xfrm: Move IPsec replay detection functions to a separate file

To support multiple versions of replay detection, we move the replay
detection functions to a separate file and make them accessible
via function pointers contained in the struct xfrm_replay.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 2 insertions, 3 deletions

diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index b173b7fdc433..55d5f5c3d119 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -172,7 +172,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                         goto drop_unlock;
                 }
 
-                if (x->props.replay_window && xfrm_replay_check(x, skb, seq)) {
+                if (x->props.replay_window && x->repl->check(x, skb, seq)) {
                         XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
                         goto drop_unlock;
                 }
@@ -206,8 +206,7 @@ resume:
                 /* only the first xfrm gets the encap type */
                 encap_type = 0;
 
-                if (x->props.replay_window)
-                        xfrm_replay_advance(x, seq);
+                x->repl->advance(x, seq);
 
                 x->curlft.bytes += skb->len;
                 x->curlft.packets++;