Commit 25f6802b authored by Sabrina Dubroca's avatar Sabrina Dubroca Committed by Steffen Klassert

esp4: prepare esp_input_done2 for non-UDP encapsulation

For espintcp encapsulation, we will need to get the source port from the
TCP header instead of UDP. Introduce a variable to hold the port.
Co-developed-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent cac3c716
...@@ -601,6 +601,18 @@ int esp_input_done2(struct sk_buff *skb, int err) ...@@ -601,6 +601,18 @@ int esp_input_done2(struct sk_buff *skb, int err)
if (x->encap) { if (x->encap) {
struct xfrm_encap_tmpl *encap = x->encap; struct xfrm_encap_tmpl *encap = x->encap;
struct udphdr *uh = (void *)(skb_network_header(skb) + ihl); struct udphdr *uh = (void *)(skb_network_header(skb) + ihl);
__be16 source;
switch (x->encap->encap_type) {
case UDP_ENCAP_ESPINUDP:
case UDP_ENCAP_ESPINUDP_NON_IKE:
source = uh->source;
break;
default:
WARN_ON_ONCE(1);
err = -EINVAL;
goto out;
}
/* /*
* 1) if the NAT-T peer's IP or port changed then * 1) if the NAT-T peer's IP or port changed then
...@@ -609,11 +621,11 @@ int esp_input_done2(struct sk_buff *skb, int err) ...@@ -609,11 +621,11 @@ int esp_input_done2(struct sk_buff *skb, int err)
* SRC ports. * SRC ports.
*/ */
if (iph->saddr != x->props.saddr.a4 || if (iph->saddr != x->props.saddr.a4 ||
uh->source != encap->encap_sport) { source != encap->encap_sport) {
xfrm_address_t ipaddr; xfrm_address_t ipaddr;
ipaddr.a4 = iph->saddr; ipaddr.a4 = iph->saddr;
km_new_mapping(x, &ipaddr, uh->source); km_new_mapping(x, &ipaddr, source);
/* XXX: perhaps add an extra /* XXX: perhaps add an extra
* policy check here, to see * policy check here, to see
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment