Netdev List
 help / color / mirror / Atom feed
* Re: [net-next PATCH 1/3] Added kernel support in EEE Ethtool commands
From: Ben Hutchings @ 2012-06-05 19:01 UTC (permalink / raw)
  To: Yuval Mintz; +Cc: davem, netdev, eilong, peppe.cavallaro
In-Reply-To: <1338878342-24586-2-git-send-email-yuvalmin@broadcom.com>

On Tue, 2012-06-05 at 09:39 +0300, Yuval Mintz wrote:
> This patch extends the kernel's ethtool interface by adding support
> for 2 new EEE commands - get_eee and set_eee.
> 
> Thanks goes to Giuseppe Cavallaro for his original patch adding this support.
> 
> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
> Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
> ---
>  include/linux/ethtool.h |   19 +++++++++++++++++++
>  net/core/ethtool.c      |   34 ++++++++++++++++++++++++++++++++++
>  2 files changed, 53 insertions(+), 0 deletions(-)
> 
> diff --git a/include/linux/ethtool.h b/include/linux/ethtool.h
> index e17fa71..527de4c 100644
> --- a/include/linux/ethtool.h
> +++ b/include/linux/ethtool.h
> @@ -136,6 +136,19 @@ struct ethtool_eeprom {
>  	__u8	data[0];
>  };
>  
> +/* EEE settings */
> +struct ethtool_eee {
> +	__u32	cmd;
> +	__u32	supported;
> +	__u32	advertised;
> +	__u32	lp_advertised;
> +	__u32	eee_active;
> +	__u32	eee_enabled;
> +	__u32	tx_lpi_enabled;
> +	__u32	tx_lpi_timer;
> +	__u32	reserved[2];
> +};

This needs a kernel-doc comment explaining exactly what each of the
fields means.

[...]
> --- a/net/core/ethtool.c
> +++ b/net/core/ethtool.c
> @@ -729,6 +729,34 @@ static int ethtool_set_wol(struct net_device *dev, char __user *useraddr)
>  	return dev->ethtool_ops->set_wol(dev, &wol);
>  }
>  
> +static int ethtool_get_eee(struct net_device *dev, char __user *useraddr)
> +{
> +	struct ethtool_eee edata;
> +
> +	if (!dev->ethtool_ops->get_eee)
> +		return -EOPNOTSUPP;

We *must* initialise all of edata and we should not leave it to the
driver to do.  Otherwise we will be copying back uninitialised data to
userland which (1) might reveal sensitive information stored on the
stack by previous function calls (2) sets the cmd field to the wrong
value (3) sets the reserved fields to random values, making them
unusable for expansion.

> +	dev->ethtool_ops->get_eee(dev, &edata);

Missing error check.

> +	if (copy_to_user(useraddr, &edata, sizeof(edata)))
> +		return -EFAULT;
> +
> +	return 0;
> +}
[...]

-- 
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.

^ permalink raw reply

* [PATCH] netdev: mv643xx_eth: Prevent build on PPC32
From: Josh Boyer @ 2012-06-05 19:28 UTC (permalink / raw)
  To: Lennert Buytenhek; +Cc: Andrew Lunn, Olof Johansson, netdev

Commit 452503ebc (ARM: Orion: Eth: Add clk/clkdev support.) added use of
the clk driver API which results in compile errors on architectures that
don't implement the clk API.

ERROR: "clk_enable" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
ERROR: "clk_disable" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
ERROR: "clk_put" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
ERROR: "clk_get_rate" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
ERROR: "clk_get" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!

Selecting CLKDEV_LOOKUP doesn't fix this either, as the build then fails with:

In file included from drivers/clk/clkdev.c:21:0:
include/linux/clkdev.h:15:24: fatal error: asm/clkdev.h: No such file or directory

So we just prevent this from building at all on PPC32.

Signed-off-by: Josh Boyer <jwboyer@redhat.com>
---
 drivers/net/ethernet/marvell/Kconfig |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/marvell/Kconfig b/drivers/net/ethernet/marvell/Kconfig
index 0029934..628f5b1 100644
--- a/drivers/net/ethernet/marvell/Kconfig
+++ b/drivers/net/ethernet/marvell/Kconfig
@@ -20,7 +20,7 @@ if NET_VENDOR_MARVELL
 
 config MV643XX_ETH
 	tristate "Marvell Discovery (643XX) and Orion ethernet support"
-	depends on (MV64X60 || PPC32 || PLAT_ORION) && INET
+	depends on (MV64X60 || PLAT_ORION) && INET
 	select INET_LRO
 	select PHYLIB
 	---help---
-- 
1.7.10.2

^ permalink raw reply related

* Re: linux-next: Tree for Apr 12
From: Andrew Morton @ 2012-06-05 19:50 UTC (permalink / raw)
  To: Eric Paris
  Cc: Stephen Rothwell, linux-next, LKML, netdev, James Morris,
	Stephen Smalley
In-Reply-To: <1338864128.17933.2.camel@localhost>

On Mon, 04 Jun 2012 22:42:08 -0400
Eric Paris <eparis@redhat.com> wrote:

> > I really do not want to revert this and feel that the only right fix is
> > going to be to update your selinux policy to allow this new check.  I'd
> > rather not allow (whatever program) to truncate() files willy-nilly (in
> > violation of the intentions of selinux policy)
> > 
> > I'm sorry I never saw it sooner.  We've had it in RHEL for even longer
> > than the 3 months it's been in -next.  I think the 'right' fix is going
> > to have to be an update to SELinux policy (for your long dead system, if
> > you give me the denial I can build you a new policy) rather than leaving
> > the potential security hole in mainline...
> 
> Andrew sent me his audit log and it didn't show anything.  But it got me
> thinking.  Now I think this actually is a code bug.  Andrew, can you
> test this?
> 
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 2e7bd67..20a4315 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2758,7 +2758,7 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
>  			ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
>  		return dentry_has_perm(cred, dentry, FILE__SETATTR);
>  
> -	if (ia_valid & ATTR_SIZE)
> +	if ((ia_valid & ATTR_SIZE) && selinux_policycap_openperm)
>  		av |= FILE__OPEN;
>  
>  	return dentry_has_perm(cred, dentry, av);

That fixed it.

^ permalink raw reply

* Re: [PATCH 3/3] Revert Backoff [v3]: Calculate TCP's connection close threshold as a time value.
From: Jerry Chu @ 2012-06-05 21:22 UTC (permalink / raw)
  To: Damian Lukowski; +Cc: Netdev, David Miller, Ilpo Järvinen
In-Reply-To: <1338921588.17263.6.camel@nexus>

On Tue, Jun 5, 2012 at 11:39 AM, Damian Lukowski
<damian@tvk.rwth-aachen.de> wrote:
> Am Dienstag, den 05.06.2012, 10:42 -0700 schrieb Jerry Chu:
>> On Mon, Jun 4, 2012 at 4:50 PM, Jerry Chu <hkchu@google.com> wrote:
>> > Hi Damian,
>> >
>> > On Mon, Jun 4, 2012 at 10:50 AM, Damian Lukowski
>> > <damian@tvk.rwth-aachen.de> wrote:
>> >> Hi Jerry,
>> >>
>> >> please verify, I understood you correctly.
>> >>
>> >> You have set TCP_RTO_MIN to a lower value, e.g. 0.002 seconds to improve
>> >> your internal low-latency traffic. Because of the improvement, R1
>> >> timeouts are triggered too fast for external high-RTT traffic. Is that
>> >> correct?
>> >
>> > Correct.
>> >
>> >> If so, may I suggest to set tcp_retries1 to a higher value? For
>> >> TCP_RTO_MIN == 0.002 and tcp_retries1 ==  10, R1 will be calculated to
>> >> approximately 4 seconds.
>> >
>> > I think hacking tcp_retries1 is the wrong solution. E.g., 10 retries may be too
>> > generous for those short RTT flows.
>> >
>> > I think the fundamental problem is - the ideal fix for your original RTO revert
>> > problem should've used the per-flow RTO to compute R1 & R2. But that
>> > computation may be too expensive so you used TCP_RTO_MIN as an
>> > approximation - not a good idea IMHO!
>>
>> Just realized the correct fix of using the original, non-backoff per flow RTO is
>> not any more expensive than the current code through ilog2(). What's needed
>> is a new field "base_rto" to record the original RTO before backoff. I'm leaning
>> toward this more accurate fix now without any fudge because fudging almost
>> always causes bugs.
>
>
> The current version of retransmits_timed_out() uses such a field
> already. I suppose, we can do a combination like the following?
>
> -       unsigned int rto_base = syn_set ? TCP_TIMEOUT_INIT : TCP_RTO_MIN;
> +       unsigned int rto_base = syn_set ? TCP_TIMEOUT_INIT : __tcp_set_rto(tcp_sk(sk));

Yes that could work and we probably don't need a new field for the original RTO.

But I started wondering what the problem you tried to solve initially. The old
counter (icsk_retransmits) based code was really easy to understand, debug, and
matched well with the API (sysctl_tcp_retries1, sysctl_tcp_retries2,
TCP_SYNCNT,...), which are all counter based. Moreover, my simple brain has
a strong prejudice against complex code unless the complexity is justified.

Could you point out where backoff revert might happen? (tcp_v4_err() when
handing ICMP errors?) And for those cases is it possible to either not increment
icsk_retransmits (as long as it won't get us into infinite
retransmissions), or invent
a separate field for the sole purpose of timeout check? Won't that be
much simpler
than your current fix?

Best,

Jerry

> +       rto_base = rto_base ? : TCP_RTO_MIN;
>
> -       if (!inet_csk(sk)->icsk_retransmits)
> +       if (inet_csk(sk)->icsk_retransmits < boundary)
>
>
> Regards
>  Damian
>
>>
>> Any comment is welcome. I'm not sure in the existing code if it makes sense
>> to apply the exponential backoff based computation to thin stream but it's a
>> separate question so I won't touch it.
>>
>> Jerry
>>
>> >
>> > The easiest solution I can see so far is to replace the check
>> >
>> > if (!inet_csk(sk)->icsk_retransmits)
>> >                return false;
>> >
>> > at the beginning of retransmits_timed_out() with
>> >
>> > if (inet_csk(sk)->icsk_retransmits < boundary)
>> >                return false;
>> >
>> > Best,
>> >
>> > Jerry
>> >
>> >>
>> >> Is that ok?
>> >>
>> >> Best regards
>> >>  Damian
>> >>
>> >> Am Freitag, den 01.06.2012, 15:58 -0700 schrieb Jerry Chu:
>> >>> > From: Damian Lukowski <damian@tvk.rwth-aachen.de>
>> >>> > Date: Wed, Aug 26, 2009 at 3:16 AM
>> >>> > Subject: [PATCH 3/3] Revert Backoff [v3]: Calculate TCP's connection close
>> >>> > threshold as a time value.
>> >>> > To: Netdev <netdev@vger.kernel.org>
>> >>> >
>> >>> >
>> >>> > RFC 1122 specifies two threshold values R1 and R2 for connection timeouts,
>> >>> > which may represent a number of allowed retransmissions or a timeout value.
>> >>> > Currently linux uses sysctl_tcp_retries{1,2} to specify the thresholds
>> >>> > in number of allowed retransmissions.
>> >>> >
>> >>> > For any desired threshold R2 (by means of time) one can specify tcp_retries2
>> >>> > (by means of number of retransmissions) such that TCP will not time out
>> >>> > earlier than R2. This is the case, because the RTO schedule follows a fixed
>> >>> > pattern, namely exponential backoff.
>> >>> >
>> >>> > However, the RTO behaviour is not predictable any more if RTO backoffs can
>> >>> > be
>> >>> > reverted, as it is the case in the draft
>> >>> > "Make TCP more Robust to Long Connectivity Disruptions"
>> >>> > (http://tools.ietf.org/html/draft-zimmermann-tcp-lcd).
>> >>> >
>> >>> > In the worst case TCP would time out a connection after 3.2 seconds, if the
>> >>> > initial RTO equaled MIN_RTO and each backoff has been reverted.
>> >>> >
>> >>> > This patch introduces a function retransmits_timed_out(N),
>> >>> > which calculates the timeout of a TCP connection, assuming an initial
>> >>> > RTO of MIN_RTO and N unsuccessful, exponentially backed-off retransmissions.
>> >>> >
>> >>> > Whenever timeout decisions are made by comparing the retransmission counter
>> >>> > to some value N, this function can be used, instead.
>> >>> >
>> >>> > The meaning of tcp_retries2 will be changed, as many more RTO
>> >>> > retransmissions
>> >>> > can occur than the value indicates. However, it yields a timeout which is
>> >>> > similar to the one of an unpatched, exponentially backing off TCP in the
>> >>> > same
>> >>> > scenario. As no application could rely on an RTO greater than MIN_RTO, there
>> >>> > should be no risk of a regression.
>> >>>
>> >>> This looks like a typical "fix one problem, introducing a few more" patch :(.
>> >>> What do you mean by "no application could rely on an RTO greater than
>> >>> MIN_RTO..."
>> >>> above? How can you make the assumption that RTO is not too far off
>> >>> from TCP_RTO_MIN?
>> >>>
>> >>> While you tried to address a problem where the retransmission count
>> >>> was high but the actual
>> >>> timeout duration was too short, have you considered the other case
>> >>> around, i.e., the timeout
>> >>> duration is long but the retransmission count is too short? This is
>> >>> exactly what's happening
>> >>> to us with your patch. We've much reduced TCP_RTO_MIN for our internal
>> >>> traffic, but not
>> >>> noticing your change has severely shortened the R1 & R2 recommended by
>> >>> RFC1122 for our
>> >>> long haul traffic until now. In many cases R1 threshold was met upon
>> >>> the first retrans timeout.
>> >>>
>> >>> I think retransmits_timed_out() should check against both time
>> >>> duration and retrans count
>> >>> (icsk_retransmits).
>> >>>
>> >>> Thought?
>> >>>
>> >>> Jerry
>> >>>
>> >>> >
>> >>> > Signed-off-by: Damian Lukowski <damian@tvk.rwth-aachen.de>
>> >>> > ---
>> >>> >  include/net/tcp.h    |   18 ++++++++++++++++++
>> >>> >  net/ipv4/tcp_timer.c |   11 +++++++----
>> >>> >  2 files changed, 25 insertions(+), 4 deletions(-)
>> >>> >
>> >>> > diff --git a/include/net/tcp.h b/include/net/tcp.h
>> >>> > index c35b329..17d1a88 100644
>> >>> > --- a/include/net/tcp.h
>> >>> > +++ b/include/net/tcp.h
>> >>> > @@ -1247,6 +1247,24 @@ static inline struct sk_buff
>> >>> > *tcp_write_queue_prev(struct sock *sk, struct sk_bu
>> >>> >  #define tcp_for_write_queue_from_safe(skb, tmp, sk)                    \
>> >>> >        skb_queue_walk_from_safe(&(sk)->sk_write_queue, skb, tmp)
>> >>> >
>> >>> > +static inline bool retransmits_timed_out(const struct sock *sk,
>> >>> > +                                        unsigned int boundary)
>> >>> > +{
>> >>> > +       int limit, K;
>> >>> > +       if (!inet_csk(sk)->icsk_retransmits)
>> >>> > +               return false;
>> >>> > +
>> >>> > +       K = ilog2(TCP_RTO_MAX/TCP_RTO_MIN);
>> >>> > +
>> >>> > +       if (boundary <= K)
>> >>> > +               limit = ((2 << boundary) - 1) * TCP_RTO_MIN;
>> >>> > +       else
>> >>> > +               limit = ((2 << K) - 1) * TCP_RTO_MIN +
>> >>> > +                       (boundary - K) * TCP_RTO_MAX;
>> >>> > +
>> >>> > +       return (tcp_time_stamp - tcp_sk(sk)->retrans_stamp) >= limit;
>> >>> > +}
>> >>> > +
>> >>> >  static inline struct sk_buff *tcp_send_head(struct sock *sk)
>> >>> >  {
>> >>> >        return sk->sk_send_head;
>> >>> > diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
>> >>> > index a3ba494..2972d7b 100644
>> >>> > --- a/net/ipv4/tcp_timer.c
>> >>> > +++ b/net/ipv4/tcp_timer.c
>> >>> > @@ -137,13 +137,14 @@ static int tcp_write_timeout(struct sock *sk)
>> >>> >  {
>> >>> >        struct inet_connection_sock *icsk = inet_csk(sk);
>> >>> >        int retry_until;
>> >>> > +       bool do_reset;
>> >>> >
>> >>> >        if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) {
>> >>> >                if (icsk->icsk_retransmits)
>> >>> >                        dst_negative_advice(&sk->sk_dst_cache);
>> >>> >                retry_until = icsk->icsk_syn_retries ? :
>> >>> > sysctl_tcp_syn_retries;
>> >>> >        } else {
>> >>> > -               if (icsk->icsk_retransmits >= sysctl_tcp_retries1) {
>> >>> > +               if (retransmits_timed_out(sk, sysctl_tcp_retries1)) {
>> >>> >                        /* Black hole detection */
>> >>> >                        tcp_mtu_probing(icsk, sk);
>> >>> >
>> >>> > @@ -155,13 +156,15 @@ static int tcp_write_timeout(struct sock *sk)
>> >>> >                        const int alive = (icsk->icsk_rto < TCP_RTO_MAX);
>> >>> >
>> >>> >                        retry_until = tcp_orphan_retries(sk, alive);
>> >>> > +                       do_reset = alive ||
>> >>> > +                                  !retransmits_timed_out(sk, retry_until);
>> >>> >
>> >>> > -                       if (tcp_out_of_resources(sk, alive ||
>> >>> > icsk->icsk_retransmits < retry_until))
>> >>> > +                       if (tcp_out_of_resources(sk, do_reset))
>> >>> >                                return 1;
>> >>> >                }
>> >>> >        }
>> >>> >
>> >>> > -       if (icsk->icsk_retransmits >= retry_until) {
>> >>> > +       if (retransmits_timed_out(sk, retry_until)) {
>> >>> >                /* Has it gone just too far? */
>> >>> >                tcp_write_err(sk);
>> >>> >                return 1;
>> >>> > @@ -385,7 +388,7 @@ void tcp_retransmit_timer(struct sock *sk)
>> >>> >  out_reset_timer:
>> >>> >        icsk->icsk_rto = min(icsk->icsk_rto << 1, TCP_RTO_MAX);
>> >>> >        inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, icsk->icsk_rto,
>> >>> > TCP_RTO_MAX);
>> >>> > -       if (icsk->icsk_retransmits > sysctl_tcp_retries1)
>> >>> > +       if (retransmits_timed_out(sk, sysctl_tcp_retries1 + 1))
>> >>> >                __sk_dst_reset(sk);
>> >>> >
>> >>> >  out:;
>> >>> > --
>> >>> > 1.6.3.3
>> >>> >
>> >>> > --
>> >>> > To unsubscribe from this list: send the line "unsubscribe netdev" in
>> >>> > the body of a message to majordomo@vger.kernel.org
>> >>> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
>> >>> >
>> >>
>> >>
>
>

^ permalink raw reply

* Re: [PATCH net-next 5/5] gianfar_ethtool: coding style and whitespace cleanups
From: David Miller @ 2012-06-05 21:37 UTC (permalink / raw)
  To: jan.ceuleers; +Cc: b06378, joe, netdev
In-Reply-To: <4FCDE447.3030103@computer.org>

From: Jan Ceuleers <jan.ceuleers@computer.org>
Date: Tue, 05 Jun 2012 12:49:43 +0200

> On 06/05/2012 11:14 AM, David Miller wrote:
>> From: Jan Ceuleers <jan.ceuleers@computer.org>
>> Date: Tue, 05 Jun 2012 07:54:29 +0200
>> 
>>> So your build environment happens to be one of powerpc, alpha or mips,
>>> does it?
>> 
>> No, I get those errors you posted too.
>> 
>> But like I said, you simply IGNORE THEM, and look for newly introduced
>> errors and warnings.
> 
> David,
> 
> The error I quoted was a fatal error, meaning that compilation did not
> proceed beyond the point to which the error pertained (inclusion of a

I know it's a fatal error.

I'm saying IGNORE it.  I get it TOO!

You look at what it outputs before your changes, and then you run it
again after your changes and see if anything NEW shows up.

That's how I found your typo.

^ permalink raw reply

* Re: [PATCH net-next 5/5] gianfar_ethtool: coding style and whitespace cleanups
From: David Miller @ 2012-06-05 21:38 UTC (permalink / raw)
  To: florian; +Cc: jan.ceuleers, b06378, joe, netdev
In-Reply-To: <4550590.BhQA539plh@flexo>

From: Florian Fainelli <florian@openwrt.org>
Date: Tue, 05 Jun 2012 12:54:34 +0200

> Hi,
> 
> On Tuesday 05 June 2012 12:49:43 Jan Ceuleers wrote:
>> On 06/05/2012 11:14 AM, David Miller wrote:
>> > From: Jan Ceuleers <jan.ceuleers@computer.org>
>> > Date: Tue, 05 Jun 2012 07:54:29 +0200
>> > 
>> >> So your build environment happens to be one of powerpc, alpha or mips,
>> >> does it?
>> > 
>> > No, I get those errors you posted too.
>> > 
>> > But like I said, you simply IGNORE THEM, and look for newly introduced
>> > errors and warnings.
>> 
>> David,
>> 
>> The error I quoted was a fatal error, meaning that compilation did not
>> proceed beyond the point to which the error pertained (inclusion of a
>> header that does not exist in my arch). So I cannot test-compile the
>> driver on my arch and draw any conclusions from that beyond line 91.
> 
> What about you setup a cross-compiler and build for one of these architectures 
> where the driver is enabled?

Dammit, people read what I'm saying.

This isn't even necessary for quick validation of patches.

You ignore the compile errors when you force build the driver, and
then you simply make sure you don't introduce any new errors of
warnings into the build.

For quick sanity checking a cross build is absolutely overkill and
simply not necessary.

^ permalink raw reply

* Re: [PATCH 1/1] net: add dev_loopback_xmit() to avoid duplicate code
From: David Miller @ 2012-06-05 21:41 UTC (permalink / raw)
  To: michel; +Cc: netdev, linux-kernel
In-Reply-To: <1338902613.2792.16.camel@Thor>

From: Michel Machado <michel@digirati.com.br>
Date: Tue, 05 Jun 2012 09:23:33 -0400

> Just to avoid bothering you further, should I resend this patch or not?

Always resend patches.

^ permalink raw reply

* Re: [PATCH v3 net-next 0/5] gianfar: coding style cleanups
From: David Miller @ 2012-06-05 22:38 UTC (permalink / raw)
  To: jan.ceuleers; +Cc: b06378, joe, netdev
In-Reply-To: <1338903735-24527-1-git-send-email-jan.ceuleers@computer.org>

From: Jan Ceuleers <jan.ceuleers@computer.org>
Date: Tue,  5 Jun 2012 15:42:10 +0200

> Various coding style cleanups, mostly whitespace and comment reformatting.
> 
> I have left a number of lines untouched where I felt that the changes I
> was considering were not improving readability. But de gustibus etc.
> 
> Patch 4/5 also removes some superfluous local variable initialisations.
> These are obviously correct because the variable is initialised again
> right after. But you might consider this to be unnecessary code churn
> because the compiler is unlikely to generate better code due to this patch.
> 
> WARNING: Compile-tested only. I do not have the hardware.

All applied, thanks Jan.

^ permalink raw reply

* Re: [Bug 43327] New: IP routing: cached route is applied to wrong network interface
From: David Miller @ 2012-06-05 22:40 UTC (permalink / raw)
  To: shemminger; +Cc: netdev
In-Reply-To: <20120531174641.2809b5c4@nehalam.linuxnetplumber.net>

From: Stephen Hemminger <shemminger@vyatta.com>
Date: Thu, 31 May 2012 17:46:41 -0700

> Subject: [Bug 43327] New: IP routing: cached route is applied to wrong network interface

I suspect we'll need to root the inetpeer trees in the fib rules
to fix this.

^ permalink raw reply

* Re: [PATCH] netdev: mv643xx_eth: Prevent build on PPC32
From: Ben Hutchings @ 2012-06-05 23:30 UTC (permalink / raw)
  To: Josh Boyer; +Cc: Lennert Buytenhek, Andrew Lunn, Olof Johansson, netdev
In-Reply-To: <20120605192820.GC7683@zod.bos.redhat.com>

[-- Attachment #1: Type: text/plain, Size: 1567 bytes --]

On Tue, 2012-06-05 at 15:28 -0400, Josh Boyer wrote:
> Commit 452503ebc (ARM: Orion: Eth: Add clk/clkdev support.) added use of
> the clk driver API which results in compile errors on architectures that
> don't implement the clk API.
> 
> ERROR: "clk_enable" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
> ERROR: "clk_disable" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
> ERROR: "clk_put" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
> ERROR: "clk_get_rate" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
> ERROR: "clk_get" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
> 
> Selecting CLKDEV_LOOKUP doesn't fix this either, as the build then fails with:
> 
> In file included from drivers/clk/clkdev.c:21:0:
> include/linux/clkdev.h:15:24: fatal error: asm/clkdev.h: No such file or directory
> 
> So we just prevent this from building at all on PPC32.
[...]

This dependency was introduced by:

commit 16b817579fb61050f1abcc0e81089974328a9c27
Author: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Date:   Sat Apr 16 15:24:30 2005 -0700

    [PATCH] ppc32: MV643XX ethernet is an option for Pegasos

commit 06ede91017d015a03cf8c1c87b3ff668f9a846e0
Author: Dale Farnsworth <dale@farnsworth.org>
Date:   Wed Sep 20 12:24:34 2006 -0700

    [PATCH] mv643xx_eth: restrict to 32-bit PPC_MULTIPLATFORM

If Pegasos is still supposed to be supported then this needs to be fixed
properly.

Ben.

-- 
Ben Hutchings
I haven't lost my mind; it's backed up on tape somewhere.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 828 bytes --]

^ permalink raw reply

* Re: [v2 PATCH] netfilter: xt_HMARK: fix endian bugs and warnings
From: Pablo Neira Ayuso @ 2012-06-05 23:41 UTC (permalink / raw)
  To: Hans Schillstrom
  Cc: kaber, jengelh, netfilter-devel, netdev, dan.carpenter,
	hans.schillstrom
In-Reply-To: <1337330146-26305-1-git-send-email-hans@schillstrom.com>

On Fri, May 18, 2012 at 10:35:46AM +0200, Hans Schillstrom wrote:
> A mix of u32 and __be32 causes endian warning.
> The hash value produced is now the same for big and little endian machines.
> i.e. a mix of Big and Little endian in a cluster is now possible.

Applied with minor glitches, Thanks Hans.

I have rewritten the description.

> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
> ---
>  include/linux/netfilter/xt_HMARK.h |    5 +++
>  net/netfilter/xt_HMARK.c           |   69 ++++++++++++++++++++----------------
>  2 files changed, 43 insertions(+), 31 deletions(-)
> 
> diff --git a/include/linux/netfilter/xt_HMARK.h b/include/linux/netfilter/xt_HMARK.h
> index abb1650..826fc58 100644
> --- a/include/linux/netfilter/xt_HMARK.h
> +++ b/include/linux/netfilter/xt_HMARK.h
> @@ -27,7 +27,12 @@ union hmark_ports {
>  		__u16	src;
>  		__u16	dst;
>  	} p16;
> +	struct {
> +		__be16	src;
> +		__be16	dst;
> +	} b16;
>  	__u32	v32;
> +	__be32	b32;
>  };
>  
>  struct xt_hmark_info {
> diff --git a/net/netfilter/xt_HMARK.c b/net/netfilter/xt_HMARK.c
> index 0a96a43..5119666 100644
> --- a/net/netfilter/xt_HMARK.c
> +++ b/net/netfilter/xt_HMARK.c
> @@ -32,13 +32,13 @@ MODULE_ALIAS("ipt_HMARK");
>  MODULE_ALIAS("ip6t_HMARK");
>  
>  struct hmark_tuple {
> -	u32			src;
> -	u32			dst;
> +	__be32			src;
> +	__be32			dst;
>  	union hmark_ports	uports;
>  	uint8_t			proto;

I have converted this uint8_t to u8. I think I'm responsible for that
slipped through.

>  };
>  
> -static inline u32 hmark_addr6_mask(const __u32 *addr32, const __u32 *mask)
> +static inline __be32 hmark_addr6_mask(const __be32 *addr32, const __be32 *mask)
>  {
>  	return (addr32[0] & mask[0]) ^
>  	       (addr32[1] & mask[1]) ^
> @@ -46,8 +46,8 @@ static inline u32 hmark_addr6_mask(const __u32 *addr32, const __u32 *mask)
>  	       (addr32[3] & mask[3]);
>  }
>  
> -static inline u32
> -hmark_addr_mask(int l3num, const __u32 *addr32, const __u32 *mask)
> +static inline __be32
> +hmark_addr_mask(int l3num, const __be32 *addr32, const __be32 *mask)
>  {
>  	switch (l3num) {
>  	case AF_INET:
> @@ -58,6 +58,22 @@ hmark_addr_mask(int l3num, const __u32 *addr32, const __u32 *mask)
>  	return 0;
>  }
>  
> +static inline void hmark_swap_ports(union hmark_ports *uports,
> +				    const struct xt_hmark_info *info)
> +{
> +	union hmark_ports hp;
> +	u16 src,dst;
> +
> +	hp.b32 = (uports->b32 & info->port_mask.b32) | info->port_set.b32;
> +	src = ntohs(hp.b16.src);
> +	dst = ntohs(hp.b16.dst);
> +
> +	if (dst > src)
> +		uports->v32 = (dst << 16) | src;
> +	else
> +		uports->v32 = (src << 16) | dst;
> +}
> +
>  static int
>  hmark_ct_set_htuple(const struct sk_buff *skb, struct hmark_tuple *t,
>  		    const struct xt_hmark_info *info)
> @@ -74,22 +90,19 @@ hmark_ct_set_htuple(const struct sk_buff *skb, struct hmark_tuple *t,
>  	otuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
>  	rtuple = &ct->tuplehash[IP_CT_DIR_REPLY].tuple;
>  
> -	t->src = hmark_addr_mask(otuple->src.l3num, otuple->src.u3.all,
> -				 info->src_mask.all);
> -	t->dst = hmark_addr_mask(otuple->src.l3num, rtuple->src.u3.all,
> -				 info->dst_mask.all);
> +	t->src = hmark_addr_mask(otuple->src.l3num, otuple->src.u3.ip6,
> +				 info->src_mask.ip6);
> +	t->dst = hmark_addr_mask(otuple->src.l3num, rtuple->src.u3.ip6,
> +				 info->dst_mask.ip6);
>  
>  	if (info->flags & XT_HMARK_FLAG(XT_HMARK_METHOD_L3))
>  		return 0;
>  
>  	t->proto = nf_ct_protonum(ct);
>  	if (t->proto != IPPROTO_ICMP) {
> -		t->uports.p16.src = otuple->src.u.all;
> -		t->uports.p16.dst = rtuple->src.u.all;
> -		t->uports.v32 = (t->uports.v32 & info->port_mask.v32) |
> -				info->port_set.v32;
> -		if (t->uports.p16.dst < t->uports.p16.src)
> -			swap(t->uports.p16.dst, t->uports.p16.src);
> +		t->uports.b16.src = otuple->src.u.all;
> +		t->uports.b16.dst = rtuple->src.u.all;
> +		hmark_swap_ports(&t->uports, info);
>  	}
>  
>  	return 0;
> @@ -102,11 +115,13 @@ static inline u32

I've added this comment on top of hmark_hash:

/* This hash function is endian independent, to ensure consistent hashing if
 * the cluster is composed of big and little endian systems. */

In case that someone is curious about all those conversions.

>  hmark_hash(struct hmark_tuple *t, const struct xt_hmark_info *info)
[...]

^ permalink raw reply

* Re: [Resend PATCH 1/2] netfilter: remove include/linux/netfilter_ipv4/ipt_addrtype.h
From: Pablo Neira Ayuso @ 2012-06-05 23:41 UTC (permalink / raw)
  To: Cong Wang; +Cc: netfilter-devel, netdev, Cong Wang
In-Reply-To: <1337438341-29732-1-git-send-email-amwang@redhat.com>

On Sat, May 19, 2012 at 10:39:00PM +0800, Cong Wang wrote:
> From: Cong Wang <xiyou.wangcong@gmail.com>
> 
> It was scheduled to be removed.

Applied, thanks.

^ permalink raw reply

* Re: [Resend PATCH 2/2] netfilter: remove rev 0 of xt_connlimit
From: Pablo Neira Ayuso @ 2012-06-05 23:41 UTC (permalink / raw)
  To: Cong Wang; +Cc: netfilter-devel, netdev, Cong Wang, Jan Engelhardt
In-Reply-To: <1337438341-29732-2-git-send-email-amwang@redhat.com>

On Sat, May 19, 2012 at 10:39:01PM +0800, Cong Wang wrote:
> From: Cong Wang <xiyou.wangcong@gmail.com>
> 
> It was scheduled to be removed.

Applied, thanks.

^ permalink raw reply

* Re: [PATCH 01/15] netfilter: add namespace support for l4proto
From: Pablo Neira Ayuso @ 2012-06-05 23:56 UTC (permalink / raw)
  To: Gao feng
  Cc: netfilter-devel, netdev, serge.hallyn, ebiederm, dlezcano,
	Gao feng
In-Reply-To: <1338275063-11711-2-git-send-email-gaofeng@cn.fujitsu.com>

On Tue, May 29, 2012 at 03:04:09PM +0800, Gao feng wrote:
> From: Gao feng <gaofeng@cn.fujitus.com>
> 
> struct nf_proto_net stroes proto's ctl_table_header and ctl_table,
> nf_ct_l4proto_(un)register_sysctl use it to register sysctl.
> because AF_INET6's protocols need not do compat, so register or
> unregister sysctl when l4proto.l3proto != AF_INET6.
> 
> - the net_id field is used to store the pernet_operations id
>   that belones to l4proto.
> 
> - init_net will be used to initial the proto's pernet data
> 
> - nf_ct_(un)register_sysctl are changed to support net namespace,
>   use (un)register_net_sysctl_table replaces (un)register_sysctl_paths.
>   and in nf_ct_unregister_sysctl,kfree table only when users is 0.
> 
> - Add the struct net as param of nf_conntrack_l4proto_(un)register.
>   register or unregister the l4proto only when the net is init_net.
> 
> - nf_conntrack_l4proto_register call init_net to initial the pernet
>   data of l4proto.
> 
> - nf_ct_l4proto_net is used to get the pernet data of l4proto.
> 
> - use init_net as a param of nf_conntrack_l4proto_(un)register.

I have applied this patchset, but I had to rewrite the patch
descriptions.

I don't blame your English neither your writing abilities (I'm not
native speaker and not that good at writing either) but I think you
can make it better next time.

Basically, you don't need to comment every single change that the
patch does. That's easy to see by looking at the patchset.

Instead, just provide brief explanation on your intentions with the
patch, clarify things that may look not obvious to the reviewer and
what we'll get with this.

^ permalink raw reply

* Re: [PATCH] netfilter: xt_recent: Add optional mask option for xt_recent
From: Pablo Neira Ayuso @ 2012-06-06  0:01 UTC (permalink / raw)
  To: Denys Fedoryshchenko; +Cc: Linux netdev
In-Reply-To: <1337285238-13589-1-git-send-email-denys@visp.net.lb>

On Thu, May 17, 2012 at 11:07:18PM +0300, Denys Fedoryshchenko wrote:
> Use case for this feature:
> 1)In some occasions if you need to allow,block,match specific subnet.
> 2)I can use recent as a trigger when netfilter rule matches, with mask 0.0.0.0
> 
> Tested for backward compatibility:
> )old (userspace) iptables, new kernel
> )old kernel, new iptables
> )new kernel, new iptables
> 
> For v2:
>  As Pablo Neira Ayuso suggested, moved nf_inet_addr_mask to xt_recent.h
>  and made info_v1 as a stack variable.

Applied with some minor glitches (see below).

Thanks Denys.

> Signed-off-by: Denys Fedoryshchenko <denys@visp.net.lb>
> CC: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
>  include/linux/netfilter/xt_recent.h |   20 +++++++++++
>  net/netfilter/xt_recent.c           |   62 ++++++++++++++++++++++++++++++----
>  2 files changed, 74 insertions(+), 8 deletions(-)
> 
> diff --git a/include/linux/netfilter/xt_recent.h b/include/linux/netfilter/xt_recent.h
> index 83318e0..5f69ebc 100644
> --- a/include/linux/netfilter/xt_recent.h
> +++ b/include/linux/netfilter/xt_recent.h
> @@ -32,4 +32,24 @@ struct xt_recent_mtinfo {
>  	__u8 side;
>  };
>  
> +struct xt_recent_mtinfo_v1 {
> +	__u32 seconds;
> +	__u32 hit_count;
> +	__u8 check_set;
> +	__u8 invert;
> +	char name[XT_RECENT_NAME_LEN];
> +	__u8 side;
> +	union nf_inet_addr mask;
> +};
> +
> +static inline void nf_inet_addr_mask(const union nf_inet_addr *a1,
> +				    union nf_inet_addr *result,
> +				    const union nf_inet_addr *mask)
> +{
> +	result->all[0] = a1->all[0] & mask->all[0];
> +	result->all[1] = a1->all[1] & mask->all[1];
> +	result->all[2] = a1->all[2] & mask->all[2];
> +	result->all[3] = a1->all[3] & mask->all[3];

Yes, I told you to move this to xt_recent. But then I noticed that
nf_inet_addr_cmp in linux/netfilter.h. and well, this is static inline
and other may get some benefit with it.

Yes, I'm changing my mind :-).

> +}
> +
>  #endif /* _LINUX_NETFILTER_XT_RECENT_H */
> diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
> index fc0d6db..ca4375c 100644
> --- a/net/netfilter/xt_recent.c
> +++ b/net/netfilter/xt_recent.c
> @@ -75,6 +75,7 @@ struct recent_entry {
>  struct recent_table {
>  	struct list_head	list;
>  	char			name[XT_RECENT_NAME_LEN];
> +	union nf_inet_addr	mask;
>  	unsigned int		refcnt;
>  	unsigned int		entries;
>  	struct list_head	lru_list;
> @@ -228,10 +229,11 @@ recent_mt(const struct sk_buff *skb, struct xt_action_param *par)
>  {
>  	struct net *net = dev_net(par->in ? par->in : par->out);
>  	struct recent_net *recent_net = recent_pernet(net);
> -	const struct xt_recent_mtinfo *info = par->matchinfo;
> +	const struct xt_recent_mtinfo_v1 *info = par->matchinfo;
>  	struct recent_table *t;
>  	struct recent_entry *e;
>  	union nf_inet_addr addr = {};
> +	union nf_inet_addr addr_masked;

I've put addr_masked with addr (same line).

>  	u_int8_t ttl;
>  	bool ret = info->invert;
>  
> @@ -261,12 +263,15 @@ recent_mt(const struct sk_buff *skb, struct xt_action_param *par)
>  
>  	spin_lock_bh(&recent_lock);
>  	t = recent_table_lookup(recent_net, info->name);
> -	e = recent_entry_lookup(t, &addr, par->family,
> +
> +	nf_inet_addr_mask(&addr, &addr_masked, &t->mask);
> +
> +	e = recent_entry_lookup(t, &addr_masked, par->family,
>  				(info->check_set & XT_RECENT_TTL) ? ttl : 0);
>  	if (e == NULL) {
>  		if (!(info->check_set & XT_RECENT_SET))
>  			goto out;
> -		e = recent_entry_init(t, &addr, par->family, ttl);
> +		e = recent_entry_init(t, &addr_masked, par->family, ttl);
>  		if (e == NULL)
>  			par->hotdrop = true;
>  		ret = !ret;
> @@ -306,10 +311,10 @@ out:
>  	return ret;
>  }
>  
> -static int recent_mt_check(const struct xt_mtchk_param *par)
> +static int recent_mt_check(const struct xt_mtchk_param *par,
> +	const struct xt_recent_mtinfo_v1 *info)
>  {
>  	struct recent_net *recent_net = recent_pernet(par->net);
> -	const struct xt_recent_mtinfo *info = par->matchinfo;
>  	struct recent_table *t;
>  #ifdef CONFIG_PROC_FS
>  	struct proc_dir_entry *pde;
> @@ -361,6 +366,8 @@ static int recent_mt_check(const struct xt_mtchk_param *par)
>  		goto out;
>  	}
>  	t->refcnt = 1;
> +
> +	memcpy(&t->mask, &info->mask, sizeof(t->mask));
>  	strcpy(t->name, info->name);
>  	INIT_LIST_HEAD(&t->lru_list);
>  	for (i = 0; i < ip_list_hash_size; i++)
> @@ -385,10 +392,29 @@ out:
>  	return ret;
>  }
>  
> +static int recent_mt_check_v0(const struct xt_mtchk_param *par)
> +{
> +	const struct xt_recent_mtinfo_v0 *info_v0 = par->matchinfo;
> +	struct xt_recent_mtinfo_v1 info_v1;
> +	int ret;
> +
> +	/* Copy old data */
> +	memcpy(&info_v1, info_v0, sizeof(struct xt_recent_mtinfo));
> +	/* Default mask will make same behavior as old recent */
> +	memset(info_v1.mask.all, 0xFF, sizeof(info_v1.mask.all));
> +	ret = recent_mt_check(par, &info_v1);
> +	return ret;

return recent_mt_check(...)

I removed that ret variable.

> +}
> +
> +static int recent_mt_check_v1(const struct xt_mtchk_param *par)
> +{
> +	return recent_mt_check(par, par->matchinfo);
> +}
> +
>  static void recent_mt_destroy(const struct xt_mtdtor_param *par)
>  {
>  	struct recent_net *recent_net = recent_pernet(par->net);
> -	const struct xt_recent_mtinfo *info = par->matchinfo;
> +	const struct xt_recent_mtinfo_v1 *info = par->matchinfo;
>  	struct recent_table *t;
>  
>  	mutex_lock(&recent_mutex);
> @@ -625,7 +651,7 @@ static struct xt_match recent_mt_reg[] __read_mostly = {
>  		.family     = NFPROTO_IPV4,
>  		.match      = recent_mt,
>  		.matchsize  = sizeof(struct xt_recent_mtinfo),
> -		.checkentry = recent_mt_check,
> +		.checkentry = recent_mt_check_v0,
>  		.destroy    = recent_mt_destroy,
>  		.me         = THIS_MODULE,
>  	},
> @@ -635,10 +661,30 @@ static struct xt_match recent_mt_reg[] __read_mostly = {
>  		.family     = NFPROTO_IPV6,
>  		.match      = recent_mt,
>  		.matchsize  = sizeof(struct xt_recent_mtinfo),
> -		.checkentry = recent_mt_check,
> +		.checkentry = recent_mt_check_v0,
> +		.destroy    = recent_mt_destroy,
> +		.me         = THIS_MODULE,
> +	},
> +	{
> +		.name       = "recent",
> +		.revision   = 1,
> +		.family     = NFPROTO_IPV4,
> +		.match      = recent_mt,
> +		.matchsize  = sizeof(struct xt_recent_mtinfo_v1),
> +		.checkentry = recent_mt_check_v1,
>  		.destroy    = recent_mt_destroy,
>  		.me         = THIS_MODULE,
>  	},
> +	{
> +		.name       = "recent",
> +		.revision   = 1,
> +		.family     = NFPROTO_IPV6,
> +		.match      = recent_mt,
> +		.matchsize  = sizeof(struct xt_recent_mtinfo_v1),
> +		.checkentry = recent_mt_check_v1,
> +		.destroy    = recent_mt_destroy,
> +		.me         = THIS_MODULE,
> +	}
>  };
>  
>  static int __init recent_mt_init(void)
> -- 
> 1.7.3.4
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply

* Re: [PATCH 2/6] netfilter: decnet: switch hook PFs to nfproto
From: Pablo Neira Ayuso @ 2012-06-06  0:02 UTC (permalink / raw)
  To: Alban Crequy
  Cc: Patrick McHardy, Vincent Sanders, Javier Martinez Canillas,
	netfilter-devel, netdev
In-Reply-To: <1337003799-2517-2-git-send-email-alban.crequy@collabora.co.uk>

On Mon, May 14, 2012 at 02:56:35PM +0100, Alban Crequy wrote:
> NFPROTO_* constants were usually equal to PF_* constants but it is not
> necessary and it will waste less memory if we don't do so (see commit 7e9c6e
> "netfilter: Introduce NFPROTO_* constants")

Applied, thanks.

But I rewrote the description to just say that this is a consistency
cleanup (other hooks use NFPROTO_*).

Hm, by grepping net/netfilter for PF_* still some netfilter subsystems
(like ipset) show up using it.

Perhaps we can take another patch for these.

^ permalink raw reply

* Re: [PATCH 3/6] netfilter: bridge: switch hook PFs to nfproto
From: Pablo Neira Ayuso @ 2012-06-06  0:03 UTC (permalink / raw)
  To: Alban Crequy
  Cc: Patrick McHardy, Vincent Sanders, Javier Martinez Canillas,
	netfilter-devel, netdev
In-Reply-To: <1337003799-2517-3-git-send-email-alban.crequy@collabora.co.uk>

On Mon, May 14, 2012 at 02:56:36PM +0100, Alban Crequy wrote:
> NFPROTO_* constants were usually equal to PF_* constants but it is not
> necessary and it will waste less memory if we don't do so (see commit 7e9c6e
> "netfilter: Introduce NFPROTO_* constants")

Applied, thanks.

^ permalink raw reply

* Re: [PATCH 4/6] netfilter: ipv4, defrag: switch hook PFs to nfproto
From: Pablo Neira Ayuso @ 2012-06-06  0:03 UTC (permalink / raw)
  To: Alban Crequy
  Cc: Patrick McHardy, Vincent Sanders, Javier Martinez Canillas,
	netfilter-devel, netdev
In-Reply-To: <1337003799-2517-4-git-send-email-alban.crequy@collabora.co.uk>

On Mon, May 14, 2012 at 02:56:37PM +0100, Alban Crequy wrote:
> NFPROTO_* constants were usually equal to PF_* constants but it is not
> necessary and it will waste less memory if we don't do so (see commit 7e9c6e
> "netfilter: Introduce NFPROTO_* constants")

Applied (with that description rewrite as said), thanks.

^ permalink raw reply

* Re: [PATCH 5/6] netfilter: ipvs: switch hook PFs to nfproto
From: Pablo Neira Ayuso @ 2012-06-06  0:03 UTC (permalink / raw)
  To: Alban Crequy
  Cc: Patrick McHardy, Vincent Sanders, Javier Martinez Canillas,
	netfilter-devel, netdev
In-Reply-To: <1337003799-2517-5-git-send-email-alban.crequy@collabora.co.uk>

Applied, thanks.

^ permalink raw reply

* Re: [PATCH 6/6] netfilter: selinux: switch hook PFs to nfproto
From: Pablo Neira Ayuso @ 2012-06-06  0:03 UTC (permalink / raw)
  To: Alban Crequy
  Cc: Patrick McHardy, Vincent Sanders, Javier Martinez Canillas,
	netfilter-devel, netdev
In-Reply-To: <1337003799-2517-6-git-send-email-alban.crequy@collabora.co.uk>

And finally this applied as well.

^ permalink raw reply

* Re: NETDEV WATCHDOG: eth0 (atl1c): transmit queue 0 timed out
From: Jonathan Nieder @ 2012-06-06  0:38 UTC (permalink / raw)
  To: Thomas Meyer
  Cc: Eric Dumazet, Linux Kernel Mailing List, jcliburn, chris.snook,
	netdev, Josh Boyer
In-Reply-To: <1330163565.1419.5.camel@localhost.localdomain>

In February, 2012, Thomas Meyer wrote:
> Am Freitag, den 24.02.2012, 20:20 +0100 schrieb Eric Dumazet:

>> Here is a cumulative patch to hopefuly remove the races in this driver,
>> could you please test it ?
[...]
> just building a 3.2.7 kernel with your patch applied. I will watch out
> for the warning in the next days.

Well, did it work? :)

In suspense,
Jonathan

^ permalink raw reply

* Re: [PATCH] netdev: mv643xx_eth: Prevent build on PPC32
From: Lennert Buytenhek @ 2012-06-06  0:49 UTC (permalink / raw)
  To: Josh Boyer; +Cc: Andrew Lunn, Olof Johansson, netdev
In-Reply-To: <20120605192820.GC7683@zod.bos.redhat.com>

On Tue, Jun 05, 2012 at 03:28:21PM -0400, Josh Boyer wrote:

> Commit 452503ebc (ARM: Orion: Eth: Add clk/clkdev support.) added use of
> the clk driver API which results in compile errors on architectures that
> don't implement the clk API.
> 
> ERROR: "clk_enable" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
> ERROR: "clk_disable" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
> ERROR: "clk_put" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
> ERROR: "clk_get_rate" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
> ERROR: "clk_get" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined!
> 
> Selecting CLKDEV_LOOKUP doesn't fix this either, as the build then fails with:
> 
> In file included from drivers/clk/clkdev.c:21:0:
> include/linux/clkdev.h:15:24: fatal error: asm/clkdev.h: No such file or directory
> 
> So we just prevent this from building at all on PPC32.

If the PPC32 dependency is no longer relevant (e.g. if Pegasos platform
support was removed from the kernel), then the commit message should
mention that -- the above reasoning is a poor sole justification for
this change.

^ permalink raw reply

* Re: [PATCH 01/15] netfilter: add namespace support for l4proto
From: Gao feng @ 2012-06-06  0:56 UTC (permalink / raw)
  To: Pablo Neira Ayuso
  Cc: netfilter-devel, netdev, serge.hallyn, ebiederm, dlezcano,
	Gao feng
In-Reply-To: <20120605235600.GB27222@1984>

Hi pablo
于 2012年06月06日 07:56, Pablo Neira Ayuso 写道:
> On Tue, May 29, 2012 at 03:04:09PM +0800, Gao feng wrote:
>> From: Gao feng <gaofeng@cn.fujitus.com>
>>
>> struct nf_proto_net stroes proto's ctl_table_header and ctl_table,
>> nf_ct_l4proto_(un)register_sysctl use it to register sysctl.
>> because AF_INET6's protocols need not do compat, so register or
>> unregister sysctl when l4proto.l3proto != AF_INET6.
>>
>> - the net_id field is used to store the pernet_operations id
>>   that belones to l4proto.
>>
>> - init_net will be used to initial the proto's pernet data
>>
>> - nf_ct_(un)register_sysctl are changed to support net namespace,
>>   use (un)register_net_sysctl_table replaces (un)register_sysctl_paths.
>>   and in nf_ct_unregister_sysctl,kfree table only when users is 0.
>>
>> - Add the struct net as param of nf_conntrack_l4proto_(un)register.
>>   register or unregister the l4proto only when the net is init_net.
>>
>> - nf_conntrack_l4proto_register call init_net to initial the pernet
>>   data of l4proto.
>>
>> - nf_ct_l4proto_net is used to get the pernet data of l4proto.
>>
>> - use init_net as a param of nf_conntrack_l4proto_(un)register.
> 
> I have applied this patchset, but I had to rewrite the patch
> descriptions.
> 
> I don't blame your English neither your writing abilities (I'm not
> native speaker and not that good at writing either) but I think you
> can make it better next time.

I apologize for my pool English and writing abilities.
Maybe I should take an english course...

> 
> Basically, you don't need to comment every single change that the
> patch does. That's easy to see by looking at the patchset.
> 
> Instead, just provide brief explanation on your intentions with the
> patch, clarify things that may look not obvious to the reviewer and
> what we'll get with this.

Got it, thanks for teaching me this. ;)

> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply

* Crash in network stack
From: Naveen B N (nbn) @ 2012-06-06  2:28 UTC (permalink / raw)
  To: ipsec-tools-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org,
	netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org

[-- Attachment #1: Type: text/plain, Size: 3205 bytes --]

Hi All
I am trying to edit esp flow in kernel , I have edited the ip_rcv() , just to avoid xfrm look up
For ipsec processing I have a simple database for storing xfrm_state values.
In ip_rcv() I have decrypted the ESP packet and I am calling netif_rx(skb) , I am successfully 
Able to receive the packet in user space , where the user application is listening on Inner Ip 
Address. But kernel crashes if I send multiple packets . 
I am unable to figure out this , I am using  user mode kernel, host linux is 2.6.34 version, 
Same code base is used to build UML kernel, x86. 

I am attaching the net/ipv4/ip_input.c file , Please help me to figure out this crash.

Kernel panic - not syncing: Kernel mode signal 4
0823c748:  [<081beb4b>] dump_stack+0x1c/0x20
0823c760:  [<081beb84>] panic+0x35/0x9d
0823c788:  [<0805a107>] relay_signal+0x31/0x6c
0823c7a8:  [<08065a9a>] sig_handler_common+0x61/0x70
0823c820:  [<08065bc2>] sig_handler+0x31/0x3d
0823c82c:  [<08065d5b>] handle_signal+0x4f/0x7d
0823c84c:  [<080673f7>] hard_handler+0xf/0x14
0823c85c:  [<b783d400>] 0xb783d400
0823cb7c:  [<080b3772>] __kmalloc+0x70/0x9c
0823cb9c:  [<0816b95d>] __alloc_skb+0x52/0x11c
0823cbc8:  [<0816c344>] dev_alloc_skb+0x15/0x2c
0823cbe0:  [<0805e871>] uml_net_rx+0x19/0x9e
0823cbfc:  [<0805e9d9>] uml_net_interrupt+0x16/0x5c
0823cc08:  [<080947d0>] handle_IRQ_event+0x20/0xa7
0823cc24:  [<080948aa>] __do_IRQ+0x53/0x93
0823cc40:  [<080581a8>] do_IRQ+0x1f/0x34
0823cc50:  [<08058340>] sigio_handler+0x46/0x5c
0823cc68:  [<08065a9a>] sig_handler_common+0x61/0x70
0823cce0:  [<08065bc2>] sig_handler+0x31/0x3d
0823ccec:  [<08065d5b>] handle_signal+0x4f/0x7d
0823cd0c:  [<080673f7>] hard_handler+0xf/0x14
0823cd1c:  [<b783d400>] 0xb783d400



EIP: 0073:[<b7723861>] CPU: 0 Tainted: P           ESP: 007b:bfe1cbfc EFLAGS: 00000246
    Tainted: P
EAX: 00000000 EBX: 00006222 ECX: 00000013 EDX: 00006222
ESI: 0000621e EDI: 0000001c EBP: bfe1cc18 DS: 007b ES: 007b
0823c6f8:  [<0806aae7>] show_regs+0xc4/0xc9
0823c724:  [<0805a70a>] panic_exit+0x25/0x3b
0823c738:  [<08086063>] notifier_call_chain+0x27/0x4c
0823c760:  [<080860b6>] atomic_notifier_call_chain+0x15/0x17
0823c770:  [<081beb9f>] panic+0x50/0x9d
0823c788:  [<0805a107>] relay_signal+0x31/0x6c
0823c7a8:  [<08065a9a>] sig_handler_common+0x61/0x70
0823c820:  [<08065bc2>] sig_handler+0x31/0x3d
0823c82c:  [<08065d5b>] handle_signal+0x4f/0x7d
0823c84c:  [<080673f7>] hard_handler+0xf/0x14
0823c85c:  [<b783d400>] 0xb783d400
0823cb7c:  [<080b3772>] __kmalloc+0x70/0x9c
0823cb9c:  [<0816b95d>] __alloc_skb+0x52/0x11c
0823cbc8:  [<0816c344>] dev_alloc_skb+0x15/0x2c
0823cbe0:  [<0805e871>] uml_net_rx+0x19/0x9e
0823cbfc:  [<0805e9d9>] uml_net_interrupt+0x16/0x5c
0823cc08:  [<080947d0>] handle_IRQ_event+0x20/0xa7
0823cc24:  [<080948aa>] __do_IRQ+0x53/0x93
0823cc40:  [<080581a8>] do_IRQ+0x1f/0x34
0823cc50:  [<08058340>] sigio_handler+0x46/0x5c
0823cc68:  [<08065a9a>] sig_handler_common+0x61/0x70
0823cce0:  [<08065bc2>] sig_handler+0x31/0x3d
0823ccec:  [<08065d5b>] handle_signal+0x4f/0x7d
0823cd0c:  [<080673f7>] hard_handler+0xf/0x14
0823cd1c:  [<b783d400>] 0xb783d400


Thanks and Regards
Naveen

[-- Attachment #2: ip_input.c --]
[-- Type: text/plain, Size: 24045 bytes --]

/*
 * INET		An implementation of the TCP/IP protocol suite for the LINUX
 *		operating system.  INET is implemented using the  BSD Socket
 *		interface as the means of communication with the user level.
 *
 *		The Internet Protocol (IP) module.
 *
 * Authors:	Ross Biro
 *		Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
 *		Donald Becker, <becker@super.org>
 *		Alan Cox, <alan@lxorguk.ukuu.org.uk>
 *		Richard Underwood
 *		Stefan Becker, <stefanb@yello.ping.de>
 *		Jorge Cwik, <jorge@laser.satlink.net>
 *		Arnt Gulbrandsen, <agulbra@nvg.unit.no>
 *
 *
 * Fixes:
 *		Alan Cox	:	Commented a couple of minor bits of surplus code
 *		Alan Cox	:	Undefining IP_FORWARD doesn't include the code
 *					(just stops a compiler warning).
 *		Alan Cox	:	Frames with >=MAX_ROUTE record routes, strict routes or loose routes
 *					are junked rather than corrupting things.
 *		Alan Cox	:	Frames to bad broadcast subnets are dumped
 *					We used to process them non broadcast and
 *					boy could that cause havoc.
 *		Alan Cox	:	ip_forward sets the free flag on the
 *					new frame it queues. Still crap because
 *					it copies the frame but at least it
 *					doesn't eat memory too.
 *		Alan Cox	:	Generic queue code and memory fixes.
 *		Fred Van Kempen :	IP fragment support (borrowed from NET2E)
 *		Gerhard Koerting:	Forward fragmented frames correctly.
 *		Gerhard Koerting: 	Fixes to my fix of the above 8-).
 *		Gerhard Koerting:	IP interface addressing fix.
 *		Linus Torvalds	:	More robustness checks
 *		Alan Cox	:	Even more checks: Still not as robust as it ought to be
 *		Alan Cox	:	Save IP header pointer for later
 *		Alan Cox	:	ip option setting
 *		Alan Cox	:	Use ip_tos/ip_ttl settings
 *		Alan Cox	:	Fragmentation bogosity removed
 *					(Thanks to Mark.Bush@prg.ox.ac.uk)
 *		Dmitry Gorodchanin :	Send of a raw packet crash fix.
 *		Alan Cox	:	Silly ip bug when an overlength
 *					fragment turns up. Now frees the
 *					queue.
 *		Linus Torvalds/ :	Memory leakage on fragmentation
 *		Alan Cox	:	handling.
 *		Gerhard Koerting:	Forwarding uses IP priority hints
 *		Teemu Rantanen	:	Fragment problems.
 *		Alan Cox	:	General cleanup, comments and reformat
 *		Alan Cox	:	SNMP statistics
 *		Alan Cox	:	BSD address rule semantics. Also see
 *					UDP as there is a nasty checksum issue
 *					if you do things the wrong way.
 *		Alan Cox	:	Always defrag, moved IP_FORWARD to the config.in file
 *		Alan Cox	: 	IP options adjust sk->priority.
 *		Pedro Roque	:	Fix mtu/length error in ip_forward.
 *		Alan Cox	:	Avoid ip_chk_addr when possible.
 *	Richard Underwood	:	IP multicasting.
 *		Alan Cox	:	Cleaned up multicast handlers.
 *		Alan Cox	:	RAW sockets demultiplex in the BSD style.
 *		Gunther Mayer	:	Fix the SNMP reporting typo
 *		Alan Cox	:	Always in group 224.0.0.1
 *	Pauline Middelink	:	Fast ip_checksum update when forwarding
 *					Masquerading support.
 *		Alan Cox	:	Multicast loopback error for 224.0.0.1
 *		Alan Cox	:	IP_MULTICAST_LOOP option.
 *		Alan Cox	:	Use notifiers.
 *		Bjorn Ekwall	:	Removed ip_csum (from slhc.c too)
 *		Bjorn Ekwall	:	Moved ip_fast_csum to ip.h (inline!)
 *		Stefan Becker   :       Send out ICMP HOST REDIRECT
 *	Arnt Gulbrandsen	:	ip_build_xmit
 *		Alan Cox	:	Per socket routing cache
 *		Alan Cox	:	Fixed routing cache, added header cache.
 *		Alan Cox	:	Loopback didn't work right in original ip_build_xmit - fixed it.
 *		Alan Cox	:	Only send ICMP_REDIRECT if src/dest are the same net.
 *		Alan Cox	:	Incoming IP option handling.
 *		Alan Cox	:	Set saddr on raw output frames as per BSD.
 *		Alan Cox	:	Stopped broadcast source route explosions.
 *		Alan Cox	:	Can disable source routing
 *		Takeshi Sone    :	Masquerading didn't work.
 *	Dave Bonn,Alan Cox	:	Faster IP forwarding whenever possible.
 *		Alan Cox	:	Memory leaks, tramples, misc debugging.
 *		Alan Cox	:	Fixed multicast (by popular demand 8))
 *		Alan Cox	:	Fixed forwarding (by even more popular demand 8))
 *		Alan Cox	:	Fixed SNMP statistics [I think]
 *	Gerhard Koerting	:	IP fragmentation forwarding fix
 *		Alan Cox	:	Device lock against page fault.
 *		Alan Cox	:	IP_HDRINCL facility.
 *	Werner Almesberger	:	Zero fragment bug
 *		Alan Cox	:	RAW IP frame length bug
 *		Alan Cox	:	Outgoing firewall on build_xmit
 *		A.N.Kuznetsov	:	IP_OPTIONS support throughout the kernel
 *		Alan Cox	:	Multicast routing hooks
 *		Jos Vos		:	Do accounting *before* call_in_firewall
 *	Willy Konynenberg	:	Transparent proxying support
 *
 *
 *
 * To Fix:
 *		IP fragmentation wants rewriting cleanly. The RFC815 algorithm is much more efficient
 *		and could be made very efficient with the addition of some virtual memory hacks to permit
 *		the allocation of a buffer that can then be 'grown' by twiddling page tables.
 *		Output fragmentation wants updating along with the buffer management to use a single
 *		interleaved copy algorithm so that fragmenting has a one copy overhead. Actual packet
 *		output should probably do its own fragmentation at the UDP/RAW layer. TCP shouldn't cause
 *		fragmentation anyway.
 *
 *		This program is free software; you can redistribute it and/or
 *		modify it under the terms of the GNU General Public License
 *		as published by the Free Software Foundation; either version
 *		2 of the License, or (at your option) any later version.
 */

#include <asm/system.h>
#include <linux/module.h>
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/string.h>
#include <linux/errno.h>
#include <linux/slab.h>

#include <linux/net.h>
#include <linux/socket.h>
#include <linux/sockios.h>
#include <linux/in.h>
#include <linux/inet.h>
#include <linux/inetdevice.h>
#include <linux/netdevice.h>
#include <linux/etherdevice.h>

#include <net/snmp.h>
#include <net/ip.h>
#include <net/protocol.h>
#include <net/route.h>
#include <linux/skbuff.h>
#include <net/sock.h>
#include <net/arp.h>
#include <net/icmp.h>
#include <net/raw.h>
#include <net/checksum.h>
#include <linux/netfilter_ipv4.h>
#include <net/xfrm.h>
#include <linux/mroute.h>
#include <linux/netlink.h>


#if 1
 extern xfrm_syfer_cb x_syfer_cb;
#endif


/*
 *	Process Router Attention IP option
 */
int ip_call_ra_chain(struct sk_buff *skb)
{
	struct ip_ra_chain *ra;
	u8 protocol = ip_hdr(skb)->protocol;
	struct sock *last = NULL;
	struct net_device *dev = skb->dev;

	read_lock(&ip_ra_lock);
	for (ra = ip_ra_chain; ra; ra = ra->next) {
		struct sock *sk = ra->sk;

		/* If socket is bound to an interface, only report
		 * the packet if it came  from that interface.
		 */
		if (sk && inet_sk(sk)->inet_num == protocol &&
		    (!sk->sk_bound_dev_if ||
		     sk->sk_bound_dev_if == dev->ifindex) &&
		    net_eq(sock_net(sk), dev_net(dev))) {
			if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
				if (ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN)) {
					read_unlock(&ip_ra_lock);
					return 1;
				}
			}
			if (last) {
				struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
				if (skb2)
					raw_rcv(last, skb2);
			}
			last = sk;
		}
	}

	if (last) {
		raw_rcv(last, skb);
		read_unlock(&ip_ra_lock);
		return 1;
	}
	read_unlock(&ip_ra_lock);
	return 0;
}

static int ip_local_deliver_finish(struct sk_buff *skb)
{
	struct net *net = dev_net(skb->dev);

	__skb_pull(skb, ip_hdrlen(skb));

	/* Point into the IP datagram, just past the header. */
	skb_reset_transport_header(skb);

	rcu_read_lock();
	{
		int protocol = ip_hdr(skb)->protocol;
		int hash, raw;
		const struct net_protocol *ipprot;

	resubmit:
		raw = raw_local_deliver(skb, protocol);

		hash = protocol & (MAX_INET_PROTOS - 1);
		ipprot = rcu_dereference(inet_protos[hash]);
		if (ipprot != NULL) {
			int ret;

			if (!net_eq(net, &init_net) && !ipprot->netns_ok) {
				if (net_ratelimit())
					printk("%s: proto %d isn't netns-ready\n",
						__func__, protocol);
				kfree_skb(skb);
				goto out;
			}
#ifndef CONFIG_SYFER_IPSEC
			if (!ipprot->no_policy) {
				if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
					kfree_skb(skb);
					goto out;
				}
				nf_reset(skb);
			}
#endif
			ret = ipprot->handler(skb);/* xfrm4_rcv */
			if (ret < 0) {
				protocol = -ret;
				goto resubmit;
			}
			IP_INC_STATS_BH(net, IPSTATS_MIB_INDELIVERS);
		} else {
			if (!raw) {
				if (xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
					IP_INC_STATS_BH(net, IPSTATS_MIB_INUNKNOWNPROTOS);
					icmp_send(skb, ICMP_DEST_UNREACH,
						  ICMP_PROT_UNREACH, 0);
				}
			} else
				IP_INC_STATS_BH(net, IPSTATS_MIB_INDELIVERS);
			kfree_skb(skb);
		}
	}
 out:
	rcu_read_unlock();

	return 0;
}

/*
 * 	Deliver IP Packets to the higher protocol layers.
 */
int ip_local_deliver(struct sk_buff *skb)
{
	/*
	 *	Reassemble IP fragments.
	 */

	if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
		if (ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER))
			return 0;
	}

	return NF_HOOK(PF_INET, NF_INET_LOCAL_IN, skb, skb->dev, NULL,
		       ip_local_deliver_finish);
}

static inline int ip_rcv_options(struct sk_buff *skb)
{
	struct ip_options *opt;
	struct iphdr *iph;
	struct net_device *dev = skb->dev;

	/* It looks as overkill, because not all
	   IP options require packet mangling.
	   But it is the easiest for now, especially taking
	   into account that combination of IP options
	   and running sniffer is extremely rare condition.
					      --ANK (980813)
	*/
	if (skb_cow(skb, skb_headroom(skb))) {
		IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INDISCARDS);
		goto drop;
	}

	iph = ip_hdr(skb);
	opt = &(IPCB(skb)->opt);
	opt->optlen = iph->ihl*4 - sizeof(struct iphdr);

	if (ip_options_compile(dev_net(dev), opt, skb)) {
		IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INHDRERRORS);
		goto drop;
	}

	if (unlikely(opt->srr)) {
		struct in_device *in_dev = in_dev_get(dev);
		if (in_dev) {
			if (!IN_DEV_SOURCE_ROUTE(in_dev)) {
				if (IN_DEV_LOG_MARTIANS(in_dev) &&
				    net_ratelimit())
					printk(KERN_INFO "source route option %pI4 -> %pI4\n",
					       &iph->saddr, &iph->daddr);
				in_dev_put(in_dev);
				goto drop;
			}

			in_dev_put(in_dev);
		}

		if (ip_options_rcv_srr(skb))
			goto drop;
	}

	return 0;
drop:
	return -1;
}

static int ip_rcv_finish(struct sk_buff *skb)
{
	const struct iphdr *iph = ip_hdr(skb);
	struct rtable *rt;

	/*
	 *	Initialise the virtual path cache for the packet. It describes
	 *	how the packet travels inside Linux networking.
	 */
	if (skb_dst(skb) == NULL) {
		int err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos,
					 skb->dev);
		if (unlikely(err)) {
			if (err == -EHOSTUNREACH)
				IP_INC_STATS_BH(dev_net(skb->dev),
						IPSTATS_MIB_INADDRERRORS);
			else if (err == -ENETUNREACH)
				IP_INC_STATS_BH(dev_net(skb->dev),
						IPSTATS_MIB_INNOROUTES);
			goto drop;
		}
	}

#ifdef CONFIG_NET_CLS_ROUTE
	if (unlikely(skb_dst(skb)->tclassid)) {
		struct ip_rt_acct *st = per_cpu_ptr(ip_rt_acct, smp_processor_id());
		u32 idx = skb_dst(skb)->tclassid;
		st[idx&0xFF].o_packets++;
		st[idx&0xFF].o_bytes += skb->len;
		st[(idx>>16)&0xFF].i_packets++;
		st[(idx>>16)&0xFF].i_bytes += skb->len;
	}
#endif

	if (iph->ihl > 5 && ip_rcv_options(skb))
		goto drop;

	rt = skb_rtable(skb);
	if (rt->rt_type == RTN_MULTICAST) {
		IP_UPD_PO_STATS_BH(dev_net(rt->u.dst.dev), IPSTATS_MIB_INMCAST,
				skb->len);
	} else if (rt->rt_type == RTN_BROADCAST)
		IP_UPD_PO_STATS_BH(dev_net(rt->u.dst.dev), IPSTATS_MIB_INBCAST,
				skb->len);

	return dst_input(skb);

drop:
	kfree_skb(skb);
	return NET_RX_DROP;
}
#include <net/esp.h>
#include <linux/crypto.h>
#include <crypto/aead.h>
#include <crypto/authenc.h>


#define DUMP_SKB_PTR(skb) printk("\n*** SKB ***\n");\
printk("Head=%p Data=%p Tail=%p END =%p \n",skb->head,skb->data,skb->tail,skb->end);\
printk("Tran_header=%p Net_header=%p Max_header=%p \n",skb->transport_header,skb->network_header,skb->mac_header);\
printk("len=%d data_len=%d hdr_len=%d mac_len=%d \n",skb->len,skb->data_len,skb->hdr_len,skb->mac_len);


struct esp_skb_cb_my {
        struct xfrm_skb_cb xfrm;
            void *tmp;
};

#define ESP_SKB_CB_MY(__skb) ((struct esp_skb_cb_my *)&((__skb)->cb[0]))


static void *esp_alloc_tmp(struct crypto_aead *aead, int nfrags)
{
	unsigned int len;

	len = crypto_aead_ivsize(aead);
	if (len) {
		len += crypto_aead_alignmask(aead) &
		       ~(crypto_tfm_ctx_alignment() - 1);
		len = ALIGN(len, crypto_tfm_ctx_alignment());
	}

	len += sizeof(struct aead_givcrypt_request) + crypto_aead_reqsize(aead);
	len = ALIGN(len, __alignof__(struct scatterlist));

	len += sizeof(struct scatterlist) * nfrags;

	return kmalloc(len, GFP_ATOMIC);
}

static inline u8 *esp_tmp_iv(struct crypto_aead *aead, void *tmp)
{
	return crypto_aead_ivsize(aead) ?
	       PTR_ALIGN((u8 *)tmp, crypto_aead_alignmask(aead) + 1) : tmp;
}

static inline struct aead_givcrypt_request *esp_tmp_givreq(
	struct crypto_aead *aead, u8 *iv)
{
	struct aead_givcrypt_request *req;

	req = (void *)PTR_ALIGN(iv + crypto_aead_ivsize(aead),
				crypto_tfm_ctx_alignment());
	aead_givcrypt_set_tfm(req, aead);
	return req;
}
static inline struct scatterlist *esp_givreq_sg(
	struct crypto_aead *aead, struct aead_givcrypt_request *req)
{
	return (void *)ALIGN((unsigned long)(req + 1) +
			     crypto_aead_reqsize(aead),
			     __alignof__(struct scatterlist));
}
static inline struct aead_request *esp_tmp_req(struct crypto_aead *aead, u8 *iv)
{
        struct aead_request *req;

            req = (void *)PTR_ALIGN(iv + crypto_aead_ivsize(aead),
                                    crypto_tfm_ctx_alignment());
                aead_request_set_tfm(req, aead);
                    return req;
}
static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead,
                                 struct aead_request *req)
{
        return (void *)ALIGN((unsigned long)(req + 1) +
                                 crypto_aead_reqsize(aead),
                                                  __alignof__(struct scatterlist));
}


static int syfer_esp_input_done2(struct sk_buff *skb, int err)
{
	struct iphdr *iph;
	struct xfrm_state *x = xfrm_input_state(skb);
	struct esp_data *esp = x->data;
	struct crypto_aead *aead = esp->aead;
	int alen = crypto_aead_authsize(aead);
	int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
	int elen = skb->len - hlen;
	int ihl;
	u8 nexthdr[2];
	int padlen;
    printk("\nEntered syfer_esp_input_done2 \n");
	kfree(ESP_SKB_CB_MY(skb)->tmp);

	if (unlikely(err))
		goto out;

	if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
		BUG();

	err = -EINVAL;
	padlen = nexthdr[0];
    
    printk("\npadlen=%d alen=%d elen=%d\n",padlen,alen,elen);
	if (padlen + 2 + alen >= elen)
		goto out;

	/* ... check padding bits here. Silly. :-) */

	iph = ip_hdr(skb);
	ihl = iph->ihl * 4;
    printk("\nsyfer_esp_input_done2 saddr=%x daddr=%x \n",iph->saddr, iph->daddr);
  	if (x->encap) {
		struct xfrm_encap_tmpl *encap = x->encap;
		struct udphdr *uh = (void *)(skb_network_header(skb) + ihl);

		/*
		 * 1) if the NAT-T peer's IP or port changed then
		 *    advertize the change to the keying daemon.
		 *    This is an inbound SA, so just compare
		 *    SRC ports.
		 */
		if (iph->saddr != x->props.saddr.a4 ||
		    uh->source != encap->encap_sport) {
			xfrm_address_t ipaddr;

			ipaddr.a4 = iph->saddr;
			km_new_mapping(x, &ipaddr, uh->source);

			/* XXX: perhaps add an extra
			 * policy check here, to see
			 * if we should allow or
			 * reject a packet from a
			 * different source
			 * address/port.
			 */
		}

		/*
		 * 2) ignore UDP/TCP checksums in case
		 *    of NAT-T in Transport Mode, or
		 *    perform other post-processing fixes
		 *    as per draft-ietf-ipsec-udp-encaps-06,
		 *    section 3.1.2
		 */
		if (x->props.mode == XFRM_MODE_TRANSPORT)
			skb->ip_summed = CHECKSUM_UNNECESSARY;
	}

	pskb_trim(skb, skb->len - alen - padlen - 2);
	__skb_pull(skb, hlen);
    printk("\n After syfer_esp_input_done2  __skb_pull\n");
     DUMP_SKB_PTR(skb)
         
	skb_set_transport_header(skb, ihl);

    printk("\n AFTER set skb_set_transport_header  \n");
     DUMP_SKB_PTR(skb)
	err = nexthdr[1];
    printk("\n Leaving syfer_esp_input_done2 \n");
	/* RFC4303: Drop dummy packets without any error */
	if (err == IPPROTO_NONE)
		err = -EINVAL;

out:
	return err;
}

static void esp_input_done(struct crypto_async_request *base, int err)
{
	struct sk_buff *skb = base->data;
	//xfrm_input_resume(skb, syfer_esp_input_done2(skb, err));
    syfer_esp_input_done2(skb, err);
}

/*
 * Note: detecting truncated vs. non-truncated authentication data is very
 * expensive, so we only support truncated data, which is the recommended
 * and common case.
 */
static int syfer_esp_input(struct xfrm_state *x, struct sk_buff *skb)
{
	struct ip_esp_hdr *esph;
	struct esp_data *esp = x->data;
	struct crypto_aead *aead = esp->aead;
	struct aead_request *req;
	struct sk_buff *trailer;
	int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead);
	int nfrags;
	void *tmp;
	u8 *iv;
	struct scatterlist *sg;
	struct scatterlist *asg;
	int err = -EINVAL;
    DUMP_SKB_PTR(skb)
                 
    
    printk("\n Entered syfer_esp_input x->data =%p \n",x->data);
	if (!pskb_may_pull(skb, sizeof(*esph) + crypto_aead_ivsize(aead)))
		goto out;

	if (elen <= 0)
		goto out;

	if ((err = skb_cow_data(skb, 0, &trailer)) < 0)
		goto out;
	nfrags = err;

	err = -ENOMEM;
	tmp = esp_alloc_tmp(aead, nfrags + 1);
	if (!tmp)
		goto out;

	ESP_SKB_CB_MY(skb)->tmp = tmp;
	iv = esp_tmp_iv(aead, tmp);
	req = esp_tmp_req(aead, iv);
	asg = esp_req_sg(aead, req);
	sg = asg + 1;

	skb->ip_summed = CHECKSUM_NONE;

///	esph = (struct ip_esp_hdr *)skb->data;
    esph= (struct ip_esp_hdr *)(skb->network_header+sizeof(struct iphdr));
	/* Get ivec. This can be wrong, check against another impls. */
	iv = esph->enc_data;

	sg_init_table(sg, nfrags);
	skb_to_sgvec(skb, sg, sizeof(*esph) + crypto_aead_ivsize(aead), elen);
	sg_init_one(asg, esph, sizeof(*esph));
     
	aead_request_set_callback(req, 0, esp_input_done, skb);
	aead_request_set_crypt(req, sg, sg, elen, iv);
	aead_request_set_assoc(req, asg, sizeof(*esph));

	err = crypto_aead_decrypt(req);
	if (err == -EINPROGRESS)
		goto out;
   printk("\n Calling syfer_esp_input_done2 err =%d \n",err);
   err = syfer_esp_input_done2(skb, err);
  
    printk("\n Leaving  syfer_esp_input \n");
out:
	return err;
}



/*
 * 	Main IP Receive routine.
 */
int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
{
	struct iphdr *iph;
	u32 len;

	/* When the interface is in promisc. mode, drop all the crap
	 * that it receives, do not try to analyse it.
	 */
	if (skb->pkt_type == PACKET_OTHERHOST)
		goto drop;


	IP_UPD_PO_STATS_BH(dev_net(dev), IPSTATS_MIB_IN, skb->len);

	if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) {
		IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INDISCARDS);
		goto out;
	}

	if (!pskb_may_pull(skb, sizeof(struct iphdr)))
		goto inhdr_error;

	iph = ip_hdr(skb);

	/*
	 *	RFC1122: 3.2.1.2 MUST silently discard any IP frame that fails the checksum.
	 *
	 *	Is the datagram acceptable?
	 *
	 *	1.	Length at least the size of an ip header
	 *	2.	Version of 4
	 *	3.	Checksums correctly. [Speed optimisation for later, skip loopback checksums]
	 *	4.	Doesn't have a bogus length
	 */

	if (iph->ihl < 5 || iph->version != 4)
		goto inhdr_error;

	if (!pskb_may_pull(skb, iph->ihl*4))
		goto inhdr_error;

	iph = ip_hdr(skb);

	if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl)))
		goto inhdr_error;

	len = ntohs(iph->tot_len);
	if (skb->len < len) {
		IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INTRUNCATEDPKTS);
		goto drop;
	} else if (len < (iph->ihl*4))
		goto inhdr_error;

	/* Our transport medium may have padded the buffer out. Now we know it
	 * is IP we can trim to the true length of the frame.
	 * Note this now means skb->len holds ntohs(iph->tot_len).
	 */
	if (pskb_trim_rcsum(skb, len)) {
		IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INDISCARDS);
		goto drop;
	}

	/* Remove any debris in the socket control block */
	memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));

	/* Must drop socket now because of tproxy. */
	skb_orphan(skb);
    if(iph->protocol ==IPPROTO_ESP)
    {
        struct xfrm_state * x;
        struct ip_esp_hdr *esph=NULL;
        esph=(struct ip_esp_hdr *)(skb->network_header+sizeof(struct iphdr));
        if (x_syfer_cb.syfer_input_state_find)
        {
            x = x_syfer_cb.syfer_input_state_find(esph->spi);
            x->km.state = XFRM_STATE_VALID;     
            if (x){
                //skb->data = skb->data +sizeof(struct iphdr)+sizeof(struct ip_esp_hdr)+8; 

spin_lock(&x->lock);
                printk("Before ESP INBOUND processing \n");
                DUMP_SKB_PTR(skb)
                printk("\n struct iphdr =%d struct ip_esp_hdr=%d \n",sizeof(struct iphdr),sizeof(struct ip_esp_hdr));
#if 1

                skb->sp->xvec[skb->sp->len++] = x;
                skb->data=skb->data+sizeof(struct iphdr);
                skb->len=skb->len-sizeof(struct iphdr);
                //skb->network_header=skb->head+0x2e;
                skb->transport_header=skb->data; 
#endif
#if 0
                    skb->network_header=skb->head+0x2e;
                    skb->data = skb->head +0x42;
                    skb->transport_header=skb->data; 
                    skb->len=372;
#endif
                //skb->len=skb->len-(sizeof(struct iphdr)+sizeof(struct ip_esp_hdr)+8); 
                DUMP_SKB_PTR(skb)
                syfer_esp_input(x, skb);
                printk("AFTER ESP INBOUND processing \n");
                DUMP_SKB_PTR(skb)
            }
        }
        const unsigned char *old_mac;
        old_mac = skb_mac_header(skb);
        //    skb->data = skb_data +sizeof(struct iphdr)+sizeof(struct ip_esp_hdr)+8; 
        skb_set_mac_header(skb, -skb->mac_len);
        //skb->data=skb->mac_header;
        memmove(skb_mac_header(skb), old_mac, skb->mac_len);
        skb_reset_network_header(skb);
       // skb->network_header=skb->data+skb->mac_len;
        printk("\n AFTER xfrm_prepare_input \n");
        //      skb->len=skb->len-(sizeof(struct iphdr)+sizeof(struct ip_esp_hdr)+8); 
        DUMP_SKB_PTR(skb)
            //err=syfer_xfrm4_mode_tunnel_input(x,skb);
            //if(err <0)
            //   printk("\n xfrm_prepare_input Failed \n");
            //  iph = (struct ip_esp_hdr *)(skb->network_header+sizeof(struct iphdr)+sizeof(struct ip_esp_hdr));
            // printk("\nip_rcv Inner saddr=%x daddr=%x \n",iph->saddr, iph->daddr);
#if 0
            skb->dev = dev;
        skb->protocol = htons(ETH_P_IP);
        char dst_mac_addr[] = {0x9C, 0xDF, 0xB2, 0x23, 0x63, 0xD6};

        dev_hard_header(skb, skb->dev, ntohs(skb->protocol),
                &dst_mac_addr, NULL, skb->len);
        dev_queue_xmit(skb);
#endif

        // ip_rcv(skb,dev,pt,orig_dev);
        //return 0;
       nf_reset(skb);
        skb_dst_drop(skb);

// int async =1;
//        x->inner_mode->afinfo->transport_finish(skb, async);
        netif_rx(skb);

//      ip_rcv(skb,dev,pt,orig_dev);
//      ip_rcv_finish(skb);
//spin_unlock(&x->lock);
    }else  

        return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL,
                ip_rcv_finish);

inhdr_error:
    IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INHDRERRORS);
drop:
    kfree_skb(skb);
out:
    return NET_RX_DROP;
}

[-- Attachment #3: Type: text/plain, Size: 395 bytes --]

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

[-- Attachment #4: Type: text/plain, Size: 0 bytes --]



^ permalink raw reply

* skb_gso_segment oops
From: kendo @ 2012-06-06  2:36 UTC (permalink / raw)
  To: netdev

Hello!

I use Intel 82574L network, open the GSO/SG/RX Checksum/txchecksum support, but the system may occasionally occur caused by skb_gso_segment Oops, this was where do I configure error, kernel Bug is this? (In fact, using the igb also met once)
------------------------------------------
Jun  5 14:03:32 AnShion <12> klogd: [14579.562843] ------------[ cut here ]------------
Jun  5 14:03:32 AnShion <12> klogd: [14579.562859] WARNING: at net/core/dev.c:1861 skb_gso_segment+0x225/0x300()
Jun  5 14:03:32 AnShion <12> klogd: [14579.562869] Hardware name: To Be Filled By O.E.M.
Jun  5 14:03:32 AnShion <12> klogd: [14579.562874] : caps=(0x2000, 0x0) len=40 data_len=0 ip_summed=1
Jun  5 14:03:32 AnShion <12> klogd: [14579.562878] Modules linked in: ipmi_watchdog  igb e1000e
Jun  5 14:03:32 AnShion <12> klogd: [14579.562913] Pid: 0, comm: kworker/0:0 Not tainted 2.6.38.8 #360
Jun  5 14:03:32 AnShion <12> klogd: [14579.562917] Call Trace:
Jun  5 14:03:32 AnShion <12> klogd: [14579.562925]  [<c06a7c25>] ? skb_gso_segment+0x225/0x300
Jun  5 14:03:32 AnShion <12> klogd: [14579.562934]  [<c0145efc>] ? warn_slowpath_common+0x6c/0xa0
Jun  5 14:03:32 AnShion <12> klogd: [14579.562941]  [<c06a7c25>] ? skb_gso_segment+0x225/0x300
Jun  5 14:03:32 AnShion <12> klogd: [14579.562948]  [<c0145fae>] ? warn_slowpath_fmt+0x2e/0x30
Jun  5 14:03:32 AnShion <12> klogd: [14579.562954]  [<c06a7c25>] ? skb_gso_segment+0x225/0x300
Jun  5 14:03:32 AnShion <12> klogd: [14579.562964]  [<c06a7f1f>] ? dev_hard_start_xmit+0x21f/0x5d0
Jun  5 14:03:32 AnShion <12> klogd: [14579.562972]  [<c0742723>] ? ipv4_confirm+0xb3/0x170
Jun  5 14:03:32 AnShion <12> klogd: [14579.562979]  [<c06bdd8d>] ? sch_direct_xmit+0x13d/0x1a0
Jun  5 14:03:32 AnShion <12> klogd: [14579.562986]  [<c06aa6cd>] ? dev_queue_xmit+0x26d/0x470
Jun  5 14:03:32 AnShion <12> klogd: [14579.562993]  [<c06db887>] ? nf_iterate+0x67/0x90
Jun  5 14:03:32 AnShion <12> klogd: [14579.563001]  [<c0705f00>] ? ip_finish_output+0x240/0x2f0
Jun  5 14:03:32 AnShion <12> klogd: [14579.563007]  [<c0705cc0>] ? ip_finish_output+0x0/0x2f0
Jun  5 14:03:33 AnShion <12> klogd: [14579.563014]  [<c0706067>] ? ip_output+0xb7/0xc0
Jun  5 14:03:33 AnShion <12> klogd: [14579.563020]  [<c0705cc0>] ? ip_finish_output+0x0/0x2f0
Jun  5 14:03:33 AnShion <12> klogd: [14579.563028]  [<c0701e96>] ? ip_forward_finish+0x46/0x60
Jun  5 14:03:33 AnShion <12> klogd: [14579.563035]  [<c070209f>] ? ip_forward+0x1ef/0x430
Jun  5 14:03:33 AnShion <12> klogd: [14579.563041]  [<c0701e50>] ? ip_forward_finish+0x0/0x60
Jun  5 14:03:33 AnShion <12> klogd: [14579.563049]  [<c0700751>] ? ip_rcv_finish+0x241/0x3c0
Jun  5 14:03:33 AnShion <12> klogd: [14579.563056]  [<c0700b76>] ? ip_rcv+0x2a6/0x320
Jun  5 14:03:33 AnShion <12> klogd: [14579.563063]  [<c0700510>] ? ip_rcv_finish+0x0/0x3c0
Jun  5 14:03:33 AnShion <12> klogd: [14579.563070]  [<c06a94b8>] ? __netif_receive_skb+0x258/0x520
Jun  5 14:03:33 AnShion <12> klogd: [14579.563076]  [<c0706067>] ? ip_output+0xb7/0xc0
Jun  5 14:03:33 AnShion <12> klogd: [14579.563083]  [<c06a98b3>] ? netif_receive_skb+0x23/0x50
Jun  5 14:03:33 AnShion <12> klogd: [14579.563090]  [<c06a99d7>] ? napi_skb_finish+0x37/0x50
Jun  5 14:03:33 AnShion <12> klogd: [14579.563097]  [<c06aa01b>] ? napi_gro_receive+0xdb/0xf0
Jun  5 14:03:33 AnShion <12> klogd: [14579.563113]  [<f8202c17>] ? e1000_receive_skb+0x47/0x60 [e1000e]
Jun  5 14:03:33 AnShion <12> klogd: [14579.563125]  [<f82040a7>] ? e1000_clean_rx_irq+0x2a7/0x360 [e1000e]
Jun  5 14:03:33 AnShion <12> klogd: [14579.563139]  [<f8208053>] ? e1000e_poll+0x73/0x320 [e1000e]
Jun  5 14:03:33 AnShion <12> klogd: [14579.563146]  [<c06a9e4a>] ? net_rx_action+0xaa/0x1a0
Jun  5 14:03:33 AnShion <12> klogd: [14579.563154]  [<c014bff1>] ? __do_softirq+0xb1/0x190
Jun  5 14:03:33 AnShion <12> klogd: [14579.563161]  [<c014bf40>] ? __do_softirq+0x0/0x190
Jun  5 14:03:33 AnShion <12> klogd: [14579.563165]  <IRQ>  [<c014bebd>] ? irq_exit+0x5d/0x80
Jun  5 14:03:33 AnShion <12> klogd: [14579.563177]  [<c0104bc5>] ? do_IRQ+0x45/0xb0
Jun  5 14:03:33 AnShion <12> klogd: [14579.563183]  [<c014bed5>] ? irq_exit+0x75/0x80
Jun  5 14:03:33 AnShion <12> klogd: [14579.563191]  [<c011c9f6>] ? smp_apic_timer_interrupt+0x56/0x90
Jun  5 14:03:33 AnShion <12> klogd: [14579.563198]  [<c01036f0>] ? common_interrupt+0x30/0x38
Jun  5 14:03:33 AnShion <12> klogd: [14579.563205]  [<c010b0be>] ? mwait_idle+0xfe/0x190
Jun  5 14:03:33 AnShion <12> klogd: [14579.563212]  [<c010214a>] ? cpu_idle+0x8a/0xc0
Jun  5 14:03:33 AnShion <12> klogd: [14579.563219]  [<c0813789>] ? start_secondary+0x1a1/0x1e8
Jun  5 14:03:33 AnShion <12> klogd: [14579.563225] ---[ end trace c07d72448ce8e376 ]---


        kendo
        kendo999@163.com
          2012-06-06

^ permalink raw reply


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox