aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2018-12-18 11:15:20 -0500
committerDavid S. Miller <davem@davemloft.net>2018-12-19 14:21:37 -0500
commit2294be0f11e22b6197d025e5d3ab42888879ec4e (patch)
treef4e97bbe3475fa69f3100520f6d98f2d711ff852 /net/xfrm
parent7af8f4ca314a592e2ba49cb5ea1de1325974998e (diff)
net: use skb_sec_path helper in more places
skb_sec_path gains 'const' qualifier to avoid xt_policy.c: 'skb_sec_path' discards 'const' qualifier from pointer target type same reasoning as previous conversions: Won't need to touch these spots anymore when skb->sp is removed. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
-rw-r--r--net/xfrm/xfrm_device.c4
-rw-r--r--net/xfrm/xfrm_input.c16
-rw-r--r--net/xfrm/xfrm_policy.c19
3 files changed, 24 insertions, 15 deletions
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 144c137886b1..b8736f56e7f7 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -32,6 +32,7 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur
32 struct softnet_data *sd; 32 struct softnet_data *sd;
33 netdev_features_t esp_features = features; 33 netdev_features_t esp_features = features;
34 struct xfrm_offload *xo = xfrm_offload(skb); 34 struct xfrm_offload *xo = xfrm_offload(skb);
35 struct sec_path *sp;
35 36
36 if (!xo) 37 if (!xo)
37 return skb; 38 return skb;
@@ -39,7 +40,8 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur
39 if (!(features & NETIF_F_HW_ESP)) 40 if (!(features & NETIF_F_HW_ESP))
40 esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK); 41 esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK);
41 42
42 x = skb->sp->xvec[skb->sp->len - 1]; 43 sp = skb_sec_path(skb);
44 x = sp->xvec[sp->len - 1];
43 if (xo->flags & XFRM_GRO || x->xso.flags & XFRM_OFFLOAD_INBOUND) 45 if (xo->flags & XFRM_GRO || x->xso.flags & XFRM_OFFLOAD_INBOUND)
44 return skb; 46 return skb;
45 47
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index bda929b9ff35..b4db25b244fa 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -330,7 +330,9 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
330 daddr = (xfrm_address_t *)(skb_network_header(skb) + 330 daddr = (xfrm_address_t *)(skb_network_header(skb) +
331 XFRM_SPI_SKB_CB(skb)->daddroff); 331 XFRM_SPI_SKB_CB(skb)->daddroff);
332 do { 332 do {
333 if (skb->sp->len == XFRM_MAX_DEPTH) { 333 sp = skb_sec_path(skb);
334
335 if (sp->len == XFRM_MAX_DEPTH) {
334 secpath_reset(skb); 336 secpath_reset(skb);
335 XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR); 337 XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);
336 goto drop; 338 goto drop;
@@ -346,7 +348,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
346 348
347 skb->mark = xfrm_smark_get(skb->mark, x); 349 skb->mark = xfrm_smark_get(skb->mark, x);
348 350
349 skb->sp->xvec[skb->sp->len++] = x; 351 sp->xvec[sp->len++] = x;
350 352
351lock: 353lock:
352 spin_lock(&x->lock); 354 spin_lock(&x->lock);
@@ -470,8 +472,9 @@ resume:
470 nf_reset(skb); 472 nf_reset(skb);
471 473
472 if (decaps) { 474 if (decaps) {
473 if (skb->sp) 475 sp = skb_sec_path(skb);
474 skb->sp->olen = 0; 476 if (sp)
477 sp->olen = 0;
475 skb_dst_drop(skb); 478 skb_dst_drop(skb);
476 gro_cells_receive(&gro_cells, skb); 479 gro_cells_receive(&gro_cells, skb);
477 return 0; 480 return 0;
@@ -482,8 +485,9 @@ resume:
482 485
483 err = x->inner_mode->afinfo->transport_finish(skb, xfrm_gro || async); 486 err = x->inner_mode->afinfo->transport_finish(skb, xfrm_gro || async);
484 if (xfrm_gro) { 487 if (xfrm_gro) {
485 if (skb->sp) 488 sp = skb_sec_path(skb);
486 skb->sp->olen = 0; 489 if (sp)
490 sp->olen = 0;
487 skb_dst_drop(skb); 491 skb_dst_drop(skb);
488 gro_cells_receive(&gro_cells, skb); 492 gro_cells_receive(&gro_cells, skb);
489 return err; 493 return err;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index be04091eb7db..d6acba07bdc9 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3200,11 +3200,12 @@ EXPORT_SYMBOL(xfrm_lookup_route);
3200static inline int 3200static inline int
3201xfrm_secpath_reject(int idx, struct sk_buff *skb, const struct flowi *fl) 3201xfrm_secpath_reject(int idx, struct sk_buff *skb, const struct flowi *fl)
3202{ 3202{
3203 struct sec_path *sp = skb_sec_path(skb);
3203 struct xfrm_state *x; 3204 struct xfrm_state *x;
3204 3205
3205 if (!skb->sp || idx < 0 || idx >= skb->sp->len) 3206 if (!sp || idx < 0 || idx >= sp->len)
3206 return 0; 3207 return 0;
3207 x = skb->sp->xvec[idx]; 3208 x = sp->xvec[idx];
3208 if (!x->type->reject) 3209 if (!x->type->reject)
3209 return 0; 3210 return 0;
3210 return x->type->reject(x, skb, fl); 3211 return x->type->reject(x, skb, fl);
@@ -3304,6 +3305,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
3304 struct flowi fl; 3305 struct flowi fl;
3305 int xerr_idx = -1; 3306 int xerr_idx = -1;
3306 const struct xfrm_if_cb *ifcb; 3307 const struct xfrm_if_cb *ifcb;
3308 struct sec_path *sp;
3307 struct xfrm_if *xi; 3309 struct xfrm_if *xi;
3308 u32 if_id = 0; 3310 u32 if_id = 0;
3309 3311
@@ -3328,11 +3330,12 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
3328 nf_nat_decode_session(skb, &fl, family); 3330 nf_nat_decode_session(skb, &fl, family);
3329 3331
3330 /* First, check used SA against their selectors. */ 3332 /* First, check used SA against their selectors. */
3331 if (skb->sp) { 3333 sp = skb_sec_path(skb);
3334 if (sp) {
3332 int i; 3335 int i;
3333 3336
3334 for (i = skb->sp->len-1; i >= 0; i--) { 3337 for (i = sp->len - 1; i >= 0; i--) {
3335 struct xfrm_state *x = skb->sp->xvec[i]; 3338 struct xfrm_state *x = sp->xvec[i];
3336 if (!xfrm_selector_match(&x->sel, &fl, family)) { 3339 if (!xfrm_selector_match(&x->sel, &fl, family)) {
3337 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH); 3340 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH);
3338 return 0; 3341 return 0;
@@ -3359,7 +3362,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
3359 } 3362 }
3360 3363
3361 if (!pol) { 3364 if (!pol) {
3362 if (skb->sp && secpath_has_nontransport(skb->sp, 0, &xerr_idx)) { 3365 if (sp && secpath_has_nontransport(sp, 0, &xerr_idx)) {
3363 xfrm_secpath_reject(xerr_idx, skb, &fl); 3366 xfrm_secpath_reject(xerr_idx, skb, &fl);
3364 XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOPOLS); 3367 XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOPOLS);
3365 return 0; 3368 return 0;
@@ -3388,7 +3391,6 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
3388#endif 3391#endif
3389 3392
3390 if (pol->action == XFRM_POLICY_ALLOW) { 3393 if (pol->action == XFRM_POLICY_ALLOW) {
3391 struct sec_path *sp;
3392 static struct sec_path dummy; 3394 static struct sec_path dummy;
3393 struct xfrm_tmpl *tp[XFRM_MAX_DEPTH]; 3395 struct xfrm_tmpl *tp[XFRM_MAX_DEPTH];
3394 struct xfrm_tmpl *stp[XFRM_MAX_DEPTH]; 3396 struct xfrm_tmpl *stp[XFRM_MAX_DEPTH];
@@ -3396,7 +3398,8 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
3396 int ti = 0; 3398 int ti = 0;
3397 int i, k; 3399 int i, k;
3398 3400
3399 if ((sp = skb->sp) == NULL) 3401 sp = skb_sec_path(skb);
3402 if (!sp)
3400 sp = &dummy; 3403 sp = &dummy;
3401 3404
3402 for (pi = 0; pi < npols; pi++) { 3405 for (pi = 0; pi < npols; pi++) {
generated by cgit v1.2.2 (git 2.25.0) at 2026-04-26 04:35:52 -0400