1. 19 10月, 2009 1 次提交
  2. 15 9月, 2009 1 次提交
  3. 26 11月, 2008 2 次提交
  4. 25 11月, 2008 1 次提交
  5. 03 11月, 2008 1 次提交
  6. 13 2月, 2008 1 次提交
  7. 01 2月, 2008 1 次提交
  8. 29 1月, 2008 4 次提交
  9. 02 11月, 2007 1 次提交
  10. 11 10月, 2007 8 次提交
  11. 27 8月, 2007 1 次提交
    • N
      [IPSEC] AH4: Update IPv4 options handling to conform to RFC 4302. · 96fe1c02
      Nick Bowler 提交于
      In testing our ESP/AH offload hardware, I discovered an issue with how
      AH handles mutable fields in IPv4.  RFC 4302 (AH) states the following
      on the subject:
      
              For IPv4, the entire option is viewed as a unit; so even
              though the type and length fields within most options are immutable
              in transit, if an option is classified as mutable, the entire option
              is zeroed for ICV computation purposes.
      
      The current implementation does not zero the type and length fields,
      resulting in authentication failures when communicating with hosts
      that do (i.e. FreeBSD).
      
      I have tested record route and timestamp options (ping -R and ping -T)
      on a small network involving Windows XP, FreeBSD 6.2, and Linux hosts,
      with one router.  In the presence of these options, the FreeBSD and
      Linux hosts (with the patch or with the hardware) can communicate.
      The Windows XP host simply fails to accept these packets with or
      without the patch.
      
      I have also been trying to test source routing options (using
      traceroute -g), but haven't had much luck getting this option to work
      *without* AH, let alone with.
      Signed-off-by: NNick Bowler <nbowler@ellipticsemi.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      96fe1c02
  12. 11 7月, 2007 1 次提交
  13. 26 4月, 2007 5 次提交
  14. 11 2月, 2007 1 次提交
  15. 03 12月, 2006 1 次提交
  16. 23 9月, 2006 2 次提交
  17. 21 9月, 2006 1 次提交
  18. 22 7月, 2006 1 次提交
  19. 01 7月, 2006 1 次提交
  20. 18 6月, 2006 1 次提交
    • H
      [IPSEC] proto: Move transport mode input path into xfrm_mode_transport · 31a4ab93
      Herbert Xu 提交于
      Now that we have xfrm_mode objects we can move the transport mode specific
      input decapsulation code into xfrm_mode_transport.  This removes duplicate
      code as well as unnecessary header movement in case of tunnel mode SAs
      since we will discard the original IP header immediately.
      
      This also fixes a minor bug for transport-mode ESP where the IP payload
      length is set to the correct value minus the header length (with extension
      headers for IPv6).
      
      Of course the other neat thing is that we no longer have to allocate
      temporary buffers to hold the IP headers for ESP and IPComp.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      31a4ab93
  21. 01 4月, 2006 1 次提交
    • H
      [IPSEC]: Kill unused decap state argument · e695633e
      Herbert Xu 提交于
      This patch removes the decap_state argument from the xfrm input hook.
      Previously this function allowed the input hook to share state with
      the post_input hook.  The latter has since been removed.
      
      The only purpose for it now is to check the encap type.  However, it
      is easier and better to move the encap type check to the generic
      xfrm_rcv function.  This allows us to get rid of the decap state
      argument altogether.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e695633e
  22. 21 3月, 2006 1 次提交
  23. 04 1月, 2006 1 次提交
  24. 02 9月, 2005 1 次提交
    • J
      [CRYPTO]: crypto_free_tfm() callers no longer need to check for NULL · 573dbd95
      Jesper Juhl 提交于
      Since the patch to add a NULL short-circuit to crypto_free_tfm() went in,
      there's no longer any need for callers of that function to check for NULL.
      This patch removes the redundant NULL checks and also a few similar checks
      for NULL before calls to kfree() that I ran into while doing the
      crypto_free_tfm bits.
      
      I've succesfuly compile tested this patch, and a kernel with the patch 
      applied boots and runs just fine.
      
      When I posted the patch to LKML (and other lists/people on Cc) it drew the
      following comments :
      
       J. Bruce Fields commented
        "I've no problem with the auth_gss or nfsv4 bits.--b."
      
       Sridhar Samudrala said
        "sctp change looks fine."
      
       Herbert Xu signed off on the patch.
      
      So, I guess this is ready to be dropped into -mm and eventually mainline.
      Signed-off-by: NJesper Juhl <jesper.juhl@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      573dbd95