aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMasahide NAKAMURA <nakam@linux-ipv6.org>2006-09-22 18:05:15 -0400
committerDavid S. Miller <davem@davemloft.net>2006-09-22 18:05:15 -0400
commit7e49e6de30efa716614e280d97963c570f3acf29 (patch)
tree8eaef9d40300d16a7675722e082c5d8ab2a53d40
parent77d16f450ae0452d7d4b009f78debb1294fb435c (diff)
[XFRM]: Add XFRM_MODE_xxx for future use.
Transformation mode is used as either IPsec transport or tunnel. It is required to add two more items, route optimization and inbound trigger for Mobile IPv6. Based on MIPL2 kernel patch. This patch was also written by: Ville Nuorvala <vnuorval@tcs.hut.fi> Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/linux/xfrm.h6
-rw-r--r--include/net/xfrm.h2
-rw-r--r--net/ipv4/ah4.c2
-rw-r--r--net/ipv4/esp4.c6
-rw-r--r--net/ipv4/ipcomp.c8
-rw-r--r--net/ipv4/xfrm4_input.c2
-rw-r--r--net/ipv4/xfrm4_output.c4
-rw-r--r--net/ipv4/xfrm4_policy.c2
-rw-r--r--net/ipv4/xfrm4_state.c2
-rw-r--r--net/ipv4/xfrm4_tunnel.c2
-rw-r--r--net/ipv6/ah6.c2
-rw-r--r--net/ipv6/esp6.c4
-rw-r--r--net/ipv6/ipcomp6.c6
-rw-r--r--net/ipv6/xfrm6_input.c2
-rw-r--r--net/ipv6/xfrm6_output.c4
-rw-r--r--net/ipv6/xfrm6_policy.c2
-rw-r--r--net/ipv6/xfrm6_state.c2
-rw-r--r--net/ipv6/xfrm6_tunnel.c2
-rw-r--r--net/key/af_key.c6
-rw-r--r--net/xfrm/xfrm_policy.c11
-rw-r--r--net/xfrm/xfrm_user.c4
21 files changed, 42 insertions, 39 deletions
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 46a15c7a1a13..5154064b6d95 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -120,7 +120,9 @@ enum
120 120
121#define XFRM_MODE_TRANSPORT 0 121#define XFRM_MODE_TRANSPORT 0
122#define XFRM_MODE_TUNNEL 1 122#define XFRM_MODE_TUNNEL 1
123#define XFRM_MODE_MAX 2 123#define XFRM_MODE_ROUTEOPTIMIZATION 2
124#define XFRM_MODE_IN_TRIGGER 3
125#define XFRM_MODE_MAX 4
124 126
125/* Netlink configuration messages. */ 127/* Netlink configuration messages. */
126enum { 128enum {
@@ -247,7 +249,7 @@ struct xfrm_usersa_info {
247 __u32 seq; 249 __u32 seq;
248 __u32 reqid; 250 __u32 reqid;
249 __u16 family; 251 __u16 family;
250 __u8 mode; /* 0=transport,1=tunnel */ 252 __u8 mode; /* XFRM_MODE_xxx */
251 __u8 replay_window; 253 __u8 replay_window;
252 __u8 flags; 254 __u8 flags;
253#define XFRM_STATE_NOECN 1 255#define XFRM_STATE_NOECN 1
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 00bf86e6e82b..762795624b10 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -298,7 +298,7 @@ struct xfrm_tmpl
298 298
299 __u32 reqid; 299 __u32 reqid;
300 300
301/* Mode: transport/tunnel */ 301/* Mode: transport, tunnel etc. */
302 __u8 mode; 302 __u8 mode;
303 303
304/* Sharing mode: unique, this session only, this user only etc. */ 304/* Sharing mode: unique, this session only, this user only etc. */
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index 008e69d2e423..99542977e47e 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -265,7 +265,7 @@ static int ah_init_state(struct xfrm_state *x)
265 goto error; 265 goto error;
266 266
267 x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len); 267 x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len);
268 if (x->props.mode) 268 if (x->props.mode == XFRM_MODE_TUNNEL)
269 x->props.header_len += sizeof(struct iphdr); 269 x->props.header_len += sizeof(struct iphdr);
270 x->data = ahp; 270 x->data = ahp;
271 271
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index b428489f6ccd..e87377e1d6b6 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -248,7 +248,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
248 * as per draft-ietf-ipsec-udp-encaps-06, 248 * as per draft-ietf-ipsec-udp-encaps-06,
249 * section 3.1.2 249 * section 3.1.2
250 */ 250 */
251 if (!x->props.mode) 251 if (x->props.mode == XFRM_MODE_TRANSPORT)
252 skb->ip_summed = CHECKSUM_UNNECESSARY; 252 skb->ip_summed = CHECKSUM_UNNECESSARY;
253 } 253 }
254 254
@@ -267,7 +267,7 @@ static u32 esp4_get_max_size(struct xfrm_state *x, int mtu)
267 struct esp_data *esp = x->data; 267 struct esp_data *esp = x->data;
268 u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4); 268 u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4);
269 269
270 if (x->props.mode) { 270 if (x->props.mode == XFRM_MODE_TUNNEL) {
271 mtu = ALIGN(mtu + 2, blksize); 271 mtu = ALIGN(mtu + 2, blksize);
272 } else { 272 } else {
273 /* The worst case. */ 273 /* The worst case. */
@@ -383,7 +383,7 @@ static int esp_init_state(struct xfrm_state *x)
383 if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) 383 if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))
384 goto error; 384 goto error;
385 x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; 385 x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
386 if (x->props.mode) 386 if (x->props.mode == XFRM_MODE_TUNNEL)
387 x->props.header_len += sizeof(struct iphdr); 387 x->props.header_len += sizeof(struct iphdr);
388 if (x->encap) { 388 if (x->encap) {
389 struct xfrm_encap_tmpl *encap = x->encap; 389 struct xfrm_encap_tmpl *encap = x->encap;
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index 5bb9c9f03fb6..17342430a843 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -176,7 +176,7 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
176 return 0; 176 return 0;
177 177
178out_ok: 178out_ok:
179 if (x->props.mode) 179 if (x->props.mode == XFRM_MODE_TUNNEL)
180 ip_send_check(iph); 180 ip_send_check(iph);
181 return 0; 181 return 0;
182} 182}
@@ -216,7 +216,7 @@ static struct xfrm_state *ipcomp_tunnel_create(struct xfrm_state *x)
216 t->id.daddr.a4 = x->id.daddr.a4; 216 t->id.daddr.a4 = x->id.daddr.a4;
217 memcpy(&t->sel, &x->sel, sizeof(t->sel)); 217 memcpy(&t->sel, &x->sel, sizeof(t->sel));
218 t->props.family = AF_INET; 218 t->props.family = AF_INET;
219 t->props.mode = 1; 219 t->props.mode = XFRM_MODE_TUNNEL;
220 t->props.saddr.a4 = x->props.saddr.a4; 220 t->props.saddr.a4 = x->props.saddr.a4;
221 t->props.flags = x->props.flags; 221 t->props.flags = x->props.flags;
222 222
@@ -416,7 +416,7 @@ static int ipcomp_init_state(struct xfrm_state *x)
416 goto out; 416 goto out;
417 417
418 x->props.header_len = 0; 418 x->props.header_len = 0;
419 if (x->props.mode) 419 if (x->props.mode == XFRM_MODE_TUNNEL)
420 x->props.header_len += sizeof(struct iphdr); 420 x->props.header_len += sizeof(struct iphdr);
421 421
422 mutex_lock(&ipcomp_resource_mutex); 422 mutex_lock(&ipcomp_resource_mutex);
@@ -428,7 +428,7 @@ static int ipcomp_init_state(struct xfrm_state *x)
428 goto error; 428 goto error;
429 mutex_unlock(&ipcomp_resource_mutex); 429 mutex_unlock(&ipcomp_resource_mutex);
430 430
431 if (x->props.mode) { 431 if (x->props.mode == XFRM_MODE_TUNNEL) {
432 err = ipcomp_tunnel_attach(x); 432 err = ipcomp_tunnel_attach(x);
433 if (err) 433 if (err)
434 goto error_tunnel; 434 goto error_tunnel;
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index 817ed84511a6..040e8475f295 100644
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -106,7 +106,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
106 if (x->mode->input(x, skb)) 106 if (x->mode->input(x, skb))
107 goto drop; 107 goto drop;
108 108
109 if (x->props.mode) { 109 if (x->props.mode == XFRM_MODE_TUNNEL) {
110 decaps = 1; 110 decaps = 1;
111 break; 111 break;
112 } 112 }
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 4a96a9e3ef3b..5fd115f0c547 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -54,7 +54,7 @@ static int xfrm4_output_one(struct sk_buff *skb)
54 goto error_nolock; 54 goto error_nolock;
55 } 55 }
56 56
57 if (x->props.mode) { 57 if (x->props.mode == XFRM_MODE_TUNNEL) {
58 err = xfrm4_tunnel_check_size(skb); 58 err = xfrm4_tunnel_check_size(skb);
59 if (err) 59 if (err)
60 goto error_nolock; 60 goto error_nolock;
@@ -85,7 +85,7 @@ static int xfrm4_output_one(struct sk_buff *skb)
85 } 85 }
86 dst = skb->dst; 86 dst = skb->dst;
87 x = dst->xfrm; 87 x = dst->xfrm;
88 } while (x && !x->props.mode); 88 } while (x && (x->props.mode != XFRM_MODE_TUNNEL));
89 89
90 IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED; 90 IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED;
91 err = 0; 91 err = 0;
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 8f50eae47d03..a5bed741de2c 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -96,7 +96,7 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
96 96
97 dst1->next = dst_prev; 97 dst1->next = dst_prev;
98 dst_prev = dst1; 98 dst_prev = dst1;
99 if (xfrm[i]->props.mode) { 99 if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {
100 remote = xfrm[i]->id.daddr.a4; 100 remote = xfrm[i]->id.daddr.a4;
101 local = xfrm[i]->props.saddr.a4; 101 local = xfrm[i]->props.saddr.a4;
102 tunnel = 1; 102 tunnel = 1;
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c
index 81e1751c966e..97b0c7589711 100644
--- a/net/ipv4/xfrm4_state.c
+++ b/net/ipv4/xfrm4_state.c
@@ -42,7 +42,7 @@ __xfrm4_init_tempsel(struct xfrm_state *x, struct flowi *fl,
42 x->props.saddr = tmpl->saddr; 42 x->props.saddr = tmpl->saddr;
43 if (x->props.saddr.a4 == 0) 43 if (x->props.saddr.a4 == 0)
44 x->props.saddr.a4 = saddr->a4; 44 x->props.saddr.a4 = saddr->a4;
45 if (tmpl->mode && x->props.saddr.a4 == 0) { 45 if (tmpl->mode == XFRM_MODE_TUNNEL && x->props.saddr.a4 == 0) {
46 struct rtable *rt; 46 struct rtable *rt;
47 struct flowi fl_tunnel = { 47 struct flowi fl_tunnel = {
48 .nl_u = { 48 .nl_u = {
diff --git a/net/ipv4/xfrm4_tunnel.c b/net/ipv4/xfrm4_tunnel.c
index f8ceaa127c83..f110af5b1319 100644
--- a/net/ipv4/xfrm4_tunnel.c
+++ b/net/ipv4/xfrm4_tunnel.c
@@ -28,7 +28,7 @@ static int ipip_xfrm_rcv(struct xfrm_state *x, struct sk_buff *skb)
28 28
29static int ipip_init_state(struct xfrm_state *x) 29static int ipip_init_state(struct xfrm_state *x)
30{ 30{
31 if (!x->props.mode) 31 if (x->props.mode != XFRM_MODE_TUNNEL)
32 return -EINVAL; 32 return -EINVAL;
33 33
34 if (x->encap) 34 if (x->encap)
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index 00ffa7bc6c9f..60954fc7eb36 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -398,7 +398,7 @@ static int ah6_init_state(struct xfrm_state *x)
398 goto error; 398 goto error;
399 399
400 x->props.header_len = XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_trunc_len); 400 x->props.header_len = XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_trunc_len);
401 if (x->props.mode) 401 if (x->props.mode == XFRM_MODE_TUNNEL)
402 x->props.header_len += sizeof(struct ipv6hdr); 402 x->props.header_len += sizeof(struct ipv6hdr);
403 x->data = ahp; 403 x->data = ahp;
404 404
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 2ebfd281e721..2b8e52e1d0ab 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -237,7 +237,7 @@ static u32 esp6_get_max_size(struct xfrm_state *x, int mtu)
237 struct esp_data *esp = x->data; 237 struct esp_data *esp = x->data;
238 u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4); 238 u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4);
239 239
240 if (x->props.mode) { 240 if (x->props.mode == XFRM_MODE_TUNNEL) {
241 mtu = ALIGN(mtu + 2, blksize); 241 mtu = ALIGN(mtu + 2, blksize);
242 } else { 242 } else {
243 /* The worst case. */ 243 /* The worst case. */
@@ -358,7 +358,7 @@ static int esp6_init_state(struct xfrm_state *x)
358 if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len)) 358 if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))
359 goto error; 359 goto error;
360 x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; 360 x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
361 if (x->props.mode) 361 if (x->props.mode == XFRM_MODE_TUNNEL)
362 x->props.header_len += sizeof(struct ipv6hdr); 362 x->props.header_len += sizeof(struct ipv6hdr);
363 x->data = esp; 363 x->data = esp;
364 return 0; 364 return 0;
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
index a81e9e9d93bd..19eba8d9f851 100644
--- a/net/ipv6/ipcomp6.c
+++ b/net/ipv6/ipcomp6.c
@@ -212,7 +212,7 @@ static struct xfrm_state *ipcomp6_tunnel_create(struct xfrm_state *x)
212 memcpy(t->id.daddr.a6, x->id.daddr.a6, sizeof(struct in6_addr)); 212 memcpy(t->id.daddr.a6, x->id.daddr.a6, sizeof(struct in6_addr));
213 memcpy(&t->sel, &x->sel, sizeof(t->sel)); 213 memcpy(&t->sel, &x->sel, sizeof(t->sel));
214 t->props.family = AF_INET6; 214 t->props.family = AF_INET6;
215 t->props.mode = 1; 215 t->props.mode = XFRM_MODE_TUNNEL;
216 memcpy(t->props.saddr.a6, x->props.saddr.a6, sizeof(struct in6_addr)); 216 memcpy(t->props.saddr.a6, x->props.saddr.a6, sizeof(struct in6_addr));
217 217
218 if (xfrm_init_state(t)) 218 if (xfrm_init_state(t))
@@ -417,7 +417,7 @@ static int ipcomp6_init_state(struct xfrm_state *x)
417 goto out; 417 goto out;
418 418
419 x->props.header_len = 0; 419 x->props.header_len = 0;
420 if (x->props.mode) 420 if (x->props.mode == XFRM_MODE_TUNNEL)
421 x->props.header_len += sizeof(struct ipv6hdr); 421 x->props.header_len += sizeof(struct ipv6hdr);
422 422
423 mutex_lock(&ipcomp6_resource_mutex); 423 mutex_lock(&ipcomp6_resource_mutex);
@@ -429,7 +429,7 @@ static int ipcomp6_init_state(struct xfrm_state *x)
429 goto error; 429 goto error;
430 mutex_unlock(&ipcomp6_resource_mutex); 430 mutex_unlock(&ipcomp6_resource_mutex);
431 431
432 if (x->props.mode) { 432 if (x->props.mode == XFRM_MODE_TUNNEL) {
433 err = ipcomp6_tunnel_attach(x); 433 err = ipcomp6_tunnel_attach(x);
434 if (err) 434 if (err)
435 goto error_tunnel; 435 goto error_tunnel;
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c
index 0405d74ff910..ee2f6b3908b6 100644
--- a/net/ipv6/xfrm6_input.c
+++ b/net/ipv6/xfrm6_input.c
@@ -72,7 +72,7 @@ int xfrm6_rcv_spi(struct sk_buff *skb, u32 spi)
72 if (x->mode->input(x, skb)) 72 if (x->mode->input(x, skb))
73 goto drop; 73 goto drop;
74 74
75 if (x->props.mode) { /* XXX */ 75 if (x->props.mode == XFRM_MODE_TUNNEL) { /* XXX */
76 decaps = 1; 76 decaps = 1;
77 break; 77 break;
78 } 78 }
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index 6d111743e508..26f18869f77b 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -47,7 +47,7 @@ static int xfrm6_output_one(struct sk_buff *skb)
47 goto error_nolock; 47 goto error_nolock;
48 } 48 }
49 49
50 if (x->props.mode) { 50 if (x->props.mode == XFRM_MODE_TUNNEL) {
51 err = xfrm6_tunnel_check_size(skb); 51 err = xfrm6_tunnel_check_size(skb);
52 if (err) 52 if (err)
53 goto error_nolock; 53 goto error_nolock;
@@ -80,7 +80,7 @@ static int xfrm6_output_one(struct sk_buff *skb)
80 } 80 }
81 dst = skb->dst; 81 dst = skb->dst;
82 x = dst->xfrm; 82 x = dst->xfrm;
83 } while (x && !x->props.mode); 83 } while (x && (x->props.mode != XFRM_MODE_TUNNEL));
84 84
85 IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED; 85 IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED;
86 err = 0; 86 err = 0;
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 73cd250aecbb..81355bb50328 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -114,7 +114,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
114 114
115 dst1->next = dst_prev; 115 dst1->next = dst_prev;
116 dst_prev = dst1; 116 dst_prev = dst1;
117 if (xfrm[i]->props.mode) { 117 if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {
118 remote = (struct in6_addr*)&xfrm[i]->id.daddr; 118 remote = (struct in6_addr*)&xfrm[i]->id.daddr;
119 local = (struct in6_addr*)&xfrm[i]->props.saddr; 119 local = (struct in6_addr*)&xfrm[i]->props.saddr;
120 tunnel = 1; 120 tunnel = 1;
diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index b33296b3f6de..a1a1f5476442 100644
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -42,7 +42,7 @@ __xfrm6_init_tempsel(struct xfrm_state *x, struct flowi *fl,
42 memcpy(&x->props.saddr, &tmpl->saddr, sizeof(x->props.saddr)); 42 memcpy(&x->props.saddr, &tmpl->saddr, sizeof(x->props.saddr));
43 if (ipv6_addr_any((struct in6_addr*)&x->props.saddr)) 43 if (ipv6_addr_any((struct in6_addr*)&x->props.saddr))
44 memcpy(&x->props.saddr, saddr, sizeof(x->props.saddr)); 44 memcpy(&x->props.saddr, saddr, sizeof(x->props.saddr));
45 if (tmpl->mode && ipv6_addr_any((struct in6_addr*)&x->props.saddr)) { 45 if (tmpl->mode == XFRM_MODE_TUNNEL && ipv6_addr_any((struct in6_addr*)&x->props.saddr)) {
46 struct rt6_info *rt; 46 struct rt6_info *rt;
47 struct flowi fl_tunnel = { 47 struct flowi fl_tunnel = {
48 .nl_u = { 48 .nl_u = {
diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c
index c8f9369c2a87..59685ee8f700 100644
--- a/net/ipv6/xfrm6_tunnel.c
+++ b/net/ipv6/xfrm6_tunnel.c
@@ -307,7 +307,7 @@ static int xfrm6_tunnel_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
307 307
308static int xfrm6_tunnel_init_state(struct xfrm_state *x) 308static int xfrm6_tunnel_init_state(struct xfrm_state *x)
309{ 309{
310 if (!x->props.mode) 310 if (x->props.mode != XFRM_MODE_TUNNEL)
311 return -EINVAL; 311 return -EINVAL;
312 312
313 if (x->encap) 313 if (x->encap)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 797c744a8438..19e047b0e678 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1765,7 +1765,7 @@ parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1765 } 1765 }
1766 1766
1767 /* addresses present only in tunnel mode */ 1767 /* addresses present only in tunnel mode */
1768 if (t->mode) { 1768 if (t->mode == XFRM_MODE_TUNNEL) {
1769 switch (xp->family) { 1769 switch (xp->family) {
1770 case AF_INET: 1770 case AF_INET:
1771 sin = (void*)(rq+1); 1771 sin = (void*)(rq+1);
@@ -1997,7 +1997,7 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i
1997 int req_size; 1997 int req_size;
1998 1998
1999 req_size = sizeof(struct sadb_x_ipsecrequest); 1999 req_size = sizeof(struct sadb_x_ipsecrequest);
2000 if (t->mode) 2000 if (t->mode == XFRM_MODE_TUNNEL)
2001 req_size += 2*socklen; 2001 req_size += 2*socklen;
2002 else 2002 else
2003 size -= 2*socklen; 2003 size -= 2*socklen;
@@ -2013,7 +2013,7 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i
2013 if (t->optional) 2013 if (t->optional)
2014 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE; 2014 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE;
2015 rq->sadb_x_ipsecrequest_reqid = t->reqid; 2015 rq->sadb_x_ipsecrequest_reqid = t->reqid;
2016 if (t->mode) { 2016 if (t->mode == XFRM_MODE_TUNNEL) {
2017 switch (xp->family) { 2017 switch (xp->family) {
2018 case AF_INET: 2018 case AF_INET:
2019 sin = (void*)(rq+1); 2019 sin = (void*)(rq+1);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 32c963c90573..a0d58971391d 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -779,7 +779,7 @@ xfrm_tmpl_resolve(struct xfrm_policy *policy, struct flowi *fl,
779 xfrm_address_t *local = saddr; 779 xfrm_address_t *local = saddr;
780 struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i]; 780 struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i];
781 781
782 if (tmpl->mode) { 782 if (tmpl->mode == XFRM_MODE_TUNNEL) {
783 remote = &tmpl->id.daddr; 783 remote = &tmpl->id.daddr;
784 local = &tmpl->saddr; 784 local = &tmpl->saddr;
785 } 785 }
@@ -1005,7 +1005,8 @@ xfrm_state_ok(struct xfrm_tmpl *tmpl, struct xfrm_state *x,
1005 (x->props.reqid == tmpl->reqid || !tmpl->reqid) && 1005 (x->props.reqid == tmpl->reqid || !tmpl->reqid) &&
1006 x->props.mode == tmpl->mode && 1006 x->props.mode == tmpl->mode &&
1007 (tmpl->aalgos & (1<<x->props.aalgo)) && 1007 (tmpl->aalgos & (1<<x->props.aalgo)) &&
1008 !(x->props.mode && xfrm_state_addr_cmp(tmpl, x, family)); 1008 !(x->props.mode != XFRM_MODE_TRANSPORT &&
1009 xfrm_state_addr_cmp(tmpl, x, family));
1009} 1010}
1010 1011
1011static inline int 1012static inline int
@@ -1015,14 +1016,14 @@ xfrm_policy_ok(struct xfrm_tmpl *tmpl, struct sec_path *sp, int start,
1015 int idx = start; 1016 int idx = start;
1016 1017
1017 if (tmpl->optional) { 1018 if (tmpl->optional) {
1018 if (!tmpl->mode) 1019 if (tmpl->mode == XFRM_MODE_TRANSPORT)
1019 return start; 1020 return start;
1020 } else 1021 } else
1021 start = -1; 1022 start = -1;
1022 for (; idx < sp->len; idx++) { 1023 for (; idx < sp->len; idx++) {
1023 if (xfrm_state_ok(tmpl, sp->xvec[idx], family)) 1024 if (xfrm_state_ok(tmpl, sp->xvec[idx], family))
1024 return ++idx; 1025 return ++idx;
1025 if (sp->xvec[idx]->props.mode) 1026 if (sp->xvec[idx]->props.mode != XFRM_MODE_TRANSPORT)
1026 break; 1027 break;
1027 } 1028 }
1028 return start; 1029 return start;
@@ -1047,7 +1048,7 @@ EXPORT_SYMBOL(xfrm_decode_session);
1047static inline int secpath_has_tunnel(struct sec_path *sp, int k) 1048static inline int secpath_has_tunnel(struct sec_path *sp, int k)
1048{ 1049{
1049 for (; k < sp->len; k++) { 1050 for (; k < sp->len; k++) {
1050 if (sp->xvec[k]->props.mode) 1051 if (sp->xvec[k]->props.mode != XFRM_MODE_TRANSPORT)
1051 return 1; 1052 return 1;
1052 } 1053 }
1053 1054
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index f70e158874d2..0d580ac19771 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -174,8 +174,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
174 174
175 err = -EINVAL; 175 err = -EINVAL;
176 switch (p->mode) { 176 switch (p->mode) {
177 case 0: 177 case XFRM_MODE_TRANSPORT:
178 case 1: 178 case XFRM_MODE_TUNNEL:
179 break; 179 break;
180 180
181 default: 181 default: