From: Alexey Kuznetsov <[EMAIL PROTECTED]>
Date: Mon, 4 Dec 2006 20:20:01 +0300
> > Here's the patch again properly signed off.
>
> I think it is correct.
Patch applied, thanks everyone.
I'll push this one to -stable too.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
th
Hello!
> Here's the patch again properly signed off.
I think it is correct.
Alexey
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Alexey Kuznetsov wrote:
> Hello!
>
>
>>Alexey, do you remember what the original intent of this was?
>
>
> disable_policy was supposed to skip policy checks on input.
> It makes sense only on input device.
>
> disable_xfrm was supposed to skip transformations on output.
> It makes sense only o
Hello!
> Alexey, do you remember what the original intent of this was?
disable_policy was supposed to skip policy checks on input.
It makes sense only on input device.
disable_xfrm was supposed to skip transformations on output.
It makes sense only on output device.
If it does not work, it was
On Mon, 4 Dec 2006, Patrick McHardy wrote:
> disable_xfrm - BOOLEAN
>
> Disable IPSEC encryption on this interface, whatever the policy
>
> Opinions?
Looks good to me, wonder what the original rationale was, though.
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list
James Morris wrote:
> On Mon, 4 Dec 2006, Patrick McHardy wrote:
>
>
>>disable_xfrm - BOOLEAN
>>
>>Disable IPSEC encryption on this interface, whatever the policy
>>
>>Opinions?
>
>
> Looks good to me, wonder what the original rationale was, though.
Me too. It was introduced by this pa
Currently the behaviour of disable_xfrm is inconsistent between
locally generated and forwarded packets. For locally generated
packets disable_xfrm disables the policy lookup if it is set on
the output device, for forwarded traffic however it looks at the
input device. This makes it impossible to d
