Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next...

[uclinux-h8/linux.git] / include / net / xfrm.h

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 0eb390c..7298a53 100644 (file)
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -577,6 +577,7 @@ struct xfrm_policy {
        /* This lock only affects elements except for entry. */
        rwlock_t                lock;
        refcount_t              refcnt;
+       u32                     pos;
        struct timer_list       timer;
 
        atomic_t                genid;
@@ -589,6 +590,7 @@ struct xfrm_policy {
        struct xfrm_lifetime_cur curlft;
        struct xfrm_policy_walk_entry walk;
        struct xfrm_policy_queue polq;
+       bool                    bydst_reinsert;
        u8                      type;
        u8                      action;
        u8                      flags;
@@ -596,6 +598,7 @@ struct xfrm_policy {
        u16                     family;
        struct xfrm_sec_ctx     *security;
        struct xfrm_tmpl        xfrm_vec[XFRM_MAX_DEPTH];
+       struct hlist_node       bydst_inexact_list;
        struct rcu_head         rcu;
 };
 
@@ -1093,7 +1096,6 @@ struct xfrm_offload {
 };
 
 struct sec_path {
-       refcount_t              refcnt;
        int                     len;
        int                     olen;
 
@@ -1101,41 +1103,13 @@ struct sec_path {
        struct xfrm_offload     ovec[XFRM_MAX_OFFLOAD_DEPTH];
 };
 
-static inline int secpath_exists(struct sk_buff *skb)
-{
-#ifdef CONFIG_XFRM
-       return skb->sp != NULL;
-#else
-       return 0;
-#endif
-}
-
-static inline struct sec_path *
-secpath_get(struct sec_path *sp)
-{
-       if (sp)
-               refcount_inc(&sp->refcnt);
-       return sp;
-}
-
-void __secpath_destroy(struct sec_path *sp);
-
-static inline void
-secpath_put(struct sec_path *sp)
-{
-       if (sp && refcount_dec_and_test(&sp->refcnt))
-               __secpath_destroy(sp);
-}
-
-struct sec_path *secpath_dup(struct sec_path *src);
-int secpath_set(struct sk_buff *skb);
+struct sec_path *secpath_set(struct sk_buff *skb);
 
 static inline void
 secpath_reset(struct sk_buff *skb)
 {
 #ifdef CONFIG_XFRM
-       secpath_put(skb->sp);
-       skb->sp = NULL;
+       skb_ext_del(skb, SKB_EXT_SEC_PATH);
 #endif
 }
 
@@ -1191,7 +1165,7 @@ static inline int __xfrm_policy_check2(struct sock *sk, int dir,
        if (sk && sk->sk_policy[XFRM_POLICY_IN])
                return __xfrm_policy_check(sk, ndir, skb, family);
 
-       return  (!net->xfrm.policy_count[dir] && !skb->sp) ||
+       return  (!net->xfrm.policy_count[dir] && !secpath_exists(skb)) ||
                (skb_dst(skb)->flags & DST_NOPOLICY) ||
                __xfrm_policy_check(sk, ndir, skb, family);
 }
@@ -1552,6 +1526,7 @@ int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
                    int (*func)(struct xfrm_state *, int, void*), void *);
 void xfrm_state_walk_done(struct xfrm_state_walk *walk, struct net *net);
 struct xfrm_state *xfrm_state_alloc(struct net *net);
+void xfrm_state_free(struct xfrm_state *x);
 struct xfrm_state *xfrm_state_find(const xfrm_address_t *daddr,
                                   const xfrm_address_t *saddr,
                                   const struct flowi *fl,
@@ -1902,14 +1877,16 @@ static inline void xfrm_states_delete(struct xfrm_state **states, int n)
 #ifdef CONFIG_XFRM
 static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb)
 {
-       return skb->sp->xvec[skb->sp->len - 1];
+       struct sec_path *sp = skb_sec_path(skb);
+
+       return sp->xvec[sp->len - 1];
 }
 #endif
 
 static inline struct xfrm_offload *xfrm_offload(struct sk_buff *skb)
 {
 #ifdef CONFIG_XFRM
-       struct sec_path *sp = skb->sp;
+       struct sec_path *sp = skb_sec_path(skb);
 
        if (!sp || !sp->olen || sp->len != sp->olen)
                return NULL;
@@ -1967,7 +1944,7 @@ static inline void xfrm_dev_state_delete(struct xfrm_state *x)
 static inline void xfrm_dev_state_free(struct xfrm_state *x)
 {
        struct xfrm_state_offload *xso = &x->xso;
-        struct net_device *dev = xso->dev;
+       struct net_device *dev = xso->dev;
 
        if (dev && dev->xfrmdev_ops) {
                if (dev->xfrmdev_ops->xdo_dev_state_free)