From patchwork Thu Feb 14 11:47:27 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 220425 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 9A49A2C007A for ; Thu, 14 Feb 2013 22:48:21 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934397Ab3BNLsQ (ORCPT ); Thu, 14 Feb 2013 06:48:16 -0500 Received: from a.mx.secunet.com ([195.81.216.161]:44538 "EHLO a.mx.secunet.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934317Ab3BNLr6 (ORCPT ); Thu, 14 Feb 2013 06:47:58 -0500 Received: from localhost (alg1 [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id C8E791A0079; Thu, 14 Feb 2013 12:47:57 +0100 (CET) X-Virus-Scanned: by secunet Received: from mail-srv1.secumail.de (unknown [10.53.40.200]) by a.mx.secunet.com (Postfix) with ESMTP id CDB8F1A0080; Thu, 14 Feb 2013 12:47:47 +0100 (CET) Received: from gauss.dd.secunet.de ([10.182.7.102]) by mail-srv1.secumail.de with Microsoft SMTPSVC(6.0.3790.4675); Thu, 14 Feb 2013 12:47:47 +0100 Received: by gauss.dd.secunet.de (Postfix, from userid 1000) id 6E0845C18F1; Thu, 14 Feb 2013 12:47:47 +0100 (CET) From: Steffen Klassert To: David Miller Cc: Herbert Xu , Steffen Klassert , netdev@vger.kernel.org Subject: [PATCH 7/7] xfrm: Allow inserting policies with matching mark and different priorities Date: Thu, 14 Feb 2013 12:47:27 +0100 Message-Id: <1360842447-3344-8-git-send-email-steffen.klassert@secunet.com> X-Mailer: git-send-email 1.7.9.5 In-Reply-To: <1360842447-3344-1-git-send-email-steffen.klassert@secunet.com> References: <1360842447-3344-1-git-send-email-steffen.klassert@secunet.com> X-OriginalArrivalTime: 14 Feb 2013 11:47:47.0688 (UTC) FILETIME=[1C0FEE80:01CE0AA9] Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org We currently can not insert policies with mark and mask such that some flows would be matched from both policies. We make this possible when the priority of these policies are different. If both policies match a flow, the one with the higher priority is used. Reported-by: Emmanuel Thierry Reported-by: Romain Kuntz Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_policy.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 456b11b..257dfb1 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -607,6 +607,21 @@ static void xfrm_policy_requeue(struct xfrm_policy *old, spin_unlock_bh(&pq->hold_queue.lock); } +static bool xfrm_policy_mark_match(struct xfrm_policy *policy, + struct xfrm_policy *pol) +{ + u32 mark = policy->mark.v & policy->mark.m; + + if (policy->mark.v == pol->mark.v && policy->mark.m == pol->mark.m) + return true; + + if ((mark & pol->mark.m) == pol->mark.v && + policy->priority == pol->priority) + return true; + + return false; +} + int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) { struct net *net = xp_net(policy); @@ -614,7 +629,6 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) struct xfrm_policy *delpol; struct hlist_head *chain; struct hlist_node *entry, *newpos; - u32 mark = policy->mark.v & policy->mark.m; write_lock_bh(&xfrm_policy_lock); chain = policy_hash_bysel(net, &policy->selector, policy->family, dir); @@ -623,7 +637,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) hlist_for_each_entry(pol, entry, chain, bydst) { if (pol->type == policy->type && !selector_cmp(&pol->selector, &policy->selector) && - (mark & pol->mark.m) == pol->mark.v && + xfrm_policy_mark_match(policy, pol) && xfrm_sec_ctx_match(pol->security, policy->security) && !WARN_ON(delpol)) { if (excl) {