This patch adds policy lookups to ip_route_me_harder and makes NAT reroute for any change that affects route/policy lookups. any change in route/policy key any change in route/policy key any change i
Better call __ip_route_output_key rather than not setting proto because you'll need proto in xfrm_lookup. If we can reinject transport packets then we can move this back into the if clause. -- Debian
David S. Miller wrote: On Thu, 18 Mar 2004 17:32:23 +0100 Patrick McHardy <kaber@xxxxxxxxx> wrote: This patch adds policy lookups to ip_route_me_harder and makes NAT reroute for any change that affec
fl.nl_u.ip4_u.fwmark = (*pskb)->nfmark; - fl.proto = iph->protocol; Better call __ip_route_output_key rather than not setting proto because you'll need proto in xfrm_lookup. if (ip_route_output_key(&
Right, you're calling decode_session below which is much better. Actually it was me who was confused. ip_route_me_harder can be called on both incoming/outgoing packets. That's what the if clause is
Herbert Xu wrote: Actually it was me who was confused. ip_route_me_harder can be called on both incoming/outgoing packets. That's what the if clause is trying to determine. You should only call xfrm_
You're right. Sorry for the confusion. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~her
BTW, you can xfrm4_route_forward here. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~her
Herbert Xu wrote: On Thu, Mar 18, 2004 at 05:32:23PM +0100, Patrick McHardy wrote: @@ -661,6 +661,20 @@ if ((*pskb)->dst->error) return -1; + +#ifdef CONFIG_XFRM + if (!(IPCB(*pskb)->flags & IPSKB_XF
No that would be wrong as socket policies won't be applied correctly. Forget about that idea :) -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxx
Herbert Xu wrote: On Mon, Mar 22, 2004 at 12:34:11AM +0100, Patrick McHardy wrote: Is it correct that __xfrm_route_forward will use NULL for the sock parameter to xfrm_lookup even if the packet is fr
Think their might be a problem with this patch. Potientially a packet could traverse the pre, forward and the post routing, at which point it can be SNAT'ed or MASQ'ed and then re injected into rout
Think their might be a problem with this patch. Potientially a packet could traverse the pre, forward and the post routing, at which point it can be SNAT'ed or MASQ'ed and then re injected into route
Sorry might not have made myself clear, after an SNAT with your patch the packet is re injected into route_me_harder, thus the packet is able to be rerouted (sent out another interface for example) W
This patch adds policy lookups to ip_route_me_harder and makes NAT reroute for any change that affects route/policy lookups. any change in route/policy key any change in route/policy key any change i
Better call __ip_route_output_key rather than not setting proto because you'll need proto in xfrm_lookup. If we can reinject transport packets then we can move this back into the if clause. -- Debian
This patch adds policy lookups to ip_route_me_harder and makes NAT reroute for any change that affects route/policy lookups. Why are you deleting that "fl.proto = iph->protocol;" line in net/core/ne
@@ -635,7 +636,6 @@ fl.nl_u.ip4_u.fwmark = (*pskb)->nfmark; - fl.proto = iph->protocol; Better call __ip_route_output_key rather than not setting proto because you'll need proto in xfrm_lookup. if (