* [PATCH 3/4] netfilter: xt_CT: remove redundant header include
From: pablo @ 2012-05-14 11:47 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <1336996023-20249-1-git-send-email-pablo@netfilter.org>
From: Eldad Zack <eldad@fogrefinery.com>
nf_conntrack_l4proto.h is included twice.
Signed-off-by: Eldad Zack <eldad@fogrefinery.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/xt_CT.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index 3746d8b..a51de9b 100644
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -17,7 +17,6 @@
#include <net/netfilter/nf_conntrack_l4proto.h>
#include <net/netfilter/nf_conntrack_helper.h>
#include <net/netfilter/nf_conntrack_ecache.h>
-#include <net/netfilter/nf_conntrack_l4proto.h>
#include <net/netfilter/nf_conntrack_timeout.h>
#include <net/netfilter/nf_conntrack_zones.h>
--
1.7.10
^ permalink raw reply related
* [PATCH 2/4] netfilter: ipset: fix hash size checking in kernel
From: pablo @ 2012-05-14 11:47 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <1336996023-20249-1-git-send-email-pablo@netfilter.org>
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
The hash size must fit both into u32 (jhash) and the max value of
size_t. The missing checking could lead to kernel crash, bug reported
by Seblu.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/linux/netfilter/ipset/ip_set_ahash.h | 16 ++++++++++++++++
net/netfilter/ipset/ip_set_hash_ip.c | 10 +++++++---
net/netfilter/ipset/ip_set_hash_ipport.c | 10 +++++++---
net/netfilter/ipset/ip_set_hash_ipportip.c | 10 +++++++---
net/netfilter/ipset/ip_set_hash_ipportnet.c | 10 +++++++---
net/netfilter/ipset/ip_set_hash_net.c | 10 +++++++---
net/netfilter/ipset/ip_set_hash_netiface.c | 10 +++++++---
net/netfilter/ipset/ip_set_hash_netport.c | 10 +++++++---
8 files changed, 65 insertions(+), 21 deletions(-)
diff --git a/include/linux/netfilter/ipset/ip_set_ahash.h b/include/linux/netfilter/ipset/ip_set_ahash.h
index 05a5d72..230a290 100644
--- a/include/linux/netfilter/ipset/ip_set_ahash.h
+++ b/include/linux/netfilter/ipset/ip_set_ahash.h
@@ -99,6 +99,22 @@ struct ip_set_hash {
#endif
};
+static size_t
+htable_size(u8 hbits)
+{
+ size_t hsize;
+
+ /* We must fit both into u32 in jhash and size_t */
+ if (hbits > 31)
+ return 0;
+ hsize = jhash_size(hbits);
+ if ((((size_t)-1) - sizeof(struct htable))/sizeof(struct hbucket)
+ < hsize)
+ return 0;
+
+ return hsize * sizeof(struct hbucket) + sizeof(struct htable);
+}
+
/* Compute htable_bits from the user input parameter hashsize */
static u8
htable_bits(u32 hashsize)
diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c
index 5139dea..828ce46 100644
--- a/net/netfilter/ipset/ip_set_hash_ip.c
+++ b/net/netfilter/ipset/ip_set_hash_ip.c
@@ -364,6 +364,7 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
{
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 netmask, hbits;
+ size_t hsize;
struct ip_set_hash *h;
if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
@@ -405,9 +406,12 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
h->timeout = IPSET_NO_TIMEOUT;
hbits = htable_bits(hashsize);
- h->table = ip_set_alloc(
- sizeof(struct htable)
- + jhash_size(hbits) * sizeof(struct hbucket));
+ hsize = htable_size(hbits);
+ if (hsize == 0) {
+ kfree(h);
+ return -ENOMEM;
+ }
+ h->table = ip_set_alloc(hsize);
if (!h->table) {
kfree(h);
return -ENOMEM;
diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c
index 9c27e24..e8dbb49 100644
--- a/net/netfilter/ipset/ip_set_hash_ipport.c
+++ b/net/netfilter/ipset/ip_set_hash_ipport.c
@@ -449,6 +449,7 @@ hash_ipport_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
struct ip_set_hash *h;
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
+ size_t hsize;
if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
@@ -476,9 +477,12 @@ hash_ipport_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
h->timeout = IPSET_NO_TIMEOUT;
hbits = htable_bits(hashsize);
- h->table = ip_set_alloc(
- sizeof(struct htable)
- + jhash_size(hbits) * sizeof(struct hbucket));
+ hsize = htable_size(hbits);
+ if (hsize == 0) {
+ kfree(h);
+ return -ENOMEM;
+ }
+ h->table = ip_set_alloc(hsize);
if (!h->table) {
kfree(h);
return -ENOMEM;
diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c
index 9134057..52f79d8 100644
--- a/net/netfilter/ipset/ip_set_hash_ipportip.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportip.c
@@ -467,6 +467,7 @@ hash_ipportip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
struct ip_set_hash *h;
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
+ size_t hsize;
if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
@@ -494,9 +495,12 @@ hash_ipportip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
h->timeout = IPSET_NO_TIMEOUT;
hbits = htable_bits(hashsize);
- h->table = ip_set_alloc(
- sizeof(struct htable)
- + jhash_size(hbits) * sizeof(struct hbucket));
+ hsize = htable_size(hbits);
+ if (hsize == 0) {
+ kfree(h);
+ return -ENOMEM;
+ }
+ h->table = ip_set_alloc(hsize);
if (!h->table) {
kfree(h);
return -ENOMEM;
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c
index 5d05e69..97583f5 100644
--- a/net/netfilter/ipset/ip_set_hash_ipportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c
@@ -616,6 +616,7 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
struct ip_set_hash *h;
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
+ size_t hsize;
if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
@@ -645,9 +646,12 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
h->timeout = IPSET_NO_TIMEOUT;
hbits = htable_bits(hashsize);
- h->table = ip_set_alloc(
- sizeof(struct htable)
- + jhash_size(hbits) * sizeof(struct hbucket));
+ hsize = htable_size(hbits);
+ if (hsize == 0) {
+ kfree(h);
+ return -ENOMEM;
+ }
+ h->table = ip_set_alloc(hsize);
if (!h->table) {
kfree(h);
return -ENOMEM;
diff --git a/net/netfilter/ipset/ip_set_hash_net.c b/net/netfilter/ipset/ip_set_hash_net.c
index 7c3d945..1721cde 100644
--- a/net/netfilter/ipset/ip_set_hash_net.c
+++ b/net/netfilter/ipset/ip_set_hash_net.c
@@ -460,6 +460,7 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
struct ip_set_hash *h;
u8 hbits;
+ size_t hsize;
if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
@@ -489,9 +490,12 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
h->timeout = IPSET_NO_TIMEOUT;
hbits = htable_bits(hashsize);
- h->table = ip_set_alloc(
- sizeof(struct htable)
- + jhash_size(hbits) * sizeof(struct hbucket));
+ hsize = htable_size(hbits);
+ if (hsize == 0) {
+ kfree(h);
+ return -ENOMEM;
+ }
+ h->table = ip_set_alloc(hsize);
if (!h->table) {
kfree(h);
return -ENOMEM;
diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c
index f24037f..33bafc9 100644
--- a/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -722,6 +722,7 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
struct ip_set_hash *h;
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
+ size_t hsize;
if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
@@ -752,9 +753,12 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
h->ahash_max = AHASH_MAX_SIZE;
hbits = htable_bits(hashsize);
- h->table = ip_set_alloc(
- sizeof(struct htable)
- + jhash_size(hbits) * sizeof(struct hbucket));
+ hsize = htable_size(hbits);
+ if (hsize == 0) {
+ kfree(h);
+ return -ENOMEM;
+ }
+ h->table = ip_set_alloc(hsize);
if (!h->table) {
kfree(h);
return -ENOMEM;
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c
index ce2e771..3a5e198 100644
--- a/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/net/netfilter/ipset/ip_set_hash_netport.c
@@ -572,6 +572,7 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
struct ip_set_hash *h;
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits;
+ size_t hsize;
if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
@@ -601,9 +602,12 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
h->timeout = IPSET_NO_TIMEOUT;
hbits = htable_bits(hashsize);
- h->table = ip_set_alloc(
- sizeof(struct htable)
- + jhash_size(hbits) * sizeof(struct hbucket));
+ hsize = htable_size(hbits);
+ if (hsize == 0) {
+ kfree(h);
+ return -ENOMEM;
+ }
+ h->table = ip_set_alloc(hsize);
if (!h->table) {
kfree(h);
return -ENOMEM;
--
1.7.10
^ permalink raw reply related
* [PATCH ethtool] Add command to dump module EEPROM
From: Yaniv Rosner @ 2012-05-14 15:13 UTC (permalink / raw)
To: Ben Hutchings; +Cc: David Miller, netdev, Eilon Greenstein, Yaniv Rosner
Hi Ben,
This patch adds a new option to dump (SFP+, XFP, ...) module EEPROM following
recent support to kernel side. Below some examples:
bash-3.00# ethtool -m eth1 offset 0x14 length 32 raw on
JDSU PLRXPLSCS432
bash-3.00# ethtool -m eth1 offset 0x14 length 32
Offset Values
------ ------
0x0014 4a 44 53 55 20 20 20 20 20 20 20 20 20 20 20 20
0x0024 00 00 01 9c 50 4c 52 58 50 4c 53 43 53 34 33 32
Please consider applying to ethtool.
Thanks,
Yaniv
Signed-off-by: Yaniv Rosner <yanivr@broadcom.com>
---
ethtool-copy.h | 312 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
ethtool.8.in | 23 ++++-
ethtool.c | 63 +++++++++++
3 files changed, 393 insertions(+), 5 deletions(-)
diff --git a/ethtool-copy.h b/ethtool-copy.h
index d904c1a..604dbef 100644
--- a/ethtool-copy.h
+++ b/ethtool-copy.h
@@ -13,6 +13,9 @@
#ifndef _LINUX_ETHTOOL_H
#define _LINUX_ETHTOOL_H
+#ifdef __KERNEL__
+#include <linux/compat.h>
+#endif
#include <linux/types.h>
#include <linux/if_ether.h>
@@ -27,10 +30,15 @@ struct ethtool_cmd {
* access it */
__u8 duplex; /* Duplex, half or full */
__u8 port; /* Which connector port */
- __u8 phy_address;
+ __u8 phy_address; /* MDIO PHY address (PRTAD for clause 45).
+ * May be read-only or read-write
+ * depending on the driver.
+ */
__u8 transceiver; /* Which transceiver to use */
__u8 autoneg; /* Enable or disable autonegotiation */
- __u8 mdio_support;
+ __u8 mdio_support; /* MDIO protocols supported. Read-only.
+ * Not set by all drivers.
+ */
__u32 maxtxpkt; /* Tx pkts before generating tx int */
__u32 maxrxpkt; /* Rx pkts before generating rx int */
__u16 speed_hi; /* The forced speed (upper
@@ -43,7 +51,7 @@ struct ethtool_cmd {
__u32 reserved[2];
};
-static __inline__ void ethtool_cmd_speed_set(struct ethtool_cmd *ep,
+static inline void ethtool_cmd_speed_set(struct ethtool_cmd *ep,
__u32 speed)
{
@@ -51,11 +59,25 @@ static __inline__ void ethtool_cmd_speed_set(struct ethtool_cmd *ep,
ep->speed_hi = (__u16)(speed >> 16);
}
-static __inline__ __u32 ethtool_cmd_speed(const struct ethtool_cmd *ep)
+static inline __u32 ethtool_cmd_speed(const struct ethtool_cmd *ep)
{
return (ep->speed_hi << 16) | ep->speed;
}
+/* Device supports clause 22 register access to PHY or peripherals
+ * using the interface defined in <linux/mii.h>. This should not be
+ * set if there are known to be no such peripherals present or if
+ * the driver only emulates clause 22 registers for compatibility.
+ */
+#define ETH_MDIO_SUPPORTS_C22 1
+
+/* Device supports clause 45 register access to PHY or peripherals
+ * using the interface defined in <linux/mii.h> and <linux/mdio.h>.
+ * This should not be set if there are known to be no such peripherals
+ * present.
+ */
+#define ETH_MDIO_SUPPORTS_C45 2
+
#define ETHTOOL_FWVERS_LEN 32
#define ETHTOOL_BUSINFO_LEN 32
/* these strings are set to whatever the driver author decides... */
@@ -115,6 +137,23 @@ struct ethtool_eeprom {
};
/**
+ * struct ethtool_modinfo - plugin module eeprom information
+ * @cmd: %ETHTOOL_GMODULEINFO
+ * @type: Standard the module information conforms to %ETH_MODULE_SFF_xxxx
+ * @eeprom_len: Length of the eeprom
+ *
+ * This structure is used to return the information to
+ * properly size memory for a subsequent call to %ETHTOOL_GMODULEEEPROM.
+ * The type code indicates the eeprom data format
+ */
+struct ethtool_modinfo {
+ __u32 cmd;
+ __u32 type;
+ __u32 eeprom_len;
+ __u32 reserved[8];
+};
+
+/**
* struct ethtool_coalesce - coalescing parameters for IRQs and stats updates
* @cmd: ETHTOOL_{G,S}COALESCE
* @rx_coalesce_usecs: How many usecs to delay an RX interrupt after
@@ -528,6 +567,30 @@ struct ethtool_rxnfc {
__u32 rule_locs[0];
};
+#ifdef __KERNEL__
+#ifdef CONFIG_COMPAT
+
+struct compat_ethtool_rx_flow_spec {
+ u32 flow_type;
+ union ethtool_flow_union h_u;
+ struct ethtool_flow_ext h_ext;
+ union ethtool_flow_union m_u;
+ struct ethtool_flow_ext m_ext;
+ compat_u64 ring_cookie;
+ u32 location;
+};
+
+struct compat_ethtool_rxnfc {
+ u32 cmd;
+ u32 flow_type;
+ compat_u64 data;
+ struct compat_ethtool_rx_flow_spec fs;
+ u32 rule_cnt;
+ u32 rule_locs[0];
+};
+
+#endif /* CONFIG_COMPAT */
+#endif /* __KERNEL__ */
/**
* struct ethtool_rxfh_indir - command to get or set RX flow hash indirection
@@ -680,6 +743,29 @@ struct ethtool_sfeatures {
struct ethtool_set_features_block features[0];
};
+/**
+ * struct ethtool_ts_info - holds a device's timestamping and PHC association
+ * @cmd: command number = %ETHTOOL_GET_TS_INFO
+ * @so_timestamping: bit mask of the sum of the supported SO_TIMESTAMPING flags
+ * @phc_index: device index of the associated PHC, or -1 if there is none
+ * @tx_types: bit mask of the supported hwtstamp_tx_types enumeration values
+ * @rx_filters: bit mask of the supported hwtstamp_rx_filters enumeration values
+ *
+ * The bits in the 'tx_types' and 'rx_filters' fields correspond to
+ * the 'hwtstamp_tx_types' and 'hwtstamp_rx_filters' enumeration values,
+ * respectively. For example, if the device supports HWTSTAMP_TX_ON,
+ * then (1 << HWTSTAMP_TX_ON) in 'tx_types' will be set.
+ */
+struct ethtool_ts_info {
+ __u32 cmd;
+ __u32 so_timestamping;
+ __s32 phc_index;
+ __u32 tx_types;
+ __u32 tx_reserved[3];
+ __u32 rx_filters;
+ __u32 rx_reserved[3];
+};
+
/*
* %ETHTOOL_SFEATURES changes features present in features[].valid to the
* values of corresponding bits in features[].requested. Bits in .requested
@@ -715,6 +801,215 @@ enum ethtool_sfeatures_retval_bits {
#define ETHTOOL_F_WISH (1 << ETHTOOL_F_WISH__BIT)
#define ETHTOOL_F_COMPAT (1 << ETHTOOL_F_COMPAT__BIT)
+#ifdef __KERNEL__
+
+#include <linux/rculist.h>
+
+extern int __ethtool_get_settings(struct net_device *dev,
+ struct ethtool_cmd *cmd);
+
+/**
+ * enum ethtool_phys_id_state - indicator state for physical identification
+ * @ETHTOOL_ID_INACTIVE: Physical ID indicator should be deactivated
+ * @ETHTOOL_ID_ACTIVE: Physical ID indicator should be activated
+ * @ETHTOOL_ID_ON: LED should be turned on (used iff %ETHTOOL_ID_ACTIVE
+ * is not supported)
+ * @ETHTOOL_ID_OFF: LED should be turned off (used iff %ETHTOOL_ID_ACTIVE
+ * is not supported)
+ */
+enum ethtool_phys_id_state {
+ ETHTOOL_ID_INACTIVE,
+ ETHTOOL_ID_ACTIVE,
+ ETHTOOL_ID_ON,
+ ETHTOOL_ID_OFF
+};
+
+struct net_device;
+
+/* Some generic methods drivers may use in their ethtool_ops */
+u32 ethtool_op_get_link(struct net_device *dev);
+int ethtool_op_get_ts_info(struct net_device *dev, struct ethtool_ts_info *eti);
+
+/**
+ * ethtool_rxfh_indir_default - get default value for RX flow hash indirection
+ * @index: Index in RX flow hash indirection table
+ * @n_rx_rings: Number of RX rings to use
+ *
+ * This function provides the default policy for RX flow hash indirection.
+ */
+static inline u32 ethtool_rxfh_indir_default(u32 index, u32 n_rx_rings)
+{
+ return index % n_rx_rings;
+}
+
+/**
+ * struct ethtool_ops - optional netdev operations
+ * @get_settings: Get various device settings including Ethernet link
+ * settings. The @cmd parameter is expected to have been cleared
+ * before get_settings is called. Returns a negative error code or
+ * zero.
+ * @set_settings: Set various device settings including Ethernet link
+ * settings. Returns a negative error code or zero.
+ * @get_drvinfo: Report driver/device information. Should only set the
+ * @driver, @version, @fw_version and @bus_info fields. If not
+ * implemented, the @driver and @bus_info fields will be filled in
+ * according to the netdev's parent device.
+ * @get_regs_len: Get buffer length required for @get_regs
+ * @get_regs: Get device registers
+ * @get_wol: Report whether Wake-on-Lan is enabled
+ * @set_wol: Turn Wake-on-Lan on or off. Returns a negative error code
+ * or zero.
+ * @get_msglevel: Report driver message level. This should be the value
+ * of the @msg_enable field used by netif logging functions.
+ * @set_msglevel: Set driver message level
+ * @nway_reset: Restart autonegotiation. Returns a negative error code
+ * or zero.
+ * @get_link: Report whether physical link is up. Will only be called if
+ * the netdev is up. Should usually be set to ethtool_op_get_link(),
+ * which uses netif_carrier_ok().
+ * @get_eeprom: Read data from the device EEPROM.
+ * Should fill in the magic field. Don't need to check len for zero
+ * or wraparound. Fill in the data argument with the eeprom values
+ * from offset to offset + len. Update len to the amount read.
+ * Returns an error or zero.
+ * @set_eeprom: Write data to the device EEPROM.
+ * Should validate the magic field. Don't need to check len for zero
+ * or wraparound. Update len to the amount written. Returns an error
+ * or zero.
+ * @get_coalesce: Get interrupt coalescing parameters. Returns a negative
+ * error code or zero.
+ * @set_coalesce: Set interrupt coalescing parameters. Returns a negative
+ * error code or zero.
+ * @get_ringparam: Report ring sizes
+ * @set_ringparam: Set ring sizes. Returns a negative error code or zero.
+ * @get_pauseparam: Report pause parameters
+ * @set_pauseparam: Set pause parameters. Returns a negative error code
+ * or zero.
+ * @self_test: Run specified self-tests
+ * @get_strings: Return a set of strings that describe the requested objects
+ * @set_phys_id: Identify the physical devices, e.g. by flashing an LED
+ * attached to it. The implementation may update the indicator
+ * asynchronously or synchronously, but in either case it must return
+ * quickly. It is initially called with the argument %ETHTOOL_ID_ACTIVE,
+ * and must either activate asynchronous updates and return zero, return
+ * a negative error or return a positive frequency for synchronous
+ * indication (e.g. 1 for one on/off cycle per second). If it returns
+ * a frequency then it will be called again at intervals with the
+ * argument %ETHTOOL_ID_ON or %ETHTOOL_ID_OFF and should set the state of
+ * the indicator accordingly. Finally, it is called with the argument
+ * %ETHTOOL_ID_INACTIVE and must deactivate the indicator. Returns a
+ * negative error code or zero.
+ * @get_ethtool_stats: Return extended statistics about the device.
+ * This is only useful if the device maintains statistics not
+ * included in &struct rtnl_link_stats64.
+ * @begin: Function to be called before any other operation. Returns a
+ * negative error code or zero.
+ * @complete: Function to be called after any other operation except
+ * @begin. Will be called even if the other operation failed.
+ * @get_priv_flags: Report driver-specific feature flags.
+ * @set_priv_flags: Set driver-specific feature flags. Returns a negative
+ * error code or zero.
+ * @get_sset_count: Get number of strings that @get_strings will write.
+ * @get_rxnfc: Get RX flow classification rules. Returns a negative
+ * error code or zero.
+ * @set_rxnfc: Set RX flow classification rules. Returns a negative
+ * error code or zero.
+ * @flash_device: Write a firmware image to device's flash memory.
+ * Returns a negative error code or zero.
+ * @reset: Reset (part of) the device, as specified by a bitmask of
+ * flags from &enum ethtool_reset_flags. Returns a negative
+ * error code or zero.
+ * @get_rxfh_indir_size: Get the size of the RX flow hash indirection table.
+ * Returns zero if not supported for this specific device.
+ * @get_rxfh_indir: Get the contents of the RX flow hash indirection table.
+ * Will not be called if @get_rxfh_indir_size returns zero.
+ * Returns a negative error code or zero.
+ * @set_rxfh_indir: Set the contents of the RX flow hash indirection table.
+ * Will not be called if @get_rxfh_indir_size returns zero.
+ * Returns a negative error code or zero.
+ * @get_channels: Get number of channels.
+ * @set_channels: Set number of channels. Returns a negative error code or
+ * zero.
+ * @get_dump_flag: Get dump flag indicating current dump length, version,
+ * and flag of the device.
+ * @get_dump_data: Get dump data.
+ * @set_dump: Set dump specific flags to the device.
+ * @get_ts_info: Get the time stamping and PTP hardware clock capabilities.
+ * Drivers supporting transmit time stamps in software should set this to
+ * ethtool_op_get_ts_info().
+ * @get_module_info: Get the size and type of the eeprom contained within
+ * a plug-in module.
+ * @get_module_eeprom: Get the eeprom information from the plug-in module
+ *
+ * All operations are optional (i.e. the function pointer may be set
+ * to %NULL) and callers must take this into account. Callers must
+ * hold the RTNL lock.
+ *
+ * See the structures used by these operations for further documentation.
+ *
+ * See &struct net_device and &struct net_device_ops for documentation
+ * of the generic netdev features interface.
+ */
+struct ethtool_ops {
+ int (*get_settings)(struct net_device *, struct ethtool_cmd *);
+ int (*set_settings)(struct net_device *, struct ethtool_cmd *);
+ void (*get_drvinfo)(struct net_device *, struct ethtool_drvinfo *);
+ int (*get_regs_len)(struct net_device *);
+ void (*get_regs)(struct net_device *, struct ethtool_regs *, void *);
+ void (*get_wol)(struct net_device *, struct ethtool_wolinfo *);
+ int (*set_wol)(struct net_device *, struct ethtool_wolinfo *);
+ u32 (*get_msglevel)(struct net_device *);
+ void (*set_msglevel)(struct net_device *, u32);
+ int (*nway_reset)(struct net_device *);
+ u32 (*get_link)(struct net_device *);
+ int (*get_eeprom_len)(struct net_device *);
+ int (*get_eeprom)(struct net_device *,
+ struct ethtool_eeprom *, u8 *);
+ int (*set_eeprom)(struct net_device *,
+ struct ethtool_eeprom *, u8 *);
+ int (*get_coalesce)(struct net_device *, struct ethtool_coalesce *);
+ int (*set_coalesce)(struct net_device *, struct ethtool_coalesce *);
+ void (*get_ringparam)(struct net_device *,
+ struct ethtool_ringparam *);
+ int (*set_ringparam)(struct net_device *,
+ struct ethtool_ringparam *);
+ void (*get_pauseparam)(struct net_device *,
+ struct ethtool_pauseparam*);
+ int (*set_pauseparam)(struct net_device *,
+ struct ethtool_pauseparam*);
+ void (*self_test)(struct net_device *, struct ethtool_test *, u64 *);
+ void (*get_strings)(struct net_device *, u32 stringset, u8 *);
+ int (*set_phys_id)(struct net_device *, enum ethtool_phys_id_state);
+ void (*get_ethtool_stats)(struct net_device *,
+ struct ethtool_stats *, u64 *);
+ int (*begin)(struct net_device *);
+ void (*complete)(struct net_device *);
+ u32 (*get_priv_flags)(struct net_device *);
+ int (*set_priv_flags)(struct net_device *, u32);
+ int (*get_sset_count)(struct net_device *, int);
+ int (*get_rxnfc)(struct net_device *,
+ struct ethtool_rxnfc *, u32 *rule_locs);
+ int (*set_rxnfc)(struct net_device *, struct ethtool_rxnfc *);
+ int (*flash_device)(struct net_device *, struct ethtool_flash *);
+ int (*reset)(struct net_device *, u32 *);
+ u32 (*get_rxfh_indir_size)(struct net_device *);
+ int (*get_rxfh_indir)(struct net_device *, u32 *);
+ int (*set_rxfh_indir)(struct net_device *, const u32 *);
+ void (*get_channels)(struct net_device *, struct ethtool_channels *);
+ int (*set_channels)(struct net_device *, struct ethtool_channels *);
+ int (*get_dump_flag)(struct net_device *, struct ethtool_dump *);
+ int (*get_dump_data)(struct net_device *,
+ struct ethtool_dump *, void *);
+ int (*set_dump)(struct net_device *, struct ethtool_dump *);
+ int (*get_ts_info)(struct net_device *, struct ethtool_ts_info *);
+ int (*get_module_info)(struct net_device *,
+ struct ethtool_modinfo *);
+ int (*get_module_eeprom)(struct net_device *,
+ struct ethtool_eeprom *, u8 *);
+
+
+};
+#endif /* __KERNEL__ */
/* CMDs currently supported */
#define ETHTOOL_GSET 0x00000001 /* Get settings. */
@@ -786,6 +1081,9 @@ enum ethtool_sfeatures_retval_bits {
#define ETHTOOL_SET_DUMP 0x0000003e /* Set dump settings */
#define ETHTOOL_GET_DUMP_FLAG 0x0000003f /* Get dump settings */
#define ETHTOOL_GET_DUMP_DATA 0x00000040 /* Get dump data */
+#define ETHTOOL_GET_TS_INFO 0x00000041 /* Get time stamping and PHC info */
+#define ETHTOOL_GMODULEINFO 0x00000042 /* Get plug-in module information */
+#define ETHTOOL_GMODULEEEPROM 0x00000043 /* Get plug-in module eeprom */
/* compatibility with older code */
#define SPARC_ETH_GSET ETHTOOL_GSET
@@ -935,6 +1233,12 @@ enum ethtool_sfeatures_retval_bits {
#define RX_CLS_LOC_FIRST 0xfffffffe
#define RX_CLS_LOC_LAST 0xfffffffd
+/* EEPROM Standards for plug in modules */
+#define ETH_MODULE_SFF_8079 0x1
+#define ETH_MODULE_SFF_8079_LEN 256
+#define ETH_MODULE_SFF_8472 0x2
+#define ETH_MODULE_SFF_8472_LEN 512
+
/* Reset flags */
/* The reset() operation must clear the flags for the components which
* were actually reset. On successful return, the flags indicate the
diff --git a/ethtool.8.in b/ethtool.8.in
index 63d5d48..470fd8d 100644
--- a/ethtool.8.in
+++ b/ethtool.8.in
@@ -325,6 +325,13 @@ ethtool \- query or control network driver and hardware settings
.I devname flag
.A1 on off
.RB ...
+.HP
+.B ethtool \-m|\-\-mod\-eeprom\-dump
+.I devname
+.B2 raw on off
+.BN offset
+.BN length
+.HP
.
.\" Adjust lines (i.e. full justification) and hyphenate.
.ad
@@ -800,6 +807,19 @@ Sets the device's private flags as specified.
.I flag
.A1 on off
Sets the state of the named private flag.
+.TP
+.B \-m \-\-mod\-eeprom\-dump
+Retrieves and prints module (SFP+, XFP, ...) EEPROMs dump for the specified network device.
+Default is to dump the entire EEPROM.
+.TP
+.BI raw \ on|off
+Dumps the raw EEPROM data to stdout.
+.TP
+.BI offset \ N
+Start address of module EEPROM dump.
+.TP
+.BI length \ N
+Length of module EEPROM dump.
.SH BUGS
Not supported (in part or whole) on all network drivers.
.SH AUTHOR
@@ -815,7 +835,8 @@ Eli Kupermann,
Scott Feldman,
Andi Kleen,
Alexander Duyck,
-Sucheta Chakraborty.
+Sucheta Chakraborty,
+Yaniv Rosner.
.SH AVAILABILITY
.B ethtool
is available from
diff --git a/ethtool.c b/ethtool.c
index e80b38b..6d022c3 100644
--- a/ethtool.c
+++ b/ethtool.c
@@ -2214,6 +2214,64 @@ static int do_nway_rst(struct cmd_context *ctx)
return err;
}
+static int do_gmoduleeeprom(struct cmd_context *ctx)
+{
+ int geeprom_changed = 0;
+ int geeprom_dump_raw = 0;
+ u32 geeprom_offset = 0;
+ u32 geeprom_length = -1;
+ struct cmdline_info cmdline_geeprom[] = {
+ { "offset", CMDL_U32, &geeprom_offset, NULL },
+ { "length", CMDL_U32, &geeprom_length, NULL },
+ { "raw", CMDL_BOOL, &geeprom_dump_raw, NULL },
+ };
+ int err;
+ struct ethtool_modinfo modinfo;
+ struct ethtool_eeprom *eeprom;
+ struct ethtool_drvinfo drvinfo;
+
+ parse_generic_cmdline(ctx, &geeprom_changed,
+ cmdline_geeprom, ARRAY_SIZE(cmdline_geeprom));
+
+ drvinfo.cmd = ETHTOOL_GDRVINFO;
+ err = send_ioctl(ctx, &drvinfo);
+ if (err < 0) {
+ perror("Cannot get driver information");
+ return 74;
+ }
+
+ modinfo.cmd = ETHTOOL_GMODULEINFO;
+ err = send_ioctl(ctx, &modinfo);
+ if (err < 0) {
+ perror("Cannot get driver information");
+ return 74;
+ }
+
+ if (geeprom_length == -1)
+ geeprom_length = modinfo.eeprom_len;
+
+ if (modinfo.eeprom_len < geeprom_offset + geeprom_length)
+ geeprom_length = modinfo.eeprom_len - geeprom_offset;
+ eeprom = calloc(1, sizeof(*eeprom)+geeprom_length);
+ if (!eeprom) {
+ perror("Cannot allocate memory for EEPROM data");
+ return 75;
+ }
+ eeprom->cmd = ETHTOOL_GMODULEEEPROM;
+ eeprom->len = geeprom_length;
+ eeprom->offset = geeprom_offset;
+ err = send_ioctl(ctx, eeprom);
+ if (err < 0) {
+ perror("Cannot get EEPROM data");
+ free(eeprom);
+ return 74;
+ }
+ err = dump_eeprom(geeprom_dump_raw, &drvinfo, eeprom);
+ free(eeprom);
+
+ return err;
+}
+
static int do_geeprom(struct cmd_context *ctx)
{
int geeprom_changed = 0;
@@ -3231,6 +3289,11 @@ static const struct option {
{ "--show-priv-flags" , 1, do_gprivflags, "Query private flags" },
{ "--set-priv-flags", 1, do_sprivflags, "Set private flags",
" FLAG on|off ...\n" },
+ { "-m|--mod-eeprom-dump", 1, do_gmoduleeeprom,
+ "Dumps SFP+ module EEPROM",
+ " [ raw on|off ]\n"
+ " [ offset N ]\n"
+ " [ length N ]\n" },
{ "-h|--help", 0, show_usage, "Show this help" },
{ "--version", 0, do_version, "Show version number" },
{}
--
1.7.7.1
^ permalink raw reply related
* Kernel consistently panicing on br_parse_ip_options
From: Massimo Cetra @ 2012-05-14 12:37 UTC (permalink / raw)
To: linux-kernel, netdev
[-- Attachment #1: Type: text/plain, Size: 691 bytes --]
Hello,
I had already filed similar panics a month ago.
Today i upgraded to 3.2.16 and nothing seems to be changed (and i don't
see anything related in .17).
The server (a Dell R410 with a couple of bnx2 ethernet cards) has two
bridges onboard.
Each bridge is connected to a different switch and has 2 uses:
- one bridge is connecting an internal network and the KVM hosts that
run on the same machine
- one bridge connects the server to the public network along with
another bunch of kvm servers whose interfaces bridges
The bug can be easily triggered adding or removing (with heartbeat) a
virtual address (br0:1, for example) .
Is there any known fix or patch ?
Thanks
Massimo
[-- Attachment #2: panic1.txt --]
[-- Type: text/plain, Size: 23913 bytes --]
May 14 14:14:28 172.30.1.2 [ 426.318698] BUG: unable to handle kernel
May 14 14:14:28 172.30.1.2 [ 426.334484] IP:
May 14 14:14:28 172.30.1.2 [ 426.348653] PGD 0
May 14 14:14:28 172.30.1.2
May 14 14:14:28 172.30.1.2 [ 426.352753] Oops: 0000 [#1]
May 14 14:14:28 172.30.1.2 SMP
May 14 14:14:28 172.30.1.2
May 14 14:14:28 172.30.1.2 [ 426.359335] CPU 0
May 14 14:14:28 172.30.1.2
May 14 14:14:28 172.30.1.2 [ 426.363033] Modules linked in:
May 14 14:14:28 172.30.1.2
May 14 14:14:28 172.30.1.2 [ 426.505401]
May 14 14:14:28 172.30.1.2 [ 426.508406] Pid: 3831, comm: kvm Not tainted 3.2.0-2-amd64 #1
May 14 14:14:28 172.30.1.2 /0N051F
May 14 14:14:28 172.30.1.2
May 14 14:14:28 172.30.1.2 [ 426.525620] RIP: 0010:[<ffffffffa0248336>]
May 14 14:14:28 172.30.1.2 [ 426.544639] RSP: 0018:ffff88042fc03b18 EFLAGS: 00010293
May 14 14:14:28 172.30.1.2 [ 426.555288] RAX: 0000000000000000 RBX: ffff88042517ed80 RCX: 0000000100007b59
May 14 14:14:28 172.30.1.2 [ 426.569579] RDX: ffffffffa0248308 RSI: 0000000000000282 RDI: ffff88042517ed80
May 14 14:14:28 172.30.1.2 [ 426.583872] RBP: ffff8804263ca000 R08: 0000000000000000 R09: ffff88042fc03ad0
May 14 14:14:28 172.30.1.2 [ 426.598162] R10: ffffffff8165aac0 R11: ffffffff8165aac0 R12: 0000000000000000
May 14 14:14:28 172.30.1.2 [ 426.612453] R13: ffff8804250a8002 R14: ffff8803d6f2f600 R15: ffff8804250a8000
May 14 14:14:28 172.30.1.2 [ 426.626747] FS: 00007f87688e6900(0000) GS:ffff88042fc00000(0000) knlGS:0000000000000000
May 14 14:14:28 172.30.1.2 [ 426.642961] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
May 14 14:14:28 172.30.1.2 [ 426.654477] CR2: 0000000000000018 CR3: 00000004231e6000 CR4: 00000000000026e0
May 14 14:14:28 172.30.1.2 [ 426.668770] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
May 14 14:14:28 172.30.1.2 [ 426.683063] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
May 14 14:14:28 172.30.1.2 [ 426.697356] Process kvm (pid: 3831, threadinfo ffff8804232ae000, task ffff8804261bc8f0)
May 14 14:14:28 172.30.1.2 [ 426.713396] Stack:
May 14 14:14:28 172.30.1.2 [ 426.717457] ffffffff80000000
May 14 14:14:28 172.30.1.2
May 14 14:14:28 172.30.1.2 [ 426.732504] ffff880227a60000
May 14 14:14:28 172.30.1.2
May 14 14:14:28 172.30.1.2 [ 426.747550] ffff88042517ed80
May 14 14:14:28 172.30.1.2
May 14 14:14:28 172.30.1.2 [ 426.762595] Call Trace:
May 14 14:14:28 172.30.1.2 [ 426.767521] <IRQ>
May 14 14:14:28 172.30.1.2
May 14 14:14:28 172.30.1.2 [ 426.771812] [<ffffffffa02486db>] ? br_parse_ip_options+0x3d/0x19a [bridge]
May 14 14:14:28 172.30.1.2 [ 426.785762] [<ffffffffa0248a67>] ? br_nf_forward_ip+0x1c0/0x1d4 [bridge]
May 14 14:14:28 172.30.1.2 [ 426.799365] [<ffffffff812ac039>] ? nf_iterate+0x41/0x77
May 14 14:14:28 172.30.1.2 [ 426.810018] [<ffffffffa0243918>] ? __br_deliver+0xa0/0xa0 [bridge]
May 14 14:14:28 172.30.1.2 [ 426.822578] [<ffffffffa0243918>] ? __br_deliver+0xa0/0xa0 [bridge]
May 14 14:14:28 172.30.1.2 [ 426.835139] [<ffffffff812ac0d7>] ? nf_hook_slow+0x68/0x101
May 14 14:14:28 172.30.1.2 [ 426.846313] [<ffffffffa0243918>] ? __br_deliver+0xa0/0xa0 [bridge]
May 14 14:14:29 172.30.1.2 [ 426.858873] [<ffffffffa024437a>] ? NF_HOOK.constprop.4+0x56/0x56 [bridge]
May 14 14:14:29 172.30.1.2 [ 426.872647] [<ffffffffa0243918>] ? __br_deliver+0xa0/0xa0 [bridge]
May 14 14:14:29 172.30.1.2 [ 426.885206] [<ffffffffa024385e>] ? NF_HOOK.constprop.8+0x3c/0x56 [bridge]
May 14 14:14:29 172.30.1.2 [ 426.898980] [<ffffffffa02439f2>] ? br_forward+0x16/0x5a [bridge]
May 14 14:14:29 172.30.1.2 [ 426.911195] [<ffffffffa024451b>] ? br_handle_frame_finish+0x1a1/0x20f [bridge]
May 14 14:14:29 172.30.1.2 [ 426.925851] [<ffffffffa02485ff>] ? br_nf_pre_routing_finish+0x1d0/0x1dd [bridge]
May 14 14:14:29 172.30.1.2 [ 426.940856] [<ffffffffa0247ff0>] ? NF_HOOK_THRESH+0x3b/0x55 [bridge]
May 14 14:14:29 172.30.1.2 [ 426.953763] [<ffffffffa0248f58>] ? br_nf_pre_routing+0x3e8/0x3f5 [bridge]
May 14 14:14:29 172.30.1.2 [ 426.967536] [<ffffffff812ac039>] ? nf_iterate+0x41/0x77
May 14 14:14:29 172.30.1.2 [ 426.978191] [<ffffffff8128ad1d>] ? netif_receive_skb+0x63/0x69
May 14 14:14:29 172.30.1.2 [ 426.990056] [<ffffffff8128b1ef>] ? napi_gro_receive+0x1d/0x2b
May 14 14:14:29 172.30.1.2 [ 427.001751] [<ffffffffa024437a>] ? NF_HOOK.constprop.4+0x56/0x56 [bridge]
May 14 14:14:29 172.30.1.2 [ 427.015525] [<ffffffff812ac0d7>] ? nf_hook_slow+0x68/0x101
May 14 14:14:29 172.30.1.2 [ 427.026699] [<ffffffffa024437a>] ? NF_HOOK.constprop.4+0x56/0x56 [bridge]
May 14 14:14:29 172.30.1.2 [ 427.040474] [<ffffffffa024437a>] ? NF_HOOK.constprop.4+0x56/0x56 [bridge]
May 14 14:14:29 172.30.1.2 [ 427.054249] [<ffffffffa0244360>] ? NF_HOOK.constprop.4+0x3c/0x56 [bridge]
May 14 14:14:29 172.30.1.2 [ 427.068025] [<ffffffff810135ad>] ? paravirt_read_tsc+0x5/0x8
May 14 14:14:29 172.30.1.2 [ 427.079542] [<ffffffff81013622>] ? read_tsc+0x5/0x14
May 14 14:14:29 172.30.1.2 [ 427.089674] [<ffffffffa024473c>] ? br_handle_frame+0x1b3/0x1cb [bridge]
May 14 14:14:29 172.30.1.2 [ 427.103103] [<ffffffffa0244589>] ? br_handle_frame_finish+0x20f/0x20f [bridge]
May 14 14:14:29 172.30.1.2 [ 427.117759] [<ffffffff812892c0>] ? __netif_receive_skb+0x324/0x41f
May 14 14:14:29 172.30.1.2 [ 427.130319] [<ffffffff81289427>] ? process_backlog+0x6c/0x123
May 14 14:14:29 172.30.1.2 [ 427.142012] [<ffffffff8128b30d>] ? net_rx_action+0xa1/0x1af
May 14 14:14:29 172.30.1.2 [ 427.153360] [<ffffffff81036fab>] ? test_tsk_need_resched+0xa/0x13
May 14 14:14:29 172.30.1.2 [ 427.165748] [<ffffffff8104be30>] ? __do_softirq+0xb9/0x177
May 14 14:14:29 172.30.1.2 [ 427.176924] [<ffffffff8135046c>] ? call_softirq+0x1c/0x30
May 14 14:14:29 172.30.1.2 [ 427.187920] <EOI>
May 14 14:14:29 172.30.1.2
May 14 14:14:29 172.30.1.2 [ 427.192210] [<ffffffff8100f8e5>] ? do_softirq+0x3c/0x7b
May 14 14:14:29 172.30.1.2 [ 427.202862] [<ffffffff8128b5fd>] ? netif_rx_ni+0x1e/0x27
May 14 14:14:29 172.30.1.2 [ 427.213688] [<ffffffffa02a7721>] ? tun_get_user+0x39a/0x3c2 [tun]
May 14 14:14:29 172.30.1.2 [ 427.226074] [<ffffffffa02a7a66>] ? tun_chr_poll+0xcd/0xcd [tun]
May 14 14:14:29 172.30.1.2 [ 427.238114] [<ffffffffa02a7ac4>] ? tun_chr_aio_write+0x5e/0x79 [tun]
May 14 14:14:29 172.30.1.2 [ 427.251024] [<ffffffff810f9594>] ? do_sync_readv_writev+0x9a/0xd7
May 14 14:14:29 172.30.1.2 [ 427.263408] [<ffffffff810363c7>] ? should_resched+0x5/0x23
May 14 14:14:29 172.30.1.2 [ 427.274580] [<ffffffff810f8c16>] ? do_sync_read+0xab/0xe3
May 14 14:14:29 172.30.1.2 [ 427.285578] [<ffffffff810363c7>] ? should_resched+0x5/0x23
May 14 14:14:29 172.30.1.2 [ 427.296754] [<ffffffff811626a1>] ? security_file_permission+0x16/0x2d
May 14 14:14:29 172.30.1.2 [ 427.309833] [<ffffffff810f97f8>] ? do_readv_writev+0xaf/0x11c
May 14 14:14:29 172.30.1.2 [ 427.321527] [<ffffffff8112ab7e>] ? eventfd_ctx_read+0x162/0x174
May 14 14:14:29 172.30.1.2 [ 427.333570] [<ffffffff8103f3ff>] ? try_to_wake_up+0x197/0x197
May 14 14:14:29 172.30.1.2 [ 427.345261] [<ffffffff810f99cd>] ? sys_writev+0x45/0x90
May 14 14:14:29 172.30.1.2 [ 427.355914] [<ffffffff8134e212>] ? system_call_fastpath+0x16/0x1b
May 14 14:14:29 172.30.1.2 [ 427.368297] Code:
May 14 14:14:29 172.30.1.2 53
May 14 14:14:29 172.30.1.2 48
May 14 14:14:29 172.30.1.2 89
May 14 14:14:29 172.30.1.2 fb
May 14 14:14:29 172.30.1.2 48
May 14 14:14:29 172.30.1.2 83
May 14 14:14:29 172.30.1.2 ec
May 14 14:14:29 172.30.1.2 10
May 14 14:14:29 172.30.1.2 66
May 14 14:14:29 172.30.1.2 81
May 14 14:14:29 172.30.1.2 7f
May 14 14:14:29 172.30.1.2 7e
May 14 14:14:29 172.30.1.2 08
May 14 14:14:29 172.30.1.2 06
May 14 14:14:29 172.30.1.2 4c
May 14 14:14:29 172.30.1.2 8b
May 14 14:14:29 172.30.1.2 a7
May 14 14:14:29 172.30.1.2 98
May 14 14:14:29 172.30.1.2 00
May 14 14:14:29 172.30.1.2 00
May 14 14:14:29 172.30.1.2 00
May 14 14:14:29 172.30.1.2 74
May 14 14:14:29 172.30.1.2 3d
May 14 14:14:29 172.30.1.2 e8
May 14 14:14:29 172.30.1.2 07
May 14 14:14:29 172.30.1.2 fe
May 14 14:14:29 172.30.1.2 ff
May 14 14:14:29 172.30.1.2 ff
May 14 14:14:29 172.30.1.2 66
May 14 14:14:29 172.30.1.2 3d
May 14 14:14:29 172.30.1.2 08
May 14 14:14:29 172.30.1.2 06
May 14 14:14:29 172.30.1.2 75
May 14 14:14:29 172.30.1.2 09
May 14 14:14:29 172.30.1.2 83
May 14 14:14:29 172.30.1.2 3d
May 14 14:14:29 172.30.1.2 98
May 14 14:14:29 172.30.1.2 6a
May 14 14:14:29 172.30.1.2 00
May 14 14:14:29 172.30.1.2 00
May 14 14:14:29 172.30.1.2 00
May 14 14:14:29 172.30.1.2 75
May 14 14:14:29 172.30.1.2 29
May 14 14:14:29 172.30.1.2
May 14 14:14:29 172.30.1.2 f6
May 14 14:14:29 172.30.1.2 44
May 14 14:14:29 172.30.1.2 24
May 14 14:14:29 172.30.1.2 18
May 14 14:14:29 172.30.1.2 01
May 14 14:14:29 172.30.1.2 49
May 14 14:14:29 172.30.1.2 8b
May 14 14:14:29 172.30.1.2 6c
May 14 14:14:29 172.30.1.2 24
May 14 14:14:29 172.30.1.2 08
May 14 14:14:29 172.30.1.2 74
May 14 14:14:29 172.30.1.2
May 14 14:14:29 172.30.1.2 [ 427.403992] ------------[ cut here ]------------
May 14 14:14:29 172.30.1.2 [ 427.403995] WARNING: at /build/buildd-linux-2.6_3.2.16-1-amd64-AZNfko/linux-2.6-3.2.16/debian/build/source_amd64_none/kernel/softirq.c:159 _local_bh_enable_ip.isra.11+0x3d/0x88()
May 14 14:14:29 172.30.1.2 [ 427.403998] Hardware name: PowerEdge R410
May 14 14:14:29 172.30.1.2 [ 427.403999] Modules linked in: ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 ip6table_filter ip6_tables iptable_filter ip_tables x_tables ip_vs_rr ip_vs nf_conntrack crc32c libcrc32c drbd lru_cache cn tun bridge stp virtio_net virtio_blk virtio_rng rng_core virtio_pci virtio_ring virtio kvm_intel kvm ipmi_devintf ipmi_poweroff ipmi_si ipmi_watchdog ipmi_msghandler netconsole configfs loop snd_pcm snd_page_alloc snd_timer snd i7core_edac edac_core psmouse soundcore processor joydev iTCO_wdt iTCO_vendor_support button serio_raw thermal_sys dcdbas evdev pcspkr ext3 mbcache jbd dm_mod sr_mod cdrom sd_mod ses usbhid hid enclosure crc_t10dif ata_generic uhci_hcd ata_piix ehci_hcd libata megaraid_sas usbcore bnx2 scsi_mod usb_common [last unloaded: scsi_wait_scan]
May 14 14:14:29 172.30.1.2 [ 427.404034] Pid: 3831, comm: kvm Not tainted 3.2.0-2-amd64 #1
May 14 14:14:29 172.30.1.2 [ 427.404035] Call Trace:
May 14 14:14:29 172.30.1.2 [ 427.404036] <IRQ> [<ffffffff81046811>] ? warn_slowpath_common+0x78/0x8c
May 14 14:14:29 172.30.1.2 [ 427.404043] [<ffffffff8104bd22>] ? _local_bh_enable_ip.isra.11+0x3d/0x88
May 14 14:14:29 172.30.1.2 [ 427.404049] [<ffffffffa0000748>] ? bnx2_reg_rd_ind+0x31/0x38 [bnx2]
May 14 14:14:29 172.30.1.2 [ 427.404055] [<ffffffffa00097d7>] ? bnx2_poll+0x1b7/0x1c4 [bnx2]
May 14 14:14:29 172.30.1.2 [ 427.404061] [<ffffffff8129b155>] ? netpoll_poll_dev.part.16+0x9b/0x499
May 14 14:14:29 172.30.1.2 [ 427.404065] [<ffffffff8129b66d>] ? netpoll_send_skb_on_dev+0x11a/0x201
May 14 14:14:29 172.30.1.2 [ 427.404070] [<ffffffffa024231a>] ? br_dev_xmit+0x12e/0x142 [bridge]
May 14 14:14:29 172.30.1.2 [ 427.404073] [<ffffffff8129b61e>] ? netpoll_send_skb_on_dev+0xcb/0x201
May 14 14:14:29 172.30.1.2 [ 427.404077] [<ffffffffa012225c>] ? write_msg+0x98/0xf3 [netconsole]
May 14 14:14:29 172.30.1.2 [ 427.404080] [<ffffffff8104695a>] ? __call_console_drivers+0x72/0x83
May 14 14:14:29 172.30.1.2 [ 427.404083] [<ffffffff81047026>] ? console_unlock+0x144/0x1e8
May 14 14:14:29 172.30.1.2 [ 427.404086] [<ffffffff81047549>] ? vprintk+0x396/0x3d9
May 14 14:14:29 172.30.1.2 [ 427.404092] [<ffffffffa0248342>] ? br_nf_forward_finish+0x3a/0x95 [bridge]
May 14 14:14:29 172.30.1.2 [ 427.404097] [<ffffffffa024830b>] ? br_nf_forward_finish+0x3/0x95 [bridge]
May 14 14:14:29 172.30.1.2 [ 427.404103] [<ffffffff81342c8e>] ? printk+0x43/0x48
May 14 14:14:29 172.30.1.2 [ 427.404106] [<ffffffff8100fe6a>] ? show_registers+0x1de/0x20a
May 14 14:14:29 172.30.1.2 [ 427.404112] [<ffffffff8134a11e>] ? __die+0x8b/0xc8
May 14 14:14:29 172.30.1.2 [ 427.404115] [<ffffffff8134245e>] ? no_context+0x1d6/0x20e
May 14 14:14:29 172.30.1.2 [ 427.404118] [<ffffffff81052262>] ? __mod_timer+0x139/0x14b
May 14 14:14:29 172.30.1.2 [ 427.404121] [<ffffffff8134c099>] ? do_page_fault+0x1a8/0x337
May 14 14:14:29 172.30.1.2 [ 427.404126] [<ffffffffa03e0f06>] ? ip_vs_conn_put+0x28/0x32 [ip_vs]
May 14 14:14:30 172.30.1.2 [ 427.404131] [<ffffffffa03e30e0>] ? ip_vs_out+0x2bd/0x432 [ip_vs]
May 14 14:14:30 172.30.1.2 [ 427.404134] [<ffffffff8128c0e2>] ? dev_hard_start_xmit+0x3fc/0x543
May 14 14:14:30 172.30.1.2 [ 427.404137] [<ffffffff813497f5>] ? page_fault+0x25/0x30
May 14 14:14:30 172.30.1.2 [ 427.404143] [<ffffffffa0248308>] ? nf_bridge_update_protocol+0x20/0x20 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404148] [<ffffffffa0248336>] ? br_nf_forward_finish+0x2e/0x95 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404153] [<ffffffffa0248327>] ? br_nf_forward_finish+0x1f/0x95 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404158] [<ffffffffa02486db>] ? br_parse_ip_options+0x3d/0x19a [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404164] [<ffffffffa0248a67>] ? br_nf_forward_ip+0x1c0/0x1d4 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404167] [<ffffffff812ac039>] ? nf_iterate+0x41/0x77
May 14 14:14:30 172.30.1.2 [ 427.404171] [<ffffffffa0243918>] ? __br_deliver+0xa0/0xa0 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404176] [<ffffffffa0243918>] ? __br_deliver+0xa0/0xa0 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404178] [<ffffffff812ac0d7>] ? nf_hook_slow+0x68/0x101
May 14 14:14:30 172.30.1.2 [ 427.404183] [<ffffffffa0243918>] ? __br_deliver+0xa0/0xa0 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404187] [<ffffffffa024437a>] ? NF_HOOK.constprop.4+0x56/0x56 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404192] [<ffffffffa0243918>] ? __br_deliver+0xa0/0xa0 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404196] [<ffffffffa024385e>] ? NF_HOOK.constprop.8+0x3c/0x56 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404200] [<ffffffffa02439f2>] ? br_forward+0x16/0x5a [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404205] [<ffffffffa024451b>] ? br_handle_frame_finish+0x1a1/0x20f [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404210] [<ffffffffa02485ff>] ? br_nf_pre_routing_finish+0x1d0/0x1dd [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404215] [<ffffffffa0247ff0>] ? NF_HOOK_THRESH+0x3b/0x55 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404221] [<ffffffffa0248f58>] ? br_nf_pre_routing+0x3e8/0x3f5 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404223] [<ffffffff812ac039>] ? nf_iterate+0x41/0x77
May 14 14:14:30 172.30.1.2 [ 427.404226] [<ffffffff8128ad1d>] ? netif_receive_skb+0x63/0x69
May 14 14:14:30 172.30.1.2 [ 427.404229] [<ffffffff8128b1ef>] ? napi_gro_receive+0x1d/0x2b
May 14 14:14:30 172.30.1.2 [ 427.404234] [<ffffffffa024437a>] ? NF_HOOK.constprop.4+0x56/0x56 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404237] [<ffffffff812ac0d7>] ? nf_hook_slow+0x68/0x101
May 14 14:14:30 172.30.1.2 [ 427.404241] [<ffffffffa024437a>] ? NF_HOOK.constprop.4+0x56/0x56 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404246] [<ffffffffa024437a>] ? NF_HOOK.constprop.4+0x56/0x56 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404251] [<ffffffffa0244360>] ? NF_HOOK.constprop.4+0x3c/0x56 [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404254] [<ffffffff810135ad>] ? paravirt_read_tsc+0x5/0x8
May 14 14:14:30 172.30.1.2 [ 427.404256] [<ffffffff81013622>] ? read_tsc+0x5/0x14
May 14 14:14:30 172.30.1.2 [ 427.404261] [<ffffffffa024473c>] ? br_handle_frame+0x1b3/0x1cb [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404265] [<ffffffffa0244589>] ? br_handle_frame_finish+0x20f/0x20f [bridge]
May 14 14:14:30 172.30.1.2 [ 427.404269] [<ffffffff812892c0>] ? __netif_receive_skb+0x324/0x41f
May 14 14:14:30 172.30.1.2 [ 427.404272] [<ffffffff81289427>] ? process_backlog+0x6c/0x123
May 14 14:14:30 172.30.1.2 [ 427.404275] [<ffffffff8128b30d>] ? net_rx_action+0xa1/0x1af
May 14 14:14:30 172.30.1.2 [ 427.404277] [<ffffffff81036fab>] ? test_tsk_need_resched+0xa/0x13
May 14 14:14:30 172.30.1.2 [ 427.404280] [<ffffffff8104be30>] ? __do_softirq+0xb9/0x177
May 14 14:14:30 172.30.1.2 [ 427.404283] [<ffffffff8135046c>] ? call_softirq+0x1c/0x30
May 14 14:14:30 172.30.1.2 [ 427.404285] <EOI> [<ffffffff8100f8e5>] ? do_softirq+0x3c/0x7b
May 14 14:14:30 172.30.1.2 [ 427.404289] [<ffffffff8128b5fd>] ? netif_rx_ni+0x1e/0x27
May 14 14:14:30 172.30.1.2 [ 427.404292] [<ffffffffa02a7721>] ? tun_get_user+0x39a/0x3c2 [tun]
May 14 14:14:30 172.30.1.2 [ 427.404296] [<ffffffffa02a7a66>] ? tun_chr_poll+0xcd/0xcd [tun]
May 14 14:14:30 172.30.1.2 [ 427.404299] [<ffffffffa02a7ac4>] ? tun_chr_aio_write+0x5e/0x79 [tun]
May 14 14:14:30 172.30.1.2 [ 427.404302] [<ffffffff810f9594>] ? do_sync_readv_writev+0x9a/0xd7
May 14 14:14:30 172.30.1.2 [ 427.404305] [<ffffffff810363c7>] ? should_resched+0x5/0x23
May 14 14:14:30 172.30.1.2 [ 427.404307] [<ffffffff810f8c16>] ? do_sync_read+0xab/0xe3
May 14 14:14:30 172.30.1.2 [ 427.404310] [<ffffffff810363c7>] ? should_resched+0x5/0x23
May 14 14:14:30 172.30.1.2 [ 427.404313] [<ffffffff811626a1>] ? security_file_permission+0x16/0x2d
May 14 14:14:30 172.30.1.2 [ 427.404316] [<ffffffff810f97f8>] ? do_readv_writev+0xaf/0x11c
May 14 14:14:30 172.30.1.2 [ 427.404319] [<ffffffff8112ab7e>] ? eventfd_ctx_read+0x162/0x174
May 14 14:14:30 172.30.1.2 [ 427.404322] [<ffffffff8103f3ff>] ? try_to_wake_up+0x197/0x197
May 14 14:14:30 172.30.1.2 [ 427.404325] [<ffffffff810f99cd>] ? sys_writev+0x45/0x90
May 14 14:14:30 172.30.1.2 [ 427.404327] [<ffffffff8134e212>] ? system_call_fastpath+0x16/0x1b
May 14 14:14:30 172.30.1.2 [ 427.404329] ---[ end trace 438338d42c34dda1 ]---
May 14 14:14:30 172.30.1.2 [ 428.546182] 12
May 14 14:14:30 172.30.1.2 8a
May 14 14:14:30 172.30.1.2 43
May 14 14:14:30 172.30.1.2 7d
May 14 14:14:30 172.30.1.2 83
May 14 14:14:30 172.30.1.2 e0
May 14 14:14:30 172.30.1.2 f8
May 14 14:14:30 172.30.1.2 83
May 14 14:14:30 172.30.1.2 c8
May 14 14:14:30 172.30.1.2
May 14 14:14:30 172.30.1.2 [ 428.554377] RIP
May 14 14:14:30 172.30.1.2 [ 428.568728] RSP <ffff88042fc03b18>
May 14 14:14:30 172.30.1.2 [ 428.575736] CR2: 0000000000000018
May 14 14:14:30 172.30.1.2 [ 428.582882] ---[ end trace 438338d42c34dda2 ]---
May 14 14:14:30 172.30.1.2 [ 428.597671] Kernel panic - not syncing: Fatal exception in interrupt
May 14 14:14:30 172.30.1.2 [ 428.610756] Pid: 3831, comm: kvm Tainted: G D W 3.2.0-2-amd64 #1
May 14 14:14:30 172.30.1.2 [ 428.624515] Call Trace:
May 14 14:14:30 172.30.1.2 [ 428.629824] <IRQ>
May 14 14:14:30 172.30.1.2 [ 428.641612] [<ffffffff8134a086>] ? oops_end+0xa9/0xb6
May 14 14:14:30 172.30.1.2 [ 428.652191] [<ffffffff81342487>] ? no_context+0x1ff/0x20e
May 14 14:14:30 172.30.1.2 [ 428.663450] [<ffffffff81052262>] ? __mod_timer+0x139/0x14b
May 14 14:14:30 172.30.1.2 [ 428.674900] [<ffffffff8134c099>] ? do_page_fault+0x1a8/0x337
May 14 14:14:30 172.30.1.2 [ 428.686700] [<ffffffffa03e0f06>] ? ip_vs_conn_put+0x28/0x32 [ip_vs]
May 14 14:14:30 172.30.1.2 [ 428.699763] [<ffffffffa03e30e0>] ? ip_vs_out+0x2bd/0x432 [ip_vs]
May 14 14:14:30 172.30.1.2 [ 428.712251] [<ffffffff8128c0e2>] ? dev_hard_start_xmit+0x3fc/0x543
May 14 14:14:30 172.30.1.2 [ 428.725155] [<ffffffff813497f5>] ? page_fault+0x25/0x30
May 14 14:14:30 172.30.1.2 [ 428.736101] [<ffffffffa0248308>] ? nf_bridge_update_protocol+0x20/0x20 [bridge]
May 14 14:14:30 172.30.1.2 [ 428.751403] [<ffffffffa0248336>] ? br_nf_forward_finish+0x2e/0x95 [bridge]
May 14 14:14:30 172.30.1.2 [ 428.765714] [<ffffffffa0248327>] ? br_nf_forward_finish+0x1f/0x95 [bridge]
May 14 14:14:30 172.30.1.2 [ 428.779943] [<ffffffffa02486db>] ? br_parse_ip_options+0x3d/0x19a [bridge]
May 14 14:14:30 172.30.1.2 [ 428.794381] [<ffffffffa0248a67>] ? br_nf_forward_ip+0x1c0/0x1d4 [bridge]
May 14 14:14:30 172.30.1.2 [ 428.808378] [<ffffffff812ac039>] ? nf_iterate+0x41/0x77
May 14 14:14:30 172.30.1.2 [ 428.819313] [<ffffffffa0243918>] ? __br_deliver+0xa0/0xa0 [bridge]
May 14 14:14:30 172.30.1.2 [ 428.832151] [<ffffffffa0243918>] ? __br_deliver+0xa0/0xa0 [bridge]
May 14 14:14:30 172.30.1.2 [ 428.845076] [<ffffffff812ac0d7>] ? nf_hook_slow+0x68/0x101
May 14 14:14:30 172.30.1.2 [ 428.856526] [<ffffffffa0243918>] ? __br_deliver+0xa0/0xa0 [bridge]
May 14 14:14:31 172.30.1.2 [ 428.869365] [<ffffffffa024437a>] ? NF_HOOK.constprop.4+0x56/0x56 [bridge]
May 14 14:14:31 172.30.1.2 [ 428.883411] [<ffffffffa0243918>] ? __br_deliver+0xa0/0xa0 [bridge]
May 14 14:14:31 172.30.1.2 [ 428.896251] [<ffffffffa024385e>] ? NF_HOOK.constprop.8+0x3c/0x56 [bridge]
May 14 14:14:31 172.30.1.2 [ 428.910400] [<ffffffffa02439f2>] ? br_forward+0x16/0x5a [bridge]
May 14 14:14:31 172.30.1.2 [ 428.922898] [<ffffffffa024451b>] ? br_handle_frame_finish+0x1a1/0x20f [bridge]
May 14 14:14:31 172.30.1.2 [ 428.937870] [<ffffffffa02485ff>] ? br_nf_pre_routing_finish+0x1d0/0x1dd [bridge]
May 14 14:14:31 172.30.1.2 [ 428.953341] [<ffffffffa0247ff0>] ? NF_HOOK_THRESH+0x3b/0x55 [bridge]
May 14 14:14:31 172.30.1.2 [ 428.966524] [<ffffffffa0248f58>] ? br_nf_pre_routing+0x3e8/0x3f5 [bridge]
May 14 14:14:31 172.30.1.2 [ 428.980827] [<ffffffff812ac039>] ? nf_iterate+0x41/0x77
May 14 14:14:31 172.30.1.2 [ 428.991795] [<ffffffff8128ad1d>] ? netif_receive_skb+0x63/0x69
May 14 14:14:31 172.30.1.2 [ 429.003984] [<ffffffff8128b1ef>] ? napi_gro_receive+0x1d/0x2b
May 14 14:14:31 172.30.1.2 [ 429.016105] [<ffffffffa024437a>] ? NF_HOOK.constprop.4+0x56/0x56 [bridge]
May 14 14:14:31 172.30.1.2 [ 429.030151] [<ffffffff812ac0d7>] ? nf_hook_slow+0x68/0x101
May 14 14:14:31 172.30.1.2 [ 429.041651] [<ffffffffa024437a>] ? NF_HOOK.constprop.4+0x56/0x56 [bridge]
May 14 14:14:31 172.30.1.2 [ 429.055762] [<ffffffffa024437a>] ? NF_HOOK.constprop.4+0x56/0x56 [bridge]
May 14 14:14:31 172.30.1.2 [ 429.069893] [<ffffffffa0244360>] ? NF_HOOK.constprop.4+0x3c/0x56 [bridge]
May 14 14:14:31 172.30.1.2 [ 429.084064] [<ffffffff810135ad>] ? paravirt_read_tsc+0x5/0x8
May 14 14:14:31 172.30.1.2 [ 429.095991] [<ffffffff81013622>] ? read_tsc+0x5/0x14
May 14 14:14:31 172.30.1.2 [ 429.106499] [<ffffffffa024473c>] ? br_handle_frame+0x1b3/0x1cb [bridge]
May 14 14:14:31 172.30.1.2 [ 429.120298] [<ffffffffa0244589>] ? br_handle_frame_finish+0x20f/0x20f [bridge]
May 14 14:14:31 172.30.1.2 [ 429.135325] [<ffffffff812892c0>] ? __netif_receive_skb+0x324/0x41f
May 14 14:14:31 172.30.1.2 [ 429.148167] [<ffffffff81289427>] ? process_backlog+0x6c/0x123
May 14 14:14:31 172.30.1.2 [ 429.160129] [<ffffffff8128b30d>] ? net_rx_action+0xa1/0x1af
May 14 14:14:31 172.30.1.2 [ 429.171840] [<ffffffff81036fab>] ? test_tsk_need_resched+0xa/0x13
May 14 14:14:31 172.30.1.2 [ 429.184495] [<ffffffff8104be30>] ? __do_softirq+0xb9/0x177
May 14 14:14:31 172.30.1.2 [ 429.195945] [<ffffffff8135046c>] ? call_softirq+0x1c/0x30
May 14 14:14:31 172.30.1.2 [ 429.207337] <EOI>
May 14 14:14:31 172.30.1.2 [ 429.219918] [<ffffffff8128b5fd>] ? netif_rx_ni+0x1e/0x27
May 14 14:14:31 172.30.1.2 [ 429.231115] [<ffffffffa02a7721>] ? tun_get_user+0x39a/0x3c2 [tun]
May 14 14:14:31 172.30.1.2 [ 429.243773] [<ffffffffa02a7a66>] ? tun_chr_poll+0xcd/0xcd [tun]
May 14 14:14:31 172.30.1.2 [ 429.256130] [<ffffffffa02a7ac4>] ? tun_chr_aio_write+0x5e/0x79 [tun]
May 14 14:14:31 172.30.1.2 [ 429.269368] [<ffffffff810f9594>] ? do_sync_readv_writev+0x9a/0xd7
May 14 14:14:31 172.30.1.2 [ 429.282027] [<ffffffff810363c7>] ? should_resched+0x5/0x23
May 14 14:14:31 172.30.1.2 [ 429.293475] [<ffffffff810f8c16>] ? do_sync_read+0xab/0xe3
May 14 14:14:31 172.30.1.2 [ 429.304745] [<ffffffff810363c7>] ? should_resched+0x5/0x23
May 14 14:14:31 172.30.1.2 [ 429.316190] [<ffffffff811626a1>] ? security_file_permission+0x16/0x2d
May 14 14:14:31 172.30.1.2 [ 429.329545] [<ffffffff810f97f8>] ? do_readv_writev+0xaf/0x11c
May 14 14:14:31 172.30.1.2 [ 429.341562] [<ffffffff8112ab7e>] ? eventfd_ctx_read+0x162/0x174
May 14 14:14:31 172.30.1.2 [ 429.353976] [<ffffffff8103f3ff>] ? try_to_wake_up+0x197/0x197
May 14 14:14:31 172.30.1.2 [ 429.365984] [<ffffffff810f99cd>] ? sys_writev+0x45/0x90
May 14 14:14:31 172.30.1.2 [ 429.377080] [<ffffffff8134e212>] ? system_call_fastpath+0x16/0x1b
^ permalink raw reply
* Re: [PATCH] ipv6: fix incorrect ipsec transport mode fragment
From: Steffen Klassert @ 2012-05-14 13:05 UTC (permalink / raw)
To: Gao feng; +Cc: netdev, davem, lw
In-Reply-To: <1336965660-14201-1-git-send-email-gaofeng@cn.fujitsu.com>
On Mon, May 14, 2012 at 11:21:00AM +0800, Gao feng wrote:
> Since commit 299b0767(ipv6: Fix IPsec slowpath fragmentation problem)
> the fragment of ipsec transport mode packets is incorrect.
> because tunnel mode needs IPsec headers and trailer for all fragments,
> while on transport mode it is sufficient to add the headers to the
> first fragment and the trailer to the last.
I mentioned this in an other thread some time ago,
this is due to commit ad0081e43a
"ipv6: Fragment locally generated tunnel-mode IPSec6 packets as needed"
changed tunnel mode to do fragmentation before the transformation
while transport mode still does fragmentation after transformation.
Now, tunnel mode needs IPsec headers and trailer for all fragments,
while on transport mode it is sufficient to add the headers to the
first fragment and the trailer to the last.
>
> so modify mtu and maxfraglen base on ipsec mode and if fragment is first
> or last.
There might be other opinions, but I don't like to see this IPsec mode
dependent stuff hacked into the generic ipv6 output path.
Basically we have two cases. One where we have to add rt->dst.header_len
to the first fragment and rt->dst.trailer_len to the last fragment,
and the other where we have to add both to all fragments. So perhaps we
could isolate this code and create two functions, one for each case.
>
> with my test,it work well and does not trigger slow fragment path.
>
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
> net/ipv6/ip6_output.c | 80 +++++++++++++++++++++++++++++++++++++-----------
> 1 files changed, 61 insertions(+), 19 deletions(-)
>
> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
> index b7ca461..9416887 100644
> --- a/net/ipv6/ip6_output.c
> +++ b/net/ipv6/ip6_output.c
> @@ -1191,19 +1191,23 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
> struct ipv6_pinfo *np = inet6_sk(sk);
> struct inet_cork *cork;
> struct sk_buff *skb;
> - unsigned int maxfraglen, fragheaderlen;
> + unsigned int maxfraglen, maxfraglen_prev, fragheaderlen;
> int exthdrlen;
> int dst_exthdrlen;
> int hh_len;
> - int mtu;
> + int mtu, mtu_prev;
> int copy;
> int err;
> int offset = 0;
> int csummode = CHECKSUM_NONE;
> __u8 tx_flags = 0;
> -
> + bool transport_mode = false;
> + struct xfrm_state *x = rt->dst.xfrm;
> if (flags&MSG_PROBE)
> return 0;
> + if (x && x->props.mode == XFRM_MODE_TRANSPORT)
> + transport_mode = true;
> +
Btw. beet mode should behave like transport mode here, just tunnel
mode was changed to do fragmentation before the transformation.
^ permalink raw reply
* [PATCH] netfilter: xt_HMARK: endian bugs
From: Hans Schillstrom @ 2012-05-14 13:42 UTC (permalink / raw)
To: pablo, kaber, jengelh, netfilter-devel, netdev, dan.carpenter
Cc: hans, Hans Schillstrom
A mix of u32 and __be32 causes endian warning.
Switch to __be32 and __be16 for addresses and ports.
Added (__force u32) at some places.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com>
---
include/linux/netfilter/xt_HMARK.h | 4 ++--
net/netfilter/xt_HMARK.c | 35 ++++++++++++++++++-----------------
2 files changed, 20 insertions(+), 19 deletions(-)
diff --git a/include/linux/netfilter/xt_HMARK.h b/include/linux/netfilter/xt_HMARK.h
index abb1650..e2af67e 100644
--- a/include/linux/netfilter/xt_HMARK.h
+++ b/include/linux/netfilter/xt_HMARK.h
@@ -24,8 +24,8 @@ enum {
union hmark_ports {
struct {
- __u16 src;
- __u16 dst;
+ __be16 src;
+ __be16 dst;
} p16;
__u32 v32;
};
diff --git a/net/netfilter/xt_HMARK.c b/net/netfilter/xt_HMARK.c
index 32fbd73..38ed442 100644
--- a/net/netfilter/xt_HMARK.c
+++ b/net/netfilter/xt_HMARK.c
@@ -32,13 +32,13 @@ MODULE_ALIAS("ipt_HMARK");
MODULE_ALIAS("ip6t_HMARK");
struct hmark_tuple {
- u32 src;
- u32 dst;
+ __be32 src;
+ __be32 dst;
union hmark_ports uports;
uint8_t proto;
};
-static inline u32 hmark_addr6_mask(const __u32 *addr32, const __u32 *mask)
+static inline __be32 hmark_addr6_mask(const __be32 *addr32, const __be32 *mask)
{
return (addr32[0] & mask[0]) ^
(addr32[1] & mask[1]) ^
@@ -46,8 +46,8 @@ static inline u32 hmark_addr6_mask(const __u32 *addr32, const __u32 *mask)
(addr32[3] & mask[3]);
}
-static inline u32
-hmark_addr_mask(int l3num, const __u32 *addr32, const __u32 *mask)
+static inline __be32
+hmark_addr_mask(int l3num, const __be32 *addr32, const __be32 *mask)
{
switch (l3num) {
case AF_INET:
@@ -74,10 +74,10 @@ hmark_ct_set_htuple(const struct sk_buff *skb, struct hmark_tuple *t,
otuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
rtuple = &ct->tuplehash[IP_CT_DIR_REPLY].tuple;
- t->src = hmark_addr_mask(otuple->src.l3num, otuple->src.u3.all,
- info->src_mask.all);
- t->dst = hmark_addr_mask(otuple->src.l3num, rtuple->src.u3.all,
- info->dst_mask.all);
+ t->src = hmark_addr_mask(otuple->src.l3num, otuple->src.u3.ip6,
+ info->src_mask.ip6);
+ t->dst = hmark_addr_mask(otuple->src.l3num, rtuple->src.u3.ip6,
+ info->dst_mask.ip6);
if (info->flags & XT_HMARK_FLAG(XT_HMARK_METHOD_L3))
return 0;
@@ -88,7 +88,7 @@ hmark_ct_set_htuple(const struct sk_buff *skb, struct hmark_tuple *t,
t->uports.p16.dst = rtuple->src.u.all;
t->uports.v32 = (t->uports.v32 & info->port_mask.v32) |
info->port_set.v32;
- if (t->uports.p16.dst < t->uports.p16.src)
+ if (ntohs(t->uports.p16.dst) < ntohs(t->uports.p16.src))
swap(t->uports.p16.dst, t->uports.p16.src);
}
@@ -103,10 +103,11 @@ hmark_hash(struct hmark_tuple *t, const struct xt_hmark_info *info)
{
u32 hash;
- if (t->dst < t->src)
+ if (ntohl(t->dst) < ntohl(t->src))
swap(t->src, t->dst);
- hash = jhash_3words(t->src, t->dst, t->uports.v32, info->hashrnd);
+ hash = jhash_3words((__force u32) t->src, (__force u32) t->dst,
+ t->uports.v32, info->hashrnd);
hash = hash ^ (t->proto & info->proto_mask);
return (hash % info->hmodulus) + info->hoffset;
@@ -129,7 +130,7 @@ hmark_set_tuple_ports(const struct sk_buff *skb, unsigned int nhoff,
t->uports.v32 = (t->uports.v32 & info->port_mask.v32) |
info->port_set.v32;
- if (t->uports.p16.dst < t->uports.p16.src)
+ if (ntohs(t->uports.p16.dst) < ntohs(t->uports.p16.src))
swap(t->uports.p16.dst, t->uports.p16.src);
}
@@ -178,8 +179,8 @@ hmark_pkt_set_htuple_ipv6(const struct sk_buff *skb, struct hmark_tuple *t,
return -1;
}
noicmp:
- t->src = hmark_addr6_mask(ip6->saddr.s6_addr32, info->src_mask.all);
- t->dst = hmark_addr6_mask(ip6->daddr.s6_addr32, info->dst_mask.all);
+ t->src = hmark_addr6_mask(ip6->saddr.s6_addr32, info->src_mask.ip6);
+ t->dst = hmark_addr6_mask(ip6->daddr.s6_addr32, info->dst_mask.ip6);
if (info->flags & XT_HMARK_FLAG(XT_HMARK_METHOD_L3))
return 0;
@@ -255,8 +256,8 @@ hmark_pkt_set_htuple_ipv4(const struct sk_buff *skb, struct hmark_tuple *t,
}
}
- t->src = (__force u32) ip->saddr;
- t->dst = (__force u32) ip->daddr;
+ t->src = ip->saddr;
+ t->dst = ip->daddr;
t->src &= info->src_mask.ip;
t->dst &= info->dst_mask.ip;
--
1.7.2.3
^ permalink raw reply related
* [RFC PATCH v2 4/7] dmaengine: enhance network subsystem to support DMA device hotplug
From: Jiang Liu @ 2012-05-14 13:47 UTC (permalink / raw)
To: Dan Williams, Maciej Sosnowski, Vinod Koul
Cc: Jiang Liu, Keping Chen, linux-kernel, linux-pci, David S. Miller,
Alexey Kuznetsov, James Morris, Hideaki YOSHIFUJI,
Patrick McHardy, netdev, Jiang Liu
In-Reply-To: <1337003229-9158-1-git-send-email-jiang.liu@huawei.com>
From: Jiang Liu <jiang.liu@huawei.com>
Enhance network subsystem to correctly update DMA channel reference counts,
so it won't break DMA device hotplug logic.
Signed-off-by: Jiang Liu <liuj97@gmail.com>
---
include/net/netdma.h | 26 ++++++++++++++++++++++++++
net/ipv4/tcp.c | 10 +++-------
net/ipv4/tcp_input.c | 5 +----
net/ipv4/tcp_ipv4.c | 4 +---
net/ipv6/tcp_ipv6.c | 4 +---
5 files changed, 32 insertions(+), 17 deletions(-)
diff --git a/include/net/netdma.h b/include/net/netdma.h
index 8ba8ce2..6d71724 100644
--- a/include/net/netdma.h
+++ b/include/net/netdma.h
@@ -24,6 +24,32 @@
#include <linux/dmaengine.h>
#include <linux/skbuff.h>
+static inline bool
+net_dma_capable(void)
+{
+ struct dma_chan *chan = net_dma_find_channel();
+ dma_put_channel(chan);
+
+ return !!chan;
+}
+
+static inline struct dma_chan *
+net_dma_get_channel(struct tcp_sock *tp)
+{
+ if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
+ tp->ucopy.dma_chan = net_dma_find_channel();
+ return tp->ucopy.dma_chan;
+}
+
+static inline void
+net_dma_put_channel(struct tcp_sock *tp)
+{
+ if (tp->ucopy.dma_chan) {
+ dma_put_channel(tp->ucopy.dma_chan);
+ tp->ucopy.dma_chan = NULL;
+ }
+}
+
int dma_skb_copy_datagram_iovec(struct dma_chan* chan,
struct sk_buff *skb, int offset, struct iovec *to,
size_t len, struct dma_pinned_list *pinned_list);
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 8bb6ade..aea4032 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1451,8 +1451,7 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
available = TCP_SKB_CB(skb)->seq + skb->len - (*seq);
if ((available < target) &&
(len > sysctl_tcp_dma_copybreak) && !(flags & MSG_PEEK) &&
- !sysctl_tcp_low_latency &&
- net_dma_find_channel()) {
+ !sysctl_tcp_low_latency && net_dma_capable()) {
preempt_enable_no_resched();
tp->ucopy.pinned_list =
dma_pin_iovec_pages(msg->msg_iov, len);
@@ -1666,10 +1665,7 @@ do_prequeue:
if (!(flags & MSG_TRUNC)) {
#ifdef CONFIG_NET_DMA
- if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
- tp->ucopy.dma_chan = net_dma_find_channel();
-
- if (tp->ucopy.dma_chan) {
+ if (net_dma_get_channel(tp)) {
tp->ucopy.dma_cookie = dma_skb_copy_datagram_iovec(
tp->ucopy.dma_chan, skb, offset,
msg->msg_iov, used,
@@ -1758,7 +1754,7 @@ skip_copy:
#ifdef CONFIG_NET_DMA
tcp_service_net_dma(sk, true); /* Wait for queue to drain */
- tp->ucopy.dma_chan = NULL;
+ net_dma_put_channel(tp);
if (tp->ucopy.pinned_list) {
dma_unpin_iovec_pages(tp->ucopy.pinned_list);
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 9944c1d..3878916 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5227,10 +5227,7 @@ static int tcp_dma_try_early_copy(struct sock *sk, struct sk_buff *skb,
if (tp->ucopy.wakeup)
return 0;
- if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
- tp->ucopy.dma_chan = net_dma_find_channel();
-
- if (tp->ucopy.dma_chan && skb_csum_unnecessary(skb)) {
+ if (net_dma_get_channel(tp) && skb_csum_unnecessary(skb)) {
dma_cookie = dma_skb_copy_datagram_iovec(tp->ucopy.dma_chan,
skb, hlen,
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 0cb86ce..90ea1c0 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1729,9 +1729,7 @@ process:
if (!sock_owned_by_user(sk)) {
#ifdef CONFIG_NET_DMA
struct tcp_sock *tp = tcp_sk(sk);
- if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
- tp->ucopy.dma_chan = net_dma_find_channel();
- if (tp->ucopy.dma_chan)
+ if (net_dma_get_channel(tp))
ret = tcp_v4_do_rcv(sk, skb);
else
#endif
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 86cfe60..fb81bbd 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1644,9 +1644,7 @@ process:
if (!sock_owned_by_user(sk)) {
#ifdef CONFIG_NET_DMA
struct tcp_sock *tp = tcp_sk(sk);
- if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
- tp->ucopy.dma_chan = net_dma_find_channel();
- if (tp->ucopy.dma_chan)
+ if (net_dma_get_channel(tp))
ret = tcp_v6_do_rcv(sk, skb);
else
#endif
--
1.7.9.5
^ permalink raw reply related
* [PATCH 1/6] netfilter: sanity checks on NFPROTO_NUMPROTO
From: Alban Crequy @ 2012-05-14 13:56 UTC (permalink / raw)
To: Pablo Neira Ayuso, Patrick McHardy
Cc: Vincent Sanders, Javier Martinez Canillas, netfilter-devel,
netdev, Alban Crequy
With the NFPROTO_* constants introduced by commit 7e9c6e ("netfilter: Introduce
NFPROTO_* constants"), it is too easy to confuse PF_* and NFPROTO_* constants
in new protocols.
Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
Reviewed-by: Vincent Sanders <vincent.sanders@collabora.co.uk>
---
net/netfilter/core.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index e1b7e05..4f16552 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -67,6 +67,11 @@ int nf_register_hook(struct nf_hook_ops *reg)
struct nf_hook_ops *elem;
int err;
+ if (reg->pf >= NFPROTO_NUMPROTO || reg->hooknum >= NF_MAX_HOOKS) {
+ BUG();
+ return 1;
+ }
+
err = mutex_lock_interruptible(&nf_hook_mutex);
if (err < 0)
return err;
--
1.7.2.5
^ permalink raw reply related
* [PATCH 2/6] netfilter: decnet: switch hook PFs to nfproto
From: Alban Crequy @ 2012-05-14 13:56 UTC (permalink / raw)
To: Pablo Neira Ayuso, Patrick McHardy
Cc: Vincent Sanders, Javier Martinez Canillas, netfilter-devel,
netdev, Alban Crequy
In-Reply-To: <1337003799-2517-1-git-send-email-alban.crequy@collabora.co.uk>
NFPROTO_* constants were usually equal to PF_* constants but it is not
necessary and it will waste less memory if we don't do so (see commit 7e9c6e
"netfilter: Introduce NFPROTO_* constants")
Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
Reviewed-by: Vincent Sanders <vincent.sanders@collabora.co.uk>
---
net/decnet/netfilter/dn_rtmsg.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c
index 1531135..7fb7250 100644
--- a/net/decnet/netfilter/dn_rtmsg.c
+++ b/net/decnet/netfilter/dn_rtmsg.c
@@ -118,7 +118,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
static struct nf_hook_ops dnrmg_ops __read_mostly = {
.hook = dnrmg_hook,
- .pf = PF_DECnet,
+ .pf = NFPROTO_DECNET,
.hooknum = NF_DN_ROUTE,
.priority = NF_DN_PRI_DNRTMSG,
};
--
1.7.2.5
^ permalink raw reply related
* [PATCH 3/6] netfilter: bridge: switch hook PFs to nfproto
From: Alban Crequy @ 2012-05-14 13:56 UTC (permalink / raw)
To: Pablo Neira Ayuso, Patrick McHardy
Cc: Vincent Sanders, Javier Martinez Canillas, netfilter-devel,
netdev, Alban Crequy
In-Reply-To: <1337003799-2517-1-git-send-email-alban.crequy@collabora.co.uk>
NFPROTO_* constants were usually equal to PF_* constants but it is not
necessary and it will waste less memory if we don't do so (see commit 7e9c6e
"netfilter: Introduce NFPROTO_* constants")
Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
Reviewed-by: Vincent Sanders <vincent.sanders@collabora.co.uk>
---
net/bridge/br_netfilter.c | 28 ++++++++++++++--------------
1 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index d7f49b6..b8ba7d6 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -749,9 +749,9 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb,
return NF_DROP;
if (IS_IP(skb) || IS_VLAN_IP(skb) || IS_PPPOE_IP(skb))
- pf = PF_INET;
+ pf = NFPROTO_IPV4;
else if (IS_IPV6(skb) || IS_VLAN_IPV6(skb) || IS_PPPOE_IPV6(skb))
- pf = PF_INET6;
+ pf = NFPROTO_IPV6;
else
return NF_ACCEPT;
@@ -763,13 +763,13 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb,
nf_bridge->mask |= BRNF_PKT_TYPE;
}
- if (pf == PF_INET && br_parse_ip_options(skb))
+ if (pf == NFPROTO_IPV4 && br_parse_ip_options(skb))
return NF_DROP;
/* The physdev module checks on this */
nf_bridge->mask |= BRNF_BRIDGED;
nf_bridge->physoutdev = skb->dev;
- if (pf == PF_INET)
+ if (pf == NFPROTO_IPV4)
skb->protocol = htons(ETH_P_IP);
else
skb->protocol = htons(ETH_P_IPV6);
@@ -856,9 +856,9 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
return NF_DROP;
if (IS_IP(skb) || IS_VLAN_IP(skb) || IS_PPPOE_IP(skb))
- pf = PF_INET;
+ pf = NFPROTO_IPV4;
else if (IS_IPV6(skb) || IS_VLAN_IPV6(skb) || IS_PPPOE_IPV6(skb))
- pf = PF_INET6;
+ pf = NFPROTO_IPV6;
else
return NF_ACCEPT;
@@ -871,7 +871,7 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
nf_bridge_pull_encap_header(skb);
nf_bridge_save_header(skb);
- if (pf == PF_INET)
+ if (pf == NFPROTO_IPV4)
skb->protocol = htons(ETH_P_IP);
else
skb->protocol = htons(ETH_P_IPV6);
@@ -904,49 +904,49 @@ static struct nf_hook_ops br_nf_ops[] __read_mostly = {
{
.hook = br_nf_pre_routing,
.owner = THIS_MODULE,
- .pf = PF_BRIDGE,
+ .pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_PRE_ROUTING,
.priority = NF_BR_PRI_BRNF,
},
{
.hook = br_nf_local_in,
.owner = THIS_MODULE,
- .pf = PF_BRIDGE,
+ .pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_LOCAL_IN,
.priority = NF_BR_PRI_BRNF,
},
{
.hook = br_nf_forward_ip,
.owner = THIS_MODULE,
- .pf = PF_BRIDGE,
+ .pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_FORWARD,
.priority = NF_BR_PRI_BRNF - 1,
},
{
.hook = br_nf_forward_arp,
.owner = THIS_MODULE,
- .pf = PF_BRIDGE,
+ .pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_FORWARD,
.priority = NF_BR_PRI_BRNF,
},
{
.hook = br_nf_post_routing,
.owner = THIS_MODULE,
- .pf = PF_BRIDGE,
+ .pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_POST_ROUTING,
.priority = NF_BR_PRI_LAST,
},
{
.hook = ip_sabotage_in,
.owner = THIS_MODULE,
- .pf = PF_INET,
+ .pf = NFPROTO_IPV4,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP_PRI_FIRST,
},
{
.hook = ip_sabotage_in,
.owner = THIS_MODULE,
- .pf = PF_INET6,
+ .pf = NFPROTO_IPV6,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP6_PRI_FIRST,
},
--
1.7.2.5
^ permalink raw reply related
* [PATCH 4/6] netfilter: ipv4, defrag: switch hook PFs to nfproto
From: Alban Crequy @ 2012-05-14 13:56 UTC (permalink / raw)
To: Pablo Neira Ayuso, Patrick McHardy
Cc: Vincent Sanders, Javier Martinez Canillas, netfilter-devel,
netdev, Alban Crequy
In-Reply-To: <1337003799-2517-1-git-send-email-alban.crequy@collabora.co.uk>
NFPROTO_* constants were usually equal to PF_* constants but it is not
necessary and it will waste less memory if we don't do so (see commit 7e9c6e
"netfilter: Introduce NFPROTO_* constants")
Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
Reviewed-by: Vincent Sanders <vincent.sanders@collabora.co.uk>
---
net/ipv4/netfilter/nf_defrag_ipv4.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c
index 9bb1b8a..7428155 100644
--- a/net/ipv4/netfilter/nf_defrag_ipv4.c
+++ b/net/ipv4/netfilter/nf_defrag_ipv4.c
@@ -94,14 +94,14 @@ static struct nf_hook_ops ipv4_defrag_ops[] = {
{
.hook = ipv4_conntrack_defrag,
.owner = THIS_MODULE,
- .pf = PF_INET,
+ .pf = NFPROTO_IPV4,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP_PRI_CONNTRACK_DEFRAG,
},
{
.hook = ipv4_conntrack_defrag,
.owner = THIS_MODULE,
- .pf = PF_INET,
+ .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_CONNTRACK_DEFRAG,
},
--
1.7.2.5
^ permalink raw reply related
* [PATCH 5/6] netfilter: ipvs: switch hook PFs to nfproto
From: Alban Crequy @ 2012-05-14 13:56 UTC (permalink / raw)
To: Pablo Neira Ayuso, Patrick McHardy
Cc: Vincent Sanders, Javier Martinez Canillas, netfilter-devel,
netdev, Alban Crequy
In-Reply-To: <1337003799-2517-1-git-send-email-alban.crequy@collabora.co.uk>
NFPROTO_* constants were usually equal to PF_* constants but it is not
necessary and it will waste less memory if we don't do so (see commit 7e9c6e
"netfilter: Introduce NFPROTO_* constants")
Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
Reviewed-by: Vincent Sanders <vincent.sanders@collabora.co.uk>
---
net/netfilter/ipvs/ip_vs_core.c | 24 ++++++++++++------------
1 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 00bdb1d..d1c6a77 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1768,7 +1768,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
{
.hook = ip_vs_reply4,
.owner = THIS_MODULE,
- .pf = PF_INET,
+ .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP_PRI_NAT_SRC - 2,
},
@@ -1778,7 +1778,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
{
.hook = ip_vs_remote_request4,
.owner = THIS_MODULE,
- .pf = PF_INET,
+ .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP_PRI_NAT_SRC - 1,
},
@@ -1786,7 +1786,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
{
.hook = ip_vs_local_reply4,
.owner = THIS_MODULE,
- .pf = PF_INET,
+ .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_NAT_DST + 1,
},
@@ -1794,7 +1794,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
{
.hook = ip_vs_local_request4,
.owner = THIS_MODULE,
- .pf = PF_INET,
+ .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_NAT_DST + 2,
},
@@ -1803,7 +1803,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
{
.hook = ip_vs_forward_icmp,
.owner = THIS_MODULE,
- .pf = PF_INET,
+ .pf = NFPROTO_IPV4,
.hooknum = NF_INET_FORWARD,
.priority = 99,
},
@@ -1811,7 +1811,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
{
.hook = ip_vs_reply4,
.owner = THIS_MODULE,
- .pf = PF_INET,
+ .pf = NFPROTO_IPV4,
.hooknum = NF_INET_FORWARD,
.priority = 100,
},
@@ -1820,7 +1820,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
{
.hook = ip_vs_reply6,
.owner = THIS_MODULE,
- .pf = PF_INET6,
+ .pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP6_PRI_NAT_SRC - 2,
},
@@ -1830,7 +1830,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
{
.hook = ip_vs_remote_request6,
.owner = THIS_MODULE,
- .pf = PF_INET6,
+ .pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP6_PRI_NAT_SRC - 1,
},
@@ -1838,7 +1838,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
{
.hook = ip_vs_local_reply6,
.owner = THIS_MODULE,
- .pf = PF_INET,
+ .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP6_PRI_NAT_DST + 1,
},
@@ -1846,7 +1846,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
{
.hook = ip_vs_local_request6,
.owner = THIS_MODULE,
- .pf = PF_INET6,
+ .pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP6_PRI_NAT_DST + 2,
},
@@ -1855,7 +1855,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
{
.hook = ip_vs_forward_icmp_v6,
.owner = THIS_MODULE,
- .pf = PF_INET6,
+ .pf = NFPROTO_IPV6,
.hooknum = NF_INET_FORWARD,
.priority = 99,
},
@@ -1863,7 +1863,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
{
.hook = ip_vs_reply6,
.owner = THIS_MODULE,
- .pf = PF_INET6,
+ .pf = NFPROTO_IPV6,
.hooknum = NF_INET_FORWARD,
.priority = 100,
},
--
1.7.2.5
^ permalink raw reply related
* [PATCH 6/6] netfilter: selinux: switch hook PFs to nfproto
From: Alban Crequy @ 2012-05-14 13:56 UTC (permalink / raw)
To: Pablo Neira Ayuso, Patrick McHardy
Cc: Vincent Sanders, Javier Martinez Canillas, netfilter-devel,
netdev, Alban Crequy
In-Reply-To: <1337003799-2517-1-git-send-email-alban.crequy@collabora.co.uk>
NFPROTO_* constants were usually equal to PF_* constants but it is not
necessary and it will waste less memory if we don't do so (see commit 7e9c6e
"netfilter: Introduce NFPROTO_* constants")
Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
Reviewed-by: Vincent Sanders <vincent.sanders@collabora.co.uk>
---
security/selinux/hooks.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d85b793..1ab4d6b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5776,21 +5776,21 @@ static struct nf_hook_ops selinux_ipv4_ops[] = {
{
.hook = selinux_ipv4_postroute,
.owner = THIS_MODULE,
- .pf = PF_INET,
+ .pf = NFPROTO_IPV4,
.hooknum = NF_INET_POST_ROUTING,
.priority = NF_IP_PRI_SELINUX_LAST,
},
{
.hook = selinux_ipv4_forward,
.owner = THIS_MODULE,
- .pf = PF_INET,
+ .pf = NFPROTO_IPV4,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP_PRI_SELINUX_FIRST,
},
{
.hook = selinux_ipv4_output,
.owner = THIS_MODULE,
- .pf = PF_INET,
+ .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_SELINUX_FIRST,
}
@@ -5802,14 +5802,14 @@ static struct nf_hook_ops selinux_ipv6_ops[] = {
{
.hook = selinux_ipv6_postroute,
.owner = THIS_MODULE,
- .pf = PF_INET6,
+ .pf = NFPROTO_IPV6,
.hooknum = NF_INET_POST_ROUTING,
.priority = NF_IP6_PRI_SELINUX_LAST,
},
{
.hook = selinux_ipv6_forward,
.owner = THIS_MODULE,
- .pf = PF_INET6,
+ .pf = NFPROTO_IPV6,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP6_PRI_SELINUX_FIRST,
}
--
1.7.2.5
^ permalink raw reply related
* [PATCH] dummy: documentation is stale
From: Alan Cox @ 2012-05-14 13:57 UTC (permalink / raw)
To: netdev
From: Alan Cox <alan@linux.intel.com>
dummy0/1/2 names are always used and there are options to set multiple
dummy devices. Remove the obsolete text
Resolves-bug: https://bugzilla.kernel.org/show_bug.cgi?id=42865
Signed-off-by: Alan Cox <alan@linux.intel.com>
---
drivers/net/Kconfig | 5 +----
1 files changed, 1 insertions(+), 4 deletions(-)
diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
index b982854..78a6259 100644
--- a/drivers/net/Kconfig
+++ b/drivers/net/Kconfig
@@ -66,10 +66,7 @@ config DUMMY
<http://www.tldp.org/docs.html#guide>.
To compile this driver as a module, choose M here: the module
- will be called dummy. If you want to use more than one dummy
- device at a time, you need to compile this driver as a module.
- Instead of 'dummy', the devices will then be called 'dummy0',
- 'dummy1' etc.
+ will be called dummy.
config EQUALIZER
tristate "EQL (serial line load balancing) support"
^ permalink raw reply related
* [PATCH] [RFC] netfilter: don't assume NFPROTO_* are like PF_*
From: Alban Crequy @ 2012-05-14 13:58 UTC (permalink / raw)
To: Pablo Neira Ayuso, Patrick McHardy
Cc: Vincent Sanders, Javier Martinez Canillas, netfilter-devel,
netdev, Alban Crequy
With this patch, NFPROTO_* constants don't have the same values as PF_*
constants.
Benefit: it makes NFPROTO_NUMPROTO smaller and saves space as arrays are
smaller.
Issues: might have missed a conversion. I grepped NF_HOOK, nf_register_hook,
nf_register_hooks, and xt_hook_link. So it is probably fine.
NFPROTO_* constants were introduced by commit 7e9c6e.
Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
Reviewed-by: Vincent Sanders <vincent.sanders@collabora.co.uk>
---
include/linux/netfilter.h | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 29734be..89afadb 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -62,11 +62,11 @@ enum nf_inet_hooks {
enum {
NFPROTO_UNSPEC = 0,
- NFPROTO_IPV4 = 2,
- NFPROTO_ARP = 3,
- NFPROTO_BRIDGE = 7,
- NFPROTO_IPV6 = 10,
- NFPROTO_DECNET = 12,
+ NFPROTO_IPV4,
+ NFPROTO_ARP,
+ NFPROTO_BRIDGE,
+ NFPROTO_IPV6,
+ NFPROTO_DECNET,
NFPROTO_NUMPROTO,
};
--
1.7.2.5
^ permalink raw reply related
* RE: [PATCH 2/6] netfilter: decnet: switch hook PFs to nfproto
From: David Laight @ 2012-05-14 14:18 UTC (permalink / raw)
To: Alban Crequy, Pablo Neira Ayuso, Patrick McHardy
Cc: Vincent Sanders, Javier Martinez Canillas, netfilter-devel,
netdev
In-Reply-To: <1337003799-2517-2-git-send-email-alban.crequy@collabora.co.uk>
> NFPROTO_* constants were usually equal to PF_* constants but it is not
> necessary and it will waste less memory if we don't do so
> (see commit 7e9c6e
> "netfilter: Introduce NFPROTO_* constants")
...
>
> static struct nf_hook_ops dnrmg_ops __read_mostly = {
> .hook = dnrmg_hook,
> - .pf = PF_DECnet,
> + .pf = NFPROTO_DECNET,
> .hooknum = NF_DN_ROUTE,
> .priority = NF_DN_PRI_DNRTMSG,
> };
Might it be worth renaming the .pf member to (say) .nfproto
to help avoid confusion?
David
^ permalink raw reply
* Re: [PATCH ethtool] Add command to dump module EEPROM
From: Ben Hutchings @ 2012-05-14 14:18 UTC (permalink / raw)
To: Yaniv Rosner; +Cc: David Miller, netdev, Eilon Greenstein, Stuart Hodgson
In-Reply-To: <1337008431-6304-1-git-send-email-yanivr@broadcom.com>
On Mon, 2012-05-14 at 18:13 +0300, Yaniv Rosner wrote:
> Hi Ben,
> This patch adds a new option to dump (SFP+, XFP, ...) module EEPROM following
> recent support to kernel side. Below some examples:
>
> bash-3.00# ethtool -m eth1 offset 0x14 length 32 raw on
> JDSU PLRXPLSCS432
>
> bash-3.00# ethtool -m eth1 offset 0x14 length 32
> Offset Values
> ------ ------
> 0x0014 4a 44 53 55 20 20 20 20 20 20 20 20 20 20 20 20
> 0x0024 00 00 01 9c 50 4c 52 58 50 4c 53 43 53 34 33 32
>
> Please consider applying to ethtool.
I agree there should be ASCII-hex and binary dump modes, but we should
also support decoding of recognised EEPROM types (as Stuart proposed
earlier).
> Thanks,
> Yaniv
>
> Signed-off-by: Yaniv Rosner <yanivr@broadcom.com>
> ---
> ethtool-copy.h | 312 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
> ethtool.8.in | 23 ++++-
> ethtool.c | 63 +++++++++++
> 3 files changed, 393 insertions(+), 5 deletions(-)
>
> diff --git a/ethtool-copy.h b/ethtool-copy.h
> index d904c1a..604dbef 100644
> --- a/ethtool-copy.h
> +++ b/ethtool-copy.h
> @@ -13,6 +13,9 @@
> #ifndef _LINUX_ETHTOOL_H
> #define _LINUX_ETHTOOL_H
>
> +#ifdef __KERNEL__
> +#include <linux/compat.h>
> +#endif
> #include <linux/types.h>
> #include <linux/if_ether.h>
>
[...]
You've updated this wrongly; run 'make headers_install' in the kernel
tree and then copy from usr/include/ethtool.h.
[...]
> diff --git a/ethtool.8.in b/ethtool.8.in
> index 63d5d48..470fd8d 100644
> --- a/ethtool.8.in
> +++ b/ethtool.8.in
> @@ -325,6 +325,13 @@ ethtool \- query or control network driver and hardware settings
> .I devname flag
> .A1 on off
> .RB ...
> +.HP
> +.B ethtool \-m|\-\-mod\-eeprom\-dump
> +.I devname
> +.B2 raw on off
> +.BN offset
> +.BN length
> +.HP
> .
> .\" Adjust lines (i.e. full justification) and hyphenate.
> .ad
> @@ -800,6 +807,19 @@ Sets the device's private flags as specified.
> .I flag
> .A1 on off
> Sets the state of the named private flag.
> +.TP
> +.B \-m \-\-mod\-eeprom\-dump
> +Retrieves and prints module (SFP+, XFP, ...) EEPROMs dump for the specified network device.
> +Default is to dump the entire EEPROM.
> +.TP
> +.BI raw \ on|off
> +Dumps the raw EEPROM data to stdout.
Only true for 'raw on', not 'raw off'!
> +.TP
> +.BI offset \ N
> +Start address of module EEPROM dump.
> +.TP
> +.BI length \ N
> +Length of module EEPROM dump.
> .SH BUGS
> Not supported (in part or whole) on all network drivers.
> .SH AUTHOR
> @@ -815,7 +835,8 @@ Eli Kupermann,
> Scott Feldman,
> Andi Kleen,
> Alexander Duyck,
> -Sucheta Chakraborty.
> +Sucheta Chakraborty,
> +Yaniv Rosner.
> .SH AVAILABILITY
> .B ethtool
> is available from
> diff --git a/ethtool.c b/ethtool.c
> index e80b38b..6d022c3 100644
> --- a/ethtool.c
> +++ b/ethtool.c
> @@ -2214,6 +2214,64 @@ static int do_nway_rst(struct cmd_context *ctx)
> return err;
> }
>
> +static int do_gmoduleeeprom(struct cmd_context *ctx)
> +{
> + int geeprom_changed = 0;
> + int geeprom_dump_raw = 0;
> + u32 geeprom_offset = 0;
> + u32 geeprom_length = -1;
> + struct cmdline_info cmdline_geeprom[] = {
> + { "offset", CMDL_U32, &geeprom_offset, NULL },
> + { "length", CMDL_U32, &geeprom_length, NULL },
> + { "raw", CMDL_BOOL, &geeprom_dump_raw, NULL },
> + };
> + int err;
> + struct ethtool_modinfo modinfo;
> + struct ethtool_eeprom *eeprom;
> + struct ethtool_drvinfo drvinfo;
> +
> + parse_generic_cmdline(ctx, &geeprom_changed,
> + cmdline_geeprom, ARRAY_SIZE(cmdline_geeprom));
> +
> + drvinfo.cmd = ETHTOOL_GDRVINFO;
> + err = send_ioctl(ctx, &drvinfo);
> + if (err < 0) {
> + perror("Cannot get driver information");
> + return 74;
> + }
What is the point of running ETHTOOL_GDRVINFO?
> + modinfo.cmd = ETHTOOL_GMODULEINFO;
> + err = send_ioctl(ctx, &modinfo);
> + if (err < 0) {
> + perror("Cannot get driver information");
> + return 74;
No more magic return codes, please. Just return 1 on error. Also the
error message here seems wrong.
> + }
> +
> + if (geeprom_length == -1)
> + geeprom_length = modinfo.eeprom_len;
> +
> + if (modinfo.eeprom_len < geeprom_offset + geeprom_length)
> + geeprom_length = modinfo.eeprom_len - geeprom_offset;
> + eeprom = calloc(1, sizeof(*eeprom)+geeprom_length);
> + if (!eeprom) {
> + perror("Cannot allocate memory for EEPROM data");
> + return 75;
> + }
> + eeprom->cmd = ETHTOOL_GMODULEEEPROM;
> + eeprom->len = geeprom_length;
> + eeprom->offset = geeprom_offset;
> + err = send_ioctl(ctx, eeprom);
> + if (err < 0) {
> + perror("Cannot get EEPROM data");
> + free(eeprom);
> + return 74;
> + }
> + err = dump_eeprom(geeprom_dump_raw, &drvinfo, eeprom);
> + free(eeprom);
> +
> + return err;
> +}
> +
> static int do_geeprom(struct cmd_context *ctx)
> {
> int geeprom_changed = 0;
> @@ -3231,6 +3289,11 @@ static const struct option {
> { "--show-priv-flags" , 1, do_gprivflags, "Query private flags" },
> { "--set-priv-flags", 1, do_sprivflags, "Set private flags",
> " FLAG on|off ...\n" },
> + { "-m|--mod-eeprom-dump", 1, do_gmoduleeeprom,
> + "Dumps SFP+ module EEPROM",
As you correctly noted in the manual page, this isn't limited to SFP+.
Ben.
> + " [ raw on|off ]\n"
> + " [ offset N ]\n"
> + " [ length N ]\n" },
> { "-h|--help", 0, show_usage, "Show this help" },
> { "--version", 0, do_version, "Show version number" },
> {}
--
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
^ permalink raw reply
* RE: [PATCH 1/4] netfilter: ipset: fix timeout value overflow bug
From: David Laight @ 2012-05-14 14:19 UTC (permalink / raw)
To: pablo, netfilter-devel; +Cc: davem, netdev
In-Reply-To: <1336996023-20249-2-git-send-email-pablo@netfilter.org>
> --- a/include/linux/netfilter/ipset/ip_set_timeout.h
> +++ b/include/linux/netfilter/ipset/ip_set_timeout.h
> @@ -30,6 +30,10 @@ ip_set_timeout_uget(struct nlattr *tb)
> {
> unsigned int timeout = ip_set_get_h32(tb);
>
> + /* Normalize to fit into jiffies */
> + if (timeout > UINT_MAX/1000)
> + timeout = UINT_MAX/1000;
> +
Doesn't that rather assume that HZ is 1000 ?
David
^ permalink raw reply
* Re: [PATCH 2/6] netfilter: decnet: switch hook PFs to nfproto
From: Florian Westphal @ 2012-05-14 14:22 UTC (permalink / raw)
To: David Laight
Cc: Alban Crequy, Pablo Neira Ayuso, Patrick McHardy, Vincent Sanders,
Javier Martinez Canillas, netfilter-devel, netdev
In-Reply-To: <AE90C24D6B3A694183C094C60CF0A2F6026B6F0A@saturn3.aculab.com>
David Laight <David.Laight@ACULAB.COM> wrote:
>
> > NFPROTO_* constants were usually equal to PF_* constants but it is not
> > necessary and it will waste less memory if we don't do so
> > (see commit 7e9c6e
> > "netfilter: Introduce NFPROTO_* constants")
> ...
> >
> > static struct nf_hook_ops dnrmg_ops __read_mostly = {
> > .hook = dnrmg_hook,
> > - .pf = PF_DECnet,
> > + .pf = NFPROTO_DECNET,
> > .hooknum = NF_DN_ROUTE,
> > .priority = NF_DN_PRI_DNRTMSG,
> > };
>
> Might it be worth renaming the .pf member to (say) .nfproto
> to help avoid confusion?
NFPROTO_* values are exported to userspace, so I don't think
its safe to change these values.
^ permalink raw reply
* Re: [PATCH net-next v3] be2net: Fix to allow get/set of debug levels in the firmware.
From: Ben Hutchings @ 2012-05-14 14:29 UTC (permalink / raw)
To: Somnath Kotur; +Cc: netdev, Suresh Redy
In-Reply-To: <847bec25-7806-4eaf-8a3e-2411a0c6bba9@exht1.ad.emulex.com>
On Sat, 2012-05-12 at 09:09 +0530, Somnath Kotur wrote:
[...]
> +static void be_set_msg_level(struct net_device *netdev, u32 level)
> +{
> + struct be_adapter *adapter = netdev_priv(netdev);
> +
> + if (lancer_chip(adapter)) {
> + dev_err(&adapter->pdev->dev, "Operation not supported\n");
> + return;
> + }
> +
> + if (adapter->msg_enable == level)
> + return;
> +
> + if (level & NETIF_MSG_HW != adapter->msg_enable & NETIF_MSG_HW)
> + be_set_fw_log_level(adapter, level & NETIF_MSG_HW ?
> + FW_LOG_LEVEL_DEFAULT : FW_LOG_LEVEL_FATAL);
[...]
Oh, come on, you can't have actually tested this. The compiler even
warns you this is probably wrong.
Ben.
--
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
^ permalink raw reply
* Re: [PATCH 1/4] netfilter: ipset: fix timeout value overflow bug
From: Pablo Neira Ayuso @ 2012-05-14 14:36 UTC (permalink / raw)
To: David Laight; +Cc: netfilter-devel, davem, netdev, Jozsef Kadlecsik
In-Reply-To: <AE90C24D6B3A694183C094C60CF0A2F6026B6F0B@saturn3.aculab.com>
[-- Attachment #1: Type: text/plain, Size: 782 bytes --]
On Mon, May 14, 2012 at 03:19:49PM +0100, David Laight wrote:
>
> > --- a/include/linux/netfilter/ipset/ip_set_timeout.h
> > +++ b/include/linux/netfilter/ipset/ip_set_timeout.h
> > @@ -30,6 +30,10 @@ ip_set_timeout_uget(struct nlattr *tb)
> > {
> > unsigned int timeout = ip_set_get_h32(tb);
> >
> > + /* Normalize to fit into jiffies */
> > + if (timeout > UINT_MAX/1000)
> > + timeout = UINT_MAX/1000;
> > +
>
> Doesn't that rather assume that HZ is 1000 ?
Indeed. I overlooked that. Thanks David.
New patch attached fixing this. I've rebased my tree.
@Jozsef: BTW, why do we have
include/linux/netfilter/ipset/ip_set_timeout.h
living under include/linux ?
All definitions are private to the kernel. Why not moving that header
(and other similar) to include/net ?
[-- Attachment #2: 0001-netfilter-ipset-fix-timeout-value-overflow-bug.patch --]
[-- Type: text/x-diff, Size: 2645 bytes --]
>From bcb0e955ae5ea5acb1b59fb59e4fcb1c8364994d Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Mon, 7 May 2012 02:35:44 +0000
Subject: [PATCH] netfilter: ipset: fix timeout value overflow bug
Large timeout parameters could result wrong timeout values due to
an overflow at msec to jiffies conversion (reported by Andreas Herz)
[ This patch was mangled by Pablo Neira Ayuso since David Laight notices
that we were using hardcode 1000 instead of HZ to calculate the timeout ]
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/linux/netfilter/ipset/ip_set_timeout.h | 4 ++++
net/netfilter/xt_set.c | 15 +++++++++++++--
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/include/linux/netfilter/ipset/ip_set_timeout.h b/include/linux/netfilter/ipset/ip_set_timeout.h
index 4792320..40a85b1 100644
--- a/include/linux/netfilter/ipset/ip_set_timeout.h
+++ b/include/linux/netfilter/ipset/ip_set_timeout.h
@@ -30,6 +30,10 @@ ip_set_timeout_uget(struct nlattr *tb)
{
unsigned int timeout = ip_set_get_h32(tb);
+ /* Normalize to fit into jiffies */
+ if (timeout > UINT_MAX/HZ)
+ timeout = UINT_MAX/HZ;
+
/* Userspace supplied TIMEOUT parameter: adjust crazy size */
return timeout == IPSET_NO_TIMEOUT ? IPSET_NO_TIMEOUT - 1 : timeout;
}
diff --git a/net/netfilter/xt_set.c b/net/netfilter/xt_set.c
index 0ec8138..15275e9 100644
--- a/net/netfilter/xt_set.c
+++ b/net/netfilter/xt_set.c
@@ -44,6 +44,14 @@ const struct ip_set_adt_opt n = { \
.cmdflags = cfs, \
.timeout = t, \
}
+#define ADT_MOPT(n, f, d, fs, cfs, t) \
+struct ip_set_adt_opt n = { \
+ .family = f, \
+ .dim = d, \
+ .flags = fs, \
+ .cmdflags = cfs, \
+ .timeout = t, \
+}
/* Revision 0 interface: backward compatible with netfilter/iptables */
@@ -296,11 +304,14 @@ static unsigned int
set_target_v2(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_set_info_target_v2 *info = par->targinfo;
- ADT_OPT(add_opt, par->family, info->add_set.dim,
- info->add_set.flags, info->flags, info->timeout);
+ ADT_MOPT(add_opt, par->family, info->add_set.dim,
+ info->add_set.flags, info->flags, info->timeout);
ADT_OPT(del_opt, par->family, info->del_set.dim,
info->del_set.flags, 0, UINT_MAX);
+ /* Normalize to fit into jiffies */
+ if (add_opt.timeout > UINT_MAX/HZ)
+ add_opt.timeout = UINT_MAX/HZ;
if (info->add_set.index != IPSET_INVALID_ID)
ip_set_add(info->add_set.index, skb, par, &add_opt);
if (info->del_set.index != IPSET_INVALID_ID)
--
1.7.10
^ permalink raw reply related
* Re: [PATCH 2/6] netfilter: decnet: switch hook PFs to nfproto
From: Pablo Neira Ayuso @ 2012-05-14 14:38 UTC (permalink / raw)
To: David Laight
Cc: Alban Crequy, Patrick McHardy, Vincent Sanders,
Javier Martinez Canillas, netfilter-devel, netdev
In-Reply-To: <AE90C24D6B3A694183C094C60CF0A2F6026B6F0A@saturn3.aculab.com>
On Mon, May 14, 2012 at 03:18:16PM +0100, David Laight wrote:
>
> > NFPROTO_* constants were usually equal to PF_* constants but it is not
> > necessary and it will waste less memory if we don't do so
> > (see commit 7e9c6e
> > "netfilter: Introduce NFPROTO_* constants")
> ...
> >
> > static struct nf_hook_ops dnrmg_ops __read_mostly = {
> > .hook = dnrmg_hook,
> > - .pf = PF_DECnet,
> > + .pf = NFPROTO_DECNET,
> > .hooknum = NF_DN_ROUTE,
> > .priority = NF_DN_PRI_DNRTMSG,
> > };
>
> Might it be worth renaming the .pf member to (say) .nfproto
> to help avoid confusion?
That can be done follow-up patch, I guess.
^ permalink raw reply
* Re: [PATCH] netfilter: xt_HMARK: endian bugs
From: Pablo Neira Ayuso @ 2012-05-14 14:40 UTC (permalink / raw)
To: Hans Schillstrom
Cc: kaber, jengelh, netfilter-devel, netdev, dan.carpenter, hans
In-Reply-To: <1337002943-16374-1-git-send-email-hans.schillstrom@ericsson.com>
On Mon, May 14, 2012 at 03:42:23PM +0200, Hans Schillstrom wrote:
> A mix of u32 and __be32 causes endian warning.
> Switch to __be32 and __be16 for addresses and ports.
> Added (__force u32) at some places.
>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com>
> ---
> include/linux/netfilter/xt_HMARK.h | 4 ++--
> net/netfilter/xt_HMARK.c | 35 ++++++++++++++++++-----------------
> 2 files changed, 20 insertions(+), 19 deletions(-)
>
> diff --git a/include/linux/netfilter/xt_HMARK.h b/include/linux/netfilter/xt_HMARK.h
> index abb1650..e2af67e 100644
> --- a/include/linux/netfilter/xt_HMARK.h
> +++ b/include/linux/netfilter/xt_HMARK.h
> @@ -24,8 +24,8 @@ enum {
>
> union hmark_ports {
> struct {
> - __u16 src;
> - __u16 dst;
> + __be16 src;
> + __be16 dst;
> } p16;
> __u32 v32;
> };
> diff --git a/net/netfilter/xt_HMARK.c b/net/netfilter/xt_HMARK.c
> index 32fbd73..38ed442 100644
> --- a/net/netfilter/xt_HMARK.c
> +++ b/net/netfilter/xt_HMARK.c
> @@ -32,13 +32,13 @@ MODULE_ALIAS("ipt_HMARK");
> MODULE_ALIAS("ip6t_HMARK");
>
> struct hmark_tuple {
> - u32 src;
> - u32 dst;
> + __be32 src;
> + __be32 dst;
> union hmark_ports uports;
> uint8_t proto;
> };
>
> -static inline u32 hmark_addr6_mask(const __u32 *addr32, const __u32 *mask)
> +static inline __be32 hmark_addr6_mask(const __be32 *addr32, const __be32 *mask)
> {
> return (addr32[0] & mask[0]) ^
> (addr32[1] & mask[1]) ^
> @@ -46,8 +46,8 @@ static inline u32 hmark_addr6_mask(const __u32 *addr32, const __u32 *mask)
> (addr32[3] & mask[3]);
> }
>
> -static inline u32
> -hmark_addr_mask(int l3num, const __u32 *addr32, const __u32 *mask)
> +static inline __be32
> +hmark_addr_mask(int l3num, const __be32 *addr32, const __be32 *mask)
> {
> switch (l3num) {
> case AF_INET:
> @@ -74,10 +74,10 @@ hmark_ct_set_htuple(const struct sk_buff *skb, struct hmark_tuple *t,
> otuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
> rtuple = &ct->tuplehash[IP_CT_DIR_REPLY].tuple;
>
> - t->src = hmark_addr_mask(otuple->src.l3num, otuple->src.u3.all,
> - info->src_mask.all);
> - t->dst = hmark_addr_mask(otuple->src.l3num, rtuple->src.u3.all,
> - info->dst_mask.all);
> + t->src = hmark_addr_mask(otuple->src.l3num, otuple->src.u3.ip6,
> + info->src_mask.ip6);
> + t->dst = hmark_addr_mask(otuple->src.l3num, rtuple->src.u3.ip6,
> + info->dst_mask.ip6);
>
> if (info->flags & XT_HMARK_FLAG(XT_HMARK_METHOD_L3))
> return 0;
> @@ -88,7 +88,7 @@ hmark_ct_set_htuple(const struct sk_buff *skb, struct hmark_tuple *t,
> t->uports.p16.dst = rtuple->src.u.all;
> t->uports.v32 = (t->uports.v32 & info->port_mask.v32) |
> info->port_set.v32;
> - if (t->uports.p16.dst < t->uports.p16.src)
> + if (ntohs(t->uports.p16.dst) < ntohs(t->uports.p16.src))
Do we really need this to make sparse happy?
> swap(t->uports.p16.dst, t->uports.p16.src);
> }
>
> @@ -103,10 +103,11 @@ hmark_hash(struct hmark_tuple *t, const struct xt_hmark_info *info)
> {
> u32 hash;
>
> - if (t->dst < t->src)
> + if (ntohl(t->dst) < ntohl(t->src))
> swap(t->src, t->dst);
>
> - hash = jhash_3words(t->src, t->dst, t->uports.v32, info->hashrnd);
> + hash = jhash_3words((__force u32) t->src, (__force u32) t->dst,
> + t->uports.v32, info->hashrnd);
> hash = hash ^ (t->proto & info->proto_mask);
>
> return (hash % info->hmodulus) + info->hoffset;
This will clash with my patch. No problem, I'll manually fix it
myself.
> @@ -129,7 +130,7 @@ hmark_set_tuple_ports(const struct sk_buff *skb, unsigned int nhoff,
> t->uports.v32 = (t->uports.v32 & info->port_mask.v32) |
> info->port_set.v32;
>
> - if (t->uports.p16.dst < t->uports.p16.src)
> + if (ntohs(t->uports.p16.dst) < ntohs(t->uports.p16.src))
> swap(t->uports.p16.dst, t->uports.p16.src);
> }
>
> @@ -178,8 +179,8 @@ hmark_pkt_set_htuple_ipv6(const struct sk_buff *skb, struct hmark_tuple *t,
> return -1;
> }
> noicmp:
> - t->src = hmark_addr6_mask(ip6->saddr.s6_addr32, info->src_mask.all);
> - t->dst = hmark_addr6_mask(ip6->daddr.s6_addr32, info->dst_mask.all);
> + t->src = hmark_addr6_mask(ip6->saddr.s6_addr32, info->src_mask.ip6);
> + t->dst = hmark_addr6_mask(ip6->daddr.s6_addr32, info->dst_mask.ip6);
>
> if (info->flags & XT_HMARK_FLAG(XT_HMARK_METHOD_L3))
> return 0;
> @@ -255,8 +256,8 @@ hmark_pkt_set_htuple_ipv4(const struct sk_buff *skb, struct hmark_tuple *t,
> }
> }
>
> - t->src = (__force u32) ip->saddr;
> - t->dst = (__force u32) ip->daddr;
> + t->src = ip->saddr;
> + t->dst = ip->daddr;
>
> t->src &= info->src_mask.ip;
> t->dst &= info->dst_mask.ip;
> --
> 1.7.2.3
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply
* Re: [PATCH 1/6] netfilter: sanity checks on NFPROTO_NUMPROTO
From: Pablo Neira Ayuso @ 2012-05-14 14:42 UTC (permalink / raw)
To: Alban Crequy
Cc: Patrick McHardy, Vincent Sanders, Javier Martinez Canillas,
netfilter-devel, netdev
In-Reply-To: <1337003799-2517-1-git-send-email-alban.crequy@collabora.co.uk>
On Mon, May 14, 2012 at 02:56:34PM +0100, Alban Crequy wrote:
> With the NFPROTO_* constants introduced by commit 7e9c6e ("netfilter: Introduce
> NFPROTO_* constants"), it is too easy to confuse PF_* and NFPROTO_* constants
> in new protocols.
>
> Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
> Reviewed-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
> Reviewed-by: Vincent Sanders <vincent.sanders@collabora.co.uk>
> ---
> net/netfilter/core.c | 5 +++++
> 1 files changed, 5 insertions(+), 0 deletions(-)
>
> diff --git a/net/netfilter/core.c b/net/netfilter/core.c
> index e1b7e05..4f16552 100644
> --- a/net/netfilter/core.c
> +++ b/net/netfilter/core.c
> @@ -67,6 +67,11 @@ int nf_register_hook(struct nf_hook_ops *reg)
> struct nf_hook_ops *elem;
> int err;
>
> + if (reg->pf >= NFPROTO_NUMPROTO || reg->hooknum >= NF_MAX_HOOKS) {
> + BUG();
> + return 1;
nf_register_hook returns a negative value on error. -EINVAL can be
fine.
> + }
> +
> err = mutex_lock_interruptible(&nf_hook_mutex);
> if (err < 0)
> return err;
> --
> 1.7.2.5
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply
* Re: [PATCH 2/6] netfilter: decnet: switch hook PFs to nfproto
From: Pablo Neira Ayuso @ 2012-05-14 14:45 UTC (permalink / raw)
To: Jan Engelhardt
Cc: Alban Crequy, Patrick McHardy, Vincent Sanders,
Javier Martinez Canillas, netfilter-devel, netdev
In-Reply-To: <1337003799-2517-2-git-send-email-alban.crequy@collabora.co.uk>
@Jan,
I remember you introduced all this NFPROTO_* thing time ago.
Any complain on this patchset?
Thanks.
On Mon, May 14, 2012 at 02:56:35PM +0100, Alban Crequy wrote:
> NFPROTO_* constants were usually equal to PF_* constants but it is not
> necessary and it will waste less memory if we don't do so (see commit 7e9c6e
> "netfilter: Introduce NFPROTO_* constants")
>
> Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
> Reviewed-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
> Reviewed-by: Vincent Sanders <vincent.sanders@collabora.co.uk>
> ---
> net/decnet/netfilter/dn_rtmsg.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c
> index 1531135..7fb7250 100644
> --- a/net/decnet/netfilter/dn_rtmsg.c
> +++ b/net/decnet/netfilter/dn_rtmsg.c
> @@ -118,7 +118,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
>
> static struct nf_hook_ops dnrmg_ops __read_mostly = {
> .hook = dnrmg_hook,
> - .pf = PF_DECnet,
> + .pf = NFPROTO_DECNET,
> .hooknum = NF_DN_ROUTE,
> .priority = NF_DN_PRI_DNRTMSG,
> };
> --
> 1.7.2.5
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox