Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1f5a7407 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 



Steffen Klassert says:

====================
1) Introduce skb_to_sgvec_nomark function to add further data to the sg list
   without calling sg_unmark_end first. Needed to add extended sequence
   number informations. From Fan Du.

2) Add IPsec extended sequence numbers support to the Authentication Header
   protocol for ipv4 and ipv6. From Fan Du.

3) Make the IPsec flowcache namespace aware, from Fan Du.

4) Avoid creating temporary SA for every packet when no key manager is
   registered. From Horia Geanta.

5) Support filtering of SA dumps to show only the SAs that match a
   given filter. From Nicolas Dichtel.

6) Remove caching of xfrm_policy_sk_bundles. The cached socket policy bundles
   are never used, instead we create a new cache entry whenever xfrm_lookup()
   is called on a socket policy. Most protocols cache the used routes to the
   socket, so this caching is not needed.

7)  Fix a forgotten SADB_X_EXT_FILTER length check in pfkey, from Nicolas
    Dichtel.

8) Cleanup error handling of xfrm_state_clone.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 3b5c8ab1 cc9ab60e

MAINTAINERS

+1 −0
Original line number Diff line number Diff line
@@ -6009,6 +6009,7 @@ L: netdev@vger.kernel.org 
T:	git git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git

S:	Maintained

F:	net/core/flow.c

F:	net/xfrm/

F:	net/key/

F:	net/ipv4/xfrm*

include/linux/skbuff.h

+2 −0
Original line number Diff line number Diff line
@@ -691,6 +691,8 @@ struct sk_buff *skb_realloc_headroom(struct sk_buff *skb, 
				     unsigned int headroom);

struct sk_buff *skb_copy_expand(const struct sk_buff *skb, int newheadroom,

				int newtailroom, gfp_t priority);

int skb_to_sgvec_nomark(struct sk_buff *skb, struct scatterlist *sg,

			int offset, int len);

int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset,

		 int len);

int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer);

include/net/flow.h

+3 −2
Original line number Diff line number Diff line
@@ -218,9 +218,10 @@ struct flow_cache_object *flow_cache_lookup(struct net *net, 
					    const struct flowi *key, u16 family,

					    u8 dir, flow_resolve_t resolver,

					    void *ctx);

int flow_cache_init(struct net *net);



void flow_cache_flush(void);

void flow_cache_flush_deferred(void);

void flow_cache_flush(struct net *net);

void flow_cache_flush_deferred(struct net *net);

extern atomic_t flow_cache_genid;



#endif

include/net/flowcache.h

0 → 100644
+25 −0
Original line number Diff line number Diff line 
#ifndef _NET_FLOWCACHE_H

#define _NET_FLOWCACHE_H



#include <linux/interrupt.h>

#include <linux/types.h>

#include <linux/timer.h>

#include <linux/notifier.h>



struct flow_cache_percpu {

	struct hlist_head		*hash_table;

	int				hash_count;

	u32				hash_rnd;

	int				hash_rnd_recalc;

	struct tasklet_struct		flush_tasklet;

};



struct flow_cache {

	u32				hash_shift;

	struct flow_cache_percpu __percpu *percpu;

	struct notifier_block		hotcpu_notifier;

	int				low_watermark;

	int				high_watermark;

	struct timer_list		rnd_timer;

};

#endif	/* _NET_FLOWCACHE_H */

include/net/netns/xfrm.h

+11 −1
Original line number Diff line number Diff line
@@ -6,6 +6,7 @@ 
#include <linux/workqueue.h>

#include <linux/xfrm.h>

#include <net/dst_ops.h>

#include <net/flowcache.h>



struct ctl_table_header;
@@ -58,9 +59,18 @@ struct netns_xfrm { 
	struct dst_ops		xfrm6_dst_ops;

#endif

	spinlock_t xfrm_state_lock;

	spinlock_t xfrm_policy_sk_bundle_lock;

	rwlock_t xfrm_policy_lock;

	struct mutex xfrm_cfg_mutex;



	/* flow cache part */

	struct flow_cache	flow_cache_global;

	struct kmem_cache	*flow_cachep;

	atomic_t		flow_cache_genid;

	struct list_head	flow_cache_gc_list;

	spinlock_t		flow_cache_gc_lock;

	struct work_struct	flow_cache_gc_work;

	struct work_struct	flow_cache_flush_work;

	struct mutex		flow_flush_sem;

};



#endif