diff options
| author | Patrick McHardy <kaber@trash.net> | 2006-09-19 15:57:34 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 18:19:06 -0400 |
| commit | a1e59abf824969554b90facd44a4ab16e265afa4 (patch) | |
| tree | b981536bbf7dde2c55e9a5223a5e31bea2c356a2 /net/xfrm/xfrm_policy.c | |
| parent | 1ef9696c909060ccdae3ade245ca88692b49285b (diff) | |
[XFRM]: Fix wildcard as tunnel source
Hashing SAs by source address breaks templates with wildcards as tunnel
source since the source address used for hashing/lookup is still 0/0.
Move source address lookup to xfrm_tmpl_resolve_one() so we can use the
real address in the lookup.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 537854fe47ca..b6e2e79d7261 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -1107,6 +1107,20 @@ int __xfrm_sk_clone_policy(struct sock *sk) | |||
| 1107 | return 0; | 1107 | return 0; |
| 1108 | } | 1108 | } |
| 1109 | 1109 | ||
| 1110 | static int | ||
| 1111 | xfrm_get_saddr(xfrm_address_t *local, xfrm_address_t *remote, | ||
| 1112 | unsigned short family) | ||
| 1113 | { | ||
| 1114 | int err; | ||
| 1115 | struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family); | ||
| 1116 | |||
| 1117 | if (unlikely(afinfo == NULL)) | ||
| 1118 | return -EINVAL; | ||
| 1119 | err = afinfo->get_saddr(local, remote); | ||
| 1120 | xfrm_policy_put_afinfo(afinfo); | ||
| 1121 | return err; | ||
| 1122 | } | ||
| 1123 | |||
| 1110 | /* Resolve list of templates for the flow, given policy. */ | 1124 | /* Resolve list of templates for the flow, given policy. */ |
| 1111 | 1125 | ||
| 1112 | static int | 1126 | static int |
| @@ -1118,6 +1132,7 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, struct flowi *fl, | |||
| 1118 | int i, error; | 1132 | int i, error; |
| 1119 | xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family); | 1133 | xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family); |
| 1120 | xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family); | 1134 | xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family); |
| 1135 | xfrm_address_t tmp; | ||
| 1121 | 1136 | ||
| 1122 | for (nx=0, i = 0; i < policy->xfrm_nr; i++) { | 1137 | for (nx=0, i = 0; i < policy->xfrm_nr; i++) { |
| 1123 | struct xfrm_state *x; | 1138 | struct xfrm_state *x; |
| @@ -1128,6 +1143,12 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, struct flowi *fl, | |||
| 1128 | if (tmpl->mode == XFRM_MODE_TUNNEL) { | 1143 | if (tmpl->mode == XFRM_MODE_TUNNEL) { |
| 1129 | remote = &tmpl->id.daddr; | 1144 | remote = &tmpl->id.daddr; |
| 1130 | local = &tmpl->saddr; | 1145 | local = &tmpl->saddr; |
| 1146 | if (xfrm_addr_any(local, family)) { | ||
| 1147 | error = xfrm_get_saddr(&tmp, remote, family); | ||
| 1148 | if (error) | ||
| 1149 | goto fail; | ||
| 1150 | local = &tmp; | ||
| 1151 | } | ||
| 1131 | } | 1152 | } |
| 1132 | 1153 | ||
| 1133 | x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family); | 1154 | x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family); |