diff options
| author | Steffen Klassert <steffen.klassert@secunet.com> | 2014-02-21 02:41:09 -0500 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2014-02-25 01:04:17 -0500 |
| commit | 70be6c91c86596ad2b60c73587880b47df170a41 (patch) | |
| tree | f1728dd87ed10e66916277f89caef5a261b5a70f /net/xfrm | |
| parent | d099160e029391de857464d987b141f30434052b (diff) | |
xfrm: Add xfrm_tunnel_skb_cb to the skb common buffer
IPsec vti_rcv needs to remind the tunnel pointer to
check it later at the vti_rcv_cb callback. So add
this pointer to the IPsec common buffer, initialize
it and check it to avoid transport state matching of
a tunneled packet.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/xfrm')
| -rw-r--r-- | net/xfrm/xfrm_input.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 99e3a9e5285e..4218164f4f5e 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c | |||
| @@ -163,6 +163,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
| 163 | 163 | ||
| 164 | skb->sp->xvec[skb->sp->len++] = x; | 164 | skb->sp->xvec[skb->sp->len++] = x; |
| 165 | 165 | ||
| 166 | if (xfrm_tunnel_check(skb, x, family)) { | ||
| 167 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR); | ||
| 168 | goto drop; | ||
| 169 | } | ||
| 170 | |||
| 166 | spin_lock(&x->lock); | 171 | spin_lock(&x->lock); |
| 167 | if (unlikely(x->km.state == XFRM_STATE_ACQ)) { | 172 | if (unlikely(x->km.state == XFRM_STATE_ACQ)) { |
| 168 | XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR); | 173 | XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR); |