diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-10-10 18:45:25 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:55:55 -0400 |
| commit | 87bdc48d304191313203df9b98d783e1ab5a55ab (patch) | |
| tree | 32f7bfb3a5fa7fe373f11e0ddadd95b6bcd9bd4f /net/ipv6 | |
| parent | 37fedd3aab6517daec628764c5d66dd8761fbe5f (diff) | |
[IPSEC]: Get rid of ipv6_{auth,esp,comp}_hdr
This patch removes the duplicate ipv6_{auth,esp,comp}_hdr structures since
they're identical to the IPv4 versions. Duplicating them would only create
problems for ourselves later when we need to add things like extended
sequence numbers.
I've also added transport header type conversion headers for these types
which are now used by the transforms.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/ah6.c | 16 | ||||
| -rw-r--r-- | net/ipv6/esp6.c | 18 | ||||
| -rw-r--r-- | net/ipv6/ipcomp6.c | 17 |
3 files changed, 25 insertions, 26 deletions
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index ac6bae17a13b..f9f689162692 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c | |||
| @@ -270,7 +270,7 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 270 | goto error_free_iph; | 270 | goto error_free_iph; |
| 271 | } | 271 | } |
| 272 | 272 | ||
| 273 | ah = (struct ip_auth_hdr *)skb_transport_header(skb); | 273 | ah = ip_auth_hdr(skb); |
| 274 | ah->nexthdr = nexthdr; | 274 | ah->nexthdr = nexthdr; |
| 275 | 275 | ||
| 276 | top_iph->priority = 0; | 276 | top_iph->priority = 0; |
| @@ -280,8 +280,7 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 280 | top_iph->hop_limit = 0; | 280 | top_iph->hop_limit = 0; |
| 281 | 281 | ||
| 282 | ahp = x->data; | 282 | ahp = x->data; |
| 283 | ah->hdrlen = (XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + | 283 | ah->hdrlen = (XFRM_ALIGN8(sizeof(*ah) + ahp->icv_trunc_len) >> 2) - 2; |
| 284 | ahp->icv_trunc_len) >> 2) - 2; | ||
| 285 | 284 | ||
| 286 | ah->reserved = 0; | 285 | ah->reserved = 0; |
| 287 | ah->spi = x->id.spi; | 286 | ah->spi = x->id.spi; |
| @@ -327,7 +326,7 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
| 327 | * There is offset of AH before IPv6 header after the process. | 326 | * There is offset of AH before IPv6 header after the process. |
| 328 | */ | 327 | */ |
| 329 | 328 | ||
| 330 | struct ipv6_auth_hdr *ah; | 329 | struct ip_auth_hdr *ah; |
| 331 | struct ipv6hdr *ip6h; | 330 | struct ipv6hdr *ip6h; |
| 332 | struct ah_data *ahp; | 331 | struct ah_data *ahp; |
| 333 | unsigned char *tmp_hdr = NULL; | 332 | unsigned char *tmp_hdr = NULL; |
| @@ -346,13 +345,13 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
| 346 | goto out; | 345 | goto out; |
| 347 | 346 | ||
| 348 | hdr_len = skb->data - skb_network_header(skb); | 347 | hdr_len = skb->data - skb_network_header(skb); |
| 349 | ah = (struct ipv6_auth_hdr*)skb->data; | 348 | ah = (struct ip_auth_hdr *)skb->data; |
| 350 | ahp = x->data; | 349 | ahp = x->data; |
| 351 | nexthdr = ah->nexthdr; | 350 | nexthdr = ah->nexthdr; |
| 352 | ah_hlen = (ah->hdrlen + 2) << 2; | 351 | ah_hlen = (ah->hdrlen + 2) << 2; |
| 353 | 352 | ||
| 354 | if (ah_hlen != XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_full_len) && | 353 | if (ah_hlen != XFRM_ALIGN8(sizeof(*ah) + ahp->icv_full_len) && |
| 355 | ah_hlen != XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_trunc_len)) | 354 | ah_hlen != XFRM_ALIGN8(sizeof(*ah) + ahp->icv_trunc_len)) |
| 356 | goto out; | 355 | goto out; |
| 357 | 356 | ||
| 358 | if (!pskb_may_pull(skb, ah_hlen)) | 357 | if (!pskb_may_pull(skb, ah_hlen)) |
| @@ -474,7 +473,8 @@ static int ah6_init_state(struct xfrm_state *x) | |||
| 474 | if (!ahp->work_icv) | 473 | if (!ahp->work_icv) |
| 475 | goto error; | 474 | goto error; |
| 476 | 475 | ||
| 477 | x->props.header_len = XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_trunc_len); | 476 | x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + |
| 477 | ahp->icv_trunc_len); | ||
| 478 | if (x->props.mode == XFRM_MODE_TUNNEL) | 478 | if (x->props.mode == XFRM_MODE_TUNNEL) |
| 479 | x->props.header_len += sizeof(struct ipv6hdr); | 479 | x->props.header_len += sizeof(struct ipv6hdr); |
| 480 | x->data = ahp; | 480 | x->data = ahp; |
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 21c93f026dbc..a64295d164ea 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
| @@ -44,7 +44,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 44 | { | 44 | { |
| 45 | int err; | 45 | int err; |
| 46 | struct ipv6hdr *top_iph; | 46 | struct ipv6hdr *top_iph; |
| 47 | struct ipv6_esp_hdr *esph; | 47 | struct ip_esp_hdr *esph; |
| 48 | struct crypto_blkcipher *tfm; | 48 | struct crypto_blkcipher *tfm; |
| 49 | struct blkcipher_desc desc; | 49 | struct blkcipher_desc desc; |
| 50 | struct sk_buff *trailer; | 50 | struct sk_buff *trailer; |
| @@ -86,7 +86,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 86 | 86 | ||
| 87 | skb_push(skb, -skb_network_offset(skb)); | 87 | skb_push(skb, -skb_network_offset(skb)); |
| 88 | top_iph = ipv6_hdr(skb); | 88 | top_iph = ipv6_hdr(skb); |
| 89 | esph = (struct ipv6_esp_hdr *)skb_transport_header(skb); | 89 | esph = ip_esp_hdr(skb); |
| 90 | top_iph->payload_len = htons(skb->len + alen - sizeof(*top_iph)); | 90 | top_iph->payload_len = htons(skb->len + alen - sizeof(*top_iph)); |
| 91 | *(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb); | 91 | *(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb); |
| 92 | *skb_mac_header(skb) = IPPROTO_ESP; | 92 | *skb_mac_header(skb) = IPPROTO_ESP; |
| @@ -142,19 +142,19 @@ error: | |||
| 142 | static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) | 142 | static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) |
| 143 | { | 143 | { |
| 144 | struct ipv6hdr *iph; | 144 | struct ipv6hdr *iph; |
| 145 | struct ipv6_esp_hdr *esph; | 145 | struct ip_esp_hdr *esph; |
| 146 | struct esp_data *esp = x->data; | 146 | struct esp_data *esp = x->data; |
| 147 | struct crypto_blkcipher *tfm = esp->conf.tfm; | 147 | struct crypto_blkcipher *tfm = esp->conf.tfm; |
| 148 | struct blkcipher_desc desc = { .tfm = tfm }; | 148 | struct blkcipher_desc desc = { .tfm = tfm }; |
| 149 | struct sk_buff *trailer; | 149 | struct sk_buff *trailer; |
| 150 | int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4); | 150 | int blksize = ALIGN(crypto_blkcipher_blocksize(tfm), 4); |
| 151 | int alen = esp->auth.icv_trunc_len; | 151 | int alen = esp->auth.icv_trunc_len; |
| 152 | int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen; | 152 | int elen = skb->len - sizeof(*esph) - esp->conf.ivlen - alen; |
| 153 | int hdr_len = skb_network_header_len(skb); | 153 | int hdr_len = skb_network_header_len(skb); |
| 154 | int nfrags; | 154 | int nfrags; |
| 155 | int ret = 0; | 155 | int ret = 0; |
| 156 | 156 | ||
| 157 | if (!pskb_may_pull(skb, sizeof(struct ipv6_esp_hdr))) { | 157 | if (!pskb_may_pull(skb, sizeof(*esph))) { |
| 158 | ret = -EINVAL; | 158 | ret = -EINVAL; |
| 159 | goto out; | 159 | goto out; |
| 160 | } | 160 | } |
| @@ -189,7 +189,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
| 189 | 189 | ||
| 190 | skb->ip_summed = CHECKSUM_NONE; | 190 | skb->ip_summed = CHECKSUM_NONE; |
| 191 | 191 | ||
| 192 | esph = (struct ipv6_esp_hdr*)skb->data; | 192 | esph = (struct ip_esp_hdr *)skb->data; |
| 193 | iph = ipv6_hdr(skb); | 193 | iph = ipv6_hdr(skb); |
| 194 | 194 | ||
| 195 | /* Get ivec. This can be wrong, check against another impls. */ | 195 | /* Get ivec. This can be wrong, check against another impls. */ |
| @@ -208,7 +208,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
| 208 | goto out; | 208 | goto out; |
| 209 | } | 209 | } |
| 210 | } | 210 | } |
| 211 | skb_to_sgvec(skb, sg, sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen, elen); | 211 | skb_to_sgvec(skb, sg, sizeof(*esph) + esp->conf.ivlen, elen); |
| 212 | ret = crypto_blkcipher_decrypt(&desc, sg, sg, elen); | 212 | ret = crypto_blkcipher_decrypt(&desc, sg, sg, elen); |
| 213 | if (unlikely(sg != &esp->sgbuf[0])) | 213 | if (unlikely(sg != &esp->sgbuf[0])) |
| 214 | kfree(sg); | 214 | kfree(sg); |
| @@ -260,7 +260,7 @@ static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 260 | int type, int code, int offset, __be32 info) | 260 | int type, int code, int offset, __be32 info) |
| 261 | { | 261 | { |
| 262 | struct ipv6hdr *iph = (struct ipv6hdr*)skb->data; | 262 | struct ipv6hdr *iph = (struct ipv6hdr*)skb->data; |
| 263 | struct ipv6_esp_hdr *esph = (struct ipv6_esp_hdr*)(skb->data+offset); | 263 | struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data + offset); |
| 264 | struct xfrm_state *x; | 264 | struct xfrm_state *x; |
| 265 | 265 | ||
| 266 | if (type != ICMPV6_DEST_UNREACH && | 266 | if (type != ICMPV6_DEST_UNREACH && |
| @@ -356,7 +356,7 @@ static int esp6_init_state(struct xfrm_state *x) | |||
| 356 | if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key, | 356 | if (crypto_blkcipher_setkey(tfm, x->ealg->alg_key, |
| 357 | (x->ealg->alg_key_len + 7) / 8)) | 357 | (x->ealg->alg_key_len + 7) / 8)) |
| 358 | goto error; | 358 | goto error; |
| 359 | x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen; | 359 | x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; |
| 360 | if (x->props.mode == XFRM_MODE_TUNNEL) | 360 | if (x->props.mode == XFRM_MODE_TUNNEL) |
| 361 | x->props.header_len += sizeof(struct ipv6hdr); | 361 | x->props.header_len += sizeof(struct ipv6hdr); |
| 362 | x->data = esp; | 362 | x->data = esp; |
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c index 87e6407ebf97..8f3f32faaf4c 100644 --- a/net/ipv6/ipcomp6.c +++ b/net/ipv6/ipcomp6.c | |||
| @@ -65,7 +65,7 @@ static LIST_HEAD(ipcomp6_tfms_list); | |||
| 65 | static int ipcomp6_input(struct xfrm_state *x, struct sk_buff *skb) | 65 | static int ipcomp6_input(struct xfrm_state *x, struct sk_buff *skb) |
| 66 | { | 66 | { |
| 67 | int err = -ENOMEM; | 67 | int err = -ENOMEM; |
| 68 | struct ipv6_comp_hdr *ipch; | 68 | struct ip_comp_hdr *ipch; |
| 69 | int plen, dlen; | 69 | int plen, dlen; |
| 70 | struct ipcomp_data *ipcd = x->data; | 70 | struct ipcomp_data *ipcd = x->data; |
| 71 | u8 *start, *scratch; | 71 | u8 *start, *scratch; |
| @@ -92,12 +92,10 @@ static int ipcomp6_input(struct xfrm_state *x, struct sk_buff *skb) | |||
| 92 | tfm = *per_cpu_ptr(ipcd->tfms, cpu); | 92 | tfm = *per_cpu_ptr(ipcd->tfms, cpu); |
| 93 | 93 | ||
| 94 | err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen); | 94 | err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen); |
| 95 | if (err) { | 95 | if (err) |
| 96 | err = -EINVAL; | ||
| 97 | goto out_put_cpu; | 96 | goto out_put_cpu; |
| 98 | } | ||
| 99 | 97 | ||
| 100 | if (dlen < (plen + sizeof(struct ipv6_comp_hdr))) { | 98 | if (dlen < (plen + sizeof(*ipch))) { |
| 101 | err = -EINVAL; | 99 | err = -EINVAL; |
| 102 | goto out_put_cpu; | 100 | goto out_put_cpu; |
| 103 | } | 101 | } |
| @@ -122,7 +120,7 @@ static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 122 | { | 120 | { |
| 123 | int err; | 121 | int err; |
| 124 | struct ipv6hdr *top_iph; | 122 | struct ipv6hdr *top_iph; |
| 125 | struct ipv6_comp_hdr *ipch; | 123 | struct ip_comp_hdr *ipch; |
| 126 | struct ipcomp_data *ipcd = x->data; | 124 | struct ipcomp_data *ipcd = x->data; |
| 127 | int plen, dlen; | 125 | int plen, dlen; |
| 128 | u8 *start, *scratch; | 126 | u8 *start, *scratch; |
| @@ -151,7 +149,7 @@ static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 151 | tfm = *per_cpu_ptr(ipcd->tfms, cpu); | 149 | tfm = *per_cpu_ptr(ipcd->tfms, cpu); |
| 152 | 150 | ||
| 153 | err = crypto_comp_compress(tfm, start, plen, scratch, &dlen); | 151 | err = crypto_comp_compress(tfm, start, plen, scratch, &dlen); |
| 154 | if (err || (dlen + sizeof(struct ipv6_comp_hdr)) >= plen) { | 152 | if (err || (dlen + sizeof(*ipch)) >= plen) { |
| 155 | put_cpu(); | 153 | put_cpu(); |
| 156 | goto out_ok; | 154 | goto out_ok; |
| 157 | } | 155 | } |
| @@ -164,7 +162,7 @@ static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 164 | 162 | ||
| 165 | top_iph->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); | 163 | top_iph->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); |
| 166 | 164 | ||
| 167 | ipch = (struct ipv6_comp_hdr *)start; | 165 | ipch = ip_comp_hdr(skb); |
| 168 | ipch->nexthdr = *skb_mac_header(skb); | 166 | ipch->nexthdr = *skb_mac_header(skb); |
| 169 | ipch->flags = 0; | 167 | ipch->flags = 0; |
| 170 | ipch->cpi = htons((u16 )ntohl(x->id.spi)); | 168 | ipch->cpi = htons((u16 )ntohl(x->id.spi)); |
| @@ -179,7 +177,8 @@ static void ipcomp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 179 | { | 177 | { |
| 180 | __be32 spi; | 178 | __be32 spi; |
| 181 | struct ipv6hdr *iph = (struct ipv6hdr*)skb->data; | 179 | struct ipv6hdr *iph = (struct ipv6hdr*)skb->data; |
| 182 | struct ipv6_comp_hdr *ipcomph = (struct ipv6_comp_hdr*)(skb->data+offset); | 180 | struct ip_comp_hdr *ipcomph = |
| 181 | (struct ip_comp_hdr *)(skb->data + offset); | ||
| 183 | struct xfrm_state *x; | 182 | struct xfrm_state *x; |
| 184 | 183 | ||
| 185 | if (type != ICMPV6_DEST_UNREACH && type != ICMPV6_PKT_TOOBIG) | 184 | if (type != ICMPV6_DEST_UNREACH && type != ICMPV6_PKT_TOOBIG) |