[RFC,NETFILTER]: Fix xfrm lookup after SNAT

David S. Miller davem at davemloft.net
Wed Feb 15 10:34:39 CET 2006


From: Herbert Xu <herbert at gondor.apana.org.au>
Date: Tue, 14 Feb 2006 12:49:24 +1100

> On Mon, Feb 13, 2006 at 06:25:01PM +0100, Patrick McHardy wrote:
> > I finally got around to fixing the "ip_finish_output2: No header cache
> > and no neighbour!" problem reported by Andi Kleen. Instead of rerouting
> > the packet in POST_ROUTING, we reuse the original route for the
> > xfrm_lookup. This introduces a small restriction (see changelog entry),
> > but I think it should work.
> > 
> > Herbert, do you see any problems with this patch?
> 
> Looks perfect to me.  I think the restriction makes sense since SNAT
> is done in post-routing so it's counter-intuitive to repeat the lookup
> anyway.
>  
> > Signed-off-by: Patrick McHardy <kaber at trash.net>
> 
> Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>

Looks good to me too, applied to net-2.6

Thanks a lot.



More information about the netfilter-devel mailing list