From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
To: davem@davemloft.net
Cc: yoshfuji@linux-ipv6.org, anttit@tcs.hut.fi, vnuorval@tcs.hut.fi,
netdev@vger.kernel.org, usagi-core@linux-ipv6.org,
Masahide NAKAMURA <nakam@linux-ipv6.org>
Subject: [PATCH 5/44] [XFRM] STATE: Add source address list.
Date: Thu, 24 Aug 2006 00:02:06 +0900 [thread overview]
Message-ID: <11563453653575-git-send-email-yoshfuji@linux-ipv6.org> (raw)
In-Reply-To: <11563453653851-git-send-email-yoshfuji@linux-ipv6.org>
From: Masahide NAKAMURA <nakam@linux-ipv6.org>
Support source address based searching.
Mobile IPv6 will use it.
Based on MIPL2 kernel patch.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
---
include/net/xfrm.h | 26 ++++++++++++++++++++++++++
net/ipv4/xfrm4_state.c | 3 +++
net/ipv6/xfrm6_state.c | 3 +++
net/xfrm/xfrm_state.c | 21 +++++++++++++++++++--
4 files changed, 51 insertions(+), 2 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index c36d603..4933f46 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -96,6 +96,7 @@ struct xfrm_state
{
/* Note: bydst is re-used during gc */
struct list_head bydst;
+ struct list_head bysrc;
struct list_head byspi;
atomic_t refcnt;
@@ -237,6 +238,7 @@ extern int __xfrm_state_delete(struct xf
struct xfrm_state_afinfo {
unsigned short family;
struct list_head *state_bydst;
+ struct list_head *state_bysrc;
struct list_head *state_byspi;
int (*init_flags)(struct xfrm_state *x);
void (*init_tempsel)(struct xfrm_state *x, struct flowi *fl,
@@ -422,6 +424,30 @@ unsigned xfrm_dst_hash(xfrm_address_t *a
}
static __inline__
+unsigned __xfrm4_src_hash(xfrm_address_t *addr)
+{
+ return __xfrm4_dst_hash(addr);
+}
+
+static __inline__
+unsigned __xfrm6_src_hash(xfrm_address_t *addr)
+{
+ return __xfrm6_dst_hash(addr);
+}
+
+static __inline__
+unsigned xfrm_src_hash(xfrm_address_t *addr, unsigned short family)
+{
+ switch (family) {
+ case AF_INET:
+ return __xfrm4_src_hash(addr);
+ case AF_INET6:
+ return __xfrm6_src_hash(addr);
+ }
+ return 0;
+}
+
+static __inline__
unsigned __xfrm4_spi_hash(xfrm_address_t *addr, u32 spi, u8 proto)
{
unsigned h;
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c
index 97b0c75..c56b258 100644
--- a/net/ipv4/xfrm4_state.c
+++ b/net/ipv4/xfrm4_state.c
@@ -122,6 +122,9 @@ __xfrm4_find_acq(u8 mode, u32 reqid, u8
add_timer(&x0->timer);
xfrm_state_hold(x0);
list_add_tail(&x0->bydst, xfrm4_state_afinfo.state_bydst+h);
+ h = __xfrm4_src_hash(saddr);
+ xfrm_state_hold(x0);
+ list_add_tail(&x0->bysrc, xfrm4_state_afinfo.state_bysrc+h);
wake_up(&km_waitq);
}
if (x0)
diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index a1a1f54..2fb0785 100644
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -126,6 +126,9 @@ __xfrm6_find_acq(u8 mode, u32 reqid, u8
add_timer(&x0->timer);
xfrm_state_hold(x0);
list_add_tail(&x0->bydst, xfrm6_state_afinfo.state_bydst+h);
+ h = __xfrm6_src_hash(saddr);
+ xfrm_state_hold(x0);
+ list_add_tail(&x0->bysrc, xfrm6_state_afinfo.state_bysrc+h);
wake_up(&km_waitq);
}
if (x0)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 34c038c..2a99928 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -45,6 +45,7 @@ static DEFINE_SPINLOCK(xfrm_state_lock);
* Also, it can be used by ah/esp icmp error handler to find offending SA.
*/
static struct list_head xfrm_state_bydst[XFRM_DST_HSIZE];
+static struct list_head xfrm_state_bysrc[XFRM_DST_HSIZE];
static struct list_head xfrm_state_byspi[XFRM_DST_HSIZE];
DECLARE_WAIT_QUEUE_HEAD(km_waitq);
@@ -200,6 +201,7 @@ struct xfrm_state *xfrm_state_alloc(void
atomic_set(&x->refcnt, 1);
atomic_set(&x->tunnel_users, 0);
INIT_LIST_HEAD(&x->bydst);
+ INIT_LIST_HEAD(&x->bysrc);
INIT_LIST_HEAD(&x->byspi);
init_timer(&x->timer);
x->timer.function = xfrm_timer_handler;
@@ -240,6 +242,8 @@ int __xfrm_state_delete(struct xfrm_stat
spin_lock(&xfrm_state_lock);
list_del(&x->bydst);
__xfrm_state_put(x);
+ list_del(&x->bysrc);
+ __xfrm_state_put(x);
if (x->id.spi) {
list_del(&x->byspi);
__xfrm_state_put(x);
@@ -415,6 +419,8 @@ xfrm_state_find(xfrm_address_t *daddr, x
x->km.state = XFRM_STATE_ACQ;
list_add_tail(&x->bydst, xfrm_state_bydst+h);
xfrm_state_hold(x);
+ list_add_tail(&x->bysrc, xfrm_state_bysrc+h);
+ xfrm_state_hold(x);
if (x->id.spi) {
h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
list_add(&x->byspi, xfrm_state_byspi+h);
@@ -448,11 +454,19 @@ static void __xfrm_state_insert(struct x
list_add(&x->bydst, xfrm_state_bydst+h);
xfrm_state_hold(x);
- h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
+ h = xfrm_src_hash(&x->props.saddr, x->props.family);
- list_add(&x->byspi, xfrm_state_byspi+h);
+ list_add(&x->bysrc, xfrm_state_bysrc+h);
xfrm_state_hold(x);
+ if (xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY)) {
+ h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
+ x->props.family);
+
+ list_add(&x->byspi, xfrm_state_byspi+h);
+ xfrm_state_hold(x);
+ }
+
if (!mod_timer(&x->timer, jiffies + HZ))
xfrm_state_hold(x);
@@ -1075,6 +1089,7 @@ int xfrm_state_register_afinfo(struct xf
err = -ENOBUFS;
else {
afinfo->state_bydst = xfrm_state_bydst;
+ afinfo->state_bysrc = xfrm_state_bysrc;
afinfo->state_byspi = xfrm_state_byspi;
xfrm_state_afinfo[afinfo->family] = afinfo;
}
@@ -1097,6 +1112,7 @@ int xfrm_state_unregister_afinfo(struct
else {
xfrm_state_afinfo[afinfo->family] = NULL;
afinfo->state_byspi = NULL;
+ afinfo->state_bysrc = NULL;
afinfo->state_bydst = NULL;
}
}
@@ -1218,6 +1234,7 @@ void __init xfrm_state_init(void)
for (i=0; i<XFRM_DST_HSIZE; i++) {
INIT_LIST_HEAD(&xfrm_state_bydst[i]);
+ INIT_LIST_HEAD(&xfrm_state_bysrc[i]);
INIT_LIST_HEAD(&xfrm_state_byspi[i]);
}
INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL);
--
1.4.0
next prev parent reply other threads:[~2006-08-23 15:02 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-23 15:02 [PATCH 0/44] Mobile IPv6 Platform, Take 2 (for net-2.6.19) YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 1/44] [XFRM]: Add XFRM_MODE_xxx for future use YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 2/44] [XFRM]: Introduce a helper to compare id protocol YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 3/44] [XFRM] STATE: Allow non IPsec protocol YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 4/44] [XFRM]: Expand XFRM_MAX_DEPTH for route optimization YOSHIFUJI Hideaki
2006-08-23 15:02 ` YOSHIFUJI Hideaki [this message]
2006-08-23 15:02 ` [PATCH 6/44] [XFRM] STATE: Search by address using source address list YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 7/44] [XFRM] STATE: Add a hook to find offset to be inserted header in outbound YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 8/44] [XFRM] STATE: Introduce route optimization mode YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 9/44] [XFRM]: Restrict authentication algorithm only when inbound transformation protocol is IPsec YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 10/44] [XFRM] STATE: Common receive function for route optimization extension headers YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 11/44] [XFRM]: Rename secpath_has_tunnel to secpath_has_nontransport YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 12/44] [XFRM] STATE: Add a hook to obtain local/remote outbound address YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 13/44] [XFRM] STATE: Support non-fragment outbound transformation headers YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 14/44] [XFRM] STATE: Introduce care-of address YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 15/44] [XFRM] IPV6: Update outbound state timestamp for each sending YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 16/44] [XFRM] IPV6: Restrict bundle reusing YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 17/44] [XFRM]: Fix message about transformation user interface YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 18/44] [IPV6]: Add Kconfig to enable Mobile IPv6 YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 19/44] [IPV6] MIP6: Add routing header type 2 definition YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 20/44] [IPV6] MIP6: Add inbound interface of routing header type 2 YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 21/44] [IPV6] MIP6: Add socket option and ancillary data " YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 22/44] [IPV6]: Find option offset by type YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 23/44] [IPV6]: Allow to replace skbuff by TLV parser YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 24/44] [IPV6] MIP6: Add home address option definition YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 25/44] [IPV6] MIP6: Add inbound interface of home address option YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 26/44] [IPV6] MIP6: Revert address to send ICMPv6 error YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 27/44] [IPV6] IPSEC: Support sending with Mobile IPv6 extension headers YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 28/44] [IPV6] MIP6: Add routing header type 2 transformation YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 29/44] [IPV6] MIP6: Add destination options header transformation YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 30/44] [XFRM] STATE: Add Mobile IPv6 route optimization protocols to netlink interface YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 31/44] [IPV6] MIP6: Add Mobility header definition YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 32/44] [IPV6] MIP6: Add receiving mobility header functions through raw socket YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 33/44] [IPV6] MIP6: Add sending " YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 34/44] [IPV6] MIP6: Transformation support mobility header YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 35/44] [XFRM]: Trace which secpath state is reject factor YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 36/44] [XFRM]: Introduce XFRM_MSG_REPORT YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 37/44] [IPV6] MIP6: Report to user-space when home address option is rejected YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 38/44] [IPV6] MIP6: Ignore to report if mobility headers " YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 39/44] [XFRM] POLICY: Add Kconfig to support sub policy YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 40/44] [XFRM] POLICY: sub policy support YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 41/44] [XFRM]: Add sorting interface for state and template YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 42/44] [XFRM] POLICY: Support netlink socket interface for sub policy YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 43/44] [XFRM] IPV6: Add sort functions to combine templates/states for IPsec YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 44/44] [XFRM] IPV6: Support Mobile IPv6 extension headers sorting YOSHIFUJI Hideaki
2006-08-24 5:57 ` David Miller
2006-08-24 6:04 ` YOSHIFUJI Hideaki / 吉藤英明
2006-08-24 6:54 ` David Miller
2006-08-24 7:05 ` Masahide NAKAMURA
2006-08-24 11:58 ` David Miller
2006-08-25 0:56 ` Masahide NAKAMURA
2006-08-25 10:06 ` Masahide NAKAMURA
2006-08-25 10:16 ` David Miller
2006-08-25 14:29 ` Masahide NAKAMURA
2006-08-25 22:47 ` David Miller
2006-08-31 12:00 ` [PATCH] [XFRM] STATE: Fix flusing with hash mask Masahide NAKAMURA
2006-08-31 22:15 ` David Miller
2006-09-01 1:20 ` Masahide NAKAMURA
2010-12-08 7:31 ` [PATCH 44/44] [XFRM] IPV6: Support Mobile IPv6 extension headers sorting wisalsami
2006-08-24 5:51 ` [PATCH 43/44] [XFRM] IPV6: Add sort functions to combine templates/states for IPsec David Miller
2006-08-24 5:49 ` [PATCH 42/44] [XFRM] POLICY: Support netlink socket interface for sub policy David Miller
2006-08-24 5:48 ` [PATCH 41/44] [XFRM]: Add sorting interface for state and template David Miller
2006-08-24 5:48 ` [PATCH 40/44] [XFRM] POLICY: sub policy support David Miller
2006-08-25 1:45 ` Herbert Xu
2006-08-24 5:41 ` [PATCH 39/44] [XFRM] POLICY: Add Kconfig to support sub policy David Miller
2006-08-24 3:48 ` [PATCH 38/44] [IPV6] MIP6: Ignore to report if mobility headers is rejected David Miller
2006-08-24 3:46 ` [PATCH 37/44] [IPV6] MIP6: Report to user-space when home address option " David Miller
2006-08-24 3:43 ` [PATCH 36/44] [XFRM]: Introduce XFRM_MSG_REPORT David Miller
2006-08-24 6:48 ` Masahide NAKAMURA
2006-08-24 6:53 ` David Miller
2006-08-24 3:41 ` [PATCH 35/44] [XFRM]: Trace which secpath state is reject factor David Miller
2006-08-24 3:39 ` [PATCH 34/44] [IPV6] MIP6: Transformation support mobility header David Miller
2006-08-24 3:37 ` [PATCH 33/44] [IPV6] MIP6: Add sending mobility header functions through raw socket David Miller
2006-08-24 3:36 ` [PATCH 32/44] [IPV6] MIP6: Add receiving " David Miller
2006-08-24 3:34 ` [PATCH 31/44] [IPV6] MIP6: Add Mobility header definition David Miller
2006-08-24 3:33 ` [PATCH 30/44] [XFRM] STATE: Add Mobile IPv6 route optimization protocols to netlink interface David Miller
2006-08-24 3:32 ` [PATCH 29/44] [IPV6] MIP6: Add destination options header transformation David Miller
2006-08-24 3:31 ` [PATCH 28/44] [IPV6] MIP6: Add routing header type 2 transformation David Miller
2006-08-23 20:36 ` [PATCH 27/44] [IPV6] IPSEC: Support sending with Mobile IPv6 extension headers YOSHIFUJI Hideaki / 吉藤英明
2006-08-24 2:31 ` David Miller
2006-08-24 2:27 ` [PATCH 26/44] [IPV6] MIP6: Revert address to send ICMPv6 error David Miller
2006-08-24 2:26 ` [PATCH 25/44] [IPV6] MIP6: Add inbound interface of home address option David Miller
2006-08-24 2:21 ` [PATCH 24/44] [IPV6] MIP6: Add home address option definition David Miller
2006-08-24 2:20 ` [PATCH 23/44] [IPV6]: Allow to replace skbuff by TLV parser David Miller
2006-08-31 12:05 ` [IPV6] MIP6: Fix to update IP6CB when cloned skbuff is received at HAO. (Re: [PATCH 23/44] [IPV6]: Allow to replace skbuff by TLV parser.) Masahide NAKAMURA
2006-08-31 22:20 ` [IPV6] MIP6: Fix to update IP6CB when cloned skbuff is received at HAO David Miller
2006-08-23 17:22 ` [PATCH 22/44] [IPV6]: Find option offset by type Brian Haley
2006-08-23 20:26 ` YOSHIFUJI Hideaki / 吉藤英明
2006-08-24 2:18 ` David Miller
2006-08-24 2:17 ` [PATCH 21/44] [IPV6] MIP6: Add socket option and ancillary data interface of routing header type 2 David Miller
2006-08-24 2:16 ` [PATCH 20/44] [IPV6] MIP6: Add inbound " David Miller
2006-08-24 2:15 ` [PATCH 19/44] [IPV6] MIP6: Add routing header type 2 definition David Miller
2006-08-24 2:14 ` [PATCH 18/44] [IPV6]: Add Kconfig to enable Mobile IPv6 David Miller
2006-08-24 2:55 ` Masahide NAKAMURA
2006-08-24 2:13 ` [PATCH 17/44] [XFRM]: Fix message about transformation user interface David Miller
2006-08-24 2:12 ` [PATCH 16/44] [XFRM] IPV6: Restrict bundle reusing David Miller
2006-08-24 2:54 ` Masahide NAKAMURA
2006-08-24 1:20 ` [PATCH 15/44] [XFRM] IPV6: Update outbound state timestamp for each sending David Miller
2006-08-24 1:19 ` [PATCH 14/44] [XFRM] STATE: Introduce care-of address David Miller
2006-08-24 1:12 ` [PATCH 13/44] [XFRM] STATE: Support non-fragment outbound transformation headers David Miller
2006-08-24 1:10 ` [PATCH 12/44] [XFRM] STATE: Add a hook to obtain local/remote outbound address David Miller
2006-08-24 1:09 ` [PATCH 11/44] [XFRM]: Rename secpath_has_tunnel to secpath_has_nontransport David Miller
2006-08-24 1:08 ` [PATCH 10/44] [XFRM] STATE: Common receive function for route optimization extension headers David Miller
2006-08-24 1:01 ` [PATCH 9/44] [XFRM]: Restrict authentication algorithm only when inbound transformation protocol is IPsec David Miller
2006-08-24 1:00 ` [PATCH 8/44] [XFRM] STATE: Introduce route optimization mode David Miller
2006-08-24 0:57 ` [PATCH 7/44] [XFRM] STATE: Add a hook to find offset to be inserted header in outbound David Miller
2006-08-24 0:56 ` [PATCH 6/44] [XFRM] STATE: Search by address using source address list David Miller
2006-08-24 0:54 ` [PATCH 5/44] [XFRM] STATE: Add " David Miller
2006-08-24 1:19 ` Masahide NAKAMURA
2006-08-24 2:08 ` David Miller
2006-08-24 0:52 ` [PATCH 4/44] [XFRM]: Expand XFRM_MAX_DEPTH for route optimization David Miller
2006-08-24 0:50 ` [PATCH 3/44] [XFRM] STATE: Allow non IPsec protocol David Miller
2006-08-24 0:48 ` [PATCH 2/44] [XFRM]: Introduce a helper to compare id protocol David Miller
2006-08-24 0:47 ` [PATCH 1/44] [XFRM]: Add XFRM_MODE_xxx for future use David Miller
2006-08-23 15:22 ` [PATCH 0/44] Mobile IPv6 Platform, Take 2 (for net-2.6.19) YOSHIFUJI Hideaki / 吉藤英明
2006-08-24 0:06 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=11563453653575-git-send-email-yoshfuji@linux-ipv6.org \
--to=yoshfuji@linux-ipv6.org \
--cc=anttit@tcs.hut.fi \
--cc=davem@davemloft.net \
--cc=nakam@linux-ipv6.org \
--cc=netdev@vger.kernel.org \
--cc=usagi-core@linux-ipv6.org \
--cc=vnuorval@tcs.hut.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).