Commit a9403f8a authored by Li RongQing's avatar Li RongQing Committed by Steffen Klassert

ah6/esp6: set transport header correctly for IPsec tunnel mode.

IPsec tunnel does not set ECN field to CE in inner header when
the ECN field in the outer header is CE, and the ECN field in
the inner header is ECT(0) or ECT(1).

The cause is ipip6_hdr() does not return the correct address of
inner header since skb->transport-header is not the inner header
after esp6_input_done2(), or ah6_input().
Signed-off-by: default avatarLi RongQing <roy.qing.li@gmail.com>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent 7143dfac
...@@ -472,6 +472,9 @@ static void ah6_input_done(struct crypto_async_request *base, int err) ...@@ -472,6 +472,9 @@ static void ah6_input_done(struct crypto_async_request *base, int err)
skb->network_header += ah_hlen; skb->network_header += ah_hlen;
memcpy(skb_network_header(skb), work_iph, hdr_len); memcpy(skb_network_header(skb), work_iph, hdr_len);
__skb_pull(skb, ah_hlen + hdr_len); __skb_pull(skb, ah_hlen + hdr_len);
if (x->props.mode == XFRM_MODE_TUNNEL)
skb_reset_transport_header(skb);
else
skb_set_transport_header(skb, -hdr_len); skb_set_transport_header(skb, -hdr_len);
out: out:
kfree(AH_SKB_CB(skb)->tmp); kfree(AH_SKB_CB(skb)->tmp);
...@@ -593,9 +596,13 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -593,9 +596,13 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb)
skb->network_header += ah_hlen; skb->network_header += ah_hlen;
memcpy(skb_network_header(skb), work_iph, hdr_len); memcpy(skb_network_header(skb), work_iph, hdr_len);
skb->transport_header = skb->network_header;
__skb_pull(skb, ah_hlen + hdr_len); __skb_pull(skb, ah_hlen + hdr_len);
if (x->props.mode == XFRM_MODE_TUNNEL)
skb_reset_transport_header(skb);
else
skb_set_transport_header(skb, -hdr_len);
err = nexthdr; err = nexthdr;
out_free: out_free:
......
...@@ -300,6 +300,9 @@ static int esp_input_done2(struct sk_buff *skb, int err) ...@@ -300,6 +300,9 @@ static int esp_input_done2(struct sk_buff *skb, int err)
pskb_trim(skb, skb->len - alen - padlen - 2); pskb_trim(skb, skb->len - alen - padlen - 2);
__skb_pull(skb, hlen); __skb_pull(skb, hlen);
if (x->props.mode == XFRM_MODE_TUNNEL)
skb_reset_transport_header(skb);
else
skb_set_transport_header(skb, -hdr_len); skb_set_transport_header(skb, -hdr_len);
err = nexthdr[1]; err = nexthdr[1];
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment