diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-12-12 13:44:16 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-28 17:57:22 -0500 |
commit | d5422efe680fc55010c6ddca2370ca9548a96355 (patch) | |
tree | f72fa5eb779c8ae7d49688a9caac9b69a1f3bd58 /net/ipv6 | |
parent | 815f4e57e9fc67456624ecde0515a901368c78d2 (diff) |
[IPSEC]: Added xfrm_decode_session_reverse and xfrmX_policy_check_reverse
RFC 4301 requires us to relookup ICMP traffic that does not match any
policies using the reverse of its payload. This patch adds the functions
xfrm_decode_session_reverse and xfrmX_policy_check_reverse so we can get
the reverse flow to perform such a lookup.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/xfrm6_policy.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index 181cf91538f1..d26b7dc3f33b 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c | |||
@@ -123,7 +123,7 @@ static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) | |||
123 | } | 123 | } |
124 | 124 | ||
125 | static inline void | 125 | static inline void |
126 | _decode_session6(struct sk_buff *skb, struct flowi *fl) | 126 | _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) |
127 | { | 127 | { |
128 | u16 offset = skb_network_header_len(skb); | 128 | u16 offset = skb_network_header_len(skb); |
129 | struct ipv6hdr *hdr = ipv6_hdr(skb); | 129 | struct ipv6hdr *hdr = ipv6_hdr(skb); |
@@ -132,8 +132,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl) | |||
132 | u8 nexthdr = nh[IP6CB(skb)->nhoff]; | 132 | u8 nexthdr = nh[IP6CB(skb)->nhoff]; |
133 | 133 | ||
134 | memset(fl, 0, sizeof(struct flowi)); | 134 | memset(fl, 0, sizeof(struct flowi)); |
135 | ipv6_addr_copy(&fl->fl6_dst, &hdr->daddr); | 135 | ipv6_addr_copy(&fl->fl6_dst, reverse ? &hdr->saddr : &hdr->daddr); |
136 | ipv6_addr_copy(&fl->fl6_src, &hdr->saddr); | 136 | ipv6_addr_copy(&fl->fl6_src, reverse ? &hdr->daddr : &hdr->saddr); |
137 | 137 | ||
138 | while (pskb_may_pull(skb, nh + offset + 1 - skb->data)) { | 138 | while (pskb_may_pull(skb, nh + offset + 1 - skb->data)) { |
139 | nh = skb_network_header(skb); | 139 | nh = skb_network_header(skb); |
@@ -156,8 +156,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl) | |||
156 | if (pskb_may_pull(skb, nh + offset + 4 - skb->data)) { | 156 | if (pskb_may_pull(skb, nh + offset + 4 - skb->data)) { |
157 | __be16 *ports = (__be16 *)exthdr; | 157 | __be16 *ports = (__be16 *)exthdr; |
158 | 158 | ||
159 | fl->fl_ip_sport = ports[0]; | 159 | fl->fl_ip_sport = ports[!!reverse]; |
160 | fl->fl_ip_dport = ports[1]; | 160 | fl->fl_ip_dport = ports[!reverse]; |
161 | } | 161 | } |
162 | fl->proto = nexthdr; | 162 | fl->proto = nexthdr; |
163 | return; | 163 | return; |