332-8-mathew.j.martin...@linux.intel.com/T/#u
Cc: Cong Wang
Cc: Xin Long
Cc: Johannes Berg
Cc: Sean Tranchetti
Cc: Paolo Abeni
Cc: Pablo Neira Ayuso
Signed-off-by: Florian Westphal
---
net/netlink/af_netlink.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net
port=10011
[SF_ESTABLISHED] token=83f3a692 remid=0 locid=1 saddr4=10.0.2.2 daddr4=10.0.1.1
sport=40195 dport=10011 backup=0
[CLOSED] token=83f3a692
Signed-off-by: Florian Westphal
---
include/libgenl.h | 1 +
include/uapi/linux/mptcp.h | 2 +
ip/ipmptcp.c
Use the new exit_pre hook to NULL the netlink socket.
The net namespace core will do a synchronize_rcu() between the exit_pre
and exit/exit_batch handlers.
Signed-off-by: Florian Westphal
---
net/xfrm/xfrm_user.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/net
This function is called during boot, from ipv4 stack, there is no need
to set the pointer to NULL (static storage duration, so already NULL).
No need for the synchronize_rcu either. Remove both.
Signed-off-by: Florian Westphal
---
net/xfrm/xfrm_policy.c | 3 ---
1 file changed, 3 deletions
xfrm session decode ipv4 path (but not ipv6) sets this, but there are no
consumers. Remove it.
Signed-off-by: Florian Westphal
---
include/net/flow.h | 3 ---
net/xfrm/xfrm_policy.c | 39 ---
2 files changed, 42 deletions(-)
diff --git a/include/net
.
Third patch avoids a synchronize_rcu during netns destruction.
Florian Westphal (3):
flow: remove spi key from flowi struct
xfrm: remove stray synchronize_rcu from xfrm_init
xfrm: avoid synchronize_rcu during netns destruction
include/net/flow.h | 3 ---
net/xfrm/xfrm_policy.c | 42
Cole Dishington wrote:
> Introduce changes to add ESP connection tracking helper to netfilter
> conntrack. The connection tracking of ESP is based on IPsec SPIs. The
> underlying motivation for this patch was to allow multiple VPN ESP
> clients to be distinguished when using NAT.
>
> Added config
Stephen Rothwell wrote:
> net/bridge/netfilter/ebtables.c:1248:33: error: 'struct netns_xt' has no
> member named 'tables'
> 1248 | list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
> | ^
> include/linux/list.h:619:20: note: in definition of m
Michal Soltys wrote:
> On 3/29/21 10:52 PM, Ido Schimmel wrote:
> >
> > ip_route_me_harder() does not set source / destination port in the
> > flow key, so it explains why fib rules that use them are not hit after
> > mangling the packet. These keys were added in 4.17, but I
> > don't think this
DCCP is virtually never used, so no need to use space in struct net for it.
Put the pernet ipv4/v6 socket in the dccp ipv4/ipv6 modules instead.
Signed-off-by: Florian Westphal
---
include/net/net_namespace.h | 4
include/net/netns/dccp.h| 12
net/dccp/ipv4.c
Maciej Żenczykowski wrote:
> From: Maciej Żenczykowski
>
> The code is relying on the identical layout of the beginning
> of the v0 and v1 structs, but this can easily lead to code bugs
> if one were to try to extend this further...
What is the concern? These structs are part of ABI, they
cann
subflow aware release function")
> Signed-off-by: Paolo Abeni
Paolo, thanks for passing this to -net.
Acked-by: Florian Westphal
Colin King wrote:
> From: Colin Ian King
>
> Currently the call to nf_log_register is returning an error code that
> is not being assigned to ret and yet ret is being checked. Fix this by
> adding in the missing assignment.
Thanks for catching this.
Acked-by: Florian Westphal
Naresh Kamboju wrote:
> On Mon, 22 Mar 2021 at 18:15, Greg Kroah-Hartman
> wrote:
> >
> > From: Florian Westphal
> >
> > [ Upstream commit f07157792c633b528de5fc1dbe2e4ea54f8e09d4 ]
> >
> > mptcp_add_pending_subflow() performs a sock_hold() on the subf
Steffen Klassert wrote:
> Commit 94579ac3f6d0 ("xfrm: Fix double ESP trailer insertion in IPsec
> crypto offload.") added a XFRM_XMIT flag to avoid duplicate ESP trailer
> insertion on HW offload. This flag is set on the secpath that is shared
> amongst segments. This lead to a situation where som
Jia-Ju Bai wrote:
> When find_table_lock() returns NULL to t, no error return code of
> do_update_counters() is assigned.
Its -ENOENT.
> t = find_table_lock(net, name, &ret, &ebt_mutex);
^
ret is passed to find_table_lock, which passes it to
find
Pablo Neira Ayuso wrote:
> > If I understand correctly, the connection tracking netlink interface
> > is an exception here because it has its own handling of dealing with
> > congestion ("more reliable"?) so you need to disable the "default
> > congestion control"?
>
> In conntrack, you have to c
Yang Li wrote:
> Fix the following sparse warnings:
> net/xfrm/xfrm_policy.c:1303:22: warning: incorrect type in assignment
> (different address spaces)
> Reported-by: Abaci Robot
> Signed-off-by: Yang Li
> ---
> net/xfrm/xfrm_policy.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch and the reproducer did not trigger any
> issue:
>
> Reported-and-tested-by: syzbot+b53bbea2ad64f9cf8...@syzkaller.appspotmail.com
#syz-fix: mptcp: reset last_snd on subflow close
[ This patch is currently in mptcp-next ]
Alexander Lobakin wrote:
> we're in such context. This includes: build_skb() (called only
> from NIC drivers in NAPI Rx context) and {,__}napi_alloc_skb()
> (called from the same place or from kernel network softirq
> functions).
build_skb is called from sleepable context in drivers/net/tun.c .
P
Roi Dayan wrote:
> > Do you think rhashtable_insert_fast() in flow_offload_add() blocks for
> > dozens of seconds?
>
> I'm not sure. but its not only that but also the time to be in
> established state as only then we offload.
That makes it even more weird. Timeout for established is even large
Roi Dayan wrote:
> > TCP initial timeout is one minute, UDP 30 seconds.
> > That should surely be enough to do flow_offload_add (which extends
> > the timeout)?
>
> Yes, flow_offload_add() extends the timeout. but it needs to finish.
>
> >
> > Maybe something is doing flow_offload_add() for unc
Roi Dayan wrote:
> > > There is a 3rd caller nf_ct_gc_expired() which being called by 3
> > > other callers:
> > > nf_conntrack_find()
> > > nf_conntrack_tuple_taken()
> > > early_drop_list()
> >
> > Hm. I'm not sure yet what path is triggering this bug.
> >
> > Florian came up with the idea
menglong8.d...@gmail.com wrote:
> From: Menglong Dong
>
> For now, sysctl_wmem_max and sysctl_rmem_max are globally unified.
> It's not convenient in some case. For example, when we use docker
> and try to control the default udp socket receive buffer for each
> container.
>
> For that reason,
Dinghao Liu wrote:
> When register_pernet_subsys() fails, nf_nat_bysource
> should be freed just like when nf_ct_extend_register()
> fails.
Acked-by: Florian Westphal
esults in
> sysctl net/netfilter/nf_conntrack_buckets shows the wrong value when users
> update via the old way.
Oh, right!
Acked-by: Florian Westphal
Ben Greear wrote:
> I noticed my system has a hung process trying to 'rmmod nf_conntrack'.
>
> I've generally been doing the script that calls rmmod forever,
> but only extensively tested on 5.4 kernel and earlier.
>
> If anyone has any ideas, please let me know. This is from 'sysrq t'. I
> d
Jakub Kicinski wrote:
> > Got it. But a question: why tcp_tw_recycle can be removed totally?
> > it is also part of uAPI
>
> Good question, perhaps with tcp_tw_recycle we wanted to make sure users
> who depended on it notice removal, since the feature was broken by
> design?
>
> tcp_low_latency
Christian Perle reported a PMTU blackhole due to unexpected interaction
between the ip defragmentation that comes with connection tracking and
ip tunnels.
Unfortunately setting 'nopmtudisc' on the tunnel breaks the test
scenario even without netfilter.
Christinas setup looks like this:
+
t")
Reported-by: Christian Perle
Signed-off-by: Florian Westphal
---
net/ipv4/ip_output.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 89fff5f59eea..2ed0b01f72f0 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_outpu
Convert Christians bug description into a reproducer.
Cc: Shuah Khan
Cc: Pablo Neira Ayuso
Reported-by: Christian Perle
Signed-off-by: Florian Westphal
---
tools/testing/selftests/netfilter/Makefile| 3 +-
.../selftests/netfilter/ipip-conntrack-mtu.sh | 206 ++
2 files
stack then sends an error to itself because the packet exceeds
the device MTU.
Fixes: 23a3647bc4f93 ("ip_tunnels: Use skb-len to PMTU check.")
Cc: Stefano Brivio
Signed-off-by: Florian Westphal
---
net/ipv4/ip_tunnel.c | 11 +--
1 file changed, 5 insertions(+), 6 deletions(-)
dif
0.
> Prefix /0 has only one equivalence class.
Acked-by: Florian Westphal
o $?
> 0
>
> This is because the $lret in check_xfrm() is not a local variable.
Acked-by: Florian Westphal
Visa Hankala wrote:
> On Tue, Dec 29, 2020 at 05:01:27PM +0100, Florian Westphal wrote:
> > This is suspicious. Is prefixlen == 0 impossible?
> >
> > If not, then after patch
> > mask = ~0U << 32;
> >
> > ... and function returns 0.
>
> With
Visa Hankala wrote:
> Use three-way comparison for address elements to avoid integer
> wraparound in the result of xfrm_policy_addr_delta().
>
> This ensures that the search trees are built and traversed correctly
> when the difference between compared address elements is larger
> than INT_MAX.
Linus Torvalds wrote:
> On Tue, Dec 22, 2020 at 2:24 PM Florian Westphal wrote:
> >
> > strlcpy assumes src is a c-string. Check info->name before its used.
>
> If strlcpy is the only problem, then the fix is to use strscpy(),
> which doesn't have the design mis
sed.
Reported-by: syzbot+e86f7c428c8c50db6...@syzkaller.appspotmail.com
Fixes: 5859034d7eb8793 ("[NETFILTER]: x_tables: add RATEEST target")
Signed-off-by: Florian Westphal
---
RATEEST test in iptables.git still passes, syzbot repro setsockopt
fails with -ENAMETOOLONG.
diff --git a/
Linus Torvalds wrote:
> On Tue, Dec 22, 2020 at 6:44 AM syzbot
> wrote:
> >
> > The issue was bisected to:
> >
> > commit 2f78788b55ba ("ilog2: improve ilog2 for constant arguments")
>
> That looks unlikely, although possibly some constant folding
> improvement might make the fortify code notice
Jianguo Wu wrote:
> From: Jianguo Wu
A brief explanation would have helped.
This is for net tree.
> Signed-off-by: Jianguo Wu
Fixes: fc518953bc9c8d7d ("mptcp: add and use MIB counter infrastructure")
Acked-by: Florian Westphal
Gong, Sishuai wrote:
> Hi,
>
> We found a data race in linux kernel 5.3.11 that we are able to reproduce in
> x86 under specific interleavings. We are not sure about the consequence of
> this race now but it seems that the two memcpy() can lead to some
> inconsistency. We also noticed that bot
) with an
"MPTCP specific error" reason code.
mptcp-next doesn't support MP_TCPRST yet, this can be added in another
change.
Signed-off-by: Florian Westphal
---
net/mptcp/subflow.c | 47 ++---
1 file changed, 36 insertions(+), 11 deletions(-
lso possible to add a const qualifier to
security_inet_conn_request instead.
Signed-off-by: Florian Westphal
---
The code churn is unfortunate. Alternative would be to change
the function signature of ->route_req:
struct dst_entry *(*route_req)(struct sock *sk, ...
[ i.e., drop 'const'
b
to the merged function at the same time.
'send reset on unknown mptcp join token' is added in next patch.
Suggested-by: Paolo Abeni
Cc: Eric Dumazet
Signed-off-by: Florian Westphal
---
include/net/tcp.h| 9 -
net/ipv4/tcp_input.c | 9 ++---
net/ipv4/tcp_ipv4.c |
At the moment MPTCP can detect an invalid join request (invalid token,
max number of subflows reached, and so on) right away but cannot reject
the connection until the 3WHS has completed.
Instead the connection will complete and the subflow is reset afterwards.
To send the reset most information i
Jakub Kicinski wrote:
> On Mon, 23 Nov 2020 19:32:53 +0100 Florian Westphal wrote:
> > That comment is 18 years old, safe bet noone thought of
> > ipv6-in-tunnel-interface-added-as-bridge-port back then.
> >
> > Reviewed-by: Florian Westphal
>
> Sounds like
Marco Elver wrote:
[..]
> v6:
> * Revert usage of skb extensions due to potential memory leak. Patch 2/3 is
> now
> idential to that in v2.
> * Patches 1/3 and 3/3 are otherwise identical to v5.
The earlier series was already applied to net-next, so you need to
rebase on top of net-next and i
mptcp_sk_clone+0x33/0x1a0
[..] subflow_syn_recv_sock+0x2b1/0x690 [..]
Fixes: e16163b6e2b7 ("mptcp: refactor shutdown and close")
Cc: Paolo Abeni
Cc: Davide Caratti
Signed-off-by: Florian Westphal
---
net/mptcp/protocol.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ne
PACKET_HOST
> and returns early).
>
> If the comment is right and no one cares about the value of
> skb->pkt_type after br_dev_queue_push_xmit (which isn't true), resetting
> it to its original value should be safe.
That comment is 18 years old, safe bet noone thought of
ipv6-in-tunnel-interface-added-as-bridge-port back then.
Reviewed-by: Florian Westphal
Cong Wang wrote:
> From: Cong Wang
>
> NF_HOOK_LIST() uses list_del() to remove skb from the linked list,
> however, it is not sufficient as skb->next still points to other
> skb. We should just call skb_list_del_init() to clear skb->next,
> like the rest places which using skb list.
>
> This h
Ido Schimmel wrote:
> On Thu, Oct 29, 2020 at 05:36:19PM +, Aleksandr Nogikh wrote:
> > From: Aleksandr Nogikh
> >
> > Remote KCOV coverage collection enables coverage-guided fuzzing of the
> > code that is not reachable during normal system call execution. It is
> > especially helpful for f
Gustavo A. R. Silva wrote:
> In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning
> by explicitly adding a break statement instead of letting the code fall
> through to the next case.
Acked-by: Florian Westphal
Gustavo A. R. Silva wrote:
> In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple
> warnings by explicitly adding multiple break statements instead of just
> letting the code fall through to the next case.
Acked-by: Florian Westphal
Feel free to carry this in next
hich
> > sets this flag for both the directions of the nf_conn.
> >
> > Suggested-by: Florian Westphal
> > Signed-off-by: Numan Siddique
>
> Florian, LGTY?
Sorry, this one sailed past me.
Acked-by: Florian Westphal
Ramsay, Lincoln wrote:
[ patch looks good to me, I have no further comments ]
> > For build_skb path to work the buffer scheme would need to be changed
> > to reserve headroom, so yes, I think that the proposed patch is the
> > most convenient solution.
>
> I don't know about benefits/feasibili
Ramsay, Lincoln wrote:
> When performing IPv6 forwarding, there is an expectation that SKBs
> will have some headroom. When forwarding a packet from the aquantia
> driver, this does not always happen, triggering a kernel warning.
>
> The build_skb path fails to allow for an SKB header, but the ha
Ramsay, Lincoln wrote:
> > Ramsay, Lincoln wrote:
> > > The build_skb path fails to allow for an SKB header, but the hardware
> > > buffer it is built around won't allow for this anyway.
> >
> > What problem is being resolved here?
>
> Sorry... Do I need to re-post the context? (I thought the r
Ramsay, Lincoln wrote:
> The build_skb path fails to allow for an SKB header, but the hardware
> buffer it is built around won't allow for this anyway.
What problem is being resolved here?
Eric Dumazet wrote:
> From: Eric Dumazet
>
> syzbot found that we are not validating user input properly
> before copying 16 bytes [1].
> Using NLA_BINARY in ipaddr_policy[] for IPv6 address is not correct,
> since it ensures at most 16 bytes were provided.
Thanks Eric. Looks like this is the o
Pablo Neira Ayuso wrote:
> - if (unlikely(dst_xfrm(&rt->dst))) {
> + rt = (struct rtable *)tuplehash->tuple.dst_cache;
> +
> + if (unlikely(tuplehash->tuple.xmit_type == FLOW_OFFLOAD_XMIT_XFRM)) {
> memset(skb->cb, 0, sizeof(struct inet_skb_parm));
> IPCB(sk
Pablo Neira Ayuso wrote:
> +#define NET_DEVICE_PATH_STACK_MAX5
> +
> +struct net_device_path_stack {
> + int num_paths;
> + struct net_device_path path[NET_DEVICE_PATH_STACK_MAX];
> +};
[..]
> +int dev_fill_forward_path(const struct net_device *dev, const u8 *dad
in the header file.
Thanks Randy.
Acked-by: Florian Westphal
Randy Dunlap wrote:
> On 11/16/20 7:30 AM, Jakub Kicinski wrote:
> > On Mon, 16 Nov 2020 15:31:21 +0100 Florian Westphal wrote:
> >>>> @@ -4151,12 +4150,11 @@ enum skb_ext_id {
> >>>> #if IS_ENABLED(CONFIG_MPTCP)
> >>>> SKB_EXT_MPT
Matthieu Baerts wrote:
> > --- linux-next-20201113.orig/include/linux/skbuff.h
> > +++ linux-next-20201113/include/linux/skbuff.h
> > @@ -4137,7 +4137,6 @@ static inline void skb_set_nfct(struct s
> > #endif
> > }
> > -#ifdef CONFIG_SKB_EXTENSIONS
> > enum skb_ext_id {
> > #if IS_ENABLED(C
Numan Siddique wrote:
> On Tue, Nov 10, 2020 at 5:55 PM Florian Westphal wrote:
> >
> > Numan Siddique wrote:
> > > On Tue, Nov 10, 2020 at 3:06 AM Florian Westphal wrote:
> > > Thanks for the comments. I actually tried this approach first, but it
> >
Numan Siddique wrote:
> On Tue, Nov 10, 2020 at 3:06 AM Florian Westphal wrote:
> Thanks for the comments. I actually tried this approach first, but it
> doesn't seem to work.
> I noticed that for the committed connections, the ct tcp flag -
> IP_CT_TCP_FLAG_BE_LIBER
of
> tcp_in_window() check error or because it doesn't belong to an
> existing connection.
>
> An earlier attempt (see the link) tried to solve this problem for
> openvswitch in a different way. Florian Westphal instead suggested
> to be liberal in openvswitch for tcp packets
ceives the sk as part of its normal
> functionality. So we make sure to plumb state->sk through the various
> route_me_harder functions, and then make correct use of it following the
> example of __ip_queue_xmit().
Reviewed-by: Florian Westphal
Francesco Ruggeri wrote:
> On Wed, Oct 14, 2020 at 1:23 AM Florian Westphal wrote:
> >
> > Pablo Neira Ayuso wrote:
> > > Legacy would still be flawed though.
> >
> > Its fine too, new rule blob gets handled (and match/target checkentry
> > called) bef
Pablo Neira Ayuso wrote:
> > Yes, we iterate table on re-register and modify the existing entries.
>
> For iptables-nft, it might be possible to avoid this deregister +
> register ct hooks in the same transaction: Maybe add something like
> nf_ct_netns_get_all() to bump refcounters by one _iff_ t
Jozsef Kadlecsik wrote:
> > The "delay unregister" remark was wrt. the "all rules were deleted"
> > case, i.e. add a "grace period" rather than acting right away when
> > conntrack use count did hit 0.
>
> Now I understand it, thanks really. The hooks are removed, so conntrack
> cannot "see" the
Jozsef Kadlecsik wrote:
> > The repro clears all rules, waits 4 seconds, then restores the ruleset.
> > using iptables-restore < FOO; sleep 4; iptables-restore < FOO will not
> > result in any unregister ops.
> >
> > We could make kernel defer unregister via some work queue but i don't
> > see w
Jozsef Kadlecsik wrote:
> > Any comments?
> > Here is a simple reproducer. The idea is to show that keepalive packets
> > in an idle tcp connection will be dropped (and the connection will time
> > out) if conntrack hooks are de-registered and then re-registered. The
> > reproducer has two file
Numan Siddique wrote:
> On Tue, Oct 6, 2020 at 4:46 PM Florian Westphal wrote:
> >
> > nusid...@redhat.com wrote:
> > > From: Numan Siddique
> > >
> > > For a tcp packet which is part of an existing committed connection,
> > > nf_conntrack_in
nusid...@redhat.com wrote:
> From: Numan Siddique
>
> For a tcp packet which is part of an existing committed connection,
> nf_conntrack_in() will return err and set skb->_nfct to NULL if it is
> out of tcp window. ct action for this packet will set the ct_state
> to +inv which is as expected.
Since commit cfde141ea3faa30e ("mptcp: move option parsing into
mptcp_incoming_options()"), the 3rd function argument is no longer used.
Signed-off-by: Florian Westphal
---
include/net/mptcp.h | 6 ++
net/ipv4/tcp_input.c | 4 ++--
net/mptcp/options.c | 3 +--
3 files
Fabian Frederick wrote:
> run task on first CPU with netfilter counters reset and check
> cpu meta after another ping
Thanks!
Acked-by: Florian Westphal
Pablo Neira Ayuso wrote:
> Hi Will,
>
> Given this is for -stable maintainers only, I'd suggest:
>
> 1) Specify what -stable kernel versions this patch applies to.
>Explain that this problem is gone since what kernel version.
>
> 2) Maybe clarify that this is only for stable in the patch su
_clean_una(sk) which will free pages
that have been acked completely in the mean time.
Fixes: fb529e62d3f3 ("mptcp: break and restart in case mptcp sndbuf is full")
Signed-off-by: Florian Westphal
---
net/mptcp/protocol.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --gi
Randy Dunlap wrote:
> Drop duplicated words in net/netfilter/ and net/ipv4/netfilter/.
Reviewed-by: Florian Westphal
r on error)"
Signed-off-by: Florian Westphal
---
Brown paper bag patch. I will see if having distinct functions
for the mtcp_sendmsg and retransmit wq case is feasible/more
appropriate.
net/mptcp/protocol.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/net/mpt
Tong Zhang wrote:
> ct_sip_parse_numerical_param can only return 0 or 1, but the caller is
> checking parsing error using < 0
Reviewed-by: Florian Westphal
s triggers. Receiver
ends up with less data than it should get.
Fixes: 72511aab95c94d ("mptcp: avoid blocking in tcp_sendpages")
Signed-off-by: Florian Westphal
---
net/mptcp/protocol.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/mptcp/protocol.
y: syzbot+5accb5c62faa1d346...@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal
---
net/bridge/netfilter/ebtables.c | 4
1 file changed, 4 insertions(+)
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 1641f414d1ba..ebe33b60efd6 100644
--- a/ne
Miaohe Lin wrote:
> The skb_shared_info part of the data is assigned in the following loop.
Where?
Willy Tarreau wrote:
> On Sun, Aug 09, 2020 at 06:30:17PM +, George Spelvin wrote:
> > Even something simple like buffering 8 TSC samples, and adding them
> > at 32-bit offsets across the state every 8th call, would make a huge
> > difference.
>
> Doing testing on real hardware showed that re
Willy Tarreau wrote:
> diff --git a/include/linux/random.h b/include/linux/random.h
> index 9ab7443bd91b..9e22973b207c 100644
> --- a/include/linux/random.h
> +++ b/include/linux/random.h
> @@ -12,6 +12,7 @@
> #include
> #include
> #include
> +#include
>
> #include
>
> @@ -117,7 +118,
ally need to reply to
> IP and IPv6 packets ourselves and send these ICMP or ICMPv6 errors
> back, using the same encapsulating device. Patch 2/6, based on an
> original idea by Florian Westphal, adds the needed functionality,
> while patches 3/6 and 4/6 add matching support for VXLAN
Stephen Suryaputra wrote:
> On big-endian machine, the returned register data when the exthdr is
> present is not being compared correctly because little-endian is
> assumed. The function nft_cmp_fast_mask(), called by nft_cmp_fast_eval()
> and nft_cmp_fast_init(), calls cpu_to_le32().
>
> The fo
ARRAY_SIZE cannot be used.
Fixes: 9466a1ccebbe54 ("mptcp: enable JOIN requests even if cookies are in use")
Reported-by: kernel test robot
Signed-off-by: Florian Westphal
---
net/mptcp/syncookies.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/mptcp/sync
Florian Westphal wrote:
> Eric Dumazet wrote:
> > Fixes these errors:
> >
> > net/ipv4/syncookies.c: In function 'tcp_get_cookie_sock':
> > net/ipv4/syncookies.c:216:19: error: 'struct tcp_request_sock' has no
> > member name
^~~~
Ugh, sorry about this.
> make[3]: *** [scripts/Makefile.build:280: net/ipv4/syncookies.o] Error 1
> make[3]: *** Waiting for unfinished jobs
>
> Fixes: 9466a1ccebbe ("mptcp: enable JOIN requests even if cookies are in use")
> Signed-off-by: Eric Dumazet
> Cc: Fl
check we can establish connections also when syn cookies are in use.
Check that
MPTcpExtMPCapableSYNRX and MPTcpExtMPCapableACKRX increase for each
MPTCP test.
Check TcpExtSyncookiesSent and TcpExtSyncookiesRecv increase in netns2.
Signed-off-by: Florian Westphal
---
.../selftests/net/mptcp
syncookie code path needs to create an mptcp request sock.
Prepare for this and add mptcp prefix plus needed export of ops struct.
Signed-off-by: Florian Westphal
---
include/net/mptcp.h | 1 +
net/mptcp/subflow.c | 11 ++-
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git
back, we check that the token has not been registered
in the mean time. If it was, the connection needs to fall back to TCP.
Changes in v2:
- use req->syncookie instead of passing 'want_cookie' arg to ->init_req()
(Eric Dumazet)
Signed-off-by: Florian Westphal
---
include/n
when the token is already taken
in the syncookie case.
Therefore, move the retry logic to the caller to prepare for syncookie
support in mptcp.
Signed-off-by: Florian Westphal
---
net/mptcp/subflow.c | 9 -
net/mptcp/token.c | 12
2 files changed, 12 insertions(+), 9 dele
Also add test cases with MP_JOIN when tcp_syncookies sysctl is 2 (i.e.,
syncookies are always-on).
While at it, also print the test number and add the test number
to the pcap files that can be generated optionally.
This makes it easier to match the pcap to the test case.
Signed-off-by: Florian
request socket.
Suggested-by: Paolo Abeni
Signed-off-by: Florian Westphal
---
include/net/tcp.h | 2 ++
net/ipv4/syncookies.c | 38 ++
net/ipv4/tcp_input.c | 3 ---
net/ipv6/syncookies.c | 5 +
4 files changed, 37 insertions(+), 11 deletions
rg
Suggested-by: Paolo Abeni
Signed-off-by: Florian Westphal
---
net/ipv4/syncookies.c | 6 ++
net/mptcp/Makefile | 1 +
net/mptcp/ctrl.c | 1 +
net/mptcp/protocol.h | 20 +++
net/mptcp/subflow.c| 14 +
net/mptcp/syncookies.c | 132 +++
lper, __subflow_init_req, that can then be re-used
from the 'no insert' function added in a followup change.
Signed-off-by: Florian Westphal
---
net/mptcp/subflow.c | 32 ++--
1 file changed, 22 insertions(+), 10 deletions(-)
diff --git a/net/mptcp/subflow.c b/net/mptcp/s
1 - 100 of 1338 matches
Mail list logo
