Re: [PATCH 1/4] inotify: Add infrastructure to account inotify limits per-namespace

On Wed, Jun 01, 2016 at 10:52:57AM +0300, Nikolay Borisov wrote: > This patch adds the necessary members to user_struct. The idea behind > the solution is really simple - user the userns pointers as keys into > a hash table which holds the inotify instances/watches counts. This > allows to account

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Wed, Mar 09, 2016 at 08:58:52AM -0800, Alexei Starovoitov wrote: ... > > above line is an indication that you have: > #if defined(CONFIG_DEBUG_PREEMPT) || defined(CONFIG_PREEMPT_TRACER) > turning it off will speed up things significantly. Look, this won't change the overall picture. For sure

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Wed, Mar 09, 2016 at 07:39:19PM +0300, Cyrill Gorcunov wrote: > On Sun, Mar 06, 2016 at 08:06:41PM +0300, Cyrill Gorcunov wrote: > > > > > > Well, this looks like LOCKDEP kernel. Are you really running LOCKDEP on > > > production kernels ? > > > > Hi

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Wed, Mar 09, 2016 at 12:24:00PM -0500, David Miller wrote: ... > We asked you for numbers without a lot of features enabled, it'll > help us diagnose which subsystem still causes a lot of overhead > much more clearly. > > So please do so. Sure. Gimme some time and I'll back with numbers. >

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Sun, Mar 06, 2016 at 08:06:41PM +0300, Cyrill Gorcunov wrote: > > > > Well, this looks like LOCKDEP kernel. Are you really running LOCKDEP on > > production kernels ? > Hi Eric, David. Sorry for the delay. Finally I've measured the latency on the hw. It's i7-2600 cpu wit

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Thu, Mar 10, 2016 at 01:20:18PM +0300, Cyrill Gorcunov wrote: > On Thu, Mar 10, 2016 at 12:16:29AM +0300, Cyrill Gorcunov wrote: > > > > Thanks for explanation, Dave! I'll continue on this task tomorrow > > tryin to implement optimization you proposed. > &g

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Thu, Mar 10, 2016 at 12:16:29AM +0300, Cyrill Gorcunov wrote: > > Thanks for explanation, Dave! I'll continue on this task tomorrow > tryin to implement optimization you proposed. OK, here are the results for the preliminary patch with conntrack running --- [root@s125 ~]# ./exploit.

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Thu, Mar 10, 2016 at 01:01:38PM -0500, David Miller wrote: > From: Cyrill Gorcunov <gorcu...@gmail.com> > Date: Thu, 10 Mar 2016 18:09:20 +0300 > > > On Thu, Mar 10, 2016 at 02:03:24PM +0300, Cyrill Gorcunov wrote: > >> On Thu, Mar 10, 2016 at 01:20:18P

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Thu, Mar 10, 2016 at 11:13:51PM +0300, Cyrill Gorcunov wrote: > > > > Both notifiers are run in the inetdev_destroy() case. > > > > Maybe that's what you are missing. > > No :) Look, here is what I mean. Previously with your two patches > we've been calling

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Thu, Mar 10, 2016 at 04:05:21PM -0500, David Miller wrote: > > > > and nobody calls for nf_ct_iterate_cleanup, no? > > Oh yes they do, from masq's non-inet notifier. masq registers two > notifiers, one for generic netdev and one for inetdev. Thanks a huge David! I'll test it just to be

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Thu, Mar 10, 2016 at 03:03:11PM -0500, David Miller wrote: > From: Cyrill Gorcunov <gorcu...@gmail.com> > Date: Thu, 10 Mar 2016 23:01:34 +0300 > > > On Thu, Mar 10, 2016 at 02:55:43PM -0500, David Miller wrote: > >> > > >> > Hmm, but inetdev_de

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Thu, Mar 10, 2016 at 02:55:43PM -0500, David Miller wrote: > > > > Hmm, but inetdev_destroy() is only called when NETDEV_UNREGISTER > > is happening and masq already registers a netdev notifier... > > Indeed, good catch. Therefore: > > 1) Keep the masq netdev notifier. That will flush the

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Thu, Mar 10, 2016 at 02:03:24PM +0300, Cyrill Gorcunov wrote: > On Thu, Mar 10, 2016 at 01:20:18PM +0300, Cyrill Gorcunov wrote: > > On Thu, Mar 10, 2016 at 12:16:29AM +0300, Cyrill Gorcunov wrote: > > > > > > Thanks for explanation, Dave! I'll continue on thi

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Fri, Mar 11, 2016 at 12:19:45AM +0300, Cyrill Gorcunov wrote: > > > > Oh yes they do, from masq's non-inet notifier. masq registers two > > notifiers, one for generic netdev and one for inetdev. > > Thanks a huge David! I'll test it just to be sure. Works like

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Thu, Mar 10, 2016 at 05:36:30PM -0500, David Miller wrote: > > > > Works like a charm! So David, what are the next steps then? > > Mind to gather all your patches into one (maybe)? > > I'll re-review all of the changes tomorrow and also look into ipv6 > masq, to see if it needs the same

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Sat, Mar 12, 2016 at 12:22:47AM +0300, Cyrill Gorcunov wrote: > On Fri, Mar 11, 2016 at 03:40:46PM -0500, David Miller wrote: > > > Thanks a lot, David! > > > > Cyrill please retest this final patch and let me know if it still works > > properly. > >

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Fri, Mar 11, 2016 at 03:40:46PM -0500, David Miller wrote: > > > > Thanks a lot, David! > > Cyrill please retest this final patch and let me know if it still works > properly. ... Thanks David! Give me some time, gonna build and run test. Cyrill

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Fri, Mar 11, 2016 at 03:40:46PM -0500, David Miller wrote: > > Thanks a lot, David! > > Cyrill please retest this final patch and let me know if it still works > properly. > > I looked at ipv6, and it's more complicated. The problem is that ipv6 > doesn't mark the inet6dev object as dead in

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Wed, Mar 09, 2016 at 08:53:07PM +0300, Cyrill Gorcunov wrote: > On Wed, Mar 09, 2016 at 12:24:00PM -0500, David Miller wrote: > ... > > We asked you for numbers without a lot of features enabled, it'll > > help us diagnose which subsystem still causes a lot of overhead >

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Wed, Mar 09, 2016 at 03:27:30PM -0500, David Miller wrote: > > > > Yes. I can drop it off for a while and run tests without it, > > then turn it back and try again. Would you like to see such > > numbers? > > That would be very helpful, yes. Just sent out. Take a look please. Indeed it sits

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Wed, Mar 09, 2016 at 03:47:25PM -0500, David Miller wrote: > From: Cyrill Gorcunov <gorcu...@gmail.com> > Date: Wed, 9 Mar 2016 23:41:58 +0300 > > > On Wed, Mar 09, 2016 at 03:27:30PM -0500, David Miller wrote: > >> > > >> > Yes. I can

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Wed, Mar 09, 2016 at 04:10:38PM -0500, David Miller wrote: > > > > and here we call for NETDEV_DOWN, which then hits masq_device_event > > and go further to conntrack code. > > Yes that's where the notifier comes from, which happens with or without > my patch. Thanks for explanation, Dave!

Re: [PATCH net] ppp: take reference on channels netns

to preclude their netns from being removed from > under them. > ... > > Fixes: 273ec51dd7ce ("net: ppp_generic - introduce net-namespace > functionality v2") > Reported-by: Baozeng Ding <splovi...@gmail.com> > Signed-off-by: Guillaume Nault <g.na...@alp

[RFC] net: ipv4 -- Introduce ifa limit per net

for containers). Lets introduce per-net limit (4096 by default) of addresses, which can be tuned up via sysfs entry /proc/sys/net/ipv4/ifa_limit. Reported-by: Solar Designer <so...@openwall.com> Signed-off-by: Cyrill Gorcunov <gorcu...@virtuozzo.com> CC: Vasily Averin <v...@virtuozzo.

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Sat, Mar 05, 2016 at 09:44:59PM +0300, Cyrill Gorcunov wrote: > On Sat, Mar 05, 2016 at 11:33:12AM -0500, David Miller wrote: > ... > > > > Probably the same optimization can be applied there, see patch below. > > And if that doesn't do it, there is a really easy way

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Sun, Mar 06, 2016 at 08:23:12AM -0800, Eric Dumazet wrote: > On dim., 2016-03-06 at 13:09 +0300, Cyrill Gorcunov wrote: > > > Anyway, then I run this script for 255 as parameter > > in one pass which gen. requests to create 65025 addresses > > and kernel start complaini

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Sat, Mar 05, 2016 at 11:33:12AM -0500, David Miller wrote: > > and until everything get cleaned up I couldn't connect > > to the node via ssh. I continue playing with patch maybe > > I find some other optimization paths. Thanks! > > What is the order of magnitude of the delay, as a function of

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Fri, Mar 04, 2016 at 05:50:32PM -0500, David Miller wrote: > > Arbitrary limits are... arbitrary. > > If the freeing loop is the issue, splice the list at teardown and > process that list asynchronously via a workqueue or similar. Thanks! I'll try.

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Fri, Mar 04, 2016 at 11:11:09PM -0500, David Miller wrote: > From: Eric Dumazet > Date: Fri, 04 Mar 2016 16:08:30 -0800 > > > __inet_del_ifa() should probably take into account in_dev->dead (no > > promotion, no list scan...) > > Indeed, that is the real problem: Oh,

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Fri, Mar 04, 2016 at 11:11:09PM -0500, David Miller wrote: > From: Eric Dumazet > Date: Fri, 04 Mar 2016 16:08:30 -0800 > > > __inet_del_ifa() should probably take into account in_dev->dead (no > > promotion, no list scan...) > > Indeed, that is the real problem:

Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Sat, Mar 05, 2016 at 11:33:12AM -0500, David Miller wrote: ... > > Probably the same optimization can be applied there, see patch below. > And if that doesn't do it, there is a really easy way to batch the > delete by scanning the FIB tree in one go and deleting every entry > that points to

Re: [Patch net] ppp: defer netns reference release for ppp channel

On Thu, Jul 28, 2016 at 12:33:58PM +0200, Guillaume Nault wrote: > > > > After staring more I think the patch should be fine as a fix > > since implementing sync with ppp_[re|un]register_channel and > > ppp_ioctl might need a way more work. > > > > [Sorry for arriving so late in the game, I was

Re: [Patch net] ppp: defer netns reference release for ppp channel

On Wed, Jul 06, 2016 at 11:26:02AM +0300, Cyrill Gorcunov wrote: > On Tue, Jul 05, 2016 at 10:12:36PM -0700, Cong Wang wrote: > > Matt reported that we have a NULL pointer dereference > > in ppp_pernet() from ppp_connect_channel(), > > i.e. pch->chan_net is NU

Re: [Patch net] ppp: defer netns reference release for ppp channel

96 ("ppp: take reference on channels netns") > Reported-by: Matt Bennett <matt.benn...@alliedtelesis.co.nz> > Cc: Paul Mackerras <pau...@samba.org> > Cc: linux-...@vger.kernel.org > Cc: Guillaume Nault <g.na...@alphalink.fr> > Cc: Cyrill Gorcunov <gorcu...

Re: [RFC PATCH] sunrpc: do not allow process to freeze within RPC state machine

On Wed, Aug 03, 2016 at 08:54:50PM +0400, Stanislav Kinsburskiy wrote: > Otherwise freezer cgroup state might never become "FROZEN". > > Here is a deadlock scheme for 2 processes in one freezer cgroup, which is > freezing: > > CPU 0 CPU 1 >

[PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On Sat, Sep 10, 2016 at 04:28:40PM -0600, David Ahern wrote: > On 9/10/16 4:05 PM, Cyrill Gorcunov wrote: > > On Sat, Sep 10, 2016 at 10:31:35AM -0600, David Ahern wrote: > >> > >> Would you mind adding the destroy capability as well? The udp version > >> shoul

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On Tue, Sep 13, 2016 at 11:57:35AM -0400, David Miller wrote: > > > > Thanks for review, David. I updated against net-next. > > Please do not post new versions of patches as replies to existing > discussions. > > Instead, make fresh patch postings to the list. Oh, will do. Sorry for

[PATCH v3] net: ip, diag -- Add diag interface for raw sockets

emminger <step...@networkplumber.org> Signed-off-by: Cyrill Gorcunov <gorcu...@openvz.org> --- include/net/raw.h |6 + include/net/rawv6.h |7 + net/ipv4/Kconfig|8 + net/ipv4/Makefile |1 net/ipv4/raw.c | 21 net/ipv4/raw_diag.c | 226

[PATCH] net: ip, diag -- Add diag interface for raw sockets

umazet <eric.duma...@gmail.com> CC: Alexey Kuznetsov <kuz...@ms2.inr.ac.ru> CC: James Morris <jmor...@namei.org> CC: Hideaki YOSHIFUJI <yoshf...@linux-ipv6.org> CC: Patrick McHardy <ka...@trash.net> CC: Andrey Vagin <ava...@openvz.org> CC: Stephen Hemminger <step

Re: [PATCH] net: ip, diag -- Add diag interface for raw sockets

On Sat, Sep 10, 2016 at 10:31:35AM -0600, David Ahern wrote: > On 9/9/16 12:26 PM, Cyrill Gorcunov wrote: > > In criu we are actively using diag interface to collect sockets > > present in the system when dumping applications. And while for > > unix, tcp, udp[lite], pac

[PATCH v2] net: ip, diag -- Add diag interface for raw sockets

o for review only. Will do testing at Monday. --- From: Cyrill Gorcunov <gorcu...@openvz.org> Subject: [PATCH v2] net: ip, diag -- Add diag interface for raw sockets In criu we are actively using diag interface to collect sockets present in the system when dumping applications. And while for u

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On Thu, Sep 15, 2016 at 05:45:02PM -0600, David Ahern wrote: > > > > Try to be selective in the -K , do not kill tcp sockets ? > > I am running >ss -aKw 'dev == red' > > to kill raw sockets bound to device named 'red'. Thanks David, Eric! I'll play with this option today and report the

Re: [PATCH] net: ip, diag -- Add diag interface for raw sockets

On Fri, Sep 09, 2016 at 12:55:13PM -0700, Eric Dumazet wrote: > > + > > + rep = nlmsg_new(sizeof(struct inet_diag_msg) + > > + sizeof(struct inet_diag_meminfo) + 64, > > + GFP_KERNEL); > > + if (!rep) > > There is a missing sock_put(sk) > > > +

[PATCH v6] net: ip, diag -- Add diag interface for raw sockets

> CC: James Morris <jmor...@namei.org> CC: Hideaki YOSHIFUJI <yoshf...@linux-ipv6.org> CC: Patrick McHardy <ka...@trash.net> CC: Andrey Vagin <ava...@openvz.org> CC: Stephen Hemminger <step...@networkplumber.org> Signed-off-by: Cyrill Gorcunov <gorcu...@openvz.o

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On Thu, Sep 15, 2016 at 02:54:57PM -0600, David Ahern wrote: > On 9/15/16 2:22 PM, Cyrill Gorcunov wrote: > >> ss -K is not working. Socket lookup fails to find a match due to a > >> protocol mismatch. > >> > >> haven't had time to track down why

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On Thu, Sep 15, 2016 at 01:53:13PM -0600, David Ahern wrote: > On 9/13/16 11:19 AM, Cyrill Gorcunov wrote: > > In criu we are actively using diag interface to collect sockets > > present in the system when dumping applications. And while for > > unix, tcp, udp[lite], pac

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On Fri, Sep 16, 2016 at 01:55:42PM -0600, David Ahern wrote: > >> Since the display is showing sockets in addition to IPPROTO_RAW: > >> > >> $ ss -A raw > >> State Recv-Q Send-QLocal Address:Port > >> Peer Address:Port > >> UNCONN 0 0

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On Fri, Sep 16, 2016 at 01:47:57PM -0600, David Ahern wrote: > >> > >> I'm guessing you passed IPPROTO_RAW (255) as the protocol to socket(). If > >> you pass something > >> else (IPPROTO_ICMP for example) it won't work. > > > > True. To support IPPROTO_ICMP it need enhancement. I thought start

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On Fri, Sep 16, 2016 at 10:06:23AM +0300, Cyrill Gorcunov wrote: > On Thu, Sep 15, 2016 at 05:45:02PM -0600, David Ahern wrote: > > > > > > Try to be selective in the -K , do not kill tcp sockets ? > > > > I am running > >ss -aKw 'dev == red' >

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On Fri, Sep 16, 2016 at 11:07:22PM +0300, Cyrill Gorcunov wrote: > > It may well be a ss bug / problem. As I mentioned I am always seeing 255 > > for the protocol which > > It is rather not addressed in ss. I mean, look, when we send out a diag packet > the kernel look ups

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On Fri, Sep 16, 2016 at 01:30:28PM -0600, David Ahern wrote: > > [root@pcs7 iproute2]# misc/ss -A raw > > State Recv-Q Send-QLocal Address:Port > >Peer Address:Port > > > > ESTAB 0 0

Re: [PATCH v5] net: ip, diag -- Add diag interface for raw sockets

On Wed, Sep 28, 2016 at 08:07:01AM -0400, David Miller wrote: ... > > > > I think you miss the point what I'm trying to say: currently end-user > > may have reference to this member (for any reason) and his program > > will compile and run. If we change the name the compilation procedure > >

Re: [PATCH v5] net: ip, diag -- Add diag interface for raw sockets

On Wed, Sep 28, 2016 at 08:06:51AM -0400, Jamal Hadi Salim wrote: > > I understood well your point;-> Maybe my response was not clear: > _nobody should be fscking fondling pad fields_ setting them or > otherwise. > Maybe let these programs fail. I asked if you knew any such app which > did

Re: [PATCH v5] net: ip, diag -- Add diag interface for raw sockets

On Wed, Sep 28, 2016 at 06:43:01AM -0400, Jamal Hadi Salim wrote: ... > > > > Someone may have set it to zero explicitly on source level, and the > > compilation will fail on new kernel then. So no, keeping the name > > is reasonable. > > > > I dont know how compilation will fail but you may be

Re: [PATCH v5] net: ip, diag -- Add diag interface for raw sockets

On Wed, Sep 28, 2016 at 07:06:26AM -0400, Jamal Hadi Salim wrote: > > > > This structure is uapi, so anyone has complete rights to reference > > @pad in the userspace programs. Sure it would be more clear to remove > > the @pad completely, but if we choose so I think it's better to do > > on top

[PATCH v5] net: ip, diag -- Add diag interface for raw sockets

t;ava...@openvz.org> CC: Stephen Hemminger <step...@networkplumber.org> Signed-off-by: Cyrill Gorcunov <gorcu...@openvz.org> --- Thanks all for feedback! Take a look please once time permit. include/net/raw.h |6 + include/net/rawv6.h|7 + include/uapi/linux/inet_di

Re: [PATCH v5] net: ip, diag -- Add diag interface for raw sockets

On Wed, Sep 28, 2016 at 06:08:00AM -0400, Jamal Hadi Salim wrote: ... > > @@ -38,7 +38,10 @@ struct inet_diag_req_v2 { > > __u8sdiag_family; > > __u8sdiag_protocol; > > __u8idiag_ext; > > - __u8pad; > > + union { > > + __u8pad; > > + __u8

Re: [PATCH v5] net: ip, diag -- Add diag interface for raw sockets

On Wed, Sep 28, 2016 at 08:50:31AM -0400, Jamal Hadi Salim wrote: > > struct tcp_info. Yeah I see. As I said naming pads will be safe but to do so we will have to compile on every arch we support and make sure the implicit pad remains here. > Sorry - i didnt mean to drag this for long; but the

Re: [PATCH v5] net: ip, diag -- Add diag interface for raw sockets

On Wed, Sep 28, 2016 at 05:57:12AM -0700, Eric Dumazet wrote: ... > Note that some programs could fail to compile with the added union > anyway. > > Some gcc versions are unable to compile a static init with an union > > struct inet_diag_req_v2 foo = { .pad = 0, sdiag_family = AF_INET, }; > >

Re: [PATCH v5] net: ip, diag -- Add diag interface for raw sockets

On Wed, Sep 28, 2016 at 06:02:11AM -0700, Eric Dumazet wrote: > > This is a bit different of course, since struct tc_fq_qd_stats is only > one way : Kernel produces the content and gives it to user space. > > User space should probably not need to initialize such a structure, but > who knows

Re: [PATCH v5] net: ip, diag -- Add diag interface for raw sockets

On Wed, Sep 28, 2016 at 06:29:08AM -0700, Eric Dumazet wrote: > > > > Oh, crap :( I've been looking into uapi headers, found that we > > use anonymous unions (for example include/uapi/linux/bcache.h) > > and thought it will be safe (and my test builds didn't fail). > > Are you happen to know

Re: [PATCH v5] net: ip, diag -- Add diag interface for raw sockets

On Wed, Sep 28, 2016 at 08:27:24AM -0400, Jamal Hadi Salim wrote: > > > > They must initialize it to zero. > > > > What if in the future actually meant to use 0 for > something?;-> For example in Cyrill's case it means PROTO_IP > Not sure if it useful to interpret or not but it is part of the >

Re: [PATCH v4] net: ip, diag -- Add diag interface for raw sockets

On Tue, Sep 27, 2016 at 08:39:59AM -0700, Eric Dumazet wrote: ... > > + } > > + if (sk && !atomic_inc_not_zero(>sk_refcnt)) > > + sk = NULL; > > Minor detail, but note that raw sockets do not use rcu (yet) > > Since you have read_lock(>lock), no writer can suddenly change >

[PATCH v4] net: ip, diag -- Add diag interface for raw sockets

I <yoshf...@linux-ipv6.org> CC: Patrick McHardy <ka...@trash.net> CC: Andrey Vagin <ava...@openvz.org> CC: Stephen Hemminger <step...@networkplumber.org> Signed-off-by: Cyrill Gorcunov <gorcu...@openvz.org> --- Guys, take a look please once time permit. I mostly worried

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On Wed, Sep 21, 2016 at 12:13:43AM +0300, Cyrill Gorcunov wrote: > On Fri, Sep 16, 2016 at 11:07:22PM +0300, Cyrill Gorcunov wrote: > > > It may well be a ss bug / problem. As I mentioned I am always seeing 255 > > > for the protocol which > > > > It is rather

Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets

On Mon, Sep 26, 2016 at 07:54:37PM -0600, David Ahern wrote: > On 9/26/16 4:38 PM, Cyrill Gorcunov wrote: > > Something like > > > > Index: linux-ml.git/include/uapi/linux/inet_diag.h > > === > > -

Re: [PATCH v5] net: ip, diag -- Add diag interface for raw sockets

On Wed, Sep 28, 2016 at 06:49:51AM -0700, Eric Dumazet wrote: > > > > 4.7 is pretty widespread, so I've to think... > > Sorry, 4.4.7 it was > > https://www.mail-archive.com/netdev@vger.kernel.org/msg128714.html Ah, thanks for info!

Re: [RFC net-next iproute2 1/2] libnetlink: Add test for error code returned from netlink reply

On Wed, Oct 26, 2016 at 08:52:56PM -0700, Stephen Hemminger wrote: > On Wed, 26 Oct 2016 22:30:07 +0300 > Cyrill Gorcunov <gorcu...@gmail.com> wrote: > > > > > if (h->nlmsg_type == NLMSG_DONE) { > > +

[RFC net-next iproute2 0/2] Add support for operating raw sockest via diag interface

e Recv-Q Send-QLocal Address:Port Peer Address:Port [root@pcs7 iproute2]# It doesn't do all this in one pass, so I suspect I miss something in second patch? Please take a look, once time permit. Cyrill Gorcunov

[RFC net-next iproute2 1/2] libnetlink: Add test for error code returned from netlink reply

In case if some diag module is not present in the system, say the kernel is not modern enough, we simply skip the error code reported. Instead we should check for data length in NLMSG_DONE and process unsupported case. Signed-off-by: Cyrill Gorcunov <gorcu...@gmail.com> --- lib/libnetlink.

[RFC net-next iproute2 2/2] ss: Add inet raw sockets information gathering via netlink diag interface

unix, tcp, udp[lite], packet, netlink sockets already support diag interface for their collection and killing. Now with commit XXX this facility is implemented for raw sockets. Signed-off-by: Cyrill Gorcunov <gorcu...@gmail.com> --- include/linux/inet_diag.h | 15 +++ mis

Re: [PATCH v7] net: ip, diag -- Add diag interface for raw sockets

On Sat, Oct 22, 2016 at 06:55:27PM -0400, David Miller wrote: > From: Cyrill Gorcunov <gorcu...@gmail.com> > Date: Fri, 21 Oct 2016 13:03:44 +0300 > > > In criu we are actively using diag interface to collect sockets > > present in the system when dumping applications.

Re: [PATCH] [net-next] net: ip, diag: include net/inet_sock.h

On Tue, Oct 25, 2016 at 05:53:22PM +0200, Arnd Bergmann wrote: > The newly added raw_diag.c fails to build in some configurations > unless we include this header: > > In file included from net/ipv4/raw_diag.c:6:0: > include/net/raw.h:71:21: error: field 'inet' has incomplete type >

[PATCH v7] net: ip, diag -- Add diag interface for raw sockets

@linux-ipv6.org> CC: Patrick McHardy <ka...@trash.net> CC: Andrey Vagin <ava...@openvz.org> CC: Stephen Hemminger <step...@networkplumber.org> Signed-off-by: Cyrill Gorcunov <gorcu...@openvz.org> --- include/net/raw.h |6 include/net/rawv6.h

Re: [PATCH] net: ip, diag -- Adjust raw_abort to use unlocked __udp_disconnect

ipv6.org> > > CC: Patrick McHardy <ka...@trash.net> > > CC: Andrey Vagin <ava...@openvz.org> > > CC: Stephen Hemminger <step...@networkplumber.org> > > That is a lot of CC ... Because I CC'ed all for raw diag first patch, so I thought I've to notify

Re: [RFC net-next iproute2 1/2] libnetlink: Add test for error code returned from netlink reply

On Thu, Oct 27, 2016 at 09:52:53AM +0300, Cyrill Gorcunov wrote: ... > > > > This looks like a mistake in how you implemented the functionality in the > > kernel. > > Despite what it looks like, all netlink request/reply functionality reports > > errors in curre

[patch net-next 0/2] Fixes for raw diag sockets handling

Hi! Here are a few fixes for raw-diag sockets handling: missing sock_put call and jump for exiting from nested cycle. I made patches for iproute2 as well so will send them out soon. Also I have a question about sockets lookup not for raw diag only (though I didn't modify lookup procedure) but in

[patch net-next 1/2] [PATCH] net: ip, raw_diag -- Fix socket leaking for destroy request

Stephen Hemminger <step...@networkplumber.org> Signed-off-by: Cyrill Gorcunov <gorcu...@openvz.org> --- net/ipv4/raw_diag.c |5 - 1 file changed, 4 insertions(+), 1 deletion(-) Index: linux-ml.git/net/ipv4/raw_diag.c ==

[patch net-next 2/2] [PATCH] net: ip, raw_diag -- Use jump for exiting from nested loop

;ava...@openvz.org> CC: Stephen Hemminger <step...@networkplumber.org> Signed-off-by: Cyrill Gorcunov <gorcu...@openvz.org> --- net/ipv4/raw_diag.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Index: linux-ml.git/net/ipv4/raw_diag.c ===

[PATCH net-next iproute2 1/2 v2] libnetlink: Add test for error code returned from netlink reply

In case if some diag module is not present in the system, say the kernel is not modern enough, we simply skip the error code reported. Instead we should check for data length in NLMSG_DONE and process unsupported case. Signed-off-by: Cyrill Gorcunov <gorcu...@gmail.com> --- lib/libnetlink.

[PATCH net-next iproute2 0/2 v2] Add support for operating raw sockest via diag interface

The diag interface for raw sockets is now in linux-net-next http://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git/commit/?id=432490f9d455fb842d70219f22d9d2c812371676 so here is early patches for misc/ss I've to update libnetlink code to keep backward compatibility and switch to parse

[PATCH net-next iproute2 PATCH 2/2 v2] ss: Add inet raw sockets information gathering via netlink diag interface

unix, tcp, udp[lite], packet, netlink sockets already support diag interface for their collection and killing. Implement support for raw sockets. Signed-off-by: Cyrill Gorcunov <gorcu...@gmail.com> --- include/linux/inet_diag.h | 15 +++ misc/ss.c

[PATCH] net: ip, diag -- Adjust raw_abort to use unlocked __udp_disconnect

ey Kuznetsov <kuz...@ms2.inr.ac.ru> CC: James Morris <jmor...@namei.org> CC: Hideaki YOSHIFUJI <yoshf...@linux-ipv6.org> CC: Patrick McHardy <ka...@trash.net> CC: Andrey Vagin <ava...@openvz.org> CC: Stephen Hemminger <step...@networkplumber.org> Signed-off-by: C

Re: [patch net-next 0/2] Fixes for raw diag sockets handling

On Wed, Nov 02, 2016 at 09:10:32AM -0600, David Ahern wrote: > > @__dif != 0 the match may return socket where sk_bound_dev_if = 0 > > instead of completely matching one. Isn't it? > > yes. I recently added an exact_dif to the lookup for listener sockets > (see compute_score). Something like that

Re: [patch net-next 0/2] Fixes for raw diag sockets handling

On Wed, Nov 02, 2016 at 09:36:55AM -0600, David Ahern wrote: > > Limited to raw sockets or are you looking at multiple spec options (dev, > address, port)? > > I have not seen issues with tcp or udp. Running: > > ss -aK 'dev == red' > > drops all sockets bound to device 'red' (or at

Re: [PATCH v6] net: ip, diag -- Add diag interface for raw sockets

On Thu, Oct 13, 2016 at 09:43:57AM -0600, David Ahern wrote: > On 10/13/16 1:16 AM, Cyrill Gorcunov wrote: > > On Wed, Oct 12, 2016 at 07:55:04PM -0400, David Miller wrote: > >> From: Cyrill Gorcunov <gorcu...@gmail.com> > >> Date: Wed, 12 Oct 2016 09:53:2

Re: [PATCH v6] net: ip, diag -- Add diag interface for raw sockets

On Wed, Oct 12, 2016 at 07:55:04PM -0400, David Miller wrote: > From: Cyrill Gorcunov <gorcu...@gmail.com> > Date: Wed, 12 Oct 2016 09:53:29 +0300 > > > I can't rename the field, neither a can use union. > > Remind me again what is wrong with using an anonymo

Re: [PATCH v6] net: ip, diag -- Add diag interface for raw sockets

On Wed, Oct 12, 2016 at 01:50:22AM -0400, David Miller wrote: > > Macros that look like function calls and are also lvalues tend to be > troublesome. > > I know what you're trying to achieve, you want a named way to access > this so that the intent and semantics are clear. > > But I'd rather

Re: [PATCH net-next iproute2 PATCH 2/2 v2] ss: Add inet raw sockets information gathering via netlink diag interface

On Thu, Dec 01, 2016 at 10:57:01AM -0800, Stephen Hemminger wrote: > > Applied both patches, but needed to remove inet_diag.h since > already updated kernel headers. Thank you! I think we might need to extend the matching interface for killing raw sockets in near future, because for now it is

Re: [RFC] net/unix_diag: Provide UDIAG_SHOW_VFS2 attribute to fetch complete inode number

On Wed, Oct 25, 2017 at 09:55:07AM -0400, Roman Mashak wrote: > > I think __zero should be explicitly set to 0. It will be by compiler default.

[RFC] net/unix_diag: Provide UDIAG_SHOW_VFS2 attribute to fetch complete inode number

ture). CC: Andrey Vagin <ava...@openvz.org> CC: David S. Miller <da...@davemloft.net> CC: Pavel Emelyanov <xe...@virtuozzo.com> Signed-off-by: Cyrill Gorcunov <gorcu...@openvz.org> --- I build-tested it only thus not for inclusion yet, but rather to discuss if there some b

Re: [RFC] net/unix_diag: Provide UDIAG_SHOW_VFS2 attribute to fetch complete inode number

On Tue, Oct 24, 2017 at 05:25:16PM -0700, Andrei Vagin wrote: > On Wed, Oct 25, 2017 at 12:48:14AM +0300, Cyrill Gorcunov wrote: > > Currently unix_diag_vfs structure reports unix socket inode > > as u32 value which of course doesn't fit to ino_t type and > > BTW: A

Re: [PATCH] sock_diag: fix autoloading of the raw_diag module

On Sun, Nov 04, 2018 at 10:37:15PM -0800, Andrei Vagin wrote: > IPPROTO_TCP isn't registred as an inet protocol, so > inet_protos[protocol] is always NULL for it. Typo, IPPROTO_RAW > > Cc: Cyrill Gorcunov > Cc: Xin Long > Fixes: bf2ae2e4bf93 ("sock_diag: request

Re: [PATCH] sock_diag: fix autoloading of the raw_diag module

On Mon, Nov 05, 2018 at 10:12:34AM +0300, Cyrill Gorcunov wrote: > > Andrew, looking into kernel code I wonder, maybe we should simply > add this protocol into inet_protos during net/ipv4/af_inet.c:inet_init? > It will require to add netns_ok into raw_prot of course. After spendi