提交 0883ae0e 编写于 作者: H Herbert Xu 提交者: David S. Miller

[IPSEC]: Fix transport-mode async resume on intput without netfilter

When netfilter is off the transport-mode async resumption doesn't work
because we don't push back the IP header.  This patch fixes that by
moving most of the code outside of ifdef NETFILTER since the only part
that's not common is the short-circuit in the protocol handler.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 fcb8c156
...@@ -51,7 +51,11 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async) ...@@ -51,7 +51,11 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async)
iph->protocol = XFRM_MODE_SKB_CB(skb)->protocol; iph->protocol = XFRM_MODE_SKB_CB(skb)->protocol;
#ifdef CONFIG_NETFILTER #ifndef CONFIG_NETFILTER
if (!async)
return -iph->protocol;
#endif
__skb_push(skb, skb->data - skb_network_header(skb)); __skb_push(skb, skb->data - skb_network_header(skb));
iph->tot_len = htons(skb->len); iph->tot_len = htons(skb->len);
ip_send_check(iph); ip_send_check(iph);
...@@ -59,12 +63,6 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async) ...@@ -59,12 +63,6 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async)
NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
xfrm4_rcv_encap_finish); xfrm4_rcv_encap_finish);
return 0; return 0;
#else
if (async)
return xfrm4_rcv_encap_finish(skb);
return -iph->protocol;
#endif
} }
/* If it's a keepalive packet, then just eat it. /* If it's a keepalive packet, then just eat it.
......
...@@ -34,19 +34,17 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async) ...@@ -34,19 +34,17 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async)
skb_network_header(skb)[IP6CB(skb)->nhoff] = skb_network_header(skb)[IP6CB(skb)->nhoff] =
XFRM_MODE_SKB_CB(skb)->protocol; XFRM_MODE_SKB_CB(skb)->protocol;
#ifdef CONFIG_NETFILTER #ifndef CONFIG_NETFILTER
if (!async)
return 1;
#endif
ipv6_hdr(skb)->payload_len = htons(skb->len); ipv6_hdr(skb)->payload_len = htons(skb->len);
__skb_push(skb, skb->data - skb_network_header(skb)); __skb_push(skb, skb->data - skb_network_header(skb));
NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
ip6_rcv_finish); ip6_rcv_finish);
return -1; return -1;
#else
if (async)
return ip6_rcv_finish(skb);
return 1;
#endif
} }
int xfrm6_rcv(struct sk_buff *skb) int xfrm6_rcv(struct sk_buff *skb)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册