Re: [crypto 4/8] chtls: CPL handler definition

Hello, On Tue, Dec 5, 2017, at 12:40, Atul Gupta wrote: > CPL handlers for TLS session, record transmit and receive This does very much looks like full TCP offload with TLS on top? It would be nice if you could give a few more details in the patch descriptions. Bye, Hannes

Re: [Patch net-next] tcp: add a tracepoint for tcp_retransmit_skb()

Eric Dumazet writes: [...] > Since this sock_gen_cookie() is lock-free and IRQ ready, it should be > not be a problem to pretend it works with a const socket. > > I am a bit unsure about revealing in socket cookie a precise count of > sockets created on a netns. Some

Re: [Patch net-next] tcp: add a tracepoint for tcp_retransmit_skb()

Alexei Starovoitov writes: > On Mon, Oct 09, 2017 at 10:35:47PM -0700, Cong Wang wrote: [...] >> +trace_tcp_retransmit_skb(sk, skb, segs); > > I'm happy to see new tracepoints being added to tcp stack, but I'm concerned > with practical usability of

Re: [net-next PATCH 1/5] bpf: introduce new bpf cpu map type BPF_MAP_TYPE_CPUMAP

Paolo Abeni <pab...@redhat.com> writes: > On Fri, 2017-09-29 at 09:56 +0200, Hannes Frederic Sowa wrote: >> [adding Paolo, Eric] >> >> Alexei Starovoitov <alexei.starovoi...@gmail.com> writes: >> >> > On Thu, Sep 28, 2017 a

Re: [PATCH v4 net-next 0/8] flow_dissector: Protocol specific flow dissector offload

Tom Herbert writes: > This patch set adds a new offload type to perform flow dissection for > specific protocols (either by EtherType or by IP protocol). This is > primary useful to crack open UDP encapsulations (like VXLAN, GUE) for > the purposes of parsing the

Re: [net-next PATCH 1/5] bpf: introduce new bpf cpu map type BPF_MAP_TYPE_CPUMAP

[adding Paolo, Eric] Alexei Starovoitov writes: > On Thu, Sep 28, 2017 at 02:57:08PM +0200, Jesper Dangaard Brouer wrote: [...] >> +wake_up_process(rcpu->kthread); > > In general the whole thing looks like 'threaded NAPI' that Hannes was > proposing some time

Re: [RFC PATCH] net: Introduce a socket option to enable picking tx queue based on rx queue.

Sridhar Samudrala writes: > This patch introduces a new socket option SO_SYMMETRIC_QUEUES that can be used > to enable symmetric tx and rx queues on a socket. > > This option is specifically useful for epoll based multi threaded workloads > where each thread handles

Re: [PATCH net-next 5/5] tls: Add generic NIC offload infrastructure.

Hello, Boris Pismenny <bor...@mellanox.com> writes: > Hello, > > Hannes Frederic Sowa <han...@stressinduktion.org> writes: >> Hello, >> >> Ilya Lesokhin <il...@mellanox.com> writes: >> >> > Hannes Frederic Sowa <han...@s

Re: [PATCH net-next 5/5] tls: Add generic NIC offload infrastructure.

Hello, Ilya Lesokhin <il...@mellanox.com> writes: > Hannes Frederic Sowa <han...@stressinduktion.org> writes: > >> The user should be aware of that they can't migrate the socket to another >> interface if they got hw offloaded. This is not the case for softwar

Re: [PATCH net-next 5/5] tls: Add generic NIC offload infrastructure.

Ilya Lesokhin writes: > +/* We assume that the socket is already connected */ > +static struct net_device *get_netdev_for_sock(struct sock *sk) > +{ > + struct inet_sock *inet = inet_sk(sk); > + struct net_device *netdev = NULL; > + > + netdev =

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

Jan Scheurich writes: >> > There is no way we can re-use the existing TLV tunnel metadata >> > infrastructure in OVS for matching and setting NSH MD2 TLV headers. We >> > will need to introduce a new (perhaps similar) scheme for modelling >> > generic TLV match

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

Jan Scheurich writes: >> >> Yes, I wrote that in my previous mail. I wonder why NSH context metadata >> >> is not in tun_metadata as well? >> > >> > tun_metadata is tunnel metadata, GENEVE needs tunnel port, but NSH is >> > not so, NSH can't directly use tun_metadata,

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

"Yang, Yi" <yi.y.y...@intel.com> writes: > On Tue, Sep 05, 2017 at 09:12:09PM +0800, Hannes Frederic Sowa wrote: >> "Yang, Yi" <yi.y.y...@intel.com> writes: >> >> > We can change this later if we really find a better way to handle

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Hi Tom, Tom Herbert <t...@herbertland.com> writes: > On Tue, Sep 5, 2017 at 4:14 AM, Hannes Frederic Sowa > <han...@stressinduktion.org> wrote: >> Tom Herbert <t...@herbertland.com> writes: >> >>> There is absolutely no requirement in IP that packets

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

Hello Jan, Jan Scheurich writes: > Please have a look at the Google doc that sketches the overall > solution to support NSH in OVS. > https://drive.google.com/open?id=1oWMYUH8sjZJzWa72o2q9kU0N6pNE-rwZcLH3-kbbDR8 > > In details it is slightly outdated but the NSH MD1

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

"Yang, Yi" <yi.y.y...@intel.com> writes: > On Tue, Sep 05, 2017 at 12:30:09PM +0200, Hannes Frederic Sowa wrote: >> "Yang, Yi" <yi.y.y...@intel.com> writes: >> >> > I'm not sure what new action you expect to bring here, I think group >&

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Tom Herbert writes: > There is absolutely no requirement in IP that packets are delivered in > order-- there never has been and there never will be! If the ULP, like > Ethernet encapsulation, requires in order deliver then it needs to > implement that itself like TCP, GRE,

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

"Yang, Yi" writes: > I'm not sure what new action you expect to bring here, I think group > action is just for this, as you said it isn't only bound to NSH, you can > start a new thread to discuss this. I don't think it is in scope of NSH. It is in scope of this discussion

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Hi Tom, Tom Herbert writes: >> The problem is that you end up having two streams, one fragmented and >> one non-fragmented, but actually they belong to the same stream. It is >> known to break stuff, see: >> >> >> >> I would

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Hello Tom, Tom Herbert <t...@herbertland.com> writes: > On Mon, Sep 4, 2017 at 6:50 AM, Hannes Frederic Sowa > <han...@stressinduktion.org> wrote: >> Tom Herbert <t...@herbertland.com> writes: >> >>> An encapsulator sets the UDP source port t

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Tom Herbert writes: > An encapsulator sets the UDP source port to be the flow entropy of the > packet being encapsulated. So when the packet traverses the network > devices can base their hash just on the canonical 5-tuple which is > sufficient for ECMP and RSS. IPv6 flow

Re: [ovs-dev] [PATCH net-next v6 3/3] openvswitch: enable NSH support

Hello, Jan Scheurich writes: >> >> >> Does it makes sense to keep the context headers as part of the flow? >> >> >> What is the reasoning behind it? With mdtype 2 headers this might >> >> >> either not work very well or will increase sw_flow_key size causing >> >> >>

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

Hello, "Yang, Yi" <yi.y.y...@intel.com> writes: > On Wed, Aug 30, 2017 at 05:53:27PM +0800, Hannes Frederic Sowa wrote: >> Hello, >> >> Yi Yang <yi.y.y...@intel.com> writes: >> >> [...] >> >> > +struct ovs_key_ns

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Hello, Saeed Mahameed <sae...@dev.mellanox.co.il> writes: [...] > On Sat, Sep 2, 2017 at 6:32 PM, Hannes Frederic Sowa > <han...@stressinduktion.org> wrote: >> Sorry, I think I am still confused. >> >> I just want to make sure that you don't use the f

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Hi Saeed, On Sun, Sep 3, 2017, at 01:01, Saeed Mahameed wrote: > On Thu, Aug 31, 2017 at 6:51 AM, Hannes Frederic Sowa > <han...@stressinduktion.org> wrote: > > Saeed Mahameed <sae...@mellanox.com> writes: > > > >> The first patch from Gal and

Re: [PATCH net-next 2/2] flow_dissector: Add limits for encapsulation and EH

Tom Herbert <t...@herbertland.com> writes: > On Fri, Sep 1, 2017 at 9:35 AM, Hannes Frederic Sowa > <han...@stressinduktion.org> wrote: >> Hello Tom, >> >> Tom Herbert <t...@quantonium.net> writes: >> >>> On Fri, Sep 1, 2017 at 6:32 AM, Ha

Re: [PATCH net-next 2/2] flow_dissector: Add limits for encapsulation and EH

Hello Tom, Tom Herbert <t...@quantonium.net> writes: > On Fri, Sep 1, 2017 at 6:32 AM, Hannes Frederic Sowa > <han...@stressinduktion.org> wrote: >> Tom Herbert <t...@quantonium.net> writes: >> >>> In flow dissector there are no limits to the n

Re: [PATCH net-next 2/2] flow_dissector: Add limits for encapsulation and EH

ension headers. I was actually more referring to your patch, because the flow dissector right now is not stack recursive. Your changes would make it doing recursion on the stack. But it seems something along the lines is anyway needed. See below. > Reported-by: Hannes Frederic Sowa <han...@stres

Re: [PATCH net-next 1/2] flow_dissector: Cleanup control flow

Tom Herbert writes: > __skb_flow_dissect is riddled with gotos that make discerning the flow, > debugging, and extending the capability difficult. This patch > reorganizes things so that we only perform goto's after the two main > switch statements (no gotos within the cases

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Saeed Mahameed writes: > The first patch from Gal and Ariel provides the mlx5 driver support for > ConnectX capability to perform IP version identification and matching in > order to distinguish between IPv4 and IPv6 without the need to specify the > encapsulation type, thus

Re: [ovs-dev] [PATCH net-next v6 3/3] openvswitch: enable NSH support

Hello, "Mooney, Sean K" writes: [...] >> >> > +struct ovs_key_nsh { >> >> > + u8 flags; >> >> > + u8 ttl; >> >> > + u8 mdtype; >> >> > + u8 np; >> >> > + __be32 path_hdr; >> >> > + __be32 context[NSH_MD1_CONTEXT_SIZE]; }; >> >> > +

Re: [PATCH v2 net-next 0/6] flow_dissector: Protocol specific flow dissector offload

Hello, Tom Herbert <t...@quantonium.net> writes: > On Wed, Aug 30, 2017 at 1:41 AM, Hannes Frederic Sowa > <han...@stressinduktion.org> wrote: >> Hello Tom, >> >> Tom Herbert <t...@quantonium.net> writes: >> >>> This patch set adds a new

Re: [ovs-dev] [PATCH net-next v6 3/3] openvswitch: enable NSH support

"Mooney, Sean K" <sean.k.moo...@intel.com> writes: >> -Original Message- >> From: ovs-dev-boun...@openvswitch.org [mailto:ovs-dev- >> boun...@openvswitch.org] On Behalf Of Hannes Frederic Sowa >> Sent: Wednesday, August 30, 2017 10:53 AM >>

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

Hello, Yi Yang writes: [...] > +struct ovs_key_nsh { > + u8 flags; > + u8 ttl; > + u8 mdtype; > + u8 np; > + __be32 path_hdr; > + __be32 context[NSH_MD1_CONTEXT_SIZE]; > +}; > + > struct sw_flow_key { > u8 tun_opts[IP_TUNNEL_OPTS_MAX]; >

Re: [PATCH v2 net-next 0/6] flow_dissector: Protocol specific flow dissector offload

Hello Tom, Tom Herbert writes: > This patch set adds a new offload type to perform flow dissection for > specific protocols (either by EtherType or by IP protocol). This is > primary useful to crack open UDP encapsulations (like VXLAN, GUE) for > the purposes of parsing the

Re: [patch net-next 1/3] idr: Add new APIs to support unsigned long

Hello, Chris Mi writes: > The following new APIs are added: > > int idr_alloc_ext(struct idr *idr, void *ptr, unsigned long *index, > unsigned long start, unsigned long end, gfp_t gfp); > static inline void *idr_remove_ext(struct idr *idr, unsigned long

Re: [PATCH] once: switch to new jump label API

-friendly: now the one-time initialization > code is placed out-of-line at the jump target, rather than at the inline > fallthrough case. > > Signed-off-by: Eric Biggers <ebigg...@google.com> Acked-by: Hannes Frederic Sowa <han...@stressinduktion.org. Thanks!

Re: [PATCH v2 net-next] net: ipv6: put host and anycast routes on device with address

David Ahern <dsah...@gmail.com> writes: > On 8/18/17 6:05 PM, David Ahern wrote: >> On 8/18/17 5:15 PM, Hannes Frederic Sowa wrote: >>> Hello David, >>> >>> David Ahern <dsah...@gmail.com> writes: >>> >>>> @@ -2688,15 +2716,

Re: [PATCH v2 net-next] net: ipv6: put host and anycast routes on device with address

Hello David, David Ahern writes: > @@ -2688,15 +2716,9 @@ struct rt6_info *addrconf_dst_alloc(struct inet6_dev > *idev, > { > u32 tb_id; > struct net *net = dev_net(idev->dev); > - struct net_device *dev = net->loopback_dev; > + struct net_device *dev =

Re: [PATCH v3 net-next 3/5] sock: ULP infrastructure

Tom Herbert writes: > +#ifdef CONFIG_MODULES > + if (!ulp && capable(CAP_NET_ADMIN)) { > + rcu_read_unlock(); > + request_module("%s", name); > + rcu_read_lock(); > + ulp = ulp_find(name); > + } > +#endif It looks to

Re: [RFC] net: make net.core.{r,w}mem_{default,max} namespaced

On Tue, Aug 1, 2017, at 09:18, Eric Dumazet wrote: > On Tue, 2017-08-01 at 02:17 -0400, Hannes Frederic Sowa wrote: > > > We do account rmem as well as wmem allocated memory to the apropriate > > mem_cgs. In theory this should be okay. > > Last time I checked, rmem

Re: [RFC] net: make net.core.{r,w}mem_{default,max} namespaced

Eric Dumazet writes: > On Wed, 2017-07-26 at 19:03 +0200, Matteo Croce wrote: >> The following sysctl are global and can't be read or set from a netns: >> >> net.core.rmem_default >> net.core.rmem_max >> net.core.wmem_default >> net.core.wmem_max >> >> Make the

Re: [RFC] net: make net.core.{r,w}mem_{default,max} namespaced

Matteo Croce writes: > The following sysctl are global and can't be read or set from a netns: > > net.core.rmem_default > net.core.rmem_max > net.core.wmem_default > net.core.wmem_max [...] I think a sensible addition to those sysctls would be tcp_moderate_rcvbuf to disable

Re: [RFC PATCH] IP: do not modify ingress packet IP option in ip_options_echo()

Hello, David Miller writes: > From: Paolo Abeni > Date: Fri, 21 Jul 2017 15:55:18 +0200 > >> diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c >> index 93157f2..fdda973 100644 >> --- a/net/ipv4/ip_options.c >> +++ b/net/ipv4/ip_options.c >> @@

Re: DNS (?) not working on G5 (64-bit powerpc) (was [net-next,v3,3/3] udp: try to avoid 2 cache miss on dequeue)

On Thu, Jun 22, 2017, at 22:57, Paolo Abeni wrote: > > Can you please check if the following patch fixes the issue? Only > compiled tested here. > > Thanks!!! > --- > diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c > index 067a607..80d89fe 100644 > --- a/net/ipv4/udp.c > +++ b/net/ipv4/udp.c > @@

Re: [PATCH v3 net-next 0/4] kernel TLS

Hello Dave, On Wed, Jun 14, 2017, at 21:47, David Miller wrote: > From: Dave Watson > Date: Wed, 14 Jun 2017 11:36:54 -0700 > > > This series adds support for kernel TLS encryption over TCP sockets. > > A standard TCP socket is converted to a TLS socket using a setsockopt. >

Re: prog ID and next steps. Was: [RFC net-next 0/2] Introduce bpf_prog ID and iteration

Hi, just quickly, because I am on a run: On Sun, Apr 30, 2017, at 04:06, Alexei Starovoitov wrote: > On 4/28/17 2:13 PM, Hannes Frederic Sowa wrote: > > > > Let's assume the following program with a constant key lookup and > > different tables: > > > >

Re: [Patch net-next v2] ipv4: get rid of ip_ra_lock

nts out, BH does not need to disable either, RCU readers > don't care. > > Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> Acked-by: Hannes Frederic Sowa <han...@stressinduktion.org>

Re: prog ID and next steps. Was: [RFC net-next 0/2] Introduce bpf_prog ID and iteration

Hello, On 28.04.2017 21:31, Alexei Starovoitov wrote: >> jit on: >> >> perf record -e bpf_redirect -agR >> >> The unwinder walks the stack, extracts address of upper function and >> sends it to user space (perf) or handles it inside the kernel/kallsyms >> (ftrace). >> >> User takes tag of bpf

Re: xdp_redirect ifindex vs port. Was: best API for returning/setting egress port?

On 28.04.2017 07:30, Alexei Starovoitov wrote: > On 4/27/17 10:06 PM, John Fastabend wrote: >> That is more or less what I was thinking as well. The other question >> I have though is should we have a bpf_redirect() call for the simple >> case where I use the ifindex directly. This will be helpful

Re: prog ID and next steps. Was: [RFC net-next 0/2] Introduce bpf_prog ID and iteration

On 28.04.2017 20:51, Hannes Frederic Sowa wrote: > Doesn't this break if I have 2 mlx4 cards in the system with different > XDP programs attached? I would have to add an additional parameter to > one of the mlx4 functions to extract the net_device pointer to make the > correlation th

Re: prog ID and next steps. Was: [RFC net-next 0/2] Introduce bpf_prog ID and iteration

Hello, On 28.04.2017 20:24, Daniel Borkmann wrote: > On 04/28/2017 01:50 PM, Hannes Frederic Sowa wrote: >> On 28.04.2017 03:11, Alexei Starovoitov wrote: > [...] >>> i disagree re: kallsyms. The goal of prog_tag is to let program writers >>> understand which prog

Re: prog ID and next steps. Was: [RFC net-next 0/2] Introduce bpf_prog ID and iteration

Hello Alexei, On 28.04.2017 03:11, Alexei Starovoitov wrote: > On 4/27/17 6:36 AM, Hannes Frederic Sowa wrote: >> On 27.04.2017 08:24, Martin KaFai Lau wrote: >>> This patchset introduces the bpf_prog ID and a new bpf cmd to >>> iterate all bpf_prog in the system. >

Re: [PATCH net-next 6/6] bpf: show bpf programs

On 27.04.2017 18:00, David Miller wrote: > From: Hannes Frederic Sowa <han...@stressinduktion.org> > Date: Thu, 27 Apr 2017 15:22:49 +0200 > >> Sure, that sounds super. But so far Linux and most (maybe I should write >> all) subsystems always provided some e

Re: [RFC net-next 0/2] Introduce bpf_prog ID and iteration

On 27.04.2017 08:24, Martin KaFai Lau wrote: > This patchset introduces the bpf_prog ID and a new bpf cmd to > iterate all bpf_prog in the system. > > It is still incomplete. The idea can be extended to bpf_map. > > Martin KaFai Lau (2): > bpf: Introduce bpf_prog ID > bpf: Test for bpf_prog

Re: [PATCH net-next 6/6] bpf: show bpf programs

On 26.04.2017 23:25, Alexei Starovoitov wrote: > On Wed, Apr 26, 2017 at 08:24:19PM +0200, Hannes Frederic Sowa wrote: >> >> +static const char *bpf_type_string(enum bpf_prog_type type) >> +{ >> +static const char *bpf_type_names[] = { >> +#define X(type) #ty

Re: [PATCH net-next 6/6] bpf: show bpf programs

On 26.04.2017 23:35, Daniel Borkmann wrote: > On 04/26/2017 08:24 PM, Hannes Frederic Sowa wrote: >> Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> >> --- >> include/uapi/linux/bpf.h | 32 +++- >>

Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

Hi, On 26.04.2017 23:08, Alexei Starovoitov wrote: > On Wed, Apr 26, 2017 at 08:24:17PM +0200, Hannes Frederic Sowa wrote: >> Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> >> --- >> include/linux/filter.h | 6 -- >> kernel/bpf/core.c

Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

On 26.04.2017 23:04, Daniel Borkmann wrote: > On 04/26/2017 08:24 PM, Hannes Frederic Sowa wrote: >> diff --git a/net/core/filter.c b/net/core/filter.c >> index 9a37860a80fc78..dc020d40bb770a 100644 >> --- a/net/core/filter.c >> +++ b/net/core/filter.c >> @@ -1100

[PATCH net-next 3/6] bpf: bpf_progs stores all loaded programs

We later want to give users a quick dump of what is possible with procfs, so store a list of all currently loaded bpf programs. Later this list will be printed in procfs. Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/linux/filter.h | 4 ++-- kernel/bpf/

[PATCH net-next 5/6] bpf: add skeleton for procfs printing of bpf_progs

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- kernel/bpf/core.c | 90 +++ 1 file changed, 90 insertions(+) diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 048e2d79718a16..3ba175a24e971a 100644 --- a/kern

[PATCH net-next 1/6] bpf: bpf_lock needs only block bottom half

We never modify bpf programs from hardirqs ever. Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- kernel/bpf/core.c | 12 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index b4f1cb0c5ac710..6f81e0f5

[PATCH net-next 6/6] bpf: show bpf programs

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/uapi/linux/bpf.h | 32 +++- kernel/bpf/core.c| 30 +- 2 files changed, 48 insertions(+), 14 deletions(-) diff --git a/include/uapi/linux/bpf.h b/i

[PATCH net-next 0/6] bpf: list all loaded ebpf programs in /proc/bpf/programs

Frederic Sowa (6): bpf: bpf_lock needs only block bottom half bpf: rename bpf_kallsyms to bpf_progs, ksym_lnode to bpf_progs_head bpf: bpf_progs stores all loaded programs bpf: track if the bpf program was loaded with SYS_ADMIN capabilities bpf: add skeleton for procfs printing

[PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/linux/filter.h | 6 -- kernel/bpf/core.c | 4 +++- kernel/bpf/syscall.c | 7 --- kernel/bpf/verifier.c | 4 ++-- net/core/filter.c | 6 +++--- 5 files changed, 16 insertions(+), 11 deletions(-)

[PATCH net-next 2/6] bpf: rename bpf_kallsyms to bpf_progs, ksym_lnode to bpf_progs_head

We will soon put all bpf programs on this list, thus use apropriate names. Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/linux/bpf.h | 2 +- kernel/bpf/core.c | 18 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include

Re: XDP question: best API for returning/setting egress port?

Hi, On 18.04.2017 21:58, Jesper Dangaard Brouer wrote: > > As I argued in NetConf presentation[1] (from slide #9) we need a port > mapping table (instead of using ifindex'es). Both for supporting > other "port" types than net_devices (think sockets), and for > sandboxing what XDP can bypass. >

Re: [PATCH net-next] net: ipv6: Add early demux handler for UDP unicast

On Tue, Apr 18, 2017, at 17:16, David Miller wrote: > From: Simon Horman > Date: Tue, 18 Apr 2017 17:09:04 +0900 > > > On Wed, Mar 08, 2017 at 11:22:01AM -0800, Eric Dumazet wrote: > >> On Wed, 2017-03-08 at 12:11 -0700, Subash Abhinov Kasiviswanathan wrote: > >> >

Re: [PATCH net] ipv6: drop non loopback packets claiming to originate from ::1

l seems reasonable. > RFC4291 doesn't allow such a source address either, so drop such packets. > > Reported-by: Eric Dumazet <eduma...@google.com> > Signed-off-by: Florian Westphal <f...@strlen.de> Acked-by: Hannes Frederic Sowa <han...@stressinduktion.org> Thanks!

Re: [PATCH net-next] net: ipv6: send unsolicited NA on admin up

ocumentation/networking/ip-sysctl.txt). The NA is not sent on NETDEV_UP > event; add it. > > Fixes: 5cb04436eef6 ("ipv6: add knob to send unsolicited ND on link-layer > address change") > Signed-off-by: David Ahern <d...@cumulusnetworks.com> Acked-by: Hannes Frederic Sowa

Re: [RFC TLS Offload Support 00/15] cover letter

Hello, On 29.03.2017 19:41, David Miller wrote: > From: Aviad Yehezkel > Date: Tue, 28 Mar 2017 16:26:17 +0300 > >> TLS Tx crypto offload is a new feature of network devices. It >> enables the kernel TLS socket to skip encryption and authentication >> operations on the

Re: [PATCH net-next RFC v1 00/27] afnetns: new namespace type for separation on protocol level

On 13.03.2017 23:06, Eric W. Biederman wrote: > Michael Kerrisk <mtk.manpa...@gmail.com> writes: > >> On Mon, Mar 13, 2017 at 12:44 AM, Hannes Frederic Sowa >> <han...@stressinduktion.org> wrote: >>> Hi, >>> >>> On Sun, 2017-03-12 at 16

Re: [PATCH net-next RFC v1 00/27] afnetns: new namespace type for separation on protocol level

Hi, On Sun, 2017-03-12 at 16:26 -0700, David Miller wrote: > From: Hannes Frederic Sowa <han...@stressinduktion.org> > Date: Mon, 13 Mar 2017 00:01:24 +0100 > > > afnetns behaves like ordinary namespaces: clone, unshare, setns syscalls > > can work with afnetns with

[PATCH net-next RFC v1 18/27] afnetns: afnetns should influence source address selection

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- drivers/target/iscsi/cxgbit/cxgbit_cm.c | 2 +- include/linux/inetdevice.h | 5 +++-- include/net/route.h | 10 ++ net/ipv4/devinet.c | 19 --

[PATCH net-next RFC v1 25/27] afnetns: ipv4: inherit afnetns from calling application

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- net/ipv4/devinet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index 82a7389ec86faa..01bdff8a957ae1 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/dev

[PATCH net-next RFC v1 21/27] afnetns: add support for tcpv6

Same as the support for tcpv4, we simply add the necessary checks so we just look at our own sockets. Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- net/ipv6/inet6_hashtables.c | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/ne

[PATCH net-next RFC v1 26/27] afnetns: ipv6: inherit afnetns from calling application

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- net/ipv6/addrconf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 319f83a7d29dd5..3d9d24ec066a67 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addr

[PATCH net-next RFC v1 23/27] afnetns: use user_ns from afnetns for checking for binding to port < 1024

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/net/inet_common.h | 2 +- net/ipv4/af_inet.c| 37 ++--- net/ipv6/af_inet6.c | 2 +- 3 files changed, 24 insertions(+), 17 deletions(-) diff --git a/inclu

[PATCH net-next RFC v1 15/27] afnetns: add ipv6_get_ifaddr_afnetns_rcu

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/net/addrconf.h | 17 + 1 file changed, 17 insertions(+) diff --git a/include/net/addrconf.h b/include/net/addrconf.h index e3f1920ca57968..644fa68bb4ddef 100644 --- a/include/net/addrconf.h +++ b/i

[PATCH net-next RFC v1 16/27] afnetns: add udpv6 support

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- net/ipv6/datagram.c | 6 -- net/ipv6/udp.c | 18 +- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index eec27f87efaca1..cd811e8b1ba824

[PATCH net-next RFC v1 27/27] afnetns: allow only whitelisted protocols to operate inside afnetns

We only care about inet protocols (which is IPv4 and IPv6). Other protocols, like netlink are not under control of afnetns and thus must be hardened with capabilities. Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/net/protocol.h | 1 + net/ipv4/af_inet.c

[PATCH net-next RFC v1 22/27] afnetns: track owning namespace for inet_bind

In order for a newly created afnetns to allow its processes to bind to ports lower than 1024 we need to track the to be created user namespace to check for the permissions for binding so. Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/net/afnetns.h

[PATCH net-next RFC v1 14/27] afnetns: check for afnetns in inet6_bind

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/net/addrconf.h | 3 ++- net/ipv6/addrconf.c| 12 ++-- net/ipv6/af_inet6.c| 7 +-- net/ipv6/ndisc.c | 4 ++-- net/ipv6/route.c | 2 +- 5 files changed, 20 insertions(+), 8 del

[PATCH net-next RFC v1 24/27] afnetns: check afnetns user_ns in inet6_bind

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- net/ipv6/af_inet6.c | 40 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 30aff01eba5be0..4aa221826e753c 100644 ---

[PATCH net-next RFC v1 08/27] afnetns: factor out inet_allow_bind

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/net/inet_common.h | 1 + net/ipv4/af_inet.c| 51 ++- 2 files changed, 34 insertions(+), 18 deletions(-) diff --git a/include/net/inet_common.h b/inclu

[PATCH net-next RFC v1 19/27] afnetns: add afnetns support for tcpv4

This commit adds the necessary checks to inet_hashtables, so that sockets also have to match the corresponding afnetns. Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/net/inet_sock.h| 1 + net/ipv4/inet_hashtables.c | 17 +++-- net/ipv4/tcp_i

[PATCH net-next RFC v1 07/27] ipv4: introduce ifa_find_rcu

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/linux/inetdevice.h | 1 + net/ipv4/devinet.c | 29 + 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h

[PATCH net-next RFC v1 17/27] afnetns: introduce __inet_select_addr

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/linux/inetdevice.h | 2 ++ net/ipv4/devinet.c | 27 --- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h

[PATCH net-next RFC v1 20/27] ipv6: move ipv6_get_ifaddr to vmlinux in case ipv6 is build as module

inet6_hashtables is build into vmlinux in case ipv6 gets build as a module. As the inet6_hashtables functions depend on ipv6_get_ifaddr via ipv6_get_ifaddr_afnetns_rcu, we need to make the lookup function always available. Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.

[PATCH net-next RFC v1 09/27] afnetns: add sock_afnetns

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/net/sock.h | 9 + 1 file changed, 9 insertions(+) diff --git a/include/net/sock.h b/include/net/sock.h index 1e05d497db2520..aa204bf3537ba0 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -

[PATCH net-next RFC v1 04/27] afnetns: add net_afnetns

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/net/net_namespace.h | 8 1 file changed, 8 insertions(+) diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index c59fb018da5e46..9be39b8315a6f9 100644 --- a/include/net/net_names

[PATCH net-next RFC v1 00/27] afnetns: new namespace type for separation on protocol level

hangelog: v1) first published version The same commands work for IPv6, I only used IPv4 as an example. This is still work in progress. Hannes Frederic Sowa (27): afnetns: add CLONE_NEWAFNET flag afnetns: basic namespace operations and representations afnetns: prepare for integration into ip

[PATCH net-next RFC v1 11/27] afnetns: validate afnetns in inet_allow_bind

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- net/ipv4/af_inet.c | 11 +++ 1 file changed, 11 insertions(+) diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index aee599e23137e7..5f11399bafd16f 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@

[PATCH net-next RFC v1 12/27] afnetns: ipv4/udp integration

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- net/ipv4/udp.c | 22 ++ 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index ea6e4cff9fafe9..5bfe2d9f5583da 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4

[PATCH net-next RFC v1 10/27] afnetns: add ifa_find_afnetns_rcu

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/linux/inetdevice.h | 11 +++ 1 file changed, 11 insertions(+) diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h index eb1b662f62626f..01cbcfe93383b7 100644 --- a/include/linux/inetde

[PATCH net-next RFC v1 13/27] afnetns: use inet_allow_bind in inet6_bind

Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- net/ipv6/af_inet6.c | 17 - 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 04db40620ea65c..f9367c507573bc 100644 --- a/net/ipv6/af_inet6.c +++

[PATCH net-next RFC v1 06/27] afnetns: put afnetns pointer into struct sock

All sockets are associated to its creator's afnet namespace. A little bit care must be taken about in-kernel socket creation. Basically we associate kernel pointers to the current's net namespace afnet and don't use the process contexts afnetns. Signed-off-by: Hannes Frederic Sowa <

[PATCH net-next RFC v1 05/27] afnetns: ipv6 integration

Like the previous IPv4 counterpart, this patch associates every IPv6 address with a corresponding afnet namespace. The namespace can be set via file descriptor and the inode gets reported during dumping. Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/net/if_i

[PATCH net-next RFC v1 01/27] afnetns: add CLONE_NEWAFNET flag

allowed to be used by the kernel, thus I consider its usage safe. Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- include/uapi/linux/sched.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/uapi/linux/sched.h b/include/uapi/linux/sched.h index 5f0fe019

[PATCH RFC iproute v1 4/4] afnetns: only show afnetns when show_details

Only show afnetns details when details are requested. Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- ip/ipaddress.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ip/ipaddress.c b/ip/ipaddress.c index d954f3ea5bff40..cfb58e70e4f29f 100644 --

  1   2   3   4   5   6   7   8   9   >