static void xfrm_timer_handler(unsigned long data)
{
struct xfrm_state *x = (struct xfrm_state*)data;
- unsigned long now = (unsigned long)xtime.tv_sec;
+ unsigned long now = get_seconds();
long next = LONG_MAX;
int warn = 0;
int err = 0;
init_timer(&x->rtimer);
x->rtimer.function = xfrm_replay_timer_handler;
x->rtimer.data = (unsigned long)x;
- x->curlft.add_time = (unsigned long)xtime.tv_sec;
+ x->curlft.add_time = get_seconds();
x->lft.soft_byte_limit = XFRM_INF;
x->lft.soft_packet_limit = XFRM_INF;
x->lft.hard_byte_limit = XFRM_INF;
x->id.daddr.a6))
continue;
break;
- };
+ }
xfrm_state_hold(x);
return x;
x->props.saddr.a6))
continue;
break;
- };
+ }
xfrm_state_hold(x);
return x;
x->props.mode != mode ||
x->props.family != family ||
x->km.state != XFRM_STATE_ACQ ||
- x->id.spi != 0)
+ x->id.spi != 0 ||
+ x->id.proto != proto)
continue;
switch (family) {
(struct in6_addr *)saddr))
continue;
break;
- };
+ }
xfrm_state_hold(x);
return x;
ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
(struct in6_addr *)daddr);
break;
- };
+ }
x->km.state = XFRM_STATE_ACQ;
x->id.proto = proto;
if (use_spi && x->km.seq) {
x1 = __xfrm_find_acq_byseq(x->km.seq);
- if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
+ if (x1 && ((x1->id.proto != x->id.proto) ||
+ xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
xfrm_state_put(x1);
x1 = NULL;
}
int xfrm_state_check_expire(struct xfrm_state *x)
{
if (!x->curlft.use_time)
- x->curlft.use_time = (unsigned long)xtime.tv_sec;
+ x->curlft.use_time = get_seconds();
if (x->km.state != XFRM_STATE_VALID)
return -EINVAL;
return 0;
diff = x->replay.seq - seq;
- if (diff >= x->props.replay_window) {
+ if (diff >= min_t(unsigned int, x->props.replay_window,
+ sizeof(x->replay.bitmap) * 8)) {
x->stats.replay_window++;
return -EINVAL;
}
}
EXPORT_SYMBOL(xfrm_state_delete_tunnel);
-/*
- * This function is NOT optimal. For example, with ESP it will give an
- * MTU that's usually two bytes short of being optimal. However, it will
- * usually give an answer that's a multiple of 4 provided the input is
- * also a multiple of 4.
- */
int xfrm_state_mtu(struct xfrm_state *x, int mtu)
{
- int res = mtu;
-
- res -= x->props.header_len;
-
- for (;;) {
- int m = res;
-
- if (m < 68)
- return 68;
-
- spin_lock_bh(&x->lock);
- if (x->km.state == XFRM_STATE_VALID &&
- x->type && x->type->get_max_size)
- m = x->type->get_max_size(x, m);
- else
- m += x->props.header_len;
- spin_unlock_bh(&x->lock);
-
- if (m <= mtu)
- break;
- res -= (m - mtu);
- }
+ int res;
+ spin_lock_bh(&x->lock);
+ if (x->km.state == XFRM_STATE_VALID &&
+ x->type && x->type->get_mtu)
+ res = x->type->get_mtu(x, mtu);
+ else
+ res = mtu;
+ spin_unlock_bh(&x->lock);
return res;
}