| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200730054130.16923-1-steffen.klassert@secunet.com>
Date: Thu, 30 Jul 2020 07:41:11 +0200
From: Steffen Klassert <steffen.klassert@...unet.com>
To: David Miller <davem@...emloft.net>
CC: Herbert Xu <herbert@...dor.apana.org.au>,
Steffen Klassert <steffen.klassert@...unet.com>,
<netdev@...r.kernel.org>
Subject: pull request (net-next): ipsec-next 2020-07-30
Please note that I did the first time now --no-ff merges
of my testing branch into the master branch to include
the [PATCH 0/n] message of a patchset. Please let me
know if this is desirable, or if I should do it any
different.
1) Introduce a oseq-may-wrap flag to disable anti-replay
protection for manually distributed ICVs as suggested
in RFC 4303. From Petr Vaněk.
2) Patchset to fully support IPCOMP for vti4, vti6 and
xfrm interfaces. From Xin Long.
3) Switch from a linear list to a hash list for xfrm interface
lookups. From Eyal Birger.
4) Fixes to not register one xfrm(6)_tunnel object twice.
From Xin Long.
5) Fix two compile errors that were introduced with the
IPCOMP support for vti and xfrm interfaces.
Also from Xin Long.
6) Make the policy hold queue work with VTI. This was
forgotten when VTI was implemented.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit 8af7b4525acf5012b2f111a8b168b8647f2c8d60:
Merge branch 'net-atlantic-additional-A2-features' (2020-06-22 21:10:22 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
for you to fetch changes up to b328ecc468f8f92433c9ad82675c0ce9f99b10cf:
xfrm: Make the policy hold queue work with VTI. (2020-07-21 08:34:44 +0200)
----------------------------------------------------------------
Eyal Birger (2):
xfrm interface: avoid xi lookup in xfrmi_decode_session()
xfrm interface: store xfrmi contexts in a hash by if_id
Petr Vaněk (1):
xfrm: introduce oseq-may-wrap flag
Steffen Klassert (4):
Merge remote-tracking branch 'origin/testing'
Merge remote-tracking branch 'origin/testing'
Merge remote-tracking branch 'origin/testing'
xfrm: Make the policy hold queue work with VTI.
Xin Long (15):
xfrm: add is_ipip to struct xfrm_input_afinfo
tunnel4: add cb_handler to struct xfrm_tunnel
tunnel6: add tunnel6_input_afinfo for ipip and ipv6 tunnels
ip_vti: support IPIP tunnel processing with .cb_handler
ip_vti: support IPIP6 tunnel processing
ip6_vti: support IP6IP6 tunnel processing with .cb_handler
ip6_vti: support IP6IP tunnel processing
ipcomp: assign if_id to child tunnel from parent tunnel
xfrm: interface: support IP6IP6 and IP6IP tunnels processing with .cb_handler
xfrm: interface: support IPIP and IPIP6 tunnels processing with .cb_handler
ip_vti: not register vti_ipip_handler twice
ip6_vti: not register vti_ipv6_handler twice
xfrm: interface: not xfrmi_ipv6/ipip_handler twice
xfrm: interface: use IS_REACHABLE to avoid some compile errors
ip6_vti: use IS_REACHABLE to avoid some compile errors
include/net/xfrm.h | 5 +-
include/uapi/linux/xfrm.h | 1 +
net/ipv4/ip_vti.c | 80 ++++++++++++++++-----------
net/ipv4/ipcomp.c | 1 +
net/ipv4/tunnel4.c | 43 +++++++++++++++
net/ipv6/ip6_vti.c | 52 +++++++++++++++++-
net/ipv6/ipcomp6.c | 1 +
net/ipv6/tunnel6.c | 41 ++++++++++++++
net/xfrm/xfrm_input.c | 24 ++++----
net/xfrm/xfrm_interface.c | 136 +++++++++++++++++++++++++++++++++++++++-------
net/xfrm/xfrm_policy.c | 11 ++++
net/xfrm/xfrm_replay.c | 12 ++--
12 files changed, 338 insertions(+), 69 deletions(-)
Powered by blists - more mailing lists