linux.git/net/ipv4/ah4.c, branch v4.3 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git ah4: Fix error return in ah_input(). 2015-08-25T20:38:50+00:00 David S. Miller davem@davemloft.net 2015-08-25T20:38:50+00:00 94c10f0ea303473884f69edd6bbb0cedcf570105 Noticed by Herbert Xu. Signed-off-by: David S. Miller <davem@davemloft.net> 
Noticed by Herbert Xu.

Signed-off-by: David S. Miller <davem@davemloft.net>
ipsec: Remove obsolete MAX_AH_AUTH_LEN 2014-09-18T08:54:36+00:00 Herbert Xu herbert@gondor.apana.org.au 2014-09-18T08:38:18+00:00 689f1c9de2abbd76fda224d12cea5f43568a4335 While tracking down the MAX_AH_AUTH_LEN crash in an old kernel I thought that this limit was rather arbitrary and we should just get rid of it. In fact it seems that we've already done all the work needed to remove it apart from actually removing it. This limit was there in order to limit stack usage. Since we've already switched over to allocating scratch space using kmalloc, there is no longer any need to limit the authentication length. This patch kills all references to it, including the BUG_ONs that led me here. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 
While tracking down the MAX_AH_AUTH_LEN crash in an old kernel
I thought that this limit was rather arbitrary and we should
just get rid of it.

In fact it seems that we've already done all the work needed
to remove it apart from actually removing it.  This limit was
there in order to limit stack usage.  Since we've already
switched over to allocating scratch space using kmalloc, there
is no longer any need to limit the authentication length.

This patch kills all references to it, including the BUG_ONs
that led me here.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
ah4: Use the IPsec protocol multiplexer API 2014-02-25T06:04:17+00:00 Steffen Klassert steffen.klassert@secunet.com 2014-02-21T07:41:09+00:00 e5b56454e09a45ea6206d5253f78042c4e63f7d4 Switch ah4 to use the new IPsec protocol multiplexer. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 
Switch ah4 to use the new IPsec protocol multiplexer.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
{IPv4,xfrm} Add ESN support for AH ingress part 2014-02-12T06:02:10+00:00 Fan Du fan.du@windriver.com 2014-01-18T01:54:25+00:00 d8b2a8600b0ea002985d65bba4a94642a01bfe4c This patch add esn support for AH input stage by attaching upper 32bits sequence number right after packet payload as specified by RFC 4302. Then the ICV value will guard upper 32bits sequence number as well when packet getting in. Signed-off-by: Fan Du <fan.du@windriver.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 
This patch add esn support for AH input stage by attaching upper 32bits
sequence number right after packet payload as specified by RFC 4302.

Then the ICV value will guard upper 32bits sequence number as well when
packet getting in.

Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
{IPv4,xfrm} Add ESN support for AH egress part 2014-02-12T06:02:10+00:00 Fan Du fan.du@windriver.com 2014-01-18T01:54:24+00:00 d4d573d0334d07341beffdcf97e2b85d3955d8ae This patch add esn support for AH output stage by attaching upper 32bits sequence number right after packet payload as specified by RFC 4302. Then the ICV value will guard upper 32bits sequence number as well when packet going out. Signed-off-by: Fan Du <fan.du@windriver.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 
This patch add esn support for AH output stage by attaching upper 32bits
sequence number right after packet payload as specified by RFC 4302.

Then the ICV value will guard upper 32bits sequence number as well when
packet going out.

Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
ipv4: properly refresh rtable entries on pmtu/redirect events 2013-06-03T07:07:42+00:00 Timo Teräs timo.teras@iki.fi 2013-05-27T20:46:31+00:00 387aa65a89434abe3128d36d1a6fc3842c94905d This reverts commit 05ab86c5 (xfrm4: Invalidate all ipv4 routes on IPsec pmtu events). Flushing all cached entries is not needed. Instead, invalidate only the related next hop dsts to recheck for the added next hop exception where needed. This also fixes a subtle race due to bumping generation id's before updating the pmtu. Cc: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net> 
This reverts commit 05ab86c5 (xfrm4: Invalidate all ipv4 routes on
IPsec pmtu events). Flushing all cached entries is not needed.

Instead, invalidate only the related next hop dsts to recheck for
the added next hop exception where needed. This also fixes a subtle
race due to bumping generation id's before updating the pmtu.

Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
net: Add skb_unclone() helper function. 2013-02-15T20:10:37+00:00 Pravin B Shelar pshelar@nicira.com 2013-02-14T09:44:49+00:00 14bbd6a565e1bcdc240d44687edb93f721cfdf99 This function will be used in next GRE_GSO patch. This patch does not change any functionality. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Eric Dumazet <edumazet@google.com> 
This function will be used in next GRE_GSO patch. This patch does
not change any functionality.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Eric Dumazet <edumazet@google.com>
xfrm4: Invalidate all ipv4 routes on IPsec pmtu events 2013-01-21T11:43:54+00:00 Steffen Klassert steffen.klassert@secunet.com 2013-01-15T12:38:53+00:00 05ab86c55683410593720003442dde629782aaac On IPsec pmtu events we can't access the transport headers of the original packet, so we can't find the socket that sent the packet. The only chance to notify the socket about the pmtu change is to force a relookup for all routes. This patch implenents this for the IPsec protocols. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 
On IPsec pmtu events we can't access the transport headers of
the original packet, so we can't find the socket that sent
the packet. The only chance to notify the socket about the
pmtu change is to force a relookup for all routes. This
patch implenents this for the IPsec protocols.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
ah4/esp4: set transport header correctly for IPsec tunnel mode. 2013-01-08T11:41:30+00:00 Li RongQing roy.qing.li@gmail.com 2012-12-28T08:07:16+00:00 7143dfac692cd25d48a24dbe8323bc17af95b4ec IPsec tunnel does not set ECN field to CE in inner header when the ECN field in the outer header is CE, and the ECN field in the inner header is ECT(0) or ECT(1). The cause is ipip_hdr() does not return the correct address of inner header since skb->transport-header is not the inner header after esp_input_done2(), or ah_input(). Signed-off-by: Li RongQing <roy.qing.li@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 
IPsec tunnel does not set ECN field to CE in inner header when
the ECN field in the outer header is CE, and the ECN field in
the inner header is ECT(0) or ECT(1).

The cause is ipip_hdr() does not return the correct address of
inner header since skb->transport-header is not the inner header
after esp_input_done2(), or ah_input().

Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-12T04:27:49+00:00 David S. Miller davem@davemloft.net 2012-07-12T04:27:49+00:00 55be7a9c6074f749d617a7fc1914c9a23505438c Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: David S. Miller <davem@davemloft.net>