On Sat, Apr 23, 2016 at 03:49:38AM +0200, Thomas Graf wrote:
> On 04/22/16 at 07:44pm, Jiri Benc wrote:
> > For ipgre interfaces in collect metadata mode, receive also traffic with
> > encapsulated Ethernet headers. The lwtunnel users are supposed to sort this
> > out correctly. This allows to have
On Fri, 2016-04-22 at 21:02 -0700, Shi, Yang wrote:
> Hi David,
>
> When I ran some test on a nfs mounted rootfs, I got the below warning
> with LOCKDEP enabled on linux-next-20160420:
>
> WARNING: CPU: 9 PID: 0 at include/net/sock.h:1408
> udp_queue_rcv_skb+0x3d0/0x660
> Modules linked in:
> C
Hi David,
When I ran some test on a nfs mounted rootfs, I got the below warning
with LOCKDEP enabled on linux-next-20160420:
WARNING: CPU: 9 PID: 0 at include/net/sock.h:1408
udp_queue_rcv_skb+0x3d0/0x660
Modules linked in:
CPU: 9 PID: 0 Comm: swapper/9 Tainted: G D
4.6.0-rc4-next-2016
On Fri, Apr 22, 2016 at 2:27 PM, Jiri Benc wrote:
> On Fri, 22 Apr 2016 14:07:01 -0700, pravin shelar wrote:
>> On Fri, Apr 22, 2016 at 10:44 AM, Jiri Benc wrote:
>> > For ipgre interfaces in collect metadata mode, receive also traffic with
>> > encapsulated Ethernet headers. The lwtunnel users a
Francesco Ruggeri writes:
> On Thu, Apr 21, 2016 at 10:44 AM, Eric W. Biederman
> wrote:
> <
>>> diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
>>> index 95394ed..e770221 100644
>>> --- a/drivers/net/macvtap.c
>>> +++ b/drivers/net/macvtap.c
>>> @@ -1303,6 +1303,8 @@ static int macvt
On 04/22/16 at 07:44pm, Jiri Benc wrote:
> For ipgre interfaces in collect metadata mode, receive also traffic with
> encapsulated Ethernet headers. The lwtunnel users are supposed to sort this
> out correctly. This allows to have mixed Ethernet + L3-only traffic on the
> same lwtunnel interface.
>
Hi Rob,
Thanks for your suggestion. I will put DT bindings in separate patches,
and modify related dts file in next version.
Thanks,
Yisen
在 2016/4/23 4:44, Rob Herring 写道:
> On Fri, Apr 22, 2016 at 03:20:13PM +0800, Yisen Zhuang wrote:
>> Add the subctrl reset offset for dsaf, this property is
On 04/22/16 at 11:20pm, Jiri Benc wrote:
> On Fri, 22 Apr 2016 14:04:48 -0700, pravin shelar wrote:
> > I think we should we return error in case of such configuration rather
> > than silently ignoring it.
>
> I thought about it and I'm not sure. We're not returning an error
> currently, starting
rds-stress experiments with request size 256 bytes, 8K acks,
using 16 threads show a 40% improvment when pskb_extract()
replaces the {skb_clone(..); pskb_pull(..); pskb_trim(..);}
pattern in the Rx path, so we leverage the perf gain with
this commit.
Signed-off-by: Sowmini Varadhan
---
net/rds/t
This patchset follows up on the discussion in
https://www.mail-archive.com/netdev@vger.kernel.org/msg105090.html
For RDS-TCP, we have to deal with the full gamut of
nonlinear sk_buffs, including all the frag_list variants.
Also, the parent skb has to remain unchanged, while the clone
is queued fo
A pattern of skb usage seen in modules such as RDS-TCP is to
extract `to_copy' bytes from the received TCP segment, starting
at some offset `off' into a new skb `clone'. This is done in
the ->data_ready callback, where the clone skb is queued up for rx on
the PF_RDS socket, while the parent TCP seg
On Fri, Apr 22, 2016 at 02:05:06PM -0700, pravin shelar wrote:
> On Fri, Apr 22, 2016 at 10:44 AM, Jiri Benc wrote:
> > In ipgre (i.e. not gretap) + collect metadata mode, the skb was assumed to
> > contain Ethernet header and was encapsulated as ETH_P_TEB. This is not the
> > case, the interface
On (04/22/16 20:23), marcelo.leit...@gmail.com wrote:
> My tests results were very similar to what I had without it. Varying to
> better or worse, tending worse. Thing is, SCTP always works on
> linearized skbs as it can't crawl on fragments, so those clone/trim
sorry to hear that. For RDS-TCP, t
On Wed, Apr 20, 2016 at 03:17:41AM -0700, Sowmini Varadhan wrote:
...
> +/* Extract to_copy bytes starting at off from skb, and return this in
> + * a new skb
> + */
> +struct sk_buff *pskb_extract(struct sk_buff *skb, int off,
> + int to_copy, gfp_t gfp)
> +{
> + struc
On Wed, Apr 20, 2016 at 03:17:40AM -0700, Sowmini Varadhan wrote:
> This patchset follows up on the discussion in
> https://www.mail-archive.com/netdev@vger.kernel.org/msg105090.html
>
> For RDS-TCP, we have to deal with the full gamut of
> nonlinear sk_buffs, including all the frag_list variants
On Fri, 2016-04-22 at 10:20 +0100, Mark Brown wrote:
> On Wed, Apr 13, 2016 at 11:15:13AM -0400, David Miller wrote:
> > From: Stephen Rothwell
>
> > > After merging the net-next tree, today's linux-next build (arm
> > > allmodconfig) failed like thisi (this has actually been failing
> for a
> >
On 4/22/16 10:14 AM, Mike Manning wrote:
commit f1705ec197e7 ("net: ipv6: Make address flushing on ifdown
optional") added the option to retain user configured addresses on an
admin down. A comment to one of the later revisions suggested using
the IFA_F_PERMANENT flag rather than adding a user_ma
On Fri, 22 Apr 2016 14:07:01 -0700, pravin shelar wrote:
> On Fri, Apr 22, 2016 at 10:44 AM, Jiri Benc wrote:
> > For ipgre interfaces in collect metadata mode, receive also traffic with
> > encapsulated Ethernet headers. The lwtunnel users are supposed to sort this
> > out correctly. This allows
On Fri, 22 Apr 2016 14:04:48 -0700, pravin shelar wrote:
> I think we should we return error in case of such configuration rather
> than silently ignoring it.
I thought about it and I'm not sure. We're not returning an error
currently, starting returning it now might be perceived as uAPI
breakage.
On Fri, Apr 22, 2016 at 10:44 AM, Jiri Benc wrote:
> For ipgre interfaces in collect metadata mode, receive also traffic with
> encapsulated Ethernet headers. The lwtunnel users are supposed to sort this
> out correctly. This allows to have mixed Ethernet + L3-only traffic on the
> same lwtunnel i
I encounter the same BUG_ON several times,
rt6i_ref is 2;
rt6i_dst is 0::0
Here is an example trace:
[278451.384635] Kernel BUG at ffc000b60238
[278451.384641] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[278451.384671] task: ffc035f30ac0
[278451.384683] PC is at fib6_purge_rt+0xd0/
On Fri, Apr 22, 2016 at 10:44 AM, Jiri Benc wrote:
> In ipgre mode (i.e. not gretap) with collect metadata flag set, the tunnel
> is incorrectly assumed to be mGRE in NBMA mode (see commit 6a5f44d7a048c).
> This is not the case, we're controlling the encapsulation addresses by
> lwtunnel metadata.
On Fri, Apr 22, 2016 at 10:44 AM, Jiri Benc wrote:
> In ipgre (i.e. not gretap) + collect metadata mode, the skb was assumed to
> contain Ethernet header and was encapsulated as ETH_P_TEB. This is not the
> case, the interface is ARPHRD_IPGRE and the protocol to be used for
> encapsulation is skb-
On Fri, Apr 22, 2016 at 03:20:13PM +0800, Yisen Zhuang wrote:
> Add the subctrl reset offset for dsaf, this property is used to reset
> xge/ge ports for different dsaf. If this attribute is not present,
> default value 0 will be used.
>
> Signed-off-by: Daode Huang
> Signed-off-by: Yisen Zhuang
On Thu, Apr 21, 2016 at 10:13 PM, Eric Dumazet wrote:
> From: Eric Dumazet
>
> We now have proper per-listener but also per network namespace counters
> for SYN packets that might be dropped.
>
> We replace the kfree_skb() by consume_skb() to be drop monitor [1]
> friendly, and remove an obsolete
On Thu, Apr 21, 2016 at 02:48:42PM +0530, Pramod Kumar wrote:
> Adding binding doc for ethernet master present in shared
> MDIO controller.
>
> Signed-off-by: Pramod Kumar
> Reviewed-by: Ray Jui
> Reviewed-by: Scott Branden
> ---
> .../bindings/net/brcm,iproc-mdio-shared.txt| 32
> +++
On Thu, Apr 21, 2016 at 02:48:39PM +0530, Pramod Kumar wrote:
> Add DT binding doc for iProc Shared MDIO Controller which
> populate all masters to Shared MDIO framework.
>
> Signed-off-by: Pramod Kumar
> Reviewed-by: Ray Jui
> Reviewed-by: Scott Branden
> ---
> .../bindings/bus/brcm,iproc-sha
On Fri, Apr 22, 2016 at 10:30 PM, Alexander Duyck
wrote:
> From what I can tell it looks like the recent commit that changed the
> behavior for vxlan_get_rx_port has broken the mlx5 driver as it was
> calling vxlan_get_rx_port in mlx5e_create_netdev which didn't hold the
> rtnl lock. As a result
On 22/04/16 12:45, Timur Tabi wrote:
> Timur Tabi wrote:
>>>
>>
>> So I've done some more research, and I believe that the internal phy is
>> not a candidate for phylib, but the external phy (which is a real phy)
>> might be. There's no MDIO bus to the internal phy.
>>
>> Does this mean that I wil
Timur Tabi wrote:
So I've done some more research, and I believe that the internal phy is
not a candidate for phylib, but the external phy (which is a real phy)
might be. There's no MDIO bus to the internal phy.
Does this mean that I will need to enable a PHY driver, and that driver
will con
>From what I can tell it looks like the recent commit that changed the
behavior for vxlan_get_rx_port has broken the mlx5 driver as it was
calling vxlan_get_rx_port in mlx5e_create_netdev which didn't hold the
rtnl lock. As a result it is throwing RTNL_ASSERT errors.
I'm not sure if anyone has al
From: Gal Pressman
VPort and software counters names are confusing and may be unclear, all
VPort counters now have a prefix of rx/tx_vport_*.
Signed-off-by: Gal Pressman
Signed-off-by: Saeed Mahameed
---
drivers/net/ethernet/mellanox/mlx5/core/en_stats.h | 35 +++-
1 files c
From: Eran Ben Elisha
Disable link up when initializing the HCA. Link up/down will be changed
using (Ports Administrative and Operational Status Register) PAOS
commands.
If link layer is Ethernet, up/down the link in ndo_open/stop. If link
layer is IB, up/down the link as part of the mlx5 IB ad
From: Gal Pressman
Use ethtool -K rxvlan to enable/disable
C-TAG vlan stripping by hardware.
Signed-off-by: Gal Pressman
Signed-off-by: Saeed Mahameed
---
drivers/net/ethernet/mellanox/mlx5/core/en.h |3 +
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 74 +++
From: Gal Pressman
Add query MCIA, PMLP registers infrastructure and commands.
Add ethtool support for get_module_info() and get_module_eeprom()
callbacks.
Signed-off-by: Gal Pressman
Signed-off-by: Saeed Mahameed
---
.../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 80 +
From: Gal Pressman
Expose link_down_events counter through ethtool -S.
This counter is read from PPort statistics, then proccessed and stored as
a special handling software counter.
This counter is stored along software counters since it is the only PPort
counter that it's size is not 64 bits.
S
Hi Dave,
This series is centralized around extending and improving mlx5 ethernet driver
ethtool
support We've done some code refactoring for ethtool statistics reporting,
making it
more scalable and robust, now each reported ethtool counter belongs to a group
and has
its own descriptor withi
From: Gal Pressman
Expose counters providing information for each priority level (PCP) through
ethtool -S option and DCBNL.
This includes rx/tx bytes, frames, and pause counters.
Signed-off-by: Gal Pressman
Signed-off-by: Saeed Mahameed
---
drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c |
From: Gal Pressman
Redesign the statistics in the driver:
1. Move counters to a separate file (en_stats.h).
2. Remove unnecessary dependencies between stats and strings.
3. Use counter descriptors which hold a name and offset for each counter,
and will be used to decide which counters will be
From: Gal Pressman
Add the needed hardware command and mlx5_ifc structs for managing LED
control.
Add set_phys_id ethtool callback to support ethtool -p flag.
Signed-off-by: Gal Pressman
Signed-off-by: Eugenia Emantayev
Signed-off-by: Saeed Mahameed
---
.../net/ethernet/mellanox/mlx5/core/en
From: Eran Ben Elisha
Introduce new access register named Ports Check Mask Register (PCMR) to
control all HW checks on port. With this register, the driver can
enable/disable Hardware FCS validation.
When RXALL is enabled/disabled using ndo_set_features, enable/disable
fcs check at HW.
User can
From: Gal Pressman
In current mlx5e ndo_set_features implementation, setting some features
can success while others can fail. Today, we return one error code which
doesn't reflect the current features status of the netdev at the end of
the ndo callback.
Set netdev->features with features which w
From: Gal Pressman
Provide rtnl_link_stats64 with information regarding physical errors to be
seen in ifconfig and ip tool.
Signed-off-by: Gal Pressman
Signed-off-by: Saeed Mahameed
---
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 39 +---
1 files changed, 33 insertio
Now as rx-vlan offload can be disabled, packets can be received
with vlan tag not stripped, which means is_first_ethertype_ip will
return false, for that we need to check if the hardware reported
csum OK so we will report CHECKSUM_UNNECESSARY for those packets.
Signed-off-by: Saeed Mahameed
---
Johannes Berg writes:
> On Mon, 2016-04-18 at 00:10 +0200, Arnd Bergmann wrote:
>> On Sunday 17 April 2016 14:42:33 Johannes Berg wrote:
>> >
>> > I was thinking more restrictively of just the stuff that can't even
>> > be built without modifying the sources - like the "#if VERBOSE"
>> > thing.
Hello Dear,
how are you doing hope fine, I am (Melissa Robert) by name. i will like
to
know more about you believing that friendship is a free gift of nature.
Please get back to me as soon as possible through this my private Email.
(mr4785...@gmail.com)
thank you.
For ipgre interfaces in collect metadata mode, receive also traffic with
encapsulated Ethernet headers. The lwtunnel users are supposed to sort this
out correctly. This allows to have mixed Ethernet + L3-only traffic on the
same lwtunnel interface.
To keep backwards compatibility and prevent any s
lwtunnels currently work only with gretap. This patchset fixes the bugs in
ipgre metadata mode implementation.
As an example, in this setup:
ip a a 192.168.1.1/24 dev eth0
ip l a gre1 type gre external
ip l s gre1 up
ip a a 192.168.99.1/24 dev gre1
ip r a 192.168.99.2/32 encap ip dst 192.168.1.2
In ipgre mode (i.e. not gretap) with collect metadata flag set, the tunnel
is incorrectly assumed to be mGRE in NBMA mode (see commit 6a5f44d7a048c).
This is not the case, we're controlling the encapsulation addresses by
lwtunnel metadata. And anyway, assigning dev->header_ops in collect metadata
m
In ipgre (i.e. not gretap) + collect metadata mode, the skb was assumed to
contain Ethernet header and was encapsulated as ETH_P_TEB. This is not the
case, the interface is ARPHRD_IPGRE and the protocol to be used for
encapsulation is skb->protocol.
Fixes: 2e15ea390e6f4 ("ip_gre: Add support to co
On Thu, 21 Apr 2016 05:19:04 -0700
Eric Dumazet wrote:
> From: Eric Dumazet
>
> SK_MEMINFO_DROPS is added in linux-4.7 for TCP, UDP and SCTP
>
> skmem will display the socket drop count using d prefix as in :
>
> $ ss -tm src :22 | more
> State Recv-Q Send-Q Local Address:PortPeer Ad
On Fri, Apr 22, 2016 at 1:51 AM, Steffen Klassert
wrote:
> On Thu, Apr 21, 2016 at 09:02:48AM -0700, Alexander Duyck wrote:
>> On Thu, Apr 21, 2016 at 12:40 AM, Steffen Klassert
>> wrote:
>> > This partly reverts the below mentioned patch because on
>> > forwarding, such skbs can't be offloaded t
The file tc_ife.h was missing from the export list.
Rather than continue to cherry-pick, just export all headers in the directory.
Signed-off-by: Stephen Hemminger
--- a/include/uapi/linux/tc_act/Kbuild 2015-05-21 15:13:05.121132983 -0700
+++ b/include/uapi/linux/tc_act/Kbuild 2016-04-22 10:03
On Thu, 21 Apr 2016 17:40:14 -0400
Jamal Hadi Salim wrote:
> new file mode 100644
> index 000..d648ff6
> --- /dev/null
> +++ b/include/linux/tc_ife.h
> @@ -0,0 +1,38 @@
> +#ifndef __UAPI_TC_IFE_H
> +#define __UAPI_TC_IFE_H
> +
> +#include
> +#include
> +
> +#define TCA_ACT_IFE 25
> +/* Flag
Export devlink.h when doing make headers install.
I am going to investigate just doing all headers in the directory,
but lets add missing piece for now.
Signed-off-by: Stephen Hemminger
--- a/include/uapi/linux/Kbuild 2016-03-29 17:25:37.727993065 -0700
+++ b/include/uapi/linux/Kbuild 2016-04-22
On Fri, 2016-04-22 at 17:31 +0200, Nicolas Dichtel wrote:
> nla_data() is now aligned on a 64-bit area.
>
> Signed-off-by: Nicolas Dichtel
> ---
> include/net/netlink.h | 8 +---
> include/net/nl802154.h| 6 ++
> net/ieee802154/nl802154.c | 13 -
> 3 files changed,
From: David Decotigny
[ re-sending this series, same v7 as the one previously sent ]
History:
v7
added ref to related kernel commit in netlink ioctl patch description
v6
re-added last patch, to use AF_NETLINK when AF_INET not available
v5
rebased main patch, removed last patch
From: David Decotigny
More info with kernel commit 8d3f2806f8fb ("Merge branch
'ethtool-ksettings'").
Note: The new features implemented in this patch depend on kernel
commit 793cf87de9d1 ("Set cmd field in ETHTOOL_GLINKSETTINGS response to
wrong nwords").
Signed-off-by: David Decotigny
---
From: David Decotigny
To benefit from this, kernel commit 025c68186e07 ("netlink: add support
for NIC driver ioctls") is needed.
Signed-off-by: David Decotigny
---
configure.ac | 2 +-
ethtool.c| 7 +++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/confi
On Fri, 22 Apr 2016 18:10:31 +0200
Sabrina Dubroca wrote:
> 2016-04-14, 15:01:06 +0200, Sabrina Dubroca wrote:
> > This series introduces support for MACsec devices, with a new device
> > type for `ip link`, and a new `ip macsec` subcommand.
> >
> > The first three patches introduce some necessa
commit f1705ec197e7 ("net: ipv6: Make address flushing on ifdown
optional") added the option to retain user configured addresses on an
admin down. A comment to one of the later revisions suggested using
the IFA_F_PERMANENT flag rather than adding a user_managed boolean to
the ifaddr struct. A side
On 4/21/2016 10:59 PM, Fugang Duan wrote:
> From: Troy Kisky Sent: Friday, April 22,
> 2016 10:01 AM
>> To: netdev@vger.kernel.org; da...@davemloft.net; Fugang Duan
>> ; lzn...@gmail.com
>> Cc: Fabio Estevam ; l.st...@pengutronix.de;
>> and...@lunn.ch; trem...@gmail.com; g...@uclinux.org; linux-a
2016-04-14, 15:01:06 +0200, Sabrina Dubroca wrote:
> This series introduces support for MACsec devices, with a new device
> type for `ip link`, and a new `ip macsec` subcommand.
>
> The first three patches introduce some necessary helper functions.
Hi Stephen,
Please don't apply this yet, I'm up
Hi there,
I have noticed some weird behaviour on IGMPv2 and IGMPv3. The short
if it is, I can JOIN a multicast group normally (defaulting to v3) -
this works nicely until a IGMPv2 device is discovered on my network.
After that point, the LEAVE command for the group does not go out on
the wire an
The handler 'ila_fill_encap_info' adds one attribute: ILA_ATTR_LOCATOR.
Fixes: 65d7ab8de582 ("net: Identifier Locator Addressing module")
CC: Tom Herbert
Signed-off-by: Nicolas Dichtel
---
Tom, when I read the comment, I feel I'm misssing something, but what?
net/ipv6/ila/ila_lwt.c | 3 +--
1
On Fri, 22 Apr 2016 16:03:34 +0300
Grygorii Strashko wrote:
> On 04/21/2016 09:26 PM, David Rivshin (Allworx) wrote:
> > From: David Rivshin
> >
> > The phy-handle, phy_id, and fixed-link properties are mutually exclusive,
> > and only one need be specified. However if phy-handle was specified,
With this function, nla_data() is aligned on a 64-bit area.
Signed-off-by: Nicolas Dichtel
---
include/net/netlink.h | 13 +
1 file changed, 13 insertions(+)
diff --git a/include/net/netlink.h b/include/net/netlink.h
index 113b483b6ee8..e589cb3dccee 100644
--- a/include/net/netlink.
nla_data() is now aligned on a 64-bit area.
The temporary function nla_put_be64_32bit() is removed in this patch.
Signed-off-by: Nicolas Dichtel
---
include/linux/netfilter/ipset/ip_set.h | 9 ++---
include/net/netlink.h | 14 ++
include/uapi/linux/ne
nla_data() is now aligned on a 64-bit area.
In fact, there is no user of this function.
Signed-off-by: Nicolas Dichtel
---
include/net/netlink.h | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/include/net/netlink.h b/include/net/netlink.h
index 066a921e7cbe..07421
nla_data() is now aligned on a 64-bit area.
A temporary version (nla_put_be64_32bit()) is added for nla_put_net64().
This function is removed in the next patch.
Signed-off-by: Nicolas Dichtel
---
include/net/netlink.h | 15 ++
include/uapi/linux/fib_rule
Fix typo and describe 'padattr'.
Fixes: 089bf1a6a924 ("libnl: add more helpers to align attributes on 64-bit")
Signed-off-by: Nicolas Dichtel
---
lib/nlattr.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/lib/nlattr.c b/lib/nlattr.c
index 2b82f1e2ebc2..fce1e9afc6d9
Signed-off-by: Nicolas Dichtel
---
include/uapi/linux/xfrm.h | 1 +
net/xfrm/xfrm_user.c | 10 ++
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h
index 2cd9e608d0d1..143338978b48 100644
--- a/include/uapi/linux/xfr
nla_data() is now aligned on a 64-bit area.
Signed-off-by: Nicolas Dichtel
---
include/net/netlink.h| 11 +++
include/uapi/linux/l2tp.h| 1 +
include/uapi/linux/neighbour.h | 2 ++
include/uapi/linux/tcp_metrics.h | 1 +
net/core/neighbour.c | 19
Goal of this patch is to use the new libnl API to align netlink attribute
when needed.
The layout of the netlink message will be a bit different after the patch,
because the padattr (TASKSTATS_TYPE_STATS) will be inside the nested
attribute instead of before it.
Signed-off-by: Nicolas Dichtel
---
nla_data() is now aligned on a 64-bit area.
Signed-off-by: Nicolas Dichtel
---
include/net/netlink.h | 8 +---
include/net/nl802154.h| 6 ++
net/ieee802154/nl802154.c | 13 -
3 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/include/net/netlink.h b/inc
This is the continuation of the work done to align netlink attributes
when these attributes contain some 64-bit fields.
David, if the third patch is too big (or maybe the series), I can split it.
Just tell me what you prefer.
include/linux/netfilter/ipset/ip_set.h | 9 ++--
include
> From: David Rivshin
>
> The first patch fixes a bug that makes dual_emac mode break if either slave
> uses the phy-handle property in the devicetree.
>
> The second patch fixes some cosmetic problems with error messages, and
> also makes the binding documentation more explicit.
>
> The third
From: Florian Westphal
The three variants use same copy&pasted code, condense this into a
helper and use that.
Make sure info.name is 0-terminated.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/linux/netfilter/x_tables.h | 3 ++
net/ipv4/netfilter/arp_tables.c
From: Florian Westphal
When we see a jump also check that the offset gets us to beginning of
a rule (an ipt_entry).
The extra overhead is negible, even with absurd cases.
300k custom rules, 300k jumps to 'next' user chain:
[ plus one jump from INPUT to first userchain ]:
Before:
real0m24.8
From: Florian Westphal
32bit rulesets have different layout and alignment requirements, so once
more integrity checks get added to xt_check_entry_offsets it will reject
well-formed 32bit rulesets.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/linux/netfilter/x_t
From: Florian Westphal
Always returned 0.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/linux/netfilter/x_tables.h | 2 +-
net/ipv4/netfilter/arp_tables.c| 17 +
net/ipv4/netfilter/ip_tables.c | 26 +-
net/ipv6/ne
From: Florian Westphal
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/arp_tables.c | 82 ++---
1 file changed, 36 insertions(+), 46 deletions(-)
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_t
From: Florian Westphal
Ben Hawkes says:
In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it
is possible for a user-supplied ipt_entry structure to have a large
next_offset field. This field is not bounds checked prior to writing a
counter value at the supplied offset.
Bas
From: Florian Westphal
make the replace function only send a ctnetlink event if the contents
of the new set is different.
Otherwise 'ct label set ct label | bar'
will cause netlink event storm since we "replace" labels for each packet.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neir
From: Florian Westphal
We have targets and standard targets -- the latter carries a verdict.
The ip/ip6tables validation functions will access t->verdict for the
standard targets to fetch the jump offset or verdict for chainloop
detection, but this happens before the targets get checked/validate
From: Florian Westphal
nf_connlabel_set() takes the bit number that we would like to set.
nf_connlabels_get() however took the number of bits that we want to
support.
So e.g. nf_connlabels_get(32) support bits 0 to 31, but not 32.
This changes nf_connlabels_get() to take the highest bit that we
From: Florian Westphal
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/ipv6/netfilter/ip6_tables.c | 59 +
1 file changed, 24 insertions(+), 35 deletions(-)
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_t
From: Florian Westphal
Currently labels can only be set either by iptables connlabel
match or via ctnetlink.
Before adding nftables set support, clean up the clabel core and move
helpers that nft will not need after all to the xtables module.
Signed-off-by: Florian Westphal
Signed-off-by: Pabl
From: Florian Westphal
We're currently asserting that targetoff + targetsize <= nextoff.
Extend it to also check that targetoff is >= sizeof(xt_entry).
Since this is generic code, add an argument pointing to the start of the
match/target, we can then derive the base structure size from the delta
Ping?
From: Florian Westphal
commit 9e67d5a739327c44885adebb4f3a538050be73e4
("[NETFILTER]: x_tables: remove obsolete overflow check") left the
compat parts alone, but we can kill it there as well.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/arp_tables.c
From: Florian Westphal
This looks like refactoring, but its also a bug fix.
Problem is that the compat path (32bit iptables, 64bit kernel) lacks a few
sanity tests that are done in the normal path.
For example, we do not check for underflows and the base chain policies.
While its possible to a
Hi David,
The following patchset contains Netfilter updates for your net-next
tree, mostly from Florian Westphal to sort out the lack of sufficient
validation in x_tables and connlabel preparation patches to add
nf_tables support. They are:
1) Ensure we don't go over the ruleset blob boundaries i
From: Florian Westphal
Since 'netfilter: x_tables: validate targets of jumps' change we
validate that the target aligns exactly with beginning of a rule,
so offset test is now redundant.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/arp_tables.c | 8 -
From: Florian Westphal
Currently arp/ip and ip6tables each implement a short helper to check that
the target offset is large enough to hold one xt_entry_target struct and
that t->u.target_size fits within the current rule.
Unfortunately these checks are not sufficient.
To avoid adding new tests
From: Florian Westphal
Once we add more sanity testing to xt_check_entry_offsets it
becomes relvant if we're expecting a 32bit 'config_compat' blob
or a normal one.
Since we already have a lot of similar-named functions (check_entry,
compat_check_entry, find_and_check_entry, etc.) and the curren
From: Florian Westphal
Validate that all matches (if any) add up to the beginning of
the target and that each match covers at least the base structure size.
The compat path should be able to safely re-use the function
as the structures only differ in alignment; added a
BUILD_BUG_ON just in case
From: Florian Westphal
read access doesn't need any lock here.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_conntrack_proto_sctp.c | 8 +---
net/netfilter/nf_conntrack_proto_tcp.c | 8 +---
2 files changed, 2 insertions(+), 14 deletions(-)
di
From: Florian Westphal
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/ip_tables.c | 59 +-
1 file changed, 24 insertions(+), 35 deletions(-)
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tab
Calm down gcc warnings:
net/netfilter/nf_conntrack_netlink.c:529:15: warning: 'ctnetlink_proto_size'
defined but not used [-Wunused-function]
static size_t ctnetlink_proto_size(const struct nf_conn *ct)
^
net/netfilter/nf_conntrack_netlink.c:546:15: warning: 'ctnetlink_acct_size'
1 - 100 of 143 matches
Mail list logo
