Skip to content

Commit

Permalink
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/gi…
Browse files Browse the repository at this point in the history 
…t/klassert/ipsec

Steffen Klassert says:

====================
pull request (net): ipsec 2018-01-24

1) Only offloads SAs after they are fully initialized.
   Otherwise a NIC may receive packets on a SA we can
   not yet handle in the stack.
   From Yossi Kuperman.

2) Fix negative refcount in case of a failing offload.
   From Aviad Yehezkel.

3) Fix inner IP ptoro version when decapsulating
   from interaddress family tunnels.
   From Yossi Kuperman.

4) Use true or false for boolean variables instead of an
   integer value in xfrm_get_type_offload.
   From Gustavo A. R. Silva.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
David S. Miller committed Jan 24, 2018
2 parents 848b159 + 545d8ae commit 97edf7c
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 11 deletions.
1 change: 1 addition & 0 deletions net/ipv4/xfrm4_mode_tunnel.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ static int xfrm4_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)

skb_reset_network_header(skb);
skb_mac_header_rebuild(skb);
eth_hdr(skb)->h_proto = skb->protocol;

err = 0;

Expand Down
1 change: 1 addition & 0 deletions net/ipv6/xfrm6_mode_tunnel.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ static int xfrm6_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)

skb_reset_network_header(skb);
skb_mac_header_rebuild(skb);
eth_hdr(skb)->h_proto = skb->protocol;

err = 0;

Expand Down
1 change: 1 addition & 0 deletions net/xfrm/xfrm_device.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,

err = dev->xfrmdev_ops->xdo_dev_state_add(x);
if (err) {
xso->dev = NULL;
dev_put(dev);
return err;
}
Expand Down
12 changes: 8 additions & 4 deletions net/xfrm/xfrm_state.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -317,7 +317,7 @@ xfrm_get_type_offload(u8 proto, unsigned short family, bool try_load)

if (!type && try_load) {
request_module("xfrm-offload-%d-%d", family, proto);
try_load = 0;
try_load = false;
goto retry;
}

Expand Down Expand Up @@ -2272,8 +2272,6 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload)
goto error;
}

x->km.state = XFRM_STATE_VALID;

error:
return err;
}
Expand All @@ -2282,7 +2280,13 @@ EXPORT_SYMBOL(__xfrm_init_state);

int xfrm_init_state(struct xfrm_state *x)
{
return __xfrm_init_state(x, true, false);
int err;

err = __xfrm_init_state(x, true, false);
if (!err)
x->km.state = XFRM_STATE_VALID;

return err;
}

EXPORT_SYMBOL(xfrm_init_state);
Expand Down
18 changes: 11 additions & 7 deletions net/xfrm/xfrm_user.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -598,13 +598,6 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
goto error;
}

if (attrs[XFRMA_OFFLOAD_DEV]) {
err = xfrm_dev_state_add(net, x,
nla_data(attrs[XFRMA_OFFLOAD_DEV]));
if (err)
goto error;
}

if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn,
attrs[XFRMA_REPLAY_ESN_VAL])))
goto error;
Expand All @@ -620,6 +613,14 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
/* override default values from above */
xfrm_update_ae_params(x, attrs, 0);

/* configure the hardware if offload is requested */
if (attrs[XFRMA_OFFLOAD_DEV]) {
err = xfrm_dev_state_add(net, x,
nla_data(attrs[XFRMA_OFFLOAD_DEV]));
if (err)
goto error;
}

return x;

error:
Expand Down Expand Up @@ -662,6 +663,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
goto out;
}

if (x->km.state == XFRM_STATE_VOID)
x->km.state = XFRM_STATE_VALID;

c.seq = nlh->nlmsg_seq;
c.portid = nlh->nlmsg_pid;
c.event = nlh->nlmsg_type;
Expand Down

0 comments on commit 97edf7c

Please sign in to comment.