From patchwork Mon Nov  3 04:53:03 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Duan Jiong <duanj.fnst@cn.fujitsu.com>
X-Patchwork-Id: 406020
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44046140081
	for <patchwork-incoming@ozlabs.org>;
	Mon,  3 Nov 2014 15:55:14 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751126AbaKCEzK (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Sun, 2 Nov 2014 23:55:10 -0500
Received: from cn.fujitsu.com ([59.151.112.132]:33121 "EHLO
	heian.cn.fujitsu.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org
	with ESMTP id S1750834AbaKCEzI (ORCPT
	<rfc822;netdev@vger.kernel.org>); Sun, 2 Nov 2014 23:55:08 -0500
X-IronPort-AV: E=Sophos;i="5.04,838,1406563200"; d="scan'208";a="42740014"
Received: from localhost (HELO edo.cn.fujitsu.com) ([10.167.33.5])
	by heian.cn.fujitsu.com with ESMTP; 03 Nov 2014 12:51:57 +0800
Received: from G08CNEXCHPEKD03.g08.fujitsu.local (localhost.localdomain
	[127.0.0.1])
	by edo.cn.fujitsu.com (8.14.3/8.13.1) with ESMTP id sA34svGE030760;
	Mon, 3 Nov 2014 12:54:57 +0800
Received: from [10.167.225.86] (10.167.225.86) by
	G08CNEXCHPEKD03.g08.fujitsu.local (10.167.33.89) with Microsoft SMTP
	Server id 14.3.181.6; Mon, 3 Nov 2014 12:55:07 +0800
Message-ID: <54570A2F.2070206@cn.fujitsu.com>
Date: Mon, 3 Nov 2014 12:53:03 +0800
From: Duan Jiong <duanj.fnst@cn.fujitsu.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:24.0) Gecko/20100101 Thunderbird/24.7.0
MIME-Version: 1.0
To: David Miller <davem@davemloft.net>
CC: netdev <netdev@vger.kernel.org>
Subject: [PATCH] ipv6: do xfrm transform after nat if necessary
X-Originating-IP: [10.167.225.86]
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

In function nf_nat_ipv6_out, after nat is done, nf_xfrm_me_harder()
will be called to look up xfrm dst.

Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
---
 net/ipv6/ip6_output.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 8e950c2..742a845 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -124,6 +124,14 @@ static int ip6_finish_output2(struct sk_buff *skb)
 
 static int ip6_finish_output(struct sk_buff *skb)
 {
+#if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
+	/* Just like ipv4, policy lookup after nat yielded a new policy */
+	if (skb_dst(skb)->xfrm != NULL) {
+		IP6CB(skb)->flags |= IP6SKB_REROUTED;
+		return dst_output(skb);
+	}
+#endif
+
 	if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
 	    dst_allfrag(skb_dst(skb)) ||
 	    (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))