)]}' { "log": [ { "commit": "2717096ab41eacdbf07352dca6826b59470eb39a", "tree": "9282ac7ffd15bbd41f438201ef76f6deaa23c90a", "parents": [ "6c97e72a162648eaf7c401cfc139493cefa6bed2" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Fri Apr 14 15:03:05 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Apr 14 15:03:05 2006 -0700" }, "message": "[XFRM]: Fix aevent timer.\n\nSend aevent immediately if we have sent nothing since last timer and\nthis is the first packet.\n\nFixes a corner case when packet threshold is very high, the timer low\nand a very low packet rate input which is bursty.\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "dbe5b4aaafc715b12dbbea309d3d17958d01fd65", "tree": "936518ad9d5452f5efe18e0107255eab0aafb58d", "parents": [ "e695633e21ffb6a443a8c2f8b3f095c7f1a48eb0" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Sat Apr 01 00:54:16 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Apr 01 00:54:16 2006 -0800" }, "message": "[IPSEC]: Kill unused decap state structure\n\nThis patch removes the *_decap_state structures which were previously\nused to share state between input/post_input. This is no longer\nneeded.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "e695633e21ffb6a443a8c2f8b3f095c7f1a48eb0", "tree": "52a679683a11eb42ec5888309a82ec5811a21e03", "parents": [ "15901dc93fa4253bfb3661644ecad67c2e83213c" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Sat Apr 01 00:52:46 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Apr 01 00:52:46 2006 -0800" }, "message": "[IPSEC]: Kill unused decap state argument\n\nThis patch removes the decap_state argument from the xfrm input hook.\nPreviously this function allowed the input hook to share state with\nthe post_input hook. The latter has since been removed.\n\nThe only purpose for it now is to check the encap type. However, it\nis easier and better to move the encap type check to the generic\nxfrm_rcv function. This allows us to get rid of the decap state\nargument altogether.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d2acc3479cbccd5cfbca6c787be713ef1de12ec6", "tree": "aa348e19e15027db9abdd2da175a0c9055047858", "parents": [ "f0088a50e7c49d1ba285c88fe06345f223652fd3" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Tue Mar 28 01:12:13 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Mar 28 17:02:46 2006 -0800" }, "message": "[INET]: Introduce tunnel4/tunnel6\n\nBasically this patch moves the generic tunnel protocol stuff out of\nxfrm4_tunnel/xfrm6_tunnel and moves it into the new files of tunnel4.c\nand tunnel6 respectively.\n\nThe reason for this is that the problem that Hugo uncovered is only\nthe tip of the iceberg. The real problem is that when we removed the\ndependency of ipip on xfrm4_tunnel we didn\u0027t really consider the module\ncase at all.\n\nFor instance, as it is it\u0027s possible to build both ipip and xfrm4_tunnel\nas modules and if the latter is loaded then ipip simply won\u0027t load.\n\nAfter considering the alternatives I\u0027ve decided that the best way out of\nthis is to restore the dependency of ipip on the non-xfrm-specific part\nof xfrm4_tunnel. This is acceptable IMHO because the intention of the\nremoval was really to be able to use ipip without the xfrm subsystem.\nThis is still preserved by this patch.\n\nSo now both ipip/xfrm4_tunnel depend on the new tunnel4.c which handles\nthe arbitration between the two. The order of processing is determined\nby a simple integer which ensures that ipip gets processed before\nxfrm4_tunnel.\n\nThe situation for ICMP handling is a little bit more complicated since\nwe may not have enough information to determine who it\u0027s for. It\u0027s not\na big deal at the moment since the xfrm ICMP handlers are basically\nno-ops. In future we can deal with this when we look at ICMP caching\nin general.\n\nThe user-visible change to this is the removal of the TUNNEL Kconfig\nprompts. This makes sense because it can only be used through IPCOMP\nas it stands.\n\nThe addition of the new modules shouldn\u0027t introduce any problems since\nmodule dependency will cause them to be loaded.\n\nOh and I also turned some unnecessary pskb\u0027s in IPv6 related to this\npatch to skb\u0027s.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "be33690d8fcf40377f16193c463681170eb6b295", "tree": "08c7be2ba1d046fca40bbb1d3ddac789b393ecc9", "parents": [ "15d99e02babae8bc20b836917ace07d93e318149" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Mon Mar 20 22:40:54 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 22:40:54 2006 -0800" }, "message": "[XFRM]: Fix aevent related crash\n\nWhen xfrm_user isn\u0027t loaded xfrm_nl is NULL, which makes IPsec crash because\nxfrm_aevent_is_on passes the NULL pointer to netlink_has_listeners as socket.\nA second problem is that the xfrm_nl pointer is not cleared when the socket\nis releases at module unload time.\n\nProtect references of xfrm_nl from outside of xfrm_user by RCU, check\nthat the socket is present in xfrm_aevent_is_on and set it to NULL\nwhen unloading xfrm_user.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4a3e2f711a00a1feb72ae12fdc749da10179d185", "tree": "76ced9d3270dea4b864da71fa1d4415d2e3c8b11", "parents": [ "d4ccd08cdfa8d34f4d25b62041343c52fc79385f" ], "author": { "name": "Arjan van de Ven", "email": "arjan@infradead.org", "time": "Mon Mar 20 22:33:17 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 22:33:17 2006 -0800" }, "message": "[NET] sem2mutex: net/\n\nSemaphore to mutex conversion.\n\nThe conversion was generated via scripts, and the result was validated\nautomatically via a script as well.\n\nSigned-off-by: Arjan van de Ven \u003carjan@infradead.org\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6c5c8ca7ff20523e427b955aa84cef407934710f", "tree": "382a4b07027efd8a41638ed9c051cc9ec2506f0b", "parents": [ "53bc6b4d29c07664f3abe029b7e6878a1067899a" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Mon Mar 20 19:17:25 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 19:17:25 2006 -0800" }, "message": "[IPSEC]: Sync series - policy expires\n\nThis is similar to the SA expire insertion patch - only it inserts\nexpires for SP.\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "53bc6b4d29c07664f3abe029b7e6878a1067899a", "tree": "d97fc26acc763dde9d1dc15573a51253180b617f", "parents": [ "980ebd25794f0f87ac32844e2c73e9e81f0a72ba" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Mon Mar 20 19:17:03 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 19:17:03 2006 -0800" }, "message": "[IPSEC]: Sync series - SA expires\n\nThis patch allows a user to insert SA expires. This is useful to\ndo on an HA backup for the case of byte counts but may not be very\nuseful for the case of time based expiry.\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "980ebd25794f0f87ac32844e2c73e9e81f0a72ba", "tree": "da52df6e31bd4b2527c223ca2585e0d792bf3ea2", "parents": [ "d51d081d65048a7a6f9956a7809c3bb504f3b95d" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Mon Mar 20 19:16:40 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 19:16:40 2006 -0800" }, "message": "[IPSEC]: Sync series - acquire insert\n\nThis introduces a feature similar to the one described in RFC 2367:\n\"\n ... the application needing an SA sends a PF_KEY\n SADB_ACQUIRE message down to the Key Engine, which then either\n returns an error or sends a similar SADB_ACQUIRE message up to one or\n more key management applications capable of creating such SAs.\n ...\n ...\n The third is where an application-layer consumer of security\n associations (e.g. an OSPFv2 or RIPv2 daemon) needs a security\n association.\n\n Send an SADB_ACQUIRE message from a user process to the kernel.\n\n \u003cbase, address(SD), (address(P),) (identity(SD),) (sensitivity,)\n proposal\u003e\n\n The kernel returns an SADB_ACQUIRE message to registered\n sockets.\n\n \u003cbase, address(SD), (address(P),) (identity(SD),) (sensitivity,)\n proposal\u003e\n\n The user-level consumer waits for an SADB_UPDATE or SADB_ADD\n message for its particular type, and then can use that\n association by using SADB_GET messages.\n\n \"\nAn app such as OSPF could then use ipsec KM to get keys\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f8cd54884e675dfaf0c86cc7c088adb6ca9d7638", "tree": "7850e8ebebf1f8543c96acdd7c197003b3b4d54c", "parents": [ "f5539eb8caa52a9198079df767cc1bb5494e69e3" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Mon Mar 20 19:15:11 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 19:15:11 2006 -0800" }, "message": "[IPSEC]: Sync series - core changes\n\nThis patch provides the core functionality needed for sync events\nfor ipsec. Derived work of Krisztian KOVACS \u003chidden@balabit.hu\u003e\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "752c1f4c78fe86d0fd6497387f763306b0d8fc53", "tree": "50d7e52940d1adf0936805645d52e2419e5922cf", "parents": [ "4bf05eceecf2efb4c883e9e9b17825682e7330dd" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Mon Feb 27 13:00:40 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Feb 27 13:00:40 2006 -0800" }, "message": "[IPSEC]: Kill post_input hook and do NAT-T in esp_input directly\n\nThe only reason post_input exists at all is that it gives us the\npotential to adjust the checksums incrementally in future which\nwe ought to do.\n\nHowever, after thinking about it for a bit we can adjust the\nchecksums without using this post_input stuff at all. The crucial\npoint is that only the inner-most NAT-T SA needs to be considered\nwhen adjusting checksums. What\u0027s more, the checksum adjustment\ncomes down to a single u32 due to the linearity of IP checksums.\n\nWe just happen to have a spare u32 lying around in our skb structure :)\nWhen ip_summed is set to CHECKSUM_NONE on input, the value of skb-\u003ecsum\nis currently unused. All we have to do is to make that the checksum\nadjustment and voila, there goes all the post_input and decap structures!\n\nI\u0027ve left in the decap data structures for now since it\u0027s intricately\nwoven into the sec_path stuff. We can kill them later too.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "21380b81ef8699179b535e197a95b891a7badac7", "tree": "1a6be9864cabbed59db6357b2f0244413acac4c4", "parents": [ "85259878499d6c428cba191bb4e415a250dcd75a" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Wed Feb 22 14:47:13 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Feb 23 16:10:53 2006 -0800" }, "message": "[XFRM]: Eliminate refcounting confusion by creating __xfrm_state_put().\n\nWe often just do an atomic_dec(\u0026x-\u003erefcnt) on an xfrm_state object\nbecause we know there is more than 1 reference remaining and thus\nwe can elide the heavier xfrm_state_put() call.\n\nDo this behind an inline function called __xfrm_state_put() so that is\nmore obvious and also to allow us to more cleanly add refcount\ndebugging later.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "48d5cad87c3a4998d0bda16ccfb5c60dfe4de5fb", "tree": "bfad91af72f4c522a44bab6133b540cda365d8c1", "parents": [ "5ecfbae093f0c37311e89b29bfc0c9d586eace87" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Wed Feb 15 15:10:22 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Feb 15 15:10:22 2006 -0800" }, "message": "[XFRM]: Fix SNAT-related crash in xfrm4_output_finish\n\nWhen a packet matching an IPsec policy is SNATed so it doesn\u0027t match any\npolicy anymore it looses its xfrm bundle, which makes xfrm4_output_finish\ncrash because of a NULL pointer dereference.\n\nThis patch directs these packets to the original output path instead. Since\nthe packets have already passed the POST_ROUTING hook, but need to start at\nthe beginning of the original output path which includes another\nPOST_ROUTING invocation, a flag is added to the IPCB to indicate that the\npacket was rerouted and doesn\u0027t need to pass the POST_ROUTING hook again.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5c901daaea3be0d900b3ae1fc9b5f64ff94e4f02", "tree": "7532b280d892bab7fd9af98b02a3f81929ddca5d", "parents": [ "4e8e9de7c25315669e2d5565acc50ec379522c28" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Fri Jan 06 23:05:36 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Jan 07 12:57:35 2006 -0800" }, "message": "[NETFILTER]: Redo policy lookups after NAT when neccessary\n\nWhen NAT changes the key used for the xfrm lookup it needs to be done\nagain. If a new policy is returned in POST_ROUTING the packet needs\nto be passed to xfrm4_output_one manually after all hooks were called\nbecause POST_ROUTING is called with fixed okfn (ip_finish_output).\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3e3850e989c5d2eb1aab6f0fd9257759f0f4cbc6", "tree": "fa05d1de4767bc30e77442ffbacfe8bd8dd2213d", "parents": [ "8cdfab8a43bb4b3da686ea503a702cb6f9f6a803" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Fri Jan 06 23:04:54 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Jan 07 12:57:33 2006 -0800" }, "message": "[NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harder\n\nip_route_me_harder doesn\u0027t use the port numbers of the xfrm lookup and\nuses ip_route_input for non-local addresses which doesn\u0027t do a xfrm\nlookup, ip6_route_me_harder doesn\u0027t do a xfrm lookup at all.\n\nUse xfrm_decode_session and do the lookup manually, make sure both\nonly do the lookup if the packet hasn\u0027t been transformed already.\n\nMakeing sure the lookup only happens once needs a new field in the\nIP6CB, which exceeds the size of skb-\u003ecb. The size of skb-\u003ecb is\nincreased to 48b. Apparently the IPv6 mobile extensions need some\nmore room anyway.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "951dbc8ac714b04c36296b8b5c36c8e036ce433f", "tree": "7f3599987f6b6db765f66c65d5c1cefe1457ea6a", "parents": [ "16a6677fdf1d1194f688f8291b06fbaff248c353" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Fri Jan 06 23:02:34 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Jan 07 12:57:29 2006 -0800" }, "message": "[IPV6]: Move nextheader offset to the IP6CB\n\nMove nextheader offset to the IP6CB to make it possible to pass a\npacket to ip6_input_finish multiple times and have it skip already\nparsed headers. As a nice side effect this gets rid of the manual\nhopopts skipping in ip6_input_finish.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "14c850212ed8f8cbb5972ad6b8812e08a0bc901c", "tree": "53c88f03e7bbac4064f6e80d462ad484ee038326", "parents": [ "25995ff577675b58dbd848b7758e7bad87411947" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@mandriva.com", "time": "Tue Dec 27 02:43:12 2005 -0200" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 03 13:11:21 2006 -0800" }, "message": "[INET_SOCK]: Move struct inet_sock \u0026 helper functions to net/inet_sock.h\n\nTo help in reducing the number of include dependencies, several files were\ntouched as they were getting needed headers indirectly for stuff they use.\n\nThanks also to Alan Menegotto for pointing out that net/dccp/proto.c had\nlinux/dccp.h include twice.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@mandriva.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "df71837d5024e2524cd51c93621e558aa7dd9f3f", "tree": "58938f1d46f3c6713b63e5a785e82fdbb10121a1", "parents": [ "88026842b0a760145aa71d69e74fbc9ec118ca44" ], "author": { "name": "Trent Jaeger", "email": "tjaeger@cse.psu.edu", "time": "Tue Dec 13 23:12:27 2005 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 03 13:10:24 2006 -0800" }, "message": "[LSM-IPSec]: Security association restriction.\n\nThis patch series implements per packet access control via the\nextension of the Linux Security Modules (LSM) interface by hooks in\nthe XFRM and pfkey subsystems that leverage IPSec security\nassociations to label packets. Extensions to the SELinux LSM are\nincluded that leverage the patch for this purpose.\n\nThis patch implements the changes necessary to the XFRM subsystem,\npfkey interface, ipv4/ipv6, and xfrm_user interface to restrict a\nsocket to use only authorized security associations (or no security\nassociation) to send/receive network packets.\n\nPatch purpose:\n\nThe patch is designed to enable access control per packets based on\nthe strongly authenticated IPSec security association. Such access\ncontrols augment the existing ones based on network interface and IP\naddress. The former are very coarse-grained, and the latter can be\nspoofed. By using IPSec, the system can control access to remote\nhosts based on cryptographic keys generated using the IPSec mechanism.\nThis enables access control on a per-machine basis or per-application\nif the remote machine is running the same mechanism and trusted to\nenforce the access control policy.\n\nPatch design approach:\n\nThe overall approach is that policy (xfrm_policy) entries set by\nuser-level programs (e.g., setkey for ipsec-tools) are extended with a\nsecurity context that is used at policy selection time in the XFRM\nsubsystem to restrict the sockets that can send/receive packets via\nsecurity associations (xfrm_states) that are built from those\npolicies.\n\nA presentation available at\nwww.selinux-symposium.org/2005/presentations/session2/2-3-jaeger.pdf\nfrom the SELinux symposium describes the overall approach.\n\nPatch implementation details:\n\nOn output, the policy retrieved (via xfrm_policy_lookup or\nxfrm_sk_policy_lookup) must be authorized for the security context of\nthe socket and the same security context is required for resultant\nsecurity association (retrieved or negotiated via racoon in\nipsec-tools). This is enforced in xfrm_state_find.\n\nOn input, the policy retrieved must also be authorized for the socket\n(at __xfrm_policy_check), and the security context of the policy must\nalso match the security association being used.\n\nThe patch has virtually no impact on packets that do not use IPSec.\nThe existing Netfilter (outgoing) and LSM rcv_skb hooks are used as\nbefore.\n\nAlso, if IPSec is used without security contexts, the impact is\nminimal. The LSM must allow such policies to be selected for the\ncombination of socket and remote machine, but subsequent IPSec\nprocessing proceeds as in the original case.\n\nTesting:\n\nThe pfkey interface is tested using the ipsec-tools. ipsec-tools have\nbeen modified (a separate ipsec-tools patch is available for version\n0.5) that supports assignment of xfrm_policy entries and security\nassociations with security contexts via setkey and the negotiation\nusing the security contexts via racoon.\n\nThe xfrm_user interface is tested via ad hoc programs that set\nsecurity contexts. These programs are also available from me, and\ncontain programs for setting, getting, and deleting policy for testing\nthis interface. Testing of sa functions was done by tracing kernel\nbehavior.\n\nSigned-off-by: Trent Jaeger \u003ctjaeger@cse.psu.edu\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "399c180ac5f0cb66ef9479358e0b8b6bafcbeafe", "tree": "4014154b7800e96058d94f78dc34a53681e8d5e5", "parents": [ "9e999993c71e1506378d26d81f842277aff8a250" ], "author": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Dec 19 14:23:23 2005 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Dec 19 14:23:23 2005 -0800" }, "message": "[IPSEC]: Perform SA switchover immediately.\n\nWhen we insert a new xfrm_state which potentially\nsubsumes an existing one, make sure all cached\nbundles are flushed so that the new SA is used\nimmediately.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "dd0fc66fb33cd610bc1a5db8a5e232d34879b4d7", "tree": "51f96a9db96293b352e358f66032e1f4ff79fafb", "parents": [ "3b0e77bd144203a507eb191f7117d2c5004ea1de" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Fri Oct 07 07:46:04 2005 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Oct 08 15:00:57 2005 -0700" }, "message": "[PATCH] gfp flags annotations - part 1\n\n - added typedef unsigned int __nocast gfp_t;\n\n - replaced __nocast uses for gfp flags with gfp_t - it gives exactly\n the same warnings as far as sparse is concerned, doesn\u0027t change\n generated code (from gcc point of view we replaced unsigned int with\n typedef) and documents what\u0027s going on far better.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "77d8d7a6848c81084f413e1ec4982123a56e2ccb", "tree": "37a160b0b5fcb8a079bcafec5091fd331e14d54c", "parents": [ "140e26fcd559f6988e5a9056385eecade19d9b49" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Wed Oct 05 12:15:12 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Oct 05 12:15:12 2005 -0700" }, "message": "[IPSEC]: Document that policy direction is derived from the index.\n\nHere is a patch that adds a helper called xfrm_policy_id2dir to\ndocument the fact that the policy direction can be and is derived\nfrom the index.\n\nThis is based on a patch by YOSHIFUJI Hideaki and 210313105@suda.edu.cn.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "83fa3400ebcba307a60909824a251be984eb9567", "tree": "b01c3eaabd156ba75ec41bea0be3d73fd066713c", "parents": [ "3d2aef668920e8d93b77f145f8f647f62abe75db" ], "author": { "name": "Randy Dunlap", "email": "rdunlap@xenotime.net", "time": "Tue Oct 04 22:45:35 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Oct 04 22:45:35 2005 -0700" }, "message": "[XFRM]: fix sparse gfp nocast warnings\n\nFix implicit nocast warnings in xfrm code:\nnet/xfrm/xfrm_policy.c:232:47: warning: implicit cast to nocast type\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "0742fd53a3774781255bd1e471e7aa2e4a82d5f7", "tree": "020e6d1ccb1d7ce07cdb26b7317fa2ca58e689b3", "parents": [ "f2ccd8fa06c8e302116e71df372f5c1f83432e03" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Tue Aug 09 19:35:47 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 15:33:20 2005 -0700" }, "message": "[IPV4]: possible cleanups\n\nThis patch contains the following possible cleanups:\n- make needlessly global code static\n- #if 0 the following unused global function:\n - xfrm4_state.c: xfrm4_state_fini\n- remove the following unneeded EXPORT_SYMBOL\u0027s:\n - ip_output.c: ip_finish_output\n - ip_output.c: sysctl_ip_default_ttl\n - fib_frontend.c: ip_dev_find\n - inetpeer.c: inet_peer_idlock\n - ip_options.c: ip_options_compile\n - ip_options.c: ip_options_undo\n - net/core/request_sock.c: sysctl_max_syn_backlog\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "0303770deb834c15ca664a9d741d40f893c92f4e", "tree": "d48e2df54d3545052aaffeeeec1c34c214055056", "parents": [ "c877efb207bf4629cfa97ac13412f7392a873485" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Tue Jul 19 14:03:34 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Jul 19 14:03:34 2005 -0700" }, "message": "[NET]: Make ipip/ip6_tunnel independant of XFRM\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d094cd83c06e06e01d8edb540555f3f64e4081c2", "tree": "c9aad8ebaebbf0cde7c535bb764a6d6e859125fb", "parents": [ "72cb6962a91f2af9eef69a06198e1949c10259ae" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Mon Jun 20 13:19:41 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jun 20 13:19:41 2005 -0700" }, "message": "[IPSEC]: Add xfrm_state_afinfo-\u003einit_flags\n\nThis patch adds the xfrm_state_afinfo-\u003einit_flags hook which allows\neach address family to perform any common initialisation that does\nnot require a corresponding destructor call.\n\nIt will be used subsequently to set the XFRM_STATE_NOPMTUDISC flag\nin IPv4.\n\nIt also fixes up the error codes returned by xfrm_init_state.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nAcked-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "72cb6962a91f2af9eef69a06198e1949c10259ae", "tree": "3ae65d1c4e7d7cb7ac05bfc6f457312df45f6996", "parents": [ "3f7a87d2fa9b42f7aade43914f060df68cc89cc7" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Mon Jun 20 13:18:08 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jun 20 13:18:08 2005 -0700" }, "message": "[IPSEC]: Add xfrm_init_state\n\nThis patch adds xfrm_init_state which is simply a wrapper that calls\nxfrm_get_type and subsequently x-\u003etype-\u003einit_state. It also gets rid\nof the unused args argument.\n\nAbstracting it out allows us to add common initialisation code, e.g.,\nto set family-specific flags.\n\nThe add_time setting in xfrm_user.c was deleted because it\u0027s already\nset by xfrm_state_alloc.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nAcked-by: James Morris \u003cjmorris@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f60f6b8f70c756fc786d68f02ec17a1e84db645f", "tree": "8eee05de129439e4ffde876d2208a613178acfe3", "parents": [ "e7443892f656d760ec1b9d92567178c87e100f4a" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Sat Jun 18 22:44:37 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Jun 18 22:44:37 2005 -0700" }, "message": "[IPSEC] Use XFRM_MSG_* instead of XFRM_SAP_*\n\nThis patch removes XFRM_SAP_* and converts them over to XFRM_MSG_*.\nThe netlink interface is meant to map directly onto the underlying\nxfrm subsystem. Therefore rather than using a new independent\nrepresentation for the events we can simply use the existing ones\nfrom xfrm_user.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\n" }, { "commit": "bf08867f91a43aa3ba2e4598c06c4769a6cdddf6", "tree": "316504b4756a32d802ea037815f2d9022ab88bfe", "parents": [ "4f09f0bbc1cb3c74e8f2047ad4be201a059829ee" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Sat Jun 18 22:44:00 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Jun 18 22:44:00 2005 -0700" }, "message": "[IPSEC] Turn km_event.data into a union\n\nThis patch turns km_event.data into a union. This makes code that\nuses it clearer.\n \nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\n" }, { "commit": "4666faab095230ec8aa62da6c33391287f281154", "tree": "36d61925bb02dd7de537ff65d35190eeebbf47fa", "parents": [ "26b15dad9f1c19d6d4f7b999b07eaa6d98e4b375" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Sat Jun 18 22:43:22 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Jun 18 22:43:22 2005 -0700" }, "message": "[IPSEC] Kill spurious hard expire messages\n\nThis patch ensures that the hard state/policy expire notifications are\nonly sent when the state/policy is successfully removed from their\nrespective tables.\n\nAs it is, it\u0027s possible for a state/policy to both expire through\nreaching a hard limit, as well as being deleted by the user.\n\nNote that this behaviour isn\u0027t actually forbidden by RFC 2367.\nHowever, it is a quality of implementation issue.\n\nAs an added bonus, the restructuring in this patch will help\neventually in moving the expire notifications from softirq\ncontext into process context, thus improving their reliability.\n\nOne important side-effect from this change is that SAs reaching\ntheir hard byte/packet limits are now deleted immediately, just\nlike SAs that have reached their hard time limits.\n\nPreviously they were announced immediately but only deleted after\n30 seconds.\n\nThis is bad because it prevents the system from issuing an ACQUIRE\ncommand until the existing state was deleted by the user or expires\nafter the time is up.\n\nIn the scenario where the expire notification was lost this introduces\na 30 second delay into the system for no good reason.\n \nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\n" }, { "commit": "26b15dad9f1c19d6d4f7b999b07eaa6d98e4b375", "tree": "2ca3039488d9df023fb84eaa7c1f52aa8d1ce69c", "parents": [ "3aa3dfb372576f30835a94409556e3c8681b5756" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Sat Jun 18 22:42:13 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Jun 18 22:42:13 2005 -0700" }, "message": "[IPSEC] Add complete xfrm event notification\n\nHeres the final patch.\nWhat this patch provides\n\n- netlink xfrm events\n- ability to have events generated by netlink propagated to pfkey\n and vice versa.\n- fixes the acquire lets-be-happy-with-one-success issue\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\n" }, { "commit": "92d63decc0b6a5d600f792fcf5f3ff9718c09a3d", "tree": "eca15d3ffba7795ea4d9bef9cdc6d21c7c71fa00", "parents": [ "2f872f0401d4b470990864fbf99c19130f25ad4d" ], "author": { "name": "Hideaki YOSHIFUJI", "email": "yoshfuji@linux-ipv6.org", "time": "Thu May 26 12:58:04 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu May 26 12:58:04 2005 -0700" }, "message": "From: Kazunori Miyazawa \u003ckazunori@miyazawa.org\u003e\n\n[XFRM] Call dst_check() with appropriate cookie\n\nThis fixes infinite loop issue with IPv6 tunnel mode.\n\nSigned-off-by: Kazunori Miyazawa \u003ckazunori@miyazawa.org\u003e\nSigned-off-by: Hideaki YOSHIFUJI \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "aabc9761b69f1bfa30a78f7005be95cc9cc06175", "tree": "50dc9f510011ac03656aeba0595b2b0b5c5f5e22", "parents": [ "d5d75cd6b10ddad2f375b61092754474ad78aec7" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Tue May 03 16:27:10 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue May 03 16:27:10 2005 -0700" }, "message": "[IPSEC]: Store idev entries\n\nI found a bug that stopped IPsec/IPv6 from working. About\na month ago IPv6 started using rt6i_idev-\u003edev on the cached socket dst\nentries. If the cached socket dst entry is IPsec, then rt6i_idev will\nbe NULL.\n\nSince we want to look at the rt6i_idev of the original route in this\ncase, the easiest fix is to store rt6i_idev in the IPsec dst entry just\nas we do for a number of other IPv6 route attributes. Unfortunately\nthis means that we need some new code to handle the references to\nrt6i_idev. That\u0027s why this patch is bigger than it would otherwise be.\n\nI\u0027ve also done the same thing for IPv4 since it is conceivable that\nonce these idev attributes start getting used for accounting, we\nprobably need to dereference them for IPv4 IPsec entries too.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d", "parents": [], "author": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n" } ] }