[XFRM]: beet: fix IP option encapsulation

Beet mode calculates an incorrect value for the transport header location
when IP options are present, resulting in encapsulation errors.

The correct location is 4 or 8 bytes before the end of the original IP
header, depending on whether the pseudo header is padded.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c
index 89cf59ea7bbe7af9ba15ea5ca2674466edfb0e67..16efc66a7c3f5eccda3e47983c3dc15f97ce609e 100644 (file)
--- a/net/ipv4/xfrm4_mode_beet.c
+++ b/net/ipv4/xfrm4_mode_beet.c
@@ -42,10 +42,9 @@ static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
 
        skb->nh.raw = skb_push(skb, x->props.header_len + hdrlen);
        top_iph = skb->nh.iph;
-       hdrlen = iph->ihl * 4 - optlen;
-       skb->h.raw += hdrlen;
+       skb->h.raw += sizeof(*iph) - hdrlen;
 
-       memmove(top_iph, iph, hdrlen);
+       memmove(top_iph, iph, sizeof(*iph));
        if (unlikely(optlen)) {
                struct ip_beet_phdr *ph;