1. 05 Jan, 2020 1 commit
    • David S. Miller's avatar
      Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue · 4460985f
      David S. Miller authored
      Jeff Kirsher says:
      
      ====================
      100GbE Intel Wired LAN Driver Updates 2020-01-03
      
      This series contains updates to the ice driver only.
      
      Brett adds support for UDP segmentation offload (USO) based on the work
      Alex Duyck did for other Intel drivers. Refactored how the VF sets
      spoof checking to resolve a couple of issues found in
      ice_set_vf_spoofchk().  Adds the ability to track of the dflt_vsI
      (default VSI), since we cannot have more than one default VSI.  Add a
      macro for commonly used "for loop" used repeatedly in the code.  Cleaned
      up and made the VF link flows all similar.  Refactor the flows of adding
      and deleting MAC addresses in order to simplify the logic for error
      conditions and setting/clearing the VF's default MAC address field.
      
      Michal moves the setting of the default ITR value from ice_cfg_itr() to
      the function we allocate queue vectors.  Adds support for saving and
      restoring the ITR value for each queue.  Adds a check for all invalid
      or unused parameters to log the information and return an error.
      
      Vignesh cleans up the driver where we were trying to write to read-only
      registers for the receive flex descriptors.
      
      Tony changes a netdev_info() to netdev_dbg() when the MTU value is
      changed.
      
      Bruce suppresses a coverity reported error that was not really an error
      by adding a code comment.
      
      Mitch adds a check for a NULL receive descriptor to resolve a coverity
      reported issue.
      
      Krzysztof prevents a potential general protection fault by adding a
      boundary check to see if the queue id is greater than the size of a UMEM
      array.  Adds additional code comments to assist coverity in its scans to
      prevent false positives.
      
      Jake adds support for E822 devices to the driver.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4460985f
  2. 04 Jan, 2020 16 commits
  3. 03 Jan, 2020 11 commits
  4. 02 Jan, 2020 12 commits
    • David S. Miller's avatar
      Merge branch 'tcp-Add-support-for-L3-domains-to-MD5-auth' · 7a8d8a46
      David S. Miller authored
      David Ahern says:
      
      ====================
      tcp: Add support for L3 domains to MD5 auth
      
      With VRF, the scope of network addresses is limited to the L3 domain
      the device is associated. MD5 keys are based on addresses, so proper
      VRF support requires an L3 domain to be considered for the lookups.
      
      Leverage the new TCP_MD5SIG_EXT option to add support for a device index
      to MD5 keys. The __tcpm_pad entry in tcp_md5sig is renamed to tcpm_ifindex
      and a new flag, TCP_MD5SIG_FLAG_IFINDEX, in tcpm_flags determines if the
      entry is examined. This follows what was done for MD5 and prefixes with
      commits
         8917a777 ("tcp: md5: add TCP_MD5SIG_EXT socket option to set a key address prefix")
         6797318e ("tcp: md5: add an address prefix for key lookup")
      
      Handling both a device AND L3 domain is much more complicated for the
      response paths. This set focuses only on L3 support - requiring the
      device index to be an l3mdev (ie, VRF). Support for slave devices can
      be added later if desired, much like the progression of support for
      sockets bound to a VRF and then bound to a device in a VRF. Kernel
      code is setup to explicitly call out that current lookup is for an L3
      index, while the uapi just references a device index allowing its
      meaning to include other devices in the future.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7a8d8a46
    • David Ahern's avatar
      fcnal-test: Add TCP MD5 tests for VRF · 5cad8bce
      David Ahern authored
      Add tests for new TCP MD5 API for L3 domains (VRF).
      
      A new namespace is added to create a duplicate configuration between
      the VRF and default VRF to verify overlapping config is handled properly.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5cad8bce
    • David Ahern's avatar
      fcnal-test: Add TCP MD5 tests · f0bee1eb
      David Ahern authored
      Add tests for existing TCP MD5 APIs - both single address
      config and the new extended API for prefixes.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f0bee1eb
    • David Ahern's avatar
      nettest: Add support for TCP_MD5 extensions · eb09cf03
      David Ahern authored
      Update nettest to implement TCP_MD5SIG_EXT for a prefix and a device.
      
      Add a new option, -m, to specify a prefix and length to use with MD5
      auth. The device option comes from the existing -d option. If either
      are set and MD5 auth is requested, TCP_MD5SIG_EXT is used instead of
      TCP_MD5SIG.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      eb09cf03
    • David Ahern's avatar
      nettest: Return 1 on MD5 failure for server mode · 1bfb45d8
      David Ahern authored
      On failure to set MD5 password, do_server should return 1 so that the
      program exits with 1 rather than 255. This used for negative testing
      when adding MD5 with device option.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1bfb45d8
    • David Ahern's avatar
      net: Add device index to tcp_md5sig · 6b102db5
      David Ahern authored
      Add support for userspace to specify a device index to limit the scope
      of an entry via the TCP_MD5SIG_EXT setsockopt. The existing __tcpm_pad
      is renamed to tcpm_ifindex and the new field is only checked if the new
      TCP_MD5SIG_FLAG_IFINDEX is set in tcpm_flags. For now, the device index
      must point to an L3 master device (e.g., VRF). The API and error
      handling are setup to allow the constraint to be relaxed in the future
      to any device index.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6b102db5
    • David Ahern's avatar
      tcp: Add l3index to tcp_md5sig_key and md5 functions · dea53bb8
      David Ahern authored
      Add l3index to tcp_md5sig_key to represent the L3 domain of a key, and
      add l3index to tcp_md5_do_add and tcp_md5_do_del to fill in the key.
      
      With the key now based on an l3index, add the new parameter to the
      lookup functions and consider the l3index when looking for a match.
      
      The l3index comes from the skb when processing ingress packets leveraging
      the helpers created for socket lookups, tcp_v4_sdif and inet_iif (and the
      v6 variants). When the sdif index is set it means the packet ingressed a
      device that is part of an L3 domain and inet_iif points to the VRF device.
      For egress, the L3 domain is determined from the socket binding and
      sk_bound_dev_if.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dea53bb8
    • David Ahern's avatar
      ipv4/tcp: Pass dif and sdif to tcp_v4_inbound_md5_hash · 534322ca
      David Ahern authored
      The original ingress device index is saved to the cb space of the skb
      and the cb is moved during tcp processing. Since tcp_v4_inbound_md5_hash
      can be called before and after the cb move, pass dif and sdif to it so
      the caller can save both prior to the cb move. Both are used by a later
      patch.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      534322ca
    • David Ahern's avatar
      ipv6/tcp: Pass dif and sdif to tcp_v6_inbound_md5_hash · d14c77e0
      David Ahern authored
      The original ingress device index is saved to the cb space of the skb
      and the cb is moved during tcp processing. Since tcp_v6_inbound_md5_hash
      can be called before and after the cb move, pass dif and sdif to it so
      the caller can save both prior to the cb move. Both are used by a later
      patch.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d14c77e0
    • David Ahern's avatar
      ipv4/tcp: Use local variable for tcp_md5_addr · cea97609
      David Ahern authored
      Extract the typecast to (union tcp_md5_addr *) to a local variable
      rather than the current long, inline declaration with function calls.
      
      No functional change intended.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cea97609
    • Niu Xilei's avatar
      vxlan: Fix alignment and code style of vxlan.c · 98c81476
      Niu Xilei authored
      Fixed Coding function and style issues
      Signed-off-by: default avatarNiu Xilei <niu_xilei@163.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      98c81476
    • David S. Miller's avatar
      Merge branch 'mlxsw-Allow-setting-default-port-priority' · f5e5d272
      David S. Miller authored
      Ido Schimmel says:
      
      ====================
      mlxsw: Allow setting default port priority
      
      Petr says:
      
      When LLDP APP TLV selector 1 (EtherType) is used with PID of 0, the
      corresponding entry specifies "default application priority [...] when
      application priority is not otherwise specified."
      
      mlxsw currently supports this type of APP entry, but uses it only as a
      fallback for unspecified DSCP rules. However non-IP traffic is prioritized
      according to port-default priority, not according to the DSCP-to-prio
      tables, and thus it's currently not possible to prioritize such traffic
      correctly.
      
      This patchset extends the use of the abovementioned APP entry to also set
      default port priority (in patches #1 and #2) and then (in patch #3) adds a
      selftest.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f5e5d272