diff options
author | David S. Miller <davem@davemloft.net> | 2013-04-11 16:14:37 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-04-11 16:14:37 -0400 |
commit | 16e3d9648add0b3839587fd77f510537baf88c3a (patch) | |
tree | 67831545a57cf08820b7f59d0e745e3b30d1a0ee | |
parent | c59fec207bc73612c9a124539b99d186ad6d2a99 (diff) | |
parent | 05600a799f6c67b139f2bc565e358b913b230cf5 (diff) |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
Steffen Klassert says:
====================
1) Allow to avoid copying DSCP during encapsulation
by setting a SA flag. From Nicolas Dichtel.
2) Constify the netlink dispatch table, no need to modify it
at runtime. From Mathias Krause.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/xfrm.h | 1 | ||||
-rw-r--r-- | include/uapi/linux/xfrm.h | 3 | ||||
-rw-r--r-- | net/ipv4/ipcomp.c | 1 | ||||
-rw-r--r-- | net/ipv4/xfrm4_mode_tunnel.c | 8 | ||||
-rw-r--r-- | net/ipv6/xfrm6_mode_tunnel.c | 7 | ||||
-rw-r--r-- | net/xfrm/xfrm_state.c | 1 | ||||
-rw-r--r-- | net/xfrm/xfrm_user.c | 17 |
7 files changed, 32 insertions, 6 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 24c8886fd969..ae16531d0d35 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -162,6 +162,7 @@ struct xfrm_state { | |||
162 | xfrm_address_t saddr; | 162 | xfrm_address_t saddr; |
163 | int header_len; | 163 | int header_len; |
164 | int trailer_len; | 164 | int trailer_len; |
165 | u32 extra_flags; | ||
165 | } props; | 166 | } props; |
166 | 167 | ||
167 | struct xfrm_lifetime_cfg lft; | 168 | struct xfrm_lifetime_cfg lft; |
diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h index 28e493b5b94c..a8cd6a4a2970 100644 --- a/include/uapi/linux/xfrm.h +++ b/include/uapi/linux/xfrm.h | |||
@@ -297,6 +297,7 @@ enum xfrm_attr_type_t { | |||
297 | XFRMA_MARK, /* struct xfrm_mark */ | 297 | XFRMA_MARK, /* struct xfrm_mark */ |
298 | XFRMA_TFCPAD, /* __u32 */ | 298 | XFRMA_TFCPAD, /* __u32 */ |
299 | XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_esn */ | 299 | XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_esn */ |
300 | XFRMA_SA_EXTRA_FLAGS, /* __u32 */ | ||
300 | __XFRMA_MAX | 301 | __XFRMA_MAX |
301 | 302 | ||
302 | #define XFRMA_MAX (__XFRMA_MAX - 1) | 303 | #define XFRMA_MAX (__XFRMA_MAX - 1) |
@@ -367,6 +368,8 @@ struct xfrm_usersa_info { | |||
367 | #define XFRM_STATE_ESN 128 | 368 | #define XFRM_STATE_ESN 128 |
368 | }; | 369 | }; |
369 | 370 | ||
371 | #define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1 | ||
372 | |||
370 | struct xfrm_usersa_id { | 373 | struct xfrm_usersa_id { |
371 | xfrm_address_t daddr; | 374 | xfrm_address_t daddr; |
372 | __be32 spi; | 375 | __be32 spi; |
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c index f01d1b1aff7f..59cb8c769056 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c | |||
@@ -75,6 +75,7 @@ static struct xfrm_state *ipcomp_tunnel_create(struct xfrm_state *x) | |||
75 | t->props.mode = x->props.mode; | 75 | t->props.mode = x->props.mode; |
76 | t->props.saddr.a4 = x->props.saddr.a4; | 76 | t->props.saddr.a4 = x->props.saddr.a4; |
77 | t->props.flags = x->props.flags; | 77 | t->props.flags = x->props.flags; |
78 | t->props.extra_flags = x->props.extra_flags; | ||
78 | memcpy(&t->mark, &x->mark, sizeof(t->mark)); | 79 | memcpy(&t->mark, &x->mark, sizeof(t->mark)); |
79 | 80 | ||
80 | if (xfrm_init_state(t)) | 81 | if (xfrm_init_state(t)) |
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c index fe5189e2e114..eb1dd4d643f2 100644 --- a/net/ipv4/xfrm4_mode_tunnel.c +++ b/net/ipv4/xfrm4_mode_tunnel.c | |||
@@ -103,8 +103,12 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) | |||
103 | 103 | ||
104 | top_iph->protocol = xfrm_af2proto(skb_dst(skb)->ops->family); | 104 | top_iph->protocol = xfrm_af2proto(skb_dst(skb)->ops->family); |
105 | 105 | ||
106 | /* DS disclosed */ | 106 | /* DS disclosing depends on XFRM_SA_XFLAG_DONT_ENCAP_DSCP */ |
107 | top_iph->tos = INET_ECN_encapsulate(XFRM_MODE_SKB_CB(skb)->tos, | 107 | if (x->props.extra_flags & XFRM_SA_XFLAG_DONT_ENCAP_DSCP) |
108 | top_iph->tos = 0; | ||
109 | else | ||
110 | top_iph->tos = XFRM_MODE_SKB_CB(skb)->tos; | ||
111 | top_iph->tos = INET_ECN_encapsulate(top_iph->tos, | ||
108 | XFRM_MODE_SKB_CB(skb)->tos); | 112 | XFRM_MODE_SKB_CB(skb)->tos); |
109 | 113 | ||
110 | flags = x->props.flags; | 114 | flags = x->props.flags; |
diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c index 9bf6a74a71d2..4770d515c2c8 100644 --- a/net/ipv6/xfrm6_mode_tunnel.c +++ b/net/ipv6/xfrm6_mode_tunnel.c | |||
@@ -49,8 +49,11 @@ static int xfrm6_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) | |||
49 | sizeof(top_iph->flow_lbl)); | 49 | sizeof(top_iph->flow_lbl)); |
50 | top_iph->nexthdr = xfrm_af2proto(skb_dst(skb)->ops->family); | 50 | top_iph->nexthdr = xfrm_af2proto(skb_dst(skb)->ops->family); |
51 | 51 | ||
52 | dsfield = XFRM_MODE_SKB_CB(skb)->tos; | 52 | if (x->props.extra_flags & XFRM_SA_XFLAG_DONT_ENCAP_DSCP) |
53 | dsfield = INET_ECN_encapsulate(dsfield, dsfield); | 53 | dsfield = 0; |
54 | else | ||
55 | dsfield = XFRM_MODE_SKB_CB(skb)->tos; | ||
56 | dsfield = INET_ECN_encapsulate(dsfield, XFRM_MODE_SKB_CB(skb)->tos); | ||
54 | if (x->props.flags & XFRM_STATE_NOECN) | 57 | if (x->props.flags & XFRM_STATE_NOECN) |
55 | dsfield &= ~INET_ECN_MASK; | 58 | dsfield &= ~INET_ECN_MASK; |
56 | ipv6_change_dsfield(top_iph, 0, dsfield); | 59 | ipv6_change_dsfield(top_iph, 0, dsfield); |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 2c341bdaf47c..78f66fa92449 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
@@ -1187,6 +1187,7 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp) | |||
1187 | goto error; | 1187 | goto error; |
1188 | 1188 | ||
1189 | x->props.flags = orig->props.flags; | 1189 | x->props.flags = orig->props.flags; |
1190 | x->props.extra_flags = orig->props.extra_flags; | ||
1190 | 1191 | ||
1191 | x->curlft.add_time = orig->curlft.add_time; | 1192 | x->curlft.add_time = orig->curlft.add_time; |
1192 | x->km.state = orig->km.state; | 1193 | x->km.state = orig->km.state; |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index fbd9e6cd0fd7..aa778748c565 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -515,6 +515,9 @@ static struct xfrm_state *xfrm_state_construct(struct net *net, | |||
515 | 515 | ||
516 | copy_from_user_state(x, p); | 516 | copy_from_user_state(x, p); |
517 | 517 | ||
518 | if (attrs[XFRMA_SA_EXTRA_FLAGS]) | ||
519 | x->props.extra_flags = nla_get_u32(attrs[XFRMA_SA_EXTRA_FLAGS]); | ||
520 | |||
518 | if ((err = attach_aead(&x->aead, &x->props.ealgo, | 521 | if ((err = attach_aead(&x->aead, &x->props.ealgo, |
519 | attrs[XFRMA_ALG_AEAD]))) | 522 | attrs[XFRMA_ALG_AEAD]))) |
520 | goto error; | 523 | goto error; |
@@ -779,6 +782,13 @@ static int copy_to_user_state_extra(struct xfrm_state *x, | |||
779 | 782 | ||
780 | copy_to_user_state(x, p); | 783 | copy_to_user_state(x, p); |
781 | 784 | ||
785 | if (x->props.extra_flags) { | ||
786 | ret = nla_put_u32(skb, XFRMA_SA_EXTRA_FLAGS, | ||
787 | x->props.extra_flags); | ||
788 | if (ret) | ||
789 | goto out; | ||
790 | } | ||
791 | |||
782 | if (x->coaddr) { | 792 | if (x->coaddr) { |
783 | ret = nla_put(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr); | 793 | ret = nla_put(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr); |
784 | if (ret) | 794 | if (ret) |
@@ -2302,9 +2312,10 @@ static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = { | |||
2302 | [XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) }, | 2312 | [XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) }, |
2303 | [XFRMA_TFCPAD] = { .type = NLA_U32 }, | 2313 | [XFRMA_TFCPAD] = { .type = NLA_U32 }, |
2304 | [XFRMA_REPLAY_ESN_VAL] = { .len = sizeof(struct xfrm_replay_state_esn) }, | 2314 | [XFRMA_REPLAY_ESN_VAL] = { .len = sizeof(struct xfrm_replay_state_esn) }, |
2315 | [XFRMA_SA_EXTRA_FLAGS] = { .type = NLA_U32 }, | ||
2305 | }; | 2316 | }; |
2306 | 2317 | ||
2307 | static struct xfrm_link { | 2318 | static const struct xfrm_link { |
2308 | int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **); | 2319 | int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **); |
2309 | int (*dump)(struct sk_buff *, struct netlink_callback *); | 2320 | int (*dump)(struct sk_buff *, struct netlink_callback *); |
2310 | int (*done)(struct netlink_callback *); | 2321 | int (*done)(struct netlink_callback *); |
@@ -2338,7 +2349,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
2338 | { | 2349 | { |
2339 | struct net *net = sock_net(skb->sk); | 2350 | struct net *net = sock_net(skb->sk); |
2340 | struct nlattr *attrs[XFRMA_MAX+1]; | 2351 | struct nlattr *attrs[XFRMA_MAX+1]; |
2341 | struct xfrm_link *link; | 2352 | const struct xfrm_link *link; |
2342 | int type, err; | 2353 | int type, err; |
2343 | 2354 | ||
2344 | type = nlh->nlmsg_type; | 2355 | type = nlh->nlmsg_type; |
@@ -2495,6 +2506,8 @@ static inline size_t xfrm_sa_len(struct xfrm_state *x) | |||
2495 | x->security->ctx_len); | 2506 | x->security->ctx_len); |
2496 | if (x->coaddr) | 2507 | if (x->coaddr) |
2497 | l += nla_total_size(sizeof(*x->coaddr)); | 2508 | l += nla_total_size(sizeof(*x->coaddr)); |
2509 | if (x->props.extra_flags) | ||
2510 | l += nla_total_size(sizeof(x->props.extra_flags)); | ||
2498 | 2511 | ||
2499 | /* Must count x->lastused as it may become non-zero behind our back. */ | 2512 | /* Must count x->lastused as it may become non-zero behind our back. */ |
2500 | l += nla_total_size(sizeof(u64)); | 2513 | l += nla_total_size(sizeof(u64)); |