2 * xfrm6_input.c: based on net/ipv4/xfrm4_input.c
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * YOSHIFUJI Hideaki @USAGI
12 #include <linux/module.h>
13 #include <linux/string.h>
14 #include <linux/netfilter.h>
15 #include <linux/netfilter_ipv6.h>
19 int xfrm6_rcv_spi(struct sk_buff *skb, __be32 spi)
23 struct xfrm_state *xfrm_vec[XFRM_MAX_DEPTH];
30 nhoff = IP6CB(skb)->nhoff;
31 nexthdr = skb_network_header(skb)[nhoff];
34 if (!spi && (err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0)
38 struct ipv6hdr *iph = ipv6_hdr(skb);
40 if (xfrm_nr == XFRM_MAX_DEPTH)
43 x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, spi,
44 nexthdr != IPPROTO_IPIP ? nexthdr : IPPROTO_IPV6, AF_INET6);
48 if (unlikely(x->km.state != XFRM_STATE_VALID))
51 if (x->props.replay_window && xfrm_replay_check(x, seq))
54 if (xfrm_state_check_expire(x))
57 nexthdr = x->type->input(x, skb);
61 skb_network_header(skb)[nhoff] = nexthdr;
63 if (x->props.replay_window)
64 xfrm_replay_advance(x, seq);
66 x->curlft.bytes += skb->len;
69 spin_unlock(&x->lock);
71 xfrm_vec[xfrm_nr++] = x;
73 if (x->mode->input(x, skb))
76 if (x->props.mode == XFRM_MODE_TUNNEL) { /* XXX */
81 if ((err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) < 0)
85 /* Allocate new secpath or COW existing one. */
86 if (!skb->sp || atomic_read(&skb->sp->refcnt) != 1) {
88 sp = secpath_dup(skb->sp);
96 if (xfrm_nr + skb->sp->len > XFRM_MAX_DEPTH)
99 memcpy(skb->sp->xvec + skb->sp->len, xfrm_vec,
100 xfrm_nr * sizeof(xfrm_vec[0]));
101 skb->sp->len += xfrm_nr;
102 skb->ip_summed = CHECKSUM_NONE;
107 if (!(skb->dev->flags&IFF_LOOPBACK)) {
108 dst_release(skb->dst);
114 #ifdef CONFIG_NETFILTER
115 ipv6_hdr(skb)->payload_len = htons(skb->len);
116 __skb_push(skb, skb->data - skb_network_header(skb));
118 NF_HOOK(PF_INET6, NF_IP6_PRE_ROUTING, skb, skb->dev, NULL,
127 spin_unlock(&x->lock);
130 while (--xfrm_nr >= 0)
131 xfrm_state_put(xfrm_vec[xfrm_nr]);
136 EXPORT_SYMBOL(xfrm6_rcv_spi);
138 int xfrm6_rcv(struct sk_buff **pskb)
140 return xfrm6_rcv_spi(*pskb, 0);
143 EXPORT_SYMBOL(xfrm6_rcv);
145 int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
146 xfrm_address_t *saddr, u8 proto)
148 struct xfrm_state *x = NULL;
150 xfrm_address_t *xany;
151 struct xfrm_state *xfrm_vec_one = NULL;
155 xany = (xfrm_address_t *)&in6addr_any;
157 for (i = 0; i < 3; i++) {
158 xfrm_address_t *dst, *src;
165 /* lookup state with wild-card source address */
172 /* lookup state with wild-card addresses */
173 wildcard = 1; /* XXX */
179 x = xfrm_state_lookup_byaddr(dst, src, proto, AF_INET6);
186 if ((x->props.flags & XFRM_STATE_WILDRECV) == 0) {
187 spin_unlock(&x->lock);
194 if (unlikely(x->km.state != XFRM_STATE_VALID)) {
195 spin_unlock(&x->lock);
200 if (xfrm_state_check_expire(x)) {
201 spin_unlock(&x->lock);
207 nh = x->type->input(x, skb);
209 spin_unlock(&x->lock);
215 x->curlft.bytes += skb->len;
218 spin_unlock(&x->lock);
227 /* Allocate new secpath or COW existing one. */
228 if (!skb->sp || atomic_read(&skb->sp->refcnt) != 1) {
230 sp = secpath_dup(skb->sp);
234 secpath_put(skb->sp);
238 if (1 + skb->sp->len > XFRM_MAX_DEPTH)
241 skb->sp->xvec[skb->sp->len] = xfrm_vec_one;
247 xfrm_state_put(xfrm_vec_one);
251 EXPORT_SYMBOL(xfrm6_input_addr);
projects / linux-2.6 / blob