]> err.no Git - linux-2.6/commitdiff
[IPSEC]: Add async resume support on input
authorHerbert Xu <herbert@gondor.apana.org.au>
Tue, 20 Nov 2007 02:50:17 +0000 (18:50 -0800)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Jan 2008 22:53:54 +0000 (14:53 -0800)
This patch adds support for async resumptions on input.  To do so, the
transform would return -EINPROGRESS and subsequently invoke the
function xfrm_input_resume to resume processing.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/xfrm.h
net/ipv4/xfrm4_input.c
net/ipv6/xfrm6_input.c
net/xfrm/xfrm_input.c

index cf85dc9dc42022a7c6be071df39f0749aaf97499..37a086d71bafec1e8babcc3537f0853412d105da 100644 (file)
@@ -1138,6 +1138,7 @@ extern int xfrm_init_state(struct xfrm_state *x);
 extern int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb);
 extern int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi,
                      int encap_type);
+extern int xfrm_input_resume(struct sk_buff *skb, int nexthdr);
 extern int xfrm_output_resume(struct sk_buff *skb, int err);
 extern int xfrm_output(struct sk_buff *skb);
 extern int xfrm4_extract_header(struct sk_buff *skb);
index 662d1e86cfbf019be7f76ad4e77648b588da30c8..d5890c84a492a13185eb7ebb03c60ff94b87d2fc 100644 (file)
@@ -59,6 +59,9 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async)
                xfrm4_rcv_encap_finish);
        return 0;
 #else
+       if (async)
+               return xfrm4_rcv_encap_finish(skb);
+
        return -iph->protocol;
 #endif
 }
index 5c006c8459438329fa2ef5f337d06adc1607a103..e317d085546827fd0e1af262963e23c2454ab2cb 100644 (file)
@@ -41,6 +41,9 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async)
                ip6_rcv_finish);
        return -1;
 #else
+       if (async)
+               return ip6_rcv_finish(skb);
+
        return 1;
 #endif
 }
index cce9d4586045f4f120b0b45314f5ed5c15d48a6d..96f42c1d2e8eb56542c3fc743179bf90f2be8d2a 100644 (file)
@@ -101,8 +101,17 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
        int err;
        __be32 seq;
        struct xfrm_state *x;
+       xfrm_address_t *daddr;
        int decaps = 0;
-       unsigned int daddroff = XFRM_SPI_SKB_CB(skb)->daddroff;
+       int async = 0;
+
+       /* A negative encap_type indicates async resumption. */
+       if (encap_type < 0) {
+               async = 1;
+               x = skb->sp->xvec[skb->sp->len - 1];
+               seq = XFRM_SKB_CB(skb)->seq;
+               goto resume;
+       }
 
        /* Allocate new secpath or COW existing one. */
        if (!skb->sp || atomic_read(&skb->sp->refcnt) != 1) {
@@ -116,6 +125,9 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                skb->sp = sp;
        }
 
+       daddr = (xfrm_address_t *)(skb_network_header(skb) +
+                                  XFRM_SPI_SKB_CB(skb)->daddroff);
+
        seq = 0;
        if (!spi && (err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0)
                goto drop;
@@ -124,9 +136,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                if (skb->sp->len == XFRM_MAX_DEPTH)
                        goto drop;
 
-               x = xfrm_state_lookup((xfrm_address_t *)
-                                     (skb_network_header(skb) + daddroff),
-                                     spi, nexthdr, AF_INET);
+               x = xfrm_state_lookup(daddr, spi, nexthdr, AF_INET);
                if (x == NULL)
                        goto drop;
 
@@ -147,8 +157,14 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 
                spin_unlock(&x->lock);
 
+               XFRM_SKB_CB(skb)->seq = seq;
+
                nexthdr = x->type->input(x, skb);
 
+               if (nexthdr == -EINPROGRESS)
+                       return 0;
+
+resume:
                spin_lock(&x->lock);
                if (nexthdr <= 0) {
                        if (nexthdr == -EBADMSG)
@@ -177,6 +193,12 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                        break;
                }
 
+               /*
+                * We need the inner address.  However, we only get here for
+                * transport mode so the outer address is identical.
+                */
+               daddr = &x->id.daddr;
+
                err = xfrm_parse_spi(skb, nexthdr, &spi, &seq);
                if (err < 0)
                        goto drop;
@@ -190,7 +212,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                netif_rx(skb);
                return 0;
        } else {
-               return x->inner_mode->afinfo->transport_finish(skb, 0);
+               return x->inner_mode->afinfo->transport_finish(skb, async);
        }
 
 drop_unlock:
@@ -201,6 +223,12 @@ drop:
 }
 EXPORT_SYMBOL(xfrm_input);
 
+int xfrm_input_resume(struct sk_buff *skb, int nexthdr)
+{
+       return xfrm_input(skb, nexthdr, 0, -1);
+}
+EXPORT_SYMBOL(xfrm_input_resume);
+
 void __init xfrm_input_init(void)
 {
        secpath_cachep = kmem_cache_create("secpath_cache",