Netdev List
 help / color / mirror / Atom feed
* Re: pull request (net): ipsec 2018-03-13
From: David Miller @ 2018-03-13 14:38 UTC (permalink / raw)
  To: steffen.klassert; +Cc: herbert, netdev
In-Reply-To: <20180313070953.21317-1-steffen.klassert@secunet.com>

From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Tue, 13 Mar 2018 08:09:44 +0100

> Please pull or let me know if there are problems.

Pulled, thanks!

^ permalink raw reply

* Re: [RFC PATCH net-next 3/5] bridge: allow switchdev port to handle flooding by itself
From: Roopa Prabhu @ 2018-03-13 14:41 UTC (permalink / raw)
  To: Andrew Lunn
  Cc: ivecera, Igor Mitsyanko, Jiří Pírko, netdev,
	bridge, sergey.matyukevich.os, ashevchenko, smaksimenko, dlebed
In-Reply-To: <20180313011140.GA5778@lunn.ch>

On Mon, Mar 12, 2018 at 6:11 PM, Andrew Lunn <andrew@lunn.ch> wrote:
>> The flag was introduced to enable hardware switch capabilities of
>> drivers/net/wireless/quantenna/qtnfmac wifi driver. It does not have any
>> switchdev functionality in upstream tree at this moment, and this patchset
>> was intended as a preparatory change.
>
> O.K. But i suggest you add basic switchdev support first. Then think
> about adding new functionality. That way you can learn more about
> switchdev, and we can learn more about your hardware.
>
>> qtnfmac driver provides several physical radios (5 GHz and 2.4 GHz), each
>> can have up to 8 virtual network interfaces. These interfaces can be bridged
>> together in various configurations, and I'm trying to figure out what is the
>> most efficient way to handle it from bridging perspective.
>
> I think the first thing to do is get this part correctly represented
> by switchdev. I don't think any of us maintainers have thought about
> how wireless and switchdev can be combined. The wifi model seems to be
> one phy device, with multiple MACs running on top of it, with each MAC
> being a single SSID.  So is it one SSID per virtual interface?  Or are
> your virtual network interfaces actually virtual phys in the wireless
> model, and you can have multiple MACs on top of each virtual phy?
>
>> My assumption was that software FDB and hardware FDB should always
>> be in sync with each other. I guess it is a safe assumption if
>> handled correctly?  Hardware should send a notification for each new
>> FDB it has learned, and switchdev driver should process FDB
>> notifications from software bridge.
>
> No, you cannot make this assumption. Take the example of DSA
> switches. They are generally connected over an MDIO bus, or an SPI
> bus. The bandwidth is small. How long do you think it takes the
> hardware to learn 8K MAC addresses with 5x 1Gbps ports receiving 64
> byte packets? DSA drivers have no way of keeping up with the
> hardware. And there is no need to. Everything works fine with the SW
> and the HW bridge having different dynamic FDB entries.
>
> I don't even think your hardware will have the hardware and software
> in sync. How fast can your hardware learn new addresses? 'Line' rate?
> Or do you prevent the hardware learning a new address until the
> software bridge has confirmed it has learnt the previous new address?
>
>> qtnfmac hardware has its own memory and maintains FWT table, so for the best
>> efficiency forwarding between virtual interfaces should be handled locally.
>> Qtnfmac can handle all the mentioned flooding by itself:
>> - unknown unicasts
>> - broadcast and unknown multicast
>> - known multicasts (does have IGMP snooping)
>> - can do multicast-to-unicast translation if required.
>>
>> The most important usecase IMO is a muticast transmission, specific example
>> being:
>> - 2.4GHz x 8 and 5GHz x 8 virtual wifi interfaces, bridged with backbone
>> ethernet interface in Linux
>> - multicast video streaming from a server behind ethernet
>> - multicast clients connected to some wifi interfaces
>
> I agree this makes sense. But we need to ensure the solution is
> generic, not something which just works for your hardware/firmware.  I
> know somebody who would love to be able to do something like this with
> DSA drivers. They would probably sacrifice IGMP snooping and just
> flood everywhere, if that is all the hardware could do. But so far,
> i've not been able to figure out a way to do this.
>


I concur with Andrews thoughts here: We already have enough switchdev
learning and flooding control.
More fine tuning can be handled at the driver layer. This solution
tries to bypass some of that and adds a new
infrastructure to control flooding in hw. And I am also afraid that
the use of this flag will propagate to
more places in the bridge driver. If none of the existing mechanisms
work, then yes, we can probably revise this
series into something generic for other switchdev users to use as well.

^ permalink raw reply

* Re: [PATCH net-next 1/4] net: qualcomm: rmnet: Fix casting issues
From: David Miller @ 2018-03-13 14:44 UTC (permalink / raw)
  To: subashab; +Cc: netdev
In-Reply-To: <1520907969-16696-2-git-send-email-subashab@codeaurora.org>

From: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Date: Mon, 12 Mar 2018 20:26:06 -0600

> diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map.h b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map.h
> index 6ce31e2..65b074e 100644
> --- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map.h
> +++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map.h
> @@ -44,7 +44,7 @@ struct rmnet_map_header {
>  	u8  reserved_bit:1;
>  	u8  cd_bit:1;
>  	u8  mux_id;
> -	u16 pkt_len;
> +	__be16 pkt_len;
>  }  __aligned(1);
>  
>  struct rmnet_map_dl_csum_trailer {
 ...
> diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
> index c74a6c5..4e342a3 100644
> --- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
> +++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
> @@ -307,7 +307,8 @@ struct sk_buff *rmnet_map_deaggregate(struct sk_buff *skb,
>  		return NULL;
>  
>  	maph = (struct rmnet_map_header *)skb->data;
> -	packet_len = ntohs(maph->pkt_len) + sizeof(struct rmnet_map_header);
> +	packet_len = ntohs((__force __be16)maph->pkt_len) +
> +		     sizeof(struct rmnet_map_header);
>  
>  	if (port->data_format & RMNET_INGRESS_FORMAT_MAP_CKSUMV4)
>  		packet_len += sizeof(struct rmnet_map_dl_csum_trailer);
> @@ -316,7 +317,7 @@ struct sk_buff *rmnet_map_deaggregate(struct sk_buff *skb,
>  		return NULL;
>  
>  	/* Some hardware can send us empty frames. Catch them */
> -	if (ntohs(maph->pkt_len) == 0)
> +	if (ntohs((__force __be16)maph->pkt_len) == 0)
>  		return NULL;
>  
>  	skbn = alloc_skb(packet_len + RMNET_MAP_DEAGGR_SPACING, GFP_ATOMIC);

Ummm, if you change pkt_len to be a proper __be16, then you don't need these
casts when passing it to ntohs().

^ permalink raw reply

* Re: [PATCH net-next v2] sctp: fix error return code in sctp_sendmsg_new_asoc()
From: David Miller @ 2018-03-13 14:45 UTC (permalink / raw)
  To: weiyongjun1
  Cc: vyasevich, nhorman, lucien.xin, linux-sctp, netdev,
	kernel-janitors
In-Reply-To: <1520910210-147500-1-git-send-email-weiyongjun1@huawei.com>

From: Wei Yongjun <weiyongjun1@huawei.com>
Date: Tue, 13 Mar 2018 03:03:30 +0000

> Return error code -EINVAL in the address len check error handling
> case since 'err' can be overwrite to 0 by 'err = sctp_verify_addr()'
> in the for loop.
> 
> Fixes: 2c0dbaa0c43d ("sctp: add support for SCTP_DSTADDRV4/6 Information for sendmsg")
> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
> Acked-by: Neil Horman <nhorman@tuxdriver.com>
> ---
> v1 -> v2: remove the 'err' initialization

Applied, thank you.

^ permalink raw reply

* Re: [PATCH v2 1/1] net: check before dereferencing netdev_ops during busy poll
From: David Miller @ 2018-03-13 14:51 UTC (permalink / raw)
  To: jelsasser
  Cc: gregkh, edumazet, willemb, glider, xiyou.wangcong, vyasevich,
	mkubecek, netdev, linux-kernel
In-Reply-To: <20180313053248.13654-2-jelsasser@appneta.com>

From: Josh Elsasser <jelsasser@appneta.com>
Date: Mon, 12 Mar 2018 22:32:00 -0700

> init_dummy_netdev() leaves its netdev_ops pointer zeroed. This leads
> to a NULL pointer dereference when sk_busy_loop fires against an iwlwifi
> wireless adapter and checks napi->dev->netdev_ops->ndo_busy_poll.
> 
> Avoid this by ensuring napi->dev->netdev_ops is valid before following
> the pointer, avoiding the following panic when busy polling on a dummy
> netdev:
 ...
> Commit 79e7fff47b7b ("net: remove support for per driver ndo_busy_poll()")
> indirectly fixed this upstream in linux-4.11 by removing the offending
> pointer usage. No other users of napi->dev touch its netdev_ops.
> 
> Fixes: 060212928670 ("net: add low latency socket poll")
> Fixes: ce6aea93f751 ("net: network drivers no longer need to implement ndo_busy_poll()") - 4.9.y
> Signed-off-by: Josh Elsasser <jelsasser@appneta.com>

Ok, queued up for -stable, thanks.

^ permalink raw reply

* Re: [pci PATCH v5 3/4] ena: Migrate over to unmanaged SR-IOV support
From: Alexander Duyck @ 2018-03-13 14:51 UTC (permalink / raw)
  To: David Woodhouse, Don Dutile
  Cc: Bjorn Helgaas, Duyck, Alexander H, linux-pci, virtio-dev, kvm,
	Netdev, Daly, Dan, LKML, linux-nvme, Keith Busch, netanel,
	Maximilian Heyne, Wang, Liang-min, Rustad, Mark D,
	Christoph Hellwig
In-Reply-To: <1520928772.28745.53.camel@infradead.org>

On Tue, Mar 13, 2018 at 1:12 AM, David Woodhouse <dwmw2@infradead.org> wrote:
> On Mon, 2018-03-12 at 10:23 -0700, Alexander Duyck wrote:
>>
>> -       .sriov_configure = ena_sriov_configure,
>> +#ifdef CONFIG_PCI_IOV
>> +       .sriov_configure = pci_sriov_configure_simple,
>> +#endif
>>  };
>
> I'd like to see that ifdef go away, as discussed. I agree that just
> #define pci_sriov_configure_simple NULL
> should suffice. As Christoph points out, it's not going to compile if
> people try to just invoke it directly.
>
> I'd also *really* like to see a way to enable this for PFs which don't
> have (and don't need) a driver. We seem to have lost that along the
> way.

Actually the suggestion I had from Don Dutile was that we should be
looking at creating a pci-stub like driver specifically for those type
of devices, but without the ability to arbitrarily assign devices.
Basically we have to white-list it in one device at a time for those
kind of things.

If you have the device ID of the thing you wanted to have work with
pci-stub before I could look at putting together a quick driver and
adding it to this set.

Thanks.

- Alex

^ permalink raw reply

* Re: [PATCH net] qed: Use after free in qed_rdma_free()
From: David Miller @ 2018-03-13 14:55 UTC (permalink / raw)
  To: dan.carpenter
  Cc: Ariel.Elior, Michal.Kalderon, everest-linux-l2, netdev,
	kernel-janitors
In-Reply-To: <20180313090938.GA17609@mwanda>

From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 13 Mar 2018 12:09:38 +0300

> We're dereferencing "p_hwfn->p_rdma_info" but that is freed on the line
> before in qed_rdma_resc_free(p_hwfn).
> 
> Fixes: 9de506a547c0 ("qed: Free RoCE ILT Memory on rmmod qedr")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Applied, thank you.

^ permalink raw reply

* Re: [PATCH] netfilter: cttimeout: remove VLA usage
From: Pablo Neira Ayuso @ 2018-03-13 14:59 UTC (permalink / raw)
  To: Joe Perches
  Cc: Gustavo A. R. Silva, Jozsef Kadlecsik, Florian Westphal,
	David S. Miller, netfilter-devel, coreteam, netdev, linux-kernel,
	Kernel Hardening, Kees Cook, Gustavo A. R. Silva
In-Reply-To: <1520899118.2049.24.camel@perches.com>

On Mon, Mar 12, 2018 at 04:58:38PM -0700, Joe Perches wrote:
> On Mon, 2018-03-12 at 18:14 -0500, Gustavo A. R. Silva wrote:
> > In preparation to enabling -Wvla, remove VLA and replace it
> > with dynamic memory allocation.
> > 
> > From a security viewpoint, the use of Variable Length Arrays can be
> > a vector for stack overflow attacks. Also, in general, as the code
> > evolves it is easy to lose track of how big a VLA can get. Thus, we
> > can end up having segfaults that are hard to debug.
> > 
> > Also, fixed as part of the directive to remove all VLAs from
> []
> > diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c
> []
> > @@ -51,19 +51,27 @@ ctnl_timeout_parse_policy(void *timeouts,
> >  			  const struct nf_conntrack_l4proto *l4proto,
> >  			  struct net *net, const struct nlattr *attr)
> >  {
> > +	struct nlattr **tb;
> >  	int ret = 0;
> >  
> > -	if (likely(l4proto->ctnl_timeout.nlattr_to_obj)) {
> > -		struct nlattr *tb[l4proto->ctnl_timeout.nlattr_max+1];
> > +	if (!l4proto->ctnl_timeout.nlattr_to_obj)
> > +		return 0;
> 
> Why not
> 	if unlikely(!...)

This is control plane code - not packet path - I think we should just
let the compiler decide on this one, not really need to provide an
explicit hint here.

^ permalink raw reply

* Re: [pci PATCH v5 3/4] ena: Migrate over to unmanaged SR-IOV support
From: David Woodhouse @ 2018-03-13 15:04 UTC (permalink / raw)
  To: Alexander Duyck, Don Dutile
  Cc: Bjorn Helgaas, Duyck, Alexander H, linux-pci, virtio-dev, kvm,
	Netdev, Daly, Dan, LKML, linux-nvme, Keith Busch, netanel,
	Maximilian Heyne, Wang, Liang-min, Rustad, Mark D,
	Christoph Hellwig
In-Reply-To: <CAKgT0UdkUSsHQC7CpJQ0CT77AD8k7P-HeeomWXNJQ-Ek4dJRMQ@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 626 bytes --]

On Tue, 2018-03-13 at 07:51 -0700, Alexander Duyck wrote:

> Actually the suggestion I had from Don Dutile was that we should be
> looking at creating a pci-stub like driver specifically for those type
> of devices, but without the ability to arbitrarily assign devices.
> Basically we have to white-list it in one device at a time for those
> kind of things.

It's still not clear what the point of that would be.

> If you have the device ID of the thing you wanted to have work with
> pci-stub before I could look at putting together a quick driver and
> adding it to this set.

1d0f:0053 would be an example.

[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5213 bytes --]

^ permalink raw reply

* [PATCH] net: dev_forward_skb(): Scrub packet's per-netns info only when crossing netns
From: Liran Alon @ 2018-03-13 15:07 UTC (permalink / raw)
  To: davem, netdev, linux-kernel; +Cc: idan.brown, Liran Alon, Yuval Shaia

Before this commit, dev_forward_skb() always cleared packet's
per-network-namespace info. Even if the packet doesn't cross
network namespaces.

The comment above dev_forward_skb() describes that this is done
because the receiving device may be in another network namespace.
However, this case can easily be tested for and therefore we can
scrub packet's per-network-namespace info only when receiving device
is indeed in another network namespace.

Therefore, this commit changes ____dev_forward_skb() to tell
skb_scrub_packet() that skb has crossed network-namespace only in case
transmitting device (skb->dev) network namespace is different then
receiving device (dev) network namespace.

An example of a netdev that use skb_forward_skb() is veth.
Thus, before this commit a packet transmitted from one veth peer to
another when both veth peers are on same network namespace will lose
it's skb->mark. The bug could easily be demonstrated by the following:

ip netns add test
ip netns exec test bash
ip link add veth-a type veth peer name veth-b
ip link set veth-a up
ip link set veth-b up
ip addr add dev veth-a 12.0.0.1/24
tc qdisc add dev veth-a root handle 1 prio
tc qdisc add dev veth-b ingress
tc filter add dev veth-a parent 1: u32 match u32 0 0 action skbedit mark 1337
tc filter add dev veth-b parent ffff: basic match 'meta(nf_mark eq 1337)' action simple "skb->mark 1337!"
dmesg -C
ping 12.0.0.2
dmesg

Before this change, the above will print nothing to dmesg.
After this change, "skb->mark 1337!" will be printed as necessary.

Signed-off-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
Signed-off-by: Yuval Shaia <yuval.shaia@oracle.com>
---
 include/linux/netdevice.h | 2 +-
 net/core/dev.c            | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 5eef6c8e2741..5908f1e31ee2 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -3371,7 +3371,7 @@ static __always_inline int ____dev_forward_skb(struct net_device *dev,
 		return NET_RX_DROP;
 	}
 
-	skb_scrub_packet(skb, true);
+	skb_scrub_packet(skb, !net_eq(dev_net(dev), dev_net(skb->dev)));
 	skb->priority = 0;
 	return 0;
 }
diff --git a/net/core/dev.c b/net/core/dev.c
index 2cedf520cb28..087787dd0a50 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1877,9 +1877,9 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
  * start_xmit function of one device into the receive queue
  * of another device.
  *
- * The receiving device may be in another namespace, so
- * we have to clear all information in the skb that could
- * impact namespace isolation.
+ * The receiving device may be in another namespace.
+ * In that case, we have to clear all information in the
+ * skb that could impact namespace isolation.
  */
 int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
 {
-- 
1.9.1

^ permalink raw reply related

* Re: [PATCH V2 net 1/1] net/smc: simplify wait when closing listen socket
From: David Miller @ 2018-03-13 15:10 UTC (permalink / raw)
  To: ubraun; +Cc: netdev, linux-s390, schwidefsky, heiko.carstens, raspl
In-Reply-To: <20180313094154.65533-2-ubraun@linux.vnet.ibm.com>

From: Ursula Braun <ubraun@linux.vnet.ibm.com>
Date: Tue, 13 Mar 2018 10:41:54 +0100

> Closing of a listen socket wakes up kernel_accept() of
> smc_tcp_listen_worker(), and then has to wait till smc_tcp_listen_worker()
> gives up the internal clcsock. The wait logic introduced with
> commit 127f49705823 ("net/smc: release clcsock from tcp_listen_worker")
> might wait longer than necessary. This patch implements the idea to
> implement the wait just with flush_work(), and gets rid of the extra
> smc_close_wait_listen_clcsock() function.
> 
> Fixes: 127f49705823 ("net/smc: release clcsock from tcp_listen_worker")
> Reported-by: Hans Wippel <hwippel@linux.vnet.ibm.com>
> Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>

This looks a lot better, applied, thank you.

^ permalink raw reply

* RE: [PATCH v5 2/6] staging: fsl-dpaa2/ethsw: Add Freescale DPAA2 Ethernet Switch driver
From: Razvan Stefanescu @ 2018-03-13 15:20 UTC (permalink / raw)
  To: Andrew Lunn
  Cc: devel@driverdev.osuosl.org, arnd@arndb.de,
	gregkh@linuxfoundation.org, Ioana Ciornei, Alexandru Marginean,
	Alexander Graf, linux-kernel@vger.kernel.org, stuyoder@gmail.com,
	netdev@vger.kernel.org, Laurentiu Tudor
In-Reply-To: <20180313142251.GB3814@lunn.ch>



> -----Original Message-----
> From: Andrew Lunn [mailto:andrew@lunn.ch]
> Sent: Tuesday, March 13, 2018 4:23 PM
> To: Razvan Stefanescu <razvan.stefanescu@nxp.com>
> Cc: gregkh@linuxfoundation.org; devel@driverdev.osuosl.org; linux-
> kernel@vger.kernel.org; netdev@vger.kernel.org; Alexander Graf
> <agraf@suse.de>; arnd@arndb.de; Alexandru Marginean
> <alexandru.marginean@nxp.com>; Ruxandra Ioana Ciocoi Radulescu
> <ruxandra.radulescu@nxp.com>; Ioana Ciornei <ioana.ciornei@nxp.com>;
> Laurentiu Tudor <laurentiu.tudor@nxp.com>; stuyoder@gmail.com
> Subject: Re: [PATCH v5 2/6] staging: fsl-dpaa2/ethsw: Add Freescale DPAA2
> Ethernet Switch driver
> 
> > +/* For the moment, only flood setting needs to be updated */
> > +static int port_bridge_join(struct net_device *netdev,
> > +			    struct net_device *upper_dev)
> > +{
> > +	struct ethsw_port_priv *port_priv = netdev_priv(netdev);
> > +	struct ethsw_core *ethsw = port_priv->ethsw_data;
> > +	int i, err;
> > +
> > +	for (i = 0; i < ethsw->sw_attr.num_ifs; i++)
> > +		if (ethsw->ports[i]->bridge_dev &&
> > +		    (ethsw->ports[i]->bridge_dev != upper_dev)) {
> > +			netdev_err(netdev,
> > +				   "Another switch port is connected to %s\n",
> > +				   ethsw->ports[i]->bridge_dev->name);
> > +			return -EINVAL;
> > +		}
> > +
> > +	/* Enable flooding */
> > +	err = ethsw_port_set_flood(port_priv, 1);
> > +	if (!err)
> > +		port_priv->bridge_dev = upper_dev;
> > +
> > +	return err;
> > +}
> 
> Hi Razvan
> 
> That is not what i was meaning.
> 
> brctl addbr br0
> brctl addbr br1
> brctl addif br0 lan0
> brctl addif br0 lan1
> brctl addif br1 lan2
> brctl addif br1 lan3
> 
> Is there somewhere in the code which sets the scope for the flooding?
> lan0 can flood to lan1, but it should not flood to lan2 or lan3, since
> they are in a different bridge. I was expecting that
> ethsw_port_set_flood() takes upper_dev, in order to configure which
> ports it should flood to.
> 
>       Andrew

Hello Andrew,

The current driver implementation uses only a single FDB for the switch,
so  it is not possible configure multiple flooding domains to accommodate
ports partitioning.
 
The configuration that you mentioned will be possible when support for
multiple FDBs in the switch is added. Ports added to the same bridge
will have their flooding domain limited to a specific FDB.

Switch ports partitioning is a feature on the roadmap. I will add this
information to the TODO list.

Best regards,
Razvan Stefanescu

^ permalink raw reply

* Re: [PATCH net-next 0/4] Converting pernet_operations (part #6)
From: David Miller @ 2018-03-13 15:25 UTC (permalink / raw)
  To: ktkhai; +Cc: vyasevich, nhorman, jon.maloy, ying.xue, santosh.shilimkar,
	netdev
In-Reply-To: <152093726634.31266.4973922580771632781.stgit@localhost.localdomain>

From: Kirill Tkhai <ktkhai@virtuozzo.com>
Date: Tue, 13 Mar 2018 13:36:33 +0300

> this series continues to review and to convert pernet_operations
> to make them possible to be executed in parallel for several
> net namespaces in the same time. There are sctp, tipc and rds
> in this series.

Series applied, thanks.

^ permalink raw reply

* Re: [PATCH net-next nfs 0/6] Converting pernet_operations (part #7)
From: David Miller @ 2018-03-13 15:26 UTC (permalink / raw)
  To: ktkhai
  Cc: trond.myklebust, anna.schumaker, bfields, jlayton, dhowells,
	keescook, dwindsor, ishkamiel, elena.reshetova, linux-nfs,
	linux-afs, netdev
In-Reply-To: <152093778442.8636.10592672493816457119.stgit@localhost.localdomain>

From: Kirill Tkhai <ktkhai@virtuozzo.com>
Date: Tue, 13 Mar 2018 13:49:05 +0300

> Hi,
> 
> this series continues to review and to convert pernet_operations
> to make them possible to be executed in parallel for several
> net namespaces in the same time. There are nfs pernet_operations
> in this series. All of them look similar each other, they mostly
> create and destroy caches with small exceptions.
> 
> Also, there is rxrpc_net_ops, which is used in AFS.

I'll let the various maintainers pick these up instead of passing
them via the net-next tree.

^ permalink raw reply

* Re: [PATCH v5 2/6] staging: fsl-dpaa2/ethsw: Add Freescale DPAA2 Ethernet Switch driver
From: Andrew Lunn @ 2018-03-13 15:26 UTC (permalink / raw)
  To: Razvan Stefanescu
  Cc: devel@driverdev.osuosl.org, arnd@arndb.de,
	gregkh@linuxfoundation.org, Ioana Ciornei, Alexandru Marginean,
	Alexander Graf, linux-kernel@vger.kernel.org, stuyoder@gmail.com,
	netdev@vger.kernel.org, Laurentiu Tudor
In-Reply-To: <AM3PR04MB07438DD330E88830AD714339E6D20@AM3PR04MB0743.eurprd04.prod.outlook.com>

> Hello Andrew,
> 
> The current driver implementation uses only a single FDB for the switch,
> so  it is not possible configure multiple flooding domains to accommodate
> ports partitioning.

Ah, O.K. Rather than break somebodies network by wrongly flooding, it
would be better to return -EOPNOTSUPP when the requirement for the
second FDB is met. The offload to hardware will then not happen, and
the software bridge will do all the work.

    Andrew

^ permalink raw reply

* [PATCH v4 net-next 0/6] net/ipv6: Address checks need to consider the L3 domain
From: David Ahern @ 2018-03-13 15:29 UTC (permalink / raw)
  To: netdev; +Cc: idosch, David Ahern

IPv6 prohibits a local address from being used as a gateway for a route.
However, it is ok for the gateway to be a local address in a different L3
domain (e.g., VRF). This allows, for example, veth pairs to connect VRFs.

ip6_route_info_create calls ipv6_chk_addr_and_flags for gateway addresses
to determine if the address is a local one, but ipv6_chk_addr_and_flags
does not currently consider L3 domains. As a result routes can not be
added in one VRF with a nexthop that points to a local address in a
second VRF.

Resolve by comparing the l3mdev for the passed in device and requiring an
l3mdev match with the device containing an address. The intent of checking
for an address on the specified device versus any device in the domain is
mantained by a new argument to skip the check between the passed in device
and the device with the address.

Patch 1 moves the gateway validation from ip6_route_info_create into a
helper; the function is long enough and refactoring drops the indent
level.

Patch 2 adds a skip_dev_check argument to ipv6_chk_addr_and_flags to
allow a device to always be passed yet skip the device check when
looking at addresses and fixes up a few ipv6_chk_addr callers that
pass a NULL device.

Patch 3 adds l3mdev checks to ipv6_chk_addr_and_flags.

Patches 4 and 5 do some refactoring to the fib_tests script and then
patch 6 adds nexthop validation tests.

v4
- separated l3mdev check into a separate patch (patch 3 of this set)
  as suggested by Kirill
- consolidated dev and ipv6_chk_addr_and_flags call into 1 if (Kirill)
- added a temp variable for gw type (Kirill)

v3
- set skip_dev_check in ipv6_chk_addr based on dev == NULL (per
  comment from Ido)

v2
- handle 2 variations of route spec with sane error path
- add test cases

David Ahern (6):
  net/ipv6: Refactor gateway validation on route add
  net/ipv6: Change address check to always take a device argument
  net/ipv6: Add l3mdev check to ipv6_chk_addr_and_flags
  selftests: fib_tests: Use an alias for ip command
  selftests: fib_tests: Allow user to run a specific test
  selftests: fib_tests: Add IPv6 nexthop spec tests

 include/net/addrconf.h                   |   4 +-
 net/ipv6/addrconf.c                      |  26 ++-
 net/ipv6/anycast.c                       |   9 +-
 net/ipv6/datagram.c                      |   5 +-
 net/ipv6/ip6_tunnel.c                    |  12 +-
 net/ipv6/ndisc.c                         |   2 +-
 net/ipv6/route.c                         | 131 ++++++-----
 tools/testing/selftests/net/fib_tests.sh | 359 +++++++++++++++++++++++--------
 8 files changed, 390 insertions(+), 158 deletions(-)

-- 
2.11.0

^ permalink raw reply

* [PATCH v4 net-next 1/6] net/ipv6: Refactor gateway validation on route add
From: David Ahern @ 2018-03-13 15:29 UTC (permalink / raw)
  To: netdev; +Cc: idosch, David Ahern
In-Reply-To: <20180313152941.31218-1-dsahern@gmail.com>

Move gateway validation code from ip6_route_info_create into
ip6_validate_gw. Code move plus adjustments to handle the potential
reset of dev and idev and to make checkpatch happy.

Signed-off-by: David Ahern <dsahern@gmail.com>
---
 net/ipv6/route.c | 120 ++++++++++++++++++++++++++++++-------------------------
 1 file changed, 66 insertions(+), 54 deletions(-)

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 81711e3e2604..23ced851fdb1 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2550,7 +2550,7 @@ static struct rt6_info *ip6_nh_lookup_table(struct net *net,
 
 static int ip6_route_check_nh_onlink(struct net *net,
 				     struct fib6_config *cfg,
-				     struct net_device *dev,
+				     const struct net_device *dev,
 				     struct netlink_ext_ack *extack)
 {
 	u32 tbid = l3mdev_fib_table(dev) ? : RT_TABLE_MAIN;
@@ -2626,6 +2626,68 @@ static int ip6_route_check_nh(struct net *net,
 	return err;
 }
 
+static int ip6_validate_gw(struct net *net, struct fib6_config *cfg,
+			   struct net_device **_dev, struct inet6_dev **idev,
+			   struct netlink_ext_ack *extack)
+{
+	const struct in6_addr *gw_addr = &cfg->fc_gateway;
+	int gwa_type = ipv6_addr_type(gw_addr);
+	const struct net_device *dev = *_dev;
+	int err = -EINVAL;
+
+	/* if gw_addr is local we will fail to detect this in case
+	 * address is still TENTATIVE (DAD in progress). rt6_lookup()
+	 * will return already-added prefix route via interface that
+	 * prefix route was assigned to, which might be non-loopback.
+	 */
+	if (ipv6_chk_addr_and_flags(net, gw_addr,
+				    gwa_type & IPV6_ADDR_LINKLOCAL ?
+				    dev : NULL, 0, 0)) {
+		NL_SET_ERR_MSG(extack, "Invalid gateway address");
+		goto out;
+	}
+
+	if (gwa_type != (IPV6_ADDR_LINKLOCAL | IPV6_ADDR_UNICAST)) {
+		/* IPv6 strictly inhibits using not link-local
+		 * addresses as nexthop address.
+		 * Otherwise, router will not able to send redirects.
+		 * It is very good, but in some (rare!) circumstances
+		 * (SIT, PtP, NBMA NOARP links) it is handy to allow
+		 * some exceptions. --ANK
+		 * We allow IPv4-mapped nexthops to support RFC4798-type
+		 * addressing
+		 */
+		if (!(gwa_type & (IPV6_ADDR_UNICAST | IPV6_ADDR_MAPPED))) {
+			NL_SET_ERR_MSG(extack, "Invalid gateway address");
+			goto out;
+		}
+
+		if (cfg->fc_flags & RTNH_F_ONLINK)
+			err = ip6_route_check_nh_onlink(net, cfg, dev, extack);
+		else
+			err = ip6_route_check_nh(net, cfg, _dev, idev);
+
+		if (err)
+			goto out;
+	}
+
+	/* reload in case device was changed */
+	dev = *_dev;
+
+	err = -EINVAL;
+	if (!dev) {
+		NL_SET_ERR_MSG(extack, "Egress device not specified");
+		goto out;
+	} else if (dev->flags & IFF_LOOPBACK) {
+		NL_SET_ERR_MSG(extack,
+			       "Egress device can not be loopback device for this route");
+		goto out;
+	}
+	err = 0;
+out:
+	return err;
+}
+
 static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg,
 					      struct netlink_ext_ack *extack)
 {
@@ -2808,61 +2870,11 @@ static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg,
 	}
 
 	if (cfg->fc_flags & RTF_GATEWAY) {
-		const struct in6_addr *gw_addr;
-		int gwa_type;
-
-		gw_addr = &cfg->fc_gateway;
-		gwa_type = ipv6_addr_type(gw_addr);
-
-		/* if gw_addr is local we will fail to detect this in case
-		 * address is still TENTATIVE (DAD in progress). rt6_lookup()
-		 * will return already-added prefix route via interface that
-		 * prefix route was assigned to, which might be non-loopback.
-		 */
-		err = -EINVAL;
-		if (ipv6_chk_addr_and_flags(net, gw_addr,
-					    gwa_type & IPV6_ADDR_LINKLOCAL ?
-					    dev : NULL, 0, 0)) {
-			NL_SET_ERR_MSG(extack, "Invalid gateway address");
+		err = ip6_validate_gw(net, cfg, &dev, &idev, extack);
+		if (err)
 			goto out;
-		}
-		rt->rt6i_gateway = *gw_addr;
-
-		if (gwa_type != (IPV6_ADDR_LINKLOCAL|IPV6_ADDR_UNICAST)) {
-			/* IPv6 strictly inhibits using not link-local
-			   addresses as nexthop address.
-			   Otherwise, router will not able to send redirects.
-			   It is very good, but in some (rare!) circumstances
-			   (SIT, PtP, NBMA NOARP links) it is handy to allow
-			   some exceptions. --ANK
-			   We allow IPv4-mapped nexthops to support RFC4798-type
-			   addressing
-			 */
-			if (!(gwa_type & (IPV6_ADDR_UNICAST |
-					  IPV6_ADDR_MAPPED))) {
-				NL_SET_ERR_MSG(extack,
-					       "Invalid gateway address");
-				goto out;
-			}
 
-			if (cfg->fc_flags & RTNH_F_ONLINK) {
-				err = ip6_route_check_nh_onlink(net, cfg, dev,
-								extack);
-			} else {
-				err = ip6_route_check_nh(net, cfg, &dev, &idev);
-			}
-			if (err)
-				goto out;
-		}
-		err = -EINVAL;
-		if (!dev) {
-			NL_SET_ERR_MSG(extack, "Egress device not specified");
-			goto out;
-		} else if (dev->flags & IFF_LOOPBACK) {
-			NL_SET_ERR_MSG(extack,
-				       "Egress device can not be loopback device for this route");
-			goto out;
-		}
+		rt->rt6i_gateway = cfg->fc_gateway;
 	}
 
 	err = -ENODEV;
-- 
2.11.0

^ permalink raw reply related

* [PATCH v4 net-next 2/6] net/ipv6: Change address check to always take a device argument
From: David Ahern @ 2018-03-13 15:29 UTC (permalink / raw)
  To: netdev; +Cc: idosch, David Ahern
In-Reply-To: <20180313152941.31218-1-dsahern@gmail.com>

ipv6_chk_addr_and_flags determines if an address is a local address and
optionally if it is an address on a specific device. For example, it is
called by ip6_route_info_create to determine if a given gateway address
is a local address. The address check currently does not consider L3
domains and as a result does not allow a route to be added in one VRF
if the nexthop points to an address in a second VRF. e.g.,

    $ ip route add 2001:db8:1::/64 vrf r2 via 2001:db8:102::23
    Error: Invalid gateway address.

where 2001:db8:102::23 is an address on an interface in vrf r1.

ipv6_chk_addr_and_flags needs to allow callers to always pass in a device
with a separate argument to not limit the address to the specific device.
The device is used used to determine the L3 domain of interest.

To that end add an argument to skip the device check and update callers
to always pass a device where possible and use the new argument to mean
any address in the domain.

Update a handful of users of ipv6_chk_addr with a NULL dev argument. This
patch handles the change to these callers without adding the domain check.

ip6_validate_gw needs to handle 2 cases - one where the device is given
as part of the nexthop spec and the other where the device is resolved.
There is at least 1 VRF case where deferring the check to only after
the route lookup has resolved the device fails with an unintuitive error
"RTNETLINK answers: No route to host" as opposed to the preferred
"Error: Gateway can not be a local address." The 'no route to host'
error is because of the fallback to a full lookup. The check is done
twice to avoid this error.

Signed-off-by: David Ahern <dsahern@gmail.com>
---
 include/net/addrconf.h |  4 ++--
 net/ipv6/addrconf.c    | 11 ++++++++---
 net/ipv6/anycast.c     |  9 ++++++---
 net/ipv6/datagram.c    |  5 +++--
 net/ipv6/ip6_tunnel.c  | 12 ++++++++----
 net/ipv6/ndisc.c       |  2 +-
 net/ipv6/route.c       | 19 +++++++++++++++----
 7 files changed, 43 insertions(+), 19 deletions(-)

diff --git a/include/net/addrconf.h b/include/net/addrconf.h
index c4185a7b0e90..132e5b95167a 100644
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -69,8 +69,8 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg);
 int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
 		  const struct net_device *dev, int strict);
 int ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr,
-			    const struct net_device *dev, int strict,
-			    u32 banned_flags);
+			    const struct net_device *dev, bool skip_dev_check,
+			    int strict, u32 banned_flags);
 
 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
 int ipv6_chk_home_addr(struct net *net, const struct in6_addr *addr);
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index b5fd116c046a..0677b9732d56 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1851,19 +1851,24 @@ static int ipv6_count_addresses(const struct inet6_dev *idev)
 int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
 		  const struct net_device *dev, int strict)
 {
-	return ipv6_chk_addr_and_flags(net, addr, dev, strict, IFA_F_TENTATIVE);
+	return ipv6_chk_addr_and_flags(net, addr, dev, !dev,
+				       strict, IFA_F_TENTATIVE);
 }
 EXPORT_SYMBOL(ipv6_chk_addr);
 
 int ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr,
-			    const struct net_device *dev, int strict,
-			    u32 banned_flags)
+			    const struct net_device *dev, bool skip_dev_check,
+			    int strict, u32 banned_flags)
 {
 	unsigned int hash = inet6_addr_hash(net, addr);
 	struct inet6_ifaddr *ifp;
 	u32 ifp_flags;
 
 	rcu_read_lock();
+
+	if (skip_dev_check)
+		dev = NULL;
+
 	hlist_for_each_entry_rcu(ifp, &inet6_addr_lst[hash], addr_lst) {
 		if (!net_eq(dev_net(ifp->idev->dev), net))
 			continue;
diff --git a/net/ipv6/anycast.c b/net/ipv6/anycast.c
index c61718dba2e6..d580d4d456a5 100644
--- a/net/ipv6/anycast.c
+++ b/net/ipv6/anycast.c
@@ -66,7 +66,11 @@ int ipv6_sock_ac_join(struct sock *sk, int ifindex, const struct in6_addr *addr)
 		return -EPERM;
 	if (ipv6_addr_is_multicast(addr))
 		return -EINVAL;
-	if (ipv6_chk_addr(net, addr, NULL, 0))
+
+	if (ifindex)
+		dev = __dev_get_by_index(net, ifindex);
+
+	if (ipv6_chk_addr_and_flags(net, addr, dev, true, 0, IFA_F_TENTATIVE))
 		return -EINVAL;
 
 	pac = sock_kmalloc(sk, sizeof(struct ipv6_ac_socklist), GFP_KERNEL);
@@ -90,8 +94,7 @@ int ipv6_sock_ac_join(struct sock *sk, int ifindex, const struct in6_addr *addr)
 			dev = __dev_get_by_flags(net, IFF_UP,
 						 IFF_UP | IFF_LOOPBACK);
 		}
-	} else
-		dev = __dev_get_by_index(net, ifindex);
+	}
 
 	if (!dev) {
 		err = -ENODEV;
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index fbf08ce3f5ab..b27333d7b099 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -801,8 +801,9 @@ int ip6_datagram_send_ctl(struct net *net, struct sock *sk,
 			if (addr_type != IPV6_ADDR_ANY) {
 				int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
 				if (!(inet_sk(sk)->freebind || inet_sk(sk)->transparent) &&
-				    !ipv6_chk_addr(net, &src_info->ipi6_addr,
-						   strict ? dev : NULL, 0) &&
+				    !ipv6_chk_addr_and_flags(net, &src_info->ipi6_addr,
+							     dev, !strict, 0,
+							     IFA_F_TENTATIVE) &&
 				    !ipv6_chk_acast_addr_src(net, dev,
 							     &src_info->ipi6_addr))
 					err = -EINVAL;
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 5c045fa407da..456fcf942f95 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -758,9 +758,11 @@ int ip6_tnl_rcv_ctl(struct ip6_tnl *t,
 			ldev = dev_get_by_index_rcu(net, p->link);
 
 		if ((ipv6_addr_is_multicast(laddr) ||
-		     likely(ipv6_chk_addr(net, laddr, ldev, 0))) &&
+		     likely(ipv6_chk_addr_and_flags(net, laddr, ldev, false,
+						    0, IFA_F_TENTATIVE))) &&
 		    ((p->flags & IP6_TNL_F_ALLOW_LOCAL_REMOTE) ||
-		     likely(!ipv6_chk_addr(net, raddr, NULL, 0))))
+		     likely(!ipv6_chk_addr_and_flags(net, raddr, ldev, true,
+						     0, IFA_F_TENTATIVE))))
 			ret = 1;
 	}
 	return ret;
@@ -990,12 +992,14 @@ int ip6_tnl_xmit_ctl(struct ip6_tnl *t,
 		if (p->link)
 			ldev = dev_get_by_index_rcu(net, p->link);
 
-		if (unlikely(!ipv6_chk_addr(net, laddr, ldev, 0)))
+		if (unlikely(!ipv6_chk_addr_and_flags(net, laddr, ldev, false,
+						      0, IFA_F_TENTATIVE)))
 			pr_warn("%s xmit: Local address not yet configured!\n",
 				p->name);
 		else if (!(p->flags & IP6_TNL_F_ALLOW_LOCAL_REMOTE) &&
 			 !ipv6_addr_is_multicast(raddr) &&
-			 unlikely(ipv6_chk_addr(net, raddr, NULL, 0)))
+			 unlikely(ipv6_chk_addr_and_flags(net, raddr, ldev,
+							  true, 0, IFA_F_TENTATIVE)))
 			pr_warn("%s xmit: Routing loop! Remote address found on this node!\n",
 				p->name);
 		else
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 8af5eef464c1..10024eb0c521 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -707,7 +707,7 @@ static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
 	int probes = atomic_read(&neigh->probes);
 
 	if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
-					   dev, 1,
+					   dev, false, 1,
 					   IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
 		saddr = &ipv6_hdr(skb)->saddr;
 	probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 23ced851fdb1..939d122e71b4 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2632,7 +2632,9 @@ static int ip6_validate_gw(struct net *net, struct fib6_config *cfg,
 {
 	const struct in6_addr *gw_addr = &cfg->fc_gateway;
 	int gwa_type = ipv6_addr_type(gw_addr);
+	bool skip_dev = gwa_type & IPV6_ADDR_LINKLOCAL ? false : true;
 	const struct net_device *dev = *_dev;
+	bool need_addr_check = !dev;
 	int err = -EINVAL;
 
 	/* if gw_addr is local we will fail to detect this in case
@@ -2640,10 +2642,9 @@ static int ip6_validate_gw(struct net *net, struct fib6_config *cfg,
 	 * will return already-added prefix route via interface that
 	 * prefix route was assigned to, which might be non-loopback.
 	 */
-	if (ipv6_chk_addr_and_flags(net, gw_addr,
-				    gwa_type & IPV6_ADDR_LINKLOCAL ?
-				    dev : NULL, 0, 0)) {
-		NL_SET_ERR_MSG(extack, "Invalid gateway address");
+	if (dev &&
+	    ipv6_chk_addr_and_flags(net, gw_addr, dev, skip_dev, 0, 0)) {
+		NL_SET_ERR_MSG(extack, "Gateway can not be a local address");
 		goto out;
 	}
 
@@ -2683,6 +2684,16 @@ static int ip6_validate_gw(struct net *net, struct fib6_config *cfg,
 			       "Egress device can not be loopback device for this route");
 		goto out;
 	}
+
+	/* if we did not check gw_addr above, do so now that the
+	 * egress device has been resolved.
+	 */
+	if (need_addr_check &&
+	    ipv6_chk_addr_and_flags(net, gw_addr, dev, skip_dev, 0, 0)) {
+		NL_SET_ERR_MSG(extack, "Gateway can not be a local address");
+		goto out;
+	}
+
 	err = 0;
 out:
 	return err;
-- 
2.11.0

^ permalink raw reply related

* [PATCH v4 net-next 3/6] net/ipv6: Add l3mdev check to ipv6_chk_addr_and_flags
From: David Ahern @ 2018-03-13 15:29 UTC (permalink / raw)
  To: netdev; +Cc: idosch, David Ahern
In-Reply-To: <20180313152941.31218-1-dsahern@gmail.com>

Lookup the L3 master device for the passed in device. Only consider
addresses on netdev's with the same master device. If the device is
not enslaved or is NULL, then the l3mdev is NULL which means only
devices not enslaved (ie, in the default domain) are considered.

Signed-off-by: David Ahern <dsahern@gmail.com>
---
 net/ipv6/addrconf.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 0677b9732d56..6fd4bbdc444f 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1856,22 +1856,37 @@ int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
 }
 EXPORT_SYMBOL(ipv6_chk_addr);
 
+/* device argument is used to find the L3 domain of interest. If
+ * skip_dev_check is set, then the ifp device is not checked against
+ * the passed in dev argument. So the 2 cases for addresses checks are:
+ *   1. does the address exist in the L3 domain that dev is part of
+ *      (skip_dev_check = true), or
+ *
+ *   2. does the address exist on the specific device
+ *      (skip_dev_check = false)
+ */
 int ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr,
 			    const struct net_device *dev, bool skip_dev_check,
 			    int strict, u32 banned_flags)
 {
 	unsigned int hash = inet6_addr_hash(net, addr);
+	const struct net_device *l3mdev;
 	struct inet6_ifaddr *ifp;
 	u32 ifp_flags;
 
 	rcu_read_lock();
 
+	l3mdev = l3mdev_master_dev_rcu(dev);
 	if (skip_dev_check)
 		dev = NULL;
 
 	hlist_for_each_entry_rcu(ifp, &inet6_addr_lst[hash], addr_lst) {
 		if (!net_eq(dev_net(ifp->idev->dev), net))
 			continue;
+
+		if (l3mdev_master_dev_rcu(ifp->idev->dev) != l3mdev)
+			continue;
+
 		/* Decouple optimistic from tentative for evaluation here.
 		 * Ban optimistic addresses explicitly, when required.
 		 */
-- 
2.11.0

^ permalink raw reply related

* [PATCH v4 net-next 4/6] selftests: fib_tests: Use an alias for ip command
From: David Ahern @ 2018-03-13 15:29 UTC (permalink / raw)
  To: netdev; +Cc: idosch, David Ahern
In-Reply-To: <20180313152941.31218-1-dsahern@gmail.com>

Replace 'ip -netns testns' with the alias IP. Shortens the line lengths
and makes running the commands manually a bit easier.

Signed-off-by: David Ahern <dsahern@gmail.com>
---
 tools/testing/selftests/net/fib_tests.sh | 169 ++++++++++++++++---------------
 1 file changed, 85 insertions(+), 84 deletions(-)

diff --git a/tools/testing/selftests/net/fib_tests.sh b/tools/testing/selftests/net/fib_tests.sh
index b617985ecdc1..953254439e39 100755
--- a/tools/testing/selftests/net/fib_tests.sh
+++ b/tools/testing/selftests/net/fib_tests.sh
@@ -7,6 +7,7 @@
 ret=0
 
 PAUSE_ON_FAIL=${PAUSE_ON_FAIL:=no}
+IP="ip -netns testns"
 
 log_test()
 {
@@ -32,19 +33,19 @@ setup()
 {
 	set -e
 	ip netns add testns
-	ip -netns testns link set dev lo up
+	$IP link set dev lo up
 
-	ip -netns testns link add dummy0 type dummy
-	ip -netns testns link set dev dummy0 up
-	ip -netns testns address add 198.51.100.1/24 dev dummy0
-	ip -netns testns -6 address add 2001:db8:1::1/64 dev dummy0
+	$IP link add dummy0 type dummy
+	$IP link set dev dummy0 up
+	$IP address add 198.51.100.1/24 dev dummy0
+	$IP -6 address add 2001:db8:1::1/64 dev dummy0
 	set +e
 
 }
 
 cleanup()
 {
-	ip -netns testns link del dev dummy0 &> /dev/null
+	$IP link del dev dummy0 &> /dev/null
 	ip netns del testns
 }
 
@@ -56,19 +57,19 @@ fib_unreg_unicast_test()
 	setup
 
 	echo "    Start point"
-	ip -netns testns route get fibmatch 198.51.100.2 &> /dev/null
+	$IP route get fibmatch 198.51.100.2 &> /dev/null
 	log_test $? 0 "IPv4 fibmatch"
-	ip -netns testns -6 route get fibmatch 2001:db8:1::2 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null
 	log_test $? 0 "IPv6 fibmatch"
 
 	set -e
-	ip -netns testns link del dev dummy0
+	$IP link del dev dummy0
 	set +e
 
 	echo "    Nexthop device deleted"
-	ip -netns testns route get fibmatch 198.51.100.2 &> /dev/null
+	$IP route get fibmatch 198.51.100.2 &> /dev/null
 	log_test $? 2 "IPv4 fibmatch - no route"
-	ip -netns testns -6 route get fibmatch 2001:db8:1::2 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null
 	log_test $? 2 "IPv6 fibmatch - no route"
 
 	cleanup
@@ -83,43 +84,43 @@ fib_unreg_multipath_test()
 	setup
 
 	set -e
-	ip -netns testns link add dummy1 type dummy
-	ip -netns testns link set dev dummy1 up
-	ip -netns testns address add 192.0.2.1/24 dev dummy1
-	ip -netns testns -6 address add 2001:db8:2::1/64 dev dummy1
+	$IP link add dummy1 type dummy
+	$IP link set dev dummy1 up
+	$IP address add 192.0.2.1/24 dev dummy1
+	$IP -6 address add 2001:db8:2::1/64 dev dummy1
 
-	ip -netns testns route add 203.0.113.0/24 \
+	$IP route add 203.0.113.0/24 \
 		nexthop via 198.51.100.2 dev dummy0 \
 		nexthop via 192.0.2.2 dev dummy1
-	ip -netns testns -6 route add 2001:db8:3::/64 \
+	$IP -6 route add 2001:db8:3::/64 \
 		nexthop via 2001:db8:1::2 dev dummy0 \
 		nexthop via 2001:db8:2::2 dev dummy1
 	set +e
 
 	echo "    Start point"
-	ip -netns testns route get fibmatch 203.0.113.1 &> /dev/null
+	$IP route get fibmatch 203.0.113.1 &> /dev/null
 	log_test $? 0 "IPv4 fibmatch"
-	ip -netns testns -6 route get fibmatch 2001:db8:3::1 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null
 	log_test $? 0 "IPv6 fibmatch"
 
 	set -e
-	ip -netns testns link del dev dummy0
+	$IP link del dev dummy0
 	set +e
 
 	echo "    One nexthop device deleted"
-	ip -netns testns route get fibmatch 203.0.113.1 &> /dev/null
+	$IP route get fibmatch 203.0.113.1 &> /dev/null
 	log_test $? 2 "IPv4 - multipath route removed on delete"
 
-	ip -netns testns -6 route get fibmatch 2001:db8:3::1 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null
 	# In IPv6 we do not flush the entire multipath route.
 	log_test $? 0 "IPv6 - multipath down to single path"
 
 	set -e
-	ip -netns testns link del dev dummy1
+	$IP link del dev dummy1
 	set +e
 
 	echo "    Second nexthop device deleted"
-	ip -netns testns -6 route get fibmatch 2001:db8:3::1 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null
 	log_test $? 2 "IPv6 - no route"
 
 	cleanup
@@ -139,19 +140,19 @@ fib_down_unicast_test()
 	setup
 
 	echo "    Start point"
-	ip -netns testns route get fibmatch 198.51.100.2 &> /dev/null
+	$IP route get fibmatch 198.51.100.2 &> /dev/null
 	log_test $? 0 "IPv4 fibmatch"
-	ip -netns testns -6 route get fibmatch 2001:db8:1::2 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null
 	log_test $? 0 "IPv6 fibmatch"
 
 	set -e
-	ip -netns testns link set dev dummy0 down
+	$IP link set dev dummy0 down
 	set +e
 
 	echo "    Route deleted on down"
-	ip -netns testns route get fibmatch 198.51.100.2 &> /dev/null
+	$IP route get fibmatch 198.51.100.2 &> /dev/null
 	log_test $? 2 "IPv4 fibmatch"
-	ip -netns testns -6 route get fibmatch 2001:db8:1::2 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null
 	log_test $? 2 "IPv6 fibmatch"
 
 	cleanup
@@ -162,31 +163,31 @@ fib_down_multipath_test_do()
 	local down_dev=$1
 	local up_dev=$2
 
-	ip -netns testns route get fibmatch 203.0.113.1 \
+	$IP route get fibmatch 203.0.113.1 \
 		oif $down_dev &> /dev/null
 	log_test $? 2 "IPv4 fibmatch on down device"
-	ip -netns testns -6 route get fibmatch 2001:db8:3::1 \
+	$IP -6 route get fibmatch 2001:db8:3::1 \
 		oif $down_dev &> /dev/null
 	log_test $? 2 "IPv6 fibmatch on down device"
 
-	ip -netns testns route get fibmatch 203.0.113.1 \
+	$IP route get fibmatch 203.0.113.1 \
 		oif $up_dev &> /dev/null
 	log_test $? 0 "IPv4 fibmatch on up device"
-	ip -netns testns -6 route get fibmatch 2001:db8:3::1 \
+	$IP -6 route get fibmatch 2001:db8:3::1 \
 		oif $up_dev &> /dev/null
 	log_test $? 0 "IPv6 fibmatch on up device"
 
-	ip -netns testns route get fibmatch 203.0.113.1 | \
+	$IP route get fibmatch 203.0.113.1 | \
 		grep $down_dev | grep -q "dead linkdown"
 	log_test $? 0 "IPv4 flags on down device"
-	ip -netns testns -6 route get fibmatch 2001:db8:3::1 | \
+	$IP -6 route get fibmatch 2001:db8:3::1 | \
 		grep $down_dev | grep -q "dead linkdown"
 	log_test $? 0 "IPv6 flags on down device"
 
-	ip -netns testns route get fibmatch 203.0.113.1 | \
+	$IP route get fibmatch 203.0.113.1 | \
 		grep $up_dev | grep -q "dead linkdown"
 	log_test $? 1 "IPv4 flags on up device"
-	ip -netns testns -6 route get fibmatch 2001:db8:3::1 | \
+	$IP -6 route get fibmatch 2001:db8:3::1 | \
 		grep $up_dev | grep -q "dead linkdown"
 	log_test $? 1 "IPv6 flags on up device"
 }
@@ -199,53 +200,53 @@ fib_down_multipath_test()
 	setup
 
 	set -e
-	ip -netns testns link add dummy1 type dummy
-	ip -netns testns link set dev dummy1 up
+	$IP link add dummy1 type dummy
+	$IP link set dev dummy1 up
 
-	ip -netns testns address add 192.0.2.1/24 dev dummy1
-	ip -netns testns -6 address add 2001:db8:2::1/64 dev dummy1
+	$IP address add 192.0.2.1/24 dev dummy1
+	$IP -6 address add 2001:db8:2::1/64 dev dummy1
 
-	ip -netns testns route add 203.0.113.0/24 \
+	$IP route add 203.0.113.0/24 \
 		nexthop via 198.51.100.2 dev dummy0 \
 		nexthop via 192.0.2.2 dev dummy1
-	ip -netns testns -6 route add 2001:db8:3::/64 \
+	$IP -6 route add 2001:db8:3::/64 \
 		nexthop via 2001:db8:1::2 dev dummy0 \
 		nexthop via 2001:db8:2::2 dev dummy1
 	set +e
 
 	echo "    Verify start point"
-	ip -netns testns route get fibmatch 203.0.113.1 &> /dev/null
+	$IP route get fibmatch 203.0.113.1 &> /dev/null
 	log_test $? 0 "IPv4 fibmatch"
 
-	ip -netns testns -6 route get fibmatch 2001:db8:3::1 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null
 	log_test $? 0 "IPv6 fibmatch"
 
 	set -e
-	ip -netns testns link set dev dummy0 down
+	$IP link set dev dummy0 down
 	set +e
 
 	echo "    One device down, one up"
 	fib_down_multipath_test_do "dummy0" "dummy1"
 
 	set -e
-	ip -netns testns link set dev dummy0 up
-	ip -netns testns link set dev dummy1 down
+	$IP link set dev dummy0 up
+	$IP link set dev dummy1 down
 	set +e
 
 	echo "    Other device down and up"
 	fib_down_multipath_test_do "dummy1" "dummy0"
 
 	set -e
-	ip -netns testns link set dev dummy0 down
+	$IP link set dev dummy0 down
 	set +e
 
 	echo "    Both devices down"
-	ip -netns testns route get fibmatch 203.0.113.1 &> /dev/null
+	$IP route get fibmatch 203.0.113.1 &> /dev/null
 	log_test $? 2 "IPv4 fibmatch"
-	ip -netns testns -6 route get fibmatch 2001:db8:3::1 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:3::1 &> /dev/null
 	log_test $? 2 "IPv6 fibmatch"
 
-	ip -netns testns link del dev dummy1
+	$IP link del dev dummy1
 	cleanup
 }
 
@@ -264,55 +265,55 @@ fib_carrier_local_test()
 	setup
 
 	set -e
-	ip -netns testns link set dev dummy0 carrier on
+	$IP link set dev dummy0 carrier on
 	set +e
 
 	echo "    Start point"
-	ip -netns testns route get fibmatch 198.51.100.1 &> /dev/null
+	$IP route get fibmatch 198.51.100.1 &> /dev/null
 	log_test $? 0 "IPv4 fibmatch"
-	ip -netns testns -6 route get fibmatch 2001:db8:1::1 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:1::1 &> /dev/null
 	log_test $? 0 "IPv6 fibmatch"
 
-	ip -netns testns route get fibmatch 198.51.100.1 | \
+	$IP route get fibmatch 198.51.100.1 | \
 		grep -q "linkdown"
 	log_test $? 1 "IPv4 - no linkdown flag"
-	ip -netns testns -6 route get fibmatch 2001:db8:1::1 | \
+	$IP -6 route get fibmatch 2001:db8:1::1 | \
 		grep -q "linkdown"
 	log_test $? 1 "IPv6 - no linkdown flag"
 
 	set -e
-	ip -netns testns link set dev dummy0 carrier off
+	$IP link set dev dummy0 carrier off
 	sleep 1
 	set +e
 
 	echo "    Carrier off on nexthop"
-	ip -netns testns route get fibmatch 198.51.100.1 &> /dev/null
+	$IP route get fibmatch 198.51.100.1 &> /dev/null
 	log_test $? 0 "IPv4 fibmatch"
-	ip -netns testns -6 route get fibmatch 2001:db8:1::1 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:1::1 &> /dev/null
 	log_test $? 0 "IPv6 fibmatch"
 
-	ip -netns testns route get fibmatch 198.51.100.1 | \
+	$IP route get fibmatch 198.51.100.1 | \
 		grep -q "linkdown"
 	log_test $? 1 "IPv4 - linkdown flag set"
-	ip -netns testns -6 route get fibmatch 2001:db8:1::1 | \
+	$IP -6 route get fibmatch 2001:db8:1::1 | \
 		grep -q "linkdown"
 	log_test $? 1 "IPv6 - linkdown flag set"
 
 	set -e
-	ip -netns testns address add 192.0.2.1/24 dev dummy0
-	ip -netns testns -6 address add 2001:db8:2::1/64 dev dummy0
+	$IP address add 192.0.2.1/24 dev dummy0
+	$IP -6 address add 2001:db8:2::1/64 dev dummy0
 	set +e
 
 	echo "    Route to local address with carrier down"
-	ip -netns testns route get fibmatch 192.0.2.1 &> /dev/null
+	$IP route get fibmatch 192.0.2.1 &> /dev/null
 	log_test $? 0 "IPv4 fibmatch"
-	ip -netns testns -6 route get fibmatch 2001:db8:2::1 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:2::1 &> /dev/null
 	log_test $? 0 "IPv6 fibmatch"
 
-	ip -netns testns route get fibmatch 192.0.2.1 | \
+	$IP route get fibmatch 192.0.2.1 | \
 		grep -q "linkdown"
 	log_test $? 1 "IPv4 linkdown flag set"
-	ip -netns testns -6 route get fibmatch 2001:db8:2::1 | \
+	$IP -6 route get fibmatch 2001:db8:2::1 | \
 		grep -q "linkdown"
 	log_test $? 1 "IPv6 linkdown flag set"
 
@@ -329,54 +330,54 @@ fib_carrier_unicast_test()
 	setup
 
 	set -e
-	ip -netns testns link set dev dummy0 carrier on
+	$IP link set dev dummy0 carrier on
 	set +e
 
 	echo "    Start point"
-	ip -netns testns route get fibmatch 198.51.100.2 &> /dev/null
+	$IP route get fibmatch 198.51.100.2 &> /dev/null
 	log_test $? 0 "IPv4 fibmatch"
-	ip -netns testns -6 route get fibmatch 2001:db8:1::2 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null
 	log_test $? 0 "IPv6 fibmatch"
 
-	ip -netns testns route get fibmatch 198.51.100.2 | \
+	$IP route get fibmatch 198.51.100.2 | \
 		grep -q "linkdown"
 	log_test $? 1 "IPv4 no linkdown flag"
-	ip -netns testns -6 route get fibmatch 2001:db8:1::2 | \
+	$IP -6 route get fibmatch 2001:db8:1::2 | \
 		grep -q "linkdown"
 	log_test $? 1 "IPv6 no linkdown flag"
 
 	set -e
-	ip -netns testns link set dev dummy0 carrier off
+	$IP link set dev dummy0 carrier off
 	set +e
 
 	echo "    Carrier down"
-	ip -netns testns route get fibmatch 198.51.100.2 &> /dev/null
+	$IP route get fibmatch 198.51.100.2 &> /dev/null
 	log_test $? 0 "IPv4 fibmatch"
-	ip -netns testns -6 route get fibmatch 2001:db8:1::2 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:1::2 &> /dev/null
 	log_test $? 0 "IPv6 fibmatch"
 
-	ip -netns testns route get fibmatch 198.51.100.2 | \
+	$IP route get fibmatch 198.51.100.2 | \
 		grep -q "linkdown"
 	log_test $? 0 "IPv4 linkdown flag set"
-	ip -netns testns -6 route get fibmatch 2001:db8:1::2 | \
+	$IP -6 route get fibmatch 2001:db8:1::2 | \
 		grep -q "linkdown"
 	log_test $? 0 "IPv6 linkdown flag set"
 
 	set -e
-	ip -netns testns address add 192.0.2.1/24 dev dummy0
-	ip -netns testns -6 address add 2001:db8:2::1/64 dev dummy0
+	$IP address add 192.0.2.1/24 dev dummy0
+	$IP -6 address add 2001:db8:2::1/64 dev dummy0
 	set +e
 
 	echo "    Second address added with carrier down"
-	ip -netns testns route get fibmatch 192.0.2.2 &> /dev/null
+	$IP route get fibmatch 192.0.2.2 &> /dev/null
 	log_test $? 0 "IPv4 fibmatch"
-	ip -netns testns -6 route get fibmatch 2001:db8:2::2 &> /dev/null
+	$IP -6 route get fibmatch 2001:db8:2::2 &> /dev/null
 	log_test $? 0 "IPv6 fibmatch"
 
-	ip -netns testns route get fibmatch 192.0.2.2 | \
+	$IP route get fibmatch 192.0.2.2 | \
 		grep -q "linkdown"
 	log_test $? 0 "IPv4 linkdown flag set"
-	ip -netns testns -6 route get fibmatch 2001:db8:2::2 | \
+	$IP -6 route get fibmatch 2001:db8:2::2 | \
 		grep -q "linkdown"
 	log_test $? 0 "IPv6 linkdown flag set"
 
-- 
2.11.0

^ permalink raw reply related

* [PATCH v4 net-next 5/6] selftests: fib_tests: Allow user to run a specific test
From: David Ahern @ 2018-03-13 15:29 UTC (permalink / raw)
  To: netdev; +Cc: idosch, David Ahern
In-Reply-To: <20180313152941.31218-1-dsahern@gmail.com>

Allow a user to run just a specific fib test by setting the TEST
environment variable.

Signed-off-by: David Ahern <dsahern@gmail.com>
---
 tools/testing/selftests/net/fib_tests.sh | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tools/testing/selftests/net/fib_tests.sh b/tools/testing/selftests/net/fib_tests.sh
index 953254439e39..cfdeb35bfed5 100755
--- a/tools/testing/selftests/net/fib_tests.sh
+++ b/tools/testing/selftests/net/fib_tests.sh
@@ -392,9 +392,13 @@ fib_carrier_test()
 
 fib_test()
 {
-	fib_unreg_test
-	fib_down_test
-	fib_carrier_test
+	if [ -n "$TEST" ]; then
+		eval $TEST
+	else
+		fib_unreg_test
+		fib_down_test
+		fib_carrier_test
+	fi
 }
 
 if [ "$(id -u)" -ne 0 ];then
-- 
2.11.0

^ permalink raw reply related

* [PATCH v4 net-next 6/6] selftests: fib_tests: Add IPv6 nexthop spec tests
From: David Ahern @ 2018-03-13 15:29 UTC (permalink / raw)
  To: netdev; +Cc: idosch, David Ahern
In-Reply-To: <20180313152941.31218-1-dsahern@gmail.com>

Add series of tests for valid and invalid nexthop specs for IPv6.

$ TEST=fib_nexthop_test ./fib_tests.sh
...
IPv6 nexthop tests
    TEST: Directly connected nexthop, unicast address              [ OK ]
    TEST: Directly connected nexthop, unicast address with device  [ OK ]
    TEST: Gateway is linklocal address                             [ OK ]
    TEST: Gateway is linklocal address, no device                  [ OK ]
    TEST: Gateway can not be local unicast address                 [ OK ]
    TEST: Gateway can not be local unicast address, with device    [ OK ]
    TEST: Gateway can not be a local linklocal address             [ OK ]
    TEST: Gateway can be local address in a VRF                    [ OK ]
    TEST: Gateway can be local address in a VRF, with device       [ OK ]
    TEST: Gateway can be local linklocal address in a VRF          [ OK ]
    TEST: Redirect to VRF lookup                                   [ OK ]
    TEST: VRF route, gateway can be local address in default VRF   [ OK ]
    TEST: VRF route, gateway can not be a local address            [ OK ]
    TEST: VRF route, gateway can not be a local addr with device   [ OK ]

Signed-off-by: David Ahern <dsahern@gmail.com>
---
 tools/testing/selftests/net/fib_tests.sh | 180 ++++++++++++++++++++++++++++++-
 1 file changed, 178 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/net/fib_tests.sh b/tools/testing/selftests/net/fib_tests.sh
index cfdeb35bfed5..9164e60d4b66 100755
--- a/tools/testing/selftests/net/fib_tests.sh
+++ b/tools/testing/selftests/net/fib_tests.sh
@@ -6,6 +6,7 @@
 
 ret=0
 
+VERBOSE=${VERBOSE:=0}
 PAUSE_ON_FAIL=${PAUSE_ON_FAIL:=no}
 IP="ip -netns testns"
 
@@ -16,10 +17,10 @@ log_test()
 	local msg="$3"
 
 	if [ ${rc} -eq ${expected} ]; then
-		printf "        %-60s  [ OK ]\n" "${msg}"
+		printf "    TEST: %-60s  [ OK ]\n" "${msg}"
 	else
 		ret=1
-		printf "        %-60s  [FAIL]\n" "${msg}"
+		printf "    TEST: %-60s  [FAIL]\n" "${msg}"
 		if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
 		echo
 			echo "hit enter to continue, 'q' to quit"
@@ -49,6 +50,28 @@ cleanup()
 	ip netns del testns
 }
 
+get_linklocal()
+{
+	local dev=$1
+	local addr
+
+	addr=$($IP -6 -br addr show dev ${dev} | \
+	awk '{
+		for (i = 3; i <= NF; ++i) {
+			if ($i ~ /^fe80/)
+				print $i
+		}
+	}'
+	)
+	addr=${addr/\/*}
+
+	[ -z "$addr" ] && return 1
+
+	echo $addr
+
+	return 0
+}
+
 fib_unreg_unicast_test()
 {
 	echo
@@ -390,6 +413,158 @@ fib_carrier_test()
 	fib_carrier_unicast_test
 }
 
+################################################################################
+# Tests on nexthop spec
+
+# run 'ip route add' with given spec
+add_rt()
+{
+	local desc="$1"
+	local erc=$2
+	local vrf=$3
+	local pfx=$4
+	local gw=$5
+	local dev=$6
+	local cmd out rc
+
+	[ "$vrf" = "-" ] && vrf="default"
+	[ -n "$gw" ] && gw="via $gw"
+	[ -n "$dev" ] && dev="dev $dev"
+
+	cmd="$IP route add vrf $vrf $pfx $gw $dev"
+	if [ "$VERBOSE" = "1" ]; then
+		printf "\n    COMMAND: $cmd\n"
+	fi
+
+	out=$(eval $cmd 2>&1)
+	rc=$?
+	if [ "$VERBOSE" = "1" -a -n "$out" ]; then
+		echo "    $out"
+	fi
+	log_test $rc $erc "$desc"
+}
+
+fib4_nexthop()
+{
+	echo
+	echo "IPv4 nexthop tests"
+
+	echo "<<< write me >>>"
+}
+
+fib6_nexthop()
+{
+	local lldummy=$(get_linklocal dummy0)
+	local llv1=$(get_linklocal dummy0)
+
+	if [ -z "$lldummy" ]; then
+		echo "Failed to get linklocal address for dummy0"
+		return 1
+	fi
+	if [ -z "$llv1" ]; then
+		echo "Failed to get linklocal address for veth1"
+		return 1
+	fi
+
+	echo
+	echo "IPv6 nexthop tests"
+
+	add_rt "Directly connected nexthop, unicast address" 0 \
+		- 2001:db8:101::/64 2001:db8:1::2
+	add_rt "Directly connected nexthop, unicast address with device" 0 \
+		- 2001:db8:102::/64 2001:db8:1::2 "dummy0"
+	add_rt "Gateway is linklocal address" 0 \
+		- 2001:db8:103::1/64 $llv1 "veth0"
+
+	# fails because LL address requires a device
+	add_rt "Gateway is linklocal address, no device" 2 \
+		- 2001:db8:104::1/64 $llv1
+
+	# local address can not be a gateway
+	add_rt "Gateway can not be local unicast address" 2 \
+		- 2001:db8:105::/64 2001:db8:1::1
+	add_rt "Gateway can not be local unicast address, with device" 2 \
+		- 2001:db8:106::/64 2001:db8:1::1 "dummy0"
+	add_rt "Gateway can not be a local linklocal address" 2 \
+		- 2001:db8:107::1/64 $lldummy "dummy0"
+
+	# VRF tests
+	add_rt "Gateway can be local address in a VRF" 0 \
+		- 2001:db8:108::/64 2001:db8:51::2
+	add_rt "Gateway can be local address in a VRF, with device" 0 \
+		- 2001:db8:109::/64 2001:db8:51::2 "veth0"
+	add_rt "Gateway can be local linklocal address in a VRF" 0 \
+		- 2001:db8:110::1/64 $llv1 "veth0"
+
+	add_rt "Redirect to VRF lookup" 0 \
+		- 2001:db8:111::/64 "" "red"
+
+	add_rt "VRF route, gateway can be local address in default VRF" 0 \
+		red 2001:db8:112::/64 2001:db8:51::1
+
+	# local address in same VRF fails
+	add_rt "VRF route, gateway can not be a local address" 2 \
+		red 2001:db8:113::1/64 2001:db8:2::1
+	add_rt "VRF route, gateway can not be a local addr with device" 2 \
+		red 2001:db8:114::1/64 2001:db8:2::1 "dummy1"
+}
+
+# Default VRF:
+#   dummy0 - 198.51.100.1/24 2001:db8:1::1/64
+#   veth0  - 192.0.2.1/24    2001:db8:51::1/64
+#
+# VRF red:
+#   dummy1 - 192.168.2.1/24 2001:db8:2::1/64
+#   veth1  - 192.0.2.2/24   2001:db8:51::2/64
+#
+#  [ dummy0   veth0 ]--[ veth1   dummy1 ]
+
+fib_nexthop_test()
+{
+	setup
+
+	set -e
+
+	$IP -4 rule add pref 32765 table local
+	$IP -4 rule del pref 0
+	$IP -6 rule add pref 32765 table local
+	$IP -6 rule del pref 0
+
+	$IP link add red type vrf table 1
+	$IP link set red up
+	$IP -4 route add vrf red unreachable default metric 4278198272
+	$IP -6 route add vrf red unreachable default metric 4278198272
+
+	$IP link add veth0 type veth peer name veth1
+	$IP link set dev veth0 up
+	$IP address add 192.0.2.1/24 dev veth0
+	$IP -6 address add 2001:db8:51::1/64 dev veth0
+
+	$IP link set dev veth1 vrf red up
+	$IP address add 192.0.2.2/24 dev veth1
+	$IP -6 address add 2001:db8:51::2/64 dev veth1
+
+	$IP link add dummy1 type dummy
+	$IP link set dev dummy1 vrf red up
+	$IP address add 192.168.2.1/24 dev dummy1
+	$IP -6 address add 2001:db8:2::1/64 dev dummy1
+	set +e
+
+	sleep 1
+	fib4_nexthop
+	fib6_nexthop
+
+	(
+	$IP link del dev dummy1
+	$IP link del veth0
+	$IP link del red
+	) 2>/dev/null
+	cleanup
+}
+
+################################################################################
+#
+
 fib_test()
 {
 	if [ -n "$TEST" ]; then
@@ -398,6 +573,7 @@ fib_test()
 		fib_unreg_test
 		fib_down_test
 		fib_carrier_test
+		fib_nexthop_test
 	fi
 }
 
-- 
2.11.0

^ permalink raw reply related

* Re: [PATCH net-next] cxgb4: Add HMA support
From: David Miller @ 2018-03-13 15:30 UTC (permalink / raw)
  To: arjun; +Cc: netdev, nirranjan, indranil, venkatesh, santosh, werner, ganeshgr
In-Reply-To: <1520938485-6943-1-git-send-email-arjun@chelsio.com>

From: Arjun Vynipadath <arjun@chelsio.com>
Date: Tue, 13 Mar 2018 16:24:45 +0530

> HMA(Host Memory Access) maps a part of host memory for T6-SO memfree cards.
> 
> This commit does the following:
> - Query FW to check if we have HMA support. If yes, the params will
>   return HMA size configured in FW. We will dma map memory based
>   on this size.
> - Also contains changes to get HMA memory information via debugfs.
> 
> Signed-off-by: Arjun Vynipadath <arjun@chelsio.com>
> Signed-off-by: Santosh Rastapur <santosh@chelsio.com>
> Signed-off-by: Michael Werner <werner@chelsio.com>
> Signed-off-by: Ganesh GR <ganeshgr@chelsio.com>

Applied, thank you.

^ permalink raw reply

* Re: [PATCH net-next] net: Add comment about pernet_operations methods and synchronization
From: David Miller @ 2018-03-13 15:31 UTC (permalink / raw)
  To: ktkhai; +Cc: netdev
In-Reply-To: <152093850734.26057.10545422384266241590.stgit@localhost.localdomain>

From: Kirill Tkhai <ktkhai@virtuozzo.com>
Date: Tue, 13 Mar 2018 13:55:55 +0300

> Make locking scheme be visible for users, and provide
> a comment what for we are need exit_batch() methods,
> and when it should be used.
> 
> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>

Applied.

^ permalink raw reply

* Re: linux-next: build warning after merge of the net-next tree
From: David Miller @ 2018-03-13 15:33 UTC (permalink / raw)
  To: gustavo; +Cc: sfr, netdev, linux-next, linux-kernel
In-Reply-To: <67db5ac6-9816-4bf1-c594-72697c426466@embeddedor.com>

From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
Date: Tue, 13 Mar 2018 06:46:24 -0500

> Hi Stephen,
> 
> On 03/13/2018 01:11 AM, Stephen Rothwell wrote:
>> Hi all,
>> After merging the net-next tree, today's linux-next build (sparc
>> defconfig) produced this warning:
>> net/core/pktgen.c: In function 'pktgen_if_write':
>> net/core/pktgen.c:1710:1: warning: the frame size of 1048 bytes is
>> larger than 1024 bytes [-Wframe-larger-than=]
>>   }
>>   ^
>> Introduced by commit
>>    35951393bbff ("pktgen: Remove VLA usage")
>> 
> 
> Thanks for the report.
> 
> David:
> 
> If this code is not going to be executed very often [1], then I think
> it is safe to use dynamic memory allocation instead, as this is not
> going to impact the performance.
> 
> What do you think?
> 
> [1] https://lkml.org/lkml/2018/3/9/630

Sure, that works.

It is only invoked when pktgen configuration changes are made.

^ permalink raw reply


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox