From b05e106698d9966de524e78d9da1bf6407fe0c32 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Fri, 6 Jan 2006 23:03:34 -0800 Subject: [IPV4/6]: Netfilter IPsec input hooks When the innermost transform uses transport mode the decapsulated packet is not visible to netfilter. Pass the packet through the PRE_ROUTING and LOCAL_IN hooks again before handing it to upper layer protocols to make netfilter-visibility symetrical to the output path. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- include/net/ipv6.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include/net') diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 860bbac4c4e..3b1d963d396 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -418,6 +418,8 @@ extern int ipv6_rcv(struct sk_buff *skb, struct packet_type *pt, struct net_device *orig_dev); +extern int ip6_rcv_finish(struct sk_buff *skb); + /* * upper-layer output functions */ -- cgit v1.2.3