diff options
author | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-02-08 09:27:06 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-02-08 09:27:06 -0800 |
commit | 3668805a544a6229d6135a4427b8dfe7c343b61f (patch) | |
tree | e486ae277d972a7072d98c80ffc8a285951dac08 /net | |
parent | 7b791d445500c5674b1ef00fefc0e343ed2f85b7 (diff) | |
parent | dd5a1843d566911dbb077c4022c4936697495af6 (diff) | |
download | linux-stable-3668805a544a6229d6135a4427b8dfe7c343b61f.tar.gz linux-stable-3668805a544a6229d6135a4427b8dfe7c343b61f.tar.bz2 linux-stable-3668805a544a6229d6135a4427b8dfe7c343b61f.zip |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (21 commits)
[IPSEC] flow: reorder "struct flow_cache_entry" and remove SLAB_HWCACHE_ALIGN
[DECNET] ROUTE: remove unecessary alignment
[IPSEC]: Add support for aes-ctr.
[ISDN]: fix section mismatch warning in enpci_card_msg
[TIPC]: declare proto_ops structures as 'const'.
[TIPC]: Kill unused static inline (x5)
[TC]: oops in em_meta
[IPV6] Minor cleanup: remove unused definitions in net/ip6_fib.h
[IPV6] Minor clenup: remove two unused definitions in net/ip6_route.h
[AF_IUCV]: defensive programming of iucv_callback_txdone
[AF_IUCV]: broken send_skb_q results in endless loop
[IUCV]: wrong irq-disabling locking at module load time
[CAN]: Minor clean-ups
[CAN]: Move proto_{,un}register() out of spin-locked region
[CAN]: Clean up module auto loading
[IPSEC] flow: Remove an unnecessary ____cacheline_aligned
[IPV4]: route: fix crash ip_route_input
[NETFILTER]: xt_iprange: add missing #include
[NETFILTER]: xt_iprange: fix typo in address family
[NETFILTER]: nf_conntrack: fix ct_extend ->move operation
...
Diffstat (limited to 'net')
-rw-r--r-- | net/can/af_can.c | 45 | ||||
-rw-r--r-- | net/can/raw.c | 24 | ||||
-rw-r--r-- | net/core/flow.c | 6 | ||||
-rw-r--r-- | net/decnet/dn_route.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_core.c | 6 | ||||
-rw-r--r-- | net/ipv4/route.c | 2 | ||||
-rw-r--r-- | net/iucv/af_iucv.c | 27 | ||||
-rw-r--r-- | net/iucv/iucv.c | 4 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_extend.c | 3 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 32 | ||||
-rw-r--r-- | net/netfilter/xt_iprange.c | 3 | ||||
-rw-r--r-- | net/sched/em_meta.c | 10 | ||||
-rw-r--r-- | net/tipc/addr.h | 5 | ||||
-rw-r--r-- | net/tipc/bcast.h | 13 | ||||
-rw-r--r-- | net/tipc/msg.h | 5 | ||||
-rw-r--r-- | net/tipc/socket.c | 14 | ||||
-rw-r--r-- | net/xfrm/xfrm_algo.c | 17 |
17 files changed, 119 insertions, 99 deletions
diff --git a/net/can/af_can.c b/net/can/af_can.c index 5158e886630f..36b9f22ed83a 100644 --- a/net/can/af_can.c +++ b/net/can/af_can.c @@ -118,7 +118,6 @@ static int can_create(struct net *net, struct socket *sock, int protocol) { struct sock *sk; struct can_proto *cp; - char module_name[sizeof("can-proto-000")]; int err = 0; sock->state = SS_UNCONNECTED; @@ -129,26 +128,21 @@ static int can_create(struct net *net, struct socket *sock, int protocol) if (net != &init_net) return -EAFNOSUPPORT; +#ifdef CONFIG_KMOD /* try to load protocol module, when CONFIG_KMOD is defined */ if (!proto_tab[protocol]) { - sprintf(module_name, "can-proto-%d", protocol); - err = request_module(module_name); + err = request_module("can-proto-%d", protocol); /* * In case of error we only print a message but don't * return the error code immediately. Below we will * return -EPROTONOSUPPORT */ - if (err == -ENOSYS) { - if (printk_ratelimit()) - printk(KERN_INFO "can: request_module(%s)" - " not implemented.\n", module_name); - } else if (err) { - if (printk_ratelimit()) - printk(KERN_ERR "can: request_module(%s)" - " failed.\n", module_name); - } + if (err && printk_ratelimit()) + printk(KERN_ERR "can: request_module " + "(can-proto-%d) failed.\n", protocol); } +#endif spin_lock(&proto_tab_lock); cp = proto_tab[protocol]; @@ -662,26 +656,26 @@ int can_proto_register(struct can_proto *cp) return -EINVAL; } + err = proto_register(cp->prot, 0); + if (err < 0) + return err; + spin_lock(&proto_tab_lock); if (proto_tab[proto]) { printk(KERN_ERR "can: protocol %d already registered\n", proto); err = -EBUSY; - goto errout; + } else { + proto_tab[proto] = cp; + + /* use generic ioctl function if not defined by module */ + if (!cp->ops->ioctl) + cp->ops->ioctl = can_ioctl; } + spin_unlock(&proto_tab_lock); - err = proto_register(cp->prot, 0); if (err < 0) - goto errout; - - proto_tab[proto] = cp; - - /* use generic ioctl function if the module doesn't bring its own */ - if (!cp->ops->ioctl) - cp->ops->ioctl = can_ioctl; - - errout: - spin_unlock(&proto_tab_lock); + proto_unregister(cp->prot); return err; } @@ -700,9 +694,10 @@ void can_proto_unregister(struct can_proto *cp) printk(KERN_ERR "BUG: can: protocol %d is not registered\n", proto); } - proto_unregister(cp->prot); proto_tab[proto] = NULL; spin_unlock(&proto_tab_lock); + + proto_unregister(cp->prot); } EXPORT_SYMBOL(can_proto_unregister); diff --git a/net/can/raw.c b/net/can/raw.c index aeefd1419d00..94cd7f27c444 100644 --- a/net/can/raw.c +++ b/net/can/raw.c @@ -98,7 +98,6 @@ static void raw_rcv(struct sk_buff *skb, void *data) struct sock *sk = (struct sock *)data; struct raw_sock *ro = raw_sk(sk); struct sockaddr_can *addr; - int error; if (!ro->recv_own_msgs) { /* check the received tx sock reference */ @@ -121,14 +120,12 @@ static void raw_rcv(struct sk_buff *skb, void *data) addr->can_family = AF_CAN; addr->can_ifindex = skb->dev->ifindex; - error = sock_queue_rcv_skb(sk, skb); - if (error < 0) + if (sock_queue_rcv_skb(sk, skb) < 0) kfree_skb(skb); } static int raw_enable_filters(struct net_device *dev, struct sock *sk, - struct can_filter *filter, - int count) + struct can_filter *filter, int count) { int err = 0; int i; @@ -163,8 +160,7 @@ static int raw_enable_errfilter(struct net_device *dev, struct sock *sk, } static void raw_disable_filters(struct net_device *dev, struct sock *sk, - struct can_filter *filter, - int count) + struct can_filter *filter, int count) { int i; @@ -353,7 +349,6 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) /* filters set by default/setsockopt */ err = raw_enable_allfilters(dev, sk); dev_put(dev); - } else { ifindex = 0; @@ -466,7 +461,6 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, if (err) { if (count > 1) kfree(filter); - goto out_fil; } @@ -673,25 +667,25 @@ static int raw_recvmsg(struct kiocb *iocb, struct socket *sock, { struct sock *sk = sock->sk; struct sk_buff *skb; - int error = 0; + int err = 0; int noblock; noblock = flags & MSG_DONTWAIT; flags &= ~MSG_DONTWAIT; - skb = skb_recv_datagram(sk, flags, noblock, &error); + skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) - return error; + return err; if (size < skb->len) msg->msg_flags |= MSG_TRUNC; else size = skb->len; - error = memcpy_toiovec(msg->msg_iov, skb->data, size); - if (error < 0) { + err = memcpy_toiovec(msg->msg_iov, skb->data, size); + if (err < 0) { skb_free_datagram(sk, skb); - return error; + return err; } sock_recv_timestamp(msg, sk, skb); diff --git a/net/core/flow.c b/net/core/flow.c index 46b38e06e0d7..a77531c139b7 100644 --- a/net/core/flow.c +++ b/net/core/flow.c @@ -30,8 +30,8 @@ struct flow_cache_entry { struct flow_cache_entry *next; u16 family; u8 dir; - struct flowi key; u32 genid; + struct flowi key; void *object; atomic_t *object_ref; }; @@ -52,7 +52,7 @@ struct flow_percpu_info { int hash_rnd_recalc; u32 hash_rnd; int count; -} ____cacheline_aligned; +}; static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info) = { 0 }; #define flow_hash_rnd_recalc(cpu) \ @@ -346,7 +346,7 @@ static int __init flow_cache_init(void) flow_cachep = kmem_cache_create("flow_cache", sizeof(struct flow_cache_entry), - 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, + 0, SLAB_PANIC, NULL); flow_hash_shift = 10; flow_lwm = 2 * flow_hash_size; diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c index 31be29b8b5a3..9dc0abb50eaf 100644 --- a/net/decnet/dn_route.c +++ b/net/decnet/dn_route.c @@ -94,7 +94,7 @@ struct dn_rt_hash_bucket { struct dn_route *chain; spinlock_t lock; -} __attribute__((__aligned__(8))); +}; extern struct neigh_table dn_neigh_table; diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index dd07362d2b8f..0d5fa3a54d04 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c @@ -600,10 +600,10 @@ static void nf_nat_cleanup_conntrack(struct nf_conn *ct) spin_unlock_bh(&nf_nat_lock); } -static void nf_nat_move_storage(struct nf_conn *conntrack, void *old) +static void nf_nat_move_storage(void *new, void *old) { - struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT); - struct nf_conn_nat *old_nat = (struct nf_conn_nat *)old; + struct nf_conn_nat *new_nat = new; + struct nf_conn_nat *old_nat = old; struct nf_conn *ct = old_nat->ct; if (!ct || !(ct->status & IPS_NAT_DONE_MASK)) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 8842ecb9be48..525787b52b72 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2041,7 +2041,7 @@ int ip_route_input(struct sk_buff *skb, __be32 daddr, __be32 saddr, int iif = dev->ifindex; struct net *net; - net = skb->dev->nd_net; + net = dev->nd_net; tos &= IPTOS_RT_MASK; hash = rt_hash(daddr, saddr, iif); diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c index 2255e3c082ed..fee22caf1bad 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -482,6 +482,10 @@ static int iucv_sock_connect(struct socket *sock, struct sockaddr *addr, /* Create path. */ iucv->path = iucv_path_alloc(IUCV_QUEUELEN_DEFAULT, IPRMDATA, GFP_KERNEL); + if (!iucv->path) { + err = -ENOMEM; + goto done; + } err = iucv_path_connect(iucv->path, &af_iucv_handler, sa->siucv_user_id, NULL, user_data, sk); if (err) { @@ -1094,6 +1098,8 @@ static void iucv_callback_rx(struct iucv_path *path, struct iucv_message *msg) save_message: save_msg = kzalloc(sizeof(struct sock_msg_q), GFP_ATOMIC | GFP_DMA); + if (!save_msg) + return; save_msg->path = path; save_msg->msg = *msg; @@ -1106,24 +1112,31 @@ static void iucv_callback_txdone(struct iucv_path *path, struct iucv_message *msg) { struct sock *sk = path->private; - struct sk_buff *this; + struct sk_buff *this = NULL; struct sk_buff_head *list = &iucv_sk(sk)->send_skb_q; struct sk_buff *list_skb = list->next; unsigned long flags; - if (list_skb) { + if (!skb_queue_empty(list)) { spin_lock_irqsave(&list->lock, flags); - do { - this = list_skb; + while (list_skb != (struct sk_buff *)list) { + if (!memcmp(&msg->tag, list_skb->cb, 4)) { + this = list_skb; + break; + } list_skb = list_skb->next; - } while (memcmp(&msg->tag, this->cb, 4) && list_skb); + } + if (this) + __skb_unlink(this, list); spin_unlock_irqrestore(&list->lock, flags); - skb_unlink(this, &iucv_sk(sk)->send_skb_q); - kfree_skb(this); + if (this) + kfree_skb(this); } + if (!this) + printk(KERN_ERR "AF_IUCV msg tag %u not found\n", msg->tag); if (sk->sk_state == IUCV_CLOSING) { if (skb_queue_empty(&iucv_sk(sk)->send_skb_q)) { diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c index f13fe8821cbd..2753b0c448f3 100644 --- a/net/iucv/iucv.c +++ b/net/iucv/iucv.c @@ -693,9 +693,9 @@ int iucv_register(struct iucv_handler *handler, int smp) iucv_setmask_up(); INIT_LIST_HEAD(&handler->paths); - spin_lock_irq(&iucv_table_lock); + spin_lock_bh(&iucv_table_lock); list_add_tail(&handler->list, &iucv_handler_list); - spin_unlock_irq(&iucv_table_lock); + spin_unlock_bh(&iucv_table_lock); rc = 0; out_mutex: mutex_unlock(&iucv_register_mutex); diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c index cf6ba6659a80..8b9be1e978cd 100644 --- a/net/netfilter/nf_conntrack_extend.c +++ b/net/netfilter/nf_conntrack_extend.c @@ -109,7 +109,8 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp) rcu_read_lock(); t = rcu_dereference(nf_ct_ext_types[i]); if (t && t->move) - t->move(ct, ct->ext + ct->ext->offset[i]); + t->move((void *)new + new->offset[i], + (void *)ct->ext + ct->ext->offset[i]); rcu_read_unlock(); } kfree(ct->ext); diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 3e0cccae5636..202d7fa09483 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c @@ -125,7 +125,7 @@ enum tcp_bit_set { * CLOSE_WAIT: ACK seen (after FIN) * LAST_ACK: FIN seen (after FIN) * TIME_WAIT: last ACK seen - * CLOSE: closed connection + * CLOSE: closed connection (RST) * * LISTEN state is not used. * @@ -824,7 +824,21 @@ static int tcp_packet(struct nf_conn *ct, case TCP_CONNTRACK_SYN_SENT: if (old_state < TCP_CONNTRACK_TIME_WAIT) break; - if ((ct->proto.tcp.seen[!dir].flags & IP_CT_TCP_FLAG_CLOSE_INIT) + /* RFC 1122: "When a connection is closed actively, + * it MUST linger in TIME-WAIT state for a time 2xMSL + * (Maximum Segment Lifetime). However, it MAY accept + * a new SYN from the remote TCP to reopen the connection + * directly from TIME-WAIT state, if..." + * We ignore the conditions because we are in the + * TIME-WAIT state anyway. + * + * Handle aborted connections: we and the server + * think there is an existing connection but the client + * aborts it and starts a new one. + */ + if (((ct->proto.tcp.seen[dir].flags + | ct->proto.tcp.seen[!dir].flags) + & IP_CT_TCP_FLAG_CLOSE_INIT) || (ct->proto.tcp.last_dir == dir && ct->proto.tcp.last_index == TCP_RST_SET)) { /* Attempt to reopen a closed/aborted connection. @@ -838,15 +852,22 @@ static int tcp_packet(struct nf_conn *ct, case TCP_CONNTRACK_IGNORE: /* Ignored packets: * + * Our connection entry may be out of sync, so ignore + * packets which may signal the real connection between + * the client and the server. + * * a) SYN in ORIGINAL * b) SYN/ACK in REPLY * c) ACK in reply direction after initial SYN in original. + * + * If the ignored packet is invalid, the receiver will send + * a RST we'll catch below. */ if (index == TCP_SYNACK_SET && ct->proto.tcp.last_index == TCP_SYN_SET && ct->proto.tcp.last_dir != dir && ntohl(th->ack_seq) == ct->proto.tcp.last_end) { - /* This SYN/ACK acknowledges a SYN that we earlier + /* b) This SYN/ACK acknowledges a SYN that we earlier * ignored as invalid. This means that the client and * the server are both in sync, while the firewall is * not. We kill this session and block the SYN/ACK so @@ -870,7 +891,7 @@ static int tcp_packet(struct nf_conn *ct, write_unlock_bh(&tcp_lock); if (LOG_INVALID(IPPROTO_TCP)) nf_log_packet(pf, 0, skb, NULL, NULL, NULL, - "nf_ct_tcp: invalid packed ignored "); + "nf_ct_tcp: invalid packet ignored "); return NF_ACCEPT; case TCP_CONNTRACK_MAX: /* Invalid packet */ @@ -924,8 +945,7 @@ static int tcp_packet(struct nf_conn *ct, ct->proto.tcp.state = new_state; if (old_state != new_state - && (new_state == TCP_CONNTRACK_FIN_WAIT - || new_state == TCP_CONNTRACK_CLOSE)) + && new_state == TCP_CONNTRACK_CLOSE) ct->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT; timeout = ct->proto.tcp.retrans >= nf_ct_tcp_max_retrans && tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans diff --git a/net/netfilter/xt_iprange.c b/net/netfilter/xt_iprange.c index 01035fc0e140..4f984dc60319 100644 --- a/net/netfilter/xt_iprange.c +++ b/net/netfilter/xt_iprange.c @@ -13,6 +13,7 @@ #include <linux/ip.h> #include <linux/ipv6.h> #include <linux/netfilter/x_tables.h> +#include <linux/netfilter/xt_iprange.h> #include <linux/netfilter_ipv4/ipt_iprange.h> static bool @@ -148,7 +149,7 @@ static struct xt_match iprange_mt_reg[] __read_mostly = { { .name = "iprange", .revision = 1, - .family = AF_INET6, + .family = AF_INET, .match = iprange_mt4, .matchsize = sizeof(struct xt_iprange_mtinfo), .me = THIS_MODULE, diff --git a/net/sched/em_meta.c b/net/sched/em_meta.c index 2a7e648fbcf4..d417ec8e3ca3 100644 --- a/net/sched/em_meta.c +++ b/net/sched/em_meta.c @@ -735,11 +735,13 @@ static int em_meta_match(struct sk_buff *skb, struct tcf_ematch *m, static inline void meta_delete(struct meta_match *meta) { - struct meta_type_ops *ops = meta_type_ops(&meta->lvalue); + if (meta) { + struct meta_type_ops *ops = meta_type_ops(&meta->lvalue); - if (ops && ops->destroy) { - ops->destroy(&meta->lvalue); - ops->destroy(&meta->rvalue); + if (ops && ops->destroy) { + ops->destroy(&meta->lvalue); + ops->destroy(&meta->rvalue); + } } kfree(meta); diff --git a/net/tipc/addr.h b/net/tipc/addr.h index e4bd5335e48d..3ba67e6ce03e 100644 --- a/net/tipc/addr.h +++ b/net/tipc/addr.h @@ -57,11 +57,6 @@ static inline int in_own_cluster(u32 addr) return !((addr ^ tipc_own_addr) >> 12); } -static inline int in_own_zone(u32 addr) -{ - return !((addr ^ tipc_own_addr) >> 24); -} - static inline int is_slave(u32 addr) { return addr & 0x800; diff --git a/net/tipc/bcast.h b/net/tipc/bcast.h index f910ed29d055..a2416fa6b906 100644 --- a/net/tipc/bcast.h +++ b/net/tipc/bcast.h @@ -74,19 +74,6 @@ extern char tipc_bclink_name[]; /** - * nmap_get - determine if node exists in a node map - */ - -static inline int tipc_nmap_get(struct node_map *nm_ptr, u32 node) -{ - int n = tipc_node(node); - int w = n / WSIZE; - int b = n % WSIZE; - - return nm_ptr->map[w] & (1 << b); -} - -/** * nmap_add - add a node to a node map */ diff --git a/net/tipc/msg.h b/net/tipc/msg.h index ce2659836374..e9ef6df26562 100644 --- a/net/tipc/msg.h +++ b/net/tipc/msg.h @@ -663,11 +663,6 @@ static inline void msg_set_remote_node(struct tipc_msg *m, u32 a) msg_set_word(m, msg_hdr_sz(m)/4, a); } -static inline int msg_dataoctet(struct tipc_msg *m, u32 pos) -{ - return(msg_data(m)[pos + 4] != 0); -} - static inline void msg_set_dataoctet(struct tipc_msg *m, u32 pos) { msg_data(m)[pos + 4] = 1; diff --git a/net/tipc/socket.c b/net/tipc/socket.c index 24ddfd2ca38b..22909036b9bc 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c @@ -71,9 +71,9 @@ struct tipc_sock { static u32 dispatch(struct tipc_port *tport, struct sk_buff *buf); static void wakeupdispatch(struct tipc_port *tport); -static struct proto_ops packet_ops; -static struct proto_ops stream_ops; -static struct proto_ops msg_ops; +static const struct proto_ops packet_ops; +static const struct proto_ops stream_ops; +static const struct proto_ops msg_ops; static struct proto tipc_proto; @@ -1615,7 +1615,7 @@ static int getsockopt(struct socket *sock, * Protocol switches for the various types of TIPC sockets */ -static struct proto_ops msg_ops = { +static const struct proto_ops msg_ops = { .owner = THIS_MODULE, .family = AF_TIPC, .release = release, @@ -1636,7 +1636,7 @@ static struct proto_ops msg_ops = { .sendpage = sock_no_sendpage }; -static struct proto_ops packet_ops = { +static const struct proto_ops packet_ops = { .owner = THIS_MODULE, .family = AF_TIPC, .release = release, @@ -1657,7 +1657,7 @@ static struct proto_ops packet_ops = { .sendpage = sock_no_sendpage }; -static struct proto_ops stream_ops = { +static const struct proto_ops stream_ops = { .owner = THIS_MODULE, .family = AF_TIPC, .release = release, @@ -1678,7 +1678,7 @@ static struct proto_ops stream_ops = { .sendpage = sock_no_sendpage }; -static struct net_proto_family tipc_family_ops = { +static const struct net_proto_family tipc_family_ops = { .owner = THIS_MODULE, .family = AF_TIPC, .create = tipc_create diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c index 6cc15250de69..8aa6440d689f 100644 --- a/net/xfrm/xfrm_algo.c +++ b/net/xfrm/xfrm_algo.c @@ -399,6 +399,23 @@ static struct xfrm_algo_desc ealg_list[] = { .sadb_alg_maxbits = 256 } }, +{ + .name = "rfc3686(ctr(aes))", + + .uinfo = { + .encr = { + .blockbits = 128, + .defkeybits = 160, /* 128-bit key + 32-bit nonce */ + } + }, + + .desc = { + .sadb_alg_id = SADB_X_EALG_AESCTR, + .sadb_alg_ivlen = 8, + .sadb_alg_minbits = 128, + .sadb_alg_maxbits = 256 + } +}, }; static struct xfrm_algo_desc calg_list[] = { |