- 24 Nov, 2020 16 commits
-
-
Ido Schimmel authored
Test that IPv4 and IPv6 ping fail when the route is using a blackhole nexthop or a group with a blackhole nexthop. Test that ping passes when the route starts using a valid nexthop. Signed-off-by:
Ido Schimmel <idosch@nvidia.com> Signed-off-by:
Jakub Kicinski <kuba@kernel.org>
-
Ido Schimmel authored
Test the mlxsw allows blackhole nexthops to be installed and that the nexthops are marked as offloaded. Signed-off-by:
-
Ido Schimmel authored
Add support for blackhole nexthops by programming them to the adjacency table with a discard action. Signed-off-by:
Jiri Pirko <jiri@nvidia.com> Signed-off-by:
-
Ido Schimmel authored
The two are the same, but for blackhole nexthops we will not have an associated neighbour struct, so resolve the RIF from the nexthop struct itself instead. Signed-off-by:
-
Ido Schimmel authored
Now that the driver creates a loopback RIF during its initialization, it can be used to program the adjacency entries for unresolved nexthops instead of other RIFs. The loopback RIF is guaranteed to exist for the entire life time of the driver, unlike other RIFs that come and go. Signed-off-by:
-
Ido Schimmel authored
Unresolved nexthops are currently written to the adjacency table with a discard action. Packets hitting such entries are trapped to the CPU via the 'DISCARD_ROUTER3' trap which can be enabled or disabled on demand, but is always enabled in order to ensure the kernel can resolve the unresolved neighbours. This trap will be needed for blackhole nexthops support. Therefore, move unresolved nexthops to explicitly program the adjacency entries with a trap action and a different trap identifier, 'RTR_EGRESS0'. Signed-off-by:
-
Ido Schimmel authored
Up until now RIFs (router interfaces) were created on demand (e.g., when an IP address was added to a netdev). However, sometimes the device needs to be provided with a RIF when one might not be available. For example, adjacency entries that drop packets need to be programmed with an egress RIF despite the RIF not being used to forward packets. Create such a RIF during initialization so that it could be used later on to support blackhole nexthops. Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fsJakub Kicinski authored
David Howells says: ==================== rxrpc: Prelude to gssapi support Here are some patches that do some reorganisation of the security class handling in rxrpc to allow implementation of the RxGK security class that will allow AF_RXRPC to use GSSAPI-negotiated tokens and better crypto. The RxGK security class is not included in this patchset. It does the following things: (1) Add a keyrings patch to provide the original key description, as provided to add_key(), to the payload preparser so that it can interpret the content on that basis. Unfortunately, the rxrpc_s key type wasn't written to interpret its payload as anything other than a string of bytes comprising a key, but for RxGK, more information is required as multiple Kerberos enctypes are supported. (2) Remove the rxk5 security class key parsing. The rxk5 class never got rolled out in OpenAFS and got replaced with rxgk. (3) Support the creation of rxrpc keys with multiple tokens of different types. If some types are not supported, the ENOPKG error is suppressed if at least one other token's type is supported. (4) Punt the handling of server keys (rxrpc_s type) to the appropriate security class. (5) Organise the security bits in the rxrpc_connection struct into a union to make it easier to override for other classes. (6) Move some bits from core code into rxkad that won't be appropriate to rxgk. * tag 'rxrpc-next-20201123' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: rxrpc: Ask the security class how much space to allow in a packet rxrpc: rxkad: Don't use pskb_pull() to advance through the response packet rxrpc: Organise connection security to use a union rxrpc: Don't reserve security header in Tx DATA skbuff rxrpc: Merge prime_packet_security into init_connection_security rxrpc: Fix example key name in a comment rxrpc: Ignore unknown tokens in key payload unless no known tokens rxrpc: Make the parsing of xdr payloads more coherent rxrpc: Allow security classes to give more info on server keys rxrpc: Don't leak the service-side session key to userspace rxrpc: Hand server key parsing off to the security class rxrpc: Split the server key type (rxrpc_s) into its own file rxrpc: Don't retain the server key in the connection rxrpc: Support keys with multiple authentication tokens rxrpc: List the held token types in the key description in /proc/keys rxrpc: Remove the rxk5 security class as it's now defunct keys: Provide the original description to the key preparser ==================== Link: https://lore.kernel.org/r/160616220405.830164.2239716599743995145.stgit@warthog.procyon.org.ukSigned-off-by: -
Vincent Whitchurch authored
This driver uses a normal timer for TX coalescing, which means that the with the default tx-usecs of 1000 microseconds the cleanups actually happen 10 ms or more later with HZ=100. This leads to very low througput with TCP when bridged to a slow link such as a 4G modem. Fix this by using an hrtimer instead. On my ARM platform with HZ=100 and the default TX coalescing settings (tx-frames 25 tx-usecs 1000), with "tc qdisc add dev eth0 root netem delay 60ms 40ms rate 50Mbit" run on the server, netperf's TCP_STREAM improves from ~5.5 Mbps to ~100 Mbps. Signed-off-by:
Vincent Whitchurch <vincent.whitchurch@axis.com> Link: https://lore.kernel.org/r/20201120150208.6838-1-vincent.whitchurch@axis.comSigned-off-by:
-
Christophe JAILLET authored
s/tranport/transport/ Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Link: https://lore.kernel.org/r/20201122180704.1366636-1-christophe.jaillet@wanadoo.frSigned-off-by:
-
Jakub Kicinski authored
linux/netdevice.h is included in very many places, touching any of its dependecies causes large incremental builds. Drop the linux/ethtool.h include, linux/netdevice.h just needs a forward declaration of struct ethtool_ops. Fix all the places which made use of this implicit include. Acked-by:
Johannes Berg <johannes@sipsolutions.net> Acked-by:
Shannon Nelson <snelson@pensando.io> Reviewed-by:
Jesse Brandeburg <jesse.brandeburg@intel.com> Link: https://lore.kernel.org/r/20201120225052.1427503-1-kuba@kernel.orgSigned-off-by:
-
Christophe JAILLET authored
Memory allocation are done with 'dma_alloc_coherent()'. Be consistent and use 'dma_free_coherent()' to free the corresponding memory. Signed-off-by:
-
Christophe JAILLET authored
'pci_set_dma_mask()' + 'pci_set_consistent_dma_mask()' can be replaced by an equivalent 'dma_set_mask_and_coherent()' which is much less verbose. Signed-off-by:
-
Jakub Kicinski authored
Kurt Kanzenbach says: ==================== net: dsa: hellcreek: Minor cleanups fix two minor issues in the hellcreek driver. ==================== Link: https://lore.kernel.org/r/20201121114455.22422-1-kurt@linutronix.deSigned-off-by:
-
Kurt Kanzenbach authored
When DSA is not loaded when the driver is probed an error message is printed. But, that's not really an error, just a defer. Use dev_err_probe() instead. Signed-off-by:
Kurt Kanzenbach <kurt@linutronix.de> Reviewed-by:
Florian Fainelli <f.fainelli@gmail.com> Reviewed-by:
Vladimir Oltean <olteanv@gmail.com> Signed-off-by:
-
Kurt Kanzenbach authored
Remove unused and add needed includes. No functional change. Suggested-by:
-
- 23 Nov, 2020 23 commits
-
-
Jakub Kicinski authored
Christian Eggers says: ==================== net: ptp: introduce common defines for PTP message types This series introduces commen defines for PTP event messages. Driver internal defines are removed and some uses of magic numbers are replaced by the new defines. ==================== Link: https://lore.kernel.org/r/20201120084106.10046-1-ceggers@arri.deSigned-off-by:
-
Christian Eggers authored
Remove driver internal defines for this. Masking msgtype with 0xf is already done within ptp_get_msgtype(). Signed-off-by:
Christian Eggers <ceggers@arri.de> Cc: Kurt Kanzenbach <kurt@linutronix.de> Reviewed-by:
Richard Cochran <richardcochran@gmail.com> Signed-off-by:
-
Christian Eggers authored
Remove usage of magic numbers. Signed-off-by:
-
Christian Eggers authored
Using PTP wide defines will obsolete different driver internal defines and uses of magic numbers. Signed-off-by:
-
Jakub Kicinski authored
We're about to do reshuffling in networking headers and eliminate some implicit includes. This results in: In file included from ../net/ipv4/netfilter/arp_tables.c:26: include/net/compat.h:60:40: error: unknown type name ‘compat_uptr_t’; did you mean ‘compat_ptr_ioctl’? struct sockaddr __user **save_addr, compat_uptr_t *ptr, ^~~~~~~~~~~~~ compat_ptr_ioctl include/net/compat.h:61:4: error: unknown type name ‘compat_size_t’; did you mean ‘compat_sigset_t’? compat_size_t *len); ^~~~~~~~~~~~~ compat_sigset_t Currently net/compat.h depends on linux/compat.h being included first. After the upcoming changes this would break the 32bit build. Reviewed-by:Arnd Bergmann <arnd@arndb.de> Reviewed-by:
Christoph Hellwig <hch@lst.de> Link: https://lore.kernel.org/r/20201121214844.1488283-1-kuba@kernel.orgSigned-off-by:
-
David Howells authored
Ask the security class how much header and trailer space to allow for when allocating a packet, given how much data is remaining. This will allow the rxgk security class to stick both a trailer in as well as a header as appropriate in the future. Signed-off-by:David Howells <dhowells@redhat.com>
-
Martin Schiller authored
Call netdev notifiers before and after changing the device type. Signed-off-by:
Martin Schiller <ms@dev.tdt.de> Link: https://lore.kernel.org/r/20201118063919.29485-1-ms@dev.tdt.deSigned-off-by:
-
David Howells authored
In the rxkad security class, don't use pskb_pull() to advance through the contents of the response packet. There's no point, especially as the next and last access to the skbuff still has to allow for the wire header in the offset (which we didn't advance over). Better to just add the displacement to the next offset. Signed-off-by: -
David Howells authored
Organise the security information in the rxrpc_connection struct to use a union to allow for different data for different security classes. Signed-off-by: -
David Howells authored
Insert the security header into the skbuff representing a DATA packet to be transmitted rather than using skb_reserve() when the packet is allocated. This makes it easier to apply crypto that spans the security header and the data, particularly in the upcoming RxGK class where we have a common encrypt-and-checksum function that is used in a number of circumstances. Signed-off-by: -
David Howells authored
Merge the ->prime_packet_security() into the ->init_connection_security() hook as they're always called together. Signed-off-by: -
David Howells authored
Fix an example of an rxrpc key name in a comment. Signed-off-by: -
David Howells authored
When parsing a payload for an rxrpc-type key, ignore any tokens that are not of a known type and don't give an error for them - unless there are no tokens of a known type. Signed-off-by: -
David Howells authored
Make the parsing of xdr-encoded payloads, as passed to add_key, more coherent. Shuttling back and forth between various variables was a bit hard to follow. Signed-off-by: -
David Howells authored
Allow a security class to give more information on an rxrpc_s-type key when it is viewed in /proc/keys. This will allow the upcoming RxGK security class to show the enctype name here. Signed-off-by: -
David Howells authored
Don't let someone reading a service-side rxrpc-type key get access to the session key that was exchanged with the client. The server application will, at some point, need to be able to read the information in the ticket, but this probably shouldn't include the key material. Signed-off-by: -
David Howells authored
Hand responsibility for parsing a server key off to the security class. We can determine which class from the description. This is necessary as rxgk server keys have different lookup requirements and different content requirements (dependent on crypto type) to those of rxkad server keys. Signed-off-by: -
David Howells authored
Split the server private key type (rxrpc_s) out into its own file rather than mingling it with the authentication/client key type (rxrpc) since they don't really bear any relation. Signed-off-by: -
David Howells authored
Don't retain a pointer to the server key in the connection, but rather get it on demand when the server has to deal with a response packet. This is necessary to implement RxGK (GSSAPI-mediated transport class), where we can't know which key we'll need until we've challenged the client and got back the response. This also means that we don't need to do a key search in the accept path in softirq mode. Also, whilst we're at it, allow the security class to ask for a kvno and encoding-type variant of a server key as RxGK needs different keys for different encoding types. Keys of this type have an extra bit in the description: "<service-id>:<security-index>:<kvno>:<enctype>" Signed-off-by: -
David Howells authored
rxrpc-type keys can have multiple tokens attached for different security classes. Currently, rxrpc always picks the first one, whether or not the security class it indicates is supported. Add preliminary support for choosing which security class will be used (this will need to be directed from a higher layer) and go through the tokens to find one that's supported. Signed-off-by: -
David Howells authored
When viewing an rxrpc-type key through /proc/keys, display a list of held token types. Signed-off-by: -
David Howells authored
Remove the rxrpc rxk5 security class as it's now defunct and nothing uses it anymore. Signed-off-by: -
David Howells authored
Provide the proposed description (add key) or the original description (update/instantiate key) when preparsing a key so that the key type can validate it against the data. This is important for rxrpc server keys as we need to check that they have the right amount of key material present - and it's better to do that when the key is loaded rather than deep in trying to process a response packet. Signed-off-by:
-
- 22 Nov, 2020 1 commit
-
-
George Cherian authored
Add support to choose RSS flow key algorithm with IPv4 transport protocol field included in hashing input data. This will be enabled by default. There-by enabling 3/5 tuple hash Signed-off-by:
Sunil Kovvuri Goutham <sgoutham@marvell.com> Signed-off-by:
George Cherian <george.cherian@marvell.com> Link: https://lore.kernel.org/r/20201120093906.2873616-1-george.cherian@marvell.comSigned-off-by:
-
