[Swan-commit] Changes to ref refs/heads/master

Antony Antony antony at vault.libreswan.fi
Fri Apr 13 10:15:19 UTC 2018

New commits:
commit 399074b6f4b07a08d45e19d0ed31cec27b1e08eb
Author: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Date:   Wed Nov 1 15:08:43 2017 +0100

    License cleanup: add SPDX license identifier to uapi header files with no license
    Many user space API headers are missing licensing information, which
    makes it hard for compliance tools to determine the correct license.
    By default are files without license information under the default
    license of the kernel, which is GPLV2.  Marking them GPLV2 would exclude
    them from being included in non GPLV2 code, which is obviously not
    intended. The user space API headers fall under the syscall exception
    which is in the kernels COPYING file:
       NOTE! This copyright does *not* cover user programs that use kernel
       services by normal system calls - this is merely considered normal use
       of the kernel, and does *not* fall under the heading of "derived work".
    otherwise syscall usage would not be possible.
    Update the files which contain no license information with an SPDX
    license identifier.  The chosen identifier is 'GPL-2.0 WITH
    Linux-syscall-note' which is the officially assigned identifier for the
    Linux syscall exception.  SPDX license identifiers are a legally binding
    shorthand, which can be used instead of the full boiler plate text.
    This patch is based on work done by Thomas Gleixner and Kate Stewart and
    Philippe Ombredanne.  See the previous patch in this series for the
    methodology of how this patch was researched.
    Reviewed-by: Kate Stewart <kstewart at linuxfoundation.org>
    Reviewed-by: Philippe Ombredanne <pombredanne at nexb.com>
    Reviewed-by: Thomas Gleixner <tglx at linutronix.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
    Signed-off-by: Antony Antony <antony at phenome.org>

commit 3fbd919a9cd709458309ed157e84ac018fe8d936
Author: Lorenzo Colitti <lorenzo at google.com>
Date:   Fri Aug 11 02:11:33 2017 +0900

    net: xfrm: support setting an output mark.
    On systems that use mark-based routing it may be necessary for
    routing lookups to use marks in order for packets to be routed
    correctly. An example of such a system is Android, which uses
    socket marks to route packets via different networks.
    Currently, routing lookups in tunnel mode always use a mark of
    zero, making routing incorrect on such systems.
    This patch adds a new output_mark element to the xfrm state and
    a corresponding XFRMA_OUTPUT_MARK netlink attribute. The output
    mark differs from the existing xfrm mark in two ways:
    1. The xfrm mark is used to match xfrm policies and states, while
       the xfrm output mark is used to set the mark (and influence
       the routing) of the packets emitted by those states.
    2. The existing mark is constrained to be a subset of the bits of
       the originating socket or transformed packet, but the output
       mark is arbitrary and depends only on the state.
    The use of a separate mark provides additional flexibility. For
    - A packet subject to two transforms (e.g., transport mode inside
      tunnel mode) can have two different output marks applied to it,
      one for the transport mode SA and one for the tunnel mode SA.
    - On a system where socket marks determine routing, the packets
      emitted by an IPsec tunnel can be routed based on a mark that
      is determined by the tunnel, not by the marks of the
      unencrypted packets.
    - Support for setting the output marks can be introduced without
      breaking any existing setups that employ both mark-based
      routing and xfrm tunnel mode. Simply changing the code to use
      the xfrm mark for routing output packets could xfrm mark could
      change behaviour in a way that breaks these setups.
    If the output mark is unspecified or set to zero, the mark is not
    set or changed.
    Tested: make allyesconfig; make -j64
    Tested: https://android-review.googlesource.com/452776
    Signed-off-by: Lorenzo Colitti <lorenzo at google.com>
    Signed-off-by: Steffen Klassert <steffen.klassert at secunet.com>
    Signed-off-by: Antony Antony <antony at phenome.org>

commit b787d06afe9abd446020b74d8586b6c720a5f965
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Tue Feb 13 10:59:40 2018 -0500

    d/tests/opportunistic: do not fail on initial systemctl status
    Signed-off-by: Antony Antony <antony at phenome.org>

commit 95cd65c543e55c1c98a3fb8da1abb4f2f09d89f2
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Mon Feb 5 15:58:19 2018 -0500

    d/copyright: remove dropped file
    Signed-off-by: Antony Antony <antony at phenome.org>

commit 5a13c11d539668631a5394cb25a85c55c612553e
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Mon Feb 5 15:57:01 2018 -0500

    d/copyright: Format: use https
    Signed-off-by: Antony Antony <antony at phenome.org>

commit 6d5e0fc59ab6feb1209ca9f26dd03b872db4f63b
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Wed Jan 10 11:42:27 2018 -0500

    conflict with strongswan-libcharon (Closes: #886842)
    Signed-off-by: Antony Antony <antony at phenome.org>

More information about the Swan-commit mailing list