diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2013-09-09 10:38:38 +0200 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2013-09-16 09:39:43 +0200 |
commit | bafd4bd4dcfa13145db7f951251eef3e10f8c278 (patch) | |
tree | ea58f7ef1aa6fc37c97013492484af3afe24a799 | |
parent | xfrm: Fix replay size checking on async events (diff) | |
download | wireguard-linux-bafd4bd4dcfa13145db7f951251eef3e10f8c278.tar.xz wireguard-linux-bafd4bd4dcfa13145db7f951251eef3e10f8c278.zip |
xfrm: Decode sessions with output interface.
The output interface matching does not work on forward
policy lookups, the output interface of the flowi is
always 0. Fix this by setting the output interface when
we decode the session.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
-rw-r--r-- | net/ipv4/xfrm4_policy.c | 1 | ||||
-rw-r--r-- | net/ipv6/xfrm6_policy.c | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 9a459be24af7..ccde54248c8c 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c @@ -107,6 +107,7 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse) memset(fl4, 0, sizeof(struct flowi4)); fl4->flowi4_mark = skb->mark; + fl4->flowi4_oif = skb_dst(skb)->dev->ifindex; if (!ip_is_fragment(iph)) { switch (iph->protocol) { diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index 23ed03d786c8..08ed2772b7aa 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c @@ -138,6 +138,7 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) memset(fl6, 0, sizeof(struct flowi6)); fl6->flowi6_mark = skb->mark; + fl6->flowi6_oif = skb_dst(skb)->dev->ifindex; fl6->daddr = reverse ? hdr->saddr : hdr->daddr; fl6->saddr = reverse ? hdr->daddr : hdr->saddr; |