Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6

netdev

Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_for

To:	Patrick McHardy <kaber@xxxxxxxxx>
Subject:	Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Mon, 18 Oct 2004 07:23:17 +1000
Cc:	"David S. Miller" <davem@xxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to:	<4172943B.8050904@trash.net>
References:	<4172943B.8050904@trash.net>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.6+20040722i

On Sun, Oct 17, 2004 at 05:48:11PM +0200, Patrick McHardy wrote:
> 
> currently forwarded packets from a tunnel mode SA are checked
> in ip_forward/ip6_forward against the XFRM_POLICY_FWD policy
> list. Neither racoon nor pluto generate a policy for
> IPSEC_DIR_FWD, so the checks are performed against an empty

Actually I made damn sure that pluto does generate rules for
IPSEC_DIR_FWD after discussing it with Alexey :) Search for
XFRM_POLICY_FWD in openswan/programs/pluto.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Patrick McHardy Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Herbert Xu <= Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Patrick McHardy Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Patrick McHardy Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Herbert Xu Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Patrick McHardy [XFRM] Allow transport SAs even when there is no policy, Herbert Xu Re: [XFRM] Allow transport SAs even when there is no policy, Patrick McHardy Re: [XFRM] Allow transport SAs even when there is no policy, Herbert Xu Re: [XFRM] Allow transport SAs even when there is no policy, David S. Miller Re: [XFRM] Allow transport SAs even when there is no policy, David S. Miller Re: [Ipsec-tools-devel] Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Aidas Kasparas

Previous by Date:	[PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Patrick McHardy
Next by Date:	Re: [RFC] Yield in netlink_broadcast when congested, Herbert Xu
Previous by Thread:	[PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Patrick McHardy
Next by Thread:	Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Patrick McHardy
Indexes:	[Date] [Thread] [Top] [All Lists]