On Mon, Jun 15, 2020 at 7:13 PM Xidong Wang wrote:
>
> From: xidongwang
>
> The stack object “zone_limit” has 3 members. In function
> ovs_ct_limit_get_default_limit(), the member "count" is
> not initialized and sent out via “nla_put_nohdr”.
>
> Signed-off-by: xidongwang
Looks good.
Acked-by:
On Thu, Aug 8, 2019 at 8:55 PM Hillf Danton wrote:
>
>
> syzbot found the following crash on:
>
> HEAD commit:1e78030e Merge tag 'mmc-v5.3-rc1' of git://git.kernel.org/..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=148d3d1a60
> kernel config:
On Tue, Aug 6, 2019 at 5:00 AM Hillf Danton wrote:
>
>
> On Tue, 06 Aug 2019 01:58:05 -0700
> > Hello,
> >
> > syzbot found the following crash on:
> >
...
> > BUG: memory leak
> > unreferenced object 0x8881228ca500 (size 128):
> >comm "syz-executor032", pid 7015, jiffies 4294944622 (age
Yang Shi <yan...@alibaba-inc.com>
> Cc: Pravin Shelar <pshe...@nicira.com>
> Cc: "David S. Miller" <da...@davemloft.net>
> Cc: d...@openvswitch.org
Acked-by: Pravin B Shelar <pshe...@ovn.org>
On Fri, Nov 17, 2017 at 3:02 PM, Yang Shi wrote:
> Preempt counter APIs have been split out, currently, hardirq.h just
> includes irq_enter/exit APIs which are not used by openvswitch at all.
>
> So, remove the unused hardirq.h.
>
> Signed-off-by: Yang Shi
> Cc: Pravin S
On Mon, Nov 27, 2017 at 5:11 PM, Arnd Bergmann wrote:
> timespec is deprecated because of the y2038 overflow, so let's convert
> this one to ktime_get_ts64(). The code is already safe even on 32-bit
> architectures, since it uses monotonic times. On 64-bit architectures,
> nothing
On Mon, Nov 27, 2017 at 5:11 PM, Arnd Bergmann wrote:
> timespec is deprecated because of the y2038 overflow, so let's convert
> this one to ktime_get_ts64(). The code is already safe even on 32-bit
> architectures, since it uses monotonic times. On 64-bit architectures,
> nothing changes, while
On Thu, Nov 9, 2017 at 7:29 PM, Colin King wrote:
> From: Colin Ian King
>
> upcall may be assigned a NULL pointer as genlmsg_put can potentially
> return a NULL. Add a null check to avoid a null pointer dereference
> on upcall.
>
> Detected
On Thu, Nov 9, 2017 at 7:29 PM, Colin King wrote:
> From: Colin Ian King
>
> upcall may be assigned a NULL pointer as genlmsg_put can potentially
> return a NULL. Add a null check to avoid a null pointer dereference
> on upcall.
>
> Detected by CoverityScan, CID#728404 ("Dereference null return
On Wed, Sep 13, 2017 at 4:15 AM, 严海双 <yanhaishu...@cmss.chinamobile.com> wrote:
>
>
>> On 2017年9月13日, at 上午7:43, Pravin Shelar <pshe...@ovn.org> wrote:
>>
>> On Tue, Sep 12, 2017 at 12:05 AM, Haishuang Yan
>> <yanhaishu...@cmss.chinamobile.com> wrot
On Wed, Sep 13, 2017 at 4:15 AM, 严海双 wrote:
>
>
>> On 2017年9月13日, at 上午7:43, Pravin Shelar wrote:
>>
>> On Tue, Sep 12, 2017 at 12:05 AM, Haishuang Yan
>> wrote:
>>> Similar to vxlan/ipip tunnel, if key->tos is zero in collect metadata
>>> mod
On Tue, Sep 12, 2017 at 12:05 AM, Haishuang Yan
wrote:
> Similar to vxlan/ipip tunnel, if key->tos is zero in collect metadata
> mode, tos should also fallback to ip{4,6}_dst_hoplimit.
>
> Signed-off-by: Haishuang Yan
>
> ---
On Tue, Sep 12, 2017 at 12:05 AM, Haishuang Yan
wrote:
> Similar to vxlan/ipip tunnel, if key->tos is zero in collect metadata
> mode, tos should also fallback to ip{4,6}_dst_hoplimit.
>
> Signed-off-by: Haishuang Yan
>
> ---
> Changes since v2:
> * Make the commit message more clearer.
> ---
On Tue, Sep 12, 2017 at 2:47 AM, Haishuang Yan
wrote:
> In collect_md mode, if the tun dev is down, it still can call
> ip_tunnel_rcv to receive on packets, and the rx statistics increase
> improperly.
>
> When the md tunnel is down, it's not neccessary to
On Tue, Sep 12, 2017 at 2:47 AM, Haishuang Yan
wrote:
> In collect_md mode, if the tun dev is down, it still can call
> ip_tunnel_rcv to receive on packets, and the rx statistics increase
> improperly.
>
> When the md tunnel is down, it's not neccessary to increase RX drops
> for the tunnel
On Mon, Sep 11, 2017 at 12:56 PM, Christophe JAILLET
wrote:
> All other error handling paths in this function go through the 'error'
> label. This one should do the same.
>
> Fixes: 9cc9a5cb176c ("datapath: Avoid using stack larger than 1024.")
> Signed-off-by:
On Mon, Sep 11, 2017 at 12:56 PM, Christophe JAILLET
wrote:
> All other error handling paths in this function go through the 'error'
> label. This one should do the same.
>
> Fixes: 9cc9a5cb176c ("datapath: Avoid using stack larger than 1024.")
> Signed-off-by: Christophe JAILLET
> ---
> I think
On Sun, Sep 3, 2017 at 5:49 AM, Haishuang Yan
wrote:
> If key->tos is zero in collect metadata mode, tos should fallback to
> ip{4,6}_dst_hoplimit, same as normal mode.
>
> Signed-off-by: Haishuang Yan
> ---
>
On Sun, Sep 3, 2017 at 5:49 AM, Haishuang Yan
wrote:
> If key->tos is zero in collect metadata mode, tos should fallback to
> ip{4,6}_dst_hoplimit, same as normal mode.
>
> Signed-off-by: Haishuang Yan
> ---
> drivers/net/geneve.c | 6 ++
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
On Mon, Jun 19, 2017 at 6:13 AM, 严海双 <yanhaishu...@cmss.chinamobile.com> wrote:
>
>
>> On 19 Jun 2017, at 1:43 PM, Pravin Shelar <pshe...@ovn.org> wrote:
>>
>> On Fri, Jun 16, 2017 at 8:27 PM, Haishuang Yan
>> <yanhaishu...@cmss.chinamobile.com&g
On Mon, Jun 19, 2017 at 6:13 AM, 严海双 wrote:
>
>
>> On 19 Jun 2017, at 1:43 PM, Pravin Shelar wrote:
>>
>> On Fri, Jun 16, 2017 at 8:27 PM, Haishuang Yan
>> wrote:
>>> In collect_md mode, if the tun dev is down, it still can call
>>> ip_tunnel_
On Fri, Jun 16, 2017 at 8:27 PM, Haishuang Yan
wrote:
> In collect_md mode, if the tun dev is down, it still can call
> ip_tunnel_rcv to receive on packets, and the rx statistics increase
> improperly.
>
> Fixes: 2e15ea390e6f ("ip_gre: Add support to collect
On Fri, Jun 16, 2017 at 8:27 PM, Haishuang Yan
wrote:
> In collect_md mode, if the tun dev is down, it still can call
> ip_tunnel_rcv to receive on packets, and the rx statistics increase
> improperly.
>
> Fixes: 2e15ea390e6f ("ip_gre: Add support to collect tunnel metadata.")
> Cc: Pravin B
On Wed, Jun 7, 2017 at 9:32 PM, Haishuang Yan
wrote:
> When ip_tunnel_rcv fails, the tun_dst won't be freed, so call
> dst_release to free it in error code path.
>
> CC: Pravin B Shelar
> Fixes: 2e15ea390e6f ("ip_gre: Add support to collect
On Wed, Jun 7, 2017 at 9:32 PM, Haishuang Yan
wrote:
> When ip_tunnel_rcv fails, the tun_dst won't be freed, so call
> dst_release to free it in error code path.
>
> CC: Pravin B Shelar
> Fixes: 2e15ea390e6f ("ip_gre: Add support to collect tunnel metadata.")
> Signed-off-by: Haishuang Yan
>
>
On Wed, Jun 7, 2017 at 8:15 PM, Eric Dumazet <eric.duma...@gmail.com> wrote:
> On Wed, 2017-06-07 at 19:13 -0700, Pravin Shelar wrote:
>> On Wed, Jun 7, 2017 at 5:57 PM, Haishuang Yan
>> <yanhaishu...@cmss.chinamobile.com> wrote:
>> > When ip_tunnel_rcv fails,
On Wed, Jun 7, 2017 at 8:15 PM, Eric Dumazet wrote:
> On Wed, 2017-06-07 at 19:13 -0700, Pravin Shelar wrote:
>> On Wed, Jun 7, 2017 at 5:57 PM, Haishuang Yan
>> wrote:
>> > When ip_tunnel_rcv fails, the tun_dst won't be freed, so move
>> > skb_dst_set to
On Wed, Jun 7, 2017 at 5:57 PM, Haishuang Yan
wrote:
> When ip_tunnel_rcv fails, the tun_dst won't be freed, so move
> skb_dst_set to begin and tun_dst would be freed by kfree_skb.
>
> CC: Pravin B Shelar
> Fixes: 2e15ea390e6f ("ip_gre: Add
On Wed, Jun 7, 2017 at 5:57 PM, Haishuang Yan
wrote:
> When ip_tunnel_rcv fails, the tun_dst won't be freed, so move
> skb_dst_set to begin and tun_dst would be freed by kfree_skb.
>
> CC: Pravin B Shelar
> Fixes: 2e15ea390e6f ("ip_gre: Add support to collect tunnel metadata.")
> Signed-off-by:
On Sat, Apr 22, 2017 at 11:43 PM, Pan Bian wrote:
> Function nla_nest_start() will return a NULL pointer on error, and its
> return value should be validated before it is used. However, in function
> queue_userspace_packet(), its return value is ignored. This may result
> in
On Sat, Apr 22, 2017 at 11:43 PM, Pan Bian wrote:
> Function nla_nest_start() will return a NULL pointer on error, and its
> return value should be validated before it is used. However, in function
> queue_userspace_packet(), its return value is ignored. This may result
> in NULL dereference when
On Mon, Nov 28, 2016 at 8:36 PM, Haishuang Yan
wrote:
> kernel will crash in oops if genlmsg_put return NULL,
> so add the sanity check.
>
> Signed-off-by: Haishuang Yan
> ---
> net/openvswitch/datapath.c | 4
> 1 file
On Mon, Nov 28, 2016 at 8:36 PM, Haishuang Yan
wrote:
> kernel will crash in oops if genlmsg_put return NULL,
> so add the sanity check.
>
> Signed-off-by: Haishuang Yan
> ---
> net/openvswitch/datapath.c | 4
> 1 file changed, 4 insertions(+)
>
> diff --git a/net/openvswitch/datapath.c
On Sun, Nov 27, 2016 at 9:26 PM, Haishuang Yan
wrote:
> It shold reserved sizeof(ipv6hdr) for geneve in ipv6 tunnel.
>
> Fixes: c3ef5aa5e5 ('geneve: Merge ipv4 and ipv6 geneve_build_skb()')
>
> Signed-off-by: Haishuang Yan
On Sun, Nov 27, 2016 at 9:26 PM, Haishuang Yan
wrote:
> It shold reserved sizeof(ipv6hdr) for geneve in ipv6 tunnel.
>
> Fixes: c3ef5aa5e5 ('geneve: Merge ipv4 and ipv6 geneve_build_skb()')
>
> Signed-off-by: Haishuang Yan
Thanks for fix.
Acked-by: Pravin B Shelar
much appreciated.
>
> v2: use the GENL_UNS_ADMIN_PERM flag instead of a check in each function
> v3: use separate ifs for UNS_ADMIN_PERM and ADMIN_PERM, instead of one
> massive one
>
> Reported-by: James Page
> Signed-off-by: Tycho Andersen
> CC: Eric Biederman
> CC: P
gned-off-by: Tycho Andersen <tycho.ander...@canonical.com>
> CC: Eric Biederman <ebied...@xmission.com>
> CC: Pravin Shelar <pshe...@ovn.org>
> CC: Justin Pettit <jpet...@nicira.com>
> CC: "David S. Miller" <da...@davemloft.net>
> ---
>
On Fri, Jan 29, 2016 at 8:37 AM, Tycho Andersen
wrote:
> Hi Eric,
>
> Thanks for the review.
>
> On Fri, Jan 29, 2016 at 08:29:55AM -0600, Eric W. Biederman wrote:
>> Tycho Andersen writes:
>>
>> > Operations with the GENL_ADMIN_PERM flag fail permissions checks because
>> > this flag means we
On Fri, Jan 29, 2016 at 8:37 AM, Tycho Andersen
wrote:
> Hi Eric,
>
> Thanks for the review.
>
> On Fri, Jan 29, 2016 at 08:29:55AM -0600, Eric W. Biederman wrote:
>> Tycho Andersen writes:
>>
>> > Operations with the GENL_ADMIN_PERM
On Fri, Jan 1, 2016 at 5:48 AM, Arnd Bergmann wrote:
> From 433df301cf49624871346fa63f3fc65033caeda3 Mon Sep 17 00:00:00 2001
> From: Arnd Bergmann
> Date: Fri, 1 Jan 2016 13:18:48 +0100
> Subject: [PATCH] net: make ip6tunnel_xmit definition conditional
>
> Moving the caller of
On Fri, Jan 1, 2016 at 5:48 AM, Arnd Bergmann wrote:
> From 433df301cf49624871346fa63f3fc65033caeda3 Mon Sep 17 00:00:00 2001
> From: Arnd Bergmann
> Date: Fri, 1 Jan 2016 13:18:48 +0100
> Subject: [PATCH] net: make ip6tunnel_xmit definition conditional
>
> Moving
On Fri, Oct 2, 2015 at 3:18 AM, Konstantin Khlebnikov
wrote:
> When openvswitch tries allocate memory from offline numa node 0:
> stats = kmem_cache_alloc_node(flow_stats_cache, GFP_KERNEL | __GFP_ZERO, 0)
> It catches VM_BUG_ON(nid < 0 || nid >= MAX_NUMNODES || !node_online(nid))
> [ replaced
On Fri, Oct 2, 2015 at 3:18 AM, Konstantin Khlebnikov
wrote:
> When openvswitch tries allocate memory from offline numa node 0:
> stats = kmem_cache_alloc_node(flow_stats_cache, GFP_KERNEL | __GFP_ZERO, 0)
> It catches VM_BUG_ON(nid < 0 || nid >= MAX_NUMNODES ||
On Thu, Oct 1, 2015 at 1:53 PM, Joe Stringer wrote:
> Previously, the CT_ATTR_FLAGS attribute, when nested under the
> OVS_ACTION_ATTR_CT, encoded a 32-bit bitmask of flags that modify the
> semantics of the ct action. It's more extensible to just represent each
> flag as a nested attribute, and
On Thu, Oct 1, 2015 at 1:53 PM, Joe Stringer wrote:
> If ovs_fragment() was unable to fragment the skb due to an L2 header
> that exceeds the supported length, skbs would be leaked. Fix the bug.
>
> Fixes: 7f8a436 "openvswitch: Add conntrack action"
> Signed-off-by: Joe Stringer
> ---
> v2: Drop
On Thu, Oct 1, 2015 at 3:00 PM, Joe Stringer wrote:
> Conntrack LABELS (plural) are exposed by conntrack; rename the OVS name
> for these to be consistent with conntrack.
>
> Fixes: c2ac667 "openvswitch: Allow matching on conntrack label"
> Signed-off-by: Joe Stringer
> ---
> v3: Fix build with
On Thu, Oct 1, 2015 at 1:53 PM, Joe Stringer wrote:
> If ovs_fragment() was unable to fragment the skb due to an L2 header
> that exceeds the supported length, skbs would be leaked. Fix the bug.
>
> Fixes: 7f8a436 "openvswitch: Add conntrack action"
> Signed-off-by: Joe
On Thu, Oct 1, 2015 at 3:00 PM, Joe Stringer wrote:
> Conntrack LABELS (plural) are exposed by conntrack; rename the OVS name
> for these to be consistent with conntrack.
>
> Fixes: c2ac667 "openvswitch: Allow matching on conntrack label"
> Signed-off-by: Joe Stringer
On Thu, Oct 1, 2015 at 1:53 PM, Joe Stringer wrote:
> Previously, the CT_ATTR_FLAGS attribute, when nested under the
> OVS_ACTION_ATTR_CT, encoded a 32-bit bitmask of flags that modify the
> semantics of the ct action. It's more extensible to just represent each
> flag as
On Wed, Sep 30, 2015 at 6:20 PM, Joe Stringer wrote:
> On 30 September 2015 at 17:31, Pravin Shelar wrote:
>> On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote:
>>> Previously, if userspace specified ct_state bits in the flow key which
>>> are currently undefined
On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote:
> The ct action uses parts of the flow key, so we need to ensure that it
> is valid before executing that action.
>
> Fixes: 7f8a436 "openvswitch: Add conntrack action"
> Signed-off-by: Joe Stringer
Acked-by: Pravin B Shelar
--
To
On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote:
> The ct_state field was initially added as an 8-bit field, however six of
> the bits are already being used and use cases are already starting to
> appear that may push the limits of this field. This patch extends the
> field to 32 bits while
On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote:
> Previously, the CT_ATTR_FLAGS attribute, when nested under the
> OVS_ACTION_ATTR_CT, encoded a 32-bit bitmask of flags that modify the
> semantics of the ct action. It's more extensible to just represent each
> flag as a nested attribute, and
On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote:
> These comments hadn't caught up to their implementations, fix them.
>
> Fixes: 7f8a436 "openvswitch: Add conntrack action"
> Signed-off-by: Joe Stringer
Acked-by: Pravin B Shelar
--
To unsubscribe from this list: send the line "unsubscribe
On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote:
> Previously, if userspace specified ct_state bits in the flow key which
> are currently undefined (and therefore unsupported), then they would be
> ignored. This could cause unexpected behaviour in future if userspace is
> extended to support
On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote:
> Conntrack LABELS (plural) are exposed by conntrack; rename the OVS name
> for these to be consistent with conntrack.
>
> Fixes: c2ac667 "openvswitch: Allow matching on conntrack label"
> Signed-off-by: Joe Stringer
> ---
>
On Wed, Sep 30, 2015 at 3:18 AM, Igor Kotrasinski
wrote:
> Commit 6ae459bdaaeebc632 (skbuff: Fix skb checksum flag on skb pull)
> introduces a regression when using usbip userspace tools.
> Running usbipd and attempting to list remote devices on localhost causes
> usbip to freeze. Stopping usbip
On Wed, Sep 30, 2015 at 3:18 AM, Igor Kotrasinski
wrote:
> Commit 6ae459bdaaeebc632 (skbuff: Fix skb checksum flag on skb pull)
> introduces a regression when using usbip userspace tools.
> Running usbipd and attempting to list remote devices on localhost causes
> usbip
On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote:
> Conntrack LABELS (plural) are exposed by conntrack; rename the OVS name
> for these to be consistent with conntrack.
>
> Fixes: c2ac667 "openvswitch: Allow matching on conntrack label"
> Signed-off-by: Joe Stringer
On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote:
> These comments hadn't caught up to their implementations, fix them.
>
> Fixes: 7f8a436 "openvswitch: Add conntrack action"
> Signed-off-by: Joe Stringer
Acked-by: Pravin B Shelar
On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote:
> Previously, if userspace specified ct_state bits in the flow key which
> are currently undefined (and therefore unsupported), then they would be
> ignored. This could cause unexpected behaviour in future if userspace
On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote:
> The ct action uses parts of the flow key, so we need to ensure that it
> is valid before executing that action.
>
> Fixes: 7f8a436 "openvswitch: Add conntrack action"
> Signed-off-by: Joe Stringer
On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote:
> The ct_state field was initially added as an 8-bit field, however six of
> the bits are already being used and use cases are already starting to
> appear that may push the limits of this field. This patch extends the
>
On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer wrote:
> Previously, the CT_ATTR_FLAGS attribute, when nested under the
> OVS_ACTION_ATTR_CT, encoded a 32-bit bitmask of flags that modify the
> semantics of the ct action. It's more extensible to just represent each
> flag as
On Wed, Sep 30, 2015 at 6:20 PM, Joe Stringer <joestrin...@nicira.com> wrote:
> On 30 September 2015 at 17:31, Pravin Shelar <pshe...@nicira.com> wrote:
>> On Tue, Sep 29, 2015 at 3:39 PM, Joe Stringer <joestrin...@nicira.com> wrote:
>>> Previously, if userspace
On Tue, Sep 29, 2015 at 3:33 AM, Takashi Iwai wrote:
> On Tue, 29 Sep 2015 02:35:04 +0200,
> Pravin Shelar wrote:
>>
>> On Mon, Sep 28, 2015 at 6:12 AM, Takashi Iwai wrote:
>> > [I resent this since the previous mail didn't go out properly, as it
>> >
On Tue, Sep 29, 2015 at 3:33 AM, Takashi Iwai <ti...@suse.de> wrote:
> On Tue, 29 Sep 2015 02:35:04 +0200,
> Pravin Shelar wrote:
>>
>> On Mon, Sep 28, 2015 at 6:12 AM, Takashi Iwai <ti...@suse.de> wrote:
>> > [I resent this since the previous mail di
On Mon, Sep 28, 2015 at 6:12 AM, Takashi Iwai wrote:
> [I resent this since the previous mail didn't go out properly, as it
> seems; apologies if you already read it, please disregard]
>
> Hi,
>
> I noticed that NFS access from my workstation slowed down drastically,
> almost stalls, with the
On Mon, Sep 28, 2015 at 6:12 AM, Takashi Iwai wrote:
> [I resent this since the previous mail didn't go out properly, as it
> seems; apologies if you already read it, please disregard]
>
> Hi,
>
> I noticed that NFS access from my workstation slowed down drastically,
> almost stalls, with the
On Mon, Sep 28, 2015 at 6:12 AM, Takashi Iwai wrote:
> [I resent this since the previous mail didn't go out properly, as it
> seems; apologies if you already read it, please disregard]
>
> Hi,
>
> I noticed that NFS access from my workstation slowed down drastically,
> almost
On Mon, Sep 28, 2015 at 6:12 AM, Takashi Iwai wrote:
> [I resent this since the previous mail didn't go out properly, as it
> seems; apologies if you already read it, please disregard]
>
> Hi,
>
> I noticed that NFS access from my workstation slowed down drastically,
> almost
On Mon, Sep 21, 2015 at 6:33 AM, Andrzej Hajda wrote:
> The function can return negative value.
>
> The problem has been detected using proposed semantic patch
> scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci [1].
>
> [1]: http://permalink.gmane.org/gmane.linux.kernel/2038576
>
>
On Mon, Sep 21, 2015 at 6:33 AM, Andrzej Hajda wrote:
> The function can return negative value.
>
> The problem has been detected using proposed semantic patch
> scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci [1].
>
> [1]:
On Mon, Sep 14, 2015 at 11:14 AM, Joe Stringer wrote:
> Static code analysis reveals the following bug:
>
> net/openvswitch/conntrack.c:281 ovs_ct_helper()
> warn: unsigned 'protoff' is never less than zero.
>
> This signedness bug breaks error handling for IPv6 extension headers
On Mon, Sep 14, 2015 at 11:14 AM, Joe Stringer wrote:
> Static code analysis reveals the following bug:
>
> net/openvswitch/conntrack.c:281 ovs_ct_helper()
> warn: unsigned 'protoff' is never less than zero.
>
> This signedness bug breaks error handling for
On Fri, Sep 11, 2015 at 3:01 PM, Joe Stringer wrote:
> When NF_CONNTRACK is built-in, NF_DEFRAG_IPV6 is a module, and
> OPENVSWITCH is built-in, the following build error would occur:
>
> net/built-in.o: In function `ovs_ct_execute':
> (.text+0x10f587): undefined reference to `nf_ct_frag6_gather'
On Fri, Sep 11, 2015 at 3:01 PM, Joe Stringer wrote:
> When NF_CONNTRACK is built-in, NF_DEFRAG_IPV6 is a module, and
> OPENVSWITCH is built-in, the following build error would occur:
>
> net/built-in.o: In function `ovs_ct_execute':
> (.text+0x10f587): undefined reference
On Fri, Sep 4, 2015 at 1:07 PM, Joe Stringer wrote:
> There's no particular desire to have conntrack action support in Open
> vSwitch as an independently configurable bit, rather just to ensure
> there is not a hard dependency. This exposed option doesn't accurately
> reflect the conntrack
On Fri, Sep 4, 2015 at 1:07 PM, Joe Stringer wrote:
> There's no particular desire to have conntrack action support in Open
> vSwitch as an independently configurable bit, rather just to ensure
> there is not a hard dependency. This exposed option doesn't accurately
>
On Wed, Aug 26, 2015 at 11:31 AM, Joe Stringer wrote:
> Expose the kernel connection tracker via OVS. Userspace components can
> make use of the CT action to populate the connection state (ct_state)
> field for a flow. This state can be subsequently matched.
>
> Exposed connection states are
On Wed, Aug 26, 2015 at 11:31 AM, Joe Stringer joestrin...@nicira.com wrote:
Expose the kernel connection tracker via OVS. Userspace components can
make use of the CT action to populate the connection state (ct_state)
field for a flow. This state can be subsequently matched.
Exposed
On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer wrote:
> Add support for using conntrack helpers to assist protocol detection.
> The new OVS_CT_ATTR_HELPER attribute of the CT action specifies a helper
> to be used for this connection. If no helper is specified, then helpers
> will be automatically
On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer wrote:
> Allow matching and setting the ct_label field. As with ct_mark, this is
> populated by executing the CT action. The label field may be modified by
> specifying a label and mask nested under the CT action. It is stored as
> metadata attached
On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer wrote:
> Allow matching and setting the ct_mark field. As with ct_state and
> ct_zone, these fields are populated when the CT action is executed. To
> write to this field, a value and mask can be specified as a nested
> attribute under the CT action.
On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer wrote:
> Expose the kernel connection tracker via OVS. Userspace components can
> make use of the CT action to populate the connection state (ct_state)
> field for a flow. This state can be subsequently matched.
>
> Exposed connection states are
On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer wrote:
> Signed-off-by: Joe Stringer
> Acked-by: Thomas Graf
> Acked-by: Pravin B Shelar
When I apply this patch I see empty commit msg. I think you need to
add atleast a blank line after the subject.
> ---
> v4: Add ack.
> v5: No change.
> ---
>
On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer joestrin...@nicira.com wrote:
Signed-off-by: Joe Stringer joestrin...@nicira.com
Acked-by: Thomas Graf tg...@suug.ch
Acked-by: Pravin B Shelar pshe...@nicira.com
When I apply this patch I see empty commit msg. I think you need to
add atleast a
On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer joestrin...@nicira.com wrote:
Expose the kernel connection tracker via OVS. Userspace components can
make use of the CT action to populate the connection state (ct_state)
field for a flow. This state can be subsequently matched.
Exposed connection
On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer joestrin...@nicira.com wrote:
Allow matching and setting the ct_label field. As with ct_mark, this is
populated by executing the CT action. The label field may be modified by
specifying a label and mask nested under the CT action. It is stored as
On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer joestrin...@nicira.com wrote:
Allow matching and setting the ct_mark field. As with ct_state and
ct_zone, these fields are populated when the CT action is executed. To
write to this field, a value and mask can be specified as a nested
attribute
On Mon, Aug 24, 2015 at 5:32 PM, Joe Stringer joestrin...@nicira.com wrote:
Add support for using conntrack helpers to assist protocol detection.
The new OVS_CT_ATTR_HELPER attribute of the CT action specifies a helper
to be used for this connection. If no helper is specified, then helpers
On Thu, Aug 20, 2015 at 5:47 PM, Joe Stringer wrote:
> On 19 August 2015 at 15:57, Pravin Shelar wrote:
>> On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer wrote:
>>> Add support for using conntrack helpers to assist protocol detection.
>>> The new OVS_CT_ATTR_HELPER
On Thu, Aug 20, 2015 at 5:47 PM, Joe Stringer joestrin...@nicira.com wrote:
On 19 August 2015 at 15:57, Pravin Shelar pshe...@nicira.com wrote:
On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer joestrin...@nicira.com wrote:
Add support for using conntrack helpers to assist protocol detection
On Thu, Aug 20, 2015 at 12:13 PM, Joe Stringer wrote:
> On 20 August 2015 at 08:45, Pravin Shelar wrote:
>> On Wed, Aug 19, 2015 at 4:04 PM, Joe Stringer wrote:
>>> Thanks for the review,
>>>
>>> On 19 August 2015 at 14:24, Pravin Shelar wrote:
>&
On Wed, Aug 19, 2015 at 4:04 PM, Joe Stringer wrote:
> Thanks for the review,
>
> On 19 August 2015 at 14:24, Pravin Shelar wrote:
>> On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer wrote:
>>> Allow matching and setting the conntrack label field. As with ct_mar
On Thu, Aug 20, 2015 at 12:13 PM, Joe Stringer joestrin...@nicira.com wrote:
On 20 August 2015 at 08:45, Pravin Shelar pshe...@nicira.com wrote:
On Wed, Aug 19, 2015 at 4:04 PM, Joe Stringer joestrin...@nicira.com wrote:
Thanks for the review,
On 19 August 2015 at 14:24, Pravin Shelar pshe
On Wed, Aug 19, 2015 at 4:04 PM, Joe Stringer joestrin...@nicira.com wrote:
Thanks for the review,
On 19 August 2015 at 14:24, Pravin Shelar pshe...@nicira.com wrote:
On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer joestrin...@nicira.com wrote:
Allow matching and setting the conntrack label
On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer wrote:
> Add support for using conntrack helpers to assist protocol detection.
> The new OVS_CT_ATTR_HELPER attribute of the ct action specifies a helper
> to be used for this connection.
>
> Example ODP flows allowing FTP connections from ports 1->2:
On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer wrote:
> Allow matching and setting the conntrack label field. As with ct_mark,
> this is populated by executing the CT action, and is a writable field.
> Specifying a label and optional mask allows the label to be modified,
> which takes effect on
On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer wrote:
> Add functions to change connlabel length into nf_conntrack_labels.c so
> they may be reused by other modules like OVS and nftables without
> needing to jump through xt_match_check() hoops.
>
> Suggested-by: Florian Westphal
> Signed-off-by:
1 - 100 of 225 matches
Mail list logo