summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDavid S. Miller <davem@sunset.davemloft.net>2006-08-24 04:00:03 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 15:08:47 -0700
commitc1969f294e624d5b642fc8e6ab9468b7c7791fa8 (patch)
treeb2487a8cd5d2552e837ceaeb279e660267e528b3 /net
parenta47f0ce05ae12ce9acad62896ff703175764104e (diff)
downloadkernel-crypto-c1969f294e624d5b642fc8e6ab9468b7c7791fa8.tar.gz
kernel-crypto-c1969f294e624d5b642fc8e6ab9468b7c7791fa8.tar.xz
kernel-crypto-c1969f294e624d5b642fc8e6ab9468b7c7791fa8.zip
[XFRM]: Hash xfrm_state objects by source address too.
The source address is always non-prefixed so we should use it to help give entropy to the bydst hash. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/xfrm/xfrm_state.c53
1 files changed, 35 insertions, 18 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 0bc6a4b1cea..37213f9f6a0 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -65,26 +65,40 @@ static inline unsigned int __xfrm6_addr_hash(xfrm_address_t *addr)
return ntohl(addr->a6[2]^addr->a6[3]);
}
-static inline unsigned int __xfrm_dst_hash(xfrm_address_t *addr,
+static inline unsigned int __xfrm4_daddr_saddr_hash(xfrm_address_t *daddr, xfrm_address_t *saddr)
+{
+ return ntohl(daddr->a4 ^ saddr->a4);
+}
+
+static inline unsigned int __xfrm6_daddr_saddr_hash(xfrm_address_t *daddr, xfrm_address_t *saddr)
+{
+ return ntohl(daddr->a6[2] ^ daddr->a6[3] ^
+ saddr->a6[2] ^ saddr->a6[3]);
+}
+
+static inline unsigned int __xfrm_dst_hash(xfrm_address_t *daddr,
+ xfrm_address_t *saddr,
u32 reqid, unsigned short family,
unsigned int hmask)
{
unsigned int h = family ^ reqid;
switch (family) {
case AF_INET:
- h ^= __xfrm4_addr_hash(addr);
+ h ^= __xfrm4_daddr_saddr_hash(daddr, saddr);
break;
case AF_INET6:
- h ^= __xfrm6_addr_hash(addr);
+ h ^= __xfrm6_daddr_saddr_hash(daddr, saddr);
break;
};
return (h ^ (h >> 16)) & hmask;
}
-static inline unsigned int xfrm_dst_hash(xfrm_address_t *addr, u32 reqid,
+static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
+ xfrm_address_t *saddr,
+ u32 reqid,
unsigned short family)
{
- return __xfrm_dst_hash(addr, reqid, family, xfrm_state_hmask);
+ return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
}
static inline unsigned __xfrm_src_hash(xfrm_address_t *addr, unsigned short family,
@@ -108,25 +122,25 @@ static inline unsigned xfrm_src_hash(xfrm_address_t *addr, unsigned short family
}
static inline unsigned int
-__xfrm_spi_hash(xfrm_address_t *addr, u32 spi, u8 proto, unsigned short family,
- unsigned int hmask)
+__xfrm_spi_hash(xfrm_address_t *daddr, u32 spi, u8 proto,
+ unsigned short family, unsigned int hmask)
{
unsigned int h = spi ^ proto;
switch (family) {
case AF_INET:
- h ^= __xfrm4_addr_hash(addr);
+ h ^= __xfrm4_addr_hash(daddr);
break;
case AF_INET6:
- h ^= __xfrm6_addr_hash(addr);
+ h ^= __xfrm6_addr_hash(daddr);
break;
}
return (h ^ (h >> 10) ^ (h >> 20)) & hmask;
}
static inline unsigned int
-xfrm_spi_hash(xfrm_address_t *addr, u32 spi, u8 proto, unsigned short family)
+xfrm_spi_hash(xfrm_address_t *daddr, u32 spi, u8 proto, unsigned short family)
{
- return __xfrm_spi_hash(addr, spi, proto, family, xfrm_state_hmask);
+ return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
}
static struct hlist_head *xfrm_state_hash_alloc(unsigned int sz)
@@ -169,8 +183,9 @@ static void xfrm_hash_transfer(struct hlist_head *list,
hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
unsigned int h;
- h = __xfrm_dst_hash(&x->id.daddr, x->props.reqid,
- x->props.family, nhashmask);
+ h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
+ x->props.reqid, x->props.family,
+ nhashmask);
hlist_add_head(&x->bydst, ndsttable+h);
h = __xfrm_src_hash(&x->props.saddr, x->props.family,
@@ -587,7 +602,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
struct xfrm_policy *pol, int *err,
unsigned short family)
{
- unsigned int h = xfrm_dst_hash(daddr, tmpl->reqid, family);
+ unsigned int h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
struct hlist_node *entry;
struct xfrm_state *x, *x0;
int acquire_in_progress = 0;
@@ -696,7 +711,8 @@ static void __xfrm_state_insert(struct xfrm_state *x)
x->genid = ++xfrm_state_genid;
- h = xfrm_dst_hash(&x->id.daddr, x->props.reqid, x->props.family);
+ h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
+ x->props.reqid, x->props.family);
hlist_add_head(&x->bydst, xfrm_state_bydst+h);
h = xfrm_src_hash(&x->props.saddr, x->props.family);
@@ -732,11 +748,12 @@ static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
struct hlist_node *entry;
unsigned int h;
- h = xfrm_dst_hash(&xnew->id.daddr, reqid, family);
+ h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
if (x->props.family == family &&
x->props.reqid == reqid &&
- !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family))
+ !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
+ !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
x->genid = xfrm_state_genid;
}
}
@@ -753,7 +770,7 @@ EXPORT_SYMBOL(xfrm_state_insert);
/* xfrm_state_lock is held */
static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
{
- unsigned int h = xfrm_dst_hash(daddr, reqid, family);
+ unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
struct hlist_node *entry;
struct xfrm_state *x;