netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ip_route_me_harder -> xfrm_lookup

from [Herbert Xu] [Permanent Link][Original]
To: "David S. Miller" <davem@xxxxxxxxxx>, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
Subject: ip_route_me_harder -> xfrm_lookup
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 8 Mar 2004 22:03:31 +1100
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.5.1+cvs20040105i 
Hi:

I've received a number of reports that the any packets that are modified
by the PREROUTING mangle table will not be protected by IPsec.

The reason is that ip_route_me_harder which is called upon the exit
of the mangle table does not set the proto field.  This means that
xfrm_lookup is never called.

The following patch sets the proto field so that the packet can be
protected by IPsec.

Cheers,
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Attachment: p
Description: Text document

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [PATCH] ibmtr init section usage, Randy.Dunlap
Next by Date:  Re: resend [PATCH 2.6.4-rc2] netdevice.h add netif_msg_init helper, Jeff Garzik
Previous by Thread:  [PATCH] ibmtr init section usage, Randy.Dunlap
Next by Thread:  Re: ip_route_me_harder -> xfrm_lookup, Patrick McHardy
Indexes:  [Date] [Thread] [Top] [All Lists]