diff options
-rw-r--r-- | include/net/xfrm.h | 1 | ||||
-rw-r--r-- | net/ipv4/xfrm4_input.c | 13 | ||||
-rw-r--r-- | net/ipv4/xfrm4_output.c | 2 | ||||
-rw-r--r-- | net/ipv4/xfrm4_state.c | 1 | ||||
-rw-r--r-- | net/ipv6/xfrm6_input.c | 4 | ||||
-rw-r--r-- | net/ipv6/xfrm6_output.c | 3 | ||||
-rw-r--r-- | net/ipv6/xfrm6_state.c | 2 | ||||
-rw-r--r-- | net/xfrm/xfrm_input.c | 5 |
8 files changed, 16 insertions, 15 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 311bbd1..cf85dc9 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -534,7 +534,6 @@ struct xfrm_spi_skb_cb { struct inet6_skb_parm h6; } header; - unsigned int nhoff; unsigned int daddroff; }; diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c index e374903..662d1e8 100644 --- a/net/ipv4/xfrm4_input.c +++ b/net/ipv4/xfrm4_input.c @@ -21,7 +21,6 @@ int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb) return xfrm4_extract_header(skb); } -#ifdef CONFIG_NETFILTER static inline int xfrm4_rcv_encap_finish(struct sk_buff *skb) { if (skb->dst == NULL) { @@ -36,12 +35,10 @@ drop: kfree_skb(skb); return NET_RX_DROP; } -#endif int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) { - XFRM_SPI_SKB_CB(skb)->nhoff = offsetof(struct iphdr, protocol); XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); return xfrm_input(skb, nexthdr, spi, encap_type); } @@ -49,16 +46,20 @@ EXPORT_SYMBOL(xfrm4_rcv_encap); int xfrm4_transport_finish(struct sk_buff *skb, int async) { + struct iphdr *iph = ip_hdr(skb); + + iph->protocol = XFRM_MODE_SKB_CB(skb)->protocol; + #ifdef CONFIG_NETFILTER __skb_push(skb, skb->data - skb_network_header(skb)); - ip_hdr(skb)->tot_len = htons(skb->len); - ip_send_check(ip_hdr(skb)); + iph->tot_len = htons(skb->len); + ip_send_check(iph); NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL, xfrm4_rcv_encap_finish); return 0; #else - return -ip_hdr(skb)->protocol; + return -iph->protocol; #endif } diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c index 2fb4efa..1900200 100644 --- a/net/ipv4/xfrm4_output.c +++ b/net/ipv4/xfrm4_output.c @@ -47,6 +47,8 @@ int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb) if (err) return err; + XFRM_MODE_SKB_CB(skb)->protocol = ip_hdr(skb)->protocol; + return xfrm4_extract_header(skb); } diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c index 3b067e8..d837784 100644 --- a/net/ipv4/xfrm4_state.c +++ b/net/ipv4/xfrm4_state.c @@ -56,7 +56,6 @@ int xfrm4_extract_header(struct sk_buff *skb) XFRM_MODE_SKB_CB(skb)->frag_off = iph->frag_off; XFRM_MODE_SKB_CB(skb)->tos = iph->tos; XFRM_MODE_SKB_CB(skb)->ttl = iph->ttl; - XFRM_MODE_SKB_CB(skb)->protocol = iph->protocol; memset(XFRM_MODE_SKB_CB(skb)->flow_lbl, 0, sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl)); diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c index 3b9eedf..5c006c8 100644 --- a/net/ipv6/xfrm6_input.c +++ b/net/ipv6/xfrm6_input.c @@ -23,7 +23,6 @@ int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb) int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi) { - XFRM_SPI_SKB_CB(skb)->nhoff = IP6CB(skb)->nhoff; XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr); return xfrm_input(skb, nexthdr, spi, 0); } @@ -31,6 +30,9 @@ EXPORT_SYMBOL(xfrm6_rcv_spi); int xfrm6_transport_finish(struct sk_buff *skb, int async) { + skb_network_header(skb)[IP6CB(skb)->nhoff] = + XFRM_MODE_SKB_CB(skb)->protocol; + #ifdef CONFIG_NETFILTER ipv6_hdr(skb)->payload_len = htons(skb->len); __skb_push(skb, skb->data - skb_network_header(skb)); diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c index a0a9249..318669a 100644 --- a/net/ipv6/xfrm6_output.c +++ b/net/ipv6/xfrm6_output.c @@ -53,7 +53,8 @@ int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb) if (err) return err; - IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); + XFRM_MODE_SKB_CB(skb)->protocol = ipv6_hdr(skb)->nexthdr; + return xfrm6_extract_header(skb); } diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c index 00360b5..df7e98d 100644 --- a/net/ipv6/xfrm6_state.c +++ b/net/ipv6/xfrm6_state.c @@ -178,8 +178,6 @@ int xfrm6_extract_header(struct sk_buff *skb) XFRM_MODE_SKB_CB(skb)->frag_off = htons(IP_DF); XFRM_MODE_SKB_CB(skb)->tos = ipv6_get_dsfield(iph); XFRM_MODE_SKB_CB(skb)->ttl = iph->hop_limit; - XFRM_MODE_SKB_CB(skb)->protocol = - skb_network_header(skb)[IP6CB(skb)->nhoff]; memcpy(XFRM_MODE_SKB_CB(skb)->flow_lbl, iph->flow_lbl, sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl)); diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 5cad522..cce9d45 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -102,7 +102,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) __be32 seq; struct xfrm_state *x; int decaps = 0; - unsigned int nhoff = XFRM_SPI_SKB_CB(skb)->nhoff; unsigned int daddroff = XFRM_SPI_SKB_CB(skb)->daddroff; /* Allocate new secpath or COW existing one. */ @@ -157,8 +156,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) goto drop_unlock; } - skb_network_header(skb)[nhoff] = nexthdr; - /* only the first xfrm gets the encap type */ encap_type = 0; @@ -170,6 +167,8 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) spin_unlock(&x->lock); + XFRM_MODE_SKB_CB(skb)->protocol = nexthdr; + if (x->inner_mode->input(x, skb)) goto drop; |