[XFRM] STATE: Support non-fragment outbound transformation headers.
For originated outbound IPv6 packets which will fragment, ip6_append_data() should know length of extension headers before sending them and the length is carried by dst_entry. IPv6 IPsec headers fragment then transformation was designed to place all headers after fragment header. OTOH Mobile IPv6 extension headers do not fragment then it is a good idea to make dst_entry have non-fragment length to tell it to ip6_append_data(). Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
99505a8436
commit
1b5c229987
|
@ -54,6 +54,7 @@ struct dst_entry
|
|||
unsigned long expires;
|
||||
|
||||
unsigned short header_len; /* more space at head required */
|
||||
unsigned short nfheader_len; /* more non-fragment space at head required */
|
||||
unsigned short trailer_len; /* space to reserve at tail */
|
||||
|
||||
u32 metrics[RTAX_MAX];
|
||||
|
|
|
@ -260,6 +260,8 @@ struct xfrm_type
|
|||
char *description;
|
||||
struct module *owner;
|
||||
__u8 proto;
|
||||
__u8 flags;
|
||||
#define XFRM_TYPE_NON_FRAGMENT 1
|
||||
|
||||
int (*init_state)(struct xfrm_state *x);
|
||||
void (*destructor)(struct xfrm_state *);
|
||||
|
|
|
@ -135,6 +135,7 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
|
|||
dst_prev->flags |= DST_HOST;
|
||||
dst_prev->lastuse = jiffies;
|
||||
dst_prev->header_len = header_len;
|
||||
dst_prev->nfheader_len = 0;
|
||||
dst_prev->trailer_len = trailer_len;
|
||||
memcpy(&dst_prev->metrics, &x->route->metrics, sizeof(dst_prev->metrics));
|
||||
|
||||
|
|
|
@ -971,7 +971,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
|
|||
|
||||
hh_len = LL_RESERVED_SPACE(rt->u.dst.dev);
|
||||
|
||||
fragheaderlen = sizeof(struct ipv6hdr) + (opt ? opt->opt_nflen : 0);
|
||||
fragheaderlen = sizeof(struct ipv6hdr) + rt->u.dst.nfheader_len + (opt ? opt->opt_nflen : 0);
|
||||
maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr);
|
||||
|
||||
if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
|
||||
|
|
|
@ -75,6 +75,24 @@ __xfrm6_bundle_addr_local(struct xfrm_state *x, struct in6_addr *addr)
|
|||
(struct in6_addr*)&x->props.saddr;
|
||||
}
|
||||
|
||||
static inline void
|
||||
__xfrm6_bundle_len_inc(int *len, int *nflen, struct xfrm_state *x)
|
||||
{
|
||||
if (x->type->flags & XFRM_TYPE_NON_FRAGMENT)
|
||||
*nflen += x->props.header_len;
|
||||
else
|
||||
*len += x->props.header_len;
|
||||
}
|
||||
|
||||
static inline void
|
||||
__xfrm6_bundle_len_dec(int *len, int *nflen, struct xfrm_state *x)
|
||||
{
|
||||
if (x->type->flags & XFRM_TYPE_NON_FRAGMENT)
|
||||
*nflen -= x->props.header_len;
|
||||
else
|
||||
*len -= x->props.header_len;
|
||||
}
|
||||
|
||||
/* Allocate chain of dst_entry's, attach known xfrm's, calculate
|
||||
* all the metrics... Shortly, bundle a bundle.
|
||||
*/
|
||||
|
@ -99,6 +117,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
|
|||
int i;
|
||||
int err = 0;
|
||||
int header_len = 0;
|
||||
int nfheader_len = 0;
|
||||
int trailer_len = 0;
|
||||
|
||||
dst = dst_prev = NULL;
|
||||
|
@ -135,7 +154,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
|
|||
local = __xfrm6_bundle_addr_local(xfrm[i], local);
|
||||
tunnel = 1;
|
||||
}
|
||||
header_len += xfrm[i]->props.header_len;
|
||||
__xfrm6_bundle_len_inc(&header_len, &nfheader_len, xfrm[i]);
|
||||
trailer_len += xfrm[i]->props.trailer_len;
|
||||
|
||||
if (tunnel) {
|
||||
|
@ -170,6 +189,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
|
|||
dst_prev->flags |= DST_HOST;
|
||||
dst_prev->lastuse = jiffies;
|
||||
dst_prev->header_len = header_len;
|
||||
dst_prev->nfheader_len = nfheader_len;
|
||||
dst_prev->trailer_len = trailer_len;
|
||||
memcpy(&dst_prev->metrics, &x->route->metrics, sizeof(dst_prev->metrics));
|
||||
|
||||
|
@ -188,7 +208,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
|
|||
x->u.rt6.rt6i_src = rt0->rt6i_src;
|
||||
x->u.rt6.rt6i_idev = rt0->rt6i_idev;
|
||||
in6_dev_hold(rt0->rt6i_idev);
|
||||
header_len -= x->u.dst.xfrm->props.header_len;
|
||||
__xfrm6_bundle_len_dec(&header_len, &nfheader_len, x->u.dst.xfrm);
|
||||
trailer_len -= x->u.dst.xfrm->props.trailer_len;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue