summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2006-12-09 16:14:39 +0100
committerAdrian Bunk <bunk@stusta.de>2006-12-09 16:14:39 +0100
commit6a24340c98293f34d0b86310239066f4ed2af9fa (patch)
tree6847a6fe3f6301b311f12164178f5713aaa92281
parentdcb1715778026c4aec20d186dc794245d9a1f5de (diff)
downloadlinux-stable-6a24340c98293f34d0b86310239066f4ed2af9fa.tar.gz
linux-stable-6a24340c98293f34d0b86310239066f4ed2af9fa.tar.bz2
linux-stable-6a24340c98293f34d0b86310239066f4ed2af9fa.zip
[XFRM]: Use output device disable_xfrm for forwarded packets
Currently the behaviour of disable_xfrm is inconsistent between locally generated and forwarded packets. For locally generated packets disable_xfrm disables the policy lookup if it is set on the output device, for forwarded traffic however it looks at the input device. This makes it impossible to disable xfrm on all devices but a dummy device and use normal routing to direct traffic to that device. Always use the output device when checking disable_xfrm. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Adrian Bunk <bunk@stusta.de>
-rw-r--r--net/ipv4/route.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index c2cd901327bd..c83066cc342a 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1768,7 +1768,7 @@ static inline int __mkroute_input(struct sk_buff *skb,
#endif
if (in_dev->cnf.no_policy)
rth->u.dst.flags |= DST_NOPOLICY;
- if (in_dev->cnf.no_xfrm)
+ if (out_dev->cnf.no_xfrm)
rth->u.dst.flags |= DST_NOXFRM;
rth->fl.fl4_dst = daddr;
rth->rt_dst = daddr;