[IPSEC]: IPv6 over IPv4 IPsec tunnel

		IP_ECN_set_ce(inner_iph);

}

static inline void ipip6_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)

{

	if (INET_ECN_is_ce(iph->tos))

		IP6_ECN_set_ce(skb->nh.ipv6h);

}

/* Add encapsulation header.

 *

 * The top IP header will be constructed per RFC 2401.  The following fields

static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)

{

	struct dst_entry *dst = skb->dst;

	struct xfrm_dst *xdst = (struct xfrm_dst*)dst;

	struct iphdr *iph, *top_iph;

	int flags;

	top_iph->ihl = 5;

	top_iph->version = 4;

	flags = x->props.flags;

	/* DS disclosed */

	if (xdst->route->ops->family == AF_INET) {

		top_iph->protocol = IPPROTO_IPIP;

		top_iph->tos = INET_ECN_encapsulate(iph->tos, iph->tos);

		top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?

			0 : (iph->frag_off & htons(IP_DF));

	}

#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)

	else {

		struct ipv6hdr *ipv6h = (struct ipv6hdr*)iph;

		top_iph->protocol = IPPROTO_IPV6;

		top_iph->tos = INET_ECN_encapsulate(iph->tos, ipv6_get_dsfield(ipv6h));

		top_iph->frag_off = 0;

	}

#endif

	flags = x->props.flags;

	if (flags & XFRM_STATE_NOECN)

		IP_ECN_clear(top_iph);

	top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?

		0 : (iph->frag_off & htons(IP_DF));

	if (!top_iph->frag_off)

		__ip_select_ident(top_iph, dst->child, 0);

	top_iph->saddr = x->props.saddr.a4;

	top_iph->daddr = x->id.daddr.a4;

	top_iph->protocol = IPPROTO_IPIP;

	memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));

	return 0;

	struct iphdr *iph = skb->nh.iph;

	int err = -EINVAL;

	if (iph->protocol != IPPROTO_IPIP)

	switch(iph->protocol){

		case IPPROTO_IPIP:

#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)

		case IPPROTO_IPV6:

			break;

#endif

		default:

			goto out;

	}

	if (!pskb_may_pull(skb, sizeof(struct iphdr)))

		goto out;

	    (err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))

		goto out;

	if (iph->protocol == IPPROTO_IPIP) {

		if (x->props.flags & XFRM_STATE_DECAP_DSCP)

			ipv4_copy_dscp(iph, skb->h.ipiph);

		if (!(x->props.flags & XFRM_STATE_NOECN))

			ipip_ecn_decapsulate(skb);

	}

#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)

	else {

		if (!(x->props.flags & XFRM_STATE_NOECN))

			ipip6_ecn_decapsulate(iph, skb);

		skb->protocol = htons(ETH_P_IPV6);

	}

#endif

	skb->mac.raw = memmove(skb->data - skb->mac_len,

			       skb->mac.raw, skb->mac_len);

	skb->nh.raw = skb->data;

	struct dst_entry *dst, *dst_prev;

	struct rt6_info *rt0 = (struct rt6_info*)(*dst_p);

	struct rt6_info *rt  = rt0;

	struct in6_addr *remote = &fl->fl6_dst;

	struct in6_addr *local  = &fl->fl6_src;

	struct flowi fl_tunnel = {

		.nl_u = {

			.ip6_u = {

				.saddr = *local,

				.daddr = *remote

				.saddr = fl->fl6_src,

				.daddr = fl->fl6_dst,

			}

		}

	};

	for (i = 0; i < nx; i++) {

		struct dst_entry *dst1 = dst_alloc(&xfrm6_dst_ops);

		struct xfrm_dst *xdst;

		int tunnel = 0;

		if (unlikely(dst1 == NULL)) {

			err = -ENOBUFS;

		dst1->next = dst_prev;

		dst_prev = dst1;

		if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {

			remote = __xfrm6_bundle_addr_remote(xfrm[i], remote);

			local  = __xfrm6_bundle_addr_local(xfrm[i], local);

			tunnel = 1;

		}

		__xfrm6_bundle_len_inc(&header_len, &nfheader_len, xfrm[i]);

		trailer_len += xfrm[i]->props.trailer_len;

		if (tunnel) {

			ipv6_addr_copy(&fl_tunnel.fl6_dst, remote);

			ipv6_addr_copy(&fl_tunnel.fl6_src, local);

		if (xfrm[i]->props.mode == XFRM_MODE_TUNNEL) {

			unsigned short encap_family = xfrm[i]->props.family;

			switch(encap_family) {

			case AF_INET:

				fl_tunnel.fl4_dst = xfrm[i]->id.daddr.a4;

				fl_tunnel.fl4_src = xfrm[i]->props.saddr.a4;

				break;

			case AF_INET6:

				ipv6_addr_copy(&fl_tunnel.fl6_dst, (struct in6_addr*)&xfrm[i]->id.daddr.a6);

				ipv6_addr_copy(&fl_tunnel.fl6_src, (struct in6_addr*)&xfrm[i]->props.saddr.a6);

				break;

			default:

				BUG_ON(1);

			}

			err = xfrm_dst_lookup((struct xfrm_dst **) &rt,

					      &fl_tunnel, AF_INET6);

					      &fl_tunnel, encap_family);

			if (err)

				goto error;

		} else

	i = 0;

	for (; dst_prev != &rt->u.dst; dst_prev = dst_prev->child) {

		struct xfrm_dst *x = (struct xfrm_dst*)dst_prev;

		struct xfrm_state_afinfo *afinfo;

		dst_prev->xfrm = xfrm[i++];

		dst_prev->dev = rt->u.dst.dev;

		/* Copy neighbour for reachability confirmation */

		dst_prev->neighbour	= neigh_clone(rt->u.dst.neighbour);

		dst_prev->input		= rt->u.dst.input;

		dst_prev->output	= xfrm6_output;

		/* XXX: When IPv4 is implemented as module and can be unloaded,

		 * we should manage reference to xfrm4_output in afinfo->output.

		 * Miyazawa

		 */

		afinfo = xfrm_state_get_afinfo(dst_prev->xfrm->props.family);

		if (!afinfo) {

			dst = *dst_p;

			goto error;

		};

		dst_prev->output = afinfo->output;

		xfrm_state_put_afinfo(afinfo);

		/* Sheit... I remember I did this right. Apparently,

		 * it was magically lost, so this code needs audit */

		x->u.rt6.rt6i_flags    = rt0->rt6i_flags&(RTCF_BROADCAST|RTCF_MULTICAST|RTCF_LOCAL);