On 9/9/16 3:53 PM, Mahesh Bandewar wrote:
> diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
> index 0c5415b05ea9..95edd1737ab5 100644
> --- a/drivers/net/Kconfig
> +++ b/drivers/net/Kconfig
> @@ -149,6 +149,7 @@ config IPVLAN
> tristate "IP-VLAN support"
> depends on INET
>
On 9/9/16 12:26 PM, Cyrill Gorcunov wrote:
> In criu we are actively using diag interface to collect sockets
> present in the system when dumping applications. And while for
> unix, tcp, udp[lite], packet, netlink it works as expected,
> the raw sockets do not have. Thus add it.
>
> CC: David S.
On 9/9/16 4:46 PM, Mahesh Bandewar (महेश बंडेवार) wrote:
> On Fri, Sep 9, 2016 at 3:26 PM, David Ahern <d...@cumulusnetworks.com> wrote:
>> On 9/9/16 3:53 PM, Mahesh Bandewar wrote:
>>> diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
>>> index
No longer needed
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
drivers/net/vrf.c| 38 --
include/net/l3mdev.h | 12
include/net/route.h | 10 --
net/ipv4/raw.c | 6 --
net/ipv4/udp.c | 6 -
No longer used
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
drivers/net/vrf.c | 5 ++---
include/net/flow.h | 3 +--
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
index ccce59fbb2b3..55674b0e65b7 100644
--- a/drivers/net
Flip the IPv4 output path to use the l3mdev tx out hook. The VRF dst
is not returned on the first FIB lookup. Instead, the dst on the
skb is switched at the beginning of the IPv4 output processing to
send the packet to the VRF driver on xmit.
Signed-off-by: David Ahern <d...@cumulusnetworks.
No longer used
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
include/net/l3mdev.h | 29 -
1 file changed, 29 deletions(-)
diff --git a/include/net/l3mdev.h b/include/net/l3mdev.h
index a5e506eb51de..a586035c97cb 100644
--- a/include/net/l3mdev.h
No longer used
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
drivers/net/vrf.c| 21 -
include/net/l3mdev.h | 21 -
2 files changed, 42 deletions(-)
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
index 3a34f547c578..ccce59fbb2b3
Allow an L3 master device to act as the loopback for that L3 domain.
For IPv4 the device can also have the address 127.0.0.1.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
include/net/l3mdev.h | 6 +++---
net/ipv4/route.c | 8 ++--
net/ipv6/route.c | 12 +
This patch adds the infrastructure to the output path to pass an skb
to an l3mdev device if it has a hook registered. This is the Tx parallel
to l3mdev_ip{6}_rcv in the receive path and is the basis for removing
the existing hook that returns the vrf dst on the fib lookup.
Signed-off-by: David
A previous patch added l3mdev flow update making these hooks
redundant. Remove them.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
net/ipv4/ip_output.c| 3 +--
net/ipv4/route.c| 12 ++--
net/ipv4/xfrm4_policy.c | 2 +-
net/ipv6/ip6_output.c | 2 --
ne
No longer needed
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
drivers/net/vrf.c | 41 -
include/net/l3mdev.h | 11 ---
net/ipv6/ip6_output.c | 9 +
net/l3mdev/l3mdev.c | 24
4 files chan
s? e.g., perhaps a dst
reference is cached on a socket
From 068b1b8362ec5fd1b9dffdbd6e84474ada2eb829 Mon Sep 17 00:00:00 2001
From: David Ahern <d...@cumulusnetworks.com>
Date: Thu, 11 Feb 2016 02:40:12 -0800
Subject: [PATCH] Add tracepoints to dev_hold and dev_put
Signed-off-by: David Ah
On 9/10/16 4:05 PM, Cyrill Gorcunov wrote:
> On Sat, Sep 10, 2016 at 10:31:35AM -0600, David Ahern wrote:
>>
>> Would you mind adding the destroy capability as well? The udp version
>> should be close to what is needed for raw sockets. See udp_diag_destroy
>>
On 9/12/16 11:26 AM, Hannes Frederic Sowa wrote:
> Hello,
>
> On 12.09.2016 16:27, Andreas Hübner wrote:
>> Hi,
>>
>> I'm currently debugging a potential issue with the icmpv6 stack and
>> hopefully this is the correct place to ask. (Was actually looking for a
>> more specific list, but didn't
On 9/12/16 12:01 PM, Mahesh Bandewar wrote:
> +struct sk_buff *ipvlan_l3_rcv(struct net_device *dev, struct sk_buff *skb,
> + u16 proto)
> +{
> + struct ipvl_addr *addr;
> + struct net_device *sdev;
> +
> + addr = ipvlan_skb_to_addr(skb, dev);
> + if
On 9/13/16 10:00 PM, Lorenzo Colitti wrote:
> On Fri, Sep 9, 2016 at 2:23 PM, Lorenzo Colitti wrote:
>> RFC patch sent out as http://patchwork.ozlabs.org/patch/667892/ . This
>> achieves a fair bit of simplification with no or negligible
>> performance impact, because there
No longer used after e0d56fdd73422 ("net: l3mdev: remove redundant calls")
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
include/net/l3mdev.h | 24
1 file changed, 24 deletions(-)
diff --git a/include/net/l3mdev.h b/include/net/l3mdev.h
in
No longer used after d66f6c0a8f3c0 ("net: ipv4: Remove l3mdev_get_saddr")
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
drivers/net/vrf.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
index 55674b0e65b7..85c271c70d42 1006
(by dsa@)
>
> CC: David S. Miller <da...@davemloft.net>
> CC: Eric Dumazet <eric.duma...@gmail.com>
> CC: David Ahern <d...@cumulusnetworks.com>
> CC: Alexey Kuznetsov <kuz...@ms2.inr.ac.ru>
> CC: James Morris <jmor...@namei.org>
> CC: Hideaki YOSH
On 9/15/16 4:48 PM, Eric Dumazet wrote:
> On Fri, 2016-09-16 at 00:01 +0300, Cyrill Gorcunov wrote:
>
>> Here I get kicked off the server. Login back
>>
>> [cyrill@uranus ~] ssh root@pcs7
>> Last login: Thu Sep 15 23:20:42 2016 from gateway
>> [root@pcs7 ~]# cd /home/iproute2/
>> [root@pcs7
On 9/15/16 6:14 PM, Mahesh Bandewar wrote:
> diff --git a/drivers/net/ipvlan/ipvlan.h b/drivers/net/ipvlan/ipvlan.h
> index 695a5dc9ace3..371f4548c42d 100644
> --- a/drivers/net/ipvlan/ipvlan.h
> +++ b/drivers/net/ipvlan/ipvlan.h
> @@ -23,11 +23,13 @@
> #include
> #include
> #include
>
.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
drivers/net/vrf.c| 124 ++-
include/net/l3mdev.h | 8 ++--
net/ipv6/route.c | 11 +++--
net/l3mdev/l3mdev.c | 15 +++
4 files changed, 100 insertions(+), 58 deletions(-)
and tcpdump.
David Ahern (11):
net: flow: Add l3mdev flow update
net: l3mdev: Add hook to output path
net: l3mdev: Allow the l3mdev to be a loopback
net: vrf: Flip IPv4 output path from FIB lookup hook to out hook
net: vrf: Flip ipv6 output path
net: l3mdev: remove redundant calls
. It is redundant for existing hooks (those are
removed in later patches) but is needed for missed lookups such as
PMTU updates.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
include/net/l3mdev.h | 6 ++
net/ipv4/fib_rules.c | 3 +++
net/ipv6/fib6_rules.c | 3 +++
net/
On 9/12/16 12:02 AM, Christophe JAILLET wrote:
> diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
> index abfbe492ebfe..795af25cf84c 100644
> --- a/net/ipv4/inet_diag.c
> +++ b/net/ipv4/inet_diag.c
> @@ -1134,7 +1134,6 @@ int inet_diag_handler_get_info(struct sk_buff *skb,
> struct sock
On 9/11/16 7:45 PM, Mark Tomlinson wrote:
> The function ip_rcv_finish() calls l3mdev_ip_rcv(). On any VRF except
> the global VRF, this replaces skb->dev with the VRF master interface.
> When calling ip_route_input_noref() from here, the checks for forwarding
> look at this master device instead
On 9/26/16 4:38 PM, Cyrill Gorcunov wrote:
> Something like
>
> Index: linux-ml.git/include/uapi/linux/inet_diag.h
> ===
> --- linux-ml.git.orig/include/uapi/linux/inet_diag.h2016-09-11
> 20:56:18.191584145 +0300
> +++
On 9/26/16 11:02 AM, Jiri Benc wrote:
> On Mon, 26 Sep 2016 17:56:22 +0200, Jiri Benc wrote:
>> After push_mpls, network_header points to the start of MPLS headers.
>> Which I understand was the point of this patch. However, push_mpls also
>> calls invalidate_flow_key. Meaning that, depending on
this patch also seems to resolve.
Patch is from Andrew Collins <acoll...@cradlepoint.com>, but did not have
a formal sign-off. The patch applies to top of tree, so no change made on
my part I just pulled it off the web.
From: Andrew Collins <acoll...@cradlepoint.com>
Signed-off-by: Da
On 10/4/16 3:06 PM, David Miller wrote:
> Applied and queued up for -stable, thanks.
While our original problem was fixed by this patch, Roopa found another series
of commands where it fails to properly do dev_put so a followup is needed.
On 9/15/16 2:36 PM, Eric Dumazet wrote:
> On Thu, 2016-09-15 at 14:25 -0600, David Ahern wrote:
>> On 9/15/16 2:22 PM, Cyrill Gorcunov wrote:
>>>> ss -K is not working. Socket lookup fails to find a match due to a
>>>> protocol mismatch.
>>>
On 9/15/16 2:22 PM, Cyrill Gorcunov wrote:
>> ss -K is not working. Socket lookup fails to find a match due to a protocol
>> mismatch.
>>
>> haven't had time to track down why there is a mismatch since the kill uses
>> the socket returned
>> from the dump. Won't have time to come back to this
On 9/15/16 2:22 PM, Cyrill Gorcunov wrote:
>> ss -K is not working. Socket lookup fails to find a match due to a protocol
>> mismatch.
>>
>> haven't had time to track down why there is a mismatch since the kill uses
>> the socket returned
>> from the dump. Won't have time to come back to this
On 9/16/16 1:00 PM, Cyrill Gorcunov wrote:
> I created veth pair and bound raw socket into it.
>
> [root@pcs7 iproute2]# misc/ss -A raw
> State Recv-Q Send-QLocal Address:Port
> Peer Address:Port
On 9/16/16 1:15 PM, Vincent Bernat wrote:
>> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
>> index ad4a7ff301fc..48bae2ee2e18 100644
>> --- a/net/ipv6/route.c
>> +++ b/net/ipv6/route.c
>> @@ -1991,9 +1991,19 @@ static struct rt6_info *ip6_route_info_create(struct
>> fib6_config *cfg)
>>
On 9/16/16 1:52 PM, Cyrill Gorcunov wrote:
> On Fri, Sep 16, 2016 at 01:47:57PM -0600, David Ahern wrote:
>>>>
>>>> I'm guessing you passed IPPROTO_RAW (255) as the protocol to socket(). If
>>>> you pass something
>>>> else (IPPROTO_ICMP f
quot;)
> Signed-off-by: Vincent Bernat <vinc...@bernat.im>
> ---
> net/ipv6/route.c | 11 ++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
Acked-by: David Ahern <d...@cumulusnetworks.com>
Tested-by: David Ahern <d...@cumulusnetworks.com>
On 9/16/16 2:33 PM, Vincent Bernat wrote:
> Commit 8c14586fc320 ("net: ipv6: Use passed in table for nexthop
> lookups") introduced a regression: insertion of an IPv6 route in a table
> not containing the appropriate connected route for the gateway but which
> contained a non-connected route (like
an explicit namespace crossing; that happens via the
route lookup and setting dst on the skb. I guess for this use case it is ok.
>
> Signed-off-by: Mahesh Bandewar <mahe...@google.com>
> CC: David Ahern <d...@cumulusnetworks.com>
> ---
> Documentation/networking/ipv
On 9/22/16 4:10 PM, Mark Tomlinson wrote:
>
> On 09/23/2016 03:14 AM, David Ahern wrote:
>>
>> l3mdev devices do not support IPv4 multicast so checking mcast against that
>> device should not be working at all. For that reason I was fine with the
>> change in the
On 9/22/16 9:06 PM, Mark Tomlinson wrote:
>
> On 09/23/2016 10:41 AM, David Ahern wrote:
>> On 9/22/16 4:10 PM, Mark Tomlinson wrote:
>>> On 09/23/2016 03:14 AM, David Ahern wrote:
>>>> l3mdev devices do not support IPv4 multicast so checking mcast against
>&
On 9/21/16 5:53 AM, Jiri Pirko wrote:
> From: Jiri Pirko
>
> Until now, in order to offload a FIB entry to HW we use switchdev op.
> However that has limits. Mainly in case we need to make the HW aware of
> all route prefixes configured in kernel. HW needs to know those in
On 9/21/16 10:13 PM, Mark Tomlinson wrote:
> The previous patch to ensure that the original iif was used when
> checking for forwarding also meant that this same interface was used to
> determine whether multicast packets should be received or not. This was
> incorrect, and would cause multicast
On 9/22/16 9:05 AM, Jiri Pirko wrote:
> Thu, Sep 22, 2016 at 04:58:20PM CEST, d...@cumulusnetworks.com wrote:
>> On 9/21/16 5:53 AM, Jiri Pirko wrote:
>>> From: Jiri Pirko
>>>
>>> Until now, in order to offload a FIB entry to HW we use switchdev op.
>>> However that has limits.
On 9/16/16 6:55 AM, Vincent Bernat wrote:
> Commit 8c14586fc320 ("net: ipv6: Use passed in table for nexthop
> lookups") introduced a regression: insertion of an IPv6 route in a table
> not containing the appropriate connected route for the gateway but which
> contained a non-connected route (like
On 9/16/16 1:39 PM, Cyrill Gorcunov wrote:
> On Fri, Sep 16, 2016 at 01:30:28PM -0600, David Ahern wrote:
>>> [root@pcs7 iproute2]# misc/ss -A raw
>>> State Recv-Q Send-QLocal Address:Port
>>>
On 8/17/16 5:16 PM, Alexander Duyck wrote:
>> diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
>> index 1ecbd7715f6d..6d78f162a88b 100644
>> --- a/net/openvswitch/actions.c
>> +++ b/net/openvswitch/actions.c
>> @@ -167,6 +167,12 @@ static int push_mpls(struct sk_buff *skb, struct
On 8/17/16 7:06 PM, Alexander Duyck wrote:
> On Wed, Aug 17, 2016 at 4:23 PM, David Ahern <d...@cumulusnetworks.com> wrote:
>> On 8/17/16 5:16 PM, Alexander Duyck wrote:
>>>> diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
>>>>
On 8/23/16 12:06 PM, Lorenzo Colitti wrote:
> @@ -713,10 +728,11 @@ static bool valid_markcond(const struct inet_diag_bc_op
> *op, int len,
> return len >= *min_len;
> }
>
> -static int inet_diag_bc_audit(struct nlattr *attr)
> +static int inet_diag_bc_audit(struct nlattr *attr, const
On 8/22/16 8:15 PM, Eric Dumazet wrote:
> Hi David
>
> It seems you forgot the sock_diag_check_cookie() call, but other than
> that this patch looks fine.
>
> Thanks.
indeed. will fix tomorrow and re-send. Thanks for the review.
This implements SOCK_DESTROY for UDP sockets similar to what was done
for TCP with commit c1e64e298b8ca ("net: diag: Support destroying TCP
sockets.") A process with a UDP socket targeted for destroy is awakened
and recvmsg fails with ECONNABORTED.
Signed-off-by: Davi
On 8/22/16 8:51 AM, Simon Horman wrote:
>
> The scheme that OvS uses so far is that mac_len denotes the number of bytes
> from the start of the MAC header until its end. In the absence of MPLS that
> will be the beginning of the network header. And in the presence of MPLS it
> will be the
ckets")
Reported-by: Lorenzo Colitti <lore...@google.com>
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
net/ipv4/tcp.c | 2 --
net/ipv4/tcp_diag.c | 7 ++-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index f1a9
On 8/24/16 12:46 AM, Lorenzo Colitti wrote:
> This allows a privileged process to filter by socket mark when
> dumping sockets via INET_DIAG_BY_FAMILY. This is useful on
> systems that use mark-based routing such as Android.
>
> The ability to filter socket marks requires CAP_NET_ADMIN, which
>
ned-off-by: Lorenzo Colitti <lore...@google.com>
> ---
> include/uapi/linux/inet_diag.h | 6 ++
> net/ipv4/inet_diag.c | 36 +---
> 2 files changed, 39 insertions(+), 3 deletions(-)
Acked-by: David Ahern <d...@cumulusnetworks.com>
On 8/24/16 10:28 AM, pravin shelar wrote:
>> How do you feel about implementing the do_output() idea I suggested above?
>> I'm happy to provide testing and review.
>
> I am not sure about changing do_output(). why not just use same scheme
> to track mpls header in OVS datapath as done in mpls
+++---
> 1 file changed, 17 insertions(+), 11 deletions(-)
>
Acked-by: David Ahern <d...@cumulusnetworks.com>
On 8/24/16 11:41 AM, pravin shelar wrote:
> You also need to change pop_mpls().
What change is needed in pop_mpls? It already resets the mac_header and if MPLS
labels are removed there is no need to set network_header. I take it you mean
if the protocol is still MPLS and there are still labels
On 8/29/16 6:29 AM, Simon Horman wrote:
> I have tested this series for both of the following:
> * IPv4 in MPLS (just after the ethernet header)
> * IPv4 in MPLS in GRE (TEB)
>
> Things seem to work fine.
>
> Tested-by: Simon Horman
>
> Expanding a little on the
On 9/27/16 1:45 AM, Jiri Benc wrote:
> On Mon, 26 Sep 2016 20:04:06 -0600, David Ahern wrote:
>> you know this code better than me, but key_extract pulls the eth
>> header and then sets network header. If MPLS labels are present then
>> it is the labels that the network_head
ions(+), 9 deletions(-)
>
Acked-by: David Ahern <d...@cumulusnetworks.com>
Jiri / Veaceslav:
As author's of the adjacency tracking code in dev.c I am hoping you can help
with suggested patches for a couple of problems. The start point needs to
include commit 93409033ae65 which resolved a different problem from what I am
seeing now.
At the moment I have 2 cases both
On 10/26/16 2:41 AM, Thomas Graf wrote:
> On 10/25/16 at 03:30pm, David Ahern wrote:
>> @@ -171,6 +177,9 @@ int __cgroup_bpf_run_filter(struct sock *sk,
>> case BPF_CGROUP_INET_EGRESS:
>> ret = __cgroup_bpf_run_filter_skb(skb, prog);
>>
On 10/26/16 12:39 AM, ido...@idosch.org wrote:
> From: Ido Schimmel
>
> netdev_next_lower_dev() returns NULL when we finished traversing the
> adjacency list ('iter' points to the list's head). Therefore, we must
> start traversing the list from the first entry and not its
On 10/26/16 2:33 AM, Daniel Borkmann wrote:
> Sure, I understand that, and I know it was brought up at netconf, I'm
> just still wondering in general if BPF is a good fit here in the sense
> that what the program can do is just really really limited (at least
> right now). Hmm, just trying to
t;option" field
* cleanup comments
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
[ Patch from Mickaël modified to add subtype arg to pe_prog_is_valid_access
which was missing, removed the landlock references since they are
the bpf_sock_store_u32 helper
- dropped the new prog type BPF_PROG_TYPE_CGROUP_SOCK
- moved valid access and context conversion to use subtype
- dropped CREATE from BPF_CGROUP_INET_SOCK and related function names
- moved running of filter from sk_alloc to inet{6}_create
Signed-off-by: David Ahern &l
sk_alloc to inet{6}_create
David Ahern (5):
bpf: Refactor cgroups code in prep for new type
bpf: Add eBPF program subtype and is_valid_subtype() verifier
bpf: Add new cgroup attach type to enable sock modifications
samples: bpf: Add prog_subtype to bpf_prog_load
samples: bpf: add userspace
prog type and add prog_subtype
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
samples/bpf/Makefile | 2 ++
samples/bpf/test_cgrp2_sock.c | 84 +++
2 files changed, 86 insertions(+)
create mode 100644 samples/bpf/test_cgrp2_sock.c
Add bpf_prog_subtype argument to bpf_prog_load. If arg is non-NULL,
it is added to the attr passed to the bpf system call.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
samples/bpf/bpf_load.c | 2 +-
samples/bpf/fds_example.c | 2 +-
samples/bpf/libbpf.c | 5 -
s
Code move only and rename only; no functional change intended.
v2
- fix bpf_prog_run_clear_cb to bpf_prog_run_save_cb as caught by Daniel
- rename BPF_PROG_TYPE_CGROUP_SKB and its cg_skb functions to
BPF_PROG_TYPE_CGROUP and cgroup
Signed-off-by: David Ahern <d...@cumulusnetworks.
Add a simple program to demonstrate the ability to attach a bpf program
to a cgroup that sets sk_bound_dev_if for AF_INET{6} sockets when they
are created.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
samples/bpf/Makefile | 2 ++
samples/bpf/bpf_helpers.h
for all AF_INET{6}
sockets opened by a process in a cgroup when the sockets are allocated.
This capability enables running any program in a VRF context and is key
to deploying Management VRF, a fundamental configuration for networking
gear, with any Linux OS installation.
David Ahern (3):
bpf
On 10/25/16 5:01 PM, Daniel Borkmann wrote:
>> diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
>> index a0ab43f264b0..918c01a6f129 100644
>> --- a/kernel/bpf/cgroup.c
>> +++ b/kernel/bpf/cgroup.c
>> @@ -117,6 +117,19 @@ void __cgroup_bpf_update(struct cgroup *cgrp,
>> }
>> }
>>
>>
On 10/25/16 8:48 PM, Eric Dumazet wrote:
> Maybe I do not understand how you plan to use this.
>
> Let say you want a filter to force a BIND_TO_DEVICE xxx because a task
> runs in a cgroup yyy
>
> Then a program doing a socket() + connect (127.0.0.1) will fail ?
maybe. VRF devices can have
: 1a3f060c1a47 ("net: Introduce new api for walking upper and
lower devices")
Reported-by: Ido Schimmel <ido...@mellanox.com>
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
net/core/dev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --
On 10/25/16 5:28 PM, Daniel Borkmann wrote:
>> +BPF_CALL_3(bpf_sock_store_u32, struct sock *, sk, u32, offset, u32, val)
>> +{
>> +u8 *ptr = (u8 *)sk;
>> +
>> +if (unlikely(offset > sizeof(*sk)))
>> +return -EFAULT;
>> +
>> +*((u32 *)ptr) = val;
>> +
>> +return 0;
>> +}
>
On 10/25/16 7:55 PM, Alexei Starovoitov wrote:
> Same question as Daniel... why extra helper?
It can be dropped. wrong path while learning this code.
> If program overwrites bpf_sock->sk_bound_dev_if can we use that
> after program returns?
> Also do you think it's possible to extend this patch
Code move only; no functional change intended.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
kernel/bpf/cgroup.c | 27 ++-
kernel/bpf/syscall.c | 28 +++-
2 files changed, 37 insertions(+), 18 deletions(-)
diff --git a/kern
program.
This allows a cgroup to be configured such that AF_INET{6} sockets opened
by processes are automatically bound to a specific device. In turn, this
enables the running of programs that do not support SO_BINDTODEVICE in a
specific VRF context / L3 domain.
Signed-off-by: David Ahern &l
On 10/25/16 5:39 PM, Eric Dumazet wrote:
> On Tue, 2016-10-25 at 15:30 -0700, David Ahern wrote:
>> Add new cgroup based program type, BPF_PROG_TYPE_CGROUP_SOCK. Similar to
>> BPF_PROG_TYPE_CGROUP_SKB programs can be attached to a cgroup and run
>> any time a process in the cg
-by: Lorenzo Colitti <lore...@google.com>
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
net/ipv4/ip_output.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 49714010ac2e..9403fa3850be 100644
--- a/net
On 11/8/16 11:38 PM, Lorenzo Colitti wrote:
> On Wed, Nov 9, 2016 at 7:50 AM, David Ahern <d...@cumulusnetworks.com> wrote:
>> @@ -1577,7 +1577,8 @@ void ip_send_unicast_reply(struct sock *sk, struct
>> sk_buff *skb,
>
> Tested-by: Lorenzo Colitti <lore...@google
On 11/8/16 10:08 AM, Hannes Frederic Sowa wrote:
> On 08.11.2016 02:08, David Ahern wrote:
>>
>> Can anyone explain why host routes and anycast routes for IPv6 are added
>> with the device set to loopback versus the device with the address:
>>
>> local ::1 d
<lore...@google.com>
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
net/ipv4/ip_output.c | 3 ++-
net/ipv6/tcp_ipv6.c | 8 ++--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 03e7f7310423..7cf627b0b248 100644
On 11/9/16 7:48 PM, David Miller wrote:
> From: David Ahern <d...@cumulusnetworks.com>
> Date: Tue, 8 Nov 2016 14:50:31 -0800
>
>> Lorenzo noted an Android unit test failed due to commit e0d56fdd7342:
>> "The expectation in the test was that the RST replying to
On 11/7/16 3:13 AM, Lorenzo Colitti wrote:
> What should we do here? It would seem that now that
> netif_index_is_l3_master has been resurrected, it's appropriate to use
> it here as well. The user-visible behaviour changed only two months
> ago. Unless we think that RSTs should always mirror the
On 11/7/16 7:26 PM, YOSHIFUJI Hideaki wrote:
> Once I tried I did not work.
> You could try again to see what happens.
I did and both worked fine in quick POC testing. I'll do more in-depth testing
and send a patch. Thanks.
Can anyone explain why host routes and anycast routes for IPv6 are added with
the device set to loopback versus the device with the address:
local ::1 dev lo proto none metric 0 pref medium
local 2000:1:: dev lo proto none metric 0 pref medium
local 2000:1::3 dev lo proto none metric 0
;)
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
v2
- use skb_dst versus skb_rtable
net/ipv4/icmp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 53a890b605fc..691146abde2d 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp
; no functional change is intended.
DaveM: Given the impact of this bug (both cases requiring a reboot) I
would like to get this backported to at least the 4.8 tree which as I
understand it has been targeted as the next LTS.
David Ahern (11):
net: Remove refnr arg when inserting link adjacencies
net
. If the callback returns non-0, the walk is terminated and
the functions return that code back to callers.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
include/linux/netdevice.h | 17 +
net/core/dev.c| 158 ++
2 files c
Convert alb_send_learning_packets and bond_has_this_ip to use the new
netdev_walk_all_upper_dev_rcu API. In both cases this is just a move
to the new API; no functional change is intended.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
drivers/net/bonding/bond_alb.c
Convert ixgbe users of the old macros to new dev walk API.
This is just a move to the new API; no functional change is intended.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 132 --
1 file chang
.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
net/core/dev.c | 22 +++---
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index 52e70a3d61a4..ad5e7bfda403 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -5700,6 +
Only direct adjacencies are maintained. All upper or lower devices can
be learned via the new walk API which recursively walks the adj_list for
upper devices or lower devices.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
include/linux/netdevice.h | 25 -
net/core
Convert mlxsw users to new dev walk API. This is just a move to the
new API; no functional change is intended.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 37 --
1 file changed, 23 insertions(+), 14 del
Convert ipoib_get_net_dev_match_addr to the new upper device walk API.
This is just a move to the new API; no functional change is intended.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
drivers/infiniband/ulp/ipoib/ipoib_main.c | 37 +--
1 file c
Convert rocker to the new dev walk API. This is just a code conversion;
no functional change is intended.
Signed-off-by: David Ahern <d...@cumulusnetworks.com>
---
drivers/net/ethernet/rocker/rocker_main.c | 31 ---
1 file changed, 24 insertions(+), 7 del
901 - 1000 of 3466 matches
Mail list logo