diff options
-rw-r--r-- | include/net/xfrm.h | 1 | ||||
-rw-r--r-- | net/ipv4/xfrm4_input.c | 13 | ||||
-rw-r--r-- | net/ipv4/xfrm4_output.c | 2 | ||||
-rw-r--r-- | net/ipv4/xfrm4_state.c | 1 | ||||
-rw-r--r-- | net/ipv6/xfrm6_input.c | 4 | ||||
-rw-r--r-- | net/ipv6/xfrm6_output.c | 3 | ||||
-rw-r--r-- | net/ipv6/xfrm6_state.c | 2 | ||||
-rw-r--r-- | net/xfrm/xfrm_input.c | 5 |
8 files changed, 16 insertions, 15 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 311bbd113aa7..cf85dc9dc420 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -534,7 +534,6 @@ struct xfrm_spi_skb_cb { | |||
534 | struct inet6_skb_parm h6; | 534 | struct inet6_skb_parm h6; |
535 | } header; | 535 | } header; |
536 | 536 | ||
537 | unsigned int nhoff; | ||
538 | unsigned int daddroff; | 537 | unsigned int daddroff; |
539 | }; | 538 | }; |
540 | 539 | ||
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c index e374903dacdf..662d1e86cfbf 100644 --- a/net/ipv4/xfrm4_input.c +++ b/net/ipv4/xfrm4_input.c | |||
@@ -21,7 +21,6 @@ int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb) | |||
21 | return xfrm4_extract_header(skb); | 21 | return xfrm4_extract_header(skb); |
22 | } | 22 | } |
23 | 23 | ||
24 | #ifdef CONFIG_NETFILTER | ||
25 | static inline int xfrm4_rcv_encap_finish(struct sk_buff *skb) | 24 | static inline int xfrm4_rcv_encap_finish(struct sk_buff *skb) |
26 | { | 25 | { |
27 | if (skb->dst == NULL) { | 26 | if (skb->dst == NULL) { |
@@ -36,12 +35,10 @@ drop: | |||
36 | kfree_skb(skb); | 35 | kfree_skb(skb); |
37 | return NET_RX_DROP; | 36 | return NET_RX_DROP; |
38 | } | 37 | } |
39 | #endif | ||
40 | 38 | ||
41 | int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, | 39 | int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, |
42 | int encap_type) | 40 | int encap_type) |
43 | { | 41 | { |
44 | XFRM_SPI_SKB_CB(skb)->nhoff = offsetof(struct iphdr, protocol); | ||
45 | XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); | 42 | XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); |
46 | return xfrm_input(skb, nexthdr, spi, encap_type); | 43 | return xfrm_input(skb, nexthdr, spi, encap_type); |
47 | } | 44 | } |
@@ -49,16 +46,20 @@ EXPORT_SYMBOL(xfrm4_rcv_encap); | |||
49 | 46 | ||
50 | int xfrm4_transport_finish(struct sk_buff *skb, int async) | 47 | int xfrm4_transport_finish(struct sk_buff *skb, int async) |
51 | { | 48 | { |
49 | struct iphdr *iph = ip_hdr(skb); | ||
50 | |||
51 | iph->protocol = XFRM_MODE_SKB_CB(skb)->protocol; | ||
52 | |||
52 | #ifdef CONFIG_NETFILTER | 53 | #ifdef CONFIG_NETFILTER |
53 | __skb_push(skb, skb->data - skb_network_header(skb)); | 54 | __skb_push(skb, skb->data - skb_network_header(skb)); |
54 | ip_hdr(skb)->tot_len = htons(skb->len); | 55 | iph->tot_len = htons(skb->len); |
55 | ip_send_check(ip_hdr(skb)); | 56 | ip_send_check(iph); |
56 | 57 | ||
57 | NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL, | 58 | NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL, |
58 | xfrm4_rcv_encap_finish); | 59 | xfrm4_rcv_encap_finish); |
59 | return 0; | 60 | return 0; |
60 | #else | 61 | #else |
61 | return -ip_hdr(skb)->protocol; | 62 | return -iph->protocol; |
62 | #endif | 63 | #endif |
63 | } | 64 | } |
64 | 65 | ||
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c index 2fb4efa3ff2c..1900200d3c0f 100644 --- a/net/ipv4/xfrm4_output.c +++ b/net/ipv4/xfrm4_output.c | |||
@@ -47,6 +47,8 @@ int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb) | |||
47 | if (err) | 47 | if (err) |
48 | return err; | 48 | return err; |
49 | 49 | ||
50 | XFRM_MODE_SKB_CB(skb)->protocol = ip_hdr(skb)->protocol; | ||
51 | |||
50 | return xfrm4_extract_header(skb); | 52 | return xfrm4_extract_header(skb); |
51 | } | 53 | } |
52 | 54 | ||
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c index 3b067e8b7bfe..d837784a2199 100644 --- a/net/ipv4/xfrm4_state.c +++ b/net/ipv4/xfrm4_state.c | |||
@@ -56,7 +56,6 @@ int xfrm4_extract_header(struct sk_buff *skb) | |||
56 | XFRM_MODE_SKB_CB(skb)->frag_off = iph->frag_off; | 56 | XFRM_MODE_SKB_CB(skb)->frag_off = iph->frag_off; |
57 | XFRM_MODE_SKB_CB(skb)->tos = iph->tos; | 57 | XFRM_MODE_SKB_CB(skb)->tos = iph->tos; |
58 | XFRM_MODE_SKB_CB(skb)->ttl = iph->ttl; | 58 | XFRM_MODE_SKB_CB(skb)->ttl = iph->ttl; |
59 | XFRM_MODE_SKB_CB(skb)->protocol = iph->protocol; | ||
60 | memset(XFRM_MODE_SKB_CB(skb)->flow_lbl, 0, | 59 | memset(XFRM_MODE_SKB_CB(skb)->flow_lbl, 0, |
61 | sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl)); | 60 | sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl)); |
62 | 61 | ||
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c index 3b9eedf5b24a..5c006c845943 100644 --- a/net/ipv6/xfrm6_input.c +++ b/net/ipv6/xfrm6_input.c | |||
@@ -23,7 +23,6 @@ int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb) | |||
23 | 23 | ||
24 | int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi) | 24 | int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi) |
25 | { | 25 | { |
26 | XFRM_SPI_SKB_CB(skb)->nhoff = IP6CB(skb)->nhoff; | ||
27 | XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr); | 26 | XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr); |
28 | return xfrm_input(skb, nexthdr, spi, 0); | 27 | return xfrm_input(skb, nexthdr, spi, 0); |
29 | } | 28 | } |
@@ -31,6 +30,9 @@ EXPORT_SYMBOL(xfrm6_rcv_spi); | |||
31 | 30 | ||
32 | int xfrm6_transport_finish(struct sk_buff *skb, int async) | 31 | int xfrm6_transport_finish(struct sk_buff *skb, int async) |
33 | { | 32 | { |
33 | skb_network_header(skb)[IP6CB(skb)->nhoff] = | ||
34 | XFRM_MODE_SKB_CB(skb)->protocol; | ||
35 | |||
34 | #ifdef CONFIG_NETFILTER | 36 | #ifdef CONFIG_NETFILTER |
35 | ipv6_hdr(skb)->payload_len = htons(skb->len); | 37 | ipv6_hdr(skb)->payload_len = htons(skb->len); |
36 | __skb_push(skb, skb->data - skb_network_header(skb)); | 38 | __skb_push(skb, skb->data - skb_network_header(skb)); |
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c index a0a924991c4f..318669a9cb48 100644 --- a/net/ipv6/xfrm6_output.c +++ b/net/ipv6/xfrm6_output.c | |||
@@ -53,7 +53,8 @@ int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb) | |||
53 | if (err) | 53 | if (err) |
54 | return err; | 54 | return err; |
55 | 55 | ||
56 | IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); | 56 | XFRM_MODE_SKB_CB(skb)->protocol = ipv6_hdr(skb)->nexthdr; |
57 | |||
57 | return xfrm6_extract_header(skb); | 58 | return xfrm6_extract_header(skb); |
58 | } | 59 | } |
59 | 60 | ||
diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c index 00360b514e99..df7e98d914fa 100644 --- a/net/ipv6/xfrm6_state.c +++ b/net/ipv6/xfrm6_state.c | |||
@@ -178,8 +178,6 @@ int xfrm6_extract_header(struct sk_buff *skb) | |||
178 | XFRM_MODE_SKB_CB(skb)->frag_off = htons(IP_DF); | 178 | XFRM_MODE_SKB_CB(skb)->frag_off = htons(IP_DF); |
179 | XFRM_MODE_SKB_CB(skb)->tos = ipv6_get_dsfield(iph); | 179 | XFRM_MODE_SKB_CB(skb)->tos = ipv6_get_dsfield(iph); |
180 | XFRM_MODE_SKB_CB(skb)->ttl = iph->hop_limit; | 180 | XFRM_MODE_SKB_CB(skb)->ttl = iph->hop_limit; |
181 | XFRM_MODE_SKB_CB(skb)->protocol = | ||
182 | skb_network_header(skb)[IP6CB(skb)->nhoff]; | ||
183 | memcpy(XFRM_MODE_SKB_CB(skb)->flow_lbl, iph->flow_lbl, | 181 | memcpy(XFRM_MODE_SKB_CB(skb)->flow_lbl, iph->flow_lbl, |
184 | sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl)); | 182 | sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl)); |
185 | 183 | ||
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 5cad522e8ef6..cce9d4586045 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c | |||
@@ -102,7 +102,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
102 | __be32 seq; | 102 | __be32 seq; |
103 | struct xfrm_state *x; | 103 | struct xfrm_state *x; |
104 | int decaps = 0; | 104 | int decaps = 0; |
105 | unsigned int nhoff = XFRM_SPI_SKB_CB(skb)->nhoff; | ||
106 | unsigned int daddroff = XFRM_SPI_SKB_CB(skb)->daddroff; | 105 | unsigned int daddroff = XFRM_SPI_SKB_CB(skb)->daddroff; |
107 | 106 | ||
108 | /* Allocate new secpath or COW existing one. */ | 107 | /* Allocate new secpath or COW existing one. */ |
@@ -157,8 +156,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
157 | goto drop_unlock; | 156 | goto drop_unlock; |
158 | } | 157 | } |
159 | 158 | ||
160 | skb_network_header(skb)[nhoff] = nexthdr; | ||
161 | |||
162 | /* only the first xfrm gets the encap type */ | 159 | /* only the first xfrm gets the encap type */ |
163 | encap_type = 0; | 160 | encap_type = 0; |
164 | 161 | ||
@@ -170,6 +167,8 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
170 | 167 | ||
171 | spin_unlock(&x->lock); | 168 | spin_unlock(&x->lock); |
172 | 169 | ||
170 | XFRM_MODE_SKB_CB(skb)->protocol = nexthdr; | ||
171 | |||
173 | if (x->inner_mode->input(x, skb)) | 172 | if (x->inner_mode->input(x, skb)) |
174 | goto drop; | 173 | goto drop; |
175 | 174 | ||