From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Sun, 6 Jan 2008 16:09:41 +1100
Subject: [ipv4] esp: discard dummy packets from rfc4303
Message-id: E1JBNlV-0001Cm-00@gondolin.me.apana.org.au
O-Subject: [PATCH 26/32] [IPv4] ESP: Discard dummy packets introduced in rfc4303
Bugzilla: 427872

[IPv4] ESP: Discard dummy packets introduced in rfc4303

RFC4303 introduces dummy packets with a nexthdr value of 59
to implement traffic confidentiality. Such packets need to
be dropped silently and the payload may not be attempted to
be parsed as it consists of random chunk.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Acked-by: "David S. Miller" <davem@redhat.com>

diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 0dd43a9..33e9472 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -6,6 +6,7 @@
 #include <net/xfrm.h>
 #include <net/esp.h>
 #include <linux/scatterlist.h>
+#include <linux/in6.h>
 #include <linux/kernel.h>
 #include <linux/pfkeyv2.h>
 #include <linux/rtnetlink.h>
@@ -296,6 +297,10 @@ static int esp_input_done2(struct xfrm_state *x, struct sk_buff *skb, int err)
 	pskb_trim(skb, skb->len - alen - padlen - 2);
 	skb->h.raw = __skb_pull(skb, hlen) - ihl;
 
+	/* RFC4303: Drop dummy packets without any error */
+	if (iph->protocol == IPPROTO_NONE)
+		goto out;
+
 	err = 0;
 
 out: