A.9 Networking

  • Add CPU fanout policies for hashing to the packet interface based on mapping socket buffers to Rx hashes, and a pure round-robin scheme. (3.1)

  • Improve the client announcement mechanism in the Better Approach To Mobile Adhoc Networking (B.A.T.M.A.N.) routing protocol. The change resolves performance and latency issues with the previous implementation by appending client changes (new client joined or client left) to the OGM. System overhead is reduced by allowing nodes to modify their global tables by means of updates. The new ROAMING_ADVERTISEMENT packet type eliminates latency and packet drop issues seen with OGM broadcasting. (3.1)

  • Add support for zero-copy socket buffers. Adds user-space buffer support in the socket buffer shared information. (3.1)

  • Use MD5 to compute protocol sequence numbers and fragment IDs per RFC1948. Update code to take into account current CPU speeds and to use a full 32-bit sequence number. (3.1)

  • Add a multicast group for DCB to provide a clean method for disseminating kernel DCB link attributes to user space. (3.1)

  • Add SELinux context support to the AUDIT target of netfilter. (3.1)

  • Add range support for IPv4 to netfilter. (3.1)

  • Lower the default init retransmission timeout (RTO) from 3 seconds to 1 second per RFC2988bis. The RTO falls back to 3 seconds if a SYN or SYN-ACK packet has been retransmitted and the TCP time stamp option is not on. (3.1)

  • Implement support for Auto-ASCONF (see RFC5061) in the Stream Control Transmission Protocol (SCTP) stack. The change includes features for enabling and configuring settings. (3.1)

  • Reduce the false sharing effect. (3.1)

  • Reduce CPU overhead of check_leaf() with the route cache disabled. (3.1)

  • Add support to the virtio_net driver to obtain Rx and Tx ring parameter information from an Ethernet device. Used by the ethtool -g ethX command. (3.2)

  • Implement AP isolation on the receiver and sender side for B.A.T.M.A.N. When a node receives a unicast packet, it checks whether the source and destination client can communicate due to the AP isolation. (3.2)

  • Remove the IPv4 gc_interval from sysctl. (3.2)

  • Add TPACKET_V3 support including a flexible buffer implementation. (3.2)

  • Allow forwarding of some link-local frames by network bridges. You can use /sys/class/net/brX/bridge/group_fwd_mask in sysfs to control frame forwarding. (3.2)

  • Implement TCP proportional rate reduction. (3.2)

  • Add netlink-based Content Addressable Network (CAN) routing. (3.2)

  • Add support for the socket monitoring interface used by the ss tool. (3.3)

  • Add support for the SCSI RDMP Protocol (SRP) target driver. The SRP protocol allows an initiator to access a block storage device on another host (target) over a network that supports the RDMA protocol. Currently, the RDMA protocol is supported by InfiniBand. (3.3)

  • Add unresolved queue limits to neigh. Deprecate /proc/sys/net/ipv4/neigh/default/unres_qlen, and replace it with unres_qlen_bytes. (3.3)

  • Add CAIF USB support. (3.3)

  • Add an extended accounting infrastructure for netfilter over nfnetlink, which allows the display of real-time traffic accounting without requiring a complicated and resource-consuming implementation in user space. (3.3)

  • Add nfacct match to netfilter, which supports extended accounting. (3.3)

  • Add reverse patch filter (rpfilter) to netfilter, which allows matching of packets where replies use the same interface on which the packet arrived. (3.3)

  • Add adaptive random early detection (RED) active queue management (AQM) to the packet scheduler. (3.3)

  • Add an optional RED on top of stochastic fairness queueing (SFQ) to the packet scheduler, enabling SFQ features such as specifying a smaller per flow limit for in-flight packets, up to 65408 active flows (as compared to 127 previously), head drops instead of tail drops, and optional RED on each SFQ flow queue. (3.3)

  • Add 802.1q netpoll support to vlan. (3.3)

  • Add NTF_USE bridge support plus other changes to allow the control of forwarding database via netlink. (3.3)

  • New plug-queuing discipline allows a user space application to plug or unplug a network output queue via the Netlink interface. (3.4)

  • Add the ability to change the routing algorithm at runtime to B.A.T.M.A.N. (3.4)

  • RCU conversion in TCP allows access to MD5 keys without locking the listener socket. (3.4)

  • For some workloads, allowing splice() to build full TSO packets can reduce number of logical packets sent by an order of magnitude, making zero-copy TCP faster than one-copy. (3.4)

  • Add the SO_PEEK_OFF socket option. (3.4)

  • Support peeking offset for datagram sockets, seqpacket sockets, and stream sockets. (3.4)

  • Add MSG_TRUNC support for datagram sockets so that recv() returns the real length of the packet, even if it is longer than the passed buffer. (3.4)

  • Add missing SO_NOFCS socket option. (3.4)

  • Add timeout extension to netfilter, which allows timeout policies to be attached to the flow via the connection tracking target. Add the cttimeout infrastructure for fine timeout tuning. (3.4)

  • Add NAT support for expectation classes in netfilter. (3.4)

  • Add exceptions support to netfilter. (3.4)

  • Merge ipt_LOG and ip6_LOG into xt_log in netfilter. (3.4)

  • Add hardware-independent IEEE 802.15.4 networking stack for softMAC devices. (3.5)

  • Tune performance of sk_add_backlog. (3.5)

  • Add binary option type, a load-balancer module, a per-port option for enabling or disabling ports, and support for per-port options to the team device. (3.5)

  • Add raw packet QP type IB_QPT_RAW_PACKET to InfiniBand core. This allows applications to build a complete packet, including L2 headers, when sending. On the receive side, the hardware does not strip any headers. This feature is designed for user-space direct access to Ethernet. (3.5)

  • Treat ND option 31 as user land (DNSSL support) in IPv6 per RFC6106. The 8-bit identifier of the DNSSL option type assigned by the IANA has the value 31. (3.5)

  • Replace basic bridge loop avoidance code in the batman-adv module. (3.5)

  • Set traffic class for CAIF packets based on socket priority, CAIF protocol type, or type of message. (3.5)

  • Add generic PF_BRIDGE:RTM_FDB hooks and two new flags: NTF_MASTER and NTF_SELF. (3.5)

  • Add Explicit Congestion Notification (ECN) capability to pktsched. Instead of dropping packets, attempt to mark them as ECN. (3.5)

  • Remove support for token ring. (3.5)

  • Remove support for Econet protocol. (3.5)

  • Add an optional QoS attribute to DCB netlink to allow the setting of a rate limit for an ETS TC. 3.5

  • Add CEE notify calls when an APP change or setall command is made from user space. (3.5)

  • Add HMARK target support to netfilter. (3.5)

  • If net.bridge.bridge-nf-filter-vlan-tagged is enabled in sysctl, bridge netfilter removes the vlan header temporarily and feeds the packet to iptables or ip6tables. Add bridge-nf-pass-vlan-input-device, which if set to on (default is off), netfilter also sets the in interface to the vlan interface if this interface exists. This change allows the iptables REDIRECT target work with vlan-on-top-of-bridge configurations and the use of iptables -i" to match the vlan device name. (3.5)

  • Allow byte-based limit mode can be used with netfilter, for example, to support ingress-traffic policing or to detect when a host or port consumes more bandwidth than expected. (3.5)

  • Add support for sync threads to netfilter. (3.5)

  • Remove ip_queue support from netfilter. (3.5)

  • Add support for Layer 2 Tunneling Protocol (L2TP) over UDP in IPv6. (3.5)

  • Add L2TPv3 IP encapsulation support for IPv6. (3.5)

  • Add netlink API for L2TPv3 unmanaged tunnels over IPv6. (3.5)

  • Remove IPv4 routing cache that was vulnerable to denial of service attacks. (3.6)

  • Implement RFC 5691 3.2 and RFC 5961 4.2 (Mitigation against Blind Reset attack using RST bit and SYN bit). (3.6)

  • Add VTI support. (3.6)

  • Add an interface option route_localnet that enables the routing of the 127/8 address block and processing of ARP requests on a specific interface (for example, to address a pool of virtual guests behind a load balancer). (3.6)

  • Add multiqueue and netpoll support to team. (3.6)

  • Add experimental zero-copy Tx support to tun. (3.6)

  • Add support for 40GbE. (3.6)

  • Add fail-open support to netfilter, where the queue-full condition does not drop packets. (3.6)

  • Add user-space connection tracking helper infrastructure to netfilter. (3.6)

  • Extends the ethtool interface to add support for the EEE commands: get_eee'and set_eee. (3.6)

  • Add Generic Routing Encapsulation (GRE) over IPv6, generic segmentation offload (GSO), and GRO capability. (3.7)

  • Set default MTU for loopback devices to 64 KB. Allows TCP stacks to build large frames and significantly reduces stack overhead. (3.7)

  • Add an extended attribute to store data for the mapping between inode numbers in sockfs and protocol types for use by lsof. 3.7

  • Implement a per-task fragmentation allocator, which can improve TCP stream performance by 20% on loopback devices. (3.7)

  • Various netfilter changes:

    • Add a protocol-independent NAT core.

    • Add IPv6 MASQUERADE target.

    • Add IPv6 NETMAP target.

    • Add IPv6 REDIRECT target.

    • Add IPv6 AT support.

    • Support IPv6 FTP NAT helper.

    • Support IPv6 IRC NAT helper.

    • Support IPv6 SIP NAT helper.

    • Support IPv6 in the amanda NAT helper.

    • Add stateless IPv6-to-IPv6 Network Prefix Translation target.

    • Remove xt_NOTRACK.

    (3.7)

  • Add link layer control (LLC) core layer to HCI 2, add an SHDLC llc module to the lic core, and add LLCP raw socket support to NFC. (3.7)

  • Support IPv6 transmit hashing (and TCP or UDP over IPv6) in the bonding driver. (3.7)

  • Add support for dumping diagnostic core and basic socket information (family, type and protocol) at socket creation time. (3.7)

  • Add support to ethtool for setting the MDI/MDI-x state for twisted-pair wiring. (3.7)

  • Add 64-bit statistics support to PPP, including tx_bytes, rx_bytes, tx_packets, and rx_packets. 3.7

  • Add generic netlink support for tcp_metrics that allows unlinking and deletion of entries after a grace period. (3.7)

  • Add bridge port parameters over netlink to permit dumping, monitoring, and changing the bridge multicast database. (3.8)

  • Add support for RFC 5961 5.2 Blind Data Injection Attack Mitigation. (3.8)

  • Change default TCP hash size, and add support for hardware-offloaded encapsulation and offloading of encapsulated packets for VXLAN and IP GRE. (3.8)

  • Add vlan tag access to netfilter. (3.8)

  • Add extensions to VXLAN to support Distributed Overlay Virtual Ethernet (DOVE) networks. (3.8)

  • Add IPv6 set action functionality to openswitch. (3.8)

  • Add GSO support to IPIP tunnels, increasing the performance of a single TCP flow. (3.8)

  • Implement IPv6 fragment handling for IPVS (3.8)

  • Add support in netfilter for querying the destination address of a redirected connection. (3.8)

  • Add NOTRACK target recovery to netfilter. (3.8)

  • Implement QFQ+ in sched. (3.8)

  • Add support for RTM_GETNETCONF to routing netlink. (3.8)

  • Add support for per-association statistics by implementing the SCTP_GET_ASSOC_STATS call for the Stream Control Transmission Protocol (SCTP). (3.8)

  • Add a sysctl that allows the selection of the HMAC algorithm (static or dynamic) used by SCTP. (3.8)

  • Add support for SO_ATTACH_FILTER required to save the full state of a socket. (3.8)

  • Convert tun/tap into a multiqueue device and expose the queues as file descriptors in user space. (3.8)