aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-10-18 00:31:50 -0400
committerDavid S. Miller <davem@davemloft.net>2007-10-18 00:31:50 -0400
commit1bfcb10f670f5ff5e1d9f53e59680573524cb142 (patch)
tree003b271a2c1e089ae6506d869b7a8c8f04dbde0a /net/xfrm
parentaa5d62cc8777f733f8b59b5586c0a1989813189e (diff)
[IPSEC]: Add missing BEET checks
Currently BEET mode does not reinject the packet back into the stack like tunnel mode does. Since BEET should behave just like tunnel mode this is incorrect. This patch fixes this by introducing a flags field to xfrm_mode that tells the IPsec code whether it should terminate and reinject the packet back into the stack. It then sets the flag for BEET and tunnel mode. I've also added a number of missing BEET checks elsewhere where we check whether a given mode is a tunnel or not. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
-rw-r--r--net/xfrm/xfrm_output.c2
-rw-r--r--net/xfrm/xfrm_policy.c6
2 files changed, 5 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 0eb3377602e9..8bf71ba2345f 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -82,7 +82,7 @@ int xfrm_output(struct sk_buff *skb)
82 } 82 }
83 dst = skb->dst; 83 dst = skb->dst;
84 x = dst->xfrm; 84 x = dst->xfrm;
85 } while (x && (x->props.mode != XFRM_MODE_TUNNEL)); 85 } while (x && !(x->mode->flags & XFRM_MODE_FLAG_TUNNEL));
86 86
87 err = 0; 87 err = 0;
88 88
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index ca24c90d3796..1d66fb42c9cb 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1940,7 +1940,8 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
1940 if (xdst->genid != dst->xfrm->genid) 1940 if (xdst->genid != dst->xfrm->genid)
1941 return 0; 1941 return 0;
1942 1942
1943 if (strict && fl && dst->xfrm->props.mode != XFRM_MODE_TUNNEL && 1943 if (strict && fl &&
1944 !(dst->xfrm->mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
1944 !xfrm_state_addr_flow_check(dst->xfrm, fl, family)) 1945 !xfrm_state_addr_flow_check(dst->xfrm, fl, family))
1945 return 0; 1946 return 0;
1946 1947
@@ -2291,7 +2292,8 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol,
2291 if (!migrate_tmpl_match(mp, &pol->xfrm_vec[i])) 2292 if (!migrate_tmpl_match(mp, &pol->xfrm_vec[i]))
2292 continue; 2293 continue;
2293 n++; 2294 n++;
2294 if (pol->xfrm_vec[i].mode != XFRM_MODE_TUNNEL) 2295 if (pol->xfrm_vec[i].mode != XFRM_MODE_TUNNEL &&
2296 pol->xfrm_vec[i].mode != XFRM_MODE_BEET)
2295 continue; 2297 continue;
2296 /* update endpoints */ 2298 /* update endpoints */
2297 memcpy(&pol->xfrm_vec[i].id.daddr, &mp->new_daddr, 2299 memcpy(&pol->xfrm_vec[i].id.daddr, &mp->new_daddr,