Re: [PATCH 1/1] openvswitch: fix infoleak in conntrack

On Mon, Jun 15, 2020 at 7:13 PM Xidong Wang wrote: > > From: xidongwang > > The stack object “zone_limit” has 3 members. In function > ovs_ct_limit_get_default_limit(), the member "count" is > not initialized and sent out via “nla_put_nohdr”. > > Signed-off-by: xidongwang Looks good. Acked-by:

Re: [PATCH] net: openvswitch: free vport unless register_netdevice() succeeds

On Thu, Aug 8, 2019 at 8:55 PM Hillf Danton wrote: > > > syzbot found the following crash on: > > HEAD commit:1e78030e Merge tag 'mmc-v5.3-rc1' of git://git.kernel.org/.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=148d3d1a60 > kernel config:

Re: memory leak in internal_dev_create

On Tue, Aug 6, 2019 at 5:00 AM Hillf Danton wrote: > > > On Tue, 06 Aug 2019 01:58:05 -0700 > > Hello, > > > > syzbot found the following crash on: > > ... > > BUG: memory leak > > unreferenced object 0x8881228ca500 (size 128): > >comm "syz-executor032", pid 7015, jiffies 4294944622 (age

Re: [ovs-dev] [PATCH 7/8] net: ovs: remove unused hardirq.h

Yang Shi <yan...@alibaba-inc.com> > Cc: Pravin Shelar <pshe...@nicira.com> > Cc: "David S. Miller" <da...@davemloft.net> > Cc: d...@openvswitch.org Acked-by: Pravin B Shelar <pshe...@ovn.org>

Re: [ovs-dev] [PATCH 7/8] net: ovs: remove unused hardirq.h

On Fri, Nov 17, 2017 at 3:02 PM, Yang Shi wrote: > Preempt counter APIs have been split out, currently, hardirq.h just > includes irq_enter/exit APIs which are not used by openvswitch at all. > > So, remove the unused hardirq.h. > > Signed-off-by: Yang Shi > Cc: Pravin S

Re: [PATCH] openvswitch: use ktime_get_ts64() instead of ktime_get_ts()

On Mon, Nov 27, 2017 at 5:11 PM, Arnd Bergmann wrote: > timespec is deprecated because of the y2038 overflow, so let's convert > this one to ktime_get_ts64(). The code is already safe even on 32-bit > architectures, since it uses monotonic times. On 64-bit architectures, > nothing

Re: [PATCH] openvswitch: use ktime_get_ts64() instead of ktime_get_ts()

On Mon, Nov 27, 2017 at 5:11 PM, Arnd Bergmann wrote: > timespec is deprecated because of the y2038 overflow, so let's convert > this one to ktime_get_ts64(). The code is already safe even on 32-bit > architectures, since it uses monotonic times. On 64-bit architectures, > nothing changes, while

Re: [ovs-dev] [PATCH] openvswitch: add null pointer check on upcall

On Thu, Nov 9, 2017 at 7:29 PM, Colin King wrote: > From: Colin Ian King > > upcall may be assigned a NULL pointer as genlmsg_put can potentially > return a NULL. Add a null check to avoid a null pointer dereference > on upcall. > > Detected

Re: [ovs-dev] [PATCH] openvswitch: add null pointer check on upcall

On Thu, Nov 9, 2017 at 7:29 PM, Colin King wrote: > From: Colin Ian King > > upcall may be assigned a NULL pointer as genlmsg_put can potentially > return a NULL. Add a null check to avoid a null pointer dereference > on upcall. > > Detected by CoverityScan, CID#728404 ("Dereference null return

Re: [PATCH v2] geneve: Fix setting ttl value in collect metadata mode

On Wed, Sep 13, 2017 at 4:15 AM, 严海双 <yanhaishu...@cmss.chinamobile.com> wrote: > > >> On 2017年9月13日, at 上午7:43, Pravin Shelar <pshe...@ovn.org> wrote: >> >> On Tue, Sep 12, 2017 at 12:05 AM, Haishuang Yan >> <yanhaishu...@cmss.chinamobile.com> wrot

Re: [PATCH v2] geneve: Fix setting ttl value in collect metadata mode

On Wed, Sep 13, 2017 at 4:15 AM, 严海双 wrote: > > >> On 2017年9月13日, at 上午7:43, Pravin Shelar wrote: >> >> On Tue, Sep 12, 2017 at 12:05 AM, Haishuang Yan >> wrote: >>> Similar to vxlan/ipip tunnel, if key->tos is zero in collect metadata >>> mod

Re: [PATCH v2] geneve: Fix setting ttl value in collect metadata mode

On Tue, Sep 12, 2017 at 12:05 AM, Haishuang Yan wrote: > Similar to vxlan/ipip tunnel, if key->tos is zero in collect metadata > mode, tos should also fallback to ip{4,6}_dst_hoplimit. > > Signed-off-by: Haishuang Yan > > ---

Re: [PATCH v2] geneve: Fix setting ttl value in collect metadata mode

On Tue, Sep 12, 2017 at 12:05 AM, Haishuang Yan wrote: > Similar to vxlan/ipip tunnel, if key->tos is zero in collect metadata > mode, tos should also fallback to ip{4,6}_dst_hoplimit. > > Signed-off-by: Haishuang Yan > > --- > Changes since v2: > * Make the commit message more clearer. > ---

Re: [PATCH v4 1/2] ip_tunnel: fix ip tunnel lookup in collect_md mode

On Tue, Sep 12, 2017 at 2:47 AM, Haishuang Yan wrote: > In collect_md mode, if the tun dev is down, it still can call > ip_tunnel_rcv to receive on packets, and the rx statistics increase > improperly. > > When the md tunnel is down, it's not neccessary to

Re: [PATCH v4 1/2] ip_tunnel: fix ip tunnel lookup in collect_md mode

On Tue, Sep 12, 2017 at 2:47 AM, Haishuang Yan wrote: > In collect_md mode, if the tun dev is down, it still can call > ip_tunnel_rcv to receive on packets, and the rx statistics increase > improperly. > > When the md tunnel is down, it's not neccessary to increase RX drops > for the tunnel

Re: [PATCH v2] openvswitch: Fix an error handling path in 'ovs_nla_init_match_and_action()'

On Mon, Sep 11, 2017 at 12:56 PM, Christophe JAILLET wrote: > All other error handling paths in this function go through the 'error' > label. This one should do the same. > > Fixes: 9cc9a5cb176c ("datapath: Avoid using stack larger than 1024.") > Signed-off-by:

Re: [PATCH v2] openvswitch: Fix an error handling path in 'ovs_nla_init_match_and_action()'

On Mon, Sep 11, 2017 at 12:56 PM, Christophe JAILLET wrote: > All other error handling paths in this function go through the 'error' > label. This one should do the same. > > Fixes: 9cc9a5cb176c ("datapath: Avoid using stack larger than 1024.") > Signed-off-by: Christophe JAILLET > --- > I think

Re: [PATCH] geneve: Fix setting ttl value in collect metadata mode

On Sun, Sep 3, 2017 at 5:49 AM, Haishuang Yan wrote: > If key->tos is zero in collect metadata mode, tos should fallback to > ip{4,6}_dst_hoplimit, same as normal mode. > > Signed-off-by: Haishuang Yan > --- >

Re: [PATCH] geneve: Fix setting ttl value in collect metadata mode

On Sun, Sep 3, 2017 at 5:49 AM, Haishuang Yan wrote: > If key->tos is zero in collect metadata mode, tos should fallback to > ip{4,6}_dst_hoplimit, same as normal mode. > > Signed-off-by: Haishuang Yan > --- > drivers/net/geneve.c | 6 ++ > 1 file changed, 2 insertions(+), 4 deletions(-) >

Re: [PATCH v2 1/2] ip_tunnel: fix ip tunnel lookup in collect_md mode

On Mon, Jun 19, 2017 at 6:13 AM, 严海双 <yanhaishu...@cmss.chinamobile.com> wrote: > > >> On 19 Jun 2017, at 1:43 PM, Pravin Shelar <pshe...@ovn.org> wrote: >> >> On Fri, Jun 16, 2017 at 8:27 PM, Haishuang Yan >> <yanhaishu...@cmss.chinamobile.com&g

Re: [PATCH v2 1/2] ip_tunnel: fix ip tunnel lookup in collect_md mode

On Mon, Jun 19, 2017 at 6:13 AM, 严海双 wrote: > > >> On 19 Jun 2017, at 1:43 PM, Pravin Shelar wrote: >> >> On Fri, Jun 16, 2017 at 8:27 PM, Haishuang Yan >> wrote: >>> In collect_md mode, if the tun dev is down, it still can call >>> ip_tunnel_

Re: [PATCH v2 1/2] ip_tunnel: fix ip tunnel lookup in collect_md mode

On Fri, Jun 16, 2017 at 8:27 PM, Haishuang Yan wrote: > In collect_md mode, if the tun dev is down, it still can call > ip_tunnel_rcv to receive on packets, and the rx statistics increase > improperly. > > Fixes: 2e15ea390e6f ("ip_gre: Add support to collect

Re: [PATCH v2 1/2] ip_tunnel: fix ip tunnel lookup in collect_md mode

On Fri, Jun 16, 2017 at 8:27 PM, Haishuang Yan wrote: > In collect_md mode, if the tun dev is down, it still can call > ip_tunnel_rcv to receive on packets, and the rx statistics increase > improperly. > > Fixes: 2e15ea390e6f ("ip_gre: Add support to collect tunnel metadata.") > Cc: Pravin B

Re: [PATCH v3 1/2] ip_tunnel: fix potential issue in ip_tunnel_rcv

On Wed, Jun 7, 2017 at 9:32 PM, Haishuang Yan wrote: > When ip_tunnel_rcv fails, the tun_dst won't be freed, so call > dst_release to free it in error code path. > > CC: Pravin B Shelar > Fixes: 2e15ea390e6f ("ip_gre: Add support to collect

Re: [PATCH v3 1/2] ip_tunnel: fix potential issue in ip_tunnel_rcv

On Wed, Jun 7, 2017 at 9:32 PM, Haishuang Yan wrote: > When ip_tunnel_rcv fails, the tun_dst won't be freed, so call > dst_release to free it in error code path. > > CC: Pravin B Shelar > Fixes: 2e15ea390e6f ("ip_gre: Add support to collect tunnel metadata.") > Signed-off-by: Haishuang Yan > >

Re: [PATCH v2 1/2] ip_tunnel: fix potential issue in ip_tunnel_rcv

On Wed, Jun 7, 2017 at 8:15 PM, Eric Dumazet <eric.duma...@gmail.com> wrote: > On Wed, 2017-06-07 at 19:13 -0700, Pravin Shelar wrote: >> On Wed, Jun 7, 2017 at 5:57 PM, Haishuang Yan >> <yanhaishu...@cmss.chinamobile.com> wrote: >> > When ip_tunnel_rcv fails,

Re: [PATCH v2 1/2] ip_tunnel: fix potential issue in ip_tunnel_rcv

On Wed, Jun 7, 2017 at 8:15 PM, Eric Dumazet wrote: > On Wed, 2017-06-07 at 19:13 -0700, Pravin Shelar wrote: >> On Wed, Jun 7, 2017 at 5:57 PM, Haishuang Yan >> wrote: >> > When ip_tunnel_rcv fails, the tun_dst won't be freed, so move >> > skb_dst_set to

Re: [PATCH v2 1/2] ip_tunnel: fix potential issue in ip_tunnel_rcv

On Wed, Jun 7, 2017 at 5:57 PM, Haishuang Yan wrote: > When ip_tunnel_rcv fails, the tun_dst won't be freed, so move > skb_dst_set to begin and tun_dst would be freed by kfree_skb. > > CC: Pravin B Shelar > Fixes: 2e15ea390e6f ("ip_gre: Add

Re: [PATCH v2 1/2] ip_tunnel: fix potential issue in ip_tunnel_rcv

On Wed, Jun 7, 2017 at 5:57 PM, Haishuang Yan wrote: > When ip_tunnel_rcv fails, the tun_dst won't be freed, so move > skb_dst_set to begin and tun_dst would be freed by kfree_skb. > > CC: Pravin B Shelar > Fixes: 2e15ea390e6f ("ip_gre: Add support to collect tunnel metadata.") > Signed-off-by:

Re: [ovs-dev] [PATCH 1/1] openvswitch: check return value of nla_nest_start

On Sat, Apr 22, 2017 at 11:43 PM, Pan Bian wrote: > Function nla_nest_start() will return a NULL pointer on error, and its > return value should be validated before it is used. However, in function > queue_userspace_packet(), its return value is ignored. This may result > in

Re: [ovs-dev] [PATCH 1/1] openvswitch: check return value of nla_nest_start

On Sat, Apr 22, 2017 at 11:43 PM, Pan Bian wrote: > Function nla_nest_start() will return a NULL pointer on error, and its > return value should be validated before it is used. However, in function > queue_userspace_packet(), its return value is ignored. This may result > in NULL dereference when

Re: [PATCH] openvswitch: add sanity check in queue_userspace_packet.

On Mon, Nov 28, 2016 at 8:36 PM, Haishuang Yan wrote: > kernel will crash in oops if genlmsg_put return NULL, > so add the sanity check. > > Signed-off-by: Haishuang Yan > --- > net/openvswitch/datapath.c | 4 > 1 file

Re: [PATCH] openvswitch: add sanity check in queue_userspace_packet.

On Mon, Nov 28, 2016 at 8:36 PM, Haishuang Yan wrote: > kernel will crash in oops if genlmsg_put return NULL, > so add the sanity check. > > Signed-off-by: Haishuang Yan > --- > net/openvswitch/datapath.c | 4 > 1 file changed, 4 insertions(+) > > diff --git a/net/openvswitch/datapath.c

Re: [PATCH] geneve: fix ip_hdr_len reserved for geneve6 tunnel.

On Sun, Nov 27, 2016 at 9:26 PM, Haishuang Yan wrote: > It shold reserved sizeof(ipv6hdr) for geneve in ipv6 tunnel. > > Fixes: c3ef5aa5e5 ('geneve: Merge ipv4 and ipv6 geneve_build_skb()') > > Signed-off-by: Haishuang Yan

Re: [PATCH] geneve: fix ip_hdr_len reserved for geneve6 tunnel.

On Sun, Nov 27, 2016 at 9:26 PM, Haishuang Yan wrote: > It shold reserved sizeof(ipv6hdr) for geneve in ipv6 tunnel. > > Fixes: c3ef5aa5e5 ('geneve: Merge ipv4 and ipv6 geneve_build_skb()') > > Signed-off-by: Haishuang Yan Thanks for fix. Acked-by: Pravin B Shelar

Re: [PATCH v3] openvswitch: allow management from inside user namespaces

much appreciated. > > v2: use the GENL_UNS_ADMIN_PERM flag instead of a check in each function > v3: use separate ifs for UNS_ADMIN_PERM and ADMIN_PERM, instead of one > massive one > > Reported-by: James Page > Signed-off-by: Tycho Andersen > CC: Eric Biederman > CC: P

Re: [PATCH v3] openvswitch: allow management from inside user namespaces

gned-off-by: Tycho Andersen <tycho.ander...@canonical.com> > CC: Eric Biederman <ebied...@xmission.com> > CC: Pravin Shelar <pshe...@ovn.org> > CC: Justin Pettit <jpet...@nicira.com> > CC: "David S. Miller" <da...@davemloft.net> > --- >

Re: [PATCH] openvswitch: allow management from inside user namespaces

On Fri, Jan 29, 2016 at 8:37 AM, Tycho Andersen wrote: > Hi Eric, > > Thanks for the review. > > On Fri, Jan 29, 2016 at 08:29:55AM -0600, Eric W. Biederman wrote: >> Tycho Andersen writes: >> >> > Operations with the GENL_ADMIN_PERM flag fail permissions checks because >> > this flag means we

Re: [PATCH] openvswitch: allow management from inside user namespaces

On Fri, Jan 29, 2016 at 8:37 AM, Tycho Andersen wrote: > Hi Eric, > > Thanks for the review. > > On Fri, Jan 29, 2016 at 08:29:55AM -0600, Eric W. Biederman wrote: >> Tycho Andersen writes: >> >> > Operations with the GENL_ADMIN_PERM

Re: [PATCH] ip_tunnel: make ip6tunnel_xmit definition conditional

On Fri, Jan 1, 2016 at 5:48 AM, Arnd Bergmann wrote: > From 433df301cf49624871346fa63f3fc65033caeda3 Mon Sep 17 00:00:00 2001 > From: Arnd Bergmann > Date: Fri, 1 Jan 2016 13:18:48 +0100 > Subject: [PATCH] net: make ip6tunnel_xmit definition conditional > > Moving the caller of

Re: [PATCH] ip_tunnel: make ip6tunnel_xmit definition conditional

On Fri, Jan 1, 2016 at 5:48 AM, Arnd Bergmann wrote: > From 433df301cf49624871346fa63f3fc65033caeda3 Mon Sep 17 00:00:00 2001 > From: Arnd Bergmann > Date: Fri, 1 Jan 2016 13:18:48 +0100 > Subject: [PATCH] net: make ip6tunnel_xmit definition conditional > > Moving

Re: [PATCH] ovs: do not allocate memory from offline numa node

On Fri, Oct 2, 2015 at 3:18 AM, Konstantin Khlebnikov wrote: > When openvswitch tries allocate memory from offline numa node 0: > stats = kmem_cache_alloc_node(flow_stats_cache, GFP_KERNEL | __GFP_ZERO, 0) > It catches VM_BUG_ON(nid < 0 || nid >= MAX_NUMNODES || !node_online(nid)) > [ replaced

Re: [PATCH] ovs: do not allocate memory from offline numa node

On Fri, Oct 2, 2015 at 3:18 AM, Konstantin Khlebnikov wrote: > When openvswitch tries allocate memory from offline numa node 0: > stats = kmem_cache_alloc_node(flow_stats_cache, GFP_KERNEL | __GFP_ZERO, 0) > It catches VM_BUG_ON(nid < 0 || nid >= MAX_NUMNODES ||

Re: [PATCHv2 7/7] openvswitch: Change CT_ATTR_FLAGS to CT_ATTR_COMMIT

On Thu, Oct 1, 2015 at 1:53 PM, Joe Stringer wrote: > Previously, the CT_ATTR_FLAGS attribute, when nested under the > OVS_ACTION_ATTR_CT, encoded a 32-bit bitmask of flags that modify the > semantics of the ct action. It's more extensible to just represent each > flag as a nested attribute, and

Re: [PATCHv2 3/7] openvswitch: Fix skb leak in ovs_fragment()

On Thu, Oct 1, 2015 at 1:53 PM, Joe Stringer wrote: > If ovs_fragment() was unable to fragment the skb due to an L2 header > that exceeds the supported length, skbs would be leaked. Fix the bug. > > Fixes: 7f8a436 "openvswitch: Add conntrack action" > Signed-off-by: Joe Stringer > --- > v2: Drop

Re: [PATCHv3] openvswitch: Rename LABEL->LABELS

On Thu, Oct 1, 2015 at 3:00 PM, Joe Stringer wrote: > Conntrack LABELS (plural) are exposed by conntrack; rename the OVS name > for these to be consistent with conntrack. > > Fixes: c2ac667 "openvswitch: Allow matching on conntrack label" > Signed-off-by: Joe Stringer > --- > v3: Fix build with

Re: [PATCHv2 3/7] openvswitch: Fix skb leak in ovs_fragment()

On Thu, Oct 1, 2015 at 1:53 PM, Joe Stringer wrote: > If ovs_fragment() was unable to fragment the skb due to an L2 header > that exceeds the supported length, skbs would be leaked. Fix the bug. > > Fixes: 7f8a436 "openvswitch: Add conntrack action" > Signed-off-by: Joe

Re: [PATCHv3] openvswitch: Rename LABEL->LABELS

On Thu, Oct 1, 2015 at 3:00 PM, Joe Stringer wrote: > Conntrack LABELS (plural) are exposed by conntrack; rename the OVS name > for these to be consistent with conntrack. > > Fixes: c2ac667 "openvswitch: Allow matching on conntrack label" > Signed-off-by: Joe Stringer

Re: [PATCHv2 7/7] openvswitch: Change CT_ATTR_FLAGS to CT_ATTR_COMMIT

On Thu, Oct 1, 2015 at 1:53 PM, Joe Stringer wrote: > Previously, the CT_ATTR_FLAGS attribute, when nested under the > OVS_ACTION_ATTR_CT, encoded a 32-bit bitmask of flags that modify the > semantics of the ct action. It's more extensible to just represent each > flag as

Re: [PATCH net 5/7] openvswitch: Reject ct_state unsupported bits

On Wed, Sep 30, 2015 at 6:20 PM, Joe Stringer wrote: > On 30 September 2015 at 17:31, Pravin Shelar wrote: >> On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote: >>> Previously, if userspace specified ct_state bits in the flow key which >>> are currently undefined

Re: [PATCH net 4/7] openvswitch: Ensure flow is valid before executing ct

On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote: > The ct action uses parts of the flow key, so we need to ensure that it > is valid before executing that action. > > Fixes: 7f8a436 "openvswitch: Add conntrack action" > Signed-off-by: Joe Stringer Acked-by: Pravin B Shelar -- To

Re: [PATCH net 6/7] openvswitch: Extend ct_state match field to 32 bits

On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote: > The ct_state field was initially added as an 8-bit field, however six of > the bits are already being used and use cases are already starting to > appear that may push the limits of this field. This patch extends the > field to 32 bits while

Re: [PATCH net 7/7] openvswitch: Change CT_ATTR_FLAGS to CT_ATTR_COMMIT

On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote: > Previously, the CT_ATTR_FLAGS attribute, when nested under the > OVS_ACTION_ATTR_CT, encoded a 32-bit bitmask of flags that modify the > semantics of the ct action. It's more extensible to just represent each > flag as a nested attribute, and

Re: [PATCH net 2/7] openvswitch: Fix typos in CT headers

On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote: > These comments hadn't caught up to their implementations, fix them. > > Fixes: 7f8a436 "openvswitch: Add conntrack action" > Signed-off-by: Joe Stringer Acked-by: Pravin B Shelar -- To unsubscribe from this list: send the line "unsubscribe

Re: [PATCH net 5/7] openvswitch: Reject ct_state unsupported bits

On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote: > Previously, if userspace specified ct_state bits in the flow key which > are currently undefined (and therefore unsupported), then they would be > ignored. This could cause unexpected behaviour in future if userspace is > extended to support

Re: [PATCH net 1/7] openvswitch: Make LABELS name more consistent

On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote: > Conntrack LABELS (plural) are exposed by conntrack; rename the OVS name > for these to be consistent with conntrack. > > Fixes: c2ac667 "openvswitch: Allow matching on conntrack label" > Signed-off-by: Joe Stringer > --- >

Re: [regression] freezing usbip list by commit 6ae459bdaaeebc632

On Wed, Sep 30, 2015 at 3:18 AM, Igor Kotrasinski wrote: > Commit 6ae459bdaaeebc632 (skbuff: Fix skb checksum flag on skb pull) > introduces a regression when using usbip userspace tools. > Running usbipd and attempting to list remote devices on localhost causes > usbip to freeze. Stopping usbip

Re: [regression] freezing usbip list by commit 6ae459bdaaeebc632

On Wed, Sep 30, 2015 at 3:18 AM, Igor Kotrasinski wrote: > Commit 6ae459bdaaeebc632 (skbuff: Fix skb checksum flag on skb pull) > introduces a regression when using usbip userspace tools. > Running usbipd and attempting to list remote devices on localhost causes > usbip

Re: [PATCH net 1/7] openvswitch: Make LABELS name more consistent

On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote: > Conntrack LABELS (plural) are exposed by conntrack; rename the OVS name > for these to be consistent with conntrack. > > Fixes: c2ac667 "openvswitch: Allow matching on conntrack label" > Signed-off-by: Joe Stringer

Re: [PATCH net 2/7] openvswitch: Fix typos in CT headers

On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote: > These comments hadn't caught up to their implementations, fix them. > > Fixes: 7f8a436 "openvswitch: Add conntrack action" > Signed-off-by: Joe Stringer Acked-by: Pravin B Shelar

Re: [PATCH net 5/7] openvswitch: Reject ct_state unsupported bits

On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote: > Previously, if userspace specified ct_state bits in the flow key which > are currently undefined (and therefore unsupported), then they would be > ignored. This could cause unexpected behaviour in future if userspace

Re: [PATCH net 4/7] openvswitch: Ensure flow is valid before executing ct

On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote: > The ct action uses parts of the flow key, so we need to ensure that it > is valid before executing that action. > > Fixes: 7f8a436 "openvswitch: Add conntrack action" > Signed-off-by: Joe Stringer

Re: [PATCH net 6/7] openvswitch: Extend ct_state match field to 32 bits

On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote: > The ct_state field was initially added as an 8-bit field, however six of > the bits are already being used and use cases are already starting to > appear that may push the limits of this field. This patch extends the >

Re: [PATCH net 7/7] openvswitch: Change CT_ATTR_FLAGS to CT_ATTR_COMMIT

On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote: > Previously, the CT_ATTR_FLAGS attribute, when nested under the > OVS_ACTION_ATTR_CT, encoded a 32-bit bitmask of flags that modify the > semantics of the ct action. It's more extensible to just represent each > flag as

Re: [PATCH net 5/7] openvswitch: Reject ct_state unsupported bits

On Wed, Sep 30, 2015 at 6:20 PM, Joe Stringer <joestrin...@nicira.com> wrote: > On 30 September 2015 at 17:31, Pravin Shelar <pshe...@nicira.com> wrote: >> On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer <joestrin...@nicira.com> wrote: >>> Previously, if userspace

Re: 4.3-rc3 Regression: NFS access stall by commit 6ae459bdaaee

On Tue, Sep 29, 2015 at 3:33 AM, Takashi Iwai wrote: > On Tue, 29 Sep 2015 02:35:04 +0200, > Pravin Shelar wrote: >> >> On Mon, Sep 28, 2015 at 6:12 AM, Takashi Iwai wrote: >> > [I resent this since the previous mail didn't go out properly, as it >> >

Re: 4.3-rc3 Regression: NFS access stall by commit 6ae459bdaaee

On Tue, Sep 29, 2015 at 3:33 AM, Takashi Iwai <ti...@suse.de> wrote: > On Tue, 29 Sep 2015 02:35:04 +0200, > Pravin Shelar wrote: >> >> On Mon, Sep 28, 2015 at 6:12 AM, Takashi Iwai <ti...@suse.de> wrote: >> > [I resent this since the previous mail di

Re: 4.3-rc3 Regression: NFS access stall by commit 6ae459bdaaee

On Mon, Sep 28, 2015 at 6:12 AM, Takashi Iwai wrote: > [I resent this since the previous mail didn't go out properly, as it > seems; apologies if you already read it, please disregard] > > Hi, > > I noticed that NFS access from my workstation slowed down drastically, > almost stalls, with the

Re: 4.3-rc3 Regression: NFS access stall by commit 6ae459bdaaee

On Mon, Sep 28, 2015 at 6:12 AM, Takashi Iwai wrote: > [I resent this since the previous mail didn't go out properly, as it > seems; apologies if you already read it, please disregard] > > Hi, > > I noticed that NFS access from my workstation slowed down drastically, > almost stalls, with the

Re: 4.3-rc3 Regression: NFS access stall by commit 6ae459bdaaee

On Mon, Sep 28, 2015 at 6:12 AM, Takashi Iwai wrote: > [I resent this since the previous mail didn't go out properly, as it > seems; apologies if you already read it, please disregard] > > Hi, > > I noticed that NFS access from my workstation slowed down drastically, > almost

Re: 4.3-rc3 Regression: NFS access stall by commit 6ae459bdaaee

On Mon, Sep 28, 2015 at 6:12 AM, Takashi Iwai wrote: > [I resent this since the previous mail didn't go out properly, as it > seems; apologies if you already read it, please disregard] > > Hi, > > I noticed that NFS access from my workstation slowed down drastically, > almost

Re: [PATCH 08/38] openvswitch: fix handling result of ipv6_skip_exthdr

On Mon, Sep 21, 2015 at 6:33 AM, Andrzej Hajda wrote: > The function can return negative value. > > The problem has been detected using proposed semantic patch > scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci [1]. > > [1]: http://permalink.gmane.org/gmane.linux.kernel/2038576 > >

Re: [PATCH 08/38] openvswitch: fix handling result of ipv6_skip_exthdr

On Mon, Sep 21, 2015 at 6:33 AM, Andrzej Hajda wrote: > The function can return negative value. > > The problem has been detected using proposed semantic patch > scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci [1]. > > [1]:

Re: [PATCH net] openvswitch: Fix IPv6 exthdr handling with ct helpers.

On Mon, Sep 14, 2015 at 11:14 AM, Joe Stringer wrote: > Static code analysis reveals the following bug: > > net/openvswitch/conntrack.c:281 ovs_ct_helper() > warn: unsigned 'protoff' is never less than zero. > > This signedness bug breaks error handling for IPv6 extension headers

Re: [PATCH net] openvswitch: Fix IPv6 exthdr handling with ct helpers.

On Mon, Sep 14, 2015 at 11:14 AM, Joe Stringer wrote: > Static code analysis reveals the following bug: > > net/openvswitch/conntrack.c:281 ovs_ct_helper() > warn: unsigned 'protoff' is never less than zero. > > This signedness bug breaks error handling for

Re: [PATCH net] openvswitch: Fix dependency on IPv6 defrag.

On Fri, Sep 11, 2015 at 3:01 PM, Joe Stringer wrote: > When NF_CONNTRACK is built-in, NF_DEFRAG_IPV6 is a module, and > OPENVSWITCH is built-in, the following build error would occur: > > net/built-in.o: In function `ovs_ct_execute': > (.text+0x10f587): undefined reference to `nf_ct_frag6_gather'

Re: [PATCH net] openvswitch: Fix dependency on IPv6 defrag.

On Fri, Sep 11, 2015 at 3:01 PM, Joe Stringer wrote: > When NF_CONNTRACK is built-in, NF_DEFRAG_IPV6 is a module, and > OPENVSWITCH is built-in, the following build error would occur: > > net/built-in.o: In function `ovs_ct_execute': > (.text+0x10f587): undefined reference

Re: [PATCH net] openvswitch: Remove conntrack Kconfig option.

On Fri, Sep 4, 2015 at 1:07 PM, Joe Stringer wrote: > There's no particular desire to have conntrack action support in Open > vSwitch as an independently configurable bit, rather just to ensure > there is not a hard dependency. This exposed option doesn't accurately > reflect the conntrack

Re: [PATCH net] openvswitch: Remove conntrack Kconfig option.

On Fri, Sep 4, 2015 at 1:07 PM, Joe Stringer wrote: > There's no particular desire to have conntrack action support in Open > vSwitch as an independently configurable bit, rather just to ensure > there is not a hard dependency. This exposed option doesn't accurately >

Re: [PATCHv6 net-next 05/10] openvswitch: Add conntrack action

On Wed, Aug 26, 2015 at 11:31 AM, Joe Stringer wrote: > Expose the kernel connection tracker via OVS. Userspace components can > make use of the CT action to populate the connection state (ct_state) > field for a flow. This state can be subsequently matched. > > Exposed connection states are

Re: [PATCHv6 net-next 05/10] openvswitch: Add conntrack action

On Wed, Aug 26, 2015 at 11:31 AM, Joe Stringer joestrin...@nicira.com wrote: Expose the kernel connection tracker via OVS. Userspace components can make use of the CT action to populate the connection state (ct_state) field for a flow. This state can be subsequently matched. Exposed

Re: [PATCHv5 net-next 10/10] openvswitch: Allow attaching helpers to ct action

On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer wrote: > Add support for using conntrack helpers to assist protocol detection. > The new OVS_CT_ATTR_HELPER attribute of the CT action specifies a helper > to be used for this connection. If no helper is specified, then helpers > will be automatically

Re: [PATCHv5 net-next 09/10] openvswitch: Allow matching on conntrack label

On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer wrote: > Allow matching and setting the ct_label field. As with ct_mark, this is > populated by executing the CT action. The label field may be modified by > specifying a label and mask nested under the CT action. It is stored as > metadata attached

Re: [PATCHv5 net-next 06/10] openvswitch: Allow matching on conntrack mark

On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer wrote: > Allow matching and setting the ct_mark field. As with ct_state and > ct_zone, these fields are populated when the CT action is executed. To > write to this field, a value and mask can be specified as a nested > attribute under the CT action.

Re: [PATCHv5 net-next 05/10] openvswitch: Add conntrack action

On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer wrote: > Expose the kernel connection tracker via OVS. Userspace components can > make use of the CT action to populate the connection state (ct_state) > field for a flow. This state can be subsequently matched. > > Exposed connection states are

Re: [PATCHv5 net-next 03/10] ipv6: Export nf_ct_frag6_gather()

On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer wrote: > Signed-off-by: Joe Stringer > Acked-by: Thomas Graf > Acked-by: Pravin B Shelar When I apply this patch I see empty commit msg. I think you need to add atleast a blank line after the subject. > --- > v4: Add ack. > v5: No change. > --- >

Re: [PATCHv5 net-next 03/10] ipv6: Export nf_ct_frag6_gather()

On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer joestrin...@nicira.com wrote: Signed-off-by: Joe Stringer joestrin...@nicira.com Acked-by: Thomas Graf tg...@suug.ch Acked-by: Pravin B Shelar pshe...@nicira.com When I apply this patch I see empty commit msg. I think you need to add atleast a

Re: [PATCHv5 net-next 05/10] openvswitch: Add conntrack action

On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer joestrin...@nicira.com wrote: Expose the kernel connection tracker via OVS. Userspace components can make use of the CT action to populate the connection state (ct_state) field for a flow. This state can be subsequently matched. Exposed connection

Re: [PATCHv5 net-next 09/10] openvswitch: Allow matching on conntrack label

On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer joestrin...@nicira.com wrote: Allow matching and setting the ct_label field. As with ct_mark, this is populated by executing the CT action. The label field may be modified by specifying a label and mask nested under the CT action. It is stored as

Re: [PATCHv5 net-next 06/10] openvswitch: Allow matching on conntrack mark

On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer joestrin...@nicira.com wrote: Allow matching and setting the ct_mark field. As with ct_state and ct_zone, these fields are populated when the CT action is executed. To write to this field, a value and mask can be specified as a nested attribute

Re: [PATCHv5 net-next 10/10] openvswitch: Allow attaching helpers to ct action

On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer joestrin...@nicira.com wrote: Add support for using conntrack helpers to assist protocol detection. The new OVS_CT_ATTR_HELPER attribute of the CT action specifies a helper to be used for this connection. If no helper is specified, then helpers

Re: [PATCHv4 net-next 10/10] openvswitch: Allow attaching helpers to ct action

On Thu, Aug 20, 2015 at 5:47 PM, Joe Stringer wrote: > On 19 August 2015 at 15:57, Pravin Shelar wrote: >> On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer wrote: >>> Add support for using conntrack helpers to assist protocol detection. >>> The new OVS_CT_ATTR_HELPER

Re: [PATCHv4 net-next 10/10] openvswitch: Allow attaching helpers to ct action

On Thu, Aug 20, 2015 at 5:47 PM, Joe Stringer joestrin...@nicira.com wrote: On 19 August 2015 at 15:57, Pravin Shelar pshe...@nicira.com wrote: On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer joestrin...@nicira.com wrote: Add support for using conntrack helpers to assist protocol detection

Re: [PATCHv4 net-next 09/10] openvswitch: Allow matching on conntrack label

On Thu, Aug 20, 2015 at 12:13 PM, Joe Stringer wrote: > On 20 August 2015 at 08:45, Pravin Shelar wrote: >> On Wed, Aug 19, 2015 at 4:04 PM, Joe Stringer wrote: >>> Thanks for the review, >>> >>> On 19 August 2015 at 14:24, Pravin Shelar wrote: >&

Re: [PATCHv4 net-next 09/10] openvswitch: Allow matching on conntrack label

On Wed, Aug 19, 2015 at 4:04 PM, Joe Stringer wrote: > Thanks for the review, > > On 19 August 2015 at 14:24, Pravin Shelar wrote: >> On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer wrote: >>> Allow matching and setting the conntrack label field. As with ct_mar

Re: [PATCHv4 net-next 09/10] openvswitch: Allow matching on conntrack label

On Thu, Aug 20, 2015 at 12:13 PM, Joe Stringer joestrin...@nicira.com wrote: On 20 August 2015 at 08:45, Pravin Shelar pshe...@nicira.com wrote: On Wed, Aug 19, 2015 at 4:04 PM, Joe Stringer joestrin...@nicira.com wrote: Thanks for the review, On 19 August 2015 at 14:24, Pravin Shelar pshe

Re: [PATCHv4 net-next 09/10] openvswitch: Allow matching on conntrack label

On Wed, Aug 19, 2015 at 4:04 PM, Joe Stringer joestrin...@nicira.com wrote: Thanks for the review, On 19 August 2015 at 14:24, Pravin Shelar pshe...@nicira.com wrote: On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer joestrin...@nicira.com wrote: Allow matching and setting the conntrack label

Re: [PATCHv4 net-next 10/10] openvswitch: Allow attaching helpers to ct action

On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer wrote: > Add support for using conntrack helpers to assist protocol detection. > The new OVS_CT_ATTR_HELPER attribute of the ct action specifies a helper > to be used for this connection. > > Example ODP flows allowing FTP connections from ports 1->2:

Re: [PATCHv4 net-next 09/10] openvswitch: Allow matching on conntrack label

On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer wrote: > Allow matching and setting the conntrack label field. As with ct_mark, > this is populated by executing the CT action, and is a writable field. > Specifying a label and optional mask allows the label to be modified, > which takes effect on

Re: [PATCHv4 net-next 08/10] netfilter: connlabels: Export setting connlabel length

On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer wrote: > Add functions to change connlabel length into nf_conntrack_labels.c so > they may be reused by other modules like OVS and nftables without > needing to jump through xt_match_check() hoops. > > Suggested-by: Florian Westphal > Signed-off-by:

  1   2   3   >