[IPSEC]: searching SAD without assumming L3 details

[jamal <hadi@cyberus.ca>]

[-- Attachment #1: Type: text/plain, Size: 85 bytes --]

Against net-2.6.19

signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>

cheers,
jamal

[-- Attachment #2: sad-nl3p --]
[-- Type: text/plain, Size: 2438 bytes --]

Allow for searching the SAD from external data path points without
assumming L3 details. The only customer of this exposure currently
is pktgen.

---
commit 33d3060784e6aa55e30ae7d5efc491180e7f955d
tree 707017ff673d1161f46d69fd818035b6bc50bbdb
parent 0169ac1c2a64f04deeff3dae704f34e22ae59cb7
author Jamal Hadi Salim <hadi@cyberus.ca> Sat, 02 Sep 2006 09:38:12 -0400
committer Jamal Hadi Salim <hadi@jzny2.(none)> Sat, 02 Sep 2006 09:38:12 -0400

 include/net/xfrm.h    |    4 ++++
 net/xfrm/xfrm_state.c |   33 +++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 0 deletions(-)

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index bf8e2df..7b0ea47 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -895,6 +895,10 @@ extern struct xfrm_state *xfrm_state_fin
 					  struct flowi *fl, struct xfrm_tmpl *tmpl,
 					  struct xfrm_policy *pol, int *err,
 					  unsigned short family);
+extern struct xfrm_state * xfrm_stateonly_find(xfrm_address_t *daddr, 
+				 	 xfrm_address_t *saddr, 
+					 unsigned short family, 
+					 u32 reqid, u8 mode, u8 proto);
 extern int xfrm_state_check_expire(struct xfrm_state *x);
 extern void xfrm_state_insert(struct xfrm_state *x);
 extern int xfrm_state_add(struct xfrm_state *x);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 9f63edd..2bfc04e 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -501,6 +501,39 @@ __xfrm_state_locate(struct xfrm_state *x
 }
 
 struct xfrm_state *
+xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 
+		unsigned short family, u32 reqid, u8 mode, u8 proto)
+{
+	unsigned int h = xfrm_dst_hash(daddr, saddr, 0, family);
+	struct xfrm_state *rx = NULL, *x = NULL;
+	struct hlist_node *entry;
+	
+	spin_lock(&xfrm_state_lock);
+	hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
+		if (x->props.family == family &&
+		    x->props.reqid == reqid && 
+		    xfrm_state_addr_check(x, daddr, saddr, family) &&
+		    mode == x->props.mode &&
+		    proto == x->id.proto)  { 
+
+			if (x->km.state != XFRM_STATE_VALID) 
+					continue;
+			else {
+				rx = x;
+				break; 
+			}
+		}
+	}
+	spin_unlock(&xfrm_state_lock);
+
+	if (rx)
+		xfrm_state_hold(rx);
+
+	return rx;
+}
+EXPORT_SYMBOL(xfrm_stateonly_find);
+
+struct xfrm_state *
 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 
 		struct flowi *fl, struct xfrm_tmpl *tmpl,
 		struct xfrm_policy *pol, int *err,