Commit 1cf9a3ae authored by Sabrina Dubroca's avatar Sabrina Dubroca Committed by Steffen Klassert

xfrm: add extack support to xfrm_init_replay

Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent 741f9a10
...@@ -1580,7 +1580,7 @@ int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_vali ...@@ -1580,7 +1580,7 @@ int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_vali
void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si); void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si);
void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si); void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si);
u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq); u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq);
int xfrm_init_replay(struct xfrm_state *x); int xfrm_init_replay(struct xfrm_state *x, struct netlink_ext_ack *extack);
u32 xfrm_state_mtu(struct xfrm_state *x, int mtu); u32 xfrm_state_mtu(struct xfrm_state *x, int mtu);
int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload, int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload,
struct netlink_ext_ack *extack); struct netlink_ext_ack *extack);
......
...@@ -766,18 +766,22 @@ int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb) ...@@ -766,18 +766,22 @@ int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
} }
#endif #endif
int xfrm_init_replay(struct xfrm_state *x) int xfrm_init_replay(struct xfrm_state *x, struct netlink_ext_ack *extack)
{ {
struct xfrm_replay_state_esn *replay_esn = x->replay_esn; struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
if (replay_esn) { if (replay_esn) {
if (replay_esn->replay_window > if (replay_esn->replay_window >
replay_esn->bmp_len * sizeof(__u32) * 8) replay_esn->bmp_len * sizeof(__u32) * 8) {
NL_SET_ERR_MSG(extack, "ESN replay window is too large for the chosen bitmap size");
return -EINVAL; return -EINVAL;
}
if (x->props.flags & XFRM_STATE_ESN) { if (x->props.flags & XFRM_STATE_ESN) {
if (replay_esn->replay_window == 0) if (replay_esn->replay_window == 0) {
NL_SET_ERR_MSG(extack, "ESN replay window must be > 0");
return -EINVAL; return -EINVAL;
}
x->repl_mode = XFRM_REPLAY_MODE_ESN; x->repl_mode = XFRM_REPLAY_MODE_ESN;
} else { } else {
x->repl_mode = XFRM_REPLAY_MODE_BMP; x->repl_mode = XFRM_REPLAY_MODE_BMP;
......
...@@ -2686,7 +2686,7 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload, ...@@ -2686,7 +2686,7 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload,
x->outer_mode = *outer_mode; x->outer_mode = *outer_mode;
if (init_replay) { if (init_replay) {
err = xfrm_init_replay(x); err = xfrm_init_replay(x, extack);
if (err) if (err)
goto error; goto error;
} }
......
...@@ -741,7 +741,7 @@ static struct xfrm_state *xfrm_state_construct(struct net *net, ...@@ -741,7 +741,7 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
/* sysctl_xfrm_aevent_etime is in 100ms units */ /* sysctl_xfrm_aevent_etime is in 100ms units */
x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M; x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M;
if ((err = xfrm_init_replay(x))) if ((err = xfrm_init_replay(x, extack)))
goto error; goto error;
/* override default values from above */ /* override default values from above */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment