[PATCH 07/13]: [NETFILTER]: Fix xfrm lookup in
ip_route_me_harder/ip6_route_me_harder
Herbert Xu
herbert at gondor.apana.org.au
Tue Nov 29 08:34:41 CET 2005
On Tue, Nov 29, 2005 at 08:02:34AM +0100, Patrick McHardy wrote:
>
> - IPSKB_MASQUERADED is unused
> - IPSKB_TRANSLATED is unused
> - IPSKB_FORWARDED is used by ipmr in a way that looks broken,
> it expects the flags on the input path to be the same it set
> on the output path.
> - IPSKB_XFRM_TUNNEL_SIZE should be cleared when a packet enters
> the IP stack
Yes that looks correct.
> It seems in most places where only IPCB(skb)->opt is cleared
> the entire CB should be cleared. A couple of spots also look
> completely unnecessary, for example all places clearing the CB
> before passing the packet to netif_rx. I would expect the next
> user beeing responsible for clearing the space he needs if
> neccessary.
Agreed. However, it seems that ip_rcv() only clears the CB options
if ihl is greater than 5. So until that's changed the people feeding
netif_rx will have to clear the CB.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the netfilter-devel
mailing list