From 007f0211a8872f32381f5d44becf8eb2f27f3c30 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 9 Oct 2007 13:25:59 -0700 Subject: [IPSEC]: Store IPv6 nh pointer in mac_header on output Current the x->mode->output functions store the IPv6 nh pointer in the skb network header. This is inconvenient because the network header then has to be fixed up before the packet can leave the IPsec stack. The mac header field is unused on output so we can use that to store this instead. This patch does that and removes the network header fix-up in xfrm_output. It also uses ipv6_hdr where appropriate in the x->type->output functions. There is also a minor clean-up in esp4 to make it use the same code as esp6 to help any subsequent effort to merge the two. Lastly it kills two redundant skb_set_* statements in BEET that were simply copied over from transport mode. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/ipv6/mip6.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'net/ipv6/mip6.c') diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c index 8a1399ce38c..7261c29898c 100644 --- a/net/ipv6/mip6.c +++ b/net/ipv6/mip6.c @@ -153,11 +153,11 @@ static int mip6_destopt_output(struct xfrm_state *x, struct sk_buff *skb) u8 nexthdr; int len; - iph = (struct ipv6hdr *)skb->data; + iph = ipv6_hdr(skb); iph->payload_len = htons(skb->len - sizeof(*iph)); - nexthdr = *skb_network_header(skb); - *skb_network_header(skb) = IPPROTO_DSTOPTS; + nexthdr = *skb_mac_header(skb); + *skb_mac_header(skb) = IPPROTO_DSTOPTS; dstopt = (struct ipv6_destopt_hdr *)skb_transport_header(skb); dstopt->nexthdr = nexthdr; @@ -365,11 +365,11 @@ static int mip6_rthdr_output(struct xfrm_state *x, struct sk_buff *skb) struct rt2_hdr *rt2; u8 nexthdr; - iph = (struct ipv6hdr *)skb->data; + iph = ipv6_hdr(skb); iph->payload_len = htons(skb->len - sizeof(*iph)); - nexthdr = *skb_network_header(skb); - *skb_network_header(skb) = IPPROTO_ROUTING; + nexthdr = *skb_mac_header(skb); + *skb_mac_header(skb) = IPPROTO_ROUTING; rt2 = (struct rt2_hdr *)skb_transport_header(skb); rt2->rt_hdr.nexthdr = nexthdr; -- cgit v1.2.3 From b7c6538cd84f8072fad43bfce530f5bf695edbba Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 9 Oct 2007 13:33:35 -0700 Subject: [IPSEC]: Move state lock into x->type->output This patch releases the lock on the state before calling x->type->output. It also adds the lock to the spots where they're currently needed. Most of those places (all except mip6) are expected to disappear with async crypto. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/ipv6/mip6.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'net/ipv6/mip6.c') diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c index 7261c29898c..6475baca63d 100644 --- a/net/ipv6/mip6.c +++ b/net/ipv6/mip6.c @@ -172,7 +172,9 @@ static int mip6_destopt_output(struct xfrm_state *x, struct sk_buff *skb) len = ((char *)hao - (char *)dstopt) + sizeof(*hao); memcpy(&hao->addr, &iph->saddr, sizeof(hao->addr)); + spin_lock_bh(&x->lock); memcpy(&iph->saddr, x->coaddr, sizeof(iph->saddr)); + spin_unlock_bh(&x->lock); BUG_TRAP(len == x->props.header_len); dstopt->hdrlen = (x->props.header_len >> 3) - 1; @@ -381,7 +383,9 @@ static int mip6_rthdr_output(struct xfrm_state *x, struct sk_buff *skb) BUG_TRAP(rt2->rt_hdr.hdrlen == 2); memcpy(&rt2->addr, &iph->daddr, sizeof(rt2->addr)); + spin_lock_bh(&x->lock); memcpy(&iph->daddr, x->coaddr, sizeof(iph->daddr)); + spin_unlock_bh(&x->lock); return 0; } -- cgit v1.2.3 From 7b277b1a5fb147cb828e5d8b9780cee60f31a9bf Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 10 Oct 2007 15:44:06 -0700 Subject: [IPSEC]: Set skb->data to payload in x->mode->output This patch changes the calling convention so that on entry from x->mode->output and before entry into x->type->output skb->data will point to the payload instead of the IP header. This is essentially a redistribution of skb_push/skb_pull calls with the aim of minimising them on the common path of tunnel + ESP. It'll also let us use the same calling convention between IPv4 and IPv6 with the next patch. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/ipv6/mip6.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'net/ipv6/mip6.c') diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c index 6475baca63d..0e7a60f7393 100644 --- a/net/ipv6/mip6.c +++ b/net/ipv6/mip6.c @@ -153,6 +153,7 @@ static int mip6_destopt_output(struct xfrm_state *x, struct sk_buff *skb) u8 nexthdr; int len; + skb_push(skb, -skb_network_offset(skb)); iph = ipv6_hdr(skb); iph->payload_len = htons(skb->len - sizeof(*iph)); @@ -367,6 +368,7 @@ static int mip6_rthdr_output(struct xfrm_state *x, struct sk_buff *skb) struct rt2_hdr *rt2; u8 nexthdr; + skb_push(skb, -skb_network_offset(skb)); iph = ipv6_hdr(skb); iph->payload_len = htons(skb->len - sizeof(*iph)); -- cgit v1.2.3 From ceb1eec8291175686d0208e66595ff83bc0624e2 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 10 Oct 2007 15:45:52 -0700 Subject: [IPSEC]: Move IP length/checksum setting out of transforms This patch moves the setting of the IP length and checksum fields out of the transforms and into the xfrmX_output functions. This would help future efforts in merging the transforms themselves. It also adds an optimisation to ipcomp due to the fact that the transport offset is guaranteed to be zero. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/ipv6/mip6.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'net/ipv6/mip6.c') diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c index 0e7a60f7393..7fd841d4101 100644 --- a/net/ipv6/mip6.c +++ b/net/ipv6/mip6.c @@ -155,7 +155,6 @@ static int mip6_destopt_output(struct xfrm_state *x, struct sk_buff *skb) skb_push(skb, -skb_network_offset(skb)); iph = ipv6_hdr(skb); - iph->payload_len = htons(skb->len - sizeof(*iph)); nexthdr = *skb_mac_header(skb); *skb_mac_header(skb) = IPPROTO_DSTOPTS; @@ -370,7 +369,6 @@ static int mip6_rthdr_output(struct xfrm_state *x, struct sk_buff *skb) skb_push(skb, -skb_network_offset(skb)); iph = ipv6_hdr(skb); - iph->payload_len = htons(skb->len - sizeof(*iph)); nexthdr = *skb_mac_header(skb); *skb_mac_header(skb) = IPPROTO_ROUTING; -- cgit v1.2.3