- 06 Dec, 2014 14 commits
-
-
David S. Miller authored
Alexei Starovoitov says: ==================== allow eBPF programs to be attached to sockets V1->V2: fixed comments in sample code to state clearly that packet data is accessed with LD_ABS instructions and not internal skb fields. Also replaced constants in: BPF_LD_ABS(BPF_B, 14 + 9 /* R0 = ip->proto */), with: BPF_LD_ABS(BPF_B, ETH_HLEN + offsetof(struct iphdr, protocol) /* R0 = ip->proto */), V1 cover: Introduce BPF_PROG_TYPE_SOCKET_FILTER type of eBPF programs that can be attached to sockets with setsockopt(). Allow such programs to access maps via lookup/update/delete helpers. This feature was previewed by bpf manpage in commit b4fc1a46("Merge branch 'bpf-next'") Now it can actually run. 1st patch adds LD_ABS/LD_IND instruction verification and 2nd patch adds new setsockopt() flag. Patches 3-6 are examples in assembler and in C. Though native eBPF programs are way more powerful than classic filters (attachable through similar setsockopt() call), they don't have skb field accessors yet. Like skb->pkt_type, skb->dev->ifindex are not accessible. There are sevaral ways to achieve that. That will be in the next set of patches. So in this set native eBPF programs can only read data from packet and access maps. The most powerful example is sockex2_kern.c from patch 6 where ~200 lines of C are compiled into ~300 of eBPF instructions. It shows how quite complex packet parsing can be done. LLVM used to build examples is at https://github.com/iovisor/llvm which is fork of llvm trunk that I'm cleaning up for upstreaming. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexei Starovoitov authored
sockex2_kern.c is purposefully large eBPF program in C. llvm compiles ~200 lines of C code into ~300 eBPF instructions. It's similar to __skb_flow_dissect() to demonstrate that complex packet parsing can be done by eBPF. Then it uses (struct flow_keys)->dst IP address (or hash of ipv6 dst) to keep stats of number of packets per IP. User space loads eBPF program, attaches it to loopback interface and prints dest_ip->#packets stats every second. Usage: $sudo samples/bpf/sockex2 ip 127.0.0.1 count 19 ip 127.0.0.1 count 178115 ip 127.0.0.1 count 369437 ip 127.0.0.1 count 559841 ip 127.0.0.1 count 750539 Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexei Starovoitov authored
this example does the same task as previous socket example in assembler, but this one does it in C. eBPF program in kernel does: /* assume that packet is IPv4, load one byte of IP->proto */ int index = load_byte(skb, ETH_HLEN + offsetof(struct iphdr, protocol)); long *value; value = bpf_map_lookup_elem(&my_map, &index); if (value) __sync_fetch_and_add(value, 1); Corresponding user space reads map[tcp], map[udp], map[icmp] and prints protocol stats every second Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexei Starovoitov authored
simple .o parser and loader using BPF syscall. .o is a standard ELF generated by LLVM backend It parses elf file compiled by llvm .c->.o - parses 'maps' section and creates maps via BPF syscall - parses 'license' section and passes it to syscall - parses elf relocations for BPF maps and adjusts BPF_LD_IMM64 insns by storing map_fd into insn->imm and marking such insns as BPF_PSEUDO_MAP_FD - loads eBPF programs via BPF syscall One ELF file can contain multiple BPF programs. int load_bpf_file(char *path); populates prog_fd[] and map_fd[] with FDs received from bpf syscall bpf_helpers.h - helper functions available to eBPF programs written in C Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexei Starovoitov authored
this socket filter example does: - creates arraymap in kernel with key 4 bytes and value 8 bytes - loads eBPF program which assumes that packet is IPv4 and loads one byte of IP->proto from the packet and uses it as a key in a map r0 = skb->data[ETH_HLEN + offsetof(struct iphdr, protocol)]; *(u32*)(fp - 4) = r0; value = bpf_map_lookup_elem(map_fd, fp - 4); if (value) (*(u64*)value) += 1; - attaches this program to raw socket - every second user space reads map[IPPROTO_TCP], map[IPPROTO_UDP], map[IPPROTO_ICMP] to see how many packets of given protocol were seen on loopback interface Usage: $sudo samples/bpf/sock_example TCP 0 UDP 0 ICMP 0 packets TCP 187600 UDP 0 ICMP 4 packets TCP 376504 UDP 0 ICMP 8 packets TCP 563116 UDP 0 ICMP 12 packets TCP 753144 UDP 0 ICMP 16 packets Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexei Starovoitov authored
introduce new setsockopt() command: setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, &prog_fd, sizeof(prog_fd)) where prog_fd was received from syscall bpf(BPF_PROG_LOAD, attr, ...) and attr->prog_type == BPF_PROG_TYPE_SOCKET_FILTER setsockopt() calls bpf_prog_get() which increments refcnt of the program, so it doesn't get unloaded while socket is using the program. The same eBPF program can be attached to multiple sockets. User task exit automatically closes socket which calls sk_filter_uncharge() which decrements refcnt of eBPF program Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexei Starovoitov authored
introduce program type BPF_PROG_TYPE_SOCKET_FILTER that is used for attaching programs to sockets where ctx == skb. add verifier checks for ABS/IND instructions which can only be seen in socket filters, therefore the check: if (env->prog->aux->prog_type != BPF_PROG_TYPE_SOCKET_FILTER) verbose("BPF_LD_ABS|IND instructions are only allowed in socket filters\n"); Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jason Wang authored
To be more friendly with drop monitor, we should only call kfree_skb() when the packets were dropped and use consume_skb() in other cases. Cc: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Markus Elfring authored
The pci_dev_put() function tests whether its argument is NULL and then returns immediately. Thus the test around the call is not needed. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Acked-by: Olof Johansson <olof@lixom.net> Acked-by: Luis R. Rodriguez <mcgrof@suse.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Markus Elfring authored
The free_percpu() function tests whether its argument is NULL and then returns immediately. Thus the test around the call is not needed. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Acked-by: Mahesh Bandewar <maheshb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Markus Elfring authored
The vfree() function performs also input parameter validation. Thus the test around the call is not needed. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Andy Shevchenko authored
Instead of using global variables we are going to use dynamically allocated memory. It allows to append a support of more than one ethernet adapter which might have different settings simultaniously. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller authored
Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following batch contains netfilter updates for net-next. Basically, enhancements for xt_recent, skip zeroing of timer in conntrack, fix linking problem with recent redirect support for nf_tables, ipset updates and a couple of cleanups. More specifically, they are: 1) Rise maximum number per IP address to be remembered in xt_recent while retaining backward compatibility, from Florian Westphal. 2) Skip zeroing timer area in nf_conn objects, also from Florian. 3) Inspect IPv4 and IPv6 traffic from the bridge to allow filtering using using meta l4proto and transport layer header, from Alvaro Neira. 4) Fix linking problems in the new redirect support when CONFIG_IPV6=n and IP6_NF_IPTABLES=n. And ipset updates from Jozsef Kadlecsik: 5) Support updating element extensions when the set is full (fixes netfilter bugzilla id 880). 6) Fix set match with 32-bits userspace / 64-bits kernel. 7) Indicate explicitly when /0 networks are supported in ipset. 8) Simplify cidr handling for hash:*net* types. 9) Allocate the proper size of memory when /0 networks are supported. 10) Explicitly add padding elements to hash:net,net and hash:net,port, because the elements must be u32 sized for the used hash function. Jozsef is also cooking ipset RCU conversion which should land soon if they reach the merge window in time. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-nextDavid S. Miller authored
Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates 2014-12-05 This series contains updates to ixgbe and ixgbevf. Alex provides a couple of patches to cleanup ixgbe. First cleans up the page reuse code getting it into a state where all the workarounds needed are in place as well as cleaning up a few minor oversights such as using __free_pages instead of put_page to drop a locally allocated page. Then cleans up the tail writes for the ixgbe descriptor queues. Mark Peterson adds support to lookup MAC addresses in Open Firmware or IDPROM. Emil provides patches for ixgbe and ixgbevf to fix an issue on rmmod and to add support for X550 in the VF driver. First removes the read/write operations to the CIAA/D registers since it can block access to the PCI config space and make use of standard kernel functions for accessing the PCI config space. Then fixes an issue where the driver has logic to free up used data in case any of the checks in ixgbe_probe() fail, however there is a similar set of cleanups that can occur on driver unload in ixgbe_remove() which can cause the rmmod command to crash. Don provides the remaining patches in the series to complete the addition of X550 support into the ixgbe driver. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 05 Dec, 2014 14 commits
-
-
Emil Tantilov authored
This patch resolves couple of issues in ixgbevf_probe/remove(): 1. Fix a case where adapter->state is tested after free_netdev() this is same as the patch for ixgbe from Daniel Borkmann <dborkman@redhat.com>: commit b5b2ffc0 ("ixgbe: fix use after free adapter->state test in ixgbe_remove/ixgbe_probe") 2. Move pci_set_drvdata() after all the error checks in ixgbevf_probe() and then add a check in ixgbevf_probe() to avoid running the cleanup functions twice in cases where probe failed. CC: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Emil Tantilov authored
This patch adds initial support for VFs on a new mac - X550. The patch adds the basic structures and device IDs for the X550 VFs that would allow the driver to load and pass traffic. Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Emil Tantilov authored
The driver has logic to free up used data in case any of the checks in ixgbe_probe() fail, however there is a similar set of cleanups that can occur on driver unload in ixgbe_remove() which can cause the rmmod command to crash. This patch aims to fix the logic by moving pci_set_drvdata() after all error checks and then adds a check in ixgbe_remove() to skip it altogether if adapter comes up empty. Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Don Skidmore authored
Since we now support X550 mac's bump the version number to reflect this. Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Don Skidmore authored
This patch extends the function pointer structure to include the new X550 class MAC types. This creates a new file ixgbe_x550.c that contains all of the new methods. Because of similarities to the X540 part in some cases we just use it's methods where they can be used without any modification. These exported functions are now defined in the new ixgbe_x540.h file. Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Don Skidmore authored
Currently the shared code checksum calculation function only returns a u16 and cannot return an error code. Unfortunately a variety of errors can happen that completely prevent the calculation of a checksum. So, change the function return value from a u16 to an s32 and return a negative value on error, or the positive checksum value when there is no error. Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Don Skidmore authored
Some X550 procedures will be using CS4227 PHY and need to perform combined read and write operations. This patch adds those methods. Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Don Skidmore authored
The X550 hardware will use more bits in the mask, so change the prototypes to match. This larger mask will require changes in callers which use the higher bits. Likewise since X550 will use different semaphore mask values and will use the lan_id value. So save these values in the ixgbe_phy_info struct. Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Don Skidmore authored
Since on X550 we use host interface commands to read,write and erase some commands require more time to complete. So this adds a timeout parameter to ixgbe_host_interface_command as wells as a return_data parameter allowing us to return with any data. Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Don Skidmore authored
The new X550 family of MAC's will have a larger RSS hash (16 -> 64). It will also support individual VF to have their own independent RSS hash key. This patch will enable this functionality Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Emil Tantilov authored
Accessing the CIAA/D register can block access to the PCI config space. This patch removes the read/write operations to the CIAA/D registers and makes use of standard kernel functions for accessing the PCI config space. In addition it moves ixgbevf_check_for_bad_vf() into the watchdog subtask which reduces the frequency of the checks. CC: Alex Williamson <alex.williamson@redhat.com> Reported-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Martin K Petersen authored
Attempt to look up the MAC address in Open Firmware on systems that support it. On SPARC resort to using the IDPROM if no OF address is found. Signed-off-by: Martin K Petersen <martin.petersen@oracle.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Alexander Duyck authored
This change cleans up the tail writes for the ixgbe descriptor queues. The current implementation had me confused as I wasn't sure if it was still making use of the surprise remove logic or not. It also adds the mmiowb which is needed on ia64, mips, and a couple other architectures in order to synchronize the MMIO writes with the Tx queue _xmit_lock spinlock. Cc: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Alexander Duyck <alexander.h.duyck@redhat.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Alexander Duyck authored
This patch cleans up the page reuse code getting it into a state where all the workarounds needed are in place as well as cleaning up a few minor oversights such as using __free_pages instead of put_page to drop a locally allocated page. It also cleans up how we clear the descriptor status bits. Previously they were zeroed as a part of clearing the hdr_addr. However the hdr_addr is a 64 bit field and 64 bit writes can be a bit more expensive on on 32 bit systems. Since we are no longer using the header split feature the upper 32 bits of the address no longer need to be cleared. As a result we can just clear the status bits and leave the length and VLAN fields as-is which should provide more information in debugging. Cc: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Alexander Duyck <alexander.h.duyck@redhat.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
- 03 Dec, 2014 12 commits
-
-
Jozsef Kadlecsik authored
The elements must be u32 sized for the used hash function. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jozsef Kadlecsik authored
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jozsef Kadlecsik authored
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jozsef Kadlecsik authored
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jozsef Kadlecsik authored
Sven-Haegar Koch reported the issue: sims:~# iptables -A OUTPUT -m set --match-set testset src -j ACCEPT iptables: Invalid argument. Run `dmesg' for more information. In syslog: x_tables: ip_tables: set.3 match: invalid size 48 (kernel) != (user) 32 which was introduced by the counter extension in ipset. The patch fixes the alignment issue with introducing a new set match revision with the fixed underlying 'struct ip_set_counter_match' structure. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jozsef Kadlecsik authored
When the set was full (hash type and maxelem reached), it was not possible to update the extension part of already existing elements. The patch removes this limitation. Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=880Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Herbert Xu authored
When we write the GSO meta-data in tun_get_user we end up advancing the IO vector twice, thus exhausting the user buffer before we can finish writing the packet. Fixes: f5ff53b4 ("{macvtap,tun}_get_user(): switch to iov_iter") Reported-by: Marcelo Ricardo Leitner <mleitner@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Jiri Pirko says: ==================== introduce rocker switch driver with hardware accelerated datapath api - phase 1: bridge fdb offload This patchset is just the first phase of switch and switch-ish device support api in kernel. Note that the api will extend. So what this patchset includes: - introduce switchdev api skeleton for implementing switch drivers - introduce rocker switch driver which implements switchdev api fdb and bridge set/get link ndos As to the discussion if there is need to have specific class of device representing the switch itself, so far we found no need to introduce that. But we are generally ok with the idea and when the time comes and it will be needed, it can be easily introduced without any disturbance. This patchset introduces switch id export through rtnetlink and sysfs, which is similar to what we have for port id in SR-IOV. I will send iproute2 patchset for showing the switch id for port netdevs once this is applied. This applies also for the PF_BRIDGE and fdb iproute2 patches. iproute2 patches are now available here: https://github.com/jpirko/iproute2-rocker For detailed description and version history, please see individual patches. In v4 I reordered the patches leaving rocker patches on the end of the patchset. In v5 I only fixed whitespace issues of patch #13 We have a TODO for related items we want to work on in near future: https://etherpad.wikimedia.org/p/netdev-swdev-todo ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Thomas Graf authored
Silences various sparse warnings Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: Jiri Pirko <jiri@resnulli.us> Signed-off-by: Scott Feldman <sfeldma@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Thomas Graf authored
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: Jiri Pirko <jiri@resnulli.us> Signed-off-by: Scott Feldman <sfeldma@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Scott Feldman authored
Rocker ports will use new "swdev" hwmode for bridge port offload policy. Current supported policy settings are BR_LEARNING and BR_LEARNING_SYNC. User can turn on/off device port FDB learning and syncing to bridge. Signed-off-by: Scott Feldman <sfeldma@gmail.com> Signed-off-by: Jiri Pirko <jiri@resnulli.us> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jiri Pirko authored
Signed-off-by: Jiri Pirko <jiri@resnulli.us> Signed-off-by: David S. Miller <davem@davemloft.net>
-