Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f5c7e1a4 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 



Steffen Klassert says:

====================
pull request (net-next): ipsec-next 2014-09-25

1) Remove useless hash_resize_mutex in xfrm_hash_resize().
   This mutex is used only there, but xfrm_hash_resize()
   can't be called concurrently at all. From Ying Xue.

2) Extend policy hashing to prefixed policies based on
   prefix lenght thresholds. From Christophe Gouault.

3) Make the policy hash table thresholds configurable
   via netlink. From Christophe Gouault.

4) Remove the maximum authentication length for AH.
   This was needed to limit stack usage. We switched
   already to allocate space, so no need to keep the
   limit. From Herbert Xu.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents fe2c5fb1 689f1c9d

include/net/ah.h

+0 −3
Original line number Diff line number Diff line
@@ -3,9 +3,6 @@ 


#include <linux/skbuff.h>



/* This is the maximum truncated ICV length that we know of. */

#define MAX_AH_AUTH_LEN	64



struct crypto_ahash;



struct ah_data {

include/net/netns/xfrm.h

+14 −0
Original line number Diff line number Diff line
@@ -13,6 +13,19 @@ struct ctl_table_header; 
struct xfrm_policy_hash {

	struct hlist_head	*table;

	unsigned int		hmask;

	u8			dbits4;

	u8			sbits4;

	u8			dbits6;

	u8			sbits6;

};



struct xfrm_policy_hthresh {

	struct work_struct	work;

	seqlock_t		lock;

	u8			lbits4;

	u8			rbits4;

	u8			lbits6;

	u8			rbits6;

};



struct netns_xfrm {
@@ -41,6 +54,7 @@ struct netns_xfrm { 
	struct xfrm_policy_hash	policy_bydst[XFRM_POLICY_MAX * 2];

	unsigned int		policy_count[XFRM_POLICY_MAX * 2];

	struct work_struct	policy_hash_work;

	struct xfrm_policy_hthresh policy_hthresh;





	struct sock		*nlsk;

include/net/xfrm.h

+1 −0
Original line number Diff line number Diff line
@@ -1591,6 +1591,7 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, 
struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir,

				     u32 id, int delete, int *err);

int xfrm_policy_flush(struct net *net, u8 type, bool task_valid);

void xfrm_policy_hash_rebuild(struct net *net);

u32 xfrm_get_acqseq(void);

int verify_spi_info(u8 proto, u32 min, u32 max);

int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);

include/uapi/linux/xfrm.h

+7 −0
Original line number Diff line number Diff line
@@ -328,6 +328,8 @@ enum xfrm_spdattr_type_t { 
	XFRMA_SPD_UNSPEC,

	XFRMA_SPD_INFO,

	XFRMA_SPD_HINFO,

	XFRMA_SPD_IPV4_HTHRESH,

	XFRMA_SPD_IPV6_HTHRESH,

	__XFRMA_SPD_MAX



#define XFRMA_SPD_MAX (__XFRMA_SPD_MAX - 1)
@@ -347,6 +349,11 @@ struct xfrmu_spdhinfo { 
	__u32 spdhmcnt;

};



struct xfrmu_spdhthresh {

	__u8 lbits;

	__u8 rbits;

};



struct xfrm_usersa_info {

	struct xfrm_selector		sel;

	struct xfrm_id			id;

net/ipv4/ah4.c

+0 −2
Original line number Diff line number Diff line
@@ -505,8 +505,6 @@ static int ah_init_state(struct xfrm_state *x) 
	ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;

	ahp->icv_trunc_len = x->aalg->alg_trunc_len/8;



	BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);



	if (x->props.flags & XFRM_STATE_ALIGN4)

		x->props.header_len = XFRM_ALIGN4(sizeof(struct ip_auth_hdr) +

						  ahp->icv_trunc_len);