Re: [PATCH 7/7] mac80211: Switch to new AEAD interface

(sg[2], mic, GMAC_MIC_LEN); + sg_set_buf(sg[2], zero, GMAC_MIC_LEN); + sg_set_buf(sg[3], mic, GMAC_MIC_LEN); memcpy(iv, nonce, GMAC_NONCE_LEN); memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN); -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http

Re: [PATCH 7/7] mac80211: Switch to new AEAD interface

On Fri, May 22, 2015 at 10:18:03AM +0200, Johannes Berg wrote: Yep, that fixes things. Great I will respin the patches. Thanks, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[v2 PATCH 8/13] esp4: Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. The IV generation is also now carried out through normal AEAD methods. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/ipv4/esp4.c | 197

[v2 PATCH 9/13] esp6: Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. The IV generation is also now carried out through normal AEAD methods. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/ipv6/esp6.c | 197

[v2 PATCH 13/13] crypto: algif_aead - Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/algif_aead.c | 61 ++-- 1 file changed, 36

[v2 PATCH 12/13] crypto: tcrypt - Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/tcrypt.c | 15 +++ 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/crypto

[v2 PATCH 4/13] crypto: aead - Do not set cra_type for new style instances

The function aead_geniv_alloc currently sets cra_type even for new style instances. This is unnecessary and may hide bugs such as when our caller uses crypto_register_instance instead of the correct aead_register_instance. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/aead.c

[v2 PATCH 6/13] xfrm: Add IV generator information to xfrm_algo_desc

This patch adds IV generator information for each AEAD and block cipher to xfrm_algo_desc. This will be used to access the new AEAD interface. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- include/net/xfrm.h |2 ++ net/xfrm/xfrm_algo.c | 16 2 files changed

[v2 PATCH 11/13] mac80211: Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Tested-by: Johannes Berg johan...@sipsolutions.net Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/mac80211/aes_ccm.c | 30

[v2 PATCH 5/13] crypto: testmgr - Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/testmgr.c | 84 +++ 1 file changed, 48

Re: [PATCH 5/7] esp6: Switch to new AEAD interface

the distinction is made in the code that an IV is to be generated versus the given IV is to be used. Only IV generators algorithms will generate IV. The generated IV will be placed at the start of cipher text. See patches 14-16 for the actual implementation. Cheers, -- Email: Herbert Xu

Re: [PATCH 7/7] mac80211: Switch to new AEAD interface

, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info

[v2 PATCH 1/13] crypto: aead - Add crypto_aead_alg_ivsize/maxauthsize

AEAD algorithm implementors need to figure out a given algorithm's IV size and maximum authentication size. During the transition this is difficult to do as an algorithm could be new style or old style. This patch creates two helpers to make this easier. Signed-off-by: Herbert Xu herb

[v2 PATCH 3/13] crypto: echainiv - Use aead_register_instance

. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/echainiv.c | 42 +++--- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/crypto/echainiv.c b/crypto/echainiv.c index e5a9878..86e92fa 100644 --- a/crypto/echainiv.c +++ b/crypto

[v2 PATCH 0/13] crypto: Convert all AEAD users to new interface

this opportunity to move the IV generation knowledge into IPsec as that's where it belongs since we may in future wish to support different generation schemes for a single algorithm. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key

Re: [PATCH 5/7] esp6: Switch to new AEAD interface

.html Do I understand it correctly that you want to retire the givcrypt API entirely? Correct. IV generation will be carried as normal AEAD algorithms. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au

[v2 PATCH 10/13] mac802154: Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/mac802154/llsec.c | 41 ++--- 1 file changed, 14 insertions(+), 27

[v2 PATCH 7/13] ipsec: Add IV generator information to xfrm_state

This patch adds IV generator information to xfrm_state. This is currently obtained from our own list of algorithm descriptions. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- include/net/xfrm.h |1 + net/key/af_key.c |1 + net/xfrm/xfrm_user.c | 40

[v2 PATCH 2/13] crypto: seqiv - Use aead_register_instance

. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/seqiv.c | 135 + 1 file changed, 79 insertions(+), 56 deletions(-) diff --git a/crypto/seqiv.c b/crypto/seqiv.c index a9bfbda..2680e94 100644 --- a/crypto/seqiv.c +++ b/crypto

[PATCH 0/2] crypto: Use tmpl-create when registering geniv

On Fri, May 22, 2015 at 11:04:39PM +0200, Stephan Mueller wrote: Am Freitag, 22. Mai 2015, 22:59:34 schrieb Stephan Mueller: Hi Stephan, Am Freitag, 22. Mai 2015, 16:31:04 schrieb Herbert Xu: Hi Herbert, This patch makes use of the new AEAD interface which uses a single SG

Re: [v2 PATCH 13/13] crypto: algif_aead - Switch to new AEAD interface

registered. */ err = -EAGAIN; -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord

Re: [PATCH 7/7] mac80211: Switch to new AEAD interface

On Thu, May 21, 2015 at 01:20:49PM +0200, Johannes Berg wrote: On Thu, 2015-05-21 at 18:44 +0800, Herbert Xu wrote: This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Looks fine - want me to run any tests

[PATCH 7/7] mac80211: Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/mac80211/aes_ccm.c | 30 ++ net/mac80211/aes_gcm.c | 30

[PATCH 3/7] ipsec: Add IV generator information to xfrm_state

This patch adds IV generator information to xfrm_state. This is currently obtained from our own list of algorithm descriptions. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- include/net/xfrm.h |1 + net/key/af_key.c |1 + net/xfrm/xfrm_user.c | 40

[PATCH 5/7] esp6: Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. The IV generation is also now carried out through normal AEAD methods. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/ipv6/esp6.c | 197

[PATCH 1/7] crypto: testmgr - Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/testmgr.c | 84 +++ 1 file changed, 48

[PATCH 4/7] esp4: Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. The IV generation is also now carried out through normal AEAD methods. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/ipv4/esp4.c | 197

[PATCH 0/7] crypto: Convert all AEAD users to new interface

not apply them. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More

[PATCH 6/7] mac802154: Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/mac802154/llsec.c | 41 ++--- 1 file changed, 14 insertions(+), 27

[PATCH 2/7] xfrm: Add IV generator information to xfrm_algo_desc

This patch adds IV generator information for each AEAD and block cipher to xfrm_algo_desc. This will be used to access the new AEAD interface. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- include/net/xfrm.h |2 ++ net/xfrm/xfrm_algo.c | 16 2 files changed

Re: [PATCH 0/7] crypto: Convert all AEAD users to new interface

On Thu, May 21, 2015 at 12:03:47PM -0400, David Miller wrote: No objections on my end. I assume since the dependencies exist in the crypto tree, you'll want to merge this series there right? Yes that's probably the easiest path. Thanks, -- Email: Herbert Xu herb...@gondor.apana.org.au

Re: [PATCH 0/7] crypto: Convert all AEAD users to new interface

inspired this :) I just want to do the users outside crypto first before the rest. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line

Re: [PATCH net-next] bridge: allow setting hash_max + multicast_router if interface is down

. With this patch hash_max and multicast_router attributes can be changed even if the according bridge (port) is down, just like other other bridge (port) attributes allow too. Signed-off-by: Linus Lüssing linus.luess...@c0d3.blue Acked-by: Herbert Xu herb...@gondor.apana.org.au -- Email

Re: [PATCH net-next] bridge: allow setting hash_max + multicast_router if interface is down

On Thu, May 21, 2015 at 08:11:32PM -0700, Cong Wang wrote: For me it looks like we do use p-rlist in BH context, but I could easily miss something here. Because the caller disables BH for us. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au

Re: [PATCH 7/7] mac80211: Switch to new AEAD interface

On Thu, May 21, 2015 at 02:17:44PM +0200, Johannes Berg wrote: Do you have a branch somewhere with all of that? OK the prerequisite patches are now in cryptodev. Thanks, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http

xfrm: Always zero high-order sequence number bits

As we're now always including the high bits of the sequence number in the IV generation process we need to ensure that they don't contain crap. This patch ensures that the high sequence bits are always zeroed so that we don't leak random data into the IV. Signed-off-by: Herbert Xu herb

Re: [RFC PATCH net-next] bridge: allow setting hash_max + multicast_router if interface is down

the timers from being readded. AFAICS the spots you patched aren't adding timers so they *should* be OK. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list

Re: [net PATCH] ip_vti/ip6_vti: Clear skb-mark when resetting skb-dev in receive path

is it possible to restore the original mark after the lookups? At least that way it is still possible to use the mark before and after the encapsulation. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert

Re: rhashtable: Add cap on number of elements in hash table

at logN loglogN. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org

Re: [RFC PATCH net-next 00/11] netns: don't switch namespace while creating kernel sockets

to be a socket. We must hide this subtlety from ops implementors since they have no knowledge of our implementation. Expecting them to deal with this is going to result in bugs, and we have already had multiple bugs in this area. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page

Re: [PATCH net-next 1/2] rhashtable: Simplify iterator code

Thomas Graf tg...@suug.ch wrote: Remove useless obj variable and goto logic. Signed-off-by: Thomas Graf tg...@suug.ch Acked-by: Herbert Xu herb...@gondor.apana.org.au Thanks, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http

Re: [bisected] ICMP fragmentation needed ignored / PMTU discovery broken since 3.19-rc7

rt_pmtu then prevents the new PMTU value from being installed. Fixes: 3cdaa5be9e81 (ipv4: Don't increase PMTU with Datagram Too Big message) Reported-by: Gerd v. Egidy gerd.von.eg...@intra2net.com Signed-off-by: Herbert Xu herb...@gondor.apana.org.au diff --git a/net/ipv4/route.c b/net/ipv4

Re: rhashtable: Add cap on number of elements in hash table

limited to 64K is not a good thing. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord

Re: rhashtable: Add cap on number of elements in hash table

OK with Johannes's original patch. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord

Re: rhashtable: Add cap on number of elements in hash table

at coming up with a simpler fix but I think we need something that does not let you add unlimited entries to af_netlink. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe

Re: CCM/GCM implementation defect

). But really it's quite obvious. If you don't authenticate the IV, then I can easily inject random crap into your network by changing the IV. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: CCM/GCM implementation defect

notice that they use a broken version. If we are going to do a warning I think the place to do it would be in xfrm_algo.c. We could add an insecure/warning flag and if then print a warning if said algorithm is used. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http

Re: CCM/GCM implementation defect

our implementation or by one that is identical to us. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe netdev in the body

Re: CCM/GCM implementation defect

correctly. It's only the IPsec wrapper around it (rfc4106 in particular) that's broken. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line

rhashtable: Add cap on number of elements in hash table

will result in use of atomic ops that are heavier than the ones we currently use. The reasoning is that we're only guarding against a gross over- subscription of the table, rather than a small breach of the limit. Reported-by: Johannes Berg johannes.b...@intel.com Signed-off-by: Herbert Xu herb

Re: CCM/GCM implementation defect

in the authentication tag. In fact after reviewing the two relevant RFCs (4106/4309) it seems that we are correct after all since they explicitly exclude the IV from the AAD. Now we just need to figre out whether we're still OK with RFC4543. Sorry for the false alarm. Cheers, -- Email: Herbert Xu herb

CCM/GCM implementation defect

correctly. The existing templates will be retained so that current users aren't broken by the fix. Once the kernel side is complete we could then get the user-space implementors to update their tools to request for the new v2 templates. Comments? Cheers, -- Email: Herbert Xu herb

[PATCH 1/6] crypto: arm64/aes-ce-ccm - Include crypto/internal/aead.h

All implementers of AEAD should include crypto/internal/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- arch/arm64/crypto/aes-ce-ccm-glue.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/crypto/aes-ce-ccm

[PATCH 6/6] mac802154: Include crypto/aead.h

blkcipher in addition to aead. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/mac802154/llsec.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c index dcf7395..3ccf1e9 100644 --- a/net/mac802154/llsec.c +++ b/net

[PATCH 3/6] crypto: tcrypt - Include crypto/aead.h

All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/tcrypt.c |1 + 1 file changed, 1 insertion(+) diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 22cdd61..2bff613 100644 --- a/crypto

[PATCH 2/6] crypto: algif_aead - Include crypto/aead.h

All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/algif_aead.c |1 + 1 file changed, 1 insertion(+) diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index 00a6fe1..53702e9 100644

[PATCH 5/6] mac80211: Include crypto/aead.h

All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/mac80211/aes_ccm.c |3 +-- net/mac80211/aes_gcm.c |3 +-- net/mac80211/aes_gmac.c |2 +- 3 files changed, 3 insertions(+), 5 deletions

[PATCH 4/6] crypto: testmgr - Include crypto/aead.h

All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/testmgr.c |1 + 1 file changed, 1 insertion(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 18b7d49..d463978 100644 --- a/crypto

Re: [PATCH] xfrm: fix the xfrm_policy/state_walk

by list_move_tail() Fixes: 12a169e7d8f(ipsec: Put dumpers on the dump list) Cc: Herbert Xu herb...@gondor.apana.org.au Signed-off-by: Li RongQing roy.qing...@gmail.com This is not a bug fix but an optimisation. The walker entries are all marked as dead and will be skipped by the loop. However

[PATCH 0/6] crypto: Make all AEAD users include aead.h

patches through my tree as the new AEAD interface would depend on them. Thanks, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe netdev

Re: [PATCH net 1/2] rhashtable: Schedule async resize when sync realloc fails

rehash during insertion) Signed-off-by: Thomas Graf tg...@suug.ch Acked-by: Herbert Xu herb...@gondor.apana.org.au -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list

Re: [PATCH][net-next][v2] xfrm: optimise the use of walk list header in xfrm_policy/state_walk

is not empty Signed-off-by: Li RongQing roy.qing...@gmail.com Acked-by: Herbert Xu herb...@gondor.apana.org.au -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send

Re: [PATCH net 1/2] rhashtable: Schedule async resize when sync realloc fails

rehash during insertion) Signed-off-by: Thomas Graf tg...@suug.ch Good catch. But I think this call should happen in rhashtable_insert_rehash since it's on the slow-path. Thanks, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http

Re: [PATCH net 2/2] rhashtable: Do not schedule more than one rehash if we can't grow further

: Add immediate rehash during insertion) Signed-off-by: Thomas Graf tg...@suug.ch Acked-by: Herbert Xu herb...@gondor.apana.org.au -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe

Re: [v3] skbuff: Do not scrub skb mark within the same name space

a namespace boundary. But I will send a patch. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message

Revert net: Reset secmark when scrubbing packet

--- This patch reverts commit b8fb4e0648a2ab3734140342002f68fb0c7d1602 because the secmark must be preserved even when a packet crosses namespace boundaries. The reason is that security labels apply to the system as a whole and is not per-namespace. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au

Re: [PATCH -next 0/3] net: cap size to original frag size when refragmenting

email where he gives you an obvious solution. If you have to modify the skb then you don't have to worry about the original fragments. But if you only read the skb then don't linearise it completely and keep the original fragments. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page

[v2] act_mirred: Fix bogus header when redirecting from VLAN

On Thu, Apr 16, 2015 at 07:40:30PM -0700, Alexei Starovoitov wrote: On Fri, Apr 17, 2015 at 10:15:01AM +0800, Herbert Xu wrote: seems the cleaner fix will be to push skb-mac_len instead? No skb-mac_len is the same as skb2-dev-hard_header_len. hmm. please help me understand the problem

act_mirred: Fix bogus header when redirecting from VLAN

on the hard header length of ifb. This assumes that the original packet actually has enough header for that so checks have been added to that effect. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au diff --git a/drivers/net/ifb.c b/drivers/net/ifb.c index 34f846b..1256d26 100644

Re: act_mirred: Fix bogus header when redirecting from VLAN

On Thu, Apr 16, 2015 at 06:34:02PM -0700, Alexei Starovoitov wrote: On Fri, Apr 17, 2015 at 09:02:16AM +0800, Herbert Xu wrote: @@ -105,7 +105,7 @@ static void ri_tasklet(unsigned long dev) if (from AT_EGRESS) { dev_queue_xmit(skb); } else

Re: ip_tunnel: Remove gratuitous skb scrubbing

On Wed, Apr 15, 2015 at 06:22:29PM +0800, Herbert Xu wrote: Yes this is better. I'm currently auditing all the other bits that are cleared to see if there is anything else that we should preserve for tunneling. OK the only other thing that we may wish to preserve is secmark. James, can you

[v3] skbuff: Do not scrub skb mark within the same name space

On Wed, Apr 15, 2015 at 05:41:26PM +0200, Nicolas Dichtel wrote: Le 15/04/2015 15:57, Herbert Xu a écrit : On Wed, Apr 15, 2015 at 06:22:29PM +0800, Herbert Xu wrote: [snip] Subject: skbuff: Do not scrub skb mark within the same name space The commit ea23192e8e577dfc51e0f4fc5ca113af334edff9

Re: [PATCH -next 0/3] net: cap size to original frag size when refragmenting

of directly manipulating the content of the skb you would so so through helpers and the helpers can then try to do sensible things with the fragments. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert

Re: [Xen-devel] tcp: refine TSO autosizing causes performance regression on Xen

rendering such hints incorrect. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord

Re: [PATCH -next 0/3] net: cap size to original frag size when refragmenting

and then process the overall skb as a unit in netfilter. On output we simply fragment according to the original frag_list. The only thing to watch out for is to eliminate anything in the middle that tries to linearise the skb. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page

Re: ip_tunnel: Remove gratuitous skb scrubbing

On Wed, Apr 15, 2015 at 12:20:42PM +0200, Nicolas Dichtel wrote: Le 15/04/2015 12:01, Herbert Xu a écrit : The commit ea23192e8e577dfc51e0f4fc5ca113af334edff9 (tunnels: harmonize cleanup done on skb on rx path) broke anyone trying to use netfilter marking across IPv4 tunnels. As the commit

Re: ip_tunnel: Remove gratuitous skb scrubbing

On Wed, Apr 15, 2015 at 12:28:46PM +0200, Nicolas Dichtel wrote: Here is the thread about the mark: http://thread.gmane.org/gmane.linux.network/246876/focus=274528 Thanks but I don't see any justification for breaking the mark feature. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au

ip_tunnel: Remove gratuitous skb scrubbing

assume that it was a typo. This patch reverts that change. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c index 88c386c..709e711 100644 --- a/net/ipv4/ip_tunnel_core.c +++ b/net/ipv4/ip_tunnel_core.c @@ -54,7 +54,8 @@ int

Re: ip_tunnel: Remove gratuitous skb scrubbing

On Wed, Apr 15, 2015 at 06:01:07PM +0800, Herbert Xu wrote: The commit ea23192e8e577dfc51e0f4fc5ca113af334edff9 (tunnels: harmonize cleanup done on skb on rx path) broke anyone trying to use netfilter marking across IPv4 tunnels. As the commit message did not give any justification

Re: TG3 network data corruption regression 2.6.24/2.6.23.4

? This is all very puzzling since the patch in question shouldn't change an RX load at all. Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [IPV6]: Fix IPsec datagram fragmentation

On Fri, Feb 15, 2008 at 12:05:32AM -0800, David Stevens wrote: For the future, maybe we should rename that, or reverse the sense of it (in v4 as well). :-) Yeah it really should be called local_mayfrag. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL

Re: [IPV6]: Fix IPsec datagram fragmentation

to reverse the local_df test when forward-porting this patch so it actually makes things worse by never fragmenting at all. Thanks to David Stevens for testing and reporting this bug. Signed-off-by: Herbert Xu [EMAIL PROTECTED] Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu

Re: [IPV6]: Fix IPsec datagram fragmentation

-porting this patch so it actually makes things worse by never fragmenting at all. Thanks to David Stevens for testing and reporting this bug. Bill Fink pointed out that the local_df setting is also the wrong way around. Signed-off-by: Herbert Xu [EMAIL PROTECTED] Thanks, -- Visit Openswan

[IPV6]: Fix IPsec datagram fragmentation

it work for the IPsec host case. Signed-off-by: Herbert Xu [EMAIL PROTECTED] Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- diff --git

Re: oops with ipcomp

: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org

Re: [NET/IPv6] Race condition with flow_cache_genid?

serves. All it does is to make sure that extant flow objects get killed at some point after the increment. There is absolutely no requirement that the killing be immediate or synchronised. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page

Re: oops with ipcomp

on 32-bit still). Does every packet from A trigger the crash? Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list

Re: oops with ipcomp

in tracking it down. Could you show me the exact policies/SAs of the tunnel involved in the crash? Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert

Re: oops with ipcomp

is running 2.6.24? Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe netdev in the body

Re: xfrm_input() and -seq oddities

the outside so if you have a patch... :) Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe

Re: [2.6 patch] xfrm4_beet_input(): fix an if()

On Sat, Feb 02, 2008 at 11:16:35PM +0200, Adrian Bunk wrote: A bug every C programmer makes at some point in time... Signed-off-by: Adrian Bunk [EMAIL PROTECTED] Good catch! Acked-by: Herbert Xu [EMAIL PROTECTED] Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu

Re: [PATCH] [XFRM] BEET: Remove extra semicolon after if

On Sat, Feb 02, 2008 at 11:53:29PM +0200, Ilpo Järvinen wrote: Once again, one of this kind tries to creep in. Signed-off-by: Ilpo Järvinen [EMAIL PROTECTED] Heh, Adrian got there first :) Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED

Re: [PATCH] Disable TSO for non standard qdiscs

/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http

Re: [PATCH] Disable TSO for non standard qdiscs

and there is not really a good way to affect a socket after it was created. You don't need to change the socket if you just call skb_gso_segment when necessary. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP

Re: xfrm_input() and -seq oddities

fixes it by giving the input sequence number its own member in the xfrm_skb_cb structure. Signed-off-by: Herbert Xu [EMAIL PROTECTED] Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http

Re: xfrm_input() and -seq oddities

argument is reused to indicate async resumption. That is, if we enter with encap_type 0, it means that we're resuming a previous operation and seq.input has therefore been set by the previous xfrm_input call. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL

Re: [PATCH 1/1]: Add support for aes-ctr to ipsec

PROTECTED] Acked-by: Herbert Xu [EMAIL PROTECTED] Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line

Re: oops with ipcomp

have you been using IPComp in the past and what was the last kernel version which was stable with IPComp? Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert

Re: ipcomp regression in 2.6.24

of IPPROTO_IPIP (== 4). This broke the reception of incompressible packets. Signed-off-by: Herbert Xu [EMAIL PROTECTED] Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au

Re: [Bugme-new] [Bug 9825] New: GPF in kernel when /sbin/ss used for display DCCP sockets.

] that Arnaldo posted recently. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe

<    1   2   3   4   5   6   7   8   9   10   >