diff options
| author | Masahide NAKAMURA <nakam@linux-ipv6.org> | 2006-09-22 18:05:15 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2006-09-22 18:05:15 -0400 |
| commit | 7e49e6de30efa716614e280d97963c570f3acf29 (patch) | |
| tree | 8eaef9d40300d16a7675722e082c5d8ab2a53d40 /net/xfrm/xfrm_policy.c | |
| parent | 77d16f450ae0452d7d4b009f78debb1294fb435c (diff) | |
[XFRM]: Add XFRM_MODE_xxx for future use.
Transformation mode is used as either IPsec transport or tunnel.
It is required to add two more items, route optimization and inbound trigger
for Mobile IPv6.
Based on MIPL2 kernel patch.
This patch was also written by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 32c963c90573..a0d58971391d 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -779,7 +779,7 @@ xfrm_tmpl_resolve(struct xfrm_policy *policy, struct flowi *fl, | |||
| 779 | xfrm_address_t *local = saddr; | 779 | xfrm_address_t *local = saddr; |
| 780 | struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i]; | 780 | struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i]; |
| 781 | 781 | ||
| 782 | if (tmpl->mode) { | 782 | if (tmpl->mode == XFRM_MODE_TUNNEL) { |
| 783 | remote = &tmpl->id.daddr; | 783 | remote = &tmpl->id.daddr; |
| 784 | local = &tmpl->saddr; | 784 | local = &tmpl->saddr; |
| 785 | } | 785 | } |
| @@ -1005,7 +1005,8 @@ xfrm_state_ok(struct xfrm_tmpl *tmpl, struct xfrm_state *x, | |||
| 1005 | (x->props.reqid == tmpl->reqid || !tmpl->reqid) && | 1005 | (x->props.reqid == tmpl->reqid || !tmpl->reqid) && |
| 1006 | x->props.mode == tmpl->mode && | 1006 | x->props.mode == tmpl->mode && |
| 1007 | (tmpl->aalgos & (1<<x->props.aalgo)) && | 1007 | (tmpl->aalgos & (1<<x->props.aalgo)) && |
| 1008 | !(x->props.mode && xfrm_state_addr_cmp(tmpl, x, family)); | 1008 | !(x->props.mode != XFRM_MODE_TRANSPORT && |
| 1009 | xfrm_state_addr_cmp(tmpl, x, family)); | ||
| 1009 | } | 1010 | } |
| 1010 | 1011 | ||
| 1011 | static inline int | 1012 | static inline int |
| @@ -1015,14 +1016,14 @@ xfrm_policy_ok(struct xfrm_tmpl *tmpl, struct sec_path *sp, int start, | |||
| 1015 | int idx = start; | 1016 | int idx = start; |
| 1016 | 1017 | ||
| 1017 | if (tmpl->optional) { | 1018 | if (tmpl->optional) { |
| 1018 | if (!tmpl->mode) | 1019 | if (tmpl->mode == XFRM_MODE_TRANSPORT) |
| 1019 | return start; | 1020 | return start; |
| 1020 | } else | 1021 | } else |
| 1021 | start = -1; | 1022 | start = -1; |
| 1022 | for (; idx < sp->len; idx++) { | 1023 | for (; idx < sp->len; idx++) { |
| 1023 | if (xfrm_state_ok(tmpl, sp->xvec[idx], family)) | 1024 | if (xfrm_state_ok(tmpl, sp->xvec[idx], family)) |
| 1024 | return ++idx; | 1025 | return ++idx; |
| 1025 | if (sp->xvec[idx]->props.mode) | 1026 | if (sp->xvec[idx]->props.mode != XFRM_MODE_TRANSPORT) |
| 1026 | break; | 1027 | break; |
| 1027 | } | 1028 | } |
| 1028 | return start; | 1029 | return start; |
| @@ -1047,7 +1048,7 @@ EXPORT_SYMBOL(xfrm_decode_session); | |||
| 1047 | static inline int secpath_has_tunnel(struct sec_path *sp, int k) | 1048 | static inline int secpath_has_tunnel(struct sec_path *sp, int k) |
| 1048 | { | 1049 | { |
| 1049 | for (; k < sp->len; k++) { | 1050 | for (; k < sp->len; k++) { |
| 1050 | if (sp->xvec[k]->props.mode) | 1051 | if (sp->xvec[k]->props.mode != XFRM_MODE_TRANSPORT) |
| 1051 | return 1; | 1052 | return 1; |
| 1052 | } | 1053 | } |
| 1053 | 1054 | ||