This patchset introduces new virtual xfrm interfaces.
The design of virtual xfrm interfaces interfaces was
discussed at the Linux IPsec workshop 2018. This patchset
implements these interfaces as the IPsec userspace and
kernel developers agreed. The purpose of these interfaces
is to overcome the de
This patch adds the xfrm interface id as a lookup key
for xfrm states and policies. With this we can assign
states and policies to virtual xfrm interfaces.
Signed-off-by: Steffen Klassert
Acked-by: Shannon Nelson
Acked-by: Benedict Wong
Tested-by: Benedict Wong
Tested-by: Antony Antony
Review
Add a new flowi_xfrm structure with informations needed to do
a xfrm lookup. At the moment it keeps the informations about
the xfrm interface id.
Signed-off-by: Steffen Klassert
Acked-by: Shannon Nelson
Acked-by: Benedict Wong
Tested-by: Benedict Wong
Tested-by: Antony Antony
Reviewed-by: Eya
This patch adds support for virtual xfrm interfaces.
Packets that are routed through such an interface
are guaranteed to be IPsec transformed or dropped.
Co-developed-by: Lorenzo Colitti
Co-developed-by: Benedict Wong
Signed-off-by: Lorenzo Colitti
Signed-off-by: Benedict Wong
Signed-off-by: S
On Sun, Jun 03, 2018 at 03:41:08PM -0700, Eric Dumazet wrote:
>
>
> On 06/03/2018 01:37 PM, Tom Herbert wrote:
>
> > This is not an inconsequential mechanism that is being proposed. It's
> > a modification to IP protocol that is intended to work on the
> > Internet, but it looks like the draft h
On Sun, Jun 03, 2018 at 03:41:08PM -0700, Eric Dumazet wrote:
>
>
> On 06/03/2018 01:37 PM, Tom Herbert wrote:
>
> > This is not an inconsequential mechanism that is being proposed. It's
> > a modification to IP protocol that is intended to work on the
> > Internet, but it looks like the draft h
On 06/03/2018 07:46 AM, David Ahern wrote:
> It was a mistake to set rt_last before checking err. So the
> use-after-free exposed the semantic error.
>
SGTM, please send the formal patch then, thanks !
On Sun, Jun 03, 2018 at 07:47:11PM -0600, David Ahern wrote:
> On 6/3/18 7:41 PM, Alexei Starovoitov wrote:
> > On Sun, Jun 03, 2018 at 08:15:19AM -0700, dsah...@kernel.org wrote:
> >> From: David Ahern
> >>
> >> As Michal noted the flow struct takes both the flow label and priority.
> >> Update t
On 6/3/18 7:41 PM, Alexei Starovoitov wrote:
> On Sun, Jun 03, 2018 at 08:15:19AM -0700, dsah...@kernel.org wrote:
>> From: David Ahern
>>
>> As Michal noted the flow struct takes both the flow label and priority.
>> Update the bpf_fib_lookup API to note that it is flowinfo and not just
>> the flo
On Sun, Jun 03, 2018 at 08:15:19AM -0700, dsah...@kernel.org wrote:
> From: David Ahern
>
> As Michal noted the flow struct takes both the flow label and priority.
> Update the bpf_fib_lookup API to note that it is flowinfo and not just
> the flow label.
>
> Cc: Michal Kubecek
> Signed-off-by:
On Sun, Jun 03, 2018 at 03:59:40PM -0700, Yonghong Song wrote:
> bpf has been used extensively for tracing. For example, bcc
> contains an almost full set of bpf-based tools to trace kernel
> and user functions/events. Most tracing tools are currently
> either filtered based on pid or system-wide.
On Fri, Jun 01, 2018 at 08:50:16AM -0700, dsah...@kernel.org wrote:
> From: David Ahern
>
> A recent commit changed rtnl_talk_* to return the response message in
> allocated memory so callers need to free it. The change to name_is_vrf
> did not save the device index which is pointing to a struct
On 2018/06/03 23:33, David Miller wrote:
> From: Elad Nachman
> Date: Wed, 30 May 2018 08:48:25 +0300
>
>> static void stmmac_rx_vlan(struct net_device *dev, struct sk_buff *skb)
>> {
>> -struct ethhdr *ehdr;
>> +struct vlan_ethhdr *veth;
>> u16 vlanid;
>> +__be16 vlan_proto;
>
Hello,
2018-06-04 6:54 GMT+09:00 Subash Abhinov Kasiviswanathan
:
> RAWIP devices such as rmnet do not have a hardware address and
> instead require the kernel to generate a random IID for the
> temporary addresses. For permanent addresses, the device IID is
> used along with prefix received.
>
>
On 6/3/18 1:00 PM, Alexei Starovoitov wrote:
On Sun, Jun 03, 2018 at 12:36:51AM -0700, Yonghong Song wrote:
bpf has been used extensively for tracing. For example, bcc
contains an almost full set of bpf-based tools to trace kernel
and user functions/events. Most tracing tools are currently
ei
Syscall name_to_handle_at() can be used to get cgroup id
for a particular cgroup path in user space. The selftest
got cgroup id from both user and kernel, and compare to
ensure they are equal to each other.
Acked-by: Alexei Starovoitov
Signed-off-by: Yonghong Song
---
tools/testing/selftests/bp
bpf has been used extensively for tracing. For example, bcc
contains an almost full set of bpf-based tools to trace kernel
and user functions/events. Most tracing tools are currently
either filtered based on pid or system-wide.
Containers have been used quite extensively in industry and
cgroup is
bpf has been used extensively for tracing. For example, bcc
contains an almost full set of bpf-based tools to trace kernel
and user functions/events. Most tracing tools are currently
either filtered based on pid or system-wide.
Containers have been used quite extensively in industry and
cgroup is
Sync kernel uapi/linux/bpf.h with tools uapi/linux/bpf.h.
Also add the necessary helper define in bpf_helpers.h.
Acked-by: Alexei Starovoitov
Signed-off-by: Yonghong Song
---
tools/include/uapi/linux/bpf.h| 8 +++-
tools/testing/selftests/bpf/bpf_helpers.h | 2 ++
2 files change
On 06/03/2018 01:37 PM, Tom Herbert wrote:
> This is not an inconsequential mechanism that is being proposed. It's
> a modification to IP protocol that is intended to work on the
> Internet, but it looks like the draft hasn't been updated for two
> years and it is not adopted by any IETF workin
When sending an ack to a command packet, the skb is still referenced
after it is sent to the real device. Since the real device could
free the skb, the device pointer would be invalid.
Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial
implementation")
Signed-off-by: Subash Ab
RAWIP devices such as rmnet do not have a hardware address and
instead require the kernel to generate a random IID for the
temporary addresses. For permanent addresses, the device IID is
used along with prefix received.
Signed-off-by: Subash Abhinov Kasiviswanathan
---
net/ipv6/addrconf.c | 17 +
On Sat, Jun 2, 2018 at 9:17 AM, Sam Patton wrote:
> Hello Willy, netdev,
>
> Thank you for your reply and advice. I couldn't agree more with you
> about containers and the exciting prospects there,
>
> as well as the ADSL scenario you mention.
>
> As far as application examples, check out this si
On Sun, Jun 03, 2018 at 12:36:51AM -0700, Yonghong Song wrote:
> bpf has been used extensively for tracing. For example, bcc
> contains an almost full set of bpf-based tools to trace kernel
> and user functions/events. Most tracing tools are currently
> either filtered based on pid or system-wide.
Hello,
On Sun, Jun 3, 2018 at 10:47 AM, Maciej Żenczykowski
wrote:
> From: Maciej Żenczykowski
>
> It is not safe to do so because such sockets are already in the
> hash tables and changing these options can result in invalidating
> the tb->fastreuse(port) caching.
>
> This can have later far re
Sun, Jun 03, 2018 at 08:33:25PM CEST, xiyou.wangc...@gmail.com wrote:
>On Wed, May 30, 2018 at 1:17 AM, Paul Blakey wrote:
>> Two of the fixes are for my multiple mask patch
>>
>> Paul Blakey (2):
>> cls_flower: Fix missing free of rhashtable
>> cls_flower: Fix comparing of old filter mask wit
On Wed, May 30, 2018 at 1:17 AM, Paul Blakey wrote:
> Two of the fixes are for my multiple mask patch
>
> Paul Blakey (2):
> cls_flower: Fix missing free of rhashtable
> cls_flower: Fix comparing of old filter mask with new filter
Both are bug fixes and one-line fixes, so definitely should go
From: Maciej Żenczykowski
It is not safe to do so because such sockets are already in the
hash tables and changing these options can result in invalidating
the tb->fastreuse(port) caching.
This can have later far reaching consequences wrt. bind conflict checks
which rely on these caches (for opt
From: Maciej Żenczykowski
This changes the /proc/sys/net/ipv4/tcp_tw_reuse from a boolean
to an integer.
It now takes the values 0, 1 and 2, where 0 and 1 behave as before,
while 2 enables timewait socket reuse only for sockets that we can
prove are loopback connections:
ie. bound to 'lo' inte
On Sun, 3 Jun 2018 18:11:45 +0200
Daniel Borkmann wrote:
> On 06/03/2018 08:56 AM, Jesper Dangaard Brouer wrote:
> > On Sat, 2 Jun 2018 23:06:35 +0200
> > Daniel Borkmann wrote:
> >
> >> Before:
> >>
> >> # bpftool p d x i 1
> >
> > Could this please be changed to:
> >
> > # bpftool p
This patch adds support for configuring SRQ and provides the necessary
APIs for rdma upper layer driver (qedr) to enable the SRQ feature.
Signed-off-by: Michal Kalderon
Signed-off-by: Ariel Elior
Signed-off-by: Yuval Bason
---
Changes from v1:
- sparse warnings
- replace memset
On 06/03/2018 08:56 AM, Jesper Dangaard Brouer wrote:
> On Sat, 2 Jun 2018 23:06:35 +0200
> Daniel Borkmann wrote:
>
>> Before:
>>
>> # bpftool p d x i 1
>
> Could this please be changed to:
>
> # bpftool prog dump xlated id 1
>
> I requested this before, but you seem to have missed my fee
From: Leon Romanovsky [mailto:l...@kernel.org]
Sent: Thursday, May 31, 2018 8:33 PM
> On Wed, May 30, 2018 at 04:11:37PM +0300, Yuval Bason wrote:
> > This patch adds support for configuring SRQ and provides the necessary
> > APIs for rdma upper layer driver (qedr) to enable the SRQ feature.
> >
>
On 5/31/18 10:05 PM, Stephen Suryaputra wrote:
> Use the right device to determine if redirect should be sent especially
> when using vrf. Same as well as when sending the redirect.
>
> Signed-off-by: Stephen Suryaputra
> ---
> net/ipv6/ip6_output.c | 3 ++-
> net/ipv6/ndisc.c | 6 ++
>
On Thu, May 31, 2018 at 10:59:42AM +0200, Jesper Dangaard Brouer wrote:
> As I mentioned in merge commit 10f678683e4 ("Merge branch 'xdp_xmit-bulking'")
> I plan to change the API for ndo_xdp_xmit once more, by adding a flags
> argument, which is done in this patchset.
>
> I know it is late in the
From: David Ahern
As Michal noted the flow struct takes both the flow label and priority.
Update the bpf_fib_lookup API to note that it is flowinfo and not just
the flow label.
Cc: Michal Kubecek
Signed-off-by: David Ahern
---
include/uapi/linux/bpf.h | 2 +-
net/core/filter.c | 2
On Sat, Jun 02, 2018 at 11:06:30PM +0200, Daniel Borkmann wrote:
> This set adds various patches I still had in my queue, first two
> are test cases to provide coverage for the recent two fixes that
> went to bpf tree, then a small improvement on the error message
> for gpl helpers. Next, we expose
From: Thadeu Lima de Souza Cascardo
Date: Thu, 31 May 2018 09:20:20 -0300
> Signed-off-by: Thadeu Lima de Souza Cascardo
Applied.
From: Eric Dumazet
Date: Thu, 31 May 2018 05:52:24 -0700
> Commit 1383cb8103bb ("mlx4_core: allocate ICM memory in page size chunks")
> brought two regressions caught in our regression suite.
>
> The big one is an additional cost of 256 bytes of overhead per 4096 bytes,
> or 6.25 % which is unac
On 6/3/18 8:31 AM, Eric Dumazet wrote:
>
>
> On 06/03/2018 07:01 AM, David Ahern wrote:
>> On 6/3/18 7:35 AM, Eric Dumazet wrote:
>>> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
>>> index
>>> f4d61736c41abe8cd7f439c4a37100e90c1eacca..830eefdbdb6734eb81ea0322fb6077ee20be1889
>>> 100644
>>>
On 6/3/18 8:01 AM, David Ahern wrote:
> Is there a reproducer for the syzbot case?
One reproducer is to insert a route and then add a multipath route that
has a duplicate nexthop.e.g,:
ip -6 ro add vrf red 2001:db8:101::/64 nexthop via 2001:db8:1::2
ip -6 ro append vrf red 2001:db8:101::/64 next
From: Wei Yongjun
Date: Thu, 31 May 2018 02:31:22 +
> Fix to return error code -EINVAL instead of 0 if optlen is invalid.
>
> Fixes: 01d2f7e2cdd3 ("net/smc: sockopts TCP_NODELAY and TCP_CORK")
> Signed-off-by: Wei Yongjun
Although the TCP code should be checking this in the previous lines,
From: Wei Yongjun
Date: Thu, 31 May 2018 02:31:12 +
> Fixes the following sparse warning:
>
> drivers/net/ethernet/mellanox/mlx5/core/fpga/tls.c:199:6: warning:
> symbol 'mlx5_fpga_tls_send_teardown_cmd' was not declared. Should it be
> static?
>
> Signed-off-by: Wei Yongjun
Applied.
From: Wei Yongjun
Date: Thu, 31 May 2018 02:04:43 +
> Fix to return a negative error code from the failover register fail
> error handling case instead of 0, as done elsewhere in this function.
>
> Fixes: 1ff78076d8dd ("netvsc: refactor notifier/event handling code to use
> the failover fra
From: Stephen Suryaputra
Date: Fri, 1 Jun 2018 00:05:21 -0400
> Use the right device to determine if redirect should be sent especially
> when using vrf. Same as well as when sending the redirect.
>
> Signed-off-by: Stephen Suryaputra
David A., please review.
From: Heiner Kallweit
Date: Wed, 30 May 2018 22:13:20 +0200
> We can bail out immediately also in case of PHY_IGNORE_INTERRUPT because
> phy_mac_interupt() informs us once the link is up.
>
> Signed-off-by: Heiner Kallweit
Applied, thanks.
From: Elad Nachman
Date: Wed, 30 May 2018 08:48:25 +0300
> static void stmmac_rx_vlan(struct net_device *dev, struct sk_buff *skb)
> {
> - struct ethhdr *ehdr;
> + struct vlan_ethhdr *veth;
> u16 vlanid;
> + __be16 vlan_proto;
Please order local variables from longest to shor
On 06/03/2018 07:01 AM, David Ahern wrote:
> On 6/3/18 7:35 AM, Eric Dumazet wrote:
>> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
>> index
>> f4d61736c41abe8cd7f439c4a37100e90c1eacca..830eefdbdb6734eb81ea0322fb6077ee20be1889
>> 100644
>> --- a/net/ipv6/route.c
>> +++ b/net/ipv6/route.c
>
On 6/3/18 7:35 AM, Eric Dumazet wrote:
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index
> f4d61736c41abe8cd7f439c4a37100e90c1eacca..830eefdbdb6734eb81ea0322fb6077ee20be1889
> 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -4263,7 +4263,9 @@ static int ip6_route_multipath_
syzbot reported a use-after-free [1]
Issue here is that rt_last might have been freed already.
We need to grab a refcount on it to prevent this.
[1]
BUG: KASAN: use-after-free in ip6_route_mpath_notify+0xe9/0x100
net/ipv6/route.c:4180
Read of size 4 at addr 8801bf789cf0 by task syz-executor7
Sync kernel uapi/linux/bpf.h with tools uapi/linux/bpf.h.
Also add the necessary helper define in bpf_helpers.h.
Signed-off-by: Yonghong Song
---
tools/include/uapi/linux/bpf.h| 9 -
tools/testing/selftests/bpf/bpf_helpers.h | 2 ++
2 files changed, 10 insertions(+), 1 deleti
bpf has been used extensively for tracing. For example, bcc
contains an almost full set of bpf-based tools to trace kernel
and user functions/events. Most tracing tools are currently
either filtered based on pid or system-wide.
Containers have been used quite extensively in industry and
cgroup is
Syscall name_to_handle_at() can be used to get cgroup id
for a particular cgroup path in user space. The selftest
got cgroup id from both user and kernel, and compare to
ensure they are equal to each other.
Signed-off-by: Yonghong Song
---
tools/testing/selftests/bpf/.gitignore | 1 +
bpf has been used extensively for tracing. For example, bcc
contains an almost full set of bpf-based tools to trace kernel
and user functions/events. Most tracing tools are currently
either filtered based on pid or system-wide.
Containers have been used quite extensively in industry and
cgroup is
We incorrectly compare the mask and the result is that we can't modify
an already existing rule.
Fix that by comparing correctly.
Fixes: 05cd271fd61a ("cls_flower: Support multiple masks per priority")
Reported-by: Vlad Buslov
Reviewed-by: Roi Dayan
Reviewed-by: Jiri Pirko
Signed-off-by: Paul
When destroying the instance, destroy the head rhashtable.
Fixes: 05cd271fd61a ("cls_flower: Support multiple masks per priority")
Reported-by: Vlad Buslov
Reviewed-by: Roi Dayan
Reviewed-by: Jiri Pirko
Signed-off-by: Paul Blakey
---
Changelog: v0 -> v2: rebased.
net/sched/cls_flower.c | 2
56 matches
Mail list logo
