| From stable-bounces@linux.kernel.org Mon Dec 4 20:06:40 2006 |
| Date: Mon, 04 Dec 2006 20:01:31 -0800 (PST) |
| Message-Id: <20061204.200131.36665929.davem@davemloft.net> |
| To: stable@kernel.org |
| From: David Miller <davem@davemloft.net> |
| Cc: bunk@stusta.de |
| Subject: XFRM: Use output device disable_xfrm for forwarded packets |
| |
| From: Patrick McHardy <kaber@trash.net> |
| |
| Currently the behaviour of disable_xfrm is inconsistent between |
| locally generated and forwarded packets. For locally generated |
| packets disable_xfrm disables the policy lookup if it is set on |
| the output device, for forwarded traffic however it looks at the |
| input device. This makes it impossible to disable xfrm on all |
| devices but a dummy device and use normal routing to direct |
| traffic to that device. |
| |
| Always use the output device when checking disable_xfrm. |
| |
| Signed-off-by: Patrick McHardy <kaber@trash.net> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Chris Wright <chrisw@sous-sol.org> |
| --- |
| commit 9be2b4e36fb04bbc968693ef95a75acc17cf2931 |
| Author: Patrick McHardy <kaber@trash.net> |
| Date: Mon Dec 4 19:59:00 2006 -0800 |
| |
| net/ipv4/route.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- linux-2.6.19.orig/net/ipv4/route.c |
| +++ linux-2.6.19/net/ipv4/route.c |
| @@ -1784,7 +1784,7 @@ static inline int __mkroute_input(struct |
| #endif |
| if (in_dev->cnf.no_policy) |
| rth->u.dst.flags |= DST_NOPOLICY; |
| - if (in_dev->cnf.no_xfrm) |
| + if (out_dev->cnf.no_xfrm) |
| rth->u.dst.flags |= DST_NOXFRM; |
| rth->fl.fl4_dst = daddr; |
| rth->rt_dst = daddr; |