aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm/xfrm_state.c
diff options
context:
space:
mode:
authorGlenn Elliott <gelliott@cs.unc.edu>2012-03-04 19:47:13 -0500
committerGlenn Elliott <gelliott@cs.unc.edu>2012-03-04 19:47:13 -0500
commitc71c03bda1e86c9d5198c5d83f712e695c4f2a1e (patch)
treeecb166cb3e2b7e2adb3b5e292245fefd23381ac8 /net/xfrm/xfrm_state.c
parentea53c912f8a86a8567697115b6a0d8152beee5c8 (diff)
parent6a00f206debf8a5c8899055726ad127dbeeed098 (diff)
Merge branch 'mpi-master' into wip-k-fmlpwip-k-fmlp
Conflicts: litmus/sched_cedf.c
Diffstat (limited to 'net/xfrm/xfrm_state.c')
-rw-r--r--net/xfrm/xfrm_state.c212
1 files changed, 70 insertions, 142 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index eb96ce52f178..9414b9c5b1e4 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -42,16 +42,9 @@ static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
42static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family); 42static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
43static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo); 43static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
44 44
45#ifdef CONFIG_AUDITSYSCALL
46static void xfrm_audit_state_replay(struct xfrm_state *x,
47 struct sk_buff *skb, __be32 net_seq);
48#else
49#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
50#endif /* CONFIG_AUDITSYSCALL */
51
52static inline unsigned int xfrm_dst_hash(struct net *net, 45static inline unsigned int xfrm_dst_hash(struct net *net,
53 xfrm_address_t *daddr, 46 const xfrm_address_t *daddr,
54 xfrm_address_t *saddr, 47 const xfrm_address_t *saddr,
55 u32 reqid, 48 u32 reqid,
56 unsigned short family) 49 unsigned short family)
57{ 50{
@@ -59,15 +52,16 @@ static inline unsigned int xfrm_dst_hash(struct net *net,
59} 52}
60 53
61static inline unsigned int xfrm_src_hash(struct net *net, 54static inline unsigned int xfrm_src_hash(struct net *net,
62 xfrm_address_t *daddr, 55 const xfrm_address_t *daddr,
63 xfrm_address_t *saddr, 56 const xfrm_address_t *saddr,
64 unsigned short family) 57 unsigned short family)
65{ 58{
66 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask); 59 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask);
67} 60}
68 61
69static inline unsigned int 62static inline unsigned int
70xfrm_spi_hash(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family) 63xfrm_spi_hash(struct net *net, const xfrm_address_t *daddr,
64 __be32 spi, u8 proto, unsigned short family)
71{ 65{
72 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask); 66 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask);
73} 67}
@@ -362,6 +356,8 @@ static void xfrm_state_gc_destroy(struct xfrm_state *x)
362 kfree(x->calg); 356 kfree(x->calg);
363 kfree(x->encap); 357 kfree(x->encap);
364 kfree(x->coaddr); 358 kfree(x->coaddr);
359 kfree(x->replay_esn);
360 kfree(x->preplay_esn);
365 if (x->inner_mode) 361 if (x->inner_mode)
366 xfrm_put_mode(x->inner_mode); 362 xfrm_put_mode(x->inner_mode);
367 if (x->inner_mode_iaf) 363 if (x->inner_mode_iaf)
@@ -656,9 +652,9 @@ void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si)
656EXPORT_SYMBOL(xfrm_sad_getinfo); 652EXPORT_SYMBOL(xfrm_sad_getinfo);
657 653
658static int 654static int
659xfrm_init_tempstate(struct xfrm_state *x, struct flowi *fl, 655xfrm_init_tempstate(struct xfrm_state *x, const struct flowi *fl,
660 struct xfrm_tmpl *tmpl, 656 const struct xfrm_tmpl *tmpl,
661 xfrm_address_t *daddr, xfrm_address_t *saddr, 657 const xfrm_address_t *daddr, const xfrm_address_t *saddr,
662 unsigned short family) 658 unsigned short family)
663{ 659{
664 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 660 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
@@ -677,7 +673,10 @@ xfrm_init_tempstate(struct xfrm_state *x, struct flowi *fl,
677 return 0; 673 return 0;
678} 674}
679 675
680static struct xfrm_state *__xfrm_state_lookup(struct net *net, u32 mark, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family) 676static struct xfrm_state *__xfrm_state_lookup(struct net *net, u32 mark,
677 const xfrm_address_t *daddr,
678 __be32 spi, u8 proto,
679 unsigned short family)
681{ 680{
682 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family); 681 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family);
683 struct xfrm_state *x; 682 struct xfrm_state *x;
@@ -699,7 +698,10 @@ static struct xfrm_state *__xfrm_state_lookup(struct net *net, u32 mark, xfrm_ad
699 return NULL; 698 return NULL;
700} 699}
701 700
702static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, u32 mark, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family) 701static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, u32 mark,
702 const xfrm_address_t *daddr,
703 const xfrm_address_t *saddr,
704 u8 proto, unsigned short family)
703{ 705{
704 unsigned int h = xfrm_src_hash(net, daddr, saddr, family); 706 unsigned int h = xfrm_src_hash(net, daddr, saddr, family);
705 struct xfrm_state *x; 707 struct xfrm_state *x;
@@ -746,8 +748,7 @@ static void xfrm_hash_grow_check(struct net *net, int have_hash_collision)
746} 748}
747 749
748static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x, 750static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
749 struct flowi *fl, unsigned short family, 751 const struct flowi *fl, unsigned short family,
750 xfrm_address_t *daddr, xfrm_address_t *saddr,
751 struct xfrm_state **best, int *acq_in_progress, 752 struct xfrm_state **best, int *acq_in_progress,
752 int *error) 753 int *error)
753{ 754{
@@ -784,8 +785,8 @@ static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
784} 785}
785 786
786struct xfrm_state * 787struct xfrm_state *
787xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 788xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
788 struct flowi *fl, struct xfrm_tmpl *tmpl, 789 const struct flowi *fl, struct xfrm_tmpl *tmpl,
789 struct xfrm_policy *pol, int *err, 790 struct xfrm_policy *pol, int *err,
790 unsigned short family) 791 unsigned short family)
791{ 792{
@@ -813,7 +814,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
813 tmpl->mode == x->props.mode && 814 tmpl->mode == x->props.mode &&
814 tmpl->id.proto == x->id.proto && 815 tmpl->id.proto == x->id.proto &&
815 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) 816 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
816 xfrm_state_look_at(pol, x, fl, encap_family, daddr, saddr, 817 xfrm_state_look_at(pol, x, fl, encap_family,
817 &best, &acquire_in_progress, &error); 818 &best, &acquire_in_progress, &error);
818 } 819 }
819 if (best) 820 if (best)
@@ -829,7 +830,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
829 tmpl->mode == x->props.mode && 830 tmpl->mode == x->props.mode &&
830 tmpl->id.proto == x->id.proto && 831 tmpl->id.proto == x->id.proto &&
831 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) 832 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
832 xfrm_state_look_at(pol, x, fl, encap_family, daddr, saddr, 833 xfrm_state_look_at(pol, x, fl, encap_family,
833 &best, &acquire_in_progress, &error); 834 &best, &acquire_in_progress, &error);
834 } 835 }
835 836
@@ -853,7 +854,7 @@ found:
853 xfrm_init_tempstate(x, fl, tmpl, daddr, saddr, family); 854 xfrm_init_tempstate(x, fl, tmpl, daddr, saddr, family);
854 memcpy(&x->mark, &pol->mark, sizeof(x->mark)); 855 memcpy(&x->mark, &pol->mark, sizeof(x->mark));
855 856
856 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid); 857 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->flowi_secid);
857 if (error) { 858 if (error) {
858 x->km.state = XFRM_STATE_DEAD; 859 x->km.state = XFRM_STATE_DEAD;
859 to_put = x; 860 to_put = x;
@@ -991,7 +992,11 @@ void xfrm_state_insert(struct xfrm_state *x)
991EXPORT_SYMBOL(xfrm_state_insert); 992EXPORT_SYMBOL(xfrm_state_insert);
992 993
993/* xfrm_state_lock is held */ 994/* xfrm_state_lock is held */
994static struct xfrm_state *__find_acq_core(struct net *net, struct xfrm_mark *m, unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create) 995static struct xfrm_state *__find_acq_core(struct net *net, struct xfrm_mark *m,
996 unsigned short family, u8 mode,
997 u32 reqid, u8 proto,
998 const xfrm_address_t *daddr,
999 const xfrm_address_t *saddr, int create)
995{ 1000{
996 unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family); 1001 unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
997 struct hlist_node *entry; 1002 struct hlist_node *entry;
@@ -1031,15 +1036,15 @@ static struct xfrm_state *__find_acq_core(struct net *net, struct xfrm_mark *m,
1031 1036
1032 case AF_INET6: 1037 case AF_INET6:
1033 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6, 1038 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1034 (struct in6_addr *)daddr); 1039 (const struct in6_addr *)daddr);
1035 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6, 1040 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1036 (struct in6_addr *)saddr); 1041 (const struct in6_addr *)saddr);
1037 x->sel.prefixlen_d = 128; 1042 x->sel.prefixlen_d = 128;
1038 x->sel.prefixlen_s = 128; 1043 x->sel.prefixlen_s = 128;
1039 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6, 1044 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1040 (struct in6_addr *)saddr); 1045 (const struct in6_addr *)saddr);
1041 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6, 1046 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1042 (struct in6_addr *)daddr); 1047 (const struct in6_addr *)daddr);
1043 break; 1048 break;
1044 } 1049 }
1045 1050
@@ -1176,6 +1181,12 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1176 goto error; 1181 goto error;
1177 } 1182 }
1178 1183
1184 if (orig->replay_esn) {
1185 err = xfrm_replay_clone(x, orig);
1186 if (err)
1187 goto error;
1188 }
1189
1179 memcpy(&x->mark, &orig->mark, sizeof(x->mark)); 1190 memcpy(&x->mark, &orig->mark, sizeof(x->mark));
1180 1191
1181 err = xfrm_init_state(x); 1192 err = xfrm_init_state(x);
@@ -1268,7 +1279,7 @@ struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1268 1279
1269 return xc; 1280 return xc;
1270error: 1281error:
1271 kfree(xc); 1282 xfrm_state_put(xc);
1272 return NULL; 1283 return NULL;
1273} 1284}
1274EXPORT_SYMBOL(xfrm_state_migrate); 1285EXPORT_SYMBOL(xfrm_state_migrate);
@@ -1334,6 +1345,8 @@ out:
1334 xfrm_state_check_expire(x1); 1345 xfrm_state_check_expire(x1);
1335 1346
1336 err = 0; 1347 err = 0;
1348 x->km.state = XFRM_STATE_DEAD;
1349 __xfrm_state_put(x);
1337 } 1350 }
1338 spin_unlock_bh(&x1->lock); 1351 spin_unlock_bh(&x1->lock);
1339 1352
@@ -1369,7 +1382,7 @@ int xfrm_state_check_expire(struct xfrm_state *x)
1369EXPORT_SYMBOL(xfrm_state_check_expire); 1382EXPORT_SYMBOL(xfrm_state_check_expire);
1370 1383
1371struct xfrm_state * 1384struct xfrm_state *
1372xfrm_state_lookup(struct net *net, u32 mark, xfrm_address_t *daddr, __be32 spi, 1385xfrm_state_lookup(struct net *net, u32 mark, const xfrm_address_t *daddr, __be32 spi,
1373 u8 proto, unsigned short family) 1386 u8 proto, unsigned short family)
1374{ 1387{
1375 struct xfrm_state *x; 1388 struct xfrm_state *x;
@@ -1383,7 +1396,7 @@ EXPORT_SYMBOL(xfrm_state_lookup);
1383 1396
1384struct xfrm_state * 1397struct xfrm_state *
1385xfrm_state_lookup_byaddr(struct net *net, u32 mark, 1398xfrm_state_lookup_byaddr(struct net *net, u32 mark,
1386 xfrm_address_t *daddr, xfrm_address_t *saddr, 1399 const xfrm_address_t *daddr, const xfrm_address_t *saddr,
1387 u8 proto, unsigned short family) 1400 u8 proto, unsigned short family)
1388{ 1401{
1389 struct xfrm_state *x; 1402 struct xfrm_state *x;
@@ -1397,7 +1410,7 @@ EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1397 1410
1398struct xfrm_state * 1411struct xfrm_state *
1399xfrm_find_acq(struct net *net, struct xfrm_mark *mark, u8 mode, u32 reqid, u8 proto, 1412xfrm_find_acq(struct net *net, struct xfrm_mark *mark, u8 mode, u32 reqid, u8 proto,
1400 xfrm_address_t *daddr, xfrm_address_t *saddr, 1413 const xfrm_address_t *daddr, const xfrm_address_t *saddr,
1401 int create, unsigned short family) 1414 int create, unsigned short family)
1402{ 1415{
1403 struct xfrm_state *x; 1416 struct xfrm_state *x;
@@ -1609,54 +1622,6 @@ void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1609} 1622}
1610EXPORT_SYMBOL(xfrm_state_walk_done); 1623EXPORT_SYMBOL(xfrm_state_walk_done);
1611 1624
1612
1613void xfrm_replay_notify(struct xfrm_state *x, int event)
1614{
1615 struct km_event c;
1616 /* we send notify messages in case
1617 * 1. we updated on of the sequence numbers, and the seqno difference
1618 * is at least x->replay_maxdiff, in this case we also update the
1619 * timeout of our timer function
1620 * 2. if x->replay_maxage has elapsed since last update,
1621 * and there were changes
1622 *
1623 * The state structure must be locked!
1624 */
1625
1626 switch (event) {
1627 case XFRM_REPLAY_UPDATE:
1628 if (x->replay_maxdiff &&
1629 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1630 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1631 if (x->xflags & XFRM_TIME_DEFER)
1632 event = XFRM_REPLAY_TIMEOUT;
1633 else
1634 return;
1635 }
1636
1637 break;
1638
1639 case XFRM_REPLAY_TIMEOUT:
1640 if ((x->replay.seq == x->preplay.seq) &&
1641 (x->replay.bitmap == x->preplay.bitmap) &&
1642 (x->replay.oseq == x->preplay.oseq)) {
1643 x->xflags |= XFRM_TIME_DEFER;
1644 return;
1645 }
1646
1647 break;
1648 }
1649
1650 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1651 c.event = XFRM_MSG_NEWAE;
1652 c.data.aevent = event;
1653 km_state_notify(x, &c);
1654
1655 if (x->replay_maxage &&
1656 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1657 x->xflags &= ~XFRM_TIME_DEFER;
1658}
1659
1660static void xfrm_replay_timer_handler(unsigned long data) 1625static void xfrm_replay_timer_handler(unsigned long data)
1661{ 1626{
1662 struct xfrm_state *x = (struct xfrm_state*)data; 1627 struct xfrm_state *x = (struct xfrm_state*)data;
@@ -1665,7 +1630,7 @@ static void xfrm_replay_timer_handler(unsigned long data)
1665 1630
1666 if (x->km.state == XFRM_STATE_VALID) { 1631 if (x->km.state == XFRM_STATE_VALID) {
1667 if (xfrm_aevent_is_on(xs_net(x))) 1632 if (xfrm_aevent_is_on(xs_net(x)))
1668 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT); 1633 x->repl->notify(x, XFRM_REPLAY_TIMEOUT);
1669 else 1634 else
1670 x->xflags |= XFRM_TIME_DEFER; 1635 x->xflags |= XFRM_TIME_DEFER;
1671 } 1636 }
@@ -1673,61 +1638,10 @@ static void xfrm_replay_timer_handler(unsigned long data)
1673 spin_unlock(&x->lock); 1638 spin_unlock(&x->lock);
1674} 1639}
1675 1640
1676int xfrm_replay_check(struct xfrm_state *x,
1677 struct sk_buff *skb, __be32 net_seq)
1678{
1679 u32 diff;
1680 u32 seq = ntohl(net_seq);
1681
1682 if (unlikely(seq == 0))
1683 goto err;
1684
1685 if (likely(seq > x->replay.seq))
1686 return 0;
1687
1688 diff = x->replay.seq - seq;
1689 if (diff >= min_t(unsigned int, x->props.replay_window,
1690 sizeof(x->replay.bitmap) * 8)) {
1691 x->stats.replay_window++;
1692 goto err;
1693 }
1694
1695 if (x->replay.bitmap & (1U << diff)) {
1696 x->stats.replay++;
1697 goto err;
1698 }
1699 return 0;
1700
1701err:
1702 xfrm_audit_state_replay(x, skb, net_seq);
1703 return -EINVAL;
1704}
1705
1706void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1707{
1708 u32 diff;
1709 u32 seq = ntohl(net_seq);
1710
1711 if (seq > x->replay.seq) {
1712 diff = seq - x->replay.seq;
1713 if (diff < x->props.replay_window)
1714 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1715 else
1716 x->replay.bitmap = 1;
1717 x->replay.seq = seq;
1718 } else {
1719 diff = x->replay.seq - seq;
1720 x->replay.bitmap |= (1U << diff);
1721 }
1722
1723 if (xfrm_aevent_is_on(xs_net(x)))
1724 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1725}
1726
1727static LIST_HEAD(xfrm_km_list); 1641static LIST_HEAD(xfrm_km_list);
1728static DEFINE_RWLOCK(xfrm_km_lock); 1642static DEFINE_RWLOCK(xfrm_km_lock);
1729 1643
1730void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 1644void km_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
1731{ 1645{
1732 struct xfrm_mgr *km; 1646 struct xfrm_mgr *km;
1733 1647
@@ -1738,7 +1652,7 @@ void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1738 read_unlock(&xfrm_km_lock); 1652 read_unlock(&xfrm_km_lock);
1739} 1653}
1740 1654
1741void km_state_notify(struct xfrm_state *x, struct km_event *c) 1655void km_state_notify(struct xfrm_state *x, const struct km_event *c)
1742{ 1656{
1743 struct xfrm_mgr *km; 1657 struct xfrm_mgr *km;
1744 read_lock(&xfrm_km_lock); 1658 read_lock(&xfrm_km_lock);
@@ -1819,9 +1733,9 @@ void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1819EXPORT_SYMBOL(km_policy_expired); 1733EXPORT_SYMBOL(km_policy_expired);
1820 1734
1821#ifdef CONFIG_XFRM_MIGRATE 1735#ifdef CONFIG_XFRM_MIGRATE
1822int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1736int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
1823 struct xfrm_migrate *m, int num_migrate, 1737 const struct xfrm_migrate *m, int num_migrate,
1824 struct xfrm_kmaddress *k) 1738 const struct xfrm_kmaddress *k)
1825{ 1739{
1826 int err = -EINVAL; 1740 int err = -EINVAL;
1827 int ret; 1741 int ret;
@@ -2001,7 +1915,7 @@ int xfrm_state_mtu(struct xfrm_state *x, int mtu)
2001 return res; 1915 return res;
2002} 1916}
2003 1917
2004int xfrm_init_state(struct xfrm_state *x) 1918int __xfrm_init_state(struct xfrm_state *x, bool init_replay)
2005{ 1919{
2006 struct xfrm_state_afinfo *afinfo; 1920 struct xfrm_state_afinfo *afinfo;
2007 struct xfrm_mode *inner_mode; 1921 struct xfrm_mode *inner_mode;
@@ -2074,12 +1988,25 @@ int xfrm_init_state(struct xfrm_state *x)
2074 if (x->outer_mode == NULL) 1988 if (x->outer_mode == NULL)
2075 goto error; 1989 goto error;
2076 1990
1991 if (init_replay) {
1992 err = xfrm_init_replay(x);
1993 if (err)
1994 goto error;
1995 }
1996
2077 x->km.state = XFRM_STATE_VALID; 1997 x->km.state = XFRM_STATE_VALID;
2078 1998
2079error: 1999error:
2080 return err; 2000 return err;
2081} 2001}
2082 2002
2003EXPORT_SYMBOL(__xfrm_init_state);
2004
2005int xfrm_init_state(struct xfrm_state *x)
2006{
2007 return __xfrm_init_state(x, true);
2008}
2009
2083EXPORT_SYMBOL(xfrm_init_state); 2010EXPORT_SYMBOL(xfrm_init_state);
2084 2011
2085int __net_init xfrm_state_init(struct net *net) 2012int __net_init xfrm_state_init(struct net *net)
@@ -2167,8 +2094,8 @@ static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2167static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family, 2094static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2168 struct audit_buffer *audit_buf) 2095 struct audit_buffer *audit_buf)
2169{ 2096{
2170 struct iphdr *iph4; 2097 const struct iphdr *iph4;
2171 struct ipv6hdr *iph6; 2098 const struct ipv6hdr *iph6;
2172 2099
2173 switch (family) { 2100 switch (family) {
2174 case AF_INET: 2101 case AF_INET:
@@ -2236,7 +2163,7 @@ void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2236} 2163}
2237EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow); 2164EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2238 2165
2239static void xfrm_audit_state_replay(struct xfrm_state *x, 2166void xfrm_audit_state_replay(struct xfrm_state *x,
2240 struct sk_buff *skb, __be32 net_seq) 2167 struct sk_buff *skb, __be32 net_seq)
2241{ 2168{
2242 struct audit_buffer *audit_buf; 2169 struct audit_buffer *audit_buf;
@@ -2251,6 +2178,7 @@ static void xfrm_audit_state_replay(struct xfrm_state *x,
2251 spi, spi, ntohl(net_seq)); 2178 spi, spi, ntohl(net_seq));
2252 audit_log_end(audit_buf); 2179 audit_log_end(audit_buf);
2253} 2180}
2181EXPORT_SYMBOL_GPL(xfrm_audit_state_replay);
2254 2182
2255void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family) 2183void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2256{ 2184{
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-16 13:34:16 -0400