diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-10-10 18:45:25 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:55:55 -0400 |
commit | 87bdc48d304191313203df9b98d783e1ab5a55ab (patch) | |
tree | 32f7bfb3a5fa7fe373f11e0ddadd95b6bcd9bd4f /net/ipv4 | |
parent | 37fedd3aab6517daec628764c5d66dd8761fbe5f (diff) |
[IPSEC]: Get rid of ipv6_{auth,esp,comp}_hdr
This patch removes the duplicate ipv6_{auth,esp,comp}_hdr structures since
they're identical to the IPv4 versions. Duplicating them would only create
problems for ourselves later when we need to add things like extended
sequence numbers.
I've also added transport header type conversion headers for these types
which are now used by the transforms.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/ah4.c | 18 | ||||
-rw-r--r-- | net/ipv4/esp4.c | 10 | ||||
-rw-r--r-- | net/ipv4/ipcomp.c | 2 |
3 files changed, 15 insertions, 15 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index e4f7aa39978d..d69706405d58 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c | |||
@@ -82,7 +82,7 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb) | |||
82 | goto error; | 82 | goto error; |
83 | } | 83 | } |
84 | 84 | ||
85 | ah = (struct ip_auth_hdr *)skb_transport_header(skb); | 85 | ah = ip_auth_hdr(skb); |
86 | ah->nexthdr = *skb_mac_header(skb); | 86 | ah->nexthdr = *skb_mac_header(skb); |
87 | *skb_mac_header(skb) = IPPROTO_AH; | 87 | *skb_mac_header(skb) = IPPROTO_AH; |
88 | 88 | ||
@@ -93,8 +93,7 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb) | |||
93 | top_iph->check = 0; | 93 | top_iph->check = 0; |
94 | 94 | ||
95 | ahp = x->data; | 95 | ahp = x->data; |
96 | ah->hdrlen = (XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + | 96 | ah->hdrlen = (XFRM_ALIGN8(sizeof(*ah) + ahp->icv_trunc_len) >> 2) - 2; |
97 | ahp->icv_trunc_len) >> 2) - 2; | ||
98 | 97 | ||
99 | ah->reserved = 0; | 98 | ah->reserved = 0; |
100 | ah->spi = x->id.spi; | 99 | ah->spi = x->id.spi; |
@@ -134,15 +133,15 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb) | |||
134 | struct ah_data *ahp; | 133 | struct ah_data *ahp; |
135 | char work_buf[60]; | 134 | char work_buf[60]; |
136 | 135 | ||
137 | if (!pskb_may_pull(skb, sizeof(struct ip_auth_hdr))) | 136 | if (!pskb_may_pull(skb, sizeof(*ah))) |
138 | goto out; | 137 | goto out; |
139 | 138 | ||
140 | ah = (struct ip_auth_hdr*)skb->data; | 139 | ah = (struct ip_auth_hdr *)skb->data; |
141 | ahp = x->data; | 140 | ahp = x->data; |
142 | ah_hlen = (ah->hdrlen + 2) << 2; | 141 | ah_hlen = (ah->hdrlen + 2) << 2; |
143 | 142 | ||
144 | if (ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_full_len) && | 143 | if (ah_hlen != XFRM_ALIGN8(sizeof(*ah) + ahp->icv_full_len) && |
145 | ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len)) | 144 | ah_hlen != XFRM_ALIGN8(sizeof(*ah) + ahp->icv_trunc_len)) |
146 | goto out; | 145 | goto out; |
147 | 146 | ||
148 | if (!pskb_may_pull(skb, ah_hlen)) | 147 | if (!pskb_may_pull(skb, ah_hlen)) |
@@ -156,7 +155,7 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb) | |||
156 | 155 | ||
157 | skb->ip_summed = CHECKSUM_NONE; | 156 | skb->ip_summed = CHECKSUM_NONE; |
158 | 157 | ||
159 | ah = (struct ip_auth_hdr*)skb->data; | 158 | ah = (struct ip_auth_hdr *)skb->data; |
160 | iph = ip_hdr(skb); | 159 | iph = ip_hdr(skb); |
161 | 160 | ||
162 | ihl = skb->data - skb_network_header(skb); | 161 | ihl = skb->data - skb_network_header(skb); |
@@ -266,7 +265,8 @@ static int ah_init_state(struct xfrm_state *x) | |||
266 | if (!ahp->work_icv) | 265 | if (!ahp->work_icv) |
267 | goto error; | 266 | goto error; |
268 | 267 | ||
269 | x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len); | 268 | x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + |
269 | ahp->icv_trunc_len); | ||
270 | if (x->props.mode == XFRM_MODE_TUNNEL) | 270 | if (x->props.mode == XFRM_MODE_TUNNEL) |
271 | x->props.header_len += sizeof(struct iphdr); | 271 | x->props.header_len += sizeof(struct iphdr); |
272 | x->data = ahp; | 272 | x->data = ahp; |
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 93153d105619..66eb4968b910 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
@@ -60,7 +60,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
60 | 60 | ||
61 | skb_push(skb, -skb_network_offset(skb)); | 61 | skb_push(skb, -skb_network_offset(skb)); |
62 | top_iph = ip_hdr(skb); | 62 | top_iph = ip_hdr(skb); |
63 | esph = (struct ip_esp_hdr *)skb_transport_header(skb); | 63 | esph = ip_esp_hdr(skb); |
64 | top_iph->tot_len = htons(skb->len + alen); | 64 | top_iph->tot_len = htons(skb->len + alen); |
65 | *(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb); | 65 | *(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb); |
66 | *skb_mac_header(skb) = IPPROTO_ESP; | 66 | *skb_mac_header(skb) = IPPROTO_ESP; |
@@ -157,7 +157,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) | |||
157 | struct sk_buff *trailer; | 157 | struct sk_buff *trailer; |
158 | int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4); | 158 | int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4); |
159 | int alen = esp->auth.icv_trunc_len; | 159 | int alen = esp->auth.icv_trunc_len; |
160 | int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen; | 160 | int elen = skb->len - sizeof(*esph) - esp->conf.ivlen - alen; |
161 | int nfrags; | 161 | int nfrags; |
162 | int ihl; | 162 | int ihl; |
163 | u8 nexthdr[2]; | 163 | u8 nexthdr[2]; |
@@ -165,7 +165,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) | |||
165 | int padlen; | 165 | int padlen; |
166 | int err; | 166 | int err; |
167 | 167 | ||
168 | if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr))) | 168 | if (!pskb_may_pull(skb, sizeof(*esph))) |
169 | goto out; | 169 | goto out; |
170 | 170 | ||
171 | if (elen <= 0 || (elen & (blksize-1))) | 171 | if (elen <= 0 || (elen & (blksize-1))) |
@@ -193,7 +193,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) | |||
193 | 193 | ||
194 | skb->ip_summed = CHECKSUM_NONE; | 194 | skb->ip_summed = CHECKSUM_NONE; |
195 | 195 | ||
196 | esph = (struct ip_esp_hdr*)skb->data; | 196 | esph = (struct ip_esp_hdr *)skb->data; |
197 | 197 | ||
198 | /* Get ivec. This can be wrong, check against another impls. */ | 198 | /* Get ivec. This can be wrong, check against another impls. */ |
199 | if (esp->conf.ivlen) | 199 | if (esp->conf.ivlen) |
@@ -206,7 +206,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) | |||
206 | if (!sg) | 206 | if (!sg) |
207 | goto out; | 207 | goto out; |
208 | } | 208 | } |
209 | skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen); | 209 | skb_to_sgvec(skb, sg, sizeof(*esph) + esp->conf.ivlen, elen); |
210 | err = crypto_blkcipher_decrypt(&desc, sg, sg, elen); | 210 | err = crypto_blkcipher_decrypt(&desc, sg, sg, elen); |
211 | if (unlikely(sg != &esp->sgbuf[0])) | 211 | if (unlikely(sg != &esp->sgbuf[0])) |
212 | kfree(sg); | 212 | kfree(sg); |
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c index bf74f64fe5fb..78d6ddb02d1d 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c | |||
@@ -154,7 +154,7 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
154 | 154 | ||
155 | /* Install ipcomp header, convert into ipcomp datagram. */ | 155 | /* Install ipcomp header, convert into ipcomp datagram. */ |
156 | iph->tot_len = htons(skb->len); | 156 | iph->tot_len = htons(skb->len); |
157 | ipch = (struct ip_comp_hdr *)skb_transport_header(skb); | 157 | ipch = ip_comp_hdr(skb); |
158 | ipch->nexthdr = *skb_mac_header(skb); | 158 | ipch->nexthdr = *skb_mac_header(skb); |
159 | ipch->flags = 0; | 159 | ipch->flags = 0; |
160 | ipch->cpi = htons((u16 )ntohl(x->id.spi)); | 160 | ipch->cpi = htons((u16 )ntohl(x->id.spi)); |