lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[IPV4/6]: Netfilter IPsec input hooks

Browse Source 
When the innermost transform uses transport mode the decapsulated packet
is not visible to netfilter. Pass the packet through the PRE_ROUTING and
LOCAL_IN hooks again before handing it to upper layer protocols to make
netfilter-visibility symetrical to the output path.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy
2006-01-06 23:03:34 -08:00
committed by David S. Miller
parent 951dbc8ac7
commit b05e106698
4 changed files with 47 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
net/ipv6/ip6_input.c
View File

@@ -48,7 +48,7 @@
static inline int ip6_rcv_finish( struct sk_buff *skb)
inline int ip6_rcv_finish( struct sk_buff *skb)
{
if (skb->dst == NULL)
ip6_route_input(skb);