*seq = *(__be32*)(skb_transport_header(skb) + offset_seq);
return 0;
}
-EXPORT_SYMBOL(xfrm_parse_spi);
int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
{
+ struct xfrm_mode *inner_mode = x->inner_mode;
int err;
err = x->outer_mode->afinfo->extract_input(x, skb);
if (err)
return err;
- skb->protocol = x->inner_mode->afinfo->eth_proto;
- return x->inner_mode->input2(x, skb);
+ if (x->sel.family == AF_UNSPEC) {
+ inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
+ if (inner_mode == NULL)
+ return -EAFNOSUPPORT;
+ }
+
+ skb->protocol = inner_mode->afinfo->eth_proto;
+ return inner_mode->input2(x, skb);
}
EXPORT_SYMBOL(xfrm_prepare_input);
__be32 seq;
struct xfrm_state *x;
xfrm_address_t *daddr;
+ struct xfrm_mode *inner_mode;
unsigned int family;
int decaps = 0;
int async = 0;
if (encap_type < 0) {
async = 1;
x = xfrm_input_state(skb);
- seq = XFRM_SKB_CB(skb)->seq;
+ seq = XFRM_SKB_CB(skb)->seq.input;
goto resume;
}
}
if ((x->encap ? x->encap->encap_type : 0) != encap_type) {
- XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEINVALID);
+ XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEMISMATCH);
goto drop_unlock;
}
if (x->props.replay_window && xfrm_replay_check(x, skb, seq)) {
- XFRM_INC_STATS(LINUX_MIB_XFRMINSEQOUTOFWINDOW);
+ XFRM_INC_STATS(LINUX_MIB_XFRMINSTATESEQERROR);
goto drop_unlock;
}
spin_unlock(&x->lock);
- XFRM_SKB_CB(skb)->seq = seq;
+ XFRM_SKB_CB(skb)->seq.input = seq;
nexthdr = x->type->input(x, skb);
resume:
spin_lock(&x->lock);
if (nexthdr <= 0) {
- if (nexthdr == -EBADMSG)
+ if (nexthdr == -EBADMSG) {
+ xfrm_audit_state_icvfail(x, skb,
+ x->type->proto);
x->stats.integrity_failed++;
+ }
XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEPROTOERROR);
goto drop_unlock;
}
XFRM_MODE_SKB_CB(skb)->protocol = nexthdr;
- if (x->inner_mode->input(x, skb)) {
+ inner_mode = x->inner_mode;
+
+ if (x->sel.family == AF_UNSPEC) {
+ inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
+ if (inner_mode == NULL)
+ goto drop;
+ }
+
+ if (inner_mode->input(x, skb)) {
XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEMODEERROR);
goto drop;
}