diff options
author | Li RongQing <roy.qing.li@gmail.com> | 2012-12-28 09:07:16 +0100 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2013-01-08 12:41:30 +0100 |
commit | 7143dfac692cd25d48a24dbe8323bc17af95b4ec (patch) | |
tree | b7bd65be7b147b50b4c09f9c1523ed7097586750 /net/ipv4/esp4.c | |
parent | ipv4: fix NULL checking in devinet_ioctl() (diff) | |
download | linux-7143dfac692cd25d48a24dbe8323bc17af95b4ec.tar.xz linux-7143dfac692cd25d48a24dbe8323bc17af95b4ec.zip |
ah4/esp4: set transport header correctly for IPsec tunnel mode.
IPsec tunnel does not set ECN field to CE in inner header when
the ECN field in the outer header is CE, and the ECN field in
the inner header is ECT(0) or ECT(1).
The cause is ipip_hdr() does not return the correct address of
inner header since skb->transport-header is not the inner header
after esp_input_done2(), or ah_input().
Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/ipv4/esp4.c')
-rw-r--r-- | net/ipv4/esp4.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index b61e9deb7c7e..fd26ff4f3eac 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -346,7 +346,10 @@ static int esp_input_done2(struct sk_buff *skb, int err) pskb_trim(skb, skb->len - alen - padlen - 2); __skb_pull(skb, hlen); - skb_set_transport_header(skb, -ihl); + if (x->props.mode == XFRM_MODE_TUNNEL) + skb_reset_transport_header(skb); + else + skb_set_transport_header(skb, -ihl); err = nexthdr[1]; |