diff options
| author | Masahide NAKAMURA <nakam@linux-ipv6.org> | 2007-12-20 23:41:12 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-28 17:59:36 -0500 |
| commit | a1b051405bc16222d92c73b0c26d65b333a154ee (patch) | |
| tree | 2950e34bbb51838f8da3e1d03c8ee608d3b56f55 /net/xfrm | |
| parent | bd515c3e48ececd774eb3128e81b669dbbd32637 (diff) | |
[XFRM] IPv6: Fix dst/routing check at transformation.
IPv6 specific thing is wrongly removed from transformation at net-2.6.25.
This patch recovers it with current design.
o Update "path" of xfrm_dst since IPv6 transformation should
care about routing changes. It is required by MIPv6 and
off-link destined IPsec.
o Rename nfheader_len which is for non-fragment transformation used by
MIPv6 to rt6i_nfheader_len as IPv6 name space.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 8023a3c0dad5..521cb6e12561 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -1266,6 +1266,23 @@ static inline struct xfrm_dst *xfrm_alloc_dst(int family) | |||
| 1266 | return xdst; | 1266 | return xdst; |
| 1267 | } | 1267 | } |
| 1268 | 1268 | ||
| 1269 | static inline int xfrm_init_path(struct xfrm_dst *path, struct dst_entry *dst, | ||
| 1270 | int nfheader_len) | ||
| 1271 | { | ||
| 1272 | struct xfrm_policy_afinfo *afinfo = | ||
| 1273 | xfrm_policy_get_afinfo(dst->ops->family); | ||
| 1274 | int err; | ||
| 1275 | |||
| 1276 | if (!afinfo) | ||
| 1277 | return -EINVAL; | ||
| 1278 | |||
| 1279 | err = afinfo->init_path(path, dst, nfheader_len); | ||
| 1280 | |||
| 1281 | xfrm_policy_put_afinfo(afinfo); | ||
| 1282 | |||
| 1283 | return err; | ||
| 1284 | } | ||
| 1285 | |||
| 1269 | static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) | 1286 | static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) |
| 1270 | { | 1287 | { |
| 1271 | struct xfrm_policy_afinfo *afinfo = | 1288 | struct xfrm_policy_afinfo *afinfo = |
| @@ -1298,6 +1315,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy, | |||
| 1298 | int i = 0; | 1315 | int i = 0; |
| 1299 | int err; | 1316 | int err; |
| 1300 | int header_len = 0; | 1317 | int header_len = 0; |
| 1318 | int nfheader_len = 0; | ||
| 1301 | int trailer_len = 0; | 1319 | int trailer_len = 0; |
| 1302 | int tos; | 1320 | int tos; |
| 1303 | int family = policy->selector.family; | 1321 | int family = policy->selector.family; |
| @@ -1352,6 +1370,8 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy, | |||
| 1352 | dst_prev = dst1; | 1370 | dst_prev = dst1; |
| 1353 | 1371 | ||
| 1354 | header_len += xfrm[i]->props.header_len; | 1372 | header_len += xfrm[i]->props.header_len; |
| 1373 | if (xfrm[i]->type->flags & XFRM_TYPE_NON_FRAGMENT) | ||
| 1374 | nfheader_len += xfrm[i]->props.header_len; | ||
| 1355 | trailer_len += xfrm[i]->props.trailer_len; | 1375 | trailer_len += xfrm[i]->props.trailer_len; |
| 1356 | } | 1376 | } |
| 1357 | 1377 | ||
| @@ -1366,6 +1386,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy, | |||
| 1366 | /* Copy neighbout for reachability confirmation */ | 1386 | /* Copy neighbout for reachability confirmation */ |
| 1367 | dst0->neighbour = neigh_clone(dst->neighbour); | 1387 | dst0->neighbour = neigh_clone(dst->neighbour); |
| 1368 | 1388 | ||
| 1389 | xfrm_init_path((struct xfrm_dst *)dst0, dst, nfheader_len); | ||
| 1369 | xfrm_init_pmtu(dst_prev); | 1390 | xfrm_init_pmtu(dst_prev); |
| 1370 | 1391 | ||
| 1371 | for (dst_prev = dst0; dst_prev != dst; dst_prev = dst_prev->child) { | 1392 | for (dst_prev = dst0; dst_prev != dst; dst_prev = dst_prev->child) { |