xfrm: Add xfrm_tunnel_skb_cb to the skb common buffer
IPsec vti_rcv needs to remind the tunnel pointer to
check it later at the vti_rcv_cb callback. So add
this pointer to the IPsec common buffer, initialize
it and check it to avoid transport state matching of
a tunneled packet.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c
index 862a26c..cdc09ef 100644
--- a/net/ipv4/xfrm4_protocol.c
+++ b/net/ipv4/xfrm4_protocol.c
@@ -65,6 +65,7 @@
int ret;
struct xfrm4_protocol *handler;
+ XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
XFRM_SPI_SKB_CB(skb)->family = AF_INET;
XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
@@ -84,6 +85,8 @@
int ret;
struct xfrm4_protocol *handler;
+ XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
+
for_each_protocol_rcu(esp4_handlers, handler)
if ((ret = handler->handler(skb)) != -EINVAL)
return ret;
@@ -108,6 +111,8 @@
int ret;
struct xfrm4_protocol *handler;
+ XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
+
for_each_protocol_rcu(ah4_handlers, handler)
if ((ret = handler->handler(skb)) != -EINVAL)
return ret;;
@@ -132,6 +137,8 @@
int ret;
struct xfrm4_protocol *handler;
+ XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
+
for_each_protocol_rcu(ipcomp4_handlers, handler)
if ((ret = handler->handler(skb)) != -EINVAL)
return ret;