aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-10-10 18:45:25 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:55:55 -0400
commit87bdc48d304191313203df9b98d783e1ab5a55ab (patch)
tree32f7bfb3a5fa7fe373f11e0ddadd95b6bcd9bd4f /net/ipv4
parent37fedd3aab6517daec628764c5d66dd8761fbe5f (diff)
[IPSEC]: Get rid of ipv6_{auth,esp,comp}_hdr
This patch removes the duplicate ipv6_{auth,esp,comp}_hdr structures since they're identical to the IPv4 versions. Duplicating them would only create problems for ourselves later when we need to add things like extended sequence numbers. I've also added transport header type conversion headers for these types which are now used by the transforms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/ah4.c18
-rw-r--r--net/ipv4/esp4.c10
-rw-r--r--net/ipv4/ipcomp.c2
3 files changed, 15 insertions, 15 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index e4f7aa39978d..d69706405d58 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -82,7 +82,7 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
82 goto error; 82 goto error;
83 } 83 }
84 84
85 ah = (struct ip_auth_hdr *)skb_transport_header(skb); 85 ah = ip_auth_hdr(skb);
86 ah->nexthdr = *skb_mac_header(skb); 86 ah->nexthdr = *skb_mac_header(skb);
87 *skb_mac_header(skb) = IPPROTO_AH; 87 *skb_mac_header(skb) = IPPROTO_AH;
88 88
@@ -93,8 +93,7 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
93 top_iph->check = 0; 93 top_iph->check = 0;
94 94
95 ahp = x->data; 95 ahp = x->data;
96 ah->hdrlen = (XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + 96 ah->hdrlen = (XFRM_ALIGN8(sizeof(*ah) + ahp->icv_trunc_len) >> 2) - 2;
97 ahp->icv_trunc_len) >> 2) - 2;
98 97
99 ah->reserved = 0; 98 ah->reserved = 0;
100 ah->spi = x->id.spi; 99 ah->spi = x->id.spi;
@@ -134,15 +133,15 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
134 struct ah_data *ahp; 133 struct ah_data *ahp;
135 char work_buf[60]; 134 char work_buf[60];
136 135
137 if (!pskb_may_pull(skb, sizeof(struct ip_auth_hdr))) 136 if (!pskb_may_pull(skb, sizeof(*ah)))
138 goto out; 137 goto out;
139 138
140 ah = (struct ip_auth_hdr*)skb->data; 139 ah = (struct ip_auth_hdr *)skb->data;
141 ahp = x->data; 140 ahp = x->data;
142 ah_hlen = (ah->hdrlen + 2) << 2; 141 ah_hlen = (ah->hdrlen + 2) << 2;
143 142
144 if (ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_full_len) && 143 if (ah_hlen != XFRM_ALIGN8(sizeof(*ah) + ahp->icv_full_len) &&
145 ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len)) 144 ah_hlen != XFRM_ALIGN8(sizeof(*ah) + ahp->icv_trunc_len))
146 goto out; 145 goto out;
147 146
148 if (!pskb_may_pull(skb, ah_hlen)) 147 if (!pskb_may_pull(skb, ah_hlen))
@@ -156,7 +155,7 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
156 155
157 skb->ip_summed = CHECKSUM_NONE; 156 skb->ip_summed = CHECKSUM_NONE;
158 157
159 ah = (struct ip_auth_hdr*)skb->data; 158 ah = (struct ip_auth_hdr *)skb->data;
160 iph = ip_hdr(skb); 159 iph = ip_hdr(skb);
161 160
162 ihl = skb->data - skb_network_header(skb); 161 ihl = skb->data - skb_network_header(skb);
@@ -266,7 +265,8 @@ static int ah_init_state(struct xfrm_state *x)
266 if (!ahp->work_icv) 265 if (!ahp->work_icv)
267 goto error; 266 goto error;
268 267
269 x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len); 268 x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
269 ahp->icv_trunc_len);
270 if (x->props.mode == XFRM_MODE_TUNNEL) 270 if (x->props.mode == XFRM_MODE_TUNNEL)
271 x->props.header_len += sizeof(struct iphdr); 271 x->props.header_len += sizeof(struct iphdr);
272 x->data = ahp; 272 x->data = ahp;
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 93153d105619..66eb4968b910 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -60,7 +60,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
60 60
61 skb_push(skb, -skb_network_offset(skb)); 61 skb_push(skb, -skb_network_offset(skb));
62 top_iph = ip_hdr(skb); 62 top_iph = ip_hdr(skb);
63 esph = (struct ip_esp_hdr *)skb_transport_header(skb); 63 esph = ip_esp_hdr(skb);
64 top_iph->tot_len = htons(skb->len + alen); 64 top_iph->tot_len = htons(skb->len + alen);
65 *(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb); 65 *(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb);
66 *skb_mac_header(skb) = IPPROTO_ESP; 66 *skb_mac_header(skb) = IPPROTO_ESP;
@@ -157,7 +157,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
157 struct sk_buff *trailer; 157 struct sk_buff *trailer;
158 int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4); 158 int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4);
159 int alen = esp->auth.icv_trunc_len; 159 int alen = esp->auth.icv_trunc_len;
160 int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen; 160 int elen = skb->len - sizeof(*esph) - esp->conf.ivlen - alen;
161 int nfrags; 161 int nfrags;
162 int ihl; 162 int ihl;
163 u8 nexthdr[2]; 163 u8 nexthdr[2];
@@ -165,7 +165,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
165 int padlen; 165 int padlen;
166 int err; 166 int err;
167 167
168 if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr))) 168 if (!pskb_may_pull(skb, sizeof(*esph)))
169 goto out; 169 goto out;
170 170
171 if (elen <= 0 || (elen & (blksize-1))) 171 if (elen <= 0 || (elen & (blksize-1)))
@@ -193,7 +193,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
193 193
194 skb->ip_summed = CHECKSUM_NONE; 194 skb->ip_summed = CHECKSUM_NONE;
195 195
196 esph = (struct ip_esp_hdr*)skb->data; 196 esph = (struct ip_esp_hdr *)skb->data;
197 197
198 /* Get ivec. This can be wrong, check against another impls. */ 198 /* Get ivec. This can be wrong, check against another impls. */
199 if (esp->conf.ivlen) 199 if (esp->conf.ivlen)
@@ -206,7 +206,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
206 if (!sg) 206 if (!sg)
207 goto out; 207 goto out;
208 } 208 }
209 skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen); 209 skb_to_sgvec(skb, sg, sizeof(*esph) + esp->conf.ivlen, elen);
210 err = crypto_blkcipher_decrypt(&desc, sg, sg, elen); 210 err = crypto_blkcipher_decrypt(&desc, sg, sg, elen);
211 if (unlikely(sg != &esp->sgbuf[0])) 211 if (unlikely(sg != &esp->sgbuf[0]))
212 kfree(sg); 212 kfree(sg);
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index bf74f64fe5fb..78d6ddb02d1d 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -154,7 +154,7 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
154 154
155 /* Install ipcomp header, convert into ipcomp datagram. */ 155 /* Install ipcomp header, convert into ipcomp datagram. */
156 iph->tot_len = htons(skb->len); 156 iph->tot_len = htons(skb->len);
157 ipch = (struct ip_comp_hdr *)skb_transport_header(skb); 157 ipch = ip_comp_hdr(skb);
158 ipch->nexthdr = *skb_mac_header(skb); 158 ipch->nexthdr = *skb_mac_header(skb);
159 ipch->flags = 0; 159 ipch->flags = 0;
160 ipch->cpi = htons((u16 )ntohl(x->id.spi)); 160 ipch->cpi = htons((u16 )ntohl(x->id.spi));