- 13 Jul, 2020 2 commits
-
-
Eyal Birger authored
xfrmi_lookup() is called on every packet. Using a single list for looking up if_id becomes a bottleneck when having many xfrm interfaces. Signed-off-by:
Eyal Birger <eyal.birger@gmail.com> Signed-off-by:
Steffen Klassert <steffen.klassert@secunet.com>
-
Eyal Birger authored
The xfrmi context exists in the netdevice priv context. Avoid looking for it in a separate list. Signed-off-by:
-
- 10 Jul, 2020 1 commit
-
-
Steffen Klassert authored
Xin Long says: ================== Now ipip and ipv6 tunnels processing is supported by xfrm4/6_tunnel, but not in vti and xfrmi. This feature is needed by processing those uncompressed small fragments and packets when using comp protocol. It means vti and xfrmi won't be able to accept small fragments or packets when using comp protocol, which is not expected. xfrm4/6_tunnel eventually calls xfrm_input() to process ipip and ipv6 tunnels with an ipip/ipv6-proto state (a child state of comp-proto state), and vti and xfrmi should do the same. The extra things for vti to do is: - vti_input() should be called before xfrm_input() to set XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4/6 = tunnel. [A] - vti_rcv_cb() should be called after xfrm_input() to update the skb->dev. [B] And the extra things for xfrmi to do is: - The ipip/ipv6-proto state should be assigned if_id from its parent's state. [C] - xfrmi_rcv_cb() should be called after xfrm_input() to update the skb->dev. [D] Patch 4-7 does the things in [A]. To implement [B] and [D], patch 1-3 is to build a callback function for xfrm4/6_tunnel, which can be called after xfrm_input(), similar to xfrm4/6_protocol's .cb_handler. vti and xfrmi only needs to give their own callback function in patch 4-7 and 9-10, which already exists: vti_rcv_cb() and xfrmi_rcv_cb(). Patch 8 is to do the thing in [C] by assigning child tunnel's if_id from its parent tunnel. With the whole patch series, the segments or packets with any size can work with ipsec comp proto on vti and xfrmi. v1->v2: - See Patch 2-3. v2->v3: - See Patch 2-3, 4, 6, 9-10. ================== Signed-off-by:
-
- 09 Jul, 2020 10 commits
-
-
Xin Long authored
Similar to ip_vti, IPIP and IPIP6 tunnels processing can easily be done with .cb_handler for xfrm interface. v1->v2: - no change. v2-v3: - enable it only when CONFIG_INET_XFRM_TUNNEL is defined, to fix the build error, reported by kbuild test robot. Signed-off-by:Xin Long <lucien.xin@gmail.com> Signed-off-by:
-
Xin Long authored
Similar to ip6_vti, IP6IP6 and IP6IP tunnels processing can easily be done with .cb_handler for xfrm interface. v1->v2: - no change. v2-v3: - enable it only when CONFIG_INET6_XFRM_TUNNEL is defined, to fix the build error, reported by kbuild test robot. Signed-off-by: -
Xin Long authored
The child tunnel if_id will be used for xfrm interface's lookup when processing the IP(6)IP(6) packets in the next patches. Signed-off-by:
-
Xin Long authored
For IP6IP tunnel processing, the functions called will be the same as that for IP6IP6 tunnel's. So reuse it and register it with family == AF_INET. Signed-off-by:
-
Xin Long authored
Similar to IPIP tunnel's processing, this patch is to support IP6IP6 tunnel processing with .cb_handler. v1->v2: - no change. v2-v3: - enable it only when CONFIG_INET6_XFRM_TUNNEL is defined, to fix the build error, reported by kbuild test robot. Signed-off-by: -
Xin Long authored
For IPIP6 tunnel processing, the functions called will be the same as that for IPIP tunnel's. So reuse it and register it with family == AF_INET6. Signed-off-by:
-
Xin Long authored
With tunnel4_input_afinfo added, IPIP tunnel processing in ip_vti can be easily done with .cb_handler. So replace the processing by calling ip_tunnel_rcv() with it. v1->v2: - no change. v2-v3: - enable it only when CONFIG_INET_XFRM_TUNNEL is defined, to fix the build error, reported by kbuild test robot. Signed-off-by: -
Xin Long authored
This patch is to register a callback function tunnel6_rcv_cb with is_ipip set in a xfrm_input_afinfo object for tunnel6 and tunnel46. It will be called by xfrm_rcv_cb() from xfrm_input() when family is AF_INET6 and proto is IPPROTO_IPIP or IPPROTO_IPV6. v1->v2: - Fix a sparse warning caused by the missing "__rcu", as Jakub noticed. - Handle the err returned by xfrm_input_register_afinfo() in tunnel6_init/fini(), as Sabrina noticed. v2->v3: - Add "#if IS_ENABLED(CONFIG_INET6_XFRM_TUNNEL)" to fix the build error when xfrm is disabled, reported by kbuild test robot Signed-off-by: -
Xin Long authored
This patch is to register a callback function tunnel4_rcv_cb with is_ipip set in a xfrm_input_afinfo object for tunnel4 and tunnel64. It will be called by xfrm_rcv_cb() from xfrm_input() when family is AF_INET and proto is IPPROTO_IPIP or IPPROTO_IPV6. v1->v2: - Fix a sparse warning caused by the missing "__rcu", as Jakub noticed. - Handle the err returned by xfrm_input_register_afinfo() in tunnel4_init/fini(), as Sabrina noticed. v2->v3: - Add "#if IS_ENABLED(CONFIG_INET_XFRM_TUNNEL)" to fix the build error when xfrm is disabled, reported by kbuild test robot. Signed-off-by: -
Xin Long authored
This patch is to add a new member is_ipip to struct xfrm_input_afinfo, to allow another group family of callback functions to be registered with is_ipip set. This will be used for doing a callback for struct xfrm(6)_tunnel of ipip/ipv6 tunnels in xfrm_input() by calling xfrm_rcv_cb(), which is needed by ipip/ipv6 tunnels' support in ip(6)_vti and xfrm interface in the next patches. Signed-off-by:
-
- 24 Jun, 2020 1 commit
-
-
Petr Vaněk authored
RFC 4303 in section 3.3.3 suggests to disable anti-replay for manually distributed ICVs in which case the sender does not need to monitor or reset the counter. However, the sender still increments the counter and when it reaches the maximum value, the counter rolls over back to zero. This patch introduces new extra_flag XFRM_SA_XFLAG_OSEQ_MAY_WRAP which allows sequence number to cycle in outbound packets if set. This flag is used only in legacy and bmp code, because esn should not be negotiated if anti-replay is disabled (see note in 3.3.3 section). Signed-off-by:
Petr Vaněk <pv@excello.cz> Acked-by:
Christophe Gouault <christophe.gouault@6wind.com> Signed-off-by:
-
- 23 Jun, 2020 16 commits
-
-
David S. Miller authored
Igor Russkikh says: ==================== net: atlantic: additional A2 features This patchset adds more features to A2: * half duplex rates; * EEE; * flow control; * link partner capabilities reporting; * phy loopback. Feature-wise A2 is almost on-par with A1 save for WoL and filtering, which will be submitted as separate follow-up patchset(s). ==================== Reviewed-by:
Jakub Kicinski <kuba@kernel.org> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Dmitry Bogdanov authored
This patch adds the phy loopback support on A2. Signed-off-by:
Dmitry Bogdanov <dbogdanov@marvell.com> Signed-off-by:
Mark Starovoytov <mstarovoitov@marvell.com> Signed-off-by:
Igor Russkikh <irusskikh@marvell.com> Signed-off-by:
-
Dmitry Bogdanov authored
This patch adds link partner capabilities reporting support on A2. In particular, the following capabilities are available for reporting: * link rate; * EEE; * flow control. Signed-off-by:
-
Igor Russkikh authored
This patch adds flow control support on A2. Co-developed-by:
-
Nikita Danilov authored
This patch adds EEE support on A2. Signed-off-by:
Nikita Danilov <ndanilov@marvell.com> Co-developed-by:
-
Nikita Danilov authored
This patch removes 2.5G baseX wrong usage/reporting, since it shouldn't have been mixed with baseT. Signed-off-by:
-
Igor Russkikh authored
This patch adds support for 10M/100M/1G half duplex rates, which are supported by A2 in additional to full duplex rates supported by A1. Signed-off-by:
-
Stephen Rothwell authored
Signed-off-by:
Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by:
-
Gaurav Singh authored
arg cannot be NULL since its already being dereferenced before. Remove the redundant NULL check. Signed-off-by:
Gaurav Singh <gaurav1086@gmail.com> Signed-off-by:
-
Russell King authored
Convert the mtk_eth_soc driver to use the finalised link parameters in mac_link_up() rather than the parameters in mac_config(). Signed-off-by:
Russell King <rmk+kernel@armlinux.org.uk> Signed-off-by:
-
David S. Miller authored
Vladimir Oltean says: ==================== Multicast improvement in Ocelot and Felix drivers This series makes some basic multicast forwarding functionality work for Felix DSA and for Ocelot switchdev. IGMP/MLD snooping in Felix is still missing, and there are other improvements to be made in the general area of multicast address filtering towards the CPU, but let's get these hardware-specific fixes out of the way first. ==================== Signed-off-by: -
Vladimir Oltean authored
The current procedure for installing a multicast address is hardcoded for IPv4. But, in the ocelot hardware, there are 3 different procedures for IPv4, IPv6 and for regular L2 multicast. For IPv6 (33-33-xx-xx-xx-xx), it's the same as for IPv4 (01-00-5e-xx-xx-xx), except that the destination port mask is stuffed into first 2 bytes of the MAC address except into first 3 bytes. For plain Ethernet multicast, there's no port-in-address stuffing going on, instead the DEST_IDX (pointer to PGID) is used there, just as for unicast. So we have to use one of the nonreserved multicast PGIDs that the hardware has allocated for this purpose. This patch classifies the type of multicast address based on its first bytes, then redirects to one of the 3 different hardware procedures. Note that this gives us a really better way of redirecting PTP frames sent at 01-1b-19-00-00-00 to the CPU. Previously, Yangbo Lu tried to add a trapping rule for PTP EtherType but got a lot of pushback: https://patchwork.ozlabs.org/project/netdev/patch/20190813025214.18601-5-yangbo.lu@nxp.com/ But right now, that isn't needed at all. The application stack (ptp4l) does this for the PTP multicast addresses it's interested in (which are configurable, and include 01-1b-19-00-00-00): memset(&mreq, 0, sizeof(mreq)); mreq.mr_ifindex = index; mreq.mr_type = PACKET_MR_MULTICAST; mreq.mr_alen = MAC_LEN; memcpy(mreq.mr_address, addr1, MAC_LEN); err1 = setsockopt(fd, SOL_PACKET, PACKET_ADD_MEMBERSHIP, &mreq, sizeof(mreq)); Into the kernel, this translates into a dev_mc_add on the switch network interfaces, and our drivers know that it means they should translate it into a host MDB address (make the CPU port be the destination). Previously, this was broken because all mdb addresses were treated as IPv4 (which 01-1b-19-00-00-00 obviously is not). Signed-off-by:
Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by:
-
Vladimir Oltean authored
The current iterators are impossible to understand at first glance without switching back and forth between the definitions and their actual use in the for loops. So introduce some convenience names to help readability. Signed-off-by:
-
Vladimir Oltean authored
This adds the mdb hooks in felix and exports the mdb functions from ocelot. Signed-off-by:
-
Vladimir Oltean authored
When used in DSA mode (as seen in Felix), the DEST_IDX in the MAC table should point to the PGID for the CPU port (PGID_CPU) and not for the Ethernet port where the CPU queues are redirected to (also known as Node Processor Interface - NPI). Because for Felix this distinction shouldn't really matter (from DSA perspective, the NPI port _is_ the CPU port), make the ocelot library act upon the CPU port when NPI mode is enabled. This has no effect for the mscc_ocelot driver for VSC7514, because that does not use NPI (and ocelot->npi is -1). Signed-off-by:
-
Vladimir Oltean authored
The ocelot hardware designers have made some hacks to support multicast IPv4 and IPv6 addresses. Normally, the MAC table matches on MAC addresses and the destination ports are selected through the DEST_IDX field of the respective MAC table entry. The DEST_IDX points to a Port Group ID (PGID) which contains the bit mask of ports that frames should be forwarded to. But there aren't a lot of PGIDs (only 80 or so) and there are clearly many more IP multicast addresses than that, so it doesn't scale to use this PGID mechanism, so something else was done. Since the first portion of the MAC address is known, the hack they did was to use a single PGID for _flooding_ unknown IPv4 multicast (PGID_MCIPV4 == 62), but for known IP multicast, embed the destination ports into the first 3 bytes of the MAC address recorded in the MAC table. The VSC7514 datasheet explains it like this: 3.9.1.5 IPv4 Multicast Entries MAC table entries with the ENTRY_TYPE = 2 settings are interpreted as IPv4 multicast entries. IPv4 multicasts entries match IPv4 frames, which are classified to the specified VID, and which have DMAC = 0x01005Exxxxxx, where xxxxxx is the lower 24 bits of the MAC address in the entry. Instead of a lookup in the destination mask table (PGID), the destination set is programmed as part of the entry MAC address. This is shown in the following table. Table 78: IPv4 Multicast Destination Mask Destination Ports Record Bit Field --------------------------------------------- Ports 10-0 MAC[34-24] Example: All IPv4 multicast frames in VLAN 12 with MAC 01005E112233 are to be forwarded to ports 3, 8, and 9. This is done by inserting the following entry in the MAC table entry: VALID = 1 VID = 12 MAC = 0x000308112233 ENTRY_TYPE = 2 DEST_IDX = 0 But this procedure is not at all what's going on in the driver. In fact, the code that embeds the ports into the MAC address looks like it hasn't actually been tested. This patch applies the procedure described in the datasheet. Since there are many other fixes to be made around multicast forwarding until it works properly, there is no real reason for this patch to be backported to stable trees, or considered a real fix of something that should have worked. Signed-off-by:
-
- 22 Jun, 2020 10 commits
-
-
David S. Miller authored
Ido Schimmel says: ==================== mlxsw: Offload TC action pedit munge tcp/udp sport/dport Petr says: On Spectrum-2 and Spectrum-3, it is possible to overwrite L4 port number of a TCP or UDP packet in the ACL engine. That corresponds to the pedit munges of tcp and udp sport resp. dport fields. Offload these munges on the systems where they are supported. The current offloading code assumes that all systems support the same set of fields. This now changes, so in patch #1 first split handling of pedit munges by chip type. The analysis of which packet field a given munge describes is kept generic. Patch #2 introduces the new flexible action fields. Patch #3 then adds the new pedit fields, and dispatches on them on Spectrum>1. Patch #4 adds a forwarding selftest for pedit dsfield, applicable to SW as well as HW datapaths. ==================== Reviewed-by:
-
Petr Machata authored
Add a test that checks that pedit adjusts port numbers of tcp and udp packets. Signed-off-by:
Petr Machata <petrm@mellanox.com> Signed-off-by:
Ido Schimmel <idosch@mellanox.com> Signed-off-by:
-
Petr Machata authored
Spectrum-2 supports an ACL action L4_PORT, which allows TCP and UDP source and destination port number change. Offload suitable mangles to this action. Signed-off-by:
Jiri Pirko <jiri@mellanox.com> Signed-off-by:
-
Petr Machata authored
Add fields related to L4_PORT_ACTION, which is used for changing of TCP and UDP port numbers. Signed-off-by:
-
Petr Machata authored
Certain ACL actions are only available on some Spectrum revisions. In particular, L4_PORT_ACTION is not available on Spectrum-1. Introduce a new ops struct intended to hold these differences, mlxsw_sp_rulei_ops. Prime it with a sole member, act_mangle_field, meant for handling of pedit mangles. Create two ops structures, one for Spectrum-1, the other for Spectrum-2 and above. Add callbacks for act_mangle_field and dispatch to the common handler. Invoke mlxsw_sp_rulei_ops.act_mangle_field from the field mangler instead of calling the common handler directly. Signed-off-by:
-
David S. Miller authored
Maxim Kochetkov says: ==================== Add Marvell 88E1340S, 88E1548P support This patch series add new PHY id support. Russell King asked to use single style for referencing functions. ==================== Signed-off-by: -
Maxim Kochetkov authored
Add support for this new phy ID. Signed-off-by:
Maxim Kochetkov <fido_max@inbox.ru> Signed-off-by:
-
Maxim Kochetkov authored
Add support for this new phy ID. Signed-off-by:
-
Maxim Kochetkov authored
The kernel in general does not use &func referencing format. Signed-off-by:
-
David S. Miller authored
Heiner Kallweit says: ==================== r8169: mark device as detached in PCI D3 and improve locking Mark the netdevice as detached whenever parent is in PCI D3hot and not accessible. This mainly applies to runtime-suspend state. In addition take RTNL lock in suspend calls, this allows to remove the driver-specific mutex and improve PM callbacks in general. ==================== Reviewed-by:
-
