- 13 9月, 2019 15 次提交
-
-
由 Jeremy Sowden 提交于
A few headers contain instances of: #if defined(CONFIG_XXX) or defined(CONFIG_XXX_MODULE) Replace them with: #if IS_ENABLED(CONFIG_XXX) Signed-off-by: NJeremy Sowden <jeremy@azazel.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jeremy Sowden 提交于
The header contains some inline functions defined as: static inline f (...) { #ifdef CONFIG_NF_CONNTRACK_EVENTS ... #else ... #endif } and a few others as: #ifdef CONFIG_NF_CONNTRACK_EVENTS static inline f (...) { ... } #else static inline f (...) { ... } #endif Prefer the former style, which is more numerous. Signed-off-by: NJeremy Sowden <jeremy@azazel.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jeremy Sowden 提交于
There is a struct definition function in nf_conntrack_bridge.h which is not specific to conntrack and is used elswhere in netfilter. Move it into netfilter_bridge.h. Signed-off-by: NJeremy Sowden <jeremy@azazel.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jeremy Sowden 提交于
There is some non-conntrack code in the nf_conntrack_synproxy.h header. Move it to the nf_synproxy.h header. Signed-off-by: NJeremy Sowden <jeremy@azazel.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jeremy Sowden 提交于
There is an inline function in ip6_tables.h which is not specific to ip6tables and is used elswhere in netfilter. Move it into netfilter_ipv6.h and update the callers. Signed-off-by: NJeremy Sowden <jeremy@azazel.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jeremy Sowden 提交于
nf_conntrack_icmpv6.h contains two object macros which duplicate macros in linux/icmpv6.h. The latter definitions are also visible wherever it is included, so remove it. Signed-off-by: NJeremy Sowden <jeremy@azazel.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jeremy Sowden 提交于
Include some headers in files which require them, and remove others which are not required. Signed-off-by: NJeremy Sowden <jeremy@azazel.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jeremy Sowden 提交于
Three netfilter headers are only included once. Inline their contents at those sites and remove them. Signed-off-by: NJeremy Sowden <jeremy@azazel.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jeremy Sowden 提交于
Two headers include declarations of functions which are never defined. Remove them. Signed-off-by: NJeremy Sowden <jeremy@azazel.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jeremy Sowden 提交于
Several header-files, Kconfig files and Makefiles have trailing white-space. Remove it. In netfilter/Kconfig, indent the type of CONFIG_NETFILTER_NETLINK_ACCT correctly. There are semicolons at the end of two function definitions in include/net/netfilter/nf_conntrack_acct.h and include/net/netfilter/nf_conntrack_ecache.h. Remove them. Fix indentation in nf_conntrack_l4proto.h. Signed-off-by: NJeremy Sowden <jeremy@azazel.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Jeremy Sowden 提交于
nf_conntrack_labels.h has no include guard. Add it. The comment following the #endif in the nf_flow_table.h include guard referred to the wrong macro. Fix it. Signed-off-by: NJeremy Sowden <jeremy@azazel.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 wenxu 提交于
If the net_device unregisters, clean up the offload rules before the chain is destroy. Signed-off-by: Nwenxu <wenxu@ucloud.cn> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 wenxu 提交于
Pass rule, chain and flow_rule object parameters to nft_flow_offload_rule to reuse it. Signed-off-by: Nwenxu <wenxu@ucloud.cn> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 wenxu 提交于
Pass chain and policy parameters to nft_flow_offload_chain to reuse it. Signed-off-by: Nwenxu <wenxu@ucloud.cn> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 wenxu 提交于
Add __nft_offload_get_chain function to get basechain from device. This function requires that caller holds the per-netns nftables mutex. This patch implicitly fixes missing offload flags check and proper mutex from nft_indr_block_cb(). Fixes: 9a32669f ("netfilter: nf_tables_offload: support indr block call") Signed-off-by: Nwenxu <wenxu@ucloud.cn> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
- 11 9月, 2019 2 次提交
-
-
由 Pablo Neira Ayuso 提交于
This patch adds support for packet mirroring and redirection. The nft_fwd_dup_netdev_offload() function configures the flow_action object for the fwd and the dup actions. Extend nft_flow_rule_destroy() to release the net_device object when the flow_rule object is released, since nft_fwd_dup_netdev_offload() bumps the net_device reference counter. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Acked-by: Nwenxu <wenxu@ucloud.cn>
-
Register a new synproxy stateful object type into the stateful object infrastructure. Signed-off-by: NFernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
- 09 9月, 2019 3 次提交
-
-
由 Pablo Neira Ayuso 提交于
Add nft_offload_init() and nft_offload_exit() function to deal with the init and the exit path of the offload infrastructure. Rename nft_indr_block_get_and_ing_cmd() to nft_indr_block_cb(). Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Arnd Bergmann 提交于
The nft_offload_ctx structure is much too large to put on the stack: net/netfilter/nf_tables_offload.c:31:23: error: stack frame size of 1200 bytes in function 'nft_flow_rule_create' [-Werror,-Wframe-larger-than=] Use dynamic allocation here, as we do elsewhere in the same function. Fixes: c9626a2c ("netfilter: nf_tables: add hardware offload support") Signed-off-by: NArnd Bergmann <arnd@arndb.de> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Dan Carpenter 提交于
The "newobj" is an error pointer so we can't pass it to kfree(). It doesn't need to be freed so we can remove that and I also renamed the error label. Fixes: d62d0ba9 ("netfilter: nf_tables: Introduce stateful object update operation") Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Acked-by: NFernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
- 08 9月, 2019 9 次提交
-
-
由 David S. Miller 提交于
Jakub Kicinski says: ==================== net/tls: small TX offload optimizations This set brings small TLS TX device optimizations. The biggest gain comes from fixing a misuse of non temporal copy instructions. On a synthetic workload modelled after customer's RFC application I see 3-5% percent gain. ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jakub Kicinski 提交于
Unlike normal TCP code TLS has to touch the cache lines it copies into to fill header info. On memory-heavy workloads having non temporal stores and normal accesses targeting the same cache line leads to significant overhead. Measured 3% overhead running 3600 round robin connections with additional memory heavy workload. Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NDirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jakub Kicinski 提交于
For TLS device offload the tag/message authentication code are filled in by the device. The kernel merely reserves space for them. Because device overwrites it, the contents of the tag make do no matter. Current code tries to save space by reusing the header as the tag. This, however, leads to an additional frag being created and defeats buffer coalescing (which trickles all the way down to the drivers). Remove this optimization, and try to allocate the space for the tag in the usual way, leave the memory uninitialized. If memory allocation fails rewind the record pointer so that we use the already copied user data as tag. Note that the optimization was actually buggy, as the tag for TLS 1.2 is 16 bytes, but header is just 13, so the reuse may had looked past the end of the page.. Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NDirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jakub Kicinski 提交于
All modifications to TLS record list happen under the socket lock. Since records form an ordered queue readers are only concerned about elements being removed, additions can happen concurrently. Use RCU primitives to ensure the correct access types (READ_ONCE/WRITE_ONCE). Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NDirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jakub Kicinski 提交于
It's generally more cache friendly to walk arrays in order, especially those which are likely not in cache. Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NDirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next Johan Hedberg says: ==================== pull request: bluetooth-next 2019-09-06 Here's the main bluetooth-next pull request for the 5.4 kernel. - Cleanups & fixes to btrtl driver - Fixes for Realtek devices in btusb, e.g. for suspend handling - Firmware loading support for BCM4345C5 - hidp_send_message() return value handling fixes - Added support for utilizing Fast Advertising Interval - Various other minor cleanups & fixes Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Colin Ian King 提交于
Don't populate the array spec_opcode on the stack but instead make it static const. Makes the object code smaller by 48 bytes. Before: text data bss dec hex filename 6914 1040 128 8082 1f92 hns3/hns3vf/hclgevf_cmd.o After: text data bss dec hex filename 6866 1040 128 8034 1f62 hns3/hns3vf/hclgevf_cmd.o (gcc version 9.2.1, amd64) Signed-off-by: NColin Ian King <colin.king@canonical.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Colin Ian King 提交于
Don't populate the arrays on the stack but instead make them static const. Makes the object code smaller by 281 bytes. Before: text data bss dec hex filename 87553 5672 0 93225 16c29 benet/be_cmds.o After: text data bss dec hex filename 87112 5832 0 92944 16b10 benet/be_cmds.o (gcc version 9.2.1, amd64) Signed-off-by: NColin Ian King <colin.king@canonical.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 YueHaibing 提交于
Remove including <linux/version.h> that don't need it. Signed-off-by: NYueHaibing <yuehaibing@huawei.com> Acked-by: NShannon Nelson <snelson@pensando.io> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 07 9月, 2019 11 次提交
-
-
由 David S. Miller 提交于
Jose Abreu says: ==================== net: stmmac: Improvements and fixes for -next Improvements and fixes for recently introduced features. All for -next tree. More info in commit logs. ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jose Abreu 提交于
We may have some SoCs that can't achieve XGMAC max speed. Limit it if asked to. Signed-off-by: NJose Abreu <joabreu@synopsys.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jose Abreu 提交于
Add a test to validate that Split Header feature is working correctly. It works by using the rececently introduced counter that increments each time a packet with split header is received. Signed-off-by: NJose Abreu <joabreu@synopsys.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jose Abreu 提交于
We are already doing it by default in the TX path so we can also enable Jumbo Frame support in the RX path independently of MTU value. Signed-off-by: NJose Abreu <joabreu@synopsys.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jose Abreu 提交于
We need to set the RX tail pointer so that RX engine starts working again after finishing the Flow Control test. Signed-off-by: NJose Abreu <joabreu@synopsys.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jose Abreu 提交于
Add checks for support of Source Address Insertion/Replacement before running the test. Signed-off-by: NJose Abreu <joabreu@synopsys.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Hangbin Liu 提交于
This is a re-post of previous patch wrote by David Miller[1]. Phil Karn reported[2] that on busy networks with lots of unresolved multicast routing entries, the creation of new multicast group routes can be extremely slow and unreliable. The reason is we hard-coded multicast route entries with unresolved source addresses(cache_resolve_queue_len) to 10. If some multicast route never resolves and the unresolved source addresses increased, there will be no ability to create new multicast route cache. To resolve this issue, we need either add a sysctl entry to make the cache_resolve_queue_len configurable, or just remove cache_resolve_queue_len limit directly, as we already have the socket receive queue limits of mrouted socket, pointed by David. >From my side, I'd perfer to remove the cache_resolve_queue_len limit instead of creating two more(IPv4 and IPv6 version) sysctl entry. [1] https://lkml.org/lkml/2018/7/22/11 [2] https://lkml.org/lkml/2018/7/21/343 v3: instead of remove cache_resolve_queue_len totally, let's only remove the hard code limit when allocate the unresolved cache, as Eric Dumazet suggested, so we don't need to re-count it in other places. v2: hold the mfc_unres_lock while walking the unresolved list in queue_count(), as Nikolay Aleksandrov remind. Reported-by: NPhil Karn <karn@ka9q.net> Signed-off-by: NHangbin Liu <liuhangbin@gmail.com> Reviewed-by: NNikolay Aleksandrov <nikolay@cumulusnetworks.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
Haiyang Zhang says: ==================== hv_netvsc: Enable sg as tunable, sync offload settings to VF NIC This patch set fixes an issue in SG tuning, and sync offload settings from synthetic NIC to VF NIC. ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Haiyang Zhang 提交于
VF NIC may go down then come up during host servicing events. This causes the VF NIC offloading feature settings to roll back to the defaults. This patch can synchronize features from synthetic NIC to the VF NIC during ndo_set_features (ethtool -K), and netvsc_register_vf when VF comes back after host events. Signed-off-by: NHaiyang Zhang <haiyangz@microsoft.com> Cc: Mark Bloch <markb@mellanox.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Haiyang Zhang 提交于
In a previous patch, the NETIF_F_SG was missing after the code changes. That caused the SG feature to be "fixed". This patch includes it into hw_features, so it is tunable again. Fixes: 23312a3b ("netvsc: negotiate checksum and segmentation parameters") Signed-off-by: NHaiyang Zhang <haiyangz@microsoft.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux由 David S. Miller 提交于
Saeed Mahameed says: ==================== mlx5-updates-2019-09-05 1) Allover mlx5 cleanups 2) Added port congestion counters to ethtool stats: Add 3 counters per priority to ethtool using PPCNT: 2.1) rx_prio[p]_buf_discard - the number of packets discarded by device due to lack of per host receive buffers 2.2) rx_prio[p]_cong_discard - the number of packets discarded by device due to per host congestion 2.3) rx_prio[p]_marked - the number of packets ECN marked by device due to per host congestion ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-