An error occurred fetching the project authors.
  1. 12 Jun, 2021 1 commit
    • Loic Poulain's avatar
      net: mhi_net: Register wwan_ops for link creation · 13adac03
      Loic Poulain authored
      Register wwan_ops for link management via wwan rtnetlink. This is
      only basic support for now, since we only support creating one
      single link (link-0), but is useful to validate new wwan rtnetlink
      interface.
      
      For backward compatibity support, we still register a default netdev
      at probe time, except if 'create_default_iface' module parameter is
      set to false.
      
      This has been tested with iproute2 and mbimcli:
      $ ip link add dev wwan0-0 parentdev-name wwan0 type wwan linkid 0
      $ mbimcli -p -d /dev/wwan0p2MBIM --connect apn=free
      $ ip link set dev wwan0-0 up
      $ ip addr add dev wwan0 ${IP}
      $ ip route replace default via ${IP}
      $ ping 8.8.8.8
      ...
      Signed-off-by: default avatarLoic Poulain <loic.poulain@linaro.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      13adac03
  2. 08 Jun, 2021 1 commit
  3. 16 Apr, 2021 1 commit
    • Loic Poulain's avatar
      net: Add a WWAN subsystem · 9a44c1cc
      Loic Poulain authored
      This change introduces initial support for a WWAN framework. Given the
      complexity and heterogeneity of existing WWAN hardwares and interfaces,
      there is no strict definition of what a WWAN device is and how it should
      be represented. It's often a collection of multiple devices that perform
      the global WWAN feature (netdev, tty, chardev, etc).
      
      One usual way to expose modem controls and configuration is via high
      level protocols such as the well known AT command protocol, MBIM or
      QMI. The USB modems started to expose them as character devices, and
      user daemons such as ModemManager learnt to use them.
      
      This initial version adds the concept of WWAN port, which is a logical
      pipe to a modem control protocol. The protocols are rawly exposed to
      user via character device, allowing straigthforward support in existing
      tools (ModemManager, ofono...). The WWAN core takes care of the generic
      part, including character device management, and relies on port driver
      operations to receive/submit protocol data.
      
      Since the different devices exposing protocols for a same WWAN hardware
      do not necessarily know about each others (e.g. two different USB
      interfaces, PCI/MHI channel devices...) and can be created/removed in
      different orders, the WWAN core ensures that all WAN ports contributing
      to the 'whole' WWAN feature are grouped under the same virtual WWAN
      device, relying on the provided parent device (e.g. mhi controller,
      USB device). It's a 'trick' I copied from Johannes's earlier WWAN
      subsystem proposal.
      
      This initial version is purposely minimalist, it's essentially moving
      the generic part of the previously proposed mhi_wwan_ctrl driver inside
      a common WWAN framework, but the implementation is open and flexible
      enough to allow extension for further drivers.
      Signed-off-by: default avatarLoic Poulain <loic.poulain@linaro.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9a44c1cc
  4. 14 Mar, 2021 1 commit
    • Ido Schimmel's avatar
      netdevsim: Add dummy psample implementation · a8700c3d
      Ido Schimmel authored
      Allow netdevsim to report "sampled" packets to the psample module by
      periodically generating packets from a work queue. The behavior can be
      enabled / disabled (default) and the various meta data attributes can be
      controlled via debugfs knobs.
      
      This implementation enables both testing of the psample module with all
      the optional attributes as well as development of user space
      applications on top of psample such as hsflowd and a Wireshark dissector
      for psample generic netlink packets.
      Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a8700c3d
  5. 08 Mar, 2021 1 commit
  6. 23 Feb, 2021 1 commit
  7. 27 Jan, 2021 1 commit
  8. 02 Jan, 2021 1 commit
  9. 05 Dec, 2020 1 commit
  10. 06 Nov, 2020 1 commit
  11. 29 Oct, 2020 1 commit
  12. 27 Aug, 2020 2 commits
  13. 01 Jul, 2020 1 commit
    • Denis Kirjanov's avatar
      xen networking: add basic XDP support for xen-netfront · 6c5aa6fc
      Denis Kirjanov authored
      The patch adds a basic XDP processing to xen-netfront driver.
      
      We ran an XDP program for an RX response received from netback
      driver. Also we request xen-netback to adjust data offset for
      bpf_xdp_adjust_head() header space for custom headers.
      
      synchronization between frontend and backend parts is done
      by using xenbus state switching:
      Reconfiguring -> Reconfigured- > Connected
      
      UDP packets drop rate using xdp program is around 310 kpps
      using ./pktgen_sample04_many_flows.sh and 160 kpps without the patch.
      Signed-off-by: default avatarDenis Kirjanov <kda@linux-powerpc.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6c5aa6fc
  14. 26 Jun, 2020 1 commit
  15. 13 Jun, 2020 1 commit
    • Masahiro Yamada's avatar
      treewide: replace '---help---' in Kconfig files with 'help' · a7f7f624
      Masahiro Yamada authored
      Since commit 84af7a61 ("checkpatch: kconfig: prefer 'help' over
      '---help---'"), the number of '---help---' has been gradually
      decreasing, but there are still more than 2400 instances.
      
      This commit finishes the conversion. While I touched the lines,
      I also fixed the indentation.
      
      There are a variety of indentation styles found.
      
        a) 4 spaces + '---help---'
        b) 7 spaces + '---help---'
        c) 8 spaces + '---help---'
        d) 1 space + 1 tab + '---help---'
        e) 1 tab + '---help---'    (correct indentation)
        f) 1 tab + 1 space + '---help---'
        g) 1 tab + 2 spaces + '---help---'
      
      In order to convert all of them to 1 tab + 'help', I ran the
      following commend:
      
        $ find . -name 'Kconfig*' | xargs sed -i 's/^[[:space:]]*---help---/\thelp/'
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      a7f7f624
  16. 01 May, 2020 2 commits
  17. 30 Apr, 2020 1 commit
  18. 28 Apr, 2020 2 commits
  19. 25 Mar, 2020 1 commit
    • Pablo Neira Ayuso's avatar
      net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build · 2c64605b
      Pablo Neira Ayuso authored
      net/netfilter/nft_fwd_netdev.c: In function ‘nft_fwd_netdev_eval’:
          net/netfilter/nft_fwd_netdev.c:32:10: error: ‘struct sk_buff’ has no member named ‘tc_redirected’
            pkt->skb->tc_redirected = 1;
                    ^~
          net/netfilter/nft_fwd_netdev.c:33:10: error: ‘struct sk_buff’ has no member named ‘tc_from_ingress’
            pkt->skb->tc_from_ingress = 1;
                    ^~
      
      To avoid a direct dependency with tc actions from netfilter, wrap the
      redirect bits around CONFIG_NET_REDIRECT and move helpers to
      include/linux/skbuff.h. Turn on this toggle from the ifb driver, the
      only existing client of these bits in the tree.
      
      This patch adds skb_set_redirected() that sets on the redirected bit
      on the skbuff, it specifies if the packet was redirect from ingress
      and resets the timestamp (timestamp reset was originally missing in the
      netfilter bugfix).
      
      Fixes: bcfabee1 ("netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress")
      Reported-by: noreply@ellerman.id.au
      Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2c64605b
  20. 09 Mar, 2020 1 commit
  21. 24 Feb, 2020 1 commit
  22. 17 Jan, 2020 1 commit
  23. 15 Jan, 2020 1 commit
  24. 18 Dec, 2019 1 commit
  25. 17 Dec, 2019 1 commit
  26. 09 Dec, 2019 1 commit
    • Jason A. Donenfeld's avatar
      net: WireGuard secure network tunnel · e7096c13
      Jason A. Donenfeld authored
      WireGuard is a layer 3 secure networking tunnel made specifically for
      the kernel, that aims to be much simpler and easier to audit than IPsec.
      Extensive documentation and description of the protocol and
      considerations, along with formal proofs of the cryptography, are
      available at:
      
        * https://www.wireguard.com/
        * https://www.wireguard.com/papers/wireguard.pdf
      
      This commit implements WireGuard as a simple network device driver,
      accessible in the usual RTNL way used by virtual network drivers. It
      makes use of the udp_tunnel APIs, GRO, GSO, NAPI, and the usual set of
      networking subsystem APIs. It has a somewhat novel multicore queueing
      system designed for maximum throughput and minimal latency of encryption
      operations, but it is implemented modestly using workqueues and NAPI.
      Configuration is done via generic Netlink, and following a review from
      the Netlink maintainer a year ago, several high profile userspace tools
      have already implemented the API.
      
      This commit also comes with several different tests, both in-kernel
      tests and out-of-kernel tests based on network namespaces, taking profit
      of the fact that sockets used by WireGuard intentionally stay in the
      namespace the WireGuard interface was originally created, exactly like
      the semantics of userspace tun devices. See wireguard.com/netns/ for
      pictures and examples.
      
      The source code is fairly short, but rather than combining everything
      into a single file, WireGuard is developed as cleanly separable files,
      making auditing and comprehension easier. Things are laid out as
      follows:
      
        * noise.[ch], cookie.[ch], messages.h: These implement the bulk of the
          cryptographic aspects of the protocol, and are mostly data-only in
          nature, taking in buffers of bytes and spitting out buffers of
          bytes. They also handle reference counting for their various shared
          pieces of data, like keys and key lists.
      
        * ratelimiter.[ch]: Used as an integral part of cookie.[ch] for
          ratelimiting certain types of cryptographic operations in accordance
          with particular WireGuard semantics.
      
        * allowedips.[ch], peerlookup.[ch]: The main lookup structures of
          WireGuard, the former being trie-like with particular semantics, an
          integral part of the design of the protocol, and the latter just
          being nice helper functions around the various hashtables we use.
      
        * device.[ch]: Implementation of functions for the netdevice and for
          rtnl, responsible for maintaining the life of a given interface and
          wiring it up to the rest of WireGuard.
      
        * peer.[ch]: Each interface has a list of peers, with helper functions
          available here for creation, destruction, and reference counting.
      
        * socket.[ch]: Implementation of functions related to udp_socket and
          the general set of kernel socket APIs, for sending and receiving
          ciphertext UDP packets, and taking care of WireGuard-specific sticky
          socket routing semantics for the automatic roaming.
      
        * netlink.[ch]: Userspace API entry point for configuring WireGuard
          peers and devices. The API has been implemented by several userspace
          tools and network management utility, and the WireGuard project
          distributes the basic wg(8) tool.
      
        * queueing.[ch]: Shared function on the rx and tx path for handling
          the various queues used in the multicore algorithms.
      
        * send.c: Handles encrypting outgoing packets in parallel on
          multiple cores, before sending them in order on a single core, via
          workqueues and ring buffers. Also handles sending handshake and cookie
          messages as part of the protocol, in parallel.
      
        * receive.c: Handles decrypting incoming packets in parallel on
          multiple cores, before passing them off in order to be ingested via
          the rest of the networking subsystem with GRO via the typical NAPI
          poll function. Also handles receiving handshake and cookie messages
          as part of the protocol, in parallel.
      
        * timers.[ch]: Uses the timer wheel to implement protocol particular
          event timeouts, and gives a set of very simple event-driven entry
          point functions for callers.
      
        * main.c, version.h: Initialization and deinitialization of the module.
      
        * selftest/*.h: Runtime unit tests for some of the most security
          sensitive functions.
      
        * tools/testing/selftests/wireguard/netns.sh: Aforementioned testing
          script using network namespaces.
      
      This commit aims to be as self-contained as possible, implementing
      WireGuard as a standalone module not needing much special handling or
      coordination from the network subsystem. I expect for future
      optimizations to the network stack to positively improve WireGuard, and
      vice-versa, but for the time being, this exists as intentionally
      standalone.
      
      We introduce a menu option for CONFIG_WIREGUARD, as well as providing a
      verbose debug log and self-tests via CONFIG_WIREGUARD_DEBUG.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Cc: David Miller <davem@davemloft.net>
      Cc: Greg KH <gregkh@linuxfoundation.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: linux-crypto@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Cc: netdev@vger.kernel.org
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e7096c13
  27. 21 Nov, 2019 1 commit
  28. 26 Sep, 2019 1 commit
  29. 21 May, 2019 1 commit
  30. 24 Mar, 2019 1 commit
  31. 18 Mar, 2019 1 commit
  32. 26 Feb, 2019 1 commit
  33. 14 Feb, 2019 1 commit
  34. 12 Feb, 2019 1 commit
  35. 08 Feb, 2019 1 commit
    • Daniel Borkmann's avatar
      ipvlan: decouple l3s mode dependencies from other modes · c675e06a
      Daniel Borkmann authored
      Right now ipvlan has a hard dependency on CONFIG_NETFILTER and
      otherwise it cannot be built. However, the only ipvlan operation
      mode that actually depends on netfilter is l3s, everything else
      is independent of it. Break this hard dependency such that users
      are able to use ipvlan l3 mode on systems where netfilter is not
      compiled in.
      
      Therefore, this adds a hidden CONFIG_IPVLAN_L3S bool which is
      defaulting to y when CONFIG_NETFILTER is set in order to retain
      existing behavior for l3s. All l3s related code is refactored
      into ipvlan_l3s.c that is compiled in when enabled.
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Cc: Mahesh Bandewar <maheshb@google.com>
      Cc: Florian Westphal <fw@strlen.de>
      Cc: Martynas Pumputis <m@lambda.lt>
      Acked-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c675e06a
  36. 18 Jan, 2019 1 commit
  37. 05 Dec, 2018 1 commit