On Wed, Nov 24, 2004 at 12:52:37AM +0100, Patrick McHardy wrote:
> I would prefer something like this (based on your patch, untested).
> Currently
> ICMP packets are handled different than TCP packets, saddr is set to 0 for
> them if it is non-local, so they can't be source-routed properly. This patch
> also uses route_reverse for ICMP packets, properly sets fl->proto for output
> routed packets and adds a call to xfrm_lookup for input routed packets.
Just a quick side note: Once we've found a final solution, please don't
forget to merge the changes to ip6t_REJECT in patch-o-matic.
> Regards
> Patrick
--
- Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
signature.asc
Description: Digital signature
|