| To: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [netfilter-core] [NETFILTER] Apply IPsec to ipt_REJECT packets |
| From: | Patrick McHardy <kaber@xxxxxxxxx> |
| Date: | Tue, 23 Nov 2004 22:44:33 +0100 |
| Cc: | "David S. Miller" <davem@xxxxxxxxxxxxx>, coreteam@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <20041123211630.GA9805@xxxxxxxxxxxxxxxxxxx> |
| References: | <20041123084225.GA3514@xxxxxxxxxxxxxxxxxxx> <41A37EC0.8010901@xxxxxxxxx> <20041123211630.GA9805@xxxxxxxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.3) Gecko/20041008 Debian/1.7.3-5 |
Herbert Xu wrote: On Tue, Nov 23, 2004 at 07:17:36PM +0100, Patrick McHardy wrote:The patch doesn't handle tcp resets sent in response to a forwarded packet. I'll send a patch later tonight.Isn't that handled by ip_forward itself? No. ip_forward handles the original packet, not the packet generated by ipt_REJECT. RSTs generated in NF_IP_FORWARD are routed using ip_route_input because they have a non-local source, so xfrm_route_forward or xfrm_lookup needs to be called for them. Regards Patrick |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: IPv6 and netlink, David S. Miller |
|---|---|
| Next by Date: | Re: [netfilter-core] [NETFILTER] Apply IPsec to ipt_REJECT packets, Herbert Xu |
| Previous by Thread: | Re: [netfilter-core] [NETFILTER] Apply IPsec to ipt_REJECT packets, Herbert Xu |
| Next by Thread: | Re: [netfilter-core] [NETFILTER] Apply IPsec to ipt_REJECT packets, Herbert Xu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |