1. 21 Aug, 2015 2 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · a9e01ed9
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter updates for net-next
      
      This is second pull request includes the conflict resolution patch that
      resulted from the updates that we got for the conntrack template through
      kmalloc. No changes with regards to the previously sent 15 patches.
      
      The following patchset contains Netfilter updates for your net-next tree, they
      are:
      
      1) Rework the existing nf_tables counter expression to make it per-cpu.
      
      2) Prepare and factor out common packet duplication code from the TEE target so
         it can be reused from the new dup expression.
      
      3) Add the new dup expression for the nf_tables IPv4 and IPv6 families.
      
      4) Convert the nf_tables limit expression to use a token-based approach with
         64-bits precision.
      
      5) Enhance the nf_tables limit expression to support limiting at packet byte.
         This comes after several preparation patches.
      
      6) Add a burst parameter to indicate the amount of packets or bytes that can
         exceed the limiting.
      
      7) Add netns support to nfacct, from Andreas Schultz.
      
      8) Pass the nf_conn_zone structure instead of the zone ID in nf_tables to allow
         accessing more zone specific information, from Daniel Borkmann.
      
      9) Allow to define zone per-direction to support netns containers with
         overlapping network addressing, also from Daniel.
      
      10) Extend the CT target to allow setting the zone based on the skb->mark as a
         way to support simple mappings from iptables, also from Daniel.
      
      11) Make the nf_tables payload expression aware of the fact that VLAN offload
          may have removed a vlan header, from Florian Westphal.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a9e01ed9
    • Pablo Neira Ayuso's avatar
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next · 81bf1c64
      Pablo Neira Ayuso authored
      Resolve conflicts with conntrack template fixes.
      
      Conflicts:
      	net/netfilter/nf_conntrack_core.c
      	net/netfilter/nf_synproxy_core.c
      	net/netfilter/xt_CT.c
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      81bf1c64
  2. 20 Aug, 2015 35 commits
  3. 19 Aug, 2015 3 commits
    • Florian Westphal's avatar
      netfilter: nft_payload: work around vlan header stripping · 8cfd23e6
      Florian Westphal authored
      make payload expression aware of the fact that VLAN offload may have
      removed a vlan header.
      
      When we encounter tagged skb, transparently insert the tag into the
      register so that vlan header matching can work without userspace being
      aware of offload features.
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      8cfd23e6
    • David S. Miller's avatar
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue · def63be8
      David S. Miller authored
      Jeff Kirsher says:
      
      ====================
      Intel Wired LAN Driver Updates 2015-08-18
      
      This series contains updates to igb, e100, e1000e and ixgbe.
      
      Shota Suzuki provides a fix for a possible overflow in
      igb_set_interrupt_capability() which leads to an oops.  When changing the
      number of queues by "ethtool -L", set IGB_FLAG_QUEUE_PAIRS in the same
      manner as when initializing the igb driver.
      
      Vasily Averin provides a fix for a missing rtnl_unlock() for when we
      error out due to not being able to allocate memory for our queues.
      
      Stefan Assman provides a couple of fixes for igb/igbvf.  First changes
      the igb driver in probe to simply call igb_enable_sriov() instead of
      igb_sriov_reinit() since we are starting from scratch.  Then in igbvf,
      fix the driver where it does not clear the buffer_info->dma in all
      cases after calling dma_unmap_single(), which was found by changing the
      MTU twice.
      
      Richard Cochran implements the periodic output function using the
      programmable clock outputs available in i210 when possible, falling
      back to the target time for longer periods.
      
      Todd adds support for the Marvell PHY 1512 which is required for i354
      devices.  Then updates igb to make sure SR-IOV init uses the correct
      number of queues, since recent changes could result in the PF holding
      onto all of the queues.
      
      Alex Williamson provides a fix in the case where a guest OS does not
      support hot-unplug, so disable SR-IOV prior to unregister_netdev() to
      avoid the problem.
      
      Jia-Ju Bai provides several patches, first knocks some collecting dust
      off an old e100 driver to add a check to avoid a null pointer
      dereference.  Then cleans up a possible resource leak by releasing the
      skb buffer allocated when the e100_xmit_prepare() runs into an issue
      in the DMA mapping.  In igb, add a missing rtnl_unlock() for when we
      error out due to igb_sriov_reinit() in the igb_init_interrupt_scheme().
      Provides a e1000e fix, based on suggestions from Alex Duyck to move
      head/tail register writing to e1000_configure_tx/rx() to avoid a
      possible null pointer dereference (similar to igb driver).  Lastly,
      fix a possible memory leak in igb_probe(), where the memory shadow_vfta
      allocated by kcalloc in igb_sw_init() is not freed.
      
      Mark simplifies port-specific macros for ixgbe by eliminating explicit
      comparisons with 0 and enclose formal parameters in parens to eliminate
      the risk of an operator precedence issue.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      def63be8
    • David S. Miller's avatar
      Merge branch 'vrf-next' · 1c8aa215
      David S. Miller authored
      Nikolay Aleksandrov says:
      
      ====================
      vrf: a few simplifications and cleanups
      
      These patches remove some unnecessary checks (patches 3, 4), unnecessary
      num_slaves member and refcnt manipulations which are already done by the
      upper functions.
      ====================
      Acked-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1c8aa215