#
183cad12 |
| 23-Feb-2011 |
David S. Miller <davem@davemloft.net> |
xfrm: Const'ify pointer args to km_migrate() and implementations.
Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
214e005b |
| 23-Feb-2011 |
David S. Miller <davem@davemloft.net> |
xfrm: Pass km_event pointers around as const when possible.
Signed-off-by: David S. Miller <davem@davemloft.net>
|
Revision tags: v2.6.38-rc6, v2.6.38-rc5, v2.6.38-rc4, v2.6.38-rc3, v2.6.38-rc2, v2.6.38-rc1 |
|
#
b8f3ab42 |
| 18-Jan-2011 |
David S. Miller <davem@davemloft.net> |
Revert "netlink: test for all flags of the NLM_F_DUMP composite"
This reverts commit 0ab03c2b1478f2438d2c80204f7fef65b1bca9cf.
It breaks several things including the avahi daemon.
Signed-off-by: D
Revert "netlink: test for all flags of the NLM_F_DUMP composite"
This reverts commit 0ab03c2b1478f2438d2c80204f7fef65b1bca9cf.
It breaks several things including the avahi daemon.
Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
fa6dd8a2 |
| 11-Jan-2011 |
Nicolas Dichtel <nicolas.dichtel@6wind.com> |
xfrm: check trunc_len in XFRMA_ALG_AUTH_TRUNC
Maximum trunc length is defined by MAX_AH_AUTH_LEN (in bytes) and need to be checked when this value is set (in bits) by the user. In ah4.c and ah6.c a
xfrm: check trunc_len in XFRMA_ALG_AUTH_TRUNC
Maximum trunc length is defined by MAX_AH_AUTH_LEN (in bytes) and need to be checked when this value is set (in bits) by the user. In ah4.c and ah6.c a BUG_ON() checks this condiftion.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
0ab03c2b |
| 06-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
netlink: test for all flags of the NLM_F_DUMP composite
Due to NLM_F_DUMP is composed of two bits, NLM_F_ROOT | NLM_F_MATCH, when doing "if (x & NLM_F_DUMP)", it tests for _either_ of the bits being
netlink: test for all flags of the NLM_F_DUMP composite
Due to NLM_F_DUMP is composed of two bits, NLM_F_ROOT | NLM_F_MATCH, when doing "if (x & NLM_F_DUMP)", it tests for _either_ of the bits being set. Because NLM_F_MATCH's value overlaps with NLM_F_EXCL, non-dump requests with NLM_F_EXCL set are mistaken as dump requests.
Substitute the condition to test for _all_ bits being set.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v2.6.37, v2.6.37-rc8, v2.6.37-rc7, v2.6.37-rc6 |
|
#
35d2856b |
| 07-Dec-2010 |
Martin Willi <martin@strongswan.org> |
xfrm: Add Traffic Flow Confidentiality padding XFRM attribute
The XFRMA_TFCPAD attribute for XFRM state installation configures Traffic Flow Confidentiality by padding ESP packets to a specified len
xfrm: Add Traffic Flow Confidentiality padding XFRM attribute
The XFRMA_TFCPAD attribute for XFRM state installation configures Traffic Flow Confidentiality by padding ESP packets to a specified length.
Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v2.6.37-rc5, v2.6.37-rc4, v2.6.37-rc3, v2.6.37-rc2, v2.6.37-rc1, v2.6.36, v2.6.36-rc8, v2.6.36-rc7, v2.6.36-rc6, v2.6.36-rc5, v2.6.36-rc4 |
|
#
928497f0 |
| 31-Aug-2010 |
Nicolas Dichtel <nicolas.dichtel@6wind.com> |
xfrm_user: avoid a warning with some compiler
Attached is a small patch to remove a warning ("warning: ISO C90 forbids mixed declarations and code" with gcc 4.3.2).
Signed-off-by: Nicolas Dichtel <
xfrm_user: avoid a warning with some compiler
Attached is a small patch to remove a warning ("warning: ISO C90 forbids mixed declarations and code" with gcc 4.3.2).
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v2.6.36-rc3, v2.6.36-rc2, v2.6.36-rc1 |
|
#
2f09a4d5 |
| 15-Aug-2010 |
Herbert Xu <herbert@gondor.apana.org.au> |
xfrm: Use GFP_ATOMIC in xfrm_compile_policy
As xfrm_compile_policy runs within a read_lock, we cannot use GFP_KERNEL for memory allocations.
Reported-by: Luca Tettamanti <kronos.it@gmail.com> Signe
xfrm: Use GFP_ATOMIC in xfrm_compile_policy
As xfrm_compile_policy runs within a read_lock, we cannot use GFP_KERNEL for memory allocations.
Reported-by: Luca Tettamanti <kronos.it@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v2.6.35, v2.6.35-rc6, v2.6.35-rc5, v2.6.35-rc4, v2.6.35-rc3, v2.6.35-rc2, v2.6.35-rc1, v2.6.34 |
|
#
62db5cfd |
| 12-May-2010 |
stephen hemminger <shemminger@vyatta.com> |
xfrm: add severity to printk
Serious oh sh*t messages converted to WARN(). Add KERN_NOTICE severity to the unknown policy type messages.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Sig
xfrm: add severity to printk
Serious oh sh*t messages converted to WARN(). Add KERN_NOTICE severity to the unknown policy type messages.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v2.6.34-rc7, v2.6.34-rc6, v2.6.34-rc5, v2.6.34-rc4 |
|
#
ea2dea9d |
| 30-Mar-2010 |
Timo Teräs <timo.teras@iki.fi> |
xfrm: remove policy lock when accessing policy->walk.dead
All of the code considers ->dead as a hint that the cached policy needs to get refreshed. The read side can just drop the read lock without
xfrm: remove policy lock when accessing policy->walk.dead
All of the code considers ->dead as a hint that the cached policy needs to get refreshed. The read side can just drop the read lock without any side effects.
The write side needs to make sure that it's written only exactly once. Only possible race is at xfrm_policy_kill(). This is fixed by checking result of __xfrm_policy_unlink() when needed. It will always succeed if the policy object is looked up from the hash list (so some checks are removed), but it needs to be checked if we are trying to unlink policy via a reference (appropriate checks added).
Since policy->walk.dead is written exactly once, it no longer needs to be protected with a write lock.
Signed-off-by: Timo Teras <timo.teras@iki.fi> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
c8bf4d04 |
| 30-Mar-2010 |
Timo Teräs <timo.teras@iki.fi> |
xfrm_user: verify policy direction at XFRM_MSG_POLEXPIRE handler
Add missing check for policy direction verification. This is especially important since without this xfrm_user may end up deleting pe
xfrm_user: verify policy direction at XFRM_MSG_POLEXPIRE handler
Add missing check for policy direction verification. This is especially important since without this xfrm_user may end up deleting per-socket policy which is not allowed.
Signed-off-by: Timo Teras <timo.teras@iki.fi> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v2.6.34-rc3, v2.6.34-rc2, v2.6.34-rc1, v2.6.33 |
|
#
295fae56 |
| 22-Feb-2010 |
Jamal Hadi Salim <hadi@cyberus.ca> |
xfrm: Allow user space manipulation of SPD mark
Add ability for netlink userspace to manipulate the SPD and manipulate the mark, retrieve it and get events with a defined mark, etc.
Signed-off-by:
xfrm: Allow user space manipulation of SPD mark
Add ability for netlink userspace to manipulate the SPD and manipulate the mark, retrieve it and get events with a defined mark, etc.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
6f26b61e |
| 22-Feb-2010 |
Jamal Hadi Salim <hadi@cyberus.ca> |
xfrm: Allow user space config of SAD mark
Add ability for netlink userspace to manipulate the SAD and manipulate the mark, retrieve it and get events with a defined mark. MIGRATE may be added later.
xfrm: Allow user space config of SAD mark
Add ability for netlink userspace to manipulate the SAD and manipulate the mark, retrieve it and get events with a defined mark. MIGRATE may be added later.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
8ca2e93b |
| 22-Feb-2010 |
Jamal Hadi Salim <hadi@cyberus.ca> |
xfrm: SP lookups signature with mark
pass mark to all SP lookups to prepare them for when we add code to have them search.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S.
xfrm: SP lookups signature with mark
pass mark to all SP lookups to prepare them for when we add code to have them search.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
bd55775c |
| 22-Feb-2010 |
Jamal Hadi Salim <hadi@cyberus.ca> |
xfrm: SA lookups signature with mark
pass mark to all SA lookups to prepare them for when we add code to have them search.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S.
xfrm: SA lookups signature with mark
pass mark to all SA lookups to prepare them for when we add code to have them search.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
2f1eb65f |
| 18-Feb-2010 |
Jamal Hadi Salim <hadi@cyberus.ca> |
xfrm: Flushing empty SPD generates false events
To see the effect make sure you have an empty SPD. On window1 "ip xfrm mon" and on window2 issue "ip xfrm policy flush" You get prompt back in window2
xfrm: Flushing empty SPD generates false events
To see the effect make sure you have an empty SPD. On window1 "ip xfrm mon" and on window2 issue "ip xfrm policy flush" You get prompt back in window2 and you see the flush event on window1. With this fix, you still get prompt on window1 but no event on window2.
Thanks to Alexey Dobriyan for finding a bug in earlier version when using pfkey to do the flushing.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
9e64cc95 |
| 18-Feb-2010 |
Jamal Hadi Salim <hadi@cyberus.ca> |
xfrm: Flushing empty SAD generates false events
To see the effect make sure you have an empty SAD. On window1 "ip xfrm mon" and on window2 issue "ip xfrm state flush" You get prompt back in window2
xfrm: Flushing empty SAD generates false events
To see the effect make sure you have an empty SAD. On window1 "ip xfrm mon" and on window2 issue "ip xfrm state flush" You get prompt back in window2 and you see the flush event on window1. With this fix, you still get prompt on window1 but no event on window2.
Thanks to Alexey Dobriyan for finding a bug in earlier version when using pfkey to do the flushing.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
069c474e |
| 17-Feb-2010 |
David S. Miller <davem@davemloft.net> |
xfrm: Revert false event eliding commits.
As reported by Alexey Dobriyan:
-------------------- setkey now takes several seconds to run this simple script and it spits "recv: Resource temporarily un
xfrm: Revert false event eliding commits.
As reported by Alexey Dobriyan:
-------------------- setkey now takes several seconds to run this simple script and it spits "recv: Resource temporarily unavailable" messages.
#!/usr/sbin/setkey -f flush; spdflush;
add A B ipcomp 44 -m tunnel -C deflate; add B A ipcomp 45 -m tunnel -C deflate;
spdadd A B any -P in ipsec ipcomp/tunnel/192.168.1.2-192.168.1.3/use; spdadd B A any -P out ipsec ipcomp/tunnel/192.168.1.3-192.168.1.2/use; --------------------
Obviously applications want the events even when the table is empty. So we cannot make this behavioral change.
Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v2.6.33-rc8 |
|
#
0dca3a84 |
| 10-Feb-2010 |
jamal <hadi@cyberus.ca> |
xfrm: Flushing empty SPD generates false events
Observed similar behavior on SPD as previouly seen on SAD flushing.. This fixes it.
cheers, jamal commit 428b20432dc31bc2e01a94cd451cf5a2c00d2bf4 Aut
xfrm: Flushing empty SPD generates false events
Observed similar behavior on SPD as previouly seen on SAD flushing.. This fixes it.
cheers, jamal commit 428b20432dc31bc2e01a94cd451cf5a2c00d2bf4 Author: Jamal Hadi Salim <hadi@cyberus.ca> Date: Thu Feb 11 05:49:38 2010 -0500
xfrm: Flushing empty SPD generates false events
To see the effect make sure you have an empty SPD. On window1 "ip xfrm mon" and on window2 issue "ip xfrm policy flush" You get prompt back in window1 and you see the flush event on window2. With this fix, you still get prompt on window1 but no event on window2.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
19f4c713 |
| 10-Feb-2010 |
jamal <hadi@cyberus.ca> |
xfrm: Flushing empty SAD generates false events
To see the effect make sure you have an empty SAD. -On window1 "ip xfrm mon" -on window2 issue "ip xfrm state flush" You get prompt back in window1 an
xfrm: Flushing empty SAD generates false events
To see the effect make sure you have an empty SAD. -On window1 "ip xfrm mon" -on window2 issue "ip xfrm state flush" You get prompt back in window1 and you see the flush event on window2. With this fix, you still get prompt on window1 but no event on window2.
I was tempted to return -ESRCH on window1 (which would show "RTNETLINK answers: No such process") but didnt want to change current behavior.
cheers, jamal commit 5f3dd4a772326166e1bcf54acc2391df00dc7ab5 Author: Jamal Hadi Salim <hadi@cyberus.ca> Date: Thu Feb 11 04:41:36 2010 -0500
xfrm: Flushing empty SAD generates false events
To see the effect make sure you have an empty SAD. On window1 "ip xfrm mon" and on window2 issue "ip xfrm state flush" You get prompt back in window1 and you see the flush event on window2. With this fix, you still get prompt on window1 but no event on window2.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
c28e9304 |
| 08-Feb-2010 |
jamal <hadi@cyberus.ca> |
xfrm: validate attributes
Some XFRM attributes were not going through basic validation.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
|
Revision tags: v2.6.33-rc7, v2.6.33-rc6 |
|
#
e071041b |
| 23-Jan-2010 |
Alexey Dobriyan <adobriyan@gmail.com> |
netns xfrm: fix "ip xfrm state|policy count" misreport
"ip xfrm state|policy count" report SA/SP count from init_net, not from netns of caller process.
Signed-off-by: Alexey Dobriyan <adobriyan@gma
netns xfrm: fix "ip xfrm state|policy count" misreport
"ip xfrm state|policy count" report SA/SP count from init_net, not from netns of caller process.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v2.6.33-rc5, v2.6.33-rc4, v2.6.33-rc3, v2.6.33-rc2, v2.6.33-rc1, v2.6.32 |
|
#
d79d792e |
| 02-Dec-2009 |
Eric W. Biederman <ebiederm@xmission.com> |
net: Allow xfrm_user_net_exit to batch efficiently.
xfrm.nlsk is provided by the xfrm_user module and is access via rcu from other parts of the xfrm code. Add xfrm.nlsk_stash a copy of xfrm.nlsk th
net: Allow xfrm_user_net_exit to batch efficiently.
xfrm.nlsk is provided by the xfrm_user module and is access via rcu from other parts of the xfrm code. Add xfrm.nlsk_stash a copy of xfrm.nlsk that will never be set to NULL. This allows the synchronize_net and netlink_kernel_release to be deferred until a whole batch of xfrm.nlsk sockets have been set to NULL.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
4447bb33 |
| 24-Nov-2009 |
Martin Willi <martin@strongswan.org> |
xfrm: Store aalg in xfrm_state with a user specified truncation length
Adding a xfrm_state requires an authentication algorithm specified either as xfrm_algo or as xfrm_algo_auth with a specific tru
xfrm: Store aalg in xfrm_state with a user specified truncation length
Adding a xfrm_state requires an authentication algorithm specified either as xfrm_algo or as xfrm_algo_auth with a specific truncation length. For compatibility, both attributes are dumped to userspace, and we also accept both attributes, but prefer the new syntax.
If no truncation length is specified, or the authentication algorithm is specified using xfrm_algo, the truncation length from the algorithm description in the kernel is used.
Signed-off-by: Martin Willi <martin@strongswan.org> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v2.6.32-rc8, v2.6.32-rc7, v2.6.32-rc6, v2.6.32-rc5, v2.6.32-rc4, v2.6.32-rc3, v2.6.32-rc1, v2.6.32-rc2, v2.6.31, v2.6.31-rc9, v2.6.31-rc8, v2.6.31-rc7, v2.6.31-rc6, v2.6.31-rc5, v2.6.31-rc4, v2.6.31-rc3, v2.6.31-rc2, v2.6.31-rc1, v2.6.30, v2.6.30-rc8, v2.6.30-rc7, v2.6.30-rc6, v2.6.30-rc5, v2.6.30-rc4, v2.6.30-rc3, v2.6.30-rc2, v2.6.30-rc1, v2.6.29, v2.6.29-rc8, v2.6.29-rc7, v2.6.29-rc6, v2.6.29-rc5, v2.6.29-rc4, v2.6.29-rc3 |
|
#
66f9a259 |
| 20-Jan-2009 |
David S. Miller <davem@davemloft.net> |
Revert "xfrm: For 32/64 compatability wrt. xfrm_usersa_info"
This reverts commit fc8c7dc1b29560c016a67a34ccff32a712b5aa86.
As indicated by Jiri Klimes, this won't work. These numbers are not only
Revert "xfrm: For 32/64 compatability wrt. xfrm_usersa_info"
This reverts commit fc8c7dc1b29560c016a67a34ccff32a712b5aa86.
As indicated by Jiri Klimes, this won't work. These numbers are not only used the size validation, they are also used to locate attributes sitting after the message.
Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|