Re: [RFC, PATCH 4/5]: netfilter+ipsec

netdev

Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup

To:	Patrick McHardy <kaber@xxxxxxxxx>
Subject:	Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Mon, 22 Mar 2004 09:16:04 +1100
Cc:	"David S. Miller" <davem@xxxxxxxxxx>, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<4059CF17.8090907@xxxxxxxxx>
References:	<20040308110331.GA20719@xxxxxxxxxxxxxxxxxxx> <404C874D.4000907@xxxxxxxxx> <20040308115858.75cdddca.davem@xxxxxxxxxx> <4059CF17.8090907@xxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.5.1+cvs20040105i

On Thu, Mar 18, 2004 at 05:32:23PM +0100, Patrick McHardy wrote:
>  
> @@ -661,6 +661,20 @@
>       
>       if ((*pskb)->dst->error)
>               return -1;
> +
> +#ifdef CONFIG_XFRM
> +     if (!(IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED)) {
> +             struct xfrm_policy_afinfo *afinfo;
> +
> +             afinfo = xfrm_policy_get_afinfo(AF_INET);
> +             if (afinfo != NULL) {
> +                     afinfo->decode_session(*pskb, &fl);
> +                     xfrm_policy_put_afinfo(afinfo);
> +                     if (xfrm_lookup(&(*pskb)->dst, &fl, (*pskb)->sk, 0) != 
> 0)
> +                             return -1;
> +             }
> +     }
> +#endif

BTW, you can xfrm4_route_forward here.
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, (continued) Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, Herbert Xu Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks, Patrick McHardy [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, David S. Miller Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Herbert Xu Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Herbert Xu Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Herbert Xu Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Herbert Xu <= Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Herbert Xu Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Alexander Samad Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Alexander Samad [RFC, PATCH 5/5]: netfilter+ipsec - policy checks, Patrick McHardy Re: [RFC, PATCH 5/5]: netfilter+ipsec - policy checks, David S. Miller Re: [RFC, PATCH 5/5]: netfilter+ipsec - policy checks, Patrick McHardy

Previous by Date:	[OOPS] 2.4.25 fealnx: oops with heavy UDP traffic, Denis Vlasenko
Next by Date:	Re: [PATCH] [RFT] 2.6.4 - epic100 napi, Jeff Garzik
Previous by Thread:	Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Herbert Xu
Next by Thread:	Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy
Indexes:	[Date] [Thread] [Top] [All Lists]