Hi:
Although I understand that with the current implementation, running
64K IPSEC connections requires a lot of patience, I'd still to see
the reqid's made 32 bits long so that we don't have to break
compatibility in future when we can handle that many connections
without breaking a sweat.
So here is a patch that makes reqid's 32 bits long. It breaks
compatibility with anything that uses reqid's via either
PFKEY/NETLINK.
Cheers,
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Index: kernel-source-2.5/include/net/xfrm.h
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/include/net/xfrm.h,v
retrieving revision 1.12
diff -u -r1.12 xfrm.h
--- kernel-source-2.5/include/net/xfrm.h 12 Jul 2003 00:06:12 -0000 1.12
+++ kernel-source-2.5/include/net/xfrm.h 20 Jul 2003 06:27:36 -0000
@@ -104,10 +104,10 @@
/* Parameters of this state. */
struct {
+ u32 reqid;
u8 mode;
u8 replay_window;
u8 aalgo, ealgo, calgo;
- u16 reqid;
u16 family;
xfrm_address_t saddr;
int header_len;
@@ -193,7 +193,7 @@
struct xfrm_tmpl *tmpl,
xfrm_address_t *daddr, xfrm_address_t *saddr);
struct xfrm_state *(*state_lookup)(xfrm_address_t *daddr, u32 spi, u8 proto);
- struct xfrm_state *(*find_acq)(u8 mode, u16 reqid, u8 proto,
+ struct xfrm_state *(*find_acq)(u8 mode, u32 reqid, u8 proto,
xfrm_address_t *daddr, xfrm_address_t *saddr,
int create);
};
@@ -244,7 +244,7 @@
/* Source address of tunnel. Ignored, if it is not a tunnel. */
xfrm_address_t saddr;
- __u16 reqid;
+ __u32 reqid;
/* Mode: transport/tunnel */
__u8 mode;
@@ -801,7 +801,7 @@
void xfrm_policy_flush(void);
u32 xfrm_get_acqseq(void);
void xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
-struct xfrm_state * xfrm_find_acq(u8 mode, u16 reqid, u8 proto,
+struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
xfrm_address_t *daddr, xfrm_address_t *saddr,
int create, unsigned short family);
extern void xfrm_policy_flush(void);
Index: kernel-source-2.5/include/linux/xfrm.h
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/include/linux/xfrm.h,v
retrieving revision 1.4
diff -u -r1.4 xfrm.h
--- kernel-source-2.5/include/linux/xfrm.h 5 Jul 2003 22:54:05 -0000 1.4
+++ kernel-source-2.5/include/linux/xfrm.h 20 Jul 2003 06:28:04 -0000
@@ -126,7 +126,7 @@
struct xfrm_user_tmpl {
struct xfrm_id id;
xfrm_address_t saddr;
- __u16 reqid;
+ __u32 reqid;
__u8 mode;
__u8 share;
__u8 optional;
@@ -163,7 +163,7 @@
struct xfrm_stats stats;
__u32 seq;
__u16 family;
- __u16 reqid;
+ __u32 reqid;
__u8 mode; /* 0=transport,1=tunnel */
__u8 replay_window;
};
Index: kernel-source-2.5/net/ipv4/xfrm4_state.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/ipv4/xfrm4_state.c,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 xfrm4_state.c
--- kernel-source-2.5/net/ipv4/xfrm4_state.c 27 May 2003 08:38:40 -0000 1.1.1.3
+++ kernel-source-2.5/net/ipv4/xfrm4_state.c 20 Jul 2003 06:32:48 -0000
@@ -58,7 +58,7 @@
}
static struct xfrm_state *
-__xfrm4_find_acq(u8 mode, u16 reqid, u8 proto,
+__xfrm4_find_acq(u8 mode, u32 reqid, u8 proto,
xfrm_address_t *daddr, xfrm_address_t *saddr,
int create)
{
Index: kernel-source-2.5/net/ipv6/xfrm6_state.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/ipv6/xfrm6_state.c,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 xfrm6_state.c
--- kernel-source-2.5/net/ipv6/xfrm6_state.c 27 May 2003 08:38:40 -0000 1.1.1.3
+++ kernel-source-2.5/net/ipv6/xfrm6_state.c 20 Jul 2003 06:33:00 -0000
@@ -65,7 +65,7 @@
}
static struct xfrm_state *
-__xfrm6_find_acq(u8 mode, u16 reqid, u8 proto,
+__xfrm6_find_acq(u8 mode, u32 reqid, u8 proto,
xfrm_address_t *daddr, xfrm_address_t *saddr,
int create)
{
Index: kernel-source-2.5/net/key/af_key.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/key/af_key.c,v
retrieving revision 1.10
diff -u -r1.10 af_key.c
--- kernel-source-2.5/net/key/af_key.c 9 Jul 2003 09:18:42 -0000 1.10
+++ kernel-source-2.5/net/key/af_key.c 20 Jul 2003 06:32:28 -0000
@@ -1099,7 +1099,7 @@
struct sadb_msg *out_hdr;
struct xfrm_state *x = NULL;
u8 mode;
- u16 reqid;
+ u32 reqid;
u8 proto;
unsigned short family;
xfrm_address_t *xsaddr = NULL, *xdaddr = NULL;
@@ -1496,7 +1496,7 @@
static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr)
{
int i;
- u16 reqid = *(u16*)ptr;
+ u32 reqid = *(u32*)ptr;
for (i=0; i<xp->xfrm_nr; i++) {
if (xp->xfrm_vec[i].reqid == reqid)
@@ -1505,10 +1505,10 @@
return 0;
}
-static u16 gen_reqid(void)
+static u32 gen_reqid(void)
{
- u16 start;
- static u16 reqid = IPSEC_MANUAL_REQID_MAX;
+ u32 start;
+ static u32 reqid = IPSEC_MANUAL_REQID_MAX;
start = reqid;
do {
Index: kernel-source-2.5/net/xfrm/xfrm_state.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/xfrm/xfrm_state.c,v
retrieving revision 1.7
diff -u -r1.7 xfrm_state.c
--- kernel-source-2.5/net/xfrm/xfrm_state.c 12 Jul 2003 00:06:12 -0000 1.7
+++ kernel-source-2.5/net/xfrm/xfrm_state.c 20 Jul 2003 06:33:30 -0000
@@ -554,7 +554,7 @@
}
struct xfrm_state *
-xfrm_find_acq(u8 mode, u16 reqid, u8 proto,
+xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
xfrm_address_t *daddr, xfrm_address_t *saddr,
int create, unsigned short family)
{
