Skip to content

L
linux
Commit 86b125f5 authored by Harald Welte's avatar Harald Welte Committed by David S. Miller
Browse files
Options

[NETFILTER]: Use in-kernel IPSEC structures in iptables esp (by Patrick McHardy).

parent eeb76312
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 5 deletions
net/ipv4/netfilter/ipt_esp.c
View file @ 86b125f5
/* Kernel module to match ESP parameters. */ /* Kernel module to match ESP parameters. */
#include <linux/module.h> #include <linux/module.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/netfilter_ipv4/ipt_esp.h> #include <linux/netfilter_ipv4/ipt_esp.h>
#include <linux/netfilter_ipv4/ip_tables.h> #include <linux/netfilter_ipv4/ip_tables.h>
...@@ -13,10 +14,6 @@ MODULE_LICENSE("GPL"); ...@@ -13,10 +14,6 @@ MODULE_LICENSE("GPL");
#define duprintf(format, args...) #define duprintf(format, args...)
#endif #endif
struct esphdr {
__u32 spi;
};
/* Returns 1 if the spi is matched by the range, 0 otherwise */ /* Returns 1 if the spi is matched by the range, 0 otherwise */
static inline int static inline int
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
...@@ -37,7 +34,7 @@ match(const struct sk_buff *skb, ...@@ -37,7 +34,7 @@ match(const struct sk_buff *skb,
int offset, int offset,
int *hotdrop) int *hotdrop)
{ {
struct esphdr esp; struct ip_esp_hdr esp;
const struct ipt_esp *espinfo = matchinfo; const struct ipt_esp *espinfo = matchinfo;
/* Must not be a fragment. */ /* Must not be a fragment. */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7