Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp3450410imm; Tue, 17 Jul 2018 05:10:59 -0700 (PDT) X-Google-Smtp-Source: AAOMgpekD36mYjiaTy3U6yVxBaQ5yC1wQhkVmQOQlAKKWnecuSQpwK+3JMWNACkFbZ60XQSUYZmk X-Received: by 2002:a17:902:b189:: with SMTP id s9-v6mr1392725plr.188.1531829459477; Tue, 17 Jul 2018 05:10:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531829459; cv=none; d=google.com; s=arc-20160816; b=xmHYH7kfdz+M0HWOXjrQGNeCH380iQjQ2lpGPKZwCiUagMVU2m5JMs0kzXMdzprSX4 sA9WIgIgzqVjr9deDgxz8MYT5nTxs2Dur98XZ9SWUO82rAqmL2we+6t+2rGzStjJWXMS lHomyyETZT4TVUlR46BQFg6Qsow5R7KczyNCfim8ZwOnJmidlvPixVntT8NLnUzcpH+k eE3z6pQWOQbrSivZ0Oojt9HuTnkIs6ZAZdJtAVWgYw2v4F5hygaOEMHbN9rGGsYsH7G3 vQ4FvnPXr+aat1vtWVSR/O2juYpfjnnaKHhHcU35voyQiJZUyFmc7j79I7BOHTs01JE6 M50Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=1gsDVoTDI30+BNdnUAPfHgldYLZoDANn7buTXyJt8zM=; b=s0Xd6Z4XTVXe9iUH22OcsDz4ZDLctr6AmcPeg4xHRXYRorVa+Ijzn+1Tf71d+eXtNB 4oG1BgM9YPUsAVKRnTAQgR/h5kpjmKm5YCEVCmiF8e5y+Q6baGzTCW8+h99EuE5wBL3Y GdcyzKq0LI01UJVbKP6FrllfXhGppoLidHva/KB+XH2ic528a0gJGYQ1Fp/Pz3alWp3m Tn/KacsmfzIBCyKXy8M+8AGY3Rs4Xh6cuxkgNYtDS+8P59ann5KkNB+9q/v/Mx7Wo6WB qiCqMFrBqc3f9Zes/elSxGo4XL4gFZUWhGUdPSBy23pVi4JLp0LYyCD1kZOQ80vaJqpg LdXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="UxSnJT/8"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n59-v6si712510plb.198.2018.07.17.05.10.44; Tue, 17 Jul 2018 05:10:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="UxSnJT/8"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731372AbeGQMjG (ORCPT + 99 others); Tue, 17 Jul 2018 08:39:06 -0400 Received: from mail.kernel.org ([198.145.29.99]:60612 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729508AbeGQMjF (ORCPT ); Tue, 17 Jul 2018 08:39:05 -0400 Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com [216.129.126.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 98CEB20C10; Tue, 17 Jul 2018 12:06:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1531829204; bh=yOijbTG+PrUJ8MkectQYAr861pUk5eKHEuXj2ecb8vc=; h=From:To:Cc:Subject:Date:From; b=UxSnJT/8/Edg0ZJOAZpZDNAwYwJL8NNpHLX93/KUW5F5Ym6SJmIzHxLNSJVYBSxGz IBXFPTU9L0GP8rj7l4i5MgEYHzBT68q3ynYWyZjJ8afBG9wW3/NKYAUkCxGGh3NdvB 1Z7WOqgURH7wRhHcA8ZdkLiEk7ilSTgHUWvH8dxo= From: dsahern@kernel.org To: netdev@vger.kernel.org Cc: nikita.leshchenko@oracle.com, roopa@cumulusnetworks.com, stephen@networkplumber.org, idosch@mellanox.com, jiri@mellanox.com, saeedm@mellanox.com, alex.aring@gmail.com, linux-wpan@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-kernel@vger.kernel.org, David Ahern Subject: [PATCH RFC/RFT net-next 00/17] net: Convert neighbor tables to per-namespace Date: Tue, 17 Jul 2018 05:06:34 -0700 Message-Id: <20180717120651.15748-1-dsahern@kernel.org> X-Mailer: git-send-email 2.11.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David Ahern Nikita Leshenko reported that neighbor entries in one namespace can evict neighbor entries in another. The problem is that the neighbor tables have entries across all namespaces without separate accounting and with global limits on when to scan for entries to evict. Resolve by making the neighbor tables for ipv4, ipv6 and decnet per namespace and making the accounting and threshold limits per namespace. David Ahern (17): net/ipv4: rename ipv4_neigh_lookup to ipv4_dst_neigh_lookup net/neigh: export neigh_find_table net/ipv4: wrappers for arp table references net/ipv4: Remove open coded use of arp table net/ipv6: wrappers for neighbor table references net/ipv6: Remove open coded use of neighbor table drivers/net: remove open coding of neighbor tables net: Remove nd_tbl from ipv6 stub net: Remove arp_tbl and nd_tbl from headers net: Add key_len to neighbor constructor net: Change neigh_table_init and neigh_table_clear signature net/neigh: Change neigh_xmit to take an address family net/neighbor: Convert internal functions away from neigh_tables net/ipv4: Convert arp table to per namespace net/ipv6: Convert neighbor table to per-namespace net/decnet: Move neighbor table to per-namespace net/neighbor: Remove neigh_tables and NEIGH enum drivers/infiniband/ulp/ipoib/ipoib_main.c | 14 +- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 35 ++--- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 11 +- .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 27 ++-- .../net/ethernet/mellanox/mlxsw/spectrum_span.c | 8 +- .../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +- drivers/net/ethernet/rocker/rocker_main.c | 4 +- drivers/net/ethernet/rocker/rocker_ofdpa.c | 2 +- drivers/net/vrf.c | 4 +- drivers/net/vxlan.c | 10 +- include/net/addrconf.h | 1 - include/net/arp.h | 25 +++- include/net/ndisc.h | 75 +++++++++- include/net/neighbour.h | 17 +-- include/net/net_namespace.h | 3 + include/net/netns/ipv4.h | 1 + include/net/netns/ipv6.h | 1 + net/atm/clip.c | 14 +- net/bridge/br_arp_nd_proxy.c | 4 +- net/core/filter.c | 3 +- net/core/neighbour.c | 115 +++++++++----- net/decnet/dn_neigh.c | 8 +- net/ieee802154/6lowpan/tx.c | 2 +- net/ipv4/arp.c | 130 +++++++++------- net/ipv4/devinet.c | 8 +- net/ipv4/fib_semantics.c | 2 +- net/ipv4/ip_output.c | 2 +- net/ipv4/route.c | 12 +- net/ipv6/addrconf.c | 16 +- net/ipv6/af_inet6.c | 1 - net/ipv6/ip6_output.c | 4 +- net/ipv6/ndisc.c | 165 +++++++++++---------- net/ipv6/route.c | 12 +- net/mpls/af_mpls.c | 33 ++--- net/mpls/mpls_iptunnel.c | 6 +- net/netfilter/nf_flow_table_ip.c | 4 +- net/netfilter/nft_fwd_netdev.c | 6 +- 37 files changed, 467 insertions(+), 320 deletions(-) -- 2.11.0