Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 90348e0e authored by Ulrich Weber's avatar Ulrich Weber Committed by Patrick McHardy
Browse files

netfilter: ipv6: move xfrm_lookup at end of ip6_route_me_harder 



xfrm_lookup should be called after ip6_route_output skb_dst_set,
otherwise skb_dst_set of xfrm_lookup is pointless

Signed-off-by: default avatarUlrich Weber <uweber@astaro.com>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent e179e632

net/ipv6/netfilter.c

+11 −14
Original line number Diff line number Diff line
@@ -25,20 +25,6 @@ int ip6_route_me_harder(struct sk_buff *skb) 
	};



	dst = ip6_route_output(net, skb->sk, &fl);



#ifdef CONFIG_XFRM

	if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) &&

	    xfrm_decode_session(skb, &fl, AF_INET6) == 0) {

		struct dst_entry *dst2 = skb_dst(skb);



		if (xfrm_lookup(net, &dst2, &fl, skb->sk, 0)) {

			skb_dst_set(skb, NULL);

			return -1;

		}

		skb_dst_set(skb, dst2);

	}

#endif



	if (dst->error) {

		IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);

		LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n");
@@ -50,6 +36,17 @@ int ip6_route_me_harder(struct sk_buff *skb) 
	skb_dst_drop(skb);



	skb_dst_set(skb, dst);



#ifdef CONFIG_XFRM

	if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) &&

	    xfrm_decode_session(skb, &fl, AF_INET6) == 0) {

		skb_dst_set(skb, NULL);

		if (xfrm_lookup(net, &dst, &fl, skb->sk, 0))

			return -1;

		skb_dst_set(skb, dst);

	}

#endif



	return 0;

}

EXPORT_SYMBOL(ip6_route_me_harder);