From: Florian Westphal <fw@strlen.de>
To: steffen.klassert@secunet.com
Cc: <netdev@vger.kernel.org>, Florian Westphal <fw@strlen.de>
Subject: [PATCH ipsec-next v2 4/6] xfrm: replay: remove recheck indirection
Date: Wed, 24 Jun 2020 10:08:02 +0200 [thread overview]
Message-ID: <20200624080804.7480-5-fw@strlen.de> (raw)
In-Reply-To: <20200624080804.7480-1-fw@strlen.de>
Adds new xfrm_replay_recheck() helper and calls it from
xfrm input path instead of the indirection.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
include/net/xfrm.h | 4 +---
net/xfrm/xfrm_input.c | 2 +-
net/xfrm/xfrm_replay.c | 22 ++++++++++++++++------
3 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 78bbfd370e34..7c0b69e00128 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -307,9 +307,6 @@ struct xfrm_replay {
int (*check)(struct xfrm_state *x,
struct sk_buff *skb,
__be32 net_seq);
- int (*recheck)(struct xfrm_state *x,
- struct sk_buff *skb,
- __be32 net_seq);
int (*overflow)(struct xfrm_state *x, struct sk_buff *skb);
};
@@ -1720,6 +1717,7 @@ static inline int xfrm_policy_id2dir(u32 index)
#ifdef CONFIG_XFRM
void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq);
void xfrm_replay_notify(struct xfrm_state *x, int event);
+int xfrm_replay_recheck(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq);
static inline int xfrm_aevent_is_on(struct net *net)
{
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index b4b559b35cf1..005d8e9c5df4 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -658,7 +658,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
/* only the first xfrm gets the encap type */
encap_type = 0;
- if (async && x->repl->recheck(x, skb, seq)) {
+ if (async && xfrm_replay_recheck(x, skb, seq)) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
goto drop_unlock;
}
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 460f438bd138..60608b51b2d9 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -503,6 +503,22 @@ static int xfrm_replay_recheck_esn(struct xfrm_state *x,
return xfrm_replay_check_esn(x, skb, net_seq);
}
+int xfrm_replay_recheck(struct xfrm_state *x,
+ struct sk_buff *skb, __be32 net_seq)
+{
+ switch (x->repl_mode) {
+ case XFRM_REPLAY_MODE_LEGACY:
+ break;
+ case XFRM_REPLAY_MODE_BMP:
+ /* no special recheck treatment */
+ return xfrm_replay_check_bmp(x, skb, net_seq);
+ case XFRM_REPLAY_MODE_ESN:
+ return xfrm_replay_recheck_esn(x, skb, net_seq);
+ }
+
+ return xfrm_replay_check(x, skb, net_seq);
+}
+
static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
{
unsigned int bitnr, nr, i;
@@ -690,37 +706,31 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
static const struct xfrm_replay xfrm_replay_legacy = {
.check = xfrm_replay_check,
- .recheck = xfrm_replay_check,
.overflow = xfrm_replay_overflow_offload,
};
static const struct xfrm_replay xfrm_replay_bmp = {
.check = xfrm_replay_check_bmp,
- .recheck = xfrm_replay_check_bmp,
.overflow = xfrm_replay_overflow_offload_bmp,
};
static const struct xfrm_replay xfrm_replay_esn = {
.check = xfrm_replay_check_esn,
- .recheck = xfrm_replay_recheck_esn,
.overflow = xfrm_replay_overflow_offload_esn,
};
#else
static const struct xfrm_replay xfrm_replay_legacy = {
.check = xfrm_replay_check,
- .recheck = xfrm_replay_check,
.overflow = xfrm_replay_overflow,
};
static const struct xfrm_replay xfrm_replay_bmp = {
.check = xfrm_replay_check_bmp,
- .recheck = xfrm_replay_check_bmp,
.overflow = xfrm_replay_overflow_bmp,
};
static const struct xfrm_replay xfrm_replay_esn = {
.check = xfrm_replay_check_esn,
- .recheck = xfrm_replay_recheck_esn,
.overflow = xfrm_replay_overflow_esn,
};
#endif
--
2.26.2
next prev parent reply other threads:[~2020-06-24 8:08 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-24 8:07 [PATCH ipsec-next v2 0/6] xfrm: remove xfrm replay indirections Florian Westphal
2020-06-24 8:07 ` [PATCH ipsec-next v2 1/6] xfrm: replay: avoid xfrm replay notify indirection Florian Westphal
2020-06-24 8:08 ` [PATCH ipsec-next v2 2/6] xfrm: replay: get rid of duplicated notification code Florian Westphal
2020-06-25 7:07 ` Sabrina Dubroca
2020-06-25 10:09 ` Florian Westphal
2020-06-24 8:08 ` [PATCH ipsec-next v2 3/6] xfrm: replay: remove advance indirection Florian Westphal
2020-06-24 8:08 ` Florian Westphal [this message]
2020-06-24 8:08 ` [PATCH ipsec-next v2 5/6] xfrm: replay: avoid replay indirection Florian Westphal
2020-06-24 8:08 ` [PATCH ipsec-next v2 6/6] xfrm: replay: remove last " Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200624080804.7480-5-fw@strlen.de \
--to=fw@strlen.de \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.