Eric Lee / smarc-fsl-linux-kernel

08 Jun, 2016

1 commit

  • b4869aa2f   net: vrf: ipv6 support for local traffic to local addresses ... Browse Code »

    Add support for locally originated traffic to VRF-local IPv6 addresses.
    Similar to IPv4 a local dst is set on the skb and the packet is
    reinserted with a call to netif_rx. With this patch, ping, tcp and udp
    packets to a local IPv6 address are successfully routed:

    $ ip addr show dev eth1
    4: eth1: mtu 1500 qdisc pfifo_fast master red state UP group default qlen 1000
    link/ether 02:e0:f9:1c:b9:74 brd ff:ff:ff:ff:ff:ff
    inet 10.100.1.1/24 brd 10.100.1.255 scope global eth1
    valid_lft forever preferred_lft forever
    inet6 2100:1::1/120 scope global
    valid_lft forever preferred_lft forever
    inet6 fe80::e0:f9ff:fe1c:b974/64 scope link
    valid_lft forever preferred_lft forever

    $ ping6 -c1 -I red 2100:1::1
    ping6: Warning: source address might be selected on device other than red.
    PING 2100:1::1(2100:1::1) from 2100:1::1 red: 56 data bytes
    64 bytes from 2100:1::1: icmp_seq=1 ttl=64 time=0.098 ms

    ip6_input is exported so the VRF driver can use it for the dst input
    function. The dst_alloc function for IPv4 defaults to setting the input and
    output functions; IPv6's does not. VRF does not need to duplicate the Rx path
    so just export the ipv6 input function.

    Signed-off-by: David Ahern
    Signed-off-by: David S. Miller

    David Ahern
     

21 May, 2016

2 commits

  • 1da44f9c1   ipv6: Change "final" protocol processing for encapsulation ... Browse Code »

    When performing foo-over-UDP, UDP packets are processed by the
    encapsulation handler which returns another protocol to process.
    This may result in processing two (or more) protocols in the
    loop that are marked as INET6_PROTO_FINAL. The actions taken
    for hitting a final protocol, in particular the skb_postpull_rcsum
    can only be performed once.

    This patch set adds a check of a final protocol has been seen. The
    rules are:
    - If the final protocol has not been seen any protocol is processed
    (final and non-final). In the case of a final protocol, the final
    actions are taken (like the skb_postpull_rcsum)
    - If a final protocol has been seen (e.g. an encapsulating UDP
    header) then no further non-final protocols are allowed
    (e.g. extension headers). For more final protocols the
    final actions are not taken (e.g. skb_postpull_rcsum).

    Signed-off-by: Tom Herbert
    Signed-off-by: David S. Miller

    Tom Herbert
     
  • 4c64242a9   ipv6: Fix nexthdr for reinjection ... Browse Code »

    In ip6_input_finish the nexthdr protocol is retrieved from the
    next header offset that is returned in the cb of the skb.
    This method does not work for UDP encapsulation that may not
    even have a concept of a nexthdr field (e.g. FOU).

    This patch checks for a final protocol (INET6_PROTO_FINAL) when a
    protocol handler returns > 0. If the protocol is not final then
    resubmission is performed on nhoff value. If the protocol is final
    then the nexthdr is taken to be the return value.

    Signed-off-by: Tom Herbert
    Signed-off-by: David S. Miller

    Tom Herbert
     

12 May, 2016

1 commit

  • 74b20582a   net: l3mdev: Add hook in ip and ipv6 ... Browse Code »

    Currently the VRF driver uses the rx_handler to switch the skb device
    to the VRF device. Switching the dev prior to the ip / ipv6 layer
    means the VRF driver has to duplicate IP/IPv6 processing which adds
    overhead and makes features such as retaining the ingress device index
    more complicated than necessary.

    This patch moves the hook to the L3 layer just after the first NF_HOOK
    for PRE_ROUTING. This location makes exposing the original ingress device
    trivial (next patch) and allows adding other NF_HOOKs to the VRF driver
    in the future.

    dev_queue_xmit_nit is exported so that the VRF driver can cycle the skb
    with the switched device through the packet taps to maintain current
    behavior (tcpdump can be used on either the vrf device or the enslaved
    devices).

    Signed-off-by: David Ahern
    Signed-off-by: David S. Miller

    David Ahern
     

28 Apr, 2016

2 commits

17 Feb, 2016

1 commit

11 Feb, 2016

1 commit

  • abbc30436   ipv6: add option to drop unicast encapsulated in L2 multicast ... Browse Code »

    In order to solve a problem with 802.11, the so-called hole-196 attack,
    add an option (sysctl) called "drop_unicast_in_l2_multicast" which, if
    enabled, causes the stack to drop IPv6 unicast packets encapsulated in
    link-layer multi- or broadcast frames. Such frames can (as an attack)
    be created by any member of the same wireless network and transmitted
    as valid encrypted frames since the symmetric key for broadcast frames
    is shared between all stations.

    Reviewed-by: Julian Anastasov
    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     

18 Sep, 2015

3 commits

  • 0c4b51f00   netfilter: Pass net into okfn ... Browse Code »

    This is immediately motivated by the bridge code that chains functions that
    call into netfilter. Without passing net into the okfns the bridge code would
    need to guess about the best expression for the network namespace to process
    packets in.

    As net is frequently one of the first things computed in continuation functions
    after netfilter has done it's job passing in the desired network namespace is in
    many cases a code simplification.

    To support this change the function dst_output_okfn is introduced to
    simplify passing dst_output as an okfn. For the moment dst_output_okfn
    just silently drops the struct net.

    Signed-off-by: "Eric W. Biederman"
    Signed-off-by: David S. Miller

    Eric W. Biederman
     
  • 29a26a568   netfilter: Pass struct net into the netfilter hooks ... Browse Code »

    Pass a network namespace parameter into the netfilter hooks. At the
    call site of the netfilter hooks the path a packet is taking through
    the network stack is well known which allows the network namespace to
    be easily and reliabily.

    This allows the replacement of magic code like
    "dev_net(state->in?:state->out)" that appears at the start of most
    netfilter hooks with "state->net".

    In almost all cases the network namespace passed in is derived
    from the first network device passed in, guaranteeing those
    paths will not see any changes in practice.

    The exceptions are:
    xfrm/xfrm_output.c:xfrm_output_resume() xs_net(skb_dst(skb)->xfrm)
    ipvs/ip_vs_xmit.c:ip_vs_nat_send_or_cont() ip_vs_conn_net(cp)
    ipvs/ip_vs_xmit.c:ip_vs_send_or_cont() ip_vs_conn_net(cp)
    ipv4/raw.c:raw_send_hdrinc() sock_net(sk)
    ipv6/ip6_output.c:ip6_xmit() sock_net(sk)
    ipv6/ndisc.c:ndisc_send_skb() dev_net(skb->dev) not dev_net(dst->dev)
    ipv6/raw.c:raw6_send_hdrinc() sock_net(sk)
    br_netfilter_hooks.c:br_nf_pre_routing_finish() dev_net(skb->dev) before skb->dev is set to nf_bridge->physindev

    In all cases these exceptions seem to be a better expression for the
    network namespace the packet is being processed in then the historic
    "dev_net(in?in:out)". I am documenting them in case something odd
    pops up and someone starts trying to track down what happened.

    Signed-off-by: "Eric W. Biederman"
    Signed-off-by: David S. Miller

    Eric W. Biederman
     
  • 9865249fd   ipv6: Don't recompute net in ip6_rcv ... Browse Code »

    Avoid silly redundant code

    Signed-off-by: "Eric W. Biederman"
    Signed-off-by: David S. Miller

    Eric W. Biederman
     

27 Jul, 2015

1 commit

  • 48fb6b554   ipv6: fix crash over flow-based vxlan device ... Browse Code »

    Similar check was added in ip_rcv but not in ipv6_rcv.

    BUG: unable to handle kernel NULL pointer dereference at (null)
    IP: [] ipv6_rcv+0xfa/0x500
    Call Trace:
    [] ? ip_rcv+0x296/0x400
    [] ? packet_rcv+0x52/0x410
    [] __netif_receive_skb_core+0x63f/0x9a0
    [] ? br_handle_frame_finish+0x580/0x580 [bridge]
    [] ? update_rq_clock.part.81+0x1c/0x40
    [] __netif_receive_skb+0x18/0x60
    [] process_backlog+0x9f/0x150

    Fixes: ee122c79d422 (vxlan: Flow based tunneling)
    Signed-off-by: Wei-Chun Chao
    Acked-by: Thomas Graf
    Signed-off-by: David S. Miller

    Wei-Chun Chao
     

04 Jul, 2015

1 commit

  • 4c938d22c   ipv6: Make MLD packets to only be processed locally ... Browse Code »

    Before commit daad151263cf ("ipv6: Make ipv6_is_mld() inline and use it
    from ip6_mc_input().") MLD packets were only processed locally. After the
    change, a copy of MLD packet goes through ip6_mr_input, causing
    MRT6MSG_NOCACHE message to be generated to user space.

    Make MLD packet only processed locally.

    Fixes: daad151263cf ("ipv6: Make ipv6_is_mld() inline and use it from ip6_mc_input().")
    Signed-off-by: Hermin Anggawijaya
    Signed-off-by: David S. Miller

    Angga
     

11 Jun, 2015

1 commit

09 Jun, 2015

1 commit

  • 0243508ed   ipv6: Fix protocol resubmission ... Browse Code »

    UDP encapsulation is broken on IPv6. This is because the logic to resubmit
    the nexthdr is inverted, checking for a ret value > 0 instead of < 0. Also,
    the resubmit label is in the wrong position since we already get the
    nexthdr value when performing decapsulation. In addition the skb pull is no
    longer necessary either.

    This changes the return value check to look for < 0, using it for the
    nexthdr on the next iteration, and moves the resubmit label to the proper
    location.

    With these changes the v6 code now matches what we do in the v4 ip input
    code wrt resubmitting when decapsulating.

    Signed-off-by: Josh Hunt
    Acked-by: "Tom Herbert"
    Signed-off-by: David S. Miller

    Josh Hunt
     

08 Apr, 2015

1 commit

  • 7026b1ddb   netfilter: Pass socket pointer down through okfn(). ... Browse Code »

    On the output paths in particular, we have to sometimes deal with two
    socket contexts. First, and usually skb->sk, is the local socket that
    generated the frame.

    And second, is potentially the socket used to control a tunneling
    socket, such as one the encapsulates using UDP.

    We do not want to disassociate skb->sk when encapsulating in order
    to fix this, because that would break socket memory accounting.

    The most extreme case where this can cause huge problems is an
    AF_PACKET socket transmitting over a vxlan device. We hit code
    paths doing checks that assume they are dealing with an ipv4
    socket, but are actually operating upon the AF_PACKET one.

    Signed-off-by: David S. Miller

    David Miller
     

01 Apr, 2015

1 commit

  • 53b24b8f9   ipv6: coding style: comparison for inequality with NULL ... Browse Code »

    The ipv6 code uses a mixture of coding styles. In some instances check for NULL
    pointer is done as x != NULL and sometimes as x. x is preferred according to
    checkpatch and this patch makes the code consistent by adopting the latter
    form.

    No changes detected by objdiff.

    Signed-off-by: Ian Morris
    Signed-off-by: David S. Miller

    Ian Morris
     

24 Nov, 2014

1 commit

25 Aug, 2014

1 commit

  • 67ba4152e   ipv6: White-space cleansing : Line Layouts ... Browse Code »

    This patch makes no changes to the logic of the code but simply addresses
    coding style issues as detected by checkpatch.

    Both objdump and diff -w show no differences.

    A number of items are addressed in this patch:
    * Multiple spaces converted to tabs
    * Spaces before tabs removed.
    * Spaces in pointer typing cleansed (char *)foo etc.
    * Remove space after sizeof
    * Ensure spacing around comparators such as if statements.

    Signed-off-by: Ian Morris
    Signed-off-by: David S. Miller

    Ian Morris
     

28 Jan, 2014

1 commit

  • a452ce345   net: Fix memory leak if TPROXY used with TCP early demux ... Browse Code »

    I see a memory leak when using a transparent HTTP proxy using TPROXY
    together with TCP early demux and Kernel v3.8.13.15 (Ubuntu stable):

    unreferenced object 0xffff88008cba4a40 (size 1696):
    comm "softirq", pid 0, jiffies 4294944115 (age 8907.520s)
    hex dump (first 32 bytes):
    0a e0 20 6a 40 04 1b 37 92 be 32 e2 e8 b4 00 00 .. j@..7..2.....
    02 00 07 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
    backtrace:
    [] kmem_cache_alloc+0xad/0xb9
    [] sk_prot_alloc+0x29/0xc5
    [] sk_clone_lock+0x14/0x283
    [] inet_csk_clone_lock+0xf/0x7b
    [] netlink_broadcast+0x14/0x16
    [] tcp_create_openreq_child+0x1b/0x4c3
    [] tcp_v4_syn_recv_sock+0x38/0x25d
    [] tcp_check_req+0x25c/0x3d0
    [] tcp_v4_do_rcv+0x287/0x40e
    [] ip_route_input_noref+0x843/0xa55
    [] tcp_v4_rcv+0x4c9/0x725
    [] ip_local_deliver_finish+0xe9/0x154
    [] __netif_receive_skb+0x4b2/0x514
    [] process_backlog+0xee/0x1c5
    [] net_rx_action+0xa7/0x200
    [] add_interrupt_randomness+0x39/0x157

    But there are many more, resulting in the machine going OOM after some
    days.

    From looking at the TPROXY code, and with help from Florian, I see
    that the memory leak is introduced in tcp_v4_early_demux():

    void tcp_v4_early_demux(struct sk_buff *skb)
    {
    /* ... */

    iph = ip_hdr(skb);
    th = tcp_hdr(skb);

    if (th->doff < sizeof(struct tcphdr) / 4)
    return;

    sk = __inet_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
    iph->saddr, th->source,
    iph->daddr, ntohs(th->dest),
    skb->skb_iif);
    if (sk) {
    skb->sk = sk;

    where the socket is assigned unconditionally to skb->sk, also bumping
    the refcnt on it. This is problematic, because in our case the skb
    has already a socket assigned in the TPROXY target. This then results
    in the leak I see.

    The very same issue seems to be with IPv6, but haven't tested.

    Reviewed-by: Florian Westphal
    Signed-off-by: Holger Eitzenberger
    Signed-off-by: David S. Miller

    Holger Eitzenberger
     

09 Aug, 2013

1 commit

  • 1f07d03e2   net: add SNMP counters tracking incoming ECN bits ... Browse Code »

    With GRO/LRO processing, there is a problem because Ip[6]InReceives SNMP
    counters do not count the number of frames, but number of aggregated
    segments.

    Its probably too late to change this now.

    This patch adds four new counters, tracking number of frames, regardless
    of LRO/GRO, and on a per ECN status basis, for IPv4 and IPv6.

    Ip[6]NoECTPkts : Number of packets received with NOECT
    Ip[6]ECT1Pkts : Number of packets received with ECT(1)
    Ip[6]ECT0Pkts : Number of packets received with ECT(0)
    Ip[6]CEPkts : Number of packets received with Congestion Experienced

    lph37:~# nstat | egrep "Pkts|InReceive"
    IpInReceives 1634137 0.0
    Ip6InReceives 3714107 0.0
    Ip6InNoECTPkts 19205 0.0
    Ip6InECT0Pkts 52651828 0.0
    IpExtInNoECTPkts 33630 0.0
    IpExtInECT0Pkts 15581379 0.0
    IpExtInCEPkts 6 0.0

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

30 Mar, 2013

1 commit

  • 1c4a154e5   ipv6: don't accept node local multicast traffic from the wire ... Browse Code »

    Erik Hugne's errata proposal (Errata ID: 3480) to RFC4291 has been
    verified: http://www.rfc-editor.org/errata_search.php?eid=3480

    We have to check for pkt_type and loopback flag because either the
    packets are allowed to travel over the loopback interface (in which case
    pkt_type is PACKET_HOST and IFF_LOOPBACK flag is set) or they travel
    over a non-loopback interface back to us (in which case PACKET_TYPE is
    PACKET_LOOPBACK and IFF_LOOPBACK flag is not set).

    Cc: Erik Hugne
    Cc: YOSHIFUJI Hideaki
    Signed-off-by: Hannes Frederic Sowa
    Signed-off-by: David S. Miller

    Hannes Frederic Sowa
     

09 Mar, 2013

1 commit

02 Mar, 2013

1 commit

  • d8c6f4b9b   ipv[4|6]: correct dropwatch false positive in local_deliver_finish ... Browse Code »

    I had a report recently of a user trying to use dropwatch to localise some frame
    loss, and they were getting false positives. Turned out they were using a user
    space SCTP stack that used raw sockets to grab frames. When we don't have a
    registered protocol for a given packet, we record it as a drop, even if a raw
    socket receieves the frame. We should only record the drop in the event a raw
    socket doesnt exist to receive the frames

    Tested by the reported successfully

    Signed-off-by: Neil Horman
    Reported-by: William Reich
    Tested-by: William Reich
    CC: "David S. Miller"
    CC: William Reich
    CC: eric.dumazet@gmail.com
    Acked-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Neil Horman
     

12 Feb, 2013

1 commit

14 Jan, 2013

2 commits

31 Jul, 2012

1 commit

  • cca32e4bf   net: TCP early demux cleanup ... Browse Code »

    early_demux() handlers should be called in RCU context, and as we
    use skb_dst_set_noref(skb, dst), caller must not exit from RCU context
    before dst use (skb_dst(skb)) or release (skb_drop(dst))

    Therefore, rcu_read_lock()/rcu_read_unlock() pairs around
    ->early_demux() are confusing and not needed :

    Protocol handlers are already in an RCU read lock section.
    (__netif_receive_skb() does the rcu_read_lock() )

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

27 Jul, 2012

1 commit

20 Jun, 2012

1 commit

  • f9242b6b2   inet: Sanitize inet{,6} protocol demux. ... Browse Code »

    Don't pretend that inet_protos[] and inet6_protos[] are hashes, thay
    are just a straight arrays. Remove all unnecessary hash masking.

    Document MAX_INET_PROTOS.

    Use RAW_HTABLE_SIZE when appropriate.

    Reported-by: Ben Hutchings
    Signed-off-by: David S. Miller

    David S. Miller
     

19 May, 2012

1 commit

04 Dec, 2011

1 commit

  • 75f2811c6   ipv6: Add fragment reporting to ipv6_skip_exthdr(). ... Browse Code »

    While parsing through IPv6 extension headers, fragment headers are
    skipped making them invisible to the caller. This reports the
    fragment offset of the last header in order to make it possible to
    determine whether the packet is fragmented and, if so whether it is
    a first or last fragment.

    Signed-off-by: Jesse Gross

    Jesse Gross
     

09 Nov, 2011

1 commit

23 Apr, 2011

1 commit

20 Apr, 2010

1 commit

30 Mar, 2010

1 commit

  • 5a0e3ad6a   include cleanup: Update gfp.h and slab.h includes to prepare for breaking implic… ... Browse Code »

    …it slab.h inclusion from percpu.h

    percpu.h is included by sched.h and module.h and thus ends up being
    included when building most .c files. percpu.h includes slab.h which
    in turn includes gfp.h making everything defined by the two files
    universally available and complicating inclusion dependencies.

    percpu.h -> slab.h dependency is about to be removed. Prepare for
    this change by updating users of gfp and slab facilities include those
    headers directly instead of assuming availability. As this conversion
    needs to touch large number of source files, the following script is
    used as the basis of conversion.

    http://userweb.kernel.org/~tj/misc/slabh-sweep.py

    The script does the followings.

    * Scan files for gfp and slab usages and update includes such that
    only the necessary includes are there. ie. if only gfp is used,
    gfp.h, if slab is used, slab.h.

    * When the script inserts a new include, it looks at the include
    blocks and try to put the new include such that its order conforms
    to its surrounding. It's put in the include block which contains
    core kernel includes, in the same order that the rest are ordered -
    alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
    doesn't seem to be any matching order.

    * If the script can't find a place to put a new include (mostly
    because the file doesn't have fitting include block), it prints out
    an error message indicating which .h file needs to be added to the
    file.

    The conversion was done in the following steps.

    1. The initial automatic conversion of all .c files updated slightly
    over 4000 files, deleting around 700 includes and adding ~480 gfp.h
    and ~3000 slab.h inclusions. The script emitted errors for ~400
    files.

    2. Each error was manually checked. Some didn't need the inclusion,
    some needed manual addition while adding it to implementation .h or
    embedding .c file was more appropriate for others. This step added
    inclusions to around 150 files.

    3. The script was run again and the output was compared to the edits
    from #2 to make sure no file was left behind.

    4. Several build tests were done and a couple of problems were fixed.
    e.g. lib/decompress_*.c used malloc/free() wrappers around slab
    APIs requiring slab.h to be added manually.

    5. The script was run on all .h files but without automatically
    editing them as sprinkling gfp.h and slab.h inclusions around .h
    files could easily lead to inclusion dependency hell. Most gfp.h
    inclusion directives were ignored as stuff from gfp.h was usually
    wildly available and often used in preprocessor macros. Each
    slab.h inclusion directive was examined and added manually as
    necessary.

    6. percpu.h was updated not to include slab.h.

    7. Build test were done on the following configurations and failures
    were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
    distributed build env didn't work with gcov compiles) and a few
    more options had to be turned off depending on archs to make things
    build (like ipr on powerpc/64 which failed due to missing writeq).

    * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
    * powerpc and powerpc64 SMP allmodconfig
    * sparc and sparc64 SMP allmodconfig
    * ia64 SMP allmodconfig
    * s390 SMP allmodconfig
    * alpha SMP allmodconfig
    * um on x86_64 SMP allmodconfig

    8. percpu.h modifications were reverted so that it could be applied as
    a separate patch and serve as bisection point.

    Given the fact that I had only a couple of failures from tests on step
    6, I'm fairly confident about the coverage of this conversion patch.
    If there is a breakage, it's likely to be something in one of the arch
    headers which should be easily discoverable easily on most builds of
    the specific arch.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>

    Tejun Heo
     

25 Mar, 2010

1 commit

19 Feb, 2010

1 commit

15 Sep, 2009

1 commit

07 Jul, 2009

1 commit

  • 5c91face5   ipv6: correct return on ipv6_rcv() packet drop ... Browse Code »

    The routine ipv6_rcv() uses magic number 0 for a return when it drops a
    packet. This corresponds to NET_RX_SUCCESS, which is obviously
    incorrect. Correct this by using NET_RX_DROP instead.

    ps. It isn't exactly clear who the IPv6 maintainers are, apologies if
    I've missed any.

    Signed-off-by: Mark Smith
    Signed-off-by: David S. Miller

    Mark Smith