<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/net/ipv6/netfilter, branch v2.6.35</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>netfilter: ip6t_REJECT: fix a dst leak in ipv6 REJECT</title>
<updated>2010-07-02T08:05:01+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>eric.dumazet@gmail.com</email>
</author>
<published>2010-07-02T08:05:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=499031ac8a3df6738f6186ded9da853e8ea18253'/>
<id>499031ac8a3df6738f6186ded9da853e8ea18253</id>
<content type='text'>
We should release dst if dst-&gt;error is set.

Bug introduced in 2.6.14 by commit e104411b82f5c
([XFRM]: Always release dst_entry on error in xfrm_lookup)

Signed-off-by: Eric Dumazet &lt;eric.dumazet@gmail.com&gt;
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We should release dst if dst-&gt;error is set.

Bug introduced in 2.6.14 by commit e104411b82f5c
([XFRM]: Always release dst_entry on error in xfrm_lookup)

Signed-off-by: Eric Dumazet &lt;eric.dumazet@gmail.com&gt;
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>netfilter: xtables: stackptr should be percpu</title>
<updated>2010-05-31T14:41:35+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>eric.dumazet@gmail.com</email>
</author>
<published>2010-05-31T14:41:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=7489aec8eed4f2f1eb3b4d35763bd3ea30b32ef5'/>
<id>7489aec8eed4f2f1eb3b4d35763bd3ea30b32ef5</id>
<content type='text'>
commit f3c5c1bfd4 (netfilter: xtables: make ip_tables reentrant)
introduced a performance regression, because stackptr array is shared by
all cpus, adding cache line ping pongs. (16 cpus share a 64 bytes cache
line)

Fix this using alloc_percpu()

Signed-off-by: Eric Dumazet &lt;eric.dumazet@gmail.com&gt;
Acked-By: Jan Engelhardt &lt;jengelh@medozas.de&gt;
Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit f3c5c1bfd4 (netfilter: xtables: make ip_tables reentrant)
introduced a performance regression, because stackptr array is shared by
all cpus, adding cache line ping pongs. (16 cpus share a 64 bytes cache
line)

Fix this using alloc_percpu()

Signed-off-by: Eric Dumazet &lt;eric.dumazet@gmail.com&gt;
Acked-By: Jan Engelhardt &lt;jengelh@medozas.de&gt;
Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>netfilter: remove unnecessary returns from void function()s</title>
<updated>2010-05-13T13:16:27+00:00</updated>
<author>
<name>Joe Perches</name>
<email>joe@perches.com</email>
</author>
<published>2010-05-13T13:16:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=736d58e3a2245ac2779fe0f278f8735bcf33ca8d'/>
<id>736d58e3a2245ac2779fe0f278f8735bcf33ca8d</id>
<content type='text'>
This patch removes from net/ netfilter files
all the unnecessary return; statements that precede the
last closing brace of void functions.

It does not remove the returns that are immediately
preceded by a label as gcc doesn't like that.

Done via:
$ grep -rP --include=*.[ch] -l "return;\n}" net/ | \
  xargs perl -i -e 'local $/ ; while (&lt;&gt;) { s/\n[ \t\n]+return;\n}/\n}/g; print; }'

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
[Patrick: changed to keep return statements in otherwise empty function bodies]
Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch removes from net/ netfilter files
all the unnecessary return; statements that precede the
last closing brace of void functions.

It does not remove the returns that are immediately
preceded by a label as gcc doesn't like that.

Done via:
$ grep -rP --include=*.[ch] -l "return;\n}" net/ | \
  xargs perl -i -e 'local $/ ; while (&lt;&gt;) { s/\n[ \t\n]+return;\n}/\n}/g; print; }'

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
[Patrick: changed to keep return statements in otherwise empty function bodies]
Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>netfilter: cleanup printk messages</title>
<updated>2010-05-13T13:02:08+00:00</updated>
<author>
<name>Stephen Hemminger</name>
<email>shemminger@vyatta.com</email>
</author>
<published>2010-05-13T13:02:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=654d0fbdc8fe1041918741ed5b6abc8ad6b4c1d8'/>
<id>654d0fbdc8fe1041918741ed5b6abc8ad6b4c1d8</id>
<content type='text'>
Make sure all printk messages have a severity level.

Signed-off-by: Stephen Hemminger &lt;shemminger@vyatta.com&gt;
Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Make sure all printk messages have a severity level.

Signed-off-by: Stephen Hemminger &lt;shemminger@vyatta.com&gt;
Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>netfilter: change NF_ASSERT to WARN_ON</title>
<updated>2010-05-13T13:00:20+00:00</updated>
<author>
<name>Stephen Hemminger</name>
<email>shemminger@vyatta.com</email>
</author>
<published>2010-05-13T13:00:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=af5676039a9479e6ff42c6aab9fac1149ac9597f'/>
<id>af5676039a9479e6ff42c6aab9fac1149ac9597f</id>
<content type='text'>
Change netfilter asserts to standard WARN_ON. This has the
benefit of backtrace info and also causes netfilter errors
to show up on kerneloops.org.

Signed-off-by: Stephen Hemminger &lt;shemminger@vyatta.com&gt;
Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Change netfilter asserts to standard WARN_ON. This has the
benefit of backtrace info and also causes netfilter errors
to show up on kerneloops.org.

Signed-off-by: Stephen Hemminger &lt;shemminger@vyatta.com&gt;
Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>netfilter: xtables: combine built-in extension structs</title>
<updated>2010-05-11T16:36:18+00:00</updated>
<author>
<name>Jan Engelhardt</name>
<email>jengelh@medozas.de</email>
</author>
<published>2009-07-04T10:50:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=4538506be386f9736b83bf9892f829adbbb70fea'/>
<id>4538506be386f9736b83bf9892f829adbbb70fea</id>
<content type='text'>
Prepare the arrays for use with the multiregister function. The
future layer-3 xt matches can then be easily added to it without
needing more (un)register code.

Signed-off-by: Jan Engelhardt &lt;jengelh@medozas.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Prepare the arrays for use with the multiregister function. The
future layer-3 xt matches can then be easily added to it without
needing more (un)register code.

Signed-off-by: Jan Engelhardt &lt;jengelh@medozas.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>netfilter: xtables: change hotdrop pointer to direct modification</title>
<updated>2010-05-11T16:35:27+00:00</updated>
<author>
<name>Jan Engelhardt</name>
<email>jengelh@medozas.de</email>
</author>
<published>2009-07-07T18:54:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=b4ba26119b06052888696491f614201817491a0d'/>
<id>b4ba26119b06052888696491f614201817491a0d</id>
<content type='text'>
Since xt_action_param is writable, let's use it. The pointer to
'bool hotdrop' always worried (8 bytes (64-bit) to write 1 byte!).
Surprisingly results in a reduction in size:

   text    data     bss filename
5457066  692730  357892 vmlinux.o-prev
5456554  692730  357892 vmlinux.o

Signed-off-by: Jan Engelhardt &lt;jengelh@medozas.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Since xt_action_param is writable, let's use it. The pointer to
'bool hotdrop' always worried (8 bytes (64-bit) to write 1 byte!).
Surprisingly results in a reduction in size:

   text    data     bss filename
5457066  692730  357892 vmlinux.o-prev
5456554  692730  357892 vmlinux.o

Signed-off-by: Jan Engelhardt &lt;jengelh@medozas.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>netfilter: xtables: deconstify struct xt_action_param for matches</title>
<updated>2010-05-11T16:33:37+00:00</updated>
<author>
<name>Jan Engelhardt</name>
<email>jengelh@medozas.de</email>
</author>
<published>2009-07-07T18:42:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=62fc8051083a334578c3f4b3488808f210b4565f'/>
<id>62fc8051083a334578c3f4b3488808f210b4565f</id>
<content type='text'>
In future, layer-3 matches will be an xt module of their own, and
need to set the fragoff and thoff fields. Adding more pointers would
needlessy increase memory requirements (esp. so for 64-bit, where
pointers are wider).

Signed-off-by: Jan Engelhardt &lt;jengelh@medozas.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In future, layer-3 matches will be an xt module of their own, and
need to set the fragoff and thoff fields. Adding more pointers would
needlessy increase memory requirements (esp. so for 64-bit, where
pointers are wider).

Signed-off-by: Jan Engelhardt &lt;jengelh@medozas.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>netfilter: xtables: substitute temporary defines by final name</title>
<updated>2010-05-11T16:31:17+00:00</updated>
<author>
<name>Jan Engelhardt</name>
<email>jengelh@medozas.de</email>
</author>
<published>2009-07-05T17:43:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=4b560b447df83368df44bd3712c0c39b1d79ba04'/>
<id>4b560b447df83368df44bd3712c0c39b1d79ba04</id>
<content type='text'>
Signed-off-by: Jan Engelhardt &lt;jengelh@medozas.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Jan Engelhardt &lt;jengelh@medozas.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>netfilter: xtables: combine struct xt_match_param and xt_target_param</title>
<updated>2010-05-11T16:23:43+00:00</updated>
<author>
<name>Jan Engelhardt</name>
<email>jengelh@medozas.de</email>
</author>
<published>2009-07-05T16:26:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=de74c16996287250f0d947663127f80c6beebd3c'/>
<id>de74c16996287250f0d947663127f80c6beebd3c</id>
<content type='text'>
The structures carried - besides match/target - almost the same data.
It is possible to combine them, as extensions are evaluated serially,
and so, the callers end up a little smaller.

  text  data  bss  filename
-15318   740  104  net/ipv4/netfilter/ip_tables.o
+15286   740  104  net/ipv4/netfilter/ip_tables.o
-15333   540  152  net/ipv6/netfilter/ip6_tables.o
+15269   540  152  net/ipv6/netfilter/ip6_tables.o

Signed-off-by: Jan Engelhardt &lt;jengelh@medozas.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The structures carried - besides match/target - almost the same data.
It is possible to combine them, as extensions are evaluated serially,
and so, the callers end up a little smaller.

  text  data  bss  filename
-15318   740  104  net/ipv4/netfilter/ip_tables.o
+15286   740  104  net/ipv4/netfilter/ip_tables.o
-15333   540  152  net/ipv6/netfilter/ip6_tables.o
+15269   540  152  net/ipv6/netfilter/ip6_tables.o

Signed-off-by: Jan Engelhardt &lt;jengelh@medozas.de&gt;
</pre>
</div>
</content>
</entry>
</feed>
