24 Feb, 2010
1 commit
-
When we clone the SP, we should also clone the mark.
Useful for socket based SPs.Signed-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller
23 Feb, 2010
2 commits
-
Allow mark to be used when doing SP lookup
Signed-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller -
pass mark to all SP lookups to prepare them for when we add code
to have them search.Signed-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller
20 Feb, 2010
1 commit
-
To see the effect make sure you have an empty SPD.
On window1 "ip xfrm mon" and on window2 issue "ip xfrm policy flush"
You get prompt back in window2 and you see the flush event on window1.
With this fix, you still get prompt on window1 but no event on window2.Thanks to Alexey Dobriyan for finding a bug in earlier version
when using pfkey to do the flushing.Signed-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller
19 Feb, 2010
1 commit
-
XFRMINHDRERROR counter is ambigous when validating forwarding
path. It makes it tricky to debug when you have both in and fwd
validation.Signed-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller
18 Feb, 2010
1 commit
-
As reported by Alexey Dobriyan:
--------------------
setkey now takes several seconds to run this simple script
and it spits "recv: Resource temporarily unavailable" messages.#!/usr/sbin/setkey -f
flush;
spdflush;add A B ipcomp 44 -m tunnel -C deflate;
add B A ipcomp 45 -m tunnel -C deflate;spdadd A B any -P in ipsec
ipcomp/tunnel/192.168.1.2-192.168.1.3/use;
spdadd B A any -P out ipsec
ipcomp/tunnel/192.168.1.3-192.168.1.2/use;
--------------------Obviously applications want the events even when the table
is empty. So we cannot make this behavioral change.Signed-off-by: David S. Miller
17 Feb, 2010
1 commit
-
Add __percpu sparse annotations to net.
These annotations are to make sparse consider percpu variables to be
in a different address space and warn if accessed without going
through percpu accessors. This patch doesn't affect normal builds.The macro and type tricks around snmp stats make things a bit
interesting. DEFINE/DECLARE_SNMP_STAT() macros mark the target field
as __percpu and SNMP_UPD_PO_STATS() macro is updated accordingly. All
snmp_mib_*() users which used to cast the argument to (void **) are
updated to cast it to (void __percpu **).Signed-off-by: Tejun Heo
Acked-by: David S. Miller
Cc: Patrick McHardy
Cc: Arnaldo Carvalho de Melo
Cc: Vlad Yasevich
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller
16 Feb, 2010
1 commit
-
Observed similar behavior on SPD as previouly seen on SAD flushing..
This fixes it.cheers,
jamal
commit 428b20432dc31bc2e01a94cd451cf5a2c00d2bf4
Author: Jamal Hadi Salim
Date: Thu Feb 11 05:49:38 2010 -0500xfrm: Flushing empty SPD generates false events
To see the effect make sure you have an empty SPD.
On window1 "ip xfrm mon" and on window2 issue "ip xfrm policy flush"
You get prompt back in window1 and you see the flush event on window2.
With this fix, you still get prompt on window1 but no event on window2.Signed-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller
25 Jan, 2010
1 commit
-
GC is non-existent in netns, so after you hit GC threshold, no new
dst entries will be created until someone triggers cleanup in init_net.Make xfrm4_dst_ops and xfrm6_dst_ops per-netns.
This is not done in a generic way, because it woule waste
(AF_MAX - 2) * sizeof(struct dst_ops) bytes per-netns.Reorder GC threshold initialization so it'd be done before registering
XFRM policies.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
24 Jan, 2010
1 commit
-
"ip xfrm state|policy count" report SA/SP count from init_net,
not from netns of caller process.Signed-off-by: Alexey Dobriyan
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
27 Dec, 2009
1 commit
-
Signed-off-by: Ralf Baechle
net/xfrm/xfrm_policy.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Signed-off-by: David S. Miller
03 Jun, 2009
1 commit
-
Define three accessors to get/set dst attached to a skb
struct dst_entry *skb_dst(const struct sk_buff *skb)
void skb_dst_set(struct sk_buff *skb, struct dst_entry *dst)
void skb_dst_drop(struct sk_buff *skb)
This one should replace occurrences of :
dst_release(skb->dst)
skb->dst = NULL;Delete skb->dst field
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
03 Dec, 2008
3 commits
-
Used __xfrm_policy_unlink() to instead of the dup codes when unlink
SPD entry.Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller -
After flush the SPD entries, dump the SPD entries will cause kernel painc.
Used the following commands to reproduct:
- echo 'spdflush;' | setkey -c
- echo 'spdadd 3ffe:501:ffff:ff01::/64 3ffe:501:ffff:ff04::/64 any -P out ipsec \
ah/tunnel/3ffe:501:ffff:ff00:200:ff:fe00:b0b0-3ffe:501:ffff:ff02:200:ff:fe00:a1a1/require;\
spddump;' | setkey -c
- echo 'spdflush; spddump;' | setkey -c
- echo 'spdadd 3ffe:501:ffff:ff01::/64 3ffe:501:ffff:ff04::/64 any -P out ipsec \
ah/tunnel/3ffe:501:ffff:ff00:200:ff:fe00:b0b0-3ffe:501:ffff:ff02:200:ff:fe00:a1a1/require;\
spddump;' | setkey -cThis is because when flush the SPD entries, the SPD entry is not remove
from the list.This patch fix the problem by remove the SPD entry from the list.
Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller
26 Nov, 2008
25 commits
-
Make
net.core.xfrm_aevent_etime
net.core.xfrm_acq_expires
net.core.xfrm_aevent_rseqth
net.core.xfrm_larval_dropsysctls per-netns.
For that make net_core_path[] global, register it to prevent two
/proc/net/core antries and change initcall position -- xfrm_init() is called
from fs_initcall, so this one should be fs_initcall at least.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
SA/SPD doesn't pin netns (and it shouldn't), so get rid of them by hand.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Pass netns pointer to struct xfrm_policy_afinfo::garbage_collect()
[This needs more thoughts on what to do with dst_ops]
[Currently stub to init_net]Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Allow netdevice notifier as result.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Pass netns to xfrm_lookup()/__xfrm_lookup(). For that pass netns
to flow_cache_lookup() and resolver callback.Take it from socket or netdevice. Stub DECnet to init_net.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Add netns parameter to xfrm_policy_bysel_ctx(), xfrm_policy_byidx().
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Take netns from xfrm_state or xfrm_policy.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Per-netns hashes are independently resizeable.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Again, to avoid complications with passing netns when not necessary.
Again, ->xp_net is set-once field, once set it never changes.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller