1. 10 Nov, 2016 13 commits
  2. 09 Nov, 2016 5 commits
    • Arnd Bergmann's avatar
      netfilter: conntrack: fix NF_REPEAT handling · 56a62e22
      Arnd Bergmann authored
      gcc correctly identified a theoretical uninitialized variable use:
      net/netfilter/nf_conntrack_core.c: In function 'nf_conntrack_in':
      net/netfilter/nf_conntrack_core.c:1125:14: error: 'l4proto' may be used uninitialized in this function [-Werror=maybe-uninitialized]
      This could only happen when we 'goto out' before looking up l4proto,
      and then enter the retry, implying that l3proto->get_l4proto()
      returned NF_REPEAT. This does not currently get returned in any
      code path and probably won't ever happen, but is not good to
      rely on.
      Moving the repeat handling up a little should have the same
      behavior as today but avoids the warning by making that case
      impossible to enter.
      [ I have mangled this original patch to remove the check for tmpl, we
        should inconditionally jump back to the repeat label in case we hit
        NF_REPEAT instead. I have also moved the comment that explains this
        where it belongs. --pablo ]
      Fixes: 08733a0c
       ("netfilter: handle NF_REPEAT from nf_conntrack_in()")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
    • Arnd Bergmann's avatar
      udp: provide udp{4,6}_lib_lookup for nf_socket_ipv{4,6} · 30f58158
      Arnd Bergmann authored
      Since commit ca065d0c ("udp: no longer use SLAB_DESTROY_BY_RCU")
      the udp6_lib_lookup and udp4_lib_lookup functions are only
      provided when it is actually possible to call them.
      However, moving the callers now caused a link error:
      net/built-in.o: In function `nf_sk_lookup_slow_v6':
      (.text+0x131a39): undefined reference to `udp6_lib_lookup'
      net/ipv4/netfilter/nf_socket_ipv4.o: In function `nf_sk_lookup_slow_v4':
      nf_socket_ipv4.c:(.text.nf_sk_lookup_slow_v4+0x114): undefined reference to `udp4_lib_lookup'
      This extends the #ifdef so we also provide the functions when
      are set.
      Fixes: 8db4c5be
       ("netfilter: move socket lookup infrastructure to nf_socket_ipv{4,6}.c")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
    • Davide Caratti's avatar
      netfilter: conntrack: simplify init/uninit of L4 protocol trackers · 0e54d217
      Davide Caratti authored
      modify registration and deregistration of layer-4 protocol trackers to
      facilitate inclusion of new elements into the current list of builtin
      protocols. Both builtin (TCP, UDP, ICMP) and non-builtin (DCCP, GRE, SCTP,
      UDPlite) layer-4 protocol trackers usually register/deregister themselves
      using consecutive calls to nf_ct_l4proto_{,pernet}_{,un}register(...).
      This sequence is interrupted and rolled back in case of error; in order to
      simplify addition of builtin protocols, the input of the above functions
      has been modified to allow registering/unregistering multiple protocols.
      Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
    • Liping Zhang's avatar
      netfilter: nf_tables: simplify the basic expressions' init routine · 4e24877e
      Liping Zhang authored
      Some basic expressions are built into nf_tables.ko, such as nft_cmp,
      nft_lookup, nft_range and so on. But these basic expressions' init
      routine is a little ugly, too many goto errX labels, and we forget
      to call nft_range_module_exit in the exit routine, although it is
      Acctually, the init and exit routines of these basic expressions
      are same, i.e. do nft_register_expr in the init routine and do
      nft_unregister_expr in the exit routine.
      So it's better to arrange them into an array and deal with them
      Signed-off-by: default avatarLiping Zhang <zlpnobody@gmail.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
    • Pablo Neira Ayuso's avatar
      netfilter: nft_hash: get random bytes if seed is not specified · f86dab3a
      Pablo Neira Ayuso authored
      If the user doesn't specify a seed, generate one at configuration time.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
  3. 03 Nov, 2016 10 commits
  4. 02 Nov, 2016 12 commits
    • Govindarajulu Varadarajan's avatar
      enic: set skb->hash type properly · 17197236
      Govindarajulu Varadarajan authored
      Driver sets the skb l4/l3 hash based on NIC_CFG_RSS_HASH_TYPE_*,
      which is bit mask. This is wrong. Hw actually provides us enum.
      Use CQ_ENET_RQ_DESC_RSS_TYPE_* to set l3 and l4 hash type.
      Fixes: bf751ba8
       ("driver/net: enic: record q_number and rss_hash for skb")
      Signed-off-by: default avatarGovindarajulu Varadarajan <_govind@gmx.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Philippe Reynes's avatar
      net: 3com: typhoon: use new api ethtool_{get|set}_link_ksettings · f7a5537c
      Philippe Reynes authored
      The ethtool api {get|set}_settings is deprecated.
      We move this driver to new api {get|set}_link_ksettings.
      Signed-off-by: default avatarPhilippe Reynes <tremyfr@gmail.com>
      Reviewed-by: default avatarDavid Dillow <dave@thedillows.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Tom Herbert's avatar
      ila: Fix crash caused by rhashtable changes · 1913540a
      Tom Herbert authored
      commit ca26893f
       ("rhashtable: Add rhlist interface")
      added a field to rhashtable_iter so that length became 56 bytes
      and would exceed the size of args in netlink_callback (which is
      48 bytes). The netlink diag dump function already has been
      allocating a iter structure and storing the pointed to that
      in the args of netlink_callback. ila_xlat also uses
      rhahstable_iter but is still putting that directly in
      the arg block. Now since rhashtable_iter size is increased
      we are overwriting beyond the structure. The next field
      happens to be cb_mutex pointer in netlink_sock and hence the crash.
      Fix is to alloc the rhashtable_iter and save it as pointer
      in arg.
        modprobe ila
        ./ip ila add loc 3333:0:0:0 loc_match 2222:0:0:1,
        ./ip ila list  # NO crash now
      Signed-off-by: default avatarTom Herbert <tom@herbertland.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Cyrill Gorcunov's avatar
      net: ip, diag -- Adjust raw_abort to use unlocked __udp_disconnect · 3de864f8
      Cyrill Gorcunov authored
      While being preparing patches for killing raw sockets via
      diag netlink interface I noticed that my runs are stuck:
       | [root@pcs7 ~]# cat /proc/`pidof ss`/stack
       | [<ffffffff816d1a76>] __lock_sock+0x80/0xc4
       | [<ffffffff816d206a>] lock_sock_nested+0x47/0x95
       | [<ffffffff8179ded6>] udp_disconnect+0x19/0x33
       | [<ffffffff8179b517>] raw_abort+0x33/0x42
       | [<ffffffff81702322>] sock_diag_destroy+0x4d/0x52
      which has not been the case before. I narrowed it down to the commit
       | commit 286c72de
       | Author: Eric Dumazet <edumazet@google.com>
       | Date:   Thu Oct 20 09:39:40 2016 -0700
       |     udp: must lock the socket in udp_disconnect()
      where we start locking the socket for different reason.
      So the raw_abort escaped the renaming and we have to
      fix this typo using __udp_disconnect instead.
      Fixes: 286c72de
       ("udp: must lock the socket in udp_disconnect()")
      CC: David S. Miller <davem@davemloft.net>
      CC: Eric Dumazet <eric.dumazet@gmail.com>
      CC: David Ahern <dsa@cumulusnetworks.com>
      CC: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
      CC: James Morris <jmorris@namei.org>
      CC: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
      CC: Patrick McHardy <kaber@trash.net>
      CC: Andrey Vagin <avagin@openvz.org>
      CC: Stephen Hemminger <stephen@networkplumber.org>
      Signed-off-by: default avatarCyrill Gorcunov <gorcunov@openvz.org>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Woojung Huh's avatar
      lan78xx: Use irq_domain for phy interrupt from USB Int. EP · cc89c323
      Woojung Huh authored
      To utilize phylib with interrupt fully than handling some of phy stuff in the MAC driver,
      create irq_domain for USB interrupt EP of phy interrupt and
      pass the irq number to phy_connect_direct() instead of PHY_IGNORE_INTERRUPT.
      Idea comes from drivers/gpio/gpio-dl2.c
      Signed-off-by: default avatarWoojung Huh <woojung.huh@microchip.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Eric Dumazet's avatar
      tcp: enhance tcp collapsing · 2331ccc5
      Eric Dumazet authored
      As Ilya Lesokhin suggested, we can collapse two skbs at retransmit
      time even if the skb at the right has fragments.
      We simply have to use more generic skb_copy_bits() instead of
      skb_copy_from_linear_data() in tcp_collapse_retrans()
      Also need to guard this skb_copy_bits() in case there is nothing to
      copy, otherwise skb_put() could panic if left skb has frags.
      Used following packetdrill test
      // Establish a connection.
      0.000 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
         +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
         +0 bind(3, ..., ...) = 0
         +0 listen(3, 1) = 0
         +0 < S 0:0(0) win 32792 <mss 1460,sackOK,nop,nop,nop,wscale 8>
         +0 > S. 0:0(0) ack 1 <mss 1460,nop,nop,sackOK,nop,wscale 8>
      +.100 < . 1:1(0) ack 1 win 257
         +0 accept(3, ..., ...) = 4
         +0 setsockopt(4, SOL_TCP, TCP_NODELAY, [1], 4) = 0
         +0 write(4, ..., 200) = 200
         +0 > P. 1:201(200) ack 1
      +.001 write(4, ..., 200) = 200
         +0 > P. 201:401(200) ack 1
      +.001 write(4, ..., 200) = 200
         +0 > P. 401:601(200) ack 1
      +.001 write(4, ..., 200) = 200
         +0 > P. 601:801(200) ack 1
      +.001 write(4, ..., 200) = 200
         +0 > P. 801:1001(200) ack 1
      +.001 write(4, ..., 100) = 100
         +0 > P. 1001:1101(100) ack 1
      +.001 write(4, ..., 100) = 100
         +0 > P. 1101:1201(100) ack 1
      +.001 write(4, ..., 100) = 100
         +0 > P. 1201:1301(100) ack 1
      +.001 write(4, ..., 100) = 100
         +0 > P. 1301:1401(100) ack 1
      +.100 < . 1:1(0) ack 1 win 257 <nop,nop,sack 1001:1401>
      // Check that TCP collapse works :
         +0 > P. 1:1001(1000) ack 1
      Reported-by: default avatarIlya Lesokhin <ilyal@mellanox.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Neal Cardwell <ncardwell@google.com>
      Cc: Yuchung Cheng <ycheng@google.com>
      Cc: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Philippe Reynes's avatar
      net: 3c509: use new api ethtool_{get|set}_link_ksettings · b646cf29
      Philippe Reynes authored
      The ethtool api {get|set}_settings is deprecated.
      We move this driver to new api {get|set}_link_ksettings.
      Signed-off-by: default avatarPhilippe Reynes <tremyfr@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Philippe Reynes's avatar
      net: 3c59x: use new api ethtool_{get|set}_link_ksettings · e19b7883
      Philippe Reynes authored
      The ethtool api {get|set}_settings is deprecated.
      We move this driver to new api {get|set}_link_ksettings.
      Signed-off-by: default avatarPhilippe Reynes <tremyfr@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Philippe Reynes's avatar
      net: mii: add generic function to support ksetting support · bc8ee596
      Philippe Reynes authored
      The old ethtool api (get_setting and set_setting) has generic mii
      functions mii_ethtool_sset and mii_ethtool_gset.
      To support the new ethtool api ({get|set}_link_ksettings), we add
      two generics mii function mii_ethtool_{get|set}_link_ksettings_get.
      Signed-off-by: default avatarPhilippe Reynes <tremyfr@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • David S. Miller's avatar
      Merge branch 'mlx4-XDP-tx-refactor' · 55454e9e
      David S. Miller authored
      Tariq Toukan says:
      mlx4 XDP TX refactor
      This patchset refactors the XDP forwarding case, so that
      its dedicated transmit queues are managed in a complete
      separation from the other regular ones.
      It also adds ethtool counters for XDP cases.
      Series generated against net-next commit:
      22ca904a genetlink: fix error return code in genl_register_family()
      * Exposed per ring counters.
      * Added ethtool counters.
      * Rebased, now patch 2 reverts Brenden's fix, as the bug no longer exists:
       ("net/mlx4_en: fixup xdp tx irq to match rx")
      * Updated commit message of patch 2.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Tariq Toukan's avatar
      net/mlx4_en: Add ethtool statistics for XDP cases · 15fca2c8
      Tariq Toukan authored
      XDP statistics are reported in ethtool, in total and per ring,
      as follows:
      - xdp_drop: the number of packets dropped by xdp.
      - xdp_tx: the number of packets forwarded by xdp.
      - xdp_tx_full: the number of times an xdp forward failed
      	due to a full tx xdp ring.
      In addition, all packets that are dropped/forwarded by XDP
      are no longer accounted in rx_packets/rx_bytes of the ring,
      so that they count traffic that is passed to the stack.
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Tariq Toukan's avatar
      net/mlx4_en: Refactor the XDP forwarding rings scheme · 67f8b1dc
      Tariq Toukan authored
      Separately manage the two types of TX rings: regular ones, and XDP.
      Upon an XDP set, do not borrow regular TX rings and convert them
      into XDP ones, but allocate new ones, unless we hit the max number
      of rings.
      Which means that in systems with smaller #cores we will not consume
      the current TX rings for XDP, while we are still in the num TX limit.
      XDP TX rings counters are not shown in ethtool statistics.
      Instead, XDP counters will be added to the respective RX rings
      in a downstream patch.
      This has no performance implications.
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>