1. 19 Jun, 2005 10 commits
    • Arnaldo Carvalho de Melo's avatar
      [NET] Generalise TCP's struct open_request minisock infrastructure · 2e6599cb
      Arnaldo Carvalho de Melo authored
      Kept this first changeset minimal, without changing existing names to
      ease peer review.
      
      Basicaly tcp_openreq_alloc now receives the or_calltable, that in turn
      has two new members:
      
      ->slab, that replaces tcp_openreq_cachep
      ->obj_size, to inform the size of the openreq descendant for
        a specific protocol
      
      The protocol specific fields in struct open_request were moved to a
      class hierarchy, with the things that are common to all connection
      oriented PF_INET protocols in struct inet_request_sock, the TCP ones
      in tcp_request_sock, that is an inet_request_sock, that is an
      open_request.
      
      I.e. this uses the same approach used for the struct sock class
      hierarchy, with sk_prot indicating if the protocol wants to use the
      open_request infrastructure by filling in sk_prot->rsk_prot with an
      or_calltable.
      
      Results? Performance is improved and TCP v4 now uses only 64 bytes per
      open request minisock, down from 96 without this patch :-)
      
      Next changeset will rename some of the structs, fields and functions
      mentioned above, struct or_calltable is way unclear, better name it
      struct request_sock_ops, s/struct open_request/struct request_sock/g,
      etc.
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@ghostprotocols.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2e6599cb
    • Arnaldo Carvalho de Melo's avatar
      [SLAB] Introduce kmem_cache_name · 1944972d
      Arnaldo Carvalho de Melo authored
      This is for use with slab users that pass a dynamically allocated slab name in
      kmem_cache_create, so that before destroying the slab one can retrieve the name
      and free its memory.
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@ghostprotocols.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1944972d
    • Jamal Hadi Salim's avatar
      [IPSEC] Use NLMSG_LENGTH in xfrm_exp_state_notify · ee57eef9
      Jamal Hadi Salim authored
      Small fixup to use netlink macros instead of hardcoding.
      Signed-off-by: default avatarJamal Hadi Salim <hadi@cyberus.ca>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ee57eef9
    • Patrick McHardy's avatar
      [IPSEC] Fix xfrm_state leaks in error path · 7d6dfe1f
      Patrick McHardy authored
      Herbert Xu wrote:
      > @@ -1254,6 +1326,7 @@ static int pfkey_add(struct sock *sk, st
      >       if (IS_ERR(x))
      >               return PTR_ERR(x);
      >
      > +     xfrm_state_hold(x);
      
      This introduces a leak when xfrm_state_add()/xfrm_state_update()
      fail. We hold two references (one from xfrm_state_alloc(), one
      from xfrm_state_hold()), but only drop one. We need to take the
      reference because the reference from xfrm_state_alloc() can
      be dropped by __xfrm_state_delete(), so the fix is to drop both
      references on error. Same problem in xfrm_user.c.
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7d6dfe1f
    • Herbert Xu's avatar
      [IPSEC] Use XFRM_MSG_* instead of XFRM_SAP_* · f60f6b8f
      Herbert Xu authored
      This patch removes XFRM_SAP_* and converts them over to XFRM_MSG_*.
      The netlink interface is meant to map directly onto the underlying
      xfrm subsystem.  Therefore rather than using a new independent
      representation for the events we can simply use the existing ones
      from xfrm_user.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      f60f6b8f
    • Herbert Xu's avatar
      [IPSEC] Set byid for km_event in xfrm_get_policy · e7443892
      Herbert Xu authored
      This patch fixes policy deletion in xfrm_user so that it sets
      km_event.data.byid.  This puts xfrm_user on par with what af_key
      does in this case.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      e7443892
    • Herbert Xu's avatar
      [IPSEC] Turn km_event.data into a union · bf08867f
      Herbert Xu authored
      This patch turns km_event.data into a union.  This makes code that
      uses it clearer.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      bf08867f
    • Herbert Xu's avatar
      [IPSEC] Fix xfrm to pfkey SA state conversion · 4f09f0bb
      Herbert Xu authored
      This patch adjusts the SA state conversion in af_key such that
      XFRM_STATE_ERROR/XFRM_STATE_DEAD will be converted to SADB_STATE_DEAD
      instead of SADB_STATE_DYING.
      
      According to RFC 2367, SADB_STATE_DYING SAs can be turned into
      mature ones through updating their lifetime settings.  Since SAs
      which are in the states XFRM_STATE_ERROR/XFRM_STATE_DEAD cannot
      be resurrected, this value is unsuitable.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      4f09f0bb
    • Herbert Xu's avatar
      [IPSEC] Kill spurious hard expire messages · 4666faab
      Herbert Xu authored
      This patch ensures that the hard state/policy expire notifications are
      only sent when the state/policy is successfully removed from their
      respective tables.
      
      As it is, it's possible for a state/policy to both expire through
      reaching a hard limit, as well as being deleted by the user.
      
      Note that this behaviour isn't actually forbidden by RFC 2367.
      However, it is a quality of implementation issue.
      
      As an added bonus, the restructuring in this patch will help
      eventually in moving the expire notifications from softirq
      context into process context, thus improving their reliability.
      
      One important side-effect from this change is that SAs reaching
      their hard byte/packet limits are now deleted immediately, just
      like SAs that have reached their hard time limits.
      
      Previously they were announced immediately but only deleted after
      30 seconds.
      
      This is bad because it prevents the system from issuing an ACQUIRE
      command until the existing state was deleted by the user or expires
      after the time is up.
      
      In the scenario where the expire notification was lost this introduces
      a 30 second delay into the system for no good reason.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      4666faab
    • Jamal Hadi Salim's avatar
      [IPSEC] Add complete xfrm event notification · 26b15dad
      Jamal Hadi Salim authored
      Heres the final patch.
      What this patch provides
      
      - netlink xfrm events
      - ability to have events generated by netlink propagated to pfkey
        and vice versa.
      - fixes the acquire lets-be-happy-with-one-success issue
      Signed-off-by: default avatarJamal Hadi Salim <hadi@cyberus.ca>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      26b15dad
  2. 18 Jun, 2005 14 commits
  3. 17 Jun, 2005 12 commits
  4. 16 Jun, 2005 4 commits