mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-04 12:16:41 +00:00
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
Steffen Klassert says: ==================== pull request (net-next): ipsec-next 2022-07-20 1) Don't set DST_NOPOLICY in IPv4, a recent patch made this superfluous. From Eyal Birger. 2) Convert alg_key to flexible array member to avoid an iproute2 compile warning when built with gcc-12. From Stephen Hemminger. 3) xfrm_register_km and xfrm_unregister_km do always return 0 so change the type to void. From Zhengchao Shao. 4) Fix spelling mistake in esp6.c From Zhang Jiaming. 5) Improve the wording of comment above XFRM_OFFLOAD flags. From Petr Vaněk. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
e222dc8d84
@ -1077,7 +1077,7 @@ static int vrf_rtable_create(struct net_device *dev)
|
||||
return -ENOMEM;
|
||||
|
||||
/* create a dst for routing packets out through a VRF device */
|
||||
rth = rt_dst_alloc(dev, 0, RTN_UNICAST, 1, 1);
|
||||
rth = rt_dst_alloc(dev, 0, RTN_UNICAST, 1);
|
||||
if (!rth)
|
||||
return -ENOMEM;
|
||||
|
||||
|
@ -240,8 +240,7 @@ void ip_rt_multicast_event(struct in_device *);
|
||||
int ip_rt_ioctl(struct net *, unsigned int cmd, struct rtentry *rt);
|
||||
void ip_rt_get_source(u8 *src, struct sk_buff *skb, struct rtable *rt);
|
||||
struct rtable *rt_dst_alloc(struct net_device *dev,
|
||||
unsigned int flags, u16 type,
|
||||
bool nopolicy, bool noxfrm);
|
||||
unsigned int flags, u16 type, bool noxfrm);
|
||||
struct rtable *rt_dst_clone(struct net_device *dev, struct rtable *rt);
|
||||
|
||||
struct in_ifaddr;
|
||||
|
@ -583,8 +583,8 @@ struct xfrm_mgr {
|
||||
bool (*is_alive)(const struct km_event *c);
|
||||
};
|
||||
|
||||
int xfrm_register_km(struct xfrm_mgr *km);
|
||||
int xfrm_unregister_km(struct xfrm_mgr *km);
|
||||
void xfrm_register_km(struct xfrm_mgr *km);
|
||||
void xfrm_unregister_km(struct xfrm_mgr *km);
|
||||
|
||||
struct xfrm_tunnel_skb_cb {
|
||||
union {
|
||||
|
@ -102,21 +102,21 @@ struct xfrm_replay_state_esn {
|
||||
struct xfrm_algo {
|
||||
char alg_name[64];
|
||||
unsigned int alg_key_len; /* in bits */
|
||||
char alg_key[0];
|
||||
char alg_key[];
|
||||
};
|
||||
|
||||
struct xfrm_algo_auth {
|
||||
char alg_name[64];
|
||||
unsigned int alg_key_len; /* in bits */
|
||||
unsigned int alg_trunc_len; /* in bits */
|
||||
char alg_key[0];
|
||||
char alg_key[];
|
||||
};
|
||||
|
||||
struct xfrm_algo_aead {
|
||||
char alg_name[64];
|
||||
unsigned int alg_key_len; /* in bits */
|
||||
unsigned int alg_icv_len; /* in bits */
|
||||
char alg_key[0];
|
||||
char alg_key[];
|
||||
};
|
||||
|
||||
struct xfrm_stats {
|
||||
@ -511,9 +511,9 @@ struct xfrm_user_offload {
|
||||
int ifindex;
|
||||
__u8 flags;
|
||||
};
|
||||
/* This flag was exposed without any kernel code that supporting it.
|
||||
* Unfortunately, strongswan has the code that uses sets this flag,
|
||||
* which makes impossible to reuse this bit.
|
||||
/* This flag was exposed without any kernel code that supports it.
|
||||
* Unfortunately, strongswan has the code that sets this flag,
|
||||
* which makes it impossible to reuse this bit.
|
||||
*
|
||||
* So leave it here to make sure that it won't be reused by mistake.
|
||||
*/
|
||||
|
@ -1626,12 +1626,11 @@ static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
|
||||
|
||||
struct rtable *rt_dst_alloc(struct net_device *dev,
|
||||
unsigned int flags, u16 type,
|
||||
bool nopolicy, bool noxfrm)
|
||||
bool noxfrm)
|
||||
{
|
||||
struct rtable *rt;
|
||||
|
||||
rt = dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
|
||||
(nopolicy ? DST_NOPOLICY : 0) |
|
||||
(noxfrm ? DST_NOXFRM : 0));
|
||||
|
||||
if (rt) {
|
||||
@ -1726,7 +1725,6 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
|
||||
struct in_device *in_dev = __in_dev_get_rcu(dev);
|
||||
unsigned int flags = RTCF_MULTICAST;
|
||||
struct rtable *rth;
|
||||
bool no_policy;
|
||||
u32 itag = 0;
|
||||
int err;
|
||||
|
||||
@ -1737,12 +1735,11 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
|
||||
if (our)
|
||||
flags |= RTCF_LOCAL;
|
||||
|
||||
no_policy = IN_DEV_ORCONF(in_dev, NOPOLICY);
|
||||
if (no_policy)
|
||||
if (IN_DEV_ORCONF(in_dev, NOPOLICY))
|
||||
IPCB(skb)->flags |= IPSKB_NOPOLICY;
|
||||
|
||||
rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST,
|
||||
no_policy, false);
|
||||
false);
|
||||
if (!rth)
|
||||
return -ENOBUFS;
|
||||
|
||||
@ -1801,7 +1798,7 @@ static int __mkroute_input(struct sk_buff *skb,
|
||||
struct rtable *rth;
|
||||
int err;
|
||||
struct in_device *out_dev;
|
||||
bool do_cache, no_policy;
|
||||
bool do_cache;
|
||||
u32 itag = 0;
|
||||
|
||||
/* get a working reference to the output device */
|
||||
@ -1846,8 +1843,7 @@ static int __mkroute_input(struct sk_buff *skb,
|
||||
}
|
||||
}
|
||||
|
||||
no_policy = IN_DEV_ORCONF(in_dev, NOPOLICY);
|
||||
if (no_policy)
|
||||
if (IN_DEV_ORCONF(in_dev, NOPOLICY))
|
||||
IPCB(skb)->flags |= IPSKB_NOPOLICY;
|
||||
|
||||
fnhe = find_exception(nhc, daddr);
|
||||
@ -1862,7 +1858,7 @@ static int __mkroute_input(struct sk_buff *skb,
|
||||
}
|
||||
}
|
||||
|
||||
rth = rt_dst_alloc(out_dev->dev, 0, res->type, no_policy,
|
||||
rth = rt_dst_alloc(out_dev->dev, 0, res->type,
|
||||
IN_DEV_ORCONF(out_dev, NOXFRM));
|
||||
if (!rth) {
|
||||
err = -ENOBUFS;
|
||||
@ -2237,7 +2233,6 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
|
||||
struct rtable *rth;
|
||||
struct flowi4 fl4;
|
||||
bool do_cache = true;
|
||||
bool no_policy;
|
||||
|
||||
/* IP on this device is disabled. */
|
||||
|
||||
@ -2356,8 +2351,7 @@ out: return err;
|
||||
RT_CACHE_STAT_INC(in_brd);
|
||||
|
||||
local_input:
|
||||
no_policy = IN_DEV_ORCONF(in_dev, NOPOLICY);
|
||||
if (no_policy)
|
||||
if (IN_DEV_ORCONF(in_dev, NOPOLICY))
|
||||
IPCB(skb)->flags |= IPSKB_NOPOLICY;
|
||||
|
||||
do_cache &= res->fi && !itag;
|
||||
@ -2373,8 +2367,7 @@ out: return err;
|
||||
}
|
||||
|
||||
rth = rt_dst_alloc(ip_rt_get_dev(net, res),
|
||||
flags | RTCF_LOCAL, res->type,
|
||||
no_policy, false);
|
||||
flags | RTCF_LOCAL, res->type, false);
|
||||
if (!rth)
|
||||
goto e_nobufs;
|
||||
|
||||
@ -2597,7 +2590,6 @@ static struct rtable *__mkroute_output(const struct fib_result *res,
|
||||
|
||||
add:
|
||||
rth = rt_dst_alloc(dev_out, flags, type,
|
||||
IN_DEV_ORCONF(in_dev, NOPOLICY),
|
||||
IN_DEV_ORCONF(in_dev, NOXFRM));
|
||||
if (!rth)
|
||||
return ERR_PTR(-ENOBUFS);
|
||||
|
@ -343,7 +343,7 @@ static struct ip_esp_hdr *esp_output_set_esn(struct sk_buff *skb,
|
||||
struct esp_output_extra *extra)
|
||||
{
|
||||
/* For ESN we move the header forward by 4 bytes to
|
||||
* accomodate the high bits. We will move it back after
|
||||
* accommodate the high bits. We will move it back after
|
||||
* encryption.
|
||||
*/
|
||||
if ((x->props.flags & XFRM_STATE_ESN)) {
|
||||
@ -896,7 +896,7 @@ static void esp_input_set_header(struct sk_buff *skb, __be32 *seqhi)
|
||||
struct xfrm_state *x = xfrm_input_state(skb);
|
||||
|
||||
/* For ESN we move the header forward by 4 bytes to
|
||||
* accomodate the high bits. We will move it back after
|
||||
* accommodate the high bits. We will move it back after
|
||||
* decryption.
|
||||
*/
|
||||
if ((x->props.flags & XFRM_STATE_ESN)) {
|
||||
|
@ -3894,14 +3894,10 @@ static int __init ipsec_pfkey_init(void)
|
||||
err = sock_register(&pfkey_family_ops);
|
||||
if (err != 0)
|
||||
goto out_unregister_pernet;
|
||||
err = xfrm_register_km(&pfkeyv2_mgr);
|
||||
if (err != 0)
|
||||
goto out_sock_unregister;
|
||||
xfrm_register_km(&pfkeyv2_mgr);
|
||||
out:
|
||||
return err;
|
||||
|
||||
out_sock_unregister:
|
||||
sock_unregister(PF_KEY);
|
||||
out_unregister_pernet:
|
||||
unregister_pernet_subsys(&pfkey_net_ops);
|
||||
out_unregister_key_proto:
|
||||
|
@ -2481,22 +2481,20 @@ EXPORT_SYMBOL(xfrm_user_policy);
|
||||
|
||||
static DEFINE_SPINLOCK(xfrm_km_lock);
|
||||
|
||||
int xfrm_register_km(struct xfrm_mgr *km)
|
||||
void xfrm_register_km(struct xfrm_mgr *km)
|
||||
{
|
||||
spin_lock_bh(&xfrm_km_lock);
|
||||
list_add_tail_rcu(&km->list, &xfrm_km_list);
|
||||
spin_unlock_bh(&xfrm_km_lock);
|
||||
return 0;
|
||||
}
|
||||
EXPORT_SYMBOL(xfrm_register_km);
|
||||
|
||||
int xfrm_unregister_km(struct xfrm_mgr *km)
|
||||
void xfrm_unregister_km(struct xfrm_mgr *km)
|
||||
{
|
||||
spin_lock_bh(&xfrm_km_lock);
|
||||
list_del_rcu(&km->list);
|
||||
spin_unlock_bh(&xfrm_km_lock);
|
||||
synchronize_rcu();
|
||||
return 0;
|
||||
}
|
||||
EXPORT_SYMBOL(xfrm_unregister_km);
|
||||
|
||||
|
@ -3633,10 +3633,8 @@ static int __init xfrm_user_init(void)
|
||||
rv = register_pernet_subsys(&xfrm_user_net_ops);
|
||||
if (rv < 0)
|
||||
return rv;
|
||||
rv = xfrm_register_km(&netlink_mgr);
|
||||
if (rv < 0)
|
||||
unregister_pernet_subsys(&xfrm_user_net_ops);
|
||||
return rv;
|
||||
xfrm_register_km(&netlink_mgr);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void __exit xfrm_user_exit(void)
|
||||
|
Loading…
Reference in New Issue
Block a user