aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/net/xfrm.h36
-rw-r--r--net/xfrm/xfrm_policy.c34
2 files changed, 36 insertions, 34 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index dbcd2922ff3f..81c91e8a328f 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -506,40 +506,8 @@ __be16 xfrm_flowi_dport(struct flowi *fl)
506 return port; 506 return port;
507} 507}
508 508
509static inline int 509extern int xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl,
510__xfrm4_selector_match(struct xfrm_selector *sel, struct flowi *fl) 510 unsigned short family);
511{
512 return addr_match(&fl->fl4_dst, &sel->daddr, sel->prefixlen_d) &&
513 addr_match(&fl->fl4_src, &sel->saddr, sel->prefixlen_s) &&
514 !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) &&
515 !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) &&
516 (fl->proto == sel->proto || !sel->proto) &&
517 (fl->oif == sel->ifindex || !sel->ifindex);
518}
519
520static inline int
521__xfrm6_selector_match(struct xfrm_selector *sel, struct flowi *fl)
522{
523 return addr_match(&fl->fl6_dst, &sel->daddr, sel->prefixlen_d) &&
524 addr_match(&fl->fl6_src, &sel->saddr, sel->prefixlen_s) &&
525 !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) &&
526 !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) &&
527 (fl->proto == sel->proto || !sel->proto) &&
528 (fl->oif == sel->ifindex || !sel->ifindex);
529}
530
531static inline int
532xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl,
533 unsigned short family)
534{
535 switch (family) {
536 case AF_INET:
537 return __xfrm4_selector_match(sel, fl);
538 case AF_INET6:
539 return __xfrm6_selector_match(sel, fl);
540 }
541 return 0;
542}
543 511
544#ifdef CONFIG_SECURITY_NETWORK_XFRM 512#ifdef CONFIG_SECURITY_NETWORK_XFRM
545/* If neither has a context --> match 513/* If neither has a context --> match
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index b88b038530c9..e5ea1347a4ff 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -50,6 +50,40 @@ static void xfrm_policy_put_afinfo(struct xfrm_policy_afinfo *afinfo);
50static struct xfrm_policy_afinfo *xfrm_policy_lock_afinfo(unsigned int family); 50static struct xfrm_policy_afinfo *xfrm_policy_lock_afinfo(unsigned int family);
51static void xfrm_policy_unlock_afinfo(struct xfrm_policy_afinfo *afinfo); 51static void xfrm_policy_unlock_afinfo(struct xfrm_policy_afinfo *afinfo);
52 52
53static inline int
54__xfrm4_selector_match(struct xfrm_selector *sel, struct flowi *fl)
55{
56 return addr_match(&fl->fl4_dst, &sel->daddr, sel->prefixlen_d) &&
57 addr_match(&fl->fl4_src, &sel->saddr, sel->prefixlen_s) &&
58 !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) &&
59 !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) &&
60 (fl->proto == sel->proto || !sel->proto) &&
61 (fl->oif == sel->ifindex || !sel->ifindex);
62}
63
64static inline int
65__xfrm6_selector_match(struct xfrm_selector *sel, struct flowi *fl)
66{
67 return addr_match(&fl->fl6_dst, &sel->daddr, sel->prefixlen_d) &&
68 addr_match(&fl->fl6_src, &sel->saddr, sel->prefixlen_s) &&
69 !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) &&
70 !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) &&
71 (fl->proto == sel->proto || !sel->proto) &&
72 (fl->oif == sel->ifindex || !sel->ifindex);
73}
74
75int xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl,
76 unsigned short family)
77{
78 switch (family) {
79 case AF_INET:
80 return __xfrm4_selector_match(sel, fl);
81 case AF_INET6:
82 return __xfrm6_selector_match(sel, fl);
83 }
84 return 0;
85}
86
53int xfrm_register_type(struct xfrm_type *type, unsigned short family) 87int xfrm_register_type(struct xfrm_type *type, unsigned short family)
54{ 88{
55 struct xfrm_policy_afinfo *afinfo = xfrm_policy_lock_afinfo(family); 89 struct xfrm_policy_afinfo *afinfo = xfrm_policy_lock_afinfo(family);