diff options
author | Patrick McHardy <kaber@trash.net> | 2007-04-05 15:59:41 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-04-05 15:59:41 -0700 |
commit | d4b1e840629562953d81c9fe0a3a67473f3d993c (patch) | |
tree | d20d023cfcb113207a1bb0a3bb18e2e8a48133d7 /net/ipv4/xfrm4_mode_beet.c | |
parent | 04fef9893a1fa5d429522e09bc9591736408f2e8 (diff) | |
download | lwn-d4b1e840629562953d81c9fe0a3a67473f3d993c.tar.gz lwn-d4b1e840629562953d81c9fe0a3a67473f3d993c.zip |
[XFRM]: beet: fix beet mode decapsulation
Beet mode decapsulation fails to properly set up the skb pointers, which
only works by accident in combination with CONFIG_NETFILTER, since in that
case the skb is fixed up in xfrm4_input before passing it to the netfilter
hooks.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/xfrm4_mode_beet.c')
-rw-r--r-- | net/ipv4/xfrm4_mode_beet.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c index f8544b7f02de..b94775a86863 100644 --- a/net/ipv4/xfrm4_mode_beet.c +++ b/net/ipv4/xfrm4_mode_beet.c @@ -83,24 +83,24 @@ static int xfrm4_beet_input(struct xfrm_state *x, struct sk_buff *skb) if (!pskb_may_pull(skb, sizeof(*ph))) goto out; - phlen = ph->hdrlen * 8; - optlen = phlen - ph->padlen - sizeof(*ph); + phlen = sizeof(*ph) + ph->padlen; + optlen = ph->hdrlen * 8 - phlen; if (optlen < 0 || optlen & 3 || optlen > 250) goto out; - if (!pskb_may_pull(skb, phlen)) + if (!pskb_may_pull(skb, phlen + optlen)) goto out; ph_nexthdr = ph->nexthdr; } - skb_push(skb, sizeof(*iph) - phlen + optlen); - memmove(skb->data, skb->nh.raw, sizeof(*iph)); - skb->nh.raw = skb->data; + skb->nh.raw = skb->data + (phlen - sizeof(*iph)); + memmove(skb->nh.raw, iph, sizeof(*iph)); + skb->h.raw = skb->data + (phlen + optlen); iph = skb->nh.iph; iph->ihl = (sizeof(*iph) + optlen) / 4; - iph->tot_len = htons(skb->len); + iph->tot_len = htons(skb->len + iph->ihl * 4); iph->daddr = x->sel.daddr.a4; iph->saddr = x->sel.saddr.a4; if (ph_nexthdr) |