[PATCH 00/10]: Netfilter IPsec support
Patrick McHardy
kaber at trash.net
Fri Nov 11 04:18:52 CET 2005
This is the latest set patches for netfilter IPsec support.
The use of netif_rx for the innermost SA if it used transport
mode has been replaced by explicit NF_HOOK calls in
xfrm{4,6}_input.c.
[NETFILTER]: Remove okfn usage in ip_vs_core.c
[NETFILTER]: Defer fragmentation in ip_output when connection tracking
is used
[IPV4]: Replace dst_output by ip_dst_output
[IPV6]: Replace dst_output by ip6_dst_output
[IPV4/6]: Netfilter IPsec output hooks
[IPV4/6]: Make input netfilter IPsec processing symetrical to output
[NETFILTER]: Fix xfrm lookup in ip_route_me_harder
[NETFILTER]: Use conntrack information to determine if packet was NATed
[NETFILTER]: Redo policy lookups after NAT when neccessary
[NETFILTER]: Handle NAT in IPsec policy checks
More information about the netfilter-devel
mailing list