diff options
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 410233c5681e..b1694d5d15d3 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -1,3 +1,4 @@ | |||
| 1 | // SPDX-License-Identifier: GPL-2.0-only | ||
| 1 | /* | 2 | /* |
| 2 | * xfrm_policy.c | 3 | * xfrm_policy.c |
| 3 | * | 4 | * |
| @@ -3264,7 +3265,8 @@ static void | |||
| 3264 | decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) | 3265 | decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) |
| 3265 | { | 3266 | { |
| 3266 | const struct iphdr *iph = ip_hdr(skb); | 3267 | const struct iphdr *iph = ip_hdr(skb); |
| 3267 | u8 *xprth = skb_network_header(skb) + iph->ihl * 4; | 3268 | int ihl = iph->ihl; |
| 3269 | u8 *xprth = skb_network_header(skb) + ihl * 4; | ||
| 3268 | struct flowi4 *fl4 = &fl->u.ip4; | 3270 | struct flowi4 *fl4 = &fl->u.ip4; |
| 3269 | int oif = 0; | 3271 | int oif = 0; |
| 3270 | 3272 | ||
| @@ -3275,6 +3277,11 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) | |||
| 3275 | fl4->flowi4_mark = skb->mark; | 3277 | fl4->flowi4_mark = skb->mark; |
| 3276 | fl4->flowi4_oif = reverse ? skb->skb_iif : oif; | 3278 | fl4->flowi4_oif = reverse ? skb->skb_iif : oif; |
| 3277 | 3279 | ||
| 3280 | fl4->flowi4_proto = iph->protocol; | ||
| 3281 | fl4->daddr = reverse ? iph->saddr : iph->daddr; | ||
| 3282 | fl4->saddr = reverse ? iph->daddr : iph->saddr; | ||
| 3283 | fl4->flowi4_tos = iph->tos; | ||
| 3284 | |||
| 3278 | if (!ip_is_fragment(iph)) { | 3285 | if (!ip_is_fragment(iph)) { |
| 3279 | switch (iph->protocol) { | 3286 | switch (iph->protocol) { |
| 3280 | case IPPROTO_UDP: | 3287 | case IPPROTO_UDP: |
| @@ -3286,7 +3293,7 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) | |||
| 3286 | pskb_may_pull(skb, xprth + 4 - skb->data)) { | 3293 | pskb_may_pull(skb, xprth + 4 - skb->data)) { |
| 3287 | __be16 *ports; | 3294 | __be16 *ports; |
| 3288 | 3295 | ||
| 3289 | xprth = skb_network_header(skb) + iph->ihl * 4; | 3296 | xprth = skb_network_header(skb) + ihl * 4; |
| 3290 | ports = (__be16 *)xprth; | 3297 | ports = (__be16 *)xprth; |
| 3291 | 3298 | ||
| 3292 | fl4->fl4_sport = ports[!!reverse]; | 3299 | fl4->fl4_sport = ports[!!reverse]; |
| @@ -3298,7 +3305,7 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) | |||
| 3298 | pskb_may_pull(skb, xprth + 2 - skb->data)) { | 3305 | pskb_may_pull(skb, xprth + 2 - skb->data)) { |
| 3299 | u8 *icmp; | 3306 | u8 *icmp; |
| 3300 | 3307 | ||
| 3301 | xprth = skb_network_header(skb) + iph->ihl * 4; | 3308 | xprth = skb_network_header(skb) + ihl * 4; |
| 3302 | icmp = xprth; | 3309 | icmp = xprth; |
| 3303 | 3310 | ||
| 3304 | fl4->fl4_icmp_type = icmp[0]; | 3311 | fl4->fl4_icmp_type = icmp[0]; |
| @@ -3310,7 +3317,7 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) | |||
| 3310 | pskb_may_pull(skb, xprth + 4 - skb->data)) { | 3317 | pskb_may_pull(skb, xprth + 4 - skb->data)) { |
| 3311 | __be32 *ehdr; | 3318 | __be32 *ehdr; |
| 3312 | 3319 | ||
| 3313 | xprth = skb_network_header(skb) + iph->ihl * 4; | 3320 | xprth = skb_network_header(skb) + ihl * 4; |
| 3314 | ehdr = (__be32 *)xprth; | 3321 | ehdr = (__be32 *)xprth; |
| 3315 | 3322 | ||
| 3316 | fl4->fl4_ipsec_spi = ehdr[0]; | 3323 | fl4->fl4_ipsec_spi = ehdr[0]; |
| @@ -3321,7 +3328,7 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) | |||
| 3321 | pskb_may_pull(skb, xprth + 8 - skb->data)) { | 3328 | pskb_may_pull(skb, xprth + 8 - skb->data)) { |
| 3322 | __be32 *ah_hdr; | 3329 | __be32 *ah_hdr; |
| 3323 | 3330 | ||
| 3324 | xprth = skb_network_header(skb) + iph->ihl * 4; | 3331 | xprth = skb_network_header(skb) + ihl * 4; |
| 3325 | ah_hdr = (__be32 *)xprth; | 3332 | ah_hdr = (__be32 *)xprth; |
| 3326 | 3333 | ||
| 3327 | fl4->fl4_ipsec_spi = ah_hdr[1]; | 3334 | fl4->fl4_ipsec_spi = ah_hdr[1]; |
| @@ -3332,7 +3339,7 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) | |||
| 3332 | pskb_may_pull(skb, xprth + 4 - skb->data)) { | 3339 | pskb_may_pull(skb, xprth + 4 - skb->data)) { |
| 3333 | __be16 *ipcomp_hdr; | 3340 | __be16 *ipcomp_hdr; |
| 3334 | 3341 | ||
| 3335 | xprth = skb_network_header(skb) + iph->ihl * 4; | 3342 | xprth = skb_network_header(skb) + ihl * 4; |
| 3336 | ipcomp_hdr = (__be16 *)xprth; | 3343 | ipcomp_hdr = (__be16 *)xprth; |
| 3337 | 3344 | ||
| 3338 | fl4->fl4_ipsec_spi = htonl(ntohs(ipcomp_hdr[1])); | 3345 | fl4->fl4_ipsec_spi = htonl(ntohs(ipcomp_hdr[1])); |
| @@ -3344,7 +3351,7 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) | |||
| 3344 | __be16 *greflags; | 3351 | __be16 *greflags; |
| 3345 | __be32 *gre_hdr; | 3352 | __be32 *gre_hdr; |
| 3346 | 3353 | ||
| 3347 | xprth = skb_network_header(skb) + iph->ihl * 4; | 3354 | xprth = skb_network_header(skb) + ihl * 4; |
| 3348 | greflags = (__be16 *)xprth; | 3355 | greflags = (__be16 *)xprth; |
| 3349 | gre_hdr = (__be32 *)xprth; | 3356 | gre_hdr = (__be32 *)xprth; |
| 3350 | 3357 | ||
| @@ -3360,10 +3367,6 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) | |||
| 3360 | break; | 3367 | break; |
| 3361 | } | 3368 | } |
| 3362 | } | 3369 | } |
| 3363 | fl4->flowi4_proto = iph->protocol; | ||
| 3364 | fl4->daddr = reverse ? iph->saddr : iph->daddr; | ||
| 3365 | fl4->saddr = reverse ? iph->daddr : iph->saddr; | ||
| 3366 | fl4->flowi4_tos = iph->tos; | ||
| 3367 | } | 3370 | } |
| 3368 | 3371 | ||
| 3369 | #if IS_ENABLED(CONFIG_IPV6) | 3372 | #if IS_ENABLED(CONFIG_IPV6) |