Signed-off-by: Hangbin Liu
---
.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitignore b/.gitignore
index ef03b17..74a5496 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@ Config
# cscope
cscope.*
ncscope.*
+tags
TAGS
# git files that we don't want to ignore eve
ftell() may return -1 in error case, which is not handled and therefore pass a
negative offset to fseek(). The return code of fseek() is also not checked.
Reported-by: Phil Sutter
Signed-off-by: Hangbin Liu
---
ip/iproute.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff
On Sat, Sep 03, 2016 at 09:09:50AM +0200, Jiri Pirko wrote:
> Fri, Sep 02, 2016 at 08:49:34PM CEST, john.fastab...@gmail.com wrote:
> >On 16-09-02 10:18 AM, Florian Fainelli wrote:
> >> Hi all,
> >>
> >
> >Hi Florian,
> >
> >> (apologies for the long CC list and the fact that I can't type correctl
This is to suppress the checkpatch.pl warning "Comparison to NULL
could be written". No functional changes here.
Signed-off-by: Jia He
---
net/ipv4/proc.c | 44 ++--
net/sctp/proc.c | 4 ++--
net/xfrm/xfrm_proc.c | 4 ++--
3 files changed, 26 i
This patch exchanges the two loop for collecting the percpu
statistics data. This can reduce cache misses by going through
all the items of each cpu sequentially.
Signed-off-by: Jia He
---
net/sctp/proc.c | 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/net/sctp
This patch exchanges the two loop for collecting the percpu statistics
data. This can aggregate the data by going through all the items of each
cpu sequentially. Then snmp_seq_show is split into 2 parts to avoid build
warning "the frame size" larger than 1024.
Signed-off-by: Jia He
---
net/ipv4/
The parameter items(always ICMP6_MIB_MAX) is useless for __snmp6_fill_statsdev.
Signed-off-by: Jia He
---
net/ipv6/addrconf.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index f418d2e..e170554 100644
--- a/net/ipv6/ad
This patch exchanges the two loop for collecting the percpu
statistics data. This can reduce cache misses by going through
all the items of each cpu sequentially.
Signed-off-by: Jia He
---
net/ipv6/proc.c | 47 ---
1 file changed, 36 insertions(+), 11
This patch exchanges the two loop for collecting the percpu
statistics data. This can reduce cache misses by going through
all the items of each cpu sequentially.
Signed-off-by: Jia He
---
net/xfrm/xfrm_proc.c | 17 +
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a
In a PowerPc server with large cpu number(160), besides commit
a3a773726c9f ("net: Optimize snmp stat aggregation by walking all
the percpu data at once"), I watched several other snmp_fold_field
callsites which will cause high cache miss rate.
My simple test case, which read from the procfs items
Reply inline
On 9/5/2016 12:24 PM, David Howells wrote:
> [cc'ing Jeff Altman for comment]
>
> David Laight wrote:
>
>>> Create a random epoch value rather than a time-based one on startup and set
>>> the top bit to indicate that this is the case.
>>
>> Why set the top bit?
>> There is not
On Tue, Sep 6, 2016 at 10:06 AM, wrote:
> From: Gao Feng
>
> It is valid that the TCP RST packet which does not set ack flag, and bytes
> of ack number are zero. For these RST packets, seqadj could not adjust the
> ack number.
>
> Signed-off-by: Gao Feng
> ---
> v2: Regenerate because the firs
From: Gao Feng
It is valid that the TCP RST packet which does not set ack flag, and bytes
of ack number are zero. For these RST packets, seqadj could not adjust the
ack number.
Signed-off-by: Gao Feng
---
v2: Regenerate because the first patch is removed
v1: Initial patch
net/netfilter/nf_c
From: Gao Feng
When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj
extension. But the function nf_ct_seqadj_init doesn't check if get valid
seqadj pointer by the nfct_seqadj.
Now drop the packet directly when fail to add seqadj extension to avoid
dereference NULL pointer in
On 9/4/16 11:23 AM, Leon Romanovsky wrote:
On Sun, Sep 04, 2016 at 05:57:20PM +0200, Christophe JAILLET wrote:
Le 04/09/2016 à 14:20, Leon Romanovsky a écrit :
On Sat, Sep 03, 2016 at 07:33:29AM +0200, Christophe JAILLET wrote:
Calling 'list_splice' followed by 'INIT_LIST_HEAD' is equivalent t
You are a recipient to Mrs Julie Leach Donation of $2 million USD. Contact
(julieleach...@hotmail.com) for claims.
You are a recipient to Mrs Julie Leach Donation of $2 million USD. Contact
(julieleach...@hotmail.com) for claims.
You are a recipient to Mrs Julie Leach Donation of $2 million USD. Contact
(julieleach...@hotmail.com) for claims.
On 9/5/16 2:40 PM, Sargun Dhillon wrote:
On Mon, Sep 05, 2016 at 04:49:26PM +0200, Daniel Mack wrote:
Hi,
On 08/30/2016 01:04 AM, Sargun Dhillon wrote:
On Fri, Aug 26, 2016 at 09:58:48PM +0200, Daniel Mack wrote:
This patch adds two sets of eBPF program pointers to struct cgroup.
One for such
On Mon, Sep 05, 2016 at 04:49:26PM +0200, Daniel Mack wrote:
> Hi,
>
> On 08/30/2016 01:04 AM, Sargun Dhillon wrote:
> > On Fri, Aug 26, 2016 at 09:58:48PM +0200, Daniel Mack wrote:
> >> This patch adds two sets of eBPF program pointers to struct cgroup.
> >> One for such that are directly pinned
From: Salil Mehta
Date: Mon, 5 Sep 2016 14:20:33 +
> This patch will conflict with Doug Ledford's hns-roce's HNS driver.
> This might lead to problems later during this merge window of 4.9.
You don't need to say this three times.
These changes will not be reverted, instead the conflicts wil
From: Salil Mehta
Date: Mon, 5 Sep 2016 12:53:07 +
> There is a patch in net-next for HNS Ethernet driver which has been accepted.
> "b3dc935 net: hns: remove redundant dev_err call in hns_dsaf_get_cfg()"
>
> This patch is creating conflict with Doug Ledford's hns-roce branch.
> Internally,
On Mon, Sep 5, 2016 at 12:53 PM, Arnd Bergmann wrote:
> On Monday, September 5, 2016 9:37:29 AM CEST kbuild test robot wrote:
>> All error/warnings (new ones prefixed by >>):
>>
>> >> drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c:63:18: error: field
>> >> 'm250_mux' has incomplete type
>>
Colin King wrote:
> From: Colin Ian King
>
> sched will be uninitialized (and contain a garbage value) in the case
> where call->state >= RXRPC_CALL_DEAD; fix this by initializing sched
> to false to avoid an inadvertent call to rxrpc_queue_call.
>
> Signed-off-by: Colin Ian King
I already
On 09/05/2016 08:32 PM, Alexei Starovoitov wrote:
> On 9/5/16 10:09 AM, Daniel Borkmann wrote:
>> On 09/05/2016 04:09 PM, Daniel Mack wrote:
>>> I really don't think it's worth sparing 8 bytes here and then do the
>>> binary compat dance after flags are added, for no real gain.
>>
>> Sure, but the
On Sat, Sep 03, 2016 at 07:51:50PM +0800, f...@ikuai8.com wrote:
> From: Gao Feng
>
> When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj
> extension. But the function nf_ct_seqadj_init doesn't check if get valid
> seqadj pointer by the nfct_seqadj, while other functions perf
On 9/5/16 10:09 AM, Daniel Borkmann wrote:
On 09/05/2016 04:09 PM, Daniel Mack wrote:
On 09/05/2016 03:56 PM, Daniel Borkmann wrote:
On 09/05/2016 02:54 PM, Daniel Mack wrote:
On 08/30/2016 01:00 AM, Daniel Borkmann wrote:
On 08/26/2016 09:58 PM, Daniel Mack wrote:
enum bpf_map_type {
On Mon, Sep 5, 2016 at 7:49 PM, One Thousand Gnomes
wrote:
>> different runs). Looking at code, the following looks suspicious -- we
>> limit copy by 512 bytes, but use the original count which can be
>> larger than 512:
>>
>> static void sixpack_receive_buf(struct tty_struct *tty,
>> const un
> different runs). Looking at code, the following looks suspicious -- we
> limit copy by 512 bytes, but use the original count which can be
> larger than 512:
>
> static void sixpack_receive_buf(struct tty_struct *tty,
> const unsigned char *cp, char *fp, int count)
> {
> unsigned char buf
On Mon, 2016-09-05 at 12:58 +0200, Pablo Neira Ayuso wrote:
[]
> diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c
[]
> @@ -107,8 +107,8 @@ static int physdev_mt_check(const struct xt_mtchk_param
> *par)
> info->invert & XT_PHYSDEV_OP_BRIDGED) &&
> par->hook
On Mon, 2016-09-05 at 14:56 +0200, Daniel Mack wrote:
> On 08/27/2016 02:08 AM, Alexei Starovoitov wrote:
[]
> > + switch (attr->attach_type) {
> > + case BPF_ATTACH_TYPE_CGROUP_INET_INGRESS:
> > + case BPF_ATTACH_TYPE_CGROUP_INET_EGRESS: {
> > + struct cgroup *cgrp;
> > +
> > +
On Mon, Sep 5, 2016 at 3:47 AM, Steffen Klassert
wrote:
> Since commit 8a29111c7 ("net: gro: allow to build full sized skb")
> gro may build buffers with a frag_list. This can hurt forwarding
> because most NICs can't offload such packets, they need to be
> segmented in software. This patch splits
From: Nogah Frankel
Add a nested attribute of offload stats to if_stats_msg
named IFLA_STATS_LINK_OFFLOAD_XSTATS.
Under it, add SW stats, meaning stats only per packets that went via
slowpath to the cpu, named IFLA_OFFLOAD_XSTATS_CPU_HIT.
Signed-off-by: Nogah Frankel
Signed-off-by: Jiri Pirko
From: Nogah Frankel
Add a new ndo to return statistics for offloaded operation.
Since there can be many different offloaded operation with many
stats types, the ndo gets an attribute id by which it knows which
stats are wanted. The ndo also gets a void pointer to be cast according
to the attribut
From: Nogah Frankel
Change the default statistics ndo to return HW statistics
(like the one returned by ethtool_ops).
The HW stats are collected to a cache by delayed work every 1 sec.
Implement the offload stat ndo.
Add a function to get SW statistics, to be called from this function.
Signed-of
From: Jiri Pirko
The problem we try to handle is about offloaded forwarded packets
which are not seen by kernel. Let me try to draw it:
port1 port2 (HW stats are counted here)
\ /
\/
\
On 09/05/2016 04:09 PM, Daniel Mack wrote:
On 09/05/2016 03:56 PM, Daniel Borkmann wrote:
On 09/05/2016 02:54 PM, Daniel Mack wrote:
On 08/30/2016 01:00 AM, Daniel Borkmann wrote:
On 08/26/2016 09:58 PM, Daniel Mack wrote:
enum bpf_map_type {
@@ -147,6 +149,13 @@ union bpf_attr {
From: Colin Ian King
sched will be uninitialized (and contain a garbage value) in the case
where call->state >= RXRPC_CALL_DEAD; fix this by initializing sched
to false to avoid an inadvertent call to rxrpc_queue_call.
Signed-off-by: Colin Ian King
---
net/rxrpc/call_object.c | 2 +-
1 file c
On Sat, 3 Sep 2016 15:38:08 +0200
Dmitry Vyukov wrote:
> Hello,
>
> While running syzkaller fuzzer I've got the following report:
>
> BUG: KASAN: stack-out-of-bounds in sixpack_receive_buf+0xf8a/0x1450 at
> addr 880037fbf850
> Read of size 1 by task syz-executor/6759
> page:eadfefc0
[cc'ing Jeff Altman for comment]
David Laight wrote:
> > Create a random epoch value rather than a time-based one on startup and set
> > the top bit to indicate that this is the case.
>
> Why set the top bit?
> There is nothing to stop the time (in seconds) from having the top bit set.
> Nothin
On 09/05/2016 05:30 PM, David Laight wrote:
> From: Daniel Mack
+
+ struct { /* anonymous struct used by BPF_PROG_ATTACH/DETACH commands */
+ __u32 target_fd; /* container object to attach
to */
+ __u32 attach_bpf_fd; /* eBPF pr
From: Daniel Mack
> >> +
> >> + struct { /* anonymous struct used by BPF_PROG_ATTACH/DETACH commands */
> >> + __u32 target_fd; /* container object to attach
> >> to */
> >> + __u32 attach_bpf_fd; /* eBPF program to attach */
> >> + __u32
Hello,
I am Amira, 24 years young female. Please i will like to discuss something
important with you. Please Reply
Hi Pablo,
On Mon, Sep 5, 2016 at 11:02 PM, wrote:
> From: Gao Feng
>
> It is valid that the TCP RST packet which does not set ack flag, and bytes
> of ack number are zero. For these RST packets, seqadj could not adjust the
> ack number.
>
> Signed-off-by: Gao Feng
> ---
> net/netfilter/nf_con
From: David Howells
> Sent: 04 September 2016 22:03
> Create a random epoch value rather than a time-based one on startup and set
> the top bit to indicate that this is the case.
Why set the top bit?
There is nothing to stop the time (in seconds) from having the top bit set.
Nothing else can care
From: Gao Feng
It is valid that the TCP RST packet which does not set ack flag, and bytes
of ack number are zero. For these RST packets, seqadj could not adjust the
ack number.
Signed-off-by: Gao Feng
---
net/netfilter/nf_conntrack_seqadj.c | 34 +++---
1 file chang
Hi,
On 08/30/2016 01:04 AM, Sargun Dhillon wrote:
> On Fri, Aug 26, 2016 at 09:58:48PM +0200, Daniel Mack wrote:
>> This patch adds two sets of eBPF program pointers to struct cgroup.
>> One for such that are directly pinned to a cgroup, and one for such
>> that are effective for it.
>>
>> To illu
On 08/30/2016 12:03 AM, Daniel Borkmann wrote:
> On 08/26/2016 09:58 PM, Daniel Mack wrote:
>> diff --git a/net/core/dev.c b/net/core/dev.c
>> index a75df86..17484e6 100644
>> --- a/net/core/dev.c
>> +++ b/net/core/dev.c
>> @@ -141,6 +141,7 @@
>> #include
>> #include
>> #include
>> +#incl
Hello,
This patch will conflict with Doug Ledford's hns-roce's HNS driver.
This might lead to problems later during this merge window of 4.9.
Therefore, Please re-submit it later. The patch files it has are
Directly conflicting with RoCE patches:
[PATCH for-next 1/2] net: hns: Add support of ACPI
On 09/05/2016 03:56 PM, Daniel Borkmann wrote:
> On 09/05/2016 02:54 PM, Daniel Mack wrote:
>> On 08/30/2016 01:00 AM, Daniel Borkmann wrote:
>>> On 08/26/2016 09:58 PM, Daniel Mack wrote:
>>
enum bpf_map_type {
@@ -147,6 +149,13 @@ union bpf_attr {
__aligned_u6
> -Original Message-
> From: David Miller [mailto:da...@davemloft.net]
> Sent: Wednesday, August 24, 2016 1:19 AM
> To: weiyj...@gmail.com
> Cc: Zhuangyuzeng (Yisen); Salil Mehta; huangdaode; Yankejian (Hackim
> Yim); xieqianqian; weiyongjun (A); netdev@vger.kernel.org
> Subject: Re: [PATCH
On 09/05/2016 02:54 PM, Daniel Mack wrote:
On 08/30/2016 01:00 AM, Daniel Borkmann wrote:
On 08/26/2016 09:58 PM, Daniel Mack wrote:
enum bpf_map_type {
@@ -147,6 +149,13 @@ union bpf_attr {
__aligned_u64 pathname;
__u32 bpf_fd;
};
+
+
Trival fix to remove unused variable ar_pci in ath10k_pci_tx_pipe_cleanup
when building with W=1:
drivers/net/wireless/ath/ath10k/pci.c:1696:21: warning: variable
'ar_pci' set but not used [-Wunused-but-set-variable]
Signed-off-by: Chaehyun Lim
---
drivers/net/wireless/ath/ath10k/pci.c | 2 --
1
On Mon, Sep 5, 2016 at 3:08 PM, Tejun Heo wrote:
> Hello,
>
> On Sat, Sep 03, 2016 at 12:58:33PM +0200, Dmitry Vyukov wrote:
>> > I've seen it only several times in several months, so I don't it will
>> > be helpful.
>>
>>
>> Bad news: I hit it again.
>> On 0f98f121e1670eaa2a2fbb675e07d6ba7f0e146f
Hello,
On Sat, Sep 03, 2016 at 12:58:33PM +0200, Dmitry Vyukov wrote:
> > I've seen it only several times in several months, so I don't it will
> > be helpful.
>
>
> Bad news: I hit it again.
> On 0f98f121e1670eaa2a2fbb675e07d6ba7f0e146f of linux-next, so I have
> bf389cabb3b8079c23f9762e62b05f2
On 08/27/2016 02:08 AM, Alexei Starovoitov wrote:
> On Fri, Aug 26, 2016 at 09:58:49PM +0200, Daniel Mack wrote:
>> +
>> +struct { /* anonymous struct used by BPF_PROG_ATTACH/DETACH commands */
>> +__u32 target_fd; /* container object to attach
>> to */
>> +
On 08/30/2016 01:00 AM, Daniel Borkmann wrote:
> On 08/26/2016 09:58 PM, Daniel Mack wrote:
>> enum bpf_map_type {
>> @@ -147,6 +149,13 @@ union bpf_attr {
>> __aligned_u64 pathname;
>> __u32 bpf_fd;
>> };
>> +
>> +struct { /* anonymous struct used
> -Original Message-
> From: Doug Ledford [mailto:dledf...@redhat.com]
> Sent: Thursday, August 25, 2016 12:57 PM
> To: David Miller; Salil Mehta
> Cc: Huwei (Xavier); oulijun; Zhuangyuzeng (Yisen);
> mehta.salil@gmail.com; linux-r...@vger.kernel.org;
> netdev@vger.kernel.org; linux-ker
On Mon, Sep 5, 2016 at 12:03 AM, Artem Germanov
wrote:
>
> Commit 76174004a0f19785a328f40388e87e982bbf69b9
> (tcp: do not slow start when cwnd equals ssthresh )
> introduced regression in TCP YeAH. Using 100ms delay 1% loss virtual
> ethernet link kernel 4.2 shows bandwidth ~500KB/s for single TCP
On 08/30/2016 12:42 AM, Daniel Borkmann wrote:
> On 08/26/2016 09:58 PM, Daniel Mack wrote:
>> This patch adds two sets of eBPF program pointers to struct cgroup.
>> One for such that are directly pinned to a cgroup, and one for such
>> that are effective for it.
>>
>> To illustrate the logic behin
On 08/30/2016 12:14 AM, Daniel Borkmann wrote:
> On 08/26/2016 09:58 PM, Daniel Mack wrote:
>> For now, this program type is equivalent to BPF_PROG_TYPE_SOCKET_FILTER in
>> terms of checks during the verification process. It may access the skb as
>> well.
>>
>> Programs of this type will be attache
Hi Alexei,
On 08/27/2016 02:03 AM, Alexei Starovoitov wrote:
> On Fri, Aug 26, 2016 at 09:58:48PM +0200, Daniel Mack wrote:
>> This patch adds two sets of eBPF program pointers to struct cgroup.
>> One for such that are directly pinned to a cgroup, and one for such
>> that are effective for it.
>>
The MIPS based xilfpga platform uses this driver.
Enable it for MIPS
Signed-off-by: Zubair Lutfullah Kakakhel
---
V1 -> V6 are from a series that has gotten too big.
So I have split this patch and am sending it separately.
---
drivers/net/ethernet/xilinx/Kconfig | 4 ++--
1 file changed, 2 inse
On 09/04/2016 07:45 PM, David Miller wrote:
From: Zubair Lutfullah Kakakhel
Date: Fri, 2 Sep 2016 12:39:24 +0100
A couple of simple patches to generate the random mac address
if none is found. And enabling the driver for mips.
Based on v4.8-rc4.
These were part of a larger series but that
On 05.09.2016 13:54, weiyongjun (A) wrote:
> On 05.09.2016 10:06, Wei Yongjun wrote:
In general, when DAD detected IPv6 duplicate address, ifp->state will
be set to INET6_IFADDR_STATE_ERRDAD and DAD is stopped by a delayed
work, the call tree should be like this:
ndisc_re
On 05.09.2016 10:06, Wei Yongjun wrote:
>>> In general, when DAD detected IPv6 duplicate address, ifp->state will
>>> be set to INET6_IFADDR_STATE_ERRDAD and DAD is stopped by a delayed
>>> work, the call tree should be like this:
>>>
>>> ndisc_recv_ns
>>> -> addrconf_dad_failure<- mis
This patch series adds the support of debug data collection in the qed driver,
and the means to extract it in the qede driver via the get_regs operation.
Hi Dave,
Please consider applying this to 'net-next'.
Thanks,
Tomer
Tomer Tayar (3):
qed: Add infrastructure for debug data collection
qe
Hi Pavel,
Thanks for the notification. I agree that we should register the device
after all initialization has completed. A patch will be sent shortly.
BR,
Lars
On 09/05/2016 10:26 AM, Pavel Andrianov wrote:
Hi!
There is a potential bug in
drivers/net/ethernet/synopsys/dwc_eth_qos.ko. In
Adds support for several infrastructure operations that are done as part of
debug data collection.
Signed-off-by: Tomer Tayar
Signed-off-by: Yuval Mintz
---
drivers/net/ethernet/qlogic/qed/qed_hsi.h | 3 +
drivers/net/ethernet/qlogic/qed/qed_mcp.c | 76 ++
dri
Signed-off-by: Tomer Tayar
Signed-off-by: Yuval Mintz
---
drivers/net/ethernet/qlogic/qed/qed_main.c | 2 ++
drivers/net/ethernet/qlogic/qede/qede_ethtool.c | 24
include/linux/qed/qed_if.h | 4
3 files changed, 30 insertions(+)
diff --g
On Mon, Sep 05, 2016 at 04:56:50PM +1000, Stephen Rothwell wrote:
> Hi all,
>
> Today's linux-next merge of the char-misc tree got a conflict in:
>
> include/linux/hyperv.h
>
> between commit:
>
> 30d1de08c87d ("hv_netvsc: make inline functions static")
>
> from the net-next tree and commi
On 05.09.2016 10:06, Wei Yongjun wrote:
>> In general, when DAD detected IPv6 duplicate address, ifp->state will
>> be set to INET6_IFADDR_STATE_ERRDAD and DAD is stopped by a delayed
>> work, the call tree should be like this:
>>
>> ndisc_recv_ns
>> -> addrconf_dad_failure<- missing i
From: Florian Westphal
Conntrack gc worker to evict stale entries.
GC happens once every 5 seconds, but we only scan at most 1/64th of the
table (and not more than 8k) buckets to avoid hogging cpu.
This means that a complete scan of the table will take several minutes
of wall-clock time.
Consi
From: Gao Feng
We only need first 4 bytes instead of 8 bytes to get the ports of
tcp/udp/dccp/sctp/udplite in their pkt_to_tuple function.
Signed-off-by: Gao Feng
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_conntrack_proto_dccp.c| 3 ++-
net/netfilter/nf_conntrack_proto_sctp.c
From: Colin Ian King
trivial fix to spelling mistake in pr_debug message
Signed-off-by: Colin Ian King
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_conntrack_ftp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_
From: Laura Garcia Liebana
This patch adds the numgen expression that allows us to generated
incremental and random numbers, this generator is bound to a upper limit
that is specified by userspace.
This expression is useful to distribute packets in a round-robin fashion
as well as randomly.
Sig
From: Florian Westphal
After timer removal this just calls nf_ct_delete so remove the __ prefix
version and make nf_ct_kill a shorthand for nf_ct_delete.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_conntrack.h | 13 +++--
net/netfilter
From: Gao Feng
There is one macro ARPHRD_ETHER which defines the ethernet proto for ARP,
so we could use it instead of the literal number '1'.
Signed-off-by: Gao Feng
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/nf_log_arp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
di
From: Florian Westphal
With stats enabled this eats 80 bytes on x86_64 per nf_conn entry, as
Eric Dumazet pointed out during netfilter workshop 2016.
Eric also says: "Another reason was the fact that Thomas was about to
change max timer range [..]" (500462a9de657f8, 'timers: Switch to
a non-casc
If the NLM_F_EXCL flag is set, then new elements that clash with an
existing one return EEXIST. In case you try to add an element whose
data area differs from what we have, then this returns EBUSY. If no
flag is specified at all, then this returns success to userspace.
This patch also update the s
This backward compatibility has been around for more than ten years,
since Yasuyuki Kozakai introduced IPv6 in conntrack. These days, we have
alternate /proc/net/nf_conntrack* entries, the ctnetlink interface and
the conntrack utility got adopted by many people in the user community
according to wh
From: Florian Westphal
Once timer is removed from nf_conn struct we cannot open-code
the removal sequence anymore.
Signed-off-by: Florian Westphal
Acked-by: Julian Anastasov
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/ipvs/ip_vs_nfct.c | 7 ++-
1 file changed, 2 insertions(+), 5 d
Currently, if you add a base chain whose name clashes with an existing
non-base chain, nf_tables doesn't complain about this. Similarly, if you
update the chain type, the hook number and priority.
With this patch, nf_tables bails out in case any of this unsupported
operations occur by returning EB
This patch adds the quota expression. This new stateful expression
integrate easily into the dynset expression to build 'hashquota' flow
tables.
Arguably, we could use instead "counter bytes > 1000" instead, but this
approach has several problems:
1) We only support for one single stateful expres
From: Florian Westphal
When dumping we already have to look at the entire table, so we might
as well toss those entries whose timeout value is in the past.
We also look at every entry during resize operations.
However, eviction there is not as simple because we hold the
global resize lock so we
nft_dump_register() should only be used with registers, not with
immediates.
Fixes: cb1b69b0b15b ("netfilter: nf_tables: add hash expression")
Fixes: 91dbc6be0a62("netfilter: nf_tables: add number generator expression")
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nft_hash.c | 6 +++---
Introduce a new function to wrap the code that parses the chain hook
configuration so we can reuse this code to validate chain updates.
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_tables_api.c | 152 +-
1 file changed, 89 insertions(+), 63 deleti
From: Florian Westphal
If we evicted a large fraction of the scanned conntrack entries re-schedule
the next gc cycle for immediate execution.
This triggers during tests where load is high, then drops to zero and
many connections will be in TW/CLOSE state with < 30 second timeouts.
Without this
Use nft_set_* prefix for backend set implementations, thus we can use
nft_hash for the new hash expression.
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/Kconfig| 4 ++--
net/netfilter/Makefile | 4 ++--
net/netfilter/{nft_hash.c => nft_
From: Florian Westphal
In case nf_conntrack_tuple_taken did not find a conflicting entry
check that all entries in this hash slot were tested and restart
in case an entry was moved to another chain.
Reported-by: Eric Dumazet
Fixes: ea781f197d6a ("netfilter: nf_conntrack: use SLAB_DESTROY_BY_RCU
From: Liping Zhang
IP header checksum will be recalculated at ip_local_out, so
there's no need to calculated it here, remove it. Also update
code comments to illustrate it, and delete the misleading
comments about checksum recalculation.
Signed-off-by: Liping Zhang
Signed-off-by: Pablo Neira Ay
From: Wei Yongjun
Fixes the following sparse warning:
net/netfilter/nft_hash.c:40:25: warning:
symbol 'nft_hash_policy' was not declared. Should it be static?
Signed-off-by: Wei Yongjun
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nft_hash.c | 2 +-
1 file changed, 1 insertion(+), 1 d
From: Pablo Neira
Should be attributes, instead of attibutes, for consistency with other
definitions.
Signed-off-by: Pablo Neira Ayuso
---
include/uapi/linux/netfilter/nf_tables.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/netfilter/nf_tables.h
b/in
From: Gao Feng
The nf_log_set is an interface function, so it should do the strict sanity
check of parameters. Convert the return value of nf_log_set as int instead
of void. When the pf is invalid, return -EOPNOTSUPP.
Signed-off-by: Gao Feng
Signed-off-by: Pablo Neira Ayuso
---
include/net/ne
This patch modifies __rhashtable_insert_fast() so it returns the
existing object that clashes with the one that you want to insert.
In case the object is successfully inserted, NULL is returned.
Otherwise, you get an error via ERR_PTR().
This patch adapts the existing callers of __rhashtable_inser
From: Florian Westphal
The reliable event delivery mode currently (ab)uses the DYING bit to
detect which entries on the dying list have to be skipped when
re-delivering events from the eache worker in reliable event mode.
Currently when we delete the conntrack from main table we only set this
bi
This is required to iterate over the hash table in cttimeout, ctnetlink
and nf_conntrack_ipv4.
>> ERROR: "nf_conntrack_htable_size" [net/netfilter/nfnetlink_cttimeout.ko]
>> undefined!
ERROR: "nf_conntrack_htable_size" [net/netfilter/nf_conntrack_netlink.ko]
undefined!
ERROR: "nf_conntrack
From: Hangbin Liu
Signed-off-by: Hangbin Liu
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/xt_physdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c
index e5f1898..bb33598 100644
--- a/net/netfilter/xt_phys
From: Florian Westphal
... so we don't need to touch all of these places when we get rid of the
timer in nf_conn.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | 3 +--
net/netfilter/nf_conntrack_netlink.c
From: Laura Garcia Liebana
This patch adds a new hash expression, this provides jhash support but
this can be extended to support for other hash functions. The modulus
and seed already comes embedded into this new expression.
Use case example:
... meta mark set hash ip saddr mod 10
Sig
1 - 100 of 118 matches
Mail list logo
