[NET,RFC]: Introduce SO_{SND,RCV}BUFFORCE socket options

ctnetlink needs large socket buffer sizes. To avoid increasing the system wide limit we would like to have something that allows CAP_NET_ADMIN to override these limits. The first idea was to change the SO_{SND,RCV}BUF behaviour, but since a valid way of getting the largest possible size is to use

RE: [E1000-devel] Re: drop counts

I apologize for my misconfigured email client, this is my correct address PS machine rebuilds suck. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jesse Brandeburg - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a mess

[PATCH 2/2][NET] cleanup INET_REFCNT_DEBUG code

Hi David, Please consider pulling from: rsync://rsync.kernel.org/pub/scm/linux/kernel/git/acme/net-2.6.git/ -- - Arnaldo tree b2d1a14c34bd0880d421a31a909de6a9c2400f75 parent 18cdbd737f99ac20a3cd9a700d5f616a7db2ebd1 author Arnaldo Carvalho de Melo <[EMAIL PROTECTED]> 1121896161 -0300 commi

[PATCH 1/2][REQSK] Move the syn_table destruction from tcp_listen_stop to reqsk_queue_destroy

Hi David, Please consider pulling from: rsync://rsync.kernel.org/pub/scm/linux/kernel/git/acme/net-2.6.git/ -- - Arnaldo tree 4895b1a30679afb60aff33bcbba03506380364f7 parent f60f700876cd51de9de69f3a3c865d95e287a24d author Arnaldo Carvalho de Melo <[EMAIL PROTECTED]> 1121671485 -0300 commi

Re: [E1000-devel] Re: drop counts

please use netdev@vger.kernel.org On Tue, 19 Jul 2005, [EMAIL PROTECTED] wrote: > I'm confused about the drop count reporting in e1000 > nics (and elsewhere). On e1000 nics the on nic rx buffer > drop counts are maintained in "mpc" and the in kernel buffer drops > are maintained in "rnbc". Ac

Re: [PATCH] reduce netfilte sk_buff enlargement

Wensong Zhang wrote: Well, I hope IPVS people will take care of this. I don't really know that code too well... This bit is only to indicate that the sk_buff is already mangled by IPVS/NAT, so that when both iptables/NAT and IPVS/NAT are enabled, iptables/NAT will not mangle sk_buff again. I

[PATCH 1/2] LSM-IPSec Networking Hooks -- revised flow_cache authorization

Fixed and tested flow_cache_lookup per previous comments. Verified that failed authorization results in new resolution correctly. Note that the previous [PATCH 2/2] applies (only resending one patch now). The SELinux LSM handles the case when the context is null. Regards, Trent. =

Re: [PATCH 3/*] re-add NFC_ defines

All 3 patches applied, thanks Harald. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH] reduce netfilte sk_buff enlargement

From: Harald Welte <[EMAIL PROTECTED]> Date: Wed, 20 Jul 2005 09:23:05 -0400 > On Mon, Jul 18, 2005 at 08:31:45PM -0700, David S. Miller wrote: > > From: Harald Welte <[EMAIL PROTECTED]> > > Date: Mon, 18 Jul 2005 00:04:51 +0200 > > > > > The only real in-tree user of nfcache was IPVS, who only n

MASQUERADE and IPSec tunnel

Hello, I set up IPSec tunnel and iptables as follows: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE spdadd 172.27.210.0/24 172.27.86.0/24 any -P in ipsec esp/tunnel/172.27.1.3-172.27.1.10/require ah/tunnel/172.27.1.3-172.27.1.10/require; spdadd 172.27.86.

Re: [PATCH] reduce netfilte sk_buff enlargement

Hi, Sorry for the delay. On Wed, 20 Jul 2005, Harald Welte wrote: On Mon, Jul 18, 2005 at 08:31:45PM -0700, David S. Miller wrote: From: Harald Welte <[EMAIL PROTECTED]> Date: Mon, 18 Jul 2005 00:04:51 +0200 The only real in-tree user of nfcache was IPVS, who only needs a single bit. Unfo

Re: [2.6 patch] VIA_VELOCITY must depend on INET

On Maw, 2005-07-19 at 15:55 +0200, Adrian Bunk wrote: > VIA_VELOCITY=y and INET=n results in the following compile error: > > <-- snip --> > > ... > LD .tmp_vmlinux1 > drivers/built-in.o: In function `velocity_register_notifier': > via-velocity.c:(.text+0x3462c6): undefined reference to

[PATCH 2/*] nfnetlink layer

Hi Dave, here comes the nfnetlink layer. Its first user (ctnetlink) is waiting for some last review and will follow tomorrow. Please apply to your 2.6.14 tree, thanks! -- - Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/

[PATCH 1/*] connection tracking event notifiers

Hi Dave, I'm now starting to send the accumulated netfilter patches. For now there will be three (event notifiers, nfnetlink, nfc_defines). Tomorrow some more (ctnetlink, with some luck nfnetlink_queue and the pptp-helper) will follow. Please apply to your 2.6.14 tree, thanks! -- - Harald W

[PATCH 3/*] re-add NFC_ defines

Hi Dave, we have to re-add the NFC_ defines to the header files, otherwise old userspace code (such as old versions of the iptables program) will fail to compile :( Please apply to your 2.6.14 tree, thanks! -- - Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/ ==

Re: [PATCH] reduce netfilte sk_buff enlargement

On Mon, Jul 18, 2005 at 08:31:45PM -0700, David S. Miller wrote: > From: Harald Welte <[EMAIL PROTECTED]> > Date: Mon, 18 Jul 2005 00:04:51 +0200 > > > The only real in-tree user of nfcache was IPVS, who only needs a single > > bit. Unfortunately I couldn't find some other free bit in sk_buff to