From 6f1156383a419a4d19bdc196ffa8d4dbe2f01b36 Mon Sep 17 00:00:00 2001 From: Fan Du Date: Mon, 23 Sep 2013 17:18:25 +0800 Subject: xfrm: Force SA to be lookup again if SA in acquire state If SA is in the process of acquiring, which indicates this SA is more promising and precise than the fall back option, i.e. using wild card source address for searching less suitable SA. So, here bail out, and try again. Signed-off-by: Fan Du Signed-off-by: Steffen Klassert diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index d6e7f98..b2117a1 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -815,7 +815,7 @@ xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr, xfrm_state_look_at(pol, x, fl, encap_family, &best, &acquire_in_progress, &error); } - if (best) + if (best || acquire_in_progress) goto found; h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, encap_family); -- cgit v0.10.2