1. 04 Jan, 2019 1 commit
    • Arthur Gautier's avatar
      netlink: fixup regression in RTM_GETADDR · 7c1e8a38
      Arthur Gautier authored
      This commit fixes a regression in AF_INET/RTM_GETADDR and
      AF_INET6/RTM_GETADDR.
      
      Before this commit, the kernel would stop dumping addresses once the first
      skb was full and end the stream with NLMSG_DONE(-EMSGSIZE). The error
      shouldn't be sent back to netlink_dump so the callback is kept alive. The
      userspace is expected to call back with a new empty skb.
      
      Changes from V1:
       - The error is not handled in netlink_dump anymore but rather in
         inet_dump_ifaddr and inet6_dump_addr directly as suggested by
         David Ahern.
      
      Fixes: d7e38611 ("net/ipv4: Put target net when address dump fails due to bad attributes")
      Fixes: 242afaa6 ("net/ipv6: Put target net when address dump fails due to bad attributes")
      
      Cc: David Ahern <dsahern@gmail.com>
      Cc: "David S . Miller" <davem@davemloft.net>
      Cc: netdev@vger.kernel.org
      Signed-off-by: default avatarArthur Gautier <baloo@gandi.net>
      Reviewed-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7c1e8a38
  2. 14 Dec, 2018 1 commit
    • dave taht's avatar
      net: Allow class-e address assignment via ifconfig ioctl · 65cab850
      dave taht authored
      While most distributions long ago switched to the iproute2 suite
      of utilities, which allow class-e (240.0.0.0/4) address assignment,
      distributions relying on busybox, toybox and other forms of
      ifconfig cannot assign class-e addresses without this kernel patch.
      
      While CIDR has been obsolete for 2 decades, and a survey of all the
      open source code in the world shows the IN_whatever macros are also
      obsolete... rather than obsolete CIDR from this ioctl entirely, this
      patch merely enables class-e assignment, sanely.
      Signed-off-by: dave taht's avatarDave Taht <dave.taht@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      65cab850
  3. 06 Dec, 2018 1 commit
  4. 25 Oct, 2018 1 commit
  5. 24 Oct, 2018 1 commit
  6. 23 Oct, 2018 2 commits
  7. 08 Oct, 2018 3 commits
  8. 06 Sep, 2018 2 commits
    • Christian Brauner's avatar
      ipv4: add inet_fill_args · 978a46fa
      Christian Brauner authored
      inet_fill_ifaddr() already took 6 arguments which meant the 7th argument
      would need to be pushed onto the stack on x86.
      Add a new struct inet_fill_args which holds common information passed
      to inet_fill_ifaddr() and shortens the function to three pointer arguments.
      Signed-off-by: Christian Brauner's avatarChristian Brauner <christian@brauner.io>
      Cc: Kirill Tkhai <ktkhai@virtuozzo.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      978a46fa
    • Christian Brauner's avatar
      ipv4: enable IFA_TARGET_NETNSID for RTM_GETADDR · d3807145
      Christian Brauner authored
      - Backwards Compatibility:
        If userspace wants to determine whether ipv4 RTM_GETADDR requests
        support the new IFA_TARGET_NETNSID property it should verify that the
        reply includes the IFA_TARGET_NETNSID property. If it does not
        userspace should assume that IFA_TARGET_NETNSID is not supported for
        ipv4 RTM_GETADDR requests on this kernel.
      - From what I gather from current userspace tools that make use of
        RTM_GETADDR requests some of them pass down struct ifinfomsg when they
        should actually pass down struct ifaddrmsg. To not break existing
        tools that pass down the wrong struct we will do the same as for
        RTM_GETLINK | NLM_F_DUMP requests and not error out when the
        nlmsg_parse() fails.
      
      - Security:
        Callers must have CAP_NET_ADMIN in the owning user namespace of the
        target network namespace.
      Signed-off-by: Christian Brauner's avatarChristian Brauner <christian@brauner.io>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d3807145
  9. 29 Jul, 2018 1 commit
    • Xin Long's avatar
      route: add support for directed broadcast forwarding · 5cbf777c
      Xin Long authored
      This patch implements the feature described in rfc1812#section-5.3.5.2
      and rfc2644. It allows the router to forward directed broadcast when
      sysctl bc_forwarding is enabled.
      
      Note that this feature could be done by iptables -j TEE, but it would
      cause some problems:
        - target TEE's gateway param has to be set with a specific address,
          and it's not flexible especially when the route wants forward all
          directed broadcasts.
        - this duplicates the directed broadcasts so this may cause side
          effects to applications.
      
      Besides, to keep consistent with other os router like BSD, it's also
      necessary to implement it in the route rx path.
      
      Note that route cache needs to be flushed when bc_forwarding is
      changed.
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5cbf777c
  10. 29 May, 2018 1 commit
  11. 27 Mar, 2018 1 commit
  12. 13 Feb, 2018 1 commit
    • Kirill Tkhai's avatar
      net: Convert pernet_subsys, registered from inet_init() · f84c6821
      Kirill Tkhai authored
      arp_net_ops just addr/removes /proc entry.
      
      devinet_ops allocates and frees duplicate of init_net tables
      and (un)registers sysctl entries.
      
      fib_net_ops allocates and frees pernet tables, creates/destroys
      netlink socket and (un)initializes /proc entries. Foreign
      pernet_operations do not touch them.
      
      ip_rt_proc_ops only modifies pernet /proc entries.
      
      xfrm_net_ops creates/destroys /proc entries, allocates/frees
      pernet statistics, hashes and tables, and (un)initializes
      sysctl files. These are not touched by foreigh pernet_operations
      
      xfrm4_net_ops allocates/frees private pernet memory, and
      configures sysctls.
      
      sysctl_route_ops creates/destroys sysctls.
      
      rt_genid_ops only initializes fields of just allocated net.
      
      ipv4_inetpeer_ops allocated/frees net private memory.
      
      igmp_net_ops just creates/destroys /proc files and socket,
      noone else interested in.
      
      tcp_sk_ops seems to be safe, because tcp_sk_init() does not
      depend on any other pernet_operations modifications. Iteration
      over hash table in inet_twsk_purge() is made under RCU lock,
      and it's safe to iterate the table this way. Removing from
      the table happen from inet_twsk_deschedule_put(), but this
      function is safe without any extern locks, as it's synchronized
      inside itself. There are many examples, it's used in different
      context. So, it's safe to leave tcp_sk_exit_batch() unlocked.
      
      tcp_net_metrics_ops is synchronized on tcp_metrics_lock and safe.
      
      udplite4_net_ops only creates/destroys pernet /proc file.
      
      icmp_sk_ops creates percpu sockets, not touched by foreign
      pernet_operations.
      
      ipmr_net_ops creates/destroys pernet fib tables, (un)registers
      fib rules and /proc files. This seem to be safe to execute
      in parallel with foreign pernet_operations.
      
      af_inet_ops just sets up default parameters of newly created net.
      
      ipv4_mib_ops creates and destroys pernet percpu statistics.
      
      raw_net_ops, tcp4_net_ops, udp4_net_ops, ping_v4_net_ops
      and ip_proc_ops only create/destroy pernet /proc files.
      
      ip4_frags_ops creates and destroys sysctl file.
      
      So, it's safe to make the pernet_operations async.
      Signed-off-by: default avatarKirill Tkhai <ktkhai@virtuozzo.com>
      Acked-by: default avatarAndrei Vagin <avagin@virtuozzo.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f84c6821
  13. 29 Jan, 2018 1 commit
  14. 25 Jan, 2018 2 commits
  15. 13 Dec, 2017 1 commit
  16. 20 Oct, 2017 1 commit
  17. 18 Oct, 2017 1 commit
  18. 16 Oct, 2017 1 commit
    • Florian Westphal's avatar
      net: core: rcu-ify rtnl af_ops · 5fa85a09
      Florian Westphal authored
      rtnl af_ops currently rely on rtnl mutex: unregister (called from module
      exit functions) takes the rtnl mutex and all users that do af_ops lookup
      also take the rtnl mutex. IOW, parallel rmmod will block until doit()
      callback is done.
      
      As none of the af_ops implementation sleep we can use rcu instead.
      
      doit functions that need the af_ops can now use rcu instead of the
      rtnl mutex provided the mutex isn't needed for other reasons.
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5fa85a09
  19. 21 Sep, 2017 1 commit
    • Paolo Abeni's avatar
      net: avoid a full fib lookup when rp_filter is disabled. · 6e617de8
      Paolo Abeni authored
      Since commit 1dced6a8 ("ipv4: Restore accept_local behaviour
      in fib_validate_source()") a full fib lookup is needed even if
      the rp_filter is disabled, if accept_local is false - which is
      the default.
      
      What we really need in the above scenario is just checking
      that the source IP address is not local, and in most case we
      can do that is a cheaper way looking up the ifaddr hash table.
      
      This commit adds a helper for such lookup, and uses it to
      validate the src address when rp_filter is disabled and no
      'local' routes are created by the user space in the relevant
      namespace.
      
      A new ipv4 netns flag is added to account for such routes.
      We need that to preserve the same behavior we had before this
      patch.
      
      It also drops the checks to bail early from __fib_validate_source,
      added by the commit 1dced6a8 ("ipv4: Restore accept_local
      behaviour in fib_validate_source()") they do not give any
      measurable performance improvement: if we do the lookup with are
      on a slower path.
      
      This improves UDP performances for unconnected sockets
      when rp_filter is disabled by 5% and also gives small but
      measurable performance improvement for TCP flood scenarios.
      
      v1 -> v2:
       - use the ifaddr lookup helper in __ip_dev_find(), as suggested
         by Eric
       - fall-back to full lookup if custom local routes are present
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6e617de8
  20. 09 Aug, 2017 1 commit
  21. 01 Jul, 2017 1 commit
  22. 09 Jun, 2017 1 commit
    • Krister Johansen's avatar
      Ipvlan should return an error when an address is already in use. · 3ad7d246
      Krister Johansen authored
      The ipvlan code already knows how to detect when a duplicate address is
      about to be assigned to an ipvlan device.  However, that failure is not
      propogated outward and leads to a silent failure.
      
      Introduce a validation step at ip address creation time and allow device
      drivers to register to validate the incoming ip addresses.  The ipvlan
      code is the first consumer.  If it detects an address in use, we can
      return an error to the user before beginning to commit the new ifa in
      the networking code.
      
      This can be especially useful if it is necessary to provision many
      ipvlans in containers.  The provisioning software (or operator) can use
      this to detect situations where an ip address is unexpectedly in use.
      Signed-off-by: default avatarKrister Johansen <kjlx@templeofstupid.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3ad7d246
  23. 17 Apr, 2017 1 commit
  24. 13 Apr, 2017 1 commit
  25. 29 Mar, 2017 2 commits
  26. 13 Mar, 2017 1 commit
  27. 02 Mar, 2017 1 commit
  28. 03 Feb, 2017 1 commit
  29. 24 Dec, 2016 1 commit
  30. 01 Sep, 2016 1 commit
  31. 09 Jul, 2016 1 commit
  32. 14 Mar, 2016 2 commits
  33. 26 Feb, 2016 1 commit