/* * Copyright 2008 Cisco Systems, Inc. All rights reserved. * * This program is free software; you may redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; version 2 of the License. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ #ifndef _FC_FIP_H_ #define _FC_FIP_H_ #include /* * This version is based on: * http://www.t11.org/ftp/t11/pub/fc/bb-5/08-543v1.pdf * and T11 FC-BB-6 13-091v5.pdf (December 2013 VN2VN proposal) */ #define FIP_DEF_PRI 128 /* default selection priority */ #define FIP_DEF_FC_MAP 0x0efc00 /* default FCoE MAP (MAC OUI) value */ #define FIP_DEF_FKA 8000 /* default FCF keep-alive/advert period (mS) */ #define FIP_VN_KA_PERIOD 90000 /* required VN_port keep-alive period (mS) */ #define FIP_FCF_FUZZ 100 /* random time added by FCF (mS) */ /* * VN2VN proposed-standard values. */ #define FIP_VN_FC_MAP 0x0efd00 /* MAC OUI for VN2VN use */ #define FIP_VN_PROBE_WAIT 100 /* interval between VN2VN probes (ms) */ #define FIP_VN_ANN_WAIT 400 /* interval between VN2VN announcements (ms) */ #define FIP_VN_RLIM_INT 10000 /* interval between probes when rate limited */ #define FIP_VN_RLIM_COUNT 10 /* number of probes before rate limiting */ #define FIP_VN_BEACON_INT 8000 /* interval between VN2VN beacons */ #define FIP_VN_BEACON_FUZZ 100 /* random time to add to beacon period (ms) */ /* * Multicast MAC addresses. T11-adopted. */ #define FIP_ALL_FCOE_MACS ((__u8[6]) { 1, 0x10, 0x18, 1, 0, 0 }) #define FIP_ALL_ENODE_MACS ((__u8[6]) { 1, 0x10, 0x18, 1, 0, 1 }) #define FIP_ALL_FCF_MACS ((__u8[6]) { 1, 0x10, 0x18, 1, 0, 2 }) #define FIP_ALL_VN2VN_MACS ((__u8[6]) { 1, 0x10, 0x18, 1, 0, 4 }) #define FIP_ALL_P2P_MACS ((__u8[6]) { 1, 0x10, 0x18, 1, 0, 5 }) #define FIP_VER 1 /* version for fip_header */ struct fip_header { __u8 fip_ver; /* upper 4 bits are the version */ __u8 fip_resv1; /* reserved */ __be16 fip_op; /* operation code */ __u8 fip_resv2; /* reserved */ __u8 fip_subcode; /* lower 4 bits are sub-code */ __be16 fip_dl_len; /* length of descriptors in words */ __be16 fip_flags; /* header flags */ } __attribute__((packed)); #define FIP_VER_SHIFT 4 #define FIP_VER_ENCAPS(v) ((v) << FIP_VER_SHIFT) #define FIP_VER_DECAPS(v) ((v) >> FIP_VER_SHIFT) #define FIP_BPW 4 /* bytes per word for lengths */ /* * fip_op. */ enum fip_opcode { FIP_OP_DISC = 1, /* discovery, advertisement, etc. */ FIP_OP_LS = 2, /* Link Service request or reply */ FIP_OP_CTRL = 3, /* Keep Alive / Link Reset */ FIP_OP_VLAN = 4, /* VLAN discovery */ FIP_OP_VN2VN = 5, /* VN2VN operation */ FIP_OP_VENDOR_MIN = 0xfff8, /* min vendor-specific opcode */ FIP_OP_VENDOR_MAX = 0xfffe, /* max vendor-specific opcode */ }; /* * Subcodes for FIP_OP_DISC. */ enum fip_disc_subcode { FIP_SC_SOL = 1, /* solicitation */ FIP_SC_ADV = 2, /* advertisement */ }; /* * Subcodes for FIP_OP_LS. */ enum fip_trans_subcode { FIP_SC_REQ = 1, /* request */ FIP_SC_REP = 2, /* reply */ }; /* * Subcodes for FIP_OP_RESET. */ enum fip_reset_subcode { FIP_SC_KEEP_ALIVE = 1, /* keep-alive from VN_Port */ FIP_SC_CLR_VLINK = 2, /* clear virtual link from VF_Port */ }; /* * Subcodes for FIP_OP_VLAN. */ enum fip_vlan_subcode { FIP_SC_VL_REQ = 1, /* vlan request */ FIP_SC_VL_NOTE = 2, /* vlan notification */ FIP_SC_VL_VN2VN_NOTE = 3, /* VN2VN vlan notification */ }; /* * Subcodes for FIP_OP_VN2VN. */ enum fip_vn2vn_subcode { FIP_SC_VN_PROBE_REQ = 1, /* probe request */ FIP_SC_VN_PROBE_REP = 2, /* probe reply */ FIP_SC_VN_CLAIM_NOTIFY = 3, /* claim notification */ FIP_SC_VN_CLAIM_REP = 4, /* claim response */ FIP_SC_VN_BEACON = 5, /* beacon */ }; /* * flags in header fip_flags. */ enum fip_flag { FIP_FL_FPMA = 0x8000, /* supports FPMA fabric-provided MACs */ FIP_FL_SPMA = 0x4000, /* supports SPMA server-provided MACs */ FIP_FL_FCF = 0x0020, /* originated from a controlling FCF */ FIP_FL_FDF = 0x0010, /* originated from an FDF */ FIP_FL_REC_OR_P2P = 0x0008, /* configured addr or point-to-point */ FIP_FL_AVAIL = 0x0004, /* available for FLOGI/ELP */ FIP_FL_SOL = 0x0002, /* this is a solicited message */ FIP_FL_FPORT = 0x0001, /* sent from an F port */ }; /* * Common descriptor header format. */ struct fip_desc { __u8 fip_dtype; /* type - see below */ __u8 fip_dlen; /* length - in 32-bit words */ }; enum fip_desc_type { FIP_DT_PRI = 1, /* priority for forwarder selection */ FIP_DT_MAC = 2, /* MAC address */ FIP_DT_MAP_OUI = 3, /* FC-MAP OUI */ FIP_DT_NAME = 4, /* switch name or node name */ FIP_DT_FAB = 5, /* fabric descriptor */ FIP_DT_FCOE_SIZE = 6, /* max FCoE frame size */ FIP_DT_FLOGI = 7, /* FLOGI request or response */ FIP_DT_FDISC = 8, /* FDISC request or response */ FIP_DT_LOGO = 9, /* LOGO request or response */ FIP_DT_ELP = 10, /* ELP request or response */ FIP_DT_VN_ID = 11, /* VN_Node Identifier */ FIP_DT_FKA = 12, /* advertisement keep-alive period */ FIP_DT_VENDOR = 13, /* vendor ID */ FIP_DT_VLAN = 14, /* vlan number */ FIP_DT_FC4F = 15, /* FC-4 features */ FIP_DT_LIMIT, /* max defined desc_type + 1 */ FIP_DT_NON_CRITICAL = 128, /* First non-critical descriptor */ FIP_DT_CLR_VLINKS = 128, /* Clear virtual links reason code */ FIP_DT_VENDOR_BASE = 241, /* first vendor-specific desc_type */ }; /* * FIP_DT_PRI - priority descriptor. */ struct fip_pri_desc { struct fip_desc fd_desc; __u8 fd_resvd; __u8 fd_pri; /* FCF priority: higher is better */ } __attribute__((packed)); /* * FIP_DT_MAC - MAC address descriptor. */ struct fip_mac_desc { struct fip_desc fd_desc; __u8 fd_mac[ETH_ALEN]; } __attribute__((packed)); /* * FIP_DT_MAP - descriptor. */ struct fip_map_desc { struct fip_desc fd_desc; __u8 fd_resvd[3]; __u8 fd_map[3]; } __attribute__((packed)); /* * FIP_DT_NAME descriptor. */ struct fip_wwn_desc { struct fip_desc fd_desc; __u8 fd_resvd[2]; __be64 fd_wwn; /* 64-bit WWN, unaligned */ } __attribute__((packed)); /* * FIP_DT_FAB descriptor. */ struct fip_fab_desc { struct fip_desc fd_desc; __be16 fd_vfid; /* virtual fabric ID */ __u8 fd_resvd; __u8 fd_map[3]; /* FC-MAP value */ __be64 fd_wwn; /* fabric name, unaligned */ } __attribute__((packed)); /* * FIP_DT_FCOE_SIZE descriptor. */ struct fip_size_desc { struct fip_desc fd_desc; __be16 fd_size; } __attribute__((packed)); /* * Descriptor that encapsulates an ELS or ILS frame. * The encapsulated frame immediately follows this header, without * SOF, EOF, or CRC. */ struct fip_encaps { struct fip_desc fd_desc; __u8 fd_resvd[2]; } __attribute__((packed)); /* * FIP_DT_VN_ID - VN_Node Identifier descriptor. */ struct fip_vn_desc { struct fip_desc fd_desc; __u8 fd_mac[ETH_ALEN]; __u8 fd_resvd; __u8 fd_fc_id[3]; __be64 fd_wwpn; /* port name, unaligned */ } __attribute__((packed)); /* * FIP_DT_FKA - Advertisement keep-alive period. */ struct fip_fka_desc { struct fip_desc fd_desc; __u8 fd_resvd; __u8 fd_flags; /* bit0 is fka disable flag */ __be32 fd_fka_period; /* adv./keep-alive period in mS */ } __attribute__((packed)); /* * flags for fip_fka_desc.fd_flags */ enum fip_fka_flags { FIP_FKA_ADV_D = 0x01, /* no need for FKA from ENode */ }; /* FIP_DT_FKA flags */ /* * FIP_DT_VLAN descriptor */ struct fip_vlan_desc { struct fip_desc fd_desc; __be16 fd_vlan; /* Note: highest 4 bytes are unused */ } __attribute__((packed)); /* * FIP_DT_FC4F - FC-4 features. */ struct fip_fc4_feat { struct fip_desc fd_desc; __u8 fd_resvd[2]; struct fc_ns_fts fd_fts; struct fc_ns_ff fd_ff; } __attribute__((packed)); /* * FIP_DT_VENDOR descriptor. */ struct fip_vendor_desc { struct fip_desc fd_desc; __u8 fd_resvd[2]; __u8 fd_vendor_id[8]; } __attribute__((packed)); #endif /* _FC_FIP_H_ */ 0dbbb3d74fa904536f8a3bddafed3'>netfilter: nf_tables: add check_genid to the nfnetlink subsystemPablo Neira Ayuso1-0/+6 This patch implements the check generation id as provided by nfnetlink. This allows us to reject ruleset updates against stale baseline, so userspace can retry update with a fresh ruleset cache. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2017-02-12netfilter: nfnetlink: allow to check for generation IDPablo Neira Ayuso1-4/+27 This patch allows userspace to specify the generation ID that has been used to build an incremental batch update. If userspace specifies the generation ID in the batch message as attribute, then nfnetlink compares it to the current generation ID so you make sure that you work against the right baseline. Otherwise, bail out with ERESTART so userspace knows that its changeset is stale and needs to respin. Userspace can do this transparently at the cost of taking slightly more time to refresh caches and rework the changeset. This check is optional, if there is no NFNL_BATCH_GENID attribute in the batch begin message, then no check is performed. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2017-02-12netfilter: nfnetlink: add nfnetlink_rcv_skb_batch()Pablo Neira Ayuso1-23/+28 Add new nfnetlink_rcv_skb_batch() to wrap initial nfnetlink batch handling. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2017-02-12netfilter: nfnetlink: get rid of u_intX_t typesPablo Neira Ayuso1-8/+8 Use uX types instead. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2017-02-12netfilter: nf_ct_expect: nf_ct_expect_insert() returns voidGao Feng1-5/+3 Because nf_ct_expect_insert() always succeeds now, its return value can be just void instead of int. And remove code that checks for its return value. Signed-off-by: Gao Feng <fgao@ikuai8.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2017-02-12netfilter: nf_ct_sip: Use mod_timer_pending()Gao Feng1-7/+5 timer_del() followed by timer_add() can be replaced by mod_timer_pending(). Signed-off-by: Gao Feng <fgao@ikuai8.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2017-02-11net_sched: fix error recovery at qdisc creationEric Dumazet5-23/+19 Dmitry reported uses after free in qdisc code [1] The problem here is that ops->init() can return an error. qdisc_create_dflt() then call ops->destroy(), while qdisc_create() does _not_ call it. Four qdisc chose to call their own ops->destroy(), assuming their caller would not. This patch makes sure qdisc_create() calls ops->destroy() and fixes the four qdisc to avoid double free. [1] BUG: KASAN: use-after-free in mq_destroy+0x242/0x290 net/sched/sch_mq.c:33 at addr ffff8801d415d440 Read of size 8 by task syz-executor2/5030 CPU: 0 PID: 5030 Comm: syz-executor2 Not tainted 4.3.5-smp-DEV #119 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000046 ffff8801b435b870 ffffffff81bbbed4 ffff8801db000400 ffff8801d415d440 ffff8801d415dc40 ffff8801c4988510 ffff8801b435b898 ffffffff816682b1 ffff8801b435b928 ffff8801d415d440 ffff8801c49880c0 Call Trace: [<ffffffff81bbbed4>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81bbbed4>] dump_stack+0x6c/0x98 lib/dump_stack.c:51 [<ffffffff816682b1>] kasan_object_err+0x21/0x70 mm/kasan/report.c:158 [<ffffffff81668524>] print_address_description mm/kasan/report.c:196 [inline] [<ffffffff81668524>] kasan_report_error+0x1b4/0x4b0 mm/kasan/report.c:285 [<ffffffff81668953>] kasan_report mm/kasan/report.c:305 [inline] [<ffffffff81668953>] __asan_report_load8_noabort+0x43/0x50 mm/kasan/report.c:326 [<ffffffff82527b02>] mq_destroy+0x242/0x290 net/sched/sch_mq.c:33 [<ffffffff82524bdd>] qdisc_destroy+0x12d/0x290 net/sched/sch_generic.c:953 [<ffffffff82524e30>] qdisc_create_dflt+0xf0/0x120 net/sched/sch_generic.c:848 [<ffffffff8252550d>] attach_default_qdiscs net/sched/sch_generic.c:1029 [inline] [<ffffffff8252550d>] dev_activate+0x6ad/0x880 net/sched/sch_generic.c:1064 [<ffffffff824b1db1>] __dev_open+0x221/0x320 net/core/dev.c:1403 [<ffffffff824b24ce>] __dev_change_flags+0x15e/0x3e0 net/core/dev.c:6858 [<ffffffff824b27de>] dev_change_flags+0x8e/0x140 net/core/dev.c:6926 [<ffffffff824f5bf6>] dev_ifsioc+0x446/0x890 net/core/dev_ioctl.c:260 [<ffffffff824f61fa>] dev_ioctl+0x1ba/0xb80 net/core/dev_ioctl.c:546 [<ffffffff82430509>] sock_do_ioctl+0x99/0xb0 net/socket.c:879 [<ffffffff82430d30>] sock_ioctl+0x2a0/0x390 net/socket.c:958 [<ffffffff816f3b68>] vfs_ioctl fs/ioctl.c:44 [inline] [<ffffffff816f3b68>] do_vfs_ioctl+0x8a8/0xe50 fs/ioctl.c:611 [<ffffffff816f41a4>] SYSC_ioctl fs/ioctl.c:626 [inline] [<ffffffff816f41a4>] SyS_ioctl+0x94/0xc0 fs/ioctl.c:617 [<ffffffff8123e357>] entry_SYSCALL_64_fastpath+0x12/0x17 Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-11net: rename dst_neigh_output back to neigh_outputJulian Anastasov2-2/+2 After the dst->pending_confirm flag was removed, we do not need anymore to provide dst arg to dst_neigh_output. So, rename it to neigh_output as before commit 5110effee8fd ("net: Do delayed neigh confirmation."). Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-11Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller