[PATCH net-next-2.6 3/7] sctp: make sctp over IPv6 work with IPsec

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Wei Yongjun <yjwei@cn.fujitsu.com>
To: David Miller <davem@davemloft.net>
Cc: "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
	lksctp <linux-sctp@vger.kernel.org>
Subject: [PATCH net-next-2.6 3/7] sctp: make sctp over IPv6 work with IPsec
Date: Tue, 26 Apr 2011 11:47:05 +0800	[thread overview]
Message-ID: <4DB64039.20008@cn.fujitsu.com> (raw)
In-Reply-To: <4DB63F85.2090609@cn.fujitsu.com>

From: Vlad Yasevich <vladislav.yasevich@hp.com>

SCTP never called xfrm_output after it's v6 route lookups so
that never really worked with ipsec.  Additioanlly, we never
passed port nubmers in the flowi, so any port based policies were
never applied as well.  Now that we can fixed ipv6 routing lookup
code, we can add xfrm_output calls and pass port numbers.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
---
 net/sctp/ipv6.c |   34 ++++++++++++++++++++++++++++++++--
 1 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index cc9ea37..74fe28c 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -244,6 +244,30 @@ static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport)
 	return ip6_xmit(sk, skb, &fl6, np->opt);
 }
 
+/* Small helper function that combines route and XFRM lookups.  This is
+ * done since we might be looping through route lookups.
+ */
+static int sctp_v6_dst_lookup(struct sock *sk, struct dst_entry **dst,
+				struct flowi6 *fl6)
+{
+	int err;
+
+	err = ip6_dst_lookup(sk, dst, fl6);
+	if (err)
+		goto done;
+
+	err = xfrm_lookup(sock_net(sk), *dst, flowi6_to_flowi(fl6), sk, 0);
+	if (err)
+		goto done;
+
+	return 0;
+
+done:
+	dst_release(*dst);
+	*dst = NULL;
+	return err;
+}
+
 /* Returns the dst cache entry for the given source and destination ip
  * addresses.
  */
@@ -266,18 +290,23 @@ static struct dst_entry *sctp_v6_get_dst(struct sctp_association *asoc,
 
 	memset(fl6, 0, sizeof(struct flowi6));
 	ipv6_addr_copy(&fl6->daddr, &daddr->v6.sin6_addr);
+	fl6->fl6_dport = daddr->v6.sin6_port;
 	if (ipv6_addr_type(&daddr->v6.sin6_addr) & IPV6_ADDR_LINKLOCAL)
 		fl6->flowi6_oif = daddr->v6.sin6_scope_id;
 
 
 	SCTP_DEBUG_PRINTK("%s: DST=%pI6 ", __func__, &fl6->daddr);
 
+	if (asoc)
+		fl6->fl6_sport = htons(asoc->base.bind_addr.port);
+
 	if (saddr) {
 		ipv6_addr_copy(&fl6->saddr, &saddr->v6.sin6_addr);
+		fl6->fl6_sport = saddr->v6.sin6_port;
 		SCTP_DEBUG_PRINTK("SRC=%pI6 - ", &fl6->saddr);
 	}
 
-	err = ip6_dst_lookup(sk, &dst, fl6);
+	err = sctp_v6_dst_lookup(sk, &dst, fl6);
 	if (!asoc || saddr)
 		goto out;
 
@@ -331,7 +360,8 @@ static struct dst_entry *sctp_v6_get_dst(struct sctp_association *asoc,
 	rcu_read_unlock();
 	if (baddr) {
 		ipv6_addr_copy(&fl6->saddr, &baddr->v6.sin6_addr);
-		err = ip6_dst_lookup(sk, &dst, fl6);
+		fl6->fl6_sport = baddr->v6.sin6_port;
+		err = sctp_v6_dst_lookup(sk, &dst, fl6);
 	}
 
 out:
-- 
1.6.5.2

next prev parent reply	other threads:[~2011-04-26  3:47 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-04-26  3:44 [PATCH net-next-2.6 0/7] SCTP updates for net-next-2.6 Wei Yongjun
2011-04-26  3:45 ` [PATCH net-next-2.6 1/7] sctp: fix sctp to work with ipv6 source address routing Wei Yongjun
2011-04-26  3:46 ` [PATCH net-next-2.6 2/7] sctp: cache the ipv6 source after route lookup Wei Yongjun
2011-04-26  3:47 ` Wei Yongjun [this message]
2011-04-26  3:47 ` [PATCH net-next-2.6 4/7] sctp: remove useless arguments from get_saddr() call Wei Yongjun
2011-04-26  7:12   ` David Miller
2011-04-26  7:20     ` David Miller
2011-04-26  8:06       ` Wei Yongjun
2011-04-26  3:48 ` [PATCH net-next-2.6 5/7] sctp: clean up route lookup calls Wei Yongjun
2011-04-26  3:48 ` [PATCH net-next-2.6 6/7] sctp: clean up IPv6 route and XFRM lookups Wei Yongjun
2011-04-26  3:49 ` [PATCH net-next-2.6 7/7] sctp: fix IPv6 source address output routing with IPsec Wei Yongjun
2011-04-26  7:12 ` [PATCH net-next-2.6 0/7] SCTP updates for net-next-2.6 David Miller
2011-04-26 21:51   ` David Miller
2011-04-27  0:59     ` Wei Yongjun
2011-04-27  1:47       ` David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:cc9ea37 dfblob:74fe28c )
 OR (
bs:"[PATCH net-next-2.6 3/7] sctp: make sctp over IPv6 work with IPsec" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4DB64039.20008@cn.fujitsu.com \
    --to=yjwei@cn.fujitsu.com \
    --cc=davem@davemloft.net \
    --cc=linux-sctp@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).