[XFRM] STATE: Support non-fragment outbound transformation headers.

For originated outbound IPv6 packets which will fragment, ip6_append_data()
should know length of extension headers before sending them and
the length is carried by dst_entry.
IPv6 IPsec headers fragment then transformation was
designed to place all headers after fragment header.
OTOH Mobile IPv6 extension headers do not fragment then
it is a good idea to make dst_entry have non-fragment length to tell it
to ip6_append_data().

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Masahide NAKAMURA 2006-08-23 18:11:50 -07:00 committed by David S. Miller
parent 99505a8436
commit 1b5c229987
5 changed files with 27 additions and 3 deletions

View File

@ -54,6 +54,7 @@ struct dst_entry
unsigned long expires; unsigned long expires;
unsigned short header_len; /* more space at head required */ unsigned short header_len; /* more space at head required */
unsigned short nfheader_len; /* more non-fragment space at head required */
unsigned short trailer_len; /* space to reserve at tail */ unsigned short trailer_len; /* space to reserve at tail */
u32 metrics[RTAX_MAX]; u32 metrics[RTAX_MAX];

View File

@ -260,6 +260,8 @@ struct xfrm_type
char *description; char *description;
struct module *owner; struct module *owner;
__u8 proto; __u8 proto;
__u8 flags;
#define XFRM_TYPE_NON_FRAGMENT 1
int (*init_state)(struct xfrm_state *x); int (*init_state)(struct xfrm_state *x);
void (*destructor)(struct xfrm_state *); void (*destructor)(struct xfrm_state *);

View File

@ -135,6 +135,7 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
dst_prev->flags |= DST_HOST; dst_prev->flags |= DST_HOST;
dst_prev->lastuse = jiffies; dst_prev->lastuse = jiffies;
dst_prev->header_len = header_len; dst_prev->header_len = header_len;
dst_prev->nfheader_len = 0;
dst_prev->trailer_len = trailer_len; dst_prev->trailer_len = trailer_len;
memcpy(&dst_prev->metrics, &x->route->metrics, sizeof(dst_prev->metrics)); memcpy(&dst_prev->metrics, &x->route->metrics, sizeof(dst_prev->metrics));

View File

@ -971,7 +971,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
hh_len = LL_RESERVED_SPACE(rt->u.dst.dev); hh_len = LL_RESERVED_SPACE(rt->u.dst.dev);
fragheaderlen = sizeof(struct ipv6hdr) + (opt ? opt->opt_nflen : 0); fragheaderlen = sizeof(struct ipv6hdr) + rt->u.dst.nfheader_len + (opt ? opt->opt_nflen : 0);
maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr); maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr);
if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) { if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {

View File

@ -75,6 +75,24 @@ __xfrm6_bundle_addr_local(struct xfrm_state *x, struct in6_addr *addr)
(struct in6_addr*)&x->props.saddr; (struct in6_addr*)&x->props.saddr;
} }
static inline void
__xfrm6_bundle_len_inc(int *len, int *nflen, struct xfrm_state *x)
{
if (x->type->flags & XFRM_TYPE_NON_FRAGMENT)
*nflen += x->props.header_len;
else
*len += x->props.header_len;
}
static inline void
__xfrm6_bundle_len_dec(int *len, int *nflen, struct xfrm_state *x)
{
if (x->type->flags & XFRM_TYPE_NON_FRAGMENT)
*nflen -= x->props.header_len;
else
*len -= x->props.header_len;
}
/* Allocate chain of dst_entry's, attach known xfrm's, calculate /* Allocate chain of dst_entry's, attach known xfrm's, calculate
* all the metrics... Shortly, bundle a bundle. * all the metrics... Shortly, bundle a bundle.
*/ */
@ -99,6 +117,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
int i; int i;
int err = 0; int err = 0;
int header_len = 0; int header_len = 0;
int nfheader_len = 0;
int trailer_len = 0; int trailer_len = 0;
dst = dst_prev = NULL; dst = dst_prev = NULL;
@ -135,7 +154,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
local = __xfrm6_bundle_addr_local(xfrm[i], local); local = __xfrm6_bundle_addr_local(xfrm[i], local);
tunnel = 1; tunnel = 1;
} }
header_len += xfrm[i]->props.header_len; __xfrm6_bundle_len_inc(&header_len, &nfheader_len, xfrm[i]);
trailer_len += xfrm[i]->props.trailer_len; trailer_len += xfrm[i]->props.trailer_len;
if (tunnel) { if (tunnel) {
@ -170,6 +189,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
dst_prev->flags |= DST_HOST; dst_prev->flags |= DST_HOST;
dst_prev->lastuse = jiffies; dst_prev->lastuse = jiffies;
dst_prev->header_len = header_len; dst_prev->header_len = header_len;
dst_prev->nfheader_len = nfheader_len;
dst_prev->trailer_len = trailer_len; dst_prev->trailer_len = trailer_len;
memcpy(&dst_prev->metrics, &x->route->metrics, sizeof(dst_prev->metrics)); memcpy(&dst_prev->metrics, &x->route->metrics, sizeof(dst_prev->metrics));
@ -188,7 +208,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
x->u.rt6.rt6i_src = rt0->rt6i_src; x->u.rt6.rt6i_src = rt0->rt6i_src;
x->u.rt6.rt6i_idev = rt0->rt6i_idev; x->u.rt6.rt6i_idev = rt0->rt6i_idev;
in6_dev_hold(rt0->rt6i_idev); in6_dev_hold(rt0->rt6i_idev);
header_len -= x->u.dst.xfrm->props.header_len; __xfrm6_bundle_len_dec(&header_len, &nfheader_len, x->u.dst.xfrm);
trailer_len -= x->u.dst.xfrm->props.trailer_len; trailer_len -= x->u.dst.xfrm->props.trailer_len;
} }