linux/include/net/netns, branch for-nextMirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
https://git.shady.money/linux/atom?h=for-next2024-10-29T10:56:18Zxfrm: Add an inbound percpu state cache.2024-10-29T10:56:18ZSteffen Klassertsteffen.klassert@secunet.com2024-10-23T10:53:44Zurn:sha1:81a331a0e72ddc2f75092603d9577bd1a0ca23ad
Now that we can have percpu xfrm states, the number of active
states might increase. To get a better lookup performance,
we add a percpu cache to cache the used inbound xfrm states.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Tested-by: Antony Antony <antony.antony@secunet.com>
Tested-by: Tobias Brunner <tobias@strongswan.org>
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net2024-10-25T07:08:22ZPaolo Abenipabeni@redhat.com2024-10-25T07:08:22Zurn:sha1:03fc07a24735e0be8646563913abf5f5cb71ad19
Cross-merge networking fixes after downstream PR.
No conflicts and no adjacent changes.
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
ipv4: use READ_ONCE()/WRITE_ONCE() on net->ipv4.fib_seq2024-10-11T22:35:05ZEric Dumazetedumazet@google.com2024-10-09T18:44:02Zurn:sha1:16207384d29287a19f81436e1953b41946aa8258
Using RTNL to protect ops->fib_rules_seq reads seems a big hammer.
Writes are protected by RTNL.
We can use READ_ONCE() when reading it.
Constify 'struct net' argument of fib4_rules_seq_read()
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20241009184405.3752829-3-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
tcp: move sysctl_tcp_l3mdev_accept to netns_ipv4_read_rx2024-10-11T15:45:24ZEric Dumazetedumazet@google.com2024-10-10T03:41:00Zurn:sha1:d677aebd663ddc287f2b2bda098474694a0ca875
sysctl_tcp_l3mdev_accept is read from TCP receive fast path from
tcp_v6_early_demux(),
__inet6_lookup_established,
inet_request_bound_dev_if().
Move it to netns_ipv4_read_rx.
Remove the '#ifdef CONFIG_NET_L3_MASTER_DEV' that was guarding
its definition.
Note this adds a hole of three bytes that could be filled later.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Cc: Wei Wang <weiwan@google.com>
Cc: Coco Li <lixiaoyan@google.com>
Link: https://patch.msgid.link/20241010034100.320832-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
ipv4: Namespacify IPv4 address GC.2024-10-10T03:08:08ZKuniyuki Iwashimakuniyu@amazon.com2024-10-08T17:29:05Zurn:sha1:1675f385213edc14ed849e079d6866b48e552252
Each IPv4 address could have a lifetime, which is useful for DHCP,
and GC is periodically executed as check_lifetime_work.
check_lifetime() does the actual GC under RTNL.
1. Acquire RTNL
2. Iterate inet_addr_lst
3. Remove IPv4 address if expired
4. Release RTNL
Namespacifying the GC is required for per-netns RTNL, but using the
per-netns hash table will shorten the time on the hash bucket iteration
under RTNL.
Let's add per-netns GC work and use the per-netns hash table.
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20241008172906.1326-4-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
ipv4: Link IPv4 address to per-netns hash table.2024-10-10T03:08:07ZKuniyuki Iwashimakuniyu@amazon.com2024-10-08T17:29:03Zurn:sha1:87173021f1583ee37f4801fcde354729da8db3dc
As a prep for per-netns RTNL conversion, we want to namespacify
the IPv4 address hash table and the GC work.
Let's allocate the per-netns IPv4 address hash table to
net->ipv4.inet_addr_lst and link IPv4 addresses into it.
The actual users will be converted later.
Note that the IPv6 address hash table is already namespacified.
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20241008172906.1326-2-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
net-timestamp: namespacify the sysctl_tstamp_allow_data2024-10-08T22:33:11ZJason Xingkernelxing@tencent.com2024-10-05T22:26:09Zurn:sha1:da5e06dee58ad153a4933fd40fc53d571bfef373
Let it be tuned in per netns by admins.
Signed-off-by: Jason Xing <kernelxing@tencent.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Link: https://patch.msgid.link/20241005222609.94980-1-kerneljasonxing@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
xfrm: policy: remove last remnants of pernet inexact list2024-09-24T07:58:16ZFlorian Westphalfw@strlen.de2024-09-18T09:12:49Zurn:sha1:645546a05b0370391c0eac0f14f5b9ddf8d00731
xfrm_net still contained the no-longer-used inexact policy list heads,
remove them.
Fixes: a54ad727f745 ("xfrm: policy: remove remaining use of inexact list")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
icmp: icmp_msgs_per_sec and icmp_msgs_burst sysctls become per netns2024-08-30T18:14:06ZEric Dumazetedumazet@google.com2024-08-29T14:46:41Zurn:sha1:f17bf505ff89595df5147755e51441632a5dc563
Previous patch made ICMP rate limits per netns, it makes sense
to allow each netns to change the associated sysctl.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20240829144641.3880376-4-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
icmp: move icmp_global.credit and icmp_global.stamp to per netns storage2024-08-30T18:14:06ZEric Dumazetedumazet@google.com2024-08-29T14:46:40Zurn:sha1:b056b4cd9178f7a1d5d57f7b48b073c29729ddaa
Host wide ICMP ratelimiter should be per netns, to provide better isolation.
Following patch in this series makes the sysctl per netns.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20240829144641.3880376-3-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>