Add ip_link_set_addr(), ip_link_set_up(), ip_addr_add() and ip_route_add()
to the suite of helpers that automatically schedule a corresponding
cleanup.
When setting a new MAC, one needs to remember the old address first. Move
mac_get() from forwarding/ to that end.
Signed-off-by: Petr Machata
Re
Run VXLAN packets through a gateway. Flip individual bits of the packet
and/or reserved bits of the gateway, and check that the gateway treats the
packets as expected.
Signed-off-by: Petr Machata
Reviewed-by: Ido Schimmel
---
Notes:
CC: Shuah Khan
CC: Benjamin Poirier
CC: Hangbin Liu
CC: Vla
Let's have a verb in that function name to make it clearer what's going on.
Signed-off-by: Petr Machata
Reviewed-by: Ido Schimmel
---
Notes:
CC: Shuah Khan
CC: Benjamin Poirier
CC: Hangbin Liu
CC: Vladimir Oltean
CC: linux-kselftest@vger.kernel.org
tools/testing/selftests/net/fdb_notify.s
Hey Jakub,
2024-11-18, 19:41:58 -0800, Jakub Kicinski wrote:
> On Thu, 14 Nov 2024 16:50:47 +0100 Sabrina Dubroca wrote:
> > This adds support for receiving KeyUpdate messages (RFC 8446, 4.6.3
> > [1]). A sender transmits a KeyUpdate message and then changes its TX
> > key. The receiver should rea
> Better still use NLA_POLICY_MASK() so that nla_parse_nested() can
> perform the validation and attach a machine readable info about
> the failure.
This is definitely cleaner for the new WGALLOWEDIP_A_FLAGS parameter.
Thanks for the suggestion.
Applying this to WGPEER_A_FLAGS would simplify the
On Tue, 3 Dec 2024 15:30:37 +0100 Petr Machata wrote:
> .../net/forwarding/vxlan_reserved.sh | 352 ++
> 1 file changed, 352 insertions(+)
> create mode 100755 tools/testing/selftests/net/forwarding/vxlan_reserved.sh
Needs to be added to the Makefile, AFAICT
--
pw-bot:
On Thu, 14 Nov 2024 16:50:51 +0100 Sabrina Dubroca wrote:
> +To prevent attempting to decrypt incoming records using the wrong key,
> +decryption will be paused when a KeyUpdate message is received by the
> +kernel, until the new key has been provided using the TLS_RX socket
> +option. Any read occ
On Thu, 14 Nov 2024 16:50:50 +0100 Sabrina Dubroca wrote:
> This introduces 4 counters to keep track of key updates:
> Tls{Rx,Tx}Rekey{Ok,Error}.
Possibly track detected rekey messages, too? Could help us identify
when kernel blocks the socket but user space doesn't know how to rekey.
Either way:
On Thu, 14 Nov 2024 16:50:48 +0100 Sabrina Dubroca wrote:
> +static int tls_check_pending_rekey(struct tls_context *ctx, struct sk_buff
> *skb)
> +{
> + const struct tls_msg *tlm = tls_msg(skb);
> + const struct strp_msg *rxm = strp_msg(skb);
> + char hs_type;
> + int err;
> +
> +
On Thu, 14 Nov 2024 16:50:49 +0100 Sabrina Dubroca wrote:
> This adds the possibility to change the key and IV when using
> TLS1.3. Changing the cipher or TLS version is not supported.
>
> Once we have updated the RX key, we can unblock the receive side. If
> the rekey fails, the context is unmodi
On Tue, 3 Dec 2024 17:16:52 +0100 Sabrina Dubroca wrote:
> 2024-11-18, 19:41:58 -0800, Jakub Kicinski wrote:
> > On Thu, 14 Nov 2024 16:50:47 +0100 Sabrina Dubroca wrote:
> > > This adds support for receiving KeyUpdate messages (RFC 8446, 4.6.3
> > > [1]). A sender transmits a KeyUpdate message a
11 matches
Mail list logo
