[NETFILTER]: Redo policy lookups after NAT when neccessary
When NAT changes the key used for the xfrm lookup it needs to be done again. If a new policy is returned in POST_ROUTING the packet needs to be passed to xfrm4_output_one manually after all hooks were called because POST_ROUTING is called with fixed okfn (ip_finish_output). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy
committed by
David S. Miller
David S. Miller
parent
4e8e9de7c2
commit
5c901daaea
@@ -152,7 +152,7 @@ error_nolock:
|
||||
goto out_exit;
|
||||
}
|
||||
|
||||
static int xfrm4_output_finish(struct sk_buff *skb)
|
||||
int xfrm4_output_finish(struct sk_buff *skb)
|
||||
{
|
||||
int err;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user