linux-toradex.git/Documentation/networking/ip-sysctl.txt, branch v2.6.32.31 Linux kernel for Apalis and Colibri modules sctp: Sysctl configuration for IPv4 Address Scoping 2009-09-04T22:21:01+00:00 Bhaskar Dutta bhaskie@gmail.com 2009-09-03T11:55:47+00:00 723884339f90a9c420783135168cc1045750eb5d This patch introduces a new sysctl option to make IPv4 Address Scoping configurable <draft-stewart-tsvwg-sctp-ipv4-00.txt>. In networking environments where DNAT rules in iptables prerouting chains convert destination IP's to link-local/private IP addresses, SCTP connections fail to establish as the INIT chunk is dropped by the kernel due to address scope match failure. For example to support overlapping IP addresses (same IP address with different vlan id) a Layer-5 application listens on link local IP's, and there is a DNAT rule that maps the destination IP to a link local IP. Such applications never get the SCTP INIT if the address-scoping draft is strictly followed. This sysctl configuration allows SCTP to function in such unconventional networking environments. Sysctl options: 0 - Disable IPv4 address scoping draft altogether 1 - Enable IPv4 address scoping (default, current behavior) 2 - Enable address scoping but allow IPv4 private addresses in init/init-ack 3 - Enable address scoping but allow IPv4 link local address in init/init-ack Signed-off-by: Bhaskar Dutta <bhaskar.dutta@globallogic.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> 
This patch introduces a new sysctl option to make IPv4 Address Scoping
configurable <draft-stewart-tsvwg-sctp-ipv4-00.txt>.

In networking environments where DNAT rules in iptables prerouting
chains convert destination IP's to link-local/private IP addresses,
SCTP connections fail to establish as the INIT chunk is dropped by the
kernel due to address scope match failure.
For example to support overlapping IP addresses (same IP address with
different vlan id) a Layer-5 application listens on link local IP's,
and there is a DNAT rule that maps the destination IP to a link local
IP. Such applications never get the SCTP INIT if the address-scoping
draft is strictly followed.

This sysctl configuration allows SCTP to function in such
unconventional networking environments.

Sysctl options:
0 - Disable IPv4 address scoping draft altogether
1 - Enable IPv4 address scoping (default, current behavior)
2 - Enable address scoping but allow IPv4 private addresses in init/init-ack
3 - Enable address scoping but allow IPv4 link local address in init/init-ack

Signed-off-by: Bhaskar Dutta <bhaskar.dutta@globallogic.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
RTO connection timeout: sysctl documentation update 2009-09-02T00:40:50+00:00 Damian Lukowski damian@tvk.rwth-aachen.de 2009-09-01T10:24:04+00:00 5d7892298a819743b3892df08bb496992fe85951 This patch updates the sysctl documentation concerning the interpretation of tcp_retries{1,2} and tcp_orphan_retries. Signed-off-by: Damian Lukowski <damian@tvk.rwth-aachen.de> Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch updates the sysctl documentation concerning the interpretation
of tcp_retries{1,2} and tcp_orphan_retries.

Signed-off-by: Damian Lukowski <damian@tvk.rwth-aachen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
IPv6: Add 'autoconf' and 'disable_ipv6' module parameters 2009-06-01T10:07:33+00:00 Brian Haley brian.haley@hp.com 2009-06-01T10:07:33+00:00 56d417b12e57dfe11c9b7ba4bea3882c62a55815 Add 'autoconf' and 'disable_ipv6' parameters to the IPv6 module. The first controls if IPv6 addresses are autoconfigured from prefixes received in Router Advertisements. The IPv6 loopback (::1) and link-local addresses are still configured. The second controls if IPv6 addresses are desired at all. No IPv6 addresses will be added to any interfaces. Signed-off-by: Brian Haley <brian.haley@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Add 'autoconf' and 'disable_ipv6' parameters to the IPv6 module.

The first controls if IPv6 addresses are autoconfigured from
prefixes received in Router Advertisements.  The IPv6 loopback
(::1) and link-local addresses are still configured.

The second controls if IPv6 addresses are desired at all.  No
IPv6 addresses will be added to any interfaces.

Signed-off-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-05-19T04:08:20+00:00 David S. Miller davem@davemloft.net 2009-05-19T04:08:20+00:00 bb803cfbecb03a0cf8dc7e1864f18dda6631af00 Conflicts: drivers/scsi/fcoe/fcoe.c 
Conflicts:
	drivers/scsi/fcoe/fcoe.c
Doc: fixed descriptions on /proc/sys/net/core/* and /proc/sys/net/unix/* 2009-05-18T04:19:31+00:00 Wang Tinggong wangtinggong@gmail.com 2009-05-14T22:49:36+00:00 705efc3b03cbee449e4d83b230423894152f7982 Signed-off-by: Wang Tinggong <wangtinggong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Wang Tinggong <wangtinggong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
tcp: extend ECN sysctl to allow server-side only ECN 2009-05-04T18:07:36+00:00 Ilpo Järvinen ilpo.jarvinen@helsinki.fi 2009-05-04T18:07:36+00:00 255cac91c3c9ce7dca7713b93ab03c75b7902e0e This should be very safe compared with full enabled, so I see no reason why it shouldn't be done right away. As ECN can only be negotiated if the SYN sending party is also supporting it, somebody in the loop probably knows what he/she is doing. If SYN does not ask for ECN, the server side SYN-ACK is identical to what it is without ECN. Thus it's quite safe. The chosen value is safe w.r.t to existing configs which choose to currently set manually either 0 or 1 but silently upgrades those who have not explicitly requested ECN off. Whether to just enable both sides comes up time to time but unless that gets done now we can at least make the servers aware of ECN already. As there are some known problems to occur if ECN is enabled, it's currently questionable whether there's any real gain from enabling clients as servers mostly won't support it anyway (so we'd hit just the negative sides). After enabling the servers and getting that deployed, the client end enable really has some potential gain too. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net> 
This should be very safe compared with full enabled, so I see
no reason why it shouldn't be done right away. As ECN can only
be negotiated if the SYN sending party is also supporting it,
somebody in the loop probably knows what he/she is doing. If
SYN does not ask for ECN, the server side SYN-ACK is identical
to what it is without ECN. Thus it's quite safe.

The chosen value is safe w.r.t to existing configs which
choose to currently set manually either 0 or 1 but
silently upgrades those who have not explicitly requested
ECN off.

Whether to just enable both sides comes up time to time but
unless that gets done now we can at least make the servers
aware of ECN already. As there are some known problems to occur
if ECN is enabled, it's currently questionable whether there's
any real gain from enabling clients as servers mostly won't
support it anyway (so we'd hit just the negative sides). After
enabling the servers and getting that deployed, the client end
enable really has some potential gain too.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
ipv6: Fix incorrect disable_ipv6 behavior 2009-03-19T01:22:48+00:00 Brian Haley brian.haley@hp.com 2009-03-19T01:22:48+00:00 9bdd8d40c8c59435664af6049dabe24b7779b203 Fix the behavior of allowing both sysctl and addrconf_dad_failure() to set the disable_ipv6 parameter without any bad side-effects. If DAD fails and accept_dad > 1, we will still set disable_ipv6=1, but then instead of allowing an RA to add an address then immediately fail DAD, we simply don't allow the address to be added in the first place. This also lets the user set this flag and disable all IPv6 addresses on the interface, or on the entire system. Signed-off-by: Brian Haley <brian.haley@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Fix the behavior of allowing both sysctl and addrconf_dad_failure()
to set the disable_ipv6 parameter without any bad side-effects.
If DAD fails and accept_dad > 1, we will still set disable_ipv6=1,
but then instead of allowing an RA to add an address then
immediately fail DAD, we simply don't allow the address to be
added in the first place.  This also lets the user set this flag
and disable all IPv6 addresses on the interface, or on the entire
system.

Signed-off-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Doc: Cleanup whitespaces in ip-sysctl.txt 2009-02-24T11:47:41+00:00 Jesper Dangaard Brouer jdb@comx.dk 2009-02-23T04:39:04+00:00 e18f5feb0c851a0e77e315b3d9ef1c432b1a50ec Fix up whitespaces while going though ip-sysctl.txt anyway. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: David S. Miller <davem@davemloft.net> 
Fix up whitespaces while going though ip-sysctl.txt anyway.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Doc: Fix typos in ip-sysctl.txt about rp_filter. 2009-02-24T11:47:41+00:00 Jesper Dangaard Brouer jdb@comx.dk 2009-02-23T04:37:55+00:00 bf869c30628cc02295fb919f0d0074f296d5f129 First fix a typo in Stephens patch ;-) Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: David S. Miller <davem@davemloft.net> 
First fix a typo in Stephens patch ;-)

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
ip: add loose reverse path filtering 2009-02-23T03:54:45+00:00 Stephen Hemminger shemminger@vyatta.com 2009-02-20T08:25:36+00:00 c1cf8422f0512c2b14f0d66bce34abb0645c888a Extend existing reverse path filter option to allow strict or loose filtering. (See http://en.wikipedia.org/wiki/Reverse_path_filtering). For compatibility with existing usage, the value 1 is chosen for strict mode and 2 for loose mode. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Extend existing reverse path filter option to allow strict or loose
filtering. (See http://en.wikipedia.org/wiki/Reverse_path_filtering).

For compatibility with existing usage, the value 1 is chosen for strict mode
and 2 for loose mode.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>