Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Minor conflict in ip_output.c, overlapping changes to
the body of an if() statement.

Signed-off-by: David S. Miller <davem@davemloft.net>

David S. Miller 8 years ago 62515f95 9d4927f0

+114 -8

5 changed files

expand all

net

ipv4

ip_output.c

ipv6

ip6_vti.c

xfrm6_state.c

xfrm

xfrm_state.c

tools

testing

selftests

net

rtnetlink.sh

+1 -1

net/ipv4/ip_output.c

··· 910 910 length + fragheaderlen <= mtu && 911 911 rt->dst.dev->features & (NETIF_F_HW_CSUM | NETIF_F_IP_CSUM) && 912 912 (!(flags & MSG_MORE) || cork->gso_size) && 913 - !exthdrlen) 913 + (!exthdrlen || (rt->dst.dev->features & NETIF_F_HW_ESP_TX_CSUM))) 914 914 csummode = CHECKSUM_PARTIAL; 915 915 916 916 cork->length += length;

+1 -1

net/ipv6/ip6_vti.c

··· 743 743 } 744 744 745 745 /** 746 - * vti6_tnl_ioctl - configure vti6 tunnels from userspace 746 + * vti6_ioctl - configure vti6 tunnels from userspace 747 747 * @dev: virtual device associated with tunnel 748 748 * @ifr: parameters passed from userspace 749 749 * @cmd: command to be performed

+2 -4

net/ipv6/xfrm6_state.c

··· 60 60 static int 61 61 __xfrm6_sort(void **dst, void **src, int n, int (*cmp)(void *p), int maxclass) 62 62 { 63 - int i; 63 + int count[XFRM_MAX_DEPTH] = { }; 64 64 int class[XFRM_MAX_DEPTH]; 65 - int count[maxclass]; 66 - 67 - memset(count, 0, sizeof(count)); 65 + int i; 68 66 69 67 for (i = 0; i < n; i++) { 70 68 int c;

+7 -2

net/xfrm/xfrm_state.c

··· 42 42 43 43 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024; 44 44 static __read_mostly seqcount_t xfrm_state_hash_generation = SEQCNT_ZERO(xfrm_state_hash_generation); 45 + static struct kmem_cache *xfrm_state_cache __ro_after_init; 45 46 46 47 static DECLARE_WORK(xfrm_state_gc_work, xfrm_state_gc_task); 47 48 static HLIST_HEAD(xfrm_state_gc_list); ··· 452 451 } 453 452 xfrm_dev_state_free(x); 454 453 security_xfrm_state_free(x); 455 - kfree(x); 454 + kmem_cache_free(xfrm_state_cache, x); 456 455 } 457 456 458 457 static void xfrm_state_gc_task(struct work_struct *work) ··· 564 563 { 565 564 struct xfrm_state *x; 566 565 567 - x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC); 566 + x = kmem_cache_alloc(xfrm_state_cache, GFP_ATOMIC | __GFP_ZERO); 568 567 569 568 if (x) { 570 569 write_pnet(&x->xs_net, net); ··· 2307 2306 int __net_init xfrm_state_init(struct net *net) 2308 2307 { 2309 2308 unsigned int sz; 2309 + 2310 + if (net_eq(net, &init_net)) 2311 + xfrm_state_cache = KMEM_CACHE(xfrm_state, 2312 + SLAB_HWCACHE_ALIGN | SLAB_PANIC); 2310 2313 2311 2314 INIT_LIST_HEAD(&net->xfrm.state_all); 2312 2315

+103

tools/testing/selftests/net/rtnetlink.sh

··· 502 502 echo "PASS: macsec" 503 503 } 504 504 505 + #------------------------------------------------------------------- 506 + # Example commands 507 + # ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \ 508 + # spi 0x07 mode transport reqid 0x07 replay-window 32 \ 509 + # aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \ 510 + # sel src 14.0.0.52/24 dst 14.0.0.70/24 511 + # ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \ 512 + # tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \ 513 + # spi 0x07 mode transport reqid 0x07 514 + # 515 + # Subcommands not tested 516 + # ip x s update 517 + # ip x s allocspi 518 + # ip x s deleteall 519 + # ip x p update 520 + # ip x p deleteall 521 + # ip x p set 522 + #------------------------------------------------------------------- 523 + kci_test_ipsec() 524 + { 525 + srcip="14.0.0.52" 526 + dstip="14.0.0.70" 527 + algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128" 528 + 529 + # flush to be sure there's nothing configured 530 + ip x s flush ; ip x p flush 531 + check_err $? 532 + 533 + # start the monitor in the background 534 + tmpfile=`mktemp ipsectestXXX` 535 + ip x m > $tmpfile & 536 + mpid=$! 537 + sleep 0.2 538 + 539 + ipsecid="proto esp src $srcip dst $dstip spi 0x07" 540 + ip x s add $ipsecid \ 541 + mode transport reqid 0x07 replay-window 32 \ 542 + $algo sel src $srcip/24 dst $dstip/24 543 + check_err $? 544 + 545 + lines=`ip x s list | grep $srcip | grep $dstip | wc -l` 546 + test $lines -eq 2 547 + check_err $? 548 + 549 + ip x s count | grep -q "SAD count 1" 550 + check_err $? 551 + 552 + lines=`ip x s get $ipsecid | grep $srcip | grep $dstip | wc -l` 553 + test $lines -eq 2 554 + check_err $? 555 + 556 + ip x s delete $ipsecid 557 + check_err $? 558 + 559 + lines=`ip x s list | wc -l` 560 + test $lines -eq 0 561 + check_err $? 562 + 563 + ipsecsel="dir out src $srcip/24 dst $dstip/24" 564 + ip x p add $ipsecsel \ 565 + tmpl proto esp src $srcip dst $dstip \ 566 + spi 0x07 mode transport reqid 0x07 567 + check_err $? 568 + 569 + lines=`ip x p list | grep $srcip | grep $dstip | wc -l` 570 + test $lines -eq 2 571 + check_err $? 572 + 573 + ip x p count | grep -q "SPD IN 0 OUT 1 FWD 0" 574 + check_err $? 575 + 576 + lines=`ip x p get $ipsecsel | grep $srcip | grep $dstip | wc -l` 577 + test $lines -eq 2 578 + check_err $? 579 + 580 + ip x p delete $ipsecsel 581 + check_err $? 582 + 583 + lines=`ip x p list | wc -l` 584 + test $lines -eq 0 585 + check_err $? 586 + 587 + # check the monitor results 588 + kill $mpid 589 + lines=`wc -l $tmpfile | cut "-d " -f1` 590 + test $lines -eq 20 591 + check_err $? 592 + rm -rf $tmpfile 593 + 594 + # clean up any leftovers 595 + ip x s flush 596 + check_err $? 597 + ip x p flush 598 + check_err $? 599 + 600 + if [ $ret -ne 0 ]; then 601 + echo "FAIL: ipsec" 602 + return 1 603 + fi 604 + echo "PASS: ipsec" 605 + } 606 + 505 607 kci_test_gretap() 506 608 { 507 609 testns="testns" ··· 857 755 kci_test_vrf 858 756 kci_test_encap 859 757 kci_test_macsec 758 + kci_test_ipsec 860 759 861 760 kci_del_dummy 862 761 }