Commit 7e49e6de authored by Masahide NAKAMURA's avatar Masahide NAKAMURA Committed by David S. Miller
Browse files

[XFRM]: Add XFRM_MODE_xxx for future use. 



Transformation mode is used as either IPsec transport or tunnel.
It is required to add two more items, route optimization and inbound trigger
for Mobile IPv6.
Based on MIPL2 kernel patch.

This patch was also written by: Ville Nuorvala <vnuorval@tcs.hut.fi>

Signed-off-by: default avatarMasahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: default avatarYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 77d16f45

include/linux/xfrm.h

+4 −2
Original line number Diff line number Diff line
@@ -120,7 +120,9 @@ enum 


#define XFRM_MODE_TRANSPORT 0

#define XFRM_MODE_TUNNEL 1

#define XFRM_MODE_MAX 2

#define XFRM_MODE_ROUTEOPTIMIZATION 2

#define XFRM_MODE_IN_TRIGGER 3

#define XFRM_MODE_MAX 4



/* Netlink configuration messages.  */

enum {
@@ -247,7 +249,7 @@ struct xfrm_usersa_info { 
	__u32				seq;

	__u32				reqid;

	__u16				family;

	__u8				mode; /* 0=transport,1=tunnel */

	__u8				mode;		/* XFRM_MODE_xxx */

	__u8				replay_window;

	__u8				flags;

#define XFRM_STATE_NOECN	1

include/net/xfrm.h

+1 −1
Original line number Diff line number Diff line
@@ -298,7 +298,7 @@ struct xfrm_tmpl 


	__u32			reqid;



/* Mode: transport/tunnel */

/* Mode: transport, tunnel etc. */

	__u8			mode;



/* Sharing mode: unique, this session only, this user only etc. */

net/ipv4/ah4.c

+1 −1
Original line number Diff line number Diff line
@@ -265,7 +265,7 @@ static int ah_init_state(struct xfrm_state *x) 
		goto error;

	

	x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len);

	if (x->props.mode)

	if (x->props.mode == XFRM_MODE_TUNNEL)

		x->props.header_len += sizeof(struct iphdr);

	x->data = ahp;

net/ipv4/esp4.c

+3 −3
Original line number Diff line number Diff line
@@ -248,7 +248,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) 
		 *    as per draft-ietf-ipsec-udp-encaps-06,

		 *    section 3.1.2

		 */

		if (!x->props.mode)

		if (x->props.mode == XFRM_MODE_TRANSPORT)

			skb->ip_summed = CHECKSUM_UNNECESSARY;

	}
@@ -267,7 +267,7 @@ static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) 
	struct esp_data *esp = x->data;

	u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4);



	if (x->props.mode) {

	if (x->props.mode == XFRM_MODE_TUNNEL) {

		mtu = ALIGN(mtu + 2, blksize);

	} else {

		/* The worst case. */
@@ -383,7 +383,7 @@ static int esp_init_state(struct xfrm_state *x) 
	if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))

		goto error;

	x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;

	if (x->props.mode)

	if (x->props.mode == XFRM_MODE_TUNNEL)

		x->props.header_len += sizeof(struct iphdr);

	if (x->encap) {

		struct xfrm_encap_tmpl *encap = x->encap;

net/ipv4/ipcomp.c

+4 −4
Original line number Diff line number Diff line
@@ -176,7 +176,7 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb) 
	return 0;



out_ok:

	if (x->props.mode)

	if (x->props.mode == XFRM_MODE_TUNNEL)

		ip_send_check(iph);

	return 0;

}
@@ -216,7 +216,7 @@ static struct xfrm_state *ipcomp_tunnel_create(struct xfrm_state *x) 
	t->id.daddr.a4 = x->id.daddr.a4;

	memcpy(&t->sel, &x->sel, sizeof(t->sel));

	t->props.family = AF_INET;

	t->props.mode = 1;

	t->props.mode = XFRM_MODE_TUNNEL;

	t->props.saddr.a4 = x->props.saddr.a4;

	t->props.flags = x->props.flags;
@@ -416,7 +416,7 @@ static int ipcomp_init_state(struct xfrm_state *x) 
		goto out;



	x->props.header_len = 0;

	if (x->props.mode)

	if (x->props.mode == XFRM_MODE_TUNNEL)

		x->props.header_len += sizeof(struct iphdr);



	mutex_lock(&ipcomp_resource_mutex);
@@ -428,7 +428,7 @@ static int ipcomp_init_state(struct xfrm_state *x) 
		goto error;

	mutex_unlock(&ipcomp_resource_mutex);



	if (x->props.mode) {

	if (x->props.mode == XFRM_MODE_TUNNEL) {

		err = ipcomp_tunnel_attach(x);

		if (err)

			goto error_tunnel;

CRA Git | Maintained and supported by SUSTech CRA and CCSE