summaryrefslogtreecommitdiff
path: root/net/ipv4
diff options
context:
space:
mode:
authorSteffen Klassert <steffen.klassert@secunet.com>2014-02-21 08:41:09 +0100
committerSteffen Klassert <steffen.klassert@secunet.com>2014-02-25 07:04:17 +0100
commit70be6c91c86596ad2b60c73587880b47df170a41 (patch)
treef1728dd87ed10e66916277f89caef5a261b5a70f /net/ipv4
parentd099160e029391de857464d987b141f30434052b (diff)
xfrm: Add xfrm_tunnel_skb_cb to the skb common buffer
IPsec vti_rcv needs to remind the tunnel pointer to check it later at the vti_rcv_cb callback. So add this pointer to the IPsec common buffer, initialize it and check it to avoid transport state matching of a tunneled packet. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/xfrm4_protocol.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c
index 862a26c2014f..cdc09efca442 100644
--- a/net/ipv4/xfrm4_protocol.c
+++ b/net/ipv4/xfrm4_protocol.c
@@ -65,6 +65,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
int ret;
struct xfrm4_protocol *handler;
+ XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
XFRM_SPI_SKB_CB(skb)->family = AF_INET;
XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
@@ -84,6 +85,8 @@ static int xfrm4_esp_rcv(struct sk_buff *skb)
int ret;
struct xfrm4_protocol *handler;
+ XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
+
for_each_protocol_rcu(esp4_handlers, handler)
if ((ret = handler->handler(skb)) != -EINVAL)
return ret;
@@ -108,6 +111,8 @@ static int xfrm4_ah_rcv(struct sk_buff *skb)
int ret;
struct xfrm4_protocol *handler;
+ XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
+
for_each_protocol_rcu(ah4_handlers, handler)
if ((ret = handler->handler(skb)) != -EINVAL)
return ret;;
@@ -132,6 +137,8 @@ static int xfrm4_ipcomp_rcv(struct sk_buff *skb)
int ret;
struct xfrm4_protocol *handler;
+ XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
+
for_each_protocol_rcu(ipcomp4_handlers, handler)
if ((ret = handler->handler(skb)) != -EINVAL)
return ret;