Joe Stringer writes:
> Hey Aaron, long time no chat :)
Same :)
> On Fri, Mar 19, 2021 at 1:43 PM Aaron Conole wrote:
>>
>> When a user instructs a flow pipeline to perform connection tracking,
>> there is an implicit L3 operation that occurs - namely the IP fragment
Ilya Maximets writes:
> On 4/8/21 10:41 PM, Aaron Conole wrote:
>> Joe Stringer writes:
>>
>>> Hey Aaron, long time no chat :)
>>
>> Same :)
>>
>>> On Fri, Mar 19, 2021 at 1:43 PM Aaron Conole wrote:
>>>>
>>>> When
Ilya Maximets writes:
> On 4/10/21 2:22 PM, Aaron Conole wrote:
>> Ilya Maximets writes:
>>
>>> On 4/8/21 10:41 PM, Aaron Conole wrote:
>>>> Joe Stringer writes:
>>>>
>>>>> Hey Aaron, long time no chat :)
>>>>
rrect boundary, or send a packet too big in the IPv6 case).
Additionally, introduce a test suite for openvswitch with a test case
that ensures this MTU behavior, with the expectation that new tests are
added when needed.
Fixes: 7f8a436eaa2c ("openvswitch: Add conntrack action")
Signed-off-b
Aaron Conole writes:
> When a user instructs a flow pipeline to perform connection tracking,
> there is an implicit L3 operation that occurs - namely the IP fragments
> are reassembled and then processed as a single unit. After this, new
> fragments are generated and then transmitt
Numan Siddique writes:
> On Mon, Jul 13, 2020 at 3:34 PM Stefano Brivio wrote:
>>
>> On Mon, 13 Jul 2020 10:04:13 +0200
>> Florian Westphal wrote:
>>
>> > Stefano Brivio wrote:
>> > > Hi,
>> > >
>> > > On Sun, 12 Jul 2020 22:07:03 +0200
>> > > Florian Westphal wrote:
>> > >
>> > > > vxlan and
ally prevent
connections from eventually succeeding. I eventually hope to flesh that
out into a bpf implementation of hardware offload (with various features,
like window tracking, flag validation, etc).
Aaron Conole (3):
bpf: modular maps
netfilter: nf_flow_table: support a new 'snoop
, metadata, and allow for window validation.
Signed-off-by: Aaron Conole
---
include/linux/bpf_types.h | 2 +
include/uapi/linux/bpf.h | 7 +
net/netfilter/Kconfig | 9 +
net/netfilter/Makefile| 1 +
net/netfilter
offload table.
Each flow table can now be set with some kinds of flags, and if
one of those flags is the new 'snoop' flag, it will be updated
whenever a flow entry is added or removed to any flow table.
Signed-off-by: Aaron Conole
---
include/net/netfilter/nf_flow_table.h| 5 +++
in
This commit allows for map operations to be loaded by an lkm, rather than
needing to be baked into the kernel at compile time.
Signed-off-by: Aaron Conole
---
include/linux/bpf.h | 6 +
init/Kconfig | 8 +++
kernel/bpf/syscall.c | 57
Alexei Starovoitov writes:
> On Sun, Nov 25, 2018 at 01:09:17PM -0500, Aaron Conole wrote:
>> This commit allows for map operations to be loaded by an lkm, rather than
>> needing to be baked into the kernel at compile time.
>
> Nack.
> Please see Documentation/bpf/bpf_d
Alexei Starovoitov writes:
> On Tue, Nov 27, 2018 at 09:24:05AM -0500, Aaron Conole wrote:
>>
>> 1. Introduce flowmap again, this time, basically having it close to a
>> copy of the hashmap. Introduce a few function calls that allow an
>> external modu
Alexei Starovoitov writes:
> On Wed, Nov 28, 2018 at 01:51:42PM -0500, Aaron Conole wrote:
>> Alexei Starovoitov writes:
>>
>> > On Tue, Nov 27, 2018 at 09:24:05AM -0500, Aaron Conole wrote:
>> >>
>> >> 1. Introduce flowmap again, this time, b
Alexei Starovoitov writes:
> On Fri, Nov 30, 2018 at 08:49:17AM -0500, Aaron Conole wrote:
>>
>> While this is one reason to use hash map, I don't think we should use
>> this as a reason to exclude development of a data type that may work
>> better. After
The prefixlen maps used here are identical, and have been since
introduction. It seems to make sense to use a single large map,
that the preprocessor will fill appropriately.
Signed-off-by: Aaron Conole
---
net/netfilter/ipset/pfxlen.c | 395 +++
1 file
unix_writable() originally was inlined, but was changed as part of
commit 1586a5877db9 ("af_unix: do not report POLLOUT on
listeners"). Re-enable the inline flag.
Signed-off-by: Aaron Conole
Cc: Eric Dumazet
---
net/unix/af_unix.c | 2 +-
1 file changed, 1 insertion(+), 1 deletio
David Miller writes:
> From: Aaron Conole
> Date: Mon, 2 Nov 2015 12:01:59 -0500
>
>> unix_writable() originally was inlined, but was changed as part of
>> commit 1586a5877db9 ("af_unix: do not report POLLOUT on
>> listeners"). Re-enable the inline fla
changes the device MTU after previously
being given advice.
Signed-off-by: Aaron Conole
---
drivers/net/virtio_net.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index e0638e5..ef5ee01 100644
--- a/drivers/net/virtio_net.c
+++ b
described in the proposed VFIO spec
addition found at
https://lists.oasis-open.org/archives/virtio-dev/201603/msg1.html
The second patch adds a user of the bit, and a warning when the guest changes
the MTU from the hypervisor advised MTU. Future patches may add more thorough
error handling.
Aaron
This commit adds the feature bit and associated mtu device entry for the
virtio network device. Future commits will make use of these bits to
support negotiated MTU.
Signed-off-by: Aaron Conole
---
include/uapi/linux/virtio_net.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include
Hi Rick,
In the future, please don't cut the list.
Rick Jones writes:
> On 06/02/2016 08:43 AM, Aaron Conole wrote:
>> This patch checks the feature bit for the VIRTIO_NET_F_MTU feature. If it
>> exists, read the advised MTU and use it.
>>
>> No proper error h
"Michael S. Tsirkin" writes:
> On Thu, Jun 02, 2016 at 11:43:31AM -0400, Aaron Conole wrote:
>> This patch checks the feature bit for the VIRTIO_NET_F_MTU feature. If it
>> exists, read the advised MTU and use it.
>>
>> No proper error handling is provided
"Michael S. Tsirkin" writes:
> On Thu, Jun 02, 2016 at 11:43:30AM -0400, Aaron Conole wrote:
>> This commit adds the feature bit and associated mtu device entry for the
>> virtio network device. Future commits will make use of these bits to
>> support negotiated
kbuild test robot writes:
> Hi,
>
> [auto build test ERROR on next-20160602]
>
> url:
> https://github.com/0day-ci/linux/commits/Aaron-Conole/virtio-net-Advised-MTU-feature/20160603-000714
> config: i386-allmodconfig (attached as .config)
> compiler: gcc-6 (Debian
-off-by: Aaron Conole
---
v1->v2:
* Fixed omitted hunk from virtio_net.h
* Squashed to a single commit
* Fixed commit message.
drivers/net/virtio_net.c| 7 +++
include/uapi/linux/virtio_net.h | 3 +++
2 files changed, 10 insertions(+)
diff --git a/drivers/net/virtio_net.c b/driv
described in the proposed VFIO spec
addition found at
https://lists.oasis-open.org/archives/virtio-dev/201603/msg1.html
The second patch adds a user of the bit, and a warning when the guest changes
the MTU from the hypervisor advised MTU. Future patches may add more thorough
error handling.
Aaron
This commit adds the feature bit and associated mtu device entry for the
virtio network device. Future commits will make use of these bits to support
negotiated MTU.
Signed-off-by: Aaron Conole
---
include/uapi/linux/virtio_net.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/include
changes the device MTU after previously being
given advice.
Signed-off-by: Aaron Conole
---
drivers/net/virtio_net.c | 15 ++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 767ab11..7175563 100644
--- a/drivers
Paolo Abeni writes:
> On Thu, 2016-03-10 at 09:28 -0500, Aaron Conole wrote:
>> This patch checks the feature bit for the VIRTIO_NET_F_MTU feature. If it
>> exists, read the advised MTU and use it.
>>
>> No proper error handling is provided for the case where a use
Sergei Shtylyov writes:
> Hello.
Hi Sergei,
> On 03/10/2016 05:28 PM, Aaron Conole wrote:
>
>> This patch checks the feature bit for the VIRTIO_NET_F_MTU feature. If it
>> exists, read the advised MTU and use it.
>>
>> No proper error handling is provided for
changes the device MTU after previously
being given advice.
Signed-off-by: Aaron Conole
---
v2:
* Whitespace cleanup in the last hunk
* Code style change around the pr_warn
* Additional test for mtu change before printing warning
drivers/net/virtio_net.c | 12
1 file changed, 12
:
* Whitespace and code style cleanups from Sergei Shtylyov and Paolo Abeni
* Additional test before printing a warning
Aaron Conole (2):
virtio: Start feature MTU support
virtio_net: Read the advised MTU
drivers/net/virtio_net.c| 12
include/uapi/linux/virtio_net.h | 3 +++
2
This commit adds the feature bit and associated mtu device entry for the
virtio network device. Future commits will make use of these bits to support
negotiated MTU.
Signed-off-by: Aaron Conole
---
v2:
* No change
include/uapi/linux/virtio_net.h | 3 +++
1 file changed, 3 insertions(+)
diff
"Michael S. Tsirkin" writes:
> On Tue, Mar 15, 2016 at 05:04:13PM -0400, Aaron Conole wrote:
>> This patch checks the feature bit for the VIRTIO_NET_F_MTU feature. If it
>> exists, read the advised MTU and use it.
>>
>> No proper error handling is provided
Rick Jones writes:
> On 03/15/2016 02:04 PM, Aaron Conole wrote:
>> The following series adds the ability for a hypervisor to set an MTU on the
>> guest during feature negotiation phase. This is useful for VM orchestration
>> when, for instance, tunneling is involved and t
Stephen Hemminger writes:
> On Tue, 15 Mar 2016 17:04:12 -0400
> Aaron Conole wrote:
>
>> --- a/include/uapi/linux/virtio_net.h
>> +++ b/include/uapi/linux/virtio_net.h
>> @@ -55,6 +55,7 @@
>> #define VIRTIO_NET_F_MQ 22
Sergei Shtylyov writes:
> Hello.
>
> On 3/16/2016 12:04 AM, Aaron Conole wrote:
>
>> This patch checks the feature bit for the VIRTIO_NET_F_MTU feature. If it
>> exists, read the advised MTU and use it.
>>
>> No proper error handling is provided f
atch adds a user of the bit, and a warning when the guest changes
>> the MTU from the hypervisor advised MTU. Future patches may add more thorough
>> error handling.
>>
>> v2:
>> * Whitespace and code style cleanups from Sergei Shtylyov and Paolo Abeni
>>
-off-by: Aaron Conole
---
v2->v3:
* Added a check for the MTU, and a bit clear for it being out of range.
drivers/net/virtio_net.c| 10 ++
include/uapi/linux/virtio_net.h | 3 +++
2 files changed, 13 insertions(+)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_ne
ned-off-by: Aaron Conole
Suggested-by: "Michael S. Tsirkin"
---
include/uapi/linux/virtio_net.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/virtio_net.h b/include/uapi/linux/virtio_net.h
index 1ab4ea6..0da0e3a 100644
--- a/include/uapi/linu
This commit adds the feature bit and associated mtu device entry for the
virtio network device. Future commits will make use of these bits to support
negotiated MTU.
Signed-off-by: Aaron Conole
---
v2,v3:
* No change
include/uapi/linux/virtio_net.h | 3 +++
1 file changed, 3 insertions
changes the device MTU after previously
being given advice.
Signed-off-by: Aaron Conole
---
v2:
* Whitespace cleanup in the last hunk
* Code style change around the pr_warn
* Additional test for mtu change before printing warning
v3:
* removed the mtu change warning
drivers/net/virtio_net.c | 8
:
* Whitespace and code style cleanups from Sergei Shtylyov and Paolo Abeni
* Additional test before printing a warning
v3:
* Removed the warning when changing MTU (which simplified the code)
Aaron Conole (2):
virtio: Start feature MTU support
virtio_net: Read the advised MTU
drivers/net
From: Aaron Conole
When signaling that a GRO frame is ready to be processed, the network stack
correctly checks length and aborts processing when a frame is less than 14
bytes. However, such a condition is really indicative of a broken driver,
and should be loudly signaled, rather than silently
From: Aaron Conole
When signaling that a GRO frame is ready to be processed, the network stack
correctly checks length and aborts processing when a frame is less than 14
bytes. However, such a condition is really indicative of a broken driver,
and should be loudly signaled, rather than silently
.
The bridge netfilter however may need to do this. br_nf_hook_thresh is a
wrapper that is supposed to do this, i.e. only call hooks with a
priority that exceeds NF_BR_PRI_BRNF.
It's used only in the recursion cases of br_netfilter.
Signed-off-by: Florian Westphal
Signed-off-by: Aaron C
From: Florian Westphal
This makes things simpler because we can store the head of the list
in the nf_state structure without worrying about concurrent add/delete
of hook elements from the list.
Signed-off-by: Florian Westphal
Signed-off-by: Aaron Conole
---
include/linux/netfilter.h
Florian Westphal.
Aaron Conole (1):
netfilter: replace list_head with single linked list
Florian Westphal (2):
netfilter: bridge: add and use br_nf_hook_thresh
netfilter: call nf_hook_state_init with rcu_read_lock held
include/linux/netdevice.h | 2 +-
include/linux
-off-by: Aaron Conole
Signed-off-by: Florian Westphal
---
NOTE: The unregister list code is ugly right now - I will be fixing it to a
cleaner version in the next round of submission.
include/linux/netdevice.h | 2 +-
include/linux/netfilter.h | 18 +++---
include/linux
Aaron Conole writes:
> From: Florian Westphal
>
> This replaces the last uses of NF_HOOK_THRESH().
> Followup patch will remove it and rename nf_hook_thresh.
>
> The reason is that inet (non-bridge) netfilter no longer invokes the
> hooks from hooks, so we do no longer nee
Florian Westphal.
Aaron Conole (1):
netfilter: replace list_head with single linked list
Florian Westphal (2):
netfilter: bridge: add and use br_nf_hook_thresh
netfilter: call nf_hook_state_init with rcu_read_lock held
include/linux/netdevice.h | 2 +-
include/linux
From: Florian Westphal
This makes things simpler because we can store the head of the list
in the nf_state structure without worrying about concurrent add/delete
of hook elements from the list.
Signed-off-by: Florian Westphal
Signed-off-by: Aaron Conole
---
include/linux/netfilter.h
.
The bridge netfilter however may need to do this. br_nf_hook_thresh is a
wrapper that is supposed to do this, i.e. only call hooks with a
priority that exceeds NF_BR_PRI_BRNF.
It's used only in the recursion cases of br_netfilter.
Signed-off-by: Florian Westphal
Signed-off-by: Aaron C
-off-by: Aaron Conole
Signed-off-by: Florian Westphal
---
include/linux/netdevice.h | 2 +-
include/linux/netfilter.h | 18 +++---
include/linux/netfilter_ingress.h | 14 +++--
include/net/netfilter/nf_queue.h | 9 ++-
include/net/netns/netfilter.h | 2 +-
net/bridge
is
today.
Convert the condition to use WARN_ON() to ensure that the stack loudly
complains about such broken drivers.
Signed-off-by: Aaron Conole
---
net/core/dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index 914b4a2..8af4e29 100644
Joe Perches writes:
> On Sat, 2016-01-02 at 19:25 -0500, Aaron Conole wrote:
>> When signaling that a GRO frame is ready to be processed, the network stack
>> correctly checks length and aborts processing when a frame is less than 14
>> bytes. However, such a condition is r
exemption is made for socket-level
filters, since they do not really impact networking for the whole kernel.
Signed-off-by: Aaron Conole
---
kernel/bpf/syscall.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index ab0cf4c4..1255b51 100644
Hi Daniel,
Daniel Borkmann writes:
> On 04/04/2017 08:33 PM, Aaron Conole wrote:
>> The eBPF framework is used for more than just socket level filtering. It
>> can also provide tracing, and even change the way packets coming into the
>> system look. Most of the eBPF
Hi Alexei, and Daniel,
Alexei Starovoitov writes:
> On Wed, Apr 05, 2017 at 10:59:49PM -0400, Aaron Conole wrote:
>> Hi Daniel,
>>
>> Daniel Borkmann writes:
>>
>> > On 04/04/2017 08:33 PM, Aaron Conole wrote:
>> >> The eBPF framework is use
There are no in-tree callers of this function and it isn't exported.
Signed-off-by: Aaron Conole
---
include/net/ip_vs.h | 2 --
net/netfilter/ipvs/ip_vs_proto.c | 22 --
2 files changed, 24 deletions(-)
diff --git a/include/net/ip_vs.h b/include/net/ip
There are no in-tree callers.
Signed-off-by: Aaron Conole
---
net/netfilter/ipset/ip_set_core.c | 8
1 file changed, 8 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_core.c
b/net/netfilter/ipset/ip_set_core.c
index c296f9b..68ba531 100644
--- a/net/netfilter/ipset/ip_set_core.c
Signed-off-by: Aaron Conole
---
net/netfilter/nf_tables_api.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 2d822d2..1452fb7 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4435,8
The protonet pointer will unconditionally be rewritten, so just do the
needed assignment first.
Signed-off-by: Aaron Conole
---
net/netfilter/nf_conntrack_proto.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto.c
b/net/netfilter
The sync_refresh_period variable is unsigned, so it can never be < 0.
Signed-off-by: Aaron Conole
---
net/netfilter/ipvs/ip_vs_sync.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index b03c280..123d
Hi Krister,
Krister Johansen writes:
> The ipvlan code already knows how to detect when a duplicate address is
> about to be assigned to an ipvlan device. However, that failure is not
> propogated outward and leads to a silent failure. This teaches the ip
> address addition functions how to re
David Miller writes:
> From: Aaron Conole
> Date: Tue, 03 Jan 2017 10:50:00 -0500
>
>>> @@ -489,7 +490,12 @@ static int __inet_insert_ifa(struct in_ifaddr *ifa,
>>> struct nlmsghdr *nlh,
>>>Notifier will trigger FIB update, so that
>>>
Hi David,
David Miller writes:
> Here is what I have after today's work. I think I sorted out the
> endianness issues.
>
> gas can be controlled explicitly using "-EB" and "-EL" options. The
> default is whatever endianness the host has. The elf names for the
> two variants are "elf64-bpfbe"
David Miller writes:
> From: Aaron Conole
> Date: Fri, 28 Apr 2017 11:57:36 -0400
>
>> I'll get an arm board up and running to do some testing there. As a
>> teaser:
>
> Great.
>
> I started working on some more relocation stuff, so more of the
> gener
David Miller writes:
> This is mainly a synchronization point, I still need to look
> more deeply into Alexei's -g issue.
>
> New in this version from v3:
> - Remove tailcall from opcode table
> - Rearrange relocations so that numbers match with LLVM ones
> - Emit relocs properly so that dwarf
David Miller writes:
> From: Aaron Conole
> Date: Mon, 01 May 2017 13:22:00 -0400
>
>> x86-64:
>> Running /home/aconole/git/binutils-gdb/gas/testsuite/gas/bpf/bpf.exp ...
>> FAIL: jump
>> FAIL: call
>> FAIL: imm64a
>> Running /home/a
David Miller writes:
> I wonder if whatever tool you used to get rid of trailing whitespace
> did so in the testsuite foo.d files too? That definitely is
> undesirable :-)
Most likely I was being too clever by half. I'll make sure I omit the
.d files from scanning.
Thanks for this; I will send a v2 in the next two days.
-Aaron
Florian Westphal writes:
> Aaron Conole wrote:
>> --- a/net/netfilter/core.c
>> +++ b/net/netfilter/core
> [..]
>> +#define nf_entry_dereference(e) \
>> +rcu_dereference_protected(e,
lockdep debugging enabled.
Aaron Conole (2):
netfilter: bridge: add and use br_nf_hook_thresh
netfilter: replace list_head with single linked list
Florian Westphal (1):
netfilter: call nf_hook_state_init with rcu_read_lock held
include/linux/netdevice.h | 2
-off-by: Aaron Conole
Signed-off-by: Florian Westphal
---
v2:
* Adjusted the hook list head function, and retested with rcu and lockdep
debugging enabled.
include/linux/netdevice.h | 2 +-
include/linux/netfilter.h | 18 +++---
include/linux/netfilter_ingress.h | 14
.
The bridge netfilter however may need to do this. br_nf_hook_thresh is a
wrapper that is supposed to do this, i.e. only call hooks with a
priority that exceeds NF_BR_PRI_BRNF.
It's used only in the recursion cases of br_netfilter.
Signed-off-by: Florian Westphal
Signed-off-by: Aaron C
From: Florian Westphal
This makes things simpler because we can store the head of the list
in the nf_state structure without worrying about concurrent add/delete
of hook elements from the list.
Signed-off-by: Florian Westphal
Signed-off-by: Aaron Conole
---
include/linux/netfilter.h
Pablo Neira Ayuso writes:
> On Tue, Jul 12, 2016 at 11:32:19AM -0400, Aaron Conole wrote:
>> +/* recursively invokes nf_hook_slow (again), skipping already-called
>> + * hooks (< NF_BR_PRI_BRNF).
>> + *
>> + * Called with rcu read lock held.
>> + */
>>
Jarod Wilson writes:
> hyperv_net:
> - set min/max_mtu
>
> virtio_net:
> - set min/max_mtu
> - remove virtnet_change_mtu
>
> vmxnet3:
> - set min/max_mtu
>
> CC: netdev@vger.kernel.org
> CC: virtualizat...@lists.linux-foundation.org
> CC: "K. Y. Srinivasan"
> CC: Haiyang Zhang
> CC: "Michael S.
"Michael S. Tsirkin" writes:
> On Thu, Oct 20, 2016 at 10:37:20PM -0400, Jarod Wilson wrote:
>> On Thu, Oct 20, 2016 at 11:23:54PM +0300, Michael S. Tsirkin wrote:
>> > On Thu, Oct 20, 2016 at 01:55:21PM -0400, Jarod Wilson wrote:
>> ...
>> > > diff --git a/drivers/net/virtio_net.c b/drivers/net/
From: Aaron Conole
The virtio committee recently ratified a change, VIRTIO-152, which
defines the mtu field to be 'max' MTU, not simply desired MTU.
This commit brings the virtio-net device in compliance with VIRTIO-152.
Additionally, drop the max_mtu branch - it cannot be taken sin
> From: Aaron Conole
>
> The virtio committee recently ratified a change, VIRTIO-152, which
> defines the mtu field to be 'max' MTU, not simply desired MTU.
>
> This commit brings the virtio-net device in compliance with VIRTIO-152.
>
> Additionally, drop the m
eturned by virtio_cread16 will never exceed the initial value of
max_mtu.
Signed-off-by: Aaron Conole
Acked-by: "Michael S. Tsirkin"
Acked-by: Jarod Wilson
---
Nothing code-wise has changed, but I've included the ACKs and fixed up the
subject line.
drivers/net/virtio_net.c | 6 --
1 f
Aaron Conole writes:
>> From: Aaron Conole
>>
>> The virtio committee recently ratified a change, VIRTIO-152, which
>> defines the mtu field to be 'max' MTU, not simply desired MTU.
>>
>> This commit brings the virtio-net device in compliance
It's possible for nf_hook_entry_head to return NULL if two
nf_unregister_net_hook calls happen simultaneously with a single hook
entry in the list. This fix ensures that no null pointer dereference
could occur when such a race happens.
Signed-off-by: Aaron Conole
---
net/netfilter/core.
When CONFIG_NETFILTER_INGRESS is unset (or no), we need to handle
the request for registration properly by dropping the hook. This
releases the entry during the set.
Signed-off-by: Aaron Conole
---
net/netfilter/core.c | 4
1 file changed, 4 insertions(+)
diff --git a/net/netfilter
Two possible error conditions were caught during an extended testing
session, and by a build robot. These patches fix the two issues (a
missing handler when config is changed, and a potential NULL
dereference).
Aaron Conole (2):
netfilter: Fix potential null pointer dereference
Florian Westphal writes:
> Aaron Conole wrote:
>> When CONFIG_NETFILTER_INGRESS is unset (or no), we need to handle
>> the request for registration properly by dropping the hook. This
>> releases the entry during the set.
>>
>> Signed-off-by: Aaron Conole
&g
Two possible error conditions were caught during an extended testing
session, and by a build robot. These patches fix the two issues (a
missing handler when config is changed, and a potential NULL
dereference).
Aaron Conole (2):
netfilter: Fix potential null pointer dereference
It's possible for nf_hook_entry_head to return NULL if two
nf_unregister_net_hook calls happen simultaneously with a single hook
entry in the list. This fix ensures that no null pointer dereference
could occur when such a race happens.
Signed-off-by: Aaron Conole
---
net/netfilter/core.
When CONFIG_NETFILTER_INGRESS is unset (or no), we need to handle
the request for registration properly by dropping the hook. This
releases the entry during the set.
Signed-off-by: Aaron Conole
---
net/netfilter/core.c | 15 +++
1 file changed, 11 insertions(+), 4 deletions
When CONFIG_NETFILTER_INGRESS is unset (or no), we need to handle
the request for registration properly by dropping the hook. This
releases the entry during the set.
Signed-off-by: Aaron Conole
---
net/netfilter/core.c | 15 +++
1 file changed, 11 insertions(+), 4 deletions
r and attempt to dereference.
This fix ensures that no null pointer dereference could occur when such
a condition happens.
Signed-off-by: Aaron Conole
---
net/netfilter/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 36
Two possible error conditions were caught during an extended testing
session, and by a build robot. These patches fix the two issues (a
missing handler when config is changed, and a potential NULL
dereference).
Aaron Conole (2):
netfilter: Fix potential null pointer dereference
Liping Zhang writes:
> 2016-09-28 11:08 GMT+08:00 Liping Zhang :
>> Hi Feng,
>>
>> 2016-09-28 9:23 GMT+08:00 Feng Gao :
>>> Hi Aaraon,
>>>
>>> On Tue, Sep 27, 2016 at 9:38 PM, Aaron Conole wrote:
>>>> It's possible for nf_hook_e
Eric Dumazet writes:
> On Wed, 2016-09-28 at 09:12 -0400, Aaron Conole wrote:
>> It's possible for nf_hook_entry_head to return NULL. If two
>> nf_unregister_net_hook calls happen simultaneously with a single hook
>> entry in the list, both will enter the nf_hook_mute
When CONFIG_NETFILTER_INGRESS is unset (or no), we need to handle
the request for registration properly by dropping the hook. This
releases the entry during the set.
Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list")
Signed-off-by: Aaron Conole
---
net
Two possible error conditions were caught during an extended testing
session, and by a build robot. These patches fix the two issues (a
missing handler when config is changed, and a potential NULL
dereference).
Aaron Conole (2):
netfilter: Fix potential null pointer dereference
r and attempt to dereference.
This fix ensures that no null pointer dereference could occur when such
a condition happens.
Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list")
Signed-off-by: Aaron Conole
---
net/netfilter/core.c | 2 +-
1 file changed, 1 insertion
Eric Dumazet writes:
> On Wed, 2016-09-28 at 10:56 -0400, Aaron Conole wrote:
>> Eric Dumazet writes:
>>
>> > On Wed, 2016-09-28 at 09:12 -0400, Aaron Conole wrote:
>> >> It's possible for nf_hook_entry_head to return NULL. If two
>> >> nf
David Miller writes:
> From: Kalle Valo
> Date: Thu, 29 Sep 2016 19:57:28 +0300
>
...
>> Or actually I had one problem. While doing a test merge I noticed that
>> net-next fails to compile for me, but I don't think this is anything
>> wireless related:
>>
>> CC net/netfilter/core.o
>> ne
1 - 100 of 137 matches
Mail list logo