git.baikalelectronics.ru Git - kernel.git/commit

author	Herbert Xu <herbert@gondor.apana.org.au>
	Wed, 12 Dec 2007 18:44:43 +0000 (10:44 -0800)
committer	David S. Miller <davem@davemloft.net>
	Mon, 28 Jan 2008 22:57:23 +0000 (14:57 -0800)
commit	d0a66fb7cdb6dd87a1cda053708a08b898eb3ba3
tree	7e315dfbf5c77e67f6e7ad56f14eaddca621212b	tree \| snapshot
parent	6acc50406f7074bb3fd0eafa8d2ffb72a468627b	commit \| diff

[IPSEC]: Add ICMP host relookup support

RFC 4301 requires us to relookup ICMP traffic that does not match any
policies using the reverse of its payload. This patch implements this
for ICMP traffic that originates from or terminates on localhost.

This is activated on outbound with the new policy flag XFRM_POLICY_ICMP,
and on inbound by the new state flag XFRM_STATE_ICMP.

On inbound the policy check is now performed by the ICMP protocol so
that it can repeat the policy check where necessary.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/xfrm.h		diff \| blob \| history
include/net/dst.h		diff \| blob \| history
net/ipv4/af_inet.c		diff \| blob \| history
net/ipv4/icmp.c		diff \| blob \| history
net/ipv6/icmp.c		diff \| blob \| history
net/xfrm/xfrm_policy.c		diff \| blob \| history