summaryrefslogtreecommitdiffstats
path: root/net/xfrm
Commit message (Collapse)AuthorAgeFilesLines
...
* xfrm: Const'ify selector args in xfrm_migrate paths.David S. Miller2011-02-231-4/+4
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Const'ify address args to hash helpers.David S. Miller2011-02-232-15/+26
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Const'ify pointer args to km_migrate() and implementations.David S. Miller2011-02-232-15/+15
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Const'ify pointer args to migrate_tmpl_match and xfrm_migrate_checkDavid S. Miller2011-02-231-2/+2
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Const'ify address arguments to __xfrm_dst_lookup()David S. Miller2011-02-231-2/+2
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Const'ify selector argument to xfrm_selector_match()David S. Miller2011-02-231-3/+3
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Pass km_event pointers around as const when possible.David S. Miller2011-02-232-14/+14
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Make flow cache paths use a const struct flowi.David S. Miller2011-02-221-5/+8
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Mark flowi arg to xfrm_resolve_and_create_bundle() const.David S. Miller2011-02-221-1/+1
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Mark flowi arg to xfrm_dst_{alloc_copy,update_origin}() const.David S. Miller2011-02-221-2/+2
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Mark flowi arg to xfrm_bundle_create() const.David S. Miller2011-02-221-1/+1
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Mark flowi arg to xfrm_tmpl_resolve{,_one}() const.David S. Miller2011-02-221-6/+4
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Mark flowi arg to xfrm_expand_policies() const.David S. Miller2011-02-221-2/+2
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Mark flowi arg to xfrm_policy_{lookup_by_type,match}() const.David S. Miller2011-02-221-2/+2
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Kill strict arg to xfrm_bundle_ok().David S. Miller2011-02-221-8/+3
| | | | | | Always set to "0". Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Mark flowi arg to xfrm_state_find() const.David S. Miller2011-02-221-1/+1
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Mark flowi arg to xfrm_init_tempstate() const.David S. Miller2011-02-221-1/+1
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Mark flowi arg to xfrm_state_look_at() const.David S. Miller2011-02-221-1/+1
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Mark flowi arg to xfrm_selector_match() const.David S. Miller2011-02-221-4/+4
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Mark flowi arg to xfrm_type->reject() const.David S. Miller2011-02-221-1/+1
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Mark flowi arg to ->fill_dst() const.David S. Miller2011-02-221-1/+1
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Mark flowi arg to ->get_tos() const.David S. Miller2011-02-221-1/+1
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'master' of ↵David S. Miller2011-02-191-2/+5
|\ | | | | | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Conflicts: Documentation/feature-removal-schedule.txt drivers/net/e1000e/netdev.c net/xfrm/xfrm_policy.c
| * xfrm: avoid possible oopse in xfrm_alloc_dstHiroaki SHIMODA2011-02-101-2/+5
| | | | | | | | | | | | | | | | Commit 80c802f3073e84 (xfrm: cache bundles instead of policies for outgoing flows) introduced possible oopse when dst_alloc returns NULL. Signed-off-by: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | net: Add initial_ref arg to dst_alloc().David S. Miller2011-02-171-1/+1
|/ | | | | | | | | | This allows avoiding multiple writes to the initial __refcnt. The most simplest cases of wanting an initial reference of "1" in ipv4 and ipv6 have been converted, the rest have been left along and kept at the existing "0". Signed-off-by: David S. Miller <davem@davemloft.net>
* Revert "netlink: test for all flags of the NLM_F_DUMP composite"David S. Miller2011-01-191-1/+1
| | | | | | | | This reverts commit 0ab03c2b1478f2438d2c80204f7fef65b1bca9cf. It breaks several things including the avahi daemon. Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: check trunc_len in XFRMA_ALG_AUTH_TRUNCNicolas Dichtel2011-01-111-1/+3
| | | | | | | | | Maximum trunc length is defined by MAX_AH_AUTH_LEN (in bytes) and need to be checked when this value is set (in bits) by the user. In ah4.c and ah6.c a BUG_ON() checks this condiftion. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* netlink: test for all flags of the NLM_F_DUMP compositeJan Engelhardt2011-01-091-1/+1
| | | | | | | | | | | | | Due to NLM_F_DUMP is composed of two bits, NLM_F_ROOT | NLM_F_MATCH, when doing "if (x & NLM_F_DUMP)", it tests for _either_ of the bits being set. Because NLM_F_MATCH's value overlaps with NLM_F_EXCL, non-dump requests with NLM_F_EXCL set are mistaken as dump requests. Substitute the condition to test for _all_ bits being set. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'master' of ↵David S. Miller2010-12-171-1/+1
|\ | | | | | | | | | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Conflicts: drivers/net/bnx2x/bnx2x.h drivers/net/wireless/iwlwifi/iwl-1000.c drivers/net/wireless/iwlwifi/iwl-6000.c drivers/net/wireless/iwlwifi/iwl-core.h drivers/vhost/vhost.c
| * xfrm: Fix xfrm_state_migrate leakThomas Egerer2010-12-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | xfrm_state_migrate calls kfree instead of xfrm_state_put to free a failed state. According to git commit 553f9118 this can cause memory leaks. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | net: Abstract default MTU metric calculation behind an accessor.David S. Miller2010-12-141-0/+7
| | | | | | | | | | | | | | | | | | | | | | Like RTAX_ADVMSS, make the default calculation go through a dst_ops method rather than caching the computation in the routing cache entries. Now dst metrics are pretty much left as-is when new entries are created, thus optimizing metric sharing becomes a real possibility. Signed-off-by: David S. Miller <davem@davemloft.net>
* | net: Abstract default ADVMSS behind an accessor.David S. Miller2010-12-131-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make all RTAX_ADVMSS metric accesses go through a new helper function, dst_metric_advmss(). Leave the actual default metric as "zero" in the real metric slot, and compute the actual default value dynamically via a new dst_ops AF specific callback. For stacked IPSEC routes, we use the advmss of the path which preserves existing behavior. Unlike ipv4/ipv6, DecNET ties the advmss to the mtu and thus updates advmss on pmtu updates. This inconsistency in advmss handling results in more raw metric accesses than I wish we ended up with. Signed-off-by: David S. Miller <davem@davemloft.net>
* | xfrm: Add Traffic Flow Confidentiality padding XFRM attributeMartin Willi2010-12-101-2/+17
| | | | | | | | | | | | | | | | | | | | The XFRMA_TFCPAD attribute for XFRM state installation configures Traffic Flow Confidentiality by padding ESP packets to a specified length. Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | net: Abstract away all dst_entry metrics accesses.David S. Miller2010-12-091-3/+3
|/ | | | | | | | | | | | | | | | | | | | Use helper functions to hide all direct accesses, especially writes, to dst_entry metrics values. This will allow us to: 1) More easily change how the metrics are stored. 2) Implement COW for metrics. In particular this will help us put metrics into the inetpeer cache if that is what we end up doing. We can make the _metrics member a pointer instead of an array, initially have it point at the read-only metrics in the FIB, and then on the first set grab an inetpeer entry and point the _metrics member there. Signed-off-by: David S. Miller <davem@davemloft.net> Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
* net: allow GFP_HIGHMEM in __vmalloc()Eric Dumazet2010-11-211-1/+1
| | | | | | | | | | | | We forgot to use __GFP_HIGHMEM in several __vmalloc() calls. In ceph, add the missing flag. In fib_trie.c, xfrm_hash.c and request_sock.c, using vzalloc() is cleaner and allows using HIGHMEM pages as well. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: make xfrm_bundle_ok localstephen hemminger2010-10-211-3/+4
| | | | | | | Only used in one place. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Allow different selector family in temporary stateThomas Egerer2010-09-202-21/+29
| | | | | | | | | | | | | | | | | | The family parameter xfrm_state_find is used to find a state matching a certain policy. This value is set to the template's family (encap_family) right before xfrm_state_find is called. The family parameter is however also used to construct a temporary state in xfrm_state_find itself which is wrong for inter-family scenarios because it produces a selector for the wrong family. Since this selector is included in the xfrm_user_acquire structure, user space programs misinterpret IPv6 addresses as IPv4 and vice versa. This patch splits up the original init_tempsel function into a part that initializes the selector respectively the props and id of the temporary state, to allow for differing ip address families whithin the state. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: dont assume rcu_read_lock in xfrm_output_one()Eric Dumazet2010-09-161-1/+1
| | | | | | | | | ip_local_out() is called with rcu_read_lock() held from ip_queue_xmit() but not from other call sites. Reported-and-bisected-by: Nick Bowler <nbowler@elliptictech.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm_user: avoid a warning with some compilerNicolas Dichtel2010-09-011-1/+1
| | | | | | | | Attached is a small patch to remove a warning ("warning: ISO C90 forbids mixed declarations and code" with gcc 4.3.2). Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Use GFP_ATOMIC in xfrm_compile_policyHerbert Xu2010-08-141-1/+1
| | | | | | | | | As xfrm_compile_policy runs within a read_lock, we cannot use GFP_KERNEL for memory allocations. Reported-by: Luca Tettamanti <kronos.it@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'master' of ↵David S. Miller2010-07-201-2/+13
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Conflicts: drivers/vhost/net.c net/bridge/br_device.c Fix merge conflict in drivers/vhost/net.c with guidance from Stephen Rothwell. Revert the effects of net-2.6 commit 573201f36fd9c7c6d5218cdcd9948cee700b277d since net-next-2.6 has fixes that make bridge netpoll work properly thus we don't need it disabled. Signed-off-by: David S. Miller <davem@davemloft.net>
| * xfrm: do not assume that template resolving always returns xfrmsTimo Teräs2010-07-141-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | xfrm_resolve_and_create_bundle() assumed that, if policies indicated presence of xfrms, bundle template resolution would always return some xfrms. This is not true for 'use' level policies which can result in no xfrm's being applied if there is no suitable xfrm states. This fixes a crash by this incorrect assumption. Reported-by: George Spelvin <linux@horizon.com> Bisected-by: George Spelvin <linux@horizon.com> Tested-by: George Spelvin <linux@horizon.com> Signed-off-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* | Merge branch 'master' of ↵David S. Miller2010-07-071-1/+2
|\ \ | |/ | | | | master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
| * xfrm: check bundle policy existance before dereferencing itTimo Teräs2010-06-241-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Fix the bundle validation code to not assume having a valid policy. When we have multiple transformations for a xfrm policy, the bundle instance will be a chain of bundles with only the first one having the policy reference. When policy_genid is bumped it will expire the first bundle in the chain which is equivalent of expiring the whole chain. Reported-bisected-and-tested-by: Justin P. Mattock <justinmattock@gmail.com> Signed-off-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* | snmp: add align parameter to snmp_mib_init()Eric Dumazet2010-06-251-1/+2
|/ | | | | | | | | | | | | | | | In preparation for 64bit snmp counters for some mibs, add an 'align' parameter to snmp_mib_init(), instead of assuming mibs only contain 'unsigned long' fields. Callers can use __alignof__(type) to provide correct alignment. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Herbert Xu <herbert@gondor.apana.org.au> CC: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> CC: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org> CC: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: check for refcount if pop a stacked dst_entrySteffen Klassert2010-06-041-2/+2
| | | | | | | | | | | | | xfrm triggers a warning if dst_pop() drops a refcount on a noref dst. This patch changes dst_pop() to skb_dst_pop(). skb_dst_pop() drops the refcnt only on a refcounted dst. Also we don't clone the child dst_entry, so it is not refcounted and we can use skb_dst_set_noref() in xfrm_output_one(). Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: force a dst reference in __xfrm_route_forward()Eric Dumazet2010-06-021-0/+1
| | | | | | | | | | | | | Packets going through __xfrm_route_forward() have a not refcounted dst entry, since we enabled a noref forwarding path. xfrm_lookup() might incorrectly release this dst entry. It's a bit late to make invasive changes in xfrm_lookup(), so lets force a refcount in this path. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Remove unnecessary returns from void function()sJoe Perches2010-05-171-1/+0
| | | | | | | | | | | | | | | | This patch removes from net/ (but not any netfilter files) all the unnecessary return; statements that precede the last closing brace of void functions. It does not remove the returns that are immediately preceded by a label as gcc doesn't like that. Done via: $ grep -rP --include=*.[ch] -l "return;\n}" net/ | \ xargs perl -i -e 'local $/ ; while (<>) { s/\n[ \t\n]+return;\n}/\n}/g; print; }' Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: add severity to printkstephen hemminger2010-05-171-5/+7
| | | | | | | | Serious oh sh*t messages converted to WARN(). Add KERN_NOTICE severity to the unknown policy type messages. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Remove unnecessary semicolons after switch statementsJoe Perches2010-05-171-3/+3
| | | | | | | | Also added an explicit break; to avoid a fallthrough in net/ipv4/tcp_input.c Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
OpenPOWER on IntegriCloud