linux-stable.git/include/linux/xfrm.h, branch linux-2.6.20.y Linux kernel stable tree [XFRM]: Fix XFRMGRP_REPORT to use correct multicast group. 2006-12-09T01:19:30+00:00 J Hadi Salim hadi@cyberus.ca 2006-12-08T08:12:15+00:00 93366c537b3426261cac4db27acc10a99cd91b06 XFRMGRP_REPORT uses 0x10 which is a group that belongs to events. The correct value is 0x20. We should really be using xfrm_nlgroups going forward; it was tempting to delete the definition of XFRMGRP_REPORT but it would break at least iproute2. Signed-off-by: J Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net> 
XFRMGRP_REPORT uses 0x10 which is a group that belongs
to events. The correct value is 0x20.
We should really be using xfrm_nlgroups going forward; it was tempting
to delete the definition of XFRMGRP_REPORT but it would break at
least iproute2.

Signed-off-by: J Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
[XFRM]: Fix aevent structuring to be more complete. 2006-12-03T06:22:25+00:00 Jamal Hadi Salim hadi@cyberus.ca 2006-12-03T06:22:25+00:00 2b5f6dcce5bf94b9b119e9ed8d537098ec61c3d2 aevents can not uniquely identify an SA. We break the ABI with this patch, but consensus is that since it is not yet utilized by any (known) application then it is fine (better do it now than later). Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net> 
aevents can not uniquely identify an SA. We break the ABI with this
patch, but consensus is that since it is not yet utilized by any
(known) application then it is fine (better do it now than later).

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
[IPV4]: encapsulation annotations 2006-12-03T05:21:17+00:00 Al Viro viro@zeniv.linux.org.uk 2006-11-08T08:23:14+00:00 d5a0a1e3109339090769e40fdaa62482fcf2a717 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
[XFRM]: BEET mode 2006-10-04T07:31:09+00:00 Diego Beltrami diego.beltrami@gmail.com 2006-10-04T06:47:05+00:00 0a69452cb45add0841c2bc1e75c25f6bd4f1d8d9 This patch introduces the BEET mode (Bound End-to-End Tunnel) with as specified by the ietf draft at the following link: http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-06.txt The patch provides only single family support (i.e. inner family = outer family). Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com> Signed-off-by: Miika Komu <miika@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Abhinav Pathak <abhinav.pathak@hiit.fi> Signed-off-by: Jeff Ahrenholz <ahrenholz@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch introduces the BEET mode (Bound End-to-End Tunnel) with as
specified by the ietf draft at the following link:

http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-06.txt

The patch provides only single family support (i.e. inner family =
outer family).

Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com>
Signed-off-by: Miika Komu     <miika@iki.fi>
Signed-off-by: Herbert Xu     <herbert@gondor.apana.org.au>
Signed-off-by: Abhinav Pathak <abhinav.pathak@hiit.fi>
Signed-off-by: Jeff Ahrenholz <ahrenholz@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[XFRM]: struct xfrm_usersa_id annotations 2006-09-29T01:02:42+00:00 Al Viro viro@zeniv.linux.org.uk 2006-09-28T01:48:48+00:00 9916ecb0a6f52f1475fa2f71845227d3c75fb40c Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
[XFRM]: struct xfrm_id annotations 2006-09-29T01:02:38+00:00 Al Viro viro@zeniv.linux.org.uk 2006-09-28T01:47:40+00:00 e037c39bf965ca66fde902e191d849a90de278fe Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
[XFRM]: xfrm_address_t annotations 2006-09-29T01:02:35+00:00 Al Viro viro@zeniv.linux.org.uk 2006-09-28T01:46:48+00:00 737b5761dfc609b5be4163deb2cf09226f56bcbc Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
[XFRM]: ports in struct xfrm_selector annotated 2006-09-29T01:02:33+00:00 Al Viro viro@zeniv.linux.org.uk 2006-09-28T01:46:11+00:00 8f83f23e6db8b9a9fe787d02f73489224668c4e2 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
[XFRM] POLICY: Support netlink socket interface for sub policy. 2006-09-22T22:08:35+00:00 Masahide NAKAMURA nakam@linux-ipv6.org 2006-08-24T05:49:28+00:00 f7b6983f0feeefcd2a594138adcffe640593d8de Sub policy can be used through netlink socket. PF_KEY uses main only and it is TODO to support sub. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Sub policy can be used through netlink socket.
PF_KEY uses main only and it is TODO to support sub.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[XFRM] POLICY: sub policy support. 2006-09-22T22:08:34+00:00 Masahide NAKAMURA nakam@linux-ipv6.org 2006-08-24T05:43:30+00:00 4e81bb8336a0ac50289d4d4c7a55e559b994ee8f Sub policy is introduced. Main and sub policy are applied the same flow. (Policy that current kernel uses is named as main.) It is required another transformation policy management to keep IPsec and Mobile IPv6 lives separate. Policy which lives shorter time in kernel should be a sub i.e. normally main is for IPsec and sub is for Mobile IPv6. (Such usage as two IPsec policies on different database can be used, too.) Limitation or TODOs: - Sub policy is not supported for per socket one (it is always inserted as main). - Current kernel makes cached outbound with flowi to skip searching database. However this patch makes it disabled only when "two policies are used and the first matched one is bypass case" because neither flowi nor bundle information knows about transformation template size. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> 
Sub policy is introduced. Main and sub policy are applied the same flow.
(Policy that current kernel uses is named as main.)
It is required another transformation policy management to keep IPsec
and Mobile IPv6 lives separate.
Policy which lives shorter time in kernel should be a sub i.e. normally
main is for IPsec and sub is for Mobile IPv6.
(Such usage as two IPsec policies on different database can be used, too.)

Limitation or TODOs:
 - Sub policy is not supported for per socket one (it is always inserted as main).
 - Current kernel makes cached outbound with flowi to skip searching database.
   However this patch makes it disabled only when "two policies are used and
   the first matched one is bypass case" because neither flowi nor bundle
   information knows about transformation template size.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>