Re: [PATCH] net/phy: micrel: Follow attached_dev to get to the MAC device
On Sat, 17 Oct 2015, Dinh Nguyen wrote:
> On Sat, 17 Oct 2015, Andrew Lunn wrote:
>
> > > Sure, will try to debug. It looks like phydev->attached_dev is valid, but
> > > phydev->attached_dev->dev.of_node is NULL.
> >
> > Humm
> >
> > phydev->attached_dev is a net_device, so should be the mac. What
> > device is phydev->attached_dev->dev? Is it not the dev embedded in the
> > platform_device passed to socfpga_dwmac_probe()?
> >
>
> Yes, it looks like it is, the dev->of_node is valid in socfpga_dwmac_probe(),
> but it looks like of_node is getting lost somewhere.
>
Do you know why this happening? In ksz9021_config_init():
@@ -345,7 +345,11 @@ static int ksz9021_config_init(struct phy_device *phydev)
phydev->attached_dev->dev.of_node)
of_node = phydev->attached_dev->dev.of_node;
+ printk("%s %08x\n", __func__, phydev->attached_dev->dev.of_node);
+ printk("%s %08x %08x\n", __func__, phydev->attached_dev->dev,
phydev->attached_dev->dev.of_node);
[1.923311] ksz9021_config_init
[1.927224] ksz9021_config_init eedc0210 ee401680
The first printout shows phydev->attached_dev->dev.of_node is NULL. but the
second printout, where I'm also printing out phydev->attached_dev->dev, then
phydev->attached_dev->dev.of_node is not NULL.
BR,
Dinh
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH net-next 3/4] bpf: add support for persistent maps/progs
On 10/17/15 5:28 AM, Daniel Borkmann wrote:
Anyway, another idea I've been brainstorming with Hannes today a
bit is about the following:
We register two major numbers, one for eBPF maps (X), one for eBPF
progs (Y). A user can either via cmdline call something like ...
mknod /dev/bpf/maps/map_pkts c X Z to create a special character
device, or alternatively out of an application through mknod(2)
syscall (f.e. tc when setting up maps/progs internally from the obj
file for a classifer).
Then, we still have 2 eBPF commands for bpf(2) syscall to add, say
(for example) BPF_BIND_DEV and BPF_FETCH_DEV. The application that
created a map (or prog) already has the map fd and after mknod(2) it
can open(2) the special file to get the special file fd. Then it can
call something like bpf(BPF_BIND_DEV, &attr, sizeof(attr))) where
attr looks like:
union bpf_attr attr = {
.bpf_fd= bpf_fd,
.dev_fd= dev_fd,
};
The bpf(2) syscall can check whether dev_fd belongs to an eBPF special
file and it can then copy over file->private_data from the bpf_fd
to the dev_fd's underlying file, where the private_data, as we know,
from the bpf_fd already points to a proper bpf_map/bpf_prog structure.
The map/prog would then get ref'ed and lives onwards in the char device's
lifetime. No special hashtable, gc, etc needed. The char device has fops
that we can define by ourself, and unlinking would drop the ref from
its private_data.
Now to the other part: BPF_FETCH_DEV would work similar. The application
opens the device, and fills bpf_attr as follows again:
union bpf_attr attr = {
.bpf_fd= 0,
.dev_fd= dev_fd,
};
This would allow us to look up the map/prog from the dev_fd's file->
private_data, and installs a new fd via bpf_{map,prog}_new_fd() that
is returned from bpf(2) for bpf-related access. The remaining fops
from the char device could still be reserved for possibilities like
debugging in future.
Now in future (2nd step), could either be to use Eric's idea and then do
something like mount -t bpffs ... -o /dev/bpf/maps/map_pkts to dump
attributes or other properties to some location for inspection from such
a special file, or we could use kobjects for that attached to the device
if the fops from the cdev should not be sufficient.
So closing the loop to the special files where there were concerns:
This won't forbid to have a future shell-style access possibility, and
it would also not end up as a nightmare on what you mentioned with the
S_ISSOCK-like bit in the other email.
The pinning mechanism would not require an extra file system to be mounted
somewhere, and yet the user can define himself an arbitrary hierarchy
where he puts the special files as this facility already exists. An
approach like this looks overall cleaner to me, and most likely be
realizable in fewer lines of code as well.
Thoughts?
that indeed sounds cleaner, less lines of code, no fs, etc, but
I don't see how it will work yet.
For chardev with our own ops we can be triggered on open and close
of that chardev, so replacing private_data will be cleared when
user process does close(dev_fd) ? There is no fops for unlink either,
it's fs only property ?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net/phy: micrel: Follow attached_dev to get to the MAC device
On Sat, 17 Oct 2015, Andrew Lunn wrote: > > Sure, will try to debug. It looks like phydev->attached_dev is valid, but > > phydev->attached_dev->dev.of_node is NULL. > > Humm > > phydev->attached_dev is a net_device, so should be the mac. What > device is phydev->attached_dev->dev? Is it not the dev embedded in the > platform_device passed to socfpga_dwmac_probe()? > Yes, it looks like it is, the dev->of_node is valid in socfpga_dwmac_probe(), but it looks like of_node is getting lost somewhere. BR, Dinh -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 2/7] tty: Remove ASYNC_CLOSING checks in open()/hangup() methods
On Sat, Oct 10, 2015 at 04:00:52PM -0400, Peter Hurley wrote: > > Note: The ASYNC_CLOSING flag state is still maintained since several > bitrotting drivers use it for (dubious) other purposes. I think we should drop it, it's pointless and no one ever actually does anything with it. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: linux 3.4.43 : kernel crash at __nf_conntrack_confirm
Hi guys, Coming back to this crash, I see something interesting in the conntrack code in linux 3.4.109 (a supported kernel version). I see that the hash table manipulations are protected by a spinlock. Also lookups/reads are protected by RCU. However allocation and deallocation of conntrack objects happen outside of both the locks. It seems to me that a conntrack object can be deallocated and a new object can be allocated and initialized within the same RCU grace period, while the hash table is being read. It looks like a bug to me. Do you guys have any thoughts on this? Situations like the one I described can result in the crash I sent below. thanks ani On Wed, Oct 7, 2015 at 12:57 PM, Ani Sinha wrote: > Hi guys : > > We encountered a kernel crash on one of our boxes running 3.4.43 > kernel in the conntrack code. We are using dnsmasq as a proxy to relay > our dns requests to the real dns server. We verified that the > conntrack tables were not full. running conntrack -L around the time > of the crash showed that it had more than 2100 entries for dnsmasq. > > Looking upstream, I see a couple of patches which fixes race condition > around the use of the conntrack hash table with RCU (lock free read) > primitives : > > commit c6825c0976fa7893692e0e43b09740b419b23c09 > Author: Andrey Vagin > Date: Wed Jan 29 19:34:14 2014 +0100 > netfilter: nf_conntrack: fix RCU race in nf_conntrack_find_get > > and a followup patch : > > commit e53376bef2cd97d3e3f61fdc677fb8da7d03d0da > Author: Pablo Neira Ayuso > Date: Mon Feb 3 20:01:53 2014 +0100 > netfilter: nf_conntrack: don't release a conntrack with non-zero > refcnt > > > We are trying to reproduce the crash again but it is very rare. > Meanwhile, I have two questions: > > - Do you guys think the race condition described in the above two > patches have anything to do with the crash I mention below? > - If answer to the above is a NO, then have you guys have any other > reports of a similar crash or any idea what could be going on? > > We are still investigating and I will update this thread if I can get > additional info. > > Thanks > Ani > > <1>[10618591.817967] BUG: unable to handle kernel NULL pointer > dereference at (null) > <1>[10618591.914483] IP: [] > __nf_conntrack_confirm+0x1fb/0x36c [nf_conntrack] > <4>[10618592.012027] PGD 5aa67067 PUD 5b4f4067 PMD 0 > <4>[10618592.012035] Oops: 0002 [#1] PREEMPT SMP > <4>[10618592.012041] CPU 1 > <4>[10618592.012043] Modules linked in: xt_comment sch_prio fpdma(PO) > msr nf_conntrack_ipv6 nf_defrag_ipv6 ip6t_REJECT ip6table_mangle > nf_conntrack_ipv4 > nf_defr > ag_ipv4 xt_LOG xt_limit xt_hl xt_state ipt_REJECT xt_multiport > xt_tcpudp iptable_mangle kbfd(O) 8021q garp stp llc tun > nf_conntrack_tftp iptable_raw > iptable_fil > ter ip_tables xt_NOTRACK nf_conntrack xt_mark ip6table_raw > ip6table_filter ip6_tables x_tables k10temp hwmon amd64_edac_mod > scd(O) microcode kvm_amd kvm > <4>[10618592.012092] > <4>[10618592.012096] Pid: 5586, comm: dnsmasq Tainted: P O 3.4.43 #1 > <4>[10618592.012102] RIP: 0010:[] > [] __nf_conntrack_confirm+0x1fb/0x36c [nf_conntrack] > <4>[10618592.012112] RSP: 0018:88005aa1fb98 EFLAGS: 00010202 > <4>[10618592.012116] RAX: 2769 RBX: 880063d58658 RCX: > 1cc74948 > <4>[10618592.012120] RDX: RSI: 88010cd8 RDI: > 4000 > <4>[10618592.012123] RBP: 88005aa1fbc8 R08: 872541be R09: > 7aa31682 > <4>[10618592.012127] R10: 880063d586d8 R11: 88005aa1fb68 R12: > 81648180 > <4>[10618592.012130] R13: 17ef R14: bf78 R15: > 9da0 > <4>[10618592.012135] FS: () > GS:88013fb0(0063) knlGS:f74126d0 > <4>[10618592.012139] CS: 0010 DS: 002b ES: 002b CR0: 80050033 > <4>[10618592.012142] CR2: CR3: 5b412000 CR4: > 07e0 > <4>[10618592.012146] DR0: DR1: DR2: > > <4>[10618592.012149] DR3: DR6: 0ff0 DR7: > 0400 > <4>[10618592.012154] Process dnsmasq (pid: 5586, threadinfo > 88005aa1e000, task 8800727d6050) > <4>[10618592.012156] Stack: > <4>[10618592.012159] 8800889050c0 > 8800889050c0 880063d58658 > <4>[10618592.012166] 0004 0002 > 88005aa1fc38 a00e3c54 > <4>[10618592.012172] 0004 > 88005aa1fc38 a0078168 > <4>[10618592.012179] Call Trace: > <4>[10618592.012186] [] ipv4_confirm+0x17e/0x1a5 > [nf_conntrack_ipv4] > <4>[10618592.012192] [] ? > iptable_mangle_hook+0xfa/0x116 [iptable_mangle] > <4>[10618592.012199] [] ? ip_finish_output+0x0/0x36f > <4>[10618592.012205] [] nf_iterate+0x43/0x78 > <4>[10618592.012210] [] ? ip_finish_output+0x0/0x36f > <4>[10618592.012214] [] nf_hook_slow+0x6e/0x106 > <4>[10618592.012219] [] ? ip_finish_output+0x0/0x36f > <4>[10618592
[PATCH net-next V17 1/3] openvswitch: 802.1ad uapi changes.
openvswitch: Add support for 8021.AD
Change the description of the VLAN tpid field.
Signed-off-by: Thomas F Herbert
---
include/uapi/linux/openvswitch.h | 17 +
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h
index 32e07d8..b0c959c 100644
--- a/include/uapi/linux/openvswitch.h
+++ b/include/uapi/linux/openvswitch.h
@@ -585,13 +585,13 @@ struct ovs_action_push_mpls {
* @vlan_tci: Tag control identifier (TCI) to push. The CFI bit must be set
* (but it will not be set in the 802.1Q header that is pushed).
*
- * The @vlan_tpid value is typically %ETH_P_8021Q. The only acceptable TPID
- * values are those that the kernel module also parses as 802.1Q headers, to
- * prevent %OVS_ACTION_ATTR_PUSH_VLAN followed by %OVS_ACTION_ATTR_POP_VLAN
- * from having surprising results.
+ * The @vlan_tpid value is typically %ETH_P_8021Q or %ETH_P_8021AD.
+ * The only acceptable TPID values are those that the kernel module also parses
+ * as 802.1Q or 802.1AD headers, to prevent %OVS_ACTION_ATTR_PUSH_VLAN followed
+ * by %OVS_ACTION_ATTR_POP_VLAN from having surprising results.
*/
struct ovs_action_push_vlan {
- __be16 vlan_tpid; /* 802.1Q TPID. */
+ __be16 vlan_tpid; /* 802.1Q or 802.1ad TPID. */
__be16 vlan_tci;/* 802.1Q TCI (VLAN ID and priority). */
};
@@ -664,9 +664,10 @@ enum ovs_ct_attr {
* is copied from the value to the packet header field, rest of the bits are
* left unchanged. The non-masked value bits must be passed in as zeroes.
* Masking is not supported for the %OVS_KEY_ATTR_TUNNEL attribute.
- * @OVS_ACTION_ATTR_PUSH_VLAN: Push a new outermost 802.1Q header onto the
- * packet.
- * @OVS_ACTION_ATTR_POP_VLAN: Pop the outermost 802.1Q header off the packet.
+ * @OVS_ACTION_ATTR_PUSH_VLAN: Push a new outermost 802.1Q or 802.1ad header
+ * onto the packet.
+ * @OVS_ACTION_ATTR_POP_VLAN: Pop the outermost 802.1Q or 802.1ad header
+ * from the packet.
* @OVS_ACTION_ATTR_SAMPLE: Probabilitically executes actions, as specified in
* the nested %OVS_SAMPLE_ATTR_* attributes.
* @OVS_ACTION_ATTR_PUSH_MPLS: Push a new MPLS label stack entry onto the
--
2.4.3
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH net-next V17 3/3] 802.1AD: Flow handling, actions, vlan parsing and netlink attributes
Add support for 802.1ad including the ability to push and pop double
tagged vlans. Add support for 802.1ad to netlink parsing and flow
conversion. Uses double nested encap attributes to represent double
tagged vlan. Inner TPID encoded along with ctci in nested attributes.
Signed-off-by: Thomas F Herbert
---
net/openvswitch/actions.c | 6 +-
net/openvswitch/flow.c | 76 +-
net/openvswitch/flow.h | 8 +-
net/openvswitch/flow_netlink.c | 172 +
net/openvswitch/vport-netdev.c | 4 +-
5 files changed, 227 insertions(+), 39 deletions(-)
diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
index 315f533..09cc1c9 100644
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -236,7 +236,8 @@ static int pop_vlan(struct sk_buff *skb, struct sw_flow_key
*key)
if (skb_vlan_tag_present(skb))
invalidate_flow_key(key);
else
- key->eth.tci = 0;
+ key->eth.vlan.tci = 0;
+ key->eth.vlan.tpid = 0;
return err;
}
@@ -246,7 +247,8 @@ static int push_vlan(struct sk_buff *skb, struct
sw_flow_key *key,
if (skb_vlan_tag_present(skb))
invalidate_flow_key(key);
else
- key->eth.tci = vlan->vlan_tci;
+ key->eth.vlan.tci = vlan->vlan_tci;
+ key->eth.vlan.tpid = vlan->vlan_tpid;
return skb_vlan_push(skb, vlan->vlan_tpid,
ntohs(vlan->vlan_tci) & ~VLAN_TAG_PRESENT);
}
diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c
index c8db44a..ed19e2b 100644
--- a/net/openvswitch/flow.c
+++ b/net/openvswitch/flow.c
@@ -302,24 +302,68 @@ static bool icmp6hdr_ok(struct sk_buff *skb)
sizeof(struct icmp6hdr));
}
-static int parse_vlan(struct sk_buff *skb, struct sw_flow_key *key)
+/* Parse vlan tag from vlan header.
+ * Returns ERROR on memory error.
+ * Returns 0 if it encounters a non-vlan or incomplete packet.
+ * Returns 1 after successfully parsing vlan tag.
+ */
+
+static int parse_vlan_tag(struct sk_buff *skb, struct vlan_head *vlan)
{
- struct qtag_prefix {
- __be16 eth_type; /* ETH_P_8021Q */
- __be16 tci;
- };
- struct qtag_prefix *qp;
+ struct vlan_head *qp = (struct vlan_head *)skb->data;
+
+ if (likely(!eth_type_vlan(qp->tpid)))
+ return 0;
- if (unlikely(skb->len < sizeof(struct qtag_prefix) + sizeof(__be16)))
+ if (unlikely(skb->len < sizeof(struct vlan_head) + sizeof(__be16)))
return 0;
- if (unlikely(!pskb_may_pull(skb, sizeof(struct qtag_prefix) +
-sizeof(__be16
+ if (unlikely(!pskb_may_pull(skb, sizeof(struct vlan_head) +
+sizeof(__be16
return -ENOMEM;
- qp = (struct qtag_prefix *) skb->data;
- key->eth.tci = qp->tci | htons(VLAN_TAG_PRESENT);
- __skb_pull(skb, sizeof(struct qtag_prefix));
+ vlan->tci = qp->tci | htons(VLAN_TAG_PRESENT);
+ vlan->tpid = qp->tpid;
+
+ __skb_pull(skb, sizeof(struct vlan_head));
+ return 1;
+}
+
+static int parse_vlan(struct sk_buff *skb, struct sw_flow_key *key)
+{
+ int res;
+
+ key->eth.vlan.tci = 0;
+ key->eth.vlan.tpid = 0;
+ key->eth.cvlan.tci = 0;
+ key->eth.cvlan.tpid = 0;
+
+ if (likely(skb_vlan_tag_present(skb))) {
+ key->eth.vlan.tci = htons(skb->vlan_tci);
+ key->eth.vlan.tpid = skb->vlan_proto;
+
+ /* Case where ingress processing has already stripped
+* the outer vlan tag.
+*/
+ res = parse_vlan_tag(skb, &key->eth.cvlan);
+ if (res < 0)
+ return res;
+ /* For inner tag, return 0 because neither
+* non-existent nor partial inner tag is an error.
+*/
+ return 0;
+ }
+ res = parse_vlan_tag(skb, &key->eth.vlan);
+ if (res <= 0)
+ /* This is an outer tag in the non-accelerated VLAN
+* case. Return error unless it is a complete vlan tag.
+*/
+ return res;
+
+ /* Parse inner vlan tag if present for non-accelerated case. */
+ res = parse_vlan_tag(skb, &key->eth.cvlan);
+ if (res <= 0)
+ return res;
return 0;
}
@@ -480,12 +524,8 @@ static int key_extract(struct sk_buff *skb, struct
sw_flow_key *key)
* update skb->csum here.
*/
- key->eth.tci = 0;
- if (skb_vlan_tag_present(skb))
- key->eth.tci = htons(skb->vlan_tci);
- else if (eth->h_proto == htons(ETH_P_8021Q))
- if (unlikely(parse_vlan(skb, key)))
- return -ENOMEM;
+ if (unlikely(parse_vlan(skb, key)))
+
[PATCH net-next V17 0/3] openvswitch: Add support for 802.1ad
V17,V16: Implement reviewer's comments. V15: Implement reviewer comments. V14: Add outer tpid to flow_key V13: Fix incorrect encoding and decoding of netlink to/from key attributes. V12: Fix some problems and issues pointed out by reviewers. When parsing netlink attributes Ether types other then 0x88a8 as outer tpid. V11: Add inner tpid to flow key. Fix separate inner encap attribute when parsing netlink attributes. Merge 2 patches to consolidate qinq changes. V10: Implement reviewer comments: Consolidate vlan parsing functions. Splits netlink parsing and flow conversion into a separate patch. Uses double encap attribute encapsulation for 802.1ad. Netlink attributes now look like this: eth_type(0x88a8),vlan(vid=100),encap(eth_type(0x8100), vlan(vid=200), encap(eth_type(0x0800), ...)) The double encap atributes in this version of the patch is incompatible with old versions of the user level 802.1ad patch. A new user level patch which is also being submitted simultaneously to openvswitch dev mailing list. V9: Includes changes suggested by reviewers V8: Includes changes suggested by reviewers V7: Includes changes suggested by reviewers V6: Rebased to net-next V5: Use encapsulated attributes For discussion, history and previous versions of the kernel module patch and the user code patch see the OVS dev mailing list, openvswitch.org/pipermail/dev/.. Thomas F Herbert (3): openvswitch: 802.1ad uapi changes. Check for vlan ethernet types for 8021.q or 802.1ad 802.1AD: Flow handling, actions, vlan parsing and netlink attributes include/linux/if_vlan.h | 16 include/uapi/linux/openvswitch.h | 17 ++-- net/openvswitch/actions.c| 6 +- net/openvswitch/flow.c | 76 + net/openvswitch/flow.h | 8 +- net/openvswitch/flow_netlink.c | 172 +++ net/openvswitch/vport-netdev.c | 4 +- 7 files changed, 252 insertions(+), 47 deletions(-) -- 2.4.3 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH net-next V17 2/3] Check for vlan ethernet types for 8021.q or 802.1ad
Signed-off-by: Thomas F Herbert
---
include/linux/if_vlan.h | 16
1 file changed, 16 insertions(+)
diff --git a/include/linux/if_vlan.h b/include/linux/if_vlan.h
index 67ce5bd..d2494b5 100644
--- a/include/linux/if_vlan.h
+++ b/include/linux/if_vlan.h
@@ -627,6 +627,22 @@ static inline netdev_features_t vlan_features_check(const
struct sk_buff *skb,
return features;
}
+/**
+ * eth_type_vlan - check for valid vlan ether type.
+ * @ethertype: ether type to check
+ *
+ * Returns true if the ether type is a vlan ether type.
+ */
+static inline bool eth_type_vlan(__be16 ethertype)
+{
+ switch (ethertype) {
+ case htons(ETH_P_8021Q):
+ case htons(ETH_P_8021AD):
+ return true;
+ default:
+ return false;
+ }
+}
/**
* compare_vlan_header - Compare two vlan headers
--
2.4.3
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] ipv6 route: Aggregate table getting code
These lines could be aggregated to one line because fib6_new_table() calls
fib6_get_table() inside on both cases CONFIG_IPV6_MULTIPLE_TABLES is enabled or
not.
Signed-off-by: Masashi Honma
---
net/ipv6/route.c | 11 +--
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index cb32ce2..1ff4130 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1778,16 +1778,7 @@ int ip6_route_info_create(struct fib6_config *cfg,
struct rt6_info **rt_ret)
cfg->fc_metric = IP6_RT_PRIO_USER;
err = -ENOBUFS;
- if (cfg->fc_nlinfo.nlh &&
- !(cfg->fc_nlinfo.nlh->nlmsg_flags & NLM_F_CREATE)) {
- table = fib6_get_table(net, cfg->fc_table);
- if (!table) {
- pr_warn("NLM_F_CREATE should be specified when creating
new route\n");
- table = fib6_new_table(net, cfg->fc_table);
- }
- } else {
- table = fib6_new_table(net, cfg->fc_table);
- }
+ table = fib6_new_table(net, cfg->fc_table);
if (!table)
goto out;
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: e1000e: hard system lockup on Linux 4.2
On Mon, Oct 12, 2015 at 12:58:09PM +0200, Jason A. Donenfeld wrote: > > On Oct 12, 2015 8:59 AM, "Avargil, Raanan" wrote: > > > > Your analysis is correct. > > Commit 37b12910dd11d9ab969f2c310dc9160b7f3e3405 fixes the lockup issue, and > according to my last check it is in 4.3-rc5. > > Cool okay. > But can we please get this patched marked for stable? It should be backported > to the upcoming 4.2.4. > Now applied, thanks. greg k-h -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 3.19 and earlier] fib_rules: Fix dump_rules() not to exit early
On Mon, Oct 05, 2015 at 10:29:28AM -0700, Roland Dreier wrote:
> From: Roland Dreier
>
> Backports of 41fc014332d9 ("fib_rules: fix fib rule dumps across
> multiple skbs") introduced a regression in "ip rule show" - it ends up
> dumping the first rule over and over and never exiting, because 3.19
> and earlier are missing commit 053c095a82cf ("netlink: make
> nlmsg_end() and genlmsg_end() void"), so fib_nl_fill_rule() ends up
> returning skb->len (i.e. > 0) in the success case.
>
> Fix this by checking the return code for < 0 instead of != 0.
>
> Signed-off-by: Roland Dreier
> ---
> Hi, this is needed for all stable trees earlier than 4.0 that have
> picked up 41fc014332d9; so far looks like at least 3.10.y and 3.14.y
> have made such releases.
Thanks for this, now applied to 3.10 and 3.14-stable trees.
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Soft lockup issue in Linux 4.1.9
On Sat, Oct 03, 2015 at 09:14:16PM +0200, Thomas D. wrote: > Hi, > > Holger Hoffstätte wrote: > > Greg, any chance you can drop this into the pending 4.1.10? Otherwise people > > will get another broken release. > > For me it looks like the request was too late, the patch is not included > in 4.1.10. So don't forget to re-apply the patch when doing the upgrade. > > Greg, do you need a dedicated inclusion request for > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83fccfc3940c4a2db90fd7e7079f5b465cd8c6af > in 4.1.x or is it already on your list? Now applied, thanks. greg k-h -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/3] net: wireless: b43: Fixed Pointer issue
Moved around pointer to avoid ERROR
Signed-off-by: Paul McQuade
---
drivers/net/wireless/b43/dma.h | 14 +++---
drivers/net/wireless/b43/main.c | 6 +++---
drivers/net/wireless/b43/main.h | 2 +-
drivers/net/wireless/b43/xmit.h | 2 +-
4 files changed, 12 insertions(+), 12 deletions(-)
enum b43_dmatype {
diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c
index 2849070..040caa4 100644
--- a/drivers/net/wireless/b43/main.c
+++ b/drivers/net/wireless/b43/main.c
@@ -364,7 +364,7 @@ static struct ieee80211_supported_band
b43_band_2ghz_limited = {
static void b43_wireless_core_exit(struct b43_wldev *dev);
static int b43_wireless_core_init(struct b43_wldev *dev);
-static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
+static struct b43_wldev *b43_wireless_core_stop(struct b43_wldev *dev);
static int b43_wireless_core_start(struct b43_wldev *dev);
static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
struct ieee80211_vif *vif,
@@ -989,7 +989,7 @@ static void do_key_write(struct b43_wldev *dev,
* 0x and let's b43_op_update_tkip_key provide a
* correct pair.
*/
- rx_tkip_phase1_write(dev, index, 0x, (u16*)buf);
+ rx_tkip_phase1_write(dev, index, 0x, (u16 *)buf);
} else if (index >= pairwise_keys_start) /* clear it */
rx_tkip_phase1_write(dev, index, 0, NULL);
if (key)
@@ -4334,7 +4334,7 @@ out_unlock:
/* Locking: wl->mutex
* Returns the current dev. This might be different from the passed in dev,
* because the core might be gone away while we unlocked the mutex. */
-static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
+static struct b43_wldev *b43_wireless_core_stop(struct b43_wldev *dev)
{
struct b43_wl *wl;
struct b43_wldev *orig_dev;
diff --git a/drivers/net/wireless/b43/main.h b/drivers/net/wireless/b43/main.h
index c46430c..fa56b22 100644
--- a/drivers/net/wireless/b43/main.h
+++ b/drivers/net/wireless/b43/main.h
@@ -73,7 +73,7 @@ static inline int b43_is_ofdm_rate(int rate)
u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
u8 antenna_nr);
-void b43_tsf_read(struct b43_wldev *dev, u64 * tsf);
+void b43_tsf_read(struct b43_wldev *dev, u64 *tsf);
void b43_tsf_write(struct b43_wldev *dev, u64 tsf);
u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset);
diff --git a/drivers/net/wireless/b43/xmit.h b/drivers/net/wireless/b43/xmit.h
index ba61153..fed8657 100644
--- a/drivers/net/wireless/b43/xmit.h
+++ b/drivers/net/wireless/b43/xmit.h
@@ -203,7 +203,7 @@ size_t b43_txhdr_size(struct b43_wldev *dev)
int b43_generate_txhdr(struct b43_wldev *dev,
- u8 * txhdr,
+ u8 *txhdr,
struct sk_buff *skb_frag,
struct ieee80211_tx_info *txctl, u16 cookie);
--
2.6.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/3] net: wireless: rsi: Coding Spaces
Removed space before that ','
Signed-off-by: Paul McQuade
---
drivers/net/wireless/rsi/rsi_91x_sdio_ops.c | 2 +-
drivers/net/wireless/rsi/rsi_mgmt.h | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c
b/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c
index 40d7231..8fa241b 100644
--- a/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c
+++ b/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c
@@ -435,7 +435,7 @@ void rsi_interrupt_handler(struct rsi_hw *adapter)
} else {
rsi_dbg(ERR_ZONE,
"%s: Firmware Status is 0x%x\n",
- __func__ , fw_status);
+ __func__, fw_status);
rsi_sdio_ack_intr(common->priv,
(1 << FW_ASSERT_IND));
}
diff --git a/drivers/net/wireless/rsi/rsi_mgmt.h
b/drivers/net/wireless/rsi/rsi_mgmt.h
index 3741173..3d4eddd 100644
--- a/drivers/net/wireless/rsi/rsi_mgmt.h
+++ b/drivers/net/wireless/rsi/rsi_mgmt.h
@@ -173,9 +173,9 @@ enum cmd_frame_type {
AUTO_RATE_IND,
BOOTUP_PARAMS_REQUEST,
VAP_CAPABILITIES,
- EEPROM_READ_TYPE ,
+ EEPROM_READ_TYPE,
EEPROM_WRITE,
- GPIO_PIN_CONFIG ,
+ GPIO_PIN_CONFIG,
SET_RX_FILTER,
AMPDU_IND,
STATS_REQUEST_FRAME,
--
2.6.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 3/3] net: wireless: b43: statics Don't init to 0
Don't turn statics to 0 or NULL
Signed-off-by: Paul McQuade
---
drivers/net/wireless/b43/main.c | 2 +-
drivers/net/wireless/b43/phy_lp.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c
index 040caa4..2b50650 100644
--- a/drivers/net/wireless/b43/main.c
+++ b/drivers/net/wireless/b43/main.c
@@ -109,7 +109,7 @@ int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
module_param_named(verbose, b43_modparam_verbose, int, 0644);
MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn,
2=info(default), 3=debug");
-static int b43_modparam_pio = 0;
+static int b43_modparam_pio;
module_param_named(pio, b43_modparam_pio, int, 0644);
MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
diff --git a/drivers/net/wireless/b43/phy_lp.c
b/drivers/net/wireless/b43/phy_lp.c
index 058a9f2..086f0ba 100644
--- a/drivers/net/wireless/b43/phy_lp.c
+++ b/drivers/net/wireless/b43/phy_lp.c
@@ -2502,7 +2502,7 @@ static int lpphy_b2063_tune(struct b43_wldev *dev,
{
struct ssb_bus *bus = dev->dev->sdev->bus;
- static const struct b206x_channel *chandata = NULL;
+ static const struct b206x_channel *chandata;
u32 crystal_freq = bus->chipco.pmu.crystalfreq * 1000;
u32 freqref, vco_freq, val1, val2, val3, timeout, timeoutref, count;
u16 old_comm15, scale;
--
2.6.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH net] net: bcmgenet: Fix early link interrupt enabling
From: Florian Fainelli
Link interrupts are enabled in init_umac(), which is too early for us to
process them since we do not yet have a valid PHY device pointer. On
BCM7425 chips for instance, we will crash calling phy_mac_interrupt()
because phydev is NULL.
Fix this by moving the link interrupts enabling in
bcmgenet_netif_start(), under a specific function:
bcmgenet_link_intr_enable() and while at it, update the comments
surrounding the code.
Fixes: 6cc8e6d4dcb36 ("net: bcmgenet: Delay PHY initialization to
bcmgenet_open()")
Signed-off-by: Florian Fainelli
---
Hi David,
This fixes a problem which is currently in v4.3-rcX, thank you!
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 +--
1 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
index 3bc701e..1805541 100644
--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
@@ -1683,6 +1683,24 @@ static void bcmgenet_intr_disable(struct bcmgenet_priv
*priv)
bcmgenet_intrl2_1_writel(priv, 0, INTRL2_CPU_MASK_CLEAR);
}
+static void bcmgenet_link_intr_enable(struct bcmgenet_priv *priv)
+{
+ u32 int0_enable = 0;
+
+ /* Monitor cable plug/unplugged event for internal PHY, external PHY
+* and MoCA PHY
+*/
+ if (priv->internal_phy) {
+ int0_enable |= UMAC_IRQ_LINK_EVENT;
+ } else if (priv->ext_phy) {
+ int0_enable |= UMAC_IRQ_LINK_EVENT;
+ } else if (priv->phy_interface == PHY_INTERFACE_MODE_MOCA) {
+ if (priv->hw_params->flags & GENET_HAS_MOCA_LINK_DET)
+ int0_enable |= UMAC_IRQ_LINK_EVENT;
+ }
+ bcmgenet_intrl2_0_writel(priv, int0_enable, INTRL2_CPU_MASK_CLEAR);
+}
+
static int init_umac(struct bcmgenet_priv *priv)
{
struct device *kdev = &priv->pdev->dev;
@@ -1723,15 +1741,8 @@ static int init_umac(struct bcmgenet_priv *priv)
/* Enable Tx default queue 16 interrupts */
int0_enable |= UMAC_IRQ_TXDMA_DONE;
- /* Monitor cable plug/unplugged event for internal PHY */
- if (priv->internal_phy) {
- int0_enable |= UMAC_IRQ_LINK_EVENT;
- } else if (priv->ext_phy) {
- int0_enable |= UMAC_IRQ_LINK_EVENT;
- } else if (priv->phy_interface == PHY_INTERFACE_MODE_MOCA) {
- if (priv->hw_params->flags & GENET_HAS_MOCA_LINK_DET)
- int0_enable |= UMAC_IRQ_LINK_EVENT;
-
+ /* Configure backpressure vectors for MoCA */
+ if (priv->phy_interface == PHY_INTERFACE_MODE_MOCA) {
reg = bcmgenet_bp_mc_get(priv);
reg |= BIT(priv->hw_params->bp_in_en_shift);
@@ -2645,6 +2656,9 @@ static void bcmgenet_netif_start(struct net_device *dev)
netif_tx_start_all_queues(dev);
+ /* Monitor link interrupts now */
+ bcmgenet_link_intr_enable(priv);
+
phy_start(priv->phydev);
}
--
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 3/3] net: wireless: rt2x00: Space Required
Space needed before open parenthesis
Signed-off-by: Paul McQuade
---
drivers/net/wireless/rt2x00/rt2x00debug.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/rt2x00/rt2x00debug.c
b/drivers/net/wireless/rt2x00/rt2x00debug.c
index 90fdb02..25ee3cb 100644
--- a/drivers/net/wireless/rt2x00/rt2x00debug.c
+++ b/drivers/net/wireless/rt2x00/rt2x00debug.c
@@ -629,7 +629,7 @@ static struct dentry *rt2x00debug_create_file_chipset(const
char *name,
data += sprintf(data, "register\tbase\twords\twordsize\n");
#define RT2X00DEBUGFS_SPRINTF_REGISTER(__name) \
{ \
- if(debug->__name.read) \
+ if (debug->__name.read) \
data += sprintf(data, __stringify(__name) \
"\t%d\t%d\t%d\n", \
debug->__name.word_base,\
@@ -699,7 +699,7 @@ void rt2x00debug_register(struct rt2x00_dev *rt2x00dev)
#define RT2X00DEBUGFS_CREATE_REGISTER_ENTRY(__intf, __name)
\
({
\
- if(debug->__name.read) {
\
+ if (debug->__name.read) {
\
(__intf)->__name##_off_entry =
\
debugfs_create_u32(__stringify(__name) "_offset",
\
S_IRUSR | S_IWUSR,
\
--
2.6.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/3] net: wireless: rt2x00: Pointer issue
Code Style: pointer is declared wrong
Signed-off-by: Paul McQuade
---
drivers/net/wireless/rt2x00/rt2x00.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/rt2x00/rt2x00.h
b/drivers/net/wireless/rt2x00/rt2x00.h
index 6f8310a..b052e87 100644
--- a/drivers/net/wireless/rt2x00/rt2x00.h
+++ b/drivers/net/wireless/rt2x00/rt2x00.h
@@ -380,7 +380,7 @@ struct rt2x00_intf {
atomic_t seqno;
};
-static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif)
+static inline struct rt2x00_intf *vif_to_intf(struct ieee80211_vif *vif)
{
return (struct rt2x00_intf *)vif->drv_priv;
}
@@ -507,7 +507,7 @@ struct rt2x00_sta {
int wcid;
};
-static inline struct rt2x00_sta* sta_to_rt2x00_sta(struct ieee80211_sta *sta)
+static inline struct rt2x00_sta *sta_to_rt2x00_sta(struct ieee80211_sta *sta)
{
return (struct rt2x00_sta *)sta->drv_priv;
}
--
2.6.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 3/3] net: wireless: rt2x00: Space Required
Space needed before open parenthesis
Signed-off-by: Paul McQuade #
---
drivers/net/wireless/rt2x00/rt2x00debug.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/rt2x00/rt2x00debug.c
b/drivers/net/wireless/rt2x00/rt2x00debug.c
index 90fdb02..25ee3cb 100644
--- a/drivers/net/wireless/rt2x00/rt2x00debug.c
+++ b/drivers/net/wireless/rt2x00/rt2x00debug.c
@@ -629,7 +629,7 @@ static struct dentry *rt2x00debug_create_file_chipset(const
char *name,
data += sprintf(data, "register\tbase\twords\twordsize\n");
#define RT2X00DEBUGFS_SPRINTF_REGISTER(__name) \
{ \
- if(debug->__name.read) \
+ if (debug->__name.read) \
data += sprintf(data, __stringify(__name) \
"\t%d\t%d\t%d\n", \
debug->__name.word_base,\
@@ -699,7 +699,7 @@ void rt2x00debug_register(struct rt2x00_dev *rt2x00dev)
#define RT2X00DEBUGFS_CREATE_REGISTER_ENTRY(__intf, __name)
\
({
\
- if(debug->__name.read) {
\
+ if (debug->__name.read) {
\
(__intf)->__name##_off_entry =
\
debugfs_create_u32(__stringify(__name) "_offset",
\
S_IRUSR | S_IWUSR,
\
--
2.6.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/3] net: wireless: rt2x00: Space issue
Removed empty spaces before/after parenthesis
Signed-off-by: Paul McQuade
---
drivers/net/wireless/rt2x00/rt2x00.h | 24
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/drivers/net/wireless/rt2x00/rt2x00.h
b/drivers/net/wireless/rt2x00/rt2x00.h
index 3282ddb..6f8310a 100644
--- a/drivers/net/wireless/rt2x00/rt2x00.h
+++ b/drivers/net/wireless/rt2x00/rt2x00.h
@@ -107,7 +107,7 @@
* amount of bytes needed to move the data.
*/
#define ALIGN_SIZE(__skb, __header) \
- ( ((unsigned long)((__skb)->data + (__header))) & 3 )
+ (((unsigned long)((__skb)->data + (__header))) & 3)
/*
* Constants for extra TX headroom for alignment purposes.
@@ -128,14 +128,14 @@
#define SLOT_TIME 20
#define SHORT_SLOT_TIME9
#define SIFS 10
-#define PIFS ( SIFS + SLOT_TIME )
-#define SHORT_PIFS ( SIFS + SHORT_SLOT_TIME )
-#define DIFS ( PIFS + SLOT_TIME )
-#define SHORT_DIFS ( SHORT_PIFS + SHORT_SLOT_TIME )
-#define EIFS ( SIFS + DIFS + \
- GET_DURATION(IEEE80211_HEADER + ACK_SIZE, 10)
)
-#define SHORT_EIFS ( SIFS + SHORT_DIFS + \
- GET_DURATION(IEEE80211_HEADER + ACK_SIZE, 10)
)
+#define PIFS (SIFS + SLOT_TIME)
+#define SHORT_PIFS (SIFS + SHORT_SLOT_TIME)
+#define DIFS (PIFS + SLOT_TIME)
+#define SHORT_DIFS (SHORT_PIFS + SHORT_SLOT_TIME)
+#define EIFS (SIFS + DIFS + \
+ GET_DURATION(IEEE80211_HEADER + ACK_SIZE, 10))
+#define SHORT_EIFS (SIFS + SHORT_DIFS + \
+ GET_DURATION(IEEE80211_HEADER + ACK_SIZE, 10))
enum rt2x00_chip_intf {
RT2X00_CHIP_INTF_PCI,
--
2.6.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] intel: i40e: fix confused code
This code is pretty confused. The variable name 'bytes_not_copied'
clearly indicates that the programmer knew the semantics of
copy_{to,from}_user, but then the return value is checked for being
negative and used as a -Exxx return value.
I'm not sure this is the proper fix, but at least we get rid of the
dead code which pretended to check for access faults.
Signed-off-by: Rasmus Villemoes
---
There are other things worth looking at. i40e_dbg_netdev_ops_buf is a
static buffer of size 256, which can be filled from user space (in
i40e_dbg_netdev_ops_write). That function correctly checks that the
input is at most 255 bytes. However, in i40e_dbg_netdev_ops_read we
snprintf() it along a device name (and some white space) into
kmalloc'ed buffer, also of size 256. Hence the snprintf output can be
truncated, but snprintf() returns the total size that would be
generated - so when we then proceed to using that in copy_to_user(),
we may actually copy from beyond the allocated buffer, hence leaking a
little kernel data.
In i40e_dbg_command_write, we allocate a buffer based on count which
is user-supplied. While kmalloc() refuses completely insane sizes, we
may still allocate a few MB. Moreover, if allocation fails, returning
'count' is rather odd; -ENOMEM would make more sense.
drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 24 ++--
1 file changed, 10 insertions(+), 14 deletions(-)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
index d7c15d17faa6..e9ecd3f9cafe 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
@@ -103,8 +103,8 @@ static ssize_t i40e_dbg_dump_read(struct file *filp, char
__user *buffer,
len = min_t(int, count, (i40e_dbg_dump_data_len - *ppos));
bytes_not_copied = copy_to_user(buffer, &i40e_dbg_dump_buf[*ppos], len);
- if (bytes_not_copied < 0)
- return bytes_not_copied;
+ if (bytes_not_copied)
+ return -EFAULT;
*ppos += len;
return len;
@@ -353,8 +353,8 @@ static ssize_t i40e_dbg_command_read(struct file *filp,
char __user *buffer,
bytes_not_copied = copy_to_user(buffer, buf, len);
kfree(buf);
- if (bytes_not_copied < 0)
- return bytes_not_copied;
+ if (bytes_not_copied)
+ return -EFAULT;
*ppos = len;
return len;
@@ -995,12 +995,10 @@ static ssize_t i40e_dbg_command_write(struct file *filp,
if (!cmd_buf)
return count;
bytes_not_copied = copy_from_user(cmd_buf, buffer, count);
- if (bytes_not_copied < 0) {
+ if (bytes_not_copied) {
kfree(cmd_buf);
- return bytes_not_copied;
+ return -EFAULT;
}
- if (bytes_not_copied > 0)
- count -= bytes_not_copied;
cmd_buf[count] = '\0';
cmd_buf_tmp = strchr(cmd_buf, '\n');
@@ -2034,8 +2032,8 @@ static ssize_t i40e_dbg_netdev_ops_read(struct file
*filp, char __user *buffer,
bytes_not_copied = copy_to_user(buffer, buf, len);
kfree(buf);
- if (bytes_not_copied < 0)
- return bytes_not_copied;
+ if (bytes_not_copied)
+ return -EFAULT;
*ppos = len;
return len;
@@ -2068,10 +2066,8 @@ static ssize_t i40e_dbg_netdev_ops_write(struct file
*filp,
memset(i40e_dbg_netdev_ops_buf, 0, sizeof(i40e_dbg_netdev_ops_buf));
bytes_not_copied = copy_from_user(i40e_dbg_netdev_ops_buf,
buffer, count);
- if (bytes_not_copied < 0)
- return bytes_not_copied;
- else if (bytes_not_copied > 0)
- count -= bytes_not_copied;
+ if (bytes_not_copied)
+ return -EFAULT;
i40e_dbg_netdev_ops_buf[count] = '\0';
buf_tmp = strchr(i40e_dbg_netdev_ops_buf, '\n');
--
2.6.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net/phy: micrel: Follow attached_dev to get to the MAC device
> Sure, will try to debug. It looks like phydev->attached_dev is valid, but > phydev->attached_dev->dev.of_node is NULL. Humm phydev->attached_dev is a net_device, so should be the mac. What device is phydev->attached_dev->dev? Is it not the dev embedded in the platform_device passed to socfpga_dwmac_probe()? Andrew -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] net: wireless: rt2x00: statics code style
Do not initialise statics to 0 or NULL Also use tabs where possible Signed-off-by: Paul McQuade --- drivers/net/wireless/rt2x00/rt61pci.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/rt2x00/rt61pci.c b/drivers/net/wireless/rt2x00/rt61pci.c index c0e730e..53bd23d 100644 --- a/drivers/net/wireless/rt2x00/rt61pci.c +++ b/drivers/net/wireless/rt2x00/rt61pci.c @@ -39,7 +39,7 @@ /* * Allow hardware encryption to be disabled. */ -static bool modparam_nohwcrypt = false; +static bool modparam_nohwcrypt; module_param_named(nohwcrypt, modparam_nohwcrypt, bool, S_IRUGO); MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption."); @@ -1388,7 +1388,7 @@ static bool rt61pci_get_entry_state(struct queue_entry *entry) rt2x00_desc_read(entry_priv->desc, 0, &word); return (rt2x00_get_field32(word, TXD_W0_OWNER_NIC) || - rt2x00_get_field32(word, TXD_W0_VALID)); + rt2x00_get_field32(word, TXD_W0_VALID)); } } -- 2.6.1 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH nf-next 1/4] netfilter: ipv6: remove extra clone/free operations
commit 6aafeef03b9d9ecf
("netfilter: push reasm skb through instead of original frag skbs")
changed ipv6 defrag to not use the original skbs anymore.
So rather than keeping the original skbs around just to discard them
afterwards just use the original skbs directly for the fraglist of
the newly assemled skb.
Cc: Jiri Pirko
Signed-off-by: Florian Westphal
---
include/net/netfilter/ipv6/nf_defrag_ipv6.h | 1 -
net/ipv6/netfilter/nf_conntrack_reasm.c | 71 -
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 2 -
3 files changed, 9 insertions(+), 65 deletions(-)
diff --git a/include/net/netfilter/ipv6/nf_defrag_ipv6.h
b/include/net/netfilter/ipv6/nf_defrag_ipv6.h
index fb7da5b..fcd20cf 100644
--- a/include/net/netfilter/ipv6/nf_defrag_ipv6.h
+++ b/include/net/netfilter/ipv6/nf_defrag_ipv6.h
@@ -6,7 +6,6 @@ void nf_defrag_ipv6_enable(void);
int nf_ct_frag6_init(void);
void nf_ct_frag6_cleanup(void);
struct sk_buff *nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32
user);
-void nf_ct_frag6_consume_orig(struct sk_buff *skb);
struct inet_frags_ctl;
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c
b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 056f5d4..1b1a851 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -56,7 +56,6 @@ struct nf_ct_frag6_skb_cb
{
struct inet6_skb_parm h;
int offset;
- struct sk_buff *orig;
};
#define NFCT_FRAG6_CB(skb) ((struct nf_ct_frag6_skb_cb *)((skb)->cb))
@@ -170,12 +169,6 @@ static unsigned int nf_hashfn(const struct inet_frag_queue
*q)
return nf_hash_frag(nq->id, &nq->saddr, &nq->daddr);
}
-static void nf_skb_free(struct sk_buff *skb)
-{
- if (NFCT_FRAG6_CB(skb)->orig)
- kfree_skb(NFCT_FRAG6_CB(skb)->orig);
-}
-
static void nf_ct_frag6_expire(unsigned long data)
{
struct frag_queue *fq;
@@ -378,7 +371,7 @@ err:
static struct sk_buff *
nf_ct_frag6_reasm(struct frag_queue *fq, struct net_device *dev)
{
- struct sk_buff *fp, *op, *head = fq->q.fragments;
+ struct sk_buff *fp, *head = fq->q.fragments;
intpayload_len;
u8 ecn;
@@ -429,7 +422,6 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct net_device
*dev)
clone->csum = 0;
clone->ip_summed = head->ip_summed;
- NFCT_FRAG6_CB(clone)->orig = NULL;
add_frag_mem_limit(fq->q.net, clone->truesize);
}
@@ -473,21 +465,6 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct net_device
*dev)
fq->q.fragments = NULL;
fq->q.fragments_tail = NULL;
- /* all original skbs are linked into the NFCT_FRAG6_CB(head).orig */
- fp = skb_shinfo(head)->frag_list;
- if (fp && NFCT_FRAG6_CB(fp)->orig == NULL)
- /* at above code, head skb is divided into two skbs. */
- fp = fp->next;
-
- op = NFCT_FRAG6_CB(head)->orig;
- for (; fp; fp = fp->next) {
- struct sk_buff *orig = NFCT_FRAG6_CB(fp)->orig;
-
- op->next = orig;
- op = orig;
- NFCT_FRAG6_CB(fp)->orig = NULL;
- }
-
return head;
out_oversize:
@@ -565,7 +542,6 @@ find_prev_fhdr(struct sk_buff *skb, u8 *prevhdrp, int
*prevhoff, int *fhoff)
struct sk_buff *nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32
user)
{
- struct sk_buff *clone;
struct net_device *dev = skb->dev;
struct frag_hdr *fhdr;
struct frag_queue *fq;
@@ -583,37 +559,25 @@ struct sk_buff *nf_ct_frag6_gather(struct net *net,
struct sk_buff *skb, u32 use
if (find_prev_fhdr(skb, &prevhdr, &nhoff, &fhoff) < 0)
return skb;
- clone = skb_clone(skb, GFP_ATOMIC);
- if (clone == NULL) {
- pr_debug("Can't clone skb\n");
+ if (!pskb_may_pull(skb, fhoff + sizeof(*fhdr)))
return skb;
- }
-
- NFCT_FRAG6_CB(clone)->orig = skb;
-
- if (!pskb_may_pull(clone, fhoff + sizeof(*fhdr))) {
- pr_debug("message is too short.\n");
- goto ret_orig;
- }
- skb_set_transport_header(clone, fhoff);
- hdr = ipv6_hdr(clone);
- fhdr = (struct frag_hdr *)skb_transport_header(clone);
+ skb_set_transport_header(skb, fhoff);
+ hdr = ipv6_hdr(skb);
+ fhdr = (struct frag_hdr *)skb_transport_header(skb);
fq = fq_find(net, fhdr->identification, user, &hdr->saddr, &hdr->daddr,
ip6_frag_ecn(hdr));
- if (fq == NULL) {
- pr_debug("Can't find and can't create new queue\n");
- goto ret_orig;
- }
+ if (fq == NULL)
+ return skb;
spin_lock_bh(&fq->q.lock);
- if (nf_ct_frag6_queue(fq, clone, fhdr, nhoff) < 0) {
+ if (nf_ct_frag6_queue(fq, skb, fhdr, nhoff) < 0) {
spin_unlock_bh(&fq->q.lock);
[PATCH nf-next 4/4] netfilter: ipv6: avoid nf_iterate recursion
The previous patch changed nf_ct_frag6_gather() to morph reassembled skb
with the previous one.
This means that the return value is always NULL or the skb argument.
So change it to an err value.
Instead of invoking NF_HOOK recursively with threshold to skip already-called
hooks
we can now just return NF_ACCEPT to move on to the next hook except for
-EINPROGRESS (which means skb has been queued for reassembly), in which case we
return NF_STOLEN.
Signed-off-by: Florian Westphal
---
include/net/netfilter/ipv6/nf_defrag_ipv6.h | 2 +-
net/ipv6/netfilter/nf_conntrack_reasm.c | 68 ++---
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 14 +++---
net/openvswitch/conntrack.c | 11 +++--
4 files changed, 43 insertions(+), 52 deletions(-)
diff --git a/include/net/netfilter/ipv6/nf_defrag_ipv6.h
b/include/net/netfilter/ipv6/nf_defrag_ipv6.h
index fcd20cf..ddf162f 100644
--- a/include/net/netfilter/ipv6/nf_defrag_ipv6.h
+++ b/include/net/netfilter/ipv6/nf_defrag_ipv6.h
@@ -5,7 +5,7 @@ void nf_defrag_ipv6_enable(void);
int nf_ct_frag6_init(void);
void nf_ct_frag6_cleanup(void);
-struct sk_buff *nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32
user);
+int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user);
struct inet_frags_ctl;
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c
b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 72ac916..b87dd75 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -361,14 +361,18 @@ err:
/*
* Check if this packet is complete.
- * Returns NULL on failure by any reason, and pointer
- * to current nexthdr field in reassembled frame.
*
* It is called with locked fq, and caller must check that
* queue is eligible for reassembly i.e. it is not COMPLETE,
* the last and the first frames arrived and all the bits are here.
+ *
+ * returns true if *prev skb has been transformed into the reassembled
+ * skb, false otherwise.
+ *
+ * Note: If false is returned, *prev is still on the fragment queue,
freeing
+ * the queue is enough to discard *prev, too.
*/
-static struct sk_buff *
+static bool
nf_ct_frag6_reasm(struct frag_queue *fq, struct sk_buff *prev, struct
net_device *dev)
{
struct sk_buff *fp, *head = fq->q.fragments;
@@ -382,22 +386,21 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct sk_buff
*prev, struct net_devic
ecn = ip_frag_ecn_table[fq->ecn];
if (unlikely(ecn == 0xff))
- goto out_fail;
+ return false;
/* Unfragmented part is taken from the first segment. */
payload_len = ((head->data - skb_network_header(head)) -
sizeof(struct ipv6hdr) + fq->q.len -
sizeof(struct frag_hdr));
if (payload_len > IPV6_MAXPLEN) {
- pr_debug("payload len is too large.\n");
- goto out_oversize;
+ net_dbg_ratelimited("nf_ct_frag6_reasm: payload len = %d\n",
+ payload_len);
+ return false;
}
/* Head of list must not be cloned. */
- if (skb_unclone(head, GFP_ATOMIC)) {
- pr_debug("skb is cloned but can't expand head");
- goto out_oom;
- }
+ if (skb_unclone(head, GFP_ATOMIC))
+ return false;
/* If the first fragment is fragmented itself, we split
* it to two chunks: the first with data and paged part
@@ -408,7 +411,7 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct sk_buff
*prev, struct net_devic
clone = alloc_skb(0, GFP_ATOMIC);
if (clone == NULL)
- goto out_oom;
+ return false;
clone->next = head->next;
head->next = clone;
@@ -438,7 +441,7 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct sk_buff
*prev, struct net_devic
fp = skb_clone(prev, GFP_ATOMIC);
if (!fp)
- goto out_oom;
+ return false;
fp->next = prev->next;
skb_queue_walk(head, iter) {
@@ -494,16 +497,7 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct sk_buff
*prev, struct net_devic
fq->q.fragments = NULL;
fq->q.fragments_tail = NULL;
- return head;
-
-out_oversize:
- net_dbg_ratelimited("nf_ct_frag6_reasm: payload len = %d\n",
- payload_len);
- goto out_fail;
-out_oom:
- net_dbg_ratelimited("nf_ct_frag6_reasm: no memory for reassembly\n");
-out_fail:
- return NULL;
+ return true;
}
/*
@@ -569,27 +563,26 @@ find_prev_fhdr(struct sk_buff *skb, u8 *prevhdrp, int
*prevhoff, int *fhoff)
return 0;
}
-struct sk_buff *nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32
user)
+int nf_ct_frag6_gather(struct net *net, struc
[PATCH nf-next 0/4] netfilter: rework netfilter ipv6 defrag
[ CC netdev since patch #2 isn't nf-specific. Dave, if you want
I can resubmit that one after the next nf-pull request; let me know if
you would prefer that ].
Openvswitch seems broken wrt. to defragmentation, it doesn't call
nf_ct_frag6_consume_orig to free the original fragments.
Moreover, openvswitch design seems to require that it can reuse current
skb rather than work with a new skb pointer (it uses skb_morph for this).
Instead of OVS-side fix this series tries to alter netfilter ipv6 defrag
accordingly.
1. nf_ct_frag6_consume_orig is removed, since
commit 6aafeef03b9d9ecf ("netfilter: push reasm skb through instead of
original frag skbs") nothing needs the original fragments so there is no
reason why we need to clone+store original skb -- just stash original
skbs in the frag_list.
2. Use skb_morph to make the last skb processed (not necessarily last
fragment) the reassembled one.
3. remove the no-longer needed recursion into nf_iterate, we can now just
return ACCEPT/STOLEN as needed instead of NF_HOOK_THRESH()+NF_STOLEN.
Tested with flood-ping6+ fault-injection framework 'failslab' type.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH nf-next 2/4] inet: kill obsolete skb_free op
The only user was removed in preceeding commit.
Signed-off-by: Florian Westphal
---
include/net/inet_frag.h | 1 -
net/ieee802154/6lowpan/reassembly.c | 1 -
net/ipv4/inet_fragment.c| 10 +-
net/ipv4/ip_fragment.c | 1 -
net/ipv6/reassembly.c | 1 -
5 files changed, 1 insertion(+), 13 deletions(-)
diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h
index 53eead2..9f9aa4d 100644
--- a/include/net/inet_frag.h
+++ b/include/net/inet_frag.h
@@ -99,7 +99,6 @@ struct inet_frags {
void(*constructor)(struct inet_frag_queue *q,
const void *arg);
void(*destructor)(struct inet_frag_queue *);
- void(*skb_free)(struct sk_buff *);
void(*frag_expire)(unsigned long data);
struct kmem_cache *frags_cachep;
const char *frags_cache_name;
diff --git a/net/ieee802154/6lowpan/reassembly.c
b/net/ieee802154/6lowpan/reassembly.c
index 12e8cf4..f85b08b 100644
--- a/net/ieee802154/6lowpan/reassembly.c
+++ b/net/ieee802154/6lowpan/reassembly.c
@@ -619,7 +619,6 @@ int __init lowpan_net_frag_init(void)
lowpan_frags.hashfn = lowpan_hashfn;
lowpan_frags.constructor = lowpan_frag_init;
lowpan_frags.destructor = NULL;
- lowpan_frags.skb_free = NULL;
lowpan_frags.qsize = sizeof(struct frag_queue);
lowpan_frags.match = lowpan_frag_match;
lowpan_frags.frag_expire = lowpan_frag_expire;
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
index d0a7c03..bf63ea4 100644
--- a/net/ipv4/inet_fragment.c
+++ b/net/ipv4/inet_fragment.c
@@ -291,14 +291,6 @@ void inet_frag_kill(struct inet_frag_queue *fq, struct
inet_frags *f)
}
EXPORT_SYMBOL(inet_frag_kill);
-static inline void frag_kfree_skb(struct netns_frags *nf, struct inet_frags *f,
- struct sk_buff *skb)
-{
- if (f->skb_free)
- f->skb_free(skb);
- kfree_skb(skb);
-}
-
void inet_frag_destroy(struct inet_frag_queue *q, struct inet_frags *f)
{
struct sk_buff *fp;
@@ -315,7 +307,7 @@ void inet_frag_destroy(struct inet_frag_queue *q, struct
inet_frags *f)
struct sk_buff *xp = fp->next;
sum_truesize += fp->truesize;
- frag_kfree_skb(nf, f, fp);
+ kfree_skb(fp);
fp = xp;
}
sum = sum_truesize + f->qsize;
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 5482745..325106d 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -885,7 +885,6 @@ void __init ipfrag_init(void)
ip4_frags.hashfn = ip4_hashfn;
ip4_frags.constructor = ip4_frag_init;
ip4_frags.destructor = ip4_frag_free;
- ip4_frags.skb_free = NULL;
ip4_frags.qsize = sizeof(struct ipq);
ip4_frags.match = ip4_frag_match;
ip4_frags.frag_expire = ip_expire;
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index f1159bb..10bbcd1 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -745,7 +745,6 @@ int __init ipv6_frag_init(void)
ip6_frags.hashfn = ip6_hashfn;
ip6_frags.constructor = ip6_frag_init;
ip6_frags.destructor = NULL;
- ip6_frags.skb_free = NULL;
ip6_frags.qsize = sizeof(struct frag_queue);
ip6_frags.match = ip6_frag_match;
ip6_frags.frag_expire = ip6_frag_expire;
--
2.0.5
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH nf-next 3/4] netfilter: ipv6: in-place replacement of last skb
openvswitch attempts to morph the reassembled skb with the currently
processed one. But this looks broken -- the currently processed skb
is part of the reassembled skbs frag_list.
IOW, we morph an element of reasms frag_list into reasm itself, then
free said frag_list element.
This allows callers to process skb as intended by openvswitch: we either
return NULL (skb queued for reassembly), or turn the provided skb into
a reassembled one.
A followup patch will change nf_defrag to avoid the NF_HOOK recursion
which is now no longer needed.
Signed-off-by: Florian Westphal
---
net/ipv6/netfilter/nf_conntrack_reasm.c | 33 +--
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 4
net/openvswitch/conntrack.c | 5 -
3 files changed, 31 insertions(+), 11 deletions(-)
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c
b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 1b1a851..72ac916 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -369,7 +369,7 @@ err:
* the last and the first frames arrived and all the bits are here.
*/
static struct sk_buff *
-nf_ct_frag6_reasm(struct frag_queue *fq, struct net_device *dev)
+nf_ct_frag6_reasm(struct frag_queue *fq, struct sk_buff *prev, struct
net_device *dev)
{
struct sk_buff *fp, *head = fq->q.fragments;
intpayload_len;
@@ -425,6 +425,35 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct net_device
*dev)
add_frag_mem_limit(fq->q.net, clone->truesize);
}
+ /* morph head into last received skb: prev.
+*
+* This allows callers of ipv6 conntrack defrag to continue
+* to use the last skb(frag) passed into the reasm engine.
+* The last skb frag 'silently' turns into the full reassembled skb.
+*
+* Since prev is also part of q->fragments we have to clone it first.
+*/
+ if (head != prev) {
+ struct sk_buff *iter;
+
+ fp = skb_clone(prev, GFP_ATOMIC);
+ if (!fp)
+ goto out_oom;
+
+ fp->next = prev->next;
+ skb_queue_walk(head, iter) {
+ if (iter->next != prev)
+ continue;
+ iter->next = fp;
+ break;
+ }
+
+ skb_morph(prev, head);
+ prev->next = head->next;
+ consume_skb(head);
+ head = prev;
+ }
+
/* We have to remove fragment header from datagram and to relocate
* header in order to calculate ICV correctly. */
skb_network_header(head)[fq->nhoffset] = skb_transport_header(head)[0];
@@ -582,7 +611,7 @@ struct sk_buff *nf_ct_frag6_gather(struct net *net, struct
sk_buff *skb, u32 use
if (fq->q.flags == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
fq->q.meat == fq->q.len) {
- ret_skb = nf_ct_frag6_reasm(fq, dev);
+ ret_skb = nf_ct_frag6_reasm(fq, skb, dev);
if (ret_skb == NULL)
pr_debug("Can't reassemble fragmented packets\n");
}
diff --git a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
index 313c1d0..fb96b10 100644
--- a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
+++ b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
@@ -69,10 +69,6 @@ static unsigned int ipv6_defrag(void *priv,
if (reasm == NULL)
return NF_STOLEN;
- /* error occurred or not fragmented */
- if (reasm == skb)
- return NF_ACCEPT;
-
NF_HOOK_THRESH(NFPROTO_IPV6, state->hook, state->net, state->sk, reasm,
state->in, state->out,
state->okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1);
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index ad61426..30ece1d 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -319,12 +319,7 @@ static int handle_fragments(struct net *net, struct
sw_flow_key *key,
if (!reasm)
return -EINPROGRESS;
- if (skb == reasm)
- return -EINVAL;
-
key->ip.proto = ipv6_hdr(reasm)->nexthdr;
- skb_morph(skb, reasm);
- consume_skb(reasm);
ovs_cb.mru = IP6CB(skb)->frag_max_size;
#else
return -EPFNOSUPPORT;
--
2.0.5
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] net: wireless: rt2x00: Fixed Spacing issues
Removed empty spaces before/after parenthesis
Signed-off-by: Paul McQuade
---
drivers/net/wireless/rt2x00/rt61pci.h | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/drivers/net/wireless/rt2x00/rt61pci.h
b/drivers/net/wireless/rt2x00/rt61pci.h
index 1442075..ab86415 100644
--- a/drivers/net/wireless/rt2x00/rt61pci.h
+++ b/drivers/net/wireless/rt2x00/rt61pci.h
@@ -138,14 +138,14 @@
#define PAIRWISE_TA_TABLE_BASE 0x1a00
#define SHARED_KEY_ENTRY(__idx) \
- ( SHARED_KEY_TABLE_BASE + \
- ((__idx) * sizeof(struct hw_key_entry)) )
+ (SHARED_KEY_TABLE_BASE + \
+ ((__idx) * sizeof(struct hw_key_entry)))
#define PAIRWISE_KEY_ENTRY(__idx) \
- ( PAIRWISE_KEY_TABLE_BASE + \
- ((__idx) * sizeof(struct hw_key_entry)) )
+ (PAIRWISE_KEY_TABLE_BASE + \
+ ((__idx) * sizeof(struct hw_key_entry)))
#define PAIRWISE_TA_ENTRY(__idx) \
- ( PAIRWISE_TA_TABLE_BASE + \
- ((__idx) * sizeof(struct hw_pairwise_ta_entry)) )
+ (PAIRWISE_TA_TABLE_BASE + \
+ ((__idx) * sizeof(struct hw_pairwise_ta_entry)))
struct hw_key_entry {
u8 key[16];
@@ -180,7 +180,7 @@ struct hw_pairwise_ta_entry {
#define HW_BEACON_BASE30x2f00
#define HW_BEACON_OFFSET(__index) \
- ( HW_BEACON_BASE0 + (__index * 0x0100) )
+ (HW_BEACON_BASE0 + (__index * 0x0100))
/*
* HOST-MCU shared memory.
@@ -1287,9 +1287,9 @@ struct hw_pairwise_ta_entry {
/*
* DMA descriptor defines.
*/
-#define TXD_DESC_SIZE ( 16 * sizeof(__le32) )
-#define TXINFO_SIZE( 6 * sizeof(__le32) )
-#define RXD_DESC_SIZE ( 16 * sizeof(__le32) )
+#define TXD_DESC_SIZE (16 * sizeof(__le32))
+#define TXINFO_SIZE(6 * sizeof(__le32))
+#define RXD_DESC_SIZE (16 * sizeof(__le32))
/*
* TX descriptor format for TX, PRIO and Beacon Ring.
--
2.6.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net/phy: micrel: Follow attached_dev to get to the MAC device
On 10/17/2015 2:54 AM, Andrew Lunn wrote:
Commit "8b63ec1837fa phylib: Make PHYs children of their MDIO bus, not
the bus' parent." broke finding PHY properties in the MAC device tree
You probably forgot to run checkpatch.pl on this patch, else it
would have complained about the commit citing style. It's <12-bit
SHA1> ("").
Actual, i did, and decided to ignore it. I'm quoting the regression
report, which formats it that way.
BTW, I'm seeing no Reported-by: tag in your patch either, is that intended?
Andrew
MBR, Sergei
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net/phy: micrel: Follow attached_dev to get to the MAC device
On 10/17/2015 2:54 AM, Andrew Lunn wrote:
Commit "8b63ec1837fa phylib: Make PHYs children of their MDIO bus, not
the bus' parent." broke finding PHY properties in the MAC device tree
You probably forgot to run checkpatch.pl on this patch, else it
would have complained about the commit citing style. It's <12-bit
SHA1> ("").
12-digit, of course. :-)
Actual, i did, and decided to ignore it. I'm quoting the regression
report, which formats it that way. However i did deliberately use the
correct format for the fixes: line, where it actually matters.
checkpatch is just a guide, not a rigid rule.
I've had several cases of a maintainer fixing up the commit citing style
for me (and ruining my precious line filling :-).
MBR, Sergei
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net/phy: micrel: Follow attached_dev to get to the MAC device
2015-10-17 8:06 GMT-07:00 Dinh Nguyen :
> On Sat, 17 Oct 2015, Dinh Nguyen wrote:
>
>> On Fri, 16 Oct 2015, Andrew Lunn wrote:
>>
>> > On Fri, Oct 16, 2015 at 05:58:41PM -0500, Dinh Nguyen wrote:
>> > > On Fri, 16 Oct 2015, Andrew Lunn wrote:
>> > >
>> > > > Commit "8b63ec1837fa phylib: Make PHYs children of their MDIO bus, not
>> > > > the bus' parent." broke finding PHY properties in the MAC device tree
>> > > > node. The parent device is now the MDIO bus, not the MAC. Use
>> > > > attached_dev towards the MAC device tree node.
>> > > >
>> > > > Fixes: 8b63ec1837fa ("phylib: Make PHYs children of their MDIO bus,
>> > > > not the bus' parent.")
>> > > > Signed-off-by: Andrew Lunn
>> > > > ---
>> > > >
>> > > > Compile tested only.
>> > > >
>> > > > Dinh, please could you test it and report back if it works or not.
>> > > >
>> > >
>> > > This patch did not seem to fix the problem. The following code did seem
>> > > to
>> > > fix the problem:
>> > >
>> > > if (!of_node && dev->parent->of_node)
>> > > - of_node = dev->parent->of_node;
>> > > + do {
>> > > + of_node = dev->of_node;
>> > > + dev = dev->parent;
>> > > + i++;
>> > > + } while (!of_node && dev);
>> >
>> > This might fix the issue, but it has disadvantages. As i said before,
>> > it allows people to place phy properties into the mdio device node. We
>> > want to be reducing placing you can add phy properties, not adding
>> > more.
>> >
>
> I've also tried creating a separate phy node in the DTS and have the EMAC
> point the PHY with a 'phy = <&phy0>;', but that also didn't seem to work with
> your patch.
If you intend this to be a real phandle to a phy, it should be something like:
phy-handle = <&phy0>;
'phy' is not a valid phandle property that stmmac recognizes
Looking at stmmac and how the various dwmac-* probe the driver,
SET_NETDEV_DEV() is what assigns the network device's device pointer,
and that seems to be done correctly with the proper device argument.
--
Florian
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH net] net: add pfmemalloc check in sk_add_backlog()
On Sat, 2015-10-17 at 05:02 -0700, David Miller wrote: > Sorry I've been meaning to go back and apply it properly. I'll do that right > now... > > There, done and properly queued up for -stable too. :) > Perfect, thanks a lot David. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net/phy: micrel: Follow attached_dev to get to the MAC device
> I've also tried creating a separate phy node in the DTS and have the EMAC
> point the PHY with a 'phy = <&phy0>;', but that also didn't seem to work with
> your patch.
Do you have the phy node as a child of the mdio node?
Picking a random example arch/arm/boot/dts/kirkwood-rd88f6192.dts
&mdio {
status = "okay";
ethphy0: ethernet-phy@8 {
reg = <8>;
};
};
ð0 {
status = "okay";
ethernet0-port@0 {
phy-handle = <ðphy0>;
};
};
Andrew
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net/phy: micrel: Follow attached_dev to get to the MAC device
On Sat, 17 Oct 2015, Dinh Nguyen wrote:
> On Fri, 16 Oct 2015, Andrew Lunn wrote:
>
> > On Fri, Oct 16, 2015 at 05:58:41PM -0500, Dinh Nguyen wrote:
> > > On Fri, 16 Oct 2015, Andrew Lunn wrote:
> > >
> > > > Commit "8b63ec1837fa phylib: Make PHYs children of their MDIO bus, not
> > > > the bus' parent." broke finding PHY properties in the MAC device tree
> > > > node. The parent device is now the MDIO bus, not the MAC. Use
> > > > attached_dev towards the MAC device tree node.
> > > >
> > > > Fixes: 8b63ec1837fa ("phylib: Make PHYs children of their MDIO bus, not
> > > > the bus' parent.")
> > > > Signed-off-by: Andrew Lunn
> > > > ---
> > > >
> > > > Compile tested only.
> > > >
> > > > Dinh, please could you test it and report back if it works or not.
> > > >
> > >
> > > This patch did not seem to fix the problem. The following code did seem to
> > > fix the problem:
> > >
> > > if (!of_node && dev->parent->of_node)
> > > - of_node = dev->parent->of_node;
> > > + do {
> > > + of_node = dev->of_node;
> > > + dev = dev->parent;
> > > + i++;
> > > + } while (!of_node && dev);
> >
> > This might fix the issue, but it has disadvantages. As i said before,
> > it allows people to place phy properties into the mdio device node. We
> > want to be reducing placing you can add phy properties, not adding
> > more.
> >
I've also tried creating a separate phy node in the DTS and have the EMAC
point the PHY with a 'phy = <&phy0>;', but that also didn't seem to work with
your patch.
>
> Sure, will try to debug. It looks like phydev->attached_dev is valid, but
> phydev->attached_dev->dev.of_node is NULL.
>
>
> BR,
> Dinh
>
BR,
Dinh
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net/phy: micrel: Follow attached_dev to get to the MAC device
On Fri, 16 Oct 2015, Andrew Lunn wrote:
> On Fri, Oct 16, 2015 at 05:58:41PM -0500, Dinh Nguyen wrote:
> > On Fri, 16 Oct 2015, Andrew Lunn wrote:
> >
> > > Commit "8b63ec1837fa phylib: Make PHYs children of their MDIO bus, not
> > > the bus' parent." broke finding PHY properties in the MAC device tree
> > > node. The parent device is now the MDIO bus, not the MAC. Use
> > > attached_dev towards the MAC device tree node.
> > >
> > > Fixes: 8b63ec1837fa ("phylib: Make PHYs children of their MDIO bus, not
> > > the bus' parent.")
> > > Signed-off-by: Andrew Lunn
> > > ---
> > >
> > > Compile tested only.
> > >
> > > Dinh, please could you test it and report back if it works or not.
> > >
> >
> > This patch did not seem to fix the problem. The following code did seem to
> > fix the problem:
> >
> > if (!of_node && dev->parent->of_node)
> > - of_node = dev->parent->of_node;
> > + do {
> > + of_node = dev->of_node;
> > + dev = dev->parent;
> > + i++;
> > + } while (!of_node && dev);
>
> This might fix the issue, but it has disadvantages. As i said before,
> it allows people to place phy properties into the mdio device node. We
> want to be reducing placing you can add phy properties, not adding
> more.
>
> Please could you try to debug why my patch did not work. Is
> attached_dev null?
>
Sure, will try to debug. It looks like phydev->attached_dev is valid, but
phydev->attached_dev->dev.of_node is NULL.
BR,
Dinh
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 00/35] Netfilter/IPVS updates for net-next
Hi David, This is exactly the same pull request, including the conflict resolution for net/bridge/br_netfilter_hooks.c. -o- The following patchset contains Netfilter/IPVS updates for your net-next tree. Most relevantly, updates for the nfnetlink_log to integrate with conntrack, fixes for cttimeout and improvements for nf_queue core, they are: 1) Remove useless ifdef around static inline function in IPVS, from Eric W. Biederman. 2) Simplify the conntrack support for nfnetlink_queue: Merge nfnetlink_queue_ct.c file into nfnetlink_queue_core.c, then rename it back to nfnetlink_queue.c 3) Use y2038 safe timestamp from nfnetlink_queue. 4) Get rid of dead function definition in nf_conntrack, from Flavio Leitner. 5) Attach conntrack support for nfnetlink_log.c, from Ken-ichirou MATSUZAWA. This adds a new NETFILTER_NETLINK_GLUE_CT Kconfig switch that controls enabling both nfqueue and nflog integration with conntrack. The userspace application can request this via NFULNL_CFG_F_CONNTRACK configuration flag. 6) Remove unused netns variables in IPVS, from Eric W. Biederman and Simon Horman. 7) Don't put back the refcount on the cttimeout object from xt_CT on success. 8) Fix crash on cttimeout policy object removal. We have to flush out the cttimeout extension area of the conntrack not to refer to an unexisting object that was just removed. 9) Make sure rcu_callback completion before removing nfnetlink_cttimeout module removal. 10) Fix compilation warning in br_netfilter when no nf_defrag_ipv4 and nf_defrag_ipv6 are enabled. Patch from Arnd Bergmann. 11) Autoload ctnetlink dependencies when NFULNL_CFG_F_CONNTRACK is requested. Again from Ken-ichirou MATSUZAWA. 12) Don't use pointer to previous hook when reinjecting traffic via nf_queue with NF_REPEAT verdict since it may be already gone. This also avoids a deadloop if the userspace application keeps returning NF_REPEAT. 13) A bunch of cleanups for netfilter IPv4 and IPv6 code from Ian Morris. 14) Consolidate logger instance existence check in nfulnl_recv_config(). 15) Fix broken atomicity when applying configuration updates to logger instances in nfnetlink_log. 16) Get rid of the .owner attribute in our hook object. We don't need this anymore since we're dropping pending packets that have escaped from the kernel when unremoving the hook. Patch from Florian Westphal. 17) Remove unnecessary rcu_read_lock() from nf_reinject code, we always assume RCU read side lock from .call_rcu in nfnetlink. Also from Florian. 18) Use static inline function instead of macros to define NF_HOOK() and NF_HOOK_COND() when no netfilter support in on, from Arnd Bergmann. You can pull these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git Thanks! The following changes since commit 4be3158abe1e02d24f82b34101e41d662fae2185: Merge branch 'mlxsw-spectrum' (2015-10-16 07:15:31 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD for you to fetch changes up to f0a0a978b66fea782a52b0a7075b3fa9ab27ad0a: Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next (2015-10-17 14:28:03 +0200) Arnd Bergmann (2): netfilter: bridge: avoid unused label warning netfilter: turn NF_HOOK into an inline function David Ahern (1): ipvs: Remove possibly unused variable from ip_vs_out Eric W. Biederman (1): ipvs: Don't protect ip_vs_addr_is_unicast with CONFIG_SYSCTL Flavio Leitner (1): netfilter: remove dead code Florian Westphal (4): netfilter: nfqueue: don't use prev pointer netfilter: remove hook owner refcounting netfilter: make nf_queue_entry_get_refs return void netfilter: nf_queue: remove rcu_read_lock calls Ian Morris (12): netfilter: ip6_tables: label placement netfilter: ip6_tables: function definition layout netfilter: ipv6: code indentation netfilter: ipv6: whitespace around operators netfilter: ip6_tables: ternary operator layout netfilter: ip6_tables: improve if statements netfilter: ipv6: pointer cast layout netfilter: ipv4: label placement netfilter: ipv4: ternary operator layout netfilter: ipv4: function definition layout netfilter: ipv4: code indentation netfilter: ipv4: whitespace around operators Ken-ichirou MATSUZAWA (5): netfilter: nfnetlink_queue: rename related to nfqueue attaching conntrack info netfilter: Kconfig rename QUEUE_CT to GLUE_CT netfilter: ctnetlink: add const qualifier to nfnl_hook.get_ct netfilter: nfnetlink_log: allow to attach conntrack netfilter: nfnetlink_log: autoload nf_conntrack_netlink module NFQA_CFG_F_CONNTRACK config flag Pablo Neira (1):
Re: [PATCH 00/35] Netfilter/IPVS updates for net-next
On Sat, Oct 17, 2015 at 06:07:43AM -0700, David Miller wrote: > From: Pablo Neira Ayuso > Date: Sat, 17 Oct 2015 13:32:35 +0200 > > > git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD > > Pablo, this gives merge conflicts. > > This is the second or third time in the past few pulls from you that > there have been merge conflicts, even when I haven't made a single > change between when you sent the pull request and when I try to > integrate it into my tree. I was about to fix this here, sorry. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 00/35] Netfilter/IPVS updates for net-next
From: Pablo Neira Ayuso Date: Sat, 17 Oct 2015 13:32:35 +0200 > git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD Pablo, this gives merge conflicts. This is the second or third time in the past few pulls from you that there have been merge conflicts, even when I haven't made a single change between when you sent the pull request and when I try to integrate it into my tree. If you can't be certain there won't be merge conflicts, do a test pull into a clone of my tree to see what happens. Or, if you think the merge conflict is simple enough for me to deal with, mention and explain it in the header posting for the patch series. Please fix this up and resend your pull request. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [net-next 01/17] i40e: Lock for VSI's MAC filter list
From: Jeff Kirsher Date: Fri, 16 Oct 2015 22:28:15 -0700 > > + WARN(!spin_is_locked(&vsi->mac_filter_list_lock), > + "Missing mac_filter_list_lock\n"); > + spin_is_locked() is, generally speaking, completely inappropriate to use in assertions. Because, on uniprocessor builds, it always evalutes to zero. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH net-next 3/4] bpf: add support for persistent maps/progs
On 10/17/2015 04:43 AM, Alexei Starovoitov wrote:
On 10/16/15 4:44 PM, Eric W. Biederman wrote:
Alexei Starovoitov writes:
We can argue about api for 2nd, whether it's mount with fd=1234 string
or else, but for the first mount style doesn't make sense.
Why does mount not make sense? It is exactly what you are looking for
so why does it not make sense?
hmm, how do you get a new fd back after mounting it?
Note, open cannot be overloaded, so we end up with BPF_NEW_FD anyway,
but now it's more convoluted and empty mounts are everywhere.
That would be my understanding as well, but as Alexei already said,
these are two different issues, it would be step 2 (let me get back
to that further below). But in any case, I don't really like dumping
key/value somewhere as files. You have binary blobs as both, and
lets say your application has a lookup-key (for whatever reason) of
several cachelines it all ends up getting rather messy than making
it really useful for non-bpf(2) aware cmdline tools to deal with.
Anyway, another idea I've been brainstorming with Hannes today a
bit is about the following:
We register two major numbers, one for eBPF maps (X), one for eBPF
progs (Y). A user can either via cmdline call something like ...
mknod /dev/bpf/maps/map_pkts c X Z to create a special character
device, or alternatively out of an application through mknod(2)
syscall (f.e. tc when setting up maps/progs internally from the obj
file for a classifer).
Then, we still have 2 eBPF commands for bpf(2) syscall to add, say
(for example) BPF_BIND_DEV and BPF_FETCH_DEV. The application that
created a map (or prog) already has the map fd and after mknod(2) it
can open(2) the special file to get the special file fd. Then it can
call something like bpf(BPF_BIND_DEV, &attr, sizeof(attr))) where
attr looks like:
union bpf_attr attr = {
.bpf_fd= bpf_fd,
.dev_fd= dev_fd,
};
The bpf(2) syscall can check whether dev_fd belongs to an eBPF special
file and it can then copy over file->private_data from the bpf_fd
to the dev_fd's underlying file, where the private_data, as we know,
from the bpf_fd already points to a proper bpf_map/bpf_prog structure.
The map/prog would then get ref'ed and lives onwards in the char device's
lifetime. No special hashtable, gc, etc needed. The char device has fops
that we can define by ourself, and unlinking would drop the ref from
its private_data.
Now to the other part: BPF_FETCH_DEV would work similar. The application
opens the device, and fills bpf_attr as follows again:
union bpf_attr attr = {
.bpf_fd= 0,
.dev_fd= dev_fd,
};
This would allow us to look up the map/prog from the dev_fd's file->
private_data, and installs a new fd via bpf_{map,prog}_new_fd() that
is returned from bpf(2) for bpf-related access. The remaining fops
from the char device could still be reserved for possibilities like
debugging in future.
Now in future (2nd step), could either be to use Eric's idea and then do
something like mount -t bpffs ... -o /dev/bpf/maps/map_pkts to dump
attributes or other properties to some location for inspection from such
a special file, or we could use kobjects for that attached to the device
if the fops from the cdev should not be sufficient.
So closing the loop to the special files where there were concerns:
This won't forbid to have a future shell-style access possibility, and
it would also not end up as a nightmare on what you mentioned with the
S_ISSOCK-like bit in the other email.
The pinning mechanism would not require an extra file system to be mounted
somewhere, and yet the user can define himself an arbitrary hierarchy
where he puts the special files as this facility already exists. An
approach like this looks overall cleaner to me, and most likely be
realizable in fewer lines of code as well.
Thoughts?
Cheers,
Daniel
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH net] net: add pfmemalloc check in sk_add_backlog()
From: Eric Dumazet
Date: Fri, 16 Oct 2015 08:38:38 -0700
> On Tue, 2015-09-29 at 21:56 -0700, David Miller wrote:
>> From: Eric Dumazet
>> Date: Tue, 29 Sep 2015 18:52:25 -0700
>>
>> > From: Eric Dumazet
>> >
>> > Greg reported crashes hitting the following check in __sk_backlog_rcv()
>> >
>> >BUG_ON(!sock_flag(sk, SOCK_MEMALLOC));
>> >
>> > The pfmemalloc bit is currently checked in sk_filter().
>> >
>> > This works correctly for TCP, because sk_filter() is ran in
>> > tcp_v[46]_rcv() before hitting the prequeue or backlog checks.
>> >
>> > For UDP or other protocols, this does not work, because the sk_filter()
>> > is ran from sock_queue_rcv_skb(), which might be called _after_ backlog
>> > queuing if socket is owned by user by the time packet is processed by
>> > softirq handler.
>> >
>> > Fixes: b4b9e35585089 ("netvm: set PF_MEMALLOC as appropriate during SKB
>> > processing")
>> > Signed-off-by: Eric Dumazet
>> > Reported-by: Greg Thelen
>>
>> Applied, thanks Eric.
>
> Hi David
>
> This patch never reached a public net tree.
>
> Should I respin it ?
Sorry I've been meaning to go back and apply it properly. I'll do that right
now...
There, done and properly queued up for -stable too. :)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 net-next] RDS: fix rds-ping deadlock over TCP transport
On 10/16/2015 10:13 PM, Santosh Shilimkar wrote: But because of above recursive lock hang with RDS TCP, the send work from rds_send_pong() needs to deferred to worker to avoid lock up. Given RDS ping is more of connectivity test than performance critical path, its should be ok even for transport like IB. Acked-by: Sowmini Varadhan -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 01/35] ipvs: Don't protect ip_vs_addr_is_unicast with CONFIG_SYSCTL
From: "Eric W. Biederman"
I arranged the code so that the compiler can remove the unecessary bits
in ip_vs_leave when CONFIG_SYSCTL is unset, and removed an explicit
CONFIG_SYSCTL.
Unfortunately when rebasing my work on top of that of Alex Gartrell I
missed the fact that the newly added function ip_vs_addr_is_unicast was
surrounded by CONFIG_SYSCTL.
So remove the now unnecessary CONFIG_SYSCTL guards around
ip_vs_addr_is_unicast. It is causing build failures today when
CONFIG_SYSCTL is not selected and any self respecting compiler will
notice that sysctl_cache_bypass is always false without CONFIG_SYSCTL
and not include the logic from the function ip_vs_addr_is_unicast in
the compiled code.
Signed-off-by: "Eric W. Biederman"
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_core.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 37dd77a..d08df43 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -547,7 +547,6 @@ ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff
*skb,
return cp;
}
-#ifdef CONFIG_SYSCTL
static inline int ip_vs_addr_is_unicast(struct net *net, int af,
union nf_inet_addr *addr)
{
@@ -557,7 +556,6 @@ static inline int ip_vs_addr_is_unicast(struct net *net,
int af,
#endif
return (inet_addr_type(net, addr->ip) == RTN_UNICAST);
}
-#endif
/*
* Pass or drop the packet.
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 00/35] Netfilter/IPVS updates for net-next
Hi David, The following patchset contains Netfilter/IPVS updates for your net-next tree. Most relevantly, updates for the nfnetlink_log to integrate with conntrack, fixes for cttimeout and improvements for nf_queue core, they are: 1) Remove useless ifdef around static inline function in IPVS, from Eric W. Biederman. 2) Simplify the conntrack support for nfnetlink_queue: Merge nfnetlink_queue_ct.c file into nfnetlink_queue_core.c, then rename it back to nfnetlink_queue.c 3) Use y2038 safe timestamp from nfnetlink_queue. 4) Get rid of dead function definition in nf_conntrack, from Flavio Leitner. 5) Attach conntrack support for nfnetlink_log.c, from Ken-ichirou MATSUZAWA. This adds a new NETFILTER_NETLINK_GLUE_CT Kconfig switch that controls enabling both nfqueue and nflog integration with conntrack. The userspace application can request this via NFULNL_CFG_F_CONNTRACK configuration flag. 6) Remove unused netns variables in IPVS, from Eric W. Biederman and Simon Horman. 7) Put back the refcount on the cttimeout object from xt_CT. 8) Fix crash on cttimeout policy object removal. We have to flush out the cttimeout extension area of the conntrack not to refer to an unexisting object that was just removed. 9) Make sure rcu_callback completion before removing nfnetlink_cttimeout module removal. 10) Fix compilation warning in br_netfilter when no nf_defrag_ipv4 and nf_defrag_ipv6 are enabled. Patch from Arnd Bergmann. 11) Autoload ctnetlink dependencies when NFULNL_CFG_F_CONNTRACK is requested. Again from Ken-ichirou MATSUZAWA. 12) Don't use pointer to previous hook when reinjecting traffic via nf_queue with NF_REPEAT verdict since it may be already gone. This also avoids a deadloop if the userspace application keeps returning NF_REPEAT. 13) A bunch of cleanups for netfilter IPv4 and IPv6 code from Ian Morris. 14) Consolidate logger instance existence check in nfulnl_recv_config(). 15) Fix broken atomicity when applying configuration updates to logger instances in nfnetlink_log. 16) Get rid of the .owner attribute in our hook object. We don't need this anymore since we're dropping pending packets that have escaped from the kernel when unremoving the hook. Patch from Florian Westphal. 17) Remove unnecessary rcu_read_lock() from nf_reinject code, we always assume RCU read side lock from .call_rcu in nfnetlink. Also from Florian. 18) Use static inline function instead of macros to define NF_HOOK() and NF_HOOK_COND() when no netfilter support in on, from Arnd Bergmann. You can pull these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git Thanks! The following changes since commit e96f78ab2703f3b0d512f6b469bc685d2ef20475: tcp/dccp: add SLAB_DESTROY_BY_RCU flag for request sockets (2015-10-03 13:25:20 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD for you to fetch changes up to c8d71d08aa23679f56e7072358383442c6ede352: netfilter: ipv4: whitespace around operators (2015-10-16 19:19:23 +0200) Arnd Bergmann (2): netfilter: bridge: avoid unused label warning netfilter: turn NF_HOOK into an inline function David Ahern (1): ipvs: Remove possibly unused variable from ip_vs_out Eric W. Biederman (1): ipvs: Don't protect ip_vs_addr_is_unicast with CONFIG_SYSCTL Flavio Leitner (1): netfilter: remove dead code Florian Westphal (4): netfilter: nfqueue: don't use prev pointer netfilter: remove hook owner refcounting netfilter: make nf_queue_entry_get_refs return void netfilter: nf_queue: remove rcu_read_lock calls Ian Morris (12): netfilter: ip6_tables: label placement netfilter: ip6_tables: function definition layout netfilter: ipv6: code indentation netfilter: ipv6: whitespace around operators netfilter: ip6_tables: ternary operator layout netfilter: ip6_tables: improve if statements netfilter: ipv6: pointer cast layout netfilter: ipv4: label placement netfilter: ipv4: ternary operator layout netfilter: ipv4: function definition layout netfilter: ipv4: code indentation netfilter: ipv4: whitespace around operators Ken-ichirou MATSUZAWA (5): netfilter: nfnetlink_queue: rename related to nfqueue attaching conntrack info netfilter: Kconfig rename QUEUE_CT to GLUE_CT netfilter: ctnetlink: add const qualifier to nfnl_hook.get_ct netfilter: nfnetlink_log: allow to attach conntrack netfilter: nfnetlink_log: autoload nf_conntrack_netlink module NFQA_CFG_F_CONNTRACK config flag Pablo Neira (1): netfilter: nfnetlink_log: validate dependencies to avoid breaking atomicity Pablo Neira Ayuso (9): netfilter: nfnetlink_queue: get rid of
[PATCH 11/35] ipvs: Remove possibly unused variables from ip_vs_conn_net_{init,cleanup}
From: Simon Horman
If CONFIG_PROC_FS is undefined then the arguments of proc_create()
and remove_proc_entry() are unused. As a result the net variables of
ip_vs_conn_net_{init,cleanup} are unused.
net/netfilter/ipvs//ip_vs_conn.c: In function ‘ip_vs_conn_net_init’:
net/netfilter/ipvs//ip_vs_conn.c:1350:14: warning: unused variable ‘net’
[-Wunused-variable]
net/netfilter/ipvs//ip_vs_conn.c: In function ‘ip_vs_conn_net_cleanup’:
net/netfilter/ipvs//ip_vs_conn.c:1361:14: warning: unused variable ‘net’
[-Wunused-variable]
...
Resolve this by dereferencing net as needed rather than storing it
in a variable.
Fixes: 3d99376689ee ("ipvs: Pass ipvs not net into
ip_vs_control_net_(init|cleanup)")
Signed-off-by: Simon Horman
Acked-by: Julian Anastasov
---
net/netfilter/ipvs/ip_vs_conn.c | 13 +
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index d1d168c..85ca189 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -1347,23 +1347,20 @@ flush_again:
*/
int __net_init ip_vs_conn_net_init(struct netns_ipvs *ipvs)
{
- struct net *net = ipvs->net;
-
atomic_set(&ipvs->conn_count, 0);
- proc_create("ip_vs_conn", 0, net->proc_net, &ip_vs_conn_fops);
- proc_create("ip_vs_conn_sync", 0, net->proc_net, &ip_vs_conn_sync_fops);
+ proc_create("ip_vs_conn", 0, ipvs->net->proc_net, &ip_vs_conn_fops);
+ proc_create("ip_vs_conn_sync", 0, ipvs->net->proc_net,
+ &ip_vs_conn_sync_fops);
return 0;
}
void __net_exit ip_vs_conn_net_cleanup(struct netns_ipvs *ipvs)
{
- struct net *net = ipvs->net;
-
/* flush all the connection entries first */
ip_vs_conn_flush(ipvs);
- remove_proc_entry("ip_vs_conn", net->proc_net);
- remove_proc_entry("ip_vs_conn_sync", net->proc_net);
+ remove_proc_entry("ip_vs_conn", ipvs->net->proc_net);
+ remove_proc_entry("ip_vs_conn_sync", ipvs->net->proc_net);
}
int __init ip_vs_conn_init(void)
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 02/35] netfilter: nfnetlink_queue: get rid of nfnetlink_queue_ct.c
The original intention was to avoid dependencies between nfnetlink_queue and
conntrack without ifdef pollution. However, we can achieve this by moving the
conntrack dependent code into ctnetlink and keep some glue code to access the
nfq_ct indirection from nfqueue.
After this patch, the nfq_ct indirection is always compiled in the netfilter
core to avoid polluting nfqueue with ifdefs. Thus, if nf_conntrack is not
compiled this results in only 8-bytes of memory waste in x86_64.
This patch also adds ctnetlink_nfqueue_seqadj() to avoid that the nf_conn
structure layout if exposed to nf_queue, which creates another dependency with
nf_conntrack at compilation time.
Signed-off-by: Pablo Neira Ayuso
---
include/linux/netfilter.h | 12 ++--
include/net/netfilter/nfnetlink_queue.h | 51 --
net/netfilter/Makefile | 1 -
net/netfilter/core.c| 9 ++-
net/netfilter/nf_conntrack_netlink.c| 52 ++-
net/netfilter/nfnetlink_queue_core.c| 52 +++
net/netfilter/nfnetlink_queue_ct.c | 113
7 files changed, 103 insertions(+), 187 deletions(-)
delete mode 100644 include/net/netfilter/nfnetlink_queue.h
delete mode 100644 net/netfilter/nfnetlink_queue_ct.c
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 165ab2d..3e5e8f2 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -369,14 +369,21 @@ nf_nat_decode_session(struct sk_buff *skb, struct flowi
*fl, u_int8_t family)
extern void (*ip_ct_attach)(struct sk_buff *, const struct sk_buff *) __rcu;
void nf_ct_attach(struct sk_buff *, const struct sk_buff *);
extern void (*nf_ct_destroy)(struct nf_conntrack *) __rcu;
+#else
+static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {}
+#endif
struct nf_conn;
enum ip_conntrack_info;
struct nlattr;
struct nfq_ct_hook {
+ struct nf_conn *(*get_ct)(struct sk_buff *skb,
+ enum ip_conntrack_info *ctinfo);
size_t (*build_size)(const struct nf_conn *ct);
- int (*build)(struct sk_buff *skb, struct nf_conn *ct);
+ int (*build)(struct sk_buff *skb, struct nf_conn *ct,
+enum ip_conntrack_info ctinfo,
+u_int16_t ct_attr, u_int16_t ct_info_attr);
int (*parse)(const struct nlattr *attr, struct nf_conn *ct);
int (*attach_expect)(const struct nlattr *attr, struct nf_conn *ct,
u32 portid, u32 report);
@@ -384,9 +391,6 @@ struct nfq_ct_hook {
enum ip_conntrack_info ctinfo, s32 off);
};
extern struct nfq_ct_hook __rcu *nfq_ct_hook;
-#else
-static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {}
-#endif
/**
* nf_skb_duplicated - TEE target has sent a packet
diff --git a/include/net/netfilter/nfnetlink_queue.h
b/include/net/netfilter/nfnetlink_queue.h
deleted file mode 100644
index aff88ba..000
--- a/include/net/netfilter/nfnetlink_queue.h
+++ /dev/null
@@ -1,51 +0,0 @@
-#ifndef _NET_NFNL_QUEUE_H_
-#define _NET_NFNL_QUEUE_H_
-
-#include
-
-struct nf_conn;
-
-#ifdef CONFIG_NETFILTER_NETLINK_QUEUE_CT
-struct nf_conn *nfqnl_ct_get(struct sk_buff *entskb, size_t *size,
-enum ip_conntrack_info *ctinfo);
-struct nf_conn *nfqnl_ct_parse(const struct sk_buff *skb,
- const struct nlattr *attr,
- enum ip_conntrack_info *ctinfo);
-int nfqnl_ct_put(struct sk_buff *skb, struct nf_conn *ct,
-enum ip_conntrack_info ctinfo);
-void nfqnl_ct_seq_adjust(struct sk_buff *skb, struct nf_conn *ct,
-enum ip_conntrack_info ctinfo, int diff);
-int nfqnl_attach_expect(struct nf_conn *ct, const struct nlattr *attr,
- u32 portid, u32 report);
-#else
-inline struct nf_conn *
-nfqnl_ct_get(struct sk_buff *entskb, size_t *size, enum ip_conntrack_info
*ctinfo)
-{
- return NULL;
-}
-
-inline struct nf_conn *nfqnl_ct_parse(const struct sk_buff *skb,
- const struct nlattr *attr,
- enum ip_conntrack_info *ctinfo)
-{
- return NULL;
-}
-
-inline int
-nfqnl_ct_put(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info
ctinfo)
-{
- return 0;
-}
-
-inline void nfqnl_ct_seq_adjust(struct sk_buff *skb, struct nf_conn *ct,
- enum ip_conntrack_info ctinfo, int diff)
-{
-}
-
-inline int nfqnl_attach_expect(struct nf_conn *ct, const struct nlattr *attr,
- u32 portid, u32 report)
-{
- return 0;
-}
-#endif /* NF_CONNTRACK */
-#endif
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index 70d026d..4d68e72 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -11,7 +11,6 @@ obj-$(CONFIG_NETFILTER) = netfilter.o
obj-$(CONFIG_NETFILTER_NETLINK) += nfnetlink.o
[PATCH 04/35] netfilter: nfnetlink_queue: use y2038 safe timestamp
The __build_packet_message function fills a nfulnl_msg_packet_timestamp
structure that uses 64-bit seconds and is therefore y2038 safe, but
it uses an intermediate 'struct timespec' which is not.
This trivially changes the code to use 'struct timespec64' instead,
to correct the result on 32-bit architectures.
This is a copy and paste of Arnd's original patch for nfnetlink_log.
Suggested-by: Arnd Bergmann
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nfnetlink_queue.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index b1f1c74..0d2e856 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -500,9 +500,10 @@ nfqnl_build_packet_message(struct net *net, struct
nfqnl_instance *queue,
if (entskb->tstamp.tv64) {
struct nfqnl_msg_packet_timestamp ts;
- struct timeval tv = ktime_to_timeval(entskb->tstamp);
- ts.sec = cpu_to_be64(tv.tv_sec);
- ts.usec = cpu_to_be64(tv.tv_usec);
+ struct timespec64 kts = ktime_to_timespec64(skb->tstamp);
+
+ ts.sec = cpu_to_be64(kts.tv_sec);
+ ts.usec = cpu_to_be64(kts.tv_nsec / NSEC_PER_USEC);
if (nla_put(skb, NFQA_TIMESTAMP, sizeof(ts), &ts))
goto nla_put_failure;
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 05/35] netfilter: remove dead code
From: Flavio Leitner
Remove __nf_conntrack_find() from headers.
Fixes: dcd93ed4cd1 ("netfilter: nf_conntrack: remove dead code")
Signed-off-by: Flavio Leitner
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_conntrack.h | 4
1 file changed, 4 deletions(-)
diff --git a/include/net/netfilter/nf_conntrack.h
b/include/net/netfilter/nf_conntrack.h
index d642f68..fde4068 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -183,10 +183,6 @@ void *nf_ct_alloc_hashtable(unsigned int *sizep, int
nulls);
void nf_ct_free_hashtable(void *hash, unsigned int size);
-struct nf_conntrack_tuple_hash *
-__nf_conntrack_find(struct net *net, u16 zone,
- const struct nf_conntrack_tuple *tuple);
-
int nf_conntrack_hash_check_insert(struct nf_conn *ct);
bool nf_ct_delete(struct nf_conn *ct, u32 pid, int report);
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 19/35] netfilter: ip6_tables: function definition layout
From: Ian Morris
Use tabs instead of spaces to indent second line of parameters in
function definitions.
No changes detected by objdiff.
Signed-off-by: Ian Morris
Signed-off-by: Pablo Neira Ayuso
---
net/ipv6/netfilter/ip6_tables.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 67a2821..0654312 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -816,7 +816,7 @@ static void cleanup_entry(struct ip6t_entry *e, struct net
*net)
newinfo) */
static int
translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0,
-const struct ip6t_replace *repl)
+ const struct ip6t_replace *repl)
{
struct ip6t_entry *iter;
unsigned int i;
@@ -1090,7 +1090,7 @@ static int compat_table_info(const struct xt_table_info
*info,
#endif
static int get_info(struct net *net, void __user *user,
-const int *len, int compat)
+ const int *len, int compat)
{
char name[XT_TABLE_MAXNAMELEN];
struct xt_table *t;
@@ -1152,7 +1152,7 @@ static int get_info(struct net *net, void __user *user,
static int
get_entries(struct net *net, struct ip6t_get_entries __user *uptr,
-const int *len)
+ const int *len)
{
int ret;
struct ip6t_get_entries get;
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 09/35] netfilter: nfnetlink_log: allow to attach conntrack
From: Ken-ichirou MATSUZAWA
This patch enables to include the conntrack information together
with the packet that is sent to user-space via NFLOG, then a
user-space program can acquire NATed information by this NFULA_CT
attribute.
Including the conntrack information is optional, you can set it
via NFULNL_CFG_F_CONNTRACK flag with the NFULA_CFG_FLAGS attribute
like NFQUEUE.
Signed-off-by: Ken-ichirou MATSUZAWA
Signed-off-by: Pablo Neira Ayuso
---
include/uapi/linux/netfilter/nfnetlink_log.h | 3 +++
net/netfilter/Kconfig| 9 ---
net/netfilter/nfnetlink_log.c| 37
3 files changed, 40 insertions(+), 9 deletions(-)
diff --git a/include/uapi/linux/netfilter/nfnetlink_log.h
b/include/uapi/linux/netfilter/nfnetlink_log.h
index 90c2c95..fb21f0c 100644
--- a/include/uapi/linux/netfilter/nfnetlink_log.h
+++ b/include/uapi/linux/netfilter/nfnetlink_log.h
@@ -51,6 +51,8 @@ enum nfulnl_attr_type {
NFULA_HWTYPE, /* hardware type */
NFULA_HWHEADER, /* hardware header */
NFULA_HWLEN,/* hardware header length */
+ NFULA_CT, /* nf_conntrack_netlink.h */
+ NFULA_CT_INFO, /* enum ip_conntrack_info */
__NFULA_MAX
};
@@ -93,5 +95,6 @@ enum nfulnl_attr_config {
#define NFULNL_CFG_F_SEQ 0x0001
#define NFULNL_CFG_F_SEQ_GLOBAL0x0002
+#define NFULNL_CFG_F_CONNTRACK 0x0004
#endif /* _NFNETLINK_LOG_H */
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index d287818..e22349e 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -363,12 +363,13 @@ config NF_CT_NETLINK_HELPER
If unsure, say `N'.
config NETFILTER_NETLINK_GLUE_CT
- bool "NFQUEUE integration with Connection Tracking"
+ bool "NFQUEUE and NFLOG integration with Connection Tracking"
default n
- depends on NETFILTER_NETLINK_QUEUE && NF_CT_NETLINK
+ depends on (NETFILTER_NETLINK_QUEUE || NETFILTER_NETLINK_LOG) &&
NF_CT_NETLINK
help
- If this option is enabled, NFQUEUE can include Connection Tracking
- information together with the packet is the enqueued via NFNETLINK.
+ If this option is enabled, NFQUEUE and NFLOG can include
+ Connection Tracking information together with the packet is
+ the enqueued via NFNETLINK.
config NF_NAT
tristate
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 4670821..e1d1187 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -27,6 +27,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -401,7 +402,9 @@ __build_packet_message(struct nfnl_log_net *log,
unsigned int hooknum,
const struct net_device *indev,
const struct net_device *outdev,
- const char *prefix, unsigned int plen)
+ const char *prefix, unsigned int plen,
+ const struct nfnl_ct_hook *nfnl_ct,
+ struct nf_conn *ct, enum ip_conntrack_info ctinfo)
{
struct nfulnl_msg_packet_hdr pmsg;
struct nlmsghdr *nlh;
@@ -575,6 +578,10 @@ __build_packet_message(struct nfnl_log_net *log,
htonl(atomic_inc_return(&log->global_seq
goto nla_put_failure;
+ if (ct && nfnl_ct->build(inst->skb, ct, ctinfo,
+NFULA_CT, NFULA_CT_INFO) < 0)
+ goto nla_put_failure;
+
if (data_len) {
struct nlattr *nla;
int size = nla_attr_size(data_len);
@@ -620,12 +627,16 @@ nfulnl_log_packet(struct net *net,
const struct nf_loginfo *li_user,
const char *prefix)
{
- unsigned int size, data_len;
+ size_t size;
+ unsigned int data_len;
struct nfulnl_instance *inst;
const struct nf_loginfo *li;
unsigned int qthreshold;
unsigned int plen;
struct nfnl_log_net *log = nfnl_log_pernet(net);
+ const struct nfnl_ct_hook *nfnl_ct = NULL;
+ struct nf_conn *ct = NULL;
+ enum ip_conntrack_info uninitialized_var(ctinfo);
if (li_user && li_user->type == NF_LOG_TYPE_ULOG)
li = li_user;
@@ -671,6 +682,14 @@ nfulnl_log_packet(struct net *net,
size += nla_total_size(sizeof(u_int32_t));
if (inst->flags & NFULNL_CFG_F_SEQ_GLOBAL)
size += nla_total_size(sizeof(u_int32_t));
+ if (inst->flags & NFULNL_CFG_F_CONNTRACK) {
+ nfnl_ct = rcu_dereference(nfnl_ct_hook);
+ if (nfnl_ct != NULL) {
+ ct = nfnl_ct->get_ct(skb, &ctinfo);
+ if (ct != NULL)
+ size += nfnl_ct->build_size(ct);
+ }
+ }
[PATCH 29/35] netfilter: nf_queue: remove rcu_read_lock calls
From: Florian Westphal
All verdict handlers make use of the nfnetlink .call_rcu callback
so rcu readlock is already held.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_queue.c | 16
1 file changed, 4 insertions(+), 12 deletions(-)
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index efc9688..5baa8e2 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -124,22 +124,20 @@ int nf_queue(struct sk_buff *skb,
const struct nf_queue_handler *qh;
/* QUEUE == DROP if no one is waiting, to be safe. */
- rcu_read_lock();
-
qh = rcu_dereference(queue_handler);
if (!qh) {
status = -ESRCH;
- goto err_unlock;
+ goto err;
}
afinfo = nf_get_afinfo(state->pf);
if (!afinfo)
- goto err_unlock;
+ goto err;
entry = kmalloc(sizeof(*entry) + afinfo->route_key_size, GFP_ATOMIC);
if (!entry) {
status = -ENOMEM;
- goto err_unlock;
+ goto err;
}
*entry = (struct nf_queue_entry) {
@@ -154,8 +152,6 @@ int nf_queue(struct sk_buff *skb,
afinfo->saveroute(skb, entry);
status = qh->outfn(entry, queuenum);
- rcu_read_unlock();
-
if (status < 0) {
nf_queue_entry_release_refs(entry);
goto err;
@@ -163,8 +159,6 @@ int nf_queue(struct sk_buff *skb,
return 0;
-err_unlock:
- rcu_read_unlock();
err:
kfree(entry);
return status;
@@ -177,8 +171,6 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int
verdict)
const struct nf_afinfo *afinfo;
int err;
- rcu_read_lock();
-
nf_queue_entry_release_refs(entry);
/* Continue traversal iff userspace said ok... */
@@ -221,7 +213,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int
verdict)
default:
kfree_skb(skb);
}
- rcu_read_unlock();
+
kfree(entry);
}
EXPORT_SYMBOL(nf_reinject);
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 23/35] netfilter: ip6_tables: improve if statements
From: Ian Morris
Correct whitespace layout of if statements.
No changes detected by objdiff.
Signed-off-by: Ian Morris
Signed-off-by: Pablo Neira Ayuso
---
net/ipv6/netfilter/ip6_tables.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index c57ddd3..99425cf 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -133,7 +133,7 @@ ip6_packet_match(const struct sk_buff *skb,
/* ... might want to do something with class and flowlabel here ... */
/* look for the desired protocol header */
- if((ip6info->flags & IP6T_F_PROTO)) {
+ if (ip6info->flags & IP6T_F_PROTO) {
int protohdr;
unsigned short _frag_off;
@@ -151,9 +151,9 @@ ip6_packet_match(const struct sk_buff *skb,
ip6info->proto);
if (ip6info->proto == protohdr) {
- if(ip6info->invflags & IP6T_INV_PROTO) {
+ if (ip6info->invflags & IP6T_INV_PROTO)
return false;
- }
+
return true;
}
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 08/35] netfilter: ctnetlink: add const qualifier to nfnl_hook.get_ct
From: Ken-ichirou MATSUZAWA
get_ct as is and will not update its skb argument, and users of
nfnl_ct_hook is currently only nfqueue, we can add const qualifier.
Signed-off-by: Ken-ichirou MATSUZAWA
---
include/linux/netfilter.h| 2 +-
net/netfilter/nf_conntrack_netlink.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 27747de..edb3dc3 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -378,7 +378,7 @@ enum ip_conntrack_info;
struct nlattr;
struct nfnl_ct_hook {
- struct nf_conn *(*get_ct)(struct sk_buff *skb,
+ struct nf_conn *(*get_ct)(const struct sk_buff *skb,
enum ip_conntrack_info *ctinfo);
size_t (*build_size)(const struct nf_conn *ct);
int (*build)(struct sk_buff *skb, struct nf_conn *ct,
diff --git a/net/netfilter/nf_conntrack_netlink.c
b/net/netfilter/nf_conntrack_netlink.c
index 71d6ada..9f52729 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -2162,7 +2162,7 @@ ctnetlink_glue_build_size(const struct nf_conn *ct)
;
}
-static struct nf_conn *ctnetlink_glue_get_ct(struct sk_buff *skb,
+static struct nf_conn *ctnetlink_glue_get_ct(const struct sk_buff *skb,
enum ip_conntrack_info *ctinfo)
{
struct nf_conn *ct;
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 07/35] netfilter: Kconfig rename QUEUE_CT to GLUE_CT
From: Ken-ichirou MATSUZAWA
Conntrack information attaching infrastructure is now generic and
update it's name to use `glue' in previous patch. This patch updates
Kconfig symbol name and adding NF_CT_NETLINK dependency.
Signed-off-by: Ken-ichirou MATSUZAWA
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/Kconfig| 10 +-
net/netfilter/nf_conntrack_netlink.c | 8
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 3e1b4ab..d287818 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -354,7 +354,7 @@ config NF_CT_NETLINK_HELPER
select NETFILTER_NETLINK
depends on NF_CT_NETLINK
depends on NETFILTER_NETLINK_QUEUE
- depends on NETFILTER_NETLINK_QUEUE_CT
+ depends on NETFILTER_NETLINK_GLUE_CT
depends on NETFILTER_ADVANCED
help
This option enables the user-space connection tracking helpers
@@ -362,10 +362,10 @@ config NF_CT_NETLINK_HELPER
If unsure, say `N'.
-config NETFILTER_NETLINK_QUEUE_CT
-bool "NFQUEUE integration with Connection Tracking"
-default n
-depends on NETFILTER_NETLINK_QUEUE
+config NETFILTER_NETLINK_GLUE_CT
+ bool "NFQUEUE integration with Connection Tracking"
+ default n
+ depends on NETFILTER_NETLINK_QUEUE && NF_CT_NETLINK
help
If this option is enabled, NFQUEUE can include Connection Tracking
information together with the packet is the enqueued via NFNETLINK.
diff --git a/net/netfilter/nf_conntrack_netlink.c
b/net/netfilter/nf_conntrack_netlink.c
index 704f29b..71d6ada 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -2133,7 +2133,7 @@ ctnetlink_alloc_expect(const struct nlattr *const cda[],
struct nf_conn *ct,
struct nf_conntrack_tuple *tuple,
struct nf_conntrack_tuple *mask);
-#ifdef CONFIG_NETFILTER_NETLINK_QUEUE_CT
+#ifdef CONFIG_NETFILTER_NETLINK_GLUE_CT
static size_t
ctnetlink_glue_build_size(const struct nf_conn *ct)
{
@@ -2403,7 +2403,7 @@ static struct nfnl_ct_hook ctnetlink_glue_hook = {
.attach_expect = ctnetlink_glue_attach_expect,
.seq_adjust = ctnetlink_glue_seqadj,
};
-#endif /* CONFIG_NETFILTER_NETLINK_QUEUE_CT */
+#endif /* CONFIG_NETFILTER_NETLINK_GLUE_CT */
/***
* EXPECT
@@ -3387,7 +3387,7 @@ static int __init ctnetlink_init(void)
pr_err("ctnetlink_init: cannot register pernet operations\n");
goto err_unreg_exp_subsys;
}
-#ifdef CONFIG_NETFILTER_NETLINK_QUEUE_CT
+#ifdef CONFIG_NETFILTER_NETLINK_GLUE_CT
/* setup interaction between nf_queue and nf_conntrack_netlink. */
RCU_INIT_POINTER(nfnl_ct_hook, &ctnetlink_glue_hook);
#endif
@@ -3408,7 +3408,7 @@ static void __exit ctnetlink_exit(void)
unregister_pernet_subsys(&ctnetlink_net_ops);
nfnetlink_subsys_unregister(&ctnl_exp_subsys);
nfnetlink_subsys_unregister(&ctnl_subsys);
-#ifdef CONFIG_NETFILTER_NETLINK_QUEUE_CT
+#ifdef CONFIG_NETFILTER_NETLINK_GLUE_CT
RCU_INIT_POINTER(nfnl_ct_hook, NULL);
#endif
}
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 16/35] netfilter: nfnetlink_log: autoload nf_conntrack_netlink module NFQA_CFG_F_CONNTRACK config flag
From: Ken-ichirou MATSUZAWA
This patch enables to load nf_conntrack_netlink module if
NFULNL_CFG_F_CONNTRACK config flag is specified.
Signed-off-by: Ken-ichirou MATSUZAWA
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nfnetlink_log.c | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index e1d1187..f8d9bd8 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -927,7 +927,16 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
}
if (flags & NFULNL_CFG_F_CONNTRACK &&
- rcu_access_pointer(nfnl_ct_hook) == NULL) {
+ !rcu_access_pointer(nfnl_ct_hook)) {
+#ifdef CONFIG_MODULES
+ nfnl_unlock(NFNL_SUBSYS_ULOG);
+ request_module("ip_conntrack_netlink");
+ nfnl_lock(NFNL_SUBSYS_ULOG);
+ if (rcu_access_pointer(nfnl_ct_hook)) {
+ ret = -EAGAIN;
+ goto out;
+ }
+#endif
ret = -EOPNOTSUPP;
goto out;
}
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 26/35] netfilter: nfnetlink_log: validate dependencies to avoid breaking atomicity
From: Pablo Neira
Check that dependencies are fulfilled before updating the logger
instance, otherwise we can leave things in intermediate state on errors
in nfulnl_recv_config().
[ Ken-ichirou reports that this is also fixing missing instance refcnt drop
on error introduced in his patch 914eebf2f434 ("netfilter: nfnetlink_log:
autoload nf_conntrack_netlink module NFQA_CFG_F_CONNTRACK config flag"). ]
Signed-off-by: Pablo Neira Ayuso
Tested-by: Ken-ichirou MATSUZAWA
---
net/netfilter/nfnetlink_log.c | 43 ---
1 file changed, 24 insertions(+), 19 deletions(-)
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 2002d57..a5b9680 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -825,6 +825,7 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
struct net *net = sock_net(ctnl);
struct nfnl_log_net *log = nfnl_log_pernet(net);
int ret = 0;
+ u16 flags;
if (nfula[NFULA_CFG_CMD]) {
u_int8_t pf = nfmsg->nfgen_family;
@@ -846,6 +847,28 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
goto out_put;
}
+ /* Check if we support these flags in first place, dependencies should
+* be there too not to break atomicity.
+*/
+ if (nfula[NFULA_CFG_FLAGS]) {
+ flags = ntohs(nla_get_be16(nfula[NFULA_CFG_FLAGS]));
+
+ if ((flags & NFULNL_CFG_F_CONNTRACK) &&
+ !rcu_access_pointer(nfnl_ct_hook)) {
+#ifdef CONFIG_MODULES
+ nfnl_unlock(NFNL_SUBSYS_ULOG);
+ request_module("ip_conntrack_netlink");
+ nfnl_lock(NFNL_SUBSYS_ULOG);
+ if (rcu_access_pointer(nfnl_ct_hook)) {
+ ret = -EAGAIN;
+ goto out_put;
+ }
+#endif
+ ret = -EOPNOTSUPP;
+ goto out_put;
+ }
+ }
+
if (cmd != NULL) {
switch (cmd->command) {
case NFULNL_CFG_CMD_BIND:
@@ -905,26 +928,8 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
nfulnl_set_qthresh(inst, ntohl(qthresh));
}
- if (nfula[NFULA_CFG_FLAGS]) {
- u16 flags = ntohs(nla_get_be16(nfula[NFULA_CFG_FLAGS]));
-
- if (flags & NFULNL_CFG_F_CONNTRACK &&
- !rcu_access_pointer(nfnl_ct_hook)) {
-#ifdef CONFIG_MODULES
- nfnl_unlock(NFNL_SUBSYS_ULOG);
- request_module("ip_conntrack_netlink");
- nfnl_lock(NFNL_SUBSYS_ULOG);
- if (rcu_access_pointer(nfnl_ct_hook)) {
- ret = -EAGAIN;
- goto out;
- }
-#endif
- ret = -EOPNOTSUPP;
- goto out;
- }
-
+ if (nfula[NFULA_CFG_FLAGS])
nfulnl_set_flags(inst, flags);
- }
out_put:
instance_put(inst);
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 06/35] netfilter: nfnetlink_queue: rename related to nfqueue attaching conntrack info
From: Ken-ichirou MATSUZAWA
The idea of this series of patch is to attach conntrack information to
nflog like nfqueue has already done. nfqueue conntrack info attaching
basis is generic, rename those names to generic one, glue.
Signed-off-by: Ken-ichirou MATSUZAWA
Signed-off-by: Pablo Neira Ayuso
---
include/linux/netfilter.h| 4 +--
net/netfilter/core.c | 4 +--
net/netfilter/nf_conntrack_netlink.c | 60 ++--
net/netfilter/nfnetlink_queue.c | 30 +-
4 files changed, 49 insertions(+), 49 deletions(-)
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 3e5e8f2..27747de 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -377,7 +377,7 @@ struct nf_conn;
enum ip_conntrack_info;
struct nlattr;
-struct nfq_ct_hook {
+struct nfnl_ct_hook {
struct nf_conn *(*get_ct)(struct sk_buff *skb,
enum ip_conntrack_info *ctinfo);
size_t (*build_size)(const struct nf_conn *ct);
@@ -390,7 +390,7 @@ struct nfq_ct_hook {
void (*seq_adjust)(struct sk_buff *skb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, s32 off);
};
-extern struct nfq_ct_hook __rcu *nfq_ct_hook;
+extern struct nfnl_ct_hook __rcu *nfnl_ct_hook;
/**
* nf_skb_duplicated - TEE target has sent a packet
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 1412e36..32a2894 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -351,8 +351,8 @@ EXPORT_SYMBOL(skb_make_writable);
/* This needs to be compiled in any case to avoid dependencies between the
* nfnetlink_queue code and nf_conntrack.
*/
-struct nfq_ct_hook __rcu *nfq_ct_hook __read_mostly;
-EXPORT_SYMBOL_GPL(nfq_ct_hook);
+struct nfnl_ct_hook __rcu *nfnl_ct_hook __read_mostly;
+EXPORT_SYMBOL_GPL(nfnl_ct_hook);
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
/* This does not belong here, but locally generated errors need it if
connection
diff --git a/net/netfilter/nf_conntrack_netlink.c
b/net/netfilter/nf_conntrack_netlink.c
index eb67bf8..704f29b 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -2135,7 +2135,7 @@ ctnetlink_alloc_expect(const struct nlattr *const cda[],
struct nf_conn *ct,
#ifdef CONFIG_NETFILTER_NETLINK_QUEUE_CT
static size_t
-ctnetlink_nfqueue_build_size(const struct nf_conn *ct)
+ctnetlink_glue_build_size(const struct nf_conn *ct)
{
return 3 * nla_total_size(0) /* CTA_TUPLE_ORIG|REPL|MASTER */
+ 3 * nla_total_size(0) /* CTA_TUPLE_IP */
@@ -2162,8 +2162,8 @@ ctnetlink_nfqueue_build_size(const struct nf_conn *ct)
;
}
-static struct nf_conn *ctnetlink_nfqueue_get_ct(struct sk_buff *skb,
- enum ip_conntrack_info *ctinfo)
+static struct nf_conn *ctnetlink_glue_get_ct(struct sk_buff *skb,
+enum ip_conntrack_info *ctinfo)
{
struct nf_conn *ct;
@@ -2174,7 +2174,7 @@ static struct nf_conn *ctnetlink_nfqueue_get_ct(struct
sk_buff *skb,
return ct;
}
-static int __ctnetlink_nfqueue_build(struct sk_buff *skb, struct nf_conn *ct)
+static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct)
{
const struct nf_conntrack_zone *zone;
struct nlattr *nest_parms;
@@ -2247,9 +2247,9 @@ nla_put_failure:
}
static int
-ctnetlink_nfqueue_build(struct sk_buff *skb, struct nf_conn *ct,
- enum ip_conntrack_info ctinfo,
- u_int16_t ct_attr, u_int16_t ct_info_attr)
+ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct,
+enum ip_conntrack_info ctinfo,
+u_int16_t ct_attr, u_int16_t ct_info_attr)
{
struct nlattr *nest_parms;
@@ -2257,7 +2257,7 @@ ctnetlink_nfqueue_build(struct sk_buff *skb, struct
nf_conn *ct,
if (!nest_parms)
goto nla_put_failure;
- if (__ctnetlink_nfqueue_build(skb, ct) < 0)
+ if (__ctnetlink_glue_build(skb, ct) < 0)
goto nla_put_failure;
nla_nest_end(skb, nest_parms);
@@ -2272,7 +2272,7 @@ nla_put_failure:
}
static int
-ctnetlink_nfqueue_parse_ct(const struct nlattr *cda[], struct nf_conn *ct)
+ctnetlink_glue_parse_ct(const struct nlattr *cda[], struct nf_conn *ct)
{
int err;
@@ -2312,7 +2312,7 @@ ctnetlink_nfqueue_parse_ct(const struct nlattr *cda[],
struct nf_conn *ct)
}
static int
-ctnetlink_nfqueue_parse(const struct nlattr *attr, struct nf_conn *ct)
+ctnetlink_glue_parse(const struct nlattr *attr, struct nf_conn *ct)
{
struct nlattr *cda[CTA_MAX+1];
int ret;
@@ -2322,16 +2322,16 @@ ctnetlink_nfqueue_parse(const struct nlattr *attr,
struct nf_conn *ct)
return ret;
spin_lock_bh(&nf_conntrack_expect_lock);
- ret = ctnetlink_nfqueue_parse_ct((const struct nlattr **)cda, ct);
+ ret
[PATCH 13/35] netfilter: conntrack: fix crash on timeout object removal
The object and module refcounts are updated for each conntrack template,
however, if we delete the iptables rules and we flush the timeout
database, we may end up with invalid references to timeout object that
are just gone.
Resolve this problem by setting the timeout reference to NULL when the
custom timeout entry is removed from our base. This patch requires some
RCU trickery to ensure safe pointer handling.
This handling is similar to what we already do with conntrack helpers,
the idea is to avoid bumping the timeout object reference counter from
the packet path to avoid the cost of atomic ops.
Reported-by: Stephen Hemminger
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_conntrack_timeout.h | 25 -
net/netfilter/nf_conntrack_core.c| 12 ++
net/netfilter/nfnetlink_cttimeout.c | 33
net/netfilter/xt_CT.c| 4 +++-
4 files changed, 63 insertions(+), 11 deletions(-)
diff --git a/include/net/netfilter/nf_conntrack_timeout.h
b/include/net/netfilter/nf_conntrack_timeout.h
index 6230871..f72be38 100644
--- a/include/net/netfilter/nf_conntrack_timeout.h
+++ b/include/net/netfilter/nf_conntrack_timeout.h
@@ -20,10 +20,20 @@ struct ctnl_timeout {
};
struct nf_conn_timeout {
- struct ctnl_timeout *timeout;
+ struct ctnl_timeout __rcu *timeout;
};
-#define NF_CT_TIMEOUT_EXT_DATA(__t) (unsigned int *) &((__t)->timeout->data)
+static inline unsigned int *
+nf_ct_timeout_data(struct nf_conn_timeout *t)
+{
+ struct ctnl_timeout *timeout;
+
+ timeout = rcu_dereference(t->timeout);
+ if (timeout == NULL)
+ return NULL;
+
+ return (unsigned int *)timeout->data;
+}
static inline
struct nf_conn_timeout *nf_ct_timeout_find(const struct nf_conn *ct)
@@ -47,7 +57,7 @@ struct nf_conn_timeout *nf_ct_timeout_ext_add(struct nf_conn
*ct,
if (timeout_ext == NULL)
return NULL;
- timeout_ext->timeout = timeout;
+ rcu_assign_pointer(timeout_ext->timeout, timeout);
return timeout_ext;
#else
@@ -64,10 +74,13 @@ nf_ct_timeout_lookup(struct net *net, struct nf_conn *ct,
unsigned int *timeouts;
timeout_ext = nf_ct_timeout_find(ct);
- if (timeout_ext)
- timeouts = NF_CT_TIMEOUT_EXT_DATA(timeout_ext);
- else
+ if (timeout_ext) {
+ timeouts = nf_ct_timeout_data(timeout_ext);
+ if (unlikely(!timeouts))
+ timeouts = l4proto->get_timeouts(net);
+ } else {
timeouts = l4proto->get_timeouts(net);
+ }
return timeouts;
#else
diff --git a/net/netfilter/nf_conntrack_core.c
b/net/netfilter/nf_conntrack_core.c
index 09d1d19..3cb3cb8 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -940,10 +940,13 @@ init_conntrack(struct net *net, struct nf_conn *tmpl,
}
timeout_ext = tmpl ? nf_ct_timeout_find(tmpl) : NULL;
- if (timeout_ext)
- timeouts = NF_CT_TIMEOUT_EXT_DATA(timeout_ext);
- else
+ if (timeout_ext) {
+ timeouts = nf_ct_timeout_data(timeout_ext);
+ if (unlikely(!timeouts))
+ timeouts = l4proto->get_timeouts(net);
+ } else {
timeouts = l4proto->get_timeouts(net);
+ }
if (!l4proto->new(ct, skb, dataoff, timeouts)) {
nf_conntrack_free(ct);
@@ -952,7 +955,8 @@ init_conntrack(struct net *net, struct nf_conn *tmpl,
}
if (timeout_ext)
- nf_ct_timeout_ext_add(ct, timeout_ext->timeout, GFP_ATOMIC);
+ nf_ct_timeout_ext_add(ct, rcu_dereference(timeout_ext->timeout),
+ GFP_ATOMIC);
nf_ct_acct_ext_add(ct, GFP_ATOMIC);
nf_ct_tstamp_ext_add(ct, GFP_ATOMIC);
diff --git a/net/netfilter/nfnetlink_cttimeout.c
b/net/netfilter/nfnetlink_cttimeout.c
index 476accd..5bda647 100644
--- a/net/netfilter/nfnetlink_cttimeout.c
+++ b/net/netfilter/nfnetlink_cttimeout.c
@@ -291,6 +291,34 @@ cttimeout_get_timeout(struct sock *ctnl, struct sk_buff
*skb,
return ret;
}
+static void untimeout(struct nf_conntrack_tuple_hash *i,
+ struct ctnl_timeout *timeout)
+{
+ struct nf_conn *ct = nf_ct_tuplehash_to_ctrack(i);
+ struct nf_conn_timeout *timeout_ext = nf_ct_timeout_find(ct);
+
+ if (timeout_ext && (!timeout || timeout_ext->timeout == timeout))
+ RCU_INIT_POINTER(timeout_ext->timeout, NULL);
+}
+
+static void ctnl_untimeout(struct ctnl_timeout *timeout)
+{
+ struct nf_conntrack_tuple_hash *h;
+ const struct hlist_nulls_node *nn;
+ int i;
+
+ local_bh_disable();
+ for (i = 0; i < init_net.ct.htable_size; i++) {
+ spin_lock(&nf_conntrack_locks[i % CONNTRACK_LOCKS]);
+ if (i < init_net.ct.htable_size) {
+
[PATCH 15/35] netfilter: bridge: avoid unused label warning
From: Arnd Bergmann
With the ARM mini2440_defconfig, the bridge netfilter code gets
built with both CONFIG_NF_DEFRAG_IPV4 and CONFIG_NF_DEFRAG_IPV6
disabled, which leads to a harmless gcc warning:
net/bridge/br_netfilter_hooks.c: In function 'br_nf_dev_queue_xmit':
net/bridge/br_netfilter_hooks.c:792:2: warning: label 'drop' defined but not
used [-Wunused-label]
This gets rid of the warning by cleaning up the code to avoid
the respective #ifdefs causing this problem, and replacing them
with if(IS_ENABLED()) checks. I have verified that the resulting
object code is unchanged, and an additional advantage is that
we now get compile coverage of the unused functions in more
configurations.
Signed-off-by: Arnd Bergmann
Fixes: dd302b59bde0 ("netfilter: bridge: don't leak skb in error paths")
Reviewed-by: Nikolay Aleksandrov
Signed-off-by: Pablo Neira Ayuso
---
net/bridge/br_netfilter_hooks.c | 16
1 file changed, 4 insertions(+), 12 deletions(-)
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
index 13f0367..18905d4 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -111,7 +111,6 @@ static inline __be16 pppoe_proto(const struct sk_buff *skb)
/* largest possible L2 header, see br_nf_dev_queue_xmit() */
#define NF_BRIDGE_MAX_MAC_HEADER_LENGTH (PPPOE_SES_HLEN + ETH_HLEN)
-#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) || IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
struct brnf_frag_data {
char mac[NF_BRIDGE_MAX_MAC_HEADER_LENGTH];
u8 encap_size;
@@ -121,7 +120,6 @@ struct brnf_frag_data {
};
static DEFINE_PER_CPU(struct brnf_frag_data, brnf_frag_data_storage);
-#endif
static void nf_bridge_info_free(struct sk_buff *skb)
{
@@ -666,7 +664,6 @@ static unsigned int br_nf_forward_arp(void *priv,
return NF_STOLEN;
}
-#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) || IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
static int br_nf_push_frag_xmit(struct net *net, struct sock *sk, struct
sk_buff *skb)
{
struct brnf_frag_data *data;
@@ -696,9 +693,7 @@ static int br_nf_push_frag_xmit_sk(struct sock *sk, struct
sk_buff *skb)
struct net *net = dev_net(skb_dst(skb)->dev);
return br_nf_push_frag_xmit(net, sk, skb);
}
-#endif
-#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4)
static int
br_nf_ip_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
int (*output)(struct sock *, struct sk_buff *))
@@ -716,7 +711,6 @@ br_nf_ip_fragment(struct net *net, struct sock *sk, struct
sk_buff *skb,
return ip_do_fragment(sk, skb, output);
}
-#endif
static unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb)
{
@@ -739,11 +733,11 @@ static int br_nf_dev_queue_xmit(struct net *net, struct
sock *sk, struct sk_buff
nf_bridge = nf_bridge_info_get(skb);
-#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4)
/* This is wrong! We should preserve the original fragment
* boundaries by preserving frag_list rather than refragmenting.
*/
- if (skb->protocol == htons(ETH_P_IP)) {
+ if (IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) &&
+ skb->protocol == htons(ETH_P_IP)) {
struct brnf_frag_data *data;
if (br_validate_ipv4(net, skb))
@@ -765,9 +759,8 @@ static int br_nf_dev_queue_xmit(struct net *net, struct
sock *sk, struct sk_buff
return br_nf_ip_fragment(net, sk, skb, br_nf_push_frag_xmit_sk);
}
-#endif
-#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
- if (skb->protocol == htons(ETH_P_IPV6)) {
+ if (IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) &&
+ skb->protocol == htons(ETH_P_IPV6)) {
const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops();
struct brnf_frag_data *data;
@@ -791,7 +784,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct
sock *sk, struct sk_buff
kfree_skb(skb);
return -EMSGSIZE;
}
-#endif
nf_bridge_info_free(skb);
return br_dev_queue_push_xmit(net, sk, skb);
drop:
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 32/35] netfilter: ipv4: ternary operator layout
From: Ian Morris
Correct whitespace layout of ternary operators in the netfilter-ipv4
code.
No changes detected by objdiff.
Signed-off-by: Ian Morris
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/arp_tables.c | 4 ++--
net/ipv4/netfilter/ip_tables.c | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 7300616..eb6663bd 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -186,7 +186,7 @@ static inline int arp_packet_match(const struct arphdr
*arphdr,
if (FWINV(ret != 0, ARPT_INV_VIA_IN)) {
dprintf("VIA in mismatch (%s vs %s).%s\n",
indev, arpinfo->iniface,
- arpinfo->invflags&ARPT_INV_VIA_IN ?" (INV)":"");
+ arpinfo->invflags & ARPT_INV_VIA_IN ? " (INV)" : "");
return 0;
}
@@ -195,7 +195,7 @@ static inline int arp_packet_match(const struct arphdr
*arphdr,
if (FWINV(ret != 0, ARPT_INV_VIA_OUT)) {
dprintf("VIA out mismatch (%s vs %s).%s\n",
outdev, arpinfo->outiface,
- arpinfo->invflags&ARPT_INV_VIA_OUT ?" (INV)":"");
+ arpinfo->invflags & ARPT_INV_VIA_OUT ? " (INV)" : "");
return 0;
}
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 3be2a4d..08b7ab0 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -102,7 +102,7 @@ ip_packet_match(const struct iphdr *ip,
if (FWINV(ret != 0, IPT_INV_VIA_IN)) {
dprintf("VIA in mismatch (%s vs %s).%s\n",
indev, ipinfo->iniface,
- ipinfo->invflags&IPT_INV_VIA_IN ?" (INV)":"");
+ ipinfo->invflags & IPT_INV_VIA_IN ? " (INV)" : "");
return false;
}
@@ -111,7 +111,7 @@ ip_packet_match(const struct iphdr *ip,
if (FWINV(ret != 0, IPT_INV_VIA_OUT)) {
dprintf("VIA out mismatch (%s vs %s).%s\n",
outdev, ipinfo->outiface,
- ipinfo->invflags&IPT_INV_VIA_OUT ?" (INV)":"");
+ ipinfo->invflags & IPT_INV_VIA_OUT ? " (INV)" : "");
return false;
}
@@ -120,7 +120,7 @@ ip_packet_match(const struct iphdr *ip,
FWINV(ip->protocol != ipinfo->proto, IPT_INV_PROTO)) {
dprintf("Packet protocol %hi does not match %hi.%s\n",
ip->protocol, ipinfo->proto,
- ipinfo->invflags&IPT_INV_PROTO ? " (INV)":"");
+ ipinfo->invflags & IPT_INV_PROTO ? " (INV)" : "");
return false;
}
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 17/35] netfilter: nfqueue: don't use prev pointer
From: Florian Westphal
Usage of -prev seems buggy. While packet was out our hook cannot be
removed but we have no way to know if the previous one is still valid.
So better not use ->prev at all. Since NF_REPEAT just asks to invoke
same hook function again, just do so, and continue with nf_interate
if we get an ACCEPT verdict.
A side effect of this change is that if nf_reinject(NF_REPEAT) causes
another REPEAT we will now drop the skb instead of a kernel loop.
However, NF_REPEAT loops would be a bug so this should not happen anyway.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_queue.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index 34f628e..634d18e 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -192,10 +192,8 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned
int verdict)
nf_queue_entry_release_refs(entry);
/* Continue traversal iff userspace said ok... */
- if (verdict == NF_REPEAT) {
- elem = list_entry(elem->list.prev, struct nf_hook_ops, list);
- verdict = NF_ACCEPT;
- }
+ if (verdict == NF_REPEAT)
+ verdict = elem->hook(elem->priv, skb, &entry->state);
if (verdict == NF_ACCEPT) {
afinfo = nf_get_afinfo(entry->state.pf);
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 25/35] netfilter: nfnetlink_log: consolidate check for instance in nfulnl_recv_config()
This patch consolidates the check for valid logger instance once we have
passed the command handling:
The config message that we receive may contain the following info:
1) Command only: We always get a valid instance pointer if we just
created it. In case that the instance is being destroyed or the
command is unknown, we jump to exit path of nfulnl_recv_config().
This patch doesn't modify this handling.
2) Config only: In this case, the instance must always exist since the
user is asking for configuration updates. If the instance doesn't exist
this returns -ENODEV.
3) No command and no configs are specified: This case is rare. The
user is sending us a config message with neither commands nor
config options. In this case, we have to check if the instance exists
and bail out otherwise. Before this patch, it was possible to send a
config message with no command and no config updates for an
unexisting instance without triggering an error. So this is the only
case that changes.
Signed-off-by: Pablo Neira Ayuso
Tested-by: Ken-ichirou MATSUZAWA
---
net/netfilter/nfnetlink_log.c | 28 +---
1 file changed, 5 insertions(+), 23 deletions(-)
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index f8d9bd8..2002d57 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -874,16 +874,15 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
ret = -ENOTSUPP;
break;
}
+ } else if (!inst) {
+ ret = -ENODEV;
+ goto out;
}
if (nfula[NFULA_CFG_MODE]) {
- struct nfulnl_msg_config_mode *params;
- params = nla_data(nfula[NFULA_CFG_MODE]);
+ struct nfulnl_msg_config_mode *params =
+ nla_data(nfula[NFULA_CFG_MODE]);
- if (!inst) {
- ret = -ENODEV;
- goto out;
- }
nfulnl_set_mode(inst, params->copy_mode,
ntohl(params->copy_range));
}
@@ -891,41 +890,24 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
if (nfula[NFULA_CFG_TIMEOUT]) {
__be32 timeout = nla_get_be32(nfula[NFULA_CFG_TIMEOUT]);
- if (!inst) {
- ret = -ENODEV;
- goto out;
- }
nfulnl_set_timeout(inst, ntohl(timeout));
}
if (nfula[NFULA_CFG_NLBUFSIZ]) {
__be32 nlbufsiz = nla_get_be32(nfula[NFULA_CFG_NLBUFSIZ]);
- if (!inst) {
- ret = -ENODEV;
- goto out;
- }
nfulnl_set_nlbufsiz(inst, ntohl(nlbufsiz));
}
if (nfula[NFULA_CFG_QTHRESH]) {
__be32 qthresh = nla_get_be32(nfula[NFULA_CFG_QTHRESH]);
- if (!inst) {
- ret = -ENODEV;
- goto out;
- }
nfulnl_set_qthresh(inst, ntohl(qthresh));
}
if (nfula[NFULA_CFG_FLAGS]) {
u16 flags = ntohs(nla_get_be16(nfula[NFULA_CFG_FLAGS]));
- if (!inst) {
- ret = -ENODEV;
- goto out;
- }
-
if (flags & NFULNL_CFG_F_CONNTRACK &&
!rcu_access_pointer(nfnl_ct_hook)) {
#ifdef CONFIG_MODULES
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 14/35] nfnetlink_cttimeout: add rcu_barrier() on module removal
Make sure kfree_rcu() released objects before leaving the module removal exit path. Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nfnetlink_cttimeout.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c index 5bda647..c7a2d0e 100644 --- a/net/netfilter/nfnetlink_cttimeout.c +++ b/net/netfilter/nfnetlink_cttimeout.c @@ -612,6 +612,7 @@ static void __exit cttimeout_exit(void) RCU_INIT_POINTER(nf_ct_timeout_find_get_hook, NULL); RCU_INIT_POINTER(nf_ct_timeout_put_hook, NULL); #endif /* CONFIG_NF_CONNTRACK_TIMEOUT */ + rcu_barrier(); } module_init(cttimeout_init); -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 24/35] netfilter: ipv6: pointer cast layout
From: Ian Morris Correct whitespace layout of a pointer casting. No changes detected by objdiff. Signed-off-by: Ian Morris Signed-off-by: Pablo Neira Ayuso --- net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index cfcc71f..deab0a1 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c @@ -59,7 +59,7 @@ struct nf_ct_frag6_skb_cb struct sk_buff *orig; }; -#define NFCT_FRAG6_CB(skb) ((struct nf_ct_frag6_skb_cb*)((skb)->cb)) +#define NFCT_FRAG6_CB(skb) ((struct nf_ct_frag6_skb_cb *)((skb)->cb)) static struct inet_frags nf_frags; -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 12/35] netfilter: xt_CT: don't put back reference to timeout policy object
On success, this shouldn't put back the timeout policy object, otherwise we may have module refcount overflow and we allow deletion of timeout that are still in use. Signed-off-by: Pablo Neira Ayuso --- net/netfilter/xt_CT.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c index faf32d8..a03924c 100644 --- a/net/netfilter/xt_CT.c +++ b/net/netfilter/xt_CT.c @@ -171,6 +171,9 @@ xt_ct_set_timeout(struct nf_conn *ct, const struct xt_tgchk_param *par, if (timeout_ext == NULL) ret = -ENOMEM; + rcu_read_unlock(); + return ret; + err_put_timeout: __xt_ct_tg_timeout_put(timeout); out: -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 10/35] ipvs: Remove possibly unused variable from ip_vs_out
From: David Ahern
Eric's net namespace changes in 1b75097dd7a26 leaves net unreferenced if
CONFIG_IP_VS_IPV6 is not enabled:
../net/netfilter/ipvs/ip_vs_core.c: In function ‘ip_vs_out’:
../net/netfilter/ipvs/ip_vs_core.c:1177:14: warning: unused variable ‘net’
[-Wunused-variable]
After the net refactoring there is only 1 user; push the reference to the
1 user. While the line length slightly exceeds 80 it seems to be the
best change.
Fixes: 1b75097dd7a26("ipvs: Pass ipvs into ip_vs_out")
Signed-off-by: David Ahern
Acked-by: Julian Anastasov
[horms: updated subject]
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_core.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index d08df43..3773154 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1172,7 +1172,6 @@ drop:
static unsigned int
ip_vs_out(struct netns_ipvs *ipvs, unsigned int hooknum, struct sk_buff *skb,
int af)
{
- struct net *net = ipvs->net;
struct ip_vs_iphdr iph;
struct ip_vs_protocol *pp;
struct ip_vs_proto_data *pd;
@@ -1272,7 +1271,7 @@ ip_vs_out(struct netns_ipvs *ipvs, unsigned int hooknum,
struct sk_buff *skb, in
#ifdef CONFIG_IP_VS_IPV6
if (af == AF_INET6) {
if (!skb->dev)
- skb->dev = net->loopback_dev;
+ skb->dev =
ipvs->net->loopback_dev;
icmpv6_send(skb,
ICMPV6_DEST_UNREACH,
ICMPV6_PORT_UNREACH,
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 22/35] netfilter: ip6_tables: ternary operator layout
From: Ian Morris
Correct whitespace layout of ternary operators in the netfilter-ipv6
code.
No changes detected by objdiff.
Signed-off-by: Ian Morris
Signed-off-by: Pablo Neira Ayuso
---
net/ipv6/netfilter/ip6_tables.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 62190c3..c57ddd3 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -117,7 +117,7 @@ ip6_packet_match(const struct sk_buff *skb,
if (FWINV(ret != 0, IP6T_INV_VIA_IN)) {
dprintf("VIA in mismatch (%s vs %s).%s\n",
indev, ip6info->iniface,
- ip6info->invflags&IP6T_INV_VIA_IN ?" (INV)":"");
+ ip6info->invflags & IP6T_INV_VIA_IN ? " (INV)" : "");
return false;
}
@@ -126,7 +126,7 @@ ip6_packet_match(const struct sk_buff *skb,
if (FWINV(ret != 0, IP6T_INV_VIA_OUT)) {
dprintf("VIA out mismatch (%s vs %s).%s\n",
outdev, ip6info->outiface,
- ip6info->invflags&IP6T_INV_VIA_OUT ?" (INV)":"");
+ ip6info->invflags & IP6T_INV_VIA_OUT ? " (INV)" : "");
return false;
}
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 21/35] netfilter: ipv6: whitespace around operators
From: Ian Morris
This patch cleanses whitespace around arithmetical operators.
No changes detected by objdiff.
Signed-off-by: Ian Morris
Signed-off-by: Pablo Neira Ayuso
---
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 4 ++--
net/ipv6/netfilter/nf_conntrack_reasm.c| 2 +-
net/ipv6/netfilter/nf_reject_ipv6.c| 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index d3b7974..660bc10 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -57,12 +57,12 @@ static const u_int8_t invmap[] = {
[ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1,
[ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1,
[ICMPV6_NI_QUERY - 128] = ICMPV6_NI_REPLY + 1,
- [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_QUERY +1
+ [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_QUERY + 1
};
static const u_int8_t noct_valid_new[] = {
[ICMPV6_MGM_QUERY - 130] = 1,
- [ICMPV6_MGM_REPORT -130] = 1,
+ [ICMPV6_MGM_REPORT - 130] = 1,
[ICMPV6_MGM_REDUCTION - 130] = 1,
[NDISC_ROUTER_SOLICITATION - 130] = 1,
[NDISC_ROUTER_ADVERTISEMENT - 130] = 1,
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c
b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 701cd2b..cfcc71f 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -445,7 +445,7 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct net_device
*dev)
skb_reset_transport_header(head);
skb_push(head, head->data - skb_network_header(head));
- for (fp=head->next; fp; fp = fp->next) {
+ for (fp = head->next; fp; fp = fp->next) {
head->data_len += fp->len;
head->len += fp->len;
if (head->ip_summed != fp->ip_summed)
diff --git a/net/ipv6/netfilter/nf_reject_ipv6.c
b/net/ipv6/netfilter/nf_reject_ipv6.c
index 94b4c6d..5629db8 100644
--- a/net/ipv6/netfilter/nf_reject_ipv6.c
+++ b/net/ipv6/netfilter/nf_reject_ipv6.c
@@ -26,7 +26,7 @@ const struct tcphdr *nf_reject_ip6_tcphdr_get(struct sk_buff
*oldskb,
int tcphoff;
proto = oip6h->nexthdr;
- tcphoff = ipv6_skip_exthdr(oldskb, ((u8*)(oip6h+1) - oldskb->data),
+ tcphoff = ipv6_skip_exthdr(oldskb, ((u8 *)(oip6h + 1) - oldskb->data),
&proto, &frag_off);
if ((tcphoff < 0) || (tcphoff > oldskb->len)) {
@@ -224,7 +224,7 @@ static bool reject6_csum_ok(struct sk_buff *skb, int hook)
return true;
proto = ip6h->nexthdr;
- thoff = ipv6_skip_exthdr(skb, ((u8*)(ip6h+1) - skb->data), &proto, &fo);
+ thoff = ipv6_skip_exthdr(skb, ((u8 *)(ip6h + 1) - skb->data), &proto,
&fo);
if (thoff < 0 || thoff >= skb->len || (fo & htons(~0x7)) != 0)
return false;
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 03/35] netfilter: rename nfnetlink_queue_core.c to nfnetlink_queue.c
Now that we have integrated the ct glue code into nfnetlink_queue without
introducing dependencies with the conntrack code.
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/Makefile | 1 -
net/netfilter/{nfnetlink_queue_core.c => nfnetlink_queue.c} | 0
2 files changed, 1 deletion(-)
rename net/netfilter/{nfnetlink_queue_core.c => nfnetlink_queue.c} (100%)
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index 4d68e72..7638c36 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -10,7 +10,6 @@ obj-$(CONFIG_NETFILTER) = netfilter.o
obj-$(CONFIG_NETFILTER_NETLINK) += nfnetlink.o
obj-$(CONFIG_NETFILTER_NETLINK_ACCT) += nfnetlink_acct.o
-nfnetlink_queue-y := nfnetlink_queue_core.o
obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += nfnetlink_queue.o
obj-$(CONFIG_NETFILTER_NETLINK_LOG) += nfnetlink_log.o
diff --git a/net/netfilter/nfnetlink_queue_core.c
b/net/netfilter/nfnetlink_queue.c
similarity index 100%
rename from net/netfilter/nfnetlink_queue_core.c
rename to net/netfilter/nfnetlink_queue.c
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 34/35] netfilter: ipv4: code indentation
From: Ian Morris
Use tabs instead of spaces to indent code.
No changes detected by objdiff.
Signed-off-by: Ian Morris
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/ip_tables.c| 6 +++---
net/ipv4/netfilter/ipt_SYNPROXY.c | 2 +-
net/ipv4/netfilter/iptable_security.c | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 3991a87..b99affa 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -431,8 +431,8 @@ ipt_do_table(struct sk_buff *skb,
} while (!acpar.hotdrop);
pr_debug("Exiting %s; sp at %u\n", __func__, stackidx);
- xt_write_recseq_end(addend);
- local_bh_enable();
+ xt_write_recseq_end(addend);
+ local_bh_enable();
#ifdef DEBUG_ALLOW_ALL
return NF_ACCEPT;
@@ -484,7 +484,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
unsigned int oldpos, size;
if ((strcmp(t->target.u.user.name,
- XT_STANDARD_TARGET) == 0) &&
+ XT_STANDARD_TARGET) == 0) &&
t->verdict < -NF_MAX_VERDICT - 1) {
duprintf("mark_source_chains: bad "
"negative verdict (%i)\n",
diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c
b/net/ipv4/netfilter/ipt_SYNPROXY.c
index f105b6f..a105836 100644
--- a/net/ipv4/netfilter/ipt_SYNPROXY.c
+++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -231,7 +231,7 @@ synproxy_send_client_ack(const struct synproxy_net *snet,
synproxy_build_options(nth, opts);
synproxy_send_tcp(snet, skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY,
- niph, nth, tcp_hdr_size);
+ niph, nth, tcp_hdr_size);
}
static bool
diff --git a/net/ipv4/netfilter/iptable_security.c
b/net/ipv4/netfilter/iptable_security.c
index f534e2f..c2e23d5 100644
--- a/net/ipv4/netfilter/iptable_security.c
+++ b/net/ipv4/netfilter/iptable_security.c
@@ -79,7 +79,7 @@ static int __init iptable_security_init(void)
int ret;
ret = register_pernet_subsys(&iptable_security_net_ops);
-if (ret < 0)
+ if (ret < 0)
return ret;
sectbl_ops = xt_hook_link(&security_table, iptable_security_hook);
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 33/35] netfilter: ipv4: function definition layout
From: Ian Morris
Use tabs instead of spaces to indent second line of parameters in
function definitions.
No changes detected by objdiff.
Signed-off-by: Ian Morris
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/arp_tables.c | 6 +++---
net/ipv4/netfilter/ip_tables.c | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index eb6663bd..11dccba 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -632,7 +632,7 @@ static inline void cleanup_entry(struct arpt_entry *e)
* newinfo).
*/
static int translate_table(struct xt_table_info *newinfo, void *entry0,
- const struct arpt_replace *repl)
+ const struct arpt_replace *repl)
{
struct arpt_entry *iter;
unsigned int i;
@@ -892,7 +892,7 @@ static int compat_table_info(const struct xt_table_info
*info,
#endif
static int get_info(struct net *net, void __user *user,
-const int *len, int compat)
+ const int *len, int compat)
{
char name[XT_TABLE_MAXNAMELEN];
struct xt_table *t;
@@ -1069,7 +1069,7 @@ static int __do_replace(struct net *net, const char *name,
}
static int do_replace(struct net *net, const void __user *user,
- unsigned int len)
+ unsigned int len)
{
int ret;
struct arpt_replace tmp;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 08b7ab0..3991a87 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -804,7 +804,7 @@ cleanup_entry(struct ipt_entry *e, struct net *net)
newinfo) */
static int
translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0,
-const struct ipt_replace *repl)
+ const struct ipt_replace *repl)
{
struct ipt_entry *iter;
unsigned int i;
@@ -1078,7 +1078,7 @@ static int compat_table_info(const struct xt_table_info
*info,
#endif
static int get_info(struct net *net, void __user *user,
-const int *len, int compat)
+ const int *len, int compat)
{
char name[XT_TABLE_MAXNAMELEN];
struct xt_table *t;
@@ -1304,7 +1304,7 @@ do_replace(struct net *net, const void __user *user,
unsigned int len)
static int
do_add_counters(struct net *net, const void __user *user,
-unsigned int len, int compat)
+ unsigned int len, int compat)
{
unsigned int i;
struct xt_counters_info tmp;
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 27/35] netfilter: remove hook owner refcounting
From: Florian Westphal
since commit 8405a8fff3f8 ("netfilter: nf_qeueue: Drop queue entries on
nf_unregister_hook") all pending queued entries are discarded.
So we can simply remove all of the owner handling -- when module is
removed it also needs to unregister all its hooks.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/linux/netfilter.h | 1 -
net/bridge/br_netfilter_hooks.c| 7 ---
net/bridge/netfilter/ebtable_filter.c | 3 ---
net/bridge/netfilter/ebtable_nat.c | 3 ---
net/ipv4/netfilter/ipt_SYNPROXY.c | 2 --
net/ipv4/netfilter/iptable_nat.c | 4
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 6 --
net/ipv4/netfilter/nf_defrag_ipv4.c| 2 --
net/ipv6/netfilter/ip6t_SYNPROXY.c | 2 --
net/ipv6/netfilter/ip6table_nat.c | 4
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 6 --
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 2 --
net/netfilter/ipvs/ip_vs_core.c| 12
net/netfilter/nf_queue.c | 5 -
net/netfilter/nf_tables_api.c | 1 -
net/netfilter/x_tables.c | 1 -
security/selinux/hooks.c | 5 -
security/smack/smack_netfilter.c | 2 --
18 files changed, 68 deletions(-)
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index edb3dc3..ef11e1d 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -90,7 +90,6 @@ struct nf_hook_ops {
/* User fills in from here down. */
nf_hookfn *hook;
struct net_device *dev;
- struct module *owner;
void*priv;
u_int8_tpf;
unsigned inthooknum;
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
index 18905d4..9d30519 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -901,49 +901,42 @@ EXPORT_SYMBOL_GPL(br_netfilter_enable);
static struct nf_hook_ops br_nf_ops[] __read_mostly = {
{
.hook = br_nf_pre_routing,
- .owner = THIS_MODULE,
.pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_PRE_ROUTING,
.priority = NF_BR_PRI_BRNF,
},
{
.hook = br_nf_local_in,
- .owner = THIS_MODULE,
.pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_LOCAL_IN,
.priority = NF_BR_PRI_BRNF,
},
{
.hook = br_nf_forward_ip,
- .owner = THIS_MODULE,
.pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_FORWARD,
.priority = NF_BR_PRI_BRNF - 1,
},
{
.hook = br_nf_forward_arp,
- .owner = THIS_MODULE,
.pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_FORWARD,
.priority = NF_BR_PRI_BRNF,
},
{
.hook = br_nf_post_routing,
- .owner = THIS_MODULE,
.pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_POST_ROUTING,
.priority = NF_BR_PRI_LAST,
},
{
.hook = ip_sabotage_in,
- .owner = THIS_MODULE,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP_PRI_FIRST,
},
{
.hook = ip_sabotage_in,
- .owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP6_PRI_FIRST,
diff --git a/net/bridge/netfilter/ebtable_filter.c
b/net/bridge/netfilter/ebtable_filter.c
index f9242df..32eccd1 100644
--- a/net/bridge/netfilter/ebtable_filter.c
+++ b/net/bridge/netfilter/ebtable_filter.c
@@ -73,21 +73,18 @@ ebt_out_hook(void *priv, struct sk_buff *skb,
static struct nf_hook_ops ebt_ops_filter[] __read_mostly = {
{
.hook = ebt_in_hook,
- .owner = THIS_MODULE,
.pf = NFPROTO_BRIDGE,
.hooknum= NF_BR_LOCAL_IN,
.priority = NF_BR_PRI_FILTER_BRIDGED,
},
{
.hook = ebt_in_hook,
- .owner = THIS_MODULE,
.pf = NFPROTO_BRIDGE,
.hooknum= NF_BR_FORWARD,
.priority = NF_BR_PRI_FILTER_BRIDGED,
},
{
.hook = ebt_out_hook,
- .owner = THIS_MODULE,
.pf = NFPROTO_BRIDGE,
.hooknum= NF_BR_LOCAL_OUT,
.priority = NF_BR_PRI_FILTER_OTHER,
diff --git a/net/bridge/netfilter/ebtable_nat.c
b/n
[PATCH 31/35] netfilter: ipv4: label placement
From: Ian Morris
Whitespace cleansing: Labels should not be indented.
No changes detected by objdiff.
Signed-off-by: Ian Morris
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/arp_tables.c | 2 +-
net/ipv4/netfilter/ip_tables.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 2dad3e1..7300616 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -468,7 +468,7 @@ static int mark_source_chains(const struct xt_table_info
*newinfo,
pos = newpos;
}
}
- next:
+next:
duprintf("Finished chain %u\n", hook);
}
return 1;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 42d0946..3be2a4d 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -549,7 +549,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
pos = newpos;
}
}
- next:
+next:
duprintf("Finished chain %u\n", hook);
}
return 1;
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 28/35] netfilter: make nf_queue_entry_get_refs return void
From: Florian Westphal
We don't care if module is being unloaded anymore since hook unregister
handling will destroy queue entries using that hook.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/nf_queue.h | 2 +-
net/netfilter/core.c | 2 --
net/netfilter/nf_queue.c | 11 ++-
net/netfilter/nfnetlink_queue.c | 11 ---
4 files changed, 7 insertions(+), 19 deletions(-)
diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h
index e863585..9c5638a 100644
--- a/include/net/netfilter/nf_queue.h
+++ b/include/net/netfilter/nf_queue.h
@@ -32,7 +32,7 @@ void nf_register_queue_handler(const struct nf_queue_handler
*qh);
void nf_unregister_queue_handler(void);
void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict);
-bool nf_queue_entry_get_refs(struct nf_queue_entry *entry);
+void nf_queue_entry_get_refs(struct nf_queue_entry *entry);
void nf_queue_entry_release_refs(struct nf_queue_entry *entry);
static inline void init_hashrandom(u32 *jhash_initval)
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 32a2894..09e661c 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -313,8 +313,6 @@ next_hook:
int err = nf_queue(skb, elem, state,
verdict >> NF_VERDICT_QBITS);
if (err < 0) {
- if (err == -ECANCELED)
- goto next_hook;
if (err == -ESRCH &&
(verdict & NF_VERDICT_FLAG_QUEUE_BYPASS))
goto next_hook;
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index eef1c50..efc9688 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -73,7 +73,7 @@ void nf_queue_entry_release_refs(struct nf_queue_entry *entry)
EXPORT_SYMBOL_GPL(nf_queue_entry_release_refs);
/* Bump dev refs so they don't vanish while packet is out */
-bool nf_queue_entry_get_refs(struct nf_queue_entry *entry)
+void nf_queue_entry_get_refs(struct nf_queue_entry *entry)
{
struct nf_hook_state *state = &entry->state;
@@ -95,8 +95,6 @@ bool nf_queue_entry_get_refs(struct nf_queue_entry *entry)
dev_hold(physdev);
}
#endif
-
- return true;
}
EXPORT_SYMBOL_GPL(nf_queue_entry_get_refs);
@@ -151,10 +149,7 @@ int nf_queue(struct sk_buff *skb,
.size = sizeof(*entry) + afinfo->route_key_size,
};
- if (!nf_queue_entry_get_refs(entry)) {
- status = -ECANCELED;
- goto err_unlock;
- }
+ nf_queue_entry_get_refs(entry);
skb_dst_force(skb);
afinfo->saveroute(skb, entry);
status = qh->outfn(entry, queuenum);
@@ -215,8 +210,6 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int
verdict)
err = nf_queue(skb, elem, &entry->state,
verdict >> NF_VERDICT_QBITS);
if (err < 0) {
- if (err == -ECANCELED)
- goto next_hook;
if (err == -ESRCH &&
(verdict & NF_VERDICT_FLAG_QUEUE_BYPASS))
goto next_hook;
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index a659e57..7d81d28 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -606,12 +606,9 @@ static struct nf_queue_entry *
nf_queue_entry_dup(struct nf_queue_entry *e)
{
struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC);
- if (entry) {
- if (nf_queue_entry_get_refs(entry))
- return entry;
- kfree(entry);
- }
- return NULL;
+ if (entry)
+ nf_queue_entry_get_refs(entry);
+ return entry;
}
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
@@ -706,7 +703,7 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned
int queuenum)
nf_bridge_adjust_skb_data(skb);
segs = skb_gso_segment(skb, 0);
/* Does not use PTR_ERR to limit the number of error codes that can be
-* returned by nf_queue. For instance, callers rely on -ECANCELED to
+* returned by nf_queue. For instance, callers rely on -ESRCH to
* mean 'ignore this hook'.
*/
if (IS_ERR_OR_NULL(segs))
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 35/35] netfilter: ipv4: whitespace around operators
From: Ian Morris
This patch cleanses whitespace around arithmetical operators.
No changes detected by objdiff.
Signed-off-by: Ian Morris
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/ipt_CLUSTERIP.c | 8
net/ipv4/netfilter/ipt_ah.c| 2 +-
net/ipv4/netfilter/nf_nat_snmp_basic.c | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c
b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 3f32c03..4a9e6db 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -492,14 +492,14 @@ static void arp_print(struct arp_payload *payload)
{
#define HBUFFERLEN 30
char hbuffer[HBUFFERLEN];
- int j,k;
+ int j, k;
- for (k=0, j=0; k < HBUFFERLEN-3 && j < ETH_ALEN; j++) {
+ for (k = 0, j = 0; k < HBUFFERLEN - 3 && j < ETH_ALEN; j++) {
hbuffer[k++] = hex_asc_hi(payload->src_hw[j]);
hbuffer[k++] = hex_asc_lo(payload->src_hw[j]);
- hbuffer[k++]=':';
+ hbuffer[k++] = ':';
}
- hbuffer[--k]='\0';
+ hbuffer[--k] = '\0';
pr_debug("src %pI4@%s, dst %pI4\n",
&payload->src_ip, hbuffer, &payload->dst_ip);
diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c
index 14a2aa8..a787d07 100644
--- a/net/ipv4/netfilter/ipt_ah.c
+++ b/net/ipv4/netfilter/ipt_ah.c
@@ -25,7 +25,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool
invert)
bool r;
pr_debug("spi_match:%c 0x%x <= 0x%x <= 0x%x\n",
invert ? '!' : ' ', min, spi, max);
- r=(spi >= min && spi <= max) ^ invert;
+ r = (spi >= min && spi <= max) ^ invert;
pr_debug(" result %s\n", r ? "PASS" : "FAILED");
return r;
}
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c
b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index 7c67667..ddb894a 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -1156,7 +1156,7 @@ static int snmp_parse_mangle(unsigned char *msg,
}
if (obj->type == SNMP_IPADDR)
- mangle_address(ctx.begin, ctx.pointer - 4 , map, check);
+ mangle_address(ctx.begin, ctx.pointer - 4, map, check);
kfree(obj->id);
kfree(obj);
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 20/35] netfilter: ipv6: code indentation
From: Ian Morris
Use tabs instead of spaces to indent code.
No changes detected by objdiff.
Signed-off-by: Ian Morris
Signed-off-by: Pablo Neira Ayuso
---
net/ipv6/netfilter/ip6_tables.c | 4 ++--
net/ipv6/netfilter/ip6t_SYNPROXY.c| 2 +-
net/ipv6/netfilter/nft_chain_route_ipv6.c | 6 +++---
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 0654312..62190c3 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -443,8 +443,8 @@ ip6t_do_table(struct sk_buff *skb,
break;
} while (!acpar.hotdrop);
- xt_write_recseq_end(addend);
- local_bh_enable();
+ xt_write_recseq_end(addend);
+ local_bh_enable();
#ifdef DEBUG_ALLOW_ALL
return NF_ACCEPT;
diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c
b/net/ipv6/netfilter/ip6t_SYNPROXY.c
index c235660..5312e9d 100644
--- a/net/ipv6/netfilter/ip6t_SYNPROXY.c
+++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c
@@ -244,7 +244,7 @@ synproxy_send_client_ack(const struct synproxy_net *snet,
synproxy_build_options(nth, opts);
synproxy_send_tcp(snet, skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY,
- niph, nth, tcp_hdr_size);
+ niph, nth, tcp_hdr_size);
}
static bool
diff --git a/net/ipv6/netfilter/nft_chain_route_ipv6.c
b/net/ipv6/netfilter/nft_chain_route_ipv6.c
index 9df75bd..71d995f 100644
--- a/net/ipv6/netfilter/nft_chain_route_ipv6.c
+++ b/net/ipv6/netfilter/nft_chain_route_ipv6.c
@@ -61,11 +61,11 @@ static const struct nf_chain_type nft_chain_route_ipv6 = {
.name = "route",
.type = NFT_CHAIN_T_ROUTE,
.family = NFPROTO_IPV6,
-.owner = THIS_MODULE,
+ .owner = THIS_MODULE,
.hook_mask = (1 << NF_INET_LOCAL_OUT),
.hooks = {
-[NF_INET_LOCAL_OUT]= nf_route_table_hook,
-},
+ [NF_INET_LOCAL_OUT] = nf_route_table_hook,
+ },
};
static int __init nft_chain_route_init(void)
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 18/35] netfilter: ip6_tables: label placement
From: Ian Morris
Whitespace cleansing: Labels should not be indented.
No changes detected by objdiff.
Signed-off-by: Ian Morris
Signed-off-by: Pablo Neira Ayuso
---
net/ipv6/netfilter/ip6_tables.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 80e3bd7..67a2821 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -561,7 +561,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
pos = newpos;
}
}
- next:
+next:
duprintf("Finished chain %u\n", hook);
}
return 1;
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 30/35] netfilter: turn NF_HOOK into an inline function
From: Arnd Bergmann
A recent change to the dst_output handling caused a new warning
when the call to NF_HOOK() is the only used of a local variable
passed as 'dev', and CONFIG_NETFILTER is disabled:
net/ipv6/ip6_output.c: In function 'ip6_output':
net/ipv6/ip6_output.c:135:21: warning: unused variable 'dev' [-Wunused-variable]
The reason for this is that the NF_HOOK macro in this case does
not reference the variable at all, and the call to dev_net(dev)
got removed from the ip6_output function. To avoid that warning now
and in the future, this changes the macro into an equivalent
inline function, which tells the compiler that the variable is
passed correctly but still unused.
The dn_forward function apparently had the same problem in
the past and added a local workaround that no longer works
with the inline function. In order to avoid a regression, we
have to also remove the #ifdef from decnet in the same patch.
Fixes: ede2059dbaf9 ("dst: Pass net into dst->output")
Signed-off-by: Arnd Bergmann
Signed-off-by: Pablo Neira Ayuso
---
include/linux/netfilter.h | 19 +--
net/decnet/dn_route.c | 2 --
2 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index ef11e1d..0ad5567 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -346,8 +346,23 @@ nf_nat_decode_session(struct sk_buff *skb, struct flowi
*fl, u_int8_t family)
}
#else /* !CONFIG_NETFILTER */
-#define NF_HOOK(pf, hook, net, sk, skb, indev, outdev, okfn) (okfn)(net, sk,
skb)
-#define NF_HOOK_COND(pf, hook, net, sk, skb, indev, outdev, okfn, cond)
(okfn)(net, sk, skb)
+static inline int
+NF_HOOK_COND(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk,
+struct sk_buff *skb, struct net_device *in, struct net_device *out,
+int (*okfn)(struct net *, struct sock *, struct sk_buff *),
+bool cond)
+{
+ return okfn(net, sk, skb);
+}
+
+static inline int
+NF_HOOK(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk,
+ struct sk_buff *skb, struct net_device *in, struct net_device *out,
+ int (*okfn)(struct net *, struct sock *, struct sk_buff *))
+{
+ return okfn(net, sk, skb);
+}
+
static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net,
struct sock *sk, struct sk_buff *skb,
struct net_device *indev, struct net_device *outdev,
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c
index e930321..0c491fc 100644
--- a/net/decnet/dn_route.c
+++ b/net/decnet/dn_route.c
@@ -789,9 +789,7 @@ static int dn_forward(struct sk_buff *skb)
struct dn_dev *dn_db = rcu_dereference(dst->dev->dn_ptr);
struct dn_route *rt;
int header_len;
-#ifdef CONFIG_NETFILTER
struct net_device *dev = skb->dev;
-#endif
if (skb->pkt_type != PACKET_HOST)
goto drop;
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v3] netfilter: ipset: Fix sleeping memory allocation in atomic context
On Fri, Oct 16, 2015 at 01:58:55PM +0200, Jozsef Kadlecsik wrote: > The patch is applied in the ipset package tree. Thanks! Applied to the nf tree, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/2] NFC: delete null dereference
The exit label performs device_unlock(&dev->dev);, which will fail when dev
is NULL, and nfc_put_device(dev);, which is not useful when dev is NULL, so
just exit the function immediately.
Problem found using scripts/coccinelle/null/deref_null.cocci
Signed-off-by: Julia Lawall
---
net/nfc/netlink.c |6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index 853172c..f040532 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -1109,10 +1109,8 @@ static int nfc_genl_llc_sdreq(struct sk_buff *skb,
struct genl_info *info)
idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
dev = nfc_get_device(idx);
- if (!dev) {
- rc = -ENODEV;
- goto exit;
- }
+ if (!dev)
+ return -ENODEV;
device_lock(&dev->dev);
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 0/2] delete null dereference
These patches delete NULL dereferences, as detected by scripts/coccinelle/null/deref_null.cocci. --- drivers/media/pci/netup_unidvb/netup_unidvb_spi.c |6 ++ net/nfc/netlink.c |6 ++ 2 files changed, 4 insertions(+), 8 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCHv2 net] openvswitch: Scrub skb between namespaces
On 10/16/15 at 11:08am, Joe Stringer wrote: > If OVS receives a packet from another namespace, then the packet should > be scrubbed. However, people have already begun to rely on the behaviour > that skb->mark is preserved across namespaces, so retain this one field. > > This is mainly to address information leakage between namespaces when > using OVS internal ports, but by placing it in ovs_vport_receive() it is > more generally applicable, meaning it should not be overlooked if other > port types are allowed to be moved into namespaces in future. > > Signed-off-by: Joe Stringer Perfect, thanks! Acked-by: Thomas Graf -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCHv2 net 3/3] openvswitch: Serialize nested ct actions if provided
On 10/16/15 at 11:08am, Joe Stringer wrote: > If userspace provides a ct action with no nested mark or label, then the > storage for these fields is zeroed. Later when actions are requested, > such zeroed fields are serialized even though userspace didn't > originally specify them. Fix the behaviour by ensuring that no action is > serialized in this case, and reject actions where userspace attempts to > set these fields with mask=0. This should make netlink marshalling > consistent across deserialization/reserialization. > > Reported-by: Jarno Rajahalme > Signed-off-by: Joe Stringer Acked-by: Thomas Graf -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCHv2 net 2/3] openvswitch: Treat IP_CT_RELATED as new
On 10/16/15 at 11:08am, Joe Stringer wrote: > New, related connections are marked as such as part of ovs_ct_lookup(), > but they are not marked as "new" if the commit flag is used. Make this > consistent by treating IP_CT_RELATED as new as well. > > Reported-by: Jarno Rajahalme > Signed-off-by: Joe Stringer > Acked-by: Pravin B Shelar > --- > v2: Acked. > --- > net/openvswitch/conntrack.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c > index 80bf702715bb..480dbb9095b7 100644 > --- a/net/openvswitch/conntrack.c > +++ b/net/openvswitch/conntrack.c > @@ -86,6 +86,8 @@ static u8 ovs_ct_get_state(enum ip_conntrack_info ctinfo) > ct_state |= OVS_CS_F_ESTABLISHED; > break; > case IP_CT_RELATED: > + ct_state |= OVS_CS_F_NEW; > + /* Fall through */ > case IP_CT_RELATED_REPLY: > ct_state |= OVS_CS_F_RELATED; > break; I'm probably missing something obvious. Why is the reply direction not considered NEW? Wouldn't this consider an ICMPv6 as related+new depending on simply the direction? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH net] tunnels: Don't require remote endpoint or ID during creation.
On 10/16/15 at 04:36pm, Jesse Gross wrote: > Before lightweight tunnels existed, it really didn't make sense to > create a tunnel that was not fully specified, such as without a > destination IP address - the resulting packets would go nowhere. > However, with lightweight tunnels, the opposite is true - it doesn't > make sense to require this information when it will be provided later > on by the route. This loosens the requirements for this information. > > An alternative would be to allow the relaxed version only when > COLLECT_METADATA is enabled. However, since there are several > variations on this theme (such as NBMA tunnels in GRE), just dropping > the restrictions seems the most consistent across tunnels and with > the existing configuration. > > CC: John Linville > Signed-off-by: Jesse Gross I left it like it was for VXLAN with the thought that you had specifically enable the metadata driven TX but I'm perfectly fine with this as well. Signed-off-by: Thomas Graf -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCHv2 net 1/3] openvswitch: Reject ct_state masks for unknown bits
On 10/16/15 at 11:08am, Joe Stringer wrote: > Currently, 0-bits are generated in ct_state where the bit position is > undefined, and matches are accepted on these bit-positions. If userspace > requests to match the 0-value for this bit then it may expect only a > subset of traffic to match this value, whereas currently all packets > will have this bit set to 0. Fix this by rejecting such masks. > > Signed-off-by: Joe Stringer > Acked-by: Pravin B Shelar Acked-by: Thomas Graf -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
