]> err.no Git - linux-2.6/commit
[IPV4/6]: Netfilter IPsec input hooks
authorPatrick McHardy <kaber@trash.net>
Sat, 7 Jan 2006 07:03:34 +0000 (23:03 -0800)
committerDavid S. Miller <davem@sunset.davemloft.net>
Sat, 7 Jan 2006 20:57:31 +0000 (12:57 -0800)
commitb05e106698d9966de524e78d9da1bf6407fe0c32
tree8a7c253b7249451941674805cccdaaba299dff6f
parent951dbc8ac714b04c36296b8b5c36c8e036ce433f
[IPV4/6]: Netfilter IPsec input hooks

When the innermost transform uses transport mode the decapsulated packet
is not visible to netfilter. Pass the packet through the PRE_ROUTING and
LOCAL_IN hooks again before handing it to upper layer protocols to make
netfilter-visibility symetrical to the output path.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/ipv6.h
net/ipv4/xfrm4_input.c
net/ipv6/ip6_input.c
net/ipv6/xfrm6_input.c