[IPSEC]: Consolidate some output code into xfrm_check_output.

20db7173 · James Morris · David S. Miller · fbbcf1fe · 20db7173 · 20db7173
Commit 20db7173 authored May 03, 2003 by James Morris Committed by David S. Miller May 03, 2003
9 changed files
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -484,6 +484,10 @@ xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl,
 	return 0;
 }
+/* placeholder until xfrm6_tunnel.c is written */
+static inline int xfrm6_tunnel_check_size(struct sk_buff *skb)
+{ return 0; }
 /* A struct encoding bundle of transformations to apply to some set of flow.
 *
 * dst->child points to the next element of bundle.
@@ -756,6 +760,7 @@ extern void xfrm_state_flush(u8 proto);
 extern int xfrm_replay_check(struct xfrm_state *x, u32 seq);
 extern void xfrm_replay_advance(struct xfrm_state *x, u32 seq);
 extern int xfrm_check_selectors(struct xfrm_state **x, int n, struct flowi *fl);
+extern int xfrm_check_output(struct xfrm_state *x, struct sk_buff *skb, unsigned short family);
 extern int xfrm4_rcv(struct sk_buff *skb);
 extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type);
 extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler);

--- a/net/ipv4/ah.c
+++ b/net/ipv4/ah.c
@@ -72,12 +72,8 @@ static int ah_output(struct sk_buff *skb)
 	}
 	spin_lock_bh(&x->lock);
-	if ((err = xfrm_state_check_expire(x)) != 0)
+	err = xfrm_check_output(x, skb, AF_INET);
-		goto error;
+	if (err)
-	if (x->props.mode)
-		if ((err = xfrm4_tunnel_check_size(skb)) != 0)
-			goto error;
-	if ((err = xfrm_state_check_space(x, skb)) != 0)
 		goto error;
 	iph = skb->nh.iph;

--- a/net/ipv4/esp.c
+++ b/net/ipv4/esp.c
@@ -47,14 +47,9 @@ int esp_output(struct sk_buff *skb)
 	}
 	spin_lock_bh(&x->lock);
-	if ((err = xfrm_state_check_expire(x)) != 0)
+	err = xfrm_check_output(x, skb, AF_INET);
+	if (err)
 		goto error;
-	if (x->props.mode)
-		if ((err = xfrm4_tunnel_check_size(skb)) != 0)
-			goto error;
-	if ((err = xfrm_state_check_space(x, skb)) != 0)
-		goto error;
 	err = -ENOMEM;
 	/* Strip IP header in transport mode. Save it. */

--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -173,13 +173,8 @@ static int ipcomp_output(struct sk_buff *skb)
 	}
 	spin_lock_bh(&x->lock);
+	err = xfrm_check_output(x, skb, AF_INET);
-	if ((err = xfrm_state_check_expire(x)) != 0)
+	if (err)
-		goto error;
-	if (x->props.mode)
-		if ((err = xfrm4_tunnel_check_size(skb)) != 0)
-			goto error;
-	if ((err = xfrm_state_check_space(x, skb)) != 0)
 		goto error;
 	/* Don't bother compressing */

--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -65,9 +65,8 @@ int ah6_output(struct sk_buff *skb)
 	}
 	spin_lock_bh(&x->lock);
-	if ((err = xfrm_state_check_expire(x)) != 0)
+	err = xfrm_check_output(x, skb, AF_INET);
-		goto error;
+	if (err)
-	if ((err = xfrm_state_check_space(x, skb)) != 0)
 		goto error;
 	if (x->props.mode) {

--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -126,11 +126,9 @@ int esp6_output(struct sk_buff *skb)
 	}
 	spin_lock_bh(&x->lock);
-	if ((err = xfrm_state_check_expire(x)) != 0)
+	err = xfrm_check_output(x, skb, AF_INET6);
+	if (err)
 		goto error;
-	if ((err = xfrm_state_check_space(x, skb)) != 0)
-		goto error;
 	err = -ENOMEM;
 	/* Strip IP header in transport mode. Save it. */

--- a/net/netsyms.c
+++ b/net/netsyms.c
@@ -314,6 +314,7 @@ EXPORT_SYMBOL(xfrm_state_put_afinfo);
 EXPORT_SYMBOL(xfrm_replay_check);
 EXPORT_SYMBOL(xfrm_replay_advance);
 EXPORT_SYMBOL(xfrm_check_selectors);
+EXPORT_SYMBOL(xfrm_check_output);
 EXPORT_SYMBOL(__secpath_destroy);
 EXPORT_SYMBOL(xfrm_get_acqseq);
 EXPORT_SYMBOL(xfrm_parse_spi);

--- a/net/xfrm/Makefile
+++ b/net/xfrm/Makefile
@@ -2,6 +2,6 @@
 # Makefile for the XFRM subsystem.
 #
-obj-y := xfrm_policy.o xfrm_state.o xfrm_input.o xfrm_algo.o
+obj-y := xfrm_policy.o xfrm_state.o xfrm_input.o xfrm_algo.o xfrm_output.o
 obj-$(CONFIG_XFRM_USER) += xfrm_user.o
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
+/* 
+ * generic xfrm output routines
+ *
+ * Copyright (c) 2003 James Morris <jmorris@intercode.com.au>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option) 
+ * any later version.
+ */
+#include <linux/config.h>
+#include <linux/kernel.h>
+#include <linux/skbuff.h>
+#include <net/xfrm.h>
+int xfrm_check_output(struct xfrm_state *x,
+                      struct sk_buff *skb, unsigned short family)
+{
+	int err;
+	err = xfrm_state_check_expire(x);
+	if (err)
+		goto out;
+	if (x->props.mode) {
+		switch (family) {
+		case AF_INET:
+			err = xfrm4_tunnel_check_size(skb);
+			break;
+		case AF_INET6:
+			err = xfrm6_tunnel_check_size(skb);
+			break;
+		default:
+			err = -EINVAL;
+		}
+		if (err)
+			goto out;
+	}
+	err = xfrm_state_check_space(x, skb);
+out:
+	return err;
+}