diff options
author | Patrick McHardy <kaber@trash.net> | 2007-03-22 12:30:29 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-03-22 12:30:29 -0700 |
commit | 848c29fd648e78fa87d0e399223826ce5dfc1b7a (patch) | |
tree | e76dac40d1d318f98bfdfe604ae43a29dec85ff9 /net/ipv4/cipso_ipv4.c | |
parent | ca8fbb859c42c9a402c5c19fd0588d89ae4988ba (diff) |
[NETFILTER]: nat: avoid rerouting packets if only XFRM policy key changed
Currently NAT not only reroutes packets in the OUTPUT chain when the
routing key changed, but also if only the non-routing part of the
IPsec policy key changed. This breaks ping -I since it doesn't use
SO_BINDTODEVICE but IP_PKTINFO cmsg to specify the output device, and
this information is lost.
Only do full rerouting if the routing key changed, and just do a new
policy lookup with the old route if only the ports changed.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/cipso_ipv4.c')
0 files changed, 0 insertions, 0 deletions