) because I don't want be in a
situation down the track where every driver is going to add this
option so that they're not left behind in the arms race.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert
in general
that Dave raised. That is this may cause the proliferation of
TCP receiver behaviour that may be undesirable.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au
that the SA may not be present on
input. It's only used for IPComp where we may skip the IPComp
if the data is not compressible.
In other words the optional flag is really only meaningful on
inbuond policy checks.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI
the counters itself.
Of course if someone could merge that code so that NFS uses more
generic code then it's even better.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au
,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL
://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info
but all the current
callers are from TCP. If and when we get a non-TCP caller we
can always create a TCP wrapper for this function and move the
alignment over there.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL
}
So I think incrementing it in recvmsg is acceptable.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send
, perhaps that is no longer the case
on today's Internet :)
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send
,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL
://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
(); \
barrier(); \
preempt_check_resched(); \
} while (0)
when CONFIG_PREEMPT is enabled. So at least in this case the
cond_resched call is superfluous.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au
. Once
you do that packet schedulers can scribble all over skb-cb.
Also vlan_skb_recv should be moved out-of-line. It's absolutely
humongous. It'll generate tail-calls anyway so performance-wise
it's useless.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL
here as well.
Hmm, we really need to spend more time on merging stuff between
IPv4 and IPv6 to save all this duplication of effort.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http
not just converting ESP over to async, I'm also changing
it to use the AEAD interface which is needed for it to properly
support algorithms such as CCM.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP
:
[NETFILTER]: Introduce NF_INET_ hook values
It always evaluates to NF_INET_POST_ROUTING.
Signed-off-by: David S. Miller [EMAIL PROTECTED]
Thank you!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert
doesn't need this either, all it wants
is the guarantee that there is no tail room.
So this patch fixes this by adjusting the skb_reserve call so that
exactly the requested amount (which all callers have calculated in
a precise way) is made available as tail room.
Signed-off-by: Herbert Xu [EMAIL
Pavel!
Acked-by: Herbert Xu [EMAIL PROTECTED]
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe
? Was this made deliberately?
I think it's more of an oversight :)
Although it has no real impact because the only user that matters
here is IPv6 and it can't be unloaded.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http
-order
allocations which IMHO is a good thing :)
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line
)amt, SK_DATAGRAM_MEM_QUANTUM);
+}
+
Thanks, this looks OK to me.
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list
.
Actually netlink packets come with headers so we do allow chaining.
See netlink_rcv_skb for details.
We don't make use of that on recvmsg() though although theoretically
user-space is supposed to be ready to handle that too.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu
to process is black
magic.
IMHO preemption is the answer :) But failing that, a resched
is the next best thing.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au
tags. So it would seem logical to have it turn off VLAN filtering
too.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from
that the value
stored in it is only an unsigned long which is always atomic.
So based on his suggestion this patch changes the internal representation
from u64 to unsigned long while the user-interface still refers to it as
u64.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/xfrm.h
://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info
be encouraged
to convert e1000 to the new interface :)
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send
On Tue, Nov 13, 2007 at 10:27:13PM -0500, Hideo AOKI wrote:
Herbert Xu wrote:
+#define SK_DATAGRAM_MEM_QUANTUM ((int)PAGE_SIZE)
+
+static inline int sk_datagram_pages(int amt)
+{
+ return DIV_ROUND_UP(amt, SK_DATAGRAM_MEM_QUANTUM);
+}
Does this really have to be int? Unsigned
for async crypto.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/xfrm.h |1 -
net/ipv4/xfrm4_input.c | 11 +++
net/ipv4/xfrm4_output.c |2 ++
net/ipv4/xfrm4_state.c |1 -
net/ipv6/xfrm6_input.c |4 +++-
net/ipv6/xfrm6_output.c |3 ++-
net/ipv6
[IPSEC]: Add async resume support on input
This patch adds support for async resumptions on input. To do so, the
transform would return -EINPROGRESS and subsequently invoke the function
xfrm_input_resume to resume processing.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/xfrm.h
://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info
that the loop executes properly and we
don't end up nesting too deep and overrun the stack.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http
/snmp: Success
$
Should we remove it again or let it stay this time?
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from
it with -s as otherwise
it doesn't look at /proc/net/snmp.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send
?
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message
: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
On Mon, Oct 29, 2007 at 05:22:53PM -0400, Hideo AOKI wrote:
This patch introduces sndbuf size check before memory allocation for
send buffer.
Looks good, what about IPv6?
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http
optimise this to a simple shift.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe
. Although in future I'd prefer this
to use the forward alloc model used by stream sockets. In fact
we should be able to share most of that code too.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert
at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo
... for both IPv4 and IPv6?
Nice work! Thanks Patrick.
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line
[INET]: Give outer DSCP directly to ip*_copy_dscp
This patch changes the prototype of ipv4_copy_dscp and ipv6_copy_dscp so
that they directly take the outer DSCP rather than the outer IP header.
This will help us to unify the code for inter-family tunnels.
Signed-off-by: Herbert Xu [EMAIL
logic from the callers of xfrm_dst_lookup
which is needed to correctly support inter-family transforms.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/xfrm.h | 10 +---
net/ipv4/xfrm4_policy.c | 80 ++-
net/ipv6/xfrm6_policy.c | 97
to modify the inner IP header. In this way the input function
no longer has to know about the outer address family.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/xfrm.h | 27 +
net/ipv4/xfrm4_input.c |7 +++-
net/ipv4/xfrm4_mode_beet.c | 67
[IPSEC]: Add async resume support on output
This patch adds support for async resumptions on output. To do so, the
transform would return -EINPROGRESS and subsequently invoke the function
xfrm_output_resume to resume processing.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net
from removing duplicate code, it will also help in merging the
IPsec output path.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/ipv6.h |7 +++
net/ipv6/ip6_output.c| 35 +--
net/ipv6/ip6_tunnel.c|4
output code.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/dst.h |1
include/net/xfrm.h |1
net/ipv4/route.c|1
net/ipv4/xfrm4_output.c | 76 ++-
net/ipv4/xfrm4_policy.c |1
net/ipv4/xfrm4_state.c
[IPSEC]: Move state lock into x-type-input
This patch releases the lock on the state before calling x-type-input.
It also adds the lock to the spots where they're currently needed.
Most of those places (all except mip6) are expected to disappear with
async crypto.
Signed-off-by: Herbert Xu
.
It doesn't really matter in practice since few if any driver would react
differently depending on a zero return value or NET_RX_DROP.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/dst.h |1 +
net/core/dst.c|3 ++-
net/decnet/dn_route.c | 13 +
net
-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/xfrm.h |4 ++--
net/ipv6/mip6.c | 11 ++-
net/ipv6/xfrm6_policy.c | 20
3 files changed, 12 insertions(+), 23 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 58dfa82
-by: Herbert Xu [EMAIL PROTECTED]
---
net/ipv4/xfrm4_policy.c |5 +++--
net/ipv6/xfrm6_policy.c |6 --
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 5ee3a2f..7d250a1 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4
to -ENODEV (fortunately the IPv4 version warned about it).
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/ipv4/xfrm4_policy.c | 13 +
net/ipv6/xfrm6_policy.c | 15 ++-
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4
-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/dst.h |1 -
include/net/ip6_fib.h | 11 ---
net/ipv4/xfrm4_policy.c |1 -
net/ipv6/ip6_output.c |5 +++--
net/ipv6/xfrm6_policy.c |3 ++-
5 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/include
Hi Dave:
Here's a dump of what I've currently got in my IPsec tree.
It contains all the patches I've posted previously which are
yet to be merged.
The first 11 patches are unchanged from the previous posting.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI
.
To support this fully we'd also need to change the policy checks on input
to recognise a plain tunnel as a legal variant of an optional BEET transform.
This patch simply fails such constructions for now.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/ipv4/ipcomp.c | 20
EBADMSG (currently unused in the crypto layer) is used
to indicate a failed integrity check. In future this error can be
directly returned by the crypto layer once we switch to aead algorithms.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/ipv4/ah4.c|3 +--
net/ipv4/esp4.c
-family transforms where we
treat every xfrm dst in the bundle as if it belongs to the top family.
This patch also fixes a long-standing error-path bug where we may free the
xfrm states twice.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/xfrm.h | 11 +-
net/ipv4/xfrm4_policy.c
[IPSEC]: Set dst-input to dst_discard
The input function should never be invoked on IPsec dst objects. This is
because we don't apply IPsec on input until after we've made the routing
decision.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/ipv4/xfrm4_policy.c |3 ++-
net/ipv6
each transform.
In fact, it's much easier to just skip the stack completely and always
store to the security path. This is proven by the fact that this patch
actually shrinks the code.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/xfrm/xfrm_input.c | 42
[NET]: Remove unnecessary inclusion of dst.h
The file net/netevent.h only refers to struct dst_entry * so it doesn't
need to include dst.h. I've replaced it with a forward declaration.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/netevent.h |2 +-
1 files changed, 1
[IPSEC]: Use dst-header_len when resizing on output
Currently we use x-props.header_len when resizing on output. However,
if we're resizing at all we might as well go the whole hog and do it
for the whole dst.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/xfrm/xfrm_output.c |3
into them. This allows the correct ICMP
message to be sent as opposed to now where you might call icmp_send with
an IPv6 packet and vice versa.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/xfrm.h | 51 ++-
net/ipv4/xfrm4_mode_beet.c
over to it.
Apart from removing duplicate code, it will also help in merging the
IPsec output path once the same thing is done for IPv6.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/ip.h|6 +
include/net/ipip.h |5 +---
net/ipv4/igmp.c
into the output
function without causing a potential dead-lock should the ICMP error
somehow hit the same SA on transmission.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/ipv6/xfrm6_mode_ro.c |3 +++
net/xfrm/xfrm_output.c |8
2 files changed, 7 insertions(+), 4 deletions(-)
diff
input code.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/xfrm.h | 22
net/ipv4/xfrm4_input.c | 126 +
net/ipv4/xfrm4_state.c |1
net/ipv6/xfrm6_input.c | 118 +
net/ipv6
for incrementing and
decrementing header lengths in xfrm6_policy.c.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/ipv6/ip6_output.c |3 ++-
net/ipv6/xfrm6_policy.c | 26 --
2 files changed, 6 insertions(+), 23 deletions(-)
diff --git a/net/ipv6/ip6_output.c b/net
On Wed, Nov 07, 2007 at 05:17:42PM +0100, Ingo Oeser wrote:
Hi Herbert,
Herbert Xu schrieb:
diff --git a/net/ipv6/xfrm6_mode_ro.c b/net/ipv6/xfrm6_mode_ro.c
index a7bc8c6..4a01cb3 100644
--- a/net/ipv6/xfrm6_mode_ro.c
+++ b/net/ipv6/xfrm6_mode_ro.c
@@ -53,7 +54,9 @@ static int
to be tested with IS_ERR.
This is based on a patch by Vicenç Beltran Querol.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http
://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info
the code converting
all occurances of smp_read_barrier_depends to rcu_dereference.
In this instance the rcu_dereference conversion doesn't make much
sense so we should probably just revert it.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home
() be defending against?
The reading of rt from the hash bucket and the dereferencing above.
We need to make sure that we see the initialised rt.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http
in all case like the IPv4 code.
Signed-off-by: Mitsuru Chinen [EMAIL PROTECTED]
Looks good to me. Thanks for catching this!
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http
On Tue, Oct 30, 2007 at 08:40:02PM -0700, David Miller wrote:
I just checked the following bug fix into net-2.6
Thanks for getting to the bottom of this Dave! I seem to have
mistaken the = for a |= in sg_mark_end :)
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu
, we want to avoid divergent behaviour
between IPv4 and IPv6. So for changes like this we should
really modify both stacks in future rather than have each
stack do its own thing.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http
://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo
attached so this isn't new.
If it's a problem then we should just get it fixed.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Mon, Oct 29, 2007 at 09:16:27PM +0100, Jens Axboe wrote:
On Fri, Oct 26 2007, Herbert Xu wrote:
[CRYPTO] tcrypt: Move sg_init_table out of timing loops
This patch moves the sg_init_table out of the timing loops for hash
algorithms so that it doesn't impact on the speed test results
.
Sure. And I hope there will be a few more patches by then :)
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list
Hi Dave:
Here's a couple of patches to fix up the crypto users with
respect to the scatterlist change.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert
[CRYPTO] tcrypt: Move sg_init_table out of timing loops
This patch moves the sg_init_table out of the timing loops for hash
algorithms so that it doesn't impact on the speed test results.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
crypto/tcrypt.c | 20 ++--
1 files
[CRYPTO] users: Fix up scatterlist conversion errors
This patch fixes the errors made in the users of the crypto layer during
the sg_init_table conversion. It also adds a few conversions that were
missing altogether.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
drivers/crypto/padlock-sha.c
into them. This allows the correct ICMP
message to be sent as opposed to now where you might call icmp_send with
an IPv6 packet and vice versa.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/xfrm.h | 50 ++-
net/ipv4/xfrm4_mode_beet.c
://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo
.
To support this fully we'd also need to change the policy checks on input
to recognise a plain tunnel as a legal variant of an optional BEET transform.
This patch simply fails such constructions for now.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/ipv4/ipcomp.c | 19 +++
net
into the output
function without causing a potential dead-lock should the ICMP error
somehow hit the same SA on transmission.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/ipv6/xfrm6_mode_ro.c |3 +++
net/xfrm/xfrm_output.c |8
2 files changed, 7 insertions(+), 4 deletions(-)
diff
is missing, is it ?
Indeed it is. I'm going to fix this and repost all 3 patches.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Florin Andrei [EMAIL PROTECTED] wrote:
OK, if I download 2.6.24-rc1, will it have this feature already?
Yes.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au
On Wed, Oct 17, 2007 at 09:10:02AM +0800, Herbert Xu wrote:
Any chance you could include the NAT patch for the next release?
[TC]: Add NAT action
This patch adds the parser for the nat action which is used
for stateless NAT.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
Hi Stephen
!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL
://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
for incrementing and
decrementing header lengths in xfrm6_policy.c.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/ipv6/ip6_output.c |3 ++-
net/ipv6/xfrm6_policy.c | 26 --
2 files changed, 6 insertions(+), 23 deletions(-)
diff --git a/net/ipv6/ip6_output.c b/net
[IPSEC]: Use dst-header_len when resizing on output
Currently we use x-props.header_len when resizing on output. However,
if we're resizing at all we might as well go the whole hog and do it
for the whole dst.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/xfrm/xfrm_output.c |3
-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/dst.h |1 -
include/net/ip6_fib.h | 11 ---
net/ipv4/xfrm4_policy.c |1 -
net/ipv6/ip6_output.c |5 +++--
net/ipv6/xfrm6_policy.c |3 ++-
5 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/include
.
It doesn't really matter in practice since few if any driver would react
differently depending on a zero return value or NET_RX_DROP.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/dst.h |1 +
net/core/dst.c|3 ++-
net/decnet/dn_route.c | 13 +
net
[NET]: Remove unnecessary inclusion of dst.h
The file net/netevent.h only refers to struct dst_entry * so it doesn't
need to include dst.h. I've replaced it with a forward declaration.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/netevent.h |2 +-
1 files changed, 1
-by: Herbert Xu [EMAIL PROTECTED]
---
net/ipv4/xfrm4_policy.c |5 +++--
net/ipv6/xfrm6_policy.c |6 --
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 5ee3a2f..7d250a1 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4
[IPSEC]: Set dst-input to dst_discard
The input function should never be invoked on IPsec dst objects. This is
because we don't apply IPsec on input until after we've made the routing
decision.
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/ipv4/xfrm4_policy.c |3 ++-
net/ipv6
to -ENODEV (fortunately the IPv4 version warned about it).
Signed-off-by: Herbert Xu [EMAIL PROTECTED]
---
net/ipv4/xfrm4_policy.c | 13 +
net/ipv6/xfrm6_policy.c | 15 ++-
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4
-off-by: Herbert Xu [EMAIL PROTECTED]
---
include/net/xfrm.h |4 ++--
net/ipv6/mip6.c | 11 ++-
net/ipv6/xfrm6_policy.c | 20
3 files changed, 12 insertions(+), 23 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 688f6f5
901 - 1000 of 2197 matches
Mail list logo