xfrm: Only add l3mdev oif to dst lookups
Subash reported that commit42a7b32b73
("xfrm: Add oif to dst lookups") broke a wifi use case that uses fib rules and xfrms. The intent of42a7b32b73
was driven by VRFs with IPsec. As a compromise relax the use of oif in xfrm lookups to L3 master devices only (ie., oif is either an L3 master device or is enslaved to a master device). Fixes:42a7b32b73
("xfrm: Add oif to dst lookups") Reported-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> Signed-off-by: David Ahern <dsa@cumulusnetworks.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
parent
1625f45299
commit
11d7a0bb95
2 changed files with 2 additions and 2 deletions
|
@ -29,7 +29,7 @@ static struct dst_entry *__xfrm4_dst_lookup(struct net *net, struct flowi4 *fl4,
|
||||||
memset(fl4, 0, sizeof(*fl4));
|
memset(fl4, 0, sizeof(*fl4));
|
||||||
fl4->daddr = daddr->a4;
|
fl4->daddr = daddr->a4;
|
||||||
fl4->flowi4_tos = tos;
|
fl4->flowi4_tos = tos;
|
||||||
fl4->flowi4_oif = oif;
|
fl4->flowi4_oif = l3mdev_master_ifindex_by_index(net, oif);
|
||||||
if (saddr)
|
if (saddr)
|
||||||
fl4->saddr = saddr->a4;
|
fl4->saddr = saddr->a4;
|
||||||
|
|
||||||
|
|
|
@ -36,7 +36,7 @@ static struct dst_entry *xfrm6_dst_lookup(struct net *net, int tos, int oif,
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
memset(&fl6, 0, sizeof(fl6));
|
memset(&fl6, 0, sizeof(fl6));
|
||||||
fl6.flowi6_oif = oif;
|
fl6.flowi6_oif = l3mdev_master_ifindex_by_index(net, oif);
|
||||||
fl6.flowi6_flags = FLOWI_FLAG_SKIP_NH_OIF;
|
fl6.flowi6_flags = FLOWI_FLAG_SKIP_NH_OIF;
|
||||||
memcpy(&fl6.daddr, daddr, sizeof(fl6.daddr));
|
memcpy(&fl6.daddr, daddr, sizeof(fl6.daddr));
|
||||||
if (saddr)
|
if (saddr)
|
||||||
|
|
Loading…
Reference in a new issue