29 Jan, 2008

2 commits

• d26f39840   [IPSEC]: Make x->lastused an unsigned long ... Browse Code »

  Currently x->lastused is u64 which means that it cannot be
  read/written atomically on all architectures. David Miller observed
  that the value stored in it is only an unsigned long which is always
  atomic.

  So based on his suggestion this patch changes the internal
  representation from u64 to unsigned long while the user-interface
  still refers to it as u64.

  Signed-off-by: Herbert Xu
  Signed-off-by: David S. Miller

  Herbert Xu

  2008-01-29 06:53:52 +0800  
• a2deb6d26   [IPSEC]: Move x->outer_mode->output out of locked section ... Browse Code »

  RO mode is the only one that requires a locked output function. So
  it's easier to move the lock into that function rather than requiring
  everyone else to run under the lock.

  In particular, this allows us to move the size check into the output
  function without causing a potential dead-lock should the ICMP error
  somehow hit the same SA on transmission.

  Signed-off-by: Herbert Xu
  Signed-off-by: David S. Miller

  Herbert Xu

  2008-01-29 06:53:44 +0800  

18 Oct, 2007

1 commit

• ca68145f1   [IPSEC]: Disallow combinations of RO and AH/ESP/IPCOMP ... Browse Code »

  Combining RO and AH/ESP/IPCOMP does not make sense. So this patch adds a
  check in the state initialisation function to prevent this.

  This allows us to safely remove the mode input function of RO since it
  can never be called anymore. Indeed, if somehow it does get called we'll
  know about it through an OOPS instead of it slipping past silently.

  Signed-off-by: Herbert Xu
  Signed-off-by: David S. Miller

  Herbert Xu

  2007-10-18 12:35:15 +0800  

11 Oct, 2007

4 commits

• 37fedd3aa   [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output ... Browse Code »

  The IPv6 calling convention for x->mode->output is more general and could
  help an eventual protocol-generic x->type->output implementation. This
  patch adopts it for IPv4 as well and modifies the IPv4 type output functions
  accordingly.

  It also rewrites the IPv6 mac/transport header calculation to be based off
  the network header where practical.

  Signed-off-by: Herbert Xu
  Signed-off-by: David S. Miller

  Herbert Xu

  2007-10-11 07:55:54 +0800  
• 7b277b1a5   [IPSEC]: Set skb->data to payload in x->mode->output ... Browse Code »

  This patch changes the calling convention so that on entry from
  x->mode->output and before entry into x->type->output skb->data
  will point to the payload instead of the IP header.

  This is essentially a redistribution of skb_push/skb_pull calls
  with the aim of minimising them on the common path of tunnel +
  ESP.

  It'll also let us use the same calling convention between IPv4
  and IPv6 with the next patch.

  Signed-off-by: Herbert Xu
  Signed-off-by: David S. Miller

  Herbert Xu

  2007-10-11 07:55:54 +0800  
• 007f0211a   [IPSEC]: Store IPv6 nh pointer in mac_header on output ... Browse Code »

  Current the x->mode->output functions store the IPv6 nh pointer in the
  skb network header. This is inconvenient because the network header then
  has to be fixed up before the packet can leave the IPsec stack. The mac
  header field is unused on output so we can use that to store this instead.

  This patch does that and removes the network header fix-up in xfrm_output.

  It also uses ipv6_hdr where appropriate in the x->type->output functions.

  There is also a minor clean-up in esp4 to make it use the same code as
  esp6 to help any subsequent effort to merge the two.

  Lastly it kills two redundant skb_set_* statements in BEET that were
  simply copied over from transport mode.

  Signed-off-by: Herbert Xu
  Signed-off-by: David S. Miller

  Herbert Xu

  2007-10-11 07:55:00 +0800  
• 45b17f48e   [IPSEC]: Move RO-specific output code into xfrm6_mode_ro.c ... Browse Code »

  The lastused update check in xfrm_output can be done just as well in
  the mode output function which is specific to RO.

  Signed-off-by: Herbert Xu
  Signed-off-by: David S. Miller

  Herbert Xu

  2007-10-11 07:54:56 +0800  

26 Apr, 2007

3 commits

• ddc7b8e32   [SK_BUFF]: Some more layer header conversions ... Browse Code »

  Signed-off-by: Arnaldo Carvalho de Melo
  Signed-off-by: David S. Miller

  Arnaldo Carvalho de Melo

  2007-04-26 13:26:03 +0800  
• 967b05f64   [SK_BUFF]: Introduce skb_set_transport_header ... Browse Code »

  For the cases where the transport header is being set to a offset from
  skb->data.

  Signed-off-by: Arnaldo Carvalho de Melo
  Signed-off-by: David S. Miller

  Arnaldo Carvalho de Melo

  2007-04-26 13:25:17 +0800  
• 0660e03f6   [SK_BUFF]: Introduce ipv6_hdr(), remove skb->nh.ipv6h ... Browse Code »

  Now the skb->nh union has just one member, .raw, i.e. it is just like the
  skb->mac union, strange, no? I'm just leaving it like that till the transport
  layer is done with, when we'll rename skb->mac.raw to skb->mac_header (or
  ->mac_header_offset?), ditto for ->{h,nh}.

  Signed-off-by: Arnaldo Carvalho de Melo
  Signed-off-by: David S. Miller

  Arnaldo Carvalho de Melo

  2007-04-26 13:25:14 +0800  

23 Sep, 2006

2 commits

• eb878e845   [IPSEC]: output mode to take an xfrm state as input param ... Browse Code »

  Expose IPSEC modes output path to take an xfrm state as input param.
  This makes it consistent with the input mode processing (which already
  takes the xfrm state as a param).

  Signed-off-by: Jamal Hadi Salim
  Signed-off-by: David S. Miller

  Jamal Hadi Salim

  2006-09-23 06:18:48 +0800  
• 1d71627d6   [XFRM] STATE: Introduce route optimization mode. ... Browse Code »

  Route optimization is used with routing header and destination options
  header for Mobile IPv6.

  At outbound it makes header space like IPsec transport. At inbound it
  does nothing because exhdrs.c functions have responsibility to update
  skbuff information for these headers.

  Signed-off-by: Masahide NAKAMURA
  Signed-off-by: YOSHIFUJI Hideaki
  Signed-off-by: David S. Miller

  Masahide NAKAMURA

  2006-09-23 06:06:37 +0800