[XFRM] Probe selected algorithm only

[XFRM] Probe selected algorithm only

[Herbert Xu]

[-- Attachment #1: Type: text/plain, Size: 825 bytes --]

Hi Dave:

This patch removes an annoying problem in xfrm_user.  As it is every
time an SA is added it probes every known algorithm in the universe.
Now if they all existed it would be OK.  However, for the ones which
don't actually exist this causes multiple /sbin/modprobe processes to
be spawned which slows the system down when you're adding hundreds of
SAs.

Since we know the type of algorithm required when we're adding a new
SA, we can get away with only probing the selected algorithms.  This
is what the following patch does for xfrm_user.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[-- Attachment #2: p --]
[-- Type: text/plain, Size: 7256 bytes --]

===== include/linux/crypto.h 1.31 vs edited =====
--- 1.31/include/linux/crypto.h	2004-12-01 17:00:21 +11:00
+++ edited/include/linux/crypto.h	2005-01-21 21:11:45 +11:00
@@ -16,6 +16,7 @@
 #ifndef _LINUX_CRYPTO_H
 #define _LINUX_CRYPTO_H
 
+#include <linux/config.h>
 #include <linux/module.h>
 #include <linux/kernel.h>
 #include <linux/types.h>
@@ -121,7 +122,14 @@
 /*
  * Algorithm query interface.
  */
+#ifdef CONFIG_CRYPTO
 int crypto_alg_available(const char *name, u32 flags);
+#else
+static inline int crypto_alg_available(const char *name, u32 flags)
+{
+	return 0;
+}
+#endif
 
 /*
  * Transforms: user-instantiated objects which encapsulate algorithms
===== include/net/xfrm.h 1.73 vs edited =====
--- 1.73/include/net/xfrm.h	2004-12-28 14:49:57 +11:00
+++ edited/include/net/xfrm.h	2005-01-21 21:02:36 +11:00
@@ -873,9 +873,9 @@
 extern struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id);
 extern struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id);
 extern struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id);
-extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name);
-extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name);
-extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name);
+extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe);
+extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe);
+extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe);
 
 struct crypto_tfm;
 typedef void (icv_update_fn_t)(struct crypto_tfm *, struct scatterlist *, unsigned int);
===== net/ipv4/ah4.c 1.40 vs edited =====
--- 1.40/net/ipv4/ah4.c	2004-08-22 15:00:07 +10:00
+++ edited/net/ipv4/ah4.c	2005-01-21 21:03:39 +11:00
@@ -236,7 +236,7 @@
 	 * we need for AH processing.  This lookup cannot fail here
 	 * after a successful crypto_alloc_tfm().
 	 */
-	aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name);
+	aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 	BUG_ON(!aalg_desc);
 
 	if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
===== net/ipv4/esp4.c 1.54 vs edited =====
--- 1.54/net/ipv4/esp4.c	2004-08-22 15:00:07 +10:00
+++ edited/net/ipv4/esp4.c	2005-01-21 21:04:37 +11:00
@@ -392,7 +392,7 @@
 			goto error;
 		esp->auth.icv = esp_hmac_digest;
 
-		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name);
+		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 		BUG_ON(!aalg_desc);
 
 		if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
===== net/ipv4/ipcomp.c 1.30 vs edited =====
--- 1.30/net/ipv4/ipcomp.c	2004-09-11 07:36:51 +10:00
+++ edited/net/ipv4/ipcomp.c	2005-01-21 21:04:40 +11:00
@@ -472,7 +472,7 @@
 			goto error_tunnel;
 	}
 
-	calg_desc = xfrm_calg_get_byname(x->calg->alg_name);
+	calg_desc = xfrm_calg_get_byname(x->calg->alg_name, 0);
 	BUG_ON(!calg_desc);
 	ipcd->threshold = calg_desc->uinfo.comp.threshold;
 	x->data = ipcd;
===== net/ipv6/ah6.c 1.41 vs edited =====
--- 1.41/net/ipv6/ah6.c	2004-08-22 15:00:07 +10:00
+++ edited/net/ipv6/ah6.c	2005-01-21 21:04:45 +11:00
@@ -375,7 +375,7 @@
 	 * we need for AH processing.  This lookup cannot fail here
 	 * after a successful crypto_alloc_tfm().
 	 */
-	aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name);
+	aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 	BUG_ON(!aalg_desc);
 
 	if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
===== net/ipv6/esp6.c 1.37 vs edited =====
--- 1.37/net/ipv6/esp6.c	2004-08-22 15:00:07 +10:00
+++ edited/net/ipv6/esp6.c	2005-01-21 21:04:48 +11:00
@@ -329,7 +329,7 @@
 			goto error;
 		esp->auth.icv = esp_hmac_digest;
  
-		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name);
+		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 		BUG_ON(!aalg_desc);
  
 		if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
===== net/ipv6/ipcomp6.c 1.19 vs edited =====
--- 1.19/net/ipv6/ipcomp6.c	2004-09-11 07:36:51 +10:00
+++ edited/net/ipv6/ipcomp6.c	2005-01-21 21:04:51 +11:00
@@ -468,7 +468,7 @@
 			goto error_tunnel;
 	}
 
-	calg_desc = xfrm_calg_get_byname(x->calg->alg_name);
+	calg_desc = xfrm_calg_get_byname(x->calg->alg_name, 0);
 	BUG_ON(!calg_desc);
 	ipcd->threshold = calg_desc->uinfo.comp.threshold;
 	x->data = ipcd;
===== net/xfrm/xfrm_algo.c 1.15 vs edited =====
--- 1.15/net/xfrm/xfrm_algo.c	2004-12-28 13:33:32 +11:00
+++ edited/net/xfrm/xfrm_algo.c	2005-01-21 21:17:12 +11:00
@@ -13,6 +13,7 @@
 #include <linux/module.h>
 #include <linux/kernel.h>
 #include <linux/pfkeyv2.h>
+#include <linux/crypto.h>
 #include <net/xfrm.h>
 #if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
 #include <net/ah.h>
@@ -346,58 +347,48 @@
 	return NULL;
 }
 
-struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name)
+static struct xfrm_algo_desc *xfrm_get_byname(struct xfrm_algo_desc *list,
+					      int entries, char *name,
+					      int probe)
 {
-	int i;
+	int i, status;
 
 	if (!name)
 		return NULL;
 
-	for (i=0; i < aalg_entries(); i++) {
-		if (strcmp(name, aalg_list[i].name) == 0) {
-			if (aalg_list[i].available)
-				return &aalg_list[i];
-			else
-				break;
-		}
+	for (i = 0; i < entries; i++) {
+		if (!strcmp(name, list[i].name))
+			continue;
+
+		if (list[i].available)
+			return &list[i];
+
+		if (!probe)
+			break;
+
+		status = crypto_alg_available(name, 0);
+		if (!status)
+			break;
+
+		list[i].available = status;
+		return &list[i];
 	}
 	return NULL;
 }
 
-struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name)
+struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe)
 {
-	int i;
-
-	if (!name)
-		return NULL;
-
-	for (i=0; i < ealg_entries(); i++) {
-		if (strcmp(name, ealg_list[i].name) == 0) {
-			if (ealg_list[i].available)
-				return &ealg_list[i];
-			else
-				break;
-		}
-	}
-	return NULL;
+	return xfrm_get_byname(aalg_list, aalg_entries(), name, probe);
 }
 
-struct xfrm_algo_desc *xfrm_calg_get_byname(char *name)
+struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe)
 {
-	int i;
-
-	if (!name)
-		return NULL;
+	return xfrm_get_byname(ealg_list, ealg_entries(), name, probe);
+}
 
-	for (i=0; i < calg_entries(); i++) {
-		if (strcmp(name, calg_list[i].name) == 0) {
-			if (calg_list[i].available)
-				return &calg_list[i];
-			else
-				break;
-		}
-	}
-	return NULL;
+struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe)
+{
+	return xfrm_get_byname(calg_list, calg_entries(), name, probe);
 }
 
 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
===== net/xfrm/xfrm_user.c 1.51 vs edited =====
--- 1.51/net/xfrm/xfrm_user.c	2004-12-28 13:33:32 +11:00
+++ edited/net/xfrm/xfrm_user.c	2005-01-21 21:05:50 +11:00
@@ -156,7 +156,7 @@
 }
 
 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props,
-			   struct xfrm_algo_desc *(*get_byname)(char *),
+			   struct xfrm_algo_desc *(*get_byname)(char *, int),
 			   struct rtattr *u_arg)
 {
 	struct rtattr *rta = u_arg;
@@ -168,7 +168,7 @@
 
 	ualg = RTA_DATA(rta);
 
-	algo = get_byname(ualg->alg_name);
+	algo = get_byname(ualg->alg_name, 1);
 	if (!algo)
 		return -ENOSYS;
 	*props = algo->desc.sadb_alg_id;
@@ -272,8 +272,6 @@
 	err = verify_newsa_info(p, (struct rtattr **) xfrma);
 	if (err)
 		return err;
-
-	xfrm_probe_algs();
 
 	x = xfrm_state_construct(p, (struct rtattr **) xfrma, &err);
 	if (!x)

Re: [XFRM] Probe selected algorithm only

[James Morris]

On Fri, 21 Jan 2005, Herbert Xu wrote:

> Hi Dave:
> 
> This patch removes an annoying problem in xfrm_user.  As it is every
> time an SA is added it probes every known algorithm in the universe.
> Now if they all existed it would be OK.  However, for the ones which
> don't actually exist this causes multiple /sbin/modprobe processes to
> be spawned which slows the system down when you're adding hundreds of
> SAs.
> 
> Since we know the type of algorithm required when we're adding a new
> SA, we can get away with only probing the selected algorithms.  This
> is what the following patch does for xfrm_user.
> 
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Looks good to me.

Signed-off-by: James Morris <jmorris@redhat.com>



- James
-- 
James Morris
<jmorris@redhat.com>

Re: [XFRM] Probe selected algorithm only

[Herbert Xu]

[-- Attachment #1: Type: text/plain, Size: 1127 bytes --]

On Fri, Jan 21, 2005 at 09:01:41AM -0500, James Morris wrote:
> On Fri, 21 Jan 2005, Herbert Xu wrote:
 > 
> > This patch removes an annoying problem in xfrm_user.  As it is every
> > time an SA is added it probes every known algorithm in the universe.
> > Now if they all existed it would be OK.  However, for the ones which
> > don't actually exist this causes multiple /sbin/modprobe processes to
> > be spawned which slows the system down when you're adding hundreds of
> > SAs.
> > 
> > Since we know the type of algorithm required when we're adding a new
> > SA, we can get away with only probing the selected algorithms.  This
> > is what the following patch does for xfrm_user.
> > 
> > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> 
> Looks good to me.
> 
> Signed-off-by: James Morris <jmorris@redhat.com>

Sorry, I forgot to update the calls in af_key.  Here is the corrected
version.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[-- Attachment #2: p --]
[-- Type: text/plain, Size: 8280 bytes --]

===== include/linux/crypto.h 1.31 vs edited =====
--- 1.31/include/linux/crypto.h	2004-12-01 17:00:21 +11:00
+++ edited/include/linux/crypto.h	2005-01-21 21:11:45 +11:00
@@ -16,6 +16,7 @@
 #ifndef _LINUX_CRYPTO_H
 #define _LINUX_CRYPTO_H
 
+#include <linux/config.h>
 #include <linux/module.h>
 #include <linux/kernel.h>
 #include <linux/types.h>
@@ -121,7 +122,14 @@
 /*
  * Algorithm query interface.
  */
+#ifdef CONFIG_CRYPTO
 int crypto_alg_available(const char *name, u32 flags);
+#else
+static inline int crypto_alg_available(const char *name, u32 flags)
+{
+	return 0;
+}
+#endif
 
 /*
  * Transforms: user-instantiated objects which encapsulate algorithms
===== include/net/xfrm.h 1.73 vs edited =====
--- 1.73/include/net/xfrm.h	2004-12-28 14:49:57 +11:00
+++ edited/include/net/xfrm.h	2005-01-21 21:02:36 +11:00
@@ -873,9 +873,9 @@
 extern struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id);
 extern struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id);
 extern struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id);
-extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name);
-extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name);
-extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name);
+extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe);
+extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe);
+extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe);
 
 struct crypto_tfm;
 typedef void (icv_update_fn_t)(struct crypto_tfm *, struct scatterlist *, unsigned int);
===== net/ipv4/ah4.c 1.40 vs edited =====
--- 1.40/net/ipv4/ah4.c	2004-08-22 15:00:07 +10:00
+++ edited/net/ipv4/ah4.c	2005-01-21 21:03:39 +11:00
@@ -236,7 +236,7 @@
 	 * we need for AH processing.  This lookup cannot fail here
 	 * after a successful crypto_alloc_tfm().
 	 */
-	aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name);
+	aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 	BUG_ON(!aalg_desc);
 
 	if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
===== net/ipv4/esp4.c 1.54 vs edited =====
--- 1.54/net/ipv4/esp4.c	2004-08-22 15:00:07 +10:00
+++ edited/net/ipv4/esp4.c	2005-01-21 21:04:37 +11:00
@@ -392,7 +392,7 @@
 			goto error;
 		esp->auth.icv = esp_hmac_digest;
 
-		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name);
+		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 		BUG_ON(!aalg_desc);
 
 		if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
===== net/ipv4/ipcomp.c 1.30 vs edited =====
--- 1.30/net/ipv4/ipcomp.c	2004-09-11 07:36:51 +10:00
+++ edited/net/ipv4/ipcomp.c	2005-01-21 21:04:40 +11:00
@@ -472,7 +472,7 @@
 			goto error_tunnel;
 	}
 
-	calg_desc = xfrm_calg_get_byname(x->calg->alg_name);
+	calg_desc = xfrm_calg_get_byname(x->calg->alg_name, 0);
 	BUG_ON(!calg_desc);
 	ipcd->threshold = calg_desc->uinfo.comp.threshold;
 	x->data = ipcd;
===== net/ipv6/ah6.c 1.41 vs edited =====
--- 1.41/net/ipv6/ah6.c	2004-08-22 15:00:07 +10:00
+++ edited/net/ipv6/ah6.c	2005-01-21 21:04:45 +11:00
@@ -375,7 +375,7 @@
 	 * we need for AH processing.  This lookup cannot fail here
 	 * after a successful crypto_alloc_tfm().
 	 */
-	aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name);
+	aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 	BUG_ON(!aalg_desc);
 
 	if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
===== net/ipv6/esp6.c 1.37 vs edited =====
--- 1.37/net/ipv6/esp6.c	2004-08-22 15:00:07 +10:00
+++ edited/net/ipv6/esp6.c	2005-01-21 21:04:48 +11:00
@@ -329,7 +329,7 @@
 			goto error;
 		esp->auth.icv = esp_hmac_digest;
  
-		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name);
+		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 		BUG_ON(!aalg_desc);
  
 		if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
===== net/ipv6/ipcomp6.c 1.19 vs edited =====
--- 1.19/net/ipv6/ipcomp6.c	2004-09-11 07:36:51 +10:00
+++ edited/net/ipv6/ipcomp6.c	2005-01-21 21:04:51 +11:00
@@ -468,7 +468,7 @@
 			goto error_tunnel;
 	}
 
-	calg_desc = xfrm_calg_get_byname(x->calg->alg_name);
+	calg_desc = xfrm_calg_get_byname(x->calg->alg_name, 0);
 	BUG_ON(!calg_desc);
 	ipcd->threshold = calg_desc->uinfo.comp.threshold;
 	x->data = ipcd;
===== net/key/af_key.c 1.68 vs edited =====
--- 1.68/net/key/af_key.c	2005-01-14 15:41:06 +11:00
+++ edited/net/key/af_key.c	2005-01-22 09:44:04 +11:00
@@ -665,18 +665,18 @@
 		sa->sadb_sa_state = SADB_SASTATE_DEAD;
 	sa->sadb_sa_auth = 0;
 	if (x->aalg) {
-		struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name);
+		struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 		sa->sadb_sa_auth = a ? a->desc.sadb_alg_id : 0;
 	}
 	sa->sadb_sa_encrypt = 0;
 	BUG_ON(x->ealg && x->calg);
 	if (x->ealg) {
-		struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name);
+		struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0);
 		sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0;
 	}
 	/* KAME compatible: sadb_sa_encrypt is overloaded with calg id */
 	if (x->calg) {
-		struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name);
+		struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0);
 		sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0;
 	}
 
===== net/xfrm/xfrm_algo.c 1.15 vs edited =====
--- 1.15/net/xfrm/xfrm_algo.c	2004-12-28 13:33:32 +11:00
+++ edited/net/xfrm/xfrm_algo.c	2005-01-21 21:17:12 +11:00
@@ -13,6 +13,7 @@
 #include <linux/module.h>
 #include <linux/kernel.h>
 #include <linux/pfkeyv2.h>
+#include <linux/crypto.h>
 #include <net/xfrm.h>
 #if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
 #include <net/ah.h>
@@ -346,58 +347,48 @@
 	return NULL;
 }
 
-struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name)
+static struct xfrm_algo_desc *xfrm_get_byname(struct xfrm_algo_desc *list,
+					      int entries, char *name,
+					      int probe)
 {
-	int i;
+	int i, status;
 
 	if (!name)
 		return NULL;
 
-	for (i=0; i < aalg_entries(); i++) {
-		if (strcmp(name, aalg_list[i].name) == 0) {
-			if (aalg_list[i].available)
-				return &aalg_list[i];
-			else
-				break;
-		}
+	for (i = 0; i < entries; i++) {
+		if (!strcmp(name, list[i].name))
+			continue;
+
+		if (list[i].available)
+			return &list[i];
+
+		if (!probe)
+			break;
+
+		status = crypto_alg_available(name, 0);
+		if (!status)
+			break;
+
+		list[i].available = status;
+		return &list[i];
 	}
 	return NULL;
 }
 
-struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name)
+struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe)
 {
-	int i;
-
-	if (!name)
-		return NULL;
-
-	for (i=0; i < ealg_entries(); i++) {
-		if (strcmp(name, ealg_list[i].name) == 0) {
-			if (ealg_list[i].available)
-				return &ealg_list[i];
-			else
-				break;
-		}
-	}
-	return NULL;
+	return xfrm_get_byname(aalg_list, aalg_entries(), name, probe);
 }
 
-struct xfrm_algo_desc *xfrm_calg_get_byname(char *name)
+struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe)
 {
-	int i;
-
-	if (!name)
-		return NULL;
+	return xfrm_get_byname(ealg_list, ealg_entries(), name, probe);
+}
 
-	for (i=0; i < calg_entries(); i++) {
-		if (strcmp(name, calg_list[i].name) == 0) {
-			if (calg_list[i].available)
-				return &calg_list[i];
-			else
-				break;
-		}
-	}
-	return NULL;
+struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe)
+{
+	return xfrm_get_byname(calg_list, calg_entries(), name, probe);
 }
 
 struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx)
===== net/xfrm/xfrm_user.c 1.51 vs edited =====
--- 1.51/net/xfrm/xfrm_user.c	2004-12-28 13:33:32 +11:00
+++ edited/net/xfrm/xfrm_user.c	2005-01-21 21:05:50 +11:00
@@ -156,7 +156,7 @@
 }
 
 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props,
-			   struct xfrm_algo_desc *(*get_byname)(char *),
+			   struct xfrm_algo_desc *(*get_byname)(char *, int),
 			   struct rtattr *u_arg)
 {
 	struct rtattr *rta = u_arg;
@@ -168,7 +168,7 @@
 
 	ualg = RTA_DATA(rta);
 
-	algo = get_byname(ualg->alg_name);
+	algo = get_byname(ualg->alg_name, 1);
 	if (!algo)
 		return -ENOSYS;
 	*props = algo->desc.sadb_alg_id;
@@ -272,8 +272,6 @@
 	err = verify_newsa_info(p, (struct rtattr **) xfrma);
 	if (err)
 		return err;
-
-	xfrm_probe_algs();
 
 	x = xfrm_state_construct(p, (struct rtattr **) xfrma, &err);
 	if (!x)

Re: [XFRM] Probe selected algorithm only

[David S. Miller]

On Sat, 22 Jan 2005 09:45:46 +1100
Herbert Xu <herbert@gondor.apana.org.au> wrote:

> > > Since we know the type of algorithm required when we're adding a new
> > > SA, we can get away with only probing the selected algorithms.  This
> > > is what the following patch does for xfrm_user.
> > > 
> > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> > 
> > Looks good to me.
> > 
> > Signed-off-by: James Morris <jmorris@redhat.com>
> 
> Sorry, I forgot to update the calls in af_key.  Here is the corrected
> version.

Applied, thanks Herbert.

Re: [XFRM] Probe selected algorithm only

[Andreas Schwab]

Herbert Xu <herbert@gondor.apana.org.au> writes:

> ===== net/xfrm/xfrm_algo.c 1.15 vs edited =====
> --- 1.15/net/xfrm/xfrm_algo.c	2004-12-28 13:33:32 +11:00
> +++ edited/net/xfrm/xfrm_algo.c	2005-01-21 21:17:12 +11:00
> @@ -13,6 +13,7 @@
>  #include <linux/module.h>
>  #include <linux/kernel.h>
>  #include <linux/pfkeyv2.h>
> +#include <linux/crypto.h>
>  #include <net/xfrm.h>
>  #if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
>  #include <net/ah.h>
> @@ -346,58 +347,48 @@
>  	return NULL;
>  }
>  
> -struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name)
> +static struct xfrm_algo_desc *xfrm_get_byname(struct xfrm_algo_desc *list,
> +					      int entries, char *name,
> +					      int probe)
>  {
> -	int i;
> +	int i, status;
>  
>  	if (!name)
>  		return NULL;
>  
> -	for (i=0; i < aalg_entries(); i++) {
> -		if (strcmp(name, aalg_list[i].name) == 0) {
> -			if (aalg_list[i].available)
> -				return &aalg_list[i];
> -			else
> -				break;
> -		}
> +	for (i = 0; i < entries; i++) {
> +		if (!strcmp(name, list[i].name))
> +			continue;

You probably didn't mean this. :-)

Return the first matching entry in xfrm_get_byname instead of the first
non-matching one.

Signed-off-by: Andreas Schwab <schwab@suse.de>

--- linux-2.6.11-rc3/net/xfrm/xfrm_algo.c.~1~	2005-02-03 22:54:42.000000000 +0100
+++ linux-2.6.11-rc3/net/xfrm/xfrm_algo.c	2005-02-04 21:56:11.000000000 +0100
@@ -357,7 +357,7 @@ static struct xfrm_algo_desc *xfrm_get_b
 		return NULL;
 
 	for (i = 0; i < entries; i++) {
-		if (!strcmp(name, list[i].name))
+		if (strcmp(name, list[i].name) != 0)
 			continue;
 
 		if (list[i].available)

Andreas.

-- 
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

Re: [XFRM] Probe selected algorithm only

[Herbert Xu]

On Fri, Feb 04, 2005 at 10:29:49PM +0100, Andreas Schwab wrote:
> 
> Return the first matching entry in xfrm_get_byname instead of the first
> non-matching one.

Yes you're totally right.  Dave has already added a fix for this to
his tree.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt