Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bd55775c authored by Jamal Hadi Salim's avatar Jamal Hadi Salim Committed by David S. Miller
Browse files

xfrm: SA lookups signature with mark 



pass mark to all SA lookups to prepare them for when we add code
to have them search.

Signed-off-by: default avatarJamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent bf825f81

include/net/xfrm.h

+16 −7
Original line number Diff line number Diff line
@@ -1319,7 +1319,7 @@ extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t 
					  struct flowi *fl, struct xfrm_tmpl *tmpl,

					  struct xfrm_policy *pol, int *err,

					  unsigned short family);

extern struct xfrm_state * xfrm_stateonly_find(struct net *net,

extern struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark,

					       xfrm_address_t *daddr,

					       xfrm_address_t *saddr,

					       unsigned short family,
@@ -1328,8 +1328,14 @@ extern int xfrm_state_check_expire(struct xfrm_state *x); 
extern void xfrm_state_insert(struct xfrm_state *x);

extern int xfrm_state_add(struct xfrm_state *x);

extern int xfrm_state_update(struct xfrm_state *x);

extern struct xfrm_state *xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family);

extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family);

extern struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark,

					    xfrm_address_t *daddr, __be32 spi,

					    u8 proto, unsigned short family);

extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark,

						   xfrm_address_t *daddr,

						   xfrm_address_t *saddr,

						   u8 proto,

						   unsigned short family);

#ifdef CONFIG_XFRM_SUB_POLICY

extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,

			  int n, unsigned short family);
@@ -1366,7 +1372,8 @@ struct xfrmk_spdinfo { 
	u32 spdhmcnt;

};



extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 seq);

extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark,

					      u32 seq);

extern int xfrm_state_delete(struct xfrm_state *x);

extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);

extern void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si);
@@ -1451,9 +1458,11 @@ struct xfrm_policy *xfrm_policy_byid(struct net *net, u8, int dir, u32 id, int d 
int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);

u32 xfrm_get_acqseq(void);

extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);

struct xfrm_state * xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto,

				  xfrm_address_t *daddr, xfrm_address_t *saddr,

				  int create, unsigned short family);

struct xfrm_state *xfrm_find_acq(struct net *net, struct xfrm_mark *mark,

				 u8 mode, u32 reqid, u8 proto,

				 xfrm_address_t *daddr,

				 xfrm_address_t *saddr, int create,

				 unsigned short family);

extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);

extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst,

			  struct flowi *fl, int family, int strict);

net/core/pktgen.c

+2 −1
Original line number Diff line number Diff line
@@ -2188,12 +2188,13 @@ static inline int f_pick(struct pktgen_dev *pkt_dev) 
/* If there was already an IPSEC SA, we keep it as is, else

 * we go look for it ...

*/

#define DUMMY_MARK 0

static void get_ipsec_sa(struct pktgen_dev *pkt_dev, int flow)

{

	struct xfrm_state *x = pkt_dev->flows[flow].x;

	if (!x) {

		/*slow path: we dont already have xfrm_state*/

		x = xfrm_stateonly_find(&init_net,

		x = xfrm_stateonly_find(&init_net, DUMMY_MARK,

					(xfrm_address_t *)&pkt_dev->cur_daddr,

					(xfrm_address_t *)&pkt_dev->cur_saddr,

					AF_INET,

net/ipv4/ah4.c

+1 −1
Original line number Diff line number Diff line
@@ -393,7 +393,7 @@ static void ah4_err(struct sk_buff *skb, u32 info) 
	    icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)

		return;



	x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET);

	x = xfrm_state_lookup(net, skb->mark, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET);

	if (!x)

		return;

	printk(KERN_DEBUG "pmtu discovery on SA AH/%08x/%08x\n",

net/ipv4/esp4.c

+1 −1
Original line number Diff line number Diff line
@@ -422,7 +422,7 @@ static void esp4_err(struct sk_buff *skb, u32 info) 
	    icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)

		return;



	x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET);

	x = xfrm_state_lookup(net, skb->mark, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET);

	if (!x)

		return;

	NETDEBUG(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%08x\n",

net/ipv4/ipcomp.c

+4 −2
Original line number Diff line number Diff line
@@ -36,7 +36,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info) 
		return;



	spi = htonl(ntohs(ipch->cpi));

	x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr,

	x = xfrm_state_lookup(net, skb->mark, (xfrm_address_t *)&iph->daddr,

			      spi, IPPROTO_COMP, AF_INET);

	if (!x)

		return;
@@ -63,6 +63,7 @@ static struct xfrm_state *ipcomp_tunnel_create(struct xfrm_state *x) 
	t->props.mode = x->props.mode;

	t->props.saddr.a4 = x->props.saddr.a4;

	t->props.flags = x->props.flags;

	memcpy(&t->mark, &x->mark, sizeof(t->mark));



	if (xfrm_init_state(t))

		goto error;
@@ -87,8 +88,9 @@ static int ipcomp_tunnel_attach(struct xfrm_state *x) 
	struct net *net = xs_net(x);

	int err = 0;

	struct xfrm_state *t;

	u32 mark = x->mark.v & x->mark.m;



	t = xfrm_state_lookup(net, (xfrm_address_t *)&x->id.daddr.a4,

	t = xfrm_state_lookup(net, mark, (xfrm_address_t *)&x->id.daddr.a4,

			      x->props.saddr.a4, IPPROTO_IPIP, AF_INET);

	if (!t) {

		t = ipcomp_tunnel_create(x);