- 07 Dec, 2006 31 commits
-
-
Patrick McHardy authored
When the first fw classifier is initialized, there is a small window between the ->init() and ->change() calls, during which the classifier is active but not entirely set up and tp->root is still NULL (->init() does nothing). When a packet is queued during this window a NULL pointer dereference occurs in fw_classify() when trying to dereference head->mask; Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Bart De Schuymer authored
The attached patch resolves an issue where a IP DNATed packet with a martian source is forwarded while it's better to drop it. It also resolves messages complaining about ip forwarding being disabled while it's actually enabled. Thanks to lepton <ytht.net@gmail.com> for reporting this problem. This is probably a candidate for the -stable release. Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yasuyuki Kozakai authored
The original code continues loop to find expectation in list if the master conntrack of the found expectation is unconfirmed. But it never success in that case, because nf_conntrack_expect_related() never insert clashed expectation to the list. This stops loop in that case. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yasuyuki Kozakai authored
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dmitry Mishin authored
In compat mode, matches and targets valid hooks checks always successful due to not initialized e->comefrom field yet. This patch separates this checks from translation code and moves them after mark_source_chains() call, where these marks are initialized. Signed-off-by: Dmitry Mishin <dim@openvz.org> Signed-off-by; Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dmitry Mishin authored
Commit 590bdf7f introduced a regression in match/target hook validation. mark_source_chains builds a bitmask for each rule representing the hooks it can be reached from, which is then used by the matches and targets to make sure they are only called from valid hooks. The patch moved the match/target specific validation before the mark_source_chains call, at which point the mask is always zero. This patch returns back to the old order and moves the standard checks to mark_source_chains. This allows to get rid of a special case for standard targets as a nice side-effect. Signed-off-by: Dmitry Mishin <dim@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Herbert Xu authored
Rather than stuffing integers into pointers with casts, let's use a union. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Fixes: crypto/lrw.c:99: warning: conflicting types for built-in function ‘round’ Signed-off-by: David S. Miller <davem@davemloft.net>
-
Herbert Xu authored
As CBC is the default chaining method for cryptoloop, we should select it from cryptoloop to ease the transition. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Rik Snel authored
Do modprobe tcrypt mode=10 to check the included test vectors, they are from: http://grouper.ieee.org/groups/1619/email/pdf00017.pdf and from http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html. To make the last test vector fit, I had to increase the buffer size of input and result to 512 bytes. Signed-off-by: Rik Snel <rsnel@cube.dyndns.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Rik Snel authored
Main module, this implements the Liskov Rivest Wagner block cipher mode in the new blockcipher API. The implementation is based on ecb.c. The LRW-32-AES specification I used can be found at: http://grouper.ieee.org/groups/1619/email/pdf00017.pdf It implements the optimization specified as optional in the specification, and in addition it uses optimized multiplication routines from gf128mul.c. Since gf128mul.[ch] is not tested on bigendian, this cipher mode may currently fail badly on bigendian machines. Signed-off-by: Rik Snel <rsnel@cube.dyndns.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Rik Snel authored
A lot of cypher modes need multiplications in GF(2^128). LRW, ABL, GCM... I use functions from this library in my LRW implementation and I will also use them in my ABL (Arbitrary Block Length, an unencumbered (correct me if I am wrong, wide block cipher mode). Elements of GF(2^128) must be presented as u128 *, it encourages automatic and proper alignment. The library contains support for two different representations of GF(2^128), see the comment in gf128mul.h. There different levels of optimization (memory/speed tradeoff). The code is based on work by Dr Brian Gladman. Notable changes: - deletion of two optimization modes - change from u32 to u64 for faster handling on 64bit machines - support for 'bbe' representation in addition to the, already implemented, 'lle' representation. - move 'inline void' functions from header to 'static void' in the source file - update to use the linux coding style conventions The original can be found at: http://fp.gladman.plus.com/AES/modes.vc8.19-06-06.zip The copyright (and GPL statement) of the original author is preserved. Signed-off-by: Rik Snel <rsnel@cube.dyndns.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Rik Snel authored
128bit is a common blocksize in linux kernel cryptography, so it helps to centralize some common operations. The code, while mostly trivial, is based on a header file mode_hdr.h in http://fp.gladman.plus.com/AES/modes.vc8.19-06-06.zip The original copyright (and GPL statement) of the original author, Dr Brian Gladman, is preserved. Signed-off-by: Rik Snel <rsnel@cube.dyndns.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Adrian Bunk authored
This patch removes the following no longer used functions: - api.c: crypto_alg_available() - digest.c: crypto_digest_init() - digest.c: crypto_digest_update() - digest.c: crypto_digest_final() - digest.c: crypto_digest_digest() Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Adrian Bunk authored
On Tue, Nov 14, 2006 at 01:41:25AM -0800, Andrew Morton wrote: >... > Changes since 2.6.19-rc5-mm2: >... > git-cryptodev.patch >... > git trees >... This patch makes the needlessly global geode_aes_crypt() static. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Adrian Bunk authored
On Tue, Nov 14, 2006 at 01:41:25AM -0800, Andrew Morton wrote: >... > Changes since 2.6.19-rc5-mm2: >... > git-cryptodev.patch >... > git trees >... This patch makes some needlessly global code static. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Kazunori MIYAZAWA authored
The glue of xfrm. Signed-off-by: Kazunori MIYAZAWA <miyazawa@linux-ipv6.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Kazunori MIYAZAWA authored
est vectors of XCBC with AES-128. Signed-off-by: Kazunori MIYAZAWA <miyazawa@linux-ipv6.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Kazunori MIYAZAWA authored
This is core code of XCBC. XCBC is an algorithm that forms a MAC algorithm out of a cipher algorithm. For example, AES-XCBC-MAC is a MAC algorithm based on the AES cipher algorithm. Signed-off-by: Kazunori MIYAZAWA <miyazawa@linux-ipv6.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
This patch makes the IV u64-aligned since essiv does a u64 store to it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Rik Snel authored
LRW-32-AES needs a certain IV. This IV should be provided dm-crypt. The block cipher mode could, in principle generate the correct IV from the plain IV, but I think that it is cleaner to supply the right IV directly. The sector -> narrow block calculation uses a shift for performance reasons. This shift is computed in .ctr and stored in cc->iv_gen_private (as a void *). Signed-off-by: Rik Snel <rsnel@cube.dyndns.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Jordan Crouse authored
Add a driver to support the AES hardware on the Geode LX processor. Signed-off-by: Jordan Crouse <jordan.crouse@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Jamal Hadi Salim authored
Same comments as in "[XFRM] Optimize policy dumping" The numbers are (20K SAs):
-
Jamal Hadi Salim authored
This change optimizes the dumping of Security policies. 1) Before this change .. speedopolis:~# time ./ip xf pol real 0m22.274s user 0m0.000s sys 0m22.269s 2) Turn off sub-policies speedopolis:~# ./ip xf pol real 0m13.496s user 0m0.000s sys 0m13.493s i suppose the above is to be expected 3) With this change .. speedopolis:~# time ./ip x policy real 0m7.901s user 0m0.008s sys 0m7.896s
-
Patrick McHardy authored
Currently the behaviour of disable_xfrm is inconsistent between locally generated and forwarded packets. For locally generated packets disable_xfrm disables the policy lookup if it is set on the output device, for forwarded traffic however it looks at the input device. This makes it impossible to disable xfrm on all devices but a dummy device and use normal routing to direct traffic to that device. Always use the output device when checking disable_xfrm. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ben Collins authored
O= builds produced errors in the shell command because of unfound headers. Signed-off-by: Ben Collins <bcollins@ubuntu.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jamal Hadi Salim authored
This patch moves command capabilities to command flags. Other than being cleaner, saves several bytes. We increment the nlctrl version so as to signal to user space that to not expect the attributes. We will try to be careful not to do this too often ;-> Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jesper Juhl authored
Here's a small patch which - adds a few archs to the current list of supported platforms. - adds a few missing slashes at the end of URLs. - adds a few references to additional documentation. - adds "make config" to the list of possible configuration targets. - makes a few other minor changes. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> [ Ben Nizette <ben.nizette@iinet.net.au> points out AVR32 arch too ] Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Jesper Juhl authored
Here's a patch that cleans up the "make help" output a bit for the documentation targets. Currently the documentation targets are listed completely different than all the other targets : Documentation targets: Linux kernel internal documentation in different formats: xmldocs (XML DocBook), psdocs (Postscript), pdfdocs (PDF) htmldocs (HTML), mandocs (man pages, use installmandocs to install) with this patch they are more in line with the rest of the output : Documentation targets: Linux kernel internal documentation in different formats: htmldocs - HTML installmandocs - install man pages generated by mandocs mandocs - man pages pdfdocs - PDF psdocs - Postscript xmldocs - XML DocBook Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Acked-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
git://ftp.linux-mips.org/pub/scm/upstream-linusLinus Torvalds authored
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: [MIPS] Import updates from i386's i8259.c [MIPS] *-berr: Header inclusions for DEC bus error handlers [MIPS] Compile __do_IRQ() when really needed [MIPS] genirq: use name instead of typename [MIPS] Do not use handle_level_irq for ioasic_dma_irq_type. [MIPS] pte_offset(dir,addr): parenthesis fix
-
Linus Torvalds authored
* 'release' of master.kernel.org:/home/ftp/pub/scm/linux/kernel/git/aegl/linux-2.6: [IA64] Fix pci.c kernel compilation breakage.
-
- 06 Dec, 2006 9 commits
-
-
Al Viro authored
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Al Viro authored
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Al Viro authored
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Linus Torvalds authored
Any code that relies on the volatile would be a bug waiting to happen anyway. Don't encourage people to think that putting 'volatile' on data structures somehow fixes problems. We should always use proper locking (and other serialization) techniques. Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Art Haas authored
This is a resubmission of patches originally created by Ingo Molnar. The link below is the initial (?) posting of the patch. http://marc.theaimsgroup.com/?l=linux-kernel&m=115217423929806&w=2 Remove 'volatile' from spinlock_types as it causes GCC to generate bad code (see link) and locking should be used on kernel data. Signed-off-by: Art Haas <ahaas@airmail.net> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Peter Chubb authored
The recent change to convert the is_enabled flag in the PCI device to an atomic count broke the IA64 compilation. As pcibios_disable_device is only ever called if the reference count is zero, convert the if to a BUG_ON. Signed-off-by: Peter Chubb <peterc@gelato.unsw.edu.au> Signed-off-by: Tony Luck <tony.luck@intel.com>
-
Atsushi Nemoto authored
Import many updates from i386's i8259.c, especially genirq transitions. Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
Maciej W. Rozycki authored
A fixup to add missing header inclusions for bus error handlers for DECstation system after the recent switch to get_irq_regs(). Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
Franck Bui-Huu authored
__do_IRQ() is needed only by irq handlers that can't use default handlers defined in kernel/irq/chip.c. For others platforms there's no need to compile this function since it won't be used. For those platforms this patch defines GENERIC_HARDIRQS_NO__DO_IRQ symbol which is used exactly for this purpose. Futhermore for platforms which do not use __do_IRQ(), end() method which is part of the 'irq_chip' structure is not used. This patch simply removes this method in this case. Signed-off-by: Franck Bui-Huu <fbuihuu@gmail.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-