projects / GitHub / MotorolaMobilityLLC / kernel-slsi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d26f398)
[IPSEC]: Remove nhoff from xfrm_input
authorHerbert Xu <herbert@gondor.apana.org.au>
Tue, 20 Nov 2007 02:47:58 +0000 (18:47 -0800)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Jan 2008 22:53:53 +0000 (14:53 -0800)
The nhoff field isn't actually necessary in xfrm_input.  For tunnel
mode transforms we now throw away the output IP header so it makes no
sense to fill in the nexthdr field.  For transport mode we can now let
the function transport_finish do the setting and it knows where the
nexthdr field is.

The only other thing that needs the nexthdr field to be set is the
header extraction code.  However, we can simply move the protocol
extraction out of the generic header extraction.

We want to minimise the amount of info we have to carry around between
transforms as this simplifies the resumption process for async crypto.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/xfrm.h patch | blob | blame | history
net/ipv4/xfrm4_input.c patch | blob | blame | history
net/ipv4/xfrm4_output.c patch | blob | blame | history
net/ipv4/xfrm4_state.c patch | blob | blame | history
net/ipv6/xfrm6_input.c patch | blob | blame | history
net/ipv6/xfrm6_output.c patch | blob | blame | history
net/ipv6/xfrm6_state.c patch | blob | blame | history
net/xfrm/xfrm_input.c patch | blob | blame | history

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 311bbd113aa7eb7ccf3530ade685a78ca9e6d7e6..cf85dc9dc42022a7c6be071df39f0749aaf97499 100644 (file)
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -534,7 +534,6 @@ struct xfrm_spi_skb_cb {
                struct inet6_skb_parm h6;
        } header;
 
-       unsigned int nhoff;
        unsigned int daddroff;
 };
 
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index e374903dacdf54c62f43b91423ec0243a18abe04..662d1e86cfbf019be7f76ad4e77648b588da30c8 100644 (file)
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -21,7 +21,6 @@ int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb)
        return xfrm4_extract_header(skb);
 }
 
-#ifdef CONFIG_NETFILTER
 static inline int xfrm4_rcv_encap_finish(struct sk_buff *skb)
 {
        if (skb->dst == NULL) {
@@ -36,12 +35,10 @@ drop:
        kfree_skb(skb);
        return NET_RX_DROP;
 }
-#endif
 
 int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
                    int encap_type)
 {
-       XFRM_SPI_SKB_CB(skb)->nhoff = offsetof(struct iphdr, protocol);
        XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
        return xfrm_input(skb, nexthdr, spi, encap_type);
 }
@@ -49,16 +46,20 @@ EXPORT_SYMBOL(xfrm4_rcv_encap);
 
 int xfrm4_transport_finish(struct sk_buff *skb, int async)
 {
+       struct iphdr *iph = ip_hdr(skb);
+
+       iph->protocol = XFRM_MODE_SKB_CB(skb)->protocol;
+
 #ifdef CONFIG_NETFILTER
        __skb_push(skb, skb->data - skb_network_header(skb));
-       ip_hdr(skb)->tot_len = htons(skb->len);
-       ip_send_check(ip_hdr(skb));
+       iph->tot_len = htons(skb->len);
+       ip_send_check(iph);
 
        NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL,
                xfrm4_rcv_encap_finish);
        return 0;
 #else
-       return -ip_hdr(skb)->protocol;
+       return -iph->protocol;
 #endif
 }
 
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 2fb4efa3ff2cf74cdd815d27ccf24fa51b98b417..1900200d3c0fa34fdd9479e7f514984f1e2e089e 100644 (file)
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -47,6 +47,8 @@ int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb)
        if (err)
                return err;
 
+       XFRM_MODE_SKB_CB(skb)->protocol = ip_hdr(skb)->protocol;
+
        return xfrm4_extract_header(skb);
 }
 
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c
index 3b067e8b7bfe5999875d89365f717e2deb5d0068..d837784a2199f880c13e469acc7e9977ad7764f8 100644 (file)
--- a/net/ipv4/xfrm4_state.c
+++ b/net/ipv4/xfrm4_state.c
@@ -56,7 +56,6 @@ int xfrm4_extract_header(struct sk_buff *skb)
        XFRM_MODE_SKB_CB(skb)->frag_off = iph->frag_off;
        XFRM_MODE_SKB_CB(skb)->tos = iph->tos;
        XFRM_MODE_SKB_CB(skb)->ttl = iph->ttl;
-       XFRM_MODE_SKB_CB(skb)->protocol = iph->protocol;
        memset(XFRM_MODE_SKB_CB(skb)->flow_lbl, 0,
               sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl));
 
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c
index 3b9eedf5b24a11e99282d4a667964041a1210af5..5c006c8459438329fa2ef5f337d06adc1607a103 100644 (file)
--- a/net/ipv6/xfrm6_input.c
+++ b/net/ipv6/xfrm6_input.c
@@ -23,7 +23,6 @@ int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb)
 
 int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)
 {
-       XFRM_SPI_SKB_CB(skb)->nhoff = IP6CB(skb)->nhoff;
        XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr);
        return xfrm_input(skb, nexthdr, spi, 0);
 }
@@ -31,6 +30,9 @@ EXPORT_SYMBOL(xfrm6_rcv_spi);
 
 int xfrm6_transport_finish(struct sk_buff *skb, int async)
 {
+       skb_network_header(skb)[IP6CB(skb)->nhoff] =
+               XFRM_MODE_SKB_CB(skb)->protocol;
+
 #ifdef CONFIG_NETFILTER
        ipv6_hdr(skb)->payload_len = htons(skb->len);
        __skb_push(skb, skb->data - skb_network_header(skb));
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index a0a924991c4f5db8e023832bd5a126e4d4856b22..318669a9cb486b8f0b448a32b3da7420b314497b 100644 (file)
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -53,7 +53,8 @@ int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb)
        if (err)
                return err;
 
-       IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
+       XFRM_MODE_SKB_CB(skb)->protocol = ipv6_hdr(skb)->nexthdr;
+
        return xfrm6_extract_header(skb);
 }
 
diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index 00360b514e9979285e35f6ddb1e543aefc0b77f1..df7e98d914fac4a9357a48033c7470ba93b3539e 100644 (file)
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -178,8 +178,6 @@ int xfrm6_extract_header(struct sk_buff *skb)
        XFRM_MODE_SKB_CB(skb)->frag_off = htons(IP_DF);
        XFRM_MODE_SKB_CB(skb)->tos = ipv6_get_dsfield(iph);
        XFRM_MODE_SKB_CB(skb)->ttl = iph->hop_limit;
-       XFRM_MODE_SKB_CB(skb)->protocol =
-               skb_network_header(skb)[IP6CB(skb)->nhoff];
        memcpy(XFRM_MODE_SKB_CB(skb)->flow_lbl, iph->flow_lbl,
               sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl));
 
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 5cad522e8ef613cf44afa724cfc9a4877928d8ce..cce9d4586045f4f120b0b45314f5ed5c15d48a6d 100644 (file)
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -102,7 +102,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
        __be32 seq;
        struct xfrm_state *x;
        int decaps = 0;
-       unsigned int nhoff = XFRM_SPI_SKB_CB(skb)->nhoff;
        unsigned int daddroff = XFRM_SPI_SKB_CB(skb)->daddroff;
 
        /* Allocate new secpath or COW existing one. */
@@ -157,8 +156,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                        goto drop_unlock;
                }
 
-               skb_network_header(skb)[nhoff] = nexthdr;
-
                /* only the first xfrm gets the encap type */
                encap_type = 0;
 
@@ -170,6 +167,8 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 
                spin_unlock(&x->lock);
 
+               XFRM_MODE_SKB_CB(skb)->protocol = nexthdr;
+
                if (x->inner_mode->input(x, skb))
                        goto drop;
 
Motorola kernel-slsi