xfrm: Move IPsec replay detection functions to a separate file

To support multiple versions of replay detection, we move the replay detection functions to a separate file and make them accessible via function pointers contained in the struct xfrm_replay. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Steffen Klassert <steffen.klassert@secunet.com> 2011-03-07 19:08:32 -0500
committer: David S. Miller <davem@davemloft.net> 2011-03-13 23:22:30 -0400
commit: 9fdc4883d92d20842c5acea77a4a21bb1574b495 (patch)
tree: 87019e64093d90a4f2b42149231d0ad3a864c5f9 /include/net/xfrm.h
parent: d212a4c29096484e5e83b5006e695add126260af (diff)
1 files changed, 20 insertions, 4 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index cb6d9b3fc55e..41def092b824 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -192,6 +192,9 @@ struct xfrm_state {
        struct xfrm_replay_state preplay;
        struct xfrm_replay_state_esn *preplay_esn;
+        /* The functions for replay detection. */
+        struct xfrm_replay      *repl;
        /* internal flag that only holds state for delayed aevent at the
         * moment
        */
@@ -261,6 +264,15 @@ struct km_event {
        struct net *net;
 };
+struct xfrm_replay {
+        void    (*advance)(struct xfrm_state *x, __be32 net_seq);
+        int     (*check)(struct xfrm_state *x,
+                         struct sk_buff *skb,
+                         __be32 net_seq);
+        void    (*notify)(struct xfrm_state *x, int event);
+        int     (*overflow)(struct xfrm_state *x, struct sk_buff *skb);
+};
 struct net_device;
 struct xfrm_type;
 struct xfrm_dst;
@@ -693,6 +705,8 @@ extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
                                    u32 auid, u32 ses, u32 secid);
 extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
                                             struct sk_buff *skb);
+extern void xfrm_audit_state_replay(struct xfrm_state *x,
+                                    struct sk_buff *skb, __be32 net_seq);
 extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
 extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
                                      __be32 net_spi, __be32 net_seq);
@@ -725,6 +739,11 @@ static inline void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
 {
 }
+static inline void xfrm_audit_state_replay(struct xfrm_state *x,
+                                           struct sk_buff *skb, __be32 net_seq)
+{
+}
 static inline void xfrm_audit_state_notfound_simple(struct sk_buff *skb,
                                      u16 family)
 {
@@ -1408,10 +1427,7 @@ extern int xfrm_state_delete(struct xfrm_state *x);
 extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);
 extern void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si);
 extern void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si);
-extern int xfrm_replay_check(struct xfrm_state *x,
+extern int xfrm_init_replay(struct xfrm_state *x);
-                             struct sk_buff *skb, __be32 seq);
-extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq);
-extern void xfrm_replay_notify(struct xfrm_state *x, int event);
 extern int xfrm_state_mtu(struct xfrm_state *x, int mtu);
 extern int xfrm_init_state(struct xfrm_state *x);
 extern int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb);
author	Steffen Klassert <steffen.klassert@secunet.com>	2011-03-07 19:08:32 -0500
committer	David S. Miller <davem@davemloft.net>	2011-03-13 23:22:30 -0400
commit	9fdc4883d92d20842c5acea77a4a21bb1574b495 (patch)
tree	87019e64093d90a4f2b42149231d0ad3a864c5f9 /include/net/xfrm.h
parent	d212a4c29096484e5e83b5006e695add126260af (diff)