* [PATCH net-next] xfrm: no-anti-replay protection flag
@ 2020-05-25 15:46 Petr Vaněk
2020-05-27 17:11 ` Christophe Gouault
2020-05-30 12:39 ` [PATCH net-next v2] xfrm: introduce oseq-may-wrap flag Petr Vaněk
0 siblings, 2 replies; 8+ messages in thread
From: Petr Vaněk @ 2020-05-25 15:46 UTC (permalink / raw)
To: Steffen Klassert, Herbert Xu, David S. Miller, Jakub Kicinski,
netdev, linux-kernel
Cc: Petr Vaněk
RFC 4303 in section 3.3.3 suggests to disable anti-replay for manually
distributed ICVs.
This patch introduces new extra_flag XFRM_SA_XFLAG_NO_ANTI_REPLAY which
disables anti-replay for outbound packets if set. The flag is used only
in legacy and bmp code, because esn should not be negotiated if
anti-replay is disabled (see note in 3.3.3 section).
Signed-off-by: Petr Vaněk <pv@excello.cz>
---
include/uapi/linux/xfrm.h | 1 +
net/xfrm/xfrm_replay.c | 12 ++++++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h
index 5f3b9fec7b5f..4842b1ed49e9 100644
--- a/include/uapi/linux/xfrm.h
+++ b/include/uapi/linux/xfrm.h
@@ -387,6 +387,7 @@ struct xfrm_usersa_info {
};
#define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1
+#define XFRM_SA_XFLAG_NO_ANTI_REPLAY 2
struct xfrm_usersa_id {
xfrm_address_t daddr;
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 98943f8d01aa..1602843aa2ec 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -89,7 +89,8 @@ static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
XFRM_SKB_CB(skb)->seq.output.low = ++x->replay.oseq;
XFRM_SKB_CB(skb)->seq.output.hi = 0;
- if (unlikely(x->replay.oseq == 0)) {
+ if (unlikely(x->replay.oseq == 0) &&
+ !(x->props.extra_flags & XFRM_SA_XFLAG_NO_ANTI_REPLAY)) {
x->replay.oseq--;
xfrm_audit_state_replay_overflow(x, skb);
err = -EOVERFLOW;
@@ -168,7 +169,8 @@ static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb)
if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
XFRM_SKB_CB(skb)->seq.output.low = ++replay_esn->oseq;
XFRM_SKB_CB(skb)->seq.output.hi = 0;
- if (unlikely(replay_esn->oseq == 0)) {
+ if (unlikely(replay_esn->oseq == 0) &&
+ !(x->props.extra_flags & XFRM_SA_XFLAG_NO_ANTI_REPLAY)) {
replay_esn->oseq--;
xfrm_audit_state_replay_overflow(x, skb);
err = -EOVERFLOW;
@@ -572,7 +574,8 @@ static int xfrm_replay_overflow_offload(struct xfrm_state *x, struct sk_buff *sk
XFRM_SKB_CB(skb)->seq.output.hi = 0;
xo->seq.hi = 0;
- if (unlikely(oseq < x->replay.oseq)) {
+ if (unlikely(oseq < x->replay.oseq) &&
+ !(x->props.extra_flags & XFRM_SA_XFLAG_NO_ANTI_REPLAY)) {
xfrm_audit_state_replay_overflow(x, skb);
err = -EOVERFLOW;
@@ -611,7 +614,8 @@ static int xfrm_replay_overflow_offload_bmp(struct xfrm_state *x, struct sk_buff
XFRM_SKB_CB(skb)->seq.output.hi = 0;
xo->seq.hi = 0;
- if (unlikely(oseq < replay_esn->oseq)) {
+ if (unlikely(oseq < replay_esn->oseq) &&
+ !(x->props.extra_flags & XFRM_SA_XFLAG_NO_ANTI_REPLAY)) {
xfrm_audit_state_replay_overflow(x, skb);
err = -EOVERFLOW;
--
2.26.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH net-next] xfrm: no-anti-replay protection flag
2020-05-25 15:46 [PATCH net-next] xfrm: no-anti-replay protection flag Petr Vaněk
@ 2020-05-27 17:11 ` Christophe Gouault
2020-05-30 12:41 ` Petr Vaněk
2020-05-30 12:39 ` [PATCH net-next v2] xfrm: introduce oseq-may-wrap flag Petr Vaněk
1 sibling, 1 reply; 8+ messages in thread
From: Christophe Gouault @ 2020-05-27 17:11 UTC (permalink / raw)
To: Petr Vaněk
Cc: Steffen Klassert, Herbert Xu, David S. Miller, Jakub Kicinski,
netdev, linux-kernel
Hi Petr,
This patch is useful, however I think you should change the name of
the option and amend its description:
the option does not disable anti-replay in output (it can only be
disabled in input), it allows the output sequence number to wrap, and
it assumes that the remote peer disabled anti-replay in input.
So you I suggest you change the name of the option to something like
XFRM_SA_XFLAG_OSEQ_MAY_WRAP or XFRM_SA_XFLAG_ALLOW_OSEQ_WRAP.
Best regards,
Christophe
Le lun. 25 mai 2020 à 17:53, Petr Vaněk <pv@excello.cz> a écrit :
>
> RFC 4303 in section 3.3.3 suggests to disable anti-replay for manually
> distributed ICVs.
>
> This patch introduces new extra_flag XFRM_SA_XFLAG_NO_ANTI_REPLAY which
> disables anti-replay for outbound packets if set. The flag is used only
> in legacy and bmp code, because esn should not be negotiated if
> anti-replay is disabled (see note in 3.3.3 section).
>
> Signed-off-by: Petr Vaněk <pv@excello.cz>
> ---
> include/uapi/linux/xfrm.h | 1 +
> net/xfrm/xfrm_replay.c | 12 ++++++++----
> 2 files changed, 9 insertions(+), 4 deletions(-)
>
> diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h
> index 5f3b9fec7b5f..4842b1ed49e9 100644
> --- a/include/uapi/linux/xfrm.h
> +++ b/include/uapi/linux/xfrm.h
> @@ -387,6 +387,7 @@ struct xfrm_usersa_info {
> };
>
> #define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1
> +#define XFRM_SA_XFLAG_NO_ANTI_REPLAY 2
>
> struct xfrm_usersa_id {
> xfrm_address_t daddr;
> diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
> index 98943f8d01aa..1602843aa2ec 100644
> --- a/net/xfrm/xfrm_replay.c
> +++ b/net/xfrm/xfrm_replay.c
> @@ -89,7 +89,8 @@ static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
> if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
> XFRM_SKB_CB(skb)->seq.output.low = ++x->replay.oseq;
> XFRM_SKB_CB(skb)->seq.output.hi = 0;
> - if (unlikely(x->replay.oseq == 0)) {
> + if (unlikely(x->replay.oseq == 0) &&
> + !(x->props.extra_flags & XFRM_SA_XFLAG_NO_ANTI_REPLAY)) {
> x->replay.oseq--;
> xfrm_audit_state_replay_overflow(x, skb);
> err = -EOVERFLOW;
> @@ -168,7 +169,8 @@ static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb)
> if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
> XFRM_SKB_CB(skb)->seq.output.low = ++replay_esn->oseq;
> XFRM_SKB_CB(skb)->seq.output.hi = 0;
> - if (unlikely(replay_esn->oseq == 0)) {
> + if (unlikely(replay_esn->oseq == 0) &&
> + !(x->props.extra_flags & XFRM_SA_XFLAG_NO_ANTI_REPLAY)) {
> replay_esn->oseq--;
> xfrm_audit_state_replay_overflow(x, skb);
> err = -EOVERFLOW;
> @@ -572,7 +574,8 @@ static int xfrm_replay_overflow_offload(struct xfrm_state *x, struct sk_buff *sk
>
> XFRM_SKB_CB(skb)->seq.output.hi = 0;
> xo->seq.hi = 0;
> - if (unlikely(oseq < x->replay.oseq)) {
> + if (unlikely(oseq < x->replay.oseq) &&
> + !(x->props.extra_flags & XFRM_SA_XFLAG_NO_ANTI_REPLAY)) {
> xfrm_audit_state_replay_overflow(x, skb);
> err = -EOVERFLOW;
>
> @@ -611,7 +614,8 @@ static int xfrm_replay_overflow_offload_bmp(struct xfrm_state *x, struct sk_buff
>
> XFRM_SKB_CB(skb)->seq.output.hi = 0;
> xo->seq.hi = 0;
> - if (unlikely(oseq < replay_esn->oseq)) {
> + if (unlikely(oseq < replay_esn->oseq) &&
> + !(x->props.extra_flags & XFRM_SA_XFLAG_NO_ANTI_REPLAY)) {
> xfrm_audit_state_replay_overflow(x, skb);
> err = -EOVERFLOW;
>
> --
> 2.26.2
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH net-next v2] xfrm: introduce oseq-may-wrap flag
2020-05-25 15:46 [PATCH net-next] xfrm: no-anti-replay protection flag Petr Vaněk
2020-05-27 17:11 ` Christophe Gouault
@ 2020-05-30 12:39 ` Petr Vaněk
2020-06-02 9:55 ` Christophe Gouault
` (2 more replies)
1 sibling, 3 replies; 8+ messages in thread
From: Petr Vaněk @ 2020-05-30 12:39 UTC (permalink / raw)
To: Steffen Klassert, Herbert Xu, David S. Miller, Jakub Kicinski,
netdev, linux-kernel
Cc: Petr Vaněk
RFC 4303 in section 3.3.3 suggests to disable anti-replay for manually
distributed ICVs in which case the sender does not need to monitor or
reset the counter. However, the sender still increments the counter and
when it reaches the maximum value, the counter rolls over back to zero.
This patch introduces new extra_flag XFRM_SA_XFLAG_OSEQ_MAY_WRAP which
allows sequence number to cycle in outbound packets if set. This flag is
used only in legacy and bmp code, because esn should not be negotiated
if anti-replay is disabled (see note in 3.3.3 section).
Signed-off-by: Petr Vaněk <pv@excello.cz>
---
include/uapi/linux/xfrm.h | 1 +
net/xfrm/xfrm_replay.c | 12 ++++++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h
index 5f3b9fec7b5f..b701244334b5 100644
--- a/include/uapi/linux/xfrm.h
+++ b/include/uapi/linux/xfrm.h
@@ -387,6 +387,7 @@ struct xfrm_usersa_info {
};
#define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1
+#define XFRM_SA_XFLAG_OSEQ_MAY_WRAP 2
struct xfrm_usersa_id {
xfrm_address_t daddr;
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 98943f8d01aa..c6a4338a0d08 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -89,7 +89,8 @@ static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
XFRM_SKB_CB(skb)->seq.output.low = ++x->replay.oseq;
XFRM_SKB_CB(skb)->seq.output.hi = 0;
- if (unlikely(x->replay.oseq == 0)) {
+ if (unlikely(x->replay.oseq == 0) &&
+ !(x->props.extra_flags & XFRM_SA_XFLAG_OSEQ_MAY_WRAP)) {
x->replay.oseq--;
xfrm_audit_state_replay_overflow(x, skb);
err = -EOVERFLOW;
@@ -168,7 +169,8 @@ static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb)
if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
XFRM_SKB_CB(skb)->seq.output.low = ++replay_esn->oseq;
XFRM_SKB_CB(skb)->seq.output.hi = 0;
- if (unlikely(replay_esn->oseq == 0)) {
+ if (unlikely(replay_esn->oseq == 0) &&
+ !(x->props.extra_flags & XFRM_SA_XFLAG_OSEQ_MAY_WRAP)) {
replay_esn->oseq--;
xfrm_audit_state_replay_overflow(x, skb);
err = -EOVERFLOW;
@@ -572,7 +574,8 @@ static int xfrm_replay_overflow_offload(struct xfrm_state *x, struct sk_buff *sk
XFRM_SKB_CB(skb)->seq.output.hi = 0;
xo->seq.hi = 0;
- if (unlikely(oseq < x->replay.oseq)) {
+ if (unlikely(oseq < x->replay.oseq) &&
+ !(x->props.extra_flags & XFRM_SA_XFLAG_OSEQ_MAY_WRAP)) {
xfrm_audit_state_replay_overflow(x, skb);
err = -EOVERFLOW;
@@ -611,7 +614,8 @@ static int xfrm_replay_overflow_offload_bmp(struct xfrm_state *x, struct sk_buff
XFRM_SKB_CB(skb)->seq.output.hi = 0;
xo->seq.hi = 0;
- if (unlikely(oseq < replay_esn->oseq)) {
+ if (unlikely(oseq < replay_esn->oseq) &&
+ !(x->props.extra_flags & XFRM_SA_XFLAG_OSEQ_MAY_WRAP)) {
xfrm_audit_state_replay_overflow(x, skb);
err = -EOVERFLOW;
--
2.26.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH net-next] xfrm: no-anti-replay protection flag
2020-05-27 17:11 ` Christophe Gouault
@ 2020-05-30 12:41 ` Petr Vaněk
0 siblings, 0 replies; 8+ messages in thread
From: Petr Vaněk @ 2020-05-30 12:41 UTC (permalink / raw)
To: Christophe Gouault
Cc: Steffen Klassert, Herbert Xu, David S. Miller, Jakub Kicinski,
netdev, linux-kernel
Hi Christophe,
On Wed, May 27, 2020 at 07:11:21PM +0200, Christophe Gouault wrote:
> This patch is useful, however I think you should change the name of
> the option and amend its description:
> the option does not disable anti-replay in output (it can only be
> disabled in input), it allows the output sequence number to wrap, and
> it assumes that the remote peer disabled anti-replay in input.
>
> So you I suggest you change the name of the option to something like
> XFRM_SA_XFLAG_OSEQ_MAY_WRAP or XFRM_SA_XFLAG_ALLOW_OSEQ_WRAP.
thank you for your suggestions, I changed the patch and sent the second
version.
Petr
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH net-next v2] xfrm: introduce oseq-may-wrap flag
2020-05-30 12:39 ` [PATCH net-next v2] xfrm: introduce oseq-may-wrap flag Petr Vaněk
@ 2020-06-02 9:55 ` Christophe Gouault
2020-06-26 5:24 ` Steffen Klassert
2020-07-31 7:12 ` [PATCH iproute2-next] ip-xfrm: add support for oseq-may-wrap extra flag Petr Vaněk
2 siblings, 0 replies; 8+ messages in thread
From: Christophe Gouault @ 2020-06-02 9:55 UTC (permalink / raw)
To: Petr Vaněk
Cc: Steffen Klassert, Herbert Xu, David S. Miller, Jakub Kicinski,
netdev, linux-kernel
Le sam. 30 mai 2020 à 14:39, Petr Vaněk <pv@excello.cz> a écrit :
>
> RFC 4303 in section 3.3.3 suggests to disable anti-replay for manually
> distributed ICVs in which case the sender does not need to monitor or
> reset the counter. However, the sender still increments the counter and
> when it reaches the maximum value, the counter rolls over back to zero.
>
> This patch introduces new extra_flag XFRM_SA_XFLAG_OSEQ_MAY_WRAP which
> allows sequence number to cycle in outbound packets if set. This flag is
> used only in legacy and bmp code, because esn should not be negotiated
> if anti-replay is disabled (see note in 3.3.3 section).
> (...)
Hi Petr,
Thank you for taking my comment into account.
This new patch looks good to me.
Acked-by: Christophe Gouault <christophe.gouault@6wind.com>
Regards,
Christophe
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH net-next v2] xfrm: introduce oseq-may-wrap flag
2020-05-30 12:39 ` [PATCH net-next v2] xfrm: introduce oseq-may-wrap flag Petr Vaněk
2020-06-02 9:55 ` Christophe Gouault
@ 2020-06-26 5:24 ` Steffen Klassert
2020-07-31 7:12 ` [PATCH iproute2-next] ip-xfrm: add support for oseq-may-wrap extra flag Petr Vaněk
2 siblings, 0 replies; 8+ messages in thread
From: Steffen Klassert @ 2020-06-26 5:24 UTC (permalink / raw)
To: Petr Vaněk
Cc: Herbert Xu, David S. Miller, Jakub Kicinski, netdev, linux-kernel
On Sat, May 30, 2020 at 02:39:12PM +0200, Petr Vaněk wrote:
> RFC 4303 in section 3.3.3 suggests to disable anti-replay for manually
> distributed ICVs in which case the sender does not need to monitor or
> reset the counter. However, the sender still increments the counter and
> when it reaches the maximum value, the counter rolls over back to zero.
>
> This patch introduces new extra_flag XFRM_SA_XFLAG_OSEQ_MAY_WRAP which
> allows sequence number to cycle in outbound packets if set. This flag is
> used only in legacy and bmp code, because esn should not be negotiated
> if anti-replay is disabled (see note in 3.3.3 section).
>
> Signed-off-by: Petr Vaněk <pv@excello.cz>
Now applied to ipsec-next, thanks a lot!
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH iproute2-next] ip-xfrm: add support for oseq-may-wrap extra flag
2020-05-30 12:39 ` [PATCH net-next v2] xfrm: introduce oseq-may-wrap flag Petr Vaněk
2020-06-02 9:55 ` Christophe Gouault
2020-06-26 5:24 ` Steffen Klassert
@ 2020-07-31 7:12 ` Petr Vaněk
2020-08-03 14:58 ` David Ahern
2 siblings, 1 reply; 8+ messages in thread
From: Petr Vaněk @ 2020-07-31 7:12 UTC (permalink / raw)
To: netdev; +Cc: Petr Vaněk, David Ahern
This flag allows to create SA where sequence number can cycle in
outbound packets if set.
Signed-off-by: Petr Vaněk <pv@excello.cz>
---
include/uapi/linux/xfrm.h | 1 +
ip/ipxfrm.c | 3 +++
ip/xfrm_state.c | 4 +++-
man/man8/ip-xfrm.8 | 2 +-
4 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h
index 50450f3f..6dfb3c85 100644
--- a/include/uapi/linux/xfrm.h
+++ b/include/uapi/linux/xfrm.h
@@ -387,6 +387,7 @@ struct xfrm_usersa_info {
};
#define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1
+#define XFRM_SA_XFLAG_OSEQ_MAY_WRAP 2
struct xfrm_usersa_id {
xfrm_address_t daddr;
diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index fec206ab..cac8ba25 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -953,6 +953,9 @@ void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
XFRM_FLAG_PRINT(fp, extra_flags,
XFRM_SA_XFLAG_DONT_ENCAP_DSCP,
"dont-encap-dscp");
+ XFRM_FLAG_PRINT(fp, extra_flags,
+ XFRM_SA_XFLAG_OSEQ_MAY_WRAP,
+ "oseq-may-wrap");
if (extra_flags)
fprintf(fp, "%x", extra_flags);
}
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index f4bf3356..ddf784ca 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -104,7 +104,7 @@ static void usage(void)
"FLAG-LIST := [ FLAG-LIST ] FLAG\n"
"FLAG := noecn | decap-dscp | nopmtudisc | wildrecv | icmp | af-unspec | align4 | esn\n"
"EXTRA-FLAG-LIST := [ EXTRA-FLAG-LIST ] EXTRA-FLAG\n"
- "EXTRA-FLAG := dont-encap-dscp\n"
+ "EXTRA-FLAG := dont-encap-dscp | oseq-may-wrap\n"
"SELECTOR := [ src ADDR[/PLEN] ] [ dst ADDR[/PLEN] ] [ dev DEV ] [ UPSPEC ]\n"
"UPSPEC := proto { { tcp | udp | sctp | dccp } [ sport PORT ] [ dport PORT ] |\n"
" { icmp | ipv6-icmp | mobility-header } [ type NUMBER ] [ code NUMBER ] |\n"
@@ -253,6 +253,8 @@ static int xfrm_state_extra_flag_parse(__u32 *extra_flags, int *argcp, char ***a
while (1) {
if (strcmp(*argv, "dont-encap-dscp") == 0)
*extra_flags |= XFRM_SA_XFLAG_DONT_ENCAP_DSCP;
+ else if (strcmp(*argv, "oseq-may-wrap") == 0)
+ *extra_flags |= XFRM_SA_XFLAG_OSEQ_MAY_WRAP;
else {
PREV_ARG(); /* back track */
break;
diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index aa28db49..4fa31651 100644
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -217,7 +217,7 @@ ip-xfrm \- transform configuration
.ti -8
.IR EXTRA-FLAG " := "
-.B dont-encap-dscp
+.BR dont-encap-dscp " | " oseq-may-wrap
.ti -8
.BR "ip xfrm policy" " { " add " | " update " }"
--
2.26.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH iproute2-next] ip-xfrm: add support for oseq-may-wrap extra flag
2020-07-31 7:12 ` [PATCH iproute2-next] ip-xfrm: add support for oseq-may-wrap extra flag Petr Vaněk
@ 2020-08-03 14:58 ` David Ahern
0 siblings, 0 replies; 8+ messages in thread
From: David Ahern @ 2020-08-03 14:58 UTC (permalink / raw)
To: Petr Vaněk, netdev; +Cc: David Ahern
On 7/31/20 1:12 AM, Petr Vaněk wrote:
> This flag allows to create SA where sequence number can cycle in
> outbound packets if set.
>
> Signed-off-by: Petr Vaněk <pv@excello.cz>
> ---
> include/uapi/linux/xfrm.h | 1 +
> ip/ipxfrm.c | 3 +++
> ip/xfrm_state.c | 4 +++-
> man/man8/ip-xfrm.8 | 2 +-
> 4 files changed, 8 insertions(+), 2 deletions(-)
>
applied to iproute2-next
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-08-03 14:58 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-25 15:46 [PATCH net-next] xfrm: no-anti-replay protection flag Petr Vaněk
2020-05-27 17:11 ` Christophe Gouault
2020-05-30 12:41 ` Petr Vaněk
2020-05-30 12:39 ` [PATCH net-next v2] xfrm: introduce oseq-may-wrap flag Petr Vaněk
2020-06-02 9:55 ` Christophe Gouault
2020-06-26 5:24 ` Steffen Klassert
2020-07-31 7:12 ` [PATCH iproute2-next] ip-xfrm: add support for oseq-may-wrap extra flag Petr Vaněk
2020-08-03 14:58 ` David Ahern
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.