[IPSEC]: Move integrity stat collection into xfrm_input

[linux-2.6] / net / ipv6 / xfrm6_state.c

diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index b392bee396f16341c2842aa20c3759c19afb0238..00360b514e9979285e35f6ddb1e543aefc0b77f1 100644 (file)
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -14,6 +14,8 @@
 #include <net/xfrm.h>
 #include <linux/pfkeyv2.h>
 #include <linux/ipsec.h>
+#include <linux/netfilter_ipv6.h>
+#include <net/dsfield.h>
 #include <net/ipv6.h>
 #include <net/addrconf.h>
 
@@ -168,13 +170,35 @@ __xfrm6_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n)
        return 0;
 }
 
+int xfrm6_extract_header(struct sk_buff *skb)
+{
+       struct ipv6hdr *iph = ipv6_hdr(skb);
+
+       XFRM_MODE_SKB_CB(skb)->id = 0;
+       XFRM_MODE_SKB_CB(skb)->frag_off = htons(IP_DF);
+       XFRM_MODE_SKB_CB(skb)->tos = ipv6_get_dsfield(iph);
+       XFRM_MODE_SKB_CB(skb)->ttl = iph->hop_limit;
+       XFRM_MODE_SKB_CB(skb)->protocol =
+               skb_network_header(skb)[IP6CB(skb)->nhoff];
+       memcpy(XFRM_MODE_SKB_CB(skb)->flow_lbl, iph->flow_lbl,
+              sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl));
+
+       return 0;
+}
+
 static struct xfrm_state_afinfo xfrm6_state_afinfo = {
        .family                 = AF_INET6,
+       .proto                  = IPPROTO_IPV6,
+       .eth_proto              = htons(ETH_P_IPV6),
+       .nf_post_routing        = NF_IP6_POST_ROUTING,
        .owner                  = THIS_MODULE,
        .init_tempsel           = __xfrm6_init_tempsel,
        .tmpl_sort              = __xfrm6_tmpl_sort,
        .state_sort             = __xfrm6_state_sort,
        .output                 = xfrm6_output,
+       .extract_input          = xfrm6_extract_input,
+       .extract_output         = xfrm6_extract_output,
+       .transport_finish       = xfrm6_transport_finish,
 };
 
 void __init xfrm6_state_init(void)