diff options
author | Joakim Koskela <jookos@gmail.com> | 2007-07-26 03:08:42 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-07-31 05:28:33 -0400 |
commit | 48b8d78315bf2aef4b6b4fb41c2c94e0b6600234 (patch) | |
tree | 9cbb0f9eeec383e74063b1b52be85da5148adf4b /net | |
parent | 196b003620f1ee8d0fc63f13f341187d63c1dc0a (diff) |
[XFRM]: State selection update to use inner addresses.
This patch modifies the xfrm state selection logic to use the inner
addresses where the outer have been (incorrectly) used. This is
required for beet mode in general and interfamily setups in both
tunnel and beet mode.
Signed-off-by: Joakim Koskela <jookos@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com>
Signed-off-by: Miika Komu <miika@iki.fi>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/xfrm/xfrm_policy.c | 3 | ||||
-rw-r--r-- | net/xfrm/xfrm_state.c | 4 |
2 files changed, 4 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index c3a4b0a1868..95a47304336 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -1299,7 +1299,8 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, struct flowi *fl, | |||
1299 | xfrm_address_t *local = saddr; | 1299 | xfrm_address_t *local = saddr; |
1300 | struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i]; | 1300 | struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i]; |
1301 | 1301 | ||
1302 | if (tmpl->mode == XFRM_MODE_TUNNEL) { | 1302 | if (tmpl->mode == XFRM_MODE_TUNNEL || |
1303 | tmpl->mode == XFRM_MODE_BEET) { | ||
1303 | remote = &tmpl->id.daddr; | 1304 | remote = &tmpl->id.daddr; |
1304 | local = &tmpl->saddr; | 1305 | local = &tmpl->saddr; |
1305 | family = tmpl->encap_family; | 1306 | family = tmpl->encap_family; |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 38f90ca75b1..31be405efb5 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
@@ -611,7 +611,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, | |||
611 | selector. | 611 | selector. |
612 | */ | 612 | */ |
613 | if (x->km.state == XFRM_STATE_VALID) { | 613 | if (x->km.state == XFRM_STATE_VALID) { |
614 | if (!xfrm_selector_match(&x->sel, fl, family) || | 614 | if (!xfrm_selector_match(&x->sel, fl, x->sel.family) || |
615 | !security_xfrm_state_pol_flow_match(x, pol, fl)) | 615 | !security_xfrm_state_pol_flow_match(x, pol, fl)) |
616 | continue; | 616 | continue; |
617 | if (!best || | 617 | if (!best || |
@@ -623,7 +623,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, | |||
623 | acquire_in_progress = 1; | 623 | acquire_in_progress = 1; |
624 | } else if (x->km.state == XFRM_STATE_ERROR || | 624 | } else if (x->km.state == XFRM_STATE_ERROR || |
625 | x->km.state == XFRM_STATE_EXPIRED) { | 625 | x->km.state == XFRM_STATE_EXPIRED) { |
626 | if (xfrm_selector_match(&x->sel, fl, family) && | 626 | if (xfrm_selector_match(&x->sel, fl, x->sel.family) && |
627 | security_xfrm_state_pol_flow_match(x, pol, fl)) | 627 | security_xfrm_state_pol_flow_match(x, pol, fl)) |
628 | error = -ESRCH; | 628 | error = -ESRCH; |
629 | } | 629 | } |