Hi Herbert,
Have you had a chance to look this, or are you working on something else for
it?
On Friday 08 February 2008 18:12, Joakim Koskela wrote:
> Hi,
>
> This patch fixes the ipv6 mode of ipsec beet. It has been using logic
> similar to tunnel mode, making it crash during e
Hi,
This patch fixes the ipv6 mode of ipsec beet. It has been using logic
similar to tunnel mode, making it crash during esp packaging.
Signed-off-by: Joakim Koskela <[EMAIL PROTECTED]>
---
net/ipv6/xfrm6_mode_beet.c |9 ++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff
On Friday 19 October 2007 17:22:22 Herbert Xu wrote:
>
> Please hold onto this. I've got a more generic version of this
> that doesn't duplicate the inter-family logic between BEET mode
> and tunnel mode.
>
> Instead I've created a generic function that reads info from the
> inner header and puts
On Friday 19 October 2007 17:25:49 Herbert Xu wrote:
> Joakim Koskela <[EMAIL PROTECTED]> wrote:
> > I'm not sure I follow. This affects the ipv6 bundling only where the
> > struct (fl_tunnel) has previously been used for ipv6 addresses. Not that
> > we are usin
On Friday 19 October 2007 16:09:05 Herbert Xu wrote:
> On Fri, Oct 19, 2007 at 02:40:16PM +0300, Joakim Koskela wrote:
> >
> > This bit was chopped off the larger patch dealing with the problems
> > related to creating the bundles for inter-family tranformations.
>
On Friday 19 October 2007 15:55:55 Herbert Xu wrote:
> While I agree that this is definitely a problem, I've already
> got a solution for it which we happen to need for async crypto
> anyway.
>
> Basically xfrm_output will invoke a continuation function based
> on the external mode/family which wil
the larger patch dealing with the problems
related to creating the bundles for inter-family tranformations.
Signed-off-by: Joakim Koskela <[EMAIL PROTECTED]>
--
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 82e27b8..386a762 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/ne
ied during output to be
based on the current address family of the packet instead of what it
will be transformed to.
Signed-off-by: Joakim Koskela <[EMAIL PROTECTED]>
---
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index c4a7156..8b0c6bd 100644
--- a/net/ipv4/xfrm4_output.
uired that both address pairs in the SA
were of the same family. This patch enables mixing ipv4 and ipv6
addresses. All combinations (4-4, 4-6, 6-4, 6-6) have been tested.
The generic interfamily fixes have been chopped off from this into
separate patches.
Signed-off-by: Joakim Koskela &l
On Friday 14 September 2007 23:42:52 David Miller wrote:
> From: Joakim Koskela <[EMAIL PROTECTED]>
> Date: Thu, 6 Sep 2007 19:00:10 +0300
>
> > This patch addresses a couple of issues related to interfamily ipsec
> > modes. The problem is that the structure of the ro
iar with the details of these structs could comment.
Signed-off-by: Joakim Koskela <[EMAIL PROTECTED]>
---
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 4ff8ed3..7410c0d 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -72,6 +72,7 @@ __xfrm4_bun
Hi,
Does anybody know of any effort put into implementing support for the TCP user
timeout option in Linux?
The related draft:
http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcp-uto-06.txt
Basically its a per-connection parameter which says how long data can remain
unacknowledged before t
On Monday 06 August 2007 15:08:12 Patrick McHardy wrote:
> >
> > It's been a while, but as a fyi in case there are comments / suggestions
> > before submitting the whole patch again - it seems that this had some
> > problems after all. Works ok for normal cases, but fails when using ip
> > options
On Tuesday 17 July 2007 17:30:21 Joakim Koskela wrote:
> > Joakim Koskela wrote:
> > > diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
> > > index fa1902d..7a39f4c 100644
> > > --- a/net/ipv4/xfrm4_input.c
> > > +++ b/net/ipv4/x
On Friday 03 August 2007 01:01:14 David Miller wrote:
> Joakim, TEST YOUR PATCHES, and not just with your BEET test cases,
> before submitting them in the future. Having normal configurations of
> both PF_KEY and XFRM_USER ipsec totally break as a result of your
> changes is totally unacceptable a
On Tuesday 31 July 2007 14:14:30 Patrick McHardy wrote:
> Joakim Koskela wrote:
> > Ok, so changing int xfrm[46]_output(struct sk_buff*) to use the right PF
> > & hook based on the skb's [current] family should put things through the
> > right hoops, right?
&
On Tuesday 31 July 2007 13:51:42 Patrick McHardy wrote:
> Joakim Koskela wrote:
> > I'm not sure I really got this. IPv6/IPv4 means IPv6 inner, IPv4 outer,
> > right? Isn't that called from xfrm4_output_one and subsequently passed
> > through the right filters as w
On Thursday 19 July 2007 17:46:42 Patrick McHardy wrote:
> Joakim Koskela wrote:
> > + skb_push(skb, hdrlen);
> > + iphv6 = ipv6_hdr(skb);
> > +
> > + skb_reset_network_header(skb);
> > + top_iphv6 = ipv6_hdr(skb);
>
This patch modifies the xfrm state selection logic to use the inner
addresses where the outer have been (incorrectly) used. This is
required for beet mode in general and interfamily setups in both
tunnel and beet mode.
Signed-off-by: Joakim Koskela <[EMAIL PROTECTED]>
Signed-off-by: Herb
On Thursday 19 July 2007 17:46:42 Patrick McHardy wrote:
> > -
> > + if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {
> > + encap_family = xfrm[i]->props.family;
> > + if (encap_family == AF_INET) {
> > + remote.in = (struct i
vious implementation required that both address pairs in the SA
were of the same family. This patch enables mixing ipv4 and ipv6
addresses. All combinations (4-4, 4-6, 6-4, 6-6) have been tested
using manual key setups.
Signed-off-by: Joakim Koskela <[EMAIL PROTECTED]>
Signed-off-by: Herbert Xu
et
implementation, but I guess not thoroughly enough. Anyway, merged back the
latest non-interfamily versions and rolling with those now. Should have a
fixed version ready soon..
Some other comments:
> Joakim Koskela wrote:
> > diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_
The previous implementation required that both address pairs in the SA
were of the same family. This patch enables mixing ipv4 and ipv6
addresses. All combinations (4-4, 4-6, 6-4, 6-6) have been tested
using manual key setups.
Signed-off-by: Joakim Koskela <[EMAIL PROTECTED]>
Signed-off-by:
address pairs in the SA
were of the same family. This patch enables mixing ipv4 and ipv6
addresses. All combinations (4-4, 4-6, 6-4, 6-6) have been tested
using manual key setups.
Signed-off-by: Joakim Koskela <[EMAIL PROTECTED]>
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Signed-o
).
Signed-off-by: Joakim Koskela <[EMAIL PROTECTED]>
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Signed-off-by: Diego Beltrami <[EMAIL PROTECTED]>
Signed-off-by: Miika Komu <[EMAIL PROTECTED]>
---
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index
On Friday 11 May 2007 19:13:41 Patrick McHardy wrote:
> Joakim Koskela wrote:
> > I'm running a system where there might be multiple simultenously
> > active ipsec states between two hosts (ipv6, but guess it applies to
> > v4 as well) where the outer ip is the sa
else if (x->km.state == XFRM_STATE_ACQ) {
acquire_in_progress = 1;
} else if (x->km.state == XFRM_STATE_ERROR ||
br, j
--
Joakim Koskela
Helsinki Institute for Information Technology, http://www.hiit.fi
-
To unsubscribe from this li
27 matches
Mail list logo
