Commit 1ce3644ade9c865c755bf0f6a4e109b7bb6eb60f
Committed by
David S. Miller
David S. Miller
1 parent
9736acf395
Exists in
master
and in
39 other branches
xfrm: Use separate low and high order bits of the sequence numbers in xfrm_skb_cb
To support IPsec extended sequence numbers, we split the output sequence numbers of xfrm_skb_cb in low and high order 32 bits and we add the high order 32 bits to the input sequence numbers. All users are updated accordingly. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 7 changed files with 17 additions and 11 deletions Side-by-side Diff
include/net/xfrm.h
| ... | ... | @@ -582,8 +582,14 @@ |
| 582 | 582 | |
| 583 | 583 | /* Sequence number for replay protection. */ |
| 584 | 584 | union { |
| 585 | - u64 output; | |
| 586 | - __be32 input; | |
| 585 | + struct { | |
| 586 | + __u32 low; | |
| 587 | + __u32 hi; | |
| 588 | + } output; | |
| 589 | + struct { | |
| 590 | + __be32 low; | |
| 591 | + __be32 hi; | |
| 592 | + } input; | |
| 587 | 593 | } seq; |
| 588 | 594 | }; |
| 589 | 595 |
net/ipv4/ah4.c
net/ipv4/esp4.c
| ... | ... | @@ -215,7 +215,7 @@ |
| 215 | 215 | } |
| 216 | 216 | |
| 217 | 217 | esph->spi = x->id.spi; |
| 218 | - esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); | |
| 218 | + esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low); | |
| 219 | 219 | |
| 220 | 220 | sg_init_table(sg, nfrags); |
| 221 | 221 | skb_to_sgvec(skb, sg, |
| ... | ... | @@ -227,7 +227,7 @@ |
| 227 | 227 | aead_givcrypt_set_crypt(req, sg, sg, clen, iv); |
| 228 | 228 | aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); |
| 229 | 229 | aead_givcrypt_set_giv(req, esph->enc_data, |
| 230 | - XFRM_SKB_CB(skb)->seq.output); | |
| 230 | + XFRM_SKB_CB(skb)->seq.output.low); | |
| 231 | 231 | |
| 232 | 232 | ESP_SKB_CB(skb)->tmp = tmp; |
| 233 | 233 | err = crypto_aead_givencrypt(req); |
net/ipv6/ah6.c
net/ipv6/esp6.c
| ... | ... | @@ -204,7 +204,7 @@ |
| 204 | 204 | *skb_mac_header(skb) = IPPROTO_ESP; |
| 205 | 205 | |
| 206 | 206 | esph->spi = x->id.spi; |
| 207 | - esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); | |
| 207 | + esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low); | |
| 208 | 208 | |
| 209 | 209 | sg_init_table(sg, nfrags); |
| 210 | 210 | skb_to_sgvec(skb, sg, |
| ... | ... | @@ -216,7 +216,7 @@ |
| 216 | 216 | aead_givcrypt_set_crypt(req, sg, sg, clen, iv); |
| 217 | 217 | aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); |
| 218 | 218 | aead_givcrypt_set_giv(req, esph->enc_data, |
| 219 | - XFRM_SKB_CB(skb)->seq.output); | |
| 219 | + XFRM_SKB_CB(skb)->seq.output.low); | |
| 220 | 220 | |
| 221 | 221 | ESP_SKB_CB(skb)->tmp = tmp; |
| 222 | 222 | err = crypto_aead_givencrypt(req); |
net/xfrm/xfrm_input.c
| ... | ... | @@ -118,7 +118,7 @@ |
| 118 | 118 | if (encap_type < 0) { |
| 119 | 119 | async = 1; |
| 120 | 120 | x = xfrm_input_state(skb); |
| 121 | - seq = XFRM_SKB_CB(skb)->seq.input; | |
| 121 | + seq = XFRM_SKB_CB(skb)->seq.input.low; | |
| 122 | 122 | goto resume; |
| 123 | 123 | } |
| 124 | 124 | |
| ... | ... | @@ -184,7 +184,7 @@ |
| 184 | 184 | |
| 185 | 185 | spin_unlock(&x->lock); |
| 186 | 186 | |
| 187 | - XFRM_SKB_CB(skb)->seq.input = seq; | |
| 187 | + XFRM_SKB_CB(skb)->seq.input.low = seq; | |
| 188 | 188 | |
| 189 | 189 | nexthdr = x->type->input(x, skb); |
| 190 | 190 |
net/xfrm/xfrm_output.c
| ... | ... | @@ -68,7 +68,7 @@ |
| 68 | 68 | } |
| 69 | 69 | |
| 70 | 70 | if (x->type->flags & XFRM_TYPE_REPLAY_PROT) { |
| 71 | - XFRM_SKB_CB(skb)->seq.output = ++x->replay.oseq; | |
| 71 | + XFRM_SKB_CB(skb)->seq.output.low = ++x->replay.oseq; | |
| 72 | 72 | if (unlikely(x->replay.oseq == 0)) { |
| 73 | 73 | XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATESEQERROR); |
| 74 | 74 | x->replay.oseq--; |