1. 07 Aug, 2015 7 commits
  2. 05 Aug, 2015 1 commit
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · 9dc20a64
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter updates for net-next
      
      The following patchset contains Netfilter updates for net-next, they are:
      
      1) A couple of cleanups for the netfilter core hook from Eric Biederman.
      
      2) Net namespace hook registration, also from Eric. This adds a dependency with
         the rtnl_lock. This should be fine by now but we have to keep an eye on this
         because if we ever get the per-subsys nfnl_lock before rtnl we have may
         problems in the future. But we have room to remove this in the future by
         propagating the complexity to the clients, by registering hooks for the init
         netns functions.
      
      3) Update nf_tables to use the new net namespace hook infrastructure, also from
         Eric.
      
      4) Three patches to refine and to address problems from the new net namespace
         hook infrastructure.
      
      5) Switch to alternate jumpstack in xtables iff the packet is reentering. This
         only applies to a very special case, the TEE target, but Eric Dumazet
         reports that this is slowing down things for everyone else. So let's only
         switch to the alternate jumpstack if the tee target is in used through a
         static key. This batch also comes with offline precalculation of the
         jumpstack based on the callchain depth. From Florian Westphal.
      
      6) Minimal SCTP multihoming support for our conntrack helper, from Michal
         Kubecek.
      
      7) Reduce nf_bridge_info per skbuff scratchpad area to 32 bytes, from Florian
         Westphal.
      
      8) Fix several checkpatch errors in bridge netfilter, from Bernhard Thaler.
      
      9) Get rid of useless debug message in ip6t_REJECT, from Subash Abhinov.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9dc20a64
  3. 04 Aug, 2015 10 commits
  4. 03 Aug, 2015 14 commits
  5. 01 Aug, 2015 8 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 5510b3c2
      David S. Miller authored
      Conflicts:
      	arch/s390/net/bpf_jit_comp.c
      	drivers/net/ethernet/ti/netcp_ethss.c
      	net/bridge/br_multicast.c
      	net/ipv4/ip_fragment.c
      
      All four conflicts were cases of simple overlapping
      changes.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5510b3c2
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 7c764cec
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Must teardown SR-IOV before unregistering netdev in igb driver, from
          Alex Williamson.
      
       2) Fix ipv6 route unreachable crash in IPVS, from Alex Gartrell.
      
       3) Default route selection in ipv4 should take the prefix length, table
          ID, and TOS into account, from Julian Anastasov.
      
       4) sch_plug must have a reset method in order to purge all buffered
          packets when the qdisc is reset, likewise for sch_choke, from WANG
          Cong.
      
       5) Fix deadlock and races in slave_changelink/br_setport in bridging.
          From Nikolay Aleksandrov.
      
       6) mlx4 bug fixes (wrong index in port even propagation to VFs,
          overzealous BUG_ON assertion, etc.) from Ido Shamay, Jack
          Morgenstein, and Or Gerlitz.
      
       7) Turn off klog message about SCTP userspace interface compat that
          makes no sense at all, from Daniel Borkmann.
      
       8) Fix unbounded restarts of inet frag eviction process, causing NMI
          watchdog soft lockup messages, from Florian Westphal.
      
       9) Suspend/resume fixes for r8152 from Hayes Wang.
      
      10) Fix busy loop when MSG_WAITALL|MSG_PEEK is used in TCP recv, from
          Sabrina Dubroca.
      
      11) Fix performance regression when removing a lot of routes from the
          ipv4 routing tables, from Alexander Duyck.
      
      12) Fix device leak in AF_PACKET, from Lars Westerhoff.
      
      13) AF_PACKET also has a header length comparison bug due to signedness,
          from Alexander Drozdov.
      
      14) Fix bug in EBPF tail call generation on x86, from Daniel Borkmann.
      
      15) Memory leaks, TSO stats, watchdog timeout and other fixes to
          thunderx driver from Sunil Goutham and Thanneeru Srinivasulu.
      
      16) act_bpf can leak memory when replacing programs, from Daniel
          Borkmann.
      
      17) WOL packet fixes in gianfar driver, from Claudiu Manoil.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (79 commits)
        stmmac: fix missing MODULE_LICENSE in stmmac_platform
        gianfar: Enable device wakeup when appropriate
        gianfar: Fix suspend/resume for wol magic packet
        gianfar: Fix warning when CONFIG_PM off
        act_pedit: check binding before calling tcf_hash_release()
        net: sk_clone_lock() should only do get_net() if the parent is not a kernel socket
        net: sched: fix refcount imbalance in actions
        r8152: reset device when tx timeout
        r8152: add pre_reset and post_reset
        qlcnic: Fix corruption while copying
        act_bpf: fix memory leaks when replacing bpf programs
        net: thunderx: Fix for crash while BGX teardown
        net: thunderx: Add PCI driver shutdown routine
        net: thunderx: Fix crash when changing rss with mutliple traffic flows
        net: thunderx: Set watchdog timeout value
        net: thunderx: Wakeup TXQ only if CQE_TX are processed
        net: thunderx: Suppress alloc_pages() failure warnings
        net: thunderx: Fix TSO packet statistic
        net: thunderx: Fix memory leak when changing queue count
        net: thunderx: Fix RQ_DROP miscalculation
        ...
      7c764cec
    • David S. Miller's avatar
      Merge branch 'ipv6-auto-flow-labels' · 17f901e8
      David S. Miller authored
      Tom Herbert says:
      
      ====================
      ipv6: Turn on auto IPv6 flow labels by default
      
      BSD (MacOS) has already turned on flow labels by default and this does
      not seem to be causing any problems in the Internet. Let's go ahead
      and turn them on by default. We'll continue to monitor for any devices
      start choking on them.
      
      Flow labels are important since they are the desired solution for
      network devices to perform ECMP and RSS (RFC6437 and RFC6438).
      Traditionally, devices perform a 5-tuple hash on packets that
      includes port numbers. For the most part, these devices can only
      compute 5-tuple hashes for TCP and UDP. This severely limits our ability
      to get good network load balancing for other protocols (IPIP, GRE,ESP,
      etc.), and hence we are limited in using other protocols. Unfortunately,
      this method is accepted as the de facto standard to the extent that
      there are several proposals to encapsulate protocols in UDP _just_ for
      the purposes for getting ECMP to work. With hosts generating flow labels
      and devices taking them as input into ECMP (several already do), we can
      start to fix this fundamental problem.
      
      This patch set:
       - Changes IPV6_FLOWINFO sockopt to be opt-out of flow labels for
         connections rather than opt-in
       - Disable flow label state ranges sysctl by default
       - Enable auto flow labels sysctl by default
      
      v2:
        - Added functions to create an skb->hash based on flowi4 and flowi6.
          These are called in output path when creating a packet
        - Call skb_get_hash_flowi6 in ip6_make_flowlabel
        - Implement the auto_flowlabels sysctl as a mode for auto flowlabels.
          There are four modes which correspond to flow labels being enabled
          and whether socket option can be used to opt in or opt out of
          using them
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      17f901e8
    • Tom Herbert's avatar
      ipv6: Enable auto flow labels by default · b5677416
      Tom Herbert authored
      Initialize auto_flowlabels to one. This enables automatic flow labels,
      individual socket may disable them using the IPV6_AUTOFLOWLABEL socket
      option.
      Signed-off-by: default avatarTom Herbert <tom@herbertland.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b5677416
    • Tom Herbert's avatar
      ipv6: Disable flowlabel state ranges by default · be26849b
      Tom Herbert authored
      Per RFC6437 stateful flow labels (e.g. labels set by flow label manager)
      cannot "disturb" nodes taking part in stateless flow labels. While the
      ranges only reduce the flow label entropy by one bit, it is conceivable
      that this might bias the algorithm on some routers causing a load
      imbalance. For best results on the Internet we really need the full
      20 bits.
      Signed-off-by: default avatarTom Herbert <tom@herbertland.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      be26849b
    • Tom Herbert's avatar
      ipv6: Implement different admin modes for automatic flow labels · 42240901
      Tom Herbert authored
      Change the meaning of net.ipv6.auto_flowlabels to provide a mode for
      automatic flow labels generation. There are four modes:
      
      0: flow labels are disabled
      1: flow labels are enabled, sockets can opt-out
      2: flow labels are allowed, sockets can opt-in
      3: flow labels are enabled and enforced, no opt-out for sockets
      
      np->autoflowlabel is initialized according to the sysctl value.
      Signed-off-by: default avatarTom Herbert <tom@herbertland.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      42240901
    • Tom Herbert's avatar
      ipv6: Call skb_get_hash_flowi6 to get skb->hash in ip6_make_flowlabel · 67800f9b
      Tom Herbert authored
      We can't call skb_get_hash here since the packet is not complete to do
      flow_dissector. Create hash based on flowi6 instead.
      Signed-off-by: default avatarTom Herbert <tom@herbertland.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      67800f9b
    • Tom Herbert's avatar
      net: Add functions to get skb->hash based on flow structures · f70ea018
      Tom Herbert authored
      Add skb_get_hash_flowi6 and skb_get_hash_flowi4 which derive an sk_buff
      hash from flowi6 and flowi4 structures respectively. These functions
      can be called when creating a packet in the output path where the new
      sk_buff does not yet contain a fully formed packet that is parsable by
      flow dissector.
      Signed-off-by: default avatarTom Herbert <tom@herbertland.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f70ea018