diff options
| author | Diego Beltrami <diego.beltrami@gmail.com> | 2006-10-04 02:47:05 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-10-04 03:31:09 -0400 |
| commit | 0a69452cb45add0841c2bc1e75c25f6bd4f1d8d9 (patch) | |
| tree | 17906377f0f55c809126932e3a0e4b9bb972739c /net/ipv4/esp4.c | |
| parent | 80246ab36ec8baf7d107254adb166baa555a59f8 (diff) | |
[XFRM]: BEET mode
This patch introduces the BEET mode (Bound End-to-End Tunnel) with as
specified by the ietf draft at the following link:
http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-06.txt
The patch provides only single family support (i.e. inner family =
outer family).
Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com>
Signed-off-by: Miika Komu <miika@iki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Abhinav Pathak <abhinav.pathak@hiit.fi>
Signed-off-by: Jeff Ahrenholz <ahrenholz@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/esp4.c')
| -rw-r--r-- | net/ipv4/esp4.c | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 13b29360d102..b5c205b57669 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
| @@ -253,7 +253,8 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) | |||
| 253 | * as per draft-ietf-ipsec-udp-encaps-06, | 253 | * as per draft-ietf-ipsec-udp-encaps-06, |
| 254 | * section 3.1.2 | 254 | * section 3.1.2 |
| 255 | */ | 255 | */ |
| 256 | if (x->props.mode == XFRM_MODE_TRANSPORT) | 256 | if (x->props.mode == XFRM_MODE_TRANSPORT || |
| 257 | x->props.mode == XFRM_MODE_BEET) | ||
| 257 | skb->ip_summed = CHECKSUM_UNNECESSARY; | 258 | skb->ip_summed = CHECKSUM_UNNECESSARY; |
| 258 | } | 259 | } |
| 259 | 260 | ||
| @@ -271,17 +272,28 @@ static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) | |||
| 271 | { | 272 | { |
| 272 | struct esp_data *esp = x->data; | 273 | struct esp_data *esp = x->data; |
| 273 | u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4); | 274 | u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4); |
| 274 | 275 | int enclen = 0; | |
| 275 | if (x->props.mode == XFRM_MODE_TUNNEL) { | 276 | |
| 276 | mtu = ALIGN(mtu + 2, blksize); | 277 | switch (x->props.mode) { |
| 277 | } else { | 278 | case XFRM_MODE_TUNNEL: |
| 278 | /* The worst case. */ | 279 | mtu = ALIGN(mtu +2, blksize); |
| 280 | break; | ||
| 281 | default: | ||
| 282 | case XFRM_MODE_TRANSPORT: | ||
| 283 | /* The worst case */ | ||
| 279 | mtu = ALIGN(mtu + 2, 4) + blksize - 4; | 284 | mtu = ALIGN(mtu + 2, 4) + blksize - 4; |
| 285 | break; | ||
| 286 | case XFRM_MODE_BEET: | ||
| 287 | /* The worst case. */ | ||
| 288 | enclen = IPV4_BEET_PHMAXLEN; | ||
| 289 | mtu = ALIGN(mtu + enclen + 2, blksize); | ||
| 290 | break; | ||
| 280 | } | 291 | } |
| 292 | |||
| 281 | if (esp->conf.padlen) | 293 | if (esp->conf.padlen) |
| 282 | mtu = ALIGN(mtu, esp->conf.padlen); | 294 | mtu = ALIGN(mtu, esp->conf.padlen); |
| 283 | 295 | ||
| 284 | return mtu + x->props.header_len + esp->auth.icv_trunc_len; | 296 | return mtu + x->props.header_len + esp->auth.icv_trunc_len - enclen; |
| 285 | } | 297 | } |
| 286 | 298 | ||
| 287 | static void esp4_err(struct sk_buff *skb, u32 info) | 299 | static void esp4_err(struct sk_buff *skb, u32 info) |