diff options
-rw-r--r-- | include/net/xfrm.h | 36 | ||||
-rw-r--r-- | net/xfrm/xfrm_policy.c | 34 |
2 files changed, 36 insertions, 34 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index dbcd2922ff3f..81c91e8a328f 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -506,40 +506,8 @@ __be16 xfrm_flowi_dport(struct flowi *fl) | |||
506 | return port; | 506 | return port; |
507 | } | 507 | } |
508 | 508 | ||
509 | static inline int | 509 | extern int xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl, |
510 | __xfrm4_selector_match(struct xfrm_selector *sel, struct flowi *fl) | 510 | unsigned short family); |
511 | { | ||
512 | return addr_match(&fl->fl4_dst, &sel->daddr, sel->prefixlen_d) && | ||
513 | addr_match(&fl->fl4_src, &sel->saddr, sel->prefixlen_s) && | ||
514 | !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) && | ||
515 | !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) && | ||
516 | (fl->proto == sel->proto || !sel->proto) && | ||
517 | (fl->oif == sel->ifindex || !sel->ifindex); | ||
518 | } | ||
519 | |||
520 | static inline int | ||
521 | __xfrm6_selector_match(struct xfrm_selector *sel, struct flowi *fl) | ||
522 | { | ||
523 | return addr_match(&fl->fl6_dst, &sel->daddr, sel->prefixlen_d) && | ||
524 | addr_match(&fl->fl6_src, &sel->saddr, sel->prefixlen_s) && | ||
525 | !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) && | ||
526 | !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) && | ||
527 | (fl->proto == sel->proto || !sel->proto) && | ||
528 | (fl->oif == sel->ifindex || !sel->ifindex); | ||
529 | } | ||
530 | |||
531 | static inline int | ||
532 | xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl, | ||
533 | unsigned short family) | ||
534 | { | ||
535 | switch (family) { | ||
536 | case AF_INET: | ||
537 | return __xfrm4_selector_match(sel, fl); | ||
538 | case AF_INET6: | ||
539 | return __xfrm6_selector_match(sel, fl); | ||
540 | } | ||
541 | return 0; | ||
542 | } | ||
543 | 511 | ||
544 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 512 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
545 | /* If neither has a context --> match | 513 | /* If neither has a context --> match |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index b88b038530c9..e5ea1347a4ff 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -50,6 +50,40 @@ static void xfrm_policy_put_afinfo(struct xfrm_policy_afinfo *afinfo); | |||
50 | static struct xfrm_policy_afinfo *xfrm_policy_lock_afinfo(unsigned int family); | 50 | static struct xfrm_policy_afinfo *xfrm_policy_lock_afinfo(unsigned int family); |
51 | static void xfrm_policy_unlock_afinfo(struct xfrm_policy_afinfo *afinfo); | 51 | static void xfrm_policy_unlock_afinfo(struct xfrm_policy_afinfo *afinfo); |
52 | 52 | ||
53 | static inline int | ||
54 | __xfrm4_selector_match(struct xfrm_selector *sel, struct flowi *fl) | ||
55 | { | ||
56 | return addr_match(&fl->fl4_dst, &sel->daddr, sel->prefixlen_d) && | ||
57 | addr_match(&fl->fl4_src, &sel->saddr, sel->prefixlen_s) && | ||
58 | !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) && | ||
59 | !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) && | ||
60 | (fl->proto == sel->proto || !sel->proto) && | ||
61 | (fl->oif == sel->ifindex || !sel->ifindex); | ||
62 | } | ||
63 | |||
64 | static inline int | ||
65 | __xfrm6_selector_match(struct xfrm_selector *sel, struct flowi *fl) | ||
66 | { | ||
67 | return addr_match(&fl->fl6_dst, &sel->daddr, sel->prefixlen_d) && | ||
68 | addr_match(&fl->fl6_src, &sel->saddr, sel->prefixlen_s) && | ||
69 | !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) && | ||
70 | !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) && | ||
71 | (fl->proto == sel->proto || !sel->proto) && | ||
72 | (fl->oif == sel->ifindex || !sel->ifindex); | ||
73 | } | ||
74 | |||
75 | int xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl, | ||
76 | unsigned short family) | ||
77 | { | ||
78 | switch (family) { | ||
79 | case AF_INET: | ||
80 | return __xfrm4_selector_match(sel, fl); | ||
81 | case AF_INET6: | ||
82 | return __xfrm6_selector_match(sel, fl); | ||
83 | } | ||
84 | return 0; | ||
85 | } | ||
86 | |||
53 | int xfrm_register_type(struct xfrm_type *type, unsigned short family) | 87 | int xfrm_register_type(struct xfrm_type *type, unsigned short family) |
54 | { | 88 | { |
55 | struct xfrm_policy_afinfo *afinfo = xfrm_policy_lock_afinfo(family); | 89 | struct xfrm_policy_afinfo *afinfo = xfrm_policy_lock_afinfo(family); |