diff options
| author | Steffen Klassert <steffen.klassert@secunet.com> | 2014-02-21 02:41:08 -0500 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2014-02-25 01:04:17 -0500 |
| commit | 827789cbd7f0ca070cd8c8623580c4152c28fea5 (patch) | |
| tree | 106aa9ea004d9e7596b18a45f337f29e4a06616d | |
| parent | 3328715e6c1fcb10cd86b0f3212d18290b7e4463 (diff) | |
esp4: Use the IPsec protocol multiplexer API
Switch esp4 to use the new IPsec protocol multiplexer.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
| -rw-r--r-- | net/ipv4/esp4.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 7785b28061ac..360b565918c4 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
| @@ -473,7 +473,7 @@ static u32 esp4_get_mtu(struct xfrm_state *x, int mtu) | |||
| 473 | net_adj) & ~(blksize - 1)) + net_adj - 2; | 473 | net_adj) & ~(blksize - 1)) + net_adj - 2; |
| 474 | } | 474 | } |
| 475 | 475 | ||
| 476 | static void esp4_err(struct sk_buff *skb, u32 info) | 476 | static int esp4_err(struct sk_buff *skb, u32 info) |
| 477 | { | 477 | { |
| 478 | struct net *net = dev_net(skb->dev); | 478 | struct net *net = dev_net(skb->dev); |
| 479 | const struct iphdr *iph = (const struct iphdr *)skb->data; | 479 | const struct iphdr *iph = (const struct iphdr *)skb->data; |
| @@ -483,23 +483,25 @@ static void esp4_err(struct sk_buff *skb, u32 info) | |||
| 483 | switch (icmp_hdr(skb)->type) { | 483 | switch (icmp_hdr(skb)->type) { |
| 484 | case ICMP_DEST_UNREACH: | 484 | case ICMP_DEST_UNREACH: |
| 485 | if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) | 485 | if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) |
| 486 | return; | 486 | return 0; |
| 487 | case ICMP_REDIRECT: | 487 | case ICMP_REDIRECT: |
| 488 | break; | 488 | break; |
| 489 | default: | 489 | default: |
| 490 | return; | 490 | return 0; |
| 491 | } | 491 | } |
| 492 | 492 | ||
| 493 | x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr, | 493 | x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr, |
| 494 | esph->spi, IPPROTO_ESP, AF_INET); | 494 | esph->spi, IPPROTO_ESP, AF_INET); |
| 495 | if (!x) | 495 | if (!x) |
| 496 | return; | 496 | return 0; |
| 497 | 497 | ||
| 498 | if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) | 498 | if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) |
| 499 | ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0); | 499 | ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0); |
| 500 | else | 500 | else |
| 501 | ipv4_redirect(skb, net, 0, 0, IPPROTO_ESP, 0); | 501 | ipv4_redirect(skb, net, 0, 0, IPPROTO_ESP, 0); |
| 502 | xfrm_state_put(x); | 502 | xfrm_state_put(x); |
| 503 | |||
| 504 | return 0; | ||
| 503 | } | 505 | } |
| 504 | 506 | ||
| 505 | static void esp_destroy(struct xfrm_state *x) | 507 | static void esp_destroy(struct xfrm_state *x) |
| @@ -672,6 +674,11 @@ error: | |||
| 672 | return err; | 674 | return err; |
| 673 | } | 675 | } |
| 674 | 676 | ||
| 677 | static int esp4_rcv_cb(struct sk_buff *skb, int err) | ||
| 678 | { | ||
| 679 | return 0; | ||
| 680 | } | ||
| 681 | |||
| 675 | static const struct xfrm_type esp_type = | 682 | static const struct xfrm_type esp_type = |
| 676 | { | 683 | { |
| 677 | .description = "ESP4", | 684 | .description = "ESP4", |
| @@ -685,11 +692,12 @@ static const struct xfrm_type esp_type = | |||
| 685 | .output = esp_output | 692 | .output = esp_output |
| 686 | }; | 693 | }; |
| 687 | 694 | ||
| 688 | static const struct net_protocol esp4_protocol = { | 695 | static struct xfrm4_protocol esp4_protocol = { |
| 689 | .handler = xfrm4_rcv, | 696 | .handler = xfrm4_rcv, |
| 697 | .input_handler = xfrm_input, | ||
| 698 | .cb_handler = esp4_rcv_cb, | ||
| 690 | .err_handler = esp4_err, | 699 | .err_handler = esp4_err, |
| 691 | .no_policy = 1, | 700 | .priority = 0, |
| 692 | .netns_ok = 1, | ||
| 693 | }; | 701 | }; |
| 694 | 702 | ||
| 695 | static int __init esp4_init(void) | 703 | static int __init esp4_init(void) |
| @@ -698,7 +706,7 @@ static int __init esp4_init(void) | |||
| 698 | pr_info("%s: can't add xfrm type\n", __func__); | 706 | pr_info("%s: can't add xfrm type\n", __func__); |
| 699 | return -EAGAIN; | 707 | return -EAGAIN; |
| 700 | } | 708 | } |
| 701 | if (inet_add_protocol(&esp4_protocol, IPPROTO_ESP) < 0) { | 709 | if (xfrm4_protocol_register(&esp4_protocol, IPPROTO_ESP) < 0) { |
| 702 | pr_info("%s: can't add protocol\n", __func__); | 710 | pr_info("%s: can't add protocol\n", __func__); |
| 703 | xfrm_unregister_type(&esp_type, AF_INET); | 711 | xfrm_unregister_type(&esp_type, AF_INET); |
| 704 | return -EAGAIN; | 712 | return -EAGAIN; |
| @@ -708,7 +716,7 @@ static int __init esp4_init(void) | |||
| 708 | 716 | ||
| 709 | static void __exit esp4_fini(void) | 717 | static void __exit esp4_fini(void) |
| 710 | { | 718 | { |
| 711 | if (inet_del_protocol(&esp4_protocol, IPPROTO_ESP) < 0) | 719 | if (xfrm4_protocol_deregister(&esp4_protocol, IPPROTO_ESP) < 0) |
| 712 | pr_info("%s: can't remove protocol\n", __func__); | 720 | pr_info("%s: can't remove protocol\n", __func__); |
| 713 | if (xfrm_unregister_type(&esp_type, AF_INET) < 0) | 721 | if (xfrm_unregister_type(&esp_type, AF_INET) < 0) |
| 714 | pr_info("%s: can't remove xfrm type\n", __func__); | 722 | pr_info("%s: can't remove xfrm type\n", __func__); |