From 007f0211a8872f32381f5d44becf8eb2f27f3c30 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 9 Oct 2007 13:25:59 -0700 Subject: [IPSEC]: Store IPv6 nh pointer in mac_header on output Current the x->mode->output functions store the IPv6 nh pointer in the skb network header. This is inconvenient because the network header then has to be fixed up before the packet can leave the IPsec stack. The mac header field is unused on output so we can use that to store this instead. This patch does that and removes the network header fix-up in xfrm_output. It also uses ipv6_hdr where appropriate in the x->type->output functions. There is also a minor clean-up in esp4 to make it use the same code as esp6 to help any subsequent effort to merge the two. Lastly it kills two redundant skb_set_* statements in BEET that were simply copied over from transport mode. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/ipv6/xfrm6_tunnel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/ipv6/xfrm6_tunnel.c') diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c index 30f3236c402..aeb06076fdd 100644 --- a/net/ipv6/xfrm6_tunnel.c +++ b/net/ipv6/xfrm6_tunnel.c @@ -244,7 +244,7 @@ static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) { struct ipv6hdr *top_iph; - top_iph = (struct ipv6hdr *)skb->data; + top_iph = ipv6_hdr(skb); top_iph->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); return 0; -- cgit v1.2.3-70-g09d2 From 7b277b1a5fb147cb828e5d8b9780cee60f31a9bf Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 10 Oct 2007 15:44:06 -0700 Subject: [IPSEC]: Set skb->data to payload in x->mode->output This patch changes the calling convention so that on entry from x->mode->output and before entry into x->type->output skb->data will point to the payload instead of the IP header. This is essentially a redistribution of skb_push/skb_pull calls with the aim of minimising them on the common path of tunnel + ESP. It'll also let us use the same calling convention between IPv4 and IPv6 with the next patch. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/ipv4/ah4.c | 1 + net/ipv4/esp4.c | 6 ++---- net/ipv4/ipcomp.c | 1 + net/ipv4/xfrm4_mode_beet.c | 5 +++-- net/ipv4/xfrm4_mode_transport.c | 4 ++-- net/ipv4/xfrm4_mode_tunnel.c | 3 +-- net/ipv4/xfrm4_tunnel.c | 1 + net/ipv6/ah6.c | 1 + net/ipv6/esp6.c | 9 ++------- net/ipv6/ipcomp6.c | 5 ++++- net/ipv6/mip6.c | 2 ++ net/ipv6/xfrm6_mode_beet.c | 13 +++++++------ net/ipv6/xfrm6_mode_ro.c | 12 ++++++------ net/ipv6/xfrm6_mode_transport.c | 12 ++++++------ net/ipv6/xfrm6_mode_tunnel.c | 13 +++++++------ net/ipv6/xfrm6_tunnel.c | 1 + 16 files changed, 47 insertions(+), 42 deletions(-) (limited to 'net/ipv6/xfrm6_tunnel.c') diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index 3513149c384..dbb1f11721e 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c @@ -66,6 +66,7 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb) char buf[60]; } tmp_iph; + skb_push(skb, -skb_network_offset(skb)); top_iph = ip_hdr(skb); iph = &tmp_iph.iph; diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 1af332df72d..0f5e8387ccb 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -28,9 +28,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) int alen; int nfrags; - /* Strip IP+ESP header. */ - __skb_pull(skb, skb_transport_offset(skb)); - /* Now skb is pure payload to encrypt */ + /* skb is pure payload to encrypt */ err = -ENOMEM; @@ -60,7 +58,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) tail[clen - skb->len - 2] = (clen - skb->len) - 2; pskb_put(skb, trailer, clen - skb->len); - __skb_push(skb, -skb_network_offset(skb)); + skb_push(skb, -skb_network_offset(skb)); top_iph = ip_hdr(skb); esph = (struct ip_esp_hdr *)(skb_network_header(skb) + top_iph->ihl * 4); diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c index e787044a851..1929d451dab 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c @@ -134,6 +134,7 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb) int hdr_len = 0; struct iphdr *iph = ip_hdr(skb); + skb_push(skb, -skb_network_offset(skb)); iph->tot_len = htons(skb->len); hdr_len = iph->ihl * 4; if ((skb->len - hdr_len) < ipcd->threshold) { diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c index a73e710740c..77888f59673 100644 --- a/net/ipv4/xfrm4_mode_beet.c +++ b/net/ipv4/xfrm4_mode_beet.c @@ -40,10 +40,11 @@ static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb) if (unlikely(optlen)) hdrlen += IPV4_BEET_PHMAXLEN - (optlen & 4); - skb_push(skb, x->props.header_len - IPV4_BEET_PHMAXLEN + hdrlen); - skb_reset_network_header(skb); + skb_set_network_header(skb, IPV4_BEET_PHMAXLEN - x->props.header_len - + hdrlen); top_iph = ip_hdr(skb); skb->transport_header += sizeof(*iph) - hdrlen; + __skb_pull(skb, sizeof(*iph) - hdrlen); memmove(top_iph, iph, sizeof(*iph)); if (unlikely(optlen)) { diff --git a/net/ipv4/xfrm4_mode_transport.c b/net/ipv4/xfrm4_mode_transport.c index 601047161ea..10499d2ec65 100644 --- a/net/ipv4/xfrm4_mode_transport.c +++ b/net/ipv4/xfrm4_mode_transport.c @@ -27,8 +27,8 @@ static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb) int ihl = iph->ihl * 4; skb->transport_header = skb->network_header + ihl; - skb_push(skb, x->props.header_len); - skb_reset_network_header(skb); + skb_set_network_header(skb, -x->props.header_len); + __skb_pull(skb, ihl); memmove(skb_network_header(skb), iph, ihl); return 0; } diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c index 9963700e74c..bac1a91f0cb 100644 --- a/net/ipv4/xfrm4_mode_tunnel.c +++ b/net/ipv4/xfrm4_mode_tunnel.c @@ -49,8 +49,7 @@ static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) iph = ip_hdr(skb); skb->transport_header = skb->network_header; - skb_push(skb, x->props.header_len); - skb_reset_network_header(skb); + skb_set_network_header(skb, -x->props.header_len); top_iph = ip_hdr(skb); top_iph->ihl = 5; diff --git a/net/ipv4/xfrm4_tunnel.c b/net/ipv4/xfrm4_tunnel.c index 9275c79119b..be572f918b5 100644 --- a/net/ipv4/xfrm4_tunnel.c +++ b/net/ipv4/xfrm4_tunnel.c @@ -14,6 +14,7 @@ static int ipip_output(struct xfrm_state *x, struct sk_buff *skb) { struct iphdr *iph = ip_hdr(skb); + skb_push(skb, -skb_network_offset(skb)); iph->tot_len = htons(skb->len); ip_send_check(iph); diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index c51d77564b4..ac6bae17a13 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c @@ -236,6 +236,7 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb) char hdrs[0]; } *tmp_ext; + skb_push(skb, -skb_network_offset(skb)); top_iph = ipv6_hdr(skb); top_iph->payload_len = htons(skb->len - sizeof(*top_iph)); diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 7355bb0345e..21c93f026db 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c @@ -54,13 +54,8 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) int nfrags; u8 *tail; struct esp_data *esp = x->data; - int hdr_len = (skb_transport_offset(skb) + - sizeof(*esph) + esp->conf.ivlen); - /* Strip IP+ESP header. */ - __skb_pull(skb, hdr_len); - - /* Now skb is pure payload to encrypt */ + /* skb is pure payload to encrypt */ err = -ENOMEM; /* Round to block size */ @@ -89,7 +84,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) tail[clen-skb->len - 2] = (clen - skb->len) - 2; pskb_put(skb, trailer, clen - skb->len); - __skb_push(skb, -skb_network_offset(skb)); + skb_push(skb, -skb_network_offset(skb)); top_iph = ipv6_hdr(skb); esph = (struct ipv6_esp_hdr *)skb_transport_header(skb); top_iph->payload_len = htons(skb->len + alen - sizeof(*top_iph)); diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c index 71a14c09975..87e6407ebf9 100644 --- a/net/ipv6/ipcomp6.c +++ b/net/ipv6/ipcomp6.c @@ -128,7 +128,10 @@ static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb) u8 *start, *scratch; struct crypto_comp *tfm; int cpu; - int hdr_len = skb_transport_offset(skb); + int hdr_len; + + skb_push(skb, -skb_network_offset(skb)); + hdr_len = skb_transport_offset(skb); /* check whether datagram len is larger than threshold */ if ((skb->len - hdr_len) < ipcd->threshold) { diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c index 6475baca63d..0e7a60f7393 100644 --- a/net/ipv6/mip6.c +++ b/net/ipv6/mip6.c @@ -153,6 +153,7 @@ static int mip6_destopt_output(struct xfrm_state *x, struct sk_buff *skb) u8 nexthdr; int len; + skb_push(skb, -skb_network_offset(skb)); iph = ipv6_hdr(skb); iph->payload_len = htons(skb->len - sizeof(*iph)); @@ -367,6 +368,7 @@ static int mip6_rthdr_output(struct xfrm_state *x, struct sk_buff *skb) struct rt2_hdr *rt2; u8 nexthdr; + skb_push(skb, -skb_network_offset(skb)); iph = ipv6_hdr(skb); iph->payload_len = htons(skb->len - sizeof(*iph)); diff --git a/net/ipv6/xfrm6_mode_beet.c b/net/ipv6/xfrm6_mode_beet.c index d9366dfbf86..bca018d19ec 100644 --- a/net/ipv6/xfrm6_mode_beet.c +++ b/net/ipv6/xfrm6_mode_beet.c @@ -29,8 +29,8 @@ * filled in by x->type->output and the mac header will be set to the * nextheader field of the extension header directly preceding the * encapsulation header, or in its absence, that of the top IP header. - * The value of skb->data and the network header will always point to the - * top IP header. + * The value of the network header will always point to the top IP header + * while skb->data will point to the payload. */ static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb) { @@ -38,16 +38,17 @@ static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb) u8 *prevhdr; int hdr_len; - skb_push(skb, x->props.header_len); iph = ipv6_hdr(skb); hdr_len = ip6_find_1stfragopt(skb, &prevhdr); - memmove(skb->data, iph, hdr_len); skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data); - skb_reset_network_header(skb); - skb_set_transport_header(skb, hdr_len); + skb_set_network_header(skb, -x->props.header_len); + skb_set_transport_header(skb, hdr_len - x->props.header_len); + __skb_pull(skb, hdr_len); + top_iph = ipv6_hdr(skb); + memmove(top_iph, iph, hdr_len); ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr); ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr); diff --git a/net/ipv6/xfrm6_mode_ro.c b/net/ipv6/xfrm6_mode_ro.c index 25758048af5..5c29b367b43 100644 --- a/net/ipv6/xfrm6_mode_ro.c +++ b/net/ipv6/xfrm6_mode_ro.c @@ -42,8 +42,8 @@ * filled in by x->type->output and the mac header will be set to the * nextheader field of the extension header directly preceding the * encapsulation header, or in its absence, that of the top IP header. - * The value of skb->data and the network header will always point to the - * top IP header. + * The value of the network header will always point to the top IP header + * while skb->data will point to the payload. */ static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb) { @@ -51,14 +51,14 @@ static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb) u8 *prevhdr; int hdr_len; - skb_push(skb, x->props.header_len); iph = ipv6_hdr(skb); hdr_len = x->type->hdr_offset(x, skb, &prevhdr); skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data); - skb_reset_network_header(skb); - skb_set_transport_header(skb, hdr_len); - memmove(skb->data, iph, hdr_len); + skb_set_network_header(skb, -x->props.header_len); + skb_set_transport_header(skb, hdr_len - x->props.header_len); + __skb_pull(skb, hdr_len); + memmove(ipv6_hdr(skb), iph, hdr_len); x->lastused = get_seconds(); diff --git a/net/ipv6/xfrm6_mode_transport.c b/net/ipv6/xfrm6_mode_transport.c index 65c166b5d72..f2ee186494e 100644 --- a/net/ipv6/xfrm6_mode_transport.c +++ b/net/ipv6/xfrm6_mode_transport.c @@ -23,8 +23,8 @@ * filled in by x->type->output and the mac header will be set to the * nextheader field of the extension header directly preceding the * encapsulation header, or in its absence, that of the top IP header. - * The value of skb->data and the network header will always point to the - * top IP header. + * The value of the network header will always point to the top IP header + * while skb->data will point to the payload. */ static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb) { @@ -32,14 +32,14 @@ static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb) u8 *prevhdr; int hdr_len; - skb_push(skb, x->props.header_len); iph = ipv6_hdr(skb); hdr_len = x->type->hdr_offset(x, skb, &prevhdr); skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data); - skb_reset_network_header(skb); - skb_set_transport_header(skb, hdr_len); - memmove(skb->data, iph, hdr_len); + skb_set_network_header(skb, -x->props.header_len); + skb_set_transport_header(skb, hdr_len - x->props.header_len); + __skb_pull(skb, hdr_len); + memmove(ipv6_hdr(skb), iph, hdr_len); return 0; } diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c index 3dd40af75e8..01bd7d11ea1 100644 --- a/net/ipv6/xfrm6_mode_tunnel.c +++ b/net/ipv6/xfrm6_mode_tunnel.c @@ -41,8 +41,8 @@ static inline void ip6ip_ecn_decapsulate(struct sk_buff *skb) * filled in by x->type->output and the mac header will be set to the * nextheader field of the extension header directly preceding the * encapsulation header, or in its absence, that of the top IP header. - * The value of skb->data and the network header will always point to the - * top IP header. + * The value of the network header will always point to the top IP header + * while skb->data will point to the payload. */ static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) { @@ -51,12 +51,13 @@ static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) struct ipv6hdr *iph, *top_iph; int dsfield; - skb_push(skb, x->props.header_len); iph = ipv6_hdr(skb); - skb_set_mac_header(skb, offsetof(struct ipv6hdr, nexthdr)); - skb_reset_network_header(skb); - skb_set_transport_header(skb, sizeof(struct ipv6hdr)); + skb_set_mac_header(skb, offsetof(struct ipv6hdr, nexthdr) - + x->props.header_len); + skb_set_network_header(skb, -x->props.header_len); + skb_set_transport_header(skb, sizeof(struct ipv6hdr) - + x->props.header_len); top_iph = ipv6_hdr(skb); top_iph->version = 6; diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c index aeb06076fdd..00a1a3e5237 100644 --- a/net/ipv6/xfrm6_tunnel.c +++ b/net/ipv6/xfrm6_tunnel.c @@ -244,6 +244,7 @@ static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) { struct ipv6hdr *top_iph; + skb_push(skb, -skb_network_offset(skb)); top_iph = ipv6_hdr(skb); top_iph->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); -- cgit v1.2.3-70-g09d2 From ceb1eec8291175686d0208e66595ff83bc0624e2 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 10 Oct 2007 15:45:52 -0700 Subject: [IPSEC]: Move IP length/checksum setting out of transforms This patch moves the setting of the IP length and checksum fields out of the transforms and into the xfrmX_output functions. This would help future efforts in merging the transforms themselves. It also adds an optimisation to ipcomp due to the fact that the transport offset is guaranteed to be zero. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/ipv4/ah4.c | 2 -- net/ipv4/esp4.c | 7 +------ net/ipv4/ipcomp.c | 22 +++++----------------- net/ipv4/xfrm4_mode_beet.c | 3 --- net/ipv4/xfrm4_mode_tunnel.c | 5 +---- net/ipv4/xfrm4_output.c | 5 +++++ net/ipv4/xfrm4_tunnel.c | 5 ----- net/ipv6/esp6.c | 3 --- net/ipv6/ipcomp6.c | 19 ++++++------------- net/ipv6/mip6.c | 2 -- net/ipv6/xfrm6_mode_beet.c | 2 -- net/ipv6/xfrm6_mode_tunnel.c | 4 +--- net/ipv6/xfrm6_output.c | 4 ++++ net/ipv6/xfrm6_tunnel.c | 5 ----- 14 files changed, 23 insertions(+), 65 deletions(-) (limited to 'net/ipv6/xfrm6_tunnel.c') diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index d69706405d5..60925fedbf1 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c @@ -115,8 +115,6 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb) memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr)); } - ip_send_check(top_iph); - err = 0; error: diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 66eb4968b91..8377bedf3f6 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -16,7 +16,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) { int err; - struct iphdr *top_iph; struct ip_esp_hdr *esph; struct crypto_blkcipher *tfm; struct blkcipher_desc desc; @@ -59,9 +58,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) pskb_put(skb, trailer, clen - skb->len); skb_push(skb, -skb_network_offset(skb)); - top_iph = ip_hdr(skb); esph = ip_esp_hdr(skb); - top_iph->tot_len = htons(skb->len + alen); *(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb); *skb_mac_header(skb) = IPPROTO_ESP; @@ -76,7 +73,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) uh = (struct udphdr *)esph; uh->source = encap->encap_sport; uh->dest = encap->encap_dport; - uh->len = htons(skb->len + alen - top_iph->ihl*4); + uh->len = htons(skb->len + alen - skb_transport_offset(skb)); uh->check = 0; switch (encap->encap_type) { @@ -136,8 +133,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) unlock: spin_unlock_bh(&x->lock); - ip_send_check(top_iph); - error: return err; } diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c index 78d6ddb02d1..32b02deca2e 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c @@ -98,10 +98,9 @@ out: static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb) { struct ipcomp_data *ipcd = x->data; - const int ihlen = skb_transport_offset(skb); - const int plen = skb->len - ihlen; + const int plen = skb->len; int dlen = IPCOMP_SCRATCH_SIZE; - u8 *start = skb_transport_header(skb); + u8 *start = skb->data; const int cpu = get_cpu(); u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu); struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu); @@ -118,7 +117,7 @@ static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb) memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen); put_cpu(); - pskb_trim(skb, ihlen + dlen + sizeof(struct ip_comp_hdr)); + pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr)); return 0; out: @@ -131,13 +130,8 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb) int err; struct ip_comp_hdr *ipch; struct ipcomp_data *ipcd = x->data; - int hdr_len = 0; - struct iphdr *iph = ip_hdr(skb); - skb_push(skb, -skb_network_offset(skb)); - iph->tot_len = htons(skb->len); - hdr_len = iph->ihl * 4; - if ((skb->len - hdr_len) < ipcd->threshold) { + if (skb->len < ipcd->threshold) { /* Don't bother compressing */ goto out_ok; } @@ -146,25 +140,19 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb) goto out_ok; err = ipcomp_compress(x, skb); - iph = ip_hdr(skb); if (err) { goto out_ok; } /* Install ipcomp header, convert into ipcomp datagram. */ - iph->tot_len = htons(skb->len); ipch = ip_comp_hdr(skb); ipch->nexthdr = *skb_mac_header(skb); ipch->flags = 0; ipch->cpi = htons((u16 )ntohl(x->id.spi)); *skb_mac_header(skb) = IPPROTO_COMP; - ip_send_check(iph); - return 0; - out_ok: - if (x->props.mode == XFRM_MODE_TUNNEL) - ip_send_check(iph); + skb_push(skb, -skb_network_offset(skb)); return 0; } diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c index 7226c6486c0..73d2338bec5 100644 --- a/net/ipv4/xfrm4_mode_beet.c +++ b/net/ipv4/xfrm4_mode_beet.c @@ -20,9 +20,6 @@ /* Add encapsulation header. * * The top IP header will be constructed per draft-nikander-esp-beet-mode-06.txt. - * The following fields in it shall be filled in by x->type->output: - * tot_len - * check */ static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb) { diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c index f1d41ea3478..1ae9d32276f 100644 --- a/net/ipv4/xfrm4_mode_tunnel.c +++ b/net/ipv4/xfrm4_mode_tunnel.c @@ -31,10 +31,7 @@ static inline void ipip6_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb) /* Add encapsulation header. * - * The top IP header will be constructed per RFC 2401. The following fields - * in it shall be filled in by x->type->output: - * tot_len - * check + * The top IP header will be constructed per RFC 2401. */ static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) { diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c index 04805c7d79c..434ef302ba8 100644 --- a/net/ipv4/xfrm4_output.c +++ b/net/ipv4/xfrm4_output.c @@ -44,6 +44,7 @@ static inline int xfrm4_output_one(struct sk_buff *skb) { struct dst_entry *dst = skb->dst; struct xfrm_state *x = dst->xfrm; + struct iphdr *iph; int err; if (x->props.mode == XFRM_MODE_TUNNEL) { @@ -56,6 +57,10 @@ static inline int xfrm4_output_one(struct sk_buff *skb) if (err) goto error_nolock; + iph = ip_hdr(skb); + iph->tot_len = htons(skb->len); + ip_send_check(iph); + IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED; err = 0; diff --git a/net/ipv4/xfrm4_tunnel.c b/net/ipv4/xfrm4_tunnel.c index be572f918b5..e1fafc1562d 100644 --- a/net/ipv4/xfrm4_tunnel.c +++ b/net/ipv4/xfrm4_tunnel.c @@ -12,12 +12,7 @@ static int ipip_output(struct xfrm_state *x, struct sk_buff *skb) { - struct iphdr *iph = ip_hdr(skb); - skb_push(skb, -skb_network_offset(skb)); - iph->tot_len = htons(skb->len); - ip_send_check(iph); - return 0; } diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index a64295d164e..9eb92859835 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c @@ -43,7 +43,6 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) { int err; - struct ipv6hdr *top_iph; struct ip_esp_hdr *esph; struct crypto_blkcipher *tfm; struct blkcipher_desc desc; @@ -85,9 +84,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) pskb_put(skb, trailer, clen - skb->len); skb_push(skb, -skb_network_offset(skb)); - top_iph = ipv6_hdr(skb); esph = ip_esp_hdr(skb); - top_iph->payload_len = htons(skb->len + alen - sizeof(*top_iph)); *(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb); *skb_mac_header(skb) = IPPROTO_ESP; diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c index 8f3f32faaf4..28fc8edfdc3 100644 --- a/net/ipv6/ipcomp6.c +++ b/net/ipv6/ipcomp6.c @@ -119,20 +119,15 @@ out: static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb) { int err; - struct ipv6hdr *top_iph; struct ip_comp_hdr *ipch; struct ipcomp_data *ipcd = x->data; int plen, dlen; u8 *start, *scratch; struct crypto_comp *tfm; int cpu; - int hdr_len; - - skb_push(skb, -skb_network_offset(skb)); - hdr_len = skb_transport_offset(skb); /* check whether datagram len is larger than threshold */ - if ((skb->len - hdr_len) < ipcd->threshold) { + if (skb->len < ipcd->threshold) { goto out_ok; } @@ -140,9 +135,9 @@ static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb) goto out_ok; /* compression */ - plen = skb->len - hdr_len; + plen = skb->len; dlen = IPCOMP_SCRATCH_SIZE; - start = skb_transport_header(skb); + start = skb->data; cpu = get_cpu(); scratch = *per_cpu_ptr(ipcomp6_scratches, cpu); @@ -155,13 +150,9 @@ static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb) } memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen); put_cpu(); - pskb_trim(skb, hdr_len + dlen + sizeof(struct ip_comp_hdr)); + pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr)); /* insert ipcomp header and replace datagram */ - top_iph = ipv6_hdr(skb); - - top_iph->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); - ipch = ip_comp_hdr(skb); ipch->nexthdr = *skb_mac_header(skb); ipch->flags = 0; @@ -169,6 +160,8 @@ static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb) *skb_mac_header(skb) = IPPROTO_COMP; out_ok: + skb_push(skb, -skb_network_offset(skb)); + return 0; } diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c index 0e7a60f7393..7fd841d4101 100644 --- a/net/ipv6/mip6.c +++ b/net/ipv6/mip6.c @@ -155,7 +155,6 @@ static int mip6_destopt_output(struct xfrm_state *x, struct sk_buff *skb) skb_push(skb, -skb_network_offset(skb)); iph = ipv6_hdr(skb); - iph->payload_len = htons(skb->len - sizeof(*iph)); nexthdr = *skb_mac_header(skb); *skb_mac_header(skb) = IPPROTO_DSTOPTS; @@ -370,7 +369,6 @@ static int mip6_rthdr_output(struct xfrm_state *x, struct sk_buff *skb) skb_push(skb, -skb_network_offset(skb)); iph = ipv6_hdr(skb); - iph->payload_len = htons(skb->len - sizeof(*iph)); nexthdr = *skb_mac_header(skb); *skb_mac_header(skb) = IPPROTO_ROUTING; diff --git a/net/ipv6/xfrm6_mode_beet.c b/net/ipv6/xfrm6_mode_beet.c index 42c6ef839e5..13bb1e85676 100644 --- a/net/ipv6/xfrm6_mode_beet.c +++ b/net/ipv6/xfrm6_mode_beet.c @@ -22,8 +22,6 @@ /* Add encapsulation header. * * The top IP header will be constructed per draft-nikander-esp-beet-mode-06.txt. - * The following fields in it shall be filled in by x->type->output: - * payload_len */ static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb) { diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c index e79c6bdf71c..ea228387911 100644 --- a/net/ipv6/xfrm6_mode_tunnel.c +++ b/net/ipv6/xfrm6_mode_tunnel.c @@ -33,9 +33,7 @@ static inline void ip6ip_ecn_decapsulate(struct sk_buff *skb) /* Add encapsulation header. * - * The top IP header will be constructed per RFC 2401. The following fields - * in it shall be filled in by x->type->output: - * payload_len + * The top IP header will be constructed per RFC 2401. */ static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) { diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c index f21596f8998..4618c18e611 100644 --- a/net/ipv6/xfrm6_output.c +++ b/net/ipv6/xfrm6_output.c @@ -47,6 +47,7 @@ static inline int xfrm6_output_one(struct sk_buff *skb) { struct dst_entry *dst = skb->dst; struct xfrm_state *x = dst->xfrm; + struct ipv6hdr *iph; int err; if (x->props.mode == XFRM_MODE_TUNNEL) { @@ -59,6 +60,9 @@ static inline int xfrm6_output_one(struct sk_buff *skb) if (err) goto error_nolock; + iph = ipv6_hdr(skb); + iph->payload_len = htons(skb->len - sizeof(*iph)); + IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED; err = 0; diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c index 00a1a3e5237..3f8a3abde67 100644 --- a/net/ipv6/xfrm6_tunnel.c +++ b/net/ipv6/xfrm6_tunnel.c @@ -242,12 +242,7 @@ EXPORT_SYMBOL(xfrm6_tunnel_free_spi); static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) { - struct ipv6hdr *top_iph; - skb_push(skb, -skb_network_offset(skb)); - top_iph = ipv6_hdr(skb); - top_iph->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); - return 0; } -- cgit v1.2.3-70-g09d2