Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 59c9940e authored by Alexey Dobriyan's avatar Alexey Dobriyan Committed by David S. Miller
Browse files

netns xfrm: per-netns MIBs 



Signed-off-by: default avatarAlexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 4fb236ba

include/net/netns/mib.h

+3 −0
Original line number Diff line number Diff line
@@ -20,6 +20,9 @@ struct netns_mib { 
	DEFINE_SNMP_STAT(struct icmpv6_mib, icmpv6_statistics);

	DEFINE_SNMP_STAT(struct icmpv6msg_mib, icmpv6msg_statistics);

#endif

#ifdef CONFIG_XFRM_STATISTICS

	DEFINE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics);

#endif

};



#endif

include/net/xfrm.h

+6 −7
Original line number Diff line number Diff line
@@ -38,14 +38,13 @@ 
	MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto))



#ifdef CONFIG_XFRM_STATISTICS

DECLARE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics);

#define XFRM_INC_STATS(field)		SNMP_INC_STATS(xfrm_statistics, field)

#define XFRM_INC_STATS_BH(field)	SNMP_INC_STATS_BH(xfrm_statistics, field)

#define XFRM_INC_STATS_USER(field) 	SNMP_INC_STATS_USER(xfrm_statistics, field)

#define XFRM_INC_STATS(net, field)	SNMP_INC_STATS((net)->mib.xfrm_statistics, field)

#define XFRM_INC_STATS_BH(net, field)	SNMP_INC_STATS_BH((net)->mib.xfrm_statistics, field)

#define XFRM_INC_STATS_USER(net, field)	SNMP_INC_STATS_USER((net)-mib.xfrm_statistics, field)

#else

#define XFRM_INC_STATS(field)

#define XFRM_INC_STATS_BH(field)

#define XFRM_INC_STATS_USER(field)

#define XFRM_INC_STATS(net, field)	((void)(net))

#define XFRM_INC_STATS_BH(net, field)	((void)(net))

#define XFRM_INC_STATS_USER(net, field)	((void)(net))

#endif



extern u32 sysctl_xfrm_aevent_etime;

net/ipv6/xfrm6_input.c

+5 −4
Original line number Diff line number Diff line
@@ -58,6 +58,7 @@ EXPORT_SYMBOL(xfrm6_rcv); 
int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,

		     xfrm_address_t *saddr, u8 proto)

{

	struct net *net = dev_net(skb->dev);

	struct xfrm_state *x = NULL;

	int i = 0;
@@ -67,7 +68,7 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr, 


		sp = secpath_dup(skb->sp);

		if (!sp) {

			XFRM_INC_STATS(LINUX_MIB_XFRMINERROR);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMINERROR);

			goto drop;

		}

		if (skb->sp)
@@ -76,7 +77,7 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr, 
	}



	if (1 + skb->sp->len == XFRM_MAX_DEPTH) {

		XFRM_INC_STATS(LINUX_MIB_XFRMINBUFFERERROR);

		XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);

		goto drop;

	}
@@ -100,7 +101,7 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr, 
			break;

		}



		x = xfrm_state_lookup_byaddr(&init_net, dst, src, proto, AF_INET6);

		x = xfrm_state_lookup_byaddr(net, dst, src, proto, AF_INET6);

		if (!x)

			continue;
@@ -122,7 +123,7 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr, 
	}



	if (!x) {

		XFRM_INC_STATS(LINUX_MIB_XFRMINNOSTATES);

		XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOSTATES);

		xfrm_audit_state_notfound_simple(skb, AF_INET6);

		goto drop;

	}

net/xfrm/xfrm_input.c

+11 −11
Original line number Diff line number Diff line
@@ -128,7 +128,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) 


		sp = secpath_dup(skb->sp);

		if (!sp) {

			XFRM_INC_STATS(LINUX_MIB_XFRMINERROR);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMINERROR);

			goto drop;

		}

		if (skb->sp)
@@ -142,19 +142,19 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) 


	seq = 0;

	if (!spi && (err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0) {

		XFRM_INC_STATS(LINUX_MIB_XFRMINHDRERROR);

		XFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR);

		goto drop;

	}



	do {

		if (skb->sp->len == XFRM_MAX_DEPTH) {

			XFRM_INC_STATS(LINUX_MIB_XFRMINBUFFERERROR);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);

			goto drop;

		}



		x = xfrm_state_lookup(net, daddr, spi, nexthdr, family);

		if (x == NULL) {

			XFRM_INC_STATS(LINUX_MIB_XFRMINNOSTATES);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOSTATES);

			xfrm_audit_state_notfound(skb, family, spi, seq);

			goto drop;

		}
@@ -163,22 +163,22 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) 


		spin_lock(&x->lock);

		if (unlikely(x->km.state != XFRM_STATE_VALID)) {

			XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEINVALID);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEINVALID);

			goto drop_unlock;

		}



		if ((x->encap ? x->encap->encap_type : 0) != encap_type) {

			XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEMISMATCH);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH);

			goto drop_unlock;

		}



		if (x->props.replay_window && xfrm_replay_check(x, skb, seq)) {

			XFRM_INC_STATS(LINUX_MIB_XFRMINSTATESEQERROR);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);

			goto drop_unlock;

		}



		if (xfrm_state_check_expire(x)) {

			XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEEXPIRED);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEEXPIRED);

			goto drop_unlock;

		}
@@ -199,7 +199,7 @@ resume: 
							 x->type->proto);

				x->stats.integrity_failed++;

			}

			XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEPROTOERROR);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR);

			goto drop_unlock;

		}
@@ -225,7 +225,7 @@ resume: 
		}



		if (inner_mode->input(x, skb)) {

			XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEMODEERROR);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);

			goto drop;

		}
@@ -243,7 +243,7 @@ resume: 


		err = xfrm_parse_spi(skb, nexthdr, &spi, &seq);

		if (err < 0) {

			XFRM_INC_STATS(LINUX_MIB_XFRMINHDRERROR);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR);

			goto drop;

		}

	} while (!err);

net/xfrm/xfrm_output.c

+8 −7
Original line number Diff line number Diff line
@@ -49,27 +49,27 @@ static int xfrm_output_one(struct sk_buff *skb, int err) 
	do {

		err = xfrm_state_check_space(x, skb);

		if (err) {

			XFRM_INC_STATS(LINUX_MIB_XFRMOUTERROR);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTERROR);

			goto error_nolock;

		}



		err = x->outer_mode->output(x, skb);

		if (err) {

			XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATEMODEERROR);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEMODEERROR);

			goto error_nolock;

		}



		spin_lock_bh(&x->lock);

		err = xfrm_state_check_expire(x);

		if (err) {

			XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATEEXPIRED);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEEXPIRED);

			goto error;

		}



		if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {

			XFRM_SKB_CB(skb)->seq.output = ++x->replay.oseq;

			if (unlikely(x->replay.oseq == 0)) {

				XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATESEQERROR);

				XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATESEQERROR);

				x->replay.oseq--;

				xfrm_audit_state_replay_overflow(x, skb);

				err = -EOVERFLOW;
@@ -90,12 +90,12 @@ static int xfrm_output_one(struct sk_buff *skb, int err) 


resume:

		if (err) {

			XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATEPROTOERROR);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEPROTOERROR);

			goto error_nolock;

		}



		if (!(skb->dst = dst_pop(dst))) {

			XFRM_INC_STATS(LINUX_MIB_XFRMOUTERROR);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTERROR);

			err = -EHOSTUNREACH;

			goto error_nolock;

		}
@@ -179,6 +179,7 @@ static int xfrm_output_gso(struct sk_buff *skb) 


int xfrm_output(struct sk_buff *skb)

{

	struct net *net = dev_net(skb->dst->dev);

	int err;



	if (skb_is_gso(skb))
@@ -187,7 +188,7 @@ int xfrm_output(struct sk_buff *skb) 
	if (skb->ip_summed == CHECKSUM_PARTIAL) {

		err = skb_checksum_help(skb);

		if (err) {

			XFRM_INC_STATS(LINUX_MIB_XFRMOUTERROR);

			XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTERROR);

			kfree_skb(skb);

			return err;

		}