On Sun, 28 Sep 2003 13:25:22 +1000 Herbert Xu <herbert@gondor.apana.org.au> wrote: > I'm revisiting the idea of more stringent policy checks. In doing so I > discovered that we check the policy twice for xfrm4_tunnel packets. > This patch fixes that by moving the policy check into ipip.c. What is the code path where we check things twice? If we decapsulate, and the inner is for us, we should redo the policy check in ip_input.c If we decapsulate, and the inner is for another host, we should redo the policy check in ip_forward.c I don't see any other case. What did I miss? - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
