From: David Miller <davem@davemloft.net>
To: steffen.klassert@secunet.com
Cc: herbert@gondor.apana.org.au, netdev@vger.kernel.org
Subject: Re: pull request (net-next): ipsec-next 2013-12-19
Date: Thu, 19 Dec 2013 18:38:04 -0500 (EST) [thread overview]
Message-ID: <20131219.183804.1892402616200195799.davem@davemloft.net> (raw)
In-Reply-To: <1387435005-8987-1-git-send-email-steffen.klassert@secunet.com>
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Thu, 19 Dec 2013 07:36:37 +0100
> 1) Use the user supplied policy index instead of a generated one
> if present. From Fan Du.
>
> 2) Make xfrm migration namespace aware. From Fan Du.
>
> 3) Make the xfrm state and policy locks namespace aware. From Fan Du.
>
> 4) Remove ancient sleeping when the SA is in acquire state,
> we now queue packets to the policy instead. This replaces the
> sleeping code.
>
> 5) Remove FLOWI_FLAG_CAN_SLEEP. This was used to notify xfrm about the
> posibility to sleep. The sleeping code is gone, so remove it.
>
> 6) Check user specified spi for IPComp. Thr spi for IPcomp is only
> 16 bit wide, so check for a valid value. From Fan Du.
>
> 7) Export verify_userspi_info to check for valid user supplied spi ranges
> with pfkey and netlink. From Fan Du.
>
> 8) RFC3173 states that if the total size of a compressed payload and the IPComp
> header is not smaller than the size of the original payload, the IP datagram
> must be sent in the original non-compressed form. These packets are dropped
> by the inbound policy check because they are not transformed. Document the need
> to set 'level use' for IPcomp to receive such packets anyway. From Fan Du.
>
> Please pull or let me know if there are problems.
Pulled, thanks a lot.
prev parent reply other threads:[~2013-12-19 23:38 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-19 6:36 pull request (net-next): ipsec-next 2013-12-19 Steffen Klassert
2013-12-19 6:36 ` [PATCH 1/8] xfrm: Try to honor policy index if it's supplied by user Steffen Klassert
2013-12-19 6:36 ` [PATCH 2/8] xfrm: Using the right namespace to migrate key info Steffen Klassert
2013-12-19 6:36 ` [PATCH 3/8] xfrm: Namespacify xfrm state/policy locks Steffen Klassert
2013-12-19 6:36 ` [PATCH 4/8] xfrm: Remove ancient sleeping when the SA is in acquire state Steffen Klassert
2013-12-19 6:36 ` [PATCH 5/8] net: Remove FLOWI_FLAG_CAN_SLEEP Steffen Klassert
2013-12-19 6:36 ` [PATCH 6/8] xfrm: check user specified spi for IPComp Steffen Klassert
2013-12-19 6:36 ` [PATCH 7/8] xfrm: export verify_userspi_info for pkfey and netlink interface Steffen Klassert
2013-12-19 6:36 ` [PATCH 8/8] xfrm: Add file to document IPsec corner case Steffen Klassert
2013-12-19 23:38 ` David Miller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131219.183804.1892402616200195799.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).