2009-01-26 16:30:13

by Jiri Pirko

[permalink] [raw]
Subject: [PATCH] net: fix xfrm reverse flow lookup for icmp6

This patch fixes the xfrm reverse flow lookup for icmp6 so that icmp6 packets
don't get lost over ipsec tunnels. Similar patch is in RHEL5 kernel for a quite
long time and I do not see why it isn't in mainline.

Please correct me if I'm missing something.

Jirka


Signed-off-by: Jiri Pirko <[email protected]>
---
net/ipv6/icmp.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 4f43384..36dff88 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -443,10 +443,10 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6))
goto relookup_failed;

- if (ip6_dst_lookup(sk, &dst2, &fl))
+ if (ip6_dst_lookup(sk, &dst2, &fl2))
goto relookup_failed;

- err = xfrm_lookup(net, &dst2, &fl, sk, XFRM_LOOKUP_ICMP);
+ err = xfrm_lookup(net, &dst2, &fl2, sk, XFRM_LOOKUP_ICMP);
switch (err) {
case 0:
dst_release(dst);
--
1.6.0.6


2009-01-28 03:48:31

by Herbert Xu

[permalink] [raw]
Subject: Re: [PATCH] net: fix xfrm reverse flow lookup for icmp6

On Mon, Jan 26, 2009 at 05:29:54PM +0100, Jiri Pirko wrote:
> This patch fixes the xfrm reverse flow lookup for icmp6 so that icmp6 packets
> don't get lost over ipsec tunnels. Similar patch is in RHEL5 kernel for a quite
> long time and I do not see why it isn't in mainline.
>
> Please correct me if I'm missing something.
>
> Jirka
>
>
> Signed-off-by: Jiri Pirko <[email protected]>

Acked-by: Herbert Xu <[email protected]>

Indeed, I have no idea how this one slipped through the cracks.
Thanks for picking up on it!

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2009-01-28 06:30:45

by David Miller

[permalink] [raw]
Subject: Re: [PATCH] net: fix xfrm reverse flow lookup for icmp6

From: Herbert Xu <[email protected]>
Date: Wed, 28 Jan 2009 14:48:16 +1100

> On Mon, Jan 26, 2009 at 05:29:54PM +0100, Jiri Pirko wrote:
> > This patch fixes the xfrm reverse flow lookup for icmp6 so that icmp6 packets
> > don't get lost over ipsec tunnels. Similar patch is in RHEL5 kernel for a quite
> > long time and I do not see why it isn't in mainline.
> >
> > Please correct me if I'm missing something.
> >
> > Jirka
> >
> >
> > Signed-off-by: Jiri Pirko <[email protected]>
>
> Acked-by: Herbert Xu <[email protected]>
>
> Indeed, I have no idea how this one slipped through the cracks.
> Thanks for picking up on it!

Yep, thanks for sure.

Applied, thanks again.