linux/net/xfrm
Patrick McHardy 3e3850e989 [NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harder
ip_route_me_harder doesn't use the port numbers of the xfrm lookup and
uses ip_route_input for non-local addresses which doesn't do a xfrm
lookup, ip6_route_me_harder doesn't do a xfrm lookup at all.

Use xfrm_decode_session and do the lookup manually, make sure both
only do the lookup if the packet hasn't been transformed already.

Makeing sure the lookup only happens once needs a new field in the
IP6CB, which exceeds the size of skb->cb. The size of skb->cb is
increased to 48b. Apparently the IPv6 mobile extensions need some
more room anyway.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07 12:57:33 -08:00
..
Kconfig [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xfrm_algo.c [XFRM]: skb_cow_data() does not set proper owner for new skbs. 2005-05-18 22:51:45 -07:00
xfrm_input.c [NET]: use __read_mostly on kmem_cache_t , DEFINE_SNMP_STAT pointers 2005-08-29 16:11:18 -07:00
xfrm_policy.c [NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harder 2006-01-07 12:57:33 -08:00
xfrm_state.c [LSM-IPSec]: Security association restriction. 2006-01-03 13:10:24 -08:00
xfrm_user.c [LSM-IPSec]: Corrections to LSM-IPSec Nethooks 2006-01-06 13:22:39 -08:00