[IPSEC]: Use IPv6 calling convention as the convention for x->mode->output

The IPv6 calling convention for x->mode->output is more general and could help an eventual protocol-generic x->type->output implementation. This patch adopts it for IPv4 as well and modifies the IPv4 type output functions accordingly. It also rewrites the IPv6 mac/transport header calculation to be based off the network header where practical. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 15:44:44 -07:00 · 2007-10-10 15:44:44 -07:00 · 37fedd3aab
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@ -300,6 +300,18 @@ extern void xfrm_put_type(struct xfrm_type *type);
 struct xfrm_mode {
 	int (*input)(struct xfrm_state *x, struct sk_buff *skb);
 	/*
 	 * Add encapsulation header.
 	 *
 	 * On exit, the transport header will be set to the start of the
 	 * encapsulation header to be filled in by x->type->output and
 	 * the mac header will be set to the nextheader (protocol for
 	 * IPv4) field of the extension header directly preceding the
 	 * encapsulation header, or in its absence, that of the top IP
 	 * header.  The value of the network header will always point
 	 * to the top IP header while skb->data will point to the payload.
 	 */
 	int (*output)(struct xfrm_state *x,struct sk_buff *skb);
 	struct module *owner;
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@ -82,14 +82,14 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
 			goto error;
 	}
-	ah = (struct ip_auth_hdr *)((char *)top_iph+top_iph->ihl*4);
+	ah = (struct ip_auth_hdr *)skb_transport_header(skb);
-	ah->nexthdr = top_iph->protocol;
+	ah->nexthdr = *skb_mac_header(skb);
 	*skb_mac_header(skb) = IPPROTO_AH;
 	top_iph->tos = 0;
 	top_iph->tot_len = htons(skb->len);
 	top_iph->frag_off = 0;
 	top_iph->ttl = 0;
 	top_iph->protocol = IPPROTO_AH;
 	top_iph->check = 0;
 	ahp = x->data;
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@ -60,10 +60,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
 	skb_push(skb, -skb_network_offset(skb));
 	top_iph = ip_hdr(skb);
-	esph = (struct ip_esp_hdr *)(skb_network_header(skb) +
+	esph = (struct ip_esp_hdr *)skb_transport_header(skb);
 				     top_iph->ihl * 4);
 	top_iph->tot_len = htons(skb->len + alen);
-	*(skb_tail_pointer(trailer) - 1) = top_iph->protocol;
+	*(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb);
 	*skb_mac_header(skb) = IPPROTO_ESP;
 	spin_lock_bh(&x->lock);
@ -91,9 +91,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
 			break;
 		}
-		top_iph->protocol = IPPROTO_UDP;
+		*skb_mac_header(skb) = IPPROTO_UDP;
-	} else
+	}
 		top_iph->protocol = IPPROTO_ESP;
 	esph->spi = x->id.spi;
 	esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq);
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@ -98,10 +98,10 @@ out:
 static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
 {
 	struct ipcomp_data *ipcd = x->data;
-	const int ihlen = ip_hdrlen(skb);
+	const int ihlen = skb_transport_offset(skb);
 	const int plen = skb->len - ihlen;
 	int dlen = IPCOMP_SCRATCH_SIZE;
-	u8 *start = skb->data + ihlen;
+	u8 *start = skb_transport_header(skb);
 	const int cpu = get_cpu();
 	u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
 	struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
@ -154,11 +154,11 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
 	/* Install ipcomp header, convert into ipcomp datagram. */
 	iph->tot_len = htons(skb->len);
-	ipch = (struct ip_comp_hdr *)((char *)iph + iph->ihl * 4);
+	ipch = (struct ip_comp_hdr *)skb_transport_header(skb);
-	ipch->nexthdr = iph->protocol;
+	ipch->nexthdr = *skb_mac_header(skb);
 	ipch->flags = 0;
 	ipch->cpi = htons((u16 )ntohl(x->id.spi));
-	iph->protocol = IPPROTO_COMP;
+	*skb_mac_header(skb) = IPPROTO_COMP;
 	ip_send_check(iph);
 	return 0;
--- a/net/ipv4/xfrm4_mode_beet.c
+++ b/net/ipv4/xfrm4_mode_beet.c
@ -23,17 +23,14 @@
 * The following fields in it shall be filled in by x->type->output:
 *      tot_len
 *      check
 *
 * On exit, skb->h will be set to the start of the payload to be processed
 * by x->type->output and skb->nh will be set to the top IP header.
 */
 static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
 {
 	struct ip_beet_phdr *ph;
 	struct iphdr *iph, *top_iph;
 	int hdrlen, optlen;
 	iph = ip_hdr(skb);
 	skb->transport_header = skb->network_header;
 	hdrlen = 0;
 	optlen = iph->ihl * 4 - sizeof(*iph);
@ -42,17 +39,17 @@ static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
 	skb_set_network_header(skb, IPV4_BEET_PHMAXLEN - x->props.header_len -
 				    hdrlen);
-	top_iph = ip_hdr(skb);
+	skb->mac_header = skb->network_header +
-	skb->transport_header += sizeof(*iph) - hdrlen;
+			  offsetof(struct iphdr, protocol);
-	__skb_pull(skb, sizeof(*iph) - hdrlen);
+	skb->transport_header = skb->network_header + sizeof(*iph);
 	ph = (struct ip_beet_phdr *)__skb_pull(skb, sizeof(*iph) - hdrlen);
 	top_iph = ip_hdr(skb);
 	memmove(top_iph, iph, sizeof(*iph));
 	if (unlikely(optlen)) {
 		struct ip_beet_phdr *ph;
 		BUG_ON(optlen < 0);
 		ph = (struct ip_beet_phdr *)skb_transport_header(skb);
 		ph->padlen = 4 - (optlen & 4);
 		ph->hdrlen = optlen / 8;
 		ph->nexthdr = top_iph->protocol;
--- a/net/ipv4/xfrm4_mode_transport.c
+++ b/net/ipv4/xfrm4_mode_transport.c
@ -17,17 +17,16 @@
 *
 * The IP header will be moved forward to make space for the encapsulation
 * header.
 *
 * On exit, skb->h will be set to the start of the payload to be processed
 * by x->type->output and skb->nh will be set to the top IP header.
 */
 static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb)
 {
 	struct iphdr *iph = ip_hdr(skb);
 	int ihl = iph->ihl * 4;
 	skb->transport_header = skb->network_header + ihl;
 	skb_set_network_header(skb, -x->props.header_len);
 	skb->mac_header = skb->network_header +
 			  offsetof(struct iphdr, protocol);
 	skb->transport_header = skb->network_header + ihl;
 	__skb_pull(skb, ihl);
 	memmove(skb_network_header(skb), iph, ihl);
 	return 0;
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ b/net/ipv4/xfrm4_mode_tunnel.c
@ -35,9 +35,6 @@ static inline void ipip6_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)
 * in it shall be filled in by x->type->output:
 *      tot_len
 *      check
 *
 * On exit, skb->h will be set to the start of the payload to be processed
 * by x->type->output and skb->nh will be set to the top IP header.
 */
 static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
 {
@ -47,9 +44,11 @@ static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
 	int flags;
 	iph = ip_hdr(skb);
 	skb->transport_header = skb->network_header;
 	skb_set_network_header(skb, -x->props.header_len);
 	skb->mac_header = skb->network_header +
 			  offsetof(struct iphdr, protocol);
 	skb->transport_header = skb->network_header + sizeof(*iph);
 	top_iph = ip_hdr(skb);
 	top_iph->ihl = 5;
--- a/net/ipv6/xfrm6_mode_beet.c
+++ b/net/ipv6/xfrm6_mode_beet.c
@ -24,13 +24,6 @@
 * The top IP header will be constructed per draft-nikander-esp-beet-mode-06.txt.
 * The following fields in it shall be filled in by x->type->output:
 *	payload_len
 *
 * On exit, skb->h will be set to the start of the encapsulation header to be
 * filled in by x->type->output and the mac header will be set to the
 * nextheader field of the extension header directly preceding the
 * encapsulation header, or in its absence, that of the top IP header.
 * The value of the network header will always point to the top IP header
 * while skb->data will point to the payload.
 */
 static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb)
 {
@ -44,7 +37,7 @@ static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb)
 	skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data);
 	skb_set_network_header(skb, -x->props.header_len);
-	skb_set_transport_header(skb, hdr_len - x->props.header_len);
+	skb->transport_header = skb->network_header + hdr_len;
 	__skb_pull(skb, hdr_len);
 	top_iph = ipv6_hdr(skb);
--- a/net/ipv6/xfrm6_mode_ro.c
+++ b/net/ipv6/xfrm6_mode_ro.c
@ -37,13 +37,6 @@
 *
 * The IP header and mutable extension headers will be moved forward to make
 * space for the route optimization header.
 *
 * On exit, skb->h will be set to the start of the encapsulation header to be
 * filled in by x->type->output and the mac header will be set to the
 * nextheader field of the extension header directly preceding the
 * encapsulation header, or in its absence, that of the top IP header.
 * The value of the network header will always point to the top IP header
 * while skb->data will point to the payload.
 */
 static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb)
 {
@ -56,7 +49,7 @@ static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb)
 	hdr_len = x->type->hdr_offset(x, skb, &prevhdr);
 	skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data);
 	skb_set_network_header(skb, -x->props.header_len);
-	skb_set_transport_header(skb, hdr_len - x->props.header_len);
+	skb->transport_header = skb->network_header + hdr_len;
 	__skb_pull(skb, hdr_len);
 	memmove(ipv6_hdr(skb), iph, hdr_len);
--- a/net/ipv6/xfrm6_mode_transport.c
+++ b/net/ipv6/xfrm6_mode_transport.c
@ -18,13 +18,6 @@
 *
 * The IP header and mutable extension headers will be moved forward to make
 * space for the encapsulation header.
 *
 * On exit, skb->h will be set to the start of the encapsulation header to be
 * filled in by x->type->output and the mac header will be set to the
 * nextheader field of the extension header directly preceding the
 * encapsulation header, or in its absence, that of the top IP header.
 * The value of the network header will always point to the top IP header
 * while skb->data will point to the payload.
 */
 static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb)
 {
@ -37,7 +30,7 @@ static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb)
 	hdr_len = x->type->hdr_offset(x, skb, &prevhdr);
 	skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data);
 	skb_set_network_header(skb, -x->props.header_len);
-	skb_set_transport_header(skb, hdr_len - x->props.header_len);
+	skb->transport_header = skb->network_header + hdr_len;
 	__skb_pull(skb, hdr_len);
 	memmove(ipv6_hdr(skb), iph, hdr_len);
 	return 0;
--- a/net/ipv6/xfrm6_mode_tunnel.c
+++ b/net/ipv6/xfrm6_mode_tunnel.c
@ -36,13 +36,6 @@ static inline void ip6ip_ecn_decapsulate(struct sk_buff *skb)
 * The top IP header will be constructed per RFC 2401.  The following fields
 * in it shall be filled in by x->type->output:
 *	payload_len
 *
 * On exit, skb->h will be set to the start of the encapsulation header to be
 * filled in by x->type->output and the mac header will be set to the
 * nextheader field of the extension header directly preceding the
 * encapsulation header, or in its absence, that of the top IP header.
 * The value of the network header will always point to the top IP header
 * while skb->data will point to the payload.
 */
 static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
 {
@ -53,11 +46,10 @@ static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
 	iph = ipv6_hdr(skb);
 	skb_set_mac_header(skb, offsetof(struct ipv6hdr, nexthdr) -
 				x->props.header_len);
 	skb_set_network_header(skb, -x->props.header_len);
-	skb_set_transport_header(skb, sizeof(struct ipv6hdr) -
+	skb->mac_header = skb->network_header +
-				      x->props.header_len);
+			  offsetof(struct ipv6hdr, nexthdr);
 	skb->transport_header = skb->network_header + sizeof(*iph);
 	top_iph = ipv6_hdr(skb);
 	top_iph->version = 6;