1. 16 2月, 2010 1 次提交
    • J
      xfrm: Flushing empty SAD generates false events · 19f4c713
      jamal 提交于
      To see the effect make sure you have an empty SAD.
      -On window1 "ip xfrm mon"
      -on window2 issue "ip xfrm state flush"
      You get prompt back in window1
      and you see the flush event on window2.
      With this fix, you still get prompt on window1 but no
      event on window2.
      
      I was tempted to return -ESRCH on window1 (which would
      show "RTNETLINK answers: No such process") but didnt want
      to change current behavior.
      
      cheers,
      jamal
      commit 5f3dd4a772326166e1bcf54acc2391df00dc7ab5
      Author: Jamal Hadi Salim <hadi@cyberus.ca>
      Date:   Thu Feb 11 04:41:36 2010 -0500
      
          xfrm: Flushing empty SAD generates false events
      
          To see the effect make sure you have an empty SAD.
          On window1 "ip xfrm mon" and on window2 issue "ip xfrm state flush"
          You get prompt back in window1 and you see the flush event on window2.
          With this fix, you still get prompt on window1 but no event on window2.
      Signed-off-by: NJamal Hadi Salim <hadi@cyberus.ca>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      19f4c713
  2. 24 1月, 2010 1 次提交
  3. 26 11月, 2009 1 次提交
  4. 09 11月, 2009 1 次提交
    • Y
      xfrm: SAD entries do not expire correctly after suspend-resume · 9e0d57fd
      Yury Polyanskiy 提交于
        This fixes the following bug in the current implementation of
      net/xfrm: SAD entries timeouts do not count the time spent by the machine 
      in the suspended state. This leads to the connectivity problems because 
      after resuming local machine thinks that the SAD entry is still valid, while 
      it has already been expired on the remote server.
      
        The cause of this is very simple: the timeouts in the net/xfrm are bound to 
      the old mod_timer() timers. This patch reassigns them to the
      CLOCK_REALTIME hrtimer.
      
        I have been using this version of the patch for a few months on my
      machines without any problems. Also run a few stress tests w/o any
      issues.
      
        This version of the patch uses tasklet_hrtimer by Peter Zijlstra
      (commit 9ba5f0).
      
        This patch is against 2.6.31.4. Please CC me.
      Signed-off-by: NYury Polyanskiy <polyanskiy@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9e0d57fd
  5. 30 6月, 2009 1 次提交
  6. 27 4月, 2009 1 次提交
  7. 27 3月, 2009 1 次提交
  8. 14 3月, 2009 1 次提交
  9. 04 12月, 2008 1 次提交
  10. 26 11月, 2008 23 次提交
  11. 31 10月, 2008 1 次提交
  12. 30 10月, 2008 1 次提交
  13. 29 10月, 2008 1 次提交
  14. 06 10月, 2008 1 次提交
  15. 01 10月, 2008 1 次提交
    • H
      ipsec: Put dumpers on the dump list · 12a169e7
      Herbert Xu 提交于
      Herbert Xu came up with the idea and the original patch to make
      xfrm_state dump list contain also dumpers:
      
      As it is we go to extraordinary lengths to ensure that states
      don't go away while dumpers go to sleep.  It's much easier if
      we just put the dumpers themselves on the list since they can't
      go away while they're going.
      
      I've also changed the order of addition on new states to prevent
      a never-ending dump.
      
      Timo Teräs improved the patch to apply cleanly to latest tree,
      modified iteration code to be more readable by using a common
      struct for entries in the list, implemented the same idea for
      xfrm_policy dumping and moved the af_key specific "last" entry
      caching to af_key.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NTimo Teras <timo.teras@iki.fi>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      12a169e7
  16. 23 9月, 2008 1 次提交
    • H
      ipsec: Fix xfrm_state_walk race · 5c182458
      Herbert Xu 提交于
      As discovered by Timo Teräs, the currently xfrm_state_walk scheme
      is racy because if a second dump finishes before the first, we
      may free xfrm states that the first dump would walk over later.
      
      This patch fixes this by storing the dumps in a list in order
      to calculate the correct completion counter which cures this
      problem.
      
      I've expanded netlink_cb in order to accomodate the extra state
      related to this.  It shouldn't be a big deal since netlink_cb
      is kmalloced for each dump and we're just increasing it by 4 or
      8 bytes.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5c182458
  17. 10 9月, 2008 2 次提交