diff options
| author | Ulrich Weber <uweber@astaro.com> | 2010-04-15 06:37:18 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-04-15 06:37:18 -0400 |
| commit | 90348e0ede4e74f9404c4d08cce1dbb1baa05b06 (patch) | |
| tree | 92675a833d78e47afff9f6763c5b96a7fa588edd /net/ipv6 | |
| parent | e179e6322ac334e21a3c6d669d95bc967e5d0a80 (diff) | |
netfilter: ipv6: move xfrm_lookup at end of ip6_route_me_harder
xfrm_lookup should be called after ip6_route_output skb_dst_set,
otherwise skb_dst_set of xfrm_lookup is pointless
Signed-off-by: Ulrich Weber <uweber@astaro.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter.c | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index d5ed92b14346..a74951c039b6 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c | |||
| @@ -25,20 +25,6 @@ int ip6_route_me_harder(struct sk_buff *skb) | |||
| 25 | }; | 25 | }; |
| 26 | 26 | ||
| 27 | dst = ip6_route_output(net, skb->sk, &fl); | 27 | dst = ip6_route_output(net, skb->sk, &fl); |
| 28 | |||
| 29 | #ifdef CONFIG_XFRM | ||
| 30 | if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && | ||
| 31 | xfrm_decode_session(skb, &fl, AF_INET6) == 0) { | ||
| 32 | struct dst_entry *dst2 = skb_dst(skb); | ||
| 33 | |||
| 34 | if (xfrm_lookup(net, &dst2, &fl, skb->sk, 0)) { | ||
| 35 | skb_dst_set(skb, NULL); | ||
| 36 | return -1; | ||
| 37 | } | ||
| 38 | skb_dst_set(skb, dst2); | ||
| 39 | } | ||
| 40 | #endif | ||
| 41 | |||
| 42 | if (dst->error) { | 28 | if (dst->error) { |
| 43 | IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); | 29 | IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); |
| 44 | LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n"); | 30 | LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n"); |
| @@ -50,6 +36,17 @@ int ip6_route_me_harder(struct sk_buff *skb) | |||
| 50 | skb_dst_drop(skb); | 36 | skb_dst_drop(skb); |
| 51 | 37 | ||
| 52 | skb_dst_set(skb, dst); | 38 | skb_dst_set(skb, dst); |
| 39 | |||
| 40 | #ifdef CONFIG_XFRM | ||
| 41 | if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && | ||
| 42 | xfrm_decode_session(skb, &fl, AF_INET6) == 0) { | ||
| 43 | skb_dst_set(skb, NULL); | ||
| 44 | if (xfrm_lookup(net, &dst, &fl, skb->sk, 0)) | ||
| 45 | return -1; | ||
| 46 | skb_dst_set(skb, dst); | ||
| 47 | } | ||
| 48 | #endif | ||
| 49 | |||
| 53 | return 0; | 50 | return 0; |
| 54 | } | 51 | } |
| 55 | EXPORT_SYMBOL(ip6_route_me_harder); | 52 | EXPORT_SYMBOL(ip6_route_me_harder); |