diff options
| -rw-r--r-- | net/ipv6/netfilter.c | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index d5ed92b14346..a74951c039b6 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c | |||
| @@ -25,20 +25,6 @@ int ip6_route_me_harder(struct sk_buff *skb) | |||
| 25 | }; | 25 | }; |
| 26 | 26 | ||
| 27 | dst = ip6_route_output(net, skb->sk, &fl); | 27 | dst = ip6_route_output(net, skb->sk, &fl); |
| 28 | |||
| 29 | #ifdef CONFIG_XFRM | ||
| 30 | if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && | ||
| 31 | xfrm_decode_session(skb, &fl, AF_INET6) == 0) { | ||
| 32 | struct dst_entry *dst2 = skb_dst(skb); | ||
| 33 | |||
| 34 | if (xfrm_lookup(net, &dst2, &fl, skb->sk, 0)) { | ||
| 35 | skb_dst_set(skb, NULL); | ||
| 36 | return -1; | ||
| 37 | } | ||
| 38 | skb_dst_set(skb, dst2); | ||
| 39 | } | ||
| 40 | #endif | ||
| 41 | |||
| 42 | if (dst->error) { | 28 | if (dst->error) { |
| 43 | IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); | 29 | IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); |
| 44 | LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n"); | 30 | LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n"); |
| @@ -50,6 +36,17 @@ int ip6_route_me_harder(struct sk_buff *skb) | |||
| 50 | skb_dst_drop(skb); | 36 | skb_dst_drop(skb); |
| 51 | 37 | ||
| 52 | skb_dst_set(skb, dst); | 38 | skb_dst_set(skb, dst); |
| 39 | |||
| 40 | #ifdef CONFIG_XFRM | ||
| 41 | if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && | ||
| 42 | xfrm_decode_session(skb, &fl, AF_INET6) == 0) { | ||
| 43 | skb_dst_set(skb, NULL); | ||
| 44 | if (xfrm_lookup(net, &dst, &fl, skb->sk, 0)) | ||
| 45 | return -1; | ||
| 46 | skb_dst_set(skb, dst); | ||
| 47 | } | ||
| 48 | #endif | ||
| 49 | |||
| 53 | return 0; | 50 | return 0; |
| 54 | } | 51 | } |
| 55 | EXPORT_SYMBOL(ip6_route_me_harder); | 52 | EXPORT_SYMBOL(ip6_route_me_harder); |