On Tue, Feb 21, 2006 at 11:16:14PM +1100, herbert wrote:
>
> Here is a patch that you can try. It's not perfect since it may
> extend a single bucket to as many as 16 entries if someone tries
> to attack you with different TOS values. However, it should solve
> your specific issue.
Actually, here is a better patch for your problem. We should really
be using the TOS when doing IPsec lookups:
[IPSEC] Use TOS when doing tunnel lookups
We should use the TOS because it's one of the routing keys. It also
means that we update the correct routing cache entry when PMTU occurs.
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -61,7 +61,8 @@ __xfrm4_bundle_create(struct xfrm_policy
.nl_u = {
.ip4_u = {
.saddr = local,
- .daddr = remote
+ .daddr = remote,
+ .tos = fl->fl4_tos
}
}
};
