From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
To: Mahesh Bandewar <mahesh@bandewar.net>,
David Miller <davem@davemloft.net>
Cc: Mahesh Bandewar <maheshb@google.com>,
Eric Dumazet <edumazet@google.com>,
netdev <netdev@vger.kernel.org>, Tim Hockin <thockin@google.com>,
Alex Pollitt <alex.pollitt@metaswitch.com>,
Matthew Dupre <matthew.dupre@metaswitch.com>,
Steffen Klassert <steffen.klassert@secunet.com>
Subject: Re: [PATCH next v2 6/7] xfrm: Use l3_dev for xfrm policy checks.
Date: Thu, 10 Mar 2016 10:48:08 +0100 [thread overview]
Message-ID: <56E142D8.9080308@6wind.com> (raw)
In-Reply-To: <1457560212-13289-1-git-send-email-mahesh@bandewar.net>
+ Steffen
Le 09/03/2016 22:50, Mahesh Bandewar a écrit :
> From: Mahesh Bandewar <maheshb@google.com>
>
> IPsec, whether it's tunnel mode or transport mode, is still a
> function of L3 so all the decisions should be based on the L3
> device.
>
> Signed-off-by: Mahesh Bandewar <maheshb@google.com>
> CC: Eric Dumazet <edumazet@google.com>
> CC: Tim Hockin <thockin@google.com>
> CC: Alex Pollitt <alex.pollitt@metaswitch.com>
> CC: Matthew Dupre <matthew.dupre@metaswitch.com>
> ---
> include/net/xfrm.h | 2 +-
> net/xfrm/xfrm_policy.c | 4 ++--
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/include/net/xfrm.h b/include/net/xfrm.h
> index d6f6e5006ee9..30f9a351c3b9 100644
> --- a/include/net/xfrm.h
> +++ b/include/net/xfrm.h
> @@ -1067,7 +1067,7 @@ static inline int __xfrm_policy_check2(struct sock *sk, int dir,
> struct sk_buff *skb,
> unsigned int family, int reverse)
> {
> - struct net *net = dev_net(skb->dev);
> + struct net *net = dev_net(netif_get_l3_dev(skb->dev));
> int ndir = dir | (reverse ? XFRM_POLICY_MASK + 1 : 0);
>
> if (sk && sk->sk_policy[XFRM_POLICY_IN])
> diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> index b5e665b3cfb0..c5942744f2e3 100644
> --- a/net/xfrm/xfrm_policy.c
> +++ b/net/xfrm/xfrm_policy.c
> @@ -2462,7 +2462,7 @@ static inline int secpath_has_nontransport(const struct sec_path *sp, int k, int
> int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
> unsigned short family)
> {
> - struct net *net = dev_net(skb->dev);
> + struct net *net = dev_net(netif_get_l3_dev(skb->dev));
> struct xfrm_policy *pol;
> struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
> int npols = 0;
> @@ -2620,7 +2620,7 @@ EXPORT_SYMBOL(__xfrm_policy_check);
>
> int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
> {
> - struct net *net = dev_net(skb->dev);
> + struct net *net = dev_net(netif_get_l3_dev(skb->dev));
> struct flowi fl;
> struct dst_entry *dst;
> int res = 1;
>
prev parent reply other threads:[~2016-03-10 9:48 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-09 21:50 [PATCH next v2 6/7] xfrm: Use l3_dev for xfrm policy checks Mahesh Bandewar
2016-03-10 9:48 ` Nicolas Dichtel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56E142D8.9080308@6wind.com \
--to=nicolas.dichtel@6wind.com \
--cc=alex.pollitt@metaswitch.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=mahesh@bandewar.net \
--cc=maheshb@google.com \
--cc=matthew.dupre@metaswitch.com \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
--cc=thockin@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.