aboutsummaryrefslogtreecommitdiffstats
path: root/include/keys
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-03-22 15:30:29 -0400
committerDavid S. Miller <davem@davemloft.net>2007-03-22 15:30:29 -0400
commit848c29fd648e78fa87d0e399223826ce5dfc1b7a (patch)
treee76dac40d1d318f98bfdfe604ae43a29dec85ff9 /include/keys
parentca8fbb859c42c9a402c5c19fd0588d89ae4988ba (diff)
[NETFILTER]: nat: avoid rerouting packets if only XFRM policy key changed
Currently NAT not only reroutes packets in the OUTPUT chain when the routing key changed, but also if only the non-routing part of the IPsec policy key changed. This breaks ping -I since it doesn't use SO_BINDTODEVICE but IP_PKTINFO cmsg to specify the output device, and this information is lost. Only do full rerouting if the routing key changed, and just do a new policy lookup with the old route if only the ports changed. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/keys')
0 files changed, 0 insertions, 0 deletions