2005-04-16 15:20:36 -07:00
/*
* xfrm4_output . c - Common IPsec encapsulation code for IPv4 .
* Copyright ( c ) 2004 Herbert Xu < herbert @ gondor . apana . org . au >
2007-02-09 23:24:47 +09:00
*
2005-04-16 15:20:36 -07:00
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation ; either version
* 2 of the License , or ( at your option ) any later version .
*/
2006-06-22 03:08:03 -07:00
# include <linux/if_ether.h>
# include <linux/kernel.h>
2007-11-13 21:40:52 -08:00
# include <linux/module.h>
2005-04-16 15:20:36 -07:00
# include <linux/skbuff.h>
2006-01-06 23:01:48 -08:00
# include <linux/netfilter_ipv4.h>
2007-11-13 21:40:52 -08:00
# include <net/dst.h>
2005-04-16 15:20:36 -07:00
# include <net/ip.h>
# include <net/xfrm.h>
# include <net/icmp.h>
static int xfrm4_tunnel_check_size ( struct sk_buff * skb )
{
int mtu , ret = 0 ;
struct dst_entry * dst ;
if ( IPCB ( skb ) - > flags & IPSKB_XFRM_TUNNEL_SIZE )
goto out ;
2007-04-20 22:47:35 -07:00
if ( ! ( ip_hdr ( skb ) - > frag_off & htons ( IP_DF ) ) | | skb - > local_df )
2005-04-16 15:20:36 -07:00
goto out ;
dst = skb - > dst ;
mtu = dst_mtu ( dst ) ;
if ( skb - > len > mtu ) {
icmp_send ( skb , ICMP_DEST_UNREACH , ICMP_FRAG_NEEDED , htonl ( mtu ) ) ;
ret = - EMSGSIZE ;
}
out :
return ret ;
}
2007-11-13 21:40:52 -08:00
int xfrm4_extract_output ( struct xfrm_state * x , struct sk_buff * skb )
{
int err ;
err = xfrm4_tunnel_check_size ( skb ) ;
if ( err )
return err ;
2007-11-19 18:47:58 -08:00
XFRM_MODE_SKB_CB ( skb ) - > protocol = ip_hdr ( skb ) - > protocol ;
2007-11-13 21:40:52 -08:00
return xfrm4_extract_header ( skb ) ;
}
int xfrm4_prepare_output ( struct xfrm_state * x , struct sk_buff * skb )
{
int err ;
err = x - > inner_mode - > afinfo - > extract_output ( x , skb ) ;
if ( err )
return err ;
memset ( IPCB ( skb ) , 0 , sizeof ( * IPCB ( skb ) ) ) ;
2007-11-13 21:43:11 -08:00
IPCB ( skb ) - > flags | = IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED ;
2007-11-13 21:40:52 -08:00
skb - > protocol = htons ( ETH_P_IP ) ;
return x - > outer_mode - > output2 ( x , skb ) ;
}
EXPORT_SYMBOL ( xfrm4_prepare_output ) ;
2006-06-22 03:08:03 -07:00
static int xfrm4_output_finish ( struct sk_buff * skb )
{
# ifdef CONFIG_NETFILTER
if ( ! skb - > dst - > xfrm ) {
IPCB ( skb ) - > flags | = IPSKB_REROUTED ;
return dst_output ( skb ) ;
}
2007-11-13 21:43:11 -08:00
IPCB ( skb ) - > flags | = IPSKB_XFRM_TRANSFORMED ;
# endif
2006-06-22 03:08:03 -07:00
skb - > protocol = htons ( ETH_P_IP ) ;
2007-11-13 21:43:11 -08:00
return xfrm_output ( skb ) ;
2006-06-22 03:08:03 -07:00
}
2006-01-06 23:01:48 -08:00
int xfrm4_output ( struct sk_buff * skb )
{
2007-11-19 18:53:30 -08:00
return NF_HOOK_COND ( PF_INET , NF_INET_POST_ROUTING , skb ,
NULL , skb - > dst - > dev , xfrm4_output_finish ,
2006-02-15 15:10:22 -08:00
! ( IPCB ( skb ) - > flags & IPSKB_REROUTED ) ) ;
2006-01-06 23:01:48 -08:00
}