In 'seg6_output', stack variable 'struct flowi6 fl6' was missing
initialization.
Fixes: 6c8702c60b88 ("ipv6: sr: add support for SRH encapsulation and injection
with lwtunnels")
Signed-off-by: Shmulik Ladkani
---
Suggeting this fix, spotted during code review while experimenting
Hi,
On Fri, 17 Aug 2018 08:00:22 -0700
Stephen Hemminger wrote:
> If you accept an attribute on input you need to parse it and display it the
> same way in the show command.
Note print_encap_ip and print_encap_ip6 already handle LWTUNNEL_IP_SRC
and LWTUNNEL_IP6_SRC (since long ago, 1e5293056
This allows the user to specify the LWTUNNEL_IP_SRC/LWTUNNEL_IP6_SRC
when setting an lwtunnel encapsulation route.
Signed-off-by: Shmulik Ladkani
---
ip/iproute_lwtunnel.c | 22 --
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/ip/iproute_lwtunnel.c b/ip
xmit uses existing saddr
selection code.
Signed-off-by: Shmulik Ladkani
Reviewed-by: Eyal Birger
Fixes: 8d79266bc48c ("ip6_tunnel: add collect_md mode to IPv6 tunnels")
---
net/ipv6/ip6_tunnel.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/ip6_
On Thu, 15 Mar 2018 09:35:51 -0700 (PDT) Liran Alon
wrote:
> - shmulik.ladk...@gmail.com wrote:
>
> > On Thu, 15 Mar 2018 08:01:03 -0700 (PDT) Liran Alon
> > wrote:
> > >
> > > I still think that default behavior should be to zero skb->mark
On Thu, 15 Mar 2018 08:01:03 -0700 (PDT) Liran Alon
wrote:
>
> I still think that default behavior should be to zero skb->mark only when skb
> cross netdevs in different netns.
But the previous default was scrub the mark in *both* xnet and non-xnet
situations.
On Thu, 15 Mar 2018 16:13:39 +0100 Daniel Borkmann <dan...@iogearbox.net> wrote:
> On 03/15/2018 01:50 PM, Shmulik Ladkani wrote:
> >
> > It would be beneficial to have the mark preserved when skb is injected
> > to the slave device's rx path (especially when it's on th
Hi,
On Thu, 15 Mar 2018 12:56:13 +0100 Daniel Borkmann <dan...@iogearbox.net> wrote:
> On 03/15/2018 10:21 AM, Shmulik Ladkani wrote:
> >
> > Regarding veth xmit, it does makes sense to preserve the fields if not
> > crossing netns. This is also the c
Hi,
On Tue, 13 Mar 2018 17:07:22 +0200 Liran Alon wrote:
> Before this commit, dev_forward_skb() always cleared packet's
> per-network-namespace info. Even if the packet doesn't cross
> network namespaces.
>
> The comment above dev_forward_skb() describes that this is
Hi,
On Sat, 10 Feb 2018 14:08:58 +0100
Daniel Borkmann <dan...@iogearbox.net> wrote:
> Hi Shmulik,
>
> On 02/10/2018 08:46 AM, Shmulik Ladkani wrote:
> > Hi,
> >
> > Apparently one cannot use TC cls_bpf/act_bpf if running from a user ns
> > other than
Hi,
Apparently one cannot use TC cls_bpf/act_bpf if running from a user ns
other than the init_user_ns, as bpf_prog_load does not permit loading
these type of progs, snip:
if (type != BPF_PROG_TYPE_SOCKET_FILTER &&
type != BPF_PROG_TYPE_CGROUP_SKB &&
From: Shmulik Ladkani <shmulik.ladk...@gmail.com>
IP6_TNL_F_ALLOW_LOCAL_REMOTE allows tunnel traffic on ip6tnl devices
where the remote endpoint is a local host address.
Specifying "[no]allow-localremote" controls the
IP6_TNL_F_ALLOW_LOCAL_REMOTE flag on ip6tnl interfaces.
From: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Currently, ip6_tnl_xmit_ctl drops tunneled packets if the remote
address (outer v6 destination) is one of host's locally configured
addresses.
Same applies to ip6_tnl_rcv_ctl: it drops packets if the remote address
(outer v6 source) is a
From: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Commit 2c16d6033264 ("netfilter: xt_bpf: support ebpf") introduced
support for attaching an eBPF object by an fd, with the
'bpf_mt_check_v1' ABI expecting the '.fd' to be specified upon each
IPT_SO_SET_REPLACE call.
However this b
Hi David,
On Tue, 03 Oct 2017 14:54:18 -0700 (PDT) David Miller <da...@davemloft.net>
wrote:
> From: Shmulik Ladkani <shmu...@nsof.io>
> Date: Sat, 30 Sep 2017 11:59:09 +0300
>
> > This leads to inconsistencies, depending on order of operations, e.g.:
>
&
From: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Commit 2c16d6033264 ("netfilter: xt_bpf: support ebpf") introduced
support for attaching an eBPF object by an fd, with the
'bpf_mt_check_v1' ABI expecting the '.fd' to be specified upon each
IPT_SO_SET_REPLACE call.
However this b
Hi David,
On Tue, 03 Oct 2017 14:54:18 -0700 (PDT) David Miller
wrote:
> I don't see any inconsistency. When you insert using NLM_F_EXCL the
> insertion fails if any existing rule matches or overlaps in any way
> with the keys in the new rule.
Please note that current
From: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Commit 153380ec4b9b ("fib_rules: Added NLM_F_EXCL support to fib_nl_newrule")
added a check to 'fib_nl_newrule' that tests whether the suggested rule
already exists (i.e. has same properties). The check uses
fib_rules_ops-&
Hi,
Commit 2c16d60 'netfilter: xt_bpf: support ebpf' introduced
'xt_bpf_info_v1', to support attaching an eBPF object by fd.
Alas, seems this ABI is problematic, as the 'fd', which is local to the
process attaching the ebpf object (namely iptables) is stored in the
matchinfo structure.
This
for egress
> GSO packets.
>
> Suggested-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
> Signed-off-by: Lance Richardson <lrich...@redhat.com>
Thanks Lance.
Reviewed-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
On Thu, 3 Nov 2016 22:34:34 +0100 Hannes Frederic Sowa
wrote:
> Correct, but we should maybe redefine the code a bit. From my
> understanding we can now create an ICMP storm in case every fragment gets.
Yes, you are right.
Each segment gets into ip_fragment, and due
Hi,
On Thu, 3 Nov 2016 09:06:27 -0400 (EDT) Lance Richardson
wrote:
> I'm not sure what could be added that would help, was there something
> specific you had in mind?
How about something like this (preliminary, feel free to massage):
@@ -248,10 +248,16 @@ static int
Hi,
On Thu, 3 Nov 2016 17:05:54 -0400 (EDT) Lance Richardson
wrote:
>
> I'm still digesting the patchwork history, but it seems to me:
>
>1) If we call skb_gso_validate_mtu() and it returns true,
> ip_finish_output2() will
> be called, just as before, so
On Thu, 03 Nov 2016 16:12:44 -0400 (EDT) David Miller
wrote:
> Applied and queued up for -stable.
Dave, my response lagged your "Applied" by few minutes ;)
This seems to deserve some more thought to make sure nothing got broken,
as expressed last in
Hi Hannes, Lance,
On Wed, 2 Nov 2016 16:36:17 -0400 Lance Richardson wrote:
>
> - if (skb_iif && !(df & htons(IP_DF))) {
> - /* Arrived from an ingress interface, got encapsulated, with
> - * fragmentation of encapulating frames allowed.
> -
On Wed, 2 Nov 2016 16:36:17 -0400
Lance Richardson wrote:
> - /* common case: fragmentation of segments is not allowed,
> - * or seglen is <= mtu
> + /* common case: seglen is <= mtu
>*/
> - if (((IPCB(skb)->flags & IPSKB_FRAG_SEGS) == 0) ||
> -
Hi,
On Fri, 28 Oct 2016 13:13:45 +0800 Eli Cooper wrote:
> So I think it is best that all the
> IP6CB gets cleared before it is pushed to the next layer.
Just a comparison to the ipv4 world:
All tunnels (udp/ip based) end up calling iptunnel_xmit(), which:
- scrubs the skb
Hi,
On Thu, 27 Oct 2016 16:56:43 +0200 Phil Sutter wrote:
> > Actual code, since first committed, attempts to parse "index" as 1st
> > argument (without success), see parse_mirred():
> >
> > if (matches(*argv, "egress") == 0 || matches(*argv, "index") == 0) {
> >
Hi Phil,
On Thu, 27 Oct 2016 11:46:33 +0200, p...@nwl.cc wrote:
> According to the action's help text (and the man page which is based
> upon that), this behaviour is perfectly fine:
>
> | Usage: mirred [index INDEX]
>
> So first argument *must* be the direction, second one *must* be the
>
- continue parsing after valid "index" is seen
- don't issue the RTNETLINK unless valid "egress"/"ingress" is seen
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
v2: rebased to recent tip of net-next, amended log message
An alternative solutio
:
- continue parsing after valid "index" is seen
- don't issue the RTNETLINK unless valid "egress" is seen
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
Well, both man and usage suggest "index" comes after the egress clause:
tc ... action mir
lan: allow null VLAN ID to be used")
Fixes: 1a31f2042e ("netsched: Allow meta match on vlan tag on receive")
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Cc: Eric Dumazet <eric.duma...@gmail.com>
Cc: Stephen Hemminger <step...@networkplumber.org>
---
net/
basic \
action mirred ingress redirect dev dummy0
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
man/man8/tc-mirred.8 | 4 +---
tc/m_mirred.c| 40
2 files changed, 29 insertions(+), 15 deletions(-)
diff --git a/man/m
/mirror, rename these
predicates to reflect their true meaning:
s/is_tcf_mirred_redirect/is_tcf_mirred_egress_redirect/
s/is_tcf_mirred_mirror/is_tcf_mirred_egress_mirror/
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Cc: Hariprasad S <haripra...@chelsio.com>
Cc:
Move detection logic that tests whether device expects skb data to point
at mac_header upon xmit into a function.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
net/sched/act_mirred.c | 28 +++-
1 file changed, 15 insertions(+), 13 deletions(-)
diff
:
in 4/4, addressed non coherency due to reading m->tcfm_eaction multiple
times, as spotted by Eric Dumazet
v2:
in 1/4, declare tcfm_mac_header_xmit as bool instead of int
Shmulik Ladkani (4):
net/sched: act_mirred: Rename tcfm_ok_push to tcfm_mac_header_xmit and
make it a bool
from the action to be taken.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
v2: declare tcfm_mac_header_xmit as bool instead of int
include/net/tc_act/tc_mirred.h | 2 +-
net/sched/act_mirred.c | 11 ++-
2 files changed, 7 insertions(+), 6 deletions(-)
diff
of a specified device.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Cc: Jamal Hadi Salim <j...@mojatatu.com>
Cc: Eric Dumazet <eric.duma...@gmail.com>
Cc: Cong Wang <xiyou.wangc...@gmail.com>
---
v4: check ret code of netif_receive_skb, as suggested by Cong
Hi,
On Mon, Oct 3, 2016 at 12:45 PM, Cong Wang <xiyou.wangc...@gmail.com> wrote:
> On Thu, Sep 29, 2016 at 4:03 AM, Shmulik Ladkani
> <shmulik.ladk...@gmail.com> wrote:
>> skb2->skb_iif = skb->dev->ifindex;
>> skb2->dev =
of a specified device.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Cc: Jamal Hadi Salim <j...@mojatatu.com>
Cc: Eric Dumazet <eric.duma...@gmail.com>
---
v3: Addressed non coherency due to reading m->tcfm_eaction multiple times,
as spotted by Eri
ple
times, as spotted by Eric Dumazet
v2:
in 1/4, declare tcfm_mac_header_xmit as bool instead of int
Shmulik Ladkani (4):
net/sched: act_mirred: Rename tcfm_ok_push to tcfm_mac_header_xmit and
make it a bool
net/sched: act_mirred: Refactor detection whether dev needs xmit at
mac hea
from the action to be taken.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
v2: declare tcfm_mac_header_xmit as bool instead of int
include/net/tc_act/tc_mirred.h | 2 +-
net/sched/act_mirred.c | 11 ++-
2 files changed, 7 insertions(+), 6 deletions(-)
diff
/mirror, rename these
predicates to reflect their true meaning:
s/is_tcf_mirred_redirect/is_tcf_mirred_egress_redirect/
s/is_tcf_mirred_mirror/is_tcf_mirred_egress_mirror/
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Cc: Hariprasad S <haripra...@chelsio.com>
Cc:
Move detection logic that tests whether device expects skb data to point
at mac_header upon xmit into a function.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
net/sched/act_mirred.c | 28 +++-
1 file changed, 15 insertions(+), 13 deletions(-)
diff
Hi Eric,
On Tue, 27 Sep 2016 14:27:13 -0700 Eric Dumazet wrote:
>
> Since this runs lockless, another cpu might change m->tcfm_eaction in
> the middle, and you could call dev_queue_xmit(skb2) while the skb2 was
> prepared for the opposite action.
Well, seem members of
David,
On Thu, 29 Sep 2016 12:10:40 +0300 Shmulik Ladkani <shmulik.ladk...@gmail.com>
wrote:
> This patch fixes act_vlan to point to the mac_header prior calling
> skb_vlan_*() functions, as other callers do.
>
This 1/2 patch fixes the problem detailed in [1] for act_vlan,
la
fixes act_vlan to point to the mac_header prior calling
skb_vlan_*() functions, as other callers do.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Pravin Shelar <pshe...@ovn.org>
Cc: Jiri Pirko <j...@mellanox.com>
---
longer support arbitrary skb->data
inputs for skb_vlan_pop/push().
skb->data is expected to be exactly at mac_header; WARN otherwise.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Pravin Shelar <pshe...@ovn.org>
Cc:
On Wed, 28 Sep 2016 16:43:38 +0200 Daniel Borkmann wrote:
> Couldn't we end up with 1) for the act_vlan case when we'd have the
> offset-adjusted skb_vlan_push() fix from here, where we'd then redirect
> to ingress where skb_vlan_pop() would be called? If I'm not missing
>
On Wed, 28 Sep 2016 16:43:38 +0200 Daniel Borkmann wrote:
> > (1) suppose upon entry we have
> >
> > DA,SA,0x8100,TCI,0x0800,
> > ^^
> > mac_hdr data
> >
> > initial offset is 18, and after current unwinding code we'll get
>
> You
Hi,
On Wed, 28 Sep 2016 12:30:56 +0200, dan...@iogearbox.net wrote:
> > @@ -4608,6 +4608,8 @@ int skb_vlan_push(struct sk_buff *skb, __be16
> > vlan_proto, u16 vlan_tci)
> >
> > skb->protocol = skb->vlan_proto;
> > skb->mac_len += VLAN_HLEN;
> > + if (offset)
>
From: Shmulik Ladkani <shmulik.ladk...@gmail.com>
In case 'skb_vlan_push' is called on an skb with a hw-accel vlan tag
present, the existing hw-accel tag is inserted into the payload, and
the new given tag is placed as new hw-accel tag.
In order to insert the existing hw-acc
Hi,
On Tue, 27 Sep 2016 13:04:35 -0700, pshe...@ovn.org wrote:
>
> OVS MPLS does depends on mac-len to track MPLS header (ref
> skb_mpls_header()). Therefore vlan header changes needs to update
> mac-len.
Thanks for the explanation.
I'm working on a better fix.
Regards,
Shmulik
Hi,
On Tue, 27 Sep 2016 14:27:13 -0700 Eric Dumazet <eric.duma...@gmail.com> wrote:
> On Tue, 2016-09-27 at 23:59 +0300, Shmulik Ladkani wrote:
> > Up until now, 'action mirred' supported only egress actions (either
> > TCA_EGRESS_REDIR or TCA_EGRESS_MIRROR).
> >
from the action to be taken.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
v2: declare tcfm_mac_header_xmit as bool instead of int
include/net/tc_act/tc_mirred.h | 2 +-
net/sched/act_mirred.c | 11 ++-
2 files changed, 7 insertions(+), 6 deletions(-)
diff
of a specified device.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Cc: Jamal Hadi Salim <j...@mojatatu.com>
---
net/sched/act_mirred.c | 48 ++--
1 file changed, 42 insertions(+), 6 deletions(-)
diff --git a/net/sched/act_mi
/mirror, rename these
predicates to reflect their true meaning:
s/is_tcf_mirred_redirect/is_tcf_mirred_egress_redirect/
s/is_tcf_mirred_mirror/is_tcf_mirred_egress_mirror/
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Cc: Hariprasad S <haripra...@chelsio.com>
Cc:
Move detection logic that tests whether device expects skb data to point
at mac_header upon xmit into a function.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
net/sched/act_mirred.c | 28 +++-
1 file changed, 15 insertions(+), 13 deletions(-)
diff
This patch series implements action mirred 'ingress' actions
TCA_INGRESS_REDIR and TCA_INGRESS_MIRROR.
This allows attaching filters whose target is to hand matching skbs into
the rx processing of a specified device.
v2:
in 1/4, declare tcfm_mac_header_xmit as bool instead of int
Shmulik
Hi,
On Tue, 27 Sep 2016 12:30:20 +0200 Daniel Borkmann <dan...@iogearbox.net> wrote:
> On 09/22/2016 03:21 PM, Shmulik Ladkani wrote:
> > From: Shmulik Ladkani <shmulik.ladk...@gmail.com>
> >
> > 'tcfm_ok_push' specifies whether a mac_len sized push is needed upo
havior is having QinQ frames.
Fix, removing the unnecessary VLAN_HLEN adjustment of mac_len.
Fixes: 93515d53b1 ("net: move vlan pop/push functions into common code")
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Cc: Pravin Shelar <pshe...@ovn.org>
Cc: Jiri Pirko <j
On Tue, 27 Sep 2016 09:44:41 -0400 (EDT), da...@davemloft.net wrote:
> From: Daniel Borkmann
> Date: Tue, 27 Sep 2016 12:39:34 +0200
>
> > Any reason why dev_forward_skb() is not preferred over direct
> > netif_receive_skb() you're using? It would, for example, implicitly
>
Hi David,
On Tue, 27 Sep 2016 01:56:06 -0400 (EDT), da...@davemloft.net wrote:
> The discussion on this patch has ventured off into what to do about
> recursion.
>
> But it unclear to me where this specific patch, and this series,
> stands right now. Someone please clear this up for me.
Hi,
On Mon, 26 Sep 2016 16:43:16 +0200 Hannes Frederic Sowa
wrote:
> On 26.09.2016 03:35, Florian Westphal wrote:
> >
> > Yes, but I think we get same issue when we deal with stacked
> > interfaces, and redirect is to e.g. vlan on top of physical device.
>
> We
Hi,
On Sat, 24 Sep 2016 17:07:12 -0700 Cong Wang wrote:
> One problem to use your code for us is that, the RX side of veth
> is inside containers, not visible to outside, perhaps we need some
> more parameter to tell the netns before the device name/index?
> Thoughts?
On Sun, 25 Sep 2016 09:05:08 -0400 Jamal Hadi Salim <j...@mojatatu.com> wrote:
> On 16-09-23 11:40 AM, Shmulik Ladkani wrote:
> >
> > [off topic]
>
> I think this is still on topic!
Sorry, wasn't too clear on that.
What I meant is that _existing_ "egress redi
On Fri, 23 Sep 2016 15:52:24 -0400 (EDT) Lance Richardson <lrich...@redhat.com>
wrote:
> > From: "Shmulik Ladkani" <shmulik.ladk...@gmail.com>
> > Suggesting to add:
> >
> > Up until now, 'ip6gre_xmit_other' has set flowi6_proto to a bogus value.
: Set flowi6_proto as IPPROTO_GRE in xmit
> path."), simply delete the line setting the incorrect flowi6_proto value.
>
> Suggested-by: Jiri Benc <jb...@redhat.com>
> Fixes: commit c12b395a4664 ("gre: Support GRE over IPv6")
> Signed-off-by: Lance Richard
On Fri, 23 Sep 2016 08:48:33 -0400 Jamal Hadi Salim wrote:
> > Even today, one may create loops using existing 'egress redirect',
> > e.g. this rediculously errorneous construct:
> >
> > # ip l add v0 type veth peer name v0p
> > # tc filter add dev v0p parent : basic \
>
Hi,
On Thu, 22 Sep 2016 19:40:15 -0400 Jamal Hadi Salim <j...@mojatatu.com> wrote:
> On 16-09-22 09:21 AM, Shmulik Ladkani wrote:
> > From: Shmulik Ladkani <shmulik.ladk...@gmail.com>
> >
> > Up until now, 'action mirred' supported only egress act
On Thu, 22 Sep 2016 09:05:04 -0700 Stephen Hemminger
<step...@networkplumber.org> wrote:
> On Thu, 22 Sep 2016 12:31:10 +0300
> Shmulik Ladkani <shmulik.ladk...@ravellosystems.com> wrote:
>
> > +
> > +static const char *action_name(int action)
> > +{
On Thu, 22 Sep 2016 07:54:13 -0700 Eric Dumazet wrote:
> Hmm... we probably need to apply the full rcu protection before this
> patch.
>
> https://patchwork.ozlabs.org/patch/667680/
Are you referring to order of application into net-next?
This patch seems to present no
mask 0xfff eq 6)' \
action vlan modify id 5 continue
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
v2: Coding. No need to encapsule action_names[] access into a function
include/linux/tc_act/tc_vlan.h | 1 +
man/man8/tc-vlan.8 | 25 +++
From: Shmulik Ladkani <shmulik.ladk...@gmail.com>
These accessors are used in various drivers that support tc offloading,
to detect properties of a given 'tc_action'.
'is_tcf_mirred_redirect' tests that the action is TCA_EGRESS_REDIR.
'is_tcf_mirred_mirror' tests that the
From: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Up until now, 'action mirred' supported only egress actions (either
TCA_EGRESS_REDIR or TCA_EGRESS_MIRROR).
This patch implements the corresponding ingress actions
TCA_INGRESS_REDIR and TCA_INGRESS_MIRROR.
This allows attaching filters
From: Shmulik Ladkani <shmulik.ladk...@gmail.com>
'tcfm_ok_push' specifies whether a mac_len sized push is needed upon
egress to the target device (if action is performed at ingress).
Rename it to 'tcfm_mac_header_xmit' as this is actually an attribute of
the target device.
This
This patch series implements action mirred 'ingress' actions
TCA_INGRESS_REDIR and TCA_INGRESS_MIRROR.
This allows attaching filters whose target is to hand matching skbs into
the rx processing of a specified device.
Shmulik Ladkani (4):
net/sched: act_mirred: Rename tcfm_ok_push
From: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Move detection logic that tests whether device expects skb data to point
to mac_header upon xmit into a function.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
net/sched/act_mirred.c | 28 +++-
mask 0xfff eq 6)' \
action vlan modify id 5 continue
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
include/linux/tc_act/tc_vlan.h | 1 +
man/man8/tc-vlan.8 | 25 ++--
tc/m_vlan.c
Fix 'skb_vlan_pop' to use eth_type_vlan instead of directly comparing
skb->protocol to ETH_P_8021Q or ETH_P_8021AD.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
net/core/skbuff.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/core/skbuf
ed to previous "no-op" behavior.
Existing callers (e.g. tc act vlan, ovs) usually drop the packet if
'skb_vlan_pop' fails.
Fixes: 93515d53b1 ("net: move vlan pop/push functions into common code")
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Cc: Pravi
This is for net-next, forgot to mention.
Deprecates the v1 of https://patchwork.ozlabs.org/patch/671403/
Hi,
On Mon, 19 Sep 2016 13:46:10 -0700 pravin shelar <pshe...@ovn.org> wrote:
> On Mon, Sep 19, 2016 at 1:04 PM, Shmulik Ladkani
> <shmulik.ladk...@gmail.com> wrote:
> > Hi Pravin,
> >
> > On Sun, 18 Sep 2016 13:26:30 -0700 pravin shelar <pshe...@ovn.org&g
Hi Pravin,
On Sun, 18 Sep 2016 13:26:30 -0700 pravin shelar wrote:
> > +++ b/net/core/skbuff.c
> > @@ -4537,7 +4537,7 @@ int skb_vlan_pop(struct sk_buff *skb)
> > } else {
> > if (unlikely((skb->protocol != htons(ETH_P_8021Q) &&
> >
On Mon, 19 Sep 2016 18:53:19 +0300 Shmulik Ladkani <shmulik.ladk...@gmail.com>
wrote:
> Remove the 'skb->len < VLAN_ETH_HLEN' condition entirely:
> It is superfluous since inner '__skb_vlan_pop' already verifies there
> are VLAN_ETH_HLEN writable bytes at the mac_head
On Mon, 19 Sep 2016 09:20:55 -0700 Eric Dumazet <eric.duma...@gmail.com> wrote:
> On Mon, 2016-09-19 at 18:53 +0300, Shmulik Ladkani wrote:
> > Fix 'skb_vlan_pop' to use eth_type_vlan instead of directly comparing
> > skb->protocol to ETH_P_8021Q or ETH_P_8021AD.
> &g
preserving
its priority bits (as opposed to "action vlan pop pipe action vlan push").
Shmulik Ladkani (2):
net: skbuff: Export __skb_vlan_pop
net/sched: act_vlan: Introduce TCA_VLAN_ACT_MODIFY vlan action
include/linux/skbuff.h | 1 +
include/uapi/linux/tc_act/tc_vlan.h | 1 +
preserving
its priority bits (as opposed to "action vlan pop pipe action vlan push").
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Acked-by: Jamal Hadi Salim <j...@mojatatu.com>
---
v2:
- Removed superflous test 'mac_len < VLAN_ETH_HLEN' prior __skb_vlan_pop
-
This exports the functionality of extracting the tag from the payload,
without moving next vlan tag into hw accel tag.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
include/linux/skbuff.h | 1 +
net/core/skbuff.c | 7 +--
2 files changed, 6 insertions(+), 2 del
:
It is superfluous since inner '__skb_vlan_pop' already verifies there
are VLAN_ETH_HLEN writable bytes at the mac_header.
Fixes: 93515d53b1 ("net: move vlan pop/push functions into common code")
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Cc: Pravin Shelar <pshe...@
Fix 'skb_vlan_pop' to use eth_type_vlan instead of directly comparing
skb->protocol to ETH_P_8021Q or ETH_P_8021AD.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
net/core/skbuff.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/core/skbuf
On Mon, 19 Sep 2016 16:05:17 +0300 Shmulik Ladkani <shmulik.ladk...@gmail.com>
wrote:
> Also, I'm okay with removing the excess 'skb->mac_len < VLAN_ETH_HLEN'
> condition if it is agreed that the "tag exists but insufficient to pop"
> semantic is no lon
On Mon, 19 Sep 2016 14:22:57 +0200, dan...@iogearbox.net wrote:
> On 09/19/2016 08:15 AM, Shmulik Ladkani wrote:
> > On Sun, 18 Sep 2016 13:26:30 -0700, pshe...@ovn.org wrote:
> >> On Sun, Sep 18, 2016 at 3:09 AM, Shmulik Ladkani
> >> <shmulik.ladk...@gmail.com> w
Hi,
On Sun, 18 Sep 2016 13:26:30 -0700, pshe...@ovn.org wrote:
> On Sun, Sep 18, 2016 at 3:09 AM, Shmulik Ladkani
> <shmulik.ladk...@gmail.com> wrote:
> > diff --git a/net/core/skbuff.c b/net/core/skbuff.c
> > index 1e329d4112..cc2c004838 100644
> > --- a/net/co
This exports the functionality of extracting the tag from the payload,
without moving next vlan tag into hw accel tag.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
include/linux/skbuff.h | 1 +
net/core/skbuff.c | 7 +--
2 files changed, 6 insertions(+), 2 del
preserving
its priority bits (as opposed to "action vlan pop pipe action vlan push").
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
include/uapi/linux/tc_act/tc_vlan.h | 1 +
net/sched/act_vlan.c| 29 -
2 files changed, 29
preserving
its priority bits (as opposed to "action vlan pop pipe action vlan push").
Shmulik Ladkani (2):
net: skbuff: Export __skb_vlan_pop
net/sched: act_vlan: Introduce TCA_VLAN_ACT_MODIFY vlan action
include/linux/skbuff.h | 1 +
include/uapi/linux/tc_act/tc_vlan.h | 1 +
b->mac_len' is sufficient.
Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
---
Spotted by code review while doing work augmenting tc act vlan.
net/core/skbuff.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 1e329
On Thu, 25 Aug 2016 12:05:33 +0300 Shmulik Ladkani <shmulik.ladk...@gmail.com>
wrote:
> The BUG occurs when GRO occurs on the ingress, and only if GRO merges
> skbs into the frag_list (OTOH when segments are only placed into frags[]
> of a single skb, skb_segment succeeds e
; dst_ip 11.11.0.2 \
> id 11 \
> action mirred egress redirect dev vxlan0
>
> Signed-off-by: Amir Vadai <a...@vadai.me>
> Signed-off-by: Hadar Hen Zion <had...@mellanox.com>
Reviewed-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>
Thanks!
1 - 100 of 172 matches
Mail list logo