1. 29 May, 2018 1 commit
    • Sridhar Samudrala's avatar
      net: Introduce net_failover driver · cfc80d9a
      Sridhar Samudrala authored
      
      
      The net_failover driver provides an automated failover mechanism via APIs
      to create and destroy a failover master netdev and manages a primary and
      standby slave netdevs that get registered via the generic failover
      infrastructure.
      
      The failover netdev acts a master device and controls 2 slave devices. The
      original paravirtual interface gets registered as 'standby' slave netdev and
      a passthru/vf device with the same MAC gets registered as 'primary' slave
      netdev. Both 'standby' and 'failover' netdevs are associated with the same
      'pci' device. The user accesses the network interface via 'failover' netdev.
      The 'failover' netdev chooses 'primary' netdev as default for transmits when
      it is available with link up and running.
      
      This can be used by paravirtual drivers to enable an alternate low latency
      datapath. It also enables hypervisor controlled live migration of a VM with
      direct attached VF by failing over to the paravirtual datapath when the VF
      is unplugged.
      Signed-off-by: default avatarSridhar Samudrala <sridhar.samudrala@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cfc80d9a
  2. 27 Apr, 2018 1 commit
  3. 29 Mar, 2018 1 commit
    • David Ahern's avatar
      netdevsim: Add simple FIB resource controller via devlink · 37923ed6
      David Ahern authored
      
      
      Add devlink support to netdevsim and use it to implement a simple,
      profile based resource controller. Only one controller is needed
      per namespace, so the first netdevsim netdevice in a namespace
      registers with devlink. If that device is deleted, the resource
      settings are deleted.
      
      The resource controller allows a user to limit the number of IPv4 and
      IPv6 FIB entries and FIB rules. The resource paths are:
          /IPv4
          /IPv4/fib
          /IPv4/fib-rules
          /IPv6
          /IPv6/fib
          /IPv6/fib-rules
      
      The IPv4 and IPv6 top level resources are unlimited in size and can not
      be changed. From there, the number of FIB entries and FIB rule entries
      are unlimited by default. A user can specify a limit for the fib and
      fib-rules resources:
      
          $ devlink resource set netdevsim/netdevsim0 path /IPv4/fib size 96
          $ devlink resource set netdevsim/netdevsim0 path /IPv4/fib-rules size 16
          $ devlink resource set netdevsim/netdevsim0 path /IPv6/fib size 64
          $ devlink resource set netdevsim/netdevsim0 path /IPv6/fib-rules size 16
          $ devlink dev reload netdevsim/netdevsim0
      
      such that the number of rules or routes is limited (96 ipv4 routes in the
      example above):
          $ for n in $(seq 1 32); do ip ro add 10.99.$n.0/24 dev eth1; done
          Error: netdevsim: Exceeded number of supported fib entries.
      
          $ devlink resource show netdevsim/netdevsim0
          netdevsim/netdevsim0:
            name IPv4 size unlimited unit entry size_min 0 size_max unlimited size_gran 1 dpipe_tables non
              resources:
                name fib size 96 occ 96 unit entry size_min 0 size_max unlimited size_gran 1 dpipe_tables
          ...
      
      With this template in place for resource management, it is fairly trivial
      to extend and shows one way to implement a simple counter based resource
      controller typical of network profiles.
      
      Currently, devlink only supports initial namespace. Code is in place to
      adapt netdevsim to a per namespace controller once the network namespace
      issues are resolved.
      Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      37923ed6
  4. 27 Feb, 2018 1 commit
    • Arnd Bergmann's avatar
      ipvlan: fix building with modular IPV6 · 7f897db3
      Arnd Bergmann authored
      We no longer depend on IPV6, but that now causes a link error with
      CONFIG_IPV6=m and CONFIG_IPVLAN=y:
      
      drivers/net/ipvlan/ipvlan_core.o: In function `ipvlan_queue_xmit':
      ipvlan_core.c:(.text+0x1440): undefined reference to `ip6_route_output_flags'
      drivers/net/ipvlan/ipvlan_core.o: In function `ipvlan_l3_rcv':
      ipvlan_core.c:(.text+0x1818): undefined reference to `ip6_route_input_lookup'
      
      This adds back the dependency on IPV6, with the option of building without
      IPV6, but forcing IPVLAN to be a module when IPV6 is a module.
      
      Fixes: 94333fac
      
       ("ipvlan: drop ipv6 dependency")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7f897db3
  5. 21 Feb, 2018 2 commits
  6. 02 Dec, 2017 1 commit
  7. 02 Oct, 2017 1 commit
  8. 24 Aug, 2017 1 commit
  9. 24 Apr, 2017 1 commit
  10. 17 Feb, 2017 1 commit
    • Arnd Bergmann's avatar
      vmxnet3: prevent building with 64K pages · fbdf0e28
      Arnd Bergmann authored
      
      
      I got a warning about broken code on ARM64 with 64K pages:
      
      drivers/net/vmxnet3/vmxnet3_drv.c: In function 'vmxnet3_rq_init':
      drivers/net/vmxnet3/vmxnet3_drv.c:1679:29: error: large integer implicitly truncated to unsigned type [-Werror=overflow]
          rq->buf_info[0][i].len = PAGE_SIZE;
      
      'len' here is a 16-bit integer, so this clearly won't work. I don't think
      this driver is used much on anything other than x86, so there is no need
      to fix this properly and we can work around it with a Kconfig dependency
      to forbid known-broken configurations. qemu in theory supports it on
      other architectures too, but presumably only for compatibility with x86
      guests that also run on vmware.
      
      CONFIG_PAGE_SIZE_64KB is used on hexagon, mips, sh and tile, the other
      symbols are architecture-specific names for the same thing.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fbdf0e28
  11. 12 Feb, 2017 2 commits
  12. 08 Feb, 2017 1 commit
  13. 21 Sep, 2016 1 commit
  14. 19 Sep, 2016 1 commit
    • Mahesh Bandewar's avatar
      ipvlan: Introduce l3s mode · 4fbae7d8
      Mahesh Bandewar authored
      
      
      In a typical IPvlan L3 setup where master is in default-ns and
      each slave is into different (slave) ns. In this setup egress
      packet processing for traffic originating from slave-ns will
      hit all NF_HOOKs in slave-ns as well as default-ns. However same
      is not true for ingress processing. All these NF_HOOKs are
      hit only in the slave-ns skipping them in the default-ns.
      IPvlan in L3 mode is restrictive and if admins want to deploy
      iptables rules in default-ns, this asymmetric data path makes it
      impossible to do so.
      
      This patch makes use of the l3_rcv() (added as part of l3mdev
      enhancements) to perform input route lookup on RX packets without
      changing the skb->dev and then uses nf_hook at NF_INET_LOCAL_IN
      to change the skb->dev just before handing over skb to L4.
      Signed-off-by: default avatarMahesh Bandewar <maheshb@google.com>
      CC: David Ahern <dsa@cumulusnetworks.com>
      Reviewed-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4fbae7d8
  15. 10 May, 2016 1 commit
  16. 26 Apr, 2016 1 commit
  17. 17 Apr, 2016 1 commit
    • Arnd Bergmann's avatar
      macsec: fix crypto Kconfig dependency · ab2ed017
      Arnd Bergmann authored
      
      
      The new MACsec driver uses the AES crypto algorithm, but can be configured
      even if CONFIG_CRYPTO is disabled, leading to a build error:
      
      warning: (MAC80211 && MACSEC) selects CRYPTO_GCM which has unmet direct dependencies (CRYPTO)
      warning: (BT && CEPH_LIB && INET && MAC802154 && MAC80211 && BLK_DEV_RBD && MACSEC && AIRO_CS && LIBIPW && HOSTAP && USB_WUSB && RTLLIB_CRYPTO_CCMP && FS_ENCRYPTION && EXT4_ENCRYPTION && CEPH_FS && BIG_KEYS && ENCRYPTED_KEYS) selects CRYPTO_AES which has unmet direct dependencies (CRYPTO)
      crypto/built-in.o: In function `gcm_enc_copy_hash':
      aes_generic.c:(.text+0x2b8): undefined reference to `crypto_xor'
      aes_generic.c:(.text+0x2dc): undefined reference to `scatterwalk_map_and_copy'
      
      This adds an explicit 'select CRYPTO' statement the way that other
      drivers handle it.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: c09440f7
      
       ("macsec: introduce IEEE 802.1AE driver")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ab2ed017
  18. 14 Mar, 2016 1 commit
  19. 13 Oct, 2015 1 commit
  20. 30 Sep, 2015 1 commit
  21. 27 Aug, 2015 1 commit
  22. 24 Aug, 2015 1 commit
  23. 20 Aug, 2015 1 commit
  24. 14 Aug, 2015 1 commit
    • David Ahern's avatar
      net: Introduce VRF device driver · 193125db
      David Ahern authored
      
      
      This driver borrows heavily from IPvlan and teaming drivers.
      
      Routing domains (VRF-lite) are created by instantiating a VRF master
      device with an associated table and enslaving all routed interfaces that
      participate in the domain. As part of the enslavement, all connected
      routes for the enslaved devices are moved to the table associated with
      the VRF device. Outgoing sockets must bind to the VRF device to function.
      
      Standard FIB rules bind the VRF device to tables and regular fib rule
      processing is followed. Routed traffic through the box, is forwarded by
      using the VRF device as the IIF and following the IIF rule to a table
      that is mated with the VRF.
      
      Example:
      
         Create vrf 1:
           ip link add vrf1 type vrf table 5
           ip rule add iif vrf1 table 5
           ip rule add oif vrf1 table 5
           ip route add table 5 prohibit default
           ip link set vrf1 up
      
         Add interface to vrf 1:
           ip link set eth1 master vrf1
      Signed-off-by: default avatarShrijeet Mukherjee <shm@cumulusnetworks.com>
      Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      193125db
  25. 02 Jul, 2015 1 commit
  26. 01 Jun, 2015 1 commit
  27. 13 May, 2015 1 commit
  28. 20 Feb, 2015 1 commit
  29. 06 Jan, 2015 1 commit
    • Pranith Kumar's avatar
      rcu: Make SRCU optional by using CONFIG_SRCU · 83fe27ea
      Pranith Kumar authored
      
      
      SRCU is not necessary to be compiled by default in all cases. For tinification
      efforts not compiling SRCU unless necessary is desirable.
      
      The current patch tries to make compiling SRCU optional by introducing a new
      Kconfig option CONFIG_SRCU which is selected when any of the components making
      use of SRCU are selected.
      
      If we do not select CONFIG_SRCU, srcu.o will not be compiled at all.
      
         text    data     bss     dec     hex filename
         2007       0       0    2007     7d7 kernel/rcu/srcu.o
      
      Size of arch/powerpc/boot/zImage changes from
      
         text    data     bss     dec     hex filename
       831552   64180   23944  919676   e087c arch/powerpc/boot/zImage : before
       829504   64180   23952  917636   e0084 arch/powerpc/boot/zImage : after
      
      so the savings are about ~2000 bytes.
      Signed-off-by: default avatarPranith Kumar <bobby.prani@gmail.com>
      CC: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
      CC: Josh Triplett <josh@joshtriplett.org>
      CC: Lai Jiangshan <laijs@cn.fujitsu.com>
      Signed-off-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      [ paulmck: resolve conflict due to removal of arch/ia64/kvm/Kconfig. ]
      83fe27ea
  30. 30 Nov, 2014 1 commit
  31. 24 Nov, 2014 1 commit
    • Mahesh Bandewar's avatar
      ipvlan: Initial check-in of the IPVLAN driver. · 2ad7bf36
      Mahesh Bandewar authored
      
      
      This driver is very similar to the macvlan driver except that it
      uses L3 on the frame to determine the logical interface while
      functioning as packet dispatcher. It inherits L2 of the master
      device hence the packets on wire will have the same L2 for all
      the packets originating from all virtual devices off of the same
      master device.
      
      This driver was developed keeping the namespace use-case in
      mind. Hence most of the examples given here take that as the
      base setup where main-device belongs to the default-ns and
      virtual devices are assigned to the additional namespaces.
      
      The device operates in two different modes and the difference
      in these two modes in primarily in the TX side.
      
      (a) L2 mode : In this mode, the device behaves as a L2 device.
      TX processing upto L2 happens on the stack of the virtual device
      associated with (namespace). Packets are switched after that
      into the main device (default-ns) and queued for xmit.
      
      RX processing is simple and all multicast, broadcast (if
      applicable), and unicast belonging to the address(es) are
      delivered to the virtual devices.
      
      (b) L3 mode : In this mode, the device behaves like a L3 device.
      TX processing upto L3 happens on the stack of the virtual device
      associated with (namespace). Packets are switched to the
      main-device (default-ns) for the L2 processing. Hence the routing
      table of the default-ns will be used in this mode.
      
      RX processins is somewhat similar to the L2 mode except that in
      this mode only Unicast packets are delivered to the virtual device
      while main-dev will handle all other packets.
      
      The devices can be added using the "ip" command from the iproute2
      package -
      
      	ip link add link <master> <virtual> type ipvlan mode [ l2 | l3 ]
      Signed-off-by: default avatarMahesh Bandewar <maheshb@google.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Maciej Żenczykowski <maze@google.com>
      Cc: Laurent Chavey <chavey@google.com>
      Cc: Tim Hockin <thockin@google.com>
      Cc: Brandon Philips <brandon.philips@coreos.com>
      Cc: Pavel Emelianov <xemul@parallels.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2ad7bf36
  32. 31 Oct, 2014 1 commit
  33. 07 Oct, 2014 1 commit
    • Andy Zhou's avatar
      openvswitch: fix a compilation error when CONFIG_INET is not setW! · 7c5df8fa
      Andy Zhou authored
      
      
      Fix a openvswitch compilation error when CONFIG_INET is not set:
      
      =====================================================
         In file included from include/net/geneve.h:4:0,
                             from net/openvswitch/flow_netlink.c:45:
      		          include/net/udp_tunnel.h: In function 'udp_tunnel_handle_offloads':
      			  >> include/net/udp_tunnel.h:100:2: error: implicit declaration of function 'iptunnel_handle_offloads' [-Werror=implicit-function-declaration]
      			  >>      return iptunnel_handle_offloads(skb, udp_csum, type);
      			  >>           ^
      			  >>           >> include/net/udp_tunnel.h:100:2: warning: return makes pointer from integer without a cast
      			  >>           >>    cc1: some warnings being treated as errors
      
      =====================================================
      Reported-by: default avatarkbuild test robot <fengguang.wu@intel.com>
      Signed-off-by: default avatarAndy Zhou <azhou@nicira.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7c5df8fa
  34. 14 Jul, 2014 1 commit
  35. 17 Mar, 2014 1 commit
    • Eric W. Biederman's avatar
      netpoll: Remove dead packet receive code (CONFIG_NETPOLL_TRAP) · 9c62a68d
      Eric W. Biederman authored
      
      
      The netpoll packet receive code only becomes active if the netpoll
      rx_skb_hook is implemented, and there is not a single implementation
      of the netpoll rx_skb_hook in the kernel.
      
      All of the out of tree implementations I have found all call
      netpoll_poll which was removed from the kernel in 2011, so this
      change should not add any additional breakage.
      
      There are problems with the netpoll packet receive code.  __netpoll_rx
      does not call dev_kfree_skb_irq or dev_kfree_skb_any in hard irq
      context.  netpoll_neigh_reply leaks every skb it receives.  Reception
      of packets does not work successfully on stacked devices (aka bonding,
      team, bridge, and vlans).
      
      Given that the netpoll packet receive code is buggy, there are no
      out of tree users that will be merged soon, and the code has
      not been used for in tree for a decade let's just remove it.
      
      Reverting this commit can server as a starting point for anyone
      who wants to resurrect netpoll packet reception support.
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9c62a68d
  36. 13 Feb, 2014 1 commit
  37. 18 Jan, 2014 1 commit
  38. 24 Jun, 2013 1 commit
    • Daniel Borkmann's avatar
      packet: nlmon: virtual netlink monitoring device for packet sockets · e4fc408e
      Daniel Borkmann authored
      Currently, there is no good possibility to debug netlink traffic that
      is being exchanged between kernel and user space. Therefore, this patch
      implements a netlink virtual device, so that netlink messages will be
      made visible to PF_PACKET sockets. Once there was an approach with a
      similar idea [1], but it got forgotten somehow.
      
      I think it makes most sense to accept the "overhead" of an extra netlink
      net device over implementing the same functionality from PF_PACKET
      sockets once again into netlink sockets. We have BPF filters that can
      already be easily applied which even have netlink extensions, we have
      RX_RING zero-copy between kernel- and user space that can be reused,
      and much more features. So instead of re-implementing all of this, we
      simply pass the skb to a given PF_PACKET socket for further analysis.
      
      Another nice benefit that comes from that is that no code needs to be
      changed in user space packet analyzers (maybe adding a dissector, but
      not more), thus out of the box, we can already capture pcap files of
      netlink traffic to debug/troubleshoot netlink problems.
      
      Also thanks goes to Thomas Graf, Flavio Leitner, Jesper Dangaard Brouer.
      
       [1] http://marc.info/?l=linux-netdev&m=113813401516110
      
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e4fc408e