From 51a6ff05e8f8f7a462d2aa0afd69a751d0542be2 Mon Sep 17 00:00:00 2001 From: Masafumi Aramoto Date: Sun, 19 Aug 2007 16:05:15 +0900 Subject: [PATCH] MN: To clean up the Romain's bug fix to insert/delete the policy for sending NA. The policy for sending NA is inserted in xfrm_cn_init at startup in high priority. The priority of it is changed higher than the block policy not to block during registration. Then, it's not necessary to insert/delete the the policy for sending NA at sending BU/receiving BA. --- src/xfrm.c | 30 ++++++++---------------------- 1 files changed, 8 insertions(+), 22 deletions(-) diff --git a/src/xfrm.c b/src/xfrm.c index 9cb1709..0ae7c12 100644 --- a/src/xfrm.c +++ b/src/xfrm.c @@ -999,11 +999,15 @@ static int xfrm_cn_init(void) MIP6_PRIO_NO_RO_SIG_ANY, NULL, 0) < 0) return -1; - /* Let Neighbor Advertisement messages bypass bindings */ + /* + * Let Neighbor Advertisement messages bypass bindings + * This policy is high priority(priory 3) not to block + * by the BlockPolicy during registration. + */ set_selector(&in6addr_any, &in6addr_any, IPPROTO_ICMPV6, ND_NEIGHBOR_ADVERT, 0, 0, &sel); if (xfrm_mip_policy_add(&sel, 0, XFRM_POLICY_OUT, XFRM_POLICY_ALLOW, - MIP6_PRIO_NO_RO_SIG_ANY, NULL, 0) < 0) + MIP6_PRIO_HOME_SIG_ANY, NULL, 0) < 0) return -1; /* Let ICMPv6 error messages bypass bindings */ @@ -1964,16 +1968,7 @@ int xfrm_block_link(struct home_addr_inf struct xfrm_selector sel; hai->home_block |= HOME_LINK_BLOCK; hai->if_block = hai->hoa.iif; - /* - * allow MN to send NA messages to HA while returning home - * such policy is already installed in xfrm_cn_init at startup, - * so we update it (update field to 1). - * Reported by Romain KUNTZ . - */ - set_selector(&in6addr_any, &in6addr_any, IPPROTO_ICMPV6, - ND_NEIGHBOR_ADVERT, 0, hai->if_block, &sel); - if ((ret = xfrm_mip_policy_add(&sel, 1, XFRM_POLICY_OUT, XFRM_POLICY_ALLOW, MIP6_PRIO_HOME_SIG_ANY, NULL, 0))) - return ret; + /* block any packets from HoA to the CN */ set_selector(&in6addr_any, &in6addr_any, 0, 0, 0, hai->if_block, &sel); if ((ret = xfrm_mip_policy_add(&sel, 0, XFRM_POLICY_OUT, @@ -1988,16 +1983,7 @@ void xfrm_unblock_link(struct home_addr_ struct xfrm_selector sel; set_selector(&in6addr_any, &in6addr_any, 0, 0, 0, hai->if_block, &sel); xfrm_mip_policy_del(&sel, XFRM_POLICY_OUT); - /* - * instead of deleting the policy, update it to its previous state ( - * the one installed in xfrm_cn_init). - * Reported by Romain KUNTZ . - */ - set_selector(&in6addr_any, &in6addr_any, - IPPROTO_ICMPV6, ND_NEIGHBOR_ADVERT, 0, 0, &sel); - if (xfrm_mip_policy_add(&sel, 1, XFRM_POLICY_OUT, XFRM_POLICY_ALLOW, - MIP6_PRIO_NO_RO_SIG_ANY, NULL, 0) < 0) - XDBG("Could not update NA policy\n"); + hai->if_block = 0; hai->home_block &= ~HOME_LINK_BLOCK; } -- 1.4.3.GIT