- 15 Nov, 2019 5 commits
-
-
Phil Sutter authored
Instead of generally passing NULL to NF_HOOK_COND() for input device, pass skb->dev which contains input device for routed skbs. Note that iptables (both legacy and nft) reject rules with input interface match from being added to POSTROUTING chains, but nftables allows this. Cc: Eric Garver <eric@garver.life> Signed-off-by:
Phil Sutter <phil@nwl.cc> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
Add nf_flow_rule_route_ipv6() and use it from the IPv6 and the inet flowtable type definitions. Rename the nf_flow_rule_route() function to nf_flow_rule_route_ipv4(). Adjust maximum number of actions, which now becomes 16 to leave sufficient room for the IPv6 address mangling for NAT. Signed-off-by: -
Pablo Neira Ayuso authored
This function retrieves a spare action entry from the array of actions. Signed-off-by: -
Arnd Bergmann authored
On 32-bit architectures, get_seconds() returns an unsigned 32-bit time value, which also matches the type used in the nft_meta code. This will not overflow in year 2038 as a time_t would, but it still suffers from the overflow problem later on in year 2106. Change this instance to use the time64_t type consistently and avoid the deprecated get_seconds(). The nft_meta_weekday() calculation potentially gets a little slower on 32-bit architectures, but now it has the same behavior as on 64-bit architectures and does not overflow. Fixes: 63d10e12 ("netfilter: nft_meta: support for time matching") Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Acked-by:
-
Arnd Bergmann authored
The current xt_time driver suffers from the y2038 overflow on 32-bit architectures, when the time of day calculations break. Also, on both 32-bit and 64-bit architectures, there is a problem with info->date_start/stop, which is part of the user ABI and overflows in in 2106. Fix the first issue by using time64_t and explicit calls to div_u64() and div_u64_rem(), and document the seconds issue. The explicit 64-bit division is unfortunately slower on 32-bit architectures, but doing it as unsigned lets us use the optimized division-through-multiplication path in most configurations. This should be fine, as the code already does not allow any negative time of day values. Using u32 seconds values consistently would probably also work and be a little more efficient, but that doesn't feel right as it would propagate the y2106 overflow to more place rather than fewer. Signed-off-by:
-
- 13 Nov, 2019 28 commits
-
-
git://blackhole.kfki.hu/nf-nextPablo Neira Ayuso authored
Jozsef Kadlecsik says: ==================== ipset patches for nf-next - Add wildcard support to hash:net,iface which makes possible to match interface prefixes besides complete interfaces names, from Kristian Evensen. ==================== Signed-off-by: -
Pablo Neira Ayuso authored
If the encapsulated ethertype announces another inner VLAN header and the offset falls within the boundaries of the inner VLAN header, then adjust arithmetics to include the extra VLAN header length and fetch the bytes from the vlan header in the skbuff data area that represents this inner VLAN header. Signed-off-by: -
Pablo Neira Ayuso authored
Otherwise this leads to a stack corruption. Fixes: c5d27527 ("netfilter: nf_tables_offload: add nft_flow_cls_offload_setup()") Signed-off-by:
-
Pablo Neira Ayuso authored
Wrap the code to rebuild the ethernet + vlan header into a function. Signed-off-by:
Florian Westphal <fw@strlen.de>
-
Pablo Neira Ayuso authored
If the offset is within the ethernet + vlan header size boundary, then rebuild the ethernet + vlan header and use it to copy the bytes to the register. Otherwise, subtract the vlan header size from the offset and fall back to use skb_copy_bits(). There is one corner case though: If the offset plus the length of the payload instruction goes over the ethernet + vlan header boundary, then, fetch as many bytes as possible from the rebuilt ethernet + vlan header and fall back to copy the remaining bytes through skb_copy_bits(). Signed-off-by:
-
Pablo Neira Ayuso authored
This patch adds support for offloading the NFT_META_IIF selector. Signed-off-by: -
David S. Miller authored
Stefan Wahren says: ==================== ARM: Enable GENET support for RPi 4 Raspberry Pi 4 uses the broadcom genet chip in version five. This chip has a dma controller integrated. Up to now the maximal burst size was hard-coded to 0x10. But it turns out that Raspberry Pi 4 does only work with the smaller maximal burst size of 0x8. Additionally the patch series has some IRQ retrieval improvements and adds support for a missing PHY mode. This series based on Matthias Brugger's V1 series [1]. [1] - https://patchwork.kernel.org/cover/11186193/ Changes in V5: - address Doug's comment Changes in V4: - rebased on current net-next - remove RGMII_ID support - remove fixes tag from patch 1 - add Florian's suggestions to patch 5 Changes in V3: - introduce SoC-specific compatibles for GENET (incl. dt-binding) - use platform_get_irq_optional for optional IRQ - remove Fixes tag from IRQ error handling change - move most of MDIO stuff to bcm2711.dtsi Changes in V2: - add 2 fixes for IRQ retrieval - add support for missing PHY modes - declare PHY mode RGMII RXID based on the default settings - add alias to allow firmware append the MAC address ==================== Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Stefan Wahren authored
This adds the missing support for the PHY mode RGMII_RXID. It's necessary for the Raspberry Pi 4. Signed-off-by:
Stefan Wahren <wahrenst@gmx.net> Acked-by:
Florian Fainelli <f.fainelli@gmail.com> Signed-off-by:
-
Stefan Wahren authored
The register access in bcmgenet_mii_config() is a little bit opaque and not easy to extend. In preparation for the missing RGMII PHY modes move all the phy name assignments into the switch statement and the register access to the end of the function. This make the code easier to read and extend. Signed-off-by:
-
Stefan Wahren authored
The BCM2711 needs a different maximum DMA burst length. If not set accordingly a timeout in the transmit queue happens and no package can be sent. So use the new compatible to derive this value. Until now the GENET HW version was used as the platform identifier. This doesn't work with SoC-specific modifications, so introduce a proper platform data structure. Signed-off-by:
Matthias Brugger <mbrugger@suse.com> Signed-off-by:
-
Stefan Wahren authored
The BCM2711 has some modifications to the GENET v5. So add this SoC specific compatible. Suggested-by:
Rob Herring <robh@kernel.org> Signed-off-by:
-
Stefan Wahren authored
This fixes the error handling for the mandatory IRQs. There is no need for the error message anymore, this is now handled by platform_get_irq. Signed-off-by:
-
Stefan Wahren authored
As platform_get_irq() now prints an error when the interrupt does not exist, we are getting a confusing error message in case the optional WOL IRQ is not defined: bcmgenet fd58000.ethernet: IRQ index 2 not found Fix this by using the platform_get_irq_optional(). Signed-off-by:
-
Vladimir Oltean authored
Sometimes it can be quite opaque even for me why the driver decided to reset the switch. So instead of adding dump_stack() calls each time for debugging, just add a reset reason to sja1105_static_config_reload calls which gets printed to the console. Signed-off-by:
Vladimir Oltean <olteanv@gmail.com> Reviewed-by:
-
David S. Miller authored
Matthias Schiffer says: ==================== Implement get_link_ksettings for VXLAN and bridge Mesh routing protocol batman-adv (in particular the new BATMAN_V algorithm) uses the link speed reported by get_link_ksettings to determine a path metric for wired links. In the mesh framework Gluon [1], we layer VXLAN and sometimes bridge interfaces on our Ethernet links. These patches implement get_link_ksettings for these two interface types. While this is obviously not accurate for bridges with multiple active ports, it's much better than having no estimate at all (and in the particular setup of Gluon, bridges with a single port aren't completely uncommon). [1] https://github.com/freifunk-gluon/gluon ==================== Signed-off-by:
-
Matthias Schiffer authored
We return the maximum speed of all active ports. This matches how the link speed would give an upper limit for traffic to/from any single peer if the bridge were replaced with a hardware switch. Signed-off-by:
Matthias Schiffer <mschiffer@universe-factory.net> Signed-off-by:
-
Matthias Schiffer authored
Similar to VLAN and similar drivers, we can forward get_link_ksettings to the lower dev if we have one to get meaningful speed/duplex data. Signed-off-by:
-
Florian Fainelli authored
It is possible for a switch driver to use NET_DSA_TAG_8021Q as a valid DSA tagging protocol since it registers itself as such, unfortunately since there are not xmit or rcv functions provided, the lack of a xmit() function will lead to a NPD in dsa_slave_xmit() to start with. net/dsa/tag_8021q.c is only comprised of a set of helper functions at the moment, but is not a fully autonomous or functional tagging "driver" (though it could become later on). We do not have any users of NET_DSA_TAG_8021Q so now is a good time to make sure there are not issues being encountered by making this file strictly a place holder for helper functions. Reviewed-by:
-
Hoang Le authored
In commit 25b0b9c4 ("tipc: handle collisions of 32-bit node address hash values"), the 32-bit node address only generated after one second trial period expired. However the self's addr in struct tipc_monitor do not update according to node address generated. This lead to it is always zero as initial value. As result, sorting algorithm using this value does not work as expected, neither neighbor monitoring framework. In this commit, we add a fix to update self's addr when 32-bit node address generated. Fixes: 25b0b9c4 ("tipc: handle collisions of 32-bit node address hash values") Acked-by:
Jon Maloy <jon.maloy@ericsson.com> Signed-off-by:
Hoang Le <hoang.h.le@dektech.com.au> Signed-off-by:
-
David S. Miller authored
Pablo Neira Ayuso says: ==================== netfilter flowtable hardware offload The following patchset adds hardware offload support for the flowtable infrastructure [1]. This infrastructure provides a fast datapath for the classic Linux forwarding path that users can enable through policy, eg. table inet x { flowtable f { hook ingress priority 10 devices = { eth0, eth1 } flags offload } chain y { type filter hook forward priority 0; policy accept; ip protocol tcp flow offload @f } } This example above enables the fastpath for TCP traffic between devices eth0 and eth1. Users can turn on the hardware offload through the 'offload' flag from the flowtable definition. If this new flag is not specified, the software flowtable datapath is used. This patchset is composed of 4 preparation patches: room to extend this infrastructure, eg. accelerate bridge forwarding. And 2 patches to add the hardware offload control and data planes: hardware offload. This includes a new NFTA_FLOWTABLE_FLAGS netlink attribute to convey the optional NF_FLOWTABLE_HW_OFFLOAD flag. API available at net/core/flow_offload.h to represent the flow through two flow_rule objects to configure an exact 5-tuple matching on each direction plus the corresponding forwarding actions, that is, the MAC address, NAT and checksum updates; and port redirection in order to configure the hardware datapath. This patch only supports for IPv4 support and statistics collection for flow aging as an initial step. This patchset introduces a new flow_block callback type that needs to be set up to configure the flowtable hardware offload. The first client of this infrastructure follows up after this batch. I would like to thank Mellanox for developing the first upstream driver to use this infrastructure. [1] Documentation/networking/nf_flowtable.txt ==================== Signed-off-by: -
Pablo Neira Ayuso authored
This patch adds the dataplane hardware offload to the flowtable infrastructure. Three new flags represent the hardware state of this flow: * FLOW_OFFLOAD_HW: This flow entry resides in the hardware. * FLOW_OFFLOAD_HW_DYING: This flow entry has been scheduled to be remove from hardware. This might be triggered by either packet path (via TCP RST/FIN packet) or via aging. * FLOW_OFFLOAD_HW_DEAD: This flow entry has been already removed from the hardware, the software garbage collector can remove it from the software flowtable. This patch supports for: * IPv4 only. * Aging via FLOW_CLS_STATS, no packet and byte counter synchronization at this stage. This patch also adds the action callback that specifies how to convert the flow entry into the flow_rule object that is passed to the driver. Signed-off-by:
-
Pablo Neira Ayuso authored
This patch adds the NFTA_FLOWTABLE_FLAGS attribute that allows users to specify the NF_FLOWTABLE_HW_OFFLOAD flag. This patch also adds a new setup interface for the flowtable type to perform the flowtable offload block callback configuration. Signed-off-by:
-
Pablo Neira Ayuso authored
This patch adds the infrastructure to support for flow entry types. The initial type is NF_FLOW_OFFLOAD_ROUTE that stores the routing information into the flow entry to define a fastpath for the classic forwarding path. Signed-off-by:
-
Pablo Neira Ayuso authored
Move rcu_head to struct flow_offload, then remove the flow_offload_entry structure definition. Signed-off-by:
-
Pablo Neira Ayuso authored
Drivers do not have access to the flow_offload structure, hence remove this union from this flow_offload object as well as the original comment on top of it. Signed-off-by:
-
Pablo Neira Ayuso authored
Simplify this code by storing the pointer to conntrack object in the flow_offload structure. Signed-off-by:
-
Roman Mashak authored
Added tests for 'cmp' extended match rules. Signed-off-by:
Roman Mashak <mrv@mojatatu.com> Signed-off-by:
-
David S. Miller authored
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next Johan Hedberg says: ==================== pull request: linux-bluetooth 2019-11-11 Here's one more bluetooth-next pull request for the 5.5 kernel release. - Several fixes for LE advertising - Added PM support to hci_qca driver - Added support for WCN3991 SoC in hci_qca driver - Added DT bindings for BCM43540 module - A few other small cleanups/fixes ==================== Signed-off-by:
-
- 12 Nov, 2019 7 commits
-
-
David S. Miller authored
Merge tag 'linux-can-next-for-5.5-20191111' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next Marc Kleine-Budde says: ==================== pull-request: can-next 2019-10-07 this is a pull request for net-next/master consisting of 32 patches. The first patch is by Gustavo A. R. Silva and removes unused code in the generic CAN infrastructure. The next three patches target the mcp251x driver. The one by Andy Shevchenko removes the legacy platform data support from the driver. The other two are by Timo Schlüßler and reset the device only when needed, to prevent glitches on the output when GPIO support is added. I'm contributing two patches fixing checkpatch warnings in the c_can_platform and peak_canfd driver. Stephane Grosjean's patch for the peak_canfd driver adds hw timestamps support in rx skbs. The next three patches target the xilinx_can driver. One patch by me to fix checkpatch warnings, one patch by Anssi Hannula to avoid non requested bus error frames, and a patch by YueHaibing that switches the driver to devm_platform_ioremap_resource(). Pankaj Sharma contributes two patches for the m_can driver, the first one adds support for one shot mode, the other support for handling arbitration errors. Followed by four patches by YueHaibing, switching the grcan, ifi, rcar, and sun4i drivers to devm_platform_ioremap_resource() I'm contributing cleanup patches for the rx-offload helper, while Joakim Zhang's patch prepares the rx-offload helper for CAN-FD support. The rx offload users flexcan and ti_hecc are converted accordingly. The remaining twelve patches target the flexcan driver. First Joakim Zhang switches the driver to devm_platform_ioremap_resource(). The remaining eleven patch are by me and clean up the abstract the access of the iflag1 and iflag2 register both for RX and TX mailboxes. This is a preparation for the upcoming CAN-FD support. ==================== Signed-off-by:
-
Arthur Fabre authored
The sfc driver can drop packets processed with XDP, notably when running out of buffer space on XDP_TX, or returning an unknown XDP action. This increments the rx_xdp_bad_drops ethtool counter. Call trace_xdp_exception everywhere rx_xdp_bad_drops is incremented, except for fragmented RX packets as the XDP program hasn't run yet. This allows it to easily be monitored from userspace. This mirrors the behavior of other drivers. Signed-off-by:
Arthur Fabre <afabre@cloudflare.com> Acked-by:
Edward Cree <ecree@solarflare.com> Signed-off-by:
-
YueHaibing authored
When do randbuilding, we got this warning: WARNING: unmet direct dependencies detected for PTP_1588_CLOCK Depends on [n]: NET [=y] && POSIX_TIMERS [=n] Selected by [y]: - PTP_1588_CLOCK_IDTCM [=y] Make PTP_1588_CLOCK_IDTCM depends on PTP_1588_CLOCK to fix this. Fixes: 3a6ba7dc ("ptp: Add a ptp clock driver for IDT ClockMatrix.") Signed-off-by:
YueHaibing <yuehaibing@huawei.com> Reviewed-by:
Vincent Cheng <vincent.cheng.xh@renesas.com> Signed-off-by:
-
Davide Caratti authored
after commit 4097e9d2 ("net: sched: don't use tc_action->order during action dump"), 'act->order' is initialized but then it's no more read, so we can just remove this member of struct tc_action. CC: Ivan Vecera <ivecera@redhat.com> Signed-off-by:
Davide Caratti <dcaratti@redhat.com> Acked-by:
Jiri Pirko <jiri@mellanox.com> Reviewed-by:
Ivan Vecera <ivecera@redhat.com> Signed-off-by:
-
Colin Ian King authored
There is a stray semicolon in an if statement that will cause a dev_err message to be printed unconditionally. Fix this by removing the stray semicolon. Addresses-Coverity: ("Stay semicolon") Fixes: f0942e00 ("net: dsa: mv88e6xxx: Add support for port mirroring") Signed-off-by:Colin Ian King <colin.king@canonical.com> Reviewed-by:
Andrew Lunn <andrew@lunn.ch> Signed-off-by:
-
David S. Miller authored
Aya Levin says: ==================== Update devlink binary output This series changes the devlink binary interface: -The first patch forces binary values to be enclosed in an array. In addition, devlink_fmsg_binary_pair_put breaks the binary value into chunks to comply with devlink's restriction for value length. -The second patch removes redundant code and uses the fixed devlink interface (devlink_fmsg_binary_pair_put). -The third patch make self test to use the updated devlink interface. -The fourth, adds a verification of dumping a very large binary content. This test verifies breaking the data into chunks in a valid JSON output. Series was generated against net-next commit: ca22d697 Merge branch 'stmmac-next' ==================== Signed-off-by:
-
Aya Levin authored
Add a test of 2 PAGEs size (exceeds devlink previous length limitation) of binary data on a 'devlink health dump show' command. Set binary length to 8192, issue a dump show command and clear it. Signed-off-by:
Aya Levin <ayal@mellanox.com> Acked-by:
-
