aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorSteffen Klassert <steffen.klassert@secunet.com>2013-09-09 10:38:38 +0200
committerSteffen Klassert <steffen.klassert@secunet.com>2013-09-16 09:39:43 +0200
commitbafd4bd4dcfa13145db7f951251eef3e10f8c278 (patch)
treeea58f7ef1aa6fc37c97013492484af3afe24a799
parentxfrm: Fix replay size checking on async events (diff)
downloadwireguard-linux-bafd4bd4dcfa13145db7f951251eef3e10f8c278.tar.xz
wireguard-linux-bafd4bd4dcfa13145db7f951251eef3e10f8c278.zip
xfrm: Decode sessions with output interface.
The output interface matching does not work on forward policy lookups, the output interface of the flowi is always 0. Fix this by setting the output interface when we decode the session. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
-rw-r--r--net/ipv4/xfrm4_policy.c1
-rw-r--r--net/ipv6/xfrm6_policy.c1
2 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 9a459be24af7..ccde54248c8c 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -107,6 +107,7 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
memset(fl4, 0, sizeof(struct flowi4));
fl4->flowi4_mark = skb->mark;
+ fl4->flowi4_oif = skb_dst(skb)->dev->ifindex;
if (!ip_is_fragment(iph)) {
switch (iph->protocol) {
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 23ed03d786c8..08ed2772b7aa 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -138,6 +138,7 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
memset(fl6, 0, sizeof(struct flowi6));
fl6->flowi6_mark = skb->mark;
+ fl6->flowi6_oif = skb_dst(skb)->dev->ifindex;
fl6->daddr = reverse ? hdr->saddr : hdr->daddr;
fl6->saddr = reverse ? hdr->daddr : hdr->saddr;