01 Sep, 2015
9 commits
-
"source_hash" the dest fields if it's an inverse packet.
Signed-off-by: Alex Gartrell
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman -
The ip_vs_iphdr may refer to an internal header, so use the outer one
instead.Signed-off-by: Alex Gartrell
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman -
This sysctl will be used to enable the scheduling of icmp packets.
Signed-off-by: Alex Gartrell
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman -
This is necessary to schedule icmp later.
Signed-off-by: Alex Gartrell
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman -
No longer necessary since the information is included in the ip_vs_iphdr
itself.Signed-off-by: Alex Gartrell
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman -
This is necessary as we'll be trying to schedule icmp later and we'll want
to share this code.Signed-off-by: Alex Gartrell
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman -
Signed-off-by: Alex Gartrell
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman -
These flags contain information like whether or not the addresses are
inverted or from icmp. The first will allow us to drop an inverse param
all over the place, and the second will later be useful in scheduling icmp.Signed-off-by: Alex Gartrell
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman -
This removes some duplicated code and makes the ICMPv6 path look more like
the ICMP path.Signed-off-by: Alex Gartrell
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman
29 Aug, 2015
2 commits
-
bridge/netfilter/ebtables.c:290:26: warning: incorrect type in assignment (different modifiers)
-> remove __pure annotation.ipv6/netfilter/ip6t_SYNPROXY.c:240:27: warning: cast from restricted __be16
-> switch ntohs to htons and vice versa.netfilter/core.c:391:30: warning: symbol 'nfq_ct_nat_hook' was not declared. Should it be static?
-> delete it, got removednet/netfilter/nf_synproxy_core.c:221:48: warning: cast to restricted __be32
-> Use __be32 instead of u32.Tested with objdiff that these changes do not affect generated code.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso -
This reverts commit 98d1bd802cdbc8f56868fae51edec13e86b59515.
mark_source_chains will not re-visit chains, so
*filter
:INPUT ACCEPT [365:25776]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [217:45832]
:t1 - [0:0]
:t2 - [0:0]
:t3 - [0:0]
:t4 - [0:0]
-A t1 -i lo -j t2
-A t2 -i lo -j t3
-A t3 -i lo -j t4
# -A INPUT -j t4
# -A INPUT -j t3
# -A INPUT -j t2
-A INPUT -j t1
COMMITWill compute a chain depth of 2 if the comments are removed.
Revert back to counting the number of chains for the time being.Reported-by: Cong Wang
Reported-by: Hannes Frederic Sowa
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
27 Aug, 2015
2 commits
-
Simon Horman says:
====================
Second Round of IPVS Updates for v4.3I realise these are a little late in the cycle, so if you would prefer
me to repost them for v4.4 then just let me know.The updates include:
* A new scheduler from Raducu Deaconu
* Enhanced configurability of the sync daemon from Julian Anastasov
====================Signed-off-by: Pablo Neira Ayuso
-
RFC 4443 added two new codes values for ICMPv6 type 1:
5 - Source address failed ingress/egress policy
6 - Reject route to destinationAnd RFC 7084 states in L-14 that IPv6 Router MUST send ICMPv6 Destination
Unreachable with code 5 for packets forwarded to it that use an address
from a prefix that has been invalidated.Codes 5 and 6 are more informative subsets of code 1.
Signed-off-by: Andreas Herz
Signed-off-by: Pablo Neira Ayuso
22 Aug, 2015
6 commits
-
Instead of IS_ENABLED(CONFIG_IPV6), otherwise we hit:
et/built-in.o: In function `tee_tg6':
>> xt_TEE.c:(.text+0x6cd8c): undefined reference to `nf_dup_ipv6'when:
CONFIG_IPV6=y
CONFIG_NF_DUP_IPV4=y
# CONFIG_NF_DUP_IPV6 is not set
CONFIG_NETFILTER_XT_TARGET_TEE=yReported-by: kbuild test robot
Signed-off-by: Pablo Neira Ayuso -
>> net/ipv4/netfilter/nft_dup_ipv4.c:29:37: sparse: incorrect type in initializer (different base types)
net/ipv4/netfilter/nft_dup_ipv4.c:29:37: expected restricted __be32 [user type] s_addr
net/ipv4/netfilter/nft_dup_ipv4.c:29:37: got unsigned int [unsigned]>> net/ipv6/netfilter/nf_dup_ipv6.c:48:23: sparse: incorrect type in assignment (different base types)
net/ipv6/netfilter/nf_dup_ipv6.c:48:23: expected restricted __be32 [addressable] [assigned] [usertype] flowlabel
net/ipv6/netfilter/nf_dup_ipv6.c:48:23: got intReported-by: kbuild test robot
Signed-off-by: Pablo Neira Ayuso -
- mcast_group: configure the multicast address, now IPv6
is supported too- mcast_port: configure the multicast port
- mcast_ttl: configure the multicast TTL/HOP_LIMIT
Signed-off-by: Julian Anastasov
Signed-off-by: Simon Horman -
Allow setups with large MTU to send large sync packets by
adding sync_maxlen parameter. The default value is now based
on MTU but no more than 1500 for compatibility reasons.To avoid problems if MTU changes allow fragmentation by
sending packets with DF=0. Problem reported by Dan Carpenter.Reported-by: Dan Carpenter
Signed-off-by: Julian Anastasov
Signed-off-by: Simon Horman -
When the sync damon is started we need to hold rtnl
lock while calling ip_mc_join_group. Currently, we have
a wrong locking order because the correct one is
rtnl_lock->__ip_vs_mutex. It is implied from the usage
of __ip_vs_mutex in ip_vs_dst_event() which is called
under rtnl lock during NETDEV_* notifications.Fix the problem by calling rtnl_lock early only for the
start_sync_thread call. As a bonus this fixes the usage
__dev_get_by_name which was not called under rtnl lock.This patch actually extends and depends on commit 54ff9ef36bdf
("ipv4, ipv6: kill ip_mc_{join, leave}_group and
ipv6_sock_mc_{join, drop}").Signed-off-by: Julian Anastasov
Signed-off-by: Simon Horman -
The weighted overflow scheduling algorithm directs network connections
to the server with the highest weight that is currently available
and overflows to the next when active connections exceed the node's weight.Signed-off-by: Raducu Deaconu
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman
21 Aug, 2015
20 commits
-
Resolve conflicts with conntrack template fixes.
Conflicts:
net/netfilter/nf_conntrack_core.c
net/netfilter/nf_synproxy_core.c
net/netfilter/xt_CT.cSigned-off-by: Pablo Neira Ayuso
-
Convert the xgene_get_mac_address to device_get_mac_address(), and
xgene_get_phy_mode() to device_get_phy_mode().Signed-off-by: Jeremy Linton
Signed-off-by: David S. Miller -
Andreas reported breakage adding routes with local nexthops:
$ ip route show table main
...
172.28.0.0/24 dev vnf-xe1p0 proto kernel scope link src 172.28.0.16$ ip route add 10.0.0.0/8 via 172.28.0.32 table 100 dev vnf-xe1p0
RTNETLINK answers: Resource temporarily unavailable3bfd847203c changed the lookup to use the passed in table but for cases like
this the nexthop is in the local table rather than the passed in table.Fixes: 3bfd847203c ("net: Use passed in table for nexthop lookups")
Reported-by: Andreas Schultz
Signed-off-by: David Ahern
Signed-off-by: David S. Miller -
.maxtype should match .policy. Probably just been getting lucky here
because IFLA_BRPORT_MAX > IFLA_BR_MAX.Fixes: 13323516 ("bridge: implement rtnl_link_ops->changelink")
Signed-off-by: Scott Feldman
Signed-off-by: David S. Miller -
The dev==NULL check in smsc911x_probe_config is useless
and isn't providing any additional protection. If a fwnode
doesn't exist then an appropriate error should be returned
by device_get_phy_mode() covering the original case
of a missing of/fwnode.Signed-off-by: Jeremy Linton
Signed-off-by: David S. Miller -
This patch adds MAC address length check back into
the device_get_mac_addr() function before calling
is_valid_ether_addr() similar to the way the OF
routine does it.Update the comments for the two new functions.
Signed-off-by: Jeremy Linton
Signed-off-by: David S. Miller -
…ub/scm/linux/kernel/git/kvalo/wireless-drivers-next
Kalle Valo says:
====================
Major changes:ath10k:
* add support for qca99x0 family of devices
* improve performance of tx_lock
* add support for raw mode (802.11 frame format) and software crypto
engine enabled via a module parameterath9k:
* add fast-xmit support
wil6210:
* implement TSO support
* support bootloader v1 and onwardsiwlwifi:
* Deprecate -10.ucode
* Clean ups towards multiple Rx queues
* Add support for longer CMD IDs. This will be required by new
firmwares since we are getting close to the u8 limit.
* bugfixes for the D0i3 power state
* Add basic support for FTM
* polish the Miracast operation
* fix a few power consumption issues
* scan cleanup
* fixes for D0i3 system state
* add paging for devices that support it
* add again the new RBD allocation model
* add more options to the firmware debug system
* add support for frag SKBs in Tx
====================Signed-off-by: David S. Miller <davem@davemloft.net>
-
Make fib_encap_match() static as it isn't used outside the file.
Signed-off-by: Ying Xue
Reviewed-by: Jiri Benc
Signed-off-by: David S. Miller -
Johannes Berg says:
====================
average: convert users to inline implementationSince there's very little benefit of the out-of-line implementation
(a single byte of .text in one driver as far as I've seen), convert
all drivers to the inline implementation, saving memory, and remove
the out-of-line implementation.
====================Signed-off-by: David S. Miller
-
Since all users are now converted to the inline implementation,
remove the out-of-line implementation entirely.Signed-off-by: Johannes Berg
Signed-off-by: David S. Miller -
Instead of using the out-of-line EWMA calculation, use DECLARE_EWMA()
to create static inlines. On x86/64 this results in code that's one
byte larger (for me), but reduces struct link_ant and struct link
size by the two unsigned long values that store the parameters each.Signed-off-by: Johannes Berg
Signed-off-by: David S. Miller -
This reduces code size slightly (at least on x86/64) while also
removing memory consumption by two unsigned long values for each
ath5k device.Signed-off-by: Johannes Berg
Signed-off-by: David S. Miller -
Instead of using the out-of-line EWMA calculation, use DECLARE_EWMA()
to create static inlines. On x86/64 this results in no change in code
size for me, but reduces the struct receive_queue size by the two
unsigned long values that store the parameters.Signed-off-by: Johannes Berg
Signed-off-by: David S. Miller -
Commit f34fa14cc033 ("bnx2x: Add vxlan RSS support") has introduced an
endianity issue when passing the vxlan UDP port to the HW.Reported-by:
Signed-off-by: Yuval Mintz
Signed-off-by: David S. Miller -
Nikolay Aleksandrov says:
====================
vrf: cleanups part 2This is the next part of vrf cleanups, patch 1 drops the SLAB_PANIC
when creating kmem cache since it's handled, patch 02 removes a slave
duplicate check which is already done by the lower/upper code, patch 3
moves the ndo_add_slave code around a bit so we can drop an error
label and patch 4 drops the master device checks which are unnecessary
because the ops are taken from the master device itself so it can't be
different.
====================Acked-by: David Ahern
-
When ndo_add|del_slave ops are used, they're taken from the respective
master device's netdev ops, so if the master device is a VRF only then
the VRF ops will get called thus no need to check the type of the
master.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
We can simplify do_vrf_add_slave by moving vrf_insert_slave in the end
of the enslaving and thus eliminate an error goto label. It always
succeeds and isn't needed before that anyway.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
The upper/lower functions already check for duplicate slaves so no need
to do it again.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
It's pointless to panic on cache create failure when that case is handled
and even more so since it's not a kernel-wide fatal problem so don't
panic.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Currently whenever a packet different from ETH_P_IP is sent through the
VRF device it is leaked so plug the leaks and properly drop these
packets.Signed-off-by: Nikolay Aleksandrov
Acked-by: David Ahern
Signed-off-by: David S. Miller
20 Aug, 2015
1 commit
-
While running net-next I hit this:
[ 634.073119] ===============================
[ 634.073150] [ INFO: suspicious RCU usage. ]
[ 634.073182] 4.2.0-rc6+ #45 Not tainted
[ 634.073213] -------------------------------
[ 634.073244] include/net/vrf.h:38 suspicious rcu_dereference_check()
usage!
[ 634.073274]
other info that might help us debug this:[ 634.073307]
rcu_scheduler_active = 1, debug_locks = 1
[ 634.073338] 2 locks held by swapper/0/0:
[ 634.073369] #0: (((&n->timer))){+.-...}, at: []
call_timer_fn+0x5/0x480
[ 634.073412] #1: (slock-AF_INET){+.-...}, at: []
icmp_send+0x155/0x5f0
[ 634.073450]
stack backtrace:
[ 634.073483] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.2.0-rc6+ #45
[ 634.073514] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS
VirtualBox 12/01/2006
[ 634.073545] 0000000000000000 0593ba8242d9ace4 ffff88002fc03b48
ffffffff81803f1b
[ 634.073612] 0000000000000000 ffffffff81e12500 ffff88002fc03b78
ffffffff811003c5
[ 634.073642] 0000000000000000 ffff88002ec4e600 ffffffff81f00f80
ffff88002fc03cf0
[ 634.073669] Call Trace:
[ 634.073694] [] dump_stack+0x4c/0x65
[ 634.073728] [] lockdep_rcu_suspicious+0xc5/0x100
[ 634.073763] [] icmp_route_lookup+0x176/0x5c0
[ 634.073793] [] ? icmp_send+0x35b/0x5f0
[ 634.073818] [] ? icmp_send+0x2d4/0x5f0
[ 634.073844] [] icmp_send+0x42e/0x5f0
[ 634.073873] [] ipv4_link_failure+0x22/0xa0
[ 634.073899] [] arp_error_report+0x3a/0x80
[ 634.073926] [] ? neigh_lookup+0x2c0/0x2c0
[ 634.073952] [] neigh_invalidate+0x8e/0x110
[ 634.073984] [] neigh_timer_handler+0x1ae/0x290
[ 634.074013] [] ? neigh_lookup+0x2c0/0x2c0
[ 634.074013] [] call_timer_fn+0xb3/0x480
[ 634.074013] [] ? call_timer_fn+0x5/0x480
[ 634.074013] [] ? neigh_lookup+0x2c0/0x2c0
[ 634.074013] [] run_timer_softirq+0x20c/0x430
[ 634.074013] [] __do_softirq+0xde/0x630
[ 634.074013] [] irq_exit+0x117/0x120
[ 634.074013] [] smp_apic_timer_interrupt+0x46/0x60
[ 634.074013] [] apic_timer_interrupt+0x70/0x80
[ 634.074013] [] ? native_safe_halt+0x6/0x10
[ 634.074013] [] ? trace_hardirqs_on+0xd/0x10
[ 634.074013] [] default_idle+0x23/0x200
[ 634.074013] [] arch_cpu_idle+0xf/0x20
[ 634.074013] [] default_idle_call+0x2a/0x40
[ 634.074013] [] cpu_startup_entry+0x39c/0x4c0
[ 634.074013] [] rest_init+0x13d/0x150
[ 634.074013] [] start_kernel+0x4a8/0x4c9
[ 634.074013] [] ?
early_idt_handler_array+0x120/0x120
[ 634.074013] [] x86_64_start_reservations+0x2a/0x2c
[ 634.074013] [] x86_64_start_kernel+0x14a/0x16dIt would seem vrf_master_ifindex_rcu() can be called without RCU held in
other contexts as well so introduce a new helper which acquires rcu and
returns the ifindex.
Also add curly braces around both the "if" and "else" parts as per the
style guide.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller