From patchwork Mon Nov 28 20:14:50 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ulrich Weber <ulrich.weber@sophos.com>
X-Patchwork-Id: 128075
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id A944E1007D2
	for <patchwork-incoming@ozlabs.org>;
	Tue, 29 Nov 2011 07:26:05 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754406Ab1K1UZ6 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Mon, 28 Nov 2011 15:25:58 -0500
Received: from mx3.sophos.com ([216.47.234.212]:45783 "EHLO mx3.sophos.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753677Ab1K1UZ5 (ORCPT <rfc822;netdev@vger.kernel.org>);
	Mon, 28 Nov 2011 15:25:57 -0500
Received: from mx3.sophos.com (localhost.localdomain [127.0.0.1])
	by localhost (Postfix) with SMTP id 786B31882C0;
	Mon, 28 Nov 2011 20:14:57 +0000 (GMT)
Received: from uk-exch1.green.sophos (uk-exch1.green.sophos [10.100.199.16])
	by mx3.sophos.com (Postfix) with ESMTPS id E83BC188216;
	Mon, 28 Nov 2011 20:14:56 +0000 (GMT)
Received: from localhost.localdomain (10.128.129.40) by uk-exch1.green.sophos
	(10.100.199.10) with Microsoft SMTP Server (TLS) id 8.1.340.0;
	Mon, 28 Nov 2011 20:14:54 +0000
From: Ulrich Weber <ulrich.weber@sophos.com>
To: <netdev@vger.kernel.org>
CC: <davem@davemloft.net>
Subject: [PATCH 1/3] xfrm: add incoming interface to selector
Date: Mon, 28 Nov 2011 21:14:50 +0100
Message-ID: <1322511292-1413-2-git-send-email-ulrich.weber@sophos.com>
X-Mailer: git-send-email 1.7.4.1
In-Reply-To: <1322511292-1413-1-git-send-email-ulrich.weber@sophos.com>
References: <1322511292-1413-1-git-send-email-ulrich.weber@sophos.com>
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sophos.com;
	h=from:to:cc:subject:date:message-id:in-reply-to:references:mime-version:content-type;
	s=global; bh=XBaf3IiozJ6xtYDz6h4iTFZOUVikfeBd0fq00J00hMs=;
	b=EpsTftwEMsX5ANtzVflEm1bFbTRAHTnn5fBYuSV5ETBJ2+Df/GXnbqY4amGh4b+H/nkqfd+HB4jlX8NxF1v2CBuQ1MHU7JcoF82+cIgFf0ETBL+tSTeK8iUgKRCnRJizmyGdehLKfQM9p3G7KsxcMP6C9yJnF/AL1c5KhGyHEN8=
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Current implementation only allows to match for outgoing
interface in xfrm policy database.

This replaces the user ID (which was never used) with the
incoming interface, so both interfaces can be matched against.

Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com>
---
 include/linux/xfrm.h   |    4 ++--
 net/ipv4/xfrm4_state.c |    3 ++-
 net/ipv6/mip6.c        |    3 ++-
 net/ipv6/xfrm6_state.c |    3 ++-
 net/xfrm/xfrm_policy.c |    6 ++++--
 5 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 22e61fd..bb1bb49 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -54,8 +54,8 @@ struct xfrm_selector {
 	__u8	prefixlen_d;
 	__u8	prefixlen_s;
 	__u8	proto;
-	int	ifindex;
-	__kernel_uid32_t	user;
+	int	oif;
+	int 	iif;
 };
 
 #define XFRM_INF (~(__u64)0)
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c
index 9258e75..96d9b55 100644
--- a/net/ipv4/xfrm4_state.c
+++ b/net/ipv4/xfrm4_state.c
@@ -36,7 +36,8 @@ __xfrm4_init_tempsel(struct xfrm_selector *sel, const struct flowi *fl)
 	sel->prefixlen_d = 32;
 	sel->prefixlen_s = 32;
 	sel->proto = fl4->flowi4_proto;
-	sel->ifindex = fl4->flowi4_oif;
+	sel->oif = fl4->flowi4_oif;
+	sel->iif = fl4->flowi4_iif;
 }
 
 static void
diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c
index 7e1e0fb..c0ebe40 100644
--- a/net/ipv6/mip6.c
+++ b/net/ipv6/mip6.c
@@ -248,7 +248,8 @@ static int mip6_destopt_reject(struct xfrm_state *x, struct sk_buff *skb,
 	sel.sport = xfrm_flowi_sport(fl, &fl6->uli);
 	if (sel.sport)
 		sel.sport_mask = htons(~0);
-	sel.ifindex = fl6->flowi6_oif;
+	sel.oif = fl6->flowi6_oif;
+	sel.iif = fl6->flowi6_iif;
 
 	err = km_report(net, IPPROTO_DSTOPTS, &sel,
 			(hao ? (xfrm_address_t *)&hao->addr : NULL));
diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index 3f2f7c4..bdb13df 100644
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -37,7 +37,8 @@ __xfrm6_init_tempsel(struct xfrm_selector *sel, const struct flowi *fl)
 	sel->prefixlen_d = 128;
 	sel->prefixlen_s = 128;
 	sel->proto = fl6->flowi6_proto;
-	sel->ifindex = fl6->flowi6_oif;
+	sel->oif = fl6->flowi6_oif;
+	sel->iif = fl6->flowi6_iif;
 }
 
 static void
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 4fce1ce..648c9e7 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -66,7 +66,8 @@ __xfrm4_selector_match(const struct xfrm_selector *sel, const struct flowi *fl)
 		!((xfrm_flowi_dport(fl, &fl4->uli) ^ sel->dport) & sel->dport_mask) &&
 		!((xfrm_flowi_sport(fl, &fl4->uli) ^ sel->sport) & sel->sport_mask) &&
 		(fl4->flowi4_proto == sel->proto || !sel->proto) &&
-		(fl4->flowi4_oif == sel->ifindex || !sel->ifindex);
+		(fl4->flowi4_oif == sel->oif || !sel->oif) &&
+		(fl4->flowi4_iif == sel->iif || !sel->iif);
 }
 
 static inline int
@@ -79,7 +80,8 @@ __xfrm6_selector_match(const struct xfrm_selector *sel, const struct flowi *fl)
 		!((xfrm_flowi_dport(fl, &fl6->uli) ^ sel->dport) & sel->dport_mask) &&
 		!((xfrm_flowi_sport(fl, &fl6->uli) ^ sel->sport) & sel->sport_mask) &&
 		(fl6->flowi6_proto == sel->proto || !sel->proto) &&
-		(fl6->flowi6_oif == sel->ifindex || !sel->ifindex);
+		(fl6->flowi6_oif == sel->oif || !sel->oif) &&
+		(fl6->flowi6_iif == sel->iif || !sel->iif);
 }
 
 int xfrm_selector_match(const struct xfrm_selector *sel, const struct flowi *fl,