Commit f26e9b2c authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 



Steffen Klassert says:

====================
pull request (net-next): ipsec-next 2020-05-29

1) Add IPv6 encapsulation support for ESP over UDP and TCP.
   From Sabrina Dubroca.

2) Remove unneeded reference when initializing xfrm interfaces.
   From Nicolas Dichtel.

3) Remove some indirect calls from the state_afinfo.
   From Florian Westphal.

Please note that this pull request has two merge conflicts

between commit:

  0c922a48 ("xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish")

  from Linus' tree and commit:

    2ab6096d ("xfrm: remove output_finish indirection from xfrm_state_afinfo")

    from the ipsec-next tree.

and between commit:

  3986912f ("ipv6: move SIOCADDRT and SIOCDELRT handling into ->compat_ioctl")

  from the net-next tree and commit:

    0146dca7 ("xfrm: add support for UDPv6 encapsulation of ESP")

    from the ipsec-next tree.

Both conflicts can be resolved as done in linux-next.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 830f5ce2 7d4343d5

include/net/ipv6_stubs.h

+6 −0
Original line number Diff line number Diff line
@@ -56,6 +56,12 @@ struct ipv6_stub { 
	void (*ndisc_send_na)(struct net_device *dev, const struct in6_addr *daddr,

			      const struct in6_addr *solicited_addr,

			      bool router, bool solicited, bool override, bool inc_opt);

#if IS_ENABLED(CONFIG_XFRM)

	void (*xfrm6_local_rxpmtu)(struct sk_buff *skb, u32 mtu);

	int (*xfrm6_udp_encap_rcv)(struct sock *sk, struct sk_buff *skb);

	int (*xfrm6_rcv_encap)(struct sk_buff *skb, int nexthdr, __be32 spi,

			       int encap_type);

#endif

	struct neigh_table *nd_tbl;

};

extern const struct ipv6_stub *ipv6_stub __read_mostly;

include/net/xfrm.h

+22 −9
Original line number Diff line number Diff line
@@ -361,11 +361,6 @@ struct xfrm_state_afinfo { 
	const struct xfrm_type		*type_dstopts;



	int			(*output)(struct net *net, struct sock *sk, struct sk_buff *skb);

	int			(*output_finish)(struct sock *sk, struct sk_buff *skb);

	int			(*extract_input)(struct xfrm_state *x,

						 struct sk_buff *skb);

	int			(*extract_output)(struct xfrm_state *x,

						  struct sk_buff *skb);

	int			(*transport_finish)(struct sk_buff *skb,

						    int async);

	void			(*local_error)(struct sk_buff *skb, u32 mtu);
@@ -1406,6 +1401,8 @@ struct xfrm4_protocol { 


struct xfrm6_protocol {

	int (*handler)(struct sk_buff *skb);

	int (*input_handler)(struct sk_buff *skb, int nexthdr, __be32 spi,

			     int encap_type);

	int (*cb_handler)(struct sk_buff *skb, int err);

	int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt,

			   u8 type, u8 code, int offset, __be32 info);
@@ -1562,7 +1559,6 @@ int pktgen_xfrm_outer_mode_output(struct xfrm_state *x, struct sk_buff *skb); 
#endif



void xfrm_local_error(struct sk_buff *skb, int mtu);

int xfrm4_extract_header(struct sk_buff *skb);

int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb);

int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,

		    int encap_type);
@@ -1578,7 +1574,6 @@ static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi) 
	return xfrm_input(skb, nexthdr, spi, 0);

}



int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb);

int xfrm4_output(struct net *net, struct sock *sk, struct sk_buff *skb);

int xfrm4_output_finish(struct sock *sk, struct sk_buff *skb);

int xfrm4_protocol_register(struct xfrm4_protocol *handler, unsigned char protocol);
@@ -1586,10 +1581,11 @@ int xfrm4_protocol_deregister(struct xfrm4_protocol *handler, unsigned char prot 
int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family);

int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family);

void xfrm4_local_error(struct sk_buff *skb, u32 mtu);

int xfrm6_extract_header(struct sk_buff *skb);

int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb);

int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi,

		  struct ip6_tnl *t);

int xfrm6_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,

		    int encap_type);

int xfrm6_transport_finish(struct sk_buff *skb, int async);

int xfrm6_rcv_tnl(struct sk_buff *skb, struct ip6_tnl *t);

int xfrm6_rcv(struct sk_buff *skb);
@@ -1602,14 +1598,15 @@ int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family); 
int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family);

__be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr);

__be32 xfrm6_tunnel_spi_lookup(struct net *net, const xfrm_address_t *saddr);

int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb);

int xfrm6_output(struct net *net, struct sock *sk, struct sk_buff *skb);

int xfrm6_output_finish(struct sock *sk, struct sk_buff *skb);

int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,

			  u8 **prevhdr);



#ifdef CONFIG_XFRM

void xfrm6_local_rxpmtu(struct sk_buff *skb, u32 mtu);

int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb);

int xfrm6_udp_encap_rcv(struct sock *sk, struct sk_buff *skb);

int xfrm_user_policy(struct sock *sk, int optname,

		     u8 __user *optval, int optlen);

#else
@@ -1992,4 +1989,20 @@ static inline int xfrm_tunnel_check(struct sk_buff *skb, struct xfrm_state *x, 


	return 0;

}



#if IS_ENABLED(CONFIG_IPV6)

static inline bool xfrm6_local_dontfrag(const struct sock *sk)

{

	int proto;



	if (!sk || sk->sk_family != AF_INET6)

		return false;



	proto = sk->sk_protocol;

	if (proto == IPPROTO_UDP || proto == IPPROTO_RAW)

		return inet6_sk(sk)->dontfrag;



	return false;

}

#endif

#endif	/* _NET_XFRM_H */

net/ipv4/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -384,6 +384,7 @@ config INET_ESPINTCP 
	depends on XFRM && INET_ESP

	select STREAM_PARSER

	select NET_SOCK_MSG

	select XFRM_ESPINTCP

	help

	  Support for RFC 8229 encapsulation of ESP and IKE over

	  TCP/IPv4 sockets.

net/ipv4/udp.c

+9 −1
Original line number Diff line number Diff line
@@ -112,6 +112,9 @@ 
#include <net/sock_reuseport.h>

#include <net/addrconf.h>

#include <net/udp_tunnel.h>

#if IS_ENABLED(CONFIG_IPV6)

#include <net/ipv6_stubs.h>

#endif



struct udp_table udp_table __read_mostly;

EXPORT_SYMBOL(udp_table);
@@ -2563,6 +2566,11 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname, 
#ifdef CONFIG_XFRM

		case UDP_ENCAP_ESPINUDP:

		case UDP_ENCAP_ESPINUDP_NON_IKE:

#if IS_ENABLED(CONFIG_IPV6)

			if (sk->sk_family == AF_INET6)

				up->encap_rcv = ipv6_stub->xfrm6_udp_encap_rcv;

			else

#endif

				up->encap_rcv = xfrm4_udp_encap_rcv;

#endif

			fallthrough;

net/ipv4/xfrm4_input.c

+0 −5
Original line number Diff line number Diff line
@@ -18,11 +18,6 @@ 
#include <net/ip.h>

#include <net/xfrm.h>



int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb)

{

	return xfrm4_extract_header(skb);

}



static int xfrm4_rcv_encap_finish2(struct net *net, struct sock *sk,

				   struct sk_buff *skb)

{

CRA Git | Maintained and supported by SUSTech CRA and CCSE