diff options
| author | Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> | 2002-11-10 09:04:35 -0800 |
|---|---|---|
| committer | David S. Miller <davem@nuts.ninka.net> | 2002-11-10 09:04:35 -0800 |
| commit | b85b57e3e2cf033fd0a0a377d9d3c3d141d4eb8a (patch) | |
| tree | 7ffc487b70cbde7ee61e362a46bfb50ceff88140 /include/net | |
| parent | 2b25a88957143e4dff7b80fc083c44322a37c5f0 (diff) | |
[IPSEC]: More fixes and corrections.
- Make connect() policy selection actually happen
- return len instead of 0 on successful pfkey sendmsg
- make prefixlen checks in a way more compatible with isakmpd
- key manager wait queues are totally wrong
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/route.h | 11 | ||||
| -rw-r--r-- | include/net/xfrm.h | 13 |
2 files changed, 15 insertions, 9 deletions
diff --git a/include/net/route.h b/include/net/route.h index ad37024a0154..afab97d19a81 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -140,7 +140,9 @@ static inline char rt_tos2priority(u8 tos) return ip_tos2prio[IPTOS_TOS(tos)>>1]; } -static inline int ip_route_connect(struct rtable **rp, u32 dst, u32 src, u32 tos, int oif, u8 protocol, u16 sport, u16 dport) +static inline int ip_route_connect(struct rtable **rp, u32 dst, + u32 src, u32 tos, int oif, u8 protocol, + u16 sport, u16 dport, struct sock *sk) { struct flowi fl = { .oif = oif, .nl_u = { .ip4_u = { .daddr = dst, @@ -161,10 +163,11 @@ static inline int ip_route_connect(struct rtable **rp, u32 dst, u32 src, u32 tos ip_rt_put(*rp); *rp = NULL; } - return ip_route_output_key(rp, &fl); + return ip_route_output_flow(rp, &fl, sk, 0); } -static inline int ip_route_newports(struct rtable **rp, u16 sport, u16 dport) +static inline int ip_route_newports(struct rtable **rp, u16 sport, u16 dport, + struct sock *sk) { if (sport != (*rp)->fl.uli_u.ports.sport || dport != (*rp)->fl.uli_u.ports.dport) { @@ -175,7 +178,7 @@ static inline int ip_route_newports(struct rtable **rp, u16 sport, u16 dport) fl.uli_u.ports.dport = dport; ip_rt_put(*rp); *rp = NULL; - return ip_route_output_key(rp, &fl); + return ip_route_output_flow(rp, &fl, sk, 0); } return 0; } diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 7bef54d4532b..e82a59c8c24c 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -8,6 +8,9 @@ #include <net/dst.h> #include <net/route.h> +extern struct semaphore xfrm_cfg_sem; + + /* Organization of SPD aka "XFRM rules" ------------------------------------ @@ -320,7 +323,7 @@ extern int xfrm_register_km(struct xfrm_mgr *km); extern int xfrm_unregister_km(struct xfrm_mgr *km); -extern struct xfrm_policy *xfrm_policy_list[XFRM_POLICY_MAX]; +extern struct xfrm_policy *xfrm_policy_list[XFRM_POLICY_MAX*2]; static inline void xfrm_pol_hold(struct xfrm_policy *policy) { @@ -429,16 +432,16 @@ static inline int xfrm_sk_clone_policy(struct sock *sk) return 0; } -extern void __xfrm_sk_free_policy(struct xfrm_policy *); +extern void __xfrm_sk_free_policy(struct xfrm_policy *, int dir); static inline void xfrm_sk_free_policy(struct sock *sk) { if (unlikely(sk->policy[0] != NULL)) { - __xfrm_sk_free_policy(sk->policy[0]); + __xfrm_sk_free_policy(sk->policy[0], 0); sk->policy[0] = NULL; } if (unlikely(sk->policy[1] != NULL)) { - __xfrm_sk_free_policy(sk->policy[1]); + __xfrm_sk_free_policy(sk->policy[1], 1); sk->policy[1] = NULL; } } @@ -477,7 +480,7 @@ extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *p extern struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struct flowi *fl); extern int xfrm_flush_bundles(struct xfrm_state *x); -extern wait_queue_head_t *km_waitq; +extern wait_queue_head_t km_waitq; extern void km_warn_expired(struct xfrm_state *x); extern void km_expired(struct xfrm_state *x); extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *pol); |