vserver 1.9.5.x5

[linux-2.6.git] / net / key / af_key.c

diff --git a/net/key/af_key.c b/net/key/af_key.c
index fdf75a1..c056494 100644 (file)
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -35,9 +35,9 @@
 
 
 /* List of all pfkey sockets. */
-HLIST_HEAD(pfkey_table);
+static HLIST_HEAD(pfkey_table);
 static DECLARE_WAIT_QUEUE_HEAD(pfkey_table_wait);
-static rwlock_t pfkey_table_lock = RW_LOCK_UNLOCKED;
+static DEFINE_RWLOCK(pfkey_table_lock);
 static atomic_t pfkey_table_users = ATOMIC_INIT(0);
 
 static atomic_t pfkey_socks_nr = ATOMIC_INIT(0);
@@ -665,24 +665,26 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
                sa->sadb_sa_state = SADB_SASTATE_DEAD;
        sa->sadb_sa_auth = 0;
        if (x->aalg) {
-               struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name);
+               struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
                sa->sadb_sa_auth = a ? a->desc.sadb_alg_id : 0;
        }
        sa->sadb_sa_encrypt = 0;
        BUG_ON(x->ealg && x->calg);
        if (x->ealg) {
-               struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name);
+               struct xfrm_algo_desc *a = xfrm_ealg_get_byname(x->ealg->alg_name, 0);
                sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0;
        }
        /* KAME compatible: sadb_sa_encrypt is overloaded with calg id */
        if (x->calg) {
-               struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name);
+               struct xfrm_algo_desc *a = xfrm_calg_get_byname(x->calg->alg_name, 0);
                sa->sadb_sa_encrypt = a ? a->desc.sadb_alg_id : 0;
        }
 
        sa->sadb_sa_flags = 0;
        if (x->props.flags & XFRM_STATE_NOECN)
                sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN;
+       if (x->props.flags & XFRM_STATE_DECAP_DSCP)
+               sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP;
 
        /* hard time */
        if (hsc & 2) {
@@ -965,6 +967,8 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr,
        x->props.replay_window = sa->sadb_sa_replay;
        if (sa->sadb_sa_flags & SADB_SAFLAGS_NOECN)
                x->props.flags |= XFRM_STATE_NOECN;
+       if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP)
+               x->props.flags |= XFRM_STATE_DECAP_DSCP;
 
        lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_HARD-1];
        if (lifetime != NULL) {
@@ -1075,15 +1079,6 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr,
                n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1];
                natt->encap_type = n_type->sadb_x_nat_t_type_type;
 
-               switch (natt->encap_type) {
-               case UDP_ENCAP_ESPINUDP:
-               case UDP_ENCAP_ESPINUDP_NON_IKE:
-                       break;
-               default:
-                       err = -ENOPROTOOPT;
-                       goto out;
-               }
-
                if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) {
                        struct sadb_x_nat_t_port* n_port =
                                ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1];
@@ -1165,7 +1160,16 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
                break;
 #endif
        }
-       if (xdaddr)
+
+       if (hdr->sadb_msg_seq) {
+               x = xfrm_find_acq_byseq(hdr->sadb_msg_seq);
+               if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) {
+                       xfrm_state_put(x);
+                       x = NULL;
+               }
+       }
+
+       if (!x)
                x = xfrm_find_acq(mode, reqid, proto, xdaddr, xsaddr, 1, family);
 
        if (x == NULL)
@@ -2340,7 +2344,7 @@ static u32 get_acqseq(void)
 {
        u32 res;
        static u32 acqseq;
-       static spinlock_t acqseq_lock = SPIN_LOCK_UNLOCKED;
+       static DEFINE_SPINLOCK(acqseq_lock);
 
        spin_lock_bh(&acqseq_lock);
        res = (++acqseq ? : ++acqseq);