[IPSEC]: Add missing BEET checks

Currently BEET mode does not reinject the packet back into the stack like tunnel mode does. Since BEET should behave just like tunnel mode this is incorrect. This patch fixes this by introducing a flags field to xfrm_mode that tells the IPsec code whether it should terminate and reinject the packet back into the stack. It then sets the flag for BEET and tunnel mode. I've also added a number of missing BEET checks elsewhere where we check whether a given mode is a tunnel or not. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Herbert Xu <herbert@gondor.apana.org.au> 2007-10-18 00:31:50 -0400
committer: David S. Miller <davem@davemloft.net> 2007-10-18 00:31:50 -0400
commit: 1bfcb10f670f5ff5e1d9f53e59680573524cb142 (patch)
tree: 003b271a2c1e089ae6506d869b7a8c8f04dbde0a /net/ipv4
parent: aa5d62cc8777f733f8b59b5586c0a1989813189e (diff)
5 files changed, 5 insertions, 3 deletions
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index 5cb0b5995bc8..bc5dc0747cd2 100644
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -94,7 +94,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
                if (x->mode->input(x, skb))
                        goto drop;
-                if (x->props.mode == XFRM_MODE_TUNNEL) {
+                if (x->mode->flags & XFRM_MODE_FLAG_TUNNEL) {
                        decaps = 1;
                        break;
                }
diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c
index 73d2338bec55..e42e122414be 100644
--- a/net/ipv4/xfrm4_mode_beet.c
+++ b/net/ipv4/xfrm4_mode_beet.c
@@ -114,6 +114,7 @@ static struct xfrm_mode xfrm4_beet_mode = {
        .output = xfrm4_beet_output,
        .owner = THIS_MODULE,
        .encap = XFRM_MODE_BEET,
+        .flags = XFRM_MODE_FLAG_TUNNEL,
 };
 static int __init xfrm4_beet_init(void)
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c
index 1ae9d32276f0..e4deecba6dd2 100644
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ b/net/ipv4/xfrm4_mode_tunnel.c
@@ -139,6 +139,7 @@ static struct xfrm_mode xfrm4_tunnel_mode = {
        .output = xfrm4_tunnel_output,
        .owner = THIS_MODULE,
        .encap = XFRM_MODE_TUNNEL,
+        .flags = XFRM_MODE_FLAG_TUNNEL,
 };
 static int __init xfrm4_tunnel_init(void)
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index a4edd666318b..dcbc2743069c 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -47,7 +47,7 @@ static inline int xfrm4_output_one(struct sk_buff *skb)
        struct iphdr *iph;
        int err;
-        if (x->props.mode == XFRM_MODE_TUNNEL) {
+        if (x->mode->flags & XFRM_MODE_FLAG_TUNNEL) {
                err = xfrm4_tunnel_check_size(skb);
                if (err)
                        goto error_nolock;
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 329825ca68fe..2373d673df60 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -117,7 +117,7 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
                header_len += xfrm[i]->props.header_len;
                trailer_len += xfrm[i]->props.trailer_len;
-                if (xfrm[i]->props.mode == XFRM_MODE_TUNNEL) {
+                if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {
                        unsigned short encap_family = xfrm[i]->props.family;
                        switch (encap_family) {
                        case AF_INET:
author	Herbert Xu <herbert@gondor.apana.org.au>	2007-10-18 00:31:50 -0400
committer	David S. Miller <davem@davemloft.net>	2007-10-18 00:31:50 -0400
commit	1bfcb10f670f5ff5e1d9f53e59680573524cb142 (patch)
tree	003b271a2c1e089ae6506d869b7a8c8f04dbde0a /net/ipv4
parent	aa5d62cc8777f733f8b59b5586c0a1989813189e (diff)