18 Jun, 2009
1 commit
-
commit 2b85a34e911bf483c27cfdd124aeb1605145dc80
(net: No more expensive sock_hold()/sock_put() on each tx)
changed initial sk_wmem_alloc value.We need to take into account this offset when reporting
sk_wmem_alloc to user, in PROC_FS files or various
ioctls (SIOCOUTQ/TIOCOUTQ)Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
27 Feb, 2009
1 commit
-
Remove some pointless conditionals before kfree_skb().
Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller
26 Jan, 2009
1 commit
-
Currently encap_oa is left uninitialized, so it contains garbage data which
is visible to userland via Netlink. Initialize it by zeroing it out.Signed-off-by: Timo Teras
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
26 Nov, 2008
14 commits
-
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
* interaction with userspace -- take netns from userspace socket.
* in ->notify hook take netns either from SA or explicitly passed --
we don't know if SA/SPD flush is coming.
* stub policy migration with init_net for now.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
* netns boilerplate
* keep per-netns socket list
* keep per-netns number of socketsSigned-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
SA and SPD flush are executed with NULL SA and SPD respectively, for
these cases pass netns explicitly from userspace socket.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Add netns parameter to xfrm_policy_bysel_ctx(), xfrm_policy_byidx().
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Again, to avoid complications with passing netns when not necessary.
Again, ->xp_net is set-once field, once set it never changes.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Disallow spurious wakeups in __xfrm_lookup().
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
To avoid unnecessary complications with passing netns around.
* set once, very early after allocating
* once set, never changesFor a while create every xfrm_state in init_net.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
07 Nov, 2008
1 commit
-
xfrm_policy_destroy() will oops if not dead policy is passed to it.
On error path in pfkey_compile_policy() exactly this happens.Oopsable for CAP_NET_ADMIN owners.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
01 Nov, 2008
1 commit
-
Steps to reproduce:
#/usr/sbin/setkey -f
flush;
spdflush;add 192.168.0.42 192.168.0.1 ah 24500 -A hmac-md5 "1234567890123456";
add 192.168.0.42 192.168.0.1 esp 24501 -E 3des-cbc "123456789012123456789012";spdadd 192.168.0.42 192.168.0.1 any -P out ipsec
esp/transport//require
ah/transport//require;setkey: invalid keymsg length
Policy dump will bail out with the same message after that.
-recv(4, "\2\16\0\0\32\0\3\0\0\0\0\0\37\r\0\0\3\0\5\0\377 \0\0\2\0\0\0\300\250\0*\0"..., 32768, 0) = 208
+recv(4, "\2\16\0\0\36\0\3\0\0\0\0\0H\t\0\0\3\0\5\0\377 \0\0\2\0\0\0\300\250\0*\0"..., 32768, 0) = 208Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
11 Oct, 2008
1 commit
-
When deleting an SPD entry using SADB_X_SPDDELETE, c.data.byid is not
initialized to zero in pfkey_spddelete(). Thus, key_notify_policy()
responds with a PF_KEY message of type SADB_X_SPDDELETE2 instead of
SADB_X_SPDDELETE.Signed-off-by: Tobias Brunner
Signed-off-by: David S. Miller
06 Oct, 2008
1 commit
-
Provides implementation of the enhancements of XFRM/PF_KEY MIGRATE mechanism
specified in draft-ebalard-mext-pfkey-enhanced-migrate-00. Defines associated
PF_KEY SADB_X_EXT_KMADDRESS extension and XFRM/netlink XFRMA_KMADDRESS
attribute.Signed-off-by: Arnaud Ebalard
Signed-off-by: David S. Miller
01 Oct, 2008
2 commits
-
Herbert Xu came up with the idea and the original patch to make
xfrm_state dump list contain also dumpers:As it is we go to extraordinary lengths to ensure that states
don't go away while dumpers go to sleep. It's much easier if
we just put the dumpers themselves on the list since they can't
go away while they're going.I've also changed the order of addition on new states to prevent
a never-ending dump.Timo Teräs improved the patch to apply cleanly to latest tree,
modified iteration code to be more readable by using a common
struct for entries in the list, implemented the same idea for
xfrm_policy dumping and moved the af_key specific "last" entry
caching to af_key.Signed-off-by: Herbert Xu
Signed-off-by: Timo Teras
Signed-off-by: David S. Miller -
Fix a xfrm_{state,policy}_walk leak if pfkey socket is closed while
dumping is on-going.Signed-off-by: Timo Teras
Signed-off-by: David S. Miller
26 Jul, 2008
1 commit
-
Removes legacy reinvent-the-wheel type thing. The generic
machinery integrates much better to automated debugging aids
such as kerneloops.org (and others), and is unambiguous due to
better naming. Non-intuively BUG_TRAP() is actually equal to
WARN_ON() rather than BUG_ON() though some might actually be
promoted to BUG_ON() but I left that to future.I could make at least one BUILD_BUG_ON conversion.
Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller
14 Jun, 2008
1 commit
-
Conflicts:
drivers/net/smc911x.c
12 Jun, 2008
4 commits
-
Signed-off-by: YOSHIFUJI Hideaki
-
Signed-off-by: YOSHIFUJI Hideaki
-
Signed-off-by: YOSHIFUJI Hideaki
-
Signed-off-by: YOSHIFUJI Hideaki
11 Jun, 2008
1 commit
-
When pfkey has no km listeners, it still does a lot of work
before finding out there aint nobody out there.
If a tree falls in a forest and no one is around to hear it, does it make
a sound? In this case it makes a lot of noise:
With this short-circuit adding 10s of thousands of SAs using
netlink improves performance by ~10%.Signed-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller
22 May, 2008
1 commit
-
This propagates the xfrm_user fix made in commit
bcf0dda8d2408fe1c1040cdec5a98e5fcad2ac72 ("[XFRM]: xfrm_user: fix
selector family initialization")Based upon a bug report from, and tested by, Alan Swanson.
Signed-off-by: Kazunori MIYAZAWA
Signed-off-by: David S. Miller
28 Apr, 2008
1 commit
-
Previously I added sessionid output to all audit messages where it was
available but we still didn't know the sessionid of the sender of
netlink messages. This patch adds that information to netlink messages
so we can audit who sent netlink messages.Signed-off-by: Eric Paris
Signed-off-by: Al Viro
25 Apr, 2008
1 commit
-
net/key/af_key.c: In function ‘pfkey_spddelete’:
net/key/af_key.c:2359: warning: ‘pol_ctx’ may be used uninitialized in
this functionWhen CONFIG_SECURITY_NETWORK_XFRM isn't set,
security_xfrm_policy_alloc() is an inline that doesn't set pol_ctx, so
this seemed like the easiest fix short of using *uninitialized_var(pol_ctx).Signed-off-by: Brian Haley
Signed-off-by: David S. Miller
22 Apr, 2008
1 commit
-
As it stands it's impossible to use any authentication algorithms
with an ID above 31 portably. It just happens to work on x86 but
fails miserably on ppc64.The reason is that we're using a bit mask to check the algorithm
ID but the mask is only 32 bits wide.After looking at how this is used in the field, I have concluded
that in the long term we should phase out state matching by IDs
because this is made superfluous by the reqid feature. For current
applications, the best solution IMHO is to allow all algorithms when
the bit masks are all ~0.The following patch does exactly that.
This bug was identified by IBM when testing on the ppc64 platform
using the NULL authentication algorithm which has an ID of 251.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
13 Apr, 2008
1 commit
-
The xfrm_get_policy() and xfrm_add_pol_expire() put some rather large structs
on the stack to work around the LSM API. This patch attempts to fix that
problem by changing the LSM API to require only the relevant "security"
pointers instead of the entire SPD entry; we do this for all of the
security_xfrm_policy*() functions to keep things consistent.Signed-off-by: Paul Moore
Acked-by: James Morris
Signed-off-by: David S. Miller
28 Mar, 2008
1 commit
-
Conflicts:
drivers/net/usb/rndis_host.c
drivers/net/wireless/b43/dma.c
net/ipv6/ndisc.c
25 Mar, 2008
1 commit
-
Signed-off-by: Kazunori MIYAZAWA
Signed-off-by: David S. Miller
04 Mar, 2008
1 commit
-
Stop dumping of entries when af_key socket receive queue is getting
full and continue it later when there is more room again.This fixes dumping of large databases. Currently the entries not
fitting into the receive queue are just dropped (including the
end-of-dump message) which can confuse applications.Signed-off-by: Timo Teras
Signed-off-by: David S. Miller
29 Feb, 2008
1 commit
-
Change xfrm_policy and xfrm_state walking algorithm from O(n^2) to O(n).
This is achieved adding the entries to one more list which is used
solely for walking the entries.This also fixes some races where the dump can have duplicate or missing
entries when the SPD/SADB is modified during an ongoing dump.Dumping SADB with 20000 entries using "time ip xfrm state" the sys
time dropped from 1.012s to 0.080s.Signed-off-by: Timo Teras
Signed-off-by: David S. Miller
27 Feb, 2008
1 commit
-
To make sure the procfs visibility occurs after the ->proc_fs ops are
setup, use proc_net_fops_create() and proc_net_remove().This also fixes an OOPS after module unload in that the name string
for remove was wrong, so it wouldn't actually be removed. That bug
was introduced by commit 61145aa1a12401ac71bcc450a58c773dd6e2bfb9
("[KEY]: Clean up proc files creation a bit.")Signed-off-by: David S. Miller