[IPSEC] proto: Move transport mode input path into xfrm_mode_transport

Now that we have xfrm_mode objects we can move the transport mode specific input decapsulation code into xfrm_mode_transport. This removes duplicate code as well as unnecessary header movement in case of tunnel mode SAs since we will discard the original IP header immediately. This also fixes a minor bug for transport-mode ESP where the IP payload length is set to the correct value minus the header length (with extension headers for IPv6). Of course the other neat thing is that we no longer have to allocate temporary buffers to hold the IP headers for ESP and IPComp. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Herbert Xu <herbert@gondor.apana.org.au> 2006-05-28 02:06:13 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-06-18 00:28:41 -0400
commit: 31a4ab93025719e62e7cf7ce899f71c34ecde5a0 (patch)
tree: 60404c5fd1124882753b38e334656a15f8de0804 /net/ipv4/esp4.c
parent: b59f45d0b2878ab76f8053b0973654e6621828ee (diff)
1 files changed, 6 insertions, 12 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 9d1881c07a32..9bbdd4494551 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -143,10 +143,9 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
        int alen = esp->auth.icv_trunc_len;
        int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen;
        int nfrags;
-        int encap_len = 0;
+        int ihl;
        u8 nexthdr[2];
        struct scatterlist *sg;
-        u8 workbuf[60];
        int padlen;
        if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr)))
@@ -177,7 +176,6 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
        skb->ip_summed = CHECKSUM_NONE;
        esph = (struct ip_esp_hdr*)skb->data;
-        iph = skb->nh.iph;
        /* Get ivec. This can be wrong, check against another impls. */
        if (esp->conf.ivlen)
@@ -204,12 +202,12 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
        /* ... check padding bits here. Silly. :-) */ 
+        iph = skb->nh.iph;
+        ihl = iph->ihl * 4;
        if (x->encap) {
                struct xfrm_encap_tmpl *encap = x->encap;
-                struct udphdr *uh;
+                struct udphdr *uh = (void *)(skb->nh.raw + ihl);
-                uh = (struct udphdr *)(iph + 1);
-                encap_len = (void*)esph - (void*)uh;
                /*
                 * 1) if the NAT-T peer's IP or port changed then
@@ -246,11 +244,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
        iph->protocol = nexthdr[1];
        pskb_trim(skb, skb->len - alen - padlen - 2);
-        memcpy(workbuf, skb->nh.raw, iph->ihl*4);
+        skb->h.raw = __skb_pull(skb, sizeof(*esph) + esp->conf.ivlen) - ihl;
-        skb->h.raw = skb_pull(skb, sizeof(struct ip_esp_hdr) + esp->conf.ivlen);
-        skb->nh.raw += encap_len + sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
-        memcpy(skb->nh.raw, workbuf, iph->ihl*4);
-        skb->nh.iph->tot_len = htons(skb->len);
        return 0;
author	Herbert Xu <herbert@gondor.apana.org.au>	2006-05-28 02:06:13 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-06-18 00:28:41 -0400
commit	31a4ab93025719e62e7cf7ce899f71c34ecde5a0 (patch)
tree	60404c5fd1124882753b38e334656a15f8de0804 /net/ipv4/esp4.c
parent	b59f45d0b2878ab76f8053b0973654e6621828ee (diff)