Re: [PATCH] LRO ack aggregation

) because I don't want be in a situation down the track where every driver is going to add this option so that they're not left behind in the arms race. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert

Re: [PATCH] LRO ack aggregation

in general that Dave raised. That is this may cause the proliferation of TCP receiver behaviour that may be undesirable. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au

Re: [PATCH 1/1]: SAs created although tmpl-optional set

that the SA may not be present on input. It's only used for IPComp where we may skip the IPComp if the data is not compressible. In other words the optional flag is really only meaningful on inbuond policy checks. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI

Re: [PATCH 1/2] [IPV4] UDP: Always checksum even if without socket filter

the counters itself. Of course if someone could merge that code so that NFS uses more generic code then it's even better. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au

Re: [PATCH] LRO ack aggregation

, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL

Re: [PATCH, take2] netfilter : struct xt_table_info diet

://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info

[TCP]: Fix TCP header misalignment

but all the current callers are from TCP. If and when we get a non-TCP caller we can always create a TCP wrapper for this function and move the alignment over there. Signed-off-by: Herbert Xu [EMAIL PROTECTED] Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL

Re: [PATCH 1/2] [IPV4] UDP: Always checksum even if without socket filter

} So I think incrementing it in recvmsg is acceptable. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send

Re: [TCP]: Fix TCP header misalignment

, perhaps that is no longer the case on today's Internet :) Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send

Re: [PATCH] IPV4 : Move ip route cache flush (secret_rebuild) from softirq to workqueue

, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL

Re: [PATCH] IPV4 : Move ip route cache flush (secret_rebuild) from softirq to workqueue

://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http

Re: [PATCH] IPV4 : Move ip route cache flush (secret_rebuild) from softirq to workqueue

(); \ barrier(); \ preempt_check_resched(); \ } while (0) when CONFIG_PREEMPT is enabled. So at least in this case the cond_resched call is superfluous. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au

Re: FW: [PATCH 2/2] [e1000 VLAN] Disable vlan hw accel when promiscuous mode

. Once you do that packet schedulers can scribble all over skb-cb. Also vlan_skb_recv should be moved out-of-line. It's absolutely humongous. It'll generate tail-calls anyway so performance-wise it's useless. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL

Re: [PATCH 1/2] [IPV4] UDP: Always checksum even if without socket filter

here as well. Hmm, we really need to spend more time on merging stuff between IPv4 and IPv6 to save all this duplication of effort. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http

Re: [PATCH 19/24] [IPSEC]: Merge most of the output path

not just converting ESP over to async, I'm also changing it to use the AEAD interface which is needed for it to properly support algorithms such as CCM. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP

Re: [PATCH 2/2] [IPSEC]: Add async resume support on input

: [NETFILTER]: Introduce NF_INET_ hook values It always evaluates to NF_INET_POST_ROUTING. Signed-off-by: David S. Miller [EMAIL PROTECTED] Thank you! -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert

Re: 2.6.24-rc2: Network commit causes SLUB performance regression with tbench

doesn't need this either, all it wants is the guarantee that there is no tail room. So this patch fixes this by adjusting the skb_reserve call so that exactly the requested amount (which all callers have calculated in a precise way) is made available as tail room. Signed-off-by: Herbert Xu [EMAIL

Re: [PATCH] Remove notifier block from chain when register_netdevice_notifier fails

Pavel! Acked-by: Herbert Xu [EMAIL PROTECTED] -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe

Re: [PATCH] Remove notifier block from chain when register_netdevice_notifier fails

? Was this made deliberately? I think it's more of an oversight :) Although it has no real impact because the only user that matters here is IPv6 and it can't be unloaded. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http

Re: 2.6.24-rc2: Network commit causes SLUB performance regression with tbench

-order allocations which IMHO is a good thing :) Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line

Re: [PATCH 2/5] accounting unit and variable

)amt, SK_DATAGRAM_MEM_QUANTUM); +} + Thanks, this looks OK to me. -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list

Re: network interface state

. Actually netlink packets come with headers so we do allow chaining. See netlink_rcv_skb for details. We don't make use of that on recvmsg() though although theoretically user-space is supposed to be ready to handle that too. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu

Re: [PATCH] NET : rt_check_expire() can take a long time, add a cond_resched()

to process is black magic. IMHO preemption is the answer :) But failing that, a resched is the next best thing. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au

Re: [PATCH 2/2] [e1000 VLAN] Disable vlan hw accel when promiscuous mode

tags. So it would seem logical to have it turn off VLAN filtering too. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from

Re: [PATCH 13/24] [IPSEC]: Move x-outer_mode-output out of locked section

that the value stored in it is only an unsigned long which is always atomic. So based on his suggestion this patch changes the internal representation from u64 to unsigned long while the user-interface still refers to it as u64. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/xfrm.h

Re: [PATCH 2/2] [e1000 VLAN] Disable vlan hw accel when promiscuous mode

://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info

Re: [PATCH 2/2] [e1000 VLAN] Disable vlan hw accel when promiscuous mode

be encouraged to convert e1000 to the new interface :) Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send

Re: [PATCH 2/5] accounting unit and variable

On Tue, Nov 13, 2007 at 10:27:13PM -0500, Hideo AOKI wrote: Herbert Xu wrote: +#define SK_DATAGRAM_MEM_QUANTUM ((int)PAGE_SIZE) + +static inline int sk_datagram_pages(int amt) +{ + return DIV_ROUND_UP(amt, SK_DATAGRAM_MEM_QUANTUM); +} Does this really have to be int? Unsigned

[PATCH 1/2] [IPSEC]: Remove nhoff from xfrm_input

for async crypto. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/xfrm.h |1 - net/ipv4/xfrm4_input.c | 11 +++ net/ipv4/xfrm4_output.c |2 ++ net/ipv4/xfrm4_state.c |1 - net/ipv6/xfrm6_input.c |4 +++- net/ipv6/xfrm6_output.c |3 ++- net/ipv6

[PATCH 2/2] [IPSEC]: Add async resume support on input

[IPSEC]: Add async resume support on input This patch adds support for async resumptions on input. To do so, the transform would return -EINPROGRESS and subsequently invoke the function xfrm_input_resume to resume processing. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/xfrm.h

Re: [PATCH 2/2] [IPSEC]: Add async resume support on input

://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info

[IPSEC]: Fix ip_local_out when NETFILTER is off

that the loop executes properly and we don't end up nesting too deep and overrun the stack. Signed-off-by: Herbert Xu [EMAIL PROTECTED] Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http

UDP-Lite and /proc/net/snmp

/snmp: Success $ Should we remove it again or let it stay this time? Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from

Re: UDP-Lite and /proc/net/snmp

it with -s as otherwise it doesn't look at /proc/net/snmp. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send

Re: UDP-Lite and /proc/net/snmp

? Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message

Re: UDP-Lite and /proc/net/snmp

: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org

Re: [PATCH 1/1]: Using ICMP type and code in xfrm selector

: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http

Re: [PATCH 1/5] fix send buffer check

On Mon, Oct 29, 2007 at 05:22:53PM -0400, Hideo AOKI wrote: This patch introduces sndbuf size check before memory allocation for send buffer. Looks good, what about IPv6? Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http

Re: [PATCH 2/5] accounting unit and variable

optimise this to a simple shift. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe

Re: [PATCH 3/5] memory accounting

. Although in future I'd prefer this to use the forward alloc model used by stream sockets. In fact we should be able to share most of that code too. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert

Re: Fwd: Re: [PATCH] iSCSI fix endieness of digest to be network byte order

at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo

Re: [PATCH 19/24] [IPSEC]: Merge most of the output path

... for both IPv4 and IPv6? Nice work! Thanks Patrick. -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line

[PATCH 14/24] [INET]: Give outer DSCP directly to ip*_copy_dscp

[INET]: Give outer DSCP directly to ip*_copy_dscp This patch changes the prototype of ipv4_copy_dscp and ipv6_copy_dscp so that they directly take the outer DSCP rather than the outer IP header. This will help us to unify the code for inter-family tunnels. Signed-off-by: Herbert Xu [EMAIL

[PATCH 10/24] [IPSEC]: Move flow construction into xfrm_dst_lookup

logic from the callers of xfrm_dst_lookup which is needed to correctly support inter-family transforms. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/xfrm.h | 10 +--- net/ipv4/xfrm4_policy.c | 80 ++- net/ipv6/xfrm6_policy.c | 97

[PATCH 16/24] [IPSEC]: Separate inner/outer mode processing on input

to modify the inner IP header. In this way the input function no longer has to know about the outer address family. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/xfrm.h | 27 + net/ipv4/xfrm4_input.c |7 +++- net/ipv4/xfrm4_mode_beet.c | 67

[PATCH 20/24] [IPSEC]: Add async resume support on output

[IPSEC]: Add async resume support on output This patch adds support for async resumptions on output. To do so, the transform would return -EINPROGRESS and subsequently invoke the function xfrm_output_resume to resume processing. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net

[PATCH 18/24] [IPV6]: Add ip6_local_out

from removing duplicate code, it will also help in merging the IPsec output path. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/ipv6.h |7 +++ net/ipv6/ip6_output.c| 35 +-- net/ipv6/ip6_tunnel.c|4

[PATCH 19/24] [IPSEC]: Merge most of the output path

output code. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/dst.h |1 include/net/xfrm.h |1 net/ipv4/route.c|1 net/ipv4/xfrm4_output.c | 76 ++- net/ipv4/xfrm4_policy.c |1 net/ipv4/xfrm4_state.c

[PATCH 24/24] [IPSEC]: Move state lock into x-type-input

[IPSEC]: Move state lock into x-type-input This patch releases the lock on the state before calling x-type-input. It also adds the lock to the spots where they're currently needed. Most of those places (all except mip6) are expected to disappear with async crypto. Signed-off-by: Herbert Xu

[PATCH 4/24] [NET]: Eliminate duplicate copies of dst_discard

. It doesn't really matter in practice since few if any driver would react differently depending on a zero return value or NET_RX_DROP. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/dst.h |1 + net/core/dst.c|3 ++- net/decnet/dn_route.c | 13 + net

[PATCH 9/24] [IPSEC]: Replace x-type-{local,remote}_addr with flags

-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/xfrm.h |4 ++-- net/ipv6/mip6.c | 11 ++- net/ipv6/xfrm6_policy.c | 20 3 files changed, 12 insertions(+), 23 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 58dfa82

[PATCH 6/24] [IPSEC]: Only set neighbour on top xfrm dst

-by: Herbert Xu [EMAIL PROTECTED] --- net/ipv4/xfrm4_policy.c |5 +++-- net/ipv6/xfrm6_policy.c |6 -- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 5ee3a2f..7d250a1 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4

[PATCH 8/24] [IPSEC]: Make sure idev is consistent with dev in xfrm_dst

to -ENODEV (fortunately the IPv4 version warned about it). Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/ipv4/xfrm4_policy.c | 13 + net/ipv6/xfrm6_policy.c | 15 ++- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4

[PATCH 3/24] [IPV6]: Move nfheader_len into rt6_info

-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/dst.h |1 - include/net/ip6_fib.h | 11 --- net/ipv4/xfrm4_policy.c |1 - net/ipv6/ip6_output.c |5 +++-- net/ipv6/xfrm6_policy.c |3 ++- 5 files changed, 13 insertions(+), 8 deletions(-) diff --git a/include

[0/24] Merge IPv4/IPv6 IPsec bundle creation and input/ouput

Hi Dave: Here's a dump of what I've currently got in my IPsec tree. It contains all the patches I've posted previously which are yet to be merged. The first 11 patches are unchanged from the previous posting. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI

[PATCH 12/24] [IPSEC]: Forbid BEET + ipcomp for now

. To support this fully we'd also need to change the policy checks on input to recognise a plain tunnel as a legal variant of an optional BEET transform. This patch simply fails such constructions for now. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/ipv4/ipcomp.c | 20

[PATCH 23/24] [IPSEC]: Move integrity stat collection into xfrm_input

EBADMSG (currently unused in the crypto layer) is used to indicate a failed integrity check. In future this error can be directly returned by the crypto layer once we switch to aead algorithms. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/ipv4/ah4.c|3 +-- net/ipv4/esp4.c

[PATCH 11/24] [IPSEC]: Merge common code into xfrm_bundle_create

-family transforms where we treat every xfrm dst in the bundle as if it belongs to the top family. This patch also fixes a long-standing error-path bug where we may free the xfrm states twice. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/xfrm.h | 11 +- net/ipv4/xfrm4_policy.c

[PATCH 7/24] [IPSEC]: Set dst-input to dst_discard

[IPSEC]: Set dst-input to dst_discard The input function should never be invoked on IPsec dst objects. This is because we don't apply IPsec on input until after we've made the routing decision. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/ipv4/xfrm4_policy.c |3 ++- net/ipv6

[PATCH 22/24] [IPSEC]: Store xfrm states in security path directly

each transform. In fact, it's much easier to just skip the stack completely and always store to the security path. This is proven by the fact that this patch actually shrinks the code. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/xfrm/xfrm_input.c | 42

[PATCH 5/24] [NET]: Remove unnecessary inclusion of dst.h

[NET]: Remove unnecessary inclusion of dst.h The file net/netevent.h only refers to struct dst_entry * so it doesn't need to include dst.h. I've replaced it with a forward declaration. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/netevent.h |2 +- 1 files changed, 1

[PATCH 2/24] [IPSEC]: Use dst-header_len when resizing on output

[IPSEC]: Use dst-header_len when resizing on output Currently we use x-props.header_len when resizing on output. However, if we're resizing at all we might as well go the whole hog and do it for the whole dst. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/xfrm/xfrm_output.c |3

[PATCH 15/24] [IPSEC]: Separate inner/outer mode processing on output

into them. This allows the correct ICMP message to be sent as opposed to now where you might call icmp_send with an IPv6 packet and vice versa. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/xfrm.h | 51 ++- net/ipv4/xfrm4_mode_beet.c

[PATCH 17/24] [IPV4]: Add ip_local_out

over to it. Apart from removing duplicate code, it will also help in merging the IPsec output path once the same thing is done for IPv6. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/ip.h|6 + include/net/ipip.h |5 +--- net/ipv4/igmp.c

[PATCH 13/24] [IPSEC]: Move x-outer_mode-output out of locked section

into the output function without causing a potential dead-lock should the ICMP error somehow hit the same SA on transmission. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/ipv6/xfrm6_mode_ro.c |3 +++ net/xfrm/xfrm_output.c |8 2 files changed, 7 insertions(+), 4 deletions(-) diff

[PATCH 21/24] [IPSEC]: Merge most of the input path

input code. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/xfrm.h | 22 net/ipv4/xfrm4_input.c | 126 + net/ipv4/xfrm4_state.c |1 net/ipv6/xfrm6_input.c | 118 + net/ipv6

[PATCH 1/24] [IPV6]: Only set nfheader_len for top xfrm dst

for incrementing and decrementing header lengths in xfrm6_policy.c. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/ipv6/ip6_output.c |3 ++- net/ipv6/xfrm6_policy.c | 26 -- 2 files changed, 6 insertions(+), 23 deletions(-) diff --git a/net/ipv6/ip6_output.c b/net

Re: [PATCH 13/24] [IPSEC]: Move x-outer_mode-output out of locked section

On Wed, Nov 07, 2007 at 05:17:42PM +0100, Ingo Oeser wrote: Hi Herbert, Herbert Xu schrieb: diff --git a/net/ipv6/xfrm6_mode_ro.c b/net/ipv6/xfrm6_mode_ro.c index a7bc8c6..4a01cb3 100644 --- a/net/ipv6/xfrm6_mode_ro.c +++ b/net/ipv6/xfrm6_mode_ro.c @@ -53,7 +54,9 @@ static int

Re: Possible BUG on net/ipv4/ipcomp.c, line 358 (fwd)

to be tested with IS_ERR. This is based on a patch by Vicenç Beltran Querol. Signed-off-by: Herbert Xu [EMAIL PROTECTED] Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http

Re: 2.6.24-rc1: hangs when logging in to X session

://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info

Re: dn_route.c momentarily exiting RCU read-side critical section

the code converting all occurances of smp_read_barrier_depends to rcu_dereference. In this instance the rcu_dereference conversion doesn't make much sense so we should probably just revert it. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home

Re: dn_route.c momentarily exiting RCU read-side critical section

() be defending against? The reading of rt from the hash bucket and the dereferencing above. We need to make sure that we see the initialised rt. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http

Re: [PATCH] [IPv6] SNMP: Restore Udp6InErrors incrementation

in all case like the IPv4 code. Signed-off-by: Mitsuru Chinen [EMAIL PROTECTED] Looks good to me. Thanks for catching this! Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http

Re: [PATCH]: Fix networking scatterlist regressions.

On Tue, Oct 30, 2007 at 08:40:02PM -0700, David Miller wrote: I just checked the following bug fix into net-2.6 Thanks for getting to the bottom of this Dave! I seem to have mistaken the = for a |= in sg_mark_end :) Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu

Re: [UDP6]: Restore sk_filter optimisation

, we want to avoid divergent behaviour between IPv4 and IPv6. So for changes like this we should really modify both stacks in future rather than have each stack do its own thing. Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http

Re: [PATCH 1/2] [CRYPTO] tcrypt: Move sg_init_table out of timing loops

://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo

Re: [UDP6]: Restore sk_filter optimisation

attached so this isn't new. If it's a problem then we should just get it fixed. Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH 1/2] [CRYPTO] tcrypt: Move sg_init_table out of timing loops

On Mon, Oct 29, 2007 at 09:16:27PM +0100, Jens Axboe wrote: On Fri, Oct 26 2007, Herbert Xu wrote: [CRYPTO] tcrypt: Move sg_init_table out of timing loops This patch moves the sg_init_table out of the timing loops for hash algorithms so that it doesn't impact on the speed test results

Re: [0/11] Merge bundle creation and other misc fixes/clean-ups

. Sure. And I hope there will be a few more patches by then :) Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list

[0/2] [CRYPTO] users: Fix up remaining sg issues

Hi Dave: Here's a couple of patches to fix up the crypto users with respect to the scatterlist change. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert

[PATCH 1/2] [CRYPTO] tcrypt: Move sg_init_table out of timing loops

[CRYPTO] tcrypt: Move sg_init_table out of timing loops This patch moves the sg_init_table out of the timing loops for hash algorithms so that it doesn't impact on the speed test results. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- crypto/tcrypt.c | 20 ++-- 1 files

[PATCH 2/2] [CRYPTO] users: Fix up scatterlist conversion errors

[CRYPTO] users: Fix up scatterlist conversion errors This patch fixes the errors made in the users of the crypto layer during the sg_init_table conversion. It also adds a few conversions that were missing altogether. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- drivers/crypto/padlock-sha.c

[PATCH 3/3] [IPSEC]: Separate inner/outer mode processing on output

into them. This allows the correct ICMP message to be sent as opposed to now where you might call icmp_send with an IPv6 packet and vice versa. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/xfrm.h | 50 ++- net/ipv4/xfrm4_mode_beet.c

[0/3] [IPSEC]: Separate inner/outer family processing on output

://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo

[PATCH 1/3] [IPSEC]: Forbid BEET + ipcomp for now

. To support this fully we'd also need to change the policy checks on input to recognise a plain tunnel as a legal variant of an optional BEET transform. This patch simply fails such constructions for now. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/ipv4/ipcomp.c | 19 +++ net

[PATCH 2/3] [IPSEC]: Move x-outer_mode-output out of locked section

into the output function without causing a potential dead-lock should the ICMP error somehow hit the same SA on transmission. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/ipv6/xfrm6_mode_ro.c |3 +++ net/xfrm/xfrm_output.c |8 2 files changed, 7 insertions(+), 4 deletions(-) diff

Re: [PATCH 1/3] [IPSEC]: Forbid BEET + ipcomp for now

is missing, is it ? Indeed it is. I'm going to fix this and repost all 3 patches. Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: stateless 1:1 NAT

Florin Andrei [EMAIL PROTECTED] wrote: OK, if I download 2.6.24-rc1, will it have this feature already? Yes. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au

Re: [ANNOUNCE] iproute2-2.6.23

On Wed, Oct 17, 2007 at 09:10:02AM +0800, Herbert Xu wrote: Any chance you could include the NAT patch for the next release? [TC]: Add NAT action This patch adds the parser for the nat action which is used for stateless NAT. Signed-off-by: Herbert Xu [EMAIL PROTECTED] Hi Stephen

Re: [ANNOUNCE] iproute2-2.6.23

! -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL

[0/11] Merge bundle creation and other misc fixes/clean-ups

://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http

[PATCH 1/11] [IPV6]: Only set nfheader_len for top xfrm dst

for incrementing and decrementing header lengths in xfrm6_policy.c. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/ipv6/ip6_output.c |3 ++- net/ipv6/xfrm6_policy.c | 26 -- 2 files changed, 6 insertions(+), 23 deletions(-) diff --git a/net/ipv6/ip6_output.c b/net

[PATCH 2/11] [IPSEC]: Use dst-header_len when resizing on output

[IPSEC]: Use dst-header_len when resizing on output Currently we use x-props.header_len when resizing on output. However, if we're resizing at all we might as well go the whole hog and do it for the whole dst. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/xfrm/xfrm_output.c |3

[PATCH 3/11] [IPV6]: Move nfheader_len into rt6_info

-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/dst.h |1 - include/net/ip6_fib.h | 11 --- net/ipv4/xfrm4_policy.c |1 - net/ipv6/ip6_output.c |5 +++-- net/ipv6/xfrm6_policy.c |3 ++- 5 files changed, 13 insertions(+), 8 deletions(-) diff --git a/include

[PATCH 4/11] [NET]: Eliminate duplicate copies of dst_discard

. It doesn't really matter in practice since few if any driver would react differently depending on a zero return value or NET_RX_DROP. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/dst.h |1 + net/core/dst.c|3 ++- net/decnet/dn_route.c | 13 + net

[PATCH 5/11] [NET]: Remove unnecessary inclusion of dst.h

[NET]: Remove unnecessary inclusion of dst.h The file net/netevent.h only refers to struct dst_entry * so it doesn't need to include dst.h. I've replaced it with a forward declaration. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/netevent.h |2 +- 1 files changed, 1

[PATCH 6/11] [IPSEC]: Only set neighbour on top xfrm dst

-by: Herbert Xu [EMAIL PROTECTED] --- net/ipv4/xfrm4_policy.c |5 +++-- net/ipv6/xfrm6_policy.c |6 -- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 5ee3a2f..7d250a1 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4

[PATCH 7/11] [IPSEC]: Set dst-input to dst_discard

[IPSEC]: Set dst-input to dst_discard The input function should never be invoked on IPsec dst objects. This is because we don't apply IPsec on input until after we've made the routing decision. Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/ipv4/xfrm4_policy.c |3 ++- net/ipv6

[PATCH 8/11] [IPSEC]: Make sure idev is consistent with dev in xfrm_dst

to -ENODEV (fortunately the IPv4 version warned about it). Signed-off-by: Herbert Xu [EMAIL PROTECTED] --- net/ipv4/xfrm4_policy.c | 13 + net/ipv6/xfrm6_policy.c | 15 ++- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4

[PATCH 9/11] [IPSEC]: Replace x-type-{local,remote}_addr with flags

-off-by: Herbert Xu [EMAIL PROTECTED] --- include/net/xfrm.h |4 ++-- net/ipv6/mip6.c | 11 ++- net/ipv6/xfrm6_policy.c | 20 3 files changed, 12 insertions(+), 23 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 688f6f5

<    5   6   7   8   9   10   11   12   13   14   >