[POWERPC] powerpc: Make RTAS console init generic

[powerpc.git] / net / ipv6 / netfilter.c
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c

index f8626eb..395a417 100644 (file)
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -1,15 +1,13 @@
-#include <linux/config.h>
-#include <linux/init.h>
-
-#ifdef CONFIG_NETFILTER
-
  #include <linux/kernel.h>
+#include <linux/init.h>
  #include <linux/ipv6.h>
  #include <linux/netfilter.h>
  #include <linux/netfilter_ipv6.h>
  #include <net/dst.h>
  #include <net/ipv6.h>
  #include <net/ip6_route.h>
+#include <net/xfrm.h>
+#include <net/ip6_checksum.h>
  
  int ip6_route_me_harder(struct sk_buff *skb)
  {
@@ -21,11 +19,17 @@ int ip6_route_me_harder(struct sk_buff *skb)
                 { .ip6_u =
                   { .daddr = iph->daddr,
                     .saddr = iph->saddr, } },
-               .proto = iph->nexthdr,
         };
  
         dst = ip6_route_output(skb->sk, &fl);
  
+#ifdef CONFIG_XFRM
+       if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) &&
+           xfrm_decode_session(skb, &fl, AF_INET6) == 0)
+               if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0))
+                       return -1;
+#endif
+
         if (dst->error) {
                 IP6_INC_STATS(IPSTATS_MIB_OUTNOROUTES);
                 LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n");
@@ -51,7 +55,7 @@ struct ip6_rt_info {
         struct in6_addr saddr;
  };
  
-static void save(const struct sk_buff *skb, struct nf_info *info)
+static void nf_ip6_saveroute(const struct sk_buff *skb, struct nf_info *info)
  {
         struct ip6_rt_info *rt_info = nf_info_reroute(info);
  
@@ -63,7 +67,7 @@ static void save(const struct sk_buff *skb, struct nf_info *info)
         }
  }
  
-static int reroute(struct sk_buff **pskb, const struct nf_info *info)
+static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info)
  {
         struct ip6_rt_info *rt_info = nf_info_reroute(info);
  
@@ -76,29 +80,56 @@ static int reroute(struct sk_buff **pskb, const struct nf_info *info)
         return 0;
  }
  
-static struct nf_queue_rerouter ip6_reroute = {
-       .rer_size       = sizeof(struct ip6_rt_info),
-       .save           = &save,
-       .reroute        = &reroute,
-};
-
-int __init ipv6_netfilter_init(void)
+unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
+                            unsigned int dataoff, u_int8_t protocol)
  {
-       return nf_register_queue_rerouter(PF_INET6, &ip6_reroute);
+       struct ipv6hdr *ip6h = skb->nh.ipv6h;
+       unsigned int csum = 0;
+
+       switch (skb->ip_summed) {
+       case CHECKSUM_HW:
+               if (hook != NF_IP6_PRE_ROUTING && hook != NF_IP6_LOCAL_IN)
+                       break;
+               if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
+                                    skb->len - dataoff, protocol,
+                                    csum_sub(skb->csum,
+                                             skb_checksum(skb, 0,
+                                                          dataoff, 0)))) {
+                       skb->ip_summed = CHECKSUM_UNNECESSARY;
+                       break;
+               }
+               /* fall through */
+       case CHECKSUM_NONE:
+               skb->csum = ~csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
+                                            skb->len - dataoff,
+                                            protocol,
+                                            csum_sub(0,
+                                                     skb_checksum(skb, 0,
+                                                                  dataoff, 0)));
+               csum = __skb_checksum_complete(skb);
+       }
+       return csum;
  }
  
-void ipv6_netfilter_fini(void)
-{
-       nf_unregister_queue_rerouter(PF_INET6);
-}
+EXPORT_SYMBOL(nf_ip6_checksum);
+
+static struct nf_afinfo nf_ip6_afinfo = {
+       .family         = AF_INET6,
+       .checksum       = nf_ip6_checksum,
+       .saveroute      = nf_ip6_saveroute,
+       .reroute        = nf_ip6_reroute,
+       .route_key_size = sizeof(struct ip6_rt_info),
+};
  
-#else /* CONFIG_NETFILTER */
  int __init ipv6_netfilter_init(void)
  {
-       return 0;
+       return nf_register_afinfo(&nf_ip6_afinfo);
  }
  
+/* This can be called from inet6_init() on errors, so it cannot
+ * be marked __exit. -DaveM
+ */
  void ipv6_netfilter_fini(void)
  {
+       nf_unregister_afinfo(&nf_ip6_afinfo);
  }
-#endif /* CONFIG_NETFILTER */