From: Herbert Xu <[EMAIL PROTECTED]>
Date: Wed, 12 Dec 2007 09:58:01 +0800
> [IPSEC]: Add ICMP host relookup support
>
> RFC 4301 requires us to relookup ICMP traffic that does not match any
> policies using the reverse of its payload. This patch implements this
> for ICMP traffic that originates from or terminates on localhost.
>
> This is activated on outbound with the new policy flag XFRM_POLICY_ICMP,
> and on inbound by the new state flag XFRM_STATE_ICMP.
>
> On inbound the policy check is now performed by the ICMP protocol so
> that it can repeat the policy check where necessary.
>
> Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
...
> @@ -268,6 +268,7 @@ extern void dst_init(void);
> /* Flags for xfrm_lookup flags argument. */
> enum {
> XFRM_LOOKUP_WAIT = 1 << 0,
> + XFRM_LOOKUP_ICMP = 1 << 1,
> };
>
> struct flowi;
Sigh :-( Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
