[IPSEC] xfrm: Abstract out encapsulation modes

This patch adds the structure xfrm_mode. It is meant to represent the operations carried out by transport/tunnel modes. By doing this we allow additional encapsulation modes to be added without clogging up the xfrm_input/xfrm_output paths. Candidate modes include 4-to-6 tunnel mode, 6-to-4 tunnel mode, and BEET modes. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Herbert Xu <herbert@gondor.apana.org.au> 2006-05-28 02:05:54 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-06-18 00:28:39 -0400
commit: b59f45d0b2878ab76f8053b0973654e6621828ee (patch)
tree: 40dc5e2ede2620f7935fb3dae0d0eb199851f611 /net/xfrm
parent: 546be2405be119ef55467aace45f337a16e5d424 (diff)
2 files changed, 89 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 44b64a593c01..b8936926c24b 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -138,6 +138,89 @@ void xfrm_put_type(struct xfrm_type *type)
        module_put(type->owner);
 }
+int xfrm_register_mode(struct xfrm_mode *mode, int family)
+{
+        struct xfrm_policy_afinfo *afinfo;
+        struct xfrm_mode **modemap;
+        int err;
+        if (unlikely(mode->encap >= XFRM_MODE_MAX))
+                return -EINVAL;
+        afinfo = xfrm_policy_lock_afinfo(family);
+        if (unlikely(afinfo == NULL))
+                return -EAFNOSUPPORT;
+        err = -EEXIST;
+        modemap = afinfo->mode_map;
+        if (likely(modemap[mode->encap] == NULL)) {
+                modemap[mode->encap] = mode;
+                err = 0;
+        }
+        xfrm_policy_unlock_afinfo(afinfo);
+        return err;
+}
+EXPORT_SYMBOL(xfrm_register_mode);
+int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
+{
+        struct xfrm_policy_afinfo *afinfo;
+        struct xfrm_mode **modemap;
+        int err;
+        if (unlikely(mode->encap >= XFRM_MODE_MAX))
+                return -EINVAL;
+        afinfo = xfrm_policy_lock_afinfo(family);
+        if (unlikely(afinfo == NULL))
+                return -EAFNOSUPPORT;
+        err = -ENOENT;
+        modemap = afinfo->mode_map;
+        if (likely(modemap[mode->encap] == mode)) {
+                modemap[mode->encap] = NULL;
+                err = 0;
+        }
+        xfrm_policy_unlock_afinfo(afinfo);
+        return err;
+}
+EXPORT_SYMBOL(xfrm_unregister_mode);
+struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
+{
+        struct xfrm_policy_afinfo *afinfo;
+        struct xfrm_mode *mode;
+        int modload_attempted = 0;
+        if (unlikely(encap >= XFRM_MODE_MAX))
+                return NULL;
+retry:
+        afinfo = xfrm_policy_get_afinfo(family);
+        if (unlikely(afinfo == NULL))
+                return NULL;
+        mode = afinfo->mode_map[encap];
+        if (unlikely(mode && !try_module_get(mode->owner)))
+                mode = NULL;
+        if (!mode && !modload_attempted) {
+                xfrm_policy_put_afinfo(afinfo);
+                request_module("xfrm-mode-%d-%d", family, encap);
+                modload_attempted = 1;
+                goto retry;
+        }
+        xfrm_policy_put_afinfo(afinfo);
+        return mode;
+}
+void xfrm_put_mode(struct xfrm_mode *mode)
+{
+        module_put(mode->owner);
+}
 static inline unsigned long make_jiffies(long secs)
 {
        if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index ee62c239a7e3..17b29ec3c417 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -77,6 +77,8 @@ static void xfrm_state_gc_destroy(struct xfrm_state *x)
        kfree(x->ealg);
        kfree(x->calg);
        kfree(x->encap);
+        if (x->mode)
+                xfrm_put_mode(x->mode);
        if (x->type) {
                x->type->destructor(x);
                xfrm_put_type(x->type);
@@ -1193,6 +1195,10 @@ int xfrm_init_state(struct xfrm_state *x)
        if (err)
                goto error;
+        x->mode = xfrm_get_mode(x->props.mode, family);
+        if (x->mode == NULL)
+                goto error;
        x->km.state = XFRM_STATE_VALID;
 error:
author	Herbert Xu <herbert@gondor.apana.org.au>	2006-05-28 02:05:54 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-06-18 00:28:39 -0400
commit	b59f45d0b2878ab76f8053b0973654e6621828ee (patch)
tree	40dc5e2ede2620f7935fb3dae0d0eb199851f611 /net/xfrm
parent	546be2405be119ef55467aace45f337a16e5d424 (diff)

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 44b64a593c01..b8936926c24b 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -138,6 +138,89 @@ void xfrm_put_type(struct xfrm_type *type)
138	module_put(type->owner);	138	module_put(type->owner);
139	}	139	}
140		140
		141	int xfrm_register_mode(struct xfrm_mode *mode, int family)
		142	{
		143	struct xfrm_policy_afinfo *afinfo;
		144	struct xfrm_mode **modemap;
		145	int err;
		146
		147	if (unlikely(mode->encap >= XFRM_MODE_MAX))
		148	return -EINVAL;
		149
		150	afinfo = xfrm_policy_lock_afinfo(family);
		151	if (unlikely(afinfo == NULL))
		152	return -EAFNOSUPPORT;
		153
		154	err = -EEXIST;
		155	modemap = afinfo->mode_map;
		156	if (likely(modemap[mode->encap] == NULL)) {
		157	modemap[mode->encap] = mode;
		158	err = 0;
		159	}
		160
		161	xfrm_policy_unlock_afinfo(afinfo);
		162	return err;
		163	}
		164	EXPORT_SYMBOL(xfrm_register_mode);
		165
		166	int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
		167	{
		168	struct xfrm_policy_afinfo *afinfo;
		169	struct xfrm_mode **modemap;
		170	int err;
		171
		172	if (unlikely(mode->encap >= XFRM_MODE_MAX))
		173	return -EINVAL;
		174
		175	afinfo = xfrm_policy_lock_afinfo(family);
		176	if (unlikely(afinfo == NULL))
		177	return -EAFNOSUPPORT;
		178
		179	err = -ENOENT;
		180	modemap = afinfo->mode_map;
		181	if (likely(modemap[mode->encap] == mode)) {
		182	modemap[mode->encap] = NULL;
		183	err = 0;
		184	}
		185
		186	xfrm_policy_unlock_afinfo(afinfo);
		187	return err;
		188	}
		189	EXPORT_SYMBOL(xfrm_unregister_mode);
		190
		191	struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
		192	{
		193	struct xfrm_policy_afinfo *afinfo;
		194	struct xfrm_mode *mode;
		195	int modload_attempted = 0;
		196
		197	if (unlikely(encap >= XFRM_MODE_MAX))
		198	return NULL;
		199
		200	retry:
		201	afinfo = xfrm_policy_get_afinfo(family);
		202	if (unlikely(afinfo == NULL))
		203	return NULL;
		204
		205	mode = afinfo->mode_map[encap];
		206	if (unlikely(mode && !try_module_get(mode->owner)))
		207	mode = NULL;
		208	if (!mode && !modload_attempted) {
		209	xfrm_policy_put_afinfo(afinfo);
		210	request_module("xfrm-mode-%d-%d", family, encap);
		211	modload_attempted = 1;
		212	goto retry;
		213	}
		214
		215	xfrm_policy_put_afinfo(afinfo);
		216	return mode;
		217	}
		218
		219	void xfrm_put_mode(struct xfrm_mode *mode)
		220	{
		221	module_put(mode->owner);
		222	}
		223
141	static inline unsigned long make_jiffies(long secs)	224	static inline unsigned long make_jiffies(long secs)
142	{	225	{
143	if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)	226	if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)


diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index ee62c239a7e3..17b29ec3c417 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c
@@ -77,6 +77,8 @@ static void xfrm_state_gc_destroy(struct xfrm_state *x)
77	kfree(x->ealg);	77	kfree(x->ealg);
78	kfree(x->calg);	78	kfree(x->calg);
79	kfree(x->encap);	79	kfree(x->encap);
		80	if (x->mode)
		81	xfrm_put_mode(x->mode);
80	if (x->type) {	82	if (x->type) {
81	x->type->destructor(x);	83	x->type->destructor(x);
82	xfrm_put_type(x->type);	84	xfrm_put_type(x->type);
@@ -1193,6 +1195,10 @@ int xfrm_init_state(struct xfrm_state *x)
1193	if (err)	1195	if (err)
1194	goto error;	1196	goto error;
1195		1197
		1198	x->mode = xfrm_get_mode(x->props.mode, family);
		1199	if (x->mode == NULL)
		1200	goto error;
		1201
1196	x->km.state = XFRM_STATE_VALID;	1202	x->km.state = XFRM_STATE_VALID;
1197		1203
1198	error:	1204	error: