1. 25 7月, 2008 1 次提交
  2. 20 7月, 2008 1 次提交
  3. 11 7月, 2008 1 次提交
  4. 05 6月, 2008 1 次提交
  5. 22 5月, 2008 1 次提交
  6. 13 5月, 2008 1 次提交
  7. 29 4月, 2008 1 次提交
  8. 28 4月, 2008 3 次提交
  9. 22 4月, 2008 1 次提交
    • H
      [IPSEC]: Fix catch-22 with algorithm IDs above 31 · c5d18e98
      Herbert Xu 提交于
      As it stands it's impossible to use any authentication algorithms
      with an ID above 31 portably.  It just happens to work on x86 but
      fails miserably on ppc64.
      
      The reason is that we're using a bit mask to check the algorithm
      ID but the mask is only 32 bits wide.
      
      After looking at how this is used in the field, I have concluded
      that in the long term we should phase out state matching by IDs
      because this is made superfluous by the reqid feature.  For current
      applications, the best solution IMHO is to allow all algorithms when
      the bit masks are all ~0.
      
      The following patch does exactly that.
      
      This bug was identified by IBM when testing on the ppc64 platform
      using the NULL authentication algorithm which has an ID of 251.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c5d18e98
  10. 15 4月, 2008 1 次提交
    • D
      [XFRM]: Compilation warnings in xfrm_user.c. · 2c8dd116
      Denis V. Lunev 提交于
      When CONFIG_SECURITY_NETWORK_XFRM is undefined the following warnings appears:
      net/xfrm/xfrm_user.c: In function 'xfrm_add_pol_expire':
      net/xfrm/xfrm_user.c:1576: warning: 'ctx' may be used uninitialized in this function
      net/xfrm/xfrm_user.c: In function 'xfrm_get_policy':
      net/xfrm/xfrm_user.c:1340: warning: 'ctx' may be used uninitialized in this function
      (security_xfrm_policy_alloc is noop for the case).
      
      It seems that they are result of the commit
      03e1ad7b ("LSM: Make the Labeled IPsec
      hooks more stack friendly")
      Signed-off-by: NDenis V. Lunev <den@openvz.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2c8dd116
  11. 13 4月, 2008 1 次提交
  12. 10 4月, 2008 1 次提交
  13. 26 3月, 2008 1 次提交
  14. 25 3月, 2008 2 次提交
  15. 29 2月, 2008 1 次提交
    • T
      [XFRM]: Speed up xfrm_policy and xfrm_state walking · 4c563f76
      Timo Teras 提交于
      Change xfrm_policy and xfrm_state walking algorithm from O(n^2) to O(n).
      This is achieved adding the entries to one more list which is used
      solely for walking the entries.
      
      This also fixes some races where the dump can have duplicate or missing
      entries when the SPD/SADB is modified during an ongoing dump.
      
      Dumping SADB with 20000 entries using "time ip xfrm state" the sys
      time dropped from 1.012s to 0.080s.
      Signed-off-by: NTimo Teras <timo.teras@iki.fi>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4c563f76
  16. 18 2月, 2008 1 次提交
  17. 15 2月, 2008 2 次提交
  18. 13 2月, 2008 1 次提交
  19. 08 2月, 2008 1 次提交
  20. 02 2月, 2008 1 次提交
  21. 01 2月, 2008 5 次提交
  22. 29 1月, 2008 11 次提交