Hi:
My previous patch to eliminiate duplicate policy checks was buggy
in the IPIP case as the packet will be decapsulated before the
policy check is performed.
This patch fixes that problem.
Thanks,
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Index: kernel-source-2.5/net/ipv4/ipip.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/ipv4/ipip.c,v
retrieving revision 1.3
diff -u -r1.3 ipip.c
--- kernel-source-2.5/net/ipv4/ipip.c 11 Oct 2003 06:29:28 -0000 1.3
+++ kernel-source-2.5/net/ipv4/ipip.c 13 Oct 2003 12:06:34 -0000
@@ -475,11 +475,6 @@
goto out;
iph = skb->nh.iph;
- skb->mac.raw = skb->nh.raw;
- skb->nh.raw = skb->data;
- memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
- skb->protocol = htons(ETH_P_IP);
- skb->pkt_type = PACKET_HOST;
read_lock(&ipip_lock);
if ((tunnel = ipip_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) {
@@ -488,6 +483,12 @@
return 0;
}
+ skb->mac.raw = skb->nh.raw;
+ skb->nh.raw = skb->data;
+ memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
+ skb->protocol = htons(ETH_P_IP);
+ skb->pkt_type = PACKET_HOST;
+
tunnel->stat.rx_packets++;
tunnel->stat.rx_bytes += skb->len;
skb->dev = tunnel->dev;
