#include <net/xfrm.h>
#include <linux/pfkeyv2.h>
#include <linux/ipsec.h>
+#include <linux/netfilter_ipv6.h>
+#include <net/dsfield.h>
#include <net/ipv6.h>
#include <net/addrconf.h>
/* Rule 4: select IPsec tunnel */
for (i = 0; i < n; i++) {
if (src[i] &&
- src[i]->props.mode == XFRM_MODE_TUNNEL) {
+ (src[i]->props.mode == XFRM_MODE_TUNNEL ||
+ src[i]->props.mode == XFRM_MODE_BEET)) {
dst[j++] = src[i];
src[i] = NULL;
}
/* Rule 3: select IPsec tunnel */
for (i = 0; i < n; i++) {
if (src[i] &&
- src[i]->mode == XFRM_MODE_TUNNEL) {
+ (src[i]->mode == XFRM_MODE_TUNNEL ||
+ src[i]->mode == XFRM_MODE_BEET)) {
dst[j++] = src[i];
src[i] = NULL;
}
return 0;
}
+int xfrm6_extract_header(struct sk_buff *skb)
+{
+ struct ipv6hdr *iph = ipv6_hdr(skb);
+
+ XFRM_MODE_SKB_CB(skb)->id = 0;
+ XFRM_MODE_SKB_CB(skb)->frag_off = htons(IP_DF);
+ XFRM_MODE_SKB_CB(skb)->tos = ipv6_get_dsfield(iph);
+ XFRM_MODE_SKB_CB(skb)->ttl = iph->hop_limit;
+ memcpy(XFRM_MODE_SKB_CB(skb)->flow_lbl, iph->flow_lbl,
+ sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl));
+
+ return 0;
+}
+
static struct xfrm_state_afinfo xfrm6_state_afinfo = {
.family = AF_INET6,
+ .proto = IPPROTO_IPV6,
+ .eth_proto = htons(ETH_P_IPV6),
+ .nf_post_routing = NF_INET_POST_ROUTING,
+ .owner = THIS_MODULE,
.init_tempsel = __xfrm6_init_tempsel,
.tmpl_sort = __xfrm6_tmpl_sort,
.state_sort = __xfrm6_state_sort,
.output = xfrm6_output,
+ .extract_input = xfrm6_extract_input,
+ .extract_output = xfrm6_extract_output,
+ .transport_finish = xfrm6_transport_finish,
};
void __init xfrm6_state_init(void)
git://ftp.safe.ca / safe / jmp / linux-2.6 / blobdiff