Re: [PATCH next 3/3] ipvlan: Introduce l3s mode

On 9/9/16 3:53 PM, Mahesh Bandewar wrote: > diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig > index 0c5415b05ea9..95edd1737ab5 100644 > --- a/drivers/net/Kconfig > +++ b/drivers/net/Kconfig > @@ -149,6 +149,7 @@ config IPVLAN > tristate "IP-VLAN support" > depends on INET >

Re: [PATCH] net: ip, diag -- Add diag interface for raw sockets

On 9/9/16 12:26 PM, Cyrill Gorcunov wrote: > In criu we are actively using diag interface to collect sockets > present in the system when dumping applications. And while for > unix, tcp, udp[lite], packet, netlink it works as expected, > the raw sockets do not have. Thus add it. > > CC: David S.

Re: [PATCH next 3/3] ipvlan: Introduce l3s mode

On 9/9/16 4:46 PM, Mahesh Bandewar (महेश बंडेवार) wrote: > On Fri, Sep 9, 2016 at 3:26 PM, David Ahern <d...@cumulusnetworks.com> wrote: >> On 9/9/16 3:53 PM, Mahesh Bandewar wrote: >>> diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig >>> index

[PATCH net-next 07/11] net: ipv4: Remove l3mdev_get_saddr

No longer needed Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- drivers/net/vrf.c| 38 -- include/net/l3mdev.h | 12 include/net/route.h | 10 -- net/ipv4/raw.c | 6 -- net/ipv4/udp.c | 6 -

[PATCH net-next 11/11] net: flow: Remove FLOWI_FLAG_L3MDEV_SRC flag

No longer used Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- drivers/net/vrf.c | 5 ++--- include/net/flow.h | 3 +-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index ccce59fbb2b3..55674b0e65b7 100644 --- a/drivers/net

[PATCH net-next 04/11] net: vrf: Flip IPv4 output path from FIB lookup hook to out hook

Flip the IPv4 output path to use the l3mdev tx out hook. The VRF dst is not returned on the first FIB lookup. Instead, the dst on the skb is switched at the beginning of the IPv4 output processing to send the packet to the VRF driver on xmit. Signed-off-by: David Ahern <d...@cumulusnetworks.

[PATCH net-next 09/11] net: l3mdev: Remove l3mdev_fib_oif

No longer used Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- include/net/l3mdev.h | 29 - 1 file changed, 29 deletions(-) diff --git a/include/net/l3mdev.h b/include/net/l3mdev.h index a5e506eb51de..a586035c97cb 100644 --- a/include/net/l3mdev.h

[PATCH net-next 10/11] net: l3mdev: remove get_rtable method

No longer used Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- drivers/net/vrf.c| 21 - include/net/l3mdev.h | 21 - 2 files changed, 42 deletions(-) diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index 3a34f547c578..ccce59fbb2b3

[PATCH net-next 03/11] net: l3mdev: Allow the l3mdev to be a loopback

Allow an L3 master device to act as the loopback for that L3 domain. For IPv4 the device can also have the address 127.0.0.1. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- include/net/l3mdev.h | 6 +++--- net/ipv4/route.c | 8 ++-- net/ipv6/route.c | 12 +

[PATCH net-next 02/11] net: l3mdev: Add hook to output path

This patch adds the infrastructure to the output path to pass an skb to an l3mdev device if it has a hook registered. This is the Tx parallel to l3mdev_ip{6}_rcv in the receive path and is the basis for removing the existing hook that returns the vrf dst on the fib lookup. Signed-off-by: David

[PATCH net-next 06/11] net: l3mdev: remove redundant calls

A previous patch added l3mdev flow update making these hooks redundant. Remove them. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- net/ipv4/ip_output.c| 3 +-- net/ipv4/route.c| 12 ++-- net/ipv4/xfrm4_policy.c | 2 +- net/ipv6/ip6_output.c | 2 -- ne

[PATCH net-next 08/11] net: ipv6: Remove l3mdev_get_saddr6

No longer needed Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- drivers/net/vrf.c | 41 - include/net/l3mdev.h | 11 --- net/ipv6/ip6_output.c | 9 + net/l3mdev/l3mdev.c | 24 4 files chan

Re: [PATCH] net_namespace: fixed net_device reference leak

s? e.g., perhaps a dst reference is cached on a socket From 068b1b8362ec5fd1b9dffdbd6e84474ada2eb829 Mon Sep 17 00:00:00 2001 From: David Ahern <d...@cumulusnetworks.com> Date: Thu, 11 Feb 2016 02:40:12 -0800 Subject: [PATCH] Add tracepoints to dev_hold and dev_put Signed-off-by: David Ah

Re: [PATCH v2] net: ip, diag -- Add diag interface for raw sockets

On 9/10/16 4:05 PM, Cyrill Gorcunov wrote: > On Sat, Sep 10, 2016 at 10:31:35AM -0600, David Ahern wrote: >> >> Would you mind adding the destroy capability as well? The udp version >> should be close to what is needed for raw sockets. See udp_diag_destroy >>

Re: icmpv6: issue with routing table entries from link local addresses

On 9/12/16 11:26 AM, Hannes Frederic Sowa wrote: > Hello, > > On 12.09.2016 16:27, Andreas Hübner wrote: >> Hi, >> >> I'm currently debugging a potential issue with the icmpv6 stack and >> hopefully this is the correct place to ask. (Was actually looking for a >> more specific list, but didn't

Re: [PATCHv2 next 3/3] ipvlan: Introduce l3s mode

On 9/12/16 12:01 PM, Mahesh Bandewar wrote: > +struct sk_buff *ipvlan_l3_rcv(struct net_device *dev, struct sk_buff *skb, > + u16 proto) > +{ > + struct ipvl_addr *addr; > + struct net_device *sdev; > + > + addr = ipvlan_skb_to_addr(skb, dev); > + if

Re: [PATCH net-next v3] net: inet: diag: expose the socket mark to privileged processes.

On 9/13/16 10:00 PM, Lorenzo Colitti wrote: > On Fri, Sep 9, 2016 at 2:23 PM, Lorenzo Colitti wrote: >> RFC patch sent out as http://patchwork.ozlabs.org/patch/667892/ . This >> achieves a fair bit of simplification with no or negligible >> performance impact, because there

[PATCH net-next] net: l3mdev: Remove netif_index_is_l3_master

No longer used after e0d56fdd73422 ("net: l3mdev: remove redundant calls") Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- include/net/l3mdev.h | 24 1 file changed, 24 deletions(-) diff --git a/include/net/l3mdev.h b/include/net/l3mdev.h in

[PATCH net-next] net: vrf: Remove RT_FL_TOS

No longer used after d66f6c0a8f3c0 ("net: ipv4: Remove l3mdev_get_saddr") Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- drivers/net/vrf.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index 55674b0e65b7..85c271c70d42 1006

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

(by dsa@) > > CC: David S. Miller <da...@davemloft.net> > CC: Eric Dumazet <eric.duma...@gmail.com> > CC: David Ahern <d...@cumulusnetworks.com> > CC: Alexey Kuznetsov <kuz...@ms2.inr.ac.ru> > CC: James Morris <jmor...@namei.org> > CC: Hideaki YOSH

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On 9/15/16 4:48 PM, Eric Dumazet wrote: > On Fri, 2016-09-16 at 00:01 +0300, Cyrill Gorcunov wrote: > >> Here I get kicked off the server. Login back >> >> [cyrill@uranus ~] ssh root@pcs7 >> Last login: Thu Sep 15 23:20:42 2016 from gateway >> [root@pcs7 ~]# cd /home/iproute2/ >> [root@pcs7

Re: [PATCHv3 next 3/3] ipvlan: Introduce l3s mode

On 9/15/16 6:14 PM, Mahesh Bandewar wrote: > diff --git a/drivers/net/ipvlan/ipvlan.h b/drivers/net/ipvlan/ipvlan.h > index 695a5dc9ace3..371f4548c42d 100644 > --- a/drivers/net/ipvlan/ipvlan.h > +++ b/drivers/net/ipvlan/ipvlan.h > @@ -23,11 +23,13 @@ > #include > #include > #include >

[PATCH net-next 05/11] net: vrf: Flip IPv6 output path from FIB lookup hook to out hook

. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- drivers/net/vrf.c| 124 ++- include/net/l3mdev.h | 8 ++-- net/ipv6/route.c | 11 +++-- net/l3mdev/l3mdev.c | 15 +++ 4 files changed, 100 insertions(+), 58 deletions(-)

[PATCH net-next v2 00/11] net: Convert vrf to tx hook

and tcpdump. David Ahern (11): net: flow: Add l3mdev flow update net: l3mdev: Add hook to output path net: l3mdev: Allow the l3mdev to be a loopback net: vrf: Flip IPv4 output path from FIB lookup hook to out hook net: vrf: Flip ipv6 output path net: l3mdev: remove redundant calls

[PATCH net-next 01/11] net: flow: Add l3mdev flow update

. It is redundant for existing hooks (those are removed in later patches) but is needed for missed lookups such as PMTU updates. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- include/net/l3mdev.h | 6 ++ net/ipv4/fib_rules.c | 3 +++ net/ipv6/fib6_rules.c | 3 +++ net/

Re: [PATCH] net: inet: diag: Fix an error handling

On 9/12/16 12:02 AM, Christophe JAILLET wrote: > diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c > index abfbe492ebfe..795af25cf84c 100644 > --- a/net/ipv4/inet_diag.c > +++ b/net/ipv4/inet_diag.c > @@ -1134,7 +1134,6 @@ int inet_diag_handler_get_info(struct sk_buff *skb, > struct sock

Re: [PATCH] net: VRF: Pass original iif to ip_route_input()

On 9/11/16 7:45 PM, Mark Tomlinson wrote: > The function ip_rcv_finish() calls l3mdev_ip_rcv(). On any VRF except > the global VRF, this replaces skb->dev with the VRF master interface. > When calling ip_route_input_noref() from here, the checks for forwarding > look at this master device instead

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On 9/26/16 4:38 PM, Cyrill Gorcunov wrote: > Something like > > Index: linux-ml.git/include/uapi/linux/inet_diag.h > === > --- linux-ml.git.orig/include/uapi/linux/inet_diag.h2016-09-11 > 20:56:18.191584145 +0300 > +++

Re: [PATCH net-next 2/3] net: mpls: Fixups for GSO

On 9/26/16 11:02 AM, Jiri Benc wrote: > On Mon, 26 Sep 2016 17:56:22 +0200, Jiri Benc wrote: >> After push_mpls, network_header points to the start of MPLS headers. >> Which I understand was the point of this patch. However, push_mpls also >> calls invalidate_flow_key. Meaning that, depending on

[PATCH] Add netdev all_adj_list refcnt propagation to fix panic

this patch also seems to resolve. Patch is from Andrew Collins <acoll...@cradlepoint.com>, but did not have a formal sign-off. The patch applies to top of tree, so no change made on my part I just pulled it off the web. From: Andrew Collins <acoll...@cradlepoint.com> Signed-off-by: Da

Re: [PATCH net] Add netdev all_adj_list refcnt propagation to fix panic

On 10/4/16 3:06 PM, David Miller wrote: > Applied and queued up for -stable, thanks. While our original problem was fixed by this patch, Roopa found another series of commands where it fails to properly do dev_put so a followup is needed.

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On 9/15/16 2:36 PM, Eric Dumazet wrote: > On Thu, 2016-09-15 at 14:25 -0600, David Ahern wrote: >> On 9/15/16 2:22 PM, Cyrill Gorcunov wrote: >>>> ss -K is not working. Socket lookup fails to find a match due to a >>>> protocol mismatch. >>>

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On 9/15/16 2:22 PM, Cyrill Gorcunov wrote: >> ss -K is not working. Socket lookup fails to find a match due to a protocol >> mismatch. >> >> haven't had time to track down why there is a mismatch since the kill uses >> the socket returned >> from the dump. Won't have time to come back to this

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On 9/15/16 2:22 PM, Cyrill Gorcunov wrote: >> ss -K is not working. Socket lookup fails to find a match due to a protocol >> mismatch. >> >> haven't had time to track down why there is a mismatch since the kill uses >> the socket returned >> from the dump. Won't have time to come back to this

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On 9/16/16 1:00 PM, Cyrill Gorcunov wrote: > I created veth pair and bound raw socket into it. > > [root@pcs7 iproute2]# misc/ss -A raw > State Recv-Q Send-QLocal Address:Port > Peer Address:Port

Re: [PATCH] net: ipv6: fallback to full lookup if table lookup is unsuitable

On 9/16/16 1:15 PM, Vincent Bernat wrote: >> diff --git a/net/ipv6/route.c b/net/ipv6/route.c >> index ad4a7ff301fc..48bae2ee2e18 100644 >> --- a/net/ipv6/route.c >> +++ b/net/ipv6/route.c >> @@ -1991,9 +1991,19 @@ static struct rt6_info *ip6_route_info_create(struct >> fib6_config *cfg) >>

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On 9/16/16 1:52 PM, Cyrill Gorcunov wrote: > On Fri, Sep 16, 2016 at 01:47:57PM -0600, David Ahern wrote: >>>> >>>> I'm guessing you passed IPPROTO_RAW (255) as the protocol to socket(). If >>>> you pass something >>>> else (IPPROTO_ICMP f

Re: [v3] net: ipv6: fallback to full lookup if table lookup is unsuitable

quot;) > Signed-off-by: Vincent Bernat <vinc...@bernat.im> > --- > net/ipv6/route.c | 11 ++- > 1 file changed, 10 insertions(+), 1 deletion(-) Acked-by: David Ahern <d...@cumulusnetworks.com> Tested-by: David Ahern <d...@cumulusnetworks.com>

Re: [v2] net: ipv6: fallback to full lookup if table lookup is unsuitable

On 9/16/16 2:33 PM, Vincent Bernat wrote: > Commit 8c14586fc320 ("net: ipv6: Use passed in table for nexthop > lookups") introduced a regression: insertion of an IPv6 route in a table > not containing the appropriate connected route for the gateway but which > contained a non-connected route (like

Re: [PATCHv4 next 3/3] ipvlan: Introduce l3s mode

an explicit namespace crossing; that happens via the route lookup and setting dst on the skb. I guess for this use case it is ok. > > Signed-off-by: Mahesh Bandewar <mahe...@google.com> > CC: David Ahern <d...@cumulusnetworks.com> > --- > Documentation/networking/ipv

Re: [PATCH] net: VRF: Fix receiving multicast traffic

On 9/22/16 4:10 PM, Mark Tomlinson wrote: > > On 09/23/2016 03:14 AM, David Ahern wrote: >> >> l3mdev devices do not support IPv4 multicast so checking mcast against that >> device should not be working at all. For that reason I was fine with the >> change in the

Re: [PATCH] net: VRF: Fix receiving multicast traffic

On 9/22/16 9:06 PM, Mark Tomlinson wrote: > > On 09/23/2016 10:41 AM, David Ahern wrote: >> On 9/22/16 4:10 PM, Mark Tomlinson wrote: >>> On 09/23/2016 03:14 AM, David Ahern wrote: >>>> l3mdev devices do not support IPv4 multicast so checking mcast against >&

Re: [patch net-next 3/6] mlxsw: spectrum_router: Use FIB notifications instead of switchdev calls

On 9/21/16 5:53 AM, Jiri Pirko wrote: > From: Jiri Pirko > > Until now, in order to offload a FIB entry to HW we use switchdev op. > However that has limits. Mainly in case we need to make the HW aware of > all route prefixes configured in kernel. HW needs to know those in

Re: [PATCH] net: VRF: Fix receiving multicast traffic

On 9/21/16 10:13 PM, Mark Tomlinson wrote: > The previous patch to ensure that the original iif was used when > checking for forwarding also meant that this same interface was used to > determine whether multicast packets should be received or not. This was > incorrect, and would cause multicast

Re: [patch net-next 3/6] mlxsw: spectrum_router: Use FIB notifications instead of switchdev calls

On 9/22/16 9:05 AM, Jiri Pirko wrote: > Thu, Sep 22, 2016 at 04:58:20PM CEST, d...@cumulusnetworks.com wrote: >> On 9/21/16 5:53 AM, Jiri Pirko wrote: >>> From: Jiri Pirko >>> >>> Until now, in order to offload a FIB entry to HW we use switchdev op. >>> However that has limits.

Re: [PATCH] net: ipv6: fallback to full lookup if table lookup is unsuitable

On 9/16/16 6:55 AM, Vincent Bernat wrote: > Commit 8c14586fc320 ("net: ipv6: Use passed in table for nexthop > lookups") introduced a regression: insertion of an IPv6 route in a table > not containing the appropriate connected route for the gateway but which > contained a non-connected route (like

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On 9/16/16 1:39 PM, Cyrill Gorcunov wrote: > On Fri, Sep 16, 2016 at 01:30:28PM -0600, David Ahern wrote: >>> [root@pcs7 iproute2]# misc/ss -A raw >>> State Recv-Q Send-QLocal Address:Port >>>

Re: [PATCH net-next 2/3] net: mpls: Fixups for GSO

On 8/17/16 5:16 PM, Alexander Duyck wrote: >> diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c >> index 1ecbd7715f6d..6d78f162a88b 100644 >> --- a/net/openvswitch/actions.c >> +++ b/net/openvswitch/actions.c >> @@ -167,6 +167,12 @@ static int push_mpls(struct sk_buff *skb, struct

Re: [PATCH net-next 2/3] net: mpls: Fixups for GSO

On 8/17/16 7:06 PM, Alexander Duyck wrote: > On Wed, Aug 17, 2016 at 4:23 PM, David Ahern <d...@cumulusnetworks.com> wrote: >> On 8/17/16 5:16 PM, Alexander Duyck wrote: >>>> diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c >>>>

Re: [PATCH net-next 2/2] net: diag: allow socket bytecode filters to match socket marks

On 8/23/16 12:06 PM, Lorenzo Colitti wrote: > @@ -713,10 +728,11 @@ static bool valid_markcond(const struct inet_diag_bc_op > *op, int len, > return len >= *min_len; > } > > -static int inet_diag_bc_audit(struct nlattr *attr) > +static int inet_diag_bc_audit(struct nlattr *attr, const

Re: [PATCH v2 net-next] net: diag: support SOCK_DESTROY for UDP sockets

On 8/22/16 8:15 PM, Eric Dumazet wrote: > Hi David > > It seems you forgot the sock_diag_check_cookie() call, but other than > that this patch looks fine. > > Thanks. indeed. will fix tomorrow and re-send. Thanks for the review.

[PATCH v4 net-next] net: diag: support SOCK_DESTROY for UDP sockets

This implements SOCK_DESTROY for UDP sockets similar to what was done for TCP with commit c1e64e298b8ca ("net: diag: Support destroying TCP sockets.") A process with a UDP socket targeted for destroy is awakened and recvmsg fails with ECONNABORTED. Signed-off-by: Davi

Re: [PATCH net-next 2/3] net: mpls: Fixups for GSO

On 8/22/16 8:51 AM, Simon Horman wrote: > > The scheme that OvS uses so far is that mac_len denotes the number of bytes > from the start of the MAC header until its end. In the absence of MPLS that > will be the beginning of the network header. And in the presence of MPLS it > will be the

[PATCH] net: diag: Fix refcnt leak in error path destroying socket

ckets") Reported-by: Lorenzo Colitti <lore...@google.com> Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- net/ipv4/tcp.c | 2 -- net/ipv4/tcp_diag.c | 7 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index f1a9

Re: [PATCH net-next v2 2/2] net: diag: allow socket bytecode filters to match socket marks

On 8/24/16 12:46 AM, Lorenzo Colitti wrote: > This allows a privileged process to filter by socket mark when > dumping sockets via INET_DIAG_BY_FAMILY. This is useful on > systems that use mark-based routing such as Android. > > The ability to filter socket marks requires CAP_NET_ADMIN, which >

Re: [PATCH net-next v2 2/2] net: diag: allow socket bytecode filters to match socket marks

ned-off-by: Lorenzo Colitti <lore...@google.com> > --- > include/uapi/linux/inet_diag.h | 6 ++ > net/ipv4/inet_diag.c | 36 +--- > 2 files changed, 39 insertions(+), 3 deletions(-) Acked-by: David Ahern <d...@cumulusnetworks.com>

Re: [PATCH net-next 2/3] net: mpls: Fixups for GSO

On 8/24/16 10:28 AM, pravin shelar wrote: >> How do you feel about implementing the do_output() idea I suggested above? >> I'm happy to provide testing and review. > > I am not sure about changing do_output(). why not just use same scheme > to track mpls header in OVS datapath as done in mpls

Re: [PATCH net-next v2 1/2] net: diag: slightly refactor the inet_diag_bc_audit error checks.

+++--- > 1 file changed, 17 insertions(+), 11 deletions(-) > Acked-by: David Ahern <d...@cumulusnetworks.com>

Re: [PATCH net-next 2/3] net: mpls: Fixups for GSO

On 8/24/16 11:41 AM, pravin shelar wrote: > You also need to change pop_mpls(). What change is needed in pop_mpls? It already resets the mac_header and if MPLS labels are removed there is no need to set network_header. I take it you mean if the protocol is still MPLS and there are still labels

Re: [PATCH net-next v4 0/3] net: mpls: fragmentation and gso fixes for locally originated traffic

On 8/29/16 6:29 AM, Simon Horman wrote: > I have tested this series for both of the following: > * IPv4 in MPLS (just after the ethernet header) > * IPv4 in MPLS in GRE (TEB) > > Things seem to work fine. > > Tested-by: Simon Horman > > Expanding a little on the

Re: [PATCH net-next 2/3] net: mpls: Fixups for GSO

On 9/27/16 1:45 AM, Jiri Benc wrote: > On Mon, 26 Sep 2016 20:04:06 -0600, David Ahern wrote: >> you know this code better than me, but key_extract pulls the eth >> header and then sets network header. If MPLS labels are present then >> it is the labels that the network_head

Re: [PATCH net-next v2 2/3] mpls: move mpls_hdr to a common location

ions(+), 9 deletions(-) > Acked-by: David Ahern <d...@cumulusnetworks.com>

RFH: problems with adjacency graph

Jiri / Veaceslav: As author's of the adjacency tracking code in dev.c I am hoping you can help with suggested patches for a couple of problems. The start point needs to include commit 93409033ae65 which resolved a different problem from what I am seeing now. At the moment I have 2 cases both

Re: [PATCH net-next 2/3] bpf: Add new cgroups prog type to enable sock modifications

On 10/26/16 2:41 AM, Thomas Graf wrote: > On 10/25/16 at 03:30pm, David Ahern wrote: >> @@ -171,6 +177,9 @@ int __cgroup_bpf_run_filter(struct sock *sk, >> case BPF_CGROUP_INET_EGRESS: >> ret = __cgroup_bpf_run_filter_skb(skb, prog); >>

Re: [PATCH net-next] net: core: Traverse the adjacency list from first entry

On 10/26/16 12:39 AM, ido...@idosch.org wrote: > From: Ido Schimmel > > netdev_next_lower_dev() returns NULL when we finished traversing the > adjacency list ('iter' points to the list's head). Therefore, we must > start traversing the list from the first entry and not its

Re: [PATCH net-next 2/3] bpf: Add new cgroups prog type to enable sock modifications

On 10/26/16 2:33 AM, Daniel Borkmann wrote: > Sure, I understand that, and I know it was brought up at netconf, I'm > just still wondering in general if BPF is a good fit here in the sense > that what the program can do is just really really limited (at least > right now). Hmm, just trying to

[PATCH net-next 2/5] bpf: Add eBPF program subtype and is_valid_subtype() verifier

t;option" field * cleanup comments Signed-off-by: Mickaël Salaün <m...@digikod.net> Signed-off-by: David Ahern <d...@cumulusnetworks.com> [ Patch from Mickaël modified to add subtype arg to pe_prog_is_valid_access which was missing, removed the landlock references since they are

[PATCH v2 net-next 3/5] bpf: Add new cgroup attach type to enable sock modifications

the bpf_sock_store_u32 helper - dropped the new prog type BPF_PROG_TYPE_CGROUP_SOCK - moved valid access and context conversion to use subtype - dropped CREATE from BPF_CGROUP_INET_SOCK and related function names - moved running of filter from sk_alloc to inet{6}_create Signed-off-by: David Ahern &l

[PATCH v2 net-next 0/5] Add bpf support to set sk_bound_dev_if

sk_alloc to inet{6}_create David Ahern (5): bpf: Refactor cgroups code in prep for new type bpf: Add eBPF program subtype and is_valid_subtype() verifier bpf: Add new cgroup attach type to enable sock modifications samples: bpf: Add prog_subtype to bpf_prog_load samples: bpf: add userspace

[PATCH v2 net-next 5/5] samples: bpf: add userspace example for modifying sk_bound_dev_if

prog type and add prog_subtype Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- samples/bpf/Makefile | 2 ++ samples/bpf/test_cgrp2_sock.c | 84 +++ 2 files changed, 86 insertions(+) create mode 100644 samples/bpf/test_cgrp2_sock.c

[PATCH net-next 4/5] samples: bpf: Add prog_subtype to bpf_prog_load

Add bpf_prog_subtype argument to bpf_prog_load. If arg is non-NULL, it is added to the attr passed to the bpf system call. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- samples/bpf/bpf_load.c | 2 +- samples/bpf/fds_example.c | 2 +- samples/bpf/libbpf.c | 5 - s

[PATCH v2 net-next 1/5] bpf: Refactor cgroups code in prep for new type

Code move only and rename only; no functional change intended. v2 - fix bpf_prog_run_clear_cb to bpf_prog_run_save_cb as caught by Daniel - rename BPF_PROG_TYPE_CGROUP_SKB and its cg_skb functions to BPF_PROG_TYPE_CGROUP and cgroup Signed-off-by: David Ahern <d...@cumulusnetworks.

[PATCH net-next 3/3] samples: bpf: add userspace example for modifying sk_bound_dev_if

Add a simple program to demonstrate the ability to attach a bpf program to a cgroup that sets sk_bound_dev_if for AF_INET{6} sockets when they are created. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- samples/bpf/Makefile | 2 ++ samples/bpf/bpf_helpers.h

[PATCH net-next 0/3] Add bpf support to set sk_bound_dev_if

for all AF_INET{6} sockets opened by a process in a cgroup when the sockets are allocated. This capability enables running any program in a VRF context and is key to deploying Management VRF, a fundamental configuration for networking gear, with any Linux OS installation. David Ahern (3): bpf

Re: [PATCH net-next 1/3] bpf: Refactor cgroups code in prep for new type

On 10/25/16 5:01 PM, Daniel Borkmann wrote: >> diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c >> index a0ab43f264b0..918c01a6f129 100644 >> --- a/kernel/bpf/cgroup.c >> +++ b/kernel/bpf/cgroup.c >> @@ -117,6 +117,19 @@ void __cgroup_bpf_update(struct cgroup *cgrp, >> } >> } >> >>

Re: [PATCH net-next 2/3] bpf: Add new cgroups prog type to enable sock modifications

On 10/25/16 8:48 PM, Eric Dumazet wrote: > Maybe I do not understand how you plan to use this. > > Let say you want a filter to force a BIND_TO_DEVICE xxx because a task > runs in a cgroup yyy > > Then a program doing a socket() + connect (127.0.0.1) will fail ? maybe. VRF devices can have

[PATCH net-next] net: dev: Fix non-RCU based lower dev walker

: 1a3f060c1a47 ("net: Introduce new api for walking upper and lower devices") Reported-by: Ido Schimmel <ido...@mellanox.com> Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- net/core/dev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --

Re: [PATCH net-next 2/3] bpf: Add new cgroups prog type to enable sock modifications

On 10/25/16 5:28 PM, Daniel Borkmann wrote: >> +BPF_CALL_3(bpf_sock_store_u32, struct sock *, sk, u32, offset, u32, val) >> +{ >> +u8 *ptr = (u8 *)sk; >> + >> +if (unlikely(offset > sizeof(*sk))) >> +return -EFAULT; >> + >> +*((u32 *)ptr) = val; >> + >> +return 0; >> +} >

Re: [PATCH net-next 2/3] bpf: Add new cgroups prog type to enable sock modifications

On 10/25/16 7:55 PM, Alexei Starovoitov wrote: > Same question as Daniel... why extra helper? It can be dropped. wrong path while learning this code. > If program overwrites bpf_sock->sk_bound_dev_if can we use that > after program returns? > Also do you think it's possible to extend this patch

[PATCH net-next 1/3] bpf: Refactor cgroups code in prep for new type

Code move only; no functional change intended. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- kernel/bpf/cgroup.c | 27 ++- kernel/bpf/syscall.c | 28 +++- 2 files changed, 37 insertions(+), 18 deletions(-) diff --git a/kern

[PATCH net-next 2/3] bpf: Add new cgroups prog type to enable sock modifications

program. This allows a cgroup to be configured such that AF_INET{6} sockets opened by processes are automatically bound to a specific device. In turn, this enables the running of programs that do not support SO_BINDTODEVICE in a specific VRF context / L3 domain. Signed-off-by: David Ahern &l

Re: [PATCH net-next 2/3] bpf: Add new cgroups prog type to enable sock modifications

On 10/25/16 5:39 PM, Eric Dumazet wrote: > On Tue, 2016-10-25 at 15:30 -0700, David Ahern wrote: >> Add new cgroup based program type, BPF_PROG_TYPE_CGROUP_SOCK. Similar to >> BPF_PROG_TYPE_CGROUP_SKB programs can be attached to a cgroup and run >> any time a process in the cg

[PATCH] net: ipv4: ip_send_unicast_reply should set oif only if it is L3 master

-by: Lorenzo Colitti <lore...@google.com> Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- net/ipv4/ip_output.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 49714010ac2e..9403fa3850be 100644 --- a/net

Re: [PATCH] net: ipv4: ip_send_unicast_reply should set oif only if it is L3 master

On 11/8/16 11:38 PM, Lorenzo Colitti wrote: > On Wed, Nov 9, 2016 at 7:50 AM, David Ahern <d...@cumulusnetworks.com> wrote: >> @@ -1577,7 +1577,8 @@ void ip_send_unicast_reply(struct sock *sk, struct >> sk_buff *skb, > > Tested-by: Lorenzo Colitti <lore...@google

Re: Why are IPv6 host and anycast routes referencing lo device?

On 11/8/16 10:08 AM, Hannes Frederic Sowa wrote: > On 08.11.2016 02:08, David Ahern wrote: >> >> Can anyone explain why host routes and anycast routes for IPv6 are added >> with the device set to loopback versus the device with the address: >> >> local ::1 d

[PATCH] net: tcp response should set oif only if it is L3 master

<lore...@google.com> Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- net/ipv4/ip_output.c | 3 ++- net/ipv6/tcp_ipv6.c | 8 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 03e7f7310423..7cf627b0b248 100644

Re: [PATCH] net: ipv4: ip_send_unicast_reply should set oif only if it is L3 master

On 11/9/16 7:48 PM, David Miller wrote: > From: David Ahern <d...@cumulusnetworks.com> > Date: Tue, 8 Nov 2016 14:50:31 -0800 > >> Lorenzo noted an Android unit test failed due to commit e0d56fdd7342: >> "The expectation in the test was that the RST replying to

Re: [PATCH net-next 06/11] net: l3mdev: remove redundant calls

On 11/7/16 3:13 AM, Lorenzo Colitti wrote: > What should we do here? It would seem that now that > netif_index_is_l3_master has been resurrected, it's appropriate to use > it here as well. The user-visible behaviour changed only two months > ago. Unless we think that RSTs should always mirror the

Re: Why are IPv6 host and anycast routes referencing lo device?

On 11/7/16 7:26 PM, YOSHIFUJI Hideaki wrote: > Once I tried I did not work. > You could try again to see what happens. I did and both worked fine in quick POC testing. I'll do more in-depth testing and send a patch. Thanks.

Why are IPv6 host and anycast routes referencing lo device?

Can anyone explain why host routes and anycast routes for IPv6 are added with the device set to loopback versus the device with the address: local ::1 dev lo proto none metric 0 pref medium local 2000:1:: dev lo proto none metric 0 pref medium local 2000:1::3 dev lo proto none metric 0

[PATCH v2] net: icmp_route_lookup should use rt dev to determine L3 domain

;) Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- v2 - use skb_dst versus skb_rtable net/ipv4/icmp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 53a890b605fc..691146abde2d 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp

[PATCH net-next 00/11] net: Fix netdev adjacency tracking

; no functional change is intended. DaveM: Given the impact of this bug (both cases requiring a reboot) I would like to get this backported to at least the 4.8 tree which as I understand it has been targeted as the next LTS. David Ahern (11): net: Remove refnr arg when inserting link adjacencies net

[PATCH net-next 02/11] net: Introduce new api for walking upper and lower devices

. If the callback returns non-0, the walk is terminated and the functions return that code back to callers. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- include/linux/netdevice.h | 17 + net/core/dev.c| 158 ++ 2 files c

[PATCH net-next 03/11] net: bonding: Flip to the new dev walk API

Convert alb_send_learning_packets and bond_has_this_ip to use the new netdev_walk_all_upper_dev_rcu API. In both cases this is just a move to the new API; no functional change is intended. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- drivers/net/bonding/bond_alb.c

[PATCH net-next 06/11] ixgbe: Flip to the new dev walk API

Convert ixgbe users of the old macros to new dev walk API. This is just a move to the new API; no functional change is intended. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 132 -- 1 file chang

[PATCH net-next 11/11] net: dev: Improve debug statements for adjacency tracking

. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- net/core/dev.c | 22 +++--- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index 52e70a3d61a4..ad5e7bfda403 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -5700,6 +

[PATCH net-next 09/11] net: Remove all_adj_list and its references

Only direct adjacencies are maintained. All upper or lower devices can be learned via the new walk API which recursively walks the adj_list for upper devices or lower devices. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- include/linux/netdevice.h | 25 - net/core

[PATCH net-next 07/11] mlxsw: Flip to the new dev walk API

Convert mlxsw users to new dev walk API. This is just a move to the new API; no functional change is intended. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 37 -- 1 file changed, 23 insertions(+), 14 del

[PATCH net-next 05/11] IB/ipoib: Flip to new dev walk API

Convert ipoib_get_net_dev_match_addr to the new upper device walk API. This is just a move to the new API; no functional change is intended. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- drivers/infiniband/ulp/ipoib/ipoib_main.c | 37 +-- 1 file c

[PATCH net-next 08/11] rocker: Flip to the new dev walk API

Convert rocker to the new dev walk API. This is just a code conversion; no functional change is intended. Signed-off-by: David Ahern <d...@cumulusnetworks.com> --- drivers/net/ethernet/rocker/rocker_main.c | 31 --- 1 file changed, 24 insertions(+), 7 del

<    5   6   7   8   9   10   11   12   13   14   >