1) Add xfrm policy selftest scripts.
From Florian Westphal.
2) Split inexact policies into four different search list
classes and use the rbtree infrastructure to store/lookup
the policies. This is to improve the policy lookup
performance after the flowcache removal.
Patches from Florian Westphal.
3) Various coding style fixes, from Colin Ian King.
4) Fix policy lookup logic after adding the inexact policy
search tree infrastructure. From Florian Westphal.
5) Remove a useless remove BUG_ON from xfrm6_dst_ifdown.
From Li RongQing.
6) Use the correct policy direction for lookups on hash
rebuilding. From Florian Westphal.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit 29e12207174a58ac8cab4914d0a7ce5e6c872646:
sfc: use the new __netdev_tx_sent_queue BQL optimisation (2018-11-08 20:01:29
-0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
for you to fetch changes up to 77990464bb39eb0f5cd41e4f9e3d6411f2883cac:
xfrm: clean an indentation issue, remove a space (2018-12-10 12:30:40 +0100)
----------------------------------------------------------------
Colin Ian King (3):
af_key: fix indentation on declaration statement
xfrm: policy: add missing indentation
xfrm: clean an indentation issue, remove a space
Florian Westphal (13):
selftests: add xfrm policy test script
xfrm: security: iterate all, not inexact lists
xfrm: policy: split list insertion into a helper
xfrm: policy: return NULL when inexact search needed
xfrm: policy: store inexact policies in an rhashtable
xfrm: policy: consider if_id when hashing inexact policy
xfrm: policy: add inexact policy search tree infrastructure
xfrm: policy: store inexact policies in a tree ordered by destination
address
xfrm: policy: check reinserted policies match their node
xfrm: policy: store inexact policies in a tree ordered by source address
xfrm: policy: add 2nd-level saddr trees for inexact policies
xfrm: policy: fix netlink/pf_key policy lookups
xfrm: policy: fix policy hash rebuild
Li RongQing (1):
xfrm6: remove BUG_ON from xfrm6_dst_ifdown
include/net/netns/xfrm.h | 2 +
include/net/xfrm.h | 5 +-
net/ipv6/xfrm6_policy.c | 1 -
net/key/af_key.c | 2 +-
net/xfrm/xfrm_policy.c | 1248 +++++++++++++++++++++++++---
tools/testing/selftests/net/Makefile | 3 +-
tools/testing/selftests/net/xfrm_policy.sh | 302 +++++++
7 files changed, 1428 insertions(+), 135 deletions(-)
create mode 100755 tools/testing/selftests/net/xfrm_policy.sh
