diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2014-02-21 08:41:09 +0100 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2014-02-25 07:04:17 +0100 |
commit | 70be6c91c86596ad2b60c73587880b47df170a41 (patch) | |
tree | f1728dd87ed10e66916277f89caef5a261b5a70f /net/ipv4 | |
parent | d099160e029391de857464d987b141f30434052b (diff) |
xfrm: Add xfrm_tunnel_skb_cb to the skb common buffer
IPsec vti_rcv needs to remind the tunnel pointer to
check it later at the vti_rcv_cb callback. So add
this pointer to the IPsec common buffer, initialize
it and check it to avoid transport state matching of
a tunneled packet.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/xfrm4_protocol.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c index 862a26c2014f..cdc09efca442 100644 --- a/net/ipv4/xfrm4_protocol.c +++ b/net/ipv4/xfrm4_protocol.c @@ -65,6 +65,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, int ret; struct xfrm4_protocol *handler; + XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; XFRM_SPI_SKB_CB(skb)->family = AF_INET; XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); @@ -84,6 +85,8 @@ static int xfrm4_esp_rcv(struct sk_buff *skb) int ret; struct xfrm4_protocol *handler; + XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; + for_each_protocol_rcu(esp4_handlers, handler) if ((ret = handler->handler(skb)) != -EINVAL) return ret; @@ -108,6 +111,8 @@ static int xfrm4_ah_rcv(struct sk_buff *skb) int ret; struct xfrm4_protocol *handler; + XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; + for_each_protocol_rcu(ah4_handlers, handler) if ((ret = handler->handler(skb)) != -EINVAL) return ret;; @@ -132,6 +137,8 @@ static int xfrm4_ipcomp_rcv(struct sk_buff *skb) int ret; struct xfrm4_protocol *handler; + XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; + for_each_protocol_rcu(ipcomp4_handlers, handler) if ((ret = handler->handler(skb)) != -EINVAL) return ret; |