1. 04 Feb, 2019 3 commits
  2. 29 Jan, 2019 8 commits
    • Florian Westphal's avatar
      netfilter: nf_tables: add NFTA_RULE_POSITION_ID to nla_policy · 0604628b
      Florian Westphal authored
      Fixes: 75dd48e2 ("netfilter: nf_tables: Support RULE_ID reference in new rule")
      Reported-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Acked-by: default avatarPhil Sutter <phil@nwl.cc>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      0604628b
    • Stephen Rothwell's avatar
      enetc: include linux/vmalloc.h for vzalloc etc · bbcbf2ee
      Stephen Rothwell authored
      Fixes: d4fd0404 ("enetc: Introduce basic PF and VF ENETC ethernet drivers")
      Signed-off-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bbcbf2ee
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next · ec7146db
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf-next 2019-01-29
      
      The following pull-request contains BPF updates for your *net-next* tree.
      
      The main changes are:
      
      1) Teach verifier dead code removal, this also allows for optimizing /
         removing conditional branches around dead code and to shrink the
         resulting image. Code store constrained architectures like nfp would
         have hard time doing this at JIT level, from Jakub.
      
      2) Add JMP32 instructions to BPF ISA in order to allow for optimizing
         code generation for 32-bit sub-registers. Evaluation shows that this
         can result in code reduction of ~5-20% compared to 64 bit-only code
         generation. Also add implementation for most JITs, from Jiong.
      
      3) Add support for __int128 types in BTF which is also needed for
         vmlinux's BTF conversion to work, from Yonghong.
      
      4) Add a new command to bpftool in order to dump a list of BPF-related
         parameters from the system or for a specific network device e.g. in
         terms of available prog/map types or helper functions, from Quentin.
      
      5) Add AF_XDP sock_diag interface for querying sockets from user
         space which provides information about the RX/TX/fill/completion
         rings, umem, memory usage etc, from Björn.
      
      6) Add skb context access for skb_shared_info->gso_segs field, from Eric.
      
      7) Add support for testing flow dissector BPF programs by extending
         existing BPF_PROG_TEST_RUN infrastructure, from Stanislav.
      
      8) Split BPF kselftest's test_verifier into various subgroups of tests
         in order better deal with merge conflicts in this area, from Jakub.
      
      9) Add support for queue/stack manipulations in bpftool, from Stanislav.
      
      10) Document BTF, from Yonghong.
      
      11) Dump supported ELF section names in libbpf on program load
          failure, from Taeung.
      
      12) Silence a false positive compiler warning in verifier's BTF
          handling, from Peter.
      
      13) Fix help string in bpftool's feature probing, from Prashant.
      
      14) Remove duplicate includes in BPF kselftests, from Yue.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ec7146db
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · 343917b4
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter/IPVS updates for net-next
      
      The following patchset contains Netfilter/IPVS updates for your net-next tree:
      
      1) Introduce a hashtable to speed up object lookups, from Florian Westphal.
      
      2) Make direct calls to built-in extension, also from Florian.
      
      3) Call helper before confirming the conntrack as it used to be originally,
         from Florian.
      
      4) Call request_module() to autoload br_netfilter when physdev is used
         to relax the dependency, also from Florian.
      
      5) Allow to insert rules at a given position ID that is internal to the
         batch, from Phil Sutter.
      
      6) Several patches to replace conntrack indirections by direct calls,
         and to reduce modularization, from Florian. This also includes
         several follow up patches to deal with minor fallout from this
         rework.
      
      7) Use RCU from conntrack gre helper, from Florian.
      
      8) GRE conntrack module becomes built-in into nf_conntrack, from Florian.
      
      9) Replace nf_ct_invert_tuplepr() by calls to nf_ct_invert_tuple(),
         from Florian.
      
      10) Unify sysctl handling at the core of nf_conntrack, from Florian.
      
      11) Provide modparam to register conntrack hooks.
      
      12) Allow to match on the interface kind string, from wenxu.
      
      13) Remove several exported symbols, not required anymore now after
          a bit of de-modulatization work has been done, from Florian.
      
      14) Remove built-in map support in the hash extension, this can be
          done with the existing userspace infrastructure, from laura.
      
      15) Remove indirection to calculate checksums in IPVS, from Matteo Croce.
      
      16) Use call wrappers for indirection in IPVS, also from Matteo.
      
      17) Remove superfluous __percpu parameter in nft_counter, patch from
          Luc Van Oostenryck.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      343917b4
    • Daniel Borkmann's avatar
      Merge branch 'bpf-flow-dissector-tests' · 3d2af27a
      Daniel Borkmann authored
      Stanislav Fomichev says:
      
      ====================
      This patch series adds support for testing flow dissector BPF programs
      by extending already existing BPF_PROG_TEST_RUN. The goal is to have
      a packet as an input and `struct bpf_flow_key' as an output. That way
      we can easily test flow dissector programs' behavior. I've also modified
      existing test_progs.c test to do a simple flow dissector run as well.
      
      * first patch introduces new __skb_flow_bpf_dissect to simplify
        sharing between __skb_flow_bpf_dissect and BPF_PROG_TEST_RUN
      * second patch adds actual BPF_PROG_TEST_RUN support
      * third patch adds example usage to the selftests
      
      v3:
      * rebased on top of latest bpf-next
      
      v2:
      * loop over 'kattr->test.repeat' inside of
        bpf_prog_test_run_flow_dissector, don't reuse
        bpf_test_run/bpf_test_run_one
      ====================
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      3d2af27a
    • Stanislav Fomichev's avatar
      selftests/bpf: add simple BPF_PROG_TEST_RUN examples for flow dissector · bf0f0fd9
      Stanislav Fomichev authored
      Use existing pkt_v4 and pkt_v6 to make sure flow_keys are what we want.
      
      Also, add new bpf_flow_load routine (and flow_dissector_load.h header)
      that loads bpf_flow.o program and does all required setup.
      Signed-off-by: default avatarStanislav Fomichev <sdf@google.com>
      Acked-by: default avatarSong Liu <songliubraving@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      bf0f0fd9
    • Stanislav Fomichev's avatar
      bpf: add BPF_PROG_TEST_RUN support for flow dissector · b7a1848e
      Stanislav Fomichev authored
      The input is packet data, the output is struct bpf_flow_key. This should
      make it easy to test flow dissector programs without elaborate
      setup.
      Signed-off-by: default avatarStanislav Fomichev <sdf@google.com>
      Acked-by: default avatarSong Liu <songliubraving@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      b7a1848e
    • Stanislav Fomichev's avatar
      net/flow_dissector: move bpf case into __skb_flow_bpf_dissect · c8aa7038
      Stanislav Fomichev authored
      This way, we can reuse it for flow dissector in BPF_PROG_TEST_RUN.
      
      No functional changes.
      Signed-off-by: default avatarStanislav Fomichev <sdf@google.com>
      Acked-by: default avatarSong Liu <songliubraving@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      c8aa7038
  3. 28 Jan, 2019 24 commits
  4. 27 Jan, 2019 5 commits