Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

David S. Miller
2 parents 28faa97974 e550dfb0c2
Showing 9 changed files Side-by-side Diff
include/net/bluetooth/hci_core.h
net/bluetooth/af_bluetooth.c
net/bluetooth/hci_conn.c
net/bluetooth/hci_event.c
net/bluetooth/l2cap.c
net/bluetooth/sco.c
net/ipv6/ip6_output.c
net/xfrm/xfrm_policy.c
net/xfrm/xfrm_state.c
@@ -325,7 +325,8 @@
 void hci_conn_hash_flush(struct hci_dev *hdev);
 void hci_conn_check_pending(struct hci_dev *hdev);
  
-struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *src);
+struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 auth_type);
+int hci_conn_check_link_mode(struct hci_conn *conn);
 int hci_conn_auth(struct hci_conn *conn);
 int hci_conn_encrypt(struct hci_conn *conn);
 int hci_conn_change_link_key(struct hci_conn *conn);
@@ -49,7 +49,7 @@
 #define BT_DBG(D...)
 #endif
  
-#define VERSION "2.12"
+#define VERSION "2.13"
  
 /* Bluetooth sockets */
 #define BT_MAX_PROTO	8
@@ -330,7 +330,7 @@
  
 /* Create SCO or ACL connection.
  * Device _must_ be locked */
-struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst)
+struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 auth_type)
 {
 	struct hci_conn *acl;
 	struct hci_conn *sco;
  
@@ -344,8 +344,10 @@
  
 	hci_conn_hold(acl);
  
-	if (acl->state == BT_OPEN || acl->state == BT_CLOSED)
+	if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
+		acl->auth_type = auth_type;
 		hci_acl_connect(acl);
+	}
  
 	if (type == ACL_LINK)
 		return acl;
@@ -374,6 +376,19 @@
 }
 EXPORT_SYMBOL(hci_connect);
  
+/* Check link security requirement */
+int hci_conn_check_link_mode(struct hci_conn *conn)
+{
+	BT_DBG("conn %p", conn);
+
+	if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
+					!(conn->link_mode & HCI_LM_ENCRYPT))
+		return 0;
+
+	return 1;
+}
+EXPORT_SYMBOL(hci_conn_check_link_mode);
+
 /* Authenticate remote device */
 int hci_conn_auth(struct hci_conn *conn)
 {
@@ -381,7 +396,7 @@
  
 	if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0) {
 		if (!(conn->auth_type & 0x01)) {
-			conn->auth_type = HCI_AT_GENERAL_BONDING_MITM;
+			conn->auth_type |= 0x01;
 			conn->link_mode &= ~HCI_LM_AUTH;
 		}
 	}
@@ -1605,14 +1605,11 @@
  
 		if (conn->state == BT_CONFIG) {
 			if (!ev->status && hdev->ssp_mode > 0 &&
-							conn->ssp_mode > 0) {
-				if (conn->out) {
-					struct hci_cp_auth_requested cp;
-					cp.handle = ev->handle;
-					hci_send_cmd(hdev,
-						HCI_OP_AUTH_REQUESTED,
+					conn->ssp_mode > 0 && conn->out) {
+				struct hci_cp_auth_requested cp;
+				cp.handle = ev->handle;
+				hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
 							sizeof(cp), &cp);
-				}
 			} else {
 				conn->state = BT_CONNECTED;
 				hci_proto_connect_cfm(conn, ev->status);
@@ -55,7 +55,7 @@
 #define BT_DBG(D...)
 #endif
  
-#define VERSION "2.10"
+#define VERSION "2.11"
  
 static u32 l2cap_feat_mask = 0x0000;
  
@@ -778,6 +778,7 @@
 	struct l2cap_conn *conn;
 	struct hci_conn *hcon;
 	struct hci_dev *hdev;
+	__u8 auth_type;
 	int err = 0;
  
 	BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
@@ -789,7 +790,21 @@
  
 	err = -ENOMEM;
  
-	hcon = hci_connect(hdev, ACL_LINK, dst);
+	if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH ||
+			l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT ||
+				l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) {
+		if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001))
+			auth_type = HCI_AT_NO_BONDING_MITM;
+		else
+			auth_type = HCI_AT_GENERAL_BONDING_MITM;
+	} else {
+		if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001))
+			auth_type = HCI_AT_NO_BONDING;
+		else
+			auth_type = HCI_AT_GENERAL_BONDING;
+	}
+
+	hcon = hci_connect(hdev, ACL_LINK, dst, auth_type);
 	if (!hcon)
 		goto done;
  
  
@@ -1553,10 +1568,10 @@
 	struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
 	struct l2cap_conn_rsp rsp;
 	struct sock *sk, *parent;
-	int result, status = 0;
+	int result, status = L2CAP_CS_NO_INFO;
  
 	u16 dcid = 0, scid = __le16_to_cpu(req->scid);
-	__le16 psm  = req->psm;
+	__le16 psm = req->psm;
  
 	BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
  
@@ -1567,6 +1582,13 @@
 		goto sendresp;
 	}
  
+	/* Check if the ACL is secure enough (if not SDP) */
+	if (psm != cpu_to_le16(0x0001) &&
+				!hci_conn_check_link_mode(conn->hcon)) {
+		result = L2CAP_CR_SEC_BLOCK;
+		goto response;
+	}
+
 	result = L2CAP_CR_NO_MEM;
  
 	/* Check for backlog size */
@@ -2224,7 +2246,7 @@
 			rsp.scid   = cpu_to_le16(l2cap_pi(sk)->dcid);
 			rsp.dcid   = cpu_to_le16(l2cap_pi(sk)->scid);
 			rsp.result = cpu_to_le16(result);
-			rsp.status = cpu_to_le16(0);
+			rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
 			l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
 					L2CAP_CONN_RSP, sizeof(rsp), &rsp);
 		}
@@ -2296,7 +2318,7 @@
 			rsp.scid   = cpu_to_le16(l2cap_pi(sk)->dcid);
 			rsp.dcid   = cpu_to_le16(l2cap_pi(sk)->scid);
 			rsp.result = cpu_to_le16(result);
-			rsp.status = cpu_to_le16(0);
+			rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
 			l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
 					L2CAP_CONN_RSP, sizeof(rsp), &rsp);
 		}
@@ -200,7 +200,7 @@
 	else
 		type = SCO_LINK;
  
-	hcon = hci_connect(hdev, type, dst);
+	hcon = hci_connect(hdev, type, dst, HCI_AT_NO_BONDING);
 	if (!hcon)
 		goto done;
  
@@ -943,39 +943,39 @@
 	}
  
 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
-		/*
-		 * Here if the dst entry we've looked up
-		 * has a neighbour entry that is in the INCOMPLETE
-		 * state and the src address from the flow is
-		 * marked as OPTIMISTIC, we release the found
-		 * dst entry and replace it instead with the
-		 * dst entry of the nexthop router
-		 */
-		if (!((*dst)->neighbour->nud_state & NUD_VALID)) {
-			struct inet6_ifaddr *ifp;
-			struct flowi fl_gw;
-			int redirect;
+	/*
+	 * Here if the dst entry we've looked up
+	 * has a neighbour entry that is in the INCOMPLETE
+	 * state and the src address from the flow is
+	 * marked as OPTIMISTIC, we release the found
+	 * dst entry and replace it instead with the
+	 * dst entry of the nexthop router
+	 */
+	if ((*dst)->neighbour && !((*dst)->neighbour->nud_state & NUD_VALID)) {
+		struct inet6_ifaddr *ifp;
+		struct flowi fl_gw;
+		int redirect;
  
-			ifp = ipv6_get_ifaddr(net, &fl->fl6_src,
-					      (*dst)->dev, 1);
+		ifp = ipv6_get_ifaddr(net, &fl->fl6_src,
+				      (*dst)->dev, 1);
  
-			redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
-			if (ifp)
-				in6_ifa_put(ifp);
+		redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
+		if (ifp)
+			in6_ifa_put(ifp);
  
-			if (redirect) {
-				/*
-				 * We need to get the dst entry for the
-				 * default router instead
-				 */
-				dst_release(*dst);
-				memcpy(&fl_gw, fl, sizeof(struct flowi));
-				memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
-				*dst = ip6_route_output(net, sk, &fl_gw);
-				if ((err = (*dst)->error))
-					goto out_err_release;
-			}
+		if (redirect) {
+			/*
+			 * We need to get the dst entry for the
+			 * default router instead
+			 */
+			dst_release(*dst);
+			memcpy(&fl_gw, fl, sizeof(struct flowi));
+			memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
+			*dst = ip6_route_output(net, sk, &fl_gw);
+			if ((err = (*dst)->error))
+				goto out_err_release;
 		}
+	}
 #endif
  
 	return 0;
@@ -1077,6 +1077,7 @@
 	struct hlist_head *chain = policy_hash_bysel(&pol->selector,
 						     pol->family, dir);
  
+	list_add_tail(&pol->bytype, &xfrm_policy_bytype[pol->type]);
 	hlist_add_head(&pol->bydst, chain);
 	hlist_add_head(&pol->byidx, xfrm_policy_byidx+idx_hash(pol->index));
 	xfrm_policy_count[dir]++;
@@ -858,6 +858,7 @@
  
 		if (km_query(x, tmpl, pol) == 0) {
 			x->km.state = XFRM_STATE_ACQ;
+			list_add_tail(&x->all, &xfrm_state_all);
 			hlist_add_head(&x->bydst, xfrm_state_bydst+h);
 			h = xfrm_src_hash(daddr, saddr, family);
 			hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
@@ -1055,6 +1056,7 @@
 		xfrm_state_hold(x);
 		x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
 		add_timer(&x->timer);
+		list_add_tail(&x->all, &xfrm_state_all);
 		hlist_add_head(&x->bydst, xfrm_state_bydst+h);
 		h = xfrm_src_hash(daddr, saddr, family);
 		hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
...	...	@@ -325,7 +325,8 @@
325	325	void hci_conn_hash_flush(struct hci_dev *hdev);
326	326	void hci_conn_check_pending(struct hci_dev *hdev);
327	327
328		-struct hci_conn hci_connect(struct hci_dev hdev, int type, bdaddr_t *src);
	328	+struct hci_conn hci_connect(struct hci_dev hdev, int type, bdaddr_t *dst, __u8 auth_type);
	329	+int hci_conn_check_link_mode(struct hci_conn *conn);
329	330	int hci_conn_auth(struct hci_conn *conn);
330	331	int hci_conn_encrypt(struct hci_conn *conn);
331	332	int hci_conn_change_link_key(struct hci_conn *conn);
...	...	@@ -49,7 +49,7 @@
49	49	#define BT_DBG(D...)
50	50	#endif
51	51
52		-#define VERSION "2.12"
	52	+#define VERSION "2.13"
53	53
54	54	/* Bluetooth sockets */
55	55	#define BT_MAX_PROTO 8
...	...	@@ -330,7 +330,7 @@
330	330
331	331	/* Create SCO or ACL connection.
332	332	* Device _must_ be locked */
333		-struct hci_conn hci_connect(struct hci_dev hdev, int type, bdaddr_t *dst)
	333	+struct hci_conn hci_connect(struct hci_dev hdev, int type, bdaddr_t *dst, __u8 auth_type)
334	334	{
335	335	struct hci_conn *acl;
336	336	struct hci_conn *sco;
337	337
...	...	@@ -344,8 +344,10 @@
344	344
345	345	hci_conn_hold(acl);
346	346
347		- if (acl->state == BT_OPEN \|\| acl->state == BT_CLOSED)
	347	+ if (acl->state == BT_OPEN \|\| acl->state == BT_CLOSED) {
	348	+ acl->auth_type = auth_type;
348	349	hci_acl_connect(acl);
	350	+ }
349	351
350	352	if (type == ACL_LINK)
351	353	return acl;
...	...	@@ -374,6 +376,19 @@
374	376	}
375	377	EXPORT_SYMBOL(hci_connect);
376	378
	379	+/* Check link security requirement */
	380	+int hci_conn_check_link_mode(struct hci_conn *conn)
	381	+{
	382	+ BT_DBG("conn %p", conn);
	383	+
	384	+ if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 &&
	385	+ !(conn->link_mode & HCI_LM_ENCRYPT))
	386	+ return 0;
	387	+
	388	+ return 1;
	389	+}
	390	+EXPORT_SYMBOL(hci_conn_check_link_mode);
	391	+
377	392	/* Authenticate remote device */
378	393	int hci_conn_auth(struct hci_conn *conn)
379	394	{
...	...	@@ -381,7 +396,7 @@
381	396
382	397	if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0) {
383	398	if (!(conn->auth_type & 0x01)) {
384		- conn->auth_type = HCI_AT_GENERAL_BONDING_MITM;
	399	+ conn->auth_type \|= 0x01;
385	400	conn->link_mode &= ~HCI_LM_AUTH;
386	401	}
387	402	}
...	...	@@ -1605,14 +1605,11 @@
1605	1605
1606	1606	if (conn->state == BT_CONFIG) {
1607	1607	if (!ev->status && hdev->ssp_mode > 0 &&
1608		- conn->ssp_mode > 0) {
1609		- if (conn->out) {
1610		- struct hci_cp_auth_requested cp;
1611		- cp.handle = ev->handle;
1612		- hci_send_cmd(hdev,
1613		- HCI_OP_AUTH_REQUESTED,
	1608	+ conn->ssp_mode > 0 && conn->out) {
	1609	+ struct hci_cp_auth_requested cp;
	1610	+ cp.handle = ev->handle;
	1611	+ hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1614	1612	sizeof(cp), &cp);
1615		- }
1616	1613	} else {
1617	1614	conn->state = BT_CONNECTED;
1618	1615	hci_proto_connect_cfm(conn, ev->status);
...	...	@@ -55,7 +55,7 @@
55	55	#define BT_DBG(D...)
56	56	#endif
57	57
58		-#define VERSION "2.10"
	58	+#define VERSION "2.11"
59	59
60	60	static u32 l2cap_feat_mask = 0x0000;
61	61
...	...	@@ -778,6 +778,7 @@
778	778	struct l2cap_conn *conn;
779	779	struct hci_conn *hcon;
780	780	struct hci_dev *hdev;
	781	+ __u8 auth_type;
781	782	int err = 0;
782	783
783	784	BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
...	...	@@ -789,7 +790,21 @@
789	790
790	791	err = -ENOMEM;
791	792
792		- hcon = hci_connect(hdev, ACL_LINK, dst);
	793	+ if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH \|\|
	794	+ l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT \|\|
	795	+ l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) {
	796	+ if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001))
	797	+ auth_type = HCI_AT_NO_BONDING_MITM;
	798	+ else
	799	+ auth_type = HCI_AT_GENERAL_BONDING_MITM;
	800	+ } else {
	801	+ if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001))
	802	+ auth_type = HCI_AT_NO_BONDING;
	803	+ else
	804	+ auth_type = HCI_AT_GENERAL_BONDING;
	805	+ }
	806	+
	807	+ hcon = hci_connect(hdev, ACL_LINK, dst, auth_type);
793	808	if (!hcon)
794	809	goto done;
795	810
796	811
...	...	@@ -1553,10 +1568,10 @@
1553	1568	struct l2cap_conn_req req = (struct l2cap_conn_req ) data;
1554	1569	struct l2cap_conn_rsp rsp;
1555	1570	struct sock sk, parent;
1556		- int result, status = 0;
	1571	+ int result, status = L2CAP_CS_NO_INFO;
1557	1572
1558	1573	u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1559		- __le16 psm = req->psm;
	1574	+ __le16 psm = req->psm;
1560	1575
1561	1576	BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1562	1577
...	...	@@ -1567,6 +1582,13 @@
1567	1582	goto sendresp;
1568	1583	}
1569	1584
	1585	+ /* Check if the ACL is secure enough (if not SDP) */
	1586	+ if (psm != cpu_to_le16(0x0001) &&
	1587	+ !hci_conn_check_link_mode(conn->hcon)) {
	1588	+ result = L2CAP_CR_SEC_BLOCK;
	1589	+ goto response;
	1590	+ }
	1591	+
1570	1592	result = L2CAP_CR_NO_MEM;
1571	1593
1572	1594	/* Check for backlog size */
...	...	@@ -2224,7 +2246,7 @@
2224	2246	rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2225	2247	rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2226	2248	rsp.result = cpu_to_le16(result);
2227		- rsp.status = cpu_to_le16(0);
	2249	+ rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2228	2250	l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2229	2251	L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2230	2252	}
...	...	@@ -2296,7 +2318,7 @@
2296	2318	rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2297	2319	rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2298	2320	rsp.result = cpu_to_le16(result);
2299		- rsp.status = cpu_to_le16(0);
	2321	+ rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2300	2322	l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2301	2323	L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2302	2324	}
...	...	@@ -200,7 +200,7 @@
200	200	else
201	201	type = SCO_LINK;
202	202
203		- hcon = hci_connect(hdev, type, dst);
	203	+ hcon = hci_connect(hdev, type, dst, HCI_AT_NO_BONDING);
204	204	if (!hcon)
205	205	goto done;
206	206
...	...	@@ -943,39 +943,39 @@
943	943	}
944	944
945	945	#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
946		- /*
947		- * Here if the dst entry we've looked up
948		- * has a neighbour entry that is in the INCOMPLETE
949		- * state and the src address from the flow is
950		- * marked as OPTIMISTIC, we release the found
951		- * dst entry and replace it instead with the
952		- * dst entry of the nexthop router
953		- */
954		- if (!((*dst)->neighbour->nud_state & NUD_VALID)) {
955		- struct inet6_ifaddr *ifp;
956		- struct flowi fl_gw;
957		- int redirect;
	946	+ /*
	947	+ * Here if the dst entry we've looked up
	948	+ * has a neighbour entry that is in the INCOMPLETE
	949	+ * state and the src address from the flow is
	950	+ * marked as OPTIMISTIC, we release the found
	951	+ * dst entry and replace it instead with the
	952	+ * dst entry of the nexthop router
	953	+ */
	954	+ if ((dst)->neighbour && !((dst)->neighbour->nud_state & NUD_VALID)) {
	955	+ struct inet6_ifaddr *ifp;
	956	+ struct flowi fl_gw;
	957	+ int redirect;
958	958
959		- ifp = ipv6_get_ifaddr(net, &fl->fl6_src,
960		- (*dst)->dev, 1);
	959	+ ifp = ipv6_get_ifaddr(net, &fl->fl6_src,
	960	+ (*dst)->dev, 1);
961	961
962		- redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
963		- if (ifp)
964		- in6_ifa_put(ifp);
	962	+ redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
	963	+ if (ifp)
	964	+ in6_ifa_put(ifp);
965	965
966		- if (redirect) {
967		- /*
968		- * We need to get the dst entry for the
969		- * default router instead
970		- */
971		- dst_release(*dst);
972		- memcpy(&fl_gw, fl, sizeof(struct flowi));
973		- memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
974		- *dst = ip6_route_output(net, sk, &fl_gw);
975		- if ((err = (*dst)->error))
976		- goto out_err_release;
977		- }
	966	+ if (redirect) {
	967	+ /*
	968	+ * We need to get the dst entry for the
	969	+ * default router instead
	970	+ */
	971	+ dst_release(*dst);
	972	+ memcpy(&fl_gw, fl, sizeof(struct flowi));
	973	+ memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
	974	+ *dst = ip6_route_output(net, sk, &fl_gw);
	975	+ if ((err = (*dst)->error))
	976	+ goto out_err_release;
978	977	}
	978	+ }
979	979	#endif
980	980
981	981	return 0;
...	...	@@ -1077,6 +1077,7 @@
1077	1077	struct hlist_head *chain = policy_hash_bysel(&pol->selector,
1078	1078	pol->family, dir);
1079	1079
	1080	+ list_add_tail(&pol->bytype, &xfrm_policy_bytype[pol->type]);
1080	1081	hlist_add_head(&pol->bydst, chain);
1081	1082	hlist_add_head(&pol->byidx, xfrm_policy_byidx+idx_hash(pol->index));
1082	1083	xfrm_policy_count[dir]++;
...	...	@@ -858,6 +858,7 @@
858	858
859	859	if (km_query(x, tmpl, pol) == 0) {
860	860	x->km.state = XFRM_STATE_ACQ;
	861	+ list_add_tail(&x->all, &xfrm_state_all);
861	862	hlist_add_head(&x->bydst, xfrm_state_bydst+h);
862	863	h = xfrm_src_hash(daddr, saddr, family);
863	864	hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
...	...	@@ -1055,6 +1056,7 @@
1055	1056	xfrm_state_hold(x);
1056	1057	x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1057	1058	add_timer(&x->timer);
	1059	+ list_add_tail(&x->all, &xfrm_state_all);
1058	1060	hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1059	1061	h = xfrm_src_hash(daddr, saddr, family);
1060	1062	hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);