Thread (35 messages) 35 messages, 4 authors, 2004-03-24

Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: 2004-03-21 06:35:12
Also in: netfilter-devel 

On Sat, Mar 20, 2004 at 03:01:55PM +0100, Patrick McHardy wrote:
Herbert Xu wrote:
quoted
Actually it was me who was confused.  ip_route_me_harder can be called
on both incoming/outgoing packets.  That's what the if clause is trying
to determine.  You should only call xfrm_lookup on the outgoing path.
No, ip_route_me_harder is currently (without the patches) only called
for outgoing packets. The if-clause is there because ip_route_output
doesn't handle packets with non-local source, and we don't want to set
the source to 0 (as was done before) because it prevents policy routing
from working properly. That's why we need the xfrm_lookup for both
cases.
You're right.  Sorry for the confusion.
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help