- 17 Nov, 2014 1 commit
-
-
Florian Westphal authored
Currently all the conntrack lookups are done using default zone. In case the skb has a ct attached (e.g. template) we should use this zone for lookups instead. This makes connlimit work with connections assigned to other zones. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 13 Nov, 2014 2 commits
-
-
Pablo Neira Ayuso authored
In case of OOM, there's nothing userspace can do. If there's no room to put the payload in __build_packet_message(), jump to nla_put_failure which already performs the corresponding error reporting. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Florian Westphal authored
net/bridge/br_netfilter.c:870:6: symbol 'br_netfilter_enable' was not declared. Should it be static? no; add include net/ipv4/netfilter/nft_reject_ipv4.c:22:6: symbol 'nft_reject_ipv4_eval' was not declared. Should it be static? yes net/ipv6/netfilter/nf_reject_ipv6.c:16:6: symbol 'nf_send_reset6' was not declared. Should it be static? no; add include net/ipv6/netfilter/nft_reject_ipv6.c:22:6: symbol 'nft_reject_ipv6_eval' was not declared. Should it be static? yes net/netfilter/core.c:33:32: symbol 'nf_ipv6_ops' was not declared. Should it be static? no; add include net/netfilter/xt_DSCP.c:40:57: cast truncates bits from constant value (ffffff03 becomes 3) net/netfilter/xt_DSCP.c:57:59: cast truncates bits from constant value (ffffff03 becomes 3) add __force, 3 is what we want. net/ipv4/netfilter/nf_log_arp.c:77:6: symbol 'nf_log_arp_packet' was not declared. Should it be static? yes net/ipv4/netfilter/nf_reject_ipv4.c:17:6: symbol 'nf_send_reset' was not declared. Should it be static? no; add include Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 12 Nov, 2014 2 commits
-
-
Pablo Neira Ayuso authored
>> net/netfilter/nft_redir.c:39:26: sparse: incorrect type in assignment (different base types) net/netfilter/nft_redir.c:39:26: expected unsigned int [unsigned] [usertype] nla_be32 net/netfilter/nft_redir.c:39:26: got restricted __be32 >> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:46:34: sparse: incorrect type in assignment (different base types) net/netfilter/nft_redir.c:46:34: expected unsigned int [unsigned] [usertype] nla_be32 net/netfilter/nft_redir.c:46:34: got restricted __be32 >> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32 Fixes: e9105f1b ("netfilter: nf_tables: add new expression nft_redir") Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
warning: (NETFILTER_XT_TARGET_REDIRECT) selects NF_NAT_REDIRECT_IPV4 which has unmet direct dependencies (NET && INET && NETFILTER && NF_NAT_IPV4) warning: (NETFILTER_XT_TARGET_REDIRECT) selects NF_NAT_REDIRECT_IPV6 which has unmet direct dependencies (NET && INET && IPV6 && NETFILTER && NF_NAT_IPV6) Fixes: 8b13eddf ("netfilter: refactor NAT redirect IPv4 to use it from nf_tables") Fixes: 9de920ed ("netfilter: refactor NAT redirect IPv6 code to use it from nf_tables") Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 09 Nov, 2014 1 commit
-
-
Ana Rey authored
This allows you to filter traffic by process control group (cgroup). Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 04 Nov, 2014 1 commit
-
-
Pablo Neira Ayuso authored
net/netfilter/nf_log.c:157:16: warning: incorrect type in assignment (different address spaces) net/netfilter/nf_log.c:157:16: expected struct nf_logger *logger net/netfilter/nf_log.c:157:16: got struct nf_logger [noderef] <asn:4>*<noident> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 30 Oct, 2014 4 commits
-
-
stephen hemminger authored
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
Simon Horman says: ==================== The single patch in this series fixes some minor fallout from adding support IPv6 real servers in IPv4 virtual-services and vice versa. It should not have any run-time affect other than perhaps saving a few cycles. ==================== Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Marcelo Leitner authored
Currently, despite the comment right before the function, nf_log_register allows registering two loggers on with the same type and end up overwriting the previous register. Not a real issue today as current tree doesn't have two loggers for the same type but it's better to get this protected. Also make sure that all of its callers do error checking. Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Marcelo Leitner authored
Wrap up a common call pattern in an easier to handle call. Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 28 Oct, 2014 1 commit
-
-
Alex Gartrell authored
It is a precondition of the function that daddr be equal to dest->addr.ip if dest is non-NULL, so this additional assignment is just confusing for stupid engineers like me. Signed-off-by: Alex Gartrell <agartrell@fb.com> Signed-off-by: Simon Horman <horms@verge.net.au>
-
- 27 Oct, 2014 17 commits
-
-
Arturo Borrero authored
This new expression provides NAT in the redirect flavour, which is to redirect packets to local machine. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Arturo Borrero authored
This patch refactors the IPv6 code so it can be usable both from xt and nf_tables. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Arturo Borrero authored
This patch refactors the IPv4 code so it can be usable both from xt and nf_tables. A similar patch follows-up to handle IPv6. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Fabian Frederick authored
Let compiler decide what to do with static void __ipxitf_put() Suggested-by: David S. Miller <davem@davemloft.net> Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Fabian Frederick authored
use %08X instead of %08lX and remove casting. Suggested-by: Joe Perches <joe@perches.com> Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Fabian Frederick authored
include ipx.h from sysctl_net_ipx.c Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Fabian Frederick authored
Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Fabian Frederick authored
Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Fabian Frederick authored
unsigned char *sha (source) was already in original git version but was never used. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Frank Blaschka says: ==================== s390: network patches for net-next looks like there was a problem with my previous posting. Hope this time it will work. Sorry for any inconvenience. The patches are mostly cleanups and small enhancements for net-next ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Thomas Richter authored
Since a single integer value is read from the supplied buffer use the kstrto functions instead of sscanf. Signed-off-by: Thomas Richter <tmricht@linux.vnet.ibm.com> Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Thomas Richter authored
Since a single integer value is read from the supplied buffer use the kstrto functions instead of sscanf. Signed-off-by: Thomas Richter <tmricht@linux.vnet.ibm.com> Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Thomas Richter authored
Compile the s390 10GB ethernet device driver only when ETHERNET has been defined in the kernel configuration file. Right now the qeth device driver is always built regardless of which network connectivity is active. Signed-off-by: Thomas Richter <tmricht@linux.vnet.ibm.com> Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Thomas Richter authored
This patch makes 4 local functions static and removes the prototypes from the header file. Signed-off-by: Thomas Richter <tmricht@linux.vnet.ibm.com> Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Thomas Richter authored
This patch fixes trace formatting issues using the QETH_CARD_TEXT_ macro. The total size of each trace entry is 8 bytes. Some of the sprintf formats exceed these 8 bytes (for example using abcd:%d and the converted value needs more than 3 bytes). The solution is to shorten the text prepending the value or use a different format (%x). Signed-off-by: Thomas Richter <tmricht@linux.vnet.ibm.com> Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Thomas Richter authored
This patch makes some global functions static and removes the prototypes from the header file. Also function qeth_query_card_info is not exported anymore, there is no external user for it, this function should never have been exported in the first place. Signed-off-by: Thomas Richter <tmricht@linux.vnet.ibm.com> Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David Vrabel authored
A full Rx ring only requires 1 MiB of memory. This is not enough memory that it is useful to dynamically scale the number of Rx requests in the ring based on traffic rates, because: a) Even the full 1 MiB is a tiny fraction of a typically modern Linux VM (for example, the AWS micro instance still has 1 GiB of memory). b) Netfront would have used up to 1 MiB already even with moderate data rates (there was no adjustment of target based on memory pressure). c) Small VMs are going to typically have one VCPU and hence only one queue. Keeping the ring full of Rx requests handles bursty traffic better than trying to converge on an optimal number of requests to keep filled. On a 4 core host, an iperf -P 64 -t 60 run from dom0 to a 4 VCPU guest improved from 5.1 Gbit/s to 5.6 Gbit/s. Gains with more bursty traffic are expected to be higher. Signed-off-by: David Vrabel <david.vrabel@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 25 Oct, 2014 4 commits
-
-
David S. Miller authored
Sowmini Varadhan says: ==================== sunvnet: NAPIfy sunvnet This patchset converts the sunvnet driver to use the NAPI framework. Changes since v4 to Patch1: vnet_event accumulates LDC_EVENT_* bits into rx_event. vnet_event_napi() unrolls send_events() logic to process all rx_event bits. Changes since v5: Patch 1: use net_device.h definition for NAPI_POLL_WEIGHT. Drop sparclinux changes (patch3) per David Miller feedback Patch 1 in the series addresses the packet-receive path- all the vnet_event() processing is moved into NAPI context. This patch is dependant on the sparc-next commit: "sparc64: Add vio_set_intr() to enable/disable Rx interrupts" (sparc commit id ca605b7d) Patch 2 uses RCU to fix race conditions between vnet_port_remove and paths that access/modify port-related state, such as vnet_start_xmit. Patch 3 leverages from the NAPIfied Rx path, dropping superfluous usage of the irqsave/irqrestores on the vio.lock where possible. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sowmini Varadhan authored
After the NAPIfication of sunvnet, we no longer need to synchronize by doing irqsave/restore on vio.lock in the I/O fastpath. NAPI ->poll() is non-reentrant, so all RX processing occurs strictly in a serialized environment. TX reclaim is done in NAPI context, so the netif_tx_lock can be used to serialize critical sections between Tx and Rx paths. Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sowmini Varadhan authored
A vnet_port_remove could be triggered as a result of an ldm-unbind operation by the peer, module unload, or other changes to the inter-vnet-link configuration. When this is concurrent with vnet_start_xmit(), there are several race sequences possible, such as thread 1 thread 2 vnet_start_xmit -> tx_port_find spin_lock_irqsave(&vp->lock..) ret = __tx_port_find(..) spin_lock_irqrestore(&vp->lock..) vio_remove -> .. ->vnet_port_remove spin_lock_irqsave(&vp->lock..) cleanup spin_lock_irqrestore(&vp->lock..) kfree(port) /* attempt to use ret will bomb */ This patch adds RCU locking for port access so that vnet_port_remove will correctly clean up port-related state. Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com> Acked-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Bob Picco <bob.picco@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sowmini Varadhan authored
Move Rx packet procssing to the NAPI poll callback. Disable VIO interrupt and unconditioanlly go into NAPI context from vnet_event. Note that we want to minimize the number of LDC STOP/START messages sent. Specifically, do not send a STOP message if vnet_walk_rx does not read all the available descriptors because of the NAPI budget limitation. Instead, note the end index as part of port state, and resume from this index when the next poll callback is triggered. Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com> Acked-by: Raghuram Kothakota <raghuram.kothakota@oracle.com> Acked-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 24 Oct, 2014 7 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-nextDavid S. Miller authored
Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates 2014-10-23 This series contains updates to i40e and i40evf. Jesse modifies the i40e driver to only notify the firmware on link up/down and qualified module events. Also simplified the job of managing link state by using the admin queue receive event for link events as a signal to tell the driver to update link state. Jeff (me) cleans up the inconsistent use of tabs for indentation in the admin queue command header file. Neerav converts the use of udelay() to usleep_range(). Anjali fixes a bug where receive would stop after some stress by adding a sleep and restart as well as moving the setting of flow control because it should be done at a PF level and not a VSI level. Mitch adds code to handle link events when updating the PF switch, which allows link information to be properly provided to VFS in all cases. Catherine adds driver support for 10GBaseT and bumps driver version. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Fabian Frederick authored
Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Fabian Frederick authored
See Documentation/CodingStyle Chapter 6 Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Sebastian Hesselbarth says: ==================== Marvell PXA168 libphy handling and Berlin Ethernet This patch series deals with a removing a IP feature that can be found on all currently supported Marvell Ethernet IP (pxa168_eth, mv643xx_eth, mvneta). The MAC IP allows to automatically perform PHY auto-negotiation without software interaction. However, this feature (a) fundamentally clashes with the way libphy works and (b) is unable to deal with quirky PHYs that require special treatment. In this series, pxa168_eth driver is rewritten to completely disable that feature and properly deal with libphy provided PHYs. As usual, a branch on top of v3.18-rc1 can be found at git://git.infradead.org/users/hesselba/linux-berlin.git devel/bg2-bg2cd-eth-v2 Patches 1-5 should go through David's net tree, I'll pick up the DT patches 6-9. There have been some changes, compared to the RFT - added phy-connection-type property to BG2Q PHY DT node - bail out from pxa168_eth_adjust_link when there is no change in PHY parameters. Also, add a call to phy_print_status. compared to v1 - move phy-connection-type to ethernet node instead of PHY node Patch 1 adds support for Marvell 88E3016 FastEthernet PHY that is also integrated in Marvell Berlin BG2/BG2CD SoCs. Patch 2 allows to pass phy_interface_t on pxa168_eth platform_data that is only used by mach-mmp/gplug. From the board setup, I guessed gplug's PHY is connected via RMII. The patch still isn't even compile tested. Patches 3-5 prepare proper libphy handling and finally remove all in-driver PHY mangling related to the feature explained above. Patches 6-9 add corresponding ethernet DT nodes to BG2, BG2CD, add a phy-connection-type property to BG2Q and enable ethernet on BG2-based Sony NSZ-GS7. I have tested all this on GS7 successfully with ip=dhcp on 100M FD. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sebastian Hesselbarth authored
With properly using libphy PHYs now, remove the in-driver PHY mangling. Tested-by: Antoine Ténart <antoine.tenart@free-electrons.com> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sebastian Hesselbarth authored
Marvell Ethernet IP supports PHY negotiation driven by HW. This fundamentally clashes with libphy (software) driven negotiation and also cannot cope with quirky PHYs. Therefore, always disable any HW negotiation features and properly use libphy's phy_device. Tested-by: Antoine Ténart <antoine.tenart@free-electrons.com> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sebastian Hesselbarth authored
Current libphy handling in pxa168_eth lacks proper phy_connect. Prepare to fix this by first moving phy properties from platform_data to private driver data. Tested-by: Antoine Ténart <antoine.tenart@free-electrons.com> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-