- 24 Nov, 2020 14 commits
-
-
Ido Schimmel authored
Add support for blackhole nexthops by programming them to the adjacency table with a discard action. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Ido Schimmel authored
The two are the same, but for blackhole nexthops we will not have an associated neighbour struct, so resolve the RIF from the nexthop struct itself instead. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Ido Schimmel authored
Now that the driver creates a loopback RIF during its initialization, it can be used to program the adjacency entries for unresolved nexthops instead of other RIFs. The loopback RIF is guaranteed to exist for the entire life time of the driver, unlike other RIFs that come and go. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Ido Schimmel authored
Unresolved nexthops are currently written to the adjacency table with a discard action. Packets hitting such entries are trapped to the CPU via the 'DISCARD_ROUTER3' trap which can be enabled or disabled on demand, but is always enabled in order to ensure the kernel can resolve the unresolved neighbours. This trap will be needed for blackhole nexthops support. Therefore, move unresolved nexthops to explicitly program the adjacency entries with a trap action and a different trap identifier, 'RTR_EGRESS0'. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Ido Schimmel authored
Up until now RIFs (router interfaces) were created on demand (e.g., when an IP address was added to a netdev). However, sometimes the device needs to be provided with a RIF when one might not be available. For example, adjacency entries that drop packets need to be programmed with an egress RIF despite the RIF not being used to forward packets. Create such a RIF during initialization so that it could be used later on to support blackhole nexthops. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fsJakub Kicinski authored
David Howells says: ==================== rxrpc: Prelude to gssapi support Here are some patches that do some reorganisation of the security class handling in rxrpc to allow implementation of the RxGK security class that will allow AF_RXRPC to use GSSAPI-negotiated tokens and better crypto. The RxGK security class is not included in this patchset. It does the following things: (1) Add a keyrings patch to provide the original key description, as provided to add_key(), to the payload preparser so that it can interpret the content on that basis. Unfortunately, the rxrpc_s key type wasn't written to interpret its payload as anything other than a string of bytes comprising a key, but for RxGK, more information is required as multiple Kerberos enctypes are supported. (2) Remove the rxk5 security class key parsing. The rxk5 class never got rolled out in OpenAFS and got replaced with rxgk. (3) Support the creation of rxrpc keys with multiple tokens of different types. If some types are not supported, the ENOPKG error is suppressed if at least one other token's type is supported. (4) Punt the handling of server keys (rxrpc_s type) to the appropriate security class. (5) Organise the security bits in the rxrpc_connection struct into a union to make it easier to override for other classes. (6) Move some bits from core code into rxkad that won't be appropriate to rxgk. * tag 'rxrpc-next-20201123' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: rxrpc: Ask the security class how much space to allow in a packet rxrpc: rxkad: Don't use pskb_pull() to advance through the response packet rxrpc: Organise connection security to use a union rxrpc: Don't reserve security header in Tx DATA skbuff rxrpc: Merge prime_packet_security into init_connection_security rxrpc: Fix example key name in a comment rxrpc: Ignore unknown tokens in key payload unless no known tokens rxrpc: Make the parsing of xdr payloads more coherent rxrpc: Allow security classes to give more info on server keys rxrpc: Don't leak the service-side session key to userspace rxrpc: Hand server key parsing off to the security class rxrpc: Split the server key type (rxrpc_s) into its own file rxrpc: Don't retain the server key in the connection rxrpc: Support keys with multiple authentication tokens rxrpc: List the held token types in the key description in /proc/keys rxrpc: Remove the rxk5 security class as it's now defunct keys: Provide the original description to the key preparser ==================== Link: https://lore.kernel.org/r/160616220405.830164.2239716599743995145.stgit@warthog.procyon.org.ukSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Vincent Whitchurch authored
This driver uses a normal timer for TX coalescing, which means that the with the default tx-usecs of 1000 microseconds the cleanups actually happen 10 ms or more later with HZ=100. This leads to very low througput with TCP when bridged to a slow link such as a 4G modem. Fix this by using an hrtimer instead. On my ARM platform with HZ=100 and the default TX coalescing settings (tx-frames 25 tx-usecs 1000), with "tc qdisc add dev eth0 root netem delay 60ms 40ms rate 50Mbit" run on the server, netperf's TCP_STREAM improves from ~5.5 Mbps to ~100 Mbps. Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com> Link: https://lore.kernel.org/r/20201120150208.6838-1-vincent.whitchurch@axis.comSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Christophe JAILLET authored
s/tranport/transport/ Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Link: https://lore.kernel.org/r/20201122180704.1366636-1-christophe.jaillet@wanadoo.frSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jakub Kicinski authored
linux/netdevice.h is included in very many places, touching any of its dependecies causes large incremental builds. Drop the linux/ethtool.h include, linux/netdevice.h just needs a forward declaration of struct ethtool_ops. Fix all the places which made use of this implicit include. Acked-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Shannon Nelson <snelson@pensando.io> Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Link: https://lore.kernel.org/r/20201120225052.1427503-1-kuba@kernel.orgSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Christophe JAILLET authored
Memory allocation are done with 'dma_alloc_coherent()'. Be consistent and use 'dma_free_coherent()' to free the corresponding memory. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Link: https://lore.kernel.org/r/20201121090330.1332543-1-christophe.jaillet@wanadoo.frSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Christophe JAILLET authored
'pci_set_dma_mask()' + 'pci_set_consistent_dma_mask()' can be replaced by an equivalent 'dma_set_mask_and_coherent()' which is much less verbose. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Link: https://lore.kernel.org/r/20201121090302.1332491-1-christophe.jaillet@wanadoo.frSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jakub Kicinski authored
Kurt Kanzenbach says: ==================== net: dsa: hellcreek: Minor cleanups fix two minor issues in the hellcreek driver. ==================== Link: https://lore.kernel.org/r/20201121114455.22422-1-kurt@linutronix.deSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Kurt Kanzenbach authored
When DSA is not loaded when the driver is probed an error message is printed. But, that's not really an error, just a defer. Use dev_err_probe() instead. Signed-off-by: Kurt Kanzenbach <kurt@linutronix.de> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Reviewed-by: Vladimir Oltean <olteanv@gmail.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Kurt Kanzenbach authored
Remove unused and add needed includes. No functional change. Suggested-by: Vladimir Oltean <olteanv@gmail.com> Signed-off-by: Kurt Kanzenbach <kurt@linutronix.de> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Reviewed-by: Vladimir Oltean <olteanv@gmail.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
- 23 Nov, 2020 23 commits
-
-
Jakub Kicinski authored
Christian Eggers says: ==================== net: ptp: introduce common defines for PTP message types This series introduces commen defines for PTP event messages. Driver internal defines are removed and some uses of magic numbers are replaced by the new defines. ==================== Link: https://lore.kernel.org/r/20201120084106.10046-1-ceggers@arri.deSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Christian Eggers authored
Remove driver internal defines for this. Masking msgtype with 0xf is already done within ptp_get_msgtype(). Signed-off-by: Christian Eggers <ceggers@arri.de> Cc: Kurt Kanzenbach <kurt@linutronix.de> Reviewed-by: Vladimir Oltean <olteanv@gmail.com> Reviewed-by: Richard Cochran <richardcochran@gmail.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Christian Eggers authored
Remove usage of magic numbers. Signed-off-by: Christian Eggers <ceggers@arri.de> Cc: Ioana Ciornei <ioana.ciornei@nxp.com> Cc: Ioana Radulescu <ruxandra.radulescu@nxp.com> Cc: Yangbo Lu <yangbo.lu@nxp.com> Reviewed-by: Vladimir Oltean <olteanv@gmail.com> Reviewed-by: Richard Cochran <richardcochran@gmail.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Christian Eggers authored
Using PTP wide defines will obsolete different driver internal defines and uses of magic numbers. Signed-off-by: Christian Eggers <ceggers@arri.de> Cc: Kurt Kanzenbach <kurt@linutronix.de> Reviewed-by: Vladimir Oltean <olteanv@gmail.com> Reviewed-by: Richard Cochran <richardcochran@gmail.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jakub Kicinski authored
We're about to do reshuffling in networking headers and eliminate some implicit includes. This results in: In file included from ../net/ipv4/netfilter/arp_tables.c:26: include/net/compat.h:60:40: error: unknown type name ‘compat_uptr_t’; did you mean ‘compat_ptr_ioctl’? struct sockaddr __user **save_addr, compat_uptr_t *ptr, ^~~~~~~~~~~~~ compat_ptr_ioctl include/net/compat.h:61:4: error: unknown type name ‘compat_size_t’; did you mean ‘compat_sigset_t’? compat_size_t *len); ^~~~~~~~~~~~~ compat_sigset_t Currently net/compat.h depends on linux/compat.h being included first. After the upcoming changes this would break the 32bit build. Reviewed-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Link: https://lore.kernel.org/r/20201121214844.1488283-1-kuba@kernel.orgSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
David Howells authored
Ask the security class how much header and trailer space to allow for when allocating a packet, given how much data is remaining. This will allow the rxgk security class to stick both a trailer in as well as a header as appropriate in the future. Signed-off-by: David Howells <dhowells@redhat.com>
-
Martin Schiller authored
Call netdev notifiers before and after changing the device type. Signed-off-by: Martin Schiller <ms@dev.tdt.de> Link: https://lore.kernel.org/r/20201118063919.29485-1-ms@dev.tdt.deSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
David Howells authored
In the rxkad security class, don't use pskb_pull() to advance through the contents of the response packet. There's no point, especially as the next and last access to the skbuff still has to allow for the wire header in the offset (which we didn't advance over). Better to just add the displacement to the next offset. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
Organise the security information in the rxrpc_connection struct to use a union to allow for different data for different security classes. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
Insert the security header into the skbuff representing a DATA packet to be transmitted rather than using skb_reserve() when the packet is allocated. This makes it easier to apply crypto that spans the security header and the data, particularly in the upcoming RxGK class where we have a common encrypt-and-checksum function that is used in a number of circumstances. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
Merge the ->prime_packet_security() into the ->init_connection_security() hook as they're always called together. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
Fix an example of an rxrpc key name in a comment. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
When parsing a payload for an rxrpc-type key, ignore any tokens that are not of a known type and don't give an error for them - unless there are no tokens of a known type. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
Make the parsing of xdr-encoded payloads, as passed to add_key, more coherent. Shuttling back and forth between various variables was a bit hard to follow. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
Allow a security class to give more information on an rxrpc_s-type key when it is viewed in /proc/keys. This will allow the upcoming RxGK security class to show the enctype name here. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
Don't let someone reading a service-side rxrpc-type key get access to the session key that was exchanged with the client. The server application will, at some point, need to be able to read the information in the ticket, but this probably shouldn't include the key material. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
Hand responsibility for parsing a server key off to the security class. We can determine which class from the description. This is necessary as rxgk server keys have different lookup requirements and different content requirements (dependent on crypto type) to those of rxkad server keys. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
Split the server private key type (rxrpc_s) out into its own file rather than mingling it with the authentication/client key type (rxrpc) since they don't really bear any relation. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
Don't retain a pointer to the server key in the connection, but rather get it on demand when the server has to deal with a response packet. This is necessary to implement RxGK (GSSAPI-mediated transport class), where we can't know which key we'll need until we've challenged the client and got back the response. This also means that we don't need to do a key search in the accept path in softirq mode. Also, whilst we're at it, allow the security class to ask for a kvno and encoding-type variant of a server key as RxGK needs different keys for different encoding types. Keys of this type have an extra bit in the description: "<service-id>:<security-index>:<kvno>:<enctype>" Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
rxrpc-type keys can have multiple tokens attached for different security classes. Currently, rxrpc always picks the first one, whether or not the security class it indicates is supported. Add preliminary support for choosing which security class will be used (this will need to be directed from a higher layer) and go through the tokens to find one that's supported. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
When viewing an rxrpc-type key through /proc/keys, display a list of held token types. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
Remove the rxrpc rxk5 security class as it's now defunct and nothing uses it anymore. Signed-off-by: David Howells <dhowells@redhat.com>
-
David Howells authored
Provide the proposed description (add key) or the original description (update/instantiate key) when preparsing a key so that the key type can validate it against the data. This is important for rxrpc server keys as we need to check that they have the right amount of key material present - and it's better to do that when the key is loaded rather than deep in trying to process a response packet. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> cc: keyrings@vger.kernel.org
-
- 22 Nov, 2020 1 commit
-
-
George Cherian authored
Add support to choose RSS flow key algorithm with IPv4 transport protocol field included in hashing input data. This will be enabled by default. There-by enabling 3/5 tuple hash Signed-off-by: Sunil Kovvuri Goutham <sgoutham@marvell.com> Signed-off-by: George Cherian <george.cherian@marvell.com> Link: https://lore.kernel.org/r/20201120093906.2873616-1-george.cherian@marvell.comSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
- 21 Nov, 2020 2 commits
-
-
Jakub Kicinski authored
Merge tag 'linux-can-next-for-5.11-20201120' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next Marc Kleine-Budde says: ==================== pull-request: can-next 2020-11-20 The first patch is by Yegor Yefremov and he improves the j1939 documentaton by adding tables for the CAN identifier and its fields. Then there are 8 patches by Oliver Hartkopp targeting the CAN driver infrastructure and drivers. These add support for optional DLC element to the Classical CAN frame structure. See patch ea780056 ("can: add optional DLC element to Classical CAN frame structure") for details. Oliver's last patch adds len8_dlc support to several drivers. Stefan Mätje provides a patch to add len8_dlc support to the esd_usb2 driver. The next patch is by Oliver Hartkopp, too and adds support for modification of Classical CAN DLCs to CAN GW sockets. The next 3 patches target the nxp,flexcan DT bindings. One patch by my adds the missing uint32 reference to the clock-frequency property. Joakim Zhang's patches fix the fsl,clk-source property and add the IMX_SC_R_CAN() macro to the imx firmware header file, which will be used in the flexcan driver later. Another patch by Joakim Zhang prepares the flexcan driver for SCU based stop-mode, by giving the existing, GPR based stop-mode, a _GPR postfix. The next 5 patches are by me, target the flexcan driver, and clean up the .ndo_open and .ndo_stop callbacks. These patches try to fix a sporadically hanging flexcan_close() during simultanious ifdown, sending of CAN messages and probably open CAN bus. I was never able to reproduce, but these seem to fix the problem at the reporting user. As these changes are rather big, I'd like to mainline them via net-next/master. The next patches are by Jimmy Assarsson and Christer Beskow, they add support for new USB devices to the existing kvaser_usb driver. The last patch is by Kaixu Xia and simplifies the return in the mcp251xfd_chip_softreset() function in the mcp251xfd driver. * tag 'linux-can-next-for-5.11-20201120' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next: (25 commits) can: mcp251xfd: remove useless code in mcp251xfd_chip_softreset can: kvaser_usb: Add new Kvaser hydra devices can: kvaser_usb: kvaser_usb_hydra: Add support for new device variant can: kvaser_usb: Add new Kvaser Leaf v2 devices can: kvaser_usb: Add USB_{LEAF,HYDRA}_PRODUCT_ID_END defines can: flexcan: flexcan_close(): change order if commands to properly shut down the controller can: flexcan: flexcan_open(): completely initialize controller before requesting IRQ can: flexcan: flexcan_rx_offload_setup(): factor out mailbox and rx-offload setup into separate function can: flexcan: move enabling/disabling of interrupts from flexcan_chip_{start,stop}() to callers can: flexcan: factor out enabling and disabling of interrupts into separate function can: flexcan: rename macro FLEXCAN_QUIRK_SETUP_STOP_MODE -> FLEXCAN_QUIRK_SETUP_STOP_MODE_GPR dt-bindings: firmware: add IMX_SC_R_CAN(x) macro for CAN dt-bindings: can: fsl,flexcan: fix fsl,clk-source property dt-bindings: can: fsl,flexcan: add uint32 reference to clock-frequency property can: gw: support modification of Classical CAN DLCs can: drivers: add len8_dlc support for esd_usb2 CAN adapter can: drivers: add len8_dlc support for various CAN adapters can: drivers: introduce helpers to access Classical CAN DLC values can: update documentation for DLC usage in Classical CAN can: rename CAN FD related can_len2dlc and can_dlc2len helpers ... ==================== Link: https://lore.kernel.org/r/20201120133318.3428231-1-mkl@pengutronix.deSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Heiner Kallweit authored
Use netdev->tstats instead of a member of net_bridge for storing a pointer to the per-cpu counters. This allows us to use core functionality for statistics handling. Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com> Link: https://lore.kernel.org/r/9bad2be2-fd84-7c6e-912f-cee433787018@gmail.comSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-