diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-11-19 18:47:58 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-28 14:53:53 -0800 |
commit | 60d5fcfb19d8a958fc563e52240cd05ec23f36c9 (patch) | |
tree | f1bb64a18b1b183ad1cdf84f88a42a0b643af720 /net/ipv6 | |
parent | d26f398400311982d2433debae85746c348b7d58 (diff) | |
download | op-kernel-dev-60d5fcfb19d8a958fc563e52240cd05ec23f36c9.zip op-kernel-dev-60d5fcfb19d8a958fc563e52240cd05ec23f36c9.tar.gz |
[IPSEC]: Remove nhoff from xfrm_input
The nhoff field isn't actually necessary in xfrm_input. For tunnel
mode transforms we now throw away the output IP header so it makes no
sense to fill in the nexthdr field. For transport mode we can now let
the function transport_finish do the setting and it knows where the
nexthdr field is.
The only other thing that needs the nexthdr field to be set is the
header extraction code. However, we can simply move the protocol
extraction out of the generic header extraction.
We want to minimise the amount of info we have to carry around between
transforms as this simplifies the resumption process for async crypto.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/xfrm6_input.c | 4 | ||||
-rw-r--r-- | net/ipv6/xfrm6_output.c | 3 | ||||
-rw-r--r-- | net/ipv6/xfrm6_state.c | 2 |
3 files changed, 5 insertions, 4 deletions
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c index 3b9eedf..5c006c8 100644 --- a/net/ipv6/xfrm6_input.c +++ b/net/ipv6/xfrm6_input.c @@ -23,7 +23,6 @@ int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb) int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi) { - XFRM_SPI_SKB_CB(skb)->nhoff = IP6CB(skb)->nhoff; XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr); return xfrm_input(skb, nexthdr, spi, 0); } @@ -31,6 +30,9 @@ EXPORT_SYMBOL(xfrm6_rcv_spi); int xfrm6_transport_finish(struct sk_buff *skb, int async) { + skb_network_header(skb)[IP6CB(skb)->nhoff] = + XFRM_MODE_SKB_CB(skb)->protocol; + #ifdef CONFIG_NETFILTER ipv6_hdr(skb)->payload_len = htons(skb->len); __skb_push(skb, skb->data - skb_network_header(skb)); diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c index a0a9249..318669a 100644 --- a/net/ipv6/xfrm6_output.c +++ b/net/ipv6/xfrm6_output.c @@ -53,7 +53,8 @@ int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb) if (err) return err; - IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); + XFRM_MODE_SKB_CB(skb)->protocol = ipv6_hdr(skb)->nexthdr; + return xfrm6_extract_header(skb); } diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c index 00360b5..df7e98d 100644 --- a/net/ipv6/xfrm6_state.c +++ b/net/ipv6/xfrm6_state.c @@ -178,8 +178,6 @@ int xfrm6_extract_header(struct sk_buff *skb) XFRM_MODE_SKB_CB(skb)->frag_off = htons(IP_DF); XFRM_MODE_SKB_CB(skb)->tos = ipv6_get_dsfield(iph); XFRM_MODE_SKB_CB(skb)->ttl = iph->hop_limit; - XFRM_MODE_SKB_CB(skb)->protocol = - skb_network_header(skb)[IP6CB(skb)->nhoff]; memcpy(XFRM_MODE_SKB_CB(skb)->flow_lbl, iph->flow_lbl, sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl)); |