- 21 Mar, 2006 40 commits
-
-
David S. Miller authored
xfrm_user could be modular, and since generic code uses this symbol now... Signed-off-by:David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Signed-off-by: -
Jamal Hadi Salim authored
Add new netlink messages to selinux framework Signed-off-by:
Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by:
-
Jamal Hadi Salim authored
This is similar to the SA expire insertion patch - only it inserts expires for SP. Signed-off-by:
-
Jamal Hadi Salim authored
This patch allows a user to insert SA expires. This is useful to do on an HA backup for the case of byte counts but may not be very useful for the case of time based expiry. Signed-off-by:
-
Jamal Hadi Salim authored
This introduces a feature similar to the one described in RFC 2367: " ... the application needing an SA sends a PF_KEY SADB_ACQUIRE message down to the Key Engine, which then either returns an error or sends a similar SADB_ACQUIRE message up to one or more key management applications capable of creating such SAs. ... ... The third is where an application-layer consumer of security associations (e.g. an OSPFv2 or RIPv2 daemon) needs a security association. Send an SADB_ACQUIRE message from a user process to the kernel. <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> The kernel returns an SADB_ACQUIRE message to registered sockets. <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> The user-level consumer waits for an SADB_UPDATE or SADB_ADD message for its particular type, and then can use that association by using SADB_GET messages. " An app such as OSPF could then use ipsec KM to get keys Signed-off-by: -
Jamal Hadi Salim authored
Add xfrm as the user of the core changes Signed-off-by:
-
Jamal Hadi Salim authored
Fast path sequence updates that will generate ipsec async events Signed-off-by:
-
Jamal Hadi Salim authored
This patch provides the core functionality needed for sync events for ipsec. Derived work of Krisztian KOVACS <hidden@balabit.hu> Signed-off-by:
-
Patrick McHardy authored
Keep backlog counter in SFQ qdisc to make it usable as child qdisc with RED. Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
Patrick McHardy authored
When TBF was converted to a classful qdisc, the semantic of the limit parameter was broken. On initilization an inner bfifo qdisc is created for backwards compatibility, when changing parameters however the new limit is ignored and the current child qdisc remains in place. Always replace the child qdisc by the default bfifo when limit is above zero, otherwise don't touch the inner qdisc. Current tc version enforce a limit above zero, other users can avoid creating the inner qdisc by using zero. Signed-off-by:
-
Patrick McHardy authored
A qdisc should set tcm_info to the child qdisc handle in its class dump function. Signed-off-by:
-
Patrick McHardy authored
The drop operation is optional and qdiscs must check if childs support it. Signed-off-by:
-
Christophe Lucas authored
This patch converts 2 IrDA drivers pci_module_init() calls to pci_register_driver(). Signed-off-by:
Christophe Lucas <clucas@ifrance.com> Signed-off-by:
Domen Puncer <domen@coderock.org> Signed-off-by:
Samuel Ortiz <samuel@sortiz.org> Signed-off-by:
-
David chosrova authored
This patch replaces the deprecated sti/cli routines with the corresponding spin_lock ones. Signed-off-by:
David chosrova <david.chosrova@libertysurf.fr> Signed-off-by:
Samuel Ortiz <samuel.ortiz@nokia.com> Signed-off-by:
-
Jean Tourrilhes authored
This patch simply adds support for a variation of the nsc-ircc PC8739x chipset, found in some IBM Thinkpad laptops. Signed-off-by:
Jean Tourrilhes <jt@hpl.hp.com> Signed-off-by:
-
Dmitry Torokhov authored
This patch brings the nsc-ircc code to a more up to date power management scheme, following the current device model. Signed-off-by:
Dmitry Torokhov <dtor@mail.ru> Signed-off-by:
Rudolf Marek <r.marek@sh.cvut.cz> Signed-off-by:
-
Jean Tourrilhes authored
This enables PnP support for the nsc-ircc chipset. Since we can't fetch the chipset cfg_base from the PnP layer, we just use the PnP information as one more hint when probing the chip. Signed-off-by:
-
Patrick McHardy authored
Keep a bitmask of multicast groups with subscribed listeners to let netlink users check for listeners before generating multicast messages. Queries don't perform any locking, which may result in false positives, it is guaranteed however that any new subscriptions are visible before bind() or setsockopt() return. Signed-off-by:
-
Patrick McHardy authored
Avoid unneccessary event message generation by checking for netlink listeners before building a message. Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Replace netfilter's ip6_masked_addrcmp by a more efficient version in include/net/ipv6.h to make it usable without module dependencies. Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
This allows to make decisions based on the revision (and address family with a follow-up patch) at runtime. Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Introduce new functions for common match/target checks (private data size, valid hooks, valid tables and valid protocols) to get more consistent error reporting and to avoid each module duplicating them. Signed-off-by:
-
Yasuyuki Kozakai authored
Signed-off-by:
Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by:
-
Holger Eitzenberger authored
The recent (kernel 2.6.15.1) fix for PPTP NAT helper introduced a bug - which only appears if DEBUGP is enabled though. The calculation of the CID offset into a PPTP request struct is not correct, so that at least not the correct CID is displayed if DEBUGP is enabled. This patch corrects CID offset calculation and introduces a #define for that. Signed-off-by:
Holger Eitzenberger <heitzenberger@astaro.com> Signed-off-by:
-
Andrea Bittau authored
There was a hybrid use of standard timers and sk_timers. This caused the reference count of the sock to be incorrect when resetting the RTO timer. The sock reference count should now be correct, enabling its destruction, and allowing the DCCP module to be unloaded. Signed-off-by:
Andrea Bittau <a.bittau@cs.ucl.ac.uk> Signed-off-by:
Arnaldo Carvalho de Melo <acme@mandriva.com>
-
Ian McDonald authored
Now CCID2 is the default, as stated in the RFC drafts, but we allow a config where just CCID3 is built, where CCID3 becomes the default. Signed-off-by:
Ian McDonald <imcdnzl@gmail.com> Signed-off-by:
-
Harald Welte authored
This patch moves all helper related data fields of 'struct nf_conn' into a separate structure 'struct nf_conn_help'. This new structure is only present in conntrack entries for which we actually have a helper loaded. Also, this patch cleans up the nf_conntrack 'features' mechanism to resemble what the original idea was: Just glue the feature-specific data structures at the end of 'struct nf_conn', and explicitly re-calculate the pointer to it when needed rather than keeping pointers around. Saves 20 bytes per conntrack on my x86_64 box. A non-helped conntrack is 276 bytes. We still need to save another 20 bytes in order to fit into to target of 256bytes. Signed-off-by:
Harald Welte <laforge@netfilter.org> Signed-off-by:
-
Michael Chan authored
Include <linux/vmalloc.h> so that it compiles properly on all archs. Update version to 1.4.38. Signed-off-by:
Michael Chan <mchan@broadcom.com> Signed-off-by:
-
John Heffner authored
Implementation of packetization layer path mtu discovery for TCP, based on the internet-draft currently found at <http://www.ietf.org/internet-drafts/draft-ietf-pmtud-method-05.txt>. Signed-off-by:
John Heffner <jheffner@psc.edu> Signed-off-by:
-
Michael Chan authored
Update version to 1.4.37. Add missing flush_scheduled_work() in bnx2_suspend as noted by Jeff Garzik. Signed-off-by:
-
Michael Chan authored
Support bigger rx ring sizes (up to 1020) in the rx fast path. Signed-off-by:
-
Michael Chan authored
Increase maximum receive ring size from 255 to 1020 by supporting up to 4 linked pages of receive descriptors. To accomodate the higher memory usage, each physical descriptor page is allocated separately and the software ring that keeps track of the SKBs and the DMA addresses is allocated using vmalloc. Some of the receive-related fields in the bp structure are re- organized a bit for better locality of reference. The max. was reduced to 1020 from 4080 after discussion with David Miller. This patch contains ring init code changes only. This next patch contains rx data path code changes. Signed-off-by:
-
