1 files changed, 14 insertions, 112 deletions
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index c0323d05ab69..e374903dacdf 100644
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -41,124 +41,26 @@ drop:
 int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
                    int encap_type)
 {
-        int err;
+        XFRM_SPI_SKB_CB(skb)->nhoff = offsetof(struct iphdr, protocol);
-        __be32 seq;
+        XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
-        struct xfrm_state *xfrm_vec[XFRM_MAX_DEPTH];
+        return xfrm_input(skb, nexthdr, spi, encap_type);
-        struct xfrm_state *x;
+}
-        int xfrm_nr = 0;
+EXPORT_SYMBOL(xfrm4_rcv_encap);
-        int decaps = 0;
-        unsigned int nhoff = offsetof(struct iphdr, protocol);
-        seq = 0;
-        if (!spi && (err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0)
-                goto drop;
-        do {
-                const struct iphdr *iph = ip_hdr(skb);
-                if (xfrm_nr == XFRM_MAX_DEPTH)
-                        goto drop;
-                x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, spi,
-                                      nexthdr, AF_INET);
-                if (x == NULL)
-                        goto drop;
-                spin_lock(&x->lock);
-                if (unlikely(x->km.state != XFRM_STATE_VALID))
-                        goto drop_unlock;
-                if ((x->encap ? x->encap->encap_type : 0) != encap_type)
-                        goto drop_unlock;
-                if (x->props.replay_window && xfrm_replay_check(x, seq))
-                        goto drop_unlock;
-                if (xfrm_state_check_expire(x))
-                        goto drop_unlock;
-                nexthdr = x->type->input(x, skb);
-                if (nexthdr <= 0)
-                        goto drop_unlock;
-                skb_network_header(skb)[nhoff] = nexthdr;
-                /* only the first xfrm gets the encap type */
-                encap_type = 0;
-                if (x->props.replay_window)
-                        xfrm_replay_advance(x, seq);
-                x->curlft.bytes += skb->len;
-                x->curlft.packets++;
-                spin_unlock(&x->lock);
-                xfrm_vec[xfrm_nr++] = x;
-                if (x->inner_mode->input(x, skb))
-                        goto drop;
-                if (x->outer_mode->flags & XFRM_MODE_FLAG_TUNNEL) {
-                        decaps = 1;
-                        break;
-                }
-                err = xfrm_parse_spi(skb, nexthdr, &spi, &seq);
-                if (err < 0)
-                        goto drop;
-        } while (!err);
-        /* Allocate new secpath or COW existing one. */
-        if (!skb->sp || atomic_read(&skb->sp->refcnt) != 1) {
-                struct sec_path *sp;
-                sp = secpath_dup(skb->sp);
-                if (!sp)
-                        goto drop;
-                if (skb->sp)
-                        secpath_put(skb->sp);
-                skb->sp = sp;
-        }
-        if (xfrm_nr + skb->sp->len > XFRM_MAX_DEPTH)
-                goto drop;
-        memcpy(skb->sp->xvec + skb->sp->len, xfrm_vec,
-               xfrm_nr * sizeof(xfrm_vec[0]));
-        skb->sp->len += xfrm_nr;
-        nf_reset(skb);
-        if (decaps) {
+int xfrm4_transport_finish(struct sk_buff *skb, int async)
-                dst_release(skb->dst);
+{
-                skb->dst = NULL;
-                netif_rx(skb);
-                return 0;
-        } else {
 #ifdef CONFIG_NETFILTER
-                __skb_push(skb, skb->data - skb_network_header(skb));
+        __skb_push(skb, skb->data - skb_network_header(skb));
-                ip_hdr(skb)->tot_len = htons(skb->len);
+        ip_hdr(skb)->tot_len = htons(skb->len);
-                ip_send_check(ip_hdr(skb));
+        ip_send_check(ip_hdr(skb));
-                NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL,
+        NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL,
-                        xfrm4_rcv_encap_finish);
+                xfrm4_rcv_encap_finish);
-                return 0;
+        return 0;
 #else
-                return -ip_hdr(skb)->protocol;
+        return -ip_hdr(skb)->protocol;
 #endif
-        }
-drop_unlock:
-        spin_unlock(&x->lock);
-        xfrm_state_put(x);
-drop:
-        while (--xfrm_nr >= 0)
-                xfrm_state_put(xfrm_vec[xfrm_nr]);
-        kfree_skb(skb);
-        return 0;
 }
-EXPORT_SYMBOL(xfrm4_rcv_encap);
 /* If it's a keepalive packet, then just eat it.
 * If it's an encapsulated packet, then pass it to the

diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c index c0323d05ab69..e374903dacdf 100644 --- a/net/ipv4/xfrm4_input.c +++ b/net/ipv4/xfrm4_input.c
@@ -41,124 +41,26 @@ drop:
41	int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,	41	int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
42	int encap_type)	42	int encap_type)
43	{	43	{
44	int err;	44	XFRM_SPI_SKB_CB(skb)->nhoff = offsetof(struct iphdr, protocol);
45	__be32 seq;	45	XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
46	struct xfrm_state *xfrm_vec[XFRM_MAX_DEPTH];	46	return xfrm_input(skb, nexthdr, spi, encap_type);
47	struct xfrm_state *x;	47	}
48	int xfrm_nr = 0;	48	EXPORT_SYMBOL(xfrm4_rcv_encap);
49	int decaps = 0;
50	unsigned int nhoff = offsetof(struct iphdr, protocol);
51
52	seq = 0;
53	if (!spi && (err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0)
54	goto drop;
55
56	do {
57	const struct iphdr *iph = ip_hdr(skb);
58
59	if (xfrm_nr == XFRM_MAX_DEPTH)
60	goto drop;
61
62	x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, spi,
63	nexthdr, AF_INET);
64	if (x == NULL)
65	goto drop;
66
67	spin_lock(&x->lock);
68	if (unlikely(x->km.state != XFRM_STATE_VALID))
69	goto drop_unlock;
70
71	if ((x->encap ? x->encap->encap_type : 0) != encap_type)
72	goto drop_unlock;
73
74	if (x->props.replay_window && xfrm_replay_check(x, seq))
75	goto drop_unlock;
76
77	if (xfrm_state_check_expire(x))
78	goto drop_unlock;
79
80	nexthdr = x->type->input(x, skb);
81	if (nexthdr <= 0)
82	goto drop_unlock;
83
84	skb_network_header(skb)[nhoff] = nexthdr;
85
86	/* only the first xfrm gets the encap type */
87	encap_type = 0;
88
89	if (x->props.replay_window)
90	xfrm_replay_advance(x, seq);
91
92	x->curlft.bytes += skb->len;
93	x->curlft.packets++;
94
95	spin_unlock(&x->lock);
96
97	xfrm_vec[xfrm_nr++] = x;
98
99	if (x->inner_mode->input(x, skb))
100	goto drop;
101
102	if (x->outer_mode->flags & XFRM_MODE_FLAG_TUNNEL) {
103	decaps = 1;
104	break;
105	}
106
107	err = xfrm_parse_spi(skb, nexthdr, &spi, &seq);
108	if (err < 0)
109	goto drop;
110	} while (!err);
111
112	/* Allocate new secpath or COW existing one. */
113
114	if (!skb->sp \|\| atomic_read(&skb->sp->refcnt) != 1) {
115	struct sec_path *sp;
116	sp = secpath_dup(skb->sp);
117	if (!sp)
118	goto drop;
119	if (skb->sp)
120	secpath_put(skb->sp);
121	skb->sp = sp;
122	}
123	if (xfrm_nr + skb->sp->len > XFRM_MAX_DEPTH)
124	goto drop;
125
126	memcpy(skb->sp->xvec + skb->sp->len, xfrm_vec,
127	xfrm_nr * sizeof(xfrm_vec[0]));
128	skb->sp->len += xfrm_nr;
129
130	nf_reset(skb);
131		49
132	if (decaps) {	50	int xfrm4_transport_finish(struct sk_buff *skb, int async)
133	dst_release(skb->dst);	51	{
134	skb->dst = NULL;
135	netif_rx(skb);
136	return 0;
137	} else {
138	#ifdef CONFIG_NETFILTER	52	#ifdef CONFIG_NETFILTER
139	__skb_push(skb, skb->data - skb_network_header(skb));	53	__skb_push(skb, skb->data - skb_network_header(skb));
140	ip_hdr(skb)->tot_len = htons(skb->len);	54	ip_hdr(skb)->tot_len = htons(skb->len);
141	ip_send_check(ip_hdr(skb));	55	ip_send_check(ip_hdr(skb));
142		56
143	NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL,	57	NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL,
144	xfrm4_rcv_encap_finish);	58	xfrm4_rcv_encap_finish);
145	return 0;	59	return 0;
146	#else	60	#else
147	return -ip_hdr(skb)->protocol;	61	return -ip_hdr(skb)->protocol;
148	#endif	62	#endif
149	}
150
151	drop_unlock:
152	spin_unlock(&x->lock);
153	xfrm_state_put(x);
154	drop:
155	while (--xfrm_nr >= 0)
156	xfrm_state_put(xfrm_vec[xfrm_nr]);
157
158	kfree_skb(skb);
159	return 0;
160	}	63	}
161	EXPORT_SYMBOL(xfrm4_rcv_encap);
162		64
163	/* If it's a keepalive packet, then just eat it.	65	/* If it's a keepalive packet, then just eat it.
164	* If it's an encapsulated packet, then pass it to the	66	* If it's an encapsulated packet, then pass it to the