Resending this - saw no response.
Hey folks,
A few months back I posted an in-progress patch for adding a clear_stats
framework similar to the get_stats framework and implimenting support
for it in the skge driver (the one NIC I have access to), as well as
adding the ethtool support for it.
Marco Berizzi wrote:
Herbert Xu wrote:
However, the fact that the tcpdump causes more chunky packets to
make it through could be an indication that there is a bug somewhere
in our NAT/IPsec code or at least a suboptimal memory allocation
strategy that's somehow avoided when AF_PACKET pins the
The following patchset is an updated version of secmark, which I'd like to
propose for inclusion in either Dave or Andrew's tree for subsequent merge
into mainline during the 2.6.18 merge window.
Secmark implements a new scheme for adding security markings to packets
via iptables, as well as
This patch adds support for a new object class ('packet'), and associated
permissions ('send', 'recv', 'relabelto'). These are used to enforce
security policy for network packets labeled with SECMARK, and for adding
labeling rules.
Please apply.
Signed-off-by: James Morris [EMAIL PROTECTED]
This patch exports adds new functions to the in-kernel SELinux API in
support of the new secmark-based packet controls.
Please apply.
Signed-off-by: James Morris [EMAIL PROTECTED]
---
include/linux/selinux.h| 32
security/selinux/exports.c | 22
This patch adds a secmark field to the skbuff structure, to allow security
subsystems to place security markings on network packets. This is similar
to the nfmark field, except is intended for implementing security policy,
rather than than networking policy.
This patch was already acked in
This patch adds a SECMARK target to xtables, allowing the admin to apply
security marks to packets via both iptables and ip6tables.
The target currently handles SELinux security marking, but can be extended
for other purposes as needed.
Please apply.
Signed-off-by: James Morris [EMAIL
This patch adds a secmark field to IP and NF conntracks, so that security
markings on packets can be copied to their associated connections, and
also copied back to packets as required. This is similar to the network
mark field currently used with conntrack, although it is intended for
This patch adds new per-packet access controls to SELinux, replacing the
old packet controls.
Packets are labeled with the iptables SECMARK and CONNSECMARK targets,
then security policy for the packets is enforced with these controls.
To allow for a smooth transition to the new controls, the
Signed-off-by: Alexey Dobriyan [EMAIL PROTECTED]
---
net/ipv4/ipcomp.c |2 +-
net/ipv4/xfrm4_policy.c |2 +-
net/ipv6/ipcomp6.c |2 +-
net/xfrm/xfrm_input.c |2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
--- a/net/ipv4/ipcomp.c
+++ 1/net/ipv4/ipcomp.c
@@
This updates brings new features to the following supported:
* unified cache to store netchannels (IPv4 and stub for fied cache
to store netchannels (IPv4 and stub for IPv6 hashes, TCP and UDP)
* skb queueing mechanism
* netchannel creation/removing/reading commands
* netchannel's callback to
With grant of the description, it looks negative in the memory management,
but actually, the amount of memory usage in the driver layer is less than
the ordinaly gianfar (around half), especially the NAPI is enable. This
recycling is introduced in order to chop down the critical path memory
On Thu, May 18, 2006 at 09:37:33AM +, Alexey Dobriyan wrote:
--- a/net/ipv4/ipcomp.c
+++ 1/net/ipv4/ipcomp.c
@@ -210,7 +210,7 @@ static void ipcomp4_err(struct sk_buff *
skb-h.icmph-code != ICMP_FRAG_NEEDED)
return;
- spi = ntohl(ntohs(ipch-cpi));
+
On Thu, May 18, 2006 at 02:39:08PM +0200, Lennert Buytenhek wrote:
On Thu, May 18, 2006 at 10:36:32PM +1000, Herbert Xu wrote:
+#define __be32_to_be16(x) ((__force __be16)(__be32)x)
+#define __be16_to_be32(x) ((__force __be32)(__be16)x)
[...]
+#define __be32_to_be16(x) ((__force
GRE keys are 16 bit.
Signed-off-by: Alexey Dobriyan [EMAIL PROTECTED]
---
net/ipv4/netfilter/ip_nat_proto_gre.c |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/net/ipv4/netfilter/ip_nat_proto_gre.c
+++ 1/net/ipv4/netfilter/ip_nat_proto_gre.c
@@ -49,15 +49,15 @@
GRE keys are 16 bit.
Signed-off-by: Alexey Dobriyan [EMAIL PROTECTED]
---
net/ipv4/netfilter/ip_nat_proto_gre.c |8
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/net/ipv4/netfilter/ip_nat_proto_gre.c
+++ 1/net/ipv4/netfilter/ip_nat_proto_gre.c
@@ -81,14 +81,14 @@
Alexey Dobriyan wrote:
GRE keys are 16 bit.
Thanks, I've combined both patches and added them to me tree, will
push to Dave soon.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at
On Wed, May 17, 2006 at 10:23:34PM +0100, Daniel Drake wrote:
John W. Linville wrote:
Daniel Drake:
set_security implementation inside softmac
If it's not too late, can you drop this one?
Well, it's your patch. If you want to withdraw it, I'll comply.
---
The following changes
John W. Linville wrote:
On Wed, May 17, 2006 at 10:23:34PM +0100, Daniel Drake wrote:
John W. Linville wrote:
Daniel Drake:
set_security implementation inside softmac
If it's not too late, can you drop this one?
Well, it's your patch. If you want to withdraw it, I'll comply.
Please
If both ports are receiving on the SysKonnect dual port cards,
then it appears the bus interface unit can give an interrupt status
for frame before DMA has completed. This leads to bogus frames
and general confusion. This is why receive checksumming is also
messed up on dual port cards.
A
[EMAIL PROTECTED] wrote:
http://bugzilla.kernel.org/show_bug.cgi?id=6579
Summary: Kernel Oops, IRDA stack related
Kernel Version: v2.6.16.16 + squashfs v3.0 patch
Status: NEW
Severity: normal
Owner: [EMAIL PROTECTED]
Submitter:
I'm talking about net/netfilter/nfnetlink_log.c::^nfulnl_recv_config
below. I'm totally confused and beer supply almost ended, so can someone else
also look at it...
Put your attention at line 905:
net/netfilter/nfnetlink_log.c:
902 if (nfula[NFULA_CFG_FLAGS-1]) {
903
Randy.Dunlap wrote:
[PATCH 2/4] myri10ge - Driver header files
myri10ge_mcp.h| 205
++
myri10ge_mcp_gen_header.h | 58 +
Please use diffstat -p 1 -w 70 is documented in
Documentation/SubmittingPatches.
Ok,
Roland Dreier wrote:
Still some suspicious uses of volatile here.
For example:
+struct myri10ge_priv {
...
+volatile u8 __iomem *sram;
as far as I can see this is always used with proper __iomem accessors,
often with casts to strip the volatile anyway. So why is
Arnd Bergmann wrote:
+for (sleep_total = 0;
+ sleep_total (15 * 1000) response-result == 0x;
+ sleep_total += 10) {
+udelay(10);
+}
udelay does not sleep. If you want to sleep, use msleep instead.
This place is actually the only one
Alexey Dobriyan wrote:
I'm talking about net/netfilter/nfnetlink_log.c::^nfulnl_recv_config
below. I'm totally confused and beer supply almost ended, so can someone else
also look at it...
Put your attention at line 905:
net/netfilter/nfnetlink_log.c:
902if
Am Friday 19 May 2006 01:56 schrieb Brice Goglin:
This place is actually the only one where we don't want to use msleep.
This function (myri10ge_send_cmd) might be called from various context
(spinlocked or not) and pass orders to the NIC whose processing time
depends a lot on the command. Of
Arnd Bergmann wrote:
Am Friday 19 May 2006 01:56 schrieb Brice Goglin:
This place is actually the only one where we don't want to use msleep.
This function (myri10ge_send_cmd) might be called from various context
(spinlocked or not) and pass orders to the NIC whose processing time
depends
28 matches
Mail list logo