1. 07 Aug, 2018 16 commits
    • Shmulik Ladkani's avatar
      ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address · 3789caba
      Shmulik Ladkani authored
      When using an ip6tnl device in collect_md mode, the xmit methods ignore
      the ipv6.src field present in skb_tunnel_info's key, both for route
      calculation purposes (flowi6 construction) and for assigning the
      packet's final ipv6h->saddr.
      
      This makes it impossible specifying a desired ipv6 local address in the
      encapsulating header (for example, when using tc action tunnel_key).
      
      This is also not aligned with behavior of ipip (ipv4) in collect_md
      mode, where the key->u.ipv4.src gets used.
      
      Fix, by assigning fl6.saddr with given key->u.ipv6.src.
      In case ipv6.src is not specified, ip6_tnl_xmit uses existing saddr
      selection code.
      
      Fixes: 8d79266b ("ip6_tunnel: add collect_md mode to IPv6 tunnels")
      Signed-off-by: default avatarShmulik Ladkani <shmulik.ladkani@gmail.com>
      Reviewed-by: default avatarEyal Birger <eyal.birger@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3789caba
    • Vlad Buslov's avatar
      net: sched: cls_flower: set correct offload data in fl_reoffload · 9ca61630
      Vlad Buslov authored
      fl_reoffload implementation sets following members of struct
      tc_cls_flower_offload incorrectly:
       - masked key instead of mask
       - key instead of masked key
      
      Fix fl_reoffload to provide correct data to offload callback.
      
      Fixes: 31533cba ("net: sched: cls_flower: implement offload tcf_proto_op")
      Signed-off-by: default avatarVlad Buslov <vladbu@mellanox.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9ca61630
    • David S. Miller's avatar
      Merge branch 'nfp-ttl-tos-geneve' · d5082b27
      David S. Miller authored
      Simon Horman says:
      
      ====================
      nfp: flower: tunnel TTL & TOS, and Geneve options set & match support
      
      this series contains updates for the TC Flower classifier
      and the offload facility for it in the NFP driver.
      
      * Patches 1 & 2: update the NFP driver to allow offload
        of matching and setting tunnel ToS/TTL of flows using the TC Flower
        classifier and tun_key action
      
      * Patches 3 & 4: enhance the flow dissector and TC Flower classifier
        to allow match on Geneve options
      
      * Patch 5 & 6: update the NFP driver to allow offload of
        matching and setting Geneve options of flows using the TC Flower
        classifier and tun_key action
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d5082b27
    • Pieter Jansen van Vuuren's avatar
      nfp: flower: add geneve option match offload · 0a22b17a
      Pieter Jansen van Vuuren authored
      Introduce a new layer for matching on geneve options. This allows
      offloading filters configured to match geneve with options.
      Signed-off-by: default avatarPieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
      Signed-off-by: default avatarSimon Horman <simon.horman@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0a22b17a
    • Pieter Jansen van Vuuren's avatar
      nfp: flower: add geneve option push action offload · 9e7c32fe
      Pieter Jansen van Vuuren authored
      Introduce new push geneve option action. This allows offloading
      filters configured to entunnel geneve with options.
      Signed-off-by: default avatarPieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
      Reviewed-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarSimon Horman <simon.horman@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9e7c32fe
    • Pieter Jansen van Vuuren's avatar
      net/sched: allow flower to match tunnel options · 0a6e7778
      Pieter Jansen van Vuuren authored
      Allow matching on options in Geneve tunnel headers.
      This makes use of existing tunnel metadata support.
      
      The options can be described in the form
      CLASS:TYPE:DATA/CLASS_MASK:TYPE_MASK:DATA_MASK, where CLASS is
      represented as a 16bit hexadecimal value, TYPE as an 8bit
      hexadecimal value and DATA as a variable length hexadecimal value.
      
      e.g.
       # ip link add name geneve0 type geneve dstport 0 external
       # tc qdisc add dev geneve0 ingress
       # tc filter add dev geneve0 protocol ip parent ffff: \
           flower \
             enc_src_ip 10.0.99.192 \
             enc_dst_ip 10.0.99.193 \
             enc_key_id 11 \
             geneve_opts 0102:80:1122334421314151/ffff:ff:ffffffffffffffff \
             ip_proto udp \
             action mirred egress redirect dev eth1
      
      This patch adds support for matching Geneve options in the order
      supplied by the user. This leads to an efficient implementation in
      the software datapath (and in our opinion hardware datapaths that
      offload this feature). It is also compatible with Geneve options
      matching provided by the Open vSwitch kernel datapath which is
      relevant here as the Flower classifier may be used as a mechanism
      to program flows into hardware as a form of Open vSwitch datapath
      offload (sometimes referred to as OVS-TC). The netlink
      Kernel/Userspace API may be extended, for example by adding a flag,
      if other matching options are desired, for example matching given
      options in any order. This would require an implementation in the
      TC software datapath. And be done in a way that drivers that
      facilitate offload of the Flower classifier can reject or accept
      such flows based on hardware datapath capabilities.
      
      This approach was discussed and agreed on at Netconf 2017 in Seoul.
      Signed-off-by: default avatarSimon Horman <simon.horman@netronome.com>
      Signed-off-by: default avatarPieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
      Acked-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0a6e7778
    • Simon Horman's avatar
      flow_dissector: allow dissection of tunnel options from metadata · 92e2c405
      Simon Horman authored
      Allow the existing 'dissection' of tunnel metadata to 'dissect'
      options already present in tunnel metadata. This dissection is
      controlled by a new dissector key, FLOW_DISSECTOR_KEY_ENC_OPTS.
      
      This dissection only occurs when skb_flow_dissect_tunnel_info()
      is called, currently only the Flower classifier makes that call.
      So there should be no impact on other users of the flow dissector.
      
      This is in preparation for allowing the flower classifier to
      match on Geneve options.
      Signed-off-by: default avatarSimon Horman <simon.horman@netronome.com>
      Signed-off-by: default avatarPieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
      Reviewed-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      92e2c405
    • John Hurley's avatar
      nfp: flower: allow matching on ipv4 UDP tunnel tos and ttl · d7ff7ec5
      John Hurley authored
      The addition of FLOW_DISSECTOR_KEY_ENC_IP to TC flower means that the ToS
      and TTL of the tunnel header can now be matched on.
      
      Extend the NFP tunnel match function to include these new fields.
      Signed-off-by: default avatarJohn Hurley <john.hurley@netronome.com>
      Reviewed-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarSimon Horman <simon.horman@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d7ff7ec5
    • John Hurley's avatar
      nfp: flower: set ip tunnel ttl from encap action · 2a437471
      John Hurley authored
      The TTL for encapsulating headers in IPv4 UDP tunnels is taken from a
      route lookup. Modify this to first check if a user has specified a TTL to
      be used in the TC action.
      Signed-off-by: default avatarJohn Hurley <john.hurley@netronome.com>
      Reviewed-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarSimon Horman <simon.horman@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2a437471
    • David S. Miller's avatar
      Merge branch 'WoL-filters' · 50ee42b9
      David S. Miller authored
      Florian Fainelli says:
      
      ====================
      net: Support Wake-on-LAN using filters
      
      This is technically a v2, but this patch series builds on your feedback
      and defines the following:
      
      - a new WAKE_* bit: WAKE_FILTER which can be enabled alongside other type
        of Wake-on-LAN to support waking up on a programmed filter (match + action)
      - a new RX_CLS_FLOW_WAKE flow action which can be specified by an user when
        inserting a flow using ethtool::rxnfc, similar to the existing RX_CLS_FLOW_DISC
      
      The bcm_sf2 and bcmsysport drivers are updated accordingly to work in concert to
      allow matching packets at the switch level, identified by their filter location
      to be used as a match by the SYSTEM PORT (CPU/management controller) during
      Wake-on-LAN.
      
      Let me know if this looks better than the previous incarnation of the patch
      series.
      
      Attached is also the ethtool patch that I would be submitting once the uapi
      changes are committed.
      
      Thank you!
      
      Changes in v2:
      
      - bail out earlier in bcm_sf2_cfp's get_rxnfc if an error is
        encountered (Andrew)
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      50ee42b9
    • Florian Fainelli's avatar
      net: systemport: Add support for WAKE_FILTER · bb9051a2
      Florian Fainelli authored
      The SYSTEMPORT MAC allows up to 8 filters to be programmed to wake-up
      from LAN. Verify that we have up to 8 filters and program them to the
      appropriate RXCHK entries to be matched (along with their masks).
      
      We need to update the entry and exit to Wake-on-LAN mode to keep the
      RXCHK engine running to match during suspend, but this is otherwise
      fairly similar to Magic Packet detection.
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bb9051a2
    • Florian Fainelli's avatar
      net: dsa: bcm_sf2: Propagate ethtool::rxnfc to CPU port · 8a75f4f2
      Florian Fainelli authored
      Allow propagating ethtool::rxnfc programming to the CPU/management port
      such that it is possible for such a CPU to perform e.g: Wake-on-LAN
      using filters configured by the switch. We need a tiny bit of
      cooperation between the switch drivers which is able to do the full flow
      matching, whereas the CPU/management port might not. The CPU/management
      driver needs to return -EOPNOTSUPP to indicate an non critical error,
      any other error code otherwise.
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8a75f4f2
    • Florian Fainelli's avatar
      ethtool: Add WAKE_FILTER and RX_CLS_FLOW_WAKE · 6cfef793
      Florian Fainelli authored
      Add the ability to specify through ethtool::rxnfc that a rule location is
      special and will be used to participate in Wake-on-LAN, by e.g: having a
      specific pattern be matched. When this is the case, fs->ring_cookie must
      be set to the special value RX_CLS_FLOW_WAKE.
      
      We also define an additional ethtool::wolinfo flag: WAKE_FILTER which
      can be used to configure an Ethernet adapter to allow Wake-on-LAN using
      previously programmed filters.
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6cfef793
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next · 1ba98280
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf-next 2018-08-07
      
      The following pull-request contains BPF updates for your *net-next* tree.
      
      The main changes are:
      
      1) Add cgroup local storage for BPF programs, which provides a fast
         accessible memory for storing various per-cgroup data like number
         of transmitted packets, etc, from Roman.
      
      2) Support bpf_get_socket_cookie() BPF helper in several more program
         types that have a full socket available, from Andrey.
      
      3) Significantly improve the performance of perf events which are
         reported from BPF offload. Also convert a couple of BPF AF_XDP
         samples overto use libbpf, both from Jakub.
      
      4) seg6local LWT provides the End.DT6 action, which allows to
         decapsulate an outer IPv6 header containing a Segment Routing Header.
         Adds this action now to the seg6local BPF interface, from Mathieu.
      
      5) Do not mark dst register as unbounded in MOV64 instruction when
         both src and dst register are the same, from Arthur.
      
      6) Define u_smp_rmb() and u_smp_wmb() to their respective barrier
         instructions on arm64 for the AF_XDP sample code, from Brian.
      
      7) Convert the tcp_client.py and tcp_server.py BPF selftest scripts
         over from Python 2 to Python 3, from Jeremy.
      
      8) Enable BTF build flags to the BPF sample code Makefile, from Taeung.
      
      9) Remove an unnecessary rcu_read_lock() in run_lwt_bpf(), from Taehee.
      
      10) Several improvements to the README.rst from the BPF documentation
          to make it more consistent with RST format, from Tobin.
      
      11) Replace all occurrences of strerror() by calls to strerror_r()
          in libbpf and fix a FORTIFY_SOURCE build error along with it,
          from Thomas.
      
      12) Fix a bug in bpftool's get_btf() function to correctly propagate
          an error via PTR_ERR(), from Yue.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1ba98280
    • Alexander Aring's avatar
      ieee802154: hwsim: fix rcu address annotation · c5d99d2b
      Alexander Aring authored
      This patch fixes the following sparse warning about mismatch rcu
      attribute for address space annotation:
      
      ...
      error: incompatible types in comparison expression (different modifiers)
      error: incompatible types in comparison expression (different address spaces)
      ...
      
      Some __rcu annotation was at non-pointers list head structures and one was
      missing in edge information which is used by rcu_assign_pointer() to
      update edge setting information.
      
      Cc: Stefan Schmidt <stefan@datenfreihafen.org>
      Fixes: f25da51f ("ieee802154: hwsim: add replacement for fakelb")
      Signed-off-by: default avatarAlexander Aring <aring@mojatatu.com>
      Signed-off-by: default avatarStefan Schmidt <stefan@datenfreihafen.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c5d99d2b
    • Roman Gushchin's avatar
      bpf: introduce update_effective_progs() · 85fc4b16
      Roman Gushchin authored
      __cgroup_bpf_attach() and __cgroup_bpf_detach() functions have
      a good amount of duplicated code, which is possible to eliminate
      by introducing the update_effective_progs() helper function.
      
      The update_effective_progs() calls compute_effective_progs()
      and then in case of success it calls activate_effective_progs()
      for each descendant cgroup. In case of failure (OOM), it releases
      allocated prog arrays and return the error code.
      Signed-off-by: default avatarRoman Gushchin <guro@fb.com>
      Cc: Alexei Starovoitov <ast@kernel.org>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarSong Liu <songliubraving@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      85fc4b16
  2. 06 Aug, 2018 24 commits