struct tcp_ao_key *(*ao_lookup)(const struct sock *sk,
struct sock *addr_sk,
int sndid, int rcvid);
- int (*ao_calc_key_sk)(struct tcp_ao_key *mkt, u8 *key,
- const struct sock *sk,
- __be32 sisn, __be32 disn, bool send);
+ void (*ao_calc_key_sk)(struct tcp_ao_key *mkt, u8 *key,
+ const struct sock *sk,
+ __be32 sisn, __be32 disn, bool send);
int (*calc_ao_hash)(char *location, struct tcp_ao_key *ao,
const struct sock *sk, const struct sk_buff *skb,
const u8 *tkey, int hash_offset, u32 sne);
struct tcp_ao_key *(*ao_lookup)(const struct sock *sk,
struct request_sock *req,
int sndid, int rcvid);
- int (*ao_calc_key)(struct tcp_ao_key *mkt, u8 *key, struct request_sock *sk);
+ void (*ao_calc_key)(struct tcp_ao_key *mkt, u8 *key, struct request_sock *sk);
int (*ao_synack_hash)(char *ao_hash, struct tcp_ao_key *mkt,
struct request_sock *req, const struct sk_buff *skb,
int hash_offset, u32 sne);
#define TCP_AO_ESTABLISHED (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_FIN_WAIT2 | \
TCPF_CLOSE_WAIT | TCPF_LAST_ACK | TCPF_CLOSING)
-int tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
- struct tcp_ao_key *key, struct tcphdr *th,
- __u8 *hash_location);
+void tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
+ struct tcp_ao_key *key, struct tcphdr *th,
+ __u8 *hash_location);
void tcp_ao_mac_update(struct tcp_ao_mac_ctx *mac_ctx, const void *data,
size_t data_len);
int tcp_ao_hash_skb(unsigned short int family,
int tcp_v4_ao_synack_hash(char *ao_hash, struct tcp_ao_key *mkt,
struct request_sock *req, const struct sk_buff *skb,
int hash_offset, u32 sne);
-int tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
- const struct sock *sk,
- __be32 sisn, __be32 disn, bool send);
-int tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
- struct request_sock *req);
+void tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
+ const struct sock *sk,
+ __be32 sisn, __be32 disn, bool send);
+void tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
+ struct request_sock *req);
struct tcp_ao_key *tcp_v4_ao_lookup_rsk(const struct sock *sk,
struct request_sock *req,
int sndid, int rcvid);
const struct sock *sk, const struct sk_buff *skb,
const u8 *tkey, int hash_offset, u32 sne);
/* ipv6 specific functions */
-int tcp_v6_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx,
- const struct in6_addr *daddr,
- const struct in6_addr *saddr, int nbytes);
-int tcp_v6_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
- const struct sk_buff *skb, __be32 sisn, __be32 disn);
-int tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
- const struct sock *sk, __be32 sisn,
- __be32 disn, bool send);
-int tcp_v6_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
- struct request_sock *req);
+void tcp_v6_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx,
+ const struct in6_addr *daddr,
+ const struct in6_addr *saddr, int nbytes);
+void tcp_v6_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
+ const struct sk_buff *skb, __be32 sisn,
+ __be32 disn);
+void tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
+ const struct sock *sk, __be32 sisn,
+ __be32 disn, bool send);
+void tcp_v6_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
+ struct request_sock *req);
struct tcp_ao_key *tcp_v6_ao_lookup(const struct sock *sk,
struct sock *addr_sk, int sndid, int rcvid);
struct tcp_ao_key *tcp_v6_ao_lookup_rsk(const struct sock *sk,
struct request_sock *req, unsigned short int family);
#else /* CONFIG_TCP_AO */
-static inline int tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
- struct tcp_ao_key *key, struct tcphdr *th,
- __u8 *hash_location)
+static inline void tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
+ struct tcp_ao_key *key,
+ struct tcphdr *th, __u8 *hash_location)
{
- return 0;
}
static inline void tcp_ao_syncookie(struct sock *sk, const struct sk_buff *skb,
}
/* 4 tuple and ISNs are expected in NBO */
-static int tcp_v4_ao_calc_key(struct tcp_ao_key *mkt, u8 *key,
- __be32 saddr, __be32 daddr,
- __be16 sport, __be16 dport,
- __be32 sisn, __be32 disn)
+static void tcp_v4_ao_calc_key(struct tcp_ao_key *mkt, u8 *key,
+ __be32 saddr, __be32 daddr,
+ __be16 sport, __be16 dport,
+ __be32 sisn, __be32 disn)
{
/* See RFC5926 3.1.1 */
struct kdf_input_block {
};
tcp_ao_calc_traffic_key(mkt, key, &input, sizeof(input));
- return 0;
}
-int tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
- const struct sock *sk,
- __be32 sisn, __be32 disn, bool send)
+void tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
+ const struct sock *sk,
+ __be32 sisn, __be32 disn, bool send)
{
if (send)
- return tcp_v4_ao_calc_key(mkt, key, sk->sk_rcv_saddr,
- sk->sk_daddr, htons(sk->sk_num),
- sk->sk_dport, sisn, disn);
+ tcp_v4_ao_calc_key(mkt, key, sk->sk_rcv_saddr, sk->sk_daddr,
+ htons(sk->sk_num), sk->sk_dport, sisn, disn);
else
- return tcp_v4_ao_calc_key(mkt, key, sk->sk_daddr,
- sk->sk_rcv_saddr, sk->sk_dport,
- htons(sk->sk_num), disn, sisn);
+ tcp_v4_ao_calc_key(mkt, key, sk->sk_daddr, sk->sk_rcv_saddr,
+ sk->sk_dport, htons(sk->sk_num), disn, sisn);
}
static int tcp_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
const struct sock *sk,
__be32 sisn, __be32 disn, bool send)
{
- if (mkt->family == AF_INET)
- return tcp_v4_ao_calc_key_sk(mkt, key, sk, sisn, disn, send);
+ if (mkt->family == AF_INET) {
+ tcp_v4_ao_calc_key_sk(mkt, key, sk, sisn, disn, send);
+ return 0;
+ }
#if IS_ENABLED(CONFIG_IPV6)
- else if (mkt->family == AF_INET6)
- return tcp_v6_ao_calc_key_sk(mkt, key, sk, sisn, disn, send);
+ if (mkt->family == AF_INET6) {
+ tcp_v6_ao_calc_key_sk(mkt, key, sk, sisn, disn, send);
+ return 0;
+ }
#endif
- else
- return -EOPNOTSUPP;
+ return -EOPNOTSUPP;
}
-int tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
- struct request_sock *req)
+void tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
+ struct request_sock *req)
{
struct inet_request_sock *ireq = inet_rsk(req);
- return tcp_v4_ao_calc_key(mkt, key,
- ireq->ir_loc_addr, ireq->ir_rmt_addr,
- htons(ireq->ir_num), ireq->ir_rmt_port,
- htonl(tcp_rsk(req)->snt_isn),
- htonl(tcp_rsk(req)->rcv_isn));
+ tcp_v4_ao_calc_key(mkt, key, ireq->ir_loc_addr, ireq->ir_rmt_addr,
+ htons(ireq->ir_num), ireq->ir_rmt_port,
+ htonl(tcp_rsk(req)->snt_isn),
+ htonl(tcp_rsk(req)->rcv_isn));
}
-static int tcp_v4_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
- const struct sk_buff *skb,
- __be32 sisn, __be32 disn)
+static void tcp_v4_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
+ const struct sk_buff *skb,
+ __be32 sisn, __be32 disn)
{
const struct iphdr *iph = ip_hdr(skb);
const struct tcphdr *th = tcp_hdr(skb);
- return tcp_v4_ao_calc_key(mkt, key, iph->saddr, iph->daddr,
- th->source, th->dest, sisn, disn);
+ tcp_v4_ao_calc_key(mkt, key, iph->saddr, iph->daddr, th->source,
+ th->dest, sisn, disn);
}
static int tcp_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
const struct sk_buff *skb,
__be32 sisn, __be32 disn, int family)
{
- if (family == AF_INET)
- return tcp_v4_ao_calc_key_skb(mkt, key, skb, sisn, disn);
+ if (family == AF_INET) {
+ tcp_v4_ao_calc_key_skb(mkt, key, skb, sisn, disn);
+ return 0;
+ }
#if IS_ENABLED(CONFIG_IPV6)
- else if (family == AF_INET6)
- return tcp_v6_ao_calc_key_skb(mkt, key, skb, sisn, disn);
+ if (family == AF_INET6) {
+ tcp_v6_ao_calc_key_skb(mkt, key, skb, sisn, disn);
+ return 0;
+ }
#endif
return -EAFNOSUPPORT;
}
-static int tcp_v4_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx,
- __be32 daddr, __be32 saddr,
- int nbytes)
+static void tcp_v4_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx,
+ __be32 daddr, __be32 saddr, int nbytes)
{
struct tcp4_pseudohdr phdr = {
.saddr = saddr,
};
tcp_ao_mac_update(mac_ctx, &phdr, sizeof(phdr));
- return 0;
}
static int tcp_ao_hash_pseudoheader(unsigned short int family,
/* TODO: Can we rely on checksum being zero to mean outbound pkt? */
if (!th->check) {
- if (family == AF_INET)
- return tcp_v4_ao_hash_pseudoheader(mac_ctx, sk->sk_daddr,
- sk->sk_rcv_saddr, skb->len);
+ if (family == AF_INET) {
+ tcp_v4_ao_hash_pseudoheader(mac_ctx, sk->sk_daddr,
+ sk->sk_rcv_saddr, skb->len);
+ return 0;
+ }
#if IS_ENABLED(CONFIG_IPV6)
- else if (family == AF_INET6)
- return tcp_v6_ao_hash_pseudoheader(mac_ctx, &sk->sk_v6_daddr,
- &sk->sk_v6_rcv_saddr, skb->len);
+ if (family == AF_INET6) {
+ tcp_v6_ao_hash_pseudoheader(mac_ctx, &sk->sk_v6_daddr,
+ &sk->sk_v6_rcv_saddr,
+ skb->len);
+ return 0;
+ }
#endif
- else
- return -EAFNOSUPPORT;
+ return -EAFNOSUPPORT;
}
if (family == AF_INET) {
const struct iphdr *iph = ip_hdr(skb);
- return tcp_v4_ao_hash_pseudoheader(mac_ctx, iph->daddr,
- iph->saddr, skb->len);
+ tcp_v4_ao_hash_pseudoheader(mac_ctx, iph->daddr, iph->saddr,
+ skb->len);
+ return 0;
+ }
#if IS_ENABLED(CONFIG_IPV6)
- } else if (family == AF_INET6) {
+ if (family == AF_INET6) {
const struct ipv6hdr *iph = ipv6_hdr(skb);
- return tcp_v6_ao_hash_pseudoheader(mac_ctx, &iph->daddr,
- &iph->saddr, skb->len);
-#endif
+ tcp_v6_ao_hash_pseudoheader(mac_ctx, &iph->daddr, &iph->saddr,
+ skb->len);
+ return 0;
}
+#endif
return -EAFNOSUPPORT;
}
int hash_offset, u32 sne)
{
u8 tkey_buf[TCP_AO_MAX_TRAFFIC_KEY_LEN];
- int err;
- err = tcp_v4_ao_calc_key_rsk(ao_key, tkey_buf, req);
- if (err)
- return err;
+ tcp_v4_ao_calc_key_rsk(ao_key, tkey_buf, req);
return tcp_ao_hash_skb(AF_INET, ao_hash, ao_key, req_to_sk(req), skb,
tkey_buf, hash_offset, sne);
return 0;
}
-int tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
- struct tcp_ao_key *key, struct tcphdr *th,
- __u8 *hash_location)
+void tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
+ struct tcp_ao_key *key, struct tcphdr *th,
+ __u8 *hash_location)
{
struct tcp_skb_cb *tcb = TCP_SKB_CB(skb);
u8 tkey_buf[TCP_AO_MAX_TRAFFIC_KEY_LEN];
ntohl(th->seq));
tp->af_specific->calc_ao_hash(hash_location, key, sk, skb, traffic_key,
hash_location - (u8 *)th, sne);
- return 0;
}
static struct tcp_ao_key *tcp_ao_inbound_lookup(unsigned short int family,
key.md5_key, sk, skb);
#endif
} else if (tcp_key_is_ao(&key)) {
- int err;
-
- err = tcp_ao_transmit_skb(sk, skb, key.ao_key, th,
- opts.hash_location);
- if (err) {
- sk_skb_reason_drop(sk, skb, SKB_DROP_REASON_NOT_SPECIFIED);
- return -ENOMEM;
- }
+ tcp_ao_transmit_skb(sk, skb, key.ao_key, th,
+ opts.hash_location);
}
/* BPF prog is the last one writing header option */
#include <net/tcp.h>
#include <net/ipv6.h>
-static int tcp_v6_ao_calc_key(struct tcp_ao_key *mkt, u8 *key,
- const struct in6_addr *saddr,
- const struct in6_addr *daddr,
- __be16 sport, __be16 dport,
- __be32 sisn, __be32 disn)
+static void tcp_v6_ao_calc_key(struct tcp_ao_key *mkt, u8 *key,
+ const struct in6_addr *saddr,
+ const struct in6_addr *daddr,
+ __be16 sport, __be16 dport,
+ __be32 sisn, __be32 disn)
{
struct kdf_input_block {
u8 counter;
};
tcp_ao_calc_traffic_key(mkt, key, &input, sizeof(input));
- return 0;
}
-int tcp_v6_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
- const struct sk_buff *skb,
- __be32 sisn, __be32 disn)
+void tcp_v6_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
+ const struct sk_buff *skb, __be32 sisn, __be32 disn)
{
const struct ipv6hdr *iph = ipv6_hdr(skb);
const struct tcphdr *th = tcp_hdr(skb);
- return tcp_v6_ao_calc_key(mkt, key, &iph->saddr,
- &iph->daddr, th->source,
- th->dest, sisn, disn);
+ tcp_v6_ao_calc_key(mkt, key, &iph->saddr, &iph->daddr, th->source,
+ th->dest, sisn, disn);
}
-int tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
- const struct sock *sk, __be32 sisn,
- __be32 disn, bool send)
+void tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
+ const struct sock *sk, __be32 sisn,
+ __be32 disn, bool send)
{
if (send)
- return tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_rcv_saddr,
- &sk->sk_v6_daddr, htons(sk->sk_num),
- sk->sk_dport, sisn, disn);
+ tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_rcv_saddr,
+ &sk->sk_v6_daddr, htons(sk->sk_num),
+ sk->sk_dport, sisn, disn);
else
- return tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_daddr,
- &sk->sk_v6_rcv_saddr, sk->sk_dport,
- htons(sk->sk_num), disn, sisn);
+ tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_daddr,
+ &sk->sk_v6_rcv_saddr, sk->sk_dport,
+ htons(sk->sk_num), disn, sisn);
}
-int tcp_v6_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
- struct request_sock *req)
+void tcp_v6_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
+ struct request_sock *req)
{
struct inet_request_sock *ireq = inet_rsk(req);
- return tcp_v6_ao_calc_key(mkt, key,
- &ireq->ir_v6_loc_addr, &ireq->ir_v6_rmt_addr,
- htons(ireq->ir_num), ireq->ir_rmt_port,
- htonl(tcp_rsk(req)->snt_isn),
- htonl(tcp_rsk(req)->rcv_isn));
+ tcp_v6_ao_calc_key(mkt, key,
+ &ireq->ir_v6_loc_addr, &ireq->ir_v6_rmt_addr,
+ htons(ireq->ir_num), ireq->ir_rmt_port,
+ htonl(tcp_rsk(req)->snt_isn),
+ htonl(tcp_rsk(req)->rcv_isn));
}
struct tcp_ao_key *tcp_v6_ao_lookup(const struct sock *sk,
AF_INET6, sndid, rcvid);
}
-int tcp_v6_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx,
- const struct in6_addr *daddr,
- const struct in6_addr *saddr, int nbytes)
+void tcp_v6_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx,
+ const struct in6_addr *daddr,
+ const struct in6_addr *saddr, int nbytes)
{
/* 1. TCP pseudo-header (RFC2460) */
struct tcp6_pseudohdr phdr = {
};
tcp_ao_mac_update(mac_ctx, &phdr, sizeof(phdr));
- return 0;
}
int tcp_v6_ao_hash_skb(char *ao_hash, struct tcp_ao_key *key,
int hash_offset, u32 sne)
{
u8 tkey_buf[TCP_AO_MAX_TRAFFIC_KEY_LEN];
- int err;
- err = tcp_v6_ao_calc_key_rsk(ao_key, tkey_buf, req);
- if (err)
- return err;
+ tcp_v6_ao_calc_key_rsk(ao_key, tkey_buf, req);
return tcp_ao_hash_skb(AF_INET6, ao_hash, ao_key, req_to_sk(req), skb,
tkey_buf, hash_offset, sne);
projects / thirdparty / linux.git / commitdiff
