)]}' { "log": [ { "commit": "207024b9477e253859abfc30f1ff314cd6008b24", "tree": "92eea92a010de96c2e6a8a3be51beb6e45621540", "parents": [ "62db5cfd70b1ef53aa21f144a806fe3b78c84fab" ], "author": { "name": "stephen hemminger", "email": "shemminger@vyatta.com", "time": "Wed May 12 06:37:07 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon May 17 23:23:13 2010 -0700" }, "message": "pfkey: add severity to printk\n\nPut severity level on pfkey printk messages\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "9a127aad4d60968fba96622008ea0d243688f2b0", "tree": "ab6df3df50405736b7f51b941da6c4d0b368a847", "parents": [ "03e6d819c2cb2cc8ce5642669a0a7c72336ee7a2" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Wed Mar 24 01:47:00 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Mar 24 13:28:27 2010 -0700" }, "message": "af_key: return error if pfkey_xfrm_policy2msg_prep() fails\n\nThe original code saved the error value but just returned 0 in the end.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Jamal Hadi Salim \u003chadi@mojatatu.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8ca2e93b557f2a0b35f7769038abf600177e1122", "tree": "2b25012de07a48c33db0a191924d6e5fcc99c22a", "parents": [ "3d6acfa7641fd0a35f608b142f61e79f7ed8db43" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Mon Feb 22 11:32:57 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Feb 22 16:21:12 2010 -0800" }, "message": "xfrm: SP lookups signature with mark\n\npass mark to all SP lookups to prepare them for when we add code\nto have them search.\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "bd55775c8dd656fc69b3a42a1c4ab32abb7e8af9", "tree": "766b30d5fc29d5d4849a10a290db51fe0f7c3ad7", "parents": [ "bf825f81b454fae2ffe1b675f3a549656726440e" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Mon Feb 22 16:20:22 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Feb 22 16:20:22 2010 -0800" }, "message": "xfrm: SA lookups signature with mark\n\npass mark to all SA lookups to prepare them for when we add code\nto have them search.\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7f6b9dbd5afbd966a82dcbafc5ed62305eb9d479", "tree": "7d6795317f67d79919df5bb6b52121ad94d8ff37", "parents": [ "808f5114a9206fee855117d416440e1071ab375c" ], "author": { "name": "stephen hemminger", "email": "shemminger@vyatta.com", "time": "Mon Feb 22 07:57:19 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Feb 22 15:45:56 2010 -0800" }, "message": "af_key: locking change\n\nGet rid of custom locking that was using wait queue, lock, and atomic\nto basically build a queued mutex. Use RCU for read side.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2f1eb65f366b81aa3c22c31e6e8db26168777ec5", "tree": "3c838f5801d0842c586519ddd4d991e22ac3ecd0", "parents": [ "9e64cc9572b43afcbcd2d004538db435f2cd0587" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Fri Feb 19 02:00:42 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Feb 19 13:11:50 2010 -0800" }, "message": "xfrm: Flushing empty SPD generates false events\n\nTo see the effect make sure you have an empty SPD.\nOn window1 \"ip xfrm mon\" and on window2 issue \"ip xfrm policy flush\"\nYou get prompt back in window2 and you see the flush event on window1.\nWith this fix, you still get prompt on window1 but no event on window2.\n\nThanks to Alexey Dobriyan for finding a bug in earlier version\nwhen using pfkey to do the flushing.\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9e64cc9572b43afcbcd2d004538db435f2cd0587", "tree": "36ccf743338c97b407734f1cfb39b665dd3ce05d", "parents": [ "8be987d73481831265d7e8c648bec838271bfd9b" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Fri Feb 19 02:00:41 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Feb 19 13:11:50 2010 -0800" }, "message": "xfrm: Flushing empty SAD generates false events\n\nTo see the effect make sure you have an empty SAD.\nOn window1 \"ip xfrm mon\" and on window2 issue \"ip xfrm state flush\"\nYou get prompt back in window2 and you see the flush event on window1.\nWith this fix, you still get prompt on window1 but no event on window2.\n\nThanks to Alexey Dobriyan for finding a bug in earlier version\nwhen using pfkey to do the flushing.\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8be987d73481831265d7e8c648bec838271bfd9b", "tree": "d06242ca463d87e3840090959c695d9c1a151799", "parents": [ "927606a17e802fcf0c9ee82a74bc444b84726e67" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Fri Feb 19 02:00:40 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Feb 19 13:11:49 2010 -0800" }, "message": "pfkey: fix SA and SP flush sequence\n\nRFC 2367 says flushing behavior should be:\n1) user space -\u003e kernel: flush\n2) kernel: flush\n3) kernel -\u003e user space: flush event to ALL listeners\n\nThis is not realistic today in the presence of selinux policies\nwhich may reject the flush etc. So we make the sequence become:\n1) user space -\u003e kernel: flush\n2) kernel: flush\n3) kernel -\u003e user space: flush response to originater from #1\n4) if there were no errors then:\nkernel -\u003e user space: flush event to ALL listeners\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "069c474e88bb7753183f1eadbd7786c27888c8e3", "tree": "09b0385d34a2d0b302b1f61a2783bfcdc510732f", "parents": [ "08326dbe7b5825295ec3711eec53b093549749e5" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Feb 17 13:41:40 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Feb 17 13:41:40 2010 -0800" }, "message": "xfrm: Revert false event eliding commits.\n\nAs reported by Alexey Dobriyan:\n\n--------------------\nsetkey now takes several seconds to run this simple script\nand it spits \"recv: Resource temporarily unavailable\" messages.\n\n#!/usr/sbin/setkey -f\nflush;\nspdflush;\n\nadd A B ipcomp 44 -m tunnel -C deflate;\nadd B A ipcomp 45 -m tunnel -C deflate;\n\nspdadd A B any -P in ipsec\n ipcomp/tunnel/192.168.1.2-192.168.1.3/use;\nspdadd B A any -P out ipsec\n ipcomp/tunnel/192.168.1.3-192.168.1.2/use;\n--------------------\n\nObviously applications want the events even when the table\nis empty. So we cannot make this behavioral change.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "0dca3a843632c2fbb6e358734fb08fc23e800f50", "tree": "fe86830e9582b534c0481c2ac2f58e63a684906b", "parents": [ "19f4c7133fc1b94001b997c4843d0a9192ee63e5" ], "author": { "name": "jamal", "email": "hadi@cyberus.ca", "time": "Thu Feb 11 00:53:13 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Feb 15 21:49:50 2010 -0800" }, "message": "xfrm: Flushing empty SPD generates false events\n\nObserved similar behavior on SPD as previouly seen on SAD flushing..\nThis fixes it.\n\ncheers,\njamal\ncommit 428b20432dc31bc2e01a94cd451cf5a2c00d2bf4\nAuthor: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nDate: Thu Feb 11 05:49:38 2010 -0500\n\n xfrm: Flushing empty SPD generates false events\n\n To see the effect make sure you have an empty SPD.\n On window1 \"ip xfrm mon\" and on window2 issue \"ip xfrm policy flush\"\n You get prompt back in window1 and you see the flush event on window2.\n With this fix, you still get prompt on window1 but no event on window2.\n\n Signed-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "19f4c7133fc1b94001b997c4843d0a9192ee63e5", "tree": "403d6b4d53ce3b12c9f5a75819f68542b38d942c", "parents": [ "9546377c42e12513b33925ab829d893dcf521c5f" ], "author": { "name": "jamal", "email": "hadi@cyberus.ca", "time": "Wed Feb 10 23:51:27 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Feb 15 21:49:50 2010 -0800" }, "message": "xfrm: Flushing empty SAD generates false events\n\nTo see the effect make sure you have an empty SAD.\n-On window1 \"ip xfrm mon\"\n-on window2 issue \"ip xfrm state flush\"\nYou get prompt back in window1\nand you see the flush event on window2.\nWith this fix, you still get prompt on window1 but no\nevent on window2.\n\nI was tempted to return -ESRCH on window1 (which would\nshow \"RTNETLINK answers: No such process\") but didnt want\nto change current behavior.\n\ncheers,\njamal\ncommit 5f3dd4a772326166e1bcf54acc2391df00dc7ab5\nAuthor: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nDate: Thu Feb 11 04:41:36 2010 -0500\n\n xfrm: Flushing empty SAD generates false events\n\n To see the effect make sure you have an empty SAD.\n On window1 \"ip xfrm mon\" and on window2 issue \"ip xfrm state flush\"\n You get prompt back in window1 and you see the flush event on window2.\n With this fix, you still get prompt on window1 but no event on window2.\n\n Signed-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "27b5b8657a2aa761f76e45fa60c20b7bafc249dc", "tree": "562e9272445433242b1d4f165311df231d85d72c", "parents": [ "efaffb78d875a155b9f327532c2ddccf28c592b4" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Mon Feb 08 23:20:29 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Feb 10 11:12:10 2010 -0800" }, "message": "net: af_key: use seq_hlist_foo() helpers\n\nSimplify seq_file code.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9c119ba54c0fcae72881948af3d37b47a2f8e1f9", "tree": "0be51b0bf02ece3bb32955e9d33a3998ecd57250", "parents": [ "a4b97f2054af2e411c414ed4cb5e1d0dbfd24a47", "fdd3d631cddad20ad9d3e1eb7dbf26825a8a121f" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Feb 03 19:38:22 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Feb 03 19:38:22 2010 -0800" }, "message": "Merge branch \u0027master\u0027 of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6\n" }, { "commit": "180211b841b5bf13ab10d19202adab3eb7749f6c", "tree": "eeb1a2a2136e03a4a38dc09d26b8dd83b47994c9", "parents": [ "f98bfbd78c37c5946cc53089da32a5f741efdeb7" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Sat Jan 30 02:53:27 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Feb 03 18:11:11 2010 -0800" }, "message": "af_key: fix netns ops ordering on module load/unload\n\n1. After sock_register() returns, it\u0027s possible to create sockets,\n even if module still not initialized fully (blame generic module code\n for that!)\n2. Consequently, pfkey_create() can be called with pfkey_net_id still not\n initialized which will BUG_ON in net_generic():\n\tkernel BUG at include/net/netns/generic.h:43!\n3. During netns shutdown, netns ops should be unregistered after\n key manager unregistered because key manager calls can be triggered\n from xfrm_user module:\n\n \tgeneral protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC\n\tpfkey_broadcast+0x111/0x210 [af_key]\n\tpfkey_send_notify+0x16a/0x300 [af_key]\n\tkm_state_notify+0x41/0x70\n\txfrm_flush_sa+0x75/0x90 [xfrm_user]\n4. Unregister netns ops after socket ops just in case and for symmetry.\n\nReported by Luca Tettamanti.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nTested-by: Luca Tettamanti \u003ckronos.it@gmail.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "28aecb9d7728dc26bf03ce7925fe622023a83a2a", "tree": "b5adad3e5ba77bb00e13a81eea5823bc0d76fb82", "parents": [ "d1c9ae6d1e7b95cedc8e39e8949e795379a0669e" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Fri Jan 29 04:05:52 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 02 15:55:41 2010 -0800" }, "message": "xfrm: avoid spinlock in get_acqseq()\n\nUse atomic_inc_return() in get_acqseq() to avoid taking a spinlock\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2c8c1e7297e19bdef3c178c3ea41d898a7716e3e", "tree": "4d336562e8d5379732a0646e17b0bb1750111ef6", "parents": [ "72659ecce68588b74f6c46862c2b4cec137d7a5a" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Sun Jan 17 03:35:32 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Jan 17 19:16:02 2010 -0800" }, "message": "net: spread __net_init, __net_exit\n\n__net_init/__net_exit are apparently not going away, so use them\nto full extent.\n\nIn some cases __net_init was removed, because it was called from\n__net_exit code.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c20a66f474e890dd8cc34e124632cd85e4165899", "tree": "e311e92cf7de876e9b8c2b9ab4103d31fde63f18", "parents": [ "de039f02d877af52b8d0fe77878b8343a0f99d8b" ], "author": { "name": "Martin Willi", "email": "martin@strongswan.org", "time": "Wed Dec 09 06:11:15 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Dec 11 15:07:57 2009 -0800" }, "message": "xfrm: Fix truncation length of authentication algorithms installed via PF_KEY\n\nCommit 4447bb33f09444920a8f1d89e1540137429351b6 (\"xfrm: Store aalg in\nxfrm_state with a user specified truncation length\") breaks\ninstallation of authentication algorithms via PF_KEY, as the state\nspecific truncation length is not installed with the algorithms\ndefault truncation length. This patch initializes state properly to\nthe default if installed via PF_KEY.\n\nSigned-off-by: Martin Willi \u003cmartin@strongswan.org\u003e\nAcked-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "23c049ca92548483d5e12c94cc983afb3040f626", "tree": "549eceb6f09828f11d8cc8c4ad4cb3fdfbeffb42", "parents": [ "946d1a9298c9e592b189a168326603c92d782b5f" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sun Nov 29 15:46:06 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Dec 01 16:15:54 2009 -0800" }, "message": "net: Simplify af_key pernet operations.\n\nTake advantage of the new pernet automatic storage management,\nand stop using compatibility network namespace functions.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f99189b186f3922ede4fa33c02f6edc735b8c981", "tree": "e216447fc284d6ec98ac1550638ac3a79d71e084", "parents": [ "615534bc490606685621d63a40c0670d0f049d86" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Tue Nov 17 10:42:49 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 18 05:03:25 2009 -0800" }, "message": "netns: net_identifiers should be read_mostly\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3f378b684453f2a028eda463ce383370545d9cc9", "tree": "dc50d087e137c6d173e25ae10ecd0f10823eca7a", "parents": [ "13f18aa05f5abe135f47b6417537ae2b2fedc18c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Nov 05 22:18:14 2009 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 05 22:18:14 2009 -0800" }, "message": "net: pass kern to net_proto_family create function\n\nThe generic __sock_create function has a kern argument which allows the\nsecurity system to make decisions based on if a socket is being created by\nthe kernel or by userspace. This patch passes that flag to the\nnet_proto_family specific create function, so it can do the same thing.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Arnaldo Carvalho de Melo \u003cacme@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3b885787ea4112eaa80945999ea0901bf742707f", "tree": "06fc15f8e8083d5652ccb4d06653d9812dce9c0b", "parents": [ "d5e63bded6e819ca77ee1a1d97c783a31f6caf30" ], "author": { "name": "Neil Horman", "email": "nhorman@tuxdriver.com", "time": "Mon Oct 12 13:26:31 2009 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Oct 12 13:26:31 2009 -0700" }, "message": "net: Generalize socket rx gap / receive queue overflow cmsg\n\nCreate a new socket level option to report number of queue overflows\n\nRecently I augmented the AF_PACKET protocol to report the number of frames lost\non the socket receive queue between any two enqueued frames. This value was\nexported via a SOL_PACKET level cmsg. AFter I completed that work it was\nrequested that this feature be generalized so that any datagram oriented socket\ncould make use of this option. As such I\u0027ve created this patch, It creates a\nnew SOL_SOCKET level option called SO_RXQ_OVFL, which when enabled exports a\nSOL_SOCKET level cmsg that reports the nubmer of times the sk_receive_queue\noverflowed between any two given frames. It also augments the AF_PACKET\nprotocol to take advantage of this new feature (as it previously did not touch\nsk-\u003esk_drops, which this patch uses to record the overflow count). Tested\nsuccessfully by me.\n\nNotes:\n\n1) Unlike my previous patch, this patch simply records the sk_drops value, which\nis not a number of drops between packets, but rather a total number of drops.\nDeltas must be computed in user space.\n\n2) While this patch currently works with datagram oriented protocols, it will\nalso be accepted by non-datagram oriented protocols. I\u0027m not sure if thats\nagreeable to everyone, but my argument in favor of doing so is that, for those\nprotocols which aren\u0027t applicable to this option, sk_drops will always be zero,\nand reporting no drops on a receive queue that isn\u0027t used for those\nnon-participating protocols seems reasonable to me. This also saves us having\nto code in a per-protocol opt in mechanism.\n\n3) This applies cleanly to net-next assuming that commit\n977750076d98c7ff6cbda51858bb5a5894a9d9ab (my af packet cmsg patch) is reverted\n\nSigned-off-by: Neil Horman \u003cnhorman@tuxdriver.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ec1b4cf74c81bfd0fbe5bf62bafc86c45917e72f", "tree": "1b693e4e027f3e42224e6221ae018daeb562e5e1", "parents": [ "f7734fdf61ec6bb848e0bafc1fb8bad2c124bb50" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@vyatta.com", "time": "Mon Oct 05 05:58:39 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Oct 07 01:10:46 2009 -0700" }, "message": "net: mark net_proto_ops as const\n\nAll usages of structure net_proto_ops should be declared const.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5ca1b998d33c39819fca2b675d80c4469e705f2d", "tree": "fbe882f3908b6b57ae3fe54d13abb0067538276d", "parents": [ "3b401a81c0d50ea9c718cf837f62cc2e6e79cc30" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@vyatta.com", "time": "Tue Sep 01 19:25:05 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Sep 02 01:03:53 2009 -0700" }, "message": "net: file_operations should be const\n\nAll instances of file_operations should be const.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "98147d527a038c4aab599e57323a4e5d727c28a6", "tree": "0a9b012258f5f05d1308adc282741d32aa0958f0", "parents": [ "0fc0b732eaa38beb93a6fb62f77c7bd9622c76ec" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@vyatta.com", "time": "Tue Sep 01 19:25:02 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Sep 02 01:03:39 2009 -0700" }, "message": "net: seq_operations should be const\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "31e6d363abcd0d05766c82f1a9c905a4c974a199", "tree": "f2b5c46354d95f91e743ae748b8add0de8bffd17", "parents": [ "d3b238a03efd6d644ff93c8b10a1d38a596f2e34" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Wed Jun 17 19:05:41 2009 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Jun 18 00:29:12 2009 -0700" }, "message": "net: correct off-by-one write allocations reports\n\ncommit 2b85a34e911bf483c27cfdd124aeb1605145dc80\n(net: No more expensive sock_hold()/sock_put() on each tx)\nchanged initial sk_wmem_alloc value.\n\nWe need to take into account this offset when reporting\nsk_wmem_alloc to user, in PROC_FS files or various\nioctls (SIOCOUTQ/TIOCOUTQ)\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6f961068671698c242f1828960485fef1392916f", "tree": "3a4a7119d026e3639496d44a50f5ff8692169e96", "parents": [ "fbbfb986a8a3dfb42cd4cae7b1c7f822792823af" ], "author": { "name": "Wei Yongjun", "email": "yjwei@cn.fujitsu.com", "time": "Wed Feb 25 00:31:04 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Feb 26 23:07:32 2009 -0800" }, "message": "af_key: remove some pointless conditionals before kfree_skb()\n\nRemove some pointless conditionals before kfree_skb().\n\nSigned-off-by: Wei Yongjun \u003cyjwei@cn.fujitsu.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a8d694c651356ec89452e15b0189c061fb7e1cf1", "tree": "58c33e52bf6aeda0a230eb2f7797051c46d83947", "parents": [ "e918085aaff34086e265f825dd469926b1aec4a4" ], "author": { "name": "Timo Teras", "email": "timo.teras@iki.fi", "time": "Sun Jan 25 20:49:14 2009 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Jan 25 20:49:14 2009 -0800" }, "message": "af_key: initialize xfrm encap_oa\n\nCurrently encap_oa is left uninitialized, so it contains garbage data which\nis visible to userland via Netlink. Initialize it by zeroing it out.\n\nSigned-off-by: Timo Teras \u003ctimo.teras@iki.fi\u003e\nAcked-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7013ec30e0e2bc5b1e602e19a4e0668f9b7c0a72", "tree": "7d46a9330d52d8cd9b4b737ffda7ea291c831446", "parents": [ "07fb0f1799dcb6b3df527909811fd6704278842e" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:59:00 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:59:00 2008 -0800" }, "message": "netns PF_KEY: per-netns /proc/pfkey\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "07fb0f1799dcb6b3df527909811fd6704278842e", "tree": "65b14c59b1010b529bf087cbc6329a96d9e6e347", "parents": [ "3fa87a3210a24ae406c2ccd37a52585baeb21546" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:58:31 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:58:31 2008 -0800" }, "message": "netns PF_KEY: part 2\n\n* interaction with userspace -- take netns from userspace socket.\n* in -\u003enotify hook take netns either from SA or explicitly passed --\n\twe don\u0027t know if SA/SPD flush is coming.\n* stub policy migration with init_net for now.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3fa87a3210a24ae406c2ccd37a52585baeb21546", "tree": "b4fee69b1314d107659c7e2f22c00fa5a845fe68", "parents": [ "7c2776ee21a60e0d370538bd08b9ed82979f6e3a" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:58:07 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:58:07 2008 -0800" }, "message": "netns PF_KEY: part 1\n\n* netns boilerplate\n* keep per-netns socket list\n* keep per-netns number of sockets\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7067802e262457a9737521e5669b622028b2283a", "tree": "f6f94b1429700979cb1407fc1f96de487f6bf085", "parents": [ "fc34acd36eecdec95171b98ef2516e3d4daa5c41" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:50:36 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:50:36 2008 -0800" }, "message": "netns xfrm: pass netns with KM notifications\n\nSA and SPD flush are executed with NULL SA and SPD respectively, for\nthese cases pass netns explicitly from userspace socket.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "cdcbca7c1f1946758cfacb69bc1c7eeaccb11e2d", "tree": "1ee0f5edf7fb9e50f7f70c680044be33d41a0d41", "parents": [ "8d1211a6aaea43ea36151c17b0193eb763ff2d7e" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:34:49 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:34:49 2008 -0800" }, "message": "netns xfrm: policy walking in netns\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8d1211a6aaea43ea36151c17b0193eb763ff2d7e", "tree": "8e58601a897ec0e2afb3b2b1df695560b0d76ed4", "parents": [ "33ffbbd52c327225a3e28485c39dc5746d81be03" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:34:20 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:34:20 2008 -0800" }, "message": "netns xfrm: finding policy in netns\n\nAdd netns parameter to xfrm_policy_bysel_ctx(), xfrm_policy_byidx().\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "33ffbbd52c327225a3e28485c39dc5746d81be03", "tree": "ae11b5bbc1651fa5bb53c6c9764128ad7a8a574a", "parents": [ "1121994c803f4a4f471d617443ff2a09515725e7" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:33:32 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:33:32 2008 -0800" }, "message": "netns xfrm: policy flushing in netns\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "284fa7da300adcb700b44df2f64a536b434d4650", "tree": "382f31cff91d68085b03bd4df639fd7ad3c78051", "parents": [ "5447c5e401c49aba0c36bb1066f2d25b152553b7" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:32:14 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:32:14 2008 -0800" }, "message": "netns xfrm: state walking in netns\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5447c5e401c49aba0c36bb1066f2d25b152553b7", "tree": "5a5b4e0736368a70a266bd04075d174310aa5f80", "parents": [ "12604d8aaa38ac4e24299c9803fefdb301a16421" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:31:51 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:31:51 2008 -0800" }, "message": "netns xfrm: finding states in netns\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "221df1ed33c9284fc7a6f6e47ca7f8d5f3665d43", "tree": "1961ab9f9061b595e10449a24e7275d91f422de2", "parents": [ "0e6024519b4da2d9413b97be1de8122d5709ccc1" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:30:50 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:30:50 2008 -0800" }, "message": "netns xfrm: state lookup in netns\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "0e6024519b4da2d9413b97be1de8122d5709ccc1", "tree": "169bb5b6b763dbb63ccb23decd36441daa8398ca", "parents": [ "98806f75ba2afc716e4d2f915d3ac7687546f9c0" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:30:18 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:30:18 2008 -0800" }, "message": "netns xfrm: state flush in netns\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "0331b1f383e1fa4049f8e75cafeea8f006171c64", "tree": "69409ab7c17e1527ed063bb4f2eda440e2cb4ea2", "parents": [ "50a30657fd7ee77a94a6bf0ad86eba7c37c3032e" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:21:45 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:21:45 2008 -0800" }, "message": "netns xfrm: add struct xfrm_policy::xp_net\n\nAgain, to avoid complications with passing netns when not necessary.\nAgain, -\u003exp_net is set-once field, once set it never changes.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "50a30657fd7ee77a94a6bf0ad86eba7c37c3032e", "tree": "7eb9165881b9082588eb2c373e9ed2ebc013321e", "parents": [ "c78371441c0d957f54c9f8a35b3ee5a378d14808" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:21:01 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:21:01 2008 -0800" }, "message": "netns xfrm: per-netns km_waitq\n\nDisallow spurious wakeups in __xfrm_lookup().\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "673c09be457bb23aa0eaaa79804cbb342210d195", "tree": "9948d1859bbcd07316f5cea239b86845d6061570", "parents": [ "d62ddc21b674b5ac1466091ff3fbf7baa53bc92c" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Tue Nov 25 17:15:16 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 25 17:15:16 2008 -0800" }, "message": "netns xfrm: add struct xfrm_state::xs_net\n\nTo avoid unnecessary complications with passing netns around.\n\n* set once, very early after allocating\n* once set, never changes\n\nFor a while create every xfrm_state in init_net.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "70e90679ffce0937deb77e2bd8bd918a24a897fd", "tree": "12950c5e0de1a0c86dd412474066cedef418b1c4", "parents": [ "4bab0ea1d42dd1927af9df6fbf0003fc00617c50" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Thu Nov 06 23:08:37 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 06 23:08:37 2008 -0800" }, "message": "af_key: mark policy as dead before destroying\n\nxfrm_policy_destroy() will oops if not dead policy is passed to it.\nOn error path in pfkey_compile_policy() exactly this happens.\n\nOopsable for CAP_NET_ADMIN owners.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "920da6923cf03c8a78fbaffa408f8ab37f6abfc1", "tree": "40b5c407d15f46920f1a66b6da5312654230ca4c", "parents": [ "cbafe312ef4a263e9aa36786bc67e1e6d959872b" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Fri Oct 31 16:41:26 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Oct 31 16:41:26 2008 -0700" }, "message": "key: fix setkey(8) policy set breakage\n\nSteps to reproduce:\n\n\t#/usr/sbin/setkey -f\n\tflush;\n\tspdflush;\n\n\tadd 192.168.0.42 192.168.0.1 ah 24500 -A hmac-md5 \"1234567890123456\";\n\tadd 192.168.0.42 192.168.0.1 esp 24501 -E 3des-cbc \"123456789012123456789012\";\n\n\tspdadd 192.168.0.42 192.168.0.1 any -P out ipsec\n\t\tesp/transport//require\n\t\tah/transport//require;\n\nsetkey: invalid keymsg length\n\nPolicy dump will bail out with the same message after that.\n\n-recv(4, \"\\2\\16\\0\\0\\32\\0\\3\\0\\0\\0\\0\\0\\37\\r\\0\\0\\3\\0\\5\\0\\377 \\0\\0\\2\\0\\0\\0\\300\\250\\0*\\0\"..., 32768, 0) \u003d 208\n+recv(4, \"\\2\\16\\0\\0\\36\\0\\3\\0\\0\\0\\0\\0H\\t\\0\\0\\3\\0\\5\\0\\377 \\0\\0\\2\\0\\0\\0\\300\\250\\0*\\0\"..., 32768, 0) \u003d 208\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1839faab9a2747bcd30ee14e50575a39bf6735d4", "tree": "d255fc1b5605587312ab8edc35ac61192e1bd1b7", "parents": [ "d2a3b222cf976bc44bb9aed13f7b17feea28f633" ], "author": { "name": "Tobias Brunner", "email": "tobias.brunner@strongswan.org", "time": "Fri Oct 10 14:07:03 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Oct 10 14:07:03 2008 -0700" }, "message": "af_key: fix SADB_X_SPDDELETE response\n\nWhen deleting an SPD entry using SADB_X_SPDDELETE, c.data.byid is not\ninitialized to zero in pfkey_spddelete(). Thus, key_notify_policy()\nresponds with a PF_KEY message of type SADB_X_SPDDELETE2 instead of\nSADB_X_SPDDELETE.\n\nSigned-off-by: Tobias Brunner \u003ctobias.brunner@strongswan.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "13c1d18931ebb5cf407cb348ef2cd6284d68902d", "tree": "6d590f85e48b4cce8f67e42c65b88fce8fcc49c6", "parents": [ "95430c0b140c31cb9e39f876afe1c0e9947d1aaf" ], "author": { "name": "Arnaud Ebalard", "email": "arno@natisbad.org", "time": "Sun Oct 05 13:33:42 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Oct 05 13:33:42 2008 -0700" }, "message": "xfrm: MIGRATE enhancements (draft-ebalard-mext-pfkey-enhanced-migrate)\n\nProvides implementation of the enhancements of XFRM/PF_KEY MIGRATE mechanism\nspecified in draft-ebalard-mext-pfkey-enhanced-migrate-00. Defines associated\nPF_KEY SADB_X_EXT_KMADDRESS extension and XFRM/netlink XFRMA_KMADDRESS\nattribute.\n\nSigned-off-by: Arnaud Ebalard \u003carno@natisbad.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "12a169e7d8f4b1c95252d8b04ed0f1033ed7cfe2", "tree": "9630d7798d4fdfc06d6001ccd057aff68f39f908", "parents": [ "b262e60309e1b0eb25d300c7e739427d5316abb1" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Wed Oct 01 07:03:24 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Oct 01 07:03:24 2008 -0700" }, "message": "ipsec: Put dumpers on the dump list\n\nHerbert Xu came up with the idea and the original patch to make\nxfrm_state dump list contain also dumpers:\n\nAs it is we go to extraordinary lengths to ensure that states\ndon\u0027t go away while dumpers go to sleep. It\u0027s much easier if\nwe just put the dumpers themselves on the list since they can\u0027t\ngo away while they\u0027re going.\n\nI\u0027ve also changed the order of addition on new states to prevent\na never-ending dump.\n\nTimo Teräs improved the patch to apply cleanly to latest tree,\nmodified iteration code to be more readable by using a common\nstruct for entries in the list, implemented the same idea for\nxfrm_policy dumping and moved the af_key specific \"last\" entry\ncaching to af_key.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: Timo Teras \u003ctimo.teras@iki.fi\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "0523820482dcb42784572ffd2296c2f08c275a2b", "tree": "19a31ae7b58a650fd58dab39a391aba3f7e3a23a", "parents": [ "5dc121e9a7a8a3721cefeb07f3559f50fbedc67e" ], "author": { "name": "Timo Teras", "email": "timo.teras@iki.fi", "time": "Wed Oct 01 05:17:54 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Oct 01 05:17:54 2008 -0700" }, "message": "af_key: Free dumping state on socket close\n\nFix a xfrm_{state,policy}_walk leak if pfkey socket is closed while\ndumping is on-going.\n\nSigned-off-by: Timo Teras \u003ctimo.teras@iki.fi\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "547b792cac0a038b9dbf958d3c120df3740b5572", "tree": "08554d083b0ca7d65739dc1ce12f9b12a9b8e1f8", "parents": [ "53e5e96ec18da6f65e89f05674711e1c93d8df67" ], "author": { "name": "Ilpo Järvinen", "email": "ilpo.jarvinen@helsinki.fi", "time": "Fri Jul 25 21:43:18 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jul 25 21:43:18 2008 -0700" }, "message": "net: convert BUG_TRAP to generic WARN_ON\n\nRemoves legacy reinvent-the-wheel type thing. The generic\nmachinery integrates much better to automated debugging aids\nsuch as kerneloops.org (and others), and is unambiguous due to\nbetter naming. Non-intuively BUG_TRAP() is actually equal to\nWARN_ON() rather than BUG_ON() though some might actually be\npromoted to BUG_ON() but I left that to future.\n\nI could make at least one BUILD_BUG_ON conversion.\n\nSigned-off-by: Ilpo Järvinen \u003cilpo.jarvinen@helsinki.fi\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4ae127d1b6c71f9240dd4245f240e6dd8fc98014", "tree": "b7aa27b3e0c655f4613fe2146cb57d7f69e421f6", "parents": [ "875ec4333b99144e2589e900a0bcd2c25c757b27", "7775c9753b94fe429dc4323360d6502c95e0dd6e" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jun 13 20:52:39 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jun 13 20:52:39 2008 -0700" }, "message": "Merge branch \u0027master\u0027 of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6\n\nConflicts:\n\n\tdrivers/net/smc911x.c\n" }, { "commit": "81b302a321a0d99ff172b8cb2a8de17bff2f9499", "tree": "4b12e8a36c801b1f14c45730a03bc40b40865996", "parents": [ "5f95ac9111f75aa240dc3bcabffc0f047f13cb64" ], "author": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Mon Apr 28 03:17:38 2008 +0900" }, "committer": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Thu Jun 12 02:38:17 2008 +0900" }, "message": "key: Use xfrm_addr_cmp() where appropriate.\n\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\n" }, { "commit": "5f95ac9111f75aa240dc3bcabffc0f047f13cb64", "tree": "a4e0d2a650ed3fd2c6d248241ffae7e23e71d048", "parents": [ "e5b56652c11baf144eb713c33ff70a1b5d6d09bc" ], "author": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Mon Apr 28 02:46:24 2008 +0900" }, "committer": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Thu Jun 12 02:38:17 2008 +0900" }, "message": "key: Share common code path to extract address from sockaddr{}.\n\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\n" }, { "commit": "e5b56652c11baf144eb713c33ff70a1b5d6d09bc", "tree": "b9e23467dc5e7a1182601984820b8d330190459d", "parents": [ "9e8b4ed8bb7d2f0f91dccf0abf648771d76e7a01" ], "author": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Mon Apr 28 01:46:41 2008 +0900" }, "committer": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Thu Jun 12 02:38:16 2008 +0900" }, "message": "key: Share common code path to fill sockaddr{}.\n\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\n" }, { "commit": "9e8b4ed8bb7d2f0f91dccf0abf648771d76e7a01", "tree": "44be0ec32b667eb5d4dbf3448a4b44cdfac5b9f1", "parents": [ "3de232554a91adc74e80dc15c304be806bd7e1f9" ], "author": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Mon Apr 28 00:50:45 2008 +0900" }, "committer": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Thu Jun 12 02:38:15 2008 +0900" }, "message": "key: Introduce pfkey_sockaddr_len() for raw sockaddr{} length.\n\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\n" }, { "commit": "99c6f60e72f112b57ddb07abb2e5f771ee211f43", "tree": "b955bdf6f02ad700adb0bffd4bcd1c3fc0a20366", "parents": [ "bc6cffd177f9266af38dba96a2cea06c1e7ff932" ], "author": { "name": "Jamal Hadi Salim", "email": "hadi@cyberus.ca", "time": "Tue Jun 10 14:25:34 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Jun 10 14:25:34 2008 -0700" }, "message": "ipsec: pfkey should ignore events when no listeners\n\nWhen pfkey has no km listeners, it still does a lot of work\nbefore finding out there aint nobody out there.\nIf a tree falls in a forest and no one is around to hear it, does it make\na sound? In this case it makes a lot of noise:\nWith this short-circuit adding 10s of thousands of SAs using\nnetlink improves performance by ~10%.\n\nSigned-off-by: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4da5105687e0993a3bbdcffd89b2b94d9377faab", "tree": "bd6a67ec275f11f633224aa683e4102437a2d646", "parents": [ "d8ac48d4cbae0cc59b7784399292fbda3e231be3" ], "author": { "name": "Kazunori MIYAZAWA", "email": "kazunori@miyazawa.org", "time": "Wed May 21 13:26:11 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed May 21 13:26:11 2008 -0700" }, "message": "af_key: Fix selector family initialization.\n\nThis propagates the xfrm_user fix made in commit\nbcf0dda8d2408fe1c1040cdec5a98e5fcad2ac72 (\"[XFRM]: xfrm_user: fix\nselector family initialization\")\n\nBased upon a bug report from, and tested by, Alan Swanson.\n\nSigned-off-by: Kazunori MIYAZAWA \u003ckazunori@miyazawa.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n\n" }, { "commit": "2532386f480eefbdd67b48be55fb4fb3e5a6081c", "tree": "dd6a5a3c4116a67380a1336319c16632f04f80f9", "parents": [ "436c405c7d19455a71f42c9bec5fd5e028f1eb4e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:09:25 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:18:03 2008 -0400" }, "message": "Audit: collect sessionid in netlink messages\n\nPreviously I added sessionid output to all audit messages where it was\navailable but we still didn\u0027t know the sessionid of the sender of\nnetlink messages. This patch adds that information to netlink messages\nso we can audit who sent netlink messages.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2db3e47e7080fde2a43d6312190d8229826b8e42", "tree": "a9f03b52cce1501c32a8d24d657d3d5bc1888fae", "parents": [ "9edb74cc6ccb3a893c3d40727b7003c3c16f85a0" ], "author": { "name": "Brian Haley", "email": "brian.haley@hp.com", "time": "Thu Apr 24 20:38:31 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 24 20:38:31 2008 -0700" }, "message": "af_key: Fix af_key.c compiler warning\n\nnet/key/af_key.c: In function ‘pfkey_spddelete’:\nnet/key/af_key.c:2359: warning: ‘pol_ctx’ may be used uninitialized in \nthis function\n\nWhen CONFIG_SECURITY_NETWORK_XFRM isn\u0027t set, \nsecurity_xfrm_policy_alloc() is an inline that doesn\u0027t set pol_ctx, so \nthis seemed like the easiest fix short of using *uninitialized_var(pol_ctx).\n\nSigned-off-by: Brian Haley \u003cbrian.haley@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c5d18e984a313adf5a1a4ae69e0b1d93cf410229", "tree": "2922514a388759b999757eec49b7a5bd9f290e3c", "parents": [ "7c3f944e29c02d71e13442e977cf4cec19c39e98" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Tue Apr 22 00:46:42 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Apr 22 00:46:42 2008 -0700" }, "message": "[IPSEC]: Fix catch-22 with algorithm IDs above 31\n\nAs it stands it\u0027s impossible to use any authentication algorithms\nwith an ID above 31 portably. It just happens to work on x86 but\nfails miserably on ppc64.\n\nThe reason is that we\u0027re using a bit mask to check the algorithm\nID but the mask is only 32 bits wide.\n\nAfter looking at how this is used in the field, I have concluded\nthat in the long term we should phase out state matching by IDs\nbecause this is made superfluous by the reqid feature. For current\napplications, the best solution IMHO is to allow all algorithms when\nthe bit masks are all ~0.\n\nThe following patch does exactly that.\n\nThis bug was identified by IBM when testing on the ppc64 platform\nusing the NULL authentication algorithm which has an ID of 251.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "03e1ad7b5d871d4189b1da3125c2f12d1b5f7d0b", "tree": "1e7f291ac6bd0c1f3a95e8252c32fcce7ff47ea7", "parents": [ "00447872a643787411c2c0cb1df6169dda8b0c47" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Sat Apr 12 19:07:52 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Apr 12 19:07:52 2008 -0700" }, "message": "LSM: Make the Labeled IPsec hooks more stack friendly\n\nThe xfrm_get_policy() and xfrm_add_pol_expire() put some rather large structs\non the stack to work around the LSM API. This patch attempts to fix that\nproblem by changing the LSM API to require only the relevant \"security\"\npointers instead of the entire SPD entry; we do this for all of the\nsecurity_xfrm_policy*() functions to keep things consistent.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8e8e43843ba3ced0c657cbc0fdb10644ec60f772", "tree": "e64954326ced9c365c52c256f01b5f9fb1bcae66", "parents": [ "ed85f2c3b2b72bd20f617ac749f5c22be8d0f66e", "50fd4407b8bfbde7c1a0bfe4f24de7df37164342" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Mar 27 18:48:56 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Mar 27 18:48:56 2008 -0700" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\nConflicts:\n\n\tdrivers/net/usb/rndis_host.c\n\tdrivers/net/wireless/b43/dma.c\n\tnet/ipv6/ndisc.c\n" }, { "commit": "df9dcb4588aca9cc243cf1f3f454361a84e1cbdb", "tree": "53dabed7cffee752109808cbea2f812e0a6d7faf", "parents": [ "fa86d322d89995fef1bfb5cc768b89d8c22ea0d9" ], "author": { "name": "Kazunori MIYAZAWA", "email": "kazunori@miyazawa.org", "time": "Mon Mar 24 14:51:51 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 24 14:51:51 2008 -0700" }, "message": "[IPSEC]: Fix inter address family IPsec tunnel handling.\n\nSigned-off-by: Kazunori MIYAZAWA \u003ckazunori@miyazawa.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "83321d6b9872b94604e481a79dc2c8acbe4ece31", "tree": "7ea6bad51b21b2dd5abaaab75df2fc546f623441", "parents": [ "26bad2c05eef400d9af16979bd96e301902ebd13" ], "author": { "name": "Timo Teras", "email": "timo.teras@iki.fi", "time": "Mon Mar 03 23:40:12 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 03 23:40:12 2008 -0800" }, "message": "[AF_KEY]: Dump SA/SP entries non-atomically\n\nStop dumping of entries when af_key socket receive queue is getting\nfull and continue it later when there is more room again.\n\nThis fixes dumping of large databases. Currently the entries not\nfitting into the receive queue are just dropped (including the\nend-of-dump message) which can confuse applications.\n\nSigned-off-by: Timo Teras \u003ctimo.teras@iki.fi\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4c563f7669c10a12354b72b518c2287ffc6ebfb3", "tree": "056ec93f192f31640f32983c9e11bc7ce1c0692f", "parents": [ "1e04d530705280770e003ac8db516722cca54758" ], "author": { "name": "Timo Teras", "email": "timo.teras@iki.fi", "time": "Thu Feb 28 21:31:08 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Feb 28 21:31:08 2008 -0800" }, "message": "[XFRM]: Speed up xfrm_policy and xfrm_state walking\n\nChange xfrm_policy and xfrm_state walking algorithm from O(n^2) to O(n).\nThis is achieved adding the entries to one more list which is used\nsolely for walking the entries.\n\nThis also fixes some races where the dump can have duplicate or missing\nentries when the SPD/SADB is modified during an ongoing dump.\n\nDumping SADB with 20000 entries using \"time ip xfrm state\" the sys\ntime dropped from 1.012s to 0.080s.\n\nSigned-off-by: Timo Teras \u003ctimo.teras@iki.fi\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d9595a7b9c777d45a74774f1428c263a0a47f4c0", "tree": "1151c7d17fe6b95f99134d8689876cdae8f491e4", "parents": [ "78374676efae525094aee45c0aab4bcab95ea9d1" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 26 22:20:44 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 26 22:23:31 2008 -0800" }, "message": "[AF_KEY]: Fix oops by converting to proc_net_*().\n\nTo make sure the procfs visibility occurs after the -\u003eproc_fs ops are\nsetup, use proc_net_fops_create() and proc_net_remove().\n\nThis also fixes an OOPS after module unload in that the name string\nfor remove was wrong, so it wouldn\u0027t actually be removed. That bug\nwas introduced by commit 61145aa1a12401ac71bcc450a58c773dd6e2bfb9\n(\"[KEY]: Clean up proc files creation a bit.\")\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a4d6b8af1e92daa872f55d06415b76c35f44d8bd", "tree": "a1c4b760b39176cffdca6f2213681236d920734a", "parents": [ "d0c1fd7a8f4cadb95b093d2600ad627f432c5edb" ], "author": { "name": "Kazunori MIYAZAWA", "email": "kazunori@miyazawa.org", "time": "Thu Feb 14 14:51:38 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Feb 14 14:51:38 2008 -0800" }, "message": "[AF_KEY]: Fix bug in spdadd\n\nThis patch fix a BUG when adding spds which have same selector.\n\nSigned-off-by: Kazunori MIYAZAWA \u003ckazunori@miyazawa.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "bd2f747658b303d9b08d2c5bc815022d825a5e3c", "tree": "c04d118379e68c7cb17a967b16dc561dda418dcd", "parents": [ "61145aa1a12401ac71bcc450a58c773dd6e2bfb9" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Sat Feb 09 23:20:06 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Feb 09 23:20:06 2008 -0800" }, "message": "[KEY]: Convert net/pfkey to use seq files.\n\nThe seq files API disposes the caller of the difficulty of\nchecking file position, the length of data to produce and\nthe size of provided buffer.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "61145aa1a12401ac71bcc450a58c773dd6e2bfb9", "tree": "8e9612d88158030e3a62ca76d95c3304948fc4ab", "parents": [ "0efeaa335ce494680d1884f267eed7642dee3ca8" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Sat Feb 09 23:19:14 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Feb 09 23:19:14 2008 -0800" }, "message": "[KEY]: Clean up proc files creation a bit.\n\nMainly this removes ifdef-s from inside the ipsec_pfkey_init.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "0c11b9428f619ab377c92eff2f160a834a6585dd", "tree": "35b573715ad5730a77d067486838345132771a7a", "parents": [ "24e1c13c93cbdd05e4b7ea921c0050b036555adc" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 10 04:20:52 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:04:59 2008 -0500" }, "message": "[PATCH] switch audit_get_loginuid() to task_struct *\n\nall callers pass something-\u003eaudit_context\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "64c31b3f76482bb64459e786f9eca3bd0164d153", "tree": "4f8fa9e23dbb2b2a73c4516263c983b01cff4f3a", "parents": [ "d66e37a99d323012165ce91fd5c4518e2fcea0c5" ], "author": { "name": "WANG Cong", "email": "xiyou.wangcong@gmail.com", "time": "Mon Jan 07 22:34:29 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jan 28 15:00:46 2008 -0800" }, "message": "[XFRM] xfrm_policy_destroy: Rename and relative fixes.\n\nSince __xfrm_policy_destroy is used to destory the resources\nallocated by xfrm_policy_alloc. So using the name\n__xfrm_policy_destroy is not correspond with xfrm_policy_alloc.\nRename it to xfrm_policy_destroy.\n\nAnd along with some instances that call xfrm_policy_alloc\nbut not using xfrm_policy_destroy to destroy the resource,\nfix them.\n\nSigned-off-by: WANG Cong \u003cxiyou.wangcong@gmail.com\u003e\nAcked-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d4782c323d10d3698b71b6a6b3c7bdad33824658", "tree": "5c2b4706135ab68f5690adbbe7480b627476608d", "parents": [ "421c991483a6e52091cd2120c007cbc220d669ae" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Sun Jan 20 17:24:29 2008 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Jan 20 20:31:45 2008 -0800" }, "message": "[AF_KEY]: Fix skb leak on pfkey_send_migrate() error\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f398035f2dec0a6150833b0bc105057953594edb", "tree": "861e4cffa93b61d1469df346267fa068f9fdf283", "parents": [ "e0260feddf8a68301c75cdfff9ec251d5851b006" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Wed Dec 19 23:44:29 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Dec 19 23:44:29 2007 -0800" }, "message": "[IPSEC]: Avoid undefined shift operation when testing algorithm ID\n\nThe aalgos/ealgos fields are only 32 bits wide. However, af_key tries\nto test them with the expression 1 \u003c\u003c id where id can be as large as\n253. This produces different behaviour on different architectures.\n\nThe following patch explicitly checks whether ID is greater than 31\nand fails the check if that\u0027s the case.\n\nWe cannot easily extend the mask to be longer than 32 bits due to\nexposure to user-space. Besides, this whole interface is obsolete\nanyway in favour of the xfrm_user interface which doesn\u0027t use this\nbit mask in templates (well not within the kernel anyway).\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8053fc3de720e1027d690f892ff7d7c1737fdd9d", "tree": "0437efa29587beb5ebb174c402f7954cfde2269a", "parents": [ "7f9c33e515353ea91afc62341161fead19e78567" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Mon Nov 26 19:07:34 2007 +0800" }, "committer": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Mon Nov 26 19:07:34 2007 +0800" }, "message": "[IPSEC]: Temporarily remove locks around copying of non-atomic fields\n\nThe change 050f009e16f908932070313c1745d09dc69fd62b\n\n\t[IPSEC]: Lock state when copying non-atomic fields to user-space\n\ncaused a regression.\n\nIngo Molnar reports that it causes a potential dead-lock found by the\nlock validator as it tries to take x-\u003elock within xfrm_state_lock while\nnumerous other sites take the locks in opposite order.\n\nFor 2.6.24, the best fix is to simply remove the added locks as that puts\nus back in the same state as we\u0027ve been in for years. For later kernels\na proper fix would be to reverse the locking order for every xfrm state\nuser such that if x-\u003elock is taken together with xfrm_state_lock then\nit is to be taken within it.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\n" }, { "commit": "435000bebd94aae3a7a50078d142d11683d3b193", "tree": "f40c9c1a6b21db3d720ff608b3f81ce1f32f77ea", "parents": [ "8c92e6b0bf48a1735ddc61ebb08a0bb77c6bfa23" ], "author": { "name": "Charles Hardin", "email": "chardin@2wire.com", "time": "Thu Nov 22 19:35:15 2007 +0800" }, "committer": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Thu Nov 22 19:35:15 2007 +0800" }, "message": "[PFKEY]: Sending an SADB_GET responds with an SADB_GET\n\nFrom: Charles Hardin \u003cchardin@2wire.com\u003e\n\nKernel needs to respond to an SADB_GET with the same message type to\nconform to the RFC 2367 Section 3.1.5\n\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\n" }, { "commit": "6257ff2177ff02d7f260a7a501876aa41cb9a9f6", "tree": "9d9f80ccf16f3d4ef062e896f62974c5496193ad", "parents": [ "154adbc8469ff21fbf5c958446ee92dbaab01be1" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Nov 01 00:39:31 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 01 00:39:31 2007 -0700" }, "message": "[NET]: Forget the zero_it argument of sk_alloc()\n\nFinally, the zero_it argument can be completely removed from\nthe callers and from the function prototype.\n\nBesides, fix the checkpatch.pl warnings about using the\nassignments inside if-s.\n\nThis patch is rather big, and it is a part of the previous one.\nI splitted it wishing to make the patches more readable. Hope \nthis particular split helped.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "298bb62175a8e8c2f21f3e00543cda853f423599", "tree": "185cd32204c9758369c125971f268db9749f9157", "parents": [ "97ef1bb0c8e371b7988287f38bd107c4aa14d78d" ], "author": { "name": "Stephen Rothwell", "email": "sfr@canb.auug.org.au", "time": "Tue Oct 30 23:57:05 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Oct 30 23:57:05 2007 -0700" }, "message": "[AF_KEY]: suppress a warning for 64k pages.\n\nOn PowerPC allmodconfig build we get this:\n\nnet/key/af_key.c:400: warning: comparison is always false due to limited range of data type\n\nSigned-off-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "050f009e16f908932070313c1745d09dc69fd62b", "tree": "2176b8034065bf2e8b401865efcfaab912bb1997", "parents": [ "68325d3b12ad5bce650c2883bb878257f197efff" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Tue Oct 09 13:31:47 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:55:02 2007 -0700" }, "message": "[IPSEC]: Lock state when copying non-atomic fields to user-space\n\nThis patch adds locking so that when we\u0027re copying non-atomic fields such as\nlife-time or coaddr to user-space we don\u0027t get a partial result.\n\nFor af_key I\u0027ve changed every instance of pfkey_xfrm_state2msg apart from\nexpiration notification to include the keys and life-times. This is in-line\nwith XFRM behaviour.\n\nThe actual cases affected are:\n\n* pfkey_getspi: No change as we don\u0027t have any keys to copy.\n* key_notify_sa:\n\t+ ADD/UPD: This wouldn\u0027t work otherwise.\n\t+ DEL: It can\u0027t hurt.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "658b219e9379d75fbdc578b9630b598098471258", "tree": "fe802c4e1ee6468a9c2558a5e529b2380845a003", "parents": [ "75ba28c633952f7994a7117c98ae6515b58f8d30" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Tue Oct 09 13:29:52 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:55:01 2007 -0700" }, "message": "[IPSEC]: Move common code into xfrm_alloc_spi\n\nThis patch moves some common code that conceptually belongs to the xfrm core\nfrom af_key/xfrm_user into xfrm_alloc_spi.\n\nIn particular, the spin lock on the state is now taken inside xfrm_alloc_spi.\nPreviously it also protected the construction of the response PF_KEY/XFRM\nmessages to user-space. This is inconsistent as other identical constructions\nare not protected by the state lock. This is bad because they in fact should\nbe protected but only in certain spots (so as not to hold the lock for too\nlong which may cause packet drops).\n\nThe SPI byte order conversion has also been moved.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1b8d7ae42d02e483ad94035cca851e4f7fbecb40", "tree": "81f8cc0ee49ef99cc67dfed3dc7b7ecb510abf8b", "parents": [ "457c4cbc5a3dde259d2a1f15d5f9785290397267" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Oct 08 23:24:22 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:49:07 2007 -0700" }, "message": "[NET]: Make socket creation namespace safe.\n\nThis patch passes in the namespace a new socket should be created in\nand has the socket code do the appropriate reference counting. By\nvirtue of this all socket create methods are touched. In addition\nthe socket create methods are modified so that they will fail if\nyou attempt to create a socket in a non-default network namespace.\n\nFailing if we attempt to create a socket outside of the default\nnetwork namespace ensures that as we incrementally make the network stack\nnetwork namespace aware we will not export functionality that someone\nhas not audited and made certain is network namespace safe.\nAllowing us to partially enable network namespaces before all of the\nexotic protocols are supported.\n\nAny protocol layers I have missed will fail to compile because I now\npass an extra parameter into the socket creation code.\n\n[ Integrated AF_IUCV build fixes from Andrew Morton... -DaveM ]\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "457c4cbc5a3dde259d2a1f15d5f9785290397267", "tree": "a2ceee88780cbce27433b9a4434b3e9251efd81a", "parents": [ "07feaebfcc10cd35e745c7073667935246494bee" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Sep 12 12:01:34 2007 +0200" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:49:06 2007 -0700" }, "message": "[NET]: Make /proc/net per network namespace\n\nThis patch makes /proc/net per network namespace. It modifies the global\nvariables proc_net and proc_net_stat to be per network namespace.\nThe proc_net file helpers are modified to take a network namespace argument,\nand all of their callers are fixed to pass \u0026init_net for that argument.\nThis ensures that all of the /proc/net files are only visible and\nusable in the initial network namespace until the code behind them\nhas been updated to be handle multiple network namespaces.\n\nMaking /proc/net per namespace is necessary as at least some files\nin /proc/net depend upon the set of network devices which is per\nnetwork namespace, and even more files in /proc/net have contents\nthat are relevant to a single network namespace.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ab5f5e8b144e4c804ef3aa1ce08a9ca9f01187ce", "tree": "bf3915a618b29f507d882e9c665ed9d07e7c0765", "parents": [ "d2e9117c7aa9544d910634e17e3519fd67155229" ], "author": { "name": "Joy Latten", "email": "latten@austin.ibm.com", "time": "Mon Sep 17 11:51:22 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:49:02 2007 -0700" }, "message": "[XFRM]: xfrm audit calls\n\nThis patch modifies the current ipsec audit layer\nby breaking it up into purpose driven audit calls.\n\nSo far, the only audit calls made are when add/delete\nan SA/policy. It had been discussed to give each\nkey manager it\u0027s own calls to do this, but I found\nthere to be much redundnacy since they did the exact\nsame things, except for how they got auid and sid, so I\ncombined them. The below audit calls can be made by any\nkey manager. Hopefully, this is ok.\n\nSigned-off-by: Joy Latten \u003clatten@austin.ibm.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "356f89e12e301376f26795643f3b5931c81c9cd5", "tree": "e9e180c3d39ea97e28e5b81e1ca26b32b1ff6e66", "parents": [ "18f02545a9a16c9a89778b91a162ad16d510bb32" ], "author": { "name": "Ilpo Järvinen", "email": "ilpo.jarvinen@helsinki.fi", "time": "Fri Aug 24 23:00:31 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:48:30 2007 -0700" }, "message": "[NET] Cleanup: DIV_ROUND_UP\n\nSigned-off-by: Ilpo Järvinen \u003cilpo.jarvinen@helsinki.fi\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4a4b6271a8df417e328aed4c8a7e04e0b282207e", "tree": "a1080744f58a4aa0864453f989966b2df64df41c", "parents": [ "3516ffb0fef710749daf288c0fe146503e0cf9d4" ], "author": { "name": "Joy Latten", "email": "latten@austin.ibm.com", "time": "Thu Aug 02 19:25:43 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Aug 02 19:42:29 2007 -0700" }, "message": "[PF_KEY]: Fix ipsec not working in 2.6.23-rc1-git10\n\nAlthough an ipsec SA was established, kernel couldn\u0027t seem to find it.\n\nI think since we are now using \"x-\u003esel.family\" instead of \"family\" in\nthe xfrm_selector_match() called in xfrm_state_find(), af_key needs to\nset this field too, just as xfrm_user.\n\nIn af_key.c, x-\u003esel.family only gets set when there\u0027s an\next_hdrs[SADB_EXT_ADDRESS_PROXY-1] which I think is for tunnel.\n\nI think pfkey needs to also set the x-\u003esel.family field when it is 0.\n\nTested with below patch, and ipsec worked when using pfkey.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "582ee43dad8e411513a74f2d801255dcffc6d29e", "tree": "bf822fd3dd9b889531134c7004e9f42b134485f1", "parents": [ "704eae1f32274c0435f7f3924077afdb811edd1d" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Thu Jul 26 17:33:39 2007 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Jul 26 11:11:56 2007 -0700" }, "message": "net/* misc endianness annotations\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4aa2e62c45b5ca08be2d0d3c0744d7585b56e860", "tree": "16649593d55f3df4dac54227fcda28bb4fb49f17", "parents": [ "b00b4bf94edb42852d55619af453588b2de2dc5e" ], "author": { "name": "Joy Latten", "email": "latten@austin.ibm.com", "time": "Mon Jun 04 19:05:57 2007 -0400" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Jun 07 13:42:46 2007 -0700" }, "message": "xfrm: Add security check before flushing SAD/SPD\n\nCurrently we check for permission before deleting entries from SAD and\nSPD, (see security_xfrm_policy_delete() security_xfrm_state_delete())\nHowever we are not checking for authorization when flushing the SPD and\nthe SAD completely. It was perhaps missed in the original security hooks\npatch.\n\nThis patch adds a security check when flushing entries from the SAD and\nSPD. It runs the entire database and checks each entry for a denial.\nIf the process attempting the flush is unable to remove all of the\nentries a denial is logged the the flush function returns an error\nwithout removing anything.\n\nThis is particularly useful when a process may need to create or delete\nits own xfrm entries used for things like labeled networking but that\nsame process should not be able to delete other entries or flush the\nentire database.\n\nSigned-off-by: Joy Latten\u003clatten@austin.ibm.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c92b3a2f1f11655ecf6774b745017a414241d07c", "tree": "822a53d289b6848992b9476eb6e451f32b8daa5e", "parents": [ "580e572a4a1bfea2f42af63ba4785ac7dfbcb45d" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Sat May 19 14:21:18 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat May 19 14:21:18 2007 -0700" }, "message": "[IPSEC] pfkey: Load specific algorithm in pfkey_add rather than all\n\nThis is a natural extension of the changeset\n\n [XFRM]: Probe selected algorithm only.\n\nwhich only removed the probe call for xfrm_user. This patch does exactly\nthe same thing for af_key. In other words, we load the algorithm requested\nby the user rather than everything when adding xfrm states in af_key.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3ff50b7997fe06cd5d276b229967bb52d6b3b6c1", "tree": "4f0f57123a945c3e6c39759456b6187bb78c4b1f", "parents": [ "c462238d6a6d8ee855bda10f9fff442971540ed2" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@linux-foundation.org", "time": "Fri Apr 20 17:09:22 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:29:24 2007 -0700" }, "message": "[NET]: cleanup extra semicolons\n\nSpring cleaning time...\n\nThere seems to be a lot of places in the network code that have\nextra bogus semicolons after conditionals. Most commonly is a\nbogus semicolon after: switch() { }\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "badff6d01a8589a1c828b0bf118903ca38627f4e", "tree": "89611d7058c612085c58dfb9913ee30ddf04b604", "parents": [ "0660e03f6b18f19b6bbafe7583265a51b90daf36" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@redhat.com", "time": "Tue Mar 13 13:06:52 2007 -0300" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 25 22:25:15 2007 -0700" }, "message": "[SK_BUFF]: Introduce skb_reset_transport_header(skb)\n\nFor the common, open coded \u0027skb-\u003eh.raw \u003d skb-\u003edata\u0027 operation, so that we can\nlater turn skb-\u003eh.raw into a offset, reducing the size of struct sk_buff in\n64bit land while possibly keeping it as a pointer on 32bit.\n\nThis one touches just the most simple cases:\n\nskb-\u003eh.raw \u003d skb-\u003edata;\nskb-\u003eh.raw \u003d {skb_push|[__]skb_pull}()\n\nThe next ones will handle the slightly more \"complex\" cases.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "fefaa75e0451c76225863644be01e4fd70884153", "tree": "685d90c0d228505ba7a9188eb82c6ed6949b3b86", "parents": [ "80d74d5123bf3aecd32302809c4e61bb8a16786b" ], "author": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Apr 17 21:48:10 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Apr 18 14:16:07 2007 -0700" }, "message": "[IPSEC] af_key: Fix thinko in pfkey_xfrm_policy2msg()\n\nMake sure to actually assign the determined mode to\nrq-\u003esadb_x_ipsecrequest_mode.\n\nNoticed by Joe Perches.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "55569ce256ce29f4624f0007213432c1ed646584", "tree": "e8c29263844ed733d6d40bbeb871588eaa1a9bd1", "parents": [ "b4dfa0b1fb39c7ffe74741d60668825de6a47b69" ], "author": { "name": "Kazunori MIYAZAWA", "email": "miyazawa@linux-ipv6.org", "time": "Tue Apr 17 12:32:20 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Apr 17 13:13:21 2007 -0700" }, "message": "[KEY]: Fix conversion between IPSEC_MODE_xxx and XFRM_MODE_xxx.\n\nWe should not blindly convert between IPSEC_MODE_xxx and XFRM_MODE_xxx just\nby incrementing / decrementing because the assumption is not true any longer.\n\nSigned-off-by: Kazunori MIYAZAWA \u003cmiyazawa@linux-ipv6.org\u003e\nSinged-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\n" }, { "commit": "16bec31db751030171b31d7767fa3a5bdbe980ea", "tree": "60b69d571ba42ef0bf9f54833bd10228220c87bd", "parents": [ "215a2dd3b43e0dc425e81d21de9d961416b1dad4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Mar 07 16:02:16 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Mar 07 16:08:11 2007 -0800" }, "message": "[IPSEC]: xfrm audit hook misplaced in pfkey_delete and xfrm_del_sa\n\nInside pfkey_delete and xfrm_del_sa the audit hooks were not called if\nthere was any permission/security failures in attempting to do the del\noperation (such as permission denied from security_xfrm_state_delete).\nThis patch moves the audit hook to the exit path such that all failures\n(and successes) will actually get audited.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Venkat Yekkirala \u003cvyekkirala@trustedcs.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "215a2dd3b43e0dc425e81d21de9d961416b1dad4", "tree": "1b59b4ae1b4682d5da10a684a262e67b22a19246", "parents": [ "ef41aaa0b755f479012341ac11db9ca5b8928d98" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Mar 07 16:01:45 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Mar 07 16:08:10 2007 -0800" }, "message": "[IPSEC]: Add xfrm policy change auditing to pfkey_spdget\n\npfkey_spdget neither had an LSM security hook nor auditing for the\nremoval of xfrm_policy structs. The security hook was added when it was\nmoved into xfrm_policy_byid instead of the callers to that function by\nmy earlier patch and this patch adds the auditing hooks as well.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Venkat Yekkirala \u003cvyekkirala@trustedcs.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ef41aaa0b755f479012341ac11db9ca5b8928d98", "tree": "f5cd83b9117d0092f40006fbf4fd1f39652ad925", "parents": [ "05e52dd7396514648fba6c275eb7b49eca333c6d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Mar 07 15:37:58 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Mar 07 16:08:09 2007 -0800" }, "message": "[IPSEC]: xfrm_policy delete security check misplaced\n\nThe security hooks to check permissions to remove an xfrm_policy were\nactually done after the policy was removed. Since the unlinking and\ndeletion are done in xfrm_policy_by* functions this moves the hooks\ninside those 2 functions. There we have all the information needed to\ndo the security check and it can be done before the deletion. Since\nauditing requires the result of that security check err has to be passed\nback and forth from the xfrm_policy_by* functions.\n\nThis patch also fixes a bug where a deletion that failed the security\ncheck could cause improper accounting on the xfrm_policy\n(xfrm_get_policy didn\u0027t have a put on the exit path for the hold taken\nby xfrm_policy_by*)\n\nIt also fixes the return code when no policy is found in\nxfrm_add_pol_expire. In old code (at least back in the 2.6.18 days) err\nwasn\u0027t used before the return when no policy is found and so the\ninitialization would cause err to be ENOENT. But since err has since\nbeen used above when we don\u0027t get a policy back from the xfrm_policy_by*\nfunction we would always return 0 instead of the intended ENOENT. Also\nfixed some white space damage in the same area.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Venkat Yekkirala \u003cvyekkirala@trustedcs.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "13fcfbb0675bf87da694f55dec11cada489a205c", "tree": "2a1b81c5f7e69781f3e6ee523fd67c2b923531ca", "parents": [ "9121c77706a4bd75a878573c913553ade120e9ce" ], "author": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Feb 12 13:53:54 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Feb 12 13:53:54 2007 -0800" }, "message": "[XFRM]: Fix OOPSes in xfrm_audit_log().\n\nMake sure that this function is called correctly, and\nadd BUG() checking to ensure the arguments are sane.\n\nBased upon a patch by Joy Latten.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8ff24541d9f80b9161022588b4435a9b54aec2e6", "tree": "48014e136da737e0eaabbb0480ff3fa3e07c6bb6", "parents": [ "6819bc2e1e46c71711a8dddf4040e706b02973c0" ], "author": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Fri Feb 09 23:24:58 2007 +0900" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Feb 10 23:19:49 2007 -0800" }, "message": "[NET] KEY: Fix whitespace errors.\n\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "08de61beab8a21c8e0b3906a97defda5f1f66ece", "tree": "f9b49420d9a9a7c13d8b6f0d9488a152d8af3550", "parents": [ "d0473655c8293b49808c9488152573beab4458cf" ], "author": { "name": "Shinta Sugimoto", "email": "shinta.sugimoto@ericsson.com", "time": "Thu Feb 08 13:14:33 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Feb 08 13:14:33 2007 -0800" }, "message": "[PFKEYV2]: Extension for dynamic update of endpoint address(es)\n\nExtend PF_KEYv2 framework so that user application can take advantage\nof MIGRATE feature via PF_KEYv2 interface. User application can either\nsend or receive an MIGRATE message to/from PF_KEY socket.\n\nDetail information can be found in the internet-draft\n\u003cdraft-sugimoto-mip6-pfkey-migrate\u003e.\n\nSigned-off-by: Shinta Sugimoto \u003cshinta.sugimoto@ericsson.com\u003e\nSigned-off-by: Masahide NAKAMURA \u003cnakam@linux-ipv6.org\u003e\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "161a09e737f0761ca064ee6a907313402f7a54b6", "tree": "80fdf6dc5de73d810ef0ec811299a5ec3c5ce23e", "parents": [ "95b99a670df31ca5271f503f378e5cac3aee8f5e" ], "author": { "name": "Joy Latten", "email": "latten@austin.ibm.com", "time": "Mon Nov 27 13:11:54 2006 -0600" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Dec 06 20:14:22 2006 -0800" }, "message": "audit: Add auditing to ipsec\n\nAn audit message occurs when an ipsec SA\nor ipsec policy is created/deleted.\n\nSigned-off-by: Joy Latten \u003clatten@austin.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2718aa7c55ba7264dd463b8f7006f0975366fa7b", "tree": "e952581dde8c7c70a0ce39e1c713a2c5e1ab2cc9", "parents": [ "8511d01d7c70200ffd42debba9d7ac5c4f7f1031" ], "author": { "name": "Miika Komu", "email": "miika@iki.fi", "time": "Thu Nov 30 16:41:50 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:31:50 2006 -0800" }, "message": "[IPSEC]: Add AF_KEY interface for encapsulation family.\n\nSigned-off-by: Miika Komu \u003cmiika@iki.fi\u003e\nSigned-off-by: Diego Beltrami \u003cDiego.Beltrami@hiit.fi\u003e\nSigned-off-by: Kazunori Miyazawa \u003cmiyazawa@linux-ipv6.org\u003e\n" }, { "commit": "5d36b1803d875cf101fdb972ff9c56663e508e39", "tree": "36478dec86293ab8f3381a83ee3979f794958783", "parents": [ "d29ef86b0a497dd2c4f9601644a15392f7e21f73" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Nov 08 00:24:06 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:21:18 2006 -0800" }, "message": "[XFRM]: annotate -\u003enew_mapping()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5b368e61c2bcb2666bb66e2acf1d6d85ba6f474d", "tree": "293f595f737540a546ba186ba1f054389aa95f6f", "parents": [ "134b0fc544ba062498451611cb6f3e4454221b3d" ], "author": { "name": "Venkat Yekkirala", "email": "vyekkirala@trustedcs.com", "time": "Thu Oct 05 15:42:18 2006 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 11 23:59:37 2006 -0700" }, "message": "IPsec: correct semantics for SELinux policy matching\n\nCurrently when an IPSec policy rule doesn\u0027t specify a security\ncontext, it is assumed to be \"unlabeled\" by SELinux, and so\nthe IPSec policy rule fails to match to a flow that it would\notherwise match to, unless one has explicitly added an SELinux\npolicy rule allowing the flow to \"polmatch\" to the \"unlabeled\"\nIPSec policy rules. In the absence of such an explicitly added\nSELinux policy rule, the IPSec policy rule fails to match and\nso the packet(s) flow in clear text without the otherwise applicable\nxfrm(s) applied.\n\nThe above SELinux behavior violates the SELinux security notion of\n\"deny by default\" which should actually translate to \"encrypt by\ndefault\" in the above case.\n\nThis was first reported by Evgeniy Polyakov and the way James Morris\nwas seeing the problem was when connecting via IPsec to a\nconfined service on an SELinux box (vsftpd), which did not have the\nappropriate SELinux policy permissions to send packets via IPsec.\n\nWith this patch applied, SELinux \"polmatching\" of flows Vs. IPSec\npolicy rules will only come into play when there\u0027s a explicit context\nspecified for the IPSec policy rule (which also means there\u0027s corresponding\nSELinux policy allowing appropriate domains/flows to polmatch to this context).\n\nSecondly, when a security module is loaded (in this case, SELinux), the\nsecurity_xfrm_policy_lookup() hook can return errors other than access denied,\nsuch as -EINVAL. We were not handling that correctly, and in fact\ninverting the return logic and propagating a false \"ok\" back up to\nxfrm_lookup(), which then allowed packets to pass as if they were not\nassociated with an xfrm policy.\n\nThe solution for this is to first ensure that errno values are\ncorrectly propagated all the way back up through the various call chains\nfrom security_xfrm_policy_lookup(), and handled correctly.\n\nThen, flow_cache_lookup() is modified, so that if the policy resolver\nfails (typically a permission denied via the security module), the flow\ncache entry is killed rather than having a null policy assigned (which\nindicates that the packet can pass freely). This also forces any future\nlookups for the same flow to consult the security module (e.g. SELinux)\nfor current security policy (rather than, say, caching the error on the\nflow cache entry).\n\nThis patch: Fix the selinux side of things.\n\nThis makes sure SELinux polmatching of flow contexts to IPSec policy\nrules comes into play only when an explicit context is associated\nwith the IPSec policy rule.\n\nAlso, this no longer defaults the context of a socket policy to\nthe context of the socket since the \"no explicit context\" case\nis now handled properly.\n\nSigned-off-by: Venkat Yekkirala \u003cvyekkirala@TrustedCS.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ], "next": "8f83f23e6db8b9a9fe787d02f73489224668c4e2" }