return xfrm4_extract_header(skb);
}
-#ifdef CONFIG_NETFILTER
static inline int xfrm4_rcv_encap_finish(struct sk_buff *skb)
{
if (skb->dst == NULL) {
kfree_skb(skb);
return NET_RX_DROP;
}
-#endif
int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
int encap_type)
{
- XFRM_SPI_SKB_CB(skb)->nhoff = offsetof(struct iphdr, protocol);
+ XFRM_SPI_SKB_CB(skb)->family = AF_INET;
XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
return xfrm_input(skb, nexthdr, spi, encap_type);
}
int xfrm4_transport_finish(struct sk_buff *skb, int async)
{
-#ifdef CONFIG_NETFILTER
+ struct iphdr *iph = ip_hdr(skb);
+
+ iph->protocol = XFRM_MODE_SKB_CB(skb)->protocol;
+
+#ifndef CONFIG_NETFILTER
+ if (!async)
+ return -iph->protocol;
+#endif
+
__skb_push(skb, skb->data - skb_network_header(skb));
- ip_hdr(skb)->tot_len = htons(skb->len);
- ip_send_check(ip_hdr(skb));
+ iph->tot_len = htons(skb->len);
+ ip_send_check(iph);
- NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL,
+ NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
xfrm4_rcv_encap_finish);
return 0;
-#else
- return -ip_hdr(skb)->protocol;
-#endif
}
/* If it's a keepalive packet, then just eat it.
struct udphdr *uh;
struct iphdr *iph;
int iphlen, len;
- int ret;
__u8 *udpdata;
__be32 *udpdata32;
skb_reset_transport_header(skb);
/* process ESP */
- ret = xfrm4_rcv_encap(skb, IPPROTO_ESP, 0, encap_type);
- return ret;
+ return xfrm4_rcv_encap(skb, IPPROTO_ESP, 0, encap_type);
drop:
kfree_skb(skb);