aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/xfrm.h
diff options
context:
space:
mode:
authorSteffen Klassert <steffen.klassert@secunet.com>2011-05-09 15:36:38 -0400
committerDavid S. Miller <davem@davemloft.net>2011-05-10 18:03:34 -0400
commit43a4dea4c9d44baae38ddc14b9b6d86fde4c8b88 (patch)
treeaf7ecb23077cf5b4ae1290f7d1ab5e901e7adb82 /include/net/xfrm.h
parente14a599335427f81bbb0008963e59aa9c6449dce (diff)
xfrm: Assign the inner mode output function to the dst entry
As it is, we assign the outer modes output function to the dst entry when we create the xfrm bundle. This leads to two problems on interfamily scenarios. We might insert ipv4 packets into ip6_fragment when called from xfrm6_output. The system crashes if we try to fragment an ipv4 packet with ip6_fragment. This issue was introduced with git commit ad0081e4 (ipv6: Fragment locally generated tunnel-mode IPSec6 packets as needed). The second issue is, that we might insert ipv4 packets in netfilter6 and vice versa on interfamily scenarios. With this patch we assign the inner mode output function to the dst entry when we create the xfrm bundle. So xfrm4_output/xfrm6_output from the inner mode is used and the right fragmentation and netfilter functions are called. We switch then to outer mode with the output_finish functions. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r--include/net/xfrm.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 6ae4bc5ce8a7..20afeaa39395 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -324,6 +324,7 @@ struct xfrm_state_afinfo {
324 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n); 324 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
325 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n); 325 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
326 int (*output)(struct sk_buff *skb); 326 int (*output)(struct sk_buff *skb);
327 int (*output_finish)(struct sk_buff *skb);
327 int (*extract_input)(struct xfrm_state *x, 328 int (*extract_input)(struct xfrm_state *x,
328 struct sk_buff *skb); 329 struct sk_buff *skb);
329 int (*extract_output)(struct xfrm_state *x, 330 int (*extract_output)(struct xfrm_state *x,
@@ -1454,6 +1455,7 @@ static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)
1454extern int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb); 1455extern int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1455extern int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb); 1456extern int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
1456extern int xfrm4_output(struct sk_buff *skb); 1457extern int xfrm4_output(struct sk_buff *skb);
1458extern int xfrm4_output_finish(struct sk_buff *skb);
1457extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family); 1459extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family);
1458extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family); 1460extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family);
1459extern int xfrm6_extract_header(struct sk_buff *skb); 1461extern int xfrm6_extract_header(struct sk_buff *skb);
@@ -1470,6 +1472,7 @@ extern __be32 xfrm6_tunnel_spi_lookup(struct net *net, xfrm_address_t *saddr);
1470extern int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb); 1472extern int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1471extern int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb); 1473extern int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
1472extern int xfrm6_output(struct sk_buff *skb); 1474extern int xfrm6_output(struct sk_buff *skb);
1475extern int xfrm6_output_finish(struct sk_buff *skb);
1473extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb, 1476extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
1474 u8 **prevhdr); 1477 u8 **prevhdr);
1475 1478