Commit 1bf06cd2 authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller

[IPSEC]: Add async resume support on input

This patch adds support for async resumptions on input.  To do so, the
transform would return -EINPROGRESS and subsequently invoke the
function xfrm_input_resume to resume processing.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 60d5fcfb
...@@ -1138,6 +1138,7 @@ extern int xfrm_init_state(struct xfrm_state *x); ...@@ -1138,6 +1138,7 @@ extern int xfrm_init_state(struct xfrm_state *x);
extern int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb); extern int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb);
extern int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, extern int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi,
int encap_type); int encap_type);
extern int xfrm_input_resume(struct sk_buff *skb, int nexthdr);
extern int xfrm_output_resume(struct sk_buff *skb, int err); extern int xfrm_output_resume(struct sk_buff *skb, int err);
extern int xfrm_output(struct sk_buff *skb); extern int xfrm_output(struct sk_buff *skb);
extern int xfrm4_extract_header(struct sk_buff *skb); extern int xfrm4_extract_header(struct sk_buff *skb);
......
...@@ -59,6 +59,9 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async) ...@@ -59,6 +59,9 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async)
xfrm4_rcv_encap_finish); xfrm4_rcv_encap_finish);
return 0; return 0;
#else #else
if (async)
return xfrm4_rcv_encap_finish(skb);
return -iph->protocol; return -iph->protocol;
#endif #endif
} }
......
...@@ -41,6 +41,9 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async) ...@@ -41,6 +41,9 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async)
ip6_rcv_finish); ip6_rcv_finish);
return -1; return -1;
#else #else
if (async)
return ip6_rcv_finish(skb);
return 1; return 1;
#endif #endif
} }
......
...@@ -101,8 +101,17 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ...@@ -101,8 +101,17 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
int err; int err;
__be32 seq; __be32 seq;
struct xfrm_state *x; struct xfrm_state *x;
xfrm_address_t *daddr;
int decaps = 0; int decaps = 0;
unsigned int daddroff = XFRM_SPI_SKB_CB(skb)->daddroff; int async = 0;
/* A negative encap_type indicates async resumption. */
if (encap_type < 0) {
async = 1;
x = skb->sp->xvec[skb->sp->len - 1];
seq = XFRM_SKB_CB(skb)->seq;
goto resume;
}
/* Allocate new secpath or COW existing one. */ /* Allocate new secpath or COW existing one. */
if (!skb->sp || atomic_read(&skb->sp->refcnt) != 1) { if (!skb->sp || atomic_read(&skb->sp->refcnt) != 1) {
...@@ -116,6 +125,9 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ...@@ -116,6 +125,9 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
skb->sp = sp; skb->sp = sp;
} }
daddr = (xfrm_address_t *)(skb_network_header(skb) +
XFRM_SPI_SKB_CB(skb)->daddroff);
seq = 0; seq = 0;
if (!spi && (err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0) if (!spi && (err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0)
goto drop; goto drop;
...@@ -124,9 +136,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ...@@ -124,9 +136,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
if (skb->sp->len == XFRM_MAX_DEPTH) if (skb->sp->len == XFRM_MAX_DEPTH)
goto drop; goto drop;
x = xfrm_state_lookup((xfrm_address_t *) x = xfrm_state_lookup(daddr, spi, nexthdr, AF_INET);
(skb_network_header(skb) + daddroff),
spi, nexthdr, AF_INET);
if (x == NULL) if (x == NULL)
goto drop; goto drop;
...@@ -147,8 +157,14 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ...@@ -147,8 +157,14 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
spin_unlock(&x->lock); spin_unlock(&x->lock);
XFRM_SKB_CB(skb)->seq = seq;
nexthdr = x->type->input(x, skb); nexthdr = x->type->input(x, skb);
if (nexthdr == -EINPROGRESS)
return 0;
resume:
spin_lock(&x->lock); spin_lock(&x->lock);
if (nexthdr <= 0) { if (nexthdr <= 0) {
if (nexthdr == -EBADMSG) if (nexthdr == -EBADMSG)
...@@ -177,6 +193,12 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ...@@ -177,6 +193,12 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
break; break;
} }
/*
* We need the inner address. However, we only get here for
* transport mode so the outer address is identical.
*/
daddr = &x->id.daddr;
err = xfrm_parse_spi(skb, nexthdr, &spi, &seq); err = xfrm_parse_spi(skb, nexthdr, &spi, &seq);
if (err < 0) if (err < 0)
goto drop; goto drop;
...@@ -190,7 +212,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ...@@ -190,7 +212,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
netif_rx(skb); netif_rx(skb);
return 0; return 0;
} else { } else {
return x->inner_mode->afinfo->transport_finish(skb, 0); return x->inner_mode->afinfo->transport_finish(skb, async);
} }
drop_unlock: drop_unlock:
...@@ -201,6 +223,12 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ...@@ -201,6 +223,12 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
} }
EXPORT_SYMBOL(xfrm_input); EXPORT_SYMBOL(xfrm_input);
int xfrm_input_resume(struct sk_buff *skb, int nexthdr)
{
return xfrm_input(skb, nexthdr, 0, -1);
}
EXPORT_SYMBOL(xfrm_input_resume);
void __init xfrm_input_init(void) void __init xfrm_input_init(void)
{ {
secpath_cachep = kmem_cache_create("secpath_cache", secpath_cachep = kmem_cache_create("secpath_cache",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment