9fdc4883d9
xfrm: Move IPsec replay detection functions to a separate file
...
To support multiple versions of replay detection, we move the replay
detection functions to a separate file and make them accessible
via function pointers contained in the struct xfrm_replay.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-13 20:22:30 -07:00
1ce3644ade
xfrm: Use separate low and high order bits of the sequence numbers in xfrm_skb_cb
...
To support IPsec extended sequence numbers, we split the
output sequence numbers of xfrm_skb_cb in low and high order 32 bits
and we add the high order 32 bits to the input sequence numbers.
All users are updated accordingly.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-13 20:22:28 -07:00
7e1dc7b6f7
net: Use flowi4 and flowi6 in xfrm layer.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:52 -08:00
56bb8059e1
net: Break struct flowi out into AF specific instances.
...
Now we have struct flowi4, flowi6, and flowidn for each address
family. And struct flowi is just a union of them all.
It might have been troublesome to convert flow_cache_uli_match() but
as it turns out this function is completely unused and therefore can
be simply removed.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:46 -08:00
6281dcc94a
net: Make flowi ports AF dependent.
...
Create two sets of port member accessors, one set prefixed by fl4_*
and the other prefixed by fl6_*
This will let us to create AF optimal flow instances.
It will work because every context in which we access the ports,
we have to be fully aware of which AF the flowi is anyways.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:46 -08:00
1d28f42c1b
net: Put flowi_* prefix on AF independent members of struct flowi
...
I intend to turn struct flowi into a union of AF specific flowi
structs. There will be a common structure that each variant includes
first, much like struct sock_common.
This is the first step to move in that direction.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:44 -08:00
ca116922af
xfrm: Eliminate "fl" and "pol" args to xfrm_bundle_ok().
...
There is only one caller of xfrm_bundle_ok(), and that always passes these
parameters as NULL.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-12 15:08:43 -08:00
c53fa1ed92
netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms
...
Netlink message processing in the kernel is synchronous these days, the
session information can be collected when needed.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-03 10:55:40 -08:00
452edd598f
xfrm: Return dst directly from xfrm_lookup()
...
Instead of on the stack.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-02 13:27:41 -08:00
2774c131b1
xfrm: Handle blackhole route creation via afinfo.
...
That way we don't have to potentially do this in every xfrm_lookup()
caller.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-01 14:59:04 -08:00
80c0bc9e37
xfrm: Kill XFRM_LOOKUP_WAIT flag.
...
This can be determined from the flow flags instead.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-01 14:36:37 -08:00
a70486f0e6
xfrm: Pass const xfrm_address_t objects to xfrm_state_lookup* and xfrm_find_acq.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-27 23:17:24 -08:00
6f2f19ed95
xfrm: Pass name as const to xfrm_*_get_byname().
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-27 23:04:45 -08:00
33765d0603
xfrm: Const'ify xfrm_address_t args to xfrm_state_find.
...
This required a const'ification in xfrm_init_tempstate() too.
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:08:47 -08:00
1f673c5fe2
xfrm: Remove unused 'saddr' and 'daddr' args to xfrm_state_look_at.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:49 -08:00
9aa600889b
xfrm: Const'ify xfrm_address_t args to __xfrm_state_lookup{,_byaddr}.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:48 -08:00
046860138e
xfrm: Const'ify xfrm_tmpl arg to xfrm_init_tempstate.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:48 -08:00
2ab38503d0
xfrm: Const'ify xfrm_address_t args to xfrm_*_hash.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:47 -08:00
9a7386ec99
xfrm: Const'ify sec_path arg to secpath_has_nontransport.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:47 -08:00
22cccb7e03
xfrm: Const'ify ptr args to xfrm_policy_ok.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:46 -08:00
7db454b912
xfrm: Const'ify ptr args to xfrm_state_ok.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:46 -08:00
1786b3891c
xfrm: Const'ify selector arg to xfrm_dst_update_parent.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:45 -08:00
d3e40a9f5e
xfrm: Const'ify policy arg to clone_policy.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:44 -08:00
f299d557cb
xfrm: Const'ify policy arg and local selector in xfrm_policy_match.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:43 -08:00
0b597e7edf
xfrm: Const'ify local xfrm_address_t pointers in xfrm_policy_lookup_bytype.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:43 -08:00
b4b7c0b389
xfrm: Const'ify selector args in xfrm_migrate paths.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:42 -08:00
5f803b58cd
xfrm: Const'ify address args to hash helpers.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:42 -08:00
183cad1278
xfrm: Const'ify pointer args to km_migrate() and implementations.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:41 -08:00
dd701754e7
xfrm: Const'ify pointer args to migrate_tmpl_match and xfrm_migrate_check
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:40 -08:00
6418c4e079
xfrm: Const'ify address arguments to __xfrm_dst_lookup()
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:39 -08:00
200ce96e56
xfrm: Const'ify selector argument to xfrm_selector_match()
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:38 -08:00
214e005bc3
xfrm: Pass km_event pointers around as const when possible.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-23 23:07:37 -08:00
dee9f4bceb
net: Make flow cache paths use a const struct flowi.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 18:44:31 -08:00
4ca2e68511
xfrm: Mark flowi arg to xfrm_resolve_and_create_bundle() const.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 18:38:51 -08:00
3f0e18fb0e
xfrm: Mark flowi arg to xfrm_dst_{alloc_copy,update_origin}() const.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 18:38:14 -08:00
98313adaac
xfrm: Mark flowi arg to xfrm_bundle_create() const.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 18:36:50 -08:00
a6c2e61115
xfrm: Mark flowi arg to xfrm_tmpl_resolve{,_one}() const.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 18:35:39 -08:00
73ff93cd02
xfrm: Mark flowi arg to xfrm_expand_policies() const.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 18:33:42 -08:00
062cdb43b8
xfrm: Mark flowi arg to xfrm_policy_{lookup_by_type,match}() const.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 18:31:08 -08:00
47209abd79
xfrm: Kill strict arg to xfrm_bundle_ok().
...
Always set to "0".
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 18:29:20 -08:00
b520e9f616
xfrm: Mark flowi arg to xfrm_state_find() const.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 18:24:19 -08:00
1a898592b2
xfrm: Mark flowi arg to xfrm_init_tempstate() const.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 18:22:34 -08:00
4a08ab0fe4
xfrm: Mark flowi arg to xfrm_state_look_at() const.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 18:21:31 -08:00
e1ad2ab2cf
xfrm: Mark flowi arg to xfrm_selector_match() const.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 18:07:39 -08:00
8f029de281
xfrm: Mark flowi arg to xfrm_type->reject() const.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 17:59:59 -08:00
0c7b3eefb4
xfrm: Mark flowi arg to ->fill_dst() const.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 17:48:57 -08:00
05d8402576
xfrm: Mark flowi arg to ->get_tos() const.
...
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-22 17:47:10 -08:00
da935c66ba
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
...
Conflicts:
Documentation/feature-removal-schedule.txt
drivers/net/e1000e/netdev.c
net/xfrm/xfrm_policy.c
2011-02-19 19:17:35 -08:00
3c7bd1a140
net: Add initial_ref arg to dst_alloc().
...
This allows avoiding multiple writes to the initial __refcnt.
The most simplest cases of wanting an initial reference of "1"
in ipv4 and ipv6 have been converted, the rest have been left
along and kept at the existing "0".
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-17 15:44:00 -08:00
0b15093219
xfrm: avoid possible oopse in xfrm_alloc_dst
...
Commit 80c802f3073e84 (xfrm: cache bundles instead of policies for
outgoing flows) introduced possible oopse when dst_alloc returns NULL.
Signed-off-by: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-02-10 23:08:33 -08:00
