aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazunori MIYAZAWA <miyazawa@linux-ipv6.org>2007-02-13 15:54:47 -0500
committerDavid S. Miller <davem@davemloft.net>2007-02-13 15:54:47 -0500
commitc0d56408e3ff52d635441e0f08d12164a63728cf (patch)
tree026b531a00255730e9878905fdc2e6a910f4e1c7
parent600ff0c24bb71482e7f0da948a931d5c5d72838a (diff)
[IPSEC]: Changing API of xfrm4_tunnel_register.
This patch changes xfrm4_tunnel register and deregister interface to prepare for solving the conflict of device tunnels with inter address family IPsec tunnel. Signed-off-by: Kazunori MIYAZAWA <miyazawa@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat
-rw-r--r--include/net/xfrm.h4
-rw-r--r--net/ipv4/ipip.c6
-rw-r--r--net/ipv4/tunnel4.c50
-rw-r--r--net/ipv4/xfrm4_input.c4
-rw-r--r--net/ipv4/xfrm4_tunnel.c29
5 files changed, 79 insertions, 14 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 16924cb772c9..20be8beb9a11 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -946,8 +946,8 @@ extern int xfrm_state_mtu(struct xfrm_state *x, int mtu);
946extern int xfrm_init_state(struct xfrm_state *x); 946extern int xfrm_init_state(struct xfrm_state *x);
947extern int xfrm4_rcv(struct sk_buff *skb); 947extern int xfrm4_rcv(struct sk_buff *skb);
948extern int xfrm4_output(struct sk_buff *skb); 948extern int xfrm4_output(struct sk_buff *skb);
949extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler); 949extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family);
950extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler); 950extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family);
951extern int xfrm6_rcv_spi(struct sk_buff *skb, __be32 spi); 951extern int xfrm6_rcv_spi(struct sk_buff *skb, __be32 spi);
952extern int xfrm6_rcv(struct sk_buff **pskb); 952extern int xfrm6_rcv(struct sk_buff **pskb);
953extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr, 953extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index 475bcd1e4181..9b561e633b00 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -871,7 +871,7 @@ static int __init ipip_init(void)
871 871
872 printk(banner); 872 printk(banner);
873 873
874 if (xfrm4_tunnel_register(&ipip_handler)) { 874 if (xfrm4_tunnel_register(&ipip_handler, AF_INET)) {
875 printk(KERN_INFO "ipip init: can't register tunnel\n"); 875 printk(KERN_INFO "ipip init: can't register tunnel\n");
876 return -EAGAIN; 876 return -EAGAIN;
877 } 877 }
@@ -893,7 +893,7 @@ static int __init ipip_init(void)
893 err2: 893 err2:
894 free_netdev(ipip_fb_tunnel_dev); 894 free_netdev(ipip_fb_tunnel_dev);
895 err1: 895 err1:
896 xfrm4_tunnel_deregister(&ipip_handler); 896 xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
897 goto out; 897 goto out;
898} 898}
899 899
@@ -913,7 +913,7 @@ static void __exit ipip_destroy_tunnels(void)
913 913
914static void __exit ipip_fini(void) 914static void __exit ipip_fini(void)
915{ 915{
916 if (xfrm4_tunnel_deregister(&ipip_handler)) 916 if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
917 printk(KERN_INFO "ipip close: can't deregister tunnel\n"); 917 printk(KERN_INFO "ipip close: can't deregister tunnel\n");
918 918
919 rtnl_lock(); 919 rtnl_lock();
diff --git a/net/ipv4/tunnel4.c b/net/ipv4/tunnel4.c
index 8d30c48f090e..a794a8ca8b4f 100644
--- a/net/ipv4/tunnel4.c
+++ b/net/ipv4/tunnel4.c
@@ -14,9 +14,10 @@
14#include <net/xfrm.h> 14#include <net/xfrm.h>
15 15
16static struct xfrm_tunnel *tunnel4_handlers; 16static struct xfrm_tunnel *tunnel4_handlers;
17static struct xfrm_tunnel *tunnel64_handlers;
17static DEFINE_MUTEX(tunnel4_mutex); 18static DEFINE_MUTEX(tunnel4_mutex);
18 19
19int xfrm4_tunnel_register(struct xfrm_tunnel *handler) 20int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family)
20{ 21{
21 struct xfrm_tunnel **pprev; 22 struct xfrm_tunnel **pprev;
22 int ret = -EEXIST; 23 int ret = -EEXIST;
@@ -24,7 +25,8 @@ int xfrm4_tunnel_register(struct xfrm_tunnel *handler)
24 25
25 mutex_lock(&tunnel4_mutex); 26 mutex_lock(&tunnel4_mutex);
26 27
27 for (pprev = &tunnel4_handlers; *pprev; pprev = &(*pprev)->next) { 28 for (pprev = (family == AF_INET) ? &tunnel4_handlers : &tunnel64_handlers;
29 *pprev; pprev = &(*pprev)->next) {
28 if ((*pprev)->priority > priority) 30 if ((*pprev)->priority > priority)
29 break; 31 break;
30 if ((*pprev)->priority == priority) 32 if ((*pprev)->priority == priority)
@@ -44,14 +46,15 @@ err:
44 46
45EXPORT_SYMBOL(xfrm4_tunnel_register); 47EXPORT_SYMBOL(xfrm4_tunnel_register);
46 48
47int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler) 49int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family)
48{ 50{
49 struct xfrm_tunnel **pprev; 51 struct xfrm_tunnel **pprev;
50 int ret = -ENOENT; 52 int ret = -ENOENT;
51 53
52 mutex_lock(&tunnel4_mutex); 54 mutex_lock(&tunnel4_mutex);
53 55
54 for (pprev = &tunnel4_handlers; *pprev; pprev = &(*pprev)->next) { 56 for (pprev = (family == AF_INET) ? &tunnel4_handlers : &tunnel64_handlers;
57 *pprev; pprev = &(*pprev)->next) {
55 if (*pprev == handler) { 58 if (*pprev == handler) {
56 *pprev = handler->next; 59 *pprev = handler->next;
57 ret = 0; 60 ret = 0;
@@ -86,6 +89,26 @@ drop:
86 return 0; 89 return 0;
87} 90}
88 91
92#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
93static int tunnel64_rcv(struct sk_buff *skb)
94{
95 struct xfrm_tunnel *handler;
96
97 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
98 goto drop;
99
100 for (handler = tunnel64_handlers; handler; handler = handler->next)
101 if (!handler->handler(skb))
102 return 0;
103
104 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
105
106drop:
107 kfree_skb(skb);
108 return 0;
109}
110#endif
111
89static void tunnel4_err(struct sk_buff *skb, u32 info) 112static void tunnel4_err(struct sk_buff *skb, u32 info)
90{ 113{
91 struct xfrm_tunnel *handler; 114 struct xfrm_tunnel *handler;
@@ -101,17 +124,36 @@ static struct net_protocol tunnel4_protocol = {
101 .no_policy = 1, 124 .no_policy = 1,
102}; 125};
103 126
127#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
128static struct net_protocol tunnel64_protocol = {
129 .handler = tunnel64_rcv,
130 .err_handler = tunnel4_err,
131 .no_policy = 1,
132};
133#endif
134
104static int __init tunnel4_init(void) 135static int __init tunnel4_init(void)
105{ 136{
106 if (inet_add_protocol(&tunnel4_protocol, IPPROTO_IPIP)) { 137 if (inet_add_protocol(&tunnel4_protocol, IPPROTO_IPIP)) {
107 printk(KERN_ERR "tunnel4 init: can't add protocol\n"); 138 printk(KERN_ERR "tunnel4 init: can't add protocol\n");
108 return -EAGAIN; 139 return -EAGAIN;
109 } 140 }
141#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
142 if (inet_add_protocol(&tunnel64_protocol, IPPROTO_IPV6)) {
143 printk(KERN_ERR "tunnel64 init: can't add protocol\n");
144 inet_del_protocol(&tunnel4_protocol, IPPROTO_IPIP);
145 return -EAGAIN;
146 }
147#endif
110 return 0; 148 return 0;
111} 149}
112 150
113static void __exit tunnel4_fini(void) 151static void __exit tunnel4_fini(void)
114{ 152{
153#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
154 if (inet_del_protocol(&tunnel64_protocol, IPPROTO_IPV6))
155 printk(KERN_ERR "tunnel64 close: can't remove protocol\n");
156#endif
115 if (inet_del_protocol(&tunnel4_protocol, IPPROTO_IPIP)) 157 if (inet_del_protocol(&tunnel4_protocol, IPPROTO_IPIP))
116 printk(KERN_ERR "tunnel4 close: can't remove protocol\n"); 158 printk(KERN_ERR "tunnel4 close: can't remove protocol\n");
117} 159}
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index 289146bdb8b0..78e80deb7e89 100644
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -27,6 +27,7 @@ static int xfrm4_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32
27{ 27{
28 switch (nexthdr) { 28 switch (nexthdr) {
29 case IPPROTO_IPIP: 29 case IPPROTO_IPIP:
30 case IPPROTO_IPV6:
30 *spi = skb->nh.iph->saddr; 31 *spi = skb->nh.iph->saddr;
31 *seq = 0; 32 *seq = 0;
32 return 0; 33 return 0;
@@ -70,7 +71,8 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
70 if (xfrm_nr == XFRM_MAX_DEPTH) 71 if (xfrm_nr == XFRM_MAX_DEPTH)
71 goto drop; 72 goto drop;
72 73
73 x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, spi, iph->protocol, AF_INET); 74 x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, spi,
75 iph->protocol != IPPROTO_IPV6 ? iph->protocol : IPPROTO_IPIP, AF_INET);
74 if (x == NULL) 76 if (x == NULL)
75 goto drop; 77 goto drop;
76 78
diff --git a/net/ipv4/xfrm4_tunnel.c b/net/ipv4/xfrm4_tunnel.c
index 1be6762b2d47..3eef06454da9 100644
--- a/net/ipv4/xfrm4_tunnel.c
+++ b/net/ipv4/xfrm4_tunnel.c
@@ -64,24 +64,45 @@ static struct xfrm_tunnel xfrm_tunnel_handler = {
64 .priority = 2, 64 .priority = 2,
65}; 65};
66 66
67#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
68static struct xfrm_tunnel xfrm64_tunnel_handler = {
69 .handler = xfrm4_rcv,
70 .err_handler = xfrm_tunnel_err,
71 .priority = 2,
72};
73#endif
74
67static int __init ipip_init(void) 75static int __init ipip_init(void)
68{ 76{
69 if (xfrm_register_type(&ipip_type, AF_INET) < 0) { 77 if (xfrm_register_type(&ipip_type, AF_INET) < 0) {
70 printk(KERN_INFO "ipip init: can't add xfrm type\n"); 78 printk(KERN_INFO "ipip init: can't add xfrm type\n");
71 return -EAGAIN; 79 return -EAGAIN;
72 } 80 }
73 if (xfrm4_tunnel_register(&xfrm_tunnel_handler)) { 81
74 printk(KERN_INFO "ipip init: can't add xfrm handler\n"); 82 if (xfrm4_tunnel_register(&xfrm_tunnel_handler, AF_INET)) {
83 printk(KERN_INFO "ipip init: can't add xfrm handler for AF_INET\n");
84 xfrm_unregister_type(&ipip_type, AF_INET);
85 return -EAGAIN;
86 }
87#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
88 if (xfrm4_tunnel_register(&xfrm64_tunnel_handler, AF_INET6)) {
89 printk(KERN_INFO "ipip init: can't add xfrm handler for AF_INET6\n");
90 xfrm4_tunnel_deregister(&xfrm_tunnel_handler, AF_INET);
75 xfrm_unregister_type(&ipip_type, AF_INET); 91 xfrm_unregister_type(&ipip_type, AF_INET);
76 return -EAGAIN; 92 return -EAGAIN;
77 } 93 }
94#endif
78 return 0; 95 return 0;
79} 96}
80 97
81static void __exit ipip_fini(void) 98static void __exit ipip_fini(void)
82{ 99{
83 if (xfrm4_tunnel_deregister(&xfrm_tunnel_handler)) 100#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
84 printk(KERN_INFO "ipip close: can't remove xfrm handler\n"); 101 if (xfrm4_tunnel_deregister(&xfrm64_tunnel_handler, AF_INET6))
102 printk(KERN_INFO "ipip close: can't remove xfrm handler for AF_INET6\n");
103#endif
104 if (xfrm4_tunnel_deregister(&xfrm_tunnel_handler, AF_INET))
105 printk(KERN_INFO "ipip close: can't remove xfrm handler for AF_INET\n");
85 if (xfrm_unregister_type(&ipip_type, AF_INET) < 0) 106 if (xfrm_unregister_type(&ipip_type, AF_INET) < 0)
86 printk(KERN_INFO "ipip close: can't remove xfrm type\n"); 107 printk(KERN_INFO "ipip close: can't remove xfrm type\n");
87} 108}
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-26 09:48:30 -0500