2 * xfrm6_input.c: based on net/ipv4/xfrm4_input.c
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * YOSHIFUJI Hideaki @USAGI
12 #include <linux/module.h>
13 #include <linux/string.h>
14 #include <linux/netfilter.h>
15 #include <linux/netfilter_ipv6.h>
19 int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb)
21 return xfrm6_extract_header(skb);
24 int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)
28 struct xfrm_state *xfrm_vec[XFRM_MAX_DEPTH];
34 nhoff = IP6CB(skb)->nhoff;
37 if (!spi && (err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0)
41 struct ipv6hdr *iph = ipv6_hdr(skb);
43 if (xfrm_nr == XFRM_MAX_DEPTH)
46 x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, spi,
51 if (unlikely(x->km.state != XFRM_STATE_VALID))
54 if (x->props.replay_window && xfrm_replay_check(x, seq))
57 if (xfrm_state_check_expire(x))
60 nexthdr = x->type->input(x, skb);
64 skb_network_header(skb)[nhoff] = nexthdr;
66 if (x->props.replay_window)
67 xfrm_replay_advance(x, seq);
69 x->curlft.bytes += skb->len;
72 spin_unlock(&x->lock);
74 xfrm_vec[xfrm_nr++] = x;
76 if (x->inner_mode->input(x, skb))
79 if (x->outer_mode->flags & XFRM_MODE_FLAG_TUNNEL) {
84 if ((err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) < 0)
88 /* Allocate new secpath or COW existing one. */
89 if (!skb->sp || atomic_read(&skb->sp->refcnt) != 1) {
91 sp = secpath_dup(skb->sp);
99 if (xfrm_nr + skb->sp->len > XFRM_MAX_DEPTH)
102 memcpy(skb->sp->xvec + skb->sp->len, xfrm_vec,
103 xfrm_nr * sizeof(xfrm_vec[0]));
104 skb->sp->len += xfrm_nr;
109 dst_release(skb->dst);
114 #ifdef CONFIG_NETFILTER
115 ipv6_hdr(skb)->payload_len = htons(skb->len);
116 __skb_push(skb, skb->data - skb_network_header(skb));
118 NF_HOOK(PF_INET6, NF_IP6_PRE_ROUTING, skb, skb->dev, NULL,
127 spin_unlock(&x->lock);
130 while (--xfrm_nr >= 0)
131 xfrm_state_put(xfrm_vec[xfrm_nr]);
136 EXPORT_SYMBOL(xfrm6_rcv_spi);
138 int xfrm6_rcv(struct sk_buff *skb)
140 return xfrm6_rcv_spi(skb, skb_network_header(skb)[IP6CB(skb)->nhoff],
144 EXPORT_SYMBOL(xfrm6_rcv);
146 int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
147 xfrm_address_t *saddr, u8 proto)
149 struct xfrm_state *x = NULL;
151 xfrm_address_t *xany;
152 struct xfrm_state *xfrm_vec_one = NULL;
156 xany = (xfrm_address_t *)&in6addr_any;
158 for (i = 0; i < 3; i++) {
159 xfrm_address_t *dst, *src;
166 /* lookup state with wild-card source address */
173 /* lookup state with wild-card addresses */
174 wildcard = 1; /* XXX */
180 x = xfrm_state_lookup_byaddr(dst, src, proto, AF_INET6);
187 if ((x->props.flags & XFRM_STATE_WILDRECV) == 0) {
188 spin_unlock(&x->lock);
195 if (unlikely(x->km.state != XFRM_STATE_VALID)) {
196 spin_unlock(&x->lock);
201 if (xfrm_state_check_expire(x)) {
202 spin_unlock(&x->lock);
208 nh = x->type->input(x, skb);
210 spin_unlock(&x->lock);
216 x->curlft.bytes += skb->len;
219 spin_unlock(&x->lock);
228 /* Allocate new secpath or COW existing one. */
229 if (!skb->sp || atomic_read(&skb->sp->refcnt) != 1) {
231 sp = secpath_dup(skb->sp);
235 secpath_put(skb->sp);
239 if (1 + skb->sp->len > XFRM_MAX_DEPTH)
242 skb->sp->xvec[skb->sp->len] = xfrm_vec_one;
248 xfrm_state_put(xfrm_vec_one);
252 EXPORT_SYMBOL(xfrm6_input_addr);
git.openpandora.org / pandora-kernel.git / blob