aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/xfrm.h
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-11-14 00:41:28 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:53:46 -0500
commit227620e295090629fcb2c46ad3828222ab65438d (patch)
tree534162a74628fdfa7a8201cb776a45ca07510e5b /include/net/xfrm.h
parent36cf9acf93e8561d9faec24849e57688a81eb9c5 (diff)
[IPSEC]: Separate inner/outer mode processing on input
With inter-family transforms the inner mode differs from the outer mode. Attempting to handle both sides from the same function means that it needs to handle both IPv4 and IPv6 which creates duplication and confusion. This patch separates the two parts on the input path so that each function deals with one family only. In particular, the functions xfrm4_extract_inut/xfrm6_extract_inut moves the pertinent fields from the IPv4/IPv6 IP headers into a neutral format stored in skb->cb. This is then used by the inner mode input functions to modify the inner IP header. In this way the input function no longer has to know about the outer address family. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r--include/net/xfrm.h27
1 files changed, 27 insertions, 0 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 138c1868be1d..a9dbe091ae58 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -258,6 +258,7 @@ extern int __xfrm_state_delete(struct xfrm_state *x);
258struct xfrm_state_afinfo { 258struct xfrm_state_afinfo {
259 unsigned int family; 259 unsigned int family;
260 unsigned int proto; 260 unsigned int proto;
261 unsigned int eth_proto;
261 struct module *owner; 262 struct module *owner;
262 struct xfrm_type *type_map[IPPROTO_MAX]; 263 struct xfrm_type *type_map[IPPROTO_MAX];
263 struct xfrm_mode *mode_map[XFRM_MODE_MAX]; 264 struct xfrm_mode *mode_map[XFRM_MODE_MAX];
@@ -268,6 +269,8 @@ struct xfrm_state_afinfo {
268 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n); 269 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
269 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n); 270 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
270 int (*output)(struct sk_buff *skb); 271 int (*output)(struct sk_buff *skb);
272 int (*extract_input)(struct xfrm_state *x,
273 struct sk_buff *skb);
271 int (*extract_output)(struct xfrm_state *x, 274 int (*extract_output)(struct xfrm_state *x,
272 struct sk_buff *skb); 275 struct sk_buff *skb);
273}; 276};
@@ -302,6 +305,27 @@ extern int xfrm_register_type(struct xfrm_type *type, unsigned short family);
302extern int xfrm_unregister_type(struct xfrm_type *type, unsigned short family); 305extern int xfrm_unregister_type(struct xfrm_type *type, unsigned short family);
303 306
304struct xfrm_mode { 307struct xfrm_mode {
308 /*
309 * Remove encapsulation header.
310 *
311 * The IP header will be moved over the top of the encapsulation
312 * header.
313 *
314 * On entry, the transport header shall point to where the IP header
315 * should be and the network header shall be set to where the IP
316 * header currently is. skb->data shall point to the start of the
317 * payload.
318 */
319 int (*input2)(struct xfrm_state *x, struct sk_buff *skb);
320
321 /*
322 * This is the actual input entry point.
323 *
324 * For transport mode and equivalent this would be identical to
325 * input2 (which does not need to be set). While tunnel mode
326 * and equivalent would set this to the tunnel encapsulation function
327 * xfrm4_prepare_input that would in turn call input2.
328 */
305 int (*input)(struct xfrm_state *x, struct sk_buff *skb); 329 int (*input)(struct xfrm_state *x, struct sk_buff *skb);
306 330
307 /* 331 /*
@@ -1093,8 +1117,10 @@ extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq);
1093extern void xfrm_replay_notify(struct xfrm_state *x, int event); 1117extern void xfrm_replay_notify(struct xfrm_state *x, int event);
1094extern int xfrm_state_mtu(struct xfrm_state *x, int mtu); 1118extern int xfrm_state_mtu(struct xfrm_state *x, int mtu);
1095extern int xfrm_init_state(struct xfrm_state *x); 1119extern int xfrm_init_state(struct xfrm_state *x);
1120extern int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb);
1096extern int xfrm_output(struct sk_buff *skb); 1121extern int xfrm_output(struct sk_buff *skb);
1097extern int xfrm4_extract_header(struct sk_buff *skb); 1122extern int xfrm4_extract_header(struct sk_buff *skb);
1123extern int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb);
1098extern int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, 1124extern int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
1099 int encap_type); 1125 int encap_type);
1100extern int xfrm4_rcv(struct sk_buff *skb); 1126extern int xfrm4_rcv(struct sk_buff *skb);
@@ -1110,6 +1136,7 @@ extern int xfrm4_output(struct sk_buff *skb);
1110extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family); 1136extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family);
1111extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family); 1137extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family);
1112extern int xfrm6_extract_header(struct sk_buff *skb); 1138extern int xfrm6_extract_header(struct sk_buff *skb);
1139extern int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb);
1113extern int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi); 1140extern int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi);
1114extern int xfrm6_rcv(struct sk_buff *skb); 1141extern int xfrm6_rcv(struct sk_buff *skb);
1115extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr, 1142extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,