Hi, Of course. But the (unanswered) question is: when sp is non NULL and we are working with IPsec, why shoudn't we send redirect in such a case ? rgs Kevin On Thu, Sep 26, 2013 at 10:02 AM, bill4carson <bill4carson@xxxxxxxxx> wrote: > Hi Kevin > > > On 2013年09月25日 02:52, Kevin Wilson wrote: >> >> Hi, >> I am looking at this patch: >> http://lists.openwall.net/netdev/2007/08/24/29 >> and I cannot understand it. Can somebody please try >> to explain ? >> more specifically: >> Can somebody please give an example of some setup of IPsec tunnel >> where the ip_rt_send_redirect() method should not be called when the >> skb->sp is not NULL ? > > > + if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr && !skb->sp) > ^^^^^^^ > If IPsec policy is not enabled for a specific flow that this skb matches, > skb->sp is NULL. > > > >> (in other words, why if the SKB is and IPsec SKB, we should not send a >> redirect in such a case while forwarding a packet; note I am talking >> about IPv4) >> >> Note that the check for skb->sp was changed in recent kernels to >> skb_sec_path(skb), but it is essentially the same. >> >> >> Regards, >> Kevin >> >> _______________________________________________ >> Kernelnewbies mailing list >> Kernelnewbies@xxxxxxxxxxxxxxxxx >> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies >> > > -- > 八百里秦川尘土飞扬,三千万老陕齐吼秦腔。 > > --bill _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
