Commit 0883ae0e authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller
Browse files

[IPSEC]: Fix transport-mode async resume on intput without netfilter



When netfilter is off the transport-mode async resumption doesn't work
because we don't push back the IP header.  This patch fixes that by
moving most of the code outside of ifdef NETFILTER since the only part
that's not common is the short-circuit in the protocol handler.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent fcb8c156
......@@ -51,7 +51,11 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async)
iph->protocol = XFRM_MODE_SKB_CB(skb)->protocol;
#ifdef CONFIG_NETFILTER
#ifndef CONFIG_NETFILTER
if (!async)
return -iph->protocol;
#endif
__skb_push(skb, skb->data - skb_network_header(skb));
iph->tot_len = htons(skb->len);
ip_send_check(iph);
......@@ -59,12 +63,6 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async)
NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
xfrm4_rcv_encap_finish);
return 0;
#else
if (async)
return xfrm4_rcv_encap_finish(skb);
return -iph->protocol;
#endif
}
/* If it's a keepalive packet, then just eat it.
......
......@@ -34,19 +34,17 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async)
skb_network_header(skb)[IP6CB(skb)->nhoff] =
XFRM_MODE_SKB_CB(skb)->protocol;
#ifdef CONFIG_NETFILTER
#ifndef CONFIG_NETFILTER
if (!async)
return 1;
#endif
ipv6_hdr(skb)->payload_len = htons(skb->len);
__skb_push(skb, skb->data - skb_network_header(skb));
NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
ip6_rcv_finish);
return -1;
#else
if (async)
return ip6_rcv_finish(skb);
return 1;
#endif
}
int xfrm6_rcv(struct sk_buff *skb)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment