- 18 Mar, 2021 1 commit
-
-
Pablo Neira Ayuso authored
Do not update table flags from the preparation phase. Store the flags update into the transaction, then update the flags from the commit phase. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 17 Mar, 2021 9 commits
-
-
Pablo Neira Ayuso authored
Refresh the timeout (and retry hardware offload) once the skbuff dst is confirmed to be current and after the skbuff is made writable. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
In case the route is stale, pass up the packet to the classic forwarding path for re-evaluation and schedule this flow entry for removal. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
Simplify existing fast NAT routines by returning void. After the skb_try_make_writable() call consolidation, these routines cannot ever fail. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
This allows to remove the default case which should not ever happen and that was added to avoid gcc warnings on unhandled FLOW_OFFLOAD_DIR_MAX enumeration case. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
For consistency with the IPv6 flowtable datapath and to make sure the skbuff is writable right before the NAT header updates. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
Fetch the layer 4 header size to be mangled by NAT when building the tuple, then use it to make writable the network and the transport headers. After this update, the NAT routines now assumes that the skbuff area is writable. Do the pointer refetch only after the single skb_try_make_writable() call. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
YueHaibing authored
commit e97c3e27 ("tproxy: split off ipv6 defragmentation to a separate module") left behind this. Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Gustavo A. R. Silva authored
In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple warnings by explicitly adding multiple break statements instead of just letting the code fall through to the next case. Link: https://github.com/KSPP/linux/issues/115Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Oz Shlomo authored
Currently the flow table offload replace, destroy and stats work items are executed on a single workqueue. As such, DESTROY and STATS commands may be backloged after a burst of REPLACE work items. This scenario can bloat up memory and may cause active connections to age. Instatiate add, del and stats workqueues to avoid backlogs of non-dependent actions. Provide sysfs control over the workqueue attributes, allowing userspace applications to control the workqueue cpumask. Signed-off-by: Oz Shlomo <ozsh@nvidia.com> Reviewed-by: Paul Blakey <paulb@nvidia.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 16 Mar, 2021 30 commits
-
-
Flavio Leitner authored
It is not unusual to have the bridge port down. Sometimes it has the old MTU, which is fine since it's not being used. However, the kernel spams the log with a warning message when a packet is going to be sent over such port. Fix that by warning only if the interface is UP. Signed-off-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
This reverts commit 0bb3262c. Breaks things on mips64/qemu Reported-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Horatiu Vultur says: ==================== net: ocelot: Extend MRP This patch series extends the current support of MRP in Ocelot driver. Currently the forwarding of the frames happened in SW because all frames were trapped to CPU. With this patch the MRP frames will be forward in HW. v1 -> v2: - create a patch series instead of single patch - rename ocelot_mrp_find_port to ocelot_mrp_find_partner_port - rename PGID_MRP to PGID_BLACKHOLE - use GFP_KERNEL instead of GFP_ATOMIC - fix other whitespace issues ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Horatiu Vultur authored
Now when extracting frames from CPU the cpuq is not used anymore so remove it. Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Horatiu Vultur authored
This patch extends MRP support for Ocelot. It allows to have multiple rings and when the node has the MRC role it forwards MRP Test frames in HW. For MRM there is no change. Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Horatiu Vultur authored
Add a new PGID that is used not to forward frames anywhere. It is used by MRP to make sure that MRP Test frames will not reach CPU port. Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queueDavid S. Miller authored
Tony Nguyen says: ==================== 40GbE Intel Wired LAN Driver Updates 2021-03-16 This series contains updates to i40e, ixgbe, and ice drivers. Magnus Karlsson says: Optimize run_xdp_zc() for the XDP program verdict being XDP_REDIRECT in the xsk zero-copy path. This path is only used when having AF_XDP zero-copy on and in that case most packets will be directed to user space. This provides around 100k extra packets in throughput on my server when running l2fwd in xdpsock. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Ido Schimmel says: ==================== mlxsw: Add support for egress and policy-based sampling So far mlxsw only supported ingress sampling using matchall classifier. This series adds support for egress sampling and policy-based sampling using flower classifier on Spectrum-2 and newer ASICs. As such, it is now possible to issue these commands: # tc filter add dev swp1 egress pref 1 proto all matchall action sample rate 100 group 1 # tc filter add dev swp2 ingress pref 1 proto ip flower dst_ip 198.51.100.1 action sample rate 100 group 2 When performing egress sampling (using either matchall or flower) the ASIC is able to report the end-to-end latency which is passed to the psample module. Series overview: Patches #1-#3 are preparations without any functional changes Patch #4 generalizes the idea of sampling triggers and creates a hash table to track active sampling triggers in preparation for egress and policy-based triggers. The motivation is explained in the changelog Patch #5 flips mlxsw to start using this hash table instead of storing ingress sampling triggers as an attribute of the sampled port Patch #6 finally adds support for egress sampling using matchall classifier Patches #7-#8 add support for policy-based sampling using flower classifier Patches #9 extends the mlxsw sampling selftest to cover the new triggers Patch #10 makes sure that egress sampling configuration only fails on Spectrum-1 ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
Make sure egress sampling configuration only fails on Spectrum-1, given that mlxsw now supports it on Spectrum-{2,3}. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
Test that packets are sampled when tc-sample is used with matchall egress binding and flower classifier. Verify that when performing sampling on egress the end-to-end latency is reported as metadata. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
Implement support for action sample when used with a flower classifier by implementing the required sampler_add() / sampler_del() callbacks and registering an Rx listener for the sampled packets. The sampler_add() callback returns an error for Spectrum-1 as the functionality is not supported. In Spectrum-{2,3} the callback creates a mirroring agent towards the CPU. The agent's identifier is used by the policy engine code to mirror towards the CPU with probability. The Rx listener for the sampled packet is registered with the 'policy engine' mirroring reason and passes trapped packets to the psample module after looking up their parameters (e.g., sampling group). Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
Add core functionality required to support mirror sampler action in the policy engine. The switch driver (e.g., 'mlxsw_spectrum') is required to implement the sampler_add() / sampler_del() callbacks that perform the necessary configuration before the sampler action can be installed. The next patch will implement it for Spectrum-{2,3}, while Spectrum-1 will return an error, given it is not supported. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
Allow user space to install a matchall classifier with sample action on egress. This is only supported on Spectrum-2 onwards, so Spectrum-1 will continue to return an error. Programming the hardware to sample on egress is identical to ingress sampling with the sole change of using a different sampling trigger. Upon receiving a sampled packet, the sampling trigger (ingress vs. egress) will be encoded in the mirroring reason in the Completion Queue Element (CQE). The mirroring reason is used to lookup the sampling parameters (e.g., psample group) which are passed to the psample module. Note that locally generated packets that are sampled are simply consumed. This is done for several reasons. First, such packets do not have an ingress netdev given that their Rx local port is the CPU port. This breaks several basic assumptions. Second, sampling using the same interface (tc), but with flower classifier will not result in locally generated packets being sampled given that such packets are not subject to the policy engine. Third, realistically, this is not a big deal given that the vast majority of the packets being transmitted through the port are not locally generated packets. Fourth, if such packets do need to be sampled, they can be sampled with a 'skip_hw' filter and reported to the same sampling group as the data path packets. The software sampling rate can also be adjusted to fit the rate of the locally generated packets which is much lower than the rate of the data path traffic. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
Start using the previously introduced sampling triggers hash table to store sampling parameters instead of storing them as attributes of the sampled port. This makes it easier to introduce new sampling triggers. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
Currently, mlxsw supports a single sampling trigger type (i.e., received packet). When sampling is configured on an ingress port, the sampling parameters (e.g., pointer to the psample group) are stored as an attribute of the port, so that they could be passed to psample_sample_packet() when a sampled packet is trapped to the CPU. Subsequent patches are going to add more types of sampling triggers, making it difficult to maintain the current scheme. Instead, store all the active sampling triggers with their associated parameters in a hash table. That way, more trigger types can be easily added. The next patch will flip mlxsw to use the hash table instead of the current scheme. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
The entry will be required by the next patches, so pass it. No functional changes intended. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
Push some sampling checks to the per-ASIC operations, as they are no longer relevant for all ASICs. The sampling rate validation against the MPSC maximum rate is only relevant for Spectrum-1, as Spectrum-2 and later ASICs no longer use MPSC register for sampling. The ingress / egress validation is pushed down to the per-ASIC operations since subsequent patches are going to remove it for Spectrum-2 and later ASICs. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
Due to the differences between Spectrum-1 and later ASICs, some of the checks currently performed at the common code (where extack is available) will need to be pushed to the per-ASIC operations. As a preparation, propagate extack further to maintain proper error reporting. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Ioana Ciornei says: ==================== dpaa2-switch: small cleanup This patch set addresses various low-hanging issues in both dpaa2-switch and dpaa2-eth drivers. Unused ABI functions are removed from dpaa2-switch, all the kernel-doc warnings are fixed up in both drivers and the coding style for the remaining ABIs is fixed-up a bit. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ioana Ciornei authored
Running kernel-doc over the dpaa2-eth driver generates a bunch of warnings. Fix them up by removing code comments for macros which are self-explanatory, respecting the kdoc format for macro documentation and other small changes like describing the expected return values of functions. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ioana Ciornei authored
Multiple ABI function declarations are split unnecessarry on multiple lines. Fix this so that we have a consistent coding style. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ioana Ciornei authored
The maximum number of DPAA2 switch interfaces, including the control interface, is 64. Even though this restriction existed from the first place, the command structures which use an interface id bitmap were poorly described and even though a single uint64_t is enough, all of them used an array of 4 uint64_t's. Fix this by reducing the size of the interface id field to a single uint64_t. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ioana Ciornei authored
Running kernel-doc over the dpaa2-switch driver generates a bunch of warnings. Fix them up by removing code comments for macros which are self-explanatory and adding a bit more context for the dpsw_if_get_port_mac_addr() function and the fields of the dpsw_vlan_if_cfg structure. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ioana Ciornei authored
Cleanup the dpaa2-switch driver a bit by removing any unused MC firmware ABI definitions. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Zihao Tang authored
Fix the following coccicheck report: drivers/net/ipa/gsi.c:1341:2-9: line 1341 is redundant because platform_get_irq() already prints an error Remove dev_err() messages after platform_get_irq_byname() failures. Signed-off-by: Zihao Tang <tangzihao1@hisilicon.com> Signed-off-by: Jay Fang <f.fangjian@huawei.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Vladimir Oltean says: ==================== Documentation updates for switchdev and DSA Many changes were made to the code but of course the documentation was not kept up to date. This is an attempt to update some of the verbiage. The documentation is still not complete, but it's time to make some more changes to the code first, before documenting the rest. Changes in v2: Integrated feedback from Andrew, Florian, Tobias, Ido, George. ==================== Acked-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vladimir Oltean authored
The "bridge fdb add" command provided in the switchdev documentation is junk now, not only because it is syntactically incorrect and rejected by the iproute2 bridge program, but also because it was not updated in light of Arkadi Sharshevsky's radical switchdev refactoring in commit 29ab586c ("net: switchdev: Remove bridge bypass support from switchdev"). Try to explain what the intended usage pattern is with the new kernel implementation. Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Fainelli authored
This patch provides details on the expected behavior of switchdev enabled network devices when operating in a "stand alone" mode, as well as when being bridge members. This clarifies a number of things that recently came up during a bug fixing session on the b53 DSA switch driver. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vladimir Oltean authored
Add a short summary of the methods that a driver writer must implement for offloading a HSR/PRP network interface. Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Reviewed-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vladimir Oltean authored
Add a short summary of the methods that a driver writer must implement for getting an MRP instance to work on top of a DSA switch. Cc: Horatiu Vultur <horatiu.vultur@microchip.com> Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Reviewed-by: Horatiu Vultur <horatiu.vultur@microchip.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-