linux.git/net/core/sysctl_net_core.c, branch v2.6.25 Linux kernel source tree [NET] sysctl: make sysctl_somaxconn per-namespace 2008-01-28T22:56:57+00:00 Pavel Emelyanov xemul@openvz.org 2007-12-08T08:12:33+00:00 b8e1f9b5c37e77cc8f978a58859b35fe5edd5542 Just move the variable on the struct net and adjust its usage. Others sysctls from sys.net.core table are more difficult to virtualize (i.e. make them per-namespace), but I'll look at them as well a bit later. Signed-off-by: Pavel Emelyanov <xemul@oenvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Just move the variable on the struct net and adjust
its usage.

Others sysctls from sys.net.core table are more
difficult to virtualize (i.e. make them per-namespace),
but I'll look at them as well a bit later.

Signed-off-by: Pavel Emelyanov <xemul@oenvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NET] sysctl: prepare core tables to point to netns variables 2008-01-28T22:56:56+00:00 Pavel Emelyanov xemul@openvz.org 2007-12-08T08:11:51+00:00 790a35328991b01181ff5624bdb084053b6fac54 Some of ctl variables are going to be on the struct net. Here's the way to adjust the ->data pointer on the ctl_table-s to point on the right variable. Since some pointers still point on the global variables, I keep turning the write bits off on such tables. This looks to become a common procedure for net sysctls, so later parts of this code may migrate to some more generic place. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Some of ctl variables are going to be on the struct
net. Here's the way to adjust the ->data pointer on the
ctl_table-s to point on the right variable.

Since some pointers still point on the global variables,
I keep turning the write bits off on such tables.

This looks to become a common procedure for net sysctls,
so later parts of this code may migrate to some more
generic place.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NET] sysctl: make the sys.net.core sysctls per-namespace 2008-01-28T22:56:56+00:00 Pavel Emelyanov xemul@openvz.org 2007-12-08T08:09:24+00:00 024626e36d75fc8c6e32d50d4c68bfc3b8df5fdf Making them per-namespace is required for the following two reasons: First, some ctl values have a per-namespace meaning. Second, making them writable from the sub-namespace is an isolation hole. So I introduce the pernet operations to create these tables. For init_net I use the existing statically declared tables, for sub-namespace they are duplicated and the write bits are removed from the mode. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Making them per-namespace is required for the following
two reasons:

 First, some ctl values have a per-namespace meaning.
 Second, making them writable from the sub-namespace
 is an isolation hole.

So I introduce the pernet operations to create these
tables. For init_net I use the existing statically
declared tables, for sub-namespace they are duplicated
and the write bits are removed from the mode.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NET]: Isolate the net/core/ sysctl table 2008-01-28T22:56:26+00:00 Pavel Emelyanov xemul@openvz.org 2007-12-05T09:37:34+00:00 33eb9cfc700ae9ce621d47d6ca6d6b4ad7cd97f3 Using ctl paths we can put all the stuff, related to net/core/ sysctl table, into one file and remove all the references on it. As a good side effect this hides the "core_table" name from the global scope :) Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Using ctl paths we can put all the stuff, related to net/core/
sysctl table, into one file and remove all the references on it.

As a good side effect this hides the "core_table" name from
the global scope :)

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NET]: Remove unneeded ifdefs from sysctl_net_core.c 2008-01-28T22:56:25+00:00 Pavel Emelyanov xemul@openvz.org 2007-12-05T09:36:23+00:00 7e2e109cef0d59abcb9aca8b82993e304ed8970c This file is already compiled out when the SYSCTL=n, so these ifdefs, that enclose the whole file, can be removed. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
This file is already compiled out when the SYSCTL=n, so
these ifdefs, that enclose the whole file, can be removed.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NET]: Don't declare extern variables in net/core/sysctl_net_core.c 2007-10-24T04:27:56+00:00 Pavel Emelyanov xemul@openvz.org 2007-10-24T04:13:53+00:00 a37ae4086e7e804db534bc8f2d31c2fbf89c5761 Some are already declared in include/linux/netdevice.h, while some others (xfrm ones) need to be declared. The driver/net/rrunner.c just uses same extern as well, so cleanup it also. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Some are already declared in include/linux/netdevice.h, while
some others (xfrm ones) need to be declared.

The driver/net/rrunner.c just uses same extern as well, so
cleanup it also.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[XFRM]: Allow XFRM_ACQ_EXPIRES to be tunable via sysctl. 2007-05-31T08:23:23+00:00 David S. Miller davem@sunset.davemloft.net 2007-05-25T07:41:38+00:00 01e67d08faa782f1a4d38de702331f5904def6ad Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: David S. Miller <davem@davemloft.net>
[XFRM]: Allow packet drops during larval state resolution. 2007-05-25T01:17:54+00:00 David S. Miller davem@sunset.davemloft.net 2007-05-25T01:17:54+00:00 14e50e57aedb2a89cf79b77782879769794cab7b The current IPSEC rule resolution behavior we have does not work for a lot of people, even though technically it's an improvement from the -EAGAIN buisness we had before. Right now we'll block until the key manager resolves the route. That works for simple cases, but many folks would rather packets get silently dropped until the key manager resolves the IPSEC rules. We can't tell these folks to "set the socket non-blocking" because they don't have control over the non-block setting of things like the sockets used to resolve DNS deep inside of the resolver libraries in libc. With that in mind I coded up the patch below with some help from Herbert Xu which provides packet-drop behavior during larval state resolution, controllable via sysctl and off by default. This lays the framework to either: 1) Make this default at some point or... 2) Move this logic into xfrm{4,6}_policy.c and implement the ARP-like resolution queue we've all been dreaming of. The idea would be to queue packets to the policy, then once the larval state is resolved by the key manager we re-resolve the route and push the packets out. The packets would timeout if the rule didn't get resolved in a certain amount of time. Signed-off-by: David S. Miller <davem@davemloft.net> 
The current IPSEC rule resolution behavior we have does not work for a
lot of people, even though technically it's an improvement from the
-EAGAIN buisness we had before.

Right now we'll block until the key manager resolves the route.  That
works for simple cases, but many folks would rather packets get
silently dropped until the key manager resolves the IPSEC rules.

We can't tell these folks to "set the socket non-blocking" because
they don't have control over the non-block setting of things like the
sockets used to resolve DNS deep inside of the resolver libraries in
libc.

With that in mind I coded up the patch below with some help from
Herbert Xu which provides packet-drop behavior during larval state
resolution, controllable via sysctl and off by default.

This lays the framework to either:

1) Make this default at some point or...

2) Move this logic into xfrm{4,6}_policy.c and implement the
   ARP-like resolution queue we've all been dreaming of.
   The idea would be to queue packets to the policy, then
   once the larval state is resolved by the key manager we
   re-resolve the route and push the packets out.  The
   packets would timeout if the rule didn't get resolved
   in a certain amount of time.

Signed-off-by: David S. Miller <davem@davemloft.net>
[NET]: Replace CONFIG_NET_DEBUG with sysctl. 2007-04-26T05:24:05+00:00 Stephen Hemminger shemminger@linux-foundation.org 2007-03-09T04:41:08+00:00 a2a316fd068c455c609ecc155dcfaa7e208d29fe Covert network warning messages from a compile time to runtime choice. Removes kernel config option and replaces it with new /proc/sys/net/core/warnings. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Covert network warning messages from a compile time to runtime choice.
Removes kernel config option and replaces it with new /proc/sys/net/core/warnings.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NET]: The scheduled removal of the frame diverter. 2006-12-03T05:22:23+00:00 Adrian Bunk bunk@stusta.de 2006-11-14T00:02:22+00:00 90833aa4f496d69ca374af6acef7d1614c8693ff This patch contains the scheduled removal of the frame diverter. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch contains the scheduled removal of the frame diverter.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>