tcp: Add l3index to tcp_md5sig_key and md5 functions
Add l3index to tcp_md5sig_key to represent the L3 domain of a key, and add l3index to tcp_md5_do_add and tcp_md5_do_del to fill in the key. With the key now based on an l3index, add the new parameter to the lookup functions and consider the l3index when looking for a match. The l3index comes from the skb when processing ingress packets leveraging the helpers created for socket lookups, tcp_v4_sdif and inet_iif (and the v6 variants). When the sdif index is set it means the packet ingressed a device that is part of an L3 domain and inet_iif points to the VRF device. For egress, the L3 domain is determined from the socket binding and sk_bound_dev_if. Signed-off-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David Ahern
committed by
David S. Miller
David S. Miller
parent
534322ca3d
commit
dea53bb80e
@@ -1532,8 +1532,9 @@ struct tcp_md5sig_key {
|
||||
struct hlist_node node;
|
||||
u8 keylen;
|
||||
u8 family; /* AF_INET or AF_INET6 */
|
||||
union tcp_md5_addr addr;
|
||||
u8 prefixlen;
|
||||
union tcp_md5_addr addr;
|
||||
int l3index; /* set if key added with L3 scope */
|
||||
u8 key[TCP_MD5SIG_MAXKEYLEN];
|
||||
struct rcu_head rcu;
|
||||
};
|
||||
@@ -1577,34 +1578,33 @@ struct tcp_md5sig_pool {
|
||||
int tcp_v4_md5_hash_skb(char *md5_hash, const struct tcp_md5sig_key *key,
|
||||
const struct sock *sk, const struct sk_buff *skb);
|
||||
int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr,
|
||||
int family, u8 prefixlen, const u8 *newkey, u8 newkeylen,
|
||||
gfp_t gfp);
|
||||
int family, u8 prefixlen, int l3index,
|
||||
const u8 *newkey, u8 newkeylen, gfp_t gfp);
|
||||
int tcp_md5_do_del(struct sock *sk, const union tcp_md5_addr *addr,
|
||||
int family, u8 prefixlen);
|
||||
int family, u8 prefixlen, int l3index);
|
||||
struct tcp_md5sig_key *tcp_v4_md5_lookup(const struct sock *sk,
|
||||
const struct sock *addr_sk);
|
||||
|
||||
#ifdef CONFIG_TCP_MD5SIG
|
||||
#include <linux/jump_label.h>
|
||||
extern struct static_key_false tcp_md5_needed;
|
||||
struct tcp_md5sig_key *__tcp_md5_do_lookup(const struct sock *sk,
|
||||
struct tcp_md5sig_key *__tcp_md5_do_lookup(const struct sock *sk, int l3index,
|
||||
const union tcp_md5_addr *addr,
|
||||
int family);
|
||||
static inline struct tcp_md5sig_key *
|
||||
tcp_md5_do_lookup(const struct sock *sk,
|
||||
const union tcp_md5_addr *addr,
|
||||
int family)
|
||||
tcp_md5_do_lookup(const struct sock *sk, int l3index,
|
||||
const union tcp_md5_addr *addr, int family)
|
||||
{
|
||||
if (!static_branch_unlikely(&tcp_md5_needed))
|
||||
return NULL;
|
||||
return __tcp_md5_do_lookup(sk, addr, family);
|
||||
return __tcp_md5_do_lookup(sk, l3index, addr, family);
|
||||
}
|
||||
|
||||
#define tcp_twsk_md5_key(twsk) ((twsk)->tw_md5_key)
|
||||
#else
|
||||
static inline struct tcp_md5sig_key *tcp_md5_do_lookup(const struct sock *sk,
|
||||
const union tcp_md5_addr *addr,
|
||||
int family)
|
||||
static inline struct tcp_md5sig_key *
|
||||
tcp_md5_do_lookup(const struct sock *sk, int l3index,
|
||||
const union tcp_md5_addr *addr, int family)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user