Hi,
Thanks for your comments.
> > eth = (struct ethhdr *)xdp->data;
> > + orig_host = ether_addr_equal_64bits(eth->h_dest, skb->dev->dev_addr);
>
> ether_addr_equal_64bits() seems to assume that the addresses passed to
> it are padded to be 8 bytes long, which is not the case for eth->h_d
his is when a XDP program wants to push received
packets up the stack by rewriting the MAC to the NICs MAC, for
example by cluster nodes sharing MAC addresses.
Fixes: 297249569932 ("net: fix generic XDP to handle if eth header was mangled")
Signed-off-by: Martin Willi
---
net/c
, default_device_exit() considers them
non-virtual, applying the usual namespace move.
The issue was introduced in the commit mentioned below, as at that time
CAN devices did not have a dellink() operation.
Fixes: e008b5fc8dc7 ("net: Simplfy default_device_exit and improve batching.")
Signed-off-
Hi Pablo,
> > +static int vrf_output6_direct_finish(struct net *net, struct sock *sk,
> > +struct sk_buff *skb)
> > +{
> > + vrf_finish_direct(skb);
> > +
> > + return vrf_ip6_local_out(net, sk, skb);
> > +}
> > +
> > static int vrf_output6_direct(struct net *
ot;)
Fixes: a9ec54d1b0cd ("net: vrf: performance improvements for IPv6")
Signed-off-by: Martin Willi
---
drivers/net/vrf.c | 92 +++
1 file changed, 69 insertions(+), 23 deletions(-)
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
index 60c1aa
dump")
Signed-off-by: Martin Willi
---
net/netfilter/nf_conntrack_netlink.c | 19 +++
1 file changed, 3 insertions(+), 16 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c
b/net/netfilter/nf_conntrack_netlink.c
index 832eabecfbdd..9bb82fcb7d6c 100644
--- a/net
up to honor the original layer 3 slave
device, allowing xfrm interfaces to operate within a vrf domain.
Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces")
Signed-off-by: Martin Willi
---
include/net/xfrm.h| 3 ++-
net/xfrm/xfrm_interface.c | 17 ++---
net/xfr
.
Fixes: cac2661c53f3 ("esp4: Avoid skb_cow_data whenever possible")
Fixes: 03e2a30f6a27 ("esp6: Avoid skb_cow_data whenever possible")
Signed-off-by: Martin Willi
---
net/ipv4/esp4.c | 2 +-
net/ipv6/esp6.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/n
>
> > printk(KERN_INFO "mac80211_hwsim: wmediumd released netlink"
> > " socket, switching to perfect channel medium\n");
> I wonder if we can do something better about them? Or perhaps if we
> should remove them, so other namespaces won't mess up the kernel log
This is in fact not very
, even if they have been moved to other
network namespaces.
The wmediumd Netlink portid is tracked per net namespace. Additionally,
the portid is stored on all radios created in that net namespace to
simplify the portid lookup in the data path.
Signed-off-by: Martin Willi
---
drivers/net
registration from user namespaces.
Fixes: 7882513bacb1 ("mac80211_hwsimdriver support userspace frame tx/rx")
Signed-off-by: Martin Willi
---
drivers/net/wireless/mac80211_hwsim.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/mac80211_hwsim.c
b/drivers/ne
Hi Johannes,
> So I think you should change the "wmediumd_portid" variable to live
> in struct hwsim_net and then allow HWSIM_CMD_REGISTER to be done
> inside the net namespace.
>
> With that, and making the other few wmediumd related operations
> namespace aware, we would be able to run wmediumd
keeps the previous
behavior by returning them to the init namespace, but prevents unprivileged
users from creating radios in the initial namespace.
Signed-off-by: Martin Willi
---
drivers/net/wireless/mac80211_hwsim.c | 97 +--
1 file changed, 94 insertions(+), 3
, add accessors.
* On namespace exit, do not destroy hwsim radios originally created in
the initial network namespace.
Martin Willi (2):
nl80211: Allow privileged operations from user namespaces
mac80211_hwsim: Allow managing radios from non-initial namespaces
drivers/net/wireless
implies a namespace aware lookup of the device. The only
exception is NL80211_CMD_SET_WIPHY, which explicitly uses a namespace aware
phy lookup.
Signed-off-by: Martin Willi
---
net/wireless/nl80211.c | 150 -
1 file changed, 75 insertions(+), 75
> > Moving the radio back to the creators namespace would be the most
> > consistent behavior, so I'll check how difficult such a reverse
> > lookup is. We then would delete the radio only if it is in the
> > creators namespace, or if the creators namespace is gone. Does that
> > make sense?
> It
> > +static __net_init int hwsim_init_net(struct net *net)
> > +{
> > + struct mac80211_hwsim_data *data;
> > + bool exists = true;
> > + int netgroup = 0;
> > +
> > + spin_lock_bh(&hwsim_radio_lock);
> > + while (exists) {
> > + exists = false;
> > + list_for_each_e
the same netgroup can
communicate even if not in the same namespace; This allows a controlling
namespace to create radios and move them to other namespaces for
communication.
Signed-off-by: Martin Willi
---
drivers/net/wireless/mac80211_hwsim.c | 88 +--
1 file
implies a namespace aware lookup of the device. The only
exception is NL80211_CMD_SET_WIPHY, which explicitly uses a namespace aware
lookup.
Signed-off-by: Martin Willi
---
net/wireless/nl80211.c | 150 -
1 file changed, 75 insertions(+), 75 deletion
such namespaces. Together, with these
patches an unprivileged test environment can create user/network
namespaces and set up abitrary simulated wireless networks.
Martin Willi (2):
nl80211: Allow privileged operations from user namespaces
mac80211_hwsim: Allow managing radios from non-initial
Hi Steffen,
> > It looks like our IPsec implementations of CCM and GCM are buggy
> > in that they don't include the IV in the authentication calculation.
>
> Seems like crypto_rfc4106_crypt() passes the associated data it
> got from ESP directly to gcm, without chaining with the IV.
Do you have
Hi Herbert,
> > Does this mean that even the test vectors (crypto/testmgr.h) are broken?
>
> Indeed. The test vectors appear to be generated either through
> our implementation or by one that is identical to us.
I'm not sure about that. RFC4106 refers to [1] for test vectors, which
is still ava
22 matches
Mail list logo
