From 7d9e1164b315dee8ed6a6627377d7ef0f1b38fa3 Mon Sep 17 00:00:00 2001
From: Noriaki TAKAMIYA <takamiya@po.ntts.co.jp>
Date: Sun, 29 Jul 2007 16:04:29 +0900
Subject: [PATCH] [BUGFIX]: mip6d tries to install a policy that already exists and fails.
Thus we update it instead.
---
 src/xfrm.c |   23 +++++++++++++++++------
 1 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/xfrm.c b/src/xfrm.c
index 5551de7..e8d8c83 100644
--- a/src/xfrm.c
+++ b/src/xfrm.c
@@ -1969,11 +1969,15 @@ int xfrm_block_link(struct home_addr_inf
 	struct xfrm_selector sel;
 	hai->home_block |= HOME_LINK_BLOCK;
 	hai->if_block = hai->hoa.iif;
-	/* allow MN to send NA messages to HA while returning home */
+	/*
+	 * allow MN to send NA messages to HA while returning home
+	 * such policy is already installed in xfrm_cn_init at startup,
+	 * so we update it (update field to 1).
+	 * Reported by Romain KUNTZ <kuntz@clarinet.u-strasbg.fr>.
+	 */
 	set_selector(&in6addr_any, &in6addr_any, IPPROTO_ICMPV6,
 		     ND_NEIGHBOR_ADVERT, 0, hai->if_block, &sel);
-	if ((ret = xfrm_mip_policy_add(&sel, 0, XFRM_POLICY_OUT, XFRM_POLICY_ALLOW,
-				       MIP6_PRIO_HOME_SIG_ANY, NULL, 0)))
+	if ((ret = xfrm_mip_policy_add(&sel, 1, XFRM_POLICY_OUT, XFRM_POLICY_ALLOW, MIP6_PRIO_HOME_SIG_ANY, NULL, 0)))
 		return ret;
 	/* block any packets from HoA to the CN */
 	set_selector(&in6addr_any, &in6addr_any, 0, 0, 0, hai->if_block, &sel);
@@ -1989,9 +1993,16 @@ void xfrm_unblock_link(struct home_addr_
 	struct xfrm_selector sel;
 	set_selector(&in6addr_any, &in6addr_any, 0, 0, 0, hai->if_block, &sel);
 	xfrm_mip_policy_del(&sel, XFRM_POLICY_OUT);
-	set_selector(&in6addr_any, &in6addr_any, IPPROTO_ICMPV6,
-		     ND_NEIGHBOR_ADVERT, 0, hai->if_block, &sel);
-	xfrm_mip_policy_del(&sel, XFRM_POLICY_OUT);
+	/*
+	 * instead of deleting the policy, update it to its previous state (
+	 * the one installed in xfrm_cn_init).
+	 * Reported by Romain KUNTZ <kuntz@clarinet.u-strasbg.fr>.
+	 */
+	set_selector(&in6addr_any, &in6addr_any,
+		     IPPROTO_ICMPV6, ND_NEIGHBOR_ADVERT, 0, 0, &sel);
+	if (xfrm_mip_policy_add(&sel, 1, XFRM_POLICY_OUT, XFRM_POLICY_ALLOW,
+				MIP6_PRIO_NO_RO_SIG_ANY, NULL, 0) < 0)
+		XDBG("Could not update NA policy\n");
 	hai->if_block = 0;
 	hai->home_block &= ~HOME_LINK_BLOCK;
 }
-- 
1.4.3.GIT