aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJoakim Koskela <jookos@gmail.com>2007-07-26 03:08:42 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-07-31 05:28:33 -0400
commit48b8d78315bf2aef4b6b4fb41c2c94e0b6600234 (patch)
tree9cbb0f9eeec383e74063b1b52be85da5148adf4b /net
parent196b003620f1ee8d0fc63f13f341187d63c1dc0a (diff)
[XFRM]: State selection update to use inner addresses.
This patch modifies the xfrm state selection logic to use the inner addresses where the outer have been (incorrectly) used. This is required for beet mode in general and interfamily setups in both tunnel and beet mode. Signed-off-by: Joakim Koskela <jookos@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com> Signed-off-by: Miika Komu <miika@iki.fi> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/xfrm/xfrm_policy.c3
-rw-r--r--net/xfrm/xfrm_state.c4
2 files changed, 4 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index c3a4b0a18687..95a47304336d 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1299,7 +1299,8 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, struct flowi *fl,
1299 xfrm_address_t *local = saddr; 1299 xfrm_address_t *local = saddr;
1300 struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i]; 1300 struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i];
1301 1301
1302 if (tmpl->mode == XFRM_MODE_TUNNEL) { 1302 if (tmpl->mode == XFRM_MODE_TUNNEL ||
1303 tmpl->mode == XFRM_MODE_BEET) {
1303 remote = &tmpl->id.daddr; 1304 remote = &tmpl->id.daddr;
1304 local = &tmpl->saddr; 1305 local = &tmpl->saddr;
1305 family = tmpl->encap_family; 1306 family = tmpl->encap_family;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 38f90ca75b1e..31be405efb55 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -611,7 +611,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
611 selector. 611 selector.
612 */ 612 */
613 if (x->km.state == XFRM_STATE_VALID) { 613 if (x->km.state == XFRM_STATE_VALID) {
614 if (!xfrm_selector_match(&x->sel, fl, family) || 614 if (!xfrm_selector_match(&x->sel, fl, x->sel.family) ||
615 !security_xfrm_state_pol_flow_match(x, pol, fl)) 615 !security_xfrm_state_pol_flow_match(x, pol, fl))
616 continue; 616 continue;
617 if (!best || 617 if (!best ||
@@ -623,7 +623,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
623 acquire_in_progress = 1; 623 acquire_in_progress = 1;
624 } else if (x->km.state == XFRM_STATE_ERROR || 624 } else if (x->km.state == XFRM_STATE_ERROR ||
625 x->km.state == XFRM_STATE_EXPIRED) { 625 x->km.state == XFRM_STATE_EXPIRED) {
626 if (xfrm_selector_match(&x->sel, fl, family) && 626 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
627 security_xfrm_state_pol_flow_match(x, pol, fl)) 627 security_xfrm_state_pol_flow_match(x, pol, fl))
628 error = -ESRCH; 628 error = -ESRCH;
629 } 629 }