04 Apr, 2015
1 commit
-
The ipv4 code uses a mixture of coding styles. In some instances check
for NULL pointer is done as x == NULL and sometimes as !x. !x is
preferred according to checkpatch and this patch makes the code
consistent by adopting the latter form.No changes detected by objdiff.
Signed-off-by: Ian Morris
Signed-off-by: David S. Miller
25 Feb, 2014
1 commit
-
Switch ipcomp4 to use the new IPsec protocol multiplexer.
Signed-off-by: Steffen Klassert
03 Jun, 2013
1 commit
-
This reverts commit 05ab86c5 (xfrm4: Invalidate all ipv4 routes on
IPsec pmtu events). Flushing all cached entries is not needed.Instead, invalidate only the related next hop dsts to recheck for
the added next hop exception where needed. This also fixes a subtle
race due to bumping generation id's before updating the pmtu.Cc: Steffen Klassert
Signed-off-by: Timo Teräs
Signed-off-by: David S. Miller
06 Mar, 2013
1 commit
-
By default, DSCP is copying during encapsulation.
Copying the DSCP in IPsec tunneling may be a bit dangerous because packets with
different DSCP may get reordered relative to each other in the network and then
dropped by the remote IPsec GW if the reordering becomes too big compared to the
replay window.It is possible to avoid this copy with netfilter rules, but it's very convenient
to be able to configure it for each SA directly.This patch adds a toogle for this purpose. By default, it's not set to maintain
backward compatibility.Field flags in struct xfrm_usersa_info is full, hence I add a new attribute.
Signed-off-by: Nicolas Dichtel
Signed-off-by: Steffen Klassert
05 Feb, 2013
1 commit
-
This module is namespace aware, netns_ok was just disabled by default
for sanity.Signed-off-by: David S. Miller
21 Jan, 2013
1 commit
-
On IPsec pmtu events we can't access the transport headers of
the original packet, so we can't find the socket that sent
the packet. The only chance to notify the socket about the
pmtu change is to force a relookup for all routes. This
patch implenents this for the IPsec protocols.Signed-off-by: Steffen Klassert
12 Jul, 2012
1 commit
-
Signed-off-by: David S. Miller
15 Jun, 2012
1 commit
-
With ip_rt_frag_needed() removed, we have to explicitly update PMTU
information in every ICMP error handler.Create two helper functions to facilitate this.
1) ipv4_sk_update_pmtu()
This updates the PMTU when we have a socket context to
work with.2) ipv4_update_pmtu()
Raw version, used when no socket context is available. For this
interface, we essentially just pass in explicit arguments for
the flow identity information we would have extracted from the
socket.And you'll notice that ipv4_sk_update_pmtu() is simply implemented
in terms of ipv4_update_pmtu()Note that __ip_route_output_key() is used, rather than something like
ip_route_output_flow() or ip_route_output_key(). This is because we
absolutely do not want to end up with a route that does IPSEC
encapsulation and the like. Instead, we only want the route that
would get us to the node described by the outermost IP header.Reported-by: Steffen Klassert
Signed-off-by: David S. Miller
12 Mar, 2012
1 commit
-
Use a more current kernel messaging style.
Convert a printk block to print_hex_dump.
Coalesce formats, align arguments.
Use %s, __func__ instead of embedding function names.Some messages that were prefixed with _close are
now prefixed with _fini. Some ah4 and esp messages
are now not prefixed with "ip ".The intent of this patch is to later add something like
#define pr_fmt(fmt) "IPv4: " fmt.
to standardize the output messages.Text size is trivially reduced. (x86-32 allyesconfig)
$ size net/ipv4/built-in.o*
text data bss dec hex filename
887888 31558 249696 1169142 11d6f6 net/ipv4/built-in.o.new
887934 31558 249800 1169292 11d78c net/ipv4/built-in.o.oldSigned-off-by: Joe Perches
Signed-off-by: David S. Miller
23 Apr, 2011
1 commit
-
Add const qualifiers to structs iphdr, ipv6hdr and in6_addr pointers
where possible, to make code intention more obvious.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
23 Feb, 2010
1 commit
-
pass mark to all SA lookups to prepare them for when we add code
to have them search.Signed-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller
17 Feb, 2010
2 commits
-
When ipcomp_tunnel_attach fails we will call ipcomp_destroy twice.
This may lead to double-frees on certain structures.As there is no reason to explicitly call ipcomp_destroy, this patch
removes it from ipcomp*.c and lets the standard xfrm_state destruction
take place.This is based on the discovery and patch by Alexey Dobriyan.
Tested-by: Alexey Dobriyan
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
28 Jan, 2010
1 commit
-
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
15 Sep, 2009
1 commit
-
Remove long removed "inet_protocol_base" declaration.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
26 Nov, 2008
2 commits
-
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
To avoid unnecessary complications with passing netns around.
* set once, very early after allocating
* once set, never changesFor a while create every xfrm_state in init_net.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
31 Oct, 2008
1 commit
-
Using NIPQUAD() with NIPQUAD_FMT, %d.%d.%d.%d or %u.%u.%u.%u
can be replaced with %pI4Signed-off-by: Harvey Harrison
Signed-off-by: David S. Miller
27 Jul, 2008
1 commit
-
net/ipv4/ipcomp.c: In function ‘ipcomp4_init_state’:
net/ipv4/ipcomp.c:109: warning: unused variable ‘calg_desc’
net/ipv4/ipcomp.c:108: warning: unused variable ‘ipcd’
net/ipv4/ipcomp.c:107: warning: ‘err’ may be used uninitialized in this function
net/ipv6/ipcomp6.c: In function ‘ipcomp6_init_state’:
net/ipv6/ipcomp6.c:139: warning: unused variable ‘calg_desc’
net/ipv6/ipcomp6.c:138: warning: unused variable ‘ipcd’
net/ipv6/ipcomp6.c:137: warning: ‘err’ may be used uninitialized in this functionSigned-off-by: David S. Miller
25 Jul, 2008
1 commit
-
This patch merges the IPv4/IPv6 IPComp implementations since most
of the code is identical. As a result future enhancements will no
longer need to be duplicated.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
19 Apr, 2008
1 commit
-
None of these files use any of the functionality promised by
asm/semaphore.h. It's possible that they rely on it dragging in some
unrelated header file, but I can't build all these files, so we'll have
fix any build failures as they come up.Signed-off-by: Matthew Wilcox
14 Apr, 2008
1 commit
-
And use %u to format port.
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
29 Feb, 2008
1 commit
-
Because we use shared tfm objects in order to conserve memory,
(each tfm requires 128K of vmalloc memory), BH needs to be turned
off on output as that can occur in process context.Previously this was done implicitly by the xfrm output code.
That was lost when it became lockless. So we need to add the
BH disabling to IPComp directly.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
01 Feb, 2008
2 commits
-
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
When I moved the nexthdr setting out of IPComp I accidently moved
the reading of ipch->nexthdr after the decompression. Unfortunately
this means that we'd be reading from a stale ipch pointer which
doesn't work very well.This patch moves the reading up so that we get the correct nexthdr
value.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
29 Jan, 2008
1 commit
-
While BEET can theoretically work with IPComp the current code can't
do that because it tries to construct a BEET mode tunnel type which
doesn't (and cannot) exist. In fact as it is it won't even attach a
tunnel object at all for BEET which is bogus.To support this fully we'd also need to change the policy checks on
input to recognise a plain tunnel as a legal variant of an optional
BEET transform.This patch simply fails such constructions for now.
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
07 Nov, 2007
1 commit
-
The function crypto_alloc_comp returns an errno instead of NULL
to indicate error. So it needs to be tested with IS_ERR.This is based on a patch by Vicenç Beltran Querol.
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
02 Nov, 2007
1 commit
-
Not architecture specific code should not #include .
This patch therefore either replaces them with
#include or simply removes them if they were
unused.Signed-off-by: Adrian Bunk
Signed-off-by: Jens Axboe
11 Oct, 2007
5 commits
-
This patch makes the IPv4 x->type->input functions return the next protocol
instead of setting it directly. This is identical to how we do things in
IPv6 and will help us merge common code on the input path.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch moves the setting of the IP length and checksum fields out of
the transforms and into the xfrmX_output functions. This would help future
efforts in merging the transforms themselves.It also adds an optimisation to ipcomp due to the fact that the transport
offset is guaranteed to be zero.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch removes the duplicate ipv6_{auth,esp,comp}_hdr structures since
they're identical to the IPv4 versions. Duplicating them would only create
problems for ourselves later when we need to add things like extended
sequence numbers.I've also added transport header type conversion headers for these types
which are now used by the transforms.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
The IPv6 calling convention for x->mode->output is more general and could
help an eventual protocol-generic x->type->output implementation. This
patch adopts it for IPv4 as well and modifies the IPv4 type output functions
accordingly.It also rewrites the IPv6 mac/transport header calculation to be based off
the network header where practical.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch changes the calling convention so that on entry from
x->mode->output and before entry into x->type->output skb->data
will point to the payload instead of the IP header.This is essentially a redistribution of skb_push/skb_pull calls
with the aim of minimising them on the common path of tunnel +
ESP.It'll also let us use the same calling convention between IPv4
and IPv6 with the next patch.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
11 Jul, 2007
1 commit
-
It is clean-up for XFRM type modules and adds aliases with its
protocol:
ESP, AH, IPCOMP, IPIP and IPv6 for IPsec
ROUTING and DSTOPTS for MIPv6It is almost the same thing as XFRM mode alias, but it is added
new defines XFRM_PROTO_XXX for preprocessing since some protocols
are defined as enum.Signed-off-by: Masahide NAKAMURA
Acked-by: Ingo Oeser
Signed-off-by: David S. Miller
26 Apr, 2007
4 commits
-
To clearly state the intent of copying to linear sk_buffs, _offset being a
overly long variant but interesting for the sake of saving some bytes.Signed-off-by: Arnaldo Carvalho de Melo
-
Renaming skb->h to skb->transport_header, skb->nh to skb->network_header and
skb->mac to skb->mac_header, to match the names of the associated helpers
(skb[_[re]set]_{transport,network,mac}_header).Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller
11 Feb, 2007
1 commit
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
04 Oct, 2006
1 commit
-
This patch introduces the BEET mode (Bound End-to-End Tunnel) with as
specified by the ietf draft at the following link:http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-06.txt
The patch provides only single family support (i.e. inner family =
outer family).Signed-off-by: Diego Beltrami
Signed-off-by: Miika Komu
Signed-off-by: Herbert Xu
Signed-off-by: Abhinav Pathak
Signed-off-by: Jeff Ahrenholz
Signed-off-by: David S. Miller