1. 05 May, 2015 11 commits
    • David S. Miller's avatar
      Merge branch 'ipvlan-mcast' · 1a376de8
      David S. Miller authored
      Mahesh Bandewar says:
      
      ====================
      Multicast processing in IPvlan
      
      Dan Willems pointed out that autoconf in IPvlan is broken because of the
      way broadcast bit gets set. Since broadcast processing is a real performance
      drain, the broadcast bit in multicast filter was only set when the interface
      was configured with IPv4 address. In autoconf scenario, when there are
      no addresses configured; this logic did not work and it wouldn't allow
      DHCPv4 to work. The only way was to add protocol specific hacks to avoid
      processing unnecessary broadcast burdon.
      
      This jugglery could be avoided if these multicast / broadcast packets are taken
      out of fast-path and are processed in a work-queue. This will enable us to add
      broadcast bit in all multicast filters without any impact on performance of
      the virtual device. This patch series just does that.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1a376de8
    • Mahesh Bandewar's avatar
      ipvlan: Always set broadcast bit in multicast filter · f631c44b
      Mahesh Bandewar authored
      Earlier tricks of setting broadcast bit only when IPv4 address is added
      onto interface are not good enough especially when autoconf comes in play.
      Setting them on always is performance drag but now that multicast /
      broadcast is not processed in fast-path; enabling broadcast will let
      autoconf work correctly without affecting performance characteristics of
      the device.
      Signed-off-by: default avatarMahesh Bandewar <maheshb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f631c44b
    • Mahesh Bandewar's avatar
      ipvlan: Defer multicast / broadcast processing to a work-queue · ba35f858
      Mahesh Bandewar authored
      Processing multicast / broadcast in fast path is performance draining
      and having more links means more cloning and bringing performance
      down further.
      
      Broadcast; in particular, need to be given to all the virtual links.
      Earlier tricks of enabling broadcast bit for IPv4 only interfaces are not
      really working since it fails autoconf. Which means enabling broadcast
      for all the links if protocol specific hacks do not have to be added into
      the driver.
      
      This patch defers all (incoming as well as outgoing) multicast traffic to
      a work-queue leaving only the unicast traffic in the fast-path. Now if we
      need to apply any additional tricks to further reduce the impact of this
      (multicast / broadcast) type of traffic, it can be implemented while
      processing this work without affecting the fast-path.
      Signed-off-by: default avatarMahesh Bandewar <maheshb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ba35f858
    • David S. Miller's avatar
      Merge branch 'eth_proto_is_802_3' · 76061d99
      David S. Miller authored
      Alexander Duyck says:
      
      ====================
      Add eth_proto_is_802_3 to provide improved means of checking Ethertype
      
      This patch series implements and makes use of eth_proto_is_802_3().  The
      idea behind the function is to provide an optimized means of testing to
      determine if a given Ethertype value is a length or 802.3 protocol number.
      The standard path for this was to use ntohs(proto) and then perform a
      comparison.  This adds a slight cost as it usually requires either a 16b
      rotate or byte swap which can cost 1 cycle or more depending on the
      processor.
      
      I had previously addressed this for eth_type_trans, however in doing so I had
      overlooked checking with sparse and had introduced a couple sparse warnings.
      The first patch in this series fixes those sparse warnings as well as does
      some additional optimization for big endian systems.  In addition it pushes
      the code out into a separate function which can then be used in the other
      patches to reduce the instruction count/processing time in those functions
      as well.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      76061d99
    • Alexander Duyck's avatar
      vlan: Use eth_proto_is_802_3 · 9545b22d
      Alexander Duyck authored
      Replace "ntohs(proto) >= ETH_P_802_3_MIN" w/ eth_proto_is_802_3(proto).
      Signed-off-by: default avatarAlexander Duyck <alexander.h.duyck@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9545b22d
    • Alexander Duyck's avatar
      openvswitch: Use eth_proto_is_802_3 · 6713fc9b
      Alexander Duyck authored
      Replace "ntohs(proto) >= ETH_P_802_3_MIN" w/ eth_proto_is_802_3(proto).
      Signed-off-by: default avatarAlexander Duyck <alexander.h.duyck@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6713fc9b
    • Alexander Duyck's avatar
      ipv4/ip_tunnel_core: Use eth_proto_is_802_3 · d181ddca
      Alexander Duyck authored
      Replace "ntohs(proto) >= ETH_P_802_3_MIN" w/ eth_proto_is_802_3(proto).
      Signed-off-by: default avatarAlexander Duyck <alexander.h.duyck@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d181ddca
    • Alexander Duyck's avatar
      ebtables: Use eth_proto_is_802_3 · 27cf6a6e
      Alexander Duyck authored
      Replace "ntohs(proto) >= ETH_P_802_3_MIN" w/ eth_proto_is_802_3(proto).
      Signed-off-by: default avatarAlexander Duyck <alexander.h.duyck@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      27cf6a6e
    • Alexander Duyck's avatar
      etherdev: Fix sparse error, make test usable by other functions · 2c7a88c2
      Alexander Duyck authored
      This change does two things.  First it fixes a sparse error for the fact
      that the __be16 degrades to an integer.  Since that is actually what I am
      kind of doing I am simply working around that by forcing both sides of the
      comparison to u16.
      
      Also I realized on some compilers I was generating another instruction for
      big endian systems such as PowerPC since it was masking the value before
      doing the comparison.  So to resolve that I have simply pulled the mask out
      and wrapped it in an #ifndef __BIG_ENDIAN.
      
      Lastly I pulled this all out into its own function.  I notices there are
      similar checks in a number of other places so this function can be reused
      there to help reduce overhead in these paths as well.
      Signed-off-by: default avatarAlexander Duyck <alexander.h.duyck@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2c7a88c2
    • Bernhard Thaler's avatar
      bridge: change BR_GROUPFWD_RESTRICTED to allow forwarding of LLDP frames · 784b58a3
      Bernhard Thaler authored
      BR_GROUPFWD_RESTRICTED bitmask restricts users from setting values to
      /sys/class/net/brX/bridge/group_fwd_mask that allow forwarding of
      some IEEE 802.1D Table 7-10 Reserved addresses:
      
      	(MAC Control) 802.3		01-80-C2-00-00-01
      	(Link Aggregation) 802.3	01-80-C2-00-00-02
      	802.1AB LLDP			01-80-C2-00-00-0E
      
      Change BR_GROUPFWD_RESTRICTED to allow to forward LLDP frames and document
      group_fwd_mask.
      
      e.g.
         echo 16384 > /sys/class/net/brX/bridge/group_fwd_mask
      allows to forward LLDP frames.
      
      This may be needed for bridge setups used for network troubleshooting or
      any other scenario where forwarding of LLDP frames is desired (e.g. bridge
      connecting a virtual machine to real switch transmitting LLDP frames that
      virtual machine needs to receive).
      
      Tested on a simple bridge setup with two interfaces and host transmitting
      LLDP frames on one side of this bridge (used lldpd). Setting group_fwd_mask
      as described above lets LLDP frames traverse bridge.
      Signed-off-by: default avatarBernhard Thaler <bernhard.thaler@wvnet.at>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      784b58a3
    • Eric Dumazet's avatar
      tcp: provide SYN headers for passive connections · cd8ae852
      Eric Dumazet authored
      This patch allows a server application to get the TCP SYN headers for
      its passive connections.  This is useful if the server is doing
      fingerprinting of clients based on SYN packet contents.
      
      Two socket options are added: TCP_SAVE_SYN and TCP_SAVED_SYN.
      
      The first is used on a socket to enable saving the SYN headers
      for child connections. This can be set before or after the listen()
      call.
      
      The latter is used to retrieve the SYN headers for passive connections,
      if the parent listener has enabled TCP_SAVE_SYN.
      
      TCP_SAVED_SYN is read once, it frees the saved SYN headers.
      
      The data returned in TCP_SAVED_SYN are network (IPv4/IPv6) and TCP
      headers.
      
      Original patch was written by Tom Herbert, I changed it to not hold
      a full skb (and associated dst and conntracking reference).
      
      We have used such patch for about 3 years at Google.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Tested-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cd8ae852
  2. 04 May, 2015 29 commits