commit a1b051405bc16222d92c73b0c26d65b333a154ee
author Masahide NAKAMURA <nakam@linux-ipv6.org> Thu Dec 20 20:41:12 2007 -0800
committer David S. Miller <davem@davemloft.net> Mon Jan 28 14:59:36 2008 -0800
tree 2950e34bbb51838f8da3e1d03c8ee608d3b56f55
parent bd515c3e48ececd774eb3128e81b669dbbd32637

[XFRM] IPv6: Fix dst/routing check at transformation.

IPv6 specific thing is wrongly removed from transformation at net-2.6.25.
This patch recovers it with current design.

o Update "path" of xfrm_dst since IPv6 transformation should
  care about routing changes. It is required by MIPv6 and
  off-link destined IPsec.
o Rename nfheader_len which is for non-fragment transformation used by
  MIPv6 to rt6i_nfheader_len as IPv6 name space.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/xfrm/xfrm_policy.c

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 8023a3c..521cb6e 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1266,6 +1266,23 @@
 	return xdst;
 }
 
+static inline int xfrm_init_path(struct xfrm_dst *path, struct dst_entry *dst,
+				 int nfheader_len)
+{
+	struct xfrm_policy_afinfo *afinfo =
+		xfrm_policy_get_afinfo(dst->ops->family);
+	int err;
+
+	if (!afinfo)
+		return -EINVAL;
+
+	err = afinfo->init_path(path, dst, nfheader_len);
+
+	xfrm_policy_put_afinfo(afinfo);
+
+	return err;
+}
+
 static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
 {
 	struct xfrm_policy_afinfo *afinfo =
@@ -1298,6 +1315,7 @@
 	int i = 0;
 	int err;
 	int header_len = 0;
+	int nfheader_len = 0;
 	int trailer_len = 0;
 	int tos;
 	int family = policy->selector.family;
@@ -1352,6 +1370,8 @@
 		dst_prev = dst1;
 
 		header_len += xfrm[i]->props.header_len;
+		if (xfrm[i]->type->flags & XFRM_TYPE_NON_FRAGMENT)
+			nfheader_len += xfrm[i]->props.header_len;
 		trailer_len += xfrm[i]->props.trailer_len;
 	}
 
@@ -1366,6 +1386,7 @@
 	/* Copy neighbout for reachability confirmation */
 	dst0->neighbour = neigh_clone(dst->neighbour);
 
+	xfrm_init_path((struct xfrm_dst *)dst0, dst, nfheader_len);
 	xfrm_init_pmtu(dst_prev);
 
 	for (dst_prev = dst0; dst_prev != dst; dst_prev = dst_prev->child) {