commit 732c8bd590625e8bc0b88313b82930e336b2bec4
author Herbert Xu <herbert@gondor.apana.org.au> Wed Mar 26 16:51:09 2008 -0700
committer David S. Miller <davem@davemloft.net> Wed Mar 26 16:51:09 2008 -0700
tree 1cf3f6b9db7b886d35bbf38bab2ca6ff82d206d8
parent 0e5606e4f46b7cf52dd445af01e71ed9dbb7f735

[IPSEC]: Fix BEET output

The IPv6 BEET output function is incorrectly including the inner
header in the payload to be protected.  This causes a crash as
the packet doesn't actually have that many bytes for a second
header.

The IPv4 BEET output on the other hand is broken when it comes
to handling an inner IPv6 header since it always assumes an
inner IPv4 header.

This patch fixes both by making sure that neither BEET output
function touches the inner header at all.  All access is now
done through the protocol-independent cb structure.  Two new
attributes are added to make this work, the IP header length
and the IPv4 option length.  They're filled in by the inner
mode's output function.

Thanks to Joakim Koskela for finding this problem.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/xfrm.h

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 4e6f956..0d255ae 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -552,6 +552,9 @@
 	__be16 id;
 	__be16 frag_off;
 
+	/* IP header length (excluding options or extension headers). */
+	u8 ihl;
+
 	/* TOS for IPv4, class for IPv6. */
 	u8 tos;
 
@@ -561,6 +564,9 @@
 	/* Protocol for IPv4, NH for IPv6. */
 	u8 protocol;
 
+	/* Option length for IPv4, zero for IPv6. */
+	u8 optlen;
+
 	/* Used by IPv6 only, zero for IPv4. */
 	u8 flow_lbl[3];
 };