netdev
[Top] [All Lists]

Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Mon, 22 Mar 2004 03:29:45 +0100
Cc: "David S. Miller" <davem@xxxxxxxxxx>, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20040322020322.GA1187@xxxxxxxxxxxxxxxxxxx>
References: <20040308110331.GA20719@xxxxxxxxxxxxxxxxxxx> <404C874D.4000907@xxxxxxxxx> <20040308115858.75cdddca.davem@xxxxxxxxxx> <4059CF17.8090907@xxxxxxxxx> <20040321221604.GA32277@xxxxxxxxxxxxxxxxxxx> <405E2673.4090808@xxxxxxxxx> <20040322020322.GA1187@xxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040122 Debian/1.6-1
Herbert Xu wrote:
On Mon, Mar 22, 2004 at 12:34:11AM +0100, Patrick McHardy wrote:

Is it correct that __xfrm_route_forward will use NULL for the sock
parameter to xfrm_lookup even if the packet is from a local socket ?

No that would be wrong as socket policies won't be applied correctly.
Forget about that idea :)

Thanks anyway, it reminded me to check for !(dst->flags & DST_NOXFRM)
before xfrm_lookup, I'm going to change this now.

Regards
Patrick

<Prev in Thread] Current Thread [Next in Thread>