ns as requested by Stephen.
Regards
Thomas
Thomas Egerer (3):
xfrm_policy: Add filter option for socket policies
xfrm_policy: Do not attempt to deleteall a socket policy
xfrm_{state,policy}: Allow to deleteall polices/states with marks
ip/xfrm.h| 1 +
ip/xfrm_policy.c
Socket polices are added to a socket using setsockopt(2). They cannot be
deleted by iproute2. The attempt to delete them causes an error
(EINVAL).
To avoid this unnecessary error message all socket policies are skipped
in xfrm_policy_keep.
Signed-off-by: Thomas Egerer
---
ip/xfrm_policy.c | 4
lues.
Signed-off-by: Thomas Egerer
---
ip/xfrm_policy.c | 10 ++
ip/xfrm_state.c | 13 +
2 files changed, 23 insertions(+)
diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index e2fa771..feea7d6 100644
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -753,6 +753,16 @@ static
Listing policies on systems with a lot of socket policies can be
confusing due to the number of returned polices. Even if socket polices
are not of interest, they cannot be filtered. This patch adds an option
to filter all socket policies from the output.
Signed-off-by: Thomas Egerer
---
ip
lues.
Signed-off-by: Thomas Egerer
---
ip/xfrm_policy.c | 10 ++
ip/xfrm_state.c | 13 +
2 files changed, 23 insertions(+)
diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index e2fa771..feea7d6 100644
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -753,6 +753,16 @@ static
lues.
Signed-off-by: Thomas Egerer
---
ip/xfrm_policy.c | 9 +
ip/xfrm_state.c | 12
2 files changed, 21 insertions(+)
diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index e2fa771..d544026 100644
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -753,6 +753,15 @@ static
Socket polices are added to a socket using setsockopt(2). They cannot be
deleted by iproute2. The attempt to delete them causes an error
(EINVAL).
To avoid this unnecessary error message all socket policies are skipped
in xfrm_policy_keep.
Signed-off-by: Thomas Egerer
---
ip/xfrm_policy.c | 4
Listing policies on systems with a lot of socket policies can be
confusing due to the number of returned polices. Even if socket polices
are not of interest, they cannot be filtered. This patch adds an option
to filter all socket policies from the output.
Signed-off-by: Thomas Egerer
---
ip
onto net-next.
Regards
Thomas
Thomas Egerer (3):
xfrm_policy: Add filter option for socket policies
xfrm_policy: Do not attempt to deleteall a socket policy
xfrm_{state,policy}: Allow to deleteall polices/states with marks
ip/xfrm.h| 1 +
ip/xfrm_policy.c | 21
://lists.strongswan.org/pipermail/users/2015-December/009074.html
[2] http://marc.info/?l=linux-crypto-vger&m=145224655809562&w=2
Signed-off-by: Thomas Egerer
---
net/ipv4/Kconfig | 1 +
net/ipv6/Kconfig | 1 +
2 files changed, 2 insertions(+)
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconf
On 01/25/2016 11:26 AM, Herbert Xu wrote:
> Thomas Egerer wrote:
>> The ESP algorithms using CBC mode require echainiv. Hence INET*_ESP have
>> to select CRYPTO_ECHAINIV in order to work properly. This solves the
>> issues caused by a misconfiguration as described in [1].
>
://lists.strongswan.org/pipermail/users/2015-December/009074.html
[2] http://marc.info/?l=linux-crypto-vger&m=145224655809562&w=2
Signed-off-by: Thomas Egerer
---
net/ipv4/Kconfig | 1 +
net/ipv6/Kconfig | 1 +
2 files changed, 2 insertions(+)
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconf
12 matches
Mail list logo
