On Wed, Feb 22, 2006 at 07:36:00AM +1100, herbert wrote:
>
> Good point. I had forgotten that we still haven't moved the bundles into
> the flow cache yet.
OK that was still broken for forwarded packets since we don't actually
put the tos into the flow when we decode the packet for xfrm. So here
is the final patch which has been tested successfully.
[IPSEC]: Use TOS when doing tunnel lookups
We should use the TOS because it's one of the routing keys. It also
means that we update the correct routing cache entry when PMTU occurs.
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
BTW, we really should move these bundles into the flow cache. Do you
have any plans on doing that Patrick?
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -35,6 +35,7 @@ __xfrm4_find_bundle(struct flowi *fl, st
if (xdst->u.rt.fl.oif == fl->oif && /*XXX*/
xdst->u.rt.fl.fl4_dst == fl->fl4_dst &&
xdst->u.rt.fl.fl4_src == fl->fl4_src &&
+ xdst->u.rt.fl.fl4_tos == fl->fl4_tos &&
xfrm_bundle_ok(xdst, fl, AF_INET)) {
dst_clone(dst);
break;
@@ -61,7 +62,8 @@ __xfrm4_bundle_create(struct xfrm_policy
.nl_u = {
.ip4_u = {
.saddr = local,
- .daddr = remote
+ .daddr = remote,
+ .tos = fl->fl4_tos
}
}
};
@@ -230,6 +232,7 @@ _decode_session4(struct sk_buff *skb, st
fl->proto = iph->protocol;
fl->fl4_dst = iph->daddr;
fl->fl4_src = iph->saddr;
+ fl->fl4_tos = iph->tos;
}
static inline int xfrm4_garbage_collect(void)
