6.h @@ -34,17 +34,17 @@ extern int udpv6_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len); -extern int datagram_recv_ctl(struct sock *sk, - struct msghdr *msg, - struct sk_buff *skb); - -extern int datagram_send_ctl(struct net *net, - struct sock *sk, - struct msghdr *msg, - struct flowi6 *fl6, - struct ipv6_txoptions *opt, - int *hlimit, int *tclass, - int *dontfrag); +extern int ip6_datagram_recv_ctl(struct sock *sk, + struct msghdr *msg, + struct sk_buff *skb); + +extern int ip6_datagram_send_ctl(struct net *net, + struct sock *sk, + struct msghdr *msg, + struct flowi6 *fl6, + struct ipv6_txoptions *opt, + int *hlimit, int *tclass, + int *dontfrag); #define LOOPBACK4_IPV6 cpu_to_be32(0x7f000006) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 63445ede48b..24c8886fd96 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -501,6 +501,12 @@ struct xfrm_policy_walk { u32 seq; }; +struct xfrm_policy_queue { + struct sk_buff_head hold_queue; + struct timer_list hold_timer; + unsigned long timeout; +}; + struct xfrm_policy { #ifdef CONFIG_NET_NS struct net *xp_net; @@ -522,6 +528,7 @@ struct xfrm_policy { struct xfrm_lifetime_cfg lft; struct xfrm_lifetime_cur curlft; struct xfrm_policy_walk_entry walk; + struct xfrm_policy_queue polq; u8 type; u8 action; u8 flags; @@ -557,10 +564,6 @@ struct xfrm_migrate { }; #define XFRM_KM_TIMEOUT 30 -/* which seqno */ -#define XFRM_REPLAY_SEQ 1 -#define XFRM_REPLAY_OSEQ 2 -#define XFRM_REPLAY_SEQ_MASK 3 /* what happened */ #define XFRM_REPLAY_UPDATE XFRM_AE_CR #define XFRM_REPLAY_TIMEOUT XFRM_AE_CE @@ -1036,7 +1039,7 @@ static inline int __xfrm6_state_addr_cmp(const struct xfrm_tmpl *tmpl, const struct xfrm_state *x) { return (!ipv6_addr_any((struct in6_addr*)&tmpl->saddr) && - ipv6_addr_cmp((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr)); + !ipv6_addr_equal((struct in6_addr *)&tmpl->saddr, (struct in6_addr*)&x->props.saddr)); } static inline int @@ -1247,8 +1250,8 @@ static __inline__ int __xfrm6_state_addr_check(const struct xfrm_state *x, const xfrm_address_t *daddr, const xfrm_address_t *saddr) { - if (!ipv6_addr_cmp((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) && - (!ipv6_addr_cmp((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr)|| + if (ipv6_addr_equal((struct in6_addr *)daddr, (struct in6_addr *)&x->id.daddr) && + (ipv6_addr_equal((struct in6_addr *)saddr, (struct in6_addr *)&x->props.saddr) || ipv6_addr_any((struct in6_addr *)saddr) || ipv6_addr_any((struct in6_addr *)&x->props.saddr))) return 1; @@ -1324,6 +1327,7 @@ struct xfrm_algo_desc { char *name; char *compat; u8 available:1; + u8 pfkey_supported:1; union { struct xfrm_algo_aead_info aead; struct xfrm_algo_auth_info auth; @@ -1565,8 +1569,8 @@ extern void xfrm_input_init(void); extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq); extern void xfrm_probe_algs(void); -extern int xfrm_count_auth_supported(void); -extern int xfrm_count_enc_supported(void); +extern int xfrm_count_pfkey_auth_supported(void); +extern int xfrm_count_pfkey_enc_supported(void); extern struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx); extern struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx); extern struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id); @@ -1578,17 +1582,23 @@ extern struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe); extern struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len, int probe); -static inline int xfrm_addr_cmp(const xfrm_address_t *a, - const xfrm_address_t *b, - int family) +static inline bool xfrm6_addr_equal(const xfrm_address_t *a, + const xfrm_address_t *b) +{ + return ipv6_addr_equal((const struct in6_addr *)a, + (const struct in6_addr *)b); +} + +static inline bool xfrm_addr_equal(const xfrm_address_t *a, + const xfrm_address_t *b, + sa_family_t family) { switch (family) { default: case AF_INET: - return (__force u32)a->a4 - (__force u32)b->a4; + return ((__force u32)a->a4 ^ (__force u32)b->a4) == 0; case AF_INET6: - return ipv6_addr_cmp((const struct in6_addr *)a, - (const struct in6_addr *)b); + return xfrm6_addr_equal(a, b); } } |