[PATCH] SIT tunnels over IPsec

[PATCH] SIT tunnels over IPsec

[Michal Ludvig]

[-- Attachment #1: Type: text/plain, Size: 415 bytes --]

Hi!

The attached patch fixes IPv6-in-IPv4 (SIT) tunnel over IPsec. Without 
it the SIT packets originated from the same host as the IPsec endpoint 
is leave the interface unencrypted and of course the tunnel doesn't 
work. The patch fixes it. Tested.

Please apply.

Thanks,

Michal Ludvig
-- 
* A mouse is a device used to point at the xterm you want to type in.
* Personal homepage - http://www.logix.cz/michal


[-- Attachment #2: kernel-sit.diff --]
[-- Type: text/plain, Size: 856 bytes --]

--- linux-2.6.1.orig/net/ipv6/sit.c	2004-01-09 08:00:03.000000000 +0100
+++ linux-2.6.1/net/ipv6/sit.c	2004-01-16 09:51:13.000000000 +0100
@@ -485,7 +485,8 @@ static int ipip6_tunnel_xmit(struct sk_b
 					      { .daddr = dst,
 						.saddr = tiph->saddr,
 						.tos = RT_TOS(tos) } },
-				    .oif = tunnel->parms.link };
+				    .oif = tunnel->parms.link,
+				    .proto = IPPROTO_IPV6 };
 		if (ip_route_output_key(&rt, &fl)) {
 			tunnel->stat.tx_carrier_errors++;
 			goto tx_error_icmp;
@@ -757,7 +758,8 @@ static int ipip6_tunnel_init(struct net_
 					      { .daddr = iph->daddr,
 						.saddr = iph->saddr,
 						.tos = RT_TOS(iph->tos) } },
-				    .oif = tunnel->parms.link };
+				    .oif = tunnel->parms.link,
+				    .proto = IPPROTO_IPV6 };
 		struct rtable *rt;
 		if (!ip_route_output_key(&rt, &fl)) {
 			tdev = rt->u.dst.dev;

Re: [PATCH] SIT tunnels over IPsec

[David S. Miller]

On Fri, 16 Jan 2004 19:38:00 +0100
Michal Ludvig <michal@logix.cz> wrote:

> The attached patch fixes IPv6-in-IPv4 (SIT) tunnel over IPsec. Without 
> it the SIT packets originated from the same host as the IPsec endpoint 
> is leave the interface unencrypted and of course the tunnel doesn't 
> work. The patch fixes it. Tested.
> 
> Please apply.

Applied, thanks Michal.