xfrm: Add mode handlers for IPsec on layer 2

	 */

	int (*output)(struct xfrm_state *x, struct sk_buff *skb);

	/*

	 * Adjust pointers into the packet and do GSO segmentation.

	 */

	struct sk_buff *(*gso_segment)(struct xfrm_state *x, struct sk_buff *skb, netdev_features_t features);

	/*

	 * Adjust pointers into the packet when IPsec is done at layer2.

	 */

	void (*xmit)(struct xfrm_state *x, struct sk_buff *skb);

	struct xfrm_state_afinfo *afinfo;

	struct module *owner;

	unsigned int encap;

#include <net/dst.h>

#include <net/ip.h>

#include <net/xfrm.h>

#include <net/protocol.h>

/* Add encapsulation header.

 *

	return 0;

}

static struct sk_buff *xfrm4_transport_gso_segment(struct xfrm_state *x,

						   struct sk_buff *skb,

						   netdev_features_t features)

{

	const struct net_offload *ops;

	struct sk_buff *segs = ERR_PTR(-EINVAL);

	struct xfrm_offload *xo = xfrm_offload(skb);

	skb->transport_header += x->props.header_len;

	ops = rcu_dereference(inet_offloads[xo->proto]);

	if (likely(ops && ops->callbacks.gso_segment))

		segs = ops->callbacks.gso_segment(skb, features);

	return segs;

}

static void xfrm4_transport_xmit(struct xfrm_state *x, struct sk_buff *skb)

{

	struct xfrm_offload *xo = xfrm_offload(skb);

	skb_reset_mac_len(skb);

	pskb_pull(skb, skb->mac_len + sizeof(struct iphdr) + x->props.header_len);

	if (xo->flags & XFRM_GSO_SEGMENT) {

		 skb_reset_transport_header(skb);

		 skb->transport_header -= x->props.header_len;

	}

}

static struct xfrm_mode xfrm4_transport_mode = {

	.input = xfrm4_transport_input,

	.output = xfrm4_transport_output,

	.gso_segment = xfrm4_transport_gso_segment,

	.xmit = xfrm4_transport_xmit,

	.owner = THIS_MODULE,

	.encap = XFRM_MODE_TRANSPORT,

};

	return err;

}

static struct sk_buff *xfrm4_mode_tunnel_gso_segment(struct xfrm_state *x,

						     struct sk_buff *skb,

						     netdev_features_t features)

{

	__skb_push(skb, skb->mac_len);

	return skb_mac_gso_segment(skb, features);

}

static void xfrm4_mode_tunnel_xmit(struct xfrm_state *x, struct sk_buff *skb)

{

	struct xfrm_offload *xo = xfrm_offload(skb);

	if (xo->flags & XFRM_GSO_SEGMENT) {

		skb->network_header = skb->network_header - x->props.header_len;

		skb->transport_header = skb->network_header +

					sizeof(struct iphdr);

	}

	skb_reset_mac_len(skb);

	pskb_pull(skb, skb->mac_len + x->props.header_len);

}

static struct xfrm_mode xfrm4_tunnel_mode = {

	.input2 = xfrm4_mode_tunnel_input,

	.input = xfrm_prepare_input,

	.output2 = xfrm4_mode_tunnel_output,

	.output = xfrm4_prepare_output,

	.gso_segment = xfrm4_mode_tunnel_gso_segment,

	.xmit = xfrm4_mode_tunnel_xmit,

	.owner = THIS_MODULE,

	.encap = XFRM_MODE_TUNNEL,

	.flags = XFRM_MODE_FLAG_TUNNEL,

#include <net/dst.h>

#include <net/ipv6.h>

#include <net/xfrm.h>

#include <net/protocol.h>

/* Add encapsulation header.

 *

	return 0;

}

static struct sk_buff *xfrm4_transport_gso_segment(struct xfrm_state *x,

						   struct sk_buff *skb,

						   netdev_features_t features)

{

	const struct net_offload *ops;

	struct sk_buff *segs = ERR_PTR(-EINVAL);

	struct xfrm_offload *xo = xfrm_offload(skb);

	skb->transport_header += x->props.header_len;

	ops = rcu_dereference(inet6_offloads[xo->proto]);

	if (likely(ops && ops->callbacks.gso_segment))

		segs = ops->callbacks.gso_segment(skb, features);

	return segs;

}

static void xfrm6_transport_xmit(struct xfrm_state *x, struct sk_buff *skb)

{

	struct xfrm_offload *xo = xfrm_offload(skb);

	skb_reset_mac_len(skb);

	pskb_pull(skb, skb->mac_len + sizeof(struct ipv6hdr) + x->props.header_len);

	if (xo->flags & XFRM_GSO_SEGMENT) {

		 skb_reset_transport_header(skb);

		 skb->transport_header -= x->props.header_len;

	}

}

static struct xfrm_mode xfrm6_transport_mode = {

	.input = xfrm6_transport_input,

	.output = xfrm6_transport_output,

	.gso_segment = xfrm4_transport_gso_segment,

	.xmit = xfrm6_transport_xmit,

	.owner = THIS_MODULE,

	.encap = XFRM_MODE_TRANSPORT,

};

	return err;

}

static struct sk_buff *xfrm6_mode_tunnel_gso_segment(struct xfrm_state *x,

						     struct sk_buff *skb,

						     netdev_features_t features)

{

	__skb_push(skb, skb->mac_len);

	return skb_mac_gso_segment(skb, features);

}

static void xfrm6_mode_tunnel_xmit(struct xfrm_state *x, struct sk_buff *skb)

{

	struct xfrm_offload *xo = xfrm_offload(skb);

	if (xo->flags & XFRM_GSO_SEGMENT) {

		skb->network_header = skb->network_header - x->props.header_len;

		skb->transport_header = skb->network_header + sizeof(struct ipv6hdr);

	}

	skb_reset_mac_len(skb);

	pskb_pull(skb, skb->mac_len + x->props.header_len);

}

static struct xfrm_mode xfrm6_tunnel_mode = {

	.input2 = xfrm6_mode_tunnel_input,

	.input = xfrm_prepare_input,

	.output2 = xfrm6_mode_tunnel_output,

	.output = xfrm6_prepare_output,

	.gso_segment = xfrm6_mode_tunnel_gso_segment,

	.xmit = xfrm6_mode_tunnel_xmit,

	.owner = THIS_MODULE,

	.encap = XFRM_MODE_TUNNEL,

	.flags = XFRM_MODE_FLAG_TUNNEL,