diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2011-03-07 19:06:31 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-03-13 23:22:28 -0400 |
commit | 1ce3644ade9c865c755bf0f6a4e109b7bb6eb60f (patch) | |
tree | 14ce0727337a43d1fa28432d01189d1a5f4269c7 /net | |
parent | 9736acf395d3608583a7be70f62800b494fa103c (diff) |
xfrm: Use separate low and high order bits of the sequence numbers in xfrm_skb_cb
To support IPsec extended sequence numbers, we split the
output sequence numbers of xfrm_skb_cb in low and high order 32 bits
and we add the high order 32 bits to the input sequence numbers.
All users are updated accordingly.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/ah4.c | 2 | ||||
-rw-r--r-- | net/ipv4/esp4.c | 4 | ||||
-rw-r--r-- | net/ipv6/ah6.c | 2 | ||||
-rw-r--r-- | net/ipv6/esp6.c | 4 | ||||
-rw-r--r-- | net/xfrm/xfrm_input.c | 4 | ||||
-rw-r--r-- | net/xfrm/xfrm_output.c | 2 |
6 files changed, 9 insertions, 9 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index 325053df6e70..4286fd3cc0e2 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c | |||
@@ -208,7 +208,7 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb) | |||
208 | 208 | ||
209 | ah->reserved = 0; | 209 | ah->reserved = 0; |
210 | ah->spi = x->id.spi; | 210 | ah->spi = x->id.spi; |
211 | ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); | 211 | ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low); |
212 | 212 | ||
213 | sg_init_table(sg, nfrags); | 213 | sg_init_table(sg, nfrags); |
214 | skb_to_sgvec(skb, sg, 0, skb->len); | 214 | skb_to_sgvec(skb, sg, 0, skb->len); |
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index e42a905180f0..882dbbb7d799 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
@@ -215,7 +215,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
215 | } | 215 | } |
216 | 216 | ||
217 | esph->spi = x->id.spi; | 217 | esph->spi = x->id.spi; |
218 | esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); | 218 | esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low); |
219 | 219 | ||
220 | sg_init_table(sg, nfrags); | 220 | sg_init_table(sg, nfrags); |
221 | skb_to_sgvec(skb, sg, | 221 | skb_to_sgvec(skb, sg, |
@@ -227,7 +227,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
227 | aead_givcrypt_set_crypt(req, sg, sg, clen, iv); | 227 | aead_givcrypt_set_crypt(req, sg, sg, clen, iv); |
228 | aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); | 228 | aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); |
229 | aead_givcrypt_set_giv(req, esph->enc_data, | 229 | aead_givcrypt_set_giv(req, esph->enc_data, |
230 | XFRM_SKB_CB(skb)->seq.output); | 230 | XFRM_SKB_CB(skb)->seq.output.low); |
231 | 231 | ||
232 | ESP_SKB_CB(skb)->tmp = tmp; | 232 | ESP_SKB_CB(skb)->tmp = tmp; |
233 | err = crypto_aead_givencrypt(req); | 233 | err = crypto_aead_givencrypt(req); |
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index 1aba54ae53c4..2195ae651923 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c | |||
@@ -409,7 +409,7 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
409 | 409 | ||
410 | ah->reserved = 0; | 410 | ah->reserved = 0; |
411 | ah->spi = x->id.spi; | 411 | ah->spi = x->id.spi; |
412 | ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); | 412 | ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low); |
413 | 413 | ||
414 | sg_init_table(sg, nfrags); | 414 | sg_init_table(sg, nfrags); |
415 | skb_to_sgvec(skb, sg, 0, skb->len); | 415 | skb_to_sgvec(skb, sg, 0, skb->len); |
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 1b5c9825743b..c7b5d5ee0dee 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
@@ -204,7 +204,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
204 | *skb_mac_header(skb) = IPPROTO_ESP; | 204 | *skb_mac_header(skb) = IPPROTO_ESP; |
205 | 205 | ||
206 | esph->spi = x->id.spi; | 206 | esph->spi = x->id.spi; |
207 | esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); | 207 | esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low); |
208 | 208 | ||
209 | sg_init_table(sg, nfrags); | 209 | sg_init_table(sg, nfrags); |
210 | skb_to_sgvec(skb, sg, | 210 | skb_to_sgvec(skb, sg, |
@@ -216,7 +216,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
216 | aead_givcrypt_set_crypt(req, sg, sg, clen, iv); | 216 | aead_givcrypt_set_crypt(req, sg, sg, clen, iv); |
217 | aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); | 217 | aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); |
218 | aead_givcrypt_set_giv(req, esph->enc_data, | 218 | aead_givcrypt_set_giv(req, esph->enc_data, |
219 | XFRM_SKB_CB(skb)->seq.output); | 219 | XFRM_SKB_CB(skb)->seq.output.low); |
220 | 220 | ||
221 | ESP_SKB_CB(skb)->tmp = tmp; | 221 | ESP_SKB_CB(skb)->tmp = tmp; |
222 | err = crypto_aead_givencrypt(req); | 222 | err = crypto_aead_givencrypt(req); |
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 45f1c98d4fce..b173b7fdc433 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c | |||
@@ -118,7 +118,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
118 | if (encap_type < 0) { | 118 | if (encap_type < 0) { |
119 | async = 1; | 119 | async = 1; |
120 | x = xfrm_input_state(skb); | 120 | x = xfrm_input_state(skb); |
121 | seq = XFRM_SKB_CB(skb)->seq.input; | 121 | seq = XFRM_SKB_CB(skb)->seq.input.low; |
122 | goto resume; | 122 | goto resume; |
123 | } | 123 | } |
124 | 124 | ||
@@ -184,7 +184,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
184 | 184 | ||
185 | spin_unlock(&x->lock); | 185 | spin_unlock(&x->lock); |
186 | 186 | ||
187 | XFRM_SKB_CB(skb)->seq.input = seq; | 187 | XFRM_SKB_CB(skb)->seq.input.low = seq; |
188 | 188 | ||
189 | nexthdr = x->type->input(x, skb); | 189 | nexthdr = x->type->input(x, skb); |
190 | 190 | ||
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c index 64f2ae1fdc15..4b63776a0264 100644 --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c | |||
@@ -68,7 +68,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err) | |||
68 | } | 68 | } |
69 | 69 | ||
70 | if (x->type->flags & XFRM_TYPE_REPLAY_PROT) { | 70 | if (x->type->flags & XFRM_TYPE_REPLAY_PROT) { |
71 | XFRM_SKB_CB(skb)->seq.output = ++x->replay.oseq; | 71 | XFRM_SKB_CB(skb)->seq.output.low = ++x->replay.oseq; |
72 | if (unlikely(x->replay.oseq == 0)) { | 72 | if (unlikely(x->replay.oseq == 0)) { |
73 | XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATESEQERROR); | 73 | XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATESEQERROR); |
74 | x->replay.oseq--; | 74 | x->replay.oseq--; |