leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

xfrm: rework default policy structure

Browse Source 
This is a follow up of commit f8d858e607 ("xfrm: make user policy API
complete"). The goal is to align userland API to the internal structures.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Reviewed-by:  Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
Nicolas Dichtel
2022-03-14 11:38:22 +01:00
committed by Steffen Klassert
parent 2ecda18168
commit b58b1f563a
4 changed files with 44 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
net/xfrm/xfrm_user.c
View File

@@ -2009,12 +2009,9 @@ static int xfrm_notify_userpolicy(struct net *net)
}
up = nlmsg_data(nlh);
up->in = net->xfrm.policy_default & XFRM_POL_DEFAULT_IN ?
XFRM_USERPOLICY_BLOCK : XFRM_USERPOLICY_ACCEPT;
up->fwd = net->xfrm.policy_default & XFRM_POL_DEFAULT_FWD ?
XFRM_USERPOLICY_BLOCK : XFRM_USERPOLICY_ACCEPT;
up->out = net->xfrm.policy_default & XFRM_POL_DEFAULT_OUT ?
XFRM_USERPOLICY_BLOCK : XFRM_USERPOLICY_ACCEPT;
up->in = net->xfrm.policy_default[XFRM_POLICY_IN];
up->fwd = net->xfrm.policy_default[XFRM_POLICY_FWD];
up->out = net->xfrm.policy_default[XFRM_POLICY_OUT];
nlmsg_end(skb, nlh);
@@ -2025,26 +2022,26 @@ static int xfrm_notify_userpolicy(struct net *net)
return err;
}
static bool xfrm_userpolicy_is_valid(__u8 policy)
{
return policy == XFRM_USERPOLICY_BLOCK ||
policy == XFRM_USERPOLICY_ACCEPT;
}
static int xfrm_set_default(struct sk_buff *skb, struct nlmsghdr *nlh,
struct nlattr **attrs)
{
struct net *net = sock_net(skb->sk);
struct xfrm_userpolicy_default *up = nlmsg_data(nlh);
if (up->in == XFRM_USERPOLICY_BLOCK)
net->xfrm.policy_default |= XFRM_POL_DEFAULT_IN;
else if (up->in == XFRM_USERPOLICY_ACCEPT)
net->xfrm.policy_default &= ~XFRM_POL_DEFAULT_IN;
if (xfrm_userpolicy_is_valid(up->in))
net->xfrm.policy_default[XFRM_POLICY_IN] = up->in;
if (up->fwd == XFRM_USERPOLICY_BLOCK)
net->xfrm.policy_default |= XFRM_POL_DEFAULT_FWD;
else if (up->fwd == XFRM_USERPOLICY_ACCEPT)
net->xfrm.policy_default &= ~XFRM_POL_DEFAULT_FWD;
if (xfrm_userpolicy_is_valid(up->fwd))
net->xfrm.policy_default[XFRM_POLICY_FWD] = up->fwd;
if (up->out == XFRM_USERPOLICY_BLOCK)
net->xfrm.policy_default |= XFRM_POL_DEFAULT_OUT;
else if (up->out == XFRM_USERPOLICY_ACCEPT)
net->xfrm.policy_default &= ~XFRM_POL_DEFAULT_OUT;
if (xfrm_userpolicy_is_valid(up->out))
net->xfrm.policy_default[XFRM_POLICY_OUT] = up->out;
rt_genid_bump_all(net);
@@ -2074,13 +2071,9 @@ static int xfrm_get_default(struct sk_buff *skb, struct nlmsghdr *nlh,
}
r_up = nlmsg_data(r_nlh);
r_up->in = net->xfrm.policy_default & XFRM_POL_DEFAULT_IN ?
XFRM_USERPOLICY_BLOCK : XFRM_USERPOLICY_ACCEPT;
r_up->fwd = net->xfrm.policy_default & XFRM_POL_DEFAULT_FWD ?
XFRM_USERPOLICY_BLOCK : XFRM_USERPOLICY_ACCEPT;
r_up->out = net->xfrm.policy_default & XFRM_POL_DEFAULT_OUT ?
XFRM_USERPOLICY_BLOCK : XFRM_USERPOLICY_ACCEPT;
r_up->in = net->xfrm.policy_default[XFRM_POLICY_IN];
r_up->fwd = net->xfrm.policy_default[XFRM_POLICY_FWD];
r_up->out = net->xfrm.policy_default[XFRM_POLICY_OUT];
nlmsg_end(r_skb, r_nlh);
return nlmsg_unicast(net->xfrm.nlsk, r_skb, portid);