1. 01 4月, 2018 20 次提交
    • D
      Merge branch 'tipc-slim-down-name-table' · 6851cf28
      David S. Miller 提交于
      Jon Maloy says:
      
      ====================
      tipc: slim down name table
      
      We clean up and improve the name binding table:
      
       - Replace the memory consuming 'sub_sequence/service range' array with
         an RB tree.
       - Introduce support for overlapping service sequences/ranges
      
       v2: #1: Fixed a missing initialization reported by David Miller
           #4: Obsoleted and replaced a few more macros to get a consistent
               terminology in the API.
           #5: Added new commit to fix a potential string overflow bug (it
               is still only in net-next) reported by Arnd Bergmann
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6851cf28
    • J
      tipc: avoid possible string overflow · 7494cfa6
      Jon Maloy 提交于
      gcc points out that the combined length of the fixed-length inputs to
      l->name is larger than the destination buffer size:
      
      net/tipc/link.c: In function 'tipc_link_create':
      net/tipc/link.c:465:26: error: '%s' directive writing up to 32 bytes
      into a region of size between 26 and 58 [-Werror=format-overflow=]
      sprintf(l->name, "%s:%s-%s:unknown", self_str, if_name, peer_str);
      
      net/tipc/link.c:465:2: note: 'sprintf' output 11 or more bytes
      (assuming 75) into a destination of size 60
      sprintf(l->name, "%s:%s-%s:unknown", self_str, if_name, peer_str);
      
      A detailed analysis reveals that the theoretical maximum length of
      a link name is:
      max self_str + 1 + max if_name + 1 + max peer_str + 1 + max if_name =
      16 + 1 + 15 + 1 + 16 + 1 + 15 = 65
      Since we also need space for a trailing zero we now set MAX_LINK_NAME
      to 68.
      
      Just to be on the safe side we also replace the sprintf() call with
      snprintf().
      
      Fixes: 25b0b9c4 ("tipc: handle collisions of 32-bit node address
      hash values")
      Reported-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7494cfa6
    • J
      tipc: tipc: rename address types in user api · 7a74d39c
      Jon Maloy 提交于
      The three address type structs in the user API have names that in
      reality reflect the specific, non-Linux environment where they were
      originally created.
      
      We now give them more intuitive names, in accordance with how TIPC is
      described in the current documentation.
      
      struct tipc_portid   -> struct tipc_socket_addr
      struct tipc_name     -> struct tipc_service_addr
      struct tipc_name_seq -> struct tipc_service_range
      
      To avoid confusion, we also update some commmets and macro names to
       match the new terminology.
      
      For compatibility, we add macros that map all old names to the new ones.
      Signed-off-by: NJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7a74d39c
    • J
      tipc: permit overlapping service ranges in name table · 37922ea4
      Jon Maloy 提交于
      With the new RB tree structure for service ranges it becomes possible to
      solve an old problem; - we can now allow overlapping service ranges in
      the table.
      
      When inserting a new service range to the tree, we use 'lower' as primary
      key, and when necessary 'upper' as secondary key.
      
      Since there may now be multiple service ranges matching an indicated
      'lower' value, we must also add the 'upper' value to the functions
      used for removing publications, so that the correct, corresponding
      range item can be found.
      
      These changes guarantee that a well-formed publication/withdrawal item
      from a peer node never will be rejected, and make it possible to
      eliminate the problematic backlog functionality we currently have for
      handling such cases.
      Signed-off-by: NJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      37922ea4
    • J
      tipc: refactor name table translate function · f20889f7
      Jon Maloy 提交于
      The function tipc_nametbl_translate() function is ugly and hard to
      follow. This can be improved somewhat by introducing a stack variable
      for holding the publication list to be used and re-ordering the if-
      clauses for selection of algorithm.
      Signed-off-by: NJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f20889f7
    • J
      tipc: replace name table service range array with rb tree · 218527fe
      Jon Maloy 提交于
      The current design of the binding table has an unnecessary memory
      consuming and complex data structure. It aggregates the service range
      items into an array, which is expanded by a factor two every time it
      becomes too small to hold a new item. Furthermore, the arrays never
      shrink when the number of ranges diminishes.
      
      We now replace this array with an RB tree that is holding the range
      items as tree nodes, each range directly holding a list of bindings.
      
      This, along with a few name changes, improves both readability and
      volume of the code, as well as reducing memory consumption and hopefully
      improving cache hit rate.
      Signed-off-by: NJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      218527fe
    • D
      Merge branch 'bridge-mtu' · 24197ee2
      David S. Miller 提交于
      Nikolay Aleksandrov says:
      
      ====================
      net: bridge: MTU handling changes
      
      As previously discussed the recent changes break some setups and could lead
      to packet drops. Thus the first patch reverts the behaviour for the bridge
      to follow the minimum MTU but also keeps the ability to set the MTU to the
      maximum (out of all ports) if vlan filtering is enabled. Patch 02 is the
      bigger change in behaviour - we've always had trouble when configuring
      bridges and their MTU which is auto tuning on port events
      (add/del/changemtu), which means config software needs to chase it and fix
      it after each such event, after patch 02 we allow the user to configure any
      MTU (ETH_MIN/MAX limited) but once that is done the bridge stops auto
      tuning and relies on the user to keep the MTU correct.
      This should be compatible with cases that don't touch the MTU (or set it
      to the same value), while allowing to configure the MTU and not worry
      about it changing afterwards.
      
      The patches are intentionally split like this, so that if they get accepted
      and there are any complaints patch 02 can be reverted.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      24197ee2
    • N
      net: bridge: disable bridge MTU auto tuning if it was set manually · 804b854d
      Nikolay Aleksandrov 提交于
      As Roopa noted today the biggest source of problems when configuring
      bridge and ports is that the bridge MTU keeps changing automatically on
      port events (add/del/changemtu). That leads to inconsistent behaviour
      and network config software needs to chase the MTU and fix it on each
      such event. Let's improve on that situation and allow for the user to
      set any MTU within ETH_MIN/MAX limits, but once manually configured it
      is the user's responsibility to keep it correct afterwards.
      
      In case the MTU isn't manually set - the behaviour reverts to the
      previous and the bridge follows the minimum MTU.
      Signed-off-by: NNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      804b854d
    • N
      net: bridge: set min MTU on port events and allow user to set max · f40aa233
      Nikolay Aleksandrov 提交于
      Recently the bridge was changed to automatically set maximum MTU on port
      events (add/del/changemtu) when vlan filtering is enabled, but that
      actually changes behaviour in a way which breaks some setups and can lead
      to packet drops. In order to still allow that maximum to be set while being
      compatible, we add the ability for the user to tune the bridge MTU up to
      the maximum when vlan filtering is enabled, but that has to be done
      explicitly and all port events (add/del/changemtu) lead to resetting that
      MTU to the minimum as before.
      Suggested-by: NRoopa Prabhu <roopa@cumulusnetworks.com>
      Signed-off-by: NNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f40aa233
    • D
      Merge branch 'thunderx-DMAC-filtering' · 56c03cbf
      David S. Miller 提交于
      Vadim Lomovtsev says:
      
      ====================
      net: thunderx: implement DMAC filtering support
      
      By default CN88XX BGX accepts all incoming multicast and broadcast
      packets and filtering is disabled. The nic driver doesn't provide
      an ability to change such behaviour.
      
      This series is to implement DMAC filtering management for CN88XX
      nic driver allowing user to enable/disable filtering and configure
      specific MAC addresses to filter traffic.
      
      Changes from v1:
      build issues:
       - update code in order to address compiler warnings;
      checkpatch.pl reported issues:
       - update code in order to fit 80 symbols length;
       - update commit descriptions in order to fit 80 symbols length;
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      56c03cbf
    • V
      net: thunderx: add ndo_set_rx_mode callback implementation for VF · 37c3347e
      Vadim Lomovtsev 提交于
      The ndo_set_rx_mode() is called from atomic context which causes
      messages response timeouts while VF to PF communication via MSIx.
      To get rid of that we're copy passed mc list, parse flags and queue
      handling of kernel request to ordered workqueue.
      Signed-off-by: NVadim Lomovtsev <Vadim.Lomovtsev@cavium.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      37c3347e
    • V
      net: thunderx: add workqueue control structures for handle ndo_set_rx_mode request · 1b6d55f2
      Vadim Lomovtsev 提交于
      The kernel calls ndo_set_rx_mode() callback from atomic context which
      causes messaging timeouts between VF and PF (as they’re implemented via
      MSIx). So in order to handle ndo_set_rx_mode() we need to get rid of it.
      
      This commit implements necessary workqueue related structures to let VF
      queue kernel request processing in non-atomic context later.
      Signed-off-by: NVadim Lomovtsev <Vadim.Lomovtsev@cavium.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1b6d55f2
    • V
      net: thunderx: add XCAST messages handlers for PF · aba4a263
      Vadim Lomovtsev 提交于
      This commit is to add message handling for ndo_set_rx_mode()
      callback at PF side.
      Signed-off-by: NVadim Lomovtsev <Vadim.Lomovtsev@cavium.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      aba4a263
    • V
      net: thunderx: add new messages for handle ndo_set_rx_mode callback · 0b849f58
      Vadim Lomovtsev 提交于
      The kernel calls ndo_set_rx_mode() callback supplying it will all necessary
      info, such as device state flags, multicast mac addresses list and so on.
      Since we have only 128 bits to communicate with PF we need to initiate
      several requests to PF with small/short operation each based on input data.
      
      So this commit implements following PF messages codes along with new
      data structures for them:
      NIC_MBOX_MSG_RESET_XCAST to flush all filters configured for this
                                particular network interface (VF)
      NIC_MBOX_MSG_ADD_MCAST   to add new MAC address to DMAC filter registers
                                for this particular network interface (VF)
      NIC_MBOX_MSG_SET_XCAST   to apply filtering configuration to filter control
                                register
      Signed-off-by: NVadim Lomovtsev <Vadim.Lomovtsev@cavium.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0b849f58
    • V
      net: thunderx: add multicast filter management support · ceb9ea21
      Vadim Lomovtsev 提交于
      The ThunderX NIC could be partitioned to up to 128 VFs and thus
      represented to system. Each VF is mapped to pair BGX:LMAC, and each of VF
      is configured by kernel individually. Eventually the bunch of VFs could be
      mapped onto same pair BGX:LMAC and thus could cause several multicast
      filtering configuration requests to LMAC with the same MAC addresses.
      
      This commit is to add ThunderX NIC BGX filtering manipulation routines.
      Signed-off-by: NVadim Lomovtsev <Vadim.Lomovtsev@cavium.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ceb9ea21
    • V
      net: thunderx: add MAC address filter tracking for LMAC · 3a34ecfd
      Vadim Lomovtsev 提交于
      The ThunderX NIC has two Ethernet Interfaces (BGX) each of them could has
      up to four Logical MACs configured. Each of BGX has 32 filters to be
      configured for filtering ingress packets. The number of filters available
      to particular LMAC is from 8 (if we have four LMACs configured per BGX)
      up to 32 (in case of only one LMAC is configured per BGX).
      
      At the same time the NIC could present up to 128 VFs to OS as network
      interfaces, each of them kernel will configure with set of MAC addresses
      for filtering. So to prevent dupes in BGX filter registers from different
      network interfaces it is required to cache and track all filter
      configuration requests prior to applying them onto BGX filter registers.
      
      This commit is to update LMAC structures with control fields to
      allocate/releasing filters tracking list along with implementing
      dmac array allocate/release per LMAC.
      Signed-off-by: NVadim Lomovtsev <Vadim.Lomovtsev@cavium.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3a34ecfd
    • V
      net: thunderx: move filter register related macro into proper place · f8ad1f3f
      Vadim Lomovtsev 提交于
      The ThunderX NIC has set of registers which allows to configure
      filter policy for ingress packets. There are three possible regimes
      of filtering multicasts, broadcasts and unicasts: accept all, reject all
      and accept filter allowed only.
      
      Current implementation has enum with all of them and two generic macro
      for enabling filtering et all (CAM_ACCEPT) and enabling/disabling
      broadcast packets, which also should be corrected in order to represent
      register bits properly. All these values are private for driver and
      there is no need to ‘publish’ them via header file.
      
      This commit is to move filtering register manipulation values from
      header file into source with explicit assignment of exact register
      values to them to be used while register configuring.
      Signed-off-by: NVadim Lomovtsev <Vadim.Lomovtsev@cavium.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f8ad1f3f
    • D
      Merge branch 'meson8b' · 5e8b270f
      David S. Miller 提交于
      Martin Blumenstingl says:
      
      ====================
      Meson8m2 support for dwmac-meson8b
      
      The Meson8m2 SoC is an updated version of the Meson8 SoC. Some of the
      peripherals are shared with Meson8b (for example the watchdog registers
      and the internal temperature sensor calibration procedure).
      Meson8m2 also seems to include the same Gigabit MAC register layout as
      Meson8b.
      
      The registers in the Amlogic dwmac "glue" seem identical between Meson8b
      and Meson8m2. Manual testing seems to confirm this.
      
      To be extra-safe a new compatible string is added because there's no
      (public) documentation on the Meson8m2 SoC. This will allow us to
      implement any SoC-specific variations later on (if needed).
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5e8b270f
    • M
      net: stmmac: dwmac-meson8b: Add support for the Meson8m2 SoC · 7676693c
      Martin Blumenstingl 提交于
      The Meson8m2 SoC uses a similar (potentially even identical) register
      layout as the Meson8b and GXBB SoCs for the dwmac glue.
      Add a new compatible string and update the module description to
      indicate support for these SoCs.
      Signed-off-by: NMartin Blumenstingl <martin.blumenstingl@googlemail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7676693c
    • M
      dt-bindings: net: meson-dwmac: add support for the Meson8m2 SoC · a5af1fb9
      Martin Blumenstingl 提交于
      The Meson8m2 SoC uses a similar (potentially even identical) register
      layout for the dwmac glue as Meson8b and GXBB. Unfortunately there is no
      documentation available.
      Testing shows that both, RMII and RGMII PHYs are working if they are
      configured as on Meson8b. Add a new compatible string to the
      documentation so differences (if there are any) between Meson8m2 and the
      other SoCs can be taken care of within the driver.
      Signed-off-by: NMartin Blumenstingl <martin.blumenstingl@googlemail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a5af1fb9
  2. 31 3月, 2018 13 次提交
  3. 30 3月, 2018 7 次提交
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · d162190b
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter/IPVS updates for net-next
      
      The following patchset contains Netfilter/IPVS updates for your net-next
      tree. This batch comes with more input sanitization for xtables to
      address bug reports from fuzzers, preparation works to the flowtable
      infrastructure and assorted updates. In no particular order, they are:
      
      1) Make sure userspace provides a valid standard target verdict, from
         Florian Westphal.
      
      2) Sanitize error target size, also from Florian.
      
      3) Validate that last rule in basechain matches underflow/policy since
         userspace assumes this when decoding the ruleset blob that comes
         from the kernel, from Florian.
      
      4) Consolidate hook entry checks through xt_check_table_hooks(),
         patch from Florian.
      
      5) Cap ruleset allocations at 512 mbytes, 134217728 rules and reject
         very large compat offset arrays, so we have a reasonable upper limit
         and fuzzers don't exercise the oom-killer. Patches from Florian.
      
      6) Several WARN_ON checks on xtables mutex helper, from Florian.
      
      7) xt_rateest now has a hashtable per net, from Cong Wang.
      
      8) Consolidate counter allocation in xt_counters_alloc(), from Florian.
      
      9) Earlier xt_table_unlock() call in {ip,ip6,arp,eb}tables, patch
         from Xin Long.
      
      10) Set FLOW_OFFLOAD_DIR_* to IP_CT_DIR_* definitions, patch from
          Felix Fietkau.
      
      11) Consolidate code through flow_offload_fill_dir(), also from Felix.
      
      12) Inline ip6_dst_mtu_forward() just like ip_dst_mtu_maybe_forward()
          to remove a dependency with flowtable and ipv6.ko, from Felix.
      
      13) Cache mtu size in flow_offload_tuple object, this is safe for
          forwarding as f87c10a8 describes, from Felix.
      
      14) Rename nf_flow_table.c to nf_flow_table_core.o, to simplify too
          modular infrastructure, from Felix.
      
      15) Add rt0, rt2 and rt4 IPv6 routing extension support, patch from
          Ahmed Abdelsalam.
      
      16) Remove unused parameter in nf_conncount_count(), from Yi-Hung Wei.
      
      17) Support for counting only to nf_conncount infrastructure, patch
          from Yi-Hung Wei.
      
      18) Add strict NFT_CT_{SRC_IP,DST_IP,SRC_IP6,DST_IP6} key datatypes
          to nft_ct.
      
      19) Use boolean as return value from ipt_ah and from IPVS too, patch
          from Gustavo A. R. Silva.
      
      20) Remove useless parameters in nfnl_acct_overquota() and
          nf_conntrack_broadcast_help(), from Taehee Yoo.
      
      21) Use ipv6_addr_is_multicast() from xt_cluster, also from Taehee Yoo.
      
      22) Statify nf_tables_obj_lookup_byhandle, patch from Fengguang Wu.
      
      23) Fix typo in xt_limit, from Geert Uytterhoeven.
      
      24) Do no use VLAs in Netfilter code, again from Gustavo.
      
      25) Use ADD_COUNTER from ebtables, from Taehee Yoo.
      
      26) Bitshift support for CONNMARK and MARK targets, from Jack Ma.
      
      27) Use pr_*() and add pr_fmt(), from Arushi Singhal.
      
      28) Add synproxy support to ctnetlink.
      
      29) ICMP type and IGMP matching support for ebtables, patches from
          Matthias Schiffer.
      
      30) Support for the revision infrastructure to ebtables, from
          Bernie Harris.
      
      31) String match support for ebtables, also from Bernie.
      
      32) Documentation for the new flowtable infrastructure.
      
      33) Use generic comparison functions in ebt_stp, from Joe Perches.
      
      34) Demodularize filter chains in nftables.
      
      35) Register conntrack hooks in case nftables NAT chain is added.
      
      36) Merge assignments with return in a couple of spots in the
          Netfilter codebase, also from Arushi.
      
      37) Document that xtables percpu counters are stored in the same
          memory area, from Ben Hutchings.
      
      38) Revert mark_source_chains() sanity checks that break existing
          rulesets, from Florian Westphal.
      
      39) Use is_zero_ether_addr() in the ipset codebase, from Joe Perches.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d162190b
    • D
      Merge branch 'Close-race-between-un-register_netdevice_notifier-and-pernet_operations' · b9a12601
      David S. Miller 提交于
      Kirill Tkhai says:
      
      ====================
      Close race between {un, }register_netdevice_notifier and pernet_operations
      
      the problem is {,un}register_netdevice_notifier() do not take
      pernet_ops_rwsem, and they don't see network namespaces, being
      initialized in setup_net() and cleanup_net(), since at this
      time net is not hashed to net_namespace_list.
      
      This may lead to imbalance, when a notifier is called at time of
      setup_net()/net is alive, but it's not called at time of cleanup_net(),
      for the devices, hashed to the net, and vise versa. See (3/3) for
      the scheme of imbalance.
      
      This patchset fixes the problem by acquiring pernet_ops_rwsem
      at the time of {,un}register_netdevice_notifier() (3/3).
      (1-2/3) are preparations in xfrm and netfilter subsystems.
      
      The problem was introduced a long ago, but backporting won't be easy,
      since every previous kernel version may have changes in netdevice
      notifiers, and they all need review and testing. Otherwise, there
      may be more pernet_operations, which register or unregister
      netdevice notifiers, and that leads to deadlock (which is was fixed
      in 1-2/3). This patchset is for net-next.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b9a12601
    • K
      net: Close race between {un, }register_netdevice_notifier() and setup_net()/cleanup_net() · 328fbe74
      Kirill Tkhai 提交于
      {un,}register_netdevice_notifier() iterate over all net namespaces
      hashed to net_namespace_list. But pernet_operations register and
      unregister netdevices in unhashed net namespace, and they are not
      seen for netdevice notifiers. This results in asymmetry:
      
      1)Race with register_netdevice_notifier()
        pernet_operations::init(net)	...
         register_netdevice()		...
          call_netdevice_notifiers()  ...
            ... nb is not called ...
        ...				register_netdevice_notifier(nb) -> net skipped
        ...				...
        list_add_tail(&net->list, ..) ...
      
        Then, userspace stops using net, and it's destructed:
      
        pernet_operations::exit(net)
         unregister_netdevice()
          call_netdevice_notifiers()
            ... nb is called ...
      
      This always happens with net::loopback_dev, but it may be not the only device.
      
      2)Race with unregister_netdevice_notifier()
        pernet_operations::init(net)
         register_netdevice()
          call_netdevice_notifiers()
            ... nb is called ...
      
        Then, userspace stops using net, and it's destructed:
      
        list_del_rcu(&net->list)	...
        pernet_operations::exit(net)  unregister_netdevice_notifier(nb) -> net skipped
         dev_change_net_namespace()	...
          call_netdevice_notifiers()
            ... nb is not called ...
         unregister_netdevice()
          call_netdevice_notifiers()
            ... nb is not called ...
      
      This race is more danger, since dev_change_net_namespace() moves real
      network devices, which use not trivial netdevice notifiers, and if this
      will happen, the system will be left in unpredictable state.
      
      The patch closes the race. During the testing I found two places,
      where register_netdevice_notifier() is called from pernet init/exit
      methods (which led to deadlock) and fixed them (see previous patches).
      
      The review moved me to one more unusual registration place:
      raw_init() (can driver). It may be a reason of problems,
      if someone creates in-kernel CAN_RAW sockets, since they
      will be destroyed in exit method and raw_release()
      will call unregister_netdevice_notifier(). But grep over
      kernel tree does not show, someone creates such sockets
      from kernel space.
      
      Theoretically, there can be more places like this, and which are
      hidden from review, but we found them on the first bumping there
      (since there is no a race, it will be 100% reproducible).
      Signed-off-by: NKirill Tkhai <ktkhai@virtuozzo.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      328fbe74
    • K
      netfilter: Rework xt_TEE netdevice notifier · 9e2f6c5d
      Kirill Tkhai 提交于
      Register netdevice notifier for every iptable entry
      is not good, since this breaks modularity, and
      the hidden synchronization is based on rtnl_lock().
      
      This patch reworks the synchronization via new lock,
      while the rest of logic remains as it was before.
      This is required for the next patch.
      
      Tested via:
      
      while :; do
      	unshare -n iptables -t mangle -A OUTPUT -j TEE --gateway 1.1.1.2 --oif lo;
      done
      Signed-off-by: NKirill Tkhai <ktkhai@virtuozzo.com>
      Acked-by: NPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9e2f6c5d
    • K
      xfrm: Register xfrm_dev_notifier in appropriate place · e9a441b6
      Kirill Tkhai 提交于
      Currently, driver registers it from pernet_operations::init method,
      and this breaks modularity, because initialization of net namespace
      and netdevice notifiers are orthogonal actions. We don't have
      per-namespace netdevice notifiers; all of them are global for all
      devices in all namespaces.
      Signed-off-by: NKirill Tkhai <ktkhai@virtuozzo.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e9a441b6
    • D
      Merge branch 'Implement-of_get_nvmem_mac_address-helper' · caeeeda3
      David S. Miller 提交于
      Mike Looijmans says:
      
      ====================
      of_net: Implement of_get_nvmem_mac_address helper
      
      Posted this as a small set now, with an (optional) second patch that shows
      how the changes work and what I've used to test the code on a Topic Miami board.
      I've taken the liberty to add appropriate "Acked" and "Review" tags.
      
      v4: Replaced "6" with ETH_ALEN
      
      v3: Add patch that implements mac in nvmem for the Cadence MACB controller
          Remove the integrated of_get_mac_address call
      
      v2: Use of_nvmem_cell_get to avoid needing the assiciated device
          Use void* instead of char*
          Add devicetree binding doc
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      caeeeda3
    • M
      net: macb: Try to retrieve MAC addess from nvmem provider · aa076e3d
      Mike Looijmans 提交于
      Call of_get_nvmem_mac_address() to fetch the MAC address from an nvmem
      cell, if one is provided in the device tree. This allows the address to
      be stored in an I2C EEPROM device for example.
      Signed-off-by: NMike Looijmans <mike.looijmans@topic.nl>
      Acked-by: NNicolas Ferre <nicolas.ferre@microchip.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      aa076e3d