- 17 Jul, 2017 37 commits
-
-
John Fastabend authored
This adds a trace event for xdp redirect which may help when debugging XDP programs that use redirect bpf commands. Signed-off-by:
John Fastabend <john.fastabend@gmail.com> Acked-by:
Daniel Borkmann <daniel@iogearbox.net> Acked-by:
Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
John Fastabend authored
There are optimizations we can add after the basic feature is enabled. But, for now keep the patch simple. Signed-off-by:
-
John Fastabend authored
Add support for redirect to xdp generic creating a fall back for devices that do not yet have support and allowing test infrastructure using veth pairs to be built. Signed-off-by:
Andy Gospodarek <andy@greyhouse.net> Acked-by:
-
John Fastabend authored
This implements a sample program for testing bpf_redirect. It reports the number of packets redirected per second and as input takes the ifindex of the device to run the xdp program on and the ifindex of the interface to redirect packets to. Signed-off-by:
-
John Fastabend authored
This adds support for a bpf_redirect helper function to the XDP infrastructure. For now this only supports redirecting to the egress path of a port. In order to support drivers handling a xdp_buff natively this patches uses a new ndo operation ndo_xdp_xmit() that takes pushes a xdp_buff to the specified device. If the program specifies either (a) an unknown device or (b) a device that does not support the operation a BPF warning is thrown and the XDP_ABORTED error code is returned. Signed-off-by:
-
John Fastabend authored
XDP generic allows users to test XDP programs and/or run them with degraded performance on devices that do not yet support XDP. For testing I typically test eBPF programs using a set of veth devices. This allows testing topologies that would otherwise be difficult to setup especially in the early stages of development. This patch adds a xdp generic hook to the netif_rx_internal() function which is called from dev_forward_skb(). With this addition attaching XDP programs to veth devices works as expected! Also I noticed multiple drivers using netif_rx(). These devices will also benefit and generic XDP will work for them as well. Signed-off-by:
-
John Fastabend authored
tx_rings and rx_rings are cleaned up on close paths in ixgbe driver however, xdp_rings are not. Set the xdp_rings to NULL here so that we can use the pointer to indicate if the XDP rings are initialized. Signed-off-by:
-
David S. Miller authored
Jiri Pirko says: ==================== mlxsw: Traps enhancements Ido says: The first patch makes sure the driver marks packets that were trapped in the router and might have already been flooded by the bridge, so that the bridge driver won't flood them again. This isn't critical at this time point, but will be when Neighbour Discovery traps are introduced as these are multicast packets that are trapped in the router. The second and third patches add new traps - for MLD and Router Alert packets. The last patch takes advantage of that and floods IPv6 unregistered multicast packets only to mrouter ports instead of all ports. ==================== Signed-off-by: -
Arkadi Sharshevsky authored
Up until now IPv6 unregistered multicast traffic would be flooded like broadcast, even when MLD snooping was enabled on the bridge. This was intentional as MLD packet traps were missing, preventing the bridge driver from programming MDB entries to the device. Previous patch added these traps, so we can now finally flood IPv6 unregistered multicast packets to specific ports via the multicast table instead of flooding them to all ports via the broadcast table. Signed-off-by:
Arkadi Sharshevsky <arkadis@mellanox.com> Signed-off-by:
Ido Schimmel <idosch@mellanox.com> Signed-off-by:
Jiri Pirko <jiri@mellanox.com> Signed-off-by:
-
Arkadi Sharshevsky authored
Add support for IPv6 MLDv1/2 packet trapping. Signed-off-by:
-
Ido Schimmel authored
In case local sockets have the IP_ROUTER_ALERT socket option set, then they expect to get packets with the Router Alert option. Trap such packets, so that the kernel could inspect them and potentially send them to interested sockets. Signed-off-by:
-
Ido Schimmel authored
In commit 1c6c6d22 ("mlxsw: spectrum: Mirror certain packets to CPU") we marked packets that were mirrored to the CPU, so that they won't be flooded again by the bridge driver. However, certain packets are trapped in the device's router block, after passing through the bridge block where they were potentially flooded. Mark all packets coming from L3 traps, so that they won't be potentially flooded again by the bridge driver. Signed-off-by:
-
David S. Miller authored
Jiri Pirko says: ==================== mlxsw: offloading matches on ip ttl and tos Or says: Support offloading matches on ip ttl and tos ==================== Signed-off-by: -
Or Gerlitz authored
Support offloading rules that match on ip tos. Signed-off-by:
Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by:
-
Or Gerlitz authored
Add ecn and dscp fields to the ipv4 acl block. Signed-off-by:
-
Or Gerlitz authored
Define new element for ip tos (ecn, dscp) and place it into scratch area. Signed-off-by:
-
Or Gerlitz authored
Support offloading rules that match on ip ttl. Signed-off-by:
-
Or Gerlitz authored
Add ttl field to the ipv4 acl block. Signed-off-by:
-
Or Gerlitz authored
Define new element for ip ttl and place it into scratch area. Signed-off-by:
-
Eric Dumazet authored
As discussed in Faro during Netfilter Workshop 2017, RB trees can be used with RCU, using a seqlock. Note that net/rxrpc/conn_service.c is already using this. This patch converts inetpeer from AVL tree to RB tree, since it allows to remove private AVL implementation in favor of shared RB code. $ size net/ipv4/inetpeer.before net/ipv4/inetpeer.after text data bss dec hex filename 3195 40 128 3363 d23 net/ipv4/inetpeer.before 1562 24 0 1586 632 net/ipv4/inetpeer.after The same technique can be used to speed up net/netfilter/nft_set_rbtree.c (removing rwlock contention in fast path) Signed-off-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
-
David Herrmann authored
All unix sockets now account inflight FDs to the respective sender. This was introduced in: commit 712f4aad Author: willy tarreau <w@1wt.eu> Date: Sun Jan 10 07:54:56 2016 +0100 unix: properly account for FDs passed over unix sockets and further refined in: commit 415e3d3e Author: Hannes Frederic Sowa <hannes@stressinduktion.org> Date: Wed Feb 3 02:11:03 2016 +0100 unix: correctly track in-flight fds in sending process user_struct Hence, regardless of the stacking depth of FDs, the total number of inflight FDs is limited, and accounted. There is no known way for a local user to exceed those limits or exploit the accounting. Furthermore, the GC logic is independent of the recursion/stacking depth as well. It solely depends on the total number of inflight FDs, regardless of their layout. Lastly, the current `recursion_level' suffers a TOCTOU race, since it checks and inherits depths only at queue time. If we consider `A<-B' to mean `queue-B-on-A', the following sequence circumvents the recursion level easily: A<-B B<-C C<-D ... Y<-Z resulting in: A<-B<-C<-...<-Z With all of this in mind, lets drop the recursion limit. It has no additional security value, anymore. On the contrary, it randomly confuses message brokers that try to forward file-descriptors, since any sendmsg(2) call can fail spuriously with ETOOMANYREFS if a client maliciously modifies the FD while inflight. Cc: Alban Crequy <alban.crequy@collabora.co.uk> Cc: Simon McVittie <simon.mcvittie@collabora.co.uk> Signed-off-by:David Herrmann <dh.herrmann@gmail.com> Reviewed-by:
Tom Gundersen <teg@jklm.no> Signed-off-by:
-
linzhang authored
In the pull_pages code block, if the first frag size > eat, we can end the loop in advance to avoid extra copy. Signed-off-by:
Lin Zhang <xiaolou4617@gmail.com> Acked-by:
-
Biju Das authored
Add a new compatible string for the RZ/G1M (R8A7743) SoC. Signed-off-by:
Biju Das <biju.das@bp.renesas.com> Reviewed-by:
Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by:
Simon Horman <horms+renesas@verge.net.au> Signed-off-by:
-
Alvaro G. M authored
Keep supporting proprietary "xlnx,phy-type" attribute and add support for MII connectivity to the PHY. Reviewed-by:
Andrew Lunn <andrew@lunn.ch> Signed-off-by:
Alvaro Gamez Machado <alvaro.gamez@hazent.com> Signed-off-by:
-
David S. Miller authored
Xin Long says: ==================== sctp: remove typedefs from structures part 2 As we know, typedef is suggested not to use in kernel, even checkpatch.pl also gives warnings about it. Now sctp is using it for many structures. All this kind of typedef's using should be removed. This patchset is the part 2 to remove it for another 11 basic structures. Just as the part 1, No any code's logic would be changed in these patches, only cleaning up. Note that v1->v2, nothing changed, just because net-next were closed when posting v1. ==================== Signed-off-by: -
Xin Long authored
This patch is to remove the typedef sctp_hmac_algo_param_t, and replace with struct sctp_hmac_algo_param in the places where it's using this typedef. It is also to use sizeof(variable) instead of sizeof(type). Signed-off-by:
Xin Long <lucien.xin@gmail.com> Signed-off-by:
-
Xin Long authored
This patch is to remove the typedef sctp_chunks_param_t, and replace with struct sctp_chunks_param in the places where it's using this typedef. It is also to use sizeof(variable) instead of sizeof(type). Signed-off-by:
-
Xin Long authored
This patch is to remove the typedef sctp_random_param_t, and replace with struct sctp_random_param in the places where it's using this typedef. Signed-off-by:
-
Xin Long authored
This patch is to remove the typedef sctp_supported_ext_param_t, and replace with struct sctp_supported_ext_param in the places where it's using this typedef. It is also to use sizeof(variable) instead of sizeof(type). Signed-off-by:
-
Xin Long authored
This patch is to remove the typedef sctp_adaptation_ind_param_t, and replace with struct sctp_adaptation_ind_param in the places where it's using this typedef. Signed-off-by:
-
Xin Long authored
Remove it, there is even no places using it. Signed-off-by:
-
Xin Long authored
This patch is to remove the typedef sctp_supported_addrs_param_t, and replace with struct sctp_supported_addrs_param in the places where it's using this typedef. Signed-off-by:
-
Xin Long authored
Remove this typedef, there is even no places using it. Signed-off-by:
-
Xin Long authored
This patch is to remove the typedef sctp_cookie_preserve_param_t, and replace with struct sctp_cookie_preserve_param in the places where it's using this typedef. It is also to fix some indents in sctp_sf_do_5_2_6_stale(). Signed-off-by:
-
Xin Long authored
This patch is to remove the typedef sctp_ipv6addr_param_t, and replace with struct sctp_ipv6addr_param in the places where it's using this typedef. Signed-off-by:
-
Xin Long authored
This patch is to remove the typedef sctp_ipv4addr_param_t, and replace with struct sctp_ipv4addr_param in the places where it's using this typedef. Signed-off-by:
-
Sowmini Varadhan authored
We could end up executing rds_conn_shutdown before the rds_recv_worker thread, then rds_conn_shutdown -> rds_tcp_conn_shutdown can do a sock_release and set sock->sk to null, which may interleave in bad ways with rds_recv_worker, e.g., it could result in: "BUG: unable to handle kernel NULL pointer dereference at 0000000000000078" [ffff881769f6fd70] release_sock at ffffffff815f337b [ffff881769f6fd90] rds_tcp_recv at ffffffffa043c888 [rds_tcp] [ffff881769f6fdb0] rds_recv_worker at ffffffffa04a4810 [rds] [ffff881769f6fde0] process_one_work at ffffffff810a14c1 [ffff881769f6fe40] worker_thread at ffffffff810a1940 [ffff881769f6fec0] kthread at ffffffff810a6b1e Also, do not enqueue any new shutdown workq items when the connection is shutting down (this may happen for rds-tcp in softirq mode, if a FIN or CLOSE is received while the modules is in the middle of an unload) Signed-off-by:Sowmini Varadhan <sowmini.varadhan@oracle.com> Signed-off-by:
-
- 16 Jul, 2017 3 commits
-
-
David S. Miller authored
Arvind Yadav says: ==================== atm: constify atm pci_device_id. pci_device_id are not supposed to change at runtime. All functions working with pci_device_id provided by <linux/pci.h> work with const pci_device_id. So mark the non-const structs as const. ==================== Signed-off-by: -
Arvind Yadav authored
pci_device_id are not supposed to change at runtime. All functions working with pci_device_id provided by <linux/pci.h> work with const pci_device_id. So mark the non-const structs as const. File size before: text data bss dec hex filename 27702 468 16 28186 6e1a drivers/atm/idt77252.o File size After adding 'const': text data bss dec hex filename 27766 404 16 28186 6e1a drivers/atm/idt77252.o Signed-off-by:
Arvind Yadav <arvind.yadav.cs@gmail.com> Signed-off-by:
-
Arvind Yadav authored
pci_device_id are not supposed to change at runtime. All functions working with pci_device_id provided by <linux/pci.h> work with const pci_device_id. So mark the non-const structs as const. File size before: text data bss dec hex filename 21565 352 56 21973 55d5 drivers/atm/eni.o File size After adding 'const': text data bss dec hex filename 21661 256 56 21973 55d5 drivers/atm/eni.o Signed-off-by:
-
