Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 851555,
    "url": "http://patchwork.ozlabs.org/api/patches/851555/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/netdev/patch/20171220170607.41516-5-lorenzo@google.com/",
    "project": {
        "id": 7,
        "url": "http://patchwork.ozlabs.org/api/projects/7/?format=api",
        "name": "Linux network development",
        "link_name": "netdev",
        "list_id": "netdev.vger.kernel.org",
        "list_email": "netdev@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20171220170607.41516-5-lorenzo@google.com>",
    "list_archive_url": null,
    "date": "2017-12-20T17:06:04",
    "name": "[ipsec-next,4/7] net: xfrm: Find VTI interfaces from xfrm_input.",
    "commit_ref": null,
    "pull_url": null,
    "state": "awaiting-upstream",
    "archived": true,
    "hash": "9ff4f1052cadedae994ce78acbd9799011bab9b1",
    "submitter": {
        "id": 3403,
        "url": "http://patchwork.ozlabs.org/api/people/3403/?format=api",
        "name": "Lorenzo Colitti",
        "email": "lorenzo@google.com"
    },
    "delegate": {
        "id": 34,
        "url": "http://patchwork.ozlabs.org/api/users/34/?format=api",
        "username": "davem",
        "first_name": "David",
        "last_name": "Miller",
        "email": "davem@davemloft.net"
    },
    "mbox": "http://patchwork.ozlabs.org/project/netdev/patch/20171220170607.41516-5-lorenzo@google.com/mbox/",
    "series": [
        {
            "id": 19695,
            "url": "http://patchwork.ozlabs.org/api/series/19695/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=19695",
            "date": "2017-12-20T17:06:00",
            "name": ": Support multiple VTIs with the same src+dst pair",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/19695/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/851555/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/851555/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<netdev-owner@vger.kernel.org>",
        "X-Original-To": "patchwork-incoming@ozlabs.org",
        "Delivered-To": "patchwork-incoming@ozlabs.org",
        "Authentication-Results": [
            "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)",
            "ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=google.com header.i=@google.com\n\theader.b=\"nHoLvIwx\"; dkim-atps=neutral"
        ],
        "Received": [
            "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3z21Qh1wCyz9s83\n\tfor <patchwork-incoming@ozlabs.org>;\n\tThu, 21 Dec 2017 04:06:52 +1100 (AEDT)",
            "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1755753AbdLTRGu (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tWed, 20 Dec 2017 12:06:50 -0500",
            "from mail-pl0-f65.google.com ([209.85.160.65]:42420 \"EHLO\n\tmail-pl0-f65.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1755542AbdLTRGf (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Wed, 20 Dec 2017 12:06:35 -0500",
            "by mail-pl0-f65.google.com with SMTP id bd8so9357350plb.9\n\tfor <netdev@vger.kernel.org>; Wed, 20 Dec 2017 09:06:35 -0800 (PST)",
            "from lorenzo.tok.corp.google.com ([100.103.3.232])\n\tby smtp.gmail.com with ESMTPSA id\n\tt62sm29103067pgt.23.2017.12.20.09.06.32\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);\n\tWed, 20 Dec 2017 09:06:33 -0800 (PST)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=google.com; s=20161025;\n\th=from:to:cc:subject:date:message-id:in-reply-to:references;\n\tbh=gF8876HYFwuqhUt/opmyqZKDZljvycAAKgiXVP5f0CM=;\n\tb=nHoLvIwxcF3oBFNmIjl3ikL8ysC9hPy0DD3y+tQ6pUcoiucq/OO2jI4BF3XUSLUxxk\n\tcsU4NntzM7iRyVE19dRHSpC9YLOPZjBXQaQDJXmBV2Ney/fyvNNbHUSA6N6h1HVfRi9b\n\tYnbj9eMxTORCfZxtxD69P7P6O0XmM9LH3/NmRplm1DI6g/SCNfWTsfg1185E5TlRsEVr\n\tgImw5MpRWQy0+cc3HX72xJcuOaaPwyAj4dIc+0GtiDEI+nvWf/fQ9apLnYjInBuvpNmY\n\tJH0CQlpvGs4iXF3lEf6nKBOl372cv4sCYWZO0ZnvTn6HLK5+NgWzfTOX1dUcvPYlHe51\n\t+peQ==",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n\t:references;\n\tbh=gF8876HYFwuqhUt/opmyqZKDZljvycAAKgiXVP5f0CM=;\n\tb=dW50ij8K0WXcH88hYXGljxPfNlv84t8U/l3acJOD4J3+Dg0tn+Nial0+bb8d4G4El4\n\tYV3ffvjpyDU2Vyq4QFxandr0XEvRDCyouc5DsXkoqArb9Pitrr3D1Xvw+U2RNAQmJFoH\n\tpnzzmL13IwuCqh9yo0rzyP0OjMG47yl+V8e7GiII+kFC7JIqM6UOB36w6H+LAw7R3mDY\n\t01c+U++7WlMlVJNC5seUSZOwKhoSgSFz5AafdbREAYzsStgSkzHMsjcBdRfBRlbQj4Ud\n\ty+zch/Ew+TIqmX1ZctjxVRYh+TOOnRoJywpZdcU0ciPbTaxPMmrIlP4fHMgIqFMJB8UQ\n\tGD6w==",
        "X-Gm-Message-State": "AKGB3mJYgqt6lnqw4NDOytTllNZYnl7vHKxh+owWE+yL6wtFTS/izweQ\n\tJpeBCoCZZHN+Df212eeqHcG8SHbhByY=",
        "X-Google-Smtp-Source": "ACJfBou1ll/MG3J0YXdLf7GC3FsQ8BcVYqEMi8L2yOgDVMBiH4WIEYMUBMQcIX8+8Ybb15UUlQxpqA==",
        "X-Received": "by 10.84.172.195 with SMTP id n61mr7649537plb.49.1513789594204; \n\tWed, 20 Dec 2017 09:06:34 -0800 (PST)",
        "From": "Lorenzo Colitti <lorenzo@google.com>",
        "To": "netdev@vger.kernel.org",
        "Cc": "steffen.klassert@secunet.com, subashab@codeaurora.org,\n\tnharold@google.com, davem@davemloft.net,\n\tLorenzo Colitti <lorenzo@google.com>",
        "Subject": "[PATCH ipsec-next 4/7] net: xfrm: Find VTI interfaces from\n\txfrm_input.",
        "Date": "Thu, 21 Dec 2017 02:06:04 +0900",
        "Message-Id": "<20171220170607.41516-5-lorenzo@google.com>",
        "X-Mailer": "git-send-email 2.15.1.620.gb9897f4670-goog",
        "In-Reply-To": "<20171220170607.41516-1-lorenzo@google.com>",
        "References": "<20171220170607.41516-1-lorenzo@google.com>",
        "Sender": "netdev-owner@vger.kernel.org",
        "Precedence": "bulk",
        "List-ID": "<netdev.vger.kernel.org>",
        "X-Mailing-List": "netdev@vger.kernel.org"
    },
    "content": "Currently, the VTI input path works by first looking up the VTI\nby its IP addresses, then setting the tunnel pointer in the\nXFRM_TUNNEL_SKB_CB, and then having xfrm_input override the mark\nwith the mark in the tunnel.\n\nThis patch changes the order so that the tunnel is found by a\ncallback from xfrm_input. Each tunnel type (currently only ip_vti\nand ip6_vti) implements a lookup function pointer that finds the\ntunnel and sets it in the CB, and also does a state lookup.\n\nThis has the advantage that much more information is available to\nthe tunnel lookup function, including the looked-up XFRM state.\nThis will be used in a future change to allow finding the tunnel\nbased on the result of the xfrm lookup and not just on IP\naddresses, which will allow multiple tunnels on the same IP\naddress pair.\n\nThe lookup function pointer occupies the same space in the\nXFRM_TUNNEL_SKB_CB as the IPv4/IPv6 tunnel pointer. The semantics\nof the field are:\n- When not running a handler that uses tunnels: always null.\n- At the beginning of xfrm_input: lookup function pointer.\n- After xfrm_input calls the lookup function: tunnel if found,\n  else null.\n\nSigned-off-by: Lorenzo Colitti <lorenzo@google.com>\n---\n include/net/xfrm.h     |  2 ++\n net/ipv4/ip_vti.c      | 43 ++++++++++++++++++++++++++++++++++++----\n net/ipv6/ip6_vti.c     | 53 +++++++++++++++++++++++++++++++++++++++++++++-----\n net/ipv6/xfrm6_input.c |  1 -\n net/xfrm/xfrm_input.c  | 34 +++++++++++++++++++-------------\n 5 files changed, 109 insertions(+), 24 deletions(-)",
    "diff": "diff --git a/include/net/xfrm.h b/include/net/xfrm.h\nindex 9d3b7c0ac6..3d245f2f6f 100644\n--- a/include/net/xfrm.h\n+++ b/include/net/xfrm.h\n@@ -653,6 +653,8 @@ struct xfrm_tunnel_skb_cb {\n \t} header;\n \n \tunion {\n+\t\tint (*lookup)(struct sk_buff *skb, int nexthdr, __be32 spi,\n+\t\t\t      __be32 seq, struct xfrm_state **x);\n \t\tstruct ip_tunnel *ip4;\n \t\tstruct ip6_tnl *ip6;\n \t} tunnel;\ndiff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c\nindex 804cee8126..21f93e398e 100644\n--- a/net/ipv4/ip_vti.c\n+++ b/net/ipv4/ip_vti.c\n@@ -49,8 +49,8 @@ static struct rtnl_link_ops vti_link_ops __read_mostly;\n static unsigned int vti_net_id __read_mostly;\n static int vti_tunnel_init(struct net_device *dev);\n \n-static int vti_input(struct sk_buff *skb, int nexthdr, __be32 spi,\n-\t\t     int encap_type)\n+static struct ip_tunnel *\n+vti4_find_tunnel(struct sk_buff *skb, __be32 spi, struct xfrm_state **x)\n {\n \tstruct ip_tunnel *tunnel;\n \tconst struct iphdr *iph = ip_hdr(skb);\n@@ -59,19 +59,52 @@ static int vti_input(struct sk_buff *skb, int nexthdr, __be32 spi,\n \n \ttunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY, 0,\n \t\t\t\t  iph->saddr, iph->daddr, 0);\n+\tif (tunnel) {\n+\t\t*x = xfrm_state_lookup(net, be32_to_cpu(tunnel->parms.i_key),\n+\t\t\t\t       (xfrm_address_t *)&iph->daddr,\n+\t\t\t\t       spi, iph->protocol, AF_INET);\n+\t}\n+\n+\treturn tunnel;\n+}\n+\n+static int vti_lookup(struct sk_buff *skb, int nexthdr, __be32 spi, __be32 seq,\n+\t\t      struct xfrm_state **x)\n+{\n+\tstruct net *net = dev_net(skb->dev);\n+\tstruct ip_tunnel *tunnel;\n+\n+\ttunnel = vti4_find_tunnel(skb, spi, x);\n \tif (tunnel) {\n \t\tif (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))\n \t\t\tgoto drop;\n \n+\t\tif (!*x) {\n+\t\t\tXFRM_INC_STATS(net, LINUX_MIB_XFRMINNOSTATES);\n+\t\t\txfrm_audit_state_notfound(skb, AF_INET, spi, seq);\n+\t\t\ttunnel->dev->stats.rx_errors++;\n+\t\t\ttunnel->dev->stats.rx_dropped++;\n+\t\t\tgoto drop;\n+\t\t}\n+\n \t\tXFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = tunnel;\n \n-\t\treturn xfrm_input(skb, nexthdr, spi, encap_type);\n+\t\treturn 0;\n \t}\n \n \treturn -EINVAL;\n drop:\n+\tif (*x)\n+\t\txfrm_state_put(*x);\n \tkfree_skb(skb);\n-\treturn 0;\n+\treturn -ESRCH;\n+}\n+\n+static int vti_input(struct sk_buff *skb, int nexthdr, __be32 spi,\n+\t\t     int encap_type)\n+{\n+\tXFRM_TUNNEL_SKB_CB(skb)->tunnel.lookup = vti_lookup;\n+\treturn xfrm_input(skb, nexthdr, spi, encap_type);\n }\n \n static int vti_rcv(struct sk_buff *skb)\n@@ -93,6 +126,8 @@ static int vti_rcv_cb(struct sk_buff *skb, int err)\n \tu32 orig_mark = skb->mark;\n \tint ret;\n \n+\tXFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;\n+\n \tif (!tunnel)\n \t\treturn 1;\n \ndiff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c\nindex dbb74f3c57..5994fedd19 100644\n--- a/net/ipv6/ip6_vti.c\n+++ b/net/ipv6/ip6_vti.c\n@@ -297,13 +297,33 @@ static void vti6_dev_uninit(struct net_device *dev)\n \tdev_put(dev);\n }\n \n-static int vti6_rcv(struct sk_buff *skb)\n+static struct ip6_tnl *\n+vti6_find_tunnel(struct sk_buff *skb, __be32 spi, struct xfrm_state **x)\n {\n+\tconst struct ipv6hdr *ipv6h = ipv6_hdr(skb);\n+\tstruct net *net = dev_net(skb->dev);\n \tstruct ip6_tnl *t;\n+\n+\tt = vti6_tnl_lookup(net, &ipv6h->saddr, &ipv6h->daddr);\n+\tif (t) {\n+\t\t*x = xfrm_state_lookup(net, be32_to_cpu(t->parms.i_key),\n+\t\t\t\t       (xfrm_address_t *)&ipv6h->daddr,\n+\t\t\t\t       spi, ipv6h->nexthdr, AF_INET6);\n+\t}\n+\n+\treturn t;\n+}\n+\n+static int\n+vti6_lookup(struct sk_buff *skb, int nexthdr, __be32 spi, __be32 seq,\n+\t    struct xfrm_state **x)\n+{\n \tconst struct ipv6hdr *ipv6h = ipv6_hdr(skb);\n+\tstruct net *net = dev_net(skb->dev);\n+\tstruct ip6_tnl *t;\n \n \trcu_read_lock();\n-\tt = vti6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr, &ipv6h->daddr);\n+\tt = vti6_find_tunnel(skb, spi, x);\n \tif (t) {\n \t\tif (t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) {\n \t\t\trcu_read_unlock();\n@@ -312,7 +332,7 @@ static int vti6_rcv(struct sk_buff *skb)\n \n \t\tif (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {\n \t\t\trcu_read_unlock();\n-\t\t\treturn 0;\n+\t\t\tgoto discard;\n \t\t}\n \n \t\tif (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) {\n@@ -321,15 +341,36 @@ static int vti6_rcv(struct sk_buff *skb)\n \t\t\tgoto discard;\n \t\t}\n \n+\t\tif (!*x) {\n+\t\t\tXFRM_INC_STATS(net, LINUX_MIB_XFRMINNOSTATES);\n+\t\t\txfrm_audit_state_notfound(skb, AF_INET6, spi, seq);\n+\t\t\tt->dev->stats.rx_errors++;\n+\t\t\tt->dev->stats.rx_dropped++;\n+\t\t\trcu_read_unlock();\n+\t\t\tgoto discard;\n+\t\t}\n+\n \t\trcu_read_unlock();\n \n-\t\treturn xfrm6_rcv_tnl(skb, t);\n+\t\tXFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = t;\n+\n+\t\treturn 0;\n \t}\n \trcu_read_unlock();\n \treturn -EINVAL;\n discard:\n+\tif (*x)\n+\t\txfrm_state_put(*x);\n \tkfree_skb(skb);\n-\treturn 0;\n+\treturn -ESRCH;\n+}\n+\n+static int vti6_rcv(struct sk_buff *skb)\n+{\n+\tint nexthdr = skb_network_header(skb)[IP6CB(skb)->nhoff];\n+\n+\tXFRM_TUNNEL_SKB_CB(skb)->tunnel.lookup = vti6_lookup;\n+\treturn xfrm6_rcv_spi(skb, nexthdr, 0, NULL);\n }\n \n static int vti6_rcv_cb(struct sk_buff *skb, int err)\n@@ -343,6 +384,8 @@ static int vti6_rcv_cb(struct sk_buff *skb, int err)\n \tu32 orig_mark = skb->mark;\n \tint ret;\n \n+\tXFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = NULL;\n+\n \tif (!t)\n \t\treturn 1;\n \ndiff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c\nindex fe04e23af9..6d1b734fef 100644\n--- a/net/ipv6/xfrm6_input.c\n+++ b/net/ipv6/xfrm6_input.c\n@@ -25,7 +25,6 @@ int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb)\n int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi,\n \t\t  struct ip6_tnl *t)\n {\n-\tXFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = t;\n \tXFRM_SPI_SKB_CB(skb)->family = AF_INET6;\n \tXFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr);\n \treturn xfrm_input(skb, nexthdr, spi, 0);\ndiff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c\nindex ac277b97e0..7b54f58454 100644\n--- a/net/xfrm/xfrm_input.c\n+++ b/net/xfrm/xfrm_input.c\n@@ -267,18 +267,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)\n \n \tfamily = XFRM_SPI_SKB_CB(skb)->family;\n \n-\t/* if tunnel is present override skb->mark value with tunnel i_key */\n-\tswitch (family) {\n-\tcase AF_INET:\n-\t\tif (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4)\n-\t\t\tmark = be32_to_cpu(XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4->parms.i_key);\n-\t\tbreak;\n-\tcase AF_INET6:\n-\t\tif (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6)\n-\t\t\tmark = be32_to_cpu(XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6->parms.i_key);\n-\t\tbreak;\n-\t}\n-\n \terr = secpath_set(skb);\n \tif (err) {\n \t\tXFRM_INC_STATS(net, LINUX_MIB_XFRMINERROR);\n@@ -293,14 +281,29 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)\n \n \tdaddr = (xfrm_address_t *)(skb_network_header(skb) +\n \t\t\t\t   XFRM_SPI_SKB_CB(skb)->daddroff);\n+\n+\tif (XFRM_TUNNEL_SKB_CB(skb)->tunnel.lookup) {\n+\t\terr = XFRM_TUNNEL_SKB_CB(skb)->tunnel.lookup(skb, nexthdr,\n+\t\t\t\t\t\t\t     spi, seq, &x);\n+\t\tif (err) {\n+\t\t\tXFRM_TUNNEL_SKB_CB(skb)->tunnel.lookup = NULL;\n+\t\t\treturn err;\n+\t\t}\n+\t}\n+\n \tdo {\n \t\tif (skb->sp->len == XFRM_MAX_DEPTH) {\n \t\t\tXFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);\n+\t\t\tif (x)\n+\t\t\t\txfrm_state_put(x);\n \t\t\tgoto drop;\n \t\t}\n \n-\t\tx = xfrm_state_lookup(net, mark, daddr, spi, nexthdr, family);\n-\t\tif (x == NULL) {\n+\t\tif (!x)\n+\t\t\tx = xfrm_state_lookup(net, mark, daddr, spi, nexthdr,\n+\t\t\t\t\t      family);\n+\n+\t\tif (!x) {\n \t\t\tXFRM_INC_STATS(net, LINUX_MIB_XFRMINNOSTATES);\n \t\t\txfrm_audit_state_notfound(skb, family, spi, seq);\n \t\t\tgoto drop;\n@@ -420,6 +423,9 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)\n \t\t\tXFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR);\n \t\t\tgoto drop;\n \t\t}\n+\n+\t\tif (!err)\n+\t\t\tx = NULL;\n \t} while (!err);\n \n \terr = xfrm_rcv_cb(skb, family, x->type->proto, 0);\n",
    "prefixes": [
        "ipsec-next",
        "4/7"
    ]
}