1. 25 3月, 2008 1 次提交
  2. 15 2月, 2008 1 次提交
  3. 01 2月, 2008 1 次提交
    • H
      [IPSEC]: Add support for combined mode algorithms · 1a6509d9
      Herbert Xu 提交于
      This patch adds support for combined mode algorithms with GCM being
      the first algorithm supported.
      
      Combined mode algorithms can be added through the xfrm_user interface
      using the new algorithm payload type XFRMA_ALG_AEAD.  Each algorithms
      is identified by its name and the ICV length.
      
      For the purposes of matching algorithms in xfrm_tmpl structures,
      combined mode algorithms occupy the same name space as encryption
      algorithms.  This is in line with how they are negotiated using IKE.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1a6509d9
  4. 29 1月, 2008 3 次提交
  5. 09 1月, 2008 1 次提交
  6. 26 11月, 2007 1 次提交
    • H
      [IPSEC]: Temporarily remove locks around copying of non-atomic fields · 8053fc3d
      Herbert Xu 提交于
      The change 050f009e
      
      	[IPSEC]: Lock state when copying non-atomic fields to user-space
      
      caused a regression.
      
      Ingo Molnar reports that it causes a potential dead-lock found by the
      lock validator as it tries to take x->lock within xfrm_state_lock while
      numerous other sites take the locks in opposite order.
      
      For 2.6.24, the best fix is to simply remove the added locks as that puts
      us back in the same state as we've been in for years.  For later kernels
      a proper fix would be to reverse the locking order for every xfrm state
      user such that if x->lock is taken together with xfrm_state_lock then
      it is to be taken within it.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      8053fc3d
  7. 11 10月, 2007 22 次提交
  8. 31 7月, 2007 1 次提交
  9. 08 6月, 2007 1 次提交
    • J
      xfrm: Add security check before flushing SAD/SPD · 4aa2e62c
      Joy Latten 提交于
      Currently we check for permission before deleting entries from SAD and
      SPD, (see security_xfrm_policy_delete() security_xfrm_state_delete())
      However we are not checking for authorization when flushing the SPD and
      the SAD completely. It was perhaps missed in the original security hooks
      patch.
      
      This patch adds a security check when flushing entries from the SAD and
      SPD.  It runs the entire database and checks each entry for a denial.
      If the process attempting the flush is unable to remove all of the
      entries a denial is logged the the flush function returns an error
      without removing anything.
      
      This is particularly useful when a process may need to create or delete
      its own xfrm entries used for things like labeled networking but that
      same process should not be able to delete other entries or flush the
      entire database.
      
      Signed-off-by: Joy Latten<latten@austin.ibm.com>
      Signed-off-by: NEric Paris <eparis@parisplace.org>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      4aa2e62c
  10. 05 5月, 2007 2 次提交
  11. 29 4月, 2007 1 次提交
  12. 27 4月, 2007 1 次提交
  13. 26 4月, 2007 4 次提交