diff options
Diffstat (limited to 'net/xfrm/xfrm_input.c')
| -rw-r--r-- | net/xfrm/xfrm_input.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 75279402ccf4..b4a13178fb40 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c | |||
| @@ -104,6 +104,7 @@ EXPORT_SYMBOL(xfrm_prepare_input); | |||
| 104 | 104 | ||
| 105 | int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | 105 | int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) |
| 106 | { | 106 | { |
| 107 | struct net *net = dev_net(skb->dev); | ||
| 107 | int err; | 108 | int err; |
| 108 | __be32 seq; | 109 | __be32 seq; |
| 109 | struct xfrm_state *x; | 110 | struct xfrm_state *x; |
| @@ -127,7 +128,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
| 127 | 128 | ||
| 128 | sp = secpath_dup(skb->sp); | 129 | sp = secpath_dup(skb->sp); |
| 129 | if (!sp) { | 130 | if (!sp) { |
| 130 | XFRM_INC_STATS(LINUX_MIB_XFRMINERROR); | 131 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINERROR); |
| 131 | goto drop; | 132 | goto drop; |
| 132 | } | 133 | } |
| 133 | if (skb->sp) | 134 | if (skb->sp) |
| @@ -141,19 +142,19 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
| 141 | 142 | ||
| 142 | seq = 0; | 143 | seq = 0; |
| 143 | if (!spi && (err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0) { | 144 | if (!spi && (err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0) { |
| 144 | XFRM_INC_STATS(LINUX_MIB_XFRMINHDRERROR); | 145 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR); |
| 145 | goto drop; | 146 | goto drop; |
| 146 | } | 147 | } |
| 147 | 148 | ||
| 148 | do { | 149 | do { |
| 149 | if (skb->sp->len == XFRM_MAX_DEPTH) { | 150 | if (skb->sp->len == XFRM_MAX_DEPTH) { |
| 150 | XFRM_INC_STATS(LINUX_MIB_XFRMINBUFFERERROR); | 151 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR); |
| 151 | goto drop; | 152 | goto drop; |
| 152 | } | 153 | } |
| 153 | 154 | ||
| 154 | x = xfrm_state_lookup(daddr, spi, nexthdr, family); | 155 | x = xfrm_state_lookup(net, daddr, spi, nexthdr, family); |
| 155 | if (x == NULL) { | 156 | if (x == NULL) { |
| 156 | XFRM_INC_STATS(LINUX_MIB_XFRMINNOSTATES); | 157 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOSTATES); |
| 157 | xfrm_audit_state_notfound(skb, family, spi, seq); | 158 | xfrm_audit_state_notfound(skb, family, spi, seq); |
| 158 | goto drop; | 159 | goto drop; |
| 159 | } | 160 | } |
| @@ -162,22 +163,22 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
| 162 | 163 | ||
| 163 | spin_lock(&x->lock); | 164 | spin_lock(&x->lock); |
| 164 | if (unlikely(x->km.state != XFRM_STATE_VALID)) { | 165 | if (unlikely(x->km.state != XFRM_STATE_VALID)) { |
| 165 | XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEINVALID); | 166 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEINVALID); |
| 166 | goto drop_unlock; | 167 | goto drop_unlock; |
| 167 | } | 168 | } |
| 168 | 169 | ||
| 169 | if ((x->encap ? x->encap->encap_type : 0) != encap_type) { | 170 | if ((x->encap ? x->encap->encap_type : 0) != encap_type) { |
| 170 | XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEMISMATCH); | 171 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH); |
| 171 | goto drop_unlock; | 172 | goto drop_unlock; |
| 172 | } | 173 | } |
| 173 | 174 | ||
| 174 | if (x->props.replay_window && xfrm_replay_check(x, skb, seq)) { | 175 | if (x->props.replay_window && xfrm_replay_check(x, skb, seq)) { |
| 175 | XFRM_INC_STATS(LINUX_MIB_XFRMINSTATESEQERROR); | 176 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); |
| 176 | goto drop_unlock; | 177 | goto drop_unlock; |
| 177 | } | 178 | } |
| 178 | 179 | ||
| 179 | if (xfrm_state_check_expire(x)) { | 180 | if (xfrm_state_check_expire(x)) { |
| 180 | XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEEXPIRED); | 181 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEEXPIRED); |
| 181 | goto drop_unlock; | 182 | goto drop_unlock; |
| 182 | } | 183 | } |
| 183 | 184 | ||
| @@ -198,7 +199,7 @@ resume: | |||
| 198 | x->type->proto); | 199 | x->type->proto); |
| 199 | x->stats.integrity_failed++; | 200 | x->stats.integrity_failed++; |
| 200 | } | 201 | } |
| 201 | XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEPROTOERROR); | 202 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR); |
| 202 | goto drop_unlock; | 203 | goto drop_unlock; |
| 203 | } | 204 | } |
| 204 | 205 | ||
| @@ -224,7 +225,7 @@ resume: | |||
| 224 | } | 225 | } |
| 225 | 226 | ||
| 226 | if (inner_mode->input(x, skb)) { | 227 | if (inner_mode->input(x, skb)) { |
| 227 | XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEMODEERROR); | 228 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR); |
| 228 | goto drop; | 229 | goto drop; |
| 229 | } | 230 | } |
| 230 | 231 | ||
| @@ -242,7 +243,7 @@ resume: | |||
| 242 | 243 | ||
| 243 | err = xfrm_parse_spi(skb, nexthdr, &spi, &seq); | 244 | err = xfrm_parse_spi(skb, nexthdr, &spi, &seq); |
| 244 | if (err < 0) { | 245 | if (err < 0) { |
| 245 | XFRM_INC_STATS(LINUX_MIB_XFRMINHDRERROR); | 246 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR); |
| 246 | goto drop; | 247 | goto drop; |
| 247 | } | 248 | } |
| 248 | } while (!err); | 249 | } while (!err); |