X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fipv6%2Fah6.c;h=6778173a3dda85d666f1508c77aa7895dedd801a;hb=43bc926fffd92024b46cafaf7350d669ba9ca884;hp=eda2737e572b17aa442c9beeb062088788f91fa2;hpb=9bf4aaab3e101692164d49b7ca357651eb691cb6;p=linux-2.6.git diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index eda2737e5..6778173a3 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include @@ -131,10 +132,10 @@ static int ipv6_clear_mutable_options(struct ipv6hdr *iph, int len) case NEXTHDR_HOP: case NEXTHDR_DEST: if (!zero_out_mutable_opts(exthdr.opth)) { - LIMIT_NETDEBUG(printk( + LIMIT_NETDEBUG( KERN_WARNING "overrun %sopts\n", nexthdr == NEXTHDR_HOP ? - "hop" : "dest")); + "hop" : "dest"); return -EINVAL; } break; @@ -154,12 +155,10 @@ static int ipv6_clear_mutable_options(struct ipv6hdr *iph, int len) return 0; } -int ah6_output(struct sk_buff **pskb) +static int ah6_output(struct xfrm_state *x, struct sk_buff *skb) { int err; int extlen; - struct dst_entry *dst = (*pskb)->dst; - struct xfrm_state *x = dst->xfrm; struct ipv6hdr *top_iph; struct ip_auth_hdr *ah; struct ah_data *ahp; @@ -170,11 +169,11 @@ int ah6_output(struct sk_buff **pskb) char hdrs[0]; } *tmp_ext; - top_iph = (struct ipv6hdr *)(*pskb)->data; - top_iph->payload_len = htons((*pskb)->len - sizeof(*top_iph)); + top_iph = (struct ipv6hdr *)skb->data; + top_iph->payload_len = htons(skb->len - sizeof(*top_iph)); - nexthdr = *(*pskb)->nh.raw; - *(*pskb)->nh.raw = IPPROTO_AH; + nexthdr = *skb->nh.raw; + *skb->nh.raw = IPPROTO_AH; /* When there are no extension headers, we only need to save the first * 8 bytes of the base IP header. @@ -182,7 +181,7 @@ int ah6_output(struct sk_buff **pskb) memcpy(tmp_base, top_iph, sizeof(tmp_base)); tmp_ext = NULL; - extlen = (*pskb)->h.raw - (unsigned char *)(top_iph + 1); + extlen = skb->h.raw - (unsigned char *)(top_iph + 1); if (extlen) { extlen += sizeof(*tmp_ext); tmp_ext = kmalloc(extlen, GFP_ATOMIC); @@ -198,7 +197,7 @@ int ah6_output(struct sk_buff **pskb) goto error_free_iph; } - ah = (struct ip_auth_hdr *)(*pskb)->h.raw; + ah = (struct ip_auth_hdr *)skb->h.raw; ah->nexthdr = nexthdr; top_iph->priority = 0; @@ -214,7 +213,8 @@ int ah6_output(struct sk_buff **pskb) ah->reserved = 0; ah->spi = x->id.spi; ah->seq_no = htonl(++x->replay.oseq); - ahp->icv(ahp, *pskb, ah->auth_data); + xfrm_aevent_doreplay(x); + ahp->icv(ahp, skb, ah->auth_data); err = 0; @@ -229,7 +229,7 @@ error: return err; } -int ah6_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struct sk_buff *skb) +static int ah6_input(struct xfrm_state *x, struct sk_buff *skb) { /* * Before process AH @@ -280,7 +280,7 @@ int ah6_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struct sk_bu goto out; memcpy(tmp_hdr, skb->nh.raw, hdr_len); if (ipv6_clear_mutable_options(skb->nh.ipv6h, hdr_len)) - goto out; + goto free_out; skb->nh.ipv6h->priority = 0; skb->nh.ipv6h->flow_lbl[0] = 0; skb->nh.ipv6h->flow_lbl[1] = 0; @@ -295,8 +295,7 @@ int ah6_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struct sk_bu skb_push(skb, skb->data - skb->nh.raw); ahp->icv(ahp, skb, ah->auth_data); if (memcmp(ah->auth_data, auth_data, ahp->icv_trunc_len)) { - LIMIT_NETDEBUG( - printk(KERN_WARNING "ipsec ah authentication error\n")); + LIMIT_NETDEBUG(KERN_WARNING "ipsec ah authentication error\n"); x->stats.integrity_failed++; goto free_out; } @@ -319,8 +318,8 @@ out: return -EINVAL; } -void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, - int type, int code, int offset, __u32 info) +static void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, + int type, int code, int offset, __u32 info) { struct ipv6hdr *iph = (struct ipv6hdr*)skb->data; struct ip_auth_hdr *ah = (struct ip_auth_hdr*)(skb->data+offset); @@ -334,14 +333,13 @@ void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, if (!x) return; - NETDEBUG(printk(KERN_DEBUG "pmtu discovery on SA AH/%08x/" - "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x\n", - ntohl(ah->spi), NIP6(iph->daddr))); + NETDEBUG(KERN_DEBUG "pmtu discovery on SA AH/%08x/" NIP6_FMT "\n", + ntohl(ah->spi), NIP6(iph->daddr)); xfrm_state_put(x); } -static int ah6_init_state(struct xfrm_state *x, void *args) +static int ah6_init_state(struct xfrm_state *x) { struct ah_data *ahp = NULL; struct xfrm_algo_desc *aalg_desc; @@ -353,12 +351,13 @@ static int ah6_init_state(struct xfrm_state *x, void *args) if (x->aalg->alg_key_len > 512) goto error; - ahp = kmalloc(sizeof(*ahp), GFP_KERNEL); + if (x->encap) + goto error; + + ahp = kzalloc(sizeof(*ahp), GFP_KERNEL); if (ahp == NULL) return -ENOMEM; - memset(ahp, 0, sizeof(*ahp)); - ahp->key = x->aalg->alg_key; ahp->key_len = (x->aalg->alg_key_len+7)/8; ahp->tfm = crypto_alloc_tfm(x->aalg->alg_name, 0); @@ -372,7 +371,7 @@ static int ah6_init_state(struct xfrm_state *x, void *args) * we need for AH processing. This lookup cannot fail here * after a successful crypto_alloc_tfm(). */ - aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name); + aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); BUG_ON(!aalg_desc); if (aalg_desc->uinfo.auth.icv_fullbits/8 != @@ -401,10 +400,8 @@ static int ah6_init_state(struct xfrm_state *x, void *args) error: if (ahp) { - if (ahp->work_icv) - kfree(ahp->work_icv); - if (ahp->tfm) - crypto_free_tfm(ahp->tfm); + kfree(ahp->work_icv); + crypto_free_tfm(ahp->tfm); kfree(ahp); } return -EINVAL; @@ -417,14 +414,10 @@ static void ah6_destroy(struct xfrm_state *x) if (!ahp) return; - if (ahp->work_icv) { - kfree(ahp->work_icv); - ahp->work_icv = NULL; - } - if (ahp->tfm) { - crypto_free_tfm(ahp->tfm); - ahp->tfm = NULL; - } + kfree(ahp->work_icv); + ahp->work_icv = NULL; + crypto_free_tfm(ahp->tfm); + ahp->tfm = NULL; kfree(ahp); } @@ -445,7 +438,7 @@ static struct inet6_protocol ah6_protocol = { .flags = INET6_PROTO_NOPOLICY, }; -int __init ah6_init(void) +static int __init ah6_init(void) { if (xfrm_register_type(&ah6_type, AF_INET6) < 0) { printk(KERN_INFO "ipv6 ah init: can't add xfrm type\n");