[Swan-commit] Changes to ref refs/heads/master
Antony Antony
antony at vault.libreswan.fi
Fri Apr 13 10:15:19 UTC 2018
New commits:
commit 399074b6f4b07a08d45e19d0ed31cec27b1e08eb
Author: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Date: Wed Nov 1 15:08:43 2017 +0100
License cleanup: add SPDX license identifier to uapi header files with no license
Many user space API headers are missing licensing information, which
makes it hard for compliance tools to determine the correct license.
By default are files without license information under the default
license of the kernel, which is GPLV2. Marking them GPLV2 would exclude
them from being included in non GPLV2 code, which is obviously not
intended. The user space API headers fall under the syscall exception
which is in the kernels COPYING file:
NOTE! This copyright does *not* cover user programs that use kernel
services by normal system calls - this is merely considered normal use
of the kernel, and does *not* fall under the heading of "derived work".
otherwise syscall usage would not be possible.
Update the files which contain no license information with an SPDX
license identifier. The chosen identifier is 'GPL-2.0 WITH
Linux-syscall-note' which is the officially assigned identifier for the
Linux syscall exception. SPDX license identifiers are a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne. See the previous patch in this series for the
methodology of how this patch was researched.
Reviewed-by: Kate Stewart <kstewart at linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne at nexb.com>
Reviewed-by: Thomas Gleixner <tglx at linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Signed-off-by: Antony Antony <antony at phenome.org>
commit 3fbd919a9cd709458309ed157e84ac018fe8d936
Author: Lorenzo Colitti <lorenzo at google.com>
Date: Fri Aug 11 02:11:33 2017 +0900
net: xfrm: support setting an output mark.
On systems that use mark-based routing it may be necessary for
routing lookups to use marks in order for packets to be routed
correctly. An example of such a system is Android, which uses
socket marks to route packets via different networks.
Currently, routing lookups in tunnel mode always use a mark of
zero, making routing incorrect on such systems.
This patch adds a new output_mark element to the xfrm state and
a corresponding XFRMA_OUTPUT_MARK netlink attribute. The output
mark differs from the existing xfrm mark in two ways:
1. The xfrm mark is used to match xfrm policies and states, while
the xfrm output mark is used to set the mark (and influence
the routing) of the packets emitted by those states.
2. The existing mark is constrained to be a subset of the bits of
the originating socket or transformed packet, but the output
mark is arbitrary and depends only on the state.
The use of a separate mark provides additional flexibility. For
example:
- A packet subject to two transforms (e.g., transport mode inside
tunnel mode) can have two different output marks applied to it,
one for the transport mode SA and one for the tunnel mode SA.
- On a system where socket marks determine routing, the packets
emitted by an IPsec tunnel can be routed based on a mark that
is determined by the tunnel, not by the marks of the
unencrypted packets.
- Support for setting the output marks can be introduced without
breaking any existing setups that employ both mark-based
routing and xfrm tunnel mode. Simply changing the code to use
the xfrm mark for routing output packets could xfrm mark could
change behaviour in a way that breaks these setups.
If the output mark is unspecified or set to zero, the mark is not
set or changed.
Tested: make allyesconfig; make -j64
Tested: https://android-review.googlesource.com/452776
Signed-off-by: Lorenzo Colitti <lorenzo at google.com>
Signed-off-by: Steffen Klassert <steffen.klassert at secunet.com>
Signed-off-by: Antony Antony <antony at phenome.org>
commit b787d06afe9abd446020b74d8586b6c720a5f965
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Tue Feb 13 10:59:40 2018 -0500
d/tests/opportunistic: do not fail on initial systemctl status
Signed-off-by: Antony Antony <antony at phenome.org>
commit 95cd65c543e55c1c98a3fb8da1abb4f2f09d89f2
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Mon Feb 5 15:58:19 2018 -0500
d/copyright: remove dropped file
Signed-off-by: Antony Antony <antony at phenome.org>
commit 5a13c11d539668631a5394cb25a85c55c612553e
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Mon Feb 5 15:57:01 2018 -0500
d/copyright: Format: use https
Signed-off-by: Antony Antony <antony at phenome.org>
commit 6d5e0fc59ab6feb1209ca9f26dd03b872db4f63b
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Wed Jan 10 11:42:27 2018 -0500
conflict with strongswan-libcharon (Closes: #886842)
Signed-off-by: Antony Antony <antony at phenome.org>
More information about the Swan-commit
mailing list