Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next (41e95736) · Commits · e / devices / android_kernel_fairphone_FP4

Documentation/networking/ipvs-sysctl.txt

+60 −8

Original line number	Original line	Diff line number	Diff line
	@@ -175,6 +175,14 @@ nat_icmp_send - BOOLEAN
	for VS/NAT when the load balancer receives packets from real		for VS/NAT when the load balancer receives packets from real
	servers but the connection entries don't exist.		servers but the connection entries don't exist.

			pmtu_disc - BOOLEAN
			0 - disabled
			not 0 - enabled (default)

			By default, reject with FRAG_NEEDED all DF packets that exceed
			the PMTU, irrespective of the forwarding method. For TUN method
			the flag can be disabled to fragment such packets.

	secure_tcp - INTEGER		secure_tcp - INTEGER
	0 - disabled (default)		0 - disabled (default)

	@@ -185,15 +193,59 @@ secure_tcp - INTEGER
	The value definition is the same as that of drop_entry and		The value definition is the same as that of drop_entry and
	drop_packet.		drop_packet.

	sync_threshold - INTEGER		sync_threshold - vector of 2 INTEGERs: sync_threshold, sync_period
	default 3		default 3 50

	It sets synchronization threshold, which is the minimum number		It sets synchronization threshold, which is the minimum number
	of incoming packets that a connection needs to receive before		of incoming packets that a connection needs to receive before
	the connection will be synchronized. A connection will be		the connection will be synchronized. A connection will be
	synchronized, every time the number of its incoming packets		synchronized, every time the number of its incoming packets
	modulus 50 equals the threshold. The range of the threshold is		modulus sync_period equals the threshold. The range of the
	from 0 to 49.		threshold is from 0 to sync_period.

			When sync_period and sync_refresh_period are 0, send sync only
			for state changes or only once when pkts matches sync_threshold

			sync_refresh_period - UNSIGNED INTEGER
			default 0

			In seconds, difference in reported connection timer that triggers
			new sync message. It can be used to avoid sync messages for the
			specified period (or half of the connection timeout if it is lower)
			if connection state is not changed since last sync.

			This is useful for normal connections with high traffic to reduce
			sync rate. Additionally, retry sync_retries times with period of
			sync_refresh_period/8.

			sync_retries - INTEGER
			default 0

			Defines sync retries with period of sync_refresh_period/8. Useful
			to protect against loss of sync messages. The range of the
			sync_retries is from 0 to 3.

			sync_qlen_max - UNSIGNED LONG

			Hard limit for queued sync messages that are not sent yet. It
			defaults to 1/32 of the memory pages but actually represents
			number of messages. It will protect us from allocating large
			parts of memory when the sending rate is lower than the queuing
			rate.

			sync_sock_size - INTEGER
			default 0

			Configuration of SNDBUF (master) or RCVBUF (slave) socket limit.
			Default value is 0 (preserve system defaults).

			sync_ports - INTEGER
			default 1

			The number of threads that master and backup servers can use for
			sync traffic. Every thread will use single UDP port, thread 0 will
			use the default port 8848 while last thread will use port
			8848+sync_ports-1.

	snat_reroute - BOOLEAN		snat_reroute - BOOLEAN
	0 - disabled		0 - disabled

include/net/ip_vs.h

+9 −7

Original line number	Original line	Diff line number	Diff line
	@@ -12,6 +12,8 @@
	#include <linux/list.h> /* for struct list_head */		#include <linux/list.h> /* for struct list_head */
	#include <linux/spinlock.h> /* for struct rwlock_t */		#include <linux/spinlock.h> /* for struct rwlock_t */
	#include <linux/atomic.h> /* for struct atomic_t */		#include <linux/atomic.h> /* for struct atomic_t */
			#include <linux/refcount.h> /* for struct refcount_t */

	#include <linux/compiler.h>		#include <linux/compiler.h>
	#include <linux/timer.h>		#include <linux/timer.h>
	#include <linux/bug.h>		#include <linux/bug.h>
	@@ -525,7 +527,7 @@ struct ip_vs_conn {
	struct netns_ipvs *ipvs;		struct netns_ipvs *ipvs;

	/* counter and timer */		/* counter and timer */
	atomic_t refcnt; /* reference count */		refcount_t refcnt; /* reference count */
	struct timer_list timer; /* Expiration timer */		struct timer_list timer; /* Expiration timer */
	volatile unsigned long timeout; /* timeout */		volatile unsigned long timeout; /* timeout */

	@@ -667,7 +669,7 @@ struct ip_vs_dest {
	atomic_t conn_flags; /* flags to copy to conn */		atomic_t conn_flags; /* flags to copy to conn */
	atomic_t weight; /* server weight */		atomic_t weight; /* server weight */

	atomic_t refcnt; /* reference counter */		refcount_t refcnt; /* reference counter */
	struct ip_vs_stats stats; /* statistics */		struct ip_vs_stats stats; /* statistics */
	unsigned long idle_start; /* start time, jiffies */		unsigned long idle_start; /* start time, jiffies */

	@@ -1211,14 +1213,14 @@ struct ip_vs_conn * ip_vs_conn_out_get_proto(struct netns_ipvs *ipvs, int af,
	*/		*/
	static inline bool __ip_vs_conn_get(struct ip_vs_conn *cp)		static inline bool __ip_vs_conn_get(struct ip_vs_conn *cp)
	{		{
	return atomic_inc_not_zero(&cp->refcnt);		return refcount_inc_not_zero(&cp->refcnt);
	}		}

	/* put back the conn without restarting its timer */		/* put back the conn without restarting its timer */
	static inline void __ip_vs_conn_put(struct ip_vs_conn *cp)		static inline void __ip_vs_conn_put(struct ip_vs_conn *cp)
	{		{
	smp_mb__before_atomic();		smp_mb__before_atomic();
	atomic_dec(&cp->refcnt);		refcount_dec(&cp->refcnt);
	}		}
	void ip_vs_conn_put(struct ip_vs_conn *cp);		void ip_vs_conn_put(struct ip_vs_conn *cp);
	void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __be16 cport);		void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __be16 cport);
	@@ -1410,18 +1412,18 @@ void ip_vs_try_bind_dest(struct ip_vs_conn *cp);

	static inline void ip_vs_dest_hold(struct ip_vs_dest *dest)		static inline void ip_vs_dest_hold(struct ip_vs_dest *dest)
	{		{
	atomic_inc(&dest->refcnt);		refcount_inc(&dest->refcnt);
	}		}

	static inline void ip_vs_dest_put(struct ip_vs_dest *dest)		static inline void ip_vs_dest_put(struct ip_vs_dest *dest)
	{		{
	smp_mb__before_atomic();		smp_mb__before_atomic();
	atomic_dec(&dest->refcnt);		refcount_dec(&dest->refcnt);
	}		}

	static inline void ip_vs_dest_put_and_free(struct ip_vs_dest *dest)		static inline void ip_vs_dest_put_and_free(struct ip_vs_dest *dest)
	{		{
	if (atomic_dec_and_test(&dest->refcnt))		if (refcount_dec_and_test(&dest->refcnt))
	kfree(dest);		kfree(dest);
	}		}

include/net/netfilter/nf_conntrack_expect.h

+3 −1

Original line number	Original line	Diff line number	Diff line
	@@ -5,6 +5,8 @@
	#ifndef _NF_CONNTRACK_EXPECT_H		#ifndef _NF_CONNTRACK_EXPECT_H
	#define _NF_CONNTRACK_EXPECT_H		#define _NF_CONNTRACK_EXPECT_H

			#include <linux/refcount.h>

	#include <net/netfilter/nf_conntrack.h>		#include <net/netfilter/nf_conntrack.h>
	#include <net/netfilter/nf_conntrack_zones.h>		#include <net/netfilter/nf_conntrack_zones.h>

	@@ -37,7 +39,7 @@ struct nf_conntrack_expect {
	struct timer_list timeout;		struct timer_list timeout;

	/* Usage count. */		/* Usage count. */
	atomic_t use;		refcount_t use;

	/* Flags */		/* Flags */
	unsigned int flags;		unsigned int flags;

include/net/netfilter/nf_conntrack_timeout.h

+2 −1

Original line number	Original line	Diff line number	Diff line
	@@ -4,6 +4,7 @@
	#include <net/net_namespace.h>		#include <net/net_namespace.h>
	#include <linux/netfilter/nf_conntrack_common.h>		#include <linux/netfilter/nf_conntrack_common.h>
	#include <linux/netfilter/nf_conntrack_tuple_common.h>		#include <linux/netfilter/nf_conntrack_tuple_common.h>
			#include <linux/refcount.h>
	#include <net/netfilter/nf_conntrack.h>		#include <net/netfilter/nf_conntrack.h>
	#include <net/netfilter/nf_conntrack_extend.h>		#include <net/netfilter/nf_conntrack_extend.h>

	@@ -12,7 +13,7 @@
	struct ctnl_timeout {		struct ctnl_timeout {
	struct list_head head;		struct list_head head;
	struct rcu_head rcu_head;		struct rcu_head rcu_head;
	atomic_t refcnt;		refcount_t refcnt;
	char name[CTNL_TIMEOUT_NAME_MAX];		char name[CTNL_TIMEOUT_NAME_MAX];
	__u16 l3num;		__u16 l3num;
	struct nf_conntrack_l4proto *l4proto;		struct nf_conntrack_l4proto *l4proto;

include/net/netfilter/nf_tables.h

+7 −5

Original line number	Original line	Diff line number	Diff line
	@@ -385,10 +385,11 @@ static inline struct nft_set nft_set_container_of(const void priv)
	return (void *)priv - offsetof(struct nft_set, data);		return (void *)priv - offsetof(struct nft_set, data);
	}		}

	struct nft_set nf_tables_set_lookup(const struct nft_table table,		struct nft_set nft_set_lookup(const struct net net,
	const struct nlattr *nla, u8 genmask);		const struct nft_table *table,
	struct nft_set nf_tables_set_lookup_byid(const struct net net,		const struct nlattr *nla_set_name,
	const struct nlattr *nla, u8 genmask);		const struct nlattr *nla_set_id,
			u8 genmask);

	static inline unsigned long nft_set_gc_interval(const struct nft_set *set)		static inline unsigned long nft_set_gc_interval(const struct nft_set *set)
	{		{
	@@ -1016,7 +1017,8 @@ struct nft_object_type {
	unsigned int maxattr;		unsigned int maxattr;
	struct module *owner;		struct module *owner;
	const struct nla_policy *policy;		const struct nla_policy *policy;
	int (init)(const struct nlattr const tb[],		int (init)(const struct nft_ctx ctx,
			const struct nlattr *const tb[],
	struct nft_object *obj);		struct nft_object *obj);
	void (destroy)(struct nft_object obj);		void (destroy)(struct nft_object obj);
	int (dump)(struct sk_buff skb,		int (dump)(struct sk_buff skb,