From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: steffen.klassert@secunet.com, herbert@gondor.apana.org.au,
Florian Westphal <fw@strlen.de>
Subject: [PATCH ipsec-next v3 0/3] xfrm: policy: replace session decode with flow dissector
Date: Wed, 4 Oct 2023 18:09:50 +0200 [thread overview]
Message-ID: <20231004161002.10843-1-fw@strlen.de> (raw)
Remove the ipv4+ipv6 session decode functions and use generic flow
dissector to populate the flowi for the policy lookup.
Changes since v2:
- first patch broke CONFIG_XFRM=n builds
Changes since v1:
- Can't use skb_flow_dissect(), we might see skbs that have neither
skb->sk nor skb->dev set. Flow dissector WARN()s in this case, it
tries to check for a bpf program assigned in that net namespace.
Add a preparation patch to pass down 'struct net' in
xfrm_decode_session so its available for use in patch 3.
Changes since RFC:
- Drop mobility header support. I don't think that anyone uses
this. MOBIKE doesn't appear to need this either.
- Drop fl6->flowlabel assignment, original code leaves it as 0.
There is no reason for this change other than to remove code.
Florian Westphal (3):
xfrm: pass struct net to xfrm_decode_session wrappers
xfrm: move mark and oif flowi decode into common code
xfrm: policy: replace session decode with flow dissector
include/net/xfrm.h | 12 +-
net/ipv4/icmp.c | 2 +-
net/ipv4/ip_vti.c | 4 +-
net/ipv4/netfilter.c | 2 +-
net/ipv6/icmp.c | 2 +-
net/ipv6/ip6_vti.c | 4 +-
net/ipv6/netfilter.c | 2 +-
net/netfilter/nf_nat_proto.c | 2 +-
net/xfrm/xfrm_interface_core.c | 4 +-
net/xfrm/xfrm_policy.c | 287 +++++++++++++--------------------
10 files changed, 129 insertions(+), 192 deletions(-)
--
2.41.0
next reply other threads:[~2023-10-04 16:10 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-04 16:09 Florian Westphal [this message]
2023-10-04 16:09 ` [PATCH ipsec-next v3 1/3] xfrm: pass struct net to xfrm_decode_session wrappers Florian Westphal
2023-10-05 12:05 ` Simon Horman
2023-10-04 16:09 ` [PATCH ipsec-next v3 2/3] xfrm: move mark and oif flowi decode into common code Florian Westphal
2023-10-04 16:09 ` [PATCH ipsec-next v3 3/3] xfrm: policy: replace session decode with flow dissector Florian Westphal
2023-10-10 7:51 ` [PATCH ipsec-next v3 0/3] " Steffen Klassert
2023-10-26 12:12 ` Antony Antony
2023-10-26 12:57 ` Florian Westphal
2023-10-26 14:33 ` Antony Antony
2023-10-26 14:36 ` [PATCH ipsec-next] xfrm: policy: fix layer 4 flowi decoding Florian Westphal
2023-10-26 14:38 ` Florian Westphal
2023-10-26 14:45 ` [PATCH ipsec-next v2] " Florian Westphal
2023-10-28 8:31 ` Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231004161002.10843-1-fw@strlen.de \
--to=fw@strlen.de \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.