On Tue, Feb 21, 2006 at 02:25:31PM +0100, Patrick McHardy wrote:
>
> I think you also need to add tos to the keys used in __xfrm4_find_bundle
> to avoid using a cached bundle with an incorrect tos value.
Good point. I had forgotten that we still haven't moved the bundles into
the flow cache yet.
[IPSEC] Use TOS when doing tunnel lookups
We should use the TOS because it's one of the routing keys. It also
means that we update the correct routing cache entry when PMTU occurs.
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Daniel, please let me know if this patch fixes it or not.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -35,6 +35,7 @@ __xfrm4_find_bundle(struct flowi *fl, st
if (xdst->u.rt.fl.oif == fl->oif && /*XXX*/
xdst->u.rt.fl.fl4_dst == fl->fl4_dst &&
xdst->u.rt.fl.fl4_src == fl->fl4_src &&
+ xdst->u.rt.fl.fl4_tos == fl->fl4_tos &&
xfrm_bundle_ok(xdst, fl, AF_INET)) {
dst_clone(dst);
break;
@@ -61,7 +62,8 @@ __xfrm4_bundle_create(struct xfrm_policy
.nl_u = {
.ip4_u = {
.saddr = local,
- .daddr = remote
+ .daddr = remote,
+ .tos = fl->fl4_tos
}
}
};
