24 Nov, 2016
1 commit
-
Since kernel 4.7 this defaults to off.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
08 Nov, 2016
1 commit
-
Add Qualcomm QCA tagging introduced in cafdc45c9 to the
list of supported protocols.Signed-off-by: Fabian Mewes
Reviewed-by: Andrew Lunn
Acked-by: Florian Fainelli
Signed-off-by: David S. Miller
30 Oct, 2016
1 commit
-
Pull networking fixes from David Miller:
"Lots of fixes, mostly drivers as is usually the case.1) Don't treat zero DMA address as invalid in vmxnet3, from Alexey
Khoroshilov.2) Fix element timeouts in netfilter's nft_dynset, from Anders K.
Pedersen.3) Don't put aead_req crypto struct on the stack in mac80211, from
Ard Biesheuvel.4) Several uninitialized variable warning fixes from Arnd Bergmann.
5) Fix memory leak in cxgb4, from Colin Ian King.
6) Fix bpf handling of VLAN header push/pop, from Daniel Borkmann.
7) Several VRF semantic fixes from David Ahern.
8) Set skb->protocol properly in ip6_tnl_xmit(), from Eli Cooper.
9) Socket needs to be locked in udp_disconnect(), from Eric Dumazet.
10) Div-by-zero on 32-bit fix in mlx4 driver, from Eugenia Emantayev.
11) Fix stale link state during failover in NCSCI driver, from Gavin
Shan.12) Fix netdev lower adjacency list traversal, from Ido Schimmel.
13) Propvide proper handle when emitting notifications of filter
deletes, from Jamal Hadi Salim.14) Memory leaks and big-endian issues in rtl8xxxu, from Jes Sorensen.
15) Fix DESYNC_FACTOR handling in ipv6, from Jiri Bohac.
16) Several routing offload fixes in mlxsw driver, from Jiri Pirko.
17) Fix broadcast sync problem in TIPC, from Jon Paul Maloy.
18) Validate chunk len before using it in SCTP, from Marcelo Ricardo
Leitner.19) Revert a netns locking change that causes regressions, from Paul
Moore.20) Add recursion limit to GRO handling, from Sabrina Dubroca.
21) GFP_KERNEL in irq context fix in ibmvnic, from Thomas Falcon.
22) Avoid accessing stale vxlan/geneve socket in data path, from
Pravin Shelar"* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (189 commits)
geneve: avoid using stale geneve socket.
vxlan: avoid using stale vxlan socket.
qede: Fix out-of-bound fastpath memory access
net: phy: dp83848: add dp83822 PHY support
enic: fix rq disable
tipc: fix broadcast link synchronization problem
ibmvnic: Fix missing brackets in init_sub_crq_irqs
ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context
Revert "ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context"
arch/powerpc: Update parameters for csum_tcpudp_magic & csum_tcpudp_nofold
net/mlx4_en: Save slave ethtool stats command
net/mlx4_en: Fix potential deadlock in port statistics flow
net/mlx4: Fix firmware command timeout during interrupt test
net/mlx4_core: Do not access comm channel if it has not yet been initialized
net/mlx4_en: Fix panic during reboot
net/mlx4_en: Process all completions in RX rings after port goes up
net/mlx4_en: Resolve dividing by zero in 32-bit system
net/mlx4_core: Change the default value of enable_qos
net/mlx4_core: Avoid setting ports to auto when only one port type is supported
net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec
...
21 Oct, 2016
1 commit
-
Pablo Neira Ayuso says:
====================
Netfilter fixes for netThe following patchset contains Netfilter fixes for your net tree,
they are:1) Fix compilation warning in xt_hashlimit on m68k 32-bits, from
Geert Uytterhoeven.2) Fix wrong timeout in set elements added from packet path via
nft_dynset, from Anders K. Pedersen.3) Remove obsolete nf_conntrack_events_retry_timeout sysctl
documentation, from Nicolas Dichtel.4) Ensure proper initialization of log flags via xt_LOG, from
Liping Zhang.5) Missing alias to autoload ipcomp, also from Liping Zhang.
6) Missing NFTA_HASH_OFFSET attribute validation, again from Liping.
7) Wrong integer type in the new nft_parse_u32_check() function,
from Dan Carpenter.8) Another wrong integer type declaration in nft_exthdr_init, also
from Dan Carpenter.9) Fix insufficient mode validation in nft_range.
10) Fix compilation warning in nft_range due to possible uninitialized
value, from Arnd Bergmann.11) Zero nf_hook_ops allocated via xt_hook_alloc() in x_tables to
calm down kmemcheck, from Florian Westphal.12) Schedule gc_worker() to run again if GC_MAX_EVICTS quota is reached,
from Nicolas Dichtel.13) Fix nf_queue() after conversion to single-linked hook list, related
to incorrect bypass flag handling and incorrect hook point of
reinjection.
====================Signed-off-by: David S. Miller
17 Oct, 2016
1 commit
-
This entry has been removed in commit 9500507c6138.
Fixes: 9500507c6138 ("netfilter: conntrack: remove timer from ecache extension")
Signed-off-by: Nicolas Dichtel
Acked-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
15 Oct, 2016
1 commit
-
…/kernel/git/shuah/linux-kselftest
Pull kselftest updates from Shuah Khan:
"This update consists of:- Fixes and improvements to existing tests
- Moving code from Documentation to selftests, samples, and tools:
* Moves dnotify_test, prctl, ptp, vDSO, ia64, watchdog, and
networking tests from Documentation to selftests.* Moves mic/mpssd, misc-devices/mei, timers, watchdog, auxdisplay,
and blackfin examples from Documentation to samples.* Moves accounting, laptops/dslm, and pcmcia/crc32hash tools from
Documentation to tools.* Deletes BUILD_DOCSRC and its dependencies"
* tag 'linux-kselftest-4.9-rc1-update' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: (21 commits)
selftests/futex: Check ANSI terminal color support
Doc: update 00-INDEX files to reflect the runnable code move
samples: move blackfin gptimers-example from Documentation
tools: move pcmcia crc32hash tool from Documentation
tools: move laptops dslm tool from Documentation
tools: move accounting tool from Documentation
samples: move auxdisplay example code from Documentation
samples: move watchdog example code from Documentation
samples: move timers example code from Documentation
samples: move misc-devices/mei example code from Documentation
samples: move mic/mpssd example code from Documentation
selftests: Move networking/timestamping from Documentation
selftests: move watchdog tests from Documentation/watchdog
selftests: move ia64 tests from Documentation/ia64
selftests: move vDSO tests from Documentation/vDSO
selftests: move ptp tests from Documentation/ptp
selftests: move prctl tests from Documentation/prctl
selftests: move dnotify_test from Documentation/filesystems
selftests/timers: Add missing error code assignment before test
selftests/zram: replace ZRAM_LZ4_COMPRESS
...
14 Oct, 2016
1 commit
-
This fixes the following errors when trying to clone the urls:
Cloning into 'net'...
fatal: repository 'http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/' not found
Cloning into 'net-next'...
fatal: repository 'http://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git/' not found
Cloning into 'linux'...
fatal: repository 'http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/' not found
Cloning into 'stable-queue'...
fatal: repository 'http://git.kernel.org/cgit/linux/kernel/git/stable/stable-queue.git/' not foundSigned-off-by: Alexander Alemayhu
Signed-off-by: David S. Miller
10 Oct, 2016
1 commit
-
Update 00-INDEX files with the current file list to reflect the runnable
code move.Acked-by: Michal Marek
Acked-by: Jonathan Corbet
Reviewed-by: Kees Cook
Signed-off-by: Shuah Khan
28 Sep, 2016
1 commit
-
This is to reflect the change of FIB offload infrastructure from
switchdev objects to FIB notifier.Signed-off-by: Jiri Pirko
Reviewed-by: Ido Schimmel
Signed-off-by: David S. Miller
20 Sep, 2016
1 commit
-
Remove networking from Documentation Makefile to move the test to
selftests. Update networking/timestamping Makefile to work under
selftests. These tests will not be run as part of selftests suite
and will not be included in install targets. They can be built and
run separately for now.This is part of the effort to move runnable code from Documentation.
Acked-by: Jonathan Corbet
Signed-off-by: Shuah Khan
19 Sep, 2016
1 commit
-
In a typical IPvlan L3 setup where master is in default-ns and
each slave is into different (slave) ns. In this setup egress
packet processing for traffic originating from slave-ns will
hit all NF_HOOKs in slave-ns as well as default-ns. However same
is not true for ingress processing. All these NF_HOOKs are
hit only in the slave-ns skipping them in the default-ns.
IPvlan in L3 mode is restrictive and if admins want to deploy
iptables rules in default-ns, this asymmetric data path makes it
impossible to do so.This patch makes use of the l3_rcv() (added as part of l3mdev
enhancements) to perform input route lookup on RX packets without
changing the skb->dev and then uses nf_hook at NF_INET_LOCAL_IN
to change the skb->dev just before handing over skb to L4.Signed-off-by: Mahesh Bandewar
CC: David Ahern
Reviewed-by: David Ahern
Signed-off-by: David S. Miller
02 Sep, 2016
1 commit
-
Don't expose skbs to in-kernel users, such as the AFS filesystem, but
instead provide a notification hook the indicates that a call needs
attention and another that indicates that there's a new call to be
collected.This makes the following possibilities more achievable:
(1) Call refcounting can be made simpler if skbs don't hold refs to calls.
(2) skbs referring to non-data events will be able to be freed much sooner
rather than being queued for AFS to pick up as rxrpc_kernel_recv_data
will be able to consult the call state.(3) We can shortcut the receive phase when a call is remotely aborted
because we don't have to go through all the packets to get to the one
cancelling the operation.(4) It makes it easier to do encryption/decryption directly between AFS's
buffers and sk_buffs.(5) Encryption/decryption can more easily be done in the AFS's thread
contexts - usually that of the userspace process that issued a syscall
- rather than in one of rxrpc's background threads on a workqueue.(6) AFS will be able to wait synchronously on a call inside AF_RXRPC.
To make this work, the following interface function has been added:
int rxrpc_kernel_recv_data(
struct socket *sock, struct rxrpc_call *call,
void *buffer, size_t bufsize, size_t *_offset,
bool want_more, u32 *_abort_code);This is the recvmsg equivalent. It allows the caller to find out about the
state of a specific call and to transfer received data into a buffer
piecemeal.afs_extract_data() and rxrpc_kernel_recv_data() now do all the extraction
logic between them. They don't wait synchronously yet because the socket
lock needs to be dealt with.Five interface functions have been removed:
rxrpc_kernel_is_data_last()
rxrpc_kernel_get_abort_code()
rxrpc_kernel_get_error_number()
rxrpc_kernel_free_skb()
rxrpc_kernel_data_consumed()As a temporary hack, sk_buffs going to an in-kernel call are queued on the
rxrpc_call struct (->knlrecv_queue) rather than being handed over to the
in-kernel user. To process the queue internally, a temporary function,
temp_deliver_data() has been added. This will be replaced with common code
between the rxrpc_recvmsg() path and the kernel_rxrpc_recv_data() path in a
future patch.Signed-off-by: David Howells
Signed-off-by: David S. Miller
01 Sep, 2016
1 commit
-
Add SWITCHDEV_OBJ_ID_PORT_MDB support to the DSA layer.
Signed-off-by: Vivien Didelot
Signed-off-by: David S. Miller
30 Aug, 2016
3 commits
-
Pass struct socket * to more rxrpc kernel interface functions. They should
be starting from this rather than the socket pointer in the rxrpc_call
struct if they need to access the socket.I have left:
rxrpc_kernel_is_data_last()
rxrpc_kernel_get_abort_code()
rxrpc_kernel_get_error_number()
rxrpc_kernel_free_skb()
rxrpc_kernel_data_consumed()unmodified as they're all about to be removed (and, in any case, don't
touch the socket).Signed-off-by: David Howells
-
Provide a function so that kernel users, such as AFS, can ask for the peer
address of a call:void rxrpc_kernel_get_peer(struct rxrpc_call *call,
struct sockaddr_rxrpc *_srx);In the future the kernel service won't get sk_buffs to look inside.
Further, this allows us to hide any canonicalisation inside AF_RXRPC for
when IPv6 support is added.Also propagate this through to afs_find_server() and issue a warning if we
can't handle the address family yet.Signed-off-by: David Howells
-
All three conflicts were cases of simple overlapping
changes.Signed-off-by: David S. Miller
29 Aug, 2016
1 commit
-
Since commit 83c0afaec7b7 ("net: dsa: Add new binding implementation"),
the shortcomings of the dsa platform device have been addressed, remove
that TODO item.Signed-off-by: Florian Fainelli
Acked-by: Andrew Lunn
Signed-off-by: David S. Miller
27 Aug, 2016
1 commit
-
switchdev_port_fwd_mark_set() is used to set the 'offload_fwd_mark' of
port netdevs so that packets being flooded by the device won't be
flooded twice.It works by assigning a unique identifier (the ifindex of the first
bridge port) to bridge ports sharing the same parent ID. This prevents
packets from being flooded twice by the same switch, but will flood
packets through bridge ports belonging to a different switch.This method is problematic when stacked devices are taken into account,
such as VLANs. In such cases, a physical port netdev can have upper
devices being members in two different bridges, thus requiring two
different 'offload_fwd_mark's to be configured on the port netdev, which
is impossible.The main problem is that packet and netdev marking is performed at the
physical netdev level, whereas flooding occurs between bridge ports,
which are not necessarily port netdevs.Instead, packet and netdev marking should really be done in the bridge
driver with the switch driver only telling it which packets it already
forwarded. The bridge driver will mark such packets using the mark
assigned to the ingress bridge port and will prevent the packet from
being forwarded through any bridge port sharing the same mark (i.e.
having the same parent ID).Remove the current switchdev 'offload_fwd_mark' implementation and
instead implement the proposed method. In addition, make rocker - the
sole user of the mark - use the proposed method.Signed-off-by: Ido Schimmel
Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller
25 Aug, 2016
1 commit
-
Now that the dsa_switch_driver structure contains only function pointers
as it is supposed to, rename it to the more appropriate dsa_switch_ops,
uniformly to any other operations structure in the kernel.No functional changes here, basically just the result of something like:
s/dsa_switch_driver *drv/dsa_switch_ops *ops/gHowever keep the {un,}register_switch_driver functions and their
dsa_switch_drivers list as is, since they represent the -- likely to be
deprecated soon -- legacy DSA registration framework.In the meantime, also fix the following checks from checkpatch.pl to
make it happy with this patch:CHECK: Comparison to NULL could be written "!ops"
#403: FILE: net/dsa/dsa.c:470:
+ if (ops == NULL) {CHECK: Comparison to NULL could be written "ds->ops->get_strings"
#773: FILE: net/dsa/slave.c:697:
+ if (ds->ops->get_strings != NULL)CHECK: Comparison to NULL could be written "ds->ops->get_ethtool_stats"
#824: FILE: net/dsa/slave.c:785:
+ if (ds->ops->get_ethtool_stats != NULL)CHECK: Comparison to NULL could be written "ds->ops->get_sset_count"
#835: FILE: net/dsa/slave.c:798:
+ if (ds->ops->get_sset_count != NULL)total: 0 errors, 0 warnings, 4 checks, 784 lines checked
Signed-off-by: Vivien Didelot
Acked-by: Florian Fainelli
Signed-off-by: David S. Miller
24 Aug, 2016
1 commit
-
TFO_SERVER_WO_SOCKOPT2 was intended for debugging purposes during
Fast Open development. Remove this config option and also
update/clean-up the documentation of the Fast Open sysctl.Reported-by: Piotr Jurkiewicz
Signed-off-by: Yuchung Cheng
Signed-off-by: Eric Dumazet
Signed-off-by: Neal Cardwell
Signed-off-by: David S. Miller
18 Aug, 2016
1 commit
-
Signed-off-by: Tom Herbert
Signed-off-by: David S. Miller
13 Aug, 2016
2 commits
-
Simon Wunderlich says:
====================
This feature patchset includes the following changes (mostly
chronological order):- bump version strings, by Simon Wunderlich
- kerneldoc clean up, by Sven Eckelmann
- enable RTNL automatic loading and according documentation
changes, by Sven Eckelmann (2 patches)- fix/improve interface removal and associated locking, by
Sven Eckelmann (3 patches)- clean up unused variables, by Linus Luessing
- implement Gateway selection code for B.A.T.M.A.N. V by
Antonio Quartulli (4 patches)- rewrite TQ comparison by Markus Pargmann
- fix Cocinelle warnings on bool vs integers (by Fenguang Wu/Intels
kbuild test robot) and bitwise arithmetic operations (by Linus
Luessing)- rewrite packet creation for forwarding for readability and to avoid
reference count mistakes, by Linus Luessing- use kmem_cache for translation table, which results in more efficient
storing of translation table entries, by Sven Eckelmann- rewrite/clarify reference handling for send_skb_unicast, by Sven
Eckelmann- fix debug messages when updating routes, by Sven Eckelmann
====================Signed-off-by: David S. Miller
-
This is a driver for the ENA family of networking devices.
Signed-off-by: Netanel Belgazal
Signed-off-by: David S. Miller
09 Aug, 2016
1 commit
-
The standard kernel API to add new virtual interfaces and attach other
interfaces to it is rtnl-link. batman-adv supports it since v3.10. This
functionality should be used instead of the legacy batman-adv-only sysfs
interface.Signed-off-by: Sven Eckelmann
Signed-off-by: Marek Lindner
Signed-off-by: Simon Wunderlich
06 Aug, 2016
1 commit
-
Inside the kafs filesystem it is possible to occasionally have a call
processed and terminated before we've had a chance to check whether we need
to clean up the rx queue for that call because afs_send_simple_reply() ends
the call when it is done, but this is done in a workqueue item that might
happen to run to completion before afs_deliver_to_call() completes.Further, it is possible for rxrpc_kernel_send_data() to be called to send a
reply before the last request-phase data skb is released. The rxrpc skb
destructor is where the ACK processing is done and the call state is
advanced upon release of the last skb. ACK generation is also deferred to
a work item because it's possible that the skb destructor is not called in
a context where kernel_sendmsg() can be invoked.To this end, the following changes are made:
(1) kernel_rxrpc_data_consumed() is added. This should be called whenever
an skb is emptied so as to crank the ACK and call states. This does
not release the skb, however. kernel_rxrpc_free_skb() must now be
called to achieve that. These together replace
rxrpc_kernel_data_delivered().(2) kernel_rxrpc_data_consumed() is wrapped by afs_data_consumed().
This makes afs_deliver_to_call() easier to work as the skb can simply
be discarded unconditionally here without trying to work out what the
return value of the ->deliver() function means.The ->deliver() functions can, via afs_data_complete(),
afs_transfer_reply() and afs_extract_data() mark that an skb has been
consumed (thereby cranking the state) without the need to
conditionally free the skb to make sure the state is correct on an
incoming call for when the call processor tries to send the reply.(3) rxrpc_recvmsg() now has to call kernel_rxrpc_data_consumed() when it
has finished with a packet and MSG_PEEK isn't set.(4) rxrpc_packet_destructor() no longer calls rxrpc_hard_ACK_data().
Because of this, we no longer need to clear the destructor and put the
call before we free the skb in cases where we don't want the ACK/call
state to be cranked.(5) The ->deliver() call-type callbacks are made to return -EAGAIN rather
than 0 if they expect more data (afs_extract_data() returns -EAGAIN to
the delivery function already), and the caller is now responsible for
producing an abort if that was the last packet.(6) There are many bits of unmarshalling code where:
ret = afs_extract_data(call, skb, last, ...);
switch (ret) {
case 0: break;
case -EAGAIN: return 0;
default: return ret;
}is to be found. As -EAGAIN can now be passed back to the caller, we
now just return if ret < 0:ret = afs_extract_data(call, skb, last, ...);
if (ret < 0)
return ret;(7) Checks for trailing data and empty final data packets has been
consolidated as afs_data_complete(). So:if (skb->len > 0)
return -EBADMSG;
if (!last)
return 0;becomes:
ret = afs_data_complete(call, skb, last);
if (ret < 0)
return ret;(8) afs_transfer_reply() now checks the amount of data it has against the
amount of data desired and the amount of data in the skb and returns
an error to induce an abort if we don't get exactly what we want.Without these changes, the following oops can occasionally be observed,
particularly if some printks are inserted into the delivery path:general protection fault: 0000 [#1] SMP
Modules linked in: kafs(E) af_rxrpc(E) [last unloaded: af_rxrpc]
CPU: 0 PID: 1305 Comm: kworker/u8:3 Tainted: G E 4.7.0-fsdevel+ #1303
Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
Workqueue: kafsd afs_async_workfn [kafs]
task: ffff88040be041c0 ti: ffff88040c070000 task.ti: ffff88040c070000
RIP: 0010:[] [] __lock_acquire+0xcf/0x15a1
RSP: 0018:ffff88040c073bc0 EFLAGS: 00010002
RAX: 6b6b6b6b6b6b6b6b RBX: 0000000000000000 RCX: ffff88040d29a710
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88040d29a710
RBP: ffff88040c073c70 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff88040be041c0 R15: ffffffff814c928f
FS: 0000000000000000(0000) GS:ffff88041fa00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa4595f4750 CR3: 0000000001c14000 CR4: 00000000001406f0
Stack:
0000000000000006 000000000be04930 0000000000000000 ffff880400000000
ffff880400000000 ffffffff8108f847 ffff88040be041c0 ffffffff81050446
ffff8803fc08a920 ffff8803fc08a958 ffff88040be041c0 ffff88040c073c38
Call Trace:
[] ? mark_held_locks+0x5e/0x74
[] ? __local_bh_enable_ip+0x9b/0xa1
[] ? trace_hardirqs_on_caller+0x16d/0x189
[] lock_acquire+0x122/0x1b6
[] ? lock_acquire+0x122/0x1b6
[] ? skb_dequeue+0x18/0x61
[] _raw_spin_lock_irqsave+0x35/0x49
[] ? skb_dequeue+0x18/0x61
[] skb_dequeue+0x18/0x61
[] afs_deliver_to_call+0x344/0x39d [kafs]
[] afs_process_async_call+0x4c/0xd5 [kafs]
[] afs_async_workfn+0xe/0x10 [kafs]
[] process_one_work+0x29d/0x57c
[] worker_thread+0x24a/0x385
[] ? rescuer_thread+0x2d0/0x2d0
[] kthread+0xf3/0xfb
[] ret_from_fork+0x1f/0x40
[] ? kthread_create_on_node+0x1cf/0x1cfSigned-off-by: David Howells
Signed-off-by: David S. Miller
16 Jul, 2016
2 commits
-
Document the design of mprds, covering a brief description
of the motivation, data-structures and modifications to the
RDS control plane.Acked-by: Santosh Shilimkar
Signed-off-by: Sowmini Varadhan
Signed-off-by: David S. Miller -
Update the documentation to describe the changes added by
commit 8ba38460f363 ("net/rds Add getsockopt support for SO_RDS_TRANSPORT")Acked-by: Santosh Shilimkar
Signed-off-by: Sowmini Varadhan
Signed-off-by: David S. Miller
14 Jul, 2016
2 commits
-
Comments from Frank Kellerman on last doc update:
- extra whitespace in front of a neigh show command
- convert the brief link example to 'vrf red'Signed-off-by: David Ahern
Signed-off-by: David S. Miller -
Update vrf documentation for changes made to 4.4 - 4.8 kernels
and iproute2 support for vrf keyword.Signed-off-by: David Ahern
Signed-off-by: David S. Miller
07 Jul, 2016
1 commit
-
Pablo Neira Ayuso says:
====================
Netfilter updates for net-nextThe following patchset contains Netfilter updates for net-next,
they are:1) Don't use userspace datatypes in bridge netfilter code, from
Tobin Harding.2) Iterate only once over the expectation table when removing the
helper module, instead of once per-netns, from Florian Westphal.3) Extra sanitization in xt_hook_ops_alloc() to return error in case
we ever pass zero hooks, xt_hook_ops_alloc():4) Handle NFPROTO_INET from the logging core infrastructure, from
Liping Zhang.5) Autoload loggers when TRACE target is used from rules, this doesn't
change the behaviour in case the user already selected nfnetlink_log
as preferred way to print tracing logs, also from Liping Zhang.6) Conntrack slabs with SLAB_HWCACHE_ALIGN to allow rearranging fields
by cache lines, increases the size of entries in 11% per entry.
From Florian Westphal.7) Skip zone comparison if CONFIG_NF_CONNTRACK_ZONES=n, from Florian.
8) Remove useless defensive check in nf_logger_find_get() from Shivani
Bhardwaj.9) Remove zone extension as place it in the conntrack object, this is
always include in the hashing and we expect more intensive use of
zones since containers are in place. Also from Florian Westphal.10) Owner match now works from any namespace, from Eric Bierdeman.
11) Make sure we only reply with TCP reset to TCP traffic from
nf_reject_ipv4, patch from Liping Zhang.12) Introduce --nflog-size to indicate amount of network packet bytes
that are copied to userspace via log message, from Vishwanath Pai.
This obsoletes --nflog-range that has never worked, it was designed
to achieve this but it has never worked.13) Introduce generic macros for nf_tables object generation masks.
14) Use generation mask in table, chain and set objects in nf_tables.
This allows fixes interferences with ongoing preparation phase of
the commit protocol and object listings going on at the same time.
This update is introduced in three patches, one per object.15) Check if the object is active in the next generation for element
deactivation in the rbtree implementation, given that deactivation
happens from the commit phase path we have to observe the future
status of the object.16) Support for deletion of just added elements in the hash set type.
17) Allow to resize hashtable from /proc entry, not only from the
obscure /sys entry that maps to the module parameter, from Florian
Westphal.18) Get rid of NFT_BASECHAIN_DISABLED, this code is not exercised
anymore since we tear down the ruleset whenever the netdevice
goes away.19) Support for matching inverted set lookups, from Arturo Borrero.
20) Simplify the iptables_mangle_hook() by removing a superfluous
extra branch.21) Introduce ether_addr_equal_masked() and use it from the netfilter
codebase, from Joe Perches.22) Remove references to "Use netfilter MARK value as routing key"
from the Netfilter Kconfig description given that this toggle
doesn't exists already for 10 years, from Moritz Sichert.23) Introduce generic NF_INVF() and use it from the xtables codebase,
from Joe Perches.24) Setting logger to NONE via /proc was not working unless explicit
nul-termination was included in the string. This fixes seems to
leave the former behaviour there, so we don't break backward.
====================Signed-off-by: David S. Miller
28 Jun, 2016
1 commit
-
The 3.xx and 4.xx synopsys gmacs have a very similar
PCS embedded module and they share almost the same registers:
for example:
AN_Control, AN_Status, AN_Advertisement, AN_Link_Partner_Ability,
AN_Expansion, TBI_Extended_Status.Just the RGMII/SMII Control/Status register differs.
So This patch aims to reorganize and enhance the PCS support.
It removes the existent support from the dwmac1000/dwmac4_core.c
moving basic PCS functions inside a new file called: stmmac_pcs.h.The patch also reviews the available APIs to be better shared among
different hardware and easily enhanced to support new features.Signed-off-by: Giuseppe Cavallaro
Signed-off-by: David S. Miller
24 Jun, 2016
1 commit
-
No need to restrict this to module parameter.
We export a copy of the real hash size -- when user alters the value we
allocate the new table, copy entries etc before we update the real size
to the requested one.This is also needed because the real size is used by concurrent readers
and cannot be changed without synchronizing the conntrack generation
seqcnt.We only allow changing this value from the initial net namespace.
Tested using http-client-benchmark vs. httpterm with concurrent
while true;do
echo $RANDOM > /proc/sys/net/netfilter/nf_conntrack_buckets
doneSigned-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
17 Jun, 2016
1 commit
-
Signed-off-by: Oliver Hartkopp
Signed-off-by: Marc Kleine-Budde
08 Jun, 2016
1 commit
-
Large tc dumps (tc -s {qdisc|class} sh dev ethX) done by Google BwE host
agent [1] are problematic at scale :For each qdisc/class found in the dump, we currently lock the root qdisc
spinlock in order to get stats. Sampling stats every 5 seconds from
thousands of HTB classes is a challenge when the root qdisc spinlock is
under high pressure. Not only the dumps take time, they also slow
down the fast path (queue/dequeue packets) by 10 % to 20 % in some cases.An audit of existing qdiscs showed that sch_fq_codel is the only qdisc
that might need the qdisc lock in fq_codel_dump_stats() and
fq_codel_dump_class_stats()In v2 of this patch, I now use the Qdisc running seqcount to provide
consistent reads of packets/bytes counters, regardless of 32/64 bit arches.I also changed rate estimators to use the same infrastructure
so that they no longer need to lock root qdisc lock.[1]
http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43838.pdfSigned-off-by: Eric Dumazet
Cc: Cong Wang
Cc: Jamal Hadi Salim
Cc: John Fastabend
Cc: Kevin Athey
Cc: Xiaotian Pei
Signed-off-by: David S. Miller
30 May, 2016
1 commit
-
Clarify how secure_redirects works. Mention that RFC1122 always applies.
Signed-off-by: Eric Garver
Signed-off-by: David S. Miller
26 May, 2016
3 commits
-
Described what the port_vlan_filtering function is supposed to
accomplish.Fixes: fb2dabad69f0 ("net: dsa: support VLAN filtering switchdev attr")
Signed-off-by: Florian Fainelli
Reviewed-by: Vivien Didelot
Signed-off-by: David S. Miller -
We no longer have a priv_size structure member since 5feebd0a8a79 ("net:
dsa: Remove allocation of driver private memory")Reviewed-by: Vivien Didelot
Signed-off-by: Florian Fainelli
Signed-off-by: David S. Miller -
This function has been removed in 4baee937b8d5 ("net: dsa: remove DSA
link polling") in favor of using the PHYLIB polling mechanism.Reviewed-by: Vivien Didelot
Signed-off-by: Florian Fainelli
Signed-off-by: David S. Miller
20 May, 2016
1 commit
-
Pull Documentation updates from Jon Corbet:
"A bit busier this time around.The most interesting thing (IMO) this time around is some beginning
infrastructural work to allow documents to be written using
restructured text. Maybe someday, in a galaxy far far away, we'll be
able to eliminate the DocBook dependency and have a much better
integrated set of kernel docs. Someday.Beyond that, there's a new document on security hardening from Kees,
the movement of some sample code over to samples/, a number of
improvements to the serial docs from Geert, and the usual collection
of corrections, typo fixes, etc"* tag 'docs-for-linus' of git://git.lwn.net/linux: (55 commits)
doc: self-protection: provide initial details
serial: doc: Use port->state instead of info
serial: doc: Always refer to tty_port->mutex
Documentation: vm: Spelling s/paltform/platform/g
Documentation/memcg: update kmem limit doc as codes behavior
docproc: print a comment about autogeneration for rst output
docproc: add support for reStructuredText format via --rst option
docproc: abstract terminating lines at first space
docproc: abstract docproc directive detection
docproc: reduce unnecessary indentation
docproc: add variables for subcommand and filename
kernel-doc: use rst C domain directives and references for types
kernel-doc: produce RestructuredText output
kernel-doc: rewrite usage description, remove duplicated comments
Doc: correct the location of sysrq.c
Documentation: fix common spelling mistakes
samples: v4l: from Documentation to samples directory
samples: connector: from Documentation to samples directory
Documentation: xillybus: fix spelling mistake
Documentation: x86: fix spelling mistakes
...
17 May, 2016
1 commit
-
Fix description of some of the bpf_asm tool related jump instructions
and generally move them to format A k.Reported-by: Sebastian Amend
Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
Signed-off-by: David S. Miller
