| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240713102416.3272997-1-steffen.klassert@secunet.com>
Date: Sat, 13 Jul 2024 12:24:11 +0200
From: Steffen Klassert <steffen.klassert@...unet.com>
To: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>
CC: Herbert Xu <herbert@...dor.apana.org.au>, Steffen Klassert
<steffen.klassert@...unet.com>, <netdev@...r.kernel.org>
Subject: [PATCH 0/5] pull request (net-next): ipsec-next 2024-07-13
1) Support sending NAT keepalives in ESP in UDP states.
Userspace IKE daemon had to do this before, but the
kernel can better keep track of it.
From Eyal Birger.
2) Support IPsec crypto offload for IPv6 ESP and IPv4 UDP-encapsulated
ESP data paths. Currently, IPsec crypto offload is enabled for GRO
code path only. This patchset support UDP encapsulation for the non
GRO path. From Mike Yu.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit 5233a55a5254ea38dcdd8d836a0f9ee886c3df51:
mISDN: remove unused struct 'bf_ctx' (2024-05-27 16:48:00 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git tags/ipsec-next-2024-07-13
for you to fetch changes up to d5b60c6517d227b044674718a993caae19080f7b:
Merge branch 'Support IPsec crypto offload for IPv6 ESP and IPv4 UDP-encapsulated ESP data paths' (2024-07-13 11:14:04 +0200)
----------------------------------------------------------------
ipsec-next-2024-07-13
----------------------------------------------------------------
Eyal Birger (1):
xfrm: support sending NAT keepalives in ESP in UDP states
Mike Yu (4):
xfrm: Support crypto offload for inbound IPv6 ESP packets not in GRO path
xfrm: Allow UDP encapsulation in crypto offload control path
xfrm: Support crypto offload for inbound IPv4 UDP-encapsulated ESP packet
xfrm: Support crypto offload for outbound IPv4 UDP-encapsulated ESP packet
Steffen Klassert (1):
Merge branch 'Support IPsec crypto offload for IPv6 ESP and IPv4 UDP-encapsulated ESP data paths'
include/net/ipv6_stubs.h | 3 +
include/net/netns/xfrm.h | 1 +
include/net/xfrm.h | 10 ++
include/uapi/linux/xfrm.h | 1 +
net/ipv4/esp4.c | 8 +-
net/ipv4/esp4_offload.c | 17 ++-
net/ipv6/af_inet6.c | 1 +
net/ipv6/xfrm6_policy.c | 7 +
net/xfrm/Makefile | 3 +-
net/xfrm/xfrm_compat.c | 6 +-
net/xfrm/xfrm_device.c | 6 +-
net/xfrm/xfrm_input.c | 3 +-
net/xfrm/xfrm_nat_keepalive.c | 292 ++++++++++++++++++++++++++++++++++++++++++
net/xfrm/xfrm_policy.c | 13 +-
net/xfrm/xfrm_state.c | 17 +++
net/xfrm/xfrm_user.c | 15 +++
16 files changed, 393 insertions(+), 10 deletions(-)
create mode 100644 net/xfrm/xfrm_nat_keepalive.c
Powered by blists - more mailing lists