- 20 Jul, 2022 1 commit
-
-
Christophe JAILLET authored
Use bitmap_zalloc()/bitmap_free() instead of hand-writing them. It is less verbose and it improves the semantic. Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Acked-by:
Julian Anastasov <ja@ssi.bg> Acked-by:
Simon Horman <horms@verge.net.au> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org>
-
- 13 Jul, 2022 1 commit
-
-
James Yonan authored
nf_nat_initialized() doesn't modify passed struct nf_conn, so declare as const. This is helpful for code readability and makes it possible to call nf_nat_initialized() with a const struct nf_conn *. Signed-off-by:
James Yonan <james@openvpn.net> Signed-off-by:
-
- 11 Jul, 2022 17 commits
-
-
Florian Westphal authored
... and cast result to u32 so sparse won't complain anymore. Signed-off-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
-
Florian Westphal authored
Sparse tool complains about mixing of different endianess types, so use the correct ones. Add type casts where needed. objdiff shows no changes except in nft_tunnel (type is changed). Signed-off-by:
-
Florian Westphal authored
Same as the existing ones, no conversions. This is just for sparse sake only so that we no longer mix be16/u16 and be32/u32 types. Alternative is to add __force __beX in various places, but this seems nicer. objdiff shows no changes. Signed-off-by:
-
Florian Westphal authored
Switch to be16/32 and u16/32 respectively. No code changes here, the functions do the same thing, this is just for sparse checkers' sake. objdiff shows no changes. Signed-off-by:
-
Florian Westphal authored
Sparse complains because __be32 and u32 are mixed without conversions. Use the correct types, no code changes. Furthermore, xt_DSCP generates a bit truncation warning: "cast truncates bits from constant value (ffffff03 becomes 3)" The truncation is fine (and wanted). Add a private definition and use that instead. objdiff shows no changes. Signed-off-by:
-
Florian Westphal authored
Sparse flags this as suspicious, because this compares integer with a be16 with no conversion. Its a compat check for old userspace that sends host byte order, so force a be16 cast here. Signed-off-by:
-
Zhang Jiaming authored
Change 'succesful' to 'successful'. Change 'transation' to 'transaction'. Signed-off-by:
Zhang Jiaming <jiaming@nfschina.com> Signed-off-by:
-
Florian Westphal authored
sparse complains about incorrect rcu usage. Code uses the correct rcu access primitives, but the function pointers lack rcu annotations. Collapse all of them into a single structure, then annotate the pointer. Signed-off-by:
-
Florian Westphal authored
Sparse complains about direct access to the 'helper' and timeout members. Both have __rcu annotation, so use the accessors. xt_CT is fine, accesses occur before the structure is visible to other cpus. Switch to rcu accessors there as well to reduce noise. Signed-off-by:
-
Florian Westphal authored
Access to the hook pointers use correct helpers but the pointers lack the needed __rcu annotation. Signed-off-by:
-
Vlad Buslov authored
To improve hardware offload debuggability count pending 'add', 'del' and 'stats' flow_table offload workqueue tasks. Counters are incremented before scheduling new task and decremented when workqueue handler finishes executing. These counters allow user to diagnose congestion on hardware offload workqueues that can happen when either CPU is starved and workqueue jobs are executed at lower rate than new ones are added or when hardware/driver can't keep up with the rate. Implement the described counters as percpu counters inside new struct netns_ft which is stored inside struct net. Expose them via new procfs file '/proc/net/stats/nf_flowtable' that is similar to existing 'nf_conntrack' file. Signed-off-by:
Vlad Buslov <vladbu@nvidia.com> Signed-off-by:
Oz Shlomo <ozsh@nvidia.com> Signed-off-by:
-
Vlad Buslov authored
Following patches in series use the pointer to access flow table offload debug variables. Signed-off-by:
-
Bill Wendling authored
When compiling with -Wformat, clang emits the following warnings: net/netfilter/nf_conntrack_helper.c:168:18: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security] request_module(mod_name); ^~~~~~~~ Use a string literal for the format string. Link: https://github.com/ClangBuiltLinux/linux/issues/378Signed-off-by:Bill Wendling <isanbard@gmail.com> Signed-off-by:
-
Jackie Liu authored
These cases all use the same function. we can simplify the code through fallthrough. $ size net/netfilter/nf_conntrack_core.o text data bss dec hex filename before 81601 81430 768 163799 27fd7 net/netfilter/nf_conntrack_core.o after 80361 81430 768 162559 27aff net/netfilter/nf_conntrack_core.o Arch: aarch64 Gcc : gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1) Reported-by:k2ci <kernel-bot@kylinos.cn> Signed-off-by:
Jackie Liu <liuyun01@kylinos.cn> Signed-off-by:
-
Jilin Yuan authored
Delete the redundant word 'test'. Signed-off-by:
Jilin Yuan <yuanjilin@cdjrlc.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Jilin Yuan authored
Delete the redundant word 'driver'. Signed-off-by:
-
sewookseo authored
If we set XFRM security policy by calling setsockopt with option IPV6_XFRM_POLICY, the policy will be stored in 'sock_policy' in 'sock' struct. However tcp_v6_send_response doesn't look up dst_entry with the actual socket but looks up with tcp control socket. This may cause a problem that a RST packet is sent without ESP encryption & peer's TCP socket can't receive it. This patch will make the function look up dest_entry with actual socket, if the socket has XFRM policy(sock_policy), so that the TCP response packet via this function can be encrypted, & aligned on the encrypted TCP socket. Tested: We encountered this problem when a TCP socket which is encrypted in ESP transport mode encryption, receives challenge ACK at SYN_SENT state. After receiving challenge ACK, TCP needs to send RST to establish the socket at next SYN try. But the RST was not encrypted & peer TCP socket still remains on ESTABLISHED state. So we verified this with test step as below. [Test step] 1. Making a TCP state mismatch between client(IDLE) & server(ESTABLISHED). 2. Client tries a new connection on the same TCP ports(src & dst). 3. Server will return challenge ACK instead of SYN,ACK. 4. Client will send RST to server to clear the SOCKET. 5. Client will retransmit SYN to server on the same TCP ports. [Expected result] The TCP connection should be established. Cc: Maciej Żenczykowski <maze@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Steffen Klassert <steffen.klassert@secunet.com> Cc: Sehee Lee <seheele@google.com> Signed-off-by:
Sewook Seo <sewookseo@google.com> Reviewed-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
-
- 09 Jul, 2022 21 commits
-
-
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-nextJakub Kicinski authored
Daniel Borkmann says: ==================== pull-request: bpf-next 2022-07-09 We've added 94 non-merge commits during the last 19 day(s) which contain a total of 125 files changed, 5141 insertions(+), 6701 deletions(-). The main changes are: 1) Add new way for performing BTF type queries to BPF, from Daniel Müller. 2) Add inlining of calls to bpf_loop() helper when its function callback is statically known, from Eduard Zingerman. 3) Implement BPF TCP CC framework usability improvements, from Jörn-Thorben Hinz. 4) Add LSM flavor for attaching per-cgroup BPF programs to existing LSM hooks, from Stanislav Fomichev. 5) Remove all deprecated libbpf APIs in prep for 1.0 release, from Andrii Nakryiko. 6) Add benchmarks around local_storage to BPF selftests, from Dave Marchevsky. 7) AF_XDP sample removal (given move to libxdp) and various improvements around AF_XDP selftests, from Magnus Karlsson & Maciej Fijalkowski. 8) Add bpftool improvements for memcg probing and bash completion, from Quentin Monnet. 9) Add arm64 JIT support for BPF-2-BPF coupled with tail calls, from Jakub Sitnicki. 10) Sockmap optimizations around throughput of UDP transmissions which have been improved by 61%, from Cong Wang. 11) Rework perf's BPF prologue code to remove deprecated functions, from Jiri Olsa. 12) Fix sockmap teardown path to avoid sleepable sk_psock_stop, from John Fastabend. 13) Fix libbpf's cleanup around legacy kprobe/uprobe on error case, from Chuang Wang. 14) Fix libbpf's bpf_helpers.h to work with gcc for the case of its sec/pragma macro, from James Hilliard. 15) Fix libbpf's pt_regs macros for riscv to use a0 for RC register, from Yixun Lan. 16) Fix bpftool to show the name of type BPF_OBJ_LINK, from Yafang Shao. * https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next: (94 commits) selftests/bpf: Fix xdp_synproxy build failure if CONFIG_NF_CONNTRACK=m/n bpf: Correctly propagate errors up from bpf_core_composites_match libbpf: Disable SEC pragma macro on GCC bpf: Check attach_func_proto more carefully in check_return_code selftests/bpf: Add test involving restrict type qualifier bpftool: Add support for KIND_RESTRICT to gen min_core_btf command MAINTAINERS: Add entry for AF_XDP selftests files selftests, xsk: Rename AF_XDP testing app bpf, docs: Remove deprecated xsk libbpf APIs description selftests/bpf: Add benchmark for local_storage RCU Tasks Trace usage libbpf, riscv: Use a0 for RC register libbpf: Remove unnecessary usdt_rel_ip assignments selftests/bpf: Fix few more compiler warnings selftests/bpf: Fix bogus uninitialized variable warning bpftool: Remove zlib feature test from Makefile libbpf: Cleanup the legacy uprobe_event on failed add/attach_event() libbpf: Fix wrong variable used in perf_event_uprobe_open_legacy() libbpf: Cleanup the legacy kprobe_event on failed add/attach_event() selftests/bpf: Add type match test against kernel's task_struct selftests/bpf: Add nested type to type based tests ... ==================== Link: https://lore.kernel.org/r/20220708233145.32365-1-daniel@iogearbox.netSigned-off-by:Jakub Kicinski <kuba@kernel.org>
-
Linus Walleij authored
If there is a MAC address specified in the device tree, then use it. This is already perfectly legal to specify in accordance with the generic ethernet-controller.yaml schema. Signed-off-by:
Linus Walleij <linus.walleij@linaro.org> Signed-off-by:
-
Linus Walleij authored
If the firmware does not provide a MAC address to the driver, fall back to generating a random MAC address. Signed-off-by:
-
Eric Dumazet authored
We want to kfree(table) if @table has been kmalloced, ie for non initial network namespace. Fixes: 849d5aa3 ("af_unix: Do not call kmemdup() for init_net's sysctl table.") Signed-off-by:
Kuniyuki Iwashima <kuniyu@amazon.com> Signed-off-by:
-
David S. Miller authored
Mat Martineau says: ==================== mptcp: Self test improvements and a header tweak Patch 1 moves a definition to a header so it can be used in a struct declaration. Patch 2 adjusts a time threshold for a selftest that runs much slower on debug kernels (and even more on slow CI infrastructure), to reduce spurious failures. Patches 3 & 4 improve userspace PM test coverage. Patches 5 & 6 clean up output from a test script and selftest helper tool. ==================== Signed-off-by: -
Geliang Tang authored
The usage header of pm_nl_ctl command doesn't match with the context. So this patch adds the missing userspace PM keywords 'ann', 'rem', 'csf', 'dsf', 'events' and 'listen' in it. Reviewed-by:
Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by:
Geliang Tang <geliang.tang@suse.com> Signed-off-by:
-
Geliang Tang authored
There're some 'Terminated' messages in the output of userspace pm tests script after killing './pm_nl_ctl events' processes: Created network namespaces ns1, ns2 [OK] ./userspace_pm.sh: line 166: 13735 Terminated ip netns exec "$ns2" ./pm_nl_ctl events >> "$client_evts" 2>&1 ./userspace_pm.sh: line 172: 13737 Terminated ip netns exec "$ns1" ./pm_nl_ctl events >> "$server_evts" 2>&1 Established IPv4 MPTCP Connection ns2 => ns1 [OK] ./userspace_pm.sh: line 166: 13753 Terminated ip netns exec "$ns2" ./pm_nl_ctl events >> "$client_evts" 2>&1 ./userspace_pm.sh: line 172: 13755 Terminated ip netns exec "$ns1" ./pm_nl_ctl events >> "$server_evts" 2>&1 Established IPv6 MPTCP Connection ns2 => ns1 [OK] ADD_ADDR 10.0.2.2 (ns2) => ns1, invalid token [OK] This patch adds a helper kill_wait(), in it using 'wait $pid 2>/dev/null' commands after 'kill $pid' to avoid printing out these Terminated messages. Use this helper instead of using 'kill $pid'. Reviewed-by:
-
Geliang Tang authored
This patch adds userspace pm subflow tests support for mptcp_join.sh script. Add userspace pm create subflow and destroy test cases in userspace_tests(). Reviewed-by:
-
Geliang Tang authored
This patch adds userspace pm tests support for mptcp_join.sh script. Add userspace pm add_addr and rm_addr test cases in userspace_tests(). Reviewed-by:
-
Paolo Abeni authored
The mentioned test measures the transfer run-time to verify that the user-space program is able to use the full aggregate B/W. Even on (virtual) link-speed-bound tests, debug kernel can slow down the transfer enough to cause sporadic test failures. Instead of unconditionally raising the maximum allowed run-time, tweak when the running kernel is a debug one, and use some simple/ rough heuristic to guess such scenarios. Note: this intentionally avoids looking for /boot/config-<version> as the latter file is not always available in our reference CI environments. Signed-off-by:
Paolo Abeni <pabeni@redhat.com> Co-developed-by:
-
Geliang Tang authored
Move macro MPTCPOPT_HMAC_LEN definition from net/mptcp/protocol.h to include/net/mptcp.h. Reviewed-by:
-
Yang Yingliang authored
bcm63xx_enetsw_driver and bcm63xx_enet_driver are only used in bcm63xx_enet.c now, change them to static. Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Link: https://lore.kernel.org/r/20220707135801.1483941-1-yangyingliang@huawei.comSigned-off-by:
-
Russell King (Oracle) authored
When we are operating in SGMII inband mode, it implies that there is a PHY connected, and the ethtool advertisement for autoneg applies to the PHY, not the SGMII link. When in 1000base-X mode, then this applies to the 802.3z link and needs to be applied to the PCS. Fix this. Reviewed-by:
Andrew Lunn <andrew@lunn.ch> Signed-off-by:
Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Link: https://lore.kernel.org/r/E1o9Ng2-005Qbe-3H@rmk-PC.armlinux.org.ukSigned-off-by:
-
Antoine Tenart authored
A description is missing for the net.core.high_order_alloc_disable option in admin-guide/sysctl/net.rst ; add it. The above sysctl option was introduced by commit ce27ec60 ("net: add high_order_alloc_disable sysctl/static key"). Thanks to Eric for running again the benchmark cited in the above commit, showing this knob is now mostly of historical importance. Signed-off-by:
Antoine Tenart <atenart@kernel.org> Reviewed-by:
-
Justin Stitt authored
When building with Clang we encounter this warning: | net/rxrpc/rxkad.c:434:33: error: format specifies type 'unsigned short' | but the argument has type 'u32' (aka 'unsigned int') [-Werror,-Wformat] | _leave(" = %d [set %hx]", ret, y); y is a u32 but the format specifier is `%hx`. Going from unsigned int to short int results in a loss of data. This is surely not intended behavior. If it is intended, the warning should be suppressed through other means. This patch should get us closer to the goal of enabling the -Wformat flag for Clang builds. Link: https://github.com/ClangBuiltLinux/linux/issues/378Signed-off-by:Justin Stitt <justinstitt@google.com> Reviewed-by:
Nathan Chancellor <nathan@kernel.org> Acked-by:
David Howells <dhowells@redhat.com> Link: https://lore.kernel.org/r/20220707182052.769989-1-justinstitt@google.comSigned-off-by:
-
Jakub Kicinski authored
Jakub Kicinski says: ==================== tls: pad strparser, internal header, decrypt_ctx etc. A grab bag of non-functional refactoring to make the series which will let us decrypt into a fresh skb smaller. Patches in this series are not strictly required to get the decryption into a fresh skb going, they are more in the "things which had been annoying me for a while" category. ==================== Link: https://lore.kernel.org/r/20220708010314.1451462-1-kuba@kernel.orgSigned-off-by:
-
Jakub Kicinski authored
tls_wait_data() sets the return code as an output parameter and always returns ctx->recv_pkt on success. Return the error code directly and let the caller read the skb from the context. Use positive return code to indicate ctx->recv_pkt is ready. While touching the definition of the function rename it. Signed-off-by: -
Jakub Kicinski authored
include/net/tls.h is getting a little long, and is probably hard for driver authors to navigate. Split out the internals into a header which will live under net/tls/. While at it move some static inlines with a single user into the source files, add a few tls_ prefixes and fix spelling of 'proccess'. Signed-off-by: -
Jakub Kicinski authored
Jump to the free() call, instead of having to remember to free the memory in multiple places. Signed-off-by: -
Jakub Kicinski authored
The max size of iv + aad + tail is 22B. That's smaller than a single sg entry (32B). Don't bother with the memory packing, just create a struct which holds the max size of those members. Signed-off-by: -
Jakub Kicinski authored
AAD size is either 5 or 13. Really no point complicating the code for the 8B of difference. This will also let us turn the chunked up buffer into a sane struct. Signed-off-by:
-
