Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

Transformation Statistics

-------------------------

xfrm_proc is a statistics shown factor dropped by transformation

for developer.

It is a counter designed from current transformation source code

and defined like linux private MIB.

Inbound statistics

~~~~~~~~~~~~~~~~~~

The xfrm_proc code is a set of statistics showing numbers of packets

dropped by the transformation code and why.  These counters are defined

as part of the linux private MIB.  These counters can be viewed in

/proc/net/xfrm_stat.

Inbound errors

~~~~~~~~~~~~~~

XfrmInError:

	All errors which is not matched others

XfrmInBufferError:

	Policy discards

XfrmInPolError:

	Policy error

XfrmAcquireError:

	State hasn't been fully acquired before use

XfrmFwdHdrError:

	Forward routing of a packet is not allowed

Outbound errors

~~~~~~~~~~~~~~~

	Policy is dead

XfrmOutPolError:

	Policy error

XfrmOutStateInvalid:

	State is invalid, perhaps expired

	const struct ndisc_ops *ndisc_ops;

#endif

#ifdef CONFIG_XFRM

#ifdef CONFIG_XFRM_OFFLOAD

	const struct xfrmdev_ops *xfrmdev_ops;

#endif

	struct Qdisc		*output_queue;

	struct Qdisc		**output_queue_tailp;

	struct sk_buff		*completion_queue;

#ifdef CONFIG_XFRM_OFFLOAD

	struct sk_buff_head	xfrm_backlog;

#endif

#ifdef CONFIG_RPS

	/* input_queue_head should be written by cpu owning this struct,

	 * and only read by other cpus. Worth using a cache line.

int dev_get_phys_port_name(struct net_device *dev,

			   char *name, size_t len);

int dev_change_proto_down(struct net_device *dev, bool proto_down);

struct sk_buff *validate_xmit_skb_list(struct sk_buff *skb, struct net_device *dev);

struct sk_buff *validate_xmit_skb_list(struct sk_buff *skb, struct net_device *dev, bool *again);

struct sk_buff *dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev,

				    struct netdev_queue *txq, int *ret);

#define	XFRM_GSO_SEGMENT	16

#define	XFRM_GRO		32

#define	XFRM_ESP_NO_TRAILER	64

#define	XFRM_DEV_RESUME		128

	__u32			status;

#define CRYPTO_SUCCESS				1

{

	return skb->sp->xvec[skb->sp->len - 1];

}

#endif

static inline struct xfrm_offload *xfrm_offload(struct sk_buff *skb)

{

#ifdef CONFIG_XFRM

	struct sec_path *sp = skb->sp;

	if (!sp || !sp->olen || sp->len != sp->olen)

		return NULL;

	return &sp->ovec[sp->olen - 1];

}

#else

	return NULL;

#endif

}

void __net_init xfrm_dev_init(void);

#ifdef CONFIG_XFRM_OFFLOAD

int validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t features);

void xfrm_dev_resume(struct sk_buff *skb);

void xfrm_dev_backlog(struct softnet_data *sd);

struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t features, bool *again);

int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,

		       struct xfrm_user_offload *xuo);

bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x);

		return false;

	xdst = (struct xfrm_dst *) dst;

	if (!x->xso.offload_handle && !xdst->child->xfrm)

		return true;

	if (x->xso.offload_handle && (x->xso.dev == xfrm_dst_path(dst)->dev) &&

	    !xdst->child->xfrm)

		return true;

	 struct net_device *dev = xso->dev;

	if (dev && dev->xfrmdev_ops) {

		if (dev->xfrmdev_ops->xdo_dev_state_free)

			dev->xfrmdev_ops->xdo_dev_state_free(x);

		xso->dev = NULL;

		dev_put(dev);

	}

}

#else

static inline int validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t features)

static inline void xfrm_dev_resume(struct sk_buff *skb)

{

	return 0;

}

static inline void xfrm_dev_backlog(struct softnet_data *sd)

{

}

static inline struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t features, bool *again)

{

	return skb;

}

static inline int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, struct xfrm_user_offload *xuo)

}

EXPORT_SYMBOL(skb_csum_hwoffload_help);

static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device *dev)

static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device *dev, bool *again)

{

	netdev_features_t features;

		    __skb_linearize(skb))

			goto out_kfree_skb;

		if (validate_xmit_xfrm(skb, features))

			goto out_kfree_skb;

		/* If packet is not checksummed and device does not

		 * support checksumming for this protocol, complete

		 * checksumming here.

		}

	}

	skb = validate_xmit_xfrm(skb, features, again);

	return skb;

out_kfree_skb:

	return NULL;

}

struct sk_buff *validate_xmit_skb_list(struct sk_buff *skb, struct net_device *dev)

struct sk_buff *validate_xmit_skb_list(struct sk_buff *skb, struct net_device *dev, bool *again)

{

	struct sk_buff *next, *head = NULL, *tail;

		/* in case skb wont be segmented, point to itself */

		skb->prev = skb;

		skb = validate_xmit_skb(skb, dev);

		skb = validate_xmit_skb(skb, dev, again);

		if (!skb)

			continue;

	struct netdev_queue *txq;

	struct Qdisc *q;

	int rc = -ENOMEM;

	bool again = false;

	skb_reset_mac_header(skb);

				     XMIT_RECURSION_LIMIT))

				goto recursion_alert;

			skb = validate_xmit_skb(skb, dev);

			skb = validate_xmit_skb(skb, dev, &again);

			if (!skb)

				goto out;

				spin_unlock(root_lock);

		}

	}

	xfrm_dev_backlog(sd);

}

#if IS_ENABLED(CONFIG_BRIDGE) && IS_ENABLED(CONFIG_ATM_LANE)

		skb_queue_head_init(&sd->input_pkt_queue);

		skb_queue_head_init(&sd->process_queue);

#ifdef CONFIG_XFRM_OFFLOAD

		skb_queue_head_init(&sd->xfrm_backlog);

#endif

		INIT_LIST_HEAD(&sd->poll_list);

		sd->output_queue_tailp = &sd->output_queue;

#ifdef CONFIG_RPS

static void esp_output_done(struct crypto_async_request *base, int err)

{

	struct sk_buff *skb = base->data;

	struct xfrm_offload *xo = xfrm_offload(skb);

	void *tmp;

	struct dst_entry *dst = skb_dst(skb);

	struct xfrm_state *x = dst->xfrm;

	struct xfrm_state *x;

	if (xo && (xo->flags & XFRM_DEV_RESUME))

		x = skb->sp->xvec[skb->sp->len - 1];

	else

		x = skb_dst(skb)->xfrm;

	tmp = ESP_SKB_CB(skb)->tmp;

	esp_ssg_unref(x, tmp);

	kfree(tmp);

	if (xo && (xo->flags & XFRM_DEV_RESUME)) {

		if (err) {

			XFRM_INC_STATS(xs_net(x), LINUX_MIB_XFRMOUTSTATEPROTOERROR);

			kfree_skb(skb);

			return;

		}

		skb_push(skb, skb->data - skb_mac_header(skb));

		secpath_reset(skb);

		xfrm_dev_resume(skb);

	} else {

		xfrm_output_resume(skb, err);

	}

}

/* Move ESP header back into place. */

static void esp_restore_header(struct sk_buff *skb, unsigned int offset)

	char aead_name[CRYPTO_MAX_ALG_NAME];

	struct crypto_aead *aead;

	int err;

	u32 mask = 0;

	err = -ENAMETOOLONG;

	if (snprintf(aead_name, CRYPTO_MAX_ALG_NAME, "%s(%s)",

		     x->geniv, x->aead->alg_name) >= CRYPTO_MAX_ALG_NAME)

		goto error;

	if (x->xso.offload_handle)

		mask |= CRYPTO_ALG_ASYNC;

	aead = crypto_alloc_aead(aead_name, 0, mask);

	aead = crypto_alloc_aead(aead_name, 0, 0);

	err = PTR_ERR(aead);

	if (IS_ERR(aead))

		goto error;

	char authenc_name[CRYPTO_MAX_ALG_NAME];

	unsigned int keylen;

	int err;

	u32 mask = 0;

	err = -EINVAL;

	if (!x->ealg)

			goto error;

	}

	if (x->xso.offload_handle)

		mask |= CRYPTO_ALG_ASYNC;

	aead = crypto_alloc_aead(authenc_name, 0, mask);

	aead = crypto_alloc_aead(authenc_name, 0, 0);

	err = PTR_ERR(aead);

	if (IS_ERR(aead))

		goto error;