Commit Graph

651321 Commits

Author SHA1 Message Date
Shannon Nelson 2493b842f2 sunvnet: make sunvnet common code dynamically loadable
When the sunvnet_common code was split out for use by both sunvnet
and the newer ldmvsw, it was made into a static kernel library, which
limits the usefulness of sunvnet and ldmvsw as loadables, since most
of the real work is being done in the shared code.  Also, this is
simply dead code in kernels that aren't running the LDoms.

This patch makes the sunvnet_common into a dynamically loadable
module and makes sunvnet and ldmvsw dependent on sunvnet_common.

Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-14 13:04:08 -05:00
David S. Miller bd08b532f4 Merge branch 'sfc-bogus-interrupt-mode-fallbacks'
Edward Cree says:

====================
sfc: prevent bogus interrupt-mode fallbacks

EF10 VFs only support MSI-X interrupts, not MSI or legacy.  This series
 stops the probe logic from trying to fallback to those if MSI-X interrupt
 probe fails.  It also prevents selecting them with the interrupt_mode
 module parameter.
This avoids producing messages like "failed to hook legacy IRQ 0" and "IRQ
 handler type mismatch for IRQ 0", and ensures that the relevant error
 (from the attempt to enable MSI-X) is reported to the caller.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-14 12:43:19 -05:00
Andrew Rybchenko 62980cb6dd sfc: only fall back to a lower interrupt mode if it is supported
If we fail to probe interrupts with our minimum mode, return that error.

Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-14 12:43:18 -05:00
Andrew Rybchenko 6f9f6ec2e0 sfc: MSI-X is the only interrupt mode for EF10 VFs
Add min_interrupt_mode specification per NIC type.
It is a bit confusing because of "highest interrupt mode is less capable".

Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-14 12:43:18 -05:00
David S. Miller 9b8e1056db Merge branch 'bridge-fdb-minor-cleanup'
Nikolay Aleksandrov says:

====================
bridge: minor fdb cleanup

These patches aim to simplify the bridge fdb API a little by removing some
redundant functions and converting them into wrappers of a single function.
Also add proper lock checking to avoid future mistakes for the search
functions.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-14 12:41:04 -05:00
Nikolay Aleksandrov 5019ab50f2 bridge: fdb: converge fdb_delete_by functions into one
We can simplify the logic of entries pointing to the bridge by
converging the fdb_delete_by functions, this would allow us to use the
same function for both cases since the fdb's dst is set to NULL if it is
pointing to the bridge thus we can always check for a port match.

Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-14 12:41:03 -05:00
Nikolay Aleksandrov 410b3d48f5 bridge: fdb: add proper lock checks in searching functions
In order to avoid new errors add checks to br_fdb_find and fdb_find_rcu
functions. The first requires hash_lock, the second obviously RCU.

Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-14 12:41:03 -05:00
Nikolay Aleksandrov bfd0aeac52 bridge: fdb: converge fdb searching functions into one
Before this patch we had 3 different fdb searching functions which was
confusing. This patch reduces all of them to one - fdb_find_rcu(), and
two flavors: br_fdb_find() which requires hash_lock and br_fdb_find_rcu
which requires RCU. This makes it clear what needs to be used, we also
remove two abusers of __br_fdb_get which called it under hash_lock and
replace them with br_fdb_find().

Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-14 12:41:02 -05:00
Volodymyr Bendiuga 91eaa475e2 net:dsa:mv88e6xxx: use watchdog ops for 6097 chip
mv88e6097 chip requires watchdog_ops to be set.

Signed-off-by: Volodymyr Bendiuga <volodymyr.bendiuga@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-14 11:45:28 -05:00
Jiri Pirko d7cf52c249 sched: Fix accidental removal of errout goto
Bring back the goto that was removed by accident.

Reported-by: Colin Ian King <colin.king@canonical.com>
Fixes: 40c81b25b1 ("sched: check negative err value to safe one level of indent")
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-14 11:44:14 -05:00
Dan Carpenter 2194bd1080 net: qcom/emac: fix a sizeof() typo
We had intended to say "sizeof(u32)" but the "u" is missing.
Fortunately, sizeof(32) is also 4, so the original code still works.

Fixes: c4e7beea21 ("net: qcom/emac: add ethtool support for reading hardware registers")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Timur Tabi <timur@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-13 22:24:35 -05:00
Christophe Jaillet e9ea828f62 net: fs_enet: Simplify code
There is no need to use an intermediate variable to handle an error code
in this case.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-13 22:24:31 -05:00
Christophe Jaillet 1f8f1e89e0 net: fs_enet: Fix an error handling path
'of_node_put(fpi->phy_node)' should also be called if we branch to
'out_deregister_fixed_link' error handling path.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-13 22:24:31 -05:00
David S. Miller c3d8103bc0 RxRPC rewrite
-----BEGIN PGP SIGNATURE-----
 
 iQIVAwUAWJ3sKfSw1s6N8H32AQLYMw//ViDsOuAu/NwJXW86Xzgh/pRtjOC1481j
 AaonMTY1c5WbXN8cFEthst6GERL4BBVV3goF758SJZgnTJSrT4HwYFE1J2Tf0Pc+
 Z8UTUoaAhvDl+wVWlKCJ+XaZb5i6+FpnPpnm8F6noQ/Lv3F1LpTWqdybBquGhZ07
 K+izTo2isXBhplRVPHfyXyExgpHHHXQpKIW2FVYD/OJ1+/WMUIuep7e98fyO7lcI
 5ROA29YzdjdRJP9AZbqd8uFcJA4tBcwSP5yt6sUGOW52ncYYUCVuK0Q9H9LvFMJG
 WQm3NhXCt4sTGyHsghcpetp2Jccz+Tk/547HJRqbsb6XznxROENUx4L5hS1YthFM
 WbB24rmV5fWchNW5hkGTPOyapjdZujoAlr6JzXawvcx2u9Xdyf/1nO47gCvQBdtg
 eyrYpNpKp/CUzrMa1tl8pFK/DbPWCPeDnuZOfygvoCVJaTa15Q59KPItxHrO/p5i
 Vj3ExFdVWnDyLmol3U4ffENAuVvSy2xaQhmLVJt6u/npltGD6oq45XFia2naMw5L
 ShXTmQh5/dspORrNsVEHh0M6ZVCSlpPQwLyAoIP1+D14+5V035ebzgOOounOhsOa
 Zf+mvPfp5yq1BJqsBWTx8qoC+jrSYMYIiRi030+xgu6pXe7t7xPIxHOTjS2X8RCZ
 ERlnE3qonXY=
 =ol7H
 -----END PGP SIGNATURE-----

Merge tag 'rxrpc-rewrite-20170210' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs

David Howells says:

====================
afs: Use system UUID generation

There is now a general function for generating a UUID and AFS should make
use of it.  It's also been recommended to me that I switch to using random
rather than time plus MAC address-based UUIDs which this function does.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-13 22:24:16 -05:00
Tobias Klauser fb585b4438 net: make net_device members garp_port and mrp_port conditional
garp_port is only used in net/802/garp.c which is only compiled with
CONFIG_GARP enabled. Same goes for mrp_port which is only used in
net/802/mrp.c with CONFIG_MRP enabled.

Only include the two members in struct net_device if their respective
CONFIG_* is enabled. This saves a few bytes in struct net_device in case
CONFIG_GARP or CONFIG_MRP are not enabled.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-13 22:23:39 -05:00
Eric Dumazet 37fabbf4d4 net: busy-poll: remove LL_FLUSH_FAILED and LL_FLUSH_BUSY
Commit 79e7fff47b ("net: remove support for per driver
ndo_busy_poll()") made them obsolete.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-13 22:23:39 -05:00
David S. Miller 417d18d38b Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue
Jeff Kirsher says:

====================
40GbE Intel Wired LAN Driver Updates 2017-02-11

This series contains updates to i40e and i40evf only.

Jake makes a minor change to prevent a minor bit of work, if it is not
necessary.  In the case where we do not have a client, there is no need
to check the client params, so move the check till after we have ensured
we have a client.  Correct a code comment which incorrectly implied
that raw_packet buffers were freed in i40e_clean_tx_ring(), so fixed
the code comment to better explain where memory is freed.  Reduce the
severity and frequency of the message notifying we cleared the receive
timestamp register, since the logic has a much better detection scheme
that could detect a stalled receive timestamp register.  The improved
logic was actually causing the notification message to occur more
frequently and was giving the user a false perception that a timestamp
event was missed for a valid packet, so reduce the severity from
dev_warn to dev_dbg and only fire off the message when 3 or 4 of the
RXTIME registers are stalled and get cleared within the same
watchdog event.  Fixed a bug, where we were modifying the mac_filter
outside a lock when handling the addition of broadcast filters.  Fix
this by updating i40e_update_filter_state logic so that it knows to
avoid broadcast filters, which ensures that we do not have to remove
the filter separately and can put it back using the normal flow.
Refactored how we add new filters to firmware to avoid a race condition
that can occur due to removing filters from the hash temporarily.

Mitch adds a sleep (without timeout) so that we wait for a reply from
the PF before we continue, since the iWarp client cannot continue until
the operation is completed.  Fixed up a function which could never
return an error, to be void and cleaned up the checking of the now
null and void return value.

Scott limits the DMA sync to CPU to the actual length of the incoming
packet, versus the syncing of the entire buffer.  Also reduces the
receive buffer struct (by a single pointer) and align the driver to be
more consistent with other Intel drivers with respect to packets that
span buffers.

Sudheer adds a field to track the bus number info and modified log
statements to print bus, device and function information.

Henry adds the ability to store the FEC status bits from the link up
event.  Also adds the ethtool support for FEC capabilities and 25G
link types.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-13 22:23:23 -05:00
Pavel Belous 8f9000a565 net:ethernet:aquantia: Add 2500/5000 mbit link modes support.
Using new link mode indices instead deprecated SUPPORTED_/ADVERTISED_
macro.

Added indication for 2500 and 5000mbit link modes (AQtion adapter already
supports these speeds).

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-13 12:25:52 -05:00
David S. Miller caa137eea6 Merge branch 'mv88e6xxx-Watchdog-support'
Andrew Lunn says:

====================
mv88e6xxx Watchdog support

The Marvell switches have an in built watchdog over some of the
internal state machine. The watchdog can be configured to raise an
interrupt on error. The problem the watchdog found is then logged to
the kernel log.

The older switches can automagically perform a software reset when the
watchdog triggers. This just resets the internal state machine, but
leaves the switch configuration unchanged.

The 6390 family of switches cannot both raise an interrupt and
automagically perform a software reset. So the interrupt handler has
to perform the switch reset, and then re-enable the watchdog
interrupts.

This has been tested using hacked together debugfs code which allows
the "force" bit to be set, so cause a watchdog interrupt.

v2: Remove g2_prefix
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-13 09:30:22 -05:00
Andrew Lunn 6130373663 net: dsa: mv88e6xxx: Add mv88e6390 watchdog interrupt support
Implement the ops needed to support the watchdog for the MV88E6390
family.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-13 09:30:22 -05:00
Andrew Lunn fcd25166d9 net: dsa: mv88e6xxx: Add watchdog interrupt handler
The switch contains a watchdog looking for issues with the internal
gubbins of the switch. Hook the interrupt the watchdog triggers and
log the value of the control register indicating why the watchdog
fired. The watchdog can only be cleared with a switch reset, which
will destroy the current configuration. Rather than doing this, just
disable the interrupt.

The mv88e6390 family has different watchdog registers. So use an ops
structure, so support for the mv88e6390 family can be added later.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-13 09:30:21 -05:00
Philippe Reynes 3b03cc0783 net: natsemi: ns83820: use new api ethtool_{get|set}_link_ksettings
The ethtool api {get|set}_settings is deprecated.
We move this driver to new api {get|set}_link_ksettings.

As I don't have the hardware, I'd be very pleased if
someone may test this patch.

Signed-off-by: Philippe Reynes <tremyfr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:32:17 -05:00
Philippe Reynes 2efbe14303 net: nuvoton: w90p910: use new api ethtool_{get|set}_link_ksettings
The ethtool api {get|set}_settings is deprecated.
We move this driver to new api {get|set}_link_ksettings.

As I don't have the hardware, I'd be very pleased if
someone may test this patch.

Signed-off-by: Philippe Reynes <tremyfr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:32:17 -05:00
Philippe Reynes 08041ff24a net: neterion: vxge: use new api ethtool_{get|set}_link_ksettings
The ethtool api {get|set}_settings is deprecated.
We move this driver to new api {get|set}_link_ksettings.

As I don't have the hardware, I'd be very pleased if
someone may test this patch.

Signed-off-by: Philippe Reynes <tremyfr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:32:17 -05:00
Philippe Reynes 51f21442a2 net: neterion: s2io: use new api ethtool_{get|set}_link_ksettings
The ethtool api {get|set}_settings is deprecated.
We move this driver to new api {get|set}_link_ksettings.

As I don't have the hardware, I'd be very pleased if
someone may test this patch.

Signed-off-by: Philippe Reynes <tremyfr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:32:17 -05:00
Philippe Reynes b6878eaf75 net: micrel: ks8851_mll: use new api ethtool_{get|set}_link_ksettings
The ethtool api {get|set}_settings is deprecated.
We move this driver to new api {get|set}_link_ksettings.

As I don't have the hardware, I'd be very pleased if
someone may test this patch.

Signed-off-by: Philippe Reynes <tremyfr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:32:17 -05:00
Philippe Reynes 98f2b09226 net: micrel: ks8851: use new api ethtool_{get|set}_link_ksettings
The ethtool api {get|set}_settings is deprecated.
We move this driver to new api {get|set}_link_ksettings.

As I don't have the hardware, I'd be very pleased if
someone may test this patch.

Signed-off-by: Philippe Reynes <tremyfr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:32:17 -05:00
Philippe Reynes 28213375f9 net: micrel: ks8695net: use new api ethtool_{get|set}_link_ksettings
The ethtool api {get|set}_settings is deprecated.
We move this driver to new api {get|set}_link_ksettings.

As I don't have the hardware, I'd be very pleased if
someone may test this patch.

Signed-off-by: Philippe Reynes <tremyfr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:32:17 -05:00
Philippe Reynes 586b6e274a net: natsemi: use new api ethtool_{get|set}_link_ksettings
The ethtool api {get|set}_settings is deprecated.
We move this driver to new api {get|set}_link_ksettings.

As I don't have the hardware, I'd be very pleased if
someone may test this patch.

Signed-off-by: Philippe Reynes <tremyfr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:32:17 -05:00
Philippe Reynes cf901656e7 net: myricom: myri10ge: use new api ethtool_{get|set}_link_ksettings
The ethtool api {get|set}_settings is deprecated.
We move this driver to new api {get|set}_link_ksettings.

As I don't have the hardware, I'd be very pleased if
someone may test this patch.

Signed-off-by: Philippe Reynes <tremyfr@gmail.com>
Acked-by: Hyong-Youb Kim <hykim@myri.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:32:17 -05:00
Philippe Reynes 60fdcfa5ca net: microchip: encx24j600: use new api ethtool_{get|set}_link_ksettings
The ethtool api {get|set}_settings is deprecated.
We move this driver to new api {get|set}_link_ksettings.

As I don't have the hardware, I'd be very pleased if
someone may test this patch.

Signed-off-by: Philippe Reynes <tremyfr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:32:17 -05:00
Philippe Reynes 8ff638e4bb net: microchip: enc28j60: use new api ethtool_{get|set}_link_ksettings
The ethtool api {get|set}_settings is deprecated.
We move this driver to new api {get|set}_link_ksettings.

As I don't have the hardware, I'd be very pleased if
someone may test this patch.

Signed-off-by: Philippe Reynes <tremyfr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:32:17 -05:00
Philippe Reynes 2fb93a1a9f net: micrel: ksz884x: use new api ethtool_{get|set}_link_ksettings
The ethtool api {get|set}_settings is deprecated.
We move this driver to new api {get|set}_link_ksettings.

As I don't have the hardware, I'd be very pleased if
someone may test this patch.

Signed-off-by: Philippe Reynes <tremyfr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:32:17 -05:00
David S. Miller a209509311 Merge branch 'bnxt_en-misc-updates'
Michael Chan says:

====================
bnxt_en: Misc updates.

Miscellaneous updates include update of the firmware spec, ethtool flash
enhancement, ethtool -l minor fix, NTUPLE support enhancements, FEC
link settings message during link up, and new PCI IDs.  Please review.
Thanks.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:18:52 -05:00
Deepak Khungar 32b40798c1 bnxt_en: Added PCI IDs for BCM57452 and BCM57454 ASICs
Signed-off-by: Deepak Khungar <deepak.khungar@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:18:49 -05:00
Michael Chan b451c8b69e bnxt_en: Fix bnxt_setup_tc() error message.
Add proper puctuation to make the message more clear.

Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:18:49 -05:00
Michael Chan e70c752f88 bnxt_en: Print FEC settings as part of the linkup dmesg.
Print FEC (Forward Error Correction) autoneg and encoding settings during
link up.

Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:18:49 -05:00
Michael Chan 33dac24abb bnxt_en: Do not setup PHY unless driving a single PF.
If it is a VF or an NPAR function, the firmware call to setup the PHY
will fail.  Adding this check will prevent unnecessary firmware calls
to setup the PHY unless calling from the PF.  This will also eliminate
many unnecessary warning messages when the call from a VF or NPAR fails.

Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:18:49 -05:00
Michael Chan 61aad724ec bnxt_en: Add hardware NTUPLE filter for encapsulated packets.
If skb_flow_dissect_flow_keys() returns with the encapsulation flag
set, pass the information to the firmware to setup the NTUPLE filter
accordingly.

Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:18:49 -05:00
Michael Chan 964fd4801d bnxt_en: Allow NETIF_F_NTUPLE to be enabled on VFs.
Commit ae10ae740a ("bnxt_en: Add new hardware RFS mode.") has added
code to allow NTUPLE to be enabled on VFs.  So we now remove the
BNXT_VF() check in rfs_capable() to allow NTUPLE on VFs.

Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:18:49 -05:00
Michael Chan a79a5276aa bnxt_en: Fix ethtool -l pre-set max combined channel.
With commit d1e7925e6d ("bnxt_en: Centralize logic to reserve rings."),
ring allocation for combined rings has become stricter.  A combined
ring must now have an rx-tx ring pair.  The pre-set max. for combined
rings should now be min(rx, tx).

Fixes: d1e7925e6d ("bnxt_en: Centralize logic to reserve rings.")
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:18:49 -05:00
Kshitij Soni cb4d1d6261 bnxt_en: Retry failed NVM_INSTALL_UPDATE with defragmentation flag.
If the HWRM_NVM_INSTALL_UPDATE command fails with the error code
NVM_INSTALL_UPDATE_CMD_ERR_CODE_FRAG_ERR, retry the command with
a new flag to allow defragmentation.  Since we are checking the
response for error code, we also need to take the mutex until
we finish reading the response.

Signed-off-by: Kshitij Soni <kshitij.soni@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:18:49 -05:00
Michael Chan bac9a7e0f5 bnxt_en: Update to firmware interface spec 1.7.0.
The new spec has NVRAM defragmentation support which will be used in
the next patch to improve ethtool flash operation.

Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:18:49 -05:00
David S. Miller 7c92d61eca Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says:

====================
Netfilter updates for net-next

The following patchset contains Netfilter updates for your net-next
tree, most relevantly they are:

1) Extend nft_exthdr to allow to match TCP options bitfields, from
   Manuel Messner.

2) Allow to check if IPv6 extension header is present in nf_tables,
   from Phil Sutter.

3) Allow to set and match conntrack zone in nf_tables, patches from
   Florian Westphal.

4) Several patches for the nf_tables set infrastructure, this includes
   cleanup and preparatory patches to add the new bitmap set type.

5) Add optional ruleset generation ID check to nf_tables and allow to
   delete rules that got no public handle yet via NFTA_RULE_ID. These
   patches add the missing kernel infrastructure to support rule
   deletion by description from userspace.

6) Missing NFT_SET_OBJECT flag to select the right backend when sets
   stores an object map.

7) A couple of cleanups for the expectation and SIP helper, from Gao
   feng.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 22:11:43 -05:00
Pablo Neira Ayuso 7286ff7fde netfilter: nf_tables: honor NFT_SET_OBJECT in set backend selection
Check for NFT_SET_OBJECT feature flag, otherwise we may end up selecting
the wrong set backend.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-02-12 14:45:14 +01:00
Pablo Neira Ayuso fc52497eb9 netfilter: update MAINTAINERS
It's been a while since Patrick has been suspended as coreteam member [1].
Update this file to remove him.

While at this, remove references to all foo-tables variants, given the
project hosts more than just that, eg. ipset, conntrack, ...

[1] https://marc.info/?l=netfilter-devel&m=146887464512702

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-02-12 14:45:14 +01:00
Pablo Neira Ayuso 1a94e38d25 netfilter: nf_tables: add NFTA_RULE_ID attribute
This new attribute allows us to uniquely identify a rule in transaction.
Robots may trigger an insertion followed by deletion in a batch, in that
scenario we still don't have a public rule handle that we can use to
delete the rule. This is similar to the NFTA_SET_ID attribute that
allows us to refer to an anonymous set from a batch.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-02-12 14:45:13 +01:00
Pablo Neira Ayuso 74e8bcd21c netfilter: nf_tables: add check_genid to the nfnetlink subsystem
This patch implements the check generation id as provided by nfnetlink.
This allows us to reject ruleset updates against stale baseline, so
userspace can retry update with a fresh ruleset cache.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-02-12 14:45:12 +01:00
Pablo Neira Ayuso 8c4d4e8b56 netfilter: nfnetlink: allow to check for generation ID
This patch allows userspace to specify the generation ID that has been
used to build an incremental batch update.

If userspace specifies the generation ID in the batch message as
attribute, then nfnetlink compares it to the current generation ID so
you make sure that you work against the right baseline. Otherwise, bail
out with ERESTART so userspace knows that its changeset is stale and
needs to respin. Userspace can do this transparently at the cost of
taking slightly more time to refresh caches and rework the changeset.

This check is optional, if there is no NFNL_BATCH_GENID attribute in the
batch begin message, then no check is performed.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-02-12 14:45:11 +01:00
Pablo Neira Ayuso 48656835c0 netfilter: nfnetlink: add nfnetlink_rcv_skb_batch()
Add new nfnetlink_rcv_skb_batch() to wrap initial nfnetlink batch
handling.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-02-12 14:45:10 +01:00