enum ipsec_xmit_value ipsec_xmit_ipcomp_setup(struct ipsec_xmit_state *ixs)
{
unsigned int flags = 0;
unsigned int tot_len, old_tot_len;
#ifdef CONFIG_KLIPS_IPV6
if (lsw_ip_hdr_version(ixs) == 6)
old_tot_len = ntohs(lsw_ip6_hdr(ixs)->payload_len) +
sizeof(struct ipv6hdr);
else
#endif
old_tot_len = ntohs(lsw_ip4_hdr(ixs)->tot_len);
ixs->ipsp->ips_comp_ratio_dbytes += old_tot_len;
ixs->skb = skb_compress(ixs->skb, ixs->ipsp, &flags);
ixs->iph = (void *)ip_hdr(ixs->skb);
#ifdef CONFIG_KLIPS_IPV6
if (lsw_ip_hdr_version(ixs) == 6) {
IPSEC_FRAG_OFF_DECL(frag_off)
int nexthdroff;
unsigned char nexthdr = lsw_ip6_hdr(ixs)->nexthdr;
nexthdroff = ipsec_ipv6_skip_exthdr(ixs->skb,
((void *)(lsw_ip6_hdr(ixs) + 1)) -
(void*)ixs->skb->data,
&nexthdr, &frag_off);
ixs->iphlen = nexthdroff - (ixs->iph - (void*)ixs->skb->data);
tot_len = ntohs(lsw_ip6_hdr(ixs)->payload_len) +
sizeof(struct ipv6hdr);
} else
struct sk_buff *skb_compress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags)
{
struct iphdr *iph;
#ifdef CONFIG_KLIPS_IPV6
struct ipv6hdr *iph6;
#endif
unsigned char nexthdr;
unsigned int iphlen, pyldsz, cpyldsz;
unsigned char *buffer;
z_stream zs;
int zresult;
KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
"klips_debug:skb_compress: .\n");
if(skb == NULL) {
KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
"klips_debug:skb_compress: "
"passed in NULL skb, returning ERROR.\n");
if(flags != NULL) {
*flags |= IPCOMP_PARMERROR;
}
return skb;
}
if(ips == NULL) {
KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
"klips_debug:skb_compress: "
"passed in NULL ipsec_sa needed for cpi, returning ERROR.\n");
if(flags) {
*flags |= IPCOMP_PARMERROR;
}
return skb;
}
if (flags == NULL) {
KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
"klips_debug:skb_compress: "
"passed in NULL flags, returning ERROR.\n");
ipsec_kfree_skb(skb);
return NULL;
}
iph = ip_hdr(skb);
#ifdef CONFIG_KLIPS_IPV6
iph6 = ipv6_hdr(skb);
#endif
#ifdef CONFIG_KLIPS_IPV6
if (iph->version == 6) {
IPSEC_FRAG_OFF_DECL(frag_off)
int nexthdroff;
nexthdr = iph6->nexthdr;
nexthdroff = ipsec_ipv6_skip_exthdr(skb,
((void *)(iph6+1)) - (void*)skb->data, &nexthdr, &frag_off);
iphlen = nexthdroff - ((void *)iph6 - (void*)skb->data);
pyldsz = ntohs(iph6->payload_len) + sizeof(struct ipv6hdr) - iphlen;
} else
enum ipsec_xmit_value ipsec_ocf_xmit(struct ipsec_xmit_state *ixs)
{
struct cryptop *crp;
struct cryptodesc *crde = NULL, *crda = NULL, *crdc = NULL;
struct ipsec_sa *ipsp;
int req_count, payload_size;
int err;
KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, "klips_debug:ipsec_ocf_xmit\n");
ipsp = ixs->ipsp;
if (!ipsp) {
KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, "klips_debug:ipsec_ocf_xmit: "
"no SA for rcv processing\n");
return IPSEC_XMIT_SAIDNOTFOUND;
}
if (!ixs->skb) {
KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
"klips_debug:ipsec_ocf_xmit: no skb\n");
return IPSEC_XMIT_SAIDNOTFOUND;
}
switch (ipsp->ips_said.proto) {
case IPPROTO_COMP:
/*
* skip packets that have less then 90 bytes of payload to
* compress
*/
#ifdef CONFIG_KLIPS_IPV6
if (lsw_ip_hdr_version(ixs) == 6) {
IPSEC_FRAG_OFF_DECL(frag_off)
int nexthdroff;
unsigned char nexthdr = lsw_ip6_hdr(ixs)->nexthdr;
nexthdroff = ipsec_ipv6_skip_exthdr(ixs->skb,
((void *)(
lsw_ip6_hdr(
ixs)
+
1)) -
(void*)ixs->skb->data,
&nexthdr,
&frag_off);
ixs->iphlen = nexthdroff -
(ixs->iph - (void*)ixs->skb->data);
payload_size = ntohs(lsw_ip6_hdr(ixs)->payload_len);
} else
#endif /* CONFIG_KLIPS_IPV6 */
{
