最近在升级系统的内核,从2.6版本到4.12,梳理了一下网络部分的主要变化,做一下记录。
2.6.6
Network packet timestamping optimization;
Binary Increase Control (BIC) TCP developed by NCSU. It is yet another TCP congestion control algorithm for handling big fat pipes.
2.6.8
TCP/IP congestion control changes from Reno to BIC;
2.6.9
Change in TCP ICMP source quench behavior;
Automatic TCP window scaling calculation;
2.6.11
TCP port randomization;
2.6.15
IPv4/IPv6: UFO (UDP Fragmentation Offload) Scatter-gather approach;
Add nf_conntrack subsystem:support for ipv6;
PPP MPPE encryption module;
Appropriate Byte Count support;
IPV6: RFC 3484 compliant source address selection;
Speed up tcp SACK processing: Use "hints" to speed up the SACK processing;
2.6.16
Netfilter x_tables, an abstraction layer for {ip,ip6,arp}_tables;
Add IFB (Intermediate Functional Block) network device;
LSM-IPSec: Security association restriction;
TCP BIC: CUBIC window growth (2.0). Replace existing BIC version 1.1 with new version 2.0;
Netfilter ip_tables: NUMA-aware allocation;
XFRM: IPsec tunnel wildcard address support;
2.6.17
IPv6: Add support for Router Preference
IPv6: Add Router Reachability Probing
IPv6: Add experimental support for Route Information Option in RA;
Allow show/store of group multicast address;
TCP: MTU probing: Implementation of packetization layer path mtu discovery for TCP;
2.6.18
Add Generic Segmentation Offload (GSO);
2.6.20
Add AF_KEY interface for encapsulation family;
2.6.23
Add multiqueue hardware support API;
Add the new sch_rr qdisc for multiqueue network device support;
IPV6 checksum offloading in network devices;
2.6.24
TCP: Enable SACK enhanced FRTO (RFC4138) by default
UDP: Randomize port selection;
2.6.25
Network namespaces. There're was a initial attempt of network namespaces;
TCP: Splice receive support;
2.6.26
TCP cubic v2.2;
Add IPv6 support to TCP SYN cookies;
Syncookies: Add support for TCP options via timestamps;
2.6.27
netdev: Create netdev_queue abstraction;
2.6.28
Enable netfilter in netns;
tcp: Port redirection support for TCP;
2.6.29
TCP CUBIC v2.3
2.6.31
TX_RING and packet mmap, makes packet socket more efficient for transmission;
sit: stateless autoconf for isatap;
2.6.32
UDP: Handle large incoming UDP/IPv4 and UDP/IPv6 packets and support software UFO;
2.6.33
Batch network namespace destruction;
UDP: bind() optimisation
sit: 6rd (IPv6 Rapid Deployment) Support
2.6.34
TCP: thin dupack (commit), thin linear timeouts;
bridge: add core IGMP snooping support;
tun: socket filter support;
2.6.35
Add GSO ("Generic Segmentation Offload") support on IPv6 forwarding path;
bridge: IPv6 MLD snooping support
RDS: Enable per-cpu workqueue threads, which is more scalable;
netpoll: add generic support for bridge and bonding devices;
Microoptimize alloc_skb(), a critical fast path;
http://git.kernel.org/linus/ec7d2f2cf3a1b76202986519ec4f8ec75b2de232
2.6.36
Optimize Berkeley Packet Filter (BPF) processing;
bonding: allow user-controlled output slave selection
syncookies: add support for ECN;
2.6.37
TCP: Update the use of larger initial windows to use the newer IW values specified in RFC 5681
Allocate skbs on local node: With multiqueue NICs, or using RPS to spread the load it has not sense
Many routing, neighbour, and device handling optimizations on SMP;
2.6.38
IPv4: ECN-aware IP defragmentation;
2.6.39
IPv4: Remove the hash based routing table implementation, make the FIB Trie implementation the default;
RPS: Enable hardware acceleration of RFS;
UDP: Add lockless transmit path;
Add support for network device groups
3.0
Allow setting the network namespace by fd;
Allow no-cache copy from user on transmit;
RDMA: Add netlink infrastructure that allows for registration of RDMA clients;
3.1
Add support for skb zero-copy buffers
3.5
TCP microoptimization: 10Gb+ TCP sender was dropping lot of incoming ACKs because of sk_rcvbuf limit in sk_add_backlog();
3.6
Delete ipv4 routing cache;
tcp: implement the RFC 5691 3.2 mitigation against Blind Reset attack using RST bit (commit) and SYN bit;
Add support for 40GbE link;
3.7
Use a per-task frag allocator;
3.8
RFC 5961 5.2 TCP blind data injection attack mitigation;
Change default TCP hash size to be more in line with current day realities;
Support for checksum offload of encapsulated packets;
IPv6: add support of equal-cost multi-path (ECMP) routing;
tuntap: multiqueue support;
3.9
TCP: add a per-socket timestamp offset;
bridge: add the ability to configure pvid;
8021q: Implement Multiple VLAN Registration Protocol (MVRP);
802: Implement Multiple Registration Protocol (MRP);
ipv4: introduce address lifetime;
soreuseport: infrastructure (commit), TCP/UDP/IPv4/IPv6 implementation;
netpoll: add IPv6 support;
3.10
per hash bucket locking for the frag queue hash;
IPv6: implement RFC3168 5.3 (ecn protection) for ipv6 fragmentation handling;
tcp: implement RFC5682 F-RTO;
tcp: Remove TCP cookie transactions;
tunneling: Add generic Tunnel segmentation offloading support for IPv4-UDP based tunnels;
3.11
sit: add IPv4 over IPv4 support;
gso: Update tunnel segmentation to support Tx checksum offload;
bridge: Add a flag to control unicast packet flood;
3.12
tcp: TSO packets automatic sizing;
tcp: add tcp_syncookies mode to allow unconditionally generation of syncookies;
tcp: increase throughput when reordering is high;
tcp_probe: add IPv6 support;
qdisc: allow setting default queuing discipline other than pfifo_fast;
3.13
ipv6: add support for IPsec virtual tunnel interfaces, which provide a routable interface for IPsec tunnel endpoints;
ipset: add network namespaces;
3.14
ipv6: router reachability probing;
Add GRO support for UDP encapsulating protocols;
packet: improve socket create/bind latency in some cases commit, introduce PACKET_QDISC_BYPASS socket option commit, use percpu mmap tx frame pending refcount;
3.15
Devices: add busy_poll feature to allow finding out if a device supports busy polling;
3.16
Add Generic Segmentation Offload support for UDP tunnels with checksum;
Implemement zero RX checksums for UDP/IPv6;
tcp: Add a TCP_FASTOPEN socket option to get a max backlog on its listner;
Allow userspace to take ownership of interfaces;
3.17
ipv6: Implement automatic generation of flow labels for IPv6 packets on transmit;
timestamp: ACK timestamp for bytestreams;
timestamping: TCP timestamping;
3.18
TCP: Restore RFC5961-compliant behavior for SYN packets;
UDP: GRO for UDPv6;
3.19
Generic receive offload: add a per device gro flush timer;
net: allow setting ECN via routing table;
Add SO_INCOMING_CPU socket option;
Add support for remote checksum offload for Generic UDP Encapsulation (GUE);
bridge: Add support for IEEE 802.11 Proxy ARP;
4.0
TCP: Add the possibility to define a per route/destination congestion control algorithm;
Mitigate TCP "ACK loop" DoS scenarios by rate-limiting outgoing duplicate ACKs sent in response to incoming "out of window" segment;
udpv6: Add lockless sendmsg() support, thus allowing multiple threads to send to a single socket more efficiently;
Add Transparent Ethernet Bridging GRO support;
netdev: introduce new NETIF_F_HW_SWITCH_OFFLOAD feature flag for switch device offloads;
4.1
ipv4: Create probe timer for tcp PMTU as per RFC4821;
ipv4: Raise tcp PMTU probe mss base size from 512 to 1024 bytes;
Add real socket cookies, instead of using kernel socket addresses as cookies;
sockets: add support for async operations;
tcp: RFC7413 option support for Fast Open client and server;
4.2
net scheduler: run ingress qdisc without locks;
4.3
Make IPv6 support be enabled into kernel by default;
IPv6: Enable auto flow labels by default;
4.4
Lockless TCP listener;
Add setsockopt() support for SO_INCOMING_CPU and extend SO_REUSEPORT selection logic;
TCP: Recent ACK (RACK) loss recovery;
IPv4: Hash-based multipath routing;
IPv6 support to the Virtual Routing and Forwarding (VRF) devices;
Introduce L3 Master device abstraction support;
tso: add support for IPv6;
4.5
Add generic device polling support for all drivers that support NAPI;
IPv4: Make TCP keepalive settings per-namespace;
4.6
tcp fastopen: accept data/FIN present in SYNACK message;
TCP: Faster SO_REUSEPORT for TCP
Add network namespace support for tc actions;
4.7
Add support for partial Generic Segmentation Offload;
Generic Receive Offload: Allow TCP to aggregate TCP frames with a fixed IPv4 ID field;
Add rate limiting on ACK sent on behalf of SYN_RECV to better resist to SYNFLOOD targeting one or few flows;
TCP: Improve even more the resistance to synflood (performance under synflood goes from 3.2 Mpps to 6 Mpps);
UDP: Add Generic Receive Offload functions to UDP socket and removes udp_offload infrastructure;
4.8
Add support for per-UID routing;
IPv4: Enable support for Virtual Routing and Forwarding with ipv4 multicast;
IPv6: Add support for IPv6 Segment Routing;
TCP: randomize TCP timestamp offsets for each connection;
4.11
Use newly added SipHash algorithm for secure sequence numbers, instead of MD5, and for syncookies, instead of SHA1;
TCP: Enables RACK loss detection (draft-ietf-tcpm-rack-01) to trigger fast recovery with a reordering timer;
Encapsulating Security Payload (ESP): Add a software GRO for ESP on ipv4 and ipv6;
4.12
TCP: remove per-destination timestamp cache;
TCP: remove tcp_tw_recycle;
bridge: allow to add externally learned entries from user-space;
2.6.6
Network packet timestamping optimization;
Binary Increase Control (BIC) TCP developed by NCSU. It is yet another TCP congestion control algorithm for handling big fat pipes.
2.6.8
TCP/IP congestion control changes from Reno to BIC;
2.6.9
Change in TCP ICMP source quench behavior;
Automatic TCP window scaling calculation;
2.6.11
TCP port randomization;
2.6.15
IPv4/IPv6: UFO (UDP Fragmentation Offload) Scatter-gather approach;
Add nf_conntrack subsystem:support for ipv6;
PPP MPPE encryption module;
Appropriate Byte Count support;
IPV6: RFC 3484 compliant source address selection;
Speed up tcp SACK processing: Use "hints" to speed up the SACK processing;
2.6.16
Netfilter x_tables, an abstraction layer for {ip,ip6,arp}_tables;
Add IFB (Intermediate Functional Block) network device;
LSM-IPSec: Security association restriction;
TCP BIC: CUBIC window growth (2.0). Replace existing BIC version 1.1 with new version 2.0;
Netfilter ip_tables: NUMA-aware allocation;
XFRM: IPsec tunnel wildcard address support;
2.6.17
IPv6: Add support for Router Preference
IPv6: Add Router Reachability Probing
IPv6: Add experimental support for Route Information Option in RA;
Allow show/store of group multicast address;
TCP: MTU probing: Implementation of packetization layer path mtu discovery for TCP;
2.6.18
Add Generic Segmentation Offload (GSO);
2.6.20
Add AF_KEY interface for encapsulation family;
2.6.23
Add multiqueue hardware support API;
Add the new sch_rr qdisc for multiqueue network device support;
IPV6 checksum offloading in network devices;
2.6.24
TCP: Enable SACK enhanced FRTO (RFC4138) by default
UDP: Randomize port selection;
2.6.25
Network namespaces. There're was a initial attempt of network namespaces;
TCP: Splice receive support;
2.6.26
TCP cubic v2.2;
Add IPv6 support to TCP SYN cookies;
Syncookies: Add support for TCP options via timestamps;
2.6.27
netdev: Create netdev_queue abstraction;
2.6.28
Enable netfilter in netns;
tcp: Port redirection support for TCP;
2.6.29
TCP CUBIC v2.3
2.6.31
TX_RING and packet mmap, makes packet socket more efficient for transmission;
sit: stateless autoconf for isatap;
2.6.32
UDP: Handle large incoming UDP/IPv4 and UDP/IPv6 packets and support software UFO;
2.6.33
Batch network namespace destruction;
UDP: bind() optimisation
sit: 6rd (IPv6 Rapid Deployment) Support
2.6.34
TCP: thin dupack (commit), thin linear timeouts;
bridge: add core IGMP snooping support;
tun: socket filter support;
2.6.35
Add GSO ("Generic Segmentation Offload") support on IPv6 forwarding path;
bridge: IPv6 MLD snooping support
RDS: Enable per-cpu workqueue threads, which is more scalable;
netpoll: add generic support for bridge and bonding devices;
Microoptimize alloc_skb(), a critical fast path;
http://git.kernel.org/linus/ec7d2f2cf3a1b76202986519ec4f8ec75b2de232
2.6.36
Optimize Berkeley Packet Filter (BPF) processing;
bonding: allow user-controlled output slave selection
syncookies: add support for ECN;
2.6.37
TCP: Update the use of larger initial windows to use the newer IW values specified in RFC 5681
Allocate skbs on local node: With multiqueue NICs, or using RPS to spread the load it has not sense
Many routing, neighbour, and device handling optimizations on SMP;
2.6.38
IPv4: ECN-aware IP defragmentation;
2.6.39
IPv4: Remove the hash based routing table implementation, make the FIB Trie implementation the default;
RPS: Enable hardware acceleration of RFS;
UDP: Add lockless transmit path;
Add support for network device groups
3.0
Allow setting the network namespace by fd;
Allow no-cache copy from user on transmit;
RDMA: Add netlink infrastructure that allows for registration of RDMA clients;
3.1
Add support for skb zero-copy buffers
3.5
TCP microoptimization: 10Gb+ TCP sender was dropping lot of incoming ACKs because of sk_rcvbuf limit in sk_add_backlog();
3.6
Delete ipv4 routing cache;
tcp: implement the RFC 5691 3.2 mitigation against Blind Reset attack using RST bit (commit) and SYN bit;
Add support for 40GbE link;
3.7
Use a per-task frag allocator;
3.8
RFC 5961 5.2 TCP blind data injection attack mitigation;
Change default TCP hash size to be more in line with current day realities;
Support for checksum offload of encapsulated packets;
IPv6: add support of equal-cost multi-path (ECMP) routing;
tuntap: multiqueue support;
3.9
TCP: add a per-socket timestamp offset;
bridge: add the ability to configure pvid;
8021q: Implement Multiple VLAN Registration Protocol (MVRP);
802: Implement Multiple Registration Protocol (MRP);
ipv4: introduce address lifetime;
soreuseport: infrastructure (commit), TCP/UDP/IPv4/IPv6 implementation;
netpoll: add IPv6 support;
3.10
per hash bucket locking for the frag queue hash;
IPv6: implement RFC3168 5.3 (ecn protection) for ipv6 fragmentation handling;
tcp: implement RFC5682 F-RTO;
tcp: Remove TCP cookie transactions;
tunneling: Add generic Tunnel segmentation offloading support for IPv4-UDP based tunnels;
3.11
sit: add IPv4 over IPv4 support;
gso: Update tunnel segmentation to support Tx checksum offload;
bridge: Add a flag to control unicast packet flood;
3.12
tcp: TSO packets automatic sizing;
tcp: add tcp_syncookies mode to allow unconditionally generation of syncookies;
tcp: increase throughput when reordering is high;
tcp_probe: add IPv6 support;
qdisc: allow setting default queuing discipline other than pfifo_fast;
3.13
ipv6: add support for IPsec virtual tunnel interfaces, which provide a routable interface for IPsec tunnel endpoints;
ipset: add network namespaces;
3.14
ipv6: router reachability probing;
Add GRO support for UDP encapsulating protocols;
packet: improve socket create/bind latency in some cases commit, introduce PACKET_QDISC_BYPASS socket option commit, use percpu mmap tx frame pending refcount;
3.15
Devices: add busy_poll feature to allow finding out if a device supports busy polling;
3.16
Add Generic Segmentation Offload support for UDP tunnels with checksum;
Implemement zero RX checksums for UDP/IPv6;
tcp: Add a TCP_FASTOPEN socket option to get a max backlog on its listner;
Allow userspace to take ownership of interfaces;
3.17
ipv6: Implement automatic generation of flow labels for IPv6 packets on transmit;
timestamp: ACK timestamp for bytestreams;
timestamping: TCP timestamping;
3.18
TCP: Restore RFC5961-compliant behavior for SYN packets;
UDP: GRO for UDPv6;
3.19
Generic receive offload: add a per device gro flush timer;
net: allow setting ECN via routing table;
Add SO_INCOMING_CPU socket option;
Add support for remote checksum offload for Generic UDP Encapsulation (GUE);
bridge: Add support for IEEE 802.11 Proxy ARP;
4.0
TCP: Add the possibility to define a per route/destination congestion control algorithm;
Mitigate TCP "ACK loop" DoS scenarios by rate-limiting outgoing duplicate ACKs sent in response to incoming "out of window" segment;
udpv6: Add lockless sendmsg() support, thus allowing multiple threads to send to a single socket more efficiently;
Add Transparent Ethernet Bridging GRO support;
netdev: introduce new NETIF_F_HW_SWITCH_OFFLOAD feature flag for switch device offloads;
4.1
ipv4: Create probe timer for tcp PMTU as per RFC4821;
ipv4: Raise tcp PMTU probe mss base size from 512 to 1024 bytes;
Add real socket cookies, instead of using kernel socket addresses as cookies;
sockets: add support for async operations;
tcp: RFC7413 option support for Fast Open client and server;
4.2
net scheduler: run ingress qdisc without locks;
4.3
Make IPv6 support be enabled into kernel by default;
IPv6: Enable auto flow labels by default;
4.4
Lockless TCP listener;
Add setsockopt() support for SO_INCOMING_CPU and extend SO_REUSEPORT selection logic;
TCP: Recent ACK (RACK) loss recovery;
IPv4: Hash-based multipath routing;
IPv6 support to the Virtual Routing and Forwarding (VRF) devices;
Introduce L3 Master device abstraction support;
tso: add support for IPv6;
4.5
Add generic device polling support for all drivers that support NAPI;
IPv4: Make TCP keepalive settings per-namespace;
4.6
tcp fastopen: accept data/FIN present in SYNACK message;
TCP: Faster SO_REUSEPORT for TCP
Add network namespace support for tc actions;
4.7
Add support for partial Generic Segmentation Offload;
Generic Receive Offload: Allow TCP to aggregate TCP frames with a fixed IPv4 ID field;
Add rate limiting on ACK sent on behalf of SYN_RECV to better resist to SYNFLOOD targeting one or few flows;
TCP: Improve even more the resistance to synflood (performance under synflood goes from 3.2 Mpps to 6 Mpps);
UDP: Add Generic Receive Offload functions to UDP socket and removes udp_offload infrastructure;
4.8
Add support for per-UID routing;
IPv4: Enable support for Virtual Routing and Forwarding with ipv4 multicast;
IPv6: Add support for IPv6 Segment Routing;
TCP: randomize TCP timestamp offsets for each connection;
4.11
Use newly added SipHash algorithm for secure sequence numbers, instead of MD5, and for syncookies, instead of SHA1;
TCP: Enables RACK loss detection (draft-ietf-tcpm-rack-01) to trigger fast recovery with a reordering timer;
Encapsulating Security Payload (ESP): Add a software GRO for ESP on ipv4 and ipv6;
4.12
TCP: remove per-destination timestamp cache;
TCP: remove tcp_tw_recycle;
bridge: allow to add externally learned entries from user-space;
xfrm: Add an IPsec hardware offloading API;