From: Neil Horman <nhorman@redhat.com>
Date: Fri, 16 May 2008 07:11:12 -0400
Subject: [net] fix xfrm reverse flow lookup for icmp6
Message-id: 20080516111112.GB28828@hmsendeavour.rdu.redhat.com
O-Subject: [RHEL 5.3 + 5.2.z PATCH] fix xfrm reverse flow lookup for icmp6 (bz 446250)
Bugzilla: 446250
Hey-
Herbert Xu and Joy Latten over at IBM just fixed this and will be
posting it upstream shortly. It fixes the xfrm reverse flow lookup for icmp6 so
that icmp6 packets don't get lost over ipsec tunnels. This fixes 446250 and
needs to go in for the first 5.2.z build so that we can complete JITC
certification.
Neil
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index bfad9b8..388eb7d 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -413,10 +413,10 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
xfrm6_decode_session_reverse(skb, &fl2);
- if (ip6_dst_lookup(sk, &dst2, &fl))
+ if (ip6_dst_lookup(sk, &dst2, &fl2))
goto out;
- err = xfrm_nlookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP);
+ err = xfrm_nlookup(&dst2, &fl2, sk, XFRM_LOOKUP_ICMP);
if (err == -ENOENT || err == -ENOSYS) {
err = -ENOENT;
if (!dst)
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
89877e42827f16fa5f86b1df0c2860b1
>
files
>
1420
