| #
5c901daa |
| 07-Jan-2006 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: Redo policy lookups after NAT when neccessary
When NAT changes the key used for the xfrm lookup it needs to be done
again. If a new policy is returned in POST_ROUTING the packet needs
t
[NETFILTER]: Redo policy lookups after NAT when neccessary
When NAT changes the key used for the xfrm lookup it needs to be done
again. If a new policy is returned in POST_ROUTING the packet needs
to be passed to xfrm4_output_one manually after all hooks were called
because POST_ROUTING is called with fixed okfn (ip_finish_output).
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
| #
3e3850e9 |
| 07-Jan-2006 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harder
ip_route_me_harder doesn't use the port numbers of the xfrm lookup and
uses ip_route_input for non-local addresses which doesn'
[NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harder
ip_route_me_harder doesn't use the port numbers of the xfrm lookup and
uses ip_route_input for non-local addresses which doesn't do a xfrm
lookup, ip6_route_me_harder doesn't do a xfrm lookup at all.
Use xfrm_decode_session and do the lookup manually, make sure both
only do the lookup if the packet hasn't been transformed already.
Makeing sure the lookup only happens once needs a new field in the
IP6CB, which exceeds the size of skb->cb. The size of skb->cb is
increased to 48b. Apparently the IPv6 mobile extensions need some
more room anyway.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
| #
16a6677f |
| 07-Jan-2006 |
Patrick McHardy <kaber@trash.net> |
[XFRM]: Netfilter IPsec output hooks
Call netfilter hooks before IPsec transforms. Packets visit the
FORWARD/LOCAL_OUT and POST_ROUTING hook before the first encapsulation
and the LOCAL_OUT and POST
[XFRM]: Netfilter IPsec output hooks
Call netfilter hooks before IPsec transforms. Packets visit the
FORWARD/LOCAL_OUT and POST_ROUTING hook before the first encapsulation
and the LOCAL_OUT and POST_ROUTING hook before each following tunnel mode
transform.
Patch from Herbert Xu <herbert@gondor.apana.org.au>:
Move the loop from dst_output into xfrm4_output/xfrm6_output since they're
the only ones who need to it. xfrm{4,6}_output_one() processes the first SA
all subsequent transport mode SAs and is called in a loop that calls the
netfilter hooks between each two calls.
In order to avoid the tail call issue, I've added the inline function
nf_hook which is nf_hook_slow plus the empty list check.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
|
Revision tags: v2.6.15, v2.6.15-rc7, v2.6.15-rc6, v2.6.15-rc5, v2.6.15-rc4, v2.6.15-rc3, v2.6.15-rc2, v2.6.15-rc1, v2.6.14, v2.6.14-rc5, v2.6.14-rc4, v2.6.14-rc3, v2.6.14-rc2, v2.6.14-rc1, v2.6.13, v2.6.13-rc7 |
|
| #
a8b3e6f1 |
| 18-Aug-2005 |
Dave Jones <davej@redhat.com> |
Merge /pub/scm/linux/kernel/git/torvalds/linux-2.6
|
|
Revision tags: v2.6.13-rc6, v2.6.13-rc5, v2.6.13-rc4, v2.6.13-rc3, v2.6.13-rc2 |
|
| #
d2f64095 |
| 02-Jul-2005 |
David Woodhouse <dwmw2@shinybook.infradead.org> |
Merge with master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
|
|
Revision tags: v2.6.13-rc1 |
|
| #
f45727d5 |
| 26-Jun-2005 |
Jeff Garzik <jgarzik@pretzel.yyz.us> |
Merge /spare/repo/netdev-2.6/ branch 'ieee80211'
|
| #
5696c194 |
| 26-Jun-2005 |
Jeff Garzik <jgarzik@pretzel.yyz.us> |
Merge /spare/repo/linux-2.6/
|
| #
aef7b83c |
| 26-Jun-2005 |
Jeff Garzik <jgarzik@pretzel.yyz.us> |
Merge /spare/repo/linux-2.6/
|
| #
7ca6448d |
| 26-Jun-2005 |
Thomas Gleixner <tglx@tglx.tec.linutronix.de> |
Merge with rsync://fileserver/linux
Update to Linus latest
|
| #
8b0ee07e |
| 26-Jun-2005 |
Jeff Garzik <jgarzik@pretzel.yyz.us> |
Merge upstream (approx. 2.6.12-git8) into 'janitor' branch of netdev-2.6.
|
| #
3357d4c7 |
| 23-Jun-2005 |
Anton Altaparmakov <aia21@cantab.net> |
Automatic merge with /usr/src/ntfs-2.6.git.
|
| #
a5324343 |
| 22-Jun-2005 |
Jeff Garzik <jgarzik@pretzel.yyz.us> |
Merge /spare/repo/linux-2.6/
|
| #
ea0daab4 |
| 22-Jun-2005 |
Steve French <sfrench@us.ibm.com> |
Merge with rsync://rsync.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6.git
|
| #
1bdf7a78 |
| 22-Jun-2005 |
Jeremy Allison <jra@samba.org> |
Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.git
|
| #
80bd6d7f |
| 22-Jun-2005 |
Jeff Garzik <jgarzik@pretzel.yyz.us> |
Merge /spare/repo/linux-2.6/
|
| #
ff40c6d3 |
| 22-Jun-2005 |
Jeff Garzik <jgarzik@pretzel.yyz.us> |
Merge upstream kernel changes into 'C/H/S support' branch of libata.
|
| #
29516d75 |
| 21-Jun-2005 |
Tony Luck <tony.luck@intel.com> |
Auto merge with /home/aegl/GIT/linus
|
| #
fae6ec69 |
| 21-Jun-2005 |
Jaroslav Kysela <perex@hera.kernel.org> |
Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.git
|
| #
fb395884 |
| 20-Jun-2005 |
Linus Torvalds <torvalds@ppc970.osdl.org> |
Merge rsync://rsync.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
|
| #
dd87147e |
| 20-Jun-2005 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Add XFRM_STATE_NOPMTUDISC flag
This patch adds the flag XFRM_STATE_NOPMTUDISC for xfrm states. It is
similar to the nopmtudisc on IPIP/GRE tunnels. It only has an effect
on IPv4 tunnel mo
[IPSEC]: Add XFRM_STATE_NOPMTUDISC flag
This patch adds the flag XFRM_STATE_NOPMTUDISC for xfrm states. It is
similar to the nopmtudisc on IPIP/GRE tunnels. It only has an effect
on IPv4 tunnel mode states. For these states, it will ensure that the
DF flag is always cleared.
This is primarily useful to work around ICMP blackholes.
In future this flag could also allow a larger MTU to be set within the
tunnel just like IPIP/GRE tunnels. This could be useful for short haul
tunnels where temporary fragmentation outside the tunnel is desired over
smaller fragments inside the tunnel.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: James Morris <jmorris@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
|
Revision tags: v2.6.12, v2.6.12-rc6, v2.6.12-rc5, v2.6.12-rc4, v2.6.12-rc3, v2.6.12-rc2 |
|
| #
1da177e4 |
| 16-Apr-2005 |
Linus Torvalds <torvalds@ppc970.osdl.org> |
Linux-2.6.12-rc2
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in
Linux-2.6.12-rc2
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.
Let it rip!
show more ...
|