1. 01 11月, 2021 8 次提交
    • D
      Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queue · ebed1cf5
      David S. Miller 提交于
      Tony Nguyen says:
      
      ====================
      100GbE Intel Wired LAN Driver Updates 2021-10-29
      
      This series contains updates to ice and iavf drivers and virtchnl header
      file.
      
      Brett removes vlan_promisc argument from a function call for ice driver.
      In the virtchnl header file he removes an unused, reserved define and
      converts raw value defines to instead use the BIT macro.
      
      Marcin adds syncing of MAC addresses when creating switchdev VFs to
      remove error messages on link up and stops showing buffer information
      for port representors to remove duplicated entries being displayed for
      ice driver.
      
      Karen introduces a helper to go from pci_dev to iavf_adapter in the
      iavf driver.
      
      Przemyslaw fixes an issue where iavf was attempting to free IRQs before
      calling disable.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ebed1cf5
    • D
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next · 06f1ecd4
      David S. Miller 提交于
      Steffen Klassert says:
      
      ====================
      pull request (net-next): ipsec-next 2021-10-30
      
      Just two minor changes this time:
      
      1) Remove some superfluous header files from xfrm4_tunnel.c
         From Mianhan Liu.
      
      2) Simplify some error checks in xfrm_input().
         From luo penghao.
      
      Please pull or let me know if there are problems.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      06f1ecd4
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · 894d0844
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter updates for net-next
      
      The following patchset contains Netfilter updates for net-next:
      
      1) Use array_size() in ebtables, from Gustavo A. R. Silva.
      
      2) Attach IPS_ASSURED to internal UDP stream state, reported by
         Maciej Zenczykowski.
      
      3) Add NFT_META_IFTYPE to match on the interface type either
         from ingress or egress.
      
      4) Generalize pktinfo->tprot_set to flags field.
      
      5) Allow to match on inner headers / payload data.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      894d0844
    • D
      Merge tag 'mlx5-updates-2021-10-29' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux · 2aec919f
      David S. Miller 提交于
      Saeed Mahameed says:
      
      ====================
      mlx5-updates-2021-10-29
      
      1) Minor trivial refactoring and improvements
      2) Check for unsupported parameters fields in SW steering
      3) Support TC offload for OVS internal port, from Ariel, see below.
      
      Ariel Levkovich says:
      
      =====================
      
      Support HW offload of TC rules involving OVS internal port
      device type as the filter device or the destination
      device.
      
      The support is for flows which explicitly use the internal
      port as source or destination device as well as indirect offload
      for flows performing tunnel set or unset via a tunnel device
      and the internal port is the tunnel overlay device.
      
      Since flows with internal port as source port are added
      as egress rules while redirecting to internal port is done
      as an ingress redirect, the series introduces the necessary
      changes in mlx5_core driver to support the new types of flows
      and actions.
      
      =====================
      
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2aec919f
    • P
      netfilter: nft_payload: support for inner header matching / mangling · c46b38dc
      Pablo Neira Ayuso 提交于
      Allow to match and mangle on inner headers / payload data after the
      transport header. There is a new field in the pktinfo structure that
      stores the inner header offset which is calculated only when requested.
      Only TCP and UDP supported at this stage.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      c46b38dc
    • P
      netfilter: nf_tables: convert pktinfo->tprot_set to flags field · b5bdc6f9
      Pablo Neira Ayuso 提交于
      Generalize boolean field to store more flags on the pktinfo structure.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      b5bdc6f9
    • P
      netfilter: nft_meta: add NFT_META_IFTYPE · 56fa9501
      Pablo Neira Ayuso 提交于
      Generalize NFT_META_IIFTYPE to NFT_META_IFTYPE which allows you to match
      on the interface type of the skb->dev field. This field is used by the
      netdev family to add an implicit dependency to skip non-ethernet packets
      when matching on layer 3 and 4 TCP/IP header fields.
      
      For backward compatibility, add the NFT_META_IIFTYPE alias to
      NFT_META_IFTYPE.
      
      Add __NFT_META_IIFTYPE, to be used by userspace in the future to match
      specifically on the iiftype.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      56fa9501
    • P
      netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state · b7b1d02f
      Pablo Neira Ayuso 提交于
      The internal stream state sets the timeout to 120 seconds 2 seconds
      after the creation of the flow, attach this internal stream state to the
      IPS_ASSURED flag for consistent event reporting.
      
      Before this patch:
      
            [NEW] udp      17 30 src=10.246.11.13 dst=216.239.35.0 sport=37282 dport=123 [UNREPLIED] src=216.239.35.0 dst=10.246.11.13 sport=123 dport=37282
         [UPDATE] udp      17 30 src=10.246.11.13 dst=216.239.35.0 sport=37282 dport=123 src=216.239.35.0 dst=10.246.11.13 sport=123 dport=37282
         [UPDATE] udp      17 30 src=10.246.11.13 dst=216.239.35.0 sport=37282 dport=123 src=216.239.35.0 dst=10.246.11.13 sport=123 dport=37282 [ASSURED]
        [DESTROY] udp      17 src=10.246.11.13 dst=216.239.35.0 sport=37282 dport=123 src=216.239.35.0 dst=10.246.11.13 sport=123 dport=37282 [ASSURED]
      
      Note IPS_ASSURED for the flow not yet in the internal stream state.
      
      after this update:
      
            [NEW] udp      17 30 src=10.246.11.13 dst=216.239.35.0 sport=37282 dport=123 [UNREPLIED] src=216.239.35.0 dst=10.246.11.13 sport=123 dport=37282
         [UPDATE] udp      17 30 src=10.246.11.13 dst=216.239.35.0 sport=37282 dport=123 src=216.239.35.0 dst=10.246.11.13 sport=123 dport=37282
         [UPDATE] udp      17 120 src=10.246.11.13 dst=216.239.35.0 sport=37282 dport=123 src=216.239.35.0 dst=10.246.11.13 sport=123 dport=37282 [ASSURED]
        [DESTROY] udp      17 src=10.246.11.13 dst=216.239.35.0 sport=37282 dport=123 src=216.239.35.0 dst=10.246.11.13 sport=123 dport=37282 [ASSURED]
      
      Before this patch, short-lived UDP flows never entered IPS_ASSURED, so
      they were already candidate flow to be deleted by early_drop under
      stress.
      
      Before this patch, IPS_ASSURED is set on regardless the internal stream
      state, attach this internal stream state to IPS_ASSURED.
      
      packet #1 (original direction) enters NEW state
      packet #2 (reply direction) enters ESTABLISHED state, sets on IPS_SEEN_REPLY
      paclet #3 (any direction) sets on IPS_ASSURED (if 2 seconds since the
                creation has passed by).
      Reported-by: NMaciej Żenczykowski <zenczykowski@gmail.com>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      b7b1d02f
  2. 30 10月, 2021 32 次提交