diff options
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/dst.h | 10 | ||||
| -rw-r--r-- | include/net/protocol.h | 1 | ||||
| -rw-r--r-- | include/net/route.h | 1 | ||||
| -rw-r--r-- | include/net/sock.h | 1 | ||||
| -rw-r--r-- | include/net/xfrm.h | 15 |
5 files changed, 22 insertions, 6 deletions
diff --git a/include/net/dst.h b/include/net/dst.h index 935fba293f31..c25cdac635ed 100644 --- a/include/net/dst.h +++ b/include/net/dst.h @@ -44,6 +44,7 @@ struct dst_entry #define DST_HOST 1 #define DST_NOXFRM 2 #define DST_NOPOLICY 4 +#define DST_NOHASH 8 unsigned long lastuse; unsigned long expires; @@ -138,8 +139,15 @@ struct dst_entry * dst_clone(struct dst_entry * dst) static inline void dst_release(struct dst_entry * dst) { - if (dst) + if (dst) { + if (atomic_read(&dst->__refcnt) < 1) { + __label__ __lbl; + printk("BUG: dst underflow %d: %p\n", + atomic_read(&dst->__refcnt), &&__lbl); +__lbl: + } atomic_dec(&dst->__refcnt); + } } /* Children define the path of the packet through the diff --git a/include/net/protocol.h b/include/net/protocol.h index 9ba874a3d18f..2063dfd55690 100644 --- a/include/net/protocol.h +++ b/include/net/protocol.h @@ -38,6 +38,7 @@ struct inet_protocol { int (*handler)(struct sk_buff *skb); void (*err_handler)(struct sk_buff *skb, u32 info); + int no_policy; }; #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) diff --git a/include/net/route.h b/include/net/route.h index 6987a321075d..ad37024a0154 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -114,6 +114,7 @@ extern void ip_rt_advice(struct rtable **rp, int advice); extern void rt_cache_flush(int how); extern int __ip_route_output_key(struct rtable **, const struct flowi *flp); extern int ip_route_output_key(struct rtable **, struct flowi *flp); +extern int ip_route_output_flow(struct rtable **rp, struct flowi *flp, struct sock *sk, int flags); extern int ip_route_input(struct sk_buff*, u32 dst, u32 src, u8 tos, struct net_device *devin); extern unsigned short ip_rt_frag_needed(struct iphdr *iph, unsigned short new_mtu); extern void ip_rt_send_redirect(struct sk_buff *skb); diff --git a/include/net/sock.h b/include/net/sock.h index 4a4094b93d07..da4e817da7a7 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -110,6 +110,7 @@ struct sock { wait_queue_head_t *sleep; /* Sock wait queue */ struct dst_entry *dst_cache; /* Destination cache */ rwlock_t dst_lock; + struct xfrm_policy *policy[2]; atomic_t rmem_alloc; /* Receive queue bytes committed */ struct sk_buff_head receive_queue; /* Incoming packets */ atomic_t wmem_alloc; /* Transmit queue bytes committed */ diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 1d663c6839a6..2961e6616b7f 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -312,6 +312,7 @@ struct xfrm_mgr char *id; int (*notify)(struct xfrm_state *x, int event); int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir); + struct xfrm_policy *(*compile_policy)(int opt, u8 *data, int len, int *dir); }; extern int xfrm_register_km(struct xfrm_mgr *km); @@ -397,13 +398,16 @@ secpath_put(struct sec_path *sp) __secpath_destroy(sp); } -extern int __xfrm_policy_check(int dir, struct sk_buff *skb); +extern int __xfrm_policy_check(struct sock *, int dir, struct sk_buff *skb); -static inline int xfrm_policy_check(int dir, struct sk_buff *skb) +static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb) { + if (sk && sk->policy[XFRM_POLICY_IN]) + return __xfrm_policy_check(sk, dir, skb); + return !xfrm_policy_list[dir] || (skb->dst->flags & DST_NOPOLICY) || - __xfrm_policy_check(dir, skb); + __xfrm_policy_check(sk, dir, skb); } extern int __xfrm_route_forward(struct sk_buff *skb); @@ -431,6 +435,7 @@ extern int xfrm_replay_check(struct xfrm_state *x, u32 seq); extern void xfrm_replay_advance(struct xfrm_state *x, u32 seq); extern int xfrm_check_selectors(struct xfrm_state **x, int n, struct flowi *fl); extern int xfrm4_rcv(struct sk_buff *skb); +extern int xfrm_user_policy(struct sock *sk, int optname, u8 *optval, int optlen); struct xfrm_policy *xfrm_policy_alloc(void); extern int xfrm_policy_walk(int (*func)(struct xfrm_policy *, int, int, void*), void *); @@ -439,12 +444,12 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); struct xfrm_policy *xfrm_policy_delete(int dir, struct xfrm_selector *sel); struct xfrm_policy *xfrm_policy_byid(int dir, u32 id, int delete); void xfrm_policy_flush(void); -int xfrm_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, - struct flowi *fl, struct dst_entry **dst_p); void xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); struct xfrm_state * xfrm_find_acq(u8 mode, u16 reqid, u8 proto, u32 daddr, u32 saddr); extern void xfrm_policy_flush(void); extern void xfrm_policy_kill(struct xfrm_policy *); +extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); +extern struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struct flowi *fl); extern wait_queue_head_t *km_waitq; extern void km_warn_expired(struct xfrm_state *x); |