Commit ceb1eec8 authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller
Browse files

[IPSEC]: Move IP length/checksum setting out of transforms



This patch moves the setting of the IP length and checksum fields out of
the transforms and into the xfrmX_output functions.  This would help future
efforts in merging the transforms themselves.

It also adds an optimisation to ipcomp due to the fact that the transport
offset is guaranteed to be zero.

Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 87bdc48d
Loading
Loading
Loading
Loading
+0 −2
Original line number Original line Diff line number Diff line
@@ -115,8 +115,6 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
		memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
		memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
	}
	}


	ip_send_check(top_iph);

	err = 0;
	err = 0;


error:
error:
+1 −6
Original line number Original line Diff line number Diff line
@@ -16,7 +16,6 @@
static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
{
{
	int err;
	int err;
	struct iphdr *top_iph;
	struct ip_esp_hdr *esph;
	struct ip_esp_hdr *esph;
	struct crypto_blkcipher *tfm;
	struct crypto_blkcipher *tfm;
	struct blkcipher_desc desc;
	struct blkcipher_desc desc;
@@ -59,9 +58,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
	pskb_put(skb, trailer, clen - skb->len);
	pskb_put(skb, trailer, clen - skb->len);


	skb_push(skb, -skb_network_offset(skb));
	skb_push(skb, -skb_network_offset(skb));
	top_iph = ip_hdr(skb);
	esph = ip_esp_hdr(skb);
	esph = ip_esp_hdr(skb);
	top_iph->tot_len = htons(skb->len + alen);
	*(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb);
	*(skb_tail_pointer(trailer) - 1) = *skb_mac_header(skb);
	*skb_mac_header(skb) = IPPROTO_ESP;
	*skb_mac_header(skb) = IPPROTO_ESP;


@@ -76,7 +73,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
		uh = (struct udphdr *)esph;
		uh = (struct udphdr *)esph;
		uh->source = encap->encap_sport;
		uh->source = encap->encap_sport;
		uh->dest = encap->encap_dport;
		uh->dest = encap->encap_dport;
		uh->len = htons(skb->len + alen - top_iph->ihl*4);
		uh->len = htons(skb->len + alen - skb_transport_offset(skb));
		uh->check = 0;
		uh->check = 0;


		switch (encap->encap_type) {
		switch (encap->encap_type) {
@@ -136,8 +133,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
unlock:
unlock:
	spin_unlock_bh(&x->lock);
	spin_unlock_bh(&x->lock);


	ip_send_check(top_iph);

error:
error:
	return err;
	return err;
}
}
+5 −17
Original line number Original line Diff line number Diff line
@@ -98,10 +98,9 @@ static int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
{
{
	struct ipcomp_data *ipcd = x->data;
	struct ipcomp_data *ipcd = x->data;
	const int ihlen = skb_transport_offset(skb);
	const int plen = skb->len;
	const int plen = skb->len - ihlen;
	int dlen = IPCOMP_SCRATCH_SIZE;
	int dlen = IPCOMP_SCRATCH_SIZE;
	u8 *start = skb_transport_header(skb);
	u8 *start = skb->data;
	const int cpu = get_cpu();
	const int cpu = get_cpu();
	u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
	u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
	struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
	struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
@@ -118,7 +117,7 @@ static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
	memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
	memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
	put_cpu();
	put_cpu();


	pskb_trim(skb, ihlen + dlen + sizeof(struct ip_comp_hdr));
	pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr));
	return 0;
	return 0;


out:
out:
@@ -131,13 +130,8 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
	int err;
	int err;
	struct ip_comp_hdr *ipch;
	struct ip_comp_hdr *ipch;
	struct ipcomp_data *ipcd = x->data;
	struct ipcomp_data *ipcd = x->data;
	int hdr_len = 0;
	struct iphdr *iph = ip_hdr(skb);


	skb_push(skb, -skb_network_offset(skb));
	if (skb->len < ipcd->threshold) {
	iph->tot_len = htons(skb->len);
	hdr_len = iph->ihl * 4;
	if ((skb->len - hdr_len) < ipcd->threshold) {
		/* Don't bother compressing */
		/* Don't bother compressing */
		goto out_ok;
		goto out_ok;
	}
	}
@@ -146,25 +140,19 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
		goto out_ok;
		goto out_ok;


	err = ipcomp_compress(x, skb);
	err = ipcomp_compress(x, skb);
	iph = ip_hdr(skb);


	if (err) {
	if (err) {
		goto out_ok;
		goto out_ok;
	}
	}


	/* Install ipcomp header, convert into ipcomp datagram. */
	/* Install ipcomp header, convert into ipcomp datagram. */
	iph->tot_len = htons(skb->len);
	ipch = ip_comp_hdr(skb);
	ipch = ip_comp_hdr(skb);
	ipch->nexthdr = *skb_mac_header(skb);
	ipch->nexthdr = *skb_mac_header(skb);
	ipch->flags = 0;
	ipch->flags = 0;
	ipch->cpi = htons((u16 )ntohl(x->id.spi));
	ipch->cpi = htons((u16 )ntohl(x->id.spi));
	*skb_mac_header(skb) = IPPROTO_COMP;
	*skb_mac_header(skb) = IPPROTO_COMP;
	ip_send_check(iph);
	return 0;

out_ok:
out_ok:
	if (x->props.mode == XFRM_MODE_TUNNEL)
	skb_push(skb, -skb_network_offset(skb));
		ip_send_check(iph);
	return 0;
	return 0;
}
}


+0 −3
Original line number Original line Diff line number Diff line
@@ -20,9 +20,6 @@
/* Add encapsulation header.
/* Add encapsulation header.
 *
 *
 * The top IP header will be constructed per draft-nikander-esp-beet-mode-06.txt.
 * The top IP header will be constructed per draft-nikander-esp-beet-mode-06.txt.
 * The following fields in it shall be filled in by x->type->output:
 *      tot_len
 *      check
 */
 */
static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
{
{
+1 −4
Original line number Original line Diff line number Diff line
@@ -31,10 +31,7 @@ static inline void ipip6_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)


/* Add encapsulation header.
/* Add encapsulation header.
 *
 *
 * The top IP header will be constructed per RFC 2401.  The following fields
 * The top IP header will be constructed per RFC 2401.
 * in it shall be filled in by x->type->output:
 *      tot_len
 *      check
 */
 */
static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
{
{
Loading