diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-20 21:58:50 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-20 21:58:50 -0500 |
| commit | a0b1c42951dd06ec83cc1bc2c9788131d9fefcd8 (patch) | |
| tree | a572f1523cf904c93020c9cdb32f3bc84ec3ac16 /net/key | |
| parent | 8ec4942212a6d337982967778a3dc3b60aea782e (diff) | |
| parent | ecd9883724b78cc72ed92c98bcb1a46c764fff21 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
Pull networking update from David Miller:
1) Checkpoint/restarted TCP sockets now can properly propagate the TCP
timestamp offset. From Andrey Vagin.
2) VMWARE VM VSOCK layer, from Andy King.
3) Much improved support for virtual functions and SR-IOV in bnx2x,
from Ariel ELior.
4) All protocols on ipv4 and ipv6 are now network namespace aware, and
all the compatability checks for initial-namespace-only protocols is
removed. Thanks to Tom Parkin for helping deal with the last major
holdout, L2TP.
5) IPV6 support in netpoll and network namespace support in pktgen,
from Cong Wang.
6) Multiple Registration Protocol (MRP) and Multiple VLAN Registration
Protocol (MVRP) support, from David Ward.
7) Compute packet lengths more accurately in the packet scheduler, from
Eric Dumazet.
8) Use per-task page fragment allocator in skb_append_datato_frags(),
also from Eric Dumazet.
9) Add support for connection tracking labels in netfilter, from
Florian Westphal.
10) Fix default multicast group joining on ipv6, and add anti-spoofing
checks to 6to4 and 6rd. From Hannes Frederic Sowa.
11) Make ipv4/ipv6 fragmentation memory limits more reasonable in modern
times, rearrange inet frag datastructures for better cacheline
locality, and move more operations outside of locking. From Jesper
Dangaard Brouer.
12) Instead of strict master <--> slave relationships, allow arbitrary
scenerios with "upper device lists". From Jiri Pirko.
13) Improve rate limiting accuracy in TBF and act_police, also from Jiri
Pirko.
14) Add a BPF filter netfilter match target, from Willem de Bruijn.
15) Orphan and delete a bunch of pre-historic networking drivers from
Paul Gortmaker.
16) Add TSO support for GRE tunnels, from Pravin B SHelar. Although
this still needs some minor bug fixing before it's %100 correct in
all cases.
17) Handle unresolved IPSEC states like ARP, with a resolution packet
queue. From Steffen Klassert.
18) Remove TCP Appropriate Byte Count support (ABC), from Stephen
Hemminger. This was long overdue.
19) Support SO_REUSEPORT, from Tom Herbert.
20) Allow locking a socket BPF filter, so that it cannot change after a
process drops capabilities.
21) Add VLAN filtering to bridge, from Vlad Yasevich.
22) Bring ipv6 on-par with ipv4 and do not cache neighbour entries in
the ipv6 routes, from YOSHIFUJI Hideaki.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1538 commits)
ipv6: fix race condition regarding dst->expires and dst->from.
net: fix a wrong assignment in skb_split()
ip_gre: remove an extra dst_release()
ppp: set qdisc_tx_busylock to avoid LOCKDEP splat
atl1c: restore buffer state
net: fix a build failure when !CONFIG_PROC_FS
net: ipv4: fix waring -Wunused-variable
net: proc: fix build failed when procfs is not configured
Revert "xen: netback: remove redundant xenvif_put"
net: move procfs code to net/core/net-procfs.c
qmi_wwan, cdc-ether: add ADU960S
bonding: set sysfs device_type to 'bond'
bonding: fix bond_release_all inconsistencies
b44: use netdev_alloc_skb_ip_align()
xen: netback: remove redundant xenvif_put
net: fec: Do a sanity check on the gpio number
ip_gre: propogate target device GSO capability to the tunnel device
ip_gre: allow CSUM capable devices to handle packets
bonding: Fix initialize after use for 3ad machine state spinlock
bonding: Fix race condition between bond_enslave() and bond_3ad_update_lacp_rate()
...
Diffstat (limited to 'net/key')
| -rw-r--r-- | net/key/af_key.c | 52 |
1 files changed, 37 insertions, 15 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index 5b426a646544..9ef79851f297 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
| @@ -203,7 +203,6 @@ static int pfkey_broadcast_one(struct sk_buff *skb, struct sk_buff **skb2, | |||
| 203 | } | 203 | } |
| 204 | if (*skb2 != NULL) { | 204 | if (*skb2 != NULL) { |
| 205 | if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) { | 205 | if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) { |
| 206 | skb_orphan(*skb2); | ||
| 207 | skb_set_owner_r(*skb2, sk); | 206 | skb_set_owner_r(*skb2, sk); |
| 208 | skb_queue_tail(&sk->sk_receive_queue, *skb2); | 207 | skb_queue_tail(&sk->sk_receive_queue, *skb2); |
| 209 | sk->sk_data_ready(sk, (*skb2)->len); | 208 | sk->sk_data_ready(sk, (*skb2)->len); |
| @@ -762,7 +761,7 @@ static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x, | |||
| 762 | } | 761 | } |
| 763 | 762 | ||
| 764 | /* identity & sensitivity */ | 763 | /* identity & sensitivity */ |
| 765 | if (xfrm_addr_cmp(&x->sel.saddr, &x->props.saddr, x->props.family)) | 764 | if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, x->props.family)) |
| 766 | size += sizeof(struct sadb_address) + sockaddr_size; | 765 | size += sizeof(struct sadb_address) + sockaddr_size; |
| 767 | 766 | ||
| 768 | if (add_keys) { | 767 | if (add_keys) { |
| @@ -816,18 +815,21 @@ static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x, | |||
| 816 | sa->sadb_sa_auth = 0; | 815 | sa->sadb_sa_auth = 0; |
| 817 | if (x->aalg) { | 816 | if (x->aalg) { |
| 818 | struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0); | 817 | struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0); |
| 819 | sa->sadb_sa_auth = a ? a->desc.sadb_alg_id : 0; | 818 | sa->sadb_sa_auth = (a && a->pfkey_supported) ? |
| 819 | a->desc.sadb_alg_id : 0; | ||
| 820 | } | 820 | } |
| 821 | sa->sadb_sa_encrypt = 0; | 821 | sa->sadb_sa_encrypt = 0; |
| 822 | BUG_ON(x->ealg && x->calg); | 822 | BUG_ON(x->ealg && x->calg); |
| 823 | if (x->ealg) { | 823 | if (x->ealg) { |
| 824 | struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0); | 824 | struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0); |
| 825 | sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0; | 825 | sa->sadb_sa_encrypt = (a && a->pfkey_supported) ? |
| 826 | a->desc.sadb_alg_id : 0; | ||
| 826 | } | 827 | } |
| 827 | /* KAME compatible: sadb_sa_encrypt is overloaded with calg id */ | 828 | /* KAME compatible: sadb_sa_encrypt is overloaded with calg id */ |
| 828 | if (x->calg) { | 829 | if (x->calg) { |
| 829 | struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0); | 830 | struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0); |
| 830 | sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0; | 831 | sa->sadb_sa_encrypt = (a && a->pfkey_supported) ? |
| 832 | a->desc.sadb_alg_id : 0; | ||
| 831 | } | 833 | } |
| 832 | 834 | ||
| 833 | sa->sadb_sa_flags = 0; | 835 | sa->sadb_sa_flags = 0; |
| @@ -909,8 +911,8 @@ static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x, | |||
| 909 | if (!addr->sadb_address_prefixlen) | 911 | if (!addr->sadb_address_prefixlen) |
| 910 | BUG(); | 912 | BUG(); |
| 911 | 913 | ||
| 912 | if (xfrm_addr_cmp(&x->sel.saddr, &x->props.saddr, | 914 | if (!xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, |
| 913 | x->props.family)) { | 915 | x->props.family)) { |
| 914 | addr = (struct sadb_address*) skb_put(skb, | 916 | addr = (struct sadb_address*) skb_put(skb, |
| 915 | sizeof(struct sadb_address)+sockaddr_size); | 917 | sizeof(struct sadb_address)+sockaddr_size); |
| 916 | addr->sadb_address_len = | 918 | addr->sadb_address_len = |
| @@ -1138,7 +1140,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, | |||
| 1138 | if (sa->sadb_sa_auth) { | 1140 | if (sa->sadb_sa_auth) { |
| 1139 | int keysize = 0; | 1141 | int keysize = 0; |
| 1140 | struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth); | 1142 | struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth); |
| 1141 | if (!a) { | 1143 | if (!a || !a->pfkey_supported) { |
| 1142 | err = -ENOSYS; | 1144 | err = -ENOSYS; |
| 1143 | goto out; | 1145 | goto out; |
| 1144 | } | 1146 | } |
| @@ -1160,7 +1162,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, | |||
| 1160 | if (sa->sadb_sa_encrypt) { | 1162 | if (sa->sadb_sa_encrypt) { |
| 1161 | if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) { | 1163 | if (hdr->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) { |
| 1162 | struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt); | 1164 | struct xfrm_algo_desc *a = xfrm_calg_get_byid(sa->sadb_sa_encrypt); |
| 1163 | if (!a) { | 1165 | if (!a || !a->pfkey_supported) { |
| 1164 | err = -ENOSYS; | 1166 | err = -ENOSYS; |
| 1165 | goto out; | 1167 | goto out; |
| 1166 | } | 1168 | } |
| @@ -1172,7 +1174,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, | |||
| 1172 | } else { | 1174 | } else { |
| 1173 | int keysize = 0; | 1175 | int keysize = 0; |
| 1174 | struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt); | 1176 | struct xfrm_algo_desc *a = xfrm_ealg_get_byid(sa->sadb_sa_encrypt); |
| 1175 | if (!a) { | 1177 | if (!a || !a->pfkey_supported) { |
| 1176 | err = -ENOSYS; | 1178 | err = -ENOSYS; |
| 1177 | goto out; | 1179 | goto out; |
| 1178 | } | 1180 | } |
| @@ -1321,7 +1323,7 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_ | |||
| 1321 | 1323 | ||
| 1322 | if (hdr->sadb_msg_seq) { | 1324 | if (hdr->sadb_msg_seq) { |
| 1323 | x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq); | 1325 | x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq); |
| 1324 | if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) { | 1326 | if (x && !xfrm_addr_equal(&x->id.daddr, xdaddr, family)) { |
| 1325 | xfrm_state_put(x); | 1327 | xfrm_state_put(x); |
| 1326 | x = NULL; | 1328 | x = NULL; |
| 1327 | } | 1329 | } |
| @@ -1578,13 +1580,13 @@ static struct sk_buff *compose_sadb_supported(const struct sadb_msg *orig, | |||
| 1578 | struct sadb_msg *hdr; | 1580 | struct sadb_msg *hdr; |
| 1579 | int len, auth_len, enc_len, i; | 1581 | int len, auth_len, enc_len, i; |
| 1580 | 1582 | ||
| 1581 | auth_len = xfrm_count_auth_supported(); | 1583 | auth_len = xfrm_count_pfkey_auth_supported(); |
| 1582 | if (auth_len) { | 1584 | if (auth_len) { |
| 1583 | auth_len *= sizeof(struct sadb_alg); | 1585 | auth_len *= sizeof(struct sadb_alg); |
| 1584 | auth_len += sizeof(struct sadb_supported); | 1586 | auth_len += sizeof(struct sadb_supported); |
| 1585 | } | 1587 | } |
| 1586 | 1588 | ||
| 1587 | enc_len = xfrm_count_enc_supported(); | 1589 | enc_len = xfrm_count_pfkey_enc_supported(); |
| 1588 | if (enc_len) { | 1590 | if (enc_len) { |
| 1589 | enc_len *= sizeof(struct sadb_alg); | 1591 | enc_len *= sizeof(struct sadb_alg); |
| 1590 | enc_len += sizeof(struct sadb_supported); | 1592 | enc_len += sizeof(struct sadb_supported); |
| @@ -1615,6 +1617,8 @@ static struct sk_buff *compose_sadb_supported(const struct sadb_msg *orig, | |||
| 1615 | struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); | 1617 | struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); |
| 1616 | if (!aalg) | 1618 | if (!aalg) |
| 1617 | break; | 1619 | break; |
| 1620 | if (!aalg->pfkey_supported) | ||
| 1621 | continue; | ||
| 1618 | if (aalg->available) | 1622 | if (aalg->available) |
| 1619 | *ap++ = aalg->desc; | 1623 | *ap++ = aalg->desc; |
| 1620 | } | 1624 | } |
| @@ -1634,6 +1638,8 @@ static struct sk_buff *compose_sadb_supported(const struct sadb_msg *orig, | |||
| 1634 | struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); | 1638 | struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); |
| 1635 | if (!ealg) | 1639 | if (!ealg) |
| 1636 | break; | 1640 | break; |
| 1641 | if (!ealg->pfkey_supported) | ||
| 1642 | continue; | ||
| 1637 | if (ealg->available) | 1643 | if (ealg->available) |
| 1638 | *ap++ = ealg->desc; | 1644 | *ap++ = ealg->desc; |
| 1639 | } | 1645 | } |
| @@ -2825,6 +2831,8 @@ static int count_ah_combs(const struct xfrm_tmpl *t) | |||
| 2825 | const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); | 2831 | const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); |
| 2826 | if (!aalg) | 2832 | if (!aalg) |
| 2827 | break; | 2833 | break; |
| 2834 | if (!aalg->pfkey_supported) | ||
| 2835 | continue; | ||
| 2828 | if (aalg_tmpl_set(t, aalg) && aalg->available) | 2836 | if (aalg_tmpl_set(t, aalg) && aalg->available) |
| 2829 | sz += sizeof(struct sadb_comb); | 2837 | sz += sizeof(struct sadb_comb); |
| 2830 | } | 2838 | } |
| @@ -2840,6 +2848,9 @@ static int count_esp_combs(const struct xfrm_tmpl *t) | |||
| 2840 | if (!ealg) | 2848 | if (!ealg) |
| 2841 | break; | 2849 | break; |
| 2842 | 2850 | ||
| 2851 | if (!ealg->pfkey_supported) | ||
| 2852 | continue; | ||
| 2853 | |||
| 2843 | if (!(ealg_tmpl_set(t, ealg) && ealg->available)) | 2854 | if (!(ealg_tmpl_set(t, ealg) && ealg->available)) |
| 2844 | continue; | 2855 | continue; |
| 2845 | 2856 | ||
| @@ -2848,6 +2859,9 @@ static int count_esp_combs(const struct xfrm_tmpl *t) | |||
| 2848 | if (!aalg) | 2859 | if (!aalg) |
| 2849 | break; | 2860 | break; |
| 2850 | 2861 | ||
| 2862 | if (!aalg->pfkey_supported) | ||
| 2863 | continue; | ||
| 2864 | |||
| 2851 | if (aalg_tmpl_set(t, aalg) && aalg->available) | 2865 | if (aalg_tmpl_set(t, aalg) && aalg->available) |
| 2852 | sz += sizeof(struct sadb_comb); | 2866 | sz += sizeof(struct sadb_comb); |
| 2853 | } | 2867 | } |
| @@ -2871,6 +2885,9 @@ static void dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t) | |||
| 2871 | if (!aalg) | 2885 | if (!aalg) |
| 2872 | break; | 2886 | break; |
| 2873 | 2887 | ||
| 2888 | if (!aalg->pfkey_supported) | ||
| 2889 | continue; | ||
| 2890 | |||
| 2874 | if (aalg_tmpl_set(t, aalg) && aalg->available) { | 2891 | if (aalg_tmpl_set(t, aalg) && aalg->available) { |
| 2875 | struct sadb_comb *c; | 2892 | struct sadb_comb *c; |
| 2876 | c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb)); | 2893 | c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb)); |
| @@ -2903,6 +2920,9 @@ static void dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t) | |||
| 2903 | if (!ealg) | 2920 | if (!ealg) |
| 2904 | break; | 2921 | break; |
| 2905 | 2922 | ||
| 2923 | if (!ealg->pfkey_supported) | ||
| 2924 | continue; | ||
| 2925 | |||
| 2906 | if (!(ealg_tmpl_set(t, ealg) && ealg->available)) | 2926 | if (!(ealg_tmpl_set(t, ealg) && ealg->available)) |
| 2907 | continue; | 2927 | continue; |
| 2908 | 2928 | ||
| @@ -2911,6 +2931,8 @@ static void dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t) | |||
| 2911 | const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); | 2931 | const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); |
| 2912 | if (!aalg) | 2932 | if (!aalg) |
| 2913 | break; | 2933 | break; |
| 2934 | if (!aalg->pfkey_supported) | ||
| 2935 | continue; | ||
| 2914 | if (!(aalg_tmpl_set(t, aalg) && aalg->available)) | 2936 | if (!(aalg_tmpl_set(t, aalg) && aalg->available)) |
| 2915 | continue; | 2937 | continue; |
| 2916 | c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb)); | 2938 | c = (struct sadb_comb*)skb_put(skb, sizeof(struct sadb_comb)); |
| @@ -3718,7 +3740,7 @@ static int __net_init pfkey_init_proc(struct net *net) | |||
| 3718 | { | 3740 | { |
| 3719 | struct proc_dir_entry *e; | 3741 | struct proc_dir_entry *e; |
| 3720 | 3742 | ||
| 3721 | e = proc_net_fops_create(net, "pfkey", 0, &pfkey_proc_ops); | 3743 | e = proc_create("pfkey", 0, net->proc_net, &pfkey_proc_ops); |
| 3722 | if (e == NULL) | 3744 | if (e == NULL) |
| 3723 | return -ENOMEM; | 3745 | return -ENOMEM; |
| 3724 | 3746 | ||
| @@ -3727,7 +3749,7 @@ static int __net_init pfkey_init_proc(struct net *net) | |||
| 3727 | 3749 | ||
| 3728 | static void __net_exit pfkey_exit_proc(struct net *net) | 3750 | static void __net_exit pfkey_exit_proc(struct net *net) |
| 3729 | { | 3751 | { |
| 3730 | proc_net_remove(net, "pfkey"); | 3752 | remove_proc_entry("pfkey", net->proc_net); |
| 3731 | } | 3753 | } |
| 3732 | #else | 3754 | #else |
| 3733 | static inline int pfkey_init_proc(struct net *net) | 3755 | static inline int pfkey_init_proc(struct net *net) |