aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/net/xfrm.h8
-rw-r--r--net/xfrm/xfrm_state.c25
2 files changed, 27 insertions, 6 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 0d5529c382e..afa508d92c9 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -143,6 +143,11 @@ struct xfrm_state
143 /* Replay detection state at the time we sent the last notification */ 143 /* Replay detection state at the time we sent the last notification */
144 struct xfrm_replay_state preplay; 144 struct xfrm_replay_state preplay;
145 145
146 /* internal flag that only holds state for delayed aevent at the
147 * moment
148 */
149 u32 xflags;
150
146 /* Replay detection notification settings */ 151 /* Replay detection notification settings */
147 u32 replay_maxage; 152 u32 replay_maxage;
148 u32 replay_maxdiff; 153 u32 replay_maxdiff;
@@ -168,6 +173,9 @@ struct xfrm_state
168 void *data; 173 void *data;
169}; 174};
170 175
176/* xflags - make enum if more show up */
177#define XFRM_TIME_DEFER 1
178
171enum { 179enum {
172 XFRM_STATE_VOID, 180 XFRM_STATE_VOID,
173 XFRM_STATE_ACQ, 181 XFRM_STATE_ACQ,
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index a8e14dc1b04..3dc3e1f3b7a 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -805,16 +805,22 @@ void xfrm_replay_notify(struct xfrm_state *x, int event)
805 case XFRM_REPLAY_UPDATE: 805 case XFRM_REPLAY_UPDATE:
806 if (x->replay_maxdiff && 806 if (x->replay_maxdiff &&
807 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) && 807 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
808 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) 808 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
809 return; 809 if (x->xflags & XFRM_TIME_DEFER)
810 event = XFRM_REPLAY_TIMEOUT;
811 else
812 return;
813 }
810 814
811 break; 815 break;
812 816
813 case XFRM_REPLAY_TIMEOUT: 817 case XFRM_REPLAY_TIMEOUT:
814 if ((x->replay.seq == x->preplay.seq) && 818 if ((x->replay.seq == x->preplay.seq) &&
815 (x->replay.bitmap == x->preplay.bitmap) && 819 (x->replay.bitmap == x->preplay.bitmap) &&
816 (x->replay.oseq == x->preplay.oseq)) 820 (x->replay.oseq == x->preplay.oseq)) {
821 x->xflags |= XFRM_TIME_DEFER;
817 return; 822 return;
823 }
818 824
819 break; 825 break;
820 } 826 }
@@ -825,8 +831,10 @@ void xfrm_replay_notify(struct xfrm_state *x, int event)
825 km_state_notify(x, &c); 831 km_state_notify(x, &c);
826 832
827 if (x->replay_maxage && 833 if (x->replay_maxage &&
828 !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) 834 !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) {
829 xfrm_state_hold(x); 835 xfrm_state_hold(x);
836 x->xflags &= ~XFRM_TIME_DEFER;
837 }
830} 838}
831EXPORT_SYMBOL(xfrm_replay_notify); 839EXPORT_SYMBOL(xfrm_replay_notify);
832 840
@@ -836,10 +844,15 @@ static void xfrm_replay_timer_handler(unsigned long data)
836 844
837 spin_lock(&x->lock); 845 spin_lock(&x->lock);
838 846
839 if (xfrm_aevent_is_on() && x->km.state == XFRM_STATE_VALID) 847 if (x->km.state == XFRM_STATE_VALID) {
840 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT); 848 if (xfrm_aevent_is_on())
849 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
850 else
851 x->xflags |= XFRM_TIME_DEFER;
852 }
841 853
842 spin_unlock(&x->lock); 854 spin_unlock(&x->lock);
855 xfrm_state_put(x);
843} 856}
844 857
845int xfrm_replay_check(struct xfrm_state *x, u32 seq) 858int xfrm_replay_check(struct xfrm_state *x, u32 seq)