return 0;
}
-static int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
-{
- int err = xfrm_state_check_expire(x);
- if (err < 0)
- goto err;
- err = xfrm_state_check_space(x, skb);
-err:
- return err;
-}
-
static int xfrm_output_one(struct sk_buff *skb, int err)
{
struct dst_entry *dst = skb->dst;
goto resume;
do {
+ err = xfrm_state_check_space(x, skb);
+ if (err)
+ goto error_nolock;
+
err = x->outer_mode->output(x, skb);
if (err)
- goto error;
+ goto error_nolock;
spin_lock_bh(&x->lock);
- err = xfrm_state_check(x, skb);
+ err = xfrm_state_check_expire(x);
if (err)
goto error;
err = x->type->output(x, skb);
resume:
- if (err)
+ if (err) {
+ XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATEPROTOERROR);
goto error_nolock;
+ }
if (!(skb->dst = dst_pop(dst))) {
+ XFRM_INC_STATS(LINUX_MIB_XFRMOUTERROR);
err = -EHOSTUNREACH;
goto error_nolock;
}
return dst_output(skb);
err = nf_hook(x->inner_mode->afinfo->family,
- x->inner_mode->afinfo->nf_post_routing, skb,
+ NF_INET_POST_ROUTING, skb,
NULL, skb->dst->dev, xfrm_output2);
if (unlikely(err != 1))
goto out;
if (skb->ip_summed == CHECKSUM_PARTIAL) {
err = skb_checksum_help(skb);
if (err) {
+ XFRM_INC_STATS(LINUX_MIB_XFRMOUTERROR);
kfree_skb(skb);
return err;
}
projects / powerpc.git / blobdiff