From: Tom Eastep <teastep@shorewall.net>
To: netfilter-devel@lists.netfilter.org
Subject: Re: [PATCH 0/4] Updated IPSEC NAT patches for 2.6.11
Date: Thu, 03 Mar 2005 13:10:28 -0800 [thread overview]
Message-ID: <42277D44.4080207@shorewall.net> (raw)
In-Reply-To: <1108667319.21912.14.camel@leto.cs.pocnet.net>
[-- Attachment #1: Type: text/plain, Size: 929 bytes --]
Christophe Saout wrote:
> Hi,
>
> I've forward-ported Patrick McHardy's patches that make the kernel IPSEC
> work with NAT.
>
> Since there probably won't be any more big changes between 2.6.11-rc4
> and the final 2.6.11 I'm posting them now.
>
> The biggest change is in the last patch (ipsec-04-policy-checks.diff). I
> needed to rewrite nf_nat_decode_session4 due to the big NAT changes. I
> hope I got everything right. I couldn't find a situation where it
> failed.
> I also added a missing return in nat_route_key_compare that made the
> kernel fail with certain compiler flags.
>
Here's another little patch that allows iptables to compile cleanly
against a kernel tree that has the IPSEC NAT patches applied.
-Tom
--
Tom Eastep \ Off-list replies are cheerfully ignored
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
[-- Attachment #2: ipsec-05-iptablescompile.diff --]
[-- Type: text/x-patch, Size: 975 bytes --]
diff -Naur linux-2.6.11.orig/include/linux/netfilter_ipv4.h linux-2.6.11/include/linux/netfilter_ipv4.h
--- linux-2.6.11.orig/include/linux/netfilter_ipv4.h 2005-03-03 10:55:24.895484995 -0800
+++ linux-2.6.11/include/linux/netfilter_ipv4.h 2005-03-03 10:55:13.496133352 -0800
@@ -7,8 +7,10 @@
#include <linux/config.h>
#include <linux/netfilter.h>
+#ifdef __KERNEL__
#include <linux/netdevice.h>
#include <net/protocol.h>
+#endif
/* IP Cache bits. */
/* Src IP address. */
diff -Naur linux-2.6.11.orig/include/net/ip.h linux-2.6.11/include/net/ip.h
--- linux-2.6.11.orig/include/net/ip.h 2005-03-03 10:54:34.418212127 -0800
+++ linux-2.6.11/include/net/ip.h 2005-03-03 10:54:25.250342049 -0800
@@ -30,8 +30,10 @@
#include <linux/netdevice.h>
#include <linux/inetdevice.h>
#include <linux/in_route.h>
+#ifdef __KERNEL__
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
+#endif
#include <net/route.h>
#include <net/arp.h>
#include <net/snmp.h>
prev parent reply other threads:[~2005-03-03 21:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-17 19:08 [PATCH 0/4] Updated IPSEC NAT patches for 2.6.11 Christophe Saout
2005-02-17 19:10 ` [PATCH 1/4] IPSEC output hooks Christophe Saout
2005-02-17 19:11 ` [PATCH 2/4] IPSEC input hooks Christophe Saout
2005-02-17 19:12 ` [PATCH 3/4] IPSEC policy lookups Christophe Saout
2005-02-17 19:13 ` [PATCH 4/4] IPSEC policy checks Christophe Saout
2005-03-03 21:10 ` Tom Eastep [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42277D44.4080207@shorewall.net \
--to=teastep@shorewall.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.