Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

Conflicts:
	net/xfrm/xfrm_policy.c

Minor merge conflict in xfrm_policy.c, consisting of overlapping
changes which were trivial to resolve.

Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller 11 years ago
parent
e139862eee 1c5ad13f7c
commit
296c10639a
5 changed files with 41 additions and 79 deletions
Split View Show Diff Stats
  1. 0 10
      include/net/esp.h
  2. 15 34
      net/ipv4/esp4.c
  3. 15 33
      net/ipv6/esp6.c
  4. 4 2
      net/xfrm/xfrm_ipcomp.c
  5. 7 0
      net/xfrm/xfrm_policy.c

+ 0 - 10
include/net/esp.h
View File 

@@ -3,16 +3,6 @@
 
 
 #include <linux/skbuff.h>
 
 
-struct crypto_aead;
 
-
 
-struct esp_data {
 
-	/* 0..255 */
 
-	int padlen;
 
-
 
-	/* Confidentiality & Integrity */
 
-	struct crypto_aead *aead;
 
-};
 
-
 
 void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);
 
 
 struct ip_esp_hdr;

+ 15 - 34
net/ipv4/esp4.c
View File 

@@ -121,7 +121,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
 
 	struct aead_givcrypt_request *req;
 
 	struct scatterlist *sg;
 
 	struct scatterlist *asg;
 
-	struct esp_data *esp;
 
 	struct sk_buff *trailer;
 
 	void *tmp;
 
 	u8 *iv;
 
@@ -139,8 +138,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
 
 
 	/* skb is pure payload to encrypt */
 
 
-	esp = x->data;
 
-	aead = esp->aead;
 
+	aead = x->data;
 
 	alen = crypto_aead_authsize(aead);
 
 
 	tfclen = 0;
 
@@ -154,8 +152,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
 
 	}
 
 	blksize = ALIGN(crypto_aead_blocksize(aead), 4);
 
 	clen = ALIGN(skb->len + 2 + tfclen, blksize);
 
-	if (esp->padlen)
 
-		clen = ALIGN(clen, esp->padlen);
 
 	plen = clen - skb->len - tfclen;
 
 
 	err = skb_cow_data(skb, tfclen + plen + alen, &trailer);
 
@@ -280,8 +276,7 @@ static int esp_input_done2(struct sk_buff *skb, int err)
 
 {
 
 	const struct iphdr *iph;
 
 	struct xfrm_state *x = xfrm_input_state(skb);
 
-	struct esp_data *esp = x->data;
 
-	struct crypto_aead *aead = esp->aead;
 
+	struct crypto_aead *aead = x->data;
 
 	int alen = crypto_aead_authsize(aead);
 
 	int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
 
 	int elen = skb->len - hlen;
 
@@ -376,8 +371,7 @@ static void esp_input_done(struct crypto_async_request *base, int err)
 
 static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
 
 {
 
 	struct ip_esp_hdr *esph;
 
-	struct esp_data *esp = x->data;
 
-	struct crypto_aead *aead = esp->aead;
 
+	struct crypto_aead *aead = x->data;
 
 	struct aead_request *req;
 
 	struct sk_buff *trailer;
 
 	int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead);
 
@@ -459,9 +453,8 @@ out:
 
 
 static u32 esp4_get_mtu(struct xfrm_state *x, int mtu)
 
 {
 
-	struct esp_data *esp = x->data;
 
-	u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4);
 
-	u32 align = max_t(u32, blksize, esp->padlen);
 
+	struct crypto_aead *aead = x->data;
 
+	u32 blksize = ALIGN(crypto_aead_blocksize(aead), 4);
 
 	unsigned int net_adj;
 
 
 	switch (x->props.mode) {
 
@@ -476,8 +469,8 @@ static u32 esp4_get_mtu(struct xfrm_state *x, int mtu)
 
 		BUG();
 
 	}
 
 
-	return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) -
 
-		 net_adj) & ~(align - 1)) + net_adj - 2;
 
+	return ((mtu - x->props.header_len - crypto_aead_authsize(aead) -
 
+		 net_adj) & ~(blksize - 1)) + net_adj - 2;
 
 }
 
 
 static void esp4_err(struct sk_buff *skb, u32 info)
 
@@ -511,18 +504,16 @@ static void esp4_err(struct sk_buff *skb, u32 info)
 
 
 static void esp_destroy(struct xfrm_state *x)
 
 {
 
-	struct esp_data *esp = x->data;
 
+	struct crypto_aead *aead = x->data;
 
 
-	if (!esp)
 
+	if (!aead)
 
 		return;
 
 
-	crypto_free_aead(esp->aead);
 
-	kfree(esp);
 
+	crypto_free_aead(aead);
 
 }
 
 
 static int esp_init_aead(struct xfrm_state *x)
 
 {
 
-	struct esp_data *esp = x->data;
 
 	struct crypto_aead *aead;
 
 	int err;
 
 
@@ -531,7 +522,7 @@ static int esp_init_aead(struct xfrm_state *x)
 
 	if (IS_ERR(aead))
 
 		goto error;
 
 
-	esp->aead = aead;
 
+	x->data = aead;
 
 
 	err = crypto_aead_setkey(aead, x->aead->alg_key,
 
 				 (x->aead->alg_key_len + 7) / 8);
 
@@ -548,7 +539,6 @@ error:
 
 
 static int esp_init_authenc(struct xfrm_state *x)
 
 {
 
-	struct esp_data *esp = x->data;
 
 	struct crypto_aead *aead;
 
 	struct crypto_authenc_key_param *param;
 
 	struct rtattr *rta;
 
@@ -583,7 +573,7 @@ static int esp_init_authenc(struct xfrm_state *x)
 
 	if (IS_ERR(aead))
 
 		goto error;
 
 
-	esp->aead = aead;
 
+	x->data = aead;
 
 
 	keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) +
 
 		 (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param));
 
@@ -638,16 +628,11 @@ error:
 
 
 static int esp_init_state(struct xfrm_state *x)
 
 {
 
-	struct esp_data *esp;
 
 	struct crypto_aead *aead;
 
 	u32 align;
 
 	int err;
 
 
-	esp = kzalloc(sizeof(*esp), GFP_KERNEL);
 
-	if (esp == NULL)
 
-		return -ENOMEM;
 
-
 
-	x->data = esp;
 
+	x->data = NULL;
 
 
 	if (x->aead)
 
 		err = esp_init_aead(x);
 
@@ -657,9 +642,7 @@ static int esp_init_state(struct xfrm_state *x)
 
 	if (err)
 
 		goto error;
 
 
-	aead = esp->aead;
 
-
 
-	esp->padlen = 0;
 
+	aead = x->data;
 
 
 	x->props.header_len = sizeof(struct ip_esp_hdr) +
 
 			      crypto_aead_ivsize(aead);
 
@@ -683,9 +666,7 @@ static int esp_init_state(struct xfrm_state *x)
 
 	}
 
 
 	align = ALIGN(crypto_aead_blocksize(aead), 4);
 
-	if (esp->padlen)
 
-		align = max_t(u32, align, esp->padlen);
 
-	x->props.trailer_len = align + 1 + crypto_aead_authsize(esp->aead);
 
+	x->props.trailer_len = align + 1 + crypto_aead_authsize(aead);
 
 
 error:
 
 	return err;

+ 15 - 33
net/ipv6/esp6.c
View File 

@@ -164,10 +164,9 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
 
 	u8 *iv;
 
 	u8 *tail;
 
 	__be32 *seqhi;
 
-	struct esp_data *esp = x->data;
 
 
 	/* skb is pure payload to encrypt */
 
-	aead = esp->aead;
 
+	aead = x->data;
 
 	alen = crypto_aead_authsize(aead);
 
 
 	tfclen = 0;
 
@@ -181,8 +180,6 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
 
 	}
 
 	blksize = ALIGN(crypto_aead_blocksize(aead), 4);
 
 	clen = ALIGN(skb->len + 2 + tfclen, blksize);
 
-	if (esp->padlen)
 
-		clen = ALIGN(clen, esp->padlen);
 
 	plen = clen - skb->len - tfclen;
 
 
 	err = skb_cow_data(skb, tfclen + plen + alen, &trailer);
 
@@ -271,8 +268,7 @@ error:
 
 static int esp_input_done2(struct sk_buff *skb, int err)
 
 {
 
 	struct xfrm_state *x = xfrm_input_state(skb);
 
-	struct esp_data *esp = x->data;
 
-	struct crypto_aead *aead = esp->aead;
 
+	struct crypto_aead *aead = x->data;
 
 	int alen = crypto_aead_authsize(aead);
 
 	int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
 
 	int elen = skb->len - hlen;
 
@@ -325,8 +321,7 @@ static void esp_input_done(struct crypto_async_request *base, int err)
 
 static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
 
 {
 
 	struct ip_esp_hdr *esph;
 
-	struct esp_data *esp = x->data;
 
-	struct crypto_aead *aead = esp->aead;
 
+	struct crypto_aead *aead = x->data;
 
 	struct aead_request *req;
 
 	struct sk_buff *trailer;
 
 	int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead);
 
@@ -414,9 +409,8 @@ out:
 
 
 static u32 esp6_get_mtu(struct xfrm_state *x, int mtu)
 
 {
 
-	struct esp_data *esp = x->data;
 
-	u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4);
 
-	u32 align = max_t(u32, blksize, esp->padlen);
 
+	struct crypto_aead *aead = x->data;
 
+	u32 blksize = ALIGN(crypto_aead_blocksize(aead), 4);
 
 	unsigned int net_adj;
 
 
 	if (x->props.mode != XFRM_MODE_TUNNEL)
 
@@ -424,8 +418,8 @@ static u32 esp6_get_mtu(struct xfrm_state *x, int mtu)
 
 	else
 
 		net_adj = 0;
 
 
-	return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) -
 
-		 net_adj) & ~(align - 1)) + net_adj - 2;
 
+	return ((mtu - x->props.header_len - crypto_aead_authsize(aead) -
 
+		 net_adj) & ~(blksize - 1)) + net_adj - 2;
 
 }
 
 
 static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 
@@ -454,18 +448,16 @@ static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 
 
 static void esp6_destroy(struct xfrm_state *x)
 
 {
 
-	struct esp_data *esp = x->data;
 
+	struct crypto_aead *aead = x->data;
 
 
-	if (!esp)
 
+	if (!aead)
 
 		return;
 
 
-	crypto_free_aead(esp->aead);
 
-	kfree(esp);
 
+	crypto_free_aead(aead);
 
 }
 
 
 static int esp_init_aead(struct xfrm_state *x)
 
 {
 
-	struct esp_data *esp = x->data;
 
 	struct crypto_aead *aead;
 
 	int err;
 
 
@@ -474,7 +466,7 @@ static int esp_init_aead(struct xfrm_state *x)
 
 	if (IS_ERR(aead))
 
 		goto error;
 
 
-	esp->aead = aead;
 
+	x->data = aead;
 
 
 	err = crypto_aead_setkey(aead, x->aead->alg_key,
 
 				 (x->aead->alg_key_len + 7) / 8);
 
@@ -491,7 +483,6 @@ error:
 
 
 static int esp_init_authenc(struct xfrm_state *x)
 
 {
 
-	struct esp_data *esp = x->data;
 
 	struct crypto_aead *aead;
 
 	struct crypto_authenc_key_param *param;
 
 	struct rtattr *rta;
 
@@ -526,7 +517,7 @@ static int esp_init_authenc(struct xfrm_state *x)
 
 	if (IS_ERR(aead))
 
 		goto error;
 
 
-	esp->aead = aead;
 
+	x->data = aead;
 
 
 	keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) +
 
 		 (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param));
 
@@ -581,7 +572,6 @@ error:
 
 
 static int esp6_init_state(struct xfrm_state *x)
 
 {
 
-	struct esp_data *esp;
 
 	struct crypto_aead *aead;
 
 	u32 align;
 
 	int err;
 
@@ -589,11 +579,7 @@ static int esp6_init_state(struct xfrm_state *x)
 
 	if (x->encap)
 
 		return -EINVAL;
 
 
-	esp = kzalloc(sizeof(*esp), GFP_KERNEL);
 
-	if (esp == NULL)
 
-		return -ENOMEM;
 
-
 
-	x->data = esp;
 
+	x->data = NULL;
 
 
 	if (x->aead)
 
 		err = esp_init_aead(x);
 
@@ -603,9 +589,7 @@ static int esp6_init_state(struct xfrm_state *x)
 
 	if (err)
 
 		goto error;
 
 
-	aead = esp->aead;
 
-
 
-	esp->padlen = 0;
 
+	aead = x->data;
 
 
 	x->props.header_len = sizeof(struct ip_esp_hdr) +
 
 			      crypto_aead_ivsize(aead);
 
@@ -625,9 +609,7 @@ static int esp6_init_state(struct xfrm_state *x)
 
 	}
 
 
 	align = ALIGN(crypto_aead_blocksize(aead), 4);
 
-	if (esp->padlen)
 
-		align = max_t(u32, align, esp->padlen);
 
-	x->props.trailer_len = align + 1 + crypto_aead_authsize(esp->aead);
 
+	x->props.trailer_len = align + 1 + crypto_aead_authsize(aead);
 
 
 error:
 
 	return err;

+ 4 - 2
net/xfrm/xfrm_ipcomp.c
View File 

@@ -220,8 +220,8 @@ static void ipcomp_free_scratches(void)
 
 
 static void * __percpu *ipcomp_alloc_scratches(void)
 
 {
 
-	int i;
 
 	void * __percpu *scratches;
 
+	int i;
 
 
 	if (ipcomp_scratch_users++)
 
 		return ipcomp_scratches;
 
@@ -233,7 +233,9 @@ static void * __percpu *ipcomp_alloc_scratches(void)
 
 	ipcomp_scratches = scratches;
 
 
 	for_each_possible_cpu(i) {
 
-		void *scratch = vmalloc(IPCOMP_SCRATCH_SIZE);
 
+		void *scratch;
 
+
 
+		scratch = vmalloc_node(IPCOMP_SCRATCH_SIZE, cpu_to_node(i));
 
 		if (!scratch)
 
 			return NULL;
 
 		*per_cpu_ptr(scratches, i) = scratch;

+ 7 - 0
net/xfrm/xfrm_policy.c
View File 

@@ -1844,6 +1844,13 @@ static int xdst_queue_output(struct sk_buff *skb)
 
 	struct xfrm_dst *xdst = (struct xfrm_dst *) dst;
 
 	struct xfrm_policy *pol = xdst->pols[0];
 
 	struct xfrm_policy_queue *pq = &pol->polq;
 
+	const struct sk_buff *fclone = skb + 1;
 
+
 
+	if (unlikely(skb->fclone == SKB_FCLONE_ORIG &&
 
+		     fclone->fclone == SKB_FCLONE_CLONE)) {
 
+		kfree_skb(skb);
 
+		return 0;
 
+	}
 
 
 	if (pq->hold_queue.qlen > XFRM_MAX_QUEUE_LEN) {
 
 		kfree_skb(skb);