Re: NETDEV WATCHDOG: eth2: transmit timed out with 3c905C-TX

On Tue, May 23, 2006 at 03:36:35PM +0200, Marco Berizzi wrote: Steffen Klassert wrote: On Wed, Apr 05, 2006 at 06:33:18PM +0200, Marco Berizzi wrote: Hello everybody. I'm getting these errors (with packet/connectivity loss) on our firewall after I have plugged in a 3c905C nic. Linux

Re: NETDEV WATCHDOG: eth2: transmit timed out with 3c905C-TX

On Tue, Jun 06, 2006 at 11:12:45AM +0200, Marco Berizzi wrote: I have moved this damn pc from the remote to my site and I have placed it in production environment with 2.6.17-rc5 No problem after 24 hours (on the remote side the problem was arising after a couple of hours). I have modprobed

Re: [patch] drivers/net/3c59x: notice carrier a little sooner

Did you give the patch a try? Actually I have no possibility to test, but I think that netif_carrier_{on,off} still does not work proper. The timer function does just nothing if vp-medialock is set. Steffen On Thu, Jan 12, 2006 at 01:29:23PM -0500, Dan Williams wrote: Hi, This patch

Re: [patch] drivers/net/3c59x: notice carrier a little sooner

On Thu, Jan 12, 2006 at 03:02:25PM -0500, Dan Williams wrote: On Thu, 2006-01-12 at 20:57 +0100, Steffen Klassert wrote: Did you give the patch a try? Actually I have no possibility to test, but I think that netif_carrier_{on,off} still does not work proper. The timer function does

[patch] 3c59x: improve usage of netif_carrier_{on,off}

ethtool_op_get_link instead of vortex_get_link. So it is possible to test with ethtool. The patch compiles, but as I told it is fairly untested. Please let me know the results of your tests. Thanks in advance, Steffen Signed-off-by: Steffen Klassert [EMAIL PROTECTED] --- vanilla-2.6.15/drivers/net/3c59x.c

[PATCH] 3c59x: collision statistic fix

Count the total number of packets with collisions during transmission in vp-stats.collisions. Signed-off-by: Steffen Klassert [EMAIL PROTECTED] --- vanilla-2.6.15/drivers/net/3c59x.c 2006-01-03 04:21:10.0 +0100 +++ linux-2.6.15-sk/drivers/net/3c59x.c 2006-01-14 17:54:16.0 +0100

Re: [patch] 3c59x: improve usage of netif_carrier_{on,off}

On Mon, Jan 16, 2006 at 02:43:30PM -0500, Dan Williams wrote: ... The patch appears to work correctly and does notice links quite a bit sooner. The only issue I noticed was that if no cable is plugged in, it starts off with the carrier on (/sys/class/net/eth0/carrier == 1) but a second later

Re: [PATCH REPOST] mii: check carrier state even when force_media == 1

correctly, while avoiding the check of link parameters. I sent almost the same patch because of the same reasons about a year ago, see http://oss.sgi.com/projects/netdev/archive/2005-02/msg00648.html so I would vote for this patch too. Acked-by: Steffen Klassert [EMAIL PROTECTED] Signed-off-by: John

[patch] 3c59x: fix networking for 10base2 NICs

Fix broken networking for older 10base2 NICs. Signed-off-by: Steffen Klassert [EMAIL PROTECTED] --- linux-2.6.16-git12/drivers/net/3c59x.c 2006-03-30 14:16:23.0 +0200 +++ linux-2.6.16-git12-sk/drivers/net/3c59x.c 2006-03-30 15:27:13.0 +0200 @@ -788,7 +788,7

Re: NETDEV WATCHDOG: eth2: transmit timed out with 3c905C-TX

On Wed, Apr 05, 2006 at 06:33:18PM +0200, Marco Berizzi wrote: Hello everybody. I'm getting these errors (with packet/connectivity loss) on our firewall after I have plugged in a 3c905C nic. Linux is Slackware 10.2 with vanilla 2.6.16.1. Hints? PS: I have temporary resolved the problem

[PATCH] 3c59x: fix duplex configuration

: Martin Buck [EMAIL PROTECTED] Signed-off-by: Steffen Klassert [EMAIL PROTECTED] --- drivers/net/3c59x.c |1 + 1 file changed, 1 insertion(+) --- linux-2.6.23-rc2.orig/drivers/net/3c59x.c +++ linux-2.6.23-rc2/drivers/net/3c59x.c @@ -1555,6 +1555,7 @@ vortex_up(struct net_device *dev

Add 3c59x maintainer

Add 3c59x maintainer. Signed-off-by: Steffen Klassert [EMAIL PROTECTED] --- MAINTAINERS |6 ++ 1 file changed, 6 insertions(+) --- linux-2.6.23-rc2.orig/MAINTAINERS +++ linux-2.6.23-rc2/MAINTAINERS @@ -97,6 +97,12 @@ M: [EMAIL PROTECTED] L: netdev@vger.kernel.org S

Re: [patch 08/18] 3c59x: check return of pci_enable_device()

On Wed, Aug 15, 2007 at 06:30:00PM +0200, Steffen Klassert wrote: On Tue, Aug 14, 2007 at 10:54:32AM +0100, Mark Hindley wrote: On Tue, Aug 14, 2007 at 01:33:26AM -0400, Jeff Garzik wrote: I would strongly prefer that vortex_up return a value, since all the important callers

Re: [REVISED PATCH] 3c59x: check return of pci_enable_device()

On Fri, Aug 31, 2007 at 09:08:37AM -0400, Jeff Garzik wrote: Mark Hindley wrote: Revised patch for this. Mark commit 5cf33391eba81a49038fa8be8cbad8425b80bf7f Author: Mark Hindley [EMAIL PROTECTED] Date: Thu Aug 16 11:26:35 2007 +0100 Check return of pci_enable_device in

Re: [PATCH -mm 2/2] 3c59x MAINTAINERS

On Tue, Sep 04, 2007 at 03:52:50AM +0530, Satyam Sharma wrote: Remove duplicate entry for the same driver. This is -mm specific. Andrew did not remove the add-3c59x-maintainer patch after pushing it to mainline. This can be fixed just by removing the add-3c59x-maintainer patch from -mm. - To

Re: [PATCH -mm 1/2] 3c59x: Fix uninitialized variable bug

. Signed-off-by: Satyam Sharma [EMAIL PROTECTED] Acked-by: Steffen Klassert [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH -mm 1/2] 3c59x: Fix uninitialized variable bug

On Tue, Sep 04, 2007 at 09:53:31AM +0100, Mark Hindley wrote: On Tue, Sep 04, 2007 at 02:09:47PM +0530, Satyam Sharma wrote: Hi Steffen, On Tue, 4 Sep 2007, Steffen Klassert wrote: On Tue, Sep 04, 2007 at 03:45:55AM +0530, Satyam Sharma wrote: drivers/net/3c59x.c

Re: [PATCH -mm 1/2] 3c59x: Fix uninitialized variable bug

On Tue, Sep 04, 2007 at 10:35:10AM +0100, Mark Hindley wrote: On Tue, Sep 04, 2007 at 11:17:57AM +0200, Steffen Klassert wrote: The only warning that I was able to trigger with gcc 4.2 is in the case of a .config without PCI support. In this case I get drivers/net/3c59x.c

Re: [PATCH] 3c59x: sparse warning fix

, PKT_BUF_SZ, PCI_DMA_FROMDEVICE); /* 'skb_put()' points to the start of sk_buff data area. */ - Thanks, Acked-by: Steffen Klassert [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED

Re: Problems with 3c59x driver (extremely low throughput)

On Tue, Sep 18, 2007 at 01:32:00PM +0200, Mikael Leivisk? wrote: OK first of all I'm not really sure if this is the place but was told by Dave Dillow to send to the netdev kernel mailing list. So that's what I'm doing :) I tried searching the mailing lists and didn't find anything that

Re: Bugzilla: open bug reports

On Thu, Oct 04, 2007 at 09:44:26AM -0700, Stephen Hemminger wrote: Bugzilla report of open bugs. Yes you could run it yourself but many of these bugs seem to be old and need some attention or work to get resolved. Perhaps we should at least ask the reporters of the older bugs whether the

Re: [PATCH] vortex_up should initialize err

On Wed, Oct 17, 2007 at 08:28:36PM -0400, Jeff Garzik wrote: Badari Pulavarty wrote: Simple compile warning fix. (against 2.6.23-git12) Thanks, Badari vortex_up() should initialize 'err' for a successful return. drivers/net/3c59x.c: In function `vortex_up': drivers/net/3c59x.c:1494:

Re: CCM/GCM implementation defect

On Thu, Apr 23, 2015 at 11:26:20AM +0800, Herbert Xu wrote: Hi: It looks like our IPsec implementations of CCM and GCM are buggy in that they don't include the IV in the authentication calculation. Seems like crypto_rfc4106_crypt() passes the associated data it got from ESP directly to gcm,

Re: [PATCH] xfrm: fix a race in xfrm_state_lookup_byspi

On Wed, Apr 29, 2015 at 05:25:25AM +, Du, Fan wrote: -Original Message- From: roy.qing...@gmail.com [mailto:roy.qing...@gmail.com] Sent: Wednesday, April 29, 2015 8:43 AM To: netdev@vger.kernel.org Cc: Du, Fan; steffen.klass...@secunet.com Subject: [PATCH] xfrm: fix a race in

Re: [PATCH] xfrm: fix the return code when xfrm_*_register_afinfo failed

On Thu, Apr 23, 2015 at 11:06:53AM +0800, roy.qing...@gmail.com wrote: From: Li RongQing roy.qing...@gmail.com If xfrm_*_register_afinfo failed since xfrm_*_afinfo[afinfo-family] had the value, return the -EEXIST, not -ENOBUFS Signed-off-by: Li RongQing roy.qing...@gmail.com Also applied

Re: [PATCH][net-next] xfrm: slightly optimise xfrm_input

On Fri, Apr 24, 2015 at 04:49:31PM +0800, roy.qing...@gmail.com wrote: From: Li RongQing roy.qing...@gmail.com Check x-km.state with XFRM_STATE_ACQ only when state is not XFRM_STAT_VALID, not everytime Signed-off-by: Li RongQing roy.qing...@gmail.com Applied to ipsec-next, thanks a lot

Re: [PATCH][net-next][v2] xfrm: optimise the use of walk list header in xfrm_policy/state_walk

On Wed, Apr 22, 2015 at 05:13:18PM +0800, Herbert Xu wrote: On Wed, Apr 22, 2015 at 05:09:54PM +0800, roy.qing...@gmail.com wrote: From: Li RongQing roy.qing...@gmail.com The walk from input is the list header, and marked as dead, and will be skipped in loop. list_first_entry() can

Re: [PATCH] xfrm: remove the xfrm_queue_purge definition

On Wed, Apr 22, 2015 at 03:51:16PM +0800, roy.qing...@gmail.com wrote: From: Li RongQing roy.qing...@gmail.com The task of xfrm_queue_purge is same as skb_queue_purge, so remove it Signed-off-by: Li RongQing roy.qing...@gmail.com Applied to ipsec-next, thanks! -- To unsubscribe from this

Re: [v3 PATCH 0/8] crypto: Convert all AEAD users to new interface

On Wed, May 27, 2015 at 04:01:05PM +0800, Herbert Xu wrote: Hi: The only changes from the last version are that set_ad no longer takes a cryptoff argument and testmgr has been updated to always supply space for the authentication tag. The algif_aead patch has been removed and will be

Re: Looking for a lost patch

On Thu, May 21, 2015 at 05:25:24PM -0400, David Miller wrote: From: Steffen Klassert steffen.klass...@secunet.com Date: Wed, 20 May 2015 08:32:23 +0200 On Tue, May 19, 2015 at 11:32:15AM -0700, Alexander Duyck wrote: On 05/19/2015 12:57 AM, Steffen Klassert wrote: The MTU should be 1500

Re: [v3 PATCH 0/8] crypto: Convert all AEAD users to new interface

On Wed, May 27, 2015 at 05:29:22PM +0800, Herbert Xu wrote: On Wed, May 27, 2015 at 11:25:33AM +0200, Steffen Klassert wrote: Not sure if I missed something in the flood of patches, but if I apply your v3 patchset on top of the cryptodev tree, it crashes like that buring boot: Sorry

Re: [ipsec PATCH 0/3] Preserve skb-mark through VTI tunnels

On Wed, May 27, 2015 at 07:16:37AM -0700, Alexander Duyck wrote: These patches are meant to try and address the fact the VTI tunnels are currently overwriting the skb-mark value. I am generally happy with the first two patches, however the third patch still modifies the skb-mark, though it

[PATCH 1/7] xfrm: fix a race in xfrm_state_lookup_byspi

...@gmail.com Acked-by: Fan Du fan...@intel.com Signed-off-by: Steffen Klassert steffen.klass...@secunet.com --- net/xfrm/xfrm_state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index f5e39e3..96688cd 100644 --- a/net/xfrm

[PATCH 3/7] esp6: Use high-order sequence number bits for IV generation

-by: Steffen Klassert steffen.klass...@secunet.com --- net/ipv6/esp6.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 31f1b5d..7c07ce3 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c @@ -248,7 +248,8 @@ static int esp6_output(struct xfrm_state

pull request (net): ipsec 2015-05-28

1) Fix a race in xfrm_state_lookup_byspi, we need to take the refcount before we release xfrm_state_lock. From Li RongQing. 2) Fix IV generation on ESN state. We used just the low order sequence numbers for IV generation on ESN, as a result the IV can repeat on the same state. Fix

[PATCH 2/7] esp4: Use high-order sequence number bits for IV generation

-by: Steffen Klassert steffen.klass...@secunet.com --- net/ipv4/esp4.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 421a80b..30b544f 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -256,7 +256,8 @@ static int esp_output(struct xfrm_state

[PATCH 5/7] ip_vti/ip6_vti: Do not touch skb-mark on xmit

. Signed-off-by: Alexander Duyck alexander.h.du...@redhat.com Signed-off-by: Steffen Klassert steffen.klass...@secunet.com --- net/ipv4/ip_vti.c | 5 +++-- net/ipv6/ip6_vti.c | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index 9f7269f

[PATCH 7/7] ip_vti/ip6_vti: Preserve skb-mark after rcv_cb call

the assignment into the rcv_cb calls and then just restore the original mark after xfrm_policy_check has been completed. Signed-off-by: Alexander Duyck alexander.h.du...@redhat.com Signed-off-by: Steffen Klassert steffen.klass...@secunet.com --- net/ipv4/ip_vti.c | 9 +++-- net/ipv6/ip6_vti.c | 9

[PATCH 4/7] xfrm: Always zero high-order sequence number bits

into the IV. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au Signed-off-by: Steffen Klassert steffen.klass...@secunet.com --- net/xfrm/xfrm_replay.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index dab57da..4fd725a 100644 --- a/net/xfrm

[PATCH 6/7] xfrm: Override skb-mark with tunnel-parm.i_key in xfrm_input

-by: Alexander Duyck alexander.h.du...@redhat.com Signed-off-by: Steffen Klassert steffen.klass...@secunet.com --- net/xfrm/xfrm_input.c | 17 - 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 526c4fe..b58286e 100644 --- a/net

Re: [PATCH] xfrm6: Do not use xfrm_local_error for path MTU issues in tunnels

On Thu, May 28, 2015 at 12:18:51AM -0700, Alexander Duyck wrote: On 05/27/2015 10:36 PM, Steffen Klassert wrote: On Wed, May 27, 2015 at 10:40:32AM -0700, Alexander Duyck wrote: This change makes it so that we use icmpv6_send to report PMTU issues back into tunnels in the case

pull request (net-next): ipsec-next 2015-05-28

1) Remove xfrm_queue_purge as this is the same as skb_queue_purge. 2) Optimize policy and state walk. 3) Use a sane return code if afinfo registration fails. 4) Only check fori a acquire state if the state is not valid. 5) Remove a unnecessary NULL check before xfrm_pol_hold as it checks

[PATCH 1/7] xfrm: remove the xfrm_queue_purge definition

From: Li RongQing roy.qing...@gmail.com The task of xfrm_queue_purge is same as skb_queue_purge, so remove it Signed-off-by: Li RongQing roy.qing...@gmail.com Signed-off-by: Steffen Klassert steffen.klass...@secunet.com --- net/xfrm/xfrm_policy.c | 12 ++-- 1 file changed, 2 insertions

[PATCH 5/7] xfrm: remove the unnecessary checking before call xfrm_pol_hold

From: Li RongQing roy.qing...@gmail.com xfrm_pol_hold will check its input with NULL Signed-off-by: Li RongQing roy.qing...@gmail.com Signed-off-by: Steffen Klassert steffen.klass...@secunet.com --- net/xfrm/xfrm_policy.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git

[PATCH 6/7] xfrm: move the checking for old xfrm_policy hold_queue to beginning

From: Li RongQing roy.qing...@gmail.com if hold_queue of old xfrm_policy is NULL, return directly, then not need to run other codes, especially take the spin lock Signed-off-by: Li RongQing roy.qing...@gmail.com Signed-off-by: Steffen Klassert steffen.klass...@secunet.com --- net/xfrm

[PATCH 3/7] xfrm: fix the return code when xfrm_*_register_afinfo failed

From: Li RongQing roy.qing...@gmail.com If xfrm_*_register_afinfo failed since xfrm_*_afinfo[afinfo-family] had the value, return the -EEXIST, not -ENOBUFS Signed-off-by: Li RongQing roy.qing...@gmail.com Signed-off-by: Steffen Klassert steffen.klass...@secunet.com --- net/xfrm/xfrm_input.c

[PATCH 4/7] xfrm: slightly optimise xfrm_input

From: Li RongQing roy.qing...@gmail.com Check x-km.state with XFRM_STATE_ACQ only when state is not XFRM_STAT_VALID, not everytime Signed-off-by: Li RongQing roy.qing...@gmail.com Signed-off-by: Steffen Klassert steffen.klass...@secunet.com --- net/xfrm/xfrm_input.c | 10 +- 1 file

[PATCH 2/7] xfrm: optimise the use of walk list header in xfrm_policy/state_walk

herb...@gondor.apana.org.au Signed-off-by: Steffen Klassert steffen.klass...@secunet.com --- net/xfrm/xfrm_policy.c | 4 +++- net/xfrm/xfrm_state.c | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index d8c35ad..847053e 100644

[PATCH 7/7] xfrm: optimise to search the inexact policy list

policy with ~0U priority in inexact list too. Signed-off-by: Li RongQing roy.qing...@gmail.com Signed-off-by: Steffen Klassert steffen.klass...@secunet.com --- net/xfrm/xfrm_policy.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm

Re: [PATCH] xfrm6: Do not use xfrm_local_error for path MTU issues in tunnels

On Thu, May 28, 2015 at 12:49:19PM +0800, Herbert Xu wrote: On Wed, May 27, 2015 at 10:40:32AM -0700, Alexander Duyck wrote: This change makes it so that we use icmpv6_send to report PMTU issues back into tunnels in the case that the resulting packet is larger than the MTU of the outgoing

Re: [PATCH] xfrm6: Do not use xfrm_local_error for path MTU issues in tunnels

On Wed, May 27, 2015 at 10:40:32AM -0700, Alexander Duyck wrote: This change makes it so that we use icmpv6_send to report PMTU issues back into tunnels in the case that the resulting packet is larger than the MTU of the outgoing interface. Previously xfrm_local_error was being used in this

Re: Looking for a lost patch

On Wed, May 27, 2015 at 11:46:03AM -0400, David Miller wrote: From: Steffen Klassert steffen.klass...@secunet.com Date: Wed, 27 May 2015 10:35:16 +0200 We currently check if a socket is attached to a skb and do socket error notification in this case, otherwise we do PMTU discovery

Re: [net-next PATCH RFC 0/3] Preserve skb-mark through VTI tunnels

On Tue, May 26, 2015 at 03:41:10PM -0700, Alexander Duyck wrote: These patches are meant to try and address the fact the VTI tunnels are currently overwriting the skb-mark value. I am generally happy with the first two patches, however the third patch still modifies the skb-mark, though it

Re: xfrm: Always zero high-order sequence number bits

On Thu, May 21, 2015 at 12:38:12AM +0800, Herbert Xu wrote: As we're now always including the high bits of the sequence number in the IV generation process we need to ensure that they don't contain crap. This patch ensures that the high sequence bits are always zeroed so that we don't leak

Re: [PATCH ipsec-next] xfrm: Use VRF master index if output device is enslaved

On Wed, Aug 19, 2015 at 11:35:55AM -0700, David Ahern wrote: I think you should use the new vrf_master_index() helper that acquires rcu because it looks possible to call -decode_session() without rcu read lock, e.g. in the hold_timer function xfrm_policy_queue_process(), though I haven’t

Re: [PATCH ipsec-next v2] xfrm: Use VRF master index if output device is enslaved

deletions(-) Looks good to me, Acked-by: Nikolay Aleksandrov niko...@cumulusnetworks.com David, can you please take this directly into net-next? Acked-by: Steffen Klassert steffen.klass...@secunet.com -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message

[PATCH 4/4] net: Document xfrm4_gc_thresh and xfrm6_gc_thresh

-by: Steffen Klassert steffen.klass...@secunet.com --- Documentation/networking/ip-sysctl.txt | 10 ++ 1 file changed, 10 insertions(+) diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt index 56db1ef..46e88ed 100644 --- a/Documentation/networking/ip

[PATCH 3/4] xfrm: Add oif to dst lookups

-off-by: Steffen Klassert steffen.klass...@secunet.com --- include/net/xfrm.h | 7 +-- net/ipv4/xfrm4_policy.c | 11 ++- net/ipv6/xfrm6_policy.c | 7 --- net/xfrm/xfrm_policy.c | 24 ++-- 4 files changed, 29 insertions(+), 20 deletions(-) diff --git

[PATCH 2/4] net/xfrm: use kmemdup rather than duplicating its implementation

From: Andrzej Hajda a.ha...@samsung.com The patch was generated using fixed coccinelle semantic patch scripts/coccinelle/api/memdup.cocci [1]. [1]: http://permalink.gmane.org/gmane.linux.kernel/2014320 Signed-off-by: Andrzej Hajda a.ha...@samsung.com Signed-off-by: Steffen Klassert

pull request (net-next): ipsec-next 2015-08-17

1) Fix IPv6 ECN decapsulation for IPsec interfamily tunnels. From Thomas Egerer. 2) Use kmemdup instead of duplicating it in xfrm_dump_sa(). From Andrzej Hajda. 3) Pass oif to the xfrm lookups so that it gets set on the flow and the resolver routines can match based on oif. From

[PATCH 1/4] xfrm6: Fix IPv6 ECN decapsulation

) to take this value from there. Signed-off-by: Thomas Egerer thomas.ege...@secunet.com Signed-off-by: Steffen Klassert steffen.klass...@secunet.com --- net/ipv6/xfrm6_mode_tunnel.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6

Re: IPsec maintenance during the next weeks

On Tue, Jul 07, 2015 at 10:58:17PM -0700, David Miller wrote: From: Steffen Klassert steffen.klass...@secunet.com Date: Wed, 8 Jul 2015 07:04:32 +0200 I'll be off without mail access for the next two and a half weeks. Can you please take urgent IPsec patches directly into the net tree

Re: [PATCH] xfrm: Add oif to dst lookups

On Mon, Aug 10, 2015 at 04:58:11PM -0600, David Ahern wrote: Rules can be installed that direct route lookups to specific tables based on oif. Plumb the oif through the xfrm lookups so it gets set in the flow struct and passed to the resolver routines. Signed-off-by: David Ahern

Re: [PATCH 28/31] net/xfrm: use kmemdup rather than duplicating its implementation

On Fri, Aug 07, 2015 at 09:59:34AM +0200, Andrzej Hajda wrote: The patch was generated using fixed coccinelle semantic patch scripts/coccinelle/api/memdup.cocci [1]. [1]: http://permalink.gmane.org/gmane.linux.kernel/2014320 Signed-off-by: Andrzej Hajda a.ha...@samsung.com Applied to

Re: [net-next PATCH] net: Document xfrm4_gc_thresh and xfrm6_gc_thresh

On Tue, Aug 11, 2015 at 01:51:52PM -0700, David Miller wrote: From: Alexander Duyck alexander.h.du...@redhat.com Date: Tue, 11 Aug 2015 13:35:01 -0700 This change adds documentation for xfrm4_gc_thresh and xfrm6_gc_thresh based on the comments in commit eeb1b73378b56 (xfrm: Increase the

Re: [PATCH v2 net-next] xfrm: Fix unaligned access to stats in copy_to_user_state()

On Wed, Oct 21, 2015 at 11:48:25AM -0400, Sowmini Varadhan wrote: > > On sparc, deleting established SAs (e.g., by restarting ipsec) > results in unaligned access messages via xfrm_del_sa -> > km_state_notify -> xfrm_send_state_notify(). > > Even though struct xfrm_usersa_info is aligned on

[PATCH 4/4] xfrm: Fix pmtu discovery for local generated packets.

family tunnels") Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com> --- net/ipv4/xfrm4_output.c | 2 ++ net/ipv6/xfrm6_output.c | 1 + 2 files changed, 3 insertions(+) diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c index 2878dbf..41a2613 100644 --- a/net

[PATCH 3/4] xfrm: Fix state threshold configuration from userspace

flows will break the state. Signed-off-by: Michael Rossberg <michael.rossb...@tu-ilmenau.de> Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com> --- net/xfrm/xfrm_user.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_us

pull request (net): ipsec 2015-10-22

fragmentation check Mathias Krause (1): xfrm6: Fix ICMPv6 and MH header checks in _decode_session6 Michael Rossberg (1): xfrm: Fix state threshold configuration from userspace Steffen Klassert (1): xfrm: Fix pmtu discovery for local generated packets. net/ipv4/xfrm4_output.c

[PATCH 2/4] xfrm6: Fix ICMPv6 and MH header checks in _decode_session6

marci...@gmail.com> Signed-off-by: Mathias Krause <mathias.kra...@secunet.com> Cc: PaX Team <pagee...@freemail.hu> Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com> --- net/ipv6/xfrm6_policy.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --g

[PATCH 1/4] ipv6: Fix IPsec pre-encap fragmentation check

orward as well as adding the GSO check. Fixes: dd767856a36e ("xfrm6: Don't call icmpv6_send on local error") Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com> --- net/ipv6/xfrm6_output.c | 17 +

[PATCH 2/5] xfrm: Fix unaligned access to stats in copy_to_user_state()

ini Varadhan <sowmini.varad...@oracle.com> Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com> --- net/xfrm/xfrm_user.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index a8de9e3..639e0d5 100644 --- a/net/xf

[PATCH 1/5] xfrm: Let the flowcache handle its size by default.

of the number of cpus. The xfrm garbage collector threshold can still be set below the flowcache limit to reduce the memory usage of the flowcache. Tested-by: Dan Streetman <dan.street...@canonical.com> Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com> --- Documentation/n

[PATCH 3/5] xfrm4: Fix header checks in _decode_session4.

lookups, so fix it by a check of the data pointer position before we call pskb_may_pull. Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com> --- net/ipv4/xfrm4_policy.c | 15 ++- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/net/ipv4/xfrm4_policy.c

[PATCH 5/5] xfrm: Increment statistic counter on inner mode error

Increment the LINUX_MIB_XFRMINSTATEMODEERROR statistic counter to notify about dropped packets if we fail to fetch a inner mode. Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com> --- net/xfrm/xfrm_input.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git

[PATCH 4/5] xfrm4: Reload skb header pointers after calling pskb_may_pull.

A call to pskb_may_pull may change the pointers into the packet, so reload the pointers after the call. Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com> --- net/ipv4/xfrm4_policy.c | 33 ++--- 1 file changed, 26 insertions(+), 7 deletions(-) diff

pull request (net-next): ipsec-next 2015-10-30

to stats in copy_to_user_state() Steffen Klassert (4): xfrm: Let the flowcache handle its size by default. xfrm4: Fix header checks in _decode_session4. xfrm4: Reload skb header pointers after calling pskb_may_pull. xfrm: Increment statistic counter on inner mode error

Re: [PATCHv3] xfrm: dst_entries_init() per-net dst_ops

On Thu, Oct 29, 2015 at 09:51:16AM -0400, Dan Streetman wrote: > Remove the dst_entries_init/destroy calls for xfrm4 and xfrm6 dst_ops > templates; their dst_entries counters will never be used. Move the > xfrm dst_ops initialization from the common xfrm/xfrm_policy.c to > xfrm4/xfrm4_policy.c

Re: [PATCH net-next] net: Fix vti use case with oif in dst lookups for IPv6

On Mon, Oct 12, 2015 at 12:49:29PM -0600, David Ahern wrote: > On 10/9/15 11:27 AM, David Ahern wrote: > >On 10/9/15 1:17 AM, Steffen Klassert wrote: > >>>>diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c > >>>>index 30caa289c5db..5

Re: [PATCH] net: Really fix vti6 with oif in dst lookups

On Mon, Oct 19, 2015 at 08:26:05AM -0700, David Ahern wrote: > 6e28b000825d ("net: Fix vti use case with oif in dst lookups for IPv6") > is missing the checks on FLOWI_FLAG_SKIP_NH_OIF. Add them. > > Fixes: 42a7b32b73d6 ("xfrm: Add oif to dst lookups") >

Re: [PATCH net-next 2/2] xfrm: Fix unaligned access in xfrm_notify_sa() for DELSA

On Mon, Oct 19, 2015 at 05:23:29PM -0400, Sowmini Varadhan wrote: > On sparc, deleting established SAs (e.g., by restarting ipsec > at the peer) results in unaligned access messages via > xfrm_del_sa -> km_state_notify -> xfrm_send_state_notify(). > Use an aligned pointer to xfrm_usersa_info for

Re: [PATCH net-next] net: Fix vti use case with oif in dst lookups for IPv6

Hi David. On Mon, Oct 12, 2015 at 12:49:29PM -0600, David Ahern wrote: > On 10/9/15 11:27 AM, David Ahern wrote: > > > >The attached patch applied to Linus' tree works for me. Currently the > >above change is not in his tree, so I added it to this patch. Once you > >confirm that it works for you

Re: [PATCH net-next] net: Fix vti use case with oif in dst lookups for IPv6

On Fri, Oct 09, 2015 at 03:54:22PM +0900, Hajime Tazaki wrote: > > Hello David, > > At Mon, 5 Oct 2015 08:32:51 -0600, > David Ahern wrote: > > > > > diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c > > index 30caa289c5db..5cedfda4b241 100644 > > --- a/net/ipv6/xfrm6_policy.c >

IPsec maintenance during the next weeks

David, I'll be off without mail access for the next two and a half weeks. Can you please take urgent IPsec patches directly into the net tree during this time? I'll let you know as soon as I'm back. Thanks! -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a

Re: IPv6 xfrm GSO fragmentation bug

en caused by > > commit dd767856a36e00b631d65ebc4bb81b19915532d6 > Author: Steffen Klassert <steffen.klass...@secunet.com> > Date: Tue Oct 11 01:44:30 2011 + > > xfrm6: Don't call icmpv6_send on local error > > which addded an MTU check without a GSO override. > > Fixing it obvi

Re: IPv6 xfrm GSO fragmentation bug

On Fri, Sep 04, 2015 at 01:21:06PM +0800, Herbert Xu wrote: > On Mon, Aug 31, 2015 at 03:35:26PM +0800, Herbert Xu wrote: > > > > I see where the bug came from. Indeed IPv6 does do fragmentation > > but only for tunnel mode. While your patch added a check that also > > affected transport mode.

Re: [PATCH] xfrm6: Fix ICMPv6 and MH header checks in _decode_session6

On Fri, Sep 11, 2015 at 09:57:20AM +0200, Mathias Krause wrote: > From: Mathias Krause > > Ensure there's enough data left prior calling pskb_may_pull(). If > skb->data was already advanced, we'll call pskb_may_pull() with a > negative value converted to unsigned int

Re: [PATCH] net: Fix vti use case with oif in dst lookups

n <d...@cumulusnetworks.com> This works, thanks a lot for the quick fix! > --- > IPv6 does not show this problem for me. So no change is added for IPv6. > If your mileage varies let me know and I'll take another look. IPv6 works just fine as it is, so no change needed. A

Re: xfrm4_garbage_collect reaching limit

On Mon, Sep 14, 2015 at 11:14:59PM -0400, Dan Streetman wrote: > On Fri, Sep 11, 2015 at 5:48 AM, Steffen Klassert > <steffen.klass...@secunet.com> wrote: > > > >> Possibly the > >> default value of xfrm4_gc_thresh could be set proportional to > >>

Re: xfrm4_garbage_collect reaching limit

Hi Dan. On Thu, Sep 10, 2015 at 05:01:26PM -0400, Dan Streetman wrote: > Hi Steffen, > > I've been working with Jay on a ipsec issue, which I believe he > discussed with you. Yes, we talked about this at the LPC. > In this case the xfrm4_garbage_collect is > returning error because the

Re: [PATCH] xfrm: Add oif to dst lookups

On Mon, Aug 10, 2015 at 04:58:11PM -0600, David Ahern wrote: > Rules can be installed that direct route lookups to specific tables based > on oif. Plumb the oif through the xfrm lookups so it gets set in the flow > struct and passed to the resolver routines. > > Signed-off-by: David Ahern

Re: xfrm4_garbage_collect reaching limit

On Thu, Sep 17, 2015 at 09:23:35PM -0700, David Miller wrote: > From: Steffen Klassert <steffen.klass...@secunet.com> > Date: Wed, 16 Sep 2015 10:45:41 +0200 > > > index 1e06c4f..3dffc73 100644 > > --- a/net/ipv4/xfrm4_policy.c > > +++ b/net/ipv4/xfrm4_policy

Re: [PATCH net-next 4/6] xfrm: Add xfrm6 address translation function

On Tue, Sep 29, 2015 at 04:58:46PM -0600, David Ahern wrote: > Hi Tom: > > On 9/29/15 4:17 PM, Tom Herbert wrote: > >This patch adds xfrm6_xlat_addr which is called in the data path > >to perform address translation (primarily for the receive path). Modules > >may register their own callback to

Re: [PATCH 1/1] xfrm: Fix state threshold configuration from userspace

On Tue, Sep 29, 2015 at 11:25:08AM +0200, Michael Rossberg wrote: > Allow to change the replay threshold (XFRMA_REPLAY_THRESH) and expiry > timer (XFRMA_ETIMER_THRESH) of a state without having to set other > attributes like replay counter and byte lifetime. Changing these other > values while

Re: [PATCH net-next 5/6] ipv6: Call xfrm6_xlat_addr from ipv6_rcv

On Tue, Sep 29, 2015 at 03:17:22PM -0700, Tom Herbert wrote: > Call before performing NF_HOOK and routing in order to perform address > translation in the receive path. > > Signed-off-by: Tom Herbert > --- > net/ipv6/ip6_input.c | 3 +++ > 1 file changed, 3 insertions(+) >

Re: xfrm4_garbage_collect reaching limit

On Mon, Sep 21, 2015 at 10:51:11AM -0400, Dan Streetman wrote: > On Fri, Sep 18, 2015 at 1:00 AM, Dan Streetman <ddstr...@ieee.org> wrote: > > On Wed, Sep 16, 2015 at 4:45 AM, Steffen Klassert > > <steffen.klass...@secunet.com> wrote: > >> > >

Re: IPsec workshop/BoF at netdev1.1?

On Mon, Dec 07, 2015 at 08:20:01AM -0800, Eric Dumazet wrote: > On Mon, 2015-12-07 at 13:00 +0100, Steffen Klassert wrote: > > Is there any interest in doing an IPsec workshop/BoF at netdev1.1? > > > > This mail is to probe if we can gather enough discussion topics to run &g

Re: ipsec impact on performance

On Mon, Dec 07, 2015 at 06:27:48AM -0500, Sowmini Varadhan wrote: > On (12/07/15 09:40), Steffen Klassert wrote: > > > > I've pushed it to > > > > https://git.kernel.org/cgit/linux/kernel/git/klassert/linux-stk.git/log/?h=net-next-ipsec-offload > > > >

Re: ipsec impact on performance

On Wed, Dec 02, 2015 at 07:05:38AM -0500, Sowmini Varadhan wrote: > On (12/02/15 07:53), Steffen Klassert wrote: > > > > I'm currently working on a GRO/GSO codepath for IPsec too. The GRO part > > works already. I decapsulate/decrypt the packets on layer2 with a esp GRO

Re: ipsec impact on performance

On Thu, Dec 03, 2015 at 06:38:20AM -0500, Sowmini Varadhan wrote: > On (12/03/15 09:45), Steffen Klassert wrote: > > pcrypt(echainiv(authenc(hmac(sha1-ssse3),cbc-aes-aesni))) > > > > Result: > > &

  1   2   3   4   5   6   7   8   9   >