/*
 * xfrm4_mode_transport.c - Transport mode encapsulation for IPv4.
 *
 * Copyright (c) 2004-2006 Herbert Xu <herbert@gondor.apana.org.au>
 */

/**
 * Some part of this file is modified by Ikanos Communications. 
 *
 * Copyright (C) 2013-2014 Ikanos Communications.
 */ 

#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/stringify.h>
#include <net/dst.h>
#include <net/ip.h>
#include <net/xfrm.h>

#if IS_ENABLED(CONFIG_FUSIV_KERNEL_AP_2_AP)
#if CONFIG_IPSEC_AP_SUPPORT
extern int (*ap2apIPsecUpdateFlowData_ptr)(struct sk_buff *skb, struct xfrm_state *xfrm,int direction);
#else
int (*ap2apL2tpOverIpsecUpdateFlowData_ptr)(struct sk_buff *skb, int direction) = NULL;
#endif
#endif

/* Add encapsulation header.
 *
 * The IP header will be moved forward to make space for the encapsulation
 * header.
 */
static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb)
{
	struct iphdr *iph = ip_hdr(skb);
	int ihl = iph->ihl * 4;

#if IS_ENABLED(CONFIG_FUSIV_KERNEL_AP_2_AP)
#if CONFIG_IPSEC_AP_SUPPORT
        /* The ESP processing will be done at security AP. Therefore nothing
           to do here. */

        if(ap2apIPsecUpdateFlowData_ptr)
        {
            if(!ap2apIPsecUpdateFlowData_ptr(skb,x,PROCESS_ESP_ENCAP))
                    return 0;
        }
#else
#ifdef CONFIG_L2TP_AP_SUPPORT
       if(ap2apL2tpOverIpsecUpdateFlowData_ptr)
       {
           ap2apL2tpOverIpsecUpdateFlowData_ptr(skb, PROCESS_L2TP_ENCAP);
       }
#endif
#endif
#endif
	skb_set_network_header(skb, -x->props.header_len);
	skb->mac_header = skb->network_header +
			  offsetof(struct iphdr, protocol);
	skb->transport_header = skb->network_header + ihl;
	__skb_pull(skb, ihl);
	memmove(skb_network_header(skb), iph, ihl);
	return 0;
}

/* Remove encapsulation header.
 *
 * The IP header will be moved over the top of the encapsulation header.
 *
 * On entry, skb->h shall point to where the IP header should be and skb->nh
 * shall be set to where the IP header currently is.  skb->data shall point
 * to the start of the payload.
 */
static int xfrm4_transport_input(struct xfrm_state *x, struct sk_buff *skb)
{
	int ihl = skb->data - skb_transport_header(skb);

	if (skb->transport_header != skb->network_header) {
		memmove(skb_transport_header(skb),
			skb_network_header(skb), ihl);
		skb->network_header = skb->transport_header;
	}
	ip_hdr(skb)->tot_len = htons(skb->len + ihl);
	skb_reset_transport_header(skb);
	return 0;
}

static struct xfrm_mode xfrm4_transport_mode = {
	.input = xfrm4_transport_input,
	.output = xfrm4_transport_output,
	.owner = THIS_MODULE,
	.encap = XFRM_MODE_TRANSPORT,
};

static int __init xfrm4_transport_init(void)
{
	return xfrm_register_mode(&xfrm4_transport_mode, AF_INET);
}

static void __exit xfrm4_transport_exit(void)
{
	int err;

	err = xfrm_unregister_mode(&xfrm4_transport_mode, AF_INET);
	BUG_ON(err);
}

module_init(xfrm4_transport_init);
module_exit(xfrm4_transport_exit);
MODULE_LICENSE("GPL");
MODULE_ALIAS_XFRM_MODE(AF_INET, XFRM_MODE_TRANSPORT);
#if IS_ENABLED(CONFIG_FUSIV_KERNEL_AP_2_AP)
#ifndef CONFIG_IPSEC_AP_SUPPORT
EXPORT_SYMBOL(ap2apL2tpOverIpsecUpdateFlowData_ptr);
#endif
#endif