aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6/xfrm6_policy.c
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-12-12 13:44:16 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:57:22 -0500
commitd5422efe680fc55010c6ddca2370ca9548a96355 (patch)
treef72fa5eb779c8ae7d49688a9caac9b69a1f3bd58 /net/ipv6/xfrm6_policy.c
parent815f4e57e9fc67456624ecde0515a901368c78d2 (diff)
[IPSEC]: Added xfrm_decode_session_reverse and xfrmX_policy_check_reverse
RFC 4301 requires us to relookup ICMP traffic that does not match any policies using the reverse of its payload. This patch adds the functions xfrm_decode_session_reverse and xfrmX_policy_check_reverse so we can get the reverse flow to perform such a lookup. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/xfrm6_policy.c')
-rw-r--r--net/ipv6/xfrm6_policy.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 181cf91538f..d26b7dc3f33 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -123,7 +123,7 @@ static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
123} 123}
124 124
125static inline void 125static inline void
126_decode_session6(struct sk_buff *skb, struct flowi *fl) 126_decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
127{ 127{
128 u16 offset = skb_network_header_len(skb); 128 u16 offset = skb_network_header_len(skb);
129 struct ipv6hdr *hdr = ipv6_hdr(skb); 129 struct ipv6hdr *hdr = ipv6_hdr(skb);
@@ -132,8 +132,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl)
132 u8 nexthdr = nh[IP6CB(skb)->nhoff]; 132 u8 nexthdr = nh[IP6CB(skb)->nhoff];
133 133
134 memset(fl, 0, sizeof(struct flowi)); 134 memset(fl, 0, sizeof(struct flowi));
135 ipv6_addr_copy(&fl->fl6_dst, &hdr->daddr); 135 ipv6_addr_copy(&fl->fl6_dst, reverse ? &hdr->saddr : &hdr->daddr);
136 ipv6_addr_copy(&fl->fl6_src, &hdr->saddr); 136 ipv6_addr_copy(&fl->fl6_src, reverse ? &hdr->daddr : &hdr->saddr);
137 137
138 while (pskb_may_pull(skb, nh + offset + 1 - skb->data)) { 138 while (pskb_may_pull(skb, nh + offset + 1 - skb->data)) {
139 nh = skb_network_header(skb); 139 nh = skb_network_header(skb);
@@ -156,8 +156,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl)
156 if (pskb_may_pull(skb, nh + offset + 4 - skb->data)) { 156 if (pskb_may_pull(skb, nh + offset + 4 - skb->data)) {
157 __be16 *ports = (__be16 *)exthdr; 157 __be16 *ports = (__be16 *)exthdr;
158 158
159 fl->fl_ip_sport = ports[0]; 159 fl->fl_ip_sport = ports[!!reverse];
160 fl->fl_ip_dport = ports[1]; 160 fl->fl_ip_dport = ports[!reverse];
161 } 161 }
162 fl->proto = nexthdr; 162 fl->proto = nexthdr;
163 return; 163 return;