1 files changed, 86 insertions, 51 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 223e90a44824..ac52f33f3e4a 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -12,6 +12,7 @@
 #include <linux/in6.h>
 #include <linux/mutex.h>
 #include <linux/audit.h>
+#include <linux/slab.h>
 #include <net/sock.h>
 #include <net/dst.h>
@@ -19,6 +20,9 @@
 #include <net/route.h>
 #include <net/ipv6.h>
 #include <net/ip6_fib.h>
+#include <linux/interrupt.h>
 #ifdef CONFIG_XFRM_STATISTICS
 #include <net/snmp.h>
 #endif
@@ -121,8 +125,7 @@ struct xfrm_state_walk {
 };
 /* Full description of state of transformer. */
-struct xfrm_state
+struct xfrm_state {
-{
 #ifdef CONFIG_NET_NS
        struct net              *xs_net;
 #endif
@@ -138,6 +141,7 @@ struct xfrm_state
        struct xfrm_id          id;
        struct xfrm_selector    sel;
+        struct xfrm_mark        mark;
        u32                     genid;
@@ -160,7 +164,7 @@ struct xfrm_state
        struct xfrm_lifetime_cfg lft;
        /* Data for transformer */
-        struct xfrm_algo        *aalg;
+        struct xfrm_algo_auth   *aalg;
        struct xfrm_algo        *ealg;
        struct xfrm_algo        *calg;
        struct xfrm_algo_aead   *aead;
@@ -199,7 +203,7 @@ struct xfrm_state
        struct xfrm_stats       stats;
        struct xfrm_lifetime_cur curlft;
-        struct timer_list       timer;
+        struct tasklet_hrtimer  mtimer;
        /* Last used time */
        unsigned long           lastused;
@@ -237,8 +241,7 @@ enum {
 };
 /* callback structure passed from either netlink or pfkey */
-struct km_event
+struct km_event {
-{
        union {
                u32 hard;
                u32 proto;
@@ -273,7 +276,8 @@ struct xfrm_policy_afinfo {
                                             struct dst_entry *dst,
                                             int nfheader_len);
        int                     (*fill_dst)(struct xfrm_dst *xdst,
-                                            struct net_device *dev);
+                                            struct net_device *dev,
+                                            struct flowi *fl);
 };
 extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
@@ -313,12 +317,11 @@ extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo);
 extern void xfrm_state_delete_tunnel(struct xfrm_state *x);
-struct xfrm_type
+struct xfrm_type {
-{
        char                    *description;
        struct module           *owner;
-        __u8                    proto;
+        u8                      proto;
-        __u8                    flags;
+        u8                      flags;
 #define XFRM_TYPE_NON_FRAGMENT  1
 #define XFRM_TYPE_REPLAY_PROT   2
 #define XFRM_TYPE_LOCAL_COADDR  4
@@ -420,8 +423,7 @@ static inline struct xfrm_mode *xfrm_ip2inner_mode(struct xfrm_state *x, int ipp
                return x->inner_mode_iaf;
 }
-struct xfrm_tmpl
+struct xfrm_tmpl {
-{
 /* id in template is interpreted as:
 * daddr - destination of tunnel, may be zero for transport mode.
 * spi   - zero to acquire spi. Not zero if spi is static, then
@@ -435,24 +437,24 @@ struct xfrm_tmpl
        unsigned short          encap_family;
-        __u32                   reqid;
+        u32                     reqid;
 /* Mode: transport, tunnel etc. */
-        __u8                    mode;
+        u8                      mode;
 /* Sharing mode: unique, this session only, this user only etc. */
-        __u8                    share;
+        u8                      share;
 /* May skip this transfomration if no SA is found */
-        __u8                    optional;
+        u8                      optional;
 /* Skip aalgos/ealgos/calgos checks. */
-        __u8                    allalgs;
+        u8                      allalgs;
 /* Bit mask of algos allowed for acquisition */
-        __u32                   aalgos;
+        u32                     aalgos;
-        __u32                   ealgos;
+        u32                     ealgos;
-        __u32                   calgos;
+        u32                     calgos;
 };
 #define XFRM_MAX_DEPTH          6
@@ -468,8 +470,7 @@ struct xfrm_policy_walk {
        u32 seq;
 };
-struct xfrm_policy
+struct xfrm_policy {
-{
 #ifdef CONFIG_NET_NS
        struct net              *xp_net;
 #endif
@@ -483,6 +484,7 @@ struct xfrm_policy
        u32                     priority;
        u32                     index;
+        struct xfrm_mark        mark;
        struct xfrm_selector    selector;
        struct xfrm_lifetime_cfg lft;
        struct xfrm_lifetime_cur curlft;
@@ -538,8 +540,7 @@ struct xfrm_migrate {
 /* default seq threshold size */
 #define XFRM_AE_SEQT_SIZE               2
-struct xfrm_mgr
+struct xfrm_mgr {
-{
        struct list_head        list;
        char                    *id;
        int                     (*notify)(struct xfrm_state *x, struct km_event *c);
@@ -626,8 +627,7 @@ struct xfrm_spi_skb_cb {
 #define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0]))
 /* Audit Information */
-struct xfrm_audit
+struct xfrm_audit {
-{
        u32     secid;
        uid_t   loginuid;
        u32     sessionid;
@@ -774,7 +774,7 @@ static __inline__ int addr_match(void *token1, void *token2, int prefixlen)
        int pdw;
        int pbi;
-        pdw = prefixlen >> 5;     /* num of whole __u32 in prefix */
+        pdw = prefixlen >> 5;     /* num of whole u32 in prefix */
        pbi = prefixlen &  0x1f;  /* num of bits in incomplete u32 in prefix */
        if (pdw)
@@ -871,8 +871,7 @@ static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ct
 * bundles differing by session id. All the bundles grow from a parent
 * policy rule.
 */
-struct xfrm_dst
+struct xfrm_dst {
-{
        union {
                struct dst_entry        dst;
                struct rtable           rt;
@@ -907,8 +906,7 @@ static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
 extern void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev);
-struct sec_path
+struct sec_path {
-{
        atomic_t                refcnt;
        int                     len;
        struct xfrm_state       *xvec[XFRM_MAX_DEPTH];
@@ -1265,7 +1263,7 @@ struct xfrm_algo_desc {
 /* XFRM tunnel handlers.  */
 struct xfrm_tunnel {
        int (*handler)(struct sk_buff *skb);
-        int (*err_handler)(struct sk_buff *skb, __u32 info);
+        int (*err_handler)(struct sk_buff *skb, u32 info);
        struct xfrm_tunnel *next;
        int priority;
@@ -1323,7 +1321,7 @@ extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t
                                          struct flowi *fl, struct xfrm_tmpl *tmpl,
                                          struct xfrm_policy *pol, int *err,
                                          unsigned short family);
-extern struct xfrm_state * xfrm_stateonly_find(struct net *net,
+extern struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark,
                                               xfrm_address_t *daddr,
                                               xfrm_address_t *saddr,
                                               unsigned short family,
@@ -1332,8 +1330,14 @@ extern int xfrm_state_check_expire(struct xfrm_state *x);
 extern void xfrm_state_insert(struct xfrm_state *x);
 extern int xfrm_state_add(struct xfrm_state *x);
 extern int xfrm_state_update(struct xfrm_state *x);
-extern struct xfrm_state *xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family);
+extern struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark,
-extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family);
+                                            xfrm_address_t *daddr, __be32 spi,
+                                            u8 proto, unsigned short family);
+extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark,
+                                                   xfrm_address_t *daddr,
+                                                   xfrm_address_t *saddr,
+                                                   u8 proto,
+                                                   unsigned short family);
 #ifdef CONFIG_XFRM_SUB_POLICY
 extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
                          int n, unsigned short family);
@@ -1370,11 +1374,12 @@ struct xfrmk_spdinfo {
        u32 spdhmcnt;
 };
-extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 seq);
+extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark,
+                                              u32 seq);
 extern int xfrm_state_delete(struct xfrm_state *x);
 extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);
-extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si);
+extern void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si);
-extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si);
+extern void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si);
 extern int xfrm_replay_check(struct xfrm_state *x,
                             struct sk_buff *skb, __be32 seq);
 extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq);
@@ -1414,9 +1419,9 @@ extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
                            xfrm_address_t *saddr, u8 proto);
 extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family);
 extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family);
-extern __be32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr);
+extern __be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr);
-extern void xfrm6_tunnel_free_spi(xfrm_address_t *saddr);
+extern void xfrm6_tunnel_free_spi(struct net *net, xfrm_address_t *saddr);
-extern __be32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr);
+extern __be32 xfrm6_tunnel_spi_lookup(struct net *net, xfrm_address_t *saddr);
 extern int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb);
 extern int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
 extern int xfrm6_output(struct sk_buff *skb);
@@ -1447,17 +1452,20 @@ extern int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk,
        int (*func)(struct xfrm_policy *, int, int, void*), void *);
 extern void xfrm_policy_walk_done(struct xfrm_policy_walk *walk);
 int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
-struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u8 type, int dir,
+struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark,
+                                          u8 type, int dir,
                                          struct xfrm_selector *sel,
                                          struct xfrm_sec_ctx *ctx, int delete,
                                          int *err);
-struct xfrm_policy *xfrm_policy_byid(struct net *net, u8, int dir, u32 id, int delete, int *err);
+struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir, u32 id, int delete, int *err);
 int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);
 u32 xfrm_get_acqseq(void);
 extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
-struct xfrm_state * xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto,
+struct xfrm_state *xfrm_find_acq(struct net *net, struct xfrm_mark *mark,
-                                  xfrm_address_t *daddr, xfrm_address_t *saddr,
+                                 u8 mode, u32 reqid, u8 proto,
-                                  int create, unsigned short family);
+                                 xfrm_address_t *daddr,
+                                 xfrm_address_t *saddr, int create,
+                                 unsigned short family);
 extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
 extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst,
                          struct flowi *fl, int family, int strict);
@@ -1500,16 +1508,13 @@ struct scatterlist;
 typedef int (icv_update_fn_t)(struct hash_desc *, struct scatterlist *,
                              unsigned int);
-extern int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *tfm,
-                        int offset, int len, icv_update_fn_t icv_update);
 static inline int xfrm_addr_cmp(xfrm_address_t *a, xfrm_address_t *b,
                                int family)
 {
        switch (family) {
        default:
        case AF_INET:
-                return (__force __u32)a->a4 - (__force __u32)b->a4;
+                return (__force u32)a->a4 - (__force u32)b->a4;
        case AF_INET6:
                return ipv6_addr_cmp((struct in6_addr *)a,
                                     (struct in6_addr *)b);
@@ -1541,12 +1546,22 @@ static inline int xfrm_alg_len(struct xfrm_algo *alg)
        return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
 }
+static inline int xfrm_alg_auth_len(struct xfrm_algo_auth *alg)
+{
+        return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
+}
 #ifdef CONFIG_XFRM_MIGRATE
 static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig)
 {
        return kmemdup(orig, xfrm_alg_len(orig), GFP_KERNEL);
 }
+static inline struct xfrm_algo_auth *xfrm_algo_auth_clone(struct xfrm_algo_auth *orig)
+{
+        return kmemdup(orig, xfrm_alg_auth_len(orig), GFP_KERNEL);
+}
 static inline void xfrm_states_put(struct xfrm_state **states, int n)
 {
        int i;
@@ -1569,4 +1584,24 @@ static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb)
 }
 #endif
+static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)
+{
+        if (attrs[XFRMA_MARK])
+                memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(m));
+        else
+                m->v = m->m = 0;
+        return m->v & m->m;
+}
+static inline int xfrm_mark_put(struct sk_buff *skb, struct xfrm_mark *m)
+{
+        if (m->m | m->v)
+                NLA_PUT(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m);
+        return 0;
+nla_put_failure:
+        return -1;
+}
 #endif  /* _NET_XFRM_H */