[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20071212.104516.111707350.davem@davemloft.net>
Date: Wed, 12 Dec 2007 10:45:16 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: herbert@...dor.apana.org.au
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH 3/3] [IPSEC]: Add ICMP host relookup support
From: Herbert Xu <herbert@...dor.apana.org.au>
Date: Wed, 12 Dec 2007 09:58:01 +0800
> [IPSEC]: Add ICMP host relookup support
>
> RFC 4301 requires us to relookup ICMP traffic that does not match any
> policies using the reverse of its payload. This patch implements this
> for ICMP traffic that originates from or terminates on localhost.
>
> This is activated on outbound with the new policy flag XFRM_POLICY_ICMP,
> and on inbound by the new state flag XFRM_STATE_ICMP.
>
> On inbound the policy check is now performed by the ICMP protocol so
> that it can repeat the policy check where necessary.
>
> Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
...
> @@ -268,6 +268,7 @@ extern void dst_init(void);
> /* Flags for xfrm_lookup flags argument. */
> enum {
> XFRM_LOOKUP_WAIT = 1 << 0,
> + XFRM_LOOKUP_ICMP = 1 << 1,
> };
>
> struct flowi;
Sigh :-( Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists