On 9/22/06, Evgeniy Polyakov [EMAIL PROTECTED] wrote:
The only two things missed in patchset after his suggestions are
new POSIX-like interface, which I personally consider as very unconvenient,
This means you really do not know at all what this is about. We
already have these interfaces.
[Bah, sent too eaqrly]
On 9/22/06, Evgeniy Polyakov [EMAIL PROTECTED] wrote:
The only two things missed in patchset after his suggestions are
new POSIX-like interface, which I personally consider as very unconvenient,
This means you really do not know at all what this is about. We
already
On Tue, Oct 03, 2006 at 11:09:15PM -0700, Ulrich Drepper ([EMAIL PROTECTED])
wrote:
On 9/22/06, Evgeniy Polyakov [EMAIL PROTECTED] wrote:
The only two things missed in patchset after his suggestions are
new POSIX-like interface, which I personally consider as very unconvenient,
This means
On Tue, Oct 03, 2006 at 11:10:51PM -0700, Ulrich Drepper ([EMAIL PROTECTED])
wrote:
[Bah, sent too eaqrly]
On 9/22/06, Evgeniy Polyakov [EMAIL PROTECTED] wrote:
The only two things missed in patchset after his suggestions are
new POSIX-like interface, which I personally consider as very
On 9/20/06, Evgeniy Polyakov [EMAIL PROTECTED] wrote:
This patch includes core kevent files:
[...]
I tried to look at the example programs before and failed. I tried
again. Where can I find up-to-date example code?
Some other points:
- I really would prefer not to rush all this into the
On Tue, Oct 03, 2006 at 11:34:02PM -0700, Ulrich Drepper ([EMAIL PROTECTED])
wrote:
On 9/20/06, Evgeniy Polyakov [EMAIL PROTECTED] wrote:
This patch includes core kevent files:
[...]
I tried to look at the example programs before and failed. I tried
again. Where can I find up-to-date
From: Miika Komu [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 10:19:06 +0300 (EEST)
Hi folks,
I hope you will consider the BEET mode IPsec patch for the 2.6.19 kernel:
http://www.mail-archive.com/netdev@vger.kernel.org/msg22333.html
We have refactored the patch several times according to
From: Ben Woodard [EMAIL PROTECTED]
Date: Tue, 03 Oct 2006 11:14:38 -0700
Other issues:
1) 2 u32 in the tcp_sock is a lot of space to devote to this
new state. If it can fit in 2 u16's or even less space,
please use that.
2) the expression (tp-foo ? : sysctl_foo) is
On Mon, 2006-10-02 at 12:15 -0400, Dan Williams wrote:
I'm not sure what you mean here. Do you really mean grab the current
_cmdlist_? Because I'm not sure how grabbing the current configuration
(using GET_CONFIG) would necessarily return the right set of options for
the device. Also, what
Evgeniy Polyakov wrote:
When we enter sys_ppoll() we specify needed signals as syscall
parameter, with kevents we will add them into the queue.
No, this is not sufficient as I said in the last mail. Why do you
completely ignore what others say. The code which depends on the signal
does not
On Wed, Oct 04, 2006 at 12:33:25AM -0700, Ulrich Drepper ([EMAIL PROTECTED])
wrote:
Evgeniy Polyakov wrote:
When we enter sys_ppoll() we specify needed signals as syscall
parameter, with kevents we will add them into the queue.
No, this is not sufficient as I said in the last mail. Why
When a skb reaches a device driver for tx, can the driver assumes that
all protocol headers (up to the tcp layer and including tcp options)
are in the linear part of the skb, thus it can access them via
skb-h.th? Or the answer depends on the linux kernel version? Thanks
Ronghua
-
To unsubscribe
On Mon, 2006-10-02 at 19:55 +0200, [EMAIL PROTECTED] wrote:
This patch (wext-patch) is a proposal. It adds two new defines for the
SIOCSIWMLME to cover all kinds MLMEs (well, except REASSOC) through a ioctl.
(it would be nice to have them, so that I can post the hostapd code for the
prism54
David Miller wrote:
At the very least, seconds might not be fine enough granularity
for some circumstances. Heck, the default RTO_MIN is 1/5 of a
second. :-)
I also understand that going to milliseconds or microseconds would
make the size of the in-socket struct members an issue again.
From: Ingo Oeser [EMAIL PROTECTED]
Date: Wed, 4 Oct 2006 10:56:12 +0200
David Miller wrote:
At the very least, seconds might not be fine enough granularity
for some circumstances. Heck, the default RTO_MIN is 1/5 of a
second. :-)
I also understand that going to milliseconds or
Andrey Savochkin wrote:
Hi All,
I'd like to resurrect our discussion about network namespaces.
In our previous discussions it appeared that we have rather polar concepts
which seemed hard to reconcile.
Now I have an idea how to look at all discussed concepts to enable everyone's
usage scenario.
On Tue, 3 Oct 2006 14:57:33 +0200, [EMAIL PROTECTED] wrote:
This patch (prism54-en-wpa3.patch) brings WPA/WPA2(RSN) with
TKIP-Cipher to everyone with a FULLMAC Prism GT/Indigo/Duette card.
I removed all the parts(e.g.: Hostapd Support) which are not relevant for
wpa_supplicant
On Wed, 2006-10-04 at 10:37, Johannes Berg [EMAIL PROTECTED] wrote:
On Mon, 2006-10-02 at 19:55 +0200, [EMAIL PROTECTED] wrote:
This patch (wext-patch) is a proposal. It adds two new defines for the
SIOCSIWMLME to cover all kinds MLMEs (well, except REASSOC) through a
ioctl. (it would be
On Wed, 2006-10-04 at 12:56 +0200, [EMAIL PROTECTED] wrote:
no really, the problem is that my hardware (aka: prism54 fullmac) does all
the mac-management, encryption/decryption, AP-Management,... in the firmware.
And all management operation are wrapped into a simple unique
4-byte
On Wed, 2006-10-04 at 12:38 +0200, Jiri Benc wrote:
On Tue, 3 Oct 2006 14:57:33 +0200, [EMAIL PROTECTED] wrote:
This patch (prism54-en-wpa3.patch) brings WPA/WPA2(RSN) with
TKIP-Cipher to everyone with a FULLMAC Prism GT/Indigo/Duette card.
I removed all the parts(e.g.: Hostapd Support)
On Wed, 4 Oct 2006, Evgeniy Polyakov wrote:
Linux kano 2.6.18 #5 SMP Mon Oct 2 18:44:30 MSD 2006 i686 i686 i386 GNU/Linux
[EMAIL PROTECTED] ~]# rpm -q selinux-policy-targeted
selinux-policy-targeted-2.3.17-2
I get only this messages in audit.log when remote racoon tries to
connect to
On Tue, Oct 03, 2006 at 04:18:07PM -0700, David Miller wrote:
As I review this patch I realize there is a question of
semantics and prioritization here.
Indeed. Unfortunately I was doing other things at the time
sub-policies were introduced so I didn't pay attention to it.
After a quick
Evegeniy,
Please start with my patch which should actually address the issue
you were originally running into. I doubt that you were running into
the kind of errors that James' patch (which will need to be modified
to not treat -EACCES as an error to be propagated up the chain) would
handle.
On Wed, 4 Oct 2006 13:40 +0200 [EMAIL PROTECTED] wrote:
On Wed, 2006-10-04 at 12:38 +0200, Jiri Benc wrote:
On Tue, 3 Oct 2006 14:57:33 +0200, [EMAIL PROTECTED] wrote:
This patch (prism54-en-wpa3.patch) brings WPA/WPA2(RSN) with
TKIP-Cipher to everyone with a FULLMAC Prism
On Wed, 2006-10-04 at 09:41 +0200, Johannes Berg wrote:
I don't really have an explicit ToDo list, but here are a few points
that come to mind
* notification support when parameters change multicast a netlink
message to all subscribers of that group
I think we'll want at least two groups
Venkat Yekkirala wrote:
The following replaces unlabeled_t with network_t for
better characterization of the flow out/in checks in
SELinux, as well as to allow for mls packets to
flow out/in from the network since network_t would allow
the full range of MLS labels, as opposed to the unlabeled
Paul Moore wrote:
Venkat Yekkirala wrote:
The following replaces unlabeled_t with network_t for
better characterization of the flow out/in checks in
SELinux, as well as to allow for mls packets to
flow out/in from the network since network_t would allow
the full range of MLS labels, as opposed
On Wed, 2006-10-04 at 10:33 -0400, Paul Moore wrote:
Venkat Yekkirala wrote:
The following replaces unlabeled_t with network_t for
better characterization of the flow out/in checks in
SELinux, as well as to allow for mls packets to
flow out/in from the network since network_t would allow
Considering the above change, I wonder if it would also
make sense to
update the secmark to SECINITSID_UNLABELED in the abscence of any
external labeling (labeled IPsec or NetLabel)?
Ungh, my apologies ... I meant to say SECINITSID_NETMSG *not*
SECINITSID_UNLABELED.
In the
Christopher J. PeBenito wrote:
On Wed, 2006-10-04 at 10:33 -0400, Paul Moore wrote:
Venkat Yekkirala wrote:
The following replaces unlabeled_t with network_t for
better characterization of the flow out/in checks in
SELinux, as well as to allow for mls packets to
flow out/in from the network
On Thu, 2006-09-28 at 14:01 -0700, Andrew Morton wrote:
On Thu, 28 Sep 2006 17:50:31 + (UTC)
Steve Fox [EMAIL PROTECTED] wrote:
On Thu, 28 Sep 2006 01:46:23 -0700, Andrew Morton wrote:
ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.18/2.6.18-mm2/
Panic on
Jay Vosburgh wrote:
Or Gerlitz [EMAIL PROTECTED] wrote:
Sorry, but I don't follow... by saying would be ideal to do ***it*** this
way in all cases what exactly is the it you are referring to?
It refers to:
You almost want to have some kind of call to induce a reload
from
This patch provides the missing NetLabel support to the secid reconciliation
patchset.
Signed-off-by: Paul Moore [EMAIL PROTECTED]
---
security/selinux/hooks.c| 104 +--
security/selinux/include/objsec.h |1
This patchset includes an update to the NetLabel/secid-reconciliation patch,
replacing my v3 patch from earlier this week, and a bugfix patch to cure a
race condition found during testing this week. The bugfix patch does not
rely on the secid patches and should be merged regardless as it fixes a
Testing revealed a problem with the NetLabel cache where a cached entry could
be freed while in use by the LSM layer causing an oops and other problems.
This patch fixes that problem by introducing a reference counter to the cache
entry so that it is only freed when it is no longer in use.
Hello Jiri,
Ivo suggested to bring this issue to a broader audience, specifically to
the stack maintainer.
Trying to run my Asus WL167G with rt2500usb I faced the following:
BUG: scheduling while atomic: swapper/0x0102/0
c0103055 show_trace+0x12/0x14
c01035e0 dump_stack+0x1c/0x1e
Hi,
Ivo told me about a patch for d80211 that moved certain timers to thread
context, effectively avoiding to call config from timer handlers, but I
didn't find any trace yet. Is there some modification in this direction
already scheduled? I'm not necessarily looking for work, at best I would
On Wed, 04 Oct 2006 17:59:57 +0200, Jan Kiszka wrote:
The reason is the invocation of rt2500usb's config handler in atomic
context (timer handler). But this service requires schedulable context
to submit and wait for some URBs.
Hm, I thought it had been fixed
Ivo van Doorn wrote:
Hi,
Ivo told me about a patch for d80211 that moved certain timers to thread
context, effectively avoiding to call config from timer handlers, but I
didn't find any trace yet. Is there some modification in this direction
already scheduled? I'm not necessarily looking
All patches have been applied to my tree, thanks!
Jiri
--
Jiri Benc
SUSE Labs
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, 4 Oct 2006 18:34:57 +0200, Ivo van Doorn wrote:
You could replace the timer with a workqueue, the original patch
also did that, so I think it would be good enough this time as well. :)
Yes, the timing isn't required to be precise here.
Jiri
--
Jiri Benc
SUSE Labs
-
To unsubscribe
On Wednesday 04 October 2006 18:31, Jan Kiszka wrote:
Ivo van Doorn wrote:
Hi,
Ivo told me about a patch for d80211 that moved certain timers to thread
context, effectively avoiding to call config from timer handlers, but I
didn't find any trace yet. Is there some modification in this
Jiri Benc wrote:
On Wed, 4 Oct 2006 18:34:57 +0200, Ivo van Doorn wrote:
You could replace the timer with a workqueue, the original patch
also did that, so I think it would be good enough this time as well. :)
Yes, the timing isn't required to be precise here.
Ok, I'm not promising success
@@ -3714,19 +3714,34 @@ static int selinux_skb_flow_in(struct sk
if (skb-dev == loopback_dev)
return 1;
+ if (skb-secmark)
+ loc_sid = skb-secmark;
+ else
+ loc_sid = SECINITSID_NETMSG;
+
err = selinux_xfrm_decode_session(skb,
@@ -3714,19 +3714,34 @@ static int selinux_skb_flow_in(struct sk
if (skb-dev == loopback_dev)
return 1;
+ if (skb-secmark)
+ loc_sid = skb-secmark;
+ else
+ loc_sid = SECINITSID_NETMSG;
+
err = selinux_xfrm_decode_session(skb,
On Wed, 04 Oct 2006 00:07:22 -0700 (PDT)
David Miller [EMAIL PROTECTED] wrote:
From: Ben Woodard [EMAIL PROTECTED]
Date: Tue, 03 Oct 2006 11:14:38 -0700
Other issues:
1) 2 u32 in the tcp_sock is a lot of space to devote to this
new state. If it can fit in 2 u16's or even less
Hi,
On Wed, 4 Oct 2006 18:34:57 +0200, Ivo van Doorn wrote:
You could replace the timer with a workqueue, the original patch
also did that, so I think it would be good enough this time as well. :)
Yes, the timing isn't required to be precise here.
Ok, I'm not promising success and
Or Gerlitz [EMAIL PROTECTED] wrote:
[...]
Looking on the sysconfig package, some tools eg /sbin/if{up,down,status}
use ifenslave which is in turn provided by the iputils package.
My understanding is that changing ifenslave and the bonding kernel code to
allow for enslaving while master is not up
On Wed, 04 Oct 2006 08:42:28 -0500
Steve Fox [EMAIL PROTECTED] wrote:
On Thu, 2006-09-28 at 14:01 -0700, Andrew Morton wrote:
On Thu, 28 Sep 2006 17:50:31 + (UTC)
Steve Fox [EMAIL PROTECTED] wrote:
On Thu, 28 Sep 2006 01:46:23 -0700, Andrew Morton wrote:
On Wednesday 04 October 2006 17:45, Andrew Morton wrote:
On Wed, 04 Oct 2006 08:42:28 -0500
Steve Fox [EMAIL PROTECTED] wrote:
On Thu, 2006-09-28 at 14:01 -0700, Andrew Morton wrote:
On Thu, 28 Sep 2006 17:50:31 + (UTC)
Steve Fox [EMAIL PROTECTED] wrote:
On Thu, 28 Sep 2006
On Wed, Oct 04, 2006 at 08:45:40AM -0700, Andrew Morton wrote:
On Wed, 04 Oct 2006 08:42:28 -0500
Steve Fox [EMAIL PROTECTED] wrote:
On Thu, 2006-09-28 at 14:01 -0700, Andrew Morton wrote:
On Thu, 28 Sep 2006 17:50:31 + (UTC)
Steve Fox [EMAIL PROTECTED] wrote:
On Thu, 28
On Wed, 2006-10-04 at 08:45 -0700, Andrew Morton wrote:
On Wed, 04 Oct 2006 08:42:28 -0500
Steve Fox [EMAIL PROTECTED] wrote:
Sorry for the delay. I was finally able to perform a bisect on this. It
turns out the patch that causes this is
x86_64-mm-re-positioning-the-bss-segment.patch,
On Wed, 04 Oct 2006 10:14:55 -0500
Steve Fox [EMAIL PROTECTED] wrote:
Andrew Morton wrote:
ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.18/2.6.18-mm3/
This is on the same x86_64 box which I reported the -mm2 boot problem. I
have confirmed that CONFIG_DEBUG_INFO was on
Evgeniy Polyakov wrote:
It is completely possible to do what you describe without special
syscall parameters.
First of all, I don't see how this is efficiently possible. The mask
might change from call to call.
Second, hasn't it sunk in that inventing new ways to pass parameters is
bad?
On Wed, 2006-10-04 at 16:19 +0200, Johannes Berg wrote:
On Wed, 2006-10-04 at 09:41 +0200, Johannes Berg wrote:
I don't really have an explicit ToDo list, but here are a few points
that come to mind
* notification support when parameters change multicast a netlink
message to all
Venkat Yekkirala wrote:
@@ -3714,19 +3714,34 @@ static int selinux_skb_flow_in(struct sk
if (skb-dev == loopback_dev)
return 1;
+ if (skb-secmark)
+ loc_sid = skb-secmark;
+ else
+ loc_sid = SECINITSID_NETMSG;
+
err =
On Wed, 4 Oct 2006, [EMAIL PROTECTED] wrote:
This patchset includes an update to the NetLabel/secid-reconciliation patch,
replacing my v3 patch from earlier this week, and a bugfix patch to cure a
race condition found during testing this week. The bugfix patch does not
rely on the secid
As for the rest of the network labeling, please work
together with Venkat
and the SELinux developers on a final patchset which meets
all of the
design goals and has been tested, with policy which has been merged
upstream and is available via Fedora devel. Please keep
the
* XFRM present
xfrm_sid = full context from xfrm
loc_sid = SECINITSID_NETMSG
nlbl_sid = SECSID_NULL/0
ext_sid = xfrm_sid
final skb-secmark = avc_ok : ext_sid ? unchanged
* NetLabel present
xfrm_sid = SECSID_NULL/0
loc_sid = SECSID_NULL/0
nlbl_sid =
On Fri, 2006-09-29 at 17:53 -0400, Bill Helfinstine wrote:
The b44 driver has a bug where if there are more than B44_MCAST_TABLE_SIZE
groups in the dev-mc_list, it will only listen to the first
B44_MCAST_TABLE_SIZE that it sees.
This patch makes the driver go into RXCONFIG_ALLMULTI mode if
* XFRM present
xfrm_sid = full context from xfrm
loc_sid = SECINITSID_NETMSG
nlbl_sid = SECSID_NULL/0
ext_sid = xfrm_sid
final skb-secmark = avc_ok : ext_sid ? unchanged
Actually, I meant to cite the following instead of the above:
* Nothing
xfrm_sid = SECSID_NULL/0
Venkat Yekkirala wrote:
As for the rest of the network labeling, please work
together with Venkat
and the SELinux developers on a final patchset which meets
all of the
design goals and has been tested, with policy which has been merged
upstream and is available via Fedora devel. Please
On Wed, 2006-10-04 at 15:27 -0400, Paul Moore wrote:
Venkat Yekkirala wrote:
* XFRM present
xfrm_sid = full context from xfrm
loc_sid = SECINITSID_NETMSG
nlbl_sid = SECSID_NULL/0
ext_sid = xfrm_sid
final skb-secmark = avc_ok : ext_sid ? unchanged
* NetLabel present
On Wed, 2006-10-04 at 15:27 -0400, Paul Moore wrote:
Venkat Yekkirala wrote:
* XFRM present
xfrm_sid = full context from xfrm
loc_sid = SECINITSID_NETMSG
nlbl_sid = SECSID_NULL/0
ext_sid = xfrm_sid
final skb-secmark = avc_ok : ext_sid ? unchanged
As noted
On Wed, Oct 04, 2006 at 04:12:26PM +0200, [EMAIL PROTECTED] wrote:
the AP code never worked. And the hostapd-ioctl interface was designed
for prism2/2.5/3 cards, but not for fullmac prism54.
What do you mean by never working? I have seen fullmac Prism54
completing WPA authentication with
On Wed, Oct 04, 2006 at 10:37:23AM +0200, Johannes Berg wrote:
On Mon, 2006-10-02 at 19:55 +0200, [EMAIL PROTECTED] wrote:
This patch (wext-patch) is a proposal. It adds two new defines for the
SIOCSIWMLME to cover all kinds MLMEs (well, except REASSOC) through a ioctl.
(it would be nice
On 10/3/06, Evgeniy Polyakov [EMAIL PROTECTED] wrote:
http://tservice.net.ru/~s0mbre/archive/kevent/evserver_kevent.c
http://tservice.net.ru/~s0mbre/archive/kevent/evtest.c
These are simple programs which by themselves have problems. For
instance, I consider a very bad idea to hardcode the
On Wed, 2006-10-04 at 09:57 -0700, Andrew Morton wrote:
You might well find this bisection lands you on origin.patch. ie: a
mainline bug. I note that David merged a few more xfrm fixes this morning.
So to confirm that, first test just origin.patch and if that fails, test
Stephen Hemminger wrote:
This is a much delayed update to the iproute2 command set.
It can be downloaded from:
http://developer.osdl.org/dev/iproute2/download/iproute2-2.6.18-061002.tar.gz
Thanks!
Are there any plans to merge the ip arp patches at
http://www.ssi.bg/~ja/#iparp ? Apologies
On Wed, 04 Oct 2006 23:34:24 +0200
Carl-Daniel Hailfinger [EMAIL PROTECTED] wrote:
Stephen Hemminger wrote:
This is a much delayed update to the iproute2 command set.
It can be downloaded from:
http://developer.osdl.org/dev/iproute2/download/iproute2-2.6.18-061002.tar.gz
Thanks!
On Wed, 4 Oct 2006, Paul Moore wrote:
So, patch 2/2 should go in on it's own against upstream? If so, in 5B
future, please post such patches separately.
Yes, please commit patch 2/2 regardless as it fixes a bug which is not
dependent on any of the secid patches which are being discussed.
David Miller [EMAIL PROTECTED] writes:
From: Samir Bellabes [EMAIL PROTECTED]
Date: Mon, 02 Oct 2006 08:11:06 +0200
This patch adds a connector which reports networking's events to
userspace. It's sending events when a sock has its sk_state changed to :
- LISTEN or CLOSE for DCCP and TCP
Evgeniy Polyakov [EMAIL PROTECTED] writes:
On Mon, Oct 02, 2006 at 02:57:55PM +0200, Samir Bellabes ([EMAIL PROTECTED])
wrote:
Evgeniy Polyakov [EMAIL PROTECTED] writes:
On Mon, Oct 02, 2006 at 08:11:06AM +0200, Samir Bellabes ([EMAIL
PROTECTED]) wrote:
You can also extend your module
On Wed, 04 Oct 2006 11:41:59 -0500
Steve Fox [EMAIL PROTECTED] wrote:
On Wed, 2006-10-04 at 08:45 -0700, Andrew Morton wrote:
On Wed, 04 Oct 2006 08:42:28 -0500
Steve Fox [EMAIL PROTECTED] wrote:
Sorry for the delay. I was finally able to perform a bisect on this. It
turns out the
On Wed, Oct 04, 2006 at 05:06:59PM -0700, Andrew Morton wrote:
On Wed, 04 Oct 2006 11:41:59 -0500
Steve Fox [EMAIL PROTECTED] wrote:
On Wed, 2006-10-04 at 08:45 -0700, Andrew Morton wrote:
On Wed, 04 Oct 2006 08:42:28 -0500
Steve Fox [EMAIL PROTECTED] wrote:
Sorry for the delay. I
I think most likely it would crash on 2.6.18. Keith mannthey had reported
a different crash on 2.6.18-rc4-mm2 when this patch was introduced first
time. Following is the link to the thread.
Then maybe trying 2.6.17 + the patch and then bisect between that and -rc4?
-Andi
-
To unsubscribe
On 10/4/06, Martin Bligh [EMAIL PROTECTED] wrote:
Andi Kleen wrote:
I think most likely it would crash on 2.6.18. Keith mannthey had reported
a different crash on 2.6.18-rc4-mm2 when this patch was introduced first
time. Following is the link to the thread.
Then maybe trying 2.6.17 + the
Hi Yoshifuji-san:
Are there any non-multicast interfaces that require addrconf?
In other words, what does the following patch break :)
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
78 matches
Mail list logo