Commit 37fedd3a authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller

[IPSEC]: Use IPv6 calling convention as the convention for x->mode->output

The IPv6 calling convention for x->mode->output is more general and could
help an eventual protocol-generic x->type->output implementation.  This
patch adopts it for IPv4 as well and modifies the IPv4 type output functions
accordingly.

It also rewrites the IPv6 mac/transport header calculation to be based off
the network header where practical.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7b277b1a
...@@ -300,6 +300,18 @@ extern void xfrm_put_type(struct xfrm_type *type); ...@@ -300,6 +300,18 @@ extern void xfrm_put_type(struct xfrm_type *type);
struct xfrm_mode { struct xfrm_mode {
int (*input)(struct xfrm_state *x, struct sk_buff *skb); int (*input)(struct xfrm_state *x, struct sk_buff *skb);
/*
* Add encapsulation header.
*
* On exit, the transport header will be set to the start of the
* encapsulation header to be filled in by x->type->output and
* the mac header will be set to the nextheader (protocol for
* IPv4) field of the extension header directly preceding the
* encapsulation header, or in its absence, that of the top IP
* header. The value of the network header will always point
* to the top IP header while skb->data will point to the payload.
*/
int (*output)(struct xfrm_state *x,struct sk_buff *skb); int (*output)(struct xfrm_state *x,struct sk_buff *skb);
struct module *owner; struct module *owner;
......
...@@ -82,14 +82,14 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -82,14 +82,14 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
goto error; goto error;
} }
ah = (struct ip_auth_hdr *)((char *)top_iph+top_iph->ihl*4); ah = (struct ip_auth_hdr *)skb_transport_header(skb);
ah->nexthdr = top_iph->protocol; ah->nexthdr = *skb_mac_header(skb);
*skb_mac_header(skb) = IPPROTO_AH;
top_iph->tos = 0; top_iph->tos = 0;
top_iph->tot_len = htons(skb->len); top_iph->tot_len = htons(skb->len);
top_iph->frag_off = 0; top_iph->frag_off = 0;
top_iph->ttl = 0; top_iph->ttl = 0;
top_iph->protocol = IPPROTO_AH;
top_iph->check = 0; top_iph->check = 0;
ahp = x->data; ahp = x->data;
......
...@@ -60,10 +60,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -60,10 +60,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
skb_push(skb, -skb_network_offset(skb)); skb_push(skb, -skb_network_offset(skb));
top_iph = ip_hdr(skb); top_iph = ip_hdr(skb);
esph = (struct ip_esp_hdr *)(skb_network_header(skb) + esph = (struct ip_esp_hdr *)skb_transport_header(skb);
top_iph->ihl * 4);
top_iph->tot_len = htons(skb->len + alen); top_iph->tot_len = htons(skb->len + alen);
*(skb_tail_pointer(trailer) - 1) = top_iph->protocol; *(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb);
*skb_mac_header(skb) = IPPROTO_ESP;
spin_lock_bh(&x->lock); spin_lock_bh(&x->lock);
...@@ -91,9 +91,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -91,9 +91,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
break; break;
} }
top_iph->protocol = IPPROTO_UDP; *skb_mac_header(skb) = IPPROTO_UDP;
} else }
top_iph->protocol = IPPROTO_ESP;
esph->spi = x->id.spi; esph->spi = x->id.spi;
esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq); esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq);
......
...@@ -98,10 +98,10 @@ static int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -98,10 +98,10 @@ static int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb) static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
{ {
struct ipcomp_data *ipcd = x->data; struct ipcomp_data *ipcd = x->data;
const int ihlen = ip_hdrlen(skb); const int ihlen = skb_transport_offset(skb);
const int plen = skb->len - ihlen; const int plen = skb->len - ihlen;
int dlen = IPCOMP_SCRATCH_SIZE; int dlen = IPCOMP_SCRATCH_SIZE;
u8 *start = skb->data + ihlen; u8 *start = skb_transport_header(skb);
const int cpu = get_cpu(); const int cpu = get_cpu();
u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu); u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu); struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
...@@ -154,11 +154,11 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -154,11 +154,11 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
/* Install ipcomp header, convert into ipcomp datagram. */ /* Install ipcomp header, convert into ipcomp datagram. */
iph->tot_len = htons(skb->len); iph->tot_len = htons(skb->len);
ipch = (struct ip_comp_hdr *)((char *)iph + iph->ihl * 4); ipch = (struct ip_comp_hdr *)skb_transport_header(skb);
ipch->nexthdr = iph->protocol; ipch->nexthdr = *skb_mac_header(skb);
ipch->flags = 0; ipch->flags = 0;
ipch->cpi = htons((u16 )ntohl(x->id.spi)); ipch->cpi = htons((u16 )ntohl(x->id.spi));
iph->protocol = IPPROTO_COMP; *skb_mac_header(skb) = IPPROTO_COMP;
ip_send_check(iph); ip_send_check(iph);
return 0; return 0;
......
...@@ -23,17 +23,14 @@ ...@@ -23,17 +23,14 @@
* The following fields in it shall be filled in by x->type->output: * The following fields in it shall be filled in by x->type->output:
* tot_len * tot_len
* check * check
*
* On exit, skb->h will be set to the start of the payload to be processed
* by x->type->output and skb->nh will be set to the top IP header.
*/ */
static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb) static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
{ {
struct ip_beet_phdr *ph;
struct iphdr *iph, *top_iph; struct iphdr *iph, *top_iph;
int hdrlen, optlen; int hdrlen, optlen;
iph = ip_hdr(skb); iph = ip_hdr(skb);
skb->transport_header = skb->network_header;
hdrlen = 0; hdrlen = 0;
optlen = iph->ihl * 4 - sizeof(*iph); optlen = iph->ihl * 4 - sizeof(*iph);
...@@ -42,17 +39,17 @@ static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -42,17 +39,17 @@ static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
skb_set_network_header(skb, IPV4_BEET_PHMAXLEN - x->props.header_len - skb_set_network_header(skb, IPV4_BEET_PHMAXLEN - x->props.header_len -
hdrlen); hdrlen);
top_iph = ip_hdr(skb); skb->mac_header = skb->network_header +
skb->transport_header += sizeof(*iph) - hdrlen; offsetof(struct iphdr, protocol);
__skb_pull(skb, sizeof(*iph) - hdrlen); skb->transport_header = skb->network_header + sizeof(*iph);
ph = (struct ip_beet_phdr *)__skb_pull(skb, sizeof(*iph) - hdrlen);
top_iph = ip_hdr(skb);
memmove(top_iph, iph, sizeof(*iph)); memmove(top_iph, iph, sizeof(*iph));
if (unlikely(optlen)) { if (unlikely(optlen)) {
struct ip_beet_phdr *ph;
BUG_ON(optlen < 0); BUG_ON(optlen < 0);
ph = (struct ip_beet_phdr *)skb_transport_header(skb);
ph->padlen = 4 - (optlen & 4); ph->padlen = 4 - (optlen & 4);
ph->hdrlen = optlen / 8; ph->hdrlen = optlen / 8;
ph->nexthdr = top_iph->protocol; ph->nexthdr = top_iph->protocol;
......
...@@ -17,17 +17,16 @@ ...@@ -17,17 +17,16 @@
* *
* The IP header will be moved forward to make space for the encapsulation * The IP header will be moved forward to make space for the encapsulation
* header. * header.
*
* On exit, skb->h will be set to the start of the payload to be processed
* by x->type->output and skb->nh will be set to the top IP header.
*/ */
static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb) static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb)
{ {
struct iphdr *iph = ip_hdr(skb); struct iphdr *iph = ip_hdr(skb);
int ihl = iph->ihl * 4; int ihl = iph->ihl * 4;
skb->transport_header = skb->network_header + ihl;
skb_set_network_header(skb, -x->props.header_len); skb_set_network_header(skb, -x->props.header_len);
skb->mac_header = skb->network_header +
offsetof(struct iphdr, protocol);
skb->transport_header = skb->network_header + ihl;
__skb_pull(skb, ihl); __skb_pull(skb, ihl);
memmove(skb_network_header(skb), iph, ihl); memmove(skb_network_header(skb), iph, ihl);
return 0; return 0;
......
...@@ -35,9 +35,6 @@ static inline void ipip6_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb) ...@@ -35,9 +35,6 @@ static inline void ipip6_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)
* in it shall be filled in by x->type->output: * in it shall be filled in by x->type->output:
* tot_len * tot_len
* check * check
*
* On exit, skb->h will be set to the start of the payload to be processed
* by x->type->output and skb->nh will be set to the top IP header.
*/ */
static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
{ {
...@@ -47,9 +44,11 @@ static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -47,9 +44,11 @@ static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
int flags; int flags;
iph = ip_hdr(skb); iph = ip_hdr(skb);
skb->transport_header = skb->network_header;
skb_set_network_header(skb, -x->props.header_len); skb_set_network_header(skb, -x->props.header_len);
skb->mac_header = skb->network_header +
offsetof(struct iphdr, protocol);
skb->transport_header = skb->network_header + sizeof(*iph);
top_iph = ip_hdr(skb); top_iph = ip_hdr(skb);
top_iph->ihl = 5; top_iph->ihl = 5;
......
...@@ -24,13 +24,6 @@ ...@@ -24,13 +24,6 @@
* The top IP header will be constructed per draft-nikander-esp-beet-mode-06.txt. * The top IP header will be constructed per draft-nikander-esp-beet-mode-06.txt.
* The following fields in it shall be filled in by x->type->output: * The following fields in it shall be filled in by x->type->output:
* payload_len * payload_len
*
* On exit, skb->h will be set to the start of the encapsulation header to be
* filled in by x->type->output and the mac header will be set to the
* nextheader field of the extension header directly preceding the
* encapsulation header, or in its absence, that of the top IP header.
* The value of the network header will always point to the top IP header
* while skb->data will point to the payload.
*/ */
static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb) static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb)
{ {
...@@ -44,7 +37,7 @@ static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -44,7 +37,7 @@ static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb)
skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data); skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data);
skb_set_network_header(skb, -x->props.header_len); skb_set_network_header(skb, -x->props.header_len);
skb_set_transport_header(skb, hdr_len - x->props.header_len); skb->transport_header = skb->network_header + hdr_len;
__skb_pull(skb, hdr_len); __skb_pull(skb, hdr_len);
top_iph = ipv6_hdr(skb); top_iph = ipv6_hdr(skb);
......
...@@ -37,13 +37,6 @@ ...@@ -37,13 +37,6 @@
* *
* The IP header and mutable extension headers will be moved forward to make * The IP header and mutable extension headers will be moved forward to make
* space for the route optimization header. * space for the route optimization header.
*
* On exit, skb->h will be set to the start of the encapsulation header to be
* filled in by x->type->output and the mac header will be set to the
* nextheader field of the extension header directly preceding the
* encapsulation header, or in its absence, that of the top IP header.
* The value of the network header will always point to the top IP header
* while skb->data will point to the payload.
*/ */
static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb) static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb)
{ {
...@@ -56,7 +49,7 @@ static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -56,7 +49,7 @@ static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb)
hdr_len = x->type->hdr_offset(x, skb, &prevhdr); hdr_len = x->type->hdr_offset(x, skb, &prevhdr);
skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data); skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data);
skb_set_network_header(skb, -x->props.header_len); skb_set_network_header(skb, -x->props.header_len);
skb_set_transport_header(skb, hdr_len - x->props.header_len); skb->transport_header = skb->network_header + hdr_len;
__skb_pull(skb, hdr_len); __skb_pull(skb, hdr_len);
memmove(ipv6_hdr(skb), iph, hdr_len); memmove(ipv6_hdr(skb), iph, hdr_len);
......
...@@ -18,13 +18,6 @@ ...@@ -18,13 +18,6 @@
* *
* The IP header and mutable extension headers will be moved forward to make * The IP header and mutable extension headers will be moved forward to make
* space for the encapsulation header. * space for the encapsulation header.
*
* On exit, skb->h will be set to the start of the encapsulation header to be
* filled in by x->type->output and the mac header will be set to the
* nextheader field of the extension header directly preceding the
* encapsulation header, or in its absence, that of the top IP header.
* The value of the network header will always point to the top IP header
* while skb->data will point to the payload.
*/ */
static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb) static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb)
{ {
...@@ -37,7 +30,7 @@ static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -37,7 +30,7 @@ static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb)
hdr_len = x->type->hdr_offset(x, skb, &prevhdr); hdr_len = x->type->hdr_offset(x, skb, &prevhdr);
skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data); skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data);
skb_set_network_header(skb, -x->props.header_len); skb_set_network_header(skb, -x->props.header_len);
skb_set_transport_header(skb, hdr_len - x->props.header_len); skb->transport_header = skb->network_header + hdr_len;
__skb_pull(skb, hdr_len); __skb_pull(skb, hdr_len);
memmove(ipv6_hdr(skb), iph, hdr_len); memmove(ipv6_hdr(skb), iph, hdr_len);
return 0; return 0;
......
...@@ -36,13 +36,6 @@ static inline void ip6ip_ecn_decapsulate(struct sk_buff *skb) ...@@ -36,13 +36,6 @@ static inline void ip6ip_ecn_decapsulate(struct sk_buff *skb)
* The top IP header will be constructed per RFC 2401. The following fields * The top IP header will be constructed per RFC 2401. The following fields
* in it shall be filled in by x->type->output: * in it shall be filled in by x->type->output:
* payload_len * payload_len
*
* On exit, skb->h will be set to the start of the encapsulation header to be
* filled in by x->type->output and the mac header will be set to the
* nextheader field of the extension header directly preceding the
* encapsulation header, or in its absence, that of the top IP header.
* The value of the network header will always point to the top IP header
* while skb->data will point to the payload.
*/ */
static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
{ {
...@@ -53,11 +46,10 @@ static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -53,11 +46,10 @@ static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
iph = ipv6_hdr(skb); iph = ipv6_hdr(skb);
skb_set_mac_header(skb, offsetof(struct ipv6hdr, nexthdr) -
x->props.header_len);
skb_set_network_header(skb, -x->props.header_len); skb_set_network_header(skb, -x->props.header_len);
skb_set_transport_header(skb, sizeof(struct ipv6hdr) - skb->mac_header = skb->network_header +
x->props.header_len); offsetof(struct ipv6hdr, nexthdr);
skb->transport_header = skb->network_header + sizeof(*iph);
top_iph = ipv6_hdr(skb); top_iph = ipv6_hdr(skb);
top_iph->version = 6; top_iph->version = 6;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment