(sg[2], mic, GMAC_MIC_LEN);
+ sg_set_buf(sg[2], zero, GMAC_MIC_LEN);
+ sg_set_buf(sg[3], mic, GMAC_MIC_LEN);
memcpy(iv, nonce, GMAC_NONCE_LEN);
memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN);
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http
On Fri, May 22, 2015 at 10:18:03AM +0200, Johannes Berg wrote:
Yep, that fixes things.
Great I will respin the patches.
Thanks,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text. The
IV generation is also now carried out through normal AEAD methods.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
net/ipv4/esp4.c | 197
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text. The
IV generation is also now carried out through normal AEAD methods.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
net/ipv6/esp6.c | 197
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/algif_aead.c | 61 ++--
1 file changed, 36
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/tcrypt.c | 15 +++
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/crypto
The function aead_geniv_alloc currently sets cra_type even for
new style instances. This is unnecessary and may hide bugs such
as when our caller uses crypto_register_instance instead of the
correct aead_register_instance.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/aead.c
This patch adds IV generator information for each AEAD and block
cipher to xfrm_algo_desc. This will be used to access the new
AEAD interface.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
include/net/xfrm.h |2 ++
net/xfrm/xfrm_algo.c | 16
2 files changed
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.
Tested-by: Johannes Berg johan...@sipsolutions.net
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
net/mac80211/aes_ccm.c | 30
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/testmgr.c | 84 +++
1 file changed, 48
the
distinction is made in the code that an IV is to be generated versus the
given
IV is to be used.
Only IV generators algorithms will generate IV. The generated IV
will be placed at the start of cipher text. See patches 14-16 for
the actual implementation.
Cheers,
--
Email: Herbert Xu
,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info
AEAD algorithm implementors need to figure out a given algorithm's
IV size and maximum authentication size. During the transition
this is difficult to do as an algorithm could be new style or old
style.
This patch creates two helpers to make this easier.
Signed-off-by: Herbert Xu herb
.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/echainiv.c | 42 +++---
1 file changed, 23 insertions(+), 19 deletions(-)
diff --git a/crypto/echainiv.c b/crypto/echainiv.c
index e5a9878..86e92fa 100644
--- a/crypto/echainiv.c
+++ b/crypto
this opportunity to
move the IV generation knowledge into IPsec as that's where it
belongs since we may in future wish to support different generation
schemes for a single algorithm.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key
.html
Do I understand it correctly that you want to retire the givcrypt API
entirely?
Correct. IV generation will be carried as normal AEAD algorithms.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
net/mac802154/llsec.c | 41 ++---
1 file changed, 14 insertions(+), 27
This patch adds IV generator information to xfrm_state. This
is currently obtained from our own list of algorithm descriptions.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
include/net/xfrm.h |1 +
net/key/af_key.c |1 +
net/xfrm/xfrm_user.c | 40
.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/seqiv.c | 135 +
1 file changed, 79 insertions(+), 56 deletions(-)
diff --git a/crypto/seqiv.c b/crypto/seqiv.c
index a9bfbda..2680e94 100644
--- a/crypto/seqiv.c
+++ b/crypto
On Fri, May 22, 2015 at 11:04:39PM +0200, Stephan Mueller wrote:
Am Freitag, 22. Mai 2015, 22:59:34 schrieb Stephan Mueller:
Hi Stephan,
Am Freitag, 22. Mai 2015, 16:31:04 schrieb Herbert Xu:
Hi Herbert,
This patch makes use of the new AEAD interface which uses a single
SG
registered. */
err = -EAGAIN;
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord
On Thu, May 21, 2015 at 01:20:49PM +0200, Johannes Berg wrote:
On Thu, 2015-05-21 at 18:44 +0800, Herbert Xu wrote:
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.
Looks fine - want me to run any tests
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
net/mac80211/aes_ccm.c | 30 ++
net/mac80211/aes_gcm.c | 30
This patch adds IV generator information to xfrm_state. This
is currently obtained from our own list of algorithm descriptions.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
include/net/xfrm.h |1 +
net/key/af_key.c |1 +
net/xfrm/xfrm_user.c | 40
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text. The
IV generation is also now carried out through normal AEAD methods.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
net/ipv6/esp6.c | 197
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/testmgr.c | 84 +++
1 file changed, 48
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text. The
IV generation is also now carried out through normal AEAD methods.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
net/ipv4/esp4.c | 197
not apply them.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
net/mac802154/llsec.c | 41 ++---
1 file changed, 14 insertions(+), 27
This patch adds IV generator information for each AEAD and block
cipher to xfrm_algo_desc. This will be used to access the new
AEAD interface.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
include/net/xfrm.h |2 ++
net/xfrm/xfrm_algo.c | 16
2 files changed
On Thu, May 21, 2015 at 12:03:47PM -0400, David Miller wrote:
No objections on my end.
I assume since the dependencies exist in the crypto tree, you'll
want to merge this series there right?
Yes that's probably the easiest path.
Thanks,
--
Email: Herbert Xu herb...@gondor.apana.org.au
inspired this :)
I just want to do the users outside crypto first before the rest.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line
.
With this patch hash_max and multicast_router attributes can be
changed even if the according bridge (port) is down, just like other
other bridge (port) attributes allow too.
Signed-off-by: Linus Lüssing linus.luess...@c0d3.blue
Acked-by: Herbert Xu herb...@gondor.apana.org.au
--
Email
On Thu, May 21, 2015 at 08:11:32PM -0700, Cong Wang wrote:
For me it looks like we do use p-rlist in BH context, but I could easily
miss something here.
Because the caller disables BH for us.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au
On Thu, May 21, 2015 at 02:17:44PM +0200, Johannes Berg wrote:
Do you have a branch somewhere with all of that?
OK the prerequisite patches are now in cryptodev.
Thanks,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http
As we're now always including the high bits of the sequence number
in the IV generation process we need to ensure that they don't
contain crap.
This patch ensures that the high sequence bits are always zeroed
so that we don't leak random data into the IV.
Signed-off-by: Herbert Xu herb
the timers from being readded.
AFAICS the spots you patched aren't adding timers so they *should*
be OK.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list
is it possible to restore the original mark after the lookups?
At least that way it is still possible to use the mark before and
after the encapsulation.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert
at logN loglogN.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
to be a
socket.
We must hide this subtlety from ops implementors since they have
no knowledge of our implementation. Expecting them to deal with
this is going to result in bugs, and we have already had multiple
bugs in this area.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page
Thomas Graf tg...@suug.ch wrote:
Remove useless obj variable and goto logic.
Signed-off-by: Thomas Graf tg...@suug.ch
Acked-by: Herbert Xu herb...@gondor.apana.org.au
Thanks,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http
rt_pmtu then prevents the new PMTU value from being
installed.
Fixes: 3cdaa5be9e81 (ipv4: Don't increase PMTU with Datagram Too Big message)
Reported-by: Gerd v. Egidy gerd.von.eg...@intra2net.com
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
diff --git a/net/ipv4/route.c b/net/ipv4
limited to 64K is not a good
thing.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord
OK with Johannes's original patch.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord
at coming up
with a simpler fix but I think we need something that does not let
you add unlimited entries to af_netlink.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe
). But really it's quite obvious. If you
don't authenticate the IV, then I can easily inject random crap
into your network by changing the IV.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
notice that they
use a broken version.
If we are going to do a warning I think the place to do it would
be in xfrm_algo.c. We could add an insecure/warning flag and if
then print a warning if said algorithm is used.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http
our implementation or by one that is identical to us.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body
correctly. It's only the IPsec
wrapper around it (rfc4106 in particular) that's broken.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line
will result in use of atomic ops
that are heavier than the ones we currently use.
The reasoning is that we're only guarding against a gross over-
subscription of the table, rather than a small breach of the limit.
Reported-by: Johannes Berg johannes.b...@intel.com
Signed-off-by: Herbert Xu herb
in the authentication tag.
In fact after reviewing the two relevant RFCs (4106/4309) it seems
that we are correct after all since they explicitly exclude the IV
from the AAD.
Now we just need to figre out whether we're still OK with RFC4543.
Sorry for the false alarm.
Cheers,
--
Email: Herbert Xu herb
correctly. The existing templates will be
retained so that current users aren't broken by the fix.
Once the kernel side is complete we could then get the user-space
implementors to update their tools to request for the new v2
templates.
Comments?
Cheers,
--
Email: Herbert Xu herb
All implementers of AEAD should include crypto/internal/aead.h
instead of include/linux/crypto.h.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
arch/arm64/crypto/aes-ce-ccm-glue.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/crypto/aes-ce-ccm
blkcipher in addition to aead.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
net/mac802154/llsec.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
index dcf7395..3ccf1e9 100644
--- a/net/mac802154/llsec.c
+++ b/net
All users of AEAD should include crypto/aead.h instead of
include/linux/crypto.h.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/tcrypt.c |1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 22cdd61..2bff613 100644
--- a/crypto
All users of AEAD should include crypto/aead.h instead of
include/linux/crypto.h.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/algif_aead.c |1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index 00a6fe1..53702e9 100644
All users of AEAD should include crypto/aead.h instead of
include/linux/crypto.h.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
net/mac80211/aes_ccm.c |3 +--
net/mac80211/aes_gcm.c |3 +--
net/mac80211/aes_gmac.c |2 +-
3 files changed, 3 insertions(+), 5 deletions
All users of AEAD should include crypto/aead.h instead of
include/linux/crypto.h.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
---
crypto/testmgr.c |1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 18b7d49..d463978 100644
--- a/crypto
by list_move_tail()
Fixes: 12a169e7d8f(ipsec: Put dumpers on the dump list)
Cc: Herbert Xu herb...@gondor.apana.org.au
Signed-off-by: Li RongQing roy.qing...@gmail.com
This is not a bug fix but an optimisation. The walker entries are
all marked as dead and will be skipped by the loop.
However
patches
through my tree as the new AEAD interface would depend on them.
Thanks,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe netdev
rehash during insertion)
Signed-off-by: Thomas Graf tg...@suug.ch
Acked-by: Herbert Xu herb...@gondor.apana.org.au
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list
is not empty
Signed-off-by: Li RongQing roy.qing...@gmail.com
Acked-by: Herbert Xu herb...@gondor.apana.org.au
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send
rehash during insertion)
Signed-off-by: Thomas Graf tg...@suug.ch
Good catch. But I think this call should happen in
rhashtable_insert_rehash since it's on the slow-path.
Thanks,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http
: Add immediate rehash during insertion)
Signed-off-by: Thomas Graf tg...@suug.ch
Acked-by: Herbert Xu herb...@gondor.apana.org.au
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe
a namespace boundary.
But I will send a patch.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message
---
This patch reverts commit b8fb4e0648a2ab3734140342002f68fb0c7d1602
because the secmark must be preserved even when a packet crosses
namespace boundaries. The reason is that security labels apply to
the system as a whole and is not per-namespace.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
email where he gives you an obvious
solution. If you have to modify the skb then you don't have to
worry about the original fragments.
But if you only read the skb then don't linearise it completely
and keep the original fragments.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page
On Thu, Apr 16, 2015 at 07:40:30PM -0700, Alexei Starovoitov wrote:
On Fri, Apr 17, 2015 at 10:15:01AM +0800, Herbert Xu wrote:
seems the cleaner fix will be to push skb-mac_len instead?
No skb-mac_len is the same as skb2-dev-hard_header_len.
hmm. please help me understand the problem
on the hard header length
of ifb. This assumes that the original packet actually has enough
header for that so checks have been added to that effect.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
diff --git a/drivers/net/ifb.c b/drivers/net/ifb.c
index 34f846b..1256d26 100644
On Thu, Apr 16, 2015 at 06:34:02PM -0700, Alexei Starovoitov wrote:
On Fri, Apr 17, 2015 at 09:02:16AM +0800, Herbert Xu wrote:
@@ -105,7 +105,7 @@ static void ri_tasklet(unsigned long dev)
if (from AT_EGRESS) {
dev_queue_xmit(skb);
} else
On Wed, Apr 15, 2015 at 06:22:29PM +0800, Herbert Xu wrote:
Yes this is better. I'm currently auditing all the other bits
that are cleared to see if there is anything else that we should
preserve for tunneling.
OK the only other thing that we may wish to preserve is secmark.
James, can you
On Wed, Apr 15, 2015 at 05:41:26PM +0200, Nicolas Dichtel wrote:
Le 15/04/2015 15:57, Herbert Xu a écrit :
On Wed, Apr 15, 2015 at 06:22:29PM +0800, Herbert Xu wrote:
[snip]
Subject: skbuff: Do not scrub skb mark within the same name space
The commit ea23192e8e577dfc51e0f4fc5ca113af334edff9
of directly manipulating the content of the skb you
would so so through helpers and the helpers can then try to do
sensible things with the fragments.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert
rendering such hints incorrect.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord
and then process the overall skb as a unit in netfilter.
On output we simply fragment according to the original frag_list.
The only thing to watch out for is to eliminate anything in the
middle that tries to linearise the skb.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page
On Wed, Apr 15, 2015 at 12:20:42PM +0200, Nicolas Dichtel wrote:
Le 15/04/2015 12:01, Herbert Xu a écrit :
The commit ea23192e8e577dfc51e0f4fc5ca113af334edff9 (tunnels:
harmonize cleanup done on skb on rx path) broke anyone trying to
use netfilter marking across IPv4 tunnels. As the commit
On Wed, Apr 15, 2015 at 12:28:46PM +0200, Nicolas Dichtel wrote:
Here is the thread about the mark:
http://thread.gmane.org/gmane.linux.network/246876/focus=274528
Thanks but I don't see any justification for breaking the mark
feature.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
assume that it was a typo.
This patch reverts that change.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
index 88c386c..709e711 100644
--- a/net/ipv4/ip_tunnel_core.c
+++ b/net/ipv4/ip_tunnel_core.c
@@ -54,7 +54,8 @@ int
On Wed, Apr 15, 2015 at 06:01:07PM +0800, Herbert Xu wrote:
The commit ea23192e8e577dfc51e0f4fc5ca113af334edff9 (tunnels:
harmonize cleanup done on skb on rx path) broke anyone trying to
use netfilter marking across IPv4 tunnels. As the commit message
did not give any justification
?
This is all very puzzling since the patch in question shouldn't
change an RX load at all.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Fri, Feb 15, 2008 at 12:05:32AM -0800, David Stevens wrote:
For the future, maybe we should rename that, or reverse
the sense of it (in v4 as well). :-)
Yeah it really should be called local_mayfrag.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL
to reverse the local_df test when forward-porting this
patch so it actually makes things worse by never fragmenting at
all.
Thanks to David Stevens for testing and reporting this bug.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu
-porting this
patch so it actually makes things worse by never fragmenting at
all.
Thanks to David Stevens for testing and reporting this bug.
Bill Fink pointed out that the local_df setting is also the wrong
way around.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
Thanks,
--
Visit Openswan
it
work for the IPsec host case.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
diff --git
: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
serves. All it does is to make sure that extant flow objects get
killed at some point after the increment. There is absolutely no
requirement that the killing be immediate or synchronised.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page
on 32-bit still).
Does every packet from A trigger the crash?
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list
in tracking it down.
Could you show me the exact policies/SAs of the tunnel involved
in the crash?
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert
is running 2.6.24?
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body
the outside so if you have a patch... :)
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe
On Sat, Feb 02, 2008 at 11:16:35PM +0200, Adrian Bunk wrote:
A bug every C programmer makes at some point in time...
Signed-off-by: Adrian Bunk [EMAIL PROTECTED]
Good catch!
Acked-by: Herbert Xu [EMAIL PROTECTED]
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu
On Sat, Feb 02, 2008 at 11:53:29PM +0200, Ilpo Järvinen wrote:
Once again, one of this kind tries to creep in.
Signed-off-by: Ilpo Järvinen [EMAIL PROTECTED]
Heh, Adrian got there first :)
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED
/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
and there is not really a good way to affect a socket
after it was created.
You don't need to change the socket if you just call skb_gso_segment
when necessary.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP
fixes it by giving the input sequence number
its own member in the xfrm_skb_cb structure.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http
argument is reused to
indicate async resumption. That is, if we enter with encap_type 0,
it means that we're resuming a previous operation and seq.input has
therefore been set by the previous xfrm_input call.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL
PROTECTED]
Acked-by: Herbert Xu [EMAIL PROTECTED]
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line
have you been using IPComp in the past and what was the
last kernel version which was stable with IPComp?
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert
of
IPPROTO_IPIP (== 4). This broke the reception of incompressible
packets.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au
]
that Arnaldo posted recently.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe
501 - 600 of 2197 matches
Mail list logo