[Top] [All Lists]

[NETFILTER] Apply IPsec to ipt_REJECT packets

To: "David S. Miller" <davem@xxxxxxxxxxxxx>, coreteam@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx
Subject: [NETFILTER] Apply IPsec to ipt_REJECT packets
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Nov 2004 19:42:25 +1100
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040722i

I found out today that packets generated by ipt_REJECT weren't protected
by IPsec.  This is because the proto field isn't set at all in the flow
supplied to ip_route_output_key.

The following patch sets that as well as protocol-specific fields so
that the appropriate IPsec policy can be applied.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Visit Openswan at
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page:
PGP Key:

Attachment: p
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>