- 25 Nov, 2015 1 commit
-
-
Philip Whineray authored
Various files are owned by root with 0440 permission. Reading them is impossible in an unprivileged user namespace, interfering with firewall tools. For instance, iptables-save relies on /proc/net/ip_tables_names contents to dump only loaded tables. This patch assigned ownership of the following files to root in the current namespace: - /proc/net/*_tables_names - /proc/net/*_tables_matches - /proc/net/*_tables_targets - /proc/net/nf_conntrack - /proc/net/nf_conntrack_expect - /proc/net/netfilter/nfnetlink_log A mapping for root must be available, so this order should be followed: unshare(CLONE_NEWUSER); /* Setup the mapping */ unshare(CLONE_NEWNET); Signed-off-by:
Philip Whineray <phil@firehol.org> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org>
-
- 23 Nov, 2015 11 commits
-
-
Florian Westphal authored
The previous patch changed nf_ct_frag6_gather() to morph reassembled skb with the previous one. This means that the return value is always NULL or the skb argument. So change it to an err value. Instead of invoking NF_HOOK recursively with threshold to skip already-called hooks we can now just return NF_ACCEPT to move on to the next hook except for -EINPROGRESS (which means skb has been queued for reassembly), in which case we return NF_STOLEN. Signed-off-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
-
Florian Westphal authored
commit 6aafeef0 ("netfilter: push reasm skb through instead of original frag skbs") changed ipv6 defrag to not use the original skbs anymore. So rather than keeping the original skbs around just to discard them afterwards just use the original skbs directly for the fraglist of the newly assembled skb and remove the extra clone/free operations. The skb that completes the fragment queue is morphed into a the reassembled one instead, just like ipv4 defrag. openvswitch doesn't need any additional skb_morph magic anymore to deal with this situation so just remove that. A followup patch can then also remove the NF_HOOK (re)invocation in the ipv6 netfilter defrag hook. Cc: Joe Stringer <joestringer@nicira.com> Signed-off-by:
-
stephen hemminger authored
Signed-off-by:
Stephen Hemminger <stephen@networkplumber.org> Signed-off-by:
-
Marcelo Ricardo Leitner authored
ip_ct_sctp is an internal structure, embedded by the union nf_conntrack_proto to store sctp-specific information at conntrack entries. It has no business with UAPI. This patch moves it from UAPI to a saner place, together with similar structs for other protocols. Signed-off-by:
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Acked-by:
Neil Horman <nhorman@tuxdriver.com> Signed-off-by:
-
Ian Morris authored
Eliminate some checkpatch issues by improved layout of if statements. No changes detected by objdiff. Signed-off-by:
Ian Morris <ipm@chirality.org.uk> Signed-off-by:
-
Ian Morris authored
Change brace placement to eliminate checkpatch error. No changes detected by objdiff. Signed-off-by:
-
Ian Morris authored
Changes comments to use netdev style. No changes detected by objdiff. Signed-off-by:
-
Ian Morris authored
Fixes a bunch of issues detected by checkpatch with regards to code indentation. No changes detected by objdiff. Signed-off-by:
-
Mikko Rapeli authored
Add missing header dependencies and other small changes so that each file compiles alone in userspace. Signed-off-by:
Mikko Rapeli <mikko.rapeli@iki.fi> Signed-off-by:
-
Mikko Rapeli authored
Fixes userspace compilation error: linux/netfilter_bridge/ebtables.h:38:2: error: unknown type name ‘uint64_t’ Signed-off-by:
-
Saurabh Sengar authored
use of_property_read_bool() for testing bool property Signed-off-by:
Saurabh Sengar <saurabh.truth@gmail.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
- 22 Nov, 2015 2 commits
-
-
Yuval Mintz authored
Commit 46e8a249423ff "bnx2x: Add FW 7.13.1.0" added said .bin FW to linux-firmware; This patch incorporates the FW in the bnx2x driver. This introduces 2 fixes/enhancements: - In some management protocols there are outer-vlan configurations that can be dynamically changed while device is running. This fixes some corner cases where such a change did not take effect. - Prevent VFs from sending MAC control frames; FW would treat a VF sending such a packet as malicious and block any further communication done by the VF. Signed-off-by:
Yuval Mintz <Yuval.Mintz@qlogic.com> Signed-off-by:
Ariel Elior <Ariel.Elior@qlogic.com> Signed-off-by:
-
David Ahern authored
Add tracepoint to show fib6 table lookups and result. Signed-off-by:
David Ahern <dsa@cumulusnetworks.com> Signed-off-by:
-
- 20 Nov, 2015 26 commits
-
-
Eric Dumazet authored
napi_alloc_skb() can return NULL. We should not crash should this happen. Fixes: 93f93a44 ("net: move skb_mark_napi_id() into core networking stack") Signed-off-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
-
Simon Horman authored
The GTI.TIV may be set to 2GHz^2 / rate, where rate is that of the clock of the device. Rather than assuming a rate of 130MHz use the actual rate of the clock. The motivation for this is to use the correct rate on the r8a7795/Salvator-X which is advertised as 133MHz but may differ depending on the extal present on the Salvator-X. Signed-off-by:
Simon Horman <horms+renesas@verge.net.au> Signed-off-by:
-
Ondrej Zary authored
Add suspend/resume support to dl2k driver. This requires RX/TX rings to be reset so split out the required functionality from alloc_list() into new rio_reset_ring(). Tested on Asus NX1101 (IP1000A) and D-Link DGE-550T (DL-2000). Signed-off-by:
Ondrej Zary <linux@rainbow-software.org> Signed-off-by:
-
Ondrej Zary authored
Move HW init and stop into separate functions. Request IRQ only after the HW has been reset (so interrupts are disabled and no stale interrupts are pending). Signed-off-by:
-
Ondrej Zary authored
If memory allocation fails in alloc_list(), free the already allocated memory and return -ENOMEM. In rio_open(), call alloc_list() first and abort if it fails. Move HW access (set RFDListPtr) out ot alloc_list(). Signed-off-by:
-
David S. Miller authored
Jon Maloy says: ==================== tipc: some cleanups and improvements This series mostly contains cleanups and cosmetic code changes. The only real functional change is in #4 and #5, where we change the locking structure for nodes and links in order to permit full concurrency between links working in parallel on different interfaces. Since the groundwork for this has been done in previous commit series, this change constitutes only the final, small step to achieve that goal. ==================== Signed-off-by: -
Jon Paul Maloy authored
The number of variables with Hungarian notation (l_ptr, n_ptr etc.) has been significantly reduced over the last couple of years. We now root out the last traces of this practice. There are no functional changes in this commit. Reviewed-by:
Ying Xue <ying.xue@windriver.com> Signed-off-by:
Jon Maloy <jon.maloy@ericsson.com> Signed-off-by:
-
Jon Paul Maloy authored
We move the definition of struct tipc_link from link.h to link.c in order to minimize its exposure to the rest of the code. When needed, we define new functions to make it possible for external entities to access and set data in the link. Apart from the above, there are no functional changes. Reviewed-by:
-
Jon Paul Maloy authored
In our effort to have less code and include dependencies between entities such as node, link and bearer, we try to narrow down the exposed interface towards the node as much as possible. In this commit, we move the definition of struct tipc_node, along with many of its associated function declarations, from node.h to node.c. We also move some function definitions from link.c and name_distr.c to node.c, since they access fields in struct tipc_node that should not be externally visible. The moved functions are renamed according to new location, and made static whenever possible. There are no functional changes in this commit. Reviewed-by:
-
Jon Paul Maloy authored
According to the node FSM a node in state SELF_UP_PEER_UP cannot change state inside a lock context, except when a TUNNEL_PROTOCOL (SYNCH or FAILOVER) packet arrives. However, the node's individual links may still change state. Since each link now is protected by its own spinlock, we finally have the conditions in place to convert the node spinlock to an rwlock_t. If the node state and arriving packet type are rigth, we can let the link directly receive the packet under protection of its own spinlock and the node lock in read mode. In all other cases we use the node lock in write mode. This enables full concurrent execution between parallel links during steady-state traffic situations, i.e., 99+ % of the time. This commit implements this change. Reviewed-by:
-
Jon Paul Maloy authored
As a preparation to allow parallel links to work more independently from each other we introduce a per-link spinlock, to be stored in the struct nodes's link entry area. Since the node lock still is a regular spinlock there is no increase in parallellism at this stage. Reviewed-by:
-
Jon Paul Maloy authored
The file name_distr.c currently contains three functions, named_cluster_distribute(), tipc_publ_subcscribe() and tipc_publ_unsubscribe() that all directly access fields in struct tipc_node. We want to eliminate such dependencies, so we move those functions to the file node.c and rename them to tipc_node_broadcast(), tipc_node_subscribe() and tipc_node_unsubscribe() respectively. Reviewed-by:
-
Jon Paul Maloy authored
The function tipc_node_check_state() contains the core logics for handling link synchronization and failover. For this reason, it is important to keep it as comprehensible as possible. In this commit, we make three small cleanups. 1) If the node is in state SELF_DOWN_PEER_LEAVING and the received packet confirms that the peer has lost contact, there will be no further action in this function. To make this clearer, we return from the function directly after the state change. 2) Since commit 0f8b8e28 ("tipc: eliminate risk of stalled link synchronization") only the logically first TUNNEL_PROTO/SYNCH packet can alter the link state and set the synch point, independently of arrival order. Hence, there is not any longer any need to adjust the synch value in case such packets arrive in disorder. We remove this adjustment. 3) It is the intention that any message arriving on any of the links may trig a check for and possible termination of a node SYNCH state. A redundant and unnoticed check for tipc_link_is_synching() obviously beats this purpose, with the effect that only packets arriving on the synching link may currently end the synch state. We remove this check. This change will further shorten the synchronization period between parallel links. Reviewed-by:
-
Jon Paul Maloy authored
In commit 5cbb28a4 ("tipc: linearize arriving NAME_DISTR and LINK_PROTO buffers") we added linearization of NAME_DISTRIBUTOR, LINK_PROTOCOL/RESET and LINK_PROTOCOL/ACTIVATE to the function tipc_udp_recv(). The location of the change was selected in order to make the commit easily appliable to 'net' and 'stable'. We now move this linearization to where it should be done, in the functions tipc_named_rcv() and tipc_link_proto_rcv() respectively. Reviewed-by:
-
David S. Miller authored
Yuval Mintz says: ==================== bnx2x: Statistics patch series This series contains 2 small statistics-related patches, first adding a new SW statistics and the other exposing port stats for multi-function devices. Please consider applying this series to `net-next'. ==================== Signed-off-by: -
Yuval Mintz authored
Today, port statistics are being presented when using `ethool -S' only for single-function devices, but there are some port statistics which are crucial for analyzing bottle-necks. E.g., HW Rx discards due to lack of buffer space [when device isn't handling ingress traffic fast enough]. Judging the pros and cons, it was decided that in-order to better support automatic dump-gathering tools, bnx2x should no longer hide those stats. This leaves only VFs lacking the port statistics. Signed-off-by:
-
Yuval Mintz authored
Driver already has an internal counter for number of times a given queue had to be stopped due to Tx ring exhaustion. This add the counter to the statistics presented by driver, e.g., by using `ethtool -S'. Signed-off-by:
-
David S. Miller authored
Guillaume Nault says: ==================== ppp: Remove PPPOX_ZOMBIE socket state Several issues have been found lately wrt. the PPPOX_ZOMBIE socket state. This state is now only set upon reception of a PADT to stop further transmissions. However this is redundant with the PADT workqueue mechanism introduced by 287f3a94 ("pppoe: Use workqueue to die properly when a PADT is received"). We can thus simplify pppox socket state handling by getting rid of PPPOX_ZOMBIE entirely. ==================== Signed-off-by:
-
Guillaume Nault authored
PPPOX_ZOMBIE is never set anymore. Signed-off-by:
Guillaume Nault <g.nault@alphalink.fr> Signed-off-by:
-
Guillaume Nault authored
Since 287f3a94 ("pppoe: Use workqueue to die properly when a PADT is received"), pppoe_disc_rcv() disconnects the socket by scheduling pppoe_unbind_sock_work(). This is enough to stop socket transmission and makes the PPPOX_ZOMBIE state uncessary. Signed-off-by:
-
David S. Miller authored
Jiri Pirko says: ==================== mlxsw: small driver update Couple of VLAN-related patches. ==================== Signed-off-by: -
Ido Schimmel authored
The operation of adding VLANs on a port via switchdev ops can fail and we need to be prepared for it. If we do not rollback hardware operations following a failure, hardware and software will remain in an inconsistent state. Solve that by adding suitable error paths to __mlxsw_sp_port_vlans_add. Signed-off-by:
Ido Schimmel <idosch@mellanox.com> Signed-off-by:
Jiri Pirko <jiri@mellanox.com> Signed-off-by:
-
Ido Schimmel authored
When adding or deleting VLANs from a bridged port, HW VLAN filters must be set accordingly. Instead of having the same code in both add and delete functions, just wrap it in a function and call it with the appropriate parameters. Signed-off-by:
Elad Raz <eladr@mellanox.com> Signed-off-by:
-
Ido Schimmel authored
When removing a range of VLANs in which PVID is a member we should use the correct PVID value instead of some VLAN in the range. Also, change two print statements to use 'dev' instead of 'mlxsw_sp_port->dev', as it's already used in other print statements in the function. Signed-off-by:
-
Daniel Borkmann authored
Add a handler for show_fdinfo() to be used by the anon-inodes backend for eBPF maps, and dump the map specification there. Not only useful for admins, but also it provides a minimal way to compare specs from ELF vs pinned object. Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net> Acked-by:
Alexei Starovoitov <ast@kernel.org> Acked-by:
Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by:
-
Jon Ringle authored
When encx24j600 is open and closed many times due to userspace polling the interface, the log gets noise with this log message. Moving this to encx24j600_spi_probe function where it belongs. Signed-off-by:
Jon Ringle <jringle@gridpoint.com> Signed-off-by:
-
