From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
To: davem@davemloft.net
Cc: yoshfuji@linux-ipv6.org, anttit@tcs.hut.fi, vnuorval@tcs.hut.fi,
netdev@vger.kernel.org, usagi-core@linux-ipv6.org,
Masahide NAKAMURA <nakam@linux-ipv6.org>
Subject: [PATCH 10/44] [XFRM] STATE: Common receive function for route optimization extension headers.
Date: Thu, 24 Aug 2006 00:02:11 +0900 [thread overview]
Message-ID: <1156345365315-git-send-email-yoshfuji@linux-ipv6.org> (raw)
In-Reply-To: <11563453652646-git-send-email-yoshfuji@linux-ipv6.org>
From: Masahide NAKAMURA <nakam@linux-ipv6.org>
XFRM_STATE_WILDRECV flag is introduced; the last resort state is set it
and receives packet which is not route optimized but uses such extension
headers i.e. Mobile IPv6 signaling (binding update and acknowledgement).
A node enabled Mobile IPv6 adds the state.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
---
include/linux/xfrm.h | 1
include/net/xfrm.h | 2 +
net/ipv6/ipv6_syms.c | 1
net/ipv6/xfrm6_input.c | 108 ++++++++++++++++++++++++++++++++++++++++++++++++
net/xfrm/xfrm_state.c | 1
5 files changed, 113 insertions(+), 0 deletions(-)
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 66343d3..a7c9e4c 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -256,6 +256,7 @@ struct xfrm_usersa_info {
#define XFRM_STATE_NOECN 1
#define XFRM_STATE_DECAP_DSCP 2
#define XFRM_STATE_NOPMTUDISC 4
+#define XFRM_STATE_WILDRECV 8
};
struct xfrm_usersa_id {
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index a936423..6d0dafb 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -955,6 +955,8 @@ extern int xfrm4_tunnel_register(struct
extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler);
extern int xfrm6_rcv_spi(struct sk_buff *skb, u32 spi);
extern int xfrm6_rcv(struct sk_buff **pskb);
+extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
+ xfrm_address_t *saddr, u8 proto);
extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler);
extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler);
extern u32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr);
diff --git a/net/ipv6/ipv6_syms.c b/net/ipv6/ipv6_syms.c
index e1a7416..7b7b90d 100644
--- a/net/ipv6/ipv6_syms.c
+++ b/net/ipv6/ipv6_syms.c
@@ -31,6 +31,7 @@ EXPORT_SYMBOL(ipv6_chk_addr);
EXPORT_SYMBOL(in6_dev_finish_destroy);
#ifdef CONFIG_XFRM
EXPORT_SYMBOL(xfrm6_rcv);
+EXPORT_SYMBOL(xfrm6_input_addr);
EXPORT_SYMBOL(xfrm6_find_1stfragopt);
#endif
EXPORT_SYMBOL(rt6_lookup);
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c
index ee2f6b3..a40a057 100644
--- a/net/ipv6/xfrm6_input.c
+++ b/net/ipv6/xfrm6_input.c
@@ -138,3 +138,111 @@ int xfrm6_rcv(struct sk_buff **pskb)
{
return xfrm6_rcv_spi(*pskb, 0);
}
+
+int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
+ xfrm_address_t *saddr, u8 proto)
+{
+ struct xfrm_state *x = NULL;
+ int wildcard = 0;
+ struct in6_addr any;
+ xfrm_address_t *xany;
+ struct xfrm_state *xfrm_vec_one = NULL;
+ int nh = 0;
+ int i = 0;
+
+ ipv6_addr_set(&any, 0, 0, 0, 0);
+ xany = (xfrm_address_t *)&any;
+
+ for (i = 0; i < 3; i++) {
+ xfrm_address_t *dst, *src;
+ switch (i) {
+ case 0:
+ dst = daddr;
+ src = saddr;
+ break;
+ case 1:
+ /* lookup state with wild-card source address */
+ wildcard = 1;
+ dst = daddr;
+ src = xany;
+ break;
+ case 2:
+ default:
+ /* lookup state with wild-card addresses */
+ wildcard = 1; /* XXX */
+ dst = xany;
+ src = xany;
+ break;
+ }
+
+ x = xfrm_state_lookup_byaddr(dst, src, proto, AF_INET6);
+ if (!x)
+ continue;
+
+ spin_lock(&x->lock);
+
+ if (wildcard) {
+ if ((x->props.flags & XFRM_STATE_WILDRECV) == 0) {
+ spin_unlock(&x->lock);
+ xfrm_state_put(x);
+ x = NULL;
+ continue;
+ }
+ }
+
+ if (unlikely(x->km.state != XFRM_STATE_VALID)) {
+ spin_unlock(&x->lock);
+ xfrm_state_put(x);
+ x = NULL;
+ continue;
+ }
+ if (xfrm_state_check_expire(x)) {
+ spin_unlock(&x->lock);
+ xfrm_state_put(x);
+ x = NULL;
+ continue;
+ }
+
+ nh = x->type->input(x, skb);
+ if (nh <= 0) {
+ spin_unlock(&x->lock);
+ xfrm_state_put(x);
+ x = NULL;
+ continue;
+ }
+
+ x->curlft.bytes += skb->len;
+ x->curlft.packets++;
+
+ spin_unlock(&x->lock);
+
+ xfrm_vec_one = x;
+ break;
+ }
+
+ if (!xfrm_vec_one)
+ goto drop;
+
+ /* Allocate new secpath or COW existing one. */
+ if (!skb->sp || atomic_read(&skb->sp->refcnt) != 1) {
+ struct sec_path *sp;
+ sp = secpath_dup(skb->sp);
+ if (!sp)
+ goto drop;
+ if (skb->sp)
+ secpath_put(skb->sp);
+ skb->sp = sp;
+ }
+
+ if (1 + skb->sp->len > XFRM_MAX_DEPTH)
+ goto drop;
+
+ skb->sp->xvec[skb->sp->len] = xfrm_vec_one;
+ skb->sp->len ++;
+
+ return 1;
+drop:
+ if (xfrm_vec_one)
+ xfrm_state_put(xfrm_vec_one);
+ return -1;
+}
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 11f480b..f053715 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -352,6 +352,7 @@ xfrm_state_find(xfrm_address_t *daddr, x
list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
if (x->props.family == family &&
x->props.reqid == tmpl->reqid &&
+ !(x->props.flags & XFRM_STATE_WILDRECV) &&
xfrm_state_addr_check(x, daddr, saddr, family) &&
tmpl->mode == x->props.mode &&
tmpl->id.proto == x->id.proto &&
--
1.4.0
next prev parent reply other threads:[~2006-08-23 15:02 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-23 15:02 [PATCH 0/44] Mobile IPv6 Platform, Take 2 (for net-2.6.19) YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 1/44] [XFRM]: Add XFRM_MODE_xxx for future use YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 2/44] [XFRM]: Introduce a helper to compare id protocol YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 3/44] [XFRM] STATE: Allow non IPsec protocol YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 4/44] [XFRM]: Expand XFRM_MAX_DEPTH for route optimization YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 5/44] [XFRM] STATE: Add source address list YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 6/44] [XFRM] STATE: Search by address using " YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 7/44] [XFRM] STATE: Add a hook to find offset to be inserted header in outbound YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 8/44] [XFRM] STATE: Introduce route optimization mode YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 9/44] [XFRM]: Restrict authentication algorithm only when inbound transformation protocol is IPsec YOSHIFUJI Hideaki
2006-08-23 15:02 ` YOSHIFUJI Hideaki [this message]
2006-08-23 15:02 ` [PATCH 11/44] [XFRM]: Rename secpath_has_tunnel to secpath_has_nontransport YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 12/44] [XFRM] STATE: Add a hook to obtain local/remote outbound address YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 13/44] [XFRM] STATE: Support non-fragment outbound transformation headers YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 14/44] [XFRM] STATE: Introduce care-of address YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 15/44] [XFRM] IPV6: Update outbound state timestamp for each sending YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 16/44] [XFRM] IPV6: Restrict bundle reusing YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 17/44] [XFRM]: Fix message about transformation user interface YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 18/44] [IPV6]: Add Kconfig to enable Mobile IPv6 YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 19/44] [IPV6] MIP6: Add routing header type 2 definition YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 20/44] [IPV6] MIP6: Add inbound interface of routing header type 2 YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 21/44] [IPV6] MIP6: Add socket option and ancillary data " YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 22/44] [IPV6]: Find option offset by type YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 23/44] [IPV6]: Allow to replace skbuff by TLV parser YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 24/44] [IPV6] MIP6: Add home address option definition YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 25/44] [IPV6] MIP6: Add inbound interface of home address option YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 26/44] [IPV6] MIP6: Revert address to send ICMPv6 error YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 27/44] [IPV6] IPSEC: Support sending with Mobile IPv6 extension headers YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 28/44] [IPV6] MIP6: Add routing header type 2 transformation YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 29/44] [IPV6] MIP6: Add destination options header transformation YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 30/44] [XFRM] STATE: Add Mobile IPv6 route optimization protocols to netlink interface YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 31/44] [IPV6] MIP6: Add Mobility header definition YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 32/44] [IPV6] MIP6: Add receiving mobility header functions through raw socket YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 33/44] [IPV6] MIP6: Add sending " YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 34/44] [IPV6] MIP6: Transformation support mobility header YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 35/44] [XFRM]: Trace which secpath state is reject factor YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 36/44] [XFRM]: Introduce XFRM_MSG_REPORT YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 37/44] [IPV6] MIP6: Report to user-space when home address option is rejected YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 38/44] [IPV6] MIP6: Ignore to report if mobility headers " YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 39/44] [XFRM] POLICY: Add Kconfig to support sub policy YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 40/44] [XFRM] POLICY: sub policy support YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 41/44] [XFRM]: Add sorting interface for state and template YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 42/44] [XFRM] POLICY: Support netlink socket interface for sub policy YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 43/44] [XFRM] IPV6: Add sort functions to combine templates/states for IPsec YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 44/44] [XFRM] IPV6: Support Mobile IPv6 extension headers sorting YOSHIFUJI Hideaki
2006-08-24 5:57 ` David Miller
2006-08-24 6:04 ` YOSHIFUJI Hideaki / 吉藤英明
2006-08-24 6:54 ` David Miller
2006-08-24 7:05 ` Masahide NAKAMURA
2006-08-24 11:58 ` David Miller
2006-08-25 0:56 ` Masahide NAKAMURA
2006-08-25 10:06 ` Masahide NAKAMURA
2006-08-25 10:16 ` David Miller
2006-08-25 14:29 ` Masahide NAKAMURA
2006-08-25 22:47 ` David Miller
2006-08-31 12:00 ` [PATCH] [XFRM] STATE: Fix flusing with hash mask Masahide NAKAMURA
2006-08-31 22:15 ` David Miller
2006-09-01 1:20 ` Masahide NAKAMURA
2010-12-08 7:31 ` [PATCH 44/44] [XFRM] IPV6: Support Mobile IPv6 extension headers sorting wisalsami
2006-08-24 5:51 ` [PATCH 43/44] [XFRM] IPV6: Add sort functions to combine templates/states for IPsec David Miller
2006-08-24 5:49 ` [PATCH 42/44] [XFRM] POLICY: Support netlink socket interface for sub policy David Miller
2006-08-24 5:48 ` [PATCH 41/44] [XFRM]: Add sorting interface for state and template David Miller
2006-08-24 5:48 ` [PATCH 40/44] [XFRM] POLICY: sub policy support David Miller
2006-08-25 1:45 ` Herbert Xu
2006-08-24 5:41 ` [PATCH 39/44] [XFRM] POLICY: Add Kconfig to support sub policy David Miller
2006-08-24 3:48 ` [PATCH 38/44] [IPV6] MIP6: Ignore to report if mobility headers is rejected David Miller
2006-08-24 3:46 ` [PATCH 37/44] [IPV6] MIP6: Report to user-space when home address option " David Miller
2006-08-24 3:43 ` [PATCH 36/44] [XFRM]: Introduce XFRM_MSG_REPORT David Miller
2006-08-24 6:48 ` Masahide NAKAMURA
2006-08-24 6:53 ` David Miller
2006-08-24 3:41 ` [PATCH 35/44] [XFRM]: Trace which secpath state is reject factor David Miller
2006-08-24 3:39 ` [PATCH 34/44] [IPV6] MIP6: Transformation support mobility header David Miller
2006-08-24 3:37 ` [PATCH 33/44] [IPV6] MIP6: Add sending mobility header functions through raw socket David Miller
2006-08-24 3:36 ` [PATCH 32/44] [IPV6] MIP6: Add receiving " David Miller
2006-08-24 3:34 ` [PATCH 31/44] [IPV6] MIP6: Add Mobility header definition David Miller
2006-08-24 3:33 ` [PATCH 30/44] [XFRM] STATE: Add Mobile IPv6 route optimization protocols to netlink interface David Miller
2006-08-24 3:32 ` [PATCH 29/44] [IPV6] MIP6: Add destination options header transformation David Miller
2006-08-24 3:31 ` [PATCH 28/44] [IPV6] MIP6: Add routing header type 2 transformation David Miller
2006-08-23 20:36 ` [PATCH 27/44] [IPV6] IPSEC: Support sending with Mobile IPv6 extension headers YOSHIFUJI Hideaki / 吉藤英明
2006-08-24 2:31 ` David Miller
2006-08-24 2:27 ` [PATCH 26/44] [IPV6] MIP6: Revert address to send ICMPv6 error David Miller
2006-08-24 2:26 ` [PATCH 25/44] [IPV6] MIP6: Add inbound interface of home address option David Miller
2006-08-24 2:21 ` [PATCH 24/44] [IPV6] MIP6: Add home address option definition David Miller
2006-08-24 2:20 ` [PATCH 23/44] [IPV6]: Allow to replace skbuff by TLV parser David Miller
2006-08-31 12:05 ` [IPV6] MIP6: Fix to update IP6CB when cloned skbuff is received at HAO. (Re: [PATCH 23/44] [IPV6]: Allow to replace skbuff by TLV parser.) Masahide NAKAMURA
2006-08-31 22:20 ` [IPV6] MIP6: Fix to update IP6CB when cloned skbuff is received at HAO David Miller
2006-08-23 17:22 ` [PATCH 22/44] [IPV6]: Find option offset by type Brian Haley
2006-08-23 20:26 ` YOSHIFUJI Hideaki / 吉藤英明
2006-08-24 2:18 ` David Miller
2006-08-24 2:17 ` [PATCH 21/44] [IPV6] MIP6: Add socket option and ancillary data interface of routing header type 2 David Miller
2006-08-24 2:16 ` [PATCH 20/44] [IPV6] MIP6: Add inbound " David Miller
2006-08-24 2:15 ` [PATCH 19/44] [IPV6] MIP6: Add routing header type 2 definition David Miller
2006-08-24 2:14 ` [PATCH 18/44] [IPV6]: Add Kconfig to enable Mobile IPv6 David Miller
2006-08-24 2:55 ` Masahide NAKAMURA
2006-08-24 2:13 ` [PATCH 17/44] [XFRM]: Fix message about transformation user interface David Miller
2006-08-24 2:12 ` [PATCH 16/44] [XFRM] IPV6: Restrict bundle reusing David Miller
2006-08-24 2:54 ` Masahide NAKAMURA
2006-08-24 1:20 ` [PATCH 15/44] [XFRM] IPV6: Update outbound state timestamp for each sending David Miller
2006-08-24 1:19 ` [PATCH 14/44] [XFRM] STATE: Introduce care-of address David Miller
2006-08-24 1:12 ` [PATCH 13/44] [XFRM] STATE: Support non-fragment outbound transformation headers David Miller
2006-08-24 1:10 ` [PATCH 12/44] [XFRM] STATE: Add a hook to obtain local/remote outbound address David Miller
2006-08-24 1:09 ` [PATCH 11/44] [XFRM]: Rename secpath_has_tunnel to secpath_has_nontransport David Miller
2006-08-24 1:08 ` [PATCH 10/44] [XFRM] STATE: Common receive function for route optimization extension headers David Miller
2006-08-24 1:01 ` [PATCH 9/44] [XFRM]: Restrict authentication algorithm only when inbound transformation protocol is IPsec David Miller
2006-08-24 1:00 ` [PATCH 8/44] [XFRM] STATE: Introduce route optimization mode David Miller
2006-08-24 0:57 ` [PATCH 7/44] [XFRM] STATE: Add a hook to find offset to be inserted header in outbound David Miller
2006-08-24 0:56 ` [PATCH 6/44] [XFRM] STATE: Search by address using source address list David Miller
2006-08-24 0:54 ` [PATCH 5/44] [XFRM] STATE: Add " David Miller
2006-08-24 1:19 ` Masahide NAKAMURA
2006-08-24 2:08 ` David Miller
2006-08-24 0:52 ` [PATCH 4/44] [XFRM]: Expand XFRM_MAX_DEPTH for route optimization David Miller
2006-08-24 0:50 ` [PATCH 3/44] [XFRM] STATE: Allow non IPsec protocol David Miller
2006-08-24 0:48 ` [PATCH 2/44] [XFRM]: Introduce a helper to compare id protocol David Miller
2006-08-24 0:47 ` [PATCH 1/44] [XFRM]: Add XFRM_MODE_xxx for future use David Miller
2006-08-23 15:22 ` [PATCH 0/44] Mobile IPv6 Platform, Take 2 (for net-2.6.19) YOSHIFUJI Hideaki / 吉藤英明
2006-08-24 0:06 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1156345365315-git-send-email-yoshfuji@linux-ipv6.org \
--to=yoshfuji@linux-ipv6.org \
--cc=anttit@tcs.hut.fi \
--cc=davem@davemloft.net \
--cc=nakam@linux-ipv6.org \
--cc=netdev@vger.kernel.org \
--cc=usagi-core@linux-ipv6.org \
--cc=vnuorval@tcs.hut.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).