xfrm: make xfrm modes builtin

after previous changes, xfrm_mode contains no function pointers anymore
and all modules defining such struct contain no code except an init/exit
functions to register the xfrm_mode struct with the xfrm core.

Just place the xfrm modes core and remove the modules,
the run-time xfrm_mode register/unregister functionality is removed.

Before:

    text    data     bss      dec filename
    7523     200    2364    10087 net/xfrm/xfrm_input.o
   40003     628     440    41071 net/xfrm/xfrm_state.o
15730338 6937080 4046908 26714326 vmlinux

    7389     200    2364    9953  net/xfrm/xfrm_input.o
   40574     656     440   41670  net/xfrm/xfrm_state.o
15730084 6937068 4046908 26714060 vmlinux

The xfrm*_mode_{transport,tunnel,beet} modules are gone.

v2: replace CONFIG_INET6_XFRM_MODE_* IS_ENABLED guards with CONFIG_IPV6
    ones rather than removing them.

Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
Florian Westphal 2019-03-29 21:16:31 +01:00 committed by Steffen Klassert
parent 733a5fac2f
commit 4c145dce26
20 changed files with 80 additions and 492 deletions

View File

@ -234,9 +234,9 @@ struct xfrm_state {
/* Reference to data common to all the instances of this /* Reference to data common to all the instances of this
* transformer. */ * transformer. */
const struct xfrm_type *type; const struct xfrm_type *type;
struct xfrm_mode *inner_mode; const struct xfrm_mode *inner_mode;
struct xfrm_mode *inner_mode_iaf; const struct xfrm_mode *inner_mode_iaf;
struct xfrm_mode *outer_mode; const struct xfrm_mode *outer_mode;
const struct xfrm_type_offload *type_offload; const struct xfrm_type_offload *type_offload;
@ -347,7 +347,6 @@ struct xfrm_state_afinfo {
struct module *owner; struct module *owner;
const struct xfrm_type *type_map[IPPROTO_MAX]; const struct xfrm_type *type_map[IPPROTO_MAX];
const struct xfrm_type_offload *type_offload_map[IPPROTO_MAX]; const struct xfrm_type_offload *type_offload_map[IPPROTO_MAX];
struct xfrm_mode *mode_map[XFRM_MODE_MAX];
int (*init_flags)(struct xfrm_state *x); int (*init_flags)(struct xfrm_state *x);
void (*init_tempsel)(struct xfrm_selector *sel, void (*init_tempsel)(struct xfrm_selector *sel,
@ -423,7 +422,6 @@ int xfrm_register_type_offload(const struct xfrm_type_offload *type, unsigned sh
int xfrm_unregister_type_offload(const struct xfrm_type_offload *type, unsigned short family); int xfrm_unregister_type_offload(const struct xfrm_type_offload *type, unsigned short family);
struct xfrm_mode { struct xfrm_mode {
struct module *owner;
u8 encap; u8 encap;
u8 family; u8 family;
u8 flags; u8 flags;
@ -434,9 +432,6 @@ enum {
XFRM_MODE_FLAG_TUNNEL = 1, XFRM_MODE_FLAG_TUNNEL = 1,
}; };
int xfrm_register_mode(struct xfrm_mode *mode);
void xfrm_unregister_mode(struct xfrm_mode *mode);
static inline int xfrm_af2proto(unsigned int family) static inline int xfrm_af2proto(unsigned int family)
{ {
switch(family) { switch(family) {
@ -449,7 +444,7 @@ static inline int xfrm_af2proto(unsigned int family)
} }
} }
static inline struct xfrm_mode *xfrm_ip2inner_mode(struct xfrm_state *x, int ipproto) static inline const struct xfrm_mode *xfrm_ip2inner_mode(struct xfrm_state *x, int ipproto)
{ {
if ((ipproto == IPPROTO_IPIP && x->props.family == AF_INET) || if ((ipproto == IPPROTO_IPIP && x->props.family == AF_INET) ||
(ipproto == IPPROTO_IPV6 && x->props.family == AF_INET6)) (ipproto == IPPROTO_IPV6 && x->props.family == AF_INET6))

View File

@ -304,7 +304,7 @@ config NET_IPVTI
tristate "Virtual (secure) IP: tunneling" tristate "Virtual (secure) IP: tunneling"
select INET_TUNNEL select INET_TUNNEL
select NET_IP_TUNNEL select NET_IP_TUNNEL
depends on INET_XFRM_MODE_TUNNEL select XFRM
---help--- ---help---
Tunneling means encapsulating data of one protocol type within Tunneling means encapsulating data of one protocol type within
another protocol and sending it over a channel that understands the another protocol and sending it over a channel that understands the
@ -396,33 +396,6 @@ config INET_TUNNEL
tristate tristate
default n default n
config INET_XFRM_MODE_TRANSPORT
tristate "IP: IPsec transport mode"
default y
select XFRM
---help---
Support for IPsec transport mode.
If unsure, say Y.
config INET_XFRM_MODE_TUNNEL
tristate "IP: IPsec tunnel mode"
default y
select XFRM
---help---
Support for IPsec tunnel mode.
If unsure, say Y.
config INET_XFRM_MODE_BEET
tristate "IP: IPsec BEET mode"
default y
select XFRM
---help---
Support for IPsec BEET mode.
If unsure, say Y.
config INET_DIAG config INET_DIAG
tristate "INET: socket monitoring interface" tristate "INET: socket monitoring interface"
default y default y

View File

@ -37,10 +37,7 @@ obj-$(CONFIG_INET_ESP) += esp4.o
obj-$(CONFIG_INET_ESP_OFFLOAD) += esp4_offload.o obj-$(CONFIG_INET_ESP_OFFLOAD) += esp4_offload.o
obj-$(CONFIG_INET_IPCOMP) += ipcomp.o obj-$(CONFIG_INET_IPCOMP) += ipcomp.o
obj-$(CONFIG_INET_XFRM_TUNNEL) += xfrm4_tunnel.o obj-$(CONFIG_INET_XFRM_TUNNEL) += xfrm4_tunnel.o
obj-$(CONFIG_INET_XFRM_MODE_BEET) += xfrm4_mode_beet.o
obj-$(CONFIG_INET_TUNNEL) += tunnel4.o obj-$(CONFIG_INET_TUNNEL) += tunnel4.o
obj-$(CONFIG_INET_XFRM_MODE_TRANSPORT) += xfrm4_mode_transport.o
obj-$(CONFIG_INET_XFRM_MODE_TUNNEL) += xfrm4_mode_tunnel.o
obj-$(CONFIG_IP_PNP) += ipconfig.o obj-$(CONFIG_IP_PNP) += ipconfig.o
obj-$(CONFIG_NETFILTER) += netfilter.o netfilter/ obj-$(CONFIG_NETFILTER) += netfilter.o netfilter/
obj-$(CONFIG_INET_DIAG) += inet_diag.o obj-$(CONFIG_INET_DIAG) += inet_diag.o

View File

@ -107,7 +107,7 @@ static int vti_rcv_cb(struct sk_buff *skb, int err)
struct net_device *dev; struct net_device *dev;
struct pcpu_sw_netstats *tstats; struct pcpu_sw_netstats *tstats;
struct xfrm_state *x; struct xfrm_state *x;
struct xfrm_mode *inner_mode; const struct xfrm_mode *inner_mode;
struct ip_tunnel *tunnel = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4; struct ip_tunnel *tunnel = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4;
u32 orig_mark = skb->mark; u32 orig_mark = skb->mark;
int ret; int ret;

View File

@ -1,41 +0,0 @@
/*
* xfrm4_mode_beet.c - BEET mode encapsulation for IPv4.
*
* Copyright (c) 2006 Diego Beltrami <diego.beltrami@gmail.com>
* Miika Komu <miika@iki.fi>
* Herbert Xu <herbert@gondor.apana.org.au>
* Abhinav Pathak <abhinav.pathak@hiit.fi>
* Jeff Ahrenholz <ahrenholz@gmail.com>
*/
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/stringify.h>
#include <net/dst.h>
#include <net/ip.h>
#include <net/xfrm.h>
static struct xfrm_mode xfrm4_beet_mode = {
.owner = THIS_MODULE,
.encap = XFRM_MODE_BEET,
.flags = XFRM_MODE_FLAG_TUNNEL,
.family = AF_INET,
};
static int __init xfrm4_beet_init(void)
{
return xfrm_register_mode(&xfrm4_beet_mode);
}
static void __exit xfrm4_beet_exit(void)
{
xfrm_unregister_mode(&xfrm4_beet_mode);
}
module_init(xfrm4_beet_init);
module_exit(xfrm4_beet_exit);
MODULE_LICENSE("GPL");
MODULE_ALIAS_XFRM_MODE(AF_INET, XFRM_MODE_BEET);

View File

@ -1,36 +0,0 @@
/*
* xfrm4_mode_transport.c - Transport mode encapsulation for IPv4.
*
* Copyright (c) 2004-2006 Herbert Xu <herbert@gondor.apana.org.au>
*/
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/stringify.h>
#include <net/dst.h>
#include <net/ip.h>
#include <net/xfrm.h>
#include <net/protocol.h>
static struct xfrm_mode xfrm4_transport_mode = {
.owner = THIS_MODULE,
.encap = XFRM_MODE_TRANSPORT,
.family = AF_INET,
};
static int __init xfrm4_transport_init(void)
{
return xfrm_register_mode(&xfrm4_transport_mode);
}
static void __exit xfrm4_transport_exit(void)
{
xfrm_unregister_mode(&xfrm4_transport_mode);
}
module_init(xfrm4_transport_init);
module_exit(xfrm4_transport_exit);
MODULE_LICENSE("GPL");
MODULE_ALIAS_XFRM_MODE(AF_INET, XFRM_MODE_TRANSPORT);

View File

@ -1,38 +0,0 @@
/*
* xfrm4_mode_tunnel.c - Tunnel mode encapsulation for IPv4.
*
* Copyright (c) 2004-2006 Herbert Xu <herbert@gondor.apana.org.au>
*/
#include <linux/gfp.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/stringify.h>
#include <net/dst.h>
#include <net/inet_ecn.h>
#include <net/ip.h>
#include <net/xfrm.h>
static struct xfrm_mode xfrm4_tunnel_mode = {
.owner = THIS_MODULE,
.encap = XFRM_MODE_TUNNEL,
.flags = XFRM_MODE_FLAG_TUNNEL,
.family = AF_INET,
};
static int __init xfrm4_mode_tunnel_init(void)
{
return xfrm_register_mode(&xfrm4_tunnel_mode);
}
static void __exit xfrm4_mode_tunnel_exit(void)
{
xfrm_unregister_mode(&xfrm4_tunnel_mode);
}
module_init(xfrm4_mode_tunnel_init);
module_exit(xfrm4_mode_tunnel_exit);
MODULE_LICENSE("GPL");
MODULE_ALIAS_XFRM_MODE(AF_INET, XFRM_MODE_TUNNEL);

View File

@ -135,44 +135,11 @@ config INET6_TUNNEL
tristate tristate
default n default n
config INET6_XFRM_MODE_TRANSPORT
tristate "IPv6: IPsec transport mode"
default IPV6
select XFRM
---help---
Support for IPsec transport mode.
If unsure, say Y.
config INET6_XFRM_MODE_TUNNEL
tristate "IPv6: IPsec tunnel mode"
default IPV6
select XFRM
---help---
Support for IPsec tunnel mode.
If unsure, say Y.
config INET6_XFRM_MODE_BEET
tristate "IPv6: IPsec BEET mode"
default IPV6
select XFRM
---help---
Support for IPsec BEET mode.
If unsure, say Y.
config INET6_XFRM_MODE_ROUTEOPTIMIZATION
tristate "IPv6: MIPv6 route optimization mode"
select XFRM
---help---
Support for MIPv6 route optimization mode.
config IPV6_VTI config IPV6_VTI
tristate "Virtual (secure) IPv6: tunneling" tristate "Virtual (secure) IPv6: tunneling"
select IPV6_TUNNEL select IPV6_TUNNEL
select NET_IP_TUNNEL select NET_IP_TUNNEL
depends on INET6_XFRM_MODE_TUNNEL select XFRM
---help--- ---help---
Tunneling means encapsulating data of one protocol type within Tunneling means encapsulating data of one protocol type within
another protocol and sending it over a channel that understands the another protocol and sending it over a channel that understands the

View File

@ -35,10 +35,6 @@ obj-$(CONFIG_INET6_ESP_OFFLOAD) += esp6_offload.o
obj-$(CONFIG_INET6_IPCOMP) += ipcomp6.o obj-$(CONFIG_INET6_IPCOMP) += ipcomp6.o
obj-$(CONFIG_INET6_XFRM_TUNNEL) += xfrm6_tunnel.o obj-$(CONFIG_INET6_XFRM_TUNNEL) += xfrm6_tunnel.o
obj-$(CONFIG_INET6_TUNNEL) += tunnel6.o obj-$(CONFIG_INET6_TUNNEL) += tunnel6.o
obj-$(CONFIG_INET6_XFRM_MODE_TRANSPORT) += xfrm6_mode_transport.o
obj-$(CONFIG_INET6_XFRM_MODE_TUNNEL) += xfrm6_mode_tunnel.o
obj-$(CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION) += xfrm6_mode_ro.o
obj-$(CONFIG_INET6_XFRM_MODE_BEET) += xfrm6_mode_beet.o
obj-$(CONFIG_IPV6_MIP6) += mip6.o obj-$(CONFIG_IPV6_MIP6) += mip6.o
obj-$(CONFIG_IPV6_ILA) += ila/ obj-$(CONFIG_IPV6_ILA) += ila/
obj-$(CONFIG_NETFILTER) += netfilter/ obj-$(CONFIG_NETFILTER) += netfilter/

View File

@ -342,7 +342,7 @@ static int vti6_rcv_cb(struct sk_buff *skb, int err)
struct net_device *dev; struct net_device *dev;
struct pcpu_sw_netstats *tstats; struct pcpu_sw_netstats *tstats;
struct xfrm_state *x; struct xfrm_state *x;
struct xfrm_mode *inner_mode; const struct xfrm_mode *inner_mode;
struct ip6_tnl *t = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6; struct ip6_tnl *t = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6;
u32 orig_mark = skb->mark; u32 orig_mark = skb->mark;
int ret; int ret;

View File

@ -1,42 +0,0 @@
/*
* xfrm6_mode_beet.c - BEET mode encapsulation for IPv6.
*
* Copyright (c) 2006 Diego Beltrami <diego.beltrami@gmail.com>
* Miika Komu <miika@iki.fi>
* Herbert Xu <herbert@gondor.apana.org.au>
* Abhinav Pathak <abhinav.pathak@hiit.fi>
* Jeff Ahrenholz <ahrenholz@gmail.com>
*/
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/stringify.h>
#include <net/dsfield.h>
#include <net/dst.h>
#include <net/inet_ecn.h>
#include <net/ipv6.h>
#include <net/xfrm.h>
static struct xfrm_mode xfrm6_beet_mode = {
.owner = THIS_MODULE,
.encap = XFRM_MODE_BEET,
.flags = XFRM_MODE_FLAG_TUNNEL,
.family = AF_INET6,
};
static int __init xfrm6_beet_init(void)
{
return xfrm_register_mode(&xfrm6_beet_mode);
}
static void __exit xfrm6_beet_exit(void)
{
xfrm_unregister_mode(&xfrm6_beet_mode);
}
module_init(xfrm6_beet_init);
module_exit(xfrm6_beet_exit);
MODULE_LICENSE("GPL");
MODULE_ALIAS_XFRM_MODE(AF_INET6, XFRM_MODE_BEET);

View File

@ -1,55 +0,0 @@
/*
* xfrm6_mode_ro.c - Route optimization mode for IPv6.
*
* Copyright (C)2003-2006 Helsinki University of Technology
* Copyright (C)2003-2006 USAGI/WIDE Project
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
/*
* Authors:
* Noriaki TAKAMIYA @USAGI
* Masahide NAKAMURA @USAGI
*/
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/spinlock.h>
#include <linux/stringify.h>
#include <linux/time.h>
#include <net/ipv6.h>
#include <net/xfrm.h>
static struct xfrm_mode xfrm6_ro_mode = {
.owner = THIS_MODULE,
.encap = XFRM_MODE_ROUTEOPTIMIZATION,
.family = AF_INET6,
};
static int __init xfrm6_ro_init(void)
{
return xfrm_register_mode(&xfrm6_ro_mode);
}
static void __exit xfrm6_ro_exit(void)
{
xfrm_unregister_mode(&xfrm6_ro_mode);
}
module_init(xfrm6_ro_init);
module_exit(xfrm6_ro_exit);
MODULE_LICENSE("GPL");
MODULE_ALIAS_XFRM_MODE(AF_INET6, XFRM_MODE_ROUTEOPTIMIZATION);

View File

@ -1,37 +0,0 @@
/*
* xfrm6_mode_transport.c - Transport mode encapsulation for IPv6.
*
* Copyright (C) 2002 USAGI/WIDE Project
* Copyright (c) 2004-2006 Herbert Xu <herbert@gondor.apana.org.au>
*/
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/stringify.h>
#include <net/dst.h>
#include <net/ipv6.h>
#include <net/xfrm.h>
#include <net/protocol.h>
static struct xfrm_mode xfrm6_transport_mode = {
.owner = THIS_MODULE,
.encap = XFRM_MODE_TRANSPORT,
.family = AF_INET6,
};
static int __init xfrm6_transport_init(void)
{
return xfrm_register_mode(&xfrm6_transport_mode);
}
static void __exit xfrm6_transport_exit(void)
{
xfrm_unregister_mode(&xfrm6_transport_mode);
}
module_init(xfrm6_transport_init);
module_exit(xfrm6_transport_exit);
MODULE_LICENSE("GPL");
MODULE_ALIAS_XFRM_MODE(AF_INET6, XFRM_MODE_TRANSPORT);

View File

@ -1,45 +0,0 @@
/*
* xfrm6_mode_tunnel.c - Tunnel mode encapsulation for IPv6.
*
* Copyright (C) 2002 USAGI/WIDE Project
* Copyright (c) 2004-2006 Herbert Xu <herbert@gondor.apana.org.au>
*/
#include <linux/gfp.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/stringify.h>
#include <net/dsfield.h>
#include <net/dst.h>
#include <net/inet_ecn.h>
#include <net/ip6_route.h>
#include <net/ipv6.h>
#include <net/xfrm.h>
/* Add encapsulation header.
*
* The top IP header will be constructed per RFC 2401.
*/
static struct xfrm_mode xfrm6_tunnel_mode = {
.owner = THIS_MODULE,
.encap = XFRM_MODE_TUNNEL,
.flags = XFRM_MODE_FLAG_TUNNEL,
.family = AF_INET6,
};
static int __init xfrm6_mode_tunnel_init(void)
{
return xfrm_register_mode(&xfrm6_tunnel_mode);
}
static void __exit xfrm6_mode_tunnel_exit(void)
{
xfrm_unregister_mode(&xfrm6_tunnel_mode);
}
module_init(xfrm6_mode_tunnel_init);
module_exit(xfrm6_mode_tunnel_exit);
MODULE_LICENSE("GPL");
MODULE_ALIAS_XFRM_MODE(AF_INET6, XFRM_MODE_TUNNEL);

View File

@ -351,7 +351,7 @@ xfrm_inner_mode_encap_remove(struct xfrm_state *x,
static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb) static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
{ {
struct xfrm_mode *inner_mode = x->inner_mode; const struct xfrm_mode *inner_mode = x->inner_mode;
const struct xfrm_state_afinfo *afinfo; const struct xfrm_state_afinfo *afinfo;
int err = -EAFNOSUPPORT; int err = -EAFNOSUPPORT;
@ -394,7 +394,6 @@ static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
*/ */
static int xfrm4_transport_input(struct xfrm_state *x, struct sk_buff *skb) static int xfrm4_transport_input(struct xfrm_state *x, struct sk_buff *skb)
{ {
#if IS_ENABLED(CONFIG_INET_XFRM_MODE_TRANSPORT)
int ihl = skb->data - skb_transport_header(skb); int ihl = skb->data - skb_transport_header(skb);
if (skb->transport_header != skb->network_header) { if (skb->transport_header != skb->network_header) {
@ -405,14 +404,11 @@ static int xfrm4_transport_input(struct xfrm_state *x, struct sk_buff *skb)
ip_hdr(skb)->tot_len = htons(skb->len + ihl); ip_hdr(skb)->tot_len = htons(skb->len + ihl);
skb_reset_transport_header(skb); skb_reset_transport_header(skb);
return 0; return 0;
#else
return -EOPNOTSUPP;
#endif
} }
static int xfrm6_transport_input(struct xfrm_state *x, struct sk_buff *skb) static int xfrm6_transport_input(struct xfrm_state *x, struct sk_buff *skb)
{ {
#if IS_ENABLED(CONFIG_INET6_XFRM_MODE_TRANSPORT) #if IS_ENABLED(CONFIG_IPV6)
int ihl = skb->data - skb_transport_header(skb); int ihl = skb->data - skb_transport_header(skb);
if (skb->transport_header != skb->network_header) { if (skb->transport_header != skb->network_header) {
@ -425,7 +421,8 @@ static int xfrm6_transport_input(struct xfrm_state *x, struct sk_buff *skb)
skb_reset_transport_header(skb); skb_reset_transport_header(skb);
return 0; return 0;
#else #else
return -EOPNOTSUPP; WARN_ON_ONCE(1);
return -EAFNOSUPPORT;
#endif #endif
} }
@ -458,12 +455,12 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
{ {
const struct xfrm_state_afinfo *afinfo; const struct xfrm_state_afinfo *afinfo;
struct net *net = dev_net(skb->dev); struct net *net = dev_net(skb->dev);
const struct xfrm_mode *inner_mode;
int err; int err;
__be32 seq; __be32 seq;
__be32 seq_hi; __be32 seq_hi;
struct xfrm_state *x = NULL; struct xfrm_state *x = NULL;
xfrm_address_t *daddr; xfrm_address_t *daddr;
struct xfrm_mode *inner_mode;
u32 mark = skb->mark; u32 mark = skb->mark;
unsigned int family = AF_UNSPEC; unsigned int family = AF_UNSPEC;
int decaps = 0; int decaps = 0;

View File

@ -244,8 +244,8 @@ static void xfrmi_scrub_packet(struct sk_buff *skb, bool xnet)
static int xfrmi_rcv_cb(struct sk_buff *skb, int err) static int xfrmi_rcv_cb(struct sk_buff *skb, int err)
{ {
const struct xfrm_mode *inner_mode;
struct pcpu_sw_netstats *tstats; struct pcpu_sw_netstats *tstats;
struct xfrm_mode *inner_mode;
struct net_device *dev; struct net_device *dev;
struct xfrm_state *x; struct xfrm_state *x;
struct xfrm_if *xi; struct xfrm_if *xi;

View File

@ -61,7 +61,6 @@ static struct dst_entry *skb_dst_pop(struct sk_buff *skb)
*/ */
static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb) static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb)
{ {
#if IS_ENABLED(CONFIG_INET_XFRM_MODE_TRANSPORT)
struct iphdr *iph = ip_hdr(skb); struct iphdr *iph = ip_hdr(skb);
int ihl = iph->ihl * 4; int ihl = iph->ihl * 4;
@ -74,10 +73,6 @@ static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb)
__skb_pull(skb, ihl); __skb_pull(skb, ihl);
memmove(skb_network_header(skb), iph, ihl); memmove(skb_network_header(skb), iph, ihl);
return 0; return 0;
#else
WARN_ON_ONCE(1);
return -EOPNOTSUPP;
#endif
} }
/* Add encapsulation header. /* Add encapsulation header.
@ -87,7 +82,7 @@ static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb)
*/ */
static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb) static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb)
{ {
#if IS_ENABLED(CONFIG_INET6_XFRM_MODE_TRANSPORT) #if IS_ENABLED(CONFIG_IPV6)
struct ipv6hdr *iph; struct ipv6hdr *iph;
u8 *prevhdr; u8 *prevhdr;
int hdr_len; int hdr_len;
@ -107,7 +102,7 @@ static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb)
return 0; return 0;
#else #else
WARN_ON_ONCE(1); WARN_ON_ONCE(1);
return -EOPNOTSUPP; return -EAFNOSUPPORT;
#endif #endif
} }
@ -118,7 +113,7 @@ static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb)
*/ */
static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb) static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb)
{ {
#if IS_ENABLED(CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION) #if IS_ENABLED(CONFIG_IPV6)
struct ipv6hdr *iph; struct ipv6hdr *iph;
u8 *prevhdr; u8 *prevhdr;
int hdr_len; int hdr_len;
@ -140,7 +135,7 @@ static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb)
return 0; return 0;
#else #else
WARN_ON_ONCE(1); WARN_ON_ONCE(1);
return -EOPNOTSUPP; return -EAFNOSUPPORT;
#endif #endif
} }
@ -624,7 +619,7 @@ EXPORT_SYMBOL_GPL(xfrm_output);
static int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb) static int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb)
{ {
const struct xfrm_state_afinfo *afinfo; const struct xfrm_state_afinfo *afinfo;
struct xfrm_mode *inner_mode; const struct xfrm_mode *inner_mode;
int err = -EAFNOSUPPORT; int err = -EAFNOSUPPORT;
if (x->sel.family == AF_UNSPEC) if (x->sel.family == AF_UNSPEC)

View File

@ -2546,10 +2546,10 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
struct dst_entry *dst) struct dst_entry *dst)
{ {
const struct xfrm_state_afinfo *afinfo; const struct xfrm_state_afinfo *afinfo;
const struct xfrm_mode *inner_mode;
struct net *net = xp_net(policy); struct net *net = xp_net(policy);
unsigned long now = jiffies; unsigned long now = jiffies;
struct net_device *dev; struct net_device *dev;
struct xfrm_mode *inner_mode;
struct xfrm_dst *xdst_prev = NULL; struct xfrm_dst *xdst_prev = NULL;
struct xfrm_dst *xdst0 = NULL; struct xfrm_dst *xdst0 = NULL;
int i = 0; int i = 0;

View File

@ -330,92 +330,67 @@ static void xfrm_put_type_offload(const struct xfrm_type_offload *type)
module_put(type->owner); module_put(type->owner);
} }
static DEFINE_SPINLOCK(xfrm_mode_lock); static const struct xfrm_mode xfrm4_mode_map[XFRM_MODE_MAX] = {
int xfrm_register_mode(struct xfrm_mode *mode) [XFRM_MODE_BEET] = {
.encap = XFRM_MODE_BEET,
.flags = XFRM_MODE_FLAG_TUNNEL,
.family = AF_INET,
},
[XFRM_MODE_TRANSPORT] = {
.encap = XFRM_MODE_TRANSPORT,
.family = AF_INET,
},
[XFRM_MODE_TUNNEL] = {
.encap = XFRM_MODE_TUNNEL,
.flags = XFRM_MODE_FLAG_TUNNEL,
.family = AF_INET,
},
};
static const struct xfrm_mode xfrm6_mode_map[XFRM_MODE_MAX] = {
[XFRM_MODE_BEET] = {
.encap = XFRM_MODE_BEET,
.flags = XFRM_MODE_FLAG_TUNNEL,
.family = AF_INET6,
},
[XFRM_MODE_ROUTEOPTIMIZATION] = {
.encap = XFRM_MODE_ROUTEOPTIMIZATION,
.family = AF_INET6,
},
[XFRM_MODE_TRANSPORT] = {
.encap = XFRM_MODE_TRANSPORT,
.family = AF_INET6,
},
[XFRM_MODE_TUNNEL] = {
.encap = XFRM_MODE_TUNNEL,
.flags = XFRM_MODE_FLAG_TUNNEL,
.family = AF_INET6,
},
};
static const struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
{ {
struct xfrm_state_afinfo *afinfo; const struct xfrm_mode *mode;
struct xfrm_mode **modemap;
int err;
if (unlikely(mode->encap >= XFRM_MODE_MAX))
return -EINVAL;
afinfo = xfrm_state_get_afinfo(mode->family);
if (unlikely(afinfo == NULL))
return -EAFNOSUPPORT;
err = -EEXIST;
modemap = afinfo->mode_map;
spin_lock_bh(&xfrm_mode_lock);
if (modemap[mode->encap])
goto out;
err = -ENOENT;
if (!try_module_get(afinfo->owner))
goto out;
modemap[mode->encap] = mode;
err = 0;
out:
spin_unlock_bh(&xfrm_mode_lock);
rcu_read_unlock();
return err;
}
EXPORT_SYMBOL(xfrm_register_mode);
void xfrm_unregister_mode(struct xfrm_mode *mode)
{
struct xfrm_state_afinfo *afinfo;
struct xfrm_mode **modemap;
afinfo = xfrm_state_get_afinfo(mode->family);
if (WARN_ON_ONCE(!afinfo))
return;
modemap = afinfo->mode_map;
spin_lock_bh(&xfrm_mode_lock);
if (likely(modemap[mode->encap] == mode)) {
modemap[mode->encap] = NULL;
module_put(afinfo->owner);
}
spin_unlock_bh(&xfrm_mode_lock);
rcu_read_unlock();
}
EXPORT_SYMBOL(xfrm_unregister_mode);
static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
{
struct xfrm_state_afinfo *afinfo;
struct xfrm_mode *mode;
int modload_attempted = 0;
if (unlikely(encap >= XFRM_MODE_MAX)) if (unlikely(encap >= XFRM_MODE_MAX))
return NULL; return NULL;
retry: switch (family) {
afinfo = xfrm_state_get_afinfo(family); case AF_INET:
if (unlikely(afinfo == NULL)) mode = &xfrm4_mode_map[encap];
return NULL; if (mode->family == family)
return mode;
mode = READ_ONCE(afinfo->mode_map[encap]); break;
if (unlikely(mode && !try_module_get(mode->owner))) case AF_INET6:
mode = NULL; mode = &xfrm6_mode_map[encap];
if (mode->family == family)
rcu_read_unlock(); return mode;
if (!mode && !modload_attempted) { break;
request_module("xfrm-mode-%d-%d", family, encap); default:
modload_attempted = 1; break;
goto retry;
} }
return mode; return NULL;
}
static void xfrm_put_mode(struct xfrm_mode *mode)
{
module_put(mode->owner);
} }
void xfrm_state_free(struct xfrm_state *x) void xfrm_state_free(struct xfrm_state *x)
@ -436,12 +411,6 @@ static void ___xfrm_state_destroy(struct xfrm_state *x)
kfree(x->coaddr); kfree(x->coaddr);
kfree(x->replay_esn); kfree(x->replay_esn);
kfree(x->preplay_esn); kfree(x->preplay_esn);
if (x->inner_mode)
xfrm_put_mode(x->inner_mode);
if (x->inner_mode_iaf)
xfrm_put_mode(x->inner_mode_iaf);
if (x->outer_mode)
xfrm_put_mode(x->outer_mode);
if (x->type_offload) if (x->type_offload)
xfrm_put_type_offload(x->type_offload); xfrm_put_type_offload(x->type_offload);
if (x->type) { if (x->type) {
@ -2235,8 +2204,8 @@ int xfrm_state_mtu(struct xfrm_state *x, int mtu)
int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload) int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload)
{ {
struct xfrm_state_afinfo *afinfo; const struct xfrm_mode *inner_mode;
struct xfrm_mode *inner_mode; const struct xfrm_state_afinfo *afinfo;
int family = x->props.family; int family = x->props.family;
int err; int err;
@ -2262,24 +2231,21 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload)
goto error; goto error;
if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) && if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
family != x->sel.family) { family != x->sel.family)
xfrm_put_mode(inner_mode);
goto error; goto error;
}
x->inner_mode = inner_mode; x->inner_mode = inner_mode;
} else { } else {
struct xfrm_mode *inner_mode_iaf; const struct xfrm_mode *inner_mode_iaf;
int iafamily = AF_INET; int iafamily = AF_INET;
inner_mode = xfrm_get_mode(x->props.mode, x->props.family); inner_mode = xfrm_get_mode(x->props.mode, x->props.family);
if (inner_mode == NULL) if (inner_mode == NULL)
goto error; goto error;
if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) { if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL))
xfrm_put_mode(inner_mode);
goto error; goto error;
}
x->inner_mode = inner_mode; x->inner_mode = inner_mode;
if (x->props.family == AF_INET) if (x->props.family == AF_INET)
@ -2289,8 +2255,6 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload)
if (inner_mode_iaf) { if (inner_mode_iaf) {
if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL) if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)
x->inner_mode_iaf = inner_mode_iaf; x->inner_mode_iaf = inner_mode_iaf;
else
xfrm_put_mode(inner_mode_iaf);
} }
} }

View File

@ -7,9 +7,7 @@ CONFIG_NET_L3_MASTER_DEV=y
CONFIG_IPV6=y CONFIG_IPV6=y
CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_VETH=y CONFIG_VETH=y
CONFIG_INET_XFRM_MODE_TUNNEL=y
CONFIG_NET_IPVTI=y CONFIG_NET_IPVTI=y
CONFIG_INET6_XFRM_MODE_TUNNEL=y
CONFIG_IPV6_VTI=y CONFIG_IPV6_VTI=y
CONFIG_DUMMY=y CONFIG_DUMMY=y
CONFIG_BRIDGE=y CONFIG_BRIDGE=y