* [PATCH 0/2] add udp encapsulation port to xfrm_do_migrate
@ 2017-06-05 21:56 Antony Antony
2017-06-05 21:56 ` [PATCH 1/2] xfrm: extend MIGRATE with UDP encapsulation port Antony Antony
` (3 more replies)
0 siblings, 4 replies; 10+ messages in thread
From: Antony Antony @ 2017-06-05 21:56 UTC (permalink / raw)
To: netdev
Cc: Antony Antony, Steffen Klassert, Herbert Xu, David S . Miller,
Richard Guy Briggs
Currently xfrm_do_migrate only support migrating IP address.
This patches add UDP encapsulation port to xfrm_do_migrate.
The use case is for devices such as phones that support IKE MOBIKE.
Often when the device move from one network to the another or wake
up from sleep external NAT gateway IP address, port, or both could
change. With this patch xfrm_do_migrate will also support port change
if necessary.
Antony Antony (2):
xfrm: extend MIGRATE with UDP encapsulation port
xfrm: add UDP encapsulation port in migrate message
include/net/xfrm.h | 11 +++++++----
net/key/af_key.c | 5 +++--
net/xfrm/xfrm_policy.c | 13 +++++--------
net/xfrm/xfrm_state.c | 23 ++++++++++++++++-------
net/xfrm/xfrm_user.c | 37 +++++++++++++++++++++++++++++--------
5 files changed, 60 insertions(+), 29 deletions(-)
--
2.9.3
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 1/2] xfrm: extend MIGRATE with UDP encapsulation port
2017-06-05 21:56 [PATCH 0/2] add udp encapsulation port to xfrm_do_migrate Antony Antony
@ 2017-06-05 21:56 ` Antony Antony
2017-06-06 0:05 ` Richard Guy Briggs
2017-06-05 21:56 ` [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
` (2 subsequent siblings)
3 siblings, 1 reply; 10+ messages in thread
From: Antony Antony @ 2017-06-05 21:56 UTC (permalink / raw)
To: netdev
Cc: Antony Antony, Steffen Klassert, Herbert Xu, David S . Miller,
Richard Guy Briggs
Add UDP encapsulation port to XFRM_MSG_MIGRATE using an optional
netlink attribute XFRMA_ENCAP.
The devices that support IKE MOBIKE extension (RFC-4555 Section 3.8)
could go to sleep for a few minutes and wake up. When it wake up the
NAT mapping could have expired, the device send a MOBIKE UPDATE_SA
message to migrate the IPsec SA. The change could be a change UDP
encapsulation port, IP address, or both.
Reported-by: Paul Wouters <pwouters@redhat.com>
Signed-off-by: Antony Antony <antony@phenome.org>
---
include/net/xfrm.h | 6 ++++--
net/key/af_key.c | 2 +-
net/xfrm/xfrm_policy.c | 11 ++++-------
net/xfrm/xfrm_state.c | 18 +++++++++++++-----
net/xfrm/xfrm_user.c | 14 ++++++++++++--
5 files changed, 34 insertions(+), 17 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 7e7e2b0..df98463 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1678,10 +1678,12 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_kmaddress *k);
struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net);
struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
- struct xfrm_migrate *m);
+ struct xfrm_migrate *m,
+ struct xfrm_encap_tmpl *encap);
int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
struct xfrm_migrate *m, int num_bundles,
- struct xfrm_kmaddress *k, struct net *net);
+ struct xfrm_kmaddress *k, struct net *net,
+ struct xfrm_encap_tmpl *encap);
#endif
int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 512dc43..56df9fb 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2602,7 +2602,7 @@ static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
}
return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
- kma ? &k : NULL, net);
+ kma ? &k : NULL, net, NULL);
out:
return err;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index ed4e52d..eaecfa4 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3268,11 +3268,6 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
return -EINVAL;
for (i = 0; i < num_migrate; i++) {
- if (xfrm_addr_equal(&m[i].old_daddr, &m[i].new_daddr,
- m[i].old_family) &&
- xfrm_addr_equal(&m[i].old_saddr, &m[i].new_saddr,
- m[i].old_family))
- return -EINVAL;
if (xfrm_addr_any(&m[i].new_daddr, m[i].new_family) ||
xfrm_addr_any(&m[i].new_saddr, m[i].new_family))
return -EINVAL;
@@ -3296,7 +3291,8 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
struct xfrm_migrate *m, int num_migrate,
- struct xfrm_kmaddress *k, struct net *net)
+ struct xfrm_kmaddress *k, struct net *net,
+ struct xfrm_encap_tmpl *encap)
{
int i, err, nx_cur = 0, nx_new = 0;
struct xfrm_policy *pol = NULL;
@@ -3319,7 +3315,8 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
if ((x = xfrm_migrate_state_find(mp, net))) {
x_cur[nx_cur] = x;
nx_cur++;
- if ((xc = xfrm_state_migrate(x, mp))) {
+ xc = xfrm_state_migrate(x, mp, encap);
+ if (xc) {
x_new[nx_new] = xc;
nx_new++;
} else {
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 2e291bc..ae6206b 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1309,7 +1309,8 @@ int xfrm_state_add(struct xfrm_state *x)
EXPORT_SYMBOL(xfrm_state_add);
#ifdef CONFIG_XFRM_MIGRATE
-static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
+static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig,
+ struct xfrm_encap_tmpl *encap)
{
struct net *net = xs_net(orig);
struct xfrm_state *x = xfrm_state_alloc(net);
@@ -1351,8 +1352,14 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
}
x->props.calgo = orig->props.calgo;
- if (orig->encap) {
- x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
+ if (encap || orig->encap) {
+ if (encap)
+ x->encap = kmemdup(encap, sizeof(*x->encap),
+ GFP_KERNEL);
+ else
+ x->encap = kmemdup(orig->encap, sizeof(*x->encap),
+ GFP_KERNEL);
+
if (!x->encap)
goto error;
}
@@ -1442,11 +1449,12 @@ struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *n
EXPORT_SYMBOL(xfrm_migrate_state_find);
struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
- struct xfrm_migrate *m)
+ struct xfrm_migrate *m,
+ struct xfrm_encap_tmpl *encap)
{
struct xfrm_state *xc;
- xc = xfrm_state_clone(x);
+ xc = xfrm_state_clone(x, encap);
if (!xc)
return NULL;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 38614df..fb98892 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2243,6 +2243,7 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
int err;
int n = 0;
struct net *net = sock_net(skb->sk);
+ struct xfrm_encap_tmpl *encap = NULL;
if (attrs[XFRMA_MIGRATE] == NULL)
return -EINVAL;
@@ -2260,9 +2261,18 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
if (!n)
return 0;
- xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net);
+ if (attrs[XFRMA_ENCAP]) {
+ encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]),
+ sizeof(*encap), GFP_KERNEL);
+ if (!encap)
+ return 0;
+ }
- return 0;
+ err = xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net, encap);
+
+ kfree(encap);
+
+ return err;
}
#else
static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message
2017-06-05 21:56 [PATCH 0/2] add udp encapsulation port to xfrm_do_migrate Antony Antony
2017-06-05 21:56 ` [PATCH 1/2] xfrm: extend MIGRATE with UDP encapsulation port Antony Antony
@ 2017-06-05 21:56 ` Antony Antony
2017-06-06 0:05 ` Richard Guy Briggs
` (2 more replies)
2017-06-06 10:12 ` [PATCH v2 1/2] xfrm: extend MIGRATE with UDP encapsulation port Antony Antony
2017-06-06 10:12 ` [PATCH v2 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
3 siblings, 3 replies; 10+ messages in thread
From: Antony Antony @ 2017-06-05 21:56 UTC (permalink / raw)
To: netdev
Cc: Antony Antony, Steffen Klassert, Herbert Xu, David S . Miller,
Richard Guy Briggs
Add XFRMA_ENCAP, UDP encapsulation port, to km_migrate announcement
to userland. Only add if XFRMA_ENCAP was in user migrate request.
Signed-off-by: Antony Antony <antony@phenome.org>
---
include/net/xfrm.h | 5 +++--
net/key/af_key.c | 3 ++-
net/xfrm/xfrm_policy.c | 2 +-
net/xfrm/xfrm_state.c | 5 +++--
net/xfrm/xfrm_user.c | 23 +++++++++++++++++------
5 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index df98463..9fb75fb 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -631,7 +631,8 @@ struct xfrm_mgr {
u8 dir, u8 type,
const struct xfrm_migrate *m,
int num_bundles,
- const struct xfrm_kmaddress *k);
+ const struct xfrm_kmaddress *k,
+ struct xfrm_encap_tmpl *encap);
bool (*is_alive)(const struct km_event *c);
};
@@ -1675,7 +1676,7 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
#ifdef CONFIG_XFRM_MIGRATE
int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_bundles,
- const struct xfrm_kmaddress *k);
+ const struct xfrm_kmaddress *k, struct xfrm_encap_tmpl *encap);
struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net);
struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
struct xfrm_migrate *m,
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 56df9fb..2ad2286 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3508,7 +3508,8 @@ static int set_ipsecrequest(struct sk_buff *skb,
#ifdef CONFIG_NET_KEY_MIGRATE
static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_bundles,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ struct xfrm_encap_tmpl *encap)
{
int i;
int sasize_sel;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index eaecfa4..7152147 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3337,7 +3337,7 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
}
/* Stage 5 - announce */
- km_migrate(sel, dir, type, m, num_migrate, k);
+ km_migrate(sel, dir, type, m, num_migrate, k, encap);
xfrm_pol_put(pol);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index ae6206b..d6220f7 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1966,7 +1966,7 @@ EXPORT_SYMBOL(km_policy_expired);
#ifdef CONFIG_XFRM_MIGRATE
int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k, struct xfrm_encap_tmpl *encap)
{
int err = -EINVAL;
int ret;
@@ -1975,7 +1975,8 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
rcu_read_lock();
list_for_each_entry_rcu(km, &xfrm_km_list, list) {
if (km->migrate) {
- ret = km->migrate(sel, dir, type, m, num_migrate, k);
+ ret = km->migrate(sel, dir, type, m, num_migrate, k,
+ encap);
if (!ret)
err = ret;
}
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index fb98892..8c54484 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2314,17 +2314,20 @@ static int copy_to_user_kmaddress(const struct xfrm_kmaddress *k, struct sk_buff
return nla_put(skb, XFRMA_KMADDRESS, sizeof(uk), &uk);
}
-static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma)
+static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma,
+ int with_encp)
{
return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id))
+ (with_kma ? nla_total_size(sizeof(struct xfrm_kmaddress)) : 0)
+ + (with_encp ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0)
+ nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate)
+ userpolicy_type_attrsize();
}
static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
int num_migrate, const struct xfrm_kmaddress *k,
- const struct xfrm_selector *sel, u8 dir, u8 type)
+ const struct xfrm_selector *sel,
+ struct xfrm_encap_tmpl *encap, u8 dir, u8 type)
{
const struct xfrm_migrate *mp;
struct xfrm_userpolicy_id *pol_id;
@@ -2346,6 +2349,11 @@ static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
if (err)
goto out_cancel;
}
+ if (encap) {
+ err = nla_put(skb, XFRMA_ENCAP, sizeof(*encap), encap);
+ if (err)
+ goto out_cancel;
+ }
err = copy_to_user_policy_type(type, skb);
if (err)
goto out_cancel;
@@ -2365,17 +2373,19 @@ static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ struct xfrm_encap_tmpl *encap)
{
struct net *net = &init_net;
struct sk_buff *skb;
- skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k), GFP_ATOMIC);
+ skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k, !!encap),
+ GFP_ATOMIC);
if (skb == NULL)
return -ENOMEM;
/* build migrate */
- if (build_migrate(skb, m, num_migrate, k, sel, dir, type) < 0)
+ if (build_migrate(skb, m, num_migrate, k, sel, encap, dir, type) < 0)
BUG();
return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE);
@@ -2383,7 +2393,8 @@ static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
#else
static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ struct xfrm_encap_tmpl *encap)
{
return -ENOPROTOOPT;
}
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 1/2] xfrm: extend MIGRATE with UDP encapsulation port
2017-06-05 21:56 ` [PATCH 1/2] xfrm: extend MIGRATE with UDP encapsulation port Antony Antony
@ 2017-06-06 0:05 ` Richard Guy Briggs
0 siblings, 0 replies; 10+ messages in thread
From: Richard Guy Briggs @ 2017-06-06 0:05 UTC (permalink / raw)
To: Antony Antony; +Cc: netdev, Steffen Klassert, Herbert Xu, David S . Miller
On 2017-06-05 23:56, Antony Antony wrote:
> Add UDP encapsulation port to XFRM_MSG_MIGRATE using an optional
> netlink attribute XFRMA_ENCAP.
>
> The devices that support IKE MOBIKE extension (RFC-4555 Section 3.8)
> could go to sleep for a few minutes and wake up. When it wake up the
> NAT mapping could have expired, the device send a MOBIKE UPDATE_SA
> message to migrate the IPsec SA. The change could be a change UDP
> encapsulation port, IP address, or both.
>
> Reported-by: Paul Wouters <pwouters@redhat.com>
> Signed-off-by: Antony Antony <antony@phenome.org>
Looks reasonable to me.
Reviewed-by: Richard Guy Briggs <rgb@tricolour.ca>
> ---
> include/net/xfrm.h | 6 ++++--
> net/key/af_key.c | 2 +-
> net/xfrm/xfrm_policy.c | 11 ++++-------
> net/xfrm/xfrm_state.c | 18 +++++++++++++-----
> net/xfrm/xfrm_user.c | 14 ++++++++++++--
> 5 files changed, 34 insertions(+), 17 deletions(-)
>
> diff --git a/include/net/xfrm.h b/include/net/xfrm.h
> index 7e7e2b0..df98463 100644
> --- a/include/net/xfrm.h
> +++ b/include/net/xfrm.h
> @@ -1678,10 +1678,12 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> const struct xfrm_kmaddress *k);
> struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net);
> struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
> - struct xfrm_migrate *m);
> + struct xfrm_migrate *m,
> + struct xfrm_encap_tmpl *encap);
> int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> struct xfrm_migrate *m, int num_bundles,
> - struct xfrm_kmaddress *k, struct net *net);
> + struct xfrm_kmaddress *k, struct net *net,
> + struct xfrm_encap_tmpl *encap);
> #endif
>
> int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
> diff --git a/net/key/af_key.c b/net/key/af_key.c
> index 512dc43..56df9fb 100644
> --- a/net/key/af_key.c
> +++ b/net/key/af_key.c
> @@ -2602,7 +2602,7 @@ static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
> }
>
> return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
> - kma ? &k : NULL, net);
> + kma ? &k : NULL, net, NULL);
>
> out:
> return err;
> diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> index ed4e52d..eaecfa4 100644
> --- a/net/xfrm/xfrm_policy.c
> +++ b/net/xfrm/xfrm_policy.c
> @@ -3268,11 +3268,6 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
> return -EINVAL;
>
> for (i = 0; i < num_migrate; i++) {
> - if (xfrm_addr_equal(&m[i].old_daddr, &m[i].new_daddr,
> - m[i].old_family) &&
> - xfrm_addr_equal(&m[i].old_saddr, &m[i].new_saddr,
> - m[i].old_family))
> - return -EINVAL;
> if (xfrm_addr_any(&m[i].new_daddr, m[i].new_family) ||
> xfrm_addr_any(&m[i].new_saddr, m[i].new_family))
> return -EINVAL;
> @@ -3296,7 +3291,8 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
>
> int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> struct xfrm_migrate *m, int num_migrate,
> - struct xfrm_kmaddress *k, struct net *net)
> + struct xfrm_kmaddress *k, struct net *net,
> + struct xfrm_encap_tmpl *encap)
> {
> int i, err, nx_cur = 0, nx_new = 0;
> struct xfrm_policy *pol = NULL;
> @@ -3319,7 +3315,8 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> if ((x = xfrm_migrate_state_find(mp, net))) {
> x_cur[nx_cur] = x;
> nx_cur++;
> - if ((xc = xfrm_state_migrate(x, mp))) {
> + xc = xfrm_state_migrate(x, mp, encap);
> + if (xc) {
> x_new[nx_new] = xc;
> nx_new++;
> } else {
> diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> index 2e291bc..ae6206b 100644
> --- a/net/xfrm/xfrm_state.c
> +++ b/net/xfrm/xfrm_state.c
> @@ -1309,7 +1309,8 @@ int xfrm_state_add(struct xfrm_state *x)
> EXPORT_SYMBOL(xfrm_state_add);
>
> #ifdef CONFIG_XFRM_MIGRATE
> -static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
> +static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig,
> + struct xfrm_encap_tmpl *encap)
> {
> struct net *net = xs_net(orig);
> struct xfrm_state *x = xfrm_state_alloc(net);
> @@ -1351,8 +1352,14 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
> }
> x->props.calgo = orig->props.calgo;
>
> - if (orig->encap) {
> - x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
> + if (encap || orig->encap) {
> + if (encap)
> + x->encap = kmemdup(encap, sizeof(*x->encap),
> + GFP_KERNEL);
> + else
> + x->encap = kmemdup(orig->encap, sizeof(*x->encap),
> + GFP_KERNEL);
> +
> if (!x->encap)
> goto error;
> }
> @@ -1442,11 +1449,12 @@ struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *n
> EXPORT_SYMBOL(xfrm_migrate_state_find);
>
> struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
> - struct xfrm_migrate *m)
> + struct xfrm_migrate *m,
> + struct xfrm_encap_tmpl *encap)
> {
> struct xfrm_state *xc;
>
> - xc = xfrm_state_clone(x);
> + xc = xfrm_state_clone(x, encap);
> if (!xc)
> return NULL;
>
> diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
> index 38614df..fb98892 100644
> --- a/net/xfrm/xfrm_user.c
> +++ b/net/xfrm/xfrm_user.c
> @@ -2243,6 +2243,7 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
> int err;
> int n = 0;
> struct net *net = sock_net(skb->sk);
> + struct xfrm_encap_tmpl *encap = NULL;
>
> if (attrs[XFRMA_MIGRATE] == NULL)
> return -EINVAL;
> @@ -2260,9 +2261,18 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
> if (!n)
> return 0;
>
> - xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net);
> + if (attrs[XFRMA_ENCAP]) {
> + encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]),
> + sizeof(*encap), GFP_KERNEL);
> + if (!encap)
> + return 0;
> + }
>
> - return 0;
> + err = xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net, encap);
> +
> + kfree(encap);
> +
> + return err;
> }
> #else
> static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
> --
> 2.9.3
slainte mhath, RGB
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message
2017-06-05 21:56 ` [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
@ 2017-06-06 0:05 ` Richard Guy Briggs
2017-06-06 4:53 ` kbuild test robot
2017-06-06 6:04 ` kbuild test robot
2 siblings, 0 replies; 10+ messages in thread
From: Richard Guy Briggs @ 2017-06-06 0:05 UTC (permalink / raw)
To: Antony Antony; +Cc: netdev, Steffen Klassert, Herbert Xu, David S . Miller
On 2017-06-05 23:56, Antony Antony wrote:
> Add XFRMA_ENCAP, UDP encapsulation port, to km_migrate announcement
> to userland. Only add if XFRMA_ENCAP was in user migrate request.
>
> Signed-off-by: Antony Antony <antony@phenome.org>
Looks reasonable to me.
Reviewed-by: Richard Guy Briggs <rgb@tricolour.ca>
> ---
> include/net/xfrm.h | 5 +++--
> net/key/af_key.c | 3 ++-
> net/xfrm/xfrm_policy.c | 2 +-
> net/xfrm/xfrm_state.c | 5 +++--
> net/xfrm/xfrm_user.c | 23 +++++++++++++++++------
> 5 files changed, 26 insertions(+), 12 deletions(-)
>
> diff --git a/include/net/xfrm.h b/include/net/xfrm.h
> index df98463..9fb75fb 100644
> --- a/include/net/xfrm.h
> +++ b/include/net/xfrm.h
> @@ -631,7 +631,8 @@ struct xfrm_mgr {
> u8 dir, u8 type,
> const struct xfrm_migrate *m,
> int num_bundles,
> - const struct xfrm_kmaddress *k);
> + const struct xfrm_kmaddress *k,
> + struct xfrm_encap_tmpl *encap);
> bool (*is_alive)(const struct km_event *c);
> };
>
> @@ -1675,7 +1676,7 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
> #ifdef CONFIG_XFRM_MIGRATE
> int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> const struct xfrm_migrate *m, int num_bundles,
> - const struct xfrm_kmaddress *k);
> + const struct xfrm_kmaddress *k, struct xfrm_encap_tmpl *encap);
> struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net);
> struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
> struct xfrm_migrate *m,
> diff --git a/net/key/af_key.c b/net/key/af_key.c
> index 56df9fb..2ad2286 100644
> --- a/net/key/af_key.c
> +++ b/net/key/af_key.c
> @@ -3508,7 +3508,8 @@ static int set_ipsecrequest(struct sk_buff *skb,
> #ifdef CONFIG_NET_KEY_MIGRATE
> static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> const struct xfrm_migrate *m, int num_bundles,
> - const struct xfrm_kmaddress *k)
> + const struct xfrm_kmaddress *k,
> + struct xfrm_encap_tmpl *encap)
> {
> int i;
> int sasize_sel;
> diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> index eaecfa4..7152147 100644
> --- a/net/xfrm/xfrm_policy.c
> +++ b/net/xfrm/xfrm_policy.c
> @@ -3337,7 +3337,7 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> }
>
> /* Stage 5 - announce */
> - km_migrate(sel, dir, type, m, num_migrate, k);
> + km_migrate(sel, dir, type, m, num_migrate, k, encap);
>
> xfrm_pol_put(pol);
>
> diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> index ae6206b..d6220f7 100644
> --- a/net/xfrm/xfrm_state.c
> +++ b/net/xfrm/xfrm_state.c
> @@ -1966,7 +1966,7 @@ EXPORT_SYMBOL(km_policy_expired);
> #ifdef CONFIG_XFRM_MIGRATE
> int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> const struct xfrm_migrate *m, int num_migrate,
> - const struct xfrm_kmaddress *k)
> + const struct xfrm_kmaddress *k, struct xfrm_encap_tmpl *encap)
> {
> int err = -EINVAL;
> int ret;
> @@ -1975,7 +1975,8 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> rcu_read_lock();
> list_for_each_entry_rcu(km, &xfrm_km_list, list) {
> if (km->migrate) {
> - ret = km->migrate(sel, dir, type, m, num_migrate, k);
> + ret = km->migrate(sel, dir, type, m, num_migrate, k,
> + encap);
> if (!ret)
> err = ret;
> }
> diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
> index fb98892..8c54484 100644
> --- a/net/xfrm/xfrm_user.c
> +++ b/net/xfrm/xfrm_user.c
> @@ -2314,17 +2314,20 @@ static int copy_to_user_kmaddress(const struct xfrm_kmaddress *k, struct sk_buff
> return nla_put(skb, XFRMA_KMADDRESS, sizeof(uk), &uk);
> }
>
> -static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma)
> +static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma,
> + int with_encp)
> {
> return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id))
> + (with_kma ? nla_total_size(sizeof(struct xfrm_kmaddress)) : 0)
> + + (with_encp ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0)
> + nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate)
> + userpolicy_type_attrsize();
> }
>
> static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
> int num_migrate, const struct xfrm_kmaddress *k,
> - const struct xfrm_selector *sel, u8 dir, u8 type)
> + const struct xfrm_selector *sel,
> + struct xfrm_encap_tmpl *encap, u8 dir, u8 type)
> {
> const struct xfrm_migrate *mp;
> struct xfrm_userpolicy_id *pol_id;
> @@ -2346,6 +2349,11 @@ static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
> if (err)
> goto out_cancel;
> }
> + if (encap) {
> + err = nla_put(skb, XFRMA_ENCAP, sizeof(*encap), encap);
> + if (err)
> + goto out_cancel;
> + }
> err = copy_to_user_policy_type(type, skb);
> if (err)
> goto out_cancel;
> @@ -2365,17 +2373,19 @@ static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
>
> static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> const struct xfrm_migrate *m, int num_migrate,
> - const struct xfrm_kmaddress *k)
> + const struct xfrm_kmaddress *k,
> + struct xfrm_encap_tmpl *encap)
> {
> struct net *net = &init_net;
> struct sk_buff *skb;
>
> - skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k), GFP_ATOMIC);
> + skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k, !!encap),
> + GFP_ATOMIC);
> if (skb == NULL)
> return -ENOMEM;
>
> /* build migrate */
> - if (build_migrate(skb, m, num_migrate, k, sel, dir, type) < 0)
> + if (build_migrate(skb, m, num_migrate, k, sel, encap, dir, type) < 0)
> BUG();
>
> return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE);
> @@ -2383,7 +2393,8 @@ static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> #else
> static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
> const struct xfrm_migrate *m, int num_migrate,
> - const struct xfrm_kmaddress *k)
> + const struct xfrm_kmaddress *k,
> + struct xfrm_encap_tmpl *encap)
> {
> return -ENOPROTOOPT;
> }
> --
> 2.9.3
slainte mhath, RGB
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message
2017-06-05 21:56 ` [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
2017-06-06 0:05 ` Richard Guy Briggs
@ 2017-06-06 4:53 ` kbuild test robot
2017-06-06 6:04 ` kbuild test robot
2 siblings, 0 replies; 10+ messages in thread
From: kbuild test robot @ 2017-06-06 4:53 UTC (permalink / raw)
To: Antony Antony
Cc: kbuild-all, netdev, Antony Antony, Steffen Klassert, Herbert Xu,
David S . Miller, Richard Guy Briggs
[-- Attachment #1: Type: text/plain, Size: 9242 bytes --]
Hi Antony,
[auto build test ERROR on ipsec-next/master]
[also build test ERROR on v4.12-rc4 next-20170605]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Antony-Antony/add-udp-encapsulation-port-to-xfrm_do_migrate/20170606-114911
base: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
config: x86_64-randconfig-x015-201723 (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
>> net//key/af_key.c:3836:13: error: initialization from incompatible pointer type [-Werror=incompatible-pointer-types]
.migrate = pfkey_send_migrate,
^~~~~~~~~~~~~~~~~~
net//key/af_key.c:3836:13: note: (near initialization for 'pfkeyv2_mgr.migrate')
Cyclomatic Complexity 5 include/linux/compiler.h:__read_once_size
Cyclomatic Complexity 5 include/linux/compiler.h:__write_once_size
Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:__set_bit
Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:constant_test_bit
Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:variable_test_bit
Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:fls64
Cyclomatic Complexity 1 include/linux/log2.h:__ilog2_u64
Cyclomatic Complexity 1 include/linux/list.h:hlist_unhashed
Cyclomatic Complexity 1 include/linux/list.h:hlist_empty
Cyclomatic Complexity 2 include/linux/list.h:__hlist_del
Cyclomatic Complexity 1 include/asm-generic/getorder.h:__get_order
Cyclomatic Complexity 1 include/linux/err.h:ERR_PTR
Cyclomatic Complexity 1 include/linux/err.h:PTR_ERR
Cyclomatic Complexity 1 include/linux/err.h:IS_ERR
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_read
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_set
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_add
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_inc
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_dec
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_dec_and_test
Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_add_return
Cyclomatic Complexity 5 arch/x86/include/asm/preempt.h:__preempt_count_add
Cyclomatic Complexity 5 arch/x86/include/asm/preempt.h:__preempt_count_sub
Cyclomatic Complexity 1 include/linux/spinlock.h:spin_lock_bh
Cyclomatic Complexity 1 include/linux/spinlock.h:spin_unlock_bh
Cyclomatic Complexity 1 include/linux/rcupdate.h:__rcu_read_lock
Cyclomatic Complexity 1 include/linux/rcupdate.h:__rcu_read_unlock
Cyclomatic Complexity 1 include/linux/rcupdate.h:synchronize_rcu
Cyclomatic Complexity 1 include/linux/rcutiny.h:rcu_is_watching
Cyclomatic Complexity 1 include/linux/rcupdate.h:rcu_lock_acquire
Cyclomatic Complexity 1 include/linux/rcupdate.h:rcu_lock_release
Cyclomatic Complexity 4 include/linux/rcupdate.h:rcu_read_lock
Cyclomatic Complexity 4 include/linux/rcupdate.h:rcu_read_unlock
Cyclomatic Complexity 3 include/linux/rculist.h:hlist_add_head_rcu
Cyclomatic Complexity 1 include/linux/kasan.h:kasan_kmalloc
Cyclomatic Complexity 28 include/linux/slab.h:kmalloc_index
Cyclomatic Complexity 1 include/linux/slab.h:kmem_cache_alloc_trace
Cyclomatic Complexity 1 include/linux/slab.h:kmalloc_order_trace
Cyclomatic Complexity 68 include/linux/slab.h:kmalloc_large
Cyclomatic Complexity 5 include/linux/slab.h:kmalloc
Cyclomatic Complexity 1 include/linux/skbuff.h:alloc_skb
Cyclomatic Complexity 1 include/linux/skbuff.h:skb_end_pointer
Cyclomatic Complexity 3 include/linux/skbuff.h:skb_cloned
Cyclomatic Complexity 1 include/linux/skbuff.h:skb_reset_transport_header
Cyclomatic Complexity 2 include/linux/skbuff.h:skb_orphan
Cyclomatic Complexity 1 include/linux/skbuff.h:skb_copy_datagram_msg
Cyclomatic Complexity 2 include/linux/skbuff.h:memcpy_from_msg
Cyclomatic Complexity 1 include/linux/seq_file.h:seq_user_ns
Cyclomatic Complexity 1 include/linux/seq_file_net.h:seq_file_net
Cyclomatic Complexity 1 include/net/net_namespace.h:read_pnet
Cyclomatic Complexity 1 include/linux/proc_fs.h:proc_create
Cyclomatic Complexity 4 include/net/netns/generic.h:net_generic
Cyclomatic Complexity 1 include/net/sock.h:sk_entry
Cyclomatic Complexity 1 include/net/sock.h:sk_unhashed
Cyclomatic Complexity 1 include/net/sock.h:sk_hashed
Cyclomatic Complexity 1 include/net/sock.h:sk_node_init
Cyclomatic Complexity 1 include/net/sock.h:__sk_del_node
Cyclomatic Complexity 2 include/net/sock.h:__sk_del_node_init
Cyclomatic Complexity 1 include/net/sock.h:sock_hold
Cyclomatic Complexity 1 include/net/sock.h:__sock_put
Cyclomatic Complexity 3 include/net/sock.h:sk_del_node_init
Cyclomatic Complexity 1 include/net/sock.h:sk_add_node_rcu
Cyclomatic Complexity 1 include/net/sock.h:sock_set_flag
Cyclomatic Complexity 2 include/net/sock.h:sock_flag
Cyclomatic Complexity 1 include/net/sock.h:sk_has_account
Cyclomatic Complexity 2 include/net/sock.h:sk_mem_charge
Cyclomatic Complexity 2 include/net/sock.h:sock_put
Cyclomatic Complexity 1 include/net/sock.h:sk_tx_queue_clear
Cyclomatic Complexity 1 include/net/sock.h:sk_set_socket
Cyclomatic Complexity 1 include/net/sock.h:sock_orphan
Cyclomatic Complexity 1 include/net/sock.h:sk_wmem_alloc_get
Cyclomatic Complexity 1 include/net/sock.h:sk_rmem_alloc_get
Cyclomatic Complexity 1 include/net/sock.h:skb_set_owner_r
Cyclomatic Complexity 5 include/net/sock.h:sock_recv_ts_and_drops
Cyclomatic Complexity 1 include/net/sock.h:sock_net
Cyclomatic Complexity 1 include/net/ipv6.h:ipv6_addr_equal
Cyclomatic Complexity 1 include/net/xfrm.h:xs_net
Cyclomatic Complexity 1 include/net/xfrm.h:xp_net
Cyclomatic Complexity 2 include/net/xfrm.h:xfrm_pol_put
Cyclomatic Complexity 1 include/net/xfrm.h:__xfrm_state_put
Cyclomatic Complexity 2 include/net/xfrm.h:xfrm_state_put
Cyclomatic Complexity 1 include/net/xfrm.h:xfrm_state_hold
Cyclomatic Complexity 1 include/net/xfrm.h:xfrm_state_kern
Cyclomatic Complexity 1 include/net/xfrm.h:xfrm6_addr_equal
Cyclomatic Complexity 2 include/net/xfrm.h:xfrm_addr_equal
Cyclomatic Complexity 1 include/net/xfrm.h:xfrm_policy_id2dir
Cyclomatic Complexity 1 net//key/af_key.c:pfkey_sk
Cyclomatic Complexity 2 net//key/af_key.c:pfkey_can_dump
Cyclomatic Complexity 1 net//key/af_key.c:pfkey_hdr_dup
Cyclomatic Complexity 4 net//key/af_key.c:verify_address_len
Cyclomatic Complexity 1 net//key/af_key.c:pfkey_sec_ctx_len
Cyclomatic Complexity 3 net//key/af_key.c:verify_sec_ctx_len
Cyclomatic Complexity 2 net//key/af_key.c:pfkey_sadb2xfrm_user_sec_ctx
Cyclomatic Complexity 4 net//key/af_key.c:present_and_same_family
Cyclomatic Complexity 11 net//key/af_key.c:parse_exthdrs
Cyclomatic Complexity 5 net//key/af_key.c:pfkey_satype2proto
Cyclomatic Complexity 4 net//key/af_key.c:pfkey_proto2satype
vim +3836 net//key/af_key.c
61145aa1 Pavel Emelyanov 2008-02-09 3820 {
61145aa1 Pavel Emelyanov 2008-02-09 3821 return 0;
61145aa1 Pavel Emelyanov 2008-02-09 3822 }
61145aa1 Pavel Emelyanov 2008-02-09 3823
2c8c1e72 Alexey Dobriyan 2010-01-17 3824 static inline void pfkey_exit_proc(struct net *net)
61145aa1 Pavel Emelyanov 2008-02-09 3825 {
61145aa1 Pavel Emelyanov 2008-02-09 3826 }
^1da177e Linus Torvalds 2005-04-16 3827 #endif
^1da177e Linus Torvalds 2005-04-16 3828
^1da177e Linus Torvalds 2005-04-16 3829 static struct xfrm_mgr pfkeyv2_mgr =
^1da177e Linus Torvalds 2005-04-16 3830 {
^1da177e Linus Torvalds 2005-04-16 3831 .notify = pfkey_send_notify,
^1da177e Linus Torvalds 2005-04-16 3832 .acquire = pfkey_send_acquire,
^1da177e Linus Torvalds 2005-04-16 3833 .compile_policy = pfkey_compile_policy,
^1da177e Linus Torvalds 2005-04-16 3834 .new_mapping = pfkey_send_new_mapping,
26b15dad Jamal Hadi Salim 2005-06-18 3835 .notify_policy = pfkey_send_policy_notify,
08de61be Shinta Sugimoto 2007-02-08 @3836 .migrate = pfkey_send_migrate,
0f24558e Horia Geanta 2014-02-12 3837 .is_alive = pfkey_is_alive,
^1da177e Linus Torvalds 2005-04-16 3838 };
^1da177e Linus Torvalds 2005-04-16 3839
3fa87a32 Alexey Dobriyan 2008-11-25 3840 static int __net_init pfkey_net_init(struct net *net)
3fa87a32 Alexey Dobriyan 2008-11-25 3841 {
23c049ca Eric W. Biederman 2009-11-29 3842 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3fa87a32 Alexey Dobriyan 2008-11-25 3843 int rv;
3fa87a32 Alexey Dobriyan 2008-11-25 3844
:::::: The code at line 3836 was first introduced by commit
:::::: 08de61beab8a21c8e0b3906a97defda5f1f66ece [PFKEYV2]: Extension for dynamic update of endpoint address(es)
:::::: TO: Shinta Sugimoto <shinta.sugimoto@ericsson.com>
:::::: CC: David S. Miller <davem@davemloft.net>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 26678 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message
2017-06-05 21:56 ` [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
2017-06-06 0:05 ` Richard Guy Briggs
2017-06-06 4:53 ` kbuild test robot
@ 2017-06-06 6:04 ` kbuild test robot
2 siblings, 0 replies; 10+ messages in thread
From: kbuild test robot @ 2017-06-06 6:04 UTC (permalink / raw)
To: Antony Antony
Cc: kbuild-all, netdev, Antony Antony, Steffen Klassert, Herbert Xu,
David S . Miller, Richard Guy Briggs
[-- Attachment #1: Type: text/plain, Size: 3100 bytes --]
Hi Antony,
[auto build test WARNING on ipsec-next/master]
[also build test WARNING on v4.12-rc4 next-20170605]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Antony-Antony/add-udp-encapsulation-port-to-xfrm_do_migrate/20170606-114911
base: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
config: m68k-sun3_defconfig (attached as .config)
compiler: m68k-linux-gcc (GCC) 4.9.0
reproduce:
wget https://raw.githubusercontent.com/01org/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=m68k
All warnings (new ones prefixed by >>):
>> net/key/af_key.c:3836:2: warning: initialization from incompatible pointer type
.migrate = pfkey_send_migrate,
^
net/key/af_key.c:3836:2: warning: (near initialization for 'pfkeyv2_mgr.migrate')
vim +3836 net/key/af_key.c
61145aa1 Pavel Emelyanov 2008-02-09 3820 {
61145aa1 Pavel Emelyanov 2008-02-09 3821 return 0;
61145aa1 Pavel Emelyanov 2008-02-09 3822 }
61145aa1 Pavel Emelyanov 2008-02-09 3823
2c8c1e72 Alexey Dobriyan 2010-01-17 3824 static inline void pfkey_exit_proc(struct net *net)
61145aa1 Pavel Emelyanov 2008-02-09 3825 {
61145aa1 Pavel Emelyanov 2008-02-09 3826 }
^1da177e Linus Torvalds 2005-04-16 3827 #endif
^1da177e Linus Torvalds 2005-04-16 3828
^1da177e Linus Torvalds 2005-04-16 3829 static struct xfrm_mgr pfkeyv2_mgr =
^1da177e Linus Torvalds 2005-04-16 3830 {
^1da177e Linus Torvalds 2005-04-16 3831 .notify = pfkey_send_notify,
^1da177e Linus Torvalds 2005-04-16 3832 .acquire = pfkey_send_acquire,
^1da177e Linus Torvalds 2005-04-16 3833 .compile_policy = pfkey_compile_policy,
^1da177e Linus Torvalds 2005-04-16 3834 .new_mapping = pfkey_send_new_mapping,
26b15dad Jamal Hadi Salim 2005-06-18 3835 .notify_policy = pfkey_send_policy_notify,
08de61be Shinta Sugimoto 2007-02-08 @3836 .migrate = pfkey_send_migrate,
0f24558e Horia Geanta 2014-02-12 3837 .is_alive = pfkey_is_alive,
^1da177e Linus Torvalds 2005-04-16 3838 };
^1da177e Linus Torvalds 2005-04-16 3839
3fa87a32 Alexey Dobriyan 2008-11-25 3840 static int __net_init pfkey_net_init(struct net *net)
3fa87a32 Alexey Dobriyan 2008-11-25 3841 {
23c049ca Eric W. Biederman 2009-11-29 3842 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3fa87a32 Alexey Dobriyan 2008-11-25 3843 int rv;
3fa87a32 Alexey Dobriyan 2008-11-25 3844
:::::: The code at line 3836 was first introduced by commit
:::::: 08de61beab8a21c8e0b3906a97defda5f1f66ece [PFKEYV2]: Extension for dynamic update of endpoint address(es)
:::::: TO: Shinta Sugimoto <shinta.sugimoto@ericsson.com>
:::::: CC: David S. Miller <davem@davemloft.net>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 12002 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v2 1/2] xfrm: extend MIGRATE with UDP encapsulation port
2017-06-05 21:56 [PATCH 0/2] add udp encapsulation port to xfrm_do_migrate Antony Antony
2017-06-05 21:56 ` [PATCH 1/2] xfrm: extend MIGRATE with UDP encapsulation port Antony Antony
2017-06-05 21:56 ` [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
@ 2017-06-06 10:12 ` Antony Antony
2017-06-06 10:12 ` [PATCH v2 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
3 siblings, 0 replies; 10+ messages in thread
From: Antony Antony @ 2017-06-06 10:12 UTC (permalink / raw)
To: netdev
Cc: Antony Antony, Steffen Klassert, Herbert Xu, David S . Miller,
Richard Guy Briggs
Add UDP encapsulation port to XFRM_MSG_MIGRATE using an optional
netlink attribute XFRMA_ENCAP.
The devices that support IKE MOBIKE extension (RFC-4555 Section 3.8)
could go to sleep for a few minutes and wake up. When it wake up the
NAT mapping could have expired, the device send a MOBIKE UPDATE_SA
message to migrate the IPsec SA. The change could be a change UDP
encapsulation port, IP address, or both.
Reported-by: Paul Wouters <pwouters@redhat.com>
Signed-off-by: Antony Antony <antony@phenome.org>
Reviewed-by: Richard Guy Briggs <rgb@tricolour.ca>
---
include/net/xfrm.h | 6 ++++--
net/key/af_key.c | 2 +-
net/xfrm/xfrm_policy.c | 11 ++++-------
net/xfrm/xfrm_state.c | 18 +++++++++++++-----
net/xfrm/xfrm_user.c | 14 ++++++++++++--
5 files changed, 34 insertions(+), 17 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 7e7e2b0..df98463 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1678,10 +1678,12 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_kmaddress *k);
struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net);
struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
- struct xfrm_migrate *m);
+ struct xfrm_migrate *m,
+ struct xfrm_encap_tmpl *encap);
int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
struct xfrm_migrate *m, int num_bundles,
- struct xfrm_kmaddress *k, struct net *net);
+ struct xfrm_kmaddress *k, struct net *net,
+ struct xfrm_encap_tmpl *encap);
#endif
int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 512dc43..56df9fb 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2602,7 +2602,7 @@ static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
}
return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i,
- kma ? &k : NULL, net);
+ kma ? &k : NULL, net, NULL);
out:
return err;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index ed4e52d..eaecfa4 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3268,11 +3268,6 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
return -EINVAL;
for (i = 0; i < num_migrate; i++) {
- if (xfrm_addr_equal(&m[i].old_daddr, &m[i].new_daddr,
- m[i].old_family) &&
- xfrm_addr_equal(&m[i].old_saddr, &m[i].new_saddr,
- m[i].old_family))
- return -EINVAL;
if (xfrm_addr_any(&m[i].new_daddr, m[i].new_family) ||
xfrm_addr_any(&m[i].new_saddr, m[i].new_family))
return -EINVAL;
@@ -3296,7 +3291,8 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
struct xfrm_migrate *m, int num_migrate,
- struct xfrm_kmaddress *k, struct net *net)
+ struct xfrm_kmaddress *k, struct net *net,
+ struct xfrm_encap_tmpl *encap)
{
int i, err, nx_cur = 0, nx_new = 0;
struct xfrm_policy *pol = NULL;
@@ -3319,7 +3315,8 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
if ((x = xfrm_migrate_state_find(mp, net))) {
x_cur[nx_cur] = x;
nx_cur++;
- if ((xc = xfrm_state_migrate(x, mp))) {
+ xc = xfrm_state_migrate(x, mp, encap);
+ if (xc) {
x_new[nx_new] = xc;
nx_new++;
} else {
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 2e291bc..ae6206b 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1309,7 +1309,8 @@ int xfrm_state_add(struct xfrm_state *x)
EXPORT_SYMBOL(xfrm_state_add);
#ifdef CONFIG_XFRM_MIGRATE
-static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
+static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig,
+ struct xfrm_encap_tmpl *encap)
{
struct net *net = xs_net(orig);
struct xfrm_state *x = xfrm_state_alloc(net);
@@ -1351,8 +1352,14 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
}
x->props.calgo = orig->props.calgo;
- if (orig->encap) {
- x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
+ if (encap || orig->encap) {
+ if (encap)
+ x->encap = kmemdup(encap, sizeof(*x->encap),
+ GFP_KERNEL);
+ else
+ x->encap = kmemdup(orig->encap, sizeof(*x->encap),
+ GFP_KERNEL);
+
if (!x->encap)
goto error;
}
@@ -1442,11 +1449,12 @@ struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *n
EXPORT_SYMBOL(xfrm_migrate_state_find);
struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
- struct xfrm_migrate *m)
+ struct xfrm_migrate *m,
+ struct xfrm_encap_tmpl *encap)
{
struct xfrm_state *xc;
- xc = xfrm_state_clone(x);
+ xc = xfrm_state_clone(x, encap);
if (!xc)
return NULL;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 38614df..fb98892 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2243,6 +2243,7 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
int err;
int n = 0;
struct net *net = sock_net(skb->sk);
+ struct xfrm_encap_tmpl *encap = NULL;
if (attrs[XFRMA_MIGRATE] == NULL)
return -EINVAL;
@@ -2260,9 +2261,18 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
if (!n)
return 0;
- xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net);
+ if (attrs[XFRMA_ENCAP]) {
+ encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]),
+ sizeof(*encap), GFP_KERNEL);
+ if (!encap)
+ return 0;
+ }
- return 0;
+ err = xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net, encap);
+
+ kfree(encap);
+
+ return err;
}
#else
static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v2 2/2] xfrm: add UDP encapsulation port in migrate message
2017-06-05 21:56 [PATCH 0/2] add udp encapsulation port to xfrm_do_migrate Antony Antony
` (2 preceding siblings ...)
2017-06-06 10:12 ` [PATCH v2 1/2] xfrm: extend MIGRATE with UDP encapsulation port Antony Antony
@ 2017-06-06 10:12 ` Antony Antony
2017-06-07 11:02 ` Steffen Klassert
3 siblings, 1 reply; 10+ messages in thread
From: Antony Antony @ 2017-06-06 10:12 UTC (permalink / raw)
To: netdev
Cc: Antony Antony, Steffen Klassert, Herbert Xu, David S . Miller,
Richard Guy Briggs
Add XFRMA_ENCAP, UDP encapsulation port, to km_migrate announcement
to userland. Only add if XFRMA_ENCAP was in user migrate request.
Signed-off-by: Antony Antony <antony@phenome.org>
Reviewed-by: Richard Guy Briggs <rgb@tricolour.ca>
---
Changes in v2:
- fixed pfkey_send_migrate, warning reported by kbuild test robot
with # CONFIG_NET_KEY_MIGRATE is not set
also tested with # CONFIG_XFRM_MIGRATE is not set
- constify struct xfrm_encap_tmpl *encap in km_migrate
include/net/xfrm.h | 6 ++++--
net/key/af_key.c | 6 ++++--
net/xfrm/xfrm_policy.c | 2 +-
net/xfrm/xfrm_state.c | 6 ++++--
net/xfrm/xfrm_user.c | 23 +++++++++++++++++------
5 files changed, 30 insertions(+), 13 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index df98463..01f5bc1 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -631,7 +631,8 @@ struct xfrm_mgr {
u8 dir, u8 type,
const struct xfrm_migrate *m,
int num_bundles,
- const struct xfrm_kmaddress *k);
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap);
bool (*is_alive)(const struct km_event *c);
};
@@ -1675,7 +1676,8 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
#ifdef CONFIG_XFRM_MIGRATE
int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_bundles,
- const struct xfrm_kmaddress *k);
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap);
struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net);
struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
struct xfrm_migrate *m,
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 56df9fb..98c1ffb 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3508,7 +3508,8 @@ static int set_ipsecrequest(struct sk_buff *skb,
#ifdef CONFIG_NET_KEY_MIGRATE
static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_bundles,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap)
{
int i;
int sasize_sel;
@@ -3618,7 +3619,8 @@ static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
#else
static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_bundles,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap)
{
return -ENOPROTOOPT;
}
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index eaecfa4..7152147 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3337,7 +3337,7 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
}
/* Stage 5 - announce */
- km_migrate(sel, dir, type, m, num_migrate, k);
+ km_migrate(sel, dir, type, m, num_migrate, k, encap);
xfrm_pol_put(pol);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index ae6206b..3f1c4a0 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1966,7 +1966,8 @@ EXPORT_SYMBOL(km_policy_expired);
#ifdef CONFIG_XFRM_MIGRATE
int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap)
{
int err = -EINVAL;
int ret;
@@ -1975,7 +1976,8 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
rcu_read_lock();
list_for_each_entry_rcu(km, &xfrm_km_list, list) {
if (km->migrate) {
- ret = km->migrate(sel, dir, type, m, num_migrate, k);
+ ret = km->migrate(sel, dir, type, m, num_migrate, k,
+ encap);
if (!ret)
err = ret;
}
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index fb98892..6197c72 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2314,17 +2314,20 @@ static int copy_to_user_kmaddress(const struct xfrm_kmaddress *k, struct sk_buff
return nla_put(skb, XFRMA_KMADDRESS, sizeof(uk), &uk);
}
-static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma)
+static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma,
+ int with_encp)
{
return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id))
+ (with_kma ? nla_total_size(sizeof(struct xfrm_kmaddress)) : 0)
+ + (with_encp ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0)
+ nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate)
+ userpolicy_type_attrsize();
}
static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
int num_migrate, const struct xfrm_kmaddress *k,
- const struct xfrm_selector *sel, u8 dir, u8 type)
+ const struct xfrm_selector *sel,
+ const struct xfrm_encap_tmpl *encap, u8 dir, u8 type)
{
const struct xfrm_migrate *mp;
struct xfrm_userpolicy_id *pol_id;
@@ -2346,6 +2349,11 @@ static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
if (err)
goto out_cancel;
}
+ if (encap) {
+ err = nla_put(skb, XFRMA_ENCAP, sizeof(*encap), encap);
+ if (err)
+ goto out_cancel;
+ }
err = copy_to_user_policy_type(type, skb);
if (err)
goto out_cancel;
@@ -2365,17 +2373,19 @@ static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap)
{
struct net *net = &init_net;
struct sk_buff *skb;
- skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k), GFP_ATOMIC);
+ skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k, !!encap),
+ GFP_ATOMIC);
if (skb == NULL)
return -ENOMEM;
/* build migrate */
- if (build_migrate(skb, m, num_migrate, k, sel, dir, type) < 0)
+ if (build_migrate(skb, m, num_migrate, k, sel, encap, dir, type) < 0)
BUG();
return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE);
@@ -2383,7 +2393,8 @@ static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
#else
static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate,
- const struct xfrm_kmaddress *k)
+ const struct xfrm_kmaddress *k,
+ const struct xfrm_encap_tmpl *encap)
{
return -ENOPROTOOPT;
}
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v2 2/2] xfrm: add UDP encapsulation port in migrate message
2017-06-06 10:12 ` [PATCH v2 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
@ 2017-06-07 11:02 ` Steffen Klassert
0 siblings, 0 replies; 10+ messages in thread
From: Steffen Klassert @ 2017-06-07 11:02 UTC (permalink / raw)
To: Antony Antony; +Cc: netdev, Herbert Xu, David S . Miller, Richard Guy Briggs
On Tue, Jun 06, 2017 at 12:12:14PM +0200, Antony Antony wrote:
> Add XFRMA_ENCAP, UDP encapsulation port, to km_migrate announcement
> to userland. Only add if XFRMA_ENCAP was in user migrate request.
>
> Signed-off-by: Antony Antony <antony@phenome.org>
> Reviewed-by: Richard Guy Briggs <rgb@tricolour.ca>
Both patches applied to ipsec-next, thanks a lot!
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2017-06-07 11:02 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-05 21:56 [PATCH 0/2] add udp encapsulation port to xfrm_do_migrate Antony Antony
2017-06-05 21:56 ` [PATCH 1/2] xfrm: extend MIGRATE with UDP encapsulation port Antony Antony
2017-06-06 0:05 ` Richard Guy Briggs
2017-06-05 21:56 ` [PATCH 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
2017-06-06 0:05 ` Richard Guy Briggs
2017-06-06 4:53 ` kbuild test robot
2017-06-06 6:04 ` kbuild test robot
2017-06-06 10:12 ` [PATCH v2 1/2] xfrm: extend MIGRATE with UDP encapsulation port Antony Antony
2017-06-06 10:12 ` [PATCH v2 2/2] xfrm: add UDP encapsulation port in migrate message Antony Antony
2017-06-07 11:02 ` Steffen Klassert
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.