[IPSEC]: Move IP length/checksum setting out of transforms

This patch moves the setting of the IP length and checksum fields out of the transforms and into the xfrmX_output functions. This would help future efforts in merging the transforms themselves. It also adds an optimisation to ipcomp due to the fact that the transport offset is guaranteed to be zero. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Herbert Xu <herbert@gondor.apana.org.au> 2007-10-10 18:45:52 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2007-10-10 19:55:56 -0400
commit: ceb1eec8291175686d0208e66595ff83bc0624e2 (patch)
tree: 83a7fdc7d292f1dbb80f32563d9573810bfe6e42 /net/ipv6
parent: 87bdc48d304191313203df9b98d783e1ab5a55ab (diff)
7 files changed, 11 insertions, 28 deletions
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index a64295d164ea..9eb928598351 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -43,7 +43,6 @@
 static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
 {
        int err;
-        struct ipv6hdr *top_iph;
        struct ip_esp_hdr *esph;
        struct crypto_blkcipher *tfm;
        struct blkcipher_desc desc;
@@ -85,9 +84,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
        pskb_put(skb, trailer, clen - skb->len);
        skb_push(skb, -skb_network_offset(skb));
-        top_iph = ipv6_hdr(skb);
        esph = ip_esp_hdr(skb);
-        top_iph->payload_len = htons(skb->len + alen - sizeof(*top_iph));
        *(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb);
        *skb_mac_header(skb) = IPPROTO_ESP;
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
index 8f3f32faaf4c..28fc8edfdc3a 100644
--- a/net/ipv6/ipcomp6.c
+++ b/net/ipv6/ipcomp6.c
@@ -119,20 +119,15 @@ out:
 static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb)
 {
        int err;
-        struct ipv6hdr *top_iph;
        struct ip_comp_hdr *ipch;
        struct ipcomp_data *ipcd = x->data;
        int plen, dlen;
        u8 *start, *scratch;
        struct crypto_comp *tfm;
        int cpu;
-        int hdr_len;
-        skb_push(skb, -skb_network_offset(skb));
-        hdr_len = skb_transport_offset(skb);
        /* check whether datagram len is larger than threshold */
-        if ((skb->len - hdr_len) < ipcd->threshold) {
+        if (skb->len < ipcd->threshold) {
                goto out_ok;
        }
@@ -140,9 +135,9 @@ static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb)
                goto out_ok;
        /* compression */
-        plen = skb->len - hdr_len;
+        plen = skb->len;
        dlen = IPCOMP_SCRATCH_SIZE;
-        start = skb_transport_header(skb);
+        start = skb->data;
        cpu = get_cpu();
        scratch = *per_cpu_ptr(ipcomp6_scratches, cpu);
@@ -155,13 +150,9 @@ static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb)
        }
        memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
        put_cpu();
-        pskb_trim(skb, hdr_len + dlen + sizeof(struct ip_comp_hdr));
+        pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr));
        /* insert ipcomp header and replace datagram */
-        top_iph = ipv6_hdr(skb);
-        top_iph->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
        ipch = ip_comp_hdr(skb);
        ipch->nexthdr = *skb_mac_header(skb);
        ipch->flags = 0;
@@ -169,6 +160,8 @@ static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb)
        *skb_mac_header(skb) = IPPROTO_COMP;
 out_ok:
+        skb_push(skb, -skb_network_offset(skb));
        return 0;
 }
diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c
index 0e7a60f7393a..7fd841d41019 100644
--- a/net/ipv6/mip6.c
+++ b/net/ipv6/mip6.c
@@ -155,7 +155,6 @@ static int mip6_destopt_output(struct xfrm_state *x, struct sk_buff *skb)
        skb_push(skb, -skb_network_offset(skb));
        iph = ipv6_hdr(skb);
-        iph->payload_len = htons(skb->len - sizeof(*iph));
        nexthdr = *skb_mac_header(skb);
        *skb_mac_header(skb) = IPPROTO_DSTOPTS;
@@ -370,7 +369,6 @@ static int mip6_rthdr_output(struct xfrm_state *x, struct sk_buff *skb)
        skb_push(skb, -skb_network_offset(skb));
        iph = ipv6_hdr(skb);
-        iph->payload_len = htons(skb->len - sizeof(*iph));
        nexthdr = *skb_mac_header(skb);
        *skb_mac_header(skb) = IPPROTO_ROUTING;
diff --git a/net/ipv6/xfrm6_mode_beet.c b/net/ipv6/xfrm6_mode_beet.c
index 42c6ef839e59..13bb1e856764 100644
--- a/net/ipv6/xfrm6_mode_beet.c
+++ b/net/ipv6/xfrm6_mode_beet.c
@@ -22,8 +22,6 @@
 /* Add encapsulation header.
 *
 * The top IP header will be constructed per draft-nikander-esp-beet-mode-06.txt.
- * The following fields in it shall be filled in by x->type->output:
- *      payload_len
 */
 static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb)
 {
diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c
index e79c6bdf71c1..ea2283879112 100644
--- a/net/ipv6/xfrm6_mode_tunnel.c
+++ b/net/ipv6/xfrm6_mode_tunnel.c
@@ -33,9 +33,7 @@ static inline void ip6ip_ecn_decapsulate(struct sk_buff *skb)
 /* Add encapsulation header.
 *
- * The top IP header will be constructed per RFC 2401.  The following fields
+ * The top IP header will be constructed per RFC 2401.
- * in it shall be filled in by x->type->output:
- *      payload_len
 */
 static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
 {
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index f21596f89984..4618c18e611d 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -47,6 +47,7 @@ static inline int xfrm6_output_one(struct sk_buff *skb)
 {
        struct dst_entry *dst = skb->dst;
        struct xfrm_state *x = dst->xfrm;
+        struct ipv6hdr *iph;
        int err;
        if (x->props.mode == XFRM_MODE_TUNNEL) {
@@ -59,6 +60,9 @@ static inline int xfrm6_output_one(struct sk_buff *skb)
        if (err)
                goto error_nolock;
+        iph = ipv6_hdr(skb);
+        iph->payload_len = htons(skb->len - sizeof(*iph));
        IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED;
        err = 0;
diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c
index 00a1a3e5237c..3f8a3abde67e 100644
--- a/net/ipv6/xfrm6_tunnel.c
+++ b/net/ipv6/xfrm6_tunnel.c
@@ -242,12 +242,7 @@ EXPORT_SYMBOL(xfrm6_tunnel_free_spi);
 static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
 {
-        struct ipv6hdr *top_iph;
        skb_push(skb, -skb_network_offset(skb));
-        top_iph = ipv6_hdr(skb);
-        top_iph->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
        return 0;
 }
author	Herbert Xu <herbert@gondor.apana.org.au>	2007-10-10 18:45:52 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2007-10-10 19:55:56 -0400
commit	ceb1eec8291175686d0208e66595ff83bc0624e2 (patch)
tree	83a7fdc7d292f1dbb80f32563d9573810bfe6e42 /net/ipv6
parent	87bdc48d304191313203df9b98d783e1ab5a55ab (diff)