From: Neil Horman <nhorman@redhat.com> Date: Fri, 16 May 2008 07:11:12 -0400 Subject: [net] fix xfrm reverse flow lookup for icmp6 Message-id: 20080516111112.GB28828@hmsendeavour.rdu.redhat.com O-Subject: [RHEL 5.3 + 5.2.z PATCH] fix xfrm reverse flow lookup for icmp6 (bz 446250) Bugzilla: 446250 Hey- Herbert Xu and Joy Latten over at IBM just fixed this and will be posting it upstream shortly. It fixes the xfrm reverse flow lookup for icmp6 so that icmp6 packets don't get lost over ipsec tunnels. This fixes 446250 and needs to go in for the first 5.2.z build so that we can complete JITC certification. Neil diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index bfad9b8..388eb7d 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -413,10 +413,10 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info, xfrm6_decode_session_reverse(skb, &fl2); - if (ip6_dst_lookup(sk, &dst2, &fl)) + if (ip6_dst_lookup(sk, &dst2, &fl2)) goto out; - err = xfrm_nlookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP); + err = xfrm_nlookup(&dst2, &fl2, sk, XFRM_LOOKUP_ICMP); if (err == -ENOENT || err == -ENOSYS) { err = -ENOENT; if (!dst)