Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input

[linux-2.6-omap-h63xx.git] / net / xfrm / xfrm_output.c

diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 3c277a4d0e786eb40273b9b7a1553d7ba41bc841..2519129c6d213f85bceebc165e2c27744f2fd3b6 100644 (file)
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -33,16 +33,6 @@ static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
        return 0;
 }
 
-static int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
-{
-       int err = xfrm_state_check_expire(x);
-       if (err < 0)
-               goto err;
-       err = xfrm_state_check_space(x, skb);
-err:
-       return err;
-}
-
 static int xfrm_output_one(struct sk_buff *skb, int err)
 {
        struct dst_entry *dst = skb->dst;
@@ -52,17 +42,34 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
                goto resume;
 
        do {
+               err = xfrm_state_check_space(x, skb);
+               if (err) {
+                       XFRM_INC_STATS(LINUX_MIB_XFRMOUTERROR);
+                       goto error_nolock;
+               }
+
                err = x->outer_mode->output(x, skb);
-               if (err)
-                       goto error;
+               if (err) {
+                       XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATEMODEERROR);
+                       goto error_nolock;
+               }
 
                spin_lock_bh(&x->lock);
-               err = xfrm_state_check(x, skb);
-               if (err)
+               err = xfrm_state_check_expire(x);
+               if (err) {
+                       XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATEEXPIRED);
                        goto error;
+               }
 
                if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
-                       XFRM_SKB_CB(skb)->seq = ++x->replay.oseq;
+                       XFRM_SKB_CB(skb)->seq.output = ++x->replay.oseq;
+                       if (unlikely(x->replay.oseq == 0)) {
+                               XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATESEQERROR);
+                               x->replay.oseq--;
+                               xfrm_audit_state_replay_overflow(x, skb);
+                               err = -EOVERFLOW;
+                               goto error;
+                       }
                        if (xfrm_aevent_is_on())
                                xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
                }
@@ -73,12 +80,17 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
                spin_unlock_bh(&x->lock);
 
                err = x->type->output(x, skb);
+               if (err == -EINPROGRESS)
+                       goto out_exit;
 
 resume:
-               if (err)
+               if (err) {
+                       XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATEPROTOERROR);
                        goto error_nolock;
+               }
 
                if (!(skb->dst = dst_pop(dst))) {
+                       XFRM_INC_STATS(LINUX_MIB_XFRMOUTERROR);
                        err = -EHOSTUNREACH;
                        goto error_nolock;
                }
@@ -112,7 +124,7 @@ int xfrm_output_resume(struct sk_buff *skb, int err)
                if (!x)
                        return dst_output(skb);
 
-               err = nf_hook(x->inner_mode->afinfo->family,
+               err = nf_hook(skb->dst->ops->family,
                              NF_INET_POST_ROUTING, skb,
                              NULL, skb->dst->dev, xfrm_output2);
                if (unlikely(err != 1))
@@ -173,6 +185,7 @@ int xfrm_output(struct sk_buff *skb)
        if (skb->ip_summed == CHECKSUM_PARTIAL) {
                err = skb_checksum_help(skb);
                if (err) {
+                       XFRM_INC_STATS(LINUX_MIB_XFRMOUTERROR);
                        kfree_skb(skb);
                        return err;
                }
@@ -180,4 +193,20 @@ int xfrm_output(struct sk_buff *skb)
 
        return xfrm_output2(skb);
 }
+
+int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb)
+{
+       struct xfrm_mode *inner_mode;
+       if (x->sel.family == AF_UNSPEC)
+               inner_mode = xfrm_ip2inner_mode(x,
+                               xfrm_af2proto(skb->dst->ops->family));
+       else
+               inner_mode = x->inner_mode;
+
+       if (inner_mode == NULL)
+               return -EAFNOSUPPORT;
+       return inner_mode->afinfo->extract_output(x, skb);
+}
+
 EXPORT_SYMBOL_GPL(xfrm_output);
+EXPORT_SYMBOL_GPL(xfrm_inner_extract_output);