1. 11 10月, 2007 1 次提交
  2. 31 7月, 2007 1 次提交
  3. 11 7月, 2007 1 次提交
  4. 25 5月, 2007 1 次提交
    • D
      [XFRM]: Allow packet drops during larval state resolution. · 14e50e57
      David S. Miller 提交于
      The current IPSEC rule resolution behavior we have does not work for a
      lot of people, even though technically it's an improvement from the
      -EAGAIN buisness we had before.
      
      Right now we'll block until the key manager resolves the route.  That
      works for simple cases, but many folks would rather packets get
      silently dropped until the key manager resolves the IPSEC rules.
      
      We can't tell these folks to "set the socket non-blocking" because
      they don't have control over the non-block setting of things like the
      sockets used to resolve DNS deep inside of the resolver libraries in
      libc.
      
      With that in mind I coded up the patch below with some help from
      Herbert Xu which provides packet-drop behavior during larval state
      resolution, controllable via sysctl and off by default.
      
      This lays the framework to either:
      
      1) Make this default at some point or...
      
      2) Move this logic into xfrm{4,6}_policy.c and implement the
         ARP-like resolution queue we've all been dreaming of.
         The idea would be to queue packets to the policy, then
         once the larval state is resolved by the key manager we
         re-resolve the route and push the packets out.  The
         packets would timeout if the rule didn't get resolved
         in a certain amount of time.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      14e50e57
  5. 04 5月, 2007 1 次提交
    • E
      [IPV6]: Some cleanups in include/net/ipv6.h · db3459d1
      Eric Dumazet 提交于
      1) struct ip6_flowlabel : moves 'users' field to avoid two 32bits
         holes for 64bit arches. Shrinks by 8 bytes sizeof(struct
         ip6_flowlabel)
      
      2) ipv6_addr_cmp() and ipv6_addr_copy() dont need (void *) casts :
         Compiler might take into account natural alignement of in6_addr
         structs to emit better code for memcpy()/memcmp() Casts to (void *)
         force byte accesses.
      
      3) ipv6_addr_prefix() optimization :
      
      Better to clear whole struct, as compiler can emit better code for
      memset(addr, 0, 16) (2 stores on x86_64), and avoid some conditional
      branches.
      
      # size vmlinux.after vmlinux.before
         text    data     bss     dec     hex filename
      5262262  647612  557432 6467306  62aeea vmlinux.after
      5262550  647612  557432 6467594  62b00a vmlinux.before
      
      thats 288 bytes saved.
      Signed-off-by: NEric Dumazet <dada1@cosmosbay.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      db3459d1
  6. 03 5月, 2007 1 次提交
  7. 26 4月, 2007 4 次提交
  8. 03 12月, 2006 6 次提交
  9. 29 9月, 2006 1 次提交
  10. 23 9月, 2006 3 次提交
  11. 03 8月, 2006 1 次提交
    • H
      [IPV6]: Audit all ip6_dst_lookup/ip6_dst_store calls · 497c615a
      Herbert Xu 提交于
      The current users of ip6_dst_lookup can be divided into two classes:
      
      1) The caller holds no locks and is in user-context (UDP).
      2) The caller does not want to lookup the dst cache at all.
      
      The second class covers everyone except UDP because most people do
      the cache lookup directly before calling ip6_dst_lookup.  This patch
      adds ip6_sk_dst_lookup for the first class.
      
      Similarly ip6_dst_store users can be divded into those that need to
      take the socket dst lock and those that don't.  This patch adds
      __ip6_dst_store for those (everyone except UDP/datagram) that don't
      need an extra lock.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      497c615a
  12. 26 4月, 2006 1 次提交
  13. 19 4月, 2006 1 次提交
  14. 21 3月, 2006 2 次提交
  15. 08 1月, 2006 1 次提交
  16. 04 1月, 2006 4 次提交
  17. 20 11月, 2005 1 次提交
  18. 09 11月, 2005 2 次提交
  19. 08 9月, 2005 2 次提交
  20. 30 8月, 2005 3 次提交
  21. 29 6月, 2005 1 次提交
  22. 25 4月, 2005 1 次提交
    • H
      [SELINUX]: Fix ipv6_skip_exthdr() invocation causing OOPS. · 0d3d077c
      Herbert Xu 提交于
      The SELinux hooks invoke ipv6_skip_exthdr() with an incorrect
      length final argument.  However, the length argument turns out
      to be superfluous.
      
      I was just reading ipv6_skip_exthdr and it occured to me that we can
      get rid of len altogether.  The only place where len is used is to
      check whether the skb has two bytes for ipv6_opt_hdr.  This check
      is done by skb_header_pointer/skb_copy_bits anyway.
      
      Now it might appear that we've made the code slower by deferring
      the check to skb_copy_bits.  However, this check should not trigger
      in the common case so this is OK.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0d3d077c