Re: [IPSEC] Use 32-bit reqid's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Jul 21, 2003 at 03:56:04AM -0700, David S. Miller wrote:
> 
> So, now that you understand what I'm suggesting, what do you
> think?

Well I'm in favour of changing PFKEY to 32-bit reqid's.

Here is the original patch again which changes both PFKEY and NETLINK.

PS I'd like to add a flag field to xfrm_usersa_info so that the KM
can specify whether ECN is passed into the tunnel or not as per
RFC 3168.  Does this sound OK to you guys?

Cheers,
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Index: kernel-source-2.5/include/net/xfrm.h
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/include/net/xfrm.h,v
retrieving revision 1.12
diff -u -r1.12 xfrm.h
--- kernel-source-2.5/include/net/xfrm.h	12 Jul 2003 00:06:12 -0000	1.12
+++ kernel-source-2.5/include/net/xfrm.h	20 Jul 2003 06:27:36 -0000
@@ -104,10 +104,10 @@
 
 	/* Parameters of this state. */
 	struct {
+		u32		reqid;
 		u8		mode;
 		u8		replay_window;
 		u8		aalgo, ealgo, calgo;
-		u16		reqid;
 		u16		family;
 		xfrm_address_t	saddr;
 		int		header_len;
@@ -193,7 +193,7 @@
 						struct xfrm_tmpl *tmpl,
 						xfrm_address_t *daddr, xfrm_address_t *saddr);
 	struct xfrm_state	*(*state_lookup)(xfrm_address_t *daddr, u32 spi, u8 proto);
-	struct xfrm_state	*(*find_acq)(u8 mode, u16 reqid, u8 proto, 
+	struct xfrm_state	*(*find_acq)(u8 mode, u32 reqid, u8 proto, 
 					     xfrm_address_t *daddr, xfrm_address_t *saddr, 
 					     int create);
 };
@@ -244,7 +244,7 @@
 /* Source address of tunnel. Ignored, if it is not a tunnel. */
 	xfrm_address_t		saddr;
 
-	__u16			reqid;
+	__u32			reqid;
 
 /* Mode: transport/tunnel */
 	__u8			mode;
@@ -801,7 +801,7 @@
 void xfrm_policy_flush(void);
 u32 xfrm_get_acqseq(void);
 void xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
-struct xfrm_state * xfrm_find_acq(u8 mode, u16 reqid, u8 proto, 
+struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto, 
 				  xfrm_address_t *daddr, xfrm_address_t *saddr, 
 				  int create, unsigned short family);
 extern void xfrm_policy_flush(void);
Index: kernel-source-2.5/include/linux/pfkeyv2.h
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/include/linux/pfkeyv2.h,v
retrieving revision 1.1.1.6
diff -u -r1.1.1.6 pfkeyv2.h
--- kernel-source-2.5/include/linux/pfkeyv2.h	27 May 2003 08:38:39 -0000	1.1.1.6
+++ kernel-source-2.5/include/linux/pfkeyv2.h	20 Jul 2003 07:05:45 -0000
@@ -190,7 +190,9 @@
 	uint16_t	sadb_x_ipsecrequest_proto;
 	uint8_t		sadb_x_ipsecrequest_mode;
 	uint8_t		sadb_x_ipsecrequest_level;
-	uint16_t	sadb_x_ipsecrequest_reqid;
+	uint16_t	sadb_x_ipsecrequest_reserved1;
+	uint32_t	sadb_x_ipsecrequest_reqid;
+	uint32_t	sadb_x_ipsecrequest_reserved2;
 } __attribute__((packed));
 /* sizeof(struct sadb_x_ipsecrequest) == 16 */
 
Index: kernel-source-2.5/include/linux/xfrm.h
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/include/linux/xfrm.h,v
retrieving revision 1.4
diff -u -r1.4 xfrm.h
--- kernel-source-2.5/include/linux/xfrm.h	5 Jul 2003 22:54:05 -0000	1.4
+++ kernel-source-2.5/include/linux/xfrm.h	20 Jul 2003 07:03:08 -0000
@@ -126,7 +126,7 @@
 struct xfrm_user_tmpl {
 	struct xfrm_id		id;
 	xfrm_address_t		saddr;
-	__u16			reqid;
+	__u32			reqid;
 	__u8			mode;
 	__u8			share;
 	__u8			optional;
@@ -162,8 +162,8 @@
 	struct xfrm_lifetime_cur	curlft;
 	struct xfrm_stats		stats;
 	__u32				seq;
+	__u32				reqid;
 	__u16				family;
-	__u16				reqid;
 	__u8				mode; /* 0=transport,1=tunnel */
 	__u8				replay_window;
 };
Index: kernel-source-2.5/net/ipv4/xfrm4_state.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/ipv4/xfrm4_state.c,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 xfrm4_state.c
--- kernel-source-2.5/net/ipv4/xfrm4_state.c	27 May 2003 08:38:40 -0000	1.1.1.3
+++ kernel-source-2.5/net/ipv4/xfrm4_state.c	20 Jul 2003 06:32:48 -0000
@@ -58,7 +58,7 @@
 }
 
 static struct xfrm_state *
-__xfrm4_find_acq(u8 mode, u16 reqid, u8 proto, 
+__xfrm4_find_acq(u8 mode, u32 reqid, u8 proto, 
 		 xfrm_address_t *daddr, xfrm_address_t *saddr, 
 		 int create)
 {
Index: kernel-source-2.5/net/ipv6/xfrm6_state.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/ipv6/xfrm6_state.c,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 xfrm6_state.c
--- kernel-source-2.5/net/ipv6/xfrm6_state.c	27 May 2003 08:38:40 -0000	1.1.1.3
+++ kernel-source-2.5/net/ipv6/xfrm6_state.c	20 Jul 2003 06:33:00 -0000
@@ -65,7 +65,7 @@
 }
 
 static struct xfrm_state *
-__xfrm6_find_acq(u8 mode, u16 reqid, u8 proto, 
+__xfrm6_find_acq(u8 mode, u32 reqid, u8 proto, 
 		 xfrm_address_t *daddr, xfrm_address_t *saddr, 
 		 int create)
 {
Index: kernel-source-2.5/net/key/af_key.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/key/af_key.c,v
retrieving revision 1.10
diff -u -r1.10 af_key.c
--- kernel-source-2.5/net/key/af_key.c	9 Jul 2003 09:18:42 -0000	1.10
+++ kernel-source-2.5/net/key/af_key.c	20 Jul 2003 07:07:13 -0000
@@ -1099,7 +1099,7 @@
 	struct sadb_msg *out_hdr;
 	struct xfrm_state *x = NULL;
 	u8 mode;
-	u16 reqid;
+	u32 reqid;
 	u8 proto;
 	unsigned short family;
 	xfrm_address_t *xsaddr = NULL, *xdaddr = NULL;
@@ -1496,7 +1496,7 @@
 static int check_reqid(struct xfrm_policy *xp, int dir, int count, void *ptr)
 {
 	int i;
-	u16 reqid = *(u16*)ptr;
+	u32 reqid = *(u32*)ptr;
 
 	for (i=0; i<xp->xfrm_nr; i++) {
 		if (xp->xfrm_vec[i].reqid == reqid)
@@ -1505,10 +1505,10 @@
 	return 0;
 }
 
-static u16 gen_reqid(void)
+static u32 gen_reqid(void)
 {
-	u16 start;
-	static u16 reqid = IPSEC_MANUAL_REQID_MAX;
+	u32 start;
+	static u32 reqid = IPSEC_MANUAL_REQID_MAX;
 
 	start = reqid;
 	do {
@@ -1771,6 +1771,7 @@
 			size -= 2*socklen;
 		rq = (void*)skb_put(skb, req_size);
 		pol->sadb_x_policy_len += req_size/8;
+		memset(rq, 0, sizeof(*rq));
 		rq->sadb_x_ipsecrequest_len = req_size;
 		rq->sadb_x_ipsecrequest_proto = t->id.proto;
 		rq->sadb_x_ipsecrequest_mode = t->mode+1;
Index: kernel-source-2.5/net/xfrm/xfrm_state.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/xfrm/xfrm_state.c,v
retrieving revision 1.7
diff -u -r1.7 xfrm_state.c
--- kernel-source-2.5/net/xfrm/xfrm_state.c	12 Jul 2003 00:06:12 -0000	1.7
+++ kernel-source-2.5/net/xfrm/xfrm_state.c	20 Jul 2003 06:33:30 -0000
@@ -554,7 +554,7 @@
 }
 
 struct xfrm_state *
-xfrm_find_acq(u8 mode, u16 reqid, u8 proto, 
+xfrm_find_acq(u8 mode, u32 reqid, u8 proto, 
 	      xfrm_address_t *daddr, xfrm_address_t *saddr, 
 	      int create, unsigned short family)
 {
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux