Hi Kevin On 2013年09月25日 02:52, Kevin Wilson wrote: > Hi, > I am looking at this patch: > http://lists.openwall.net/netdev/2007/08/24/29 > and I cannot understand it. Can somebody please try > to explain ? > more specifically: > Can somebody please give an example of some setup of IPsec tunnel > where the ip_rt_send_redirect() method should not be called when the > skb->sp is not NULL ? + if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr && !skb->sp) ^^^^^^^ If IPsec policy is not enabled for a specific flow that this skb matches, skb->sp is NULL. > (in other words, why if the SKB is and IPsec SKB, we should not send a > redirect in such a case while forwarding a packet; note I am talking > about IPv4) > > Note that the check for skb->sp was changed in recent kernels to > skb_sec_path(skb), but it is essentially the same. > > > Regards, > Kevin > > _______________________________________________ > Kernelnewbies mailing list > Kernelnewbies@xxxxxxxxxxxxxxxxx > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > -- 八百里秦川尘土飞扬,三千万老陕齐吼秦腔。 --bill _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
