Re: [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks

[PATCH 00/13]: Netfilter IPsec support · Patrick McHardy <hidden> · 2005-11-20
[PATCH 01/13]: [NETFILTER]: Remove okfn usage in ip_vs_core.c · Patrick McHardy <hidden> · 2005-11-20
[PATCH 02/13]: [NETFILTER]: Call POST_ROUTING hook before fragmentation · Patrick McHardy <hidden> · 2005-11-20
[PATCH 03/13]: [IPV4]: Replace dst_output by ip_dst_output · Patrick McHardy <hidden> · 2005-11-20
[PATCH 04/13]: [IPV6]: Replace dst_output by ip6_dst_output · Patrick McHardy <hidden> · 2005-11-20
[PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks · Patrick McHardy <hidden> · 2005-11-20
Re: [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks · Herbert Xu <herbert@gondor.apana.org.au> · 2005-11-22
Re: [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks · Patrick McHardy <hidden> · 2005-11-22
Re: [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks · Patrick McHardy <hidden> · 2005-11-22
Re: [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks · Herbert Xu <herbert@gondor.apana.org.au> · 2005-11-22
Re: [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks · Herbert Xu <herbert@gondor.apana.org.au> · 2005-11-22
Re: [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks · Herbert Xu <herbert@gondor.apana.org.au> · 2005-11-22
Re: [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks · Patrick McHardy <hidden> · 2005-11-28
Re: [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks · Herbert Xu <herbert@gondor.apana.org.au> · 2005-11-28
Re: [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks · Patrick McHardy <hidden> · 2005-11-28
Re: [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks · Patrick McHardy <hidden> · 2005-12-04
Re: [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks · Herbert Xu <herbert@gondor.apana.org.au> · 2005-12-04
[PATCH 06/13]: [IPV4/6]: Netfilter IPsec input hooks · Patrick McHardy <hidden> · 2005-11-20
Re: [PATCH 06/13]: [IPV4/6]: Netfilter IPsec input hooks · Yasuyuki KOZAKAI <hidden> · 2005-11-21
Re: [PATCH 06/13]: [IPV4/6]: Netfilter IPsec input hooks · Herbert Xu <herbert@gondor.apana.org.au> · 2005-12-01
Re: [PATCH 06/13]: [IPV4/6]: Netfilter IPsec input hooks · Patrick McHardy <hidden> · 2005-12-04
Re: [PATCH 06/13]: [IPV4/6]: Netfilter IPsec input hooks · Herbert Xu <herbert@gondor.apana.org.au> · 2005-12-04
Re: [PATCH 06/13]: [IPV4/6]: Netfilter IPsec input hooks · Patrick McHardy <hidden> · 2005-12-04
[PATCH 07/13]: [NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harder · Patrick McHardy <hidden> · 2005-11-20
Re: [PATCH 07/13]: [NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harder · Herbert Xu <herbert@gondor.apana.org.au> · 2005-11-28
Re: [PATCH 07/13]: [NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harder · Patrick McHardy <hidden> · 2005-11-29
Re: [PATCH 07/13]: [NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harder · Herbert Xu <herbert@gondor.apana.org.au> · 2005-11-29
Re: [PATCH 07/13]: [NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harder · "David S. Miller" <davem@davemloft.net> · 2005-11-29
Re: [PATCH 07/13]: [NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harder · Herbert Xu <herbert@gondor.apana.org.au> · 2005-11-29
[PATCH 08/13]: [NETFILTER]: Use conntrack information to determine if packet was NATed · Patrick McHardy <hidden> · 2005-11-20
[PATCH 09/13]: [NETFILTER]: Redo policy lookups after NAT when neccessary · Patrick McHardy <hidden> · 2005-11-20
Re: [PATCH 09/13]: [NETFILTER]: Redo policy lookups after NAT when neccessary · Patrick McHardy <hidden> · 2005-11-20
[PATCH 10/13]: [NETFILTER]: Keep the conntrack reference until after policy checks · Patrick McHardy <hidden> · 2005-11-20
[PATCH 11/13]: [NETFILTER]: Handle NAT in IPsec policy checks · Patrick McHardy <hidden> · 2005-11-20
[PATCH 12/13]: [NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stack · Patrick McHardy <hidden> · 2005-11-20
[PATCH 13/13]: [NETFILTER]: Add ipt_policy/ip6t_policy matches · Patrick McHardy <hidden> · 2005-11-20
Re: [PATCH 00/13]: Netfilter IPsec support · "David S. Miller" <davem@davemloft.net> · 2005-11-22
Re: [PATCH 00/13]: Netfilter IPsec support · YOSHIFUJI Hideaki / 吉藤英明 <hidden> · 2005-11-22
Re: [PATCH 00/13]: Netfilter IPsec support · Patrick McHardy <hidden> · 2005-11-23
Re: [PATCH 00/13]: Netfilter IPsec support · Patrick McHardy <hidden> · 2005-11-23
Re: [PATCH 00/13]: Netfilter IPsec support · Herbert Xu <herbert@gondor.apana.org.au> · 2005-11-23
Re: [PATCH 00/13]: Netfilter IPsec support · "David S. Miller" <davem@davemloft.net> · 2005-11-23
Re: [PATCH 00/13]: Netfilter IPsec support · Herbert Xu <herbert@gondor.apana.org.au> · 2005-11-23
Re: [PATCH 00/13]: Netfilter IPsec support · Yasuyuki KOZAKAI <hidden> · 2005-11-23
Re: [PATCH 00/13]: Netfilter IPsec support · "David S. Miller" <davem@davemloft.net> · 2005-11-23

From: Patrick McHardy <hidden>
Date: 2005-11-28 12:25:48
Also in: netfilter-devel

Herbert Xu wrote:

On Mon, Nov 28, 2005 at 02:07:03AM +0100, Patrick McHardy wrote:

quoted

Thanks, this looks great. I've changed it to only call the hooks


Glad you liked it :)

quoted

before tunnel mode transforms and added a missing dst_output call
for the final packet.


This shouldn't be necessary if you apply it on top of my previous
patch which made xfrm[46]_output process the first SA and all subsequent
transport mode SAs.  I've included that patch here again.

I think it still makes sense to do that because this corresponds
with the usual representation of an IPsec connection and it
simplifies the handling of netfilter hooks.

I agree, I missed that your patch based on that one. Let me have
another look :)

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help