]> git.baikalelectronics.ru Git - kernel.git/commit
[IPSEC]: Add ICMP host relookup support
authorHerbert Xu <herbert@gondor.apana.org.au>
Wed, 12 Dec 2007 18:44:43 +0000 (10:44 -0800)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Jan 2008 22:57:23 +0000 (14:57 -0800)
commitd0a66fb7cdb6dd87a1cda053708a08b898eb3ba3
tree7e315dfbf5c77e67f6e7ad56f14eaddca621212b
parent6acc50406f7074bb3fd0eafa8d2ffb72a468627b
[IPSEC]: Add ICMP host relookup support

RFC 4301 requires us to relookup ICMP traffic that does not match any
policies using the reverse of its payload.  This patch implements this
for ICMP traffic that originates from or terminates on localhost.

This is activated on outbound with the new policy flag XFRM_POLICY_ICMP,
and on inbound by the new state flag XFRM_STATE_ICMP.

On inbound the policy check is now performed by the ICMP protocol so
that it can repeat the policy check where necessary.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/xfrm.h
include/net/dst.h
net/ipv4/af_inet.c
net/ipv4/icmp.c
net/ipv6/icmp.c
net/xfrm/xfrm_policy.c