summaryrefslogtreecommitdiffstats
path: root/net/ipv4/xfrm4_output.c
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2006-04-28 15:22:13 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2006-04-29 18:33:16 -0700
commita76e07acd0de635122c5e60ccd5e55f9d5082391 (patch)
tree81532bb4926f9122961da29b9914268deca1a508 /net/ipv4/xfrm4_output.c
parentda753beaeb1446aa87bcca7e8a0026633a8914f0 (diff)
downloadkernel-crypto-a76e07acd0de635122c5e60ccd5e55f9d5082391.tar.gz
kernel-crypto-a76e07acd0de635122c5e60ccd5e55f9d5082391.tar.xz
kernel-crypto-a76e07acd0de635122c5e60ccd5e55f9d5082391.zip
[IPSEC]: Fix IP ID selection
I was looking through the xfrm input/output code in order to abstract out the address family specific encapsulation/decapsulation code. During that process I found this bug in the IP ID selection code in xfrm4_output.c. At that point dst is still the xfrm_dst for the current SA which represents an internal flow as far as the IPsec tunnel is concerned. Since the IP ID is going to sit on the outside of the encapsulated packet, we obviously want the external flow which is just dst->child. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/xfrm4_output.c')
-rw-r--r--net/ipv4/xfrm4_output.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 32ad229b4fe..4ef8efaf6a6 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -62,7 +62,7 @@ static void xfrm4_encap(struct sk_buff *skb)
top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
0 : (iph->frag_off & htons(IP_DF));
if (!top_iph->frag_off)
- __ip_select_ident(top_iph, dst, 0);
+ __ip_select_ident(top_iph, dst->child, 0);
top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);