Merge tag 'ipsec-2025-05-21' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

	/* Data for encapsulator */

	struct xfrm_encap_tmpl	*encap;

	struct sock __rcu	*encap_sk;

	/* NAT keepalive */

	u32			nat_keepalive_interval; /* seconds */

}

#ifdef CONFIG_INET_ESPINTCP

struct esp_tcp_sk {

	struct sock *sk;

	struct rcu_head rcu;

};

static void esp_free_tcp_sk(struct rcu_head *head)

{

	struct esp_tcp_sk *esk = container_of(head, struct esp_tcp_sk, rcu);

	sock_put(esk->sk);

	kfree(esk);

}

static struct sock *esp_find_tcp_sk(struct xfrm_state *x)

{

	struct xfrm_encap_tmpl *encap = x->encap;

	struct net *net = xs_net(x);

	struct esp_tcp_sk *esk;

	__be16 sport, dport;

	struct sock *nsk;

	struct sock *sk;

	sk = rcu_dereference(x->encap_sk);

	if (sk && sk->sk_state == TCP_ESTABLISHED)

		return sk;

	spin_lock_bh(&x->lock);

	sport = encap->encap_sport;

	dport = encap->encap_dport;

	nsk = rcu_dereference_protected(x->encap_sk,

					lockdep_is_held(&x->lock));

	if (sk && sk == nsk) {

		esk = kmalloc(sizeof(*esk), GFP_ATOMIC);

		if (!esk) {

			spin_unlock_bh(&x->lock);

			return ERR_PTR(-ENOMEM);

		}

		RCU_INIT_POINTER(x->encap_sk, NULL);

		esk->sk = sk;

		call_rcu(&esk->rcu, esp_free_tcp_sk);

	}

	spin_unlock_bh(&x->lock);

	sk = inet_lookup_established(net, net->ipv4.tcp_death_row.hashinfo, x->id.daddr.a4,

		return ERR_PTR(-EINVAL);

	}

	spin_lock_bh(&x->lock);

	nsk = rcu_dereference_protected(x->encap_sk,

					lockdep_is_held(&x->lock));

	if (encap->encap_sport != sport ||

	    encap->encap_dport != dport) {

		sock_put(sk);

		sk = nsk ?: ERR_PTR(-EREMCHG);

	} else if (sk == nsk) {

		sock_put(sk);

	} else {

		rcu_assign_pointer(x->encap_sk, sk);

	}

	spin_unlock_bh(&x->lock);

	return sk;

}

	sk = esp_find_tcp_sk(x);

	err = PTR_ERR_OR_ZERO(sk);

	if (err)

	if (err) {

		kfree_skb(skb);

		goto out;

	}

	bh_lock_sock(sk);

	if (sock_owned_by_user(sk))

		err = espintcp_push_skb(sk, skb);

	bh_unlock_sock(sk);

	sock_put(sk);

out:

	rcu_read_unlock();

	return err;

	if (IS_ERR(sk))

		return ERR_CAST(sk);

	sock_put(sk);

	*lenp = htons(len);

	esph = (struct ip_esp_hdr *)(lenp + 1);

	int offset = skb_gro_offset(skb);

	const struct net_offload *ops;

	struct sk_buff *pp = NULL;

	int ret;

	offset = offset - sizeof(struct udphdr);

	int len, dlen;

	__u8 *udpdata;

	__be32 *udpdata32;

	if (!pskb_pull(skb, offset))

	len = skb->len - offset;

	dlen = offset + min(len, 8);

	udpdata = skb_gro_header(skb, dlen, offset);

	udpdata32 = (__be32 *)udpdata;

	if (unlikely(!udpdata))

		return NULL;

	rcu_read_lock();

	if (!ops || !ops->callbacks.gro_receive)

		goto out;

	ret = __xfrm4_udp_encap_rcv(sk, skb, false);

	if (ret)

	/* check if it is a keepalive or IKE packet */

	if (len <= sizeof(struct ip_esp_hdr) || udpdata32[0] == 0)

		goto out;

	skb_push(skb, offset);

	NAPI_GRO_CB(skb)->proto = IPPROTO_UDP;

	pp = call_gro_receive(ops->callbacks.gro_receive, head, skb);

out:

	rcu_read_unlock();

	skb_push(skb, offset);

	NAPI_GRO_CB(skb)->same_flow = 0;

	NAPI_GRO_CB(skb)->flush = 1;

}

#ifdef CONFIG_INET6_ESPINTCP

struct esp_tcp_sk {

	struct sock *sk;

	struct rcu_head rcu;

};

static void esp_free_tcp_sk(struct rcu_head *head)

{

	struct esp_tcp_sk *esk = container_of(head, struct esp_tcp_sk, rcu);

	sock_put(esk->sk);

	kfree(esk);

}

static struct sock *esp6_find_tcp_sk(struct xfrm_state *x)

{

	struct xfrm_encap_tmpl *encap = x->encap;

	struct net *net = xs_net(x);

	struct esp_tcp_sk *esk;

	__be16 sport, dport;

	struct sock *nsk;

	struct sock *sk;

	sk = rcu_dereference(x->encap_sk);

	if (sk && sk->sk_state == TCP_ESTABLISHED)

		return sk;

	spin_lock_bh(&x->lock);

	sport = encap->encap_sport;

	dport = encap->encap_dport;

	nsk = rcu_dereference_protected(x->encap_sk,

					lockdep_is_held(&x->lock));

	if (sk && sk == nsk) {

		esk = kmalloc(sizeof(*esk), GFP_ATOMIC);

		if (!esk) {

			spin_unlock_bh(&x->lock);

			return ERR_PTR(-ENOMEM);

		}

		RCU_INIT_POINTER(x->encap_sk, NULL);

		esk->sk = sk;

		call_rcu(&esk->rcu, esp_free_tcp_sk);

	}

	spin_unlock_bh(&x->lock);

	sk = __inet6_lookup_established(net, net->ipv4.tcp_death_row.hashinfo, &x->id.daddr.in6,

		return ERR_PTR(-EINVAL);

	}

	spin_lock_bh(&x->lock);

	nsk = rcu_dereference_protected(x->encap_sk,

					lockdep_is_held(&x->lock));

	if (encap->encap_sport != sport ||

	    encap->encap_dport != dport) {

		sock_put(sk);

		sk = nsk ?: ERR_PTR(-EREMCHG);

	} else if (sk == nsk) {

		sock_put(sk);

	} else {

		rcu_assign_pointer(x->encap_sk, sk);

	}

	spin_unlock_bh(&x->lock);

	return sk;

}

	sk = esp6_find_tcp_sk(x);

	err = PTR_ERR_OR_ZERO(sk);

	if (err)

	if (err) {

		kfree_skb(skb);

		goto out;

	}

	bh_lock_sock(sk);

	if (sock_owned_by_user(sk))

		err = espintcp_push_skb(sk, skb);

	bh_unlock_sock(sk);

	sock_put(sk);

out:

	rcu_read_unlock();

	return err;

	if (IS_ERR(sk))

		return ERR_CAST(sk);

	sock_put(sk);

	*lenp = htons(len);

	esph = (struct ip_esp_hdr *)(lenp + 1);

	int offset = skb_gro_offset(skb);

	const struct net_offload *ops;

	struct sk_buff *pp = NULL;

	int ret;

	int len, dlen;

	__u8 *udpdata;

	__be32 *udpdata32;

	if (skb->protocol == htons(ETH_P_IP))

		return xfrm4_gro_udp_encap_rcv(sk, head, skb);

	offset = offset - sizeof(struct udphdr);

	if (!pskb_pull(skb, offset))

	len = skb->len - offset;

	dlen = offset + min(len, 8);

	udpdata = skb_gro_header(skb, dlen, offset);

	udpdata32 = (__be32 *)udpdata;

	if (unlikely(!udpdata))

		return NULL;

	rcu_read_lock();

	if (!ops || !ops->callbacks.gro_receive)

		goto out;

	ret = __xfrm6_udp_encap_rcv(sk, skb, false);

	if (ret)

	/* check if it is a keepalive or IKE packet */

	if (len <= sizeof(struct ip_esp_hdr) || udpdata32[0] == 0)

		goto out;

	skb_push(skb, offset);

	NAPI_GRO_CB(skb)->proto = IPPROTO_UDP;

	pp = call_gro_receive(ops->callbacks.gro_receive, head, skb);

out:

	rcu_read_unlock();

	skb_push(skb, offset);

	NAPI_GRO_CB(skb)->same_flow = 0;

	NAPI_GRO_CB(skb)->flush = 1;