|
|
@@ -1305,6 +1305,7 @@ static struct xfrm_policy *clone_policy(const struct xfrm_policy *old, int dir)
|
|
|
newp->xfrm_nr = old->xfrm_nr;
|
|
|
newp->index = old->index;
|
|
|
newp->type = old->type;
|
|
|
+ newp->family = old->family;
|
|
|
memcpy(newp->xfrm_vec, old->xfrm_vec,
|
|
|
newp->xfrm_nr*sizeof(struct xfrm_tmpl));
|
|
|
spin_lock_bh(&net->xfrm.xfrm_policy_lock);
|
|
|
@@ -1360,29 +1361,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl,
|
|
|
struct net *net = xp_net(policy);
|
|
|
int nx;
|
|
|
int i, error;
|
|
|
+ xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family);
|
|
|
+ xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family);
|
|
|
xfrm_address_t tmp;
|
|
|
|
|
|
for (nx = 0, i = 0; i < policy->xfrm_nr; i++) {
|
|
|
struct xfrm_state *x;
|
|
|
- xfrm_address_t *local;
|
|
|
- xfrm_address_t *remote;
|
|
|
+ xfrm_address_t *remote = daddr;
|
|
|
+ xfrm_address_t *local = saddr;
|
|
|
struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i];
|
|
|
|
|
|
- remote = &tmpl->id.daddr;
|
|
|
- local = &tmpl->saddr;
|
|
|
- if (xfrm_addr_any(local, tmpl->encap_family)) {
|
|
|
- error = xfrm_get_saddr(net, fl->flowi_oif,
|
|
|
- &tmp, remote,
|
|
|
- tmpl->encap_family, 0);
|
|
|
- if (error)
|
|
|
- goto fail;
|
|
|
- local = &tmp;
|
|
|
+ if (tmpl->mode == XFRM_MODE_TUNNEL ||
|
|
|
+ tmpl->mode == XFRM_MODE_BEET) {
|
|
|
+ remote = &tmpl->id.daddr;
|
|
|
+ local = &tmpl->saddr;
|
|
|
+ if (xfrm_addr_any(local, tmpl->encap_family)) {
|
|
|
+ error = xfrm_get_saddr(net, fl->flowi_oif,
|
|
|
+ &tmp, remote,
|
|
|
+ tmpl->encap_family, 0);
|
|
|
+ if (error)
|
|
|
+ goto fail;
|
|
|
+ local = &tmp;
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);
|
|
|
|
|
|
if (x && x->km.state == XFRM_STATE_VALID) {
|
|
|
xfrm[nx++] = x;
|
|
|
+ daddr = remote;
|
|
|
+ saddr = local;
|
|
|
continue;
|
|
|
}
|
|
|
if (x) {
|
David S. Miller