/* * xfrm6_state.c: based on xfrm4_state.c * * Authors: * Mitsuru KANDA @USAGI * Kazunori MIYAZAWA @USAGI * Kunihiro Ishiguro * IPv6 support * YOSHIFUJI Hideaki @USAGI * Split up af-specific portion * */ #include #include #include #include #include #include #include #include static void __xfrm6_init_tempsel(struct xfrm_selector *sel, const struct flowi *fl) { const struct flowi6 *fl6 = &fl->u.ip6; /* Initialize temporary selector matching only * to current session. */ *(struct in6_addr *)&sel->daddr = fl6->daddr; *(struct in6_addr *)&sel->saddr = fl6->saddr; sel->dport = xfrm_flowi_dport(fl, &fl6->uli); sel->dport_mask = htons(0xffff); sel->sport = xfrm_flowi_sport(fl, &fl6->uli); sel->sport_mask = htons(0xffff); sel->family = AF_INET6; sel->prefixlen_d = 128; sel->prefixlen_s = 128; sel->proto = fl6->flowi6_proto; sel->ifindex = fl6->flowi6_oif; } static void xfrm6_init_temprop(struct xfrm_state *x, const struct xfrm_tmpl *tmpl, const xfrm_address_t *daddr, const xfrm_address_t *saddr) { x->id = tmpl->id; if (ipv6_addr_any((struct in6_addr *)&x->id.daddr)) memcpy(&x->id.daddr, daddr, sizeof(x->sel.daddr)); memcpy(&x->props.saddr, &tmpl->saddr, sizeof(x->props.saddr)); if (ipv6_addr_any((struct in6_addr *)&x->props.saddr)) memcpy(&x->props.saddr, saddr, sizeof(x->props.saddr)); x->props.mode = tmpl->mode; x->props.reqid = tmpl->reqid; x->props.family = AF_INET6; } /* distribution counting sort function for xfrm_state and xfrm_tmpl */ static int __xfrm6_sort(void **dst, void **src, int n, int (*cmp)(void *p), int maxclass) { int i; int class[XFRM_MAX_DEPTH]; int count[maxclass]; memset(count, 0, sizeof(count)); for (i = 0; i < n; i++) { int c; class[i] = c = cmp(src[i]); count[c]++; } for (i = 2; i < maxclass; i++) count[i] += count[i - 1]; for (i = 0; i < n; i++) { dst[count[class[i] - 1]++] = src[i]; src[i] = NULL; } return 0; } /* * Rule for xfrm_state: * * rule 1: select IPsec transport except AH * rule 2: select MIPv6 RO or inbound trigger * rule 3: select IPsec transport AH * rule 4: select IPsec tunnel * rule 5: others */ static int __xfrm6_state_sort_cmp(void *p) { struct xfrm_state *v = p; switch (v->props.mode) { case XFRM_MODE_TRANSPORT: if (v->id.proto != IPPROTO_AH) return 1; else return 3; #if IS_ENABLED(CONFIG_IPV6_MIP6) case XFRM_MODE_ROUTEOPTIMIZATION: case XFRM_MODE_IN_TRIGGER: return 2; #endif case XFRM_MODE_TUNNEL: case XFRM_MODE_BEET: return 4; } return 5; } static int __xfrm6_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n) { return __xfrm6_sort((void **)dst, (void **)src, n, __xfrm6_state_sort_cmp, 6); } /* * Rule for xfrm_tmpl: * * rule 1: select IPsec transport * rule 2: select MIPv6 RO or inbound trigger * rule 3: select IPsec tunnel * rule 4: others */ static int __xfrm6_tmpl_sort_cmp(void *p) { struct xfrm_tmpl *v = p; switch (v->mode) { case XFRM_MODE_TRANSPORT: return 1; #if IS_ENABLED(CONFIG_IPV6_MIP6) case XFRM_MODE_ROUTEOPTIMIZATION: case XFRM_MODE_IN_TRIGGER: return 2; #endif case XFRM_MODE_TUNNEL: case XFRM_MODE_BEET: return 3; } return 4; } static int __xfrm6_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n) { return __xfrm6_sort((void **)dst, (void **)src, n, __xfrm6_tmpl_sort_cmp, 5); } int xfrm6_extract_header(struct sk_buff *skb) { struct ipv6hdr *iph = ipv6_hdr(skb); XFRM_MODE_SKB_CB(skb)->ihl = sizeof(*iph); XFRM_MODE_SKB_CB(skb)->id = 0; XFRM_MODE_SKB_CB(skb)->frag_off = htons(IP_DF); XFRM_MODE_SKB_CB(skb)->tos = ipv6_get_dsfield(iph); XFRM_MODE_SKB_CB(skb)->ttl = iph->hop_limit; XFRM_MODE_SKB_CB(skb)->optlen = 0; memcpy(XFRM_MODE_SKB_CB(skb)->flow_lbl, iph->flow_lbl, sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl)); return 0; } static struct xfrm_state_afinfo xfrm6_state_afinfo = { .family = AF_INET6, .proto = IPPROTO_IPV6, .eth_proto = htons(ETH_P_IPV6), .owner = THIS_MODULE, .init_tempsel = __xfrm6_init_tempsel, .init_temprop = xfrm6_init_temprop, .tmpl_sort = __xfrm6_tmpl_sort, .state_sort = __xfrm6_state_sort, .output = xfrm6_output, .output_finish = xfrm6_output_finish, .extract_input = xfrm6_extract_input, .extract_output = xfrm6_extract_output, .transport_finish = xfrm6_transport_finish, .local_error = xfrm6_local_error, }; int __init xfrm6_state_init(void) { return xfrm_state_register_afinfo(&xfrm6_state_afinfo); } void xfrm6_state_fini(void) { xfrm_state_unregister_afinfo(&xfrm6_state_afinfo); } 4/+0 2017-02-06can: rx-offload: Add support for timestamp based irq offloadingMarc Kleine-Budde1-1/+9 2017-02-06can: rx-offload: Add support for HW fifo based irq offloadingDavid Jander1-0/+51 2017-02-05net: remove __napi_complete()Eric Dumazet1-1/+0 2017-02-04net: ipv6: Change notifications for multipath add to RTA_MULTIPATHDavid Ahern1-0/+1 2017-02-04net: ipv6: Allow shorthand delete of all nexthops in multipath routeDavid Ahern1-1/+3 2017-02-03net: remove support for per driver ndo_busy_poll()Eric Dumazet2-5/+0 2017-02-03Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller11-40/+60 2017-02-03sched: cls_flower: expose priority to offloading netdeviceJiri Pirko1-0/+1 2017-02-03lib: Introduce priority array area managerJiri Pirko1-0/+76 2017-02-03list: introduce list_for_each_entry_from_reverse helperJiri Pirko1-0/+13 2017-02-03trace: rename trace_print_hex_seq arg and add kdocDaniel Borkmann2-3/+3 2017-02-03bridge: uapi: add per vlan tunnel infoRoopa Prabhu3-0/+13 2017-02-03vxlan: support fdb and learning in COLLECT_METADATA modeRoopa Prabhu1-0/+1 2017-02-03ip_tunnels: new IP_TUNNEL_INFO_BRIDGE flag for ip_tunnel_info modeRoopa Prabhu1-0/+1 2017-02-03net/sched: act_ife: Change to use ife moduleYotam Gigi2-10/+1 2017-02-03net: Introduce ife encapsulation moduleYotam Gigi3-0/+70 2017-02-03net/sched: act_ife: Unexport ife_tlv_meta_encodeYotam Gigi1-2/+0 2017-02-03tcp: add tcp_mss_clamp() helperEric Dumazet1-0/+9 2017-02-02net: add LINUX_MIB_PFMEMALLOCDROP counterEric Dumazet1-0/+1 2017-02-02net: phy: marvell: Add support for 88e1545 PHYAndrew Lunn1-0/+1 2017-02-02unix: add ioctl to open a unix socket file with O_PATHAndrey Vagin1-0/+2 2017-02-02net: phy: Marvell: Add mv88e6390 internal PHYAndrew Lunn1-0/+6 2017-02-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller9-30/+40 2017-02-02netfilter: allow logging from non-init namespacesMichal Kubeček1-0/+3 2017-02-02ipvs: free ip_vs_dest structs when refcnt=0David Windsor1-1/+1 2017-02-02netfilter: merge ctinfo into nfct pointer storage areaFlorian Westphal2-17/+15 2017-02-02netfilter: guarantee 8 byte minalign for template addressesFlorian Westphal1-0/+2 2017-02-02netfilter: add and use nf_ct_set helperFlorian Westphal2-2/+9 2017-02-02skbuff: add and use skb_nfct helperFlorian Westphal2-4/+11 2017-02-02netfilter: reduce direct skb->nfct usageFlorian Westphal1-3/+6 2017-02-02netfilter: conntrack: no need to pass ctinfo to error handlerFlorian Westphal1-1/+1