From: Florian Westphal <fw@strlen.de>
To: steffen.klassert@secunet.com
Cc: <netdev@vger.kernel.org>, Florian Westphal <fw@strlen.de>
Subject: [PATCH ipsec-next v2 6/6] xfrm: replay: remove last replay indirection
Date: Wed, 24 Jun 2020 10:08:04 +0200 [thread overview]
Message-ID: <20200624080804.7480-7-fw@strlen.de> (raw)
In-Reply-To: <20200624080804.7480-1-fw@strlen.de>
This replaces the overflow indirection with the new xfrm_replay_overflow
helper. After this, the 'repl' pointer in xfrm_state is no longer
needed and can be removed as well.
xfrm_replay_overflow() is added in two incarnations, one is used
when the kernel is configured with xfrm offload enabled, the other
when its disabled.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
include/net/xfrm.h | 8 +------
net/xfrm/xfrm_output.c | 2 +-
net/xfrm/xfrm_replay.c | 51 +++++++++++++++++++++---------------------
3 files changed, 28 insertions(+), 33 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 008b564cb126..c0f3e8a3fdd0 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -219,9 +219,6 @@ struct xfrm_state {
struct xfrm_replay_state preplay;
struct xfrm_replay_state_esn *preplay_esn;
- /* The functions for replay detection. */
- const struct xfrm_replay *repl;
-
/* replay detection mode */
enum xfrm_replay_mode repl_mode;
/* internal flag that only holds state for delayed aevent at the
@@ -303,10 +300,6 @@ struct km_event {
struct net *net;
};
-struct xfrm_replay {
- int (*overflow)(struct xfrm_state *x, struct sk_buff *skb);
-};
-
struct xfrm_if_cb {
struct xfrm_if *(*decode_session)(struct sk_buff *skb,
unsigned short family);
@@ -1715,6 +1708,7 @@ static inline int xfrm_policy_id2dir(u32 index)
void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq);
int xfrm_replay_check(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq);
void xfrm_replay_notify(struct xfrm_state *x, int event);
+int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb);
int xfrm_replay_recheck(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq);
static inline int xfrm_aevent_is_on(struct net *net)
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index e4c23f69f69f..8893a37690ad 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -448,7 +448,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
goto error;
}
- err = x->repl->overflow(x, skb);
+ err = xfrm_replay_overflow(x, skb);
if (err) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATESEQERROR);
goto error;
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 8c97fcaf17cf..7630d002107b 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -97,7 +97,7 @@ void xfrm_replay_notify(struct xfrm_state *x, int event)
x->xflags &= ~XFRM_TIME_DEFER;
}
-static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
+static int __xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
{
int err = 0;
struct net *net = xs_net(x);
@@ -601,7 +601,7 @@ static int xfrm_replay_overflow_offload(struct xfrm_state *x, struct sk_buff *sk
__u32 oseq = x->replay.oseq;
if (!xo)
- return xfrm_replay_overflow(x, skb);
+ return __xfrm_replay_overflow(x, skb);
if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
if (!skb_is_gso(skb)) {
@@ -719,29 +719,33 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
return err;
}
-static const struct xfrm_replay xfrm_replay_legacy = {
- .overflow = xfrm_replay_overflow_offload,
-};
-
-static const struct xfrm_replay xfrm_replay_bmp = {
- .overflow = xfrm_replay_overflow_offload_bmp,
-};
+int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
+{
+ switch (x->repl_mode) {
+ case XFRM_REPLAY_MODE_LEGACY:
+ break;
+ case XFRM_REPLAY_MODE_BMP:
+ return xfrm_replay_overflow_offload_bmp(x, skb);
+ case XFRM_REPLAY_MODE_ESN:
+ return xfrm_replay_overflow_offload_esn(x, skb);
+ }
-static const struct xfrm_replay xfrm_replay_esn = {
- .overflow = xfrm_replay_overflow_offload_esn,
-};
+ return xfrm_replay_overflow_offload(x, skb);
+}
#else
-static const struct xfrm_replay xfrm_replay_legacy = {
- .overflow = xfrm_replay_overflow,
-};
-
-static const struct xfrm_replay xfrm_replay_bmp = {
- .overflow = xfrm_replay_overflow_bmp,
-};
+int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
+{
+ switch (x->repl_mode) {
+ case XFRM_REPLAY_MODE_LEGACY:
+ break;
+ case XFRM_REPLAY_MODE_BMP:
+ return xfrm_replay_overflow_bmp(x, skb);
+ case XFRM_REPLAY_MODE_ESN:
+ return xfrm_replay_overflow_esn(x, skb);
+ }
-static const struct xfrm_replay xfrm_replay_esn = {
- .overflow = xfrm_replay_overflow_esn,
-};
+ return __xfrm_replay_overflow(x, skb);
+}
#endif
int xfrm_init_replay(struct xfrm_state *x)
@@ -756,14 +760,11 @@ int xfrm_init_replay(struct xfrm_state *x)
if (x->props.flags & XFRM_STATE_ESN) {
if (replay_esn->replay_window == 0)
return -EINVAL;
- x->repl = &xfrm_replay_esn;
x->repl_mode = XFRM_REPLAY_MODE_ESN;
} else {
- x->repl = &xfrm_replay_bmp;
x->repl_mode = XFRM_REPLAY_MODE_BMP;
}
} else {
- x->repl = &xfrm_replay_legacy;
x->repl_mode = XFRM_REPLAY_MODE_LEGACY;
}
--
2.26.2
prev parent reply other threads:[~2020-06-24 8:08 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-24 8:07 [PATCH ipsec-next v2 0/6] xfrm: remove xfrm replay indirections Florian Westphal
2020-06-24 8:07 ` [PATCH ipsec-next v2 1/6] xfrm: replay: avoid xfrm replay notify indirection Florian Westphal
2020-06-24 8:08 ` [PATCH ipsec-next v2 2/6] xfrm: replay: get rid of duplicated notification code Florian Westphal
2020-06-25 7:07 ` Sabrina Dubroca
2020-06-25 10:09 ` Florian Westphal
2020-06-24 8:08 ` [PATCH ipsec-next v2 3/6] xfrm: replay: remove advance indirection Florian Westphal
2020-06-24 8:08 ` [PATCH ipsec-next v2 4/6] xfrm: replay: remove recheck indirection Florian Westphal
2020-06-24 8:08 ` [PATCH ipsec-next v2 5/6] xfrm: replay: avoid replay indirection Florian Westphal
2020-06-24 8:08 ` Florian Westphal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200624080804.7480-7-fw@strlen.de \
--to=fw@strlen.de \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.