| Message ID | 20200730054130.16923-1-steffen.klassert@secunet.com |
|---|---|
| State | Accepted |
| Delegated to: | David Miller |
| Headers | show |
| Series | pull request (net-next): ipsec-next 2020-07-30 | expand |
From: Steffen Klassert <steffen.klassert@secunet.com> Date: Thu, 30 Jul 2020 07:41:11 +0200 > Please note that I did the first time now --no-ff merges > of my testing branch into the master branch to include > the [PATCH 0/n] message of a patchset. Please let me > know if this is desirable, or if I should do it any > different. It looks really nice, thanks for doing this. > 1) Introduce a oseq-may-wrap flag to disable anti-replay > protection for manually distributed ICVs as suggested > in RFC 4303. From Petr Vaněk. > > 2) Patchset to fully support IPCOMP for vti4, vti6 and > xfrm interfaces. From Xin Long. > > 3) Switch from a linear list to a hash list for xfrm interface > lookups. From Eyal Birger. > > 4) Fixes to not register one xfrm(6)_tunnel object twice. > From Xin Long. > > 5) Fix two compile errors that were introduced with the > IPCOMP support for vti and xfrm interfaces. > Also from Xin Long. > > 6) Make the policy hold queue work with VTI. This was > forgotten when VTI was implemented. > > Please pull or let me know if there are problems. ... > git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master Pulled, thank you!
Please note that I did the first time now --no-ff merges of my testing branch into the master branch to include the [PATCH 0/n] message of a patchset. Please let me know if this is desirable, or if I should do it any different. 1) Introduce a oseq-may-wrap flag to disable anti-replay protection for manually distributed ICVs as suggested in RFC 4303. From Petr Vaněk. 2) Patchset to fully support IPCOMP for vti4, vti6 and xfrm interfaces. From Xin Long. 3) Switch from a linear list to a hash list for xfrm interface lookups. From Eyal Birger. 4) Fixes to not register one xfrm(6)_tunnel object twice. From Xin Long. 5) Fix two compile errors that were introduced with the IPCOMP support for vti and xfrm interfaces. Also from Xin Long. 6) Make the policy hold queue work with VTI. This was forgotten when VTI was implemented. Please pull or let me know if there are problems. Thanks! The following changes since commit 8af7b4525acf5012b2f111a8b168b8647f2c8d60: Merge branch 'net-atlantic-additional-A2-features' (2020-06-22 21:10:22 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master for you to fetch changes up to b328ecc468f8f92433c9ad82675c0ce9f99b10cf: xfrm: Make the policy hold queue work with VTI. (2020-07-21 08:34:44 +0200) ---------------------------------------------------------------- Eyal Birger (2): xfrm interface: avoid xi lookup in xfrmi_decode_session() xfrm interface: store xfrmi contexts in a hash by if_id Petr Vaněk (1): xfrm: introduce oseq-may-wrap flag Steffen Klassert (4): Merge remote-tracking branch 'origin/testing' Merge remote-tracking branch 'origin/testing' Merge remote-tracking branch 'origin/testing' xfrm: Make the policy hold queue work with VTI. Xin Long (15): xfrm: add is_ipip to struct xfrm_input_afinfo tunnel4: add cb_handler to struct xfrm_tunnel tunnel6: add tunnel6_input_afinfo for ipip and ipv6 tunnels ip_vti: support IPIP tunnel processing with .cb_handler ip_vti: support IPIP6 tunnel processing ip6_vti: support IP6IP6 tunnel processing with .cb_handler ip6_vti: support IP6IP tunnel processing ipcomp: assign if_id to child tunnel from parent tunnel xfrm: interface: support IP6IP6 and IP6IP tunnels processing with .cb_handler xfrm: interface: support IPIP and IPIP6 tunnels processing with .cb_handler ip_vti: not register vti_ipip_handler twice ip6_vti: not register vti_ipv6_handler twice xfrm: interface: not xfrmi_ipv6/ipip_handler twice xfrm: interface: use IS_REACHABLE to avoid some compile errors ip6_vti: use IS_REACHABLE to avoid some compile errors include/net/xfrm.h | 5 +- include/uapi/linux/xfrm.h | 1 + net/ipv4/ip_vti.c | 80 ++++++++++++++++----------- net/ipv4/ipcomp.c | 1 + net/ipv4/tunnel4.c | 43 +++++++++++++++ net/ipv6/ip6_vti.c | 52 +++++++++++++++++- net/ipv6/ipcomp6.c | 1 + net/ipv6/tunnel6.c | 41 ++++++++++++++ net/xfrm/xfrm_input.c | 24 ++++---- net/xfrm/xfrm_interface.c | 136 +++++++++++++++++++++++++++++++++++++++------- net/xfrm/xfrm_policy.c | 11 ++++ net/xfrm/xfrm_replay.c | 12 ++-- 12 files changed, 338 insertions(+), 69 deletions(-)