xfrm: Add mode handlers for IPsec on layer 2
This patch adds a gso_segment and xmit callback for the xfrm_mode and implement these functions for tunnel and transport mode. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
Steffen Klassert
@@ -13,6 +13,7 @@
|
||||
#include <net/dst.h>
|
||||
#include <net/ipv6.h>
|
||||
#include <net/xfrm.h>
|
||||
#include <net/protocol.h>
|
||||
|
||||
/* Add encapsulation header.
|
||||
*
|
||||
@@ -61,9 +62,41 @@ static int xfrm6_transport_input(struct xfrm_state *x, struct sk_buff *skb)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct sk_buff *xfrm4_transport_gso_segment(struct xfrm_state *x,
|
||||
struct sk_buff *skb,
|
||||
netdev_features_t features)
|
||||
{
|
||||
const struct net_offload *ops;
|
||||
struct sk_buff *segs = ERR_PTR(-EINVAL);
|
||||
struct xfrm_offload *xo = xfrm_offload(skb);
|
||||
|
||||
skb->transport_header += x->props.header_len;
|
||||
ops = rcu_dereference(inet6_offloads[xo->proto]);
|
||||
if (likely(ops && ops->callbacks.gso_segment))
|
||||
segs = ops->callbacks.gso_segment(skb, features);
|
||||
|
||||
return segs;
|
||||
}
|
||||
|
||||
static void xfrm6_transport_xmit(struct xfrm_state *x, struct sk_buff *skb)
|
||||
{
|
||||
struct xfrm_offload *xo = xfrm_offload(skb);
|
||||
|
||||
skb_reset_mac_len(skb);
|
||||
pskb_pull(skb, skb->mac_len + sizeof(struct ipv6hdr) + x->props.header_len);
|
||||
|
||||
if (xo->flags & XFRM_GSO_SEGMENT) {
|
||||
skb_reset_transport_header(skb);
|
||||
skb->transport_header -= x->props.header_len;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static struct xfrm_mode xfrm6_transport_mode = {
|
||||
.input = xfrm6_transport_input,
|
||||
.output = xfrm6_transport_output,
|
||||
.gso_segment = xfrm4_transport_gso_segment,
|
||||
.xmit = xfrm6_transport_xmit,
|
||||
.owner = THIS_MODULE,
|
||||
.encap = XFRM_MODE_TRANSPORT,
|
||||
};
|
||||
|
||||
@@ -96,11 +96,35 @@ out:
|
||||
return err;
|
||||
}
|
||||
|
||||
static struct sk_buff *xfrm6_mode_tunnel_gso_segment(struct xfrm_state *x,
|
||||
struct sk_buff *skb,
|
||||
netdev_features_t features)
|
||||
{
|
||||
__skb_push(skb, skb->mac_len);
|
||||
return skb_mac_gso_segment(skb, features);
|
||||
|
||||
}
|
||||
|
||||
static void xfrm6_mode_tunnel_xmit(struct xfrm_state *x, struct sk_buff *skb)
|
||||
{
|
||||
struct xfrm_offload *xo = xfrm_offload(skb);
|
||||
|
||||
if (xo->flags & XFRM_GSO_SEGMENT) {
|
||||
skb->network_header = skb->network_header - x->props.header_len;
|
||||
skb->transport_header = skb->network_header + sizeof(struct ipv6hdr);
|
||||
}
|
||||
|
||||
skb_reset_mac_len(skb);
|
||||
pskb_pull(skb, skb->mac_len + x->props.header_len);
|
||||
}
|
||||
|
||||
static struct xfrm_mode xfrm6_tunnel_mode = {
|
||||
.input2 = xfrm6_mode_tunnel_input,
|
||||
.input = xfrm_prepare_input,
|
||||
.output2 = xfrm6_mode_tunnel_output,
|
||||
.output = xfrm6_prepare_output,
|
||||
.gso_segment = xfrm6_mode_tunnel_gso_segment,
|
||||
.xmit = xfrm6_mode_tunnel_xmit,
|
||||
.owner = THIS_MODULE,
|
||||
.encap = XFRM_MODE_TUNNEL,
|
||||
.flags = XFRM_MODE_FLAG_TUNNEL,
|
||||
|
||||
Reference in New Issue
Block a user