Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/net/ipv6/xfrm6_input.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * xfrm6_input.c: based on net/ipv4/xfrm4_input.c
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Authors:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  *	Mitsuru KANDA @USAGI
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  *	Kazunori MIYAZAWA @USAGI
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  *	Kunihiro Ishiguro <kunihiro@ipinfusion.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  *	YOSHIFUJI Hideaki @USAGI
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10)  *		IPv6 support
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <linux/string.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <linux/netfilter.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <linux/netfilter_ipv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <net/ipv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #include <net/xfrm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 		  struct ip6_tnl *t)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) 	XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = t;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 	XFRM_SPI_SKB_CB(skb)->family = AF_INET6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 	XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 	return xfrm_input(skb, nexthdr, spi, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) EXPORT_SYMBOL(xfrm6_rcv_spi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) static int xfrm6_transport_finish2(struct net *net, struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 				   struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 	if (xfrm_trans_queue(skb, ip6_rcv_finish)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 		kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 		return NET_RX_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) int xfrm6_transport_finish(struct sk_buff *skb, int async)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 	struct xfrm_offload *xo = xfrm_offload(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	int nhlen = skb->data - skb_network_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 	skb_network_header(skb)[IP6CB(skb)->nhoff] =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 		XFRM_MODE_SKB_CB(skb)->protocol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) #ifndef CONFIG_NETFILTER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 	if (!async)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 		return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 	__skb_push(skb, nhlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 	ipv6_hdr(skb)->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 	skb_postpush_rcsum(skb, skb_network_header(skb), nhlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 	if (xo && (xo->flags & XFRM_GRO)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 		skb_mac_header_rebuild(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 		skb_reset_transport_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 	NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 		dev_net(skb->dev), NULL, skb, skb->dev, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 		xfrm6_transport_finish2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) /* If it's a keepalive packet, then just eat it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71)  * If it's an encapsulated packet, then pass it to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72)  * IPsec xfrm input.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73)  * Returns 0 if skb passed to xfrm or was dropped.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74)  * Returns >0 if skb should be passed to UDP.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75)  * Returns <0 if skb should be resubmitted (-ret is protocol)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) int xfrm6_udp_encap_rcv(struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	struct udp_sock *up = udp_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 	struct udphdr *uh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 	struct ipv6hdr *ip6h;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 	int len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 	int ip6hlen = sizeof(struct ipv6hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 	__u8 *udpdata;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	__be32 *udpdata32;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	__u16 encap_type = up->encap_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 	/* if this is not encapsulated socket, then just return now */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 	if (!encap_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 		return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 	/* If this is a paged skb, make sure we pull up
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 	 * whatever data we need to look at. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	len = skb->len - sizeof(struct udphdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	if (!pskb_may_pull(skb, sizeof(struct udphdr) + min(len, 8)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 		return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 	/* Now we can get the pointers */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	uh = udp_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 	udpdata = (__u8 *)uh + sizeof(struct udphdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 	udpdata32 = (__be32 *)udpdata;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	switch (encap_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	case UDP_ENCAP_ESPINUDP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 		/* Check if this is a keepalive packet.  If so, eat it. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 		if (len == 1 && udpdata[0] == 0xff) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 			goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 		} else if (len > sizeof(struct ip_esp_hdr) && udpdata32[0] != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 			/* ESP Packet without Non-ESP header */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 			len = sizeof(struct udphdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 		} else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 			/* Must be an IKE packet.. pass it through */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 			return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 	case UDP_ENCAP_ESPINUDP_NON_IKE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 		/* Check if this is a keepalive packet.  If so, eat it. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 		if (len == 1 && udpdata[0] == 0xff) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 			goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 		} else if (len > 2 * sizeof(u32) + sizeof(struct ip_esp_hdr) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 			   udpdata32[0] == 0 && udpdata32[1] == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 			/* ESP Packet with Non-IKE marker */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 			len = sizeof(struct udphdr) + 2 * sizeof(u32);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 		} else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 			/* Must be an IKE packet.. pass it through */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 			return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 	/* At this point we are sure that this is an ESPinUDP packet,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 	 * so we need to remove 'len' bytes from the packet (the UDP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 	 * header and optional ESP marker bytes) and then modify the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 	 * protocol to ESP, and then call into the transform receiver.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 	if (skb_unclone(skb, GFP_ATOMIC))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 		goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 	/* Now we can update and verify the packet length... */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 	ip6h = ipv6_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 	ip6h->payload_len = htons(ntohs(ip6h->payload_len) - len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 	if (skb->len < ip6hlen + len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 		/* packet is too small!?! */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 		goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 	/* pull the data buffer up to the ESP header and set the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 	 * transport header to point to ESP.  Keep UDP on the stack
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 	 * for later.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 	__skb_pull(skb, len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 	skb_reset_transport_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 	/* process ESP */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 	return xfrm6_rcv_encap(skb, IPPROTO_ESP, 0, encap_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) drop:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) int xfrm6_rcv_tnl(struct sk_buff *skb, struct ip6_tnl *t)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 	return xfrm6_rcv_spi(skb, skb_network_header(skb)[IP6CB(skb)->nhoff],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 			     0, t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) EXPORT_SYMBOL(xfrm6_rcv_tnl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) int xfrm6_rcv(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 	return xfrm6_rcv_tnl(skb, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) EXPORT_SYMBOL(xfrm6_rcv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 		     xfrm_address_t *saddr, u8 proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 	struct net *net = dev_net(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 	struct xfrm_state *x = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 	struct sec_path *sp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 	int i = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 	sp = secpath_set(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 	if (!sp) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 		XFRM_INC_STATS(net, LINUX_MIB_XFRMINERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 		goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 	if (1 + sp->len == XFRM_MAX_DEPTH) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 		XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 		goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 	for (i = 0; i < 3; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 		xfrm_address_t *dst, *src;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 		switch (i) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 		case 0:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 			dst = daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 			src = saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 		case 1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 			/* lookup state with wild-card source address */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 			dst = daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 			src = (xfrm_address_t *)&in6addr_any;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 		default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 			/* lookup state with wild-card addresses */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 			dst = (xfrm_address_t *)&in6addr_any;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 			src = (xfrm_address_t *)&in6addr_any;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 		x = xfrm_state_lookup_byaddr(net, skb->mark, dst, src, proto, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 		if (!x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 			continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 		spin_lock(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 		if ((!i || (x->props.flags & XFRM_STATE_WILDRECV)) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 		    likely(x->km.state == XFRM_STATE_VALID) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 		    !xfrm_state_check_expire(x)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 			spin_unlock(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 			if (x->type->input(x, skb) > 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 				/* found a valid state */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 				break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 			}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 		} else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 			spin_unlock(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 		xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 		x = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 	if (!x) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 		XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOSTATES);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 		xfrm_audit_state_notfound_simple(skb, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 		goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 	sp->xvec[sp->len++] = x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 	spin_lock(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 	x->curlft.bytes += skb->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 	x->curlft.packets++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 	spin_unlock(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 	return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) drop:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 	return -1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) EXPORT_SYMBOL(xfrm6_input_addr);
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.