On Fri, Sep 7, 2018 at 1:34 PM, David Miller wrote:
> From: Willem de Bruijn
> Date: Fri, 7 Sep 2018 11:50:02 -0400
>
>> If you are not seeing these problems with other protocols, I must be
>> misreading that code.
>
> Right, the ethernet header is only guaranteed to be 2 byte aligned on
>
On Fri, Sep 7, 2018 at 11:50 AM, Willem de Bruijn wrote:
> Hi James,
>
> Thanks for the report. In the future please always include
> netdev@vger.kernel.org in technical discussions.
>
> On Fri, Sep 7, 2018 at 1:00 AM James Sakalaukus wrote:
>>
>> Hello Willem and David,
>>
>> I have an
From: Petar Penkov
This eBPF program extracts basic/control/ip address/ports keys from
incoming packets. It supports recursive parsing for IP encapsulation,
and VLAN, along with IPv4/IPv6 and extension headers. This program is
meant to show how flow dissection and key extraction can be done in
From: Petar Penkov
Adds a test that sends different types of packets over multiple
tunnels and verifies that valid packets are dissected correctly. To do
so, a tc-flower rule is added to drop packets on UDP src port 9, and
packets are sent from ports 8, 9, and 10. Only the packets on port 9
From: Petar Penkov
This patch series hardens the RX stack by allowing flow dissection in BPF,
as previously discussed [1]. Because of the rigorous checks of the BPF
verifier, this provides significant security guarantees. In particular, the
BPF flow dissector cannot get inside of an infinite
From: Petar Penkov
Adds a hook for programs of type BPF_PROG_TYPE_FLOW_DISSECTOR and
attach type BPF_FLOW_DISSECTOR that is executed in the flow dissector
path. The BPF program is per-network namespace.
Signed-off-by: Petar Penkov
Signed-off-by: Willem de Bruijn
---
include/linux/bpf.h
Thanks David and Ido, for finding the root-cause for bridge Rx packets getting
dropped, also for coming up with a patch.
Regards,
Nelson
On 9/7/18, 9:09 AM, "David Ahern" wrote:
On 9/7/18 9:56 AM, D'Souza, Nelson wrote:
>
On Wed, Aug 29, 2018 at 09:26:35PM +0100, Ben Hutchings wrote:
> Date: Wed, 29 Aug 2018 21:26:35 +0100
> From: Ben Hutchings
> To: Felix Manlunas , Florian Weimer
>
> CC: linux-firmw...@kernel.org, "netdev@vger.kernel.org"
> , Derek Chickles
> , Satanand Burla
> , Felix Manlunas
> , Raghu
From: David Ahern
For starters, the bridge netfilter code registers operations that
are invoked any time nh_hook is called. Specifically, ip_sabotage_in
watches for nested calls for NF_INET_PRE_ROUTING when a bridge is in
the stack.
Packet wise, the bridge netfilter hook runs first.
From: Jacob Keller
Date: Fri, 7 Sep 2018 14:55:44 -0700
> Essentially reverts commit 8fd75c58a09a ("i40e: move ethtool
> stats boiler plate code to i40e_ethtool_stats.h", 2018-08-30), and
> additionally moves the similar code in i40evf into i40evf_ethtool.c.
>
> The code was intially moved
Essentially reverts commit 8fd75c58a09a ("i40e: move ethtool
stats boiler plate code to i40e_ethtool_stats.h", 2018-08-30), and
additionally moves the similar code in i40evf into i40evf_ethtool.c.
The code was intially moved from i40e_ethtool.c into i40e_ethtool_stats.h
as a way of better
Hello Steffen,
in one of your emails to Thomas you wrote:
> xfrm_lookup+0x2a is at the very beginning of xfrm_lookup(), here we
> find:
>
> u16 family = dst_orig->ops->family;
>
> ops has an offset of 32 bytes (20 hex) in dst_orig, so looks like
> dst_orig is NULL.
>
> In the forwarding case,
On 09/06/2018 07:13 PM, Alexei Starovoitov wrote:
On Fri, Aug 31, 2018 at 11:25:48PM +0200, Mauricio Vasquez B wrote:
In some applications this is needed have a pool of free elements, like for
example the list of free L4 ports in a SNAT. None of the current maps allow
to do it as it is not
We no longer take any spinlock on RX path for ingress qdisc,
so this lockdep annotation is no longer needed.
Cc: Jamal Hadi Salim
Signed-off-by: Cong Wang
---
net/sched/sch_api.c | 7 ---
1 file changed, 7 deletions(-)
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index
cl->leaf.q is slightly more readable than cl->un.leaf.q.
Cc: Jamal Hadi Salim
Signed-off-by: Cong Wang
---
net/sched/sch_htb.c | 98 ++---
1 file changed, 49 insertions(+), 49 deletions(-)
diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
Am Freitag, 31. August 2018, 08:50:24 schrieb Steffen Klassert:
> On Thu, Aug 30, 2018 at 08:53:50PM +0200, Wolfgang Walter wrote:
> > Hello,
> >
> > kernels > 4.12 do not work on one of our main routers. They crash as soon
> > as ipsec-tunnels are configured and ipsec-traffic actually flows.
>
On Thu, Sep 6, 2018 at 12:59 AM Vlad Buslov wrote:
>
> Functions tcf_block_get{_ext}() and tcf_block_put{_ext}() actually
> attach/detach block to specific Qdisc besides just taking/putting
> reference. Rename them according to their purpose.
Where exactly does it attach to?
Each qdisc provides
On Fri, 2018-09-07 at 20:28 +0300, Leon Romanovsky wrote:
> On Fri, Sep 07, 2018 at 01:14:37PM -0400, Doug Ledford wrote:
> > On Thu, 2018-09-06 at 16:03 +0300, Leon Romanovsky wrote:
> > > On Thu, Sep 06, 2018 at 10:04:33AM +0300, Arseny Maslennikov wrote:
> > > > On Wed, Sep 05, 2018 at
On Thu, Sep 6, 2018 at 12:59 AM Vlad Buslov wrote:
>
> Extend tcf_block with rcu to allow safe deallocation when it is accessed
> concurrently.
This sucks, please fold this patch into where you call rcu_read_lock()
on tcf block.
This patch _alone_ is apparently not complete. This is not how
we
On Thu, Sep 6, 2018 at 12:59 AM Vlad Buslov wrote:
>
> Extend Qdisc_class_ops with flags. Create enum to hold possible class ops
> flag values. Add first class ops flags value QDISC_CLASS_OPS_DOIT_UNLOCKED
> to indicate that class ops functions can be called without taking rtnl
> lock.
We don't
On Fri, Sep 7, 2018 at 6:52 AM Vlad Buslov wrote:
>
> Action API was changed to work with actions and action_idr in concurrency
> safe manner, however tcf_del_walker() still uses actions without taking a
> reference or idrinfo->lock first, and deletes them directly, disregarding
> possible
Hi David,
On Mon, 2018-09-03 at 20:54 -0600, David Ahern wrote:
> From init_net:
> $ ip monitor all-nsid
I thought the concern of the patch is the overhead of sending one
additional RTM_NEWLINK message. This workaround has likely higher
overhead. More importantly, it's so cumbersome, that I
On Fri, Sep 07, 2018 at 01:14:37PM -0400, Doug Ledford wrote:
> On Thu, 2018-09-06 at 16:03 +0300, Leon Romanovsky wrote:
> > On Thu, Sep 06, 2018 at 10:04:33AM +0300, Arseny Maslennikov wrote:
> > > On Wed, Sep 05, 2018 at 04:50:35PM +0300, Leon Romanovsky wrote:
> > > > On Mon, Sep 03, 2018 at
On Fri, Sep 07, 2018 at 01:14:51PM -0400, Doug Ledford wrote:
> On Fri, 2018-09-07 at 09:43 -0600, Jason Gunthorpe wrote:
> > On Thu, Sep 06, 2018 at 05:51:12PM +0300, Arseny Maslennikov wrote:
> > > Some tools may currently be using only the deprecated attribute;
> > > let's print an elaborate
On Thu, 2018-09-06 at 16:03 +0300, Leon Romanovsky wrote:
> On Thu, Sep 06, 2018 at 10:04:33AM +0300, Arseny Maslennikov wrote:
> > On Wed, Sep 05, 2018 at 04:50:35PM +0300, Leon Romanovsky wrote:
> > > On Mon, Sep 03, 2018 at 07:13:16PM +0300, Arseny Maslennikov wrote:
> > > > Signed-off-by:
On Fri, 2018-09-07 at 09:43 -0600, Jason Gunthorpe wrote:
> On Thu, Sep 06, 2018 at 05:51:12PM +0300, Arseny Maslennikov wrote:
> > Some tools may currently be using only the deprecated attribute;
> > let's print an elaborate and clear deprecation notice to kmsg.
> >
> > To do that, we have to
On 9/7/18 9:56 AM, D'Souza, Nelson wrote:
>
> *From:* David Ahern
> *Sent:* Thursday, September 6, 2018 5:27 PM
> *To:* D'Souza, Nelson; netdev@vger.kernel.org
> *Subject:* Re: [**EXTERNAL**] Re: VRF with enslaved L3
On Thu, Sep 06, 2018 at 05:51:12PM +0300, Arseny Maslennikov wrote:
> Some tools may currently be using only the deprecated attribute;
> let's print an elaborate and clear deprecation notice to kmsg.
>
> To do that, we have to replace the whole sysfs file, since we inherit
> the original one from
From: "Mehrtens, Hauke"
Date: Fri, 7 Sep 2018 15:10:53 +
> On a MIPS 32 Big endian system the netdev_sync_upper_features() function does
> not work correctly.
> It does not disbale bit 15 (NETIF_F_LRO, 0x8000), but 47
> (NETIF_F_HW_TC, 0x8000).
>
> The
Hi,
On a MIPS 32 Big endian system the netdev_sync_upper_features() function does
not work correctly.
It does not disbale bit 15 (NETIF_F_LRO, 0x8000), but 47
(NETIF_F_HW_TC, 0x8000).
The for_each_netdev_feature() macro is used to go over all netdev feature flags
and
Re-sent due to HTML e-mail mess up, apologies.
-- Forwarded message --
From: Lorenz Bauer
Date: 7 September 2018 at 15:53
Subject: Allow bpf_perf_event_output to access packet data
To: netdev@vger.kernel.org, Alexei Starovoitov ,
Daniel Borkmann
Hello list,
I'm attempting to
On Fri, 7 Sep 2018 17:22:21 +0300, Vlad Buslov wrote:
> Change flower in_hw_count type to fixed-size u32 and dump it as
> TCA_FLOWER_IN_HW_COUNT. This change is necessary to properly test shared
> blocks and re-offload functionality.
>
> Signed-off-by: Vlad Buslov
> Acked-by: Jiri Pirko
LGTM,
Change flower in_hw_count type to fixed-size u32 and dump it as
TCA_FLOWER_IN_HW_COUNT. This change is necessary to properly test shared
blocks and re-offload functionality.
Signed-off-by: Vlad Buslov
Acked-by: Jiri Pirko
---
include/net/sch_generic.h| 2 +-
include/uapi/linux/pkt_cls.h |
The current implementation adds configured vlans as "vlan": [ ... ] into
an array. This is malformed json and fails to be parsed. This patch
creates an object to include this key value pair.
Test with:
ip l a type bridge
./bridge/bridge -j vlan | jq
fixes c7c1a1ef5
Signed-off-by: Tobias Jungel
Action API was changed to work with actions and action_idr in concurrency
safe manner, however tcf_del_walker() still uses actions without taking a
reference or idrinfo->lock first, and deletes them directly, disregarding
possible concurrent delete.
Add tc_action_wq workqueue to action API.
To clarify with an example i used to test
your patches:
#0 add ingress filter
$TC qdisc add dev $P ingress
#1 add filter
$TC filter add dev $P parent : protocol ip prio 10 \
u32 match ip protocol 1 0xff
#2 display
$TC filter ls dev $P parent :
#3 try to delete root
$TC filter delete dev
On 2018-09-06 10:35 p.m., Al Viro wrote:
On Thu, Sep 06, 2018 at 06:21:09AM -0400, Jamal Hadi Salim wrote:
[..]
Argh... Unfortunately, there's this: in u32_delete() we have
if (root_ht) {
if (root_ht->refcnt > 1) {
*last = false;
Hi,
I am bringing kernel bugzilla bug here 196399
https://bugzilla.kernel.org/show_bug.cgi?id=196399
This issue occurred last time two months ago and I wonder if it appears
again. Can you confirm if there is any issue related to network device
suspend/resume.
last instance is here
Hi,
I am bringing kernel bugzilla bug here
https://bugzilla.kernel.org/show_bug.cgi?id=196399
This issue occured 2 months ago and we didn't see this again. Wondering
if that appears again. Can you confirm if there is any bug in network
suspend/resume in the case.
One more instance here
On 09/07/2018 03:44 AM, Edward Cree wrote:
>
> Any suggestions on how to construct a test that will?
>
Say 50 concurrent netperf -t TCP_RR -- -r 8000,8000
This way you have a mix of GRO-candidates, and non GRO ones (pure acks)
GRO sizes would be reasonable (not full size GRO packets).
On 07/09/18 03:32, Eric Dumazet wrote:
> Your performance numbers are not convincing, since TCP stream test should
> get nominal GRO gains.
I'm not quite sure what you mean here, could you explain a bit more?
> Adding this complexity and icache pressure needs more experimental results.
>
> What
On 07/09/18 03:27, Eric Dumazet wrote:
> On 09/06/2018 07:26 AM, Edward Cree wrote:
>> Signed-off-by: Edward Cree
> Lack of changelog here ?
>
> I do not know what is a good packet.
The comment on netif_receive_skb_list() defines this as "skbs for which
netif_receive_skb() would have returned
From: Casey Leedom
When a non-zero VLAN Tag ID is passed to t4_set_vlan_acl()
then impose mandatory VLAN Usage with that VLAN ID.
I.e any other VLAN ID should result in packets getting
dropped.
Signed-off-by: Casey Leedom
Signed-off-by: Ganesh Goudar
---
Hello,
didn't respond as I've been on vacation.
Am Freitag, 31. August 2018, 08:50:24 schrieb Steffen Klassert:
> On Thu, Aug 30, 2018 at 08:53:50PM +0200, Wolfgang Walter wrote:
> > Hello,
> >
> > kernels > 4.12 do not work on one of our main routers. They crash as soon
> > as ipsec-tunnels
On Fri 07 Sep 2018 at 09:11, Jakub Kicinski
wrote:
> On Thu, 6 Sep 2018 18:37:23 +0300, Vlad Buslov wrote:
>> Change flower in_hw_count type to fixed-size u32 and dump it as
>> TCA_FLOWER_IN_HW_COUNT. This change is necessary to properly test shared
>> blocks and re-offload functionality.
>>
On Thu, 6 Sep 2018 18:37:23 +0300, Vlad Buslov wrote:
> Change flower in_hw_count type to fixed-size u32 and dump it as
> TCA_FLOWER_IN_HW_COUNT. This change is necessary to properly test shared
> blocks and re-offload functionality.
>
> Signed-off-by: Vlad Buslov
> Acked-by: Jiri Pirko
> ---
From: Björn Töpel
When an AF_XDP UMEM is attached to any of the Rx rings, we disallow a
user to change the number of descriptors via e.g. "ethtool -G IFNAME".
Otherwise, the size of the stash/reuse queue can grow unbounded, which
would result in OOM or leaking userspace buffers.
Signed-off-by:
From: Björn Töpel
NB! The v1 was sent via the bpf-next tree. This time the series is
routed via JeffK's Intel Wired tree to minimize the risk for i40e
merge conflicts.
This series addresses an AF_XDP zero-copy issue that buffers passed
from userspace to the kernel was leaked when the hardware
From: Björn Töpel
Outstanding Rx descriptors are temporarily stored on a stash/reuse
queue. When/if the HW rings comes up again, entries from the stash are
used to re-populate the ring.
The latter required some restructuring of the allocation scheme for
the AF_XDP zero-copy implementation.
From: Jakub Kicinski
XSK UMEM is strongly single producer single consumer so reuse of
frames is challenging. Add a simple "stash" of FILL packets to
reuse for drivers to optionally make use of. This is useful
when driver has to free (ndo_stop) or resize a ring with an active
AF_XDP ZC socket.
From: Björn Töpel
When the zero-copy enabled XDP Tx ring is torn down, due to
configuration changes, outstandning frames on the hardware descriptor
ring are queued on the completion ring.
The completion ring has a back-pressure mechanism that will guarantee
that there is sufficient space on the
On Thu, 6 Sep 2018 at 17:13, Alexei Starovoitov
wrote:
> bpf_map_pop_elem() is trying to do lookup_and_delete and preserve
> validity of value without races.
> With pcpu_freelist I don't think there is a solution.
> We can have this queue/stack map without prealloc and use kmalloc/kfree
> back
52 matches
Mail list logo