1 files changed, 21 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 537854fe47ca..b6e2e79d7261 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1107,6 +1107,20 @@ int __xfrm_sk_clone_policy(struct sock *sk)
        return 0;
 }
+static int
+xfrm_get_saddr(xfrm_address_t *local, xfrm_address_t *remote,
+               unsigned short family)
+{
+        int err;
+        struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
+        if (unlikely(afinfo == NULL))
+                return -EINVAL;
+        err = afinfo->get_saddr(local, remote);
+        xfrm_policy_put_afinfo(afinfo);
+        return err;
+}
 /* Resolve list of templates for the flow, given policy. */
 static int
@@ -1118,6 +1132,7 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, struct flowi *fl,
        int i, error;
        xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family);
        xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family);
+        xfrm_address_t tmp;
        for (nx=0, i = 0; i < policy->xfrm_nr; i++) {
                struct xfrm_state *x;
@@ -1128,6 +1143,12 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, struct flowi *fl,
                if (tmpl->mode == XFRM_MODE_TUNNEL) {
                        remote = &tmpl->id.daddr;
                        local = &tmpl->saddr;
+                        if (xfrm_addr_any(local, family)) {
+                                error = xfrm_get_saddr(&tmp, remote, family);
+                                if (error)
+                                        goto fail;
+                                local = &tmp;
+                        }
                }
                x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 537854fe47ca..b6e2e79d7261 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -1107,6 +1107,20 @@ int __xfrm_sk_clone_policy(struct sock *sk)
1107	return 0;	1107	return 0;
1108	}	1108	}
1109		1109
		1110	static int
		1111	xfrm_get_saddr(xfrm_address_t local, xfrm_address_t remote,
		1112	unsigned short family)
		1113	{
		1114	int err;
		1115	struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
		1116
		1117	if (unlikely(afinfo == NULL))
		1118	return -EINVAL;
		1119	err = afinfo->get_saddr(local, remote);
		1120	xfrm_policy_put_afinfo(afinfo);
		1121	return err;
		1122	}
		1123
1110	/* Resolve list of templates for the flow, given policy. */	1124	/* Resolve list of templates for the flow, given policy. */
1111		1125
1112	static int	1126	static int
@@ -1118,6 +1132,7 @@ xfrm_tmpl_resolve_one(struct xfrm_policy policy, struct flowi fl,
1118	int i, error;	1132	int i, error;
1119	xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family);	1133	xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family);
1120	xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family);	1134	xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family);
		1135	xfrm_address_t tmp;
1121		1136
1122	for (nx=0, i = 0; i < policy->xfrm_nr; i++) {	1137	for (nx=0, i = 0; i < policy->xfrm_nr; i++) {
1123	struct xfrm_state *x;	1138	struct xfrm_state *x;
@@ -1128,6 +1143,12 @@ xfrm_tmpl_resolve_one(struct xfrm_policy policy, struct flowi fl,
1128	if (tmpl->mode == XFRM_MODE_TUNNEL) {	1143	if (tmpl->mode == XFRM_MODE_TUNNEL) {
1129	remote = &tmpl->id.daddr;	1144	remote = &tmpl->id.daddr;
1130	local = &tmpl->saddr;	1145	local = &tmpl->saddr;
		1146	if (xfrm_addr_any(local, family)) {
		1147	error = xfrm_get_saddr(&tmp, remote, family);
		1148	if (error)
		1149	goto fail;
		1150	local = &tmp;
		1151	}
1131	}	1152	}
1132		1153
1133	x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);	1154	x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);