diff options
| author | Steffen Klassert <steffen.klassert@secunet.com> | 2023-10-10 10:47:41 +0300 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2023-10-10 10:47:41 +0300 |
| commit | efedce336d71e238fbbada0f54b2bff9bf0509e9 (patch) | |
| tree | 8afd6d450629685f986249d286b5556efc9b9d2b /include | |
| parent | e377240a8eb06fb3ea1e77d3e252d79bbfa5d490 (diff) | |
| parent | 7a0207094f1b14b2a690594e9b3587dddff0be5d (diff) | |
| download | linux-efedce336d71e238fbbada0f54b2bff9bf0509e9.tar.xz | |
Merge branch 'xfrm: policy: replace session decode with flow dissector'
Florian Westphal says:
============
Remove the ipv4+ipv6 session decode functions and use generic flow
dissector to populate the flowi for the policy lookup.
Changes since v2:
- first patch broke CONFIG_XFRM=n builds
Changes since v1:
- Can't use skb_flow_dissect(), we might see skbs that have neither
skb->sk nor skb->dev set. Flow dissector WARN()s in this case, it
tries to check for a bpf program assigned in that net namespace.
Add a preparation patch to pass down 'struct net' in
xfrm_decode_session so its available for use in patch 3.
Changes since RFC:
- Drop mobility header support. I don't think that anyone uses
this. MOBIKE doesn't appear to need this either.
- Drop fl6->flowlabel assignment, original code leaves it as 0.
There is no reason for this change other than to remove code.
============
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/xfrm.h | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 4681ecfb85ac..c9bb0f892f55 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1207,20 +1207,20 @@ static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir, return __xfrm_policy_check2(sk, dir, skb, AF_INET6, 1); } -int __xfrm_decode_session(struct sk_buff *skb, struct flowi *fl, +int __xfrm_decode_session(struct net *net, struct sk_buff *skb, struct flowi *fl, unsigned int family, int reverse); -static inline int xfrm_decode_session(struct sk_buff *skb, struct flowi *fl, +static inline int xfrm_decode_session(struct net *net, struct sk_buff *skb, struct flowi *fl, unsigned int family) { - return __xfrm_decode_session(skb, fl, family, 0); + return __xfrm_decode_session(net, skb, fl, family, 0); } -static inline int xfrm_decode_session_reverse(struct sk_buff *skb, +static inline int xfrm_decode_session_reverse(struct net *net, struct sk_buff *skb, struct flowi *fl, unsigned int family) { - return __xfrm_decode_session(skb, fl, family, 1); + return __xfrm_decode_session(net, skb, fl, family, 1); } int __xfrm_route_forward(struct sk_buff *skb, unsigned short family); @@ -1296,7 +1296,7 @@ static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *sk { return 1; } -static inline int xfrm_decode_session_reverse(struct sk_buff *skb, +static inline int xfrm_decode_session_reverse(struct net *net, struct sk_buff *skb, struct flowi *fl, unsigned int family) { |