forked from torvalds/linux
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge tag 'net-next-5.10' of git://git.kernel.org/pub/scm/linux/kerne…
…l/git/netdev/net-next Pull networking updates from Jakub Kicinski: - Add redirect_neigh() BPF packet redirect helper, allowing to limit stack traversal in common container configs and improving TCP back-pressure. Daniel reports ~10Gbps => ~15Gbps single stream TCP performance gain. - Expand netlink policy support and improve policy export to user space. (Ge)netlink core performs request validation according to declared policies. Expand the expressiveness of those policies (min/max length and bitmasks). Allow dumping policies for particular commands. This is used for feature discovery by user space (instead of kernel version parsing or trial and error). - Support IGMPv3/MLDv2 multicast listener discovery protocols in bridge. - Allow more than 255 IPv4 multicast interfaces. - Add support for Type of Service (ToS) reflection in SYN/SYN-ACK packets of TCPv6. - In Multi-patch TCP (MPTCP) support concurrent transmission of data on multiple subflows in a load balancing scenario. Enhance advertising addresses via the RM_ADDR/ADD_ADDR options. - Support SMC-Dv2 version of SMC, which enables multi-subnet deployments. - Allow more calls to same peer in RxRPC. - Support two new Controller Area Network (CAN) protocols - CAN-FD and ISO 15765-2:2016. - Add xfrm/IPsec compat layer, solving the 32bit user space on 64bit kernel problem. - Add TC actions for implementing MPLS L2 VPNs. - Improve nexthop code - e.g. handle various corner cases when nexthop objects are removed from groups better, skip unnecessary notifications and make it easier to offload nexthops into HW by converting to a blocking notifier. - Support adding and consuming TCP header options by BPF programs, opening the doors for easy experimental and deployment-specific TCP option use. - Reorganize TCP congestion control (CC) initialization to simplify life of TCP CC implemented in BPF. - Add support for shipping BPF programs with the kernel and loading them early on boot via the User Mode Driver mechanism, hence reusing all the user space infra we have. - Support sleepable BPF programs, initially targeting LSM and tracing. - Add bpf_d_path() helper for returning full path for given 'struct path'. - Make bpf_tail_call compatible with bpf-to-bpf calls. - Allow BPF programs to call map_update_elem on sockmaps. - Add BPF Type Format (BTF) support for type and enum discovery, as well as support for using BTF within the kernel itself (current use is for pretty printing structures). - Support listing and getting information about bpf_links via the bpf syscall. - Enhance kernel interfaces around NIC firmware update. Allow specifying overwrite mask to control if settings etc. are reset during update; report expected max time operation may take to users; support firmware activation without machine reboot incl. limits of how much impact reset may have (e.g. dropping link or not). - Extend ethtool configuration interface to report IEEE-standard counters, to limit the need for per-vendor logic in user space. - Adopt or extend devlink use for debug, monitoring, fw update in many drivers (dsa loop, ice, ionic, sja1105, qed, mlxsw, mv88e6xxx, dpaa2-eth). - In mlxsw expose critical and emergency SFP module temperature alarms. Refactor port buffer handling to make the defaults more suitable and support setting these values explicitly via the DCBNL interface. - Add XDP support for Intel's igb driver. - Support offloading TC flower classification and filtering rules to mscc_ocelot switches. - Add PTP support for Marvell Octeontx2 and PP2.2 hardware, as well as fixed interval period pulse generator and one-step timestamping in dpaa-eth. - Add support for various auth offloads in WiFi APs, e.g. SAE (WPA3) offload. - Add Lynx PHY/PCS MDIO module, and convert various drivers which have this HW to use it. Convert mvpp2 to split PCS. - Support Marvell Prestera 98DX3255 24-port switch ASICs, as well as 7-port Mediatek MT7531 IP. - Add initial support for QCA6390 and IPQ6018 in ath11k WiFi driver, and wcn3680 support in wcn36xx. - Improve performance for packets which don't require much offloads on recent Mellanox NICs by 20% by making multiple packets share a descriptor entry. - Move chelsio inline crypto drivers (for TLS and IPsec) from the crypto subtree to drivers/net. Move MDIO drivers out of the phy directory. - Clean up a lot of W=1 warnings, reportedly the actively developed subsections of networking drivers should now build W=1 warning free. - Make sure drivers don't use in_interrupt() to dynamically adapt their code. Convert tasklets to use new tasklet_setup API (sadly this conversion is not yet complete). * tag 'net-next-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next: (2583 commits) Revert "bpfilter: Fix build error with CONFIG_BPFILTER_UMH" net, sockmap: Don't call bpf_prog_put() on NULL pointer bpf, selftest: Fix flaky tcp_hdr_options test when adding addr to lo bpf, sockmap: Add locking annotations to iterator netfilter: nftables: allow re-computing sctp CRC-32C in 'payload' statements net: fix pos incrementment in ipv6_route_seq_next net/smc: fix invalid return code in smcd_new_buf_create() net/smc: fix valid DMBE buffer sizes net/smc: fix use-after-free of delayed events bpfilter: Fix build error with CONFIG_BPFILTER_UMH cxgb4/ch_ipsec: Replace the module name to ch_ipsec from chcr net: sched: Fix suspicious RCU usage while accessing tcf_tunnel_info bpf: Fix register equivalence tracking. rxrpc: Fix loss of final ack on shutdown rxrpc: Fix bundle counting for exclusive connections netfilter: restore NF_INET_NUMHOOKS ibmveth: Identify ingress large send packets. ibmveth: Switch order of ibmveth_helper calls. cxgb4: handle 4-tuple PEDIT to NAT mode translation selftests: Add VRF route leaking tests ...
- Loading branch information
Showing
2,301 changed files
with
130,475 additions
and
51,396 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -191,6 +191,10 @@ N: Krishna Balasubramanian | |
| E: [email protected] | ||
| D: Wrote SYS V IPC (part of standard kernel since 0.99.10) | ||
|
|
||
| B: Robert Baldyga | ||
| E: [email protected] | ||
| D: Samsung S3FWRN5 NCI NFC Controller | ||
|
|
||
| N: Chris Ball | ||
| E: [email protected] | ||
| D: Former maintainer of the MMC/SD/SDIO subsystem. | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -52,6 +52,7 @@ Program types | |
| prog_cgroup_sysctl | ||
| prog_flow_dissector | ||
| bpf_lsm | ||
| prog_sk_lookup | ||
|
|
||
|
|
||
| Map types | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,98 @@ | ||
| .. SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause) | ||
| ===================== | ||
| BPF sk_lookup program | ||
| ===================== | ||
|
|
||
| BPF sk_lookup program type (``BPF_PROG_TYPE_SK_LOOKUP``) introduces programmability | ||
| into the socket lookup performed by the transport layer when a packet is to be | ||
| delivered locally. | ||
|
|
||
| When invoked BPF sk_lookup program can select a socket that will receive the | ||
| incoming packet by calling the ``bpf_sk_assign()`` BPF helper function. | ||
|
|
||
| Hooks for a common attach point (``BPF_SK_LOOKUP``) exist for both TCP and UDP. | ||
|
|
||
| Motivation | ||
| ========== | ||
|
|
||
| BPF sk_lookup program type was introduced to address setup scenarios where | ||
| binding sockets to an address with ``bind()`` socket call is impractical, such | ||
| as: | ||
|
|
||
| 1. receiving connections on a range of IP addresses, e.g. 192.0.2.0/24, when | ||
| binding to a wildcard address ``INADRR_ANY`` is not possible due to a port | ||
| conflict, | ||
| 2. receiving connections on all or a wide range of ports, i.e. an L7 proxy use | ||
| case. | ||
|
|
||
| Such setups would require creating and ``bind()``'ing one socket to each of the | ||
| IP address/port in the range, leading to resource consumption and potential | ||
| latency spikes during socket lookup. | ||
|
|
||
| Attachment | ||
| ========== | ||
|
|
||
| BPF sk_lookup program can be attached to a network namespace with | ||
| ``bpf(BPF_LINK_CREATE, ...)`` syscall using the ``BPF_SK_LOOKUP`` attach type and a | ||
| netns FD as attachment ``target_fd``. | ||
|
|
||
| Multiple programs can be attached to one network namespace. Programs will be | ||
| invoked in the same order as they were attached. | ||
|
|
||
| Hooks | ||
| ===== | ||
|
|
||
| The attached BPF sk_lookup programs run whenever the transport layer needs to | ||
| find a listening (TCP) or an unconnected (UDP) socket for an incoming packet. | ||
|
|
||
| Incoming traffic to established (TCP) and connected (UDP) sockets is delivered | ||
| as usual without triggering the BPF sk_lookup hook. | ||
|
|
||
| The attached BPF programs must return with either ``SK_PASS`` or ``SK_DROP`` | ||
| verdict code. As for other BPF program types that are network filters, | ||
| ``SK_PASS`` signifies that the socket lookup should continue on to regular | ||
| hashtable-based lookup, while ``SK_DROP`` causes the transport layer to drop the | ||
| packet. | ||
|
|
||
| A BPF sk_lookup program can also select a socket to receive the packet by | ||
| calling ``bpf_sk_assign()`` BPF helper. Typically, the program looks up a socket | ||
| in a map holding sockets, such as ``SOCKMAP`` or ``SOCKHASH``, and passes a | ||
| ``struct bpf_sock *`` to ``bpf_sk_assign()`` helper to record the | ||
| selection. Selecting a socket only takes effect if the program has terminated | ||
| with ``SK_PASS`` code. | ||
|
|
||
| When multiple programs are attached, the end result is determined from return | ||
| codes of all the programs according to the following rules: | ||
|
|
||
| 1. If any program returned ``SK_PASS`` and selected a valid socket, the socket | ||
| is used as the result of the socket lookup. | ||
| 2. If more than one program returned ``SK_PASS`` and selected a socket, the last | ||
| selection takes effect. | ||
| 3. If any program returned ``SK_DROP``, and no program returned ``SK_PASS`` and | ||
| selected a socket, socket lookup fails. | ||
| 4. If all programs returned ``SK_PASS`` and none of them selected a socket, | ||
| socket lookup continues on. | ||
|
|
||
| API | ||
| === | ||
|
|
||
| In its context, an instance of ``struct bpf_sk_lookup``, BPF sk_lookup program | ||
| receives information about the packet that triggered the socket lookup. Namely: | ||
|
|
||
| * IP version (``AF_INET`` or ``AF_INET6``), | ||
| * L4 protocol identifier (``IPPROTO_TCP`` or ``IPPROTO_UDP``), | ||
| * source and destination IP address, | ||
| * source and destination L4 port, | ||
| * the socket that has been selected with ``bpf_sk_assign()``. | ||
|
|
||
| Refer to ``struct bpf_sk_lookup`` declaration in ``linux/bpf.h`` user API | ||
| header, and `bpf-helpers(7) | ||
| <https://man7.org/linux/man-pages/man7/bpf-helpers.7.html>`_ man-page section | ||
| for ``bpf_sk_assign()`` for details. | ||
|
|
||
| Example | ||
| ======= | ||
|
|
||
| See ``tools/testing/selftests/bpf/prog_tests/sk_lookup.c`` for the reference | ||
| implementation. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.