Commit 6a24340c authored by Patrick McHardy's avatar Patrick McHardy Committed by Adrian Bunk

[XFRM]: Use output device disable_xfrm for forwarded packets

Currently the behaviour of disable_xfrm is inconsistent between
locally generated and forwarded packets. For locally generated
packets disable_xfrm disables the policy lookup if it is set on
the output device, for forwarded traffic however it looks at the
input device. This makes it impossible to disable xfrm on all
devices but a dummy device and use normal routing to direct
traffic to that device.

Always use the output device when checking disable_xfrm.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
parent dcb17157
...@@ -1768,7 +1768,7 @@ static inline int __mkroute_input(struct sk_buff *skb, ...@@ -1768,7 +1768,7 @@ static inline int __mkroute_input(struct sk_buff *skb,
#endif #endif
if (in_dev->cnf.no_policy) if (in_dev->cnf.no_policy)
rth->u.dst.flags |= DST_NOPOLICY; rth->u.dst.flags |= DST_NOPOLICY;
if (in_dev->cnf.no_xfrm) if (out_dev->cnf.no_xfrm)
rth->u.dst.flags |= DST_NOXFRM; rth->u.dst.flags |= DST_NOXFRM;
rth->fl.fl4_dst = daddr; rth->fl.fl4_dst = daddr;
rth->rt_dst = daddr; rth->rt_dst = daddr;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment