Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

Conflicts: include/net/xfrm.h Simple conflict between Joe Perches "extern" removal for function declarations in header files and the changes in Steffen's tree. Steffen Klassert says: ==================== Two patches that are left from the last development cycle. Manual merging of include/net/xfrm.h is needed. The conflict can be solved as it is currently done in linux-next. 1) We announce the creation of temporary acquire state via an asyc event, so the deletion should be annunced too. From Nicolas Dichtel. 2) The VTI tunnels do not real tunning, they just provide a routable IPsec tunnel interface. So introduce and use xfrm_tunnel_notifier instead of xfrm_tunnel for xfrm tunnel mode callback. From Fan Du. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2013-09-30 15:11:00 -0400
committer: David S. Miller <davem@davemloft.net> 2013-09-30 15:24:57 -0400
commit: 7b77d161ce7e480a660692cab079712fc0268ba2 (patch)
tree: b48e40d0e619a1c1a82be374fbd458584a9d6094 /net
parent: 44a504c74ad338ccbbb9003f378d56576bdbf785 (diff)
parent: aba8269588301f7778bea811d6f7ec74c2e37279 (diff)
3 files changed, 10 insertions, 75 deletions
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index e805e7b3030e..91f69bc883fe 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -49,70 +49,6 @@ static struct rtnl_link_ops vti_link_ops __read_mostly;
 static int vti_net_id __read_mostly;
 static int vti_tunnel_init(struct net_device *dev);
-static int vti_err(struct sk_buff *skb, u32 info)
-{
-        /* All the routers (except for Linux) return only
-         * 8 bytes of packet payload. It means, that precise relaying of
-         * ICMP in the real Internet is absolutely infeasible.
-         */
-        struct net *net = dev_net(skb->dev);
-        struct ip_tunnel_net *itn = net_generic(net, vti_net_id);
-        struct iphdr *iph = (struct iphdr *)skb->data;
-        const int type = icmp_hdr(skb)->type;
-        const int code = icmp_hdr(skb)->code;
-        struct ip_tunnel *t;
-        int err;
-        switch (type) {
-        default:
-        case ICMP_PARAMETERPROB:
-                return 0;
-        case ICMP_DEST_UNREACH:
-                switch (code) {
-                case ICMP_SR_FAILED:
-                case ICMP_PORT_UNREACH:
-                        /* Impossible event. */
-                        return 0;
-                default:
-                        /* All others are translated to HOST_UNREACH. */
-                        break;
-                }
-                break;
-        case ICMP_TIME_EXCEEDED:
-                if (code != ICMP_EXC_TTL)
-                        return 0;
-                break;
-        }
-        err = -ENOENT;
-        t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
-                             iph->daddr, iph->saddr, 0);
-        if (t == NULL)
-                goto out;
-        if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
-                ipv4_update_pmtu(skb, dev_net(skb->dev), info,
-                                 t->parms.link, 0, IPPROTO_IPIP, 0);
-                err = 0;
-                goto out;
-        }
-        err = 0;
-        if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
-                goto out;
-        if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
-                t->err_count++;
-        else
-                t->err_count = 1;
-        t->err_time = jiffies;
-out:
-        return err;
-}
 /* We dont digest the packet therefore let the packet pass */
 static int vti_rcv(struct sk_buff *skb)
 {
@@ -296,9 +232,8 @@ static void __net_init vti_fb_tunnel_init(struct net_device *dev)
        iph->ihl                = 5;
 }
-static struct xfrm_tunnel vti_handler __read_mostly = {
+static struct xfrm_tunnel_notifier vti_handler __read_mostly = {
        .handler        =       vti_rcv,
-        .err_handler    =       vti_err,
        .priority       =       1,
 };
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c
index b5663c37f089..31b18152528f 100644
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ b/net/ipv4/xfrm4_mode_tunnel.c
@@ -16,13 +16,13 @@
 #include <net/xfrm.h>
 /* Informational hook. The decap is still done here. */
-static struct xfrm_tunnel __rcu *rcv_notify_handlers __read_mostly;
+static struct xfrm_tunnel_notifier __rcu *rcv_notify_handlers __read_mostly;
 static DEFINE_MUTEX(xfrm4_mode_tunnel_input_mutex);
-int xfrm4_mode_tunnel_input_register(struct xfrm_tunnel *handler)
+int xfrm4_mode_tunnel_input_register(struct xfrm_tunnel_notifier *handler)
 {
-        struct xfrm_tunnel __rcu **pprev;
+        struct xfrm_tunnel_notifier __rcu **pprev;
-        struct xfrm_tunnel *t;
+        struct xfrm_tunnel_notifier *t;
        int ret = -EEXIST;
        int priority = handler->priority;
@@ -50,10 +50,10 @@ err:
 }
 EXPORT_SYMBOL_GPL(xfrm4_mode_tunnel_input_register);
-int xfrm4_mode_tunnel_input_deregister(struct xfrm_tunnel *handler)
+int xfrm4_mode_tunnel_input_deregister(struct xfrm_tunnel_notifier *handler)
 {
-        struct xfrm_tunnel __rcu **pprev;
+        struct xfrm_tunnel_notifier __rcu **pprev;
-        struct xfrm_tunnel *t;
+        struct xfrm_tunnel_notifier *t;
        int ret = -ENOENT;
        mutex_lock(&xfrm4_mode_tunnel_input_mutex);
@@ -134,7 +134,7 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
 static int xfrm4_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
 {
-        struct xfrm_tunnel *handler;
+        struct xfrm_tunnel_notifier *handler;
        int err = -EINVAL;
        if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index b9c3f9e943a9..d6e7f98fbfbf 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -468,7 +468,7 @@ expired:
        }
        err = __xfrm_state_delete(x);
-        if (!err && x->id.spi)
+        if (!err)
                km_state_expired(x, 1, 0);
        xfrm_audit_state_delete(x, err ? 0 : 1,
author	David S. Miller <davem@davemloft.net>	2013-09-30 15:11:00 -0400
committer	David S. Miller <davem@davemloft.net>	2013-09-30 15:24:57 -0400
commit	7b77d161ce7e480a660692cab079712fc0268ba2 (patch)
tree	b48e40d0e619a1c1a82be374fbd458584a9d6094 /net
parent	44a504c74ad338ccbbb9003f378d56576bdbf785 (diff)
parent	aba8269588301f7778bea811d6f7ec74c2e37279 (diff)

diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index e805e7b3030e..91f69bc883fe 100644 --- a/net/ipv4/ip_vti.c +++ b/net/ipv4/ip_vti.c
@@ -49,70 +49,6 @@ static struct rtnl_link_ops vti_link_ops __read_mostly;
49	static int vti_net_id __read_mostly;	49	static int vti_net_id __read_mostly;
50	static int vti_tunnel_init(struct net_device *dev);	50	static int vti_tunnel_init(struct net_device *dev);
51		51
52	static int vti_err(struct sk_buff *skb, u32 info)
53	{
54
55	/* All the routers (except for Linux) return only
56	* 8 bytes of packet payload. It means, that precise relaying of
57	* ICMP in the real Internet is absolutely infeasible.
58	*/
59	struct net *net = dev_net(skb->dev);
60	struct ip_tunnel_net *itn = net_generic(net, vti_net_id);
61	struct iphdr iph = (struct iphdr )skb->data;
62	const int type = icmp_hdr(skb)->type;
63	const int code = icmp_hdr(skb)->code;
64	struct ip_tunnel *t;
65	int err;
66
67	switch (type) {
68	default:
69	case ICMP_PARAMETERPROB:
70	return 0;
71
72	case ICMP_DEST_UNREACH:
73	switch (code) {
74	case ICMP_SR_FAILED:
75	case ICMP_PORT_UNREACH:
76	/* Impossible event. */
77	return 0;
78	default:
79	/* All others are translated to HOST_UNREACH. */
80	break;
81	}
82	break;
83	case ICMP_TIME_EXCEEDED:
84	if (code != ICMP_EXC_TTL)
85	return 0;
86	break;
87	}
88
89	err = -ENOENT;
90
91	t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
92	iph->daddr, iph->saddr, 0);
93	if (t == NULL)
94	goto out;
95
96	if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
97	ipv4_update_pmtu(skb, dev_net(skb->dev), info,
98	t->parms.link, 0, IPPROTO_IPIP, 0);
99	err = 0;
100	goto out;
101	}
102
103	err = 0;
104	if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
105	goto out;
106
107	if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
108	t->err_count++;
109	else
110	t->err_count = 1;
111	t->err_time = jiffies;
112	out:
113	return err;
114	}
115
116	/* We dont digest the packet therefore let the packet pass */	52	/* We dont digest the packet therefore let the packet pass */
117	static int vti_rcv(struct sk_buff *skb)	53	static int vti_rcv(struct sk_buff *skb)
118	{	54	{
@@ -296,9 +232,8 @@ static void __net_init vti_fb_tunnel_init(struct net_device *dev)
296	iph->ihl = 5;	232	iph->ihl = 5;
297	}	233	}
298		234
299	static struct xfrm_tunnel vti_handler __read_mostly = {	235	static struct xfrm_tunnel_notifier vti_handler __read_mostly = {
300	.handler = vti_rcv,	236	.handler = vti_rcv,
301	.err_handler = vti_err,
302	.priority = 1,	237	.priority = 1,
303	};	238	};
304		239


diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c index b5663c37f089..31b18152528f 100644 --- a/net/ipv4/xfrm4_mode_tunnel.c +++ b/net/ipv4/xfrm4_mode_tunnel.c
@@ -16,13 +16,13 @@
16	#include <net/xfrm.h>	16	#include <net/xfrm.h>
17		17
18	/* Informational hook. The decap is still done here. */	18	/* Informational hook. The decap is still done here. */
19	static struct xfrm_tunnel __rcu *rcv_notify_handlers __read_mostly;	19	static struct xfrm_tunnel_notifier __rcu *rcv_notify_handlers __read_mostly;
20	static DEFINE_MUTEX(xfrm4_mode_tunnel_input_mutex);	20	static DEFINE_MUTEX(xfrm4_mode_tunnel_input_mutex);
21		21
22	int xfrm4_mode_tunnel_input_register(struct xfrm_tunnel *handler)	22	int xfrm4_mode_tunnel_input_register(struct xfrm_tunnel_notifier *handler)
23	{	23	{
24	struct xfrm_tunnel __rcu **pprev;	24	struct xfrm_tunnel_notifier __rcu **pprev;
25	struct xfrm_tunnel *t;	25	struct xfrm_tunnel_notifier *t;
26	int ret = -EEXIST;	26	int ret = -EEXIST;
27	int priority = handler->priority;	27	int priority = handler->priority;
28		28
@@ -50,10 +50,10 @@ err:
50	}	50	}
51	EXPORT_SYMBOL_GPL(xfrm4_mode_tunnel_input_register);	51	EXPORT_SYMBOL_GPL(xfrm4_mode_tunnel_input_register);
52		52
53	int xfrm4_mode_tunnel_input_deregister(struct xfrm_tunnel *handler)	53	int xfrm4_mode_tunnel_input_deregister(struct xfrm_tunnel_notifier *handler)
54	{	54	{
55	struct xfrm_tunnel __rcu **pprev;	55	struct xfrm_tunnel_notifier __rcu **pprev;
56	struct xfrm_tunnel *t;	56	struct xfrm_tunnel_notifier *t;
57	int ret = -ENOENT;	57	int ret = -ENOENT;
58		58
59	mutex_lock(&xfrm4_mode_tunnel_input_mutex);	59	mutex_lock(&xfrm4_mode_tunnel_input_mutex);
@@ -134,7 +134,7 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state x, struct sk_buff skb)
134		134
135	static int xfrm4_mode_tunnel_input(struct xfrm_state x, struct sk_buff skb)	135	static int xfrm4_mode_tunnel_input(struct xfrm_state x, struct sk_buff skb)
136	{	136	{
137	struct xfrm_tunnel *handler;	137	struct xfrm_tunnel_notifier *handler;
138	int err = -EINVAL;	138	int err = -EINVAL;
139		139
140	if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP)	140	if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP)


diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index b9c3f9e943a9..d6e7f98fbfbf 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c
@@ -468,7 +468,7 @@ expired:
468	}	468	}
469		469
470	err = __xfrm_state_delete(x);	470	err = __xfrm_state_delete(x);
471	if (!err && x->id.spi)	471	if (!err)
472	km_state_expired(x, 1, 0);	472	km_state_expired(x, 1, 0);
473		473
474	xfrm_audit_state_delete(x, err ? 0 : 1,	474	xfrm_audit_state_delete(x, err ? 0 : 1,