Commit c5027c9a authored Apr 05, 2007 by Patrick McHardy Committed by David S. Miller Apr 05, 2007

[XFRM]: beet: fix IP option encapsulation



Beet mode calculates an incorrect value for the transport header location
when IP options are present, resulting in encapsulation errors.

The correct location is 4 or 8 bytes before the end of the original IP
header, depending on whether the pseudo header is padded.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 4c4d51a7

net/ipv4/xfrm4_mode_beet.c

+2 −3

Original line number	Diff line number	Diff line
		@@ -42,10 +42,9 @@ static int xfrm4_beet_output(struct xfrm_state x, struct sk_buff skb)

		skb->nh.raw = skb_push(skb, x->props.header_len + hdrlen);
		top_iph = skb->nh.iph;
		hdrlen = iph->ihl * 4 - optlen;
		skb->h.raw += hdrlen;
		skb->h.raw += sizeof(*iph) - hdrlen;

		memmove(top_iph, iph, hdrlen);
		memmove(top_iph, iph, sizeof(*iph));
		if (unlikely(optlen)) {
		struct ip_beet_phdr *ph;