[IPSEC] Call xfrm6_rcv in xfrm6_tunnel

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [IPSEC] Call xfrm6_rcv in xfrm6_tunnel_rcv
@ 2004-08-17 12:26 Herbert Xu
  2004-08-18 22:03 ` David S. Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Herbert Xu @ 2004-08-17 12:26 UTC (permalink / raw)
  To: David S. Miller, YOSHIFUJI Hideaki, netdev

[-- Attachment #1: Type: text/plain, Size: 530 bytes --]

Hi:

This patch reuses the code in xfrm6_input.c for receiving xfrm6_tunnel
packets.  This removes duplicate code as well as fixing the bugs unique
to xfrm6_tunnel_input.  For example, it didn't move the MAC header down.
Nor did it do anything with ECN.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[-- Attachment #2: p --]
[-- Type: text/plain, Size: 3475 bytes --]

===== include/net/xfrm.h 1.66 vs edited =====
--- 1.66/include/net/xfrm.h	2004-08-17 21:45:38 +10:00
+++ edited/include/net/xfrm.h	2004-08-17 22:14:07 +10:00
@@ -780,6 +780,7 @@
 extern int xfrm4_output(struct sk_buff **pskb);
 extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler);
 extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler);
+extern int xfrm6_rcv_spi(struct sk_buff **pskb, unsigned int *nhoffp, u32 spi);
 extern int xfrm6_rcv(struct sk_buff **pskb, unsigned int *nhoffp);
 extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler);
 extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler);
===== net/ipv6/xfrm6_input.c 1.17 vs edited =====
--- 1.17/net/ipv6/xfrm6_input.c	2004-07-30 21:16:40 +10:00
+++ edited/net/ipv6/xfrm6_input.c	2004-08-17 22:15:25 +10:00
@@ -9,6 +9,7 @@
  *		IPv6 support
  */
 
+#include <linux/module.h>
 #include <linux/string.h>
 #include <net/inet_ecn.h>
 #include <net/ip.h>
@@ -25,11 +26,11 @@
 		IP6_ECN_set_ce(inner_iph);
 }
 
-int xfrm6_rcv(struct sk_buff **pskb, unsigned int *nhoffp)
+int xfrm6_rcv_spi(struct sk_buff **pskb, unsigned int *nhoffp, u32 spi)
 {
 	struct sk_buff *skb = *pskb;
 	int err;
-	u32 spi, seq;
+	u32 seq;
 	struct sec_decap_state xfrm_vec[XFRM_MAX_DEPTH];
 	struct xfrm_state *x;
 	int xfrm_nr = 0;
@@ -40,7 +41,8 @@
 	nhoff = *nhoffp;
 	nexthdr = skb->nh.raw[nhoff];
 
-	if ((err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0)
+	seq = 0;
+	if (!spi && (err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0)
 		goto drop;
 	
 	do {
@@ -136,4 +138,11 @@
 		xfrm_state_put(xfrm_vec[xfrm_nr].xvec);
 	kfree_skb(skb);
 	return -1;
+}
+
+EXPORT_SYMBOL(xfrm6_rcv_spi);
+
+int xfrm6_rcv(struct sk_buff **pskb, unsigned int *nhoffp)
+{
+	return xfrm6_rcv_spi(pskb, nhoffp, 0);
 }
===== net/ipv6/xfrm6_tunnel.c 1.7 vs edited =====
--- 1.7/net/ipv6/xfrm6_tunnel.c	2004-08-14 20:59:44 +10:00
+++ edited/net/ipv6/xfrm6_tunnel.c	2004-08-17 22:23:54 +10:00
@@ -356,17 +356,6 @@
 
 static int xfrm6_tunnel_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struct sk_buff *skb)
 {
-	if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 
-		return -EINVAL;
-
-	skb->mac.raw = skb->nh.raw;
-	skb->nh.raw = skb->data;
-	dst_release(skb->dst);
-	skb->dst = NULL;
-	skb->protocol = htons(ETH_P_IPV6);
-	skb->pkt_type = PACKET_HOST;
-	netif_rx(skb);
-
 	return 0;
 }
 
@@ -413,49 +402,15 @@
 {
 	struct sk_buff *skb = *pskb;
 	struct xfrm6_tunnel *handler = xfrm6_tunnel_handler;
-	struct xfrm_state *x = NULL;
 	struct ipv6hdr *iph = skb->nh.ipv6h;
-	int err = 0;
 	u32 spi;
 
 	/* device-like_ip6ip6_handler() */
-	if (handler) {
-		err = handler->handler(pskb, nhoffp);
-		if (!err)
-			goto out;
-	}
+	if (handler && handler->handler(pskb, nhoffp) == 0)
+		return 0;
 
 	spi = xfrm6_tunnel_spi_lookup((xfrm_address_t *)&iph->saddr);
-	x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, 
-			spi,
-			IPPROTO_IPV6, AF_INET6);
-
-	if (!x)
-		goto drop;
-
-	spin_lock(&x->lock);
-
-	if (unlikely(x->km.state != XFRM_STATE_VALID))
-		goto drop_unlock;
-
-	err = xfrm6_tunnel_input(x, NULL, skb);
-	if (err)
-		goto drop_unlock;
-
-	x->curlft.bytes += skb->len;
-	x->curlft.packets++; 
-	spin_unlock(&x->lock); 
-	xfrm_state_put(x); 
-
-out:
-	return 0;
-
-drop_unlock:
-	spin_unlock(&x->lock);
-	xfrm_state_put(x);
-drop:
-	kfree_skb(skb);
-	return -1;
+	return xfrm6_rcv_spi(pskb, nhoffp, spi);
 }
 
 static void xfrm6_tunnel_err(struct sk_buff *skb, struct inet6_skb_parm *opt,

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [IPSEC] Call xfrm6_rcv in xfrm6_tunnel_rcv
  2004-08-17 12:26 [IPSEC] Call xfrm6_rcv in xfrm6_tunnel_rcv Herbert Xu
@ 2004-08-18 22:03 ` David S. Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David S. Miller @ 2004-08-18 22:03 UTC (permalink / raw)
  To: Herbert Xu; +Cc: yoshfuji, netdev

On Tue, 17 Aug 2004 22:26:38 +1000
Herbert Xu <herbert@gondor.apana.org.au> wrote:

> This patch reuses the code in xfrm6_input.c for receiving xfrm6_tunnel
> packets.  This removes duplicate code as well as fixing the bugs unique
> to xfrm6_tunnel_input.  For example, it didn't move the MAC header down.
> Nor did it do anything with ECN.

Looks great, patch applied.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2004-08-18 22:03 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-17 12:26 [IPSEC] Call xfrm6_rcv in xfrm6_tunnel_rcv Herbert Xu
2004-08-18 22:03 ` David S. Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).