X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=net%2Fipv6%2Fxfrm6_state.c;h=f417b77fa0e15762715a9498974fbd8f5071401d;hb=dc4c2c31053ba5bf685d273cd62ecca406dddb2d;hp=d88cd92c864e6d9cad400a4288e0beb88bfaa002;hpb=edcd582152090bfb0ccb4ad444c151798a73eda8;p=safe%2Fjmp%2Flinux-2.6

diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index d88cd92..f417b77 100644
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -8,17 +8,17 @@
  * 		IPv6 support
  * 	YOSHIFUJI Hideaki @USAGI
  * 		Split up af-specific portion
- * 	
+ *
  */
 
 #include <net/xfrm.h>
 #include <linux/pfkeyv2.h>
 #include <linux/ipsec.h>
+#include <linux/netfilter_ipv6.h>
+#include <net/dsfield.h>
 #include <net/ipv6.h>
 #include <net/addrconf.h>
 
-static struct xfrm_state_afinfo xfrm6_state_afinfo;
-
 static void
 __xfrm6_init_tempsel(struct xfrm_state *x, struct flowi *fl,
 		     struct xfrm_tmpl *tmpl,
@@ -29,9 +29,10 @@ __xfrm6_init_tempsel(struct xfrm_state *x, struct flowi *fl,
 	ipv6_addr_copy((struct in6_addr *)&x->sel.daddr, &fl->fl6_dst);
 	ipv6_addr_copy((struct in6_addr *)&x->sel.saddr, &fl->fl6_src);
 	x->sel.dport = xfrm_flowi_dport(fl);
-	x->sel.dport_mask = ~0;
+	x->sel.dport_mask = htons(0xffff);
 	x->sel.sport = xfrm_flowi_sport(fl);
-	x->sel.sport_mask = ~0;
+	x->sel.sport_mask = htons(0xffff);
+	x->sel.family = AF_INET6;
 	x->sel.prefixlen_d = 128;
 	x->sel.prefixlen_s = 128;
 	x->sel.proto = fl->proto;
@@ -42,156 +43,142 @@ __xfrm6_init_tempsel(struct xfrm_state *x, struct flowi *fl,
 	memcpy(&x->props.saddr, &tmpl->saddr, sizeof(x->props.saddr));
 	if (ipv6_addr_any((struct in6_addr*)&x->props.saddr))
 		memcpy(&x->props.saddr, saddr, sizeof(x->props.saddr));
-	if (tmpl->mode == XFRM_MODE_TUNNEL && ipv6_addr_any((struct in6_addr*)&x->props.saddr)) {
-		struct rt6_info *rt;
-		struct flowi fl_tunnel = {
-			.nl_u = {
-				.ip6_u = {
-					.daddr = *(struct in6_addr *)daddr,
-				}
-			}
-		};
-		if (!xfrm_dst_lookup((struct xfrm_dst **)&rt,
-		                     &fl_tunnel, AF_INET6)) {
-			ipv6_get_saddr(&rt->u.dst, (struct in6_addr *)daddr,
-			               (struct in6_addr *)&x->props.saddr);
-			dst_release(&rt->u.dst);
-		}
-	}
 	x->props.mode = tmpl->mode;
 	x->props.reqid = tmpl->reqid;
 	x->props.family = AF_INET6;
 }
 
+/* distribution counting sort function for xfrm_state and xfrm_tmpl */
 static int
-__xfrm6_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n)
+__xfrm6_sort(void **dst, void **src, int n, int (*cmp)(void *p), int maxclass)
 {
 	int i;
-	int j = 0;
+	int class[XFRM_MAX_DEPTH];
+	int count[maxclass];
 
-	/* Rule 1: select IPsec transport except AH */
-	for (i = 0; i < n; i++) {
-		if (src[i]->props.mode == XFRM_MODE_TRANSPORT &&
-		    src[i]->id.proto != IPPROTO_AH) {
-			dst[j++] = src[i];
-			src[i] = NULL;
-		}
-	}
-	if (j == n)
-		goto end;
+	memset(count, 0, sizeof(count));
 
-	/* Rule 2: select MIPv6 RO or inbound trigger */
-#ifdef CONFIG_IPV6_MIP6
 	for (i = 0; i < n; i++) {
-		if (src[i] &&
-		    (src[i]->props.mode == XFRM_MODE_ROUTEOPTIMIZATION ||
-		     src[i]->props.mode == XFRM_MODE_IN_TRIGGER)) {
-			dst[j++] = src[i];
-			src[i] = NULL;
-		}
+		int c;
+		class[i] = c = cmp(src[i]);
+		count[c]++;
 	}
-	if (j == n)
-		goto end;
-#endif
 
-	/* Rule 3: select IPsec transport AH */
-	for (i = 0; i < n; i++) {
-		if (src[i] &&
-		    src[i]->props.mode == XFRM_MODE_TRANSPORT &&
-		    src[i]->id.proto == IPPROTO_AH) {
-			dst[j++] = src[i];
-			src[i] = NULL;
-		}
-	}
-	if (j == n)
-		goto end;
-
-	/* Rule 4: select IPsec tunnel */
-	for (i = 0; i < n; i++) {
-		if (src[i] &&
-		    src[i]->props.mode == XFRM_MODE_TUNNEL) {
-			dst[j++] = src[i];
-			src[i] = NULL;
-		}
-	}
-	if (likely(j == n))
-		goto end;
+	for (i = 2; i < maxclass; i++)
+		count[i] += count[i - 1];
 
-	/* Final rule */
 	for (i = 0; i < n; i++) {
-		if (src[i]) {
-			dst[j++] = src[i];
-			src[i] = NULL;
-		}
+		dst[count[class[i] - 1]++] = src[i];
+		src[i] = NULL;
 	}
 
- end:
 	return 0;
 }
 
+/*
+ * Rule for xfrm_state:
+ *
+ * rule 1: select IPsec transport except AH
+ * rule 2: select MIPv6 RO or inbound trigger
+ * rule 3: select IPsec transport AH
+ * rule 4: select IPsec tunnel
+ * rule 5: others
+ */
+static int __xfrm6_state_sort_cmp(void *p)
+{
+	struct xfrm_state *v = p;
+
+	switch (v->props.mode) {
+	case XFRM_MODE_TRANSPORT:
+		if (v->id.proto != IPPROTO_AH)
+			return 1;
+		else
+			return 3;
+#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
+	case XFRM_MODE_ROUTEOPTIMIZATION:
+	case XFRM_MODE_IN_TRIGGER:
+		return 2;
+#endif
+	case XFRM_MODE_TUNNEL:
+	case XFRM_MODE_BEET:
+		return 4;
+	}
+	return 5;
+}
+
 static int
-__xfrm6_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n)
+__xfrm6_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n)
 {
-	int i;
-	int j = 0;
+	return __xfrm6_sort((void **)dst, (void **)src, n,
+			    __xfrm6_state_sort_cmp, 6);
+}
 
-	/* Rule 1: select IPsec transport */
-	for (i = 0; i < n; i++) {
-		if (src[i]->mode == XFRM_MODE_TRANSPORT) {
-			dst[j++] = src[i];
-			src[i] = NULL;
-		}
+/*
+ * Rule for xfrm_tmpl:
+ *
+ * rule 1: select IPsec transport
+ * rule 2: select MIPv6 RO or inbound trigger
+ * rule 3: select IPsec tunnel
+ * rule 4: others
+ */
+static int __xfrm6_tmpl_sort_cmp(void *p)
+{
+	struct xfrm_tmpl *v = p;
+	switch (v->mode) {
+	case XFRM_MODE_TRANSPORT:
+		return 1;
+#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
+	case XFRM_MODE_ROUTEOPTIMIZATION:
+	case XFRM_MODE_IN_TRIGGER:
+		return 2;
+#endif
+	case XFRM_MODE_TUNNEL:
+	case XFRM_MODE_BEET:
+		return 3;
 	}
-	if (j == n)
-		goto end;
+	return 4;
+}
 
-	/* Rule 2: select MIPv6 RO or inbound trigger */
-#ifdef CONFIG_IPV6_MIP6
-	for (i = 0; i < n; i++) {
-		if (src[i] &&
-		    (src[i]->mode == XFRM_MODE_ROUTEOPTIMIZATION ||
-		     src[i]->mode == XFRM_MODE_IN_TRIGGER)) {
-			dst[j++] = src[i];
-			src[i] = NULL;
-		}
-	}
-	if (j == n)
-		goto end;
-#endif
+static int
+__xfrm6_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n)
+{
+	return __xfrm6_sort((void **)dst, (void **)src, n,
+			    __xfrm6_tmpl_sort_cmp, 5);
+}
 
-	/* Rule 3: select IPsec tunnel */
-	for (i = 0; i < n; i++) {
-		if (src[i] &&
-		    src[i]->mode == XFRM_MODE_TUNNEL) {
-			dst[j++] = src[i];
-			src[i] = NULL;
-		}
-	}
-	if (likely(j == n))
-		goto end;
+int xfrm6_extract_header(struct sk_buff *skb)
+{
+	struct ipv6hdr *iph = ipv6_hdr(skb);
 
-	/* Final rule */
-	for (i = 0; i < n; i++) {
-		if (src[i]) {
-			dst[j++] = src[i];
-			src[i] = NULL;
-		}
-	}
+	XFRM_MODE_SKB_CB(skb)->ihl = sizeof(*iph);
+	XFRM_MODE_SKB_CB(skb)->id = 0;
+	XFRM_MODE_SKB_CB(skb)->frag_off = htons(IP_DF);
+	XFRM_MODE_SKB_CB(skb)->tos = ipv6_get_dsfield(iph);
+	XFRM_MODE_SKB_CB(skb)->ttl = iph->hop_limit;
+	XFRM_MODE_SKB_CB(skb)->optlen = 0;
+	memcpy(XFRM_MODE_SKB_CB(skb)->flow_lbl, iph->flow_lbl,
+	       sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl));
 
- end:
 	return 0;
 }
 
 static struct xfrm_state_afinfo xfrm6_state_afinfo = {
 	.family			= AF_INET6,
+	.proto			= IPPROTO_IPV6,
+	.eth_proto		= htons(ETH_P_IPV6),
+	.owner			= THIS_MODULE,
 	.init_tempsel		= __xfrm6_init_tempsel,
 	.tmpl_sort		= __xfrm6_tmpl_sort,
 	.state_sort		= __xfrm6_state_sort,
+	.output			= xfrm6_output,
+	.extract_input		= xfrm6_extract_input,
+	.extract_output		= xfrm6_extract_output,
+	.transport_finish	= xfrm6_transport_finish,
 };
 
-void __init xfrm6_state_init(void)
+int __init xfrm6_state_init(void)
 {
-	xfrm_state_register_afinfo(&xfrm6_state_afinfo);
+	return xfrm_state_register_afinfo(&xfrm6_state_afinfo);
 }
 
 void xfrm6_state_fini(void)