On Tue, May 23, 2006 at 03:36:35PM +0200, Marco Berizzi wrote:
Steffen Klassert wrote:
On Wed, Apr 05, 2006 at 06:33:18PM +0200, Marco Berizzi wrote:
Hello everybody.
I'm getting these errors (with packet/connectivity loss) on
our firewall after I have plugged in a 3c905C nic. Linux
On Tue, Jun 06, 2006 at 11:12:45AM +0200, Marco Berizzi wrote:
I have moved this damn pc from the remote to my site and I have
placed it in production environment with 2.6.17-rc5
No problem after 24 hours (on the remote side the problem was
arising after a couple of hours). I have modprobed
Did you give the patch a try?
Actually I have no possibility to test, but
I think that netif_carrier_{on,off} still does not
work proper. The timer function does just nothing
if vp-medialock is set.
Steffen
On Thu, Jan 12, 2006 at 01:29:23PM -0500, Dan Williams wrote:
Hi,
This patch
On Thu, Jan 12, 2006 at 03:02:25PM -0500, Dan Williams wrote:
On Thu, 2006-01-12 at 20:57 +0100, Steffen Klassert wrote:
Did you give the patch a try?
Actually I have no possibility to test, but
I think that netif_carrier_{on,off} still does not
work proper. The timer function does
ethtool_op_get_link instead of vortex_get_link.
So it is possible to test with ethtool.
The patch compiles, but as I told it is fairly untested.
Please let me know the results of your tests.
Thanks in advance,
Steffen
Signed-off-by: Steffen Klassert [EMAIL PROTECTED]
--- vanilla-2.6.15/drivers/net/3c59x.c
Count the total number of packets with collisions during transmission
in vp-stats.collisions.
Signed-off-by: Steffen Klassert [EMAIL PROTECTED]
--- vanilla-2.6.15/drivers/net/3c59x.c 2006-01-03 04:21:10.0 +0100
+++ linux-2.6.15-sk/drivers/net/3c59x.c 2006-01-14 17:54:16.0 +0100
On Mon, Jan 16, 2006 at 02:43:30PM -0500, Dan Williams wrote:
...
The patch appears to work correctly and does notice links quite a bit
sooner. The only issue I noticed was that if no cable is plugged in, it
starts off with the carrier on (/sys/class/net/eth0/carrier == 1) but
a second later
correctly, while avoiding
the check of link parameters.
I sent almost the same patch because of the same reasons about a year ago,
see http://oss.sgi.com/projects/netdev/archive/2005-02/msg00648.html
so I would vote for this patch too.
Acked-by: Steffen Klassert [EMAIL PROTECTED]
Signed-off-by: John
Fix broken networking for older 10base2 NICs.
Signed-off-by: Steffen Klassert [EMAIL PROTECTED]
--- linux-2.6.16-git12/drivers/net/3c59x.c 2006-03-30 14:16:23.0
+0200
+++ linux-2.6.16-git12-sk/drivers/net/3c59x.c 2006-03-30 15:27:13.0
+0200
@@ -788,7 +788,7
On Wed, Apr 05, 2006 at 06:33:18PM +0200, Marco Berizzi wrote:
Hello everybody.
I'm getting these errors (with packet/connectivity loss) on
our firewall after I have plugged in a 3c905C nic. Linux is
Slackware 10.2 with vanilla 2.6.16.1.
Hints?
PS: I have temporary resolved the problem
: Martin Buck [EMAIL PROTECTED]
Signed-off-by: Steffen Klassert [EMAIL PROTECTED]
---
drivers/net/3c59x.c |1 +
1 file changed, 1 insertion(+)
--- linux-2.6.23-rc2.orig/drivers/net/3c59x.c
+++ linux-2.6.23-rc2/drivers/net/3c59x.c
@@ -1555,6 +1555,7 @@ vortex_up(struct net_device *dev
Add 3c59x maintainer.
Signed-off-by: Steffen Klassert [EMAIL PROTECTED]
---
MAINTAINERS |6 ++
1 file changed, 6 insertions(+)
--- linux-2.6.23-rc2.orig/MAINTAINERS
+++ linux-2.6.23-rc2/MAINTAINERS
@@ -97,6 +97,12 @@ M: [EMAIL PROTECTED]
L: netdev@vger.kernel.org
S
On Wed, Aug 15, 2007 at 06:30:00PM +0200, Steffen Klassert wrote:
On Tue, Aug 14, 2007 at 10:54:32AM +0100, Mark Hindley wrote:
On Tue, Aug 14, 2007 at 01:33:26AM -0400, Jeff Garzik wrote:
I would strongly prefer that vortex_up return a value, since all the
important callers
On Fri, Aug 31, 2007 at 09:08:37AM -0400, Jeff Garzik wrote:
Mark Hindley wrote:
Revised patch for this.
Mark
commit 5cf33391eba81a49038fa8be8cbad8425b80bf7f
Author: Mark Hindley [EMAIL PROTECTED]
Date: Thu Aug 16 11:26:35 2007 +0100
Check return of pci_enable_device in
On Tue, Sep 04, 2007 at 03:52:50AM +0530, Satyam Sharma wrote:
Remove duplicate entry for the same driver.
This is -mm specific. Andrew did not remove the add-3c59x-maintainer
patch after pushing it to mainline. This can be fixed just by removing
the add-3c59x-maintainer patch from -mm.
-
To
.
Signed-off-by: Satyam Sharma [EMAIL PROTECTED]
Acked-by: Steffen Klassert [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Sep 04, 2007 at 09:53:31AM +0100, Mark Hindley wrote:
On Tue, Sep 04, 2007 at 02:09:47PM +0530, Satyam Sharma wrote:
Hi Steffen,
On Tue, 4 Sep 2007, Steffen Klassert wrote:
On Tue, Sep 04, 2007 at 03:45:55AM +0530, Satyam Sharma wrote:
drivers/net/3c59x.c
On Tue, Sep 04, 2007 at 10:35:10AM +0100, Mark Hindley wrote:
On Tue, Sep 04, 2007 at 11:17:57AM +0200, Steffen Klassert wrote:
The only warning that I was able to trigger with gcc 4.2 is in the case of
a .config
without PCI support. In this case I get
drivers/net/3c59x.c
, PKT_BUF_SZ, PCI_DMA_FROMDEVICE);
/* 'skb_put()' points to the start of sk_buff
data area. */
-
Thanks,
Acked-by: Steffen Klassert [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED
On Tue, Sep 18, 2007 at 01:32:00PM +0200, Mikael Leivisk? wrote:
OK first of all I'm not really sure if this is the place but was told by
Dave Dillow to send to the netdev kernel mailing list. So that's what
I'm doing :)
I tried searching the mailing lists and didn't find anything that
On Thu, Oct 04, 2007 at 09:44:26AM -0700, Stephen Hemminger wrote:
Bugzilla report of open bugs. Yes you could run it yourself but
many of these bugs seem to be old and need some attention or work
to get resolved.
Perhaps we should at least ask the reporters of the older bugs
whether the
On Wed, Oct 17, 2007 at 08:28:36PM -0400, Jeff Garzik wrote:
Badari Pulavarty wrote:
Simple compile warning fix. (against 2.6.23-git12)
Thanks,
Badari
vortex_up() should initialize 'err' for a successful return.
drivers/net/3c59x.c: In function `vortex_up':
drivers/net/3c59x.c:1494:
On Thu, Apr 23, 2015 at 11:26:20AM +0800, Herbert Xu wrote:
Hi:
It looks like our IPsec implementations of CCM and GCM are buggy
in that they don't include the IV in the authentication calculation.
Seems like crypto_rfc4106_crypt() passes the associated data it
got from ESP directly to gcm,
On Wed, Apr 29, 2015 at 05:25:25AM +, Du, Fan wrote:
-Original Message-
From: roy.qing...@gmail.com [mailto:roy.qing...@gmail.com]
Sent: Wednesday, April 29, 2015 8:43 AM
To: netdev@vger.kernel.org
Cc: Du, Fan; steffen.klass...@secunet.com
Subject: [PATCH] xfrm: fix a race in
On Thu, Apr 23, 2015 at 11:06:53AM +0800, roy.qing...@gmail.com wrote:
From: Li RongQing roy.qing...@gmail.com
If xfrm_*_register_afinfo failed since xfrm_*_afinfo[afinfo-family] had the
value, return the -EEXIST, not -ENOBUFS
Signed-off-by: Li RongQing roy.qing...@gmail.com
Also applied
On Fri, Apr 24, 2015 at 04:49:31PM +0800, roy.qing...@gmail.com wrote:
From: Li RongQing roy.qing...@gmail.com
Check x-km.state with XFRM_STATE_ACQ only when state is not
XFRM_STAT_VALID, not everytime
Signed-off-by: Li RongQing roy.qing...@gmail.com
Applied to ipsec-next, thanks a lot
On Wed, Apr 22, 2015 at 05:13:18PM +0800, Herbert Xu wrote:
On Wed, Apr 22, 2015 at 05:09:54PM +0800, roy.qing...@gmail.com wrote:
From: Li RongQing roy.qing...@gmail.com
The walk from input is the list header, and marked as dead, and will
be skipped in loop.
list_first_entry() can
On Wed, Apr 22, 2015 at 03:51:16PM +0800, roy.qing...@gmail.com wrote:
From: Li RongQing roy.qing...@gmail.com
The task of xfrm_queue_purge is same as skb_queue_purge, so remove it
Signed-off-by: Li RongQing roy.qing...@gmail.com
Applied to ipsec-next, thanks!
--
To unsubscribe from this
On Wed, May 27, 2015 at 04:01:05PM +0800, Herbert Xu wrote:
Hi:
The only changes from the last version are that set_ad no longer
takes a cryptoff argument and testmgr has been updated to always
supply space for the authentication tag.
The algif_aead patch has been removed and will be
On Thu, May 21, 2015 at 05:25:24PM -0400, David Miller wrote:
From: Steffen Klassert steffen.klass...@secunet.com
Date: Wed, 20 May 2015 08:32:23 +0200
On Tue, May 19, 2015 at 11:32:15AM -0700, Alexander Duyck wrote:
On 05/19/2015 12:57 AM, Steffen Klassert wrote:
The MTU should be 1500
On Wed, May 27, 2015 at 05:29:22PM +0800, Herbert Xu wrote:
On Wed, May 27, 2015 at 11:25:33AM +0200, Steffen Klassert wrote:
Not sure if I missed something in the flood of patches, but if I
apply your v3 patchset on top of the cryptodev tree, it crashes
like that buring boot:
Sorry
On Wed, May 27, 2015 at 07:16:37AM -0700, Alexander Duyck wrote:
These patches are meant to try and address the fact the VTI tunnels are
currently overwriting the skb-mark value. I am generally happy with the
first two patches, however the third patch still modifies the skb-mark,
though it
...@gmail.com
Acked-by: Fan Du fan...@intel.com
Signed-off-by: Steffen Klassert steffen.klass...@secunet.com
---
net/xfrm/xfrm_state.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index f5e39e3..96688cd 100644
--- a/net/xfrm
-by: Steffen Klassert steffen.klass...@secunet.com
---
net/ipv6/esp6.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 31f1b5d..7c07ce3 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -248,7 +248,8 @@ static int esp6_output(struct xfrm_state
1) Fix a race in xfrm_state_lookup_byspi, we need to take
the refcount before we release xfrm_state_lock.
From Li RongQing.
2) Fix IV generation on ESN state. We used just the
low order sequence numbers for IV generation on
ESN, as a result the IV can repeat on the same
state. Fix
-by: Steffen Klassert steffen.klass...@secunet.com
---
net/ipv4/esp4.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 421a80b..30b544f 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -256,7 +256,8 @@ static int esp_output(struct xfrm_state
.
Signed-off-by: Alexander Duyck alexander.h.du...@redhat.com
Signed-off-by: Steffen Klassert steffen.klass...@secunet.com
---
net/ipv4/ip_vti.c | 5 +++--
net/ipv6/ip6_vti.c | 4 +++-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index 9f7269f
the assignment into the rcv_cb calls and then
just restore the original mark after xfrm_policy_check has been completed.
Signed-off-by: Alexander Duyck alexander.h.du...@redhat.com
Signed-off-by: Steffen Klassert steffen.klass...@secunet.com
---
net/ipv4/ip_vti.c | 9 +++--
net/ipv6/ip6_vti.c | 9
into the IV.
Signed-off-by: Herbert Xu herb...@gondor.apana.org.au
Signed-off-by: Steffen Klassert steffen.klass...@secunet.com
---
net/xfrm/xfrm_replay.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index dab57da..4fd725a 100644
--- a/net/xfrm
-by: Alexander Duyck alexander.h.du...@redhat.com
Signed-off-by: Steffen Klassert steffen.klass...@secunet.com
---
net/xfrm/xfrm_input.c | 17 -
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 526c4fe..b58286e 100644
--- a/net
On Thu, May 28, 2015 at 12:18:51AM -0700, Alexander Duyck wrote:
On 05/27/2015 10:36 PM, Steffen Klassert wrote:
On Wed, May 27, 2015 at 10:40:32AM -0700, Alexander Duyck wrote:
This change makes it so that we use icmpv6_send to report PMTU issues back
into tunnels in the case
1) Remove xfrm_queue_purge as this is the same as skb_queue_purge.
2) Optimize policy and state walk.
3) Use a sane return code if afinfo registration fails.
4) Only check fori a acquire state if the state is not valid.
5) Remove a unnecessary NULL check before xfrm_pol_hold
as it checks
From: Li RongQing roy.qing...@gmail.com
The task of xfrm_queue_purge is same as skb_queue_purge, so remove it
Signed-off-by: Li RongQing roy.qing...@gmail.com
Signed-off-by: Steffen Klassert steffen.klass...@secunet.com
---
net/xfrm/xfrm_policy.c | 12 ++--
1 file changed, 2 insertions
From: Li RongQing roy.qing...@gmail.com
xfrm_pol_hold will check its input with NULL
Signed-off-by: Li RongQing roy.qing...@gmail.com
Signed-off-by: Steffen Klassert steffen.klass...@secunet.com
---
net/xfrm/xfrm_policy.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git
From: Li RongQing roy.qing...@gmail.com
if hold_queue of old xfrm_policy is NULL, return directly, then not need to
run other codes, especially take the spin lock
Signed-off-by: Li RongQing roy.qing...@gmail.com
Signed-off-by: Steffen Klassert steffen.klass...@secunet.com
---
net/xfrm
From: Li RongQing roy.qing...@gmail.com
If xfrm_*_register_afinfo failed since xfrm_*_afinfo[afinfo-family] had the
value, return the -EEXIST, not -ENOBUFS
Signed-off-by: Li RongQing roy.qing...@gmail.com
Signed-off-by: Steffen Klassert steffen.klass...@secunet.com
---
net/xfrm/xfrm_input.c
From: Li RongQing roy.qing...@gmail.com
Check x-km.state with XFRM_STATE_ACQ only when state is not
XFRM_STAT_VALID, not everytime
Signed-off-by: Li RongQing roy.qing...@gmail.com
Signed-off-by: Steffen Klassert steffen.klass...@secunet.com
---
net/xfrm/xfrm_input.c | 10 +-
1 file
herb...@gondor.apana.org.au
Signed-off-by: Steffen Klassert steffen.klass...@secunet.com
---
net/xfrm/xfrm_policy.c | 4 +++-
net/xfrm/xfrm_state.c | 2 +-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index d8c35ad..847053e 100644
policy with ~0U priority in inexact list too.
Signed-off-by: Li RongQing roy.qing...@gmail.com
Signed-off-by: Steffen Klassert steffen.klass...@secunet.com
---
net/xfrm/xfrm_policy.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm
On Thu, May 28, 2015 at 12:49:19PM +0800, Herbert Xu wrote:
On Wed, May 27, 2015 at 10:40:32AM -0700, Alexander Duyck wrote:
This change makes it so that we use icmpv6_send to report PMTU issues back
into tunnels in the case that the resulting packet is larger than the MTU
of the outgoing
On Wed, May 27, 2015 at 10:40:32AM -0700, Alexander Duyck wrote:
This change makes it so that we use icmpv6_send to report PMTU issues back
into tunnels in the case that the resulting packet is larger than the MTU
of the outgoing interface. Previously xfrm_local_error was being used in
this
On Wed, May 27, 2015 at 11:46:03AM -0400, David Miller wrote:
From: Steffen Klassert steffen.klass...@secunet.com
Date: Wed, 27 May 2015 10:35:16 +0200
We currently check if a socket is attached to a skb and do socket
error notification in this case, otherwise we do PMTU discovery
On Tue, May 26, 2015 at 03:41:10PM -0700, Alexander Duyck wrote:
These patches are meant to try and address the fact the VTI tunnels are
currently overwriting the skb-mark value. I am generally happy with the
first two patches, however the third patch still modifies the skb-mark,
though it
On Thu, May 21, 2015 at 12:38:12AM +0800, Herbert Xu wrote:
As we're now always including the high bits of the sequence number
in the IV generation process we need to ensure that they don't
contain crap.
This patch ensures that the high sequence bits are always zeroed
so that we don't leak
On Wed, Aug 19, 2015 at 11:35:55AM -0700, David Ahern wrote:
I think you should use the new vrf_master_index() helper that acquires rcu
because
it looks possible to call -decode_session() without rcu read lock, e.g. in
the hold_timer
function xfrm_policy_queue_process(), though I haven’t
deletions(-)
Looks good to me,
Acked-by: Nikolay Aleksandrov niko...@cumulusnetworks.com
David, can you please take this directly into net-next?
Acked-by: Steffen Klassert steffen.klass...@secunet.com
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message
-by: Steffen Klassert steffen.klass...@secunet.com
---
Documentation/networking/ip-sysctl.txt | 10 ++
1 file changed, 10 insertions(+)
diff --git a/Documentation/networking/ip-sysctl.txt
b/Documentation/networking/ip-sysctl.txt
index 56db1ef..46e88ed 100644
--- a/Documentation/networking/ip
-off-by: Steffen Klassert steffen.klass...@secunet.com
---
include/net/xfrm.h | 7 +--
net/ipv4/xfrm4_policy.c | 11 ++-
net/ipv6/xfrm6_policy.c | 7 ---
net/xfrm/xfrm_policy.c | 24 ++--
4 files changed, 29 insertions(+), 20 deletions(-)
diff --git
From: Andrzej Hajda a.ha...@samsung.com
The patch was generated using fixed coccinelle semantic patch
scripts/coccinelle/api/memdup.cocci [1].
[1]: http://permalink.gmane.org/gmane.linux.kernel/2014320
Signed-off-by: Andrzej Hajda a.ha...@samsung.com
Signed-off-by: Steffen Klassert
1) Fix IPv6 ECN decapsulation for IPsec interfamily tunnels.
From Thomas Egerer.
2) Use kmemdup instead of duplicating it in xfrm_dump_sa().
From Andrzej Hajda.
3) Pass oif to the xfrm lookups so that it gets set on the flow
and the resolver routines can match based on oif.
From
) to take this value from there.
Signed-off-by: Thomas Egerer thomas.ege...@secunet.com
Signed-off-by: Steffen Klassert steffen.klass...@secunet.com
---
net/ipv6/xfrm6_mode_tunnel.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6
On Tue, Jul 07, 2015 at 10:58:17PM -0700, David Miller wrote:
From: Steffen Klassert steffen.klass...@secunet.com
Date: Wed, 8 Jul 2015 07:04:32 +0200
I'll be off without mail access for the next two and a half weeks.
Can you please take urgent IPsec patches directly into the net
tree
On Mon, Aug 10, 2015 at 04:58:11PM -0600, David Ahern wrote:
Rules can be installed that direct route lookups to specific tables based
on oif. Plumb the oif through the xfrm lookups so it gets set in the flow
struct and passed to the resolver routines.
Signed-off-by: David Ahern
On Fri, Aug 07, 2015 at 09:59:34AM +0200, Andrzej Hajda wrote:
The patch was generated using fixed coccinelle semantic patch
scripts/coccinelle/api/memdup.cocci [1].
[1]: http://permalink.gmane.org/gmane.linux.kernel/2014320
Signed-off-by: Andrzej Hajda a.ha...@samsung.com
Applied to
On Tue, Aug 11, 2015 at 01:51:52PM -0700, David Miller wrote:
From: Alexander Duyck alexander.h.du...@redhat.com
Date: Tue, 11 Aug 2015 13:35:01 -0700
This change adds documentation for xfrm4_gc_thresh and xfrm6_gc_thresh
based on the comments in commit eeb1b73378b56 (xfrm: Increase the
On Wed, Oct 21, 2015 at 11:48:25AM -0400, Sowmini Varadhan wrote:
>
> On sparc, deleting established SAs (e.g., by restarting ipsec)
> results in unaligned access messages via xfrm_del_sa ->
> km_state_notify -> xfrm_send_state_notify().
>
> Even though struct xfrm_usersa_info is aligned on
family
tunnels")
Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
---
net/ipv4/xfrm4_output.c | 2 ++
net/ipv6/xfrm6_output.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 2878dbf..41a2613 100644
--- a/net
flows will break the state.
Signed-off-by: Michael Rossberg <michael.rossb...@tu-ilmenau.de>
Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
---
net/xfrm/xfrm_user.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_us
fragmentation check
Mathias Krause (1):
xfrm6: Fix ICMPv6 and MH header checks in _decode_session6
Michael Rossberg (1):
xfrm: Fix state threshold configuration from userspace
Steffen Klassert (1):
xfrm: Fix pmtu discovery for local generated packets.
net/ipv4/xfrm4_output.c
marci...@gmail.com>
Signed-off-by: Mathias Krause <mathias.kra...@secunet.com>
Cc: PaX Team <pagee...@freemail.hu>
Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
---
net/ipv6/xfrm6_policy.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --g
orward as well
as adding the GSO check.
Fixes: dd767856a36e ("xfrm6: Don't call icmpv6_send on local error")
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
---
net/ipv6/xfrm6_output.c | 17 +
ini Varadhan <sowmini.varad...@oracle.com>
Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
---
net/xfrm/xfrm_user.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index a8de9e3..639e0d5 100644
--- a/net/xf
of the number of cpus.
The xfrm garbage collector threshold can still be set below
the flowcache limit to reduce the memory usage of the flowcache.
Tested-by: Dan Streetman <dan.street...@canonical.com>
Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
---
Documentation/n
lookups, so fix it by a check of the data pointer position
before we call pskb_may_pull.
Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
---
net/ipv4/xfrm4_policy.c | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/net/ipv4/xfrm4_policy.c
Increment the LINUX_MIB_XFRMINSTATEMODEERROR statistic counter
to notify about dropped packets if we fail to fetch a inner mode.
Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
---
net/xfrm/xfrm_input.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git
A call to pskb_may_pull may change the pointers into the packet,
so reload the pointers after the call.
Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
---
net/ipv4/xfrm4_policy.c | 33 ++---
1 file changed, 26 insertions(+), 7 deletions(-)
diff
to stats in copy_to_user_state()
Steffen Klassert (4):
xfrm: Let the flowcache handle its size by default.
xfrm4: Fix header checks in _decode_session4.
xfrm4: Reload skb header pointers after calling pskb_may_pull.
xfrm: Increment statistic counter on inner mode error
On Thu, Oct 29, 2015 at 09:51:16AM -0400, Dan Streetman wrote:
> Remove the dst_entries_init/destroy calls for xfrm4 and xfrm6 dst_ops
> templates; their dst_entries counters will never be used. Move the
> xfrm dst_ops initialization from the common xfrm/xfrm_policy.c to
> xfrm4/xfrm4_policy.c
On Mon, Oct 12, 2015 at 12:49:29PM -0600, David Ahern wrote:
> On 10/9/15 11:27 AM, David Ahern wrote:
> >On 10/9/15 1:17 AM, Steffen Klassert wrote:
> >>>>diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
> >>>>index 30caa289c5db..5
On Mon, Oct 19, 2015 at 08:26:05AM -0700, David Ahern wrote:
> 6e28b000825d ("net: Fix vti use case with oif in dst lookups for IPv6")
> is missing the checks on FLOWI_FLAG_SKIP_NH_OIF. Add them.
>
> Fixes: 42a7b32b73d6 ("xfrm: Add oif to dst lookups")
>
On Mon, Oct 19, 2015 at 05:23:29PM -0400, Sowmini Varadhan wrote:
> On sparc, deleting established SAs (e.g., by restarting ipsec
> at the peer) results in unaligned access messages via
> xfrm_del_sa -> km_state_notify -> xfrm_send_state_notify().
> Use an aligned pointer to xfrm_usersa_info for
Hi David.
On Mon, Oct 12, 2015 at 12:49:29PM -0600, David Ahern wrote:
> On 10/9/15 11:27 AM, David Ahern wrote:
> >
> >The attached patch applied to Linus' tree works for me. Currently the
> >above change is not in his tree, so I added it to this patch. Once you
> >confirm that it works for you
On Fri, Oct 09, 2015 at 03:54:22PM +0900, Hajime Tazaki wrote:
>
> Hello David,
>
> At Mon, 5 Oct 2015 08:32:51 -0600,
> David Ahern wrote:
>
> >
> > diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
> > index 30caa289c5db..5cedfda4b241 100644
> > --- a/net/ipv6/xfrm6_policy.c
>
David,
I'll be off without mail access for the next two and a half weeks.
Can you please take urgent IPsec patches directly into the net
tree during this time?
I'll let you know as soon as I'm back.
Thanks!
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a
en caused by
>
> commit dd767856a36e00b631d65ebc4bb81b19915532d6
> Author: Steffen Klassert <steffen.klass...@secunet.com>
> Date: Tue Oct 11 01:44:30 2011 +
>
> xfrm6: Don't call icmpv6_send on local error
>
> which addded an MTU check without a GSO override.
>
> Fixing it obvi
On Fri, Sep 04, 2015 at 01:21:06PM +0800, Herbert Xu wrote:
> On Mon, Aug 31, 2015 at 03:35:26PM +0800, Herbert Xu wrote:
> >
> > I see where the bug came from. Indeed IPv6 does do fragmentation
> > but only for tunnel mode. While your patch added a check that also
> > affected transport mode.
On Fri, Sep 11, 2015 at 09:57:20AM +0200, Mathias Krause wrote:
> From: Mathias Krause
>
> Ensure there's enough data left prior calling pskb_may_pull(). If
> skb->data was already advanced, we'll call pskb_may_pull() with a
> negative value converted to unsigned int
n <d...@cumulusnetworks.com>
This works, thanks a lot for the quick fix!
> ---
> IPv6 does not show this problem for me. So no change is added for IPv6.
> If your mileage varies let me know and I'll take another look.
IPv6 works just fine as it is, so no change needed.
A
On Mon, Sep 14, 2015 at 11:14:59PM -0400, Dan Streetman wrote:
> On Fri, Sep 11, 2015 at 5:48 AM, Steffen Klassert
> <steffen.klass...@secunet.com> wrote:
> >
> >> Possibly the
> >> default value of xfrm4_gc_thresh could be set proportional to
> >>
Hi Dan.
On Thu, Sep 10, 2015 at 05:01:26PM -0400, Dan Streetman wrote:
> Hi Steffen,
>
> I've been working with Jay on a ipsec issue, which I believe he
> discussed with you.
Yes, we talked about this at the LPC.
> In this case the xfrm4_garbage_collect is
> returning error because the
On Mon, Aug 10, 2015 at 04:58:11PM -0600, David Ahern wrote:
> Rules can be installed that direct route lookups to specific tables based
> on oif. Plumb the oif through the xfrm lookups so it gets set in the flow
> struct and passed to the resolver routines.
>
> Signed-off-by: David Ahern
On Thu, Sep 17, 2015 at 09:23:35PM -0700, David Miller wrote:
> From: Steffen Klassert <steffen.klass...@secunet.com>
> Date: Wed, 16 Sep 2015 10:45:41 +0200
>
> > index 1e06c4f..3dffc73 100644
> > --- a/net/ipv4/xfrm4_policy.c
> > +++ b/net/ipv4/xfrm4_policy
On Tue, Sep 29, 2015 at 04:58:46PM -0600, David Ahern wrote:
> Hi Tom:
>
> On 9/29/15 4:17 PM, Tom Herbert wrote:
> >This patch adds xfrm6_xlat_addr which is called in the data path
> >to perform address translation (primarily for the receive path). Modules
> >may register their own callback to
On Tue, Sep 29, 2015 at 11:25:08AM +0200, Michael Rossberg wrote:
> Allow to change the replay threshold (XFRMA_REPLAY_THRESH) and expiry
> timer (XFRMA_ETIMER_THRESH) of a state without having to set other
> attributes like replay counter and byte lifetime. Changing these other
> values while
On Tue, Sep 29, 2015 at 03:17:22PM -0700, Tom Herbert wrote:
> Call before performing NF_HOOK and routing in order to perform address
> translation in the receive path.
>
> Signed-off-by: Tom Herbert
> ---
> net/ipv6/ip6_input.c | 3 +++
> 1 file changed, 3 insertions(+)
>
On Mon, Sep 21, 2015 at 10:51:11AM -0400, Dan Streetman wrote:
> On Fri, Sep 18, 2015 at 1:00 AM, Dan Streetman <ddstr...@ieee.org> wrote:
> > On Wed, Sep 16, 2015 at 4:45 AM, Steffen Klassert
> > <steffen.klass...@secunet.com> wrote:
> >>
> >
On Mon, Dec 07, 2015 at 08:20:01AM -0800, Eric Dumazet wrote:
> On Mon, 2015-12-07 at 13:00 +0100, Steffen Klassert wrote:
> > Is there any interest in doing an IPsec workshop/BoF at netdev1.1?
> >
> > This mail is to probe if we can gather enough discussion topics to run
&g
On Mon, Dec 07, 2015 at 06:27:48AM -0500, Sowmini Varadhan wrote:
> On (12/07/15 09:40), Steffen Klassert wrote:
> >
> > I've pushed it to
> >
> > https://git.kernel.org/cgit/linux/kernel/git/klassert/linux-stk.git/log/?h=net-next-ipsec-offload
> >
> >
On Wed, Dec 02, 2015 at 07:05:38AM -0500, Sowmini Varadhan wrote:
> On (12/02/15 07:53), Steffen Klassert wrote:
> >
> > I'm currently working on a GRO/GSO codepath for IPsec too. The GRO part
> > works already. I decapsulate/decrypt the packets on layer2 with a esp GRO
On Thu, Dec 03, 2015 at 06:38:20AM -0500, Sowmini Varadhan wrote:
> On (12/03/15 09:45), Steffen Klassert wrote:
> > pcrypt(echainiv(authenc(hmac(sha1-ssse3),cbc-aes-aesni)))
> >
> > Result:
> >
&
1 - 100 of 890 matches
Mail list logo