[PATCH ipsec-next] xfrm: ipcomp: remove unnecessary get_cpu()

.@linutronix.de/ Cc: Juri Lelli Reported-by: Xiumei Mu Suggested-by: Sebastian Andrzej Siewior Signed-off-by: Sabrina Dubroca --- net/xfrm/xfrm_ipcomp.c | 25 - 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_i

[PATCH ipsec] xfrm: xfrm_state_mtu should return at least 1280 for ipv6

for esp payload size calculation") Reported-by: Jianwen Ji Signed-off-by: Sabrina Dubroca --- include/net/xfrm.h| 1 + net/ipv4/esp4.c | 2 +- net/ipv6/esp6.c | 2 +- net/xfrm/xfrm_state.c | 14 -- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/inc

Re: [PATCH] xfrm: return error when esp offload is requested and not supported

2021-03-17, 09:42:43 +0100, Antony Antony wrote: > Hi, > > On Mon, Mar 15, 2021 at 16:29:59 +0100, Sabrina Dubroca wrote: > > 2021-03-15, 11:43:50 +0100, Steffen Klassert wrote: > > > On Wed, Mar 10, 2021 at 10:36:11AM +0100, Antony Antony wrote: > > > > When

[PATCH iproute2-next] ip: xfrm: add support for tfcpad

This patch adds support for setting and displaying the Traffic Flow Confidentiality attribute for an XFRM state, which allows padding ESP packets to a specified length. Signed-off-by: Sabrina Dubroca --- ip/ipxfrm.c| 8 ip/xfrm_state.c| 10 +- man/man8/ip-xfrm.8

Re: [PATCH] xfrm: return error when esp offload is requested and not supported

2021-03-15, 11:43:50 +0100, Steffen Klassert wrote: > On Wed, Mar 10, 2021 at 10:36:11AM +0100, Antony Antony wrote: > > When ESP offload is not supported by the device return an error, > > -EINVAL, instead of silently ignoring it, creating a SA without offload, > > and returning success. > > > >

[PATCH iproute2 v2] ip: xfrm: limit the length of the security context name when printing

ince the exact same code is used to print the security context for both policies and states. Fixes: b2bb289a57fe ("xfrm security context support") Reported-by: Paul Wouters Signed-off-by: Sabrina Dubroca --- v2: drop the memcpy and use %.*s, suggested by Stephen Hemminger

Re: [PATCH iproute2] ip: xfrm: add NUL character to security context name before printing

Hi Stephen/David, 2021-02-16, 17:50:58 +0100, Sabrina Dubroca wrote: > Security context names are not guaranteed to be NUL-terminated by the > kernel, so we can't just print them using %s directly. The length of > the string is capped by the size of the netlink attribute (u16)

Re: [PATCH ipsec 0/2] vti(6): fix ipv4 pmtu check to honor ip header df

ipv4 pmtu check to honor ip header df > vti6: fix ipv4 pmtu check to honor ip header df Thanks Eyal. Reviewed-by: Sabrina Dubroca Steffen, that's going to conflict with commit 4372339efc06 ("net: always use icmp{,v6}_ndo_send from ndo_start_xmit") from net. -- Sabrina

Re: [PATCH ipsec,v2] xfrm: interface: fix ipv4 pmtu check to honor ip header df

: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") > Signed-off-by: Eyal Birger > > - > > v2: better align coding with ip_vti LGTM. We also need to do the same thing in ip_vti and ip6_vti. Do you want to take care of it, or should I? Either way, for this patch: Reviewed-by: Sabrina Dubroca -- Sabrina

[PATCH iproute2] ip: xfrm: add NUL character to security context name before printing

ction, since the exact same code is used to print the security context for both policies and states. Fixes: b2bb289a57fe ("xfrm security context support") Reported-by: Paul Wouters Signed-off-by: Sabrina Dubroca --- ip/ipxfrm.c | 46 -- 1 f

Re: [PATCH net 00/12] net: iflink and link-netnsid fixes

2020-10-01, 14:25:38 -0700, Stephen Hemminger wrote: > On Thu, 1 Oct 2020 09:59:24 +0200 > Sabrina Dubroca wrote: > > > In a lot of places, we use this kind of comparison to detect if a > > device has a lower link: > > > > dev->ifindex != dev_get_iflink

Re: [PATCH net 08/12] ipv6: advertise IFLA_LINK_NETNSID when dumping ipv6 addresses

2020-10-01, 17:58:40 +0200, Nicolas Dichtel wrote: > Le 01/10/2020 à 09:59, Sabrina Dubroca a écrit : > > Currently, we're not advertising link-netnsid when dumping IPv6 > > addresses, so the "ip -6 addr" command will not correctly interpret > > the value of t

[PATCH net 00/12] net: iflink and link-netnsid fixes

, ipoib), and should probably also have a get_link_net. Sabrina Dubroca (12): ipvlan: add get_link_net geneve: add get_link_net Revert "rtnetlink: always put IFLA_LINK for links with a link-netnsid" rtnetlink: always put IFLA_LINK for links with ndo_get_iflink bridge: always

[PATCH net 09/12] net: link_watch: fix operstate when the link has the same index as the device

DOWN 10: macvlan0@bond0: ... ip -net peer link show type macvlan # should also be M-DOWN 9: macvlan0@if9: ... Fixes: d8a5ec672768 ("[NET]: netlink support for moving devices between network namespaces.") Signed-off-by: Sabrina Dubroca --- net/core/link_watch.c | 2 +- 1

[PATCH net 01/12] ipvlan: add get_link_net

Currently, ipvlan devices don't advertise a link-netnsid. We can get it from the lower device, like macvlan does. Signed-off-by: Sabrina Dubroca --- drivers/net/ipvlan/ipvlan_main.c | 9 + 1 file changed, 9 insertions(+) diff --git a/drivers/net/ipvlan/ipvlan_main.c b/driver

[PATCH net 11/12] batman-adv: fix iflink detection in batadv_is_on_batman_iface

ce without a link. Fixes: b7eddd0b3950 ("batman-adv: prevent using any virtual device created on batman-adv as hard-interface") Signed-off-by: Sabrina Dubroca --- net/batman-adv/hard-interface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/batman-adv/hard-interface.

[PATCH net 02/12] geneve: add get_link_net

Currently, geneve devices don't advertise a link netns. Similarly to VXLAN, we can get it from geneve_dev->net. Fixes: 2d07dc79fe04 ("geneve: add initial netdev driver for GENEVE tunnels") Signed-off-by: Sabrina Dubroca --- drivers/net/geneve.c | 8 1 file cha

[PATCH net 03/12] Revert "rtnetlink: always put IFLA_LINK for links with a link-netnsid"

th a link-netnsid") Signed-off-by: Sabrina Dubroca --- net/core/rtnetlink.c | 16 ++-- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 68e0682450c6..c35b3f02b4f9 100644 --- a/net/core/rtnetlink.c +++ b/net/c

[PATCH net 10/12] net: link_watch: fix detection of urgent events

ip -net b link set vlan1 down ; ip -net b link set vlan0 down sleep 2 ip -net b link set vlan1 up ; ip -net b link set vlan0 up Fixes: d8a5ec672768 ("[NET]: netlink support for moving devices between network namespaces.") Signed-off-by: Sabrina Dubroca --- net/core/link_w

[PATCH net 04/12] rtnetlink: always put IFLA_LINK for links with ndo_get_iflink

etlink support for moving devices between network namespaces.") Signed-off-by: Sabrina Dubroca --- net/core/rtnetlink.c | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index c35b3f02b4f9..a8459fb59ccd 100644 --- a/net/c

[PATCH net 08/12] ipv6: advertise IFLA_LINK_NETNSID when dumping ipv6 addresses

: macvlan0@if9: mtu 1500 state UP qlen 1000 link-netns main ndisc_ifinfo_sysctl_change calls inet6_fill_ifinfo without rcu or rtnl, so I'm adding rcu_read_lock around rtnl_fill_link_netnsid. Signed-off-by: Sabrina Dubroca --- net/ipv6/addrconf.c | 9 + 1 file changed, 9

[PATCH net 12/12] batman-adv: fix detection of lower link in batadv_get_real_netdevice

netns peer type macsec port 2 Let's use the presence of a ndo_get_iflink operation, rather than the value it returns, to detect a device without a link. Fixes: 5ed4a460a1d3 ("batman-adv: additional checks for virtual interfaces on top of WiFi") Signed-off-by: Sabrina Dubroca ---

[PATCH net 07/12] ipv6: always put IFLA_LINK for devices with ndo_get_iflink

link would call) to check if a device has a lower link. Fixes: d8a5ec672768 ("[NET]: netlink support for moving devices between network namespaces.") Signed-off-by: Sabrina Dubroca --- net/ipv6/addrconf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv6/a

[PATCH net 06/12] bridge: advertise IFLA_LINK_NETNSID when dumping bridge ports

called without RTNL (from br_forward_delay_timer_expired), so we need to change get_link_net callbacks to use rcu_dereference_rtnl instead of rtnl_dereference. Signed-off-by: Sabrina Dubroca --- drivers/net/can/vxcan.c | 2 +- drivers/net/veth.c | 2 +- include/net/rtnetlink.h | 4 net

[PATCH net 05/12] bridge: always put IFLA_LINK for ports with ndo_get_iflink

_iflink(), we can use the existence of the ndo_get_iflink operation (which dev_get_iflink would call) to check if a device has a lower link. Fixes: d8a5ec672768 ("[NET]: netlink support for moving devices between network namespaces.") Signed-off-by: Sabrina Dubroca --- net/bridge/br_net

[PATCH ipsec] espintcp: restore IP CB before handing the packet to xfrm

small part of tcp_skb_tb), so we can just relocate it to the start of skb->cb. Fixes: e27cca96cd68 ("xfrm: add espintcp (RFC 8229)") Reported-by: Xiumei Mu Signed-off-by: Sabrina Dubroca --- net/xfrm/espintcp.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --g

Re: Severe performance regression in "net: macsec: preserve ingress frame ordering"

2020-08-10, 12:09:40 -0400, Scott Dial wrote: > On 8/10/2020 9:34 AM, Sabrina Dubroca wrote: > > [adding the linux-crypto list] > > > > 2020-08-06, 23:48:16 -0400, Scott Dial wrote: > >> On 8/6/2020 5:11 PM, Ryan Cox wrote: > >>> With 5.7 I ge

Re: Severe performance regression in "net: macsec: preserve ingress frame ordering"

[adding the linux-crypto list] 2020-08-06, 23:48:16 -0400, Scott Dial wrote: > On 8/6/2020 5:11 PM, Ryan Cox wrote: > > With 5.7 I get: > > * 9.90 Gb/s with no macsec at all > > * 1.80 Gb/s with macsec WITHOUT encryption > > * 1.00 Gb/s (sometimes, but often less) with macsec WITH encryption > >

Re: [PATCH ipsec] xfrmi: drop ignore_df check before updating pmtu

2020-08-07, 17:41:09 +0200, Bram Yvakh wrote: > > On 7/08/2020 16:47, Sabrina Dubroca wrote: > > 2020-08-04, 14:32:56 +0200, Bram Yvakh wrote: > > > >> On 4/08/2020 11:37, Sabrina Dubroca wrote: > >> > >>> diff --git a/net/xfrm/xfrm_int

Re: [PATCH ipsec] xfrmi: drop ignore_df check before updating pmtu

2020-08-04, 14:32:56 +0200, Bram Yvakh wrote: > On 4/08/2020 11:37, Sabrina Dubroca wrote: > > xfrm interfaces currently test for !skb->ignore_df when deciding > > whether to update the pmtu on the skb's dst. Because of this, no pmtu > > exception is crea

[PATCH ipsec] xfrmi: drop ignore_df check before updating pmtu

ill work. Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") Reported-by: Xiumei Mu Signed-off-by: Sabrina Dubroca --- net/xfrm/xfrm_interface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c

[PATCH ipsec 1/2] espintcp: handle short messages instead of breaking the encap socket

: Andrew Cagney Signed-off-by: Sabrina Dubroca --- net/xfrm/espintcp.c | 25 - 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/net/xfrm/espintcp.c b/net/xfrm/espintcp.c index cb83e3664680..0a91b07f2b43 100644 --- a/net/xfrm/espintcp.c +++ b/net/xfrm/espi

[PATCH ipsec 2/2] espintcp: count packets dropped in espintcp_rcv

Currently, espintcp_rcv drops packets silently, which makes debugging issues difficult. Count packets as either XfrmInHdrError (when the packet was too short or contained invalid data) or XfrmInError (for other issues). Signed-off-by: Sabrina Dubroca --- net/xfrm/espintcp.c | 6 ++ 1 file

[PATCH ipsec] xfrm: esp6: fix the location of the transport header with encapsulation

er's ports with the selector that's based on user traffic ports. Fixes: 0146dca70b87 ("xfrm: add support for UDPv6 encapsulation of ESP") Fixes: 26333c37fc28 ("xfrm: add IPv6 support for espintcp") Reported-by: Xiumei Mu Signed-off-by: Sabrina Dubroca --- net/i

[RFC PATCH ipsec] xfrm: don't pass too short packets to userspace with ESPINUDP encap

that only properly-formed non-ESP messages are passed to userspace. Messages of 8 bytes or less that don't contain a full non-ESP prefix followed by some data (at least one byte) will be dropped and counted as XfrmInHdrError. Signed-off-by: Sabrina Dubroca --- net/ipv4/xfrm4_input.

Re: [Patch net] geneve: fix an uninitialized value in geneve_changelink()

eation") > Reported-by: syzbot+7ebc2e088af5e4c0c...@syzkaller.appspotmail.com > Cc: Sabrina Dubroca > Signed-off-by: Cong Wang Ouch. Thanks for fixing this. Reviewed-by: Sabrina Dubroca This should only be needed in net/stable. In net-next, I removed this in commit 9e06e

[PATCH ipsec 2/3] espintcp: recv() should return 0 when the peer socket is closed

turn value when the peer won't send us any more data. Fixes: e27cca96cd68 ("xfrm: add espintcp (RFC 8229)") Reported-by: Andrew Cagney Tested-by: Andrew Cagney Signed-off-by: Sabrina Dubroca --- net/xfrm/espintcp.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(

[PATCH ipsec 3/3] xfrm: policy: fix IPv6-only espintcp compilation

In case we're compiling espintcp support only for IPv6, we should still initialize the common code. Fixes: 26333c37fc28 ("xfrm: add IPv6 support for espintcp") Signed-off-by: Sabrina Dubroca --- net/xfrm/xfrm_policy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) d

[PATCH ipsec 0/3] xfrm: a few fixes for espintcp

Andrew Cagney reported some issues when trying to use async operations on the encapsulation socket. Patches 1 and 2 take care of these bugs. In addition, I missed a spot when adding IPv6 support and converting to the common config option. Sabrina Dubroca (3): espintcp: support non-blocking

[PATCH ipsec 1/3] espintcp: support non-blocking sends

eported-by: Andrew Cagney Tested-by: Andrew Cagney Signed-off-by: Sabrina Dubroca --- net/xfrm/espintcp.c | 26 +- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/net/xfrm/espintcp.c b/net/xfrm/espintcp.c index 100e29682b48..5d3d2b98c62d 100644 --- a/net/xfrm/

[PATCH net-next] geneve: move all configuration under struct geneve_config

ng DF behavior after creation"). Signed-off-by: Sabrina Dubroca --- drivers/net/geneve.c | 185 --- 1 file changed, 87 insertions(+), 98 deletions(-) diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c index 4661ef865807..e3d074008da2 100644 --- a/d

[PATCH net] ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg

swan test suite found this problem after Fedora changed the value for the sysctl net.ipv4.ping_group_range. Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind") Reported-by: Paul Wouters Tested-by: Paul Wouters Signed-off-by: Sabrina Dubroca --- net/ipv4/ping.c | 3 +++ 1 f

[PATCH ipsec] xfrm: esp6: fix encapsulation header offset computation

dd IPv6 support for espintcp") Reported-by: Tobias Brunner Signed-off-by: Sabrina Dubroca --- net/ipv6/esp6.c | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index c43592771126..55ae70be91b3 100644 --- a/net/ipv6/esp6.c +++ b/n

Re: [PATCH ipsec-next v2 2/6] xfrm: replay: get rid of duplicated notification code

Hi Florian, 2020-06-24, 10:08:00 +0200, Florian Westphal wrote: > After previous patch, we can consolidate some code: > > xfrm_replay_notify, xfrm_replay_notify_bmp and _esn all contain the > same code at the end. > > Remove it from xfrm_replay_notify_bmp/esn and reuse the one > in xfrm_replay_n

Re: [PATCH ipsec-next 02/10] tunnel4: add cb_handler to struct xfrm_tunnel

2020-06-17, 01:36:27 +0800, Xin Long wrote: > @@ -231,6 +255,7 @@ static int __init tunnel4_init(void) > goto err; > } > #endif > + xfrm_input_register_afinfo(&tunnel4_input_afinfo); This can fail. Shouldn't you handle that error? > return 0; > > err: -- Sabrin

Re: [PATCH net] geneve: allow changing DF behavior after creation

2020-06-18, 12:26:29 +0200, Stefano Brivio wrote: > On Thu, 18 Jun 2020 12:13:22 +0200 > Sabrina Dubroca wrote: > > > Currently, trying to change the DF parameter of a geneve device does > > nothing: > > > > # ip -d link show geneve1 > >

[PATCH net] geneve: allow changing DF behavior after creation

14: geneve1: link/ether geneve id 1 remote 10.0.0.1 ttl auto df set dstport 6081 We just need to update the value in geneve_changelink. Fixes: a025fb5f49ad ("geneve: Allow configuration of DF behaviour") Signed-off-by: Sabrina Dubroca --- drivers/net/geneve.c | 1

[PATCH bpf] bpf: tcp: recv() should return 0 when the peer socket is closed

ch does the right thing in this situation. Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: Sabrina Dubroca --- net/ipv4/tcp_bpf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c index 2b915aafda42..7

[PATCH net] net: don't return invalid table id error when we fall back to PF_UNSPEC

("net: Plumb support for filtering ipv4 and ipv6 multicast route dumps") Signed-off-by: Sabrina Dubroca --- include/net/ip_fib.h| 1 - net/ipv4/fib_frontend.c | 3 +-- net/ipv4/ipmr.c | 2 +- net/ipv6/ip6_fib.c | 2 +- net/ipv6/ip6mr.c| 2 +- 5 files changed,

Re: [kbuild-all] Re: [ipsec-next:testing 1/2] net/ipv6/esp6.c:144:15: error: implicit declaration of function 'csum_ipv6_magic'; did you mean 'csum_tcpudp_magic'?

2020-04-28, 08:21:13 +0800, Rong Chen wrote: > > > On 4/27/20 10:32 PM, Sabrina Dubroca wrote: > > 2020-04-23, 20:02:30 +0800, kbuild test robot wrote: > > > tree: > > > https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-n

Re: [PATCH net-next v4 0/6] ipsec: add TCP encapsulation support (RFC 8229)

2019-10-15, 11:46:57 -0700, Jakub Kicinski wrote: > On Tue, 15 Oct 2019 10:24:24 +0200, Sabrina Dubroca wrote: > > 2019-10-14, 14:43:27 -0400, David Miller wrote: > > > From: Sabrina Dubroca > > > Date: Fri, 11 Oct 2019 16:57:23 +0200 > > > > > &g

Re: [PATCH net-next v4 0/6] ipsec: add TCP encapsulation support (RFC 8229)

2019-10-14, 14:43:27 -0400, David Miller wrote: > From: Sabrina Dubroca > Date: Fri, 11 Oct 2019 16:57:23 +0200 > > > This patchset introduces support for TCP encapsulation of IKE and ESP > > messages, as defined by RFC 8229 [0]. It is an evolution of what > > Herbert

[PATCH net-next v4 4/6] esp4: prepare esp_input_done2 for non-UDP encapsulation

For espintcp encapsulation, we will need to get the source port from the TCP header instead of UDP. Introduce a variable to hold the port. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 16 ++-- 1 file changed, 14

[PATCH net-next v4 2/6] xfrm: introduce xfrm_trans_queue_net

it, add a BUILD_BUG_ON like we usually do for skb->cb, since it's missing for struct xfrm_trans_cb. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- include/net/xfrm.h| 3 +++ net/xfrm/xfrm_input.c | 21 + 2 files chan

[PATCH net-next v4 3/6] xfrm: add route lookup to xfrm4_rcv_encap

At this point, with TCP encapsulation, the dst may be gone, but xfrm_input needs one. Signed-off-by: Sabrina Dubroca --- net/ipv4/xfrm4_protocol.c | 9 + 1 file changed, 9 insertions(+) diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c index 8a4285712808..ea595c8549c7

[PATCH net-next v4 6/6] xfrm: add espintcp (RFC 8229)

Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- v4: fix sparse warnings related to RCU with icsk_ulp_data - use rcu_assign_pointer in espintcp_init_sk - use __force cast in espintcp_getctx v3: rename config option to INET_ESPINTCP and move it to net/ipv4/Kconfig v2:

[PATCH net-next v4 5/6] esp4: split esp_output_udp_encap and introduce esp_output_encap

Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 57 - 1 file changed, 37 insertions(+), 20 deletions(-) diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index c5d826642229..033c61d27148

[PATCH net-next v4 1/6] net: add queue argument to __skb_wait_for_more_packets and __skb_{,try_}recv_datagram

This will be used by ESP over TCP to handle the queue of IKE messages. Signed-off-by: Sabrina Dubroca --- v2: document the new argument to __skb_try_recv_datagram include/linux/skbuff.h | 11 --- net/core/datagram.c| 27 +-- net/ipv4/udp.c | 3

[PATCH net-next v4 0/6] ipsec: add TCP encapsulation support (RFC 8229)

uild test robot - patch 6/6, fix things reported by Steffen Klassert: - remove unneeded goto and improve error handling in esp_output_tcp_finish - clean up the ifdefs by providing dummy implementations of those functions - fix Kconfig select, missing NET_SOCK_MSG Sabrina Dubroca

Re: [ipsec-next:testing 7/8] include/net/espintcp.h:36:20: sparse: sparse: incorrect type in return expression (different address spaces)

2019-10-08, 07:55:09 +0200, Steffen Klassert wrote: > On Sun, Oct 06, 2019 at 10:46:40AM +0800, kbuild test robot wrote: > > tree: > > https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git > > testing > > head: 5374d99ba41893b4bb1ddbe35a88b1f08e860903 > > commit: 735de2631f8

[PATCH ipsec-next v3 5/6] esp4: split esp_output_udp_encap and introduce esp_output_encap

Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 57 - 1 file changed, 37 insertions(+), 20 deletions(-) diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index c5d826642229..033c61d27148

[PATCH ipsec-next v3 6/6] xfrm: add espintcp (RFC 8229)

Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- v3: rename config option to INET_ESPINTCP and move it to net/ipv4/Kconfig v2: - remove unneeded goto and improve error handling in esp_output_tcp_finish - clean up the ifdefs by providing dummy implementations of those

[PATCH ipsec-next v3 4/6] esp4: prepare esp_input_done2 for non-UDP encapsulation

For espintcp encapsulation, we will need to get the source port from the TCP header instead of UDP. Introduce a variable to hold the port. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 16 ++-- 1 file changed, 14

[PATCH ipsec-next v3 3/6] xfrm: add route lookup to xfrm4_rcv_encap

At this point, with TCP encapsulation, the dst may be gone, but xfrm_input needs one. Signed-off-by: Sabrina Dubroca --- net/ipv4/xfrm4_protocol.c | 9 + 1 file changed, 9 insertions(+) diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c index 8a4285712808..ea595c8549c7

[PATCH ipsec-next v3 1/6] net: add queue argument to __skb_wait_for_more_packets and __skb_{,try_}recv_datagram

This will be used by ESP over TCP to handle the queue of IKE messages. Signed-off-by: Sabrina Dubroca --- v2: document the new argument to __skb_try_recv_datagram include/linux/skbuff.h | 11 --- net/core/datagram.c| 27 +-- net/ipv4/udp.c | 3

[PATCH ipsec-next v3 0/6] ipsec: add TCP encapsulation support (RFC 8229)

e unneeded goto and improve error handling in esp_output_tcp_finish - clean up the ifdefs by providing dummy implementations of those functions - fix Kconfig select, missing NET_SOCK_MSG Sabrina Dubroca (6): net: add queue argument to __skb_wait_for_more_packets and

[PATCH ipsec-next v3 2/6] xfrm: introduce xfrm_trans_queue_net

it, add a BUILD_BUG_ON like we usually do for skb->cb, since it's missing for struct xfrm_trans_cb. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- include/net/xfrm.h| 3 +++ net/xfrm/xfrm_input.c | 21 + 2 files chan

Re: [PATCH ipsec-next v2 6/6] xfrm: add espintcp (RFC 8229)

2019-09-17, 14:04:13 +0200, Steffen Klassert wrote: > On Tue, Sep 17, 2019 at 01:57:43PM +0200, Sabrina Dubroca wrote: > > 2019-09-17, 13:26:49 +0200, Steffen Klassert wrote: > > > On Wed, Sep 11, 2019 at 04:13:07PM +0200, Sabrina Dubroca wrote: > > > ... > > &g

Re: [PATCH ipsec-next v2 6/6] xfrm: add espintcp (RFC 8229)

2019-09-17, 13:26:49 +0200, Steffen Klassert wrote: > On Wed, Sep 11, 2019 at 04:13:07PM +0200, Sabrina Dubroca wrote: > ... > > diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig > > index 51bb6018f3bf..e67044527fb7 100644 > > --- a/net/xfrm/Kconfig > > +++ b/net/xf

[PATCH ipsec-next v2 5/6] esp4: split esp_output_udp_encap and introduce esp_output_encap

Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 57 - 1 file changed, 37 insertions(+), 20 deletions(-) diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index c5d826642229..033c61d27148

[PATCH ipsec-next v2 0/6] ipsec: add TCP encapsulation support (RFC 8229)

providing dummy implementations of those functions - fix Kconfig select, missing NET_SOCK_MSG Sabrina Dubroca (6): net: add queue argument to __skb_wait_for_more_packets and __skb_{,try_}recv_datagram xfrm: introduce xfrm_trans_queue_net xfrm: add route lookup to xfrm4_rcv_encap

[PATCH ipsec-next v2 2/6] xfrm: introduce xfrm_trans_queue_net

it, add a BUILD_BUG_ON like we usually do for skb->cb, since it's missing for struct xfrm_trans_cb. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- include/net/xfrm.h| 3 +++ net/xfrm/xfrm_input.c | 21 + 2 files chan

[PATCH ipsec-next v2 1/6] net: add queue argument to __skb_wait_for_more_packets and __skb_{,try_}recv_datagram

This will be used by ESP over TCP to handle the queue of IKE messages. Signed-off-by: Sabrina Dubroca --- v2: document the new argument to __skb_try_recv_datagram include/linux/skbuff.h | 11 --- net/core/datagram.c| 27 +-- net/ipv4/udp.c | 3

[PATCH ipsec-next v2 6/6] xfrm: add espintcp (RFC 8229)

Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- v2: - remove unneeded goto and improve error handling in esp_output_tcp_finish - clean up the ifdefs by providing dummy implementations of those functions - fix Kconfig select, missing NET_SOCK_MSG include/net/

[PATCH ipsec-next v2 3/6] xfrm: add route lookup to xfrm4_rcv_encap

At this point, with TCP encapsulation, the dst may be gone, but xfrm_input needs one. Signed-off-by: Sabrina Dubroca --- net/ipv4/xfrm4_protocol.c | 9 + 1 file changed, 9 insertions(+) diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c index 8a4285712808..ea595c8549c7

[PATCH ipsec-next v2 4/6] esp4: prepare esp_input_done2 for non-UDP encapsulation

For espintcp encapsulation, we will need to get the source port from the TCP header instead of UDP. Introduce a variable to hold the port. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 16 ++-- 1 file changed, 14

Re: [PATCH ipsec-next 7/7] xfrm: add espintcp (RFC 8229)

2019-08-29, 09:04:31 +0200, Steffen Klassert wrote: > On Wed, Aug 21, 2019 at 11:46:25PM +0200, Sabrina Dubroca wrote: > > +static struct sock *esp_find_tcp_sk(struct xfrm_state *x) > > +{ > > + struct xfrm_encap_tmpl *encap = x->encap; > > + struct esp_tcp_sk *es

[PATCH net] ipv6: propagate ipv6_add_dev's error returns out of ipv6_find_idev

2000::/64 dev dummyX RTNETLINK answers: No buffer space available Commit a317a2f19da7 ("ipv6: fail early when creating netdev named all or default") introduced error returns in ipv6_add_dev. Before that, that function would simply return NULL for all failures. Signed-off-by: Sabri

[PATCH ipsec-next 7/7] xfrm: add espintcp (RFC 8229)

Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- include/net/espintcp.h | 38 +++ include/net/xfrm.h | 1 + include/uapi/linux/udp.h | 1 + net/ipv4/esp4.c | 189 ++- net/xfrm/Kconfig | 9 + net/xfrm/Makefile| 1 + net/xfrm/

[PATCH ipsec-next 5/7] esp4: prepare esp_input_done2 for non-UDP encapsulation

For espintcp encapsulation, we will need to get the source port from the TCP header instead of UDP. Introduce a variable to hold the port. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 16 ++-- 1 file changed, 14

[PATCH ipsec-next 6/7] esp4: split esp_output_udp_encap and introduce esp_output_encap

Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 57 - 1 file changed, 37 insertions(+), 20 deletions(-) diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index c5d826642229..033c61d27148

[PATCH ipsec-next 0/7] ipsec: add TCP encapsulation support (RFC 8229)

f: Avoid sleeping in skb_send_sock_locked Sabrina Dubroca (6): net: add queue argument to __skb_wait_for_more_packets and __skb_{,try_}recv_datagram xfrm: introduce xfrm_trans_queue_net xfrm: add route lookup to xfrm4_rcv_encap esp4: prepare esp_input_done2 for non-UDP encapsu

[PATCH ipsec-next 4/7] xfrm: add route lookup to xfrm4_rcv_encap

At this point, with TCP encapsulation, the dst may be gone, but xfrm_input needs one. Signed-off-by: Sabrina Dubroca --- net/ipv4/xfrm4_protocol.c | 9 + 1 file changed, 9 insertions(+) diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c index bcab48944c15..1665e1a05ec5

[PATCH ipsec-next 1/7] net: add queue argument to __skb_wait_for_more_packets and __skb_{,try_}recv_datagram

This will be used by ESP over TCP to handle the queue of IKE messages. Signed-off-by: Sabrina Dubroca --- include/linux/skbuff.h | 11 --- net/core/datagram.c| 26 -- net/ipv4/udp.c | 3 ++- net/unix/af_unix.c | 7 --- 4 files changed, 30

[PATCH ipsec-next 2/7] skbuff: Avoid sleeping in skb_send_sock_locked

part. Resulting in sleeping when the socket send buffer is full. This patch fixes it by setting the MSG_DONTWAIT flag when calling kernel_sendmsg_locked. Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/core/skbuff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/core/skbuf

[PATCH ipsec-next 3/7] xfrm: introduce xfrm_trans_queue_net

it, add a BUILD_BUG_ON like we usually do for skb->cb, since it's missing for struct xfrm_trans_cb. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- include/net/xfrm.h| 3 +++ net/xfrm/xfrm_input.c | 21 + 2 files chan

Re: [PATCH RFC ipsec-next 0/7] ipsec: add TCP encapsulation support (RFC 8229)

2019-08-21, 08:59:11 +0200, Steffen Klassert wrote: > On Fri, Aug 16, 2019 at 04:18:14PM +0200, Sabrina Dubroca wrote: > > Hi Steffen, > > > > 2019-06-25, 12:11:33 +0200, Sabrina Dubroca wrote: > > > This patchset introduces support for TCP encapsulation of IKE and

Re: [PATCH RFC ipsec-next 0/7] ipsec: add TCP encapsulation support (RFC 8229)

Hi Steffen, 2019-06-25, 12:11:33 +0200, Sabrina Dubroca wrote: > This patchset introduces support for TCP encapsulation of IKE and ESP > messages, as defined by RFC 8229 [0]. It is an evolution of what > Herbert Xu proposed in January 2018 [1] that addresses the main > criticism ag

Re: [PATCH net] net: fix use-after-free in __netif_receive_skb_core

2019-07-12, 16:29:48 +0100, Edward Cree wrote: > On 10/07/2019 23:47, Sabrina Dubroca wrote: > > 2019-07-10, 16:07:43 +0100, Edward Cree wrote: > >> On 10/07/2019 14:52, Sabrina Dubroca wrote: > >>> -static int __netif_receive_skb_core(struct sk_buff *skb, bool

Re: [PATCH net] net: fix use-after-free in __netif_receive_skb_core

2019-07-10, 16:07:43 +0100, Edward Cree wrote: > On 10/07/2019 14:52, Sabrina Dubroca wrote: > > -static int __netif_receive_skb_core(struct sk_buff *skb, bool pfmemalloc, > > +static int __netif_receive_skb_core(struct sk_buff **pskb, bool pfmemalloc, > >

[PATCH net] net: fix use-after-free in __netif_receive_skb_core

te SKB lists through packet_type lookup") Reported-by: Andreas Steinmetz Signed-off-by: Sabrina Dubroca --- net/core/dev.c | 26 -- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index d6edd218babd..0bbf6d2a9c32 100644 -

Re: [PATCH net-next 3/3] macsec: add brackets and indentation after calling macsec_decrypt

2019-06-30, 22:05:41 -0400, Willem de Bruijn wrote: > On Sun, Jun 30, 2019 at 4:48 PM Andreas Steinmetz wrote: > > > > At this point, skb could only be a valid pointer, so this patch does > > not introduce any functional change. > > Previously, macsec_post_decrypt could be called on the original

[PATCH RFC ipsec-next 6/7] esp4: split esp_output_udp_encap and introduce esp_output_encap

Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 57 - 1 file changed, 37 insertions(+), 20 deletions(-) diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 5608dd47ee97..344660e2a17b

[PATCH RFC ipsec-next 5/7] esp4: prepare esp_input_done2 for non-UDP encapsulation

For espintcp encapsulation, we will need to get the source port from the TCP header instead of UDP. Introduce a variable to hold the port. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 16 ++-- 1 file changed, 14

[PATCH RFC ipsec-next 2/7] skbuff: Avoid sleeping in skb_send_sock_locked

part. Resulting in sleeping when the socket send buffer is full. This patch fixes it by setting the MSG_DONTWAIT flag when calling kernel_sendmsg_locked. Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/core/skbuff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/core/skbuf

[PATCH RFC ipsec-next 0/7] ipsec: add TCP encapsulation support (RFC 8229)

0x13 conference [2] in Prague, last March. [0] https://tools.ietf.org/html/rfc8229 [1] https://patchwork.ozlabs.org/patch/859107/ [2] https://netdevconf.org/0x13/session.html?talk-ipsec-encap Herbert Xu (1): skbuff: Avoid sleeping in skb_send_sock_locked Sabrina Dubroca (6): net: add queue arg

[PATCH RFC ipsec-next 1/7] net: add queue argument to __skb_wait_for_more_packets and __skb_{,try_}recv_datagram

This will be used by ESP over TCP to handle the queue of IKE messages. Signed-off-by: Sabrina Dubroca --- include/linux/skbuff.h | 11 --- net/core/datagram.c| 26 -- net/ipv4/udp.c | 3 ++- net/unix/af_unix.c | 7 --- 4 files changed, 30

[PATCH RFC ipsec-next 7/7] xfrm: add espintcp (RFC 8229)

Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- include/net/espintcp.h | 38 +++ include/net/xfrm.h | 1 + include/uapi/linux/udp.h | 1 + net/ipv4/esp4.c | 189 ++- net/xfrm/Kconfig | 9 + net/xfrm/Makefile| 1 + net/xfrm/

[PATCH RFC ipsec-next 4/7] xfrm: add route lookup to xfrm4_rcv_encap

At this point, with TCP encapsulation, the dst may be gone, but xfrm_input needs one. Signed-off-by: Sabrina Dubroca --- net/ipv4/xfrm4_protocol.c | 9 + 1 file changed, 9 insertions(+) diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c index bcab48944c15..1665e1a05ec5

[PATCH RFC ipsec-next 3/7] xfrm: introduce xfrm_trans_queue_net

it, add a BUILD_BUG_ON like we usually do for skb->cb, since it's missing for struct xfrm_trans_cb. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- include/net/xfrm.h| 3 +++ net/xfrm/xfrm_input.c | 21 + 2 files chan

  1   2   3   4   5   >