netdev
[Top] [All Lists]

Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup

To: Patrick McHardy <kaber@xxxxxxxxx>
Subject: Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Mar 2004 09:16:04 +1100
Cc: "David S. Miller" <davem@xxxxxxxxxx>, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4059CF17.8090907@trash.net>
References: <20040308110331.GA20719@gondor.apana.org.au> <404C874D.4000907@trash.net> <20040308115858.75cdddca.davem@redhat.com> <4059CF17.8090907@trash.net>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.5.1+cvs20040105i
On Thu, Mar 18, 2004 at 05:32:23PM +0100, Patrick McHardy wrote:
>  
> @@ -661,6 +661,20 @@
>       
>       if ((*pskb)->dst->error)
>               return -1;
> +
> +#ifdef CONFIG_XFRM
> +     if (!(IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED)) {
> +             struct xfrm_policy_afinfo *afinfo;
> +
> +             afinfo = xfrm_policy_get_afinfo(AF_INET);
> +             if (afinfo != NULL) {
> +                     afinfo->decode_session(*pskb, &fl);
> +                     xfrm_policy_put_afinfo(afinfo);
> +                     if (xfrm_lookup(&(*pskb)->dst, &fl, (*pskb)->sk, 0) != 
> 0)
> +                             return -1;
> +             }
> +     }
> +#endif

BTW, you can xfrm4_route_forward here.
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread] Current Thread [Next in Thread>