static void ipsec_mast_xsm_complete(struct ipsec_xmit_state *ixs,
enum ipsec_xmit_value stat)
{
if (stat != IPSEC_XMIT_OK) {
KLIPS_PRINT(debug_mast,
"klips_debug:ipsec_mast_xsm_complete: "
"ipsec_xsm failed: %d\n",
stat);
goto cleanup;
}
/* do any final NAT-encapsulation */
stat = ipsec_nat_encap(ixs);
if (stat != IPSEC_XMIT_OK)
goto cleanup;
ipsec_xmit_send(ixs);
cleanup:
ipsec_xmit_cleanup(ixs);
if (ixs->ipsp) {
ipsec_sa_put(ixs->ipsp, IPSEC_REFOTHER);
ixs->ipsp = NULL;
}
if (ixs->skb) {
ipsec_kfree_skb(ixs->skb);
ixs->skb = NULL;
}
ipsec_xmit_state_delete(ixs);
}
struct sk_buff *skb_compress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags)
{
struct iphdr *iph;
#ifdef CONFIG_KLIPS_IPV6
struct ipv6hdr *iph6;
#endif
unsigned char nexthdr;
unsigned int iphlen, pyldsz, cpyldsz;
unsigned char *buffer;
z_stream zs;
int zresult;
KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
"klips_debug:skb_compress: .\n");
if(skb == NULL) {
KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
"klips_debug:skb_compress: "
"passed in NULL skb, returning ERROR.\n");
if(flags != NULL) {
*flags |= IPCOMP_PARMERROR;
}
return skb;
}
if(ips == NULL) {
KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
"klips_debug:skb_compress: "
"passed in NULL ipsec_sa needed for cpi, returning ERROR.\n");
if(flags) {
*flags |= IPCOMP_PARMERROR;
}
return skb;
}
if (flags == NULL) {
KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
"klips_debug:skb_compress: "
"passed in NULL flags, returning ERROR.\n");
ipsec_kfree_skb(skb);
return NULL;
}
iph = ip_hdr(skb);
#ifdef CONFIG_KLIPS_IPV6
iph6 = ipv6_hdr(skb);
#endif
#ifdef CONFIG_KLIPS_IPV6
if (iph->version == 6) {
IPSEC_FRAG_OFF_DECL(frag_off)
int nexthdroff;
nexthdr = iph6->nexthdr;
nexthdroff = ipsec_ipv6_skip_exthdr(skb,
((void *)(iph6+1)) - (void*)skb->data, &nexthdr, &frag_off);
iphlen = nexthdroff - ((void *)iph6 - (void*)skb->data);
pyldsz = ntohs(iph6->payload_len) + sizeof(struct ipv6hdr) - iphlen;
} else
/*
* This is mostly skbuff.c:skb_copy().
*/
struct sk_buff *
skb_copy_expand(struct sk_buff *skb, int headroom, int tailroom, int priority)
{
struct sk_buff *n;
unsigned long offset;
/*
* Do sanity checking
*/
if((headroom < 0) || (tailroom < 0) || ((headroom+tailroom) < 0)) {
printk(KERN_WARNING
"klips_error:skb_copy_expand: "
"Illegal negative head,tailroom %d,%d\n",
headroom,
tailroom);
return NULL;
}
/*
* Allocate the copy buffer
*/
#ifndef NET_21
IS_SKB(skb);
#endif /* !NET_21 */
n=alloc_skb(skb->end - skb->head + headroom + tailroom, priority);
KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
"klips_debug:skb_copy_expand: "
"allocating %d bytes, head=0p%p data=0p%p tail=0p%p end=0p%p end-head=%d tail-data=%d\n",
skb->end - skb->head + headroom + tailroom,
skb->head,
skb->data,
skb->tail,
skb->end,
skb->end - skb->head,
skb->tail - skb->data);
if(n==NULL)
return NULL;
/*
* Shift between the two data areas in bytes
*/
/* Set the data pointer */
skb_reserve(n,skb->data-skb->head+headroom);
/* Set the tail pointer and length */
if(skb_tailroom(n) < skb->len) {
printk(KERN_WARNING "klips_error:skb_copy_expand: "
"tried to skb_put %ld, %d available. This should never happen, please report.\n",
(unsigned long int)skb->len,
skb_tailroom(n));
ipsec_kfree_skb(n);
return NULL;
}
skb_put(n,skb->len);
offset=n->head + headroom - skb->head;
/* Copy the bytes */
memcpy(n->head + headroom, skb->head,skb->end-skb->head);
#ifdef NET_21
n->csum=skb->csum;
n->priority=skb->priority;
n->dst=dst_clone(skb->dst);
if(skb->nh.raw)
n->nh.raw=skb->nh.raw+offset;
#ifndef NETDEV_23
n->is_clone=0;
#endif /* NETDEV_23 */
atomic_set(&n->users, 1);
n->destructor = NULL;
n->security=skb->security;
#else /* NET_21 */
n->link3=NULL;
n->when=skb->when;
if(skb->ip_hdr)
n->ip_hdr=(struct iphdr *)(((char *)skb->ip_hdr)+offset);
n->saddr=skb->saddr;
n->daddr=skb->daddr;
n->raddr=skb->raddr;
n->seq=skb->seq;
n->end_seq=skb->end_seq;
n->ack_seq=skb->ack_seq;
n->acked=skb->acked;
n->free=1;
n->arp=skb->arp;
n->tries=0;
n->lock=0;
n->users=0;
#endif /* NET_21 */
n->protocol=skb->protocol;
n->list=NULL;
n->sk=NULL;
n->dev=skb->dev;
if(skb->h.raw)
n->h.raw=skb->h.raw+offset;
if(skb->mac.raw)
n->mac.raw=skb->mac.raw+offset;
memcpy(n->proto_priv, skb->proto_priv, sizeof(skb->proto_priv));
#ifndef NETDEV_23
n->used=skb->used;
#endif /* !NETDEV_23 */
n->pkt_type=skb->pkt_type;
n->stamp=skb->stamp;
#ifndef NET_21
IS_SKB(n);
#endif /* !NET_21 */
return n;
}
