diff options
| author | David S. Miller <davem@davemloft.net> | 2013-09-30 15:11:00 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-09-30 15:24:57 -0400 |
| commit | 7b77d161ce7e480a660692cab079712fc0268ba2 (patch) | |
| tree | b48e40d0e619a1c1a82be374fbd458584a9d6094 | |
| parent | 44a504c74ad338ccbbb9003f378d56576bdbf785 (diff) | |
| parent | aba8269588301f7778bea811d6f7ec74c2e37279 (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
Conflicts:
include/net/xfrm.h
Simple conflict between Joe Perches "extern" removal for function
declarations in header files and the changes in Steffen's tree.
Steffen Klassert says:
====================
Two patches that are left from the last development cycle.
Manual merging of include/net/xfrm.h is needed. The conflict
can be solved as it is currently done in linux-next.
1) We announce the creation of temporary acquire state via an asyc event,
so the deletion should be annunced too. From Nicolas Dichtel.
2) The VTI tunnels do not real tunning, they just provide a routable
IPsec tunnel interface. So introduce and use xfrm_tunnel_notifier
instead of xfrm_tunnel for xfrm tunnel mode callback. From Fan Du.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/net/xfrm.h | 15 | ||||
| -rw-r--r-- | net/ipv4/ip_vti.c | 67 | ||||
| -rw-r--r-- | net/ipv4/xfrm4_mode_tunnel.c | 16 | ||||
| -rw-r--r-- | net/xfrm/xfrm_state.c | 2 |
4 files changed, 20 insertions, 80 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 765746192724..b8a9ed849801 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -1357,6 +1357,12 @@ struct xfrm_tunnel { | |||
| 1357 | int priority; | 1357 | int priority; |
| 1358 | }; | 1358 | }; |
| 1359 | 1359 | ||
| 1360 | struct xfrm_tunnel_notifier { | ||
| 1361 | int (*handler)(struct sk_buff *skb); | ||
| 1362 | struct xfrm_tunnel_notifier __rcu *next; | ||
| 1363 | int priority; | ||
| 1364 | }; | ||
| 1365 | |||
| 1360 | struct xfrm6_tunnel { | 1366 | struct xfrm6_tunnel { |
| 1361 | int (*handler)(struct sk_buff *skb); | 1367 | int (*handler)(struct sk_buff *skb); |
| 1362 | int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt, | 1368 | int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt, |
| @@ -1499,9 +1505,9 @@ int xfrm4_output(struct sk_buff *skb); | |||
| 1499 | int xfrm4_output_finish(struct sk_buff *skb); | 1505 | int xfrm4_output_finish(struct sk_buff *skb); |
| 1500 | int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family); | 1506 | int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family); |
| 1501 | int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family); | 1507 | int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family); |
| 1502 | int xfrm4_mode_tunnel_input_register(struct xfrm_tunnel *handler); | ||
| 1503 | int xfrm4_mode_tunnel_input_deregister(struct xfrm_tunnel *handler); | ||
| 1504 | void xfrm4_local_error(struct sk_buff *skb, u32 mtu); | 1508 | void xfrm4_local_error(struct sk_buff *skb, u32 mtu); |
| 1509 | int xfrm4_mode_tunnel_input_register(struct xfrm_tunnel_notifier *handler); | ||
| 1510 | int xfrm4_mode_tunnel_input_deregister(struct xfrm_tunnel_notifier *handler); | ||
| 1505 | int xfrm6_extract_header(struct sk_buff *skb); | 1511 | int xfrm6_extract_header(struct sk_buff *skb); |
| 1506 | int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb); | 1512 | int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb); |
| 1507 | int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi); | 1513 | int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi); |
| @@ -1509,9 +1515,9 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async); | |||
| 1509 | int xfrm6_rcv(struct sk_buff *skb); | 1515 | int xfrm6_rcv(struct sk_buff *skb); |
| 1510 | int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr, | 1516 | int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr, |
| 1511 | xfrm_address_t *saddr, u8 proto); | 1517 | xfrm_address_t *saddr, u8 proto); |
| 1518 | void xfrm6_local_error(struct sk_buff *skb, u32 mtu); | ||
| 1512 | int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family); | 1519 | int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family); |
| 1513 | int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, | 1520 | int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family); |
| 1514 | unsigned short family); | ||
| 1515 | __be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr); | 1521 | __be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr); |
| 1516 | __be32 xfrm6_tunnel_spi_lookup(struct net *net, const xfrm_address_t *saddr); | 1522 | __be32 xfrm6_tunnel_spi_lookup(struct net *net, const xfrm_address_t *saddr); |
| 1517 | int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb); | 1523 | int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb); |
| @@ -1520,7 +1526,6 @@ int xfrm6_output(struct sk_buff *skb); | |||
| 1520 | int xfrm6_output_finish(struct sk_buff *skb); | 1526 | int xfrm6_output_finish(struct sk_buff *skb); |
| 1521 | int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb, | 1527 | int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb, |
| 1522 | u8 **prevhdr); | 1528 | u8 **prevhdr); |
| 1523 | void xfrm6_local_error(struct sk_buff *skb, u32 mtu); | ||
| 1524 | 1529 | ||
| 1525 | #ifdef CONFIG_XFRM | 1530 | #ifdef CONFIG_XFRM |
| 1526 | int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb); | 1531 | int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb); |
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index e805e7b3030e..91f69bc883fe 100644 --- a/net/ipv4/ip_vti.c +++ b/net/ipv4/ip_vti.c | |||
| @@ -49,70 +49,6 @@ static struct rtnl_link_ops vti_link_ops __read_mostly; | |||
| 49 | static int vti_net_id __read_mostly; | 49 | static int vti_net_id __read_mostly; |
| 50 | static int vti_tunnel_init(struct net_device *dev); | 50 | static int vti_tunnel_init(struct net_device *dev); |
| 51 | 51 | ||
| 52 | static int vti_err(struct sk_buff *skb, u32 info) | ||
| 53 | { | ||
| 54 | |||
| 55 | /* All the routers (except for Linux) return only | ||
| 56 | * 8 bytes of packet payload. It means, that precise relaying of | ||
| 57 | * ICMP in the real Internet is absolutely infeasible. | ||
| 58 | */ | ||
| 59 | struct net *net = dev_net(skb->dev); | ||
| 60 | struct ip_tunnel_net *itn = net_generic(net, vti_net_id); | ||
| 61 | struct iphdr *iph = (struct iphdr *)skb->data; | ||
| 62 | const int type = icmp_hdr(skb)->type; | ||
| 63 | const int code = icmp_hdr(skb)->code; | ||
| 64 | struct ip_tunnel *t; | ||
| 65 | int err; | ||
| 66 | |||
| 67 | switch (type) { | ||
| 68 | default: | ||
| 69 | case ICMP_PARAMETERPROB: | ||
| 70 | return 0; | ||
| 71 | |||
| 72 | case ICMP_DEST_UNREACH: | ||
| 73 | switch (code) { | ||
| 74 | case ICMP_SR_FAILED: | ||
| 75 | case ICMP_PORT_UNREACH: | ||
| 76 | /* Impossible event. */ | ||
| 77 | return 0; | ||
| 78 | default: | ||
| 79 | /* All others are translated to HOST_UNREACH. */ | ||
| 80 | break; | ||
| 81 | } | ||
| 82 | break; | ||
| 83 | case ICMP_TIME_EXCEEDED: | ||
| 84 | if (code != ICMP_EXC_TTL) | ||
| 85 | return 0; | ||
| 86 | break; | ||
| 87 | } | ||
| 88 | |||
| 89 | err = -ENOENT; | ||
| 90 | |||
| 91 | t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY, | ||
| 92 | iph->daddr, iph->saddr, 0); | ||
| 93 | if (t == NULL) | ||
| 94 | goto out; | ||
| 95 | |||
| 96 | if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { | ||
| 97 | ipv4_update_pmtu(skb, dev_net(skb->dev), info, | ||
| 98 | t->parms.link, 0, IPPROTO_IPIP, 0); | ||
| 99 | err = 0; | ||
| 100 | goto out; | ||
| 101 | } | ||
| 102 | |||
| 103 | err = 0; | ||
| 104 | if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED) | ||
| 105 | goto out; | ||
| 106 | |||
| 107 | if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO)) | ||
| 108 | t->err_count++; | ||
| 109 | else | ||
| 110 | t->err_count = 1; | ||
| 111 | t->err_time = jiffies; | ||
| 112 | out: | ||
| 113 | return err; | ||
| 114 | } | ||
| 115 | |||
| 116 | /* We dont digest the packet therefore let the packet pass */ | 52 | /* We dont digest the packet therefore let the packet pass */ |
| 117 | static int vti_rcv(struct sk_buff *skb) | 53 | static int vti_rcv(struct sk_buff *skb) |
| 118 | { | 54 | { |
| @@ -296,9 +232,8 @@ static void __net_init vti_fb_tunnel_init(struct net_device *dev) | |||
| 296 | iph->ihl = 5; | 232 | iph->ihl = 5; |
| 297 | } | 233 | } |
| 298 | 234 | ||
| 299 | static struct xfrm_tunnel vti_handler __read_mostly = { | 235 | static struct xfrm_tunnel_notifier vti_handler __read_mostly = { |
| 300 | .handler = vti_rcv, | 236 | .handler = vti_rcv, |
| 301 | .err_handler = vti_err, | ||
| 302 | .priority = 1, | 237 | .priority = 1, |
| 303 | }; | 238 | }; |
| 304 | 239 | ||
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c index b5663c37f089..31b18152528f 100644 --- a/net/ipv4/xfrm4_mode_tunnel.c +++ b/net/ipv4/xfrm4_mode_tunnel.c | |||
| @@ -16,13 +16,13 @@ | |||
| 16 | #include <net/xfrm.h> | 16 | #include <net/xfrm.h> |
| 17 | 17 | ||
| 18 | /* Informational hook. The decap is still done here. */ | 18 | /* Informational hook. The decap is still done here. */ |
| 19 | static struct xfrm_tunnel __rcu *rcv_notify_handlers __read_mostly; | 19 | static struct xfrm_tunnel_notifier __rcu *rcv_notify_handlers __read_mostly; |
| 20 | static DEFINE_MUTEX(xfrm4_mode_tunnel_input_mutex); | 20 | static DEFINE_MUTEX(xfrm4_mode_tunnel_input_mutex); |
| 21 | 21 | ||
| 22 | int xfrm4_mode_tunnel_input_register(struct xfrm_tunnel *handler) | 22 | int xfrm4_mode_tunnel_input_register(struct xfrm_tunnel_notifier *handler) |
| 23 | { | 23 | { |
| 24 | struct xfrm_tunnel __rcu **pprev; | 24 | struct xfrm_tunnel_notifier __rcu **pprev; |
| 25 | struct xfrm_tunnel *t; | 25 | struct xfrm_tunnel_notifier *t; |
| 26 | int ret = -EEXIST; | 26 | int ret = -EEXIST; |
| 27 | int priority = handler->priority; | 27 | int priority = handler->priority; |
| 28 | 28 | ||
| @@ -50,10 +50,10 @@ err: | |||
| 50 | } | 50 | } |
| 51 | EXPORT_SYMBOL_GPL(xfrm4_mode_tunnel_input_register); | 51 | EXPORT_SYMBOL_GPL(xfrm4_mode_tunnel_input_register); |
| 52 | 52 | ||
| 53 | int xfrm4_mode_tunnel_input_deregister(struct xfrm_tunnel *handler) | 53 | int xfrm4_mode_tunnel_input_deregister(struct xfrm_tunnel_notifier *handler) |
| 54 | { | 54 | { |
| 55 | struct xfrm_tunnel __rcu **pprev; | 55 | struct xfrm_tunnel_notifier __rcu **pprev; |
| 56 | struct xfrm_tunnel *t; | 56 | struct xfrm_tunnel_notifier *t; |
| 57 | int ret = -ENOENT; | 57 | int ret = -ENOENT; |
| 58 | 58 | ||
| 59 | mutex_lock(&xfrm4_mode_tunnel_input_mutex); | 59 | mutex_lock(&xfrm4_mode_tunnel_input_mutex); |
| @@ -134,7 +134,7 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 134 | 134 | ||
| 135 | static int xfrm4_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb) | 135 | static int xfrm4_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb) |
| 136 | { | 136 | { |
| 137 | struct xfrm_tunnel *handler; | 137 | struct xfrm_tunnel_notifier *handler; |
| 138 | int err = -EINVAL; | 138 | int err = -EINVAL; |
| 139 | 139 | ||
| 140 | if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP) | 140 | if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP) |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index b9c3f9e943a9..d6e7f98fbfbf 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
| @@ -468,7 +468,7 @@ expired: | |||
| 468 | } | 468 | } |
| 469 | 469 | ||
| 470 | err = __xfrm_state_delete(x); | 470 | err = __xfrm_state_delete(x); |
| 471 | if (!err && x->id.spi) | 471 | if (!err) |
| 472 | km_state_expired(x, 1, 0); | 472 | km_state_expired(x, 1, 0); |
| 473 | 473 | ||
| 474 | xfrm_audit_state_delete(x, err ? 0 : 1, | 474 | xfrm_audit_state_delete(x, err ? 0 : 1, |