diff options
author | Patrick McHardy <kaber@trash.net> | 2006-01-07 02:03:34 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-01-07 15:57:31 -0500 |
commit | b05e106698d9966de524e78d9da1bf6407fe0c32 (patch) | |
tree | 8a7c253b7249451941674805cccdaaba299dff6f /include/net | |
parent | 951dbc8ac714b04c36296b8b5c36c8e036ce433f (diff) |
[IPV4/6]: Netfilter IPsec input hooks
When the innermost transform uses transport mode the decapsulated packet
is not visible to netfilter. Pass the packet through the PRE_ROUTING and
LOCAL_IN hooks again before handing it to upper layer protocols to make
netfilter-visibility symetrical to the output path.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/ipv6.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 860bbac4c4ee..3b1d963d396c 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h | |||
@@ -418,6 +418,8 @@ extern int ipv6_rcv(struct sk_buff *skb, | |||
418 | struct packet_type *pt, | 418 | struct packet_type *pt, |
419 | struct net_device *orig_dev); | 419 | struct net_device *orig_dev); |
420 | 420 | ||
421 | extern int ip6_rcv_finish(struct sk_buff *skb); | ||
422 | |||
421 | /* | 423 | /* |
422 | * upper-layer output functions | 424 | * upper-layer output functions |
423 | */ | 425 | */ |