linux/include
Patrick McHardy ee68cea2c2 [NETFILTER]: Fix xfrm lookup after SNAT
To find out if a packet needs to be handled by IPsec after SNAT, packets
are currently rerouted in POST_ROUTING and a new xfrm lookup is done. This
breaks SNAT of non-unicast packets to non-local addresses because the
packet is routed as incoming packet and no neighbour entry is bound to the
dst_entry. In general, it seems to be a bad idea to replace the dst_entry
after the packet was already sent to the output routine because its state
might not match what's expected.

This patch changes the xfrm lookup in POST_ROUTING to re-use the original
dst_entry without routing the packet again. This means no policy routing
can be used for transport mode transforms (which keep the original route)
when packets are SNATed to match the policy, but it looks like the best
we can do for now.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-15 01:34:23 -08:00
..
acpi [ACPI] ACPICA 20060127 2006-01-31 03:25:09 -05:00
asm-alpha [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-arm [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-arm26 [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-cris [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-frv [PATCH] FRV: Use virtual interrupt disablement 2006-02-14 16:09:35 -08:00
asm-generic [PATCH] Use atomic64_set for 64-bit case of atomic_long_set 2006-01-15 10:17:07 -08:00
asm-h8300 [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-i386 [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-ia64 [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-m32r [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-m68k [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-m68knommu [PATCH] m68knommu: hardirq.h needs definition of NR_IRQS 2006-02-07 16:16:54 -08:00
asm-mips [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-parisc [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-powerpc [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-ppc [PATCH] ppc: Remove powermac support from ARCH=ppc 2006-01-15 17:30:44 +11:00
asm-s390 [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-sh [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-sh64 [PATCH] sh/sh64: Fix bogus TIOCGICOUNT definitions 2006-02-01 08:53:20 -08:00
asm-sparc [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-sparc64 [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-um [PATCH] uml: avoid "CONFIG_NR_CPUS undeclared" bogus error messages 2006-02-01 08:53:23 -08:00
asm-v850 [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-x86_64 [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
asm-xtensa [PATCH] madvise MADV_DONTFORK/MADV_DOFORK 2006-02-14 16:09:34 -08:00
keys [PATCH] Keys: Remove key duplication 2006-01-06 08:33:29 -08:00
linux [NETFILTER]: Fix xfrm lookup after SNAT 2006-02-15 01:34:23 -08:00
math-emu
media V4L/DVB (3388): tuner_params->tda988x is currently unused, so disable 2006-01-15 21:28:17 -02:00
mtd
net Merge master.kernel.org:/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6 2006-02-13 15:40:55 -08:00
pcmcia [PATCH] pcmcia: unify attach, EVENT_CARD_INSERTION handlers into one probe callback 2006-01-06 00:03:24 +01:00
rdma IB: Add node_guid to struct ib_device 2006-01-10 07:39:34 -08:00
rxrpc
scsi Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 2006-01-31 13:12:41 -08:00
sound [PATCH] DocBook: fix kernel-doc comments 2006-01-10 08:01:53 -08:00
video [PATCH] include/video/newport.h: "extern inline" -> "static inline" 2006-01-10 08:01:50 -08:00