1. 12 Apr, 2011 16 commits
  2. 17 Mar, 2011 10 commits
    • Stephen Hemminger's avatar
      v2.6.38.1 · 77d1e6ab
      Stephen Hemminger authored
      77d1e6ab
    • Nicolas Dichtel's avatar
      iproute2: allow to specify truncation bits on auth algo · aba38344
      Nicolas Dichtel authored
      Hi,
      
      here is a patch against iproute2 to allow user to set a state with a specific
      auth length.
      
      Example:
      $ ip xfrm state add src 10.16.0.72 dst 10.16.0.121 proto ah spi 0x10000000
      auth-trunc "sha256" "azertyuiopqsdfghjklmwxcvbn123456" 96 mode tunnel
      $ ip xfrm state
      src 10.16.0.72 dst 10.16.0.121
               proto ah spi 0x10000000 reqid 0 mode tunnel
               replay-window 0
               auth-trunc hmac(sha256)
      0x617a6572747975696f707173646667686a6b6c6d77786376626e313233343536 96
               sel src 0.0.0.0/0 dst 0.0.0.0/0
      
      Regards,
      Nicolas
      
      >From 522ed7348cdf3b6f501af2a5a5d989de1696565a Mon Sep 17 00:00:00 2001
      From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
      Date: Thu, 23 Dec 2010 06:48:12 -0500
      Subject: [PATCH] iproute2: allow to specify truncation bits on auth algo
      
      Attribute XFRMA_ALG_AUTH_TRUNC can be used to specify
      truncation bits, so we add a new algo type: auth-trunc.
      Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      aba38344
    • Vlad Dogaru's avatar
      iproute2: fix man page whitespace · 2c19bf6a
      Vlad Dogaru authored
      Signed-off-by: default avatarVlad Dogaru <ddvlad@rosedu.org>
      2c19bf6a
    • Gerrit Renker's avatar
      iproute: rename 'get_jiffies' since it uses msecs · db6b0cfa
      Gerrit Renker authored
      The get_jiffies() function retrieves rtt-type values in units of
      milliseconds. This patch updates the function name accordingly,
      following the pattern given by dst_metric() <=> dst_metric_rtt().
      db6b0cfa
    • Gerrit Renker's avatar
      iproute: fix unit conversion of rtt/rttvar/rto_min · fca1dae8
      Gerrit Renker authored
      Since July 2008 (2.6.27, c1e20f7c8b9), the kernel stores the values for
      RTAX_{RTT{,VAR},RTO_MIN} in milliseconds. When using a kernel > 2.6.27 with
      the current iproute2, conversion of these values is broken in either way.
      
      This patch
       * updates the code to pass and retrieve milliseconds;
       * since values < 1msec would be rounded up, also drops the usec/nsec variants;
       * since there is no way to query kernel HZ, also drops the jiffies variant.
      
      Arguments such as
      	rtt		3.23sec
      	rto_min		0xff
      	rto_min		0.200s
      	rttvar		25ms
      now all work as expected when reading back previously set values.
      fca1dae8
    • Gerrit Renker's avatar
      utils: get_jiffies always uses base=0 · 897fb84f
      Gerrit Renker authored
      get_jiffies() is in all places called in the same manner, with base=0;
      simplify argument list by putting the constant value into the function.
      897fb84f
    • Joy Latten's avatar
      xfrm security context support · 4bb75da2
      Joy Latten authored
      Adds security context support to ip xfrm state.
      Signed-off-by: default avatarJoy Latten <latten@austin.ibm.com>
      4bb75da2
    • Joy Latten's avatar
      xfrm security context support · e5055b59
      Joy Latten authored
      Adds security context support to ip xfrm policy.
      Signed-off-by: default avatarJoy Latten <latten@austin.ibm.com>
      e5055b59
    • Joy Latten's avatar
      xfrm security context support · 2c319e1a
      Joy Latten authored
      In the Linux kernel, ipsec policy and SAs can include a
      security context to support MAC networking. This feature
      is often referred to as "labeled ipsec".
      
      This patchset adds security context support into ip xfrm
      such that a security context can be included when
      add/delete/display SAs and policies with the ip command.
      The user provides the security context when adding
      SAs and policies. If a policy or SA contains a security
      context, the changes allow the security context to be displayed.
      
      For example,
      ip xfrm state
      src 10.1.1.6 dst 10.1.1.2
      	proto esp spi 0x00000301 reqid 0 mode transport
      	replay-window 0
      	auth hmac(digest_null) 0x3078
      	enc cbc(des3_ede) 0x6970763672656164796c6f676f33646573636263696e3031
      	security context root:system_r:unconfined_t:s0
      
      Please  let me know if all is ok with the patchset.
      Thanks!!
      
      regards,
      Joy
      Signed-off-by: default avatarJoy Latten <latten@austin.ibm.com>
      2c319e1a
    • Sridhar Samudrala's avatar
      macvlan/macvtap: support 'passthru' mode · f0612d56
      Sridhar Samudrala authored
      Add support for 'passthru' mode when creating a macvlan/macvtap device
      which allows takeover of the underlying device and passing it to a KVM
      guest using virtio with macvtap backend.
      
      Only one macvlan device is allowed in passthru mode and it inherits
      the mac address from the underlying device and sets it in promiscuous
      mode to receive and forward all the packets.
      Signed-off-by: default avatarSridhar Samudrala <sri@us.ibm.com>
      f0612d56
  3. 16 Mar, 2011 1 commit
  4. 09 Mar, 2011 1 commit
  5. 02 Mar, 2011 1 commit
  6. 26 Feb, 2011 3 commits
    • Stephen Hemminger's avatar
      Remove #ifdef's · d5b7420a
      Stephen Hemminger authored
      The iproute package keeps its own headers so there is no need
      of polluting code with #ifdef's
      d5b7420a
    • Jiri Pirko's avatar
      iplink: implement setting of master devic · a1e191b9
      Jiri Pirko authored
      a1e191b9
    • Nicolas Dichtel's avatar
      iproute2: allow to specify truncation bits on auth algo · f323f2a3
      Nicolas Dichtel authored
      Hi,
      
      here is a patch against iproute2 to allow user to set a state with a specific
      auth length.
      
      Example:
      $ ip xfrm state add src 10.16.0.72 dst 10.16.0.121 proto ah spi 0x10000000
      auth-trunc "sha256" "azertyuiopqsdfghjklmwxcvbn123456" 96 mode tunnel
      $ ip xfrm state
      src 10.16.0.72 dst 10.16.0.121
               proto ah spi 0x10000000 reqid 0 mode tunnel
               replay-window 0
               auth-trunc hmac(sha256)
      0x617a6572747975696f707173646667686a6b6c6d77786376626e313233343536 96
               sel src 0.0.0.0/0 dst 0.0.0.0/0
      
      Regards,
      Nicolas
      
      >From 522ed7348cdf3b6f501af2a5a5d989de1696565a Mon Sep 17 00:00:00 2001
      From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
      Date: Thu, 23 Dec 2010 06:48:12 -0500
      Subject: [PATCH] iproute2: allow to specify truncation bits on auth algo
      
      Attribute XFRMA_ALG_AUTH_TRUNC can be used to specify
      truncation bits, so we add a new algo type: auth-trunc.
      Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      f323f2a3
  7. 25 Feb, 2011 8 commits
    • Vlad Dogaru's avatar
      iproute2: fix man page whitespace · 678b99ee
      Vlad Dogaru authored
      Signed-off-by: default avatarVlad Dogaru <ddvlad@rosedu.org>
      678b99ee
    • Eric Dumazet's avatar
      sfq: add divisor support · f3f28c21
      Eric Dumazet authored
      In 2.6.39, we can build SFQ queues with a given hash table size,
      f3f28c21
    • Gerrit Renker's avatar
      iproute: rename 'get_jiffies' since it uses msecs · 81d03dc3
      Gerrit Renker authored
      The get_jiffies() function retrieves rtt-type values in units of
      milliseconds. This patch updates the function name accordingly,
      following the pattern given by dst_metric() <=> dst_metric_rtt().
      81d03dc3
    • Gerrit Renker's avatar
      iproute: fix unit conversion of rtt/rttvar/rto_min · 9b2cdc00
      Gerrit Renker authored
      Since July 2008 (2.6.27, c1e20f7c8b9), the kernel stores the values for
      RTAX_{RTT{,VAR},RTO_MIN} in milliseconds. When using a kernel > 2.6.27 with
      the current iproute2, conversion of these values is broken in either way.
      
      This patch
       * updates the code to pass and retrieve milliseconds;
       * since values < 1msec would be rounded up, also drops the usec/nsec variants;
       * since there is no way to query kernel HZ, also drops the jiffies variant.
      
      Arguments such as
      	rtt		3.23sec
      	rto_min		0xff
      	rto_min		0.200s
      	rttvar		25ms
      now all work as expected when reading back previously set values.
      9b2cdc00
    • Gerrit Renker's avatar
      utils: get_jiffies always uses base=0 · 94089ef7
      Gerrit Renker authored
      get_jiffies() is in all places called in the same manner, with base=0;
      simplify argument list by putting the constant value into the function.
      94089ef7
    • Joy Latten's avatar
      xfrm security context support · 0c7a5945
      Joy Latten authored
      Adds security context support to ip xfrm state.
      Signed-off-by: default avatarJoy Latten <latten@austin.ibm.com>
      0c7a5945
    • Joy Latten's avatar
      xfrm security context support · e4f054f0
      Joy Latten authored
      Adds security context support to ip xfrm policy.
      Signed-off-by: default avatarJoy Latten <latten@austin.ibm.com>
      e4f054f0
    • Joy Latten's avatar
      xfrm security context support · b2bb289a
      Joy Latten authored
      In the Linux kernel, ipsec policy and SAs can include a
      security context to support MAC networking. This feature
      is often referred to as "labeled ipsec".
      
      This patchset adds security context support into ip xfrm
      such that a security context can be included when
      add/delete/display SAs and policies with the ip command.
      The user provides the security context when adding
      SAs and policies. If a policy or SA contains a security
      context, the changes allow the security context to be displayed.
      
      For example,
      ip xfrm state
      src 10.1.1.6 dst 10.1.1.2
      	proto esp spi 0x00000301 reqid 0 mode transport
      	replay-window 0
      	auth hmac(digest_null) 0x3078
      	enc cbc(des3_ede) 0x6970763672656164796c6f676f33646573636263696e3031
      	security context root:system_r:unconfined_t:s0
      
      Please  let me know if all is ok with the patchset.
      Thanks!!
      
      regards,
      Joy
      Signed-off-by: default avatarJoy Latten <latten@austin.ibm.com>
      b2bb289a