undle_create(struct xfrm_policy *policy,
if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {
family = xfrm[i]->props.family;
- dst = xfrm_dst_lookup(xfrm[i], tos, fl->flowi_oif,
+ dst = xfrm_dst_lookup(xfrm[i], fl,
&saddr, &daddr, family);
err = PTR_ERR(dst);
if (IS_ERR(dst
we need it down the line.
Thanks!
Doug
On Wed, Jul 27, 2016 at 11:20 PM, Steffen Klassert
wrote:
> On Fri, Jul 22, 2016 at 03:50:30PM -0600, Doug Applegate wrote:
>> I ran into an issue trying to route outgoing ipsec traffic from an
>> ipsec responder hub that uses fwmark to rou
If route table includes routing based on fwmark, xfrm will not take it
into account when routing ipsec traffic. We address this issue by adding
fwmark information before calling route lookup.
Signed-off-by: Doug Applegate
---
include/net/xfrm.h | 3 ++-
net/ipv4/xfrm4_policy.c | 15
I ran into an issue trying to route outgoing ipsec traffic from an
ipsec responder hub that uses fwmark to route out a specific
interface. The fwmark points to a route table that contains a default
route out a specific interface. The fwmark is applied based on
incoming interface of incoming traffi
