diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-10-08 20:25:53 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:54:54 -0400 |
| commit | 436a0a402203d5a47d2edf7e4dde6c08a7257983 (patch) | |
| tree | b47e73326a2ff7dbf8ac3fbcb6c4acea5c06619d /net/ipv4 | |
| parent | 83815dea47cf3e98ccbb6aecda08cba1ba91208f (diff) | |
[IPSEC]: Move output replay code into xfrm_output
The replay counter is one of only two remaining things in the output code
that requires a lock on the xfrm state (the other being the crypto). This
patch moves it into the generic xfrm_output so we can remove the lock from
the transforms themselves.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/ah4.c | 4 | ||||
| -rw-r--r-- | net/ipv4/esp4.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index dc1d8e871b24..58af298e1941 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c | |||
| @@ -96,8 +96,7 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 96 | 96 | ||
| 97 | ah->reserved = 0; | 97 | ah->reserved = 0; |
| 98 | ah->spi = x->id.spi; | 98 | ah->spi = x->id.spi; |
| 99 | ah->seq_no = htonl(++x->replay.oseq); | 99 | ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq); |
| 100 | xfrm_aevent_doreplay(x); | ||
| 101 | err = ah_mac_digest(ahp, skb, ah->auth_data); | 100 | err = ah_mac_digest(ahp, skb, ah->auth_data); |
| 102 | if (err) | 101 | if (err) |
| 103 | goto error; | 102 | goto error; |
| @@ -297,6 +296,7 @@ static struct xfrm_type ah_type = | |||
| 297 | .description = "AH4", | 296 | .description = "AH4", |
| 298 | .owner = THIS_MODULE, | 297 | .owner = THIS_MODULE, |
| 299 | .proto = IPPROTO_AH, | 298 | .proto = IPPROTO_AH, |
| 299 | .flags = XFRM_TYPE_REPLAY_PROT, | ||
| 300 | .init_state = ah_init_state, | 300 | .init_state = ah_init_state, |
| 301 | .destructor = ah_destroy, | 301 | .destructor = ah_destroy, |
| 302 | .input = ah_input, | 302 | .input = ah_input, |
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index d233e2e62500..0f62af9a7f15 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
| @@ -95,8 +95,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 95 | top_iph->protocol = IPPROTO_ESP; | 95 | top_iph->protocol = IPPROTO_ESP; |
| 96 | 96 | ||
| 97 | esph->spi = x->id.spi; | 97 | esph->spi = x->id.spi; |
| 98 | esph->seq_no = htonl(++x->replay.oseq); | 98 | esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq); |
| 99 | xfrm_aevent_doreplay(x); | ||
| 100 | 99 | ||
| 101 | if (esp->conf.ivlen) { | 100 | if (esp->conf.ivlen) { |
| 102 | if (unlikely(!esp->conf.ivinitted)) { | 101 | if (unlikely(!esp->conf.ivinitted)) { |
| @@ -437,6 +436,7 @@ static struct xfrm_type esp_type = | |||
| 437 | .description = "ESP4", | 436 | .description = "ESP4", |
| 438 | .owner = THIS_MODULE, | 437 | .owner = THIS_MODULE, |
| 439 | .proto = IPPROTO_ESP, | 438 | .proto = IPPROTO_ESP, |
| 439 | .flags = XFRM_TYPE_REPLAY_PROT, | ||
| 440 | .init_state = esp_init_state, | 440 | .init_state = esp_init_state, |
| 441 | .destructor = esp_destroy, | 441 | .destructor = esp_destroy, |
| 442 | .get_mtu = esp4_get_mtu, | 442 | .get_mtu = esp4_get_mtu, |