xfrm: Add Direction to the SA in or out (a4a87fa4) · Commits · git / linux-net

include/net/xfrm.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -291,6 +291,7 @@ struct xfrm_state {
		/* Private data of this transformer, format is opaque,
		* interpreted by xfrm_type methods. */
		void *data;
		u8 dir;
		};

		static inline struct net xs_net(struct xfrm_state x)

+6 −0

Original line number	Diff line number	Diff line
		@@ -141,6 +141,11 @@ enum {
		XFRM_POLICY_MAX = 3
		};

		enum xfrm_sa_dir {
		XFRM_SA_DIR_IN = 1,
		XFRM_SA_DIR_OUT = 2
		};

		enum {
		XFRM_SHARE_ANY, /* No limitations */
		XFRM_SHARE_SESSION, /* For this session only */
		@@ -315,6 +320,7 @@ enum xfrm_attr_type_t {
		XFRMA_SET_MARK_MASK, /* __u32 */
		XFRMA_IF_ID, /* __u32 */
		XFRMA_MTIMER_THRESH, /* __u32 in seconds for input SA */
		XFRMA_SA_DIR, /* __u8 */
		__XFRMA_MAX

		#define XFRMA_OUTPUT_MARK XFRMA_SET_MARK /* Compatibility */

+5 −2

Original line number	Diff line number	Diff line
		@@ -98,6 +98,7 @@ static const int compat_msg_min[XFRM_NR_MSGTYPES] = {
		};

		static const struct nla_policy compat_policy[XFRMA_MAX+1] = {
		[XFRMA_UNSPEC] = { .strict_start_type = XFRMA_SA_DIR },
		[XFRMA_SA] = { .len = XMSGSIZE(compat_xfrm_usersa_info)},
		[XFRMA_POLICY] = { .len = XMSGSIZE(compat_xfrm_userpolicy_info)},
		[XFRMA_LASTUSED] = { .type = NLA_U64},
		@@ -129,6 +130,7 @@ static const struct nla_policy compat_policy[XFRMA_MAX+1] = {
		[XFRMA_SET_MARK_MASK] = { .type = NLA_U32 },
		[XFRMA_IF_ID] = { .type = NLA_U32 },
		[XFRMA_MTIMER_THRESH] = { .type = NLA_U32 },
		[XFRMA_SA_DIR] = NLA_POLICY_RANGE(NLA_U8, XFRM_SA_DIR_IN, XFRM_SA_DIR_OUT),
		};

		static struct nlmsghdr xfrm_nlmsg_put_compat(struct sk_buff skb,
		@@ -277,9 +279,10 @@ static int xfrm_xlate64_attr(struct sk_buff dst, const struct nlattr src)
		case XFRMA_SET_MARK_MASK:
		case XFRMA_IF_ID:
		case XFRMA_MTIMER_THRESH:
		case XFRMA_SA_DIR:
		return xfrm_nla_cpy(dst, src, nla_len(src));
		default:
		BUILD_BUG_ON(XFRMA_MAX != XFRMA_MTIMER_THRESH);
		BUILD_BUG_ON(XFRMA_MAX != XFRMA_SA_DIR);
		pr_warn_once("unsupported nla_type %d\n", src->nla_type);
		return -EOPNOTSUPP;
		}
		@@ -434,7 +437,7 @@ static int xfrm_xlate32_attr(void dst, const struct nlattr nla,
		int err;

		if (type > XFRMA_MAX) {
		BUILD_BUG_ON(XFRMA_MAX != XFRMA_MTIMER_THRESH);
		BUILD_BUG_ON(XFRMA_MAX != XFRMA_SA_DIR);
		NL_SET_ERR_MSG(extack, "Bad attribute");
		return -EOPNOTSUPP;
		}

+6 −0

Original line number	Diff line number	Diff line
		@@ -253,6 +253,12 @@ int xfrm_dev_state_add(struct net net, struct xfrm_state x,
		return -EINVAL;
		}

		if ((xuo->flags & XFRM_OFFLOAD_INBOUND && x->dir == XFRM_SA_DIR_OUT) \|\|
		(!(xuo->flags & XFRM_OFFLOAD_INBOUND) && x->dir == XFRM_SA_DIR_IN)) {
		NL_SET_ERR_MSG(extack, "Mismatched SA and offload direction");
		return -EINVAL;
		}

		is_packet_offload = xuo->flags & XFRM_OFFLOAD_PACKET;

		/* We don't yet support UDP encapsulation and TFC padding. */

+2 −1

Original line number	Diff line number	Diff line
		@@ -778,7 +778,8 @@ int xfrm_init_replay(struct xfrm_state x, struct netlink_ext_ack extack)
		}

		if (x->props.flags & XFRM_STATE_ESN) {
		if (replay_esn->replay_window == 0) {
		if (replay_esn->replay_window == 0 &&
		(!x->dir \|\| x->dir == XFRM_SA_DIR_IN)) {
		NL_SET_ERR_MSG(extack, "ESN replay window must be > 0");
		return -EINVAL;
		}