Jacky Hu [Thu, 30 May 2019 00:16:40 +0000 (08:16 +0800)]
ipvs: add checksum support for gue encapsulation
Add checksum support for gue encapsulation with the tun_flags parameter,
which could be one of the values below:
IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM
IP_VS_TUNNEL_ENCAP_FLAG_CSUM
IP_VS_TUNNEL_ENCAP_FLAG_REMCSUM
Signed-off-by: Jacky Hu <hengqing.hu@gmail.com>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal [Thu, 23 May 2019 13:44:12 +0000 (15:44 +0200)]
netfilter: replace skb_make_writable with skb_ensure_writable
This converts all remaining users and then removes skb_make_writable.
Suggested-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal [Thu, 23 May 2019 13:44:11 +0000 (15:44 +0200)]
netfilter: tcpmss, optstrip: prefer skb_ensure_writable
This also changes optstrip to only make the tcp header writeable
rather than the entire packet.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal [Thu, 23 May 2019 13:44:10 +0000 (15:44 +0200)]
netfilter: xt_HL: prefer skb_ensure_writable
Also, make the argument to be only the needed size of the header
we're altering, no need to pull in the full packet into linear area.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal [Thu, 23 May 2019 13:44:09 +0000 (15:44 +0200)]
netfilter: nf_tables: prefer skb_ensure_writable
.. so skb_make_writable can be removed.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal [Thu, 23 May 2019 13:44:08 +0000 (15:44 +0200)]
netfilter: ipv4: prefer skb_ensure_writable
.. so skb_make_writable can be removed soon.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal [Thu, 23 May 2019 13:44:07 +0000 (15:44 +0200)]
netfilter: conntrack, nat: prefer skb_ensure_writable
like previous patches -- convert conntrack to use the core helper.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal [Thu, 23 May 2019 13:44:06 +0000 (15:44 +0200)]
netfilter: ipvs: prefer skb_ensure_writable
It does the same thing, use it instead so we can remove skb_make_writable.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal [Thu, 23 May 2019 13:44:05 +0000 (15:44 +0200)]
netfilter: bridge: convert skb_make_writable to skb_ensure_writable
Back in the day, skb_ensure_writable did not exist. By now, both functions
have the same precondition:
I. skb_make_writable will test in this order:
1. wlen > skb->len -> error
2. if not cloned and wlen <= headlen -> OK
3. If cloned and wlen bytes of clone writeable -> OK
After those checks, skb is either not cloned but needs to pull from
nonlinear area, or writing to head would also alter data of another clone.
In both cases skb_make_writable will then call __pskb_pull_tail, which will
kmalloc a new memory area to use for skb->head.
IOW, after successful skb_make_writable call, the requested length is in
linear area and can be modified, even if skb was cloned.
II. skb_ensure_writable will do this instead:
1. call pskb_may_pull. This handles case 1 above.
After this, wlen is in linear area, but skb might be cloned.
2. return if skb is not cloned
3. return if wlen byte of clone are writeable.
4. fully copy the skb.
So post-conditions are the same:
*len bytes are writeable in linear area without altering any payload data
of a clone, all header pointers might have been changed.
Only differences are that skb_ensure_writable is in the core, whereas
skb_make_writable lives in netfilter core and the inverted return value.
skb_make_writable returns 0 on error, whereas skb_ensure_writable returns
negative value.
For the normal cases performance is similar:
A. skb is not cloned and in linear area:
pskb_may_pull is inline helper, so neither function copies.
B. skb is cloned, write is in linear area and clone is writeable:
both funcions return with step 3.
This series removes skb_make_writable from the kernel.
While at it, pass the needed value instead, its less confusing that way:
There is no special-handling of "0-length" argument in either
skb_make_writable or skb_ensure_writable.
bridge already makes sure ethernet header is in linear area, only purpose
of the make_writable() is is to copy skb->head in case of cloned skbs.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal [Wed, 22 May 2019 21:35:11 +0000 (23:35 +0200)]
netfilter: nf_tables: free base chain counters from worker
No need to use synchronize_rcu() here, just swap the two pointers
and have the release occur from work queue after commit has completed.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Taehee Yoo [Wed, 15 May 2019 19:02:31 +0000 (04:02 +0900)]
netfilter: nf_flow_table: remove unnecessary variable in flow_offload_tuple
The oifidx in the struct flow_offload_tuple is not used anymore.
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Lukasz Pawelczyk [Fri, 10 May 2019 11:46:22 +0000 (13:46 +0200)]
netfilter: xt_owner: Add supplementary groups option
The XT_OWNER_SUPPL_GROUPS flag causes GIDs specified with XT_OWNER_GID
to be also checked in the supplementary groups of a process.
f_cred->group_info cannot be modified during its lifetime and f_cred
holds a reference to it so it's safe to use.
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Julian Anastasov [Sun, 5 May 2019 12:14:40 +0000 (15:14 +0300)]
ipvs: strip udp tunnel headers from icmp errors
Recognize UDP tunnels in received ICMP errors and
properly strip the tunnel headers. GUE is what we
have for now.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Julian Anastasov [Sun, 5 May 2019 12:14:39 +0000 (15:14 +0300)]
ipvs: add function to find tunnels
Add ip_vs_find_tunnel() to match tunnel headers
by family, address and optional port. Use it to
properly find the tunnel real server used in
received ICMP errors.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Julian Anastasov [Sun, 5 May 2019 12:14:38 +0000 (15:14 +0300)]
ipvs: allow rs_table to contain different real server types
Before now rs_table was used only for NAT real servers.
Change it to allow TUN real severs from different types,
possibly hashed with different port key.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
David S. Miller [Thu, 30 May 2019 22:17:05 +0000 (15:17 -0700)]
Merge branch '100GbE' of git://git./linux/kernel/git/jkirsher/next-queue
Jeff Kirsher says:
====================
100GbE Intel Wired LAN Driver Updates 2019-05-30
This series contains updates to ice driver only.
Brett continues his work with interrupt handling by fixing an issue
where were writing to the incorrect register to disable all VF
interrupts.
Tony consolidates the unicast and multicast MAC filters into a single
new function.
Anirudh adds support for virtual channel vector mapping to receive and
transmit queues. This uses a bitmap to associate indicated queues with
the specified vector. Makes several cosmetic code cleanups, as well as
update the driver to align with the current specification for managing
MAC operation codes (opcodes).
Paul adds support for Forward Error Correction (FEC) and also adds the
ethtool get and set handlers to modify FEC parameters.
Bruce cleans up the driver code to fix a number of issues, such as,
reducing the scope of some local variables, reduce the number of
de-references by changing a local variable and reorder the code to
remove unnecessary "goto's".
Dave adds switch rules to be able to handle LLDP packets and in the
process, fix a couple of issues found, like stop treating DCBx state of
"not started" as an error and stop hard coding the filter information
flag to transmit.
Jacob updates the driver to allow for more granular debugging by
developers by using a distinct separate bit for dumping firmware logs.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Kevin 'ldir' Darbyshire-Bryant [Thu, 30 May 2019 17:10:43 +0000 (17:10 +0000)]
net: sched: act_ctinfo: minor size optimisation
Since the new parameter block is initialised to 0 by kzmalloc we don't
need to mask & clear unused operational mode bits, they are already
unset.
Drop the pointless code.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 30 May 2019 22:02:33 +0000 (15:02 -0700)]
Merge branch 'complex-c45-phys'
Heiner Kallweit says:
====================
net: phy: improve handling of more complex C45 PHY's
This series tries to address few problematic aspects raised by
Russell. Concrete example is the Marvell 88x3310, the changes
should be helpful for other complex C45 PHY's too.
v2:
- added patch enabling interrupts also if phylib state machine
isn't started
- removed patch dealing with the double link status read
This one needs little bit more thinking and will go separately.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Heiner Kallweit [Thu, 30 May 2019 13:11:06 +0000 (15:11 +0200)]
net: phy: export phy_queue_state_machine
We face the issue that link change interrupt and link status may be
reported by different PHY layers. As a result the link change
interrupt may occur before the link status changes.
Export phy_queue_state_machine to allow PHY drivers to specify a
delay between link status change interrupt and link status check.
v2:
- change jiffies parameter type to unsigned long
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Suggested-by: Russell King <rmk+kernel@armlinux.org.uk>
Acked-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Heiner Kallweit [Thu, 30 May 2019 13:10:06 +0000 (15:10 +0200)]
net: phy: add callback for custom interrupt handler to struct phy_driver
The phylib interrupt handler handles link change events only currently.
However PHY drivers may want to use other interrupt sources too,
e.g. to report temperature monitoring events. Therefore add a callback
to struct phy_driver allowing PHY drivers to implement a custom
interrupt handler.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Suggested-by: Russell King - ARM Linux admin <linux@armlinux.org.uk>
Acked-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Heiner Kallweit [Thu, 30 May 2019 13:09:15 +0000 (15:09 +0200)]
net: phy: enable interrupts when PHY is attached already
This patch is a step towards allowing PHY drivers to handle more
interrupt sources than just link change. E.g. several PHY's have
built-in temperature monitoring and can raise an interrupt if a
temperature threshold is exceeded. We may be interested in such
interrupts also if the phylib state machine isn't started.
Therefore move enabling interrupts to phy_request_interrupt().
v2:
- patch added to series
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michal Kalderon [Thu, 30 May 2019 12:20:40 +0000 (15:20 +0300)]
qed: Fix static checker warning
In some cases abs_ppfid could be printed without being initialized.
Fixes:
79284adeb99e ("qed: Add llh ppfid interface and 100g support for offload protocols")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Michal Kalderon <michal.kalderon@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ioana Ciornei [Thu, 30 May 2019 06:09:07 +0000 (09:09 +0300)]
net: dsa: Add error path handling in dsa_tree_setup()
In case a call to dsa_tree_setup() fails, an attempt to cleanup is made
by calling dsa_tree_remove_switch(), which should take care of
removing/unregistering any resources previously allocated. This does not
happen because it is conditioned by dst->setup being true, which is set
only after _all_ setup steps were performed successfully.
This is especially interesting when the internal MDIO bus is registered
but afterwards, a port setup fails and the mdiobus_unregister() is never
called. This leads to a BUG_ON() complaining about the fact that it's
trying to free an MDIO bus that's still registered.
Add proper error handling in all functions branching from
dsa_tree_setup().
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Reported-by: kernel test robot <rong.a.chen@intel.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 30 May 2019 21:39:25 +0000 (14:39 -0700)]
Merge branch 'r8169-fw'
Heiner Kallweit says:
====================
r8169: decouple firmware handling code from actual driver code
These two patches are a step towards eventually factoring out firmware
handling code to a separate source file.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Heiner Kallweit [Wed, 29 May 2019 19:15:06 +0000 (21:15 +0200)]
r8169: decouple rtl_phy_write_fw from actual driver code
This patch is a further step towards decoupling firmware handling from
the actual driver code. Firmware can be for PHY and/or MAC, and two
pairs of read/write functions are needed for handling PHY firmware and
MAC firmware respectively. Pass these functions via struct rtl_fw and
avoid the ugly switching of mdio_ops behind the back of rtl_writephy().
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Heiner Kallweit [Wed, 29 May 2019 19:13:58 +0000 (21:13 +0200)]
r8169: improve rtl_fw_format_ok
Simplify the function a little bit and use strscpy() where appropriate.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Heiner Kallweit [Wed, 29 May 2019 18:52:03 +0000 (20:52 +0200)]
r8169: enable WoL speed down on more chip versions
Call the pll power down function also for chip versions 02..06 and
13..15. The MAC can't be powered down on these chip versions, but at
least they benefit from the speed-down power-saving if WoL is enabled.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Matteo Croce [Wed, 29 May 2019 15:39:41 +0000 (17:39 +0200)]
sctp: deduplicate identical skb_checksum_ops
The same skb_checksum_ops struct is defined twice in two different places,
leading to code duplication. Declare it as a global variable into a common
header instead of allocating it on the stack on each function call.
bloat-o-meter reports a slight code shrink.
add/remove: 1/1 grow/shrink: 0/10 up/down: 128/-1282 (-1154)
Function old new delta
sctp_csum_ops - 128 +128
crc32c_csum_ops 16 - -16
sctp_rcv 6616 6583 -33
sctp_packet_pack 4542 4504 -38
nf_conntrack_sctp_packet 4980 4926 -54
execute_masked_set_action 6453 6389 -64
tcf_csum_sctp 575 428 -147
sctp_gso_segment 1292 1126 -166
sctp_csum_check 579 412 -167
sctp_snat_handler 957 772 -185
sctp_dnat_handler 1321 1132 -189
l4proto_manip_pkt 2536 2313 -223
Total: Before=
359297613, After=
359296459, chg -0.00%
Reviewed-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Matteo Croce <mcroce@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Matteo Croce [Wed, 29 May 2019 15:13:48 +0000 (17:13 +0200)]
net: avoid indirect calls in L4 checksum calculation
Commit
283c16a2dfd3 ("indirect call wrappers: helpers to speed-up
indirect calls of builtin") introduces some macros to avoid doing
indirect calls.
Use these helpers to remove two indirect calls in the L4 checksum
calculation for devices which don't have hardware support for it.
As a test I generate packets with pktgen out to a dummy interface
with HW checksumming disabled, to have the checksum calculated in
every sent packet.
The packet rate measured with an i7-6700K CPU and a single pktgen
thread raised from 6143 to 6608 Kpps, an increase by 7.5%
Suggested-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Matteo Croce <mcroce@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
YueHaibing [Wed, 29 May 2019 14:34:32 +0000 (22:34 +0800)]
net: dsa: sja1105: Make static_config_check_memory_size static
Fix sparse warning:
drivers/net/dsa/sja1105/sja1105_static_config.c:446:1: warning:
symbol 'static_config_check_memory_size' was not declared. Should it be static?
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 30 May 2019 21:18:18 +0000 (14:18 -0700)]
Merge branch 'connection-tracking-support-for-bridge'
Pablo Neira Ayuso says:
====================
connection tracking support for bridge
This patchset adds native connection tracking support for the bridge.
Patch #1 and #2 extract code from IPv4/IPv6 fragmentation core and
introduce the fraglist splitter. That splits a skbuff fraglist into
independent fragments.
Patch #3 and #4 also extract code from IPv4/IPv6 fragmentation core
and introduce the skbuff into fragments transformer. This can be used
by linearized skbuffs (eg. coming from nfqueue and ct helpers) as well
as cloned skbuffs (that are either seen either with taps or with bridge
port flooding).
Patch #5 moves the specific IPCB() code from these new fragment
splitter/transformer APIs into the IPv4 stack. The bridge has a
different control buffer layout and it starts using this new APIs in
this patchset.
Patch #6 adds basic infrastructure that allows to register bridge
conntrack support.
Patch #7 adds bridge conntrack support (only for IPv4 in this patch).
Patch #8 adds IPv6 support for the bridge conntrack support.
Patch #9 registers the IPv4/IPv6 conntrack hooks in case the bridge
conntrack is used to deal with local traffic, ie. prerouting -> input
bridge hook path. This cover the bridge interface has a IP address
scenario.
Before this patchset, only chance for people to do stateful filtering is
to use the `br_netfilter` emulation layer, that turns bridge frame into
IPv4/IPv6 packets and inject them into the IPv4/IPv6 hooks. Apparently,
this module allows users to use iptables and all of its feature-set from
the bridge, including stateful filtering. However, this approach is
flawed in many aspects that have been discussed many times. This is a
step forward to deprecate `br_netfilter'.
v2: Fix English typo in commit message.
v3: Fix another English typo in commit message.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Wed, 29 May 2019 11:25:39 +0000 (13:25 +0200)]
netfilter: nf_conntrack_bridge: register inet conntrack for bridge
This patch enables IPv4 and IPv6 conntrack from the bridge to deal with
local traffic. Hence, packets that are passed up to the local input path
are confirmed later on from the {ipv4,ipv6}_confirm() hooks.
For packets leaving the IP stack (ie. output path), fragmentation occurs
after the inet postrouting hook. Therefore, the bridge local out and
postrouting bridge hooks see fragments with conntrack objects, which is
inconsistent. In this case, we could defragment again from the bridge
output hook, but this is expensive. The recommended filtering spot for
outgoing locally generated traffic leaving through the bridge interface
is to use the classic IPv4/IPv6 output hook, which comes earlier.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Wed, 29 May 2019 11:25:38 +0000 (13:25 +0200)]
netfilter: nf_conntrack_bridge: add support for IPv6
br_defrag() and br_fragment() indirections are added in case that IPv6
support comes as a module, to avoid pulling innecessary dependencies in.
The new fraglist iterator and fragment transformer APIs are used to
implement the refragmentation code.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Wed, 29 May 2019 11:25:37 +0000 (13:25 +0200)]
netfilter: bridge: add connection tracking system
This patch adds basic connection tracking support for the bridge,
including initial IPv4 support.
This patch register two hooks to deal with the bridge forwarding path,
one from the bridge prerouting hook to call nf_conntrack_in(); and
another from the bridge postrouting hook to confirm the entry.
The conntrack bridge prerouting hook defragments packets before passing
them to nf_conntrack_in() to look up for an existing entry, otherwise a
new entry is allocated and it is attached to the skbuff. The conntrack
bridge postrouting hook confirms new conntrack entries, ie. if this is
the first packet seen, then it adds the entry to the hashtable and (if
needed) it refragments the skbuff into the original fragments, leaving
the geometry as is if possible. Exceptions are linearized skbuffs, eg.
skbuffs that are passed up to nfqueue and conntrack helpers, as well as
cloned skbuff for the local delivery (eg. tcpdump), also in case of
bridge port flooding (cloned skbuff too).
The packet defragmentation is done through the ip_defrag() call. This
forces us to save the bridge control buffer, reset the IP control buffer
area and then restore it after call. This function also bumps the IP
fragmentation statistics, it would be probably desiderable to have
independent statistics for the bridge defragmentation/refragmentation.
The maximum fragment length is stored in the control buffer and it is
used to refragment the skbuff from the postrouting path.
The new fraglist splitter and fragment transformer APIs are used to
implement the bridge refragmentation code. The br_ip_fragment() function
drops the packet in case the maximum fragment size seen is larger than
the output port MTU.
This patchset follows the principle that conntrack should not drop
packets, so users can do it through policy via invalid state matching.
Like br_netfilter, there is no refragmentation for packets that are
passed up for local delivery, ie. prerouting -> input path. There are
calls to nf_reset() already in several spots in the stack since time ago
already, eg. af_packet, that show that skbuff fraglist handling from the
netif_rx path is supported already.
The helpers are called from the postrouting hook, before confirmation,
from there we may see packet floods to bridge ports. Then, although
unlikely, this may result in exercising the helpers many times for each
clone. It would be good to explore how to pass all the packets in a list
to the conntrack hook to do this handle only once for this case.
Thanks to Florian Westphal for handing me over an initial patchset
version to add support for conntrack bridge.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Wed, 29 May 2019 11:25:36 +0000 (13:25 +0200)]
netfilter: nf_conntrack: allow to register bridge support
This patch adds infrastructure to register and to unregister bridge
support for the conntrack module via nf_ct_bridge_register() and
nf_ct_bridge_unregister().
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Wed, 29 May 2019 11:25:35 +0000 (13:25 +0200)]
net: ipv4: place control buffer handling away from fragmentation iterators
Deal with the IPCB() area away from the iterators.
The bridge codebase has its own control buffer layout, move specific
IP control buffer handling into the IPv4 codepath.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Wed, 29 May 2019 11:25:34 +0000 (13:25 +0200)]
net: ipv6: split skbuff into fragments transformer
This patch exposes a new API to refragment a skbuff. This allows you to
split either a linear skbuff or to force the refragmentation of an
existing fraglist using a different mtu. The API consists of:
* ip6_frag_init(), that initializes the internal state of the transformer.
* ip6_frag_next(), that allows you to fetch the next fragment. This function
internally allocates the skbuff that represents the fragment, it pushes
the IPv6 header, and it also copies the payload for each fragment.
The ip6_frag_state object stores the internal state of the splitter.
This code has been extracted from ip6_fragment(). Symbols are also
exported to allow to reuse this iterator from the bridge codepath to
build its own refragmentation routine by reusing the existing codebase.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Wed, 29 May 2019 11:25:33 +0000 (13:25 +0200)]
net: ipv4: split skbuff into fragments transformer
This patch exposes a new API to refragment a skbuff. This allows you to
split either a linear skbuff or to force the refragmentation of an
existing fraglist using a different mtu. The API consists of:
* ip_frag_init(), that initializes the internal state of the transformer.
* ip_frag_next(), that allows you to fetch the next fragment. This function
internally allocates the skbuff that represents the fragment, it pushes
the IPv4 header, and it also copies the payload for each fragment.
The ip_frag_state object stores the internal state of the splitter.
This code has been extracted from ip_do_fragment(). Symbols are also
exported to allow to reuse this iterator from the bridge codepath to
build its own refragmentation routine by reusing the existing codebase.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Wed, 29 May 2019 11:25:32 +0000 (13:25 +0200)]
net: ipv6: add skbuff fraglist splitter
This patch adds the skbuff fraglist split iterator. This API provides an
iterator to transform the fraglist into single skbuff objects, it
consists of:
* ip6_fraglist_init(), that initializes the internal state of the
fraglist iterator.
* ip6_fraglist_prepare(), that restores the IPv6 header on the fragment.
* ip6_fraglist_next(), that retrieves the fragment from the fraglist and
updates the internal state of the iterator to point to the next
fragment in the fraglist.
The ip6_fraglist_iter object stores the internal state of the iterator.
This code has been extracted from ip6_fragment(). Symbols are also
exported to allow to reuse this iterator from the bridge codepath to
build its own refragmentation routine by reusing the existing codebase.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Wed, 29 May 2019 11:25:31 +0000 (13:25 +0200)]
net: ipv4: add skbuff fraglist splitter
This patch adds the skbuff fraglist splitter. This API provides an
iterator to transform the fraglist into single skbuff objects, it
consists of:
* ip_fraglist_init(), that initializes the internal state of the
fraglist splitter.
* ip_fraglist_prepare(), that restores the IPv4 header on the
fragments.
* ip_fraglist_next(), that retrieves the fragment from the fraglist and
it updates the internal state of the splitter to point to the next
fragment skbuff in the fraglist.
The ip_fraglist_iter object stores the internal state of the iterator.
This code has been extracted from ip_do_fragment(). Symbols are also
exported to allow to reuse this iterator from the bridge codepath to
build its own refragmentation routine by reusing the existing codebase.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 30 May 2019 20:41:26 +0000 (13:41 -0700)]
Merge branch 'add-TFO-backup-key'
Jason Baron says:
====================
add TFO backup key
Christoph, Igor, and I have worked on an API that facilitates TFO key
rotation. This is a follow up to the series that Christoph previously
posted, with an API that meets both of our use-cases. Here's a
link to the previous work:
https://patchwork.ozlabs.org/cover/1013753/
Changes in v2:
-spelling fixes in ip-sysctl.txt (Jeremy Sowden)
-re-base to latest net-next
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Jason Baron [Wed, 29 May 2019 16:34:01 +0000 (12:34 -0400)]
selftests/net: add TFO key rotation selftest
Demonstrate how the primary and backup TFO keys can be rotated while
minimizing the number of client cookies that are rejected.
Signed-off-by: Jason Baron <jbaron@akamai.com>
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jason Baron [Wed, 29 May 2019 16:34:00 +0000 (12:34 -0400)]
Documentation: ip-sysctl.txt: Document tcp_fastopen_key
Add docs for /proc/sys/net/ipv4/tcp_fastopen_key
Signed-off-by: Jason Baron <jbaron@akamai.com>
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Cc: Jeremy Sowden <jeremy@azazel.net>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jason Baron [Wed, 29 May 2019 16:33:59 +0000 (12:33 -0400)]
tcp: add support for optional TFO backup key to net.ipv4.tcp_fastopen_key
Add the ability to add a backup TFO key as:
# echo "x-x-x-x,x-x-x-x" > /proc/sys/net/ipv4/tcp_fastopen_key
The key before the comma acks as the primary TFO key and the key after the
comma is the backup TFO key. This change is intended to be backwards
compatible since if only one key is set, userspace will simply read back
that single key as follows:
# echo "x-x-x-x" > /proc/sys/net/ipv4/tcp_fastopen_key
# cat /proc/sys/net/ipv4/tcp_fastopen_key
x-x-x-x
Signed-off-by: Jason Baron <jbaron@akamai.com>
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jason Baron [Wed, 29 May 2019 16:33:58 +0000 (12:33 -0400)]
tcp: add support to TCP_FASTOPEN_KEY for optional backup key
Add support for get/set of an optional backup key via TCP_FASTOPEN_KEY, in
addition to the current 'primary' key. The primary key is used to encrypt
and decrypt TFO cookies, while the backup is only used to decrypt TFO
cookies. The backup key is used to maximize successful TFO connections when
TFO keys are rotated.
Currently, TCP_FASTOPEN_KEY allows a single 16-byte primary key to be set.
This patch now allows a 32-byte value to be set, where the first 16 bytes
are used as the primary key and the second 16 bytes are used for the backup
key. Similarly, for getsockopt(), we can receive a 32-byte value as output
if requested. If a 16-byte value is used to set the primary key via
TCP_FASTOPEN_KEY, then any previously set backup key will be removed.
Signed-off-by: Jason Baron <jbaron@akamai.com>
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jason Baron [Wed, 29 May 2019 16:33:57 +0000 (12:33 -0400)]
tcp: add backup TFO key infrastructure
We would like to be able to rotate TFO keys while minimizing the number of
client cookies that are rejected. Currently, we have only one key which can
be used to generate and validate cookies, thus if we simply replace this
key clients can easily have cookies rejected upon rotation.
We propose having the ability to have both a primary key and a backup key.
The primary key is used to generate as well as to validate cookies.
The backup is only used to validate cookies. Thus, keys can be rotated as:
1) generate new key
2) add new key as the backup key
3) swap the primary and backup key, thus setting the new key as the primary
We don't simply set the new key as the primary key and move the old key to
the backup slot because the ip may be behind a load balancer and we further
allow for the fact that all machines behind the load balancer will not be
updated simultaneously.
We make use of this infrastructure in subsequent patches.
Suggested-by: Igor Lubashev <ilubashe@akamai.com>
Signed-off-by: Jason Baron <jbaron@akamai.com>
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Christoph Paasch [Wed, 29 May 2019 16:33:56 +0000 (12:33 -0400)]
tcp: introduce __tcp_fastopen_cookie_gen_cipher()
Restructure __tcp_fastopen_cookie_gen() to take a 'struct crypto_cipher'
argument and rename it as __tcp_fastopen_cookie_gen_cipher(). Subsequent
patches will provide different ciphers based on which key is being used for
the cookie generation.
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Signed-off-by: Jason Baron <jbaron@akamai.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 30 May 2019 19:59:53 +0000 (12:59 -0700)]
Merge branch 'mlxsw-Hardware-monitoring-enhancements'
Ido Schimmel says:
====================
mlxsw: Hardware monitoring enhancements
This patchset from Vadim provides various hardware monitoring related
improvements for mlxsw.
Patch #1 allows querying firmware version from the switch driver when
the underlying bus is I2C. This is useful for baseboard management
controller (BMC) systems that communicate with the ASIC over I2C.
Patch #2 improves driver's performance over I2C by utilizing larger
transactions sizes, if possible.
Patch #3 re-orders driver's initialization sequence to enforce a
specific firmware version before new firmware features are utilized.
This is a prerequisite for patches #4-#6.
Patches #4-#6 expose the temperature of inter-connect devices
(gearboxes) that are present in Mellanox SN3800 systems and split
2x50Gb/s lanes to 4x25Gb/s lanes.
Patches #7-#8 reduce the transaction size when reading SFP modules
temperatures, which is crucial when working over I2C.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Vadim Pasternak [Wed, 29 May 2019 08:47:22 +0000 (11:47 +0300)]
mlxsw: core: Reduce buffer size in transactions for SFP modules temperature readout
Obtain SFP modules temperatures through MTMP register instead of MTBR
register, because the first one utilizes shorter transaction buffer size
for request. It improves performance in case low frequency interface
(I2C) is used for communication with a chip.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vadim Pasternak [Wed, 29 May 2019 08:47:21 +0000 (11:47 +0300)]
mlxsw: core: Extend the index size for temperature sensors readout
Extend sensor index size for Management Temperature Bulk Register
(MTBR) and Management Temperature Register (MTMP) upto 12 bits in
order to align registers description with new version of PRM document.
Add define for base sensor index for SFP modules temperature reading
for MTMP register.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vadim Pasternak [Wed, 29 May 2019 08:47:20 +0000 (11:47 +0300)]
mlxsw: core: Extend hwmon interface with inter-connect temperature attributes
Add new attributes to hwmon object for exposing inter-connects temperature
input, highest, reset_history temperatures and label. Temperatures are read
from Management Temperature Register.
The number of inter-connect devices is read from Management General
Peripheral Information Register.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vadim Pasternak [Wed, 29 May 2019 08:47:19 +0000 (11:47 +0300)]
mlxsw: reg: Add Management General Peripheral Information Register
Add MGPIR - Management General Peripheral Information Register, which
allows software to query the hardware and firmware general information
of peripheral entities as Gearboxes etc.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vadim Pasternak [Wed, 29 May 2019 08:47:18 +0000 (11:47 +0300)]
mlxsw: reg: Extend sensor index field size of Management Temperature Register
Extend the size of sensor_index field of MTMP (Management Temperature
Register), from 8 to 12 bits due to hardware change.
Add define for sensor index for Gear Box (inter-connects) temperature
reading.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ido Schimmel [Wed, 29 May 2019 08:47:17 +0000 (11:47 +0300)]
mlxsw: core: Re-order initialization sequence
The driver core first registers with the hwmon and thermal subsystems
and only then proceeds to initialize the switch driver (e.g.,
mlxsw_spectrum). It is only during the last stage that the current
firmware version is validated and a newer one flashed, if necessary.
The above means that if a new firmware feature is utilized by the
hwmon/thermal code, the driver will not be able to load.
Solve this by re-ordering initializing the switch driver before
registering with the hwmon and thermal subsystems.
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reported-by: Shalom Toledo <shalomt@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vadim Pasternak [Wed, 29 May 2019 08:47:16 +0000 (11:47 +0300)]
mlxsw: i2c: Allow flexible setting of I2C transactions size
Current implementation uses fixed size of I2C data transaction buffer.
Allow to set size of I2C transactions according to I2C physical adapter
capability. For that purpose adapter read and write size is obtained
from the I2C physical adapter and buffer size is set according to the
minimum of these two values. If adapter does not provide such info,
default buffer size is to be used.
It allows to improve performance of I2C access to silicon when long
size transactions are used.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vadim Pasternak [Wed, 29 May 2019 08:47:15 +0000 (11:47 +0300)]
mlxsw: i2c: Extend initialization with querying firmware info
Extend initialization flow with query request for firmware info in
order to obtain firmware version info.
This info is to be provided to minimal driver to support ethtool
get_drvinfo() interface.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 30 May 2019 19:59:07 +0000 (12:59 -0700)]
Merge branch 'net-stmmac-selftests-Two-fixes'
Jose Abreu says:
====================
net: stmmac: selftests: Two fixes
Two fixes reported by kbuild.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Jose Abreu [Wed, 29 May 2019 08:30:26 +0000 (10:30 +0200)]
net: stmmac: selftests: Use kfree_skb() instead of kfree()
kfree_skb() shall be used instead of kfree(). Fix it.
Fixes:
091810dbded9 ("net: stmmac: Introduce selftests support")
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jose Abreu <joabreu@synopsys.com>
Cc: Joao Pinto <jpinto@synopsys.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Cc: Alexandre Torgue <alexandre.torgue@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jose Abreu [Wed, 29 May 2019 08:30:25 +0000 (10:30 +0200)]
net: stmmac: selftests: Fix sparse warning
Variable shall be __be16. Fix it.
Fixes:
091810dbded9 ("net: stmmac: Introduce selftests support")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Jose Abreu <joabreu@synopsys.com>
Cc: Joao Pinto <jpinto@synopsys.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Cc: Alexandre Torgue <alexandre.torgue@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Wed, 29 May 2019 05:40:26 +0000 (13:40 +0800)]
inet: frags: Remove unnecessary smp_store_release/READ_ONCE
The smp_store_release call in fqdir_exit cannot protect the setting
of fqdir->dead as claimed because its memory barrier is only
guaranteed to be one-way and the barrier precedes the setting of
fqdir->dead.
IOW it doesn't provide any barriers between fq->dir and the following
hash table destruction.
In fact, the code is safe anyway because call_rcu does provide both
the memory barrier as well as a guarantee that when the destruction
work starts executing all RCU readers will see the updated value for
fqdir->dead.
Therefore this patch removes the unnecessary smp_store_release call
as well as the corresponding READ_ONCE on the read-side in order to
not confuse future readers of this code. Comments have been added
in their places.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
YueHaibing [Wed, 29 May 2019 02:59:06 +0000 (10:59 +0800)]
net: mvpp2: cls: Remove unnessesary check in mvpp2_ethtool_cls_rule_ins
Fix smatch warning:
drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c:1236
mvpp2_ethtool_cls_rule_ins() warn: unsigned 'info->fs.location' is never less than zero.
'info->fs.location' is u32 type, never less than zero.
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jisheng Zhang [Wed, 29 May 2019 02:26:07 +0000 (02:26 +0000)]
net: stmmac: Switch to devm_alloc_etherdev_mqs
Make use of devm_alloc_etherdev_mqs() to simplify the code.
Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 30 May 2019 18:36:15 +0000 (11:36 -0700)]
tua6100: Avoid build warnings.
Rename _P to _P_VAL and _R to _R_VAL to avoid global
namespace conflicts:
drivers/media/dvb-frontends/tua6100.c: In function ‘tua6100_set_params’:
drivers/media/dvb-frontends/tua6100.c:79: warning: "_P" redefined
#define _P 32
In file included from ./include/acpi/platform/aclinux.h:54,
from ./include/acpi/platform/acenv.h:152,
from ./include/acpi/acpi.h:22,
from ./include/linux/acpi.h:34,
from ./include/linux/i2c.h:17,
from drivers/media/dvb-frontends/tua6100.h:30,
from drivers/media/dvb-frontends/tua6100.c:32:
./include/linux/ctype.h:14: note: this is the location of the previous definition
#define _P 0x10 /* punct */
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 30 May 2019 18:27:47 +0000 (11:27 -0700)]
Merge branch 'Enable-SFP-on-ACPI-based-systems'
Ruslan Babayev says:
====================
Enable SFP on ACPI based systems
Changes:
v2:
- more descriptive commit body
v3:
- made 'i2c_acpi_find_adapter_by_handle' static inline
v4:
- don't initialize i2c_adapter to NULL. Instead see below...
- handle the case of neither DT nor ACPI present as invalid.
- alphabetical includes.
- use has_acpi_companion().
- use the same argument name in i2c_acpi_find_adapter_by_handle()
in both stubbed and non-stubbed cases.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Ruslan Babayev [Tue, 28 May 2019 23:02:33 +0000 (16:02 -0700)]
net: phy: sfp: enable i2c-bus detection on ACPI based systems
Lookup I2C adapter using the "i2c-bus" device property on ACPI based
systems similar to how it's done with DT.
An example DSD describing an SFP on an ACPI based system:
Device (SFP0)
{
Name (_HID, "PRP0001")
Name (_CRS, ResourceTemplate()
{
GpioIo(Exclusive, PullDefault, 0, 0, IoRestrictionNone,
"\\_SB.PCI0.RP01.GPIO", 0, ResourceConsumer)
{ 0, 1, 2, 3, 4 }
})
Name (_DSD, Package ()
{
ToUUID ("
daffd814-6eba-4d8c-8a91-
bc9bbf4aa301"),
Package () {
Package () { "compatible", "sff,sfp" },
Package () { "i2c-bus", \_SB.PCI0.RP01.I2C.MUX.CH0 },
Package () { "maximum-power-milliwatt", 1000 },
Package () { "tx-disable-gpios", Package () { ^SFP0, 0, 0, 1} },
Package () { "reset-gpio", Package () { ^SFP0, 0, 1, 1} },
Package () { "mod-def0-gpios", Package () { ^SFP0, 0, 2, 1} },
Package () { "tx-fault-gpios", Package () { ^SFP0, 0, 3, 0} },
Package () { "los-gpios", Package () { ^SFP0, 0, 4, 1} },
},
})
}
Device (PHY0)
{
Name (_HID, "PRP0001")
Name (_DSD, Package ()
{
ToUUID ("
daffd814-6eba-4d8c-8a91-
bc9bbf4aa301"),
Package () {
Package () { "compatible", "ethernet-phy-ieee802.3-c45" },
Package () { "sfp", \_SB.PCI0.RP01.SFP0 },
Package () { "managed", "in-band-status" },
Package () { "phy-mode", "sgmii" },
},
})
}
Signed-off-by: Ruslan Babayev <ruslan@babayev.com>
Cc: xe-linux-external@cisco.com
Acked-by: Russell King <rmk+kernel@armlinux.org.uk>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ruslan Babayev [Tue, 28 May 2019 23:02:32 +0000 (16:02 -0700)]
i2c: acpi: export i2c_acpi_find_adapter_by_handle
This allows drivers to lookup i2c adapters on ACPI based systems similar to
of_get_i2c_adapter_by_node() with DT based systems.
Signed-off-by: Ruslan Babayev <ruslan@babayev.com>
Cc: xe-linux-external@cisco.com
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Anirudh Venkataramanan [Tue, 16 Apr 2019 17:35:03 +0000 (10:35 -0700)]
ice: Trivial cosmetic changes
This patch mostly capitalizes abbreviations in code comments. Fixed some
typos and removed some unnecessary newlines as well.
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Anirudh Venkataramanan [Tue, 16 Apr 2019 17:35:02 +0000 (10:35 -0700)]
ice: Recognize higher speeds
In ice_print_link_msg, add cases for 50GB and 100GB speeds. This
results in the right speed being reported on load, instead of
"Unknownbps".
When VF link if forced (in ice_set_pfe_link_forced), report
max speed 100GB.
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Jacob Keller [Tue, 16 Apr 2019 17:35:01 +0000 (10:35 -0700)]
ice: Use a different ICE_DBG bit for firmware log messages
Replace the use of the ICE_DBG_AQ_MSG bit when dumping firmware logging
messages with a separate distinct type ICE_DBG_FW_LOG. This is useful
so that developers may enable ICE_DBG_FW_LOG and get firmware logging
messages, without also dumping AdminQ messages at the same time.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Anirudh Venkataramanan [Tue, 16 Apr 2019 17:35:00 +0000 (10:35 -0700)]
ice: Update function header
Add some details to the function header for ice_deinit_hw.
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Anirudh Venkataramanan [Tue, 16 Apr 2019 17:34:59 +0000 (10:34 -0700)]
ice: Move define for ICE_AQC_DRIVER_UNLOADING
The define describing the bits for the struct field should be below
the field itself.
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Anirudh Venkataramanan [Tue, 16 Apr 2019 17:34:58 +0000 (10:34 -0700)]
ice: Align to updated AQ command formats
The current specification has updates to the command formats for
manage MAC opcodes (opcodes 0x0107 and 0x0108) and get PHY caps
(opcode 0x0600). Update the code to reflect this.
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Anirudh Venkataramanan [Tue, 16 Apr 2019 17:34:57 +0000 (10:34 -0700)]
ice: Use continue instead of an else block
For style consistency, use continue instead of an else block in
ice_pf_dcb_recfg.
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Preethi Banala [Tue, 16 Apr 2019 17:34:56 +0000 (10:34 -0700)]
ice: Change minimum descriptor count value for Tx/Rx rings
Change minimum number of descriptor count from 32 to 64. This is to have
a feature parity with previous Intel NIC drivers.
Signed-off-by: Preethi Banala <preethi.banala@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Dave Ertman [Tue, 16 Apr 2019 17:34:55 +0000 (10:34 -0700)]
ice: Add switch rules to handle LLDP packets
Add call to configure dropping egress LLDP packets in ice_vsi_setup
and remove the rule in ice_vsi_release.
Add calls to add/remove rule to route LLDP packets to default VSI when
FW LLDP engine is disabled/enabled and remove rule if applied during
ice_vsi_release.
In the function ice_add_eth_mac(), there is a line that hard codes the
filter info flag to TX. This is incorrect as this flag will be set by
the calling function that built the list of filters to add. So remove
the hard coded value.
This patch also contains a fix to stop treating the DCBx state of
"Not Started" as an error state that kicks DCB in SW mode. This will
address having non-cabled interfaces automatically go into SW mode
with the FW engine running.
Signed-off-by: Dave Ertman <david.m.ertman@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Bruce Allan [Tue, 16 Apr 2019 17:34:54 +0000 (10:34 -0700)]
ice: Cleanup ice_update_link_info
Do not allocate memory for the Get PHY Abilities command data buffer when
it is not necessary, change one local variable to another to reduce the
number of de-references, reduce the scope of some local variables, and
reorder the code and change exit points to get rid of an unnecessary goto
label.
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Akeem G Abodunrin [Tue, 16 Apr 2019 17:34:53 +0000 (10:34 -0700)]
ice: Use right type for ice_cfg_vsi_lan return
ice_cfg_vsi_lan returns a value of type enum ice_status. So
use a local of the same type to capture the return value.
Signed-off-by: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Paul Greenwalt [Tue, 16 Apr 2019 17:34:52 +0000 (10:34 -0700)]
ice: Add support for Forward Error Correction (FEC)
This patch adds driver support for Forward Error Correction (FEC)
and ethtool handlers to set/get FEC params.
Signed-off-by: Paul Greenwalt <paul.greenwalt@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Anirudh Venkataramanan [Tue, 16 Apr 2019 17:34:51 +0000 (10:34 -0700)]
ice: Add support for virtchnl_vector_map.[rxq|txq]_map
Add support for virtchnl_vector_map.[rxq|txq]_map to use bitmap to
associate indicated queues with the specified vector. This support is
needed since the Windows AVF driver calls VIRTCHNL_OP_CONFIG_IRQ_MAP for
each vector and used the bitmap to indicate the associated queues.
Updated ice_vc_dis_qs_msg to not subtract one from
virtchnl_irq_map_info.num_vectors, and changed the VSI vector index to
the vector id. This change supports the Windows AVF driver which maps
one vector at a time and sets num_vectors to one. Using vectors_id to
index the vector array .
Add check for vector_id zero, and return VIRTCHNL_STATUS_ERR_PARAM
if vector_id is zero and there are rings associated with that vector.
Vector_id zero is for the OICR.
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Tony Nguyen [Tue, 16 Apr 2019 17:34:50 +0000 (10:34 -0700)]
ice: Introduce ice_init_mac_fltr and move ice_napi_del
Consolidate adding unicast and broadcast MAC filters in a single new
function ice_init_mac_fltr.
Move ice_napi_del to ice_lib.c
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Brett Creeley [Tue, 16 Apr 2019 17:30:52 +0000 (10:30 -0700)]
ice: Use GLINT_DYN_CTL to disable VF's interrupts
Currently in ice_free_vf_res() we are writing to the VFINT_DYN_CTLN
register in the PF's function space to disable all VF's interrupts. This
is incorrect because this register is only for use in the VF's function
space. This becomes obvious when seeing that the valid indices used for
the VFINT_DYN_CTLN register is from 0-63, which is the maximum number of
interrupts for a VF (not including the OICR interrupt). Fix this by
writing to the GLINT_DYN_CTL register for each VF. We can do this
because we keep track of each VF's first_vector_idx inside of the PF's
function space and the number of interrupts given to each VF.
Also in ice_free_vfs() we were disabling Rx/Tx queues after calling
pci_disable_sriov(). One part of disabling the Tx queues causes the PF
driver to trigger a software interrupt, which causes the VF's napi
routine to run. This doesn't currently work because pci_disable_sriov()
causes iavf_remove() to be called which disables interrupts. Fix this by
disabling Rx/Tx queues prior to pci_disable_sriov().
Signed-off-by: Brett Creeley <brett.creeley@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Marek Vasut [Tue, 28 May 2019 18:15:41 +0000 (20:15 +0200)]
net: phy: tja11xx: Switch to HWMON_CHANNEL_INFO()
The HWMON_CHANNEL_INFO macro simplifies the code, reduces the likelihood
of errors, and makes the code easier to read.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Andrew Lunn <andrew@lunn.ch>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Heiner Kallweit <hkallweit1@gmail.com>
Cc: Jean Delvare <jdelvare@suse.com>
Cc: linux-hwmon@vger.kernel.org
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ivan Khoronzhuk [Tue, 28 May 2019 17:45:19 +0000 (20:45 +0300)]
net: ethernet: ti: cpsw: correct .ndo_open error path
It's found while review and probably never happens, but real number
of queues is set per device, and error path should be per device.
So split error path based on usage_count.
Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 30 May 2019 04:48:54 +0000 (21:48 -0700)]
Merge branch 'Decoupling-PHYLINK-from-struct-net_device'
Ioana Ciornei says:
====================
Decoupling PHYLINK from struct net_device
Following two separate discussion threads in:
https://www.spinics.net/lists/netdev/msg569087.html
and:
https://www.spinics.net/lists/netdev/msg570450.html
Previous RFC patch set: https://www.spinics.net/lists/netdev/msg571995.html
PHYLINK was reworked in order to accept multiple operation types,
PHYLINK_NETDEV and PHYLINK_DEV, passed through a phylink_config
structure alongside the corresponding struct device.
One of the main concerns expressed in the RFC was that using notifiers
to signal the corresponding phylink_mac_ops would break PHYLINK's API
unity and that it would become harder to grep for its users.
Using the current approach, we maintain a common API for all users.
Also, printing useful information in PHYLINK, when decoupled from a
net_device, is achieved using dev_err&co on the struct device received
(in DSA's case is the device corresponding to the dsa_switch).
PHYLIB (which PHYLINK uses) was reworked to the extent that it does not
crash when connecting to a PHY and the net_device pointer is NULL.
Lastly, DSA has been reworked in its way that it handles PHYs for ports
that lack a net_device (CPU and DSA ports). For these, it was
previously using PHYLIB and is now using the PHYLINK_DEV operation type.
Previously, a driver that wanted to support PHY operations on CPU/DSA
ports has to implement .adjust_link(). This patch set not only gives
drivers the options to use PHYLINK uniformly but also urges them to
convert to it. For compatibility, the old code is kept but it will be
removed once all drivers switch over.
The patchset was tested on the NXP LS1021A-TSN board having the
following Ethernet layout:
https://lkml.org/lkml/2019/5/5/279
The CPU port was moved from the internal RGMII fixed-link (enet2 ->
switch port 4) to an external loopback Cat5 cable between the enet1 port
and the front-facing swp2 SJA1105 port. In this mode, both the master
and the CPU port have an attached PHY which detects link change events:
[ 49.105426] fsl-gianfar soc:ethernet@2d50000 eth1: Link is Down
[ 50.305486] sja1105 spi0.1: Link is Down
[ 53.265596] fsl-gianfar soc:ethernet@2d50000 eth1: Link is Up - 1Gbps/Full - flow control off
[ 54.466304] sja1105 spi0.1: Link is Up - 1Gbps/Full - flow control off
Changes in v2:
- fixed sparse warnings
- updated 'Documentation/ABI/testing/sysfs-class-net-phydev'
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Vladimir Oltean [Tue, 28 May 2019 17:38:17 +0000 (20:38 +0300)]
net: dsa: sja1105: Fix broken fixed-link interfaces on user ports
PHYLIB and PHYLINK handle fixed-link interfaces differently. PHYLIB
wraps them in a software PHY ("pseudo fixed link") phydev construct such
that .adjust_link driver callbacks see an unified API. Whereas PHYLINK
simply creates a phylink_link_state structure and passes it to
.mac_config.
At the time the driver was introduced, DSA was using PHYLIB for the
CPU/cascade ports (the ones with no net devices) and PHYLINK for
everything else.
As explained below:
commit
aab9c4067d2389d0adfc9c53806437df7b0fe3d5
Author: Florian Fainelli <f.fainelli@gmail.com>
Date: Thu May 10 13:17:36 2018 -0700
net: dsa: Plug in PHYLINK support
Drivers that utilize fixed links for user-facing ports (e.g: bcm_sf2)
will need to implement phylink_mac_ops from now on to preserve
functionality, since PHYLINK *does not* create a phy_device instance
for fixed links.
In the above patch, DSA guards the .phylink_mac_config callback against
a NULL phydev pointer. Therefore, .adjust_link is not called in case of
a fixed-link user port.
This patch fixes the situation by converting the driver from using
.adjust_link to .phylink_mac_config. This can be done now in a unified
fashion for both slave and CPU/cascade ports because DSA now uses
PHYLINK for all ports.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ioana Ciornei [Tue, 28 May 2019 17:38:16 +0000 (20:38 +0300)]
net: dsa: Use PHYLINK for the CPU/DSA ports
For DSA switches that do not have an .adjust_link callback, aka those
who transitioned totally to the PHYLINK-compliant API, use PHYLINK to
drive the CPU/DSA ports.
The PHYLIB usage and .adjust_link are kept but deprecated, and users are
asked to transition from it. The reason why we can't do anything for
them is because PHYLINK does not wrap the fixed-link state behind a
phydev object, so we cannot wrap .phylink_mac_config into .adjust_link
unless we fabricate a phy_device structure.
For these ports, the newly introduced PHYLINK_DEV operation type is
used and the dsa_switch device structure is passed to PHYLINK for
printing purposes. The handling of the PHYLINK_NETDEV and PHYLINK_DEV
PHYLINK instances is common from the perspective of the driver.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ioana Ciornei [Tue, 28 May 2019 17:38:15 +0000 (20:38 +0300)]
net: dsa: Move the phylink driver calls into port.c
In order to have a common handling of PHYLINK for the slave and non-user
ports, the DSA core glue logic (between PHYLINK and the driver) must use
an API that does not rely on a struct net_device.
These will also be called by the CPU-port-handling code in a further
patch.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Suggested-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ioana Ciornei [Tue, 28 May 2019 17:38:14 +0000 (20:38 +0300)]
net: phylink: Add phylink_{printk, err, warn, info, dbg} macros
With the latest addition to the PHYLINK infrastructure, we are faced
with a decision on when to print necessary info using the struct
net_device and when with the struct device.
Add a series of macros that encapsulate this decision and replace all
uses of netdev_err&co with phylink_err.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ioana Ciornei [Tue, 28 May 2019 17:38:13 +0000 (20:38 +0300)]
net: phylink: Add PHYLINK_DEV operation type
In the PHYLINK_DEV operation type, the PHYLINK infrastructure can work
without an attached net_device. For printing usecases, instead, a struct
device * should be passed to PHYLINK using the phylink_config structure.
Also, netif_carrier_* calls ar guarded by the presence of a valid
net_device. When using the PHYLINK_DEV operation type, we cannot check
link status using the netif_carrier_ok() API so instead, keep an
internal state of the MAC and call mac_link_{down,up} only when the link
changed.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ioana Ciornei [Tue, 28 May 2019 17:38:12 +0000 (20:38 +0300)]
net: phylink: Add struct phylink_config to PHYLINK API
The phylink_config structure will encapsulate a pointer to a struct
device and the operation type requested for this instance of PHYLINK.
This patch does not make any functional changes, it just transitions the
PHYLINK internals and all its users to the new API.
A pointer to a phylink_config structure will be passed to
phylink_create() instead of the net_device directly. Also, the same
phylink_config pointer will be passed back to all phylink_mac_ops
callbacks instead of the net_device. Using this mechanism, a PHYLINK
user can get the original net_device using a structure such as
'to_net_dev(config->dev)' or directly the structure containing the
phylink_config using a container_of call.
At the moment, only the PHYLINK_NETDEV is defined as a valid operation
type for PHYLINK. In this mode, a valid reference to a struct device
linked to the original net_device should be passed to PHYLINK through
the phylink_config structure.
This API changes is mainly driven by the necessity of adding a new
operation type in PHYLINK that disconnects the phy_device from the
net_device and also works when the net_device is lacking.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Tested-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ioana Ciornei [Tue, 28 May 2019 17:38:11 +0000 (20:38 +0300)]
net: phylink: Add phylink_mac_link_{up, down} wrapper functions
This is a cosmetic patch that reduces the clutter in phylink_resolve
around calling the .mac_link_up/.mac_link_down driver callbacks. In a
further patch this logic will be extended to emit notifications in case
a net device does not exist.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ioana Ciornei [Tue, 28 May 2019 17:38:10 +0000 (20:38 +0300)]
net: phy: Add phy_standalone sysfs entry
Export a phy_standalone device attribute that is meant to give the
indication that this PHY lacks an attached_dev and its corresponding
sysfs link. The attribute will be created only when the
phy_attach_direct() function will be called with a NULL net_device.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ioana Ciornei [Tue, 28 May 2019 17:38:09 +0000 (20:38 +0300)]
net: phy: Check against net_device being NULL
In general, we don't want MAC drivers calling phy_attach_direct with the
net_device being NULL. Add checks against this in all the functions
calling it: phy_attach() and phy_connect_direct().
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Suggested-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ioana Ciornei [Tue, 28 May 2019 17:38:08 +0000 (20:38 +0300)]
net: phy: Guard against the presence of a netdev
A prerequisite for PHYLIB to work in the absence of a struct net_device
is to not access pointers to it.
Changes are needed in the following areas:
- Printing: In some places netdev_err was replaced with phydev_err.
- Incrementing reference count to the parent MDIO bus driver: If there
is no net device, then the reference count should definitely be
incremented since there is no chance that it was an Ethernet driver
who registered the MDIO bus.
- Sysfs links are not created in case there is no attached_dev.
- No netif_carrier_off is done if there is no attached_dev.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vladimir Oltean [Tue, 28 May 2019 17:38:07 +0000 (20:38 +0300)]
net: phy: Add phy_sysfs_create_links helper function
This is a cosmetic patch that wraps the operation of creating sysfs
links between the netdev->phydev and the phydev->attached_dev.
This is needed to keep the indentation level in check in a follow-up
patch where this function will be guarded against the existence of a
phydev->attached_dev.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kevin 'ldir' Darbyshire-Bryant [Tue, 28 May 2019 17:03:50 +0000 (17:03 +0000)]
net: sched: Introduce act_ctinfo action
ctinfo is a new tc filter action module. It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths. At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.
The DSCP restore mode:
This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.
The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links. Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.
Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway. Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.
Parameters related to DSCP restore mode:
dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.
statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask. This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set. This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP. A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)
e.g. dscpmask 0xfc000000 statemask 0x01000000
|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP | unused | flag |unused |
|-----------------------0x01---000000---|
| |
| |
---| Conditional flag
v only restore if set
|-ip diffserv-|
| 6 bits |
|-------------|
The skb mark restore mode (cpmark):
This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.
Parameters related to skb mark restore mode:
mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration. This can be useful where the conntrack
mark is being used for different purposes by different applications. If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)
e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.
|----0x00----conntrack mark----ffffff---|
| Bits 31-24 | |
| DSCP & flag| some value here |
|---------------------------------------|
|
|
v
|------------skb mark-------------------|
| | |
| zeroed | |
|---------------------------------------|
Overall parameters:
zone - conntrack zone
control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Heiner Kallweit [Tue, 28 May 2019 16:43:46 +0000 (18:43 +0200)]
r8169: remove 1000/Half from supported modes
MAC on the GBit versions supports 1000/Full only, however the PHY
partially claims to support 1000/Half. So let's explicitly remove
this mode.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Joergen Andreasen [Tue, 28 May 2019 12:49:17 +0000 (14:49 +0200)]
net: mscc: ocelot: Implement port policers via tc command
Hardware offload of matchall classifier and police action are now
supported via the tc command.
Supported police parameters are: rate and burst.
Example:
Add:
tc qdisc add dev eth3 handle ffff: ingress
tc filter add dev eth3 parent ffff: prio 1 handle 2 \
matchall skip_sw \
action police rate 100Mbit burst 10000
Show:
tc -s -d qdisc show dev eth3
tc -s -d filter show dev eth3 ingress
Delete:
tc filter del dev eth3 parent ffff: prio 1
tc qdisc del dev eth3 handle ffff: ingress
Signed-off-by: Joergen Andreasen <joergen.andreasen@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Wed, 29 May 2019 21:51:23 +0000 (14:51 -0700)]
Merge branch '100GbE' of git://git./linux/kernel/git/jkirsher/next-queue
Jeff Kirsher says:
====================
100GbE Intel Wired LAN Driver Updates 2019-05-29
This series contains updates to ice driver only.
Bruce cleans up white space issues and fixes complaints about using
bitop assignments using operands of different sizes.
Anirudh cleans up code that is no longer needed now that the firmware
supports the functionality. Adds support for ethtool selftestto the ice
driver, which includes testing link, interrupts, eeprom, registers and
packet loopback. Also, cleaned up duplicate code.
Tony implements support for toggling receive VLAN filter via ethtool.
Brett bumps up the minimum receive descriptor count per queue to resolve
dropped packets. Refactored the interrupt tracking for the ice driver
to resolve issues seen with the co-existence of features and SR-IOV, so
instead of having a hardware IRQ tracker and a software IRQ tracker,
simply use one tracker. Also adds a helper function to trigger software
interrupts.
Mitch changes how Malicious Driver Detection (MDD) events are handled,
to ensure all VFs checked for MDD events and just log the event instead
of disabling the VF, which was preventing proper release of resources if
the VF is rebooted or the VF driver reloaded.
Dave cleans up a redundant call to register LLDP MIB change events.
Dan adds support to retrieve the current setting of firmware logging
from the hardware to properly initialize the hardware structure.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
YueHaibing [Tue, 28 May 2019 09:10:40 +0000 (17:10 +0800)]
net: stmmac: Fix build error without CONFIG_INET
Fix gcc build error while CONFIG_INET is not set
drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.o: In function `__stmmac_test_loopback':
stmmac_selftests.c:(.text+0x8ec): undefined reference to `ip_send_check'
stmmac_selftests.c:(.text+0xacc): undefined reference to `udp4_hwcsum'
Add CONFIG_INET dependency to fix this.
Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes:
091810dbded9 ("net: stmmac: Introduce selftests support")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>