[IPSEC]: Added xfrm_decode_session_reverse and xfrmX_policy_check_reverse

RFC 4301 requires us to relookup ICMP traffic that does not match any policies using the reverse of its payload. This patch adds the functions xfrm_decode_session_reverse and xfrmX_policy_check_reverse so we can get the reverse flow to perform such a lookup. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Herbert Xu <herbert@gondor.apana.org.au> 2007-12-12 13:44:16 -0500
committer: David S. Miller <davem@davemloft.net> 2008-01-28 17:57:22 -0500
commit: d5422efe680fc55010c6ddca2370ca9548a96355 (patch)
tree: f72fa5eb779c8ae7d49688a9caac9b69a1f3bd58 /net/ipv4/xfrm4_policy.c
parent: 815f4e57e9fc67456624ecde0515a901368c78d2 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 10b72d185bb9..5ccae3a463c2 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -115,7 +115,7 @@ static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
 }
 static void
-_decode_session4(struct sk_buff *skb, struct flowi *fl)
+_decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
 {
        struct iphdr *iph = ip_hdr(skb);
        u8 *xprth = skb_network_header(skb) + iph->ihl * 4;
@@ -131,8 +131,8 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl)
                        if (pskb_may_pull(skb, xprth + 4 - skb->data)) {
                                __be16 *ports = (__be16 *)xprth;
-                                fl->fl_ip_sport = ports[0];
+                                fl->fl_ip_sport = ports[!!reverse];
-                                fl->fl_ip_dport = ports[1];
+                                fl->fl_ip_dport = ports[!reverse];
                        }
                        break;
@@ -174,8 +174,8 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl)
                }
        }
        fl->proto = iph->protocol;
-        fl->fl4_dst = iph->daddr;
+        fl->fl4_dst = reverse ? iph->saddr : iph->daddr;
-        fl->fl4_src = iph->saddr;
+        fl->fl4_src = reverse ? iph->daddr : iph->saddr;
        fl->fl4_tos = iph->tos;
 }
author	Herbert Xu <herbert@gondor.apana.org.au>	2007-12-12 13:44:16 -0500
committer	David S. Miller <davem@davemloft.net>	2008-01-28 17:57:22 -0500
commit	d5422efe680fc55010c6ddca2370ca9548a96355 (patch)
tree	f72fa5eb779c8ae7d49688a9caac9b69a1f3bd58 /net/ipv4/xfrm4_policy.c
parent	815f4e57e9fc67456624ecde0515a901368c78d2 (diff)

diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 10b72d185bb9..5ccae3a463c2 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c
@@ -115,7 +115,7 @@ static int xfrm4_fill_dst(struct xfrm_dst xdst, struct net_device dev)
115	}	115	}
116		116
117	static void	117	static void
118	_decode_session4(struct sk_buff skb, struct flowi fl)	118	_decode_session4(struct sk_buff skb, struct flowi fl, int reverse)
119	{	119	{
120	struct iphdr *iph = ip_hdr(skb);	120	struct iphdr *iph = ip_hdr(skb);
121	u8 xprth = skb_network_header(skb) + iph->ihl 4;	121	u8 xprth = skb_network_header(skb) + iph->ihl 4;
@@ -131,8 +131,8 @@ _decode_session4(struct sk_buff skb, struct flowi fl)
131	if (pskb_may_pull(skb, xprth + 4 - skb->data)) {	131	if (pskb_may_pull(skb, xprth + 4 - skb->data)) {
132	__be16 ports = (__be16 )xprth;	132	__be16 ports = (__be16 )xprth;
133		133
134	fl->fl_ip_sport = ports[0];	134	fl->fl_ip_sport = ports[!!reverse];
135	fl->fl_ip_dport = ports[1];	135	fl->fl_ip_dport = ports[!reverse];
136	}	136	}
137	break;	137	break;
138		138
@@ -174,8 +174,8 @@ _decode_session4(struct sk_buff skb, struct flowi fl)
174	}	174	}
175	}	175	}
176	fl->proto = iph->protocol;	176	fl->proto = iph->protocol;
177	fl->fl4_dst = iph->daddr;	177	fl->fl4_dst = reverse ? iph->saddr : iph->daddr;
178	fl->fl4_src = iph->saddr;	178	fl->fl4_src = reverse ? iph->daddr : iph->saddr;
179	fl->fl4_tos = iph->tos;	179	fl->fl4_tos = iph->tos;
180	}	180	}
181		181