From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Mon, 27 Feb 2006 21:00:40 +0000 (-0800)
Subject: [IPSEC]: Kill post_input hook and do NAT-T in esp_input directly
X-Git-Tag: v2.6.16-rc6~163^2~7
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=752c1f4c78fe86d0fd6497387f763306b0d8fc53;p=pandora-kernel.git

[IPSEC]: Kill post_input hook and do NAT-T in esp_input directly

The only reason post_input exists at all is that it gives us the
potential to adjust the checksums incrementally in future which
we ought to do.

However, after thinking about it for a bit we can adjust the
checksums without using this post_input stuff at all.  The crucial
point is that only the inner-most NAT-T SA needs to be considered
when adjusting checksums.  What's more, the checksum adjustment
comes down to a single u32 due to the linearity of IP checksums.

We just happen to have a spare u32 lying around in our skb structure :)
When ip_summed is set to CHECKSUM_NONE on input, the value of skb->csum
is currently unused.  All we have to do is to make that the checksum
adjustment and voila, there goes all the post_input and decap structures!

I've left in the decap data structures for now since it's intricately
woven into the sec_path stuff.  We can kill them later too.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed