Stop PDMA while the frame engine is going to stop.
Signed-off-by: Nelson Chang
---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index 4cc50c0..62de68d 100
1) Add to stop PDMA while stopping the frame engine
2) Modify the register settings for LRO relinquishments
3) Jump out from the waiting loop while LRO relinquishments are done
Nelson Chang (2):
net: ethernet: mediatek: add to stop PDMA while stopping the frame
engine
net: ethernet: mediat
(1) Modify the register settings for LRO relinquishments
(2) Jump out from the waiting loop while LRO relinquishments are done
Signed-off-by: Nelson Chang
---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 1 +
drivers/net/ethernet/mediatek/mtk_eth_soc.h | 4 ++--
2 files changed, 3 insertions(+)
From: Arnd Bergmann
Date: Fri, 23 Sep 2016 22:23:59 +0200
> I stumbled over a new warning during randconfig testing,
> with CONFIG_BPF_SYSCALL disabled:
>
> drivers/net/ethernet/netronome/nfp/nfp_net_offload.c: In function
> 'nfp_net_bpf_offload':
> drivers/net/ethernet/netronome/nfp/nfp_net_of
From: Baoyou Xie
Date: Sun, 25 Sep 2016 17:19:04 +0800
> We get 1 warning when building kernel with W=1:
> drivers/net/ethernet/hisilicon/hip04_eth.c:603:22: warning: no previous
> prototype for 'tx_done' [-Wmissing-prototypes]
>
> In fact, this function is only used in the file in which it is
From: Baoyou Xie
Date: Sun, 25 Sep 2016 17:16:44 +0800
> We get 2 warnings when building kernel with W=1:
> drivers/net/ethernet/hisilicon/hisi_femac.c:943:5: warning: no previous
> prototype for 'hisi_femac_drv_suspend' [-Wmissing-prototypes]
> drivers/net/ethernet/hisilicon/hisi_femac.c:960:5:
From: Baoyou Xie
Date: Sun, 25 Sep 2016 14:10:09 +0800
> We get 10 warnings when building kernel with W=1:
> drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:304:5: warning: no previous
> prototype for 'cxgb4_dcb_enabled' [-Wmissing-prototypes]
> drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c:194
From: Baoyou Xie
Date: Sun, 25 Sep 2016 17:34:06 +0800
> We get a few warnings when building kernel with W=1:
Patch does not apply to net-next.
From: Baoyou Xie
Date: Sun, 25 Sep 2016 14:23:15 +0800
> We get 1 warning when building kernel with W=1:
> drivers/net/ethernet/broadcom/genet/bcmgenet.c:2763:5: warning: no previous
> prototype for 'bcmgenet_hfb_add_filter' [-Wmissing-prototypes]
>
> In fact, this function is implemented in
>
From: Baoyou Xie
Date: Sun, 25 Sep 2016 17:20:41 +0800
> We get 2 warnings when building kernel with W=1:
> drivers/net/ethernet/marvell/mvneta.c:639:27: warning: no previous prototype
> for 'mvneta_get_stats64' [-Wmissing-prototypes]
> drivers/net/ethernet/marvell/mvneta.c:3529:5: warning: no p
Hello André
On 9/17/2016 11:23 PM, André Roth wrote:
Hi all,
I have an odroid c2 board which shows this issue. No data is
transmitted or received after a moment of intense tx traffic. Copying a
1GB file per scp from the board triggers it repeatedly.
The board has a stmmac - user ID: 0x11, Syn
On Sun, Sep 25, 2016 at 09:22:11PM -0700, Adit Ranadive wrote:
> On Sun, Sep 25 2016 at 10:26:24AM +0300, Leon Romanovsky wrote:
> > > On Sat, Sep 24, 2016 at 04:21:26PM -0700, Adit Ranadive wrote:
> > > We share some common structures with the user-level driver. This patch
> > > adds
> > > those
On Sun, Sep 25, 2016 at 10:10:43PM -0700, Adit Ranadive wrote:
> On sun, Sep 25 2016 at 10:57:03AM +0300, Leon Romanovsky wrote:
> > On Sat, Sep 24, 2016 at 04:21:37PM -0700, Adit Ranadive wrote:
> > > This patch adds the support to register a RDMA device with the kernel RDMA
> > > stack as well as
On Mon, Sep 26, 2016 at 7:31 AM, Cong Wang wrote:
> On Sun, Sep 25, 2016 at 7:39 AM, Jamal Hadi Salim wrote:
>> On 16-09-25 10:08 AM, Hadar Hen Zion wrote:
>>>
>>> Currently the created tc actions list is reversed against the order
>>> set by the user.
>>> Change the actions list order to be the
On Sun, Sep 25, 2016 at 10:25:12PM -0700, Adit Ranadive wrote:
> On Sun, Sep 25 2016 at 10:03:52AM +0300, Leon Romanovsky wrote:
> > On Sat, Sep 24, 2016 at 04:21:24PM -0700, Adit Ranadive wrote:
> >
> > <...>
> >
> > > include/uapi/rdma/pvrdma-abi.h | 99 ++
> > > include/uapi/r
On Sun, Sep 25, 2016 at 10:22:02PM -0700, Adit Ranadive wrote:
> On Sun, Sep 25 2016 at 10:30:10AM +0300, Leon Romanovsky wrote:
> > On Sat, Sep 24, 2016 at 04:21:40PM -0700, Adit Ranadive wrote:
> > > Add maintainer info for the PVRDMA driver.
> > >
> > > Reviewed-by: Jorgen Hansen
> > > Reviewed
On Sun, Sep 25 2016 at 10:03:52AM +0300, Leon Romanovsky wrote:
> On Sat, Sep 24, 2016 at 04:21:24PM -0700, Adit Ranadive wrote:
>
> <...>
>
> > include/uapi/rdma/pvrdma-abi.h | 99 ++
> > include/uapi/rdma/pvrdma-uapi.h| 255 +
>
> As Jason said, you need
On Sun, Sep 25 2016 at 10:30:10AM +0300, Leon Romanovsky wrote:
> On Sat, Sep 24, 2016 at 04:21:40PM -0700, Adit Ranadive wrote:
> > Add maintainer info for the PVRDMA driver.
> >
> > Reviewed-by: Jorgen Hansen
> > Reviewed-by: George Zhang
> > Reviewed-by: Aditya Sarwade
> > Reviewed-by: Bryan
On sun, Sep 25 2016 at 10:57:03AM +0300, Leon Romanovsky wrote:
> On Sat, Sep 24, 2016 at 04:21:37PM -0700, Adit Ranadive wrote:
> > This patch adds the support to register a RDMA device with the kernel RDMA
> > stack as well as a kernel module. This also initializes the underlying
> > virtual PCI
On Sun, Sep 25, 2016 at 10:59 AM, Shmulik Ladkani
wrote:
> Hi,
>
> On Sat, 24 Sep 2016 17:07:12 -0700 Cong Wang wrote:
>> One problem to use your code for us is that, the RX side of veth
>> is inside containers, not visible to outside, perhaps we need some
>> more parameter to tell the netns befo
On Sun, Sep 25, 2016 at 6:39 AM, Jamal Hadi Salim wrote:
> On 16-09-24 08:07 PM, Cong Wang wrote:
>>
>> On Thu, Sep 22, 2016 at 10:11 PM, Shmulik Ladkani
>
>
>>
>> One problem to use your code for us is that, the RX side of veth
>> is inside containers, not visible to outside, perhaps we need some
On Sun, Sep 25, 2016 at 7:39 AM, Jamal Hadi Salim wrote:
> On 16-09-25 10:08 AM, Hadar Hen Zion wrote:
>>
>> Currently the created tc actions list is reversed against the order
>> set by the user.
>> Change the actions list order to be the same as was set by the user.
>>
>
>
> Did something break?
On Sun, Sep 25 2016 at 10:26:24AM +0300, Leon Romanovsky wrote:
> > On Sat, Sep 24, 2016 at 04:21:26PM -0700, Adit Ranadive wrote:
> > We share some common structures with the user-level driver. This patch adds
> > those structures and shared functions to traverse the QP/CQ rings.
<...>
> > +
> >
From: Johan Hedberg
Date: Sun, 25 Sep 2016 15:42:38 +0300
> Here are a few more Bluetooth & 802.15.4 patches for the 4.9 kernel that
> have popped up during the past week:
>
> - New USB ID for QCA_ROME Bluetooth device
> - NULL pointer dereference fix for Bluetooth mgmt sockets
> - Fixes for
From: Wei Yongjun
Date: Sun, 25 Sep 2016 15:43:02 +
> From: Wei Yongjun
>
> Fixes the following sparse warnings:
>
> drivers/net/dsa/mv88e6xxx/chip.c:219:5: warning:
> symbol 'mv88e6xxx_port_read' was not declared. Should it be static?
> drivers/net/dsa/mv88e6xxx/chip.c:227:5: warning:
>
From: Wei Yongjun
Date: Sun, 25 Sep 2016 15:40:36 +
> From: Wei Yongjun
>
> Fixes the following sparse warnings:
>
> drivers/net/ethernet/emulex/benet/be_main.c:47:25: warning:
> symbol 'be_err_recovery_workq' was not declared. Should it be static?
> drivers/net/ethernet/emulex/benet/be_m
From: Robert Jarzmik
Date: Sun, 25 Sep 2016 23:00:45 +0200
> This aligns smc91x with its cousin, namely smc911x.c.
> This also allows the driver to run also in a device-tree based lubbock
> board build, on which it was tested.
>
> Signed-off-by: Robert Jarzmik
Applied to net-next, thanks.
From: Nikolay Aleksandrov
Date: Sun, 25 Sep 2016 23:08:31 +0200
> Since the commit below the ipmr/ip6mr rtnl_unicast() code uses the portid
> instead of the previous dst_pid which was copied from in_skb's portid.
> Since the skb is new the portid is 0 at that point so the packets are sent
> to th
From: Colin King
Date: Sun, 25 Sep 2016 14:14:45 -0700
> From: Colin Ian King
>
> iq is unsigned, so the error check for iq < 0 has no effect so errors
> can slip past this check. Fix this by making iq signed and also
> get_filter_steerq return a signed int so a -ve error can be returned.
>
>
Any comments about this version patchset ?
:)
> -Original Message-
> From: Yangbo Lu [mailto:yangbo...@nxp.com]
> Sent: Wednesday, September 21, 2016 2:57 PM
> To: linux-...@vger.kernel.org; ulf.hans...@linaro.org; Scott Wood; Arnd
> Bergmann
> Cc: linuxppc-...@lists.ozlabs.org; devicet.
I have confirmed the 1000Mbps won't work with kernel 4.4, I have to
disable it in dts.
The TRM shows that it may not support 1000Mbps, as the gmac_speed in
GRF_SOC_CON1 is just a bit length flag.
Also I have test the performance at the firefly plus with upstream
kernel, it even looks bad at 100M
On 16-09-25 09:35 PM, Florian Westphal wrote:
Jamal Hadi Salim wrote:
Realize didnt respond to this. Seems very simple to fix:
if skb->dev->ifindex and m->tcfm_dev->ifindex are the
same, then you can drop the packet.
Yes, but I think we get same issue when we deal with stacked
interfaces,
Jamal Hadi Salim wrote:
> On 16-09-25 02:31 PM, Florian Westphal wrote:
> >Shmulik Ladkani wrote:
> >>We can later address any loop-detection improvements in mirred.
> >>WDYT?
> >
> >You can address this after fixing infamous spinlock recursion hard
> >lockup (which has existed forever):
> >
> >t
On 16-09-25 02:31 PM, Florian Westphal wrote:
Shmulik Ladkani wrote:
We can later address any loop-detection improvements in mirred.
WDYT?
You can address this after fixing infamous spinlock recursion hard
lockup (which has existed forever):
tc qdisc add dev eth0 root handle 1: prio
tc filte
From: Pablo Neira Ayuso
Date: Mon, 26 Sep 2016 01:06:10 +0200
> The following patchset contains Netfilter updates for your net-next
> tree, they are:
...
> You can pull these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Pulled, thanks Pablo.
On 16-09-25 07:17 PM, Jamal Hadi Salim wrote:
[..]
Do you prefer that I will fix the encode side to encode the whole tlv
header
size instead of fixing the decode side?
Yes please - Add NLA_HDRLEN to the dlen on the encode you showed above.
And the correct commit it fixes is:
a823f93750e341bc
On 16-09-25 02:33 PM, Florian Westphal wrote:
Daniel Borkmann wrote:
[..]
Why not just reuse xmit_recursion, which is what we did in tc cls_bpf
programs f.e. see __bpf_tx_skb()? Would be a pity to waste 3 bits on
this in the skb.
+1, don't (yet) understand why a per-skb counter is required
On 16-09-25 01:33 PM, Shmulik Ladkani wrote:
On Sun, 25 Sep 2016 09:05:08 -0400 Jamal Hadi Salim wrote:
On 16-09-23 11:40 AM, Shmulik Ladkani wrote:
[off topic]
I think this is still on topic!
Sorry, wasn't too clear on that.
What I meant is that _existing_ "egress redirect" already gets
On Sunday 25 September 2016, Baoyou Xie wrote:
> > > @@ -1350,3 +1350,63 @@ static inline struct pci_dev
> > *hisax_find_pci_device(unsigned int vendor,
> > > }
> > >
> > > #endif
> > > +
> > > +#if CARD_TELES3
> > > +int setup_teles3(struct IsdnCard *card);
> > > +#endif
> > > +
> > > +#if CARD_
On 16-09-25 12:26 PM, Daniel Borkmann wrote:
On 09/25/2016 03:05 PM, Jamal Hadi Salim wrote:
[..]
MAX_RED_LOOP (stands for "Maximum Redirect loop") still exists in
current code. The idea above was that we would increment the rttl
counter once and if we saw it again upto MAX_RED_LOOP we would
Use xor to decide to break further rule evaluation or not, since the
existing logic doesn't achieve the expected inversion.
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nft_quota.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nft_quota.c b/net/netfilter
From: Gao Feng
There are two existing strutures which defines the GRE and PPTP header.
So use these two structures instead of the ones defined by netfilter to
keep consitent with other codes.
Signed-off-by: Gao Feng
Signed-off-by: Pablo Neira Ayuso
---
include/linux/netfilter/nf_conntrack_pro
These functions are extracted from the netdev family, they initialize
the pktinfo structure and validate that the IPv4 and IPv6 headers are
well-formed given that these functions are called from a path where
layer 3 sanitization did not happen yet.
These functions are placed in include/net/netfilt
This is overly conservative and not flexible at all, so better let them
go through and let the filtering policy decide what to do with them. We
use skb_header_pointer() all over the place so we would just fail to
match when trying to access fields from malformed traffic.
Signed-off-by: Pablo Neira
This patch introduces nft_set_pktinfo_unspec() that ensures proper
initialization all of pktinfo fields for non-IP traffic. This is used
by the bridge, netdev and arp families.
This new function relies on nft_set_pktinfo_proto_unspec() to set a new
tprot_set field that indicates if transport proto
From: Marco Angaroni
Current parsing methods for SIP headers do not allow the presence of
tab characters between header name and header value. As a result Call-ID
SIP headers like the following are discarded by IPVS SIP persistence
engine:
"Call-ID\t: mycallid@abcde"
"Call-ID:\tmycallid@abcde"
On 16-09-25 11:55 AM, Yotam Gigi wrote:
-Original Message-
From: Jamal Hadi Salim [mailto:j...@mojatatu.com]
Sent: Sunday, September 25, 2016 4:46 PM
To: Yotam Gigi ; da...@davemloft.net;
netdev@vger.kernel.org; Yotam Gigi
Subject: Re: [PATCH net v2 0/2] Fix tc-ife bugs
On 16-09-25 08:3
From: Gao Feng
The caller function "help" has already make sure the datalen could not be zero
before invoke find_pattern as a parameter by the following codes
if (dataoff >= skb->len) {
pr_debug("ftp: dataoff(%u) >= skblen(%u)\n", dataoff,
skb->le
From: Laura Garcia Liebana
The _until_ attribute is renamed to _modulus_ as the behaviour is similar to
other expresions with number limits (ex. nft_hash).
Renaming is possible because there isn't a kernel release yet with these
changes.
Signed-off-by: Laura Garcia Liebana
Signed-off-by: Pablo
This is patch renames the existing function to nft_overquota() and make
it return a boolean that tells us if we have exceeded our byte quota.
Just a cleanup.
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nft_quota.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a
From: Liping Zhang
Although the validation of queues_total and queuenum is checked in nft
utility, but user can add nft rules via nfnetlink, so it is necessary
to check the validation at the nft_queue expr init routine too.
Tested by run ./nft-test.py any/queue.t:
any/queue.t: 6 unit tests, 0
From: Laura Garcia Liebana
Add support to pass through an offset to the hash value. With this
feature, the sysadmin is able to generate a hash with a given
offset value.
Example:
meta mark set jhash ip saddr mod 2 seed 0xabcd offset 100
This option generates marks according to the sour
From: Laura Garcia Liebana
The overflow validation in the init() function establishes that the
maximum value that the hash could reach is less than U32_MAX, which is
likely to be true.
The fix detects the overflow when the maximum hash value is less than
the offset itself.
Fixes: 70ca767ea1b2 (
From: Liping Zhang
After commit adf0516845bc ("netfilter: remove ip_conntrack* sysctl
compat code"), ctl_table_path member in struct nf_conntrack_l3proto{}
is not used anymore, remove it.
Signed-off-by: Liping Zhang
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_conntrack_l3pro
From: Liping Zhang
There's an off-by-one issue in nft_payload_fast_eval, skb_tail_pointer
and ptr + priv->len all point to the last valid address plus 1. So if
they are equal, we can still fetch the valid data. It's unnecessary to
fall back to nft_payload_eval.
Signed-off-by: Liping Zhang
Signe
From: Gao Feng
There are some codes of netfilter module which did not check the return
value of register_netdevice_notifier. Add the checks now.
Signed-off-by: Gao Feng
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_tables_netdev.c | 18 +-
net/netfilter/nfnetlink_queue
From: Liping Zhang
After we generate a new number, we still use the priv->counter and
store it to the dreg. This is not correct, another cpu may already
change it to a new number. So we must use the generated number, not
the priv->counter itself.
Fixes: 91dbc6be0a62 ("netfilter: nf_tables: add n
Consolidate pktinfo setup and validation by using the new generic
functions so we converge to the netdev family codebase.
We only need a linear IPv4 and IPv6 header from the reject expression,
so move nft_bridge_iphdr_validate() and nft_bridge_ip6hdr_validate()
to net/bridge/netfilter/nft_reject_b
From: Liping Zhang
Currently, the user can specify the queue numbers by _QUEUE_NUM and
_QUEUE_TOTAL attributes, this is enough in most situations.
But acctually, it is not very flexible, for example:
tcp dport 80 mapped to queue0
tcp dport 81 mapped to queue1
tcp dport 82 mapped to queue2
From: Pablo Neira
Instead of several goto's just to return the result, simply return it.
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_conntrack_helper.c | 15 ++-
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/net/netfilter/nf_conntrack_helper.c
b/net/netfi
From: Laura Garcia Liebana
Fetch value and validate u32 netlink attribute. This validation is
usually required when the u32 netlink attributes are being stored in a
field whose size is smaller.
This patch revisits 4da449ae1df9 ("netfilter: nft_exthdr: Add size check
on u8 nft_exthdr attributes")
The dynset expression matches if we can fit a new entry into the set.
If there is no room for it, then it breaks the rule evaluation.
This patch introduces the inversion flag so you can add rules to
explicitly drop packets that don't fit into the set. For example:
# nft filter input flow table x
From: Marco Angaroni
Current parsing methods for SIP header Call-ID do not check correctly all
characters allowed by RFC 3261. In particular "," character is allowed
instead of "'" character. As a result Call-ID headers like the following
are discarded by IPVS SIP persistence engine.
Call-ID: -.
On Monday 26 September 2016, Jeff Kirsher wrote:
> On Sun, 2016-09-25 at 14:05 +0800, Baoyou Xie wrote:
> > We get 1 warning when building kernel with W=1:
> > drivers/net/ethernet/intel/igb/igb_ethtool.c:2707:5: warning: no previous
> > prototype for 'igb_rxnfc_write_vlan_prio_filter' [-Wmissing-p
Make sure the pktinfo protocol fields are initialized if this fails to
parse the transport header.
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_tables_ipv6.h | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/include/net/netfilter/nf_tables_ipv6.h
b/includ
We already checked for !found just a bit before:
if (!found) {
regs->verdict.code = NFT_BREAK;
return;
}
if (found && set->flags & NFT_SET_MAP)
^
So this redundant check can just go away.
Signed-off-by: Pablo Neira Ayuso
-
From: Liping Zhang
NFTA_LOG_FLAGS attribute is already supported, but the related
NF_LOG_XXX flags are not exposed to the userspace. So we cannot
explicitly enable log flags to log uid, tcp sequence, ip options
and so on, i.e. such rule "nft add rule filter output log uid"
is not supported yet.
From: Liping Zhang
NFT_CT_MARK is unrelated to direction, so if NFTA_CT_DIRECTION attr is
specified, report EINVAL to the userspace. This validation check was
already done at nft_ct_get_init, but we missed it in nft_ct_set_init.
Signed-off-by: Liping Zhang
Signed-off-by: Pablo Neira Ayuso
---
From: Aaron Conole
The netfilter hook list never uses the prev pointer, and so can be trimmed to
be a simple singly-linked list.
In addition to having a more light weight structure for hook traversal,
struct net becomes 5568 bytes (down from 6400) and struct net_device becomes
2176 bytes (down f
Inverse ranges != [a,b] are not currently possible because rules are
composites of && operations, and we need to express this:
data < a || data > b
This patch adds a new range expression. Positive ranges can be already
through two cmp expressions:
cmp(sreg, data, >=)
cmp(
From: Gao Feng
There are some codes which are used to get one random once in netfilter.
We could use net_get_random_once to simplify these codes.
Signed-off-by: Gao Feng
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/xt_RATEEST.c | 6 +-
net/netfilter/xt_connlimit.c | 8 +---
ne
From: Gao Feng
It is valid that the TCP RST packet which does not set ack flag, and bytes
of ack number are zero. But current seqadj codes would adjust the "0" ack
to invalid ack number. Actually seqadj need to check the ack flag before
adjust it for these RST packets.
The following is my test c
From: Aaron Conole
This commit adds an upfront check for sane values to be passed when
registering a netfilter hook. This will be used in a future patch for a
simplified hook list traversal.
Signed-off-by: Aaron Conole
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/core.c | 5 +
1 fi
From: Aaron Conole
A future patch will modify the hook drop and outfn functions. This will
cause the line lengths to take up too much space. This is simply a
readability change.
Signed-off-by: Aaron Conole
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_queue.h | 8
1
From: Vishwanath Pai
I am planning to add a revision 2 for the hashlimit xtables module to
support higher packets per second rates. This patch renames all the
functions and variables related to revision 1 by adding _v1 at the
end of the names.
Signed-off-by: Vishwanath Pai
Signed-off-by: Joshua
From: Liping Zhang
After commit ac2863445686 ("netfilter: bridge: add nf_afinfo to enable
queuing to userspace"), we can queue packets to the user space in bridge
family. But when the user specify the queue range, packets will be only
delivered to the first queue num. Because in nfqueue_hash, we
From: Florian Westphal
Fabian reports a possible conntrack memory leak (could not reproduce so
far), however, one minor issue can be easily resolved:
> cat /proc/net/nf_conntrack | wc -l = 5
> 4 minutes required to clean up the table.
We should not report those timed-out entries to the user in
From: Gao Feng
It's better to use sizeof(info->name)-1 as index to force set the string
tail instead of literal number '29'.
Signed-off-by: Gao Feng
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/xt_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter
From: Liping Zhang
pkt->xt.thoff is not always set properly, but we use it without any check.
For payload expr, it will cause wrong results. For nftrace, we may notify
the wrong network or transport header to the user space, furthermore,
input the following nft rules, warning message will be prin
From: Liping Zhang
hash_v6 is used by both nftables and ip6tables, so depend on
IP6_NF_IPTABLES is not properly.
Actually, it only parses ipv6hdr and computes a hash value, so
even if IPV6 is disabled, there's no side effect too, remove it.
Signed-off-by: Liping Zhang
Signed-off-by: Pablo Neir
From: Vishwanath Pai
Create a new revision for the hashlimit iptables extension module. Rev 2
will support higher pps of upto 1 million, Version 1 supports only 10k.
To support this we have to increase the size of the variables avg and
burst in hashlimit_cfg to 64-bit. Create two new structs has
From: Aaron Conole
All of the callers of nf_hook_slow already hold the rcu_read_lock, so this
cleanup removes the recursive call. This is just a cleanup, as the locking
code gracefully handles this situation.
Signed-off-by: Aaron Conole
Signed-off-by: Pablo Neira Ayuso
---
net/bridge/netfilt
From: Florian Westphal
This replaces the last uses of NF_HOOK_THRESH().
Followup patch will remove it and rename nf_hook_thresh.
The reason is that inet (non-bridge) netfilter no longer invokes the
hooks from hooks, so we do no longer need the thresh value to skip hooks
with a lower priority.
T
From: Laura Garcia Liebana
Add support of an offset value for incremental counter and random. With
this option the sysadmin is able to start the counter to a certain value
and then apply the generated number.
Example:
meta mark set numgen inc mod 2 offset 100
This will generate marks w
From: Gao Feng
There are some codes of netfilter module which did not check the return
value of nft_register_chain_type. Add the checks now.
Signed-off-by: Gao Feng
Signed-off-by: Pablo Neira Ayuso
---
net/bridge/netfilter/nf_tables_bridge.c | 18 +-
net/ipv4/netfilter/nf_tabl
From: KOVACS Krisztian
The introduction of TCP_NEW_SYN_RECV state, and the addition of request
sockets to the ehash table seems to have broken the --transparent option
of the socket match for IPv6 (around commit a9407000).
Now that the socket lookup finds the TCP_NEW_SYN_RECV socket instead of t
From: Aaron Conole
This commit ensures that the rcu read-side lock is held while the
ingress hook is called. This ensures that a call to nf_hook_slow (and
ultimately nf_ingress) will be read protected.
Signed-off-by: Aaron Conole
Signed-off-by: Pablo Neira Ayuso
---
net/core/dev.c | 7 ++
From: Liping Zhang
Currently, if the user want to match ct l3proto, we must specify the
direction, for example:
# nft add rule filter input ct original l3proto ipv4
Otherwise, error message will be reported:
# nft add rule filter input ct l3proto ipv4
From: Liping Zhang
nf_log is used by both nftables and iptables, so use XT_LOG_XXX macros
here is not appropriate. Replace them with NF_LOG_XXX.
Signed-off-by: Liping Zhang
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/nf_log_ipv4.c | 6 +++---
net/ipv6/netfilter/nf_log_ipv6.c | 14
From: Gao Feng
The origin codes perform two condition checks with dst_mtu(skb_dst(skb))
and in_mtu. And the last statement is "min(dst_mtu(skb_dst(skb)),
in_mtu) - minlen". It may let reader think about how about the result.
Would it be negative.
Now assign the result of min(dst_mtu(skb_dst(skb)
From: Florian Westphal
This makes things simpler because we can store the head of the list
in the nf_state structure without worrying about concurrent add/delete
of hook elements from the list.
A future commit will make use of this to implement a simpler
linked-list.
Signed-off-by: Florian West
From: Florian Westphal
These counters sit in hot path and do show up in perf, this is especially
true for 'found' and 'searched' which get incremented for every packet
processed.
Information like
searched=212030105
new=623431
found=333613
delete=623327
does not seem too helpful nowadays:
- on
From: Marco Angaroni
Current parsing methods for SIP headers do not properly manage
continuation lines: in case of Call-ID header the first character of
Call-ID header value is truncated. As a result IPVS SIP persistence
engine hashes over a call-id that is not exactly the one present in
the orig
From: Gao Feng
There are some debug code which are commented out in find_pattern by #if 0.
Now remove them.
Signed-off-by: Gao Feng
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_conntrack_ftp.c | 13 +
1 file changed, 1 insertion(+), 12 deletions(-)
diff --git a/net/netfi
From: Gao Feng
There are already some GRE_* macros in kernel, so it is unnecessary
to define these macros. And remove some useless macros
Signed-off-by: Gao Feng
Signed-off-by: Pablo Neira Ayuso
---
include/linux/netfilter/nf_conntrack_proto_gre.h | 22 ++
include/uapi/lin
Hi David,
The following patchset contains Netfilter updates for your net-next
tree, they are:
1) Consolidate GRE protocol tracker using new GRE protocol definitions,
patches from Gao Feng.
2) Properly parse continuation lines in SIP helper, update allowed
characters in Call-ID header and a
Eric Dumazet writes:
> On Thu, 2016-09-22 at 18:43 +0200, Vlastimil Babka wrote:
>> The select(2) syscall performs a kmalloc(size, GFP_KERNEL) where size grows
>> with the number of fds passed. We had a customer report page allocation
>> failures of order-4 for this allocation. This is a costly o
On Sun, 2016-09-25 at 14:05 +0800, Baoyou Xie wrote:
> We get 1 warning when building kernel with W=1:
> drivers/net/ethernet/intel/igb/igb_ethtool.c:2707:5: warning: no previous
> prototype for 'igb_rxnfc_write_vlan_prio_filter' [-Wmissing-prototypes]
>
> In fact, this function is only used in th
On Sun, 2016-09-25 at 14:03 +0800, Baoyou Xie wrote:
> We get 2 warnings when building kernel with W=1:
> drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c:2128:5: warning: no
> previous prototype for 'ixgbe_led_on_t_x550em' [-Wmissing-prototypes]
> drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c:2150:5:
The ethtool api {get|set}_settings is deprecated.
We move this driver to new api {get|set}_link_ksettings.
Signed-off-by: Philippe Reynes
---
drivers/net/ethernet/broadcom/tg3.c | 112 +++
1 files changed, 62 insertions(+), 50 deletions(-)
diff --git a/drivers/n
1 - 100 of 197 matches
Mail list logo
