Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1bfcb10f authored Oct 17, 2007 by Herbert Xu Committed by David S. Miller Oct 17, 2007

[IPSEC]: Add missing BEET checks



Currently BEET mode does not reinject the packet back into the stack
like tunnel mode does.  Since BEET should behave just like tunnel mode
this is incorrect.

This patch fixes this by introducing a flags field to xfrm_mode that
tells the IPsec code whether it should terminate and reinject the packet
back into the stack.

It then sets the flag for BEET and tunnel mode.

I've also added a number of missing BEET checks elsewhere where we check
whether a given mode is a tunnel or not.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent aa5d62cc

include/net/xfrm.h

+6 −0

Original line number	Diff line number	Diff line
		@@ -314,6 +314,12 @@ struct xfrm_mode {

		struct module *owner;
		unsigned int encap;
		int flags;
		};

		/* Flags for xfrm_mode. */
		enum {
		XFRM_MODE_FLAG_TUNNEL = 1,
		};

		extern int xfrm_register_mode(struct xfrm_mode *mode, int family);

net/ipv4/xfrm4_input.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -94,7 +94,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
		if (x->mode->input(x, skb))
		goto drop;

		if (x->props.mode == XFRM_MODE_TUNNEL) {
		if (x->mode->flags & XFRM_MODE_FLAG_TUNNEL) {
		decaps = 1;
		break;
		}

net/ipv4/xfrm4_mode_beet.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -114,6 +114,7 @@ static struct xfrm_mode xfrm4_beet_mode = {
		.output = xfrm4_beet_output,
		.owner = THIS_MODULE,
		.encap = XFRM_MODE_BEET,
		.flags = XFRM_MODE_FLAG_TUNNEL,
		};

		static int __init xfrm4_beet_init(void)

net/ipv4/xfrm4_mode_tunnel.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -139,6 +139,7 @@ static struct xfrm_mode xfrm4_tunnel_mode = {
		.output = xfrm4_tunnel_output,
		.owner = THIS_MODULE,
		.encap = XFRM_MODE_TUNNEL,
		.flags = XFRM_MODE_FLAG_TUNNEL,
		};

		static int __init xfrm4_tunnel_init(void)

net/ipv4/xfrm4_output.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -47,7 +47,7 @@ static inline int xfrm4_output_one(struct sk_buff *skb)
		struct iphdr *iph;
		int err;

		if (x->props.mode == XFRM_MODE_TUNNEL) {
		if (x->mode->flags & XFRM_MODE_FLAG_TUNNEL) {
		err = xfrm4_tunnel_check_size(skb);
		if (err)
		goto error_nolock;