- 02 Aug, 2020 1 commit
-
-
Pablo Neira Ayuso authored
This patch extends 36dd1bcc ("netfilter: nf_tables: initial support for extended ACK reporting") to include netlink extended error reporting for expressions. This allows userspace to identify what rule expression is triggering the error. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 29 Jul, 2020 2 commits
-
-
Gaurav Singh authored
Remove superfluous check for NULL pointer to header. Signed-off-by: Gaurav Singh <gaurav1086@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Alexander A. Klimov authored
Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 21 Jul, 2020 2 commits
-
-
Gustavo A. R. Silva authored
Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through markings when it is the case. [1] https://www.kernel.org/doc/html/latest/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-throughSigned-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Andrew Sy Kim authored
When expire_nodest_conn=1 and a destination is deleted, IPVS does not expire the existing connections until the next matching incoming packet. If there are many connection entries from a single client to a single destination, many packets may get dropped before all the connections are expired (more likely with lots of UDP traffic). An optimization can be made where upon deletion of a destination, IPVS queues up delayed work to immediately expire any connections with a deleted destination. This ensures any reused source ports from a client (within the IPVS timeouts) are scheduled to new real servers instead of silently dropped. Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com> Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 15 Jul, 2020 15 commits
-
-
Dan Carpenter authored
The nf_tables_rule_release() function frees "rule" so we have to use the _safe() version of list_for_each_entry(). Fixes: d0e2c7de ("netfilter: nf_tables: add NFT_CHAIN_BINDING") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
David S. Miller authored
Jakub Kicinski says: ==================== udp_tunnel: NIC RX port offload infrastructure This set of patches converts further drivers to use the new infrastructure to UDP tunnel port offload merged in commit 0ea46047 ("Merge branch 'udp_tunnel-add-NIC-RX-port-offload-infrastructure'"). v3: - fix a W=1 build warning in qede. v2: - fix a W=1 build warning in xgbe, - expand the size of tables for lio. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Straightforward conversion to new infra, 1 VxLAN port, handler may sleep. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Covert to new infra. Looks like this driver was not doing ref counting, and sleeping in the callback. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Straightforward conversion to new infra. Driver restores info after close/open cycle by calling its internal restore function so just use that, no need for udp_tunnel_nic_reset_ntf() here. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Carbon copy of the previous change. This driver is just a super thin FW interface, but Derek let us know the table has 1024 entries. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
This driver is just a super thin FW interface, but Derek let us know the table has 1024 entries. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Convert to new infra, now the refcounting will be correct, and driver gets port replay of other ports when offloaded port gets removed. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Convert to new infra, this driver is very simple. The check of adapter->rawf_cnt in cxgb_udp_tunnel_unset_port() is kept from the old port deletion function but it's dodgy since nothing ever updates that member once its set during init. Also .set_port callback always adds the raw mac filter.. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Fairly straightforward conversion - no need to keep track of the use count, and replay when ports get removed, also callbacks can just sleep. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Make use of the new udp_tunnel_nic infra. Don't clear the features when VxLAN port is not present to make all drivers behave the same. Driver will now (until we address the problem in the core) leave the RX UDP tunnel feature always on, since this is what most drivers do. Remove the list of VxLAN ports, just program the one core told us to. The driver seem to want to clear the VxLAN ports on close but it doesn't seem to flush the port list properly so it'd get wrong use counts after close/open. Again since it calls its own open handler we need the reset notification hack. v2: - fix kbuild warning Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Instead of looping though the list of ports just check if the geometry of the packet is correct for VxLAN. HW most likely doesn't care about the exact port, anyway, since only first port is actually offloaded, and this way we won't have to maintain the port list at all. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Convert be2net to new udp_tunnel_nic infra. NIC only takes one VxLAN port. Remove the port tracking using a list. The warning in be_work_del_vxlan_port() looked suspicious - like the driver expected ports to be removed in order of addition. be2net unregisters ports when going down and re-registers them (for skyhawk) when coming up, but it never checks if the device is up in the add_port / del_port callbacks. Make it use UDP_TUNNEL_NIC_INFO_OPEN_ONLY. Sadly this driver calls its own open/close functions directly so the udp_tunnel_nic_reset_ntf() workaround is needed. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
NFP conversion is pretty straightforward. We want to be able to sleep, and only get callbacks when the device is open. NFP did not ask for port replay when ports were removed, now new infra will provide this feature for free. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-nextDavid S. Miller authored
Alexei Starovoitov says: ==================== pull-request: bpf-next 2020-07-14 The following pull-request contains BPF updates for your *net-next* tree. We've added 21 non-merge commits during the last 1 day(s) which contain a total of 20 files changed, 308 insertions(+), 279 deletions(-). The main changes are: 1) Fix selftests/bpf build, from Alexei. 2) Fix resolve_btfids build issues, from Jiri. 3) Pull usermode-driver-cleanup set, from Eric. 4) Two minor fixes to bpfilter, from Alexei and Masahiro. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 14 Jul, 2020 20 commits
-
-
Christophe JAILLET authored
The wrappers in include/linux/pci-dma-compat.h should go away. The patch has been generated with the coccinelle script below and has been hand modified to replace GFP_ with a correct flag. It has been compile tested. When memory is allocated in 'ksz_alloc_desc()', GFP_KERNEL can be used because a few lines below, GFP_KERNEL is also used in the 'ksz_alloc_soft_desc()' calls. @@ @@ - PCI_DMA_BIDIRECTIONAL + DMA_BIDIRECTIONAL @@ @@ - PCI_DMA_TODEVICE + DMA_TO_DEVICE @@ @@ - PCI_DMA_FROMDEVICE + DMA_FROM_DEVICE @@ @@ - PCI_DMA_NONE + DMA_NONE @@ expression e1, e2, e3; @@ - pci_alloc_consistent(e1, e2, e3) + dma_alloc_coherent(&e1->dev, e2, e3, GFP_) @@ expression e1, e2, e3; @@ - pci_zalloc_consistent(e1, e2, e3) + dma_alloc_coherent(&e1->dev, e2, e3, GFP_) @@ expression e1, e2, e3, e4; @@ - pci_free_consistent(e1, e2, e3, e4) + dma_free_coherent(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_map_single(e1, e2, e3, e4) + dma_map_single(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_unmap_single(e1, e2, e3, e4) + dma_unmap_single(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4, e5; @@ - pci_map_page(e1, e2, e3, e4, e5) + dma_map_page(&e1->dev, e2, e3, e4, e5) @@ expression e1, e2, e3, e4; @@ - pci_unmap_page(e1, e2, e3, e4) + dma_unmap_page(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_map_sg(e1, e2, e3, e4) + dma_map_sg(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_unmap_sg(e1, e2, e3, e4) + dma_unmap_sg(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_dma_sync_single_for_cpu(e1, e2, e3, e4) + dma_sync_single_for_cpu(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_dma_sync_single_for_device(e1, e2, e3, e4) + dma_sync_single_for_device(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_dma_sync_sg_for_cpu(e1, e2, e3, e4) + dma_sync_sg_for_cpu(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_dma_sync_sg_for_device(e1, e2, e3, e4) + dma_sync_sg_for_device(&e1->dev, e2, e3, e4) @@ expression e1, e2; @@ - pci_dma_mapping_error(e1, e2) + dma_mapping_error(&e1->dev, e2) @@ expression e1, e2; @@ - pci_set_dma_mask(e1, e2) + dma_set_mask(&e1->dev, e2) @@ expression e1, e2; @@ - pci_set_consistent_dma_mask(e1, e2) + dma_set_coherent_mask(&e1->dev, e2) Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Heiner Kallweit says: ==================== r8169: add support for RTL8125B This series adds support for RTL8125B rev.b. Tested with a Delock 89564 PCIe card. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Heiner Kallweit authored
Add support for RTL8125B rev.b. In my tests 2.5Gbps worked well w/o firmware, however for a stable link at 1Gbps firmware revision 0.0.2 is needed. Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Heiner Kallweit authored
Realtek assigned a new PHY ID for the RTL8125B-internal PHY. It's however compatible with the RTL8125A-internal PHY. Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Julian Wiedmann says: ==================== s390/qeth: updates 2020-07-14 please apply the following patch series for qeth to netdev's net-next tree. This brings a mix of cleanups for various parts of the control code. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
We're not modifying these data blobs, so mark them as constant. Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
To keep track of the addresses programmed from an RX modeset, we have two separate hashtables (L2: mac_htable, L3: ip_mc_htable). These are never used at the same time, so unify them into a single rx_mode_addrs hashtable. Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
While initially just trying to fix up the indentation, condense a few lines and get rid of a goto label. Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
Use the correct struct member instead of hardcoding its offset. Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
Use the correct helper for casting to a user pointer. Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
As the cmd IO path has learned to propagate errnos back to its callers, let them deal with errors instead of trying to restore their previous configuration from within the IO error path. Also translate the HW error to a meaningful errno, instead of returning -EIO for all cases (and don't map this to -EOPNOTSUPP later on...). While at it, add a READ_ONCE() / WRITE_ONCE() pair to ensure that the data path always sees a valid isolation mode during reconfiguration. Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
When qeth_set_access_ctrl_online() is called during the device's initialization and discovers that isolation mode isn't supported, don't clear the user's currently configured mode. They intentionally choose to operate the device in this specific mode, and degrading the isolation is not an option. Only adjust the configuration when called via sysfs (ie. fallback = 1), and here follow the common pattern and restore it from prev_isolation. Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
A newly initialized device defaults to ISOLATION_MODE_NONE, don't bother with programming this a second time. Then remove the OSD/OSX check, it's already done in the sysfs path whenever the user actually changes the configuration. Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
If we cancel all pending cmds (eg. when tearing down the device), don't blame it on an IO error. Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
Rather than delaying the decision until netdev setup, immediately reject a device when we discover that it has an unsupported link type (ie. Token Ring). Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Ido Schimmel says: ==================== mlxsw: Mirror to CPU preparations A future patch set will add the ability to trap packets that were dropped due to buffer related reasons (e.g., early drop). Internally this is implemented by mirroring these packets towards the CPU port. This patch set adds the required infrastructure to enable such mirroring. Patches #1-#2 extend two registers needed for above mentioned functionality. Patches #3-#6 gradually add support for setting the mirroring target of a SPAN (mirroring) agent as the CPU port. This is only supported from Spectrum-2 onwards, so an error is returned for Spectrum-1. Patches #7-#8 add the ability to set a policer on a SPAN agent. This is required because unlike regularly trapped packets, a policer cannot be set on the trap group with which the mirroring trap is associated. Patches #9-#12 parse the mirror reason field from the Completion Queue Element (CQE). Unlike other trapped packets, the trap identifier of mirrored packets only indicates that the packet was mirrored, but not why. The reason (e.g., tail drop) is encoded in the mirror reason field. Patch #13 utilizes the mirror reason field in order to lookup the matching Rx listener. This allows us to maintain the abstraction that an Rx listener is mapped to a single trap reason. Without taking the mirror reason into account we would need to register a single Rx listener for all mirrored packets. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
The Rx listener abstraction allows the switch driver (e.g., mlxsw_spectrum) to register a function that is called when a packet is received (trapped) for a specific reason. Up until now, the Rx listener lookup was solely based on the trap identifier. However, when a packet is mirrored to the CPU the trap identifier merely indicates that the packet was mirrored, but not why it was mirrored. This makes it impossible for the switch driver to register different Rx listeners for different mirror reasons. Solve this by allowing the switch driver to register a Rx listener with a mirror reason and by extending the Rx listener lookup to take the mirror reason into account. Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
In case the mirror reason is valid, retrieve it into the Rx information so that it could be used during listener lookup in a later patch. Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
The Completion Queue Element version 2 (CQEv2) includes a field called 'mirror_reason' which indicates why the packet was mirrored to the CPU. Add the field so that it can be used by a later patch. Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
Packets that are mirrored to the CPU port are trapped with one of eight trap identifiers. Add them. Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-