diff options
| -rw-r--r-- | include/net/xfrm.h | 17 | ||||
| -rw-r--r-- | net/ipv4/xfrm4_input.c | 10 | ||||
| -rw-r--r-- | net/ipv6/xfrm6_input.c | 9 | ||||
| -rw-r--r-- | net/netfilter/xt_policy.c | 2 | ||||
| -rw-r--r-- | net/xfrm/xfrm_input.c | 4 | ||||
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 10 |
6 files changed, 19 insertions, 33 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index c7612f4443ed..0d5529c382e8 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -242,7 +242,6 @@ extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo); | |||
| 242 | 242 | ||
| 243 | extern void xfrm_state_delete_tunnel(struct xfrm_state *x); | 243 | extern void xfrm_state_delete_tunnel(struct xfrm_state *x); |
| 244 | 244 | ||
| 245 | struct xfrm_decap_state; | ||
| 246 | struct xfrm_type | 245 | struct xfrm_type |
| 247 | { | 246 | { |
| 248 | char *description; | 247 | char *description; |
| @@ -606,25 +605,11 @@ static inline void xfrm_dst_destroy(struct xfrm_dst *xdst) | |||
| 606 | 605 | ||
| 607 | extern void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev); | 606 | extern void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev); |
| 608 | 607 | ||
| 609 | /* Decapsulation state, used by the input to store data during | ||
| 610 | * decapsulation procedure, to be used later (during the policy | ||
| 611 | * check | ||
| 612 | */ | ||
| 613 | struct xfrm_decap_state { | ||
| 614 | char decap_data[20]; | ||
| 615 | __u16 decap_type; | ||
| 616 | }; | ||
| 617 | |||
| 618 | struct sec_decap_state { | ||
| 619 | struct xfrm_state *xvec; | ||
| 620 | struct xfrm_decap_state decap; | ||
| 621 | }; | ||
| 622 | |||
| 623 | struct sec_path | 608 | struct sec_path |
| 624 | { | 609 | { |
| 625 | atomic_t refcnt; | 610 | atomic_t refcnt; |
| 626 | int len; | 611 | int len; |
| 627 | struct sec_decap_state x[XFRM_MAX_DEPTH]; | 612 | struct xfrm_state *xvec[XFRM_MAX_DEPTH]; |
| 628 | }; | 613 | }; |
| 629 | 614 | ||
| 630 | static inline struct sec_path * | 615 | static inline struct sec_path * |
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c index 04ceb6e13b9d..e1b8f4b90d80 100644 --- a/net/ipv4/xfrm4_input.c +++ b/net/ipv4/xfrm4_input.c | |||
| @@ -68,7 +68,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type) | |||
| 68 | { | 68 | { |
| 69 | int err; | 69 | int err; |
| 70 | u32 spi, seq; | 70 | u32 spi, seq; |
| 71 | struct sec_decap_state xfrm_vec[XFRM_MAX_DEPTH]; | 71 | struct xfrm_state *xfrm_vec[XFRM_MAX_DEPTH]; |
| 72 | struct xfrm_state *x; | 72 | struct xfrm_state *x; |
| 73 | int xfrm_nr = 0; | 73 | int xfrm_nr = 0; |
| 74 | int decaps = 0; | 74 | int decaps = 0; |
| @@ -99,7 +99,6 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type) | |||
| 99 | if (xfrm_state_check_expire(x)) | 99 | if (xfrm_state_check_expire(x)) |
| 100 | goto drop_unlock; | 100 | goto drop_unlock; |
| 101 | 101 | ||
| 102 | xfrm_vec[xfrm_nr].decap.decap_type = encap_type; | ||
| 103 | if (x->type->input(x, skb)) | 102 | if (x->type->input(x, skb)) |
| 104 | goto drop_unlock; | 103 | goto drop_unlock; |
| 105 | 104 | ||
| @@ -114,7 +113,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type) | |||
| 114 | 113 | ||
| 115 | spin_unlock(&x->lock); | 114 | spin_unlock(&x->lock); |
| 116 | 115 | ||
| 117 | xfrm_vec[xfrm_nr++].xvec = x; | 116 | xfrm_vec[xfrm_nr++] = x; |
| 118 | 117 | ||
| 119 | iph = skb->nh.iph; | 118 | iph = skb->nh.iph; |
| 120 | 119 | ||
| @@ -156,7 +155,8 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type) | |||
| 156 | if (xfrm_nr + skb->sp->len > XFRM_MAX_DEPTH) | 155 | if (xfrm_nr + skb->sp->len > XFRM_MAX_DEPTH) |
| 157 | goto drop; | 156 | goto drop; |
| 158 | 157 | ||
| 159 | memcpy(skb->sp->x+skb->sp->len, xfrm_vec, xfrm_nr*sizeof(struct sec_decap_state)); | 158 | memcpy(skb->sp->xvec + skb->sp->len, xfrm_vec, |
| 159 | xfrm_nr * sizeof(xfrm_vec[0])); | ||
| 160 | skb->sp->len += xfrm_nr; | 160 | skb->sp->len += xfrm_nr; |
| 161 | 161 | ||
| 162 | nf_reset(skb); | 162 | nf_reset(skb); |
| @@ -187,7 +187,7 @@ drop_unlock: | |||
| 187 | xfrm_state_put(x); | 187 | xfrm_state_put(x); |
| 188 | drop: | 188 | drop: |
| 189 | while (--xfrm_nr >= 0) | 189 | while (--xfrm_nr >= 0) |
| 190 | xfrm_state_put(xfrm_vec[xfrm_nr].xvec); | 190 | xfrm_state_put(xfrm_vec[xfrm_nr]); |
| 191 | 191 | ||
| 192 | kfree_skb(skb); | 192 | kfree_skb(skb); |
| 193 | return 0; | 193 | return 0; |
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c index ec7a96e9fa64..00cfdee18dca 100644 --- a/net/ipv6/xfrm6_input.c +++ b/net/ipv6/xfrm6_input.c | |||
| @@ -32,7 +32,7 @@ int xfrm6_rcv_spi(struct sk_buff *skb, u32 spi) | |||
| 32 | { | 32 | { |
| 33 | int err; | 33 | int err; |
| 34 | u32 seq; | 34 | u32 seq; |
| 35 | struct sec_decap_state xfrm_vec[XFRM_MAX_DEPTH]; | 35 | struct xfrm_state *xfrm_vec[XFRM_MAX_DEPTH]; |
| 36 | struct xfrm_state *x; | 36 | struct xfrm_state *x; |
| 37 | int xfrm_nr = 0; | 37 | int xfrm_nr = 0; |
| 38 | int decaps = 0; | 38 | int decaps = 0; |
| @@ -79,7 +79,7 @@ int xfrm6_rcv_spi(struct sk_buff *skb, u32 spi) | |||
| 79 | 79 | ||
| 80 | spin_unlock(&x->lock); | 80 | spin_unlock(&x->lock); |
| 81 | 81 | ||
| 82 | xfrm_vec[xfrm_nr++].xvec = x; | 82 | xfrm_vec[xfrm_nr++] = x; |
| 83 | 83 | ||
| 84 | if (x->props.mode) { /* XXX */ | 84 | if (x->props.mode) { /* XXX */ |
| 85 | if (nexthdr != IPPROTO_IPV6) | 85 | if (nexthdr != IPPROTO_IPV6) |
| @@ -118,7 +118,8 @@ int xfrm6_rcv_spi(struct sk_buff *skb, u32 spi) | |||
| 118 | if (xfrm_nr + skb->sp->len > XFRM_MAX_DEPTH) | 118 | if (xfrm_nr + skb->sp->len > XFRM_MAX_DEPTH) |
| 119 | goto drop; | 119 | goto drop; |
| 120 | 120 | ||
| 121 | memcpy(skb->sp->x+skb->sp->len, xfrm_vec, xfrm_nr*sizeof(struct sec_decap_state)); | 121 | memcpy(skb->sp->xvec + skb->sp->len, xfrm_vec, |
| 122 | xfrm_nr * sizeof(xfrm_vec[0])); | ||
| 122 | skb->sp->len += xfrm_nr; | 123 | skb->sp->len += xfrm_nr; |
| 123 | skb->ip_summed = CHECKSUM_NONE; | 124 | skb->ip_summed = CHECKSUM_NONE; |
| 124 | 125 | ||
| @@ -149,7 +150,7 @@ drop_unlock: | |||
| 149 | xfrm_state_put(x); | 150 | xfrm_state_put(x); |
| 150 | drop: | 151 | drop: |
| 151 | while (--xfrm_nr >= 0) | 152 | while (--xfrm_nr >= 0) |
| 152 | xfrm_state_put(xfrm_vec[xfrm_nr].xvec); | 153 | xfrm_state_put(xfrm_vec[xfrm_nr]); |
| 153 | kfree_skb(skb); | 154 | kfree_skb(skb); |
| 154 | return -1; | 155 | return -1; |
| 155 | } | 156 | } |
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c index 1099cb005fcc..a3aa62fbda6f 100644 --- a/net/netfilter/xt_policy.c +++ b/net/netfilter/xt_policy.c | |||
| @@ -71,7 +71,7 @@ match_policy_in(const struct sk_buff *skb, const struct xt_policy_info *info, | |||
| 71 | return 0; | 71 | return 0; |
| 72 | e = &info->pol[pos]; | 72 | e = &info->pol[pos]; |
| 73 | 73 | ||
| 74 | if (match_xfrm_state(sp->x[i].xvec, e, family)) { | 74 | if (match_xfrm_state(sp->xvec[i], e, family)) { |
| 75 | if (!strict) | 75 | if (!strict) |
| 76 | return 1; | 76 | return 1; |
| 77 | } else if (strict) | 77 | } else if (strict) |
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 2407a7072327..b54971059f16 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c | |||
| @@ -18,7 +18,7 @@ void __secpath_destroy(struct sec_path *sp) | |||
| 18 | { | 18 | { |
| 19 | int i; | 19 | int i; |
| 20 | for (i = 0; i < sp->len; i++) | 20 | for (i = 0; i < sp->len; i++) |
| 21 | xfrm_state_put(sp->x[i].xvec); | 21 | xfrm_state_put(sp->xvec[i]); |
| 22 | kmem_cache_free(secpath_cachep, sp); | 22 | kmem_cache_free(secpath_cachep, sp); |
| 23 | } | 23 | } |
| 24 | EXPORT_SYMBOL(__secpath_destroy); | 24 | EXPORT_SYMBOL(__secpath_destroy); |
| @@ -37,7 +37,7 @@ struct sec_path *secpath_dup(struct sec_path *src) | |||
| 37 | 37 | ||
| 38 | memcpy(sp, src, sizeof(*sp)); | 38 | memcpy(sp, src, sizeof(*sp)); |
| 39 | for (i = 0; i < sp->len; i++) | 39 | for (i = 0; i < sp->len; i++) |
| 40 | xfrm_state_hold(sp->x[i].xvec); | 40 | xfrm_state_hold(sp->xvec[i]); |
| 41 | } | 41 | } |
| 42 | atomic_set(&sp->refcnt, 1); | 42 | atomic_set(&sp->refcnt, 1); |
| 43 | return sp; | 43 | return sp; |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index f5eae9febd26..c3725fe2a8fb 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -943,9 +943,9 @@ xfrm_policy_ok(struct xfrm_tmpl *tmpl, struct sec_path *sp, int start, | |||
| 943 | } else | 943 | } else |
| 944 | start = -1; | 944 | start = -1; |
| 945 | for (; idx < sp->len; idx++) { | 945 | for (; idx < sp->len; idx++) { |
| 946 | if (xfrm_state_ok(tmpl, sp->x[idx].xvec, family)) | 946 | if (xfrm_state_ok(tmpl, sp->xvec[idx], family)) |
| 947 | return ++idx; | 947 | return ++idx; |
| 948 | if (sp->x[idx].xvec->props.mode) | 948 | if (sp->xvec[idx]->props.mode) |
| 949 | break; | 949 | break; |
| 950 | } | 950 | } |
| 951 | return start; | 951 | return start; |
| @@ -968,7 +968,7 @@ EXPORT_SYMBOL(xfrm_decode_session); | |||
| 968 | static inline int secpath_has_tunnel(struct sec_path *sp, int k) | 968 | static inline int secpath_has_tunnel(struct sec_path *sp, int k) |
| 969 | { | 969 | { |
| 970 | for (; k < sp->len; k++) { | 970 | for (; k < sp->len; k++) { |
| 971 | if (sp->x[k].xvec->props.mode) | 971 | if (sp->xvec[k]->props.mode) |
| 972 | return 1; | 972 | return 1; |
| 973 | } | 973 | } |
| 974 | 974 | ||
| @@ -994,8 +994,8 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, | |||
| 994 | int i; | 994 | int i; |
| 995 | 995 | ||
| 996 | for (i=skb->sp->len-1; i>=0; i--) { | 996 | for (i=skb->sp->len-1; i>=0; i--) { |
| 997 | struct sec_decap_state *xvec = &(skb->sp->x[i]); | 997 | struct xfrm_state *x = skb->sp->xvec[i]; |
| 998 | if (!xfrm_selector_match(&xvec->xvec->sel, &fl, family)) | 998 | if (!xfrm_selector_match(&x->sel, &fl, family)) |
| 999 | return 0; | 999 | return 0; |
| 1000 | } | 1000 | } |
| 1001 | } | 1001 | } |