| d26f398400311982d2433debae85746c348b7d58 |
|
14-Nov-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Make x->lastused an unsigned long
Currently x->lastused is u64 which means that it cannot be
read/written atomically on all architectures. David Miller observed
that the value stored in it is only an unsigned long which is always
atomic.
So based on his suggestion this patch changes the internal
representation from u64 to unsigned long while the user-interface
still refers to it as u64.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| a2deb6d26f16ed7bf787dbd6a58c5d7be47d8db3 |
|
14-Nov-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Move x->outer_mode->output out of locked section
RO mode is the only one that requires a locked output function. So
it's easier to move the lock into that function rather than requiring
everyone else to run under the lock.
In particular, this allows us to move the size check into the output
function without causing a potential dead-lock should the ICMP error
somehow hit the same SA on transmission.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| ca68145f16359f71cd62b2671aa3e8c58f45ef19 |
|
18-Oct-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Disallow combinations of RO and AH/ESP/IPCOMP
Combining RO and AH/ESP/IPCOMP does not make sense. So this patch adds a
check in the state initialisation function to prevent this.
This allows us to safely remove the mode input function of RO since it
can never be called anymore. Indeed, if somehow it does get called we'll
know about it through an OOPS instead of it slipping past silently.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 37fedd3aab6517daec628764c5d66dd8761fbe5f |
|
11-Oct-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Use IPv6 calling convention as the convention for x->mode->output
The IPv6 calling convention for x->mode->output is more general and could
help an eventual protocol-generic x->type->output implementation. This
patch adopts it for IPv4 as well and modifies the IPv4 type output functions
accordingly.
It also rewrites the IPv6 mac/transport header calculation to be based off
the network header where practical.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 7b277b1a5fb147cb828e5d8b9780cee60f31a9bf |
|
11-Oct-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Set skb->data to payload in x->mode->output
This patch changes the calling convention so that on entry from
x->mode->output and before entry into x->type->output skb->data
will point to the payload instead of the IP header.
This is essentially a redistribution of skb_push/skb_pull calls
with the aim of minimising them on the common path of tunnel +
ESP.
It'll also let us use the same calling convention between IPv4
and IPv6 with the next patch.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 007f0211a8872f32381f5d44becf8eb2f27f3c30 |
|
09-Oct-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Store IPv6 nh pointer in mac_header on output
Current the x->mode->output functions store the IPv6 nh pointer in the
skb network header. This is inconvenient because the network header then
has to be fixed up before the packet can leave the IPsec stack. The mac
header field is unused on output so we can use that to store this instead.
This patch does that and removes the network header fix-up in xfrm_output.
It also uses ipv6_hdr where appropriate in the x->type->output functions.
There is also a minor clean-up in esp4 to make it use the same code as
esp6 to help any subsequent effort to merge the two.
Lastly it kills two redundant skb_set_* statements in BEET that were
simply copied over from transport mode.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 45b17f48eaf5e5ff4202454985557b3240141caa |
|
09-Oct-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Move RO-specific output code into xfrm6_mode_ro.c
The lastused update check in xfrm_output can be done just as well in
the mode output function which is specific to RO.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| ddc7b8e32b22fe8b45d306b7d99472d4b560add6 |
|
16-Mar-2007 |
Arnaldo Carvalho de Melo <acme@redhat.com> |
[SK_BUFF]: Some more layer header conversions
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 967b05f64e27d04a4c8879addd0e1c52137e2c9e |
|
13-Mar-2007 |
Arnaldo Carvalho de Melo <acme@redhat.com> |
[SK_BUFF]: Introduce skb_set_transport_header
For the cases where the transport header is being set to a offset from
skb->data.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 0660e03f6b18f19b6bbafe7583265a51b90daf36 |
|
26-Apr-2007 |
Arnaldo Carvalho de Melo <acme@redhat.com> |
[SK_BUFF]: Introduce ipv6_hdr(), remove skb->nh.ipv6h
Now the skb->nh union has just one member, .raw, i.e. it is just like the
skb->mac union, strange, no? I'm just leaving it like that till the transport
layer is done with, when we'll rename skb->mac.raw to skb->mac_header (or
->mac_header_offset?), ditto for ->{h,nh}.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| eb878e84575fbce21d2edb079eada78bfa27023d |
|
01-Sep-2006 |
Jamal Hadi Salim <hadi@cyberus.ca> |
[IPSEC]: output mode to take an xfrm state as input param
Expose IPSEC modes output path to take an xfrm state as input param.
This makes it consistent with the input mode processing (which already
takes the xfrm state as a param).
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 1d71627d699eca831c1fbfb66ea67bb1fba41415 |
|
24-Aug-2006 |
Masahide NAKAMURA <nakam@linux-ipv6.org> |
[XFRM] STATE: Introduce route optimization mode.
Route optimization is used with routing header and destination options
header for Mobile IPv6.
At outbound it makes header space like IPsec transport. At inbound it
does nothing because exhdrs.c functions have responsibility to update
skbuff information for these headers.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|