1 files changed, 19 insertions, 7 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 13b29360d102..b5c205b57669 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -253,7 +253,8 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
                 *    as per draft-ietf-ipsec-udp-encaps-06,
                 *    section 3.1.2
                 */
-                if (x->props.mode == XFRM_MODE_TRANSPORT)
+                if (x->props.mode == XFRM_MODE_TRANSPORT ||
+                    x->props.mode == XFRM_MODE_BEET)
                        skb->ip_summed = CHECKSUM_UNNECESSARY;
        }
@@ -271,17 +272,28 @@ static u32 esp4_get_max_size(struct xfrm_state *x, int mtu)
 {
        struct esp_data *esp = x->data;
        u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4);
+        int enclen = 0;
-        if (x->props.mode == XFRM_MODE_TUNNEL) {
-                mtu = ALIGN(mtu + 2, blksize);
+        switch (x->props.mode) {
-        } else {
+        case XFRM_MODE_TUNNEL:
-                /* The worst case. */
+                mtu = ALIGN(mtu +2, blksize);
+                break;
+        default:
+        case XFRM_MODE_TRANSPORT:
+                /* The worst case */
                mtu = ALIGN(mtu + 2, 4) + blksize - 4;
+                break;
+        case XFRM_MODE_BEET:
+                /* The worst case. */
+                enclen = IPV4_BEET_PHMAXLEN;
+                mtu = ALIGN(mtu + enclen + 2, blksize);
+                break;
        }
        if (esp->conf.padlen)
                mtu = ALIGN(mtu, esp->conf.padlen);
-        return mtu + x->props.header_len + esp->auth.icv_trunc_len;
+        return mtu + x->props.header_len + esp->auth.icv_trunc_len - enclen;
 }
 static void esp4_err(struct sk_buff *skb, u32 info)

diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 13b29360d102..b5c205b57669 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c
@@ -253,7 +253,8 @@ static int esp_input(struct xfrm_state x, struct sk_buff skb)
253	* as per draft-ietf-ipsec-udp-encaps-06,	253	* as per draft-ietf-ipsec-udp-encaps-06,
254	* section 3.1.2	254	* section 3.1.2
255	*/	255	*/
256	if (x->props.mode == XFRM_MODE_TRANSPORT)	256	if (x->props.mode == XFRM_MODE_TRANSPORT \|\|
		257	x->props.mode == XFRM_MODE_BEET)
257	skb->ip_summed = CHECKSUM_UNNECESSARY;	258	skb->ip_summed = CHECKSUM_UNNECESSARY;
258	}	259	}
259		260
@@ -271,17 +272,28 @@ static u32 esp4_get_max_size(struct xfrm_state *x, int mtu)
271	{	272	{
272	struct esp_data *esp = x->data;	273	struct esp_data *esp = x->data;
273	u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4);	274	u32 blksize = ALIGN(crypto_blkcipher_blocksize(esp->conf.tfm), 4);
274		275	int enclen = 0;
275	if (x->props.mode == XFRM_MODE_TUNNEL) {	276
276	mtu = ALIGN(mtu + 2, blksize);	277	switch (x->props.mode) {
277	} else {	278	case XFRM_MODE_TUNNEL:
278	/* The worst case. */	279	mtu = ALIGN(mtu +2, blksize);
		280	break;
		281	default:
		282	case XFRM_MODE_TRANSPORT:
		283	/* The worst case */
279	mtu = ALIGN(mtu + 2, 4) + blksize - 4;	284	mtu = ALIGN(mtu + 2, 4) + blksize - 4;
		285	break;
		286	case XFRM_MODE_BEET:
		287	/* The worst case. */
		288	enclen = IPV4_BEET_PHMAXLEN;
		289	mtu = ALIGN(mtu + enclen + 2, blksize);
		290	break;
280	}	291	}
		292
281	if (esp->conf.padlen)	293	if (esp->conf.padlen)
282	mtu = ALIGN(mtu, esp->conf.padlen);	294	mtu = ALIGN(mtu, esp->conf.padlen);
283		295
284	return mtu + x->props.header_len + esp->auth.icv_trunc_len;	296	return mtu + x->props.header_len + esp->auth.icv_trunc_len - enclen;
285	}	297	}
286		298
287	static void esp4_err(struct sk_buff *skb, u32 info)	299	static void esp4_err(struct sk_buff *skb, u32 info)