On Fri, 7 Jun 2019 00:27:52 +, Alexei Starovoitov wrote:
> the solution we're discussing should solve BPF_ANNOTATE_KV_PAIR too.
> That hack must go.
I see.
> If I understood your objections to Andrii's format is that
> you don't like pointer part of key/value while Andrii explained
> why we p
On Fri, 7 Jun 2019 01:04:14 +, Bshara, Nafea wrote:
> On Jun 6, 2019, at 4:43 PM, Jakub Kicinski wrote:
> >>> Okay, then you know which one is which. Are there multiple ENAs but
> >>> one EFA?
> >>
> >> Yes, very possible. Very common
> >&
ake through the full build system.
Speed up the "local" run which doesn't actually build anything,
and avoid false positives by skipping all the probes if not in
kbuild environment (cover both the new warning and the BTF
probes).
Reported-by: Quentin Monnet
Signed-off-by: Jakub Ki
On Thu, 6 Jun 2019 18:14:16 -0700, Jakub Kicinski wrote:
> On Fri, 7 Jun 2019 01:04:14 +, Bshara, Nafea wrote:
> > On Jun 6, 2019, at 4:43 PM, Jakub Kicinski wrote:
> > >>> Okay, then you know which one is which. Are there multiple ENAs but
> > >>&g
On Fri, 7 Jun 2019 21:34:00 +, Bshara, Nafea wrote:
> On 6/7/19, 2:27 PM, "Jakub Kicinski" wrote:
>
> On Thu, 6 Jun 2019 18:14:16 -0700, Jakub Kicinski wrote:
> > On Fri, 7 Jun 2019 01:04:14 +, Bshara, Nafea wrote:
> > > On Jun 6, 2019
On Fri, 7 Jun 2019 20:42:55 +, Patel, Vedang wrote:
> > Thanks for the changes, since you now validate no unknown flags are
> > passed, perhaps there is no need to check if flags are == ~0?
> >
> > IS_ENABLED() could just do: (flags) & TCA_TAPRIO_ATTR_FLAG_TXTIME_ASSIST
> > No?
> >
> This i
On Fri, 7 Jun 2019 22:27:07 +, Patel, Vedang wrote:
> Hi Jacub,
>
> > On Jun 7, 2019, at 3:02 PM, Jakub Kicinski
> > wrote:
> >
> > On Fri, 7 Jun 2019 20:42:55 +, Patel, Vedang wrote:
> >>> Thanks for the changes, since you now validate
On Fri, 7 Jun 2019 15:56:48 +0900, 양유석 wrote:
> Hi netdev!
>
> I'm kernel newbie and I'm not sure it's right place to ask though, if
> not please let me know the right place. :)
>
> I sent this mail to ask about net_device interface feature called
> 'tx-udp_tnl-segmentation'. Ethtool does not app
case there is
potential for abnormal behaviour and even the triggering of BUG() calls.
Set the skb network header field before the mac header pull when doing a
packet redirect.
Fixes: 27f54b582567 ("nfp: allow fallback packets from non-reprs")
Signed-off-by: John Hurley
Reviewed-by: Jaku
On Mon, 10 Jun 2019 11:09:19 -0600, David Ahern wrote:
> On 6/4/19 7:44 AM, Jiri Pirko wrote:
> > diff --git a/man/man8/devlink-dev.8 b/man/man8/devlink-dev.8
> > index 1804463b2321..1021ee8d064c 100644
> > --- a/man/man8/devlink-dev.8
> > +++ b/man/man8/devlink-dev.8
> > @@ -244,6 +244,17 @@ Sets
On Mon, 10 Jun 2019 11:30:24 -0600, David Ahern wrote:
> On 6/10/19 11:24 AM, Jakub Kicinski wrote:
> > On Mon, 10 Jun 2019 11:09:19 -0600, David Ahern wrote:
> >> On 6/4/19 7:44 AM, Jiri Pirko wrote:
> >>> diff --git a/man/man8/devlink-dev.8 b/man/man8/devlink-
On Mon, 10 Jun 2019 01:17:13 +, Alexei Starovoitov wrote:
> On 6/6/19 6:02 PM, Jakub Kicinski wrote:
> > On Fri, 7 Jun 2019 00:27:52 +, Alexei Starovoitov wrote:
> >> the solution we're discussing should solve BPF_ANNOTATE_KV_PAIR too.
> >> Tha
On Mon, 10 Jun 2019 15:56:00 -0600, David Ahern wrote:
> On 6/10/19 11:47 AM, Jakub Kicinski wrote:
> > It's the kernel that does this, the request_firmware() API. It's
> > documented in both devlink's and ethtool's API. I was initially
> > intendin
On Mon, 10 Jun 2019 18:02:29 +0200, Björn Töpel wrote:
> Jakub, what's your thoughts on the special handling of XDP offloading?
> Maybe it's just overkill? Just allocate space for the offloaded
> program regardless support or not? Also, please review the
> dev_xdp_support_offload() addition into th
On Mon, 15 Jul 2019 16:37:43 -0700, Stephen Hemminger wrote:
> On Mon, 15 Jul 2019 15:51:41 -0700
> Vedang Patel wrote:
> > @@ -442,6 +458,11 @@ static int taprio_print_opt(struct qdisc_util *qu,
> > FILE *f, struct rtattr *opt)
> >
> > print_string(PRINT_ANY, "clockid", "clockid %s",
> >
On Mon, 15 Jul 2019 17:24:22 -0700, Stephen Hemminger wrote:
> On Mon, 15 Jul 2019 17:15:15 -0700
> Jakub Kicinski wrote:
> > On Mon, 15 Jul 2019 16:37:43 -0700, Stephen Hemminger wrote:
> > > On Mon, 15 Jul 2019 15:51:41 -0700
> > > Vedang Patel wrote:
>
On Tue, 16 Jul 2019 09:17:03 -0700, Alexei Starovoitov wrote:
> I don't think we have a test for such 'dead prog only due to verifier walk'
> situation. I wonder what happens :)
FWIW we do have verifier and BTF self tests for dead code removal
of entire subprogs! :)
On Mon, 15 Jul 2019 13:49:01 -0700, John Fastabend wrote:
> Resolve a series of splats discovered by syzbot and an unhash
> TLS issue noted by Eric Dumazet.
I spent most of today poking at this set, and I'll continue tomorrow.
I'm not capitulating yet, but if I can't get it to work for tls_device
On Sun, 7 Jul 2019 06:44:27 +, Tariq Toukan wrote:
> On 7/6/2019 2:29 AM, David Miller wrote:
> > From: Tariq Toukan
> > Date: Fri, 5 Jul 2019 18:30:10 +0300
> >
> >> This series from Eran and me, adds TLS TX HW offload support to
> >> the mlx5 driver.
> >
> > Series applied, please dea
On Thu, 18 Jul 2019 07:40:22 +, Tariq Toukan wrote:
> On 7/17/2019 8:41 PM, Jakub Kicinski wrote:
> > On Sun, 7 Jul 2019 06:44:27 +, Tariq Toukan wrote:
> >> On 7/6/2019 2:29 AM, David Miller wrote:
> >>> From: Tariq Toukan
> >>
On Thu, 18 Jul 2019 16:20:41 +0200, Ilya Leoshkevich wrote:
> Hi Lorenz,
>
> I've been using the following patch for quite some time now.
> Please let me know if it works for you.
>
> Best regards,
> Ilya
>
> ---
>
> When OUTPUT is set, bpftool and libbpf put their objects into the same
> direc
device offload make sure we don't arm the strparser until
we are sure init will be successful.
Signed-off-by: John Fastabend
Signed-off-by: Jakub Kicinski
Reviewed-by: Dirk van der Merwe
---
include/net/tls.h| 7 ++---
net/tls/tls_device.c | 1 -
net/tls/tls_main.c
From: John Fastabend
Sockmap does not currently support adding sockets after TLS has been
enabled. There never was a real use case for this so it was never
added. But, we lost the test for ULP at some point so add it here
and fail the socket insert if TLS is enabled. Future work could
make sockma
Make sure we test the TLS_BASE/TLS_BASE case both with data
and the tear down/clean up path.
Signed-off-by: Jakub Kicinski
Reviewed-by: Dirk van der Merwe
---
tools/testing/selftests/net/tls.c | 74 +++
1 file changed, 74 insertions(+)
diff --git a/tools/testing
hecks which swap the callbacks back
only if TLS is at the top.
Reported-by: syzbot+06537213db7ba2745...@syzkaller.appspotmail.com
Fixes: 02c558b2d5d6 ("bpf: sockmap, support for msg_peek in sk_msg with
redirect ingress")
Signed-off-by: John Fastabend
Signed-off-by: Jakub Kicinski
Re
From: John Fastabend
We need to have a synchronize_rcu before free'ing the sockmap because
any outstanding psock references will have a pointer to the map and
when they use this could trigger a use after free.
Fixes: 604326b41a6fb ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-
bot.
v4:
- fix some use after frees;
- disable disconnect work for offload (ctx lifetime is much
more complex);
- remove some of the dead code which made it hard to understand
(for me) that things work correctly (e.g. the checks TLS is
the top ULP);
- add selftets.
Jakub Kicinski (7):
y: Eric Dumazet
Signed-off-by: John Fastabend
Signed-off-by: Jakub Kicinski
---
Documentation/networking/tls-offload.rst | 6 +++
include/net/tls.h| 5 ++-
net/tls/tls_main.c | 55
3 files changed, 65 insertions(+)
releasing the socket lock half way through
callbacks move arming strparser into a separate function.
Following patches will make use of that.
Signed-off-by: Jakub Kicinski
Reviewed-by: Dirk van der Merwe
---
include/net/tls.h| 1 +
net/tls/tls_device.c | 1 +
net/tls/tls_main.c | 8
Add test for killing the connection via shutdown.
Signed-off-by: Jakub Kicinski
Reviewed-by: Dirk van der Merwe
---
tools/testing/selftests/net/tls.c | 27 +++
1 file changed, 27 insertions(+)
diff --git a/tools/testing/selftests/net/tls.c
b/tools/testing/selftests
cel
work. Then because SCHEDULE bit is set now no new work will
be scheduled.
Tested with net selftests and bpf selftests.
Signed-off-by: John Fastabend
Signed-off-by: Jakub Kicinski
Reviewed-by: Dirk van der Merwe
---
include/net/tls.h | 2 ++
net/tls/tls_main.c | 3 +++
net/tls/tls_s
The deprecated TOE offload doesn't actually do anything in
tls_sk_proto_close() - all TLS code is skipped and context
not freed. Remove the callback to make it easier to refactor
tls_sk_proto_close().
Signed-off-by: Jakub Kicinski
Reviewed-by: Dirk van der Merwe
---
net/tls/tls_main.
Add test which sends some data with MSG_MORE and then
closes the socket (never calling send without MSG_MORE).
This should make sure we clean up open records correctly.
Signed-off-by: Jakub Kicinski
Reviewed-by: Dirk van der Merwe
---
tools/testing/selftests/net/tls.c | 10 ++
1 file
From: John Fastabend
__sock_map_delete() may be called from a tcp event such as unhash or
close from the following trace,
tcp_bpf_close()
tcp_bpf_remove()
sk_psock_unlink()
sock_map_delete_from_link()
__sock_map_delete()
In this case the sock lock is held but this
Test the error codes returned when TCP connection is not
in ESTABLISHED state.
Signed-off-by: Jakub Kicinski
Reviewed-by: Dirk van der Merwe
---
tools/testing/selftests/net/tls.c | 52 +++
1 file changed, 52 insertions(+)
diff --git a/tools/testing/selftests/net
Add a simple test which installs the TLS state for both directions,
sends and receives data on both sockets.
Signed-off-by: Jakub Kicinski
Reviewed-by: Dirk van der Merwe
---
tools/testing/selftests/net/tls.c | 31 +++
1 file changed, 31 insertions(+)
diff --git a
On Fri, 19 Jul 2019 10:29:13 -0700, Jakub Kicinski wrote:
> John says:
>
> Resolve a series of splats discovered by syzbot and an unhash
> TLS issue noted by Eric Dumazet.
Sorry for the delay, this code is quite tricky. According to my testing
TLS SW and HW should now work, I h
On Fri, 19 Jul 2019 15:12:24 +0200, Ilya Leoshkevich wrote:
> > Am 18.07.2019 um 20:51 schrieb Jakub Kicinski
> > :
> >
> > We should probably make a script with all the ways of calling make
> > should work. Otherwise we can lose track too easily.
>
> Thank
On Fri, 19 Jul 2019 13:00:25 +0200, Jiri Pirko wrote:
> +int netdev_name_node_alt_destroy(struct net_device *dev, char *name)
> +{
> + struct netdev_name_node *name_node;
> + struct net *net = dev_net(dev);
> +
> + name_node = netdev_name_node_lookup(net, name);
> + if (!name_node)
On Fri, 19 Jul 2019 13:00:26 +0200, Jiri Pirko wrote:
> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> index 7a2010b16e10..f11a2367037d 100644
> --- a/net/core/rtnetlink.c
> +++ b/net/core/rtnetlink.c
> @@ -980,6 +980,18 @@ static size_t rtnl_xdp_size(void)
> return xdp_size;
> }
On Fri, 19 Jul 2019 13:00:29 +0200, Jiri Pirko wrote:
> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> index 1fa30d514e3f..68ad12a7fc4d 100644
> --- a/net/core/rtnetlink.c
> +++ b/net/core/rtnetlink.c
> @@ -1793,6 +1793,8 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1]
> = {
I've been spending quite a bit of time fixing and
preventing bit rot in the core TLS code. TLS seems
to only be growing in importance, I'd like to help
ensuring the quality of our implementation.
Signed-off-by: Jakub Kicinski
Acked-by: Alexei Starovoitov
Acked-by: Daniel Borkmann
ipv6_flowlabel and ipv6_flowlabel_mgr are missing from
gitignore. Quentin points out that the original
commit 3fb321fde22d ("selftests/net: ipv6 flowlabel")
did add ignore entries, they are just missing the "ipv6_"
prefix.
Signed-off-by: Jakub Kicinski
Reviewed-by: Quenti
On Wed, 24 Jul 2019 05:10:35 +, Kevin Laatz wrote:
> Currently, addresses are chunk size aligned. This means, we are very
> restricted in terms of where we can place chunk within the umem. For
> example, if we have a chunk size of 2k, then our chunks can only be placed
> at 0,2k,4k,6k,8k... and
Please provide cover letter for the patch set.
On Thu, 25 Jul 2019 17:55:31 +0800, we...@ucloud.cn wrote:
> +static bool rhash_table_init;
> +int flow_indr_rhashtable_init(void)
> +{
> + int err = 0;
> +
> + if (!rhash_table_init) {
> + err = rhashtable_init(&indr_setup_block_h
d support")
> Suggested-by: Jakub Kicinski
> Signed-off-by: Tariq Toukan
> Signed-off-by: Saeed Mahameed
Acked-by: Jakub Kicinski
d support")
> Suggested-by: Jakub Kicinski
> Signed-off-by: Tariq Toukan
> Signed-off-by: Saeed Mahameed
> ---
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet
On Thu, 25 Jul 2019 20:36:50 +, Saeed Mahameed wrote:
> From: Tariq Toukan
>
> Align to the naming convention in TLS documentation.
>
> Fixes: 51a5e563298d ("nfp: tls: add basic statistics")
> Suggested-by: Jakub Kicinski
> Signed-off-by: Tariq Toukan
mentation")
> Suggested-by: Jakub Kicinski
> Signed-off-by: Tariq Toukan
> Signed-off-by: Saeed Mahameed
Acked-by: Jakub Kicinski
Thanks!
On Thu, 25 Jul 2019 21:59:08 +, Saeed Mahameed wrote:
> I couldn't find any rules regarding what to put in kernel log, Maybe
> someone can share ?. but i vaguely remember that the recommendation
> for device drivers is to put nothing, only error/warning messages.
FWIW my understanding is also
On Fri, 26 Jul 2019 16:36:19 -0700, Brian Vazquez wrote:
> > In bcc, we have many instances like this:
> > getting all (key value) pairs, do some analysis and output,
> > delete all keys
> >
> > The implementation typically like
> > /* to get all (key, value) pairs */
> > while(bpf_
On Fri, 26 Jul 2019 21:34:06 +0800, we...@ucloud.cn wrote:
> From: wenxu
>
> Because the new flow-indr-block can't get the tcf_block
> directly.
> It provide a callback to find the tcf block immediately
> when the device register and contain a ingress block.
>
> Signed-off-by: wenxu
Please CC
On Fri, 26 Jul 2019 21:34:05 +0800, we...@ucloud.cn wrote:
> From: wenxu
>
> move tc indirect block to flow_offload and rename
> it to flow indirect block.The nf_tables can use the
> indr block architecture.
>
> Signed-off-by: wenxu
> diff --git a/include/net/flow_offload.h b/include/net/flow_
On Sun, 28 Jul 2019 14:52:48 +0800, we...@ucloud.cn wrote:
> From: wenxu
>
> When thre indr device register, it can get the default block
> from tc immediately if the block is exist.
>
> Signed-off-by: wenxu
> ---
> v3: no change
> v4: get tc default block without callback
Please stop repostin
On Mon, 29 Jul 2019 10:43:56 +0800, wenxu wrote:
> On 7/29/2019 4:16 AM, Jakub Kicinski wrote:
> > I don't know the nft code, but it seems unlikely it wouldn't have the
> > same problem/need..
>
> nft don't have the same problem. The offload rule can o
bot reports and sometimes developer
> patches. The level of details in these messages, doesn't match the
> target audience of the XDP-newbies list. This is based on a survey on
> the mailing list, where 73% voted for removal from MAINTAINERS file.
>
> Signed-off-by: Jesper Dangaard Brouer
Acked-by: Jakub Kicinski
On Mon, 29 Jul 2019 15:05:34 +0800, wenxu wrote:
> On 7/29/2019 12:42 PM, Jakub Kicinski wrote:
> > On Mon, 29 Jul 2019 10:43:56 +0800, wenxu wrote:
> >> On 7/29/2019 4:16 AM, Jakub Kicinski wrote:
> >>> I don't know the nft code, but it seems unlikely it w
On Mon, 29 Jul 2019 15:18:03 +0800, wenxu wrote:
> On 7/29/2019 12:42 PM, Jakub Kicinski wrote:
> > On Mon, 29 Jul 2019 10:43:56 +0800, wenxu wrote:
> >> On 7/29/2019 4:16 AM, Jakub Kicinski wrote:
> >>> I don't know the nft code, but it seems unlikely it w
etdevsim"
> @@ -213,6 +215,7 @@ struct nsim_bus_dev {
> struct device dev;
> struct list_head list;
> unsigned int port_count;
> + struct net *initial_net;
> unsigned int num_vfs;
> struct nsim_vf_config *vfconfigs;
> };
Otherwise makes perfect sense, with the above nits addressed feel free
to add:
Acked-by: Jakub Kicinski
On Mon, 29 Jul 2019 10:19:39 -0700, Jonathan Lemon wrote:
> Add skb_frag_off(), skb_frag_off_add(), skb_frag_off_set(),
> and skb_frag_off_set_from() accessors for page_offset.
>
> Signed-off-by: Jonathan Lemon
> ---
> include/linux/skbuff.h | 61 ++
> 1 f
On Mon, 29 Jul 2019 14:02:21 -0700, Jonathan Lemon wrote:
> On 29 Jul 2019, at 13:50, Jakub Kicinski wrote:
> > On Mon, 29 Jul 2019 10:19:39 -0700, Jonathan Lemon wrote:
> >> Add skb_frag_off(), skb_frag_off_add(), skb_frag_off_set(),
> >> and skb_frag_off_set_from(
On Mon, 29 Jul 2019 14:22:11 -0700, Jakub Kicinski wrote:
> > > I realize you're following the existing code, but should we perhaps
> > > use
> > > the latest kdoc syntax? '()' after function name, and args should have
> > > '@' pre
egress overridepkt_cntr_2
Compared to original submission use a local flag instead of global
option.
We need to clear query_flags on every command, in case batch mode
wants to use varying settings.
Signed-off-by: Takshak Chahande
Signed-off-by: Jakub Kicinski
Reviewed-by: Quen
On Mon, 29 Jul 2019 14:53:45 -0700, Jonathan Lemon wrote:
> On 29 Jul 2019, at 14:25, Jakub Kicinski wrote:
>
> > On Mon, 29 Jul 2019 14:22:11 -0700, Jakub Kicinski wrote:
> >>>> I realize you're following the existing code, but should we perhaps
> >
keys")
Fixes: 65d41fb317c6 ("selftests/tls: add a bidirectional test")
Signed-off-by: Jakub Kicinski
---
tools/testing/selftests/net/tls.c | 23 ++-
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/tools/testing/selftests/net/tls.c
b/tools/testing/selft
On Tue, 30 Jul 2019 08:06:55 +0200, Jiri Pirko wrote:
> >> diff --git a/drivers/net/netdevsim/netdevsim.h
> >> b/drivers/net/netdevsim/netdevsim.h
> >> index 79c05af2a7c0..cdf53d0e0c49 100644
> >> --- a/drivers/net/netdevsim/netdevsim.h
> >> +++ b/drivers/net/netdevsim/netdevsim.h
> >> @@ -19,6 +1
On Tue, 30 Jul 2019 07:40:31 -0700, Jonathan Lemon wrote:
> The recent conversion of skb_frag_t to bio_vec did not include
> skb_frag's page_offset. Add accessor functions for this field,
> utilize them, and remove the union, restoring the original structure.
Reviewed-by: Jakub Kicinski
Thanks!
On Tue, 30 Jul 2019 18:04:53 +, Takshak Chahande wrote:
> Jakub Kicinski wrote on Mon [2019-Jul-29
> 14:35:38 -0700]:
> > @@ -158,20 +161,30 @@ static int show_attached_bpf_progs(int cgroup_fd,
> > enum bpf_attach_type type,
> > static int do_show(int argc, char **a
y: Takshak Chahande
Signed-off-by: Jakub Kicinski
Reviewed-by: Quentin Monnet
---
.../bpftool/Documentation/bpftool-cgroup.rst | 16 +++-
tools/bpf/bpftool/bash-completion/bpftool | 15 ++--
tools/bpf/bpftool/cgroup.c| 83 ---
3 files changed, 76 inserti
sing the sk_buff->decrypted flag also protects from
leaking clear text when incoming, decrypted skb is redirected
(e.g. by TC).
Signed-off-by: Jakub Kicinski
---
I'm sending this for net-next because of lack of confidence
in my own abilities. It should apply cleanly to net... :)
Docu
On Tue, 30 Jul 2019 10:57:33 +0200, Jiri Pirko wrote:
> From: Jiri Pirko
>
> Allow drivers to set/get net struct for devlink instance. Set is only
> allowed for newly allocated devlink instance.
>
> Signed-off-by: Jiri Pirko
Acked-by: Jakub Kicinski
amespace expert, but seems reasonable, so FWIW:
Acked-by: Jakub Kicinski
If I read things right we will only send the devlink instance
notification to other namespaces when it moves, but not
notifications for sub-objects like ports. Is the expectation
that the user space dumps the objects it car
On Tue, 30 Jul 2019 10:57:34 +0200, Jiri Pirko wrote:
> From: Jiri Pirko
>
> When user does create new netdevsim instance using sysfs bus file,
> create the devlink instance and related netdev instance in the namespace
> of the caller.
>
> Signed-off-by: Jiri Pirko
Review
On Wed, 31 Jul 2019 03:48:19 +0900, Daniel T. Lee wrote:
> Currently, bpftool net only supports dumping progs loaded on the
> interface. To load XDP prog on interface, user must use other tool
> (eg. iproute2). By this patch, with `bpftool net (un)load`, user can
> (un)load XDP prog on interface.
On Tue, 30 Jul 2019 15:24:47 -0700, Takshak Chahande wrote:
> Having static variable `cpus` in libbpf_num_possible_cpus function without
> guarding it with mutex makes this function thread-unsafe.
>
> If multiple threads accessing this function, in the current form; it
> leads to incrementing the
On Tue, 30 Jul 2019 16:17:56 -0700, Alexei Starovoitov wrote:
> On Tue, Jul 30, 2019 at 03:59:15PM -0700, Jakub Kicinski wrote:
> > On Wed, 31 Jul 2019 03:48:19 +0900, Daniel T. Lee wrote:
> > > Currently, bpftool net only supports dumping progs loaded on the
> > > int
On Tue, 30 Jul 2019 12:54:17 +0200, Pablo Neira Ayuso wrote:
> This patch maps basechain netfilter priorities from -8192 to 8191 to
> hardware priority 0xC000 + 1. tcf_auto_prio() uses 0xC000 if the user
> specifies no priority, then it subtract 1 for each new tcf_proto object.
> This patch uses th
On Tue, 30 Jul 2019 17:23:39 -0700, Alexei Starovoitov wrote:
> On Tue, Jul 30, 2019 at 05:07:25PM -0700, Jakub Kicinski wrote:
> > Nothing meaning you disagree it's duplicated effort and unnecessary
> > LoC the community has to maintain, review, test..?
>
> I d
On Wed, 31 Jul 2019 11:57:10 -0400, Willem de Bruijn wrote:
> On Tue, Jul 30, 2019 at 5:13 PM Jakub Kicinski wrote:
> > sk_validate_xmit_skb() and drivers depend on the sk member of
> > struct sk_buff to identify segments requiring encryption.
> > Any operation which removes
On Wed, 31 Jul 2019 13:57:26 +, Boris Pismenny wrote:
> > diff --git a/Documentation/networking/tls-offload.rst
> > b/Documentation/networking/tls-offload.rst
> > index 048e5ca44824..2bc3ab5515d8 100644
> > --- a/Documentation/networking/tls-offload.rst
> > +++ b/Documentation/networking/tls-o
On Wed, 31 Jul 2019 15:50:26 -0600, David Ahern wrote:
> On 7/30/19 12:08 AM, Jiri Pirko wrote:
> > Mon, Jul 29, 2019 at 10:17:25PM CEST, dsah...@gmail.com wrote:
> >> On 7/27/19 3:44 AM, Jiri Pirko wrote:
> >>> From: Jiri Pirko
> >>>
> >>> Devlink from the beginning counts with network namesp
On Wed, 31 Jul 2019 16:07:31 -0600, David Ahern wrote:
> On 7/31/19 4:02 PM, Jakub Kicinski wrote:
> > Can you elaborate further? Ports for most purposes are represented by
> > netdevices. Devlink port instances expose global topological view of
> > the ports which is primaril
renamed (e.g. to saved_cpus), but functionally looks good, so:
Reviewed-by: Jakub Kicinski
(FWIW I think Andrey's comment does not apply to the networking and BPF
trees so if you respin please keep the changelog in the commit message.)
On Wed, 31 Jul 2019 14:16:56 +0200, Pablo Neira Ayuso wrote:
> This patch adds initial support for offloading basechains using the
> priority range from -8192 to 8191.
>
> The software priority -8192 is mapped to the hardware priority
> 0xC000 + 1. tcf_auto_prio() uses 0xC000 if the user specifies
Only listen sockets can be shutdown() and reused, but since
ESTABLISHED sockets can never be re-connected() or used for
listen() we don't need to try to clean up the ULP state early.
Fixes: 32857cf57f92 ("net/tls: fix transition through disconnect with close")
Signed-o
Make sure that shutdown never works, and at the same time document how
I tested to came to the conclusion that currently reuse is not possible.
Signed-off-by: Jakub Kicinski
---
tools/testing/selftests/net/tls.c | 24
1 file changed, 24 insertions(+)
diff --git a/tools
On Thu, 1 Aug 2019 11:03:46 +0800, we...@ucloud.cn wrote:
> From: wenxu
>
> The new flow-indr-block can't get the tcf_block
> directly. It provide a callback list to find the flow_block immediately
> when the device register and contain a ingress block.
>
> Signed-off-by: wenxu
First of all t
On Thu, 1 Aug 2019 17:11:31 +0900, Daniel T. Lee wrote:
> Currently, bpftool net only supports dumping progs attached on the
> interface. To attach XDP prog on interface, user must use other tool
> (eg. iproute2). By this patch, with `bpftool net attach/detach`, user
> can attach/detach XDP prog o
On Thu, 1 Aug 2019 17:11:32 +0900, Daniel T. Lee wrote:
> By this commit, using `bpftool net attach`, user can attach XDP prog on
> interface. New type of enum 'net_attach_type' has been made, as stated at
> cover-letter, the meaning of 'attach' is, prog will be attached on interface.
>
> BPF pro
On Thu, 1 Aug 2019 13:28:15 +0200, Pablo Neira Ayuso wrote:
> Please, apply, thank you.
I'm still waiting for a reply.
Perhaps since Pablo doesn't want to talk to me someone else can explain
to me why we want to seemingly diverge from the software model?
On Thu, 01 Aug 2019 20:00:31 +0200, Jesper Dangaard Brouer wrote:
> When generic-XDP was moved to a later processing step by commit
> 458bf2f224f0 ("net: core: support XDP generic on stacked devices.")
> a regression was introduced when using bpf_xdp_adjust_head.
>
> The issue is that after this c
On Fri, 2 Aug 2019 10:47:26 +0800, wenxu wrote:
> > After all the same device may have both a TC block and a NFT block.
>
> Only one subsystem can be used for the same device for both indr-dev and
> hw-dev
> the flow_block_cb_is_busy avoid the situation you mentioned.
AFAIU that's a temporary
On Fri, 2 Aug 2019 09:53:54 +0200, Jesper Dangaard Brouer wrote:
> On Thu, 1 Aug 2019 17:44:06 -0700
> Jakub Kicinski wrote:
>
> > On Thu, 01 Aug 2019 20:00:31 +0200, Jesper Dangaard Brouer wrote:
> > > When generic-XDP was moved to a later processing step by commit
On Fri, 2 Aug 2019 21:09:03 +0800, wenxu wrote:
> >> We'd have something like the loop in flow_get_default_block():
> >>
> >>for each (subsystem)
> >>subsystem->handle_new_indir_cb(indr_dev, cb);
> >>
> >> And then per-subsystem logic would actually call the cb. Or:
> >>
> >>for
On Fri, 2 Aug 2019 14:02:29 +0900, Daniel T. Lee wrote:
> On Fri, Aug 2, 2019 at 8:36 AM Jakub Kicinski wrote:
> > On Thu, 1 Aug 2019 17:11:32 +0900, Daniel T. Lee wrote:
> > > By this commit, using `bpftool net attach`, user can attach XDP prog on
> > >
On Fri, 2 Aug 2019 13:00:23 +0200, Pablo Neira Ayuso wrote:
> Hi Jakub,
>
> If the user specifies 'pref' in the new rule, then tc checks if there
> is a tcf_proto object that matches this priority. If the tcf_proto
> object does not exist, tc creates a tcf_proto object and it adds the
> new rule t
On Fri, 2 Aug 2019 15:28:43 +0200, Pablo Neira Ayuso wrote:
> v2: address Jakub comments to not use the netfilter basechain
> priority for this mapping.
Hardly.
On Sat, 3 Aug 2019 00:04:09 +0200, Pablo Neira Ayuso wrote:
> That patch removed the reference to tcf_auto_prio() already, please
> let me know if you have any more specific update you would like to see
> on that patch.
Please explain why the artificial priorities are needed at all.
Hardware shoul
On Sat, 3 Aug 2019 07:19:31 +0800, wenxu wrote:
> > Or:
> >
> > device unregister:
> > - nft block destroy
> > - UNBIND cb
> > - free driver's block state
> > - driver notifier callback
> > - free driver's state
> >
> > No?
>
> For the second case maybe can't unbind cb? because
On Fri, 02 Aug 2019 17:24:53 -0700 (PDT), David Miller wrote:
> From: Jakub Kicinski
> Date: Tue, 30 Jul 2019 14:12:58 -0700
>
> > I'm sending this for net-next because of lack of confidence
> > in my own abilities. It should apply cleanly to net... :)
>
> It
101 - 200 of 8641 matches
Mail list logo