netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NETFILTER] Apply IPsec to ipt_REJECT packets

from [Herbert Xu] [Permanent Link][Original]
To: "David S. Miller" <davem@xxxxxxxxxxxxx>, coreteam@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx
Subject: [NETFILTER] Apply IPsec to ipt_REJECT packets
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Nov 2004 19:42:25 +1100
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040722i 
Hi:

I found out today that packets generated by ipt_REJECT weren't protected
by IPsec.  This is because the proto field isn't set at all in the flow
supplied to ip_route_output_key.

The following patch sets that as well as protocol-specific fields so
that the appropriate IPsec policy can be applied.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Attachment: p
Description: Text document

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [PATCH 1/1] net: Netconsole poll support for 3c509, Con Kolivas
Next by Date:  Re: [openib-general] Re: [PATCH][RFC/v1][11/12] Add InfiniBand Documentation files, Eric W. Biederman
Previous by Thread:  [PATCH 1/1] net: Netconsole poll support for 3c509, Con Kolivas
Next by Thread:  Re: [NETFILTER] Apply IPsec to ipt_REJECT packets, Harald Welte
Indexes:  [Date] [Thread] [Top] [All Lists]