[IPSEC] xfrm: Abstract out encapsulation modes

This patch adds the structure xfrm_mode. It is meant to represent the operations carried out by transport/tunnel modes. By doing this we allow additional encapsulation modes to be added without clogging up the xfrm_input/xfrm_output paths. Candidate modes include 4-to-6 tunnel mode, 6-to-4 tunnel mode, and BEET modes. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Herbert Xu <herbert@gondor.apana.org.au> 2006-05-28 02:05:54 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-06-18 00:28:39 -0400
commit: b59f45d0b2878ab76f8053b0973654e6621828ee (patch)
tree: 40dc5e2ede2620f7935fb3dae0d0eb199851f611 /net/ipv4/xfrm4_input.c
parent: 546be2405be119ef55467aace45f337a16e5d424 (diff)
1 files changed, 2 insertions, 26 deletions
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index 3e174c83bfe7..817ed84511a6 100644
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -13,7 +13,6 @@
 #include <linux/string.h>
 #include <linux/netfilter.h>
 #include <linux/netfilter_ipv4.h>
-#include <net/inet_ecn.h>
 #include <net/ip.h>
 #include <net/xfrm.h>
@@ -24,15 +23,6 @@ int xfrm4_rcv(struct sk_buff *skb)
 EXPORT_SYMBOL(xfrm4_rcv);
-static inline void ipip_ecn_decapsulate(struct sk_buff *skb)
-{
-        struct iphdr *outer_iph = skb->nh.iph;
-        struct iphdr *inner_iph = skb->h.ipiph;
-        if (INET_ECN_is_ce(outer_iph->tos))
-                IP_ECN_set_ce(inner_iph);
-}
 static int xfrm4_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq)
 {
        switch (nexthdr) {
@@ -113,24 +103,10 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
                xfrm_vec[xfrm_nr++] = x;
-                iph = skb->nh.iph;
+                if (x->mode->input(x, skb))
+                        goto drop;
                if (x->props.mode) {
-                        if (iph->protocol != IPPROTO_IPIP)
-                                goto drop;
-                        if (!pskb_may_pull(skb, sizeof(struct iphdr)))
-                                goto drop;
-                        if (skb_cloned(skb) &&
-                            pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
-                                goto drop;
-                        if (x->props.flags & XFRM_STATE_DECAP_DSCP)
-                                ipv4_copy_dscp(iph, skb->h.ipiph);
-                        if (!(x->props.flags & XFRM_STATE_NOECN))
-                                ipip_ecn_decapsulate(skb);
-                        skb->mac.raw = memmove(skb->data - skb->mac_len,
-                                               skb->mac.raw, skb->mac_len);
-                        skb->nh.raw = skb->data;
-                        memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
                        decaps = 1;
                        break;
                }
author	Herbert Xu <herbert@gondor.apana.org.au>	2006-05-28 02:05:54 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-06-18 00:28:39 -0400
commit	b59f45d0b2878ab76f8053b0973654e6621828ee (patch)
tree	40dc5e2ede2620f7935fb3dae0d0eb199851f611 /net/ipv4/xfrm4_input.c
parent	546be2405be119ef55467aace45f337a16e5d424 (diff)

diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c index 3e174c83bfe7..817ed84511a6 100644 --- a/net/ipv4/xfrm4_input.c +++ b/net/ipv4/xfrm4_input.c
@@ -13,7 +13,6 @@
13	#include <linux/string.h>	13	#include <linux/string.h>
14	#include <linux/netfilter.h>	14	#include <linux/netfilter.h>
15	#include <linux/netfilter_ipv4.h>	15	#include <linux/netfilter_ipv4.h>
16	#include <net/inet_ecn.h>
17	#include <net/ip.h>	16	#include <net/ip.h>
18	#include <net/xfrm.h>	17	#include <net/xfrm.h>
19		18
@@ -24,15 +23,6 @@ int xfrm4_rcv(struct sk_buff *skb)
24		23
25	EXPORT_SYMBOL(xfrm4_rcv);	24	EXPORT_SYMBOL(xfrm4_rcv);
26		25
27	static inline void ipip_ecn_decapsulate(struct sk_buff *skb)
28	{
29	struct iphdr *outer_iph = skb->nh.iph;
30	struct iphdr *inner_iph = skb->h.ipiph;
31
32	if (INET_ECN_is_ce(outer_iph->tos))
33	IP_ECN_set_ce(inner_iph);
34	}
35
36	static int xfrm4_parse_spi(struct sk_buff skb, u8 nexthdr, u32 spi, u32 *seq)	26	static int xfrm4_parse_spi(struct sk_buff skb, u8 nexthdr, u32 spi, u32 *seq)
37	{	27	{
38	switch (nexthdr) {	28	switch (nexthdr) {
@@ -113,24 +103,10 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
113		103
114	xfrm_vec[xfrm_nr++] = x;	104	xfrm_vec[xfrm_nr++] = x;
115		105
116	iph = skb->nh.iph;	106	if (x->mode->input(x, skb))
		107	goto drop;
117		108
118	if (x->props.mode) {	109	if (x->props.mode) {
119	if (iph->protocol != IPPROTO_IPIP)
120	goto drop;
121	if (!pskb_may_pull(skb, sizeof(struct iphdr)))
122	goto drop;
123	if (skb_cloned(skb) &&
124	pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
125	goto drop;
126	if (x->props.flags & XFRM_STATE_DECAP_DSCP)
127	ipv4_copy_dscp(iph, skb->h.ipiph);
128	if (!(x->props.flags & XFRM_STATE_NOECN))
129	ipip_ecn_decapsulate(skb);
130	skb->mac.raw = memmove(skb->data - skb->mac_len,
131	skb->mac.raw, skb->mac_len);
132	skb->nh.raw = skb->data;
133	memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
134	decaps = 1;	110	decaps = 1;
135	break;	111	break;
136	}	112	}