Lines Matching refs:net
110 possible_net_t net; member
170 xfrm_policy_inexact_lookup(struct net *net, u8 type, u16 family, u8 dir,
174 xfrm_policy_inexact_lookup_rcu(struct net *net,
250 struct dst_entry *__xfrm_dst_lookup(struct net *net, int tos, int oif, in __xfrm_dst_lookup() argument
262 dst = afinfo->dst_lookup(net, tos, oif, saddr, daddr, mark); in __xfrm_dst_lookup()
276 struct net *net = xs_net(x); in xfrm_dst_lookup() local
290 dst = __xfrm_dst_lookup(net, tos, oif, saddr, daddr, family, mark); in xfrm_dst_lookup()
384 struct xfrm_policy *xfrm_policy_alloc(struct net *net, gfp_t gfp) in xfrm_policy_alloc() argument
391 write_pnet(&policy->xp_net, net); in xfrm_policy_alloc()
450 static inline unsigned int idx_hash(struct net *net, u32 index) in idx_hash() argument
452 return __idx_hash(index, net->xfrm.policy_idx_hmask); in idx_hash()
456 static void __get_hash_thresh(struct net *net, in __get_hash_thresh() argument
462 *dbits = net->xfrm.policy_bydst[dir].dbits4; in __get_hash_thresh()
463 *sbits = net->xfrm.policy_bydst[dir].sbits4; in __get_hash_thresh()
467 *dbits = net->xfrm.policy_bydst[dir].dbits6; in __get_hash_thresh()
468 *sbits = net->xfrm.policy_bydst[dir].sbits6; in __get_hash_thresh()
477 static struct hlist_head *policy_hash_bysel(struct net *net, in policy_hash_bysel() argument
481 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask; in policy_hash_bysel()
486 __get_hash_thresh(net, family, dir, &dbits, &sbits); in policy_hash_bysel()
492 return rcu_dereference_check(net->xfrm.policy_bydst[dir].table, in policy_hash_bysel()
493 lockdep_is_held(&net->xfrm.xfrm_policy_lock)) + hash; in policy_hash_bysel()
496 static struct hlist_head *policy_hash_direct(struct net *net, in policy_hash_direct() argument
501 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask; in policy_hash_direct()
506 __get_hash_thresh(net, family, dir, &dbits, &sbits); in policy_hash_direct()
509 return rcu_dereference_check(net->xfrm.policy_bydst[dir].table, in policy_hash_direct()
510 lockdep_is_held(&net->xfrm.xfrm_policy_lock)) + hash; in policy_hash_direct()
513 static void xfrm_dst_hash_transfer(struct net *net, in xfrm_dst_hash_transfer() argument
529 __get_hash_thresh(net, pol->family, dir, &dbits, &sbits); in xfrm_dst_hash_transfer()
570 static void xfrm_bydst_resize(struct net *net, int dir) in xfrm_bydst_resize() argument
572 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask; in xfrm_bydst_resize()
582 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_bydst_resize()
585 odst = rcu_dereference_protected(net->xfrm.policy_bydst[dir].table, in xfrm_bydst_resize()
586 lockdep_is_held(&net->xfrm.xfrm_policy_lock)); in xfrm_bydst_resize()
589 xfrm_dst_hash_transfer(net, odst + i, ndst, nhashmask, dir); in xfrm_bydst_resize()
591 rcu_assign_pointer(net->xfrm.policy_bydst[dir].table, ndst); in xfrm_bydst_resize()
592 net->xfrm.policy_bydst[dir].hmask = nhashmask; in xfrm_bydst_resize()
595 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_bydst_resize()
602 static void xfrm_byidx_resize(struct net *net, int total) in xfrm_byidx_resize() argument
604 unsigned int hmask = net->xfrm.policy_idx_hmask; in xfrm_byidx_resize()
607 struct hlist_head *oidx = net->xfrm.policy_byidx; in xfrm_byidx_resize()
614 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_byidx_resize()
619 net->xfrm.policy_byidx = nidx; in xfrm_byidx_resize()
620 net->xfrm.policy_idx_hmask = nhashmask; in xfrm_byidx_resize()
622 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_byidx_resize()
627 static inline int xfrm_bydst_should_resize(struct net *net, int dir, int *total) in xfrm_bydst_should_resize() argument
629 unsigned int cnt = net->xfrm.policy_count[dir]; in xfrm_bydst_should_resize()
630 unsigned int hmask = net->xfrm.policy_bydst[dir].hmask; in xfrm_bydst_should_resize()
642 static inline int xfrm_byidx_should_resize(struct net *net, int total) in xfrm_byidx_should_resize() argument
644 unsigned int hmask = net->xfrm.policy_idx_hmask; in xfrm_byidx_should_resize()
653 void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si) in xfrm_spd_getinfo() argument
655 si->incnt = net->xfrm.policy_count[XFRM_POLICY_IN]; in xfrm_spd_getinfo()
656 si->outcnt = net->xfrm.policy_count[XFRM_POLICY_OUT]; in xfrm_spd_getinfo()
657 si->fwdcnt = net->xfrm.policy_count[XFRM_POLICY_FWD]; in xfrm_spd_getinfo()
658 si->inscnt = net->xfrm.policy_count[XFRM_POLICY_IN+XFRM_POLICY_MAX]; in xfrm_spd_getinfo()
659 si->outscnt = net->xfrm.policy_count[XFRM_POLICY_OUT+XFRM_POLICY_MAX]; in xfrm_spd_getinfo()
660 si->fwdscnt = net->xfrm.policy_count[XFRM_POLICY_FWD+XFRM_POLICY_MAX]; in xfrm_spd_getinfo()
661 si->spdhcnt = net->xfrm.policy_idx_hmask; in xfrm_spd_getinfo()
669 struct net *net = container_of(work, struct net, xfrm.policy_hash_work); in xfrm_hash_resize() local
676 if (xfrm_bydst_should_resize(net, dir, &total)) in xfrm_hash_resize()
677 xfrm_bydst_resize(net, dir); in xfrm_hash_resize()
679 if (xfrm_byidx_should_resize(net, total)) in xfrm_hash_resize()
680 xfrm_byidx_resize(net, total); in xfrm_hash_resize()
699 struct net *net = xp_net(pol); in xfrm_policy_inexact_alloc_bin() local
701 lockdep_assert_held(&net->xfrm.xfrm_policy_lock); in xfrm_policy_inexact_alloc_bin()
703 write_pnet(&k.net, net); in xfrm_policy_inexact_alloc_bin()
723 list_add(&bin->inexact_bins, &net->xfrm.inexact_bins); in xfrm_policy_inexact_alloc_bin()
823 static void xfrm_policy_inexact_list_reinsert(struct net *net, in xfrm_policy_inexact_list_reinsert() argument
833 list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) { in xfrm_policy_inexact_list_reinsert()
886 static void xfrm_policy_inexact_node_reinsert(struct net *net, in xfrm_policy_inexact_node_reinsert() argument
925 xfrm_policy_inexact_list_reinsert(net, node, family); in xfrm_policy_inexact_node_reinsert()
944 static void xfrm_policy_inexact_node_merge(struct net *net, in xfrm_policy_inexact_node_merge() argument
960 xfrm_policy_inexact_node_reinsert(net, node, &n->root, in xfrm_policy_inexact_node_merge()
969 xfrm_policy_inexact_list_reinsert(net, n, family); in xfrm_policy_inexact_node_merge()
973 xfrm_policy_inexact_insert_node(struct net *net, in xfrm_policy_inexact_insert_node() argument
1025 xfrm_policy_inexact_node_merge(net, node, in xfrm_policy_inexact_insert_node()
1092 struct net *net = read_pnet(&b->k.net); in xfrm_policy_inexact_prune_bin() local
1094 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_inexact_prune_bin()
1096 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_inexact_prune_bin()
1099 static void __xfrm_policy_inexact_flush(struct net *net) in __xfrm_policy_inexact_flush() argument
1103 lockdep_assert_held(&net->xfrm.xfrm_policy_lock); in __xfrm_policy_inexact_flush()
1105 list_for_each_entry_safe(bin, t, &net->xfrm.inexact_bins, inexact_bins) in __xfrm_policy_inexact_flush()
1114 struct net *net; in xfrm_policy_inexact_alloc_chain() local
1116 net = xp_net(policy); in xfrm_policy_inexact_alloc_chain()
1117 lockdep_assert_held(&net->xfrm.xfrm_policy_lock); in xfrm_policy_inexact_alloc_chain()
1126 n = xfrm_policy_inexact_insert_node(net, in xfrm_policy_inexact_alloc_chain()
1141 n = xfrm_policy_inexact_insert_node(net, in xfrm_policy_inexact_alloc_chain()
1157 n = xfrm_policy_inexact_insert_node(net, in xfrm_policy_inexact_alloc_chain()
1175 struct net *net; in xfrm_policy_inexact_insert() local
1181 net = xp_net(policy); in xfrm_policy_inexact_insert()
1182 lockdep_assert_held(&net->xfrm.xfrm_policy_lock); in xfrm_policy_inexact_insert()
1196 chain = &net->xfrm.policy_inexact[dir]; in xfrm_policy_inexact_insert()
1207 struct net *net = container_of(work, struct net, in xfrm_hash_rebuild() local
1224 seq = read_seqbegin(&net->xfrm.policy_hthresh.lock); in xfrm_hash_rebuild()
1226 lbits4 = net->xfrm.policy_hthresh.lbits4; in xfrm_hash_rebuild()
1227 rbits4 = net->xfrm.policy_hthresh.rbits4; in xfrm_hash_rebuild()
1228 lbits6 = net->xfrm.policy_hthresh.lbits6; in xfrm_hash_rebuild()
1229 rbits6 = net->xfrm.policy_hthresh.rbits6; in xfrm_hash_rebuild()
1230 } while (read_seqretry(&net->xfrm.policy_hthresh.lock, seq)); in xfrm_hash_rebuild()
1232 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_hash_rebuild()
1238 list_for_each_entry(policy, &net->xfrm.policy_all, walk.all) { in xfrm_hash_rebuild()
1281 &net->xfrm.policy_inexact[dir], in xfrm_hash_rebuild()
1287 hmask = net->xfrm.policy_bydst[dir].hmask; in xfrm_hash_rebuild()
1288 odst = net->xfrm.policy_bydst[dir].table; in xfrm_hash_rebuild()
1295 net->xfrm.policy_bydst[dir].dbits4 = rbits4; in xfrm_hash_rebuild()
1296 net->xfrm.policy_bydst[dir].sbits4 = lbits4; in xfrm_hash_rebuild()
1297 net->xfrm.policy_bydst[dir].dbits6 = rbits6; in xfrm_hash_rebuild()
1298 net->xfrm.policy_bydst[dir].sbits6 = lbits6; in xfrm_hash_rebuild()
1301 net->xfrm.policy_bydst[dir].dbits4 = lbits4; in xfrm_hash_rebuild()
1302 net->xfrm.policy_bydst[dir].sbits4 = rbits4; in xfrm_hash_rebuild()
1303 net->xfrm.policy_bydst[dir].dbits6 = lbits6; in xfrm_hash_rebuild()
1304 net->xfrm.policy_bydst[dir].sbits6 = rbits6; in xfrm_hash_rebuild()
1309 list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) { in xfrm_hash_rebuild()
1318 chain = policy_hash_bysel(net, &policy->selector, in xfrm_hash_rebuild()
1341 __xfrm_policy_inexact_flush(net); in xfrm_hash_rebuild()
1343 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_hash_rebuild()
1348 void xfrm_policy_hash_rebuild(struct net *net) in xfrm_policy_hash_rebuild() argument
1350 schedule_work(&net->xfrm.policy_hthresh.work); in xfrm_policy_hash_rebuild()
1356 static u32 xfrm_gen_index(struct net *net, int dir, u32 index) in xfrm_gen_index() argument
1376 list = net->xfrm.policy_byidx + idx_hash(net, idx); in xfrm_gen_index()
1451 return jhash_3words(a, k->if_id, net_hash_mix(read_pnet(&k->net)), in xfrm_pol_bin_key()
1469 if (!net_eq(read_pnet(&b->k.net), read_pnet(&key->net))) in xfrm_pol_bin_cmp()
1567 struct net *net = xp_net(policy); in xfrm_policy_insert() local
1571 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_insert()
1572 chain = policy_hash_bysel(net, &policy->selector, policy->family, dir); in xfrm_policy_insert()
1579 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_insert()
1587 rt_genid_bump_ipv4(net); in xfrm_policy_insert()
1589 rt_genid_bump_ipv6(net); in xfrm_policy_insert()
1595 policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir, policy->index); in xfrm_policy_insert()
1596 hlist_add_head(&policy->byidx, net->xfrm.policy_byidx+idx_hash(net, policy->index)); in xfrm_policy_insert()
1601 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_insert()
1605 else if (xfrm_bydst_should_resize(net, dir, NULL)) in xfrm_policy_insert()
1606 schedule_work(&net->xfrm.policy_hash_work); in xfrm_policy_insert()
1635 struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u32 if_id, in xfrm_policy_bysel_ctx() argument
1646 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_bysel_ctx()
1647 chain = policy_hash_bysel(net, sel, sel->family, dir); in xfrm_policy_bysel_ctx()
1652 bin = xfrm_policy_inexact_lookup(net, type, in xfrm_policy_bysel_ctx()
1655 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_bysel_ctx()
1662 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_bysel_ctx()
1689 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_bysel_ctx()
1696 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_bysel_ctx()
1706 struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u32 if_id, in xfrm_policy_byid() argument
1718 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_byid()
1719 chain = net->xfrm.policy_byidx + idx_hash(net, id); in xfrm_policy_byid()
1730 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_byid()
1739 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_byid()
1749 xfrm_policy_flush_secctx_check(struct net *net, u8 type, bool task_valid) in xfrm_policy_flush_secctx_check() argument
1754 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) { in xfrm_policy_flush_secctx_check()
1770 xfrm_policy_flush_secctx_check(struct net *net, u8 type, bool task_valid) in xfrm_policy_flush_secctx_check() argument
1776 int xfrm_policy_flush(struct net *net, u8 type, bool task_valid) in xfrm_policy_flush() argument
1781 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_flush()
1783 err = xfrm_policy_flush_secctx_check(net, type, task_valid); in xfrm_policy_flush()
1788 list_for_each_entry(pol, &net->xfrm.policy_all, walk.all) { in xfrm_policy_flush()
1796 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_flush()
1800 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_flush()
1804 __xfrm_policy_inexact_flush(net); in xfrm_policy_flush()
1808 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_flush()
1813 int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk, in xfrm_policy_walk() argument
1828 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_walk()
1830 x = list_first_entry(&net->xfrm.policy_all, struct xfrm_policy_walk_entry, all); in xfrm_policy_walk()
1835 list_for_each_entry_from(x, &net->xfrm.policy_all, all) { in xfrm_policy_walk()
1856 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_walk()
1870 void xfrm_policy_walk_done(struct xfrm_policy_walk *walk, struct net *net) in xfrm_policy_walk_done() argument
1875 spin_lock_bh(&net->xfrm.xfrm_policy_lock); /*FIXME where is net? */ in xfrm_policy_walk_done()
1877 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_walk_done()
1979 xfrm_policy_inexact_lookup_rcu(struct net *net, u8 type, u16 family, in xfrm_policy_inexact_lookup_rcu() argument
1989 write_pnet(&k.net, net); in xfrm_policy_inexact_lookup_rcu()
1996 xfrm_policy_inexact_lookup(struct net *net, u8 type, u16 family, in xfrm_policy_inexact_lookup() argument
2001 lockdep_assert_held(&net->xfrm.xfrm_policy_lock); in xfrm_policy_inexact_lookup()
2004 bin = xfrm_policy_inexact_lookup_rcu(net, type, family, dir, if_id); in xfrm_policy_inexact_lookup()
2074 static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type, in xfrm_policy_lookup_bytype() argument
2096 chain = policy_hash_direct(net, daddr, saddr, family, dir); in xfrm_policy_lookup_bytype()
2114 bin = xfrm_policy_inexact_lookup_rcu(net, type, family, dir, if_id); in xfrm_policy_lookup_bytype()
2139 static struct xfrm_policy *xfrm_policy_lookup(struct net *net, in xfrm_policy_lookup() argument
2146 pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_SUB, fl, family, in xfrm_policy_lookup()
2151 return xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN, fl, family, in xfrm_policy_lookup()
2201 struct net *net = xp_net(pol); in __xfrm_policy_link() local
2203 list_add(&pol->walk.all, &net->xfrm.policy_all); in __xfrm_policy_link()
2204 net->xfrm.policy_count[dir]++; in __xfrm_policy_link()
2211 struct net *net = xp_net(pol); in __xfrm_policy_unlink() local
2224 net->xfrm.policy_count[dir]--; in __xfrm_policy_unlink()
2241 struct net *net = xp_net(pol); in xfrm_policy_delete() local
2243 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_delete()
2245 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_delete()
2256 struct net *net = sock_net(sk); in xfrm_sk_policy_insert() local
2264 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_sk_policy_insert()
2266 lockdep_is_held(&net->xfrm.xfrm_policy_lock)); in xfrm_sk_policy_insert()
2269 pol->index = xfrm_gen_index(net, XFRM_POLICY_MAX+dir, 0); in xfrm_sk_policy_insert()
2282 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_sk_policy_insert()
2293 struct net *net = xp_net(old); in clone_policy() local
2314 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in clone_policy()
2316 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in clone_policy()
2345 xfrm_get_saddr(struct net *net, int oif, xfrm_address_t *local, in xfrm_get_saddr() argument
2353 err = afinfo->get_saddr(net, oif, local, remote, mark); in xfrm_get_saddr()
2364 struct net *net = xp_net(policy); in xfrm_tmpl_resolve_one() local
2382 error = xfrm_get_saddr(net, fl->flowi_oif, in xfrm_tmpl_resolve_one()
2465 static inline struct xfrm_dst *xfrm_alloc_dst(struct net *net, int family) in xfrm_alloc_dst() argument
2476 dst_ops = &net->xfrm.xfrm4_dst_ops; in xfrm_alloc_dst()
2480 dst_ops = &net->xfrm.xfrm6_dst_ops; in xfrm_alloc_dst()
2541 struct net *net = xp_net(policy); in xfrm_bundle_create() local
2562 struct xfrm_dst *xdst = xfrm_alloc_dst(net, family); in xfrm_bundle_create()
2719 struct net *net = xp_net(pols[0]); in xfrm_resolve_and_create_bundle() local
2733 XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR); in xfrm_resolve_and_create_bundle()
2739 XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTBUNDLEGENERROR); in xfrm_resolve_and_create_bundle()
2758 struct net *net = xp_net(pol); in xfrm_policy_queue_process() local
2775 dst = xfrm_lookup(net, xfrm_dst_path(dst), &fl, sk, XFRM_LOOKUP_QUEUE); in xfrm_policy_queue_process()
2805 dst = xfrm_lookup(net, xfrm_dst_path(skb_dst(skb)), &fl, skb->sk, 0); in xfrm_policy_queue_process()
2815 dst_output(net, skb->sk, skb); in xfrm_policy_queue_process()
2828 static int xdst_queue_output(struct net *net, struct sock *sk, struct sk_buff *skb) in xdst_queue_output() argument
2870 static struct xfrm_dst *xfrm_create_dummy_bundle(struct net *net, in xfrm_create_dummy_bundle() argument
2882 xdst = xfrm_alloc_dst(net, family); in xfrm_create_dummy_bundle()
2887 net->xfrm.sysctl_larval_drop || in xfrm_create_dummy_bundle()
2929 static struct xfrm_dst *xfrm_bundle_lookup(struct net *net, in xfrm_bundle_lookup() argument
2941 pols[0] = xfrm_policy_lookup(net, fl, family, dir, if_id); in xfrm_bundle_lookup()
2974 xdst = xfrm_create_dummy_bundle(net, xflo, fl, num_xfrms, family); in xfrm_bundle_lookup()
2986 XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR); in xfrm_bundle_lookup()
2992 static struct dst_entry *make_blackhole(struct net *net, u16 family, in make_blackhole() argument
3002 ret = afinfo->blackhole_route(net, dst_orig); in make_blackhole()
3017 struct dst_entry *xfrm_lookup_with_ifid(struct net *net, in xfrm_lookup_with_ifid() argument
3079 !net->xfrm.policy_count[XFRM_POLICY_OUT]) in xfrm_lookup_with_ifid()
3082 xdst = xfrm_bundle_lookup(net, fl, family, dir, &xflo, if_id); in xfrm_lookup_with_ifid()
3104 if (net->xfrm.sysctl_larval_drop) { in xfrm_lookup_with_ifid()
3105 XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES); in xfrm_lookup_with_ifid()
3112 XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES); in xfrm_lookup_with_ifid()
3131 XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLBLOCK); in xfrm_lookup_with_ifid()
3170 struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig, in xfrm_lookup() argument
3174 return xfrm_lookup_with_ifid(net, dst_orig, fl, sk, flags, 0); in xfrm_lookup()
3181 struct dst_entry *xfrm_lookup_route(struct net *net, struct dst_entry *dst_orig, in xfrm_lookup_route() argument
3185 struct dst_entry *dst = xfrm_lookup(net, dst_orig, fl, sk, in xfrm_lookup_route()
3190 return make_blackhole(net, dst_orig->ops->family, dst_orig); in xfrm_lookup_route()
3508 struct net *net = dev_net(skb->dev); in __xfrm_policy_check() local
3529 net = xi->net; in __xfrm_policy_check()
3538 XFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR); in __xfrm_policy_check()
3552 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH); in __xfrm_policy_check()
3563 XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR); in __xfrm_policy_check()
3569 pol = xfrm_policy_lookup(net, &fl, family, dir, if_id); in __xfrm_policy_check()
3572 XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR); in __xfrm_policy_check()
3579 XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOPOLS); in __xfrm_policy_check()
3591 pols[1] = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN, in __xfrm_policy_check()
3596 XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR); in __xfrm_policy_check()
3620 XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLBLOCK); in __xfrm_policy_check()
3624 XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR); in __xfrm_policy_check()
3648 XFRM_INC_STATS(net, LINUX_MIB_XFRMINTMPLMISMATCH); in __xfrm_policy_check()
3654 XFRM_INC_STATS(net, LINUX_MIB_XFRMINTMPLMISMATCH); in __xfrm_policy_check()
3661 XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLBLOCK); in __xfrm_policy_check()
3673 struct net *net = dev_net(skb->dev); in __xfrm_route_forward() local
3679 XFRM_INC_STATS(net, LINUX_MIB_XFRMFWDHDRERROR); in __xfrm_route_forward()
3685 XFRM_INC_STATS(net, LINUX_MIB_XFRMFWDHDRERROR); in __xfrm_route_forward()
3689 dst = xfrm_lookup(net, skb_dst(skb), &fl, NULL, XFRM_LOOKUP_QUEUE); in __xfrm_route_forward()
3978 static int __net_init xfrm_statistics_init(struct net *net) in xfrm_statistics_init() argument
3981 net->mib.xfrm_statistics = alloc_percpu(struct linux_xfrm_mib); in xfrm_statistics_init()
3982 if (!net->mib.xfrm_statistics) in xfrm_statistics_init()
3984 rv = xfrm_proc_init(net); in xfrm_statistics_init()
3986 free_percpu(net->mib.xfrm_statistics); in xfrm_statistics_init()
3990 static void xfrm_statistics_fini(struct net *net) in xfrm_statistics_fini() argument
3992 xfrm_proc_fini(net); in xfrm_statistics_fini()
3993 free_percpu(net->mib.xfrm_statistics); in xfrm_statistics_fini()
3996 static int __net_init xfrm_statistics_init(struct net *net) in xfrm_statistics_init() argument
4001 static void xfrm_statistics_fini(struct net *net) in xfrm_statistics_fini() argument
4006 static int __net_init xfrm_policy_init(struct net *net) in xfrm_policy_init() argument
4011 if (net_eq(net, &init_net)) { in xfrm_policy_init()
4024 net->xfrm.policy_byidx = xfrm_hash_alloc(sz); in xfrm_policy_init()
4025 if (!net->xfrm.policy_byidx) in xfrm_policy_init()
4027 net->xfrm.policy_idx_hmask = hmask; in xfrm_policy_init()
4032 net->xfrm.policy_count[dir] = 0; in xfrm_policy_init()
4033 net->xfrm.policy_count[XFRM_POLICY_MAX + dir] = 0; in xfrm_policy_init()
4034 INIT_HLIST_HEAD(&net->xfrm.policy_inexact[dir]); in xfrm_policy_init()
4036 htab = &net->xfrm.policy_bydst[dir]; in xfrm_policy_init()
4046 net->xfrm.policy_hthresh.lbits4 = 32; in xfrm_policy_init()
4047 net->xfrm.policy_hthresh.rbits4 = 32; in xfrm_policy_init()
4048 net->xfrm.policy_hthresh.lbits6 = 128; in xfrm_policy_init()
4049 net->xfrm.policy_hthresh.rbits6 = 128; in xfrm_policy_init()
4051 seqlock_init(&net->xfrm.policy_hthresh.lock); in xfrm_policy_init()
4053 INIT_LIST_HEAD(&net->xfrm.policy_all); in xfrm_policy_init()
4054 INIT_LIST_HEAD(&net->xfrm.inexact_bins); in xfrm_policy_init()
4055 INIT_WORK(&net->xfrm.policy_hash_work, xfrm_hash_resize); in xfrm_policy_init()
4056 INIT_WORK(&net->xfrm.policy_hthresh.work, xfrm_hash_rebuild); in xfrm_policy_init()
4063 htab = &net->xfrm.policy_bydst[dir]; in xfrm_policy_init()
4066 xfrm_hash_free(net->xfrm.policy_byidx, sz); in xfrm_policy_init()
4071 static void xfrm_policy_fini(struct net *net) in xfrm_policy_fini() argument
4077 flush_work(&net->xfrm.policy_hash_work); in xfrm_policy_fini()
4079 xfrm_policy_flush(net, XFRM_POLICY_TYPE_SUB, false); in xfrm_policy_fini()
4081 xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, false); in xfrm_policy_fini()
4083 WARN_ON(!list_empty(&net->xfrm.policy_all)); in xfrm_policy_fini()
4088 WARN_ON(!hlist_empty(&net->xfrm.policy_inexact[dir])); in xfrm_policy_fini()
4090 htab = &net->xfrm.policy_bydst[dir]; in xfrm_policy_fini()
4096 sz = (net->xfrm.policy_idx_hmask + 1) * sizeof(struct hlist_head); in xfrm_policy_fini()
4097 WARN_ON(!hlist_empty(net->xfrm.policy_byidx)); in xfrm_policy_fini()
4098 xfrm_hash_free(net->xfrm.policy_byidx, sz); in xfrm_policy_fini()
4100 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_fini()
4101 list_for_each_entry_safe(b, t, &net->xfrm.inexact_bins, inexact_bins) in xfrm_policy_fini()
4103 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_policy_fini()
4106 static int __net_init xfrm_net_init(struct net *net) in xfrm_net_init() argument
4111 spin_lock_init(&net->xfrm.xfrm_state_lock); in xfrm_net_init()
4112 spin_lock_init(&net->xfrm.xfrm_policy_lock); in xfrm_net_init()
4113 mutex_init(&net->xfrm.xfrm_cfg_mutex); in xfrm_net_init()
4115 rv = xfrm_statistics_init(net); in xfrm_net_init()
4118 rv = xfrm_state_init(net); in xfrm_net_init()
4121 rv = xfrm_policy_init(net); in xfrm_net_init()
4124 rv = xfrm_sysctl_init(net); in xfrm_net_init()
4131 xfrm_policy_fini(net); in xfrm_net_init()
4133 xfrm_state_fini(net); in xfrm_net_init()
4135 xfrm_statistics_fini(net); in xfrm_net_init()
4140 static void __net_exit xfrm_net_exit(struct net *net) in xfrm_net_exit() argument
4142 xfrm_sysctl_fini(net); in xfrm_net_exit()
4143 xfrm_policy_fini(net); in xfrm_net_exit()
4144 xfrm_state_fini(net); in xfrm_net_exit()
4145 xfrm_statistics_fini(net); in xfrm_net_exit()
4252 u8 dir, u8 type, struct net *net) in xfrm_migrate_policy_find() argument
4258 spin_lock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_migrate_policy_find()
4259 chain = policy_hash_direct(net, &sel->daddr, &sel->saddr, sel->family, dir); in xfrm_migrate_policy_find()
4268 chain = &net->xfrm.policy_inexact[dir]; in xfrm_migrate_policy_find()
4282 spin_unlock_bh(&net->xfrm.xfrm_policy_lock); in xfrm_migrate_policy_find()
4388 struct xfrm_kmaddress *k, struct net *net, in xfrm_migrate() argument
4408 if ((pol = xfrm_migrate_policy_find(sel, dir, type, net)) == NULL) { in xfrm_migrate()
4415 if ((x = xfrm_migrate_state_find(mp, net))) { in xfrm_migrate()