Doug / smarc-fsl-linux-kernel

11 Oct, 2007

7 commits

  • b7c6538cd   [IPSEC]: Move state lock into x->type->output ... Browse Code »

    This patch releases the lock on the state before calling x->type->output.
    It also adds the lock to the spots where they're currently needed.

    Most of those places (all except mip6) are expected to disappear with
    async crypto.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 007f0211a   [IPSEC]: Store IPv6 nh pointer in mac_header on output ... Browse Code »

    Current the x->mode->output functions store the IPv6 nh pointer in the
    skb network header. This is inconvenient because the network header then
    has to be fixed up before the packet can leave the IPsec stack. The mac
    header field is unused on output so we can use that to store this instead.

    This patch does that and removes the network header fix-up in xfrm_output.

    It also uses ipv6_hdr where appropriate in the x->type->output functions.

    There is also a minor clean-up in esp4 to make it use the same code as
    esp6 to help any subsequent effort to merge the two.

    Lastly it kills two redundant skb_set_* statements in BEET that were
    simply copied over from transport mode.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 45b17f48e   [IPSEC]: Move RO-specific output code into xfrm6_mode_ro.c ... Browse Code »

    The lastused update check in xfrm_output can be done just as well in
    the mode output function which is specific to RO.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • cdf7e668d   [IPSEC]: Unexport xfrm_replay_notify ... Browse Code »

    Now that the only callers of xfrm_replay_notify are in xfrm, we can remove
    the export.

    This patch also removes xfrm_aevent_doreplay since it's now called in just
    one spot.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 436a0a402   [IPSEC]: Move output replay code into xfrm_output ... Browse Code »

    The replay counter is one of only two remaining things in the output code
    that requires a lock on the xfrm state (the other being the crypto). This
    patch moves it into the generic xfrm_output so we can remove the lock from
    the transforms themselves.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 83815dea4   [IPSEC]: Move xfrm_state_check into xfrm_output.c ... Browse Code »

    The functions xfrm_state_check and xfrm_state_check_space are only used by
    the output code in xfrm_output.c so we can move them over.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 406ef77c8   [IPSEC]: Move common output code to xfrm_output ... Browse Code »

    Most of the code in xfrm4_output_one and xfrm6_output_one are identical so
    this patch moves them into a common xfrm_output function which will live
    in net/xfrm.

    In fact this would seem to fix a bug as on IPv4 we never reset the network
    header after a transform which may upset netfilter later on.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu