netdev
[Top] [All Lists]

[PATCH] SIT tunnels over IPsec

To: "David S. Miller" <davem@xxxxxxxxxx>
Subject: [PATCH] SIT tunnels over IPsec
From: Michal Ludvig <michal@xxxxxxxx>
Date: Fri, 16 Jan 2004 19:38:00 +0100
Cc: netdev@xxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5b) Gecko/20030814
Hi!

The attached patch fixes IPv6-in-IPv4 (SIT) tunnel over IPsec. Without it the SIT packets originated from the same host as the IPsec endpoint is leave the interface unencrypted and of course the tunnel doesn't work. The patch fixes it. Tested.

Please apply.

Thanks,

Michal Ludvig
--
* A mouse is a device used to point at the xterm you want to type in.
* Personal homepage - http://www.logix.cz/michal

--- linux-2.6.1.orig/net/ipv6/sit.c     2004-01-09 08:00:03.000000000 +0100
+++ linux-2.6.1/net/ipv6/sit.c  2004-01-16 09:51:13.000000000 +0100
@@ -485,7 +485,8 @@ static int ipip6_tunnel_xmit(struct sk_b
                                              { .daddr = dst,
                                                .saddr = tiph->saddr,
                                                .tos = RT_TOS(tos) } },
-                                   .oif = tunnel->parms.link };
+                                   .oif = tunnel->parms.link,
+                                   .proto = IPPROTO_IPV6 };
                if (ip_route_output_key(&rt, &fl)) {
                        tunnel->stat.tx_carrier_errors++;
                        goto tx_error_icmp;
@@ -757,7 +758,8 @@ static int ipip6_tunnel_init(struct net_
                                              { .daddr = iph->daddr,
                                                .saddr = iph->saddr,
                                                .tos = RT_TOS(iph->tos) } },
-                                   .oif = tunnel->parms.link };
+                                   .oif = tunnel->parms.link,
+                                   .proto = IPPROTO_IPV6 };
                struct rtable *rt;
                if (!ip_route_output_key(&rt, &fl)) {
                        tdev = rt->u.dst.dev;

<Prev in Thread] Current Thread [Next in Thread>