Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
awilliam
GitHub Repository: awilliam/linux-vfio
 Path: blob/master/net/ipv6/xfrm6_output.c
15109 views
1
/*

2
 * xfrm6_output.c - Common IPsec encapsulation code for IPv6.

3
 * Copyright (C) 2002 USAGI/WIDE Project

4
 * Copyright (c) 2004 Herbert Xu <[email protected]>

5
 *

6
 * This program is free software; you can redistribute it and/or

7
 * modify it under the terms of the GNU General Public License

8
 * as published by the Free Software Foundation; either version

9
 * 2 of the License, or (at your option) any later version.

10
 */

11


12
#include <linux/if_ether.h>

13
#include <linux/kernel.h>

14
#include <linux/module.h>

15
#include <linux/skbuff.h>

16
#include <linux/icmpv6.h>

17
#include <linux/netfilter_ipv6.h>

18
#include <net/dst.h>

19
#include <net/ipv6.h>

20
#include <net/ip6_route.h>

21
#include <net/xfrm.h>

22


23
int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,

24
			  u8 **prevhdr)

25
{

26
	return ip6_find_1stfragopt(skb, prevhdr);

27
}

28


29
EXPORT_SYMBOL(xfrm6_find_1stfragopt);

30


31
static int xfrm6_tunnel_check_size(struct sk_buff *skb)

32
{

33
	int mtu, ret = 0;

34
	struct dst_entry *dst = skb_dst(skb);

35


36
	mtu = dst_mtu(dst);

37
	if (mtu < IPV6_MIN_MTU)

38
		mtu = IPV6_MIN_MTU;

39


40
	if (!skb->local_df && skb->len > mtu) {

41
		skb->dev = dst->dev;

42
		icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);

43
		ret = -EMSGSIZE;

44
	}

45


46
	return ret;

47
}

48


49
int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb)

50
{

51
	int err;

52


53
	err = xfrm6_tunnel_check_size(skb);

54
	if (err)

55
		return err;

56


57
	XFRM_MODE_SKB_CB(skb)->protocol = ipv6_hdr(skb)->nexthdr;

58


59
	return xfrm6_extract_header(skb);

60
}

61


62
int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)

63
{

64
	int err;

65


66
	err = xfrm_inner_extract_output(x, skb);

67
	if (err)

68
		return err;

69


70
	memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));

71
#ifdef CONFIG_NETFILTER

72
	IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED;

73
#endif

74


75
	skb->protocol = htons(ETH_P_IPV6);

76
	skb->local_df = 1;

77


78
	return x->outer_mode->output2(x, skb);

79
}

80
EXPORT_SYMBOL(xfrm6_prepare_output);

81


82
int xfrm6_output_finish(struct sk_buff *skb)

83
{

84
#ifdef CONFIG_NETFILTER

85
	IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED;

86
#endif

87


88
	skb->protocol = htons(ETH_P_IPV6);

89
	return xfrm_output(skb);

90
}

91


92
static int __xfrm6_output(struct sk_buff *skb)

93
{

94
	struct dst_entry *dst = skb_dst(skb);

95
	struct xfrm_state *x = dst->xfrm;

96


97
	if ((x && x->props.mode == XFRM_MODE_TUNNEL) &&

98
	    ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||

99
		dst_allfrag(skb_dst(skb)))) {

100
			return ip6_fragment(skb, x->outer_mode->afinfo->output_finish);

101
	}

102
	return x->outer_mode->afinfo->output_finish(skb);

103
}

104


105
int xfrm6_output(struct sk_buff *skb)

106
{

107
	return NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL,

108
		       skb_dst(skb)->dev, __xfrm6_output);

109
}

110


111