static void ipsec_mast_xsm_complete(struct ipsec_xmit_state *ixs, enum ipsec_xmit_value stat) { if (stat != IPSEC_XMIT_OK) { KLIPS_PRINT(debug_mast, "klips_debug:ipsec_mast_xsm_complete: " "ipsec_xsm failed: %d\n", stat); goto cleanup; } /* do any final NAT-encapsulation */ stat = ipsec_nat_encap(ixs); if (stat != IPSEC_XMIT_OK) goto cleanup; ipsec_xmit_send(ixs); cleanup: ipsec_xmit_cleanup(ixs); if (ixs->ipsp) { ipsec_sa_put(ixs->ipsp, IPSEC_REFOTHER); ixs->ipsp = NULL; } if (ixs->skb) { ipsec_kfree_skb(ixs->skb); ixs->skb = NULL; } ipsec_xmit_state_delete(ixs); }
/* * This function assumes it is being called from dev_queue_xmit() * and that skb is filled properly by that function. */ int ipsec_mast_start_xmit(struct sk_buff *skb, struct net_device *dev) { struct ipsec_xmit_state *ixs; IPsecSAref_t SAref; KLIPS_PRINT(debug_mast, "klips_debug:ipsec_mast_start_xmit: skb=%p\n", skb); if(skb == NULL) { printk("ipsec_mast_start_xmit: " "passed NULL\n"); return 0; } ixs = ipsec_xmit_state_new(dev); if(ixs == NULL) return NETDEV_TX_BUSY; ixs->dev = dev; ixs->skb = skb; SAref = 0; #ifdef NETDEV_25 #if defined(CONFIG_NETFILTER) if(skb->nfmark & IPSEC_NFMARK_IS_SAREF_BIT) { SAref = NFmark2IPsecSAref(skb->nfmark); KLIPS_PRINT(debug_mast, "klips_debug:ipsec_mast_start_xmit: " "getting SAref=%d from nfmark\n", SAref); } #endif #endif #ifdef CONFIG_INET_IPSEC_SAREF if(skb->sp && skb->sp->ref != IPSEC_SAREF_NULL) { SAref = skb->sp->ref; KLIPS_PRINT(debug_mast, "klips_debug:ipsec_mast_start_xmit: " "getting SAref=%d from sec_path\n", SAref); } #endif if (ipsec_xmit_sanity_check_skb(ixs) != IPSEC_XMIT_OK) { ipsec_xmit_cleanup(ixs); ipsec_xmit_state_delete(ixs); return 0; } ixs->ipsp = ipsec_sa_getbyref(SAref, IPSEC_REFOTHER); if(ixs->ipsp == NULL) { KLIPS_ERROR(debug_mast, "klips_debug:ipsec_mast_start_xmit: " "%s: no SA for saref=%d\n", dev->name, SAref); ipsec_xmit_cleanup(ixs); ipsec_xmit_state_delete(ixs); return 0; } /* make sure this packet can go out on this SA */ if (ipsec_mast_check_outbound_policy(ixs)) { ipsec_xmit_cleanup(ixs); ipsec_xmit_state_delete(ixs); return 0; } /* fill in outgoing_said using the ipsp we have */ ixs->outgoing_said = ixs->ipsp->ips_said; #ifdef NETDEV_25 #if defined(CONFIG_NETFILTER) /* prevent recursion through the saref route */ if(skb->nfmark & 0x80000000) { skb->nfmark = 0; } #endif #endif #if 0 /* TODO: do we have to also have to do this? */ if(skb->sp && skb->sp->ref != IPSEC_SAREF_NULL) { secpath_put(skb->sp); skb->sp = NULL; } #endif /* * we should be calculating the MTU by looking up a route * based upon the destination in the SA, and then cache * it into the SA, but we don't do that right now. */ ixs->cur_mtu = 1460; ixs->physmtu = 1460; ixs->mast_mode = 1; ixs->xsm_complete = ipsec_mast_xsm_complete; ixs->state = IPSEC_XSM_INIT2; /* we start later in the process */ ixs->prv = netdev_priv(ixs->dev); ixs->stats = (struct net_device_stats *) &(ixs->prv->mystats); ipsec_xsm(ixs); return 0; }