From: Stefan Rompf <[EMAIL PROTECTED]>
Date: Sun, 7 May 2006 12:13:56 +0200
> the linkwatch code can overflow on a jiffies wrap, scheduling
> work with a too large delay. If the delay is >0x8000,
> internal_add_timer() seems to overflow too, hiding the bug, so
> this isn't triggered too easily
From: [EMAIL PROTECTED]
Date: Fri, 5 May 2006 13:50:02 -0400
> Does this patch will be used?
>
> This patch resolved the following problem: When I send IPv4 packet(contain
> Record Route Option) which need to be fragmented to the router, the router
> can not fragment it correctly. After fragme
From: [EMAIL PROTECTED]
Date: Fri, 5 May 2006 13:50:02 -0400
> Does this patch will be used?
Your patch is in the tree already.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordo
On Fri, 2006-05-05 at 10:28 -0700, Jean Tourrilhes wrote:
> I tried to use 'signed' in the struct a long while ago, and
> for some reason it broke left and right, I don't remember the
> details. So, whatever we do, it would not be straightforward.
Then let's keep the structure as is and chan
On Sun, May 07, 2006 at 11:32:00PM +0800, Wensong Zhang wrote:
>
> Hi Andy,
>
> Yes, the original sychronziation design is a sort of arbitary or
> compromised solution. We don't want to synchronize every state change from
> master to backup load balancer, because we were afraid that there were
On Sun, May 07, 2006 at 01:38:40PM +0900, Horms wrote:
> On Fri, May 05, 2006 at 02:57:26PM -0400, Andy Gospodarek wrote:
> > On Fri, May 05, 2006 at 12:20:54PM +0900, Horms wrote:
> > >
> > > Sorry, I missunderstood your patch completely the first time around.
> > > Yes I think this is an excelle
Hello Mr. David:
Does this patch will be used?
This patch resolved the following problem: When I send IPv4 packet(contain
Record Route Option) which need to be fragmented to the router, the router
can not fragment it correctly. After fragmented by router, the second
fragmentation still contai
Herbert Valerio Riedel <[EMAIL PROTECTED]> :
> new SMSC LAN83C185 10BaseT/100BaseTX PHY driver for the PHY subsystem
>
> Signed-off-by: Herbert Valerio Riedel <[EMAIL PROTECTED]>
Fine-with-me: Francois Romieu <[EMAIL PROTECTED]>
--
Ueimor
-
To unsubscribe from this list: send the line "unsubscr
new SMSC LAN83C185 10BaseT/100BaseTX PHY driver for the PHY subsystem
Signed-off-by: Herbert Valerio Riedel <[EMAIL PROTECTED]>
---
2nd attempt
drivers/net/phy/Kconfig |6 +++
drivers/net/phy/Makefile |1
drivers/net/phy/smsc.c | 101 ++
> diff --git a/drivers/net/phy/smsc.c b/drivers/net/phy/smsc.c
> new file mode 100644
> index 000..b96eb52
> --- /dev/null
> +++ b/drivers/net/phy/smsc.c
[...]
> +/* prototypes */
> +static int lan83c185_config_init(struct phy_device *);
> +static int lan83c185_config_intr(struct phy_device *);
(note: an old, incorrect address for netfilter-devel was used in the
initial mail, please update to the correct one as above if replying to
this thread).
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL P
On Sun, 7 May 2006, Joshua Brindle wrote:
> It looks like you are labeling all packets on an established connection as
> tracked_packet_t. What is the rationale for not labeling all ftp traffic as
> ftpd_packet_t? Granted that its very unlikely for established connections to
> go to the wrong proc
James Morris wrote:
For example, SELinux will now be able to utilize connection tracking, so
that only packets which are known to be valid for a specific connection
will be allowed to reach the subject.
Sample iptables rules for labeling packets are at:
http://people.redhat.com/jmorris/selinux
This patch adds the shared library module for the SECMARK target (IPv6).
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
diff -purN -X dontdiff iptables.p/extensions/libip6t_SECMARK.c
iptables.w/extensions/libip6t_SECMARK.c
--- iptables.p/extensions/libip6t_SECMARK.c 1969-12-31 19:00:0
This patch adds the shared library module for the SECMARK target (IPv4).
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
extensions/Makefile |2
extensions/libipt_SECMARK.c | 125 ++
extensions/libipt_SECMARK.man |7 ++
3 files
This patch adds the infrastructure for linking iptables against
libselinux, for use with the SECMARK target. This is enabled by setting
DO_SELINUX=1 in the build environment.
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
Makefile| 14 +-
Rules.make |
This patch adds the selinux_relabel_packet_permission() check to the
SECMARK target, so that SELinux policy is consulted to ensure that the
labeling operation is permitted by the current task.
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
net/netfilter/xt_SECMARK.c |6 ++
1 fil
This patch adds a new function to the SELinux kernel API,
selinux_relabel_packet_permission(), which is to be invoked when labeling
packets via SECMARK.
The security policy must allow the specified label to be set by the
current task for the permission to be granted.
It is implicit that packet
This patch defines a new permission ('relabelto') in the new SELinux
packet object class, to be used when setting SECMARK rules for labeling
packets.
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
security/selinux/include/av_perm_to_string.h |1 +
security/selinux/include/av_permissi
This patch adds new per-packet access controls to SELinux, replacing the
old packet controls.
Packets are labeled with the iptables SECMARK target then security policy
for the packets is enforced with these controls.
To allow for a smooth transition to the new controls, the old code is
still p
This patch adds support for a new object class ('packet'),
and two associated permissions ('send', 'recv'). These
are used to enforce security policy for network packets
labeled with SECMARK.
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
diff -purN -X dontdiff
linux-2.6.17-rc2-mm1.p/sec
This patch adds a SECMARK target to xtables, allowing
the admin to apply security marks to packets via both
iptables and ip6tables.
The target currently handles SELinux security marking,
but can be extended for other purposes as needed.
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
incl
This patch exports adds a new function to the in-kernel
SELinux API: selinux_string_to_sid(). It maps a text
security context to an SELiux security ID (SID).
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
include/linux/selinux.h| 16
security/selinux/exports.c |
This patch adds a secmark field to the skbuff structure, to allow security
subsystems to place security markings on network packets. This is similar
to the nfmark field, except is intended for implementing security policy,
rather than than networking policy.
This patch was already acked in pri
Hi Andy,
Yes, the original sychronziation design is a sort of arbitary or
compromised solution. We don't want to synchronize every state change from
master to backup load balancer, because we were afraid that there were too
much state change synchronization messages and there would be some
p
The following patchsets implement a new scheme for adding security
markings to packets via iptables, as well as changes to SELinux to use
these markings for security policy enforcement.
Along with these patches, assorted files including policy examples and
patches for SELinux userland may be fo
new SMSC LAN83C185 10BaseT/100BaseTX PHY driver for the PHY subsystem
Signed-off-by: Herbert Valerio Riedel <[EMAIL PROTECTED]>
---
drivers/net/phy/Kconfig |6 ++
drivers/net/phy/Makefile |1
drivers/net/phy/smsc.c | 134 ++
3 files chan
On Saturday 06 May 2006 20:24, David Woodhouse wrote:
> On Fri, 2006-05-05 at 17:38 +0100, David Woodhouse wrote:
> > I still need this hack to work around the fact that softmac doesn't
> > attempt to associate when we bring the device up...
>
> It'd be quite good to get this fixed in 2.6.17 too.
Hi,
Can one summerize what's the cases calling each of these routing queries?
What are the differences?
Benzi.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi,
seems documentation got lost when the RFC2863-patch was applied. Having
documentation is good, so I resend it ;-)
Signed-off-by: Stefan Rompf <[EMAIL PROTECTED]>
--- /dev/null 2005-03-19 20:36:14.0 +0100
+++ linux-2.6.17-rc3/Documentation/networking/operstates.txt2006-04-27
22
Hi,
the linkwatch code can overflow on a jiffies wrap, scheduling
work with a too large delay. If the delay is >0x8000,
internal_add_timer() seems to overflow too, hiding the bug, so
this isn't triggered too easily.
Best solution is to use jiffies64 for calculation as these
events happen with
31 matches
Mail list logo
