Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says: ==================== pull request (net): ipsec 2018-01-24 1) Only offloads SAs after they are fully initialized. Otherwise a NIC may receive packets on a SA we can not yet handle in the stack. From Yossi Kuperman. 2) Fix negative refcount in case of a failing offload. From Aviad Yehezkel. 3) Fix inner IP ptoro version when decapsulating from interaddress family tunnels. From Yossi Kuperman. 4) Use true or false for boolean variables instead of an integer value in xfrm_get_type_offload. From Gustavo A. R. Silva. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
97edf7c526
@ -92,6 +92,7 @@ static int xfrm4_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
|
||||
|
||||
skb_reset_network_header(skb);
|
||||
skb_mac_header_rebuild(skb);
|
||||
eth_hdr(skb)->h_proto = skb->protocol;
|
||||
|
||||
err = 0;
|
||||
|
||||
|
@ -92,6 +92,7 @@ static int xfrm6_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
|
||||
|
||||
skb_reset_network_header(skb);
|
||||
skb_mac_header_rebuild(skb);
|
||||
eth_hdr(skb)->h_proto = skb->protocol;
|
||||
|
||||
err = 0;
|
||||
|
||||
|
@ -102,6 +102,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
|
||||
|
||||
err = dev->xfrmdev_ops->xdo_dev_state_add(x);
|
||||
if (err) {
|
||||
xso->dev = NULL;
|
||||
dev_put(dev);
|
||||
return err;
|
||||
}
|
||||
|
@ -317,7 +317,7 @@ retry:
|
||||
|
||||
if (!type && try_load) {
|
||||
request_module("xfrm-offload-%d-%d", family, proto);
|
||||
try_load = 0;
|
||||
try_load = false;
|
||||
goto retry;
|
||||
}
|
||||
|
||||
@ -2272,8 +2272,6 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload)
|
||||
goto error;
|
||||
}
|
||||
|
||||
x->km.state = XFRM_STATE_VALID;
|
||||
|
||||
error:
|
||||
return err;
|
||||
}
|
||||
@ -2282,7 +2280,13 @@ EXPORT_SYMBOL(__xfrm_init_state);
|
||||
|
||||
int xfrm_init_state(struct xfrm_state *x)
|
||||
{
|
||||
return __xfrm_init_state(x, true, false);
|
||||
int err;
|
||||
|
||||
err = __xfrm_init_state(x, true, false);
|
||||
if (!err)
|
||||
x->km.state = XFRM_STATE_VALID;
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
EXPORT_SYMBOL(xfrm_init_state);
|
||||
|
@ -598,13 +598,6 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (attrs[XFRMA_OFFLOAD_DEV]) {
|
||||
err = xfrm_dev_state_add(net, x,
|
||||
nla_data(attrs[XFRMA_OFFLOAD_DEV]));
|
||||
if (err)
|
||||
goto error;
|
||||
}
|
||||
|
||||
if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn,
|
||||
attrs[XFRMA_REPLAY_ESN_VAL])))
|
||||
goto error;
|
||||
@ -620,6 +613,14 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
|
||||
/* override default values from above */
|
||||
xfrm_update_ae_params(x, attrs, 0);
|
||||
|
||||
/* configure the hardware if offload is requested */
|
||||
if (attrs[XFRMA_OFFLOAD_DEV]) {
|
||||
err = xfrm_dev_state_add(net, x,
|
||||
nla_data(attrs[XFRMA_OFFLOAD_DEV]));
|
||||
if (err)
|
||||
goto error;
|
||||
}
|
||||
|
||||
return x;
|
||||
|
||||
error:
|
||||
@ -662,6 +663,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (x->km.state == XFRM_STATE_VOID)
|
||||
x->km.state = XFRM_STATE_VALID;
|
||||
|
||||
c.seq = nlh->nlmsg_seq;
|
||||
c.portid = nlh->nlmsg_pid;
|
||||
c.event = nlh->nlmsg_type;
|
||||
|
Loading…
Reference in New Issue
Block a user