On Thu, Mar 18, 2004 at 05:32:14PM +0100, Patrick McHardy wrote:
>
> diff -Nru a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
> --- a/net/ipv4/ip_input.c Thu Mar 18 16:45:35 2004
> +++ b/net/ipv4/ip_input.c Thu Mar 18 16:45:35 2004
> @@ -224,6 +224,12 @@
> resubmit:
> hash = protocol & (MAX_INET_PROTOS - 1);
> raw_sk = sk_head(&raw_v4_htable[hash]);
> + ipprot = inet_protos[hash];
> + smp_read_barrier_depends();
> +
> + if (skb->sp && !ipprot->xfrm_prot)
> + if (nf_postxfrm_input(skb))
> + goto out;
Just an idea: what if we reinject the packet just as we do in tunnel mode?
> @@ -346,6 +351,10 @@
> }
> }
>
> + if (skb->sp && !(((struct rtable *)skb->dst)->rt_flags&RTCF_LOCAL))
> + if (nf_postxfrm_nonlocal(skb))
> + goto drop;
> +
What if the PRE_ROUTING turns it into a local address again?
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
|