Re: [RFC PATCH net-next 1/6] net: implement threaded-able napi poll loop support

Hello, On Sat, Sep 26, 2020, at 01:50, Wei Wang wrote: > On Fri, Sep 25, 2020 at 12:46 PM Hannes Frederic Sowa > wrote: > > The format string is only based on variable strings. To ease a quick > > grep for napi threads with ps I would propose to use "napi-%s-%d&quo

Re: [RFC PATCH net-next 1/6] net: implement threaded-able napi poll loop support

Hello, Happy to see this work being resurrected (in case it is useful). :) On Mon, Sep 14, 2020, at 19:24, Wei Wang wrote: > > [...] > > +static void napi_thread_start(struct napi_struct *n) > +{ > + if (test_bit(NAPI_STATE_THREADED, &n->state) && !n->thread) > + n->thread = kthre

Re: Revising prandom_32 generator

On Tue, Mar 26, 2019, at 20:07, George Spelvin wrote: > On Tue, 26 Mar 2019 at 14:03:55 -0400, Hannes Frederic Sowa wrote: > > On Tue, Mar 26, 2019, at 12:10, George Spelvin wrote: > > The conversation definitely makes sense. > > I also fixed the seeding of pra

Re: Revising prandom_32 generator

Hi, On Tue, Mar 26, 2019, at 12:10, George Spelvin wrote: > I started on a project to correct all of the instances of > "prandom_u32() % FOO" in the kernel (there are lots) > to "prandom_u32_max(FOO)". The conversation definitely makes sense. Are you trying to fix the modulo biases? I think that

Re: [crypto 4/8] chtls: CPL handler definition

Hello, On Tue, Dec 5, 2017, at 12:40, Atul Gupta wrote: > CPL handlers for TLS session, record transmit and receive This does very much looks like full TCP offload with TLS on top? It would be nice if you could give a few more details in the patch descriptions. Bye, Hannes

Re: [Patch net-next] tcp: add a tracepoint for tcp_retransmit_skb()

Eric Dumazet writes: [...] > Since this sock_gen_cookie() is lock-free and IRQ ready, it should be > not be a problem to pretend it works with a const socket. > > I am a bit unsure about revealing in socket cookie a precise count of > sockets created on a netns. Some attackers might use this in

Re: [Patch net-next] tcp: add a tracepoint for tcp_retransmit_skb()

Alexei Starovoitov writes: > On Mon, Oct 09, 2017 at 10:35:47PM -0700, Cong Wang wrote: [...] >> +trace_tcp_retransmit_skb(sk, skb, segs); > > I'm happy to see new tracepoints being added to tcp stack, but I'm concerned > with practical usability of them. > Like the above tracepoint

Re: [net-next PATCH 1/5] bpf: introduce new bpf cpu map type BPF_MAP_TYPE_CPUMAP

Paolo Abeni writes: > On Fri, 2017-09-29 at 09:56 +0200, Hannes Frederic Sowa wrote: >> [adding Paolo, Eric] >> >> Alexei Starovoitov writes: >> >> > On Thu, Sep 28, 2017 at 02:57:08PM +0200, Jesper Dangaard Brouer wrote: >> >> [...] &

Re: [PATCH v4 net-next 0/8] flow_dissector: Protocol specific flow dissector offload

Tom Herbert writes: > This patch set adds a new offload type to perform flow dissection for > specific protocols (either by EtherType or by IP protocol). This is > primary useful to crack open UDP encapsulations (like VXLAN, GUE) for > the purposes of parsing the encapsulated packet. > > Items in

Re: [net-next PATCH 1/5] bpf: introduce new bpf cpu map type BPF_MAP_TYPE_CPUMAP

[adding Paolo, Eric] Alexei Starovoitov writes: > On Thu, Sep 28, 2017 at 02:57:08PM +0200, Jesper Dangaard Brouer wrote: [...] >> +wake_up_process(rcpu->kthread); > > In general the whole thing looks like 'threaded NAPI' that Hannes was > proposing some time back. I liked it back then and

Re: [RFC PATCH] net: Introduce a socket option to enable picking tx queue based on rx queue.

Sridhar Samudrala writes: > This patch introduces a new socket option SO_SYMMETRIC_QUEUES that can be used > to enable symmetric tx and rx queues on a socket. > > This option is specifically useful for epoll based multi threaded workloads > where each thread handles packets received on a single R

Re: [PATCH net-next 5/5] tls: Add generic NIC offload infrastructure.

Hello, Boris Pismenny writes: > Hello, > > Hannes Frederic Sowa writes: >> Hello, >> >> Ilya Lesokhin writes: >> >> > Hannes Frederic Sowa writes: >> > >> >> The user should be aware of that they can't migrate the socket

Re: [PATCH net-next 5/5] tls: Add generic NIC offload infrastructure.

Hello, Ilya Lesokhin writes: > Hannes Frederic Sowa writes: > >> The user should be aware of that they can't migrate the socket to another >> interface if they got hw offloaded. This is not the case for software >> offload. >> Thus I think the user

Re: [PATCH net-next 5/5] tls: Add generic NIC offload infrastructure.

Ilya Lesokhin writes: > +/* We assume that the socket is already connected */ > +static struct net_device *get_netdev_for_sock(struct sock *sk) > +{ > + struct inet_sock *inet = inet_sk(sk); > + struct net_device *netdev = NULL; > + > + netdev = dev_get_by_index(sock_net(sk), inet->co

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

Jan Scheurich writes: >> > There is no way we can re-use the existing TLV tunnel metadata >> > infrastructure in OVS for matching and setting NSH MD2 TLV headers. We >> > will need to introduce a new (perhaps similar) scheme for modelling >> > generic TLV match registers in OVS that are assigned

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

Jan Scheurich writes: >> >> Yes, I wrote that in my previous mail. I wonder why NSH context metadata >> >> is not in tun_metadata as well? >> > >> > tun_metadata is tunnel metadata, GENEVE needs tunnel port, but NSH is >> > not so, NSH can't directly use tun_metadata, for MD type 2, we need to a

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

"Yang, Yi" writes: > On Tue, Sep 05, 2017 at 09:12:09PM +0800, Hannes Frederic Sowa wrote: >> "Yang, Yi" writes: >> >> > We can change this later if we really find a better way to handle this >> > because it isn't defined in include/uap

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Hi Tom, Tom Herbert writes: > On Tue, Sep 5, 2017 at 4:14 AM, Hannes Frederic Sowa > wrote: >> Tom Herbert writes: >> >>> There is absolutely no requirement in IP that packets are delivered in >>> order-- there never has been and there never wi

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

Hello Jan, Jan Scheurich writes: > Please have a look at the Google doc that sketches the overall > solution to support NSH in OVS. > https://drive.google.com/open?id=1oWMYUH8sjZJzWa72o2q9kU0N6pNE-rwZcLH3-kbbDR8 > > In details it is slightly outdated but the NSH MD1 support (and all > prerequisi

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

"Yang, Yi" writes: > On Tue, Sep 05, 2017 at 12:30:09PM +0200, Hannes Frederic Sowa wrote: >> "Yang, Yi" writes: >> >> > I'm not sure what new action you expect to bring here, I think group >> > action is just for this, as you said it i

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Tom Herbert writes: > There is absolutely no requirement in IP that packets are delivered in > order-- there never has been and there never will be! If the ULP, like > Ethernet encapsulation, requires in order deliver then it needs to > implement that itself like TCP, GRE, and other protocols ens

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

"Yang, Yi" writes: > I'm not sure what new action you expect to bring here, I think group > action is just for this, as you said it isn't only bound to NSH, you can > start a new thread to discuss this. I don't think it is in scope of NSH. It is in scope of this discussion as you will provide a

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Hi Tom, Tom Herbert writes: >> The problem is that you end up having two streams, one fragmented and >> one non-fragmented, but actually they belong to the same stream. It is >> known to break stuff, see: >> >> >> >> I would agree with you, but we can'

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Hello Tom, Tom Herbert writes: > On Mon, Sep 4, 2017 at 6:50 AM, Hannes Frederic Sowa > wrote: >> Tom Herbert writes: >> >>> An encapsulator sets the UDP source port to be the flow entropy of the >>> packet being encapsulated. So when the packet traver

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Tom Herbert writes: > An encapsulator sets the UDP source port to be the flow entropy of the > packet being encapsulated. So when the packet traverses the network > devices can base their hash just on the canonical 5-tuple which is > sufficient for ECMP and RSS. IPv6 flow label is even better sin

Re: [ovs-dev] [PATCH net-next v6 3/3] openvswitch: enable NSH support

Hello, Jan Scheurich writes: >> >> >> Does it makes sense to keep the context headers as part of the flow? >> >> >> What is the reasoning behind it? With mdtype 2 headers this might >> >> >> either not work very well or will increase sw_flow_key size causing >> >> >> slowdowns for all protocols.

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

Hello, "Yang, Yi" writes: > On Wed, Aug 30, 2017 at 05:53:27PM +0800, Hannes Frederic Sowa wrote: >> Hello, >> >> Yi Yang writes: >> >> [...] >> >> > +struct ovs_key_nsh { >> > + u8 flags; >> > + u8 ttl; >&

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Hello, Saeed Mahameed writes: [...] > On Sat, Sep 2, 2017 at 6:32 PM, Hannes Frederic Sowa > wrote: >> Sorry, I think I am still confused. >> >> I just want to make sure that you don't use the first nibble after the >> mpls bottom of stack label in any way

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Hi Saeed, On Sun, Sep 3, 2017, at 01:01, Saeed Mahameed wrote: > On Thu, Aug 31, 2017 at 6:51 AM, Hannes Frederic Sowa > wrote: > > Saeed Mahameed writes: > > > >> The first patch from Gal and Ariel provides the mlx5 driver support for > >> Conne

Re: [PATCH net-next 2/2] flow_dissector: Add limits for encapsulation and EH

Tom Herbert writes: > On Fri, Sep 1, 2017 at 9:35 AM, Hannes Frederic Sowa > wrote: >> Hello Tom, >> >> Tom Herbert writes: >> >>> On Fri, Sep 1, 2017 at 6:32 AM, Hannes Frederic Sowa >>> wrote: >>>> Tom Herbert writes: >>>

Re: [PATCH net-next 2/2] flow_dissector: Add limits for encapsulation and EH

Hello Tom, Tom Herbert writes: > On Fri, Sep 1, 2017 at 6:32 AM, Hannes Frederic Sowa > wrote: >> Tom Herbert writes: >> >>> In flow dissector there are no limits to the number of nested >>> encapsulations that might be dissected which makes for a nice D

Re: [PATCH net-next 2/2] flow_dissector: Add limits for encapsulation and EH

ctually more referring to your patch, because the flow dissector right now is not stack recursive. Your changes would make it doing recursion on the stack. But it seems something along the lines is anyway needed. See below. > Reported-by: Hannes Frederic Sowa > Signed-off-by: Tom Herbert

Re: [PATCH net-next 1/2] flow_dissector: Cleanup control flow

Tom Herbert writes: > __skb_flow_dissect is riddled with gotos that make discerning the flow, > debugging, and extending the capability difficult. This patch > reorganizes things so that we only perform goto's after the two main > switch statements (no gotos within the cases now). It also elimina

Re: [pull request][net-next 0/3] Mellanox, mlx5 GRE tunnel offloads

Saeed Mahameed writes: > The first patch from Gal and Ariel provides the mlx5 driver support for > ConnectX capability to perform IP version identification and matching in > order to distinguish between IPv4 and IPv6 without the need to specify the > encapsulation type, thus perform RSS in MPLS a

Re: [ovs-dev] [PATCH net-next v6 3/3] openvswitch: enable NSH support

Hello, "Mooney, Sean K" writes: [...] >> >> > +struct ovs_key_nsh { >> >> > + u8 flags; >> >> > + u8 ttl; >> >> > + u8 mdtype; >> >> > + u8 np; >> >> > + __be32 path_hdr; >> >> > + __be32 context[NSH_MD1_CONTEXT_SIZE]; }; >> >> > + >> >> > struct sw_flow_ke

Re: [PATCH v2 net-next 0/6] flow_dissector: Protocol specific flow dissector offload

Hello, Tom Herbert writes: > On Wed, Aug 30, 2017 at 1:41 AM, Hannes Frederic Sowa > wrote: >> Hello Tom, >> >> Tom Herbert writes: >> >>> This patch set adds a new offload type to perform flow dissection for >>> specific protocols (either by E

Re: [ovs-dev] [PATCH net-next v6 3/3] openvswitch: enable NSH support

"Mooney, Sean K" writes: >> -Original Message- >> From: ovs-dev-boun...@openvswitch.org [mailto:ovs-dev- >> boun...@openvswitch.org] On Behalf Of Hannes Frederic Sowa >> Sent: Wednesday, August 30, 2017 10:53 AM >> To: Yang, Yi Y >> Cc: d.

Re: [PATCH net-next v6 3/3] openvswitch: enable NSH support

Hello, Yi Yang writes: [...] > +struct ovs_key_nsh { > + u8 flags; > + u8 ttl; > + u8 mdtype; > + u8 np; > + __be32 path_hdr; > + __be32 context[NSH_MD1_CONTEXT_SIZE]; > +}; > + > struct sw_flow_key { > u8 tun_opts[IP_TUNNEL_OPTS_MAX]; > u8 tun_opts_len; > @

Re: [PATCH v2 net-next 0/6] flow_dissector: Protocol specific flow dissector offload

Hello Tom, Tom Herbert writes: > This patch set adds a new offload type to perform flow dissection for > specific protocols (either by EtherType or by IP protocol). This is > primary useful to crack open UDP encapsulations (like VXLAN, GUE) for > the purposes of parsing the encapsulated packet.

Re: [patch net-next 1/3] idr: Add new APIs to support unsigned long

Hello, Chris Mi writes: > The following new APIs are added: > > int idr_alloc_ext(struct idr *idr, void *ptr, unsigned long *index, > unsigned long start, unsigned long end, gfp_t gfp); > static inline void *idr_remove_ext(struct idr *idr, unsigned long id); > static inline voi

Re: [PATCH] once: switch to new jump label API

ced out-of-line at the jump target, rather than at the inline > fallthrough case. > > Signed-off-by: Eric Biggers Acked-by: Hannes Frederic Sowa

Re: [PATCH v2 net-next] net: ipv6: put host and anycast routes on device with address

David Ahern writes: > On 8/18/17 6:05 PM, David Ahern wrote: >> On 8/18/17 5:15 PM, Hannes Frederic Sowa wrote: >>> Hello David, >>> >>> David Ahern writes: >>> >>>> @@ -2688,15 +2716,9 @@ struct rt6_info *addrconf_dst_allo

Re: [PATCH v2 net-next] net: ipv6: put host and anycast routes on device with address

Hello David, David Ahern writes: > @@ -2688,15 +2716,9 @@ struct rt6_info *addrconf_dst_alloc(struct inet6_dev > *idev, > { > u32 tb_id; > struct net *net = dev_net(idev->dev); > - struct net_device *dev = net->loopback_dev; > + struct net_device *dev = idev->dev; > s

Re: [PATCH v3 net-next 3/5] sock: ULP infrastructure

Tom Herbert writes: > +#ifdef CONFIG_MODULES > + if (!ulp && capable(CAP_NET_ADMIN)) { > + rcu_read_unlock(); > + request_module("%s", name); > + rcu_read_lock(); > + ulp = ulp_find(name); > + } > +#endif It looks to me that this allows use

Re: [RFC] net: make net.core.{r,w}mem_{default,max} namespaced

On Tue, Aug 1, 2017, at 09:18, Eric Dumazet wrote: > On Tue, 2017-08-01 at 02:17 -0400, Hannes Frederic Sowa wrote: > > > We do account rmem as well as wmem allocated memory to the apropriate > > mem_cgs. In theory this should be okay. > > Last time I checked, rmem

Re: [RFC] net: make net.core.{r,w}mem_{default,max} namespaced

Eric Dumazet writes: > On Wed, 2017-07-26 at 19:03 +0200, Matteo Croce wrote: >> The following sysctl are global and can't be read or set from a netns: >> >> net.core.rmem_default >> net.core.rmem_max >> net.core.wmem_default >> net.core.wmem_max >> >> Make the following sysctl parameters avail

Re: [RFC] net: make net.core.{r,w}mem_{default,max} namespaced

Matteo Croce writes: > The following sysctl are global and can't be read or set from a netns: > > net.core.rmem_default > net.core.rmem_max > net.core.wmem_default > net.core.wmem_max [...] I think a sensible addition to those sysctls would be tcp_moderate_rcvbuf to disable autotuning. Thanks!

Re: [RFC PATCH] IP: do not modify ingress packet IP option in ip_options_echo()

Hello, David Miller writes: > From: Paolo Abeni > Date: Fri, 21 Jul 2017 15:55:18 +0200 > >> diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c >> index 93157f2..fdda973 100644 >> --- a/net/ipv4/ip_options.c >> +++ b/net/ipv4/ip_options.c >> @@ -174,9 +174,6 @@ int __ip_options_echo(str

Re: DNS (?) not working on G5 (64-bit powerpc) (was [net-next,v3,3/3] udp: try to avoid 2 cache miss on dequeue)

On Thu, Jun 22, 2017, at 22:57, Paolo Abeni wrote: > > Can you please check if the following patch fixes the issue? Only > compiled tested here. > > Thanks!!! > --- > diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c > index 067a607..80d89fe 100644 > --- a/net/ipv4/udp.c > +++ b/net/ipv4/udp.c > @@ -1

Re: [PATCH v3 net-next 0/4] kernel TLS

Hello Dave, On Wed, Jun 14, 2017, at 21:47, David Miller wrote: > From: Dave Watson > Date: Wed, 14 Jun 2017 11:36:54 -0700 > > > This series adds support for kernel TLS encryption over TCP sockets. > > A standard TCP socket is converted to a TLS socket using a setsockopt. > > Only symmetric cry

Re: prog ID and next steps. Was: [RFC net-next 0/2] Introduce bpf_prog ID and iteration

Hi, just quickly, because I am on a run: On Sun, Apr 30, 2017, at 04:06, Alexei Starovoitov wrote: > On 4/28/17 2:13 PM, Hannes Frederic Sowa wrote: > > > > Let's assume the following program with a constant key lookup and > > different tables: > > > > ac

Re: [Patch net-next v2] ipv4: get rid of ip_ra_lock

out, BH does not need to disable either, RCU readers > don't care. > > Signed-off-by: Cong Wang Acked-by: Hannes Frederic Sowa

Re: prog ID and next steps. Was: [RFC net-next 0/2] Introduce bpf_prog ID and iteration

Hello, On 28.04.2017 21:31, Alexei Starovoitov wrote: >> jit on: >> >> perf record -e bpf_redirect -agR >> >> The unwinder walks the stack, extracts address of upper function and >> sends it to user space (perf) or handles it inside the kernel/kallsyms >> (ftrace). >> >> User takes tag of bpf prog

Re: xdp_redirect ifindex vs port. Was: best API for returning/setting egress port?

On 28.04.2017 07:30, Alexei Starovoitov wrote: > On 4/27/17 10:06 PM, John Fastabend wrote: >> That is more or less what I was thinking as well. The other question >> I have though is should we have a bpf_redirect() call for the simple >> case where I use the ifindex directly. This will be helpful

Re: prog ID and next steps. Was: [RFC net-next 0/2] Introduce bpf_prog ID and iteration

On 28.04.2017 20:51, Hannes Frederic Sowa wrote: > Doesn't this break if I have 2 mlx4 cards in the system with different > XDP programs attached? I would have to add an additional parameter to > one of the mlx4 functions to extract the net_device pointer to make the > correlati

Re: prog ID and next steps. Was: [RFC net-next 0/2] Introduce bpf_prog ID and iteration

Hello, On 28.04.2017 20:24, Daniel Borkmann wrote: > On 04/28/2017 01:50 PM, Hannes Frederic Sowa wrote: >> On 28.04.2017 03:11, Alexei Starovoitov wrote: > [...] >>> i disagree re: kallsyms. The goal of prog_tag is to let program writers >>> understand which prog

Re: prog ID and next steps. Was: [RFC net-next 0/2] Introduce bpf_prog ID and iteration

Hello Alexei, On 28.04.2017 03:11, Alexei Starovoitov wrote: > On 4/27/17 6:36 AM, Hannes Frederic Sowa wrote: >> On 27.04.2017 08:24, Martin KaFai Lau wrote: >>> This patchset introduces the bpf_prog ID and a new bpf cmd to >>> iterate all bpf_prog in the system. >

Re: [PATCH net-next 6/6] bpf: show bpf programs

On 27.04.2017 18:00, David Miller wrote: > From: Hannes Frederic Sowa > Date: Thu, 27 Apr 2017 15:22:49 +0200 > >> Sure, that sounds super. But so far Linux and most (maybe I should write >> all) subsystems always provided some easy way to get the insights of the >> ke

Re: [RFC net-next 0/2] Introduce bpf_prog ID and iteration

On 27.04.2017 08:24, Martin KaFai Lau wrote: > This patchset introduces the bpf_prog ID and a new bpf cmd to > iterate all bpf_prog in the system. > > It is still incomplete. The idea can be extended to bpf_map. > > Martin KaFai Lau (2): > bpf: Introduce bpf_prog ID > bpf: Test for bpf_prog

Re: [PATCH net-next 6/6] bpf: show bpf programs

On 26.04.2017 23:25, Alexei Starovoitov wrote: > On Wed, Apr 26, 2017 at 08:24:19PM +0200, Hannes Frederic Sowa wrote: >> >> +static const char *bpf_type_string(enum bpf_prog_type type) >> +{ >> +static const char *bpf_type_names[] = { >> +#define X(type) #ty

Re: [PATCH net-next 6/6] bpf: show bpf programs

On 26.04.2017 23:35, Daniel Borkmann wrote: > On 04/26/2017 08:24 PM, Hannes Frederic Sowa wrote: >> Signed-off-by: Hannes Frederic Sowa >> --- >> include/uapi/linux/bpf.h | 32 +++- >> kernel/bpf/core.c| 30

Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

Hi, On 26.04.2017 23:08, Alexei Starovoitov wrote: > On Wed, Apr 26, 2017 at 08:24:17PM +0200, Hannes Frederic Sowa wrote: >> Signed-off-by: Hannes Frederic Sowa >> --- >> include/linux/filter.h | 6 -- >> kernel/bpf/core.c | 4 +++- >> kernel/bpf/sysca

Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

On 26.04.2017 23:04, Daniel Borkmann wrote: > On 04/26/2017 08:24 PM, Hannes Frederic Sowa wrote: >> diff --git a/net/core/filter.c b/net/core/filter.c >> index 9a37860a80fc78..dc020d40bb770a 100644 >> --- a/net/core/filter.c >> +++ b/net/core/filter.c >> @@ -1100

[PATCH net-next 3/6] bpf: bpf_progs stores all loaded programs

We later want to give users a quick dump of what is possible with procfs, so store a list of all currently loaded bpf programs. Later this list will be printed in procfs. Signed-off-by: Hannes Frederic Sowa --- include/linux/filter.h | 4 ++-- kernel/bpf/core.c | 51

[PATCH net-next 5/6] bpf: add skeleton for procfs printing of bpf_progs

Signed-off-by: Hannes Frederic Sowa --- kernel/bpf/core.c | 90 +++ 1 file changed, 90 insertions(+) diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 048e2d79718a16..3ba175a24e971a 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c

[PATCH net-next 1/6] bpf: bpf_lock needs only block bottom half

We never modify bpf programs from hardirqs ever. Signed-off-by: Hannes Frederic Sowa --- kernel/bpf/core.c | 12 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index b4f1cb0c5ac710..6f81e0f5a0faa2 100644 --- a/kernel/bpf/core.c

[PATCH net-next 6/6] bpf: show bpf programs

Signed-off-by: Hannes Frederic Sowa --- include/uapi/linux/bpf.h | 32 +++- kernel/bpf/core.c| 30 +- 2 files changed, 48 insertions(+), 14 deletions(-) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index

[PATCH net-next 0/6] bpf: list all loaded ebpf programs in /proc/bpf/programs

Frederic Sowa (6): bpf: bpf_lock needs only block bottom half bpf: rename bpf_kallsyms to bpf_progs, ksym_lnode to bpf_progs_head bpf: bpf_progs stores all loaded programs bpf: track if the bpf program was loaded with SYS_ADMIN capabilities bpf: add skeleton for procfs printing of

[PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

Signed-off-by: Hannes Frederic Sowa --- include/linux/filter.h | 6 -- kernel/bpf/core.c | 4 +++- kernel/bpf/syscall.c | 7 --- kernel/bpf/verifier.c | 4 ++-- net/core/filter.c | 6 +++--- 5 files changed, 16 insertions(+), 11 deletions(-) diff --git a/include/linux

[PATCH net-next 2/6] bpf: rename bpf_kallsyms to bpf_progs, ksym_lnode to bpf_progs_head

We will soon put all bpf programs on this list, thus use apropriate names. Signed-off-by: Hannes Frederic Sowa --- include/linux/bpf.h | 2 +- kernel/bpf/core.c | 18 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h

Re: XDP question: best API for returning/setting egress port?

Hi, On 18.04.2017 21:58, Jesper Dangaard Brouer wrote: > > As I argued in NetConf presentation[1] (from slide #9) we need a port > mapping table (instead of using ifindex'es). Both for supporting > other "port" types than net_devices (think sockets), and for > sandboxing what XDP can bypass. >

Re: [PATCH net-next] net: ipv6: Add early demux handler for UDP unicast

On Tue, Apr 18, 2017, at 17:16, David Miller wrote: > From: Simon Horman > Date: Tue, 18 Apr 2017 17:09:04 +0900 > > > On Wed, Mar 08, 2017 at 11:22:01AM -0800, Eric Dumazet wrote: > >> On Wed, 2017-03-08 at 12:11 -0700, Subash Abhinov Kasiviswanathan wrote: > >> > On 2017-03-08 11:40, Eric Dum

Re: [PATCH net] ipv6: drop non loopback packets claiming to originate from ::1

l seems reasonable. > RFC4291 doesn't allow such a source address either, so drop such packets. > > Reported-by: Eric Dumazet > Signed-off-by: Florian Westphal Acked-by: Hannes Frederic Sowa Thanks!

Re: [PATCH net-next] net: ipv6: send unsolicited NA on admin up

ocumentation/networking/ip-sysctl.txt). The NA is not sent on NETDEV_UP > event; add it. > > Fixes: 5cb04436eef6 ("ipv6: add knob to send unsolicited ND on link-layer > address change") > Signed-off-by: David Ahern Acked-by: Hannes Frederic Sowa In future we might be able to ma

Re: [RFC TLS Offload Support 00/15] cover letter

Hello, On 29.03.2017 19:41, David Miller wrote: > From: Aviad Yehezkel > Date: Tue, 28 Mar 2017 16:26:17 +0300 > >> TLS Tx crypto offload is a new feature of network devices. It >> enables the kernel TLS socket to skip encryption and authentication >> operations on the transmit side of the data

Re: [PATCH net-next RFC v1 00/27] afnetns: new namespace type for separation on protocol level

On 13.03.2017 23:06, Eric W. Biederman wrote: > Michael Kerrisk writes: > >> On Mon, Mar 13, 2017 at 12:44 AM, Hannes Frederic Sowa >> wrote: >>> Hi, >>> >>> On Sun, 2017-03-12 at 16:26 -0700, David Miller wrote: >>>> From: Hannes

Re: [PATCH net-next RFC v1 00/27] afnetns: new namespace type for separation on protocol level

Hi, On Sun, 2017-03-12 at 16:26 -0700, David Miller wrote: > From: Hannes Frederic Sowa > Date: Mon, 13 Mar 2017 00:01:24 +0100 > > > afnetns behaves like ordinary namespaces: clone, unshare, setns syscalls > > can work with afnetns with one limitation: one cannot cro

[PATCH net-next RFC v1 18/27] afnetns: afnetns should influence source address selection

Signed-off-by: Hannes Frederic Sowa --- drivers/target/iscsi/cxgbit/cxgbit_cm.c | 2 +- include/linux/inetdevice.h | 5 +++-- include/net/route.h | 10 ++ net/ipv4/devinet.c | 19 --- net/ipv4/icmp.c

[PATCH net-next RFC v1 25/27] afnetns: ipv4: inherit afnetns from calling application

Signed-off-by: Hannes Frederic Sowa --- net/ipv4/devinet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index 82a7389ec86faa..01bdff8a957ae1 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c @@ -838,7 +838,7 @@ static struct

[PATCH net-next RFC v1 21/27] afnetns: add support for tcpv6

Same as the support for tcpv4, we simply add the necessary checks so we just look at our own sockets. Signed-off-by: Hannes Frederic Sowa --- net/ipv6/inet6_hashtables.c | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6

[PATCH net-next RFC v1 26/27] afnetns: ipv6: inherit afnetns from calling application

Signed-off-by: Hannes Frederic Sowa --- net/ipv6/addrconf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 319f83a7d29dd5..3d9d24ec066a67 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -4542,7 +4542,7

[PATCH net-next RFC v1 23/27] afnetns: use user_ns from afnetns for checking for binding to port < 1024

Signed-off-by: Hannes Frederic Sowa --- include/net/inet_common.h | 2 +- net/ipv4/af_inet.c| 37 ++--- net/ipv6/af_inet6.c | 2 +- 3 files changed, 24 insertions(+), 17 deletions(-) diff --git a/include/net/inet_common.h b/include/net

[PATCH net-next RFC v1 15/27] afnetns: add ipv6_get_ifaddr_afnetns_rcu

Signed-off-by: Hannes Frederic Sowa --- include/net/addrconf.h | 17 + 1 file changed, 17 insertions(+) diff --git a/include/net/addrconf.h b/include/net/addrconf.h index e3f1920ca57968..644fa68bb4ddef 100644 --- a/include/net/addrconf.h +++ b/include/net/addrconf.h @@ -104,6

[PATCH net-next RFC v1 16/27] afnetns: add udpv6 support

Signed-off-by: Hannes Frederic Sowa --- net/ipv6/datagram.c | 6 -- net/ipv6/udp.c | 18 +- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index eec27f87efaca1..cd811e8b1ba824 100644 --- a/net/ipv6/datagram.c

[PATCH net-next RFC v1 27/27] afnetns: allow only whitelisted protocols to operate inside afnetns

We only care about inet protocols (which is IPv4 and IPv6). Other protocols, like netlink are not under control of afnetns and thus must be hardened with capabilities. Signed-off-by: Hannes Frederic Sowa --- include/net/protocol.h | 1 + net/ipv4/af_inet.c | 20 +++- net

[PATCH net-next RFC v1 22/27] afnetns: track owning namespace for inet_bind

In order for a newly created afnetns to allow its processes to bind to ports lower than 1024 we need to track the to be created user namespace to check for the permissions for binding so. Signed-off-by: Hannes Frederic Sowa --- include/net/afnetns.h| 7 +-- kernel/nsproxy.c

[PATCH net-next RFC v1 14/27] afnetns: check for afnetns in inet6_bind

Signed-off-by: Hannes Frederic Sowa --- include/net/addrconf.h | 3 ++- net/ipv6/addrconf.c| 12 ++-- net/ipv6/af_inet6.c| 7 +-- net/ipv6/ndisc.c | 4 ++-- net/ipv6/route.c | 2 +- 5 files changed, 20 insertions(+), 8 deletions(-) diff --git a/include/net

[PATCH net-next RFC v1 24/27] afnetns: check afnetns user_ns in inet6_bind

Signed-off-by: Hannes Frederic Sowa --- net/ipv6/af_inet6.c | 40 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 30aff01eba5be0..4aa221826e753c 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6

[PATCH net-next RFC v1 08/27] afnetns: factor out inet_allow_bind

Signed-off-by: Hannes Frederic Sowa --- include/net/inet_common.h | 1 + net/ipv4/af_inet.c| 51 ++- 2 files changed, 34 insertions(+), 18 deletions(-) diff --git a/include/net/inet_common.h b/include/net/inet_common.h index b7952d55b9c000

[PATCH net-next RFC v1 19/27] afnetns: add afnetns support for tcpv4

This commit adds the necessary checks to inet_hashtables, so that sockets also have to match the corresponding afnetns. Signed-off-by: Hannes Frederic Sowa --- include/net/inet_sock.h| 1 + net/ipv4/inet_hashtables.c | 17 +++-- net/ipv4/tcp_input.c | 3 +++ 3 files

[PATCH net-next RFC v1 07/27] ipv4: introduce ifa_find_rcu

Signed-off-by: Hannes Frederic Sowa --- include/linux/inetdevice.h | 1 + net/ipv4/devinet.c | 29 + 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h index d5ac959e90baa1..eb1b662f62626f

[PATCH net-next RFC v1 17/27] afnetns: introduce __inet_select_addr

Signed-off-by: Hannes Frederic Sowa --- include/linux/inetdevice.h | 2 ++ net/ipv4/devinet.c | 27 --- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h index 01cbcfe93383b7..a41bfce099e0a1

[PATCH net-next RFC v1 20/27] ipv6: move ipv6_get_ifaddr to vmlinux in case ipv6 is build as module

inet6_hashtables is build into vmlinux in case ipv6 gets build as a module. As the inet6_hashtables functions depend on ipv6_get_ifaddr via ipv6_get_ifaddr_afnetns_rcu, we need to make the lookup function always available. Signed-off-by: Hannes Frederic Sowa --- include/net/addrconf.h | 6

[PATCH net-next RFC v1 09/27] afnetns: add sock_afnetns

Signed-off-by: Hannes Frederic Sowa --- include/net/sock.h | 9 + 1 file changed, 9 insertions(+) diff --git a/include/net/sock.h b/include/net/sock.h index 1e05d497db2520..aa204bf3537ba0 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -2293,6 +2293,15 @@ struct net

[PATCH net-next RFC v1 04/27] afnetns: add net_afnetns

Signed-off-by: Hannes Frederic Sowa --- include/net/net_namespace.h | 8 1 file changed, 8 insertions(+) diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index c59fb018da5e46..9be39b8315a6f9 100644 --- a/include/net/net_namespace.h +++ b/include/net

[PATCH net-next RFC v1 00/27] afnetns: new namespace type for separation on protocol level

lished version The same commands work for IPv6, I only used IPv4 as an example. This is still work in progress. Hannes Frederic Sowa (27): afnetns: add CLONE_NEWAFNET flag afnetns: basic namespace operations and representations afnetns: prepare for integration into ipv4 afnetns: add net_a

[PATCH net-next RFC v1 11/27] afnetns: validate afnetns in inet_allow_bind

Signed-off-by: Hannes Frederic Sowa --- net/ipv4/af_inet.c | 11 +++ 1 file changed, 11 insertions(+) diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index aee599e23137e7..5f11399bafd16f 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -453,6 +453,17 @@ int

[PATCH net-next RFC v1 12/27] afnetns: ipv4/udp integration

Signed-off-by: Hannes Frederic Sowa --- net/ipv4/udp.c | 22 ++ 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index ea6e4cff9fafe9..5bfe2d9f5583da 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -155,6 +155,7 @@ static int

[PATCH net-next RFC v1 10/27] afnetns: add ifa_find_afnetns_rcu

Signed-off-by: Hannes Frederic Sowa --- include/linux/inetdevice.h | 11 +++ 1 file changed, 11 insertions(+) diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h index eb1b662f62626f..01cbcfe93383b7 100644 --- a/include/linux/inetdevice.h +++ b/include/linux

[PATCH net-next RFC v1 13/27] afnetns: use inet_allow_bind in inet6_bind

Signed-off-by: Hannes Frederic Sowa --- net/ipv6/af_inet6.c | 17 - 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 04db40620ea65c..f9367c507573bc 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -316,8

  1   2   3   4   5   6   7   8   9   10   >