1. 02 Oct, 2014 7 commits
    • Tom Herbert's avatar
      sit: Set inner IP protocol in sit · 469471cd
      Tom Herbert authored
      Call skb_set_inner_ipproto to set inner IP protocol to IPPROTO_IPV6
      before tunnel_xmit. This is needed if UDP encapsulation (fou) is
      being done.
      Signed-off-by: default avatarTom Herbert <therbert@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      469471cd
    • Tom Herbert's avatar
      udp: Generalize skb_udp_segment · 8bce6d7d
      Tom Herbert authored
      skb_udp_segment is the function called from udp4_ufo_fragment to
      segment a UDP tunnel packet. This function currently assumes
      segmentation is transparent Ethernet bridging (i.e. VXLAN
      encapsulation). This patch generalizes the function to
      operate on either Ethertype or IP protocol.
      
      The inner_protocol field must be set to the protocol of the inner
      header. This can now be either an Ethertype or an IP protocol
      (in a union). A new flag in the skbuff indicates which type is
      effective. skb_set_inner_protocol and skb_set_inner_ipproto
      helper functions were added to set the inner_protocol. These
      functions are called from the point where the tunnel encapsulation
      is occuring.
      
      When skb_udp_tunnel_segment is called, the function to segment the
      inner packet is selected based on the inner IP or Ethertype. In the
      case of an IP protocol encapsulation, the function is derived from
      inet[6]_offloads. In the case of Ethertype, skb->protocol is
      set to the inner_protocol and skb_mac_gso_segment is called. (GRE
      currently does this, but it might be possible to lookup the protocol
      in offload_base and call the appropriate segmenation function
      directly).
      Signed-off-by: default avatarTom Herbert <therbert@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8bce6d7d
    • David S. Miller's avatar
      Merge branch 'bpf-next' · f44d61cd
      David S. Miller authored
      Alexei Starovoitov says:
      
      ====================
      bpf: add search pruning optimization and tests
      
      patch #1 commit log explains why eBPF verifier has to examine some
      instructions multiple times and describes the search pruning optimization
      that improves verification speed for branchy programs and allows more
      complex programs to be verified successfully.
      This patch completes the core verifier logic.
      
      patch #2 adds more verifier tests related to branches and search pruning
      
      I'm still working on Andy's 'bitmask for stack slots' suggestion. It will be
      done on top of this patch.
      
      The current verifier algorithm is brute force depth first search with
      state pruning. If anyone can come up with another algorithm that demonstrates
      better results, we'll replace the algorithm without affecting user space.
      
      Note verifier doesn't guarantee that all possible valid programs are accepted.
      Overly complex programs may still be rejected.
      Verifier improvements/optimizations will guarantee that if a program
      was passing verification in the past, it will still be passing.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f44d61cd
    • Alexei Starovoitov's avatar
      bpf: add tests to verifier testsuite · fd10c2ef
      Alexei Starovoitov authored
      add 4 extra tests to cover jump verification better
      Signed-off-by: default avatarAlexei Starovoitov <ast@plumgrid.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fd10c2ef
    • Alexei Starovoitov's avatar
      bpf: add search pruning optimization to verifier · f1bca824
      Alexei Starovoitov authored
      consider C program represented in eBPF:
      int filter(int arg)
      {
          int a, b, c, *ptr;
      
          if (arg == 1)
              ptr = &a;
          else if (arg == 2)
              ptr = &b;
          else
              ptr = &c;
      
          *ptr = 0;
          return 0;
      }
      eBPF verifier has to follow all possible paths through the program
      to recognize that '*ptr = 0' instruction would be safe to execute
      in all situations.
      It's doing it by picking a path towards the end and observes changes
      to registers and stack at every insn until it reaches bpf_exit.
      Then it comes back to one of the previous branches and goes towards
      the end again with potentially different values in registers.
      When program has a lot of branches, the number of possible combinations
      of branches is huge, so verifer has a hard limit of walking no more
      than 32k instructions. This limit can be reached and complex (but valid)
      programs could be rejected. Therefore it's important to recognize equivalent
      verifier states to prune this depth first search.
      
      Basic idea can be illustrated by the program (where .. are some eBPF insns):
          1: ..
          2: if (rX == rY) goto 4
          3: ..
          4: ..
          5: ..
          6: bpf_exit
      In the first pass towards bpf_exit the verifier will walk insns: 1, 2, 3, 4, 5, 6
      Since insn#2 is a branch the verifier will remember its state in verifier stack
      to come back to it later.
      Since insn#4 is marked as 'branch target', the verifier will remember its state
      in explored_states[4] linked list.
      Once it reaches insn#6 successfully it will pop the state recorded at insn#2 and
      will continue.
      Without search pruning optimization verifier would have to walk 4, 5, 6 again,
      effectively simulating execution of insns 1, 2, 4, 5, 6
      With search pruning it will check whether state at #4 after jumping from #2
      is equivalent to one recorded in explored_states[4] during first pass.
      If there is an equivalent state, verifier can prune the search at #4 and declare
      this path to be safe as well.
      In other words two states at #4 are equivalent if execution of 1, 2, 3, 4 insns
      and 1, 2, 4 insns produces equivalent registers and stack.
      Signed-off-by: default avatarAlexei Starovoitov <ast@plumgrid.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f1bca824
    • Nimrod Andy's avatar
      net: fec: implement rx_copybreak to improve rx performance · 1b7bde6d
      Nimrod Andy authored
      - Copy short frames and keep the buffers mapped, re-allocate skb instead of
        memory copy for long frames.
      - Add support for setting/getting rx_copybreak using generic ethtool tunable
      
      Changes V3:
      * As Eric Dumazet's suggestion that removing the copybreak module parameter
        and only keep the ethtool API support for rx_copybreak.
      
      Changes V2:
      * Implements rx_copybreak
      * Rx_copybreak provides module parameter to change this value
      * Add tunable_ops support for rx_copybreak
      Signed-off-by: default avatarFugang Duan <B38611@freescale.com>
      Signed-off-by: default avatarFrank Li <Frank.Li@freescale.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1b7bde6d
    • Eric Dumazet's avatar
      net: avoid one atomic operation in skb_clone() · ce1a4ea3
      Eric Dumazet authored
      Fast clone cloning can actually avoid an atomic_inc(), if we
      guarantee prior clone_ref value is 1.
      
      This requires a change kfree_skbmem(), to perform the
      atomic_dec_and_test() on clone_ref before setting fclone to
      SKB_FCLONE_UNAVAILABLE.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ce1a4ea3
  2. 01 Oct, 2014 24 commits
  3. 30 Sep, 2014 9 commits