From: Gao Feng
The commit 520ac30f4551 ("net_sched: drop packets after root qdisc lock
is released) made a big change of tc for performance. There are two points
left in sch_prio and sch_qfq which are not changed with that commit. Now
enhance them now with __qdisc_drop.
Signed-off-by: Gao Feng
Same as ip_gre, geneve and vxlan, use key->tos as traffic class value.
CC: Peter Dawson
Fixes: 0e9a709560db ("ip6_tunnel, ip6_gre: fix setting of DSCP on
encapsulated packets”)
Signed-off-by: Haishuang Yan
---
Changes since v3:
* Add fixes information
* Remove obsoleted RT_TOS mask
---
net
Similar to vxlan/geneve tunnel, if hop_limit is zero, it should fall
back to ip6_dst_hoplimt().
Signed-off-by: Haishuang Yan
---
net/ipv6/ip6_tunnel.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 3a0ba2a..10a693a 100644
--- a/net/ipv6/ip
MPS_TX_INT_CAUSE[Bubble] is a normal condition for T6, hence
ignore this interrupt for T6.
Signed-off-by: Ganesh Goudar
Signed-off-by: Casey Leedom
---
drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 16 +++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/drivers/net/eth
Hi Russell,
On Sun, Sep 03, 2017 at 09:46:35PM +0100, Russell King - ARM Linux wrote:
> On Sun, Sep 03, 2017 at 03:31:13PM +0300, Baruch Siach wrote:
> > Add device-tree binding documentation SFP transceivers. Support for SFP
> > transceivers has been recently introduced (drivers/net/phy/sfp.c).
>
MPS_STAT_CTL[CountPauseStatTx] and MPS_STAT_CTL[CountPauseStatRx]
only control whether or not Pause Frames will be counted as part
of the 64-Byte Tx/Rx Frame counters. These bits do not control
whether Pause Frames are counted in the Total Tx/Rx Frames/Bytes
counters.
Signed-off-by: Ganesh Goudar
do not reuse the loop counter which is used iterate over
the ports, so that sched_tbl will be freed for all the ports.
Signed-off-by: Ganesh Goudar
---
drivers/net/ethernet/chelsio/cxgb4/sched.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/chelsi
On Sun, Sep 03, 2017 at 10:26:03PM +0200, Zahari Doychev wrote:
> The function calls to kcalloc use wrong parameter order. The flags
> have to be passed as last parameter.
>
> The change was done using the following coccinelle script:
>
> @@
> expression E1,E2;
> type T;
> @@
>
> -kcalloc(E1, E2
Hi all,
On Tue, 22 Aug 2017 11:24:14 +1000 Stephen Rothwell
wrote:
>
> Today's linux-next merge of the net-next tree got a conflict in:
>
> arch/arm64/boot/dts/rockchip/rk3328-evb.dts
>
> between commits:
>
> ab78718bda79 ("arm64: dts: rockchip: Enable tsadc module on RK3328
> eavluation
> -Original Message-
> From: Florian Fainelli [mailto:f.faine...@gmail.com]
> Sent: Saturday, September 02, 2017 7:25 AM
> To: Bhadram Varka ; and...@lunn.ch
> Cc: linux-netdev
> Subject: Re: netdev carrier changes is one even after ethernet link up.
>
> On 08/31/2017 10:49 PM, Bhadram
Hi Florian,
> -Original Message-
> From: Florian Fainelli [mailto:f.faine...@gmail.com]
> Sent: Saturday, September 02, 2017 7:25 AM
> To: Bhadram Varka ; and...@lunn.ch
> Cc: linux-netdev
> Subject: Re: netdev carrier changes is one even after ethernet link up.
>
> On 08/31/2017 10:49 P
Hi all,
On Wed, 16 Aug 2017 09:51:28 +1000 Stephen Rothwell
wrote:
>
> Today's linux-next merge of the pci tree got a conflict in:
>
> drivers/pci/probe.c
>
> between commit:
>
> a99b646afa8a ("PCI: Disable PCIe Relaxed Ordering if unsupported")
>
> from the net tree and commit:
>
> 6
From: Johan Hedberg
Date: Sun, 3 Sep 2017 09:20:55 +0300
> Here's one last bluetooth-next pull request for the 4.14 kernel:
>
> - NULL pointer fix in ca8210 802.15.4 driver
> - A few "const" fixes
> - New Kconfig option for disabling legacy interfaces
>
> Please let me know if there are any
From: Subash Abhinov Kasiviswanathan
Date: Sat, 2 Sep 2017 23:30:40 -0600
> This series fixes the comments from Dan on the first patch series.
>
> Fixes a memory corruption which could occur if mux_id was higher than 32.
> Remove the RMNET_LOCAL_LOGICAL_ENDPOINT which is no longer used.
> Make
From: Saeed Mahameed
Date: Sun, 3 Sep 2017 07:21:00 +0300
> This series from Tariq includes micro data path optimization for mlx5e
> netdevice driver.
>
> Sorry about the late submission but most of the patches are really
> small and trivial.
>
> For more details please see tag log message bel
From: Jakub Kicinski
Date: Sat, 2 Sep 2017 18:25:59 -0700
> This series is a part 2 to what went into net as a simpler fix.
> In net we simply moved when existing callbacks are invoked to
> ensure flower app does not still use representors when lower
> netdev has already been destroyed. In thi
We reserve headroom unconditionally which could cause unnecessary
stress on socket memory accounting because of increased trusesize. Fix
this by only reserve extra headroom when XDP is set.
Cc: Jakub Kicinski
Signed-off-by: Jason Wang
---
drivers/net/tun.c | 26 ++
1 fil
Rename "generic_xdp" to "skb_xdp" to avoid confusing it with the
generic XDP which will be done at netif_receive_skb().
Cc: Daniel Borkmann
Signed-off-by: Jason Wang
---
drivers/net/tun.c | 18 +++---
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/drivers/net/tun.c b
Let switch drivers indicate how many TX queues they support. Some
switches, such as Broadcom Starfighter 2 are designed with 8 egress
queues. Future changes will allow us to leverage the queue mapping and
direct the transmission towards a particular queue.
Signed-off-by: Florian Fainelli
---
inc
Even though TC2QOS mapping is for switch egress queues, we need to
configure it correclty in order for the Broadcom tag ingress (CPU ->
switch) queue selection to work correctly since there is a 1:1 mapping
between switch egress queues and ingress queues.
Signed-off-by: Florian Fainelli
---
driv
We originally used skb->priority but that was not quite correct as this
bitfield needs to contain the egress switch queue we intend to send this
SKB to.
Signed-off-by: Florian Fainelli
---
net/dsa/tag_brcm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/dsa/tag_brcm.c
Hi all,
This patch series extracts the parts of the patch set that are likely not to be
controversial and actually bringing multi-queue support to DSA-created network
devices.
With these patches, we can now use sch_multiq as documented under
Documentation/networking/multique.txt and let applicati
The switch supports 8 egress queues per port, so indicate that such that
net/dsa/slave.c::dsa_slave_create can allocate the right number of TX queues.
While at it use SF2_NUM_EGRESS_QUEUE as a define for the number of queues we
support.
Signed-off-by: Florian Fainelli
---
drivers/net/dsa/bcm_sf2
Le 09/03/17 à 20:20, David Miller a écrit :
> From: Florian Fainelli
> Date: Sat, 2 Sep 2017 11:06:05 -0700
>
>> This patch series extracts the parts of the patch set that are likely not to
>> be
>> controversial and actually bringing multi-queue support to DSA-created
>> network
>> devices.
>
From: Jiri Pirko
Date: Sat, 2 Sep 2017 23:49:08 +0200
> From: Jiri Pirko
>
> Petr says:
>
> This patch series introduces to mlxsw driver support for offloading
> IP-in-IP tunnels in general, and for (subset of) GRE in particular.
...
Series applied, thanks!
From: Florian Fainelli
Date: Sat, 2 Sep 2017 11:06:05 -0700
> This patch series extracts the parts of the patch set that are likely not to
> be
> controversial and actually bringing multi-queue support to DSA-created network
> devices.
>
> With these patches, we can now use sch_multiq as docum
From: Florian Fainelli
Date: Sat, 2 Sep 2017 08:56:45 -0700
> During error injection it was possible to crash in dsa_loop_exit() because of
> an attempt to unregister an invalid PHY. We actually want to the driver
> probing
> in dsa_loop_init() even though fixed_phy_register() may return an err
From: Antoine Tenart
Date: Sat, 2 Sep 2017 11:06:46 +0200
> This series aims at fixing the logic behind the MAC address retrieval in the
> PPv2 driver. A possible issue is also fixed in patch 3/3 to introduce
> fallbacks
> when the address given in the device tree isn't valid.
...
> Since v2:
On 2017年09月02日 00:17, Willem de Bruijn wrote:
This is not a 50/50 split, which impliesTw that some packets from the
large
packet flow are still converted to copying. Without the change the rate
without queue was 80k zerocopy vs 80k copy, so this choice of
(vq->num >> 2) appears too conservative
On Wed, Aug 30, 2017 at 05:53:27PM +0800, Hannes Frederic Sowa wrote:
> Hello,
>
> Yi Yang writes:
>
> [...]
>
> > +struct ovs_key_nsh {
> > + u8 flags;
> > + u8 ttl;
> > + u8 mdtype;
> > + u8 np;
> > + __be32 path_hdr;
> > + __be32 context[NSH_MD1_CONTEXT_SIZE];
> > +};
> > +
> >
On 2017年09月01日 23:51, Michael S. Tsirkin wrote:
On Fri, Sep 01, 2017 at 05:02:50PM +0800, Jason Wang wrote:
We check tx avail through vhost_enable_notify() in the past which is
wrong since it only checks whether or not guest has filled more
available buffer since last avail idx synchronization
On Sun, Sep 03, 2017 at 05:14:18PM -0700, David Miller wrote:
>
> I only see patches 3, 4, and 5 of this series.
>
> If this is meant for net-next inclusion, you'll have to submit it such that
> I see the entire series on netdev and thus in patchwork.
I'm posting this new NLM_F_NONREC for acknow
I only see patches 3, 4, and 5 of this series.
If this is meant for net-next inclusion, you'll have to submit it such that
I see the entire series on netdev and thus in patchwork.
Thanks.
From: Pablo Neira Ayuso
Date: Mon, 4 Sep 2017 00:25:42 +0200
> The following patchset contains Netfilter updates for your net-next
> tree. Basically, updates to the conntrack core, enhancements for
> nf_tables, conversion of netfilter hooks from linked list to array to
> improve memory locality
From: Geliang Tang
Use audit_log() instead of open-coding it.
Signed-off-by: Geliang Tang
Signed-off-by: Pablo Neira Ayuso
---
net/bridge/netfilter/ebtables.c | 13 -
net/netfilter/x_tables.c| 14 --
2 files changed, 8 insertions(+), 19 deletions(-)
diff --git
From: Nick Desaulniers
Clang produces the following warning:
net/ipv4/netfilter/nf_nat_h323.c:553:6: error:
logical not is only applied to the left hand side of this comparison
[-Werror,-Wlogical-not-parentheses]
if (!set_h225_addr(skb, protoff, data, dataoff, taddr,
^
add parentheses afte
From: Taehee Yoo
The netfilter_queue_init() has been removed.
so we can remove the prototype of that.
Signed-off-by: Taehee Yoo
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_internals.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/netfilter/nf_internals.h b/net/netfilter/nf_
From: Florian Westphal
so eval and uncoming eval_set versions can reuse a common helper.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nft_exthdr.c | 16 +++-
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/net/netfilter/nft_exth
From: Florian Westphal
This allows setting 2 and 4 byte quantities in the tcp option space.
Main purpose is to allow native replacement for xt_TCPMSS to
work around pmtu blackholes.
Writes to kind and len are now allowed at the moment, it does not seem
useful to do this as it causes corruption o
From: Florian Westphal
This needs to accout for the ipv4/ipv6 header size and the tcp
header without options.
Fixes: 6b5dc98e8fac0 ("netfilter: rt: add support to fetch path mss")
Reported-by: Matteo Croce
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nft
From: Florian Westphal
re-add batching in nf_unregister_net_hooks().
Similar as before, just store an array with to-be-free'd rule arrays
on stack, then call synchronize_net once per batch.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/core.c | 59 +++
From: Davide Caratti
L4 protocol helpers for DCCP, SCTP and UDPlite can't be built as kernel
modules anymore, so we can remove code enclosed in
#ifdef CONFIG_NF_CT_PROTO_{DCCP,SCTP,UDPLITE}_MODULE
Signed-off-by: Davide Caratti
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_conntrack_p
From: Florian Westphal
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_conntrack_l4proto.h | 7 ---
net/netfilter/nf_conntrack_proto_dccp.c | 6 ++
net/netfilter/nf_conntrack_proto_gre.c | 4
net/netfilter/nf_conntrack_proto
From: Florian Westphal
Doesn't change generated code, but will make it easier to eventually
make the actual trackers themselvers const.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_conntrack_l3proto.h | 6 +++---
include/net/netfilter/nf_connt
From: Florian Westphal
net/netfilter/nft_payload.c:187:18: warning: incorrect type in return
expression (expected bool got restricted __sum16 [usertype] check)
net/netfilter/nft_exthdr.c:222:14: warning: cast to restricted __be32
net/netfilter/nft_rt.c:49:23: warning: incorrect type in assignmen
From: Colin Ian King
The returns on some if statements are not indented correctly,
add in the missing tab.
Signed-off-by: Colin Ian King
Signed-off-by: Pablo Neira Ayuso
---
net/bridge/netfilter/ebt_ip.c | 4 ++--
net/bridge/netfilter/ebt_ip6.c | 2 +-
2 files changed, 3 insertions(+), 3 del
From: Florian Westphal
When enabling logging for invalid connections we currently also log most
icmpv6 types, which we don't track intentionally (e.g. neigh discovery).
"invalid" should really mean "invalid", i.e. short header or bad checksum.
We don't do any logging for icmp(v4) either, its jus
From: Varsha Rao
Remove NFDEBUG and use pr_debug() instead of it.
Signed-off-by: Varsha Rao
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_internals.h | 6 --
net/netfilter/nf_sockopt.c | 2 +-
2 files changed, 1 insertion(+), 7 deletions(-)
diff --git a/net/netfilter/nf_interna
From: Aaron Conole
This converts the storage and layout of netfilter hook entries from a
linked list to an array. After this commit, hook entries will be
stored adjacent in memory. The next pointer is no longer required.
The ops pointers are stored at the end of the array as they are only
used
From: Florian Westphal
Make sure our grow/shrink routine places them in the correct order.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/core.c | 23 +++
1 file changed, 23 insertions(+)
diff --git a/net/netfilter/core.c b/net/netfilte
From: Florian Westphal
CONFIG_NF_CONNTRACK_PROCFS is deprecated, no need to use a function
pointer in the trackers for this. Place the printf formatting in
the one place that uses it.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_conntrack_l3pro
From: Florian Westphal
no need to waste storage for something that is only needed
in one place and can be deduced from protocol number.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_conntrack_l4proto.h | 3 ---
net/ipv4/netfilter/nf_conntrack
From: Florian Westphal
no need to waste storage for something that is only needed
in one place and can be deduced from protocol number.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_conntrack_l3proto.h | 3 ---
net/ipv4/netfilter/nf_conntrack
From: Florian Westphal
can use u16 for both, shrinks size by another 8 bytes.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_conntrack_l4proto.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/netfilter/nf_conn
From: Florian Westphal
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nft_exthdr.c | 33 +
1 file changed, 21 insertions(+), 12 deletions(-)
diff --git a/net/netfilter/nft_exthdr.c b/net/netfilter/nft_exthdr.c
index 1ec49fe58
From: Taehee Yoo
The root4 variable is used only when connlimit extension module has been
stored by the iptables command. and the roo6 variable is used only when
connlimit extension module has been stored by the ip6tables command.
So the root4 and roo6 variable does not be used at the same time.
From: Florian Westphal
to be used in combination with tcp option set support to mimic
iptables TCPMSS --clamp-mss-to-pmtu.
v2: Eric Dumazet points out dst must be initialized.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/uapi/linux/netfilter/nf_tables.h | 2 +
From: Florian Westphal
avoids a pointer and allows struct to be const later on.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_conntrack_l3proto.h | 19 ---
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 13 +++--
net/
From: Julia Lawall
The nf_loginfo structures are only passed as the seventh argument to
nf_log_trace, which is declared as const or stored in a local const
variable. Thus the nf_loginfo structures themselves can be const.
Done with the help of Coccinelle.
//
@r disable optional_qualifier@
ide
From: Taehee Yoo
The target variable is not used in the compat_copy_entry_from_user().
So It can be removed.
Signed-off-by: Taehee Yoo
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/arp_tables.c | 2 --
net/ipv4/netfilter/ip_tables.c | 2 --
2 files changed, 4 deletions(-)
diff --g
From: Florian Westphal
Discussion during NFWS 2017 in Faro has shown that the current
conntrack behaviour is unreasonable.
Even if conntrack module is loaded on behalf of a single net namespace,
its turned on for all namespaces, which is expensive. Commit
481fa373476 ("netfilter: conntrack: add
From: Julia Lawall
When a nf_conntrack_l3/4proto parameter is not on the left hand side
of an assignment, its address is not taken, and it is not passed to a
function that may modify its fields, then it can be declared as const.
This change is useful from a documentation point of view, and can
p
From: Phil Sutter
Same conversion as for table names, use NFT_NAME_MAXLEN as upper
boundary as well.
Signed-off-by: Phil Sutter
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_tables.h| 2 +-
include/uapi/linux/netfilter/nf_tables.h | 2 +-
net/netfilter/nf_tables_api.
From: Phil Sutter
Same conversion as for table names, use NFT_NAME_MAXLEN as upper
boundary as well.
Signed-off-by: Phil Sutter
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_tables.h| 2 +-
include/uapi/linux/netfilter/nf_tables.h | 2 +-
net/netfilter/nf_tables_api.
From: Phil Sutter
This is similar to strdup() for netlink string attributes.
Signed-off-by: Phil Sutter
Signed-off-by: Pablo Neira Ayuso
---
include/net/netlink.h | 1 +
lib/nlattr.c | 24
2 files changed, 25 insertions(+)
diff --git a/include/net/netlink.h
From: Florian Westphal
We no longer place these on a list so they can be const.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
drivers/net/ipvlan/ipvlan_main.c | 2 +-
net/bridge/br_netfilter_hooks.c| 2 +-
net/bridge/netfilter/ebtable_filte
From: Florian Westphal
switch to lockless lockup. write side now also increments sequence
counter. On lookup, sample counter value and only take the lock
if we did not find a match and the counter has changed.
This avoids need to write to private area in normal (lookup) cases.
In case we detec
From: Phil Sutter
Allocate all table names dynamically to allow for arbitrary lengths but
introduce NFT_NAME_MAXLEN as an upper sanity boundary. It's value was
chosen to allow using a domain name as per RFC 1035.
Signed-off-by: Phil Sutter
Signed-off-by: Pablo Neira Ayuso
---
include/net/netf
From: Phil Sutter
nft_trace_notify() is called only from __nft_trace_packet(), which
assigns its parameter 'chain' to info->chain. __nft_trace_packet() in
turn later dereferences 'chain' unconditionally, which indicates that
it's never NULL. Same does nft_do_chain(), the only user of the tracing
From: Phil Sutter
Same conversion as for table names, use NFT_NAME_MAXLEN as upper
boundary as well.
Signed-off-by: Phil Sutter
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_tables.h| 4 ++--
include/uapi/linux/netfilter/nf_tables.h | 2 +-
net/netfilter/nf_tables_ap
From: Florian Westphal
When skb is queued to userspace it leaves softirq/rcu protection.
skb->nfct (via conntrack extensions such as helper) could then reference
modules that no longer exist if the conntrack was not yet confirmed.
nf_ct_iterate_destroy() will set the DYING bit for unconfirmed
co
From: "subas...@codeaurora.org"
Delayed workqueue causes wakeups to idle CPUs. This was
causing a power impact for devices. Use deferable work
queue instead so that gc_worker runs when CPU is active only.
Signed-off-by: Subash Abhinov Kasiviswanathan
Signed-off-by: Pablo Neira Ayuso
---
net/n
From: Florian Westphal
assuming we have lockless readers we should make sure they can only
see expectations that have already been initialized.
hlist_add_head_rcu acts as memory barrier, move it after timer setup.
Theoretically we could crash due to a del_timer() on other cpu
seeing garbage dat
From: Florian Westphal
queued skbs might be using conntrack extensions that are being removed,
such as timeout. This happens for skbs that have a skb->nfct in
unconfirmed state (i.e., not in hash table yet).
This is destructive, but there are only two use cases:
- module removal (rare)
- netn
From: "Pablo M. Bermudo Garay"
Add fib expression support for netdev family. Like inet family, netdev
delegates the actual decision to the corresponding backend, either ipv4
or ipv6.
This allows to perform very early reverse path filtering, among other
things.
You can find more information abou
From: Phil Sutter
This is helpful for 'nft monitor' to track which process caused a given
change to the ruleset.
Signed-off-by: Phil Sutter
Signed-off-by: Pablo Neira Ayuso
---
include/uapi/linux/netfilter/nf_tables.h | 2 ++
net/netfilter/nf_tables_api.c| 5 -
2 files changed
From: "Pablo M. Bermudo Garay"
This is a preparatory patch for adding fib support to the netdev family.
The netdev family receives the packets from ingress hook. At this point
we have no guarantee that the ip header is linear. So this patch
replaces ip_hdr with skb_header_pointer in order to add
From: Taehee Yoo
This patch removes duplicate rcu_read_lock().
1. IPVS part:
According to Julian Anastasov's mention, contexts of ipvs are described
at: http://marc.info/?l=netfilter-devel&m=149562884514072&w=2, in summary:
- packet RX/TX: does not need locks because packets come from hooks.
From: Florian Westphal
This also removes __nf_ct_unconfirmed_destroy() call from
nf_ct_iterate_cleanup_net, so that function can be used only
when missing conntracks from unconfirmed list isn't a problem.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilt
From: Florian Westphal
We have several spots that open-code a expect walk, add a helper
that is similar to nf_ct_iterate_destroy/nf_ct_iterate_cleanup.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_conntrack_expect.h | 5 +++
net/netfilter/nf_c
Hi David,
The following patchset contains Netfilter updates for your net-next
tree. Basically, updates to the conntrack core, enhancements for
nf_tables, conversion of netfilter hooks from linked list to array to
improve memory locality and asorted improvements for the Netfilter
codebase. More spe
These chain counters are only used by the iptables-compat tool, that
allow users to use the x_tables extensions from the existing nf_tables
framework. This patch makes nf_tables by ~5% for the general usecase,
ie. native nft users, where no chain counters are used at all.
Signed-off-by: Pablo Neir
This patch sorts out an asymmetry in deletions. Currently, table and set
deletion commands come with an implicit content flush on deletion.
However, chain deletion results in -EBUSY if there is content in this
chain, so no implicit flush happens. So you have to send a flush command
in first place t
In the last NFWS in Faro, Portugal, we discussed that netlink is lacking
the semantics to request non recursive deletions, ie. do not delete an
object iff it has child objects that hang from this parent object that
the user requests to be deleted.
We need this new flag to solve a problem for the i
Bail out if user requests non-recursive deletion for tables and sets.
This new flags tells nf_tables netlink interface to reject deletions if
tables and sets have content.
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_tables_api.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion
On Fri 01 Sep 23:12 PDT 2017, Marcel Holtmann wrote:
> Hi Rob,
>
> >>> Bluetooth BD address can be retrieved in the same way as
> >>> for wcnss-wlan MAC address. This patch mainly stores the
> >>> local-mac-address property and sets the BD address during
> >>> hci device setup.
> >>>
> >>> Signe
On Sun, Sep 03, 2017 at 03:31:13PM +0300, Baruch Siach wrote:
> Add device-tree binding documentation SFP transceivers. Support for SFP
> transceivers has been recently introduced (drivers/net/phy/sfp.c).
>
> Signed-off-by: Baruch Siach
> ---
> v3:
> Mention gpios phandle and specifier
> Ment
The function calls to kcalloc use wrong parameter order. The flags
have to be passed as last parameter.
The change was done using the following coccinelle script:
@@
expression E1,E2;
type T;
@@
-kcalloc(E1, E2, sizeof(T))
+kcalloc(E2, sizeof(T), E1)
Signed-off-by: Zahari Doychev
---
drivers/
On Sun, Sep 3, 2017 at 7:45 PM, Tom Herbert wrote:
>> Re all sorts of udp encap, sure, we're all on the less-is-more thing and just
>> RSS-ing on the ip+udp encap header.
>> For GRE, I was trying to fight back that rss-ing on inner, but as
>> Saeed commented,
>> we didn't see something simple thr
On 09/03/2017 08:50 AM, Stephen Hemminger wrote:
On Sat, 2 Sep 2017 07:15:02 -0700
gree...@candelatech.com wrote:
diff --git a/include/linux/sysinfo.h b/include/linux/sysinfo.h
index 934335a..3596b02 100644
--- a/include/linux/sysinfo.h
+++ b/include/linux/sysinfo.h
@@ -3,6 +3,14 @@
#inclu
When cross-compiling the bpf sample map_perf_test for aarch64, I find that
__NR_getpgrp is undefined. This causes build errors. This syscall is deprecated
and requires defining __ARCH_WANT_SYSCALL_DEPRECATED. To avoid having to define
that, just use a different syscall (getppid) for the array map s
BPF samples fail to build when cross-compiling for ARM64 because of incorrect
pt_regs param selection. This is because clang defines __x86_64__ and
bpf_headers thinks we're building for x86. Since clang is building for the BPF
target, it shouldn't make assumptions about what target the BPF program
When cross compiling, bpf samples use HOSTCC for compiling the non-BPF part of
the sample, however what we really want is to use the cross compiler to build
for the cross target since that is what will load and run the BPF sample.
Detect this and compile samples correctly.
CC: Alexei Starovoitov
CC: Alexei Starovoitov
CC: Daniel Borkmann
CC: David Miller
Signed-off-by: Joel Fernandes
---
samples/bpf/README.rst | 10 ++
1 file changed, 10 insertions(+)
diff --git a/samples/bpf/README.rst b/samples/bpf/README.rst
index 79f9a58f1872..2b906127ef54 100644
--- a/samples/bpf/README.
These patches fix issues seen when cross-compiling eBPF samples on arm64.
Compared to [1], I dropped the controversial inline-asm patch pending further
discussion on the right way to do it. However these patches are still a step in
the right direction and I wanted them to get in before the more con
From: Guillaume Nault
Date: Fri, 1 Sep 2017 17:58:45 +0200
> The session creation process has a few issues wrt. concurrent tunnel
> deletion.
>
> Patch #1 avoids creating sessions in tunnels that are getting removed.
> This prevents races where sessions could try to take tunnel resources
> that
From: Jesper Dangaard Brouer
Date: Fri, 01 Sep 2017 11:26:03 +0200
> There is a bug in fragmentation codes use of the percpu_counter API,
> that can cause issues on systems with many CPUs, above 24 CPUs.
>
> After much consideration and different attempts at solving the API
> usage. The conclus
From: Colin King
Date: Thu, 31 Aug 2017 17:30:53 +0100
> From: Colin Ian King
>
> The structures hca_param and func_cap are not being kfree'd on an error
> exit path causing two memory leaks. Fix this by jumping to the existing
> free memory error exit path.
>
> Detected by CoverityScan, CID#1
From: Colin King
Date: Thu, 31 Aug 2017 18:07:24 +0100
> From: Colin Ian King
>
> The current allocation for dev->caps.spec_qps is for the size of the
> pointer and not the size of the actual mlx4_spec_qps structure. Fix
> this by using the correct size. Also splint allocation over a few
>
From: Sabrina Dubroca
Date: Fri, 1 Sep 2017 01:45:06 +0200
> 2017-08-31, 18:11:41 +0200, Stefano Brivio wrote:
>> After ip_route_input() calls ip_route_input_noref(), another
>> check on skb_dst() is done, but if this fails, we shouldn't
>> override the return code from ip_route_input_noref(), as
1 - 100 of 117 matches
Mail list logo
