Herbert Xu a écrit :
David S. Miller <[EMAIL PROTECTED]> wrote:
From: Nicolas DICHTEL <[EMAIL PROTECTED]>
Date: Mon, 06 Feb 2006 12:00:30 +0100
in the same way of this patch, why dst_entry are stored for
RAW socket ? In case of specific IPSec rules for ICMPv6,
xfrm state can be different for the same destination.
Attached, a proposed patch.
We cache the flow we used to store that dst into the socket,
and we'll verify that on the next sendmsg() call so it's OK.
See the checks done in ip6_dst_lookup() when we have a cached
route attached to the socket.
I think he's saying that the checks in ip6_dst_lookup is not enough
for IPsec because it only checks the destination address and oif
instead of all the addresses/protocol/ports.
Yes, that's what I mean ;-) It was the same problem for not-connected
socket in UDP.
Regards,
Nicolas
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
