lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[NETFILTER]: Handle NAT in IPsec policy checks

Browse Source 
Handle NAT of decapsulated IPsec packets by reconstructing the struct flowi
of the original packet from the conntrack information for IPsec policy
checks.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy
2006-01-06 23:06:30 -08:00
committed by David S. Miller
parent b59c270104
commit eb9c7ebe69
5 changed files with 70 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
net/dccp/ipv4.c
View File

@@ -986,6 +986,7 @@ int dccp_v4_rcv(struct sk_buff *skb)
if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
goto discard_and_relse;
nf_reset(skb);
return sk_receive_skb(sk, skb);
@@ -1099,7 +1100,6 @@ int dccp_v4_destroy_sock(struct sock *sk)
kfree_skb(sk->sk_send_head);
sk->sk_send_head = NULL;
}
nf_reset(skb);
/* Clean up a referenced DCCP bind bucket. */
if (inet_csk(sk)->icsk_bind_hash != NULL)