net: Use flowi4 and flowi6 in xfrm layer.

Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2011-03-12 02:42:11 -0500
committer: David S. Miller <davem@davemloft.net> 2011-03-12 18:08:52 -0500
commit: 7e1dc7b6f709dfc1a9ab4b320dbe723f45992693 (patch)
tree: db3a0ae07fb469c7f809a448bc39563f98edfec5 /net
parent: 2032656e76b5355151effdff14de4a1a58643915 (diff)
5 files changed, 77 insertions, 64 deletions
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index b111f468fa2..30b312c577b 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -56,7 +56,7 @@ static int xfrm4_get_saddr(struct net *net,
 static int xfrm4_get_tos(const struct flowi *fl)
 {
-        return IPTOS_RT_MASK & fl->fl4_tos; /* Strip ECN bits */
+        return IPTOS_RT_MASK & fl->u.ip4.flowi4_tos; /* Strip ECN bits */
 }
 static int xfrm4_init_path(struct xfrm_dst *path, struct dst_entry *dst,
@@ -69,13 +69,14 @@ static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
                          const struct flowi *fl)
 {
        struct rtable *rt = (struct rtable *)xdst->route;
+        const struct flowi4 *fl4 = &fl->u.ip4;
-        rt->rt_key_dst = fl->fl4_dst;
+        rt->rt_key_dst = fl4->daddr;
-        rt->rt_key_src = fl->fl4_src;
+        rt->rt_key_src = fl4->saddr;
-        rt->rt_tos = fl->fl4_tos;
+        rt->rt_tos = fl4->flowi4_tos;
-        rt->rt_iif = fl->flowi_iif;
+        rt->rt_iif = fl4->flowi4_iif;
-        rt->rt_oif = fl->flowi_oif;
+        rt->rt_oif = fl4->flowi4_oif;
-        rt->rt_mark = fl->flowi_mark;
+        rt->rt_mark = fl4->flowi4_mark;
        xdst->u.dst.dev = dev;
        dev_hold(dev);
@@ -102,9 +103,10 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
 {
        struct iphdr *iph = ip_hdr(skb);
        u8 *xprth = skb_network_header(skb) + iph->ihl * 4;
+        struct flowi4 *fl4 = &fl->u.ip4;
-        memset(fl, 0, sizeof(struct flowi));
+        memset(fl4, 0, sizeof(struct flowi4));
-        fl->flowi_mark = skb->mark;
+        fl4->flowi4_mark = skb->mark;
        if (!(iph->frag_off & htons(IP_MF | IP_OFFSET))) {
                switch (iph->protocol) {
@@ -117,8 +119,8 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
                            pskb_may_pull(skb, xprth + 4 - skb->data)) {
                                __be16 *ports = (__be16 *)xprth;
-                                fl->fl4_sport = ports[!!reverse];
+                                fl4->uli.ports.sport = ports[!!reverse];
-                                fl->fl4_dport = ports[!reverse];
+                                fl4->uli.ports.dport = ports[!reverse];
                        }
                        break;
@@ -126,8 +128,8 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
                        if (pskb_may_pull(skb, xprth + 2 - skb->data)) {
                                u8 *icmp = xprth;
-                                fl->fl4_icmp_type = icmp[0];
+                                fl4->uli.icmpt.type = icmp[0];
-                                fl->fl4_icmp_code = icmp[1];
+                                fl4->uli.icmpt.code = icmp[1];
                        }
                        break;
@@ -135,7 +137,7 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
                        if (pskb_may_pull(skb, xprth + 4 - skb->data)) {
                                __be32 *ehdr = (__be32 *)xprth;
-                                fl->fl4_ipsec_spi = ehdr[0];
+                                fl4->uli.spi = ehdr[0];
                        }
                        break;
@@ -143,7 +145,7 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
                        if (pskb_may_pull(skb, xprth + 8 - skb->data)) {
                                __be32 *ah_hdr = (__be32*)xprth;
-                                fl->fl4_ipsec_spi = ah_hdr[1];
+                                fl4->uli.spi = ah_hdr[1];
                        }
                        break;
@@ -151,7 +153,7 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
                        if (pskb_may_pull(skb, xprth + 4 - skb->data)) {
                                __be16 *ipcomp_hdr = (__be16 *)xprth;
-                                fl->fl4_ipsec_spi = htonl(ntohs(ipcomp_hdr[1]));
+                                fl4->uli.spi = htonl(ntohs(ipcomp_hdr[1]));
                        }
                        break;
@@ -163,20 +165,20 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
                                if (greflags[0] & GRE_KEY) {
                                        if (greflags[0] & GRE_CSUM)
                                                gre_hdr++;
-                                        fl->fl4_gre_key = gre_hdr[1];
+                                        fl4->uli.gre_key = gre_hdr[1];
                                }
                        }
                        break;
                default:
-                        fl->fl4_ipsec_spi = 0;
+                        fl4->uli.spi = 0;
                        break;
                }
        }
-        fl->flowi_proto = iph->protocol;
+        fl4->flowi4_proto = iph->protocol;
-        fl->fl4_dst = reverse ? iph->saddr : iph->daddr;
+        fl4->daddr = reverse ? iph->saddr : iph->daddr;
-        fl->fl4_src = reverse ? iph->daddr : iph->saddr;
+        fl4->saddr = reverse ? iph->daddr : iph->saddr;
-        fl->fl4_tos = iph->tos;
+        fl4->flowi4_tos = iph->tos;
 }
 static inline int xfrm4_garbage_collect(struct dst_ops *ops)
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c
index d8d54195453..1717c64628d 100644
--- a/net/ipv4/xfrm4_state.c
+++ b/net/ipv4/xfrm4_state.c
@@ -23,17 +23,19 @@ static int xfrm4_init_flags(struct xfrm_state *x)
 static void
 __xfrm4_init_tempsel(struct xfrm_selector *sel, const struct flowi *fl)
 {
-        sel->daddr.a4 = fl->fl4_dst;
+        const struct flowi4 *fl4 = &fl->u.ip4;
-        sel->saddr.a4 = fl->fl4_src;
-        sel->dport = xfrm_flowi_dport(fl, &fl->u.ip4.uli);
+        sel->daddr.a4 = fl4->daddr;
+        sel->saddr.a4 = fl4->saddr;
+        sel->dport = xfrm_flowi_dport(fl, &fl4->uli);
        sel->dport_mask = htons(0xffff);
-        sel->sport = xfrm_flowi_sport(fl, &fl->u.ip4.uli);
+        sel->sport = xfrm_flowi_sport(fl, &fl4->uli);
        sel->sport_mask = htons(0xffff);
        sel->family = AF_INET;
        sel->prefixlen_d = 32;
        sel->prefixlen_s = 32;
-        sel->proto = fl->flowi_proto;
+        sel->proto = fl4->flowi4_proto;
-        sel->ifindex = fl->flowi_oif;
+        sel->ifindex = fl4->flowi4_oif;
 }
 static void
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 213c7594144..254aa6d7950 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -30,15 +30,17 @@ static struct dst_entry *xfrm6_dst_lookup(struct net *net, int tos,
                                          const xfrm_address_t *saddr,
                                          const xfrm_address_t *daddr)
 {
-        struct flowi fl = {};
+        struct flowi6 fl6;
        struct dst_entry *dst;
        int err;
-        memcpy(&fl.fl6_dst, daddr, sizeof(fl.fl6_dst));
+        memset(&fl6, 0, sizeof(fl6));
+        memcpy(&fl6.daddr, daddr, sizeof(fl6.daddr));
        if (saddr)
-                memcpy(&fl.fl6_src, saddr, sizeof(fl.fl6_src));
+                memcpy(&fl6.saddr, saddr, sizeof(fl6.saddr));
-        dst = ip6_route_output(net, NULL, &fl);
+        dst = ip6_route_output(net, NULL,
+                               flowi6_to_flowi(&fl6));
        err = dst->error;
        if (dst->error) {
@@ -120,6 +122,7 @@ static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
 static inline void
 _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
 {
+        struct flowi6 *fl6 = &fl->u.ip6;
        int onlyproto = 0;
        u16 offset = skb_network_header_len(skb);
        struct ipv6hdr *hdr = ipv6_hdr(skb);
@@ -127,11 +130,11 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
        const unsigned char *nh = skb_network_header(skb);
        u8 nexthdr = nh[IP6CB(skb)->nhoff];
-        memset(fl, 0, sizeof(struct flowi));
+        memset(fl6, 0, sizeof(struct flowi6));
-        fl->flowi_mark = skb->mark;
+        fl6->flowi6_mark = skb->mark;
-        ipv6_addr_copy(&fl->fl6_dst, reverse ? &hdr->saddr : &hdr->daddr);
+        ipv6_addr_copy(&fl6->daddr, reverse ? &hdr->saddr : &hdr->daddr);
-        ipv6_addr_copy(&fl->fl6_src, reverse ? &hdr->daddr : &hdr->saddr);
+        ipv6_addr_copy(&fl6->saddr, reverse ? &hdr->daddr : &hdr->saddr);
        while (nh + offset + 1 < skb->data ||
               pskb_may_pull(skb, nh + offset + 1 - skb->data)) {
@@ -158,20 +161,20 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
                             pskb_may_pull(skb, nh + offset + 4 - skb->data))) {
                                __be16 *ports = (__be16 *)exthdr;
-                                fl->fl6_sport = ports[!!reverse];
+                                fl6->uli.ports.sport = ports[!!reverse];
-                                fl->fl6_dport = ports[!reverse];
+                                fl6->uli.ports.dport = ports[!reverse];
                        }
-                        fl->flowi_proto = nexthdr;
+                        fl6->flowi6_proto = nexthdr;
                        return;
                case IPPROTO_ICMPV6:
                        if (!onlyproto && pskb_may_pull(skb, nh + offset + 2 - skb->data)) {
                                u8 *icmp = (u8 *)exthdr;
-                                fl->fl6_icmp_type = icmp[0];
+                                fl6->uli.icmpt.type = icmp[0];
-                                fl->fl6_icmp_code = icmp[1];
+                                fl6->uli.icmpt.code = icmp[1];
                        }
-                        fl->flowi_proto = nexthdr;
+                        fl6->flowi6_proto = nexthdr;
                        return;
 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
@@ -180,9 +183,9 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
                                struct ip6_mh *mh;
                                mh = (struct ip6_mh *)exthdr;
-                                fl->fl6_mh_type = mh->ip6mh_type;
+                                fl6->uli.mht.type = mh->ip6mh_type;
                        }
-                        fl->flowi_proto = nexthdr;
+                        fl6->flowi6_proto = nexthdr;
                        return;
 #endif
@@ -191,8 +194,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
                case IPPROTO_ESP:
                case IPPROTO_COMP:
                default:
-                        fl->fl6_ipsec_spi = 0;
+                        fl6->uli.spi = 0;
-                        fl->flowi_proto = nexthdr;
+                        fl6->flowi6_proto = nexthdr;
                        return;
                }
        }
diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index b456533a652..afe941e9415 100644
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -22,19 +22,21 @@
 static void
 __xfrm6_init_tempsel(struct xfrm_selector *sel, const struct flowi *fl)
 {
+        const struct flowi6 *fl6 = &fl->u.ip6;
        /* Initialize temporary selector matching only
         * to current session. */
-        ipv6_addr_copy((struct in6_addr *)&sel->daddr, &fl->fl6_dst);
+        ipv6_addr_copy((struct in6_addr *)&sel->daddr, &fl6->daddr);
-        ipv6_addr_copy((struct in6_addr *)&sel->saddr, &fl->fl6_src);
+        ipv6_addr_copy((struct in6_addr *)&sel->saddr, &fl6->saddr);
-        sel->dport = xfrm_flowi_dport(fl, &fl->u.ip6.uli);
+        sel->dport = xfrm_flowi_dport(fl, &fl6->uli);
        sel->dport_mask = htons(0xffff);
-        sel->sport = xfrm_flowi_sport(fl, &fl->u.ip6.uli);
+        sel->sport = xfrm_flowi_sport(fl, &fl6->uli);
        sel->sport_mask = htons(0xffff);
        sel->family = AF_INET6;
        sel->prefixlen_d = 128;
        sel->prefixlen_s = 128;
-        sel->proto = fl->flowi_proto;
+        sel->proto = fl6->flowi6_proto;
-        sel->ifindex = fl->flowi_oif;
+        sel->ifindex = fl6->flowi6_oif;
 }
 static void
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 2ecd18a106c..1ba0258b49c 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -59,23 +59,27 @@ static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol,
 static inline int
 __xfrm4_selector_match(const struct xfrm_selector *sel, const struct flowi *fl)
 {
-        return  addr_match(&fl->fl4_dst, &sel->daddr, sel->prefixlen_d) &&
+        const struct flowi4 *fl4 = &fl->u.ip4;
-                addr_match(&fl->fl4_src, &sel->saddr, sel->prefixlen_s) &&
-                !((xfrm_flowi_dport(fl, &fl->u.ip4.uli) ^ sel->dport) & sel->dport_mask) &&
+        return  addr_match(&fl4->daddr, &sel->daddr, sel->prefixlen_d) &&
-                !((xfrm_flowi_sport(fl, &fl->u.ip4.uli) ^ sel->sport) & sel->sport_mask) &&
+                addr_match(&fl4->saddr, &sel->saddr, sel->prefixlen_s) &&
-                (fl->flowi_proto == sel->proto || !sel->proto) &&
+                !((xfrm_flowi_dport(fl, &fl4->uli) ^ sel->dport) & sel->dport_mask) &&
-                (fl->flowi_oif == sel->ifindex || !sel->ifindex);
+                !((xfrm_flowi_sport(fl, &fl4->uli) ^ sel->sport) & sel->sport_mask) &&
+                (fl4->flowi4_proto == sel->proto || !sel->proto) &&
+                (fl4->flowi4_oif == sel->ifindex || !sel->ifindex);
 }
 static inline int
 __xfrm6_selector_match(const struct xfrm_selector *sel, const struct flowi *fl)
 {
-        return  addr_match(&fl->fl6_dst, &sel->daddr, sel->prefixlen_d) &&
+        const struct flowi6 *fl6 = &fl->u.ip6;
-                addr_match(&fl->fl6_src, &sel->saddr, sel->prefixlen_s) &&
-                !((xfrm_flowi_dport(fl, &fl->u.ip6.uli) ^ sel->dport) & sel->dport_mask) &&
+        return  addr_match(&fl6->daddr, &sel->daddr, sel->prefixlen_d) &&
-                !((xfrm_flowi_sport(fl, &fl->u.ip6.uli) ^ sel->sport) & sel->sport_mask) &&
+                addr_match(&fl6->saddr, &sel->saddr, sel->prefixlen_s) &&
-                (fl->flowi_proto == sel->proto || !sel->proto) &&
+                !((xfrm_flowi_dport(fl, &fl6->uli) ^ sel->dport) & sel->dport_mask) &&
-                (fl->flowi_oif == sel->ifindex || !sel->ifindex);
+                !((xfrm_flowi_sport(fl, &fl6->uli) ^ sel->sport) & sel->sport_mask) &&
+                (fl6->flowi6_proto == sel->proto || !sel->proto) &&
+                (fl6->flowi6_oif == sel->ifindex || !sel->ifindex);
 }
 int xfrm_selector_match(const struct xfrm_selector *sel, const struct flowi *fl,
author	David S. Miller <davem@davemloft.net>	2011-03-12 02:42:11 -0500
committer	David S. Miller <davem@davemloft.net>	2011-03-12 18:08:52 -0500
commit	7e1dc7b6f709dfc1a9ab4b320dbe723f45992693 (patch)
tree	db3a0ae07fb469c7f809a448bc39563f98edfec5 /net
parent	2032656e76b5355151effdff14de4a1a58643915 (diff)

diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index b111f468fa2..30b312c577b 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c
@@ -56,7 +56,7 @@ static int xfrm4_get_saddr(struct net *net,
56		56
57	static int xfrm4_get_tos(const struct flowi *fl)	57	static int xfrm4_get_tos(const struct flowi *fl)
58	{	58	{
59	return IPTOS_RT_MASK & fl->fl4_tos; /* Strip ECN bits */	59	return IPTOS_RT_MASK & fl->u.ip4.flowi4_tos; /* Strip ECN bits */
60	}	60	}
61		61
62	static int xfrm4_init_path(struct xfrm_dst path, struct dst_entry dst,	62	static int xfrm4_init_path(struct xfrm_dst path, struct dst_entry dst,
@@ -69,13 +69,14 @@ static int xfrm4_fill_dst(struct xfrm_dst xdst, struct net_device dev,
69	const struct flowi *fl)	69	const struct flowi *fl)
70	{	70	{
71	struct rtable rt = (struct rtable )xdst->route;	71	struct rtable rt = (struct rtable )xdst->route;
		72	const struct flowi4 *fl4 = &fl->u.ip4;
72		73
73	rt->rt_key_dst = fl->fl4_dst;	74	rt->rt_key_dst = fl4->daddr;
74	rt->rt_key_src = fl->fl4_src;	75	rt->rt_key_src = fl4->saddr;
75	rt->rt_tos = fl->fl4_tos;	76	rt->rt_tos = fl4->flowi4_tos;
76	rt->rt_iif = fl->flowi_iif;	77	rt->rt_iif = fl4->flowi4_iif;
77	rt->rt_oif = fl->flowi_oif;	78	rt->rt_oif = fl4->flowi4_oif;
78	rt->rt_mark = fl->flowi_mark;	79	rt->rt_mark = fl4->flowi4_mark;
79		80
80	xdst->u.dst.dev = dev;	81	xdst->u.dst.dev = dev;
81	dev_hold(dev);	82	dev_hold(dev);
@@ -102,9 +103,10 @@ _decode_session4(struct sk_buff skb, struct flowi fl, int reverse)
102	{	103	{
103	struct iphdr *iph = ip_hdr(skb);	104	struct iphdr *iph = ip_hdr(skb);
104	u8 xprth = skb_network_header(skb) + iph->ihl 4;	105	u8 xprth = skb_network_header(skb) + iph->ihl 4;
		106	struct flowi4 *fl4 = &fl->u.ip4;
105		107
106	memset(fl, 0, sizeof(struct flowi));	108	memset(fl4, 0, sizeof(struct flowi4));
107	fl->flowi_mark = skb->mark;	109	fl4->flowi4_mark = skb->mark;
108		110
109	if (!(iph->frag_off & htons(IP_MF \| IP_OFFSET))) {	111	if (!(iph->frag_off & htons(IP_MF \| IP_OFFSET))) {
110	switch (iph->protocol) {	112	switch (iph->protocol) {
@@ -117,8 +119,8 @@ _decode_session4(struct sk_buff skb, struct flowi fl, int reverse)
117	pskb_may_pull(skb, xprth + 4 - skb->data)) {	119	pskb_may_pull(skb, xprth + 4 - skb->data)) {
118	__be16 ports = (__be16 )xprth;	120	__be16 ports = (__be16 )xprth;
119		121
120	fl->fl4_sport = ports[!!reverse];	122	fl4->uli.ports.sport = ports[!!reverse];
121	fl->fl4_dport = ports[!reverse];	123	fl4->uli.ports.dport = ports[!reverse];
122	}	124	}
123	break;	125	break;
124		126
@@ -126,8 +128,8 @@ _decode_session4(struct sk_buff skb, struct flowi fl, int reverse)
126	if (pskb_may_pull(skb, xprth + 2 - skb->data)) {	128	if (pskb_may_pull(skb, xprth + 2 - skb->data)) {
127	u8 *icmp = xprth;	129	u8 *icmp = xprth;
128		130
129	fl->fl4_icmp_type = icmp[0];	131	fl4->uli.icmpt.type = icmp[0];
130	fl->fl4_icmp_code = icmp[1];	132	fl4->uli.icmpt.code = icmp[1];
131	}	133	}
132	break;	134	break;
133		135
@@ -135,7 +137,7 @@ _decode_session4(struct sk_buff skb, struct flowi fl, int reverse)
135	if (pskb_may_pull(skb, xprth + 4 - skb->data)) {	137	if (pskb_may_pull(skb, xprth + 4 - skb->data)) {
136	__be32 ehdr = (__be32 )xprth;	138	__be32 ehdr = (__be32 )xprth;
137		139
138	fl->fl4_ipsec_spi = ehdr[0];	140	fl4->uli.spi = ehdr[0];
139	}	141	}
140	break;	142	break;
141		143
@@ -143,7 +145,7 @@ _decode_session4(struct sk_buff skb, struct flowi fl, int reverse)
143	if (pskb_may_pull(skb, xprth + 8 - skb->data)) {	145	if (pskb_may_pull(skb, xprth + 8 - skb->data)) {
144	__be32 ah_hdr = (__be32)xprth;	146	__be32 ah_hdr = (__be32)xprth;
145		147
146	fl->fl4_ipsec_spi = ah_hdr[1];	148	fl4->uli.spi = ah_hdr[1];
147	}	149	}
148	break;	150	break;
149		151
@@ -151,7 +153,7 @@ _decode_session4(struct sk_buff skb, struct flowi fl, int reverse)
151	if (pskb_may_pull(skb, xprth + 4 - skb->data)) {	153	if (pskb_may_pull(skb, xprth + 4 - skb->data)) {
152	__be16 ipcomp_hdr = (__be16 )xprth;	154	__be16 ipcomp_hdr = (__be16 )xprth;
153		155
154	fl->fl4_ipsec_spi = htonl(ntohs(ipcomp_hdr[1]));	156	fl4->uli.spi = htonl(ntohs(ipcomp_hdr[1]));
155	}	157	}
156	break;	158	break;
157		159
@@ -163,20 +165,20 @@ _decode_session4(struct sk_buff skb, struct flowi fl, int reverse)
163	if (greflags[0] & GRE_KEY) {	165	if (greflags[0] & GRE_KEY) {
164	if (greflags[0] & GRE_CSUM)	166	if (greflags[0] & GRE_CSUM)
165	gre_hdr++;	167	gre_hdr++;
166	fl->fl4_gre_key = gre_hdr[1];	168	fl4->uli.gre_key = gre_hdr[1];
167	}	169	}
168	}	170	}
169	break;	171	break;
170		172
171	default:	173	default:
172	fl->fl4_ipsec_spi = 0;	174	fl4->uli.spi = 0;
173	break;	175	break;
174	}	176	}
175	}	177	}
176	fl->flowi_proto = iph->protocol;	178	fl4->flowi4_proto = iph->protocol;
177	fl->fl4_dst = reverse ? iph->saddr : iph->daddr;	179	fl4->daddr = reverse ? iph->saddr : iph->daddr;
178	fl->fl4_src = reverse ? iph->daddr : iph->saddr;	180	fl4->saddr = reverse ? iph->daddr : iph->saddr;
179	fl->fl4_tos = iph->tos;	181	fl4->flowi4_tos = iph->tos;
180	}	182	}
181		183
182	static inline int xfrm4_garbage_collect(struct dst_ops *ops)	184	static inline int xfrm4_garbage_collect(struct dst_ops *ops)


diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c index d8d54195453..1717c64628d 100644 --- a/net/ipv4/xfrm4_state.c +++ b/net/ipv4/xfrm4_state.c
@@ -23,17 +23,19 @@ static int xfrm4_init_flags(struct xfrm_state *x)
23	static void	23	static void
24	__xfrm4_init_tempsel(struct xfrm_selector sel, const struct flowi fl)	24	__xfrm4_init_tempsel(struct xfrm_selector sel, const struct flowi fl)
25	{	25	{
26	sel->daddr.a4 = fl->fl4_dst;	26	const struct flowi4 *fl4 = &fl->u.ip4;
27	sel->saddr.a4 = fl->fl4_src;	27
28	sel->dport = xfrm_flowi_dport(fl, &fl->u.ip4.uli);	28	sel->daddr.a4 = fl4->daddr;
		29	sel->saddr.a4 = fl4->saddr;
		30	sel->dport = xfrm_flowi_dport(fl, &fl4->uli);
29	sel->dport_mask = htons(0xffff);	31	sel->dport_mask = htons(0xffff);
30	sel->sport = xfrm_flowi_sport(fl, &fl->u.ip4.uli);	32	sel->sport = xfrm_flowi_sport(fl, &fl4->uli);
31	sel->sport_mask = htons(0xffff);	33	sel->sport_mask = htons(0xffff);
32	sel->family = AF_INET;	34	sel->family = AF_INET;
33	sel->prefixlen_d = 32;	35	sel->prefixlen_d = 32;
34	sel->prefixlen_s = 32;	36	sel->prefixlen_s = 32;
35	sel->proto = fl->flowi_proto;	37	sel->proto = fl4->flowi4_proto;
36	sel->ifindex = fl->flowi_oif;	38	sel->ifindex = fl4->flowi4_oif;
37	}	39	}
38		40
39	static void	41	static void


diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index 213c7594144..254aa6d7950 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c
@@ -30,15 +30,17 @@ static struct dst_entry xfrm6_dst_lookup(struct net net, int tos,
30	const xfrm_address_t *saddr,	30	const xfrm_address_t *saddr,
31	const xfrm_address_t *daddr)	31	const xfrm_address_t *daddr)
32	{	32	{
33	struct flowi fl = {};	33	struct flowi6 fl6;
34	struct dst_entry *dst;	34	struct dst_entry *dst;
35	int err;	35	int err;
36		36
37	memcpy(&fl.fl6_dst, daddr, sizeof(fl.fl6_dst));	37	memset(&fl6, 0, sizeof(fl6));
		38	memcpy(&fl6.daddr, daddr, sizeof(fl6.daddr));
38	if (saddr)	39	if (saddr)
39	memcpy(&fl.fl6_src, saddr, sizeof(fl.fl6_src));	40	memcpy(&fl6.saddr, saddr, sizeof(fl6.saddr));
40		41
41	dst = ip6_route_output(net, NULL, &fl);	42	dst = ip6_route_output(net, NULL,
		43	flowi6_to_flowi(&fl6));
42		44
43	err = dst->error;	45	err = dst->error;
44	if (dst->error) {	46	if (dst->error) {
@@ -120,6 +122,7 @@ static int xfrm6_fill_dst(struct xfrm_dst xdst, struct net_device dev,
120	static inline void	122	static inline void
121	_decode_session6(struct sk_buff skb, struct flowi fl, int reverse)	123	_decode_session6(struct sk_buff skb, struct flowi fl, int reverse)
122	{	124	{
		125	struct flowi6 *fl6 = &fl->u.ip6;
123	int onlyproto = 0;	126	int onlyproto = 0;
124	u16 offset = skb_network_header_len(skb);	127	u16 offset = skb_network_header_len(skb);
125	struct ipv6hdr *hdr = ipv6_hdr(skb);	128	struct ipv6hdr *hdr = ipv6_hdr(skb);
@@ -127,11 +130,11 @@ _decode_session6(struct sk_buff skb, struct flowi fl, int reverse)
127	const unsigned char *nh = skb_network_header(skb);	130	const unsigned char *nh = skb_network_header(skb);
128	u8 nexthdr = nh[IP6CB(skb)->nhoff];	131	u8 nexthdr = nh[IP6CB(skb)->nhoff];
129		132
130	memset(fl, 0, sizeof(struct flowi));	133	memset(fl6, 0, sizeof(struct flowi6));
131	fl->flowi_mark = skb->mark;	134	fl6->flowi6_mark = skb->mark;
132		135
133	ipv6_addr_copy(&fl->fl6_dst, reverse ? &hdr->saddr : &hdr->daddr);	136	ipv6_addr_copy(&fl6->daddr, reverse ? &hdr->saddr : &hdr->daddr);
134	ipv6_addr_copy(&fl->fl6_src, reverse ? &hdr->daddr : &hdr->saddr);	137	ipv6_addr_copy(&fl6->saddr, reverse ? &hdr->daddr : &hdr->saddr);
135		138
136	while (nh + offset + 1 < skb->data \|\|	139	while (nh + offset + 1 < skb->data \|\|
137	pskb_may_pull(skb, nh + offset + 1 - skb->data)) {	140	pskb_may_pull(skb, nh + offset + 1 - skb->data)) {
@@ -158,20 +161,20 @@ _decode_session6(struct sk_buff skb, struct flowi fl, int reverse)
158	pskb_may_pull(skb, nh + offset + 4 - skb->data))) {	161	pskb_may_pull(skb, nh + offset + 4 - skb->data))) {
159	__be16 ports = (__be16 )exthdr;	162	__be16 ports = (__be16 )exthdr;
160		163
161	fl->fl6_sport = ports[!!reverse];	164	fl6->uli.ports.sport = ports[!!reverse];
162	fl->fl6_dport = ports[!reverse];	165	fl6->uli.ports.dport = ports[!reverse];
163	}	166	}
164	fl->flowi_proto = nexthdr;	167	fl6->flowi6_proto = nexthdr;
165	return;	168	return;
166		169
167	case IPPROTO_ICMPV6:	170	case IPPROTO_ICMPV6:
168	if (!onlyproto && pskb_may_pull(skb, nh + offset + 2 - skb->data)) {	171	if (!onlyproto && pskb_may_pull(skb, nh + offset + 2 - skb->data)) {
169	u8 icmp = (u8 )exthdr;	172	u8 icmp = (u8 )exthdr;
170		173
171	fl->fl6_icmp_type = icmp[0];	174	fl6->uli.icmpt.type = icmp[0];
172	fl->fl6_icmp_code = icmp[1];	175	fl6->uli.icmpt.code = icmp[1];
173	}	176	}
174	fl->flowi_proto = nexthdr;	177	fl6->flowi6_proto = nexthdr;
175	return;	178	return;
176		179
177	#if defined(CONFIG_IPV6_MIP6) \|\| defined(CONFIG_IPV6_MIP6_MODULE)	180	#if defined(CONFIG_IPV6_MIP6) \|\| defined(CONFIG_IPV6_MIP6_MODULE)
@@ -180,9 +183,9 @@ _decode_session6(struct sk_buff skb, struct flowi fl, int reverse)
180	struct ip6_mh *mh;	183	struct ip6_mh *mh;
181	mh = (struct ip6_mh *)exthdr;	184	mh = (struct ip6_mh *)exthdr;
182		185
183	fl->fl6_mh_type = mh->ip6mh_type;	186	fl6->uli.mht.type = mh->ip6mh_type;
184	}	187	}
185	fl->flowi_proto = nexthdr;	188	fl6->flowi6_proto = nexthdr;
186	return;	189	return;
187	#endif	190	#endif
188		191
@@ -191,8 +194,8 @@ _decode_session6(struct sk_buff skb, struct flowi fl, int reverse)
191	case IPPROTO_ESP:	194	case IPPROTO_ESP:
192	case IPPROTO_COMP:	195	case IPPROTO_COMP:
193	default:	196	default:
194	fl->fl6_ipsec_spi = 0;	197	fl6->uli.spi = 0;
195	fl->flowi_proto = nexthdr;	198	fl6->flowi6_proto = nexthdr;
196	return;	199	return;
197	}	200	}
198	}	201	}


diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c index b456533a652..afe941e9415 100644 --- a/net/ipv6/xfrm6_state.c +++ b/net/ipv6/xfrm6_state.c
@@ -22,19 +22,21 @@
22	static void	22	static void
23	__xfrm6_init_tempsel(struct xfrm_selector sel, const struct flowi fl)	23	__xfrm6_init_tempsel(struct xfrm_selector sel, const struct flowi fl)
24	{	24	{
		25	const struct flowi6 *fl6 = &fl->u.ip6;
		26
25	/* Initialize temporary selector matching only	27	/* Initialize temporary selector matching only
26	* to current session. */	28	* to current session. */
27	ipv6_addr_copy((struct in6_addr *)&sel->daddr, &fl->fl6_dst);	29	ipv6_addr_copy((struct in6_addr *)&sel->daddr, &fl6->daddr);
28	ipv6_addr_copy((struct in6_addr *)&sel->saddr, &fl->fl6_src);	30	ipv6_addr_copy((struct in6_addr *)&sel->saddr, &fl6->saddr);
29	sel->dport = xfrm_flowi_dport(fl, &fl->u.ip6.uli);	31	sel->dport = xfrm_flowi_dport(fl, &fl6->uli);
30	sel->dport_mask = htons(0xffff);	32	sel->dport_mask = htons(0xffff);
31	sel->sport = xfrm_flowi_sport(fl, &fl->u.ip6.uli);	33	sel->sport = xfrm_flowi_sport(fl, &fl6->uli);
32	sel->sport_mask = htons(0xffff);	34	sel->sport_mask = htons(0xffff);
33	sel->family = AF_INET6;	35	sel->family = AF_INET6;
34	sel->prefixlen_d = 128;	36	sel->prefixlen_d = 128;
35	sel->prefixlen_s = 128;	37	sel->prefixlen_s = 128;
36	sel->proto = fl->flowi_proto;	38	sel->proto = fl6->flowi6_proto;
37	sel->ifindex = fl->flowi_oif;	39	sel->ifindex = fl6->flowi6_oif;
38	}	40	}
39		41
40	static void	42	static void


diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 2ecd18a106c..1ba0258b49c 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -59,23 +59,27 @@ static struct xfrm_policy __xfrm_policy_unlink(struct xfrm_policy pol,
59	static inline int	59	static inline int
60	__xfrm4_selector_match(const struct xfrm_selector sel, const struct flowi fl)	60	__xfrm4_selector_match(const struct xfrm_selector sel, const struct flowi fl)
61	{	61	{
62	return addr_match(&fl->fl4_dst, &sel->daddr, sel->prefixlen_d) &&	62	const struct flowi4 *fl4 = &fl->u.ip4;
63	addr_match(&fl->fl4_src, &sel->saddr, sel->prefixlen_s) &&	63
64	!((xfrm_flowi_dport(fl, &fl->u.ip4.uli) ^ sel->dport) & sel->dport_mask) &&	64	return addr_match(&fl4->daddr, &sel->daddr, sel->prefixlen_d) &&
65	!((xfrm_flowi_sport(fl, &fl->u.ip4.uli) ^ sel->sport) & sel->sport_mask) &&	65	addr_match(&fl4->saddr, &sel->saddr, sel->prefixlen_s) &&
66	(fl->flowi_proto == sel->proto \|\| !sel->proto) &&	66	!((xfrm_flowi_dport(fl, &fl4->uli) ^ sel->dport) & sel->dport_mask) &&
67	(fl->flowi_oif == sel->ifindex \|\| !sel->ifindex);	67	!((xfrm_flowi_sport(fl, &fl4->uli) ^ sel->sport) & sel->sport_mask) &&
		68	(fl4->flowi4_proto == sel->proto \|\| !sel->proto) &&
		69	(fl4->flowi4_oif == sel->ifindex \|\| !sel->ifindex);
68	}	70	}
69		71
70	static inline int	72	static inline int
71	__xfrm6_selector_match(const struct xfrm_selector sel, const struct flowi fl)	73	__xfrm6_selector_match(const struct xfrm_selector sel, const struct flowi fl)
72	{	74	{
73	return addr_match(&fl->fl6_dst, &sel->daddr, sel->prefixlen_d) &&	75	const struct flowi6 *fl6 = &fl->u.ip6;
74	addr_match(&fl->fl6_src, &sel->saddr, sel->prefixlen_s) &&	76
75	!((xfrm_flowi_dport(fl, &fl->u.ip6.uli) ^ sel->dport) & sel->dport_mask) &&	77	return addr_match(&fl6->daddr, &sel->daddr, sel->prefixlen_d) &&
76	!((xfrm_flowi_sport(fl, &fl->u.ip6.uli) ^ sel->sport) & sel->sport_mask) &&	78	addr_match(&fl6->saddr, &sel->saddr, sel->prefixlen_s) &&
77	(fl->flowi_proto == sel->proto \|\| !sel->proto) &&	79	!((xfrm_flowi_dport(fl, &fl6->uli) ^ sel->dport) & sel->dport_mask) &&
78	(fl->flowi_oif == sel->ifindex \|\| !sel->ifindex);	80	!((xfrm_flowi_sport(fl, &fl6->uli) ^ sel->sport) & sel->sport_mask) &&
		81	(fl6->flowi6_proto == sel->proto \|\| !sel->proto) &&
		82	(fl6->flowi6_oif == sel->ifindex \|\| !sel->ifindex);
79	}	83	}
80		84
81	int xfrm_selector_match(const struct xfrm_selector sel, const struct flowi fl,	85	int xfrm_selector_match(const struct xfrm_selector sel, const struct flowi fl,