- 25 Mar, 2015 16 commits
-
-
Patrick McHardy authored
Following patches will add new private members, restore struct nft_hash as preparation. Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org>
-
Patrick McHardy authored
nftables sets will be converted to use so called setextensions, moving the key to a non-fixed position. To hash it, the obj_hashfn must be used, however it so far doesn't receive the length parameter. Pass the key length to obj_hashfn() and convert existing users. Signed-off-by:
-
Patrick McHardy authored
Using smp_processor_id() triggers warnings with PREEMPT_RCU. There is no point in disabling preemption since we only collect the numeric value, so use raw_smp_processor_id() instead. Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Pablo Neira Ayuso authored
As described by 4017a7ee ("netfilter: restore rule tracing via nfnetlink_log"), this accidentally slipped through during conflict resolution in d5c1d8c5. Signed-off-by:
-
Joe Perches authored
Use the #defines where appropriate. Miscellanea: Add explicit #include <linux/kernel.h> where it was not previously used so that these #defines are a bit more explicitly defined instead of indirectly included via: module.h->moduleparam.h->kernel.h Signed-off-by:
Joe Perches <joe@perches.com> Signed-off-by:
-
Patrick McHardy authored
The network namespace is only needed for base chains to get at the gencursor. Also convert to possible_net_t. Signed-off-by:
-
Eric Dumazet authored
ss should display ipv4 mapped request sockets like this : tcp SYN-RECV 0 0 ::ffff:192.168.0.1:8080 ::ffff:192.0.2.1:35261 and not like this : tcp SYN-RECV 0 0 192.168.0.1:8080 192.0.2.1:35261 We should init ireq->ireq_family based on listener sk_family, not the actual protocol carried by SYN packet. This means we can set ireq_family in inet_reqsk_alloc() Fixes: 3f66b083 ("inet: introduce ireq_family") Signed-off-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
stephen hemminger authored
The original comment was not really informative or funny as well as sexist. Replace it with a better explanation of why the driver does stop and what the impacts are. Signed-off-by:
Stephen Hemminger <stephen@networkplumber.org> Signed-off-by:
-
Daniel Borkmann authored
We now have K_VLANT, K_VLANP and K_VLANTPID. Clean them up into more descriptive token, namely K_VLAN_TCI, K_VLAN_AVAIL and K_VLAN_TPID. Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net> Signed-off-by:
-
David S. Miller authored
Eric Dumazet says: ==================== tcp: listener refactor part 16 A CONFIG_PROVE_RCU=y build revealed an RCU splat I had to fix. I added const qualifiers to various md5 methods, as I expect to call them on behalf of request sock traffic even if the listener socket is not locked. This seems ok, but adding const makes the contract clearer. Note a good reduction of code size thanks to request/establish sockets convergence. ==================== Signed-off-by: -
Eric Dumazet authored
With request socks convergence, we no longer need different lookup methods. A request socket can use generic lookup function. Add const qualifier to 2nd tcp_v[46]_md5_lookup() parameter. Signed-off-by:
-
Eric Dumazet authored
Since request and established sockets now have same base, there is no need to pass two pointers to tcp_v4_md5_hash_skb() or tcp_v6_md5_hash_skb() Also add a const qualifier to their struct tcp_md5sig_key argument. Signed-off-by:
-
Eric Dumazet authored
It is guaranteed that both tcp_v4_rcv() and tcp_v6_rcv() run from rcu read locked sections : ip_local_deliver_finish() and ip6_input_finish() both use rcu_read_lock() Also align tcp_v6_inbound_md5_hash() on tcp_v4_inbound_md5_hash() by returning a boolean. Signed-off-by:
-
Eric Dumazet authored
Signed-off-by:
-
Eric Dumazet authored
While timer handler effectively runs a rcu read locked section, there is no explicit rcu_read_lock()/rcu_read_unlock() annotations and lockdep can be confused here : net/ipv4/tcp_ipv4.c-906- /* caller either holds rcu_read_lock() or socket lock */ net/ipv4/tcp_ipv4.c:907: md5sig = rcu_dereference_check(tp->md5sig_info, net/ipv4/tcp_ipv4.c-908- sock_owned_by_user(sk) || net/ipv4/tcp_ipv4.c-909- lockdep_is_held(&sk->sk_lock.slock)); Let's explicitely acquire rcu_read_lock() in tcp_make_synack() Before commit fa76ce73 ("inet: get rid of central tcp/dccp listener timer"), we were holding listener lock so lockdep was happy. Fixes: fa76ce73 ("inet: get rid of central tcp/dccp listener timer") Signed-off-by:
-
- 24 Mar, 2015 24 commits
-
-
David S. Miller authored
Thomas Graf says: ==================== rhashtable updates on top of Herbert's work Patch 1 is a bugfix for an RCU splash I encountered while testing. Patch 2 & 3 are pure cleanups. Patch 4 disables automatic shrinking by default as discussed in previous thread. Patch 5 removes some rhashtable internal knowledge from nft_hash and fixes another RCU splash. I've pushed various rhashtable tests (Netlink, nft) together with a Makefile to a git tree [0] for easier stress testing. [0] https://github.com/tgraf/rhashtable ==================== Signed-off-by:
-
Thomas Graf authored
rhashtable_destroy() variant which stops rehashes, iterates over the table and calls a callback to release resources. Avoids need for nft_hash to embed rhashtable internals and allows to get rid of the being_destroyed flag. It also saves a 2nd mutex lock upon destruction. Also fixes an RCU lockdep splash on nft set destruction due to calling rht_for_each_entry_safe() without holding bucket locks. Open code this loop as we need know that no mutations may occur in parallel. Signed-off-by:
Thomas Graf <tgraf@suug.ch> Signed-off-by:
-
Thomas Graf authored
Introduce a new bool automatic_shrinking to require the user to explicitly opt-in to automatic shrinking of tables. Signed-off-by:
-
Thomas Graf authored
Signed-off-by:
-
Thomas Graf authored
Signed-off-by:
-
Thomas Graf authored
rhashtable_insert_rehash() requires RCU locks to be held in order to access ht->tbl and traverse to the last table. Fixes: ccd57b1b ("rhashtable: Add immediate rehash during insertion") Signed-off-by:
-
Michal Sekletar authored
If vlan offloading takes place then vlan header is removed from frame and its contents, both vlan_tci and vlan_proto, is available to user space via TPACKET interface. However, only vlan_tci can be used in BPF filters. This commit introduces a new BPF extension. It makes possible to load the value of vlan_proto (vlan TPID) to register A. Support for classic BPF and eBPF is being added, analogous to skb->protocol. Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: Alexei Starovoitov <ast@plumgrid.com> Cc: Jiri Pirko <jpirko@redhat.com> Signed-off-by:
Michal Sekletar <msekleta@redhat.com> Acked-by:
Alexei Starovoitov <ast@plumgrid.com> Reviewed-by:
Jiri Pirko <jiri@resnulli.us> Signed-off-by:
-
David S. Miller authored
Varun Prakash says: ==================== FCoE support in cxgb4 driver This patch series enables FCoE support in cxgb4 driver, it enables FCOE_CRC and FCOE_MTU net device features. This series is created against net-next tree. ==================== Signed-off-by: -
Varun Prakash authored
Signed-off-by:
Varun Prakash <varun@chelsio.com> Signed-off-by:
-
Varun Prakash authored
This patch adds cxgb4_fcoe.c and enables FCOE_CRC, FCOE_MTU net device features. Signed-off-by:
-
Varun Prakash authored
This patch adds new header file cxgb4_fcoe.h and defines new macros for FCoE support in cxgb4 driver. Signed-off-by:
-
Hannes Frederic Sowa authored
Those warnings reported by sparse endianness check (via kbuild test robot) are harmless, nevertheless fix them up and make the code a little bit easier to read. Reported-by:
kbuild test robot <fengguang.wu@intel.com> Fixes: 622c81d5 ("ipv6: generation of stable privacy addresses for link-local and autoconf") Signed-off-by:
Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by:
-
Ying Xue authored
When IPV6=m and TIPC=y, below error will appear during building kernel image: net/tipc/udp_media.c:196: undefined reference to `ip6_dst_lookup' make: *** [vmlinux] Error 1 As ip6_dst_lookup() is implemented in IPV6 and IPV6 is compiled as module, ip6_dst_lookup() is not built-in core kernel image. As a result, compiler cannot find 'ip6_dst_lookup' reference while compiling TIPC code into core kernel image. But with the method introduced by commit 5f81bd2e ("ipv6: export a stub for IPv6 symbols used by vxlan"), we can avoid the compile error through "ipv6_stub" pointer to access ip6_dst_lookup(). Fixes: d0f91938 ("tipc: add ip/udp media type") Suggested-by:
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by:
Ying Xue <ying.xue@windriver.com> Signed-off-by:
-
WANG Cong authored
With dev group, we can change a batch of net devices, so we should allow to delete them together too. Group 0 is not allowed to be deleted since it is the default group. Cc: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by:
Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by:
-
Herbert Xu authored
This patch adds a comment on the choice of the value 16 as the maximum chain length before we force a rehash. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Wu Fengguang authored
drivers/net/usb/cx82310_eth.c:175:2-3: Unneeded semicolon Removes unneeded semicolon. Generated by: scripts/coccinelle/misc/semicolon.cocci CC: Ondrej Zary <linux@rainbow-software.org> Signed-off-by:
-
Sasha Levin authored
Commit f2f8036e ("tipc: add support for connect() on dgram/rdm sockets") hasn't validated user input length for the sockaddr structure which allows a user to overwrite kernel memory with arbitrary input. Fixes: f2f8036e ("tipc: add support for connect() on dgram/rdm sockets") Signed-off-by:
Sasha Levin <sasha.levin@oracle.com> Acked-by:
-
Hannes Frederic Sowa authored
Cc: John Fastabend <john.r.fastabend@intel.com> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller authored
Conflicts: net/netfilter/nf_tables_core.c The nf_tables_core.c conflict was resolved using a conflict resolution from Stephen Rothwell as a guide. Signed-off-by: -
Herbert Xu authored
The commit 963ecbd4 ("rhashtable: Fix use-after-free in rhashtable_walk_stop") fixed a real bug but created another one because we may end up sleeping inside an RCU critical section. This patch fixes it properly by replacing the mutex with a spin lock that specifically protects the walker lists. Reported-by:
-
David S. Miller authored
Hannes Frederic Sowa says: ==================== ipv6: RFC7217 stable privacy addresses implementation this is an implementation of basic support for RFC7217 stable privacy addresses. Please review and consider for net-next. v2: * Correct references to RFC 7212 -> RFC 7217 in documentation patch (thanks, Eric!) ==================== Signed-off-by: -
Hannes Frederic Sowa authored
Cc: Erik Kline <ek@google.com> Cc: Fernando Gont <fgont@si6networks.com> Cc: Lorenzo Colitti <lorenzo@google.com> Cc: YOSHIFUJI Hideaki/吉藤英明 <hideaki.yoshifuji@miraclelinux.com> Signed-off-by:
-
Hannes Frederic Sowa authored
This is specified by RFC 7217. Cc: Erik Kline <ek@google.com> Cc: Fernando Gont <fgont@si6networks.com> Cc: Lorenzo Colitti <lorenzo@google.com> Cc: YOSHIFUJI Hideaki/吉藤英明 <hideaki.yoshifuji@miraclelinux.com> Signed-off-by:
-
Hannes Frederic Sowa authored
If a DAD conflict is detected, we want to retry privacy stable address generation up to idgen_retries (= 3) times with a delay of idgen_delay (= 1 second). Add the logic to addrconf_dad_failure. By design, we don't clean up dad failed permanent addresses. Cc: Erik Kline <ek@google.com> Cc: Fernando Gont <fgont@si6networks.com> Cc: Lorenzo Colitti <lorenzo@google.com> Cc: YOSHIFUJI Hideaki/吉藤英明 <hideaki.yoshifuji@miraclelinux.com> Signed-off-by:
-
