On 6/1/2019 1:50 AM, Cong Wang wrote:
> On Fri, May 31, 2019 at 3:01 PM Davide Caratti wrote:
>> Please note: this loop was here also before this patch (the 'goto again;'
>> line is only patch context). It has been introduced with commit
>> 2ecba2d1e45b ("net: sched: act_csum: Fix csum calc for t
On 6/1/2019 1:29 AM, Cong Wang wrote:
> On Fri, May 31, 2019 at 3:01 PM Davide Caratti wrote:
>> On Fri, 2019-05-31 at 11:42 -0700, Cong Wang wrote:
>>> On Fri, May 31, 2019 at 10:26 AM Davide Caratti wrote:
'act_csum' was recently fixed to mangle the IPv4/IPv6 header if a packet
havin
On 1 Jun 2019, at 16:05, Song Liu wrote:
On May 31, 2019, at 11:57 AM, Jonathan Lemon
wrote:
Use the recent change to XSKMAP bpf_map_lookup_elem() to test if
there is a xsk present in the map instead of duplicating the work
with qidconf.
Fix things so callers using XSK_LIBBPF_FLAGS__INHIB
On Sat, Jun 1, 2019 at 3:05 PM Alexei Starovoitov
wrote:
>
> On Fri, May 31, 2019 at 11:39:52PM -0700, Andrii Nakryiko wrote:
> > This patch adds a new test program, based on real-world production
> > application, for testing BPF verifier scalability w/ realistic
> > complexity.
>
> Thanks!
>
> >
On Sat, Jun 01, 2019 at 04:54:46PM -0700, Song Liu wrote:
>
>
> > On May 31, 2019, at 3:29 PM, Martin KaFai Lau wrote:
> >
> > When the commit a6024562ffd7 ("udp: Add GRO functions to UDP socket")
> > added udp[46]_lib_lookup_skb to the udp_gro code path, it broke
> > the reuseport_select_sock(
> On May 31, 2019, at 3:29 PM, Martin KaFai Lau wrote:
>
> __udp6_lib_err() may be called when handling icmpv6 message. For example,
> the icmpv6 toobig(type=2). __udp6_lib_lookup() is then called
> which may call reuseport_select_sock(). reuseport_select_sock() will
> call into a bpf_prog (
> On May 31, 2019, at 3:29 PM, Martin KaFai Lau wrote:
>
> When the commit a6024562ffd7 ("udp: Add GRO functions to UDP socket")
> added udp[46]_lib_lookup_skb to the udp_gro code path, it broke
> the reuseport_select_sock() assumption that skb->data is pointing
> to the transport header.
>
>
From: Pablo Neira Ayuso
Date: Sat, 1 Jun 2019 20:23:25 +0200
> The following patchset container Netfilter/IPVS update for net-next:
Pulled, thanks Pablo.
> On May 31, 2019, at 11:57 AM, Jonathan Lemon wrote:
>
> Currently, the AF_XDP code uses a separate map in order to
> determine if an xsk is bound to a queue. Instead of doing this,
> have bpf_map_lookup_elem() return the queue_id, as a way of
> indicating that there is a valid entry at the m
> On May 31, 2019, at 11:57 AM, Jonathan Lemon wrote:
>
> Use the recent change to XSKMAP bpf_map_lookup_elem() to test if
> there is a xsk present in the map instead of duplicating the work
> with qidconf.
>
> Fix things so callers using XSK_LIBBPF_FLAGS__INHIBIT_PROG_LOAD
> bypass any inter
On Wed, May 22, 2019 at 6:38 AM Björn Töpel wrote:
>
> From: Björn Töpel
>
> When an AF_XDP socket is released/closed the XSKMAP still holds a
> reference to the socket in a "released" state. The socket will still
> use the netdev queue resource, and block newly created sockets from
> attaching t
On Fri, May 31, 2019 at 11:39:52PM -0700, Andrii Nakryiko wrote:
> This patch adds a new test program, based on real-world production
> application, for testing BPF verifier scalability w/ realistic
> complexity.
Thanks!
> - const char *pyperf[] = {
> + const char *tp_progs[] = {
I had v
On Sat, Jun 01, 2019 at 11:30:16PM +0300, Vladimir Oltean wrote:
> On Sat, 1 Jun 2019 at 19:03, Andrew Lunn wrote:
> >
> > On Sat, Jun 01, 2019 at 01:37:34PM +0300, Vladimir Oltean wrote:
> > > The code in sja1105_adjust_port_config relies on the fact that an
> > > invalid link speed is detected
On Sat, 1 Jun 2019 at 19:03, Andrew Lunn wrote:
>
> On Sat, Jun 01, 2019 at 01:37:34PM +0300, Vladimir Oltean wrote:
> > The code in sja1105_adjust_port_config relies on the fact that an
> > invalid link speed is detected by sja1105_get_speed_cfg and returned as
> > -EINVAL. However storing this
On Fri, May 31, 2019 at 06:33:32PM -0600, Robert Hancock wrote:
> On 2019-05-31 2:31 p.m., Russell King - ARM Linux admin wrote:
> > On Fri, May 31, 2019 at 01:18:05PM -0600, Robert Hancock wrote:
> >> The Xilinx AXI Ethernet controller supports SFP modules in 1000BaseX
> >> mode in a somewhat unus
On Fri, 31 May 2019 11:42:14 +0200, Björn Töpel wrote:
> diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
> index 44b47e9df94a..f3a875a52c6c 100644
> --- a/include/linux/netdevice.h
> +++ b/include/linux/netdevice.h
> @@ -1940,6 +1940,9 @@ struct net_device {
> #endif
> str
On Fri, 31 May 2019 19:18:17 +, Saeed Mahameed wrote:
> > + if (!bpf_op || flags & XDP_FLAGS_SKB_MODE)
> > + mode = XDP_FLAGS_SKB_MODE;
> > +
> > + curr_mode = dev_xdp_current_mode(dev);
> > +
> > + if (!offload && curr_mode && (mode ^ curr_mode) &
> > + (XDP_FLAGS_DRV_MOD
On Fri, 31 May 2019 19:18:17 +, Saeed Mahameed wrote:
> On Fri, 2019-05-31 at 11:42 +0200, Björn Töpel wrote:
> > From: Björn Töpel
> >
> > All XDP capable drivers need to implement the XDP_QUERY_PROG{,_HW}
> > command of ndo_bpf. The query code is fairly generic. This commit
> > refactors th
tree: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
master
head: 0462eaacee493f7e2d87551a35d38be93ca723f8
commit: c9bb6165a16e6d5498981a6c777b94a78e74462b [91/97] netfilter:
nf_conntrack_bridge: fix CONFIG_IPV6=y
config: i386-randconfig-n013-201921 (attached as .config)
c
On Fri, May 31, 2019 at 05:06:16PM -0600, David Ahern wrote:
> On 5/29/19 11:08 PM, Stephen Suryaputra wrote:
> > diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
> > index 1a832f5e190b..9b365c345c34 100644
> > --- a/net/ipv6/reassembly.c
> > +++ b/net/ipv6/reassembly.c
> > @@ -260,6 +260
From: Florian Westphal
Also, make the argument to be only the needed size of the header
we're altering, no need to pull in the full packet into linear area.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/xt_HL.c | 4 ++--
1 file changed, 2 insertions(+), 2
From: Florian Westphal
.. so skb_make_writable can be removed.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nft_exthdr.c | 3 ++-
net/netfilter/nft_payload.c | 6 +++---
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/nft_ext
From: Florian Westphal
.. so skb_make_writable can be removed soon.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/arpt_mangle.c| 2 +-
net/ipv4/netfilter/ipt_ECN.c| 4 ++--
net/ipv4/netfilter/nf_nat_h323.c| 2 +-
From: Florian Westphal
Back in the day, skb_ensure_writable did not exist. By now, both functions
have the same precondition:
I. skb_make_writable will test in this order:
1. wlen > skb->len -> error
2. if not cloned and wlen <= headlen -> OK
3. If cloned and wlen bytes of clone writeable
From: Florian Westphal
No need to use synchronize_rcu() here, just swap the two pointers
and have the release occur from work queue after commit has completed.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_tables_api.c | 26 ++
1
From: Julian Anastasov
Add ip_vs_find_tunnel() to match tunnel headers
by family, address and optional port. Use it to
properly find the tunnel real server used in
received ICMP errors.
Signed-off-by: Julian Anastasov
Signed-off-by: Simon Horman
Signed-off-by: Pablo Neira Ayuso
---
include/n
Hi David,
The following patchset container Netfilter/IPVS update for net-next:
1) Add UDP tunnel support for ICMP errors in IPVS.
Julian Anastasov says:
This patchset is a followup to the commit that adds UDP/GUE tunnel:
"ipvs: allow tunneling with gue encapsulation".
What we do is to put tunn
From: Julian Anastasov
Recognize UDP tunnels in received ICMP errors and
properly strip the tunnel headers. GUE is what we
have for now.
Signed-off-by: Julian Anastasov
Signed-off-by: Simon Horman
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/ipvs/ip_vs_core.c | 60 +
From: Florian Westphal
like previous patches -- convert conntrack to use the core helper.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_conntrack_proto_sctp.c | 2 +-
net/netfilter/nf_conntrack_seqadj.c | 4 ++--
net/netfilter/nf_nat_helper.c
From: Florian Westphal
It does the same thing, use it instead so we can remove skb_make_writable.
Signed-off-by: Florian Westphal
Acked-by: Simon Horman
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/ipvs/ip_vs_app.c| 4 ++--
net/netfilter/ipvs/ip_vs_core.c | 4 ++--
net/
From: Florian Westphal
This converts all remaining users and then removes skb_make_writable.
Suggested-by: Daniel Borkmann
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/linux/netfilter.h| 5 -
net/netfilter/core.c | 22 -
From: Florian Westphal
This also changes optstrip to only make the tcp header writeable
rather than the entire packet.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/xt_TCPMSS.c | 2 +-
net/netfilter/xt_TCPOPTSTRIP.c | 28 +---
From: Jacky Hu
Add checksum support for gue encapsulation with the tun_flags parameter,
which could be one of the values below:
IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM
IP_VS_TUNNEL_ENCAP_FLAG_CSUM
IP_VS_TUNNEL_ENCAP_FLAG_REMCSUM
Signed-off-by: Jacky Hu
Signed-off-by: Julian Anastasov
Signed-off-by: Sim
From: Lukasz Pawelczyk
The XT_OWNER_SUPPL_GROUPS flag causes GIDs specified with XT_OWNER_GID
to be also checked in the supplementary groups of a process.
f_cred->group_info cannot be modified during its lifetime and f_cred
holds a reference to it so it's safe to use.
Signed-off-by: Lukasz Pawe
From: Taehee Yoo
The oifidx in the struct flow_offload_tuple is not used anymore.
Signed-off-by: Taehee Yoo
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_flow_table.h | 2 --
net/netfilter/nf_flow_table_core.c| 1 -
2 files changed, 3 deletions(-)
diff --git a/include/net
From: Julian Anastasov
Before now rs_table was used only for NAT real servers.
Change it to allow TUN real severs from different types,
possibly hashed with different port key.
Signed-off-by: Julian Anastasov
Signed-off-by: Simon Horman
Signed-off-by: Pablo Neira Ayuso
---
include/net/ip_vs.
On 31 May 2019, at 2:42, Björn Töpel wrote:
From: Björn Töpel
All XDP capable drivers need to implement the XDP_QUERY_PROG{,_HW}
command of ndo_bpf. The query code is fairly generic. This commit
refactors the query code up from the drivers to the netdev level.
The struct net_device has gained
My Greeting, Did you receive the letter i sent to you.Please answer
me.Best Regard,Mr.David Keller.
On Fri, May 31, 2019 at 06:43:42PM -0700, Maciej Żenczykowski wrote:
> FYI, this userspace visible change in behaviour breaks Android.
>
> We rely on being able to add a rule and either have a dup be created
> (in which case we'll remove it later) or have it fail with EEXIST (in
> which case we wo
On Sat, Jun 01, 2019 at 01:37:34PM +0300, Vladimir Oltean wrote:
> The code in sja1105_adjust_port_config relies on the fact that an
> invalid link speed is detected by sja1105_get_speed_cfg and returned as
> -EINVAL. However storing this into an enum that only has positive
> members will cast it
On Fri, May 31, 2019 at 09:22:16PM -0600, hanc...@sedsystems.ca wrote:
> > On 31.05.2019 22:54, Andrew Lunn wrote:
> >>> It is possible that scheduled work started by the PHY driver is still
> >>> outstanding when phy_device_remove is called if the PHY was initially
> >>> started but never connecte
Hi Matt,
due to this build issue I removed your commit from bpf tree.
Please fix and resubmit.
Thanks!
On Fri, May 31, 2019 at 10:48 PM kbuild test robot wrote:
>
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git master
> head: 0b21b5502f561940e0d29f7ec5f840309e4a0243
> co
On Sat, Jun 01, 2019 at 02:22:30AM +0200, Pablo Neira Ayuso wrote:
> > It is the same as the IPv6 one. The offset returned is the offset to the
> > specific option (target) or the byte beyond the options if the target
> > isn't specified (< 0).
>
> Thanks for explaining. So you are using ipv6_find
Details are a bit scarce.
The referenced commit is.
commit 7dc2bccab0ee37ac28096b8fcdc390a679a15841
Author: Maxim Mikityanskiy
Date: Tue May 21 06:40:04 2019 +
Validate required parameters in inet6_validate_link_af
Begin forwarded message:
Date: Sat, 01 Jun 2019 09:53:51 +
From
This patchset fixes two bugs in the logic handling of the enum
sja1105_speed_t which caused link speeds of 10 and 100 Mbps to not be
interpreted correctly and thus not be applied to the switch MACs.
Vladimir Oltean (2):
net: dsa: sja1105: Force a negative value for enum sja1105_speed_t
net: ds
The code in sja1105_adjust_port_config relies on the fact that an
invalid link speed is detected by sja1105_get_speed_cfg and returned as
-EINVAL. However storing this into an enum that only has positive
members will cast it into an unsigned value, and it will miss the
negative check.
So make the
The hardware values for link speed are held in the sja1105_speed_t enum.
However they do not increase in the order that sja1105_get_speed_cfg was
iterating over them (basically from SJA1105_SPEED_AUTO - 0 - to
SJA1105_SPEED_1000MBPS - 1 - skipping the other two).
Change the iteration from going th
Hi "Björn,
I love your patch! Perhaps something to improve:
[auto build test WARNING on bpf-next/master]
url:
https://github.com/0day-ci/linux/commits/Bj-rn-T-pel/net-xdp-refactor-XDP_QUERY_PROG-_HW-to-netdev/20190601-053952
base: https://git.kernel.org/pub/scm/linux/kernel/git/bp
Hello!
On 31.05.2019 22:18, Robert Hancock wrote:
Some copper SFP modules support both SGMII and 1000BaseX, but some
drivers/devices only support the 1000BaseX mode. Currently SGMII mode is
always being selected as the desired mode for such modules, and this
fails if the controller doesn't supp
Pablo Neira Ayuso wrote:
> > > if (skb->protocol != htons(ETH_P_IP))
> > > goto err;
> >
> > Wouldn't it be preferable to just use nft_pf() != NFPROTO_IPV4?
>
> Then IPv4 options extension won't work from bridge and netdev families
> too, right?
Ah, right.
On Sat, Jun 01, 2019 at 10:27:32AM +0200, Florian Westphal wrote:
> Pablo Neira Ayuso wrote:
> > > » iph = skb_header_pointer(skb, *offset, sizeof(_iph), &_iph);
> > > » if (!iph || skb->protocol != htons(ETH_P_IP))
> > > » » return -EBADMSG;
> >
> > I mean, you make this
Pablo Neira Ayuso wrote:
> > » iph = skb_header_pointer(skb, *offset, sizeof(_iph), &_iph);
> > » if (!iph || skb->protocol != htons(ETH_P_IP))
> > » » return -EBADMSG;
>
> I mean, you make this check upfront from the _eval() path, ie.
>
> static void nft_exthdr_ipv4_eval
The variable cache_allocs is to indicate how many frags (KiB) are in one
rds connection frag cache.
The command "rds-info -Iv" will output the rds connection cache
statistics as below:
"
RDS IB Connections:
LocalAddr RemoteAddr Tos SL LocalDevRemoteDev
1.1.1.14 1.1.1.14 5
53 matches
Mail list logo
