Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
Steffen Klassert says: ==================== pull request (net-next): ipsec-next 2020-07-30 Please note that I did the first time now --no-ff merges of my testing branch into the master branch to include the [PATCH 0/n] message of a patchset. Please let me know if this is desirable, or if I should do it any different. 1) Introduce a oseq-may-wrap flag to disable anti-replay protection for manually distributed ICVs as suggested in RFC 4303. From Petr Vaněk. 2) Patchset to fully support IPCOMP for vti4, vti6 and xfrm interfaces. From Xin Long. 3) Switch from a linear list to a hash list for xfrm interface lookups. From Eyal Birger. 4) Fixes to not register one xfrm(6)_tunnel object twice. From Xin Long. 5) Fix two compile errors that were introduced with the IPCOMP support for vti and xfrm interfaces. Also from Xin Long. 6) Make the policy hold queue work with VTI. This was forgotten when VTI was implemented. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
@@ -491,13 +491,16 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
|
||||
}
|
||||
|
||||
dst_hold(dst);
|
||||
dst = xfrm_lookup(t->net, dst, fl, NULL, 0);
|
||||
dst = xfrm_lookup_route(t->net, dst, fl, NULL, 0);
|
||||
if (IS_ERR(dst)) {
|
||||
err = PTR_ERR(dst);
|
||||
dst = NULL;
|
||||
goto tx_err_link_failure;
|
||||
}
|
||||
|
||||
if (dst->flags & DST_XFRM_QUEUE)
|
||||
goto queued;
|
||||
|
||||
x = dst->xfrm;
|
||||
if (!vti6_state_check(x, &t->parms.raddr, &t->parms.laddr))
|
||||
goto tx_err_link_failure;
|
||||
@@ -533,6 +536,7 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
|
||||
goto tx_err_dst_release;
|
||||
}
|
||||
|
||||
queued:
|
||||
skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev)));
|
||||
skb_dst_set(skb, dst);
|
||||
skb->dev = skb_dst(skb)->dev;
|
||||
@@ -1219,6 +1223,33 @@ static struct xfrm6_protocol vti_ipcomp6_protocol __read_mostly = {
|
||||
.priority = 100,
|
||||
};
|
||||
|
||||
#if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
|
||||
static int vti6_rcv_tunnel(struct sk_buff *skb)
|
||||
{
|
||||
const xfrm_address_t *saddr;
|
||||
__be32 spi;
|
||||
|
||||
saddr = (const xfrm_address_t *)&ipv6_hdr(skb)->saddr;
|
||||
spi = xfrm6_tunnel_spi_lookup(dev_net(skb->dev), saddr);
|
||||
|
||||
return vti6_input_proto(skb, IPPROTO_IPV6, spi, 0);
|
||||
}
|
||||
|
||||
static struct xfrm6_tunnel vti_ipv6_handler __read_mostly = {
|
||||
.handler = vti6_rcv_tunnel,
|
||||
.cb_handler = vti6_rcv_cb,
|
||||
.err_handler = vti6_err,
|
||||
.priority = 0,
|
||||
};
|
||||
|
||||
static struct xfrm6_tunnel vti_ip6ip_handler __read_mostly = {
|
||||
.handler = vti6_rcv_tunnel,
|
||||
.cb_handler = vti6_rcv_cb,
|
||||
.err_handler = vti6_err,
|
||||
.priority = 0,
|
||||
};
|
||||
#endif
|
||||
|
||||
/**
|
||||
* vti6_tunnel_init - register protocol and reserve needed resources
|
||||
*
|
||||
@@ -1244,6 +1275,15 @@ static int __init vti6_tunnel_init(void)
|
||||
err = xfrm6_protocol_register(&vti_ipcomp6_protocol, IPPROTO_COMP);
|
||||
if (err < 0)
|
||||
goto xfrm_proto_comp_failed;
|
||||
#if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
|
||||
msg = "ipv6 tunnel";
|
||||
err = xfrm6_tunnel_register(&vti_ipv6_handler, AF_INET6);
|
||||
if (err < 0)
|
||||
goto vti_tunnel_ipv6_failed;
|
||||
err = xfrm6_tunnel_register(&vti_ip6ip_handler, AF_INET);
|
||||
if (err < 0)
|
||||
goto vti_tunnel_ip6ip_failed;
|
||||
#endif
|
||||
|
||||
msg = "netlink interface";
|
||||
err = rtnl_link_register(&vti6_link_ops);
|
||||
@@ -1253,6 +1293,12 @@ static int __init vti6_tunnel_init(void)
|
||||
return 0;
|
||||
|
||||
rtnl_link_failed:
|
||||
#if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
|
||||
err = xfrm6_tunnel_deregister(&vti_ip6ip_handler, AF_INET);
|
||||
vti_tunnel_ip6ip_failed:
|
||||
err = xfrm6_tunnel_deregister(&vti_ipv6_handler, AF_INET6);
|
||||
vti_tunnel_ipv6_failed:
|
||||
#endif
|
||||
xfrm6_protocol_deregister(&vti_ipcomp6_protocol, IPPROTO_COMP);
|
||||
xfrm_proto_comp_failed:
|
||||
xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH);
|
||||
@@ -1271,6 +1317,10 @@ pernet_dev_failed:
|
||||
static void __exit vti6_tunnel_cleanup(void)
|
||||
{
|
||||
rtnl_link_unregister(&vti6_link_ops);
|
||||
#if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
|
||||
xfrm6_tunnel_deregister(&vti_ip6ip_handler, AF_INET);
|
||||
xfrm6_tunnel_deregister(&vti_ipv6_handler, AF_INET6);
|
||||
#endif
|
||||
xfrm6_protocol_deregister(&vti_ipcomp6_protocol, IPPROTO_COMP);
|
||||
xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH);
|
||||
xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP);
|
||||
|
||||
Reference in New Issue
Block a user