diff options
-rw-r--r-- | include/net/xfrm.h | 4 | ||||
-rw-r--r-- | net/xfrm/xfrm_input.c | 2 | ||||
-rw-r--r-- | net/xfrm/xfrm_replay.c | 27 |
3 files changed, 20 insertions, 13 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 3a219b34cb8c..0206d80ec291 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -306,9 +306,6 @@ struct km_event { }; struct xfrm_replay { - int (*check)(struct xfrm_state *x, - struct sk_buff *skb, - __be32 net_seq); int (*overflow)(struct xfrm_state *x, struct sk_buff *skb); }; @@ -1719,6 +1716,7 @@ static inline int xfrm_policy_id2dir(u32 index) #ifdef CONFIG_XFRM void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq); +int xfrm_replay_check(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq); void xfrm_replay_notify(struct xfrm_state *x, int event); int xfrm_replay_recheck(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq); diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 8046ef1a6680..3df0861d4390 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -612,7 +612,7 @@ lock: goto drop_unlock; } - if (x->repl->check(x, skb, seq)) { + if (xfrm_replay_check(x, skb, seq)) { XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); goto drop_unlock; } diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index 59391dc80fa3..e8703aa8d06a 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c @@ -118,8 +118,8 @@ static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb) return err; } -static int xfrm_replay_check(struct xfrm_state *x, - struct sk_buff *skb, __be32 net_seq) +static int xfrm_replay_check_legacy(struct xfrm_state *x, + struct sk_buff *skb, __be32 net_seq) { u32 diff; u32 seq = ntohl(net_seq); @@ -507,6 +507,21 @@ err: return -EINVAL; } +int xfrm_replay_check(struct xfrm_state *x, + struct sk_buff *skb, __be32 net_seq) +{ + switch (x->repl_mode) { + case XFRM_REPLAY_MODE_LEGACY: + break; + case XFRM_REPLAY_MODE_BMP: + return xfrm_replay_check_bmp(x, skb, net_seq); + case XFRM_REPLAY_MODE_ESN: + return xfrm_replay_check_esn(x, skb, net_seq); + } + + return xfrm_replay_check_legacy(x, skb, net_seq); +} + static int xfrm_replay_recheck_esn(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq) { @@ -532,7 +547,7 @@ int xfrm_replay_recheck(struct xfrm_state *x, return xfrm_replay_recheck_esn(x, skb, net_seq); } - return xfrm_replay_check(x, skb, net_seq); + return xfrm_replay_check_legacy(x, skb, net_seq); } static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq) @@ -723,32 +738,26 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff } static const struct xfrm_replay xfrm_replay_legacy = { - .check = xfrm_replay_check, .overflow = xfrm_replay_overflow_offload, }; static const struct xfrm_replay xfrm_replay_bmp = { - .check = xfrm_replay_check_bmp, .overflow = xfrm_replay_overflow_offload_bmp, }; static const struct xfrm_replay xfrm_replay_esn = { - .check = xfrm_replay_check_esn, .overflow = xfrm_replay_overflow_offload_esn, }; #else static const struct xfrm_replay xfrm_replay_legacy = { - .check = xfrm_replay_check, .overflow = xfrm_replay_overflow, }; static const struct xfrm_replay xfrm_replay_bmp = { - .check = xfrm_replay_check_bmp, .overflow = xfrm_replay_overflow_bmp, }; static const struct xfrm_replay xfrm_replay_esn = { - .check = xfrm_replay_check_esn, .overflow = xfrm_replay_overflow_esn, }; #endif |