netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Ipsec-tools-devel] Re: [PATCH 2.6]: Check against correct policy li

from [Patrick McHardy] [Permanent Link][Original]
To: Aidas Kasparas <a.kasparas@xxxxxx>
Subject: Re: [Ipsec-tools-devel] Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Tue, 19 Oct 2004 17:38:25 +0200
Cc: netdev@xxxxxxxxxxx, ipsec-tools-devel@xxxxxxxxxxxxxxxxxxxxx
In-reply-to: <4175334B.3000504@xxxxxx>
References: <4172943B.8050904@xxxxxxxxx> <20041017212317.GA28615@xxxxxxxxxxxxxxxxxxx> <4172F1AB.4020305@xxxxxxxxx> <20041017231258.GA29294@xxxxxxxxxxxxxxxxxxx> <4175334B.3000504@xxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 Debian/1.6-5 
Aidas Kasparas wrote:


I'm sorry, what is wrong with racoon?


When generate_policy is set to on racoon doesn't generate forward
policies for tunnel mode SAs, so traffic forwarded from a tunnel
is not subject to policy checks.

I have a patch which fixes this, I will post it a couple of days.

Regards
Patrick
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Ipsec-tools-devel] Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Aidas Kasparas
Next by Date:  Re: [Ipsec-tools-devel] Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Aidas Kasparas
Previous by Thread:  Re: [Ipsec-tools-devel] Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Aidas Kasparas
Next by Thread:  Re: [Ipsec-tools-devel] Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Aidas Kasparas
Indexes:  [Date] [Thread] [Top] [All Lists]