diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2011-03-08 01:08:32 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-03-14 04:22:30 +0100 |
commit | 9fdc4883d92d20842c5acea77a4a21bb1574b495 (patch) | |
tree | 87019e64093d90a4f2b42149231d0ad3a864c5f9 /net/xfrm/xfrm_output.c | |
parent | esp6: Add support for IPsec extended sequence numbers (diff) | |
download | linux-9fdc4883d92d20842c5acea77a4a21bb1574b495.tar.xz linux-9fdc4883d92d20842c5acea77a4a21bb1574b495.zip |
xfrm: Move IPsec replay detection functions to a separate file
To support multiple versions of replay detection, we move the replay
detection functions to a separate file and make them accessible
via function pointers contained in the struct xfrm_replay.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_output.c')
-rw-r--r-- | net/xfrm/xfrm_output.c | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c index 4b63776a0264..1aba03f449cc 100644 --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c @@ -67,17 +67,10 @@ static int xfrm_output_one(struct sk_buff *skb, int err) goto error; } - if (x->type->flags & XFRM_TYPE_REPLAY_PROT) { - XFRM_SKB_CB(skb)->seq.output.low = ++x->replay.oseq; - if (unlikely(x->replay.oseq == 0)) { - XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATESEQERROR); - x->replay.oseq--; - xfrm_audit_state_replay_overflow(x, skb); - err = -EOVERFLOW; - goto error; - } - if (xfrm_aevent_is_on(net)) - xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); + err = x->repl->overflow(x, skb); + if (err) { + XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATESEQERROR); + goto error; } x->curlft.bytes += skb->len; |