Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

+3 -3

Documentation/networking/scaling.rst

··· 465 465 ----------------- 466 466 467 467 XPS is only available if the kconfig symbol CONFIG_XPS is enabled (on by 468 - default for SMP). The functionality remains disabled until explicitly 469 - configured. To enable XPS, the bitmap of CPUs/receive-queues that may 470 - use a transmit queue is configured using the sysfs file entry: 468 + default for SMP). If compiled in, it is driver dependent whether, and 469 + how, XPS is configured at device init. The mapping of CPUs/receive-queues 470 + to transmit queue can be inspected and configured using sysfs: 471 471 472 472 For selection based on CPUs map:: 473 473

-2

drivers/net/can/m_can/m_can_platform.c

··· 144 144 struct net_device *ndev = dev_get_drvdata(dev); 145 145 struct m_can_classdev *mcan_class = netdev_priv(ndev); 146 146 147 - m_can_class_suspend(dev); 148 - 149 147 clk_disable_unprepare(mcan_class->cclk); 150 148 clk_disable_unprepare(mcan_class->hclk); 151 149

+9 -7

drivers/net/dsa/microchip/ksz_common.c

··· 103 103 104 104 INIT_DELAYED_WORK(&dev->mib_read, ksz_mib_read_work); 105 105 106 - /* Read MIB counters every 30 seconds to avoid overflow. */ 107 - dev->mib_read_interval = msecs_to_jiffies(30000); 108 - 109 106 for (i = 0; i < dev->mib_port_cnt; i++) 110 107 dev->dev_ops->port_init_cnt(dev, i); 111 - 112 - /* Start the timer 2 seconds later. */ 113 - schedule_delayed_work(&dev->mib_read, msecs_to_jiffies(2000)); 114 108 } 115 109 EXPORT_SYMBOL_GPL(ksz_init_mib_timer); 116 110 ··· 137 143 138 144 /* Read all MIB counters when the link is going down. */ 139 145 p->read = true; 140 - schedule_delayed_work(&dev->mib_read, 0); 146 + /* timer started */ 147 + if (dev->mib_read_interval) 148 + schedule_delayed_work(&dev->mib_read, 0); 141 149 } 142 150 EXPORT_SYMBOL_GPL(ksz_mac_link_down); 143 151 ··· 446 450 dev->dev_ops->exit(dev); 447 451 return ret; 448 452 } 453 + 454 + /* Read MIB counters every 30 seconds to avoid overflow. */ 455 + dev->mib_read_interval = msecs_to_jiffies(30000); 456 + 457 + /* Start the MIB timer. */ 458 + schedule_delayed_work(&dev->mib_read, 0); 449 459 450 460 return 0; 451 461 }

+162 -13

drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c

··· 60 60 PEDIT_FIELDS(IP6_, DST_127_96, 4, nat_lip, 12), 61 61 }; 62 62 63 + static const struct cxgb4_natmode_config cxgb4_natmode_config_array[] = { 64 + /* Default supported NAT modes */ 65 + { 66 + .chip = CHELSIO_T5, 67 + .flags = CXGB4_ACTION_NATMODE_NONE, 68 + .natmode = NAT_MODE_NONE, 69 + }, 70 + { 71 + .chip = CHELSIO_T5, 72 + .flags = CXGB4_ACTION_NATMODE_DIP, 73 + .natmode = NAT_MODE_DIP, 74 + }, 75 + { 76 + .chip = CHELSIO_T5, 77 + .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT, 78 + .natmode = NAT_MODE_DIP_DP, 79 + }, 80 + { 81 + .chip = CHELSIO_T5, 82 + .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT | 83 + CXGB4_ACTION_NATMODE_SIP, 84 + .natmode = NAT_MODE_DIP_DP_SIP, 85 + }, 86 + { 87 + .chip = CHELSIO_T5, 88 + .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT | 89 + CXGB4_ACTION_NATMODE_SPORT, 90 + .natmode = NAT_MODE_DIP_DP_SP, 91 + }, 92 + { 93 + .chip = CHELSIO_T5, 94 + .flags = CXGB4_ACTION_NATMODE_SIP | CXGB4_ACTION_NATMODE_SPORT, 95 + .natmode = NAT_MODE_SIP_SP, 96 + }, 97 + { 98 + .chip = CHELSIO_T5, 99 + .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP | 100 + CXGB4_ACTION_NATMODE_SPORT, 101 + .natmode = NAT_MODE_DIP_SIP_SP, 102 + }, 103 + { 104 + .chip = CHELSIO_T5, 105 + .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP | 106 + CXGB4_ACTION_NATMODE_DPORT | 107 + CXGB4_ACTION_NATMODE_SPORT, 108 + .natmode = NAT_MODE_ALL, 109 + }, 110 + /* T6+ can ignore L4 ports when they're disabled. */ 111 + { 112 + .chip = CHELSIO_T6, 113 + .flags = CXGB4_ACTION_NATMODE_SIP, 114 + .natmode = NAT_MODE_SIP_SP, 115 + }, 116 + { 117 + .chip = CHELSIO_T6, 118 + .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SPORT, 119 + .natmode = NAT_MODE_DIP_DP_SP, 120 + }, 121 + { 122 + .chip = CHELSIO_T6, 123 + .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP, 124 + .natmode = NAT_MODE_ALL, 125 + }, 126 + }; 127 + 128 + static void cxgb4_action_natmode_tweak(struct ch_filter_specification *fs, 129 + u8 natmode_flags) 130 + { 131 + u8 i = 0; 132 + 133 + /* Translate the enabled NAT 4-tuple fields to one of the 134 + * hardware supported NAT mode configurations. This ensures 135 + * that we pick a valid combination, where the disabled fields 136 + * do not get overwritten to 0. 137 + */ 138 + for (i = 0; i < ARRAY_SIZE(cxgb4_natmode_config_array); i++) { 139 + if (cxgb4_natmode_config_array[i].flags == natmode_flags) { 140 + fs->nat_mode = cxgb4_natmode_config_array[i].natmode; 141 + return; 142 + } 143 + } 144 + } 145 + 63 146 static struct ch_tc_flower_entry *allocate_flower_entry(void) 64 147 { 65 148 struct ch_tc_flower_entry *new = kzalloc(sizeof(*new), GFP_KERNEL); ··· 372 289 } 373 290 374 291 static void process_pedit_field(struct ch_filter_specification *fs, u32 val, 375 - u32 mask, u32 offset, u8 htype) 292 + u32 mask, u32 offset, u8 htype, 293 + u8 *natmode_flags) 376 294 { 377 295 switch (htype) { 378 296 case FLOW_ACT_MANGLE_HDR_TYPE_ETH: ··· 398 314 switch (offset) { 399 315 case PEDIT_IP4_SRC: 400 316 offload_pedit(fs, val, mask, IP4_SRC); 317 + *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 401 318 break; 402 319 case PEDIT_IP4_DST: 403 320 offload_pedit(fs, val, mask, IP4_DST); 321 + *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 404 322 } 405 - fs->nat_mode = NAT_MODE_ALL; 406 323 break; 407 324 case FLOW_ACT_MANGLE_HDR_TYPE_IP6: 408 325 switch (offset) { 409 326 case PEDIT_IP6_SRC_31_0: 410 327 offload_pedit(fs, val, mask, IP6_SRC_31_0); 328 + *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 411 329 break; 412 330 case PEDIT_IP6_SRC_63_32: 413 331 offload_pedit(fs, val, mask, IP6_SRC_63_32); 332 + *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 414 333 break; 415 334 case PEDIT_IP6_SRC_95_64: 416 335 offload_pedit(fs, val, mask, IP6_SRC_95_64); 336 + *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 417 337 break; 418 338 case PEDIT_IP6_SRC_127_96: 419 339 offload_pedit(fs, val, mask, IP6_SRC_127_96); 340 + *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 420 341 break; 421 342 case PEDIT_IP6_DST_31_0: 422 343 offload_pedit(fs, val, mask, IP6_DST_31_0); 344 + *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 423 345 break; 424 346 case PEDIT_IP6_DST_63_32: 425 347 offload_pedit(fs, val, mask, IP6_DST_63_32); 348 + *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 426 349 break; 427 350 case PEDIT_IP6_DST_95_64: 428 351 offload_pedit(fs, val, mask, IP6_DST_95_64); 352 + *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 429 353 break; 430 354 case PEDIT_IP6_DST_127_96: 431 355 offload_pedit(fs, val, mask, IP6_DST_127_96); 356 + *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 432 357 } 433 - fs->nat_mode = NAT_MODE_ALL; 434 358 break; 435 359 case FLOW_ACT_MANGLE_HDR_TYPE_TCP: 436 360 switch (offset) { 437 361 case PEDIT_TCP_SPORT_DPORT: 438 - if (~mask & PEDIT_TCP_UDP_SPORT_MASK) 362 + if (~mask & PEDIT_TCP_UDP_SPORT_MASK) { 439 363 fs->nat_fport = val; 440 - else 364 + *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT; 365 + } else { 441 366 fs->nat_lport = val >> 16; 367 + *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT; 368 + } 442 369 } 443 - fs->nat_mode = NAT_MODE_ALL; 444 370 break; 445 371 case FLOW_ACT_MANGLE_HDR_TYPE_UDP: 446 372 switch (offset) { 447 373 case PEDIT_UDP_SPORT_DPORT: 448 - if (~mask & PEDIT_TCP_UDP_SPORT_MASK) 374 + if (~mask & PEDIT_TCP_UDP_SPORT_MASK) { 449 375 fs->nat_fport = val; 450 - else 376 + *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT; 377 + } else { 451 378 fs->nat_lport = val >> 16; 379 + *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT; 380 + } 452 381 } 453 - fs->nat_mode = NAT_MODE_ALL; 382 + break; 454 383 } 384 + } 385 + 386 + static int cxgb4_action_natmode_validate(struct adapter *adap, u8 natmode_flags, 387 + struct netlink_ext_ack *extack) 388 + { 389 + u8 i = 0; 390 + 391 + /* Extract the NAT mode to enable based on what 4-tuple fields 392 + * are enabled to be overwritten. This ensures that the 393 + * disabled fields don't get overwritten to 0. 394 + */ 395 + for (i = 0; i < ARRAY_SIZE(cxgb4_natmode_config_array); i++) { 396 + const struct cxgb4_natmode_config *c; 397 + 398 + c = &cxgb4_natmode_config_array[i]; 399 + if (CHELSIO_CHIP_VERSION(adap->params.chip) >= c->chip && 400 + natmode_flags == c->flags) 401 + return 0; 402 + } 403 + NL_SET_ERR_MSG_MOD(extack, "Unsupported NAT mode 4-tuple combination"); 404 + return -EOPNOTSUPP; 455 405 } 456 406 457 407 void cxgb4_process_flow_actions(struct net_device *in, ··· 493 375 struct ch_filter_specification *fs) 494 376 { 495 377 struct flow_action_entry *act; 378 + u8 natmode_flags = 0; 496 379 int i; 497 380 498 381 flow_action_for_each(i, act, actions) { ··· 545 426 val = act->mangle.val; 546 427 offset = act->mangle.offset; 547 428 548 - process_pedit_field(fs, val, mask, offset, htype); 429 + process_pedit_field(fs, val, mask, offset, htype, 430 + &natmode_flags); 549 431 } 550 432 break; 551 433 case FLOW_ACTION_QUEUE: ··· 558 438 break; 559 439 } 560 440 } 441 + if (natmode_flags) 442 + cxgb4_action_natmode_tweak(fs, natmode_flags); 443 + 561 444 } 562 445 563 446 static bool valid_l4_mask(u32 mask) ··· 577 454 } 578 455 579 456 static bool valid_pedit_action(struct net_device *dev, 580 - const struct flow_action_entry *act) 457 + const struct flow_action_entry *act, 458 + u8 *natmode_flags) 581 459 { 582 460 u32 mask, offset; 583 461 u8 htype; ··· 603 479 case FLOW_ACT_MANGLE_HDR_TYPE_IP4: 604 480 switch (offset) { 605 481 case PEDIT_IP4_SRC: 482 + *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 483 + break; 606 484 case PEDIT_IP4_DST: 485 + *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 607 486 break; 608 487 default: 609 488 netdev_err(dev, "%s: Unsupported pedit field\n", ··· 620 493 case PEDIT_IP6_SRC_63_32: 621 494 case PEDIT_IP6_SRC_95_64: 622 495 case PEDIT_IP6_SRC_127_96: 496 + *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 497 + break; 623 498 case PEDIT_IP6_DST_31_0: 624 499 case PEDIT_IP6_DST_63_32: 625 500 case PEDIT_IP6_DST_95_64: 626 501 case PEDIT_IP6_DST_127_96: 502 + *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 627 503 break; 628 504 default: 629 505 netdev_err(dev, "%s: Unsupported pedit field\n", ··· 642 512 __func__); 643 513 return false; 644 514 } 515 + if (~mask & PEDIT_TCP_UDP_SPORT_MASK) 516 + *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT; 517 + else 518 + *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT; 645 519 break; 646 520 default: 647 521 netdev_err(dev, "%s: Unsupported pedit field\n", ··· 661 527 __func__); 662 528 return false; 663 529 } 530 + if (~mask & PEDIT_TCP_UDP_SPORT_MASK) 531 + *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT; 532 + else 533 + *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT; 664 534 break; 665 535 default: 666 536 netdev_err(dev, "%s: Unsupported pedit field\n", ··· 684 546 struct netlink_ext_ack *extack, 685 547 u8 matchall_filter) 686 548 { 549 + struct adapter *adap = netdev2adap(dev); 687 550 struct flow_action_entry *act; 688 551 bool act_redir = false; 689 552 bool act_pedit = false; 690 553 bool act_vlan = false; 554 + u8 natmode_flags = 0; 691 555 int i; 692 556 693 557 if (!flow_action_basic_hw_stats_check(actions, extack)) ··· 703 563 break; 704 564 case FLOW_ACTION_MIRRED: 705 565 case FLOW_ACTION_REDIRECT: { 706 - struct adapter *adap = netdev2adap(dev); 707 566 struct net_device *n_dev, *target_dev; 708 567 bool found = false; 709 568 unsigned int i; ··· 759 620 } 760 621 break; 761 622 case FLOW_ACTION_MANGLE: { 762 - bool pedit_valid = valid_pedit_action(dev, act); 623 + bool pedit_valid = valid_pedit_action(dev, act, 624 + &natmode_flags); 763 625 764 626 if (!pedit_valid) 765 627 return -EOPNOTSUPP; ··· 780 640 netdev_err(dev, "%s: pedit/vlan rewrite invalid without egress redirect\n", 781 641 __func__); 782 642 return -EINVAL; 643 + } 644 + 645 + if (act_pedit) { 646 + int ret; 647 + 648 + ret = cxgb4_action_natmode_validate(adap, natmode_flags, 649 + extack); 650 + if (ret) 651 + return ret; 783 652 } 784 653 785 654 return 0;

+15

drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.h

··· 108 108 #define PEDIT_TCP_SPORT_DPORT 0x0 109 109 #define PEDIT_UDP_SPORT_DPORT 0x0 110 110 111 + enum cxgb4_action_natmode_flags { 112 + CXGB4_ACTION_NATMODE_NONE = 0, 113 + CXGB4_ACTION_NATMODE_DIP = (1 << 0), 114 + CXGB4_ACTION_NATMODE_SIP = (1 << 1), 115 + CXGB4_ACTION_NATMODE_DPORT = (1 << 2), 116 + CXGB4_ACTION_NATMODE_SPORT = (1 << 3), 117 + }; 118 + 119 + /* TC PEDIT action to NATMODE translation entry */ 120 + struct cxgb4_natmode_config { 121 + enum chip_type chip; 122 + u8 flags; 123 + u8 natmode; 124 + }; 125 + 111 126 void cxgb4_process_flow_actions(struct net_device *in, 112 127 struct flow_action *actions, 113 128 struct ch_filter_specification *fs);

+28 -7

drivers/net/ethernet/freescale/fec_main.c

··· 1912 1912 return ret; 1913 1913 } 1914 1914 1915 + static void fec_enet_phy_reset_after_clk_enable(struct net_device *ndev) 1916 + { 1917 + struct fec_enet_private *fep = netdev_priv(ndev); 1918 + struct phy_device *phy_dev = ndev->phydev; 1919 + 1920 + if (phy_dev) { 1921 + phy_reset_after_clk_enable(phy_dev); 1922 + } else if (fep->phy_node) { 1923 + /* 1924 + * If the PHY still is not bound to the MAC, but there is 1925 + * OF PHY node and a matching PHY device instance already, 1926 + * use the OF PHY node to obtain the PHY device instance, 1927 + * and then use that PHY device instance when triggering 1928 + * the PHY reset. 1929 + */ 1930 + phy_dev = of_phy_find_device(fep->phy_node); 1931 + phy_reset_after_clk_enable(phy_dev); 1932 + put_device(&phy_dev->mdio.dev); 1933 + } 1934 + } 1935 + 1915 1936 static int fec_enet_clk_enable(struct net_device *ndev, bool enable) 1916 1937 { 1917 1938 struct fec_enet_private *fep = netdev_priv(ndev); ··· 1959 1938 if (ret) 1960 1939 goto failed_clk_ref; 1961 1940 1962 - phy_reset_after_clk_enable(ndev->phydev); 1941 + fec_enet_phy_reset_after_clk_enable(ndev); 1963 1942 } else { 1964 1943 clk_disable_unprepare(fep->clk_enet_out); 1965 1944 if (fep->clk_ptp) { ··· 3004 2983 /* Init MAC prior to mii bus probe */ 3005 2984 fec_restart(ndev); 3006 2985 3007 - /* Probe and connect to PHY when open the interface */ 3008 - ret = fec_enet_mii_probe(ndev); 3009 - if (ret) 3010 - goto err_enet_mii_probe; 3011 - 3012 2986 /* Call phy_reset_after_clk_enable() again if it failed during 3013 2987 * phy_reset_after_clk_enable() before because the PHY wasn't probed. 3014 2988 */ 3015 2989 if (reset_again) 3016 - phy_reset_after_clk_enable(ndev->phydev); 2990 + fec_enet_phy_reset_after_clk_enable(ndev); 2991 + 2992 + /* Probe and connect to PHY when open the interface */ 2993 + ret = fec_enet_mii_probe(ndev); 2994 + if (ret) 2995 + goto err_enet_mii_probe; 3017 2996 3018 2997 if (fep->quirks & FEC_QUIRK_ERR006687) 3019 2998 imx6q_cpuidle_fec_irqs_used();

+16 -5

drivers/net/ethernet/ibm/ibmveth.c

··· 1349 1349 int offset = ibmveth_rxq_frame_offset(adapter); 1350 1350 int csum_good = ibmveth_rxq_csum_good(adapter); 1351 1351 int lrg_pkt = ibmveth_rxq_large_packet(adapter); 1352 + __sum16 iph_check = 0; 1352 1353 1353 1354 skb = ibmveth_rxq_get_buffer(adapter); 1354 1355 ··· 1386 1385 skb_put(skb, length); 1387 1386 skb->protocol = eth_type_trans(skb, netdev); 1388 1387 1388 + /* PHYP without PLSO support places a -1 in the ip 1389 + * checksum for large send frames. 1390 + */ 1391 + if (skb->protocol == cpu_to_be16(ETH_P_IP)) { 1392 + struct iphdr *iph = (struct iphdr *)skb->data; 1393 + 1394 + iph_check = iph->check; 1395 + } 1396 + 1397 + if ((length > netdev->mtu + ETH_HLEN) || 1398 + lrg_pkt || iph_check == 0xffff) { 1399 + ibmveth_rx_mss_helper(skb, mss, lrg_pkt); 1400 + adapter->rx_large_packets++; 1401 + } 1402 + 1389 1403 if (csum_good) { 1390 1404 skb->ip_summed = CHECKSUM_UNNECESSARY; 1391 1405 ibmveth_rx_csum_helper(skb, adapter); 1392 - } 1393 - 1394 - if (length > netdev->mtu + ETH_HLEN) { 1395 - ibmveth_rx_mss_helper(skb, mss, lrg_pkt); 1396 - adapter->rx_large_packets++; 1397 1406 } 1398 1407 1399 1408 napi_gro_receive(napi, skb); /* send it up */

+2 -1

drivers/net/ethernet/korina.c

··· 1113 1113 return rc; 1114 1114 1115 1115 probe_err_register: 1116 - kfree(lp->td_ring); 1116 + kfree(KSEG0ADDR(lp->td_ring)); 1117 1117 probe_err_td_ring: 1118 1118 iounmap(lp->tx_dma_regs); 1119 1119 probe_err_dma_tx: ··· 1133 1133 iounmap(lp->eth_regs); 1134 1134 iounmap(lp->rx_dma_regs); 1135 1135 iounmap(lp->tx_dma_regs); 1136 + kfree(KSEG0ADDR(lp->td_ring)); 1136 1137 1137 1138 unregister_netdev(bif->dev); 1138 1139 free_netdev(bif->dev);

+3

drivers/net/ethernet/mellanox/mlx4/en_rx.c

··· 943 943 bool clean_complete = true; 944 944 int done; 945 945 946 + if (!budget) 947 + return 0; 948 + 946 949 if (priv->tx_ring_num[TX_XDP]) { 947 950 xdp_tx_cq = priv->tx_cq[TX_XDP][cq->ring]; 948 951 if (xdp_tx_cq->xdp_busy) {

+1 -1

drivers/net/ethernet/mellanox/mlx4/en_tx.c

··· 350 350 .dma = tx_info->map0_dma, 351 351 }; 352 352 353 - if (!mlx4_en_rx_recycle(ring->recycle_ring, &frame)) { 353 + if (!napi_mode || !mlx4_en_rx_recycle(ring->recycle_ring, &frame)) { 354 354 dma_unmap_page(priv->ddev, tx_info->map0_dma, 355 355 PAGE_SIZE, priv->dma_dir); 356 356 put_page(tx_info->page);

+1 -1

drivers/net/ethernet/ti/tlan.c

··· 2504 2504 } 2505 2505 2506 2506 /* Wait for 50 ms and powerup 2507 - * This is abitrary. It is intended to make sure the 2507 + * This is arbitrary. It is intended to make sure the 2508 2508 * transceiver settles. 2509 2509 */ 2510 2510 tlan_set_timer(dev, msecs_to_jiffies(50), TLAN_TIMER_PHY_PUP);

+6

drivers/net/ipa/ipa_endpoint.c

··· 1432 1432 1433 1433 void ipa_endpoint_suspend(struct ipa *ipa) 1434 1434 { 1435 + if (!ipa->setup_complete) 1436 + return; 1437 + 1435 1438 if (ipa->modem_netdev) 1436 1439 ipa_modem_suspend(ipa->modem_netdev); 1437 1440 ··· 1446 1443 1447 1444 void ipa_endpoint_resume(struct ipa *ipa) 1448 1445 { 1446 + if (!ipa->setup_complete) 1447 + return; 1448 + 1449 1449 ipa_endpoint_resume_one(ipa->name_map[IPA_ENDPOINT_AP_COMMAND_TX]); 1450 1450 ipa_endpoint_resume_one(ipa->name_map[IPA_ENDPOINT_AP_LAN_RX]); 1451 1451

+1

include/net/netfilter/nf_log.h

··· 108 108 unsigned int logflags); 109 109 void nf_log_dump_sk_uid_gid(struct net *net, struct nf_log_buf *m, 110 110 struct sock *sk); 111 + void nf_log_dump_vlan(struct nf_log_buf *m, const struct sk_buff *skb); 111 112 void nf_log_dump_packet_common(struct nf_log_buf *m, u_int8_t pf, 112 113 unsigned int hooknum, const struct sk_buff *skb, 113 114 const struct net_device *in,

+4 -1

include/net/tc_act/tc_tunnel_key.h

··· 56 56 { 57 57 #ifdef CONFIG_NET_CLS_ACT 58 58 struct tcf_tunnel_key *t = to_tunnel_key(a); 59 - struct tcf_tunnel_key_params *params = rtnl_dereference(t->params); 59 + struct tcf_tunnel_key_params *params; 60 + 61 + params = rcu_dereference_protected(t->params, 62 + lockdep_is_held(&a->tcfa_lock)); 60 63 61 64 return &params->tcft_enc_metadata->u.tun_info; 62 65 #else

-4

include/net/tls.h

··· 679 679 struct scatterlist *sgout); 680 680 struct sk_buff *tls_encrypt_skb(struct sk_buff *skb); 681 681 682 - struct sk_buff *tls_validate_xmit_skb(struct sock *sk, 683 - struct net_device *dev, 684 - struct sk_buff *skb); 685 - 686 682 int tls_sw_fallback_init(struct sock *sk, 687 683 struct tls_offload_context_tx *offload_ctx, 688 684 struct tls_crypto_info *crypto_info);

+2

net/can/j1939/transport.c

··· 580 580 skb->dev = priv->ndev; 581 581 can_skb_reserve(skb); 582 582 can_skb_prv(skb)->ifindex = priv->ndev->ifindex; 583 + can_skb_prv(skb)->skbcnt = 0; 583 584 /* reserve CAN header */ 584 585 skb_reserve(skb, offsetof(struct can_frame, data)); 585 586 ··· 1488 1487 skb->dev = priv->ndev; 1489 1488 can_skb_reserve(skb); 1490 1489 can_skb_prv(skb)->ifindex = priv->ndev->ifindex; 1490 + can_skb_prv(skb)->skbcnt = 0; 1491 1491 skcb = j1939_skb_to_cb(skb); 1492 1492 memcpy(skcb, rel_skcb, sizeof(*skcb)); 1493 1493

+3 -8

net/core/sock.c

··· 757 757 } else { 758 758 sock_reset_flag(sk, SOCK_RCVTSTAMP); 759 759 sock_reset_flag(sk, SOCK_RCVTSTAMPNS); 760 - sock_reset_flag(sk, SOCK_TSTAMP_NEW); 761 760 } 762 761 } 763 762 ··· 993 994 __sock_set_timestamps(sk, valbool, true, true); 994 995 break; 995 996 case SO_TIMESTAMPING_NEW: 996 - sock_set_flag(sk, SOCK_TSTAMP_NEW); 997 - fallthrough; 998 997 case SO_TIMESTAMPING_OLD: 999 998 if (val & ~SOF_TIMESTAMPING_MASK) { 1000 999 ret = -EINVAL; ··· 1021 1024 } 1022 1025 1023 1026 sk->sk_tsflags = val; 1027 + sock_valbool_flag(sk, SOCK_TSTAMP_NEW, optname == SO_TIMESTAMPING_NEW); 1028 + 1024 1029 if (val & SOF_TIMESTAMPING_RX_SOFTWARE) 1025 1030 sock_enable_timestamp(sk, 1026 1031 SOCK_TIMESTAMPING_RX_SOFTWARE); 1027 - else { 1028 - if (optname == SO_TIMESTAMPING_NEW) 1029 - sock_reset_flag(sk, SOCK_TSTAMP_NEW); 1030 - 1032 + else 1031 1033 sock_disable_timestamp(sk, 1032 1034 (1UL << SOCK_TIMESTAMPING_RX_SOFTWARE)); 1033 - } 1034 1035 break; 1035 1036 1036 1037 case SO_RCVLOWAT:

+21 -2

net/ipv4/icmp.c

··· 457 457 local_bh_enable(); 458 458 } 459 459 460 + /* 461 + * The device used for looking up which routing table to use for sending an ICMP 462 + * error is preferably the source whenever it is set, which should ensure the 463 + * icmp error can be sent to the source host, else lookup using the routing 464 + * table of the destination device, else use the main routing table (index 0). 465 + */ 466 + static struct net_device *icmp_get_route_lookup_dev(struct sk_buff *skb) 467 + { 468 + struct net_device *route_lookup_dev = NULL; 469 + 470 + if (skb->dev) 471 + route_lookup_dev = skb->dev; 472 + else if (skb_dst(skb)) 473 + route_lookup_dev = skb_dst(skb)->dev; 474 + return route_lookup_dev; 475 + } 476 + 460 477 static struct rtable *icmp_route_lookup(struct net *net, 461 478 struct flowi4 *fl4, 462 479 struct sk_buff *skb_in, ··· 482 465 int type, int code, 483 466 struct icmp_bxm *param) 484 467 { 468 + struct net_device *route_lookup_dev; 485 469 struct rtable *rt, *rt2; 486 470 struct flowi4 fl4_dec; 487 471 int err; ··· 497 479 fl4->flowi4_proto = IPPROTO_ICMP; 498 480 fl4->fl4_icmp_type = type; 499 481 fl4->fl4_icmp_code = code; 500 - fl4->flowi4_oif = l3mdev_master_ifindex(skb_dst(skb_in)->dev); 482 + route_lookup_dev = icmp_get_route_lookup_dev(skb_in); 483 + fl4->flowi4_oif = l3mdev_master_ifindex(route_lookup_dev); 501 484 502 485 security_skb_classify_flow(skb_in, flowi4_to_flowi(fl4)); 503 486 rt = ip_route_output_key_hash(net, fl4, skb_in); ··· 522 503 if (err) 523 504 goto relookup_failed; 524 505 525 - if (inet_addr_type_dev_table(net, skb_dst(skb_in)->dev, 506 + if (inet_addr_type_dev_table(net, route_lookup_dev, 526 507 fl4_dec.saddr) == RTN_LOCAL) { 527 508 rt2 = __ip_route_output_key(net, &fl4_dec); 528 509 if (IS_ERR(rt2))

+11 -4

net/ipv4/ip_gre.c

··· 625 625 } 626 626 627 627 if (dev->header_ops) { 628 - /* Need space for new headers */ 629 - if (skb_cow_head(skb, dev->needed_headroom - 630 - (tunnel->hlen + sizeof(struct iphdr)))) 628 + if (skb_cow_head(skb, 0)) 631 629 goto free_skb; 632 630 633 631 tnl_params = (const struct iphdr *)skb->data; ··· 746 748 len = tunnel->tun_hlen - len; 747 749 tunnel->hlen = tunnel->hlen + len; 748 750 749 - dev->needed_headroom = dev->needed_headroom + len; 751 + if (dev->header_ops) 752 + dev->hard_header_len += len; 753 + else 754 + dev->needed_headroom += len; 755 + 750 756 if (set_mtu) 751 757 dev->mtu = max_t(int, dev->mtu - len, 68); 752 758 ··· 946 944 tunnel->parms.iph.protocol = IPPROTO_GRE; 947 945 948 946 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen; 947 + dev->needed_headroom = tunnel->hlen + sizeof(tunnel->parms.iph); 949 948 950 949 dev->features |= GRE_FEATURES; 951 950 dev->hw_features |= GRE_FEATURES; ··· 990 987 return -EINVAL; 991 988 dev->flags = IFF_BROADCAST; 992 989 dev->header_ops = &ipgre_header_ops; 990 + dev->hard_header_len = tunnel->hlen + sizeof(*iph); 991 + dev->needed_headroom = 0; 993 992 } 994 993 #endif 995 994 } else if (!tunnel->collect_md) { 996 995 dev->header_ops = &ipgre_header_ops; 996 + dev->hard_header_len = tunnel->hlen + sizeof(*iph); 997 + dev->needed_headroom = 0; 997 998 } 998 999 999 1000 return ip_tunnel_init(dev);

+17 -2

net/ipv4/netfilter/nf_log_arp.c

··· 43 43 const struct nf_loginfo *info, 44 44 const struct sk_buff *skb, unsigned int nhoff) 45 45 { 46 - const struct arphdr *ah; 47 - struct arphdr _arph; 48 46 const struct arppayload *ap; 49 47 struct arppayload _arpp; 48 + const struct arphdr *ah; 49 + unsigned int logflags; 50 + struct arphdr _arph; 50 51 51 52 ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); 52 53 if (ah == NULL) { 53 54 nf_log_buf_add(m, "TRUNCATED"); 54 55 return; 55 56 } 57 + 58 + if (info->type == NF_LOG_TYPE_LOG) 59 + logflags = info->u.log.logflags; 60 + else 61 + logflags = NF_LOG_DEFAULT_MASK; 62 + 63 + if (logflags & NF_LOG_MACDECODE) { 64 + nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM ", 65 + eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest); 66 + nf_log_dump_vlan(m, skb); 67 + nf_log_buf_add(m, "MACPROTO=%04x ", 68 + ntohs(eth_hdr(skb)->h_proto)); 69 + } 70 + 56 71 nf_log_buf_add(m, "ARP HTYPE=%d PTYPE=0x%04x OPCODE=%d", 57 72 ntohs(ah->ar_hrd), ntohs(ah->ar_pro), ntohs(ah->ar_op)); 58 73

+4 -2

net/ipv4/netfilter/nf_log_ipv4.c

··· 284 284 285 285 switch (dev->type) { 286 286 case ARPHRD_ETHER: 287 - nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM MACPROTO=%04x ", 288 - eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest, 287 + nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM ", 288 + eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest); 289 + nf_log_dump_vlan(m, skb); 290 + nf_log_buf_add(m, "MACPROTO=%04x ", 289 291 ntohs(eth_hdr(skb)->h_proto)); 290 292 return; 291 293 default:

+3 -1

net/ipv4/route.c

··· 2770 2770 if (IS_ERR(rt)) 2771 2771 return rt; 2772 2772 2773 - if (flp4->flowi4_proto) 2773 + if (flp4->flowi4_proto) { 2774 + flp4->flowi4_oif = rt->dst.dev->ifindex; 2774 2775 rt = (struct rtable *)xfrm_lookup_route(net, &rt->dst, 2775 2776 flowi4_to_flowi(flp4), 2776 2777 sk, 0); 2778 + } 2777 2779 2778 2780 return rt; 2779 2781 }

+5 -2

net/ipv6/icmp.c

··· 501 501 if (__ipv6_addr_needs_scope_id(addr_type)) { 502 502 iif = icmp6_iif(skb); 503 503 } else { 504 - dst = skb_dst(skb); 505 - iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev); 504 + /* 505 + * The source device is used for looking up which routing table 506 + * to use for sending an ICMP error. 507 + */ 508 + iif = l3mdev_master_ifindex(skb->dev); 506 509 } 507 510 508 511 /*

+3 -1

net/ipv6/ip6_fib.c

··· 2622 2622 iter->skip = *pos; 2623 2623 2624 2624 if (iter->tbl) { 2625 + loff_t p = 0; 2626 + 2625 2627 ipv6_route_seq_setup_walk(iter, net); 2626 - return ipv6_route_seq_next(seq, NULL, pos); 2628 + return ipv6_route_seq_next(seq, NULL, &p); 2627 2629 } else { 2628 2630 return NULL; 2629 2631 }

-2

net/ipv6/ip6_output.c

··· 468 468 * check and decrement ttl 469 469 */ 470 470 if (hdr->hop_limit <= 1) { 471 - /* Force OUTPUT device used as source address */ 472 - skb->dev = dst->dev; 473 471 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0); 474 472 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS); 475 473

+5 -3

net/ipv6/netfilter/nf_log_ipv6.c

··· 297 297 298 298 switch (dev->type) { 299 299 case ARPHRD_ETHER: 300 - nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM MACPROTO=%04x ", 301 - eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest, 302 - ntohs(eth_hdr(skb)->h_proto)); 300 + nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM ", 301 + eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest); 302 + nf_log_dump_vlan(m, skb); 303 + nf_log_buf_add(m, "MACPROTO=%04x ", 304 + ntohs(eth_hdr(skb)->h_proto)); 303 305 return; 304 306 default: 305 307 break;

+2 -1

net/ipv6/route.c

··· 2745 2745 if (confirm_neigh) 2746 2746 dst_confirm_neigh(dst, daddr); 2747 2747 2748 - mtu = max_t(u32, mtu, IPV6_MIN_MTU); 2748 + if (mtu < IPV6_MIN_MTU) 2749 + return; 2749 2750 if (mtu >= dst_mtu(dst)) 2750 2751 return; 2751 2752

+26 -8

net/mptcp/options.c

··· 517 517 return ret; 518 518 } 519 519 520 - if (subflow->use_64bit_ack) { 520 + if (READ_ONCE(msk->use_64bit_ack)) { 521 521 ack_size = TCPOLEN_MPTCP_DSS_ACK64; 522 522 opts->ext_copy.data_ack = READ_ONCE(msk->ack_seq); 523 523 opts->ext_copy.ack64 = 1; ··· 657 657 if (unlikely(mptcp_check_fallback(sk))) 658 658 return false; 659 659 660 + /* prevent adding of any MPTCP related options on reset packet 661 + * until we support MP_TCPRST/MP_FASTCLOSE 662 + */ 663 + if (unlikely(skb && TCP_SKB_CB(skb)->tcp_flags & TCPHDR_RST)) 664 + return false; 665 + 660 666 if (mptcp_established_options_mp(sk, skb, &opt_size, remaining, opts)) 661 667 ret = true; 662 668 else if (mptcp_established_options_dss(sk, skb, &opt_size, remaining, ··· 717 711 return false; 718 712 } 719 713 720 - static bool check_fully_established(struct mptcp_sock *msk, struct sock *sk, 714 + static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk, 721 715 struct mptcp_subflow_context *subflow, 722 716 struct sk_buff *skb, 723 717 struct mptcp_options_received *mp_opt) ··· 734 728 TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq && 735 729 subflow->mp_join && mp_opt->mp_join && 736 730 READ_ONCE(msk->pm.server_side)) 737 - tcp_send_ack(sk); 731 + tcp_send_ack(ssk); 738 732 goto fully_established; 739 733 } 740 734 741 - /* we should process OoO packets before the first subflow is fully 742 - * established, but not expected for MP_JOIN subflows 735 + /* we must process OoO packets before the first subflow is fully 736 + * established. OoO packets are instead a protocol violation 737 + * for MP_JOIN subflows as the peer must not send any data 738 + * before receiving the forth ack - cfr. RFC 8684 section 3.2. 743 739 */ 744 - if (TCP_SKB_CB(skb)->seq != subflow->ssn_offset + 1) 740 + if (TCP_SKB_CB(skb)->seq != subflow->ssn_offset + 1) { 741 + if (subflow->mp_join) 742 + goto reset; 745 743 return subflow->mp_capable; 744 + } 746 745 747 746 if (mp_opt->dss && mp_opt->use_ack) { 748 747 /* subflows are fully established as soon as we get any ··· 759 748 } 760 749 761 750 /* If the first established packet does not contain MP_CAPABLE + data 762 - * then fallback to TCP 751 + * then fallback to TCP. Fallback scenarios requires a reset for 752 + * MP_JOIN subflows. 763 753 */ 764 754 if (!mp_opt->mp_capable) { 755 + if (subflow->mp_join) 756 + goto reset; 765 757 subflow->mp_capable = 0; 766 758 pr_fallback(msk); 767 759 __mptcp_do_fallback(msk); ··· 781 767 782 768 subflow->pm_notified = 1; 783 769 if (subflow->mp_join) { 784 - clear_3rdack_retransmission(sk); 770 + clear_3rdack_retransmission(ssk); 785 771 mptcp_pm_subflow_established(msk, subflow); 786 772 } else { 787 773 mptcp_pm_fully_established(msk); 788 774 } 789 775 return true; 776 + 777 + reset: 778 + mptcp_subflow_reset(ssk); 779 + return false; 790 780 } 791 781 792 782 static u64 expand_ack(u64 old_ack, u64 cur_ack, bool use_64bit)

+17

net/mptcp/protocol.c

··· 1710 1710 spin_unlock_bh(&msk->pm.lock); 1711 1711 } 1712 1712 1713 + static void __mptcp_close_subflow(struct mptcp_sock *msk) 1714 + { 1715 + struct mptcp_subflow_context *subflow, *tmp; 1716 + 1717 + list_for_each_entry_safe(subflow, tmp, &msk->conn_list, node) { 1718 + struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1719 + 1720 + if (inet_sk_state_load(ssk) != TCP_CLOSE) 1721 + continue; 1722 + 1723 + __mptcp_close_ssk((struct sock *)msk, ssk, subflow, 0); 1724 + } 1725 + } 1726 + 1713 1727 static void mptcp_worker(struct work_struct *work) 1714 1728 { 1715 1729 struct mptcp_sock *msk = container_of(work, struct mptcp_sock, work); ··· 1741 1727 mptcp_clean_una(sk); 1742 1728 mptcp_check_data_fin_ack(sk); 1743 1729 __mptcp_flush_join_list(msk); 1730 + if (test_and_clear_bit(MPTCP_WORK_CLOSE_SUBFLOW, &msk->flags)) 1731 + __mptcp_close_subflow(msk); 1732 + 1744 1733 __mptcp_move_skbs(msk); 1745 1734 1746 1735 if (msk->pm.status)

+3 -1

net/mptcp/protocol.h

··· 90 90 #define MPTCP_WORK_RTX 2 91 91 #define MPTCP_WORK_EOF 3 92 92 #define MPTCP_FALLBACK_DONE 4 93 + #define MPTCP_WORK_CLOSE_SUBFLOW 5 93 94 94 95 struct mptcp_options_received { 95 96 u64 sndr_key; ··· 212 211 bool fully_established; 213 212 bool rcv_data_fin; 214 213 bool snd_data_fin_enable; 214 + bool use_64bit_ack; /* Set when we received a 64-bit DSN */ 215 215 spinlock_t join_list_lock; 216 216 struct work_struct work; 217 217 struct sk_buff *ooo_last_skb; ··· 312 310 mpc_map : 1, 313 311 backup : 1, 314 312 rx_eof : 1, 315 - use_64bit_ack : 1, /* Set when we received a 64-bit DSN */ 316 313 can_ack : 1; /* only after processing the remote a key */ 317 314 enum mptcp_data_avail data_avail; 318 315 u32 remote_nonce; ··· 370 369 void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, 371 370 struct mptcp_subflow_context *subflow, 372 371 long timeout); 372 + void mptcp_subflow_reset(struct sock *ssk); 373 373 374 374 /* called with sk socket lock held */ 375 375 int __mptcp_subflow_connect(struct sock *sk, const struct mptcp_addr_info *loc,

+15 -4

net/mptcp/subflow.c

··· 271 271 return thmac == subflow->thmac; 272 272 } 273 273 274 + void mptcp_subflow_reset(struct sock *ssk) 275 + { 276 + struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk); 277 + struct sock *sk = subflow->conn; 278 + 279 + tcp_set_state(ssk, TCP_CLOSE); 280 + tcp_send_active_reset(ssk, GFP_ATOMIC); 281 + tcp_done(ssk); 282 + if (!test_and_set_bit(MPTCP_WORK_CLOSE_SUBFLOW, &mptcp_sk(sk)->flags) && 283 + schedule_work(&mptcp_sk(sk)->work)) 284 + sock_hold(sk); 285 + } 286 + 274 287 static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) 275 288 { 276 289 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); ··· 356 343 return; 357 344 358 345 do_reset: 359 - tcp_send_active_reset(sk, GFP_ATOMIC); 360 - tcp_done(sk); 346 + mptcp_subflow_reset(sk); 361 347 } 362 348 363 349 struct request_sock_ops mptcp_subflow_request_sock_ops; ··· 782 770 if (!mpext->dsn64) { 783 771 map_seq = expand_seq(subflow->map_seq, subflow->map_data_len, 784 772 mpext->data_seq); 785 - subflow->use_64bit_ack = 0; 786 773 pr_debug("expanded seq=%llu", subflow->map_seq); 787 774 } else { 788 775 map_seq = mpext->data_seq; 789 - subflow->use_64bit_ack = 1; 790 776 } 777 + WRITE_ONCE(mptcp_sk(subflow->conn)->use_64bit_ack, !!mpext->dsn64); 791 778 792 779 if (subflow->map_valid) { 793 780 /* Allow replacing only with an identical map */

+6

net/netfilter/ipvs/ip_vs_xmit.c

··· 609 609 if (ret == NF_ACCEPT) { 610 610 nf_reset_ct(skb); 611 611 skb_forward_csum(skb); 612 + if (skb->dev) 613 + skb->tstamp = 0; 612 614 } 613 615 return ret; 614 616 } ··· 651 649 652 650 if (!local) { 653 651 skb_forward_csum(skb); 652 + if (skb->dev) 653 + skb->tstamp = 0; 654 654 NF_HOOK(pf, NF_INET_LOCAL_OUT, cp->ipvs->net, NULL, skb, 655 655 NULL, skb_dst(skb)->dev, dst_output); 656 656 } else ··· 673 669 if (!local) { 674 670 ip_vs_drop_early_demux_sk(skb); 675 671 skb_forward_csum(skb); 672 + if (skb->dev) 673 + skb->tstamp = 0; 676 674 NF_HOOK(pf, NF_INET_LOCAL_OUT, cp->ipvs->net, NULL, skb, 677 675 NULL, skb_dst(skb)->dev, dst_output); 678 676 } else

+12

net/netfilter/nf_log_common.c

··· 171 171 } 172 172 EXPORT_SYMBOL_GPL(nf_log_dump_packet_common); 173 173 174 + void nf_log_dump_vlan(struct nf_log_buf *m, const struct sk_buff *skb) 175 + { 176 + u16 vid; 177 + 178 + if (!skb_vlan_tag_present(skb)) 179 + return; 180 + 181 + vid = skb_vlan_tag_get(skb); 182 + nf_log_buf_add(m, "VPROTO=%04x VID=%u ", ntohs(skb->vlan_proto), vid); 183 + } 184 + EXPORT_SYMBOL_GPL(nf_log_dump_vlan); 185 + 174 186 /* bridge and netdev logging families share this code. */ 175 187 void nf_log_l2packet(struct net *net, u_int8_t pf, 176 188 __be16 protocol,

+14 -5

net/netfilter/nf_tables_api.c

··· 2138 2138 } 2139 2139 2140 2140 static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy, 2141 - u32 flags) 2141 + u32 flags, const struct nlattr *attr, 2142 + struct netlink_ext_ack *extack) 2142 2143 { 2143 2144 const struct nlattr * const *nla = ctx->nla; 2144 2145 struct nft_table *table = ctx->table; ··· 2155 2154 return -EOPNOTSUPP; 2156 2155 2157 2156 if (nla[NFTA_CHAIN_HOOK]) { 2158 - if (!nft_is_base_chain(chain)) 2157 + if (!nft_is_base_chain(chain)) { 2158 + NL_SET_BAD_ATTR(extack, attr); 2159 2159 return -EEXIST; 2160 - 2160 + } 2161 2161 err = nft_chain_parse_hook(ctx->net, nla, &hook, ctx->family, 2162 2162 false); 2163 2163 if (err < 0) ··· 2167 2165 basechain = nft_base_chain(chain); 2168 2166 if (basechain->type != hook.type) { 2169 2167 nft_chain_release_hook(&hook); 2168 + NL_SET_BAD_ATTR(extack, attr); 2170 2169 return -EEXIST; 2171 2170 } 2172 2171 ··· 2175 2172 if (!nft_hook_list_equal(&basechain->hook_list, 2176 2173 &hook.list)) { 2177 2174 nft_chain_release_hook(&hook); 2175 + NL_SET_BAD_ATTR(extack, attr); 2178 2176 return -EEXIST; 2179 2177 } 2180 2178 } else { ··· 2183 2179 if (ops->hooknum != hook.num || 2184 2180 ops->priority != hook.priority) { 2185 2181 nft_chain_release_hook(&hook); 2182 + NL_SET_BAD_ATTR(extack, attr); 2186 2183 return -EEXIST; 2187 2184 } 2188 2185 } ··· 2196 2191 2197 2192 chain2 = nft_chain_lookup(ctx->net, table, 2198 2193 nla[NFTA_CHAIN_NAME], genmask); 2199 - if (!IS_ERR(chain2)) 2194 + if (!IS_ERR(chain2)) { 2195 + NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_NAME]); 2200 2196 return -EEXIST; 2197 + } 2201 2198 } 2202 2199 2203 2200 if (nla[NFTA_CHAIN_COUNTERS]) { ··· 2242 2235 nft_trans_chain_update(tmp) && 2243 2236 nft_trans_chain_name(tmp) && 2244 2237 strcmp(name, nft_trans_chain_name(tmp)) == 0) { 2238 + NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_NAME]); 2245 2239 kfree(name); 2246 2240 goto err; 2247 2241 } ··· 2365 2357 return -EOPNOTSUPP; 2366 2358 2367 2359 flags |= chain->flags & NFT_CHAIN_BASE; 2368 - return nf_tables_updchain(&ctx, genmask, policy, flags); 2360 + return nf_tables_updchain(&ctx, genmask, policy, flags, attr, 2361 + extack); 2369 2362 } 2370 2363 2371 2364 return nf_tables_addchain(&ctx, family, genmask, policy, flags);

+3 -2

net/smc/smc_core.c

··· 1596 1596 return rc; 1597 1597 } 1598 1598 1599 - #define SMCD_DMBE_SIZES 7 /* 0 -> 16KB, 1 -> 32KB, .. 6 -> 1MB */ 1599 + #define SMCD_DMBE_SIZES 6 /* 0 -> 16KB, 1 -> 32KB, .. 6 -> 1MB */ 1600 1600 1601 1601 static struct smc_buf_desc *smcd_new_buf_create(struct smc_link_group *lgr, 1602 1602 bool is_dmb, int bufsize) ··· 1615 1615 rc = smc_ism_register_dmb(lgr, bufsize, buf_desc); 1616 1616 if (rc) { 1617 1617 kfree(buf_desc); 1618 - return (rc == -ENOMEM) ? ERR_PTR(-EAGAIN) : ERR_PTR(rc); 1618 + return (rc == -ENOMEM) ? ERR_PTR(-EAGAIN) : 1619 + ERR_PTR(-EIO); 1619 1620 } 1620 1621 buf_desc->pages = virt_to_page(buf_desc->cpu_addr); 1621 1622 /* CDC header stored in buf. So, pretend it was smaller */

+8 -11

net/smc/smc_llc.c

··· 233 233 default: 234 234 flow->type = SMC_LLC_FLOW_NONE; 235 235 } 236 - if (qentry == lgr->delayed_event) 237 - lgr->delayed_event = NULL; 238 236 smc_llc_flow_qentry_set(flow, qentry); 239 237 spin_unlock_bh(&lgr->llc_flow_lock); 240 238 return true; ··· 1207 1209 /* enqueue a local add_link req to trigger a new add_link flow */ 1208 1210 void smc_llc_add_link_local(struct smc_link *link) 1209 1211 { 1210 - struct smc_llc_msg_add_link add_llc = {0}; 1212 + struct smc_llc_msg_add_link add_llc = {}; 1211 1213 1212 1214 add_llc.hd.length = sizeof(add_llc); 1213 1215 add_llc.hd.common.type = SMC_LLC_ADD_LINK; ··· 1240 1242 */ 1241 1243 void smc_llc_srv_delete_link_local(struct smc_link *link, u8 del_link_id) 1242 1244 { 1243 - struct smc_llc_msg_del_link del_llc = {0}; 1245 + struct smc_llc_msg_del_link del_llc = {}; 1244 1246 1245 1247 del_llc.hd.length = sizeof(del_llc); 1246 1248 del_llc.hd.common.type = SMC_LLC_DELETE_LINK; ··· 1312 1314 */ 1313 1315 void smc_llc_send_link_delete_all(struct smc_link_group *lgr, bool ord, u32 rsn) 1314 1316 { 1315 - struct smc_llc_msg_del_link delllc = {0}; 1317 + struct smc_llc_msg_del_link delllc = {}; 1316 1318 int i; 1317 1319 1318 1320 delllc.hd.common.type = SMC_LLC_DELETE_LINK; ··· 1601 1603 struct smc_llc_qentry *qentry; 1602 1604 1603 1605 if (!lgr->llc_flow_lcl.type && lgr->delayed_event) { 1604 - if (smc_link_usable(lgr->delayed_event->link)) { 1605 - smc_llc_event_handler(lgr->delayed_event); 1606 - } else { 1607 - qentry = lgr->delayed_event; 1608 - lgr->delayed_event = NULL; 1606 + qentry = lgr->delayed_event; 1607 + lgr->delayed_event = NULL; 1608 + if (smc_link_usable(qentry->link)) 1609 + smc_llc_event_handler(qentry); 1610 + else 1609 1611 kfree(qentry); 1610 - } 1611 1612 } 1612 1613 1613 1614 again:

+2 -1

net/tipc/msg.c

··· 150 150 if (fragid == FIRST_FRAGMENT) { 151 151 if (unlikely(head)) 152 152 goto err; 153 - frag = skb_unshare(frag, GFP_ATOMIC); 153 + if (skb_cloned(frag)) 154 + frag = skb_copy(frag, GFP_ATOMIC); 154 155 if (unlikely(!frag)) 155 156 goto err; 156 157 head = *headbuf = frag;

+9 -1

net/tipc/name_distr.c

··· 327 327 struct tipc_msg *hdr; 328 328 u16 seqno; 329 329 330 + spin_lock_bh(&namedq->lock); 330 331 skb_queue_walk_safe(namedq, skb, tmp) { 331 - skb_linearize(skb); 332 + if (unlikely(skb_linearize(skb))) { 333 + __skb_unlink(skb, namedq); 334 + kfree_skb(skb); 335 + continue; 336 + } 332 337 hdr = buf_msg(skb); 333 338 seqno = msg_named_seqno(hdr); 334 339 if (msg_is_last_bulk(hdr)) { ··· 343 338 344 339 if (msg_is_bulk(hdr) || msg_is_legacy(hdr)) { 345 340 __skb_unlink(skb, namedq); 341 + spin_unlock_bh(&namedq->lock); 346 342 return skb; 347 343 } 348 344 349 345 if (*open && (*rcv_nxt == seqno)) { 350 346 (*rcv_nxt)++; 351 347 __skb_unlink(skb, namedq); 348 + spin_unlock_bh(&namedq->lock); 352 349 return skb; 353 350 } 354 351 ··· 360 353 continue; 361 354 } 362 355 } 356 + spin_unlock_bh(&namedq->lock); 363 357 return NULL; 364 358 } 365 359

+1 -1

net/tipc/node.c

··· 1496 1496 1497 1497 /* Clean up broadcast state */ 1498 1498 tipc_bcast_remove_peer(n->net, n->bc_entry.link); 1499 - __skb_queue_purge(&n->bc_entry.namedq); 1499 + skb_queue_purge(&n->bc_entry.namedq); 1500 1500 1501 1501 /* Abort any ongoing link failover */ 1502 1502 for (i = 0; i < MAX_BEARERS; i++) {

+6 -5

net/tls/tls_device.c

··· 418 418 struct tls_context *tls_ctx = tls_get_ctx(sk); 419 419 struct tls_prot_info *prot = &tls_ctx->prot_info; 420 420 struct tls_offload_context_tx *ctx = tls_offload_ctx_tx(tls_ctx); 421 - int more = flags & (MSG_SENDPAGE_NOTLAST | MSG_MORE); 422 421 struct tls_record_info *record = ctx->open_record; 423 422 int tls_push_record_flags; 424 423 struct page_frag *pfrag; 425 424 size_t orig_size = size; 426 425 u32 max_open_record_len; 427 - int copy, rc = 0; 426 + bool more = false; 428 427 bool done = false; 428 + int copy, rc = 0; 429 429 long timeo; 430 430 431 431 if (flags & ··· 492 492 if (!size) { 493 493 last_record: 494 494 tls_push_record_flags = flags; 495 - if (more) { 496 - tls_ctx->pending_open_record_frags = 497 - !!record->num_frags; 495 + if (flags & (MSG_SENDPAGE_NOTLAST | MSG_MORE)) { 496 + more = true; 498 497 break; 499 498 } 500 499 ··· 524 525 break; 525 526 } 526 527 } while (!done); 528 + 529 + tls_ctx->pending_open_record_frags = more; 527 530 528 531 if (orig_size - size > 0) 529 532 rc = orig_size - size;

+1

tools/testing/selftests/net/Makefile

··· 20 20 TEST_PROGS += rxtimestamp.sh 21 21 TEST_PROGS += devlink_port_split.py 22 22 TEST_PROGS += drop_monitor_tests.sh 23 + TEST_PROGS += vrf_route_leaking.sh 23 24 TEST_PROGS_EXTENDED := in_netns.sh 24 25 TEST_GEN_FILES = socket nettest 25 26 TEST_GEN_FILES += psock_fanout psock_tpacket msg_zerocopy reuseport_addr_any

+626

tools/testing/selftests/net/vrf_route_leaking.sh

··· 1 + #!/bin/bash 2 + # SPDX-License-Identifier: GPL-2.0 3 + # 4 + # Copyright (c) 2019 David Ahern <dsahern@gmail.com>. All rights reserved. 5 + # Copyright (c) 2020 Michael Jeanson <mjeanson@efficios.com>. All rights reserved. 6 + # 7 + # Requires CONFIG_NET_VRF, CONFIG_VETH, CONFIG_BRIDGE and CONFIG_NET_NS. 8 + # 9 + # 10 + # Symmetric routing topology 11 + # 12 + # blue red 13 + # +----+ .253 +----+ .253 +----+ 14 + # | h1 |-------------------| r1 |-------------------| h2 | 15 + # +----+ .1 +----+ .2 +----+ 16 + # 172.16.1/24 172.16.2/24 17 + # 2001:db8:16:1/64 2001:db8:16:2/64 18 + # 19 + # 20 + # Route from h1 to h2 and back goes through r1, incoming vrf blue has a route 21 + # to the outgoing vrf red for the n2 network and red has a route back to n1. 22 + # The red VRF interface has a MTU of 1400. 23 + # 24 + # The first test sends a ping with a ttl of 1 from h1 to h2 and parses the 25 + # output of the command to check that a ttl expired error is received. 26 + # 27 + # The second test runs traceroute from h1 to h2 and parses the output to check 28 + # for a hop on r1. 29 + # 30 + # The third test sends a ping with a packet size of 1450 from h1 to h2 and 31 + # parses the output of the command to check that a fragmentation error is 32 + # received. 33 + # 34 + # 35 + # Asymmetric routing topology 36 + # 37 + # This topology represents a customer setup where the issue with icmp errors 38 + # and VRF route leaking was initialy reported. The MTU test isn't done here 39 + # because of the lack of a return route in the red VRF. 40 + # 41 + # blue red 42 + # .253 +----+ .253 43 + # +----| r1 |----+ 44 + # | +----+ | 45 + # +----+ | | +----+ 46 + # | h1 |--------------+ +--------------| h2 | 47 + # +----+ .1 | | .2 +----+ 48 + # 172.16.1/24 | +----+ | 172.16.2/24 49 + # 2001:db8:16:1/64 +----| r2 |----+ 2001:db8:16:2/64 50 + # .254 +----+ .254 51 + # 52 + # 53 + # Route from h1 to h2 goes through r1, incoming vrf blue has a route to the 54 + # outgoing vrf red for the n2 network but red doesn't have a route back to n1. 55 + # Route from h2 to h1 goes through r2. 56 + # 57 + # The objective is to check that the incoming vrf routing table is selected 58 + # to send an ICMP error back to the source when the ttl of a packet reaches 1 59 + # while it is forwarded between different vrfs. 60 + 61 + VERBOSE=0 62 + PAUSE_ON_FAIL=no 63 + DEFAULT_TTYPE=sym 64 + 65 + H1_N1=172.16.1.0/24 66 + H1_N1_6=2001:db8:16:1::/64 67 + 68 + H1_N1_IP=172.16.1.1 69 + R1_N1_IP=172.16.1.253 70 + R2_N1_IP=172.16.1.254 71 + 72 + H1_N1_IP6=2001:db8:16:1::1 73 + R1_N1_IP6=2001:db8:16:1::253 74 + R2_N1_IP6=2001:db8:16:1::254 75 + 76 + H2_N2=172.16.2.0/24 77 + H2_N2_6=2001:db8:16:2::/64 78 + 79 + H2_N2_IP=172.16.2.2 80 + R1_N2_IP=172.16.2.253 81 + R2_N2_IP=172.16.2.254 82 + 83 + H2_N2_IP6=2001:db8:16:2::2 84 + R1_N2_IP6=2001:db8:16:2::253 85 + R2_N2_IP6=2001:db8:16:2::254 86 + 87 + ################################################################################ 88 + # helpers 89 + 90 + log_section() 91 + { 92 + echo 93 + echo "###########################################################################" 94 + echo "$*" 95 + echo "###########################################################################" 96 + echo 97 + } 98 + 99 + log_test() 100 + { 101 + local rc=$1 102 + local expected=$2 103 + local msg="$3" 104 + 105 + if [ "${rc}" -eq "${expected}" ]; then 106 + printf "TEST: %-60s [ OK ]\n" "${msg}" 107 + nsuccess=$((nsuccess+1)) 108 + else 109 + ret=1 110 + nfail=$((nfail+1)) 111 + printf "TEST: %-60s [FAIL]\n" "${msg}" 112 + if [ "${PAUSE_ON_FAIL}" = "yes" ]; then 113 + echo 114 + echo "hit enter to continue, 'q' to quit" 115 + read -r a 116 + [ "$a" = "q" ] && exit 1 117 + fi 118 + fi 119 + } 120 + 121 + run_cmd() 122 + { 123 + local cmd="$*" 124 + local out 125 + local rc 126 + 127 + if [ "$VERBOSE" = "1" ]; then 128 + echo "COMMAND: $cmd" 129 + fi 130 + 131 + # shellcheck disable=SC2086 132 + out=$(eval $cmd 2>&1) 133 + rc=$? 134 + if [ "$VERBOSE" = "1" ] && [ -n "$out" ]; then 135 + echo "$out" 136 + fi 137 + 138 + [ "$VERBOSE" = "1" ] && echo 139 + 140 + return $rc 141 + } 142 + 143 + run_cmd_grep() 144 + { 145 + local grep_pattern="$1" 146 + shift 147 + local cmd="$*" 148 + local out 149 + local rc 150 + 151 + if [ "$VERBOSE" = "1" ]; then 152 + echo "COMMAND: $cmd" 153 + fi 154 + 155 + # shellcheck disable=SC2086 156 + out=$(eval $cmd 2>&1) 157 + if [ "$VERBOSE" = "1" ] && [ -n "$out" ]; then 158 + echo "$out" 159 + fi 160 + 161 + echo "$out" | grep -q "$grep_pattern" 162 + rc=$? 163 + 164 + [ "$VERBOSE" = "1" ] && echo 165 + 166 + return $rc 167 + } 168 + 169 + ################################################################################ 170 + # setup and teardown 171 + 172 + cleanup() 173 + { 174 + local ns 175 + 176 + for ns in h1 h2 r1 r2; do 177 + ip netns del $ns 2>/dev/null 178 + done 179 + } 180 + 181 + setup_vrf() 182 + { 183 + local ns=$1 184 + 185 + ip -netns "${ns}" rule del pref 0 186 + ip -netns "${ns}" rule add pref 32765 from all lookup local 187 + ip -netns "${ns}" -6 rule del pref 0 188 + ip -netns "${ns}" -6 rule add pref 32765 from all lookup local 189 + } 190 + 191 + create_vrf() 192 + { 193 + local ns=$1 194 + local vrf=$2 195 + local table=$3 196 + 197 + ip -netns "${ns}" link add "${vrf}" type vrf table "${table}" 198 + ip -netns "${ns}" link set "${vrf}" up 199 + ip -netns "${ns}" route add vrf "${vrf}" unreachable default metric 8192 200 + ip -netns "${ns}" -6 route add vrf "${vrf}" unreachable default metric 8192 201 + 202 + ip -netns "${ns}" addr add 127.0.0.1/8 dev "${vrf}" 203 + ip -netns "${ns}" -6 addr add ::1 dev "${vrf}" nodad 204 + } 205 + 206 + setup_sym() 207 + { 208 + local ns 209 + 210 + # make sure we are starting with a clean slate 211 + cleanup 212 + 213 + # 214 + # create nodes as namespaces 215 + # 216 + for ns in h1 h2 r1; do 217 + ip netns add $ns 218 + ip -netns $ns link set lo up 219 + 220 + case "${ns}" in 221 + h[12]) ip netns exec $ns sysctl -q -w net.ipv6.conf.all.forwarding=0 222 + ip netns exec $ns sysctl -q -w net.ipv6.conf.all.keep_addr_on_down=1 223 + ;; 224 + r1) ip netns exec $ns sysctl -q -w net.ipv4.ip_forward=1 225 + ip netns exec $ns sysctl -q -w net.ipv6.conf.all.forwarding=1 226 + esac 227 + done 228 + 229 + # 230 + # create interconnects 231 + # 232 + ip -netns h1 link add eth0 type veth peer name r1h1 233 + ip -netns h1 link set r1h1 netns r1 name eth0 up 234 + 235 + ip -netns h2 link add eth0 type veth peer name r1h2 236 + ip -netns h2 link set r1h2 netns r1 name eth1 up 237 + 238 + # 239 + # h1 240 + # 241 + ip -netns h1 addr add dev eth0 ${H1_N1_IP}/24 242 + ip -netns h1 -6 addr add dev eth0 ${H1_N1_IP6}/64 nodad 243 + ip -netns h1 link set eth0 up 244 + 245 + # h1 to h2 via r1 246 + ip -netns h1 route add ${H2_N2} via ${R1_N1_IP} dev eth0 247 + ip -netns h1 -6 route add ${H2_N2_6} via "${R1_N1_IP6}" dev eth0 248 + 249 + # 250 + # h2 251 + # 252 + ip -netns h2 addr add dev eth0 ${H2_N2_IP}/24 253 + ip -netns h2 -6 addr add dev eth0 ${H2_N2_IP6}/64 nodad 254 + ip -netns h2 link set eth0 up 255 + 256 + # h2 to h1 via r1 257 + ip -netns h2 route add default via ${R1_N2_IP} dev eth0 258 + ip -netns h2 -6 route add default via ${R1_N2_IP6} dev eth0 259 + 260 + # 261 + # r1 262 + # 263 + setup_vrf r1 264 + create_vrf r1 blue 1101 265 + create_vrf r1 red 1102 266 + ip -netns r1 link set mtu 1400 dev eth1 267 + ip -netns r1 link set eth0 vrf blue up 268 + ip -netns r1 link set eth1 vrf red up 269 + ip -netns r1 addr add dev eth0 ${R1_N1_IP}/24 270 + ip -netns r1 -6 addr add dev eth0 ${R1_N1_IP6}/64 nodad 271 + ip -netns r1 addr add dev eth1 ${R1_N2_IP}/24 272 + ip -netns r1 -6 addr add dev eth1 ${R1_N2_IP6}/64 nodad 273 + 274 + # Route leak from blue to red 275 + ip -netns r1 route add vrf blue ${H2_N2} dev red 276 + ip -netns r1 -6 route add vrf blue ${H2_N2_6} dev red 277 + 278 + # Route leak from red to blue 279 + ip -netns r1 route add vrf red ${H1_N1} dev blue 280 + ip -netns r1 -6 route add vrf red ${H1_N1_6} dev blue 281 + 282 + 283 + # Wait for ip config to settle 284 + sleep 2 285 + } 286 + 287 + setup_asym() 288 + { 289 + local ns 290 + 291 + # make sure we are starting with a clean slate 292 + cleanup 293 + 294 + # 295 + # create nodes as namespaces 296 + # 297 + for ns in h1 h2 r1 r2; do 298 + ip netns add $ns 299 + ip -netns $ns link set lo up 300 + 301 + case "${ns}" in 302 + h[12]) ip netns exec $ns sysctl -q -w net.ipv6.conf.all.forwarding=0 303 + ip netns exec $ns sysctl -q -w net.ipv6.conf.all.keep_addr_on_down=1 304 + ;; 305 + r[12]) ip netns exec $ns sysctl -q -w net.ipv4.ip_forward=1 306 + ip netns exec $ns sysctl -q -w net.ipv6.conf.all.forwarding=1 307 + esac 308 + done 309 + 310 + # 311 + # create interconnects 312 + # 313 + ip -netns h1 link add eth0 type veth peer name r1h1 314 + ip -netns h1 link set r1h1 netns r1 name eth0 up 315 + 316 + ip -netns h1 link add eth1 type veth peer name r2h1 317 + ip -netns h1 link set r2h1 netns r2 name eth0 up 318 + 319 + ip -netns h2 link add eth0 type veth peer name r1h2 320 + ip -netns h2 link set r1h2 netns r1 name eth1 up 321 + 322 + ip -netns h2 link add eth1 type veth peer name r2h2 323 + ip -netns h2 link set r2h2 netns r2 name eth1 up 324 + 325 + # 326 + # h1 327 + # 328 + ip -netns h1 link add br0 type bridge 329 + ip -netns h1 link set br0 up 330 + ip -netns h1 addr add dev br0 ${H1_N1_IP}/24 331 + ip -netns h1 -6 addr add dev br0 ${H1_N1_IP6}/64 nodad 332 + ip -netns h1 link set eth0 master br0 up 333 + ip -netns h1 link set eth1 master br0 up 334 + 335 + # h1 to h2 via r1 336 + ip -netns h1 route add ${H2_N2} via ${R1_N1_IP} dev br0 337 + ip -netns h1 -6 route add ${H2_N2_6} via "${R1_N1_IP6}" dev br0 338 + 339 + # 340 + # h2 341 + # 342 + ip -netns h2 link add br0 type bridge 343 + ip -netns h2 link set br0 up 344 + ip -netns h2 addr add dev br0 ${H2_N2_IP}/24 345 + ip -netns h2 -6 addr add dev br0 ${H2_N2_IP6}/64 nodad 346 + ip -netns h2 link set eth0 master br0 up 347 + ip -netns h2 link set eth1 master br0 up 348 + 349 + # h2 to h1 via r2 350 + ip -netns h2 route add default via ${R2_N2_IP} dev br0 351 + ip -netns h2 -6 route add default via ${R2_N2_IP6} dev br0 352 + 353 + # 354 + # r1 355 + # 356 + setup_vrf r1 357 + create_vrf r1 blue 1101 358 + create_vrf r1 red 1102 359 + ip -netns r1 link set mtu 1400 dev eth1 360 + ip -netns r1 link set eth0 vrf blue up 361 + ip -netns r1 link set eth1 vrf red up 362 + ip -netns r1 addr add dev eth0 ${R1_N1_IP}/24 363 + ip -netns r1 -6 addr add dev eth0 ${R1_N1_IP6}/64 nodad 364 + ip -netns r1 addr add dev eth1 ${R1_N2_IP}/24 365 + ip -netns r1 -6 addr add dev eth1 ${R1_N2_IP6}/64 nodad 366 + 367 + # Route leak from blue to red 368 + ip -netns r1 route add vrf blue ${H2_N2} dev red 369 + ip -netns r1 -6 route add vrf blue ${H2_N2_6} dev red 370 + 371 + # No route leak from red to blue 372 + 373 + # 374 + # r2 375 + # 376 + ip -netns r2 addr add dev eth0 ${R2_N1_IP}/24 377 + ip -netns r2 -6 addr add dev eth0 ${R2_N1_IP6}/64 nodad 378 + ip -netns r2 addr add dev eth1 ${R2_N2_IP}/24 379 + ip -netns r2 -6 addr add dev eth1 ${R2_N2_IP6}/64 nodad 380 + 381 + # Wait for ip config to settle 382 + sleep 2 383 + } 384 + 385 + check_connectivity() 386 + { 387 + ip netns exec h1 ping -c1 -w1 ${H2_N2_IP} >/dev/null 2>&1 388 + log_test $? 0 "Basic IPv4 connectivity" 389 + return $? 390 + } 391 + 392 + check_connectivity6() 393 + { 394 + ip netns exec h1 "${ping6}" -c1 -w1 ${H2_N2_IP6} >/dev/null 2>&1 395 + log_test $? 0 "Basic IPv6 connectivity" 396 + return $? 397 + } 398 + 399 + check_traceroute() 400 + { 401 + if [ ! -x "$(command -v traceroute)" ]; then 402 + echo "SKIP: Could not run IPV4 test without traceroute" 403 + return 1 404 + fi 405 + } 406 + 407 + check_traceroute6() 408 + { 409 + if [ ! -x "$(command -v traceroute6)" ]; then 410 + echo "SKIP: Could not run IPV6 test without traceroute6" 411 + return 1 412 + fi 413 + } 414 + 415 + ipv4_traceroute() 416 + { 417 + local ttype="$1" 418 + 419 + [ "x$ttype" = "x" ] && ttype="$DEFAULT_TTYPE" 420 + 421 + log_section "IPv4 ($ttype route): VRF ICMP error route lookup traceroute" 422 + 423 + check_traceroute || return 424 + 425 + setup_"$ttype" 426 + 427 + check_connectivity || return 428 + 429 + run_cmd_grep "${R1_N1_IP}" ip netns exec h1 traceroute ${H2_N2_IP} 430 + log_test $? 0 "Traceroute reports a hop on r1" 431 + } 432 + 433 + ipv4_traceroute_asym() 434 + { 435 + ipv4_traceroute asym 436 + } 437 + 438 + ipv6_traceroute() 439 + { 440 + local ttype="$1" 441 + 442 + [ "x$ttype" = "x" ] && ttype="$DEFAULT_TTYPE" 443 + 444 + log_section "IPv6 ($ttype route): VRF ICMP error route lookup traceroute" 445 + 446 + check_traceroute6 || return 447 + 448 + setup_"$ttype" 449 + 450 + check_connectivity6 || return 451 + 452 + run_cmd_grep "${R1_N1_IP6}" ip netns exec h1 traceroute6 ${H2_N2_IP6} 453 + log_test $? 0 "Traceroute6 reports a hop on r1" 454 + } 455 + 456 + ipv6_traceroute_asym() 457 + { 458 + ipv6_traceroute asym 459 + } 460 + 461 + ipv4_ping_ttl() 462 + { 463 + local ttype="$1" 464 + 465 + [ "x$ttype" = "x" ] && ttype="$DEFAULT_TTYPE" 466 + 467 + log_section "IPv4 ($ttype route): VRF ICMP ttl error route lookup ping" 468 + 469 + setup_"$ttype" 470 + 471 + check_connectivity || return 472 + 473 + run_cmd_grep "Time to live exceeded" ip netns exec h1 ping -t1 -c1 -W2 ${H2_N2_IP} 474 + log_test $? 0 "Ping received ICMP ttl exceeded" 475 + } 476 + 477 + ipv4_ping_ttl_asym() 478 + { 479 + ipv4_ping_ttl asym 480 + } 481 + 482 + ipv4_ping_frag() 483 + { 484 + local ttype="$1" 485 + 486 + [ "x$ttype" = "x" ] && ttype="$DEFAULT_TTYPE" 487 + 488 + log_section "IPv4 ($ttype route): VRF ICMP fragmentation error route lookup ping" 489 + 490 + setup_"$ttype" 491 + 492 + check_connectivity || return 493 + 494 + run_cmd_grep "Frag needed" ip netns exec h1 ping -s 1450 -Mdo -c1 -W2 ${H2_N2_IP} 495 + log_test $? 0 "Ping received ICMP Frag needed" 496 + } 497 + 498 + ipv4_ping_frag_asym() 499 + { 500 + ipv4_ping_frag asym 501 + } 502 + 503 + ipv6_ping_ttl() 504 + { 505 + local ttype="$1" 506 + 507 + [ "x$ttype" = "x" ] && ttype="$DEFAULT_TTYPE" 508 + 509 + log_section "IPv6 ($ttype route): VRF ICMP ttl error route lookup ping" 510 + 511 + setup_"$ttype" 512 + 513 + check_connectivity6 || return 514 + 515 + run_cmd_grep "Time exceeded: Hop limit" ip netns exec h1 "${ping6}" -t1 -c1 -W2 ${H2_N2_IP6} 516 + log_test $? 0 "Ping received ICMP Hop limit" 517 + } 518 + 519 + ipv6_ping_ttl_asym() 520 + { 521 + ipv6_ping_ttl asym 522 + } 523 + 524 + ipv6_ping_frag() 525 + { 526 + local ttype="$1" 527 + 528 + [ "x$ttype" = "x" ] && ttype="$DEFAULT_TTYPE" 529 + 530 + log_section "IPv6 ($ttype route): VRF ICMP fragmentation error route lookup ping" 531 + 532 + setup_"$ttype" 533 + 534 + check_connectivity6 || return 535 + 536 + run_cmd_grep "Packet too big" ip netns exec h1 "${ping6}" -s 1450 -Mdo -c1 -W2 ${H2_N2_IP6} 537 + log_test $? 0 "Ping received ICMP Packet too big" 538 + } 539 + 540 + ipv6_ping_frag_asym() 541 + { 542 + ipv6_ping_frag asym 543 + } 544 + 545 + ################################################################################ 546 + # usage 547 + 548 + usage() 549 + { 550 + cat <<EOF 551 + usage: ${0##*/} OPTS 552 + 553 + -4 Run IPv4 tests only 554 + -6 Run IPv6 tests only 555 + -t TEST Run only TEST 556 + -p Pause on fail 557 + -v verbose mode (show commands and output) 558 + EOF 559 + } 560 + 561 + ################################################################################ 562 + # main 563 + 564 + # Some systems don't have a ping6 binary anymore 565 + command -v ping6 > /dev/null 2>&1 && ping6=$(command -v ping6) || ping6=$(command -v ping) 566 + 567 + TESTS_IPV4="ipv4_ping_ttl ipv4_traceroute ipv4_ping_frag ipv4_ping_ttl_asym ipv4_traceroute_asym" 568 + TESTS_IPV6="ipv6_ping_ttl ipv6_traceroute ipv6_ping_frag ipv6_ping_ttl_asym ipv6_traceroute_asym" 569 + 570 + ret=0 571 + nsuccess=0 572 + nfail=0 573 + 574 + while getopts :46t:pvh o 575 + do 576 + case $o in 577 + 4) TESTS=ipv4;; 578 + 6) TESTS=ipv6;; 579 + t) TESTS=$OPTARG;; 580 + p) PAUSE_ON_FAIL=yes;; 581 + v) VERBOSE=1;; 582 + h) usage; exit 0;; 583 + *) usage; exit 1;; 584 + esac 585 + done 586 + 587 + # 588 + # show user test config 589 + # 590 + if [ -z "$TESTS" ]; then 591 + TESTS="$TESTS_IPV4 $TESTS_IPV6" 592 + elif [ "$TESTS" = "ipv4" ]; then 593 + TESTS="$TESTS_IPV4" 594 + elif [ "$TESTS" = "ipv6" ]; then 595 + TESTS="$TESTS_IPV6" 596 + fi 597 + 598 + for t in $TESTS 599 + do 600 + case $t in 601 + ipv4_ping_ttl|ping) ipv4_ping_ttl;;& 602 + ipv4_ping_ttl_asym|ping) ipv4_ping_ttl_asym;;& 603 + ipv4_traceroute|traceroute) ipv4_traceroute;;& 604 + ipv4_traceroute_asym|traceroute) ipv4_traceroute_asym;;& 605 + ipv4_ping_frag|ping) ipv4_ping_frag;;& 606 + 607 + ipv6_ping_ttl|ping) ipv6_ping_ttl;;& 608 + ipv6_ping_ttl_asym|ping) ipv6_ping_ttl_asym;;& 609 + ipv6_traceroute|traceroute) ipv6_traceroute;;& 610 + ipv6_traceroute_asym|traceroute) ipv6_traceroute_asym;;& 611 + ipv6_ping_frag|ping) ipv6_ping_frag;;& 612 + 613 + # setup namespaces and config, but do not run any tests 614 + setup_sym|setup) setup_sym; exit 0;; 615 + setup_asym) setup_asym; exit 0;; 616 + 617 + help) echo "Test names: $TESTS"; exit 0;; 618 + esac 619 + done 620 + 621 + cleanup 622 + 623 + printf "\nTests passed: %3d\n" ${nsuccess} 624 + printf "Tests failed: %3d\n" ${nfail} 625 + 626 + exit $ret

+52 -9

tools/testing/selftests/netfilter/nf-queue.c

··· 17 17 18 18 struct options { 19 19 bool count_packets; 20 + bool gso_enabled; 20 21 int verbose; 21 22 unsigned int queue_num; 22 23 unsigned int timeout; 24 + uint32_t verdict; 25 + uint32_t delay_ms; 23 26 }; 24 27 25 28 static unsigned int queue_stats[5]; ··· 30 27 31 28 static void help(const char *p) 32 29 { 33 - printf("Usage: %s [-c|-v [-vv] ] [-t timeout] [-q queue_num]\n", p); 30 + printf("Usage: %s [-c|-v [-vv] ] [-t timeout] [-q queue_num] [-Qdst_queue ] [ -d ms_delay ] [-G]\n", p); 34 31 } 35 32 36 33 static int parse_attr_cb(const struct nlattr *attr, void *data) ··· 165 162 } 166 163 167 164 static struct nlmsghdr * 168 - nfq_build_verdict(char *buf, int id, int queue_num, int verd) 165 + nfq_build_verdict(char *buf, int id, int queue_num, uint32_t verd) 169 166 { 170 167 struct nfqnl_msg_verdict_hdr vh = { 171 168 .verdict = htonl(verd), ··· 191 188 { 192 189 unsigned int last, total; 193 190 int i; 194 - 195 - if (!opts.count_packets) 196 - return; 197 191 198 192 total = 0; 199 193 last = queue_stats[0]; ··· 234 234 235 235 nlh = nfq_build_cfg_params(buf, NFQNL_COPY_PACKET, 0xFFFF, queue_num); 236 236 237 - flags = NFQA_CFG_F_GSO | NFQA_CFG_F_UID_GID; 237 + flags = opts.gso_enabled ? NFQA_CFG_F_GSO : 0; 238 + flags |= NFQA_CFG_F_UID_GID; 238 239 mnl_attr_put_u32(nlh, NFQA_CFG_FLAGS, htonl(flags)); 239 240 mnl_attr_put_u32(nlh, NFQA_CFG_MASK, htonl(flags)); 240 241 ··· 254 253 } 255 254 256 255 return nl; 256 + } 257 + 258 + static void sleep_ms(uint32_t delay) 259 + { 260 + struct timespec ts = { .tv_sec = delay / 1000 }; 261 + 262 + delay %= 1000; 263 + 264 + ts.tv_nsec = delay * 1000llu * 1000llu; 265 + 266 + nanosleep(&ts, NULL); 257 267 } 258 268 259 269 static int mainloop(void) ··· 290 278 291 279 ret = mnl_socket_recvfrom(nl, buf, buflen); 292 280 if (ret == -1) { 293 - if (errno == ENOBUFS) 281 + if (errno == ENOBUFS || errno == EINTR) 294 282 continue; 295 283 296 284 if (errno == EAGAIN) { ··· 310 298 } 311 299 312 300 id = ret - MNL_CB_OK; 313 - nlh = nfq_build_verdict(buf, id, opts.queue_num, NF_ACCEPT); 301 + if (opts.delay_ms) 302 + sleep_ms(opts.delay_ms); 303 + 304 + nlh = nfq_build_verdict(buf, id, opts.queue_num, opts.verdict); 314 305 if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { 315 306 perror("mnl_socket_sendto"); 316 307 exit(EXIT_FAILURE); ··· 329 314 { 330 315 int c; 331 316 332 - while ((c = getopt(argc, argv, "chvt:q:")) != -1) { 317 + while ((c = getopt(argc, argv, "chvt:q:Q:d:G")) != -1) { 333 318 switch (c) { 334 319 case 'c': 335 320 opts.count_packets = true; ··· 343 328 if (opts.queue_num > 0xffff) 344 329 opts.queue_num = 0; 345 330 break; 331 + case 'Q': 332 + opts.verdict = atoi(optarg); 333 + if (opts.verdict > 0xffff) { 334 + fprintf(stderr, "Expected destination queue number\n"); 335 + exit(1); 336 + } 337 + 338 + opts.verdict <<= 16; 339 + opts.verdict |= NF_QUEUE; 340 + break; 341 + case 'd': 342 + opts.delay_ms = atoi(optarg); 343 + if (opts.delay_ms == 0) { 344 + fprintf(stderr, "Expected nonzero delay (in milliseconds)\n"); 345 + exit(1); 346 + } 347 + break; 346 348 case 't': 347 349 opts.timeout = atoi(optarg); 350 + break; 351 + case 'G': 352 + opts.gso_enabled = false; 348 353 break; 349 354 case 'v': 350 355 opts.verbose++; 351 356 break; 352 357 } 353 358 } 359 + 360 + if (opts.verdict != NF_ACCEPT && (opts.verdict >> 16 == opts.queue_num)) { 361 + fprintf(stderr, "Cannot use same destination and source queue\n"); 362 + exit(1); 363 + } 354 364 } 355 365 356 366 int main(int argc, char *argv[]) 357 367 { 358 368 int ret; 369 + 370 + opts.verdict = NF_ACCEPT; 371 + opts.gso_enabled = true; 359 372 360 373 parse_opts(argc, argv); 361 374

+25 -7

tools/testing/selftests/netfilter/nft_meta.sh

··· 7 7 sfx=$(mktemp -u "XXXXXXXX") 8 8 ns0="ns0-$sfx" 9 9 10 - nft --version > /dev/null 2>&1 11 - if [ $? -ne 0 ];then 10 + if ! nft --version > /dev/null 2>&1; then 12 11 echo "SKIP: Could not run test without nft tool" 13 12 exit $ksft_skip 14 13 fi ··· 23 24 24 25 trap cleanup EXIT 25 26 27 + currentyear=$(date +%G) 28 + lastyear=$((currentyear-1)) 26 29 ip netns exec "$ns0" nft -f /dev/stdin <<EOF 27 30 table inet filter { 28 31 counter iifcount {} ··· 34 33 counter infproto4count {} 35 34 counter il4protocounter {} 36 35 counter imarkcounter {} 36 + counter icpu0counter {} 37 + counter ilastyearcounter {} 38 + counter icurrentyearcounter {} 37 39 38 40 counter oifcount {} 39 41 counter oifnamecount {} ··· 58 54 meta nfproto ipv4 counter name "infproto4count" 59 55 meta l4proto icmp counter name "il4protocounter" 60 56 meta mark 42 counter name "imarkcounter" 57 + meta cpu 0 counter name "icpu0counter" 58 + meta time "$lastyear-01-01" - "$lastyear-12-31" counter name ilastyearcounter 59 + meta time "$currentyear-01-01" - "$currentyear-12-31" counter name icurrentyearcounter 61 60 } 62 61 63 62 chain output { ··· 91 84 local want="packets $2" 92 85 local verbose="$3" 93 86 94 - cnt=$(ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want") 95 - if [ $? -ne 0 ];then 87 + if ! ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want"; then 96 88 echo "FAIL: $cname, want \"$want\", got" 97 89 ret=1 98 - ip netns exec "$ns0" nft list counter inet filter $counter 90 + ip netns exec "$ns0" nft list counter inet filter $cname 99 91 fi 100 92 } 101 93 ··· 106 100 107 101 for counter in iifcount iifnamecount iifgroupcount iiftypecount infproto4count \ 108 102 oifcount oifnamecount oifgroupcount oiftypecount onfproto4count \ 109 - il4protocounter \ 110 - ol4protocounter \ 103 + il4protocounter icurrentyearcounter ol4protocounter \ 111 104 ; do 112 105 check_one_counter "$counter" "$want" "$verbose" 113 106 done ··· 121 116 check_one_counter oskgidcounter "1" true 122 117 check_one_counter imarkcounter "1" true 123 118 check_one_counter omarkcounter "1" true 119 + check_one_counter ilastyearcounter "0" true 124 120 125 121 if [ $ret -eq 0 ];then 126 122 echo "OK: nftables meta iif/oif counters at expected values" 123 + else 124 + exit $ret 125 + fi 126 + 127 + #First CPU execution and counter 128 + taskset -p 01 $$ > /dev/null 129 + ip netns exec "$ns0" nft reset counters > /dev/null 130 + ip netns exec "$ns0" ping -q -c 1 127.0.0.1 > /dev/null 131 + check_one_counter icpu0counter "2" true 132 + 133 + if [ $ret -eq 0 ];then 134 + echo "OK: nftables meta cpu counter at expected values" 127 135 fi 128 136 129 137 exit $ret

+57 -13

tools/testing/selftests/netfilter/nft_queue.sh

··· 12 12 ns1="ns1-$sfx" 13 13 ns2="ns2-$sfx" 14 14 nsrouter="nsrouter-$sfx" 15 + timeout=4 15 16 16 17 cleanup() 17 18 { ··· 21 20 ip netns del ${nsrouter} 22 21 rm -f "$TMPFILE0" 23 22 rm -f "$TMPFILE1" 23 + rm -f "$TMPFILE2" "$TMPFILE3" 24 24 } 25 25 26 26 nft --version > /dev/null 2>&1 ··· 44 42 45 43 TMPFILE0=$(mktemp) 46 44 TMPFILE1=$(mktemp) 45 + TMPFILE2=$(mktemp) 46 + TMPFILE3=$(mktemp) 47 47 trap cleanup EXIT 48 48 49 49 ip netns add ${ns1} ··· 87 83 local name=$1 88 84 local prio=$2 89 85 90 - ip netns exec ${nsrouter} nft -f - <<EOF 86 + ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF 91 87 table inet $name { 92 88 chain nfq { 93 89 ip protocol icmp queue bypass ··· 122 118 load_counter_ruleset() { 123 119 local prio=$1 124 120 125 - ip netns exec ${nsrouter} nft -f - <<EOF 121 + ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF 126 122 table inet countrules { 127 123 chain pre { 128 124 type filter hook prerouting priority $prio; policy accept; ··· 179 175 test_queue_blackhole() { 180 176 local proto=$1 181 177 182 - ip netns exec ${nsrouter} nft -f - <<EOF 178 + ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF 183 179 table $proto blackh { 184 180 chain forward { 185 181 type filter hook forward priority 0; policy accept; ··· 188 184 } 189 185 EOF 190 186 if [ $proto = "ip" ] ;then 191 - ip netns exec ${ns1} ping -c 1 -q 10.0.2.99 > /dev/null 187 + ip netns exec ${ns1} ping -W 2 -c 1 -q 10.0.2.99 > /dev/null 192 188 lret=$? 193 189 elif [ $proto = "ip6" ]; then 194 - ip netns exec ${ns1} ping -c 1 -q dead:2::99 > /dev/null 190 + ip netns exec ${ns1} ping -W 2 -c 1 -q dead:2::99 > /dev/null 195 191 lret=$? 196 192 else 197 193 lret=111 ··· 218 214 local last="" 219 215 220 216 # spawn nf-queue listeners 221 - ip netns exec ${nsrouter} ./nf-queue -c -q 0 -t 3 > "$TMPFILE0" & 222 - ip netns exec ${nsrouter} ./nf-queue -c -q 1 -t 3 > "$TMPFILE1" & 217 + ip netns exec ${nsrouter} ./nf-queue -c -q 0 -t $timeout > "$TMPFILE0" & 218 + ip netns exec ${nsrouter} ./nf-queue -c -q 1 -t $timeout > "$TMPFILE1" & 223 219 sleep 1 224 220 test_ping 225 221 ret=$? ··· 254 250 255 251 test_tcp_forward() 256 252 { 257 - ip netns exec ${nsrouter} ./nf-queue -q 2 -t 10 & 253 + ip netns exec ${nsrouter} ./nf-queue -q 2 -t $timeout & 258 254 local nfqpid=$! 259 255 260 256 tmpfile=$(mktemp) || exit 1 261 - dd conv=sparse status=none if=/dev/zero bs=1M count=100 of=$tmpfile 257 + dd conv=sparse status=none if=/dev/zero bs=1M count=200 of=$tmpfile 262 258 ip netns exec ${ns2} nc -w 5 -l -p 12345 <"$tmpfile" >/dev/null & 263 259 local rpid=$! 264 260 ··· 274 270 275 271 test_tcp_localhost() 276 272 { 277 - tc -net "${nsrouter}" qdisc add dev lo root netem loss random 1% 278 - 279 273 tmpfile=$(mktemp) || exit 1 280 274 281 - dd conv=sparse status=none if=/dev/zero bs=1M count=900 of=$tmpfile 275 + dd conv=sparse status=none if=/dev/zero bs=1M count=200 of=$tmpfile 282 276 ip netns exec ${nsrouter} nc -w 5 -l -p 12345 <"$tmpfile" >/dev/null & 283 277 local rpid=$! 284 278 285 - ip netns exec ${nsrouter} ./nf-queue -q 3 -t 30 & 279 + ip netns exec ${nsrouter} ./nf-queue -q 3 -t $timeout & 286 280 local nfqpid=$! 287 281 288 282 sleep 1 ··· 289 287 290 288 wait $rpid 291 289 [ $? -eq 0 ] && echo "PASS: tcp via loopback" 290 + wait 2>/dev/null 291 + } 292 + 293 + test_tcp_localhost_requeue() 294 + { 295 + ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF 296 + flush ruleset 297 + table inet filter { 298 + chain output { 299 + type filter hook output priority 0; policy accept; 300 + tcp dport 12345 limit rate 1/second burst 1 packets counter queue num 0 301 + } 302 + chain post { 303 + type filter hook postrouting priority 0; policy accept; 304 + tcp dport 12345 limit rate 1/second burst 1 packets counter queue num 0 305 + } 306 + } 307 + EOF 308 + tmpfile=$(mktemp) || exit 1 309 + dd conv=sparse status=none if=/dev/zero bs=1M count=200 of=$tmpfile 310 + ip netns exec ${nsrouter} nc -w 5 -l -p 12345 <"$tmpfile" >/dev/null & 311 + local rpid=$! 312 + 313 + ip netns exec ${nsrouter} ./nf-queue -c -q 1 -t $timeout > "$TMPFILE2" & 314 + 315 + # nfqueue 1 will be called via output hook. But this time, 316 + # re-queue the packet to nfqueue program on queue 2. 317 + ip netns exec ${nsrouter} ./nf-queue -G -d 150 -c -q 0 -Q 1 -t $timeout > "$TMPFILE3" & 318 + 319 + sleep 1 320 + ip netns exec ${nsrouter} nc -w 5 127.0.0.1 12345 <"$tmpfile" > /dev/null 321 + rm -f "$tmpfile" 322 + 323 + wait 324 + 325 + if ! diff -u "$TMPFILE2" "$TMPFILE3" ; then 326 + echo "FAIL: lost packets during requeue?!" 1>&2 327 + return 328 + fi 329 + 330 + echo "PASS: tcp via loopback and re-queueing" 292 331 } 293 332 294 333 ip netns exec ${nsrouter} sysctl net.ipv6.conf.all.forwarding=1 > /dev/null ··· 371 328 372 329 test_tcp_forward 373 330 test_tcp_localhost 331 + test_tcp_localhost_requeue 374 332 375 333 exit $ret