Merge tag 'ipsec-next-2023-04-19' of...

{

	int err = -EINVAL;

	if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP)

		goto out;

	if (!pskb_may_pull(skb, sizeof(struct iphdr)))

		goto out;

{

	int err = -EINVAL;

	if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPV6)

		goto out;

	if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))

		goto out;

 */

static int

xfrm_inner_mode_encap_remove(struct xfrm_state *x,

			     const struct xfrm_mode *inner_mode,

			     struct sk_buff *skb)

{

	switch (inner_mode->encap) {

	switch (x->props.mode) {

	case XFRM_MODE_BEET:

		if (inner_mode->family == AF_INET)

		switch (XFRM_MODE_SKB_CB(skb)->protocol) {

		case IPPROTO_IPIP:

		case IPPROTO_BEETPH:

			return xfrm4_remove_beet_encap(x, skb);

		if (inner_mode->family == AF_INET6)

		case IPPROTO_IPV6:

			return xfrm6_remove_beet_encap(x, skb);

		}

		break;

	case XFRM_MODE_TUNNEL:

		if (inner_mode->family == AF_INET)

		switch (XFRM_MODE_SKB_CB(skb)->protocol) {

		case IPPROTO_IPIP:

			return xfrm4_remove_tunnel_encap(x, skb);

		if (inner_mode->family == AF_INET6)

		case IPPROTO_IPV6:

			return xfrm6_remove_tunnel_encap(x, skb);

		break;

		}

	}

	WARN_ON_ONCE(1);

	return -EOPNOTSUPP;

static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)

{

	const struct xfrm_mode *inner_mode = &x->inner_mode;

	switch (x->outer_mode.family) {

	switch (x->props.family) {

	case AF_INET:

		xfrm4_extract_header(skb);

		break;

		return -EAFNOSUPPORT;

	}

	if (x->sel.family == AF_UNSPEC) {

		inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);

		if (!inner_mode)

			return -EAFNOSUPPORT;

	}

	switch (inner_mode->family) {

	case AF_INET:

	switch (XFRM_MODE_SKB_CB(skb)->protocol) {

	case IPPROTO_IPIP:

	case IPPROTO_BEETPH:

		skb->protocol = htons(ETH_P_IP);

		break;

	case AF_INET6:

	case IPPROTO_IPV6:

		skb->protocol = htons(ETH_P_IPV6);

		break;

	default:

		break;

	}

	return xfrm_inner_mode_encap_remove(x, inner_mode, skb);

	return xfrm_inner_mode_encap_remove(x, skb);

}

/* Remove encapsulation header.

}

static int xfrm_inner_mode_input(struct xfrm_state *x,

				 const struct xfrm_mode *inner_mode,

				 struct sk_buff *skb)

{

	switch (inner_mode->encap) {

	switch (x->props.mode) {

	case XFRM_MODE_BEET:

	case XFRM_MODE_TUNNEL:

		return xfrm_prepare_input(x, skb);

	case XFRM_MODE_TRANSPORT:

		if (inner_mode->family == AF_INET)

		if (x->props.family == AF_INET)

			return xfrm4_transport_input(x, skb);

		if (inner_mode->family == AF_INET6)

		if (x->props.family == AF_INET6)

			return xfrm6_transport_input(x, skb);

		break;

	case XFRM_MODE_ROUTEOPTIMIZATION:

{

	const struct xfrm_state_afinfo *afinfo;

	struct net *net = dev_net(skb->dev);

	const struct xfrm_mode *inner_mode;

	int err;

	__be32 seq;

	__be32 seq_hi;

			goto drop;

		}

		family = x->outer_mode.family;

		family = x->props.family;

		/* An encap_type of -1 indicates async resumption. */

		if (encap_type == -1) {

		XFRM_MODE_SKB_CB(skb)->protocol = nexthdr;

		inner_mode = &x->inner_mode;

		if (x->sel.family == AF_UNSPEC) {

			inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);

			if (inner_mode == NULL) {

				XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);

				goto drop;

			}

		}

		if (xfrm_inner_mode_input(x, inner_mode, skb)) {

		if (xfrm_inner_mode_input(x, skb)) {

			XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);

			goto drop;

		}

		 * transport mode so the outer address is identical.

		 */

		daddr = &x->id.daddr;

		family = x->outer_mode.family;

		family = x->props.family;

		err = xfrm_parse_spi(skb, nexthdr, &spi, &seq);

		if (err < 0) {

		err = -EAFNOSUPPORT;

		rcu_read_lock();

		afinfo = xfrm_state_afinfo_get_rcu(x->inner_mode.family);

		afinfo = xfrm_state_afinfo_get_rcu(x->props.family);

		if (likely(afinfo))

			err = afinfo->transport_finish(skb, xfrm_gro || async);

		rcu_read_unlock();

	IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE;

	skb->protocol = htons(ETH_P_IP);

	switch (x->outer_mode.encap) {

	switch (x->props.mode) {

	case XFRM_MODE_BEET:

		return xfrm4_beet_encap_add(x, skb);

	case XFRM_MODE_TUNNEL:

	skb->ignore_df = 1;

	skb->protocol = htons(ETH_P_IPV6);

	switch (x->outer_mode.encap) {

	switch (x->props.mode) {

	case XFRM_MODE_BEET:

		return xfrm6_beet_encap_add(x, skb);

	case XFRM_MODE_TUNNEL:

static int xfrm_outer_mode_output(struct xfrm_state *x, struct sk_buff *skb)

{

	switch (x->outer_mode.encap) {

	switch (x->props.mode) {

	case XFRM_MODE_BEET:

	case XFRM_MODE_TUNNEL:

		if (x->outer_mode.family == AF_INET)

		if (x->props.family == AF_INET)

			return xfrm4_prepare_output(x, skb);

		if (x->outer_mode.family == AF_INET6)

		if (x->props.family == AF_INET6)

			return xfrm6_prepare_output(x, skb);

		break;

	case XFRM_MODE_TRANSPORT:

		if (x->outer_mode.family == AF_INET)

		if (x->props.family == AF_INET)

			return xfrm4_transport_output(x, skb);

		if (x->outer_mode.family == AF_INET6)

		if (x->props.family == AF_INET6)

			return xfrm6_transport_output(x, skb);

		break;

	case XFRM_MODE_ROUTEOPTIMIZATION:

		if (x->outer_mode.family == AF_INET6)

		if (x->props.family == AF_INET6)

			return xfrm6_ro_output(x, skb);

		WARN_ON_ONCE(1);

		break;

static int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb)

{

	const struct xfrm_mode *inner_mode;

	if (x->sel.family == AF_UNSPEC)

		inner_mode = xfrm_ip2inner_mode(x,

				xfrm_af2proto(skb_dst(skb)->ops->family));

	else

		inner_mode = &x->inner_mode;

	if (inner_mode == NULL)

		return -EAFNOSUPPORT;

	switch (inner_mode->family) {

	case AF_INET:

	switch (skb->protocol) {

	case htons(ETH_P_IP):

		return xfrm4_extract_output(x, skb);

	case AF_INET6:

	case htons(ETH_P_IPV6):

		return xfrm6_extract_output(x, skb);

	}