탐색 도움말
가입하기 로그인
phyus
/
linux-vybrid_public
8
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
소스 검색

[XFRM] IPV6: Add sort functions to combine templates/states for IPsec.

Add sort functions to combine templates/states for IPsec.
Think of outbound transformation order we should be careful with transport AH
which must be the last of all transport ones.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Masahide NAKAMURA 18 년 전
부모
f7b6983f0f
커밋
58c949d1b9
1개의 변경된 파일97개의 추가작업 그리고 0개의 파일을 삭제
분할 보기 변경상태 보기
  1. 97 0
      net/ipv6/xfrm6_state.c

+ 97 - 0
net/ipv6/xfrm6_state.c
파일 보기 

@@ -156,12 +156,109 @@ __xfrm6_find_acq(u8 mode, u32 reqid, u8 proto,
 
 	return x0;
 
 }
 
 
+static int
 
+__xfrm6_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n)
 
+{
 
+	int i;
 
+	int j = 0;
 
+
 
+	/* Rule 1: select IPsec transport except AH */
 
+	for (i = 0; i < n; i++) {
 
+		if (src[i]->props.mode == XFRM_MODE_TRANSPORT &&
 
+		    src[i]->id.proto != IPPROTO_AH) {
 
+			dst[j++] = src[i];
 
+			src[i] = NULL;
 
+		}
 
+	}
 
+	if (j == n)
 
+		goto end;
 
+
 
+	/* XXX: Rule 2: select MIPv6 RO or inbound trigger */
 
+
 
+	/* Rule 3: select IPsec transport AH */
 
+	for (i = 0; i < n; i++) {
 
+		if (src[i] &&
 
+		    src[i]->props.mode == XFRM_MODE_TRANSPORT &&
 
+		    src[i]->id.proto == IPPROTO_AH) {
 
+			dst[j++] = src[i];
 
+			src[i] = NULL;
 
+		}
 
+	}
 
+	if (j == n)
 
+		goto end;
 
+
 
+	/* Rule 4: select IPsec tunnel */
 
+	for (i = 0; i < n; i++) {
 
+		if (src[i] &&
 
+		    src[i]->props.mode == XFRM_MODE_TUNNEL) {
 
+			dst[j++] = src[i];
 
+			src[i] = NULL;
 
+		}
 
+	}
 
+	if (likely(j == n))
 
+		goto end;
 
+
 
+	/* Final rule */
 
+	for (i = 0; i < n; i++) {
 
+		if (src[i]) {
 
+			dst[j++] = src[i];
 
+			src[i] = NULL;
 
+		}
 
+	}
 
+
 
+ end:
 
+	return 0;
 
+}
 
+
 
+static int
 
+__xfrm6_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n)
 
+{
 
+	int i;
 
+	int j = 0;
 
+
 
+	/* Rule 1: select IPsec transport */
 
+	for (i = 0; i < n; i++) {
 
+		if (src[i]->mode == XFRM_MODE_TRANSPORT) {
 
+			dst[j++] = src[i];
 
+			src[i] = NULL;
 
+		}
 
+	}
 
+	if (j == n)
 
+		goto end;
 
+
 
+	/* XXX: Rule 2: select MIPv6 RO or inbound trigger */
 
+
 
+	/* Rule 3: select IPsec tunnel */
 
+	for (i = 0; i < n; i++) {
 
+		if (src[i] &&
 
+		    src[i]->mode == XFRM_MODE_TUNNEL) {
 
+			dst[j++] = src[i];
 
+			src[i] = NULL;
 
+		}
 
+	}
 
+	if (likely(j == n))
 
+		goto end;
 
+
 
+	/* Final rule */
 
+	for (i = 0; i < n; i++) {
 
+		if (src[i]) {
 
+			dst[j++] = src[i];
 
+			src[i] = NULL;
 
+		}
 
+	}
 
+
 
+ end:
 
+	return 0;
 
+}
 
+
 
 static struct xfrm_state_afinfo xfrm6_state_afinfo = {
 
 	.family			= AF_INET6,
 
 	.init_tempsel		= __xfrm6_init_tempsel,
 
 	.state_lookup		= __xfrm6_state_lookup,
 
 	.state_lookup_byaddr	= __xfrm6_state_lookup_byaddr,
 
 	.find_acq		= __xfrm6_find_acq,
 
+	.tmpl_sort		= __xfrm6_tmpl_sort,
 
+	.state_sort		= __xfrm6_state_sort,
 
 };
 
 
 void __init xfrm6_state_init(void)