projects
/
powerpc.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge master.kernel.org:/home/rmk/linux-2.6-serial
[powerpc.git]
/
net
/
xfrm
/
xfrm_policy.c
diff --git
a/net/xfrm/xfrm_policy.c
b/net/xfrm/xfrm_policy.c
index
64a4473
..
8206025
100644
(file)
--- a/
net/xfrm/xfrm_policy.c
+++ b/
net/xfrm/xfrm_policy.c
@@
-13,7
+13,6
@@
*
*/
*
*/
-#include <asm/bug.h>
#include <linux/config.h>
#include <linux/slab.h>
#include <linux/kmod.h>
#include <linux/config.h>
#include <linux/slab.h>
#include <linux/kmod.h>
@@
-22,6
+21,7
@@
#include <linux/workqueue.h>
#include <linux/notifier.h>
#include <linux/netdevice.h>
#include <linux/workqueue.h>
#include <linux/notifier.h>
#include <linux/netdevice.h>
+#include <linux/netfilter.h>
#include <linux/module.h>
#include <net/xfrm.h>
#include <net/ip.h>
#include <linux/module.h>
#include <net/xfrm.h>
#include <net/ip.h>
@@
-247,11
+247,9
@@
EXPORT_SYMBOL(xfrm_policy_alloc);
void __xfrm_policy_destroy(struct xfrm_policy *policy)
{
void __xfrm_policy_destroy(struct xfrm_policy *policy)
{
- if (!policy->dead)
- BUG();
+ BUG_ON(!policy->dead);
- if (policy->bundles)
- BUG();
+ BUG_ON(policy->bundles);
if (del_timer(&policy->timer))
BUG();
if (del_timer(&policy->timer))
BUG();
@@
-784,7
+782,7
@@
int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
int nx = 0;
int err;
u32 genid;
int nx = 0;
int err;
u32 genid;
- u16 family
= dst_orig->ops->family
;
+ u16 family;
u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT);
u32 sk_sid = security_sk_sid(sk, fl, dir);
restart:
u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT);
u32 sk_sid = security_sk_sid(sk, fl, dir);
restart:
@@
-798,13
+796,14
@@
restart:
if ((dst_orig->flags & DST_NOXFRM) || !xfrm_policy_list[XFRM_POLICY_OUT])
return 0;
if ((dst_orig->flags & DST_NOXFRM) || !xfrm_policy_list[XFRM_POLICY_OUT])
return 0;
- policy = flow_cache_lookup(fl, sk_sid,
family, dir
,
- xfrm_policy_lookup);
+ policy = flow_cache_lookup(fl, sk_sid,
dst_orig->ops->family
,
+
dir,
xfrm_policy_lookup);
}
if (!policy)
return 0;
}
if (!policy)
return 0;
+ family = dst_orig->ops->family;
policy->curlft.use_time = (unsigned long)xtime.tv_sec;
switch (policy->action) {
policy->curlft.use_time = (unsigned long)xtime.tv_sec;
switch (policy->action) {
@@
-887,11
+886,11
@@
restart:
* We can't enlist stable bundles either.
*/
write_unlock_bh(&policy->lock);
* We can't enlist stable bundles either.
*/
write_unlock_bh(&policy->lock);
-
- xfrm_pol_put(policy);
if (dst)
dst_free(dst);
if (dst)
dst_free(dst);
- goto restart;
+
+ err = -EHOSTUNREACH;
+ goto error;
}
dst->next = policy->bundles;
policy->bundles = dst;
}
dst->next = policy->bundles;
policy->bundles = dst;
@@
-951,8
+950,8
@@
xfrm_policy_ok(struct xfrm_tmpl *tmpl, struct sec_path *sp, int start,
return start;
}
return start;
}
-
static
int
-_decode_session(struct sk_buff *skb, struct flowi *fl, unsigned short family)
+int
+
xfrm
_decode_session(struct sk_buff *skb, struct flowi *fl, unsigned short family)
{
struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
{
struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
@@
-963,6
+962,7
@@
_decode_session(struct sk_buff *skb, struct flowi *fl, unsigned short family)
xfrm_policy_put_afinfo(afinfo);
return 0;
}
xfrm_policy_put_afinfo(afinfo);
return 0;
}
+EXPORT_SYMBOL(xfrm_decode_session);
static inline int secpath_has_tunnel(struct sec_path *sp, int k)
{
static inline int secpath_has_tunnel(struct sec_path *sp, int k)
{
@@
-982,8
+982,9
@@
int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
u8 fl_dir = policy_to_flow_dir(dir);
u32 sk_sid;
u8 fl_dir = policy_to_flow_dir(dir);
u32 sk_sid;
- if (_decode_session(skb, &fl, family) < 0)
+ if (
xfrm
_decode_session(skb, &fl, family) < 0)
return 0;
return 0;
+ nf_nat_decode_session(skb, &fl, family);
sk_sid = security_sk_sid(sk, &fl, fl_dir);
sk_sid = security_sk_sid(sk, &fl, fl_dir);
@@
-1055,7
+1056,7
@@
int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
{
struct flowi fl;
{
struct flowi fl;
- if (_decode_session(skb, &fl, family) < 0)
+ if (
xfrm
_decode_session(skb, &fl, family) < 0)
return 0;
return xfrm_lookup(&skb->dst, &fl, NULL, 0) == 0;
return 0;
return xfrm_lookup(&skb->dst, &fl, NULL, 0) == 0;