Commit f1836a42 authored by Jakub Kicinski's avatar Jakub Kicinski

Merge tag 'ipsec-next-2023-04-19' of...

Merge tag 'ipsec-next-2023-04-19' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

Steffen Klassert says:

====================
ipsec-next 2023-04-19

1) Remove inner/outer modes from input/output path. These are
   not needed anymore. From Herbert Xu.

* tag 'ipsec-next-2023-04-19' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next:
  xfrm: Remove inner/outer modes from output path
  xfrm: Remove inner/outer modes from input path
====================

Link: https://lore.kernel.org/r/20230419075300.452227-1-steffen.klassert@secunet.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 84ce730f f4796398
...@@ -231,9 +231,6 @@ static int xfrm4_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb) ...@@ -231,9 +231,6 @@ static int xfrm4_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb)
{ {
int err = -EINVAL; int err = -EINVAL;
if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP)
goto out;
if (!pskb_may_pull(skb, sizeof(struct iphdr))) if (!pskb_may_pull(skb, sizeof(struct iphdr)))
goto out; goto out;
...@@ -269,8 +266,6 @@ static int xfrm6_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb) ...@@ -269,8 +266,6 @@ static int xfrm6_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb)
{ {
int err = -EINVAL; int err = -EINVAL;
if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPV6)
goto out;
if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
goto out; goto out;
...@@ -331,23 +326,27 @@ static int xfrm6_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb) ...@@ -331,23 +326,27 @@ static int xfrm6_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb)
*/ */
static int static int
xfrm_inner_mode_encap_remove(struct xfrm_state *x, xfrm_inner_mode_encap_remove(struct xfrm_state *x,
const struct xfrm_mode *inner_mode,
struct sk_buff *skb) struct sk_buff *skb)
{ {
switch (inner_mode->encap) { switch (x->props.mode) {
case XFRM_MODE_BEET: case XFRM_MODE_BEET:
if (inner_mode->family == AF_INET) switch (XFRM_MODE_SKB_CB(skb)->protocol) {
case IPPROTO_IPIP:
case IPPROTO_BEETPH:
return xfrm4_remove_beet_encap(x, skb); return xfrm4_remove_beet_encap(x, skb);
if (inner_mode->family == AF_INET6) case IPPROTO_IPV6:
return xfrm6_remove_beet_encap(x, skb); return xfrm6_remove_beet_encap(x, skb);
}
break; break;
case XFRM_MODE_TUNNEL: case XFRM_MODE_TUNNEL:
if (inner_mode->family == AF_INET) switch (XFRM_MODE_SKB_CB(skb)->protocol) {
case IPPROTO_IPIP:
return xfrm4_remove_tunnel_encap(x, skb); return xfrm4_remove_tunnel_encap(x, skb);
if (inner_mode->family == AF_INET6) case IPPROTO_IPV6:
return xfrm6_remove_tunnel_encap(x, skb); return xfrm6_remove_tunnel_encap(x, skb);
break; break;
} }
}
WARN_ON_ONCE(1); WARN_ON_ONCE(1);
return -EOPNOTSUPP; return -EOPNOTSUPP;
...@@ -355,9 +354,7 @@ xfrm_inner_mode_encap_remove(struct xfrm_state *x, ...@@ -355,9 +354,7 @@ xfrm_inner_mode_encap_remove(struct xfrm_state *x,
static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb) static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
{ {
const struct xfrm_mode *inner_mode = &x->inner_mode; switch (x->props.family) {
switch (x->outer_mode.family) {
case AF_INET: case AF_INET:
xfrm4_extract_header(skb); xfrm4_extract_header(skb);
break; break;
...@@ -369,17 +366,12 @@ static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -369,17 +366,12 @@ static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
return -EAFNOSUPPORT; return -EAFNOSUPPORT;
} }
if (x->sel.family == AF_UNSPEC) { switch (XFRM_MODE_SKB_CB(skb)->protocol) {
inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol); case IPPROTO_IPIP:
if (!inner_mode) case IPPROTO_BEETPH:
return -EAFNOSUPPORT;
}
switch (inner_mode->family) {
case AF_INET:
skb->protocol = htons(ETH_P_IP); skb->protocol = htons(ETH_P_IP);
break; break;
case AF_INET6: case IPPROTO_IPV6:
skb->protocol = htons(ETH_P_IPV6); skb->protocol = htons(ETH_P_IPV6);
break; break;
default: default:
...@@ -387,7 +379,7 @@ static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -387,7 +379,7 @@ static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
break; break;
} }
return xfrm_inner_mode_encap_remove(x, inner_mode, skb); return xfrm_inner_mode_encap_remove(x, skb);
} }
/* Remove encapsulation header. /* Remove encapsulation header.
...@@ -433,17 +425,16 @@ static int xfrm6_transport_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -433,17 +425,16 @@ static int xfrm6_transport_input(struct xfrm_state *x, struct sk_buff *skb)
} }
static int xfrm_inner_mode_input(struct xfrm_state *x, static int xfrm_inner_mode_input(struct xfrm_state *x,
const struct xfrm_mode *inner_mode,
struct sk_buff *skb) struct sk_buff *skb)
{ {
switch (inner_mode->encap) { switch (x->props.mode) {
case XFRM_MODE_BEET: case XFRM_MODE_BEET:
case XFRM_MODE_TUNNEL: case XFRM_MODE_TUNNEL:
return xfrm_prepare_input(x, skb); return xfrm_prepare_input(x, skb);
case XFRM_MODE_TRANSPORT: case XFRM_MODE_TRANSPORT:
if (inner_mode->family == AF_INET) if (x->props.family == AF_INET)
return xfrm4_transport_input(x, skb); return xfrm4_transport_input(x, skb);
if (inner_mode->family == AF_INET6) if (x->props.family == AF_INET6)
return xfrm6_transport_input(x, skb); return xfrm6_transport_input(x, skb);
break; break;
case XFRM_MODE_ROUTEOPTIMIZATION: case XFRM_MODE_ROUTEOPTIMIZATION:
...@@ -461,7 +452,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ...@@ -461,7 +452,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
{ {
const struct xfrm_state_afinfo *afinfo; const struct xfrm_state_afinfo *afinfo;
struct net *net = dev_net(skb->dev); struct net *net = dev_net(skb->dev);
const struct xfrm_mode *inner_mode;
int err; int err;
__be32 seq; __be32 seq;
__be32 seq_hi; __be32 seq_hi;
...@@ -491,7 +481,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ...@@ -491,7 +481,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
goto drop; goto drop;
} }
family = x->outer_mode.family; family = x->props.family;
/* An encap_type of -1 indicates async resumption. */ /* An encap_type of -1 indicates async resumption. */
if (encap_type == -1) { if (encap_type == -1) {
...@@ -676,17 +666,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ...@@ -676,17 +666,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
XFRM_MODE_SKB_CB(skb)->protocol = nexthdr; XFRM_MODE_SKB_CB(skb)->protocol = nexthdr;
inner_mode = &x->inner_mode; if (xfrm_inner_mode_input(x, skb)) {
if (x->sel.family == AF_UNSPEC) {
inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
if (inner_mode == NULL) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
goto drop;
}
}
if (xfrm_inner_mode_input(x, inner_mode, skb)) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR); XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
goto drop; goto drop;
} }
...@@ -701,7 +681,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ...@@ -701,7 +681,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
* transport mode so the outer address is identical. * transport mode so the outer address is identical.
*/ */
daddr = &x->id.daddr; daddr = &x->id.daddr;
family = x->outer_mode.family; family = x->props.family;
err = xfrm_parse_spi(skb, nexthdr, &spi, &seq); err = xfrm_parse_spi(skb, nexthdr, &spi, &seq);
if (err < 0) { if (err < 0) {
...@@ -732,7 +712,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ...@@ -732,7 +712,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
err = -EAFNOSUPPORT; err = -EAFNOSUPPORT;
rcu_read_lock(); rcu_read_lock();
afinfo = xfrm_state_afinfo_get_rcu(x->inner_mode.family); afinfo = xfrm_state_afinfo_get_rcu(x->props.family);
if (likely(afinfo)) if (likely(afinfo))
err = afinfo->transport_finish(skb, xfrm_gro || async); err = afinfo->transport_finish(skb, xfrm_gro || async);
rcu_read_unlock(); rcu_read_unlock();
......
...@@ -412,7 +412,7 @@ static int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -412,7 +412,7 @@ static int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE; IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE;
skb->protocol = htons(ETH_P_IP); skb->protocol = htons(ETH_P_IP);
switch (x->outer_mode.encap) { switch (x->props.mode) {
case XFRM_MODE_BEET: case XFRM_MODE_BEET:
return xfrm4_beet_encap_add(x, skb); return xfrm4_beet_encap_add(x, skb);
case XFRM_MODE_TUNNEL: case XFRM_MODE_TUNNEL:
...@@ -435,7 +435,7 @@ static int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -435,7 +435,7 @@ static int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
skb->ignore_df = 1; skb->ignore_df = 1;
skb->protocol = htons(ETH_P_IPV6); skb->protocol = htons(ETH_P_IPV6);
switch (x->outer_mode.encap) { switch (x->props.mode) {
case XFRM_MODE_BEET: case XFRM_MODE_BEET:
return xfrm6_beet_encap_add(x, skb); return xfrm6_beet_encap_add(x, skb);
case XFRM_MODE_TUNNEL: case XFRM_MODE_TUNNEL:
...@@ -451,22 +451,22 @@ static int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -451,22 +451,22 @@ static int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
static int xfrm_outer_mode_output(struct xfrm_state *x, struct sk_buff *skb) static int xfrm_outer_mode_output(struct xfrm_state *x, struct sk_buff *skb)
{ {
switch (x->outer_mode.encap) { switch (x->props.mode) {
case XFRM_MODE_BEET: case XFRM_MODE_BEET:
case XFRM_MODE_TUNNEL: case XFRM_MODE_TUNNEL:
if (x->outer_mode.family == AF_INET) if (x->props.family == AF_INET)
return xfrm4_prepare_output(x, skb); return xfrm4_prepare_output(x, skb);
if (x->outer_mode.family == AF_INET6) if (x->props.family == AF_INET6)
return xfrm6_prepare_output(x, skb); return xfrm6_prepare_output(x, skb);
break; break;
case XFRM_MODE_TRANSPORT: case XFRM_MODE_TRANSPORT:
if (x->outer_mode.family == AF_INET) if (x->props.family == AF_INET)
return xfrm4_transport_output(x, skb); return xfrm4_transport_output(x, skb);
if (x->outer_mode.family == AF_INET6) if (x->props.family == AF_INET6)
return xfrm6_transport_output(x, skb); return xfrm6_transport_output(x, skb);
break; break;
case XFRM_MODE_ROUTEOPTIMIZATION: case XFRM_MODE_ROUTEOPTIMIZATION:
if (x->outer_mode.family == AF_INET6) if (x->props.family == AF_INET6)
return xfrm6_ro_output(x, skb); return xfrm6_ro_output(x, skb);
WARN_ON_ONCE(1); WARN_ON_ONCE(1);
break; break;
...@@ -875,21 +875,10 @@ static int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -875,21 +875,10 @@ static int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb)
static int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb) static int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb)
{ {
const struct xfrm_mode *inner_mode; switch (skb->protocol) {
case htons(ETH_P_IP):
if (x->sel.family == AF_UNSPEC)
inner_mode = xfrm_ip2inner_mode(x,
xfrm_af2proto(skb_dst(skb)->ops->family));
else
inner_mode = &x->inner_mode;
if (inner_mode == NULL)
return -EAFNOSUPPORT;
switch (inner_mode->family) {
case AF_INET:
return xfrm4_extract_output(x, skb); return xfrm4_extract_output(x, skb);
case AF_INET6: case htons(ETH_P_IPV6):
return xfrm6_extract_output(x, skb); return xfrm6_extract_output(x, skb);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment