- 07 12月, 2006 40 次提交
-
-
由 YOSHIFUJI Hideaki 提交于
The commit "[IPV6]: Use kmemdup" (commit-id: af879cc7) broke IPv6 fragments. Bug was spotted by Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>. Signed-off-by: NYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Patrick McHardy 提交于
When the first fw classifier is initialized, there is a small window between the ->init() and ->change() calls, during which the classifier is active but not entirely set up and tp->root is still NULL (->init() does nothing). When a packet is queued during this window a NULL pointer dereference occurs in fw_classify() when trying to dereference head->mask; Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Bart De Schuymer 提交于
The attached patch resolves an issue where a IP DNATed packet with a martian source is forwarded while it's better to drop it. It also resolves messages complaining about ip forwarding being disabled while it's actually enabled. Thanks to lepton <ytht.net@gmail.com> for reporting this problem. This is probably a candidate for the -stable release. Signed-off-by: NBart De Schuymer <bdschuym@pandora.be> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Yasuyuki Kozakai 提交于
The original code continues loop to find expectation in list if the master conntrack of the found expectation is unconfirmed. But it never success in that case, because nf_conntrack_expect_related() never insert clashed expectation to the list. This stops loop in that case. Signed-off-by: NYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Yasuyuki Kozakai 提交于
Signed-off-by: NYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Dmitry Mishin 提交于
In compat mode, matches and targets valid hooks checks always successful due to not initialized e->comefrom field yet. This patch separates this checks from translation code and moves them after mark_source_chains() call, where these marks are initialized. Signed-off-by: NDmitry Mishin <dim@openvz.org> Signed-off-by; Patrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Dmitry Mishin 提交于
Commit 590bdf7f introduced a regression in match/target hook validation. mark_source_chains builds a bitmask for each rule representing the hooks it can be reached from, which is then used by the matches and targets to make sure they are only called from valid hooks. The patch moved the match/target specific validation before the mark_source_chains call, at which point the mask is always zero. This patch returns back to the old order and moves the standard checks to mark_source_chains. This allows to get rid of a special case for standard targets as a nice side-effect. Signed-off-by: NDmitry Mishin <dim@openvz.org> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Herbert Xu 提交于
Rather than stuffing integers into pointers with casts, let's use a union. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
Fixes: crypto/lrw.c:99: warning: conflicting types for built-in function ‘round’ Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Herbert Xu 提交于
As CBC is the default chaining method for cryptoloop, we should select it from cryptoloop to ease the transition. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Rik Snel 提交于
Do modprobe tcrypt mode=10 to check the included test vectors, they are from: http://grouper.ieee.org/groups/1619/email/pdf00017.pdf and from http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html. To make the last test vector fit, I had to increase the buffer size of input and result to 512 bytes. Signed-off-by: NRik Snel <rsnel@cube.dyndns.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Rik Snel 提交于
Main module, this implements the Liskov Rivest Wagner block cipher mode in the new blockcipher API. The implementation is based on ecb.c. The LRW-32-AES specification I used can be found at: http://grouper.ieee.org/groups/1619/email/pdf00017.pdf It implements the optimization specified as optional in the specification, and in addition it uses optimized multiplication routines from gf128mul.c. Since gf128mul.[ch] is not tested on bigendian, this cipher mode may currently fail badly on bigendian machines. Signed-off-by: NRik Snel <rsnel@cube.dyndns.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Rik Snel 提交于
A lot of cypher modes need multiplications in GF(2^128). LRW, ABL, GCM... I use functions from this library in my LRW implementation and I will also use them in my ABL (Arbitrary Block Length, an unencumbered (correct me if I am wrong, wide block cipher mode). Elements of GF(2^128) must be presented as u128 *, it encourages automatic and proper alignment. The library contains support for two different representations of GF(2^128), see the comment in gf128mul.h. There different levels of optimization (memory/speed tradeoff). The code is based on work by Dr Brian Gladman. Notable changes: - deletion of two optimization modes - change from u32 to u64 for faster handling on 64bit machines - support for 'bbe' representation in addition to the, already implemented, 'lle' representation. - move 'inline void' functions from header to 'static void' in the source file - update to use the linux coding style conventions The original can be found at: http://fp.gladman.plus.com/AES/modes.vc8.19-06-06.zip The copyright (and GPL statement) of the original author is preserved. Signed-off-by: NRik Snel <rsnel@cube.dyndns.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Rik Snel 提交于
128bit is a common blocksize in linux kernel cryptography, so it helps to centralize some common operations. The code, while mostly trivial, is based on a header file mode_hdr.h in http://fp.gladman.plus.com/AES/modes.vc8.19-06-06.zip The original copyright (and GPL statement) of the original author, Dr Brian Gladman, is preserved. Signed-off-by: NRik Snel <rsnel@cube.dyndns.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Adrian Bunk 提交于
This patch removes the following no longer used functions: - api.c: crypto_alg_available() - digest.c: crypto_digest_init() - digest.c: crypto_digest_update() - digest.c: crypto_digest_final() - digest.c: crypto_digest_digest() Signed-off-by: NAdrian Bunk <bunk@stusta.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Adrian Bunk 提交于
On Tue, Nov 14, 2006 at 01:41:25AM -0800, Andrew Morton wrote: >... > Changes since 2.6.19-rc5-mm2: >... > git-cryptodev.patch >... > git trees >... This patch makes the needlessly global geode_aes_crypt() static. Signed-off-by: NAdrian Bunk <bunk@stusta.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Adrian Bunk 提交于
On Tue, Nov 14, 2006 at 01:41:25AM -0800, Andrew Morton wrote: >... > Changes since 2.6.19-rc5-mm2: >... > git-cryptodev.patch >... > git trees >... This patch makes some needlessly global code static. Signed-off-by: NAdrian Bunk <bunk@stusta.de> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Kazunori MIYAZAWA 提交于
The glue of xfrm. Signed-off-by: NKazunori MIYAZAWA <miyazawa@linux-ipv6.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Kazunori MIYAZAWA 提交于
est vectors of XCBC with AES-128. Signed-off-by: NKazunori MIYAZAWA <miyazawa@linux-ipv6.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Kazunori MIYAZAWA 提交于
This is core code of XCBC. XCBC is an algorithm that forms a MAC algorithm out of a cipher algorithm. For example, AES-XCBC-MAC is a MAC algorithm based on the AES cipher algorithm. Signed-off-by: NKazunori MIYAZAWA <miyazawa@linux-ipv6.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Herbert Xu 提交于
This patch makes the IV u64-aligned since essiv does a u64 store to it. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Rik Snel 提交于
LRW-32-AES needs a certain IV. This IV should be provided dm-crypt. The block cipher mode could, in principle generate the correct IV from the plain IV, but I think that it is cleaner to supply the right IV directly. The sector -> narrow block calculation uses a shift for performance reasons. This shift is computed in .ctr and stored in cc->iv_gen_private (as a void *). Signed-off-by: NRik Snel <rsnel@cube.dyndns.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Jordan Crouse 提交于
Add a driver to support the AES hardware on the Geode LX processor. Signed-off-by: NJordan Crouse <jordan.crouse@amd.com> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Jamal Hadi Salim 提交于
Same comments as in "[XFRM] Optimize policy dumping" The numbers are (20K SAs):
-
由 Jamal Hadi Salim 提交于
This change optimizes the dumping of Security policies. 1) Before this change .. speedopolis:~# time ./ip xf pol real 0m22.274s user 0m0.000s sys 0m22.269s 2) Turn off sub-policies speedopolis:~# ./ip xf pol real 0m13.496s user 0m0.000s sys 0m13.493s i suppose the above is to be expected 3) With this change .. speedopolis:~# time ./ip x policy real 0m7.901s user 0m0.008s sys 0m7.896s
-
由 Patrick McHardy 提交于
Currently the behaviour of disable_xfrm is inconsistent between locally generated and forwarded packets. For locally generated packets disable_xfrm disables the policy lookup if it is set on the output device, for forwarded traffic however it looks at the input device. This makes it impossible to disable xfrm on all devices but a dummy device and use normal routing to direct traffic to that device. Always use the output device when checking disable_xfrm. Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ben Collins 提交于
O= builds produced errors in the shell command because of unfound headers. Signed-off-by: NBen Collins <bcollins@ubuntu.com> Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jamal Hadi Salim 提交于
This patch moves command capabilities to command flags. Other than being cleaner, saves several bytes. We increment the nlctrl version so as to signal to user space that to not expect the attributes. We will try to be careful not to do this too often ;-> Signed-off-by: NJamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jesper Juhl 提交于
Here's a small patch which - adds a few archs to the current list of supported platforms. - adds a few missing slashes at the end of URLs. - adds a few references to additional documentation. - adds "make config" to the list of possible configuration targets. - makes a few other minor changes. Signed-off-by: NJesper Juhl <jesper.juhl@gmail.com> [ Ben Nizette <ben.nizette@iinet.net.au> points out AVR32 arch too ] Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 Jesper Juhl 提交于
Here's a patch that cleans up the "make help" output a bit for the documentation targets. Currently the documentation targets are listed completely different than all the other targets : Documentation targets: Linux kernel internal documentation in different formats: xmldocs (XML DocBook), psdocs (Postscript), pdfdocs (PDF) htmldocs (HTML), mandocs (man pages, use installmandocs to install) with this patch they are more in line with the rest of the output : Documentation targets: Linux kernel internal documentation in different formats: htmldocs - HTML installmandocs - install man pages generated by mandocs mandocs - man pages pdfdocs - PDF psdocs - Postscript xmldocs - XML DocBook Signed-off-by: NJesper Juhl <jesper.juhl@gmail.com> Acked-by: NRandy Dunlap <randy.dunlap@oracle.com> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
git://ftp.linux-mips.org/pub/scm/upstream-linus由 Linus Torvalds 提交于
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: [MIPS] Import updates from i386's i8259.c [MIPS] *-berr: Header inclusions for DEC bus error handlers [MIPS] Compile __do_IRQ() when really needed [MIPS] genirq: use name instead of typename [MIPS] Do not use handle_level_irq for ioasic_dma_irq_type. [MIPS] pte_offset(dir,addr): parenthesis fix
-
由 Linus Torvalds 提交于
* 'release' of master.kernel.org:/home/ftp/pub/scm/linux/kernel/git/aegl/linux-2.6: [IA64] Fix pci.c kernel compilation breakage.
-
由 Al Viro 提交于
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 Al Viro 提交于
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 Al Viro 提交于
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 Linus Torvalds 提交于
Any code that relies on the volatile would be a bug waiting to happen anyway. Don't encourage people to think that putting 'volatile' on data structures somehow fixes problems. We should always use proper locking (and other serialization) techniques. Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 Art Haas 提交于
This is a resubmission of patches originally created by Ingo Molnar. The link below is the initial (?) posting of the patch. http://marc.theaimsgroup.com/?l=linux-kernel&m=115217423929806&w=2 Remove 'volatile' from spinlock_types as it causes GCC to generate bad code (see link) and locking should be used on kernel data. Signed-off-by: NArt Haas <ahaas@airmail.net> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 Peter Chubb 提交于
The recent change to convert the is_enabled flag in the PCI device to an atomic count broke the IA64 compilation. As pcibios_disable_device is only ever called if the reference count is zero, convert the if to a BUG_ON. Signed-off-by: NPeter Chubb <peterc@gelato.unsw.edu.au> Signed-off-by: NTony Luck <tony.luck@intel.com>
-
由 Atsushi Nemoto 提交于
Import many updates from i386's i8259.c, especially genirq transitions. Signed-off-by: NAtsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Maciej W. Rozycki 提交于
A fixup to add missing header inclusions for bus error handlers for DECstation system after the recent switch to get_irq_regs(). Signed-off-by: NMaciej W. Rozycki <macro@linux-mips.org> Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-