Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
ipsec: Interfamily IPSec BEET
Here's a revised version, based on Herbert's comments, of a fix for
the ipv6-inner, ipv4-outer interfamily ipsec beet mode. It fixes the
network header adjustment in interfamily, and doesn't reserve space
for the pseudo header anymore when we have ipv6 as the inner family.
Signed-off-by: Joakim Koskela <jookos@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by Joakim Koskela and committed by David S. Miller eb49e630 9714be7d
+1
-1
net/ipv4/esp4.c
+1
-1
net/ipv4/esp4.c
···
575
crypto_aead_ivsize(aead);
576
if (x->props.mode == XFRM_MODE_TUNNEL)
577
x->props.header_len += sizeof(struct iphdr);
578
+
else if (x->props.mode == XFRM_MODE_BEET && x->sel.family != AF_INET6)
579
x->props.header_len += IPV4_BEET_PHMAXLEN;
580
if (x->encap) {
581
struct xfrm_encap_tmpl *encap = x->encap;
+4
-2
net/ipv4/xfrm4_mode_beet.c
+4
-2
net/ipv4/xfrm4_mode_beet.c
···
47
if (unlikely(optlen))
48
hdrlen += IPV4_BEET_PHMAXLEN - (optlen & 4);
49
50
-
skb_set_network_header(skb, IPV4_BEET_PHMAXLEN - x->props.header_len -
51
-
hdrlen);
52
skb->mac_header = skb->network_header +
53
offsetof(struct iphdr, protocol);
54
skb->transport_header = skb->network_header + sizeof(*top_iph);
···
47
if (unlikely(optlen))
48
hdrlen += IPV4_BEET_PHMAXLEN - (optlen & 4);
49
50
+
skb_set_network_header(skb, -x->props.header_len -
51
+
hdrlen + (XFRM_MODE_SKB_CB(skb)->ihl - sizeof(*top_iph)));
52
+
if (x->sel.family != AF_INET6)
53
+
skb->network_header += IPV4_BEET_PHMAXLEN;
54
skb->mac_header = skb->network_header +
55
offsetof(struct iphdr, protocol);
56
skb->transport_header = skb->network_header + sizeof(*top_iph);