• Herbert Xu's avatar
    [IPSEC]: Fix BEET output · 732c8bd5
    Herbert Xu authored
    The IPv6 BEET output function is incorrectly including the inner
    header in the payload to be protected.  This causes a crash as
    the packet doesn't actually have that many bytes for a second
    header.
    
    The IPv4 BEET output on the other hand is broken when it comes
    to handling an inner IPv6 header since it always assumes an
    inner IPv4 header.
    
    This patch fixes both by making sure that neither BEET output
    function touches the inner header at all.  All access is now
    done through the protocol-independent cb structure.  Two new
    attributes are added to make this work, the IP header length
    and the IPv4 option length.  They're filled in by the inner
    mode's output function.
    
    Thanks to Joakim Koskela for finding this problem.
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    732c8bd5
xfrm6_state.c 4.8 KB