]> err.no Git - linux-2.6/commitdiff
[PF_KEY]: Fix ipsec not working in 2.6.23-rc1-git10
authorJoy Latten <latten@austin.ibm.com>
Fri, 3 Aug 2007 02:25:43 +0000 (19:25 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Fri, 3 Aug 2007 02:42:29 +0000 (19:42 -0700)
Although an ipsec SA was established, kernel couldn't seem to find it.

I think since we are now using "x->sel.family" instead of "family" in
the xfrm_selector_match() called in xfrm_state_find(), af_key needs to
set this field too, just as xfrm_user.

In af_key.c, x->sel.family only gets set when there's an
ext_hdrs[SADB_EXT_ADDRESS_PROXY-1] which I think is for tunnel.

I think pfkey needs to also set the x->sel.family field when it is 0.

Tested with below patch, and ipsec worked when using pfkey.

Signed-off-by: David S. Miller <davem@davemloft.net>
net/key/af_key.c

index 7b0a95abe934b471183bd88c9cc5d4928499f9c1..5502df115a633df76ea810bc6b92a8d0baa526cb 100644 (file)
@@ -1206,6 +1206,9 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr,
                x->sel.prefixlen_s = addr->sadb_address_prefixlen;
        }
 
+       if (!x->sel.family)
+               x->sel.family = x->props.family;
+
        if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
                struct sadb_x_nat_t_type* n_type;
                struct xfrm_encap_tmpl *natt;