ipsec-next-2023-04-19
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEH7ZpcWbFyOOp6OJbrB3Eaf9PW7cFAmQ/nJIACgkQrB3Eaf9P W7d15g//UDRf3gbtTcZGco4/MMSAyys7ta01onPVH+x3DI6AE2rI2DbAQgN4pFmg 8XQhdSXcjeikZz5pA5jm0mmM6YmvP4YcKCinXWgdg1My96RW7c3QduLsKkOuLOCP RdP1esqhLolsSsr+klS6OcwK87euBVgQG2K933kyqKN8w2qBeAZQ6SVDSLJbIu/j yTTxjTldBHqezC3PZPdnr5+XLgeKfpPsn/BZUOskVPSRk+6U8Wr1v0y/PvOKZ3CD 8j4vyCFYAuU70oyfdEKCGnqH4L028R3WgtOkHmdWzHXi9QdgSk0Ox2px4scP02YF iu7RJsVHaxmPdKboUvdkJ1SsuggwZKn5ItgYedgRuXO9YdbmsC1Wb3mekRdaLc3y 90NkuOESDewu3HUWZX3jrE5q9QvD9fsztRC+sweRKBKN9XV7YHjGyHejLp40LIWV z/Bhq/iM/IP4PGWGK/X1gnRARg0iJe4yRMCveid9l1z3yIx+VnsLQjiEE3+BnutB MO18+3jE7ALBVlqGiNsbHvWF2OfsM5URRgCRI8YvEFhI4v2ZjIM8bdrnneXCiHPD 9nziLG7/rcj4YKhpbWsc5QWW+zFj2c771rKR2w73XbbBC19ZYozMy5Et3cgdF06S yc4Pc+XedaPjHw1zvMPavJBDHxBwBXp/ZlfVY3hInuzkEqZ2gBo= =2Y8Y -----END PGP SIGNATURE----- Merge tag 'ipsec-next-2023-04-19' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next Steffen Klassert says: ==================== ipsec-next 2023-04-19 1) Remove inner/outer modes from input/output path. These are not needed anymore. From Herbert Xu. * tag 'ipsec-next-2023-04-19' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next: xfrm: Remove inner/outer modes from output path xfrm: Remove inner/outer modes from input path ==================== Link: https://lore.kernel.org/r/20230419075300.452227-1-steffen.klassert@secunet.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Jakub Kicinski
Коммит
f1836a4245
|
|
@ -231,9 +231,6 @@ static int xfrm4_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb)
|
|||
{
|
||||
int err = -EINVAL;
|
||||
|
||||
if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP)
|
||||
goto out;
|
||||
|
||||
if (!pskb_may_pull(skb, sizeof(struct iphdr)))
|
||||
goto out;
|
||||
|
||||
|
|
@ -269,8 +266,6 @@ static int xfrm6_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb)
|
|||
{
|
||||
int err = -EINVAL;
|
||||
|
||||
if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPV6)
|
||||
goto out;
|
||||
if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
|
||||
goto out;
|
||||
|
||||
|
|
@ -331,22 +326,26 @@ out:
|
|||
*/
|
||||
static int
|
||||
xfrm_inner_mode_encap_remove(struct xfrm_state *x,
|
||||
const struct xfrm_mode *inner_mode,
|
||||
struct sk_buff *skb)
|
||||
{
|
||||
switch (inner_mode->encap) {
|
||||
switch (x->props.mode) {
|
||||
case XFRM_MODE_BEET:
|
||||
if (inner_mode->family == AF_INET)
|
||||
switch (XFRM_MODE_SKB_CB(skb)->protocol) {
|
||||
case IPPROTO_IPIP:
|
||||
case IPPROTO_BEETPH:
|
||||
return xfrm4_remove_beet_encap(x, skb);
|
||||
if (inner_mode->family == AF_INET6)
|
||||
case IPPROTO_IPV6:
|
||||
return xfrm6_remove_beet_encap(x, skb);
|
||||
}
|
||||
break;
|
||||
case XFRM_MODE_TUNNEL:
|
||||
if (inner_mode->family == AF_INET)
|
||||
switch (XFRM_MODE_SKB_CB(skb)->protocol) {
|
||||
case IPPROTO_IPIP:
|
||||
return xfrm4_remove_tunnel_encap(x, skb);
|
||||
if (inner_mode->family == AF_INET6)
|
||||
case IPPROTO_IPV6:
|
||||
return xfrm6_remove_tunnel_encap(x, skb);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
WARN_ON_ONCE(1);
|
||||
|
|
@ -355,9 +354,7 @@ xfrm_inner_mode_encap_remove(struct xfrm_state *x,
|
|||
|
||||
static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
|
||||
{
|
||||
const struct xfrm_mode *inner_mode = &x->inner_mode;
|
||||
|
||||
switch (x->outer_mode.family) {
|
||||
switch (x->props.family) {
|
||||
case AF_INET:
|
||||
xfrm4_extract_header(skb);
|
||||
break;
|
||||
|
|
@ -369,17 +366,12 @@ static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
|
|||
return -EAFNOSUPPORT;
|
||||
}
|
||||
|
||||
if (x->sel.family == AF_UNSPEC) {
|
||||
inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
|
||||
if (!inner_mode)
|
||||
return -EAFNOSUPPORT;
|
||||
}
|
||||
|
||||
switch (inner_mode->family) {
|
||||
case AF_INET:
|
||||
switch (XFRM_MODE_SKB_CB(skb)->protocol) {
|
||||
case IPPROTO_IPIP:
|
||||
case IPPROTO_BEETPH:
|
||||
skb->protocol = htons(ETH_P_IP);
|
||||
break;
|
||||
case AF_INET6:
|
||||
case IPPROTO_IPV6:
|
||||
skb->protocol = htons(ETH_P_IPV6);
|
||||
break;
|
||||
default:
|
||||
|
|
@ -387,7 +379,7 @@ static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
|
|||
break;
|
||||
}
|
||||
|
||||
return xfrm_inner_mode_encap_remove(x, inner_mode, skb);
|
||||
return xfrm_inner_mode_encap_remove(x, skb);
|
||||
}
|
||||
|
||||
/* Remove encapsulation header.
|
||||
|
|
@ -433,17 +425,16 @@ static int xfrm6_transport_input(struct xfrm_state *x, struct sk_buff *skb)
|
|||
}
|
||||
|
||||
static int xfrm_inner_mode_input(struct xfrm_state *x,
|
||||
const struct xfrm_mode *inner_mode,
|
||||
struct sk_buff *skb)
|
||||
{
|
||||
switch (inner_mode->encap) {
|
||||
switch (x->props.mode) {
|
||||
case XFRM_MODE_BEET:
|
||||
case XFRM_MODE_TUNNEL:
|
||||
return xfrm_prepare_input(x, skb);
|
||||
case XFRM_MODE_TRANSPORT:
|
||||
if (inner_mode->family == AF_INET)
|
||||
if (x->props.family == AF_INET)
|
||||
return xfrm4_transport_input(x, skb);
|
||||
if (inner_mode->family == AF_INET6)
|
||||
if (x->props.family == AF_INET6)
|
||||
return xfrm6_transport_input(x, skb);
|
||||
break;
|
||||
case XFRM_MODE_ROUTEOPTIMIZATION:
|
||||
|
|
@ -461,7 +452,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
|
|||
{
|
||||
const struct xfrm_state_afinfo *afinfo;
|
||||
struct net *net = dev_net(skb->dev);
|
||||
const struct xfrm_mode *inner_mode;
|
||||
int err;
|
||||
__be32 seq;
|
||||
__be32 seq_hi;
|
||||
|
|
@ -491,7 +481,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
|
|||
goto drop;
|
||||
}
|
||||
|
||||
family = x->outer_mode.family;
|
||||
family = x->props.family;
|
||||
|
||||
/* An encap_type of -1 indicates async resumption. */
|
||||
if (encap_type == -1) {
|
||||
|
|
@ -676,17 +666,7 @@ resume:
|
|||
|
||||
XFRM_MODE_SKB_CB(skb)->protocol = nexthdr;
|
||||
|
||||
inner_mode = &x->inner_mode;
|
||||
|
||||
if (x->sel.family == AF_UNSPEC) {
|
||||
inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
|
||||
if (inner_mode == NULL) {
|
||||
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
|
||||
goto drop;
|
||||
}
|
||||
}
|
||||
|
||||
if (xfrm_inner_mode_input(x, inner_mode, skb)) {
|
||||
if (xfrm_inner_mode_input(x, skb)) {
|
||||
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
|
||||
goto drop;
|
||||
}
|
||||
|
|
@ -701,7 +681,7 @@ resume:
|
|||
* transport mode so the outer address is identical.
|
||||
*/
|
||||
daddr = &x->id.daddr;
|
||||
family = x->outer_mode.family;
|
||||
family = x->props.family;
|
||||
|
||||
err = xfrm_parse_spi(skb, nexthdr, &spi, &seq);
|
||||
if (err < 0) {
|
||||
|
|
@ -732,7 +712,7 @@ resume:
|
|||
|
||||
err = -EAFNOSUPPORT;
|
||||
rcu_read_lock();
|
||||
afinfo = xfrm_state_afinfo_get_rcu(x->inner_mode.family);
|
||||
afinfo = xfrm_state_afinfo_get_rcu(x->props.family);
|
||||
if (likely(afinfo))
|
||||
err = afinfo->transport_finish(skb, xfrm_gro || async);
|
||||
rcu_read_unlock();
|
||||
|
|
|
|||
|
|
@ -412,7 +412,7 @@ static int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
|
|||
IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE;
|
||||
skb->protocol = htons(ETH_P_IP);
|
||||
|
||||
switch (x->outer_mode.encap) {
|
||||
switch (x->props.mode) {
|
||||
case XFRM_MODE_BEET:
|
||||
return xfrm4_beet_encap_add(x, skb);
|
||||
case XFRM_MODE_TUNNEL:
|
||||
|
|
@ -435,7 +435,7 @@ static int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
|
|||
skb->ignore_df = 1;
|
||||
skb->protocol = htons(ETH_P_IPV6);
|
||||
|
||||
switch (x->outer_mode.encap) {
|
||||
switch (x->props.mode) {
|
||||
case XFRM_MODE_BEET:
|
||||
return xfrm6_beet_encap_add(x, skb);
|
||||
case XFRM_MODE_TUNNEL:
|
||||
|
|
@ -451,22 +451,22 @@ static int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
|
|||
|
||||
static int xfrm_outer_mode_output(struct xfrm_state *x, struct sk_buff *skb)
|
||||
{
|
||||
switch (x->outer_mode.encap) {
|
||||
switch (x->props.mode) {
|
||||
case XFRM_MODE_BEET:
|
||||
case XFRM_MODE_TUNNEL:
|
||||
if (x->outer_mode.family == AF_INET)
|
||||
if (x->props.family == AF_INET)
|
||||
return xfrm4_prepare_output(x, skb);
|
||||
if (x->outer_mode.family == AF_INET6)
|
||||
if (x->props.family == AF_INET6)
|
||||
return xfrm6_prepare_output(x, skb);
|
||||
break;
|
||||
case XFRM_MODE_TRANSPORT:
|
||||
if (x->outer_mode.family == AF_INET)
|
||||
if (x->props.family == AF_INET)
|
||||
return xfrm4_transport_output(x, skb);
|
||||
if (x->outer_mode.family == AF_INET6)
|
||||
if (x->props.family == AF_INET6)
|
||||
return xfrm6_transport_output(x, skb);
|
||||
break;
|
||||
case XFRM_MODE_ROUTEOPTIMIZATION:
|
||||
if (x->outer_mode.family == AF_INET6)
|
||||
if (x->props.family == AF_INET6)
|
||||
return xfrm6_ro_output(x, skb);
|
||||
WARN_ON_ONCE(1);
|
||||
break;
|
||||
|
|
@ -875,21 +875,10 @@ static int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb)
|
|||
|
||||
static int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb)
|
||||
{
|
||||
const struct xfrm_mode *inner_mode;
|
||||
|
||||
if (x->sel.family == AF_UNSPEC)
|
||||
inner_mode = xfrm_ip2inner_mode(x,
|
||||
xfrm_af2proto(skb_dst(skb)->ops->family));
|
||||
else
|
||||
inner_mode = &x->inner_mode;
|
||||
|
||||
if (inner_mode == NULL)
|
||||
return -EAFNOSUPPORT;
|
||||
|
||||
switch (inner_mode->family) {
|
||||
case AF_INET:
|
||||
switch (skb->protocol) {
|
||||
case htons(ETH_P_IP):
|
||||
return xfrm4_extract_output(x, skb);
|
||||
case AF_INET6:
|
||||
case htons(ETH_P_IPV6):
|
||||
return xfrm6_extract_output(x, skb);
|
||||
}
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче