diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2011-03-08 01:08:32 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-03-14 04:22:30 +0100 |
commit | 9fdc4883d92d20842c5acea77a4a21bb1574b495 (patch) | |
tree | 87019e64093d90a4f2b42149231d0ad3a864c5f9 /net/xfrm/xfrm_input.c | |
parent | esp6: Add support for IPsec extended sequence numbers (diff) | |
download | linux-9fdc4883d92d20842c5acea77a4a21bb1574b495.tar.xz linux-9fdc4883d92d20842c5acea77a4a21bb1574b495.zip |
xfrm: Move IPsec replay detection functions to a separate file
To support multiple versions of replay detection, we move the replay
detection functions to a separate file and make them accessible
via function pointers contained in the struct xfrm_replay.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_input.c')
-rw-r--r-- | net/xfrm/xfrm_input.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index b173b7fdc433..55d5f5c3d119 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -172,7 +172,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) goto drop_unlock; } - if (x->props.replay_window && xfrm_replay_check(x, skb, seq)) { + if (x->props.replay_window && x->repl->check(x, skb, seq)) { XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); goto drop_unlock; } @@ -206,8 +206,7 @@ resume: /* only the first xfrm gets the encap type */ encap_type = 0; - if (x->props.replay_window) - xfrm_replay_advance(x, seq); + x->repl->advance(x, seq); x->curlft.bytes += skb->len; x->curlft.packets++; |