From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
To: davem@davemloft.net
Cc: yoshfuji@linux-ipv6.org, anttit@tcs.hut.fi, vnuorval@tcs.hut.fi,
netdev@vger.kernel.org, usagi-core@linux-ipv6.org,
Masahide NAKAMURA <nakam@linux-ipv6.org>
Subject: [PATCH 41/44] [XFRM]: Add sorting interface for state and template.
Date: Thu, 24 Aug 2006 00:02:42 +0900 [thread overview]
Message-ID: <11563453674024-git-send-email-yoshfuji@linux-ipv6.org> (raw)
In-Reply-To: <11563453671273-git-send-email-yoshfuji@linux-ipv6.org>
From: Masahide NAKAMURA <nakam@linux-ipv6.org>
Under two transformation policies it is required to merge them.
This is a platform to sort state for outbound and templates
for inbound respectively.
It will be used when Mobile IPv6 and IPsec are used at the same time.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
---
include/net/xfrm.h | 20 ++++++++++++++++++++
net/xfrm/xfrm_policy.c | 16 ++++++++++++++--
net/xfrm/xfrm_state.c | 38 ++++++++++++++++++++++++++++++++++++++
3 files changed, 72 insertions(+), 2 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 5bd6beb..aab31a2 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -255,6 +255,8 @@ struct xfrm_state_afinfo {
struct xfrm_state *(*find_acq)(u8 mode, u32 reqid, u8 proto,
xfrm_address_t *daddr, xfrm_address_t *saddr,
int create);
+ int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
+ int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
};
extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
@@ -1002,6 +1004,24 @@ extern int xfrm_state_add(struct xfrm_st
extern int xfrm_state_update(struct xfrm_state *x);
extern struct xfrm_state *xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto, unsigned short family);
extern struct xfrm_state *xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family);
+#ifdef CONFIG_XFRM_SUB_POLICY
+extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
+ int n, unsigned short family);
+extern int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src,
+ int n, unsigned short family);
+#else
+static inline int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
+ int n, unsigned short family)
+{
+ return -ENOSYS;
+}
+
+static inline int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src,
+ int n, unsigned short family)
+{
+ return -ENOSYS;
+}
+#endif
extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq);
extern int xfrm_state_delete(struct xfrm_state *x);
extern void xfrm_state_flush(u8 proto);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 65e84b1..a1be1b5 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -861,6 +861,8 @@ xfrm_tmpl_resolve(struct xfrm_policy **p
struct xfrm_state **xfrm,
unsigned short family)
{
+ struct xfrm_state *tp[XFRM_MAX_DEPTH];
+ struct xfrm_state **tpp = (npols > 1) ? tp : xfrm;
int cnx = 0;
int error;
int ret;
@@ -871,7 +873,8 @@ xfrm_tmpl_resolve(struct xfrm_policy **p
error = -ENOBUFS;
goto fail;
}
- ret = xfrm_tmpl_resolve_one(pols[i], fl, &xfrm[cnx], family);
+
+ ret = xfrm_tmpl_resolve_one(pols[i], fl, &tpp[cnx], family);
if (ret < 0) {
error = ret;
goto fail;
@@ -879,11 +882,15 @@ xfrm_tmpl_resolve(struct xfrm_policy **p
cnx += ret;
}
+ /* found states are sorted for outbound processing */
+ if (npols > 1)
+ xfrm_state_sort(xfrm, tpp, cnx, family);
+
return cnx;
fail:
for (cnx--; cnx>=0; cnx--)
- xfrm_state_put(xfrm[cnx]);
+ xfrm_state_put(tpp[cnx]);
return error;
}
@@ -1280,6 +1287,7 @@ #endif
struct sec_path *sp;
static struct sec_path dummy;
struct xfrm_tmpl *tp[XFRM_MAX_DEPTH];
+ struct xfrm_tmpl *stp[XFRM_MAX_DEPTH];
struct xfrm_tmpl **tpp = tp;
int ti = 0;
int i, k;
@@ -1297,6 +1305,10 @@ #endif
tpp[ti++] = &pols[pi]->xfrm_vec[i];
}
xfrm_nr = ti;
+ if (npols > 1) {
+ xfrm_tmpl_sort(stp, tpp, xfrm_nr, family);
+ tpp = stp;
+ }
/* For each tunnel xfrm, find the first matching tmpl.
* For each tmpl before that, find corresponding xfrm.
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index a26ef69..622e92a 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -728,6 +728,44 @@ xfrm_find_acq(u8 mode, u32 reqid, u8 pro
}
EXPORT_SYMBOL(xfrm_find_acq);
+#ifdef CONFIG_XFRM_SUB_POLICY
+int
+xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
+ unsigned short family)
+{
+ int err = 0;
+ struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
+ if (!afinfo)
+ return -EAFNOSUPPORT;
+
+ spin_lock_bh(&xfrm_state_lock);
+ if (afinfo->tmpl_sort)
+ err = afinfo->tmpl_sort(dst, src, n);
+ spin_unlock_bh(&xfrm_state_lock);
+ xfrm_state_put_afinfo(afinfo);
+ return err;
+}
+EXPORT_SYMBOL(xfrm_tmpl_sort);
+
+int
+xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
+ unsigned short family)
+{
+ int err = 0;
+ struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
+ if (!afinfo)
+ return -EAFNOSUPPORT;
+
+ spin_lock_bh(&xfrm_state_lock);
+ if (afinfo->state_sort)
+ err = afinfo->state_sort(dst, src, n);
+ spin_unlock_bh(&xfrm_state_lock);
+ xfrm_state_put_afinfo(afinfo);
+ return err;
+}
+EXPORT_SYMBOL(xfrm_state_sort);
+#endif
+
/* Silly enough, but I'm lazy to build resolution list */
static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
--
1.4.0
next prev parent reply other threads:[~2006-08-23 15:02 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-23 15:02 [PATCH 0/44] Mobile IPv6 Platform, Take 2 (for net-2.6.19) YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 1/44] [XFRM]: Add XFRM_MODE_xxx for future use YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 2/44] [XFRM]: Introduce a helper to compare id protocol YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 3/44] [XFRM] STATE: Allow non IPsec protocol YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 4/44] [XFRM]: Expand XFRM_MAX_DEPTH for route optimization YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 5/44] [XFRM] STATE: Add source address list YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 6/44] [XFRM] STATE: Search by address using " YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 7/44] [XFRM] STATE: Add a hook to find offset to be inserted header in outbound YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 8/44] [XFRM] STATE: Introduce route optimization mode YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 9/44] [XFRM]: Restrict authentication algorithm only when inbound transformation protocol is IPsec YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 10/44] [XFRM] STATE: Common receive function for route optimization extension headers YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 11/44] [XFRM]: Rename secpath_has_tunnel to secpath_has_nontransport YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 12/44] [XFRM] STATE: Add a hook to obtain local/remote outbound address YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 13/44] [XFRM] STATE: Support non-fragment outbound transformation headers YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 14/44] [XFRM] STATE: Introduce care-of address YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 15/44] [XFRM] IPV6: Update outbound state timestamp for each sending YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 16/44] [XFRM] IPV6: Restrict bundle reusing YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 17/44] [XFRM]: Fix message about transformation user interface YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 18/44] [IPV6]: Add Kconfig to enable Mobile IPv6 YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 19/44] [IPV6] MIP6: Add routing header type 2 definition YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 20/44] [IPV6] MIP6: Add inbound interface of routing header type 2 YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 21/44] [IPV6] MIP6: Add socket option and ancillary data " YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 22/44] [IPV6]: Find option offset by type YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 23/44] [IPV6]: Allow to replace skbuff by TLV parser YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 24/44] [IPV6] MIP6: Add home address option definition YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 25/44] [IPV6] MIP6: Add inbound interface of home address option YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 26/44] [IPV6] MIP6: Revert address to send ICMPv6 error YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 27/44] [IPV6] IPSEC: Support sending with Mobile IPv6 extension headers YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 28/44] [IPV6] MIP6: Add routing header type 2 transformation YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 29/44] [IPV6] MIP6: Add destination options header transformation YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 30/44] [XFRM] STATE: Add Mobile IPv6 route optimization protocols to netlink interface YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 31/44] [IPV6] MIP6: Add Mobility header definition YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 32/44] [IPV6] MIP6: Add receiving mobility header functions through raw socket YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 33/44] [IPV6] MIP6: Add sending " YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 34/44] [IPV6] MIP6: Transformation support mobility header YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 35/44] [XFRM]: Trace which secpath state is reject factor YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 36/44] [XFRM]: Introduce XFRM_MSG_REPORT YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 37/44] [IPV6] MIP6: Report to user-space when home address option is rejected YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 38/44] [IPV6] MIP6: Ignore to report if mobility headers " YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 39/44] [XFRM] POLICY: Add Kconfig to support sub policy YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 40/44] [XFRM] POLICY: sub policy support YOSHIFUJI Hideaki
2006-08-23 15:02 ` YOSHIFUJI Hideaki [this message]
2006-08-23 15:02 ` [PATCH 42/44] [XFRM] POLICY: Support netlink socket interface for sub policy YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 43/44] [XFRM] IPV6: Add sort functions to combine templates/states for IPsec YOSHIFUJI Hideaki
2006-08-23 15:02 ` [PATCH 44/44] [XFRM] IPV6: Support Mobile IPv6 extension headers sorting YOSHIFUJI Hideaki
2006-08-24 5:57 ` David Miller
2006-08-24 6:04 ` YOSHIFUJI Hideaki / 吉藤英明
2006-08-24 6:54 ` David Miller
2006-08-24 7:05 ` Masahide NAKAMURA
2006-08-24 11:58 ` David Miller
2006-08-25 0:56 ` Masahide NAKAMURA
2006-08-25 10:06 ` Masahide NAKAMURA
2006-08-25 10:16 ` David Miller
2006-08-25 14:29 ` Masahide NAKAMURA
2006-08-25 22:47 ` David Miller
2006-08-31 12:00 ` [PATCH] [XFRM] STATE: Fix flusing with hash mask Masahide NAKAMURA
2006-08-31 22:15 ` David Miller
2006-09-01 1:20 ` Masahide NAKAMURA
2010-12-08 7:31 ` [PATCH 44/44] [XFRM] IPV6: Support Mobile IPv6 extension headers sorting wisalsami
2006-08-24 5:51 ` [PATCH 43/44] [XFRM] IPV6: Add sort functions to combine templates/states for IPsec David Miller
2006-08-24 5:49 ` [PATCH 42/44] [XFRM] POLICY: Support netlink socket interface for sub policy David Miller
2006-08-24 5:48 ` [PATCH 41/44] [XFRM]: Add sorting interface for state and template David Miller
2006-08-24 5:48 ` [PATCH 40/44] [XFRM] POLICY: sub policy support David Miller
2006-08-25 1:45 ` Herbert Xu
2006-08-24 5:41 ` [PATCH 39/44] [XFRM] POLICY: Add Kconfig to support sub policy David Miller
2006-08-24 3:48 ` [PATCH 38/44] [IPV6] MIP6: Ignore to report if mobility headers is rejected David Miller
2006-08-24 3:46 ` [PATCH 37/44] [IPV6] MIP6: Report to user-space when home address option " David Miller
2006-08-24 3:43 ` [PATCH 36/44] [XFRM]: Introduce XFRM_MSG_REPORT David Miller
2006-08-24 6:48 ` Masahide NAKAMURA
2006-08-24 6:53 ` David Miller
2006-08-24 3:41 ` [PATCH 35/44] [XFRM]: Trace which secpath state is reject factor David Miller
2006-08-24 3:39 ` [PATCH 34/44] [IPV6] MIP6: Transformation support mobility header David Miller
2006-08-24 3:37 ` [PATCH 33/44] [IPV6] MIP6: Add sending mobility header functions through raw socket David Miller
2006-08-24 3:36 ` [PATCH 32/44] [IPV6] MIP6: Add receiving " David Miller
2006-08-24 3:34 ` [PATCH 31/44] [IPV6] MIP6: Add Mobility header definition David Miller
2006-08-24 3:33 ` [PATCH 30/44] [XFRM] STATE: Add Mobile IPv6 route optimization protocols to netlink interface David Miller
2006-08-24 3:32 ` [PATCH 29/44] [IPV6] MIP6: Add destination options header transformation David Miller
2006-08-24 3:31 ` [PATCH 28/44] [IPV6] MIP6: Add routing header type 2 transformation David Miller
2006-08-23 20:36 ` [PATCH 27/44] [IPV6] IPSEC: Support sending with Mobile IPv6 extension headers YOSHIFUJI Hideaki / 吉藤英明
2006-08-24 2:31 ` David Miller
2006-08-24 2:27 ` [PATCH 26/44] [IPV6] MIP6: Revert address to send ICMPv6 error David Miller
2006-08-24 2:26 ` [PATCH 25/44] [IPV6] MIP6: Add inbound interface of home address option David Miller
2006-08-24 2:21 ` [PATCH 24/44] [IPV6] MIP6: Add home address option definition David Miller
2006-08-24 2:20 ` [PATCH 23/44] [IPV6]: Allow to replace skbuff by TLV parser David Miller
2006-08-31 12:05 ` [IPV6] MIP6: Fix to update IP6CB when cloned skbuff is received at HAO. (Re: [PATCH 23/44] [IPV6]: Allow to replace skbuff by TLV parser.) Masahide NAKAMURA
2006-08-31 22:20 ` [IPV6] MIP6: Fix to update IP6CB when cloned skbuff is received at HAO David Miller
2006-08-23 17:22 ` [PATCH 22/44] [IPV6]: Find option offset by type Brian Haley
2006-08-23 20:26 ` YOSHIFUJI Hideaki / 吉藤英明
2006-08-24 2:18 ` David Miller
2006-08-24 2:17 ` [PATCH 21/44] [IPV6] MIP6: Add socket option and ancillary data interface of routing header type 2 David Miller
2006-08-24 2:16 ` [PATCH 20/44] [IPV6] MIP6: Add inbound " David Miller
2006-08-24 2:15 ` [PATCH 19/44] [IPV6] MIP6: Add routing header type 2 definition David Miller
2006-08-24 2:14 ` [PATCH 18/44] [IPV6]: Add Kconfig to enable Mobile IPv6 David Miller
2006-08-24 2:55 ` Masahide NAKAMURA
2006-08-24 2:13 ` [PATCH 17/44] [XFRM]: Fix message about transformation user interface David Miller
2006-08-24 2:12 ` [PATCH 16/44] [XFRM] IPV6: Restrict bundle reusing David Miller
2006-08-24 2:54 ` Masahide NAKAMURA
2006-08-24 1:20 ` [PATCH 15/44] [XFRM] IPV6: Update outbound state timestamp for each sending David Miller
2006-08-24 1:19 ` [PATCH 14/44] [XFRM] STATE: Introduce care-of address David Miller
2006-08-24 1:12 ` [PATCH 13/44] [XFRM] STATE: Support non-fragment outbound transformation headers David Miller
2006-08-24 1:10 ` [PATCH 12/44] [XFRM] STATE: Add a hook to obtain local/remote outbound address David Miller
2006-08-24 1:09 ` [PATCH 11/44] [XFRM]: Rename secpath_has_tunnel to secpath_has_nontransport David Miller
2006-08-24 1:08 ` [PATCH 10/44] [XFRM] STATE: Common receive function for route optimization extension headers David Miller
2006-08-24 1:01 ` [PATCH 9/44] [XFRM]: Restrict authentication algorithm only when inbound transformation protocol is IPsec David Miller
2006-08-24 1:00 ` [PATCH 8/44] [XFRM] STATE: Introduce route optimization mode David Miller
2006-08-24 0:57 ` [PATCH 7/44] [XFRM] STATE: Add a hook to find offset to be inserted header in outbound David Miller
2006-08-24 0:56 ` [PATCH 6/44] [XFRM] STATE: Search by address using source address list David Miller
2006-08-24 0:54 ` [PATCH 5/44] [XFRM] STATE: Add " David Miller
2006-08-24 1:19 ` Masahide NAKAMURA
2006-08-24 2:08 ` David Miller
2006-08-24 0:52 ` [PATCH 4/44] [XFRM]: Expand XFRM_MAX_DEPTH for route optimization David Miller
2006-08-24 0:50 ` [PATCH 3/44] [XFRM] STATE: Allow non IPsec protocol David Miller
2006-08-24 0:48 ` [PATCH 2/44] [XFRM]: Introduce a helper to compare id protocol David Miller
2006-08-24 0:47 ` [PATCH 1/44] [XFRM]: Add XFRM_MODE_xxx for future use David Miller
2006-08-23 15:22 ` [PATCH 0/44] Mobile IPv6 Platform, Take 2 (for net-2.6.19) YOSHIFUJI Hideaki / 吉藤英明
2006-08-24 0:06 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=11563453674024-git-send-email-yoshfuji@linux-ipv6.org \
--to=yoshfuji@linux-ipv6.org \
--cc=anttit@tcs.hut.fi \
--cc=davem@davemloft.net \
--cc=nakam@linux-ipv6.org \
--cc=netdev@vger.kernel.org \
--cc=usagi-core@linux-ipv6.org \
--cc=vnuorval@tcs.hut.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).