Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
596aac2c
Commit
596aac2c
authored
Jul 27, 2003
by
Herbert Xu
Committed by
David S. Miller
Jul 27, 2003
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[IPSEC]: Use per-SA flag to control ECN propagation.
parent
872d1c7a
Changes
14
Show whitespace changes
Inline
Side-by-side
Showing
14 changed files
with
63 additions
and
0 deletions
+63
-0
include/linux/pfkeyv2.h
include/linux/pfkeyv2.h
+1
-0
include/linux/xfrm.h
include/linux/xfrm.h
+2
-0
include/net/inet_ecn.h
include/net/inet_ecn.h
+12
-0
include/net/xfrm.h
include/net/xfrm.h
+1
-0
net/ipv4/ah4.c
net/ipv4/ah4.c
+3
-0
net/ipv4/esp4.c
net/ipv4/esp4.c
+3
-0
net/ipv4/ipcomp.c
net/ipv4/ipcomp.c
+3
-0
net/ipv4/xfrm4_input.c
net/ipv4/xfrm4_input.c
+12
-0
net/ipv6/ah6.c
net/ipv6/ah6.c
+3
-0
net/ipv6/esp6.c
net/ipv6/esp6.c
+3
-0
net/ipv6/ipcomp6.c
net/ipv6/ipcomp6.c
+3
-0
net/ipv6/xfrm6_input.c
net/ipv6/xfrm6_input.c
+11
-0
net/key/af_key.c
net/key/af_key.c
+4
-0
net/xfrm/xfrm_user.c
net/xfrm/xfrm_user.c
+2
-0
No files found.
include/linux/pfkeyv2.h
View file @
596aac2c
...
...
@@ -245,6 +245,7 @@ struct sadb_x_nat_t_port {
/* Security Association flags */
#define SADB_SAFLAGS_PFS 1
#define SADB_SAFLAGS_NOECN 0x80000000
/* Security Association states */
#define SADB_SASTATE_LARVAL 0
...
...
include/linux/xfrm.h
View file @
596aac2c
...
...
@@ -166,6 +166,8 @@ struct xfrm_usersa_info {
__u16
family
;
__u8
mode
;
/* 0=transport,1=tunnel */
__u8
replay_window
;
__u8
flags
;
#define XFRM_STATE_NOECN 1
};
struct
xfrm_usersa_id
{
...
...
include/net/inet_ecn.h
View file @
596aac2c
#ifndef _INET_ECN_H_
#define _INET_ECN_H_
#include <linux/ip.h>
static
inline
int
INET_ECN_is_ce
(
__u8
dsfield
)
{
return
(
dsfield
&
3
)
==
3
;
...
...
@@ -44,6 +46,11 @@ static inline void IP_ECN_set_ce(struct iphdr *iph)
iph
->
tos
|=
1
;
}
static
inline
void
IP_ECN_clear
(
struct
iphdr
*
iph
)
{
iph
->
tos
&=
~
3
;
}
struct
ipv6hdr
;
static
inline
void
IP6_ECN_set_ce
(
struct
ipv6hdr
*
iph
)
...
...
@@ -51,6 +58,11 @@ static inline void IP6_ECN_set_ce(struct ipv6hdr *iph)
*
(
u32
*
)
iph
|=
htonl
(
1
<<
20
);
}
static
inline
void
IP6_ECN_clear
(
struct
ipv6hdr
*
iph
)
{
*
(
u32
*
)
iph
&=
~
htonl
(
3
<<
20
);
}
#define ip6_get_dsfield(iph) ((ntohs(*(u16*)(iph)) >> 4) & 0xFF)
#endif
include/net/xfrm.h
View file @
596aac2c
...
...
@@ -108,6 +108,7 @@ struct xfrm_state
u8
mode
;
u8
replay_window
;
u8
aalgo
,
ealgo
,
calgo
;
u8
flags
;
u16
family
;
xfrm_address_t
saddr
;
int
header_len
;
...
...
net/ipv4/ah4.c
View file @
596aac2c
#include <linux/config.h>
#include <linux/module.h>
#include <net/inet_ecn.h>
#include <net/ip.h>
#include <net/xfrm.h>
#include <net/ah.h>
...
...
@@ -123,6 +124,8 @@ static int ah_output(struct sk_buff *skb)
top_iph
->
tos
=
iph
->
tos
;
top_iph
->
ttl
=
iph
->
ttl
;
if
(
x
->
props
.
mode
)
{
if
(
x
->
props
.
flags
&
XFRM_STATE_NOECN
)
IP_ECN_clear
(
top_iph
);
top_iph
->
frag_off
=
iph
->
frag_off
&~
htons
(
IP_MF
|
IP_OFFSET
);
memset
(
&
(
IPCB
(
skb
)
->
opt
),
0
,
sizeof
(
struct
ip_options
));
}
else
{
...
...
net/ipv4/esp4.c
View file @
596aac2c
#include <linux/config.h>
#include <linux/module.h>
#include <net/inet_ecn.h>
#include <net/ip.h>
#include <net/xfrm.h>
#include <net/esp.h>
...
...
@@ -109,6 +110,8 @@ int esp_output(struct sk_buff *skb)
top_iph
->
ihl
=
5
;
top_iph
->
version
=
4
;
top_iph
->
tos
=
iph
->
tos
;
/* DS disclosed */
if
(
x
->
props
.
flags
&
XFRM_STATE_NOECN
)
IP_ECN_clear
(
top_iph
);
top_iph
->
tot_len
=
htons
(
skb
->
len
+
alen
);
top_iph
->
frag_off
=
iph
->
frag_off
&
htons
(
IP_DF
);
if
(
!
(
top_iph
->
frag_off
))
...
...
net/ipv4/ipcomp.c
View file @
596aac2c
...
...
@@ -18,6 +18,7 @@
#include <asm/scatterlist.h>
#include <linux/crypto.h>
#include <linux/pfkeyv2.h>
#include <net/inet_ecn.h>
#include <net/ip.h>
#include <net/xfrm.h>
#include <net/icmp.h>
...
...
@@ -210,6 +211,8 @@ static int ipcomp_output(struct sk_buff *skb)
top_iph
=
(
struct
iphdr
*
)
skb_push
(
skb
,
sizeof
(
struct
ip_comp_hdr
));
memcpy
(
top_iph
,
&
tmp_iph
,
iph
->
ihl
*
4
);
iph
=
top_iph
;
if
(
x
->
props
.
mode
&&
(
x
->
props
.
flags
&
XFRM_STATE_NOECN
))
IP_ECN_clear
(
iph
);
iph
->
tot_len
=
htons
(
skb
->
len
);
iph
->
protocol
=
IPPROTO_COMP
;
iph
->
check
=
0
;
...
...
net/ipv4/xfrm4_input.c
View file @
596aac2c
...
...
@@ -10,6 +10,7 @@
*/
#include <linux/slab.h>
#include <net/inet_ecn.h>
#include <net/ip.h>
#include <net/xfrm.h>
...
...
@@ -20,6 +21,15 @@ int xfrm4_rcv(struct sk_buff *skb)
return
xfrm4_rcv_encap
(
skb
,
0
);
}
static
inline
void
ipip_ecn_decapsulate
(
struct
iphdr
*
outer_iph
,
struct
sk_buff
*
skb
)
{
struct
iphdr
*
inner_iph
=
skb
->
nh
.
iph
;
if
(
INET_ECN_is_ce
(
outer_iph
->
tos
)
&&
INET_ECN_is_not_ce
(
inner_iph
->
tos
))
IP_ECN_set_ce
(
inner_iph
);
}
int
xfrm4_rcv_encap
(
struct
sk_buff
*
skb
,
__u16
encap_type
)
{
int
err
;
...
...
@@ -75,6 +85,8 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
if
(
iph
->
protocol
!=
IPPROTO_IPIP
)
goto
drop
;
skb
->
nh
.
raw
=
skb
->
data
;
if
(
!
(
x
->
props
.
flags
&
XFRM_STATE_NOECN
))
ipip_ecn_decapsulate
(
iph
,
skb
);
iph
=
skb
->
nh
.
iph
;
memset
(
&
(
IPCB
(
skb
)
->
opt
),
0
,
sizeof
(
struct
ip_options
));
decaps
=
1
;
...
...
net/ipv6/ah6.c
View file @
596aac2c
...
...
@@ -26,6 +26,7 @@
#include <linux/config.h>
#include <linux/module.h>
#include <net/inet_ecn.h>
#include <net/ip.h>
#include <net/xfrm.h>
#include <net/ah.h>
...
...
@@ -220,6 +221,8 @@ int ah6_output(struct sk_buff *skb)
skb
->
nh
.
ipv6h
->
flow_lbl
[
0
]
=
iph
->
flow_lbl
[
0
];
skb
->
nh
.
ipv6h
->
flow_lbl
[
1
]
=
iph
->
flow_lbl
[
1
];
skb
->
nh
.
ipv6h
->
flow_lbl
[
2
]
=
iph
->
flow_lbl
[
2
];
if
(
x
->
props
.
flags
&
XFRM_STATE_NOECN
)
IP6_ECN_clear
(
skb
->
nh
.
ipv6h
);
}
else
{
memcpy
(
skb
->
nh
.
ipv6h
,
iph
,
hdr_len
);
skb
->
nh
.
raw
[
nh_offset
]
=
IPPROTO_AH
;
...
...
net/ipv6/esp6.c
View file @
596aac2c
...
...
@@ -26,6 +26,7 @@
#include <linux/config.h>
#include <linux/module.h>
#include <net/inet_ecn.h>
#include <net/ip.h>
#include <net/xfrm.h>
#include <net/esp.h>
...
...
@@ -121,6 +122,8 @@ int esp6_output(struct sk_buff *skb)
top_iph
->
flow_lbl
[
0
]
=
iph
->
flow_lbl
[
0
];
top_iph
->
flow_lbl
[
1
]
=
iph
->
flow_lbl
[
1
];
top_iph
->
flow_lbl
[
2
]
=
iph
->
flow_lbl
[
2
];
if
(
x
->
props
.
flags
&
XFRM_STATE_NOECN
)
IP6_ECN_clear
(
top_iph
);
top_iph
->
nexthdr
=
IPPROTO_ESP
;
top_iph
->
payload_len
=
htons
(
skb
->
len
+
alen
-
sizeof
(
struct
ipv6hdr
));
top_iph
->
hop_limit
=
iph
->
hop_limit
;
...
...
net/ipv6/ipcomp6.c
View file @
596aac2c
...
...
@@ -32,6 +32,7 @@
*/
#include <linux/config.h>
#include <linux/module.h>
#include <net/inet_ecn.h>
#include <net/ip.h>
#include <net/xfrm.h>
#include <net/ipcomp.h>
...
...
@@ -201,6 +202,8 @@ static int ipcomp6_output(struct sk_buff *skb)
memcpy
(
top_iph
,
tmp_iph
,
hdr_len
);
kfree
(
tmp_iph
);
if
(
x
->
props
.
mode
&&
(
x
->
props
.
flags
&
XFRM_STATE_NOECN
))
IP6_ECN_clear
(
top_iph
);
top_iph
->
payload_len
=
htons
(
skb
->
len
-
sizeof
(
struct
ipv6hdr
));
skb
->
nh
.
raw
=
skb
->
data
;
/* top_iph */
ip6_find_1stfragopt
(
skb
,
&
prevhdr
);
...
...
net/ipv6/xfrm6_input.c
View file @
596aac2c
...
...
@@ -9,12 +9,21 @@
* IPv6 support
*/
#include <net/inet_ecn.h>
#include <net/ip.h>
#include <net/ipv6.h>
#include <net/xfrm.h>
static
kmem_cache_t
*
secpath_cachep
;
static
inline
void
ipip6_ecn_decapsulate
(
struct
ipv6hdr
*
iph
,
struct
sk_buff
*
skb
)
{
if
(
INET_ECN_is_ce
(
ip6_get_dsfield
(
iph
))
&&
INET_ECN_is_not_ce
(
ip6_get_dsfield
(
skb
->
nh
.
ipv6h
)))
IP6_ECN_set_ce
(
skb
->
nh
.
ipv6h
);
}
int
xfrm6_rcv
(
struct
sk_buff
**
pskb
,
unsigned
int
*
nhoffp
)
{
struct
sk_buff
*
skb
=
*
pskb
;
...
...
@@ -71,6 +80,8 @@ int xfrm6_rcv(struct sk_buff **pskb, unsigned int *nhoffp)
if
(
nexthdr
!=
IPPROTO_IPV6
)
goto
drop
;
skb
->
nh
.
raw
=
skb
->
data
;
if
(
!
(
x
->
props
.
flags
&
XFRM_STATE_NOECN
))
ipip6_ecn_decapsulate
(
iph
,
skb
);
iph
=
skb
->
nh
.
ipv6h
;
decaps
=
1
;
break
;
...
...
net/key/af_key.c
View file @
596aac2c
...
...
@@ -681,6 +681,8 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
}
sa
->
sadb_sa_flags
=
0
;
if
(
x
->
props
.
flags
&
XFRM_STATE_NOECN
)
sa
->
sadb_sa_flags
|=
SADB_SAFLAGS_NOECN
;
/* hard time */
if
(
hsc
&
2
)
{
...
...
@@ -957,6 +959,8 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr,
x
->
id
.
proto
=
proto
;
x
->
id
.
spi
=
sa
->
sadb_sa_spi
;
x
->
props
.
replay_window
=
sa
->
sadb_sa_replay
;
if
(
sa
->
sadb_sa_flags
&
SADB_SAFLAGS_NOECN
)
x
->
props
.
flags
|=
XFRM_STATE_NOECN
;
lifetime
=
(
struct
sadb_lifetime
*
)
ext_hdrs
[
SADB_EXT_LIFETIME_HARD
-
1
];
if
(
lifetime
!=
NULL
)
{
...
...
net/xfrm/xfrm_user.c
View file @
596aac2c
...
...
@@ -201,6 +201,7 @@ static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *
x
->
props
.
reqid
=
p
->
reqid
;
x
->
props
.
family
=
p
->
family
;
x
->
props
.
saddr
=
p
->
saddr
;
x
->
props
.
flags
=
p
->
flags
;
}
static
struct
xfrm_state
*
xfrm_state_construct
(
struct
xfrm_usersa_info
*
p
,
...
...
@@ -305,6 +306,7 @@ static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p)
p
->
replay_window
=
x
->
props
.
replay_window
;
p
->
reqid
=
x
->
props
.
reqid
;
p
->
family
=
x
->
props
.
family
;
p
->
flags
=
x
->
props
.
flags
;
p
->
seq
=
x
->
km
.
seq
;
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment