diff options
| -rw-r--r-- | include/net/xfrm.h | 12 | ||||
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 27 |
2 files changed, 20 insertions, 19 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 1cb32bf107d..e0a55df5bde 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -886,15 +886,15 @@ __be16 xfrm_flowi_dport(const struct flowi *fl, const union flowi_uli *uli) | |||
| 886 | return port; | 886 | return port; |
| 887 | } | 887 | } |
| 888 | 888 | ||
| 889 | extern int xfrm_selector_match(const struct xfrm_selector *sel, | 889 | extern bool xfrm_selector_match(const struct xfrm_selector *sel, |
| 890 | const struct flowi *fl, | 890 | const struct flowi *fl, |
| 891 | unsigned short family); | 891 | unsigned short family); |
| 892 | 892 | ||
| 893 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 893 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
| 894 | /* If neither has a context --> match | 894 | /* If neither has a context --> match |
| 895 | * Otherwise, both must have a context and the sids, doi, alg must match | 895 | * Otherwise, both must have a context and the sids, doi, alg must match |
| 896 | */ | 896 | */ |
| 897 | static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2) | 897 | static inline bool xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2) |
| 898 | { | 898 | { |
| 899 | return ((!s1 && !s2) || | 899 | return ((!s1 && !s2) || |
| 900 | (s1 && s2 && | 900 | (s1 && s2 && |
| @@ -903,9 +903,9 @@ static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ct | |||
| 903 | (s1->ctx_alg == s2->ctx_alg))); | 903 | (s1->ctx_alg == s2->ctx_alg))); |
| 904 | } | 904 | } |
| 905 | #else | 905 | #else |
| 906 | static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2) | 906 | static inline bool xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ctx *s2) |
| 907 | { | 907 | { |
| 908 | return 1; | 908 | return true; |
| 909 | } | 909 | } |
| 910 | #endif | 910 | #endif |
| 911 | 911 | ||
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 7661576b6f4..3c87a1c4066 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -56,7 +56,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *xdst); | |||
| 56 | static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol, | 56 | static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol, |
| 57 | int dir); | 57 | int dir); |
| 58 | 58 | ||
| 59 | static inline int | 59 | static inline bool |
| 60 | __xfrm4_selector_match(const struct xfrm_selector *sel, const struct flowi *fl) | 60 | __xfrm4_selector_match(const struct xfrm_selector *sel, const struct flowi *fl) |
| 61 | { | 61 | { |
| 62 | const struct flowi4 *fl4 = &fl->u.ip4; | 62 | const struct flowi4 *fl4 = &fl->u.ip4; |
| @@ -69,7 +69,7 @@ __xfrm4_selector_match(const struct xfrm_selector *sel, const struct flowi *fl) | |||
| 69 | (fl4->flowi4_oif == sel->ifindex || !sel->ifindex); | 69 | (fl4->flowi4_oif == sel->ifindex || !sel->ifindex); |
| 70 | } | 70 | } |
| 71 | 71 | ||
| 72 | static inline int | 72 | static inline bool |
| 73 | __xfrm6_selector_match(const struct xfrm_selector *sel, const struct flowi *fl) | 73 | __xfrm6_selector_match(const struct xfrm_selector *sel, const struct flowi *fl) |
| 74 | { | 74 | { |
| 75 | const struct flowi6 *fl6 = &fl->u.ip6; | 75 | const struct flowi6 *fl6 = &fl->u.ip6; |
| @@ -82,8 +82,8 @@ __xfrm6_selector_match(const struct xfrm_selector *sel, const struct flowi *fl) | |||
| 82 | (fl6->flowi6_oif == sel->ifindex || !sel->ifindex); | 82 | (fl6->flowi6_oif == sel->ifindex || !sel->ifindex); |
| 83 | } | 83 | } |
| 84 | 84 | ||
| 85 | int xfrm_selector_match(const struct xfrm_selector *sel, const struct flowi *fl, | 85 | bool xfrm_selector_match(const struct xfrm_selector *sel, const struct flowi *fl, |
| 86 | unsigned short family) | 86 | unsigned short family) |
| 87 | { | 87 | { |
| 88 | switch (family) { | 88 | switch (family) { |
| 89 | case AF_INET: | 89 | case AF_INET: |
| @@ -91,7 +91,7 @@ int xfrm_selector_match(const struct xfrm_selector *sel, const struct flowi *fl, | |||
| 91 | case AF_INET6: | 91 | case AF_INET6: |
| 92 | return __xfrm6_selector_match(sel, fl); | 92 | return __xfrm6_selector_match(sel, fl); |
| 93 | } | 93 | } |
| 94 | return 0; | 94 | return false; |
| 95 | } | 95 | } |
| 96 | 96 | ||
| 97 | static inline struct dst_entry *__xfrm_dst_lookup(struct net *net, int tos, | 97 | static inline struct dst_entry *__xfrm_dst_lookup(struct net *net, int tos, |
| @@ -877,7 +877,8 @@ static int xfrm_policy_match(const struct xfrm_policy *pol, | |||
| 877 | u8 type, u16 family, int dir) | 877 | u8 type, u16 family, int dir) |
| 878 | { | 878 | { |
| 879 | const struct xfrm_selector *sel = &pol->selector; | 879 | const struct xfrm_selector *sel = &pol->selector; |
| 880 | int match, ret = -ESRCH; | 880 | int ret = -ESRCH; |
| 881 | bool match; | ||
| 881 | 882 | ||
| 882 | if (pol->family != family || | 883 | if (pol->family != family || |
| 883 | (fl->flowi_mark & pol->mark.m) != pol->mark.v || | 884 | (fl->flowi_mark & pol->mark.m) != pol->mark.v || |
| @@ -1006,8 +1007,8 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, | |||
| 1006 | 1007 | ||
| 1007 | read_lock_bh(&xfrm_policy_lock); | 1008 | read_lock_bh(&xfrm_policy_lock); |
| 1008 | if ((pol = sk->sk_policy[dir]) != NULL) { | 1009 | if ((pol = sk->sk_policy[dir]) != NULL) { |
| 1009 | int match = xfrm_selector_match(&pol->selector, fl, | 1010 | bool match = xfrm_selector_match(&pol->selector, fl, |
| 1010 | sk->sk_family); | 1011 | sk->sk_family); |
| 1011 | int err = 0; | 1012 | int err = 0; |
| 1012 | 1013 | ||
| 1013 | if (match) { | 1014 | if (match) { |
| @@ -2767,8 +2768,8 @@ EXPORT_SYMBOL_GPL(xfrm_audit_policy_delete); | |||
| 2767 | #endif | 2768 | #endif |
| 2768 | 2769 | ||
| 2769 | #ifdef CONFIG_XFRM_MIGRATE | 2770 | #ifdef CONFIG_XFRM_MIGRATE |
| 2770 | static int xfrm_migrate_selector_match(const struct xfrm_selector *sel_cmp, | 2771 | static bool xfrm_migrate_selector_match(const struct xfrm_selector *sel_cmp, |
| 2771 | const struct xfrm_selector *sel_tgt) | 2772 | const struct xfrm_selector *sel_tgt) |
| 2772 | { | 2773 | { |
| 2773 | if (sel_cmp->proto == IPSEC_ULPROTO_ANY) { | 2774 | if (sel_cmp->proto == IPSEC_ULPROTO_ANY) { |
| 2774 | if (sel_tgt->family == sel_cmp->family && | 2775 | if (sel_tgt->family == sel_cmp->family && |
| @@ -2778,14 +2779,14 @@ static int xfrm_migrate_selector_match(const struct xfrm_selector *sel_cmp, | |||
| 2778 | sel_cmp->family) == 0 && | 2779 | sel_cmp->family) == 0 && |
| 2779 | sel_tgt->prefixlen_d == sel_cmp->prefixlen_d && | 2780 | sel_tgt->prefixlen_d == sel_cmp->prefixlen_d && |
| 2780 | sel_tgt->prefixlen_s == sel_cmp->prefixlen_s) { | 2781 | sel_tgt->prefixlen_s == sel_cmp->prefixlen_s) { |
| 2781 | return 1; | 2782 | return true; |
| 2782 | } | 2783 | } |
| 2783 | } else { | 2784 | } else { |
| 2784 | if (memcmp(sel_tgt, sel_cmp, sizeof(*sel_tgt)) == 0) { | 2785 | if (memcmp(sel_tgt, sel_cmp, sizeof(*sel_tgt)) == 0) { |
| 2785 | return 1; | 2786 | return true; |
| 2786 | } | 2787 | } |
| 2787 | } | 2788 | } |
| 2788 | return 0; | 2789 | return false; |
| 2789 | } | 2790 | } |
| 2790 | 2791 | ||
| 2791 | static struct xfrm_policy * xfrm_migrate_policy_find(const struct xfrm_selector *sel, | 2792 | static struct xfrm_policy * xfrm_migrate_policy_find(const struct xfrm_selector *sel, |