* [IPSEC] Call xfrm6_rcv in xfrm6_tunnel_rcv
@ 2004-08-17 12:26 Herbert Xu
2004-08-18 22:03 ` David S. Miller
0 siblings, 1 reply; 2+ messages in thread
From: Herbert Xu @ 2004-08-17 12:26 UTC (permalink / raw)
To: David S. Miller, YOSHIFUJI Hideaki, netdev
[-- Attachment #1: Type: text/plain, Size: 530 bytes --]
Hi:
This patch reuses the code in xfrm6_input.c for receiving xfrm6_tunnel
packets. This removes duplicate code as well as fixing the bugs unique
to xfrm6_tunnel_input. For example, it didn't move the MAC header down.
Nor did it do anything with ECN.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[-- Attachment #2: p --]
[-- Type: text/plain, Size: 3475 bytes --]
===== include/net/xfrm.h 1.66 vs edited =====
--- 1.66/include/net/xfrm.h 2004-08-17 21:45:38 +10:00
+++ edited/include/net/xfrm.h 2004-08-17 22:14:07 +10:00
@@ -780,6 +780,7 @@
extern int xfrm4_output(struct sk_buff **pskb);
extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler);
extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler);
+extern int xfrm6_rcv_spi(struct sk_buff **pskb, unsigned int *nhoffp, u32 spi);
extern int xfrm6_rcv(struct sk_buff **pskb, unsigned int *nhoffp);
extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler);
extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler);
===== net/ipv6/xfrm6_input.c 1.17 vs edited =====
--- 1.17/net/ipv6/xfrm6_input.c 2004-07-30 21:16:40 +10:00
+++ edited/net/ipv6/xfrm6_input.c 2004-08-17 22:15:25 +10:00
@@ -9,6 +9,7 @@
* IPv6 support
*/
+#include <linux/module.h>
#include <linux/string.h>
#include <net/inet_ecn.h>
#include <net/ip.h>
@@ -25,11 +26,11 @@
IP6_ECN_set_ce(inner_iph);
}
-int xfrm6_rcv(struct sk_buff **pskb, unsigned int *nhoffp)
+int xfrm6_rcv_spi(struct sk_buff **pskb, unsigned int *nhoffp, u32 spi)
{
struct sk_buff *skb = *pskb;
int err;
- u32 spi, seq;
+ u32 seq;
struct sec_decap_state xfrm_vec[XFRM_MAX_DEPTH];
struct xfrm_state *x;
int xfrm_nr = 0;
@@ -40,7 +41,8 @@
nhoff = *nhoffp;
nexthdr = skb->nh.raw[nhoff];
- if ((err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0)
+ seq = 0;
+ if (!spi && (err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0)
goto drop;
do {
@@ -136,4 +138,11 @@
xfrm_state_put(xfrm_vec[xfrm_nr].xvec);
kfree_skb(skb);
return -1;
+}
+
+EXPORT_SYMBOL(xfrm6_rcv_spi);
+
+int xfrm6_rcv(struct sk_buff **pskb, unsigned int *nhoffp)
+{
+ return xfrm6_rcv_spi(pskb, nhoffp, 0);
}
===== net/ipv6/xfrm6_tunnel.c 1.7 vs edited =====
--- 1.7/net/ipv6/xfrm6_tunnel.c 2004-08-14 20:59:44 +10:00
+++ edited/net/ipv6/xfrm6_tunnel.c 2004-08-17 22:23:54 +10:00
@@ -356,17 +356,6 @@
static int xfrm6_tunnel_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struct sk_buff *skb)
{
- if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
- return -EINVAL;
-
- skb->mac.raw = skb->nh.raw;
- skb->nh.raw = skb->data;
- dst_release(skb->dst);
- skb->dst = NULL;
- skb->protocol = htons(ETH_P_IPV6);
- skb->pkt_type = PACKET_HOST;
- netif_rx(skb);
-
return 0;
}
@@ -413,49 +402,15 @@
{
struct sk_buff *skb = *pskb;
struct xfrm6_tunnel *handler = xfrm6_tunnel_handler;
- struct xfrm_state *x = NULL;
struct ipv6hdr *iph = skb->nh.ipv6h;
- int err = 0;
u32 spi;
/* device-like_ip6ip6_handler() */
- if (handler) {
- err = handler->handler(pskb, nhoffp);
- if (!err)
- goto out;
- }
+ if (handler && handler->handler(pskb, nhoffp) == 0)
+ return 0;
spi = xfrm6_tunnel_spi_lookup((xfrm_address_t *)&iph->saddr);
- x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr,
- spi,
- IPPROTO_IPV6, AF_INET6);
-
- if (!x)
- goto drop;
-
- spin_lock(&x->lock);
-
- if (unlikely(x->km.state != XFRM_STATE_VALID))
- goto drop_unlock;
-
- err = xfrm6_tunnel_input(x, NULL, skb);
- if (err)
- goto drop_unlock;
-
- x->curlft.bytes += skb->len;
- x->curlft.packets++;
- spin_unlock(&x->lock);
- xfrm_state_put(x);
-
-out:
- return 0;
-
-drop_unlock:
- spin_unlock(&x->lock);
- xfrm_state_put(x);
-drop:
- kfree_skb(skb);
- return -1;
+ return xfrm6_rcv_spi(pskb, nhoffp, spi);
}
static void xfrm6_tunnel_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [IPSEC] Call xfrm6_rcv in xfrm6_tunnel_rcv
2004-08-17 12:26 [IPSEC] Call xfrm6_rcv in xfrm6_tunnel_rcv Herbert Xu
@ 2004-08-18 22:03 ` David S. Miller
0 siblings, 0 replies; 2+ messages in thread
From: David S. Miller @ 2004-08-18 22:03 UTC (permalink / raw)
To: Herbert Xu; +Cc: yoshfuji, netdev
On Tue, 17 Aug 2004 22:26:38 +1000
Herbert Xu <herbert@gondor.apana.org.au> wrote:
> This patch reuses the code in xfrm6_input.c for receiving xfrm6_tunnel
> packets. This removes duplicate code as well as fixing the bugs unique
> to xfrm6_tunnel_input. For example, it didn't move the MAC header down.
> Nor did it do anything with ECN.
Looks great, patch applied.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-08-18 22:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-17 12:26 [IPSEC] Call xfrm6_rcv in xfrm6_tunnel_rcv Herbert Xu
2004-08-18 22:03 ` David S. Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).