diff options
| author | Steffen Klassert <steffen.klassert@secunet.com> | 2011-03-07 19:08:32 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2011-03-13 23:22:30 -0400 |
| commit | 9fdc4883d92d20842c5acea77a4a21bb1574b495 (patch) | |
| tree | 87019e64093d90a4f2b42149231d0ad3a864c5f9 /net/xfrm/xfrm_output.c | |
| parent | d212a4c29096484e5e83b5006e695add126260af (diff) | |
xfrm: Move IPsec replay detection functions to a separate file
To support multiple versions of replay detection, we move the replay
detection functions to a separate file and make them accessible
via function pointers contained in the struct xfrm_replay.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_output.c')
| -rw-r--r-- | net/xfrm/xfrm_output.c | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c index 4b63776a0264..1aba03f449cc 100644 --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c | |||
| @@ -67,17 +67,10 @@ static int xfrm_output_one(struct sk_buff *skb, int err) | |||
| 67 | goto error; | 67 | goto error; |
| 68 | } | 68 | } |
| 69 | 69 | ||
| 70 | if (x->type->flags & XFRM_TYPE_REPLAY_PROT) { | 70 | err = x->repl->overflow(x, skb); |
| 71 | XFRM_SKB_CB(skb)->seq.output.low = ++x->replay.oseq; | 71 | if (err) { |
| 72 | if (unlikely(x->replay.oseq == 0)) { | 72 | XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATESEQERROR); |
| 73 | XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATESEQERROR); | 73 | goto error; |
| 74 | x->replay.oseq--; | ||
| 75 | xfrm_audit_state_replay_overflow(x, skb); | ||
| 76 | err = -EOVERFLOW; | ||
| 77 | goto error; | ||
| 78 | } | ||
| 79 | if (xfrm_aevent_is_on(net)) | ||
| 80 | xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); | ||
| 81 | } | 74 | } |
| 82 | 75 | ||
| 83 | x->curlft.bytes += skb->len; | 76 | x->curlft.bytes += skb->len; |