diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-10-08 20:25:53 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:54:54 -0400 |
| commit | 436a0a402203d5a47d2edf7e4dde6c08a7257983 (patch) | |
| tree | b47e73326a2ff7dbf8ac3fbcb6c4acea5c06619d /net/ipv6 | |
| parent | 83815dea47cf3e98ccbb6aecda08cba1ba91208f (diff) | |
[IPSEC]: Move output replay code into xfrm_output
The replay counter is one of only two remaining things in the output code
that requires a lock on the xfrm state (the other being the crypto). This
patch moves it into the generic xfrm_output so we can remove the lock from
the transforms themselves.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/ah6.c | 4 | ||||
| -rw-r--r-- | net/ipv6/esp6.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index 69a2030407b8..ae68a900f605 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c | |||
| @@ -283,8 +283,7 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 283 | 283 | ||
| 284 | ah->reserved = 0; | 284 | ah->reserved = 0; |
| 285 | ah->spi = x->id.spi; | 285 | ah->spi = x->id.spi; |
| 286 | ah->seq_no = htonl(++x->replay.oseq); | 286 | ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq); |
| 287 | xfrm_aevent_doreplay(x); | ||
| 288 | err = ah_mac_digest(ahp, skb, ah->auth_data); | 287 | err = ah_mac_digest(ahp, skb, ah->auth_data); |
| 289 | if (err) | 288 | if (err) |
| 290 | goto error_free_iph; | 289 | goto error_free_iph; |
| @@ -506,6 +505,7 @@ static struct xfrm_type ah6_type = | |||
| 506 | .description = "AH6", | 505 | .description = "AH6", |
| 507 | .owner = THIS_MODULE, | 506 | .owner = THIS_MODULE, |
| 508 | .proto = IPPROTO_AH, | 507 | .proto = IPPROTO_AH, |
| 508 | .flags = XFRM_TYPE_REPLAY_PROT, | ||
| 509 | .init_state = ah6_init_state, | 509 | .init_state = ah6_init_state, |
| 510 | .destructor = ah6_destroy, | 510 | .destructor = ah6_destroy, |
| 511 | .input = ah6_input, | 511 | .input = ah6_input, |
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 77281068d0f9..0c5fb81451b7 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
| @@ -95,8 +95,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 95 | *skb_network_header(skb) = IPPROTO_ESP; | 95 | *skb_network_header(skb) = IPPROTO_ESP; |
| 96 | 96 | ||
| 97 | esph->spi = x->id.spi; | 97 | esph->spi = x->id.spi; |
| 98 | esph->seq_no = htonl(++x->replay.oseq); | 98 | esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq); |
| 99 | xfrm_aevent_doreplay(x); | ||
| 100 | 99 | ||
| 101 | if (esp->conf.ivlen) { | 100 | if (esp->conf.ivlen) { |
| 102 | if (unlikely(!esp->conf.ivinitted)) { | 101 | if (unlikely(!esp->conf.ivinitted)) { |
| @@ -373,6 +372,7 @@ static struct xfrm_type esp6_type = | |||
| 373 | .description = "ESP6", | 372 | .description = "ESP6", |
| 374 | .owner = THIS_MODULE, | 373 | .owner = THIS_MODULE, |
| 375 | .proto = IPPROTO_ESP, | 374 | .proto = IPPROTO_ESP, |
| 375 | .flags = XFRM_TYPE_REPLAY_PROT, | ||
| 376 | .init_state = esp6_init_state, | 376 | .init_state = esp6_init_state, |
| 377 | .destructor = esp6_destroy, | 377 | .destructor = esp6_destroy, |
| 378 | .get_mtu = esp6_get_mtu, | 378 | .get_mtu = esp6_get_mtu, |