1. 11 Jan, 2016 29 commits
  2. 10 Jan, 2016 11 commits
    • David S. Miller's avatar
      Merge branch 'mdio-device-fixes' · 5c721d56
      David S. Miller authored
      Andrew Lunn says:
      
      ====================
      Fix breakage from mdio device
      
      These two patches fix MIPS platforms which got broken by
      the recent mdio device patchset.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5c721d56
    • Andrew Lunn's avatar
      net: ethernet-rgmii.c: Fix breakage from moving phdev bus · 0c129bf7
      Andrew Lunn authored
      The mdio device patches moved the bus member in phy_device into a
      substructure. This driver got missed. Fix it.
      Signed-off-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0c129bf7
    • Andrew Lunn's avatar
      net: lantiq_etop.c: Use helper to find first phy · 2a4fc4ea
      Andrew Lunn authored
      Make use of the helper to find the first phy device.
      This also fixes the compile breakage.
      Signed-off-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2a4fc4ea
    • Romain Perier's avatar
      stmmac: Don't exit mdio registration when mdio subnode is not found in the DTS · 6c672c9b
      Romain Perier authored
      Originally, most of the platforms using this driver did not define an mdio subnode
      in the devicetree. Commit e34d65 ("stmmac: create of compatible mdio bus for stmmac driver")
      introduced a backward compatibily issue by using of_mdiobus_register explicitly
      with an mdio subnode. This patch fixes the issue by calling the function
      mdiobus_register, when mdio subnode is not found. The driver is now compatible
      with both modes.
      
      Fixes: e34d6569 ("stmmac: create of compatible mdio bus for stmmac driver")
      Signed-off-by: default avatarRomain Perier <romain.perier@gmail.com>
      Tested-by: default avatarPhil Reid <preid@electromag.com.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6c672c9b
    • David S. Miller's avatar
      Merge branch 'bpf-next' · 749f7df1
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      BPF update
      
      Fixes a csum issue on ingress. As mentioned previously, net-next
      seems just fine imho. Later on, will follow up with couple of
      replacements like ovs_skb_postpush_rcsum() etc.
      
      Thanks!
      
      v1 -> v2:
        - Added patch 1 with helper
        - Implemented Hannes' idea to just use csum_partial, thanks!
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      749f7df1
    • Daniel Borkmann's avatar
      bpf: add skb_postpush_rcsum and fix dev_forward_skb occasions · f8ffad69
      Daniel Borkmann authored
      Add a small helper skb_postpush_rcsum() and fix up redirect locations
      that need CHECKSUM_COMPLETE fixups on ingress. dev_forward_skb() expects
      a proper csum that covers also Ethernet header, f.e. since 2c26d34b
      ("net/core: Handle csum for CHECKSUM_COMPLETE VXLAN forwarding"), we
      also do skb_postpull_rcsum() after pulling Ethernet header off via
      eth_type_trans().
      
      When using eBPF in a netns setup f.e. with vxlan in collect metadata mode,
      I can trigger the following csum issue with an IPv6 setup:
      
        [  505.144065] dummy1: hw csum failure
        [...]
        [  505.144108] Call Trace:
        [  505.144112]  <IRQ>  [<ffffffff81372f08>] dump_stack+0x44/0x5c
        [  505.144134]  [<ffffffff81607cea>] netdev_rx_csum_fault+0x3a/0x40
        [  505.144142]  [<ffffffff815fee3f>] __skb_checksum_complete+0xcf/0xe0
        [  505.144149]  [<ffffffff816f0902>] nf_ip6_checksum+0xb2/0x120
        [  505.144161]  [<ffffffffa08c0e0e>] icmpv6_error+0x17e/0x328 [nf_conntrack_ipv6]
        [  505.144170]  [<ffffffffa0898eca>] ? ip6t_do_table+0x2fa/0x645 [ip6_tables]
        [  505.144177]  [<ffffffffa08c0725>] ? ipv6_get_l4proto+0x65/0xd0 [nf_conntrack_ipv6]
        [  505.144189]  [<ffffffffa06c9a12>] nf_conntrack_in+0xc2/0x5a0 [nf_conntrack]
        [  505.144196]  [<ffffffffa08c039c>] ipv6_conntrack_in+0x1c/0x20 [nf_conntrack_ipv6]
        [  505.144204]  [<ffffffff8164385d>] nf_iterate+0x5d/0x70
        [  505.144210]  [<ffffffff816438d6>] nf_hook_slow+0x66/0xc0
        [  505.144218]  [<ffffffff816bd302>] ipv6_rcv+0x3f2/0x4f0
        [  505.144225]  [<ffffffff816bca40>] ? ip6_make_skb+0x1b0/0x1b0
        [  505.144232]  [<ffffffff8160b77b>] __netif_receive_skb_core+0x36b/0x9a0
        [  505.144239]  [<ffffffff8160bdc8>] ? __netif_receive_skb+0x18/0x60
        [  505.144245]  [<ffffffff8160bdc8>] __netif_receive_skb+0x18/0x60
        [  505.144252]  [<ffffffff8160ccff>] process_backlog+0x9f/0x140
        [  505.144259]  [<ffffffff8160c4a5>] net_rx_action+0x145/0x320
        [...]
      
      What happens is that on ingress, we push Ethernet header back in, either
      from cls_bpf or right before skb_do_redirect(), but without updating csum.
      The "hw csum failure" can be fixed by using the new skb_postpush_rcsum()
      helper for the dev_forward_skb() case to correct the csum diff again.
      
      Thanks to Hannes Frederic Sowa for the csum_partial() idea!
      
      Fixes: 3896d655 ("bpf: introduce bpf_clone_redirect() helper")
      Fixes: 27b29f63 ("bpf: add bpf_redirect() helper")
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f8ffad69
    • Daniel Borkmann's avatar
      net, sched: add skb_at_tc_ingress helper · fdc5432a
      Daniel Borkmann authored
      Add a skb_at_tc_ingress() as this will be needed elsewhere as well and
      can hide the ugly ifdef.
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fdc5432a
    • David S. Miller's avatar
      Merge branch 'tcp-keepalive-namespaceify' · 4156afaf
      David S. Miller authored
      Nikolay Borisov says:
      
      ====================
      Namespaceify tcp keepalive machinery
      
      The following patch series enables the tcp keepalive mechanism
      to be configured per net namespace. This is especially useful
      if you have multiple containers hosted on one node and one of
      them is under DoS-  in such situations one thing which could
      be done is to configure the tcp keepalive settings such that
      connections for that particular container are being reset
      faster.
      
      Another scenario where not being able to control those knob
      comes per container is problematic is occurs the value of
      net.netfilter.nf_conntrack_tcp_timeout_established is set
      below the keepalive interval, in such situations the server won't
      send an RST packet resulting in applications not trying to
      reconnect and stale connection waiting. Changing the global
      keepalive value is a possible solution but it might interfere
      with other containers.
      
      The three patches gradually convert each of the affected knobs
      to be per netns. I thought it would be easier for review than
      put everything in one patch. If people deem it more appropriate
      to squash everything in one patch (maybe after review) I'd
      be more than happy to do it.
      
      The patches have been compile-tested on 4.4 and functionally
      tested on 3.12 and they work as expected.
      
      These are based off 4.4-rc8
      ====================
      Acked-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4156afaf
    • Nikolay Borisov's avatar
      ipv4: Namespecify the tcp_keepalive_intvl sysctl knob · b840d15d
      Nikolay Borisov authored
      This is the final part required to namespaceify the tcp
      keep alive mechanism.
      Signed-off-by: default avatarNikolay Borisov <kernel@kyup.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b840d15d
    • Nikolay Borisov's avatar
      ipv4: Namespecify tcp_keepalive_probes sysctl knob · 9bd6861b
      Nikolay Borisov authored
      This is required to have full tcp keepalive mechanism namespace
      support.
      Signed-off-by: default avatarNikolay Borisov <kernel@kyup.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9bd6861b
    • Nikolay Borisov's avatar
      ipv4: Namespaceify tcp_keepalive_time sysctl knob · 13b287e8
      Nikolay Borisov authored
      Different net namespaces might have different requirements as to
      the keepalive time of tcp sockets. This might be required in cases
      where different firewall rules are in place which require tcp
      timeout sockets to be increased/decreased independently of the host.
      Signed-off-by: default avatarNikolay Borisov <kernel@kyup.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      13b287e8