- 16 Feb, 2023 40 commits
-
-
https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linuxJakub Kicinski authored
Leon Romanovsky says: ==================== mlx5-next changes Following previous conversations [1] and our clear commitment to do the TC work [2], please pull mlx5-next shared branch, which includes low-level steering logic to allow RoCEv2 traffic to be encrypted/ decrypted through IPsec. [1] https://lore.kernel.org/all/20230126230815.224239-1-saeed@kernel.org/ [2] https://lore.kernel.org/all/Y+Z7lVVWqnRBiPh2@nvidia.com/ * 'mlx5-next' of https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux: net/mlx5: Configure IPsec steering for egress RoCEv2 traffic net/mlx5: Configure IPsec steering for ingress RoCEv2 traffic net/mlx5: Add IPSec priorities in RDMA namespaces net/mlx5: Implement new destination type TABLE_TYPE net/mlx5: Introduce new destination type TABLE_TYPE ==================== Link: https://lore.kernel.org/r/20230215095624.1365200-1-leon@kernel.orgSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jakub Kicinski authored
Merge tag 'wireless-next-2023-03-16' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next Johannes Berg says: ==================== Major stack changes: * EHT channel puncturing support (client & AP) * some support for AP MLD without mac80211 * fixes for A-MSDU on mesh connections Major driver changes: iwlwifi * EHT rate reporting * Bump FW API to 74 for AX devices * STEP equalizer support: transfer some STEP (connection to radio on platforms with integrated wifi) related parameters from the BIOS to the firmware mt76 * switch to using page pool allocator * mt7996 EHT (Wi-Fi 7) support * Wireless Ethernet Dispatch (WED) reset support libertas * WPS enrollee support brcmfmac * Rename Cypress 89459 to BCM4355 * BCM4355 and BCM4377 support mwifiex * SD8978 chipset support rtl8xxxu * LED support ath12k * new driver for Qualcomm Wi-Fi 7 devices ath11k * IPQ5018 support * Fine Timing Measurement (FTM) responder role support * channel 177 support ath10k * store WLAN firmware version in SMEM image table * tag 'wireless-next-2023-03-16' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next: (207 commits) wifi: brcmfmac: p2p: Introduce generic flexible array frame member wifi: mac80211: add documentation for amsdu_mesh_control wifi: cfg80211: remove gfp parameter from cfg80211_obss_color_collision_notify description wifi: mac80211: always initialize link_sta with sta wifi: mac80211: pass 'sta' to ieee80211_rx_data_set_sta() wifi: cfg80211: Set SSID if it is not already set wifi: rtw89: move H2C of del_pkt_offload before polling FW status ready wifi: rtw89: use readable return 0 in rtw89_mac_cfg_ppdu_status() wifi: rtw88: usb: drop now unnecessary URB size check wifi: rtw88: usb: send Zero length packets if necessary wifi: rtw88: usb: Set qsel correctly wifi: mac80211: fix off-by-one link setting wifi: mac80211: Fix for Rx fragmented action frames wifi: mac80211: avoid u32_encode_bits() warning wifi: mac80211: Don't translate MLD addresses for multicast wifi: cfg80211: call reg_notifier for self managed wiphy from driver hint wifi: cfg80211: get rid of gfp in cfg80211_bss_color_notify wifi: nl80211: Allow authentication frames and set keys on NAN interface wifi: mac80211: fix non-MLO station association wifi: mac80211: Allow NSS change only up to capability ... ==================== Link: https://lore.kernel.org/r/20230216105406.208416-1-johannes@sipsolutions.netSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Paolo Abeni authored
Andrea Mayer says: ==================== seg6: add PSP flavor support for SRv6 End behavior Segment Routing for IPv6 (SRv6 in short) [1] is the instantiation of the Segment Routing (SR) [2] architecture on the IPv6 dataplane. In SRv6, the segment identifiers (SID) are IPv6 addresses and the segment list (SID List) is carried in the Segment Routing Header (SRH). A segment may be bound to a specific packet processing operation called "behavior". The RFC8986 [3] defines and standardizes the most common/relevant behaviors for network operators, e.g., End, End.X and End.T and so on. The RFC8986 also introduces the "flavors" framework aiming to modify or extend the capabilities of SRv6 End, End.X and End.T behaviors. Specifically, these behaviors support the following flavors (either individually or in combinations): - Penultimate Segment Pop (PSP); - Ultimate Segment Pop (USP); - Ultimate Segment Decapsulation (USD). Such flavors enable an End/End.X/End.T behavior to pop the SRH on the penultimate/ultimate SR endpoint node listed in the SID List or to perform a full decapsulation. Currently, the Linux kernel supports a large subset of behaviors described in RFC8986, including the End, End.X and End.T. However, PSP, USP and USD flavors have not yet been implemented. In this patchset, we extend the SRv6 subsystem to implement the PSP flavor in the SRv6 End behavior. To accomplish this task, we leverage the flavor framework previously introduced by another patchset required for supporting the efficient representation of the SID List through the NEXT-C-SID mechanism [4]. In details, the patchset is made of: - patch 1/3: seg6: factor out End lookup nexthop processing to a dedicated function - patch 2/3: seg6: add PSP flavor support for SRv6 End behavior - patch 3/3: selftests: seg6: add selftest for PSP flavor in SRv6 End behavior From the user space perspective, we do not need to change the iproute2 code to support the PSP flavor. However, we provide the man page for the PSP flavor in a separate patch. Comments, improvements and suggestions are always appreciated. [1] - RFC8754: https://datatracker.ietf.org/doc/html/rfc8754 [2] - RFC8402: https://datatracker.ietf.org/doc/html/rfc8402 [3] - RFC8986: https://datatracker.ietf.org/doc/html/rfc8986 [4] - https://datatracker.ietf.org/doc/html/draft-ietf-spring-srv6-srh-compression ==================== Link: https://lore.kernel.org/r/20230215134659.7613-1-andrea.mayer@uniroma2.itSigned-off-by: Paolo Abeni <pabeni@redhat.com>
-
Andrea Mayer authored
This selftest is designed for testing the PSP flavor in SRv6 End behavior. It instantiates a virtual network composed of several nodes: hosts and SRv6 routers. Each node is realized using a network namespace that is properly interconnected to others through veth pairs. The test makes use of the SRv6 End behavior and of the PSP flavor needed for removing the SRH from the IPv6 header at the penultimate node. The correct execution of the behavior is verified through reachability tests carried out between hosts. Signed-off-by: Andrea Mayer <andrea.mayer@uniroma2.it> Signed-off-by: Paolo Lungaroni <paolo.lungaroni@uniroma2.it> Reviewed-by: David Ahern <dsahern@kernel.org> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Andrea Mayer authored
The "flavors" framework defined in RFC8986 [1] represents additional operations that can modify or extend a subset of existing behaviors such as SRv6 End, End.X and End.T. We report these flavors hereafter: - Penultimate Segment Pop (PSP); - Ultimate Segment Pop (USP); - Ultimate Segment Decapsulation (USD). Depending on how the Segment Routing Header (SRH) has to be handled, an SRv6 End* behavior can support these flavors either individually or in combinations. In this patch, we only consider the PSP flavor for the SRv6 End behavior. A PSP enabled SRv6 End behavior is used by the Source/Ingress SR node (i.e., the one applying the SRv6 Policy) when it needs to instruct the penultimate SR Endpoint node listed in the SID List (carried by the SRH) to remove the SRH from the IPv6 header. Specifically, a PSP enabled SRv6 End behavior processes the SRH by: i) decreasing the Segment Left (SL) from 1 to 0; ii) copying the Last Segment IDentifier (SID) into the IPv6 Destination Address (DA); iii) removing (i.e., popping) the outer SRH from the extension headers following the IPv6 header. It is important to note that PSP operation (steps i, ii, iii) takes place only at a penultimate SR Segment Endpoint node (i.e., when the SL=1) and does not happen at non-penultimate Endpoint nodes. Indeed, when a SID of PSP flavor is processed at a non-penultimate SR Segment Endpoint node, the PSP operation is not performed because it would not be possible to decrease the SL from 1 to 0. SL=2 SL=1 SL=0 | | | For example, given the SRv6 policy (SID List := < X, Y, Z >): - a PSP enabled SRv6 End behavior bound to SID "Y" will apply the PSP operation as Segment Left (SL) is 1, corresponding to the Penultimate Segment of the SID List; - a PSP enabled SRv6 End behavior bound to SID "X" will *NOT* apply the PSP operation as the Segment Left is 2. This behavior instance will apply the "standard" End packet processing, ignoring the configured PSP flavor at all. [1] - RFC8986: https://datatracker.ietf.org/doc/html/rfc8986Signed-off-by: Andrea Mayer <andrea.mayer@uniroma2.it> Reviewed-by: David Ahern <dsahern@kernel.org> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Andrea Mayer authored
The End nexthop lookup/input operations are moved into a new helper function named input_action_end_finish(). This avoids duplicating the code needed to compute the nexthop in the different flavors of the End behavior. Signed-off-by: Andrea Mayer <andrea.mayer@uniroma2.it> Reviewed-by: David Ahern <dsahern@kernel.org> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Lukas Bulwahn authored
Commit 3d7316ac ("net: dsa: ocelot: add external ocelot switch control") adds config NET_DSA_MSCC_OCELOT_EXT, which selects the non-existing config MFD_OCELOT_CORE. Replace this select with the intended and existing MFD_OCELOT. Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> Acked-by: Colin Foster <colin.foster@in-advantage.com> Link: https://lore.kernel.org/r/20230215104631.31568-1-lukas.bulwahn@gmail.comSigned-off-by: Paolo Abeni <pabeni@redhat.com>
-
Paolo Abeni authored
Alejandro Lucero says: ==================== sfc: devlink support for ef100 This patchset adds devlink port support for ef100 allowing setting VFs mac addresses through the VF representor devlink ports. Basic devlink infrastructure is first introduced, then support for info command. Next changes for enumerating MAE ports which will be used for devlink port creation when netdevs are registered. Adding support for devlink port_function_hw_addr_get requires changes in the ef100 driver for getting the mac address based on a client handle. This allows to obtain VFs mac addresses during netdev initialization as well what is included in patch 6. Such client handle is used in patches 7 and 8 for getting and setting devlink port addresses. ==================== Link: https://lore.kernel.org/r/20230215090828.11697-1-alejandro.lucero-palau@amd.comSigned-off-by: Paolo Abeni <pabeni@redhat.com>
-
Alejandro Lucero authored
Using the builtin client handle id infrastructure, add support for setting the mac address linked to mports in ef100. This implies to execute an MCDI command for giving the address to the firmware for the specific devlink port. Signed-off-by: Alejandro Lucero <alejandro.lucero-palau@amd.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Acked-by: Martin Habets <habetsm.xilinx@gmail.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Alejandro Lucero authored
Using the builtin client handle id infrastructure, add support for obtaining the mac address linked to mports in ef100. This implies to execute an MCDI command for getting the data from the firmware for each devlink port. Signed-off-by: Alejandro Lucero <alejandro.lucero-palau@amd.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Acked-by: Martin Habets <habetsm.xilinx@gmail.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Alejandro Lucero authored
Getting device mac address is currently based on a specific MCDI command only available for the PF. This patch changes the MCDI command to a generic one for PFs and VFs based on a client handle. This allows both PFs and VFs to ask for their mac address during initialization using the CLIENT_HANDLE_SELF. Moreover, the patch allows other client handles which will be used by the PF to ask for mac addresses linked to VFs. This is necessary for suporting the port_function_hw_addr_get devlink function in further patches. Signed-off-by: Alejandro Lucero <alejandro.lucero-palau@amd.com> Acked-by: Martin Habets <habetsm.xilinx@gmail.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Alejandro Lucero authored
Using the data when enumerating mports, create devlink ports just before netdevs are registered and remove those devlink ports after netdev has been unregistered. Signed-off-by: Alejandro Lucero <alejandro.lucero-palau@amd.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Acked-by: Martin Habets <habetsm.xilinx@gmail.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Alejandro Lucero authored
Obtaining mport id is based on asking the firmware about it. This is still needed for mport initialization itself, but once the mport data is now kept by the driver, further mport id request can be satisfied internally without firmware interaction. Previous function is just modified in name making clear the firmware interaction. The new function uses the old name and looks for the data in the mport data structure. Signed-off-by: Alejandro Lucero <alejandro.lucero-palau@amd.com> Acked-by: Martin Habets <habetsm.xilinx@gmail.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Alejandro Lucero authored
MAE ports (mports) are the ports on the EF100 embedded switch such as networking PCIe functions, the physical port, and potentially others. Signed-off-by: Alejandro Lucero <alejandro.lucero-palau@amd.com> Acked-by: Martin Habets <habetsm.xilinx@gmail.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Alejandro Lucero authored
Add devlink info support for ef100. The information reported is obtained through the MCDI interface with the specific meaning defined in new documentation file. Signed-off-by: Alejandro Lucero <alejandro.lucero-palau@amd.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Acked-by: Martin Habets <habetsm.xilinx@gmail.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Alejandro Lucero authored
Add devlink infrastructure support. Further patches add devlink info and devlink port support. Signed-off-by: Alejandro Lucero <alejandro.lucero-palau@amd.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Acked-by: Martin Habets <habetsm.xilinx@gmail.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Paolo Abeni authored
Pedro Tammela says: ==================== net/sched: transition actions to pcpu stats and rcu Following the work done for act_pedit[0], transition the remaining tc actions to percpu stats and rcu, whenever possible. Percpu stats make updating the action stats very cheap, while combining it with rcu action parameters makes it possible to get rid of the per action lock in the datapath. For act_connmark and act_nat we run the following tests: - tc filter add dev ens2f0 ingress matchall action connmark - tc filter add dev ens2f0 ingress matchall action nat ingress any 10.10.10.10 Our setup consists of a 26 cores Intel CPU and a 25G NIC. We use TRex to shoot 10mpps TCP packets and take perf measurements. Both actions improved performance as expected since the datapath lock disappeared. For act_pedit we move the drop counter to percpu, when available. For act_gate we move the counters to percpu, when available. [0] https://lore.kernel.org/all/20230131145149.3776656-1-pctammela@mojatatu.com/ ==================== Link: https://lore.kernel.org/r/20230214211534.735718-1-pctammela@mojatatu.comSigned-off-by: Paolo Abeni <pabeni@redhat.com>
-
Pedro Tammela authored
Since act_pedit now has access to percpu counters, use the tcf_action_inc_overlimit_qstats wrapper that will use the percpu counter whenever they are available. Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: Pedro Tammela <pctammela@mojatatu.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Pedro Tammela authored
The tc action act_gate was using shared stats, move it to percpu stats. tdc results: 1..12 ok 1 5153 - Add gate action with priority and sched-entry ok 2 7189 - Add gate action with base-time ok 3 a721 - Add gate action with cycle-time ok 4 c029 - Add gate action with cycle-time-ext ok 5 3719 - Replace gate base-time action ok 6 d821 - Delete gate action with valid index ok 7 3128 - Delete gate action with invalid index ok 8 7837 - List gate actions ok 9 9273 - Flush gate actions ok 10 c829 - Add gate action with duplicate index ok 11 3043 - Add gate action with invalid index ok 12 2930 - Add gate action with cookie Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: Pedro Tammela <pctammela@mojatatu.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Pedro Tammela authored
The tc action act_connmark was using shared stats and taking the per action lock in the datapath. Improve it by using percpu stats and rcu. perf before: - 13.55% tcf_connmark_act - 81.18% _raw_spin_lock 80.46% native_queued_spin_lock_slowpath perf after: - 2.85% tcf_connmark_act tdc results: 1..15 ok 1 2002 - Add valid connmark action with defaults ok 2 56a5 - Add valid connmark action with control pass ok 3 7c66 - Add valid connmark action with control drop ok 4 a913 - Add valid connmark action with control pipe ok 5 bdd8 - Add valid connmark action with control reclassify ok 6 b8be - Add valid connmark action with control continue ok 7 d8a6 - Add valid connmark action with control jump ok 8 aae8 - Add valid connmark action with zone argument ok 9 2f0b - Add valid connmark action with invalid zone argument ok 10 9305 - Add connmark action with unsupported argument ok 11 71ca - Add valid connmark action and replace it ok 12 5f8f - Add valid connmark action with cookie ok 13 c506 - Replace connmark with invalid goto chain control ok 14 6571 - Delete connmark action with valid index ok 15 3426 - Delete connmark action with invalid index Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: Pedro Tammela <pctammela@mojatatu.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Pedro Tammela authored
The tc action act_nat was using shared stats and taking the per action lock in the datapath. Improve it by using percpu stats and rcu. perf before: - 10.48% tcf_nat_act - 81.83% _raw_spin_lock 81.08% native_queued_spin_lock_slowpath perf after: - 0.48% tcf_nat_act tdc results: 1..27 ok 1 7565 - Add nat action on ingress with default control action ok 2 fd79 - Add nat action on ingress with pipe control action ok 3 eab9 - Add nat action on ingress with continue control action ok 4 c53a - Add nat action on ingress with reclassify control action ok 5 76c9 - Add nat action on ingress with jump control action ok 6 24c6 - Add nat action on ingress with drop control action ok 7 2120 - Add nat action on ingress with maximum index value ok 8 3e9d - Add nat action on ingress with invalid index value ok 9 f6c9 - Add nat action on ingress with invalid IP address ok 10 be25 - Add nat action on ingress with invalid argument ok 11 a7bd - Add nat action on ingress with DEFAULT IP address ok 12 ee1e - Add nat action on ingress with ANY IP address ok 13 1de8 - Add nat action on ingress with ALL IP address ok 14 8dba - Add nat action on egress with default control action ok 15 19a7 - Add nat action on egress with pipe control action ok 16 f1d9 - Add nat action on egress with continue control action ok 17 6d4a - Add nat action on egress with reclassify control action ok 18 b313 - Add nat action on egress with jump control action ok 19 d9fc - Add nat action on egress with drop control action ok 20 a895 - Add nat action on egress with DEFAULT IP address ok 21 2572 - Add nat action on egress with ANY IP address ok 22 37f3 - Add nat action on egress with ALL IP address ok 23 6054 - Add nat action on egress with cookie ok 24 79d6 - Add nat action on ingress with cookie ok 25 4b12 - Replace nat action with invalid goto chain control ok 26 b811 - Delete nat action with valid index ok 27 a521 - Delete nat action with invalid index Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: Pedro Tammela <pctammela@mojatatu.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Paolo Abeni authored
Jesse Brandeburg says: ==================== net/core: commmon prints for promisc Add a print to the kernel log for allmulticast entry and exit, and standardize the print for entry and exit of promiscuous mode. These prints are useful to both user and developer and should have the triggering driver/bus/device info that netdev_info (optionally) gives. ==================== Link: https://lore.kernel.org/r/20230214210117.23123-1-jesse.brandeburg@intel.comSigned-off-by: Paolo Abeni <pabeni@redhat.com>
-
Jesse Brandeburg authored
The kernel stack can be more consistent by printing the IFF_PROMISC aka promiscuous enable/disable messages with the standard netdev_info message which can include bus and driver info as well as the device. typical command usage from user space looks like: ip link set eth0 promisc <on|off> But lots of utilities such as bridge, tcpdump, etc put the interface into promiscuous mode. old message: [ 406.034418] device eth0 entered promiscuous mode [ 408.424703] device eth0 left promiscuous mode new message: [ 406.034431] ice 0000:17:00.0 eth0: entered promiscuous mode [ 408.424715] ice 0000:17:00.0 eth0: left promiscuous mode Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Jesse Brandeburg authored
When the user sets or clears the IFF_ALLMULTI flag in the netdev, there are no log messages printed to the kernel log to indicate anything happened. This is inexplicably different from most other dev->flags changes, and could suprise the user. Typically this occurs from user-space when a user: ip link set eth0 allmulticast <on|off> However, other devices like bridge set allmulticast as well, and many other flows might trigger entry into allmulticast as well. The new message uses the standard netdev_info print and looks like: [ 413.246110] ixgbe 0000:17:00.0 eth0: entered allmulticast mode [ 415.977184] ixgbe 0000:17:00.0 eth0: left allmulticast mode Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Kees Cook authored
Silence run-time memcpy() false positive warning when processing management frames: memcpy: detected field-spanning write (size 27) of single field "&mgmt_frame->u" at drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c:1469 (size 26) Due to this (soon to be fixed) GCC bug[1], FORTIFY_SOURCE (via __builtin_dynamic_object_size) doesn't recognize that the union may end with a flexible array, and returns "26" (the fixed size of the union), rather than the remaining size of the allocation. Add an explicit flexible array member and set it as the destination here, so that we get the correct coverage for the memcpy(). [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101832Reported-by: Ard Biesheuvel <ardb@kernel.org> Cc: Arend van Spriel <aspriel@gmail.com> Cc: Franky Lin <franky.lin@broadcom.com> Cc: Hante Meuleman <hante.meuleman@broadcom.com> Cc: Kalle Valo <kvalo@kernel.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: Johannes Berg <johannes@sipsolutions.net> Cc: "Jason A. Donenfeld" <Jason@zx2c4.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: "Darrick J. Wong" <djwong@kernel.org> Cc: Colin Ian King <colin.i.king@gmail.com> Cc: Brian Henriquez <brian.henriquez@cypress.com> Cc: linux-wireless@vger.kernel.org Cc: brcm80211-dev-list.pdl@broadcom.com Cc: SHA-cyfmac-dev-list@infineon.com Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20230215224110.never.022-kees@kernel.org [rename 'frame' to 'body'] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Paolo Abeni authored
Jamal Hadi Salim says: ==================== net/sched: Retire some tc qdiscs and classifiers The CBQ + dsmark qdiscs and the tcindex + rsvp classifiers have served us for over 2 decades. Unfortunately, they have not been getting much attention due to reduced usage. While we dont have a good metric for tabulating how much use a specific kernel feature gets, for these specific features we observed that some of the functionality has been broken for some time and no users complained. In addition, syzkaller has been going to town on most of these and finding issues; and while we have been fixing those issues, at times it becomes obvious that we would need to perform bigger surgeries to resolve things found while getting a syzkaller fix in place. After some discussion we feel that in order to reduce the maintenance burden it is best to retire them. This patchset leaves the UAPI alone. I could send another version which deletes the UAPI as well. AFAIK, this has not been done before - so it wasnt clear what how to handle UAPI. It seems legit to just delete it but we would need to coordinate with iproute2 (given they sync up with kernel uapi headers). There are probably other users we don't know of that copy kernel headers. If folks feel differently I will resend the patches deleting UAPI for these qdiscs and classifiers. I will start another thread on iproute2 before sending any patches to iproute2. ==================== Link: https://lore.kernel.org/r/20230214134915.199004-1-jhs@mojatatu.comSigned-off-by: Paolo Abeni <pabeni@redhat.com>
-
Jamal Hadi Salim authored
The rsvp classifier has served us well for about a quarter of a century but has has not been getting much maintenance attention due to lack of known users. Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com> Acked-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Jamal Hadi Salim authored
The tcindex classifier has served us well for about a quarter of a century but has not been getting much TLC due to lack of known users. Most recently it has become easy prey to syzkaller. For this reason, we are retiring it. Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com> Acked-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Jamal Hadi Salim authored
The dsmark qdisc has served us well over the years for diffserv but has not been getting much attention due to other more popular approaches to do diffserv services. Most recently it has become a shooting target for syzkaller. For this reason, we are retiring it. Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com> Acked-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Jamal Hadi Salim authored
The ATM qdisc has served us well over the years but has not been getting much TLC due to lack of known users. Most recently it has become a shooting target for syzkaller. For this reason, we are retiring it. Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com> Acked-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Jamal Hadi Salim authored
While this amazing qdisc has served us well over the years it has not been getting any tender love and care and has bitrotted over time. It has become mostly a shooting target for syzkaller lately. For this reason, we are retiring it. Goodbye CBQ - we loved you. Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com> Acked-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Paolo Abeni authored
Steen Hegelund says: ==================== Adding Sparx5 ES0 VCAP support This provides the Egress Stage 0 (ES0) VCAP (Versatile Content-Aware Processor) support for the Sparx5 platform. The ES0 VCAP is an Egress Access Control VCAP that uses frame keyfields and previously classified keyfields to add, rewrite or remove VLAN tags on the egress frames, and is therefore often referred to as the rewriter. The ES0 VCAP also supports trapping frames to the host. The ES0 VCAP has 1 lookup accessible with this chain id: - chain 10000000: ES0 Lookup 0 The ES0 VCAP does not do traffic classification to select a keyset, but it does have two keysets that can be used on all traffic. For now only the ISDX keyset is used. The ES0 VCAP can match on an ISDX key (Ingress Service Index) as one of the frame metadata keyfields, similar to the ES2 VCAP. The ES0 VCAP uses external counters in the XQS (statistics) group. ==================== Link: https://lore.kernel.org/r/20230214104049.1553059-1-steen.hegelund@microchip.comSigned-off-by: Paolo Abeni <pabeni@redhat.com>
-
Steen Hegelund authored
This provides these 3 actions for rule in the ES0 VCAP: - action vlan pop - action vlan modify id X priority Y - action vlan push id X priority Y protocol Z Signed-off-by: Steen Hegelund <steen.hegelund@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Steen Hegelund authored
This enables the TC command to use the Sparx5 ES0 VCAP, and handling of rule links between IS0 and ES0. Signed-off-by: Steen Hegelund <steen.hegelund@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Steen Hegelund authored
This adds the ES0 VCAP port keyset configuration for Sparx5. Signed-off-by: Steen Hegelund <steen.hegelund@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Steen Hegelund authored
This provides access to the ES0 VCAP register targets Signed-off-by: Steen Hegelund <steen.hegelund@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Steen Hegelund authored
This provides the VCAP model for the Sparx5 ES0 (Egress Stage 0) VCAP. This VCAP provides rewriting functionality in the egress path. Signed-off-by: Steen Hegelund <steen.hegelund@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Steen Hegelund authored
Ensure that an error is returned if the VCAP instance was not found. The chain offset (diff) is allowed to be zero as this just means that the user did not request rules to be linked. Signed-off-by: Steen Hegelund <steen.hegelund@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Steen Hegelund authored
This improves the check performed on linked rules when enabling or disabling them. The chain id used must be the chain id without the offset used for linking the rules. Signed-off-by: Steen Hegelund <steen.hegelund@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Steen Hegelund authored
This changes the TPID of the egress frames to use the TPID stored in the IFH (internal frame header), which ensures that this is the TPID classified for the frame at ingress. Signed-off-by: Steen Hegelund <steen.hegelund@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-