summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMasahide NAKAMURA <nakam@linux-ipv6.org>2006-08-23 22:54:07 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 15:08:37 -0700
commit64d9fdda8e1bdf416b2d9203c3ad9c249ea301be (patch)
tree875d2925a44cdacd0adc1f1ccfbd3f06cd4d0b69
parent58c949d1b9551f3e4ba9dde4aeda341ecf5e42b5 (diff)
[XFRM] IPV6: Support Mobile IPv6 extension headers sorting.
Support Mobile IPv6 extension headers sorting for two transformation policies. Mobile IPv6 extension headers should be placed after IPsec transport mode, but before transport AH when outbound. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv6/xfrm6_state.c28
1 files changed, 26 insertions, 2 deletions
diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index e0b8f3c5caa2..6269584e610e 100644
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -173,7 +173,19 @@ __xfrm6_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n)
if (j == n)
goto end;
- /* XXX: Rule 2: select MIPv6 RO or inbound trigger */
+ /* Rule 2: select MIPv6 RO or inbound trigger */
+#ifdef CONFIG_IPV6_MIP6
+ for (i = 0; i < n; i++) {
+ if (src[i] &&
+ (src[i]->props.mode == XFRM_MODE_ROUTEOPTIMIZATION ||
+ src[i]->props.mode == XFRM_MODE_IN_TRIGGER)) {
+ dst[j++] = src[i];
+ src[i] = NULL;
+ }
+ }
+ if (j == n)
+ goto end;
+#endif
/* Rule 3: select IPsec transport AH */
for (i = 0; i < n; i++) {
@@ -226,7 +238,19 @@ __xfrm6_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n)
if (j == n)
goto end;
- /* XXX: Rule 2: select MIPv6 RO or inbound trigger */
+ /* Rule 2: select MIPv6 RO or inbound trigger */
+#ifdef CONFIG_IPV6_MIP6
+ for (i = 0; i < n; i++) {
+ if (src[i] &&
+ (src[i]->mode == XFRM_MODE_ROUTEOPTIMIZATION ||
+ src[i]->mode == XFRM_MODE_IN_TRIGGER)) {
+ dst[j++] = src[i];
+ src[i] = NULL;
+ }
+ }
+ if (j == n)
+ goto end;
+#endif
/* Rule 3: select IPsec tunnel */
for (i = 0; i < n; i++) {