update kernel to 5.10.198

hc

2024-01-03 2f7c68cb55ecb7331f2381deb497c27155f32faf

 kernel/net/xfrm/xfrm_interface.c
similarity index 94%rename from kernel/net/xfrm/xfrm_interface.crename to kernel/net/xfrm/xfrm_interface_core.c
..
..
@@ -207,6 +207,52 @@
207
207
 	skb->mark = 0;
208
208
 }
209
209
 
210
+static int xfrmi_input(struct sk_buff *skb, int nexthdr, __be32 spi,
211
+		       int encap_type, unsigned short family)
212
+{
213
+	struct sec_path *sp;
214
+
215
+	sp = skb_sec_path(skb);
216
+	if (sp && (sp->len || sp->olen) &&
217
+	    !xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family))
218
+		goto discard;
219
+
220
+	XFRM_SPI_SKB_CB(skb)->family = family;
221
+	if (family == AF_INET) {
222
+		XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
223
+		XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
224
+	} else {
225
+		XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr);
226
+		XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = NULL;
227
+	}
228
+
229
+	return xfrm_input(skb, nexthdr, spi, encap_type);
230
+discard:
231
+	kfree_skb(skb);
232
+	return 0;
233
+}
234
+
235
+static int xfrmi4_rcv(struct sk_buff *skb)
236
+{
237
+	return xfrmi_input(skb, ip_hdr(skb)->protocol, 0, 0, AF_INET);
238
+}
239
+
240
+static int xfrmi6_rcv(struct sk_buff *skb)
241
+{
242
+	return xfrmi_input(skb, skb_network_header(skb)[IP6CB(skb)->nhoff],
243
+			   0, 0, AF_INET6);
244
+}
245
+
246
+static int xfrmi4_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
247
+{
248
+	return xfrmi_input(skb, nexthdr, spi, encap_type, AF_INET);
249
+}
250
+
251
+static int xfrmi6_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
252
+{
253
+	return xfrmi_input(skb, nexthdr, spi, encap_type, AF_INET6);
254
+}
255
+
210
256
 static int xfrmi_rcv_cb(struct sk_buff *skb, int err)
211
257
 {
212
258
 	const struct xfrm_mode *inner_mode;
..
..
@@ -357,8 +403,8 @@
357
403
 
358
404
 	switch (skb->protocol) {
359
405
 	case htons(ETH_P_IPV6):
360
-		xfrm_decode_session(skb, &fl, AF_INET6);
361
406
 		memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
407
+		xfrm_decode_session(skb, &fl, AF_INET6);
362
408
 		if (!dst) {
363
409
 			fl.u.ip6.flowi6_oif = dev->ifindex;
364
410
 			fl.u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;
..
..
@@ -372,8 +418,8 @@
372
418
 		}
373
419
 		break;
374
420
 	case htons(ETH_P_IP):
375
-		xfrm_decode_session(skb, &fl, AF_INET);
376
421
 		memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
422
+		xfrm_decode_session(skb, &fl, AF_INET);
377
423
 		if (!dst) {
378
424
 			struct rtable *rt;
379
425
 
..
..
@@ -780,8 +826,8 @@
780
826
 };
781
827
 
782
828
 static struct xfrm6_protocol xfrmi_esp6_protocol __read_mostly = {
783
-	.handler	=	xfrm6_rcv,
784
-	.input_handler	=	xfrm_input,
829
+	.handler	=	xfrmi6_rcv,
830
+	.input_handler	=	xfrmi6_input,
785
831
 	.cb_handler	=	xfrmi_rcv_cb,
786
832
 	.err_handler	=	xfrmi6_err,
787
833
 	.priority	=	10,
..
..
@@ -831,8 +877,8 @@
831
877
 #endif
832
878
 
833
879
 static struct xfrm4_protocol xfrmi_esp4_protocol __read_mostly = {
834
-	.handler	=	xfrm4_rcv,
835
-	.input_handler	=	xfrm_input,
880
+	.handler	=	xfrmi4_rcv,
881
+	.input_handler	=	xfrmi4_input,
836
882
 	.cb_handler	=	xfrmi_rcv_cb,
837
883
 	.err_handler	=	xfrmi4_err,
838
884
 	.priority	=	10,