kernel/linux.git/drivers/net/vxlan.c, branch v4.4.171Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v4.4.1712018-04-13T17:50:21+00:00vxlan: dont migrate permanent fdb entries during learn2018-04-13T17:50:21+00:00Roopa Prabhuroopa@cumulusnetworks.com2017-06-11T23:32:50+00:00urn:sha1:f077d960298a1db90a4658ba529e210704b83c16
[ Upstream commit e0090a9e979de5202c7d16c635dea2f005221073 ]
This patch fixes vxlan_snoop to not move permanent fdb entries
on learn events. This is consistent with the bridge fdb
handling of permanent entries.
Fixes: 26a41ae60438 ("vxlan: only migrate dynamic FDB entries")
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vxlan: vxlan dev should inherit lowerdev's gso_max_size2018-03-22T08:23:23+00:00Felix Manlunasfelix.manlunas@cavium.com2017-03-30T00:56:43+00:00urn:sha1:fb45f5f30a77b56e7f30594e2313b3f4368d6bf5
[ Upstream commit d6acfeb17d030bb3907e77c048b0e7783ad8e5a9 ]
vxlan dev currently ignores lowerdev's gso_max_size, which adversely
affects TSO performance of liquidio if it's the lowerdev. Egress TCP
packets' skb->len often exceed liquidio's advertised gso_max_size. This
may happen on other NIC drivers.
Fix it by assigning lowerdev's gso_max_size to that of vxlan dev. Might as
well do likewise for gso_max_segs.
Single flow TSO throughput of liquidio as lowerdev (using iperf3):
Before the patch: 139 Mbps
After the patch : 8.68 Gbps
Percent increase: 6,144 %
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: Satanand Burla <satananda.burla@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vxlan: do not age static remote mac entries2017-07-05T12:37:19+00:00Balakrishnan Ramanramanb@cumulusnetworks.com2017-01-24T04:44:33+00:00urn:sha1:8fa301abb31ac72116834f72f369cda083701ec1
[ Upstream commit efb5f68f32995c146944a9d4257c3cf8eae2c4a1 ]
Mac aging is applicable only for dynamically learnt remote mac
entries. Check for user configured static remote mac entries
and skip aging.
Signed-off-by: Balakrishnan Raman <ramanb@cumulusnetworks.com>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vxlan: fix use-after-free on deletion2017-06-14T11:16:19+00:00Mark Blochmarkb@mellanox.com2017-06-02T00:24:08+00:00urn:sha1:92d88e8a7adc83568e64946e422da9f1f03dfa2d
[ Upstream commit a53cb29b0af346af44e4abf13d7e59f807fba690 ]
Adding a vxlan interface to a socket isn't symmetrical, while adding
is done in vxlan_open() the deletion is done in vxlan_dellink().
This can cause a use-after-free error when we close the vxlan
interface before deleting it.
We add vxlan_vs_del_dev() to match vxlan_vs_add_dev() and call
it from vxlan_stop() to match the call from vxlan_open().
Fixes: 56ef9c909b40 ("vxlan: Move socket initialization to within rtnl scope")
Acked-by: Jiri Benc <jbenc@redhat.com>
Tested-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Mark Bloch <markb@mellanox.com>
Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vxlan: correctly validate VXLAN ID against VXLAN_N_VID2017-03-22T11:04:13+00:00Matthias Schiffermschiffer@universe-factory.net2017-02-23T16:19:41+00:00urn:sha1:51a219a1371ed26ce45acc8209d6064257d00f70
[ Upstream commit 4e37d6911f36545b286d15073f6f2222f840e81c ]
The incorrect check caused an off-by-one error: the maximum VID 0xffffff
was unusable.
Fixes: d342894c5d2f ("vxlan: virtual extensible lan")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net: add recursion limit to GRO2016-11-15T06:46:38+00:00Sabrina Dubrocasd@queasysnail.net2016-10-20T13:58:02+00:00urn:sha1:3cb00b90e8b1bd59382f5e1304dd751f9674f027
[ Upstream commit fcd91dd449867c6bfe56a81cabba76b829fd05cd ]
Currently, GRO can do unlimited recursion through the gro_receive
handlers. This was fixed for tunneling protocols by limiting tunnel GRO
to one level with encap_mark, but both VLAN and TEB still have this
problem. Thus, the kernel is vulnerable to a stack overflow, if we
receive a packet composed entirely of VLAN headers.
This patch adds a recursion counter to the GRO layer to prevent stack
overflow. When a gro_receive function hits the recursion limit, GRO is
aborted for this skb and it is processed normally. This recursion
counter is put in the GRO CB, but could be turned into a percpu counter
if we run out of space in the CB.
Thanks to Vladimír Beneš <vbenes@redhat.com> for the initial bug report.
Fixes: CVE-2016-7039
Fixes: 9b174d88c257 ("net: Add Transparent Ethernet Bridging GRO support.")
Fixes: 66e5133f19e9 ("vlan: Add GRO support for non hardware accelerated vlan")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Jiri Benc <jbenc@redhat.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vxlan, gre, geneve: Set a large MTU on ovs-created tunnel devices2016-06-24T17:18:18+00:00David Wraggdavid@weave.works2016-06-03T22:58:15+00:00urn:sha1:ce9c0dba5bf3ad4a25a9dc202e36e74d904df61d
[ Upstream commit 7e059158d57b79159eaf1f504825d19866ef2c42 ]
Prior to 4.3, openvswitch tunnel vports (vxlan, gre and geneve) could
transmit vxlan packets of any size, constrained only by the ability to
send out the resulting packets. 4.3 introduced netdevs corresponding
to tunnel vports. These netdevs have an MTU, which limits the size of
a packet that can be successfully encapsulated. The default MTU
values are low (1500 or less), which is awkwardly small in the context
of physical networks supporting jumbo frames, and leads to a
conspicuous change in behaviour for userspace.
Instead, set the MTU on openvswitch-created netdevs to be the relevant
maximum (i.e. the maximum IP packet size minus any relevant overhead),
effectively restoring the behaviour prior to 4.3.
Signed-off-by: David Wragg <david@weave.works>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vxlan: Relax MTU constraints2016-06-24T17:18:17+00:00David Wraggdavid@weave.works2016-06-03T22:58:13+00:00urn:sha1:3dc443059897b8a2fa3e3b18f794ee31c0063730
[ Upstream commit 72564b59ffc438ea103b0727a921aaddce766728 ]
Allow the MTU of vxlan devices without an underlying device to be set
to larger values (up to a maximum based on IP packet limits and vxlan
overhead).
Previously, their MTUs could not be set to higher than the
conventional ethernet value of 1500. This is a very arbitrary value
in the context of vxlan, and prevented vxlan devices from being able
to take advantage of jumbo frames etc.
The default MTU remains 1500, for compatibility.
Signed-off-by: David Wragg <david@weave.works>
Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
vxlan: Accept user specified MTU value when create new vxlan link2016-06-24T17:18:17+00:00Chen Haiquanoc@yunify.com2016-05-27T02:49:11+00:00urn:sha1:721976e93e5d8963d0c937ee236489968bfcfb81
[ Upstream commit ce577668a426c6a9e2470a09dcd07fbd6e45272a ]
When create a new vxlan link, example:
ip link add vtap mtu 1440 type vxlan vni 1 dev eth0
The argument "mtu" has no effect, because it is not set to conf->mtu. The
default value is used in vxlan_dev_configure function.
This problem was introduced by commit 0dfbdf4102b9 (vxlan: Factor out device
configuration).
Fixes: 0dfbdf4102b9 (vxlan: Factor out device configuration)
Signed-off-by: Chen Haiquan <oc@yunify.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
udp: prevent skbs lingering in tunnel socket queues2016-06-24T17:18:16+00:00Hannes Frederic Sowahannes@stressinduktion.org2016-05-19T13:58:33+00:00urn:sha1:ab1f253ddccc235520fa4f70d32a8dd6bf8ef346
[ Upstream commit e5aed006be918af163eb397e45aa5ea6cefd5e01 ]
In case we find a socket with encapsulation enabled we should call
the encap_recv function even if just a udp header without payload is
available. The callbacks are responsible for correctly verifying and
dropping the packets.
Also, in case the header validation fails for geneve and vxlan we
shouldn't put the skb back into the socket queue, no one will pick
them up there. Instead we can simply discard them in the respective
encap_recv functions.
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>