aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm/xfrm_policy.c
diff options
context:
space:
mode:
authorMasahide NAKAMURA <nakam@linux-ipv6.org>2006-08-23 21:09:09 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 18:06:40 -0400
commit9e51fd371a022318c5b64b831c43026e89bc4f75 (patch)
treed11b58ab8d89bc52eb5c875a8e698fcb285c87ef /net/xfrm/xfrm_policy.c
parentfbd9a5b47ee9c319ff0cae584391241ce78ffd6b (diff)
[XFRM]: Rename secpath_has_tunnel to secpath_has_nontransport.
On current kernel inbound transformation state is allowed transport and disallowed tunnel mode when mismatch is occurred between tempates and states. As the result of adding two more modes by Mobile IPv6, this function name is misleading. Inbound transformation can allow only transport mode when mismatch is occurred between template and secpath. Based on MIPL2 kernel patch. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
-rw-r--r--net/xfrm/xfrm_policy.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index f1cdcfb90959..56abb5c057d4 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1046,7 +1046,7 @@ xfrm_decode_session(struct sk_buff *skb, struct flowi *fl, unsigned short family
1046} 1046}
1047EXPORT_SYMBOL(xfrm_decode_session); 1047EXPORT_SYMBOL(xfrm_decode_session);
1048 1048
1049static inline int secpath_has_tunnel(struct sec_path *sp, int k) 1049static inline int secpath_has_nontransport(struct sec_path *sp, int k)
1050{ 1050{
1051 for (; k < sp->len; k++) { 1051 for (; k < sp->len; k++) {
1052 if (sp->xvec[k]->props.mode != XFRM_MODE_TRANSPORT) 1052 if (sp->xvec[k]->props.mode != XFRM_MODE_TRANSPORT)
@@ -1087,7 +1087,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
1087 xfrm_policy_lookup); 1087 xfrm_policy_lookup);
1088 1088
1089 if (!pol) 1089 if (!pol)
1090 return !skb->sp || !secpath_has_tunnel(skb->sp, 0); 1090 return !skb->sp || !secpath_has_nontransport(skb->sp, 0);
1091 1091
1092 pol->curlft.use_time = (unsigned long)xtime.tv_sec; 1092 pol->curlft.use_time = (unsigned long)xtime.tv_sec;
1093 1093
@@ -1111,7 +1111,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
1111 goto reject; 1111 goto reject;
1112 } 1112 }
1113 1113
1114 if (secpath_has_tunnel(sp, k)) 1114 if (secpath_has_nontransport(sp, k))
1115 goto reject; 1115 goto reject;
1116 1116
1117 xfrm_pol_put(pol); 1117 xfrm_pol_put(pol);