xfrm: replay: avoid replay indirection (adfc2fdb) · Commits · EulixOS / Software / Kernel

include/net/xfrm.h

+1 −3

Original line number	Diff line number	Diff line
		@@ -306,9 +306,6 @@ struct km_event {
		};

		struct xfrm_replay {
		int (check)(struct xfrm_state x,
		struct sk_buff *skb,
		__be32 net_seq);
		int (overflow)(struct xfrm_state x, struct sk_buff *skb);
		};

		@@ -1719,6 +1716,7 @@ static inline int xfrm_policy_id2dir(u32 index)

		#ifdef CONFIG_XFRM
		void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq);
		int xfrm_replay_check(struct xfrm_state x, struct sk_buff skb, __be32 net_seq);
		void xfrm_replay_notify(struct xfrm_state *x, int event);
		int xfrm_replay_recheck(struct xfrm_state x, struct sk_buff skb, __be32 net_seq);

net/xfrm/xfrm_input.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -612,7 +612,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
		goto drop_unlock;
		}

		if (x->repl->check(x, skb, seq)) {
		if (xfrm_replay_check(x, skb, seq)) {
		XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
		goto drop_unlock;
		}

net/xfrm/xfrm_replay.c

+18 −9

Original line number	Diff line number	Diff line
		@@ -118,7 +118,7 @@ static int xfrm_replay_overflow(struct xfrm_state x, struct sk_buff skb)
		return err;
		}

		static int xfrm_replay_check(struct xfrm_state *x,
		static int xfrm_replay_check_legacy(struct xfrm_state *x,
		struct sk_buff *skb, __be32 net_seq)
		{
		u32 diff;
		@@ -507,6 +507,21 @@ static int xfrm_replay_check_esn(struct xfrm_state *x,
		return -EINVAL;
		}

		int xfrm_replay_check(struct xfrm_state *x,
		struct sk_buff *skb, __be32 net_seq)
		{
		switch (x->repl_mode) {
		case XFRM_REPLAY_MODE_LEGACY:
		break;
		case XFRM_REPLAY_MODE_BMP:
		return xfrm_replay_check_bmp(x, skb, net_seq);
		case XFRM_REPLAY_MODE_ESN:
		return xfrm_replay_check_esn(x, skb, net_seq);
		}

		return xfrm_replay_check_legacy(x, skb, net_seq);
		}

		static int xfrm_replay_recheck_esn(struct xfrm_state *x,
		struct sk_buff *skb, __be32 net_seq)
		{
		@@ -532,7 +547,7 @@ int xfrm_replay_recheck(struct xfrm_state *x,
		return xfrm_replay_recheck_esn(x, skb, net_seq);
		}

		return xfrm_replay_check(x, skb, net_seq);
		return xfrm_replay_check_legacy(x, skb, net_seq);
		}

		static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
		@@ -723,32 +738,26 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
		}

		static const struct xfrm_replay xfrm_replay_legacy = {
		.check = xfrm_replay_check,
		.overflow = xfrm_replay_overflow_offload,
		};

		static const struct xfrm_replay xfrm_replay_bmp = {
		.check = xfrm_replay_check_bmp,
		.overflow = xfrm_replay_overflow_offload_bmp,
		};

		static const struct xfrm_replay xfrm_replay_esn = {
		.check = xfrm_replay_check_esn,
		.overflow = xfrm_replay_overflow_offload_esn,
		};
		#else
		static const struct xfrm_replay xfrm_replay_legacy = {
		.check = xfrm_replay_check,
		.overflow = xfrm_replay_overflow,
		};

		static const struct xfrm_replay xfrm_replay_bmp = {
		.check = xfrm_replay_check_bmp,
		.overflow = xfrm_replay_overflow_bmp,
		};

		static const struct xfrm_replay xfrm_replay_esn = {
		.check = xfrm_replay_check_esn,
		.overflow = xfrm_replay_overflow_esn,
		};
		#endif