1bfcb10f67
Currently BEET mode does not reinject the packet back into the stack like tunnel mode does. Since BEET should behave just like tunnel mode this is incorrect. This patch fixes this by introducing a flags field to xfrm_mode that tells the IPsec code whether it should terminate and reinject the packet back into the stack. It then sets the flag for BEET and tunnel mode. I've also added a number of missing BEET checks elsewhere where we check whether a given mode is a tunnel or not. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
96 lines
2.0 KiB
C
96 lines
2.0 KiB
C
/*
|
|
* xfrm_output.c - Common IPsec encapsulation code.
|
|
*
|
|
* Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/errno.h>
|
|
#include <linux/module.h>
|
|
#include <linux/netdevice.h>
|
|
#include <linux/skbuff.h>
|
|
#include <linux/spinlock.h>
|
|
#include <net/dst.h>
|
|
#include <net/xfrm.h>
|
|
|
|
static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
|
|
{
|
|
int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
|
|
- skb_headroom(skb);
|
|
|
|
if (nhead > 0)
|
|
return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
|
|
|
|
/* Check tail too... */
|
|
return 0;
|
|
}
|
|
|
|
static int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
|
|
{
|
|
int err = xfrm_state_check_expire(x);
|
|
if (err < 0)
|
|
goto err;
|
|
err = xfrm_state_check_space(x, skb);
|
|
err:
|
|
return err;
|
|
}
|
|
|
|
int xfrm_output(struct sk_buff *skb)
|
|
{
|
|
struct dst_entry *dst = skb->dst;
|
|
struct xfrm_state *x = dst->xfrm;
|
|
int err;
|
|
|
|
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
|
err = skb_checksum_help(skb);
|
|
if (err)
|
|
goto error_nolock;
|
|
}
|
|
|
|
do {
|
|
spin_lock_bh(&x->lock);
|
|
err = xfrm_state_check(x, skb);
|
|
if (err)
|
|
goto error;
|
|
|
|
if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
|
|
XFRM_SKB_CB(skb)->seq = ++x->replay.oseq;
|
|
if (xfrm_aevent_is_on())
|
|
xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
|
|
}
|
|
|
|
err = x->mode->output(x, skb);
|
|
if (err)
|
|
goto error;
|
|
|
|
x->curlft.bytes += skb->len;
|
|
x->curlft.packets++;
|
|
|
|
spin_unlock_bh(&x->lock);
|
|
|
|
err = x->type->output(x, skb);
|
|
if (err)
|
|
goto error_nolock;
|
|
|
|
if (!(skb->dst = dst_pop(dst))) {
|
|
err = -EHOSTUNREACH;
|
|
goto error_nolock;
|
|
}
|
|
dst = skb->dst;
|
|
x = dst->xfrm;
|
|
} while (x && !(x->mode->flags & XFRM_MODE_FLAG_TUNNEL));
|
|
|
|
err = 0;
|
|
|
|
error_nolock:
|
|
return err;
|
|
error:
|
|
spin_unlock_bh(&x->lock);
|
|
goto error_nolock;
|
|
}
|
|
EXPORT_SYMBOL_GPL(xfrm_output);
|