[PATCH net] ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output

In 'seg6_output', stack variable 'struct flowi6 fl6' was missing initialization. Fixes: 6c8702c60b88 ("ipv6: sr: add support for SRH encapsulation and injection with lwtunnels") Signed-off-by: Shmulik Ladkani --- Suggeting this fix, spotted during code review while experimenting

Re: [PATCH iproute2-next] iproute_lwtunnel: allow specifying 'src' for 'encap ip' / 'encap ip6'

Hi, On Fri, 17 Aug 2018 08:00:22 -0700 Stephen Hemminger wrote: > If you accept an attribute on input you need to parse it and display it the > same way in the show command. Note print_encap_ip and print_encap_ip6 already handle LWTUNNEL_IP_SRC and LWTUNNEL_IP6_SRC (since long ago, 1e5293056

[PATCH iproute2-next] iproute_lwtunnel: allow specifying 'src' for 'encap ip' / 'encap ip6'

This allows the user to specify the LWTUNNEL_IP_SRC/LWTUNNEL_IP6_SRC when setting an lwtunnel encapsulation route. Signed-off-by: Shmulik Ladkani --- ip/iproute_lwtunnel.c | 22 -- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/ip/iproute_lwtunnel.c b/ip

[PATCH net-next] ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address

xmit uses existing saddr selection code. Signed-off-by: Shmulik Ladkani Reviewed-by: Eyal Birger Fixes: 8d79266bc48c ("ip6_tunnel: add collect_md mode to IPv6 tunnels") --- net/ipv6/ip6_tunnel.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/ipv6/ip6_

Re: [PATCH] net: dev_forward_skb(): Scrub packet's per-netns info only when crossing netns

On Thu, 15 Mar 2018 09:35:51 -0700 (PDT) Liran Alon wrote: > - shmulik.ladk...@gmail.com wrote: > > > On Thu, 15 Mar 2018 08:01:03 -0700 (PDT) Liran Alon > > wrote: > > > > > > I still think that default behavior should be to zero skb->mark

Re: [PATCH] net: dev_forward_skb(): Scrub packet's per-netns info only when crossing netns

On Thu, 15 Mar 2018 08:01:03 -0700 (PDT) Liran Alon wrote: > > I still think that default behavior should be to zero skb->mark only when skb > cross netdevs in different netns. But the previous default was scrub the mark in *both* xnet and non-xnet situations.

Re: [PATCH] net: dev_forward_skb(): Scrub packet's per-netns info only when crossing netns

On Thu, 15 Mar 2018 16:13:39 +0100 Daniel Borkmann <dan...@iogearbox.net> wrote: > On 03/15/2018 01:50 PM, Shmulik Ladkani wrote: > > > > It would be beneficial to have the mark preserved when skb is injected > > to the slave device's rx path (especially when it's on th

Re: [PATCH] net: dev_forward_skb(): Scrub packet's per-netns info only when crossing netns

Hi, On Thu, 15 Mar 2018 12:56:13 +0100 Daniel Borkmann <dan...@iogearbox.net> wrote: > On 03/15/2018 10:21 AM, Shmulik Ladkani wrote: > > > > Regarding veth xmit, it does makes sense to preserve the fields if not > > crossing netns. This is also the c

Re: [PATCH] net: dev_forward_skb(): Scrub packet's per-netns info only when crossing netns

Hi, On Tue, 13 Mar 2018 17:07:22 +0200 Liran Alon wrote: > Before this commit, dev_forward_skb() always cleared packet's > per-network-namespace info. Even if the packet doesn't cross > network namespaces. > > The comment above dev_forward_skb() describes that this is

Re: [Q] Unable to load SCHED_CLS/SCHED_ACT bpf programs from outside init_user_ns

Hi, On Sat, 10 Feb 2018 14:08:58 +0100 Daniel Borkmann <dan...@iogearbox.net> wrote: > Hi Shmulik, > > On 02/10/2018 08:46 AM, Shmulik Ladkani wrote: > > Hi, > > > > Apparently one cannot use TC cls_bpf/act_bpf if running from a user ns > > other than

[Q] Unable to load SCHED_CLS/SCHED_ACT bpf programs from outside init_user_ns

Hi, Apparently one cannot use TC cls_bpf/act_bpf if running from a user ns other than the init_user_ns, as bpf_prog_load does not permit loading these type of progs, snip: if (type != BPF_PROG_TYPE_SOCKET_FILTER && type != BPF_PROG_TYPE_CGROUP_SKB &&

[PATCH iproute2 net-next] ip: link_ip6tnl.c/ip6tunnel.c: Support IP6_TNL_F_ALLOW_LOCAL_REMOTE flag

From: Shmulik Ladkani <shmulik.ladk...@gmail.com> IP6_TNL_F_ALLOW_LOCAL_REMOTE allows tunnel traffic on ip6tnl devices where the remote endpoint is a local host address. Specifying "[no]allow-localremote" controls the IP6_TNL_F_ALLOW_LOCAL_REMOTE flag on ip6tnl interfaces.

[PATCH net-next] ip6_tunnel: Allow rcv/xmit even if remote address is a local address

From: Shmulik Ladkani <shmulik.ladk...@gmail.com> Currently, ip6_tnl_xmit_ctl drops tunneled packets if the remote address (outer v6 destination) is one of host's locally configured addresses. Same applies to ip6_tnl_rcv_ctl: it drops packets if the remote address (outer v6 source) is a

[PATCH v2] netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'

From: Shmulik Ladkani <shmulik.ladk...@gmail.com> Commit 2c16d6033264 ("netfilter: xt_bpf: support ebpf") introduced support for attaching an eBPF object by an fd, with the 'bpf_mt_check_v1' ABI expecting the '.fd' to be specified upon each IPT_SO_SET_REPLACE call. However this b

Re: [PATCH net] net: fib_rules: Fix fib_rules_ops->compare implementations to support exact match

Hi David, On Tue, 03 Oct 2017 14:54:18 -0700 (PDT) David Miller <da...@davemloft.net> wrote: > From: Shmulik Ladkani <shmu...@nsof.io> > Date: Sat, 30 Sep 2017 11:59:09 +0300 > > > This leads to inconsistencies, depending on order of operations, e.g.: > &

[PATCH] netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'

From: Shmulik Ladkani <shmulik.ladk...@gmail.com> Commit 2c16d6033264 ("netfilter: xt_bpf: support ebpf") introduced support for attaching an eBPF object by an fd, with the 'bpf_mt_check_v1' ABI expecting the '.fd' to be specified upon each IPT_SO_SET_REPLACE call. However this b

Re: [PATCH net] net: fib_rules: Fix fib_rules_ops->compare implementations to support exact match

Hi David, On Tue, 03 Oct 2017 14:54:18 -0700 (PDT) David Miller wrote: > I don't see any inconsistency. When you insert using NLM_F_EXCL the > insertion fails if any existing rule matches or overlaps in any way > with the keys in the new rule. Please note that current

[PATCH net] net: fib_rules: Fix fib_rules_ops->compare implementations to support exact match

From: Shmulik Ladkani <shmulik.ladk...@gmail.com> Commit 153380ec4b9b ("fib_rules: Added NLM_F_EXCL support to fib_nl_newrule") added a check to 'fib_nl_newrule' that tests whether the suggested rule already exists (i.e. has same properties). The check uses fib_rules_ops-&

netfilter: xt_bpf: ABI issue in xt_bpf_info_v1?

Hi, Commit 2c16d60 'netfilter: xt_bpf: support ebpf' introduced 'xt_bpf_info_v1', to support attaching an eBPF object by fd. Alas, seems this ABI is problematic, as the 'fd', which is local to the process attaching the ebpf object (namely iptables) is stored in the matchinfo structure. This

Re: [PATCH net] ipv4: update comment to document GSO fragmentation cases.

for egress > GSO packets. > > Suggested-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> > Signed-off-by: Lance Richardson <lrich...@redhat.com> Thanks Lance. Reviewed-by: Shmulik Ladkani <shmulik.ladk...@gmail.com>

Re: [PATCH net v3] ipv4: allow local fragmentation in ip_finish_output_gso()

On Thu, 3 Nov 2016 22:34:34 +0100 Hannes Frederic Sowa wrote: > Correct, but we should maybe redefine the code a bit. From my > understanding we can now create an ICMP storm in case every fragment gets. Yes, you are right. Each segment gets into ip_fragment, and due

Re: [PATCH net v3] ipv4: allow local fragmentation in ip_finish_output_gso()

Hi, On Thu, 3 Nov 2016 09:06:27 -0400 (EDT) Lance Richardson wrote: > I'm not sure what could be added that would help, was there something > specific you had in mind? How about something like this (preliminary, feel free to massage): @@ -248,10 +248,16 @@ static int

Re: [PATCH net v3] ipv4: allow local fragmentation in ip_finish_output_gso()

Hi, On Thu, 3 Nov 2016 17:05:54 -0400 (EDT) Lance Richardson wrote: > > I'm still digesting the patchwork history, but it seems to me: > >1) If we call skb_gso_validate_mtu() and it returns true, > ip_finish_output2() will > be called, just as before, so

Re: [PATCH net v3] ipv4: allow local fragmentation in ip_finish_output_gso()

On Thu, 03 Nov 2016 16:12:44 -0400 (EDT) David Miller wrote: > Applied and queued up for -stable. Dave, my response lagged your "Applied" by few minutes ;) This seems to deserve some more thought to make sure nothing got broken, as expressed last in

Re: [PATCH net v3] ipv4: allow local fragmentation in ip_finish_output_gso()

Hi Hannes, Lance, On Wed, 2 Nov 2016 16:36:17 -0400 Lance Richardson wrote: > > - if (skb_iif && !(df & htons(IP_DF))) { > - /* Arrived from an ingress interface, got encapsulated, with > - * fragmentation of encapulating frames allowed. > -

Re: [PATCH net v3] ipv4: allow local fragmentation in ip_finish_output_gso()

On Wed, 2 Nov 2016 16:36:17 -0400 Lance Richardson wrote: > - /* common case: fragmentation of segments is not allowed, > - * or seglen is <= mtu > + /* common case: seglen is <= mtu >*/ > - if (((IPCB(skb)->flags & IPSKB_FRAG_SEGS) == 0) || > -

Re: [PATCH v2] ip6_tunnel: Clear IP6CB in ip6_tnl_xmit() after encapsulation

Hi, On Fri, 28 Oct 2016 13:13:45 +0800 Eli Cooper wrote: > So I think it is best that all the > IP6CB gets cleared before it is pushed to the next layer. Just a comparison to the ipv4 world: All tunnels (udp/ip based) end up calling iptunnel_xmit(), which: - scrubs the skb

Re: [PATCHv2 iproute2 net-next] tc: m_mirred: Fix parsing of 'index' optional argument

Hi, On Thu, 27 Oct 2016 16:56:43 +0200 Phil Sutter wrote: > > Actual code, since first committed, attempts to parse "index" as 1st > > argument (without success), see parse_mirred(): > > > > if (matches(*argv, "egress") == 0 || matches(*argv, "index") == 0) { > >

Re: [PATCHv2 iproute2 net-next] tc: m_mirred: Fix parsing of 'index' optional argument

Hi Phil, On Thu, 27 Oct 2016 11:46:33 +0200, p...@nwl.cc wrote: > According to the action's help text (and the man page which is based > upon that), this behaviour is perfectly fine: > > | Usage: mirred [index INDEX] > > So first argument *must* be the direction, second one *must* be the >

[PATCHv2 iproute2 net-next] tc: m_mirred: Fix parsing of 'index' optional argument

- continue parsing after valid "index" is seen - don't issue the RTNETLINK unless valid "egress"/"ingress" is seen Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- v2: rebased to recent tip of net-next, amended log message An alternative solutio

[PATCH iproute2 net-next] tc: m_mirred: Fix parsing of 'index' optional argument

: - continue parsing after valid "index" is seen - don't issue the RTNETLINK unless valid "egress" is seen Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- Well, both man and usage suggest "index" comes after the egress clause: tc ... action mir

[PATCH net-next] net/sched: em_meta: Fix 'meta vlan' to correctly recognize zero VID frames

lan: allow null VLAN ID to be used") Fixes: 1a31f2042e ("netsched: Allow meta match on vlan tag on receive") Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Cc: Eric Dumazet <eric.duma...@gmail.com> Cc: Stephen Hemminger <step...@networkplumber.org> --- net/

[PATCH iproute2 net-next] tc: m_mirred: Add support for ingress redirect/mirror

basic \ action mirred ingress redirect dev dummy0 Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- man/man8/tc-mirred.8 | 4 +--- tc/m_mirred.c| 40 2 files changed, 29 insertions(+), 15 deletions(-) diff --git a/man/m

[PATCH v4 net-next 3/4] net/sched: tc_mirred: Rename public predicates 'is_tcf_mirred_redirect' and 'is_tcf_mirred_mirror'

/mirror, rename these predicates to reflect their true meaning: s/is_tcf_mirred_redirect/is_tcf_mirred_egress_redirect/ s/is_tcf_mirred_mirror/is_tcf_mirred_egress_mirror/ Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Cc: Hariprasad S <haripra...@chelsio.com> Cc:

[PATCH v4 net-next 2/4] net/sched: act_mirred: Refactor detection whether dev needs xmit at mac header

Move detection logic that tests whether device expects skb data to point at mac_header upon xmit into a function. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- net/sched/act_mirred.c | 28 +++- 1 file changed, 15 insertions(+), 13 deletions(-) diff

[PATCH v4 net-next 0/4] act_mirred: Ingress actions support

: in 4/4, addressed non coherency due to reading m->tcfm_eaction multiple times, as spotted by Eric Dumazet v2: in 1/4, declare tcfm_mac_header_xmit as bool instead of int Shmulik Ladkani (4): net/sched: act_mirred: Rename tcfm_ok_push to tcfm_mac_header_xmit and make it a bool

[PATCH v4 net-next 1/4] net/sched: act_mirred: Rename tcfm_ok_push to tcfm_mac_header_xmit and make it a bool

from the action to be taken. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- v2: declare tcfm_mac_header_xmit as bool instead of int include/net/tc_act/tc_mirred.h | 2 +- net/sched/act_mirred.c | 11 ++- 2 files changed, 7 insertions(+), 6 deletions(-) diff

[PATCH v4 net-next 4/4] net/sched: act_mirred: Implement ingress actions

of a specified device. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Eric Dumazet <eric.duma...@gmail.com> Cc: Cong Wang <xiyou.wangc...@gmail.com> --- v4: check ret code of netif_receive_skb, as suggested by Cong

Re: [PATCH v3 net-next 4/4] net/sched: act_mirred: Implement ingress actions

Hi, On Mon, Oct 3, 2016 at 12:45 PM, Cong Wang <xiyou.wangc...@gmail.com> wrote: > On Thu, Sep 29, 2016 at 4:03 AM, Shmulik Ladkani > <shmulik.ladk...@gmail.com> wrote: >> skb2->skb_iif = skb->dev->ifindex; >> skb2->dev =

[PATCH v3 net-next 4/4] net/sched: act_mirred: Implement ingress actions

of a specified device. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Eric Dumazet <eric.duma...@gmail.com> --- v3: Addressed non coherency due to reading m->tcfm_eaction multiple times, as spotted by Eri

[PATCH v3 net-next 0/4] act_mirred: Ingress actions support

ple times, as spotted by Eric Dumazet v2: in 1/4, declare tcfm_mac_header_xmit as bool instead of int Shmulik Ladkani (4): net/sched: act_mirred: Rename tcfm_ok_push to tcfm_mac_header_xmit and make it a bool net/sched: act_mirred: Refactor detection whether dev needs xmit at mac hea

[PATCH v3 net-next 1/4] net/sched: act_mirred: Rename tcfm_ok_push to tcfm_mac_header_xmit and make it a bool

from the action to be taken. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- v2: declare tcfm_mac_header_xmit as bool instead of int include/net/tc_act/tc_mirred.h | 2 +- net/sched/act_mirred.c | 11 ++- 2 files changed, 7 insertions(+), 6 deletions(-) diff

[PATCH v3 net-next 3/4] net/sched: tc_mirred: Rename public predicates 'is_tcf_mirred_redirect' and 'is_tcf_mirred_mirror'

/mirror, rename these predicates to reflect their true meaning: s/is_tcf_mirred_redirect/is_tcf_mirred_egress_redirect/ s/is_tcf_mirred_mirror/is_tcf_mirred_egress_mirror/ Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Cc: Hariprasad S <haripra...@chelsio.com> Cc:

[PATCH v3 net-next 2/4] net/sched: act_mirred: Refactor detection whether dev needs xmit at mac header

Move detection logic that tests whether device expects skb data to point at mac_header upon xmit into a function. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- net/sched/act_mirred.c | 28 +++- 1 file changed, 15 insertions(+), 13 deletions(-) diff

Re: [PATCH v2 net-next 4/4] net/sched: act_mirred: Implement ingress actions

Hi Eric, On Tue, 27 Sep 2016 14:27:13 -0700 Eric Dumazet wrote: > > Since this runs lockless, another cpu might change m->tcfm_eaction in > the middle, and you could call dev_queue_xmit(skb2) while the skb2 was > prepared for the opposite action. Well, seem members of

Re: [PATCH v3 net 1/2] net/sched: act_vlan: Push skb->data to mac_header prior calling skb_vlan_*() functions

David, On Thu, 29 Sep 2016 12:10:40 +0300 Shmulik Ladkani <shmulik.ladk...@gmail.com> wrote: > This patch fixes act_vlan to point to the mac_header prior calling > skb_vlan_*() functions, as other callers do. > This 1/2 patch fixes the problem detailed in [1] for act_vlan, la

[PATCH v3 net 1/2] net/sched: act_vlan: Push skb->data to mac_header prior calling skb_vlan_*() functions

fixes act_vlan to point to the mac_header prior calling skb_vlan_*() functions, as other callers do. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Pravin Shelar <pshe...@ovn.org> Cc: Jiri Pirko <j...@mellanox.com> ---

[PATCH v3 net 2/2] net: skbuff: Limit skb_vlan_pop/push() to expect skb->data at mac header

longer support arbitrary skb->data inputs for skb_vlan_pop/push(). skb->data is expected to be exactly at mac_header; WARN otherwise. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Pravin Shelar <pshe...@ovn.org> Cc:

Re: [PATCH v2 net] net: skbuff: skb_vlan_push: Fix wrong unwinding of skb->data after __vlan_insert_tag call

On Wed, 28 Sep 2016 16:43:38 +0200 Daniel Borkmann wrote: > Couldn't we end up with 1) for the act_vlan case when we'd have the > offset-adjusted skb_vlan_push() fix from here, where we'd then redirect > to ingress where skb_vlan_pop() would be called? If I'm not missing >

Re: [PATCH v2 net] net: skbuff: skb_vlan_push: Fix wrong unwinding of skb->data after __vlan_insert_tag call

On Wed, 28 Sep 2016 16:43:38 +0200 Daniel Borkmann wrote: > > (1) suppose upon entry we have > > > > DA,SA,0x8100,TCI,0x0800, > > ^^ > > mac_hdr data > > > > initial offset is 18, and after current unwinding code we'll get > > You

Re: [PATCH v2 net] net: skbuff: skb_vlan_push: Fix wrong unwinding of skb->data after __vlan_insert_tag call

Hi, On Wed, 28 Sep 2016 12:30:56 +0200, dan...@iogearbox.net wrote: > > @@ -4608,6 +4608,8 @@ int skb_vlan_push(struct sk_buff *skb, __be16 > > vlan_proto, u16 vlan_tci) > > > > skb->protocol = skb->vlan_proto; > > skb->mac_len += VLAN_HLEN; > > + if (offset) >

[PATCH v2 net] net: skbuff: skb_vlan_push: Fix wrong unwinding of skb->data after __vlan_insert_tag call

From: Shmulik Ladkani <shmulik.ladk...@gmail.com> In case 'skb_vlan_push' is called on an skb with a hw-accel vlan tag present, the existing hw-accel tag is inserted into the payload, and the new given tag is placed as new hw-accel tag. In order to insert the existing hw-acc

Re: [PATCH net] net: skbuff: Fix incorrect skb->mac_len adjustment in skb_vlan_push()

Hi, On Tue, 27 Sep 2016 13:04:35 -0700, pshe...@ovn.org wrote: > > OVS MPLS does depends on mac-len to track MPLS header (ref > skb_mpls_header()). Therefore vlan header changes needs to update > mac-len. Thanks for the explanation. I'm working on a better fix. Regards, Shmulik

Re: [PATCH v2 net-next 4/4] net/sched: act_mirred: Implement ingress actions

Hi, On Tue, 27 Sep 2016 14:27:13 -0700 Eric Dumazet <eric.duma...@gmail.com> wrote: > On Tue, 2016-09-27 at 23:59 +0300, Shmulik Ladkani wrote: > > Up until now, 'action mirred' supported only egress actions (either > > TCA_EGRESS_REDIR or TCA_EGRESS_MIRROR). > >

[PATCH v2 net-next 1/4] net/sched: act_mirred: Rename tcfm_ok_push to tcfm_mac_header_xmit and make it a bool

from the action to be taken. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- v2: declare tcfm_mac_header_xmit as bool instead of int include/net/tc_act/tc_mirred.h | 2 +- net/sched/act_mirred.c | 11 ++- 2 files changed, 7 insertions(+), 6 deletions(-) diff

[PATCH v2 net-next 4/4] net/sched: act_mirred: Implement ingress actions

of a specified device. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> --- net/sched/act_mirred.c | 48 ++-- 1 file changed, 42 insertions(+), 6 deletions(-) diff --git a/net/sched/act_mi

[PATCH v2 net-next 3/4] net/sched: tc_mirred: Rename public predicates 'is_tcf_mirred_redirect' and 'is_tcf_mirred_mirror'

/mirror, rename these predicates to reflect their true meaning: s/is_tcf_mirred_redirect/is_tcf_mirred_egress_redirect/ s/is_tcf_mirred_mirror/is_tcf_mirred_egress_mirror/ Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Cc: Hariprasad S <haripra...@chelsio.com> Cc:

[PATCH v2 net-next 2/4] net/sched: act_mirred: Refactor detection whether dev needs xmit at mac header

Move detection logic that tests whether device expects skb data to point at mac_header upon xmit into a function. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- net/sched/act_mirred.c | 28 +++- 1 file changed, 15 insertions(+), 13 deletions(-) diff

[PATCH v2 net-next 0/4] act_mirred: Ingress actions support

This patch series implements action mirred 'ingress' actions TCA_INGRESS_REDIR and TCA_INGRESS_MIRROR. This allows attaching filters whose target is to hand matching skbs into the rx processing of a specified device. v2: in 1/4, declare tcfm_mac_header_xmit as bool instead of int Shmulik

Re: [PATCH net-next 1/4] net/sched: act_mirred: Rename tcfm_ok_push to tcfm_mac_header_xmit

Hi, On Tue, 27 Sep 2016 12:30:20 +0200 Daniel Borkmann <dan...@iogearbox.net> wrote: > On 09/22/2016 03:21 PM, Shmulik Ladkani wrote: > > From: Shmulik Ladkani <shmulik.ladk...@gmail.com> > > > > 'tcfm_ok_push' specifies whether a mac_len sized push is needed upo

[PATCH net] net: skbuff: Fix incorrect skb->mac_len adjustment in skb_vlan_push()

havior is having QinQ frames. Fix, removing the unnecessary VLAN_HLEN adjustment of mac_len. Fixes: 93515d53b1 ("net: move vlan pop/push functions into common code") Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Cc: Pravin Shelar <pshe...@ovn.org> Cc: Jiri Pirko <j

Re: [PATCH net-next 4/4] net/sched: act_mirred: Implement ingress actions

On Tue, 27 Sep 2016 09:44:41 -0400 (EDT), da...@davemloft.net wrote: > From: Daniel Borkmann > Date: Tue, 27 Sep 2016 12:39:34 +0200 > > > Any reason why dev_forward_skb() is not preferred over direct > > netif_receive_skb() you're using? It would, for example, implicitly >

Re: [PATCH net-next 4/4] net/sched: act_mirred: Implement ingress actions

Hi David, On Tue, 27 Sep 2016 01:56:06 -0400 (EDT), da...@davemloft.net wrote: > The discussion on this patch has ventured off into what to do about > recursion. > > But it unclear to me where this specific patch, and this series, > stands right now. Someone please clear this up for me.

Re: [PATCH net-next 4/4] net/sched: act_mirred: Implement ingress actions

Hi, On Mon, 26 Sep 2016 16:43:16 +0200 Hannes Frederic Sowa wrote: > On 26.09.2016 03:35, Florian Westphal wrote: > > > > Yes, but I think we get same issue when we deal with stacked > > interfaces, and redirect is to e.g. vlan on top of physical device. > > We

Re: [PATCH net-next 4/4] net/sched: act_mirred: Implement ingress actions

Hi, On Sat, 24 Sep 2016 17:07:12 -0700 Cong Wang wrote: > One problem to use your code for us is that, the RX side of veth > is inside containers, not visible to outside, perhaps we need some > more parameter to tell the netns before the device name/index? > Thoughts?

Re: [PATCH net-next 4/4] net/sched: act_mirred: Implement ingress actions

On Sun, 25 Sep 2016 09:05:08 -0400 Jamal Hadi Salim <j...@mojatatu.com> wrote: > On 16-09-23 11:40 AM, Shmulik Ladkani wrote: > > > > [off topic] > > I think this is still on topic! Sorry, wasn't too clear on that. What I meant is that _existing_ "egress redi

Re: [PATCH net] ip6_gre: fix flowi6_proto value in ip6gre_xmit_other()

On Fri, 23 Sep 2016 15:52:24 -0400 (EDT) Lance Richardson <lrich...@redhat.com> wrote: > > From: "Shmulik Ladkani" <shmulik.ladk...@gmail.com> > > Suggesting to add: > > > > Up until now, 'ip6gre_xmit_other' has set flowi6_proto to a bogus value.

Re: [PATCH net] ip6_gre: fix flowi6_proto value in ip6gre_xmit_other()

: Set flowi6_proto as IPPROTO_GRE in xmit > path."), simply delete the line setting the incorrect flowi6_proto value. > > Suggested-by: Jiri Benc <jb...@redhat.com> > Fixes: commit c12b395a4664 ("gre: Support GRE over IPv6") > Signed-off-by: Lance Richard

Re: [PATCH net-next 4/4] net/sched: act_mirred: Implement ingress actions

On Fri, 23 Sep 2016 08:48:33 -0400 Jamal Hadi Salim wrote: > > Even today, one may create loops using existing 'egress redirect', > > e.g. this rediculously errorneous construct: > > > > # ip l add v0 type veth peer name v0p > > # tc filter add dev v0p parent : basic \ >

Re: [PATCH net-next 4/4] net/sched: act_mirred: Implement ingress actions

Hi, On Thu, 22 Sep 2016 19:40:15 -0400 Jamal Hadi Salim <j...@mojatatu.com> wrote: > On 16-09-22 09:21 AM, Shmulik Ladkani wrote: > > From: Shmulik Ladkani <shmulik.ladk...@gmail.com> > > > > Up until now, 'action mirred' supported only egress act

Re: [PATCH iproute2 net-next] tc: m_vlan: Add vlan modify action

On Thu, 22 Sep 2016 09:05:04 -0700 Stephen Hemminger <step...@networkplumber.org> wrote: > On Thu, 22 Sep 2016 12:31:10 +0300 > Shmulik Ladkani <shmulik.ladk...@ravellosystems.com> wrote: > > > + > > +static const char *action_name(int action) > > +{

Re: [PATCH net-next 4/4] net/sched: act_mirred: Implement ingress actions

On Thu, 22 Sep 2016 07:54:13 -0700 Eric Dumazet wrote: > Hmm... we probably need to apply the full rcu protection before this > patch. > > https://patchwork.ozlabs.org/patch/667680/ Are you referring to order of application into net-next? This patch seems to present no

[PATCH v2 iproute2 net-next] tc: m_vlan: Add vlan modify action

mask 0xfff eq 6)' \ action vlan modify id 5 continue Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- v2: Coding. No need to encapsule action_names[] access into a function include/linux/tc_act/tc_vlan.h | 1 + man/man8/tc-vlan.8 | 25 +++

[PATCH net-next 3/4] net/sched: tc_mirred: Rename public predicates 'is_tcf_mirred_redirect' and 'is_tcf_mirred_mirror'

From: Shmulik Ladkani <shmulik.ladk...@gmail.com> These accessors are used in various drivers that support tc offloading, to detect properties of a given 'tc_action'. 'is_tcf_mirred_redirect' tests that the action is TCA_EGRESS_REDIR. 'is_tcf_mirred_mirror' tests that the

[PATCH net-next 4/4] net/sched: act_mirred: Implement ingress actions

From: Shmulik Ladkani <shmulik.ladk...@gmail.com> Up until now, 'action mirred' supported only egress actions (either TCA_EGRESS_REDIR or TCA_EGRESS_MIRROR). This patch implements the corresponding ingress actions TCA_INGRESS_REDIR and TCA_INGRESS_MIRROR. This allows attaching filters

[PATCH net-next 1/4] net/sched: act_mirred: Rename tcfm_ok_push to tcfm_mac_header_xmit

From: Shmulik Ladkani <shmulik.ladk...@gmail.com> 'tcfm_ok_push' specifies whether a mac_len sized push is needed upon egress to the target device (if action is performed at ingress). Rename it to 'tcfm_mac_header_xmit' as this is actually an attribute of the target device. This

[PATCH net-next 0/4] act_mirred: Ingress actions support

This patch series implements action mirred 'ingress' actions TCA_INGRESS_REDIR and TCA_INGRESS_MIRROR. This allows attaching filters whose target is to hand matching skbs into the rx processing of a specified device. Shmulik Ladkani (4): net/sched: act_mirred: Rename tcfm_ok_push

[PATCH net-next 2/4] net/sched: act_mirred: Refactor detection whether dev needs xmit at mac header

From: Shmulik Ladkani <shmulik.ladk...@gmail.com> Move detection logic that tests whether device expects skb data to point to mac_header upon xmit into a function. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- net/sched/act_mirred.c | 28 +++-

[PATCH iproute2 net-next] tc: m_vlan: Add vlan modify action

mask 0xfff eq 6)' \ action vlan modify id 5 continue Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- include/linux/tc_act/tc_vlan.h | 1 + man/man8/tc-vlan.8 | 25 ++-- tc/m_vlan.c

[PATCH v3 net-next 2/2] net: skbuff: Coding: Use eth_type_vlan() instead of open coding it

Fix 'skb_vlan_pop' to use eth_type_vlan instead of directly comparing skb->protocol to ETH_P_8021Q or ETH_P_8021AD. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- net/core/skbuff.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/net/core/skbuf

[PATCH v3 net-next 1/2] net: skbuff: Remove errornous length validation in skb_vlan_pop()

ed to previous "no-op" behavior. Existing callers (e.g. tc act vlan, ovs) usually drop the packet if 'skb_vlan_pop' fails. Fixes: 93515d53b1 ("net: move vlan pop/push functions into common code") Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Cc: Pravi

Re: [PATCH v2 0/2] act_vlan: Introduce TCA_VLAN_ACT_MODIFY vlan action

This is for net-next, forgot to mention. Deprecates the v1 of https://patchwork.ozlabs.org/patch/671403/

Re: [PATCH] net: skbuff: Fix length validation in skb_vlan_pop()

Hi, On Mon, 19 Sep 2016 13:46:10 -0700 pravin shelar <pshe...@ovn.org> wrote: > On Mon, Sep 19, 2016 at 1:04 PM, Shmulik Ladkani > <shmulik.ladk...@gmail.com> wrote: > > Hi Pravin, > > > > On Sun, 18 Sep 2016 13:26:30 -0700 pravin shelar <pshe...@ovn.org&g

Re: [PATCH] net: skbuff: Fix length validation in skb_vlan_pop()

Hi Pravin, On Sun, 18 Sep 2016 13:26:30 -0700 pravin shelar wrote: > > +++ b/net/core/skbuff.c > > @@ -4537,7 +4537,7 @@ int skb_vlan_pop(struct sk_buff *skb) > > } else { > > if (unlikely((skb->protocol != htons(ETH_P_8021Q) && > >

Re: [PATCH v2 1/2] net: skbuff: Remove errornous length validation in skb_vlan_pop()

On Mon, 19 Sep 2016 18:53:19 +0300 Shmulik Ladkani <shmulik.ladk...@gmail.com> wrote: > Remove the 'skb->len < VLAN_ETH_HLEN' condition entirely: > It is superfluous since inner '__skb_vlan_pop' already verifies there > are VLAN_ETH_HLEN writable bytes at the mac_head

Re: [PATCH v2 2/2] net: skbuff: Coding: Use eth_type_vlan() instead of open coding it

On Mon, 19 Sep 2016 09:20:55 -0700 Eric Dumazet <eric.duma...@gmail.com> wrote: > On Mon, 2016-09-19 at 18:53 +0300, Shmulik Ladkani wrote: > > Fix 'skb_vlan_pop' to use eth_type_vlan instead of directly comparing > > skb->protocol to ETH_P_8021Q or ETH_P_8021AD. > &g

[PATCH v2 0/2] act_vlan: Introduce TCA_VLAN_ACT_MODIFY vlan action

preserving its priority bits (as opposed to "action vlan pop pipe action vlan push"). Shmulik Ladkani (2): net: skbuff: Export __skb_vlan_pop net/sched: act_vlan: Introduce TCA_VLAN_ACT_MODIFY vlan action include/linux/skbuff.h | 1 + include/uapi/linux/tc_act/tc_vlan.h | 1 +

[PATCH v2 2/2] net/sched: act_vlan: Introduce TCA_VLAN_ACT_MODIFY vlan action

preserving its priority bits (as opposed to "action vlan pop pipe action vlan push"). Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Acked-by: Jamal Hadi Salim <j...@mojatatu.com> --- v2: - Removed superflous test 'mac_len < VLAN_ETH_HLEN' prior __skb_vlan_pop -

[PATCH v2 1/2] net: skbuff: Export __skb_vlan_pop

This exports the functionality of extracting the tag from the payload, without moving next vlan tag into hw accel tag. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- include/linux/skbuff.h | 1 + net/core/skbuff.c | 7 +-- 2 files changed, 6 insertions(+), 2 del

[PATCH v2 1/2] net: skbuff: Remove errornous length validation in skb_vlan_pop()

: It is superfluous since inner '__skb_vlan_pop' already verifies there are VLAN_ETH_HLEN writable bytes at the mac_header. Fixes: 93515d53b1 ("net: move vlan pop/push functions into common code") Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Cc: Pravin Shelar <pshe...@

[PATCH v2 2/2] net: skbuff: Coding: Use eth_type_vlan() instead of open coding it

Fix 'skb_vlan_pop' to use eth_type_vlan instead of directly comparing skb->protocol to ETH_P_8021Q or ETH_P_8021AD. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- net/core/skbuff.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/net/core/skbuf

Re: [PATCH] net: skbuff: Fix length validation in skb_vlan_pop()

On Mon, 19 Sep 2016 16:05:17 +0300 Shmulik Ladkani <shmulik.ladk...@gmail.com> wrote: > Also, I'm okay with removing the excess 'skb->mac_len < VLAN_ETH_HLEN' > condition if it is agreed that the "tag exists but insufficient to pop" > semantic is no lon

Re: [PATCH] net: skbuff: Fix length validation in skb_vlan_pop()

On Mon, 19 Sep 2016 14:22:57 +0200, dan...@iogearbox.net wrote: > On 09/19/2016 08:15 AM, Shmulik Ladkani wrote: > > On Sun, 18 Sep 2016 13:26:30 -0700, pshe...@ovn.org wrote: > >> On Sun, Sep 18, 2016 at 3:09 AM, Shmulik Ladkani > >> <shmulik.ladk...@gmail.com> w

Re: [PATCH] net: skbuff: Fix length validation in skb_vlan_pop()

Hi, On Sun, 18 Sep 2016 13:26:30 -0700, pshe...@ovn.org wrote: > On Sun, Sep 18, 2016 at 3:09 AM, Shmulik Ladkani > <shmulik.ladk...@gmail.com> wrote: > > diff --git a/net/core/skbuff.c b/net/core/skbuff.c > > index 1e329d4112..cc2c004838 100644 > > --- a/net/co

[PATCH net-next 1/2] net: skbuff: Export __skb_vlan_pop

This exports the functionality of extracting the tag from the payload, without moving next vlan tag into hw accel tag. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- include/linux/skbuff.h | 1 + net/core/skbuff.c | 7 +-- 2 files changed, 6 insertions(+), 2 del

[PATCH net-next 2/2] net/sched: act_vlan: Introduce TCA_VLAN_ACT_MODIFY vlan action

preserving its priority bits (as opposed to "action vlan pop pipe action vlan push"). Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- include/uapi/linux/tc_act/tc_vlan.h | 1 + net/sched/act_vlan.c| 29 - 2 files changed, 29

[PATCH net-next 0/2] act_vlan: Introduce TCA_VLAN_ACT_MODIFY vlan action

preserving its priority bits (as opposed to "action vlan pop pipe action vlan push"). Shmulik Ladkani (2): net: skbuff: Export __skb_vlan_pop net/sched: act_vlan: Introduce TCA_VLAN_ACT_MODIFY vlan action include/linux/skbuff.h | 1 + include/uapi/linux/tc_act/tc_vlan.h | 1 +

[PATCH] net: skbuff: Fix length validation in skb_vlan_pop()

b->mac_len' is sufficient. Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- Spotted by code review while doing work augmenting tc act vlan. net/core/skbuff.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 1e329

Re: [RFC PATCH] net: ip_finish_output_gso: Attempt gso_size clamping if segments exceed mtu

On Thu, 25 Aug 2016 12:05:33 +0300 Shmulik Ladkani <shmulik.ladk...@gmail.com> wrote: > The BUG occurs when GRO occurs on the ingress, and only if GRO merges > skbs into the frag_list (OTOH when segments are only placed into frags[] > of a single skb, skb_segment succeeds e

Re: [PATCH net-next V5 4/4] net/sched: Introduce act_tunnel_key

; dst_ip 11.11.0.2 \ > id 11 \ > action mirred egress redirect dev vxlan0 > > Signed-off-by: Amir Vadai <a...@vadai.me> > Signed-off-by: Hadar Hen Zion <had...@mellanox.com> Reviewed-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> Thanks!

  1   2   >