- 21 Jul, 2020 1 commit
-
-
Steffen Klassert authored
We forgot to support the xfrm policy hold queue when VTI was implemented. This patch adds everything we need so that we can use the policy hold queue together with VTI interfaces. Signed-off-by:Steffen Klassert <steffen.klassert@secunet.com>
-
- 17 Jul, 2020 2 commits
-
-
Xin Long authored
Naresh reported some compile errors: arm build failed due this error on linux-next 20200713 and 20200713 net/ipv6/ip6_vti.o: In function `vti6_rcv_tunnel': ip6_vti.c:(.text+0x1d20): undefined reference to `xfrm6_tunnel_spi_lookup' This happened when set CONFIG_IPV6_VTI=y and CONFIG_INET6_TUNNEL=m. We don't really want ip6_vti to depend inet6_tunnel completely, but only to disable the tunnel code when inet6_tunnel is not seen. So instead of adding "select INET6_TUNNEL" for IPV6_VTI, this patch is only to change to IS_REACHABLE to avoid these compile error. Reported-by:
Naresh Kamboju <naresh.kamboju@linaro.org> Fixes: 08622869 ("ip6_vti: support IP6IP6 tunnel processing with .cb_handler") Signed-off-by:
Xin Long <lucien.xin@gmail.com> Signed-off-by:
-
Xin Long authored
kernel test robot reported some compile errors: ia64-linux-ld: net/xfrm/xfrm_interface.o: in function `xfrmi4_fini': net/xfrm/xfrm_interface.c:900: undefined reference to `xfrm4_tunnel_deregister' ia64-linux-ld: net/xfrm/xfrm_interface.c:901: undefined reference to `xfrm4_tunnel_deregister' ia64-linux-ld: net/xfrm/xfrm_interface.o: in function `xfrmi4_init': net/xfrm/xfrm_interface.c:873: undefined reference to `xfrm4_tunnel_register' ia64-linux-ld: net/xfrm/xfrm_interface.c:876: undefined reference to `xfrm4_tunnel_register' ia64-linux-ld: net/xfrm/xfrm_interface.c:885: undefined reference to `xfrm4_tunnel_deregister' This happened when set CONFIG_XFRM_INTERFACE=y and CONFIG_INET_TUNNEL=m. We don't really want xfrm_interface to depend inet_tunnel completely, but only to disable the tunnel code when inet_tunnel is not seen. So instead of adding "select INET_TUNNEL" for XFRM_INTERFACE, this patch is only to change to IS_REACHABLE to avoid these compile error. Reported-by:
kernel test robot <lkp@intel.com> Fixes: da9bbf05 ("xfrm: interface: support IPIP and IPIP6 tunnels processing with .cb_handler") Signed-off-by:
-
- 16 Jul, 2020 1 commit
-
-
Steffen Klassert authored
Xin Long says: ==================== xfrm: not register one xfrm(6)_tunnel object twice Now in ip(6)_vti and xfrm interface tunnel support, it uses the same xfrm(6)_tunnel object to handle for AF_NET and AF_INET6 by registering it twice. However the xfrm(6)_tunnel object is linked into a list with its 'next' pointer. The second registering will cause its 'next' pointer to be overwritten, and break the list. So this patchset is to add a new xfrm(6)_tunnel object for each of them and register it, although its members are the same with the old one. ==================== Signed-off-by:
-
- 14 Jul, 2020 4 commits
-
-
Xin Long authored
As we did in the last 2 patches for vti(6), this patch is to define a new xfrm_tunnel object 'xfrmi_ipip6_handler' to register for AF_INET6, and a new xfrm6_tunnel object 'xfrmi_ip6ip_handler' to register for AF_INET. Signed-off-by:
-
Xin Long authored
An xfrm6_tunnel object is linked into the list when registering, so vti_ipv6_handler can not be registered twice, otherwise its next pointer will be overwritten on the second time. So this patch is to define a new xfrm6_tunnel object to register for AF_INET. Fixes: 2ab110cb ("ip6_vti: support IP6IP tunnel processing") Signed-off-by:
-
Xin Long authored
An xfrm_tunnel object is linked into the list when registering, so vti_ipip_handler can not be registered twice, otherwise its next pointer will be overwritten on the second time. So this patch is to define a new xfrm_tunnel object to register for AF_INET6. Fixes: e6ce6457 ("ip_vti: support IPIP6 tunnel processing") Signed-off-by:
-
Steffen Klassert authored
Eyal Birger says: ==================== When having many xfrm interfaces, the linear lookup of devices based on if_id becomes costly. The first patch refactors xfrmi_decode_session() to use the xi used in the netdevice priv context instead of looking it up in the list based on ifindex. This is needed in order to use if_id as the only key used for xi lookup. The second patch extends the existing infrastructure - which already stores the xfrmi contexts in an array of lists - to use a hash of the if_id. Example benchmarks: - running on a KVM based VM - xfrm tunnel mode between two namespaces - xfrm interface in one namespace (10.0.0.2) Before this change set: Single xfrm interface in namespace: $ netperf -H 10.0.0.2 -l8 -I95,10 -t TCP_STREAM MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 10.0.0.2 () port 0 AF_INET : +/-5.000% @ 95% conf. : demo Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 131072 16384 16384 8.00 298.36 After adding 400 xfrmi interfaces in the same namespace: $ netperf -H 10.0.0.2 -l8 -I95,10 -t TCP_STREAM MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 10.0.0.2 () port 0 AF_INET : +/-5.000% @ 95% conf. : demo Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 131072 16384 16384 8.00 221.77 After this patchset there was no observed change after adding the xfrmi interfaces. ==================== Signed-off-by:
-
- 13 Jul, 2020 2 commits
-
-
Eyal Birger authored
xfrmi_lookup() is called on every packet. Using a single list for looking up if_id becomes a bottleneck when having many xfrm interfaces. Signed-off-by:
Eyal Birger <eyal.birger@gmail.com> Signed-off-by:
-
Eyal Birger authored
The xfrmi context exists in the netdevice priv context. Avoid looking for it in a separate list. Signed-off-by:
-
- 10 Jul, 2020 1 commit
-
-
Steffen Klassert authored
Xin Long says: ================== Now ipip and ipv6 tunnels processing is supported by xfrm4/6_tunnel, but not in vti and xfrmi. This feature is needed by processing those uncompressed small fragments and packets when using comp protocol. It means vti and xfrmi won't be able to accept small fragments or packets when using comp protocol, which is not expected. xfrm4/6_tunnel eventually calls xfrm_input() to process ipip and ipv6 tunnels with an ipip/ipv6-proto state (a child state of comp-proto state), and vti and xfrmi should do the same. The extra things for vti to do is: - vti_input() should be called before xfrm_input() to set XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4/6 = tunnel. [A] - vti_rcv_cb() should be called after xfrm_input() to update the skb->dev. [B] And the extra things for xfrmi to do is: - The ipip/ipv6-proto state should be assigned if_id from its parent's state. [C] - xfrmi_rcv_cb() should be called after xfrm_input() to update the skb->dev. [D] Patch 4-7 does the things in [A]. To implement [B] and [D], patch 1-3 is to build a callback function for xfrm4/6_tunnel, which can be called after xfrm_input(), similar to xfrm4/6_protocol's .cb_handler. vti and xfrmi only needs to give their own callback function in patch 4-7 and 9-10, which already exists: vti_rcv_cb() and xfrmi_rcv_cb(). Patch 8 is to do the thing in [C] by assigning child tunnel's if_id from its parent tunnel. With the whole patch series, the segments or packets with any size can work with ipsec comp proto on vti and xfrmi. v1->v2: - See Patch 2-3. v2->v3: - See Patch 2-3, 4, 6, 9-10. ================== Signed-off-by:
-
- 09 Jul, 2020 10 commits
-
-
Xin Long authored
Similar to ip_vti, IPIP and IPIP6 tunnels processing can easily be done with .cb_handler for xfrm interface. v1->v2: - no change. v2-v3: - enable it only when CONFIG_INET_XFRM_TUNNEL is defined, to fix the build error, reported by kbuild test robot. Signed-off-by: -
Xin Long authored
Similar to ip6_vti, IP6IP6 and IP6IP tunnels processing can easily be done with .cb_handler for xfrm interface. v1->v2: - no change. v2-v3: - enable it only when CONFIG_INET6_XFRM_TUNNEL is defined, to fix the build error, reported by kbuild test robot. Signed-off-by: -
Xin Long authored
The child tunnel if_id will be used for xfrm interface's lookup when processing the IP(6)IP(6) packets in the next patches. Signed-off-by:
-
Xin Long authored
For IP6IP tunnel processing, the functions called will be the same as that for IP6IP6 tunnel's. So reuse it and register it with family == AF_INET. Signed-off-by:
-
Xin Long authored
Similar to IPIP tunnel's processing, this patch is to support IP6IP6 tunnel processing with .cb_handler. v1->v2: - no change. v2-v3: - enable it only when CONFIG_INET6_XFRM_TUNNEL is defined, to fix the build error, reported by kbuild test robot. Signed-off-by: -
Xin Long authored
For IPIP6 tunnel processing, the functions called will be the same as that for IPIP tunnel's. So reuse it and register it with family == AF_INET6. Signed-off-by:
-
Xin Long authored
With tunnel4_input_afinfo added, IPIP tunnel processing in ip_vti can be easily done with .cb_handler. So replace the processing by calling ip_tunnel_rcv() with it. v1->v2: - no change. v2-v3: - enable it only when CONFIG_INET_XFRM_TUNNEL is defined, to fix the build error, reported by kbuild test robot. Signed-off-by: -
Xin Long authored
This patch is to register a callback function tunnel6_rcv_cb with is_ipip set in a xfrm_input_afinfo object for tunnel6 and tunnel46. It will be called by xfrm_rcv_cb() from xfrm_input() when family is AF_INET6 and proto is IPPROTO_IPIP or IPPROTO_IPV6. v1->v2: - Fix a sparse warning caused by the missing "__rcu", as Jakub noticed. - Handle the err returned by xfrm_input_register_afinfo() in tunnel6_init/fini(), as Sabrina noticed. v2->v3: - Add "#if IS_ENABLED(CONFIG_INET6_XFRM_TUNNEL)" to fix the build error when xfrm is disabled, reported by kbuild test robot Signed-off-by: -
Xin Long authored
This patch is to register a callback function tunnel4_rcv_cb with is_ipip set in a xfrm_input_afinfo object for tunnel4 and tunnel64. It will be called by xfrm_rcv_cb() from xfrm_input() when family is AF_INET and proto is IPPROTO_IPIP or IPPROTO_IPV6. v1->v2: - Fix a sparse warning caused by the missing "__rcu", as Jakub noticed. - Handle the err returned by xfrm_input_register_afinfo() in tunnel4_init/fini(), as Sabrina noticed. v2->v3: - Add "#if IS_ENABLED(CONFIG_INET_XFRM_TUNNEL)" to fix the build error when xfrm is disabled, reported by kbuild test robot. Signed-off-by: -
Xin Long authored
This patch is to add a new member is_ipip to struct xfrm_input_afinfo, to allow another group family of callback functions to be registered with is_ipip set. This will be used for doing a callback for struct xfrm(6)_tunnel of ipip/ipv6 tunnels in xfrm_input() by calling xfrm_rcv_cb(), which is needed by ipip/ipv6 tunnels' support in ip(6)_vti and xfrm interface in the next patches. Signed-off-by:
-
- 24 Jun, 2020 1 commit
-
-
Petr Vaněk authored
RFC 4303 in section 3.3.3 suggests to disable anti-replay for manually distributed ICVs in which case the sender does not need to monitor or reset the counter. However, the sender still increments the counter and when it reaches the maximum value, the counter rolls over back to zero. This patch introduces new extra_flag XFRM_SA_XFLAG_OSEQ_MAY_WRAP which allows sequence number to cycle in outbound packets if set. This flag is used only in legacy and bmp code, because esn should not be negotiated if anti-replay is disabled (see note in 3.3.3 section). Signed-off-by:
Petr Vaněk <pv@excello.cz> Acked-by:
Christophe Gouault <christophe.gouault@6wind.com> Signed-off-by:
-
- 23 Jun, 2020 16 commits
-
-
David S. Miller authored
Igor Russkikh says: ==================== net: atlantic: additional A2 features This patchset adds more features to A2: * half duplex rates; * EEE; * flow control; * link partner capabilities reporting; * phy loopback. Feature-wise A2 is almost on-par with A1 save for WoL and filtering, which will be submitted as separate follow-up patchset(s). ==================== Reviewed-by:
Jakub Kicinski <kuba@kernel.org> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Dmitry Bogdanov authored
This patch adds the phy loopback support on A2. Signed-off-by:
Dmitry Bogdanov <dbogdanov@marvell.com> Signed-off-by:
Mark Starovoytov <mstarovoitov@marvell.com> Signed-off-by:
Igor Russkikh <irusskikh@marvell.com> Signed-off-by:
-
Dmitry Bogdanov authored
This patch adds link partner capabilities reporting support on A2. In particular, the following capabilities are available for reporting: * link rate; * EEE; * flow control. Signed-off-by:
-
Igor Russkikh authored
This patch adds flow control support on A2. Co-developed-by:
-
Nikita Danilov authored
This patch adds EEE support on A2. Signed-off-by:
Nikita Danilov <ndanilov@marvell.com> Co-developed-by:
-
Nikita Danilov authored
This patch removes 2.5G baseX wrong usage/reporting, since it shouldn't have been mixed with baseT. Signed-off-by:
-
Igor Russkikh authored
This patch adds support for 10M/100M/1G half duplex rates, which are supported by A2 in additional to full duplex rates supported by A1. Signed-off-by:
-
Stephen Rothwell authored
Signed-off-by:
Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by:
-
Gaurav Singh authored
arg cannot be NULL since its already being dereferenced before. Remove the redundant NULL check. Signed-off-by:
Gaurav Singh <gaurav1086@gmail.com> Signed-off-by:
-
Russell King authored
Convert the mtk_eth_soc driver to use the finalised link parameters in mac_link_up() rather than the parameters in mac_config(). Signed-off-by:
Russell King <rmk+kernel@armlinux.org.uk> Signed-off-by:
-
David S. Miller authored
Vladimir Oltean says: ==================== Multicast improvement in Ocelot and Felix drivers This series makes some basic multicast forwarding functionality work for Felix DSA and for Ocelot switchdev. IGMP/MLD snooping in Felix is still missing, and there are other improvements to be made in the general area of multicast address filtering towards the CPU, but let's get these hardware-specific fixes out of the way first. ==================== Signed-off-by: -
Vladimir Oltean authored
The current procedure for installing a multicast address is hardcoded for IPv4. But, in the ocelot hardware, there are 3 different procedures for IPv4, IPv6 and for regular L2 multicast. For IPv6 (33-33-xx-xx-xx-xx), it's the same as for IPv4 (01-00-5e-xx-xx-xx), except that the destination port mask is stuffed into first 2 bytes of the MAC address except into first 3 bytes. For plain Ethernet multicast, there's no port-in-address stuffing going on, instead the DEST_IDX (pointer to PGID) is used there, just as for unicast. So we have to use one of the nonreserved multicast PGIDs that the hardware has allocated for this purpose. This patch classifies the type of multicast address based on its first bytes, then redirects to one of the 3 different hardware procedures. Note that this gives us a really better way of redirecting PTP frames sent at 01-1b-19-00-00-00 to the CPU. Previously, Yangbo Lu tried to add a trapping rule for PTP EtherType but got a lot of pushback: https://patchwork.ozlabs.org/project/netdev/patch/20190813025214.18601-5-yangbo.lu@nxp.com/ But right now, that isn't needed at all. The application stack (ptp4l) does this for the PTP multicast addresses it's interested in (which are configurable, and include 01-1b-19-00-00-00): memset(&mreq, 0, sizeof(mreq)); mreq.mr_ifindex = index; mreq.mr_type = PACKET_MR_MULTICAST; mreq.mr_alen = MAC_LEN; memcpy(mreq.mr_address, addr1, MAC_LEN); err1 = setsockopt(fd, SOL_PACKET, PACKET_ADD_MEMBERSHIP, &mreq, sizeof(mreq)); Into the kernel, this translates into a dev_mc_add on the switch network interfaces, and our drivers know that it means they should translate it into a host MDB address (make the CPU port be the destination). Previously, this was broken because all mdb addresses were treated as IPv4 (which 01-1b-19-00-00-00 obviously is not). Signed-off-by:
Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by:
-
Vladimir Oltean authored
The current iterators are impossible to understand at first glance without switching back and forth between the definitions and their actual use in the for loops. So introduce some convenience names to help readability. Signed-off-by:
-
Vladimir Oltean authored
This adds the mdb hooks in felix and exports the mdb functions from ocelot. Signed-off-by:
-
Vladimir Oltean authored
When used in DSA mode (as seen in Felix), the DEST_IDX in the MAC table should point to the PGID for the CPU port (PGID_CPU) and not for the Ethernet port where the CPU queues are redirected to (also known as Node Processor Interface - NPI). Because for Felix this distinction shouldn't really matter (from DSA perspective, the NPI port _is_ the CPU port), make the ocelot library act upon the CPU port when NPI mode is enabled. This has no effect for the mscc_ocelot driver for VSC7514, because that does not use NPI (and ocelot->npi is -1). Signed-off-by:
-
Vladimir Oltean authored
The ocelot hardware designers have made some hacks to support multicast IPv4 and IPv6 addresses. Normally, the MAC table matches on MAC addresses and the destination ports are selected through the DEST_IDX field of the respective MAC table entry. The DEST_IDX points to a Port Group ID (PGID) which contains the bit mask of ports that frames should be forwarded to. But there aren't a lot of PGIDs (only 80 or so) and there are clearly many more IP multicast addresses than that, so it doesn't scale to use this PGID mechanism, so something else was done. Since the first portion of the MAC address is known, the hack they did was to use a single PGID for _flooding_ unknown IPv4 multicast (PGID_MCIPV4 == 62), but for known IP multicast, embed the destination ports into the first 3 bytes of the MAC address recorded in the MAC table. The VSC7514 datasheet explains it like this: 3.9.1.5 IPv4 Multicast Entries MAC table entries with the ENTRY_TYPE = 2 settings are interpreted as IPv4 multicast entries. IPv4 multicasts entries match IPv4 frames, which are classified to the specified VID, and which have DMAC = 0x01005Exxxxxx, where xxxxxx is the lower 24 bits of the MAC address in the entry. Instead of a lookup in the destination mask table (PGID), the destination set is programmed as part of the entry MAC address. This is shown in the following table. Table 78: IPv4 Multicast Destination Mask Destination Ports Record Bit Field --------------------------------------------- Ports 10-0 MAC[34-24] Example: All IPv4 multicast frames in VLAN 12 with MAC 01005E112233 are to be forwarded to ports 3, 8, and 9. This is done by inserting the following entry in the MAC table entry: VALID = 1 VID = 12 MAC = 0x000308112233 ENTRY_TYPE = 2 DEST_IDX = 0 But this procedure is not at all what's going on in the driver. In fact, the code that embeds the ports into the MAC address looks like it hasn't actually been tested. This patch applies the procedure described in the datasheet. Since there are many other fixes to be made around multicast forwarding until it works properly, there is no real reason for this patch to be backported to stable trees, or considered a real fix of something that should have worked. Signed-off-by:
-
- 22 Jun, 2020 2 commits
-
-
David S. Miller authored
Ido Schimmel says: ==================== mlxsw: Offload TC action pedit munge tcp/udp sport/dport Petr says: On Spectrum-2 and Spectrum-3, it is possible to overwrite L4 port number of a TCP or UDP packet in the ACL engine. That corresponds to the pedit munges of tcp and udp sport resp. dport fields. Offload these munges on the systems where they are supported. The current offloading code assumes that all systems support the same set of fields. This now changes, so in patch #1 first split handling of pedit munges by chip type. The analysis of which packet field a given munge describes is kept generic. Patch #2 introduces the new flexible action fields. Patch #3 then adds the new pedit fields, and dispatches on them on Spectrum>1. Patch #4 adds a forwarding selftest for pedit dsfield, applicable to SW as well as HW datapaths. ==================== Reviewed-by:
-
Petr Machata authored
Add a test that checks that pedit adjusts port numbers of tcp and udp packets. Signed-off-by:
Petr Machata <petrm@mellanox.com> Signed-off-by:
Ido Schimmel <idosch@mellanox.com> Signed-off-by:
-
