Commit 6bdde52c authored by Herbert Xu's avatar Herbert Xu Committed by Hideaki Yoshifuji

[IPSEC]: Set TTL from route.

Here is the promised patch that sets the TTL from the route parameter.
I decided against adding an option to inherit the TTL like IPIP/GRE
as I think that it doesn't really make sense with IPsec.  But it
can be easily added later if someone needs it.

This isn't completely right when nested tunnels are involved.  The
TTL for intervening tunnels should be set from the routes to the
intervening nodes.  But fixing that involves using information that
isn't currently in the bundle.  I'll revisit this once the MTU stuff
is fixed since that'll also involving adding the intervening routes
to the bundle.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@redhat.com>
parent 8548a525
...@@ -58,8 +58,7 @@ static void xfrm4_encap(struct sk_buff *skb) ...@@ -58,8 +58,7 @@ static void xfrm4_encap(struct sk_buff *skb)
if (!top_iph->frag_off) if (!top_iph->frag_off)
__ip_select_ident(top_iph, dst, 0); __ip_select_ident(top_iph, dst, 0);
/* TTL disclosed */ top_iph->ttl = dst_path_metric(dst, RTAX_HOPLIMIT);
top_iph->ttl = iph->ttl;
top_iph->saddr = x->props.saddr.a4; top_iph->saddr = x->props.saddr.a4;
top_iph->daddr = x->id.daddr.a4; top_iph->daddr = x->id.daddr.a4;
......
...@@ -64,7 +64,7 @@ static void xfrm6_encap(struct sk_buff *skb) ...@@ -64,7 +64,7 @@ static void xfrm6_encap(struct sk_buff *skb)
top_iph->flow_lbl[1] = iph->flow_lbl[1]; top_iph->flow_lbl[1] = iph->flow_lbl[1];
top_iph->flow_lbl[2] = iph->flow_lbl[2]; top_iph->flow_lbl[2] = iph->flow_lbl[2];
top_iph->nexthdr = IPPROTO_IPV6; top_iph->nexthdr = IPPROTO_IPV6;
top_iph->hop_limit = iph->hop_limit; top_iph->hop_limit = dst_path_metric(dst, RTAX_HOPLIMIT);
ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr); ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr);
ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr); ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment