xref: /openbmc/linux/net/ipv6/xfrm6_output.c (revision 565d76cb) 
1 /*
2  * xfrm6_output.c - Common IPsec encapsulation code for IPv6.
3  * Copyright (C) 2002 USAGI/WIDE Project
4  * Copyright (c) 2004 Herbert Xu <herbert@gondor.apana.org.au>
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11 
12 #include <linux/if_ether.h>
13 #include <linux/kernel.h>
14 #include <linux/module.h>
15 #include <linux/skbuff.h>
16 #include <linux/icmpv6.h>
17 #include <linux/netfilter_ipv6.h>
18 #include <net/dst.h>
19 #include <net/ipv6.h>
20 #include <net/ip6_route.h>
21 #include <net/xfrm.h>
22 
23 int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
24 			  u8 **prevhdr)
25 {
26 	return ip6_find_1stfragopt(skb, prevhdr);
27 }
28 
29 EXPORT_SYMBOL(xfrm6_find_1stfragopt);
30 
31 static int xfrm6_tunnel_check_size(struct sk_buff *skb)
32 {
33 	int mtu, ret = 0;
34 	struct dst_entry *dst = skb_dst(skb);
35 
36 	mtu = dst_mtu(dst);
37 	if (mtu < IPV6_MIN_MTU)
38 		mtu = IPV6_MIN_MTU;
39 
40 	if (!skb->local_df && skb->len > mtu) {
41 		skb->dev = dst->dev;
42 		icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
43 		ret = -EMSGSIZE;
44 	}
45 
46 	return ret;
47 }
48 
49 int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb)
50 {
51 	int err;
52 
53 	err = xfrm6_tunnel_check_size(skb);
54 	if (err)
55 		return err;
56 
57 	XFRM_MODE_SKB_CB(skb)->protocol = ipv6_hdr(skb)->nexthdr;
58 
59 	return xfrm6_extract_header(skb);
60 }
61 
62 int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
63 {
64 	int err;
65 
66 	err = xfrm_inner_extract_output(x, skb);
67 	if (err)
68 		return err;
69 
70 	memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
71 #ifdef CONFIG_NETFILTER
72 	IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED;
73 #endif
74 
75 	skb->protocol = htons(ETH_P_IPV6);
76 	skb->local_df = 1;
77 
78 	return x->outer_mode->output2(x, skb);
79 }
80 EXPORT_SYMBOL(xfrm6_prepare_output);
81 
82 static int xfrm6_output_finish(struct sk_buff *skb)
83 {
84 #ifdef CONFIG_NETFILTER
85 	IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED;
86 #endif
87 
88 	skb->protocol = htons(ETH_P_IPV6);
89 	return xfrm_output(skb);
90 }
91 
92 static int __xfrm6_output(struct sk_buff *skb)
93 {
94 	struct dst_entry *dst = skb_dst(skb);
95 	struct xfrm_state *x = dst->xfrm;
96 
97 	if ((x && x->props.mode == XFRM_MODE_TUNNEL) &&
98 	    ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
99 		dst_allfrag(skb_dst(skb)))) {
100 			return ip6_fragment(skb, xfrm6_output_finish);
101 	}
102 	return xfrm6_output_finish(skb);
103 }
104 
105 int xfrm6_output(struct sk_buff *skb)
106 {
107 	return NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL,
108 		       skb_dst(skb)->dev, __xfrm6_output);
109 }
110