On Sun, Jun 22, 2003 at 07:53:17PM +1000, Herbert Xu wrote: > On Sun, Jun 22, 2003 at 11:42:52AM +0200, Jean-Francois Dive wrote: > > > > Hopefully, when a policy is added, it is done the same way both in IN/OUT/FW (or only > > the direction=inbound in IN, both in FW, and direction=outbound in OUT). > > Well from what I can see, the kernel will not verify forwarded packets > if you don't add policies to the FWD policy list. What I want to know > is whether this is intentional. yes, all agreed. My point was to know if the FW policy is populated when you simply do a pfkey SPD add, if it is the case then it is all find, if it is not, then this is obviously bad. In all the tests i've done personally are based on locally generated traffic and not routed traffic, so i never hit the case. > > Of course I'd also be content if someone could just point out that I > have totally misread the code :) This is not possible ;) > -- > Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) > Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt > - > : send the line "unsubscribe linux-net" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- -> Jean-Francois Dive --> jef@linuxbe.org There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
