diff options
-rw-r--r-- | include/net/xfrm.h | 8 | ||||
-rw-r--r-- | net/xfrm/xfrm_state.c | 25 |
2 files changed, 27 insertions, 6 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 0d5529c382e..afa508d92c9 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -143,6 +143,11 @@ struct xfrm_state | |||
143 | /* Replay detection state at the time we sent the last notification */ | 143 | /* Replay detection state at the time we sent the last notification */ |
144 | struct xfrm_replay_state preplay; | 144 | struct xfrm_replay_state preplay; |
145 | 145 | ||
146 | /* internal flag that only holds state for delayed aevent at the | ||
147 | * moment | ||
148 | */ | ||
149 | u32 xflags; | ||
150 | |||
146 | /* Replay detection notification settings */ | 151 | /* Replay detection notification settings */ |
147 | u32 replay_maxage; | 152 | u32 replay_maxage; |
148 | u32 replay_maxdiff; | 153 | u32 replay_maxdiff; |
@@ -168,6 +173,9 @@ struct xfrm_state | |||
168 | void *data; | 173 | void *data; |
169 | }; | 174 | }; |
170 | 175 | ||
176 | /* xflags - make enum if more show up */ | ||
177 | #define XFRM_TIME_DEFER 1 | ||
178 | |||
171 | enum { | 179 | enum { |
172 | XFRM_STATE_VOID, | 180 | XFRM_STATE_VOID, |
173 | XFRM_STATE_ACQ, | 181 | XFRM_STATE_ACQ, |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index a8e14dc1b04..3dc3e1f3b7a 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
@@ -805,16 +805,22 @@ void xfrm_replay_notify(struct xfrm_state *x, int event) | |||
805 | case XFRM_REPLAY_UPDATE: | 805 | case XFRM_REPLAY_UPDATE: |
806 | if (x->replay_maxdiff && | 806 | if (x->replay_maxdiff && |
807 | (x->replay.seq - x->preplay.seq < x->replay_maxdiff) && | 807 | (x->replay.seq - x->preplay.seq < x->replay_maxdiff) && |
808 | (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) | 808 | (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) { |
809 | return; | 809 | if (x->xflags & XFRM_TIME_DEFER) |
810 | event = XFRM_REPLAY_TIMEOUT; | ||
811 | else | ||
812 | return; | ||
813 | } | ||
810 | 814 | ||
811 | break; | 815 | break; |
812 | 816 | ||
813 | case XFRM_REPLAY_TIMEOUT: | 817 | case XFRM_REPLAY_TIMEOUT: |
814 | if ((x->replay.seq == x->preplay.seq) && | 818 | if ((x->replay.seq == x->preplay.seq) && |
815 | (x->replay.bitmap == x->preplay.bitmap) && | 819 | (x->replay.bitmap == x->preplay.bitmap) && |
816 | (x->replay.oseq == x->preplay.oseq)) | 820 | (x->replay.oseq == x->preplay.oseq)) { |
821 | x->xflags |= XFRM_TIME_DEFER; | ||
817 | return; | 822 | return; |
823 | } | ||
818 | 824 | ||
819 | break; | 825 | break; |
820 | } | 826 | } |
@@ -825,8 +831,10 @@ void xfrm_replay_notify(struct xfrm_state *x, int event) | |||
825 | km_state_notify(x, &c); | 831 | km_state_notify(x, &c); |
826 | 832 | ||
827 | if (x->replay_maxage && | 833 | if (x->replay_maxage && |
828 | !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) | 834 | !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) { |
829 | xfrm_state_hold(x); | 835 | xfrm_state_hold(x); |
836 | x->xflags &= ~XFRM_TIME_DEFER; | ||
837 | } | ||
830 | } | 838 | } |
831 | EXPORT_SYMBOL(xfrm_replay_notify); | 839 | EXPORT_SYMBOL(xfrm_replay_notify); |
832 | 840 | ||
@@ -836,10 +844,15 @@ static void xfrm_replay_timer_handler(unsigned long data) | |||
836 | 844 | ||
837 | spin_lock(&x->lock); | 845 | spin_lock(&x->lock); |
838 | 846 | ||
839 | if (xfrm_aevent_is_on() && x->km.state == XFRM_STATE_VALID) | 847 | if (x->km.state == XFRM_STATE_VALID) { |
840 | xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT); | 848 | if (xfrm_aevent_is_on()) |
849 | xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT); | ||
850 | else | ||
851 | x->xflags |= XFRM_TIME_DEFER; | ||
852 | } | ||
841 | 853 | ||
842 | spin_unlock(&x->lock); | 854 | spin_unlock(&x->lock); |
855 | xfrm_state_put(x); | ||
843 | } | 856 | } |
844 | 857 | ||
845 | int xfrm_replay_check(struct xfrm_state *x, u32 seq) | 858 | int xfrm_replay_check(struct xfrm_state *x, u32 seq) |