search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 4.14.168
[linux/fpc-iii.git] / net / xfrm / xfrm_replay.c
blobbdb9b5121ba888133c149e8474ad1913b254d288
1 /*
2 * xfrm_replay.c - xfrm replay detection, derived from xfrm_state.c.
3 *
4 * Copyright (C) 2010 secunet Security Networks AG
5 * Copyright (C) 2010 Steffen Klassert <steffen.klassert@secunet.com>
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms and conditions of the GNU General Public License,
9 * version 2, as published by the Free Software Foundation.
10 *
11 * This program is distributed in the hope it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
19 */
20
21 #include <linux/export.h>
22 #include <net/xfrm.h>
23
24 u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq)
25 {
26 u32 seq, seq_hi, bottom;
27 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
28
29 if (!(x->props.flags & XFRM_STATE_ESN))
30 return 0;
31
32 seq = ntohl(net_seq);
33 seq_hi = replay_esn->seq_hi;
34 bottom = replay_esn->seq - replay_esn->replay_window + 1;
35
36 if (likely(replay_esn->seq >= replay_esn->replay_window - 1)) {
37 /* A. same subspace */
38 if (unlikely(seq < bottom))
39 seq_hi++;
40 } else {
41 /* B. window spans two subspaces */
42 if (unlikely(seq >= bottom))
43 seq_hi--;
44 }
45
46 return seq_hi;
47 }
48 EXPORT_SYMBOL(xfrm_replay_seqhi);
49 ;
50 static void xfrm_replay_notify(struct xfrm_state *x, int event)
51 {
52 struct km_event c;
53 /* we send notify messages in case
54 * 1. we updated on of the sequence numbers, and the seqno difference
55 * is at least x->replay_maxdiff, in this case we also update the
56 * timeout of our timer function
57 * 2. if x->replay_maxage has elapsed since last update,
58 * and there were changes
59 *
60 * The state structure must be locked!
61 */
62
63 switch (event) {
64 case XFRM_REPLAY_UPDATE:
65 if (!x->replay_maxdiff ||
66 ((x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
67 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff))) {
68 if (x->xflags & XFRM_TIME_DEFER)
69 event = XFRM_REPLAY_TIMEOUT;
70 else
71 return;
72 }
73
74 break;
75
76 case XFRM_REPLAY_TIMEOUT:
77 if (memcmp(&x->replay, &x->preplay,
78 sizeof(struct xfrm_replay_state)) == 0) {
79 x->xflags |= XFRM_TIME_DEFER;
80 return;
81 }
82
83 break;
84 }
85
86 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
87 c.event = XFRM_MSG_NEWAE;
88 c.data.aevent = event;
89 km_state_notify(x, &c);
90
91 if (x->replay_maxage &&
92 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
93 x->xflags &= ~XFRM_TIME_DEFER;
94 }
95
96 static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
97 {
98 int err = 0;
99 struct net *net = xs_net(x);
100
101 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
102 XFRM_SKB_CB(skb)->seq.output.low = ++x->replay.oseq;
103 XFRM_SKB_CB(skb)->seq.output.hi = 0;
104 if (unlikely(x->replay.oseq == 0)) {
105 x->replay.oseq--;
106 xfrm_audit_state_replay_overflow(x, skb);
107 err = -EOVERFLOW;
108
109 return err;
110 }
111 if (xfrm_aevent_is_on(net))
112 x->repl->notify(x, XFRM_REPLAY_UPDATE);
113 }
114
115 return err;
116 }
117
118 static int xfrm_replay_check(struct xfrm_state *x,
119 struct sk_buff *skb, __be32 net_seq)
120 {
121 u32 diff;
122 u32 seq = ntohl(net_seq);
123
124 if (!x->props.replay_window)
125 return 0;
126
127 if (unlikely(seq == 0))
128 goto err;
129
130 if (likely(seq > x->replay.seq))
131 return 0;
132
133 diff = x->replay.seq - seq;
134 if (diff >= x->props.replay_window) {
135 x->stats.replay_window++;
136 goto err;
137 }
138
139 if (x->replay.bitmap & (1U << diff)) {
140 x->stats.replay++;
141 goto err;
142 }
143 return 0;
144
145 err:
146 xfrm_audit_state_replay(x, skb, net_seq);
147 return -EINVAL;
148 }
149
150 static void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
151 {
152 u32 diff;
153 u32 seq = ntohl(net_seq);
154
155 if (!x->props.replay_window)
156 return;
157
158 if (seq > x->replay.seq) {
159 diff = seq - x->replay.seq;
160 if (diff < x->props.replay_window)
161 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
162 else
163 x->replay.bitmap = 1;
164 x->replay.seq = seq;
165 } else {
166 diff = x->replay.seq - seq;
167 x->replay.bitmap |= (1U << diff);
168 }
169
170 if (xfrm_aevent_is_on(xs_net(x)))
171 x->repl->notify(x, XFRM_REPLAY_UPDATE);
172 }
173
174 static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb)
175 {
176 int err = 0;
177 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
178 struct net *net = xs_net(x);
179
180 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
181 XFRM_SKB_CB(skb)->seq.output.low = ++replay_esn->oseq;
182 XFRM_SKB_CB(skb)->seq.output.hi = 0;
183 if (unlikely(replay_esn->oseq == 0)) {
184 replay_esn->oseq--;
185 xfrm_audit_state_replay_overflow(x, skb);
186 err = -EOVERFLOW;
187
188 return err;
189 }
190 if (xfrm_aevent_is_on(net))
191 x->repl->notify(x, XFRM_REPLAY_UPDATE);
192 }
193
194 return err;
195 }
196
197 static int xfrm_replay_check_bmp(struct xfrm_state *x,
198 struct sk_buff *skb, __be32 net_seq)
199 {
200 unsigned int bitnr, nr;
201 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
202 u32 pos;
203 u32 seq = ntohl(net_seq);
204 u32 diff = replay_esn->seq - seq;
205
206 if (!replay_esn->replay_window)
207 return 0;
208
209 if (unlikely(seq == 0))
210 goto err;
211
212 if (likely(seq > replay_esn->seq))
213 return 0;
214
215 if (diff >= replay_esn->replay_window) {
216 x->stats.replay_window++;
217 goto err;
218 }
219
220 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
221
222 if (pos >= diff)
223 bitnr = (pos - diff) % replay_esn->replay_window;
224 else
225 bitnr = replay_esn->replay_window - (diff - pos);
226
227 nr = bitnr >> 5;
228 bitnr = bitnr & 0x1F;
229 if (replay_esn->bmp[nr] & (1U << bitnr))
230 goto err_replay;
231
232 return 0;
233
234 err_replay:
235 x->stats.replay++;
236 err:
237 xfrm_audit_state_replay(x, skb, net_seq);
238 return -EINVAL;
239 }
240
241 static void xfrm_replay_advance_bmp(struct xfrm_state *x, __be32 net_seq)
242 {
243 unsigned int bitnr, nr, i;
244 u32 diff;
245 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
246 u32 seq = ntohl(net_seq);
247 u32 pos;
248
249 if (!replay_esn->replay_window)
250 return;
251
252 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
253
254 if (seq > replay_esn->seq) {
255 diff = seq - replay_esn->seq;
256
257 if (diff < replay_esn->replay_window) {
258 for (i = 1; i < diff; i++) {
259 bitnr = (pos + i) % replay_esn->replay_window;
260 nr = bitnr >> 5;
261 bitnr = bitnr & 0x1F;
262 replay_esn->bmp[nr] &= ~(1U << bitnr);
263 }
264 } else {
265 nr = (replay_esn->replay_window - 1) >> 5;
266 for (i = 0; i <= nr; i++)
267 replay_esn->bmp[i] = 0;
268 }
269
270 bitnr = (pos + diff) % replay_esn->replay_window;
271 replay_esn->seq = seq;
272 } else {
273 diff = replay_esn->seq - seq;
274
275 if (pos >= diff)
276 bitnr = (pos - diff) % replay_esn->replay_window;
277 else
278 bitnr = replay_esn->replay_window - (diff - pos);
279 }
280
281 nr = bitnr >> 5;
282 bitnr = bitnr & 0x1F;
283 replay_esn->bmp[nr] |= (1U << bitnr);
284
285 if (xfrm_aevent_is_on(xs_net(x)))
286 x->repl->notify(x, XFRM_REPLAY_UPDATE);
287 }
288
289 static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event)
290 {
291 struct km_event c;
292 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
293 struct xfrm_replay_state_esn *preplay_esn = x->preplay_esn;
294
295 /* we send notify messages in case
296 * 1. we updated on of the sequence numbers, and the seqno difference
297 * is at least x->replay_maxdiff, in this case we also update the
298 * timeout of our timer function
299 * 2. if x->replay_maxage has elapsed since last update,
300 * and there were changes
301 *
302 * The state structure must be locked!
303 */
304
305 switch (event) {
306 case XFRM_REPLAY_UPDATE:
307 if (!x->replay_maxdiff ||
308 ((replay_esn->seq - preplay_esn->seq < x->replay_maxdiff) &&
309 (replay_esn->oseq - preplay_esn->oseq
310 < x->replay_maxdiff))) {
311 if (x->xflags & XFRM_TIME_DEFER)
312 event = XFRM_REPLAY_TIMEOUT;
313 else
314 return;
315 }
316
317 break;
318
319 case XFRM_REPLAY_TIMEOUT:
320 if (memcmp(x->replay_esn, x->preplay_esn,
321 xfrm_replay_state_esn_len(replay_esn)) == 0) {
322 x->xflags |= XFRM_TIME_DEFER;
323 return;
324 }
325
326 break;
327 }
328
329 memcpy(x->preplay_esn, x->replay_esn,
330 xfrm_replay_state_esn_len(replay_esn));
331 c.event = XFRM_MSG_NEWAE;
332 c.data.aevent = event;
333 km_state_notify(x, &c);
334
335 if (x->replay_maxage &&
336 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
337 x->xflags &= ~XFRM_TIME_DEFER;
338 }
339
340 static void xfrm_replay_notify_esn(struct xfrm_state *x, int event)
341 {
342 u32 seq_diff, oseq_diff;
343 struct km_event c;
344 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
345 struct xfrm_replay_state_esn *preplay_esn = x->preplay_esn;
346
347 /* we send notify messages in case
348 * 1. we updated on of the sequence numbers, and the seqno difference
349 * is at least x->replay_maxdiff, in this case we also update the
350 * timeout of our timer function
351 * 2. if x->replay_maxage has elapsed since last update,
352 * and there were changes
353 *
354 * The state structure must be locked!
355 */
356
357 switch (event) {
358 case XFRM_REPLAY_UPDATE:
359 if (x->replay_maxdiff) {
360 if (replay_esn->seq_hi == preplay_esn->seq_hi)
361 seq_diff = replay_esn->seq - preplay_esn->seq;
362 else
363 seq_diff = ~preplay_esn->seq + replay_esn->seq
364 + 1;
365
366 if (replay_esn->oseq_hi == preplay_esn->oseq_hi)
367 oseq_diff = replay_esn->oseq
368 - preplay_esn->oseq;
369 else
370 oseq_diff = ~preplay_esn->oseq
371 + replay_esn->oseq + 1;
372
373 if (seq_diff >= x->replay_maxdiff ||
374 oseq_diff >= x->replay_maxdiff)
375 break;
376 }
377
378 if (x->xflags & XFRM_TIME_DEFER)
379 event = XFRM_REPLAY_TIMEOUT;
380 else
381 return;
382
383 break;
384
385 case XFRM_REPLAY_TIMEOUT:
386 if (memcmp(x->replay_esn, x->preplay_esn,
387 xfrm_replay_state_esn_len(replay_esn)) == 0) {
388 x->xflags |= XFRM_TIME_DEFER;
389 return;
390 }
391
392 break;
393 }
394
395 memcpy(x->preplay_esn, x->replay_esn,
396 xfrm_replay_state_esn_len(replay_esn));
397 c.event = XFRM_MSG_NEWAE;
398 c.data.aevent = event;
399 km_state_notify(x, &c);
400
401 if (x->replay_maxage &&
402 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
403 x->xflags &= ~XFRM_TIME_DEFER;
404 }
405
406 static int xfrm_replay_overflow_esn(struct xfrm_state *x, struct sk_buff *skb)
407 {
408 int err = 0;
409 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
410 struct net *net = xs_net(x);
411
412 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
413 XFRM_SKB_CB(skb)->seq.output.low = ++replay_esn->oseq;
414 XFRM_SKB_CB(skb)->seq.output.hi = replay_esn->oseq_hi;
415
416 if (unlikely(replay_esn->oseq == 0)) {
417 XFRM_SKB_CB(skb)->seq.output.hi = ++replay_esn->oseq_hi;
418
419 if (replay_esn->oseq_hi == 0) {
420 replay_esn->oseq--;
421 replay_esn->oseq_hi--;
422 xfrm_audit_state_replay_overflow(x, skb);
423 err = -EOVERFLOW;
424
425 return err;
426 }
427 }
428 if (xfrm_aevent_is_on(net))
429 x->repl->notify(x, XFRM_REPLAY_UPDATE);
430 }
431
432 return err;
433 }
434
435 static int xfrm_replay_check_esn(struct xfrm_state *x,
436 struct sk_buff *skb, __be32 net_seq)
437 {
438 unsigned int bitnr, nr;
439 u32 diff;
440 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
441 u32 pos;
442 u32 seq = ntohl(net_seq);
443 u32 wsize = replay_esn->replay_window;
444 u32 top = replay_esn->seq;
445 u32 bottom = top - wsize + 1;
446
447 if (!wsize)
448 return 0;
449
450 if (unlikely(seq == 0 && replay_esn->seq_hi == 0 &&
451 (replay_esn->seq < replay_esn->replay_window - 1)))
452 goto err;
453
454 diff = top - seq;
455
456 if (likely(top >= wsize - 1)) {
457 /* A. same subspace */
458 if (likely(seq > top) || seq < bottom)
459 return 0;
460 } else {
461 /* B. window spans two subspaces */
462 if (likely(seq > top && seq < bottom))
463 return 0;
464 if (seq >= bottom)
465 diff = ~seq + top + 1;
466 }
467
468 if (diff >= replay_esn->replay_window) {
469 x->stats.replay_window++;
470 goto err;
471 }
472
473 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
474
475 if (pos >= diff)
476 bitnr = (pos - diff) % replay_esn->replay_window;
477 else
478 bitnr = replay_esn->replay_window - (diff - pos);
479
480 nr = bitnr >> 5;
481 bitnr = bitnr & 0x1F;
482 if (replay_esn->bmp[nr] & (1U << bitnr))
483 goto err_replay;
484
485 return 0;
486
487 err_replay:
488 x->stats.replay++;
489 err:
490 xfrm_audit_state_replay(x, skb, net_seq);
491 return -EINVAL;
492 }
493
494 static int xfrm_replay_recheck_esn(struct xfrm_state *x,
495 struct sk_buff *skb, __be32 net_seq)
496 {
497 if (unlikely(XFRM_SKB_CB(skb)->seq.input.hi !=
498 htonl(xfrm_replay_seqhi(x, net_seq)))) {
499 x->stats.replay_window++;
500 return -EINVAL;
501 }
502
503 return xfrm_replay_check_esn(x, skb, net_seq);
504 }
505
506 static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
507 {
508 unsigned int bitnr, nr, i;
509 int wrap;
510 u32 diff, pos, seq, seq_hi;
511 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
512
513 if (!replay_esn->replay_window)
514 return;
515
516 seq = ntohl(net_seq);
517 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
518 seq_hi = xfrm_replay_seqhi(x, net_seq);
519 wrap = seq_hi - replay_esn->seq_hi;
520
521 if ((!wrap && seq > replay_esn->seq) || wrap > 0) {
522 if (likely(!wrap))
523 diff = seq - replay_esn->seq;
524 else
525 diff = ~replay_esn->seq + seq + 1;
526
527 if (diff < replay_esn->replay_window) {
528 for (i = 1; i < diff; i++) {
529 bitnr = (pos + i) % replay_esn->replay_window;
530 nr = bitnr >> 5;
531 bitnr = bitnr & 0x1F;
532 replay_esn->bmp[nr] &= ~(1U << bitnr);
533 }
534 } else {
535 nr = (replay_esn->replay_window - 1) >> 5;
536 for (i = 0; i <= nr; i++)
537 replay_esn->bmp[i] = 0;
538 }
539
540 bitnr = (pos + diff) % replay_esn->replay_window;
541 replay_esn->seq = seq;
542
543 if (unlikely(wrap > 0))
544 replay_esn->seq_hi++;
545 } else {
546 diff = replay_esn->seq - seq;
547
548 if (pos >= diff)
549 bitnr = (pos - diff) % replay_esn->replay_window;
550 else
551 bitnr = replay_esn->replay_window - (diff - pos);
552 }
553
554 nr = bitnr >> 5;
555 bitnr = bitnr & 0x1F;
556 replay_esn->bmp[nr] |= (1U << bitnr);
557
558 if (xfrm_aevent_is_on(xs_net(x)))
559 x->repl->notify(x, XFRM_REPLAY_UPDATE);
560 }
561
562 #ifdef CONFIG_XFRM_OFFLOAD
563 static int xfrm_replay_overflow_offload(struct xfrm_state *x, struct sk_buff *skb)
564 {
565 int err = 0;
566 struct net *net = xs_net(x);
567 struct xfrm_offload *xo = xfrm_offload(skb);
568 __u32 oseq = x->replay.oseq;
569
570 if (!xo)
571 return xfrm_replay_overflow(x, skb);
572
573 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
574 if (!skb_is_gso(skb)) {
575 XFRM_SKB_CB(skb)->seq.output.low = ++oseq;
576 xo->seq.low = oseq;
577 } else {
578 XFRM_SKB_CB(skb)->seq.output.low = oseq + 1;
579 xo->seq.low = oseq + 1;
580 oseq += skb_shinfo(skb)->gso_segs;
581 }
582
583 XFRM_SKB_CB(skb)->seq.output.hi = 0;
584 xo->seq.hi = 0;
585 if (unlikely(oseq < x->replay.oseq)) {
586 xfrm_audit_state_replay_overflow(x, skb);
587 err = -EOVERFLOW;
588
589 return err;
590 }
591
592 x->replay.oseq = oseq;
593
594 if (xfrm_aevent_is_on(net))
595 x->repl->notify(x, XFRM_REPLAY_UPDATE);
596 }
597
598 return err;
599 }
600
601 static int xfrm_replay_overflow_offload_bmp(struct xfrm_state *x, struct sk_buff *skb)
602 {
603 int err = 0;
604 struct xfrm_offload *xo = xfrm_offload(skb);
605 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
606 struct net *net = xs_net(x);
607 __u32 oseq = replay_esn->oseq;
608
609 if (!xo)
610 return xfrm_replay_overflow_bmp(x, skb);
611
612 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
613 if (!skb_is_gso(skb)) {
614 XFRM_SKB_CB(skb)->seq.output.low = ++oseq;
615 xo->seq.low = oseq;
616 } else {
617 XFRM_SKB_CB(skb)->seq.output.low = oseq + 1;
618 xo->seq.low = oseq + 1;
619 oseq += skb_shinfo(skb)->gso_segs;
620 }
621
622 XFRM_SKB_CB(skb)->seq.output.hi = 0;
623 xo->seq.hi = 0;
624 if (unlikely(oseq < replay_esn->oseq)) {
625 xfrm_audit_state_replay_overflow(x, skb);
626 err = -EOVERFLOW;
627
628 return err;
629 } else {
630 replay_esn->oseq = oseq;
631 }
632
633 if (xfrm_aevent_is_on(net))
634 x->repl->notify(x, XFRM_REPLAY_UPDATE);
635 }
636
637 return err;
638 }
639
640 static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff *skb)
641 {
642 int err = 0;
643 struct xfrm_offload *xo = xfrm_offload(skb);
644 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
645 struct net *net = xs_net(x);
646 __u32 oseq = replay_esn->oseq;
647 __u32 oseq_hi = replay_esn->oseq_hi;
648
649 if (!xo)
650 return xfrm_replay_overflow_esn(x, skb);
651
652 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
653 if (!skb_is_gso(skb)) {
654 XFRM_SKB_CB(skb)->seq.output.low = ++oseq;
655 XFRM_SKB_CB(skb)->seq.output.hi = oseq_hi;
656 xo->seq.low = oseq;
657 xo->seq.hi = oseq_hi;
658 } else {
659 XFRM_SKB_CB(skb)->seq.output.low = oseq + 1;
660 XFRM_SKB_CB(skb)->seq.output.hi = oseq_hi;
661 xo->seq.low = oseq + 1;
662 xo->seq.hi = oseq_hi;
663 oseq += skb_shinfo(skb)->gso_segs;
664 }
665
666 if (unlikely(oseq < replay_esn->oseq)) {
667 XFRM_SKB_CB(skb)->seq.output.hi = ++oseq_hi;
668 xo->seq.hi = oseq_hi;
669 replay_esn->oseq_hi = oseq_hi;
670 if (replay_esn->oseq_hi == 0) {
671 replay_esn->oseq--;
672 replay_esn->oseq_hi--;
673 xfrm_audit_state_replay_overflow(x, skb);
674 err = -EOVERFLOW;
675
676 return err;
677 }
678 }
679
680 replay_esn->oseq = oseq;
681
682 if (xfrm_aevent_is_on(net))
683 x->repl->notify(x, XFRM_REPLAY_UPDATE);
684 }
685
686 return err;
687 }
688
689 static const struct xfrm_replay xfrm_replay_legacy = {
690 .advance = xfrm_replay_advance,
691 .check = xfrm_replay_check,
692 .recheck = xfrm_replay_check,
693 .notify = xfrm_replay_notify,
694 .overflow = xfrm_replay_overflow_offload,
695 };
696
697 static const struct xfrm_replay xfrm_replay_bmp = {
698 .advance = xfrm_replay_advance_bmp,
699 .check = xfrm_replay_check_bmp,
700 .recheck = xfrm_replay_check_bmp,
701 .notify = xfrm_replay_notify_bmp,
702 .overflow = xfrm_replay_overflow_offload_bmp,
703 };
704
705 static const struct xfrm_replay xfrm_replay_esn = {
706 .advance = xfrm_replay_advance_esn,
707 .check = xfrm_replay_check_esn,
708 .recheck = xfrm_replay_recheck_esn,
709 .notify = xfrm_replay_notify_esn,
710 .overflow = xfrm_replay_overflow_offload_esn,
711 };
712 #else
713 static const struct xfrm_replay xfrm_replay_legacy = {
714 .advance = xfrm_replay_advance,
715 .check = xfrm_replay_check,
716 .recheck = xfrm_replay_check,
717 .notify = xfrm_replay_notify,
718 .overflow = xfrm_replay_overflow,
719 };
720
721 static const struct xfrm_replay xfrm_replay_bmp = {
722 .advance = xfrm_replay_advance_bmp,
723 .check = xfrm_replay_check_bmp,
724 .recheck = xfrm_replay_check_bmp,
725 .notify = xfrm_replay_notify_bmp,
726 .overflow = xfrm_replay_overflow_bmp,
727 };
728
729 static const struct xfrm_replay xfrm_replay_esn = {
730 .advance = xfrm_replay_advance_esn,
731 .check = xfrm_replay_check_esn,
732 .recheck = xfrm_replay_recheck_esn,
733 .notify = xfrm_replay_notify_esn,
734 .overflow = xfrm_replay_overflow_esn,
735 };
736 #endif
737
738 int xfrm_init_replay(struct xfrm_state *x)
739 {
740 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
741
742 if (replay_esn) {
743 if (replay_esn->replay_window >
744 replay_esn->bmp_len * sizeof(__u32) * 8)
745 return -EINVAL;
746
747 if (x->props.flags & XFRM_STATE_ESN) {
748 if (replay_esn->replay_window == 0)
749 return -EINVAL;
750 x->repl = &xfrm_replay_esn;
751 } else {
752 x->repl = &xfrm_replay_bmp;
753 }
754 } else {
755 x->repl = &xfrm_replay_legacy;
756 }
757
758 return 0;
759 }
760 EXPORT_SYMBOL(xfrm_init_replay);
Linux with added FPC-III support