From 254d0d24e31c3df64ccfff349c9aa9d1e5989819 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 5 Apr 2007 16:03:33 -0700 Subject: [PATCH] [XFRM]: beet: fix IP option decapsulation Beet mode looks for the beet pseudo header after the outer IP header, which is wrong since that is followed by the ESP header. Additionally it needs to adjust the packet length after removing the pseudo header and point the data pointer to the real data location. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/ipv4/xfrm4_mode_beet.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c index b94775a868..f68dfd8a0f 100644 --- a/net/ipv4/xfrm4_mode_beet.c +++ b/net/ipv4/xfrm4_mode_beet.c @@ -78,10 +78,11 @@ static int xfrm4_beet_input(struct xfrm_state *x, struct sk_buff *skb) protocol = iph->protocol; if (unlikely(iph->protocol == IPPROTO_BEETPH)) { - struct ip_beet_phdr *ph = (struct ip_beet_phdr*)(iph + 1); + struct ip_beet_phdr *ph; if (!pskb_may_pull(skb, sizeof(*ph))) goto out; + ph = (struct ip_beet_phdr *)(skb->h.ipiph + 1); phlen = sizeof(*ph) + ph->padlen; optlen = ph->hdrlen * 8 - phlen; @@ -90,6 +91,7 @@ static int xfrm4_beet_input(struct xfrm_state *x, struct sk_buff *skb) if (!pskb_may_pull(skb, phlen + optlen)) goto out; + skb->len -= phlen + optlen; ph_nexthdr = ph->nexthdr; } @@ -97,6 +99,7 @@ static int xfrm4_beet_input(struct xfrm_state *x, struct sk_buff *skb) skb->nh.raw = skb->data + (phlen - sizeof(*iph)); memmove(skb->nh.raw, iph, sizeof(*iph)); skb->h.raw = skb->data + (phlen + optlen); + skb->data = skb->h.raw; iph = skb->nh.iph; iph->ihl = (sizeof(*iph) + optlen) / 4; -- 2.20.1