diff options
| author | Miika Komu <miika@iki.fi> | 2007-02-06 17:27:32 -0500 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-02-08 15:39:02 -0500 |
| commit | 4337226228e1cfc1d70ee975789c6bd070fb597c (patch) | |
| tree | a30fd4257c0c2796815dc9cc13b8a12f13f1f2bf /net/ipv6 | |
| parent | c82f963efe823d3cacaf1f1b7f1a35cc9628b188 (diff) | |
[IPSEC]: IPv4 over IPv6 IPsec tunnel
This is the patch to support IPv4 over IPv6 IPsec.
Signed-off-by: Miika Komu <miika@iki.fi>
Signed-off-by: Diego Beltrami <Diego.Beltrami@hiit.fi>
Signed-off-by: Kazunori Miyazawa <miyazawa@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/xfrm6_mode_tunnel.c | 42 |
1 files changed, 32 insertions, 10 deletions
diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c index 5e7d8a7d6414..0bc866c0d83c 100644 --- a/net/ipv6/xfrm6_mode_tunnel.c +++ b/net/ipv6/xfrm6_mode_tunnel.c | |||
| @@ -25,6 +25,12 @@ static inline void ipip6_ecn_decapsulate(struct sk_buff *skb) | |||
| 25 | IP6_ECN_set_ce(inner_iph); | 25 | IP6_ECN_set_ce(inner_iph); |
| 26 | } | 26 | } |
| 27 | 27 | ||
| 28 | static inline void ip6ip_ecn_decapsulate(struct sk_buff *skb) | ||
| 29 | { | ||
| 30 | if (INET_ECN_is_ce(ipv6_get_dsfield(skb->nh.ipv6h))) | ||
| 31 | IP_ECN_set_ce(skb->h.ipiph); | ||
| 32 | } | ||
| 33 | |||
| 28 | /* Add encapsulation header. | 34 | /* Add encapsulation header. |
| 29 | * | 35 | * |
| 30 | * The top IP header will be constructed per RFC 2401. The following fields | 36 | * The top IP header will be constructed per RFC 2401. The following fields |
| @@ -40,6 +46,7 @@ static inline void ipip6_ecn_decapsulate(struct sk_buff *skb) | |||
| 40 | static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) | 46 | static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) |
| 41 | { | 47 | { |
| 42 | struct dst_entry *dst = skb->dst; | 48 | struct dst_entry *dst = skb->dst; |
| 49 | struct xfrm_dst *xdst = (struct xfrm_dst*)dst; | ||
| 43 | struct ipv6hdr *iph, *top_iph; | 50 | struct ipv6hdr *iph, *top_iph; |
| 44 | int dsfield; | 51 | int dsfield; |
| 45 | 52 | ||
| @@ -52,16 +59,24 @@ static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 52 | skb->h.ipv6h = top_iph + 1; | 59 | skb->h.ipv6h = top_iph + 1; |
| 53 | 60 | ||
| 54 | top_iph->version = 6; | 61 | top_iph->version = 6; |
| 55 | top_iph->priority = iph->priority; | 62 | if (xdst->route->ops->family == AF_INET6) { |
| 56 | top_iph->flow_lbl[0] = iph->flow_lbl[0]; | 63 | top_iph->priority = iph->priority; |
| 57 | top_iph->flow_lbl[1] = iph->flow_lbl[1]; | 64 | top_iph->flow_lbl[0] = iph->flow_lbl[0]; |
| 58 | top_iph->flow_lbl[2] = iph->flow_lbl[2]; | 65 | top_iph->flow_lbl[1] = iph->flow_lbl[1]; |
| 66 | top_iph->flow_lbl[2] = iph->flow_lbl[2]; | ||
| 67 | top_iph->nexthdr = IPPROTO_IPV6; | ||
| 68 | } else { | ||
| 69 | top_iph->priority = 0; | ||
| 70 | top_iph->flow_lbl[0] = 0; | ||
| 71 | top_iph->flow_lbl[1] = 0; | ||
| 72 | top_iph->flow_lbl[2] = 0; | ||
| 73 | top_iph->nexthdr = IPPROTO_IPIP; | ||
| 74 | } | ||
| 59 | dsfield = ipv6_get_dsfield(top_iph); | 75 | dsfield = ipv6_get_dsfield(top_iph); |
| 60 | dsfield = INET_ECN_encapsulate(dsfield, dsfield); | 76 | dsfield = INET_ECN_encapsulate(dsfield, dsfield); |
| 61 | if (x->props.flags & XFRM_STATE_NOECN) | 77 | if (x->props.flags & XFRM_STATE_NOECN) |
| 62 | dsfield &= ~INET_ECN_MASK; | 78 | dsfield &= ~INET_ECN_MASK; |
| 63 | ipv6_change_dsfield(top_iph, 0, dsfield); | 79 | ipv6_change_dsfield(top_iph, 0, dsfield); |
| 64 | top_iph->nexthdr = IPPROTO_IPV6; | ||
| 65 | top_iph->hop_limit = dst_metric(dst->child, RTAX_HOPLIMIT); | 80 | top_iph->hop_limit = dst_metric(dst->child, RTAX_HOPLIMIT); |
| 66 | ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr); | 81 | ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr); |
| 67 | ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr); | 82 | ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr); |
| @@ -72,7 +87,8 @@ static int xfrm6_tunnel_input(struct xfrm_state *x, struct sk_buff *skb) | |||
| 72 | { | 87 | { |
| 73 | int err = -EINVAL; | 88 | int err = -EINVAL; |
| 74 | 89 | ||
| 75 | if (skb->nh.raw[IP6CB(skb)->nhoff] != IPPROTO_IPV6) | 90 | if (skb->nh.raw[IP6CB(skb)->nhoff] != IPPROTO_IPV6 |
| 91 | && skb->nh.raw[IP6CB(skb)->nhoff] != IPPROTO_IPIP) | ||
| 76 | goto out; | 92 | goto out; |
| 77 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) | 93 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) |
| 78 | goto out; | 94 | goto out; |
| @@ -81,10 +97,16 @@ static int xfrm6_tunnel_input(struct xfrm_state *x, struct sk_buff *skb) | |||
| 81 | (err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC))) | 97 | (err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC))) |
| 82 | goto out; | 98 | goto out; |
| 83 | 99 | ||
| 84 | if (x->props.flags & XFRM_STATE_DECAP_DSCP) | 100 | if (skb->nh.raw[IP6CB(skb)->nhoff] == IPPROTO_IPV6) { |
| 85 | ipv6_copy_dscp(skb->nh.ipv6h, skb->h.ipv6h); | 101 | if (x->props.flags & XFRM_STATE_DECAP_DSCP) |
| 86 | if (!(x->props.flags & XFRM_STATE_NOECN)) | 102 | ipv6_copy_dscp(skb->nh.ipv6h, skb->h.ipv6h); |
| 87 | ipip6_ecn_decapsulate(skb); | 103 | if (!(x->props.flags & XFRM_STATE_NOECN)) |
| 104 | ipip6_ecn_decapsulate(skb); | ||
| 105 | } else { | ||
| 106 | if (!(x->props.flags & XFRM_STATE_NOECN)) | ||
| 107 | ip6ip_ecn_decapsulate(skb); | ||
| 108 | skb->protocol = htons(ETH_P_IP); | ||
| 109 | } | ||
| 88 | skb->mac.raw = memmove(skb->data - skb->mac_len, | 110 | skb->mac.raw = memmove(skb->data - skb->mac_len, |
| 89 | skb->mac.raw, skb->mac_len); | 111 | skb->mac.raw, skb->mac_len); |
| 90 | skb->nh.raw = skb->data; | 112 | skb->nh.raw = skb->data; |