- 13 Sep, 2019 25 commits
-
-
Felipe Balbi authored
The current version of the IOCTL have a small problem which prevents us from extending the API by making use of reserved fields. In these new IOCTLs, we are now making sure that flags and rsv fields are zero which will allow us to extend the API in the future. Reviewed-by: Richard Cochran <richardcochran@gmail.com> Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queueDavid S. Miller authored
Jeff Kirsher says: ==================== 100GbE Intel Wired LAN Driver Updates 2019-09-12 This series contains updates to ice driver to implement and support loading a Dynamic Device Personalization (DDP) package from lib/firmware onto the device. Paul updates the way the driver version is stored in the driver so that we can pass the driver version to the firmware. Passing of the driver version to the firmware is needed for the DDP package to ensure we have the appropriate support in the driver for the features in the package. Lukasz fixes how the firmware version is stored to align with how the firmware stores its own version. Also extended the log message to display additional useful information such as NVM version, API patch information and firmware build hash. Tony adds the needed driver support to check, load and store the DDP package. Also add support for the ability to load DDP packages intended for specific hardware devices, as well as what to do when loading of the DDP package fails to load. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queueDavid S. Miller authored
Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates 2019-09-11 This series contains updates to i40e, ixgbe/vf and iavf. Wenwen Wang fixes a potential memory leak where 3 allocated variables are not properly cleaned up on failure for ixgbe. Stefan Assmann fixes a potential kernel panic found when repeatedly spawning and destroying VFs in i40e when a NULL pointer is dereferenced due to a race condition. Fixed up the i40e driver to clear the __I40E_VIRTCHNL_OP_PENDING bit before returning after an invalid minimum transmit rate is requested. Updates the iavf driver to only apply the MAC address change when the PF ACK's the requested change. Tonghao Zhang updates ixgbe to use the skb_get_queue_mapping() API call instead of the driver accessing the queue mapping directly. Jake updates i40e to use ktime_get_real_ts64() instead of ktime_to_timespec64(). Removes the define for bit 0x0001 for cloud filters, since it is a reserved bit and not a valid type. Also added code comments to clearly state which bits are reserved and should not be used or defined for cloud filter adminq command. Clarify the macros used to specify the cloud filter fields are individual bits, so use the BIT() macro. Aleksandr fixes up the print_link_message() to include the "negotiated" FEC status for i40e. Czeslaw also adds additional log message for devices without FEC in the print_link_message() for i40e. Colin Ian King reduces the object code size by making the array API static constant. Magnus fixes a potential receive buffer starvation issue for AF_XDP by kicking the NAPI context of any queue with an attached AF_XDP zero-copy socket. v2: Removed patch 11 from the original series (Alex Duyck's ITR fix), so that it can be sent to the net tree. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller authored
Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following patchset contains Netfilter updates for net-next: 1) Fix error path of nf_tables_updobj(), from Dan Carpenter. 2) Move large structure away from stack in the nf_tables offload infrastructure, from Arnd Bergmann. 3) Move indirect flow_block logic to nf_tables_offload. 4) Support for synproxy objects, from Fernando Fernandez Mancera. 5) Support for fwd and dup offload. 6) Add __nft_offload_get_chain() helper, this implicitly fixes missing mutex and check for offload flags in the indirect block support, patch from wenxu. 7) Remove rules on device unregistration, from wenxu. This includes two preparation patches to reuse nft_flow_offload_chain() and nft_flow_offload_rule(). Large batch from Jeremy Sowden to make a second pass to the CONFIG_HEADER_TEST support and a bit of housekeeping: 8) Missing include guard in conntrack label header, from Jeremy Sowden. 9) A few coding style errors: trailing whitespace, incorrect indent in Kconfig, and semicolons at the end of function definitions. 10) Remove unused ipt_init() and ip6t_init() declarations. 11) Inline xt_hashlimit, ebt_802_3 and xt_physdev headers. They are only used once. 12) Update include directive in several netfilter files. 13) Remove unused include/net/netfilter/ipv6/nf_conntrack_icmpv6.h. 14) Move nf_ip6_ext_hdr() to include/linux/netfilter_ipv6.h 15) Move several synproxy structure definitions to nf_synproxy.h 16) Move nf_bridge_frag_data structure to include/linux/netfilter_bridge.h 17) Clean up static inline definitions in nf_conntrack_ecache.h. 18) Replace defined(CONFIG...) || defined(CONFIG...MODULE) with IS_ENABLED(CONFIG...). 19) Missing inline function conditional definitions based on Kconfig preferences in synproxy and nf_conntrack_timeout. 20) Update br_nf_pre_routing_ipv6() definition. 21) Move conntrack code in linux/skbuff.h to nf_conntrack headers. 22) Several patches to remove superfluous CONFIG_NETFILTER and CONFIG_NF_CONNTRACK checks in headers, coming from the initial batch support for CONFIG_HEADER_TEST for netfilter. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jeremy Sowden authored
Two inline functions defined in nf_conntrack_timestamp.h, `nf_ct_tstamp_enabled` and `nf_ct_set_tstamp`, are not called anywhere. Remove them. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
nf_conntrack_zones.h was wrapped in a CONFIG_NF_CONNTRACK check in order to fix compilation failures: 37ee3d5b ("netfilter: nf_defrag_ipv4: fix compilation error with NF_CONNTRACK=n") Subsequent changes mean that these failures will no longer occur and the check is unnecessary. Remove it. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
`struct nf_hook_ops`, `struct nf_hook_state` and the `nf_hookfn` function typedef appear in function and struct declarations and definitions in a number of netfilter headers. The structs and typedef themselves are defined by linux/netfilter.h but only when CONFIG_NETFILTER is enabled. Define them unconditionally and add forward declarations in order to remove CONFIG_NETFILTER conditionals from the other headers. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
There is a superfluous `#if IS_ENABLED(CONFIG_NF_CONNTRACK)` check wrapping some function declarations. Remove it. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
Move some `struct nf_conntrack` code from linux/skbuff.h to linux/nf_conntrack_common.h. Together with a couple of helpers for getting and setting skb->_nfct, it allows us to remove CONFIG_NF_CONNTRACK checks from net/netfilter/nf_conntrack.h. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
The real br_nf_pre_routing_ipv6 function, defined when CONFIG_IPV6 is enabled, expects `void *priv`, not `const struct nf_hook_ops *ops`. Update the stub br_nf_pre_routing_ipv6, defined when CONFIG_IPV6 is disabled, to match. Fixes: 06198b34 ("netfilter: Pass priv instead of nf_hook_ops to netfilter hooks") Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
nf_conntrack_synproxy.h contains three inline functions. The contents of two of them are wrapped in CONFIG_NETFILTER_SYNPROXY checks and just return NULL if it is not enabled. The third does nothing if they return NULL, so wrap its contents as well. nf_ct_timeout_data is only called if CONFIG_NETFILTER_TIMEOUT is enabled. Wrap its contents in a CONFIG_NETFILTER_TIMEOUT check like the other inline functions in nf_conntrack_timeout.h. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
A few headers contain instances of: #if defined(CONFIG_XXX) or defined(CONFIG_XXX_MODULE) Replace them with: #if IS_ENABLED(CONFIG_XXX) Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
The header contains some inline functions defined as: static inline f (...) { #ifdef CONFIG_NF_CONNTRACK_EVENTS ... #else ... #endif } and a few others as: #ifdef CONFIG_NF_CONNTRACK_EVENTS static inline f (...) { ... } #else static inline f (...) { ... } #endif Prefer the former style, which is more numerous. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
There is a struct definition function in nf_conntrack_bridge.h which is not specific to conntrack and is used elswhere in netfilter. Move it into netfilter_bridge.h. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
There is some non-conntrack code in the nf_conntrack_synproxy.h header. Move it to the nf_synproxy.h header. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
There is an inline function in ip6_tables.h which is not specific to ip6tables and is used elswhere in netfilter. Move it into netfilter_ipv6.h and update the callers. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
nf_conntrack_icmpv6.h contains two object macros which duplicate macros in linux/icmpv6.h. The latter definitions are also visible wherever it is included, so remove it. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
Include some headers in files which require them, and remove others which are not required. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
Three netfilter headers are only included once. Inline their contents at those sites and remove them. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
Two headers include declarations of functions which are never defined. Remove them. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
Several header-files, Kconfig files and Makefiles have trailing white-space. Remove it. In netfilter/Kconfig, indent the type of CONFIG_NETFILTER_NETLINK_ACCT correctly. There are semicolons at the end of two function definitions in include/net/netfilter/nf_conntrack_acct.h and include/net/netfilter/nf_conntrack_ecache.h. Remove them. Fix indentation in nf_conntrack_l4proto.h. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Jeremy Sowden authored
nf_conntrack_labels.h has no include guard. Add it. The comment following the #endif in the nf_flow_table.h include guard referred to the wrong macro. Fix it. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
wenxu authored
If the net_device unregisters, clean up the offload rules before the chain is destroy. Signed-off-by: wenxu <wenxu@ucloud.cn> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
wenxu authored
Pass rule, chain and flow_rule object parameters to nft_flow_offload_rule to reuse it. Signed-off-by: wenxu <wenxu@ucloud.cn> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
wenxu authored
Pass chain and policy parameters to nft_flow_offload_chain to reuse it. Signed-off-by: wenxu <wenxu@ucloud.cn> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 12 Sep, 2019 12 commits
-
-
wenxu authored
Add __nft_offload_get_chain function to get basechain from device. This function requires that caller holds the per-netns nftables mutex. This patch implicitly fixes missing offload flags check and proper mutex from nft_indr_block_cb(). Fixes: 9a32669f ("netfilter: nf_tables_offload: support indr block call") Signed-off-by: wenxu <wenxu@ucloud.cn> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Tony Nguyen authored
Bump version to 0.8.1-k Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Tony Nguyen authored
Attempt to request an optional device-specific DDP package file (one with the PCIe Device Serial Number in its name so that different DDP package files can be used on different devices). If the optional package file exists, download it to the device. If not, download the default package file. Log an appropriate message based on whether or not a DDP package file exists and the return code from the attempt to download it to the device. If the download fails and there is not already a package file on the device, go into "Safe Mode" where some features are not supported. Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Tony Nguyen authored
Add functions to initialize, parse, and clean structures representing the DDP package. Upon completion of package download, read and store the DDP package contents to these structures. This configuration is used to identify the default behavior and later used to update the HW table entries. Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Tony Nguyen authored
Add the required defines, structures, and functions to enable downloading a DDP package. Before download, checks are performed to ensure the package is valid and compatible. Note that package download is not yet requested by the driver as further initialization is required to utilize the package. Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Lukasz Czapnik authored
The FW build id is currently being displayed as an int which doesn't make sense. Instead display FW build id as a hex value. Also add other useful information to the output such as NVM version, API patch info, and FW build hash. Signed-off-by: Lukasz Czapnik <lukasz.czapnik@intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Paul M Stillwell Jr authored
The driver is required to send a version to the firmware to indicate that the driver is up. If the driver doesn't do this the firmware doesn't behave properly. Signed-off-by: Paul M Stillwell Jr <paul.m.stillwell.jr@intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Arkadiusz Drabczyk authored
Fix several spelling typos in comments in t4_hw.c. Signed-off-by: Arkadiusz Drabczyk <arkadiusz@drabczyk.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
George McCollister says: ==================== add ksz9567 with I2C support to ksz9477 driver Resurrect KSZ9477 I2C driver support patch originally sent to the list by Tristram Ha and resolve outstanding issues. It now works as similarly to the ksz9477 SPI driver as possible, using the same regmap macros. Add support for ksz9567 to the ksz9477 driver (tested on a board with ksz9567 connected via I2C). Remove NET_DSA_TAG_KSZ_COMMON since it's not needed. Changes since v1: Put ksz9477_i2c.c includes in alphabetical order. Added Reviewed-Bys. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
George McCollister authored
Remove the superfluous NET_DSA_TAG_KSZ_COMMON and just use the existing NET_DSA_TAG_KSZ. Update the description to mention the three switch families it supports. No functional change. Signed-off-by: George McCollister <george.mccollister@gmail.com> Reviewed-by: Marek Vasut <marex@denx.de> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
-
George McCollister authored
Add support for the KSZ9567 7-Port Gigabit Ethernet Switch to the ksz9477 driver. The KSZ9567 supports both SPI and I2C. Oddly the ksz9567 is already in the device tree binding documentation. Signed-off-by: George McCollister <george.mccollister@gmail.com> Reviewed-by: Marek Vasut <marex@denx.de> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Tristram Ha authored
Add KSZ9477 I2C driver support. The code ksz9477.c and ksz_common.c are used together to generate the I2C driver. Signed-off-by: Tristram Ha <Tristram.Ha@microchip.com> [george.mccollister@gmail.com: bring up to date, use ksz_common regmap macros] Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 11 Sep, 2019 3 commits
-
-
Dirk van der Merwe authored
The PluDevice register provides the authoritative chip model/revision. Since the model number is purely used for reporting purposes, follow the hardware team convention of subtracting 0x10 from the PluDevice register to obtain the chip model/revision number. Suggested-by: Francois H. Theron <francois.theron@netronome.com> Signed-off-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
When tcp sends a TSO packet, adding a PSH flag on it reduces the sojourn time of GRO packet in GRO receivers. This is particularly the case under pressure, since RX queues receive packets for many concurrent flows. A sender can give a hint to GRO engines when it is appropriate to flush a super-packet, especially when pacing is in the picture, since next packet is probably delayed by one ms. Having less packets in GRO engine reduces chance of LRU eviction or inflated RTT, and reduces GRO cost. We found recently that we must not set the PSH flag on individual full-size MSS segments [1] : Under pressure (CWR state), we better let the packet sit for a small delay (depending on NAPI logic) so that the ACK packet is delayed, and thus next packet we send is also delayed a bit. Eventually the bottleneck queue can be drained. DCTCP flows with CWND=1 have demonstrated the issue. This patch allows to slowdown the aggregate traffic without involving high resolution timers on senders and/or receivers. It has been used at Google for about four years, and has been discussed at various networking conferences. [1] segments smaller than MSS already have PSH flag set by tcp_sendmsg() / tcp_mark_push(), unless MSG_MORE has been requested by the user. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Soheil Hassas Yeganeh <soheil@google.com> Cc: Neal Cardwell <ncardwell@google.com> Cc: Yuchung Cheng <ycheng@google.com> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: Tariq Toukan <tariqt@mellanox.com> Acked-by: Soheil Hassas Yeganeh <soheil@google.com> Acked-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stefano Brivio authored
This is the equivalent of commit 2c6b55f4 ("ipv6: fix neighbour resolution with raw socket") for ip6_confirm_neigh(): we can send a packet with MSG_CONFIRM on a raw socket for a connected route, so the gateway would be :: here, and we should pick the next hop using rt6_nexthop() instead. This was found by code review and, to the best of my knowledge, doesn't actually fix a practical issue: the destination address from the packet is not considered while confirming a neighbour, as ip6_confirm_neigh() calls choose_neigh_daddr() without passing the packet, so there are no similar issues as the one fixed by said commit. A possible source of issues with the existing implementation might come from the fact that, if we have a cached dst, we won't consider it, while rt6_nexthop() takes care of that. I might just not be creative enough to find a practical problem here: the only way to affect this with cached routes is to have one coming from an ICMPv6 redirect, but if the next hop is a directly connected host, there should be no topology for which a redirect applies here, and tests with redirected routes show no differences for MSG_CONFIRM (and MSG_PROBE) packets on raw sockets destined to a directly connected host. However, directly using the dst gateway here is not consistent anymore with neighbour resolution, and, in general, as we want the next hop, using rt6_nexthop() looks like the only sane way to fetch it. Reported-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Acked-by: Guillaume Nault <gnault@redhat.com> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-