1. 11 9月, 2020 11 次提交
  2. 01 9月, 2020 2 次提交
  3. 31 8月, 2020 1 次提交
  4. 03 8月, 2020 3 次提交
  5. 02 8月, 2020 3 次提交
  6. 01 8月, 2020 20 次提交
    • D
      Merge tag 'mac80211-next-for-davem-2020-07-31' of... · 6f3de75c
      David S. Miller 提交于
      Merge tag 'mac80211-next-for-davem-2020-07-31' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next
      
      Johannes Berg says:
      
      ====================
      We have a number of changes
       * code cleanups and fixups as usual
       * AQL & internal TXQ improvements from Felix
       * some mesh 802.1X support bits
       * some injection improvements from Mathy of KRACK
         fame, so we'll see what this results in ;-)
       * some more initial S1G supports bits, this time
         (some of?) the userspace APIs
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6f3de75c
    • R
      rtnetlink: add support for protodown reason · 829eb208
      Roopa Prabhu 提交于
      netdev protodown is a mechanism that allows protocols to
      hold an interface down. It was initially introduced in
      the kernel to hold links down by a multihoming protocol.
      There was also an attempt to introduce protodown
      reason at the time but was rejected. protodown and protodown reason
      is supported by almost every switching and routing platform.
      It was ok for a while to live without a protodown reason.
      But, its become more critical now given more than
      one protocol may need to keep a link down on a system
      at the same time. eg: vrrp peer node, port security,
      multihoming protocol. Its common for Network operators and
      protocol developers to look for such a reason on a networking
      box (Its also known as errDisable by most networking operators)
      
      This patch adds support for link protodown reason
      attribute. There are two ways to maintain protodown
      reasons.
      (a) enumerate every possible reason code in kernel
          - A protocol developer has to make a request and
            have that appear in a certain kernel version
      (b) provide the bits in the kernel, and allow user-space
      (sysadmin or NOS distributions) to manage the bit-to-reasonname
      map.
      	- This makes extending reason codes easier (kind of like
            the iproute2 table to vrf-name map /etc/iproute2/rt_tables.d/)
      
      This patch takes approach (b).
      
      a few things about the patch:
      - It treats the protodown reason bits as counter to indicate
      active protodown users
      - Since protodown attribute is already an exposed UAPI,
      the reason is not enforced on a protodown set. Its a no-op
      if not used.
      the patch follows the below algorithm:
        - presence of reason bits set indicates protodown
          is in use
        - user can set protodown and protodown reason in a
          single or multiple setlink operations
        - setlink operation to clear protodown, will return -EBUSY
          if there are active protodown reason bits
        - reason is not included in link dumps if not used
      
      example with patched iproute2:
      $cat /etc/iproute2/protodown_reasons.d/r.conf
      0 mlag
      1 evpn
      2 vrrp
      3 psecurity
      
      $ip link set dev vxlan0 protodown on protodown_reason vrrp on
      $ip link set dev vxlan0 protodown_reason mlag on
      $ip link show
      14: vxlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
      DEFAULT group default qlen 1000
          link/ether f6:06:be:17:91:e7 brd ff:ff:ff:ff:ff:ff protodown on <mlag,vrrp>
      
      $ip link set dev vxlan0 protodown_reason mlag off
      $ip link set dev vxlan0 protodown off protodown_reason vrrp off
      Signed-off-by: NRoopa Prabhu <roopa@cumulusnetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      829eb208
    • J
      tun: add missing rcu annotation in tun_set_ebpf() · 8f3f330d
      Jason Wang 提交于
      We expecte prog_p to be protected by rcu, so adding the rcu annotation
      to fix the following sparse warning:
      
      drivers/net/tun.c:3003:36: warning: incorrect type in argument 2 (different address spaces)
      drivers/net/tun.c:3003:36:    expected struct tun_prog [noderef] __rcu **prog_p
      drivers/net/tun.c:3003:36:    got struct tun_prog **prog_p
      drivers/net/tun.c:3292:42: warning: incorrect type in argument 2 (different address spaces)
      drivers/net/tun.c:3292:42:    expected struct tun_prog **prog_p
      drivers/net/tun.c:3292:42:    got struct tun_prog [noderef] __rcu **
      drivers/net/tun.c:3296:42: warning: incorrect type in argument 2 (different address spaces)
      drivers/net/tun.c:3296:42:    expected struct tun_prog **prog_p
      drivers/net/tun.c:3296:42:    got struct tun_prog [noderef] __rcu **
      Reported-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NJason Wang <jasowang@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8f3f330d
    • Y
      tcp: add earliest departure time to SCM_TIMESTAMPING_OPT_STATS · 48040793
      Yousuk Seung 提交于
      This change adds TCP_NLA_EDT to SCM_TIMESTAMPING_OPT_STATS that reports
      the earliest departure time(EDT) of the timestamped skb. By tracking EDT
      values of the skb from different timestamps, we can observe when and how
      much the value changed. This allows to measure the precise delay
      injected on the sender host e.g. by a bpf-base throttler.
      Signed-off-by: NYousuk Seung <ysseung@google.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Acked-by: NNeal Cardwell <ncardwell@google.com>
      Acked-by: NSoheil Hassas Yeganeh <soheil@google.com>
      Acked-by: NYuchung Cheng <ycheng@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      48040793
    • D
      Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue · c6886957
      David S. Miller 提交于
      Tony Nguyen says:
      
      ====================
      1GbE Intel Wired LAN Driver Updates 2020-07-30
      
      This series contains updates to e100, e1000, e1000e, igb, igbvf, ixgbe,
      ixgbevf, iavf, and driver documentation.
      
      Vaibhav Gupta converts legacy .suspend() and .resume() to generic PM
      callbacks for e100, igbvf, ixgbe, ixgbevf, and iavf.
      
      Suraj Upadhyay replaces 1 byte memsets with assignments for e1000,
      e1000e, igb, and ixgbe.
      
      Alexander Klimov replaces http links with https.
      
      Miaohe Lin replaces uses of memset to clear MAC addresses with
      eth_zero_addr().
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c6886957
    • D
      Merge branch 'mptcp-syncookies' · d9790bc2
      David S. Miller 提交于
      Florian Westphal says:
      
      ====================
      mptcp: add syncookie support
      
      Changes in v2:
      - first patch renames req->ts_cookie to req->syncookie instead of
        removing ts_cookie member.
      - patch to add 'want_cookie' arg to init_req() functions has been dropped.
        All users of that arg were changed to check 'req->syncookie' instead.
      
      v1 cover letter:
      
      When syn-cookies are used the SYN?ACK never contains a MPTCP option,
      because the code path that creates a request socket based on a valid
      cookie ACK lacks the needed changes to construct MPTCP request sockets.
      
      After this series, if SYN carries MP_CAPABLE option, the option is not
      cleared anymore and request socket will be reconstructed using the
      MP_CAPABLE option data that is re-sent with the ACK.
      
      This means that no additional state gets encoded into the syn cookie or
      the TCP timestamp.
      
      There are two caveats for SYN-Cookies with MPTCP:
      
      1. When syn-cookies are used, the server-generated key is not stored.
      The drawback is that the next connection request that comes in before
      the cookie-ACK has a small chance that it will generate the same local_key.
      
      If this happens, the cookie ACK that comes in second will (re)compute the
      token hash and then detects that this is already in use.
      Unlike normal case, where the server will pick a new key value and then
      re-tries, we can't do that because we already committed to the key value
      (it was sent to peer already).
      
      Im this case, MPTCP cannot be used and late TCP fallback happens.
      
      2). SYN packets with a MP_JOIN requests cannot be handled without storing
          state. This is because the SYN contains a nonce value that is needed to
          verify the HMAC of the MP_JOIN ACK that completes the three-way
          handshake.  Also, a local nonce is generated and used in the cookie
          SYN/ACK.
      
      There are only 2 ways to solve this:
       a) Do not support JOINs when cookies are in effect.
       b) Store the nonces somewhere.
      
      The approach chosen here is b).
      Patch 8 adds a fixed-size (1024 entries) state table to store the
      information required to validate the MP_JOIN ACK and re-build the
      request socket.
      
      State gets stored when syn-cookies are active and the token in the JOIN
      request referred to an established MPTCP connection that can also accept
      a new subflow.
      
      State is restored if the ACK cookie is valid, an MP_JOIN option is present
      and the state slot contains valid data from a previous SYN.
      
      After the request socket has been re-build, normal HMAC check is done just
      as without syn cookies.
      
      Largely identical to last RFC, except patch #8 which follows Paolos
      suggestion to use a private table storage area rather than keeping
      request sockets around.  This also means I dropped the patch to remove
      const qualifier from sk_listener pointers.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d9790bc2
    • F
      selftests: mptcp: add test cases for mptcp join tests with syn cookies · 00587187
      Florian Westphal 提交于
      Also add test cases with MP_JOIN when tcp_syncookies sysctl is 2 (i.e.,
      syncookies are always-on).
      
      While at it, also print the test number and add the test number
      to the pcap files that can be generated optionally.
      
      This makes it easier to match the pcap to the test case.
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Reviewed-by: NMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      00587187
    • F
      selftests: mptcp: make 2nd net namespace use tcp syn cookies unconditionally · fed61c4b
      Florian Westphal 提交于
      check we can establish connections also when syn cookies are in use.
      
      Check that
      MPTcpExtMPCapableSYNRX and MPTcpExtMPCapableACKRX increase for each
      MPTCP test.
      
      Check TcpExtSyncookiesSent and TcpExtSyncookiesRecv increase in netns2.
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Reviewed-by: NMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fed61c4b
    • F
      mptcp: enable JOIN requests even if cookies are in use · 9466a1cc
      Florian Westphal 提交于
      JOIN requests do not work in syncookie mode -- for HMAC validation, the
      peers nonce and the mptcp token (to obtain the desired connection socket
      the join is for) are required, but this information is only present in the
      initial syn.
      
      So either we need to drop all JOIN requests once a listening socket enters
      syncookie mode, or we need to store enough state to reconstruct the request
      socket later.
      
      This adds a state table (1024 entries) to store the data present in the
      MP_JOIN syn request and the random nonce used for the cookie syn/ack.
      
      When a MP_JOIN ACK passed cookie validation, the table is consulted
      to rebuild the request socket from it.
      
      An alternate approach would be to "cancel" syn-cookie mode and force
      MP_JOIN to always use a syn queue entry.
      
      However, doing so brings the backlog over the configured queue limit.
      
      v2: use req->syncookie, not (removed) want_cookie arg
      Suggested-by: NPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Reviewed-by: NMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9466a1cc
    • F
      tcp: syncookies: create mptcp request socket for ACK cookies with MPTCP option · 6fc8c827
      Florian Westphal 提交于
      If SYN packet contains MP_CAPABLE option, keep it enabled.
      Syncokie validation and cookie-based socket creation is changed to
      instantiate an mptcp request sockets if the ACK contains an MPTCP
      connection request.
      
      Rather than extend both cookie_v4/6_check, add a common helper to create
      the (mp)tcp request socket.
      Suggested-by: NPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6fc8c827
    • F
      mptcp: subflow: add mptcp_subflow_init_cookie_req helper · c83a47e5
      Florian Westphal 提交于
      Will be used to initialize the mptcp request socket when a MP_CAPABLE
      request was handled in syncookie mode, i.e. when a TCP ACK containing a
      MP_CAPABLE option is a valid syncookie value.
      
      Normally (non-cookie case), MPTCP will generate a unique 32 bit connection
      ID and stores it in the MPTCP token storage to be able to retrieve the
      mptcp socket for subflow joining.
      
      In syncookie case, we do not want to store any state, so just generate the
      unique ID and use it in the reply.
      
      This means there is a small window where another connection could generate
      the same token.
      
      When Cookie ACK comes back, we check that the token has not been registered
      in the mean time.  If it was, the connection needs to fall back to TCP.
      
      Changes in v2:
       - use req->syncookie instead of passing 'want_cookie' arg to ->init_req()
         (Eric Dumazet)
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Reviewed-by: NMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c83a47e5
    • F
      mptcp: rename and export mptcp_subflow_request_sock_ops · 08b8d080
      Florian Westphal 提交于
      syncookie code path needs to create an mptcp request sock.
      
      Prepare for this and add mptcp prefix plus needed export of ops struct.
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Reviewed-by: NMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      08b8d080
    • F
      mptcp: subflow: split subflow_init_req · 78d8b7bc
      Florian Westphal 提交于
      When syncookie support is added, we will need to add a variant of
      subflow_init_req() helper.  It will do almost same thing except
      that it will not compute/add a token to the mptcp token tree.
      
      To avoid excess copy&paste, this commit splits away part of the
      code into a new helper, __subflow_init_req, that can then be re-used
      from the 'no insert' function added in a followup change.
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Reviewed-by: NMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      78d8b7bc
    • F
      mptcp: token: move retry to caller · 535fb815
      Florian Westphal 提交于
      Once syncookie support is added, no state will be stored anymore when the
      syn/ack is generated in syncookie mode.
      
      When the ACK comes back, the generated key will be taken from the TCP ACK,
      the token is re-generated and inserted into the token tree.
      
      This means we can't retry with a new key when the token is already taken
      in the syncookie case.
      
      Therefore, move the retry logic to the caller to prepare for syncookie
      support in mptcp.
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Reviewed-by: NMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      535fb815
    • F
      tcp: rename request_sock cookie_ts bit to syncookie · f8ace8d9
      Florian Westphal 提交于
      Nowadays output function has a 'synack_type' argument that tells us when
      the syn/ack is emitted via syncookies.
      
      The request already tells us when timestamps are supported, so check
      both to detect special timestamp for tcp option encoding is needed.
      
      We could remove cookie_ts altogether, but a followup patch would
      otherwise need to adjust function signatures to pass 'want_cookie' to
      mptcp core.
      
      This way, the 'existing' bit can be used.
      Suggested-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f8ace8d9
    • G
      net/sched: cls_u32: Use struct_size() helper · 77aec5e1
      Gustavo A. R. Silva 提交于
      Make use of the struct_size() helper, in multiple places, instead
      of an open-coded version in order to avoid any potential type
      mistakes and protect against potential integer overflows.
      
      Also, remove unnecessary object identifier size.
      Signed-off-by: NGustavo A. R. Silva <gustavoars@kernel.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      77aec5e1
    • A
      qede: Use %pM format specifier for MAC addresses · 26b4b2d9
      Andy Shevchenko 提交于
      Convert to %pM instead of using custom code.
      Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      26b4b2d9
    • A
      qed: Use %pM format specifier for MAC addresses · b03c3bac
      Andy Shevchenko 提交于
      Convert to %pM instead of using custom code.
      Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b03c3bac
    • A
      hsr: Use %pM format specifier for MAC addresses · cc0b065f
      Andy Shevchenko 提交于
      Convert to %pM instead of using custom code.
      Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cc0b065f
    • D
      Merge branch 's390-qeth-next' · fdc22981
      David S. Miller 提交于
      Julian Wiedmann says:
      
      ====================
      s390/qeth: updates 2020-07-30
      
      please apply the following patch series for qeth to netdev's net-next tree.
      
      This primarily brings some modernization to the RX path, laying the
      groundwork for smarter RX refill policies.
      Some of the patches are tagged as fixes, but really target only rare /
      theoretical issues. So given where we are in the release cycle and that we
      touch the main RX path, taking them through net-next seems more appropriate.
      ====================
      Reviewed-by: NJakub Kicinski <kuba@kernel.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fdc22981