36 #include <net/xfrm.h>
78 /* xfrm inexact policy search tree:
475 	return __idx_hash(index, net->xfrm.policy_idx_hmask);
485 		*dbits = net->xfrm.policy_bydst[dir].dbits4;
486 		*sbits = net->xfrm.policy_bydst[dir].sbits4;
490 		*dbits = net->xfrm.policy_bydst[dir].dbits6;
491 		*sbits = net->xfrm.policy_bydst[dir].sbits6;
504 	unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;
515 	return rcu_dereference_check(net->xfrm.policy_bydst[dir].table,
516 		     lockdep_is_held(&net->xfrm.xfrm_policy_lock)) + hash;
524 	unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;
532 	return rcu_dereference_check(net->xfrm.policy_bydst[dir].table,
533 		     lockdep_is_held(&net->xfrm.xfrm_policy_lock)) + hash;
595 	unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;
605 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
606 	write_seqcount_begin(&net->xfrm.xfrm_policy_hash_generation);
608 	odst = rcu_dereference_protected(net->xfrm.policy_bydst[dir].table,
609 				lockdep_is_held(&net->xfrm.xfrm_policy_lock));
614 	rcu_assign_pointer(net->xfrm.policy_bydst[dir].table, ndst);
615 	net->xfrm.policy_bydst[dir].hmask = nhashmask;
617 	write_seqcount_end(&net->xfrm.xfrm_policy_hash_generation);
618 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
627 	unsigned int hmask = net->xfrm.policy_idx_hmask;
630 	struct hlist_head *oidx = net->xfrm.policy_byidx;
637 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
642 	net->xfrm.policy_byidx = nidx;
643 	net->xfrm.policy_idx_hmask = nhashmask;
645 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
652 	unsigned int cnt = net->xfrm.policy_count[dir];
653 	unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;
667 	unsigned int hmask = net->xfrm.policy_idx_hmask;
678 	si->incnt = net->xfrm.policy_count[XFRM_POLICY_IN];
679 	si->outcnt = net->xfrm.policy_count[XFRM_POLICY_OUT];
680 	si->fwdcnt = net->xfrm.policy_count[XFRM_POLICY_FWD];
681 	si->inscnt = net->xfrm.policy_count[XFRM_POLICY_IN+XFRM_POLICY_MAX];
682 	si->outscnt = net->xfrm.policy_count[XFRM_POLICY_OUT+XFRM_POLICY_MAX];
683 	si->fwdscnt = net->xfrm.policy_count[XFRM_POLICY_FWD+XFRM_POLICY_MAX];
684 	si->spdhcnt = net->xfrm.policy_idx_hmask;
692 	struct net *net = container_of(work, struct net, xfrm.policy_hash_work);
724 	lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
740 	seqcount_spinlock_init(&bin->count, &net->xfrm.xfrm_policy_lock);
746 		list_add(&bin->inexact_bins, &net->xfrm.inexact_bins);
866 	list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) {
1127 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1129 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1136 	lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
1138 	list_for_each_entry_safe(bin, t, &net->xfrm.inexact_bins, inexact_bins)
1150 	lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
1215 	lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
1229 	chain = &net->xfrm.policy_inexact[dir];
1241 				       xfrm.policy_hthresh.work);
1257 		seq = read_seqbegin(&net->xfrm.policy_hthresh.lock);
1259 		lbits4 = net->xfrm.policy_hthresh.lbits4;
1260 		rbits4 = net->xfrm.policy_hthresh.rbits4;
1261 		lbits6 = net->xfrm.policy_hthresh.lbits6;
1262 		rbits6 = net->xfrm.policy_hthresh.rbits6;
1263 	} while (read_seqretry(&net->xfrm.policy_hthresh.lock, seq));
1265 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1266 	write_seqcount_begin(&net->xfrm.xfrm_policy_hash_generation);
1271 	list_for_each_entry(policy, &net->xfrm.policy_all, walk.all) {
1317 					  &net->xfrm.policy_inexact[dir],
1323 		hmask = net->xfrm.policy_bydst[dir].hmask;
1324 		odst = net->xfrm.policy_bydst[dir].table;
1331 			net->xfrm.policy_bydst[dir].dbits4 = rbits4;
1332 			net->xfrm.policy_bydst[dir].sbits4 = lbits4;
1333 			net->xfrm.policy_bydst[dir].dbits6 = rbits6;
1334 			net->xfrm.policy_bydst[dir].sbits6 = lbits6;
1337 			net->xfrm.policy_bydst[dir].dbits4 = lbits4;
1338 			net->xfrm.policy_bydst[dir].sbits4 = rbits4;
1339 			net->xfrm.policy_bydst[dir].dbits6 = lbits6;
1340 			net->xfrm.policy_bydst[dir].sbits6 = rbits6;
1345 	list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) {
1378 	write_seqcount_end(&net->xfrm.xfrm_policy_hash_generation);
1379 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1386 	schedule_work(&net->xfrm.policy_hthresh.work);
1401 			idx = (net->xfrm.idx_generator | dir);
1402 			net->xfrm.idx_generator += 8;
1410 		list = net->xfrm.policy_byidx + idx_hash(net, idx);
1599 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1607 		spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1624 	hlist_add_head(&policy->byidx, net->xfrm.policy_byidx+idx_hash(net, policy->index));
1629 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1634 		schedule_work(&net->xfrm.policy_hash_work);
1672 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1681 			spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1688 			spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1715 				spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1722 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1744 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1745 	chain = net->xfrm.policy_byidx + idx_hash(net, id);
1755 					spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1764 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1779 	list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1801 	list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1835 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1842 	list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1852 		spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1857 		spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1865 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1876 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1883 	list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) {
1893 		spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1898 		spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1906 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1926 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
1928 		x = list_first_entry(&net->xfrm.policy_all, struct xfrm_policy_walk_entry, all);
1933 	list_for_each_entry_from(x, &net->xfrm.policy_all, all) {
1954 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
1973 	spin_lock_bh(&net->xfrm.xfrm_policy_lock); /*FIXME where is net? */
1975 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
2098 	lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
2191 		sequence = read_seqcount_begin(&net->xfrm.xfrm_policy_hash_generation);
2193 	} while (read_seqcount_retry(&net->xfrm.xfrm_policy_hash_generation, sequence));
2227 	if (read_seqcount_retry(&net->xfrm.xfrm_policy_hash_generation, sequence))
2301 	list_add(&pol->walk.all, &net->xfrm.policy_all);
2302 	net->xfrm.policy_count[dir]++;
2322 	net->xfrm.policy_count[dir]--;
2341 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
2343 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
2363 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
2365 				lockdep_is_held(&net->xfrm.xfrm_policy_lock));
2381 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
2413 		spin_lock_bh(&net->xfrm.xfrm_policy_lock);
2415 		spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
2461 		      struct xfrm_state **xfrm, unsigned short family)
2500 			xfrm[nx++] = x;
2520 		xfrm_state_put(xfrm[nx]);
2526 		  struct xfrm_state **xfrm, unsigned short family)
2529 	struct xfrm_state **tpp = (npols > 1) ? tp : xfrm;
2551 		xfrm_state_sort(xfrm, tpp, cnx, family);
2581 		dst_ops = &net->xfrm.xfrm4_dst_ops;
2585 		dst_ops = &net->xfrm.xfrm6_dst_ops;
2630 /* Allocate chain of dst_entry's, attach known xfrm's, calculate
2635 					    struct xfrm_state **xfrm,
2682 		if (xfrm[i]->sel.family == AF_UNSPEC) {
2683 			inner_mode = xfrm_ip2inner_mode(xfrm[i],
2691 			inner_mode = &xfrm[i]->inner_mode;
2696 		if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {
2700 			if (xfrm[i]->props.smark.v || xfrm[i]->props.smark.m)
2701 				mark = xfrm_smark_get(fl->flowi_mark, xfrm[i]);
2703 			if (xfrm[i]->xso.type != XFRM_DEV_OFFLOAD_PACKET)
2704 				family = xfrm[i]->props.family;
2707 			dst = xfrm_dst_lookup(xfrm[i], tos, oif,
2715 		dst1->xfrm = xfrm[i];
2716 		xdst->xfrm_genid = xfrm[i]->genid;
2733 		header_len += xfrm[i]->props.header_len;
2734 		if (xfrm[i]->type->flags & XFRM_TYPE_NON_FRAGMENT)
2735 			nfheader_len += xfrm[i]->props.header_len;
2736 		trailer_len += xfrm[i]->props.trailer_len;
2758 		header_len -= xdst_prev->u.dst.xfrm->props.header_len;
2759 		trailer_len -= xdst_prev->u.dst.xfrm->props.trailer_len;
2766 		xfrm_state_put(xfrm[i]);
2828 	struct xfrm_state *xfrm[XFRM_MAX_DEPTH];
2835 	err = xfrm_tmpl_resolve(pols, num_pols, fl, xfrm, family);
2845 	dst = xfrm_bundle_create(pols[0], xfrm, bundle, err, fl, dst_orig);
3006 	    net->xfrm.sysctl_larval_drop ||
3198 			       !net->xfrm.policy_count[XFRM_POLICY_OUT]))
3223 		if (net->xfrm.sysctl_larval_drop) {
3263 	if (dst && dst->xfrm &&
3264 	    dst->xfrm->props.mode == XFRM_MODE_TUNNEL)
3270 	    net->xfrm.policy_default[dir] == XFRM_USERPOLICY_BLOCK) {
3627 		if (dst2->xfrm) {
3721 		if (net->xfrm.policy_default[dir] == XFRM_USERPOLICY_BLOCK) {
3790 		/* For each tunnel xfrm, find the first matching tmpl.
3791 		 * For each tmpl before that, find corresponding xfrm.
3854 	if (dst && !dst->xfrm)
3900 	while ((dst = xfrm_dst_child(dst)) && dst->xfrm && dst->dev == dev) {
3935 		pmtu = xfrm_state_mtu(dst->xfrm, pmtu);
3970 		if (dst->xfrm->km.state != XFRM_STATE_VALID)
3972 		if (xdst->xfrm_genid != dst->xfrm->genid)
3995 	} while (dst->xfrm);
4005 		mtu = xfrm_state_mtu(dst->xfrm, mtu);
4034 	while (dst->xfrm) {
4035 		const struct xfrm_state *xfrm = dst->xfrm;
4039 		if (xfrm->props.mode == XFRM_MODE_TRANSPORT)
4041 		if (xfrm->type->flags & XFRM_TYPE_REMOTE_COADDR)
4042 			daddr = xfrm->coaddr;
4043 		else if (!(xfrm->type->flags & XFRM_TYPE_LOCAL_COADDR))
4044 			daddr = &xfrm->id.daddr;
4184 	net->xfrm.policy_byidx = xfrm_hash_alloc(sz);
4185 	if (!net->xfrm.policy_byidx)
4187 	net->xfrm.policy_idx_hmask = hmask;
4192 		net->xfrm.policy_count[dir] = 0;
4193 		net->xfrm.policy_count[XFRM_POLICY_MAX + dir] = 0;
4194 		INIT_HLIST_HEAD(&net->xfrm.policy_inexact[dir]);
4196 		htab = &net->xfrm.policy_bydst[dir];
4206 	net->xfrm.policy_hthresh.lbits4 = 32;
4207 	net->xfrm.policy_hthresh.rbits4 = 32;
4208 	net->xfrm.policy_hthresh.lbits6 = 128;
4209 	net->xfrm.policy_hthresh.rbits6 = 128;
4211 	seqlock_init(&net->xfrm.policy_hthresh.lock);
4213 	INIT_LIST_HEAD(&net->xfrm.policy_all);
4214 	INIT_LIST_HEAD(&net->xfrm.inexact_bins);
4215 	INIT_WORK(&net->xfrm.policy_hash_work, xfrm_hash_resize);
4216 	INIT_WORK(&net->xfrm.policy_hthresh.work, xfrm_hash_rebuild);
4223 		htab = &net->xfrm.policy_bydst[dir];
4226 	xfrm_hash_free(net->xfrm.policy_byidx, sz);
4237 	flush_work(&net->xfrm.policy_hash_work);
4243 	WARN_ON(!list_empty(&net->xfrm.policy_all));
4248 		WARN_ON(!hlist_empty(&net->xfrm.policy_inexact[dir]));
4250 		htab = &net->xfrm.policy_bydst[dir];
4256 	sz = (net->xfrm.policy_idx_hmask + 1) * sizeof(struct hlist_head);
4257 	WARN_ON(!hlist_empty(net->xfrm.policy_byidx));
4258 	xfrm_hash_free(net->xfrm.policy_byidx, sz);
4260 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
4261 	list_for_each_entry_safe(b, t, &net->xfrm.inexact_bins, inexact_bins)
4263 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
4271 	spin_lock_init(&net->xfrm.xfrm_state_lock);
4272 	spin_lock_init(&net->xfrm.xfrm_policy_lock);
4273 	seqcount_spinlock_init(&net->xfrm.xfrm_policy_hash_generation, &net->xfrm.xfrm_policy_lock);
4274 	mutex_init(&net->xfrm.xfrm_cfg_mutex);
4275 	net->xfrm.policy_default[XFRM_POLICY_IN] = XFRM_USERPOLICY_ACCEPT;
4276 	net->xfrm.policy_default[XFRM_POLICY_FWD] = XFRM_USERPOLICY_ACCEPT;
4277 	net->xfrm.policy_default[XFRM_POLICY_OUT] = XFRM_USERPOLICY_ACCEPT;
4463 	spin_lock_bh(&net->xfrm.xfrm_policy_lock);
4474 	chain = &net->xfrm.policy_inexact[dir];
4489 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);

Indexes created Mon May 20 13:24:45 MDT 2024