Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1ce3644a authored Mar 08, 2011 by Steffen Klassert Committed by David S. Miller Mar 13, 2011

xfrm: Use separate low and high order bits of the sequence numbers in xfrm_skb_cb



To support IPsec extended sequence numbers, we split the
output sequence numbers of xfrm_skb_cb in low and high order 32 bits
and we add the high order 32 bits to the input sequence numbers.
All users are updated accordingly.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 9736acf3

include/net/xfrm.h

+8 −2

Original line number	Diff line number	Diff line
		@@ -582,8 +582,14 @@ struct xfrm_skb_cb {

		/* Sequence number for replay protection. */
		union {
		u64 output;
		__be32 input;
		struct {
		__u32 low;
		__u32 hi;
		} output;
		struct {
		__be32 low;
		__be32 hi;
		} input;
		} seq;
		};

net/ipv4/ah4.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -208,7 +208,7 @@ static int ah_output(struct xfrm_state x, struct sk_buff skb)

		ah->reserved = 0;
		ah->spi = x->id.spi;
		ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output);
		ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);

		sg_init_table(sg, nfrags);
		skb_to_sgvec(skb, sg, 0, skb->len);

net/ipv4/esp4.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -215,7 +215,7 @@ static int esp_output(struct xfrm_state x, struct sk_buff skb)
		}

		esph->spi = x->id.spi;
		esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output);
		esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);

		sg_init_table(sg, nfrags);
		skb_to_sgvec(skb, sg,
		@@ -227,7 +227,7 @@ static int esp_output(struct xfrm_state x, struct sk_buff skb)
		aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
		aead_givcrypt_set_assoc(req, asg, sizeof(*esph));
		aead_givcrypt_set_giv(req, esph->enc_data,
		XFRM_SKB_CB(skb)->seq.output);
		XFRM_SKB_CB(skb)->seq.output.low);

		ESP_SKB_CB(skb)->tmp = tmp;
		err = crypto_aead_givencrypt(req);

net/ipv6/ah6.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -409,7 +409,7 @@ static int ah6_output(struct xfrm_state x, struct sk_buff skb)

		ah->reserved = 0;
		ah->spi = x->id.spi;
		ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output);
		ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);

		sg_init_table(sg, nfrags);
		skb_to_sgvec(skb, sg, 0, skb->len);

net/ipv6/esp6.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -204,7 +204,7 @@ static int esp6_output(struct xfrm_state x, struct sk_buff skb)
		*skb_mac_header(skb) = IPPROTO_ESP;

		esph->spi = x->id.spi;
		esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output);
		esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);

		sg_init_table(sg, nfrags);
		skb_to_sgvec(skb, sg,
		@@ -216,7 +216,7 @@ static int esp6_output(struct xfrm_state x, struct sk_buff skb)
		aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
		aead_givcrypt_set_assoc(req, asg, sizeof(*esph));
		aead_givcrypt_set_giv(req, esph->enc_data,
		XFRM_SKB_CB(skb)->seq.output);
		XFRM_SKB_CB(skb)->seq.output.low);

		ESP_SKB_CB(skb)->tmp = tmp;
		err = crypto_aead_givencrypt(req);