Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup | netdev

ip_route_me_harder -> xfrm_lookup · Herbert Xu <herbert@gondor.apana.org.au> · 2004-03-08
Re: ip_route_me_harder -> xfrm_lookup · Patrick McHardy <hidden> · 2004-03-08
Re: ip_route_me_harder -> xfrm_lookup · David S. Miller <hidden> · 2004-03-08
Re: ip_route_me_harder -> xfrm_lookup · Patrick McHardy <hidden> · 2004-03-18
[RFC, PATCH 1/5]: netfilter+ipsec - nf_reset · Patrick McHardy <hidden> · 2004-03-18
Re: [RFC, PATCH 1/5]: netfilter+ipsec - nf_reset · David S. Miller <hidden> · 2004-03-19
[RFC, PATCH 2/5]: netfilter+ipsec - output hooks · Patrick McHardy <hidden> · 2004-03-18
Re: [RFC, PATCH 2/5]: netfilter+ipsec - output hooks · David S. Miller <hidden> · 2004-03-19
Re: [RFC, PATCH 2/5]: netfilter+ipsec - output hooks · Herbert Xu <herbert@gondor.apana.org.au> · 2004-03-19
[RFC, PATCH 3/5]: netfilter+ipsec - input hooks · Patrick McHardy <hidden> · 2004-03-18
Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks · David S. Miller <hidden> · 2004-03-19
Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks · Herbert Xu <herbert@gondor.apana.org.au> · 2004-03-19
Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks · Patrick McHardy <hidden> · 2004-03-19
Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks · Herbert Xu <herbert@gondor.apana.org.au> · 2004-03-19
Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks · Herbert Xu <herbert@gondor.apana.org.au> · 2004-03-19
Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks · Herbert Xu <herbert@gondor.apana.org.au> · 2004-03-19
Re: [RFC, PATCH 3/5]: netfilter+ipsec - input hooks · Patrick McHardy <hidden> · 2004-03-19
[RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Patrick McHardy <hidden> · 2004-03-18
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · David S. Miller <hidden> · 2004-03-19
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Patrick McHardy <hidden> · 2004-03-19
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Herbert Xu <herbert@gondor.apana.org.au> · 2004-03-19
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Patrick McHardy <hidden> · 2004-03-19
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Herbert Xu <herbert@gondor.apana.org.au> · 2004-03-19
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Patrick McHardy <hidden> · 2004-03-20
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Herbert Xu <herbert@gondor.apana.org.au> · 2004-03-21
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Herbert Xu <herbert@gondor.apana.org.au> · 2004-03-21
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Patrick McHardy <hidden> · 2004-03-21
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Herbert Xu <herbert@gondor.apana.org.au> · 2004-03-22
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Patrick McHardy <hidden> · 2004-03-22
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Alexander Samad <hidden> · 2004-03-24
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Patrick McHardy <hidden> · 2004-03-24
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup · Alexander Samad <hidden> · 2004-03-24
[RFC, PATCH 5/5]: netfilter+ipsec - policy checks · Patrick McHardy <hidden> · 2004-03-18
Re: [RFC, PATCH 5/5]: netfilter+ipsec - policy checks · David S. Miller <hidden> · 2004-03-19
Re: [RFC, PATCH 5/5]: netfilter+ipsec - policy checks · Patrick McHardy <hidden> · 2004-03-19

Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: 2004-03-21 22:16:04
Also in: netfilter-devel

On Thu, Mar 18, 2004 at 05:32:23PM +0100, Patrick McHardy wrote:

quoted hunk ↗ jump to hunk

@@ -661,6 +661,20 @@
 	
 	if ((*pskb)->dst->error)
 		return -1;
+
+#ifdef CONFIG_XFRM
+	if (!(IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED)) {
+		struct xfrm_policy_afinfo *afinfo;
+
+		afinfo = xfrm_policy_get_afinfo(AF_INET);
+		if (afinfo != NULL) {
+			afinfo->decode_session(*pskb, &fl);
+			xfrm_policy_put_afinfo(afinfo);
+			if (xfrm_lookup(&(*pskb)->dst, &fl, (*pskb)->sk, 0) != 0)
+				return -1;
+		}
+	}
+#endif

BTW, you can xfrm4_route_forward here.
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help