- 10 Nov, 2016 15 commits
-
-
Tobias Klauser authored
Remove the unused but set variables min_set and max_set in adjust_reg_min_max_vals to fix the following warning when building with 'W=1': kernel/bpf/verifier.c:1483:7: warning: variable ‘min_set’ set but not used [-Wunused-but-set-variable] There is no warning about max_set being unused, but since it is only used in the assignment of min_set it can be removed as well. They were introduced in commit 48461135 ("bpf: allow access into map value arrays") but seem to have never been used. Cc: Josef Bacik <jbacik@fb.com> Signed-off-by:
Tobias Klauser <tklauser@distanz.ch> Acked-by:
Alexei Starovoitov <ast@kernel.org> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Yotam Gigi authored
tc_act macro addressed a non existing field, and was not used in the kernel source. Signed-off-by:
Yotam Gigi <yotamg@mellanox.com> Reviewed-by:
Jiri Pirko <jiri@mellanox.com> Signed-off-by:
-
David S. Miller authored
David Lebrun says: ==================== net: add support for IPv6 Segment Routing v5: - Check SRH validity when adding a new route with lwtunnels and when setting an IPV6_RTHDR socket option. - Check that hdr->segments_left is not out of bounds when processing an SR-enabled packet. - Add __ro_after_init attribute to seg6_genl_policy structure. - Add CONFIG_IPV6_SEG6_INLINE option to enable or disable direct header insertion. v4: - Change @cleanup in ipv6_srh_rcv() from int to bool - Move checksum helper functions into header file - Add common definition for SR TLVs - Add comments for HMAC computation algorithm - Use rhashtable to store HMAC infos instead of linked list - Remove packed attribute for struct sr6_tlv_hmac - Use dst cache only if CONFIG_DST_CACHE is enabled v3: - Fix compilation for CONFIG_IPV6={n,m} v2: - Remove packed attribute from sr6 struct and replaced unaligned 16-bit flags with two 8-bit flags. - SR code now included by default. Option CONFIG_IPV6_SEG6_HMAC exists for HMAC support (which requires crypto dependencies). - Replace "hidden" calls to mutex_{un,}lock to direct calls. - Fix reverse xmas tree coding style. - Fix cast-from-void*'s. - Update skb->csum to account for SR modifications. - Add dst_cache in seg6_output. Segment Routing (SR) is a source routing paradigm, architecturally defined in draft-ietf-spring-segment-routing-09 [1]. The IPv6 flavor of SR is defined in draft-ietf-6man-segment-routing-header-02 [2]. The main idea is that an SR-enabled packet contains a list of segments, which represent mandatory waypoints. Each waypoint is called a segment endpoint. The SR-enabled packet is routed normally (e.g. shortest path) between the segment endpoints. A node that inserts an SRH into a packet is called an ingress node, and a node that is the last segment endpoint is called an egress node. From an IPv6 viewpoint, an SR-enabled packet contains an IPv6 extension header, which is a Routing Header type 4, defined as follows: struct ipv6_sr_hdr { __u8 nexthdr; __u8 hdrlen; __u8 type; __u8 segments_left; __u8 first_segment; __u8 flag_1; __u8 flag_2; __u8 reserved; struct in6_addr segments[0]; }; The first 4 bytes of the SRH is consistent with the Routing Header definition in RFC 2460. The type is set to `4' (SRH). Each segment is encoded as an IPv6 address. The segments are encoded in reverse order: segments[0] is the last segment of the path, and segments[first_segment] is the first segment of the path. segments[segments_left] points to the currently active segment and segments_left is decremented at each segment endpoint. There exist two ways for a packet to receive an SRH, we call them encap mode and inline mode. In the encap mode, the packet is encapsulated in an outer IPv6 header that contains the SRH. The inner (original) packet is not modified. A virtual tunnel is thus created between the ingress node (the node that encapsulates) and the egress node (the last segment of the path). Once an encapsulated SR packet reaches the egress node, the node decapsulates the packet and performs a routing decision on the inner packet. This kind of SRH insertion is intended to use for routers that encapsulates in-transit packet. The second SRH insertion method, the inline mode, acts by directly inserting the SRH right after the IPv6 header of the original packet. For this method, if a particular flag (SR6_FLAG_CLEANUP) is set, then the penultimate segment endpoint must strip the SRH from the packet before forwarding it to the last segment endpoint. This insertion method is intended to use for endhosts, however it is also used for in-transit packets by some industry actors. Note that directly inserting extension headers may break several mechanisms such as Path MTU Discovery, IPSec AH, etc. For this reason, this insertion method is only available if CONFIG_IPV6_SEG6_INLINE is enabled. Finally, the SRH may contain TLVs after the segments list. Several types of TLVs are defined, but we currently consider only the HMAC TLV. This TLV is an answer to the deprecation of the RH0 and enables to ensure the authenticity and integrity of the SRH. The HMAC text contains the flags, the first_segment index, the full list of segments, and the source address of the packet. While SR is intended to use mostly within a single administrative domain, the HMAC TLV allows to verify SR packets coming from an untrusted source. This patches series implements support for the IPv6 flavor of SR and is logically divided into the following components: (1) Data plane support (patch 01). This patch adds a function in net/ipv6/exthdrs.c to handle the Routing Header type 4. It enables the kernel to act as a segment endpoint, by supporting the following operations: decrementation of the segments_left field, cleanup flag support (removal of the SRH if we are the penultimate segment endpoint) and decapsulation of the inner packet as an egress node. (2) Control plane support (patches 02..03 and 07..09). These patches enables to insert SRH on locally emitted and/or forwarded packets, both with encap mode and with inline mode. The SRH insertion is controlled through the lightweight tunnels mechanism. Furthermore, patch 08 enables the applications to insert an SRH on a per-socket basis, through the setsockopt() system call. The mechanism to specify a per-socket Routing Header was already defined for RH0 and no special modification was performed on this side. However, the code to actually push the RH onto the packets had to be adapted for the SRH specifications. (3) HMAC support (patches 04..06). These patches adds the support of the HMAC TLV verification for the dataplane part, and generation for the control plane part. Two hashing algorithms are supported (SHA-1 as legacy and SHA-256 as required by the IETF draft), but additional algorithms can be easily supported by simply adding an entry into an array. [1] https://tools.ietf.org/html/draft-ietf-spring-segment-routing-09 [2] https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-02 ==================== Signed-off-by: -
David Lebrun authored
This patch adds documentation for some SR-related per-interface sysctls. Signed-off-by:
David Lebrun <david.lebrun@uclouvain.be> Signed-off-by:
-
David Lebrun authored
This patch adds support for per-socket SRH injection with the setsockopt system call through the IPPROTO_IPV6, IPV6_RTHDR options. The SRH is pushed through the ipv6_push_nfrag_opts function. Signed-off-by:
-
David Lebrun authored
This patch prepares for insertion of SRH through setsockopt(). The new source address argument is used when an HMAC field is present in the SRH, which must be filled. The HMAC signature process requires the source address as input text. Signed-off-by:
-
David Lebrun authored
This patch enables the verification of the HMAC signature for transiting SR-enabled packets, and its insertion on encapsulated/injected SRH. Signed-off-by:
-
David Lebrun authored
This patch provides an implementation of the genetlink commands to associate a given HMAC key identifier with an hashing algorithm and a secret. Signed-off-by:
-
David Lebrun authored
This patch adds the necessary functions to compute and check the HMAC signature of an SR-enabled packet. Two HMAC algorithms are supported: hmac(sha1) and hmac(sha256). In order to avoid dynamic memory allocation for each HMAC computation, a per-cpu ring buffer is allocated for this purpose. A new per-interface sysctl called seg6_require_hmac is added, allowing a user-defined policy for processing HMAC-signed SR-enabled packets. A value of -1 means that the HMAC field will always be ignored. A value of 0 means that if an HMAC field is present, its validity will be enforced (the packet is dropped is the signature is incorrect). Finally, a value of 1 means that any SR-enabled packet that does not contain an HMAC signature or whose signature is incorrect will be dropped. Signed-off-by:
-
David Lebrun authored
This patch creates a new type of interfaceless lightweight tunnel (SEG6), enabling the encapsulation and injection of SRH within locally emitted packets and forwarded packets. >From a configuration viewpoint, a seg6 tunnel would be configured as follows: ip -6 ro ad fc00::1/128 encap seg6 mode encap segs fc42::1,fc42::2,fc42::3 dev eth0 Any packet whose destination address is fc00::1 would thus be encapsulated within an outer IPv6 header containing the SRH with three segments, and would actually be routed to the first segment of the list. If `mode inline' was specified instead of `mode encap', then the SRH would be directly inserted after the IPv6 header without outer encapsulation. The inline mode is only available if CONFIG_IPV6_SEG6_INLINE is enabled. This feature was made configurable because direct header insertion may break several mechanisms such as PMTUD or IPSec AH. Signed-off-by:
-
David Lebrun authored
This patch adds the necessary hooks and structures to provide support for SR-IPv6 control plane, essentially the Generic Netlink commands that will be used for userspace control over the Segment Routing kernel structures. The genetlink commands provide control over two different structures: tunnel source and HMAC data. The tunnel source is the source address that will be used by default when encapsulating packets into an outer IPv6 header + SRH. If the tunnel source is set to :: then an address of the outgoing interface will be selected as the source. The HMAC commands currently just return ENOTSUPP and will be implemented in a future patch. Signed-off-by:
-
David Lebrun authored
Implement minimal support for processing of SR-enabled packets as described in https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-02. This patch implements the following operations: - Intermediate segment endpoint: incrementation of active segment and rerouting. - Egress for SR-encapsulated packets: decapsulation of outer IPv6 header + SRH and routing of inner packet. - Cleanup flag support for SR-inlined packets: removal of SRH if we are the penultimate segment endpoint. A per-interface sysctl seg6_enabled is provided, to accept/deny SR-enabled packets. Default is deny. This patch does not provide support for HMAC-signed packets. Signed-off-by:
-
Arnd Bergmann authored
The newly introduced mii_ethtool_get_link_ksettings function sets lp_advertising to an uninitialized value when BMCR_ANENABLE is not set: drivers/net/mii.c: In function 'mii_ethtool_get_link_ksettings': drivers/net/mii.c:224:2: error: 'lp_advertising' may be used uninitialized in this function [-Werror=maybe-uninitialized] As documented in include/uapi/linux/ethtool.h, the value is expected to be zero when we don't know it, so let's initialize it to that. Fixes: bc8ee596 ("net: mii: add generic function to support ksetting support") Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Signed-off-by:
-
Jan Beulich authored
For single items being collected this should be preferred as being more typesafe (as the compiler can check format string and to-be-written-to variable match) and more efficient (requiring one less parameter to be passed). Signed-off-by:
Jan Beulich <jbeulich@suse.com> Reviewed-by:
Paul Durrant <paul.durrant@citrix.com> Signed-off-by:
-
Hangbin Liu authored
There is some difference between force_igmp_version and force_mld_version. Add document to make users aware of this. Signed-off-by:
Hangbin Liu <liuhangbin@gmail.com> Signed-off-by:
-
- 09 Nov, 2016 25 commits
-
-
Asbjørn Sloth Tønnesen authored
recv_seq, send_seq and lns_mode mode are all defined as unsigned int foo:1; Signed-off-by:
Asbjoern Sloth Toennesen <asbjorn@asbjorn.st> Signed-off-by:
-
Asbjørn Sloth Tønnesen authored
These assignments follow this pattern: unsigned int foo:1; struct nlattr *nla = info->attrs[bar]; if (nla) foo = nla_get_flag(nla); /* expands to: foo = !!nla */ This could be simplified to: if (nla) foo = 1; but lets just remove the condition and use the macro, foo = nla_get_flag(nla); Signed-off-by:
-
Asbjørn Sloth Tønnesen authored
This patch causes the proper attribute flags to be set, in the case that IPv6 UDP checksums are disabled, so that userspace ie. `ip l2tp show tunnel` knows about it. Signed-off-by:
-
Asbjørn Sloth Tønnesen authored
Only set L2TP_ATTR_UDP_CSUM in l2tp_nl_tunnel_send() when it's running over IPv4. This prepares the code to also have IPv6 specific attributes. Signed-off-by:
-
Asbjørn Sloth Tønnesen authored
The attributes L2TP_ATTR_UDP_ZERO_CSUM6_RX and L2TP_ATTR_UDP_ZERO_CSUM6_TX are used as flags, but is defined as a u8 in a comment. This patch redocuments them as flags. Adding nla_policy entries would break API, so not doing that. CC: Tom Herbert <therbert@google.com> Signed-off-by:
-
Eric Dumazet authored
Receiving a GSO packet in dev_gro_receive() is not uncommon in stacked devices, or devices partially implementing LRO/GRO like bnx2x. GRO is implementing the aggregation the device was not able to do itself. Current code causes reorders, like in following case : For a given flow where sender sent 3 packets P1,P2,P3,P4 Receiver might receive P1 as a single packet, stored in GRO engine. Then P2-P4 are received as a single GSO packet, immediately given to upper stack, while P1 is held in GRO engine. This patch will make sure P1 is given to upper stack, then P2-P4 immediately after. Signed-off-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
-
David S. Miller authored
Edward Cree says: ==================== sfc: enable 4-tuple UDP RSS hashing EF10 based NICs have configurable RSS hash fields, and can be made to take the ports into the hash on UDP (they already do so for TCP). This patch series enables this, in order to improve spreading of UDP traffic. ==================== Signed-off-by: -
Edward Cree authored
Signed-off-by:
Edward Cree <ecree@solarflare.com> Signed-off-by:
-
Edward Cree authored
This improves UDP spreading, and also slightly improves GRO performance of encapsulated TCP on 7000 series NICs. Signed-off-by:
-
David S. Miller authored
Saeed Mahameed says: ==================== Mellanox 100G SRIOV offloads tunnel_key set/release From Hadar Hen Zion: This series further enhances the SRIOV TC offloads of mlx5 to handle the TC tunnel_key release and set actions. This serves a common use-case in virtualization systems where the virtual switch encapsulate packets (tunnel_key set action) sent from VMs with outer headers corresponding to the local/remote host IPs and de-capsulate (tunnel_key release) outer headers before the packets are received by the VM. We use the new E-Switch switchdev mode and TC tunnel_key set/release action to achieve that also in SW defined SRIOV environments by offloading TC rules that contain these actions along with forwarding (TC mirred/redirect action) the packets. The first six patches are adding the needed support in flow dissector, flower and tc for offloading tunnel_key actions: - The first three patches are adding the needed help functions and enums - The next three patches in the series are adding UDP port attribute to tunnel_key release and set actions. The addition of UDP ports would allow the HW driver to make sure they are given (say) a VXLAN tunnel to offload (mlx5e uses that). Patches 7-10 are mlx5 preparations for tunnel_key actions offloads support. Patch #11 adds mlx5e support to offload tunnel_key release action, and the last two patches (#12-13) add mlx5e support to tc tunnel_key set action. Currently in order to offload tc tunnel_key release action, the tc rule should be placed on top of the mlx5e offloading (uplink) interface instead of the shared tunnel interface. The resolution between the tunnel interface to the HW netdevice will be implemented in a follow up series. This series was generated against commit 94edc86b ("Merge branch 'dwmac-sti-refactor-cleanup'") ==================== Signed-off-by: -
Hadar Hen Zion authored
In mlx5 HW, encapsulation is offloaded by the steering rule having index into an encapsulation table containing the entire set of headers to be added by the HW. The driver sets these headers in a buffer when we are offloading the action. The code maintains mlx5_encap_entry for each encap header it has encountered when attempted to offload TC tunnel set action. This entry maintains a linked list of all the flows sharing the same encap header, when the last flow is removed from the list the encap entry is removed. The actual encap_header is allocated by the driver in the hardware only if we have layer two neighbour info when the encap entry is created. While the flow is in the driver, the driver holds a reference on the neighbour. When a new flow with encap action is inserted, the code first checks if the required encap entry exists according to the tunnel set parameters. If it does the encap is shared, otherwise a new mlx5_encap_entry is created. TC action parsing implementation in the driver assumes that tunnel set action is provided in the same order set by the user, e.g before the mirred_redirect action. Signed-off-by:
Hadar Hen Zion <hadarh@mellanox.com> Signed-off-by:
Saeed Mahameed <saeedm@mellanox.com> Signed-off-by:
-
Hadar Hen Zion authored
By implementing this ndo, the host stack will set the vxlan udp port also to VF representor netdevices. This will allow the TC offload code in the driver when it gets a tunnel key set action to identify the UDP port as vxlan, and hence the rule will be a candidate for offloading. Signed-off-by:
-
Hadar Hen Zion authored
Enhance the parsing of offloaded TC rules to set HW matching on outer (encapsulation) headers. Parse TC tunnel release action and set it as mlx5 decap action when the required capabilities are supported. Signed-off-by:
-
Hadar Hen Zion authored
In order to support steering rules which add encapsulation headers, encap_id parameter is needed. Add new mlx5_flow_act struct which holds action related parameter: action, flow_tag and encap_id. Use mlx5_flow_act struct when adding a new steering rule. This patch doesn't change any functionality. Signed-off-by:
-
Hadar Hen Zion authored
When creating flow tables, allow the caller to specify creation flags. Currently no flags are used and as such this patch doesn't add any new functionality. Signed-off-by:
-
Hadar Hen Zion authored
Instead of comparing to a const value, check the value of max encap header size capability as reported by the Firmware. Fixes: 575ddf58 ('net/mlx5: Introduce alloc_encap and dealloc_encap commands') Signed-off-by:
-
Hadar Hen Zion authored
The alloc and dealloc encap commands will be used in the mlx5e driver, as such, declare them in a common header file. Also, rename the functions: mlx5_cmd_{de}alloc_encap is replaced with mlx5_encap_{de}alloc. Signed-off-by: -
Hadar Hen Zion authored
The current tunnel set action supports only IP addresses and key options. Add UDP dst port option. Signed-off-by:
-
Hadar Hen Zion authored
Add dst port parameter to __ip_tun_set_dst and __ipv6_tun_set_dst utility functions. Signed-off-by:
-
Hadar Hen Zion authored
The current IP tunneling classification supports only IP addresses and key. Enhance UDP based IP tunneling classification parameters by adding UDP src and dst port. Signed-off-by:
-
Hadar Hen Zion authored
When encapsulation field is set, mark it as used key for the flow dissector. This will be used by offloading drivers. Signed-off-by:
-
Hadar Hen Zion authored
New encapsulation keys were added to the flower classifier, which allow classification according to outer (encapsulation) headers attributes such as key and IP addresses. In order to expose those attributes outside flower, add corresponding enums in the flow dissector. Signed-off-by:
-
Hadar Hen Zion authored
Needed for drivers to pick the relevant action when offloading tunnel key act. Signed-off-by:
-
Lorenzo Colitti authored
Without this check, it is not possible to create two rules that are identical except for their UID ranges. For example: root@net-test:/# ip rule add prio 1000 lookup 300 root@net-test:/# ip rule add prio 1000 uidrange 100-200 lookup 300 RTNETLINK answers: File exists root@net-test:/# ip rule add prio 1000 uidrange 100-199 lookup 100 root@net-test:/# ip rule add prio 1000 uidrange 200-299 lookup 200 root@net-test:/# ip rule add prio 1000 uidrange 300-399 lookup 100 RTNETLINK answers: File exists Tested: https://android-review.googlesource.com/#/c/299980/Signed-off-by:
Lorenzo Colitti <lorenzo@google.com> Acked-by:
Maciej Żenczykowski <maze@google.com> Signed-off-by:
-
Mintz, Yuval authored
Driver uses a union for copying data to & from management firmware when interacting with it. Problem is that the function always copies sizeof(union) while commit 2edbff8d ("qed: Learn resources from management firmware") is casting a union elements which is of smaller size [24-byte instead of 88-bytes]. Also, the union contains some inappropriate elements which increase its size [should have been 32-bytes]. While this shouldn't corrupt other PF messages to the MFW [as management firmware enforces permissions so that each PF is allowed to write only to its own mailbox] we fix this here as well. Fixes: 2edbff8d ("qed: Learn resources from management firmware") Signed-off-by:
Yuval Mintz <Yuval.Mintz@cavium.com> Signed-off-by:
-
