Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

	GRO_HELD,

	GRO_HELD,

	GRO_NORMAL,

	GRO_NORMAL,

	GRO_DROP,

	GRO_DROP,

	GRO_CONSUMED,

};

};

typedef enum gro_result gro_result_t;

typedef enum gro_result gro_result_t;

	remcsum_unadjust((__sum16 *)ptr, grc->delta);

	remcsum_unadjust((__sum16 *)ptr, grc->delta);

}

}

#ifdef CONFIG_XFRM_OFFLOAD

static inline void skb_gro_flush_final(struct sk_buff *skb, struct sk_buff **pp, int flush)

{

	if (PTR_ERR(pp) != -EINPROGRESS)

		NAPI_GRO_CB(skb)->flush |= flush;

}

#else

static inline void skb_gro_flush_final(struct sk_buff *skb, struct sk_buff **pp, int flush)

{

	NAPI_GRO_CB(skb)->flush |= flush;

}

#endif

static inline int dev_hard_header(struct sk_buff *skb, struct net_device *dev,

static inline int dev_hard_header(struct sk_buff *skb, struct net_device *dev,

				  unsigned short type,

				  unsigned short type,

				  const void *daddr, const void *saddr,

				  const void *daddr, const void *saddr,

struct xfrm_type;

struct xfrm_type;

struct xfrm_dst;

struct xfrm_dst;

struct xfrm_policy_afinfo {

struct xfrm_policy_afinfo {

	unsigned short		family;

	struct dst_ops		*dst_ops;

	struct dst_ops		*dst_ops;

	void			(*garbage_collect)(struct net *net);

	struct dst_entry	*(*dst_lookup)(struct net *net,

	struct dst_entry	*(*dst_lookup)(struct net *net,

					       int tos, int oif,

					       int tos, int oif,

					       const xfrm_address_t *saddr,

					       const xfrm_address_t *saddr,

	struct dst_entry	*(*blackhole_route)(struct net *net, struct dst_entry *orig);

	struct dst_entry	*(*blackhole_route)(struct net *net, struct dst_entry *orig);

};

};

int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);

int xfrm_policy_register_afinfo(const struct xfrm_policy_afinfo *afinfo, int family);

int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo);

void xfrm_policy_unregister_afinfo(const struct xfrm_policy_afinfo *afinfo);

void km_policy_notify(struct xfrm_policy *xp, int dir,

void km_policy_notify(struct xfrm_policy *xp, int dir,

		      const struct km_event *c);

		      const struct km_event *c);

void km_state_notify(struct xfrm_state *x, const struct km_event *c);

void km_state_notify(struct xfrm_state *x, const struct km_event *c);

struct xfrm_input_afinfo {

struct xfrm_input_afinfo {

	unsigned int		family;

	unsigned int		family;

	struct module		*owner;

	int			(*callback)(struct sk_buff *skb, u8 protocol,

	int			(*callback)(struct sk_buff *skb, u8 protocol,

					    int err);

					    int err);

};

};

int xfrm_input_register_afinfo(struct xfrm_input_afinfo *afinfo);

int xfrm_input_register_afinfo(const struct xfrm_input_afinfo *afinfo);

int xfrm_input_unregister_afinfo(struct xfrm_input_afinfo *afinfo);

int xfrm_input_unregister_afinfo(const struct xfrm_input_afinfo *afinfo);

void xfrm_state_delete_tunnel(struct xfrm_state *x);

void xfrm_state_delete_tunnel(struct xfrm_state *x);

};

};

#define XFRM_MAX_DEPTH		6

#define XFRM_MAX_DEPTH		6

#define XFRM_MAX_OFFLOAD_DEPTH	1

struct xfrm_policy_walk_entry {

struct xfrm_policy_walk_entry {

	struct list_head	all;

	struct list_head	all;

	unsigned int daddroff;

	unsigned int daddroff;

	unsigned int family;

	unsigned int family;

	__be32 seq;

};

};

#define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0]))

#define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0]))

void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev);

void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev);

struct xfrm_offload {

	/* Output sequence number for replay protection on offloading. */

	struct {

		__u32 low;

		__u32 hi;

	} seq;

	__u32			flags;

#define	SA_DELETE_REQ		1

#define	CRYPTO_DONE		2

#define	CRYPTO_NEXT_DONE	4

#define	CRYPTO_FALLBACK		8

#define	XFRM_GSO_SEGMENT	16

#define	XFRM_GRO		32

	__u32			status;

#define CRYPTO_SUCCESS				1

#define CRYPTO_GENERIC_ERROR			2

#define CRYPTO_TRANSPORT_AH_AUTH_FAILED		4

#define CRYPTO_TRANSPORT_ESP_AUTH_FAILED	8

#define CRYPTO_TUNNEL_AH_AUTH_FAILED		16

#define CRYPTO_TUNNEL_ESP_AUTH_FAILED		32

#define CRYPTO_INVALID_PACKET_SYNTAX		64

#define CRYPTO_INVALID_PROTOCOL			128

	__u8			proto;

};

struct sec_path {

struct sec_path {

	atomic_t		refcnt;

	atomic_t		refcnt;

	int			len;

	int			len;

	int			olen;

	struct xfrm_state	*xvec[XFRM_MAX_DEPTH];

	struct xfrm_state	*xvec[XFRM_MAX_DEPTH];

	struct xfrm_offload	ovec[XFRM_MAX_OFFLOAD_DEPTH];

};

};

static inline int secpath_exists(struct sk_buff *skb)

static inline int secpath_exists(struct sk_buff *skb)

}

}

struct sec_path *secpath_dup(struct sec_path *src);

struct sec_path *secpath_dup(struct sec_path *src);

int secpath_set(struct sk_buff *skb);

static inline void

static inline void

secpath_reset(struct sk_buff *skb)

secpath_reset(struct sk_buff *skb)

}

}

void xfrm_garbage_collect(struct net *net);

void xfrm_garbage_collect(struct net *net);

void xfrm_garbage_collect_deferred(struct net *net);

#else

#else

		    int encap_type);

		    int encap_type);

int xfrm4_transport_finish(struct sk_buff *skb, int async);

int xfrm4_transport_finish(struct sk_buff *skb, int async);

int xfrm4_rcv(struct sk_buff *skb);

int xfrm4_rcv(struct sk_buff *skb);

int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq);

static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)

static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)

{

{

{

{

	return skb->sp->xvec[skb->sp->len - 1];

	return skb->sp->xvec[skb->sp->len - 1];

}

}

static inline struct xfrm_offload *xfrm_offload(struct sk_buff *skb)

{

	struct sec_path *sp = skb->sp;

	if (!sp || !sp->olen || sp->len != sp->olen)

		return NULL;

	return &sp->ovec[sp->olen - 1];

}

#endif

#endif

static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)

static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)

	if (&ptype->list == head)

	if (&ptype->list == head)

		goto normal;

		goto normal;

	if (IS_ERR(pp) && PTR_ERR(pp) == -EINPROGRESS) {

		ret = GRO_CONSUMED;

		goto ok;

	}

	same_flow = NAPI_GRO_CB(skb)->same_flow;

	same_flow = NAPI_GRO_CB(skb)->same_flow;

	ret = NAPI_GRO_CB(skb)->free ? GRO_MERGED_FREE : GRO_MERGED;

	ret = NAPI_GRO_CB(skb)->free ? GRO_MERGED_FREE : GRO_MERGED;

	case GRO_HELD:

	case GRO_HELD:

	case GRO_MERGED:

	case GRO_MERGED:

	case GRO_CONSUMED:

		break;

		break;

	}

	}

		break;

		break;

	case GRO_MERGED:

	case GRO_MERGED:

	case GRO_CONSUMED:

		break;

		break;

	}

	}

out_unlock:

out_unlock:

	rcu_read_unlock();

	rcu_read_unlock();

out:

out:

	NAPI_GRO_CB(skb)->flush |= flush;

	skb_gro_flush_final(skb, pp, flush);

	return pp;

	return pp;

}

}

	  If unsure, say Y.

	  If unsure, say Y.

config INET_ESP_OFFLOAD

	tristate "IP: ESP transformation offload"

	depends on INET_ESP

	select XFRM_OFFLOAD

	default n

	---help---

	  Support for ESP transformation offload. This makes sense

	  only if this system really does IPsec and want to do it

	  with high throughput. A typical desktop system does not

	  need it, even if it does IPsec.

	  If unsure, say N.

config INET_IPCOMP

config INET_IPCOMP

	tristate "IP: IPComp transformation"

	tristate "IP: IPComp transformation"

	select INET_XFRM_TUNNEL

	select INET_XFRM_TUNNEL