* [PATCH 1/2] xfrm: extend MIGRATE with UDP encapsulation port
2017-06-05 21:56 [PATCH 0/2] add udp encapsulation port to xfrm_do_migrate Antony Antony
@ 2017-06-05 21:56 ` Antony Antony
2017-06-06 0:05 ` Richard Guy Briggs
2017-06-05 21:56 ` [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
` (2 subsequent siblings)
3 siblings, 1 reply; 10+ messages in thread
From: Antony Antony @ 2017-06-05 21:56 UTC (permalink / raw)
To: netdev
Cc: Antony Antony, Steffen Klassert, Herbert Xu, David S . Miller,
Richard Guy Briggs
Add UDP encapsulation port to XFRM_MSG_MIGRATE using an optional
netlink attribute XFRMA_ENCAP.
The devices that support IKE MOBIKE extension (RFC-4555 Section 3.8)
could go to sleep for a few minutes and wake up. When it wake up the
NAT mapping could have expired, the device send a MOBIKE UPDATE_SA
message to migrate the IPsec SA. The change could be a change UDP
encapsulation port, IP address, or both.
Reported-by: Paul Wouters <pwouters@redhat.com>
Signed-off-by: Antony Antony <antony@phenome.org>
---
include/net/xfrm.h | 6 ++++--
net/key/af_key.c | 2 +-
net/xfrm/xfrm_policy.c | 11 ++++-------
net/xfrm/xfrm_state.c | 18 +++++++++++++-----
net/xfrm/xfrm_user.c | 14 ++++++++++++--
5 files changed, 34 insertions(+), 17 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 7e7e2b0..df98463 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1678,10 +1678,12 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_kmaddress *k);
struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net);
struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
- struct xfrm_migrate *m);
+ struct xfrm_migrate *m,
+ struct xfrm_encap_tmpl *encap);
int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
struct xfrm_migrate *m, int num_bundles,
- struct xfrm_kmaddress *k, struct net *net);
+ struct xfrm_kmaddress *k, struct net *net,
+ struct xfrm_encap_tmpl *encap);
#endif
int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 512dc43..56df9fb 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2602,7 +2602,7 @@ static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
}
return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
- kma ? &k : NULL, net);
+ kma ? &k : NULL, net, NULL);
out:
return err;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index ed4e52d..eaecfa4 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3268,11 +3268,6 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
return -EINVAL;
for (i = 0; i < num_migrate; i++) {
- if (xfrm_addr_equal(&m[i].old_daddr, &m[i].new_daddr,
- m[i].old_family) &&
- xfrm_addr_equal(&m[i].old_saddr, &m[i].new_saddr,
- m[i].old_family))
- return -EINVAL;
if (xfrm_addr_any(&m[i].new_daddr, m[i].new_family) ||
xfrm_addr_any(&m[i].new_saddr, m[i].new_family))
return -EINVAL;
@@ -3296,7 +3291,8 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
struct xfrm_migrate *m, int num_migrate,
- struct xfrm_kmaddress *k, struct net *net)
+ struct xfrm_kmaddress *k, struct net *net,
+ struct xfrm_encap_tmpl *encap)
{
int i, err, nx_cur = 0, nx_new = 0;
struct xfrm_policy *pol = NULL;
@@ -3319,7 +3315,8 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
if ((x = xfrm_migrate_state_find(mp, net))) {
x_cur[nx_cur] = x;
nx_cur++;
- if ((xc = xfrm_state_migrate(x, mp))) {
+ xc = xfrm_state_migrate(x, mp, encap);
+ if (xc) {
x_new[nx_new] = xc;
nx_new++;
} else {
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 2e291bc..ae6206b 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1309,7 +1309,8 @@ int xfrm_state_add(struct xfrm_state *x)
EXPORT_SYMBOL(xfrm_state_add);
#ifdef CONFIG_XFRM_MIGRATE
-static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
+static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig,
+ struct xfrm_encap_tmpl *encap)
{
struct net *net = xs_net(orig);
struct xfrm_state *x = xfrm_state_alloc(net);
@@ -1351,8 +1352,14 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
}
x->props.calgo = orig->props.calgo;
- if (orig->encap) {
- x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
+ if (encap || orig->encap) {
+ if (encap)
+ x->encap = kmemdup(encap, sizeof(*x->encap),
+ GFP_KERNEL);
+ else
+ x->encap = kmemdup(orig->encap, sizeof(*x->encap),
+ GFP_KERNEL);
+
if (!x->encap)
goto error;
}
@@ -1442,11 +1449,12 @@ struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *n
EXPORT_SYMBOL(xfrm_migrate_state_find);
struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
- struct xfrm_migrate *m)
+ struct xfrm_migrate *m,
+ struct xfrm_encap_tmpl *encap)
{
struct xfrm_state *xc;
- xc = xfrm_state_clone(x);
+ xc = xfrm_state_clone(x, encap);
if (!xc)
return NULL;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 38614df..fb98892 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2243,6 +2243,7 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
int err;
int n = 0;
struct net *net = sock_net(skb->sk);
+ struct xfrm_encap_tmpl *encap = NULL;
if (attrs[XFRMA_MIGRATE] == NULL)
return -EINVAL;
@@ -2260,9 +2261,18 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
if (!n)
return 0;
- xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net);
+ if (attrs[XFRMA_ENCAP]) {
+ encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]),
+ sizeof(*encap), GFP_KERNEL);
+ if (!encap)
+ return 0;
+ }
- return 0;
+ err = xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net, encap);
+
+ kfree(encap);
+
+ return err;
}
#else
static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread* Re: [PATCH 1/2] xfrm: extend MIGRATE with UDP encapsulation port
2017-06-05 21:56 ` [PATCH 1/2] xfrm: extend MIGRATE with UDP encapsulation port Antony Antony
@ 2017-06-06 0:05 ` Richard Guy Briggs
0 siblings, 0 replies; 10+ messages in thread
From: Richard Guy Briggs @ 2017-06-06 0:05 UTC (permalink / raw)
To: Antony Antony; +Cc: netdev, Steffen Klassert, Herbert Xu, David S . Miller
On 2017-06-05 23:56, Antony Antony wrote:
> Add UDP encapsulation port to XFRM_MSG_MIGRATE using an optional
> netlink attribute XFRMA_ENCAP.
>
> The devices that support IKE MOBIKE extension (RFC-4555 Section 3.8)
> could go to sleep for a few minutes and wake up. When it wake up the
> NAT mapping could have expired, the device send a MOBIKE UPDATE_SA
> message to migrate the IPsec SA. The change could be a change UDP
> encapsulation port, IP address, or both.
>
> Reported-by: Paul Wouters <pwouters@redhat.com>
> Signed-off-by: Antony Antony <antony@phenome.org>
Looks reasonable to me.
Reviewed-by: Richard Guy Briggs <rgb@tricolour.ca>
> ---
> include/net/xfrm.h | 6 ++++--
> net/key/af_key.c | 2 +-
> net/xfrm/xfrm_policy.c | 11 ++++-------
> net/xfrm/xfrm_state.c | 18 +++++++++++++-----
> net/xfrm/xfrm_user.c | 14 ++++++++++++--
> 5 files changed, 34 insertions(+), 17 deletions(-)
>
> diff --git a/include/net/xfrm.h b/include/net/xfrm.h
> index 7e7e2b0..df98463 100644
> --- a/include/net/xfrm.h
> +++ b/include/net/xfrm.h
> @@ -1678,10 +1678,12 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> const struct xfrm_kmaddress *k);
> struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net);
> struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
> - struct xfrm_migrate *m);
> + struct xfrm_migrate *m,
> + struct xfrm_encap_tmpl *encap);
> int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> struct xfrm_migrate *m, int num_bundles,
> - struct xfrm_kmaddress *k, struct net *net);
> + struct xfrm_kmaddress *k, struct net *net,
> + struct xfrm_encap_tmpl *encap);
> #endif
>
> int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
> diff --git a/net/key/af_key.c b/net/key/af_key.c
> index 512dc43..56df9fb 100644
> --- a/net/key/af_key.c
> +++ b/net/key/af_key.c
> @@ -2602,7 +2602,7 @@ static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
> }
>
> return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
> - kma ? &k : NULL, net);
> + kma ? &k : NULL, net, NULL);
>
> out:
> return err;
> diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> index ed4e52d..eaecfa4 100644
> --- a/net/xfrm/xfrm_policy.c
> +++ b/net/xfrm/xfrm_policy.c
> @@ -3268,11 +3268,6 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
> return -EINVAL;
>
> for (i = 0; i < num_migrate; i++) {
> - if (xfrm_addr_equal(&m[i].old_daddr, &m[i].new_daddr,
> - m[i].old_family) &&
> - xfrm_addr_equal(&m[i].old_saddr, &m[i].new_saddr,
> - m[i].old_family))
> - return -EINVAL;
> if (xfrm_addr_any(&m[i].new_daddr, m[i].new_family) ||
> xfrm_addr_any(&m[i].new_saddr, m[i].new_family))
> return -EINVAL;
> @@ -3296,7 +3291,8 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
>
> int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> struct xfrm_migrate *m, int num_migrate,
> - struct xfrm_kmaddress *k, struct net *net)
> + struct xfrm_kmaddress *k, struct net *net,
> + struct xfrm_encap_tmpl *encap)
> {
> int i, err, nx_cur = 0, nx_new = 0;
> struct xfrm_policy *pol = NULL;
> @@ -3319,7 +3315,8 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> if ((x = xfrm_migrate_state_find(mp, net))) {
> x_cur[nx_cur] = x;
> nx_cur++;
> - if ((xc = xfrm_state_migrate(x, mp))) {
> + xc = xfrm_state_migrate(x, mp, encap);
> + if (xc) {
> x_new[nx_new] = xc;
> nx_new++;
> } else {
> diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> index 2e291bc..ae6206b 100644
> --- a/net/xfrm/xfrm_state.c
> +++ b/net/xfrm/xfrm_state.c
> @@ -1309,7 +1309,8 @@ int xfrm_state_add(struct xfrm_state *x)
> EXPORT_SYMBOL(xfrm_state_add);
>
> #ifdef CONFIG_XFRM_MIGRATE
> -static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
> +static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig,
> + struct xfrm_encap_tmpl *encap)
> {
> struct net *net = xs_net(orig);
> struct xfrm_state *x = xfrm_state_alloc(net);
> @@ -1351,8 +1352,14 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
> }
> x->props.calgo = orig->props.calgo;
>
> - if (orig->encap) {
> - x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
> + if (encap || orig->encap) {
> + if (encap)
> + x->encap = kmemdup(encap, sizeof(*x->encap),
> + GFP_KERNEL);
> + else
> + x->encap = kmemdup(orig->encap, sizeof(*x->encap),
> + GFP_KERNEL);
> +
> if (!x->encap)
> goto error;
> }
> @@ -1442,11 +1449,12 @@ struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *n
> EXPORT_SYMBOL(xfrm_migrate_state_find);
>
> struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
> - struct xfrm_migrate *m)
> + struct xfrm_migrate *m,
> + struct xfrm_encap_tmpl *encap)
> {
> struct xfrm_state *xc;
>
> - xc = xfrm_state_clone(x);
> + xc = xfrm_state_clone(x, encap);
> if (!xc)
> return NULL;
>
> diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
> index 38614df..fb98892 100644
> --- a/net/xfrm/xfrm_user.c
> +++ b/net/xfrm/xfrm_user.c
> @@ -2243,6 +2243,7 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
> int err;
> int n = 0;
> struct net *net = sock_net(skb->sk);
> + struct xfrm_encap_tmpl *encap = NULL;
>
> if (attrs[XFRMA_MIGRATE] == NULL)
> return -EINVAL;
> @@ -2260,9 +2261,18 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
> if (!n)
> return 0;
>
> - xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net);
> + if (attrs[XFRMA_ENCAP]) {
> + encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]),
> + sizeof(*encap), GFP_KERNEL);
> + if (!encap)
> + return 0;
> + }
>
> - return 0;
> + err = xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net, encap);
> +
> + kfree(encap);
> +
> + return err;
> }
> #else
> static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
> --
> 2.9.3
slainte mhath, RGB
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message
2017-06-05 21:56 [PATCH 0/2] add udp encapsulation port to xfrm_do_migrate Antony Antony
2017-06-05 21:56 ` [PATCH 1/2] xfrm: extend MIGRATE with UDP encapsulation port Antony Antony
@ 2017-06-05 21:56 ` Antony Antony
2017-06-06 0:05 ` Richard Guy Briggs
` (2 more replies)
2017-06-06 10:12 ` [PATCH v2 1/2] xfrm: extend MIGRATE with UDP encapsulation port Antony Antony
2017-06-06 10:12 ` [PATCH v2 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
3 siblings, 3 replies; 10+ messages in thread
From: Antony Antony @ 2017-06-05 21:56 UTC (permalink / raw)
To: netdev
Cc: Antony Antony, Steffen Klassert, Herbert Xu, David S . Miller,
Richard Guy Briggs
Add XFRMA_ENCAP, UDP encapsulation port, to km_migrate announcement
to userland. Only add if XFRMA_ENCAP was in user migrate request.
Signed-off-by: Antony Antony <antony@phenome.org>
---
include/net/xfrm.h | 5 +++--
net/key/af_key.c | 3 ++-
net/xfrm/xfrm_policy.c | 2 +-
net/xfrm/xfrm_state.c | 5 +++--
net/xfrm/xfrm_user.c | 23 +++++++++++++++++------
5 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index df98463..9fb75fb 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -631,7 +631,8 @@ struct xfrm_mgr {
u8 dir, u8 type,
const struct xfrm_migrate *m,
int num_bundles,
- const struct xfrm_kmaddress *k);
+ const struct xfrm_kmaddress *k,
+ struct xfrm_encap_tmpl *encap);
bool (*is_alive)(const struct km_event *c);
};
@@ -1675,7 +1676,7 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
#ifdef CONFIG_XFRM_MIGRATE
int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_bundles,
- const struct xfrm_kmaddress *k);
+ const struct xfrm_kmaddress *k, struct xfrm_encap_tmpl *encap);
struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net);
struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
struct xfrm_migrate *m,
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 56df9fb..2ad2286 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3508,7 +3508,8 @@ static int set_ipsecrequest(struct sk_buff *skb,
#ifdef CONFIG_NET_KEY_MIGRATE
static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_bundles,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ struct xfrm_encap_tmpl *encap)
{
int i;
int sasize_sel;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index eaecfa4..7152147 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3337,7 +3337,7 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
}
/* Stage 5 - announce */
- km_migrate(sel, dir, type, m, num_migrate, k);
+ km_migrate(sel, dir, type, m, num_migrate, k, encap);
xfrm_pol_put(pol);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index ae6206b..d6220f7 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1966,7 +1966,7 @@ EXPORT_SYMBOL(km_policy_expired);
#ifdef CONFIG_XFRM_MIGRATE
int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k, struct xfrm_encap_tmpl *encap)
{
int err = -EINVAL;
int ret;
@@ -1975,7 +1975,8 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
rcu_read_lock();
list_for_each_entry_rcu(km, &xfrm_km_list, list) {
if (km->migrate) {
- ret = km->migrate(sel, dir, type, m, num_migrate, k);
+ ret = km->migrate(sel, dir, type, m, num_migrate, k,
+ encap);
if (!ret)
err = ret;
}
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index fb98892..8c54484 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2314,17 +2314,20 @@ static int copy_to_user_kmaddress(const struct xfrm_kmaddress *k, struct sk_buff
return nla_put(skb, XFRMA_KMADDRESS, sizeof(uk), &uk);
}
-static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma)
+static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma,
+ int with_encp)
{
return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id))
+ (with_kma ? nla_total_size(sizeof(struct xfrm_kmaddress)) : 0)
+ + (with_encp ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0)
+ nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate)
+ userpolicy_type_attrsize();
}
static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
int num_migrate, const struct xfrm_kmaddress *k,
- const struct xfrm_selector *sel, u8 dir, u8 type)
+ const struct xfrm_selector *sel,
+ struct xfrm_encap_tmpl *encap, u8 dir, u8 type)
{
const struct xfrm_migrate *mp;
struct xfrm_userpolicy_id *pol_id;
@@ -2346,6 +2349,11 @@ static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
if (err)
goto out_cancel;
}
+ if (encap) {
+ err = nla_put(skb, XFRMA_ENCAP, sizeof(*encap), encap);
+ if (err)
+ goto out_cancel;
+ }
err = copy_to_user_policy_type(type, skb);
if (err)
goto out_cancel;
@@ -2365,17 +2373,19 @@ static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ struct xfrm_encap_tmpl *encap)
{
struct net *net = &init_net;
struct sk_buff *skb;
- skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k), GFP_ATOMIC);
+ skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k, !!encap),
+ GFP_ATOMIC);
if (skb == NULL)
return -ENOMEM;
/* build migrate */
- if (build_migrate(skb, m, num_migrate, k, sel, dir, type) < 0)
+ if (build_migrate(skb, m, num_migrate, k, sel, encap, dir, type) < 0)
BUG();
return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE);
@@ -2383,7 +2393,8 @@ static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
#else
static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ struct xfrm_encap_tmpl *encap)
{
return -ENOPROTOOPT;
}
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread* Re: [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message
2017-06-05 21:56 ` [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
@ 2017-06-06 0:05 ` Richard Guy Briggs
2017-06-06 4:53 ` kbuild test robot
2017-06-06 6:04 ` kbuild test robot
2 siblings, 0 replies; 10+ messages in thread
From: Richard Guy Briggs @ 2017-06-06 0:05 UTC (permalink / raw)
To: Antony Antony; +Cc: netdev, Steffen Klassert, Herbert Xu, David S . Miller
On 2017-06-05 23:56, Antony Antony wrote:
> Add XFRMA_ENCAP, UDP encapsulation port, to km_migrate announcement
> to userland. Only add if XFRMA_ENCAP was in user migrate request.
>
> Signed-off-by: Antony Antony <antony@phenome.org>
Looks reasonable to me.
Reviewed-by: Richard Guy Briggs <rgb@tricolour.ca>
> ---
> include/net/xfrm.h | 5 +++--
> net/key/af_key.c | 3 ++-
> net/xfrm/xfrm_policy.c | 2 +-
> net/xfrm/xfrm_state.c | 5 +++--
> net/xfrm/xfrm_user.c | 23 +++++++++++++++++------
> 5 files changed, 26 insertions(+), 12 deletions(-)
>
> diff --git a/include/net/xfrm.h b/include/net/xfrm.h
> index df98463..9fb75fb 100644
> --- a/include/net/xfrm.h
> +++ b/include/net/xfrm.h
> @@ -631,7 +631,8 @@ struct xfrm_mgr {
> u8 dir, u8 type,
> const struct xfrm_migrate *m,
> int num_bundles,
> - const struct xfrm_kmaddress *k);
> + const struct xfrm_kmaddress *k,
> + struct xfrm_encap_tmpl *encap);
> bool (*is_alive)(const struct km_event *c);
> };
>
> @@ -1675,7 +1676,7 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
> #ifdef CONFIG_XFRM_MIGRATE
> int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> const struct xfrm_migrate *m, int num_bundles,
> - const struct xfrm_kmaddress *k);
> + const struct xfrm_kmaddress *k, struct xfrm_encap_tmpl *encap);
> struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net);
> struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
> struct xfrm_migrate *m,
> diff --git a/net/key/af_key.c b/net/key/af_key.c
> index 56df9fb..2ad2286 100644
> --- a/net/key/af_key.c
> +++ b/net/key/af_key.c
> @@ -3508,7 +3508,8 @@ static int set_ipsecrequest(struct sk_buff *skb,
> #ifdef CONFIG_NET_KEY_MIGRATE
> static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> const struct xfrm_migrate *m, int num_bundles,
> - const struct xfrm_kmaddress *k)
> + const struct xfrm_kmaddress *k,
> + struct xfrm_encap_tmpl *encap)
> {
> int i;
> int sasize_sel;
> diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> index eaecfa4..7152147 100644
> --- a/net/xfrm/xfrm_policy.c
> +++ b/net/xfrm/xfrm_policy.c
> @@ -3337,7 +3337,7 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> }
>
> /* Stage 5 - announce */
> - km_migrate(sel, dir, type, m, num_migrate, k);
> + km_migrate(sel, dir, type, m, num_migrate, k, encap);
>
> xfrm_pol_put(pol);
>
> diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> index ae6206b..d6220f7 100644
> --- a/net/xfrm/xfrm_state.c
> +++ b/net/xfrm/xfrm_state.c
> @@ -1966,7 +1966,7 @@ EXPORT_SYMBOL(km_policy_expired);
> #ifdef CONFIG_XFRM_MIGRATE
> int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> const struct xfrm_migrate *m, int num_migrate,
> - const struct xfrm_kmaddress *k)
> + const struct xfrm_kmaddress *k, struct xfrm_encap_tmpl *encap)
> {
> int err = -EINVAL;
> int ret;
> @@ -1975,7 +1975,8 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> rcu_read_lock();
> list_for_each_entry_rcu(km, &xfrm_km_list, list) {
> if (km->migrate) {
> - ret = km->migrate(sel, dir, type, m, num_migrate, k);
> + ret = km->migrate(sel, dir, type, m, num_migrate, k,
> + encap);
> if (!ret)
> err = ret;
> }
> diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
> index fb98892..8c54484 100644
> --- a/net/xfrm/xfrm_user.c
> +++ b/net/xfrm/xfrm_user.c
> @@ -2314,17 +2314,20 @@ static int copy_to_user_kmaddress(const struct xfrm_kmaddress *k, struct sk_buff
> return nla_put(skb, XFRMA_KMADDRESS, sizeof(uk), &uk);
> }
>
> -static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma)
> +static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma,
> + int with_encp)
> {
> return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id))
> + (with_kma ? nla_total_size(sizeof(struct xfrm_kmaddress)) : 0)
> + + (with_encp ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0)
> + nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate)
> + userpolicy_type_attrsize();
> }
>
> static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
> int num_migrate, const struct xfrm_kmaddress *k,
> - const struct xfrm_selector *sel, u8 dir, u8 type)
> + const struct xfrm_selector *sel,
> + struct xfrm_encap_tmpl *encap, u8 dir, u8 type)
> {
> const struct xfrm_migrate *mp;
> struct xfrm_userpolicy_id *pol_id;
> @@ -2346,6 +2349,11 @@ static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
> if (err)
> goto out_cancel;
> }
> + if (encap) {
> + err = nla_put(skb, XFRMA_ENCAP, sizeof(*encap), encap);
> + if (err)
> + goto out_cancel;
> + }
> err = copy_to_user_policy_type(type, skb);
> if (err)
> goto out_cancel;
> @@ -2365,17 +2373,19 @@ static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
>
> static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> const struct xfrm_migrate *m, int num_migrate,
> - const struct xfrm_kmaddress *k)
> + const struct xfrm_kmaddress *k,
> + struct xfrm_encap_tmpl *encap)
> {
> struct net *net = &init_net;
> struct sk_buff *skb;
>
> - skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k), GFP_ATOMIC);
> + skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k, !!encap),
> + GFP_ATOMIC);
> if (skb == NULL)
> return -ENOMEM;
>
> /* build migrate */
> - if (build_migrate(skb, m, num_migrate, k, sel, dir, type) < 0)
> + if (build_migrate(skb, m, num_migrate, k, sel, encap, dir, type) < 0)
> BUG();
>
> return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE);
> @@ -2383,7 +2393,8 @@ static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> #else
> static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> const struct xfrm_migrate *m, int num_migrate,
> - const struct xfrm_kmaddress *k)
> + const struct xfrm_kmaddress *k,
> + struct xfrm_encap_tmpl *encap)
> {
> return -ENOPROTOOPT;
> }
> --
> 2.9.3
slainte mhath, RGB
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message
2017-06-05 21:56 ` [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
2017-06-06 0:05 ` Richard Guy Briggs
@ 2017-06-06 4:53 ` kbuild test robot
2017-06-06 6:04 ` kbuild test robot
2 siblings, 0 replies; 10+ messages in thread
From: kbuild test robot @ 2017-06-06 4:53 UTC (permalink / raw)
To: Antony Antony
Cc: kbuild-all, netdev, Antony Antony, Steffen Klassert, Herbert Xu,
David S . Miller, Richard Guy Briggs
[-- Attachment #1: Type: text/plain, Size: 9242 bytes --]
Hi Antony,
[auto build test ERROR on ipsec-next/master]
[also build test ERROR on v4.12-rc4 next-20170605]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Antony-Antony/add-udp-encapsulation-port-to-xfrm_do_migrate/20170606-114911
base: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
config: x86_64-randconfig-x015-201723 (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
>> net//key/af_key.c:3836:13: error: initialization from incompatible pointer type [-Werror=incompatible-pointer-types]
.migrate = pfkey_send_migrate,
^~~~~~~~~~~~~~~~~~
net//key/af_key.c:3836:13: note: (near initialization for 'pfkeyv2_mgr.migrate')
Cyclomatic Complexity 5 include/linux/compiler.h:__read_once_size
Cyclomatic Complexity 5 include/linux/compiler.h:__write_once_size
Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:__set_bit
Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:constant_test_bit
Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:variable_test_bit
Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:fls64
Cyclomatic Complexity 1 include/linux/log2.h:__ilog2_u64
Cyclomatic Complexity 1 include/linux/list.h:hlist_unhashed
Cyclomatic Complexity 1 include/linux/list.h:hlist_empty
Cyclomatic Complexity 2 include/linux/list.h:__hlist_del
Cyclomatic Complexity 1 include/asm-generic/getorder.h:__get_order
Cyclomatic Complexity 1 include/linux/err.h:ERR_PTR
Cyclomatic Complexity 1 include/linux/err.h:PTR_ERR
Cyclomatic Complexity 1 include/linux/err.h:IS_ERR
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_read
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_set
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_add
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_inc
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_dec
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_dec_and_test
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_add_return
Cyclomatic Complexity 5 arch/x86/include/asm/preempt.h:__preempt_count_add
Cyclomatic Complexity 5 arch/x86/include/asm/preempt.h:__preempt_count_sub
Cyclomatic Complexity 1 include/linux/spinlock.h:spin_lock_bh
Cyclomatic Complexity 1 include/linux/spinlock.h:spin_unlock_bh
Cyclomatic Complexity 1 include/linux/rcupdate.h:__rcu_read_lock
Cyclomatic Complexity 1 include/linux/rcupdate.h:__rcu_read_unlock
Cyclomatic Complexity 1 include/linux/rcupdate.h:synchronize_rcu
Cyclomatic Complexity 1 include/linux/rcutiny.h:rcu_is_watching
Cyclomatic Complexity 1 include/linux/rcupdate.h:rcu_lock_acquire
Cyclomatic Complexity 1 include/linux/rcupdate.h:rcu_lock_release
Cyclomatic Complexity 4 include/linux/rcupdate.h:rcu_read_lock
Cyclomatic Complexity 4 include/linux/rcupdate.h:rcu_read_unlock
Cyclomatic Complexity 3 include/linux/rculist.h:hlist_add_head_rcu
Cyclomatic Complexity 1 include/linux/kasan.h:kasan_kmalloc
Cyclomatic Complexity 28 include/linux/slab.h:kmalloc_index
Cyclomatic Complexity 1 include/linux/slab.h:kmem_cache_alloc_trace
Cyclomatic Complexity 1 include/linux/slab.h:kmalloc_order_trace
Cyclomatic Complexity 68 include/linux/slab.h:kmalloc_large
Cyclomatic Complexity 5 include/linux/slab.h:kmalloc
Cyclomatic Complexity 1 include/linux/skbuff.h:alloc_skb
Cyclomatic Complexity 1 include/linux/skbuff.h:skb_end_pointer
Cyclomatic Complexity 3 include/linux/skbuff.h:skb_cloned
Cyclomatic Complexity 1 include/linux/skbuff.h:skb_reset_transport_header
Cyclomatic Complexity 2 include/linux/skbuff.h:skb_orphan
Cyclomatic Complexity 1 include/linux/skbuff.h:skb_copy_datagram_msg
Cyclomatic Complexity 2 include/linux/skbuff.h:memcpy_from_msg
Cyclomatic Complexity 1 include/linux/seq_file.h:seq_user_ns
Cyclomatic Complexity 1 include/linux/seq_file_net.h:seq_file_net
Cyclomatic Complexity 1 include/net/net_namespace.h:read_pnet
Cyclomatic Complexity 1 include/linux/proc_fs.h:proc_create
Cyclomatic Complexity 4 include/net/netns/generic.h:net_generic
Cyclomatic Complexity 1 include/net/sock.h:sk_entry
Cyclomatic Complexity 1 include/net/sock.h:sk_unhashed
Cyclomatic Complexity 1 include/net/sock.h:sk_hashed
Cyclomatic Complexity 1 include/net/sock.h:sk_node_init
Cyclomatic Complexity 1 include/net/sock.h:__sk_del_node
Cyclomatic Complexity 2 include/net/sock.h:__sk_del_node_init
Cyclomatic Complexity 1 include/net/sock.h:sock_hold
Cyclomatic Complexity 1 include/net/sock.h:__sock_put
Cyclomatic Complexity 3 include/net/sock.h:sk_del_node_init
Cyclomatic Complexity 1 include/net/sock.h:sk_add_node_rcu
Cyclomatic Complexity 1 include/net/sock.h:sock_set_flag
Cyclomatic Complexity 2 include/net/sock.h:sock_flag
Cyclomatic Complexity 1 include/net/sock.h:sk_has_account
Cyclomatic Complexity 2 include/net/sock.h:sk_mem_charge
Cyclomatic Complexity 2 include/net/sock.h:sock_put
Cyclomatic Complexity 1 include/net/sock.h:sk_tx_queue_clear
Cyclomatic Complexity 1 include/net/sock.h:sk_set_socket
Cyclomatic Complexity 1 include/net/sock.h:sock_orphan
Cyclomatic Complexity 1 include/net/sock.h:sk_wmem_alloc_get
Cyclomatic Complexity 1 include/net/sock.h:sk_rmem_alloc_get
Cyclomatic Complexity 1 include/net/sock.h:skb_set_owner_r
Cyclomatic Complexity 5 include/net/sock.h:sock_recv_ts_and_drops
Cyclomatic Complexity 1 include/net/sock.h:sock_net
Cyclomatic Complexity 1 include/net/ipv6.h:ipv6_addr_equal
Cyclomatic Complexity 1 include/net/xfrm.h:xs_net
Cyclomatic Complexity 1 include/net/xfrm.h:xp_net
Cyclomatic Complexity 2 include/net/xfrm.h:xfrm_pol_put
Cyclomatic Complexity 1 include/net/xfrm.h:__xfrm_state_put
Cyclomatic Complexity 2 include/net/xfrm.h:xfrm_state_put
Cyclomatic Complexity 1 include/net/xfrm.h:xfrm_state_hold
Cyclomatic Complexity 1 include/net/xfrm.h:xfrm_state_kern
Cyclomatic Complexity 1 include/net/xfrm.h:xfrm6_addr_equal
Cyclomatic Complexity 2 include/net/xfrm.h:xfrm_addr_equal
Cyclomatic Complexity 1 include/net/xfrm.h:xfrm_policy_id2dir
Cyclomatic Complexity 1 net//key/af_key.c:pfkey_sk
Cyclomatic Complexity 2 net//key/af_key.c:pfkey_can_dump
Cyclomatic Complexity 1 net//key/af_key.c:pfkey_hdr_dup
Cyclomatic Complexity 4 net//key/af_key.c:verify_address_len
Cyclomatic Complexity 1 net//key/af_key.c:pfkey_sec_ctx_len
Cyclomatic Complexity 3 net//key/af_key.c:verify_sec_ctx_len
Cyclomatic Complexity 2 net//key/af_key.c:pfkey_sadb2xfrm_user_sec_ctx
Cyclomatic Complexity 4 net//key/af_key.c:present_and_same_family
Cyclomatic Complexity 11 net//key/af_key.c:parse_exthdrs
Cyclomatic Complexity 5 net//key/af_key.c:pfkey_satype2proto
Cyclomatic Complexity 4 net//key/af_key.c:pfkey_proto2satype
vim +3836 net//key/af_key.c
61145aa1 Pavel Emelyanov 2008-02-09 3820 {
61145aa1 Pavel Emelyanov 2008-02-09 3821 return 0;
61145aa1 Pavel Emelyanov 2008-02-09 3822 }
61145aa1 Pavel Emelyanov 2008-02-09 3823
2c8c1e72 Alexey Dobriyan 2010-01-17 3824 static inline void pfkey_exit_proc(struct net *net)
61145aa1 Pavel Emelyanov 2008-02-09 3825 {
61145aa1 Pavel Emelyanov 2008-02-09 3826 }
^1da177e Linus Torvalds 2005-04-16 3827 #endif
^1da177e Linus Torvalds 2005-04-16 3828
^1da177e Linus Torvalds 2005-04-16 3829 static struct xfrm_mgr pfkeyv2_mgr =
^1da177e Linus Torvalds 2005-04-16 3830 {
^1da177e Linus Torvalds 2005-04-16 3831 .notify = pfkey_send_notify,
^1da177e Linus Torvalds 2005-04-16 3832 .acquire = pfkey_send_acquire,
^1da177e Linus Torvalds 2005-04-16 3833 .compile_policy = pfkey_compile_policy,
^1da177e Linus Torvalds 2005-04-16 3834 .new_mapping = pfkey_send_new_mapping,
26b15dad Jamal Hadi Salim 2005-06-18 3835 .notify_policy = pfkey_send_policy_notify,
08de61be Shinta Sugimoto 2007-02-08 @3836 .migrate = pfkey_send_migrate,
0f24558e Horia Geanta 2014-02-12 3837 .is_alive = pfkey_is_alive,
^1da177e Linus Torvalds 2005-04-16 3838 };
^1da177e Linus Torvalds 2005-04-16 3839
3fa87a32 Alexey Dobriyan 2008-11-25 3840 static int __net_init pfkey_net_init(struct net *net)
3fa87a32 Alexey Dobriyan 2008-11-25 3841 {
23c049ca Eric W. Biederman 2009-11-29 3842 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3fa87a32 Alexey Dobriyan 2008-11-25 3843 int rv;
3fa87a32 Alexey Dobriyan 2008-11-25 3844
:::::: The code at line 3836 was first introduced by commit
:::::: 08de61beab8a21c8e0b3906a97defda5f1f66ece [PFKEYV2]: Extension for dynamic update of endpoint address(es)
:::::: TO: Shinta Sugimoto <shinta.sugimoto@ericsson.com>
:::::: CC: David S. Miller <davem@davemloft.net>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 26678 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message
2017-06-05 21:56 ` [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
2017-06-06 0:05 ` Richard Guy Briggs
2017-06-06 4:53 ` kbuild test robot
@ 2017-06-06 6:04 ` kbuild test robot
2 siblings, 0 replies; 10+ messages in thread
From: kbuild test robot @ 2017-06-06 6:04 UTC (permalink / raw)
To: Antony Antony
Cc: kbuild-all, netdev, Antony Antony, Steffen Klassert, Herbert Xu,
David S . Miller, Richard Guy Briggs
[-- Attachment #1: Type: text/plain, Size: 3100 bytes --]
Hi Antony,
[auto build test WARNING on ipsec-next/master]
[also build test WARNING on v4.12-rc4 next-20170605]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Antony-Antony/add-udp-encapsulation-port-to-xfrm_do_migrate/20170606-114911
base: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
config: m68k-sun3_defconfig (attached as .config)
compiler: m68k-linux-gcc (GCC) 4.9.0
reproduce:
wget https://raw.githubusercontent.com/01org/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=m68k
All warnings (new ones prefixed by >>):
>> net/key/af_key.c:3836:2: warning: initialization from incompatible pointer type
.migrate = pfkey_send_migrate,
^
net/key/af_key.c:3836:2: warning: (near initialization for 'pfkeyv2_mgr.migrate')
vim +3836 net/key/af_key.c
61145aa1 Pavel Emelyanov 2008-02-09 3820 {
61145aa1 Pavel Emelyanov 2008-02-09 3821 return 0;
61145aa1 Pavel Emelyanov 2008-02-09 3822 }
61145aa1 Pavel Emelyanov 2008-02-09 3823
2c8c1e72 Alexey Dobriyan 2010-01-17 3824 static inline void pfkey_exit_proc(struct net *net)
61145aa1 Pavel Emelyanov 2008-02-09 3825 {
61145aa1 Pavel Emelyanov 2008-02-09 3826 }
^1da177e Linus Torvalds 2005-04-16 3827 #endif
^1da177e Linus Torvalds 2005-04-16 3828
^1da177e Linus Torvalds 2005-04-16 3829 static struct xfrm_mgr pfkeyv2_mgr =
^1da177e Linus Torvalds 2005-04-16 3830 {
^1da177e Linus Torvalds 2005-04-16 3831 .notify = pfkey_send_notify,
^1da177e Linus Torvalds 2005-04-16 3832 .acquire = pfkey_send_acquire,
^1da177e Linus Torvalds 2005-04-16 3833 .compile_policy = pfkey_compile_policy,
^1da177e Linus Torvalds 2005-04-16 3834 .new_mapping = pfkey_send_new_mapping,
26b15dad Jamal Hadi Salim 2005-06-18 3835 .notify_policy = pfkey_send_policy_notify,
08de61be Shinta Sugimoto 2007-02-08 @3836 .migrate = pfkey_send_migrate,
0f24558e Horia Geanta 2014-02-12 3837 .is_alive = pfkey_is_alive,
^1da177e Linus Torvalds 2005-04-16 3838 };
^1da177e Linus Torvalds 2005-04-16 3839
3fa87a32 Alexey Dobriyan 2008-11-25 3840 static int __net_init pfkey_net_init(struct net *net)
3fa87a32 Alexey Dobriyan 2008-11-25 3841 {
23c049ca Eric W. Biederman 2009-11-29 3842 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3fa87a32 Alexey Dobriyan 2008-11-25 3843 int rv;
3fa87a32 Alexey Dobriyan 2008-11-25 3844
:::::: The code at line 3836 was first introduced by commit
:::::: 08de61beab8a21c8e0b3906a97defda5f1f66ece [PFKEYV2]: Extension for dynamic update of endpoint address(es)
:::::: TO: Shinta Sugimoto <shinta.sugimoto@ericsson.com>
:::::: CC: David S. Miller <davem@davemloft.net>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 12002 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v2 1/2] xfrm: extend MIGRATE with UDP encapsulation port
2017-06-05 21:56 [PATCH 0/2] add udp encapsulation port to xfrm_do_migrate Antony Antony
2017-06-05 21:56 ` [PATCH 1/2] xfrm: extend MIGRATE with UDP encapsulation port Antony Antony
2017-06-05 21:56 ` [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
@ 2017-06-06 10:12 ` Antony Antony
2017-06-06 10:12 ` [PATCH v2 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
3 siblings, 0 replies; 10+ messages in thread
From: Antony Antony @ 2017-06-06 10:12 UTC (permalink / raw)
To: netdev
Cc: Antony Antony, Steffen Klassert, Herbert Xu, David S . Miller,
Richard Guy Briggs
Add UDP encapsulation port to XFRM_MSG_MIGRATE using an optional
netlink attribute XFRMA_ENCAP.
The devices that support IKE MOBIKE extension (RFC-4555 Section 3.8)
could go to sleep for a few minutes and wake up. When it wake up the
NAT mapping could have expired, the device send a MOBIKE UPDATE_SA
message to migrate the IPsec SA. The change could be a change UDP
encapsulation port, IP address, or both.
Reported-by: Paul Wouters <pwouters@redhat.com>
Signed-off-by: Antony Antony <antony@phenome.org>
Reviewed-by: Richard Guy Briggs <rgb@tricolour.ca>
---
include/net/xfrm.h | 6 ++++--
net/key/af_key.c | 2 +-
net/xfrm/xfrm_policy.c | 11 ++++-------
net/xfrm/xfrm_state.c | 18 +++++++++++++-----
net/xfrm/xfrm_user.c | 14 ++++++++++++--
5 files changed, 34 insertions(+), 17 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 7e7e2b0..df98463 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1678,10 +1678,12 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_kmaddress *k);
struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net);
struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
- struct xfrm_migrate *m);
+ struct xfrm_migrate *m,
+ struct xfrm_encap_tmpl *encap);
int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
struct xfrm_migrate *m, int num_bundles,
- struct xfrm_kmaddress *k, struct net *net);
+ struct xfrm_kmaddress *k, struct net *net,
+ struct xfrm_encap_tmpl *encap);
#endif
int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 512dc43..56df9fb 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2602,7 +2602,7 @@ static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
}
return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
- kma ? &k : NULL, net);
+ kma ? &k : NULL, net, NULL);
out:
return err;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index ed4e52d..eaecfa4 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3268,11 +3268,6 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
return -EINVAL;
for (i = 0; i < num_migrate; i++) {
- if (xfrm_addr_equal(&m[i].old_daddr, &m[i].new_daddr,
- m[i].old_family) &&
- xfrm_addr_equal(&m[i].old_saddr, &m[i].new_saddr,
- m[i].old_family))
- return -EINVAL;
if (xfrm_addr_any(&m[i].new_daddr, m[i].new_family) ||
xfrm_addr_any(&m[i].new_saddr, m[i].new_family))
return -EINVAL;
@@ -3296,7 +3291,8 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
struct xfrm_migrate *m, int num_migrate,
- struct xfrm_kmaddress *k, struct net *net)
+ struct xfrm_kmaddress *k, struct net *net,
+ struct xfrm_encap_tmpl *encap)
{
int i, err, nx_cur = 0, nx_new = 0;
struct xfrm_policy *pol = NULL;
@@ -3319,7 +3315,8 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
if ((x = xfrm_migrate_state_find(mp, net))) {
x_cur[nx_cur] = x;
nx_cur++;
- if ((xc = xfrm_state_migrate(x, mp))) {
+ xc = xfrm_state_migrate(x, mp, encap);
+ if (xc) {
x_new[nx_new] = xc;
nx_new++;
} else {
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 2e291bc..ae6206b 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1309,7 +1309,8 @@ int xfrm_state_add(struct xfrm_state *x)
EXPORT_SYMBOL(xfrm_state_add);
#ifdef CONFIG_XFRM_MIGRATE
-static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
+static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig,
+ struct xfrm_encap_tmpl *encap)
{
struct net *net = xs_net(orig);
struct xfrm_state *x = xfrm_state_alloc(net);
@@ -1351,8 +1352,14 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
}
x->props.calgo = orig->props.calgo;
- if (orig->encap) {
- x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
+ if (encap || orig->encap) {
+ if (encap)
+ x->encap = kmemdup(encap, sizeof(*x->encap),
+ GFP_KERNEL);
+ else
+ x->encap = kmemdup(orig->encap, sizeof(*x->encap),
+ GFP_KERNEL);
+
if (!x->encap)
goto error;
}
@@ -1442,11 +1449,12 @@ struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *n
EXPORT_SYMBOL(xfrm_migrate_state_find);
struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
- struct xfrm_migrate *m)
+ struct xfrm_migrate *m,
+ struct xfrm_encap_tmpl *encap)
{
struct xfrm_state *xc;
- xc = xfrm_state_clone(x);
+ xc = xfrm_state_clone(x, encap);
if (!xc)
return NULL;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 38614df..fb98892 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2243,6 +2243,7 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
int err;
int n = 0;
struct net *net = sock_net(skb->sk);
+ struct xfrm_encap_tmpl *encap = NULL;
if (attrs[XFRMA_MIGRATE] == NULL)
return -EINVAL;
@@ -2260,9 +2261,18 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
if (!n)
return 0;
- xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net);
+ if (attrs[XFRMA_ENCAP]) {
+ encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]),
+ sizeof(*encap), GFP_KERNEL);
+ if (!encap)
+ return 0;
+ }
- return 0;
+ err = xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net, encap);
+
+ kfree(encap);
+
+ return err;
}
#else
static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread* [PATCH v2 2/2] xfrm: add UDP encapsulation port in migrate message
2017-06-05 21:56 [PATCH 0/2] add udp encapsulation port to xfrm_do_migrate Antony Antony
` (2 preceding siblings ...)
2017-06-06 10:12 ` [PATCH v2 1/2] xfrm: extend MIGRATE with UDP encapsulation port Antony Antony
@ 2017-06-06 10:12 ` Antony Antony
2017-06-07 11:02 ` Steffen Klassert
3 siblings, 1 reply; 10+ messages in thread
From: Antony Antony @ 2017-06-06 10:12 UTC (permalink / raw)
To: netdev
Cc: Antony Antony, Steffen Klassert, Herbert Xu, David S . Miller,
Richard Guy Briggs
Add XFRMA_ENCAP, UDP encapsulation port, to km_migrate announcement
to userland. Only add if XFRMA_ENCAP was in user migrate request.
Signed-off-by: Antony Antony <antony@phenome.org>
Reviewed-by: Richard Guy Briggs <rgb@tricolour.ca>
---
Changes in v2:
- fixed pfkey_send_migrate, warning reported by kbuild test robot
with # CONFIG_NET_KEY_MIGRATE is not set
also tested with # CONFIG_XFRM_MIGRATE is not set
- constify struct xfrm_encap_tmpl *encap in km_migrate
include/net/xfrm.h | 6 ++++--
net/key/af_key.c | 6 ++++--
net/xfrm/xfrm_policy.c | 2 +-
net/xfrm/xfrm_state.c | 6 ++++--
net/xfrm/xfrm_user.c | 23 +++++++++++++++++------
5 files changed, 30 insertions(+), 13 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index df98463..01f5bc1 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -631,7 +631,8 @@ struct xfrm_mgr {
u8 dir, u8 type,
const struct xfrm_migrate *m,
int num_bundles,
- const struct xfrm_kmaddress *k);
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap);
bool (*is_alive)(const struct km_event *c);
};
@@ -1675,7 +1676,8 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
#ifdef CONFIG_XFRM_MIGRATE
int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_bundles,
- const struct xfrm_kmaddress *k);
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap);
struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net);
struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
struct xfrm_migrate *m,
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 56df9fb..98c1ffb 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3508,7 +3508,8 @@ static int set_ipsecrequest(struct sk_buff *skb,
#ifdef CONFIG_NET_KEY_MIGRATE
static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_bundles,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap)
{
int i;
int sasize_sel;
@@ -3618,7 +3619,8 @@ static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
#else
static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_bundles,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap)
{
return -ENOPROTOOPT;
}
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index eaecfa4..7152147 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3337,7 +3337,7 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
}
/* Stage 5 - announce */
- km_migrate(sel, dir, type, m, num_migrate, k);
+ km_migrate(sel, dir, type, m, num_migrate, k, encap);
xfrm_pol_put(pol);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index ae6206b..3f1c4a0 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1966,7 +1966,8 @@ EXPORT_SYMBOL(km_policy_expired);
#ifdef CONFIG_XFRM_MIGRATE
int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap)
{
int err = -EINVAL;
int ret;
@@ -1975,7 +1976,8 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
rcu_read_lock();
list_for_each_entry_rcu(km, &xfrm_km_list, list) {
if (km->migrate) {
- ret = km->migrate(sel, dir, type, m, num_migrate, k);
+ ret = km->migrate(sel, dir, type, m, num_migrate, k,
+ encap);
if (!ret)
err = ret;
}
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index fb98892..6197c72 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2314,17 +2314,20 @@ static int copy_to_user_kmaddress(const struct xfrm_kmaddress *k, struct sk_buff
return nla_put(skb, XFRMA_KMADDRESS, sizeof(uk), &uk);
}
-static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma)
+static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma,
+ int with_encp)
{
return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id))
+ (with_kma ? nla_total_size(sizeof(struct xfrm_kmaddress)) : 0)
+ + (with_encp ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0)
+ nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate)
+ userpolicy_type_attrsize();
}
static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
int num_migrate, const struct xfrm_kmaddress *k,
- const struct xfrm_selector *sel, u8 dir, u8 type)
+ const struct xfrm_selector *sel,
+ const struct xfrm_encap_tmpl *encap, u8 dir, u8 type)
{
const struct xfrm_migrate *mp;
struct xfrm_userpolicy_id *pol_id;
@@ -2346,6 +2349,11 @@ static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
if (err)
goto out_cancel;
}
+ if (encap) {
+ err = nla_put(skb, XFRMA_ENCAP, sizeof(*encap), encap);
+ if (err)
+ goto out_cancel;
+ }
err = copy_to_user_policy_type(type, skb);
if (err)
goto out_cancel;
@@ -2365,17 +2373,19 @@ static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap)
{
struct net *net = &init_net;
struct sk_buff *skb;
- skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k), GFP_ATOMIC);
+ skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k, !!encap),
+ GFP_ATOMIC);
if (skb == NULL)
return -ENOMEM;
/* build migrate */
- if (build_migrate(skb, m, num_migrate, k, sel, dir, type) < 0)
+ if (build_migrate(skb, m, num_migrate, k, sel, encap, dir, type) < 0)
BUG();
return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE);
@@ -2383,7 +2393,8 @@ static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
#else
static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap)
{
return -ENOPROTOOPT;
}
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread* Re: [PATCH v2 2/2] xfrm: add UDP encapsulation port in migrate message
2017-06-06 10:12 ` [PATCH v2 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
@ 2017-06-07 11:02 ` Steffen Klassert
0 siblings, 0 replies; 10+ messages in thread
From: Steffen Klassert @ 2017-06-07 11:02 UTC (permalink / raw)
To: Antony Antony; +Cc: netdev, Herbert Xu, David S . Miller, Richard Guy Briggs
On Tue, Jun 06, 2017 at 12:12:14PM +0200, Antony Antony wrote:
> Add XFRMA_ENCAP, UDP encapsulation port, to km_migrate announcement
> to userland. Only add if XFRMA_ENCAP was in user migrate request.
>
> Signed-off-by: Antony Antony <antony@phenome.org>
> Reviewed-by: Richard Guy Briggs <rgb@tricolour.ca>
Both patches applied to ipsec-next, thanks a lot!
^ permalink raw reply [flat|nested] 10+ messages in thread