1. 26 Sep, 2019 1 commit
  2. 21 May, 2019 1 commit
  3. 24 Mar, 2019 1 commit
  4. 18 Mar, 2019 1 commit
  5. 26 Feb, 2019 1 commit
  6. 14 Feb, 2019 1 commit
  7. 12 Feb, 2019 1 commit
  8. 08 Feb, 2019 1 commit
    • Daniel Borkmann's avatar
      ipvlan: decouple l3s mode dependencies from other modes · c675e06a
      Daniel Borkmann authored
      
      
      Right now ipvlan has a hard dependency on CONFIG_NETFILTER and
      otherwise it cannot be built. However, the only ipvlan operation
      mode that actually depends on netfilter is l3s, everything else
      is independent of it. Break this hard dependency such that users
      are able to use ipvlan l3 mode on systems where netfilter is not
      compiled in.
      
      Therefore, this adds a hidden CONFIG_IPVLAN_L3S bool which is
      defaulting to y when CONFIG_NETFILTER is set in order to retain
      existing behavior for l3s. All l3s related code is refactored
      into ipvlan_l3s.c that is compiled in when enabled.
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Cc: Mahesh Bandewar <maheshb@google.com>
      Cc: Florian Westphal <fw@strlen.de>
      Cc: Martynas Pumputis <m@lambda.lt>
      Acked-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c675e06a
  9. 18 Jan, 2019 1 commit
  10. 05 Dec, 2018 1 commit
  11. 29 May, 2018 2 commits
    • Sridhar Samudrala's avatar
      virtio_net: Extend virtio to use VF datapath when available · ba5e4426
      Sridhar Samudrala authored
      This patch enables virtio_net to switch over to a VF datapath when STANDBY
      feature is enabled and a VF netdev is present with the same MAC address.
      It allows live migration of a VM with a direct attached VF without the need
      to setup a bond/team between a VF and virtio net device in the guest.
      
      It uses the API that is exported by the net_failover driver to create and
      and destroy a master failover netdev. When STANDBY feature is enabled, an
      additional netdev(failover netdev) is created that acts as a master device
      and tracks the state of the 2 lower netdevs. The original virtio_net netdev
      is marked as 'standby' netdev and a passthru device with the same MAC is
      registered as 'primary' netdev.
      
      The hypervisor needs to unplug the VF device from the guest on the source
      host and reset the MAC filter of the VF to initiate failover of datapath
      to virtio before starting the migration. After the migration is completed,
      the destination hypervisor sets the MAC filter on the VF and plugs it back
      to the guest to switch over to VF datapath.
      
      This patch is based on the discussion initiated by Jesse on this thread.
      https://marc.info/?l=linux-virtualization&m=151189725224231&w=2
      
      Signed-off-by: default avatarSridhar Samudrala <sridhar.samudrala@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ba5e4426
    • Sridhar Samudrala's avatar
      net: Introduce net_failover driver · cfc80d9a
      Sridhar Samudrala authored
      
      
      The net_failover driver provides an automated failover mechanism via APIs
      to create and destroy a failover master netdev and manages a primary and
      standby slave netdevs that get registered via the generic failover
      infrastructure.
      
      The failover netdev acts a master device and controls 2 slave devices. The
      original paravirtual interface gets registered as 'standby' slave netdev and
      a passthru/vf device with the same MAC gets registered as 'primary' slave
      netdev. Both 'standby' and 'failover' netdevs are associated with the same
      'pci' device. The user accesses the network interface via 'failover' netdev.
      The 'failover' netdev chooses 'primary' netdev as default for transmits when
      it is available with link up and running.
      
      This can be used by paravirtual drivers to enable an alternate low latency
      datapath. It also enables hypervisor controlled live migration of a VM with
      direct attached VF by failing over to the paravirtual datapath when the VF
      is unplugged.
      Signed-off-by: default avatarSridhar Samudrala <sridhar.samudrala@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cfc80d9a
  12. 27 Apr, 2018 1 commit
  13. 29 Mar, 2018 1 commit
    • David Ahern's avatar
      netdevsim: Add simple FIB resource controller via devlink · 37923ed6
      David Ahern authored
      
      
      Add devlink support to netdevsim and use it to implement a simple,
      profile based resource controller. Only one controller is needed
      per namespace, so the first netdevsim netdevice in a namespace
      registers with devlink. If that device is deleted, the resource
      settings are deleted.
      
      The resource controller allows a user to limit the number of IPv4 and
      IPv6 FIB entries and FIB rules. The resource paths are:
          /IPv4
          /IPv4/fib
          /IPv4/fib-rules
          /IPv6
          /IPv6/fib
          /IPv6/fib-rules
      
      The IPv4 and IPv6 top level resources are unlimited in size and can not
      be changed. From there, the number of FIB entries and FIB rule entries
      are unlimited by default. A user can specify a limit for the fib and
      fib-rules resources:
      
          $ devlink resource set netdevsim/netdevsim0 path /IPv4/fib size 96
          $ devlink resource set netdevsim/netdevsim0 path /IPv4/fib-rules size 16
          $ devlink resource set netdevsim/netdevsim0 path /IPv6/fib size 64
          $ devlink resource set netdevsim/netdevsim0 path /IPv6/fib-rules size 16
          $ devlink dev reload netdevsim/netdevsim0
      
      such that the number of rules or routes is limited (96 ipv4 routes in the
      example above):
          $ for n in $(seq 1 32); do ip ro add 10.99.$n.0/24 dev eth1; done
          Error: netdevsim: Exceeded number of supported fib entries.
      
          $ devlink resource show netdevsim/netdevsim0
          netdevsim/netdevsim0:
            name IPv4 size unlimited unit entry size_min 0 size_max unlimited size_gran 1 dpipe_tables non
              resources:
                name fib size 96 occ 96 unit entry size_min 0 size_max unlimited size_gran 1 dpipe_tables
          ...
      
      With this template in place for resource management, it is fairly trivial
      to extend and shows one way to implement a simple counter based resource
      controller typical of network profiles.
      
      Currently, devlink only supports initial namespace. Code is in place to
      adapt netdevsim to a per namespace controller once the network namespace
      issues are resolved.
      Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      37923ed6
  14. 27 Feb, 2018 1 commit
    • Arnd Bergmann's avatar
      ipvlan: fix building with modular IPV6 · 7f897db3
      Arnd Bergmann authored
      We no longer depend on IPV6, but that now causes a link error with
      CONFIG_IPV6=m and CONFIG_IPVLAN=y:
      
      drivers/net/ipvlan/ipvlan_core.o: In function `ipvlan_queue_xmit':
      ipvlan_core.c:(.text+0x1440): undefined reference to `ip6_route_output_flags'
      drivers/net/ipvlan/ipvlan_core.o: In function `ipvlan_l3_rcv':
      ipvlan_core.c:(.text+0x1818): undefined reference to `ip6_route_input_lookup'
      
      This adds back the dependency on IPV6, with the option of building without
      IPV6, but forcing IPVLAN to be a module when IPV6 is a module.
      
      Fixes: 94333fac
      
       ("ipvlan: drop ipv6 dependency")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7f897db3
  15. 21 Feb, 2018 2 commits
  16. 02 Dec, 2017 1 commit
  17. 02 Oct, 2017 1 commit
  18. 24 Aug, 2017 1 commit
  19. 24 Apr, 2017 1 commit
  20. 17 Feb, 2017 1 commit
    • Arnd Bergmann's avatar
      vmxnet3: prevent building with 64K pages · fbdf0e28
      Arnd Bergmann authored
      
      
      I got a warning about broken code on ARM64 with 64K pages:
      
      drivers/net/vmxnet3/vmxnet3_drv.c: In function 'vmxnet3_rq_init':
      drivers/net/vmxnet3/vmxnet3_drv.c:1679:29: error: large integer implicitly truncated to unsigned type [-Werror=overflow]
          rq->buf_info[0][i].len = PAGE_SIZE;
      
      'len' here is a 16-bit integer, so this clearly won't work. I don't think
      this driver is used much on anything other than x86, so there is no need
      to fix this properly and we can work around it with a Kconfig dependency
      to forbid known-broken configurations. qemu in theory supports it on
      other architectures too, but presumably only for compatibility with x86
      guests that also run on vmware.
      
      CONFIG_PAGE_SIZE_64KB is used on hexagon, mips, sh and tile, the other
      symbols are architecture-specific names for the same thing.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fbdf0e28
  21. 12 Feb, 2017 2 commits
  22. 08 Feb, 2017 1 commit
  23. 21 Sep, 2016 1 commit
  24. 19 Sep, 2016 1 commit
    • Mahesh Bandewar's avatar
      ipvlan: Introduce l3s mode · 4fbae7d8
      Mahesh Bandewar authored
      
      
      In a typical IPvlan L3 setup where master is in default-ns and
      each slave is into different (slave) ns. In this setup egress
      packet processing for traffic originating from slave-ns will
      hit all NF_HOOKs in slave-ns as well as default-ns. However same
      is not true for ingress processing. All these NF_HOOKs are
      hit only in the slave-ns skipping them in the default-ns.
      IPvlan in L3 mode is restrictive and if admins want to deploy
      iptables rules in default-ns, this asymmetric data path makes it
      impossible to do so.
      
      This patch makes use of the l3_rcv() (added as part of l3mdev
      enhancements) to perform input route lookup on RX packets without
      changing the skb->dev and then uses nf_hook at NF_INET_LOCAL_IN
      to change the skb->dev just before handing over skb to L4.
      Signed-off-by: default avatarMahesh Bandewar <maheshb@google.com>
      CC: David Ahern <dsa@cumulusnetworks.com>
      Reviewed-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4fbae7d8
  25. 10 May, 2016 1 commit
  26. 26 Apr, 2016 1 commit
  27. 17 Apr, 2016 1 commit
    • Arnd Bergmann's avatar
      macsec: fix crypto Kconfig dependency · ab2ed017
      Arnd Bergmann authored
      
      
      The new MACsec driver uses the AES crypto algorithm, but can be configured
      even if CONFIG_CRYPTO is disabled, leading to a build error:
      
      warning: (MAC80211 && MACSEC) selects CRYPTO_GCM which has unmet direct dependencies (CRYPTO)
      warning: (BT && CEPH_LIB && INET && MAC802154 && MAC80211 && BLK_DEV_RBD && MACSEC && AIRO_CS && LIBIPW && HOSTAP && USB_WUSB && RTLLIB_CRYPTO_CCMP && FS_ENCRYPTION && EXT4_ENCRYPTION && CEPH_FS && BIG_KEYS && ENCRYPTED_KEYS) selects CRYPTO_AES which has unmet direct dependencies (CRYPTO)
      crypto/built-in.o: In function `gcm_enc_copy_hash':
      aes_generic.c:(.text+0x2b8): undefined reference to `crypto_xor'
      aes_generic.c:(.text+0x2dc): undefined reference to `scatterwalk_map_and_copy'
      
      This adds an explicit 'select CRYPTO' statement the way that other
      drivers handle it.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: c09440f7
      
       ("macsec: introduce IEEE 802.1AE driver")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ab2ed017
  28. 14 Mar, 2016 1 commit
  29. 13 Oct, 2015 1 commit
  30. 30 Sep, 2015 1 commit
  31. 27 Aug, 2015 1 commit
  32. 24 Aug, 2015 1 commit
  33. 20 Aug, 2015 1 commit
  34. 14 Aug, 2015 1 commit
    • David Ahern's avatar
      net: Introduce VRF device driver · 193125db
      David Ahern authored
      
      
      This driver borrows heavily from IPvlan and teaming drivers.
      
      Routing domains (VRF-lite) are created by instantiating a VRF master
      device with an associated table and enslaving all routed interfaces that
      participate in the domain. As part of the enslavement, all connected
      routes for the enslaved devices are moved to the table associated with
      the VRF device. Outgoing sockets must bind to the VRF device to function.
      
      Standard FIB rules bind the VRF device to tables and regular fib rule
      processing is followed. Routed traffic through the box, is forwarded by
      using the VRF device as the IIF and following the IIF rule to a table
      that is mated with the VRF.
      
      Example:
      
         Create vrf 1:
           ip link add vrf1 type vrf table 5
           ip rule add iif vrf1 table 5
           ip rule add oif vrf1 table 5
           ip route add table 5 prohibit default
           ip link set vrf1 up
      
         Add interface to vrf 1:
           ip link set eth1 master vrf1
      Signed-off-by: default avatarShrijeet Mukherjee <shm@cumulusnetworks.com>
      Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      193125db
  35. 02 Jul, 2015 1 commit
  36. 01 Jun, 2015 1 commit
  37. 13 May, 2015 1 commit