Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 70be6c91c86596ad2b60c73587880b47df170a41^! / . / net / ipv4 / xfrm4_protocol.c
commit70be6c91c86596ad2b60c73587880b47df170a41[log] [tgz]
authorSteffen Klassert <steffen.klassert@secunet.com>Fri Feb 21 08:41:09 2014 +0100
committerSteffen Klassert <steffen.klassert@secunet.com>Tue Feb 25 07:04:17 2014 +0100
treef1728dd87ed10e66916277f89caef5a261b5a70f
parentd099160e029391de857464d987b141f30434052b [diff] [blame]
xfrm: Add xfrm_tunnel_skb_cb to the skb common buffer

IPsec vti_rcv needs to remind the tunnel pointer to
check it later at the vti_rcv_cb callback. So add
this pointer to the IPsec common buffer, initialize
it and check it to avoid transport state matching of
a tunneled packet.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c
index 862a26c..cdc09ef 100644
--- a/net/ipv4/xfrm4_protocol.c
+++ b/net/ipv4/xfrm4_protocol.c

@@ -65,6 +65,7 @@
 	int ret;
 	struct xfrm4_protocol *handler;
 
+	XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
 	XFRM_SPI_SKB_CB(skb)->family = AF_INET;
 	XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
 
@@ -84,6 +85,8 @@
 	int ret;
 	struct xfrm4_protocol *handler;
 
+	XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
+
 	for_each_protocol_rcu(esp4_handlers, handler)
 		if ((ret = handler->handler(skb)) != -EINVAL)
 			return ret;
@@ -108,6 +111,8 @@
 	int ret;
 	struct xfrm4_protocol *handler;
 
+	XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
+
 	for_each_protocol_rcu(ah4_handlers, handler)
 		if ((ret = handler->handler(skb)) != -EINVAL)
 			return ret;;
@@ -132,6 +137,8 @@
 	int ret;
 	struct xfrm4_protocol *handler;
 
+	XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
+
 	for_each_protocol_rcu(ipcomp4_handlers, handler)
 		if ((ret = handler->handler(skb)) != -EINVAL)
 			return ret;