[PATCH net] vrf: fix a comment about loopback device

This is a leftover of the below commit. Fixes: 4f04256c983a ("net: vrf: Drop local rtable and rt6_info") Signed-off-by: Nicolas Dichtel --- drivers/net/vrf.c | 10 -- 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index cd

[PATCH net] doc: move seg6_flowlabel to seg6-sysctl.rst

Let's have all seg6 sysctl at the same place. Fixes: a6dc6670cd7e ("ipv6: sr: Add documentation for seg_flowlabel sysctl") Signed-off-by: Nicolas Dichtel --- Documentation/networking/ip-sysctl.rst | 15 --- Documentation/networking/seg6-sysctl.rst | 13 +++

Re: [PATCH net-next v2 0/3] bonding: 3ad: support for 200G/400G ports and more verbose warning

gt; bonding: 3ad: Print an error for unknown speeds > > Nikolay Aleksandrov (2): > bonding: 3ad: add support for 200G speed > bonding: 3ad: add support for 400G speed > > drivers/net/bonding/bond_3ad.c | 26 ++ > 1 file changed, 22 insertions(+), 4 deletions(-) > Acked-by: Nicolas Dichtel

Re: [PATCH net-next 3/3] net: core: Namespace-ify sysctl_rmem_max and sysctl_wmem_max

Le 20/01/2021 à 14:28, Menglong Dong a écrit : [snip] >>> For that reason, make sysctl_wmem_max and sysctl_rmem_max >>> per-namespace. >> >> I think having those values be restricted by init netns is a desirable >> property. > > I just thought that having these values per-namespace can be more fle

Re: [PATCH net] net: sit: unregister_netdevice on newlink's error path

thetic (ipip6_tunnel_update_6rd() returns a negative value or 0). With or without this: Acked-by: Nicolas Dichtel > + unregister_netdevice_queue(dev, NULL); > + } > #endif > > return err; >

Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter

Le 10/12/2020 à 12:48, Eyal Birger a écrit : > Hi Nicolas, Hi Eyal, > > On Thu, Dec 10, 2020 at 1:10 PM Nicolas Dichtel > wrote: [snip] > I also think they should be consistent. But it'd still be confusing to me > to get an OUTPUT hook on the inner packet in the forward

Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter

Le 09/12/2020 à 15:40, Eyal Birger a écrit : > Hi Phil, > > On Tue, Dec 8, 2020 at 8:51 PM Phil Sutter wrote: >> >> Hi Eyal, >> >> On Tue, Dec 08, 2020 at 04:47:02PM +0200, Eyal Birger wrote: >>> On Mon, Dec 7, 2020 at 4:07 PM Phil Sutter wrote: [snip] >> >> The packet appears twice being sent t

Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter

Le 08/12/2020 à 15:00, Phil Sutter a écrit : > Hi Nicolas, > > On Tue, Dec 08, 2020 at 10:02:16AM +0100, Nicolas Dichtel wrote: >> Le 07/12/2020 à 14:43, Phil Sutter a écrit : > [...] >>> diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c >>>

Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter

Le 07/12/2020 à 14:43, Phil Sutter a écrit : > With an IPsec tunnel without dedicated interface, netfilter sees locally > generated packets twice as they exit the physical interface: Once as "the > inner packet" with IPsec context attached and once as the encrypted > (ESP) packet. > > With xfrm_in

Re: [PATCH net-next] net-loopback: allow lo dev initial state to be controlled

Le 18/11/2020 à 18:39, Mahesh Bandewar (महेश बंडेवार) a écrit : > On Wed, Nov 18, 2020 at 8:58 AM Nicolas Dichtel > wrote: >> >> Le 18/11/2020 à 02:12, David Ahern a écrit : >> [snip] >>> If there is no harm in just creating lo in the up state, why not just do

Re: [PATCH net-next] net-loopback: allow lo dev initial state to be controlled

Le 18/11/2020 à 02:12, David Ahern a écrit : [snip] > If there is no harm in just creating lo in the up state, why not just do > it vs relying on a sysctl? It only affects 'local' networking so no real > impact to containers that do not do networking (ie., packets can't > escape). Linux has a lot o

Re: [PATCH ipsec] xfrm: interface: fix the priorities for ipip and ipv6 tunnels

tunnel handler and it calls >> xfrm_input() as well, so we must make its priority lower than xfrmi's, >> which means having xfrmi loaded would still break IPCOMP. We may seek >> another way to fix it in xfrm_input() in the future. >> >> Reported-by: Nicolas Dichtel

Re: [PATCH 10/19] xfrm: interface: support IP6IP6 and IP6IP tunnels processing with .cb_handler

Le 07/10/2020 à 18:26, Xin Long a écrit : > On Wed, Oct 7, 2020 at 11:40 PM Nicolas Dichtel > wrote: [snip] >> Do you think that you will have time to send the patch before the release >> (v5.9) >> goes out? > Sure, I will do it tomorrow. > Thanks!

Re: [PATCH 10/19] xfrm: interface: support IP6IP6 and IP6IP tunnels processing with .cb_handler

Le 05/10/2020 à 17:11, Nicolas Dichtel a écrit : > Le 03/10/2020 à 11:41, Xin Long a écrit : > [snip] >> When xfrmi processes the ipip packets, it does the state lookup and xfrmi >> device lookup both in xfrm_input(). When either of them fails, instead of >> returning err

Re: [PATCH net 08/12] ipv6: advertise IFLA_LINK_NETNSID when dumping ipv6 addresses

Le 02/10/2020 à 11:03, Sabrina Dubroca a écrit : [snip] > I guess I could push the rcu_read_lock down into veth and vxcan's > handlers instead of the rcu_dereference_rtnl change in patch 6 and > adding this rcu_read_lock. > Yes, I think it would avoid having this problem later, when someone else w

Re: [PATCH 10/19] xfrm: interface: support IP6IP6 and IP6IP tunnels processing with .cb_handler

Le 03/10/2020 à 11:41, Xin Long a écrit : [snip] > When xfrmi processes the ipip packets, it does the state lookup and xfrmi > device lookup both in xfrm_input(). When either of them fails, instead of > returning err and continuing the next .handler in tunnel4_rcv(), it would > drop the packet and

Re: [PATCH 10/19] xfrm: interface: support IP6IP6 and IP6IP tunnels processing with .cb_handler

Le 30/07/2020 à 07:41, Steffen Klassert a écrit : > From: Xin Long > > Similar to ip6_vti, IP6IP6 and IP6IP tunnels processing can easily > be done with .cb_handler for xfrm interface. > > v1->v2: > - no change. > v2-v3: > - enable it only when CONFIG_INET6_XFRM_TUNNEL is defined, to fix >

Re: [PATCH net 08/12] ipv6: advertise IFLA_LINK_NETNSID when dumping ipv6 addresses

Le 01/10/2020 à 09:59, Sabrina Dubroca a écrit : > Currently, we're not advertising link-netnsid when dumping IPv6 > addresses, so the "ip -6 addr" command will not correctly interpret > the value of the IFLA_LINK attribute. > > For example, we'll get: > 9: macvlan0@macvlan0: mtu 1500 state U

[PATCH net] netlink: fix doc about nlmsg_parse/nla_validate

There is no @validate argument. CC: Johannes Berg Fixes: 3de644035446 ("netlink: re-add parse/validate functions in strict mode") Signed-off-by: Nicolas Dichtel --- include/net/netlink.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/net/netlink.h b/include/net/netli

Re: [PATCH] Remove ipvs v6 dependency on iptables

Le 28/08/2020 à 00:07, Lach a écrit : > This dependency was added in 63dca2c0b0e7a92cb39d1b1ecefa32ffda201975, > because this commit had dependency on > ipv6_find_hdr, which was located in iptables-specific code > > But it is no longer required, because > f8f626754ebeca613cf1af2e6f890cfde0e74d5b

[PATCH net-next 0/2] gtp: minor enhancements

The first patch removes a useless rcu lock and the second relax alloc constraints when a PDP context is added. drivers/net/gtp.c | 12 +--- 1 file changed, 5 insertions(+), 7 deletions(-) Comments are welcomed, Nicolas

[PATCH net-next 2/2] gtp: relax alloc constraint when adding a pdp

When a PDP context is added, the rtnl lock is held, thus no need to force a GFP_ATOMIC. Signed-off-by: Nicolas Dichtel --- drivers/net/gtp.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c index 6f871ec31393..2ed1e82a8ad8

[PATCH net-next 1/2] gtp: remove useless rcu_read_lock()

The rtnl lock is taken just the line above, no need to take the rcu also. Fixes: 1788b8569f5d ("gtp: fix use-after-free in gtp_encap_destroy()") Signed-off-by: Nicolas Dichtel --- drivers/net/gtp.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/net/gtp.c b/drivers/net/g

Re: [PATCH net-next v3] gtp: add notification mechanism

Le 27/08/2020 à 18:44, David Miller a écrit : > Was build testing, it's pushed out now. > Thanks David!

Re: [PATCH net-next v3] gtp: add notification mechanism

Le 27/08/2020 à 17:05, David Miller a écrit : > From: Nicolas Dichtel > Date: Thu, 27 Aug 2020 14:19:23 +0200 > >> Like all other network functions, let's notify gtp context on creation and >> deletion. >> >> Signed-off-by: Nicolas Dichtel >> Tested-

[PATCH net-next v3] gtp: add notification mechanism

Like all other network functions, let's notify gtp context on creation and deletion. Signed-off-by: Nicolas Dichtel Tested-by: Gabriel Ganne Acked-by: Harald Welte --- v2 -> v3: - add ack from Harald - rebase on HEAD of net-next v1 -> v2: - fix typo in the commit title - fix

Re: [PATCH net-next v2] gtp: add notification mechanism

Hi Harald, Le 27/08/2020 à 11:00, Harald Welte a écrit : > Hi Nicolas, > > On Thu, Aug 27, 2020 at 12:36:24AM +0200, Nicolas Dichtel wrote: >> Le 26/08/2020 à 20:52, Harald Welte a écrit : > >>> Wouldn't it make sense to only allocate + fill those messages if w

Re: [PATCH net-next v2] gtp: add notification mechanism

Le 26/08/2020 à 20:52, Harald Welte a écrit : > Hi Nicolas, > > On Wed, Aug 26, 2020 at 09:47:54AM +0200, Nicolas Dichtel wrote: >>> Sending (unsolicited) notifications about all of those seems quite >>> heavyweight to me. >> >> There is no 

Re: [PATCH net-next v2] gtp: add notification mechanism

Le 25/08/2020 à 19:01, Harald Welte a écrit : > Hi Nicolas, > > thanks a lot for your patch. > > On Tue, Aug 25, 2020 at 05:57:15PM +0200, Nicolas Dichtel wrote: >> Like all other network functions, let's notify gtp context on creation and >> deletion. > >

[PATCH net-next v2] gtp: add notification mechanism

Like all other network functions, let's notify gtp context on creation and deletion. Signed-off-by: Nicolas Dichtel Tested-by: Gabriel Ganne --- v1 -> v2: - fix typo in the commit title - fix indentation of GTP_GENL_MCGRP drivers/net/gtp.c

[PATCH net-next] gtp: add notification mechnism

Like all other network functions, let's notify gtp context on creation and deletion. Signed-off-by: Nicolas Dichtel Tested-by: Gabriel Ganne --- drivers/net/gtp.c| 58 +--- include/uapi/linux/gtp.h | 2 ++ 2 files changed, 51 insertions(

[PATCH net] gtp: add GTPA_LINK info to msg sent to userspace

During a dump, this attribute is essential, it enables the userspace to know on which interface the context is linked to. Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)") Signed-off-by: Nicolas Dichtel Tested-by: Gabriel Ganne --- I t

Re: [PATCH ipsec-next v2] xfrm: add /proc/sys/core/net/xfrm_redact_secret

Le 20/08/2020 à 14:04, Antony Antony a écrit : [snip] > @@ -38,6 +48,15 @@ static struct ctl_table xfrm_table[] = { > .mode = 0644, > .proc_handler = proc_dointvec > }, > + { > + .procname = "xfrm_redact_secret", > + .m

Re: [PATCH v3] IPv4: Tunnel: Fix effective path mtu calculation

Le 30/06/2020 à 19:33, Jakub Kicinski a écrit : > On Tue, 30 Jun 2020 17:51:41 +0200 Nicolas Dichtel wrote: >> Le 30/06/2020 à 08:22, Jakub Kicinski a écrit : >> [snip] >>> My understanding is that for a while now tunnels are not supposed to use >>> dev->hard_

Re: [PATCH v3] IPv4: Tunnel: Fix effective path mtu calculation

Le 30/06/2020 à 08:22, Jakub Kicinski a écrit : [snip] > My understanding is that for a while now tunnels are not supposed to use > dev->hard_header_len to reserve skb space, and use dev->needed_headroom, > instead. sit uses hard_header_len and doesn't even copy needed_headroom > of the lower devi

Re: [PATCH net-next] rtnetlink: add keepalived rtm_protocol

Le 21/06/2020 à 17:34, Alexandre Cassen a écrit : [snip] > +#define RTPROT_GATED 8 /* Apparently, GateD */ > +#define RTPROT_RA9 /* RDISC/ND router advertisements */ > +#define RTPROT_MRT 10 /* Merit MRT */ > +#define RTPROT_ZEBRA 11 /* Ze

[PATCH net-next] netns: enable to inherit devconf from current netns

capability to create netns, the user expects to get the same parameters than his 'init_net', which is not the real init_net in this case. Signed-off-by: Nicolas Dichtel --- Documentation/admin-guide/sysctl/net.rst | 4 +++- net/core/sysctl_net_core.c | 4 +++- net/ipv4

Re: [PATCH net-next v4 2/3] net: ipv4: add sysctl for nexthop api compatibility mode

Le 27/04/2020 à 22:56, Roopa Prabhu a écrit : > From: Roopa Prabhu > > Current route nexthop API maintains user space compatibility > with old route API by default. Dumps and netlink notifications > support both new and old API format. In systems which have > moved to the new API, this compatibil

Re: [PATCH net] netns: fix GFP flags in rtnl_net_notifyid()

call. > > Found by code inspection. > > Fixes: 9a9634545c70 ("netns: notify netns id events") > Signed-off-by: Guillaume Nault Acked-by: Nicolas Dichtel

[PATCH iproute2 1/2] ip-netns.8: document the 'auto' keyword of 'ip netns set'

This is a follow up of the commit ebe3ce2fcc5f ("ipnetns: parse nsid as a signed integer"). Signed-off-by: Nicolas Dichtel --- man/man8/ip-netns.8 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/man/man8/ip-netns.8 b/man/man8/ip-netns.8 index 39a10e765083..961bcf03f609 100644

[PATCH iproute2 2/2] ip-netns.8: document target-nsid and nsid options of list-id

This is a follow up of the commit eaefb07804a1 ("ipnetns: enable to dump nsid conversion table"). Signed-off-by: Nicolas Dichtel --- man/man8/ip-netns.8 | 48 +++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/man/man8/ip-net

Re: [PATCH iproute2] ipnetns: enable to dump nsid conversion table

Le 14/10/2019 à 22:15, Stephen Hemminger a écrit : > On Mon, 7 Oct 2019 15:44:47 +0200 > Nicolas Dichtel wrote: > >> This patch enables to dump/get nsid from a netns into another netns. >> >> Example: >> $ ./test.sh >> + ip netns add foo >> + ip net

Re: [PATCH net v2 0/2] ipv6: fix neighbour resolution with raw socket

Le 26/06/2019 à 22:26, David Miller a écrit : > From: Nicolas Dichtel > Date: Mon, 24 Jun 2019 16:01:07 +0200 > >> The first patch prepares the fix, it constify rt6_nexthop(). >> The detail of the bug is explained in the second patch. >> >> v1 -> v2: >&g

Re: pull request (net): ipsec 2019-09-05

Le 05/09/2019 à 12:21, Steffen Klassert a écrit : > 1) Several xfrm interface fixes from Nicolas Dichtel: >- Avoid an interface ID corruption on changelink. >- Fix wrong intterface names in the logs. >- Fix a list corruption when changing network namespaces. >- Fix u

[PATCH net v2] netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID

The flag NLM_F_ECHO aims to reply to the user the message notified to all listeners. It was not the case with the command RTM_NEWNSID, let's fix this. Fixes: 0c7aecd4bde4 ("netns: add rtnl cmd to add and get peer netns ids") Reported-by: Guillaume Nault Signed-off-by: Nicolas D

Re: [PATCH net] netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID

Le 09/10/2019 à 01:10, Guillaume Nault a écrit : [snip] > We also need to set .portid and .seq otherwise rtnl_net_fill() builds > a netlink message with invalid port id and sequence number (as you > noted in your previous message). > Yes you're right. I don't know why, I had in mind that nl msg se

[PATCH iproute2] ipnetns: enable to dump nsid conversion table

current-nsid 32 (iproute2 netns name: foo) + ip netns list-id nsid 13 nsid 13 (iproute2 netns name: bar) CC: Petr Oros Signed-off-by: Nicolas Dichtel --- include/libnetlink.h | 5 +- ip/ip_common.h | 1 + ip/ipnetns.c | 115 +-- lib

[PATCH net] netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID

The flag NLM_F_ECHO aims to reply to the user the message notified to all listeners. It was not the case with the command RTM_NEWNSID, let's fix this. Fixes: 0c7aecd4bde4 ("netns: add rtnl cmd to add and get peer netns ids") Reported-by: Guillaume Nault Signed-off-by: Nicolas Di

Re: [PATCH net-next 0/2] Ease nsid allocation

Le 03/10/2019 à 18:19, Guillaume Nault a écrit : [snip] > Why not using the existing NLM_F_ECHO mechanism? > > IIUC, if rtnl_net_notifyid() did pass the proper nlmsghdr and portid to > rtnl_notify(), the later would automatically notify the caller with > updated information if the original request

Re: [PATCH net-next 0/2] Ease nsid allocation

Le 02/10/2019 à 03:20, David Miller a écrit : > From: Nicolas Dichtel > Date: Mon, 30 Sep 2019 18:02:12 +0200 > >> The goal of the series is to ease nsid allocation from userland. >> The first patch is a preparation work and the second enables to receive the >>

[PATCH net-next 0/2] Ease nsid allocation

The goal of the series is to ease nsid allocation from userland. The first patch is a preparation work and the second enables to receive the new nsid in the answer to RTM_NEWNSID. net/core/net_namespace.c | 118 --- 1 file changed, 71 insertions(+), 4

[PATCH net-next 1/2] netns: move rtnl_net_get_size() and rtnl_net_fill()

There is no functional change in this patch, it only prepares the next one where rtnl_net_newid() will use rtnl_net_get_size() and rtnl_net_fill(). Signed-off-by: Nicolas Dichtel --- net/core/net_namespace.c | 92 1 file changed, 46 insertions(+), 46

[PATCH net-next 2/2] netns/rtnl: return the new nsid to the user

When the user asks for a new nsid, he can let the kernel choose it (by providing -1 in NETNSA_NSID). In this case, it's useful to answer to the netlink message with the chosen nsid. Signed-off-by: Nicolas Dichtel --- net/core/net_namespace.c | 26 +- 1 file change

[PATCH net-next] ipv6: minor code reorg in inet6_fill_ifla6_attrs()

Just put related code together to ease code reading: the memcpy() is related to the nla_reserve(). Signed-off-by: Nicolas Dichtel --- net/ipv6/addrconf.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 6a576ff92c39

[PATCH iproute2] link_xfrm: don't forcce to set phydev

set xfrm1 type xfrm if_id 2 must specify physical device CC: Matt Ellison Fixes: 286446c1e8c7 ("ip: support for xfrm interfaces") Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22d6552f827e Signed-off-by: Nicolas Dichtel --- ip/link_xfrm.c |

Re: [PATCH net-next] ipv6: Don't use dst gateway directly in ip6_confirm_neigh()

neighbour resolution, and, in general, as we want the next hop, > using rt6_nexthop() looks like the only sane way to fetch it. > > Reported-by: Guillaume Nault > Signed-off-by: Stefano Brivio Acked-by: Nicolas Dichtel

Re: Need more information on "ifi_change" in "struct ifinfomsg"

Le 06/09/2019 à 07:08, dhan lin a écrit : > Hi All, > > There is a field called ifi_change in "struct ifinfomsg". man page for > rtnetlink says its for future use and should be always set to > 0x. > > But ive run some sample tests, to confirm the value is not as per man > pages explanatio

Re: [PATCH net] tc-testing: don't hardcode 'ip' in nsPlugin.py

2638 - Add matchall and try to get it > > Fixes: 489ce2f42514 ("tc-testing: Restore original behaviour for namespaces > in tdc") > Reported-by: Hangbin Liu > Signed-off-by: Davide Caratti Acked-by: Nicolas Dichtel

Re: [PATCH v2 bpf-next 2/3] bpf: implement CAP_BPF

Le 29/08/2019 à 19:30, Alexei Starovoitov a écrit : [snip] > These are the links that showing that k8 can delegates caps. > Are you saying that you know of folks who specifically > delegate cap_sys_admin and cap_net_admin _only_ to a container to run bpf in > there? > Yes, we need cap_sys_admin o

Re: [PATCH v2 bpf-next 1/3] capability: introduce CAP_BPF and CAP_TRACING

Le 29/08/2019 à 07:12, Alexei Starovoitov a écrit : [snip] > CAP_BPF and CAP_NET_ADMIN together allow the following: > - Attach to cgroup-bpf hooks and query > - skb, xdp, flow_dissector test_run command > > CAP_NET_ADMIN allows: > - Attach networking bpf programs to xdp, tc, lwt, flow dissector I

[PATCH ipsec v2 1/4] xfrm interface: avoid corruption on changelink

gso_max_size 65536 gso_max_segs 65535 => "if_id 0x2" Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") Signed-off-by: Nicolas Dichtel Tested-by: Julien Floret --- net/xfrm/xfrm_interface.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-)

[PATCH ipsec v2 3/4] xfrm interface: fix list corruption for x-netns

ts may be corrupted and can later trigger a kernel panic. Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") Reported-by: Julien Floret Signed-off-by: Nicolas Dichtel Tested-by: Julien Floret --- net/xfrm/xfrm_interface.c | 8 1 file changed, 4 insertions(+), 4 deletio

[PATCH ipsec v2 2/4] xfrm interface: ifname may be wrong in logs

The ifname is copied when the interface is created, but is never updated later. In fact, this property is used only in one error message, where the netdevice pointer is available, thus let's use it. Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") Signed-off-by:

[PATCH ipsec v2 4/4] xfrm interface: fix management of phydev

ifindex. Not that the side effect, is that the phydev is now optional. Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") Signed-off-by: Nicolas Dichtel Tested-by: Julien Floret --- include/net/xfrm.h| 1 - net/xfrm/xfrm_interface.c | 32 +--

[PATCH ipsec v2 0/4] xfrm interface: bugs fixes

Here is a bunch of bugs fixes. Some have been seen by code review and some when playing with x-netns. The details are in each patch. v1 -> v2: - add patch #3 and #4 include/net/xfrm.h| 2 -- net/xfrm/xfrm_interface.c | 56 +-- 2 files chang

Re: [PATCH ipsec] xfrm interface: fix list corruption for x-netns

Le 10/07/2019 à 15:11, Nicolas Dichtel a écrit : > dev_net(dev) is the netns of the device and xi->net is the link netns, > where the device has been linked. > changelink() must operate in the link netns to avoid a corruption of > the xfrm lists. > > Note that xi->net and

Re: [PATCH ipsec 0/2] xfrm interface: bug fix on changelink

Le 10/07/2019 à 09:45, Nicolas Dichtel a écrit : > > Here are two bug fix seen by code review. The first one avoids a corruption of > existing xfrm interfaces and the second is a minor fix of an error message. > > include/net/xfrm.h| 1 - > net/xfrm/xfr

[PATCH ipsec] xfrm interface: fix list corruption for x-netns

ts may be corrupted and can later trigger a kernel panic. Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") Reported-by: Julien Floret Signed-off-by: Nicolas Dichtel Tested-by: Julien Floret --- net/xfrm/xfrm_interface.c | 8 1 file changed, 4 insertions(+), 4 deletio

[PATCH ipsec 2/2] xfrm interface: ifname may be wrong in logs

The ifname is copied when the interface is created, but is never updated later. In fact, this property is used only in one error message, where the netdevice pointer is available, thus let's use it. Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") Signed-off-by:

[PATCH ipsec 1/2] xfrm interface: avoid corruption on changelink

gso_max_size 65536 gso_max_segs 65535 => "if_id 0x2" Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") Signed-off-by: Nicolas Dichtel --- net/xfrm/xfrm_interface.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/net/xfrm/xfrm

[PATCH ipsec 0/2] xfrm interface: bug fix on changelink

Here are two bug fix seen by code review. The first one avoids a corruption of existing xfrm interfaces and the second is a minor fix of an error message. include/net/xfrm.h| 1 - net/xfrm/xfrm_interface.c | 20 ++-- 2 files changed, 6 insertions(+), 15 deletions(-) Re

Re: [PATCH ipsec v2] xfrm interface: fix memory leak on creation

Le 04/07/2019 à 12:22, Steffen Klassert a écrit : [snip] > > Applied, thanks a lot! > I suppose that this patch will be queued for stable trees? Regards, Nicolas

[PATCH ipsec v2] xfrm interface: fix memory leak on creation

CC: Shannon Nelson CC: Antony Antony CC: Eyal Birger Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") Reported-by: Julien Floret Signed-off-by: Nicolas Dichtel --- v1 -> v2: - fix typos in commit log net/xfrm/xfrm_interface.c | 98 +++

[PATCH ipsec] xfrm interface: fix memory leak on creation

lassert CC: Shannon Nelson CC: Antony Antony CC: Eyal Birger Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") Reported-by: Julien Floret Signed-off-by: Nicolas Dichtel --- net/xfrm/xfrm_interface.c | 98 +++ 1 file changed, 28 insertions(+),

Re: [RFC iproute2] netns: add mounting state file for each netns

Le 01/07/2019 à 15:50, Matteo Croce a écrit : > On Mon, Jul 1, 2019 at 2:38 PM Nicolas Dichtel > wrote: >> >> Le 30/06/2019 à 21:29, Matteo Croce a écrit : >>> When ip creates a netns, there is a small time interval between the >>> placeholder file creation

Re: [RFC iproute2] netns: add mounting state file for each netns

Le 30/06/2019 à 21:29, Matteo Croce a écrit : > When ip creates a netns, there is a small time interval between the > placeholder file creation in NETNS_RUN_DIR and the bind mount from /proc. > > Add a temporary file named .mounting-$netns which gets deleted after the > bind mount, so watching for

Re: [RFC iproute2 1/1] ip: netns: add mounted state file for each netns

Le 28/06/2019 à 18:26, David Howells a écrit : > Nicolas Dichtel wrote: > >> David Howells was working on a mount notification mechanism: >> https://lwn.net/Articles/760714/ >> https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=notifications &g

Re: [RFC iproute2 1/1] ip: netns: add mounted state file for each netns

Le 26/06/2019 à 21:03, Alexander Aring a écrit : > This patch adds a state file for each generated namespace to ensure the > namespace is mounted. There exists no way to tell another programm that > the namespace is mounted when iproute is creating one. An example > application would be an inotify

Re: [PATCH net-next 1/1] tc-testing: Restore original behaviour for namespaces in tdc

eractions: > > "plugins": { > "requires": "buildebpfPlugin" > }, > > A test case can have more than one required plugin: a list > can be inserted as the value for 'requires'. > > Signed-off-by: Lucas Bates T

Re: [PATCH net v2 1/2] ipv6: constify rt6_nexthop()

Le 24/06/2019 à 19:37, Nick Desaulniers a écrit : [snip] > > The author stated that this patch was no functional change. Nicolas, > it can be helpful to include compiler warnings in the commit message > when sending warning fixes, but it's not a big deal. Thanks for > sending the patches. > Yep

[PATCH net v2 2/2] ipv6: fix neighbour resolution with raw socket

eway, which is :: because the associated route is a connected route, thus it uses the dst addr of the packet. Let's use rt6_nexthop() to choose the right nh. Signed-off-by: Nicolas Dichtel --- net/ipv6/route.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/

[PATCH net v2 1/2] ipv6: constify rt6_nexthop()

There is no functional change in this patch, it only prepares the next one. rt6_nexthop() will be used by ip6_dst_lookup_neigh(), which uses const variables. Signed-off-by: Nicolas Dichtel --- drivers/net/vrf.c| 2 +- include/net/ip6_route.h | 4 ++-- net/bluetooth

[PATCH net v2 0/2] ipv6: fix neighbour resolution with raw socket

The first patch prepares the fix, it constify rt6_nexthop(). The detail of the bug is explained in the second patch. v1 -> v2: - fix compilation warnings - split the initial patch drivers/net/vrf.c| 2 +- include/net/ip6_route.h | 4 ++-- net/bluetooth/6lowpan.c

[PATCH iproute2] ip monitor: display interfaces from all groups

Only interface from group 0 were displayed. ip monitor calls ipaddr_reset_filter() and there is no reason to not reset the filter group in this function. Fixes: c4fdf75d3def ("ip link: fix display of interface groups") Signed-off-by: Nicolas Dichtel --- ip/ipaddress.c | 2 +- 1 file

Re: [PATCH net] ipv6: fix neighbour resolution with raw socket

Le 20/06/2019 à 18:36, David Ahern a écrit : [snip] > You don't have a fixes tag, but this should go to stable releases. Yeah, I was not able to point a specific commit. The bug is reproducible with a 4.4 from ubuntu-16.04, with a 3.10 from redhat-7 but not with a vanilla 3.10.20.

Re: [RFC PATCH net-next 1/1] tc-testing: Restore original behaviour for namespaces in tdc

Le 21/06/2019 à 02:45, Lucas Bates a écrit : [snip] > Very true. I think I just put that one in quickly and meant to come > back to it later, but either way it's a bit too vague. I understand. As a developer, we tend to focus on the technical part, but we need to remember to look at the big picture

Re: [PATCH net] ipv6: fix neighbour resolution with raw socket

Le 20/06/2019 à 17:12, David Ahern a écrit : > On 6/20/19 6:34 AM, Nicolas Dichtel wrote: >> The scenario is the following: the user uses a raw socket to send an ipv6 >> packet, destinated to a not-connected network, and specify a connected nh. >> Here is the correspon

[PATCH net] ipv6: fix neighbour resolution with raw socket

eway, which is :: because the associated route is a connected route, thus it uses the dst addr of the packet. Let's use rt6_nexthop() to choose the right nh. Note that rt and in6addr_any are const in ip6_dst_lookup_neigh(), thus let's constify rt6_nexthop() to avoid ugly cast. Signed-off-by:

Re: [RFC PATCH net-next 1/1] tc-testing: Restore original behaviour for namespaces in tdc

Le 17/06/2019 à 04:04, Lucas Bates a écrit : > On Fri, Jun 14, 2019 at 5:37 AM Nicolas Dichtel > wrote: [snip] > The tests that make use of DEV2 are intended to be run with a physical > NIC. This feature was originally submitted by Chris Mi from Mellanox > back in 2017 (comm

Re: [RFC PATCH net-next 1/1] tc-testing: Restore original behaviour for namespaces in tdc

Le 05/06/2019 à 23:08, Lucas Bates a écrit : > Apologies for the delay in getting this out. I've been busy > with other things and this change was a little trickier than > I expected. > > This patch restores the original behaviour for tdc prior to the > introduction of the plugin system, where the

[PATCH ipsec] xfrm: fix sa selector validation

c73e6 96 flag align4 In fact, the selector is not mandatory, allow the user to provide an empty selector. Fixes: b38ff4075a80 ("xfrm: Fix xfrm sel prefix length validation") CC: Anirudh Gupta Signed-off-by: Nicolas Dichtel --- net/xfrm/xfrm_user.c | 3 +++ 1 file changed, 3 insert

Re: [PATCH net 2/2] ipv6: fix EFAULT on sendto with icmpv6 and hdrincl

v twice after > raw_probe_proto_opt""), but at that time it was not a problem because > IPV6_HDRINCL was not yet introduced. > > Only eat these 2 bytes if hdrincl == 0. > > Fixes: 715f504b1189 ("ipv6: add IPV6_HDRINCL option for raw sockets") > Signed-off-by: Olivier Matz Acked-by: Nicolas Dichtel

Re: [RFC][PATCH kernel_bpf] honor CAP_NET_ADMIN for BPF_PROG_LOAD

Le 05/06/2019 à 12:59, Andreas Steinmetz a écrit : [snip] > If there is a change for this to get accepted, sure, I'm willing to > submit this formally (need some advice, though). At least, you need to submit it without the RFC tag. RFC patches are not aimed to be merged. Regards, Nicolas

Re: [RFC][PATCH kernel_bpf] honor CAP_NET_ADMIN for BPF_PROG_LOAD

Le 28/05/2019 à 18:53, Andreas Steinmetz a écrit : > [sorry for crossposting but this affects both lists] > > BPF_PROG_TYPE_SCHED_CLS and BPF_PROG_TYPE_XDP should be allowed > for CAP_NET_ADMIN capability. Nearly everything one can do with > these program types can be done some other way with CAP_

[PATCH iproute2] iplink: don't try to get ll addr len when creating an iface

It will obviously fail. This is a follow up of the commit 757837230a65 ("lib: suppress error msg when filling the cache"). Suggested-by: David Ahern Signed-off-by: Nicolas Dichtel --- ip/iplink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ip/iplink.c b/i

Re: [PATCH] netfilter: ctnetlink: Resolve conntrack L3-protocol flush regression

Le 24/05/2019 à 11:22, Pablo Neira Ayuso a écrit : > On Mon, May 20, 2019 at 10:35:07AM +0200, Nicolas Dichtel wrote: >> Le 06/05/2019 à 15:16, Pablo Neira Ayuso a écrit : >>> On Mon, May 06, 2019 at 10:49:52AM +0200, Nicolas Dichtel wrote: >> [snip] >>>> Is

[PATCH iproute2] lib: suppress error msg when filling the cache

those error messages. Fixes: 55870dfe7f8b ("Improve batch and dump times by caching link lookups") Reported-by: Philippe Guibert Signed-off-by: Nicolas Dichtel --- lib/ll_map.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ll_map.c b/lib/ll_map.c index 2d7b65dcb8f

Re: [PATCH] net: vxlan: disallow removing to other namespace

Le 21/05/2019 à 07:53, Tonghao Zhang a écrit : [snip] > The problem is that we create one vxlan netdevice(e.g dstport 4789 and > external), and move it to > one net-namespace, and then we hope create one again(dstport 4789 and > external) and move it to other net-namespace, but we can't create it.

Re: [PATCH] netfilter: ctnetlink: Resolve conntrack L3-protocol flush regression

Le 06/05/2019 à 15:16, Pablo Neira Ayuso a écrit : > On Mon, May 06, 2019 at 10:49:52AM +0200, Nicolas Dichtel wrote: [snip] >> Is it possible to queue this for stable? > > Sure, as soon as this hits Linus' tree. > FYI, it's now in Linus tree: https://git.kernel.

Re: [PATCH net v2] rtnetlink: always put ILFA_LINK for links with a link-netnsid

Le 14/05/2019 à 12:24, Sabrina Dubroca a écrit : [snip] > Yes, that's possible although quite unlikely. I'll go with d8a5ec672768. > Agreed. Thank you, Nicolas

  1   2   3   4   5   6   7   >