aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-10-08 20:25:53 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:54:54 -0400
commit436a0a402203d5a47d2edf7e4dde6c08a7257983 (patch)
treeb47e73326a2ff7dbf8ac3fbcb6c4acea5c06619d /net
parent83815dea47cf3e98ccbb6aecda08cba1ba91208f (diff)
[IPSEC]: Move output replay code into xfrm_output
The replay counter is one of only two remaining things in the output code that requires a lock on the xfrm state (the other being the crypto). This patch moves it into the generic xfrm_output so we can remove the lock from the transforms themselves. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/ah4.c4
-rw-r--r--net/ipv4/esp4.c4
-rw-r--r--net/ipv6/ah6.c4
-rw-r--r--net/ipv6/esp6.c4
-rw-r--r--net/xfrm/xfrm_output.c5
5 files changed, 13 insertions, 8 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index dc1d8e871b24..58af298e1941 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -96,8 +96,7 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
96 96
97 ah->reserved = 0; 97 ah->reserved = 0;
98 ah->spi = x->id.spi; 98 ah->spi = x->id.spi;
99 ah->seq_no = htonl(++x->replay.oseq); 99 ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq);
100 xfrm_aevent_doreplay(x);
101 err = ah_mac_digest(ahp, skb, ah->auth_data); 100 err = ah_mac_digest(ahp, skb, ah->auth_data);
102 if (err) 101 if (err)
103 goto error; 102 goto error;
@@ -297,6 +296,7 @@ static struct xfrm_type ah_type =
297 .description = "AH4", 296 .description = "AH4",
298 .owner = THIS_MODULE, 297 .owner = THIS_MODULE,
299 .proto = IPPROTO_AH, 298 .proto = IPPROTO_AH,
299 .flags = XFRM_TYPE_REPLAY_PROT,
300 .init_state = ah_init_state, 300 .init_state = ah_init_state,
301 .destructor = ah_destroy, 301 .destructor = ah_destroy,
302 .input = ah_input, 302 .input = ah_input,
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index d233e2e62500..0f62af9a7f15 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -95,8 +95,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
95 top_iph->protocol = IPPROTO_ESP; 95 top_iph->protocol = IPPROTO_ESP;
96 96
97 esph->spi = x->id.spi; 97 esph->spi = x->id.spi;
98 esph->seq_no = htonl(++x->replay.oseq); 98 esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq);
99 xfrm_aevent_doreplay(x);
100 99
101 if (esp->conf.ivlen) { 100 if (esp->conf.ivlen) {
102 if (unlikely(!esp->conf.ivinitted)) { 101 if (unlikely(!esp->conf.ivinitted)) {
@@ -437,6 +436,7 @@ static struct xfrm_type esp_type =
437 .description = "ESP4", 436 .description = "ESP4",
438 .owner = THIS_MODULE, 437 .owner = THIS_MODULE,
439 .proto = IPPROTO_ESP, 438 .proto = IPPROTO_ESP,
439 .flags = XFRM_TYPE_REPLAY_PROT,
440 .init_state = esp_init_state, 440 .init_state = esp_init_state,
441 .destructor = esp_destroy, 441 .destructor = esp_destroy,
442 .get_mtu = esp4_get_mtu, 442 .get_mtu = esp4_get_mtu,
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index 69a2030407b8..ae68a900f605 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -283,8 +283,7 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb)
283 283
284 ah->reserved = 0; 284 ah->reserved = 0;
285 ah->spi = x->id.spi; 285 ah->spi = x->id.spi;
286 ah->seq_no = htonl(++x->replay.oseq); 286 ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq);
287 xfrm_aevent_doreplay(x);
288 err = ah_mac_digest(ahp, skb, ah->auth_data); 287 err = ah_mac_digest(ahp, skb, ah->auth_data);
289 if (err) 288 if (err)
290 goto error_free_iph; 289 goto error_free_iph;
@@ -506,6 +505,7 @@ static struct xfrm_type ah6_type =
506 .description = "AH6", 505 .description = "AH6",
507 .owner = THIS_MODULE, 506 .owner = THIS_MODULE,
508 .proto = IPPROTO_AH, 507 .proto = IPPROTO_AH,
508 .flags = XFRM_TYPE_REPLAY_PROT,
509 .init_state = ah6_init_state, 509 .init_state = ah6_init_state,
510 .destructor = ah6_destroy, 510 .destructor = ah6_destroy,
511 .input = ah6_input, 511 .input = ah6_input,
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 77281068d0f9..0c5fb81451b7 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -95,8 +95,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
95 *skb_network_header(skb) = IPPROTO_ESP; 95 *skb_network_header(skb) = IPPROTO_ESP;
96 96
97 esph->spi = x->id.spi; 97 esph->spi = x->id.spi;
98 esph->seq_no = htonl(++x->replay.oseq); 98 esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq);
99 xfrm_aevent_doreplay(x);
100 99
101 if (esp->conf.ivlen) { 100 if (esp->conf.ivlen) {
102 if (unlikely(!esp->conf.ivinitted)) { 101 if (unlikely(!esp->conf.ivinitted)) {
@@ -373,6 +372,7 @@ static struct xfrm_type esp6_type =
373 .description = "ESP6", 372 .description = "ESP6",
374 .owner = THIS_MODULE, 373 .owner = THIS_MODULE,
375 .proto = IPPROTO_ESP, 374 .proto = IPPROTO_ESP,
375 .flags = XFRM_TYPE_REPLAY_PROT,
376 .init_state = esp6_init_state, 376 .init_state = esp6_init_state,
377 .destructor = esp6_destroy, 377 .destructor = esp6_destroy,
378 .get_mtu = esp6_get_mtu, 378 .get_mtu = esp6_get_mtu,
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 5b1c978a323c..20e789d8c63e 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -58,6 +58,11 @@ int xfrm_output(struct sk_buff *skb)
58 if (err) 58 if (err)
59 goto error; 59 goto error;
60 60
61 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
62 XFRM_SKB_CB(skb)->seq = ++x->replay.oseq;
63 xfrm_aevent_doreplay(x);
64 }
65
61 err = x->mode->output(x, skb); 66 err = x->mode->output(x, skb);
62 if (err) 67 if (err)
63 goto error; 68 goto error;
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-12 16:41:05 -0500