From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
netfilter-devel@vger.kernel.org
Subject: netfilter 00/12: Netfilter fixes/2.6.30 update part II
Date: Thu, 26 Mar 2009 20:02:30 +0100 (MET) [thread overview]
Message-ID: <20090326190225.23365.96356.sendpatchset@x2.localnet> (raw)
Hi Dave,
following are a few late netfilter patches and fixes for 2.6.30, containing:
- Eric's patch to use SLAB_DESTROY_BY_RCU in conntrack, which reduces
the conntrack size and avoids temporarily exceeding the configured
maximum amount of entries before the RCU threshold kicks in.
- another patch from Eric to factorize the optimized ifname comparisons
- a fix from Eric to use hlist_add_head_rcu in nf_conntrack_set_hashsize()
to avoid a race condition
- a number of patches from Holger Eitzenberger to perform approximately
correct allocation (might overshoot by a bit) for ctnetlink event
messages to avoid reallocation in netlink_trim(). According to some
benchmarks by Pablo. this increases throughput by about 10% in an
connection intensive workload.
- a patch fixing a build-failure in the new LED target
- a patch from Francis Dupont to fix an old regression in the *tables
loop detection. Slightly modified and ported to ip6_tables and
arp_tables by myself.
Please apply or pull from:
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6.git
Thanks!
include/linux/netfilter/x_tables.h | 23 ++++
include/net/netfilter/nf_conntrack.h | 14 ++-
include/net/netfilter/nf_conntrack_helper.h | 2 +
include/net/netfilter/nf_conntrack_l3proto.h | 7 +
include/net/netfilter/nf_conntrack_l4proto.h | 7 +
include/net/netfilter/nf_conntrack_tuple.h | 6 +-
include/net/netlink.h | 1 +
include/net/netns/conntrack.h | 5 +-
net/ipv4/netfilter/arp_tables.c | 18 +--
net/ipv4/netfilter/ip_tables.c | 27 +----
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 6 +
.../netfilter/nf_conntrack_l3proto_ipv4_compat.c | 63 ++++++----
net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 6 +
net/ipv4/netfilter/nf_nat_core.c | 2 +-
net/ipv6/netfilter/ip6_tables.c | 27 +----
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 6 +
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 6 +
net/netfilter/Kconfig | 2 +-
net/netfilter/nf_conntrack_core.c | 129 ++++++++++++--------
net/netfilter/nf_conntrack_expect.c | 2 +-
net/netfilter/nf_conntrack_helper.c | 8 +-
net/netfilter/nf_conntrack_netlink.c | 94 +++++++++++++--
net/netfilter/nf_conntrack_proto.c | 16 +++
net/netfilter/nf_conntrack_proto_dccp.c | 9 ++
net/netfilter/nf_conntrack_proto_gre.c | 1 +
net/netfilter/nf_conntrack_proto_sctp.c | 10 ++
net/netfilter/nf_conntrack_proto_tcp.c | 15 +++
net/netfilter/nf_conntrack_proto_udp.c | 2 +
net/netfilter/nf_conntrack_proto_udplite.c | 1 +
net/netfilter/nf_conntrack_standalone.c | 57 +++++----
net/netfilter/xt_connlimit.c | 6 +-
net/netfilter/xt_physdev.c | 21 +---
net/netlink/attr.c | 27 ++++
33 files changed, 416 insertions(+), 210 deletions(-)
Eric Dumazet (3):
netfilter: nf_conntrack: use hlist_add_head_rcu() in nf_conntrack_set_hashsize()
netfilter: factorize ifname_compare()
netfilter: nf_conntrack: use SLAB_DESTROY_BY_RCU and get rid of call_rcu()
Holger Eitzenberger (7):
netfilter: ctnetlink: add callbacks to the per-proto nlattrs
netlink: add nla_policy_len()
netfilter: limit the length of the helper name
netfilter: ctnetlink: allocate right-sized ctnetlink skb
netfilter: nf_conntrack: add generic function to get len of generic policy
netfilter: nf_conntrack: calculate per-protocol nlattr size
ctnetlink: compute generic part of event more acurately
Patrick McHardy (2):
netfilter: fix xt_LED build failure
netfilter: {ip,ip6,arp}_tables: fix incorrect loop detection
next reply other threads:[~2009-03-26 19:02 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-26 19:02 Patrick McHardy [this message]
2009-03-26 19:02 ` netfilter 01/12: fix xt_LED build failure Patrick McHardy
2009-03-26 19:02 ` netfilter 02/12: nf_conntrack: use hlist_add_head_rcu() in nf_conntrack_set_hashsize() Patrick McHardy
2009-03-26 19:02 ` netfilter 03/12: factorize ifname_compare() Patrick McHardy
2009-03-26 19:02 ` netfilter 04/12: ctnetlink: add callbacks to the per-proto nlattrs Patrick McHardy
2009-03-26 19:02 ` netlink 05/12: add nla_policy_len() Patrick McHardy
2009-03-26 19:02 ` netfilter 06/12: limit the length of the helper name Patrick McHardy
2009-03-26 19:02 ` netfilter 07/12: {ip,ip6,arp}_tables: fix incorrect loop detection Patrick McHardy
2009-03-26 19:02 ` netfilter 08/12: nf_conntrack: use SLAB_DESTROY_BY_RCU and get rid of call_rcu() Patrick McHardy
2009-03-26 19:02 ` netfilter 09/12: ctnetlink: allocate right-sized ctnetlink skb Patrick McHardy
2009-03-26 19:02 ` netfilter 10/12: nf_conntrack: add generic function to get len of generic policy Patrick McHardy
2009-03-26 19:02 ` netfilter 11/12: nf_conntrack: calculate per-protocol nlattr size Patrick McHardy
2009-03-26 19:02 ` ctnetlink 12/12: compute generic part of event more acurately Patrick McHardy
2009-03-27 5:46 ` netfilter 00/12: Netfilter fixes/2.6.30 update part II David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090326190225.23365.96356.sendpatchset@x2.localnet \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.