In setups with fixed-link settings there is no mdio node in DTS.
axienet_probe() already handles that gracefully but lp->mii_bus is
then NULL.
Fix code that tries to blindly grab the MDIO lock by introducing two helper
functions that make the locking conditional.
Signed-off-by: Daniel M
On 3/24/21 1:38 PM, Andrew Lunn wrote:
> On Wed, Mar 24, 2021 at 10:48:55AM +0100, Daniel Mack wrote:
>> In setups with fixed-link settings on the hardware bus there is no mdio node
>> in DTS. axienet_probe() already handles that gracefully but lp->mii_bus is
>> then N
off-by: Daniel Mack
---
drivers/net/ethernet/xilinx/xilinx_axienet.h | 12
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 8
2 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet.h
b/drivers/net/ethernet/xil
Andrew,
This version should address the comments you had on my initial
submission. Does this one look better now?
Thanks,
Daniel
On 6/20/20 9:39 PM, Daniel Mack wrote:
> The driver for Marvell switches puts all ports in IGMP snooping mode
> which results in all IGMP/MLD frames that ingr
On 6/22/20 9:43 PM, Russell King - ARM Linux admin wrote:
> On Mon, Jun 22, 2020 at 09:16:59PM +0200, Daniel Mack wrote:
>> On 6/22/20 8:58 PM, Russell King - ARM Linux admin wrote:
>>> I don't see an issue here:
>>>
>>> # ethtool -s lan1 autoneg off spee
Hi Russell,
On 6/22/20 8:58 PM, Russell King - ARM Linux admin wrote:
> On Mon, Jun 22, 2020 at 08:44:51PM +0200, Daniel Mack wrote:
>> On 6/22/20 8:41 PM, Andrew Lunn wrote:
>>> How are you trying to change the speed?
>>
>> With ethtool for instance. But all u
On 6/22/20 8:41 PM, Andrew Lunn wrote:
> On Mon, Jun 22, 2020 at 08:34:43PM +0200, Daniel Mack wrote:
>> Ports with internal PHYs that are not in 'fixed-link' mode are currently
>> only set up once at startup with a static config. Attempts to change the
>> li
Hi Andrew,
Picking up this ancient thread, sorry for the delay.
On 3/30/20 3:40 PM, Andrew Lunn wrote:
> On Mon, Mar 30, 2020 at 11:29:27AM +0200, Daniel Mack wrote:
>> On 3/28/20 12:52 AM, Andrew Lunn wrote:
>>> Did you turn off auto-neg on the external PHY and use fixed 100Fu
d to
1000M, setups with reduced link speed on such ports are unsupported.
Change that, and allow the configuration of all ports with the passed
settings.
Signed-off-by: Daniel Mack
---
Russell,
This changes the behaviour implemented in c9a2356f35409a ("net:
dsa: mv88e6xxx: add PHYLINK support&q
frame possible for trapped IGMP packets.
Introduce some #defines for the frame types to make the code a bit more
comprehensive.
This was tested on a Marvell 88E6352 variant.
Signed-off-by: Daniel Mack
---
v2:
* Limit IGMP handling to TO_CPU frames
* Use #defines for the TO_CPU codes and the
frame possible for trapped IGMP packets.
This was tested on a Marvell 88E6352 variant.
Signed-off-by: Daniel Mack
---
net/dsa/tag_edsa.c | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/net/dsa/tag_edsa.c b/net/dsa/tag_edsa.c
index e8eaa804ccb9e..b7cb5dac46c3e
On 6/20/20 4:35 PM, Andrew Lunn wrote:
>> So yes, we can read the code here, but I'm wondering which packet types
>> would then get this flag set, and which won't. Because in case of
>> IGMP/MLD, the packets are in fact forwarded, but the meaning of the flag
>> in skb is to prevent the skb from bei
On 6/20/20 12:36 AM, Andrew Lunn wrote:
>> I've run into the same issue. To resolve it, In my case, in the same file,
>> I've had to send all IGMP control traffic to the CPU:
>> skb->offload_fwd_mark = 1;
>> switch (ih->type) {
>> case IGMP_HOST_MEMBERSHIP_REPORT:
>>
Hi Andrew,
Thanks a lot for the quick reply!
On 6/19/20 11:58 PM, Andrew Lunn wrote:
> On Fri, Jun 19, 2020 at 11:31:04PM +0200, Daniel Mack wrote:
>> When an IGMP query enters the switch, it is redirected to the CPU port
>> as all 'external' ports are configured for
Hi,
I'm working on a custom board featuring a Marvell mv88e6085 Ethernet
switch controlled by the Linux DSA driver, and I'm facing an issue with
IGMP packet flows.
Consider two Ethernet stations, each connected to the switch on a
dedicated port. A Linux bridge combines the two ports. In my setup,
overhead because we do this even
>>>> if the speed was 100Mbps already. But this is neglectable and
>>>> I think justified by the much simpler code.
>>>>
>>>> Changes are compile-tested only.
>>>>
>>>> Signed-off-by: Heine
more
generic function dma_request_slave_channel().
Signed-off-by: Robert Jarzmik
Reviewed-by: Daniel Mack
---
sound/arm/pxa2xx-ac97.c | 14 ++
sound/arm/pxa2xx-pcm-lib.c | 6 +++---
sound/soc/pxa/pxa2xx-ac97.c | 32 +---
sound/soc/pxa/pxa2xx
. is a 1-1 match to
ssp., and the channels are either "rx" or "tx".
- for device tree platforms, the dma node should be hooked into the
pxa2xx-ac97 or pxa-ssp-dai node.
Signed-off-by: Robert Jarzmik
Acked-by: Daniel Mack
We should, however, merge what's left of
Hi Robert,
Please refer to the attached patch instead of the one I sent earlier. I
missed to also remove the platform_get_resource(IORESOURCE_DMA) call.
Thanks,
Daniel
On Friday, May 18, 2018 11:31 PM, Daniel Mack wrote:
Hi Robert,
Thanks for this series.
On Monday, April 02, 2018 04:26
dropped. I attached a version for the new
driver which you can pick instead.
Thanks,
Daniel
>From c63bc40bdfe2d596e42919235840109a2f1b2776 Mon Sep 17 00:00:00 2001
From: Daniel Mack
Date: Sat, 12 May 2018 21:50:13 +0200
Subject: [PATCH] mtd: rawnand: marvell: remove dmaengine compat code
As the
On 09/20/2017 08:51 PM, Craig Gallek wrote:
> On Wed, Sep 20, 2017 at 12:51 PM, Daniel Mack wrote:
>> Hi Craig,
>>
>> Thanks, this looks much cleaner already :)
>>
>> On 09/20/2017 06:22 PM, Craig Gallek wrote:
>>> diff --git a/kernel/bpf/lpm_trie.c b/ke
Hi Craig,
Thanks, this looks much cleaner already :)
On 09/20/2017 06:22 PM, Craig Gallek wrote:
> diff --git a/kernel/bpf/lpm_trie.c b/kernel/bpf/lpm_trie.c
> index 9d58a576b2ae..b5a7d70ec8b5 100644
> --- a/kernel/bpf/lpm_trie.c
> +++ b/kernel/bpf/lpm_trie.c
> @@ -397,7 +397,7 @@ static int trie
On 09/19/2017 11:29 PM, David Miller wrote:
> From: Craig Gallek
> Date: Tue, 19 Sep 2017 17:16:13 -0400
>
>> On Tue, Sep 19, 2017 at 5:13 PM, Daniel Mack wrote:
>>> On 09/19/2017 10:55 PM, David Miller wrote:
>>>> From: Craig Gallek
>>>> Date:
On 09/19/2017 10:55 PM, David Miller wrote:
> From: Craig Gallek
> Date: Mon, 18 Sep 2017 15:30:54 -0400
>
>> This was previously left as a TODO. Add the implementation and
>> extend the test to cover it.
>
> Series applied, thanks.
>
Hmm, I think these patches need some more discussion regar
Hi,
Thanks for working on this, Craig!
On 09/19/2017 06:12 PM, Daniel Borkmann wrote:
> On 09/19/2017 05:08 PM, Craig Gallek wrote:
>> On Mon, Sep 18, 2017 at 6:53 PM, Alexei Starovoitov wrote:
>>> On 9/18/17 12:30 PM, Craig Gallek wrote:
> [...]
+
+ next_bit = extract_bi
roup: add support for eBPF programs")
> Signed-off-by: Alexei Starovoitov
Looks good to me.
Acked-by: Daniel Mack
Let's get this into 4.10!
Thanks,
Daniel
> ---
> v1->v2: disallowed overridable->non_override transition as suggested by Andy
> added tests and fixed
On 01/23/2017 05:39 PM, Daniel Borkmann wrote:
> On 01/21/2017 05:26 PM, Daniel Mack wrote:
> [...]
>> +/* Called from syscall or from eBPF program */
>> +static int trie_update_elem(struct bpf_map *map,
>> +void *_key, void *value, u64 flags)
>&
lengths that are multiples of 8, in
the range from 8 to 2048. The key used for lookup and update operations
is a struct bpf_lpm_trie_key, and the value is a uint64_t.
The code carries more information about the internal implementation.
Signed-off-by: Daniel Mack
Reviewed-by: David Herrmann
mized data into bpf-lpm-maps and
verifies the trie-based bpf-map implementation behaves the same way
as tlpm.
The second part uses 'real world' IPv4 and IPv6 addresses and tests
the trie with those.
Signed-off-by: David Herrmann
Signed-off-by: Daniel Mack
---
tools/testing/self
alue sizes
* Removed node->flags and denode intermediate nodes through
node->value == NULL instead
rfc -> v1:
* Add __rcu pointer annotations to make sparse happy
* Fold _lpm_trie_find_target_node() into its only caller
* Fix some minor documenta
takes roughly 6.5us on my system. Lookups in empty tries
take ~1.8us on first try, ~0.9us on retries. Lookups in tries with 8192
entries take ~7.1us (on the first _and_ any subsequent try).
Signed-off-by: David Herrmann
Reviewed-by: Daniel Mack
---
samples/bpf/map_perf_test_kern.c | 30
mized data into bpf-lpm-maps and
verifies the trie-based bpf-map implementation behaves the same way
as tlpm.
The second part uses 'real world' IPv4 and IPv6 addresses and tests
the trie with those.
Signed-off-by: David Herrmann
Signed-off-by: Daniel Mack
---
tools/testing/self
lengths that are multiples of 8, in
the range from 8 to 2048. The key used for lookup and update operations
is a struct bpf_lpm_trie_key, and the value is a uint64_t.
The code carries more information about the internal implementation.
Signed-off-by: Daniel Mack
Reviewed-by: David Herrmann
ons to make sparse happy
* Fold _lpm_trie_find_target_node() into its only caller
* Fix some minor documentation issues
Daniel Mack (1):
bpf: add a longest prefix match trie map implementation
David Herrmann (1):
bpf: Add tests for the lpm trie map
include/uapi/linux/bpf.h
On 01/13/2017 07:01 PM, Alexei Starovoitov wrote:
> On Thu, Jan 12, 2017 at 06:29:21PM +0100, Daniel Mack wrote:
>> This trie implements a longest prefix match algorithm that can be used
>> to match IP addresses to a stored set of ranges.
>>
>> Internally, data is stor
mized data into bpf-lpm-maps and
verifies the trie-based bpf-map implementation behaves the same way
as tlpm.
The second part uses 'real world' IPv4 and IPv6 addresses and tests
the trie with those.
Signed-off-by: David Herrmann
Signed-off-by: Daniel Mack
---
tools/testing/self
lengths that are multiples of 8, in
the range from 8 to 2048. The key used for lookup and update operations
is a struct bpf_lpm_trie_key, and the value is a uint64_t.
The code carries more information about the internal implementation.
Signed-off-by: Daniel Mack
Reviewed-by: David Herrmann
>value == NULL instead
rfc -> v1:
* Add __rcu pointer annotations to make sparse happy
* Fold _lpm_trie_find_target_node() into its only caller
* Fix some minor documentation issues
Daniel Mack (1):
bpf: add a longest prefix match trie map implementation
David Herrm
Hi,
On 01/05/2017 09:01 PM, Daniel Borkmann wrote:
> On 01/05/2017 05:25 PM, Daniel Borkmann wrote:
>> On 12/29/2016 06:28 PM, Daniel Mack wrote:
> [...]
>>> +static struct bpf_map *trie_alloc(union bpf_attr *attr)
>>> +{
>>> +struct lpm_trie *
Hi Daniel,
Thanks for your feedback! I agree on all points. Two questions below.
On 01/05/2017 05:25 PM, Daniel Borkmann wrote:
> On 12/29/2016 06:28 PM, Daniel Mack wrote:
>> diff --git a/kernel/bpf/lpm_trie.c b/kernel/bpf/lpm_trie.c
>> new file mode 100644
>> i
lengths that are multiples of 8, in
the range from 8 to 2048. The key used for lookup and update operations
is a struct bpf_lpm_trie_key, and the value is a uint64_t.
The code carries more information about the internal implementation.
Signed-off-by: Daniel Mack
Reviewed-by: David Herrmann
mized data into bpf-lpm-maps and
verifies the trie-based bpf-map implementation behaves the same way
as tlpm.
The second part uses 'real world' IPv4 and IPv6 addresses and tests
the trie with those.
Signed-off-by: David Herrmann
Signed-off-by: Daniel Mack
---
tools/testing/self
much appreciated.
Thanks,
Daniel
Changelog:
rfc -> v1:
* Add __rcu pointer annotations to make sparse happy
* Fold _lpm_trie_find_target_node() into its only caller
* Fix some minor documentation issues
Daniel Mack (1):
bpf: add a longest prefix match trie map implem
Hi,
On 12/20/2016 06:23 PM, Andy Lutomirski wrote:
> On Tue, Dec 20, 2016 at 2:21 AM, Daniel Mack wrote:
> To clarify, since this thread has gotten excessively long and twisted,
> I think it's important that, for hooks attached to a cgroup, you be
> able to tell in a ge
Hi,
On 12/20/2016 04:50 AM, Andy Lutomirski wrote:
> On Mon, Dec 19, 2016 at 7:18 PM, Alexei Starovoitov
> wrote:
>> On Mon, Dec 19, 2016 at 04:25:32PM -0800, Andy Lutomirski wrote:
>>> I think we're still talking past each other. A big part of the point
>>> of changing it is that none of this i
The member 'effective' in 'struct cgroup_bpf' is protected by RCU.
Annotate it accordingly to squelch a sparse warning.
Signed-off-by: Daniel Mack
---
include/linux/bpf-cgroup.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/bpf-cgroup.h
mized data into bpf-lpm-maps and
verifies the trie-based bpf-map implementation behaves the same way
as tlpm.
The second part uses 'real world' IPv4 and IPv6 addresses and tests
the trie with those.
Signed-off-by: David Herrmann
Signed-off-by: Daniel Mack
---
tools/testing/self
iated.
Thanks,
Daniel
Daniel Mack (1):
bpf: add a longest prefix match trie map implementation
David Herrmann (1):
bpf: Add tests for the lpm trie map
include/uapi/linux/bpf.h | 7 +
kernel/bpf/Makefile| 2 +-
kernel/bpf/lpm_t
lengths that are multiples of 8, in
the range from 8 to 2048. The key used for lookup and update operations
is a struct bpf_lpm_trie_key, and the value is a uint64_t.
The code carries more information about the internal implementation.
Signed-off-by: Daniel Mack
Reviewed-by: David Herrmann
grams")
>> Signed-off-by: Alexei Starovoitov
>
> This fixes many build errors in samples/bpf/ due to wrong helper
> redefinitions (originating from kernel includes conflicting with
> samples' helper declarations).
>
> I don't see it pushed out to net-next yet, so:
>
> Acked-by: Daniel Borkmann
>
FWIW:
Acked-by: Daniel Mack
On 11/28/2016 02:03 PM, Daniel Borkmann wrote:
> On 11/28/2016 12:04 PM, Daniel Mack wrote:
>> There's a 'not' missing in one paragraph. Add it.
>>
>> Signed-off-by: Daniel Mack
>> Reported-by: Rami Rosen
>> Fixes: 3007098494be ("cgroup: add
There's a 'not' missing in one paragraph. Add it.
Signed-off-by: Daniel Mack
Reported-by: Rami Rosen
Fixes: 3007098494be ("cgroup: add support for eBPF programs")
---
kernel/bpf/cgroup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/
There's a 'not' missing in one paragraph. Add it.
Signed-off-by: Daniel Mack
Reported-by: Rami Rosen
Fixes: 3007098494be ("cgroup: add support for eBPF programs")
---
kernel/bpf/cgroup.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/
Hi Rami,
On 11/23/2016 11:46 PM, Rami Rosen wrote:
> A minor comment:
>
>> +/**
>> + * __cgroup_bpf_update() - Update the pinned program of a cgroup, and
>> + * propagate the change to descendants
>> + * @cgrp: The cgroup which descendants to traverse
>> + * @parent: The p
bpf(2)
syscall. For now, ingress and egress inet socket filtering are the
only supported use-cases.
Signed-off-by: Daniel Mack
Acked-by: Alexei Starovoitov
---
include/linux/bpf-cgroup.h | 79 +
include/linux/cgroup-defs.h | 4 ++
init/Kconfig| 12
(), and the payload starts at the
network headers (L3).
Note that cgroup_bpf_run_filter() is stubbed out as static inline nop
for !CONFIG_CGROUP_BPF, and is otherwise guarded by a static key if
the feature is unused.
Signed-off-by: Daniel Mack
Acked-by: Alexei Starovoitov
---
net/core/filter.c | 4
This program type is similar to BPF_PROG_TYPE_SOCKET_FILTER, except that
it does not allow BPF_LD_[ABS|IND] instructions and hooks up the
bpf_skb_load_bytes() helper.
Programs of this type will be attached to cgroups for network filtering
and accounting.
Signed-off-by: Daniel Mack
Acked-by
e
refer to the bpf cgroup controller implementation.
The API is guarded by CAP_NET_ADMIN.
Signed-off-by: Daniel Mack
Acked-by: Alexei Starovoitov
---
include/uapi/linux/bpf.h | 8 +
kernel/bpf/syscall.c | 81
2 files changed, 89
programs have access to
the skb through bpf_skb_load_bytes(), and the payload starts at the
network headers (L3).
Note that cgroup_bpf_run_filter() is stubbed out as static inline nop
for !CONFIG_CGROUP_BPF, and is otherwise guarded by a static key if
the feature is unused.
Signed-off-by: Daniel M
families should be supported, this can be extended in
the future.
* The sample program learned to support both ingress and egress, and
can now optionally make the eBPF program drop packets by making it
return 0.
Daniel Mack (6):
bpf: add new prog type for cgroup socket filtering
cgroup:
ed as 3rd argument,
which will make the generated eBPF program return 0 instead of 1, so
the kernel will drop the packet.
libbpf gained two new wrappers for the new syscall commands.
Signed-off-by: Daniel Mack
Acked-by: Alexei Starovoitov
---
samples/bpf/Makefile| 2 +
samples
case
other socket families should be supported, this can be extended in
the future.
* The sample program learned to support both ingress and egress, and
can now optionally make the eBPF program drop packets by making it
return 0.
Daniel Mack (6):
bpf: add new prog type for cgroup s
bpf(2)
syscall. For now, ingress and egress inet socket filtering are the
only supported use-cases.
Signed-off-by: Daniel Mack
Acked-by: Alexei Starovoitov
---
include/linux/bpf-cgroup.h | 79 +
include/linux/cgroup-defs.h | 4 ++
init/Kconfig| 12
(), and the payload starts at the
network headers (L3).
Note that cgroup_bpf_run_filter() is stubbed out as static inline nop
for !CONFIG_CGROUP_BPF, and is otherwise guarded by a static key if
the feature is unused.
Signed-off-by: Daniel Mack
Acked-by: Alexei Starovoitov
---
net/core/filter.c | 4
e
refer to the bpf cgroup controller implementation.
The API is guarded by CAP_NET_ADMIN.
Signed-off-by: Daniel Mack
Acked-by: Alexei Starovoitov
---
include/uapi/linux/bpf.h | 8 +
kernel/bpf/syscall.c | 81
2 files changed, 89
ed as 3rd argument,
which will make the generated eBPF program return 0 instead of 1, so
the kernel will drop the packet.
libbpf gained two new wrappers for the new syscall commands.
Signed-off-by: Daniel Mack
Acked-by: Alexei Starovoitov
---
samples/bpf/Makefile| 2 +
samples
This program type is similar to BPF_PROG_TYPE_SOCKET_FILTER, except that
it does not allow BPF_LD_[ABS|IND] instructions and hooks up the
bpf_skb_load_bytes() helper.
Programs of this type will be attached to cgroups for network filtering
and accounting.
Signed-off-by: Daniel Mack
Acked-by
programs have access to
the skb through bpf_skb_load_bytes(), and the payload starts at the
network headers (L3).
Note that cgroup_bpf_run_filter() is stubbed out as static inline nop
for !CONFIG_CGROUP_BPF, and is otherwise guarded by a static key if
the feature is unused.
Signed-off-by: Daniel M
Hi Pablo,
On 11/14/2016 10:12 AM, Pablo Neira Ayuso wrote:
> Add cgroup version 2 support to nf_tables.
>
> This extension allows us to fetch the cgroup i-node number from the
> cgroup socket data, place it in a register, then match it against any
> value specified by user. This approach scales u
On 10/31/2016 06:05 PM, David Ahern wrote:
> On 10/31/16 11:00 AM, Daniel Mack wrote:
>> On 10/31/2016 05:58 PM, David Miller wrote:
>>> From: David Ahern Date: Wed, 26 Oct
>>> 2016 17:58:38 -0700
>>>
>>>> diff --git a/include/uapi/linux/bpf.h
&g
On 10/31/2016 05:58 PM, David Miller wrote:
> From: David Ahern
> Date: Wed, 26 Oct 2016 17:58:38 -0700
>
>> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
>> index 6b62ee9a2f78..73da296c2125 100644
>> --- a/include/uapi/linux/bpf.h
>> +++ b/include/uapi/linux/bpf.h
>> @@ -98,7
On 10/28/2016 01:53 PM, Pablo Neira Ayuso wrote:
> On Thu, Oct 27, 2016 at 10:40:14AM +0200, Daniel Mack wrote:
>> It's not anything new. These hooks live on the very same level as
>> SO_ATTACH_FILTER. The only differences are that the BPF programs are
>> stored in
On 10/26/2016 09:59 PM, Pablo Neira Ayuso wrote:
> On Tue, Oct 25, 2016 at 12:14:08PM +0200, Daniel Mack wrote:
> [...]
>> Dumping programs once they are installed is problematic because of
>> the internal optimizations done to the eBPF program during its
>> lifetime.
bpf(2)
syscall. For now, ingress and egress inet socket filtering are the
only supported use-cases.
Signed-off-by: Daniel Mack
Acked-by: Alexei Starovoitov
---
include/linux/bpf-cgroup.h | 71 +++
include/linux/cgroup-defs.h | 4 ++
init/Kconfig| 12
e
refer to the bpf cgroup controller implementation.
The API is guarded by CAP_NET_ADMIN.
Signed-off-by: Daniel Mack
Acked-by: Alexei Starovoitov
---
include/uapi/linux/bpf.h | 8 +
kernel/bpf/syscall.c | 81
2 files changed, 89
ed as 3rd argument,
which will make the generated eBPF program return 0 instead of 1, so
the kernel will drop the packet.
libbpf gained two new wrappers for the new syscall commands.
Signed-off-by: Daniel Mack
Acked-by: Alexei Starovoitov
---
samples/bpf/Makefile| 2 +
samples
packets by making it
return 0.
Daniel Mack (6):
bpf: add new prog type for cgroup socket filtering
cgroup: add support for eBPF programs
bpf: add BPF_PROG_ATTACH and BPF_PROG_DETACH commands
net: filter: run cgroup eBPF ingress programs
net: ipv4, ipv6: run cgroup eBPF egress program
through bpf_skb_load_bytes(), and the payload starts at the
network headers (L3).
Note that cgroup_bpf_run_filter() is stubbed out as static inline nop
for !CONFIG_CGROUP_BPF, and is otherwise guarded by a static key if
the feature is unused.
Signed-off-by: Daniel Mack
Acked-by: Alexei Starovoitov
This program type is similar to BPF_PROG_TYPE_SOCKET_FILTER, except that
it does not allow BPF_LD_[ABS|IND] instructions and hooks up the
bpf_skb_load_bytes() helper.
Programs of this type will be attached to cgroups for network filtering
and accounting.
Signed-off-by: Daniel Mack
Acked-by
(), and the payload starts at the
network headers (L3).
Note that cgroup_bpf_run_filter() is stubbed out as static inline nop
for !CONFIG_CGROUP_BPF, and is otherwise guarded by a static key if
the feature is unused.
Signed-off-by: Daniel Mack
Acked-by: Alexei Starovoitov
---
net/core/filter.c | 4
On 09/22/2016 05:12 PM, Daniel Borkmann wrote:
> On 09/22/2016 02:05 PM, Pablo Neira Ayuso wrote:
>> Benefits are, rewording previous email:
>>
>> * You get access to all of the existing netfilter hooks in one go
>>to run bpf programs. No need for specific redundant hooks. This
>>provides
Hi Pablo,
On 09/20/2016 04:29 PM, Pablo Neira Ayuso wrote:
> On Mon, Sep 19, 2016 at 10:56:14PM +0200, Daniel Mack wrote:
> [...]
>> Why would we artificially limit the use-cases of this implementation if
>> the way it stands, both filtering and introspection are possible?
On 09/19/2016 11:53 PM, Sargun Dhillon wrote:
> On Mon, Sep 19, 2016 at 06:34:28PM +0200, Daniel Mack wrote:
>> On 09/16/2016 09:57 PM, Sargun Dhillon wrote:
>>> Now, with this patch, we don't have that, but I think we can reasonably add
>>> some
>>&
On 09/19/2016 10:35 PM, Pablo Neira Ayuso wrote:
> On Mon, Sep 19, 2016 at 09:30:02PM +0200, Daniel Mack wrote:
>> On 09/19/2016 09:19 PM, Pablo Neira Ayuso wrote:
>>> Actually, did you look at Google's approach to this problem? They
>>> want to control this at so
On 09/19/2016 09:19 PM, Pablo Neira Ayuso wrote:
> On Mon, Sep 19, 2016 at 06:44:00PM +0200, Daniel Mack wrote:
>> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
>> index 6001e78..5dc90aa 100644
>> --- a/net/ipv6/ip6_output.c
>> +++ b/net/ipv6/ip6
bpf(2)
syscall. For now, ingress and egress inet socket filtering are the
only supported use-cases.
Signed-off-by: Daniel Mack
---
include/linux/bpf-cgroup.h | 71 +++
include/linux/cgroup-defs.h | 4 ++
init/Kconfig| 12
kernel/bpf/Makefile | 1
(), and the payload starts at the
network headers (L3).
Note that cgroup_bpf_run_filter() is stubbed out as static inline nop
for !CONFIG_CGROUP_BPF, and is otherwise guarded by a static key if
the feature is unused.
Signed-off-by: Daniel Mack
---
net/core/filter.c | 4
1 file changed, 4
ed as 3rd argument,
which will make the generated eBPF program return 0 instead of 1, so
the kernel will drop the packet.
libbpf gained two new wrappers for the new syscall commands.
Signed-off-by: Daniel Mack
---
samples/bpf/Makefile| 2 +
samples/bpf/libbpf.c| 2
e
refer to the bpf cgroup controller implementation.
The API is guarded by CAP_NET_ADMIN.
Signed-off-by: Daniel Mack
---
include/uapi/linux/bpf.h | 8 +
kernel/bpf/syscall.c | 81
2 files changed, 89 insertions(+)
diff --git a/include/
other socket families should be supported, this can be extended in
the future.
* The sample program learned to support both ingress and egress, and
can now optionally make the eBPF program drop packets by making it
return 0.
As always, feedback is much appreciated.
Thanks,
Daniel
Daniel Ma
This program type is similar to BPF_PROG_TYPE_SOCKET_FILTER, except that
it does not allow BPF_LD_[ABS|IND] instructions and hooks up the
bpf_skb_load_bytes() helper.
Programs of this type will be attached to cgroups for network filtering
and accounting.
Signed-off-by: Daniel Mack
---
include
through bpf_skb_load_bytes(), and the payload starts at the
network headers (L3).
Note that cgroup_bpf_run_filter() is stubbed out as static inline nop
for !CONFIG_CGROUP_BPF, and is otherwise guarded by a static key if
the feature is unused.
Signed-off-by: Daniel Mack
---
net/ipv4/ip_output.c | 15
Hi,
On 09/16/2016 09:57 PM, Sargun Dhillon wrote:
> On Wed, Sep 14, 2016 at 01:13:16PM +0200, Daniel Mack wrote:
>> I have no idea what makes you think this is limited to systemd. As I
>> said, I provided an example for userspace that works from the command
>> line. The sam
On 09/15/2016 08:36 AM, Vincent Bernat wrote:
> ❦ 12 septembre 2016 18:12 CEST, Daniel Mack :
>
>> * The sample program learned to support both ingress and egress, and
>> can now optionally make the eBPF program drop packets by making it
>> return 0.
>
> Abili
Hi Pablo,
On 09/13/2016 07:24 PM, Pablo Neira Ayuso wrote:
> On Tue, Sep 13, 2016 at 03:31:20PM +0200, Daniel Mack wrote:
>> On 09/13/2016 01:56 PM, Pablo Neira Ayuso wrote:
>>> On Mon, Sep 12, 2016 at 06:12:09PM +0200, Daniel Mack wrote:
>>>> This is v5 of the pa
Hi,
On 09/13/2016 01:56 PM, Pablo Neira Ayuso wrote:
> On Mon, Sep 12, 2016 at 06:12:09PM +0200, Daniel Mack wrote:
>> This is v5 of the patch set to allow eBPF programs for network
>> filtering and accounting to be attached to cgroups, so that they apply
>> to all sockets o
bpf(2)
syscall. For now, ingress and egress inet socket filtering are the
only supported use-cases.
Signed-off-by: Daniel Mack
---
include/linux/bpf-cgroup.h | 71 +++
include/linux/cgroup-defs.h | 4 ++
init/Kconfig| 12
kernel/bpf/Makefile | 1
e
refer to the bpf cgroup controller implementation.
The API is guarded by CAP_NET_ADMIN.
Signed-off-by: Daniel Mack
---
include/uapi/linux/bpf.h | 8 +
kernel/bpf/syscall.c | 81
2 files changed, 89 insertions(+)
diff --git a/include/
ed as 3rd argument,
which will make the generated eBPF program return 0 instead of 1, so
the kernel will drop the packet.
libbpf gained two new wrappers for the new syscall commands.
Signed-off-by: Daniel Mack
---
samples/bpf/Makefile| 2 +
samples/bpf/libbpf.c| 2
program drop packets by making it
return 0.
As always, feedback is much appreciated.
Thanks,
Daniel
Daniel Mack (6):
bpf: add new prog type for cgroup socket filtering
cgroup: add support for eBPF programs
bpf: add BPF_PROG_ATTACH and BPF_PROG_DETACH commands
net: filter: run cgroup
1 - 100 of 177 matches
Mail list logo
