diff options
-rw-r--r-- | include/net/xfrm.h | 17 | ||||
-rw-r--r-- | net/ipv4/xfrm4_input.c | 10 | ||||
-rw-r--r-- | net/ipv6/xfrm6_input.c | 9 | ||||
-rw-r--r-- | net/netfilter/xt_policy.c | 2 | ||||
-rw-r--r-- | net/xfrm/xfrm_input.c | 4 | ||||
-rw-r--r-- | net/xfrm/xfrm_policy.c | 10 |
6 files changed, 19 insertions, 33 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index c7612f4443ed..0d5529c382e8 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -242,7 +242,6 @@ extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo); | |||
242 | 242 | ||
243 | extern void xfrm_state_delete_tunnel(struct xfrm_state *x); | 243 | extern void xfrm_state_delete_tunnel(struct xfrm_state *x); |
244 | 244 | ||
245 | struct xfrm_decap_state; | ||
246 | struct xfrm_type | 245 | struct xfrm_type |
247 | { | 246 | { |
248 | char *description; | 247 | char *description; |
@@ -606,25 +605,11 @@ static inline void xfrm_dst_destroy(struct xfrm_dst *xdst) | |||
606 | 605 | ||
607 | extern void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev); | 606 | extern void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev); |
608 | 607 | ||
609 | /* Decapsulation state, used by the input to store data during | ||
610 | * decapsulation procedure, to be used later (during the policy | ||
611 | * check | ||
612 | */ | ||
613 | struct xfrm_decap_state { | ||
614 | char decap_data[20]; | ||
615 | __u16 decap_type; | ||
616 | }; | ||
617 | |||
618 | struct sec_decap_state { | ||
619 | struct xfrm_state *xvec; | ||
620 | struct xfrm_decap_state decap; | ||
621 | }; | ||
622 | |||
623 | struct sec_path | 608 | struct sec_path |
624 | { | 609 | { |
625 | atomic_t refcnt; | 610 | atomic_t refcnt; |
626 | int len; | 611 | int len; |
627 | struct sec_decap_state x[XFRM_MAX_DEPTH]; | 612 | struct xfrm_state *xvec[XFRM_MAX_DEPTH]; |
628 | }; | 613 | }; |
629 | 614 | ||
630 | static inline struct sec_path * | 615 | static inline struct sec_path * |
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c index 04ceb6e13b9d..e1b8f4b90d80 100644 --- a/net/ipv4/xfrm4_input.c +++ b/net/ipv4/xfrm4_input.c | |||
@@ -68,7 +68,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type) | |||
68 | { | 68 | { |
69 | int err; | 69 | int err; |
70 | u32 spi, seq; | 70 | u32 spi, seq; |
71 | struct sec_decap_state xfrm_vec[XFRM_MAX_DEPTH]; | 71 | struct xfrm_state *xfrm_vec[XFRM_MAX_DEPTH]; |
72 | struct xfrm_state *x; | 72 | struct xfrm_state *x; |
73 | int xfrm_nr = 0; | 73 | int xfrm_nr = 0; |
74 | int decaps = 0; | 74 | int decaps = 0; |
@@ -99,7 +99,6 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type) | |||
99 | if (xfrm_state_check_expire(x)) | 99 | if (xfrm_state_check_expire(x)) |
100 | goto drop_unlock; | 100 | goto drop_unlock; |
101 | 101 | ||
102 | xfrm_vec[xfrm_nr].decap.decap_type = encap_type; | ||
103 | if (x->type->input(x, skb)) | 102 | if (x->type->input(x, skb)) |
104 | goto drop_unlock; | 103 | goto drop_unlock; |
105 | 104 | ||
@@ -114,7 +113,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type) | |||
114 | 113 | ||
115 | spin_unlock(&x->lock); | 114 | spin_unlock(&x->lock); |
116 | 115 | ||
117 | xfrm_vec[xfrm_nr++].xvec = x; | 116 | xfrm_vec[xfrm_nr++] = x; |
118 | 117 | ||
119 | iph = skb->nh.iph; | 118 | iph = skb->nh.iph; |
120 | 119 | ||
@@ -156,7 +155,8 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type) | |||
156 | if (xfrm_nr + skb->sp->len > XFRM_MAX_DEPTH) | 155 | if (xfrm_nr + skb->sp->len > XFRM_MAX_DEPTH) |
157 | goto drop; | 156 | goto drop; |
158 | 157 | ||
159 | memcpy(skb->sp->x+skb->sp->len, xfrm_vec, xfrm_nr*sizeof(struct sec_decap_state)); | 158 | memcpy(skb->sp->xvec + skb->sp->len, xfrm_vec, |
159 | xfrm_nr * sizeof(xfrm_vec[0])); | ||
160 | skb->sp->len += xfrm_nr; | 160 | skb->sp->len += xfrm_nr; |
161 | 161 | ||
162 | nf_reset(skb); | 162 | nf_reset(skb); |
@@ -187,7 +187,7 @@ drop_unlock: | |||
187 | xfrm_state_put(x); | 187 | xfrm_state_put(x); |
188 | drop: | 188 | drop: |
189 | while (--xfrm_nr >= 0) | 189 | while (--xfrm_nr >= 0) |
190 | xfrm_state_put(xfrm_vec[xfrm_nr].xvec); | 190 | xfrm_state_put(xfrm_vec[xfrm_nr]); |
191 | 191 | ||
192 | kfree_skb(skb); | 192 | kfree_skb(skb); |
193 | return 0; | 193 | return 0; |
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c index ec7a96e9fa64..00cfdee18dca 100644 --- a/net/ipv6/xfrm6_input.c +++ b/net/ipv6/xfrm6_input.c | |||
@@ -32,7 +32,7 @@ int xfrm6_rcv_spi(struct sk_buff *skb, u32 spi) | |||
32 | { | 32 | { |
33 | int err; | 33 | int err; |
34 | u32 seq; | 34 | u32 seq; |
35 | struct sec_decap_state xfrm_vec[XFRM_MAX_DEPTH]; | 35 | struct xfrm_state *xfrm_vec[XFRM_MAX_DEPTH]; |
36 | struct xfrm_state *x; | 36 | struct xfrm_state *x; |
37 | int xfrm_nr = 0; | 37 | int xfrm_nr = 0; |
38 | int decaps = 0; | 38 | int decaps = 0; |
@@ -79,7 +79,7 @@ int xfrm6_rcv_spi(struct sk_buff *skb, u32 spi) | |||
79 | 79 | ||
80 | spin_unlock(&x->lock); | 80 | spin_unlock(&x->lock); |
81 | 81 | ||
82 | xfrm_vec[xfrm_nr++].xvec = x; | 82 | xfrm_vec[xfrm_nr++] = x; |
83 | 83 | ||
84 | if (x->props.mode) { /* XXX */ | 84 | if (x->props.mode) { /* XXX */ |
85 | if (nexthdr != IPPROTO_IPV6) | 85 | if (nexthdr != IPPROTO_IPV6) |
@@ -118,7 +118,8 @@ int xfrm6_rcv_spi(struct sk_buff *skb, u32 spi) | |||
118 | if (xfrm_nr + skb->sp->len > XFRM_MAX_DEPTH) | 118 | if (xfrm_nr + skb->sp->len > XFRM_MAX_DEPTH) |
119 | goto drop; | 119 | goto drop; |
120 | 120 | ||
121 | memcpy(skb->sp->x+skb->sp->len, xfrm_vec, xfrm_nr*sizeof(struct sec_decap_state)); | 121 | memcpy(skb->sp->xvec + skb->sp->len, xfrm_vec, |
122 | xfrm_nr * sizeof(xfrm_vec[0])); | ||
122 | skb->sp->len += xfrm_nr; | 123 | skb->sp->len += xfrm_nr; |
123 | skb->ip_summed = CHECKSUM_NONE; | 124 | skb->ip_summed = CHECKSUM_NONE; |
124 | 125 | ||
@@ -149,7 +150,7 @@ drop_unlock: | |||
149 | xfrm_state_put(x); | 150 | xfrm_state_put(x); |
150 | drop: | 151 | drop: |
151 | while (--xfrm_nr >= 0) | 152 | while (--xfrm_nr >= 0) |
152 | xfrm_state_put(xfrm_vec[xfrm_nr].xvec); | 153 | xfrm_state_put(xfrm_vec[xfrm_nr]); |
153 | kfree_skb(skb); | 154 | kfree_skb(skb); |
154 | return -1; | 155 | return -1; |
155 | } | 156 | } |
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c index 1099cb005fcc..a3aa62fbda6f 100644 --- a/net/netfilter/xt_policy.c +++ b/net/netfilter/xt_policy.c | |||
@@ -71,7 +71,7 @@ match_policy_in(const struct sk_buff *skb, const struct xt_policy_info *info, | |||
71 | return 0; | 71 | return 0; |
72 | e = &info->pol[pos]; | 72 | e = &info->pol[pos]; |
73 | 73 | ||
74 | if (match_xfrm_state(sp->x[i].xvec, e, family)) { | 74 | if (match_xfrm_state(sp->xvec[i], e, family)) { |
75 | if (!strict) | 75 | if (!strict) |
76 | return 1; | 76 | return 1; |
77 | } else if (strict) | 77 | } else if (strict) |
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 2407a7072327..b54971059f16 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c | |||
@@ -18,7 +18,7 @@ void __secpath_destroy(struct sec_path *sp) | |||
18 | { | 18 | { |
19 | int i; | 19 | int i; |
20 | for (i = 0; i < sp->len; i++) | 20 | for (i = 0; i < sp->len; i++) |
21 | xfrm_state_put(sp->x[i].xvec); | 21 | xfrm_state_put(sp->xvec[i]); |
22 | kmem_cache_free(secpath_cachep, sp); | 22 | kmem_cache_free(secpath_cachep, sp); |
23 | } | 23 | } |
24 | EXPORT_SYMBOL(__secpath_destroy); | 24 | EXPORT_SYMBOL(__secpath_destroy); |
@@ -37,7 +37,7 @@ struct sec_path *secpath_dup(struct sec_path *src) | |||
37 | 37 | ||
38 | memcpy(sp, src, sizeof(*sp)); | 38 | memcpy(sp, src, sizeof(*sp)); |
39 | for (i = 0; i < sp->len; i++) | 39 | for (i = 0; i < sp->len; i++) |
40 | xfrm_state_hold(sp->x[i].xvec); | 40 | xfrm_state_hold(sp->xvec[i]); |
41 | } | 41 | } |
42 | atomic_set(&sp->refcnt, 1); | 42 | atomic_set(&sp->refcnt, 1); |
43 | return sp; | 43 | return sp; |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index f5eae9febd26..c3725fe2a8fb 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -943,9 +943,9 @@ xfrm_policy_ok(struct xfrm_tmpl *tmpl, struct sec_path *sp, int start, | |||
943 | } else | 943 | } else |
944 | start = -1; | 944 | start = -1; |
945 | for (; idx < sp->len; idx++) { | 945 | for (; idx < sp->len; idx++) { |
946 | if (xfrm_state_ok(tmpl, sp->x[idx].xvec, family)) | 946 | if (xfrm_state_ok(tmpl, sp->xvec[idx], family)) |
947 | return ++idx; | 947 | return ++idx; |
948 | if (sp->x[idx].xvec->props.mode) | 948 | if (sp->xvec[idx]->props.mode) |
949 | break; | 949 | break; |
950 | } | 950 | } |
951 | return start; | 951 | return start; |
@@ -968,7 +968,7 @@ EXPORT_SYMBOL(xfrm_decode_session); | |||
968 | static inline int secpath_has_tunnel(struct sec_path *sp, int k) | 968 | static inline int secpath_has_tunnel(struct sec_path *sp, int k) |
969 | { | 969 | { |
970 | for (; k < sp->len; k++) { | 970 | for (; k < sp->len; k++) { |
971 | if (sp->x[k].xvec->props.mode) | 971 | if (sp->xvec[k]->props.mode) |
972 | return 1; | 972 | return 1; |
973 | } | 973 | } |
974 | 974 | ||
@@ -994,8 +994,8 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, | |||
994 | int i; | 994 | int i; |
995 | 995 | ||
996 | for (i=skb->sp->len-1; i>=0; i--) { | 996 | for (i=skb->sp->len-1; i>=0; i--) { |
997 | struct sec_decap_state *xvec = &(skb->sp->x[i]); | 997 | struct xfrm_state *x = skb->sp->xvec[i]; |
998 | if (!xfrm_selector_match(&xvec->xvec->sel, &fl, family)) | 998 | if (!xfrm_selector_match(&x->sel, &fl, family)) |
999 | return 0; | 999 | return 0; |
1000 | } | 1000 | } |
1001 | } | 1001 | } |