[IPSEC]: Merge most of the output path

[linux-2.6-omap-h63xx.git] / net / xfrm / xfrm_output.c
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c

index f4bfd6c4565119f9f3be6cb80547922b930b4f73..bcb3701c5cf3e27d34e3fdd37203e2fc3a79bdd1 100644 (file)
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -12,6 +12,7 @@
  #include <linux/errno.h>
  #include <linux/module.h>
  #include <linux/netdevice.h>
+#include <linux/netfilter.h>
  #include <linux/skbuff.h>
  #include <linux/spinlock.h>
  #include <net/dst.h>
@@ -19,7 +20,8 @@
  
  static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
  {
-       int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
+       struct dst_entry *dst = skb->dst;
+       int nhead = dst->header_len + LL_RESERVED_SPACE(dst->dev)
                 - skb_headroom(skb);
  
         if (nhead > 0)
@@ -39,7 +41,7 @@ err:
         return err;
  }
  
-int xfrm_output(struct sk_buff *skb)
+static int xfrm_output_one(struct sk_buff *skb)
  {
         struct dst_entry *dst = skb->dst;
         struct xfrm_state *x = dst->xfrm;
@@ -52,6 +54,10 @@ int xfrm_output(struct sk_buff *skb)
         }
  
         do {
+               err = x->outer_mode->output(x, skb);
+               if (err)
+                       goto error;
+
                 spin_lock_bh(&x->lock);
                 err = xfrm_state_check(x, skb);
                 if (err)
@@ -63,10 +69,6 @@ int xfrm_output(struct sk_buff *skb)
                                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
                 }
  
-               err = x->outer_mode->output(x, skb);
-               if (err)
-                       goto error;
-
                 x->curlft.bytes += skb->len;
                 x->curlft.packets++;
  
@@ -86,10 +88,73 @@ int xfrm_output(struct sk_buff *skb)
  
         err = 0;
  
-error_nolock:
+out_exit:
         return err;
  error:
         spin_unlock_bh(&x->lock);
-       goto error_nolock;
+error_nolock:
+       kfree_skb(skb);
+       goto out_exit;
+}
+
+static int xfrm_output2(struct sk_buff *skb)
+{
+       int err;
+
+       while (likely((err = xfrm_output_one(skb)) == 0)) {
+               struct xfrm_state *x;
+
+               nf_reset(skb);
+
+               err = skb->dst->ops->local_out(skb);
+               if (unlikely(err != 1))
+                       break;
+
+               x = skb->dst->xfrm;
+               if (!x)
+                       return dst_output(skb);
+
+               err = nf_hook(x->inner_mode->afinfo->family,
+                             x->inner_mode->afinfo->nf_post_routing, skb,
+                             NULL, skb->dst->dev, xfrm_output2);
+               if (unlikely(err != 1))
+                       break;
+       }
+
+       return err;
+}
+
+int xfrm_output(struct sk_buff *skb)
+{
+       struct sk_buff *segs;
+
+       if (!skb_is_gso(skb))
+               return xfrm_output2(skb);
+
+       segs = skb_gso_segment(skb, 0);
+       kfree_skb(skb);
+       if (unlikely(IS_ERR(segs)))
+               return PTR_ERR(segs);
+
+       do {
+               struct sk_buff *nskb = segs->next;
+               int err;
+
+               segs->next = NULL;
+               err = xfrm_output2(segs);
+
+               if (unlikely(err)) {
+                       while ((segs = nskb)) {
+                               nskb = segs->next;
+                               segs->next = NULL;
+                               kfree_skb(segs);
+                       }
+                       return err;
+               }
+
+               segs = nskb;
+       } while (segs);
+
+       return 0;
  }
  EXPORT_SYMBOL_GPL(xfrm_output);